Docs: restore gateway security baseline and apply staged capability notes

Verified:
- pnpm build
- pnpm check
- pnpm test:macmini (fails in this environment at src/daemon/launchd.integration.test.ts beforeAll hook timeout; merged with Tak override)

Co-authored-by: rodrigouroz <384037+rodrigouroz@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>

.github/dependabot.yml

@@ -7,6 +7,7 @@ registries:
   npm-npmjs:
     type: npm-registry
     url: https://registry.npmjs.org
+    token: ${{secrets.NPM_NPMJS_TOKEN}}
     replaces-base: true
 
 updates:
@@ -14,9 +15,9 @@ updates:
   - package-ecosystem: npm
     directory: /
     schedule:
-      interval: weekly
+      interval: daily
     cooldown:
-      default-days: 7
+      default-days: 2
     groups:
       production:
         dependency-type: production
@@ -36,9 +37,9 @@ updates:
   - package-ecosystem: github-actions
     directory: /
     schedule:
-      interval: weekly
+      interval: daily
     cooldown:
-      default-days: 7
+      default-days: 2
     groups:
       actions:
         patterns:
@@ -52,9 +53,9 @@ updates:
   - package-ecosystem: swift
     directory: /apps/macos
     schedule:
-      interval: weekly
+      interval: daily
     cooldown:
-      default-days: 7
+      default-days: 2
     groups:
       swift-deps:
         patterns:
@@ -68,9 +69,9 @@ updates:
   - package-ecosystem: swift
     directory: /apps/shared/MoltbotKit
     schedule:
-      interval: weekly
+      interval: daily
     cooldown:
-      default-days: 7
+      default-days: 2
     groups:
       swift-deps:
         patterns:
@@ -84,9 +85,9 @@ updates:
   - package-ecosystem: swift
     directory: /Swabble
     schedule:
-      interval: weekly
+      interval: daily
     cooldown:
-      default-days: 7
+      default-days: 2
     groups:
       swift-deps:
         patterns:
@@ -100,9 +101,9 @@ updates:
   - package-ecosystem: gradle
     directory: /apps/android
     schedule:
-      interval: weekly
+      interval: daily
     cooldown:
-      default-days: 7
+      default-days: 2
     groups:
       android-deps:
         patterns:
@@ -118,7 +119,7 @@ updates:
     schedule:
       interval: weekly
     cooldown:
-      default-days: 7
+      default-days: 2
     groups:
       docker-images:
         patterns:

.github/workflows/ci.yml

@@ -404,6 +404,7 @@ jobs:
     needs: [docs-scope, changed-scope, build-artifacts, check]
     if: needs.docs-scope.outputs.docs_only != 'true' && (github.event_name == 'push' || needs.changed-scope.outputs.run_node == 'true')
     runs-on: blacksmith-16vcpu-windows-2025
+    timeout-minutes: 45
     env:
       NODE_OPTIONS: --max-old-space-size=4096
       # Keep total concurrency predictable on the 16 vCPU runner:

.github/workflows/install-smoke.yml

@@ -48,6 +48,11 @@ jobs:
       - name: Install pnpm deps (minimal)
         run: pnpm install --ignore-scripts --frozen-lockfile
 
+      - name: Run root Dockerfile CLI smoke
+        run: |
+          docker build -t openclaw-dockerfile-smoke:local -f Dockerfile .
+          docker run --rm --entrypoint sh openclaw-dockerfile-smoke:local -lc 'which openclaw && openclaw --version'
+
       - name: Run installer docker tests
         env:
           CLAWDBOT_INSTALL_URL: https://openclaw.ai/install.sh

