fix(parallel): send User-Agent on free MCP requests

Adds the OpenClaw Parallel User-Agent to free Parallel Search MCP requests so the zero-config web_search path is identifiable at the HTTP layer, matching the paid REST transport.\n\nProof: local focused format/lint/Vitest; live anonymous Parallel MCP handshake; autoreview clean; Crabbox AWS run_bf41ce86e862 focused regression; Crabbox AWS run_ee9b8954b081 check:changed; exact-head GitHub CI green on b7e45e3bfc.
fix(gateway): mark active main sessions before restart shutdown aborts (#91357 )
2026-06-14 01:58:47 +08:00 · 2026-06-14 01:52:59 +08:00 · 2026-06-13 10:49:17 -07:00 · 2026-06-13 19:36:53 +02:00 · 2026-06-14 01:13:43 +08:00 · 2026-06-14 01:13:29 +08:00
685 changed files with 42756 additions and 6190 deletions
--- a/.github/workflows/mantis-discord-status-reactions.yml
+++ b/.github/workflows/mantis-discord-status-reactions.yml
@@ -437,8 +437,17 @@ jobs:
            echo "::warning::Could not generate motion-trimmed desktop previews; continuing with screenshots and full MP4 links."
          fi

-          baseline_status="$(jq -r '.scenarios[0].status' "$root/baseline/discord-qa-summary.json")"
-          candidate_status="$(jq -r '.scenarios[0].status' "$root/candidate/discord-qa-summary.json")"
+          read_discord_status_reaction_status() {
+            local lane="$1"
+            if [[ -f "$root/$lane/qa-evidence.json" ]]; then
+              jq -r '.entries[0].result.status' "$root/$lane/qa-evidence.json"
+              return
+            fi
+            jq -r '.scenarios[0].status' "$root/$lane/discord-qa-summary.json"
+          }
+
+          baseline_status="$(read_discord_status_reaction_status baseline)"
+          candidate_status="$(read_discord_status_reaction_status candidate)"

          jq -n \
            --arg baseline_status "$baseline_status" \
--- a/.github/workflows/mantis-discord-thread-attachment.yml
+++ b/.github/workflows/mantis-discord-thread-attachment.yml
@@ -451,8 +451,17 @@ jobs:

          capture_candidate_discord_web

-          baseline_status="$(jq -r '.scenarios[] | select(.id == "discord-thread-reply-filepath-attachment") | .status' "$root/baseline/discord-qa-summary.json")"
-          candidate_status="$(jq -r '.scenarios[] | select(.id == "discord-thread-reply-filepath-attachment") | .status' "$root/candidate/discord-qa-summary.json")"
+          read_discord_thread_attachment_status() {
+            local lane="$1"
+            if [[ -f "$root/$lane/qa-evidence.json" ]]; then
+              jq -r '.entries[] | select(.test.id == "discord-thread-reply-filepath-attachment") | .result.status' "$root/$lane/qa-evidence.json"
+              return
+            fi
+            jq -r '.scenarios[] | select(.id == "discord-thread-reply-filepath-attachment") | .status' "$root/$lane/discord-qa-summary.json"
+          }
+
+          baseline_status="$(read_discord_thread_attachment_status baseline)"
+          candidate_status="$(read_discord_thread_attachment_status candidate)"
          comparison_status="fail"
          if [[ "$baseline_status" == "fail" && "$candidate_status" == "pass" ]]; then
            comparison_status="pass"
--- a/.github/workflows/mantis-telegram-live.yml
+++ b/.github/workflows/mantis-telegram-live.yml
@@ -445,8 +445,8 @@ jobs:
          telegram_exit=$?
          set -e

-          if [[ ! -f "$root/telegram-qa-summary.json" ]]; then
-            echo "Telegram live QA did not produce a summary." >&2
+          if [[ ! -f "$root/qa-evidence.json" && ! -f "$root/telegram-qa-summary.json" ]]; then
+            echo "Telegram live QA did not produce an evidence summary." >&2
            exit "$telegram_exit"
          fi
          echo "telegram_exit=${telegram_exit}" >> "$GITHUB_OUTPUT"
--- a/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
+++ b/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
@@ -1748,6 +1748,7 @@ jobs:
            anthropic) require_any Anthropic ANTHROPIC_API_KEY ANTHROPIC_API_KEY_OLD ANTHROPIC_API_TOKEN ;;
            google) require_any Google GEMINI_API_KEY GOOGLE_API_KEY ;;
            minimax) require_any MiniMax MINIMAX_API_KEY ;;
+            moonshot) require_any Moonshot MOONSHOT_API_KEY KIMI_API_KEY ;;
            openai) require_any OpenAI OPENAI_API_KEY ;;
            opencode-go) require_any OpenCode OPENCODE_API_KEY OPENCODE_ZEN_API_KEY ;;
            openrouter) require_any OpenRouter OPENROUTER_API_KEY ;;
@@ -1836,7 +1837,7 @@ jobs:
        run: |
          set -euo pipefail

-          all_providers=(anthropic google minimax openai opencode-go openrouter xai zai fireworks)
+          all_providers=(anthropic google minimax moonshot openai opencode-go openrouter xai zai fireworks)

          normalize_provider() {
            local value="${1,,}"
@@ -1922,6 +1923,7 @@ jobs:
              anthropic) require_any Anthropic ANTHROPIC_API_KEY ANTHROPIC_API_KEY_OLD ANTHROPIC_API_TOKEN ;;
              google) require_any Google GEMINI_API_KEY GOOGLE_API_KEY ;;
              minimax) require_any MiniMax MINIMAX_API_KEY ;;
+              moonshot) require_any Moonshot MOONSHOT_API_KEY KIMI_API_KEY ;;
              openai) require_any OpenAI OPENAI_API_KEY ;;
              opencode-go) require_any OpenCode OPENCODE_API_KEY OPENCODE_ZEN_API_KEY ;;
              openrouter) require_any OpenRouter OPENROUTER_API_KEY ;;
--- a/.github/workflows/openclaw-performance.yml
+++ b/.github/workflows/openclaw-performance.yml
@@ -527,6 +527,13 @@ jobs:
          cleanup_gateway
          trap - EXIT

+          if node -e "const fs=require('node:fs'); const scripts=require('./package.json').scripts||{}; process.exit(scripts['test:sqlite:perf:smoke'] && fs.existsSync('scripts/bench-sqlite-state.ts') ? 0 : 1)"; then
+            pnpm test:sqlite:perf:smoke
+            cp .artifacts/sqlite-perf/smoke.json "$SOURCE_PERF_DIR/sqlite-perf-smoke.json"
+          else
+            echo "SQLite state smoke probe is not available in ${TESTED_REF}; continuing with the remaining source probes." >> "$GITHUB_STEP_SUMMARY"
+          fi
+
          summary_args=(node "$PERFORMANCE_HELPER_DIR/scripts/openclaw-performance-source-summary.mjs" \
            --source-dir "$SOURCE_PERF_DIR" \
            --output "$SOURCE_PERF_DIR/index.md")
@@ -604,7 +611,7 @@ jobs:

          ## Source probes

-          Additional gateway boot, memory, plugin pressure, mock hello-loop, and CLI startup numbers are in [source/index.md](source/index.md).
+          Additional gateway boot, memory, plugin pressure, mock hello-loop, CLI startup, and SQLite state smoke numbers are in [source/index.md](source/index.md).
          EOF
            fi
          fi
--- a/.github/workflows/openclaw-release-publish.yml
+++ b/.github/workflows/openclaw-release-publish.yml
@@ -387,7 +387,9 @@ jobs:
        run: |
          set -euo pipefail

-          dispatch_workflow() {
+          dispatch_workflow_at_ref() {
+            local workflow_ref="$1"
+            shift
            local workflow="$1"
            shift

@@ -397,7 +399,7 @@ jobs:
              -F per_page=100 \
              --jq '[.workflow_runs[].id]')"

-            dispatch_output="$(gh workflow run --repo "$GITHUB_REPOSITORY" "$workflow" --ref "$CHILD_WORKFLOW_REF" "$@" 2>&1)"
+            dispatch_output="$(gh workflow run --repo "$GITHUB_REPOSITORY" "$workflow" --ref "$workflow_ref" "$@" 2>&1)"
            printf '%s\n' "$dispatch_output" >&2
            run_id="$(
              printf '%s\n' "$dispatch_output" |
@@ -432,6 +434,10 @@ jobs:
            printf '%s\n' "${run_id}"
          }

+          dispatch_workflow() {
+            dispatch_workflow_at_ref "$CHILD_WORKFLOW_REF" "$@"
+          }
+
          print_pending_deployments() {
            local workflow="$1"
            local run_id="$2"
@@ -710,6 +716,71 @@ jobs:
            exit 1
          }

+          resolve_clawhub_release_plan() {
+            local -a plan_args
+
+            clawhub_plan_path="${RUNNER_TEMP}/openclaw-release-clawhub-plan.json"
+            plan_args=(
+              --release-tag "${RELEASE_TAG}"
+              --release-publish-branch "${CHILD_WORKFLOW_REF}"
+              --release-publish-run-id "${GITHUB_RUN_ID}"
+              --plugin-publish-scope "${PLUGIN_PUBLISH_SCOPE}"
+            )
+            if [[ -n "${PLUGINS// }" ]]; then
+              plan_args+=(--plugins "${PLUGINS}")
+            fi
+
+            CLAWHUB_REGISTRY="${CLAWHUB_REGISTRY:-https://clawhub.ai}" \
+              node --import tsx scripts/openclaw-release-clawhub-plan.ts "${plan_args[@]}" > "${clawhub_plan_path}"
+
+            echo "Resolved OpenClaw release ClawHub dispatch plan:"
+            cat "${clawhub_plan_path}"
+
+            clawhub_workflow_ref="$(jq -r '.clawHubWorkflowRef' "${clawhub_plan_path}")"
+            normal_plugins="$(jq -r '.summary.normalPlugins' "${clawhub_plan_path}")"
+            bootstrap_plugins="$(jq -r '.summary.bootstrapPlugins' "${clawhub_plan_path}")"
+            missing_trusted_plugins="$(jq -r '.summary.missingTrustedPlugins' "${clawhub_plan_path}")"
+            normal_plugin_count="$(jq -r '.summary.normalCount' "${clawhub_plan_path}")"
+            bootstrap_plugin_count="$(jq -r '.summary.bootstrapCount' "${clawhub_plan_path}")"
+            missing_trusted_plugin_count="$(jq -r '.summary.missingTrustedPublisherCount' "${clawhub_plan_path}")"
+
+            {
+              echo "### ClawHub release plan"
+              echo
+              echo "- Normal OIDC candidates: \`${normal_plugin_count}\`"
+              echo "- Bootstrap/repair candidates: \`${bootstrap_plugin_count}\`"
+              echo "- Existing-package trusted-publisher repairs: \`${missing_trusted_plugin_count}\`"
+              if [[ -n "${normal_plugins}" ]]; then
+                echo "- Normal plugins: \`${normal_plugins}\`"
+              fi
+              if [[ -n "${bootstrap_plugins}" ]]; then
+                echo "- Bootstrap/repair plugins: \`${bootstrap_plugins}\`"
+              fi
+              if [[ -n "${missing_trusted_plugins}" ]]; then
+                echo "- Trusted-publisher repair plugins: \`${missing_trusted_plugins}\`"
+              fi
+            } >> "$GITHUB_STEP_SUMMARY"
+          }
+
+          append_clawhub_dispatch_args() {
+            local target="$1"
+            while IFS=$'\t' read -r key value; do
+              clawhub_dispatch_args+=(-f "${key}=${value}")
+            done < <(jq -r --arg target "${target}" '.[$target].inputs | to_entries[] | [.key, .value] | @tsv' "${clawhub_plan_path}")
+          }
+
+          write_clawhub_runtime_state() {
+            local force_skip_clawhub="$1"
+            local output_path="$2"
+            node --import tsx scripts/openclaw-release-clawhub-runtime-state.ts \
+              --repository "${GITHUB_REPOSITORY}" \
+              --wait-for-clawhub "${WAIT_FOR_CLAWHUB}" \
+              --force-skip-clawhub "${force_skip_clawhub}" \
+              --normal-run-id "${plugin_clawhub_run_id:-}" \
+              --bootstrap-run-id "${plugin_clawhub_bootstrap_run_id:-}" \
+              --bootstrap-completed "${plugin_clawhub_bootstrap_completed:-false}" > "${output_path}"
+          }
+
          create_or_update_github_release() {
            local release_version notes_version title notes_file changelog_file latest_arg prerelease_args
            release_version="${RELEASE_TAG#v}"
@@ -798,7 +869,7 @@ jobs:
          }

          verify_published_release() {
-            local release_version evidence_path skip_clawhub
+            local release_version evidence_path skip_clawhub clawhub_runtime_state_path
            local -a verify_args

            skip_clawhub="${1:-false}"
@@ -815,17 +886,18 @@ jobs:
              --dist-tag "${RELEASE_NPM_DIST_TAG}"
              --repo "${GITHUB_REPOSITORY}"
              --workflow-ref "${CHILD_WORKFLOW_REF}"
+              --clawhub-workflow-ref "${clawhub_workflow_ref}"
              --full-release-validation-run "${FULL_RELEASE_VALIDATION_RUN_ID}"
              --plugin-npm-run "${plugin_npm_run_id}"
              --openclaw-npm-run "${openclaw_npm_run_id}"
              --evidence-out "${evidence_path}"
              --skip-github-release
            )
-            if [[ "${skip_clawhub}" == "true" || "${WAIT_FOR_CLAWHUB}" != "true" ]]; then
-              verify_args+=(--skip-clawhub)
-            else
-              verify_args+=(--plugin-clawhub-run "${plugin_clawhub_run_id}")
-            fi
+            clawhub_runtime_state_path="${RUNNER_TEMP}/openclaw-release-clawhub-runtime-state-verify.json"
+            write_clawhub_runtime_state "${skip_clawhub}" "${clawhub_runtime_state_path}"
+            while IFS= read -r arg; do
+              verify_args+=("${arg}")
+            done < <(jq -r '.verifierArgs[]' "${clawhub_runtime_state_path}")
            if [[ -n "${PLUGINS// }" ]]; then
              verify_args+=(--plugins "${PLUGINS}")
            fi
@@ -841,7 +913,7 @@ jobs:
          }

          append_release_proof_to_github_release() {
-            local release_version body_file notes_file tarball integrity telegram_line clawhub_line
+            local release_version body_file notes_file tarball integrity telegram_line clawhub_line clawhub_bootstrap_line clawhub_runtime_state_path

            release_version="${RELEASE_TAG#v}"
            body_file="${RUNNER_TEMP}/release-body.md"
@@ -855,11 +927,10 @@ jobs:
            else
              telegram_line="- npm Telegram beta E2E: not supplied"
            fi
-            if [[ "${WAIT_FOR_CLAWHUB}" == "true" ]]; then
-              clawhub_line="- plugin ClawHub publish: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${plugin_clawhub_run_id}"
-            else
-              clawhub_line="- plugin ClawHub publish: dispatched separately, not awaited by this proof: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${plugin_clawhub_run_id}"
-            fi
+            clawhub_runtime_state_path="${RUNNER_TEMP}/openclaw-release-clawhub-runtime-state-proof.json"
+            write_clawhub_runtime_state false "${clawhub_runtime_state_path}"
+            clawhub_line="$(jq -r '.proofLines.normal' "${clawhub_runtime_state_path}")"
+            clawhub_bootstrap_line="$(jq -r '.proofLines.bootstrap' "${clawhub_runtime_state_path}")"

            RELEASE_BODY_FILE="${body_file}" \
              RELEASE_NOTES_FILE="${notes_file}" \
@@ -875,6 +946,7 @@ jobs:
              PLUGIN_NPM_RUN_ID="${plugin_npm_run_id}" \
              OPENCLAW_NPM_RUN_ID="${openclaw_npm_run_id}" \
              CLAWHUB_LINE="${clawhub_line}" \
+              CLAWHUB_BOOTSTRAP_LINE="${clawhub_bootstrap_line}" \
              TELEGRAM_LINE="${telegram_line}" \
              node --input-type=module <<'NODE'
          import { readFileSync, writeFileSync } from "node:fs";
@@ -899,6 +971,7 @@ jobs:
            `- full release validation: https://github.com/${process.env.RELEASE_REPO}/actions/runs/${process.env.FULL_RELEASE_VALIDATION_RUN_ID}`,
            `- plugin npm publish: https://github.com/${process.env.RELEASE_REPO}/actions/runs/${process.env.PLUGIN_NPM_RUN_ID}`,
            process.env.CLAWHUB_LINE,
+            process.env.CLAWHUB_BOOTSTRAP_LINE,
            `- OpenClaw npm publish: https://github.com/${process.env.RELEASE_REPO}/actions/runs/${process.env.OPENCLAW_NPM_RUN_ID}`,
            process.env.TELEGRAM_LINE,
          ].join("\n");
@@ -915,6 +988,7 @@ jobs:
            echo "### Publish sequence"
            echo
            echo "- Workflow ref: \`${CHILD_WORKFLOW_REF}\`"
+            echo "- ClawHub workflow ref: release tag \`${RELEASE_TAG}\`"
            echo "- Release tag: \`${RELEASE_TAG}\`"
            echo "- Release SHA: \`${TARGET_SHA}\`"
            echo "- Release approval: this workflow job"
@@ -933,27 +1007,66 @@ jobs:

          guard_existing_public_release
          guard_openclaw_npm_not_already_published
+          resolve_clawhub_release_plan

          npm_args=(-f publish_scope="${PLUGIN_PUBLISH_SCOPE}" -f ref="${TARGET_SHA}" -f release_publish_run_id="${GITHUB_RUN_ID}")
-          clawhub_args=(-f publish_scope="${PLUGIN_PUBLISH_SCOPE}" -f ref="${TARGET_SHA}" -f release_publish_run_id="${GITHUB_RUN_ID}")
          if [[ -n "${PLUGINS}" ]]; then
            npm_args+=(-f plugins="${PLUGINS}")
-            clawhub_args+=(-f plugins="${PLUGINS}")
          fi

          plugin_npm_run_id="$(dispatch_workflow plugin-npm-release.yml "${npm_args[@]}")"
-          plugin_clawhub_run_id="$(dispatch_workflow plugin-clawhub-release.yml "${clawhub_args[@]}")"
+          plugin_clawhub_run_id=""
+          if [[ "$(jq -r '.normal.shouldDispatch' "${clawhub_plan_path}")" == "true" ]]; then
+            clawhub_dispatch_args=()
+            append_clawhub_dispatch_args normal
+            plugin_clawhub_run_id="$(dispatch_workflow_at_ref \
+              "$(jq -r '.normal.ref' "${clawhub_plan_path}")" \
+              "$(jq -r '.normal.workflow' "${clawhub_plan_path}")" \
+              "${clawhub_dispatch_args[@]}")"
+          else
+            echo "- plugin-clawhub-release.yml: no normal OIDC candidates" >> "$GITHUB_STEP_SUMMARY"
+          fi
+          plugin_clawhub_bootstrap_run_id=""
+          plugin_clawhub_bootstrap_completed="false"
+          if [[ "$(jq -r '.bootstrap.shouldDispatch' "${clawhub_plan_path}")" == "true" ]]; then
+            clawhub_dispatch_args=()
+            append_clawhub_dispatch_args bootstrap
+            plugin_clawhub_bootstrap_run_id="$(dispatch_workflow_at_ref \
+              "$(jq -r '.bootstrap.ref' "${clawhub_plan_path}")" \
+              "$(jq -r '.bootstrap.workflow' "${clawhub_plan_path}")" \
+              "${clawhub_dispatch_args[@]}")"
+          else
+            echo "- plugin-clawhub-new.yml: no bootstrap candidates" >> "$GITHUB_STEP_SUMMARY"
+          fi
          {
            echo "- Plugin npm run ID: \`${plugin_npm_run_id}\`"
-            echo "- Plugin ClawHub run ID: \`${plugin_clawhub_run_id}\`"
+            echo "- Plugin ClawHub run ID: \`${plugin_clawhub_run_id:-none}\`"
+            echo "- Plugin ClawHub bootstrap run ID: \`${plugin_clawhub_bootstrap_run_id:-none}\`"
          } >> "$GITHUB_STEP_SUMMARY"

          if ! wait_for_run plugin-npm-release.yml "${plugin_npm_run_id}"; then
-            echo "Plugin npm publish failed; cancelling ClawHub publish child ${plugin_clawhub_run_id}." >&2
-            gh run cancel --repo "$GITHUB_REPOSITORY" "${plugin_clawhub_run_id}" >/dev/null 2>&1 || true
+            echo "Plugin npm publish failed; cancelling dispatched ClawHub child workflows." >&2
+            if [[ -n "${plugin_clawhub_run_id}" ]]; then
+              gh run cancel --repo "$GITHUB_REPOSITORY" "${plugin_clawhub_run_id}" >/dev/null 2>&1 || true
+            fi
+            if [[ -n "${plugin_clawhub_bootstrap_run_id}" ]]; then
+              gh run cancel --repo "$GITHUB_REPOSITORY" "${plugin_clawhub_bootstrap_run_id}" >/dev/null 2>&1 || true
+            fi
            exit 1
          fi

+          if [[ -n "${plugin_clawhub_bootstrap_run_id}" && "${WAIT_FOR_CLAWHUB}" == "true" ]]; then
+            echo "Waiting for plugin-clawhub-new.yml bootstrap to finish before continuing release publish."
+            if wait_for_run plugin-clawhub-new.yml "${plugin_clawhub_bootstrap_run_id}"; then
+              plugin_clawhub_bootstrap_completed="true"
+            else
+              if [[ -n "${plugin_clawhub_run_id}" ]]; then
+                gh run cancel --repo "$GITHUB_REPOSITORY" "${plugin_clawhub_run_id}" >/dev/null 2>&1 || true
+              fi
+              exit 1
+            fi
+          fi
+
          openclaw_npm_run_id=""
          if [[ "${PUBLISH_OPENCLAW_NPM}" == "true" ]]; then
            openclaw_npm_run_id="$(dispatch_workflow openclaw-npm-release.yml \
@@ -970,19 +1083,52 @@ jobs:

          clawhub_result=""
          clawhub_pid=""
+          clawhub_bootstrap_result=""
+          clawhub_bootstrap_pid=""
          if [[ "${WAIT_FOR_CLAWHUB}" == "true" ]]; then
-            clawhub_result="$RUNNER_TEMP/clawhub-result.txt"
-            wait_run_pid=""
-            wait_for_run_background plugin-clawhub-release.yml "${plugin_clawhub_run_id}" "${clawhub_result}"
-            clawhub_pid="${wait_run_pid}"
-          else
-            wait_for_job_success plugin-clawhub-release.yml "${plugin_clawhub_run_id}" "Validate release publish approval"
-            if approve_child_publish_environment plugin-clawhub-release.yml "${plugin_clawhub_run_id}"; then
-              :
-            else
-              echo "- plugin-clawhub-release.yml: child environment gate not ready; publish was left dispatched (${plugin_clawhub_run_id})" >> "$GITHUB_STEP_SUMMARY"
+            if [[ -n "${plugin_clawhub_run_id}" ]]; then
+              clawhub_result="$RUNNER_TEMP/clawhub-result.txt"
+              wait_run_pid=""
+              wait_for_run_background plugin-clawhub-release.yml "${plugin_clawhub_run_id}" "${clawhub_result}"
+              clawhub_pid="${wait_run_pid}"
+            fi
+            if [[ -n "${plugin_clawhub_bootstrap_run_id}" ]]; then
+              if [[ "${plugin_clawhub_bootstrap_completed}" == "true" ]]; then
+                echo "- plugin-clawhub-new.yml: bootstrap already completed before continuing" >> "$GITHUB_STEP_SUMMARY"
+              else
+                clawhub_bootstrap_result="$RUNNER_TEMP/clawhub-bootstrap-result.txt"
+                wait_run_pid=""
+                wait_for_run_background plugin-clawhub-new.yml "${plugin_clawhub_bootstrap_run_id}" "${clawhub_bootstrap_result}"
+                clawhub_bootstrap_pid="${wait_run_pid}"
+              fi
+            fi
+          else
+            if [[ -n "${plugin_clawhub_run_id}" ]]; then
+              wait_for_job_success plugin-clawhub-release.yml "${plugin_clawhub_run_id}" "Validate release publish approval"
+              if approve_child_publish_environment plugin-clawhub-release.yml "${plugin_clawhub_run_id}"; then
+                :
+              else
+                echo "- plugin-clawhub-release.yml: child environment gate not ready; publish was left dispatched (${plugin_clawhub_run_id})" >> "$GITHUB_STEP_SUMMARY"
+              fi
+              echo "- plugin-clawhub-release.yml: publish not awaited (${plugin_clawhub_run_id})" >> "$GITHUB_STEP_SUMMARY"
+            else
+              echo "- plugin-clawhub-release.yml: no normal OIDC publish to await" >> "$GITHUB_STEP_SUMMARY"
+            fi
+            if [[ -n "${plugin_clawhub_bootstrap_run_id}" ]]; then
+              if [[ "${plugin_clawhub_bootstrap_completed}" == "true" ]]; then
+                echo "- plugin-clawhub-new.yml: bootstrap already completed before continuing" >> "$GITHUB_STEP_SUMMARY"
+              else
+                wait_for_job_success plugin-clawhub-new.yml "${plugin_clawhub_bootstrap_run_id}" "Validate release publish approval"
+                if approve_child_publish_environment plugin-clawhub-new.yml "${plugin_clawhub_bootstrap_run_id}"; then
+                  :
+                else
+                  echo "- plugin-clawhub-new.yml: child environment gate not ready; bootstrap was left dispatched (${plugin_clawhub_bootstrap_run_id})" >> "$GITHUB_STEP_SUMMARY"
+                fi
+                echo "- plugin-clawhub-new.yml: bootstrap not awaited (${plugin_clawhub_bootstrap_run_id})" >> "$GITHUB_STEP_SUMMARY"
+              fi
+            else
+              echo "- plugin-clawhub-new.yml: no bootstrap publish to await" >> "$GITHUB_STEP_SUMMARY"
            fi
-            echo "- plugin-clawhub-release.yml: publish not awaited (${plugin_clawhub_run_id})" >> "$GITHUB_STEP_SUMMARY"
          fi

          openclaw_result=""
@@ -1011,6 +1157,12 @@ jobs:
          if [[ -f "${clawhub_result}" && "$(cat "${clawhub_result}")" != "success" ]]; then
            failed=1
          fi
+          if [[ -n "${clawhub_bootstrap_pid}" ]] && ! wait "${clawhub_bootstrap_pid}"; then
+            failed=1
+          fi
+          if [[ -f "${clawhub_bootstrap_result}" && "$(cat "${clawhub_bootstrap_result}")" != "success" ]]; then
+            failed=1
+          fi

          if [[ -n "${openclaw_npm_run_id}" && "${openclaw_failed}" == "0" ]]; then
            if [[ "${failed}" == "0" ]]; then
--- a/.github/workflows/plugin-clawhub-new.yml
+++ b/.github/workflows/plugin-clawhub-new.yml
@@ -0,0 +1,504 @@
+name: Plugin ClawHub New
+
+on:
+  workflow_dispatch:
+    inputs:
+      plugins:
+        description: Comma-separated plugin package names to bootstrap on ClawHub
+        required: true
+        type: string
+      ref:
+        description: Commit SHA on main, a release branch, or the matching Tideclaw alpha branch to publish from; defaults to the workflow ref
+        required: false
+        default: ""
+        type: string
+      release_publish_run_id:
+        description: Approved OpenClaw Release Publish workflow run id
+        required: false
+        type: string
+      release_publish_branch:
+        description: Branch name of the approving OpenClaw Release Publish workflow run
+        required: false
+        type: string
+      dry_run:
+        description: Validate the token-gated ClawHub bootstrap handoff without publishing.
+        required: false
+        default: false
+        type: boolean
+
+concurrency:
+  group: plugin-clawhub-new-${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.sha }}
+  cancel-in-progress: false
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+  NODE_VERSION: "24.15.0"
+  CLAWHUB_REGISTRY: "https://clawhub.ai"
+  CLAWHUB_CLI_PACKAGE: "clawhub@0.21.0"
+
+jobs:
+  resolve_bootstrap_plan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    outputs:
+      ref_revision: ${{ steps.ref.outputs.sha }}
+      has_bootstrap_candidates: ${{ steps.plan.outputs.has_bootstrap_candidates }}
+      bootstrap_candidate_count: ${{ steps.plan.outputs.bootstrap_candidate_count }}
+      matrix: ${{ steps.plan.outputs.matrix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          ref: ${{ github.ref }}
+          fetch-depth: 0
+
+      - name: Resolve checked-out ref
+        id: ref
+        env:
+          TARGET_REF: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || '' }}
+        run: |
+          set -euo pipefail
+          git fetch --no-tags origin \
+            +refs/heads/main:refs/remotes/origin/main \
+            '+refs/heads/release/*:refs/remotes/origin/release/*'
+          if [[ -n "${TARGET_REF}" ]]; then
+            if git rev-parse --verify --quiet "${TARGET_REF}^{commit}" >/dev/null; then
+              target_sha="$(git rev-parse "${TARGET_REF}^{commit}")"
+            elif git rev-parse --verify --quiet "origin/${TARGET_REF}^{commit}" >/dev/null; then
+              target_sha="$(git rev-parse "origin/${TARGET_REF}^{commit}")"
+            else
+              echo "Unable to resolve requested publish ref: ${TARGET_REF}" >&2
+              exit 1
+            fi
+            git checkout --detach "${target_sha}"
+          fi
+          echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
+
+      - name: Validate ref is on a trusted publish branch
+        env:
+          TRUSTED_PUBLISH_BRANCH: ${{ inputs.release_publish_branch || github.ref_name }}
+        run: |
+          set -euo pipefail
+          if git merge-base --is-ancestor HEAD origin/main; then
+            exit 0
+          fi
+          while IFS= read -r release_ref; do
+            if git merge-base --is-ancestor HEAD "${release_ref}"; then
+              exit 0
+            fi
+          done < <(git for-each-ref --format='%(refname)' refs/remotes/origin/release)
+          if [[ "${TRUSTED_PUBLISH_BRANCH}" =~ ^tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            alpha_branch="${TRUSTED_PUBLISH_BRANCH}"
+            git fetch --no-tags origin "+refs/heads/${alpha_branch}:refs/remotes/origin/${alpha_branch}"
+            if git merge-base --is-ancestor HEAD "refs/remotes/origin/${alpha_branch}"; then
+              exit 0
+            fi
+          fi
+          echo "Plugin ClawHub bootstraps must target a commit reachable from main, release/*, or the matching Tideclaw alpha branch." >&2
+          exit 1
+
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          install-bun: "false"
+
+      - name: Validate publishable plugin metadata
+        env:
+          RELEASE_PLUGINS: ${{ inputs.plugins }}
+        run: |
+          set -euo pipefail
+          if [[ -z "${RELEASE_PLUGINS// }" ]]; then
+            echo "Plugin ClawHub bootstrap requires at least one package name in plugins." >&2
+            exit 1
+          fi
+          pnpm release:plugins:clawhub:check -- --selection-mode selected --plugins "${RELEASE_PLUGINS}"
+
+      - name: Resolve plugin bootstrap plan
+        id: plan
+        env:
+          RELEASE_PLUGINS: ${{ inputs.plugins }}
+          CLAWHUB_REGISTRY: ${{ env.CLAWHUB_REGISTRY }}
+        run: |
+          set -euo pipefail
+          mkdir -p .local
+          node --import tsx scripts/plugin-clawhub-release-plan.ts \
+            --selection-mode selected \
+            --plugins "${RELEASE_PLUGINS}" > .local/plugin-clawhub-release-plan.json
+
+          cat .local/plugin-clawhub-release-plan.json
+
+          bootstrap_candidate_count="$(jq -r '(.bootstrapCandidates | length) + (.missingTrustedPublisher | length)' .local/plugin-clawhub-release-plan.json)"
+          selected_count="$(jq -r '.all | length' .local/plugin-clawhub-release-plan.json)"
+          matrix_json="$(
+            jq -c '
+              [
+                .bootstrapCandidates[]? + {
+                  bootstrapMode: "publish",
+                  requiresManualOverride: false
+                },
+                .missingTrustedPublisher[]? + {
+                  bootstrapMode: (if .alreadyPublished then "configure-only" else "publish" end),
+                  requiresManualOverride: true
+                }
+              ]
+            ' .local/plugin-clawhub-release-plan.json
+          )"
+          has_bootstrap_candidates="false"
+          if [[ "${bootstrap_candidate_count}" != "0" ]]; then
+            has_bootstrap_candidates="true"
+          fi
+
+          invalid_scope="$(
+            jq -r '
+              (.bootstrapCandidates[]?, .missingTrustedPublisher[]?)
+              | select(.packageName | startswith("@openclaw/") | not)
+              | "- \(.packageName)@\(.version)"
+            ' .local/plugin-clawhub-release-plan.json
+          )"
+          if [[ -n "${invalid_scope}" ]]; then
+            echo "Plugin ClawHub bootstrap only supports @openclaw/* packages." >&2
+            printf '%s\n' "${invalid_scope}" >&2
+            exit 1
+          fi
+
+          not_bootstrap="$(
+            jq -r '
+              (.bootstrapCandidates | map(.packageName)) as $bootstrapNames
+              | (.missingTrustedPublisher | map(.packageName)) as $repairNames
+              | .all[]?
+              | select(.packageName as $name | ($bootstrapNames + $repairNames | index($name) | not))
+              | "- \(.packageName)@\(.version)"
+            ' .local/plugin-clawhub-release-plan.json
+          )"
+          if [[ -n "${not_bootstrap}" ]]; then
+            echo "Selected packages must all be first-publish bootstrap candidates or trusted-publisher repair candidates." >&2
+            printf '%s\n' "${not_bootstrap}" >&2
+            exit 1
+          fi
+          if [[ "${selected_count}" == "0" || "${bootstrap_candidate_count}" == "0" ]]; then
+            echo "No selected packages require ClawHub bootstrap." >&2
+            exit 1
+          fi
+
+          {
+            echo "bootstrap_candidate_count=${bootstrap_candidate_count}"
+            echo "has_bootstrap_candidates=${has_bootstrap_candidates}"
+            echo "matrix=${matrix_json}"
+          } >> "$GITHUB_OUTPUT"
+
+          echo "ClawHub bootstrap candidates:"
+          jq -r '
+            .bootstrapCandidates[]? | "- \(.packageName)@\(.version) [\(.publishTag)] from \(.packageDir)"
+          ' .local/plugin-clawhub-release-plan.json
+          echo "ClawHub trusted-publisher repair candidates:"
+          jq -r '
+            .missingTrustedPublisher[]? | "- \(.packageName)@\(.version) [\(.publishTag)] from \(.packageDir), alreadyPublished=\(.alreadyPublished)"
+          ' .local/plugin-clawhub-release-plan.json
+
+      - name: Validate Tideclaw alpha plugin channels
+        env:
+          TRUSTED_PUBLISH_BRANCH: ${{ inputs.release_publish_branch || github.ref_name }}
+        run: |
+          set -euo pipefail
+          if [[ ! "${TRUSTED_PUBLISH_BRANCH}" =~ ^tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            exit 0
+          fi
+          invalid="$(
+            jq -r '
+              (.bootstrapCandidates[]?, .missingTrustedPublisher[]?)
+              | select(.publishTag != "alpha" or .channel != "alpha")
+              | "- \(.packageName)@\(.version) [\(.publishTag)]"
+            ' .local/plugin-clawhub-release-plan.json
+          )"
+          if [[ -n "${invalid}" ]]; then
+            echo "Tideclaw alpha ClawHub bootstraps may only publish alpha plugin versions." >&2
+            printf '%s\n' "${invalid}" >&2
+            exit 1
+          fi
+
+  validate_release_publish_approval:
+    name: Validate release publish approval
+    needs: resolve_bootstrap_plan
+    if: github.event_name == 'workflow_dispatch' && needs.resolve_bootstrap_plan.outputs.has_bootstrap_candidates == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Validate release publish approval run
+        env:
+          GH_TOKEN: ${{ github.token }}
+          RELEASE_PUBLISH_RUN_ID: ${{ inputs.release_publish_run_id }}
+          EXPECTED_WORKFLOW_BRANCH: ${{ inputs.release_publish_branch || github.ref_name }}
+        run: |
+          set -euo pipefail
+          if [[ -z "${RELEASE_PUBLISH_RUN_ID// }" ]]; then
+            if [[ "${GITHUB_ACTOR}" == "github-actions[bot]" ]]; then
+              echo "Plugin ClawHub bootstrap dispatched by another workflow must include release_publish_run_id." >&2
+              exit 1
+            fi
+            echo "Direct Plugin ClawHub New dispatch; relying on this workflow's clawhub-plugin-bootstrap environment approval."
+            exit 0
+          fi
+          direct_recovery=false
+          if [[ "${GITHUB_ACTOR}" != "github-actions[bot]" ]]; then
+            direct_recovery=true
+            echo "Direct Plugin ClawHub New recovery with release_publish_run_id; relying on this workflow's clawhub-plugin-bootstrap environment approval."
+          fi
+          RUN_JSON="$(gh run view "$RELEASE_PUBLISH_RUN_ID" --repo "$GITHUB_REPOSITORY" --json workflowName,headBranch,event,status,conclusion,url)"
+          printf '%s' "$RUN_JSON" | DIRECT_RELEASE_RECOVERY="${direct_recovery}" node scripts/validate-release-publish-approval.mjs
+
+  validate_bootstrap_trusted_publisher_cli:
+    needs: [resolve_bootstrap_plan, validate_release_publish_approval]
+    if: always() && github.event_name == 'workflow_dispatch' && inputs.dry_run != true && needs.resolve_bootstrap_plan.outputs.has_bootstrap_candidates == 'true' && needs.validate_release_publish_approval.result == 'success'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Validate pinned ClawHub trusted publisher CLI support
+        env:
+          CLAWHUB_CLI_PACKAGE: ${{ env.CLAWHUB_CLI_PACKAGE }}
+        run: |
+          set -euo pipefail
+          help_output="$(
+            npm exec --yes --package "${CLAWHUB_CLI_PACKAGE}" -- \
+              clawhub package trusted-publisher set --help 2>&1 || true
+          )"
+          printf '%s\n' "${help_output}"
+          if ! grep -Fq "Usage: clawhub package trusted-publisher set" <<<"${help_output}"; then
+            echo "::error::CLAW-277 03 - Split OpenClaw plugin ClawHub publishing into OIDC release and token bootstrap workflows requires ${CLAWHUB_CLI_PACKAGE} to expose 'package trusted-publisher set' before token bootstrap publish can run. The pinned CLI returned parent help or no set command, so this workflow is stopping before creating a ClawHub package row."
+            exit 1
+          fi
+          for required_flag in --repository --workflow-filename; do
+            if ! grep -Fq -- "${required_flag}" <<<"${help_output}"; then
+              echo "::error::CLAW-277 03 - Split OpenClaw plugin ClawHub publishing into OIDC release and token bootstrap workflows requires ${CLAWHUB_CLI_PACKAGE} trusted-publisher set help to include ${required_flag}."
+              exit 1
+            fi
+          done
+
+  publish_bootstrap_plugins:
+    needs:
+      [
+        resolve_bootstrap_plan,
+        validate_release_publish_approval,
+        validate_bootstrap_trusted_publisher_cli,
+      ]
+    if: always() && github.event_name == 'workflow_dispatch' && needs.resolve_bootstrap_plan.outputs.has_bootstrap_candidates == 'true' && needs.validate_release_publish_approval.result == 'success' && (inputs.dry_run == true || needs.validate_bootstrap_trusted_publisher_cli.result == 'success')
+    runs-on: ubuntu-latest
+    environment: clawhub-plugin-bootstrap
+    permissions:
+      contents: read
+    strategy:
+      fail-fast: false
+      max-parallel: 8
+      matrix:
+        plugin: ${{ fromJson(needs.resolve_bootstrap_plan.outputs.matrix) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+          ref: ${{ github.ref }}
+          fetch-depth: 0
+
+      - name: Checkout target revision
+        env:
+          TARGET_SHA: ${{ needs.resolve_bootstrap_plan.outputs.ref_revision }}
+        run: |
+          set -euo pipefail
+          git fetch --no-tags origin \
+            +refs/heads/main:refs/remotes/origin/main \
+            '+refs/heads/release/*:refs/remotes/origin/release/*'
+          git checkout --detach "${TARGET_SHA}"
+
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          install-bun: "true"
+          install-deps: "true"
+
+      - name: Verify package-local runtime build
+        run: node scripts/check-plugin-npm-runtime-builds.mjs --package "${{ matrix.plugin.packageDir }}"
+
+      - name: Install pinned ClawHub CLI wrapper
+        run: |
+          set -euo pipefail
+          cat > "${RUNNER_TEMP}/clawhub" <<'EOF'
+          #!/usr/bin/env bash
+          set -euo pipefail
+          exec npm exec --yes --package "${CLAWHUB_CLI_PACKAGE}" -- clawhub "$@"
+          EOF
+          chmod +x "${RUNNER_TEMP}/clawhub"
+          echo "${RUNNER_TEMP}" >> "${GITHUB_PATH}"
+
+      - name: Write ClawHub token config
+        if: inputs.dry_run != true
+        env:
+          CLAWHUB_REGISTRY: ${{ env.CLAWHUB_REGISTRY }}
+          CLAWHUB_TOKEN: ${{ secrets.CLAWHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+          config_path="${RUNNER_TEMP}/clawhub-config.json"
+          CONFIG_PATH="${config_path}" node --input-type=module <<'NODE'
+          import { writeFileSync } from "node:fs";
+
+          const registry = process.env.CLAWHUB_REGISTRY?.trim();
+          const token = process.env.CLAWHUB_TOKEN?.trim();
+          const configPath = process.env.CONFIG_PATH;
+          if (!registry) {
+            throw new Error("CLAWHUB_REGISTRY is required for token-gated ClawHub bootstrap.");
+          }
+          if (!token) {
+            throw new Error("CLAWHUB_TOKEN is required for token-gated ClawHub bootstrap.");
+          }
+          if (!configPath) {
+            throw new Error("CONFIG_PATH is required.");
+          }
+
+          writeFileSync(configPath, `${JSON.stringify({ registry, token }, null, 2)}\n`, {
+            encoding: "utf8",
+            mode: 0o600,
+          });
+          NODE
+          echo "CLAWHUB_CONFIG_PATH=${config_path}" >> "${GITHUB_ENV}"
+
+      - name: Publish ClawHub bootstrap package
+        env:
+          CLAWHUB_REGISTRY: ${{ env.CLAWHUB_REGISTRY }}
+          SOURCE_REPO: ${{ github.repository }}
+          SOURCE_COMMIT: ${{ needs.resolve_bootstrap_plan.outputs.ref_revision }}
+          SOURCE_REF: ${{ github.ref }}
+          PACKAGE_TAG: ${{ matrix.plugin.publishTag }}
+          PACKAGE_DIR: ${{ matrix.plugin.packageDir }}
+          BOOTSTRAP_MODE: ${{ matrix.plugin.bootstrapMode }}
+          REQUIRES_MANUAL_OVERRIDE: ${{ matrix.plugin.requiresManualOverride && 'true' || 'false' }}
+          DRY_RUN: ${{ inputs.dry_run && 'true' || 'false' }}
+          OPENCLAW_PLUGIN_NPM_RUNTIME_BUILD: "0"
+        run: |
+          set -euo pipefail
+          if [[ "${BOOTSTRAP_MODE}" == "configure-only" ]]; then
+            echo "Skipping bootstrap publish because ${PACKAGE_DIR} version is already present on ClawHub; configuring trusted publisher only."
+          elif [[ "${DRY_RUN}" == "true" ]]; then
+            bash scripts/plugin-clawhub-publish.sh --dry-run "${PACKAGE_DIR}"
+          else
+            if [[ "${REQUIRES_MANUAL_OVERRIDE}" == "true" ]]; then
+              export OPENCLAW_CLAWHUB_MANUAL_OVERRIDE_REASON="GitHub Actions trusted publisher repair before OIDC migration"
+            fi
+            bash scripts/plugin-clawhub-publish.sh --publish "${PACKAGE_DIR}"
+          fi
+
+      - name: Configure trusted publisher for normal OIDC releases
+        if: inputs.dry_run != true
+        env:
+          CLAWHUB_CLI_PACKAGE: ${{ env.CLAWHUB_CLI_PACKAGE }}
+          PACKAGE_NAME: ${{ matrix.plugin.packageName }}
+        run: |
+          set -euo pipefail
+          npm exec --yes --package "${CLAWHUB_CLI_PACKAGE}" -- \
+            clawhub package trusted-publisher set "${PACKAGE_NAME}" \
+              --repository openclaw/openclaw \
+              --workflow-filename plugin-clawhub-release.yml
+
+  verify_bootstrap_clawhub_package:
+    needs: [resolve_bootstrap_plan, publish_bootstrap_plugins]
+    if: github.event_name == 'workflow_dispatch' && inputs.dry_run != true && needs.resolve_bootstrap_plan.outputs.has_bootstrap_candidates == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    strategy:
+      fail-fast: false
+      max-parallel: 8
+      matrix:
+        plugin: ${{ fromJson(needs.resolve_bootstrap_plan.outputs.matrix) }}
+    steps:
+      - name: Verify bootstrap ClawHub package and trusted publisher
+        env:
+          CLAWHUB_REGISTRY: ${{ env.CLAWHUB_REGISTRY }}
+          PACKAGE_NAME: ${{ matrix.plugin.packageName }}
+          PACKAGE_VERSION: ${{ matrix.plugin.version }}
+          PACKAGE_TAG: ${{ matrix.plugin.publishTag }}
+        run: |
+          set -euo pipefail
+          node --input-type=module <<'EOF'
+          const registry = (process.env.CLAWHUB_REGISTRY ?? "https://clawhub.ai").replace(/\/+$/, "");
+          const packageName = process.env.PACKAGE_NAME;
+          const packageVersion = process.env.PACKAGE_VERSION;
+          const packageTag = process.env.PACKAGE_TAG;
+          if (!packageName || !packageVersion || !packageTag) {
+            throw new Error("Missing ClawHub bootstrap verification env.");
+          }
+          const encodedName = encodeURIComponent(packageName);
+          const encodedVersion = encodeURIComponent(packageVersion);
+          const detailUrl = `${registry}/api/v1/packages/${encodedName}`;
+          const trustedPublisherUrl = `${detailUrl}/trusted-publisher`;
+          const versionUrl = `${detailUrl}/versions/${encodedVersion}`;
+          const artifactUrl = `${versionUrl}/artifact/download`;
+
+          async function fetchWithRetry(url, options = {}) {
+            let lastStatus = "unknown";
+            for (let attempt = 1; attempt <= 12; attempt += 1) {
+              try {
+                const response = await fetch(url, { redirect: "manual", ...options });
+                lastStatus = response.status;
+                if (response.status !== 429 && response.status < 500) {
+                  return response;
+                }
+              } catch (error) {
+                lastStatus = error instanceof Error ? error.message : String(error);
+              }
+              await new Promise((resolve) => setTimeout(resolve, attempt * 5000));
+            }
+            throw new Error(`${url} did not stabilize; last status ${lastStatus}.`);
+          }
+
+          const detailResponse = await fetchWithRetry(detailUrl, {
+            headers: { accept: "application/json" },
+          });
+          if (!detailResponse.ok) {
+            throw new Error(`${detailUrl} returned HTTP ${detailResponse.status}.`);
+          }
+          const detail = await detailResponse.json();
+          const tags = detail?.package?.tags ?? {};
+          if (tags[packageTag] !== packageVersion) {
+            throw new Error(
+              `${packageName}: ClawHub tag ${packageTag} points to ${tags[packageTag] ?? "<missing>"}, expected ${packageVersion}.`,
+            );
+          }
+
+          const trustedPublisherResponse = await fetchWithRetry(trustedPublisherUrl, {
+            headers: { accept: "application/json" },
+          });
+          if (!trustedPublisherResponse.ok) {
+            throw new Error(`${trustedPublisherUrl} returned HTTP ${trustedPublisherResponse.status}.`);
+          }
+          const trustedPublisherDetail = await trustedPublisherResponse.json();
+          const trustedPublisher = trustedPublisherDetail?.trustedPublisher;
+          if (
+            trustedPublisher?.repository !== "openclaw/openclaw" ||
+            trustedPublisher?.workflowFilename !== "plugin-clawhub-release.yml" ||
+            trustedPublisher?.environment != null
+          ) {
+            throw new Error(
+              `${packageName}: trusted publisher config did not match openclaw/openclaw plugin-clawhub-release.yml without an environment pin.`,
+            );
+          }
+
+          const versionResponse = await fetchWithRetry(versionUrl);
+          if (!versionResponse.ok) {
+            throw new Error(`${versionUrl} returned HTTP ${versionResponse.status}.`);
+          }
+          const artifactResponse = await fetchWithRetry(artifactUrl, { method: "HEAD" });
+          if (artifactResponse.status < 200 || artifactResponse.status >= 400) {
+            throw new Error(`${artifactUrl} returned HTTP ${artifactResponse.status}.`);
+          }
+          console.log(`${packageName}@${packageVersion} bootstrap verified on ClawHub.`);
+          EOF
--- a/.github/workflows/plugin-clawhub-release.yml
+++ b/.github/workflows/plugin-clawhub-release.yml
@@ -16,7 +16,7 @@ on:
        required: false
        type: string
      ref:
-        description: Commit SHA on main, a release branch, or the matching Tideclaw alpha branch to publish from; defaults to the workflow ref
+        description: Dry-run target ref to validate; real OIDC publishes must dispatch the workflow with --ref set to the target release tag/ref
        required: false
        default: ""
        type: string
@@ -24,6 +24,10 @@ on:
        description: Approved OpenClaw Release Publish workflow run id
        required: false
        type: string
+      release_publish_branch:
+        description: Branch name of the approving OpenClaw Release Publish workflow run
+        required: false
+        type: string
      dry_run:
        description: Validate the full ClawHub artifact handoff without publishing.
        required: false
@@ -38,9 +42,7 @@ env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
  NODE_VERSION: "24.15.0"
  CLAWHUB_REGISTRY: "https://clawhub.ai"
-  CLAWHUB_REPOSITORY: "openclaw/clawhub"
-  # Pinned to a reviewed ClawHub commit so release behavior stays reproducible.
-  CLAWHUB_REF: "c9bb13023598dcc547fdf4a93b9d42512b8c8854"
+  CLAWHUB_CLI_PACKAGE: "clawhub@0.21.0"

 jobs:
  preview_plugins_clawhub:
@@ -50,9 +52,15 @@ jobs:
    outputs:
      ref_revision: ${{ steps.ref.outputs.sha }}
      has_candidates: ${{ steps.plan.outputs.has_candidates }}
+      has_bootstrap_candidates: ${{ steps.plan.outputs.has_bootstrap_candidates }}
+      has_missing_trusted_publisher: ${{ steps.plan.outputs.has_missing_trusted_publisher }}
      candidate_count: ${{ steps.plan.outputs.candidate_count }}
+      bootstrap_candidate_count: ${{ steps.plan.outputs.bootstrap_candidate_count }}
+      missing_trusted_publisher_count: ${{ steps.plan.outputs.missing_trusted_publisher_count }}
      skipped_published_count: ${{ steps.plan.outputs.skipped_published_count }}
      matrix: ${{ steps.plan.outputs.matrix }}
+      bootstrap_matrix: ${{ steps.plan.outputs.bootstrap_matrix }}
+      missing_trusted_publisher_matrix: ${{ steps.plan.outputs.missing_trusted_publisher_matrix }}
    steps:
      - name: Checkout
        uses: actions/checkout@v6
@@ -83,9 +91,27 @@ jobs:
          fi
          echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"

