fix(android): remediate app CodeQL alerts

2026-06-09 15:31:18 +08:00 · 2026-04-28 01:17:58 -07:00
1077 changed files with 7245 additions and 44686 deletions
--- a/.agents/skills/clawsweeper/SKILL.md
+++ b/.agents/skills/clawsweeper/SKILL.md
@@ -1,138 +0,0 @@
---
-name: clawsweeper
-description: Inspect ClawSweeper commit-review and issue/PR-sweeper reports for OpenClaw, including recent per-commit reports, finding summaries, GitHub Checks, Actions monitoring, manual backfills, and report links.
---
-
-# ClawSweeper
-
-ClawSweeper lives at `~/Projects/clawsweeper`. Use this skill when Peter asks
-about ClawSweeper reports, commit-review checks, recent findings, historic
-backfills, or whether the sweeper/dispatch lane is healthy.
-
-## Start
-
-```bash
-cd ~/Projects/clawsweeper
-git status --short
-git pull --ff-only
-pnpm run build
-```
-
-Do not overwrite unrelated local edits. If the tree is dirty, inspect status
-and keep report-reading commands read-only unless Peter asked to commit.
-
-## Recent Commit Reports
-
-Canonical reports are flat:
-
-```text
-records/<repo-slug>/commits/<40-char-sha>.md
-```
-
-Use the lister instead of browsing date folders:
-
-```bash
-pnpm commit-reports -- --since 6h
-pnpm commit-reports -- --since "24 hours ago" --findings
-pnpm commit-reports -- --since 7d --non-clean
-pnpm commit-reports -- --repo openclaw/openclaw --author steipete --since 7d
-pnpm commit-reports -- --since 24h --json
-```
-
-One report per commit. Reruns overwrite the same SHA-named file. Results:
-`nothing_found`, `findings`, `inconclusive`, `failed`, `skipped_non_code`.
-
-## Monitor Actions
-
-Receiver lane in `openclaw/clawsweeper`:
-
-```bash
-gh run list --repo openclaw/clawsweeper --workflow "ClawSweeper Commit Review" \
-  --limit 12 --json databaseId,displayTitle,event,status,conclusion,createdAt,updatedAt,url
-gh run list --repo openclaw/clawsweeper --workflow "ClawSweeper Commit Review" \
-  --status in_progress --limit 20 --json databaseId,displayTitle,event,status,createdAt,url
-```
-
-Target dispatcher in `openclaw/openclaw`:
-
-```bash
-gh run list --repo openclaw/openclaw --workflow "ClawSweeper Dispatch" \
-  --event push --limit 8 --json databaseId,displayTitle,event,status,conclusion,headSha,url
-git ls-remote https://github.com/openclaw/openclaw.git refs/heads/main
-```
-
-Check the target commit's published report check:
-
-```bash
-gh api "repos/openclaw/openclaw/commits/<sha>/check-runs?per_page=100" \
-  --jq '.check_runs[] | select(.name=="ClawSweeper Commit Review") | [.status,.conclusion,.details_url] | @tsv'
-```
-
-## Manual Commit Rerun / Backfill
-
-Use the receiver workflow when Peter asks to rerun a specific commit report,
-review a specific commit, or backfill a historic range. Reruns overwrite the
-same canonical report file:
-`records/<repo-slug>/commits/<40-char-sha>.md`.
-
-Single-commit rerun:
-
-```bash
-gh workflow run commit-review.yml --repo openclaw/clawsweeper \
-  -f target_repo=openclaw/openclaw \
-  -f commit_sha=<sha> \
-  -f before_sha=<parent-sha> \
-  -f create_checks=false \
-  -f enabled=true
-```
-
-Historic range backfill:
-
-```bash
-gh workflow run commit-review.yml --repo openclaw/clawsweeper \
-  -f target_repo=openclaw/openclaw \
-  -f commit_sha=<end-sha> \
-  -f before_sha=<start-sha> \
-  -f create_checks=false \
-  -f enabled=true
-```
-
-Use `create_checks=true` only when Peter explicitly wants target commit check
-runs. Checks are opt-in; markdown reports are the primary surface.
-
-For a targeted rerun with extra instructions, add `additional_prompt`:
-
-```bash
-f additional_prompt="Review this commit with focus on <topic>."
-```
-
-After dispatch, monitor and then pull the regenerated report:
-
-```bash
-gh run list --repo openclaw/clawsweeper --workflow "ClawSweeper Commit Review" \
-  --limit 5 --json databaseId,displayTitle,status,conclusion,url
-gh run watch <run-id> --repo openclaw/clawsweeper --interval 30 --exit-status
-git pull --ff-only
-sed -n '1,180p' records/openclaw-openclaw/commits/<sha>.md
-```
-
-## Report Reading
-
-Lead with counts and useful findings:
-
-```bash
-pnpm commit-reports -- --since 24h
-pnpm commit-reports -- --since 24h --findings
-```
-
-If findings exist, open the markdown report and summarize:
-
- SHA and author/co-authors
- result, confidence, severity, check conclusion
- concrete finding and affected file
- whether the report includes tests/live checks
- GitHub report URL:
-  `https://github.com/openclaw/clawsweeper/blob/main/<report-path>`
-
-Do not post GitHub comments from this lane. Commit Sweeper's public surfaces are
-markdown reports and the `ClawSweeper Commit Review` check.
--- a/.agents/skills/clawsweeper/agents/openai.yaml
+++ b/.agents/skills/clawsweeper/agents/openai.yaml
@@ -1,4 +0,0 @@
-interface:
-  display_name: "ClawSweeper"
-  short_description: "Inspect ClawSweeper commit review reports and Actions runs."
-  default_prompt: "Review recent ClawSweeper commit reports and summarize findings."
--- a/.agents/skills/clownfish-cloud-pr/SKILL.md
+++ b/.agents/skills/clownfish-cloud-pr/SKILL.md
@@ -1,89 +0,0 @@
---
-name: clownfish-cloud-pr
-description: Use when launching Clownfish in GitHub Actions to create or update one guarded GitHub implementation PR from issue/PR refs, a ClawSweeper report, or a custom maintainer prompt.
---
-
-# Clownfish Cloud PR
-
-Use this skill when the user wants Codex to ask Clownfish to create a PR in the
-cloud from issue/PR refs plus a custom prompt.
-
-## Create One Job
-
-```bash
-cd ~/Projects/clownfish
-git status --short --branch
-npm run create-job -- \
-  --repo openclaw/openclaw \
-  --refs 123,456 \
-  --prompt-file /tmp/clownfish-prompt.md
-```
-
-From a ClawSweeper report:
-
-```bash
-npm run create-job -- \
-  --from-report ../clawsweeper/records/openclaw-openclaw/items/123.md
-```
-
-The script checks for an existing open PR/body match and remote branch named
-`clownfish/<cluster-id>` before writing a duplicate job. Use `--dry-run` to
-inspect the exact job body.
-
-## Validate And Dispatch
-
-```bash
-npm run validate:job -- jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-123.md
-npm run render -- jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-123.md --mode autonomous >/tmp/clownfish-rendered-prompt.md
-git add jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-123.md
-git commit -m "chore: add ClawSweeper promoted job"
-git push origin main
-npm run dispatch -- jobs/openclaw/inbox/clawsweeper-openclaw-openclaw-123.md \
-  --mode autonomous \
-  --runner blacksmith-4vcpu-ubuntu-2404 \
-  --execution-runner blacksmith-16vcpu-ubuntu-2404 \
-  --model gpt-5.5
-```
-
-Do not use `--dispatch` until the job is committed and pushed; the workflow
-reads the job path from GitHub. Keep `CLOWNFISH_ALLOW_MERGE=0` unless Peter
-explicitly opens the merge gate.
-
-## Maintainer Comment Commands
-
-Clownfish can also be asked from target repo comments, but only by maintainers.
-Use `/clownfish ...` or `@openclaw-clownfish ...`; do not use `@clownfish`
-because that is a separate GitHub user.
-
-Supported commands:
-
-```text
-/clownfish status
-/clownfish fix ci
-/clownfish address review
-/clownfish rebase
-/clownfish explain
-/clownfish stop
-@openclaw-clownfish fix ci
-```
-
-The router accepts `OWNER`, `MEMBER`, and `COLLABORATOR` comments by default.
-Contributor comments are ignored without a reply. Repair commands dispatch
-`cluster-worker.yml` only for existing Clownfish PRs with the `clownfish` label
-or `clownfish/*` branch.
-
-```bash
-npm run comment-router -- --repo openclaw/openclaw --lookback-minutes 180
-npm run comment-router -- --repo openclaw/openclaw --execute --wait-for-capacity
-```
-
-Scheduled routing stays dry until `CLOWNFISH_COMMENT_ROUTER_EXECUTE=1` is set in
-`openclaw/clownfish` repo variables.
-
-## Guardrails
-
- One cluster, one branch, one PR: `clownfish/<cluster-id>`.
- No security-sensitive work.
- Do not close duplicates before the fix PR path exists, lands, or is proven
-  unnecessary.
- Codex workers do not get GitHub tokens; deterministic scripts own writes.
--- a/.agents/skills/openclaw-pre-release-plugin-testing/SKILL.md
+++ b/.agents/skills/openclaw-pre-release-plugin-testing/SKILL.md
@@ -1,234 +0,0 @@
---
-name: openclaw-pre-release-plugin-testing
-description: Plan and run pre-release OpenClaw plugin validation across bundled plugins, package artifacts, lifecycle commands, doctor/fix, config round-trip, gateway startup, SDK compatibility, Docker E2E, Package Acceptance, and Testbox proof.
---
-
-# OpenClaw Pre-Release Plugin Testing
-
-Use this skill when the user asks for plugin release confidence, plugin lifecycle
-sweeps, package-artifact plugin proof, or "what else should we test before
-release?" It complements `openclaw-testing`; use that skill too when choosing
-the cheapest safe runner or debugging a failing lane.
-
-## Goal
-
-Prove the plugin system as a product surface, not just as source tests:
-
- bundled plugin lifecycle: install, inspect, enable, disable, uninstall
- package artifact behavior from a clean `HOME`
- doctor/fix/config validation and idempotence
- config discovery and config round-trip
- status/log visibility and diagnostics
- gateway startup/bootstrap with plugin metadata snapshots
- public SDK compatibility for real external plugins
- live-ish provider/channel probes only when safe credentials exist
-
-## First Checks
-
-From the OpenClaw repo root:
-
-```bash
-pnpm docs:list
-git status --short --branch
-readlink node_modules
-pnpm changed:lanes --json
-```
-
-In Codex worktrees under `.codex/worktrees`, `node_modules` must be a symlink to
-the main OpenClaw checkout. Do not run `pnpm install` there. For broad or
-package-heavy proof, use Blacksmith Testbox or GitHub Actions.
-
-## Runner Choice
-
-Prefer this order:
-
-1. **GitHub Package Acceptance** for installable-package product proof.
-2. **`ci-build-artifacts-testbox.yml` Testbox** when Docker/package lanes need
-   seeded `dist`, `dist-runtime`, and package caches.
-3. **`ci-check-testbox.yml` Testbox** for source checks, targeted Vitest,
-   package-boundary checks, or focused Docker lanes.
-4. **Local targeted commands only** for small format/static/unit probes.
-
-Avoid long package Docker runs from a stale sparse worktree. If Testbox sync
-reports hundreds of changed files or starts deleting package inputs, stop and
-warm a fresh box from current `main`, or switch to Package Acceptance.
-
-## Existing Baseline
-
-Run or verify these before inventing new coverage:
-
-```bash
-OPENCLAW_TESTBOX=1 pnpm check:changed
-pnpm run test:extensions:package-boundary:canary
-pnpm run test:extensions:package-boundary:compile
-pnpm test:docker:plugins
-OPENCLAW_PLUGINS_E2E_CLAWHUB=0 pnpm test:docker:plugins
-pnpm test:docker:plugin-update
-pnpm test:docker:bundled-channel-deps:fast
-```
-
-For full bundled install/uninstall proof, shard the packaged sweep:
-
-```bash
-OPENCLAW_BUNDLED_PLUGIN_SWEEP_TOTAL=8 \
-OPENCLAW_BUNDLED_PLUGIN_SWEEP_INDEX=<0-7> \
-pnpm test:docker:bundled-plugin-install-uninstall
-```
-
-Expected current packaged scope: 116 public bundled plugins over shards `0-7`.
-Private QA plugins are source-mode only unless a package explicitly includes
-them.
-
-## Confidence Matrix
-
-Use this matrix for pre-release signoff. Record pass/fail, run URL/Testbox ID,
-package SHA/version, and skipped-live reason.
-
-| Surface | Proof | Preferred runner |
-| --- | --- | --- |
-| Package artifact | Package Acceptance `suite_profile=package` or custom lanes | GitHub Actions |
-| Bundled lifecycle | 8-shard `test:docker:bundled-plugin-install-uninstall` | Testbox or release Docker |
-| External plugins | `test:docker:plugins` and `plugins-offline` | Testbox/package acceptance |
-| Update no-op | `test:docker:plugin-update` | Testbox/package acceptance |
-| Channel runtime deps | `test:docker:bundled-channel-deps:fast` plus key channels | Testbox/package acceptance |
-| Doctor/fix | seeded bad configs + `doctor --fix --non-interactive` | new Docker/Testbox harness |
-| Config round-trip | `config set/get`, inspect, doctor, reload, diff hash | new Docker/Testbox harness |
-| Gateway bootstrap | clean `HOME`, plugin groups enabled/disabled, status JSON | new Docker/Testbox harness |
-| SDK compatibility | directory, tgz, and `file:` external plugins using SDK subpaths | `test:docker:plugins` plus new smoke |
-| Live-ish | redacted provider/channel probes only for present env | Testbox live lanes |
-
-## Package Acceptance Plan
-
-Use this when validating a release branch, beta, or candidate package:
-
-```bash
-gh workflow run package-acceptance.yml \
-  --repo openclaw/openclaw \
-  --ref main \
-  -f workflow_ref=main \
-  -f source=ref \
-  -f package_ref=<branch-or-sha> \
-  -f suite_profile=custom \
-  -f docker_lanes='plugins-offline plugin-update bundled-channel-deps-compat doctor-switch update-channel-switch config-reload mcp-channels npm-onboard-channel-agent' \
-  -f telegram_mode=mock-openai
-```
-
-Use `source=npm -f package_spec=openclaw@beta` for published beta proof. Keep
-`workflow_ref` as trusted current harness code unless the release process says
-otherwise.
-
-## New Testbox Harness Plan
-
-If more certainty is needed, add or run a `plugin-lifecycle-matrix` Docker lane
-that uses one package tarball and sharded plugin lists. Per plugin:
-
-1. Start with a clean `HOME`.
-2. Capture `plugins list --json`.
-3. `plugins install <id>`.
-4. `plugins inspect <id> --json`.
-5. `plugins disable <id>`, then assert disabled visibility.
-6. `plugins enable <id>`, except config-required plugins without config.
-7. `plugins registry --refresh`.
-8. `doctor --non-interactive`.
-9. `plugins uninstall <id> --force`.
-10. Assert no config entry, allow/deny residue, install record, managed dir, or
-    bundled `dist/extensions/...` load path remains.
-11. Assert diagnostics contain no `level: "error"` and output redacts
-    secret-looking values.
-
-Keep `memory-lancedb` special: it is config-required. First assert install does
-not enable it without embedding config, then run a second configured case.
-
-## Doctor/Fix Matrix
-
-Seed bad states and require `doctor --fix --non-interactive` to repair them,
-then run doctor again and require idempotence:
-
- stale `plugins.allow`
- stale `plugins.entries`
- stale channel config for missing channel plugin
- invalid `plugins.entries.<id>.config`
- packaged bundled path in `plugins.load.paths`
- legacy `plugins.installs`
- disabled channel/plugin config that must not stage runtime deps
- root-owned global package tree that must remain unmodified
-
-## Gateway Bootstrap Matrix
-
-Start packaged OpenClaw in Docker with clean state:
-
- provider plugins enabled, no credentials: ready with warnings, no crash
- channel plugins configured disabled: no runtime deps staged
- startup-activation plugins enabled: ready and reflected in status
- invalid single plugin config: bad plugin skipped/quarantined, others remain
-
-Assert:
-
- gateway reaches ready
- `openclaw status --json` includes plugin diagnostics
- `openclaw plugins inspect --all --json` is parseable
- package tree is not mutated
- logs contain no raw tokens
-
-## Config Round-Trip Representatives
-
-Use representative plugin families instead of every plugin for deep config
-round-trip:
-
- providers: `openai`, `anthropic`, `mistral`, `openrouter`
- channels: `telegram`, `discord`, `slack`, `whatsapp`
- memory: `memory-lancedb`
- feature/runtime: `browser`, `acpx`, `tokenjuice`
-
-For each representative:
-
-1. Write config through CLI when possible.
-2. Read it back through `config get` or JSON.
-3. Run `plugins inspect`.
-4. Run `doctor --non-interactive`.
-5. Trigger gateway config reload if applicable.
-6. Compare config hash before/after no-op commands.
-
-## External SDK Smoke
-
-In a package Docker lane, create tiny external plugins and install them from:
-
- local directory
- `.tgz`
- `file:` npm spec
-
-Cover CJS and ESM shapes, plus at least one plugin importing focused
-`openclaw/plugin-sdk/*` subpaths. Assert `plugins inspect` sees its tool,
-gateway method, CLI command, or service.
-
-## Live-Ish Probe Rules
-
-Before live-ish work, source allowed env in Testbox and generate a redacted
-availability matrix: present/missing only, never values.
-
-Only run probes for credentials that exist. Prefer auth/catalog/status probes
-over sending user-visible messages. If a probe might contact an external user,
-channel, or workspace, stop and ask the user.
-
-## Reporting
-
-Report in this shape:
-
-```text
-package/ref:
-tbx ids / run urls:
-matrix:
-  bundled lifecycle:
-  package acceptance:
-  doctor/fix:
-  gateway bootstrap:
-  config round-trip:
-  sdk external:
-  live-ish:
-failures:
-skips:
-next highest-value gap:
-```
-
-Say clearly when a failure is Testbox sync/env damage rather than product
-behavior, and prove that with a clean rerun or current-main comparison.
--- a/.agents/skills/openclaw-pre-release-plugin-testing/agents/openai.yaml
+++ b/.agents/skills/openclaw-pre-release-plugin-testing/agents/openai.yaml
@@ -1,4 +0,0 @@
-interface:
-  display_name: "OpenClaw Plugin Pre-Release Testing"
-  short_description: "Plan plugin release validation"
-  default_prompt: "Use $openclaw-pre-release-plugin-testing to plan or run pre-release OpenClaw plugin validation across package, lifecycle, doctor, gateway, SDK, and live-ish proof."
--- a/.agents/skills/openclaw-test-performance/SKILL.md
+++ b/.agents/skills/openclaw-test-performance/SKILL.md
@@ -1,13 +1,12 @@
 ---
 name: openclaw-test-performance
-description: Benchmark, diagnose, and optimize OpenClaw test and plugin-suite runtime, import hotspots, CPU/RSS, heap growth, and slow coverage paths.
+description: Benchmark, diagnose, and optimize OpenClaw test runtime, import hotspots, CPU/RSS, and slow coverage paths.
 ---

 # OpenClaw Test Performance

-Use evidence first. The goal is real `pnpm test`, plugin-suite, and
-plugin-inspector speed/RSS improvement with coverage intact, not runner tuning by
-guesswork.
+Use evidence first. The goal is real `pnpm test` speed/RSS improvement with
+coverage intact, not runner tuning by guesswork.

 ## Workflow

@@ -22,9 +21,6 @@ guesswork.
 2. Establish a baseline before changing code:
   - Prefer `pnpm test:perf:groups --full-suite --allow-failures --output <file>`
     for full-suite ranking.
-   - For bundled plugin breadth, run the smallest relevant `pnpm
-test:extensions:batch <plugin[,plugin...]>` or plugin-inspector command
-     before jumping to the full extension sweep.
   - For a scoped hotspot use:
     `/usr/bin/time -l pnpm test <file-or-files> --maxWorkers=1 --reporter=verbose`
   - For import-heavy suspicion add:
@@ -37,8 +33,6 @@ test:extensions:batch <plugin[,plugin...]>` or plugin-inspector command
     passed, capture that as harness/noise and verify the suspect file directly.
 4. Pick the next attack by return and risk:
   - High return: one file/test dominates seconds or RSS and has a clear root.
-   - High leverage: one plugin or SDK barrel causes every plugin-inspector or
-     extension-batch run to load broad runtime.
   - Lower risk: static descriptors, target parsing, routing, auth bypass,
     setup hints, registry fixtures, or test server lifecycle.
   - Higher risk: real memory/runtime behavior, live providers, protocol
@@ -50,8 +44,6 @@ test:extensions:batch <plugin[,plugin...]>` or plugin-inspector command
     and pure helpers over broad mocks.
   - Reuse suite-level servers/clients when a fresh handshake is irrelevant.
   - Keep schedulers/background loops off unless the test proves scheduling.
-   - In plugin paths, move static metadata into manifest/lightweight artifacts
-     and keep runtime plugin loads behind explicit execution boundaries.
 6. Preserve coverage shape:
   - Do not delete a slow integration proof unless the exact production
     composition is extracted into a named helper and tested.
@@ -65,90 +57,6 @@ test:extensions:batch <plugin[,plugin...]>` or plugin-inspector command
 9. Commit with `scripts/committer "<message>" <paths...>` and push when the
   user asked for commits/pushes. Stage only files touched for this attack.

-## Plugin-Suite Workflow
-
-Use this section when perf work involves bundled plugins, plugin-inspector, SDK
-barrels, package-boundary tests, or extension suites.
-
-1. Map the suite shape first:
-   - source tests: `pnpm test extensions/<id>` or `pnpm test:extensions:batch <id>`
-   - package boundaries: `pnpm run test:extensions:package-boundary:canary` and
-     `pnpm run test:extensions:package-boundary:compile`
-   - all bundled source tests: `pnpm test:extensions`
-   - plugin import memory: `pnpm test:extensions:memory -- --json .artifacts/test-perf/extensions-memory.json`
-   - plugin-inspector/report work: keep report primitives in `plugin-inspector`;
-     keep wrappers thin and collect peak RSS when the command supports it.
-2. Start narrow, then widen:
-   - one plugin changed: run that plugin's tests and plugin-inspector slice.
-   - SDK/public barrel changed: add representative provider, channel, memory,
-     and feature plugins.
-   - loader/runtime mirror changed: add package-boundary checks and build/package
-     proof as needed.
-   - unknown shared plugin behavior: run `test:extensions:batch` groups before
-     `pnpm test:extensions`.
-3. Treat plugin-inspector failures as product signals:
-   - JSON must parse.
-   - warnings/errors must be classified, not hidden.
-   - runtime capture should be quiet and config-tolerant.
-   - command output should include wall time, exit code, and peak RSS when
-     available.
-4. For broad or package-heavy plugin proof, use Blacksmith Testbox by default on
-   maintainer machines. Warm once and reuse the same box:
-   - `blacksmith testbox warmup ci-check-testbox.yml --ref main --idle-timeout 90`
-   - `blacksmith testbox run --id <ID> "OPENCLAW_TESTBOX=1 pnpm test:extensions:batch <ids>"`
-   - stop the box when done.
-5. If plugin performance is package-artifact sensitive, switch to
-   `openclaw-pre-release-plugin-testing` and Package Acceptance rather than
-   trusting source-only timing.
-
-## Metric Collection
-
-Collect at least one stable metric before and after. Prefer the same machine and
-same command. For Testbox comparisons, use the same `tbx_...` id when possible.
-
-| Metric          | Use for                            | Preferred source                                                            |
-| --------------- | ---------------------------------- | --------------------------------------------------------------------------- |
-| wall time       | user-visible suite cost            | `/usr/bin/time -l`, test wrapper duration, Testbox run time                 |
-| Vitest duration | test body/import cost              | Vitest output per file/shard                                                |
-| import duration | broad barrel/runtime loads         | `OPENCLAW_VITEST_IMPORT_DURATIONS=1`                                        |
-| max RSS         | memory pressure and OOM risk       | `/usr/bin/time -l`, `pnpm test:extensions:memory`, wrapper memory summaries |
-| CPU/user/sys    | CPU-bound vs wait-bound split      | `/usr/bin/time -l` locally, Testbox job timing when local CPU is noisy      |
-| heap snapshots  | real leak vs retained module graph | `openclaw-test-heap-leaks` workflow                                         |
-
-Local scoped command with CPU/RSS:
-
-```bash
-timeout 240 /usr/bin/time -l pnpm test <file> --maxWorkers=1 --reporter=verbose
-```
-
-Plugin import memory profile:
-
-```bash
-pnpm build
-pnpm test:extensions:memory -- --top 20 --json .artifacts/test-perf/extensions-memory.json
-```
-
-Targeted plugin import memory:
-
-```bash
-pnpm test:extensions:memory -- --extension discord --extension telegram --skip-combined
-```
-
-Heap/RSS escalation:
-
-```bash
-OPENCLAW_TEST_MEMORY_TRACE=1 \
-OPENCLAW_TEST_HEAPSNAPSHOT_INTERVAL_MS=60000 \
-OPENCLAW_TEST_HEAPSNAPSHOT_DIR=.tmp/heapsnap \
-OPENCLAW_TEST_WORKERS=2 \
-OPENCLAW_TEST_MAX_OLD_SPACE_SIZE_MB=6144 \
-pnpm test
-```
-
-Use `openclaw-test-heap-leaks` when RSS keeps growing across intervals, workers
-OOM, or the suspect command has app-object retention. Do not call RSS growth a
-leak until snapshots or retainers support it.
-
 ## Common Root Causes

 - Full bundled channel/plugin runtime loaded for static data.
@@ -156,12 +64,6 @@ leak until snapshots or retainers support it.
  parser would suffice.
 - Broad `api.ts`, `runtime-api.ts`, `test-api.ts`, or plugin-sdk barrels pulled
  into hot tests.
- SDK root aliases or package barrels pulling focused subpaths back into a broad
-  plugin graph.
- Plugin-inspector loading runtime code just to render metadata, reports, or CI
-  policy scores.
- Bundled plugin capture reusing real config/home state instead of synthetic,
-  redacted, isolated state.
 - Partial-real mocks using `importActual()` around broad modules.
 - `vi.resetModules()` plus fresh imports in per-test loops.
 - Test plugin registry seeded in `beforeAll` while runtime state resets in
@@ -170,10 +72,6 @@ leak until snapshots or retainers support it.
 - Runtime/default model/auth selection paid by idle snapshots or fixtures.
 - Plugin-owned media/action discovery triggered before checking whether args
  contain plugin-owned fields.
- Timings missing from `test/fixtures/test-timings.unit.json`, causing hotspot
-  files to stay in shared workers.
- Parallel Vitest runs sharing `node_modules/.experimental-vitest-cache` without
-  distinct `OPENCLAW_VITEST_FS_MODULE_CACHE_PATH` values.

 ## Benchmark Commands

@@ -199,25 +97,6 @@ pnpm test:perf:groups --full-suite --allow-failures \
  --output .artifacts/test-perf/<name>.json
 ```

-Extension batch:
-
-```bash
-pnpm test:extensions:batch <plugin[,plugin...]> -- --reporter=verbose
-```
-
-All extension tests:
-
-```bash
-pnpm test:extensions
-```
-
-Package-boundary plugin checks:
-
-```bash
-pnpm run test:extensions:package-boundary:canary
-pnpm run test:extensions:package-boundary:compile
-```
-
 Reuse an existing Vitest JSON report:

 ```bash
@@ -228,26 +107,19 @@ pnpm test:perf:groups --report <vitest-json> \
 ## Verification

 - Always run the targeted test surface that proves the change.
- For source changes, run `pnpm check:changed` before push; in maintainer
-  Testbox mode run it in the warmed Testbox.
- For test-only changes, run `pnpm test:changed` or the exact edited tests.
+- Run `pnpm check` before commit unless the change is docs-only and the hook
+  handles it.
 - Run `pnpm build` when touching lazy-loading, bundled artifacts, package
  boundaries, dynamic imports, build output, or public surfaces.
- For plugin SDK/barrel/runtime changes, add `pnpm plugin-sdk:api:check` or
-  `pnpm plugin-sdk:api:gen` when the API surface may drift.
- For plugin-suite perf fixes, verify at least one representative plugin batch
-  plus the changed gate; use Package Acceptance if the bug only exists in a
-  packed artifact.
 - If deps are missing/stale, run `pnpm install` and retry the exact failed
  command once.
 - Use the report format:

 ```markdown
-| Metric         | Before |  After |          Gain |
-| -------------- | -----: | -----: | ------------: |
-| File wall time |   `Xs` |   `Ys` |  `-Zs` (`P%`) |
-| Max RSS        |  `XMB` |  `YMB` | `-ZMB` (`P%`) |
-| CPU user/sys   | `X/Ys` | `A/Bs` |       explain |
+| Metric         | Before | After |          Gain |
+| -------------- | -----: | ----: | ------------: |
+| File wall time |   `Xs` |  `Ys` |  `-Zs` (`P%`) |
+| Max RSS        |  `XMB` | `YMB` | `-ZMB` (`P%`) |
 ```

 ## Handoff
@@ -255,12 +127,8 @@ pnpm test:perf:groups --report <vitest-json> \
 Keep the final concise:

 - Root cause.
- Suite/plugin scope.
 - Files changed.
- Before/after wall, Vitest/import, CPU, and RSS numbers where available.
- Leak classification if memory was involved: real leak, retained module graph,
-  or inconclusive.
+- Before/after numbers.
 - Coverage retained.
 - Verification commands.
- Testbox ID or workflow URL for remote proof.
 - Commit hash and push status.
--- a/.agents/skills/openclaw-test-performance/agents/openai.yaml
+++ b/.agents/skills/openclaw-test-performance/agents/openai.yaml
@@ -1,6 +1,6 @@
 interface:
  display_name: "OpenClaw Test Performance"
-  short_description: "Benchmark tests, plugin suites, CPU, RSS, and heap growth"
-  default_prompt: "Use $openclaw-test-performance to reassess OpenClaw test and plugin-suite performance, collect wall/import/CPU/RSS metrics, investigate memory growth when needed, fix the next real hotspot without losing coverage, update the report, and commit scoped changes."
+  short_description: "Benchmark and fix slow OpenClaw tests"
+  default_prompt: "Use $openclaw-test-performance to reassess the OpenClaw test benchmark, identify the next real hotspot, fix it without losing coverage, update the report, and commit scoped changes."
 policy:
  allow_implicit_invocation: false
--- a/.agents/skills/openclaw-testing/SKILL.md
+++ b/.agents/skills/openclaw-testing/SKILL.md
@@ -222,13 +222,6 @@ When `Full Release Validation` dispatches release checks, it passes the requeste
 branch/tag plus an `expected_sha` so branch/tag refs resolve through the fast
 remote-ref path while the package and QA jobs still validate the exact SHA.