+      - name: Validate OIDC source matches workflow ref
+        env:
+          TARGET_SHA: ${{ steps.ref.outputs.sha }}
+          WORKFLOW_SHA: ${{ github.sha }}
+          DRY_RUN: ${{ inputs.dry_run && 'true' || 'false' }}
+        run: |
+          set -euo pipefail
+          if [[ "${TARGET_SHA}" != "${WORKFLOW_SHA}" ]]; then
+            if [[ "${DRY_RUN}" == "true" ]]; then
+              echo "Dry-run publish target differs from workflow ref; allowing validation-only dispatch."
+              exit 0
+            fi
+            echo "Plugin ClawHub OIDC publishes must run from the same ref that is being published." >&2
+            echo "The ref input is only supported for dry_run=true." >&2
+            echo "For real publishes, dispatch this workflow with --ref pointing at the target release tag/ref and omit the ref input." >&2
+            exit 1
+          fi
+
      - name: Validate ref is on a trusted publish branch
        env:
-          WORKFLOW_REF: ${{ github.ref }}
+          TRUSTED_PUBLISH_BRANCH: ${{ inputs.release_publish_branch || github.ref_name }}
        run: |
          set -euo pipefail
          if git merge-base --is-ancestor HEAD origin/main; then
@@ -96,8 +122,8 @@ jobs:
              exit 0
            fi
          done < <(git for-each-ref --format='%(refname)' refs/remotes/origin/release)
-          if [[ "${WORKFLOW_REF}" =~ ^refs/heads/tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
-            alpha_branch="${WORKFLOW_REF#refs/heads/}"
+          if [[ "${TRUSTED_PUBLISH_BRANCH}" =~ ^tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            alpha_branch="${TRUSTED_PUBLISH_BRANCH}"
            git fetch --no-tags origin "+refs/heads/${alpha_branch}:refs/remotes/origin/${alpha_branch}"
            if git merge-base --is-ancestor HEAD "refs/remotes/origin/${alpha_branch}"; then
              exit 0
@@ -158,36 +184,78 @@ jobs:
          cat .local/plugin-clawhub-release-plan.json

          candidate_count="$(jq -r '.candidates | length' .local/plugin-clawhub-release-plan.json)"
+          bootstrap_candidate_count="$(jq -r '.bootstrapCandidates | length' .local/plugin-clawhub-release-plan.json)"
+          missing_trusted_publisher_count="$(jq -r '.missingTrustedPublisher | length' .local/plugin-clawhub-release-plan.json)"
          skipped_published_count="$(jq -r '.skippedPublished | length' .local/plugin-clawhub-release-plan.json)"
          has_candidates="false"
          if [[ "${candidate_count}" != "0" ]]; then
            has_candidates="true"
          fi
+          has_bootstrap_candidates="false"
+          if [[ "${bootstrap_candidate_count}" != "0" ]]; then
+            has_bootstrap_candidates="true"
+          fi
+          has_missing_trusted_publisher="false"
+          if [[ "${missing_trusted_publisher_count}" != "0" ]]; then
+            has_missing_trusted_publisher="true"
+          fi
          matrix_json="$(jq -c '.candidates' .local/plugin-clawhub-release-plan.json)"
+          bootstrap_matrix_json="$(jq -c '.bootstrapCandidates' .local/plugin-clawhub-release-plan.json)"
+          missing_trusted_publisher_matrix_json="$(jq -c '.missingTrustedPublisher' .local/plugin-clawhub-release-plan.json)"

          {
            echo "candidate_count=${candidate_count}"
+            echo "bootstrap_candidate_count=${bootstrap_candidate_count}"
+            echo "missing_trusted_publisher_count=${missing_trusted_publisher_count}"
            echo "skipped_published_count=${skipped_published_count}"
            echo "has_candidates=${has_candidates}"
+            echo "has_bootstrap_candidates=${has_bootstrap_candidates}"
+            echo "has_missing_trusted_publisher=${has_missing_trusted_publisher}"
            echo "matrix=${matrix_json}"
+            echo "bootstrap_matrix=${bootstrap_matrix_json}"
+            echo "missing_trusted_publisher_matrix=${missing_trusted_publisher_matrix_json}"
          } >> "$GITHUB_OUTPUT"

          echo "Plugin release candidates:"
          jq -r '.candidates[]? | "- \(.packageName)@\(.version) [\(.publishTag)] from \(.packageDir)"' .local/plugin-clawhub-release-plan.json

+          echo "Bootstrap candidates requiring token bootstrap:"
+          jq -r '.bootstrapCandidates[]? | "- \(.packageName)@\(.version) [\(.publishTag)] from \(.packageDir)"' .local/plugin-clawhub-release-plan.json
+
+          echo "Missing trusted publisher candidates:"
+          jq -r '.missingTrustedPublisher[]? | "- \(.packageName)@\(.version) [\(.publishTag)] from \(.packageDir)"' .local/plugin-clawhub-release-plan.json
+
          echo "Already published / skipped:"
          jq -r '.skippedPublished[]? | "- \(.packageName)@\(.version)"' .local/plugin-clawhub-release-plan.json

+      - name: Fail when trusted publisher is missing
+        if: steps.plan.outputs.missing_trusted_publisher_count != '0'
+        run: |
+          echo "::error::One or more ClawHub packages exist but do not have trusted publishing configured. Configure trusted publishing before running the normal OIDC publish workflow."
+          jq -r '.missingTrustedPublisher[]? | "::error::Missing trusted publisher: \(.packageName)@\(.version). Configure trusted publishing for openclaw/openclaw, workflow plugin-clawhub-release.yml."' .local/plugin-clawhub-release-plan.json
+          exit 1
+
+      - name: Fail normal publish when bootstrap is required
+        if: steps.plan.outputs.bootstrap_candidate_count != '0'
+        run: |
+          echo "::error::One or more ClawHub packages do not exist yet and require the token-gated Plugin ClawHub New bootstrap workflow before normal OIDC publish can run."
+          jq -r '.bootstrapCandidates[]? | "::error::Bootstrap required: \(.packageName)@\(.version). Dispatch plugin-clawhub-new.yml for this package, then rerun the normal release."' .local/plugin-clawhub-release-plan.json
+          exit 1
+
      - name: Fail manual publish when target versions already exist
-        if: github.event_name == 'workflow_dispatch' && inputs.publish_scope == 'selected' && steps.plan.outputs.skipped_published_count != '0'
+        if: github.event_name == 'workflow_dispatch' && inputs.dry_run != true && inputs.publish_scope == 'selected' && steps.plan.outputs.skipped_published_count != '0'
        run: |
          echo "::error::One or more selected plugin versions already exist on ClawHub. Bump the version before running a real publish."
          exit 1

      - name: Validate Tideclaw alpha plugin channels
-        if: startsWith(github.ref, 'refs/heads/tideclaw/alpha/')
+        env:
+          TRUSTED_PUBLISH_BRANCH: ${{ inputs.release_publish_branch || github.ref_name }}
        run: |
          set -euo pipefail
+          if [[ ! "${TRUSTED_PUBLISH_BRANCH}" =~ ^tideclaw/alpha/[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{4}Z$ ]]; then
+            exit 0
+          fi
          invalid="$(
            jq -r '.candidates[]? | select(.publishTag != "alpha" or .channel != "alpha") | "- \(.packageName)@\(.version) [\(.publishTag)]"' .local/plugin-clawhub-release-plan.json
          )"
@@ -215,7 +283,7 @@ jobs:
        env:
          GH_TOKEN: ${{ github.token }}
          RELEASE_PUBLISH_RUN_ID: ${{ inputs.release_publish_run_id }}
-          EXPECTED_WORKFLOW_BRANCH: ${{ github.ref_name }}
+          EXPECTED_WORKFLOW_BRANCH: ${{ inputs.release_publish_branch || github.ref_name }}
        run: |
          set -euo pipefail
          if [[ -z "${RELEASE_PUBLISH_RUN_ID// }" ]]; then
@@ -234,99 +302,8 @@ jobs:
          RUN_JSON="$(gh run view "$RELEASE_PUBLISH_RUN_ID" --repo "$GITHUB_REPOSITORY" --json workflowName,headBranch,event,status,conclusion,url)"
          printf '%s' "$RUN_JSON" | DIRECT_RELEASE_RECOVERY="${direct_recovery}" node scripts/validate-release-publish-approval.mjs

-  preview_plugin_pack:
-    needs: preview_plugins_clawhub
-    if: needs.preview_plugins_clawhub.outputs.has_candidates == 'true'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    strategy:
-      fail-fast: false
-      max-parallel: 12
-      matrix:
-        plugin: ${{ fromJson(needs.preview_plugins_clawhub.outputs.matrix) }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          persist-credentials: false
-          ref: ${{ github.ref }}
-          fetch-depth: 0
-
-      - name: Checkout target revision
-        env:
-          TARGET_SHA: ${{ needs.preview_plugins_clawhub.outputs.ref_revision }}
-        run: |
-          set -euo pipefail
-          git fetch --no-tags origin \
-            +refs/heads/main:refs/remotes/origin/main \
-            '+refs/heads/release/*:refs/remotes/origin/release/*'
-          git checkout --detach "${TARGET_SHA}"
-
-      - name: Setup Node environment
-        uses: ./.github/actions/setup-node-env
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          install-bun: "true"
-          install-deps: "true"
-
-      - name: Checkout ClawHub CLI source
-        uses: actions/checkout@v6
-        with:
-          persist-credentials: false
-          repository: ${{ env.CLAWHUB_REPOSITORY }}
-          ref: main
-          path: clawhub-source
-          fetch-depth: 0
-
-      - name: Checkout pinned ClawHub CLI revision
-        working-directory: clawhub-source
-        env:
-          CLAWHUB_REF: ${{ env.CLAWHUB_REF }}
-        run: git checkout --detach "${CLAWHUB_REF}"
-
-      - name: Install ClawHub CLI dependencies
-        working-directory: clawhub-source
-        run: |
-          set -euo pipefail
-          for attempt in 1 2 3; do
-            if bun install --frozen-lockfile; then
-              exit 0
-            fi
-            status="$?"
-            if [[ "${attempt}" == "3" ]]; then
-              exit "${status}"
-            fi
-            echo "bun install failed while preparing ClawHub CLI; retrying (${attempt}/3)."
-            rm -rf node_modules "${RUNNER_TEMP}/bun-install-cache" || true
-            sleep $((attempt * 15))
-          done
-
-      - name: Bootstrap ClawHub CLI
-        run: |
-          cat > "$RUNNER_TEMP/clawhub" <<'EOF'
-          #!/usr/bin/env bash
-          set -euo pipefail
-          exec bun "$GITHUB_WORKSPACE/clawhub-source/packages/clawhub/src/cli.ts" "$@"
-          EOF
-          chmod +x "$RUNNER_TEMP/clawhub"
-          echo "$RUNNER_TEMP" >> "$GITHUB_PATH"
-
-      - name: Verify package-local runtime build
-        run: node scripts/check-plugin-npm-runtime-builds.mjs --package "${{ matrix.plugin.packageDir }}"
-
-      - name: Preview publish command
-        env:
-          CLAWHUB_REGISTRY: ${{ env.CLAWHUB_REGISTRY }}
-          SOURCE_REPO: ${{ github.repository }}
-          SOURCE_COMMIT: ${{ needs.preview_plugins_clawhub.outputs.ref_revision }}
-          SOURCE_REF: ${{ github.ref }}
-          PACKAGE_TAG: ${{ matrix.plugin.publishTag }}
-          PACKAGE_DIR: ${{ matrix.plugin.packageDir }}
-        run: bash scripts/plugin-clawhub-publish.sh --dry-run "${PACKAGE_DIR}"
-
  pack_plugins_clawhub_artifacts:
-    needs: [preview_plugins_clawhub, preview_plugin_pack, validate_release_publish_approval]
+    needs: [preview_plugins_clawhub, validate_release_publish_approval]
    if: github.event_name == 'workflow_dispatch' && needs.preview_plugins_clawhub.outputs.has_candidates == 'true'
    runs-on: ubuntu-latest
    permissions:
@@ -361,47 +338,19 @@ jobs:
          install-bun: "true"
          install-deps: "true"

-      - name: Checkout ClawHub CLI source
-        uses: actions/checkout@v6
-        with:
-          persist-credentials: false
-          repository: ${{ env.CLAWHUB_REPOSITORY }}
-          ref: main
-          path: clawhub-source
-          fetch-depth: 0
+      - name: Verify package-local runtime build
+        run: node scripts/check-plugin-npm-runtime-builds.mjs --package "${{ matrix.plugin.packageDir }}"

-      - name: Checkout pinned ClawHub CLI revision
-        working-directory: clawhub-source
-        env:
-          CLAWHUB_REF: ${{ env.CLAWHUB_REF }}
-        run: git checkout --detach "${CLAWHUB_REF}"
-
-      - name: Install ClawHub CLI dependencies
-        working-directory: clawhub-source
+      - name: Install pinned ClawHub CLI wrapper
        run: |
          set -euo pipefail
-          for attempt in 1 2 3; do
-            if bun install --frozen-lockfile; then
-              exit 0
-            fi
-            status="$?"
-            if [[ "${attempt}" == "3" ]]; then
-              exit "${status}"
-            fi
-            echo "bun install failed while preparing ClawHub CLI; retrying (${attempt}/3)."
-            rm -rf node_modules "${RUNNER_TEMP}/bun-install-cache" || true
-            sleep $((attempt * 15))
-          done
-
-      - name: Bootstrap ClawHub CLI
-        run: |
-          cat > "$RUNNER_TEMP/clawhub" <<'EOF'
+          cat > "${RUNNER_TEMP}/clawhub" <<'EOF'
          #!/usr/bin/env bash
          set -euo pipefail
-          exec bun "$GITHUB_WORKSPACE/clawhub-source/packages/clawhub/src/cli.ts" "$@"
+          exec npm exec --yes --package "${CLAWHUB_CLI_PACKAGE}" -- clawhub "$@"
          EOF
-          chmod +x "$RUNNER_TEMP/clawhub"
-          echo "$RUNNER_TEMP" >> "$GITHUB_PATH"
+          chmod +x "${RUNNER_TEMP}/clawhub"
+          echo "${RUNNER_TEMP}" >> "${GITHUB_PATH}"

      - name: Pack ClawHub package artifact
        env:
@@ -422,19 +371,23 @@ jobs:
          if-no-files-found: error
          retention-days: 7

-  approve_plugin_clawhub_release:
+  approve_plugins_clawhub_release:
    needs: [preview_plugins_clawhub, pack_plugins_clawhub_artifacts]
-    if: github.event_name == 'workflow_dispatch' && inputs.dry_run != true && needs.preview_plugins_clawhub.outputs.has_candidates == 'true'
+    if: always() && github.event_name == 'workflow_dispatch' && inputs.dry_run != true && needs.preview_plugins_clawhub.outputs.has_candidates == 'true' && needs.pack_plugins_clawhub_artifacts.result == 'success'
    runs-on: ubuntu-latest
    environment: clawhub-plugin-release
-    permissions: {}
+    permissions:
+      contents: read
    steps:
-      - name: Approve ClawHub package publish
-        run: echo "ClawHub package publish approved."
+      - name: Approve Plugin ClawHub release publish
+        run: |
+          echo "Approved CLAW-277 03 - Split OpenClaw plugin ClawHub publishing into OIDC release and token bootstrap workflows release publish gate."

  publish_plugins_clawhub:
-    needs: [preview_plugins_clawhub, pack_plugins_clawhub_artifacts, approve_plugin_clawhub_release]
-    if: always() && github.event_name == 'workflow_dispatch' && needs.preview_plugins_clawhub.outputs.has_candidates == 'true' && needs.pack_plugins_clawhub_artifacts.result == 'success' && (inputs.dry_run == true || needs.approve_plugin_clawhub_release.result == 'success')
+    needs:
+      [preview_plugins_clawhub, pack_plugins_clawhub_artifacts, approve_plugins_clawhub_release]
+    if: always() && github.event_name == 'workflow_dispatch' && needs.preview_plugins_clawhub.outputs.has_candidates == 'true' && needs.pack_plugins_clawhub_artifacts.result == 'success' && (inputs.dry_run == true || needs.approve_plugins_clawhub_release.result == 'success')
+    uses: openclaw/clawhub/.github/workflows/package-publish.yml@9d49df109d4ad3dc8a6ecf05d26b39f46d294721
    permissions:
      actions: read
      contents: read
@@ -444,19 +397,18 @@ jobs:
      max-parallel: 32
      matrix:
        plugin: ${{ fromJson(needs.preview_plugins_clawhub.outputs.matrix) }}
-    uses: openclaw/clawhub/.github/workflows/package-publish.yml@c9bb13023598dcc547fdf4a93b9d42512b8c8854
    with:
-      dry_run: ${{ inputs.dry_run }}
-      json: true
      package_artifact_name: ${{ matrix.plugin.artifactName }}
+      dry_run: ${{ inputs.dry_run }}
      registry: https://clawhub.ai
      site: https://clawhub.ai
+      tags: ${{ matrix.plugin.publishTag }}
      source_repo: ${{ github.repository }}
      source_commit: ${{ needs.preview_plugins_clawhub.outputs.ref_revision }}
      source_ref: ${{ github.ref }}
-      tags: ${{ matrix.plugin.publishTag }}
-    secrets:
-      clawhub_token: ${{ secrets.CLAWHUB_TOKEN }}
+      source_path: ${{ matrix.plugin.packageDir }}
+      inspector_artifact_name: ${{ matrix.plugin.artifactName }}-inspector
+      publish_json_artifact_name: ${{ matrix.plugin.artifactName }}-publish-json

  verify_published_clawhub_package:
    needs: [preview_plugins_clawhub, publish_plugins_clawhub]
--- a/.github/workflows/plugin-npm-release.yml
+++ b/.github/workflows/plugin-npm-release.yml
@@ -288,6 +288,7 @@ jobs:
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          OPENCLAW_NPM_PUBLISH_AUTH_MODE: trusted-publisher
        run: bash scripts/plugin-npm-publish.sh --publish "${{ matrix.plugin.packageDir }}"

      - name: Verify published runtime
--- a/12
+++ b/12
@@ -116,11 +116,19 @@ RUN pnpm_config_verify_deps_before_run=false pnpm canvas:a2ui:bundle || \
     echo "/* A2UI bundle unavailable in this build */" > extensions/canvas/src/host/a2ui/a2ui.bundle.js && \
     echo "stub" > extensions/canvas/src/host/a2ui/.bundle.hash && \
     rm -rf vendor/a2ui apps/shared/OpenClawKit/Tools/CanvasA2UI)
-RUN NODE_OPTIONS=--max-old-space-size=8192 pnpm_config_verify_deps_before_run=false pnpm build:docker
+RUN if printf '%s\n' "$OPENCLAW_EXTENSIONS" | tr ',' ' ' | tr ' ' '\n' | grep -qx 'qa-lab'; then \
+      export OPENCLAW_BUILD_PRIVATE_QA=1 OPENCLAW_ENABLE_PRIVATE_QA_CLI=1; \
+    fi && \
+    NODE_OPTIONS=--max-old-space-size=8192 pnpm_config_verify_deps_before_run=false pnpm build:docker
 # Force pnpm for UI build (Bun may fail on ARM/Synology architectures)
 ENV OPENCLAW_PREFER_PNPM=1
 RUN pnpm_config_verify_deps_before_run=false pnpm ui:build
-RUN pnpm_config_verify_deps_before_run=false pnpm qa:lab:build
+RUN if printf '%s\n' "$OPENCLAW_EXTENSIONS" | tr ',' ' ' | tr ' ' '\n' | grep -qx 'qa-lab'; then \
+      pnpm_config_verify_deps_before_run=false pnpm qa:lab:build && \
+      mkdir -p dist/extensions/qa-lab/web && \
+      rm -rf dist/extensions/qa-lab/web/dist && \
+      cp -R extensions/qa-lab/web/dist dist/extensions/qa-lab/web/dist; \
+    fi

 # Prune dev dependencies, omitted plugin runtime packages, and build-only
 # metadata before copying runtime assets into the final image.
--- a/docs/.generated/plugin-sdk-api-baseline.sha256
+++ b/docs/.generated/plugin-sdk-api-baseline.sha256
@@ -1,2 +1,2 @@
-8a2769df428906990ee0d1bf8b0423f2a099b053c64c816d092ff84d61e11633  plugin-sdk-api-baseline.json
-28b798973f3fb2a5b33ccbb6e3c1ac0453fa234a3a1c6cdc27935c27639bd104  plugin-sdk-api-baseline.jsonl
+0cca9891634edbdd08dfcebe0f29b36d7cf2729fd0c2ec3dd4615acef209a7eb  plugin-sdk-api-baseline.json
+2c763baab30411800b8931857e0a61e2710202394c2284f4c98e3e2f4231f88c  plugin-sdk-api-baseline.jsonl
--- a/docs/channels/groups.md
+++ b/docs/channels/groups.md
@@ -586,7 +586,7 @@ Group inbound payloads set:
 - `WasMentioned` (mention gating result)
 - Telegram forum topics also include `MessageThreadId` and `IsForum`.

-The agent system prompt includes a group intro on the first turn of a new group session. It reminds the model to respond like a human, avoid Markdown tables, minimize empty lines and follow normal chat spacing, and avoid typing literal `\n` sequences. Channel-sourced group names and participant labels are rendered as fenced untrusted metadata, not inline system instructions.
+The agent system prompt includes a group intro on the first turn of a new group session. It reminds the model to respond like a human, minimize empty lines and follow normal chat spacing, and avoid typing literal `\n` sequences. Non-Telegram groups also discourage Markdown tables; Telegram rich-text guidance comes from the Telegram channel prompt. Channel-sourced group names and participant labels are rendered as fenced untrusted metadata, not inline system instructions.

 ## iMessage specifics

--- a/docs/channels/telegram.md
+++ b/docs/channels/telegram.md
@@ -311,7 +311,6 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"

    - direct chats: preview message + `editMessageText`
    - groups/topics: preview message + `editMessageText`
-    - direct-chat tool progress: optional native `sendMessageDraft` status preview when enabled and supported

    Requirement:

@@ -320,29 +319,10 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
    - `streaming.preview.toolProgress` controls whether tool/progress updates reuse the same edited preview message (default: `true` when preview streaming is active)
    - `streaming.preview.commandText` controls command/exec detail inside those tool-progress lines: `raw` (default, preserves released behavior) or `status` (tool label only)
    - `streaming.progress.commentary` (default: `false`) opts into assistant commentary/preamble text in the temporary progress draft
-    - legacy `channels.telegram.streamMode` and boolean `streaming` values are detected; run `openclaw doctor --fix` to migrate them to `channels.telegram.streaming.mode`
+    - legacy `channels.telegram.streamMode`, boolean `streaming` values, and retired native draft preview keys are detected; run `openclaw doctor --fix` to migrate them to current streaming config

    Tool-progress preview updates are the short status lines shown while tools run, for example command execution, file reads, planning updates, patch summaries, or Codex preamble/commentary text in Codex app-server mode. Telegram keeps these enabled by default to match released OpenClaw behavior from `v2026.4.22` and later.

-    Direct chats can use native Telegram drafts for these tool-progress lines without persisting tool chatter into chat history. Native drafts stop before answer text starts; final answers stay on the normal persistent delivery path. This lane is off by default and should be gated to trusted DM IDs first:
-
-    ```json
-    {
-      "channels": {
-        "telegram": {
-          "streaming": {
-            "mode": "partial",
-            "preview": {
-              "toolProgress": true,
-              "nativeToolProgress": true,
-              "nativeToolProgressAllowFrom": ["123456789"]
-            }
-          }
-        }
-      }
-    }
-    ```
-
    To keep the edited preview for answer text but hide tool-progress lines, set:

    ```json
@@ -420,14 +400,16 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"

  </Accordion>

-  <Accordion title="Formatting and HTML fallback">
-    Outbound text uses Telegram `parse_mode: "HTML"`.
+  <Accordion title="Rich message formatting">
+    Outbound text uses Telegram rich messages.

-    - Markdown-ish text is rendered to Telegram-safe HTML.
-    - Supported Telegram HTML tags are preserved; unsupported HTML is escaped.
-    - If Telegram rejects parsed HTML, OpenClaw retries as plain text.
+    - Markdown text is sent as rich Markdown without converting it to HTML.
+    - Explicit HTML payloads are sent as rich HTML.
+    - Media captions still use Telegram HTML captions because rich messages do not replace captions.

-    Link previews are enabled by default and can be disabled with `channels.telegram.linkPreview: false`.
+    Long rich text is split automatically across Telegram's rich text and rich block limits. Tables over Telegram's column limit are sent as code blocks.
+
+    Link previews are enabled by default. `channels.telegram.linkPreview: false` skips automatic entity detection for rich text.

  </Accordion>

--- a/docs/ci.md
+++ b/docs/ci.md
@@ -183,7 +183,7 @@ The workflow installs OCM from a pinned release and Kova from `openclaw/Kova` at
 - `mock-deep-profile`: CPU/heap/trace profiling for startup, gateway, and agent-turn hotspots.
 - `live-openai-candidate`: a real OpenAI `openai/gpt-5.5` agent turn, skipped when `OPENAI_API_KEY` is unavailable.

-The mock-provider lane also runs OpenClaw-native source probes after the Kova pass: gateway boot timing and memory across default, hook, and 50-plugin startup cases; bundled plugin import RSS, repeated mock-OpenAI `channel-chat-baseline` hello loops, and CLI startup commands against the booted gateway. When the previous published mock-provider source report is available for the tested ref, the source summary compares current RSS and heap values against that baseline and marks large RSS increases as `watch`. The source probe Markdown summary lives at `source/index.md` in the report bundle, with raw JSON beside it.
+The mock-provider lane also runs OpenClaw-native source probes after the Kova pass: gateway boot timing and memory across default, hook, and 50-plugin startup cases; bundled plugin import RSS, repeated mock-OpenAI `channel-chat-baseline` hello loops, CLI startup commands against the booted gateway, and the SQLite state smoke performance probe. When the previous published mock-provider source report is available for the tested ref, the source summary compares current RSS and heap values against that baseline and marks large RSS increases as `watch`. The source probe Markdown summary lives at `source/index.md` in the report bundle, with raw JSON beside it.

 Every lane uploads GitHub artifacts. When `CLAWGRIT_REPORTS_TOKEN` is configured, the workflow also commits `report.json`, `report.md`, bundles, `index.md`, and source-probe artifacts into `openclaw/clawgrit-reports` under `openclaw-performance/<tested-ref>/<run-id>-<attempt>/<lane>/`. The current tested-ref pointer is written as `openclaw-performance/<tested-ref>/latest-<lane>.json`.

--- a/docs/cli/wiki.md
+++ b/docs/cli/wiki.md
@@ -35,6 +35,7 @@ openclaw wiki status
 openclaw wiki doctor
 openclaw wiki init
 openclaw wiki ingest ./notes/alpha.md
+openclaw wiki okf import ./knowledge-catalog/okf/bundles/ga4
 openclaw wiki compile
 openclaw wiki lint
 openclaw wiki search "alpha"
@@ -104,6 +105,31 @@ Notes:
 - imported source pages keep provenance in frontmatter
 - auto-compile can run after ingest when enabled

+### `wiki okf import <path>`
+
+Import an unpacked Open Knowledge Format bundle into wiki concept pages.
+
+The importer reads every non-reserved `.md` concept document in the OKF
+directory tree, requires a non-empty `type` field, and treats unknown OKF
+`type` values as generic concepts. Reserved OKF `index.md` and `log.md` files
+are not imported as concepts.
+
+Imported pages are flattened under `concepts/` so existing wiki compile,
+search, get, digest, and dashboard flows see them immediately. The original OKF
+concept ID, `type`, `resource`, `tags`, timestamp, source path, and full
+frontmatter are preserved in the page frontmatter. Internal OKF markdown links
+are rewritten to the generated wiki pages; broken or external links are left
+unchanged.
+
+Examples:
+
+```bash
+openclaw wiki okf import ./bundles/ga4
+openclaw wiki okf import ./bundles/ga4 --json
+openclaw wiki search "BigQuery Table" --mode source-evidence --json
+openclaw wiki get <path-from-json-result>
+```
+
 ### `wiki compile`

 Rebuild indexes, related blocks, dashboards, and compiled digests.
@@ -233,6 +259,8 @@ These require the official `obsidian` CLI on `PATH` when
 - Use `wiki lint` before trusting contradictory or low-confidence content.
 - Use `wiki compile` after bulk imports or source changes when you want fresh
  dashboards and compiled digests immediately.
+- Use `wiki okf import` when a data catalog, documentation export, or agent
+  enrichment pipeline already emits OKF markdown bundles.
 - Use `wiki bridge import` when bridge mode depends on newly exported memory
  artifacts.

--- a/docs/concepts/model-providers.md
+++ b/docs/concepts/model-providers.md
@@ -368,6 +368,7 @@ Kimi K2 model IDs:
 [//]: # "moonshot-kimi-k2-model-refs:start"

 - `moonshot/kimi-k2.6`
+- `moonshot/kimi-k2.7-code`
 - `moonshot/kimi-k2.5`
 - `moonshot/kimi-k2-thinking`
 - `moonshot/kimi-k2-thinking-turbo`
--- a/docs/concepts/qa-e2e-automation.md
+++ b/docs/concepts/qa-e2e-automation.md
@@ -374,7 +374,7 @@ The implicit default set always covers canary, mention gating, native command re
 Output artifacts:

 - `telegram-qa-report.md`
- `telegram-qa-summary.json` - includes per-reply RTT (driver send → observed SUT reply) starting with the canary.
+- `qa-evidence.json` - evidence entries for the live transport checks, including profile, coverage, provider, channel, artifacts, result, and RTT fields.
 - `telegram-qa-observed-messages.json` - bodies redacted unless `OPENCLAW_QA_TELEGRAM_CAPTURE_CONTENT=1`.

 Package RTT comparison uses the same Telegram credential contract while keeping
@@ -447,7 +447,7 @@ pnpm openclaw qa discord \
 Output artifacts:

 - `discord-qa-report.md`
- `discord-qa-summary.json`
+- `qa-evidence.json` - evidence entries for the live transport checks.
 - `discord-qa-observed-messages.json` - bodies redacted unless `OPENCLAW_QA_DISCORD_CAPTURE_CONTENT=1`.
 - `discord-qa-reaction-timelines.json` and `discord-status-reactions-tool-only-timeline.png` when the status-reaction scenario runs.

@@ -495,7 +495,7 @@ Scenarios (`extensions/qa-lab/src/live-transports/slack/slack-live.runtime.ts`):
 Output artifacts:

 - `slack-qa-report.md`
- `slack-qa-summary.json`
+- `qa-evidence.json` - evidence entries for the live transport checks.
 - `slack-qa-observed-messages.json` - bodies redacted unless `OPENCLAW_QA_SLACK_CAPTURE_CONTENT=1`.
 - `approval-checkpoints/` - only when Mantis sets
  `OPENCLAW_QA_SLACK_APPROVAL_CHECKPOINT_DIR`; contains checkpoint JSON,
@@ -740,7 +740,7 @@ poll and upload-file coverage run through deterministic gateway `poll` and
 Output artifacts:

 - `whatsapp-qa-report.md`
- `whatsapp-qa-summary.json`
+- `qa-evidence.json` - evidence entries for the live transport checks.
 - `whatsapp-qa-observed-messages.json` - bodies redacted unless `OPENCLAW_QA_WHATSAPP_CAPTURE_CONTENT=1`.

 ### Convex credential pool
@@ -787,9 +787,10 @@ the source of truth for one test run and should define:
 - docs and code refs
 - optional plugin requirements
 - optional gateway config patch
- the executable `qa-flow`
+- an executable `qa-flow` block for flow scenarios, or `execution.kind`/`execution.path`
+  for Vitest and Playwright scenarios

-The reusable runtime surface that backs `qa-flow` is allowed to stay generic
+The reusable runtime surface that backs `qa-flow` blocks is allowed to stay generic
 and cross-cutting. For example, markdown scenarios can combine transport-side
 helpers with browser-side helpers that drive the embedded Control UI through the
 Gateway `browser.request` seam without adding a special-case runner.
@@ -915,6 +916,7 @@ The report should answer:
 For the inventory of available scenarios - useful when sizing follow-up work or wiring a new transport - run `pnpm openclaw qa coverage` (add `--json` for machine-readable output).
 When choosing focused proof for a touched behavior or file path, run `pnpm openclaw qa coverage --match <query>`.
 The match report searches scenario metadata, docs refs, code refs, coverage IDs, plugins, and provider requirements, then prints matching `qa suite --scenario ...` targets.
+Every `qa suite` scenario execution writes a `qa-evidence.json` artifact. Flow scenarios also write `qa-suite-summary.json` for existing suite/report tooling; scenarios that declare `execution.kind: vitest` or `execution.kind: playwright` run the matching test path and write `qa-vitest-report.md` or `qa-playwright-report.md` plus per-scenario logs.
 Treat it as a discovery aid, not a gate replacement; the selected scenario still needs the right provider mode, live transport, Multipass, Testbox, or release lane for the behavior under test.

 For character and style checks, run the same scenario across multiple live model
--- a/docs/concepts/usage-tracking.md
+++ b/docs/concepts/usage-tracking.md
@@ -30,6 +30,201 @@ title: "Usage tracking"
 - CLI: `openclaw channels list` prints the same usage snapshot alongside provider config (use `--no-usage` to skip).
 - macOS menu bar: "Usage" section under Context (only if available).

+## Custom `/usage full` footer
+
+`/usage full` shows a built-in compact footer with model, reasoning, fast/slow,
+context window, turn tokens, cache, and cost when those fields are available. No
+template file is required.
+
+`messages.usageTemplate` is only for advanced custom layouts. The value is a
+JSON file path (supports `~`) or an inline object, and it replaces the built-in
+footer when valid:
+
+```json
+{
+  "messages": {
+    "usageTemplate": "~/.openclaw/usage-footer.json"
+  }
+}
+```
+
+Missing or empty templates fall back to the built-in footer quietly. Unreadable
+or invalid configured templates also fall back to the built-in footer and emit an
+operator warning.
+
+Start custom templates from the built-in shape, then edit the parts you want to
+change:
+
+```jsonc
+{
+  "schema": "openclaw.usageBar.v1",
+  "scales": {
+    "braille": "⠐⡀⡄⡆⡇⣇⣧⣷⣿",
+    "block": "░▏▎▍▌▋▊▉█",
+    "shade": "░▒▓█",
+    "moon": "🌑🌘🌗🌖🌕",
+    "level": "▁▂▃▄▅▆▇█",
+    "weather": ["🥶", "☁️", "🌥", "⛅️", "🌤", "☀️"],
+    "plants": ["🪾", "🍂", "🌱", "☘️", "🍀", "🌿"],
+    "moons6": ["🌑", "🌚", "🌘", "🌗", "🌖", "🌝"],
+  },
+  "aliases": {
+    "models": {
+      "claude-opus-4-6": "opus46",
+      "claude-opus-4-8": "opus48",
+      "claude-sonnet-4-6": "sonnet46",
+      "claude-haiku-4-5": "haiku45",
+      "gpt-5.5": "gpt5.5",
+    },
+    "reasoning": {
+      "off": "🌑",
+      "minimal": "🌚",
+      "low": "🌘",
+      "medium": "🌗",
+      "high": "🌕",
+      "xhigh": "🌝",
+    },
+  },
+  "output": {
+    "sep": "",
+    "default": [
+      { "text": "{model.provider}{identity.emoji|🤖} {model.display_name|alias:models}" },
+      { "map": "model.is_fallback", "cases": { "true": " 🔄" } },
+      { "map": "model.is_override", "cases": { "true": " 📌" } },
+      { "when": "model.reasoning", "text": " {model.reasoning|alias:reasoning}" },
+      { "map": "state.fast_mode", "cases": { "true": " ⚡", "false": " 🐌" } },
+      {
+        "when": "context.max_tokens",
+        "text": " | 📚 [{context.pct_used|meter:5:braille}]{context.max_tokens|num}",
+      },
+      {
+        "when": "usage.has_split_tokens",
+        "text": " ↕️ {usage.input_tokens|num|?}/{usage.output_tokens|num|?}",
+      },
+      { "when": "usage.has_total_only_tokens", "text": " ↕️ {usage.total_tokens|num}" },
+      { "when": "usage.cache_hit_pct", "text": " 🗄 {usage.cache_hit_pct|pct}" },
+      { "when": "cost.turn_usd", "text": " 💰{cost.turn_usd|fixed:4}" },
+    ],
+    "surfaces": {
+      "discord": [
+        { "text": "-# -\n" },
+        { "text": "-# {model.provider}{identity.emoji|🤖} {model.display_name|alias:models}" },
+        { "map": "model.is_fallback", "cases": { "true": "🔄" } },
+        { "map": "model.is_override", "cases": { "true": "📌" } },
+        { "when": "model.reasoning", "text": " {model.reasoning|alias:reasoning}" },
+        { "map": "state.fast_mode", "cases": { "true": " ⚡️", "false": " 🐌" } },
+        {
+          "when": "context.max_tokens",
+          "text": " | 📚 [{context.pct_used|meter:5:braille}]{context.max_tokens|num}",
+        },
+        {
+          "when": "usage.has_split_tokens",
+          "text": " ↕️ {usage.input_tokens|num|?}/{usage.output_tokens|num|?}",
+        },
+        { "when": "usage.has_total_only_tokens", "text": " ↕️ {usage.total_tokens|num}" },
+        { "when": "usage.cache_hit_pct", "text": " 🗄 {usage.cache_hit_pct|pct}" },
+        { "when": "cost.turn_usd", "text": " 💰{cost.turn_usd|fixed:4}" },
+      ],
+    },
+  },
+}
+```
+
+### Shape
+
+```jsonc
+{
+  "schema": "openclaw.usageBar.v1",
+  "scales": { "<name>": "low-to-high glyphs" }, // string (1 glyph/char) or array
+  "aliases": { "<table>": { "<value>": "<label>" } },
+  "output": {
+    "sep": "", // joins surviving pieces
+    "default": [
+      /* pieces */
+    ], // fallback for any surface
+    "surfaces": {
+      "discord": [
+        /* pieces */
+      ],
+      "telegram": [
+        /* pieces */
+      ],
+    },
+  },
+}
+```
+
+Each surface is an ordered list of **pieces**; the engine renders each, drops
+empties, and joins survivors with `sep`. A surface with no entry uses
+`output.default`.
+
+### Contract Paths
+
+A piece reads values from the per-turn contract by dot-path. Absent values are
+empty (so a `when` guard or a `|fallback` keeps the piece clean).
+
+| Path                                                                                | Meaning                                |
+| ----------------------------------------------------------------------------------- | -------------------------------------- |
+| `surface`                                                                           | channel id (`discord`/`telegram`/etc.) |
+| `model.provider` / `model.display_name`                                             | provider id / model id                 |
+| `model.reasoning`                                                                   | effort (`off` through `xhigh`)         |
+| `model.is_fallback` / `model.is_override`                                           | bool: fallback used / model pinned     |
+| `state.fast_mode`                                                                   | bool: fast vs slow                     |
+| `context.max_tokens` / `context.pct_used`                                           | window budget / 0-100 used             |
+| `usage.input_tokens` / `usage.output_tokens` / `usage.total_tokens`                 | turn aggregate                         |
+| `usage.has_split_tokens` / `usage.has_total_only_tokens` / `usage.cache_hit_pct`    | token display guards and cache percent |
+| `usage.last.input_tokens` / `usage.last.output_tokens` / `usage.last.cache_hit_pct` | final model call only                  |
+| `cost.turn_usd`                                                                     | estimated turn cost                    |
+| `identity.name` / `identity.emoji`                                                  | agent name / chosen emoji              |
+
+(Provider rate-limit windows are **not** in this contract.)
+
+### Verbs
+
+Pipe a value through verbs left to right; a non-verb segment is the fallback.
+
+| Verb            | Effect                                | Example                           |
+| --------------- | ------------------------------------- | --------------------------------- |
+| `num`           | compact count                         | `272000 -> 272k`                  |
+| `fixed:N`       | N decimals (default 2)                | `0.0377`                          |
+| `dur`           | seconds to duration                   | `14820 -> 4h07m`                  |
+| `pct`           | append `%`                            | `96 -> 96%`                       |
+| `inv`           | `100 - x`                             | for used to remaining             |
+| `alias:TABLE`   | lookup in `aliases`, echo if unlisted | `medium -> 🌗`                    |
+| `meter:W:SCALE` | W-cell glyph bar over a 0-100 value   | `[⣿⣿⠐⠐⠐]` (`meter:1` = one glyph) |
+
+### Piece forms
+
+- `{ "text": "📚 {context.max_tokens|num}" }`: literal + interpolation.
+- `{ "when": "<path>", "text": "..." }`: render only if the path is truthy.
+- `{ "map": "<path>", "cases": { "true": "⚡", "false": "🐌" } }`: value to glyph.
+- `{ "each": "limits.windows", "item": "{label}" }`: iterate an array.
+
+### Example
+
+```jsonc
+{
+  "schema": "openclaw.usageBar.v1",
+  "scales": { "braille": "⠐⡀⡄⡆⡇⣇⣧⣷⣿" },
+  "aliases": { "reasoning": { "medium": "🌗", "high": "🌕" } },
+  "output": {
+    "surfaces": {
+      "discord": [
+        { "text": "{model.display_name}" },
+        { "when": "model.reasoning", "text": " {model.reasoning|alias:reasoning}" },
+        { "map": "state.fast_mode", "cases": { "true": " ⚡", "false": " 🐌" } },
+        {
+          "when": "context.max_tokens",
+          "text": " | 📚 [{context.pct_used|meter:5:braille}]{context.max_tokens|num}",
+        },
+      ],
+    },
+  },
+}
+```
+
+renders e.g. `claude-sonnet-4-6 🌗 🐌 | 📚 [⣿⣿⣿⣿⣧]272k`.
+
 ## Providers + credentials

 - **Anthropic (Claude)**: OAuth tokens in auth profiles.
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -1374,9 +1374,7 @@
                "pages": [
                  "clawhub/cli",
                  "clawhub/publishing",
-                  "clawhub/plugin-validation-fixes",
                  "clawhub/skill-format",
-                  "clawhub/soul-format",
                  "clawhub/auth",
                  "clawhub/telemetry",
                  "clawhub/troubleshooting"
--- a/docs/gateway/config-tools.md
+++ b/docs/gateway/config-tools.md
@@ -339,7 +339,7 @@ Configures inbound media understanding (image/audio/video):

    - `capabilities`: optional list (`image`, `audio`, `video`). Defaults: `openai`/`anthropic`/`minimax` → image, `google` → image+audio+video, `groq` → audio.
    - `prompt`, `maxChars`, `maxBytes`, `timeoutSeconds`, `language`: per-entry overrides.
-    - `tools.media.image.timeoutSeconds` and matching image model `timeoutSeconds` entries also apply when the agent calls the explicit `image` tool.
+    - `tools.media.image.timeoutSeconds` and matching image model `timeoutSeconds` entries also apply when the agent calls the explicit `image` tool. For image understanding, this timeout applies to the request itself and is not reduced by earlier preparation work.
    - Failures fall back to the next entry.