-The full-profile native live media shards use the prebuilt
-`ghcr.io/openclaw/openclaw-live-media-runner:ubuntu-24.04` container so
-`ffmpeg`/`ffprobe` are already present. If those jobs suddenly spend minutes in
-dependency setup again, first check the `Live Media Runner Image` workflow and
-the `Verify preinstalled live media dependencies` step before assuming the media
-tests themselves slowed down.
-
 The release Docker path intentionally shards the plugin/runtime tail. The
 workflow uses `plugins-runtime-plugins`, `plugins-runtime-services`, and
 `plugins-runtime-install-a` through `plugins-runtime-install-d`; aggregate
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -9,7 +9,6 @@
 /.github/dependabot.yml @openclaw/secops
 /.github/codeql/ @openclaw/secops
 /.github/workflows/codeql.yml @openclaw/secops
-/.github/workflows/codeql-android-critical-security.yml @openclaw/secops
 /.github/workflows/codeql-critical-quality.yml @openclaw/secops
 /src/security/ @openclaw/secops
 /src/secrets/ @openclaw/secops
--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@@ -4,7 +4,6 @@
 self-hosted-runner:
  labels:
    # Blacksmith CI runners
-    - blacksmith-4vcpu-ubuntu-2404
    - blacksmith-8vcpu-ubuntu-2404
    - blacksmith-8vcpu-windows-2025
    - blacksmith-16vcpu-ubuntu-2404
--- a/.github/codeql/codeql-agent-runtime-boundary-critical-quality.yml
+++ b/.github/codeql/codeql-agent-runtime-boundary-critical-quality.yml
@@ -1,53 +0,0 @@
-name: openclaw-codeql-agent-runtime-boundary-critical-quality
-
-disable-default-queries: true
-
-queries:
-  - uses: security-and-quality
-
-query-filters:
-  - include:
-      problem.severity:
-        - error
-  - exclude:
-      tags:
-        - security
-
-paths:
-  - src/acp/control-plane
-  - src/agents/command
-  - src/agents/cli-runner
-  - src/agents/pi-embedded-runner
-  - src/agents/tools
-  - src/agents/*completion*.ts
-  - src/agents/*transport*.ts
-  - src/agents/model-*.ts
-  - src/agents/openclaw-tools*.ts
-  - src/agents/provider-*.ts
-  - src/agents/session*.ts
-  - src/agents/tool-call*.ts
-  - src/auto-reply/reply/agent-runner*.ts
-  - src/auto-reply/reply/commands*.ts
-  - src/auto-reply/reply/directive-handling*.ts
-  - src/auto-reply/reply/dispatch-*.ts
-  - src/auto-reply/reply/get-reply-run*.ts
-  - src/auto-reply/reply/provider-dispatcher*.ts
-  - src/auto-reply/reply/queue*.ts
-  - src/auto-reply/reply/reply-run-registry*.ts
-  - src/auto-reply/reply/session*.ts
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/codeql/codeql-channel-runtime-boundary-critical-quality.yml
+++ b/.github/codeql/codeql-channel-runtime-boundary-critical-quality.yml
@@ -1,33 +0,0 @@
-name: openclaw-codeql-channel-runtime-boundary-critical-quality
-
-disable-default-queries: true
-
-queries:
-  - uses: security-and-quality
-
-query-filters:
-  - include:
-      problem.severity:
-        - error
-  - exclude:
-      tags:
-        - security
-
-paths:
-  - src/channels
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/codeql/codeql-channel-runtime-boundary-critical-security.yml
+++ b/.github/codeql/codeql-channel-runtime-boundary-critical-security.yml
@@ -1,50 +0,0 @@
-name: openclaw-codeql-channel-runtime-boundary-critical-security
-
-disable-default-queries: true
-
-queries:
-  - uses: security-extended
-
-query-filters:
-  - include:
-      precision:
-        - high
-        - very-high
-  - exclude:
-      problem.severity:
-        - recommendation
-        - warning
-
-paths:
-  - src/channels
-  - src/config/channel-*.ts
-  - src/config/types.channel*.ts
-  - src/gateway/server-channel*.ts
-  - src/gateway/server-methods/channels.ts
-  - src/gateway/protocol/schema/channels.ts
-  - src/infra/channel-*.ts
-  - src/infra/exec-approval-channel-runtime.ts
-  - src/infra/outbound/channel-*.ts
-  - src/plugin-sdk/channel-*.ts
-  - src/plugins/channel-*.ts
-  - src/plugins/bundled-channel-*.ts
-  - src/plugins/runtime/*channel*.ts
-  - src/secrets/channel-*.ts
-  - src/secrets/runtime-config-collectors-channels.ts
-  - src/security/audit-channel*.ts
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/codeql/codeql-config-boundary-critical-quality.yml
+++ b/.github/codeql/codeql-config-boundary-critical-quality.yml
@@ -1,33 +0,0 @@
-name: openclaw-codeql-config-boundary-critical-quality
-
-disable-default-queries: true
-
-queries:
-  - uses: security-and-quality
-
-query-filters:
-  - include:
-      problem.severity:
-        - error
-  - exclude:
-      tags:
-        - security
-
-paths:
-  - src/config
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/codeql/codeql-gateway-runtime-boundary-critical-quality.yml
+++ b/.github/codeql/codeql-gateway-runtime-boundary-critical-quality.yml
@@ -1,34 +0,0 @@
-name: openclaw-codeql-gateway-runtime-boundary-critical-quality
-
-disable-default-queries: true
-
-queries:
-  - uses: security-and-quality
-
-query-filters:
-  - include:
-      problem.severity:
-        - error
-  - exclude:
-      tags:
-        - security
-
-paths:
-  - src/gateway/protocol
-  - src/gateway/server-methods
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/codeql/codeql-javascript-typescript-critical-quality.yml
+++ b/.github/codeql/codeql-javascript-typescript-critical-quality.yml
@@ -22,6 +22,7 @@ paths:
  - src/agents/sandbox
  - src/agents/sandbox.ts
  - src/agents/sandbox-*.ts
+  - src/config
  - src/cron/service/jobs.ts
  - src/cron/stagger.ts
  - src/gateway/*auth*.ts
--- a/.github/codeql/codeql-plugin-boundary-critical-quality.yml
+++ b/.github/codeql/codeql-plugin-boundary-critical-quality.yml
@@ -1,76 +0,0 @@
-name: openclaw-codeql-plugin-boundary-critical-quality
-
-disable-default-queries: true
-
-queries:
-  - uses: security-and-quality
-
-query-filters:
-  - include:
-      problem.severity:
-        - error
-  - exclude:
-      tags:
-        - security
-
-paths:
-  - src/plugins/activation-planner.ts
-  - src/plugins/api-builder.ts
-  - src/plugins/bundled-compat.ts
-  - src/plugins/bundled-dir.ts
-  - src/plugins/bundled-plugin-metadata.ts
-  - src/plugins/bundled-public-surface-runtime-root.ts
-  - src/plugins/bundled-runtime-deps.ts
-  - src/plugins/bundled-runtime-root.ts
-  - src/plugins/captured-registration.ts
-  - src/plugins/config-activation-shared.ts
-  - src/plugins/config-contracts.ts
-  - src/plugins/config-normalization-shared.ts
-  - src/plugins/config-policy.ts
-  - src/plugins/config-schema.ts
-  - src/plugins/config-state.ts
-  - src/plugins/discovery.ts
-  - src/plugins/effective-plugin-ids.ts
-  - src/plugins/externalized-bundled-plugins.ts
-  - src/plugins/installed-plugin-index*.ts
-  - src/plugins/loader*.ts
-  - src/plugins/manifest*.ts
-  - src/plugins/module-export.ts
-  - src/plugins/package-entrypoints.ts
-  - src/plugins/plugin-registry*.ts
-  - src/plugins/provider-contract-public-artifacts.ts
-  - src/plugins/provider-public-artifacts.ts
-  - src/plugins/public-surface*.ts
-  - src/plugins/registry.ts
-  - src/plugins/registry-types.ts
-  - src/plugins/runtime
-  - src/plugins/runtime-state.ts
-  - src/plugins/runtime.ts
-  - src/plugins/sdk-alias.ts
-  - src/plugins/source-loader.ts
-  - src/plugins/types.ts
-  - src/plugins/validation-diagnostics.ts
-  - src/plugins/web-provider-public-artifacts*.ts
-  - src/plugin-sdk/*entry*.ts
-  - src/plugin-sdk/*facade*.ts
-  - src/plugin-sdk/api-baseline.ts
-  - src/plugin-sdk/config-schema.ts
-  - src/plugin-sdk/config-types.ts
-  - src/plugin-sdk/core.ts
-  - src/plugin-sdk/extension-shared.ts
-
-paths-ignore:
-  - "**/node_modules"
-  - "**/coverage"
-  - "**/*.generated.ts"
-  - "**/*.bundle.js"
-  - "**/*-runtime.js"
-  - "**/*.test.ts"
-  - "**/*.test.tsx"
-  - "**/*.e2e.test.ts"
-  - "**/*.e2e.test.tsx"
-  - "**/*test-support*"
-  - "**/*test-helper*"
-  - "**/*mock*"
-  - "**/*fixture*"
-  - "**/*bench*"
--- a/.github/images/live-media-runner/Dockerfile
+++ b/.github/images/live-media-runner/Dockerfile
@@ -1,16 +0,0 @@
-FROM ubuntu:24.04
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-RUN apt-get update \
-  && apt-get install -y --no-install-recommends \
-    bash \
-    ca-certificates \
-    curl \
-    ffmpeg \
-    git \
-    openssh-client \
-    unzip \
-    xz-utils \
-    zstd \
-  && rm -rf /var/lib/apt/lists/*
--- a/.github/workflows/ci-build-artifacts-testbox.yml
+++ b/.github/workflows/ci-build-artifacts-testbox.yml
@@ -26,7 +26,7 @@ jobs:
    timeout-minutes: 35
    steps:
      - name: Begin Testbox
-        uses: useblacksmith/begin-testbox@d0e04585c26905fdd92c94a09c159544c7ee1b67
+        uses: useblacksmith/begin-testbox@v2
        with:
          testbox_id: ${{ inputs.testbox_id }}

@@ -218,7 +218,7 @@ jobs:
        run: bash scripts/ci-hydrate-testbox-env.sh

      - name: Run Testbox
-        uses: useblacksmith/run-testbox@5ca05834db1d3813554d1dd109e5f2087a8d7cbc
+        uses: useblacksmith/run-testbox@v2
        if: always()
        env:
          FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
--- a/.github/workflows/ci-check-testbox.yml
+++ b/.github/workflows/ci-check-testbox.yml
@@ -25,7 +25,7 @@ jobs:
    timeout-minutes: 30
    steps:
      - name: Begin Testbox
-        uses: useblacksmith/begin-testbox@d0e04585c26905fdd92c94a09c159544c7ee1b67
+        uses: useblacksmith/begin-testbox@v2
        with:
          testbox_id: ${{ inputs.testbox_id }}
      - name: Checkout
@@ -121,7 +121,7 @@ jobs:
        run: bash scripts/ci-hydrate-testbox-env.sh

      - name: Run Testbox
-        uses: useblacksmith/run-testbox@5ca05834db1d3813554d1dd109e5f2087a8d7cbc
+        uses: useblacksmith/run-testbox@v2
        if: always()
        env:
          FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -36,7 +36,7 @@ jobs:
    runs-on: ubuntu-24.04
    timeout-minutes: 20
    outputs:
-      checkout_revision: ${{ steps.checkout_ref.outputs.sha }}
+      checkout_sha: ${{ steps.checkout_ref.outputs.sha }}
      docs_only: ${{ steps.manifest.outputs.docs_only }}
      docs_changed: ${{ steps.manifest.outputs.docs_changed }}
      run_node: ${{ steps.manifest.outputs.run_node }}
@@ -59,10 +59,6 @@ jobs:
      checks_node_core_dist_matrix: ${{ steps.manifest.outputs.checks_node_core_dist_matrix }}
      run_check: ${{ steps.manifest.outputs.run_check }}
      run_check_additional: ${{ steps.manifest.outputs.run_check_additional }}
-      run_plugin_prerelease_suite: ${{ steps.manifest.outputs.run_plugin_prerelease_suite }}
-      plugin_prerelease_ref: ${{ steps.manifest.outputs.plugin_prerelease_ref }}
-      plugin_prerelease_static_matrix: ${{ steps.manifest.outputs.plugin_prerelease_static_matrix }}
-      plugin_prerelease_docker_lanes: ${{ steps.manifest.outputs.plugin_prerelease_docker_lanes }}
      run_build_smoke: ${{ steps.manifest.outputs.run_build_smoke }}
      run_check_docs: ${{ steps.manifest.outputs.run_check_docs }}
      run_control_ui_i18n: ${{ steps.manifest.outputs.run_control_ui_i18n }}
@@ -128,10 +124,6 @@ jobs:
          OPENCLAW_CI_RUN_NODE_FAST_CI_ROUTING: ${{ github.event_name == 'workflow_dispatch' && 'false' || steps.changed_scope.outputs.run_node_fast_ci_routing || 'false' }}
          OPENCLAW_CI_RUN_SKILLS_PYTHON: ${{ github.event_name == 'workflow_dispatch' && 'true' || steps.changed_scope.outputs.run_skills_python || 'false' }}
          OPENCLAW_CI_RUN_CONTROL_UI_I18N: ${{ github.event_name == 'workflow_dispatch' && 'true' || steps.changed_scope.outputs.run_control_ui_i18n || 'false' }}
-          OPENCLAW_CI_CHECKOUT_REVISION: ${{ steps.checkout_ref.outputs.sha }}
-          OPENCLAW_CI_EVENT_NAME: ${{ github.event_name }}
-          OPENCLAW_CI_PR_HEAD_REPOSITORY: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name || github.repository }}
-          OPENCLAW_CI_PR_HEAD_SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || '' }}
          OPENCLAW_CI_REPOSITORY: ${{ github.repository }}
        run: |
          node --input-type=module <<'EOF'
@@ -139,9 +131,6 @@ jobs:
          import {
            createNodeTestShards,
          } from "./scripts/lib/ci-node-test-plan.mjs";
-          import {
-            assertPluginPrereleaseTestPlanComplete,
-          } from "./scripts/lib/plugin-prerelease-test-plan.mjs";
          import {
            createChannelContractTestShards,
          } from "./scripts/lib/channel-contract-test-plan.mjs";
@@ -184,16 +173,6 @@ jobs:
          const runSkillsPython = parseBoolean(process.env.OPENCLAW_CI_RUN_SKILLS_PYTHON) && !docsOnly;
          const runControlUiI18n =
            parseBoolean(process.env.OPENCLAW_CI_RUN_CONTROL_UI_I18N) && !docsOnly;
-          const pluginPrereleasePlan = assertPluginPrereleaseTestPlanComplete();
-          const trustedPluginPrereleaseRef =
-            process.env.OPENCLAW_CI_EVENT_NAME !== "pull_request" ||
-            process.env.OPENCLAW_CI_PR_HEAD_REPOSITORY === process.env.OPENCLAW_CI_REPOSITORY;
-          const pluginPrereleaseRef =
-            process.env.OPENCLAW_CI_EVENT_NAME === "pull_request" && trustedPluginPrereleaseRef
-              ? process.env.OPENCLAW_CI_PR_HEAD_SHA
-              : process.env.OPENCLAW_CI_CHECKOUT_REVISION;
-          const runPluginPrereleaseSuite =
-            runNodeFull && isCanonicalRepository && trustedPluginPrereleaseRef;
          const extensionTestShardCount = isCanonicalRepository
            ? DEFAULT_EXTENSION_TEST_SHARD_COUNT
            : Math.max(DEFAULT_EXTENSION_TEST_SHARD_COUNT, 36);
@@ -285,20 +264,6 @@ jobs:
            checks_node_core_dist_matrix: createMatrix(nodeTestDistShards),
            run_check: runNodeFull,
            run_check_additional: runNodeFull,
-            run_plugin_prerelease_suite: runPluginPrereleaseSuite,
-            plugin_prerelease_ref: runPluginPrereleaseSuite ? pluginPrereleaseRef : "",
-            plugin_prerelease_static_matrix: createMatrix(
-              runPluginPrereleaseSuite
-                ? pluginPrereleasePlan.staticChecks.map((check) => ({
-                    check_name: check.checkName,
-                    command: check.command,
-                    task: check.check,
-                  }))
-                : [],
-            ),
-            plugin_prerelease_docker_lanes: runPluginPrereleaseSuite
-              ? pluginPrereleasePlan.dockerLanes.join(" ")
-              : "",
            run_build_smoke: runNodeFull,
            run_check_docs: docsChanged,
            run_control_ui_i18n: runControlUiI18n,
@@ -503,7 +468,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -575,7 +540,7 @@ jobs:
          path: |
            dist/
            dist-runtime/
-          key: ${{ runner.os }}-dist-build-${{ needs.preflight.outputs.checkout_revision }}
+          key: ${{ runner.os }}-dist-build-${{ needs.preflight.outputs.checkout_sha }}

      - name: Pack built runtime artifacts
        run: tar --posix -cf dist-runtime-build.tar.zst --use-compress-program zstdmt dist dist-runtime
@@ -704,7 +669,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -799,7 +764,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -902,7 +867,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -970,7 +935,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1090,7 +1055,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1170,7 +1135,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1357,7 +1322,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1489,7 +1454,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1656,91 +1621,6 @@ jobs:
            exit 1
          fi

-  plugin-prerelease-static-shard:
-    permissions:
-      contents: read
-    name: ${{ matrix.check_name }}
-    needs: [preflight]
-    if: needs.preflight.outputs.run_plugin_prerelease_suite == 'true'
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    timeout-minutes: 45
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJson(needs.preflight.outputs.plugin_prerelease_static_matrix) }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ needs.preflight.outputs.checkout_revision }}
-          fetch-depth: 1
-          fetch-tags: false
-          persist-credentials: false
-          submodules: false
-
-      - name: Setup Node environment
-        uses: ./.github/actions/setup-node-env
-        with:
-          install-bun: "false"
-
-      - name: Run plugin prerelease static shard
-        env:
-          PLUGIN_PRERELEASE_COMMAND: ${{ matrix.command }}
-          PLUGIN_PRERELEASE_TASK: ${{ matrix.task }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          echo "Running ${PLUGIN_PRERELEASE_TASK}: ${PLUGIN_PRERELEASE_COMMAND}"
-          bash -c "$PLUGIN_PRERELEASE_COMMAND"
-
-  plugin-prerelease-docker-suite:
-    name: plugin-prerelease-docker-suite
-    needs: [preflight]
-    if: needs.preflight.outputs.run_plugin_prerelease_suite == 'true'
-    permissions:
-      actions: read
-      contents: read
-      packages: write
-      pull-requests: read
-    uses: ./.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
-    with:
-      ref: ${{ needs.preflight.outputs.plugin_prerelease_ref }}
-      include_repo_e2e: false
-      include_release_path_suites: false
-      include_openwebui: false
-      docker_lanes: ${{ needs.preflight.outputs.plugin_prerelease_docker_lanes }}
-      include_live_suites: false
-      live_models_only: false
-
-  plugin-prerelease-suite:
-    permissions:
-      contents: read
-    name: plugin-prerelease-suite
-    needs: [preflight, plugin-prerelease-static-shard, plugin-prerelease-docker-suite]
-    if: ${{ !cancelled() && always() && needs.preflight.outputs.run_plugin_prerelease_suite == 'true' }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Verify plugin prerelease suite
-        env:
-          DOCKER_RESULT: ${{ needs.plugin-prerelease-docker-suite.result }}
-          STATIC_RESULT: ${{ needs.plugin-prerelease-static-shard.result }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          failed=0
-          for result in \
-            "plugin-prerelease-static=${STATIC_RESULT}" \
-            "plugin-prerelease-docker=${DOCKER_RESULT}"
-          do
-            name="${result%%=*}"
-            status="${result#*=}"
-            if [ "$status" != "success" ]; then
-              echo "::error::${name} ended with ${status}"
-              failed=1
-            fi
-          done
-          exit "$failed"
-
  build-smoke:
    permissions:
      contents: read
@@ -1772,7 +1652,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
@@ -1835,7 +1715,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          ref: ${{ needs.preflight.outputs.checkout_sha }}
          persist-credentials: false
          submodules: false

@@ -1878,7 +1758,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          ref: ${{ needs.preflight.outputs.checkout_sha }}
          persist-credentials: false
          submodules: false

@@ -1983,7 +1863,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          ref: ${{ needs.preflight.outputs.checkout_sha }}
          persist-credentials: false
          submodules: false

@@ -2024,7 +1904,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          ref: ${{ needs.preflight.outputs.checkout_revision }}
+          ref: ${{ needs.preflight.outputs.checkout_sha }}
          persist-credentials: false
          submodules: false

@@ -2125,7 +2005,7 @@ jobs:
        shell: bash
        env:
          CHECKOUT_REPO: ${{ github.repository }}
-          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_revision }}
+          CHECKOUT_SHA: ${{ needs.preflight.outputs.checkout_sha }}
          CHECKOUT_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
--- a/.github/workflows/clawsweeper-dispatch.yml
+++ b/.github/workflows/clawsweeper-dispatch.yml
@@ -3,50 +3,34 @@ name: ClawSweeper Dispatch
 on:
  issues:
    types: [opened, reopened, edited, labeled, unlabeled]
-  push:
-    branches: [main]
  pull_request_target: # zizmor: ignore[dangerous-triggers] maintainer-owned external dispatch; no checkout or untrusted PR code execution
    types: [opened, reopened, synchronize, ready_for_review, edited, labeled, unlabeled]

 permissions:
  contents: read

-concurrency:
-  group: clawsweeper-dispatch-${{ github.repository }}-${{ github.event.issue.number || github.event.pull_request.number || github.run_id }}
-  cancel-in-progress: ${{ github.event.action == 'edited' || github.event.action == 'synchronize' || github.event.action == 'ready_for_review' }}
-
 jobs:
  dispatch:
    runs-on: ubuntu-latest
-    if: ${{ !(endsWith(github.actor, '[bot]') && (github.event.action == 'labeled' || github.event.action == 'unlabeled')) }}
    env:
      HAS_CLAWSWEEPER_APP_PRIVATE_KEY: ${{ secrets.CLAWSWEEPER_APP_PRIVATE_KEY != '' }}
-      CLAWSWEEPER_APP_CLIENT_ID: Iv23liOECG0slfuhz093
-      SUPERSEDES_IN_PROGRESS: ${{ (github.event.action == 'edited' || github.event.action == 'synchronize' || github.event.action == 'ready_for_review') && 'true' || 'false' }}
    steps:
-      - name: Debounce bursty metadata events
-        if: ${{ github.event.action == 'labeled' || github.event.action == 'unlabeled' }}
-        run: sleep 20
-
      - name: Create ClawSweeper dispatch token
        id: token
        if: ${{ env.HAS_CLAWSWEEPER_APP_PRIVATE_KEY == 'true' }}
-        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        uses: actions/create-github-app-token@v2
        with:
-          client-id: ${{ env.CLAWSWEEPER_APP_CLIENT_ID }}
+          app-id: 3306130
          private-key: ${{ secrets.CLAWSWEEPER_APP_PRIVATE_KEY }}
          owner: openclaw
          repositories: clawsweeper

      - name: Dispatch exact ClawSweeper review
-        if: ${{ github.event_name != 'push' }}
        env:
          GH_TOKEN: ${{ steps.token.outputs.token || secrets.OPENCLAW_GH_TOKEN }}
          TARGET_REPO: ${{ github.repository }}
          ITEM_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }}
          ITEM_KIND: ${{ github.event_name == 'pull_request_target' && 'pull_request' || 'issue' }}
-          SOURCE_EVENT: ${{ github.event_name }}
-          SOURCE_ACTION: ${{ github.event.action }}
        run: |
          if [ -z "$GH_TOKEN" ]; then
            echo "::notice::Skipping ClawSweeper dispatch because no dispatch credential is configured."
@@ -56,10 +40,7 @@ jobs:
            --arg target_repo "$TARGET_REPO" \
            --argjson item_number "$ITEM_NUMBER" \
            --arg item_kind "$ITEM_KIND" \
-            --arg source_event "$SOURCE_EVENT" \
-            --arg source_action "$SOURCE_ACTION" \
-            --argjson supersedes_in_progress "$SUPERSEDES_IN_PROGRESS" \
-            '{event_type:"clawsweeper_item",client_payload:{target_repo:$target_repo,item_number:$item_number,item_kind:$item_kind,source_event:$source_event,source_action:$source_action,supersedes_in_progress:$supersedes_in_progress}}')"
+            '{event_type:"clawsweeper_item",client_payload:{target_repo:$target_repo,item_number:$item_number,item_kind:$item_kind}}')"
          if gh api repos/openclaw/clawsweeper/dispatches \
            --method POST \
            --input - <<< "$payload"; then
@@ -67,36 +48,3 @@ jobs:
          else
            echo "::warning::Skipping ClawSweeper dispatch because the configured credential could not dispatch to openclaw/clawsweeper."
          fi
-
-      - name: Dispatch ClawSweeper commit review
-        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && github.event.deleted != true }}
-        env:
-          GH_TOKEN: ${{ steps.token.outputs.token || secrets.OPENCLAW_GH_TOKEN }}
-          TARGET_REPO: ${{ github.repository }}
-          BEFORE_SHA: ${{ github.event.before }}
-          AFTER_SHA: ${{ github.sha }}
-          SOURCE_REF: ${{ github.ref }}
-          CREATE_CHECKS: ${{ vars.CLAWSWEEPER_COMMIT_REVIEW_CREATE_CHECKS || 'false' }}
-        run: |
-          if [ -z "$GH_TOKEN" ]; then
-            echo "::notice::Skipping ClawSweeper commit dispatch because no dispatch credential is configured."
-            exit 0
-          fi
-          case "$CREATE_CHECKS" in
-            true|TRUE|1|yes|YES|on|ON) create_checks=true ;;
-            *) create_checks=false ;;
-          esac
-          payload="$(jq -nc \
-            --arg target_repo "$TARGET_REPO" \
-            --arg before_sha "$BEFORE_SHA" \
-            --arg after_sha "$AFTER_SHA" \
-            --arg ref "$SOURCE_REF" \
-            --argjson create_checks "$create_checks" \
-            '{event_type:"clawsweeper_commit_review",client_payload:{target_repo:$target_repo,before_sha:$before_sha,after_sha:$after_sha,ref:$ref,enabled:true,create_checks:$create_checks}}')"
-          if gh api repos/openclaw/clawsweeper/dispatches \
-            --method POST \
-            --input - <<< "$payload"; then
-            echo "Dispatched ClawSweeper commit review."
-          else
-            echo "::warning::Skipping ClawSweeper commit dispatch because the configured credential could not dispatch to openclaw/clawsweeper."
-          fi
--- a/.github/workflows/codeql-android-critical-security.yml
+++ b/.github/workflows/codeql-android-critical-security.yml
@@ -1,51 +0,0 @@
-name: CodeQL Android Critical Security
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 7 * * *"
-
-concurrency:
-  group: codeql-android-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.sha }}
-  cancel-in-progress: false
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
-
-permissions:
-  actions: read
-  contents: read
-  security-events: write
-
-jobs:
-  android:
-    name: Critical Security (android)
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    timeout-minutes: 45
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Setup Java
-        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
-        with:
-          distribution: temurin
-          java-version: "21"
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: java-kotlin
-          build-mode: manual
-          config-file: ./.github/codeql/codeql-android-critical-security.yml
-
-      - name: Build Android for CodeQL
-        working-directory: apps/android
-        run: ./gradlew --no-daemon :app:assemblePlayDebug
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-security/android"
--- a/.github/workflows/codeql-critical-quality.yml
+++ b/.github/workflows/codeql-critical-quality.yml
@@ -20,7 +20,7 @@ permissions:
 jobs:
  javascript-typescript:
    name: Critical Quality (javascript-typescript)
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-8vcpu-ubuntu-2404
    timeout-minutes: 25
    steps:
      - name: Checkout
@@ -38,108 +38,3 @@ jobs:
        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
        with:
          category: "/codeql-critical-quality/javascript-typescript"
-
-  config-boundary:
-    name: Critical Quality (config-boundary)
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    timeout-minutes: 25
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: javascript-typescript
-          config-file: ./.github/codeql/codeql-config-boundary-critical-quality.yml
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-quality/config-boundary"
-
-  gateway-runtime-boundary:
-    name: Critical Quality (gateway-runtime-boundary)
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    timeout-minutes: 25
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: javascript-typescript
-          config-file: ./.github/codeql/codeql-gateway-runtime-boundary-critical-quality.yml
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-quality/gateway-runtime-boundary"
-
-  channel-runtime-boundary:
-    name: Critical Quality (channel-runtime-boundary)
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    timeout-minutes: 25
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: javascript-typescript
-          config-file: ./.github/codeql/codeql-channel-runtime-boundary-critical-quality.yml
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-quality/channel-runtime-boundary"
-
-  agent-runtime-boundary:
-    name: Critical Quality (agent-runtime-boundary)
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    timeout-minutes: 25
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: javascript-typescript
-          config-file: ./.github/codeql/codeql-agent-runtime-boundary-critical-quality.yml
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-quality/agent-runtime-boundary"
-
-  plugin-boundary:
-    name: Critical Quality (plugin-boundary)
-    runs-on: blacksmith-4vcpu-ubuntu-2404
-    timeout-minutes: 25
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: javascript-typescript
-          config-file: ./.github/codeql/codeql-plugin-boundary-critical-quality.yml
-
-      - name: Analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          category: "/codeql-critical-quality/plugin-boundary"
--- a/.github/workflows/codeql-macos-critical-security.yml
+++ b/.github/workflows/codeql-macos-critical-security.yml
@@ -1,89 +0,0 @@
-name: CodeQL macOS Critical Security
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 8 * * 1"
-
-concurrency:
-  group: codeql-macos-critical-security-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && github.run_id || github.sha }}
-  cancel-in-progress: false
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
-
-permissions:
-  actions: read
-  contents: read
-  security-events: write
-
-jobs:
-  macos:
-    name: Critical Security (macOS)
-    runs-on: blacksmith-6vcpu-macos-latest
-    timeout-minutes: 45
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: false
-
-      - name: Select Xcode
-        run: |
-          sudo xcode-select -s /Applications/Xcode_26.1.app
-          xcodebuild -version
-          swift --version
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          languages: swift
-          build-mode: manual
-          config-file: ./.github/codeql/codeql-macos-critical-security.yml
-
-      - name: Build macOS for CodeQL
-        run: swift build --package-path apps/macos --product OpenClaw
-
-      - name: Analyze
-        id: analyze
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          output: sarif-results
-          upload: failure-only
-          category: "/codeql-critical-security/macos"
-
-      - name: Remove dependency build results
-        env:
-          SARIF_OUTPUT: sarif-results
-        run: |
-          set -euo pipefail
-          shopt -s nullglob
-
-          if [ ! -d "$SARIF_OUTPUT" ]; then
-            echo "SARIF output directory not found: $SARIF_OUTPUT" >&2
-            exit 1
-          fi
-
-          mkdir -p sarif-results-filtered
-
-          files=("$SARIF_OUTPUT"/*.sarif)
-          if [ "${#files[@]}" -eq 0 ]; then
-            echo "No SARIF files found in $SARIF_OUTPUT" >&2
-            exit 1
-          fi
-
-          for file in "${files[@]}"; do
-            jq '
-              def in_dependency_build:
-                ((.locations // []) | length > 0)
-                and all(.locations[]; (.physicalLocation.artifactLocation.uri? // "") | test("^apps/macos/\\.build/"));
-
-              .runs |= map(.results = ((.results // []) | map(select(in_dependency_build | not))))
-            ' "$file" > "sarif-results-filtered/$(basename "$file")"
-          done
-
-      - name: Upload filtered SARIF
-        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
-        with:
-          sarif_file: sarif-results-filtered
-          category: "/codeql-critical-security/macos"
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -11,6 +11,8 @@ on:
        options:
          - all
          - security
+          - android-security
+          - macos-security
  schedule:
    - cron: "0 6 * * *"

@@ -28,7 +30,7 @@ permissions:

 jobs:
  critical-security:
-    name: Critical Security (${{ matrix.category }})
+    name: Critical Security (${{ matrix.language }})
    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'security' }}
    runs-on: ${{ matrix.runs_on }}
    timeout-minutes: ${{ matrix.timeout_minutes }}
@@ -37,17 +39,10 @@ jobs:
      matrix:
        include:
          - language: javascript-typescript
-            category: javascript-typescript
            runs_on: blacksmith-8vcpu-ubuntu-2404
            timeout_minutes: 25
            config_file: ./.github/codeql/codeql-javascript-typescript-critical-security.yml
-          - language: javascript-typescript
-            category: channel-runtime-boundary
-            runs_on: blacksmith-8vcpu-ubuntu-2404
-            timeout_minutes: 25
-            config_file: ./.github/codeql/codeql-channel-runtime-boundary-critical-security.yml
          - language: actions
-            category: actions
            runs_on: blacksmith-8vcpu-ubuntu-2404
            timeout_minutes: 10
            config_file: ./.github/codeql/codeql-actions-critical-security.yml
@@ -66,4 +61,108 @@ jobs:
      - name: Analyze
        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
        with:
-          category: "/codeql-critical-security/${{ matrix.category }}"
+          category: "/codeql-critical-security/${{ matrix.language }}"
+
+  android-security:
+    name: Critical Security (android)
+    if: ${{ github.event_name == 'workflow_dispatch' && inputs.profile == 'android-security' }}
+    runs-on: blacksmith-8vcpu-ubuntu-2404
+    timeout-minutes: 45
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          submodules: false
+
+      - name: Setup Java
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
+        with:
+          distribution: temurin
+          java-version: "21"
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          languages: java-kotlin
+          build-mode: manual
+          config-file: ./.github/codeql/codeql-android-critical-security.yml
+
+      - name: Build Android for CodeQL
+        working-directory: apps/android
+        run: ./gradlew --no-daemon :app:assemblePlayDebug
+
+      - name: Analyze
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          category: "/codeql-critical-security/android"
+
+  macos-security:
+    name: Critical Security (macOS)
+    if: ${{ github.event_name == 'workflow_dispatch' && inputs.profile == 'macos-security' }}
+    runs-on: blacksmith-6vcpu-macos-latest
+    timeout-minutes: 45
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          submodules: false
+
+      - name: Select Xcode
+        run: |
+          sudo xcode-select -s /Applications/Xcode_26.1.app
+          xcodebuild -version
+          swift --version
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          languages: swift
+          build-mode: manual
+          config-file: ./.github/codeql/codeql-macos-critical-security.yml
+
+      - name: Build macOS for CodeQL
+        run: swift build --package-path apps/macos --product OpenClaw
+
+      - name: Analyze
+        id: analyze
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          output: sarif-results
+          upload: failure-only
+          category: "/codeql-critical-security/macos"
+
+      - name: Remove dependency build results
+        env:
+          SARIF_OUTPUT: sarif-results
+        run: |
+          set -euo pipefail
+          shopt -s nullglob
+
+          if [ ! -d "$SARIF_OUTPUT" ]; then
+            echo "SARIF output directory not found: $SARIF_OUTPUT" >&2
+            exit 1
+          fi
+
+          mkdir -p sarif-results-filtered
+
+          files=("$SARIF_OUTPUT"/*.sarif)
+          if [ "${#files[@]}" -eq 0 ]; then
+            echo "No SARIF files found in $SARIF_OUTPUT" >&2
+            exit 1
+          fi
+
+          for file in "${files[@]}"; do
+            jq '
+              def in_dependency_build:
+                ((.locations // []) | length > 0)
+                and all(.locations[]; (.physicalLocation.artifactLocation.uri? // "") | test("^apps/macos/\\.build/"));
+
+              .runs |= map(.results = ((.results // []) | map(select(in_dependency_build | not))))
+            ' "$file" > "sarif-results-filtered/$(basename "$file")"
+          done
+
+      - name: Upload filtered SARIF
+        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4
+        with:
+          sarif_file: sarif-results-filtered
+          category: "/codeql-critical-security/macos"
--- a/.github/workflows/docs-agent.yml
+++ b/.github/workflows/docs-agent.yml
@@ -149,7 +149,7 @@ jobs:

      - name: Run Codex docs agent
        if: steps.gate.outputs.run_agent == 'true'
-        uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02
+        uses: openai/codex-action@v1
        env:
          DOCS_AGENT_BASE_SHA: ${{ steps.gate.outputs.review_base_sha }}
          DOCS_AGENT_HEAD_SHA: ${{ steps.gate.outputs.review_head_sha }}
--- a/.github/workflows/full-release-validation.yml
+++ b/.github/workflows/full-release-validation.yml
@@ -82,7 +82,7 @@ permissions:

 concurrency:
  group: full-release-validation-${{ inputs.ref }}
-  cancel-in-progress: ${{ inputs.ref == 'main' }}
+  cancel-in-progress: false

 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
@@ -207,19 +207,6 @@ jobs:
            echo "Dispatched ${workflow}: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${run_id}"
            echo "run_id=${run_id}" >> "$GITHUB_OUTPUT"

-            cleanup_child_run() {
-              local exit_code=$?
-              trap - EXIT INT TERM
-              local child_status
-              child_status="$(gh run view "$run_id" --json status --jq '.status' 2>/dev/null || true)"
-              if [[ "$child_status" != "completed" ]]; then
-                echo "Cancelling child ${workflow} run ${run_id} after parent exit (${exit_code})."
-                gh run cancel "$run_id" || gh api -X POST "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/force-cancel" || true
-              fi
-              return "$exit_code"
-            }
-            trap cleanup_child_run EXIT INT TERM
-
            while true; do
              status="$(gh run view "$run_id" --json status --jq '.status')"
              if [[ "$status" == "completed" ]]; then
@@ -227,7 +214,6 @@ jobs:
              fi
              sleep 30
            done
-            trap - EXIT INT TERM

            conclusion="$(gh run view "$run_id" --json conclusion --jq '.conclusion')"
            url="$(gh run view "$run_id" --json url --jq '.url')"
@@ -246,23 +232,6 @@ jobs:
            echo "- Target SHA: \`${TARGET_SHA}\`"
          } >> "$GITHUB_STEP_SUMMARY"

-          cancel_same_sha_push_ci() {
-            local run_ids run_id
-            run_ids="$(
-              gh run list --workflow ci.yml --limit 100 --json databaseId,event,headSha,status \
-                --jq 'map(select(.event == "push" and .headSha == env.TARGET_SHA and (.status == "queued" or .status == "in_progress" or .status == "waiting" or .status == "pending"))) | .[].databaseId'
-            )"
-            if [[ -z "${run_ids// }" ]]; then
-              return 0
-            fi
-            while IFS= read -r run_id; do
-              [[ -n "${run_id// }" ]] || continue
-              echo "Cancelling same-SHA push CI run ${run_id}; Full Release Validation dispatches the full manual CI child for ${TARGET_SHA}."
-              gh run cancel "$run_id" || gh api -X POST "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/force-cancel" || true
-            done <<< "$run_ids"
-          }
-
-          cancel_same_sha_push_ci
          dispatch_and_wait ci.yml -f target_ref="$TARGET_SHA"

  release_checks:
@@ -326,19 +295,6 @@ jobs:
            echo "Dispatched ${workflow}: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${run_id}"
            echo "run_id=${run_id}" >> "$GITHUB_OUTPUT"