    Provider auth follows standard order: `auth-profiles.json` → env vars → `models.providers.*.apiKey`.
--- a/docs/gateway/health.md
+++ b/docs/gateway/health.md
@@ -42,6 +42,21 @@ health commands above for live connectivity checks.
 - `channels.<provider>.accounts.<accountId>.healthMonitor.enabled`: multi-account override that wins over the channel-level setting.
 - These per-channel overrides apply to the built-in channel monitors that expose them today: Discord, Google Chat, iMessage, Microsoft Teams, Signal, Slack, Telegram, and WhatsApp.

+## Uptime monitoring
+
+External uptime monitoring services should use the dedicated `/health` endpoint, not `/v1/chat/completions`.
+
+- **DO use:** `GET /health` — instant response, no session created, no LLM call, returns `{"ok":true,"status":"live"}`
+- **DON'T use:** `/v1/chat/completions` for health checks — each request creates a full agent session with skill snapshot, context assembly, and LLM calls
+
+When no `x-openclaw-session-key` header or `user` field is provided, `/v1/chat/completions` generates a new random session for each request. Monitoring services that ping every 15 minutes create ~96 sessions/day, each consuming 4–22KB. Over time this causes session store bloat and can lead to context window overflow.
+
+### Monitoring service setup examples
+
+- **BetterStack:** Set health check URL to `https://<your-gateway-host>:<port>/health`
+- **UptimeRobot:** Add a new HTTP monitor with URL `https://<your-gateway-host>:<port>/health`
+- **Generic:** Any HTTP GET to `/health` returns 200 with `{"ok":true}` when the gateway is healthy
+
 ## When something fails

 - `logged out` or status 409–515 → relink with `openclaw channels logout` then `openclaw channels login`.
--- a/docs/gateway/openai-http-api.md
+++ b/docs/gateway/openai-http-api.md
@@ -75,6 +75,7 @@ Auth matrix:
  - honor `x-openclaw-scopes` when the header is present
  - fall back to the normal operator default scope set when the header is absent
  - only lose owner semantics when the caller explicitly narrows scopes and omits `operator.admin`
+  - require `operator.admin` for owner-level request controls such as `x-openclaw-model`

 See [Security](/gateway/security) and [Remote access](/gateway/remote).

@@ -96,7 +97,7 @@ OpenClaw treats the OpenAI `model` field as an **agent target**, not a raw provi

 Optional request headers:

- `x-openclaw-model: <provider/model-or-bare-id>` overrides the backend model for the selected agent.
+- `x-openclaw-model: <provider/model-or-bare-id>` overrides the backend model for the selected agent. Shared-secret bearer callers can use this header. Identity-bearing callers, such as trusted-proxy or private no-auth ingress requests with `x-openclaw-scopes`, need `operator.admin`; write-only callers get `403 missing scope: operator.admin`.
 - `x-openclaw-agent-id: <agentId>` remains supported as a compatibility override.
 - `x-openclaw-session-key: <sessionKey>` fully controls session routing.
 - `x-openclaw-message-channel: <channel>` sets the synthetic ingress channel context for channel-aware prompts and policies.
@@ -178,7 +179,7 @@ This is the highest-leverage compatibility set for self-hosted frontends and too

  </Accordion>
  <Accordion title="How do I override the backend model?">
-    Use `x-openclaw-model`.
+    Use `x-openclaw-model`. This is an owner-level override: it works with the Gateway shared-secret bearer token/password path, and it requires `operator.admin` on identity-bearing HTTP paths such as trusted proxy auth.

    Examples:
    `x-openclaw-model: openai/gpt-5.4`
@@ -191,7 +192,7 @@ This is the highest-leverage compatibility set for self-hosted frontends and too
    `/v1/embeddings` uses the same agent-target `model` ids.

    Use `model: "openclaw/default"` or `model: "openclaw/<agentId>"`.
-    When you need a specific embedding model, send it in `x-openclaw-model`.
+    When you need a specific embedding model, send it in `x-openclaw-model` from a shared-secret caller or an identity-bearing caller with `operator.admin`.
    Without that header, the request passes through to the selected agent's normal embedding setup.

  </Accordion>
@@ -285,7 +286,7 @@ Expected behavior:

 - `GET /v1/models` should list `openclaw/default`
 - Open WebUI should use `openclaw/default` as the chat model id
- If you want a specific backend provider/model for that agent, set the agent's normal default model or send `x-openclaw-model`
+- If you want a specific backend provider/model for that agent, set the agent's normal default model or send `x-openclaw-model` from a shared-secret caller or an identity-bearing caller with `operator.admin`

 Quick smoke:

@@ -370,7 +371,7 @@ Notes:

 - `/v1/models` returns OpenClaw agent targets, not raw provider catalogs.
 - `openclaw/default` is always present so one stable id works across environments.
- Backend provider/model overrides belong in `x-openclaw-model`, not the OpenAI `model` field.
+- Backend provider/model overrides belong in `x-openclaw-model`, not the OpenAI `model` field. On identity-bearing HTTP auth paths, this header requires `operator.admin`.
 - `/v1/embeddings` supports `input` as a string or array of strings.

 ## Related
--- a/docs/gateway/security/index.md
+++ b/docs/gateway/security/index.md
@@ -951,7 +951,7 @@ Important boundary note:
 - Treat credentials that can call `/v1/chat/completions`, `/v1/responses`, plugin routes such as `/api/v1/admin/rpc`, or `/api/channels/*` as full-access operator secrets for that gateway.
 - On the OpenAI-compatible HTTP surface, shared-secret bearer auth restores the full default operator scopes (`operator.admin`, `operator.approvals`, `operator.pairing`, `operator.read`, `operator.talk.secrets`, `operator.write`) and owner semantics for agent turns; narrower `x-openclaw-scopes` values do not reduce that shared-secret path.
 - Per-request scope semantics on HTTP only apply when the request comes from an identity-bearing mode such as trusted proxy auth, or from an explicitly no-auth private ingress.
- In those identity-bearing modes, omitting `x-openclaw-scopes` falls back to the normal operator default scope set; send the header explicitly when you want a narrower scope set.
+- In those identity-bearing modes, omitting `x-openclaw-scopes` falls back to the normal operator default scope set; send the header explicitly when you want a narrower scope set. Owner-level OpenAI-compatible headers such as `x-openclaw-model` require `operator.admin` when scopes are narrowed.
 - `/tools/invoke` and HTTP session history endpoints follow the same shared-secret rule: token/password bearer auth is treated as full operator access there too, while identity-bearing modes still honor declared scopes.
 - Do not share these credentials with untrusted callers; prefer separate gateways per trust boundary.

--- a/docs/platforms/windows.md
+++ b/docs/platforms/windows.md
@@ -18,11 +18,13 @@ most Linux-compatible Gateway runtime.
 Windows Hub is the native WinUI companion app for Windows 10 20H2+ and Windows 11. It installs without administrator privileges and is published with signed
 x64 and ARM64 installers on OpenClaw releases.

-Download the latest stable installer:
+Download the latest stable installer from the [OpenClaw releases page](https://github.com/openclaw/openclaw/releases):

- [OpenClawCompanion-Setup-x64.exe](https://github.com/openclaw/openclaw/releases/latest/download/OpenClawCompanion-Setup-x64.exe)
- [OpenClawCompanion-Setup-arm64.exe](https://github.com/openclaw/openclaw/releases/latest/download/OpenClawCompanion-Setup-arm64.exe)
- [Checksums](https://github.com/openclaw/openclaw/releases/latest/download/OpenClawCompanion-SHA256SUMS.txt)
+- [OpenClawCompanion-Setup-x64.exe](https://github.com/openclaw/openclaw/releases/download/v2026.6.5/OpenClawCompanion-Setup-x64.exe)
+- [OpenClawCompanion-Setup-arm64.exe](https://github.com/openclaw/openclaw/releases/download/v2026.6.5/OpenClawCompanion-Setup-arm64.exe)
+- [Checksums](https://github.com/openclaw/openclaw/releases/download/v2026.6.5/OpenClawCompanion-SHA256SUMS.txt)
+
+If a download link above returns a 404, visit the [releases page](https://github.com/openclaw/openclaw/releases) and look for the `OpenClawCompanion-Setup-*` assets on the latest release.

 After install, launch **OpenClaw Companion** from the Start menu or the system
 tray. The installer also adds shortcuts for Gateway Setup, Chat, Settings,
--- a/docs/plugins/cli-backend-plugins.md
+++ b/docs/plugins/cli-backend-plugins.md
@@ -197,22 +197,30 @@ only for behavior that really belongs to the backend.

 `CliBackendPlugin` can also define:

-| Hook                               | Use                                                    |
-| ---------------------------------- | ------------------------------------------------------ |
-| `normalizeConfig(config, context)` | Rewrite legacy user config after merge                 |
-| `resolveExecutionArgs(ctx)`        | Add request-scoped flags such as thinking effort       |
-| `prepareExecution(ctx)`            | Create temporary auth or config bridges before launch  |
-| `transformSystemPrompt(ctx)`       | Apply a final CLI-specific system prompt transform     |
-| `textTransforms`                   | Bidirectional prompt/output replacements               |
-| `defaultAuthProfileId`             | Prefer a specific OpenClaw auth profile                |
-| `authEpochMode`                    | Decide how auth changes invalidate stored CLI sessions |
-| `nativeToolMode`                   | Declare whether the CLI has always-on native tools     |
-| `bundleMcp` / `bundleMcpMode`      | Opt into OpenClaw's loopback MCP tool bridge           |
-| `ownsNativeCompaction`             | Backend owns its own compaction - OpenClaw defers      |
+| Hook                               | Use                                                                         |
+| ---------------------------------- | --------------------------------------------------------------------------- |
+| `normalizeConfig(config, context)` | Rewrite legacy user config after merge                                      |
+| `resolveExecutionArgs(ctx)`        | Add request-scoped flags such as thinking effort or side-question isolation |
+| `prepareExecution(ctx)`            | Create temporary auth or config bridges before launch                       |
+| `transformSystemPrompt(ctx)`       | Apply a final CLI-specific system prompt transform                          |
+| `textTransforms`                   | Bidirectional prompt/output replacements                                    |
+| `defaultAuthProfileId`             | Prefer a specific OpenClaw auth profile                                     |
+| `authEpochMode`                    | Decide how auth changes invalidate stored CLI sessions                      |
+| `nativeToolMode`                   | Declare whether the CLI has always-on native tools                          |
+| `sideQuestionToolMode`             | Declare disabled native tools for `/btw` side questions                     |
+| `bundleMcp` / `bundleMcpMode`      | Opt into OpenClaw's loopback MCP tool bridge                                |
+| `ownsNativeCompaction`             | Backend owns its own compaction - OpenClaw defers                           |

 Keep these hooks provider-owned. Do not add CLI-specific branches to core when a
 backend hook can express the behavior.

+`ctx.executionMode` is `"agent"` for normal turns and `"side-question"` for
+ephemeral `/btw` calls. Use it when the CLI needs different one-shot flags, such
+as disabling native tools, session persistence, or resume behavior for BTW. If a
+backend normally has `nativeToolMode: "always-on"` but its side-question argv
+reliably disables those tools, also set `sideQuestionToolMode: "disabled"`;
+otherwise OpenClaw fails closed when BTW requires a no-tools CLI run.
+
 ### `ownsNativeCompaction`: opting out of OpenClaw compaction

 If your backend runs an agent that compacts its **own** transcript, set
--- a/docs/plugins/codex-harness-reference.md
+++ b/docs/plugins/codex-harness-reference.md
@@ -313,9 +313,13 @@ available timeout in this order:
 - For `image_generate` without a configured timeout, the 120 second
  image-generation default.
 - For the media-understanding `image` tool, `tools.media.image.timeoutSeconds`
-  converted to milliseconds, or the 60 second media default.
+  converted to milliseconds, or the 60 second media default. For image
+  understanding, this applies to the request itself and is not reduced by
+  earlier preparation work.
 - The 90 second dynamic-tool default.

+This watchdog is the outer dynamic `item/tool/call` budget. Provider-specific
+request timeouts run inside that call and keep their own timeout semantics.
 Dynamic tool budgets are capped at 600000 ms. On timeout, OpenClaw aborts the
 tool signal where supported and returns a failed dynamic-tool response to Codex
 so the turn can continue instead of leaving the session in `processing`.
--- a/docs/plugins/codex-harness.md
+++ b/docs/plugins/codex-harness.md
@@ -557,10 +557,14 @@ or shortens that specific tool budget. The `image_generate` tool uses
 `agents.defaults.imageGenerationModel.timeoutMs` when the tool call does not
 provide its own timeout, or a 120 second image-generation default otherwise.
 The media-understanding `image` tool uses
-`tools.media.image.timeoutSeconds` or its 60 second media default. Dynamic tool
-budgets are capped at 600000 ms. On timeout, OpenClaw aborts the tool signal
+`tools.media.image.timeoutSeconds` or its 60 second media default. For image
+understanding, that timeout applies to the request itself and is not
+reduced by earlier preparation work. Dynamic tool budgets are
+capped at 600000 ms. On timeout, OpenClaw aborts the tool signal
 where supported and returns a failed dynamic-tool response to Codex so the turn
 can continue instead of leaving the session in `processing`.
+This watchdog is the outer dynamic `item/tool/call` budget; provider-specific
+request timeouts run inside that call and keep their own timeout semantics.

 After Codex accepts a turn, and after OpenClaw responds to a turn-scoped
 app-server request, the harness expects Codex to make current-turn progress and
--- a/docs/plugins/hooks.md
+++ b/docs/plugins/hooks.md
@@ -425,6 +425,10 @@ even when the channel payload has no visible text/caption. Rewriting that
 `content` updates the hook-visible transcript only; it is not rendered as a
 media caption.

+`reply_payload_sending` events may include `usageState`, a best-effort live
+per-turn model/usage/context snapshot. Durable delivery, recovered replay, and
+replies without exact run correlation omit it.
+
 Message hook contexts expose stable correlation fields when available:
 `ctx.sessionKey`, `ctx.runId`, `ctx.messageId`, `ctx.senderId`, `ctx.trace`,
 `ctx.traceId`, `ctx.spanId`, `ctx.parentSpanId`, and `ctx.callDepth`. Inbound
--- a/docs/plugins/memory-wiki.md
+++ b/docs/plugins/memory-wiki.md
@@ -25,6 +25,7 @@ less like a pile of Markdown files.
 - Page-level provenance, confidence, contradictions, and open questions
 - Compiled digests for agent/runtime consumers
 - Wiki-native search/get/apply/lint tools
+- Open Knowledge Format imports into compiled wiki concepts
 - Optional bridge mode that imports public artifacts from the active memory plugin
 - Optional Obsidian-friendly render mode and CLI integration

@@ -135,6 +136,34 @@ The main page groups are:
 - `syntheses/` for compiled summaries and maintained rollups
 - `reports/` for generated dashboards

+## Open Knowledge Format imports
+
+`memory-wiki` can import unpacked Open Knowledge Format bundles with:
+
+```bash
+openclaw wiki okf import ./bundles/ga4
+```
+
+This is the cleanest fit when a data catalog, documentation crawler, or
+enrichment agent already produces OKF: keep OKF as the portable exchange
+artifact, then let `memory-wiki` turn it into OpenClaw-native concept pages and
+compiled digests.
+
+The importer follows the OKF v0.1 shape:
+
+- non-reserved `.md` files are concept documents
+- each imported concept needs a non-empty `type` frontmatter field
+- unknown OKF `type` values are accepted
+- reserved `index.md` and `log.md` files are not imported as concepts
+- broken or external markdown links are preserved
+
+Imported concept pages are flattened under `concepts/` so the existing compile,
+search, get, dashboard, and prompt-digest paths see them without adding a second
+wiki tree. Each page keeps the original OKF concept ID, source path, `type`,
+`resource`, `tags`, timestamp, and full producer frontmatter. Internal OKF links
+are rewritten to the generated wiki concept pages and also emitted as structured
+`relationships` entries with `kind: okf-link`.
+
 ## Structured claims and evidence

 Pages can carry structured `claims` frontmatter, not just freeform text.
--- a/docs/plugins/sdk-overview.md
+++ b/docs/plugins/sdk-overview.md
@@ -378,7 +378,10 @@ AI CLI backend such as `claude-cli` or `my-cli`.
  (for example normalizing old flag shapes).
 - Use `resolveExecutionArgs` for request-scoped argv rewrites that belong to
  the CLI dialect, such as mapping OpenClaw thinking levels to a native effort
-  flag.
+  flag. The hook receives `ctx.executionMode`; use `"side-question"` to add
+  backend-native isolation flags for ephemeral `/btw` calls. If those flags
+  reliably disable native tools for an otherwise always-on CLI, declare
+  `sideQuestionToolMode: "disabled"` too.

 For an end-to-end authoring guide, see
 [CLI backend plugins](/plugins/cli-backend-plugins).
--- a/docs/providers/moonshot.md
+++ b/docs/providers/moonshot.md
@@ -22,6 +22,7 @@ Moonshot and Kimi Coding are **separate providers**. Keys are not interchangeabl
 | Model ref                         | Name                   | Reasoning | Input       | Context | Max output |
 | --------------------------------- | ---------------------- | --------- | ----------- | ------- | ---------- |
 | `moonshot/kimi-k2.6`              | Kimi K2.6              | No        | text, image | 262,144 | 262,144    |
+| `moonshot/kimi-k2.7-code`         | Kimi K2.7 Code         | Always on | text, image | 262,144 | 262,144    |
 | `moonshot/kimi-k2.5`              | Kimi K2.5              | No        | text, image | 262,144 | 262,144    |
 | `moonshot/kimi-k2-thinking`       | Kimi K2 Thinking       | Yes       | text        | 262,144 | 262,144    |
 | `moonshot/kimi-k2-thinking-turbo` | Kimi K2 Thinking Turbo | Yes       | text        | 262,144 | 262,144    |
@@ -30,11 +31,18 @@ Moonshot and Kimi Coding are **separate providers**. Keys are not interchangeabl
 [//]: # "moonshot-kimi-k2-ids:end"

 Bundled cost estimates for current Moonshot-hosted K2 models use Moonshot's
-published pay-as-you-go rates: Kimi K2.6 is $0.16/MTok cache hit,
+published pay-as-you-go rates: Kimi K2.7 Code is $0.19/MTok cache hit,
+$0.95/MTok input, and $4.00/MTok output; Kimi K2.6 is $0.16/MTok cache hit,
 $0.95/MTok input, and $4.00/MTok output; Kimi K2.5 is $0.10/MTok cache hit,
 $0.60/MTok input, and $3.00/MTok output. Other legacy catalog entries keep
 zero-cost placeholders unless you override them in config.

+Kimi K2.7 Code always uses native thinking. OpenClaw exposes only the `on`
+thinking state for this model and omits outbound `thinking` and
+`reasoning_effort` controls, as required by Moonshot. OpenClaw also omits
+sampling overrides that K2.7 fixes to provider defaults. Kimi K2.6 remains the
+onboarding default.
+
 ## Getting started

 Choose your provider and follow the setup steps.
@@ -109,6 +117,7 @@ Choose your provider and follow the setup steps.
          models: {
            // moonshot-kimi-k2-aliases:start
            "moonshot/kimi-k2.6": { alias: "Kimi K2.6" },
+            "moonshot/kimi-k2.7-code": { alias: "Kimi K2.7 Code" },
            "moonshot/kimi-k2.5": { alias: "Kimi K2.5" },
            "moonshot/kimi-k2-thinking": { alias: "Kimi K2 Thinking" },
            "moonshot/kimi-k2-thinking-turbo": { alias: "Kimi K2 Thinking Turbo" },
@@ -135,6 +144,15 @@ Choose your provider and follow the setup steps.
                contextWindow: 262144,
                maxTokens: 262144,
              },
+              {
+                id: "kimi-k2.7-code",
+                name: "Kimi K2.7 Code",
+                reasoning: true,
+                input: ["text", "image"],
+                cost: { input: 0.95, output: 4, cacheRead: 0.19, cacheWrite: 0 },
+                contextWindow: 262144,
+                maxTokens: 262144,
+              },
              {
                id: "kimi-k2.5",
                name: "Kimi K2.5",
@@ -288,7 +306,13 @@ Config lives under `plugins.entries.moonshot.config.webSearch`:

 <AccordionGroup>
  <Accordion title="Native thinking mode">
-    Moonshot Kimi supports binary native thinking:
+    Kimi K2.7 Code always uses native thinking. Moonshot requires clients to
+    omit the `thinking` field for this model, so OpenClaw exposes only `on` and
+    ignores stale `off` settings. K2.7 also fixes `temperature`, `top_p`, `n`,
+    `presence_penalty`, and `frequency_penalty`; OpenClaw omits configured
+    overrides for those fields.
+
+    Other Moonshot Kimi models support binary native thinking:

    - `thinking: { type: "enabled" }`
    - `thinking: { type: "disabled" }`
@@ -311,7 +335,7 @@ Config lives under `plugins.entries.moonshot.config.webSearch`:
    }
    ```

-    OpenClaw also maps runtime `/think` levels for Moonshot:
+    OpenClaw maps runtime `/think` levels for those models:

    | `/think` level       | Moonshot behavior          |
    | -------------------- | -------------------------- |
@@ -319,14 +343,16 @@ Config lives under `plugins.entries.moonshot.config.webSearch`:
    | Any non-off level    | `thinking.type=enabled`    |

    <Warning>
-    When Moonshot thinking is enabled, `tool_choice` must be `auto` or `none`. OpenClaw normalizes incompatible `tool_choice` values to `auto` for compatibility.
+    When Moonshot thinking is enabled, `tool_choice` must be `auto` or `none`. OpenClaw normalizes incompatible values to `auto`. This includes Kimi K2.7 Code, whose thinking mode cannot be disabled to preserve a pinned tool choice.
    </Warning>

    Kimi K2.6 also accepts an optional `thinking.keep` field that controls
    multi-turn retention of `reasoning_content`. Set it to `"all"` to keep full
    reasoning across turns; omit it (or leave it `null`) to use the server
    default strategy. OpenClaw only forwards `thinking.keep` for
-    `moonshot/kimi-k2.6` and strips it from other models.
+    `moonshot/kimi-k2.6` and strips it from other models. Kimi K2.7 Code
+    preserves full reasoning history by default while OpenClaw omits the entire
+    `thinking` field.

    ```json5
    {
@@ -347,7 +373,7 @@ Config lives under `plugins.entries.moonshot.config.webSearch`:
  </Accordion>

  <Accordion title="Tool call id sanitization">
-    Moonshot Kimi serves tool_call ids shaped like `functions.<name>:<index>`. OpenClaw preserves them unchanged so multi-turn tool calls keep working.
+    Moonshot Kimi serves native tool_call ids shaped like `functions.<name>:<index>`. For the OpenAI-completions transport, OpenClaw preserves the first occurrence of each native Kimi id and rewrites later duplicates to deterministic OpenAI-style `call_*` ids. Matching tool results are remapped with the same id so replay remains unique without stripping Kimi's first native id.

    To force strict sanitization on a custom OpenAI-compatible provider, set `sanitizeToolCallIds: true`:

--- a/docs/tools/btw.md
+++ b/docs/tools/btw.md
@@ -42,8 +42,14 @@ app-server thread as an ephemeral side thread. That keeps Codex OAuth and native
 thread behavior intact while still isolating the side answer from the parent
 transcript. Like Codex `/side`, the side thread keeps the current Codex
 permissions and native tool surface, with guardrails that tell the model not to
-treat inherited parent-thread work as active instructions. Non-Codex runtimes
-keep the older direct one-shot path.
+treat inherited parent-thread work as active instructions.
+
+For CLI runtime aliases, BTW uses the owning CLI backend in side-question mode
+instead of falling back to a direct provider call. OpenClaw seeds sanitized
+conversation context into a fresh one-shot CLI invocation, disables OpenClaw MCP
+tool bundling and reusable CLI session state for that invocation, and lets the
+backend add any CLI-native no-resume or no-tools flags it supports. Direct
+non-CLI runtimes keep the direct one-shot path.

 ## What it does not do

--- a/docs/tools/thinking.md
+++ b/docs/tools/thinking.md
@@ -35,7 +35,7 @@ title: "Thinking levels"
  - Google Gemini maps `/think adaptive` to Gemini's provider-owned dynamic thinking. Gemini 3 requests omit a fixed `thinkingLevel`, while Gemini 2.5 requests send `thinkingBudget: -1`; fixed levels still map to the closest Gemini `thinkingLevel` or budget for that model family.
  - MiniMax M2.x (`minimax/MiniMax-M2*`) on the Anthropic-compatible streaming path defaults to `thinking: { type: "disabled" }` unless you explicitly set thinking in model params or request params. This avoids leaked `reasoning_content` deltas from M2.x's non-native Anthropic stream format. MiniMax-M3 (and M3.x) is exempt: M3 emits proper Anthropic thinking blocks and returns empty content when thinking is disabled, so OpenClaw keeps M3 on the provider's omitted/adaptive thinking path.
  - Z.AI (`zai/*`) only supports binary thinking (`on`/`off`). Any non-`off` level is treated as `on` (mapped to `low`).
-  - Moonshot (`moonshot/*`) maps `/think off` to `thinking: { type: "disabled" }` and any non-`off` level to `thinking: { type: "enabled" }`. When thinking is enabled, Moonshot only accepts `tool_choice` `auto|none`; OpenClaw normalizes incompatible values to `auto`.
+  - Moonshot Kimi K2.7 Code (`moonshot/kimi-k2.7-code`) always thinks. Its profile exposes only `on`, and OpenClaw omits the outbound `thinking` field as required by Moonshot. Other `moonshot/*` models map `/think off` to `thinking: { type: "disabled" }` and any non-`off` level to `thinking: { type: "enabled" }`. When thinking is enabled, Moonshot only accepts `tool_choice` `auto|none`; OpenClaw normalizes incompatible values to `auto`.

 ## Resolution order

--- a/extensions/acpx/npm-shrinkwrap.json
+++ b/extensions/acpx/npm-shrinkwrap.json
@@ -224,9 +224,9 @@
      }
    },
    "node_modules/@esbuild/aix-ppc64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.28.0.tgz",
-      "integrity": "sha512-lhRUCeuOyJQURhTxl4WkpFTjIsbDayJHih5kZC1giwE+MhIzAb7mEsQMqMf18rHLsrb5qI1tafG20mLxEWcWlA==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.28.1.tgz",
+      "integrity": "sha512-Svl7tq8k/08+p6CXPpRjQ1fKX+1odH/BQbb48fV6fj3CWHhsoIOoY87w1oHXm0qEpkIK3ZfVgp0hed3XBXzXMQ==",
      "cpu": [
        "ppc64"
      ],
@@ -240,9 +240,9 @@
      }
    },
    "node_modules/@esbuild/android-arm": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.28.0.tgz",
-      "integrity": "sha512-wqh0ByljabXLKHeWXYLqoJ5jKC4XBaw6Hk08OfMrCRd2nP2ZQ5eleDZC41XHyCNgktBGYMbqnrJKq/K/lzPMSQ==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.28.1.tgz",
+      "integrity": "sha512-0k2F129Xdio1TdJfzJ8sy1Q47vUD2NnwdhiAf7drUN1EBTfPf4hsFCtmMgu/6m8JSzsBrlmVjudMBQqOfG8usQ==",
      "cpu": [
        "arm"
      ],
@@ -256,9 +256,9 @@
      }
    },
    "node_modules/@esbuild/android-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.28.0.tgz",
-      "integrity": "sha512-+WzIXQOSaGs33tLEgYPYe/yQHf0WTU0X42Jca3y8NWMbUVhp7rUnw+vAsRC/QiDrdD31IszMrZy+qwPOPjd+rw==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.28.1.tgz",
+      "integrity": "sha512-34EGEbCIAgosYz6goLcopX6Mo7NyGv9tfwEM2/7Ce2VcVRk568iSvniGWcUXIy7wEDR1wzolcxcriFVrWYcwBg==",
      "cpu": [
        "arm64"
      ],
@@ -272,9 +272,9 @@
      }
    },
    "node_modules/@esbuild/android-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.28.0.tgz",
-      "integrity": "sha512-+VJggoaKhk2VNNqVL7f6S189UzShHC/mR9EE8rDdSkdpN0KflSwWY/gWjDrNxxisg8Fp1ZCD9jLMo4m0OUfeUA==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.28.1.tgz",
+      "integrity": "sha512-dbwY7ltSMDWsRatcRpCnES4F+im88OCUgGZjy52shC7GqHRE/cYlxNbB4Z4UpJswpcc4Qxd2oE/ufM0p61IKng==",
      "cpu": [
        "x64"
      ],
@@ -288,9 +288,9 @@
      }
    },
    "node_modules/@esbuild/darwin-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.28.0.tgz",
-      "integrity": "sha512-0T+A9WZm+bZ84nZBtk1ckYsOvyA3x7e2Acj1KdVfV4/2tdG4fzUp91YHx+GArWLtwqp77pBXVCPn2We7Letr0Q==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.28.1.tgz",
+      "integrity": "sha512-TZbWkQY7kvTAXbXUT7uVACR5cMHsDiSz9z7ZKAX/RTq/WJEk3QyRr0wZpNhBDX+/0CtdqUIJlOiodQcta6tY3Q==",
      "cpu": [
        "arm64"
      ],
@@ -304,9 +304,9 @@
      }
    },
    "node_modules/@esbuild/darwin-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.28.0.tgz",
-      "integrity": "sha512-fyzLm/DLDl/84OCfp2f/XQ4flmORsjU7VKt8HLjvIXChJoFFOIL6pLJPH4Yhd1n1gGFF9mPwtlN5Wf82DZs+LQ==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.28.1.tgz",
+      "integrity": "sha512-zfdzgK9ACBNZLI/CyHTOx81SyNbM6YXn7rxSgX97VjyiPl9W1i4Ka4fgKECEoFCKGpvBj5qArWIGgQjOwkgskQ==",
      "cpu": [
        "x64"
      ],
@@ -320,9 +320,9 @@
      }
    },
    "node_modules/@esbuild/freebsd-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.28.0.tgz",
-      "integrity": "sha512-l9GeW5UZBT9k9brBYI+0WDffcRxgHQD8ShN2Ur4xWq/NFzUKm3k5lsH4PdaRgb2w7mI9u61nr2gI2mLI27Nh3Q==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.28.1.tgz",
+      "integrity": "sha512-wG2EA8ENdEI0qhkSZMjfqrdY+ziCYCPMmtZjjIwOmXFjmyzEHn+UUxk5of+SYsjtfs3VpnlC7QLzSI5hY/rOAw==",
      "cpu": [
        "arm64"
      ],
@@ -336,9 +336,9 @@
      }
    },
    "node_modules/@esbuild/freebsd-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.28.0.tgz",
-      "integrity": "sha512-BXoQai/A0wPO6Es3yFJ7APCiKGc1tdAEOgeTNy3SsB491S3aHn4S4r3e976eUnPdU+NbdtmBuLncYir2tMU9Nw==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.28.1.tgz",
+      "integrity": "sha512-i7dZ9vQgnvSCzi/rYCXNgtF/U+eKZNJBzu3eTQbRgHnM7tNSizLOkRFAl3qzVc/Op/u5YkHHa4pf/3DOYHthLQ==",
      "cpu": [
        "x64"
      ],
@@ -352,9 +352,9 @@
      }
    },
    "node_modules/@esbuild/linux-arm": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.28.0.tgz",
-      "integrity": "sha512-CjaaREJagqJp7iTaNQjjidaNbCKYcd4IDkzbwwxtSvjI7NZm79qiHc8HqciMddQ6CKvJT6aBd8lO9kN/ZudLlw==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.28.1.tgz",
+      "integrity": "sha512-qVXBOHQS+d5Y722GwJzJUtOLlX7km3CraOaGormF1pDtPd2C/l1SHRPgjLunLGe51Sh5YYWKMFDyV4SxgMQYTQ==",
      "cpu": [
        "arm"
      ],
@@ -368,9 +368,9 @@
      }
    },
    "node_modules/@esbuild/linux-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.28.0.tgz",
-      "integrity": "sha512-RVyzfb3FWsGA55n6WY0MEIEPURL1FcbhFE6BffZEMEekfCzCIMtB5yyDcFnVbTnwk+CLAgTujmV/Lgvih56W+A==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.28.1.tgz",
+      "integrity": "sha512-yHs+0uc8+nvEAfAfxrWQKK5peSNzBc4PegcMO0EJ2hT71uA7vB8Ihg2e77R2P7SG5uYjPbHlLLmve4LLLRCf0g==",
      "cpu": [
        "arm64"
      ],
@@ -384,9 +384,9 @@
      }
    },
    "node_modules/@esbuild/linux-ia32": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.28.0.tgz",
-      "integrity": "sha512-KBnSTt1kxl9x70q+ydterVdl+Cn0H18ngRMRCEQfrbqdUuntQQ0LoMZv47uB97NljZFzY6HcfqEZ2SAyIUTQBQ==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.28.1.tgz",
+      "integrity": "sha512-d1z4ZuP0ajrfz/FhGT4vv278rX8KnPPJx8i5+AtK7TYbx9Le9F1hyzurZpkEyjkGa9dUGhQow4C1NmeGvqxN2w==",
      "cpu": [
        "ia32"
      ],
@@ -400,9 +400,9 @@
      }
    },
    "node_modules/@esbuild/linux-loong64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.28.0.tgz",
-      "integrity": "sha512-zpSlUce1mnxzgBADvxKXX5sl8aYQHo2ezvMNI8I0lbblJtp8V4odlm3Yzlj7gPyt3T8ReksE6bK+pT3WD+aJRg==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.28.1.tgz",
+      "integrity": "sha512-M5sRjUVZrkm1OAPR3dlOYzNmN+loZKGVi1VUQGrwuqLcbR6qeAz+famMhjASeH3YVKvZz+zT1jlh/keC3Rj/lg==",
      "cpu": [
        "loong64"
      ],
@@ -416,9 +416,9 @@
      }
    },
    "node_modules/@esbuild/linux-mips64el": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.28.0.tgz",
-      "integrity": "sha512-2jIfP6mmjkdmeTlsX/9vmdmhBmKADrWqN7zcdtHIeNSCH1SqIoNI63cYsjQR8J+wGa4Y5izRcSHSm8K3QWmk3w==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.28.1.tgz",
+      "integrity": "sha512-mRObBZeHh2OxcBFPWE/FjylkRgZdYuiTR3vaTozquCGOH14iP9oN4x4Ge81CoIDYQrXmIxpFumJBu5MtZpnQJQ==",
      "cpu": [
        "mips64el"
      ],
@@ -432,9 +432,9 @@
      }
    },
    "node_modules/@esbuild/linux-ppc64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.28.0.tgz",
-      "integrity": "sha512-bc0FE9wWeC0WBm49IQMPSPILRocGTQt3j5KPCA8os6VprfuJ7KD+5PzESSrJ6GmPIPJK965ZJHTUlSA6GNYEhg==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.28.1.tgz",
+      "integrity": "sha512-slScBsMAb3GFDcdrCgLwZtPYRoH2H/youv10QiZyRjmsP48fznoveWytSgCI/R0ZcUgpc0ZhIUEx6LHts8yrfQ==",
      "cpu": [
        "ppc64"
      ],
@@ -448,9 +448,9 @@
      }
    },
    "node_modules/@esbuild/linux-riscv64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.28.0.tgz",
-      "integrity": "sha512-SQPZOwoTTT/HXFXQJG/vBX8sOFagGqvZyXcgLA3NhIqcBv1BJU1d46c0rGcrij2B56Z2rNiSLaZOYW5cUk7yLQ==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.28.1.tgz",
+      "integrity": "sha512-kw0owk1o0GFETUJyW0jc0G4Yzs0BHZn0JDZ8JRT088vjJYX777BAs1fDGxAC+q831qOs2DTC96mNsG2opdfyyQ==",
      "cpu": [
        "riscv64"
      ],
@@ -464,9 +464,9 @@
      }
    },
    "node_modules/@esbuild/linux-s390x": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.28.0.tgz",
-      "integrity": "sha512-SCfR0HN8CEEjnYnySJTd2cw0k9OHB/YFzt5zgJEwa+wL/T/raGWYMBqwDNAC6dqFKmJYZoQBRfHjgwLHGSrn3Q==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.28.1.tgz",
+      "integrity": "sha512-/lAIjX8aYFRByhh6L5rYtPEDRqa9de/4V/juOXcta5frjvzXO4/sqEtyytse0g3zZFuWu5cDN0MkLz2qRDD2Ag==",
      "cpu": [
        "s390x"
      ],
@@ -480,9 +480,9 @@
      }
    },
    "node_modules/@esbuild/linux-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.28.0.tgz",
-      "integrity": "sha512-us0dSb9iFxIi8srnpl931Nvs65it/Jd2a2K3qs7fz2WfGPHqzfzZTfec7oxZJRNPXPnNYZtanmRc4AL/JwVzHQ==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.28.1.tgz",
+      "integrity": "sha512-u/anNYF2mmVOEDwLtnQ1wOr3EZ9sTNGLWrsYGYwHWzGA3Si84IOkHXlbWTD1NB+9/1lcnweYKO54uhxZydNzfA==",
      "cpu": [
        "x64"
      ],
@@ -496,9 +496,9 @@
      }
    },
    "node_modules/@esbuild/netbsd-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.28.0.tgz",
-      "integrity": "sha512-CR/RYotgtCKwtftMwJlUU7xCVNg3lMYZ0RzTmAHSfLCXw3NtZtNpswLEj/Kkf6kEL3Gw+BpOekRX0BYCtklhUw==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.28.1.tgz",
+      "integrity": "sha512-oks0DYbLwWMmaakTsCb+zL4E+aHRVLom9IJZOAthMQEPiQmydXHkziYEsGYRx0uNV/IjEKGAV941JzH02pflqw==",
      "cpu": [
        "arm64"
      ],
@@ -512,9 +512,9 @@
      }
    },
    "node_modules/@esbuild/netbsd-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.28.0.tgz",
-      "integrity": "sha512-nU1yhmYutL+fQ71Kxnhg8uEOdC0pwEW9entHykTgEbna2pw2dkbFSMeqjjyHZoCmt8SBkOSvV+yNmm94aUrrqw==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.28.1.tgz",
+      "integrity": "sha512-aeL6lAnN89Hz43Mlh1G8ARasbuoYvSITDEx0tHh5b7jJnHcssqgjy9Yx430GDpmCa6OyrKoS0aNRjKundRizGg==",
      "cpu": [
        "x64"
      ],
@@ -528,9 +528,9 @@
      }
    },
    "node_modules/@esbuild/openbsd-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.28.0.tgz",
-      "integrity": "sha512-cXb5vApOsRsxsEl4mcZ1XY3D4DzcoMxR/nnc4IyqYs0rTI8ZKmW6kyyg+11Z8yvgMfAEldKzP7AdP64HnSC/6g==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.28.1.tgz",
+      "integrity": "sha512-MEFJe5C3R8pwXdZ5Y21oo6m7ePiS0d9pWucn99O/wvyJZChoIQKrQDxKrGeW8F5+T0okTHesAmDeiHDTIq0V/Q==",
      "cpu": [
        "arm64"
      ],
@@ -544,9 +544,9 @@
      }
    },
    "node_modules/@esbuild/openbsd-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.28.0.tgz",
-      "integrity": "sha512-8wZM2qqtv9UP3mzy7HiGYNH/zjTA355mpeuA+859TyR+e+Tc08IHYpLJuMsfpDJwoLo1ikIJI8jC3GFjnRClzA==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.28.1.tgz",
+      "integrity": "sha512-i/ZLIOafE0Z8cI/XANJAixoJL/uRAoS2xOA3rb0xN+KK0K177cMAsQYkzHtBrtMXAKuAc7HGgcWiZ/sRC1Nxgw==",
      "cpu": [
        "x64"
      ],
@@ -560,9 +560,9 @@
      }
    },
    "node_modules/@esbuild/openharmony-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.28.0.tgz",
-      "integrity": "sha512-FLGfyizszcef5C3YtoyQDACyg95+dndv79i2EekILBofh5wpCa1KuBqOWKrEHZg3zrL3t5ouE5jgr94vA+Wb2w==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.28.1.tgz",
+      "integrity": "sha512-ge+Z7EXFNt2BO1oAMsVpiQ8EwndV9i1xXerAeTIK7AtPs3bKFXQM7nlRxDSIUIMeueR1CNXxqztLzdNeReKBJg==",
      "cpu": [
        "arm64"
      ],
@@ -576,9 +576,9 @@
      }
    },
    "node_modules/@esbuild/sunos-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.28.0.tgz",
-      "integrity": "sha512-1ZgjUoEdHZZl/YlV76TSCz9Hqj9h9YmMGAgAPYd+q4SicWNX3G5GCyx9uhQWSLcbvPW8Ni7lj4gDa1T40akdlw==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.28.1.tgz",
+      "integrity": "sha512-BEjgtECkL3vY+SaSQ6nzVfiALUeFxpawyp8Jmf5PtYhf1Ug40N1h/hxlhts+f1FvSvarEigdxS3BlSMI2PJLcQ==",
      "cpu": [
        "x64"
      ],
@@ -592,9 +592,9 @@
      }
    },
    "node_modules/@esbuild/win32-arm64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.28.0.tgz",
-      "integrity": "sha512-Q9StnDmQ/enxnpxCCLSg0oo4+34B9TdXpuyPeTedN/6+iXBJ4J+zwfQI28u/Jl40nOYAxGoNi7mFP40RUtkmUA==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.28.1.tgz",
+      "integrity": "sha512-lCv9eK/H6ZJWbE7bh2nw54CZ9M2nupBxJcTsdk/QQnWkdSjKGuxmmH8/GWrlT1eMmZfn4dGcCjRte397WqfQXA==",
      "cpu": [
        "arm64"
      ],
@@ -608,9 +608,9 @@
      }
    },
    "node_modules/@esbuild/win32-ia32": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.28.0.tgz",
-      "integrity": "sha512-zF3ag/gfiCe6U2iczcRzSYJKH1DCI+ByzSENHlM2FcDbEeo5Zd2C86Aq0tKUYAJJ1obRP84ymxIAksZUcdztHA==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.28.1.tgz",
+      "integrity": "sha512-zvb/mB2bSCoJOpoCBgYKKpX6YM6mJBlBUVUtVj41DlZJVEB6/0CKlRYxP5wWl1C1ILiCoAU5wZZ4q1P3qeS6Eg==",
      "cpu": [
        "ia32"
      ],
@@ -624,9 +624,9 @@
      }
    },
    "node_modules/@esbuild/win32-x64": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.28.0.tgz",
-      "integrity": "sha512-pEl1bO9mfAmIC+tW5btTmrKaujg3zGtUmWNdCw/xs70FBjwAL3o9OEKNHvNmnyylD6ubxUERiEhdsL0xBQ9efw==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.28.1.tgz",
+      "integrity": "sha512-bm4Mowrv+GXMlpWX++EcXw/iLyd1o3+bJkC2DkWXYVvgZCqD/bSj9ctZeAMC3cIxgjRVR2Dufaiu4YPxr5gW1A==",
      "cpu": [
        "x64"
      ],
@@ -1208,9 +1208,9 @@
      }
    },
    "node_modules/esbuild": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.28.0.tgz",
-      "integrity": "sha512-sNR9MHpXSUV/XB4zmsFKN+QgVG82Cc7+/aaxJ8Adi8hyOac+EXptIp45QBPaVyX3N70664wRbTcLTOemCAnyqw==",
+      "version": "0.28.1",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.28.1.tgz",
+      "integrity": "sha512-HrJrvZv5ayxBzPfwphOoNzkzOIIlifzk0KJrGK2c8R4+LKpMtpYLQeUdjnwjWv/LZlkH2laZk+4w78pi99D4Vw==",
      "hasInstallScript": true,
      "license": "MIT",
      "bin": {
@@ -1220,32 +1220,32 @@
        "node": ">=18"
      },
      "optionalDependencies": {
-        "@esbuild/aix-ppc64": "0.28.0",
-        "@esbuild/android-arm": "0.28.0",
-        "@esbuild/android-arm64": "0.28.0",
-        "@esbuild/android-x64": "0.28.0",
-        "@esbuild/darwin-arm64": "0.28.0",
-        "@esbuild/darwin-x64": "0.28.0",
-        "@esbuild/freebsd-arm64": "0.28.0",
-        "@esbuild/freebsd-x64": "0.28.0",
-        "@esbuild/linux-arm": "0.28.0",
-        "@esbuild/linux-arm64": "0.28.0",
-        "@esbuild/linux-ia32": "0.28.0",
-        "@esbuild/linux-loong64": "0.28.0",
-        "@esbuild/linux-mips64el": "0.28.0",
-        "@esbuild/linux-ppc64": "0.28.0",
-        "@esbuild/linux-riscv64": "0.28.0",
-        "@esbuild/linux-s390x": "0.28.0",
-        "@esbuild/linux-x64": "0.28.0",
-        "@esbuild/netbsd-arm64": "0.28.0",
-        "@esbuild/netbsd-x64": "0.28.0",
-        "@esbuild/openbsd-arm64": "0.28.0",
-        "@esbuild/openbsd-x64": "0.28.0",
-        "@esbuild/openharmony-arm64": "0.28.0",
-        "@esbuild/sunos-x64": "0.28.0",
-        "@esbuild/win32-arm64": "0.28.0",
-        "@esbuild/win32-ia32": "0.28.0",
-        "@esbuild/win32-x64": "0.28.0"
+        "@esbuild/aix-ppc64": "0.28.1",
+        "@esbuild/android-arm": "0.28.1",
+        "@esbuild/android-arm64": "0.28.1",
+        "@esbuild/android-x64": "0.28.1",
+        "@esbuild/darwin-arm64": "0.28.1",
+        "@esbuild/darwin-x64": "0.28.1",
+        "@esbuild/freebsd-arm64": "0.28.1",
+        "@esbuild/freebsd-x64": "0.28.1",
+        "@esbuild/linux-arm": "0.28.1",
+        "@esbuild/linux-arm64": "0.28.1",
+        "@esbuild/linux-ia32": "0.28.1",
+        "@esbuild/linux-loong64": "0.28.1",
+        "@esbuild/linux-mips64el": "0.28.1",
+        "@esbuild/linux-ppc64": "0.28.1",
+        "@esbuild/linux-riscv64": "0.28.1",
+        "@esbuild/linux-s390x": "0.28.1",
+        "@esbuild/linux-x64": "0.28.1",
+        "@esbuild/netbsd-arm64": "0.28.1",
+        "@esbuild/netbsd-x64": "0.28.1",
+        "@esbuild/openbsd-arm64": "0.28.1",
+        "@esbuild/openbsd-x64": "0.28.1",
+        "@esbuild/openharmony-arm64": "0.28.1",
+        "@esbuild/sunos-x64": "0.28.1",
+        "@esbuild/win32-arm64": "0.28.1",
+        "@esbuild/win32-ia32": "0.28.1",
+        "@esbuild/win32-x64": "0.28.1"
      }
    },
    "node_modules/escape-html": {
--- a/extensions/anthropic-vertex/stream-runtime.test.ts
+++ b/extensions/anthropic-vertex/stream-runtime.test.ts
@@ -3,8 +3,6 @@ import { createAssistantMessageEventStream, type Model } from "openclaw/plugin-s
 import { beforeAll, describe, expect, it, vi } from "vitest";
 import type { AnthropicVertexStreamDeps } from "./stream-runtime.js";