-            cleanup_child_run() {
-              local exit_code=$?
-              trap - EXIT INT TERM
-              local child_status
-              child_status="$(gh run view "$run_id" --json status --jq '.status' 2>/dev/null || true)"
-              if [[ "$child_status" != "completed" ]]; then
-                echo "Cancelling child ${workflow} run ${run_id} after parent exit (${exit_code})."
-                gh run cancel "$run_id" || gh api -X POST "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/force-cancel" || true
-              fi
-              return "$exit_code"
-            }
-            trap cleanup_child_run EXIT INT TERM
-
            while true; do
              status="$(gh run view "$run_id" --json status --jq '.status')"
              if [[ "$status" == "completed" ]]; then
@@ -346,7 +302,6 @@ jobs:
              fi
              sleep 30
            done
-            trap - EXIT INT TERM

            conclusion="$(gh run view "$run_id" --json conclusion --jq '.conclusion')"
            url="$(gh run view "$run_id" --json url --jq '.url')"
@@ -375,7 +330,7 @@ jobs:
          fi

          dispatch_and_wait openclaw-release-checks.yml \
-            -f ref="$TARGET_SHA" \
+            -f ref="$TARGET_REF" \
            -f expected_sha="$TARGET_SHA" \
            -f provider="$PROVIDER" \
            -f mode="$MODE" \
@@ -434,19 +389,6 @@ jobs:
          echo "Dispatched npm-telegram-beta-e2e.yml: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${run_id}"
          echo "run_id=${run_id}" >> "$GITHUB_OUTPUT"

-          cleanup_child_run() {
-            local exit_code=$?
-            trap - EXIT INT TERM
-            local child_status
-            child_status="$(gh run view "$run_id" --json status --jq '.status' 2>/dev/null || true)"
-            if [[ "$child_status" != "completed" ]]; then
-              echo "Cancelling npm-telegram-beta-e2e.yml child run ${run_id} after parent exit (${exit_code})."
-              gh run cancel "$run_id" || gh api -X POST "repos/${GITHUB_REPOSITORY}/actions/runs/${run_id}/force-cancel" || true
-            fi
-            return "$exit_code"
-          }
-          trap cleanup_child_run EXIT INT TERM
-
          while true; do
            status="$(gh run view "$run_id" --json status --jq '.status')"
            if [[ "$status" == "completed" ]]; then
@@ -454,7 +396,6 @@ jobs:
            fi
            sleep 30
          done
-          trap - EXIT INT TERM

          conclusion="$(gh run view "$run_id" --json conclusion --jq '.conclusion')"
          url="$(gh run view "$run_id" --json url --jq '.url')"
--- a/.github/workflows/install-smoke.yml
+++ b/.github/workflows/install-smoke.yml
@@ -104,8 +104,6 @@ jobs:

      - name: Set up Blacksmith Docker Builder
        uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1
-        with:
-          max-cache-size-mb: 800000

      # Blacksmith's builder owns the Docker layer cache; keep smoke builds off
      # explicit gha cache directives so local tags still load cleanly.
@@ -213,8 +211,6 @@ jobs:

      - name: Set up Blacksmith Docker Builder
        uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1
-        with:
-          max-cache-size-mb: 800000

      # Blacksmith's builder owns the Docker layer cache; keep smoke builds off
      # explicit gha cache directives so local tags still load cleanly.
@@ -365,8 +361,6 @@ jobs:

      - name: Set up Blacksmith Docker Builder
        uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1
-        with:
-          max-cache-size-mb: 800000

      - name: Setup Node environment for package smoke
        uses: ./.github/actions/setup-node-env
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -278,7 +278,6 @@ jobs:
            const labelColor = "B60205";
            const labelDescription = `Author has more than ${activePrLimit} active PRs in this repo`;
            const authorLogin = pullRequest.user?.login;
-            const headRefName = pullRequest.head?.ref ?? "";
            if (!authorLogin) {
              return;
            }
@@ -375,10 +374,7 @@ jobs:
              return false;
            };

-            const isClownfishPullRequest =
-              typeof headRefName === "string" && headRefName.startsWith("clownfish/");
-
-            if ((await isPrivilegedAuthor()) || isClownfishPullRequest) {
+            if (await isPrivilegedAuthor()) {
              if (labelNames.has(activePrLimitLabel)) {
                try {
                  await github.rest.issues.removeLabel({
--- a/.github/workflows/live-media-runner-image.yml
+++ b/.github/workflows/live-media-runner-image.yml
@@ -1,54 +0,0 @@
-name: Live Media Runner Image
-
-on:
-  workflow_dispatch:
-  push:
-    branches: [main]
-    paths:
-      - ".github/images/live-media-runner/Dockerfile"
-      - ".github/workflows/live-media-runner-image.yml"
-
-permissions:
-  contents: read
-  packages: write
-
-concurrency:
-  group: live-media-runner-image-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
-
-jobs:
-  build:
-    name: Build live media runner image
-    runs-on: blacksmith-8vcpu-ubuntu-2404
-    timeout-minutes: 30
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - name: Login to GHCR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
-
-      - name: Set up Blacksmith Docker Builder
-        uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1
-        with:
-          max-cache-size-mb: 800000
-
-      - name: Build and push live media runner image
-        uses: useblacksmith/build-push-action@cbd1f60d194a98cb3be5523b15134501eaf0fbf3 # v2
-        with:
-          context: .github/images/live-media-runner
-          file: .github/images/live-media-runner/Dockerfile
-          platforms: linux/amd64
-          tags: |
-            ghcr.io/openclaw/openclaw-live-media-runner:ubuntu-24.04
-            ghcr.io/openclaw/openclaw-live-media-runner:${{ github.sha }}
-          sbom: true
-          provenance: mode=max
-          push: true
--- a/.github/workflows/openclaw-cross-os-release-checks-reusable.yml
+++ b/.github/workflows/openclaw-cross-os-release-checks-reusable.yml
@@ -158,7 +158,7 @@ permissions: read-all

 concurrency:
  group: openclaw-cross-os-release-checks-${{ inputs.ref }}-${{ inputs.provider }}-${{ inputs.mode }}
-  cancel-in-progress: ${{ inputs.ref == 'main' }}
+  cancel-in-progress: false

 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
@@ -169,7 +169,7 @@ env:

 jobs:
  prepare:
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-8vcpu-ubuntu-2404
    outputs:
      baseline_file_name: ${{ steps.baseline_metadata.outputs.file_name }}
      baseline_spec: ${{ steps.baseline.outputs.value }}
@@ -321,7 +321,7 @@ jobs:
          submodules: recursive

      - name: Setup pnpm
-        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1
+        uses: pnpm/action-setup@v4
        with:
          version: ${{ env.PNPM_VERSION }}
          run_install: false
@@ -333,9 +333,6 @@ jobs:
          cache: pnpm
          cache-dependency-path: ${{ inputs.candidate_artifact_name == '' && 'source/pnpm-lock.yaml' || 'workflow/pnpm-lock.yaml' }}

-      - name: Ensure pnpm store cache directory exists
-        run: mkdir -p "$(pnpm store path --silent)"
-
      - name: Build candidate artifact once
        if: inputs.candidate_artifact_name == ''
        env:
@@ -499,7 +496,7 @@ jobs:
          persist-credentials: false

      - name: Setup pnpm
-        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1
+        uses: pnpm/action-setup@v4
        with:
          version: ${{ env.PNPM_VERSION }}
          run_install: false
--- a/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
+++ b/.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
@@ -1229,8 +1229,6 @@ jobs:
      - name: Setup Docker builder
        if: steps.image_exists.outputs.needs_build == '1'
        uses: useblacksmith/setup-docker-builder@ac083cc84672d01c60d5e8561d0a939b697de542 # v1
-        with:
-          max-cache-size-mb: 800000

      - name: Build and push bare Docker E2E image
        if: steps.plan.outputs.needs_bare_image == '1' && steps.image_exists.outputs.bare_exists != '1'
@@ -1578,138 +1576,196 @@ jobs:
            label: Native live agents
            command: node .release-harness/scripts/test-live-shard.mjs native-live-src-agents
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: stable full
          - suite_id: native-live-src-gateway-core
            label: Native live gateway core
            command: node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-core
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: minimum stable full
          - suite_id: native-live-src-gateway-profiles-anthropic
            label: Native live gateway profiles Anthropic
            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=anthropic node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: stable full
          - suite_id: native-live-src-gateway-profiles-google
            label: Native live gateway profiles Google
            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=google OPENCLAW_LIVE_GATEWAY_MODELS=google/gemini-3.1-pro-preview,google/gemini-3-flash-preview node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: stable full
          - suite_id: native-live-src-gateway-profiles-minimax
            label: Native live gateway profiles MiniMax
            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=minimax,minimax-portal node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: stable full
          - suite_id: native-live-src-gateway-profiles-openai
            label: Native live gateway profiles OpenAI
            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=openai OPENCLAW_LIVE_GATEWAY_MODELS=openai/gpt-5.5 node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: minimum stable full
          - suite_id: native-live-src-gateway-profiles-fireworks
            label: Native live gateway profiles Fireworks
            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=fireworks node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: full
          - suite_id: native-live-src-gateway-profiles-deepseek
            label: Native live gateway profiles DeepSeek
            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=deepseek node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: full
          - suite_id: native-live-src-gateway-profiles-opencode-go
            label: Native live gateway profiles OpenCode Go deep
            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=opencode-go node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: full
          - suite_id: native-live-src-gateway-profiles-opencode-go-smoke
            label: Native live gateway profiles OpenCode Go smoke
            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=opencode-go OPENCLAW_LIVE_GATEWAY_SMOKE=1 OPENCLAW_LIVE_GATEWAY_MAX_MODELS=1 node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 45
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: stable
          - suite_id: native-live-src-gateway-profiles-openrouter
            label: Native live gateway profiles OpenRouter
            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=openrouter node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: full
          - suite_id: native-live-src-gateway-profiles-xai
            label: Native live gateway profiles xAI
            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=xai node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: full
          - suite_id: native-live-src-gateway-profiles-zai
            label: Native live gateway profiles Z.ai
            command: OPENCLAW_LIVE_GATEWAY_PROVIDERS=zai node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-profiles
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: full
          - suite_id: native-live-src-gateway-backends
            label: Native live gateway backends
            command: node .release-harness/scripts/test-live-shard.mjs native-live-src-gateway-backends
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: stable full
          - suite_id: native-live-test
            label: Native live test harnesses
            command: node .release-harness/scripts/test-live-shard.mjs native-live-test
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: stable full
+          - suite_id: native-live-extensions-a-k
+            label: Native live plugins A-K
+            command: node .release-harness/scripts/test-live-shard.mjs native-live-extensions-a-k
+            timeout_minutes: 90
+            needs_ffmpeg: true
+            profile_env_only: false
+            profiles: full
          - suite_id: native-live-extensions-l-n
            label: Native live plugins L-N
            command: node .release-harness/scripts/test-live-shard.mjs native-live-extensions-l-n
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: full
          - suite_id: native-live-extensions-openai
            label: Native live OpenAI plugin
            command: node .release-harness/scripts/test-live-shard.mjs native-live-extensions-openai
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: minimum stable full
          - suite_id: native-live-extensions-o-z-other
            label: Native live plugins O-Z other
            command: node .release-harness/scripts/test-live-shard.mjs native-live-extensions-o-z-other
            timeout_minutes: 90
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: full
          - suite_id: native-live-extensions-xai
            label: Native live xAI plugin
            command: node .release-harness/scripts/test-live-shard.mjs native-live-extensions-xai
            timeout_minutes: 90
+            needs_ffmpeg: false
+            profile_env_only: false
+            profiles: full
+          - suite_id: native-live-extensions-media-audio
+            label: Native live media audio plugins
+            command: node .release-harness/scripts/test-live-shard.mjs native-live-extensions-media-audio
+            timeout_minutes: 90
+            needs_ffmpeg: true
+            profile_env_only: false
+            profiles: full
+          - suite_id: native-live-extensions-media-music-google
+            label: Native live media music Google
+            command: OPENCLAW_LIVE_MUSIC_GENERATION_PROVIDERS=google node .release-harness/scripts/test-live-shard.mjs native-live-extensions-media-music-google
+            timeout_minutes: 90
+            needs_ffmpeg: true
+            profile_env_only: false
+            profiles: full
+          - suite_id: native-live-extensions-media-music-minimax
+            label: Native live media music MiniMax
+            command: OPENCLAW_LIVE_MUSIC_GENERATION_PROVIDERS=minimax node .release-harness/scripts/test-live-shard.mjs native-live-extensions-media-music-minimax
+            timeout_minutes: 90
+            needs_ffmpeg: true
+            profile_env_only: false
+            profiles: full
+          - suite_id: native-live-extensions-media-video
+            label: Native live media video plugins
+            command: node .release-harness/scripts/test-live-shard.mjs native-live-extensions-media-video
+            timeout_minutes: 90
+            needs_ffmpeg: true
            profile_env_only: false
            profiles: full
          - suite_id: live-gateway-docker
            label: Docker live gateway
            command: OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" bash .release-harness/scripts/test-live-gateway-models-docker.sh
            timeout_minutes: 120
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: minimum stable full
          - suite_id: live-cli-backend-docker
            label: Docker live CLI backend
            command: OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" bash .release-harness/scripts/test-live-cli-backend-docker.sh
            timeout_minutes: 120
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: stable full
          - suite_id: live-acp-bind-docker
            label: Docker live ACP bind
            command: OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" bash .release-harness/scripts/test-live-acp-bind-docker.sh
            timeout_minutes: 120
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: stable full
          - suite_id: live-codex-harness-docker
            label: Docker live Codex harness
            command: OPENCLAW_LIVE_DOCKER_REPO_ROOT="$GITHUB_WORKSPACE" bash .release-harness/scripts/test-live-codex-harness-docker.sh
            timeout_minutes: 120
+            needs_ffmpeg: false
            profile_env_only: false
            profiles: stable full
    env:
@@ -1789,6 +1845,25 @@ jobs:
        if: contains(matrix.profiles, inputs.release_test_profile)
        run: bash scripts/ci-hydrate-live-auth.sh

+      - name: Install live media dependencies
+        if: matrix.needs_ffmpeg && contains(matrix.profiles, inputs.release_test_profile)
+        shell: bash
+        run: |
+          set -euo pipefail
+          if ! command -v ffmpeg >/dev/null 2>&1; then
+            for attempt in 1 2 3; do
+              if sudo apt-get update -o Acquire::Retries=3; then
+                break
+              fi
+              if [[ "${attempt}" == "3" ]]; then
+                exit 1
+              fi
+              sleep $((attempt * 5))
+            done
+            sudo env DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ffmpeg
+          fi
+          ffmpeg -version | head -1
+
      - name: Configure suite-specific env
        if: contains(matrix.profiles, inputs.release_test_profile)
        shell: bash
@@ -1800,25 +1875,22 @@ jobs:
          case "${{ matrix.suite_id }}" in
            live-cli-backend-docker)
              echo "OPENCLAW_LIVE_CLI_BACKEND_MODEL=codex-cli/gpt-5.5" >> "$GITHUB_ENV"
-              # Keep the release-blocking CI lane on Codex API-key auth. The
-              # staged auth-file path remains supported for local maintainer
-              # reruns, but it can hang on stale subscription/session state in
-              # an otherwise healthy release run.
-              echo "OPENCLAW_LIVE_CLI_BACKEND_AUTH=api-key" >> "$GITHUB_ENV"
-              # Replace the staged config.toml with a minimal CI-safe config so
-              # the repo stays trusted for MCP/tool use without inheriting
-              # maintainer-local provider/profile overrides that do not exist
-              # inside CI.
+              # The CLI backend Docker lane should exercise the same staged
+              # Codex auth path Peter uses locally so MCP cron creation and
+              # multimodal probes stay covered in CI. Replace the staged
+              # config.toml with a minimal CI-safe config so the repo stays
+              # trusted for MCP/tool use without inheriting maintainer-local
+              # provider/profile overrides that do not exist inside CI.
              # Codex's workspace-write sandbox relies on user namespaces that
              # this Docker lane does not provide, so run Codex unsandboxed
              # inside the already-isolated container to keep MCP cron/tool
              # execution representative instead of failing on nested sandbox
              # setup.
+              echo 'OPENCLAW_LIVE_CLI_BACKEND_CLEAR_ENV=["OPENAI_API_KEY","OPENAI_BASE_URL"]' >> "$GITHUB_ENV"
              echo 'OPENCLAW_LIVE_CLI_BACKEND_ARGS=["exec","--json","--color","never","--sandbox","danger-full-access","--skip-git-repo-check"]' >> "$GITHUB_ENV"
              echo 'OPENCLAW_LIVE_CLI_BACKEND_RESUME_ARGS=["exec","resume","{sessionId}","-c","sandbox_mode=\"danger-full-access\"","--skip-git-repo-check"]' >> "$GITHUB_ENV"
              echo "OPENCLAW_LIVE_CLI_BACKEND_DEBUG=1" >> "$GITHUB_ENV"
              echo "OPENCLAW_CLI_BACKEND_LOG_OUTPUT=1" >> "$GITHUB_ENV"
-              echo "OPENCLAW_TEST_CONSOLE=1" >> "$GITHUB_ENV"
              echo "OPENCLAW_LIVE_CLI_BACKEND_USE_CI_SAFE_CODEX_CONFIG=1" >> "$GITHUB_ENV"
              ;;
            live-codex-harness-docker)
@@ -1826,9 +1898,6 @@ jobs:
              # is currently stale, but the wrapper still supports codex-auth for
              # local maintainer reruns without changing Peter's flow.
              echo "OPENCLAW_LIVE_CODEX_HARNESS_AUTH=api-key" >> "$GITHUB_ENV"
-              echo "OPENCLAW_LIVE_CODEX_HARNESS_DEBUG=1" >> "$GITHUB_ENV"
-              echo "OPENCLAW_CLI_BACKEND_LOG_OUTPUT=1" >> "$GITHUB_ENV"
-              echo "OPENCLAW_TEST_CONSOLE=1" >> "$GITHUB_ENV"
              ;;
            live-acp-bind-docker)
              if [[ -n "${GEMINI_API_KEY:-}" || -n "${GOOGLE_API_KEY:-}" ]]; then
@@ -1845,146 +1914,3 @@ jobs:
      - name: Run ${{ matrix.label }}
        if: contains(matrix.profiles, inputs.release_test_profile)
        run: ${{ matrix.command }}
-
-  validate_live_media_provider_suites:
-    name: Live media suites (${{ matrix.label }})
-    needs: validate_selected_ref
-    if: inputs.include_live_suites && !inputs.live_models_only
-    runs-on: blacksmith-32vcpu-ubuntu-2404
-    container:
-      image: ghcr.io/openclaw/openclaw-live-media-runner:ubuntu-24.04
-      credentials:
-        username: ${{ github.actor }}
-        password: ${{ github.token }}
-    timeout-minutes: ${{ matrix.timeout_minutes }}
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - suite_id: native-live-extensions-a-k
-            label: Native live plugins A-K
-            command: node .release-harness/scripts/test-live-shard.mjs native-live-extensions-a-k
-            timeout_minutes: 90
-            profile_env_only: false
-            profiles: full
-          - suite_id: native-live-extensions-media-audio
-            label: Native live media audio plugins
-            command: node .release-harness/scripts/test-live-shard.mjs native-live-extensions-media-audio
-            timeout_minutes: 90
-            profile_env_only: false
-            profiles: full
-          - suite_id: native-live-extensions-media-music-google
-            label: Native live media music Google
-            command: OPENCLAW_LIVE_MUSIC_GENERATION_PROVIDERS=google node .release-harness/scripts/test-live-shard.mjs native-live-extensions-media-music-google
-            timeout_minutes: 90
-            profile_env_only: false
-            profiles: full
-          - suite_id: native-live-extensions-media-music-minimax
-            label: Native live media music MiniMax
-            command: OPENCLAW_LIVE_MUSIC_GENERATION_PROVIDERS=minimax node .release-harness/scripts/test-live-shard.mjs native-live-extensions-media-music-minimax
-            timeout_minutes: 90
-            profile_env_only: false
-            profiles: full
-          - suite_id: native-live-extensions-media-video
-            label: Native live media video plugins
-            command: node .release-harness/scripts/test-live-shard.mjs native-live-extensions-media-video
-            timeout_minutes: 90
-            profile_env_only: false
-            profiles: full
-    env:
-      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-      OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
-      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-      ANTHROPIC_API_TOKEN: ${{ secrets.ANTHROPIC_API_TOKEN }}
-      ANTHROPIC_API_KEY_OLD: ${{ secrets.ANTHROPIC_API_KEY_OLD }}
-      BYTEPLUS_API_KEY: ${{ secrets.BYTEPLUS_API_KEY }}
-      CEREBRAS_API_KEY: ${{ secrets.CEREBRAS_API_KEY }}
-      DEEPINFRA_API_KEY: ${{ secrets.DEEPINFRA_API_KEY }}
-      DASHSCOPE_API_KEY: ${{ secrets.DASHSCOPE_API_KEY }}
-      GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}
-      KIMI_API_KEY: ${{ secrets.KIMI_API_KEY }}
-      MODELSTUDIO_API_KEY: ${{ secrets.MODELSTUDIO_API_KEY }}
-      MOONSHOT_API_KEY: ${{ secrets.MOONSHOT_API_KEY }}
-      MISTRAL_API_KEY: ${{ secrets.MISTRAL_API_KEY }}
-      MINIMAX_API_KEY: ${{ secrets.MINIMAX_API_KEY }}
-      OPENCODE_API_KEY: ${{ secrets.OPENCODE_API_KEY }}
-      OPENCODE_ZEN_API_KEY: ${{ secrets.OPENCODE_ZEN_API_KEY }}
-      OPENCLAW_LIVE_BROWSER_CDP_URL: ${{ secrets.OPENCLAW_LIVE_BROWSER_CDP_URL }}
-      OPENCLAW_LIVE_SETUP_TOKEN: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN }}
-      OPENCLAW_LIVE_SETUP_TOKEN_MODEL: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_MODEL }}
-      OPENCLAW_LIVE_SETUP_TOKEN_PROFILE: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_PROFILE }}
-      OPENCLAW_LIVE_SETUP_TOKEN_VALUE: ${{ secrets.OPENCLAW_LIVE_SETUP_TOKEN_VALUE }}
-      GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
-      GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
-      OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
-      QWEN_API_KEY: ${{ secrets.QWEN_API_KEY }}
-      FAL_KEY: ${{ secrets.FAL_KEY }}
-      RUNWAY_API_KEY: ${{ secrets.RUNWAY_API_KEY }}
-      DEEPGRAM_API_KEY: ${{ secrets.DEEPGRAM_API_KEY }}
-      TOGETHER_API_KEY: ${{ secrets.TOGETHER_API_KEY }}
-      VYDRA_API_KEY: ${{ secrets.VYDRA_API_KEY }}
-      XAI_API_KEY: ${{ secrets.XAI_API_KEY }}
-      ZAI_API_KEY: ${{ secrets.ZAI_API_KEY }}
-      Z_AI_API_KEY: ${{ secrets.Z_AI_API_KEY }}
-      BYTEPLUS_ACCESS_KEY_ID: ${{ secrets.BYTEPLUS_ACCESS_KEY_ID }}
-      BYTEPLUS_SECRET_ACCESS_KEY: ${{ secrets.BYTEPLUS_SECRET_ACCESS_KEY }}
-      CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
-      OPENCLAW_CODEX_AUTH_JSON: ${{ secrets.OPENCLAW_CODEX_AUTH_JSON }}
-      OPENCLAW_CODEX_CONFIG_TOML: ${{ secrets.OPENCLAW_CODEX_CONFIG_TOML }}
-      OPENCLAW_CLAUDE_JSON: ${{ secrets.OPENCLAW_CLAUDE_JSON }}
-      OPENCLAW_CLAUDE_CREDENTIALS_JSON: ${{ secrets.OPENCLAW_CLAUDE_CREDENTIALS_JSON }}
-      OPENCLAW_CLAUDE_SETTINGS_JSON: ${{ secrets.OPENCLAW_CLAUDE_SETTINGS_JSON }}
-      OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON: ${{ secrets.OPENCLAW_CLAUDE_SETTINGS_LOCAL_JSON }}
-      OPENCLAW_GEMINI_SETTINGS_JSON: ${{ secrets.OPENCLAW_GEMINI_SETTINGS_JSON }}
-      FIREWORKS_API_KEY: ${{ secrets.FIREWORKS_API_KEY }}
-      OPENCLAW_LIVE_VIDEO_GENERATION_SKIP_PROVIDERS: ""
-      OPENCLAW_LIVE_VYDRA_VIDEO: "1"
-      OPENCLAW_VITEST_MAX_WORKERS: "2"
-    steps:
-      - name: Checkout selected ref
-        if: contains(matrix.profiles, inputs.release_test_profile)
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
-          fetch-depth: 1
-
-      - name: Checkout trusted live shard harness
-        if: contains(matrix.profiles, inputs.release_test_profile)
-        uses: actions/checkout@v6
-        with:
-          ref: ${{ github.sha }}
-          fetch-depth: 1
-          path: .release-harness
-
-      - name: Verify preinstalled live media dependencies
-        if: contains(matrix.profiles, inputs.release_test_profile)
-        shell: bash
-        run: |
-          set -euo pipefail
-          ffmpeg -version | head -1
-          ffprobe -version | head -1
-
-      - name: Setup Node environment
-        if: contains(matrix.profiles, inputs.release_test_profile)
-        uses: ./.github/actions/setup-node-env
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          pnpm-version: ${{ env.PNPM_VERSION }}
-          install-bun: "true"
-
-      - name: Hydrate live auth/profile inputs
-        if: contains(matrix.profiles, inputs.release_test_profile)
-        run: bash scripts/ci-hydrate-live-auth.sh
-
-      - name: Configure suite-specific env
-        if: contains(matrix.profiles, inputs.release_test_profile)
-        shell: bash
-        run: |
-          set -euo pipefail
-          if [[ "${{ matrix.profile_env_only }}" == "true" ]]; then
-            echo "OPENCLAW_DOCKER_PROFILE_ENV_ONLY=1" >> "$GITHUB_ENV"
-          fi
-
-      - name: Run ${{ matrix.label }}
-        if: contains(matrix.profiles, inputs.release_test_profile)
-        run: ${{ matrix.command }}
--- a/.github/workflows/openclaw-release-checks.yml
+++ b/.github/workflows/openclaw-release-checks.yml
@@ -56,23 +56,23 @@ on:

 concurrency:
  group: openclaw-release-checks-${{ inputs.ref }}
-  cancel-in-progress: ${{ inputs.ref == 'main' }}
+  cancel-in-progress: false

 env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
  NODE_VERSION: "24.x"
  PNPM_VERSION: "10.33.0"
-  OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL || 'openai/gpt-5.5' }}
+  OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL }}

 jobs:
  resolve_target:
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-32vcpu-ubuntu-2404
    timeout-minutes: 30
    permissions:
      contents: read
    outputs:
      ref: ${{ steps.inputs.outputs.ref }}
-      revision: ${{ steps.ref.outputs.sha }}
+      sha: ${{ steps.ref.outputs.sha }}
      provider: ${{ steps.inputs.outputs.provider }}
      mode: ${{ steps.inputs.outputs.mode }}
      release_profile: ${{ steps.inputs.outputs.release_profile }}
@@ -106,7 +106,6 @@ jobs:
      - name: Checkout trusted workflow helper
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          ref: ${{ github.ref_name }}
          path: workflow
          fetch-depth: 1
@@ -127,7 +126,6 @@ jobs:
        if: steps.fast_ref.outputs.fallback == 'true'
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          ref: ${{ inputs.ref }}
          path: source
          fetch-depth: 0
@@ -229,7 +227,7 @@ jobs:
    name: Prepare release package artifact
    needs: [resolve_target]
    if: contains(fromJSON('["all","cross-os","live-e2e","package"]'), needs.resolve_target.outputs.rerun_group)
-    runs-on: ubuntu-24.04
+    runs-on: blacksmith-32vcpu-ubuntu-2404
    timeout-minutes: 60
    permissions:
      contents: read
@@ -242,7 +240,6 @@ jobs:
      - name: Checkout trusted workflow ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          ref: ${{ github.ref_name }}
          fetch-depth: 0

@@ -262,7 +259,7 @@ jobs:
        id: package
        shell: bash
        env:
-          PACKAGE_REF: ${{ needs.resolve_target.outputs.revision }}
+          PACKAGE_REF: ${{ needs.resolve_target.outputs.sha }}
        run: |
          set -euo pipefail
          node scripts/resolve-openclaw-package-candidate.mjs \
@@ -301,7 +298,7 @@ jobs:
      contents: read
    uses: ./.github/workflows/install-smoke.yml
    with:
-      ref: ${{ needs.resolve_target.outputs.revision }}
+      ref: ${{ needs.resolve_target.outputs.sha }}
      run_bun_global_install_smoke: true

  cross_os_release_checks:
@@ -310,7 +307,7 @@ jobs:
    permissions: read-all
    uses: ./.github/workflows/openclaw-cross-os-release-checks-reusable.yml
    with:
-      ref: ${{ needs.resolve_target.outputs.revision }}
+      ref: ${{ needs.resolve_target.outputs.ref }}
      provider: ${{ needs.resolve_target.outputs.provider }}
      mode: ${{ needs.resolve_target.outputs.mode }}
      candidate_artifact_name: ${{ needs.prepare_release_package.outputs.artifact_name }}
@@ -326,9 +323,8 @@ jobs:
      OPENCLAW_DISCORD_SMOKE_GUILD_ID: ${{ secrets.OPENCLAW_DISCORD_SMOKE_GUILD_ID }}
      OPENCLAW_DISCORD_SMOKE_CHANNEL_ID: ${{ secrets.OPENCLAW_DISCORD_SMOKE_CHANNEL_ID }}

-  live_repo_e2e_release_checks:
-    name: Run repo/live E2E validation
-    needs: [resolve_target]
+  live_and_e2e_release_checks:
+    needs: [resolve_target, prepare_release_package]
    if: contains(fromJSON('["all","live-e2e"]'), needs.resolve_target.outputs.rerun_group)
    permissions:
      actions: read
@@ -337,13 +333,15 @@ jobs:
      pull-requests: read
    uses: ./.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
    with:
-      ref: ${{ needs.resolve_target.outputs.revision }}
+      ref: ${{ needs.resolve_target.outputs.sha }}
      include_repo_e2e: true
-      include_release_path_suites: false
-      include_openwebui: false
+      include_release_path_suites: true
+      include_openwebui: ${{ needs.resolve_target.outputs.release_profile != 'minimum' }}
      include_live_suites: true
      release_test_profile: ${{ needs.resolve_target.outputs.release_profile }}
-    secrets: &live_e2e_release_secrets
+      package_artifact_name: ${{ needs.prepare_release_package.outputs.artifact_name }}
+      package_artifact_run_id: ${{ github.run_id }}
+    secrets:
      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
      OPENAI_BASE_URL: ${{ secrets.OPENAI_BASE_URL }}
      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
@@ -390,27 +388,6 @@ jobs:
      OPENCLAW_GEMINI_SETTINGS_JSON: ${{ secrets.OPENCLAW_GEMINI_SETTINGS_JSON }}
      FIREWORKS_API_KEY: ${{ secrets.FIREWORKS_API_KEY }}

-  docker_e2e_release_checks:
-    name: Run Docker release-path validation
-    needs: [resolve_target, prepare_release_package]
-    if: contains(fromJSON('["all","live-e2e"]'), needs.resolve_target.outputs.rerun_group)
-    permissions:
-      actions: read
-      contents: read
-      packages: write
-      pull-requests: read
-    uses: ./.github/workflows/openclaw-live-and-e2e-checks-reusable.yml
-    with:
-      ref: ${{ needs.resolve_target.outputs.revision }}
-      include_repo_e2e: false
-      include_release_path_suites: true
-      include_openwebui: ${{ needs.resolve_target.outputs.release_profile != 'minimum' }}
-      include_live_suites: false
-      release_test_profile: ${{ needs.resolve_target.outputs.release_profile }}
-      package_artifact_name: ${{ needs.prepare_release_package.outputs.artifact_name }}
-      package_artifact_run_id: ${{ github.run_id }}
-    secrets: *live_e2e_release_secrets
-
  package_acceptance_release_checks:
    name: Run package acceptance
    needs: [resolve_target, prepare_release_package]
@@ -511,8 +488,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.resolve_target.outputs.revision }}
+          ref: ${{ needs.resolve_target.outputs.sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -559,7 +535,7 @@ jobs:
        if: always()
        uses: actions/upload-artifact@v4
        with:
-          name: release-qa-parity-${{ matrix.lane }}-${{ needs.resolve_target.outputs.revision }}
+          name: release-qa-parity-${{ matrix.lane }}-${{ needs.resolve_target.outputs.sha }}
          path: .artifacts/qa-e2e/
          retention-days: 14
          if-no-files-found: warn
@@ -580,8 +556,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.resolve_target.outputs.revision }}
+          ref: ${{ needs.resolve_target.outputs.sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -594,7 +569,7 @@ jobs:
      - name: Download parity lane artifacts
        uses: actions/download-artifact@v4
        with:
-          pattern: release-qa-parity-*-${{ needs.resolve_target.outputs.revision }}
+          pattern: release-qa-parity-*-${{ needs.resolve_target.outputs.sha }}
          path: .artifacts/qa-e2e/
          merge-multiple: true