-const SYSTEM_PROMPT_CACHE_BOUNDARY = "\n<!-- OPENCLAW_CACHE_BOUNDARY -->\n";
-
 function createStreamDeps(): {
  deps: AnthropicVertexStreamDeps;
  streamAnthropicMock: ReturnType<typeof vi.fn>;
@@ -50,8 +48,6 @@ function makeModel(params: {
  } as Model<"anthropic-messages">;
 }

-const CACHE_BOUNDARY_PROMPT = `Stable prefix${SYSTEM_PROMPT_CACHE_BOUNDARY}Dynamic suffix`;
-
 type PayloadHook = (payload: unknown, payloadModel: unknown) => Promise<unknown>;

 function streamAnthropicCall(streamAnthropicMock: ReturnType<typeof vi.fn>): unknown[] {
@@ -72,8 +68,8 @@ function streamTransportOptions(
  return options as Record<string, unknown>;
 }

-function captureCacheBoundaryPayloadHook(
-  onPayload: PayloadHook,
+function captureTransportPayloadHook(
+  onPayload: PayloadHook | undefined,
  deps: AnthropicVertexStreamDeps,
  streamAnthropicMock: ReturnType<typeof vi.fn>,
 ) {
@@ -82,14 +78,8 @@ function captureCacheBoundaryPayloadHook(

  void streamFn(
    model,
-    {
-      systemPrompt: CACHE_BOUNDARY_PROMPT,
-      messages: [{ role: "user", content: "Hello" }],
-    } as never,
-    {
-      cacheRetention: "short",
-      onPayload,
-    } as never,
+    { messages: [{ role: "user", content: "Hello" }] } as never,
+    { cacheRetention: "short", ...(onPayload ? { onPayload } : {}) } as never,
  );

  const transportOptions = streamTransportOptions(streamAnthropicMock);
@@ -97,26 +87,30 @@ function captureCacheBoundaryPayloadHook(
  return { model, onPayload: transportOptions.onPayload as PayloadHook | undefined };
 }

-function buildExpectedCacheBoundaryPayload(messageText: string) {
+// Mirrors the shared anthropic-messages transport output: cache boundary already
+// split (uncached dynamic suffix) and all four cache_control markers allocated.
+function buildBudgetedTransportPayload() {
  return {
    system: [
-      {
-        type: "text",
-        text: "Stable prefix",
-        cache_control: { type: "ephemeral" },
-      },
-      {
-        type: "text",
-        text: "Dynamic suffix",
-      },
+      { type: "text", text: "Stable prefix", cache_control: { type: "ephemeral" } },
+      { type: "text", text: "Dynamic suffix" },
+    ],
+    tools: [
+      { name: "exec", input_schema: { type: "object" }, cache_control: { type: "ephemeral" } },
    ],
    messages: [
+      {
+        role: "user",
+        content: [{ type: "text", text: "Hello", cache_control: { type: "ephemeral" } }],
+      },
+      { role: "assistant", content: [{ type: "tool_use", id: "t1", name: "exec", input: {} }] },
      {
        role: "user",
        content: [
          {
-            type: "text",
-            text: messageText,
+            type: "tool_result",
+            tool_use_id: "t1",
+            content: [],
            cache_control: { type: "ephemeral" },
          },
        ],
@@ -125,6 +119,29 @@ function buildExpectedCacheBoundaryPayload(messageText: string) {
  };
 }

+function countCacheControlMarkers(payload: unknown): number {
+  let count = 0;
+  const visit = (value: unknown) => {
+    if (Array.isArray(value)) {
+      value.forEach(visit);
+      return;
+    }
+    if (!value || typeof value !== "object") {
+      return;
+    }
+    const record = value as Record<string, unknown>;
+    if (record.cache_control !== undefined) {
+      count += 1;
+    }
+    visit(record.content);
+  };
+  const record = payload as Record<string, unknown>;
+  visit(record.system);
+  visit(record.tools);
+  visit(record.messages);
+  return count;
+}
+
 describe("createAnthropicVertexStreamFn", () => {
  beforeAll(async () => {
    ({ createAnthropicVertexStreamFn, createAnthropicVertexStreamFnForModel } =
@@ -343,63 +360,35 @@ describe("createAnthropicVertexStreamFn", () => {
    expect(transportOptions).not.toHaveProperty("temperature");
  });

-  it("applies Anthropic cache-boundary shaping before forwarding payload hooks", async () => {
+  it("keeps already-budgeted cache_control markers intact when forwarding payload hooks", async () => {
    const { deps, streamAnthropicMock } = createStreamDeps();
    const onPayload = vi.fn(async (payload: unknown) => payload);
-    const { model, onPayload: transportPayloadHook } = captureCacheBoundaryPayloadHook(
+    const { model, onPayload: transportPayloadHook } = captureTransportPayloadHook(
      onPayload,
      deps,
      streamAnthropicMock,
    );
-    const payload = {
-      system: [
-        {
-          type: "text",
-          text: CACHE_BOUNDARY_PROMPT,
-          cache_control: { type: "ephemeral" },
-        },
-      ],
-      messages: [{ role: "user", content: "Hello" }],
-    };
+    const payload = buildBudgetedTransportPayload();

    const nextPayload = await transportPayloadHook?.(payload, model);

-    const expectedPayload = buildExpectedCacheBoundaryPayload("Hello");
-    expect(onPayload).toHaveBeenCalledWith(expectedPayload, model);
-    expect(nextPayload).toEqual(expectedPayload);
+    expect(onPayload).toHaveBeenCalledWith(payload, model);
+    expect(countCacheControlMarkers(nextPayload)).toBe(4);
+    expect((nextPayload as ReturnType<typeof buildBudgetedTransportPayload>).system[1]).toEqual({
+      type: "text",
+      text: "Dynamic suffix",
+    });
  });

-  it("reapplies Anthropic cache-boundary shaping when payload hooks return a fresh payload", async () => {
+  it("omits the transport payload hook when the caller provides none", () => {
    const { deps, streamAnthropicMock } = createStreamDeps();
-    const onPayload = vi.fn(async () => ({
-      system: [
-        {
-          type: "text",
-          text: CACHE_BOUNDARY_PROMPT,
-        },
-      ],
-      messages: [{ role: "user", content: "Hello again" }],
-    }));
-    const { model, onPayload: transportPayloadHook } = captureCacheBoundaryPayloadHook(
-      onPayload,
+    const { onPayload: transportPayloadHook } = captureTransportPayloadHook(
+      undefined,
      deps,
      streamAnthropicMock,
    );

-    const nextPayload = await transportPayloadHook?.(
-      {
-        system: [
-          {
-            type: "text",
-            text: CACHE_BOUNDARY_PROMPT,
-          },
-        ],
-        messages: [{ role: "user", content: "Hello" }],
-      },
-      model,
-    );
-
-    expect(nextPayload).toEqual(buildExpectedCacheBoundaryPayload("Hello again"));
+    expect(transportPayloadHook).toBeUndefined();
  });

  it("omits maxTokens when neither the model nor request provide a finite limit", () => {
--- a/extensions/anthropic-vertex/stream-runtime.ts
+++ b/extensions/anthropic-vertex/stream-runtime.ts
@@ -1,6 +1,6 @@
 /**
 * Anthropic Vertex stream runtime. It constructs Vertex SDK clients and adapts
- * OpenClaw stream options into Anthropic Messages payload policy.
+ * OpenClaw stream options for the shared Anthropic Messages transport.
 */
 import { AnthropicVertex as AnthropicVertexSdk } from "@anthropic-ai/vertex-sdk";
 import type { StreamFn } from "openclaw/plugin-sdk/agent-core";
@@ -18,10 +18,6 @@ import {
  supportsClaudeNativeMaxEffort,
  supportsClaudeNativeXhighEffort,
 } from "openclaw/plugin-sdk/provider-model-shared";
-import {
-  applyAnthropicPayloadPolicyToParams,
-  resolveAnthropicPayloadPolicy,
-} from "openclaw/plugin-sdk/provider-stream-shared";
 import { resolveAnthropicVertexClientRegion, resolveAnthropicVertexProjectId } from "./region.js";

 type AnthropicVertexTransportOptions = ProviderStreamOptions & {
@@ -120,36 +116,6 @@ function resolveAnthropicVertexMaxTokens(params: {
  return requested ?? modelMax;
 }

-function createAnthropicVertexOnPayload(params: {
-  model: { api: string; baseUrl?: string; provider: string };
-  cacheRetention: ProviderStreamOptions["cacheRetention"] | undefined;
-  onPayload: ProviderStreamOptions["onPayload"] | undefined;
-}): NonNullable<ProviderStreamOptions["onPayload"]> {
-  const policy = resolveAnthropicPayloadPolicy({
-    provider: params.model.provider,
-    api: params.model.api,
-    baseUrl: params.model.baseUrl,
-    cacheRetention: params.cacheRetention,
-    enableCacheControl: true,
-  });
-
-  function applyPolicy(payload: unknown): unknown {
-    if (payload && typeof payload === "object" && !Array.isArray(payload)) {
-      applyAnthropicPayloadPolicyToParams(payload as Record<string, unknown>, policy);
-    }
-    return payload;
-  }
-
-  return async (payload, model) => {
-    const shapedPayload = applyPolicy(payload);
-    const nextPayload = await params.onPayload?.(shapedPayload, model);
-    if (nextPayload === undefined || nextPayload === shapedPayload) {
-      return shapedPayload;
-    }
-    return applyPolicy(nextPayload);
-  };
-}
-
 /**
 * Create a StreamFn that routes through OpenClaw's generic model stream with an
 * injected `AnthropicVertex` client.  All streaming, message conversion, and
@@ -200,11 +166,10 @@ export function createAnthropicVertexStreamFn(
      cacheRetention: options?.cacheRetention,
      sessionId: options?.sessionId,
      headers: options?.headers,
-      onPayload: createAnthropicVertexOnPayload({
-        model: transportModel,
-        cacheRetention: options?.cacheRetention,
-        onPayload: options?.onPayload,
-      }),
+      // The shared anthropic-messages transport already splits the system prompt
+      // cache boundary and budgets all cache_control markers; re-applying the
+      // payload policy here marked the uncached suffix and breached the 4-marker cap.
+      onPayload: options?.onPayload,
      maxRetryDelayMs: options?.maxRetryDelayMs,
      metadata: options?.metadata,
    };
--- a/extensions/anthropic/cli-backend.ts
+++ b/extensions/anthropic/cli-backend.ts
@@ -34,6 +34,7 @@ export function buildAnthropicCliBackend(): CliBackendPlugin {
    bundleMcp: true,
    bundleMcpMode: "claude-config-file",
    nativeToolMode: "always-on",
+    sideQuestionToolMode: "disabled",
    ownsNativeCompaction: true,
    config: {
      command: "claude",
--- a/extensions/anthropic/cli-shared.test.ts
+++ b/extensions/anthropic/cli-shared.test.ts
@@ -150,6 +150,61 @@ describe("resolveClaudeCliExecutionArgs", () => {
      }),
    ).toEqual(["-p", "--effort", "max"]);
  });
+
+  it("forces isolated no-tool one-shot args for side-question execution", () => {
+    expect(
+      resolveClaudeCliExecutionArgs({
+        workspaceDir: "/tmp",
+        provider: "claude-cli",
+        modelId: "claude-opus-4-7",
+        thinkingLevel: "max",
+        useResume: true,
+        executionMode: "side-question",
+        baseArgs: [
+          "-p",
+          "--output-format",
+          "stream-json",
+          "--allowedTools=mcp__openclaw__*",
+          "--allowedTools",
+          "Read",
+          "Grep",
+          "--permission-mode",
+          "bypassPermissions",
+          "--session-id=abc",
+          "--resume",
+          "old-session",
+          "--resume-session-at",
+          "old-message",
+          "--resume-session-at=old-message-equals",
+          "--mcp-config",
+          "/tmp/side-question-mcp.json",
+          "--bare",
+          "--safe-mode",
+          "--strict-mcp-config",
+          "--no-session-persistence",
+          "--max-turns",
+          "4",
+          "--effort",
+          "high",
+        ],
+      }),
+    ).toEqual([
+      "-p",
+      "--output-format",
+      "stream-json",
+      "--safe-mode",
+      "--tools",
+      "",
+      "--disallowedTools",
+      "mcp__*",
+      "--strict-mcp-config",
+      "--no-session-persistence",
+      "--max-turns",
+      "1",
+      "--permission-mode",
+      "default",
+    ]);
+  });
 });

 describe("normalizeClaudeBackendConfig", () => {
--- a/extensions/anthropic/cli-shared.ts
+++ b/extensions/anthropic/cli-shared.ts
@@ -67,8 +67,26 @@ const CLAUDE_LEGACY_SKIP_PERMISSIONS_ARG = "--dangerously-skip-permissions";
 const CLAUDE_PERMISSION_MODE_ARG = "--permission-mode";
 const CLAUDE_SETTING_SOURCES_ARG = "--setting-sources";
 const CLAUDE_EFFORT_ARG = "--effort";
+const CLAUDE_BARE_ARG = "--bare";
+const CLAUDE_SAFE_MODE_ARG = "--safe-mode";
+const CLAUDE_TOOLS_ARG = "--tools";
+const CLAUDE_DISALLOWED_TOOLS_ARG = "--disallowedTools";
+const CLAUDE_MCP_CONFIG_ARG = "--mcp-config";
+const CLAUDE_STRICT_MCP_CONFIG_ARG = "--strict-mcp-config";
+const CLAUDE_NO_SESSION_PERSISTENCE_ARG = "--no-session-persistence";
+const CLAUDE_MAX_TURNS_ARG = "--max-turns";
+const CLAUDE_SESSION_ID_ARG = "--session-id";
+const CLAUDE_RESUME_ARG = "--resume";
+const CLAUDE_RESUME_SESSION_AT_ARG = "--resume-session-at";
+const CLAUDE_RESUME_SHORT_ARG = "-r";
+const CLAUDE_CONTINUE_ARG = "--continue";
+const CLAUDE_CONTINUE_SHORT_ARG = "-c";
+const CLAUDE_FORK_SESSION_ARG = "--fork-session";
 const CLAUDE_SAFE_SETTING_SOURCES = "user";
 const CLAUDE_BYPASS_PERMISSION_MODE = "bypassPermissions";
+const CLAUDE_DEFAULT_PERMISSION_MODE = "default";
+const CLAUDE_NO_TOOLS_VALUE = "";
+const CLAUDE_DENY_MCP_TOOLS_VALUE = "mcp__*";

 type ClaudeCliEffort = "low" | "medium" | "high" | "xhigh" | "max";

@@ -232,10 +250,89 @@ function stripClaudeEffortArgs(args: readonly string[]): string[] {
  return normalized;
 }

+const CLAUDE_SIDE_QUESTION_VARIADIC_VALUE_ARGS = new Set([
+  "--allowedTools",
+  "--allowed-tools",
+  CLAUDE_DISALLOWED_TOOLS_ARG,
+  "--disallowed-tools",
+  CLAUDE_TOOLS_ARG,
+  CLAUDE_MCP_CONFIG_ARG,
+]);
+
+const CLAUDE_SIDE_QUESTION_VALUE_ARGS = new Set([
+  CLAUDE_PERMISSION_MODE_ARG,
+  CLAUDE_SESSION_ID_ARG,
+  CLAUDE_RESUME_ARG,
+  CLAUDE_RESUME_SESSION_AT_ARG,
+  CLAUDE_RESUME_SHORT_ARG,
+  CLAUDE_MAX_TURNS_ARG,
+]);
+
+const CLAUDE_SIDE_QUESTION_BARE_ARGS = new Set([
+  CLAUDE_CONTINUE_ARG,
+  CLAUDE_CONTINUE_SHORT_ARG,
+  CLAUDE_FORK_SESSION_ARG,
+  CLAUDE_BARE_ARG,
+  CLAUDE_SAFE_MODE_ARG,
+  CLAUDE_STRICT_MCP_CONFIG_ARG,
+  CLAUDE_NO_SESSION_PERSISTENCE_ARG,
+]);
+
+function stripClaudeSideQuestionConflictingArgs(args: readonly string[]): string[] {
+  const normalized: string[] = [];
+  for (let i = 0; i < args.length; i += 1) {
+    const arg = args[i] ?? "";
+    const equalsIndex = arg.indexOf("=");
+    const argName = equalsIndex > 0 ? arg.slice(0, equalsIndex) : arg;
+    if (CLAUDE_SIDE_QUESTION_BARE_ARGS.has(argName)) {
+      continue;
+    }
+    if (CLAUDE_SIDE_QUESTION_VARIADIC_VALUE_ARGS.has(argName)) {
+      if (equalsIndex < 0) {
+        while (typeof args[i + 1] === "string" && !args[i + 1]?.startsWith("-")) {
+          i += 1;
+        }
+      }
+      continue;
+    }
+    if (CLAUDE_SIDE_QUESTION_VALUE_ARGS.has(argName)) {
+      if (equalsIndex < 0) {
+        const maybeValue = args[i + 1];
+        if (typeof maybeValue === "string" && !maybeValue.startsWith("-")) {
+          i += 1;
+        }
+      }
+      continue;
+    }
+    normalized.push(arg);
+  }
+  return normalized;
+}
+
+function resolveClaudeCliSideQuestionExecutionArgs(baseArgs: readonly string[]): string[] {
+  return [
+    ...stripClaudeSideQuestionConflictingArgs(stripClaudeEffortArgs(baseArgs)),
+    CLAUDE_SAFE_MODE_ARG,
+    CLAUDE_TOOLS_ARG,
+    CLAUDE_NO_TOOLS_VALUE,
+    CLAUDE_DISALLOWED_TOOLS_ARG,
+    CLAUDE_DENY_MCP_TOOLS_VALUE,
+    CLAUDE_STRICT_MCP_CONFIG_ARG,
+    CLAUDE_NO_SESSION_PERSISTENCE_ARG,
+    CLAUDE_MAX_TURNS_ARG,
+    "1",
+    CLAUDE_PERMISSION_MODE_ARG,
+    CLAUDE_DEFAULT_PERMISSION_MODE,
+  ];
+}
+
 /** Resolve final Claude CLI execution args for one backend invocation. */
 export function resolveClaudeCliExecutionArgs(
  context: CliBackendResolveExecutionArgsContext,
 ): string[] {
+  if (context.executionMode === "side-question") {
+    return resolveClaudeCliSideQuestionExecutionArgs(context.baseArgs);
+  }
  const effort = mapClaudeCliThinkingLevelToEffort(context.thinkingLevel);
  if (!effort) {
    return [...context.baseArgs];
--- a/extensions/anthropic/openclaw.plugin.json
+++ b/extensions/anthropic/openclaw.plugin.json
@@ -101,6 +101,28 @@
            "contextWindow": 200000,
            "maxTokens": 64000
          },
+          {
+            "id": "claude-haiku-4-5",
+            "name": "Claude Haiku 4.5",
+            "reasoning": true,
+            "input": ["text", "image"],
+            "mediaInput": {
+              "image": { "maxSidePx": 1568, "preferredSidePx": 1568, "tokenMode": "provider" }
+            },
+            "contextWindow": 200000,
+            "maxTokens": 64000
+          },
+          {
+            "id": "claude-haiku-4-5-20251001",
+            "name": "Claude Haiku 4.5",
+            "reasoning": true,
+            "input": ["text", "image"],
+            "mediaInput": {
+              "image": { "maxSidePx": 1568, "preferredSidePx": 1568, "tokenMode": "provider" }
+            },
+            "contextWindow": 200000,
+            "maxTokens": 64000
+          },
          {
            "id": "claude-sonnet-4-6",
            "name": "Claude Sonnet 4.6",
--- a/extensions/anthropic/openclaw.plugin.test.ts
+++ b/extensions/anthropic/openclaw.plugin.test.ts
@@ -0,0 +1,57 @@
+// Anthropic tests cover provider manifest model catalog behavior.
+import { readFileSync } from "node:fs";
+import { describe, expect, it } from "vitest";
+
+type AnthropicManifest = {
+  modelCatalog?: {
+    providers?: {
+      anthropic?: {
+        models?: Array<{
+          id?: string;
+          name?: string;
+          reasoning?: boolean;
+          input?: string[];
+          mediaInput?: {
+            image?: {
+              maxSidePx?: number;
+              preferredSidePx?: number;
+              tokenMode?: string;
+            };
+          };
+          contextWindow?: number;
+          maxTokens?: number;
+        }>;
+      };
+    };
+    discovery?: Record<string, string>;
+  };
+};
+
+const manifest = JSON.parse(
+  readFileSync(new URL("./openclaw.plugin.json", import.meta.url), "utf8"),
+) as AnthropicManifest;
+
+describe("Anthropic plugin manifest", () => {
+  it("resolves both official Claude Haiku 4.5 API identifiers from the static catalog", () => {
+    expect(manifest.modelCatalog?.discovery?.anthropic).toBe("static");
+
+    const models = manifest.modelCatalog?.providers?.anthropic?.models ?? [];
+    for (const id of ["claude-haiku-4-5", "claude-haiku-4-5-20251001"]) {
+      expect(models.find((model) => model.id === id)).toEqual({
+        id,
+        name: "Claude Haiku 4.5",
+        reasoning: true,
+        input: ["text", "image"],
+        mediaInput: {
+          image: {
+            maxSidePx: 1568,
+            preferredSidePx: 1568,
+            tokenMode: "provider",
+          },
+        },
+        contextWindow: 200000,
+        maxTokens: 64000,
+      });
+    }
+  });
+});
--- a/extensions/browser/src/cli/browser-cli-actions-input/register.navigation.test.ts
+++ b/extensions/browser/src/cli/browser-cli-actions-input/register.navigation.test.ts
@@ -61,4 +61,18 @@ describe("browser navigation commands", () => {
    expect(capture.runtimeErrors.join("\n")).toContain("Invalid width: maximum is 8192");
    expect(mocks.runBrowserResizeWithOutput).not.toHaveBeenCalled();
  });
+
+  it("navigate and resize commands are registered after removing dead import (#83878)", async () => {
+    const program = createNavigationProgram();
+    const browserCmd = program.commands.find((c) => c.name() === "browser");
+    expect(browserCmd).toBeDefined();
+
+    const cmds = browserCmd!.commands.map((c) => c.name());
+    expect(cmds).toContain("resize");
+    expect(cmds).toContain("navigate");
+
+    // Verify the shared module still exports requireRef (used by other modules)
+    const shared = await import("./shared.js");
+    expect(typeof shared.requireRef).toBe("function");
+  });
 });
--- a/extensions/browser/src/cli/browser-cli-actions-input/register.navigation.ts
+++ b/extensions/browser/src/cli/browser-cli-actions-input/register.navigation.ts
@@ -12,7 +12,7 @@ import {
  type BrowserParentOpts,
 } from "../browser-cli-shared.js";
 import { danger, defaultRuntime } from "../core-api.js";
-import { requireRef, resolveBrowserActionContext } from "./shared.js";
+import { resolveBrowserActionContext } from "./shared.js";

 /** Registers Browser navigate and resize commands. */
 export function registerBrowserNavigationCommands(
@@ -94,7 +94,4 @@ export function registerBrowserNavigationCommands(
        defaultRuntime.exit(1);
      }
    });
-
-  // Keep `requireRef` reachable; shared utilities are intended for other modules too.
-  void requireRef;
 }
--- a/extensions/browser/src/cli/browser-cli-manage.test.ts
+++ b/extensions/browser/src/cli/browser-cli-manage.test.ts
@@ -461,4 +461,24 @@ describe("browser manage output", () => {
    expect(output).toContain("OK gateway: browser control endpoint reachable");
    expect(output).toContain("OK tabs: 1 visible, use tab reference t1");
  });
+
+  it("prints a readable browser doctor failure when gateway auth SecretRefs are unavailable", async () => {
+    const error = Object.assign(new Error("gateway.auth.password unavailable"), {
+      code: "GATEWAY_SECRET_REF_UNAVAILABLE",
+      name: "GatewaySecretRefUnavailableError",
+    });
+    getBrowserManageCallBrowserRequestMock().mockRejectedValueOnce(error);
+
+    const program = createBrowserManageProgram();
+    await expect(program.parseAsync(["browser", "doctor"], { from: "user" })).rejects.toThrow(
+      "__exit__:1",
+    );
+
+    const output = lastRuntimeLog();
+    expect(output).toContain(
+      "FAIL gateway: Gateway auth SecretRef is unavailable in this command path",
+    );
+    expect(output).toContain("OPENCLAW_GATEWAY_TOKEN");
+    expect(output).not.toContain("GatewaySecretRefUnavailableError");
+  });
 });
--- a/extensions/browser/src/cli/browser-cli-manage.ts
+++ b/extensions/browser/src/cli/browser-cli-manage.ts
@@ -152,6 +152,24 @@ function formatDoctorLine(check: BrowserDoctorCheck): string {
  return `${check.ok ? "OK" : "FAIL"} ${check.name}${check.detail ? `: ${check.detail}` : ""}`;
 }

+function isGatewaySecretRefUnavailableErrorShape(error: unknown): boolean {
+  if (!(error instanceof Error)) {
+    return false;
+  }
+  const errorRecord = error as Error & { code?: unknown };
+  return (
+    errorRecord.name === "GatewaySecretRefUnavailableError" ||
+    errorRecord.code === "GATEWAY_SECRET_REF_UNAVAILABLE"
+  );
+}
+
+function formatBrowserDoctorGatewayError(error: unknown): string {
+  if (!isGatewaySecretRefUnavailableErrorShape(error)) {
+    return String(error);
+  }
+  return "Gateway auth SecretRef is unavailable in this command path; browser doctor cannot reach the admin-scoped browser.request endpoint. Set OPENCLAW_GATEWAY_TOKEN or OPENCLAW_GATEWAY_PASSWORD, then retry.";
+}
+
 async function runBrowserDoctor(parent: BrowserParentOpts, profile?: string, deep?: boolean) {
  const checks: BrowserDoctorCheck[] = [];
  let status: BrowserStatus | null;
@@ -167,7 +185,7 @@ async function runBrowserDoctor(parent: BrowserParentOpts, profile?: string, dee
    checks.push({
      name: "gateway",
      ok: false,
-      detail: String(err),
+      detail: formatBrowserDoctorGatewayError(err),
    });
    return { ok: false, checks };
  }
--- a/extensions/canvas/src/host/server.test.ts
+++ b/extensions/canvas/src/host/server.test.ts
@@ -120,6 +120,7 @@ describe("canvas host", () => {
  };
  let createCanvasHostHandler: typeof import("./server.js").createCanvasHostHandler;
  let startCanvasHost: typeof import("./server.js").startCanvasHost;
+  let canvasLiveReloadMaxInboundMessageBytes = 0;
  let WebSocketServerClass: typeof import("ws").WebSocketServer;
  let watcherState: ReturnType<typeof createMockWatcherState>;
  let fixtureRoot = "";
@@ -162,7 +163,10 @@ describe("canvas host", () => {
      };
    });
    vi.resetModules();
-    ({ createCanvasHostHandler, startCanvasHost } = await import("./server.js"));
+    const serverModule = await import("./server.js");
+    ({ createCanvasHostHandler, startCanvasHost } = serverModule);
+    canvasLiveReloadMaxInboundMessageBytes =
+      serverModule.CANVAS_LIVE_RELOAD_MAX_INBOUND_MESSAGE_BYTES;
    const wsModule = await vi.importActual<typeof import("ws")>("ws");
    WebSocketServerClass = wsModule.WebSocketServer;
    fixtureRoot = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-canvas-fixtures-"));
@@ -221,6 +225,54 @@ describe("canvas host", () => {
    }
  });

+  it("caps live reload WebSocket inbound payloads", async () => {
+    const dir = await createCaseDir();
+    const constructorOptions: unknown[] = [];
+    let connectionHandler: ((socket: TrackingWebSocket) => void) | undefined;
+    class CapturingWebSocketServer {
+      on(event: string, cb: (socket: TrackingWebSocket) => void) {
+        if (event === "connection") {
+          connectionHandler = cb;
+        }
+        return this;
+      }
+
+      close(cb?: () => void) {
+        cb?.();
+      }
+
+      constructor(options: unknown) {
+        constructorOptions.push(options);
+      }
+    }
+
+    const handler = await createTestCanvasHostHandler(dir, {
+      webSocketServerClass:
+        CapturingWebSocketServer as unknown as typeof import("ws").WebSocketServer,
+    });
+
+    try {
+      expect(constructorOptions[0]).toMatchObject({
+        noServer: true,
+        maxPayload: canvasLiveReloadMaxInboundMessageBytes,
+      });
+      const socketHandlers: string[] = [];
+      const socket: TrackingWebSocket = {
+        sent: [],
+        on: (event) => {
+          socketHandlers.push(event);
+          return socket;
+        },
+        send: vi.fn(),
+      };
+      expect(connectionHandler).toBeDefined();
+      connectionHandler?.(socket);
+      expect(socketHandlers).toEqual(expect.arrayContaining(["error", "close"]));
+    } finally {
+      await handler.close();
+    }
+  });
+
  it("falls back to the default mount when the configured base path is malformed", async () => {
    const dir = await createCaseDir();
    await fs.writeFile(path.join(dir, "index.html"), "<html><body>fallback</body></html>", "utf8");
--- a/extensions/canvas/src/host/server.ts
+++ b/extensions/canvas/src/host/server.ts
@@ -30,6 +30,8 @@ import {
 } from "./a2ui-shared.js";
 import { normalizeUrlPath, resolveFileWithinRoot } from "./file-resolver.js";

+export const CANVAS_LIVE_RELOAD_MAX_INBOUND_MESSAGE_BYTES = 64 * 1024;
+
 type ChokidarWatch = typeof import("chokidar").watch;

 /** Options for Canvas host creation. */
@@ -276,11 +278,22 @@ export async function createCanvasHostHandler(
  const writeStabilityThresholdMs = testMode ? 12 : 75;
  const writePollIntervalMs = testMode ? 5 : 10;
  const WebSocketServerClass = opts.webSocketServerClass ?? WebSocketServer;
-  const wss = liveReload ? new WebSocketServerClass({ noServer: true }) : null;
+  const wss = liveReload
+    ? new WebSocketServerClass({
+        noServer: true,
+        // Live reload clients never need to send application payloads; cap frames
+        // before ws buffers oversized input on this long-lived upgrade route.
+        maxPayload: CANVAS_LIVE_RELOAD_MAX_INBOUND_MESSAGE_BYTES,
+      })
+    : null;
  const sockets = new Set<WebSocket>();
  if (wss) {
    wss.on("connection", (ws) => {
      sockets.add(ws);
+      // ws emits error for maxPayload rejections; close handles final cleanup.
+      ws.on("error", () => {
+        sockets.delete(ws);
+      });
      ws.on("close", () => sockets.delete(ws));
    });
  }
--- a/extensions/codex/src/app-server/attempt-context.ts
+++ b/extensions/codex/src/app-server/attempt-context.ts
@@ -15,6 +15,7 @@ import {
  type EmbeddedRunAttemptResult,
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { resolveAgentWorkspaceDir } from "openclaw/plugin-sdk/agent-runtime";
+import { buildMemorySystemPromptAddition } from "openclaw/plugin-sdk/core";
 import type { CodexDynamicToolSpec, JsonValue } from "./protocol.js";
 import { isJsonObject } from "./protocol.js";
 import type { CodexAppServerThreadBinding } from "./session-binding.js";
@@ -249,9 +250,11 @@ export async function buildCodexWorkspaceBootstrapContext(params: {
        turnScopedDeveloperInstructionFiles,
      ),
      memoryCollaborationInstructions: shouldInjectCodexOpenClawPromptContext(params.params)
-        ? renderCodexWorkspaceMemoryReference({
+        ? renderCodexWorkspaceMemoryCollaborationInstructions({
            files: memoryReferenceFiles,
            toolNames: params.memoryToolNames,
+            memoryToolRouted: memoryToolsAvailable,
+            citationsMode: params.params.config?.memory?.citations,
          })
        : undefined,
      heartbeatCollaborationInstructions:
@@ -805,6 +808,55 @@ export function renderCodexWorkspaceMemoryReference(params: {
  return lines.join("\n").trim();
 }

+function renderCodexWorkspaceMemoryCollaborationInstructions(params: {
+  files: EmbeddedContextFile[];
+  toolNames: readonly string[];
+  memoryToolRouted: boolean;
+  citationsMode?: Parameters<typeof buildMemorySystemPromptAddition>[0]["citationsMode"];
+}): string | undefined {
+  const memoryRecallInstructions = params.memoryToolRouted
+    ? renderCodexMemoryRecallInstructions({
+        toolNames: params.toolNames,
+        citationsMode: params.citationsMode,
+      })
+    : undefined;
+  const memoryReferenceInstructions = renderCodexWorkspaceMemoryReference({
+    files: params.files,
+    toolNames: params.toolNames,
+  });
+  const sections = [memoryRecallInstructions, memoryReferenceInstructions].filter(isNonEmptyString);
+  return sections.length > 0 ? sections.join("\n\n") : undefined;
+}
+
+function renderCodexMemoryRecallInstructions(params: {
+  toolNames: readonly string[];
+  citationsMode?: Parameters<typeof buildMemorySystemPromptAddition>[0]["citationsMode"];
+}): string | undefined {
+  const availableTools = new Set(params.toolNames);
+  const memoryPrompt = buildMemorySystemPromptAddition({
+    availableTools,
+    citationsMode: params.citationsMode,
+  });
+  if (!memoryPrompt) {
+    // Memory recall policy belongs to the active memory plugin.
+    // Codex-side fallback text can mask plugin lifecycle bugs or misdescribe third-party memory tools.
+    return undefined;
+  }
+  const toolSearchBridge = renderCodexMemoryToolSearchBridge(params.toolNames);
+  return [memoryPrompt, toolSearchBridge].filter(isNonEmptyString).join("\n").trim();
+}
+
+function renderCodexMemoryToolSearchBridge(toolNames: readonly string[]): string | undefined {
+  const memoryToolNames = toolNames
+    .map((name) => normalizeCodexDynamicToolName(name))
+    .filter((name) => CODEX_MEMORY_TOOL_NAMES.has(name))
+    .toSorted();
+  if (memoryToolNames.length === 0) {
+    return undefined;
+  }
+  return `Codex may expose ${memoryToolNames.join(" and ")} as deferred tools. When the memory guidance above calls for memory recall, use an already-loaded memory tool directly. If the needed memory tool is deferred and not currently callable, use \`tool_search\` to load it, then call that memory tool.`;
+}
+
 /** Returns whether the current dynamic tool list can serve workspace memory. */
 export function hasCodexWorkspaceMemoryTools(tools: readonly { name: string }[]): boolean {
  return getCodexWorkspaceMemoryToolNames(tools).length > 0;
--- a/extensions/codex/src/app-server/run-attempt-test-harness.ts
+++ b/extensions/codex/src/app-server/run-attempt-test-harness.ts
@@ -10,6 +10,7 @@ import {
 } from "openclaw/plugin-sdk/agent-harness-runtime";
 import { resetDiagnosticEventsForTest } from "openclaw/plugin-sdk/diagnostic-runtime";
 import { clearInternalHooks, resetGlobalHookRunner } from "openclaw/plugin-sdk/hook-runtime";
+import { clearMemoryPluginState } from "openclaw/plugin-sdk/memory-core-host-runtime-core";
 import { clearPluginCommands } from "openclaw/plugin-sdk/plugin-runtime";
 import { resolvePreferredOpenClawTmpDir } from "openclaw/plugin-sdk/temp-path";
 import { afterEach, beforeEach, expect, vi } from "vitest";
@@ -495,6 +496,7 @@ export function setupRunAttemptTestHooks(): void {
  beforeEach(async () => {
    vi.useRealTimers();
    clearInternalHooks();
+    clearMemoryPluginState();
    resetAgentEventsForTest();
    resetDiagnosticEventsForTest();
    vi.stubEnv("OPENCLAW_TRAJECTORY", "0");
@@ -512,6 +514,7 @@ export function setupRunAttemptTestHooks(): void {
    testing.clearPendingCodexNativeHookRelayUnregistersForTests();
    resetCodexRateLimitCacheForTests();
    nativeHookRelayTesting.clearNativeHookRelaysForTests();
+    clearMemoryPluginState();
    clearPluginCommands();
    resetAgentEventsForTest();
    resetDiagnosticEventsForTest();
--- a/extensions/codex/src/app-server/run-attempt.test.ts
+++ b/extensions/codex/src/app-server/run-attempt.test.ts
@@ -12,6 +12,7 @@ import {
  type DiagnosticEventPayload,
 } from "openclaw/plugin-sdk/diagnostic-runtime";
 import { initializeGlobalHookRunner, registerInternalHook } from "openclaw/plugin-sdk/hook-runtime";
+import { registerMemoryCapability } from "openclaw/plugin-sdk/memory-core-host-runtime-core";
 import { registerPluginCommand } from "openclaw/plugin-sdk/plugin-runtime";
 import { createMockPluginRegistry } from "openclaw/plugin-sdk/plugin-test-runtime";
 import { describe, expect, it, vi } from "vitest";
@@ -397,6 +398,37 @@ function createRuntimeDynamicTool(name: string): RuntimeDynamicToolForTest {
  };
 }

+function registerMemoryPromptForTest() {
+  registerMemoryCapability("memory-core", {
+    promptBuilder({ availableTools }) {
+      const hasMemorySearch = availableTools.has("memory_search");
+      const hasMemoryGet = availableTools.has("memory_get");
+      if (hasMemorySearch && hasMemoryGet) {
+        return [
+          "## Memory Recall",
+          "Test recall: run memory_search on MEMORY.md + memory/*.md + indexed session transcripts; then use memory_get.",
+          "",
+        ];
+      }
+      if (hasMemorySearch) {
+        return [
+          "## Memory Recall",
+          "Test recall: run memory_search on MEMORY.md + memory/*.md + indexed session transcripts.",
+          "",
+        ];
+      }
+      if (hasMemoryGet) {
+        return [
+          "## Memory Recall",
+          "Test recall: run memory_get for a specific memory file or note.",
+          "",
+        ];
+      }
+      return [];
+    },
+  });
+}
+
 function buildEmptyCodexToolTelemetry(): CodexAppServerToolTelemetry {
  return {
    didSendViaMessagingTool: false,
@@ -2203,6 +2235,7 @@ describe("runCodexAppServerAttempt", () => {
    await fs.writeFile(path.join(workspaceDir, "TOOLS.md"), toolGuidance);
    await fs.writeFile(path.join(workspaceDir, "USER.md"), userProfile);
    await fs.writeFile(path.join(workspaceDir, "MEMORY.md"), memorySummary);
+    registerMemoryPromptForTest();
    testing.setOpenClawCodingToolsFactoryForTests(() => [
      createRuntimeDynamicTool("memory_search"),
      createRuntimeDynamicTool("memory_get"),
@@ -2236,12 +2269,20 @@ describe("runCodexAppServerAttempt", () => {
    expect(collaborationInstructions).toContain(identityGuidance);
    expect(collaborationInstructions).not.toContain(toolGuidance);
    expect(collaborationInstructions).toContain(userProfile);
+    expect(collaborationInstructions).toContain("## Memory Recall");
+    expect(collaborationInstructions).toContain("MEMORY.md + memory/*.md");
    expect(collaborationInstructions).toContain("OpenClaw Workspace Memory");
    expect(collaborationInstructions).toContain(
      "MEMORY.md exists in the active agent workspace as a memory file, not an instruction file",
    );
    expect(collaborationInstructions).toContain("memory_search");
    expect(collaborationInstructions).toContain("memory_get");
+    expect(collaborationInstructions).toContain(
+      "When the memory guidance above calls for memory recall, use an already-loaded memory tool directly.",
+    );
+    expect(collaborationInstructions).toContain(
+      "If the needed memory tool is deferred and not currently callable, use `tool_search` to load it, then call that memory tool.",
+    );
    expect(collaborationInstructions).not.toContain(memorySummary);
    expect(inputText).not.toContain("OpenClaw runtime context for this turn:");
    expect(inputText).not.toContain("does not override Codex system/developer instructions");
@@ -2297,6 +2338,65 @@ describe("runCodexAppServerAttempt", () => {
    });
  });

+  it("adds memory recall guidance when dated memory notes exist without root MEMORY.md", async () => {
+    const sessionFile = path.join(tempDir, "session.jsonl");
+    const workspaceDir = path.join(tempDir, "workspace");
+    const datedMemory = "User avoids Chase cards while over 5/24.";
+    await fs.mkdir(path.join(workspaceDir, "memory"), { recursive: true });
+    await fs.writeFile(path.join(workspaceDir, "memory/2026-06-09.md"), datedMemory);
+    registerMemoryPromptForTest();
+    testing.setOpenClawCodingToolsFactoryForTests(() => [
+      createRuntimeDynamicTool("memory_search"),
+      createRuntimeDynamicTool("memory_get"),
+    ]);
+    const params = createParams(sessionFile, workspaceDir);
+    params.disableTools = false;
+    params.runtimePlan = createCodexRuntimePlanFixture();
+    setAgentWorkspaceForTest(params, workspaceDir);
+
+    const { collaborationInstructions, inputText } = await buildCodexTurnContextForTest(
+      params,
+      workspaceDir,
+    );
+
+    expect(collaborationInstructions).toContain("## Memory Recall");
+    expect(collaborationInstructions).toContain("MEMORY.md + memory/*.md");
+    expect(collaborationInstructions).toContain("memory_search");
+    expect(collaborationInstructions).toContain("memory_get");
+    expect(collaborationInstructions).not.toContain("OpenClaw Workspace Memory");
+    expect(collaborationInstructions).not.toContain(datedMemory);
+    expect(inputText).toBe("hello");
+    expect(inputText).not.toContain(datedMemory);
+  });
+
+  it("does not synthesize memory recall guidance without a registered memory prompt builder", async () => {
+    const sessionFile = path.join(tempDir, "session.jsonl");
+    const workspaceDir = path.join(tempDir, "workspace");
+    const memorySummary = "User avoids Chase cards while over 5/24.";
+    await fs.mkdir(workspaceDir, { recursive: true });
+    await fs.writeFile(path.join(workspaceDir, "MEMORY.md"), memorySummary);
+    testing.setOpenClawCodingToolsFactoryForTests(() => [
+      createRuntimeDynamicTool("memory_search"),
+      createRuntimeDynamicTool("memory_get"),
+    ]);
+    const params = createParams(sessionFile, workspaceDir);
+    params.disableTools = false;
+    params.runtimePlan = createCodexRuntimePlanFixture();
+    setAgentWorkspaceForTest(params, workspaceDir);
+
+    const { collaborationInstructions, inputText } = await buildCodexTurnContextForTest(
+      params,
+      workspaceDir,
+    );
+
+    expect(collaborationInstructions).not.toContain("## Memory Recall");
+    expect(collaborationInstructions).toContain("OpenClaw Workspace Memory");
+    expect(collaborationInstructions).not.toContain("Use `tool_search` first");
+    expect(collaborationInstructions).not.toContain(memorySummary);
+    expect(inputText).toBe("hello");
+    expect(inputText).not.toContain(memorySummary);
+  });
+
  it("sends workspace bootstrap instructions through Codex app-server payloads", async () => {
    const sessionFile = path.join(tempDir, "session.jsonl");
    const workspaceDir = path.join(tempDir, "workspace");
@@ -2405,6 +2505,7 @@ describe("runCodexAppServerAttempt", () => {
    const memorySummary = "Memory summary goes here.";
    await fs.mkdir(workspaceDir, { recursive: true });
    await fs.writeFile(path.join(workspaceDir, "MEMORY.md"), memorySummary);
+    registerMemoryPromptForTest();
    testing.setOpenClawCodingToolsFactoryForTests(() => [createRuntimeDynamicTool("memory_get")]);
    const params = createParams(sessionFile, workspaceDir);
    params.disableTools = false;
@@ -2417,6 +2518,7 @@ describe("runCodexAppServerAttempt", () => {
    expect(inputText).not.toContain("memory_get");
    expect(inputText).not.toContain("memory_search");
    expect(inputText).not.toContain(memorySummary);
+    expect(collaborationInstructions).toContain("## Memory Recall");
    expect(collaborationInstructions).toContain("OpenClaw Workspace Memory");
    expect(collaborationInstructions).toContain("memory_get");
    expect(collaborationInstructions).not.toContain("memory_search");
@@ -2595,6 +2697,7 @@ describe("runCodexAppServerAttempt", () => {
    const memorySummary = "Memory summary goes here.";
    await fs.mkdir(workspaceDir, { recursive: true });
    await fs.writeFile(path.join(workspaceDir, "MEMORY.md"), memorySummary);
+    registerMemoryPromptForTest();
    testing.setOpenClawCodingToolsFactoryForTests(() => [
      createRuntimeDynamicTool("memory_search"),
      createRuntimeDynamicTool("memory_get"),
@@ -2604,10 +2707,10 @@ describe("runCodexAppServerAttempt", () => {
    params.runtimePlan = createCodexRuntimePlanFixture();
    setAgentWorkspaceForTest(params, path.join(tempDir, "memory-workspace"));

-    const { inputText, systemPromptReport } = await buildCodexTurnContextForTest(
-      params,
-      workspaceDir,
-    );
+    const { collaborationInstructions, inputText, systemPromptReport } =
+      await buildCodexTurnContextForTest(params, workspaceDir);
+    expect(collaborationInstructions).not.toContain("## Memory Recall");
+    expect(collaborationInstructions).not.toContain("OpenClaw Workspace Memory");
    expect(inputText).not.toContain("OpenClaw Workspace Memory");
    expect(inputText).toContain(memorySummary);

--- a/extensions/codex/src/app-server/sandbox-exec-server.test.ts
+++ b/extensions/codex/src/app-server/sandbox-exec-server.test.ts
@@ -1,6 +1,7 @@
 // Codex tests cover sandbox exec server plugin behavior.
 import { afterEach, describe, expect, it, vi } from "vitest";
 import {
+  CODEX_SANDBOX_EXEC_SERVER_MAX_INBOUND_MESSAGE_BYTES,
  closeCodexSandboxExecServersForTests,
  ensureCodexSandboxExecServerEnvironment,
  releaseCodexSandboxExecServerEnvironment,
@@ -191,6 +192,22 @@ describe("OpenClaw Codex sandbox exec-server", () => {
    socket.close();
  });

+  it("closes oversized sandbox exec-server frames before JSON-RPC parsing", async () => {
+    const sandbox = createSandboxContext({});
+    const client = createClient();
+
+    await ensureCodexSandboxExecServerEnvironment({
+      client: client as never,
+      sandbox,
+    });
+    const socket = await openSocket(execServerUrlFromClient(client));
+    const closed = waitForSocketClose(socket);
+
+    socket.send(Buffer.alloc(CODEX_SANDBOX_EXEC_SERVER_MAX_INBOUND_MESSAGE_BYTES + 1));
+
+    await expect(closed).resolves.toEqual({ code: 1009 });
+  });
+
  it("rejects unsupported arg0 overrides instead of dropping them", async () => {
    const buildExecSpec = vi.fn(async () => ({
      argv: [process.execPath, "-e", ""],
@@ -441,6 +458,26 @@ describe("OpenClaw Codex sandbox exec-server", () => {
    await expect(waitForSocketClose(socket)).resolves.toEqual({ code: 1008 });
  });

+  it("handles oversized frames from unauthorized WebSocket clients", async () => {
+    const sandbox = createSandboxContext({});
+    const client = createClient();
+    await ensureCodexSandboxExecServerEnvironment({
+      client: client as never,
+      sandbox,
+    });
+    const unauthorizedUrl = execServerUrlFromClient(client).replace(
+      /\/openclaw-[^/?#]+/u,
+      "/wrong",
+    );
+    const socket = await openSocket(unauthorizedUrl);
+    const closed = waitForSocketClose(socket);
+
+    socket.send(Buffer.alloc(CODEX_SANDBOX_EXEC_SERVER_MAX_INBOUND_MESSAGE_BYTES + 1));
+
+    const closeResult = await closed;
+    expect([1008, 1009]).toContain(closeResult.code);
+  });
+
  it("closes the exec-server when its sandbox environment is released", async () => {
    const sandbox = createSandboxContext({});
    const client = createClient();
--- a/extensions/codex/src/app-server/sandbox-exec-server.ts
+++ b/extensions/codex/src/app-server/sandbox-exec-server.ts
@@ -48,6 +48,7 @@ export type CodexSandboxExecEnvironment = {
 };

 const SANDBOX_EXEC_SERVERS = new Map<string, Promise<OpenClawExecServer>>();
+export const CODEX_SANDBOX_EXEC_SERVER_MAX_INBOUND_MESSAGE_BYTES = 100 * 1024 * 1024;

 /** Closes all cached sandbox exec-server instances for deterministic tests. */
 export async function closeCodexSandboxExecServersForTests(): Promise<void> {
@@ -193,7 +194,13 @@ function startAndRememberOpenClawExecServer(sandbox: SandboxContext): Promise<Op
 }

 async function startOpenClawExecServer(sandbox: SandboxContext): Promise<OpenClawExecServer> {
-  const server = new WebSocketServer({ host: "127.0.0.1", port: 0 });
+  const server = new WebSocketServer({
+    host: "127.0.0.1",
+    port: 0,
+    // Match ws' historical default: Codex fs/writeFile sends one base64 JSON-RPC
+    // frame, while the socket error handler below makes oversize frames nonfatal.
+    maxPayload: CODEX_SANDBOX_EXEC_SERVER_MAX_INBOUND_MESSAGE_BYTES,
+  });
  await once(server, "listening");
  const address = server.address();
  if (!address || typeof address === "string") {
@@ -212,6 +219,8 @@ async function startOpenClawExecServer(sandbox: SandboxContext): Promise<OpenCla
    server,
  };
  server.on("connection", (socket, request) => {
+    // ws emits error for maxPayload rejections before auth or JSON-RPC sees the frame.
+    socket.on("error", handleExecServerSocketError);
    if (!isAuthorizedExecServerRequest(execServer, request)) {
      socket.close(1008, "unauthorized");
      return;
@@ -286,6 +295,10 @@ function handleConnection(execServer: OpenClawExecServer, socket: WebSocket): vo
  });
 }

+function handleExecServerSocketError(error: unknown): void {
+  embeddedAgentLog.debug("codex sandbox exec-server websocket failed", { error });
+}
+
 async function handleMessage(
  execServer: OpenClawExecServer,
  processes: Map<string, ManagedProcess>,
--- a/extensions/diagnostics-otel/src/service.test.ts
+++ b/extensions/diagnostics-otel/src/service.test.ts
@@ -171,6 +171,7 @@ import {
  type DiagnosticEventPrivateData,
 } from "openclaw/plugin-sdk/diagnostic-runtime";
 import {
+  emitDiagnosticEventWithTrustedTraceContext,
  emitInternalDiagnosticEventForTest,
  logMessageDispatchStarted,
  logMessageProcessed,
@@ -362,7 +363,11 @@ function histogramCreateOptions(name: string) {

 async function emitAndCaptureLog(
  event: Omit<Extract<Parameters<typeof emitDiagnosticEvent>[0], { type: "log.record" }>, "type">,
-  options: { captureContent?: OtelContextFlags["captureContent"]; trusted?: boolean } = {},
+  options: {
+    captureContent?: OtelContextFlags["captureContent"];
+    trusted?: boolean;
+    trustedTraceContext?: boolean;
+  } = {},
 ) {
  const service = createDiagnosticsOtelService();
  const ctx = createOtelContext(OTEL_TEST_ENDPOINT, {
@@ -370,7 +375,11 @@ async function emitAndCaptureLog(
    ...(options.captureContent !== undefined ? { captureContent: options.captureContent } : {}),
  });
  await service.start(ctx);
-  const emit = options.trusted ? emitTrustedDiagnosticEvent : emitDiagnosticEvent;
+  const emit = options.trusted
+    ? emitTrustedDiagnosticEvent
+    : options.trustedTraceContext
+      ? emitDiagnosticEventWithTrustedTraceContext
+      : emitDiagnosticEvent;
  emit({
    type: "log.record",
    ...event,
@@ -1391,6 +1400,28 @@ describe("diagnostics-otel service", () => {
    expect(emitCall?.context).toBeUndefined();
  });

+  test("attaches trace-only trusted context to exported logs", async () => {
+    const emitCall = await emitAndCaptureLog(
+      {
+        level: "INFO",
+        message: "traceable log",
+        trace: {
+          traceId: TRACE_ID,
+          spanId: SPAN_ID,
+          traceFlags: "01",
+        },
+      },
+      { trustedTraceContext: true },
+    );
+
+    expect(emitCall?.body).toBe("log");
+    expect(telemetryState.tracer.setSpanContext).toHaveBeenCalledTimes(1);
+    const emitContext = emitCall?.context as { spanContext?: Record<string, unknown> } | undefined;
+    const emitSpanContext = emitContext?.spanContext;
+    expect(emitSpanContext?.traceId).toBe(TRACE_ID);
+    expect(emitSpanContext?.spanId).toBe(SPAN_ID);
+  });
+
  test("attaches trusted diagnostic trace context to exported logs", async () => {
    const emitCall = await emitAndCaptureLog(
      {
--- a/extensions/diagnostics-otel/src/service.ts
+++ b/extensions/diagnostics-otel/src/service.ts
@@ -1031,7 +1031,9 @@ function contextForTrustedTraceContext(
  evt: DiagnosticEventPayload,
  metadata: DiagnosticEventMetadata,
 ) {
-  return metadata.trusted ? contextForTraceContext(evt.trace) : undefined;
+  return metadata.trusted || metadata.trustedTraceContext === true
+    ? contextForTraceContext(evt.trace)
+    : undefined;
 }

 function addTraceAttributes(
@@ -1626,7 +1628,7 @@ export function createDiagnosticsOtelService(): OpenClawPluginService {
            if (evt.code?.functionName) {
              assignOtelLogAttribute(attributes, "code.function", evt.code.functionName);
            }
-            if (metadata.trusted) {
+            if (metadata.trusted || metadata.trustedTraceContext === true) {
              addTraceAttributes(attributes, evt.trace);
            }

--- a/extensions/discord/src/actions/runtime.messaging.send.ts
+++ b/extensions/discord/src/actions/runtime.messaging.send.ts
@@ -24,6 +24,75 @@ function hasDiscordComponentObjectKeys(value: unknown): value is Record<string,
  );
 }

+function readDiscordThreadArchiveTimestamp(thread: unknown): string | undefined {
+  if (!thread || typeof thread !== "object" || Array.isArray(thread)) {
+    return undefined;
+  }
+  const record = thread as Record<string, unknown>;
+  const metadata = record.thread_metadata;
+  if (metadata && typeof metadata === "object" && !Array.isArray(metadata)) {
+    const archiveTimestamp = (metadata as Record<string, unknown>).archive_timestamp;
+    if (typeof archiveTimestamp === "string" && archiveTimestamp.trim()) {
+      return archiveTimestamp;
+    }
+  }
+  return undefined;
+}
+
+type DiscordThreadListActionResult = {
+  ok: true;
+  threads: unknown;
+  complete: boolean;
+  hasMore: boolean;
+  returnedCount: number;
+  source: "discord.threadList.archived" | "discord.threadList.active";
+  query: {
+    guildId: string;
+    channelId?: string;
+    includeArchived: boolean;
+    before?: string;
+    limit?: number;
+  };
+  nextBefore?: string;
+};
+
+function normalizeDiscordThreadListActionResult(params: {
+  value: unknown;
+  includeArchived: boolean;
+  channelId?: string;
+  guildId: string;
+  limit?: number;
+  before?: string;
+}): DiscordThreadListActionResult {
+  const record =
+    params.value && typeof params.value === "object" && !Array.isArray(params.value)
+      ? (params.value as Record<string, unknown>)
+      : undefined;
+  const threadItems = Array.isArray(record?.threads) ? record.threads : [];
+  const hasMore = record?.has_more === true;
+  const nextBefore =
+    params.includeArchived && hasMore
+      ? readDiscordThreadArchiveTimestamp(threadItems[threadItems.length - 1])
+      : undefined;
+
+  return {
+    ok: true,
+    threads: params.value,
+    complete: !hasMore,
+    hasMore,
+    returnedCount: threadItems.length,
+    source: params.includeArchived ? "discord.threadList.archived" : "discord.threadList.active",
+    query: {
+      guildId: params.guildId,
+      ...(params.channelId ? { channelId: params.channelId } : {}),
+      includeArchived: params.includeArchived,
+      ...(params.before ? { before: params.before } : {}),
+      ...(params.limit !== undefined ? { limit: params.limit } : {}),
+    },
+    ...(nextBefore ? { nextBefore } : {}),
+  };
+}
+
 async function appendDiscordThreadRenameResult(
  ctx: DiscordMessagingActionContext,
  params: {
@@ -306,7 +375,16 @@ export async function handleDiscordMessageSendAction(ctx: DiscordMessagingAction
        },
        ctx.withOpts(),
      );
-      return jsonResult({ ok: true, threads });
+      return jsonResult(
+        normalizeDiscordThreadListActionResult({
+          value: threads,
+          guildId,
+          channelId,
+          includeArchived: includeArchived === true,
+          before,
+          limit,
+        }),
+      );
    }
    case "threadReply": {
      if (!ctx.isActionEnabled("threads")) {
--- a/extensions/discord/src/actions/runtime.test.ts
+++ b/extensions/discord/src/actions/runtime.test.ts
@@ -101,6 +101,7 @@ const {
  kickMemberDiscord,
  listGuildChannelsDiscord,
  listPinsDiscord,
+  listThreadsDiscord,
  moveChannelDiscord,
  reactMessageDiscord,
  readMessagesDiscord,
@@ -271,6 +272,138 @@ describe("handleDiscordMessagingAction", () => {
    ]);
  });

+  it("surfaces incomplete archived thread pages at the action boundary", async () => {
+    listThreadsDiscord.mockResolvedValueOnce({
+      threads: [
+        {
+          id: "thread-1",
+          name: "Old project",
+          thread_metadata: {
+            archive_timestamp: "2026-05-25T17:00:00.000Z",
+          },
+        },
+      ],
+      members: [],
+      has_more: true,
+    });
+
+    const result = await handleMessagingAction(
+      "threadList",
+      {
+        guildId: "G1",
+        channelId: "C1",
+        includeArchived: true,
+        before: "2026-05-26T17:00:00.000Z",
+        limit: 1,
+      },
+      enableAllActions,
+    );
+
+    expect(mockCall(listThreadsDiscord, "listThreadsDiscord")).toEqual([
+      {
+        guildId: "G1",
+        channelId: "C1",
+        includeArchived: true,
+        before: "2026-05-26T17:00:00.000Z",
+        limit: 1,
+      },
+      { cfg: DISCORD_TEST_CFG },
+    ]);
+    expect(result.details).toMatchObject({
+      ok: true,
+      complete: false,
+      hasMore: true,
+      returnedCount: 1,
+      source: "discord.threadList.archived",
+      nextBefore: "2026-05-25T17:00:00.000Z",
+      query: {
+        guildId: "G1",
+        channelId: "C1",
+        includeArchived: true,
+        before: "2026-05-26T17:00:00.000Z",
+        limit: 1,
+      },
+    });
+    expect((result.details as { threads?: unknown }).threads).toEqual({
+      threads: [
+        {
+          id: "thread-1",
+          name: "Old project",
+          thread_metadata: {
+            archive_timestamp: "2026-05-25T17:00:00.000Z",
+          },
+        },
+      ],
+      members: [],
+      has_more: true,
+    });
+  });
+
+  it("omits archived thread pagination cursors when Discord omits archive timestamps", async () => {
+    listThreadsDiscord.mockResolvedValueOnce({
+      threads: [
+        {
+          id: "thread-without-archive-timestamp",
+          name: "Legacy project",
+        },
+      ],
+      members: [],
+      has_more: true,
+    });
+
+    const result = await handleMessagingAction(
+      "threadList",
+      {
+        guildId: "G1",
+        channelId: "C1",
+        includeArchived: true,
+        limit: 1,
+      },
+      enableAllActions,
+    );
+
+    expect(result.details).toMatchObject({
+      ok: true,
+      complete: false,
+      hasMore: true,
+      returnedCount: 1,
+      source: "discord.threadList.archived",
+    });
+    expect(result.details).not.toHaveProperty("nextBefore");
+  });
+
+  it("marks active thread results complete when Discord returns no pagination state", async () => {
+    listThreadsDiscord.mockResolvedValueOnce({
+      threads: [{ id: "thread-active", name: "Current project" }],
+      members: [{ id: "member-1" }],
+    });
+
+    const result = await handleMessagingAction(
+      "threadList",
+      {
+        guildId: "G1",
+      },
+      enableAllActions,
+    );
+
+    expect(result.details).toMatchObject({
+      ok: true,
+      complete: true,
+      hasMore: false,
+      returnedCount: 1,
+      source: "discord.threadList.active",
+      query: {
+        guildId: "G1",
+        includeArchived: false,
+      },
+    });
+    expect((result.details as { threads?: unknown }).threads).toEqual({
+      threads: [{ id: "thread-active", name: "Current project" }],
+      members: [{ id: "member-1" }],
+    });
+    expect(result.details).not.toHaveProperty("nextBefore");
+  });
+
  it("resolves Discord DM targets for reaction adds", async () => {
    const resolveReactionTarget = vi.fn(async () => "DM1");
    discordMessagingActionRuntime.resolveDiscordReactionTargetChannelId = resolveReactionTarget;
--- a/extensions/discord/src/config-schema.test.ts
+++ b/extensions/discord/src/config-schema.test.ts
@@ -91,11 +91,11 @@ describe("discord config schema", () => {
    expect(cfg.accounts?.noisy?.suppressEmbeds).toBe(false);
  });

-  it("rejects Telegram-only native tool-progress draft config", () => {
+  it("rejects unknown preview config keys", () => {
    const issues = expectInvalidDiscordConfig({
      streaming: {
        preview: {
-          nativeToolProgress: true,
+          unknownPreviewFlag: true,
        },
      },
    });
--- a/extensions/feishu/src/client.test.ts
+++ b/extensions/feishu/src/client.test.ts
@@ -386,6 +386,31 @@ describe("createFeishuClient HTTP timeout", () => {
      timeout: 45_000,
    });
  });
+
+  it("evicts client cache when SDK is replaced via setFeishuClientRuntimeForTest (#83911)", () => {
+    const ctorCountA = clientCtorMock.mock.calls.length;
+
+    // First client gets cached
+    createFeishuClient({ appId: "app_7", appSecret: "secret_7", accountId: "cache-clear-test" }); // pragma: allowlist secret
+    expect(clientCtorMock.mock.calls.length).toBe(ctorCountA + 1);
+
+    // SDK swap via setFeishuClientRuntimeForTest should clear the cache
+    setFeishuClientRuntimeForTest({
+      sdk: {
+        AppType: { SelfBuild: "self" } as never,
+        Client: clientCtorMock as never,
+        Domain: { Feishu: "https://open.feishu.cn", Lark: "https://open.larksuite.com" } as never,
+        LoggerLevel: { info: "info" } as never,
+        WSClient: vi.fn() as never,
+        EventDispatcher: vi.fn() as never,
+        defaultHttpInstance: mockBaseHttpInstance as never,
+      },
+    });
+
+    // Same credentials — would hit cache before the fix; now evicted
+    createFeishuClient({ appId: "app_7", appSecret: "secret_7", accountId: "cache-clear-test" }); // pragma: allowlist secret
+    expect(clientCtorMock.mock.calls.length).toBe(ctorCountA + 2);
+  });
 });

 describe("createFeishuWSClient proxy handling", () => {
--- a/extensions/feishu/src/client.ts
+++ b/extensions/feishu/src/client.ts
@@ -260,4 +260,5 @@ export function setFeishuClientRuntimeForTest(overrides?: {
  feishuClientSdk = overrides?.sdk
    ? { ...defaultFeishuClientSdk, ...overrides.sdk }
    : defaultFeishuClientSdk;
+  clearClientCache();
 }
--- a/extensions/fireworks/index.test.ts
+++ b/extensions/fireworks/index.test.ts
@@ -144,19 +144,19 @@ describe("fireworks provider plugin", () => {
    expect(resolved?.reasoning).toBe(false);
  });

-  it("disables reasoning metadata for Fireworks Kimi k2.6 dynamic models", async () => {
+  it("defers manifest catalog models to core static-catalog resolution", async () => {
    const provider = await registerSingleProviderPlugin(fireworksPlugin);
-    const resolved = provider.resolveDynamicModel?.(
-      createProviderDynamicModelContext({
-        provider: "fireworks",
-        modelId: "accounts/fireworks/models/kimi-k2p6",
-        models: [createFireworksDefaultRuntimeModel({ reasoning: false })],
-      }),
-    );
+    for (const modelId of [FIREWORKS_K2_6_MODEL_ID, FIREWORKS_DEFAULT_MODEL_ID]) {
+      const resolved = provider.resolveDynamicModel?.(
+        createProviderDynamicModelContext({
+          provider: "fireworks",
+          modelId,
+          models: [createFireworksDefaultRuntimeModel({ reasoning: false })],
+        }),
+      );

-    expect(resolved?.provider).toBe("fireworks");
-    expect(resolved?.id).toBe("accounts/fireworks/models/kimi-k2p6");
-    expect(resolved?.reasoning).toBe(false);
+      expect(resolved).toBeUndefined();
+    }
  });

  it("exposes off-only thinking policy for Fireworks Kimi models", async () => {
--- a/extensions/fireworks/index.ts
+++ b/extensions/fireworks/index.ts
@@ -15,11 +15,13 @@ import {
  FIREWORKS_DEFAULT_CONTEXT_WINDOW,
  FIREWORKS_DEFAULT_MAX_TOKENS,
  FIREWORKS_DEFAULT_MODEL_ID,
+  isFireworksCatalogModelId,
 } from "./provider-catalog.js";
 import { wrapFireworksProviderStream } from "./stream.js";
 import { resolveFireworksThinkingProfile } from "./thinking-policy.js";

 const PROVIDER_ID = "fireworks";
+
 function isFireworksGlmModelId(modelId: string): boolean {
  const normalized = modelId.trim().toLowerCase();
  const lastSegment = normalized.split("/").pop() ?? normalized;
@@ -35,6 +37,11 @@ function resolveFireworksDynamicModel(ctx: ProviderResolveDynamicModelContext) {
  if (!modelId) {
    return undefined;
  }
+
+  if (isFireworksCatalogModelId(modelId)) {
+    return undefined;
+  }
+
  const isKimiModel = isFireworksKimiModelId(modelId);
  const input = resolveFireworksDynamicInput(modelId);

--- a/extensions/fireworks/openclaw.plugin.json
+++ b/extensions/fireworks/openclaw.plugin.json
@@ -37,6 +37,7 @@
          {
            "id": "accounts/fireworks/models/kimi-k2p6",
            "name": "Kimi K2.6",
+            "reasoning": false,
            "input": ["text", "image"],
            "contextWindow": 262144,
            "maxTokens": 262144,
@@ -50,6 +51,7 @@
          {
            "id": "accounts/fireworks/routers/kimi-k2p5-turbo",
            "name": "Kimi K2.5 Turbo (Fire Pass)",
+            "reasoning": false,
            "input": ["text", "image"],
            "contextWindow": 256000,
            "maxTokens": 256000,
--- a/extensions/fireworks/provider-catalog.ts
+++ b/extensions/fireworks/provider-catalog.ts
@@ -31,16 +31,12 @@ export const FIREWORKS_DEFAULT_MAX_TOKENS = FIREWORKS_DEFAULT_MODEL.maxTokens;
 export const FIREWORKS_K2_6_CONTEXT_WINDOW = FIREWORKS_K2_6_MODEL.contextWindow;
 export const FIREWORKS_K2_6_MAX_TOKENS = FIREWORKS_K2_6_MODEL.maxTokens;

-function cloneFireworksCatalogModel(model: ModelDefinitionConfig): ModelDefinitionConfig {
-  return {
-    ...model,
-    input: [...model.input],
-    cost: { ...model.cost },
-  };
+export function isFireworksCatalogModelId(modelId: string): boolean {
+  return FIREWORKS_MANIFEST_PROVIDER.models.some((model) => model.id === modelId);
 }

 export function buildFireworksCatalogModels(): ModelDefinitionConfig[] {
-  return FIREWORKS_MANIFEST_PROVIDER.models.map(cloneFireworksCatalogModel);
+  return FIREWORKS_MANIFEST_PROVIDER.models.map((model) => structuredClone(model));
 }

 export function buildFireworksProvider(): ModelProviderConfig {
--- a/extensions/github-copilot/model-metadata.ts
+++ b/extensions/github-copilot/model-metadata.ts
@@ -56,6 +56,10 @@ function isCopilotGeminiModelId(modelId: string): boolean {
  return /(?:^|[-_.])gemini(?:$|[-_.])/.test(modelId);
 }

+function isCopilotClaude45ModelId(modelId: string): boolean {
+  return /^claude-(?:haiku|opus|sonnet)-4[.-]5(?:$|[-.])/.test(modelId);
+}
+
 export function resolveCopilotTransportApi(modelId: string): CopilotRuntimeApi {
  const normalized = normalizeOptionalLowercaseString(modelId) ?? "";
  if (normalized.includes("claude")) {
@@ -71,7 +75,15 @@ export function resolveCopilotModelCompat(
  modelId: string,
 ): ModelDefinitionConfig["compat"] | undefined {
  const normalized = normalizeOptionalLowercaseString(modelId) ?? "";
-  return isCopilotGeminiModelId(normalized) ? { ...COPILOT_CHAT_COMPLETIONS_COMPAT } : undefined;
+  if (isCopilotGeminiModelId(normalized)) {
+    return { ...COPILOT_CHAT_COMPLETIONS_COMPAT };
+  }
+  // Copilot's Claude 4.5 endpoints reject Anthropic's eager tool extension,
+  // while current Claude 4.6+ endpoints accept it.
+  if (isCopilotClaude45ModelId(normalized)) {
+    return { supportsEagerToolInputStreaming: false };
+  }
+  return undefined;
 }

 function compatSupportsEffort(
--- a/extensions/github-copilot/models.test.ts
+++ b/extensions/github-copilot/models.test.ts
@@ -90,8 +90,18 @@ describe("github-copilot model defaults", () => {
      const def = buildCopilotModelDefinition("claude-sonnet-4.6");
      expect(def.id).toBe("claude-sonnet-4.6");
      expect(def.api).toBe("anthropic-messages");
+      expect(def.compat).toBeUndefined();
    });

+    it.each(["claude-haiku-4.5", "claude-sonnet-4-5"])(
+      "disables eager tool streaming for Copilot Claude 4.5 model %s",
+      (modelId) => {
+        expect(buildCopilotModelDefinition(modelId).compat).toEqual({
+          supportsEagerToolInputStreaming: false,
+        });
+      },
+    );
+
    it("uses static metadata overrides for gpt-5.5 fallback rows", () => {
      const def = buildCopilotModelDefinition("gpt-5.5");
      expect(def).toEqual({
@@ -243,6 +253,12 @@ describe("resolveCopilotForwardCompatModel", () => {
    expect((result as unknown as Record<string, unknown>).input).toEqual(["text", "image"]);
  });

+  it("disables eager tool streaming for synthetic Copilot Claude 4.5 models", () => {
+    const result = requireResolvedModel(createMockCtx("claude-haiku-4.5"));
+    expect(result.api).toBe("anthropic-messages");
+    expect(result.compat).toEqual({ supportsEagerToolInputStreaming: false });
+  });
+
  it("creates synthetic Gemini models with Chat Completions compatibility", () => {
    const result = requireResolvedModel(createMockCtx("gemini-3.1-pro-preview"));
    expect((result as unknown as Record<string, unknown>).api).toBe("openai-completions");
@@ -620,6 +636,7 @@ describe("fetchCopilotModelCatalog", () => {
    const opus45 = out.find((m) => m.id === "claude-opus-4-5");
    expect(opus45?.thinkingLevelMap).toEqual({ xhigh: null, max: null });
    expect(opus45?.compat).toEqual({
+      supportsEagerToolInputStreaming: false,
      supportedReasoningEfforts: ["low", "medium", "high", "max"],
    });
  });
--- a/extensions/google/transport-stream.test.ts
+++ b/extensions/google/transport-stream.test.ts
@@ -913,6 +913,46 @@ describe("google transport stream", () => {
    expect(new Headers(guardedInit.headers).has("x-goog-api-key")).toBe(false);
  });

+  it("strips redundant google provider prefixes from Google Vertex model paths", async () => {
+    const tempDir = await mkdtemp(path.join(os.tmpdir(), "openclaw-google-vertex-prefix-"));
+    vi.stubEnv("HOME", path.join(tempDir, "home"));
+    vi.stubEnv("APPDATA", "");
+    vi.stubEnv("GOOGLE_CLOUD_PROJECT", "vertex-project");
+    vi.stubEnv("GOOGLE_CLOUD_LOCATION", "us-central1");
+    googleAuthGetAccessTokenMock.mockResolvedValueOnce("ya29.transport-token");
+    const tokenFetchMock = vi.fn();
+    guardedFetchMock.mockResolvedValueOnce(
+      buildSseResponse([
+        {
+          candidates: [{ content: { parts: [{ text: "ok" }] }, finishReason: "STOP" }],
+        },
+      ]),
+    );
+
+    const streamFn = createGoogleVertexTransportStreamFn();
+    const stream = await Promise.resolve(
+      streamFn(
+        buildGoogleVertexModel({ id: "google/gemini-3.1-pro-preview" }),
+        {
+          messages: [{ role: "user", content: "hello", timestamp: 0 }],
+        } as Parameters<typeof streamFn>[1],
+        {
+          apiKey: "gcp-vertex-credentials",
+          fetch: tokenFetchMock,
+        } as Parameters<typeof streamFn>[2],
+      ),
+    );
+    await stream.result();
+
+    // The provider prefix must be stripped from the Vertex model path, matching
+    // resolveGoogleModelPath; otherwise the id becomes models/google%2F... (404).
+    const guardedCall = requireMockCall(guardedFetchMock, 0, "guarded fetch");
+    expect(guardedCall[0]).toContain(
+      "/publishers/google/models/gemini-3.1-pro-preview:streamGenerateContent",
+    );
+    expect(guardedCall[0]).not.toContain("google%2F");
+  });
+
  it("refreshes authorized_user ADC before Google Vertex requests", async () => {
    const tempDir = await mkdtemp(path.join(os.tmpdir(), "openclaw-google-vertex-adc-"));
    const credentialsPath = path.join(tempDir, "application_default_credentials.json");
--- a/extensions/google/transport-stream.ts
+++ b/extensions/google/transport-stream.ts
@@ -391,7 +391,9 @@ function buildGoogleVertexRequestUrl(
 ): string {
  const project = encodeURIComponent(resolveGoogleVertexProject(options));
  const location = encodeURIComponent(resolveGoogleVertexLocation(options));
-  const modelId = encodeURIComponent(model.id);
+  // Mirror resolveGoogleModelPath: strip the google/ provider prefix so a
+  // provider-qualified id does not become an invalid models/google%2F... path.
+  const modelId = encodeURIComponent(stripGoogleProviderPrefix(model.id));
  const origin = resolveGoogleVertexBaseOrigin(model, decodeURIComponent(location));
  return `${origin}/${GOOGLE_VERTEX_DEFAULT_API_VERSION}/projects/${project}/locations/${location}/publishers/google/models/${modelId}:streamGenerateContent?alt=sse`;
 }
--- a/extensions/memory-core/index.ts
+++ b/extensions/memory-core/index.ts
@@ -29,6 +29,7 @@ type MemoryToolOptions = {
  agentId?: string;
  agentSessionKey?: string;
  sandboxed?: boolean;
+  oneShotCliRun?: boolean;
 };

 let memoryToolsModulePromise: Promise<MemoryToolsModule> | undefined;
@@ -154,6 +155,7 @@ function resolveMemoryToolOptions(ctx: OpenClawPluginToolContext): MemoryToolOpt
    agentId: ctx.agentId,
    agentSessionKey: ctx.sessionKey,
    sandboxed: ctx.sandboxed,
+    oneShotCliRun: ctx.oneShotCliRun,
  };
 }

--- a/extensions/memory-core/src/memory-tool-manager-mock.ts
+++ b/extensions/memory-core/src/memory-tool-manager-mock.ts
@@ -26,7 +26,7 @@ let workspaceDir = "/workspace";
 let customStatus: Record<string, unknown> | undefined;
 let searchImpl: SearchImpl = async () => [];
 let getManagerImpl:
-  | ((params: { cfg?: unknown; agentId?: string }) => Promise<{
+  | ((params: { cfg?: unknown; agentId?: string; purpose?: string }) => Promise<{
      manager?: unknown;
      error?: string;
    }>)
@@ -60,8 +60,9 @@ const stubManager = {
  close: vi.fn(),
 };

-const getMemorySearchManagerMock = vi.fn(async (params: { cfg?: unknown; agentId?: string }) =>
-  getManagerImpl ? await getManagerImpl(params) : { manager: stubManager },
+const getMemorySearchManagerMock = vi.fn(
+  async (params: { cfg?: unknown; agentId?: string; purpose?: string }) =>
+    getManagerImpl ? await getManagerImpl(params) : { manager: stubManager },
 );
 const readAgentMemoryFileMock = vi.fn(
  async (params: MemoryReadParams) => await readFileImpl(params),
@@ -97,7 +98,7 @@ export function setMemorySearchImpl(next: SearchImpl): void {
 }

 export function setMemorySearchManagerImpl(
-  next: (params: { cfg?: unknown; agentId?: string }) => Promise<{
+  next: (params: { cfg?: unknown; agentId?: string; purpose?: string }) => Promise<{
    manager?: unknown;
    error?: string;
  }>,
@@ -140,11 +141,19 @@ export function getMemorySyncMockCalls(): number {
  return stubManager.sync.mock.calls.length;
 }

+export function getMemoryCloseMockCalls(): number {
+  return stubManager.close.mock.calls.length;
+}
+
 export function getMemorySearchManagerMockConfigs(): unknown[] {
  return getMemorySearchManagerMock.mock.calls.map(([params]) => params.cfg);
 }

-export function getMemorySearchManagerMockParams(): Array<{ cfg?: unknown; agentId?: string }> {
+export function getMemorySearchManagerMockParams(): Array<{
+  cfg?: unknown;
+  agentId?: string;
+  purpose?: string;
+}> {
  return getMemorySearchManagerMock.mock.calls.map(([params]) => params);
 }

--- a/extensions/memory-core/src/memory/qmd-manager.test.ts
+++ b/extensions/memory-core/src/memory/qmd-manager.test.ts
@@ -797,6 +797,59 @@ describe("QmdMemoryManager", () => {
    await manager?.close();
  });

+  it("preserves blocking boot update freshness for one-shot CLI mode", async () => {
+    cfg = {
+      ...cfg,
+      memory: {
+        backend: "qmd",
+        qmd: {
+          includeDefaultMemory: false,
+          update: {
+            interval: "5m",
+            debounceMs: 60_000,
+            onBoot: true,
+            waitForBootSync: true,
+          },
+          paths: [{ path: workspaceDir, pattern: "**/*.md", name: "workspace" }],
+        },
+      },
+    } as OpenClawConfig;
+
+    const updateSpawned = createDeferred<void>();
+    let releaseUpdate: (() => void) | null = null;
+    spawnMock.mockImplementation((_cmd: string, args: string[]) => {
+      if (args[0] === "update") {
+        const child = createMockChild({ autoClose: false });
+        releaseUpdate = () => child.closeWith(0);
+        updateSpawned.resolve();
+        return child;
+      }
+      return createMockChild();
+    });
+
+    const createPromise = createManager({ mode: "cli" });
+    await updateSpawned.promise;
+    let created = false;
+    void createPromise.then(() => {
+      created = true;
+    });
+    await new Promise<void>((resolve) => {
+      setImmediate(resolve);
+    });
+    expect(created).toBe(false);
+    expect(watchMock).not.toHaveBeenCalled();
+
+    (releaseUpdate as (() => void) | null)?.();
+    const { manager } = await createPromise;
+    const updateCalls = spawnMock.mock.calls
+      .map((call: unknown[]) => call[1] as string[])
+      .filter((args: string[]) => args[0] === "update" || args[0] === "embed");
+    expect(updateCalls).toStrictEqual([["update"]]);
+    expect(watchMock).not.toHaveBeenCalled();
+
+    await manager?.close();
+  });
+
  it("keeps one-shot CLI searches from scheduling session-start updates", async () => {
    cfg = {
      ...cfg,
--- a/extensions/memory-core/src/memory/qmd-manager.ts
+++ b/extensions/memory-core/src/memory/qmd-manager.ts
@@ -497,6 +497,11 @@ export class QmdMemoryManager implements MemorySearchManager {

    await this.ensureCollections();
    if (mode === "cli") {
+      if (this.qmd.update.onBoot && this.qmd.update.waitForBootSync) {
+        await this.runUpdate("boot:cli", true).catch((err: unknown) => {
+          log.warn(`qmd cli boot update failed: ${String(err)}`);
+        });
+      }
      log.info(
        `qmd manager initialized for agent "${this.agentId}" mode=cli collections=${this.qmd.collections.length} durationMs=${Date.now() - startTime}`,
      );
--- a/extensions/memory-core/src/memory/search-manager.test.ts
+++ b/extensions/memory-core/src/memory/search-manager.test.ts
@@ -368,6 +368,30 @@ describe("getMemorySearchManager caching", () => {
    expect(searchResults).toHaveLength(1);
  });

+  it("returns the qmd startup failure when builtin fallback is unavailable", async () => {
+    const cfg = createQmdCfg("missing-qmd-no-builtin");
+    checkQmdBinaryAvailability.mockResolvedValueOnce({
+      available: false,
+      reason: "binary",
+      error: "spawn qmd ENOENT",
+    });
+    mockMemoryIndexGet.mockRejectedValueOnce(
+      new Error(
+        'Memory search unavailable: embedding provider "openai" is configured but unavailable.',
+      ),
+    );
+
+    const result = await getMemorySearchManager({ cfg, agentId: "missing-qmd-no-builtin" });
+
+    expect(result.manager).toBeNull();
+    expect(result.error).toContain("qmd binary unavailable (qmd): spawn qmd ENOENT");
+    expect(result.error).toContain(
+      'builtin fallback unavailable: Memory search unavailable: embedding provider "openai" is configured but unavailable.',
+    );
+    expect(createQmdManagerMock).not.toHaveBeenCalled();
+    expect(mockMemoryIndexGet).toHaveBeenCalledTimes(1);
+  });
+
  it("treats legacy qmd unavailable results without a reason as binary failures", async () => {
    const cfg = createQmdCfg("missing-qmd-legacy");
    checkQmdBinaryAvailability.mockResolvedValueOnce({
--- a/extensions/memory-core/src/memory/search-manager.ts
+++ b/extensions/memory-core/src/memory/search-manager.ts
@@ -262,16 +262,18 @@ export async function getMemorySearchManager(params: {
    }

    if (transient) {
-      const { manager } = await createPrimaryQmdManager(
+      const { manager, failureReason } = await createPrimaryQmdManager(
        params.purpose === "cli" ? "cli" : "status",
      );
-      return manager ? { manager } : await getBuiltinMemorySearchManager(params);
+      return manager
+        ? { manager }
+        : await getBuiltinMemorySearchManagerAfterQmdFailure(params, failureReason);
    }

    const recentFailure = getActiveQmdManagerOpenFailure(scopeKey, identityKey);
    if (recentFailure) {
      log.debug?.(`qmd memory unavailable; using builtin during cooldown: ${recentFailure.reason}`);
-      return await getBuiltinMemorySearchManager(params);
+      return await getBuiltinMemorySearchManagerAfterQmdFailure(params, recentFailure.reason);
    }

    const pending = PENDING_QMD_MANAGER_CREATES.get(scopeKey);
@@ -280,16 +282,14 @@ export async function getMemorySearchManager(params: {
      return await getMemorySearchManager(params);
    }

+    let pendingFailureReason: string | undefined;
    const pendingCreate: PendingQmdManagerCreate = {
      identityKey,
      promise: (async () => {
        const created = await createFullQmdManager(identityKey);
        if (!created.entry) {
-          recordQmdManagerOpenFailure(
-            scopeKey,
-            identityKey,
-            created.failureReason ?? "qmd memory unavailable",
-          );
+          pendingFailureReason = created.failureReason ?? "qmd memory unavailable";
+          recordQmdManagerOpenFailure(scopeKey, identityKey, pendingFailureReason);
          return null;
        }
        QMD_MANAGER_CACHE.set(scopeKey, created.entry);
@@ -308,12 +308,35 @@ export async function getMemorySearchManager(params: {
    };
    PENDING_QMD_MANAGER_CREATES.set(scopeKey, pendingCreate);
    const manager = await pendingCreate.promise;
-    return manager ? { manager } : await getBuiltinMemorySearchManager(params);
+    return manager
+      ? { manager }
+      : await getBuiltinMemorySearchManagerAfterQmdFailure(params, pendingFailureReason);
  }

  return await getBuiltinMemorySearchManager(params);
 }

+async function getBuiltinMemorySearchManagerAfterQmdFailure(
+  params: {
+    cfg: OpenClawConfig;
+    agentId: string;
+    purpose?: MemorySearchManagerPurpose;
+  },
+  qmdFailureReason: string | undefined,
+): Promise<MemorySearchManagerResult> {
+  const fallback = await getBuiltinMemorySearchManager(params);
+  if (fallback.manager || !qmdFailureReason) {
+    return fallback;
+  }
+  const fallbackError = fallback.error?.trim();
+  return {
+    manager: null,
+    error: fallbackError
+      ? `${qmdFailureReason}; builtin fallback unavailable: ${fallbackError}`
+      : qmdFailureReason,
+  };
+}
+
 async function getBuiltinMemorySearchManager(params: {
  cfg: OpenClawConfig;
  agentId: string;
--- a/extensions/memory-core/src/tools.citations.test.ts
+++ b/extensions/memory-core/src/tools.citations.test.ts
@@ -7,7 +7,9 @@ import {
 import { readMemoryHostEvents } from "openclaw/plugin-sdk/memory-host-events";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import {
+  getMemoryCloseMockCalls,
  getMemorySearchManagerMockCalls,
+  getMemorySearchManagerMockParams,
  getReadAgentMemoryFileMockCalls,
  resetMemoryToolMockState,
  setMemoryBackend,
@@ -162,6 +164,47 @@ describe("memory tools", () => {
    });
  });