@@ -615,7 +590,7 @@ jobs:
        if: always()
        uses: actions/upload-artifact@v4
        with:
-          name: release-qa-parity-${{ needs.resolve_target.outputs.revision }}
+          name: release-qa-parity-${{ needs.resolve_target.outputs.sha }}
          path: .artifacts/qa-e2e/
          retention-days: 14
          if-no-files-found: warn
@@ -637,8 +612,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.resolve_target.outputs.revision }}
+          ref: ${{ needs.resolve_target.outputs.sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -695,7 +669,7 @@ jobs:
        if: always()
        uses: actions/upload-artifact@v4
        with:
-          name: release-qa-live-matrix-${{ needs.resolve_target.outputs.revision }}
+          name: release-qa-live-matrix-${{ needs.resolve_target.outputs.sha }}
          path: .artifacts/qa-e2e/
          retention-days: 14
          if-no-files-found: warn
@@ -717,8 +691,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.resolve_target.outputs.revision }}
+          ref: ${{ needs.resolve_target.outputs.sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -781,7 +754,7 @@ jobs:
        if: always()
        uses: actions/upload-artifact@v4
        with:
-          name: release-qa-live-telegram-${{ needs.resolve_target.outputs.revision }}
+          name: release-qa-live-telegram-${{ needs.resolve_target.outputs.sha }}
          path: .artifacts/qa-e2e/
          retention-days: 14
          if-no-files-found: warn
@@ -792,8 +765,7 @@ jobs:
      - prepare_release_package
      - install_smoke_release_checks
      - cross_os_release_checks
-      - live_repo_e2e_release_checks
-      - docker_e2e_release_checks
+      - live_and_e2e_release_checks
      - package_acceptance_release_checks
      - qa_lab_parity_lane_release_checks
      - qa_lab_parity_report_release_checks
@@ -813,8 +785,7 @@ jobs:
            "prepare_release_package=${{ needs.prepare_release_package.result }}" \
            "install_smoke_release_checks=${{ needs.install_smoke_release_checks.result }}" \
            "cross_os_release_checks=${{ needs.cross_os_release_checks.result }}" \
-            "live_repo_e2e_release_checks=${{ needs.live_repo_e2e_release_checks.result }}" \
-            "docker_e2e_release_checks=${{ needs.docker_e2e_release_checks.result }}" \
+            "live_and_e2e_release_checks=${{ needs.live_and_e2e_release_checks.result }}" \
            "package_acceptance_release_checks=${{ needs.package_acceptance_release_checks.result }}" \
            "qa_lab_parity_lane_release_checks=${{ needs.qa_lab_parity_lane_release_checks.result }}" \
            "qa_lab_parity_report_release_checks=${{ needs.qa_lab_parity_report_release_checks.result }}" \
--- a/.github/workflows/package-acceptance.yml
+++ b/.github/workflows/package-acceptance.yml
@@ -262,7 +262,6 @@ jobs:
      include_openwebui: ${{ steps.profile.outputs.include_openwebui }}
      include_release_path_suites: ${{ steps.profile.outputs.include_release_path_suites }}
      package_artifact_name: ${{ steps.profile.outputs.package_artifact_name }}
-      package_source_sha: ${{ steps.resolve.outputs.package_source_sha }}
      package_sha256: ${{ steps.resolve.outputs.sha256 }}
      package_version: ${{ steps.resolve.outputs.package_version }}
      telegram_enabled: ${{ steps.profile.outputs.telegram_enabled }}
@@ -494,7 +493,7 @@ jobs:
      package_spec: ${{ inputs.package_spec }}
      package_artifact_name: ${{ needs.resolve_package.outputs.package_artifact_name }}
      package_label: openclaw@${{ needs.resolve_package.outputs.package_version }}
-      harness_ref: ${{ needs.resolve_package.outputs.package_source_sha || inputs.workflow_ref }}
+      harness_ref: ${{ inputs.source == 'ref' && inputs.package_ref || inputs.workflow_ref }}
      provider_mode: ${{ needs.resolve_package.outputs.telegram_mode }}
      scenario: ${{ inputs.telegram_scenarios }}
    secrets:
--- a/.github/workflows/parity-gate.yml
+++ b/.github/workflows/parity-gate.yml
@@ -42,7 +42,7 @@ jobs:
      # followthrough gate that expects a fast post-approval read within a 30s
      # agent.wait timeout.
      QA_PARITY_CONCURRENCY: "1"
-      OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL || 'openai/gpt-5.5' }}
+      OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL }}
      OPENCLAW_QA_TRANSPORT_READY_TIMEOUT_MS: "180000"
      OPENAI_API_KEY: ""
      ANTHROPIC_API_KEY: ""
@@ -57,11 +57,9 @@ jobs:
    steps:
      - name: Checkout PR
        uses: actions/checkout@v6
-        with:
-          persist-credentials: false

      - name: Install pnpm
-        uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1
+        uses: pnpm/action-setup@v4

      - name: Setup Node
        uses: actions/setup-node@v6
--- a/.github/workflows/plugin-clawhub-release.yml
+++ b/.github/workflows/plugin-clawhub-release.yml
@@ -35,7 +35,7 @@ jobs:
    permissions:
      contents: read
    outputs:
-      ref_revision: ${{ steps.ref.outputs.sha }}
+      ref_sha: ${{ steps.ref.outputs.sha }}
      has_candidates: ${{ steps.plan.outputs.has_candidates }}
      candidate_count: ${{ steps.plan.outputs.candidate_count }}
      skipped_published_count: ${{ steps.plan.outputs.skipped_published_count }}
@@ -44,7 +44,6 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          ref: ${{ github.sha }}
          fetch-depth: 0

@@ -151,8 +150,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.preview_plugins_clawhub.outputs.ref_revision }}
+          ref: ${{ needs.preview_plugins_clawhub.outputs.ref_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -166,7 +164,6 @@ jobs:
      - name: Checkout ClawHub CLI source
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          repository: ${{ env.CLAWHUB_REPOSITORY }}
          ref: ${{ env.CLAWHUB_REF }}
          path: clawhub-source
@@ -190,7 +187,7 @@ jobs:
        env:
          CLAWHUB_REGISTRY: ${{ env.CLAWHUB_REGISTRY }}
          SOURCE_REPO: ${{ github.repository }}
-          SOURCE_COMMIT: ${{ needs.preview_plugins_clawhub.outputs.ref_revision }}
+          SOURCE_COMMIT: ${{ needs.preview_plugins_clawhub.outputs.ref_sha }}
          SOURCE_REF: ${{ github.ref }}
          PACKAGE_TAG: ${{ matrix.plugin.publishTag }}
          PACKAGE_DIR: ${{ matrix.plugin.packageDir }}
@@ -212,8 +209,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.preview_plugins_clawhub.outputs.ref_revision }}
+          ref: ${{ needs.preview_plugins_clawhub.outputs.ref_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -227,7 +223,6 @@ jobs:
      - name: Checkout ClawHub CLI source
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          repository: ${{ env.CLAWHUB_REPOSITORY }}
          ref: ${{ env.CLAWHUB_REF }}
          path: clawhub-source
@@ -271,7 +266,7 @@ jobs:
        env:
          CLAWHUB_REGISTRY: ${{ env.CLAWHUB_REGISTRY }}
          SOURCE_REPO: ${{ github.repository }}
-          SOURCE_COMMIT: ${{ needs.preview_plugins_clawhub.outputs.ref_revision }}
+          SOURCE_COMMIT: ${{ needs.preview_plugins_clawhub.outputs.ref_sha }}
          SOURCE_REF: ${{ github.ref }}
          PACKAGE_TAG: ${{ matrix.plugin.publishTag }}
          PACKAGE_DIR: ${{ matrix.plugin.packageDir }}
--- a/.github/workflows/plugin-npm-release.yml
+++ b/.github/workflows/plugin-npm-release.yml
@@ -46,7 +46,7 @@ jobs:
    permissions:
      contents: read
    outputs:
-      ref_revision: ${{ steps.ref.outputs.sha }}
+      ref_sha: ${{ steps.ref.outputs.sha }}
      has_candidates: ${{ steps.plan.outputs.has_candidates }}
      candidate_count: ${{ steps.plan.outputs.candidate_count }}
      matrix: ${{ steps.plan.outputs.matrix }}
@@ -54,7 +54,6 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.sha }}
          fetch-depth: 0

@@ -152,8 +151,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.preview_plugins_npm.outputs.ref_revision }}
+          ref: ${{ needs.preview_plugins_npm.outputs.ref_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -187,8 +185,7 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.preview_plugins_npm.outputs.ref_revision }}
+          ref: ${{ needs.preview_plugins_npm.outputs.ref_sha }}
          fetch-depth: 1

      - name: Setup Node environment
--- a/.github/workflows/qa-live-transports-convex.yml
+++ b/.github/workflows/qa-live-transports-convex.yml
@@ -44,7 +44,7 @@ env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
  NODE_VERSION: "24.x"
  PNPM_VERSION: "10.33.0"
-  OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL || 'openai/gpt-5.5' }}
+  OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL }}
  OPENCLAW_BUILD_PRIVATE_QA: "1"
  OPENCLAW_ENABLE_PRIVATE_QA_CLI: "1"

@@ -81,13 +81,12 @@ jobs:
    needs: authorize_actor
    runs-on: blacksmith-8vcpu-ubuntu-2404
    outputs:
-      selected_revision: ${{ steps.validate.outputs.selected_revision }}
+      selected_sha: ${{ steps.validate.outputs.selected_sha }}
      trusted_reason: ${{ steps.validate.outputs.trusted_reason }}
    steps:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
          ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.sha }}
          fetch-depth: 0

@@ -99,27 +98,27 @@ jobs:
        shell: bash
        run: |
          set -euo pipefail
-          selected_revision="$(git rev-parse HEAD)"
+          selected_sha="$(git rev-parse HEAD)"
          trusted_reason=""

          git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main

-          if git merge-base --is-ancestor "$selected_revision" refs/remotes/origin/main; then
+          if git merge-base --is-ancestor "$selected_sha" refs/remotes/origin/main; then
            trusted_reason="main-ancestor"
-          elif git tag --points-at "$selected_revision" | grep -Eq '^v'; then
+          elif git tag --points-at "$selected_sha" | grep -Eq '^v'; then
            trusted_reason="release-tag"
          elif [[ "$INPUT_REF" =~ ^release/[0-9]{4}\.[0-9]+\.[0-9]+$ ]]; then
            git fetch --no-tags origin "+refs/heads/${INPUT_REF}:refs/remotes/origin/${INPUT_REF}"
            release_branch_sha="$(git rev-parse "refs/remotes/origin/${INPUT_REF}")"
-            if [[ "$selected_revision" == "$release_branch_sha" ]]; then
+            if [[ "$selected_sha" == "$release_branch_sha" ]]; then
              trusted_reason="release-branch-head"
            fi
          else
            pr_head_count="$(
              gh api \
                -H "Accept: application/vnd.github+json" \
-                "repos/${GITHUB_REPOSITORY}/commits/${selected_revision}/pulls" \
-                --jq '[.[] | select(.state == "open" and .head.repo.full_name == "'"${GITHUB_REPOSITORY}"'" and .head.sha == "'"${selected_revision}"'")] | length'
+                "repos/${GITHUB_REPOSITORY}/commits/${selected_sha}/pulls" \
+                --jq '[.[] | select(.state == "open" and .head.repo.full_name == "'"${GITHUB_REPOSITORY}"'" and .head.sha == "'"${selected_sha}"'")] | length'
            )"
            if [[ "$pr_head_count" != "0" ]]; then
              trusted_reason="open-pr-head"
@@ -127,16 +126,16 @@ jobs:
          fi

          if [[ -z "$trusted_reason" ]]; then
-            echo "Ref '${INPUT_REF}' resolved to $selected_revision, which is not trusted for this secret-bearing QA run." >&2
+            echo "Ref '${INPUT_REF}' resolved to $selected_sha, which is not trusted for this secret-bearing QA run." >&2
            echo "Allowed refs must be on main, point to a release tag, match a release branch head, or match an open PR head in ${GITHUB_REPOSITORY}." >&2
            exit 1
          fi

-          echo "selected_revision=$selected_revision" >> "$GITHUB_OUTPUT"
+          echo "selected_sha=$selected_sha" >> "$GITHUB_OUTPUT"
          echo "trusted_reason=$trusted_reason" >> "$GITHUB_OUTPUT"
          {
            echo "Validated ref: \`${INPUT_REF}\`"
-            echo "Resolved SHA: \`$selected_revision\`"
+            echo "Resolved SHA: \`$selected_sha\`"
            echo "Trust reason: \`$trusted_reason\`"
          } >> "$GITHUB_STEP_SUMMARY"

@@ -158,8 +157,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
+          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -222,8 +220,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
+          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -306,8 +303,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
+          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -379,8 +375,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
+          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

      - name: Setup Node environment
@@ -472,8 +467,7 @@ jobs:
      - name: Checkout selected ref
        uses: actions/checkout@v6
        with:
-          persist-credentials: false
-          ref: ${{ needs.validate_selected_ref.outputs.selected_revision }}
+          ref: ${{ needs.validate_selected_ref.outputs.selected_sha }}
          fetch-depth: 1

      - name: Setup Node environment
--- a/.github/workflows/test-performance-agent.yml
+++ b/.github/workflows/test-performance-agent.yml
@@ -129,7 +129,7 @@ jobs:

      - name: Run Codex test performance agent
        if: steps.gate.outputs.run_agent == 'true'
-        uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02
+        uses: openai/codex-action@v1
        with:
          openai-api-key: ${{ secrets.OPENCLAW_TEST_PERF_AGENT_OPENAI_API_KEY || secrets.OPENAI_API_KEY }}
          prompt-file: .github/codex/prompts/test-performance-agent.md
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,6 @@ node_modules
 .env
 docker-compose.override.yml
 docker-compose.extra.yml
-docker-compose.sandbox.yml
 dist
 dist-runtime/
 pnpm-lock.yaml
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,100 +6,54 @@ Docs: https://docs.openclaw.ai

 ### Changes

- Channels: add Yuanbao channel docs entrance so the Tencent Yuanbao bot appears in the channel listing and sidebar navigation. (#73443) Thanks @loongfay.
- Active Memory: add optional per-conversation `allowedChatIds` and `deniedChatIds` filters so operators can enable recall only for selected direct, group, or channel conversations while keeping broad sessions skipped. (#67977) Thanks @quengh.
- Active Memory: return bounded partial recall summaries when the hidden memory sub-agent times out, including the default temporary-transcript path, so useful recovered context is not discarded. (#73219) Thanks @joeykrug.
- Docker setup: add `OPENCLAW_SKIP_ONBOARDING` so automated Docker installs can skip the interactive onboarding step while still applying gateway defaults. (#55518) Thanks @jinjimz.
+- iOS/Gateway: add an authenticated `node.presence.alive` protocol event and `node.list` last-seen fields so background iOS wakes can mark paired nodes recently alive without treating them as connected. Carries forward #63123. Thanks @ngutman.
+- Android: publish authenticated `node.presence.alive` events after node connect and background transitions so paired Android nodes retain durable last-seen metadata after disconnects. Carries forward #63123. Thanks @ngutman.
+- Gateway/chat: accept non-image attachments through `chat.send` by staging them as agent-readable media paths, while keeping unsupported RPC attachment paths explicit instead of silently dropping files. Fixes #48123. (#67572) Thanks @samzong.
+- Security/networking: add opt-in operator-managed outbound proxy routing (proxy.enabled + proxy.proxyUrl/OPENCLAW_PROXY_URL) with strict http:// forward-proxy validation, loopback-only Gateway bypass, and cleanup of proxy env/dispatcher state on exit. (#70044) Thanks @jesse-merhi and @joshavant.

 ### Fixes

- Gateway/shutdown: report structured shutdown warnings and HTTP close timeout warnings through `ShutdownResult` while preserving lifecycle hook hardening. Carries forward #41296. Thanks @edenfunf.
- Plugins/QA: prebuild the private QA channel runtime before plugin gauntlet source runs so wrapper CPU/RSS measurements are not polluted by private QA dist rebuild work. Thanks @vincentkoc.
- Gateway/reload: bound default restart deferral and SIGUSR1 restart drain to five minutes while preserving explicit `deferralTimeoutMs: 0` indefinite waits, so stale active work accounting cannot block config reloads forever. Thanks @vincentkoc.
- Active Memory: register the prompt-build hook with the configured recall timeout plus setup grace instead of the 150s maximum budget, so default memory recall cannot delay turn startup for multiple minutes. Thanks @vincentkoc.
- CLI/channels logs: reuse the rolling log-file resolver so `openclaw channels logs` falls back to the active dated log across date boundaries without reading unrelated custom log files. Fixes #42875; carries forward #42904 and #43043. Thanks @ethanclaw and @wdskuki.
- CLI/update: skip tracked plugins disabled in config during post-update plugin sync before npm, ClawHub, or marketplace update checks, preserving their install records without failing the update. Fixes #73880. Thanks @islandpreneur007.
- Security/audit: recognize dangerous node command IDs as valid `gateway.nodes.denyCommands` entries, so audit only warns on real typos or unsupported patterns. (#56923) Thanks @chziyue.
- Telegram/exec approvals: stop treating general Telegram chat allowlists and `defaultTo` routes as native exec approvers; Telegram now uses explicit `execApprovals.approvers` or owner identity from `commands.ownerAllowFrom`, matching the first-pairing owner bootstrap path. Thanks @pashpashpash.
- Chat commands: route sensitive group `/diagnostics` and `/export-trajectory` approvals and results to a private owner route, preferring same-surface DMs before falling back to the first configured owner route, so Discord group invocations can land in Telegram when that is the primary owner interface. Thanks @pashpashpash.
- Plugin SDK/Discord: restore a deprecated `openclaw/plugin-sdk/discord` compatibility facade and the legacy compat group-policy warning export for the published `@openclaw/discord@2026.3.13` package, covering its config, account, directory, status, and thread-binding imports while keeping new plugins on generic SDK subpaths. Fixes #73685; supersedes #73703. Thanks @rderickson9 and @SymbolStar.
- Channels/Discord: suppress duplicate gateway monitors when multiple enabled accounts resolve to the same bot token, preferring config tokens over default env fallback and reporting skipped duplicates as disabled. Supersedes #73608. Thanks @kagura-agent.
- Control UI/Talk: decode Google Live binary WebSocket JSON frames and stop queued browser audio on interruption or shutdown, so browser Talk leaves `Connecting Talk...` and barge-in no longer plays stale audio. Fixes #73601 and #73460; supersedes #73466. Thanks @Spolen23 and @WadydX.
- Channels/Discord: ignore stale route-shaped conversation bindings after a Discord channel is reconfigured to another agent, while preserving explicit focus and subagent bindings. Fixes #73626. Thanks @ramitrkar-hash.
- Agents/bootstrap: pass pending BOOTSTRAP.md contents through the first-run user prompt while keeping them out of privileged system context, and show limited bootstrap guidance when workspace file access is unavailable. Fixes #73622. Thanks @mark1010.
- ACP/tasks: classify parent-owned ACP sessions as background work regardless of persistent runtime mode, and close terminal stale ACP sessions when no active binding remains, so delegated ACP output reports through the parent task notifier instead of acting like a normal foreground chat session. Refs #73609. Thanks @joerod26.
- Tasks: keep terminal mirrored TaskFlow timestamps pinned to task completion time and let maintenance repair stale mirrors, so ACP terminal delivery updates no longer leave inconsistent flow audits. Refs #73609. Thanks @joerod26.
- Gateway/sessions: add conservative stuck-session recovery that releases only stale session lanes while active embedded runs, reply operations, and lane tasks remain serialized, so queued follow-ups can drain without aborting legitimate long-running turns. Refs #73581, #73655, #73652, #73705, #73647, #73602, #73592, and #73601. Thanks @WS-Q0758, @bryangauvin, @spenceryang1996-dot, @bmilne1981, @mattmcintyre, @Vksh07, and @Spolen23.
- Plugins: cache unchanged plugin manifest loads by file signature, reducing repeated JSON/JSON5 parsing and manifest normalization in bursty startup and runtime registry paths. Refs #73532 and #73647; carries forward #73678. Thanks @TheDutchRuler.
- Plugins/runtime-deps: cache unchanged bundled runtime mirror dist-file materialization decisions and close file-lock handles on owner-write failures, reducing repeated startup chunk scans and avoiding FileHandle-GC recovery stalls. Refs #73532. Thanks @oadiazp and @bstanbury.
- CLI/TUI: keep `chat.history` off model-catalog discovery so initial Gateway-backed TUI history loads cannot block behind slow provider/plugin model scans on low-core hosts. Refs #73524. Thanks @harshcatsystems-collab.
- Channels/WhatsApp: flag recently reconnected linked accounts in channel status even when the socket is currently healthy, so flapping WhatsApp Web sessions no longer look clean after a brief reconnect. Refs #73602. Thanks @Vksh07.
- Gateway: expose `gateway.handshakeTimeoutMs` in config, schema, and docs while preserving `OPENCLAW_HANDSHAKE_TIMEOUT_MS` precedence, so loaded or low-powered hosts can tune local WebSocket pre-auth handshakes without patching dist files. Supersedes #51282; refs #73592 and #73652. Thanks @henry-the-frog.
- Agents/model selection: resolve slash-form aliases before provider/model parsing and keep alias-resolved primary models subject to transient provider cooldowns, so cron and persisted sessions do not retry cooled-down raw aliases. Fixes #73573 and #73657. Thanks @akai-shuuichi and @hashslingers.
- Agents/Claude CLI: reuse already-cached macOS Keychain credentials for no-prompt Claude credential reads, so doctor/runtime checks do not miss fresh interactive Claude auth. Fixes #73682. Thanks @RyanSandoval.
- Agents/transcripts: strip empty assistant text blocks while preserving valid text, images, and signatures, so Anthropic-style providers no longer reject sanitized transcript turns. Fixes #73640. Thanks @jowhee327.
- Providers/Bedrock: omit deprecated `temperature` for Claude Opus 4.7 Bedrock model ids, named and application inference profiles, including dotted `opus-4.7` refs, and classify the nested validation response for failover. Fixes #73663. Thanks @bstanbury.
- Gateway: raise the preauth/connect-challenge timeout to 15s so cold CLI starts on slower hosts have more time to process the WebSocket challenge before the Gateway closes the connection. Fixes #51469; refs #73592 and #62060. Thanks @GothicFox and @jackychen-png.
- CLI/status: fall back to a bounded local `status` RPC when loopback detail probes time out or report unknown capability, so reachable local gateways are no longer marked unreachable by slow read diagnostics. Fixes #73535; refs #48360, #62762, #51357, and #42019. Thanks @RacecarGuy, @justinschille, @DJBlackhawk, @tianyaqpzm, and @0xrsydn.
- CLI/gateway: reuse cached paired-device auth during `gateway probe` and report post-connect diagnostic failures as degraded reachability, so healthy local gateways are no longer marked unreachable after loopback auth or read timeouts. Fixes #48360. Thanks @RacecarGuy.
- Channels/Discord: give Discord Gateway WebSocket handshakes a 30s timeout so stalled TLS/network transitions emit an error and Carbon can continue its reconnect loop instead of leaving the bot silent until restart. Refs #50046. Thanks @codexGW.
- NVIDIA/NIM: persist the `NVIDIA_API_KEY` provider marker and mark bundled NVIDIA Chat Completions models as string-content compatible, so NIM models load from `models.json` and OpenAI-compatible subagent calls send plain text content. Fixes #73013 and #50107; refs #73014. Thanks @bautrey, @iot2edge, @ifearghal, and @futhgar.
- Channels/Discord: let text-only configs drop the `GuildVoiceStates` gateway intent and expose a bounded `/gateway/bot` metadata timeout with rate-limited fallback logs, reducing idle CPU and warning floods. Fixes #73709 and #73585. Thanks @sanchezm86 and @trac3r00.
- Agents/sessions: mark same-turn `sessions_send` and A2A reply prompts with an inter-session `isUser=false` envelope before they reach the model, so foreign session output no longer lands as bare active user text. Fixes #73702; refs #73698, #73609, #73595, and #73622. Thanks @alvelda.
- Outbound/security: strip known internal runtime scaffolding such as `<system-reminder>` and `<previous_response>` at the final channel delivery boundary and keep Discord output on targeted tag stripping, so degraded harness replies cannot leak those tags to users. Fixes #73595. Thanks @gabrielexito-stack and @martingarramon.
- Security/Telegram: load Telegram security adapters in read-only audit/doctor, audit malformed Telegram DM `allowFrom` entries even when groups are disabled, and keep allowlist DM audits from counting stale pairing-store senders, so public/shared-DM risk checks stay accurate. Refs #73698. Thanks @xace1825.
- Plugins: remove hidden manifest, provider-owner, bootstrap, and channel metadata caches so plugin installs, manifest edits, and bundled-root changes are visible on the next metadata read while keeping runtime/module loader caches for actual plugin code. Thanks @shakkernerd.
- CLI/plugins: use plugin metadata snapshots for install slot selection and add opt-in plugin lifecycle timing traces, so plugin install avoids runtime-loading the plugin registry for metadata-only decisions. Thanks @shakkernerd.
- fix(plugins): restrict bundled plugin dir resolution to trusted package roots. (#73275) Thanks @pgondhi987.
- fix(security): prevent workspace PATH injection via service env and trash helpers. (#73264) Thanks @pgondhi987.
- Active Memory: allow `allowedChatTypes` to include explicit portal/webchat sessions and classify `agent:...:explicit:...` session keys before opaque session ids can shadow the chat type. Fixes #65775. (#66285) Thanks @Lidang-Jiang.
- Active Memory: allow the hidden recall sub-agent to use both `memory_recall` and the legacy `memory_search`/`memory_get` memory tool contract, so bundled `memory-lancedb` recall works without breaking the default `memory-core` path. Fixes #73502. (#73584) Thanks @Takhoffman.
- fix(device-pairing): validate callerScopes against resolved token scopes on repair [AI]. (#72925) Thanks @pgondhi987.
- Active Memory docs: document the `cacheTtlMs` 1000-120000 ms range and 15000 ms default so setup snippets do not lead users past the schema limit. Fixes #65708. (#65737) Thanks @WuKongAI-CMU.
- fix(agents): canonicalize provider aliases in byProvider tool policy lookup [AI]. (#72917) Thanks @pgondhi987.
- fix(security): block npm_execpath injection from workspace .env [AI-assisted]. (#73262) Thanks @pgondhi987.
- Tools/web_fetch: decode response bodies from raw bytes using declared HTTP, XML, or HTML meta charsets before extraction, so Shift_JIS and other legacy-charset pages no longer return mojibake. Fixes #72916. Thanks @amknight.
- Active Memory: skip payload-less `memory_search` transcript tool results when building debug telemetry, so newer empty entries no longer hide the latest useful debug payload. (#68773) Thanks @SimbaKingjoe.
- Active Memory: keep recall setup time from consuming the configured model timeout while giving the hook runner an explicit bounded budget for the plugin, so slow embedded-run setup no longer causes immediate recall timeouts. Fixes #72606. (#72620) Thanks @hyspacex.
- Channels/Discord: bound message read/search REST calls, route those actions through Gateway execution, and fall back to `CommandTargetSessionKey` for inbound hook session keys so Discord reads do not hang and hooks still fire when `SessionKey` is empty. Fixes #73431. (#73521) Thanks @amknight.
- Plugins/media: auto-enable provider plugins referenced by `agents.defaults.imageGenerationModel`, `videoGenerationModel`, and `musicGenerationModel` primary/fallback refs, so configured Google and MiniMax media providers do not stay disabled behind a restrictive plugin allowlist. Thanks @vincentkoc.
- Memory-core/dreaming: retry managed dreaming cron registration after startup when the cron service is not reachable yet, so the scheduled Memory Dreaming Promotion sweep recovers without waiting for heartbeat traffic. Fixes #72841. Thanks @amknight.
- Acpx/runtime: validate the runtime session mode at the `AcpxRuntime.ensureSession` wrapper boundary so callers that pass anything other than `persistent` or `oneshot` get a clear `ACP_INVALID_RUNTIME_OPTION` error instead of silently round-tripping through the encoded handle as a default `persistent` mode and later throwing `SessionResumeRequiredError`. Investigation context: #73071. (#73548) Thanks @amknight.
- CLI/infer: keep web-search fallback on missing provider API keys, preserve structured validation errors from the selected provider, and let per-request image describe prompts override configured media-entry prompts. (#63263) Thanks @Spolen23.
- Chat commands: include configured model-catalog reasoning metadata when building `/think` argument menus so Ollama Cloud and other provider-owned reasoning models show supported levels instead of only `off`. Fixes #73515; supersedes #73568. Thanks @danielzinhu99 and @neeravmakwana.
- Channels/Telegram: suppress generic tool-progress chatter when preview streaming is off, so non-streaming Telegram turns only deliver final replies while approvals, media, and errors still route normally. Refs #72363 and #72482. Thanks @neeravmakwana and @SweetSophia.
- CLI/model probes: add repeatable image `--file` inputs to `infer model run` for local and gateway multimodal model smokes, so vision models such as Ollama Qwen VL and Gemini can be tested through the raw model-probe surface. Fixes #63700. Thanks @cedricjanssens.
- CLI/model probes: request trusted operator scope for `infer model run --gateway --model <provider/model>` so Gateway raw model smokes can use one-off provider/model overrides instead of being rejected before provider auth resolution. Fixes #73759. Thanks @chrislro.
- CLI/image describe: pass `--prompt` and `--timeout-ms` through `infer image describe` and `describe-many`, so custom vision instructions and slow local model budgets reach media-understanding providers such as Ollama, OpenAI, Google, and OpenRouter. Refs #63700. Thanks @cedricjanssens.
- Model selection: include the rejected provider/model ref and allowlist recovery hint when a stored session override is cleared, so local model selections such as Gemma GGUF variants do not fall back to the default with a generic message. Refs #71069. Thanks @CyberRaccoonTeam.
- OpenAI-compatible providers: drop malformed event-only or blank-data SSE frames before the OpenAI SDK stream parser sees them, so proxies that split `event:` from `data:` no longer crash streaming runs with `Unexpected end of JSON input`. Fixes #52802. Thanks @LyHug.
- Local model prompt caching: keep stable Project Context above volatile channel/session prompt guidance and stop embedding current channel names in the message tool description, so Ollama, MLX, llama.cpp, and other prefix-cache backends avoid avoidable full prompt reprocessing across channel turns. Fixes #40256; supersedes #40296. Thanks @rhclaw and @sriram369.
- Gateway/OpenAI-compatible API: guard provider policy lookup against runtime providers with non-array `models` values, so `/v1/chat/completions` no longer fails with `provider?.models?.some is not a function`. Fixes #66744; carries forward #66761. Thanks @MightyMoud, @MukundaKatta.
- WhatsApp/Web: pass explicit Baileys socket timings into every WhatsApp Web socket and expose `web.whatsapp.*` keepalive, connect, and query timeout settings so unstable networks can avoid repeated 408 disconnect and opening-handshake timeout loops. Fixes #56365. (#73580) Thanks @velvet-shark.
- Channels/Telegram: persist native command metadata on target sessions so topic, helper, and ACP-bound slash commands keep their session metadata attached to the routed conversation. (#57548) Thanks @GaosCode.
- Channels/native commands: keep validated native slash command replies visible in group chats while preserving explicit owner allowlists for command authorization. (#73672) Thanks @obviyus.
- Pairing/doctor: bootstrap `commands.ownerAllowFrom` from the first approved DM pairing when no command owner exists, and have doctor explain missing owners so privileged slash commands are not accidentally unusable after onboarding. Thanks @pashpashpash.
- Telegram/exec: infer native exec approvers from `commands.ownerAllowFrom` and auto-enable the Telegram approval client when an owner is resolvable, so owner-only commands such as `/diagnostics` can be approved in Telegram without duplicate per-channel approver config. Thanks @pashpashpash.
- Auto-reply/session: carry the tail of user/assistant turns into the freshly-rotated transcript on silent in-reply session resets (compaction failure, role-ordering conflict) so direct-chat continuity survives the rebind. Fixes #70853. (#70898) Thanks @neeravmakwana.
- Config: skip malformed non-string `env.vars` entries before env-reference checks, so config loading no longer crashes on JSON values like numbers or booleans. (#42402) Thanks @MiltonHeYan.
- Docker Compose: default missing config and workspace bind mounts to `${HOME:-/tmp}/.openclaw` so manual compose runs do not create invalid empty-source volume specs. (#64485) Thanks @jlapenna.
- Agents/context engines: preserve the child agent's configured `agentDir` when subagent cleanup re-resolves a context engine, so `onSubagentEnded` hooks keep operating on the correct per-agent state. (#67243) Thanks @jarimustonen.
- Channels/WhatsApp: restrict pairing verification replies to real inbound user content, preventing unsolicited prompts from receipts, typing indicators, presence updates, and other non-message Baileys upserts. Fixes #73797. (#73823) Thanks @hclsys.
- Configure/Ollama: show the configured Ollama model allowlist after Cloud only or Cloud + Local setup and skip slow per-model cloud metadata fetches. (#73995) Thanks @obviyus.
+- Plugins/startup: precompute bundled runtime mirror fingerprints before taking the mirror lock, including dist-runtime canonical roots, so Docker Desktop/WSL cold starts no longer hold `.openclaw-runtime-mirror.lock` while scanning slow persisted volumes. Fixes #73339. Thanks @1yihui.
+- Channels/LINE: persist inbound image, video, audio, and file downloads in `~/.openclaw/media/inbound/` instead of temporary files so agents can still read LINE media after `/tmp` cleanup. Fixes #73370. Thanks @hijirii and @wenxu007.
+- Control UI/WebChat: keep large attachment payloads out of Lit state and optimistic chat messages, using object URL previews plus send-time payload serialization so PDF/image uploads no longer trigger `RangeError: Maximum call stack size exceeded`. Fixes #73360; refs #54378 and #63432. Thanks @hejunhui-73, @Ansub, and @christianhernandez3-afk.
+- Agents/Anthropic: cancel stalled Anthropic Messages SSE body reads when abort signals fire, so active-memory timeouts release transport resources instead of leaving hidden recall runs parked on `reader.read()`. Refs #72965 and #73120. Thanks @wdeveloper16.
+- Agents/models: keep per-agent primary models strict when `fallbacks` is omitted, so probe-only custom providers are not tried as hidden fallback candidates unless the agent explicitly opts in. Fixes #73332. Thanks @haumanto.
+- Gateway/models: add `models.pricing.enabled` so offline or restricted-network installs can skip startup OpenRouter and LiteLLM pricing-catalog fetches while keeping explicit model costs working. Fixes #53639. Thanks @callebtc, @palewire, and @rjdjohnston.
+- Onboarding: pin interactive and non-interactive health checks to the just-configured setup token/password so stale `OPENCLAW_GATEWAY_TOKEN` or `OPENCLAW_GATEWAY_PASSWORD` values do not produce false gateway-token-mismatch failures after setup. Fixes #72203. Thanks @galiniliev.
+- Doctor/state: require an interactive confirmation before archiving orphan transcript files, so `openclaw doctor --fix` no longer silently renames recoverable session history after upgrades regenerate `sessions.json`. Fixes #73106. Thanks @scottgl9.
+- Cron/Telegram: preserve explicit `:topic:` delivery targets over stale session-derived thread IDs when isolated cron announces to Telegram forum topics. Carries forward #59069; refs #49704 and #43808. Thanks @roytong9.
+- Build/runtime: write the runtime-postbuild stamp after `pnpm build` writes the build stamp, so the next CLI invocation does not re-sync runtime artifacts after a successful build. Fixes #73151. Thanks @bittoby.
+- Build/runtime: preserve staged bundled-plugin runtime dependency caches across source-checkout tsdown rebuilds, so local CLI and gateway-watch rebuilds no longer recreate large plugin dependency trees before starting. Refs #73205. Thanks @SymbolStar.
+- CLI/channels: list configured chat channel accounts from read-only setup metadata even when the standalone CLI has not loaded the runtime channel registry, so `openclaw channels list` shows Telegram accounts before auth providers. Fixes #73319 and #73322. Thanks @mlaihk.
+- CLI/model probes: keep `infer model run --gateway` raw by skipping prior session transcript, bootstrap context, context-engine assembly, tools, and bundled MCP servers, so local backends can be tested without full agent-context overhead. Fixes #73308. Thanks @ScientificProgrammer.
+- CLI/model probes: reject empty or whitespace-only `infer model run --prompt` values before calling local providers or the Gateway, so smoke checks do not spend provider calls on invalid turns. Fixes #73185. Thanks @iot2edge.
+- Gateway/media: route text-only `chat.send` image offloads through media-understanding fields so `agents.defaults.imageModel` can describe WebChat attachments instead of leaving only an opaque `media://inbound` marker. Fixes #72968. Thanks @vorajeeah.
+- Gateway/Windows: route no-listener restart handoffs through the Windows supervisor without leaving restart tokens in flight, so failed task scheduling can be retried and successful handoffs do not coalesce later restart requests. (#69056) Thanks @Thatgfsj.
+- Gateway/model pricing: skip plugin manifest discovery during background pricing refreshes when `plugins.enabled: false`, so disabled-plugin setups do not keep rebuilding plugin metadata from the Gateway hot path. Fixes #73291. Thanks @slideshow-dingo and @fishgills.
+- Ollama/thinking: validate `/think` commands against live Ollama catalog reasoning metadata, so models whose `/api/show` capabilities include `thinking` expose `low`, `medium`, `high`, and `max` instead of being stuck on `off`. Fixes #73366. Thanks @cymise.
+- Gateway/sessions: remove automatic oversized `sessions.json` rotation backups, deprecate `session.maintenance.rotateBytes`, and teach `openclaw doctor --fix` to remove the ignored key so hot session writes no longer copy multi-MB stores. Refs #72338. Thanks @midhunmonachan and @DougButdorf.
+- Channels/Telegram: fail fast when Telegram rejects the startup `getMe` token probe with 401, so invalid or stale BotFather tokens are reported as token auth failures instead of misleading `deleteWebhook` cleanup failures. Fixes #47674. Thanks @samaedan-arch.
+- ACPX: keep generated Codex and Claude ACP wrapper startup paths working when remote or special state filesystems reject chmod, since OpenClaw invokes the wrappers through Node instead of executing them directly. Fixes #73333. Thanks @david-garcia-garcia.
+- CLI/onboarding: infer image input for common custom-provider vision model IDs, ask only for unknown models, and keep `--custom-image-input`/`--custom-text-input` overrides so vision-capable proxies do not get saved as text-only configs. Fixes #51869. Thanks @Antsoldier1974.
+- Models/OpenAI Codex: stop listing or resolving unsupported `openai-codex/gpt-5.4-mini` rows through Codex OAuth, keep stale discovery rows suppressed with a clear API-key-route hint, and leave direct `openai/gpt-5.4-mini` available. Fixes #73242. Thanks @0xCyda.
+- Plugin SDK: restore the root `stringEnum` and `optionalStringEnum` exports on both the published SDK entry and runtime root-alias bridge, so older external plugins can keep building and loading while migrating to focused SDK subpaths. Fixes #68279. Thanks @marzliak.
+- Plugin SDK: restore the root-alias bridge for `registerContextEngine` and expose missing legacy compat helpers `normalizeAccountId` and `resolvePreferredOpenClawTmpDir` so older external plugins such as `openclaw-weixin` can keep loading while migrating to focused SDK subpaths. Fixes #53497. Thanks @alanxchen85.
+- Auth profiles: make `openclaw doctor --fix` migrate legacy flat `auth-profiles.json` files such as `{ "ollama-windows": { "apiKey": "ollama-local" } }` to canonical provider default API-key profiles with a backup, so custom Ollama/OpenAI-compatible providers recover cleanly after upgrading. Fixes #59629; supersedes #59642. Thanks @Xsanders555 and @Linux2010.
+- Memory/Dreaming: retry Dream Diary once with the session default when a configured dreaming model is unavailable, while leaving subagent trust and allowlist errors visible instead of silently masking configuration problems. Refs #67409 and #69209. Thanks @Ghiggins18 and @everySympathy.
+- Feishu/inbound files: recover CJK filenames from plain `Content-Disposition: filename=` download headers when Feishu exposes UTF-8 bytes through Latin-1 header decoding, while leaving valid Latin-1 and JSON-derived names unchanged. (#48578, #50435, #59431) Thanks @alex-xuweilong, @lishuaigit, and @DoChaoing.
+- Channels/Telegram: normalize accidental full `/bot<TOKEN>` Telegram `apiRoot` values at runtime and teach `openclaw doctor --fix` to remove the suffix, so startup control calls no longer 404 when direct Bot API curl commands work. Fixes #55387. Thanks @brendanmatthewjones-cmyk, @techfindubai-ux, and @Sivlerback-Chris.
+- Zalo Personal: persist refreshed `zca-js` session cookies after QR login, session restore, and successful API calls so gateway restarts restore the freshest local session. (#73277) Thanks @darkamenosa.
+- Logging/security: redact sensitive tokens (sk-\* keys, Bearer/Authorization values, etc.) at the subsystem console sink so `createSubsystemLogger().info/warn/error` output that bypasses the patched console-capture handler still applies the same redaction the file transport already does. Fixes #73284; refs #67953 and #64046. Thanks @edwin-rivera-dev.
+- Plugins/runtime deps: reuse enclosing versioned cache roots when bundled plugins resolve from nested staged paths, so plugin-runtime-deps no longer mints `openclaw-unknown-*` directories or loops on `ENOTEMPTY`. Fixes #72956. (#73205) Thanks @SymbolStar.
+- Agents/failover: classify CJK provider transport, quota, billing, auth, and overload error text so Chinese-language provider failures trigger fallback and user-facing transport copy instead of surfacing as unclassified raw errors. (#56242) Thanks @tomcatzh.
+- Agents/failover: seed non-claude-cli fallback prompts with Claude Code session context when a claude-cli attempt fails, so fallback models do not restart cold after billing or quota failover. (#72069) Thanks @stainlu.