+  it("uses default memory manager mode for shared memory_search", async () => {
+    setMemoryBackend("qmd");
+    const tool = createMemorySearchToolOrThrow({
+      config: asOpenClawConfig({
+        memory: { backend: "qmd", qmd: { command: "qmd" } },
+        agents: { list: [{ id: "main", default: true }] },
+      }),
+    });
+
+    await tool.execute("call_default_purpose", { query: "contact phrase" });
+
+    expect(getMemorySearchManagerMockParams()).toEqual([
+      expect.objectContaining({
+        agentId: "main",
+        purpose: undefined,
+      }),
+    ]);
+    expect(getMemoryCloseMockCalls()).toBe(0);
+  });
+
+  it("uses one-shot CLI memory manager mode for explicit local CLI memory_search", async () => {
+    setMemoryBackend("qmd");
+    const tool = createMemorySearchToolOrThrow({
+      config: asOpenClawConfig({
+        memory: { backend: "qmd", qmd: { command: "qmd" } },
+        agents: { list: [{ id: "main", default: true }] },
+      }),
+      oneShotCliRun: true,
+    });
+
+    await tool.execute("call_cli_purpose", { query: "contact phrase" });
+
+    expect(getMemorySearchManagerMockParams()).toEqual([
+      expect.objectContaining({
+        agentId: "main",
+        purpose: "cli",
+      }),
+    ]);
+    expect(getMemoryCloseMockCalls()).toBe(1);
+  });
+
  it("returns disabled details when memory_get fails", async () => {
    setMemoryReadFileImpl(async (_params: MemoryReadParams) => {
      throw new Error("path required");
--- a/extensions/memory-core/src/tools.shared.ts
+++ b/extensions/memory-core/src/tools.shared.ts
@@ -20,6 +20,7 @@ type MemoryToolOptions = {
  getConfig?: () => OpenClawConfig | undefined;
  agentId?: string;
  agentSessionKey?: string;
+  oneShotCliRun?: boolean;
 };

 let memoryToolRuntimePromise: Promise<MemoryToolRuntime> | null = null;
--- a/extensions/memory-core/src/tools.test-helpers.ts
+++ b/extensions/memory-core/src/tools.test-helpers.ts
@@ -15,11 +15,13 @@ export function createMemorySearchToolOrThrow(params?: {
  config?: OpenClawConfig;
  agentId?: string;
  agentSessionKey?: string;
+  oneShotCliRun?: boolean;
 }) {
  const tool = createMemorySearchTool({
    config: params?.config ?? createDefaultMemoryToolConfig(),
    ...(params?.agentId ? { agentId: params.agentId } : {}),
    ...(params?.agentSessionKey ? { agentSessionKey: params.agentSessionKey } : {}),
+    ...(params?.oneShotCliRun ? { oneShotCliRun: params.oneShotCliRun } : {}),
  });
  if (!tool) {
    throw new Error("tool missing");
--- a/extensions/memory-core/src/tools.test.ts
+++ b/extensions/memory-core/src/tools.test.ts
@@ -1,6 +1,7 @@
 // Memory Core tests cover tools plugin behavior.
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import {
+  getMemoryCloseMockCalls,
  getMemorySearchManagerMockCalls,
  getMemorySearchManagerMockConfigs,
  getMemorySearchManagerMockParams,
@@ -257,6 +258,59 @@ describe("memory_search unavailable payloads", () => {
    ]);
    expect(searchCalls).toBe(2);
    expect(getMemorySearchManagerMockCalls()).toBe(2);
+    expect(getMemorySearchManagerMockParams()).toEqual([
+      expect.objectContaining({ purpose: undefined }),
+      expect.objectContaining({ purpose: undefined }),
+    ]);
+    expect(getMemoryCloseMockCalls()).toBe(0);
+  });
+
+  it("re-resolves and closes one-shot CLI managers when a cached sqlite handle was closed", async () => {
+    let searchCalls = 0;
+    setMemorySearchImpl(async () => {
+      searchCalls += 1;
+      if (searchCalls === 1) {
+        throw new Error("database is not open");
+      }
+      return [
+        {
+          path: "MEMORY.md",
+          startLine: 1,
+          endLine: 1,
+          score: 0.9,
+          snippet: "Thread-hidden codename: ORBIT-22.",
+          source: "memory" as const,
+        },
+      ];
+    });
+
+    const tool = createMemorySearchToolOrThrow({
+      config: {
+        agents: { list: [{ id: "main", default: true }] },
+        memory: { citations: "off" },
+      },
+      oneShotCliRun: true,
+    });
+    const result = await tool.execute("closed-db-cli", { query: "hidden thread codename" });
+
+    expect((result.details as { results?: Array<{ path: string }> }).results).toEqual([
+      {
+        corpus: "memory",
+        path: "MEMORY.md",
+        startLine: 1,
+        endLine: 1,
+        score: 0.9,
+        snippet: "Thread-hidden codename: ORBIT-22.",
+        source: "memory",
+      },
+    ]);
+    expect(searchCalls).toBe(2);
+    expect(getMemorySearchManagerMockCalls()).toBe(2);
+    expect(getMemorySearchManagerMockParams()).toEqual([
+      expect.objectContaining({ purpose: "cli" }),
+      expect.objectContaining({ purpose: "cli" }),
+    ]);
+    expect(getMemoryCloseMockCalls()).toBe(1);
  });

  it("forces a sync and retries once when the first search has zero hits", async () => {
--- a/extensions/memory-core/src/tools.ts
+++ b/extensions/memory-core/src/tools.ts
@@ -32,7 +32,6 @@ import {
  buildMemorySearchUnavailableResult,
  createMemoryTool,
  getMemoryCorpusSupplementResult,
-  getMemoryManagerContext,
  getMemoryManagerContextWithPurpose,
  loadMemoryToolRuntime,
  MemoryGetSchema,
@@ -43,6 +42,8 @@ import {
 type MemorySearchToolResult =
  | (MemorySearchResult & { corpus: MemorySource })
  | MemoryCorpusSearchResult;
+type MemoryManagerContext = Awaited<ReturnType<typeof getMemoryManagerContextWithPurpose>>;
+type ActiveMemoryManagerContext = Extract<MemoryManagerContext, { manager: unknown }>;

 const MEMORY_SEARCH_TOOL_TIMEOUT_MS = 15_000;
 const MEMORY_SEARCH_TOOL_COOLDOWN_MS = 60_000;
@@ -81,6 +82,24 @@ export const testing = {
  },
 } as const;

+function isActiveMemoryManagerContext(
+  context: MemoryManagerContext | null,
+): context is ActiveMemoryManagerContext {
+  return context !== null && "manager" in context;
+}
+
+async function closeMemoryManagers(
+  managers: Iterable<ActiveMemoryManagerContext["manager"]>,
+): Promise<void> {
+  for (const manager of managers) {
+    try {
+      await manager.close?.();
+    } catch {
+      // Search results should not be hidden by best-effort transient cleanup.
+    }
+  }
+}
+
 async function runMemorySearchToolWithDeadline<T>(params: {
  timeoutMs: number;
  run: (signal: AbortSignal) => Promise<T>;
@@ -346,6 +365,7 @@ export function createMemorySearchTool(options: {
  agentId?: string;
  agentSessionKey?: string;
  sandboxed?: boolean;
+  oneShotCliRun?: boolean;
 }) {
  return createMemoryTool({
    options,
@@ -401,191 +421,217 @@ export function createMemorySearchTool(options: {
            if (cooldown && !shouldQuerySupplements) {
              return jsonResult(buildMemorySearchUnavailableResult(cooldown.error));
            }
-            const memory = shouldQueryMemory
-              ? await runUnavailablePhase(
-                  "memory",
-                  async () => await getMemoryManagerContext({ cfg, agentId }),
-                )
-              : null;
-            if (shouldQueryMemory && memory && "error" in memory && !shouldQuerySupplements) {
-              recordMemorySearchToolCooldown(
-                cooldownKey,
-                memory.error ?? "memory search unavailable",
-              );
-              return jsonResult(buildMemorySearchUnavailableResult(memory.error));
-            }
-
-            const citationsMode = resolveMemoryCitationsMode(cfg);
-            const includeCitations = shouldIncludeCitations({
-              mode: citationsMode,
-              sessionKey: options.agentSessionKey,
-            });
-            const pluginConfig = resolveMemoryCorePluginConfig(cfg);
-            const dreamingEnabled = resolveMemoryDreamingConfig({
-              pluginConfig,
-              cfg,
-            }).enabled;
-            const dreaming = resolveMemoryDeepDreamingConfig({
-              pluginConfig,
-              cfg,
-            });
-            const searchStartedAt = Date.now();
-            let rawResults: MemorySearchResult[] = [];
-            let surfacedMemoryResults: Array<MemorySearchResult & { corpus: MemorySource }> = [];
-            let provider: string | undefined;
-            let model: string | undefined;
-            let fallback: unknown;
-            let searchMode: string | undefined;
-            let pausedIndexIdentityReason: string | undefined;
-            let searchDebug:
-              | {
-                  backend: string;
-                  configuredMode?: string;
-                  effectiveMode?: string;
-                  fallback?: string;
-                  searchMs: number;
-                  hits: number;
-                }
-              | undefined;
-            if (shouldQueryMemory && memory && !("error" in memory)) {
-              await runUnavailablePhase("memory", async () => {
-                let activeMemory = memory;
-                const runtimeDebug: MemorySearchRuntimeDebug[] = [];
-                const qmdSearchModeOverride = resolveActiveMemoryQmdSearchModeOverride(
-                  cfg,
-                  options.agentSessionKey,
+            const memoryManagerPurpose = options.oneShotCliRun ? "cli" : undefined;
+            const memoryManagersToClose = new Set<ActiveMemoryManagerContext["manager"]>();
+            const trackMemoryManager = (context: MemoryManagerContext): MemoryManagerContext => {
+              if (memoryManagerPurpose === "cli" && isActiveMemoryManagerContext(context)) {
+                memoryManagersToClose.add(context.manager);
+              }
+              return context;
+            };
+            try {
+              const memory = shouldQueryMemory
+                ? await runUnavailablePhase("memory", async () =>
+                    trackMemoryManager(
+                      await getMemoryManagerContextWithPurpose({
+                        cfg,
+                        agentId,
+                        purpose: memoryManagerPurpose,
+                      }),
+                    ),
+                  )
+                : null;
+              if (shouldQueryMemory && memory && "error" in memory && !shouldQuerySupplements) {
+                recordMemorySearchToolCooldown(
+                  cooldownKey,
+                  memory.error ?? "memory search unavailable",
                );
-                const searchSources: MemorySource[] | undefined =
-                  requestedCorpus === "sessions"
-                    ? (["sessions"] as MemorySource[])
-                    : requestedCorpus === "memory"
-                      ? (["memory"] as MemorySource[])
-                      : undefined;
-                const searchOptions = {
-                  maxResults,
-                  minScore,
-                  sessionKey: options.agentSessionKey,
-                  qmdSearchModeOverride,
-                  signal: deadlineSignal,
-                  onDebug: (debug: MemorySearchRuntimeDebug) => {
-                    runtimeDebug.push(debug);
-                  },
-                  ...(searchSources ? { sources: searchSources } : {}),
-                };
-                try {
-                  rawResults = await activeMemory.manager.search(query, searchOptions);
-                } catch (error) {
-                  if (!isClosedMemoryStoreError(error)) {
-                    throw error;
+                return jsonResult(buildMemorySearchUnavailableResult(memory.error));
+              }
+
+              const citationsMode = resolveMemoryCitationsMode(cfg);
+              const includeCitations = shouldIncludeCitations({
+                mode: citationsMode,
+                sessionKey: options.agentSessionKey,
+              });
+              const pluginConfig = resolveMemoryCorePluginConfig(cfg);
+              const dreamingEnabled = resolveMemoryDreamingConfig({
+                pluginConfig,
+                cfg,
+              }).enabled;
+              const dreaming = resolveMemoryDeepDreamingConfig({
+                pluginConfig,
+                cfg,
+              });
+              const searchStartedAt = Date.now();
+              let rawResults: MemorySearchResult[] = [];
+              let surfacedMemoryResults: Array<MemorySearchResult & { corpus: MemorySource }> = [];
+              let provider: string | undefined;
+              let model: string | undefined;
+              let fallback: unknown;
+              let searchMode: string | undefined;
+              let pausedIndexIdentityReason: string | undefined;
+              let searchDebug:
+                | {
+                    backend: string;
+                    configuredMode?: string;
+                    effectiveMode?: string;
+                    fallback?: string;
+                    searchMs: number;
+                    hits: number;
                  }
-                  const refreshed = await getMemoryManagerContext({ cfg, agentId });
-                  if ("error" in refreshed) {
-                    throw error;
-                  }
-                  activeMemory = refreshed;
-                  rawResults = await activeMemory.manager.search(query, searchOptions);
-                }
-                const statusBeforeRetry = activeMemory.manager.status();
-                pausedIndexIdentityReason =
-                  resolvePausedMemoryIndexIdentityReason(statusBeforeRetry);
-                if (pausedIndexIdentityReason) {
-                  return;
-                }
-                if (rawResults.length === 0 && activeMemory.manager.sync) {
-                  await activeMemory.manager.sync({ reason: "search", force: true });
-                  rawResults = await activeMemory.manager.search(query, searchOptions);
-                  pausedIndexIdentityReason = resolvePausedMemoryIndexIdentityReason(
-                    activeMemory.manager.status(),
+                | undefined;
+              if (shouldQueryMemory && memory && !("error" in memory)) {
+                await runUnavailablePhase("memory", async () => {
+                  let activeMemory = memory;
+                  const runtimeDebug: MemorySearchRuntimeDebug[] = [];
+                  const qmdSearchModeOverride = resolveActiveMemoryQmdSearchModeOverride(
+                    cfg,
+                    options.agentSessionKey,
                  );
+                  const searchSources: MemorySource[] | undefined =
+                    requestedCorpus === "sessions"
+                      ? (["sessions"] as MemorySource[])
+                      : requestedCorpus === "memory"
+                        ? (["memory"] as MemorySource[])
+                        : undefined;
+                  const searchOptions = {
+                    maxResults,
+                    minScore,
+                    sessionKey: options.agentSessionKey,
+                    qmdSearchModeOverride,
+                    signal: deadlineSignal,
+                    onDebug: (debug: MemorySearchRuntimeDebug) => {
+                      runtimeDebug.push(debug);
+                    },
+                    ...(searchSources ? { sources: searchSources } : {}),
+                  };
+                  try {
+                    rawResults = await activeMemory.manager.search(query, searchOptions);
+                  } catch (error) {
+                    if (!isClosedMemoryStoreError(error)) {
+                      throw error;
+                    }
+                    const refreshed = trackMemoryManager(
+                      await getMemoryManagerContextWithPurpose({
+                        cfg,
+                        agentId,
+                        purpose: memoryManagerPurpose,
+                      }),
+                    );
+                    if ("error" in refreshed) {
+                      throw error;
+                    }
+                    activeMemory = refreshed;
+                    rawResults = await activeMemory.manager.search(query, searchOptions);
+                  }
+                  const statusBeforeRetry = activeMemory.manager.status();
+                  pausedIndexIdentityReason =
+                    resolvePausedMemoryIndexIdentityReason(statusBeforeRetry);
                  if (pausedIndexIdentityReason) {
                    return;
                  }
-                }
-                rawResults = await filterMemorySearchHitsBySessionVisibility({
-                  cfg,
-                  agentId,
-                  requesterSessionKey: options.agentSessionKey,
-                  sandboxed: options.sandboxed === true,
-                  hits: rawResults,
-                });
-                if (requestedCorpus === "sessions") {
-                  rawResults = rawResults.filter((hit) => hit.source === "sessions");
-                } else if (requestedCorpus === "memory") {
-                  rawResults = rawResults.filter((hit) => hit.source === "memory");
-                }
-                const status = activeMemory.manager.status();
-                const decorated = decorateCitations(rawResults, includeCitations);
-                const resolved = resolveMemoryBackendConfig({ cfg, agentId });
-                const memoryResults =
-                  status.backend === "qmd"
-                    ? clampResultsByInjectedChars(decorated, resolved.qmd?.limits.maxInjectedChars)
-                    : decorated;
-                surfacedMemoryResults = memoryResults.map((result) => ({
-                  ...result,
-                  corpus: result.source,
-                }));
-                if (dreamingEnabled) {
-                  queueShortTermRecallTracking({
-                    workspaceDir: status.workspaceDir,
-                    query,
-                    rawResults,
-                    surfacedResults: memoryResults,
-                    timezone: dreaming.timezone,
+                  if (rawResults.length === 0 && activeMemory.manager.sync) {
+                    await activeMemory.manager.sync({ reason: "search", force: true });
+                    rawResults = await activeMemory.manager.search(query, searchOptions);
+                    pausedIndexIdentityReason = resolvePausedMemoryIndexIdentityReason(
+                      activeMemory.manager.status(),
+                    );
+                    if (pausedIndexIdentityReason) {
+                      return;
+                    }
+                  }
+                  rawResults = await filterMemorySearchHitsBySessionVisibility({
+                    cfg,
+                    agentId,
+                    requesterSessionKey: options.agentSessionKey,
+                    sandboxed: options.sandboxed === true,
+                    hits: rawResults,
                  });
-                }
-                provider = status.provider;
-                model = status.model;
-                fallback = status.fallback;
-                const latestDebug = runtimeDebug.at(-1);
-                searchMode = latestDebug?.effectiveMode;
-                searchDebug = {
-                  backend: status.backend,
-                  configuredMode: latestDebug?.configuredMode,
-                  effectiveMode:
+                  if (requestedCorpus === "sessions") {
+                    rawResults = rawResults.filter((hit) => hit.source === "sessions");
+                  } else if (requestedCorpus === "memory") {
+                    rawResults = rawResults.filter((hit) => hit.source === "memory");
+                  }
+                  const status = activeMemory.manager.status();
+                  const decorated = decorateCitations(rawResults, includeCitations);
+                  const resolved = resolveMemoryBackendConfig({ cfg, agentId });
+                  const memoryResults =
                    status.backend === "qmd"
-                      ? (latestDebug?.effectiveMode ?? latestDebug?.configuredMode)
-                      : "n/a",
-                  fallback: latestDebug?.fallback,
-                  searchMs: Math.max(0, Date.now() - searchStartedAt),
-                  hits: rawResults.length,
-                };
-              });
-              if (pausedIndexIdentityReason) {
-                return jsonResult(
-                  buildPausedMemoryIndexUnavailableResult(pausedIndexIdentityReason),
-                );
-              }
-            }
-            const supplementResults = shouldQuerySupplements
-              ? await runUnavailablePhase(
-                  "supplement",
-                  async () =>
-                    await searchMemoryCorpusSupplements({
+                      ? clampResultsByInjectedChars(
+                          decorated,
+                          resolved.qmd?.limits.maxInjectedChars,
+                        )
+                      : decorated;
+                  surfacedMemoryResults = memoryResults.map((result) => ({
+                    ...result,
+                    corpus: result.source,
+                  }));
+                  if (dreamingEnabled) {
+                    queueShortTermRecallTracking({
+                      workspaceDir: status.workspaceDir,
                      query,
-                      maxResults,
-                      agentSessionKey: options.agentSessionKey,
-                      corpus: requestedCorpus,
-                    }),
-                )
-              : [];
-            // Wiki and memory scores use incomparable scales, so corpus=all first
-            // balances candidate selection and then backfills any unused slots.
-            const effectiveMax = Math.max(1, maxResults ?? 10);
-            const results = mergeMemorySearchCorpusResults({
-              memoryResults: surfacedMemoryResults,
-              supplementResults,
-              maxResults: effectiveMax,
-              balanceCorpora: requestedCorpus === "all",
-            });
-            return jsonResult({
-              results,
-              provider,
-              model,
-              fallback,
-              citations: citationsMode,
-              mode: searchMode,
-              debug: searchDebug,
-            });
+                      rawResults,
+                      surfacedResults: memoryResults,
+                      timezone: dreaming.timezone,
+                    });
+                  }
+                  provider = status.provider;
+                  model = status.model;
+                  fallback = status.fallback;
+                  const latestDebug = runtimeDebug.at(-1);
+                  searchMode = latestDebug?.effectiveMode;
+                  searchDebug = {
+                    backend: status.backend,
+                    configuredMode: latestDebug?.configuredMode,
+                    effectiveMode:
+                      status.backend === "qmd"
+                        ? (latestDebug?.effectiveMode ?? latestDebug?.configuredMode)
+                        : "n/a",
+                    fallback: latestDebug?.fallback,
+                    searchMs: Math.max(0, Date.now() - searchStartedAt),
+                    hits: rawResults.length,
+                  };
+                });
+                if (pausedIndexIdentityReason) {
+                  return jsonResult(
+                    buildPausedMemoryIndexUnavailableResult(pausedIndexIdentityReason),
+                  );
+                }
+              }
+              const supplementResults = shouldQuerySupplements
+                ? await runUnavailablePhase(
+                    "supplement",
+                    async () =>
+                      await searchMemoryCorpusSupplements({
+                        query,
+                        maxResults,
+                        agentSessionKey: options.agentSessionKey,
+                        corpus: requestedCorpus,
+                      }),
+                  )
+                : [];
+              // Wiki and memory scores use incomparable scales, so corpus=all first
+              // balances candidate selection and then backfills any unused slots.
+              const effectiveMax = Math.max(1, maxResults ?? 10);
+              const results = mergeMemorySearchCorpusResults({
+                memoryResults: surfacedMemoryResults,
+                supplementResults,
+                maxResults: effectiveMax,
+                balanceCorpora: requestedCorpus === "all",
+              });
+              return jsonResult({
+                results,
+                provider,
+                model,
+                fallback,
+                citations: citationsMode,
+                mode: searchMode,
+                debug: searchDebug,
+              });
+            } finally {
+              await closeMemoryManagers(memoryManagersToClose);
+            }
          },
        });
        if (outcome.status === "unavailable") {
--- a/extensions/memory-wiki/src/cli.test.ts
+++ b/extensions/memory-wiki/src/cli.test.ts
@@ -10,6 +10,7 @@ import {
  runWikiChatGptImport,
  runWikiChatGptRollback,
  runWikiDoctor,
+  runWikiOkfImport,
  runWikiStatus,
 } from "./cli.js";
 import type { MemoryWikiPluginConfig } from "./config.js";
@@ -27,6 +28,7 @@ vi.mock("openclaw/plugin-sdk/gateway-runtime", () => ({
 const { createVault } = createMemoryWikiTestHarness();
 let suiteRoot = "";
 let caseIndex = 0;
+let stdoutWriteMock: ReturnType<typeof vi.fn>;

 describe("memory-wiki cli", () => {
  beforeAll(async () => {
@@ -41,8 +43,9 @@ describe("memory-wiki cli", () => {

  beforeEach(() => {
    callGatewayFromCliMock.mockReset();
+    stdoutWriteMock = vi.fn(() => true);
    vi.spyOn(process.stdout, "write").mockImplementation(
-      (() => true) as typeof process.stdout.write,
+      stdoutWriteMock as unknown as typeof process.stdout.write,
    );
    process.exitCode = undefined;
  });
@@ -174,6 +177,65 @@ describe("memory-wiki cli", () => {
    );
  });

+  it("registers OKF import and searches imported concepts", async () => {
+    const { rootDir, config } = await createCliVault();
+    const bundlePath = path.join(rootDir, "okf-bundle");
+    await fs.mkdir(path.join(bundlePath, "tables"), { recursive: true });
+    await fs.writeFile(path.join(bundlePath, "index.md"), "# Sales OKF\n", "utf8");
+    await fs.writeFile(
+      path.join(bundlePath, "tables", "customers.md"),
+      `---
+type: BigQuery Table
+title: Customers
+---
+
+Customer rows.
+`,
+      "utf8",
+    );
+    await fs.writeFile(
+      path.join(bundlePath, "tables", "orders.md"),
+      `---
+type: BigQuery Table
+title: Orders
+description: One row per completed order.
+---
+
+Orders join to [customers](/tables/customers.md).
+`,
+      "utf8",
+    );
+
+    const program = new Command();
+    program.name("test");
+    registerWikiCli(program, config);
+
+    await program.parseAsync(["wiki", "okf", "import", bundlePath, "--json"], { from: "user" });
+
+    const importOutput = String(stdoutWriteMock.mock.calls.at(-1)?.[0] ?? "");
+    const importResult = JSON.parse(importOutput) as Awaited<ReturnType<typeof runWikiOkfImport>>;
+    expect(importResult.importedCount).toBe(2);
+    expect(importResult.pagePaths).toEqual(
+      expect.arrayContaining([
+        expect.stringMatching(/^concepts\/okf-okf-bundle-[0-9a-f]{8}-tables-orders-/),
+      ]),
+    );
+
+    stdoutWriteMock.mockClear();
+    await program.parseAsync(["wiki", "search", "completed order", "--json"], { from: "user" });
+
+    const searchOutput = String(stdoutWriteMock.mock.calls.at(-1)?.[0] ?? "");
+    const searchResults = JSON.parse(searchOutput) as Array<{ path: string; title: string }>;
+    expect(searchResults).toEqual(
+      expect.arrayContaining([
+        expect.objectContaining({
+          title: "Orders",
+          path: expect.stringMatching(/^concepts\/okf-okf-bundle-[0-9a-f]{8}-tables-orders-/),
+        }),
+      ]),
+    );
+  });
+
  it("rejects apply confidence values outside the documented range", async () => {
    const { config } = await createCliVault();
    const program = new Command();
--- a/extensions/memory-wiki/src/cli.ts
+++ b/extensions/memory-wiki/src/cli.ts
@@ -33,6 +33,7 @@ import {
  runObsidianOpen,
  runObsidianSearch,
 } from "./obsidian.js";
+import { formatOkfImportSummary, importMemoryWikiOkfBundle } from "./okf.js";
 import {
  getMemoryWikiPage,
  searchMemoryWiki,
@@ -88,6 +89,10 @@ type WikiIngestCommandOptions = {
  title?: string;
 };

+type WikiOkfImportCommandOptions = {
+  json?: boolean;
+};
+
 type WikiSearchCommandOptions = {
  json?: boolean;
  maxResults?: number;
@@ -590,6 +595,24 @@ export async function runWikiIngest(params: {
  });
 }

+export async function runWikiOkfImport(params: {
+  config: ResolvedMemoryWikiConfig;
+  bundlePath: string;
+  json?: boolean;
+  stdout?: Pick<NodeJS.WriteStream, "write">;
+}) {
+  return runWikiCommandWithSummary({
+    json: params.json,
+    stdout: params.stdout,
+    run: () =>
+      importMemoryWikiOkfBundle({
+        config: params.config,
+        bundlePath: params.bundlePath,
+      }),
+    render: formatOkfImportSummary,
+  });
+}
+
 export async function runWikiSearch(params: {
  config: ResolvedMemoryWikiConfig;
  appConfig?: OpenClawConfig;
@@ -965,6 +988,16 @@ export function registerWikiCli(
      await runWikiIngest({ config, inputPath, title: opts.title, json: opts.json });
    });

+  const okf = wiki.command("okf").description("Import Open Knowledge Format bundles");
+  okf
+    .command("import")
+    .description("Import an unpacked OKF bundle into wiki concept pages")
+    .argument("<path>", "OKF bundle directory")
+    .option("--json", "Print JSON")
+    .action(async (bundlePath: string, opts: WikiOkfImportCommandOptions) => {
+      await runWikiOkfImport({ config, bundlePath, json: opts.json });
+    });
+
  addWikiSearchConfigOptions(
    wiki
      .command("search")
--- a/extensions/memory-wiki/src/log.ts
+++ b/extensions/memory-wiki/src/log.ts
@@ -4,7 +4,7 @@ import path from "node:path";
 import { appendRegularFile } from "openclaw/plugin-sdk/security-runtime";

 type MemoryWikiLogEntry = {
-  type: "init" | "ingest" | "compile" | "lint";
+  type: "init" | "ingest" | "okf-import" | "compile" | "lint";
  timestamp: string;
  details?: Record<string, unknown>;
 };
--- a/extensions/memory-wiki/src/okf.test.ts
+++ b/extensions/memory-wiki/src/okf.test.ts
@@ -0,0 +1,609 @@
+// Memory Wiki tests cover Open Knowledge Format import behavior.
+import fs from "node:fs/promises";
+import path from "node:path";
+import { describe, expect, it } from "vitest";
+import { parseWikiMarkdown } from "./markdown.js";
+import { importMemoryWikiOkfBundle } from "./okf.js";
+import { searchMemoryWiki } from "./query.js";
+import { createMemoryWikiTestHarness } from "./test-helpers.js";
+
+const { createTempDir, createVault } = createMemoryWikiTestHarness();
+
+function getOnlyPagePath(paths: string[]): string {
+  expect(paths).toHaveLength(1);
+  const [pagePath] = paths;
+  if (!pagePath) {
+    throw new Error("Expected OKF import to produce one page path.");
+  }
+  return pagePath;
+}
+
+async function writeOkfBundle(rootDir: string) {
+  const bundlePath = path.join(rootDir, "sales-okf");
+  await fs.mkdir(path.join(bundlePath, "tables"), { recursive: true });
+  await fs.mkdir(path.join(bundlePath, "metrics"), { recursive: true });
+  await fs.writeFile(
+    path.join(bundlePath, "index.md"),
+    `---
+id: sales-okf
+okf_version: "0.1"
+---
+
+# Sales Bundle
+`,
+    "utf8",
+  );
+  await fs.writeFile(path.join(bundlePath, "log.md"), "# Directory Update Log\n", "utf8");
+  await fs.writeFile(
+    path.join(bundlePath, "tables", "customers.md"),
+    `---
+type: BigQuery Table
+title: Customers
+description: Customer table.
+resource: https://console.cloud.google.com/bigquery?p=acme&d=sales&t=customers
+tags: [sales, customers]
+timestamp: 2026-05-28T00:00:00Z
+producer_field:
+  owner: data
+---
+
+# Schema
+
+Customer rows.
+`,
+    "utf8",
+  );
+  await fs.writeFile(
+    path.join(bundlePath, "tables", "orders.md"),
+    `---
+type: BigQuery Table
+title: Orders
+description: One row per completed order.
+tags:
+  - sales
+  - orders
+---
+
+# Schema
+
+Joined with [Customers](/tables/customers.md) and the [weekly metric](../metrics/weekly-active-users.md).
+Titled link to [weekly metric](../metrics/weekly-active-users.md "metric docs").
+
+Inline code keeps \`[customers](/tables/customers.md)\` unchanged.
+
+\`\`\`markdown
+[customers](/tables/customers.md)
+\`\`\`
+
+External citation stays as [BigQuery](https://cloud.google.com/bigquery).
+`,
+    "utf8",
+  );
+  await fs.writeFile(
+    path.join(bundlePath, "metrics", "weekly-active-users.md"),
+    `---
+type: Metric
+title: Weekly Active Users
+---
+
+Computed from [orders](../tables/orders.md).
+`,
+    "utf8",
+  );
+  await fs.writeFile(
+    path.join(bundlePath, "tables", "draft.md"),
+    `---
+title: Draft
+---
+
+Missing type.
+`,
+    "utf8",
+  );
+  return bundlePath;
+}
+
+describe("importMemoryWikiOkfBundle", () => {
+  it("imports OKF concept documents as searchable wiki concept pages", async () => {
+    const rootDir = await createTempDir("memory-wiki-okf-");
+    const bundlePath = await writeOkfBundle(rootDir);
+    const { config } = await createVault({
+      rootDir: path.join(rootDir, "vault"),
+    });
+
+    const result = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+
+    expect(result.okfVersion).toBe("0.1");
+    expect(result.importedCount).toBe(3);
+    expect(result.skippedCount).toBe(1);
+    expect(result.warnings[0]).toMatchObject({
+      code: "missing-type",
+      path: "tables/draft.md",
+    });
+    expect(result.pagePaths).toHaveLength(3);
+    const repeat = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 5, 0),
+    });
+    expect(repeat.importedCount).toBe(3);
+    expect(repeat.updatedCount).toBe(0);
+
+    const ordersPath = result.pagePaths.find((pagePath) => pagePath.includes("orders"));
+    expect(ordersPath).toBeTruthy();
+    const ordersRaw = await fs.readFile(path.join(config.vault.path, ordersPath!), "utf8");
+    const orders = parseWikiMarkdown(ordersRaw);
+    expect(orders.frontmatter).toMatchObject({
+      pageType: "concept",
+      title: "Orders",
+      sourceType: "okf",
+      provenanceMode: "okf-import",
+      okfConceptId: "tables/orders",
+      okfType: "BigQuery Table",
+    });
+    expect(orders.frontmatter.sourceIds).toEqual([
+      expect.stringMatching(/^source\.okf\.sales-okf$/),
+    ]);
+    expect(orders.body).toMatch(/\]\(okf-sales-okf-tables-customers-/);
+    expect(orders.body).toMatch(/\]\(okf-sales-okf-metrics-weekly-active-users-/);
+    expect(orders.body).toContain('"metric docs"');
+    expect(orders.body).toContain("`[customers](/tables/customers.md)`");
+    expect(orders.body).toContain("```markdown\n[customers](/tables/customers.md)\n```");
+    expect(orders.body).toContain("https://cloud.google.com/bigquery");
+
+    const okf = orders.frontmatter.okf as Record<string, unknown>;
+    expect(okf).toMatchObject({
+      version: "0.1",
+      bundleName: "sales-okf",
+      conceptId: "tables/orders",
+      sourceRelativePath: "tables/orders.md",
+    });
+    expect(orders.frontmatter.relationships).toEqual(
+      expect.arrayContaining([
+        expect.objectContaining({
+          targetPath: expect.stringMatching(/^concepts\/okf-sales-okf-tables-customers-/),
+          kind: "okf-link",
+        }),
+        expect.objectContaining({
+          targetPath: expect.stringMatching(
+            /^concepts\/okf-sales-okf-metrics-weekly-active-users-/,
+          ),
+          kind: "okf-link",
+        }),
+      ]),
+    );
+
+    const customersPath = result.pagePaths.find((pagePath) => pagePath.includes("customers"));
+    const customersRaw = await fs.readFile(path.join(config.vault.path, customersPath!), "utf8");
+    const customers = parseWikiMarkdown(customersRaw);
+    const customersOkf = customers.frontmatter.okf as Record<string, unknown>;
+    expect(customersOkf.frontmatter).toMatchObject({
+      producer_field: { owner: "data" },
+    });
+
+    const searchResults = await searchMemoryWiki({
+      config,
+      query: "completed order",
+      searchCorpus: "wiki",
+    });
+    expect(searchResults.map((searchResult) => searchResult.path)).toContain(ordersPath);
+  });
+
+  it("caps generated concept filenames for long OKF concept paths", async () => {
+    const rootDir = await createTempDir("memory-wiki-okf-long-");
+    const bundlePath = path.join(rootDir, "long-okf");
+    const deepSegments = Array.from({ length: 40 }, (_, index) => `segment-${index}`);
+    const deepDir = path.join(bundlePath, ...deepSegments);
+    await fs.mkdir(deepDir, { recursive: true });
+    await fs.writeFile(
+      path.join(deepDir, "orders.md"),
+      `---
+type: BigQuery Table
+title: Long Orders
+---
+
+Long concept body.
+`,
+      "utf8",
+    );
+    const { config } = await createVault({
+      rootDir: path.join(rootDir, "vault"),
+    });
+
+    const result = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+
+    expect(result.importedCount).toBe(1);
+    const [pagePath] = result.pagePaths;
+    expect(pagePath).toBeDefined();
+    if (!pagePath) {
+      throw new Error("Expected OKF import to produce a page path.");
+    }
+    const fileName = path.basename(pagePath);
+    expect(Buffer.byteLength(fileName)).toBeLessThanOrEqual(255);
+    await expect(fs.readFile(path.join(config.vault.path, pagePath), "utf8")).resolves.toContain(
+      "Long concept body.",
+    );
+  });
+
+  it("namespaces concept pages by bundle so repeated OKF paths do not overwrite", async () => {
+    const rootDir = await createTempDir("memory-wiki-okf-bundles-");
+    const firstBundle = path.join(rootDir, "first-bundle");
+    const secondBundle = path.join(rootDir, "second-bundle");
+    for (const [bundlePath, title] of [
+      [firstBundle, "First Customers"],
+      [secondBundle, "Second Customers"],
+    ] as const) {
+      await fs.mkdir(path.join(bundlePath, "tables"), { recursive: true });
+      await fs.writeFile(
+        path.join(bundlePath, "tables", "customers.md"),
+        `---
+type: BigQuery Table
+title: ${title}
+---
+
+${title} body.
+`,
+        "utf8",
+      );
+    }
+    const { config } = await createVault({
+      rootDir: path.join(rootDir, "vault"),
+    });
+
+    const first = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath: firstBundle,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+    const second = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath: secondBundle,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+
+    const firstPath = getOnlyPagePath(first.pagePaths);
+    const secondPath = getOnlyPagePath(second.pagePaths);
+    expect(firstPath).not.toBe(secondPath);
+    await expect(fs.readFile(path.join(config.vault.path, firstPath), "utf8")).resolves.toContain(
+      "First Customers body.",
+    );
+    await expect(fs.readFile(path.join(config.vault.path, secondPath), "utf8")).resolves.toContain(
+      "Second Customers body.",
+    );
+  });
+
+  it("removes stale concept pages when an OKF bundle drops a concept", async () => {
+    const rootDir = await createTempDir("memory-wiki-okf-remove-");
+    const bundlePath = path.join(rootDir, "removing-okf");
+    await fs.mkdir(path.join(bundlePath, "tables"), { recursive: true });
+    const customersPath = path.join(bundlePath, "tables", "customers.md");
+    const ordersPath = path.join(bundlePath, "tables", "orders.md");
+    await fs.writeFile(
+      customersPath,
+      `---
+type: BigQuery Table
+title: Customers
+---
+
+Customer body.
+`,
+      "utf8",
+    );
+    await fs.writeFile(
+      ordersPath,
+      `---
+type: BigQuery Table
+title: Orders
+---
+
+Order body.
+`,
+      "utf8",
+    );
+    const { config } = await createVault({
+      rootDir: path.join(rootDir, "vault"),
+    });
+    const first = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+    const stalePagePath = first.pagePaths.find((pagePath) => pagePath.includes("orders"));
+    expect(stalePagePath).toBeDefined();
+    if (!stalePagePath) {
+      throw new Error("Expected initial OKF import to include orders.");
+    }
+
+    await fs.rm(ordersPath);
+    const second = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+
+    expect(second.importedCount).toBe(1);
+    expect(second.removedCount).toBe(1);
+    expect(second.removedPagePaths).toEqual([stalePagePath]);
+    await expect(fs.stat(path.join(config.vault.path, stalePagePath))).rejects.toThrow();
+    const results = await searchMemoryWiki({
+      config,
+      query: "Order body",
+      searchCorpus: "wiki",
+    });
+    expect(results).toHaveLength(0);
+  });
+
+  it("does not prune existing pages when current OKF scan has invalid concepts", async () => {
+    const rootDir = await createTempDir("memory-wiki-okf-invalid-");
+    const bundlePath = path.join(rootDir, "invalid-okf");
+    await fs.mkdir(path.join(bundlePath, "tables"), { recursive: true });
+    const customersPath = path.join(bundlePath, "tables", "customers.md");
+    await fs.writeFile(
+      customersPath,
+      `---
+type: BigQuery Table
+title: Customers
+---
+
+Customer body.
+`,
+      "utf8",
+    );
+    const { config } = await createVault({
+      rootDir: path.join(rootDir, "vault"),
+    });
+    const first = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+    const pagePath = getOnlyPagePath(first.pagePaths);
+    await fs.writeFile(
+      customersPath,
+      `---
+title: Customers
+---
+
+Temporarily invalid body.
+`,
+      "utf8",
+    );
+
+    const second = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+
+    expect(second.importedCount).toBe(0);
+    expect(second.skippedCount).toBe(1);
+    expect(second.removedCount).toBe(0);
+    await expect(fs.readFile(path.join(config.vault.path, pagePath), "utf8")).resolves.toContain(
+      "Customer body.",
+    );
+  });
+
+  it("detects body-only changes on timestamp-shaped markdown lines", async () => {
+    const rootDir = await createTempDir("memory-wiki-okf-body-timestamp-");
+    const bundlePath = path.join(rootDir, "body-timestamp-okf");
+    await fs.mkdir(path.join(bundlePath, "tables"), { recursive: true });
+    const conceptPath = path.join(bundlePath, "tables", "events.md");
+    await fs.writeFile(
+      conceptPath,
+      `---
+type: BigQuery Table
+title: Events
+---
+
+updatedAt: 2026-06-12
+`,
+      "utf8",
+    );
+    const { config } = await createVault({
+      rootDir: path.join(rootDir, "vault"),
+    });
+    const first = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+    const pagePath = getOnlyPagePath(first.pagePaths);
+    await fs.writeFile(
+      conceptPath,
+      `---
+type: BigQuery Table
+title: Events
+---
+
+updatedAt: 2026-06-13
+`,
+      "utf8",
+    );
+
+    const second = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 13, 10, 0, 0),
+    });
+
+    expect(second.updatedCount).toBe(1);
+    await expect(fs.readFile(path.join(config.vault.path, pagePath), "utf8")).resolves.toContain(
+      "updatedAt: 2026-06-13",
+    );
+  });
+
+  it("rewrites percent-encoded OKF markdown links and preserves suffixes", async () => {
+    const rootDir = await createTempDir("memory-wiki-okf-encoded-link-");
+    const bundlePath = path.join(rootDir, "encoded-okf");
+    await fs.mkdir(bundlePath, { recursive: true });
+    await fs.writeFile(
+      path.join(bundlePath, "BigQuery Table.md"),
+      `---
+type: BigQuery Table
+title: BigQuery Table
+---
+
+Table body.
+`,
+      "utf8",
+    );
+    await fs.writeFile(
+      path.join(bundlePath, "links.md"),
+      `---
+type: Concept
+title: Links
+---
+
+See [table](BigQuery%20Table.md?view=compact#columns).
+`,
+      "utf8",
+    );
+    const { config } = await createVault({
+      rootDir: path.join(rootDir, "vault"),
+    });
+
+    const result = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+
+    const linksPath = result.pagePaths.find((pagePath) => pagePath.includes("links"));
+    expect(linksPath).toBeDefined();
+    if (!linksPath) {
+      throw new Error("Expected links page to be imported.");
+    }
+    await expect(fs.readFile(path.join(config.vault.path, linksPath), "utf8")).resolves.toMatch(
+      /\[table\]\(okf-encoded-okf-[0-9a-f]{8}-bigquery-table-[^)]+\.md\?view=compact#columns\)/,
+    );
+  });
+
+  it("imports OKF concept frontmatter with CRLF line endings", async () => {
+    const rootDir = await createTempDir("memory-wiki-okf-crlf-");
+    const bundlePath = path.join(rootDir, "crlf-okf");
+    await fs.mkdir(path.join(bundlePath, "tables"), { recursive: true });
+    await fs.writeFile(
+      path.join(bundlePath, "tables", "events.md"),
+      [
+        "---",
+        "type: BigQuery Table",
+        "title: Events",
+        "---",
+        "",
+        "Windows-flavored frontmatter.",
+        "",
+      ].join("\r\n"),
+      "utf8",
+    );
+    const { config } = await createVault({
+      rootDir: path.join(rootDir, "vault"),
+    });
+
+    const result = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+
+    expect(result.importedCount).toBe(1);
+    expect(result.skippedCount).toBe(0);
+    await expect(
+      fs.readFile(path.join(config.vault.path, getOnlyPagePath(result.pagePaths)), "utf8"),
+    ).resolves.toContain("Windows-flavored frontmatter.");
+  });
+
+  it("refuses to write imported OKF concept pages through symlinks", async () => {
+    const rootDir = await createTempDir("memory-wiki-okf-symlink-");
+    const bundlePath = path.join(rootDir, "safe-okf");
+    await fs.mkdir(path.join(bundlePath, "tables"), { recursive: true });
+    const conceptPath = path.join(bundlePath, "tables", "customers.md");
+    await fs.writeFile(
+      conceptPath,
+      `---
+type: BigQuery Table
+title: Customers
+---
+
+Original body.
+`,
+      "utf8",
+    );
+    const { config } = await createVault({
+      rootDir: path.join(rootDir, "vault"),
+    });
+    const first = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+    const pagePath = getOnlyPagePath(first.pagePaths);
+    const pageAbsolutePath = path.join(config.vault.path, pagePath);
+    const externalTarget = path.join(rootDir, "outside.md");
+    await fs.writeFile(externalTarget, "external target\n", "utf8");
+    await fs.rm(pageAbsolutePath);
+    await fs.symlink(externalTarget, pageAbsolutePath);
+    await fs.writeFile(
+      conceptPath,
+      `---
+type: BigQuery Table
+title: Customers
+---
+
+Updated body.
+`,
+      "utf8",
+    );
+
+    await expect(
+      importMemoryWikiOkfBundle({
+        config,
+        bundlePath,
+        nowMs: Date.UTC(2026, 5, 12, 11, 0, 0),
+      }),
+    ).rejects.toThrow("through symlink");
+    await expect(fs.readFile(externalTarget, "utf8")).resolves.toBe("external target\n");
+  });
+
+  it("refuses to import OKF concept files through hardlinks", async () => {
+    const rootDir = await createTempDir("memory-wiki-okf-hardlink-");
+    const bundlePath = path.join(rootDir, "hardlink-okf");
+    await fs.mkdir(path.join(bundlePath, "tables"), { recursive: true });
+    const externalSource = path.join(rootDir, "outside.md");
+    await fs.writeFile(
+      externalSource,
+      `---
+type: BigQuery Table
+title: Private
+---
+
+private body
+`,
+      "utf8",
+    );
+    await fs.link(externalSource, path.join(bundlePath, "tables", "private.md"));
+    const { config } = await createVault({
+      rootDir: path.join(rootDir, "vault"),
+    });
+
+    const result = await importMemoryWikiOkfBundle({
+      config,
+      bundlePath,
+      nowMs: Date.UTC(2026, 5, 12, 10, 0, 0),
+    });
+
+    expect(result.importedCount).toBe(0);
+    expect(result.skippedCount).toBe(1);
+    expect(result.warnings[0]).toMatchObject({
+      code: "unreadable-entry",
+      path: "tables/private.md",
+    });
+  });
+});
--- a/extensions/memory-wiki/src/okf.ts
+++ b/extensions/memory-wiki/src/okf.ts
@@ -0,0 +1,746 @@
+// Memory Wiki plugin module implements Open Knowledge Format import behavior.
+import { createHash } from "node:crypto";
+import fs from "node:fs/promises";
+import path from "node:path";
+import { FsSafeError, root as fsRoot } from "openclaw/plugin-sdk/security-runtime";
+import {
+  normalizeOptionalString,
+  normalizeSingleOrTrimmedStringList,
+  uniqueStrings,
+} from "openclaw/plugin-sdk/string-coerce-runtime";
+import { compileMemoryWikiVault } from "./compile.js";
+import type { ResolvedMemoryWikiConfig } from "./config.js";
+import { appendMemoryWikiLog } from "./log.js";
+import {
+  createWikiPageFilename,
+  parseWikiMarkdown,
+  renderWikiMarkdown,
+  slugifyWikiSegment,
+  WIKI_RELATED_END_MARKER,
+  WIKI_RELATED_START_MARKER,
+} from "./markdown.js";
+import { resolveMemoryWikiTimestamp } from "./time.js";
+import { initializeMemoryWikiVault } from "./vault.js";
+
+const OKF_RESERVED_FILENAMES = new Set(["index.md", "log.md"]);
+const OKF_MARKDOWN_LINK_PATTERN = /(!?)\[([^\]]*)\]\(([^)]+)\)/g;
+const OKF_FENCE_PATTERN = /^ {0,3}(`{3,}|~{3,})/;
+const OKF_RELATED_SECTION_PATTERN = new RegExp(
+  `\\n+## Related\\n${WIKI_RELATED_START_MARKER}[\\s\\S]*?${WIKI_RELATED_END_MARKER}\\n?`,
+  "g",
+);
+const OKF_VOLATILE_TIMESTAMP_LINE_PATTERN = /^(?:importedAt|updatedAt): .*\n/gm;
+const OKF_HASH_CHARS = 8;
+
+type FileStatLike = {
+  isFile?: unknown;
+  nlink?: unknown;
+};
+
+type OkfConceptDocument = {
+  conceptId: string;
+  relativePath: string;
+  absolutePath: string;
+  frontmatter: Record<string, unknown>;
+  body: string;
+  type: string;
+  title: string;
+  description?: string;
+  resource?: string;
+  tags: string[];
+  timestamp?: string;
+};
+
+type OkfImportedPage = {
+  conceptId: string;
+  sourcePath: string;
+  pageId: string;
+  pagePath: string;
+  title: string;
+  created: boolean;
+};
+
+export type ImportMemoryWikiOkfWarning = {
+  code: "invalid-concept" | "missing-type" | "unreadable-entry";
+  path: string;
+  message: string;
+};
+
+export type ImportMemoryWikiOkfResult = {
+  bundlePath: string;
+  bundleName: string;
+  okfVersion?: string;
+  importedCount: number;
+  updatedCount: number;
+  removedCount: number;
+  skippedCount: number;
+  pagePaths: string[];
+  removedPagePaths: string[];
+  warnings: ImportMemoryWikiOkfWarning[];
+  indexUpdatedFiles: string[];
+};
+
+function toPosixPath(value: string): string {
+  return value.split(path.sep).join("/");
+}
+
+function trimMarkdownExtension(value: string): string {
+  return value.replace(/\.md$/i, "");
+}
+
+function isRegularFileStat(value: unknown): value is FileStatLike & { nlink: number } {
+  if (!value || typeof value !== "object") {
+    return false;
+  }
+  const stat = value as FileStatLike;
+  const isFile =
+    typeof stat.isFile === "function"
+      ? (stat.isFile as () => boolean).call(stat)
+      : stat.isFile === true;
+  return isFile && typeof stat.nlink === "number";
+}
+
+type OkfBundleMetadata = {
+  key: string;
+  version?: string;
+};
+
+function createOkfBundleKey(params: {
+  rootFrontmatter: Record<string, unknown>;
+  bundleName: string;
+  bundlePath: string;
+}): string {
+  const producerId =
+    normalizeOptionalString(params.rootFrontmatter.id) ??
+    normalizeOptionalString(params.rootFrontmatter.okf_id);
+  if (producerId) {
+    return slugifyWikiSegment(producerId);
+  }
+  const label =
+    normalizeOptionalString(params.rootFrontmatter.name) ??
+    normalizeOptionalString(params.rootFrontmatter.title) ??
+    params.bundleName;
+  const hash = createHash("sha1").update(params.bundlePath).digest("hex").slice(0, OKF_HASH_CHARS);
+  return `${slugifyWikiSegment(label)}-${hash}`;
+}
+
+function createOkfPageStem(bundleKey: string, conceptId: string): string {
+  const slug = slugifyWikiSegment(conceptId.replace(/\//g, "-"));
+  const hash = createHash("sha1").update(conceptId).digest("hex").slice(0, OKF_HASH_CHARS);
+  return `okf-${bundleKey}-${slug}-${hash}`;
+}
+
+function createOkfPageIdentity(
+  bundleKey: string,
+  conceptId: string,
+): { pageId: string; pagePath: string } {
+  const fileName = createWikiPageFilename(createOkfPageStem(bundleKey, conceptId));
+  const stem = trimMarkdownExtension(fileName);
+  return {
+    pageId: `concept.${stem}`,
+    pagePath: `concepts/${fileName}`,
+  };
+}
+
+async function collectOkfMarkdownFiles(
+  rootDir: string,
+  warnings: ImportMemoryWikiOkfWarning[],
+): Promise<string[]> {
+  async function walk(relativeDir: string): Promise<string[]> {
+    const absoluteDir = path.join(rootDir, relativeDir);
+    const entries = await fs.readdir(absoluteDir, { withFileTypes: true }).catch((err: unknown) => {
+      warnings.push({
+        code: "unreadable-entry",
+        path: toPosixPath(relativeDir) || ".",
+        message: err instanceof Error ? err.message : "Unable to read OKF directory.",
+      });
+      return [];
+    });
+    const files: string[] = [];
+    for (const entry of entries.toSorted((left, right) => left.name.localeCompare(right.name))) {
+      if (entry.name === ".git" || entry.name === "node_modules") {
+        continue;
+      }
+      const relativePath = path.join(relativeDir, entry.name);
+      if (entry.isDirectory()) {
+        files.push(...(await walk(relativePath)));
+        continue;
+      }
+      if (entry.isFile() && entry.name.endsWith(".md")) {
+        files.push(relativePath);
+      }
+    }
+    return files;
+  }
+
+  return (await walk("")).map(toPosixPath).toSorted((left, right) => left.localeCompare(right));
+}
+
+function parseOkfMarkdown(
+  content: string,
+  relativePath: string,
+): {
+  frontmatter: Record<string, unknown>;
+  body: string;
+  warning?: ImportMemoryWikiOkfWarning;
+} {
+  const normalizedContent = content.replace(/\r\n/g, "\n");
+  try {
+    return parseWikiMarkdown(normalizedContent);
+  } catch (err) {
+    return {
+      frontmatter: {},
+      body: normalizedContent,
+      warning: {
+        code: "invalid-concept",
+        path: relativePath,
+        message: err instanceof Error ? err.message : "Unable to parse OKF frontmatter.",
+      },
+    };
+  }
+}
+
+async function readOkfTextFile(params: {
+  bundlePath: string;
+  relativePath: string;
+  warnings: ImportMemoryWikiOkfWarning[];
+}): Promise<string | null> {
+  const root = await fsRoot(params.bundlePath);
+  const stat = await root.stat(params.relativePath).catch((err: unknown) => {
+    params.warnings.push({
+      code: "unreadable-entry",
+      path: params.relativePath,
+      message: err instanceof Error ? err.message : "Unable to read OKF concept.",
+    });
+    return null;
+  });
+  if (!stat) {
+    return null;
+  }
+  if (!isRegularFileStat(stat)) {
+    params.warnings.push({
+      code: "unreadable-entry",
+      path: params.relativePath,
+      message: "Refusing to import OKF concept through non-regular or hardlinked file.",
+    });
+    return null;
+  }
+  return await root.readText(params.relativePath).catch((err: unknown) => {
+    params.warnings.push({
+      code: "unreadable-entry",
+      path: params.relativePath,
+      message: err instanceof Error ? err.message : "Unable to read OKF concept.",
+    });
+    return null;
+  });
+}
+
+function deriveOkfTitle(relativePath: string, frontmatter: Record<string, unknown>): string {
+  return (
+    normalizeOptionalString(frontmatter.title) ??
+    path.posix.basename(relativePath, ".md").replace(/[-_]+/g, " ").trim() ??
+    trimMarkdownExtension(relativePath)
+  );
+}
+
+function normalizeOkfConcept(params: {
+  bundlePath: string;
+  relativePath: string;
+  content: string;
+}): { concept?: OkfConceptDocument; warning?: ImportMemoryWikiOkfWarning } {
+  const parsed = parseOkfMarkdown(params.content, params.relativePath);
+  if (parsed.warning) {
+    return { warning: parsed.warning };
+  }
+
+  const type = normalizeOptionalString(parsed.frontmatter.type);
+  if (!type) {
+    return {
+      warning: {
+        code: "missing-type",
+        path: params.relativePath,
+        message: "OKF concept is missing required non-empty type frontmatter.",
+      },
+    };
+  }
+
+  const conceptId = trimMarkdownExtension(params.relativePath);
+  const timestamp = normalizeOptionalString(parsed.frontmatter.timestamp);
+  return {
+    concept: {
+      conceptId,
+      relativePath: params.relativePath,
+      absolutePath: path.join(params.bundlePath, params.relativePath),
+      frontmatter: parsed.frontmatter,
+      body: parsed.body,
+      type,
+      title: deriveOkfTitle(params.relativePath, parsed.frontmatter),
+      ...(normalizeOptionalString(parsed.frontmatter.description)
+        ? { description: normalizeOptionalString(parsed.frontmatter.description) }
+        : {}),
+      ...(normalizeOptionalString(parsed.frontmatter.resource)
+        ? { resource: normalizeOptionalString(parsed.frontmatter.resource) }
+        : {}),
+      tags: normalizeSingleOrTrimmedStringList(parsed.frontmatter.tags),
+      ...(timestamp ? { timestamp } : {}),
+    },
+  };
+}
+
+function splitMarkdownLinkDestination(target: string): {
+  destination: string;
+  titleSuffix: string;
+} {
+  const trimmed = target.trim();
+  if (trimmed.startsWith("<")) {
+    const end = trimmed.indexOf(">");
+    if (end > 0) {
+      return {
+        destination: trimmed.slice(1, end),
+        titleSuffix: trimmed.slice(end + 1),
+      };
+    }
+  }
+  const match = trimmed.match(/^(\S+)(\s+[\s\S]+)?$/);
+  return {
+    destination: match?.[1] ?? trimmed,
+    titleSuffix: match?.[2] ?? "",
+  };
+}
+
+function resolveOkfMarkdownTarget(sourceRelativePath: string, target: string): string | null {
+  const { destination } = splitMarkdownLinkDestination(target);
+  const trimmed = destination.trim();
+  if (!trimmed || trimmed.startsWith("#") || /^[a-z][a-z0-9+.-]*:/i.test(trimmed)) {
+    return null;
+  }
+
+  const rawTargetWithoutSuffix = trimmed.split("#")[0]?.split("?")[0]?.replace(/\\/g, "/").trim();
+  const targetWithoutSuffix = safeDecodeOkfLinkPath(rawTargetWithoutSuffix);
+  if (!targetWithoutSuffix || !targetWithoutSuffix.endsWith(".md")) {
+    return null;
+  }
+
+  const normalized = targetWithoutSuffix.startsWith("/")
+    ? path.posix.normalize(targetWithoutSuffix.slice(1))
+    : path.posix.normalize(
+        path.posix.join(path.posix.dirname(sourceRelativePath), targetWithoutSuffix),
+      );
+  const conceptId = trimMarkdownExtension(normalized);
+  return conceptId.startsWith("../") ? null : conceptId;
+}
+
+function safeDecodeOkfLinkPath(value: string | undefined): string {
+  if (!value) {
+    return "";
+  }
+  try {
+    return decodeURIComponent(value);
+  } catch {
+    return value;
+  }
+}
+
+function getMarkdownDestinationSuffix(destination: string): string {
+  const queryIndex = destination.indexOf("?");
+  const fragmentIndex = destination.indexOf("#");
+  const suffixIndex = queryIndex === -1
+    ? fragmentIndex
+    : fragmentIndex === -1
+      ? queryIndex
+      : Math.min(queryIndex, fragmentIndex);
+  return suffixIndex === -1 ? "" : destination.slice(suffixIndex);
+}
+
+function rewriteOkfMarkdownLinks(params: {
+  body: string;
+  sourcePagePath: string;
+  sourceRelativePath: string;
+  pageByConceptId: Map<string, { pageId: string; pagePath: string; title: string }>;
+}): { body: string; linkedConceptIds: string[] } {
+  const linkedConceptIds: string[] = [];
+  const rewriteLinks = (markdown: string) =>
+    markdown.replace(
+      OKF_MARKDOWN_LINK_PATTERN,
+      (match, imagePrefix: string, label: string, rawTarget: string) => {
+        const conceptId = resolveOkfMarkdownTarget(params.sourceRelativePath, rawTarget);
+        if (!conceptId) {
+          return match;
+        }
+        const target = params.pageByConceptId.get(conceptId);
+        if (!target) {
+          return match;
+        }
+        linkedConceptIds.push(conceptId);
+        const { destination, titleSuffix } = splitMarkdownLinkDestination(rawTarget);
+        const relativeTarget = path.posix.relative(
+          path.posix.dirname(params.sourcePagePath),
+          target.pagePath,
+        );
+        const suffix = getMarkdownDestinationSuffix(destination);
+        return `${imagePrefix}[${label}](${relativeTarget}${suffix}${titleSuffix})`;
+      },
+    );
+  const body = rewriteMarkdownOutsideCode(params.body, rewriteLinks);
+  return { body, linkedConceptIds: uniqueStrings(linkedConceptIds) };
+}
+
+function rewriteMarkdownLineOutsideInlineCode(
+  line: string,
+  rewriteLinks: (markdown: string) => string,
+): string {
+  let result = "";
+  let cursor = 0;
+  while (cursor < line.length) {
+    const codeStart = line.indexOf("`", cursor);
+    if (codeStart === -1) {
+      result += rewriteLinks(line.slice(cursor));
+      break;
+    }
+    result += rewriteLinks(line.slice(cursor, codeStart));
+    const delimiter = line.slice(codeStart).match(/^`+/)?.[0] ?? "`";
+    const codeEnd = line.indexOf(delimiter, codeStart + delimiter.length);
+    if (codeEnd === -1) {
+      result += line.slice(codeStart);
+      break;
+    }
+    result += line.slice(codeStart, codeEnd + delimiter.length);
+    cursor = codeEnd + delimiter.length;
+  }
+  return result;
+}
+
+function rewriteMarkdownOutsideCode(
+  markdown: string,
+  rewriteLinks: (markdown: string) => string,
+): string {
+  const lines = markdown.split(/(\n)/);
+  let inFence = false;
+  let fenceDelimiter = "";
+  return lines
+    .map((line) => {
+      if (line === "\n") {
+        return line;
+      }
+      const fenceMatch = line.match(OKF_FENCE_PATTERN);
+      if (fenceMatch) {
+        const delimiter = fenceMatch[1] ?? "";
+        const closesFence =
+          inFence &&
+          delimiter.startsWith(fenceDelimiter[0] ?? "") &&
+          delimiter.length >= fenceDelimiter.length;
+        const opensFence = !inFence;
+        if (opensFence) {
+          inFence = true;
+          fenceDelimiter = delimiter;
+        } else if (closesFence) {
+          inFence = false;
+          fenceDelimiter = "";
+        }
+        return line;
+      }
+      return inFence ? line : rewriteMarkdownLineOutsideInlineCode(line, rewriteLinks);
+    })
+    .join("");
+}
+
+function normalizeOkfRenderedPageForComparison(content: string): string {
+  const withoutRelated = content.replace(OKF_RELATED_SECTION_PATTERN, "\n");
+  const frontmatterMatch = withoutRelated.match(/^---\n([\s\S]*?)\n---\n?/);
+  if (!frontmatterMatch) {
+    return withoutRelated.trimEnd();
+  }
+  const normalizedFrontmatter =
+    frontmatterMatch[1]?.replace(OKF_VOLATILE_TIMESTAMP_LINE_PATTERN, "") ?? "";
+  const frontmatterBody = normalizedFrontmatter.endsWith("\n")
+    ? normalizedFrontmatter
+    : `${normalizedFrontmatter}\n`;
+  return `---\n${frontmatterBody}---\n${withoutRelated.slice(frontmatterMatch[0].length)}`.trimEnd();
+}
+
+async function writeOkfConceptPage(params: {
+  vaultRoot: string;
+  pagePath: string;
+  content: string;
+}): Promise<{ changed: boolean; created: boolean }> {
+  const vault = await fsRoot(params.vaultRoot);
+  const pageStat = await vault.stat(params.pagePath).catch((error: unknown) => {
+    if (
+      error instanceof FsSafeError &&
+      (error.code === "not-found" || error.code === "path-alias")
+    ) {
+      return null;
+    }
+    throw error;
+  });
+  const existing = pageStat ? await vault.readText(params.pagePath).catch(() => "") : "";
+  if (
+    existing === params.content ||
+    normalizeOkfRenderedPageForComparison(existing) ===
+      normalizeOkfRenderedPageForComparison(params.content)
+  ) {
+    return { changed: false, created: !pageStat };
+  }
+  try {
+    if (isRegularFileStat(pageStat) && pageStat.nlink > 1) {
+      await vault.remove(params.pagePath);
+    }
+    await vault.write(params.pagePath, params.content);
+  } catch (error) {
+    if (error instanceof FsSafeError) {
+      if (error.code !== "symlink" && error.code !== "path-alias") {
+        throw new Error(
+          `Refusing to write OKF concept page (${error.code}): ${params.pagePath}: ${error.message}`,
+          { cause: error },
+        );
+      }
+      throw new Error(`Refusing to write OKF concept page through symlink: ${params.pagePath}`, {
+        cause: error,
+      });
+    }
+    throw error;
+  }
+  return { changed: true, created: !pageStat };
+}
+
+async function removeStaleOkfConceptPages(params: {
+  vaultRoot: string;
+  bundleKey: string;
+  currentPagePaths: Set<string>;
+}): Promise<string[]> {
+  const vault = await fsRoot(params.vaultRoot);
+  const conceptsDir = path.join(params.vaultRoot, "concepts");
+  const entries = await fs.readdir(conceptsDir, { withFileTypes: true }).catch(() => []);
+  const removedPagePaths: string[] = [];
+  for (const entry of entries) {
+    if (!entry.isFile() || !entry.name.endsWith(".md") || entry.name === "index.md") {
+      continue;
+    }
+    const pagePath = `concepts/${entry.name}`;
+    if (params.currentPagePaths.has(pagePath)) {
+      continue;
+    }
+    const raw = await vault.readText(pagePath).catch(() => "");
+    const parsed = parseWikiMarkdown(raw);
+    const okf = parsed.frontmatter.okf;
+    if (
+      okf &&
+      typeof okf === "object" &&
+      !Array.isArray(okf) &&
+      (okf as Record<string, unknown>).bundleKey === params.bundleKey
+    ) {
+      await vault.remove(pagePath);
+      removedPagePaths.push(pagePath);
+    }
+  }
+  return removedPagePaths;
+}
+
+function readRootOkfMetadata(params: {
+  rootIndex: string | undefined;
+  bundleName: string;
+  bundlePath: string;
+}): OkfBundleMetadata {
+  if (!params.rootIndex) {
+    return {
+      key: createOkfBundleKey({
+        rootFrontmatter: {},
+        bundleName: params.bundleName,
+        bundlePath: params.bundlePath,
+      }),
+    };
+  }
+  const parsed = parseOkfMarkdown(params.rootIndex, "index.md");
+  return {
+    key: createOkfBundleKey({
+      rootFrontmatter: parsed.frontmatter,
+      bundleName: params.bundleName,
+      bundlePath: params.bundlePath,
+    }),
+    ...(normalizeOptionalString(parsed.frontmatter.okf_version)
+      ? { version: normalizeOptionalString(parsed.frontmatter.okf_version) }
+      : {}),
+  };
+}
+
+function formatOkfImportSummary(result: ImportMemoryWikiOkfResult): string {
+  return `Imported ${result.importedCount} OKF concept${result.importedCount === 1 ? "" : "s"} from ${result.bundlePath} into memory wiki. Updated ${result.updatedCount}; removed ${result.removedCount}; skipped ${result.skippedCount}; refreshed ${result.indexUpdatedFiles.length} index file${result.indexUpdatedFiles.length === 1 ? "" : "s"}.`;
+}
+
+export { formatOkfImportSummary };
+
+export async function importMemoryWikiOkfBundle(params: {
+  config: ResolvedMemoryWikiConfig;
+  bundlePath: string;
+  nowMs?: number;
+}): Promise<ImportMemoryWikiOkfResult> {
+  await initializeMemoryWikiVault(params.config, { nowMs: params.nowMs });
+  const bundlePath = path.resolve(params.bundlePath);
+  const stat = await fs.stat(bundlePath);
+  if (!stat.isDirectory()) {
+    throw new Error("wiki okf import expects an unpacked OKF bundle directory.");
+  }
+
+  const warnings: ImportMemoryWikiOkfWarning[] = [];
+  const markdownFiles = await collectOkfMarkdownFiles(bundlePath, warnings);
+  const concepts: OkfConceptDocument[] = [];
+  let rootIndexContent: string | undefined;
+
+  for (const relativePath of markdownFiles) {
+    if (relativePath === "index.md") {
+      rootIndexContent =
+        (await readOkfTextFile({ bundlePath, relativePath, warnings })) ?? undefined;
+    }
+    if (OKF_RESERVED_FILENAMES.has(path.posix.basename(relativePath))) {
+      continue;
+    }
+    const content = await readOkfTextFile({ bundlePath, relativePath, warnings });
+    if (content === null) {
+      continue;
+    }
+    const normalized = normalizeOkfConcept({ bundlePath, relativePath, content });
+    if (normalized.warning) {
+      warnings.push(normalized.warning);
+      continue;
+    }
+    if (normalized.concept) {
+      concepts.push(normalized.concept);
+    }
+  }
+
+  const timestamp = resolveMemoryWikiTimestamp(params.nowMs);
+  const bundleName = path.basename(bundlePath);
+  const bundleMetadata = readRootOkfMetadata({
+    rootIndex: rootIndexContent,
+    bundleName,
+    bundlePath,
+  });
+  const bundleKey = bundleMetadata.key;
+  const pageByConceptId = new Map<string, { pageId: string; pagePath: string; title: string }>();
+  for (const concept of concepts) {
+    pageByConceptId.set(concept.conceptId, {
+      ...createOkfPageIdentity(bundleKey, concept.conceptId),
+      title: concept.title,
+    });
+  }
+
+  const importedPages: OkfImportedPage[] = [];
+  let updatedCount = 0;
+
+  await fs.mkdir(path.join(params.config.vault.path, "concepts"), { recursive: true });
+  for (const concept of concepts.toSorted((left, right) =>
+    left.conceptId.localeCompare(right.conceptId),
+  )) {
+    const page = pageByConceptId.get(concept.conceptId);
+    if (!page) {
+      continue;
+    }
+    const rewritten = rewriteOkfMarkdownLinks({
+      body: concept.body,
+      sourcePagePath: page.pagePath,
+      sourceRelativePath: concept.relativePath,
+      pageByConceptId,
+    });
+    const relationships = rewritten.linkedConceptIds.flatMap((conceptId) => {
+      const target = pageByConceptId.get(conceptId);
+      return target
+        ? [
+            {
+              targetId: target.pageId,
+              targetPath: target.pagePath,
+              targetTitle: target.title,
+              kind: "okf-link",
+              evidenceKind: "okf-markdown-link",
+            },
+          ]
+        : [];
+    });
+
+    const frontmatter = {
+      pageType: "concept",
+      id: page.pageId,
+      title: concept.title,
+      sourceType: "okf",
+      provenanceMode: "okf-import",
+      sourcePath: concept.absolutePath,
+      okfConceptId: concept.conceptId,
+      okfType: concept.type,
+      sourceIds: [`source.okf.${bundleKey}`],
+      importedAt: timestamp,
+      updatedAt: concept.timestamp ?? timestamp,
+      status: "active",
+      ...(concept.description ? { description: concept.description } : {}),
+      ...(concept.resource ? { resource: concept.resource } : {}),
+      ...(concept.tags.length > 0 ? { tags: concept.tags } : {}),
+      ...(concept.timestamp ? { okfTimestamp: concept.timestamp } : {}),
+      ...(relationships.length > 0 ? { relationships } : {}),
+      okf: {
+        ...(bundleMetadata.version ? { version: bundleMetadata.version } : {}),
+        bundleName,
+        bundleKey,
+        conceptId: concept.conceptId,
+        sourceRelativePath: concept.relativePath,
+        frontmatter: concept.frontmatter,
+      },
+    };
+
+    const writeResult = await writeOkfConceptPage({
+      vaultRoot: params.config.vault.path,
+      pagePath: page.pagePath,
+      content: renderWikiMarkdown({
+        frontmatter,
+        body: rewritten.body,
+      }),
+    });
+    if (!writeResult.created && writeResult.changed) {
+      updatedCount++;
+    }
+    importedPages.push({
+      conceptId: concept.conceptId,
+      sourcePath: concept.absolutePath,
+      pageId: page.pageId,
+      pagePath: page.pagePath,
+      title: concept.title,
+      created: writeResult.created,
+    });
+  }
+  const currentPagePaths = new Set(importedPages.map((page) => page.pagePath));
+  const removedPagePaths =
+    warnings.length === 0
+      ? await removeStaleOkfConceptPages({
+          vaultRoot: params.config.vault.path,
+          bundleKey,
+          currentPagePaths,
+        })
+      : [];
+
+  await appendMemoryWikiLog(params.config.vault.path, {
+    type: "okf-import",
+    timestamp,
+    details: {
+      bundlePath,
+      bundleName,
+      importedCount: importedPages.length,
+      updatedCount,
+      removedCount: removedPagePaths.length,
+      skippedCount: warnings.length,
+      pagePaths: importedPages.map((page) => page.pagePath),
+      removedPagePaths,
+    },
+  });
+
+  const compile = await compileMemoryWikiVault(params.config);
+  return {
+    bundlePath,
+    bundleName,
+    ...(bundleMetadata.version ? { okfVersion: bundleMetadata.version } : {}),
+    importedCount: importedPages.length,
+    updatedCount,
+    removedCount: removedPagePaths.length,
+    skippedCount: warnings.length,
+    pagePaths: importedPages.map((page) => page.pagePath),
+    removedPagePaths,
+    warnings,
+    indexUpdatedFiles: compile.updatedFiles,
+  };
+}
--- a/extensions/moonshot/index.test.ts
+++ b/extensions/moonshot/index.test.ts
@@ -44,7 +44,7 @@ describe("moonshot provider plugin", () => {
    });
  });

-  it("owns replay policy for OpenAI-compatible Moonshot transports without mangling native Kimi tool_call IDs", async () => {
+  it("rewrites duplicate tool-call ids with OpenAI-style ids for Moonshot replay", async () => {
    const provider = await registerSingleProviderPlugin(plugin);

    const policy = provider.buildReplayPolicy?.({
@@ -57,10 +57,28 @@ describe("moonshot provider plugin", () => {
      applyAssistantFirstOrderingFix: true,
      validateGeminiTurns: true,
      validateAnthropicTurns: true,
+      sanitizeToolCallIds: true,
+      toolCallIdMode: "strict",
+      duplicateToolCallIdStyle: "openai",
    });
    expect(policy).not.toHaveProperty("dropReasoningFromHistory");
-    expect(policy).not.toHaveProperty("sanitizeToolCallIds");
-    expect(policy).not.toHaveProperty("toolCallIdMode");
+  });
+
+  it("preserves responses-family replay behavior", async () => {
+    const provider = await registerSingleProviderPlugin(plugin);
+
+    const policy = provider.buildReplayPolicy?.({
+      provider: "moonshot",
+      modelApi: "openai-responses",
+      modelId: "kimi-k2.6",
+    } as never);
+
+    expect(policy).toEqual({
+      applyAssistantFirstOrderingFix: false,
+      validateGeminiTurns: false,
+      validateAnthropicTurns: false,
+      allowSyntheticToolResults: true,
+    });
  });

  it("wires moonshot-thinking stream hooks", async () => {
@@ -89,4 +107,60 @@ describe("moonshot provider plugin", () => {
      thinking: { type: "disabled" },
    });
  });
+
+  it("keeps Kimi K2.7 Code thinking always on without sending a thinking field", async () => {
+    const provider = await registerSingleProviderPlugin(plugin);
+    const capturedStream = createCapturedThinkingConfigStream();
+
+    const wrapped = provider.wrapSimpleCompletionStreamFn?.({
+      provider: "moonshot",
+      modelId: "kimi-k2.7-code",
+      thinkingLevel: "off",
+      streamFn: capturedStream.streamFn,
+    } as never);
+
+    void wrapped?.(
+      {
+        api: "openai-completions",
+        provider: "moonshot",
+        id: "kimi-k2.7-code",
+      } as Model<"openai-completions">,
+      { messages: [] } as Context,
+      {},
+    );
+
+    expect(capturedStream.getCapturedPayload()).toEqual({
+      config: { thinkingConfig: { thinkingBudget: -1 } },
+    });
+    expect(
+      provider.wrapSimpleCompletionStreamFn?.({
+        provider: "moonshot",
+        modelId: "kimi-k2.6",
+        streamFn: capturedStream.streamFn,
+      } as never),
+    ).toBe(capturedStream.streamFn);
+    expect(
+      provider.resolveThinkingProfile?.({
+        provider: "moonshot",
+        modelId: "kimi-k2.7-code",
+        reasoning: true,
+      } as never),
+    ).toEqual({
+      levels: [{ id: "low", label: "on" }],
+      defaultLevel: "low",
+      preserveWhenCatalogReasoningFalse: true,
+    });
+    expect(
+      provider.isModernModelRef?.({
+        provider: "moonshot",
+        modelId: "kimi-k2.7-code",
+      }),
+    ).toBe(true);
+    expect(
+      provider.isModernModelRef?.({
+        provider: "moonshot",
+        modelId: "kimi-k2.6",
+      }),
+    ).toBe(false);
+  });
 });
--- a/extensions/moonshot/index.ts
+++ b/extensions/moonshot/index.ts
@@ -1,6 +1,6 @@
 // Moonshot plugin entrypoint registers its OpenClaw integration.
 import { defineSingleProviderPluginEntry } from "openclaw/plugin-sdk/provider-entry";
-import { buildProviderReplayFamilyHooks } from "openclaw/plugin-sdk/provider-model-shared";
+import { buildOpenAICompatibleReplayPolicy } from "openclaw/plugin-sdk/provider-model-shared";
 import { MOONSHOT_THINKING_STREAM_HOOKS } from "openclaw/plugin-sdk/provider-stream-family";
 import { applyMoonshotNativeStreamingUsageCompat } from "./api.js";
 import { moonshotMediaUnderstandingProvider } from "./media-understanding-provider.js";
@@ -10,9 +10,11 @@ import {
  MOONSHOT_DEFAULT_MODEL_REF,
 } from "./onboard.js";
 import { buildMoonshotProvider } from "./provider-catalog.js";
+import { KIMI_K2_7_CODE_MODEL_ID, resolveThinkingProfile } from "./provider-policy-api.js";
 import { createKimiWebSearchProvider } from "./src/kimi-web-search-provider.js";

 const PROVIDER_ID = "moonshot";
+const moonshotThinkingStreamHooks = MOONSHOT_THINKING_STREAM_HOOKS;

 export default defineSingleProviderPluginEntry({
  id: PROVIDER_ID,
@@ -59,22 +61,20 @@ export default defineSingleProviderPluginEntry({
    },
    applyNativeStreamingUsageCompat: ({ providerConfig }) =>
      applyMoonshotNativeStreamingUsageCompat(providerConfig),
-    // Kimi K2+ returns native tool_call IDs shaped like `functions.<name>:<index>`.
-    // Sanitizing them to alphanumeric-only breaks Kimi's serving-layer matching in
-    // multi-turn replay. See openclaw/openclaw#62319.
-    ...buildProviderReplayFamilyHooks({
-      family: "openai-compatible",
-      sanitizeToolCallIds: false,
-      dropReasoningFromHistory: false,
-    }),
-    ...MOONSHOT_THINKING_STREAM_HOOKS,
-    resolveThinkingProfile: () => ({
-      levels: [
-        { id: "off", label: "off" },
-        { id: "low", label: "on" },
-      ],
-      defaultLevel: "off",
-    }),
+    buildReplayPolicy: ({ modelApi, modelId }) =>
+      buildOpenAICompatibleReplayPolicy(modelApi, {
+        modelId,
+        sanitizeToolCallIds: modelApi === "openai-completions",
+        duplicateToolCallIdStyle: "openai",
+        dropReasoningFromHistory: false,
+      }),
+    ...moonshotThinkingStreamHooks,
+    wrapSimpleCompletionStreamFn: (ctx) =>
+      ctx.modelId.trim().toLowerCase() === KIMI_K2_7_CODE_MODEL_ID
+        ? moonshotThinkingStreamHooks.wrapStreamFn?.(ctx)
+        : ctx.streamFn,
+    resolveThinkingProfile,
+    isModernModelRef: ({ modelId }) => modelId.trim().toLowerCase() === KIMI_K2_7_CODE_MODEL_ID,
  },
  register(api) {
    api.registerMediaUnderstandingProvider(moonshotMediaUnderstandingProvider);
--- a/extensions/moonshot/moonshot.live.test.ts
+++ b/extensions/moonshot/moonshot.live.test.ts
@@ -1,11 +1,25 @@
 // Moonshot tests cover moonshot plugin behavior.
+import {
+  streamSimple,
+  type AssistantMessage,
+  type Context,
+  type Model,
+  type Tool,
+} from "openclaw/plugin-sdk/llm";
+import { registerSingleProviderPlugin } from "openclaw/plugin-sdk/plugin-test-runtime";
 import { isLiveTestEnabled } from "openclaw/plugin-sdk/test-env";
+import { Type } from "typebox";
 import { describe, expect, it } from "vitest";
+import plugin from "./index.js";
+import { buildMoonshotProvider, MOONSHOT_CN_BASE_URL } from "./provider-catalog.js";
 import { createKimiWebSearchProvider } from "./src/kimi-web-search-provider.js";

 const KIMI_SEARCH_KEY =
  process.env.KIMI_API_KEY?.trim() || process.env.MOONSHOT_API_KEY?.trim() || "";
+const MOONSHOT_API_KEY = process.env.MOONSHOT_API_KEY?.trim() || "";
 const describeLive = isLiveTestEnabled() && KIMI_SEARCH_KEY.length > 0 ? describe : describe.skip;
+const describeModelLive =
+  isLiveTestEnabled() && MOONSHOT_API_KEY.length > 0 ? describe : describe.skip;
 const KIMI_LIVE_SEARCH_TIMEOUT_SECONDS = 60;

 function isTransientKimiSearchError(error: unknown): boolean {
@@ -19,17 +33,31 @@ function isTransientKimiSearchError(error: unknown): boolean {
  return message.includes("timeout") || message.includes("aborted");
 }

-function isKimiAuthDrift(error: unknown): boolean {
+function isMoonshotAuthDrift(error: unknown): boolean {
  if (!(error instanceof Error)) {
    return false;
  }
  const message = error.message.toLowerCase();
  return (
-    message.includes("kimi api error (401)") &&
-    (message.includes("incorrect api key") || message.includes("incorrect_api_key"))
+    message.includes("401") &&
+    (message.includes("incorrect api key") ||
+      message.includes("incorrect_api_key") ||
+      message.includes("invalid authentication") ||
+      message.includes("invalid_authentication_error"))
  );
 }

+describe("moonshot live auth drift detection", () => {
+  it.each([
+    ["401 Incorrect API key provided", true],
+    ["401 invalid_authentication_error: Invalid Authentication", true],
+    ["401 Permission denied", false],
+    ["400 Incorrect API key provided", false],
+  ])("classifies %s", (message, expected) => {
+    expect(isMoonshotAuthDrift(new Error(message))).toBe(expected);
+  });
+});
+
 describeLive("moonshot plugin live", () => {
  it("runs Kimi web search through the provider tool", async () => {
    const provider = createKimiWebSearchProvider();
@@ -51,7 +79,7 @@ describeLive("moonshot plugin live", () => {
        break;
      } catch (error) {
        lastError = error;
-        if (isKimiAuthDrift(error)) {
+        if (isMoonshotAuthDrift(error)) {
          console.warn("[moonshot:live] skip Kimi web search: auth drift");
          return;
        }
@@ -71,6 +99,256 @@ describeLive("moonshot plugin live", () => {
  }, 180_000);
 });

+function resolveMoonshotModels(modelId: string): Model<"openai-completions">[] {
+  const provider = buildMoonshotProvider();
+  const model = provider.models.find((entry) => entry.id === modelId);
+  if (!model) {
+    throw new Error(`Moonshot catalog does not include ${modelId}`);
+  }
+  const defaultModel = {
+    provider: "moonshot",
+    baseUrl: provider.baseUrl,
+    ...model,
+    api: "openai-completions",
+  } as Model<"openai-completions">;
+  return [defaultModel, { ...defaultModel, baseUrl: MOONSHOT_CN_BASE_URL }];
+}
+
+function createNoopTool(): Tool {
+  return {
+    name: "noop",
+    description: "Return ok.",
+    parameters: Type.Object({}, { additionalProperties: false }),
+  };
+}
+
+async function collectDoneMessage(
+  stream: AsyncIterable<{ type: string; message?: AssistantMessage; error?: AssistantMessage }>,
+): Promise<AssistantMessage> {
+  let doneMessage: AssistantMessage | undefined;
+  for await (const event of stream) {
+    if (event.type === "error") {
+      throw new Error(event.error?.errorMessage || "Moonshot live request failed");
+    }
+    if (event.type === "done") {
+      doneMessage = event.message;
+    }
+  }
+  if (!doneMessage) {
+    throw new Error("Moonshot live stream ended without a done message");
+  }
+  return doneMessage;
+}
+
+describeModelLive("moonshot K2.6 replay live", () => {
+  it("accepts a cross-model tool-call replay after backfilling reasoning_content", async () => {
+    const provider = await registerSingleProviderPlugin(plugin);
+    const wrappedStream = provider.wrapStreamFn?.({
+      provider: "moonshot",
+      modelId: "kimi-k2.6",
+      thinkingLevel: "low",
+      streamFn: streamSimple,
+    } as never);
+    if (!wrappedStream) {
+      throw new Error("Moonshot provider did not register a stream wrapper");
+    }
+
+    const tool = createNoopTool();
+    const replayContext: Context = {
+      messages: [
+        {
+          role: "user",
+          content: "Call the noop tool.",
+          timestamp: Date.now(),
+        },
+        {
+          role: "assistant",
+          api: "openai-responses",
+          provider: "openai",
+          model: "gpt-5.5",
+          stopReason: "toolUse",
+          content: [{ type: "toolCall", id: "call_cross_model", name: "noop", arguments: {} }],
+          timestamp: Date.now(),
+        } as AssistantMessage,
+        {
+          role: "toolResult",
+          toolCallId: "call_cross_model",
+          toolName: "noop",
+          content: [{ type: "text", text: "ok" }],
+          isError: false,
+          timestamp: Date.now(),
+        },
+        {
+          role: "user",
+          content: "The tool returned ok. Reply with exactly: ok",
+          timestamp: Date.now(),
+        },
+      ],
+      tools: [tool],
+    };
+
+    const runScenario = async (model: Model<"openai-completions">) => {
+      let payload: Record<string, unknown> | undefined;
+      const response = await collectDoneMessage(
+        wrappedStream(model, replayContext, {
+          apiKey: MOONSHOT_API_KEY,
+          maxTokens: 256,
+          onPayload: (value) => {
+            payload = value as Record<string, unknown>;
+          },
+        }) as AsyncIterable<{
+          type: string;
+          message?: AssistantMessage;
+          error?: AssistantMessage;
+        }>,
+      );
+
+      const messages = payload?.messages as Array<Record<string, unknown>> | undefined;
+      const replayedAssistant = messages?.find(
+        (message) => message.role === "assistant" && Array.isArray(message.tool_calls),
+      );
+      expect(replayedAssistant?.reasoning_content).toBe("");
+      expect(response.stopReason).not.toBe("error");
+    };
+
+    let lastAuthError: unknown;
+    for (const model of resolveMoonshotModels("kimi-k2.6")) {
+      try {
+        await runScenario(model);
+        return;
+      } catch (error) {
+        if (!isMoonshotAuthDrift(error)) {
+          throw error;
+        }
+        lastAuthError = error;
+      }
+    }
+    throw toLintErrorObject(lastAuthError, "Moonshot K2.6 rejected the API key in both regions");
+  }, 180_000);
+});
+
+describeModelLive("moonshot K2.7 Code live", () => {
+  it("omits thinking controls and completes a replayed tool turn", async () => {
+    const provider = await registerSingleProviderPlugin(plugin);
+    const wrappedStream = provider.wrapStreamFn?.({
+      provider: "moonshot",
+      modelId: "kimi-k2.7-code",
+      thinkingLevel: "off",
+      extraParams: { thinking: { type: "disabled", keep: "all" } },
+      streamFn: streamSimple,
+    } as never);
+    if (!wrappedStream) {
+      throw new Error("Moonshot provider did not register a stream wrapper");
+    }
+
+    const tool = createNoopTool();
+    const firstUser = {
+      role: "user" as const,
+      content: "Call the noop tool with {}. Do not answer directly.",
+      timestamp: Date.now(),
+    };
+
+    const runScenario = async (model: Model<"openai-completions">) => {
+      let firstPayload: Record<string, unknown> | undefined;
+      const first = await collectDoneMessage(
+        wrappedStream(
+          model,
+          { messages: [firstUser], tools: [tool] },
+          {
+            apiKey: MOONSHOT_API_KEY,
+            maxTokens: 16_000,
+            temperature: 0,
+            onPayload: (payload) => {
+              firstPayload = payload as Record<string, unknown>;
+            },
+          },
+        ) as AsyncIterable<{
+          type: string;
+          message?: AssistantMessage;
+          error?: AssistantMessage;
+        }>,
+      );
+
+      expect(firstPayload).toBeDefined();
+      expect(firstPayload).not.toHaveProperty("thinking");
+      expect(firstPayload).not.toHaveProperty("reasoning_effort");
+      expect(firstPayload).not.toHaveProperty("temperature");
+      const reasoning = first.content.find((block) => block.type === "thinking");
+      if (!reasoning || reasoning.type !== "thinking" || reasoning.thinking.length === 0) {
+        throw new Error("Moonshot K2.7 Code did not return captured reasoning");
+      }
+      const toolCall = first.content.find((block) => block.type === "toolCall");
+      if (!toolCall || toolCall.type !== "toolCall") {
+        throw new Error(`Moonshot K2.7 Code did not call noop: ${first.stopReason}`);
+      }
+      expect(toolCall.name).toBe("noop");
+
+      let secondPayload: Record<string, unknown> | undefined;
+      const replayContext: Context = {
+        messages: [
+          firstUser,
+          first,
+          {
+            role: "toolResult",
+            toolCallId: toolCall.id,
+            toolName: toolCall.name,
+            content: [{ type: "text", text: "ok" }],
+            isError: false,
+            timestamp: Date.now(),
+          },
+          {
+            role: "user",
+            content: "Reply with exactly: ok",
+            timestamp: Date.now(),
+          },
+        ],
+        tools: [tool],
+      };
+      const second = await collectDoneMessage(
+        wrappedStream(model, replayContext, {
+          apiKey: MOONSHOT_API_KEY,
+          maxTokens: 16_000,
+          temperature: 0,
+          onPayload: (payload) => {
+            secondPayload = payload as Record<string, unknown>;
+          },
+        }) as AsyncIterable<{
+          type: string;
+          message?: AssistantMessage;
+          error?: AssistantMessage;
+        }>,
+      );
+
+      expect(secondPayload).toBeDefined();
+      expect(secondPayload).not.toHaveProperty("thinking");
+      expect(secondPayload).not.toHaveProperty("reasoning_effort");
+      expect(secondPayload).not.toHaveProperty("temperature");
+      const text = second.content
+        .filter((block) => block.type === "text")
+        .map((block) => block.text.trim())
+        .join(" ");
+      expect(text).toMatch(/^ok[.!]?$/i);
+    };
+
+    let lastAuthError: unknown;
+    for (const model of resolveMoonshotModels("kimi-k2.7-code")) {
+      try {
+        await runScenario(model);
+        return;
+      } catch (error) {
+        if (!isMoonshotAuthDrift(error)) {
+          throw error;
+        }
+        lastAuthError = error;
+      }
+    }
+    throw toLintErrorObject(
+      lastAuthError,
+      "Moonshot K2.7 Code rejected the API key in both regions",
+    );
+  }, 180_000);
+});
+
 function toLintErrorObject(value: unknown, fallbackMessage: string): Error {
  if (value instanceof Error) {
    return value;
--- a/extensions/moonshot/openclaw.plugin.json
+++ b/extensions/moonshot/openclaw.plugin.json
@@ -63,6 +63,20 @@
              "cacheWrite": 0
            }
          },
+          {
+            "id": "kimi-k2.7-code",
+            "name": "Kimi K2.7 Code",
+            "reasoning": true,
+            "input": ["text", "image"],
+            "contextWindow": 262144,
+            "maxTokens": 262144,
+            "cost": {
+              "input": 0.95,
+              "output": 4,
+              "cacheRead": 0.19,
+              "cacheWrite": 0
+            }
+          },
          {
            "id": "kimi-k2.5",
            "name": "Kimi K2.5",
--- a/extensions/moonshot/provider-catalog.test.ts
+++ b/extensions/moonshot/provider-catalog.test.ts
@@ -41,6 +41,7 @@ describe("moonshot provider catalog", () => {
    expect(provider.api).toBe("openai-completions");
    expect(provider.models.map((model) => model.id)).toEqual([
      "kimi-k2.6",
+      "kimi-k2.7-code",
      "kimi-k2.5",
      "kimi-k2-thinking",
      "kimi-k2-thinking-turbo",
@@ -52,6 +53,18 @@ describe("moonshot provider catalog", () => {
      cacheRead: 0.16,
      cacheWrite: 0,
    });
+    expect(requireMoonshotModel(provider, "kimi-k2.7-code")).toMatchObject({
+      reasoning: true,
+      input: ["text", "image"],
+      contextWindow: 262144,
+      maxTokens: 262144,
+      cost: {
+        input: 0.95,
+        output: 4,
+        cacheRead: 0.19,
+        cacheWrite: 0,
+      },
+    });
    expect(requireMoonshotModel(provider, "kimi-k2.5").cost).toEqual({
      input: 0.6,
      output: 3,
--- a/extensions/moonshot/provider-policy-api.ts
+++ b/extensions/moonshot/provider-policy-api.ts
@@ -0,0 +1,21 @@
+// Moonshot policy module exposes model-specific thinking controls before runtime registration.
+import type { ProviderDefaultThinkingPolicyContext } from "openclaw/plugin-sdk/core";
+
+export const KIMI_K2_7_CODE_MODEL_ID = "kimi-k2.7-code";
+
+export function resolveThinkingProfile(context: ProviderDefaultThinkingPolicyContext) {
+  if (context.modelId.trim().toLowerCase() === KIMI_K2_7_CODE_MODEL_ID) {
+    return {
+      levels: [{ id: "low" as const, label: "on" }],
+      defaultLevel: "low" as const,
+      preserveWhenCatalogReasoningFalse: true,
+    };
+  }
+  return {
+    levels: [
+      { id: "off" as const, label: "off" },
+      { id: "low" as const, label: "on" },
+    ],
+    defaultLevel: "off" as const,
+  };
+}
--- a/extensions/openrouter/index.test.ts
+++ b/extensions/openrouter/index.test.ts
@@ -11,6 +11,24 @@ import {
  expectUnifiedModelCatalogProviderRegistration,
 } from "openclaw/plugin-sdk/provider-test-contracts";
 import { describe, expect, it, vi } from "vitest";
+
+const { getOpenRouterModelCapabilitiesMock, loadOpenRouterModelCapabilitiesMock } = vi.hoisted(
+  () => ({
+    getOpenRouterModelCapabilitiesMock: vi.fn(),
+    loadOpenRouterModelCapabilitiesMock: vi.fn(async () => {}),
+  }),
+);
+
+vi.mock("openclaw/plugin-sdk/provider-stream-family", async (importOriginal) => {
+  const actual =
+    await importOriginal<typeof import("openclaw/plugin-sdk/provider-stream-family")>();
+  return {
+    ...actual,
+    getOpenRouterModelCapabilities: getOpenRouterModelCapabilitiesMock,
+    loadOpenRouterModelCapabilities: loadOpenRouterModelCapabilitiesMock,
+  };
+});
+
 import openrouterPlugin from "./index.js";
 import {
  buildOpenrouterProvider,
@@ -204,6 +222,59 @@ describe("openrouter provider hooks", () => {
    expect(buildOpenrouterProvider().models?.map((model) => model.id)).not.toContain("auto");
  });