 ## 2026.4.27

 ### Changes

- Sandbox/Docker: add opt-in `sandbox.docker.gpus` passthrough for Docker sandbox containers so local GPU workloads can run inside sandboxed agents when the host Docker runtime supports `--gpus`. Fixes #57976; carries forward #58124. Thanks @cyan-ember.
- iOS/Gateway: add an authenticated `node.presence.alive` protocol event and `node.list` last-seen fields so background iOS wakes can mark paired nodes recently alive without treating them as connected. Carries forward #63123. Thanks @ngutman.
- Android: publish authenticated `node.presence.alive` events after node connect and background transitions so paired Android nodes retain durable last-seen metadata after disconnects. Carries forward #63123. Thanks @ngutman.
- Gateway/chat: accept non-image attachments through `chat.send` by staging them as agent-readable media paths, while keeping unsupported RPC attachment paths explicit instead of silently dropping files. Fixes #48123. (#67572) Thanks @samzong.
- Security/networking: add opt-in operator-managed outbound proxy routing (proxy.enabled + proxy.proxyUrl/OPENCLAW_PROXY_URL) with strict http:// forward-proxy validation, loopback-only Gateway bypass, and cleanup of proxy env/dispatcher state on exit. (#70044) Thanks @jesse-merhi and @joshavant.
 - Dependencies: refresh provider and tooling dependencies, including AWS SDK, PI runtime packages, AJV, Feishu SDK, Anthropic SDK, tokenjuice, and native TypeScript/oxlint tooling. Thanks @dependabot.
 - Matrix/QA: add live Matrix approval scenarios for exec metadata, chunked fallback, plugin approvals, deny reactions, thread targeting, and `target: "both"` delivery, with redacted artifacts preserving safe approval summaries. Thanks @gumadeiras.
- Diagnostics/Codex: add owner-only core `/diagnostics` with a sensitive-data preamble, docs link, and explicit Gateway export approval guidance; Codex harness sessions also ask before uploading Codex feedback for the attached thread and print the matching `codex resume <thread-id>` inspection command after confirmed upload. Thanks @pashpashpash.
- Trajectory export: route `/export-trajectory` through per-run exec approval, send group-chat approval prompts and export results only to the owner privately, and add `openclaw sessions export-trajectory` for the approved command path. Thanks @pashpashpash.
 - Codex: add Computer Use setup for Codex-mode agents, including `/codex computer-use status/install`, marketplace discovery, optional auto-install, and fail-closed MCP server checks before Codex-mode turns start. Fixes #72094. (#71842) Thanks @pash-openai.
 - Apps: consume Peekaboo 3.0.0-beta4 and ElevenLabsKit 0.1.1, align Swabble on Commander 0.2.2, and refresh macOS/iOS SwiftPM resolutions against the released dependency graph. Thanks @Blaizzy.
 - Plugin SDK: expose shared channel route normalization, parser-driven target resolution, raw-target compact keys, parsed-target types, and route comparison helpers through `openclaw/plugin-sdk/channel-route`, switch native approval origin matching onto that route contract with optional delivery and match-only target normalization, and retire the internal channel-route shim behind dated compatibility aliases for legacy key/comparable-target helpers. Thanks @vincentkoc.
@@ -138,92 +92,6 @@ Docs: https://docs.openclaw.ai

 ### Fixes

- Control UI: fix Peak Error Hours showing incorrect hourly rates when the browser's timezone observes DST, by storing hourly message counts with UTC date keys and using DST-aware `Date.getHours()` for local conversion. Also extract `accumulateMessageCounts` helper to reduce duplicated daily/hourly aggregation logic. (#49396) Thanks @konanok.
- CLI/channel-setup: auto-skip the redundant "Install \<plugin\>?" confirmation when only one install source (npm or local) exists, show `download from <npm-spec>` hints for installable catalog channels in the picker, and suppress misleading npm hints for already-bundled channels. Fixes #73419. Thanks @sliverp.
- BlueBubbles: tighten DM-vs-group routing across the outbound session route (`chat_guid:iMessage;-;...` DMs no longer classified as groups), reaction handling (drop group reactions that arrive without any chat identifier instead of synthesizing a `"group"` literal peerId), inbound `chatGuid` fallback (no longer fall back to the sender's DM chatGuid when resolving a group whose webhook omits chatGuid+chatId+chatIdentifier), and short message id resolution (carry caller chat context so a numeric short id reused after a long group conversation cannot silently resolve to a message in a different chat, with the same cross-chat guard applied to full GUIDs so retries cannot bypass it). Thanks @zqchris.
- Agents/approvals: fail restart-interrupted sessions whose transcript tail is still `approval-pending` instead of replaying stale exec approval IDs into the new Gateway process after restart. Fixes #65486. Thanks @mjmai20682068-create.
- CLI/Gateway: use method-specific least-privilege scopes for classified CLI Gateway calls while preserving legacy broad scopes for unclassified plugin methods, so read-only commands no longer create admin/write/pairing scope-upgrade prompts. Fixes #68634. Thanks @nightmusher.
- Gateway/sessions: align `chat.history` and `sessions.list` thinking defaults with owning-agent and catalog-aware resolution so Control UI session defaults match backend runtime state. (#63418) Thanks @jpreagan.
- Devices/pairing: recover array-shaped device and node pairing state files before persisting approvals, so UUID-keyed pending and paired entries no longer disappear after a malformed JSON store write. Fixes #63035. Thanks @sar618.
- Gateway/auth: clear reused stale device tokens and stop reconnecting on device-token mismatch in the Control UI and Node gateway clients, avoiding rate-limit loops after scope-upgrade or token-rotation handoffs. Fixes #71609. Thanks @ricksayhi.
- Gateway/approvals: treat duplicate same-decision approval resolves as idempotent during the resolved-entry grace window, including consumed `allow-once` approvals, while returning an explicit already-resolved error for conflicting repeats. Fixes #59162; refs #58479 and #65486. Thanks @wikithoughts, @sajazuniga7-coder, and @mjmai20682068-create.
- Channels/Telegram: honor `approvals.exec/plugin.targets[].accountId` when routing native approvals across multi-bot Telegram accounts while preserving unscoped Telegram targets for any account. Fixes #69916. Thanks @joerod26.
- Agents/exec: omit the internal session-resume fallback preface from successful async exec completion messages sent directly back to chat. Fixes #67181. Thanks @raistlin88.
- Agents/media: register detached `video_generate` and `music_generate` tool run contexts until terminal status, so Discord-backed provider jobs stay live in `/tasks` instead of becoming `lost` when the parent chat run context disappears. Thanks @vincentkoc.
- Agents/media: prefer OpenAI image and video providers when the default model uses the OpenAI Codex auth alias, so auto media generation no longer falls through to Fal before GPT Image or Sora. Thanks @vincentkoc.
- Tasks/media: infer agent ownership for session-scoped task records so `/tasks` agent-local fallback includes session-backed `video_generate` and other async media jobs even when the current chat session has no linked rows. Thanks @vincentkoc.
- Agents/media: keep long-running `video_generate` and `music_generate` tasks fresh while provider jobs are still pending, so task maintenance does not mark active Discord media renders lost before completion. Thanks @vincentkoc.
- CLI/status: treat scope-limited gateway probes as reachable-but-degraded in shared status scans, so `openclaw status --all` no longer reports a live gateway as unreachable after `missing scope: operator.read`. Fixes #49180; supersedes #47981. Thanks @openjay.
- Slack/Socket Mode: use a 15s Slack SDK pong timeout by default and add `channels.slack.socketMode.clientPingTimeout`, `serverPingTimeout`, and `pingPongLoggingEnabled` overrides so stale-websocket handling no longer depends on app-event health heuristics. Fixes #14248; refs #58519, #64009, and #63488. Thanks @shivasymbl and @freerk.
- Slack/media: bound private file and forwarded attachment downloads with idle and total timeouts while preserving placeholder fallback, so stalled Slack `file_share` media no longer wedges inbound message handling. Fixes #61850. Thanks @bassboy2k.
- Plugins/inspector: keep bundled plugin runtime capture quiet and config-tolerant for Codex, memory-lancedb, Feishu, Mattermost, QQBot, and Tlon so plugin-inspector JSON checks can validate the full bundled set. Thanks @vincentkoc.
- Slack/auto-reply: keep fully consumed text reset triggers such as `new session` out of `BodyForAgent` after directive cleanup, so configured Slack reset phrases do not leak into the fresh model turn. Fixes #73137. Thanks @neeravmakwana.
- Plugins/runtime deps: prune stale retained bundled runtime deps and keep doctor/secret channel contract scans on lightweight artifacts, so disabled bundled channels stop preserving old dependency trees or importing heavy plugin surfaces. Thanks @SymbolStar and @vincentkoc.
- Auto-reply: bound the post-run pending tool-result delivery drain with a progress-aware idle timeout, so a never-settling tool-result task no longer leaves the session active forever while slow healthy deliveries can keep draining. Fixes #53889; supersedes #64733 and #73434. Thanks @zijunl and @wujiaming88.
- Gateway/startup: start chat channels without waiting for primary model prewarm, keeping model warmup bounded in the background so Slack and other channels come online promptly when provider discovery is slow. Supersedes #73420. Thanks @dorukardahan.
- Gateway/install: carry env-backed config SecretRefs such as `channels.discord.token` into generated service environments when they are present only in the installing shell, while keeping gateway auth SecretRefs non-persisted. Fixes #67817; supersedes #73426. Thanks @wdimaculangan and @ztexydt-cqh.
- Auto-reply/commands: stop bare `/reset` and `/new` after reset hooks acknowledge the command, so non-ACP channels no longer fall through into empty provider calls while `/reset <message>` and `/new <message>` still seed the next model turn. Fixes #73367 and #73412. Thanks @hoyanhan, @wenxu007, and @amdhelper.
- Providers/DeepSeek: backfill DeepSeek V4 `reasoning_content` on plain assistant replay messages as well as tool-call turns, so thinking sessions with prior tool use no longer fail follow-up requests with missing reasoning content. Fixes #73417; refs #71372. Thanks @34262315716 and @Bartok9.
- Agents/gateway tool: strip full config payloads from `config.patch` and `config.apply` tool responses while preserving direct RPC responses, so config-heavy sessions no longer replay large redacted configs into transcript history. Fixes #47610; supersedes #73439. Thanks @HanenVit and @juan-flores077.
- Auto-reply: preserve voice-note media from silent turns while continuing to suppress text and non-voice media, so `NO_REPLY` TTS replies still deliver the requested audio bubble. (#73406) Thanks @zqchris.
- Channels/Mattermost: stop enqueueing regular inbound posts as system events, so Mattermost user messages reach the model only as user-role inbound-envelope content instead of also appearing as `System: Mattermost message...` directives. Fixes #71795. Thanks @juan-flores077.
- Agents/media: qualify bare `agents.defaults.imageModel` and `pdfModel` refs from unique configured image-capable providers, so Ollama vision models such as `moondream` and `qwen2.5vl:7b` do not fall through to the default provider. Fixes #38816; supersedes #73396. Thanks @alainasclaw and @vincentkoc.
- Agents/Anthropic: send implicit Anthropic beta headers only to direct public Anthropic endpoints, including OAuth, so custom Anthropic-compatible providers no longer mis-handle unsupported beta flags unless explicitly configured. Refs #73346. Thanks @byBrodowski.
- Skills: require explicit `skills.entries.coding-agent.enabled` before exposing the bundled coding-agent skill, so installs with Codex on PATH but no OpenAI auth do not silently offer Codex delegation. Fixes #73358. Thanks @LaFleurAdvertising and @Sanjays2402.
- Plugins/startup: treat manifestless Claude bundles as valid installed-plugin registry entries instead of stale missing manifests, so workspace bundles no longer force repeated derived registry rebuilds or noisy `plugins.entries.workspace` warnings during Gateway startup. Fixes #73433. Thanks @AnneVoss.
- Agents/subagents: preserve `sessions_yield` as a paused subagent state and ignore its wait text while freezing completion output, so parent sessions wait for the final post-compaction answer instead of receiving intermediate progress or `(no output)`. Fixes #73413. Thanks @Ask-sola.
- Plugins/startup: precompute bundled runtime mirror fingerprints before taking the mirror lock and keep Docker bundled plugin runtime deps/mirrors in a Docker-managed volume instead of the Windows/WSL config bind mount, so cold starts avoid slow host-volume mirror writes. Fixes #73339. Thanks @1yihui.
- Plugins/runtime deps: refresh bundled runtime mirrors without deleting active import trees, so config-triggered restarts do not see transient missing plugin files during registration. Thanks @shakkernerd.
- Channels/LINE: persist inbound image, video, audio, and file downloads in `~/.openclaw/media/inbound/` instead of temporary files so agents can still read LINE media after `/tmp` cleanup. Fixes #73370. Thanks @hijirii and @wenxu007.
- CLI/plugins: keep bundled plugin installs out of `plugins.load.paths` while preserving install records, so install/inspect/doctor loops no longer warn about the current bundled plugin directory. Thanks @vincentkoc.
- CLI/plugins: scope `plugins inspect <id>` runtime loading to the matched plugin so single-plugin inspection does not load every plugin before checking the target. Thanks @shakkernerd.
- CLI/plugins: remove managed copied-path plugin directories during uninstall and plan uninstall from metadata instead of runtime-loading plugins, so plugin lifecycle commands avoid unnecessary bundled runtime-deps work. Thanks @shakkernerd.
- Cron tool: infer the creating session's agentId for `cron.add` jobs when `agentId` is omitted or passed as undefined, keeping scheduled agentTurn jobs routed to the session agent; #40571 identified the guard bug and supplied the focused regression coverage. Thanks @ChanningYul.
- Cron/Telegram: add `--thread-id` to `openclaw cron add` and `openclaw cron edit`, preserving Telegram forum topic delivery targets across scheduled announcements. Carries forward #51581, #60373, and #60890. Thanks @ChunHao-dev.
- Cron/Telegram: preserve session-derived Telegram topic thread IDs when isolated cron delivery explicitly targets the parent chat, keeping bare chat targets in the active forum topic without leaking stale topics to other chats. Carries forward #64708. Thanks @addelh.
- Memory/compaction: keep pre-compaction memory-flush prompts runtime-only so session transcripts and `chat.history` no longer expose them as normal user turns. Fixes #54408 and #58956; refs #43567. Thanks @markgong and @guoyuhang9.
- Control UI/WebChat: keep large attachment payloads out of Lit state and optimistic chat messages, using object URL previews plus send-time payload serialization so PDF/image uploads no longer trigger `RangeError: Maximum call stack size exceeded`. Fixes #73360; refs #54378 and #63432. Thanks @hejunhui-73, @Ansub, and @christianhernandez3-afk.
- Agents/Anthropic: cancel stalled Anthropic Messages SSE body reads when abort signals fire, so active-memory timeouts release transport resources instead of leaving hidden recall runs parked on `reader.read()`. Refs #72965 and #73120. Thanks @wdeveloper16.
- Control UI/WebChat: keep pending run and typing state attached to the active client run, so unowned inject/announce/side-result finals no longer unlock unrelated active runs while completed owned runs still clear promptly. Fixes #57795; carries forward the narrow diagnosis from #57887. Thanks @haoyu-haoyu.
- Sandbox/Docker: stop satisfying a missing default sandbox image by tagging plain Debian as `openclaw-sandbox:bookworm-slim`, preserving the Python tooling required by sandbox write/edit helpers and directing users to build the default image. Fixes #51185; refs #45108, #51099, #51609, and #57713. Thanks @dpalis, @Tin55FoilDev, @jbcohen2-coder, @macminihal-cyber, and @PraxoOnline.
- Control UI/WebChat: confirm toolbar New Session button resets before dispatching `/new` while leaving typed `/new` and `/reset` commands immediate. Fixes #45800; refs #27065, #56611, #54499, and #27110. Thanks @aethnova, @kosta228-huli, @adambezemek, and @xss925175263 (xianshishan).
- Agents/models: keep per-agent primary models strict when `fallbacks` is omitted, so probe-only custom providers are not tried as hidden fallback candidates unless the agent explicitly opts in. Fixes #73332. Thanks @haumanto.
- Gateway/models: add `models.pricing.enabled` so offline or restricted-network installs can skip startup OpenRouter and LiteLLM pricing-catalog fetches while keeping explicit model costs working. Fixes #53639. Thanks @callebtc, @palewire, and @rjdjohnston.
- Gateway/startup: warn when legacy `CLAWDBOT_*` or `MOLTBOT_*` environment variables are still present, pointing users to `OPENCLAW_*` names instead of failing silently. Fixes #53482; carries forward #53667. Thanks @lndyzwdxhs.
- Onboarding: pin interactive and non-interactive health checks to the just-configured setup token/password so stale `OPENCLAW_GATEWAY_TOKEN` or `OPENCLAW_GATEWAY_PASSWORD` values do not produce false gateway-token-mismatch failures after setup. Fixes #72203. Thanks @galiniliev.
- Doctor/state: require an interactive confirmation before archiving orphan transcript files, so `openclaw doctor --fix` no longer silently renames recoverable session history after upgrades regenerate `sessions.json`. Fixes #73106. Thanks @scottgl9.
- Cron/Telegram: preserve explicit `:topic:` delivery targets over stale session-derived thread IDs when isolated cron announces to Telegram forum topics. Carries forward #59069; refs #49704 and #43808. Thanks @roytong9.
- Build/runtime: write the runtime-postbuild stamp after `pnpm build` writes the build stamp, so the next CLI invocation does not re-sync runtime artifacts after a successful build. Fixes #73151. Thanks @bittoby.
- Build/runtime: preserve staged bundled-plugin runtime dependency caches across source-checkout tsdown rebuilds, so local CLI and gateway-watch rebuilds no longer recreate large plugin dependency trees before starting. Refs #73205. Thanks @SymbolStar.
- CLI/channels: list configured chat channel accounts from read-only setup metadata even when the standalone CLI has not loaded the runtime channel registry, so `openclaw channels list` shows Telegram accounts before auth providers. Fixes #73319 and #73322. Thanks @mlaihk.
- CLI/model probes: keep `infer model run --gateway` raw by skipping prior session transcript, bootstrap context, context-engine assembly, tools, and bundled MCP servers, so local backends can be tested without full agent-context overhead. Fixes #73308. Thanks @ScientificProgrammer.
- CLI/image describe: pass `--prompt` and `--timeout-ms` through `infer image describe` and `describe-many`, so custom vision instructions and slow local model budgets reach media-understanding providers such as Ollama, OpenAI, Google, and OpenRouter. Addresses #63700. Thanks @cedricjanssens.
- Providers/Ollama: reject long non-linguistic Kimi/GLM symbol runs as provider failures instead of storing them as successful visible assistant replies, so fallback or error handling can recover from garbled cloud output. Fixes #64262; refs #67019. Thanks @Kloz813 and @xiaomenger123.
- CLI/model probes: reject empty or whitespace-only `infer model run --prompt` values before calling local providers or the Gateway, so smoke checks do not spend provider calls on invalid turns. Fixes #73185. Thanks @iot2edge.
- Gateway/media: route text-only `chat.send` image offloads through media-understanding fields so `agents.defaults.imageModel` can describe WebChat attachments instead of leaving only an opaque `media://inbound` marker. Fixes #72968. Thanks @vorajeeah.
- Gateway/Windows: route no-listener restart handoffs through the Windows supervisor without leaving restart tokens in flight, so failed task scheduling can be retried and successful handoffs do not coalesce later restart requests. (#69056) Thanks @Thatgfsj.
- Gateway/model pricing: skip plugin manifest discovery during background pricing refreshes when `plugins.enabled: false`, so disabled-plugin setups do not keep rebuilding plugin metadata from the Gateway hot path. Fixes #73291. Thanks @slideshow-dingo and @fishgills.
- Ollama/thinking: validate `/think` commands against live Ollama catalog reasoning metadata and preserve explicit native `params.think`/`params.thinking`, so models whose `/api/show` capabilities include `thinking` expose `low`, `medium`, `high`, and `max` instead of being stuck on `off`. Fixes #73366. Thanks @cymise.
- Gateway/sessions: remove automatic oversized `sessions.json` rotation backups, deprecate `session.maintenance.rotateBytes`, and teach `openclaw doctor --fix` to remove the ignored key so hot session writes no longer copy multi-MB stores. Refs #72338. Thanks @midhunmonachan and @DougButdorf.
- Channels/Telegram: fail fast when Telegram rejects the startup `getMe` token probe with 401, so invalid or stale BotFather tokens are reported as token auth failures instead of misleading `deleteWebhook` cleanup failures. Fixes #47674. Thanks @samaedan-arch.
- ACPX: keep generated Codex and Claude ACP wrapper startup paths working when remote or special state filesystems reject chmod, since OpenClaw invokes the wrappers through Node instead of executing them directly. Fixes #73333. Thanks @david-garcia-garcia.
- CLI/onboarding: infer image input for common custom-provider vision model IDs, ask only for unknown models, and keep `--custom-image-input`/`--custom-text-input` overrides so vision-capable proxies do not get saved as text-only configs. Fixes #51869. Thanks @Antsoldier1974.
- Models/OpenAI Codex: stop listing or resolving unsupported `openai-codex/gpt-5.4-mini` rows through Codex OAuth, keep stale discovery rows suppressed with a clear API-key-route hint, and leave direct `openai/gpt-5.4-mini` available. Fixes #73242. Thanks @0xCyda.
- Plugin SDK: restore the root `stringEnum` and `optionalStringEnum` exports on both the published SDK entry and runtime root-alias bridge, so older external plugins can keep building and loading while migrating to focused SDK subpaths. Fixes #68279. Thanks @marzliak.
- Plugin SDK: restore the root-alias bridge for `registerContextEngine` and expose missing legacy compat helpers `normalizeAccountId` and `resolvePreferredOpenClawTmpDir` so older external plugins such as `openclaw-weixin` can keep loading while migrating to focused SDK subpaths. Fixes #53497. Thanks @alanxchen85.
- Auth profiles: make `openclaw doctor --fix` migrate legacy flat `auth-profiles.json` files such as `{ "ollama-windows": { "apiKey": "ollama-local" } }` to canonical provider default API-key profiles with a backup, so custom Ollama/OpenAI-compatible providers recover cleanly after upgrading. Fixes #59629; supersedes #59642. Thanks @Xsanders555 and @Linux2010.
- Memory/Dreaming: retry Dream Diary once with the session default when a configured dreaming model is unavailable, while leaving subagent trust and allowlist errors visible instead of silently masking configuration problems. Refs #67409 and #69209. Thanks @Ghiggins18 and @everySympathy.
- Feishu/inbound files: recover CJK filenames from plain `Content-Disposition: filename=` download headers when Feishu exposes UTF-8 bytes through Latin-1 header decoding, while leaving valid Latin-1 and JSON-derived names unchanged. (#48578, #50435, #59431) Thanks @alex-xuweilong, @lishuaigit, and @DoChaoing.
- Channels/Telegram: normalize accidental full `/bot<TOKEN>` Telegram `apiRoot` values at runtime and teach `openclaw doctor --fix` to remove the suffix, so startup control calls no longer 404 when direct Bot API curl commands work. Fixes #55387. Thanks @brendanmatthewjones-cmyk, @techfindubai-ux, and @Sivlerback-Chris.
- Zalo Personal: persist refreshed `zca-js` session cookies after QR login, session restore, and successful API calls so gateway restarts restore the freshest local session. (#73277) Thanks @darkamenosa.
- Logging/security: redact sensitive tokens (sk-\* keys, Bearer/Authorization values, etc.) at the subsystem console sink so `createSubsystemLogger().info/warn/error` output that bypasses the patched console-capture handler still applies the same redaction the file transport already does. Fixes #73284; refs #67953 and #64046. Thanks @edwin-rivera-dev.
- Plugins/runtime deps: reuse enclosing versioned cache roots when bundled plugins resolve from nested staged paths, so plugin-runtime-deps no longer mints `openclaw-unknown-*` directories or loops on `ENOTEMPTY`. Fixes #72956. (#73205) Thanks @SymbolStar.
- Agents/failover: classify CJK provider transport, quota, billing, auth, and overload error text so Chinese-language provider failures trigger fallback and user-facing transport copy instead of surfacing as unclassified raw errors. (#56242) Thanks @tomcatzh.
- Agents/failover: seed non-claude-cli fallback prompts with Claude Code session context when a claude-cli attempt fails, so fallback models do not restart cold after billing or quota failover. (#72069) Thanks @stainlu.
- Agents/CLI runner: transfer bundle-MCP tempDir cleanup from the per-turn runner finally to the Claude live-session lifecycle, so persistent Claude CLI sessions keep their `--mcp-config` directory until the live subprocess closes. Fixes #73244. Thanks @edwin-rivera-dev.
- Gateway/nodes: allow Windows companion nodes to use safe declared commands such as canvas, camera list, location, device info, and screen snapshot by default while keeping dangerous media commands opt-in. (#71884) Thanks @shanselman.
- Agents/cron: clarify agent-tool and CLI cron timezone guidance so supplied `tz` values use local wall-clock cron fields and omitted cron `tz` falls back to the Gateway host local timezone. Fixes #53669; carries forward #46177. (#73372) Thanks @chen-zhang-cs-code and @maranello-o.
- Providers/Qwen: allow explicitly configured `qwen/qwen3.6-plus` to resolve on Qwen Coding Plan endpoints while keeping the built-in catalog from advertising it there. Fixes #63654; carries forward #63987. Thanks @jepson-liu.
 - Channels/Telegram: keep Bot API network fallbacks sticky after failed attempts and retry timed-out startup control calls once on the fallback route, so `deleteWebhook` IPv6 stalls no longer trigger slow multi-account retry storms. Fixes #73255. Thanks @ttomiczek and @sktbrd.
 - Gateway/agents: accept heartbeat, cron, and webhook as internal channel hints for agent runs so `sessions_spawn` works from non-delivery parent sessions while unknown channel hints still fail closed. Fixes #73237. Thanks @KeWang0622.
 - Gateway/models: merge explicit `models.providers.*.models` rows into the Gateway model catalog with normalized provider/model dedupe, and use normalized image-capability lookup so custom vision models keep native image attachments even when Pi discovery omits them or model ID casing differs. Fixes #64213 and #65165. Thanks @billonese and @202233a.
@@ -371,7 +239,6 @@ Docs: https://docs.openclaw.ai
 - Discord/gateway: count failed health-monitor restart attempts toward cooldown and hourly caps, and evict stale account lifecycle state during channel reloads so repeated Discord gateway recovery cannot loop on old status. Fixes #38596. (#40413) Thanks @jellyAI-dev and @vashquez.
 - TTS/BlueBubbles: pre-transcode synthesized MP3 audio to opus-in-CAF (mono, 24 kHz — validated against macOS 15.x Messages.app's native voice-memo CAF descriptor) on macOS hosts before handing the file to BlueBubbles, so iMessage renders the result as a native voice-memo bubble with proper duration and waveform UI instead of a plain file attachment. Adds an opt-in `tts.voice.preferAudioFileFormat` channel capability and a magic-byte sniff for the CAF container so the host-local-media validator (which uses `file-type` and didn't recognize CAF natively) can verify the pre-transcoded buffer. Channels that don't opt in are unaffected. (#72586) Fixes #72506. Thanks @omarshahine.
 - Feishu: retry WebSocket startup failures with monitor-owned backoff while preserving SDK-local heartbeat defaults, so persistent-connection startup failures no longer leave the monitor hung. Fixes #68766; related #42354 and #55532. Thanks @alex-xuweilong, @120106835, @sirfengyu, and @tianhaocui.
- Cron: normalize isolated job tool allowlists before granting the narrow self-removal cron tool path, keeping scheduled jobs aligned with shared tool policy normalization. (#73028) Thanks @jalehman.

 ## 2026.4.26

@@ -379,7 +246,6 @@ Docs: https://docs.openclaw.ai

 - Control UI/Talk: add a generic browser realtime transport contract, Google Live browser Talk sessions with constrained ephemeral tokens, and a Gateway relay for backend-only realtime voice plugins. Thanks @VACInc.
 - CLI/models: route provider-filtered model listing through an explicit source plan so user config, installed manifest rows, Provider Index previews, and scoped runtime fallbacks keep a stable authority order without adding another catalog cache. Thanks @shakkernerd.
- Plugins/cron: add a typed `cron_changed` hook for observing gateway-owned cron lifecycle updates without depending on internal cron events. Thanks @amknight.
 - Providers: add Cerebras as a bundled plugin with onboarding, static model catalog, docs, and manifest-owned endpoint metadata.
 - Memory/OpenAI-compatible: add optional `memorySearch.inputType`, `queryInputType`, and `documentInputType` config for asymmetric embedding endpoints, including direct query embeddings and provider batch indexing. Carries forward #63313 and #60727. Thanks @HOYALIM and @prospect1314521.
 - Ollama/memory: add model-specific retrieval query prefixes for `nomic-embed-text`, `qwen3-embedding`, and `mxbai-embed-large` memory-search queries while leaving document batches unchanged. Carries forward #45013. Thanks @laolin5564.
@@ -536,7 +402,6 @@ Docs: https://docs.openclaw.ai
 - Agents/bootstrap: dedupe hook-injected bootstrap context files by workspace-relative path and store normalized resolved paths so duplicate relative and absolute hook paths no longer depend on the process cwd. (#59344; fixes #59319; related #56721, #56725, and #57587) Thanks @koen666.
 - Agents/bootstrap: refresh cached workspace bootstrap snapshots on long-lived main-session turns when `AGENTS.md`, `SOUL.md`, `MEMORY.md`, or `TOOLS.md` change on disk, while preserving unchanged snapshot identity through the workspace file cache. (#64871; related #43901, #26497, #28594, #30896) Thanks @aimqwest and @mikejuyoon.
 - macOS Gateway: detect installed-but-unloaded LaunchAgent split-brain states during status, doctor, and restart, and re-bootstrap launchd supervision before falling back to unmanaged listener restarts. Fixes #67335, #53475, and #71060; refs #58890, #60885, and #70801. Thanks @ze1tgeist88, @dafacto, and @vishutdhar.
- WhatsApp: clear cached Web auth and active listener state after terminal 440/401 conflict/logout closes so linked/OK status no longer masks a dead inbound listener after relink or restart. Fixes #45474; refs #49305, #63855, #66920, and #70856. Thanks @juvenalmakoszay and @dsantoreis.
 - Gateway/restart: keep local restart-health probes on configured local daemon auth without falling back to remote gateway credentials. (#57374, #59439) Thanks @zssggle-rgb and @roytong9.
 - Plugins/install: treat mirrored core logger dependencies as staged bundled runtime deps so packaged Gateway starts do not crash when the external plugin-runtime-deps root is missing `tslog`. Fixes #72228; supersedes #72493. Thanks @deepujain.
 - Build/plugins: preserve active bundled runtime-dependency staging temp directories owned by live build processes so overlapping postbuild runs no longer delete each other's staged deps mid-prune. Supersedes #72220. Thanks @VACInc.
@@ -548,7 +413,6 @@ Docs: https://docs.openclaw.ai
 - TTS/SecretRef: resolve `messages.tts.providers.*.apiKey` from the active runtime snapshot so SecretRef-backed MiniMax and other TTS provider keys work in runtime reply/audio paths. Fixes #68690. Thanks @joshavant.
 - Gateway/install: surface systemd user-bus recovery hints during Linux service activation and retry via the target user scope when `systemctl --user` reports no-medium bus failures, without letting stale `SUDO_USER` override `sudo -u` installs. Fixes #39673; refs #44417 and #63561. Thanks @Arbor4, @myrsu, @mssteuer, and @boyuaner.
 - CLI/nodes: make unfiltered `openclaw nodes list` prefer the effective paired-node view used by `nodes status` while preserving pending rows, pairing-scope fallback, terminal-safe table rendering, and paired JSON metadata. Fixes #46871; carries forward #65772 through the ProjectClownfish #72619 repair. Thanks @skainguyen1412.
- Memory Wiki/CLI: route active bridge-mode status, doctor, and bridge imports through Gateway RPC so CLI checks use the runtime memory plugin context while disabled bridge imports stay local/offline. Carries forward #67208 and #71479; related #70185. Thanks @moorsecopers99, @vincentkoc, and @prasad-yashdeep.
 - CLI/startup: read generated startup metadata from the bundled `dist` layout before falling back to live help rendering, so root/browser help and channel-option bootstrap stay on the fast path. Thanks @vincentkoc.
 - Feishu/Lark: stop treating broadcast-only `@all`/`@_all` messages as bot mentions while preserving direct bot mentions, including messages that also include `@all`. Fixes #37706. Thanks @JosepLee.
 - CLI/help: treat positional `help` invocations like `openclaw channels help` as help paths for startup gating, avoiding model/auth warmup while preserving positional arguments such as `openclaw docs help`. Thanks @gumadeiras.
@@ -1059,7 +923,6 @@ Docs: https://docs.openclaw.ai
 - Google Meet joins OpenClaw as a bundled participant plugin, with personal Google auth, Chrome/Twilio realtime sessions, paired-node Chrome support, artifact/attendance exports, and recovery tooling for already-open Meet tabs.
 - DeepSeek V4 Flash and V4 Pro are in the bundled catalog, V4 Flash is the onboarding default, and DeepSeek thinking/replay behavior is fixed for follow-up tool-call turns.
 - Talk, Voice Call, and Google Meet can use realtime voice loops that consult the full OpenClaw agent for deeper tool-backed answers.
- Providers/OpenRouter: add native video generation through `video_generate`, so OpenRouter video models work with `OPENROUTER_API_KEY`. (#72700) Thanks @notamicrodose.
 - Browser automation gets coordinate clicks, longer default action budgets, per-profile headless overrides, and steadier tab reuse/recovery.
 - Plugin and model infrastructure is lighter at startup: static model catalogs, manifest-backed model rows, lazy provider dependencies, and external runtime-dependency repair for packaged installs.

--- a/11
+++ b/11
@@ -130,8 +130,7 @@ RUN printf 'packages:\n  - .\n  - ui\n' > /tmp/pnpm-workspace.runtime.yaml && \
    cp /tmp/pnpm-workspace.runtime.yaml pnpm-workspace.yaml && \
    CI=true NPM_CONFIG_FROZEN_LOCKFILE=false pnpm prune --prod && \
    node scripts/postinstall-bundled-plugins.mjs && \
-    find dist -type f \( -name '*.d.ts' -o -name '*.d.mts' -o -name '*.d.cts' -o -name '*.map' \) -delete && \
-    node scripts/check-package-dist-imports.mjs /app
+    find dist -type f \( -name '*.d.ts' -o -name '*.d.mts' -o -name '*.d.cts' -o -name '*.map' \) -delete

 # ── Runtime base image ──────────────────────────────────────────
 FROM ${OPENCLAW_NODE_BOOKWORM_SLIM_IMAGE} AS base-runtime
@@ -259,12 +258,10 @@ RUN --mount=type=cache,id=openclaw-bookworm-apt-cache,target=/var/cache/apt,shar
 RUN ln -sf /app/openclaw.mjs /usr/local/bin/openclaw \
 && chmod 755 /app/openclaw.mjs

-# Pre-create the default state and runtime-deps dirs so first-run Docker named
-# volumes mounted here inherit node ownership instead of root-owned state.
+# Pre-create the default state dir so first-run Docker named volumes mounted
+# here inherit node ownership instead of starting as root-owned state.
 RUN install -d -m 0700 -o node -g node /home/node/.openclaw && \
-    install -d -m 0700 -o node -g node /var/lib/openclaw/plugin-runtime-deps && \
-    stat -c '%U:%G %a' /home/node/.openclaw | grep -qx 'node:node 700' && \
-    stat -c '%U:%G %a' /var/lib/openclaw/plugin-runtime-deps | grep -qx 'node:node 700'
+    stat -c '%U:%G %a' /home/node/.openclaw | grep -qx 'node:node 700'

 ENV NODE_ENV=production

--- a/apps/android/.editorconfig
+++ b/apps/android/.editorconfig
@@ -11,6 +11,9 @@ indent_style = space
 indent_size = 2
 max_line_length = off
 ktlint_standard_filename = disabled
+ktlint_standard_function-expression-body = disabled
 ktlint_standard_function-naming = disabled
+ktlint_standard_if-else-bracing = disabled
 ktlint_standard_max-line-length = disabled
+ktlint_standard_no-wildcard-imports = disabled
 ktlint_standard_property-naming = disabled
--- a/apps/android/app/build.gradle.kts
+++ b/apps/android/app/build.gradle.kts
@@ -33,10 +33,10 @@ if (wantsAndroidReleaseBuild && !hasAndroidReleaseSigning) {
 }

 plugins {
-  alias(libs.plugins.android.application)
-  alias(libs.plugins.ktlint)
-  alias(libs.plugins.kotlin.compose)
-  alias(libs.plugins.kotlin.serialization)
+  id("com.android.application")
+  id("org.jlleitschuh.gradle.ktlint")
+  id("org.jetbrains.kotlin.plugin.compose")
+  id("org.jetbrains.kotlin.plugin.serialization")
 }

 android {
@@ -78,9 +78,13 @@ android {
  productFlavors {
    create("play") {
      dimension = "store"
+      buildConfigField("boolean", "OPENCLAW_ENABLE_SMS", "false")
+      buildConfigField("boolean", "OPENCLAW_ENABLE_CALL_LOG", "false")
    }
    create("thirdParty") {
      dimension = "store"
+      buildConfigField("boolean", "OPENCLAW_ENABLE_SMS", "true")
+      buildConfigField("boolean", "OPENCLAW_ENABLE_CALL_LOG", "true")
    }
  }

@@ -129,7 +133,15 @@ android {
  }

  lint {
-    lintConfig = file("lint.xml")
+    disable +=
+      setOf(
+        "AndroidGradlePluginVersion",
+        "GradleDependency",
+        "HighAppVersionCode",
+        "IconLauncherShape",
+        "NewerVersionAvailable",
+        "OldTargetApi",
+      )
    warningsAsErrors = true
  }

@@ -172,57 +184,57 @@ ktlint {
 }

 dependencies {
-  val composeBom = platform(libs.androidx.compose.bom)
+  val composeBom = platform("androidx.compose:compose-bom:2026.04.01")
  implementation(composeBom)
  androidTestImplementation(composeBom)

-  implementation(libs.androidx.core.ktx)
-  implementation(libs.androidx.lifecycle.runtime.ktx)
-  implementation(libs.androidx.activity.compose)
-  implementation(libs.androidx.webkit)
+  implementation("androidx.core:core-ktx:1.18.0")
+  implementation("androidx.lifecycle:lifecycle-runtime-ktx:2.10.0")
+  implementation("androidx.activity:activity-compose:1.13.0")
+  implementation("androidx.webkit:webkit:1.15.0")

-  implementation(libs.androidx.compose.ui)
-  implementation(libs.androidx.compose.ui.tooling.preview)
-  implementation(libs.androidx.compose.material3)
+  implementation("androidx.compose.ui:ui")
+  implementation("androidx.compose.ui:ui-tooling-preview")
+  implementation("androidx.compose.material3:material3")
  // material-icons-extended pulled in full icon set (~20 MB DEX). Only ~18 icons used.
  // R8 will tree-shake unused icons when minify is enabled on release builds.
-  implementation(libs.androidx.compose.material.icons.extended)
+  implementation("androidx.compose.material:material-icons-extended")

-  debugImplementation(libs.androidx.compose.ui.tooling)
+  debugImplementation("androidx.compose.ui:ui-tooling")

  // Material Components (XML theme + resources)
-  implementation(libs.material)
+  implementation("com.google.android.material:material:1.13.0")

-  implementation(libs.kotlinx.coroutines.android)
-  implementation(libs.kotlinx.serialization.json)
+  implementation("org.jetbrains.kotlinx:kotlinx-coroutines-android:1.10.2")
+  implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.11.0")

-  implementation(libs.androidx.security.crypto)
-  implementation(libs.androidx.exifinterface)
-  implementation(libs.okhttp)
-  implementation(libs.bcprov)
-  implementation(libs.commonmark)
-  implementation(libs.commonmark.ext.autolink)
-  implementation(libs.commonmark.ext.gfm.strikethrough)
-  implementation(libs.commonmark.ext.gfm.tables)
-  implementation(libs.commonmark.ext.task.list.items)
+  implementation("androidx.security:security-crypto:1.1.0")
+  implementation("androidx.exifinterface:exifinterface:1.4.2")
+  implementation("com.squareup.okhttp3:okhttp:5.3.2")
+  implementation("org.bouncycastle:bcprov-jdk18on:1.84")
+  implementation("org.commonmark:commonmark:0.28.0")
+  implementation("org.commonmark:commonmark-ext-autolink:0.28.0")
+  implementation("org.commonmark:commonmark-ext-gfm-strikethrough:0.28.0")
+  implementation("org.commonmark:commonmark-ext-gfm-tables:0.28.0")
+  implementation("org.commonmark:commonmark-ext-task-list-items:0.28.0")

  // CameraX (for node.invoke camera.* parity)
-  implementation(libs.androidx.camera.core)
-  implementation(libs.androidx.camera.camera2)
-  implementation(libs.androidx.camera.lifecycle)
-  implementation(libs.androidx.camera.video)
-  implementation(libs.play.services.code.scanner)
+  implementation("androidx.camera:camera-core:1.6.0")
+  implementation("androidx.camera:camera-camera2:1.6.0")
+  implementation("androidx.camera:camera-lifecycle:1.6.0")
+  implementation("androidx.camera:camera-video:1.6.0")
+  implementation("com.google.android.gms:play-services-code-scanner:16.1.0")

  // Unicast DNS-SD (Wide-Area Bonjour) for tailnet discovery domains.
-  implementation(libs.dnsjava)
+  implementation("dnsjava:dnsjava:3.6.4")

-  testImplementation(libs.junit)
-  testImplementation(libs.kotlinx.coroutines.test)
-  testImplementation(libs.kotest.runner.junit5)
-  testImplementation(libs.kotest.assertions.core)
-  testImplementation(libs.mockwebserver)
-  testImplementation(libs.robolectric)
-  testRuntimeOnly(libs.junit.vintage.engine)
+  testImplementation("junit:junit:4.13.2")
+  testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test:1.10.2")
+  testImplementation("io.kotest:kotest-runner-junit5-jvm:6.1.11")
+  testImplementation("io.kotest:kotest-assertions-core-jvm:6.1.11")
+  testImplementation("com.squareup.okhttp3:mockwebserver:5.3.2")
+  testImplementation("org.robolectric:robolectric:4.16.1")
+  testRuntimeOnly("org.junit.vintage:junit-vintage-engine:6.0.3")
 }

 tasks.withType<Test>().configureEach {
--- a/apps/android/app/lint.xml
+++ b/apps/android/app/lint.xml
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<lint>
-    <issue id="AndroidGradlePluginVersion" severity="ignore" />
-    <issue id="GradleDependency" severity="ignore" />
-    <issue id="IconLauncherShape" severity="ignore" />
-    <issue id="NewerVersionAvailable" severity="ignore" />
-
-    <!-- OpenClaw uses date-based version codes (yyyyMMddNN), which are high but still below the Android max. -->
-    <issue id="HighAppVersionCode" severity="ignore" />
-
-    <!-- Target SDK follows the current release train; bump only after platform compatibility testing. -->
-    <issue id="OldTargetApi" severity="ignore" />
-</lint>
--- a/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt
@@ -13,33 +13,7 @@ import ai.openclaw.app.gateway.GatewaySession
 import ai.openclaw.app.gateway.GatewayTlsProbeFailure
 import ai.openclaw.app.gateway.GatewayTlsProbeResult
 import ai.openclaw.app.gateway.probeGatewayTlsFingerprint
-import ai.openclaw.app.node.A2UIHandler
-import ai.openclaw.app.node.CalendarHandler
-import ai.openclaw.app.node.CallLogHandler
-import ai.openclaw.app.node.CameraCaptureManager
-import ai.openclaw.app.node.CameraHandler
-import ai.openclaw.app.node.CanvasController
-import ai.openclaw.app.node.ConnectionManager
-import ai.openclaw.app.node.ContactsHandler
-import ai.openclaw.app.node.DEFAULT_SEAM_COLOR_ARGB
-import ai.openclaw.app.node.DebugHandler
-import ai.openclaw.app.node.DeviceHandler
-import ai.openclaw.app.node.DeviceNotificationListenerService
-import ai.openclaw.app.node.InvokeDispatcher
-import ai.openclaw.app.node.LocationCaptureManager
-import ai.openclaw.app.node.LocationHandler
-import ai.openclaw.app.node.MotionHandler
-import ai.openclaw.app.node.NodePresenceAliveBeacon
-import ai.openclaw.app.node.NotificationsHandler
-import ai.openclaw.app.node.PhotosHandler
-import ai.openclaw.app.node.Quad
-import ai.openclaw.app.node.SmsHandler
-import ai.openclaw.app.node.SmsManager
-import ai.openclaw.app.node.SystemHandler
-import ai.openclaw.app.node.asObjectOrNull
-import ai.openclaw.app.node.asStringOrNull
-import ai.openclaw.app.node.invokeErrorFromThrowable
-import ai.openclaw.app.node.parseHexColorArgb
+import ai.openclaw.app.node.*
 import ai.openclaw.app.protocol.OpenClawCanvasA2UIAction
 import ai.openclaw.app.voice.MicCaptureManager
 import ai.openclaw.app.voice.TalkModeManager
@@ -129,8 +103,8 @@ class NodeRuntime(
  private val deviceHandler: DeviceHandler =
    DeviceHandler(
      appContext = appContext,
-      smsEnabled = SensitiveFeatureConfig.smsEnabled,
-      callLogEnabled = SensitiveFeatureConfig.callLogEnabled,
+      smsEnabled = BuildConfig.OPENCLAW_ENABLE_SMS,
+      callLogEnabled = BuildConfig.OPENCLAW_ENABLE_CALL_LOG,
    )

  private val notificationsHandler: NotificationsHandler =
@@ -189,10 +163,10 @@ class NodeRuntime(
      voiceWakeMode = { VoiceWakeMode.Off },
      motionActivityAvailable = { motionHandler.isActivityAvailable() },
      motionPedometerAvailable = { motionHandler.isPedometerAvailable() },
-      sendSmsAvailable = { SensitiveFeatureConfig.smsEnabled && sms.canSendSms() },
-      readSmsAvailable = { SensitiveFeatureConfig.smsEnabled && sms.canReadSms() },
-      smsSearchPossible = { SensitiveFeatureConfig.smsEnabled && sms.hasTelephonyFeature() },
-      callLogAvailable = { SensitiveFeatureConfig.callLogEnabled },
+      sendSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canSendSms() },
+      readSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canReadSms() },
+      smsSearchPossible = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.hasTelephonyFeature() },
+      callLogAvailable = { BuildConfig.OPENCLAW_ENABLE_CALL_LOG },
      hasRecordAudioPermission = { hasRecordAudioPermission() },
      manualTls = { manualTls.value },
    )
@@ -216,11 +190,11 @@ class NodeRuntime(
      isForeground = { _isForeground.value },
      cameraEnabled = { cameraEnabled.value },
      locationEnabled = { locationMode.value != LocationMode.Off },
-      sendSmsAvailable = { SensitiveFeatureConfig.smsEnabled && sms.canSendSms() },
-      readSmsAvailable = { SensitiveFeatureConfig.smsEnabled && sms.canReadSms() },
-      smsFeatureEnabled = { SensitiveFeatureConfig.smsEnabled },
+      sendSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canSendSms() },
+      readSmsAvailable = { BuildConfig.OPENCLAW_ENABLE_SMS && sms.canReadSms() },
+      smsFeatureEnabled = { BuildConfig.OPENCLAW_ENABLE_SMS },
      smsTelephonyAvailable = { sms.hasTelephonyFeature() },
-      callLogAvailable = { SensitiveFeatureConfig.callLogEnabled },
+      callLogAvailable = { BuildConfig.OPENCLAW_ENABLE_CALL_LOG },
      debugBuild = { BuildConfig.DEBUG },
      refreshNodeCanvasCapability = { nodeSession.refreshNodeCanvasCapability() },
      onCanvasA2uiPush = {
--- a/apps/android/app/src/thirdParty/java/ai/openclaw/app/node/CallLogHandler.kt
+++ b/apps/android/app/src/thirdParty/java/ai/openclaw/app/node/CallLogHandler.kt
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/DeviceHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/DeviceHandler.kt
@@ -1,7 +1,6 @@
 package ai.openclaw.app.node

 import ai.openclaw.app.BuildConfig
-import ai.openclaw.app.SensitiveFeatureConfig
 import ai.openclaw.app.gateway.GatewaySession
 import android.Manifest
 import android.app.ActivityManager
@@ -26,8 +25,8 @@ import java.util.Locale

 class DeviceHandler(
  private val appContext: Context,
-  private val smsEnabled: Boolean = SensitiveFeatureConfig.smsEnabled,
-  private val callLogEnabled: Boolean = SensitiveFeatureConfig.callLogEnabled,
+  private val smsEnabled: Boolean = BuildConfig.OPENCLAW_ENABLE_SMS,
+  private val callLogEnabled: Boolean = BuildConfig.OPENCLAW_ENABLE_CALL_LOG,
 ) {
  companion object {
    internal fun hasAnySmsCapability(
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/SmsHandler.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/SmsHandler.kt
--- a/apps/android/app/src/thirdParty/java/ai/openclaw/app/node/SmsManager.kt
+++ b/apps/android/app/src/thirdParty/java/ai/openclaw/app/node/SmsManager.kt
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt
@@ -1,8 +1,8 @@
 package ai.openclaw.app.ui

+import ai.openclaw.app.BuildConfig
 import ai.openclaw.app.LocationMode
 import ai.openclaw.app.MainViewModel
-import ai.openclaw.app.SensitiveFeatureConfig
 import ai.openclaw.app.gateway.GatewayEndpoint
 import ai.openclaw.app.node.DeviceNotificationListenerService
 import android.Manifest
@@ -248,10 +248,10 @@ fun OnboardingFlow(

  val smsAvailable =
    remember(context) {
-      SensitiveFeatureConfig.smsEnabled &&
+      BuildConfig.OPENCLAW_ENABLE_SMS &&
        context.packageManager?.hasSystemFeature(PackageManager.FEATURE_TELEPHONY) == true
    }
-  val callLogAvailable = remember { SensitiveFeatureConfig.callLogEnabled }
+  val callLogAvailable = remember { BuildConfig.OPENCLAW_ENABLE_CALL_LOG }
  val motionAvailable =
    remember(context) {
      hasMotionCapabilities(context)
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/SettingsSheet.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/SettingsSheet.kt
@@ -4,7 +4,6 @@ import ai.openclaw.app.BuildConfig
 import ai.openclaw.app.LocationMode
 import ai.openclaw.app.MainViewModel
 import ai.openclaw.app.NotificationPackageFilterMode
-import ai.openclaw.app.SensitiveFeatureConfig
 import ai.openclaw.app.node.DeviceNotificationListenerService
 import ai.openclaw.app.normalizeLocalHourMinute
 import android.Manifest
@@ -205,10 +204,10 @@ fun SettingsSheet(viewModel: MainViewModel) {

  val smsPermissionAvailable =
    remember {
-      SensitiveFeatureConfig.smsEnabled &&
+      BuildConfig.OPENCLAW_ENABLE_SMS &&
        context.packageManager?.hasSystemFeature(PackageManager.FEATURE_TELEPHONY) == true
    }
-  val callLogPermissionAvailable = remember { SensitiveFeatureConfig.callLogEnabled }
+  val callLogPermissionAvailable = remember { BuildConfig.OPENCLAW_ENABLE_CALL_LOG }
  val photosPermission =
    if (Build.VERSION.SDK_INT >= 33) {
      Manifest.permission.READ_MEDIA_IMAGES
--- a/apps/android/app/src/play/java/ai/openclaw/app/SensitiveFeatureConfig.kt
+++ b/apps/android/app/src/play/java/ai/openclaw/app/SensitiveFeatureConfig.kt
@@ -1,6 +0,0 @@
-package ai.openclaw.app
-
-object SensitiveFeatureConfig {
-  const val smsEnabled: Boolean = false
-  const val callLogEnabled: Boolean = false
-}
--- a/apps/android/app/src/play/java/ai/openclaw/app/node/CallLogHandler.kt
+++ b/apps/android/app/src/play/java/ai/openclaw/app/node/CallLogHandler.kt
@@ -1,54 +0,0 @@
-package ai.openclaw.app.node
-
-import ai.openclaw.app.gateway.GatewaySession
-import android.content.Context
-
-internal data class CallLogRecord(
-  val number: String?,
-  val cachedName: String?,
-  val date: Long,
-  val duration: Long,
-  val type: Int,
-)
-
-internal data class CallLogSearchRequest(
-  val limit: Int,
-  val offset: Int,
-  val cachedName: String?,
-  val number: String?,
-  val date: Long?,
-  val dateStart: Long?,
-  val dateEnd: Long?,
-  val duration: Long?,
-  val type: Int?,
-)
-
-internal interface CallLogDataSource {
-  fun hasReadPermission(context: Context): Boolean
-
-  fun search(
-    context: Context,
-    request: CallLogSearchRequest,
-  ): List<CallLogRecord>
-}
-
-class CallLogHandler private constructor() {
-  constructor(
-    @Suppress("unused") appContext: Context,
-  ) : this()
-
-  fun handleCallLogSearch(
-    @Suppress("unused") paramsJson: String?,
-  ): GatewaySession.InvokeResult =
-    GatewaySession.InvokeResult.error(
-      code = "CALL_LOG_UNAVAILABLE",
-      message = "CALL_LOG_UNAVAILABLE: call log not available on this build",
-    )
-
-  companion object {
-    internal fun forTesting(
-      @Suppress("unused") appContext: Context,
-      @Suppress("unused") dataSource: CallLogDataSource,
-    ): CallLogHandler = CallLogHandler()
-  }
-}
--- a/apps/android/app/src/play/java/ai/openclaw/app/node/SmsManager.kt
+++ b/apps/android/app/src/play/java/ai/openclaw/app/node/SmsManager.kt
@@ -1,69 +0,0 @@
-package ai.openclaw.app.node
-
-import ai.openclaw.app.PermissionRequester
-import android.content.Context
-
-class SmsManager(
-  @Suppress("unused") private val context: Context,
-) {
-  data class SendResult(
-    val ok: Boolean,
-    val to: String,
-    val message: String?,
-    val error: String? = null,
-    val payloadJson: String,
-  )
-
-  data class SmsMessage(
-    val id: Long,
-    val threadId: Long,
-    val address: String?,
-    val person: String?,
-    val date: Long,
-    val dateSent: Long,
-    val read: Boolean,
-    val type: Int,
-    val body: String?,
-    val status: Int,
-    val transportType: String? = null,
-  )
-
-  data class SearchResult(
-    val ok: Boolean,
-    val messages: List<SmsMessage>,
-    val error: String? = null,
-    val payloadJson: String,
-  )
-
-  fun attachPermissionRequester(
-    @Suppress("unused") requester: PermissionRequester,
-  ) {
-  }
-
-  fun canSendSms(): Boolean = false
-
-  fun canSearchSms(): Boolean = false
-
-  fun canReadSms(): Boolean = false
-
-  fun hasTelephonyFeature(): Boolean = false
-
-  suspend fun send(paramsJson: String?): SendResult =
-    SendResult(
-      ok = false,
-      to = "",
-      message = null,
-      error = "SMS_PERMISSION_REQUIRED: grant SMS permission",
-      payloadJson = unavailablePayload(paramsJson),
-    )
-
-  suspend fun search(paramsJson: String?): SearchResult =
-    SearchResult(
-      ok = false,
-      messages = emptyList(),
-      error = "SMS_PERMISSION_REQUIRED: grant READ_SMS permission",
-      payloadJson = unavailablePayload(paramsJson),
-    )
-
-  private fun unavailablePayload(paramsJson: String?): String = """{"ok":false,"error":"SMS_UNAVAILABLE","paramsProvided":${!paramsJson.isNullOrBlank()}}"""
-}
--- a/apps/android/app/src/testThirdParty/java/ai/openclaw/app/node/CallLogHandlerTest.kt
+++ b/apps/android/app/src/testThirdParty/java/ai/openclaw/app/node/CallLogHandlerTest.kt
--- a/apps/android/app/src/testThirdParty/java/ai/openclaw/app/node/SmsManagerTest.kt
+++ b/apps/android/app/src/testThirdParty/java/ai/openclaw/app/node/SmsManagerTest.kt
--- a/apps/android/app/src/thirdParty/java/ai/openclaw/app/SensitiveFeatureConfig.kt
+++ b/apps/android/app/src/thirdParty/java/ai/openclaw/app/SensitiveFeatureConfig.kt
@@ -1,6 +0,0 @@
-package ai.openclaw.app
-
-object SensitiveFeatureConfig {
-  const val smsEnabled: Boolean = true
-  const val callLogEnabled: Boolean = true
-}
--- a/apps/android/app/src/thirdParty/java/ai/openclaw/app/node/SmsHandler.kt
+++ b/apps/android/app/src/thirdParty/java/ai/openclaw/app/node/SmsHandler.kt
@@ -1,39 +0,0 @@
-package ai.openclaw.app.node
-
-import ai.openclaw.app.gateway.GatewaySession
-
-class SmsHandler(
-  private val sms: SmsManager,
-) {
-  suspend fun handleSmsSend(paramsJson: String?): GatewaySession.InvokeResult {
-    val res = sms.send(paramsJson)
-    if (res.ok) {
-      return GatewaySession.InvokeResult.ok(res.payloadJson)
-    }
-    return errorResult(res.error, defaultCode = "SMS_SEND_FAILED")
-  }
-
-  suspend fun handleSmsSearch(paramsJson: String?): GatewaySession.InvokeResult {
-    val res = sms.search(paramsJson)
-    if (res.ok) {
-      return GatewaySession.InvokeResult.ok(res.payloadJson)
-    }
-    return errorResult(res.error, defaultCode = "SMS_SEARCH_FAILED")
-  }
-
-  private fun errorResult(
-    error: String?,
-    defaultCode: String,
-  ): GatewaySession.InvokeResult {
-    val rawMessage = error ?: defaultCode
-    val idx = rawMessage.indexOf(':')
-    val code = if (idx > 0) rawMessage.substring(0, idx).trim() else defaultCode
-    val message =
-      if (idx > 0 && code == rawMessage.substring(0, idx).trim()) {
-        rawMessage.substring(idx + 1).trim().ifEmpty { rawMessage }
-      } else {
-        rawMessage
-      }
-    return GatewaySession.InvokeResult.error(code = code, message = message)
-  }
-}
--- a/apps/android/benchmark/build.gradle.kts
+++ b/apps/android/benchmark/build.gradle.kts
@@ -1,6 +1,6 @@
 plugins {
-  alias(libs.plugins.android.test)
-  alias(libs.plugins.ktlint)
+  id("com.android.test")
+  id("org.jlleitschuh.gradle.ktlint")
 }