+  it("normalizes OpenRouter API ids before capability loading and lookup", async () => {
+    getOpenRouterModelCapabilitiesMock.mockReset();
+    loadOpenRouterModelCapabilitiesMock.mockClear();
+    getOpenRouterModelCapabilitiesMock.mockReturnValue({
+      name: "Claude Sonnet 4.6",
+      reasoning: true,
+      input: ["text", "image"],
+      supportsTools: true,
+      cost: { input: 1, output: 2, cacheRead: 0, cacheWrite: 0 },
+      contextWindow: 200_000,
+      maxTokens: 64_000,
+    });
+    const provider = await registerSingleProviderPlugin(openrouterPlugin);
+    const modelId = "openrouter/anthropic/claude-sonnet-4.6";
+    const context = {
+      provider: "openrouter",
+      modelId,
+      modelRegistry: { find: vi.fn(() => null) },
+    } as never;
+
+    await provider.prepareDynamicModel?.(context);
+    const model = provider.resolveDynamicModel?.(context);
+
+    expect(loadOpenRouterModelCapabilitiesMock).toHaveBeenCalledWith("anthropic/claude-sonnet-4.6");
+    expect(getOpenRouterModelCapabilitiesMock).toHaveBeenCalledWith("anthropic/claude-sonnet-4.6");
+    expect(model).toMatchObject({
+      id: modelId,
+      name: "Claude Sonnet 4.6",
+      reasoning: true,
+      input: ["text", "image"],
+      compat: { supportsTools: true },
+      contextWindow: 200_000,
+      maxTokens: 64_000,
+    });
+  });
+
+  it("keeps native OpenRouter namespace ids for capability lookup", async () => {
+    getOpenRouterModelCapabilitiesMock.mockReset();
+    loadOpenRouterModelCapabilitiesMock.mockClear();
+    const provider = await registerSingleProviderPlugin(openrouterPlugin);
+    const context = {
+      provider: "openrouter",
+      modelId: "openrouter/auto",
+      modelRegistry: { find: vi.fn(() => null) },
+    } as never;
+
+    await provider.prepareDynamicModel?.(context);
+    provider.resolveDynamicModel?.(context);
+
+    expect(loadOpenRouterModelCapabilitiesMock).toHaveBeenCalledWith("openrouter/auto");
+    expect(getOpenRouterModelCapabilitiesMock).toHaveBeenCalledWith("openrouter/auto");
+  });
+
  it("does not include retired stealth models in the bundled catalog", () => {
    const modelIds = buildOpenrouterProvider().models?.map((model) => model.id) ?? [];
    expect(modelIds).not.toContain("openrouter/hunter-alpha");
@@ -389,6 +460,61 @@ describe("openrouter provider hooks", () => {
      },
    } as never);
    expect(normalizedHunterModel?.reasoning).toBe(false);
+    expect(normalizedHunterModel?.id).toBe("openrouter/hunter-alpha");
+
+    const normalizedAnthropicModel = provider.normalizeResolvedModel?.({
+      provider: "openrouter",
+      model: {
+        provider: "openrouter",
+        id: "openrouter/anthropic/claude-sonnet-4.6",
+        name: "anthropic/claude-sonnet-4.6",
+        api: "openai-completions",
+        baseUrl: "https://openrouter.ai/api/v1",
+        reasoning: true,
+        input: ["text", "image"],
+        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+        contextWindow: 200_000,
+        maxTokens: 8192,
+      },
+    } as never);
+    expect(normalizedAnthropicModel?.id).toBe("anthropic/claude-sonnet-4.6");
+
+    expect(
+      provider.normalizeResolvedModel?.({
+        provider: "openrouter",
+        modelId: "openrouter/auto",
+        model: {
+          provider: "openrouter",
+          id: "openrouter/auto",
+          name: "OpenRouter Auto",
+          api: "openai-completions",
+          baseUrl: "https://openrouter.ai/api/v1",
+          reasoning: false,
+          input: ["text", "image"],
+          cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+          contextWindow: 200_000,
+          maxTokens: 8192,
+        },
+      } as never),
+    ).toBeUndefined();
+
+    const normalizedDuplicatedAutoModel = provider.normalizeResolvedModel?.({
+      provider: "openrouter",
+      modelId: "openrouter/openrouter/auto",
+      model: {
+        provider: "openrouter",
+        id: "openrouter/openrouter/auto",
+        name: "OpenRouter Auto",
+        api: "openai-completions",
+        baseUrl: "https://openrouter.ai/api/v1",
+        reasoning: false,
+        input: ["text", "image"],
+        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+        contextWindow: 200_000,
+        maxTokens: 8192,
+      },
+    } as never);
+    expect(normalizedDuplicatedAutoModel?.id).toBe("openrouter/auto");

    expect(
      provider.normalizeTransport?.({
--- a/extensions/openrouter/index.ts
+++ b/extensions/openrouter/index.ts
@@ -17,7 +17,7 @@ import {
 } from "openclaw/plugin-sdk/provider-stream-family";
 import { buildOpenRouterImageGenerationProvider } from "./image-generation-provider.js";
 import { openrouterMediaUnderstandingProvider } from "./media-understanding-provider.js";
-import { isOpenRouterMistralModelId } from "./models.js";
+import { isOpenRouterMistralModelId, normalizeOpenRouterApiModelId } from "./models.js";
 import { buildOpenRouterMusicGenerationProvider } from "./music-generation-provider.js";
 import { createOpenRouterOAuthAuthMethod } from "./oauth.js";
 import { applyOpenrouterConfig, OPENROUTER_DEFAULT_MODEL_REF } from "./onboard.js";
@@ -51,15 +51,18 @@ const OPENROUTER_CACHE_TTL_MODEL_PREFIXES = [

 function normalizeOpenRouterResolvedModel<T extends ProviderRuntimeModel>(model: T): T | undefined {
  const normalizedBaseUrl = normalizeOpenRouterBaseUrl(model.baseUrl);
+  const normalizedId = normalizeOpenRouterApiModelId(model.id);
  const reasoning = isOpenRouterProxyReasoningUnsupportedModel(model.id) ? false : model.reasoning;
  if (
    (!normalizedBaseUrl || normalizedBaseUrl === model.baseUrl) &&
+    (!normalizedId || normalizedId === model.id) &&
    reasoning === model.reasoning
  ) {
    return undefined;
  }
  return {
    ...model,
+    ...(normalizedId ? { id: normalizedId } : {}),
    ...(normalizedBaseUrl ? { baseUrl: normalizedBaseUrl } : {}),
    reasoning,
  };
@@ -73,7 +76,8 @@ export default definePluginEntry({
    function buildDynamicOpenRouterModel(
      ctx: ProviderResolveDynamicModelContext,
    ): ProviderRuntimeModel {
-      const capabilities = getOpenRouterModelCapabilities(ctx.modelId);
+      const apiModelId = normalizeOpenRouterApiModelId(ctx.modelId) ?? ctx.modelId;
+      const capabilities = getOpenRouterModelCapabilities(apiModelId);
      return {
        id: ctx.modelId,
        name: capabilities?.name ?? ctx.modelId,
@@ -166,7 +170,9 @@ export default definePluginEntry({
      },
      resolveDynamicModel: (ctx) => buildDynamicOpenRouterModel(ctx),
      prepareDynamicModel: async (ctx) => {
-        await loadOpenRouterModelCapabilities(ctx.modelId);
+        await loadOpenRouterModelCapabilities(
+          normalizeOpenRouterApiModelId(ctx.modelId) ?? ctx.modelId,
+        );
      },
      normalizeConfig: ({ providerConfig }) => {
        const normalizedBaseUrl = normalizeOpenRouterBaseUrl(providerConfig.baseUrl);
--- a/extensions/openrouter/models.ts
+++ b/extensions/openrouter/models.ts
@@ -12,13 +12,30 @@ const OPENROUTER_MISTRAL_MODEL_PREFIXES = [
  "pixtral-",
  "voxtral-",
 ] as const;
+const OPENROUTER_MODEL_PREFIX = "openrouter/";

 export function normalizeOpenRouterModelId(modelId: unknown): string | undefined {
  if (typeof modelId !== "string") {
    return undefined;
  }
  const normalized = normalizeLowercaseStringOrEmpty(modelId);
-  return normalized.startsWith("openrouter/") ? normalized.slice("openrouter/".length) : normalized;
+  return normalized.startsWith(OPENROUTER_MODEL_PREFIX)
+    ? normalized.slice(OPENROUTER_MODEL_PREFIX.length)
+    : normalized;
+}
+
+export function normalizeOpenRouterApiModelId(modelId: unknown): string | undefined {
+  if (typeof modelId !== "string") {
+    return undefined;
+  }
+  const normalized = normalizeLowercaseStringOrEmpty(modelId);
+  if (!normalized.startsWith(OPENROUTER_MODEL_PREFIX)) {
+    return normalized;
+  }
+  const unprefixed = normalized.slice(OPENROUTER_MODEL_PREFIX.length);
+  // `openrouter/` is both a provider qualifier and an upstream namespace.
+  // Strip it only when the remainder is still a namespaced API model id.
+  return unprefixed.includes("/") ? unprefixed : normalized;
 }

 export function isOpenRouterMistralModelId(modelId: unknown): boolean {
--- a/extensions/openrouter/openrouter.live.test.ts
+++ b/extensions/openrouter/openrouter.live.test.ts
@@ -7,12 +7,17 @@ import {
 } from "openclaw/plugin-sdk/plugin-test-runtime";
 import { describe, expect, it } from "vitest";
 import plugin from "./index.js";
+import { normalizeOpenRouterApiModelId } from "./models.js";

 const OPENROUTER_MODELS_URL = "https://openrouter.ai/api/v1/models";
 const OPENROUTER_MISTRAL_PROVIDER_PREFIX = "mistralai/";
 const OPENROUTER_API_KEY = process.env.OPENROUTER_API_KEY ?? "";
-const LIVE_MODEL_ID =
-  process.env.OPENCLAW_LIVE_OPENROUTER_PLUGIN_MODEL?.trim() || "openai/gpt-5.4-nano";
+const LIVE_MODEL_REF =
+  process.env.OPENCLAW_LIVE_OPENROUTER_PLUGIN_MODEL?.trim() ||
+  "openrouter/anthropic/claude-sonnet-4.6";
+const LIVE_MODEL_ID = LIVE_MODEL_REF.startsWith("openrouter/")
+  ? LIVE_MODEL_REF
+  : `openrouter/${LIVE_MODEL_REF}`;
 const LIVE_CACHE_MODEL_ID =
  process.env.OPENCLAW_LIVE_OPENROUTER_CACHE_MODEL?.trim() || "deepseek/deepseek-v3.2";
 const liveEnabled = OPENROUTER_API_KEY.trim().length > 0 && process.env.OPENCLAW_LIVE_TEST === "1";
@@ -57,6 +62,40 @@ async function completeOpenRouterChat(params: {
  });
 }

+async function expectWeatherToolCall(client: OpenAI, model: string): Promise<void> {
+  const response = await client.chat.completions.create({
+    model,
+    messages: [{ role: "user", content: "Call get_weather for Paris." }],
+    tools: [
+      {
+        type: "function",
+        function: {
+          name: "get_weather",
+          description: "Get the weather for a city.",
+          parameters: {
+            type: "object",
+            properties: { city: { type: "string" } },
+            required: ["city"],
+            additionalProperties: false,
+          },
+        },
+      },
+    ],
+    tool_choice: {
+      type: "function",
+      function: { name: "get_weather" },
+    },
+    max_tokens: 64,
+  });
+
+  const toolCall = response.choices[0]?.message?.tool_calls?.find(
+    (call) => call.type === "function",
+  );
+  expect(toolCall?.type).toBe("function");
+  expect(toolCall?.function.name).toBe("get_weather");
+  expect(JSON.parse(toolCall?.function.arguments ?? "{}")).toMatchObject({ city: "Paris" });
+}
+
 async function fetchOpenRouterModelIds(): Promise<string[]> {
  const response = await fetch(OPENROUTER_MODELS_URL, {
    headers: { "accept-encoding": "identity" },
@@ -69,7 +108,7 @@ async function fetchOpenRouterModelIds(): Promise<string[]> {
 }

 describeLive("openrouter plugin live", () => {
-  it("registers an OpenRouter provider that can complete a live request", async () => {
+  it("normalizes a prefixed OpenRouter model and completes a live tool call", async () => {
    const { providers } = await registerOpenRouterPlugin();
    const provider = requireRegisteredProvider(providers, "openrouter");

@@ -87,17 +126,35 @@ describeLive("openrouter plugin live", () => {
    expect(resolved.api).toBe("openai-completions");
    expect(resolved.baseUrl).toBe("https://openrouter.ai/api/v1");

+    const normalized =
+      provider.normalizeResolvedModel?.({
+        provider: "openrouter",
+        modelId: resolved.id,
+        model: resolved,
+      }) ?? resolved;
+    expect(normalized.id).toBe(normalizeOpenRouterApiModelId(LIVE_MODEL_ID));
+
    const client = new OpenAI({
      apiKey: OPENROUTER_API_KEY,
-      baseURL: resolved.baseUrl,
+      baseURL: normalized.baseUrl,
    });
-    const response = await client.chat.completions.create({
-      model: resolved.id,
-      messages: [{ role: "user", content: "Reply with exactly OK." }],
-      max_tokens: 16,
+    const autoResolved = provider.resolveDynamicModel?.({
+      provider: "openrouter",
+      modelId: "openrouter/auto",
+      modelRegistry: new ModelRegistryCtor(AuthStorage.inMemory()),
    });
-
-    expect(response.choices[0]?.message?.content?.trim()).toMatch(/^OK[.!]?$/);
+    if (!autoResolved) {
+      throw new Error("openrouter provider did not resolve openrouter/auto");
+    }
+    const autoModel =
+      provider.normalizeResolvedModel?.({
+        provider: "openrouter",
+        modelId: autoResolved.id,
+        model: autoResolved,
+      }) ?? autoResolved;
+    expect(autoModel.id).toBe("openrouter/auto");
+    await expectWeatherToolCall(client, autoModel.id);
+    await expectWeatherToolCall(client, normalized.id);
  }, 30_000);
 });

--- a/extensions/parallel/src/parallel-mcp-search.runtime.test.ts
+++ b/extensions/parallel/src/parallel-mcp-search.runtime.test.ts
@@ -201,6 +201,10 @@ describe("runParallelMcpSearch", () => {
    expect(headerOf(endpointMockState.calls[2], "MCP-Protocol-Version")).toBe("2025-06-18");
    // No bearer token on the anonymous free path.
    expect(headerOf(endpointMockState.calls[0], "Authorization")).toBeUndefined();
+    // Every call identifies OpenClaw at the HTTP layer (not just node).
+    for (const call of endpointMockState.calls) {
+      expect(headerOf(call, "User-Agent")).toMatch(/^openclaw-parallel\//);
+    }
    // tools/call carries the documented web_search args.
    const callArgs = (readBody(endpointMockState.calls[2]).params as Record<string, unknown>)
      .arguments as Record<string, unknown>;
--- a/extensions/parallel/src/parallel-mcp-search.runtime.ts
+++ b/extensions/parallel/src/parallel-mcp-search.runtime.ts
@@ -14,6 +14,10 @@ const MCP_TIMEOUT_SECONDS = 30;

 const require = createRequire(import.meta.url);
 const PLUGIN_VERSION = readPluginPackageVersion({ require });
+// Identify free-tier traffic at the HTTP layer (mirrors the paid REST path);
+// without this, undici sends a generic `node` UA and OpenClaw usage is only
+// visible via the JSON-RPC `clientInfo` payload.
+const USER_AGENT = `openclaw-parallel/${PLUGIN_VERSION} (${process.platform})`;

 type JsonRpcMessage = Record<string, unknown>;

@@ -38,6 +42,7 @@ function mcpHeaders(params: {
 }): Record<string, string> {
  const headers: Record<string, string> = {
    "Content-Type": "application/json",
+    "User-Agent": USER_AGENT,
    // The Search MCP may answer either as a single JSON object or as an SSE
    // stream; advertise both so the server can pick.
    Accept: "application/json, text/event-stream",
--- a/extensions/qa-lab/api.ts
+++ b/extensions/qa-lab/api.ts
@@ -106,5 +106,6 @@ export {
  type QaSuiteStartLabFn,
  type QaSuiteSummaryJson,
  type QaSuiteSummaryJsonParams,
-  runQaSuite,
+  runQaFlowSuite,
 } from "./src/suite.js";
+export { runQaSuite, type QaSuiteRuntimeResult } from "./src/suite-launch.runtime.js";
--- a/extensions/qa-lab/src/character-eval.test.ts
+++ b/extensions/qa-lab/src/character-eval.test.ts
@@ -127,6 +127,7 @@ async function makeSuiteResult(params: {
  );
  return {
    outputDir: params.outputDir,
+    evidencePath: path.join(params.outputDir, "qa-evidence.json"),
    reportPath: path.join(params.outputDir, "qa-suite-report.md"),
    summaryPath,
    report: "# report",
--- a/extensions/qa-lab/src/character-eval.ts
+++ b/extensions/qa-lab/src/character-eval.ts
@@ -426,8 +426,8 @@ async function defaultRunJudge(params: {
 }

 async function defaultRunSuite(params: Parameters<RunSuiteFn>[0]) {
-  const { runQaSuiteFromRuntime } = await import("./suite-launch.runtime.js");
-  return await runQaSuiteFromRuntime(params);
+  const { runQaFlowSuiteFromRuntime } = await import("./suite-launch.runtime.js");
+  return await runQaFlowSuiteFromRuntime(params);
 }

 function renderCharacterEvalReport(params: {
--- a/extensions/qa-lab/src/cli-paths.ts
+++ b/extensions/qa-lab/src/cli-paths.ts
@@ -3,6 +3,18 @@ import fs from "node:fs/promises";
 import path from "node:path";
 import { assertNoSymlinkParents, pathScope } from "openclaw/plugin-sdk/security-runtime";

+export function toRepoPath(filePath: string): string {
+  return filePath.split(path.sep).join("/");
+}
+
+export function toRepoRelativePath(repoRoot: string, filePath: string): string {
+  return toRepoPath(path.relative(repoRoot, filePath));
+}
+
+export function isRepoRootRelativeRef(value: string) {
+  return !path.isAbsolute(value) && value.split(/[\\/]+/u).every((part) => part !== "..");
+}
+
 export function resolveRepoRelativeOutputDir(repoRoot: string, outputDir?: string) {
  if (!outputDir) {
    return undefined;
--- a/extensions/qa-lab/src/cli.runtime.test.ts
+++ b/extensions/qa-lab/src/cli.runtime.test.ts
@@ -6,7 +6,8 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";

 const {
  runQaManualLane,
-  runQaSuiteFromRuntime,
+  runQaFlowSuiteFromRuntime,
+  runQaSuite,
  runQaCharacterEval,
  runQaMultipass,
  listTelegramQaScenarioCatalog,
@@ -18,7 +19,8 @@ const {
  defaultQaRuntimeModelForMode,
 } = vi.hoisted(() => ({
  runQaManualLane: vi.fn(),
-  runQaSuiteFromRuntime: vi.fn(),
+  runQaFlowSuiteFromRuntime: vi.fn(),
+  runQaSuite: vi.fn(),
  runQaCharacterEval: vi.fn(),
  runQaMultipass: vi.fn(),
  listTelegramQaScenarioCatalog: vi.fn(),
@@ -36,7 +38,8 @@ vi.mock("./manual-lane.runtime.js", () => ({
 }));

 vi.mock("./suite-launch.runtime.js", () => ({
-  runQaSuiteFromRuntime,
+  runQaFlowSuiteFromRuntime,
+  runQaSuite,
 }));

 vi.mock("./character-eval.js", () => ({
@@ -82,6 +85,8 @@ import {
  runQaParityReportCommand,
  runQaSuiteCommand,
 } from "./cli.runtime.js";
+import { QaSuiteInfraError } from "./errors.js";
+import { QA_EVIDENCE_FILENAME } from "./evidence-summary.js";
 import { runQaTelegramCommand } from "./live-transports/telegram/cli.runtime.js";
 import { defaultQaModelForMode as defaultQaProviderModelForMode } from "./model-selection.js";
 import type { QaProviderModeInput } from "./run-config.js";
@@ -113,10 +118,51 @@ function expectWriteContains(mock: unknown, fragment: string): void {
  ).toBe(true);
 }

+function flowSuiteRuntimeResult(params: {
+  evidencePath?: string;
+  reportPath: string;
+  summaryPath: string;
+  scenarios?: unknown[];
+}) {
+  return {
+    executionKind: "flow",
+    result: {
+      outputDir: path.dirname(params.reportPath),
+      evidencePath:
+        params.evidencePath ?? path.join(path.dirname(params.reportPath), "qa-evidence.json"),
+      reportPath: params.reportPath,
+      summaryPath: params.summaryPath,
+      report: "# QA Suite Report\n",
+      scenarios: params.scenarios ?? [],
+      watchUrl: "http://127.0.0.1:43124",
+    },
+  };
+}
+
+function testFileSuiteRuntimeResult(params: {
+  evidencePath: string;
+  executionKind?: "vitest" | "playwright";
+  outputDir: string;
+  reportPath: string;
+  results?: unknown[];
+}) {
+  return {
+    executionKind: params.executionKind ?? "playwright",
+    result: {
+      outputDir: params.outputDir,
+      executionKind: params.executionKind ?? "playwright",
+      reportPath: params.reportPath,
+      evidencePath: params.evidencePath,
+      results: params.results ?? [{ status: "pass" }],
+    },
+  };
+}
+
 describe("qa cli runtime", () => {
  let stdoutWrite: ReturnType<typeof vi.spyOn>;
  let stderrWrite: ReturnType<typeof vi.spyOn>;
  let suiteArtifactsDir: string;
+  let suiteEvidencePath: string;
  let suiteReportPath: string;
  let suiteSummaryPath: string;
  let telegramArtifactsDir: string;
@@ -124,11 +170,13 @@ describe("qa cli runtime", () => {

  beforeEach(async () => {
    suiteArtifactsDir = await fs.mkdtemp(path.join(os.tmpdir(), "qa-suite-runtime-"));
+    suiteEvidencePath = path.join(suiteArtifactsDir, "qa-evidence.json");
    suiteReportPath = path.join(suiteArtifactsDir, "qa-suite-report.md");
    suiteSummaryPath = path.join(suiteArtifactsDir, "qa-suite-summary.json");
    telegramArtifactsDir = await fs.mkdtemp(path.join(os.tmpdir(), "qa-telegram-runtime-"));
-    telegramSummaryPath = path.join(telegramArtifactsDir, "telegram-qa-summary.json");
+    telegramSummaryPath = path.join(telegramArtifactsDir, QA_EVIDENCE_FILENAME);
    await fs.writeFile(suiteReportPath, "# QA Suite Report\n", "utf8");
+    await fs.writeFile(suiteEvidencePath, JSON.stringify({ entries: [] }), "utf8");
    await fs.writeFile(
      suiteSummaryPath,
      JSON.stringify({
@@ -155,7 +203,8 @@ describe("qa cli runtime", () => {
    );
    stdoutWrite = vi.spyOn(process.stdout, "write").mockReturnValue(true);
    stderrWrite = vi.spyOn(process.stderr, "write").mockReturnValue(true);
-    runQaSuiteFromRuntime.mockReset();
+    runQaFlowSuiteFromRuntime.mockReset();
+    runQaSuite.mockReset();
    runQaCharacterEval.mockReset();
    runQaManualLane.mockReset();
    runQaMultipass.mockReset();
@@ -169,7 +218,15 @@ describe("qa cli runtime", () => {
      (mode: string, options?: { alternate?: boolean }) =>
        defaultQaProviderModelForMode(mode as QaProviderModeInput, options),
    );
-    runQaSuiteFromRuntime.mockResolvedValue({
+    runQaSuite.mockResolvedValue(
+      flowSuiteRuntimeResult({
+        reportPath: suiteReportPath,
+        summaryPath: suiteSummaryPath,
+      }),
+    );
+    runQaFlowSuiteFromRuntime.mockResolvedValue({
+      outputDir: suiteArtifactsDir,
+      evidencePath: suiteEvidencePath,
      watchUrl: "http://127.0.0.1:43124",
      reportPath: suiteReportPath,
      summaryPath: suiteSummaryPath,
@@ -240,6 +297,48 @@ describe("qa cli runtime", () => {
    await fs.rm(telegramArtifactsDir, { recursive: true, force: true });
  });

+  it("runs selected Playwright scenarios through the suite command", async () => {
+    const evidencePath = path.join(suiteArtifactsDir, "qa-evidence.json");
+    await fs.writeFile(evidencePath, JSON.stringify({ entries: [] }), "utf8");
+    runQaSuite.mockResolvedValueOnce(
+      testFileSuiteRuntimeResult({
+        outputDir: suiteArtifactsDir,
+        reportPath: suiteReportPath,
+        evidencePath,
+      }),
+    );
+
+    await runQaSuiteCommand({
+      repoRoot: process.cwd(),
+      outputDir: ".artifacts/qa-e2e/scenario-test",
+      primaryModel: "mock-openai/gpt-5.5",
+      scenarioIds: ["control-ui-chat-flow-playwright"],
+    });
+
+    expect(runQaSuite).toHaveBeenCalledWith({
+      repoRoot: process.cwd(),
+      outputDir: path.join(process.cwd(), ".artifacts", "qa-e2e", "scenario-test"),
+      transportId: "qa-channel",
+      primaryModel: "mock-openai/gpt-5.5",
+      alternateModel: undefined,
+      fastMode: undefined,
+      scenarioIds: ["control-ui-chat-flow-playwright"],
+    });
+    expectWriteContains(stdoutWrite, `QA suite evidence: ${evidencePath}`);
+  });
+
+  it("rejects host-only resource options for Playwright scenarios", async () => {
+    await expect(
+      runQaSuiteCommand({
+        repoRoot: process.cwd(),
+        image: "lts",
+        scenarioIds: ["control-ui-chat-flow-playwright"],
+      }),
+    ).rejects.toThrow("--image, --cpus, --memory, and --disk require --runner multipass");
+
+    expect(runQaSuite).not.toHaveBeenCalled();
+  });
+
  it("resolves suite repo-root-relative paths before dispatching", async () => {
    await runQaSuiteCommand({
      repoRoot: "/tmp/openclaw-repo",
@@ -252,7 +351,7 @@ describe("qa cli runtime", () => {
      scenarioIds: ["approval-turn-tool-followthrough"],
    });

-    expect(runQaSuiteFromRuntime).toHaveBeenCalledWith({
+    expect(runQaSuite).toHaveBeenCalledWith({
      repoRoot: path.resolve("/tmp/openclaw-repo"),
      outputDir: path.resolve("/tmp/openclaw-repo", ".artifacts/qa/frontier"),
      transportId: "qa-channel",
@@ -273,7 +372,7 @@ describe("qa cli runtime", () => {
      enabledPluginIds: ["browser", "memory-core"],
    });

-    expect(runQaSuiteFromRuntime).toHaveBeenCalledWith({
+    expect(runQaSuite).toHaveBeenCalledWith({
      repoRoot: path.resolve("/tmp/openclaw-repo"),
      outputDir: undefined,
      transportId: "qa-channel",
@@ -294,7 +393,7 @@ describe("qa cli runtime", () => {
      runtimePair: "openclaw,codex",
    });

-    expect(runQaSuiteFromRuntime).toHaveBeenCalledWith({
+    expect(runQaSuite).toHaveBeenCalledWith({
      repoRoot: path.resolve("/tmp/openclaw-repo"),
      outputDir: undefined,
      transportId: "qa-channel",
@@ -316,7 +415,7 @@ describe("qa cli runtime", () => {
        runtimePair: "legacy-runtime,codex",
      }),
    ).rejects.toThrow('--runtime-pair only supports "openclaw" and "codex".');
-    expect(runQaSuiteFromRuntime).not.toHaveBeenCalled();
+    expect(runQaSuite).not.toHaveBeenCalled();
  });

  it("accepts legacy pi as a runtime-pair suite alias", async () => {
@@ -327,7 +426,7 @@ describe("qa cli runtime", () => {
      runtimePair: "pi,codex",
    });

-    expect(runQaSuiteFromRuntime).toHaveBeenCalledWith(
+    expect(runQaSuite).toHaveBeenCalledWith(
      expect.objectContaining({
        repoRoot: path.resolve("/tmp/openclaw-repo"),
        runtimePair: ["openclaw", "codex"],
@@ -344,7 +443,7 @@ describe("qa cli runtime", () => {
      scenarioIds: ["thread-memory-isolation"],
    });

-    expect(runQaSuiteFromRuntime).toHaveBeenCalledWith({
+    expect(runQaSuite).toHaveBeenCalledWith({
      repoRoot: path.resolve("/tmp/openclaw-repo"),
      outputDir: undefined,
      transportId: "qa-channel",
@@ -491,12 +590,13 @@ describe("qa cli runtime", () => {
      concurrency: 3,
    });

-    expectFields(mockFirstObjectArg(runQaSuiteFromRuntime), {
+    expectFields(mockFirstObjectArg(runQaSuite), {
      repoRoot: path.resolve("/tmp/openclaw-repo"),
      transportId: "qa-channel",
      scenarioIds: ["channel-chat-baseline", "thread-follow-up"],
      concurrency: 3,
    });
+    expectWriteContains(stdoutWrite, `QA suite evidence: ${suiteEvidencePath}`);
  });

  it("rejects fractional suite concurrency from programmatic callers", async () => {
@@ -507,7 +607,7 @@ describe("qa cli runtime", () => {
        concurrency: 1.5,
      }),
    ).rejects.toThrow("--concurrency must be a positive integer");
-    expect(runQaSuiteFromRuntime).not.toHaveBeenCalled();
+    expect(runQaSuite).not.toHaveBeenCalled();
  });

  it("sets a failing exit code when host suite scenarios fail", async () => {
@@ -525,12 +625,12 @@ describe("qa cli runtime", () => {
      }),
      "utf8",
    );
-    runQaSuiteFromRuntime.mockResolvedValueOnce({
-      watchUrl: "http://127.0.0.1:43124",
-      reportPath: suiteReportPath,
-      summaryPath: suiteSummaryPath,
-      scenarios: [],
-    });
+    runQaSuite.mockResolvedValueOnce(
+      flowSuiteRuntimeResult({
+        reportPath: suiteReportPath,
+        summaryPath: suiteSummaryPath,
+      }),
+    );

    try {
      await runQaSuiteCommand({
@@ -558,12 +658,12 @@ describe("qa cli runtime", () => {
      }),
      "utf8",
    );
-    runQaSuiteFromRuntime.mockResolvedValueOnce({
-      watchUrl: "http://127.0.0.1:43124",
-      reportPath: suiteReportPath,
-      summaryPath: suiteSummaryPath,
-      scenarios: [],
-    });
+    runQaSuite.mockResolvedValueOnce(
+      flowSuiteRuntimeResult({
+        reportPath: suiteReportPath,
+        summaryPath: suiteSummaryPath,
+      }),
+    );

    try {
      await runQaSuiteCommand({
@@ -590,18 +690,19 @@ describe("qa cli runtime", () => {
      }),
      "utf8",
    );
-    runQaSuiteFromRuntime.mockResolvedValueOnce({
-      watchUrl: "http://127.0.0.1:43124",
-      reportPath: suiteReportPath,
-      summaryPath: suiteSummaryPath,
-      scenarios: [
-        {
-          name: "channel chat baseline",
-          status: "fail",
-          steps: [],
-        },
-      ],
-    });
+    runQaSuite.mockResolvedValueOnce(
+      flowSuiteRuntimeResult({
+        reportPath: suiteReportPath,
+        summaryPath: suiteSummaryPath,
+        scenarios: [
+          {
+            name: "channel chat baseline",
+            status: "fail",
+            steps: [],
+          },
+        ],
+      }),
+    );

    try {
      await runQaSuiteCommand({
@@ -615,42 +716,45 @@ describe("qa cli runtime", () => {
  });

  it("retries host suite runs once for retryable infra failures", async () => {
-    runQaSuiteFromRuntime
-      .mockRejectedValueOnce(new Error("agent.wait timeout while waiting for transport ready"))
-      .mockResolvedValueOnce({
-        watchUrl: "http://127.0.0.1:43124",
-        reportPath: suiteReportPath,
-        summaryPath: suiteSummaryPath,
-        scenarios: [],
-      });
+    runQaSuite
+      .mockRejectedValueOnce(
+        new QaSuiteInfraError("agent_wait_failed", "agent.wait failed: gateway call timed out"),
+      )
+      .mockResolvedValueOnce(
+        flowSuiteRuntimeResult({
+          reportPath: suiteReportPath,
+          summaryPath: suiteSummaryPath,
+        }),
+      );

    await runQaSuiteCommand({
      repoRoot: "/tmp/openclaw-repo",
    });

-    expect(runQaSuiteFromRuntime).toHaveBeenCalledTimes(2);
-    expectWriteContains(stderrWrite, "[qa-suite] infra retry 1/1: agent.wait timeout");
+    expect(runQaSuite).toHaveBeenCalledTimes(2);
+    expectWriteContains(stderrWrite, "[qa-suite] infra retry 1/1: agent.wait failed");
  });

  it("retries host suite runs once for qa-channel readiness timeouts", async () => {
-    runQaSuiteFromRuntime
+    runQaSuite
      .mockRejectedValueOnce(
-        new Error(
+        new QaSuiteInfraError(
+          "transport_ready_timeout",
          "timed out after 180000ms waiting for qa-channel ready; last status: no qa-channel accounts reported",
        ),
      )
-      .mockResolvedValueOnce({
-        watchUrl: "http://127.0.0.1:43124",
-        reportPath: suiteReportPath,
-        summaryPath: suiteSummaryPath,
-        scenarios: [],
-      });
+      .mockResolvedValueOnce(
+        flowSuiteRuntimeResult({
+          reportPath: suiteReportPath,
+          summaryPath: suiteSummaryPath,
+        }),
+      );

    await runQaSuiteCommand({
      repoRoot: "/tmp/openclaw-repo",
    });

-    expect(runQaSuiteFromRuntime).toHaveBeenCalledTimes(2);
+    expect(runQaSuite).toHaveBeenCalledTimes(2);
    expectWriteContains(
      stderrWrite,
      "[qa-suite] infra retry 1/1: timed out after 180000ms waiting for qa-channel ready",
@@ -658,7 +762,7 @@ describe("qa cli runtime", () => {
  });

  it("does not retry host suite runs for generic timeout wording", async () => {
-    runQaSuiteFromRuntime.mockRejectedValueOnce(
+    runQaSuite.mockRejectedValueOnce(
      new Error("approval-turn timed out waiting for post-approval read"),
    );

@@ -668,7 +772,7 @@ describe("qa cli runtime", () => {
      }),
    ).rejects.toThrow("approval-turn timed out waiting for post-approval read");

-    expect(runQaSuiteFromRuntime).toHaveBeenCalledTimes(1);
+    expect(runQaSuite).toHaveBeenCalledTimes(1);
  });

  it("does not retry host suite runs for semantic failures", async () => {
@@ -686,24 +790,25 @@ describe("qa cli runtime", () => {
      }),
      "utf8",
    );
-    runQaSuiteFromRuntime.mockResolvedValueOnce({
-      watchUrl: "http://127.0.0.1:43124",
-      reportPath: suiteReportPath,
-      summaryPath: suiteSummaryPath,
-      scenarios: [
-        {
-          name: "channel chat baseline",
-          status: "fail",
-          steps: [],
-        },
-      ],
-    });
+    runQaSuite.mockResolvedValueOnce(
+      flowSuiteRuntimeResult({
+        reportPath: suiteReportPath,
+        summaryPath: suiteSummaryPath,
+        scenarios: [
+          {
+            name: "channel chat baseline",
+            status: "fail",
+            steps: [],
+          },
+        ],
+      }),
+    );

    try {
      await runQaSuiteCommand({
        repoRoot: "/tmp/openclaw-repo",
      });
-      expect(runQaSuiteFromRuntime).toHaveBeenCalledTimes(1);
+      expect(runQaSuite).toHaveBeenCalledTimes(1);
      expect(process.exitCode).toBe(1);
    } finally {
      process.exitCode = priorExitCode;
@@ -720,7 +825,7 @@ describe("qa cli runtime", () => {
      preflight: true,
    });

-    const preflightArgs = mockFirstObjectArg(runQaSuiteFromRuntime);
+    const preflightArgs = mockFirstObjectArg(runQaFlowSuiteFromRuntime);
    expectFields(preflightArgs, {
      repoRoot,
      transportId: "qa-channel",
@@ -749,7 +854,9 @@ describe("qa cli runtime", () => {
      }),
      "utf8",
    );
-    runQaSuiteFromRuntime.mockResolvedValueOnce({
+    runQaFlowSuiteFromRuntime.mockResolvedValueOnce({
+      outputDir: suiteArtifactsDir,
+      evidencePath: suiteEvidencePath,
      watchUrl: "http://127.0.0.1:43124",
      reportPath: suiteReportPath,
      summaryPath: suiteSummaryPath,
@@ -779,7 +886,9 @@ describe("qa cli runtime", () => {
      }),
      "utf8",
    );
-    runQaSuiteFromRuntime.mockResolvedValueOnce({
+    runQaFlowSuiteFromRuntime.mockResolvedValueOnce({
+      outputDir: suiteArtifactsDir,
+      evidencePath: suiteEvidencePath,
      watchUrl: "http://127.0.0.1:43124",
      reportPath: suiteReportPath,
      summaryPath: suiteSummaryPath,
@@ -818,7 +927,7 @@ describe("qa cli runtime", () => {
      scenarioIds: ["claude-cli-provider-capabilities-subscription"],
    });

-    expectFields(mockFirstObjectArg(runQaSuiteFromRuntime), {
+    expectFields(mockFirstObjectArg(runQaSuite), {
      repoRoot: path.resolve("/tmp/openclaw-repo"),
      providerMode: "live-frontier",
      primaryModel: "claude-cli/claude-sonnet-4-6",
@@ -835,7 +944,7 @@ describe("qa cli runtime", () => {
      scenarioIds: ["channel-chat-baseline"],
    });

-    expectFields(mockFirstObjectArg(runQaSuiteFromRuntime), {
+    expectFields(mockFirstObjectArg(runQaSuite), {
      repoRoot: path.resolve("/tmp/openclaw-repo"),
      scenarioIds: [
        "channel-chat-baseline",
@@ -862,7 +971,7 @@ describe("qa cli runtime", () => {
      scenarioIds: ["channel-chat-baseline"],
    });

-    expectFields(mockFirstObjectArg(runQaSuiteFromRuntime), {
+    expectFields(mockFirstObjectArg(runQaSuite), {
      repoRoot: path.resolve("/tmp/openclaw-repo"),
      scenarioIds: [
        "channel-chat-baseline",
@@ -887,7 +996,7 @@ describe("qa cli runtime", () => {
      scenarioIds: ["channel-chat-baseline", "runtime-tool-bash"],
    });

-    expectFields(mockFirstObjectArg(runQaSuiteFromRuntime), {
+    expectFields(mockFirstObjectArg(runQaSuite), {
      repoRoot: path.resolve("/tmp/openclaw-repo"),
      scenarioIds: [
        "channel-chat-baseline",
@@ -920,7 +1029,7 @@ describe("qa cli runtime", () => {
      runtimeParityTier: ["optional,soak"],
    });

-    expectFields(mockFirstObjectArg(runQaSuiteFromRuntime), {
+    expectFields(mockFirstObjectArg(runQaSuite), {
      scenarioIds: [
        "runtime-soak-100-turn",
        "runtime-tool-image-generate",
@@ -1460,7 +1569,21 @@ describe("qa cli runtime", () => {
      memory: "4G",
      disk: "24G",
    });
-    expect(runQaSuiteFromRuntime).not.toHaveBeenCalled();
+    expect(runQaSuite).not.toHaveBeenCalled();
+  });
+
+  it("rejects Vitest and Playwright scenarios on the multipass runner", async () => {
+    await expect(
+      runQaSuiteCommand({
+        repoRoot: "/tmp/openclaw-repo",
+        runner: "multipass",
+        scenarioIds: ["control-ui-chat-flow-playwright"],
+      }),
+    ).rejects.toThrow(
+      "--runner multipass requires execution.kind: flow scenarios; unsupported scenario(s): control-ui-chat-flow-playwright (playwright)",
+    );
+
+    expect(runQaMultipass).not.toHaveBeenCalled();
  });

  it("passes runtime-pair suite selection through to the multipass runner", async () => {
@@ -1658,7 +1781,9 @@ describe("qa cli runtime", () => {
          repoRoot: "/tmp/openclaw-repo",
          runner: "multipass",
        }),
-      ).rejects.toThrow("did not include counts.failed, counts.skipped, or scenarios[].status");
+      ).rejects.toThrow(
+        "did not include counts.failed, counts.skipped, scenarios[].status, or entries[].result.status",
+      );
    } finally {
      await fs.rm(repoRoot, { recursive: true, force: true });
    }
@@ -1713,7 +1838,7 @@ describe("qa cli runtime", () => {
      alternateModel: "anthropic/claude-opus-4-8",
    });

-    expect(runQaSuiteFromRuntime).toHaveBeenCalledWith({
+    expect(runQaSuite).toHaveBeenCalledWith({
      repoRoot: path.resolve("/tmp/openclaw-repo"),
      outputDir: undefined,
      transportId: "qa-channel",
--- a/Show More
+++ b/Show More