 android {
@@ -39,7 +39,7 @@ ktlint {
 }

 dependencies {
-  implementation(libs.androidx.benchmark.macro.junit4)
-  implementation(libs.androidx.test.ext.junit)
-  implementation(libs.androidx.uiautomator)
+  implementation("androidx.benchmark:benchmark-macro-junit4:1.4.1")
+  implementation("androidx.test.ext:junit:1.3.0")
+  implementation("androidx.test.uiautomator:uiautomator:2.4.0-beta02")
 }
--- a/apps/android/build.gradle.kts
+++ b/apps/android/build.gradle.kts
@@ -1,7 +1,7 @@
 plugins {
-  alias(libs.plugins.android.application) apply false
-  alias(libs.plugins.android.test) apply false
-  alias(libs.plugins.ktlint) apply false
-  alias(libs.plugins.kotlin.compose) apply false
-  alias(libs.plugins.kotlin.serialization) apply false
+  id("com.android.application") version "9.2.0" apply false
+  id("com.android.test") version "9.2.0" apply false
+  id("org.jlleitschuh.gradle.ktlint") version "14.2.0" apply false
+  id("org.jetbrains.kotlin.plugin.compose") version "2.3.21" apply false
+  id("org.jetbrains.kotlin.plugin.serialization") version "2.3.21" apply false
 }
--- a/apps/android/gradle/libs.versions.toml
+++ b/apps/android/gradle/libs.versions.toml
@@ -1,74 +0,0 @@
-[versions]
-agp = "9.2.0"
-androidx-activity = "1.13.0"
-androidx-benchmark = "1.4.1"
-androidx-camera = "1.6.0"
-androidx-compose-bom = "2026.04.01"
-androidx-core = "1.18.0"
-androidx-exifinterface = "1.4.2"
-androidx-lifecycle = "2.10.0"
-androidx-security = "1.1.0"
-androidx-test-ext = "1.3.0"
-androidx-uiautomator = "2.4.0-beta02"
-androidx-webkit = "1.15.0"
-bcprov = "1.84"
-commonmark = "0.28.0"
-coroutines = "1.10.2"
-dnsjava = "3.6.4"
-junit = "4.13.2"
-junit-vintage = "6.0.3"
-kotest = "6.1.11"
-ktlint-gradle = "14.2.0"
-kotlin = "2.3.21"
-material = "1.13.0"
-okhttp = "5.3.2"
-play-services-code-scanner = "16.1.0"
-robolectric = "4.16.1"
-serialization-json = "1.11.0"
-
-[libraries]
-androidx-activity-compose = { module = "androidx.activity:activity-compose", version.ref = "androidx-activity" }
-androidx-benchmark-macro-junit4 = { module = "androidx.benchmark:benchmark-macro-junit4", version.ref = "androidx-benchmark" }
-androidx-camera-camera2 = { module = "androidx.camera:camera-camera2", version.ref = "androidx-camera" }
-androidx-camera-core = { module = "androidx.camera:camera-core", version.ref = "androidx-camera" }
-androidx-camera-lifecycle = { module = "androidx.camera:camera-lifecycle", version.ref = "androidx-camera" }
-androidx-camera-video = { module = "androidx.camera:camera-video", version.ref = "androidx-camera" }
-androidx-compose-bom = { module = "androidx.compose:compose-bom", version.ref = "androidx-compose-bom" }
-androidx-compose-material-icons-extended = { module = "androidx.compose.material:material-icons-extended" }
-androidx-compose-material3 = { module = "androidx.compose.material3:material3" }
-androidx-compose-ui = { module = "androidx.compose.ui:ui" }
-androidx-compose-ui-tooling = { module = "androidx.compose.ui:ui-tooling" }
-androidx-compose-ui-tooling-preview = { module = "androidx.compose.ui:ui-tooling-preview" }
-androidx-core-ktx = { module = "androidx.core:core-ktx", version.ref = "androidx-core" }
-androidx-exifinterface = { module = "androidx.exifinterface:exifinterface", version.ref = "androidx-exifinterface" }
-androidx-lifecycle-runtime-ktx = { module = "androidx.lifecycle:lifecycle-runtime-ktx", version.ref = "androidx-lifecycle" }
-androidx-security-crypto = { module = "androidx.security:security-crypto", version.ref = "androidx-security" }
-androidx-test-ext-junit = { module = "androidx.test.ext:junit", version.ref = "androidx-test-ext" }
-androidx-uiautomator = { module = "androidx.test.uiautomator:uiautomator", version.ref = "androidx-uiautomator" }
-androidx-webkit = { module = "androidx.webkit:webkit", version.ref = "androidx-webkit" }
-bcprov = { module = "org.bouncycastle:bcprov-jdk18on", version.ref = "bcprov" }
-commonmark = { module = "org.commonmark:commonmark", version.ref = "commonmark" }
-commonmark-ext-autolink = { module = "org.commonmark:commonmark-ext-autolink", version.ref = "commonmark" }
-commonmark-ext-gfm-strikethrough = { module = "org.commonmark:commonmark-ext-gfm-strikethrough", version.ref = "commonmark" }
-commonmark-ext-gfm-tables = { module = "org.commonmark:commonmark-ext-gfm-tables", version.ref = "commonmark" }
-commonmark-ext-task-list-items = { module = "org.commonmark:commonmark-ext-task-list-items", version.ref = "commonmark" }
-dnsjava = { module = "dnsjava:dnsjava", version.ref = "dnsjava" }
-junit = { module = "junit:junit", version.ref = "junit" }
-junit-vintage-engine = { module = "org.junit.vintage:junit-vintage-engine", version.ref = "junit-vintage" }
-kotest-assertions-core = { module = "io.kotest:kotest-assertions-core-jvm", version.ref = "kotest" }
-kotest-runner-junit5 = { module = "io.kotest:kotest-runner-junit5-jvm", version.ref = "kotest" }
-kotlinx-coroutines-android = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-android", version.ref = "coroutines" }
-kotlinx-coroutines-test = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-test", version.ref = "coroutines" }
-kotlinx-serialization-json = { module = "org.jetbrains.kotlinx:kotlinx-serialization-json", version.ref = "serialization-json" }
-material = { module = "com.google.android.material:material", version.ref = "material" }
-mockwebserver = { module = "com.squareup.okhttp3:mockwebserver", version.ref = "okhttp" }
-okhttp = { module = "com.squareup.okhttp3:okhttp", version.ref = "okhttp" }
-play-services-code-scanner = { module = "com.google.android.gms:play-services-code-scanner", version.ref = "play-services-code-scanner" }
-robolectric = { module = "org.robolectric:robolectric", version.ref = "robolectric" }
-
-[plugins]
-android-application = { id = "com.android.application", version.ref = "agp" }
-android-test = { id = "com.android.test", version.ref = "agp" }
-kotlin-compose = { id = "org.jetbrains.kotlin.plugin.compose", version.ref = "kotlin" }
-kotlin-serialization = { id = "org.jetbrains.kotlin.plugin.serialization", version.ref = "kotlin" }
-ktlint = { id = "org.jlleitschuh.gradle.ktlint", version.ref = "ktlint-gradle" }
--- a/apps/macos/Sources/OpenClawProtocol/GatewayModels.swift
+++ b/apps/macos/Sources/OpenClawProtocol/GatewayModels.swift
@@ -4195,7 +4195,6 @@ public struct ExecApprovalRequestParams: Codable, Sendable {
    public let host: AnyCodable?
    public let security: AnyCodable?
    public let ask: AnyCodable?
-    public let warningtext: AnyCodable?
    public let agentid: AnyCodable?
    public let resolvedpath: AnyCodable?
    public let sessionkey: AnyCodable?
@@ -4217,7 +4216,6 @@ public struct ExecApprovalRequestParams: Codable, Sendable {
        host: AnyCodable?,
        security: AnyCodable?,
        ask: AnyCodable?,
-        warningtext: AnyCodable?,
        agentid: AnyCodable?,
        resolvedpath: AnyCodable?,
        sessionkey: AnyCodable?,
@@ -4238,7 +4236,6 @@ public struct ExecApprovalRequestParams: Codable, Sendable {
        self.host = host
        self.security = security
        self.ask = ask
-        self.warningtext = warningtext
        self.agentid = agentid
        self.resolvedpath = resolvedpath
        self.sessionkey = sessionkey
@@ -4261,7 +4258,6 @@ public struct ExecApprovalRequestParams: Codable, Sendable {
        case host
        case security
        case ask
-        case warningtext = "warningText"
        case agentid = "agentId"
        case resolvedpath = "resolvedPath"
        case sessionkey = "sessionKey"
--- a/apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift
+++ b/apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift
@@ -4195,7 +4195,6 @@ public struct ExecApprovalRequestParams: Codable, Sendable {
    public let host: AnyCodable?
    public let security: AnyCodable?
    public let ask: AnyCodable?
-    public let warningtext: AnyCodable?
    public let agentid: AnyCodable?
    public let resolvedpath: AnyCodable?
    public let sessionkey: AnyCodable?
@@ -4217,7 +4216,6 @@ public struct ExecApprovalRequestParams: Codable, Sendable {
        host: AnyCodable?,
        security: AnyCodable?,
        ask: AnyCodable?,
-        warningtext: AnyCodable?,
        agentid: AnyCodable?,
        resolvedpath: AnyCodable?,
        sessionkey: AnyCodable?,
@@ -4238,7 +4236,6 @@ public struct ExecApprovalRequestParams: Codable, Sendable {
        self.host = host
        self.security = security
        self.ask = ask
-        self.warningtext = warningtext
        self.agentid = agentid
        self.resolvedpath = resolvedpath
        self.sessionkey = sessionkey
@@ -4261,7 +4258,6 @@ public struct ExecApprovalRequestParams: Codable, Sendable {
        case host
        case security
        case ask
-        case warningtext = "warningText"
        case agentid = "agentId"
        case resolvedpath = "resolvedPath"
        case sessionkey = "sessionKey"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,6 @@
 services:
  openclaw-gateway:
    image: ${OPENCLAW_IMAGE:-openclaw:local}
-    build: .
    environment:
      HOME: /home/node
      TERM: xterm-256color
@@ -23,12 +22,10 @@ services:
      CLAUDE_AI_SESSION_KEY: ${CLAUDE_AI_SESSION_KEY:-}
      CLAUDE_WEB_SESSION_KEY: ${CLAUDE_WEB_SESSION_KEY:-}
      CLAUDE_WEB_COOKIE: ${CLAUDE_WEB_COOKIE:-}
-      OPENCLAW_PLUGIN_STAGE_DIR: /var/lib/openclaw/plugin-runtime-deps
      TZ: ${OPENCLAW_TZ:-UTC}
    volumes:
-      - ${OPENCLAW_CONFIG_DIR:-${HOME:-/tmp}/.openclaw}:/home/node/.openclaw
-      - ${OPENCLAW_WORKSPACE_DIR:-${HOME:-/tmp}/.openclaw/workspace}:/home/node/.openclaw/workspace
-      - openclaw-plugin-runtime-deps:/var/lib/openclaw/plugin-runtime-deps
+      - ${OPENCLAW_CONFIG_DIR}:/home/node/.openclaw
+      - ${OPENCLAW_WORKSPACE_DIR}:/home/node/.openclaw/workspace
      ## Uncomment the lines below to enable sandbox isolation
      ## (agents.defaults.sandbox). Requires Docker CLI in the image
      ## (build with --build-arg OPENCLAW_INSTALL_DOCKER_CLI=1) or use
@@ -87,18 +84,13 @@ services:
      CLAUDE_AI_SESSION_KEY: ${CLAUDE_AI_SESSION_KEY:-}
      CLAUDE_WEB_SESSION_KEY: ${CLAUDE_WEB_SESSION_KEY:-}
      CLAUDE_WEB_COOKIE: ${CLAUDE_WEB_COOKIE:-}
-      OPENCLAW_PLUGIN_STAGE_DIR: /var/lib/openclaw/plugin-runtime-deps
      TZ: ${OPENCLAW_TZ:-UTC}
    volumes:
-      - ${OPENCLAW_CONFIG_DIR:-${HOME:-/tmp}/.openclaw}:/home/node/.openclaw
-      - ${OPENCLAW_WORKSPACE_DIR:-${HOME:-/tmp}/.openclaw/workspace}:/home/node/.openclaw/workspace
-      - openclaw-plugin-runtime-deps:/var/lib/openclaw/plugin-runtime-deps
+      - ${OPENCLAW_CONFIG_DIR}:/home/node/.openclaw
+      - ${OPENCLAW_WORKSPACE_DIR}:/home/node/.openclaw/workspace
    stdin_open: true
    tty: true
    init: true
    entrypoint: ["node", "dist/index.js"]
    depends_on:
      - openclaw-gateway
-
-volumes:
-  openclaw-plugin-runtime-deps:
--- a/docs/.generated/config-baseline.sha256
+++ b/docs/.generated/config-baseline.sha256
@@ -1,4 +1,4 @@
-7f9815a297504c75022c4db2df250ce4cc9ff5c3f69250c67ca253b89148b9f3  config-baseline.json
-8bc9fda7c1096472beaa416a61043ce51d691d4dcad9ed3e0be46e68bb70b0ce  config-baseline.core.json
-45162ff84813be8a1fe561ed8d6245a248d5c6288ef9e9af51bdf4ec05ef65ad  config-baseline.channel.json
-0dd6583fafae6c9134e46c4cf9bddee9822d6436436dcb1a6dcba6d012962e51  config-baseline.plugin.json
+b1d76b9451b21434325e64d5bb531b9b995ba3bbf8f7b1628c09cce18f24c8e2  config-baseline.json
+58e98b59498060d301104b3772332de5600eb674687b06d0d32a202370709ee0  config-baseline.core.json
+a9f058ee9616e189dab7fc223e1207a49ae52b8490b8028935c9d0a2b16f81b2  config-baseline.channel.json
+1f5592bfd141ba1e982ce31763a253c10afb080ab4ea2b6538299b114e29cee1  config-baseline.plugin.json
--- a/docs/.generated/plugin-sdk-api-baseline.sha256
+++ b/docs/.generated/plugin-sdk-api-baseline.sha256
@@ -1,2 +1,2 @@
-e7d03a0d5aed4f1afb5c7d5e235a166e1e248090632248eaa92b0016531e7f3b  plugin-sdk-api-baseline.json
-b9bbf8e444b358485cb33c634d3f6f6588004a5c32482c1a473167957269ae58  plugin-sdk-api-baseline.jsonl
+9a688c953f0108f85f58c173e79c28363d846a592130abec04cafbcabbb22dcc  plugin-sdk-api-baseline.json
+010252e56202abde0816787588239c41b4bfb710b930a5454848a5ae76ad6dae  plugin-sdk-api-baseline.jsonl
--- a/docs/automation/tasks.md
+++ b/docs/automation/tasks.md
@@ -311,15 +311,12 @@ autocheckpoint threshold plus periodic and shutdown `TRUNCATE` checkpoints.

 ### Automatic maintenance

-A sweeper runs every **60 seconds** and handles four things:
+A sweeper runs every **60 seconds** and handles three things:

 <Steps>
  <Step title="Reconciliation">
    Checks whether active tasks still have authoritative runtime backing. ACP/subagent tasks use child-session state, cron tasks use active-job ownership, and chat-backed CLI tasks use the owning run context. If that backing state is gone for more than 5 minutes, the task is marked `lost`.
  </Step>
-  <Step title="ACP session repair">
-    Closes terminal parent-owned one-shot ACP sessions, and closes stale terminal persistent ACP sessions only when no active conversation binding remains.
-  </Step>
  <Step title="Cleanup stamping">
    Sets a `cleanupAfter` timestamp on terminal tasks (endedAt + 7 days). During retention, lost tasks still appear in audit as warnings; after `cleanupAfter` expires or when cleanup metadata is missing, they are errors.
  </Step>
--- a/docs/channels/discord.md
+++ b/docs/channels/discord.md
@@ -105,7 +105,6 @@ openclaw gateway
 ```

    If OpenClaw is already running as a background service, restart it via the OpenClaw Mac app or by stopping and restarting the `openclaw gateway run` process.
-    For managed service installs, run `openclaw gateway install` from a shell where `DISCORD_BOT_TOKEN` is present, or store the variable in `~/.openclaw/.env`, so the service can resolve the env SecretRef after restart.

  </Step>

@@ -176,7 +175,6 @@ openclaw pairing approve discord <CODE>

 <Note>
 Token resolution is account-aware. Config token values win over env fallback. `DISCORD_BOT_TOKEN` is only used for the default account.
-If two enabled Discord accounts resolve to the same bot token, OpenClaw starts only one gateway monitor for that token. A config-sourced token wins over the default env fallback; otherwise the first enabled account wins and the duplicate account is reported disabled.
 For advanced outbound calls (message tool/channel actions), an explicit per-call `token` is used for that call. This applies to send and read/probe-style actions (for example read/search/fetch/thread/pins/permissions). Account policy/retry settings still come from the selected account in the active runtime snapshot.
 </Note>

@@ -904,8 +902,6 @@ Default slash command settings:

    Discord auto-enables native exec approvals when `enabled` is unset or `"auto"` and at least one approver can be resolved, either from `execApprovals.approvers` or from `commands.ownerAllowFrom`. Discord does not infer exec approvers from channel `allowFrom`, legacy `dm.allowFrom`, or direct-message `defaultTo`. Set `enabled: false` to disable Discord as a native approval client explicitly.

-    For sensitive owner-only group commands such as `/diagnostics` and `/export-trajectory`, OpenClaw sends approval prompts and final results privately. It tries Discord DM first when the invoking owner has a Discord owner route; if that is not available, it falls back to the first available owner route from `commands.ownerAllowFrom`, such as Telegram.
-
    When `target` is `channel` or `both`, the approval prompt is visible in the channel. Only resolved approvers can use the buttons; other users receive an ephemeral denial. Approval prompts include the command text, so only enable channel delivery in trusted channels. If the channel ID cannot be derived from the session key, OpenClaw falls back to DM delivery.

    Discord also renders the shared approval buttons used by other chat channels. The native Discord adapter mainly adds approver DM routing and channel fanout.
@@ -1024,8 +1020,7 @@ Notes:
 - `voice.model` overrides the LLM used for Discord voice channel responses only. Leave it unset to inherit the routed agent model.
 - STT uses `tools.media.audio`; `voice.model` does not affect transcription.
 - Voice transcript turns derive owner status from Discord `allowFrom` (or `dm.allowFrom`); non-owner speakers cannot access owner-only tools (for example `gateway` and `cron`).
- Voice is enabled by default; set `channels.discord.voice.enabled=false` to disable voice runtime and the `GuildVoiceStates` gateway intent.
- `channels.discord.intents.voiceStates` can explicitly override voice-state intent subscription. Leave it unset for the intent to follow `voice.enabled`.
+- Voice is enabled by default; set `channels.discord.voice.enabled=false` to disable it.
 - `voice.daveEncryption` and `voice.decryptionFailureTolerance` pass through to `@discordjs/voice` join options.
 - `@discordjs/voice` defaults are `daveEncryption=true` and `decryptionFailureTolerance=24` if unset.
 - OpenClaw also watches receive decrypt failures and auto-recovers by leaving/rejoining the voice channel after repeated failures in a short window.
@@ -1135,18 +1130,6 @@ openclaw logs --follow

  </Accordion>

-  <Accordion title="Gateway metadata lookup timeout warnings">
-    OpenClaw fetches Discord `/gateway/bot` metadata before connecting. Transient failures fall back to Discord's default gateway URL and are rate-limited in logs.
-
-    Metadata timeout knobs:
-
-    - single-account: `channels.discord.gatewayInfoTimeoutMs`
-    - multi-account: `channels.discord.accounts.<accountId>.gatewayInfoTimeoutMs`
-    - env fallback when config is unset: `OPENCLAW_DISCORD_GATEWAY_INFO_TIMEOUT_MS`
-    - default: `30000` (30 seconds), max: `120000`
-
-  </Accordion>
-
  <Accordion title="Permissions audit mismatches">
    `channels status --probe` permission checks only work for numeric channel IDs.

@@ -1194,7 +1177,6 @@ Primary reference: [Configuration reference - Discord](/gateway/config-channels#
 - command: `commands.native`, `commands.useAccessGroups`, `configWrites`, `slashCommand.*`
 - event queue: `eventQueue.listenerTimeout` (listener budget), `eventQueue.maxQueueSize`, `eventQueue.maxConcurrency`
 - inbound worker: `inboundWorker.runTimeoutMs`
- gateway metadata: `gatewayInfoTimeoutMs`
 - reply/history: `replyToMode`, `historyLimit`, `dmHistoryLimit`, `dms.*.historyLimit`
 - delivery: `textChunkLimit`, `chunkMode`, `maxLinesPerMessage`
 - streaming: `streaming` (legacy alias: `streamMode`), `streaming.preview.toolProgress`, `draftChunk`, `blockStreaming`, `blockStreamingCoalesce`
--- a/docs/channels/group-messages.md
+++ b/docs/channels/group-messages.md
@@ -81,7 +81,7 @@ Only the owner number (from `channels.whatsapp.allowFrom`, or the bot’s own E.
 - Heartbeats are intentionally skipped for groups to avoid noisy broadcasts.
 - Echo suppression uses the combined batch string; if you send identical text twice without mentions, only the first will get a response.
 - Session store entries will appear as `agent:<agentId>:whatsapp:group:<jid>` in the session store (`~/.openclaw/agents/<agentId>/sessions/sessions.json` by default); a missing entry just means the group hasn’t triggered a run yet.
- Typing indicators in groups follow `agents.defaults.typingMode`. When visible replies use the default message-tool-only mode, typing starts immediately by default so group members can see the agent is working even if no automatic final reply is posted. Explicit typing-mode config still wins.
+- Typing indicators in groups follow `agents.defaults.typingMode` (default: `message` when unmentioned).

 ## Related

--- a/docs/channels/groups.md
+++ b/docs/channels/groups.md
@@ -45,8 +45,6 @@ That means the agent still processes the turn and can update memory/session stat

 This replaces the old pattern of forcing the model to answer `NO_REPLY` for most lurk-mode turns. In tool-only mode, doing nothing visible simply means not calling the message tool.

-Typing indicators are still sent while the agent works in tool-only mode. The default group typing mode is upgraded from "message" to "instant" for these turns because there may never be normal assistant message text before the agent decides whether to call the message tool. Explicit typing-mode config still wins.
-
 To restore legacy automatic final replies for group/channel rooms:

 ```json5
@@ -59,8 +57,6 @@ To restore legacy automatic final replies for group/channel rooms:
 }
 ```

-Native slash commands (Discord, Telegram, and other surfaces with native command support) bypass `visibleReplies: "message_tool"` and always reply visibly so the channel-native command UI gets the response it expects. This applies to validated native command turns only; text-typed `/...` commands and ordinary chat turns still follow the configured group default.
-
 ## Context visibility and allowlists

 Two different controls are involved in group safety:
--- a/docs/channels/index.md
+++ b/docs/channels/index.md
@@ -44,7 +44,6 @@ Text is supported everywhere; media and reactions vary by channel.
 - [WebChat](/web/webchat) — Gateway WebChat UI over WebSocket.
 - [WeChat](/channels/wechat) — Tencent iLink Bot plugin via QR login; private chats only (external plugin).
 - [WhatsApp](/channels/whatsapp) — Most popular; uses Baileys and requires QR pairing.
- [Yuanbao](/channels/yuanbao) — Tencent Yuanbao bot (external plugin).
 - [Zalo](/channels/zalo) — Zalo Bot API; Vietnam's popular messenger (bundled plugin).
 - [Zalo Personal](/channels/zalouser) — Zalo personal account via QR login (bundled plugin).

--- a/docs/channels/pairing.md
+++ b/docs/channels/pairing.md
@@ -7,7 +7,7 @@ read_when:
 title: "Pairing"
 ---

-“Pairing” is OpenClaw’s explicit access approval step.
+“Pairing” is OpenClaw’s explicit **owner approval** step.
 It is used in two places:

 1. **DM pairing** (who is allowed to talk to the bot)
@@ -34,12 +34,6 @@ openclaw pairing list telegram
 openclaw pairing approve telegram <CODE>
 ```

-If no command owner is configured yet, approving a DM pairing code also bootstraps
-`commands.ownerAllowFrom` to the approved sender, such as `telegram:123456789`.
-That gives first-time setups an explicit owner for privileged commands and exec
-approval prompts. After an owner exists, later pairing approvals only grant DM
-access; they do not add more owners.
-
 Supported channels: `bluebubbles`, `discord`, `feishu`, `googlechat`, `imessage`, `irc`, `line`, `matrix`, `mattermost`, `msteams`, `nextcloud-talk`, `nostr`, `openclaw-weixin`, `signal`, `slack`, `synology-chat`, `telegram`, `twitch`, `whatsapp`, `zalo`, `zalouser`.

 ### Where the state lives
@@ -59,12 +53,7 @@ Account scoping behavior:
 Treat these as sensitive (they gate access to your assistant).

 <Note>
-The pairing allowlist store is for DM access. Group authorization is separate.
-Approving a DM pairing code does not automatically allow that sender to run group
-commands or control the bot in groups. First-owner bootstrap is separate config
-state in `commands.ownerAllowFrom`, and group chat delivery still follows the
-channel's group allowlists (for example `groupAllowFrom`, `groups`, or per-group
-or per-topic overrides depending on the channel).
+This store is for DM access. Group authorization is separate. Approving a DM pairing code does not automatically allow that sender to run group commands or control the bot in groups. For group access, configure the channel's explicit group allowlists (for example `groupAllowFrom`, `groups`, or per-group or per-topic overrides depending on the channel).
 </Note>

 ## 2) Node device pairing (iOS/Android/macOS/headless nodes)
--- a/docs/channels/slack.md
+++ b/docs/channels/slack.md
@@ -117,27 +117,6 @@ openclaw gateway
  </Tab>
 </Tabs>

-## Socket Mode transport tuning
-
-OpenClaw sets the Slack SDK client pong timeout to 15 seconds by default for Socket Mode. Override the transport settings only when you need workspace- or host-specific tuning:
-
-```json5
-{
-  channels: {
-    slack: {
-      mode: "socket",
-      socketMode: {
-        clientPingTimeout: 20000,
-        serverPingTimeout: 30000,
-        pingPongLoggingEnabled: false,
-      },
-    },
-  },
-}
-```
-
-Use this only for Socket Mode workspaces that log Slack websocket pong/server-ping timeouts or run on hosts with known event-loop starvation. `clientPingTimeout` is the pong wait after the SDK sends a client ping; `serverPingTimeout` is the wait for Slack server pings. App messages and events remain application state, not transport liveness signals.
-
 ## Manifest and scope checklist

 The base Slack app manifest is the same for Socket Mode and HTTP Request URLs. Only the `settings` block (and the slash command `url`) differs.
@@ -632,8 +611,6 @@ Notes:
  <Accordion title="Inbound attachments">
    Slack file attachments are downloaded from Slack-hosted private URLs (token-authenticated request flow) and written to the media store when fetch succeeds and size limits permit. File placeholders include the Slack `fileId` so agents can fetch the original file with `download-file`.

-    Downloads use bounded idle and total timeouts. If Slack file retrieval stalls or fails, OpenClaw keeps processing the message and falls back to the file placeholder.
-
    Runtime inbound size cap defaults to `20MB` unless overridden by `channels.slack.mediaMaxMb`.

  </Accordion>
--- a/docs/channels/telegram.md
+++ b/docs/channels/telegram.md
@@ -111,8 +111,6 @@ Token resolution order is account-aware. In practice, config values win over env
    - `open` (requires `allowFrom` to include `"*"`)
    - `disabled`

-    `dmPolicy: "open"` with `allowFrom: ["*"]` lets any Telegram account that finds or guesses the bot username command the bot. Use it only for intentionally public bots with tightly restricted tools; one-owner bots should use `allowlist` with numeric user IDs.
-
    `channels.telegram.allowFrom` accepts numeric Telegram user IDs. `telegram:` / `tg:` prefixes are accepted and normalized.
    `dmPolicy: "allowlist"` with empty `allowFrom` blocks all DMs and is rejected by config validation.
    Setup asks for numeric user IDs only.
@@ -122,9 +120,8 @@ Token resolution order is account-aware. In practice, config values win over env
    For one-owner bots, prefer `dmPolicy: "allowlist"` with explicit numeric `allowFrom` IDs to keep access policy durable in config (instead of depending on previous pairing approvals).

    Common confusion: DM pairing approval does not mean "this sender is authorized everywhere".
-    Pairing grants DM access. If no command owner exists yet, the first approved pairing also sets `commands.ownerAllowFrom` so owner-only commands and exec approvals have an explicit operator account.
-    Group sender authorization still comes from explicit config allowlists.
-    If you want "I am authorized once and both DMs and group commands work", put your numeric Telegram user ID in `channels.telegram.allowFrom`; for owner-only commands, make sure `commands.ownerAllowFrom` contains `telegram:<your user id>`.
+    Pairing grants DM access only. Group sender authorization still comes from explicit config allowlists.
+    If you want "I am authorized once and both DMs and group commands work", put your numeric Telegram user ID in `channels.telegram.allowFrom`.

    ### Finding your Telegram user ID

@@ -298,7 +295,7 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
    }
    ```

-    Use `streaming.mode: "off"` only when you want final-only delivery: Telegram preview edits are disabled and generic tool/progress chatter is suppressed instead of being sent as standalone "Working..." messages. Approval prompts, media payloads, and errors still route through normal final delivery. Use `streaming.preview.toolProgress: false` when you only want to keep answer preview edits while hiding the tool-progress status lines.
+    Use `streaming.mode: "off"` only when you want to disable Telegram preview edits entirely. Use `streaming.preview.toolProgress: false` when you only want to disable the tool-progress status lines.

    For text-only replies:

@@ -778,12 +775,10 @@ openclaw message poll --channel telegram --target -1001234567890:topic:42 \
    Config path:

    - `channels.telegram.execApprovals.enabled` (auto-enables when at least one approver is resolvable)
-    - `channels.telegram.execApprovals.approvers` (falls back to numeric owner IDs from `commands.ownerAllowFrom`)
+    - `channels.telegram.execApprovals.approvers` (falls back to numeric owner IDs from `allowFrom` / `defaultTo`)
    - `channels.telegram.execApprovals.target`: `dm` (default) | `channel` | `both`
    - `agentFilter`, `sessionFilter`

-    `channels.telegram.allowFrom`, `groupAllowFrom`, and `defaultTo` control who can talk to the bot and where it sends normal replies. They do not make someone an exec approver. The first approved DM pairing bootstraps `commands.ownerAllowFrom` when no command owner exists yet, so the one-owner setup still works without duplicating IDs under `execApprovals.approvers`.
-
    Channel delivery shows the command text in the chat; only enable `channel` or `both` in trusted groups/topics. When the prompt lands in a forum topic, OpenClaw preserves the topic for the approval prompt and the follow-up. Exec approvals expire after 30 minutes by default.

    Inline approval buttons also require `channels.telegram.capabilities.inlineButtons` to allow the target surface (`dm`, `group`, or `all`). Approval IDs prefixed with `plugin:` resolve through plugin approvals; others resolve through exec approvals first.
--- a/docs/channels/troubleshooting.md
+++ b/docs/channels/troubleshooting.md
@@ -31,12 +31,12 @@ Healthy baseline:

 ### WhatsApp failure signatures

-| Symptom                         | Fastest check                                       | Fix                                                                                                                              |
-| ------------------------------- | --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- |
-| Connected but no DM replies     | `openclaw pairing list whatsapp`                    | Approve sender or switch DM policy/allowlist.                                                                                    |
-| Group messages ignored          | Check `requireMention` + mention patterns in config | Mention the bot or relax mention policy for that group.                                                                          |
-| QR login times out with 408     | Check gateway `HTTPS_PROXY` / `HTTP_PROXY` env      | Set a reachable proxy; use `NO_PROXY` only for bypasses.                                                                         |
-| Random disconnect/relogin loops | `openclaw channels status --probe` + logs           | Recent reconnects are flagged even when currently connected; watch logs, restart the gateway, then relink if flapping continues. |
+| Symptom                         | Fastest check                                       | Fix                                                      |
+| ------------------------------- | --------------------------------------------------- | -------------------------------------------------------- |
+| Connected but no DM replies     | `openclaw pairing list whatsapp`                    | Approve sender or switch DM policy/allowlist.            |
+| Group messages ignored          | Check `requireMention` + mention patterns in config | Mention the bot or relax mention policy for that group.  |
+| QR login times out with 408     | Check gateway `HTTPS_PROXY` / `HTTP_PROXY` env      | Set a reachable proxy; use `NO_PROXY` only for bypasses. |
+| Random disconnect/relogin loops | `openclaw channels status --probe` + logs           | Re-login and verify credentials directory is healthy.    |

 Full troubleshooting: [WhatsApp troubleshooting](/channels/whatsapp#troubleshooting)

--- a/docs/channels/whatsapp.md
+++ b/docs/channels/whatsapp.md
@@ -147,7 +147,6 @@ OpenClaw recommends running WhatsApp on a separate number when possible. (The ch

 - Gateway owns the WhatsApp socket and reconnect loop.
 - The reconnect watchdog uses WhatsApp Web transport activity, not only inbound app-message volume, so a quiet linked-device session is not restarted solely because nobody has sent a message recently. A longer application-silence cap still forces a reconnect if transport frames keep arriving but no application messages are handled for the watchdog window.
- Baileys socket timings are explicit under `web.whatsapp.*`: `keepAliveIntervalMs` controls WhatsApp Web application pings, `connectTimeoutMs` controls the opening handshake timeout, and `defaultQueryTimeoutMs` controls Baileys query timeouts.
 - Outbound sends require an active WhatsApp listener for the target account.
 - Status and broadcast chats are ignored (`@status`, `@broadcast`).
 - Direct chats use DM session rules (`session.dmScope`; default `main` collapses DMs to the agent main session).
@@ -521,23 +520,6 @@ Behavior notes:
    restarts when WhatsApp Web transport activity stops, the socket closes, or
    application-level activity stays silent beyond the longer safety window.

-    If logs show repeated `status=408 Request Time-out Connection was lost`, tune
-    Baileys socket timings under `web.whatsapp`. Start by shortening
-    `keepAliveIntervalMs` below your network's idle timeout and increasing
-    `connectTimeoutMs` on slow or lossy links:
-
-    ```json5
-    {
-      web: {
-        whatsapp: {
-          keepAliveIntervalMs: 15000,
-          connectTimeoutMs: 60000,
-          defaultQueryTimeoutMs: 60000,
-        },
-      },
-    }
-    ```
-
    Fix:

    ```bash
@@ -661,7 +643,7 @@ High-signal WhatsApp fields:
 - access: `dmPolicy`, `allowFrom`, `groupPolicy`, `groupAllowFrom`, `groups`
 - delivery: `textChunkLimit`, `chunkMode`, `mediaMaxMb`, `sendReadReceipts`, `ackReaction`, `reactionLevel`
 - multi-account: `accounts.<id>.enabled`, `accounts.<id>.authDir`, account-level overrides
- operations: `configWrites`, `debounceMs`, `web.enabled`, `web.heartbeatSeconds`, `web.reconnect.*`, `web.whatsapp.*`
+- operations: `configWrites`, `debounceMs`, `web.enabled`, `web.heartbeatSeconds`, `web.reconnect.*`
 - session behavior: `session.dmScope`, `historyLimit`, `dmHistoryLimit`, `dms.<id>.historyLimit`
 - prompts: `groups.<id>.systemPrompt`, `groups["*"].systemPrompt`, `direct.<id>.systemPrompt`, `direct["*"].systemPrompt`

--- a/docs/ci.md
+++ b/docs/ci.md
@@ -45,13 +45,6 @@ provider failures easier to rerun and diagnose. The aggregate
 `native-live-extensions-media-music` shard names remain valid for manual
 one-shot reruns.

-The native live media shards run in
-`ghcr.io/openclaw/openclaw-live-media-runner:ubuntu-24.04`, built by the
-`Live Media Runner Image` workflow. That image preinstalls `ffmpeg` and
-`ffprobe`; media jobs only verify the binaries before setup. Keep Docker-backed
-live suites on normal Blacksmith runners, because container jobs are the wrong
-place to launch nested Docker tests.
-
 `OpenClaw Release Checks` uses the trusted workflow ref to resolve the selected
 ref once into a `release-package-under-test` tarball, then passes that artifact
 to both the live/E2E release-path Docker workflow and the package acceptance
@@ -237,44 +230,16 @@ or overlapping changed hunks.
 The `CodeQL` workflow is intentionally a narrow first-pass security scanner,
 not the full repository sweep. Daily and manual runs scan Actions workflow code
 plus the highest-risk JavaScript/TypeScript auth, secrets, sandbox, cron, and
-gateway surfaces with high-precision security queries. The
-channel-runtime-boundary job separately scans core channel implementation
-contracts plus the channel plugin runtime, gateway, Plugin SDK, secrets, and
-audit touchpoints under the `/codeql-critical-security/channel-runtime-boundary`
-category so channel security signal can scale without broadening the baseline
-JS/TS category.
-
-The `CodeQL Android Critical Security` workflow is the scheduled Android
-security shard. It builds the Android app manually for CodeQL on the smallest
-Blacksmith Linux runner label accepted by workflow sanity and uploads results
-under the `/codeql-critical-security/android` category.
-
-The `CodeQL macOS Critical Security` workflow is the weekly/manual macOS
-security shard. It builds the macOS app manually for CodeQL on Blacksmith macOS,
-filters dependency build results out of the uploaded SARIF, and uploads results
-under the `/codeql-critical-security/macos` category. Keep it outside the daily
-default workflow because the macOS build dominates runtime even when clean.
+gateway surfaces with high-precision security queries. Android and macOS remain
+manual security shards so their runtime and alert quality can be tracked
+separately.

 The `CodeQL Critical Quality` workflow is the matching non-security shard. It
 runs only error-severity, non-security JavaScript/TypeScript quality queries
-over narrow high-value surfaces on the smaller Blacksmith Linux runner. Its
-baseline job scans the same auth, secrets, sandbox, cron, and gateway surface
-as the security workflow. The config-boundary
-job scans config schema, migration, normalization, and IO contracts under the
-separate `/codeql-critical-quality/config-boundary` category. The
-gateway-runtime-boundary job scans gateway protocol schemas and server method
-contracts under the separate
-`/codeql-critical-quality/gateway-runtime-boundary` category. The
-channel-runtime-boundary job scans core channel implementation contracts under
-the separate `/codeql-critical-quality/channel-runtime-boundary` category. The
-agent-runtime-boundary job scans command execution, model/provider dispatch,
-auto-reply dispatch and queues, and ACP control-plane runtime contracts under
-the separate `/codeql-critical-quality/agent-runtime-boundary` category. The
-plugin-boundary job scans loader, registry, public-surface, and Plugin SDK
-entrypoint contracts under a separate `/codeql-critical-quality/plugin-boundary`
-category. Keep the workflow separate from security so quality findings can be
-scheduled, measured, disabled, or expanded without obscuring security signal.
-Swift, Python, UI, and bundled-plugin CodeQL expansion should be added back as
+over the same narrow auth, secrets, sandbox, cron, and gateway surface. Keep it
+separate from the security workflow so quality findings can be scheduled,
+measured, disabled, or expanded without obscuring security signal. Swift,
+Android, Python, UI, and bundled-plugin CodeQL expansion should be added back as
 scoped or sharded follow-up work only after the narrow profiles have stable
 runtime and signal.

@@ -401,7 +366,6 @@ The automatic CI concurrency key is versioned (`CI-v7-*`) so a GitHub-side zombi
 | Runner                           | Jobs                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
 | -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `ubuntu-24.04`                   | `preflight`, fast security jobs and aggregates (`security-scm-fast`, `security-dependency-audit`, `security-fast`), fast protocol/contract/bundled checks, sharded channel contract checks, `check` shards except lint, `check-additional` shards and aggregates, Node test aggregate verifiers, docs checks, Python skills, workflow-sanity, labeler, auto-response; install-smoke preflight also uses GitHub-hosted Ubuntu so the Blacksmith matrix can queue earlier |
-| `blacksmith-4vcpu-ubuntu-2404`   | `CodeQL Critical Quality`, lower-weight extension shards, `checks-fast-core`, `checks-node-compat-node22`, `check-prod-types`, and `check-test-types`                                                                                                                                                                                                                                                                                                                   |
 | `blacksmith-8vcpu-ubuntu-2404`   | `build-artifacts`, build-smoke, Linux Node test shards, bundled plugin test shards, `android`                                                                                                                                                                                                                                                                                                                                                                           |
 | `blacksmith-16vcpu-ubuntu-2404`  | `check-lint`, which remains CPU-sensitive enough that 8 vCPU cost more than it saved; install-smoke Docker builds, where 32-vCPU queue time cost more than it saved                                                                                                                                                                                                                                                                                                     |
 | `blacksmith-16vcpu-windows-2025` | `checks-windows`                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
--- a/docs/cli/cron.md
+++ b/docs/cli/cron.md
@@ -183,12 +183,6 @@ Announce to a specific channel:
 openclaw cron edit <job-id> --announce --channel slack --to "channel:C1234567890"
 ```

-Announce to a Telegram forum topic:
-
-```bash
-openclaw cron edit <job-id> --announce --channel telegram --to "-1001234567890" --thread-id 42
-```
-
 Create an isolated job with lightweight bootstrap context:

 ```bash
--- a/docs/cli/doctor.md
+++ b/docs/cli/doctor.md
@@ -51,7 +51,6 @@ Notes:
 - Doctor auto-migrates legacy flat Talk config (`talk.voiceId`, `talk.modelId`, and friends) into `talk.provider` + `talk.providers.<provider>`.
 - Repeat `doctor --fix` runs no longer report/apply Talk normalization when the only difference is object key order.
 - Doctor includes a memory-search readiness check and can recommend `openclaw configure --section model` when embedding credentials are missing.
- Doctor warns when no command owner is configured. The command owner is the human operator account allowed to run owner-only commands and approve dangerous actions. DM pairing only lets someone talk to the bot; if you approved a sender before first-owner bootstrap existed, set `commands.ownerAllowFrom` explicitly.
 - If sandbox mode is enabled but Docker is unavailable, doctor reports a high-signal warning with remediation (`install Docker` or `openclaw config set agents.defaults.sandbox.mode off`).
 - If `gateway.auth.token`/`gateway.auth.password` are SecretRef-managed and unavailable in the current command path, doctor reports a read-only warning and does not write plaintext fallback credentials.
 - If channel SecretRef inspection fails in a fix path, doctor continues and reports a warning instead of exiting early.
--- a/docs/cli/gateway.md
+++ b/docs/cli/gateway.md
@@ -145,7 +145,7 @@ When you set `--url`, the CLI does not fall back to config or environment creden
 openclaw gateway health --url ws://127.0.0.1:18789
 ```

-The HTTP `/healthz` endpoint is a liveness probe: it returns once the server can answer HTTP. The HTTP `/readyz` endpoint is stricter and stays red while startup sidecars, channels, or configured hooks are still settling. Local or authenticated detailed readiness responses include an `eventLoop` diagnostic block with event-loop delay, event-loop utilization, CPU core ratio, and a `degraded` flag.
+The HTTP `/healthz` endpoint is a liveness probe: it returns once the server can answer HTTP. The HTTP `/readyz` endpoint is stricter and stays red while startup sidecars, channels, or configured hooks are still settling.

 ### `gateway usage-cost`

@@ -323,7 +323,6 @@ openclaw gateway probe --json
    - `Capability: read-only|write-capable|admin-capable|pairing-pending|connect-only` reports what the probe could prove about auth. It is separate from reachability.
    - `Read probe: ok` means read-scope detail RPC calls (`health`/`status`/`system-presence`/`config.get`) also succeeded.
    - `Read probe: limited - missing scope: operator.read` means connect succeeded but read-scope RPC is limited. This is reported as **degraded** reachability, not full failure.
-    - `Read probe: failed` after `Connect: ok` means the Gateway accepted the WebSocket connection, but follow-up read diagnostics timed out or failed. This is also **degraded** reachability, not an unreachable Gateway.
    - Like `gateway status`, probe reuses existing cached device auth but does not create first-time device identity or pairing state.
    - Exit code is non-zero only when no probed target is reachable.

@@ -332,7 +331,7 @@ openclaw gateway probe --json
    Top level:

    - `ok`: at least one target is reachable.
-    - `degraded`: at least one target accepted a connection but did not complete full detail RPC diagnostics.
+    - `degraded`: at least one target had scope-limited detail RPC.
    - `capability`: best capability seen across reachable targets (`read_only`, `write_capable`, `admin_capable`, `pairing_pending`, `connected_no_operator_scope`, or `unknown`).
    - `primaryTargetId`: best target to treat as the active winner in this order: explicit URL, SSH tunnel, configured remote, then local loopback.
    - `warnings[]`: best-effort warning records with `code`, `message`, and optional `targetIds`.
--- a/docs/cli/infer.md
+++ b/docs/cli/infer.md
@@ -107,19 +107,18 @@ and the shared capability runtime before the provider request is made.

 This table maps common inference tasks to the corresponding infer command.

-| Task                         | Command                                                                                       | Notes                                                 |
-| ---------------------------- | --------------------------------------------------------------------------------------------- | ----------------------------------------------------- |
-| Run a text/model prompt      | `openclaw infer model run --prompt "..." --json`                                              | Uses the normal local path by default                 |
-| Run a model prompt on images | `openclaw infer model run --prompt "Describe this" --file ./image.png --model provider/model` | Repeat `--file` for multiple image inputs             |
-| Generate an image            | `openclaw infer image generate --prompt "..." --json`                                         | Use `image edit` when starting from an existing file  |
-| Describe an image file       | `openclaw infer image describe --file ./image.png --prompt "..." --json`                      | `--model` must be an image-capable `<provider/model>` |
-| Transcribe audio             | `openclaw infer audio transcribe --file ./memo.m4a --json`                                    | `--model` must be `<provider/model>`                  |
-| Synthesize speech            | `openclaw infer tts convert --text "..." --output ./speech.mp3 --json`                        | `tts status` is gateway-oriented                      |
-| Generate a video             | `openclaw infer video generate --prompt "..." --json`                                         | Supports provider hints such as `--resolution`        |
-| Describe a video file        | `openclaw infer video describe --file ./clip.mp4 --json`                                      | `--model` must be `<provider/model>`                  |
-| Search the web               | `openclaw infer web search --query "..." --json`                                              |                                                       |
-| Fetch a web page             | `openclaw infer web fetch --url https://example.com --json`                                   |                                                       |
-| Create embeddings            | `openclaw infer embedding create --text "..." --json`                                         |                                                       |
+| Task                    | Command                                                                | Notes                                                 |
+| ----------------------- | ---------------------------------------------------------------------- | ----------------------------------------------------- |
+| Run a text/model prompt | `openclaw infer model run --prompt "..." --json`                       | Uses the normal local path by default                 |
+| Generate an image       | `openclaw infer image generate --prompt "..." --json`                  | Use `image edit` when starting from an existing file  |
+| Describe an image file  | `openclaw infer image describe --file ./image.png --json`              | `--model` must be an image-capable `<provider/model>` |
+| Transcribe audio        | `openclaw infer audio transcribe --file ./memo.m4a --json`             | `--model` must be `<provider/model>`                  |
+| Synthesize speech       | `openclaw infer tts convert --text "..." --output ./speech.mp3 --json` | `tts status` is gateway-oriented                      |
+| Generate a video        | `openclaw infer video generate --prompt "..." --json`                  | Supports provider hints such as `--resolution`        |
+| Describe a video file   | `openclaw infer video describe --file ./clip.mp4 --json`               | `--model` must be `<provider/model>`                  |
+| Search the web          | `openclaw infer web search --query "..." --json`                       |                                                       |
+| Fetch a web page        | `openclaw infer web fetch --url https://example.com --json`            |                                                       |
+| Create embeddings       | `openclaw infer embedding create --text "..." --json`                  |                                                       |

 ## Behavior

@@ -132,10 +131,7 @@ This table maps common inference tasks to the corresponding infer command.
 - Gateway-managed state commands default to gateway.
 - The normal local path does not require the gateway to be running.
 - Local `model run` is a lean one-shot provider completion. It resolves the configured agent model and auth, but does not start a chat-agent turn, load tools, or open bundled MCP servers.
- `model run --file` accepts image files, detects their MIME type, and sends them with the supplied prompt to the selected model. Repeat `--file` for multiple images.
- `model run --file` rejects non-image inputs. Use `infer audio transcribe` for audio files and `infer video describe` for video files.
- `model run --gateway` exercises Gateway routing, saved auth, provider selection, and the embedded runtime, but still runs as a raw model probe: it sends the supplied prompt and any image attachments without prior session transcript, bootstrap/AGENTS context, context-engine assembly, tools, or bundled MCP servers.
- `model run --gateway --model <provider/model>` requires a trusted operator gateway credential because the request asks the Gateway to run a one-off provider/model override.
+- `model run --gateway` exercises Gateway routing, saved auth, provider selection, and the embedded runtime, but still runs as a raw model probe: it sends the supplied prompt without prior session transcript, bootstrap/AGENTS context, context-engine assembly, tools, or bundled MCP servers.

 ## Model

@@ -143,8 +139,7 @@ Use `model` for provider-backed text inference and model/provider inspection.

 ```bash
 openclaw infer model run --prompt "Reply with exactly: smoke-ok" --json
-openclaw infer model run --prompt "Summarize this changelog entry" --model openai/gpt-5.4 --json
-openclaw infer model run --prompt "Describe this image in one sentence" --file ./photo.jpg --model google/gemini-2.5-flash --json
+openclaw infer model run --prompt "Summarize this changelog entry" --provider openai --json
 openclaw infer model providers --json
 openclaw infer model inspect --name gpt-5.5 --json
 ```
@@ -159,15 +154,11 @@ openclaw infer model run --local --model google/gemini-2.5-flash --prompt "Reply
 openclaw infer model run --local --model groq/llama-3.1-8b-instant --prompt "Reply with exactly: pong" --json
 openclaw infer model run --local --model mistral/mistral-small-latest --prompt "Reply with exactly: pong" --json
 openclaw infer model run --local --model openai/gpt-4.1 --prompt "Reply with exactly: pong" --json
-openclaw infer model run --local --model ollama/qwen2.5vl:7b --prompt "Describe this image." --file ./photo.jpg --json
 ```

 Notes:

 - Local `model run` is the narrowest CLI smoke for provider/model/auth health because it sends only the supplied prompt to the selected model.
- Local `model run --file` keeps that lean path and attaches image content directly to the single user message. Common image files such as PNG, JPEG, and WebP work when their MIME type is detected as `image/*`; unsupported or unrecognized files fail before the provider is called.
- `model run --file` is best when you want to test the selected multimodal text model directly. Use `infer image describe` when you want OpenClaw's image-understanding provider selection and default image-model routing.
- The selected model must support image input; text-only models may reject the request at the provider layer.
 - `model run --prompt` must contain non-whitespace text; empty prompts are rejected before local providers or the Gateway are called.
 - Local `model run` exits non-zero when the provider returns no text output, so unreachable local providers and empty completions do not look like successful probes.
 - Use `model run --gateway` when you need to test Gateway routing, agent-runtime setup, or Gateway-managed provider state while keeping the model input raw. Use `openclaw agent` or chat surfaces when you want the full agent context, tools, memory, and session transcript.
@@ -185,10 +176,8 @@ openclaw infer image generate --prompt "slow image backend" --timeout-ms 180000
 openclaw infer image edit --file ./logo.png --model openai/gpt-image-1.5 --output-format png --background transparent --prompt "keep the logo, remove the background" --json
 openclaw infer image edit --file ./poster.png --prompt "make this a vertical story ad" --size 2160x3840 --aspect-ratio 9:16 --resolution 4K --json
 openclaw infer image describe --file ./photo.jpg --json
-openclaw infer image describe --file ./receipt.jpg --prompt "Extract the merchant, date, and total" --json
-openclaw infer image describe-many --file ./before.png --file ./after.png --prompt "Compare the screenshots and list visible UI changes" --json
 openclaw infer image describe --file ./ui-screenshot.png --model openai/gpt-4.1-mini --json
-openclaw infer image describe --file ./photo.jpg --model ollama/qwen2.5vl:7b --prompt "Describe the image in one sentence" --timeout-ms 300000 --json
+openclaw infer image describe --file ./photo.jpg --model ollama/qwen2.5vl:7b --json
 ```

 Notes:
@@ -219,8 +208,6 @@ Notes:
  output paths. When `--output` is set, the final extension may follow the
  provider's returned MIME type.

- For `image describe` and `image describe-many`, use `--prompt` to give the vision model a task-specific instruction such as OCR, comparison, UI inspection, or concise captioning.
- Use `--timeout-ms` with slow local vision models or cold Ollama starts.
 - For `image describe`, `--model` must be an image-capable `<provider/model>`.
 - For local Ollama vision models, pull the model first and set `OLLAMA_API_KEY` to any placeholder value, for example `ollama-local`. See [Ollama](/providers/ollama#vision-and-image-description).

--- a/docs/cli/pairing.md
+++ b/docs/cli/pairing.md
@@ -57,19 +57,12 @@ Options:
 - `--account <accountId>`: account id for multi-account channels
 - `--notify`: send a confirmation back to the requester on the same channel

-Owner bootstrap:
-
- If `commands.ownerAllowFrom` is empty when you approve a pairing code, OpenClaw also records the approved sender as the command owner, using a channel-scoped entry such as `telegram:123456789`.
- This only bootstraps the first owner. Later pairing approvals do not replace or expand `commands.ownerAllowFrom`.
- The command owner is the human operator account allowed to run owner-only commands and approve dangerous actions such as `/diagnostics`, `/export-trajectory`, `/config`, and exec approvals.
-
 ## Notes

 - Channel input: pass it positionally (`pairing list telegram`) or with `--channel <channel>`.
 - `pairing list` supports `--account <accountId>` for multi-account channels.
 - `pairing approve` supports `--account <accountId>` and `--notify`.
 - If only one pairing-capable channel is configured, `pairing approve <code>` is allowed.
- If you approved a sender before this bootstrap existed, run `openclaw doctor`; it warns when no command owner is configured and shows the `openclaw config set commands.ownerAllowFrom ...` command to fix it.

 ## Related

--- a/docs/cli/plugins.md
+++ b/docs/cli/plugins.md
@@ -48,10 +48,6 @@ openclaw plugins marketplace list <marketplace>
 openclaw plugins marketplace list <marketplace> --json
 ```

-For slow install, inspect, uninstall, or registry-refresh investigation, run the
-command with `OPENCLAW_PLUGIN_LIFECYCLE_TRACE=1`. The trace writes phase timings
-to stderr and keeps JSON output parseable. See [Debugging](/help/debugging#plugin-lifecycle-trace).
-
 <Note>
 Bundled plugins ship with OpenClaw. Some are enabled by default (for example bundled model providers, bundled speech providers, and the bundled browser plugin); others require `plugins enable`.

@@ -100,8 +96,6 @@ Bare package names are checked against ClawHub first, then npm. Treat plugin ins

    This CLI flag applies to plugin install/update flows. Gateway-backed skill dependency installs use the matching `dangerouslyForceUnsafeInstall` request override, while `openclaw skills install` remains a separate ClawHub skill download/install flow.

-    If a plugin you published on ClawHub is blocked by a registry scan, use the publisher steps in [ClawHub](/tools/clawhub).
-
  </Accordion>
  <Accordion title="Hook packs and npm specs">
    `plugins install` is also the install surface for hook packs that expose `openclaw.hooks` in `package.json`. Use `openclaw hooks` for filtered hook visibility and per-hook enablement, not package installation.
--- a/docs/cli/sessions.md
+++ b/docs/cli/sessions.md
@@ -26,17 +26,6 @@ Scope selection:
 - `--all-agents`: aggregate all configured agent stores
 - `--store <path>`: explicit store path (cannot be combined with `--agent` or `--all-agents`)

-Export a trajectory bundle for a stored session:
-
-```bash
-openclaw sessions export-trajectory --session-key "agent:main:telegram:direct:123" --workspace .
-openclaw sessions export-trajectory --session-key "agent:main:telegram:direct:123" --output bug-123 --json
-```
-
-This is the command path used by the `/export-trajectory` slash command after
-the owner approves the exec request. The output directory is always resolved
-inside `.openclaw/trajectory-exports/` under the selected workspace.
-
 `openclaw sessions --all-agents` reads configured agent stores. Gateway and ACP
 session discovery are broader: they also include disk-only stores found under
 the default `agents/` root or a templated `session.store` root. Those
--- a/docs/cli/wiki.md
+++ b/docs/cli/wiki.md
@@ -68,18 +68,10 @@ Inspect current vault mode, health, and Obsidian CLI availability.
 Use this first when you are unsure whether the vault is initialized, bridge mode
 is healthy, or Obsidian integration is available.

-When bridge mode is active and configured to read memory artifacts, this command
-queries the running Gateway so it sees the same active memory plugin context as
-agent/runtime memory.
-
 ### `wiki doctor`

 Run wiki health checks and surface configuration or vault problems.

-When bridge mode is active and configured to read memory artifacts, this command
-queries the running Gateway before building the report. Disabled bridge imports
-and bridge configs that do not read memory artifacts remain local/offline.
-
 Typical issues include:

 - bridge mode enabled without public memory artifacts
@@ -176,11 +168,6 @@ source pages.
 Use this in `bridge` mode when you want the latest exported memory artifacts
 pulled into the wiki vault.

-For active bridge artifact reads, the CLI routes the import through Gateway RPC
-so the import uses the runtime memory plugin context. If bridge imports are
-disabled or artifact reads are turned off, the command keeps the local/offline
-zero-import behavior.
-
 ### `wiki unsafe-local import`

 Import from explicitly configured local paths in `unsafe-local` mode.
--- a/docs/concepts/active-memory.md
+++ b/docs/concepts/active-memory.md
@@ -80,7 +80,7 @@ because it follows your existing provider, auth, and model preferences.
 If you want Active Memory to feel faster, use a dedicated inference model
 instead of borrowing the main chat model. Recall quality matters, but latency
 matters more than for the main answer path, and Active Memory's tool surface
-is narrow (it only calls available memory recall tools).
+is narrow (it only calls `memory_search` and `memory_get`).

 Good fast-model options:

@@ -256,34 +256,6 @@ allowedChatTypes: ["direct", "group"]
 allowedChatTypes: ["direct", "group", "channel"]
 ```

-For narrower rollout, use `config.allowedChatIds` and
-`config.deniedChatIds` after choosing the allowed session types.
-
-`allowedChatIds` is an explicit allowlist of resolved conversation ids. When it
-is non-empty, Active Memory only runs when the session's conversation id is in
-that list. This narrows every allowed chat type at once, including direct
-messages. If you want all direct messages plus only specific groups, include
-the direct peer ids in `allowedChatIds` or keep `allowedChatTypes` focused on
-the group/channel rollout you are testing.
-
-`deniedChatIds` is an explicit denylist. It always wins over
-`allowedChatTypes` and `allowedChatIds`, so a matching conversation is skipped
-even when its session type is otherwise allowed.
-
-The ids come from the persistent channel session key: for example Feishu
-`chat_id` / `open_id`, Telegram chat id, or Slack channel id. Matching is
-case-insensitive. If `allowedChatIds` is non-empty and OpenClaw cannot resolve a
-conversation id for the session, Active Memory skips the turn instead of
-guessing.
-
-Example:
-
-```json5
-allowedChatTypes: ["direct", "group"],
-allowedChatIds: ["ou_operator_open_id", "oc_small_ops_group"],
-deniedChatIds: ["oc_large_public_group"]
-```
-
 ## Where it runs

 Active memory is a conversational enrichment feature, not a platform-wide
@@ -332,9 +304,8 @@ flowchart LR
  I --> M["Main Reply"]
 ```

-The blocking memory sub-agent can use only the available memory recall tools:
+The blocking memory sub-agent can use only:

- `memory_recall`
 - `memory_search`
 - `memory_get`

@@ -563,9 +534,6 @@ The most important fields are:
 | `enabled`                   | `boolean`                                                                                            | Enables the plugin itself                                                                              |
 | `config.agents`             | `string[]`                                                                                           | Agent ids that may use active memory                                                                   |
 | `config.model`              | `string`                                                                                             | Optional blocking memory sub-agent model ref; when unset, active memory uses the current session model |
-| `config.allowedChatTypes`   | `("direct" \| "group" \| "channel")[]`                                                               | Session types that may run Active Memory; defaults to direct-message style sessions                    |
-| `config.allowedChatIds`     | `string[]`                                                                                           | Optional per-conversation allowlist applied after `allowedChatTypes`; non-empty lists fail closed      |
-| `config.deniedChatIds`      | `string[]`                                                                                           | Optional per-conversation denylist that overrides allowed session types and allowed ids                |
 | `config.queryMode`          | `"message" \| "recent" \| "full"`                                                                    | Controls how much conversation the blocking memory sub-agent sees                                      |
 | `config.promptStyle`        | `"balanced" \| "strict" \| "contextual" \| "recall-heavy" \| "precision-heavy" \| "preference-only"` | Controls how eager or strict the blocking memory sub-agent is when deciding whether to return memory   |
 | `config.thinking`           | `"off" \| "minimal" \| "low" \| "medium" \| "high" \| "xhigh" \| "adaptive" \| "max"`                | Advanced thinking override for the blocking memory sub-agent; default `off` for speed                  |
@@ -579,14 +547,14 @@ The most important fields are:

 Useful tuning fields:

-| Key                           | Type     | Meaning                                                                            |
-| ----------------------------- | -------- | ---------------------------------------------------------------------------------- |
-| `config.maxSummaryChars`      | `number` | Maximum total characters allowed in the active-memory summary                      |
-| `config.recentUserTurns`      | `number` | Prior user turns to include when `queryMode` is `recent`                           |
-| `config.recentAssistantTurns` | `number` | Prior assistant turns to include when `queryMode` is `recent`                      |
-| `config.recentUserChars`      | `number` | Max chars per recent user turn                                                     |
-| `config.recentAssistantChars` | `number` | Max chars per recent assistant turn                                                |
-| `config.cacheTtlMs`           | `number` | Cache reuse for repeated identical queries (range: 1000-120000 ms; default: 15000) |
+| Key                           | Type     | Meaning                                                       |
+| ----------------------------- | -------- | ------------------------------------------------------------- |
+| `config.maxSummaryChars`      | `number` | Maximum total characters allowed in the active-memory summary |
+| `config.recentUserTurns`      | `number` | Prior user turns to include when `queryMode` is `recent`      |
+| `config.recentAssistantTurns` | `number` | Prior assistant turns to include when `queryMode` is `recent` |
+| `config.recentUserChars`      | `number` | Max chars per recent user turn                                |
+| `config.recentAssistantChars` | `number` | Max chars per recent assistant turn                           |
+| `config.cacheTtlMs`           | `number` | Cache reuse for repeated identical queries                    |

 ## Recommended setup

@@ -645,10 +613,9 @@ If active memory is too slow:

 ## Common issues

-Active Memory rides on the configured memory plugin's recall pipeline, so most
-recall surprises are embedding-provider problems, not Active Memory bugs. The
-default `memory-core` path uses `memory_search`; `memory-lancedb` uses
-`memory_recall`.
+Active Memory rides on the normal `memory_search` pipeline under
+`agents.defaults.memorySearch`, so most recall surprises are embedding-provider
+problems, not Active Memory bugs.

 <AccordionGroup>
  <Accordion title="Embedding provider switched or stopped working">
--- a/docs/concepts/agent-loop.md
+++ b/docs/concepts/agent-loop.md
@@ -162,7 +162,6 @@ surfaces, while Codex native hooks remain a separate lower-level Codex mechanism

 - `agent.wait` default: 30s (just the wait). `timeoutMs` param overrides.
 - Agent runtime: `agents.defaults.timeoutSeconds` default 172800s (48 hours); enforced in `runEmbeddedPiAgent` abort timer.
- Stuck-session recovery: with diagnostics enabled, `diagnostics.stuckSessionWarnMs` detects long `processing` sessions. Active embedded runs, active reply operations, and active session-lane tasks remain warning-only by default; if diagnostics show no active work for the session, the watchdog releases the affected session lane so queued startup work can drain.
 - Model idle timeout: OpenClaw aborts a model request when no response chunks arrive before the idle window. `models.providers.<id>.timeoutSeconds` extends this idle watchdog for slow local/self-hosted providers; otherwise OpenClaw uses `agents.defaults.timeoutSeconds` when configured, capped at 120s by default. Cron-triggered runs with no explicit model or agent timeout disable the idle watchdog and rely on the cron outer timeout.
 - Provider HTTP request timeout: `models.providers.<id>.timeoutSeconds` applies to that provider's model HTTP fetches, including connect, headers, body, SDK request timeout, total guarded-fetch abort handling, and model stream idle watchdog. Use this for slow local/self-hosted providers such as Ollama before raising the whole agent runtime timeout.

--- a/docs/concepts/context-engine.md
+++ b/docs/concepts/context-engine.md
@@ -122,7 +122,7 @@ A plugin can register a context engine using the plugin API:
 import { buildMemorySystemPromptAddition } from "openclaw/plugin-sdk/core";

 export default function register(api) {
-  api.registerContextEngine("my-engine", (ctx) => ({
+  api.registerContextEngine("my-engine", () => ({
    info: {
      id: "my-engine",
      name: "My Context Engine",
@@ -154,10 +154,6 @@ export default function register(api) {
 }
 ```

-The factory `ctx` includes optional `config`, `agentDir`, and `workspaceDir`
-values so plugins can initialize per-agent or per-workspace state before the
-first lifecycle hook runs.
-
 Then enable it in config:

 ```json5
--- a/docs/concepts/model-providers.md
+++ b/docs/concepts/model-providers.md
@@ -674,7 +674,6 @@ Example (OpenAI‑compatible):
    - For slow local models or remote LAN/tailnet hosts, set `models.providers.<id>.timeoutSeconds`. This extends provider model HTTP request handling, including connect, headers, body streaming, and the total guarded-fetch abort, without increasing the whole agent runtime timeout.
    - If `baseUrl` is empty/omitted, OpenClaw keeps the default OpenAI behavior (which resolves to `api.openai.com`).
    - For safety, an explicit `compat.supportsDeveloperRole: true` is still overridden on non-native `openai-completions` endpoints.
-    - For `api: "anthropic-messages"` on non-direct endpoints (any provider other than canonical `anthropic`, or a custom `models.providers.anthropic.baseUrl` whose host is not a public `api.anthropic.com` endpoint), OpenClaw suppresses implicit Anthropic beta headers such as `claude-code-20250219`, `interleaved-thinking-2025-05-14`, and OAuth markers, so custom Anthropic-compatible proxies do not reject unsupported beta flags. Set `models.providers.<id>.headers["anthropic-beta"]` explicitly if your proxy needs specific beta features.

  </Accordion>
 </AccordionGroup>
--- a/docs/concepts/models.md
+++ b/docs/concepts/models.md
@@ -131,12 +131,6 @@ This happens **before** a normal reply is generated, so the message can feel lik

 </Warning>

-For local/GGUF models, store the full provider-prefixed ref in the allowlist,
-for example `ollama/gemma4:26b`, `lmstudio/Gemma4-26b-a4-it-gguf`, or the
-exact provider/model shown by `openclaw models list --provider <provider>`.
-Bare local filenames or display names are not enough when the allowlist is
-active.
-
 Example allowlist config:

 ```json5
--- a/docs/concepts/queue.md
+++ b/docs/concepts/queue.md
@@ -85,7 +85,6 @@ Defaults: `debounceMs: 1000`, `cap: 20`, `drop: summarize`.

 - If commands seem stuck, enable verbose logs and look for “queued for …ms” lines to confirm the queue is draining.
 - If you need queue depth, enable verbose logs and watch for queue timing lines.
- When diagnostics are enabled, sessions that remain in `processing` past `diagnostics.stuckSessionWarnMs` log a stuck-session warning. Active embedded runs, active reply operations, and active lane tasks remain warning-only by default; stale startup bookkeeping with no active session work can release the affected session lane so queued work drains.

 ## Related

--- a/docs/concepts/session-tool.md
+++ b/docs/concepts/session-tool.md
@@ -93,11 +93,6 @@ the response:
  immediately.
 - **Wait for reply:** set a timeout and get the response inline.

-Messages and A2A follow-up replies are marked as inter-session data in the
-receiving prompt (`[Inter-session message ... isUser=false]`) and in transcript
-provenance. The receiving agent should treat them as tool-routed data, not as a
-direct end-user-authored instruction.
-
 After the target responds, OpenClaw can run a **reply-back loop** where the
 agents alternate messages (up to 5 turns). The target agent can reply
 `REPLY_SKIP` to stop early.
--- a/docs/concepts/streaming.md
+++ b/docs/concepts/streaming.md
@@ -191,7 +191,7 @@ Supported surfaces:
 - **Discord**, **Slack**, **Telegram**, and **Matrix** stream tool-progress into the live preview edit by default when preview streaming is active.
 - Telegram has shipped with tool-progress preview updates enabled since `v2026.4.22`; keeping them enabled preserves that released behavior.
 - **Mattermost** already folds tool activity into its single draft preview post (see above).
- Tool-progress edits follow the active preview streaming mode; they are skipped when preview streaming is `off` or when block streaming has taken over the message. On Telegram, `streaming.mode: "off"` is final-only: generic progress chatter is also suppressed instead of being delivered as standalone "Working..." messages, while approval prompts, media payloads, and errors still route normally.
+- Tool-progress edits follow the active preview streaming mode; they are skipped when preview streaming is `off` or when block streaming has taken over the message.
 - To keep preview streaming but hide tool-progress lines, set `streaming.preview.toolProgress` to `false` for that channel. To disable preview edits entirely, set `streaming.mode` to `off`.

 Example:
--- a/docs/concepts/system-prompt.md
+++ b/docs/concepts/system-prompt.md
@@ -53,14 +53,6 @@ The prompt is intentionally compact and uses fixed sections:
 - **Runtime**: host, OS, node, model, repo root (when detected), thinking level (one line).
 - **Reasoning**: current visibility level + /reasoning toggle hint.

-OpenClaw keeps large stable content, including **Project Context**, above the
-internal prompt cache boundary. Volatile channel/session sections such as
-Control UI embed guidance, **Messaging**, **Voice**, **Group Chat Context**,
-**Reactions**, **Heartbeats**, and **Runtime** are appended below that boundary
-so local backends with prefix caches can reuse the stable workspace prefix
-across channel turns. Tool descriptions should likewise avoid embedding current
-channel names when the accepted schema already carries that runtime detail.
-
 The Tooling section also includes runtime guidance for long-running work:

 - use cron for future follow-up (`check back later`, reminders, recurring work)
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -1084,7 +1084,6 @@
                  "channels/wechat",
                  "channels/qqbot",
                  "channels/feishu",
-                  "channels/yuanbao",
                  "channels/zalo",
                  "channels/zalouser"
                ]
--- a/docs/gateway/bonjour.md
+++ b/docs/gateway/bonjour.md
@@ -137,7 +137,6 @@ The Gateway writes a rolling log file (printed on startup as
 `gateway log file: ...`). Look for `bonjour:` lines, especially:

 - `bonjour: advertise failed ...`
- `bonjour: suppressing ciao cancellation ...`
 - `bonjour: ... name conflict resolved` / `hostname conflict resolved`
 - `bonjour: watchdog detected non-announced service ...`
 - `bonjour: disabling advertiser after ... failed restarts ...`
--- a/docs/gateway/cli-backends.md
+++ b/docs/gateway/cli-backends.md
@@ -224,27 +224,6 @@ Serialization notes:
  rotation does not cut the stored CLI session. If a CLI does not expose a
  stable OAuth account id, OpenClaw lets that CLI enforce resume permissions.

-## Fallback prelude from claude-cli sessions
-
-When a `claude-cli` attempt fails over to a non-CLI candidate in
-[`agents.defaults.model.fallbacks`](/concepts/model-failover), OpenClaw seeds
-the next attempt with a context prelude harvested from Claude Code's local
-JSONL transcript at `~/.claude/projects/`. Without this seed, the fallback
-provider would start cold because OpenClaw's own session transcript is empty
-for `claude-cli` runs.
-
- The prelude prefers the latest `/compact` summary or `compact_boundary`
-  marker, then appends the most recent post-boundary turns up to a char
-  budget. Pre-boundary turns are dropped because the summary already represents
-  them.
- Tool blocks are coalesced to compact `(tool call: name)` and
-  `(tool result: …)` hints to keep the prompt budget honest. The summary is
-  labeled `(truncated)` if it overflows.
- Same-provider `claude-cli` to `claude-cli` fallbacks rely on Claude's own
-  `--resume` and skip the prelude.
- The seed reuses the existing Claude session-file path validation, so
-  arbitrary paths cannot be read.
-
 ## Images (pass-through)

 If your CLI accepts image paths, set `imageArg`:
--- a/docs/gateway/config-agents.md
+++ b/docs/gateway/config-agents.md
@@ -125,9 +125,8 @@ knob.
  `agents.defaults.bootstrapTotalMaxChars`:
  normal workspace bootstrap injection.
 - `agents.defaults.startupContext.*`:
-  one-shot reset/startup model-run prelude, including recent daily
-  `memory/*.md` files. Bare chat `/new` and `/reset` commands are
-  acknowledged without invoking the model.
+  one-shot `/new` and `/reset` startup prelude, including recent daily
+  `memory/*.md` files.
 - `skills.limits.*`:
  the compact skills list injected into the system prompt.
 - `agents.defaults.contextLimits.*`:
@@ -143,9 +142,8 @@ budget:

 #### `agents.defaults.startupContext`

-Controls the first-turn startup prelude injected on reset/startup model runs.
-Bare chat `/new` and `/reset` commands acknowledge the reset without invoking
-the model, so they do not load this prelude.
+Controls the first-turn startup prelude injected on bare `/new` and `/reset`
+runs.

 ```json5
 {
@@ -342,7 +340,6 @@ Time format in system prompt. Default: `auto` (OS preference).
 - `imageModel`: accepts either a string (`"provider/model"`) or an object (`{ primary, fallbacks }`).
  - Used by the `image` tool path as its vision-model config.
  - Also used as fallback routing when the selected/default model cannot accept image input.
-  - Prefer explicit `provider/model` refs. Bare IDs are accepted for compatibility; if a bare ID uniquely matches a configured image-capable entry in `models.providers.*.models`, OpenClaw qualifies it to that provider. Ambiguous configured matches require an explicit provider prefix.
 - `imageGenerationModel`: accepts either a string (`"provider/model"`) or an object (`{ primary, fallbacks }`).
  - Used by the shared image-generation capability and any future tool/plugin surface that generates images.
  - Typical values: `google/gemini-3.1-flash-image-preview` for native Gemini image generation, `fal/fal-ai/flux/dev` for fal, `openai/gpt-image-2` for OpenAI Images, or `openai/gpt-image-1.5` for transparent-background OpenAI PNG/WebP output.
--- a/Show More
+++ b/Show More