CHANGELOG.md

@@ -2,6 +2,32 @@
 
 Docs: https://docs.openclaw.ai
 
+## 2026.2.27
+
+### Changes
+
+- Web UI/i18n: add German (`de`) locale support and auto-render language options from supported locale constants in Overview settings. (#28495) thanks @dsantoreis.
+- Discord/Thread bindings: replace fixed TTL lifecycle with inactivity (`idleHours`, default 24h) plus optional hard `maxAgeHours` lifecycle controls, and add `/session idle` + `/session max-age` commands for focused thread-bound sessions. (#27845) Thanks @osolmaz.
+- Android/Nodes: add `camera.list`, `device.permissions`, `device.health`, and `notifications.actions` (`open`/`dismiss`/`reply`) on Android nodes, plus first-class node-tool actions for the new device/notification commands. (#28260) Thanks @obviyus.
+- Android/Gateway capability refresh: add live Android capability integration coverage and node canvas capability refresh wiring, plus runtime hardening for A2UI readiness retries, scoped canvas URL normalization, debug diagnostics JSON, and JavaScript MIME delivery. (#28388) Thanks @obviyus.
+
+### Fixes
+
+- Telegram/Reply media context: include replied media files in inbound context when replying to media, defer reply-media downloads to debounce flush, gate reply-media fetch behind DM authorization, and preserve replied media when non-vision sticker fallback runs (including cached-sticker paths). (#28488) Thanks @obviyus.
+- Gateway/WS: close repeated post-handshake `unauthorized role:*` request floods per connection and sample duplicate rejection logs, preventing a single misbehaving client from degrading gateway responsiveness. (#20168) Thanks @acy103, @vibecodooor, and @vincentkoc.
+- Gateway/Auth: improve device-auth v2 migration diagnostics so operators get clearer guidance when legacy clients connect. (#28305) Thanks @vincentkoc.
+- CLI/Install: add an npm-link fallback to fix CLI startup `Permission denied` failures (`exit 127`) on affected installs. (#17151) Thanks @sskyu and @vincentkoc.
+- Agents/Ollama: demote empty-discovery logging from `warn` to `debug` to reduce noisy warnings in normal edge-case discovery flows. (#26379) Thanks @byungsker.
+- Install/npm: fix npm global install deprecation warnings. (#28318) Thanks @vincentkoc.
+- Android/Nodes reliability: reject `facing=both` when `deviceId` is set to avoid mislabeled duplicate captures, allow notification `open`/`reply` on non-clearable entries while still gating dismiss, trigger listener rebind before notification actions, and scale invoke-result ack timeout to invoke budget for large clip payloads. (#28260) Thanks @obviyus.
+- Android/Camera clip: remove `camera.clip` HTTP-upload fallback to base64 so clip transport is deterministic and fail-loud, and reject non-positive `maxWidth` values so invalid inputs fall back to the safe resize default. (#28229) Thanks @obviyus.
+- Android/Gateway canvas capability refresh: send `node.canvas.capability.refresh` with object `params` (`{}`) from Android node runtime so gateway object-schema validation accepts refresh retries and A2UI host recovery works after scoped capability expiry. (#28413) Thanks @obviyus.
+- Daemon/macOS TLS certs: default LaunchAgent service env `NODE_EXTRA_CA_CERTS` to `/etc/ssl/cert.pem` (while preserving explicit overrides) so HTTPS clients no longer fail with local-issuer errors under launchd. (#27915) Thanks @Lukavyi.
+- Update/Global npm: fallback to `--omit=optional` when global `npm update` fails so optional dependency install failures no longer abort update flows. (#24896) Thanks @xinhuagu and @vincentkoc.
+- Plugins/NPM spec install: fix npm-spec plugin installs when `npm pack` output is empty by detecting newly created `.tgz` archives in the pack directory. (#21039) Thanks @graysurf and @vincentkoc.
+- Plugins/Install: clear stale install errors when an npm package is not found so follow-up install attempts report current state correctly. (#25073) Thanks @dalefrieswthat.
+- OpenAI Responses/Compaction: rewrite and unify the OpenAI Responses store patches to treat empty `baseUrl` as non-direct, honor `compat.supportsStore=false`, and auto-inject server-side compaction `context_management` for compatible direct OpenAI models (with per-model opt-out/threshold overrides). Landed from contributor PRs #16930 (@OiPunk), #22441 (@EdwardWu7), and #25088 (@MoerAI). Thanks @OiPunk, @EdwardWu7, and @MoerAI.
+
 ## 2026.2.26
 
 ### Changes
@@ -89,6 +115,7 @@ Docs: https://docs.openclaw.ai
 - Security/Voice Call (Twilio): bind webhook replay + manager dedupe identity to authenticated request material, remove unsigned `i-twilio-idempotency-token` trust from replay/dedupe keys, and thread verified request identity through provider parse flow to harden cross-provider event dedupe. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting.
 - Security/Exec approvals forwarding: prefer turn-source channel/account/thread metadata when resolving approval delivery targets so stale session routes do not misroute approval prompts.
 - Security/Pairing multi-account isolation: enforce account-scoped pairing allowlists and pending-request storage across core + extension message channels while preserving channel-scoped defaults for the default account. This ships in the next npm release (`2026.2.26`). Thanks @tdjackey for reporting and @gumadeiras for implementation.
+- Memory/SQLite: deduplicate concurrent memory-manager initialization and auto-reopen stale SQLite handles after atomic reindex swaps, preventing repeated `attempt to write a readonly database` sync failures until gateway restart.
 - Config/Plugins entries: treat unknown `plugins.entries.*` ids as startup warnings (ignored stale keys) instead of hard validation failures that can crash-loop gateway boot. Landed from contributor PR #27506 by @Sid-Qin. (#27455)
 - Telegram native commands: degrade command registration on `BOT_COMMANDS_TOO_MUCH` by retrying with fewer commands instead of crash-looping startup sync. Landed from contributor PR #27512 by @Sid-Qin. (#27456)
 - Web tools/Proxy: route `web_search` provider HTTP calls (Brave, Perplexity, xAI, Gemini, Kimi), redirect resolution, and `web_fetch` through a shared proxy-aware SSRF guard path so gateway installs behind `HTTP_PROXY`/`HTTPS_PROXY`/`ALL_PROXY` no longer fail with transport `fetch failed` errors. (#27430) thanks @kevinWangSheng.
@@ -137,6 +164,7 @@ Docs: https://docs.openclaw.ai
 - Followups/Typing indicator: ensure followup turns mark dispatch idle on every exit path (including `NO_REPLY`, empty payloads, and agent errors) so typing keepalive cleanup always runs and channel typing indicators do not get stuck after queued/silent followups. (#26881) Thanks @codexGW.
 - Voice-call/TTS tools: hide the `tts` tool when the message provider is `voice`, preventing voice-call runs from selecting self-playback TTS and falling into silent no-output loops. (#27025)
 - Agents/Tools: normalize non-standard plugin tool results that omit `content` so embedded runs no longer crash with `Cannot read properties of undefined (reading 'filter')` after tool completion (including `tesseramemo_query`). (#27007)
+- Agents/Tool-call dispatch: trim whitespace-padded tool names in both transcript repair and live streamed embedded-runner responses so exact-match tool lookup no longer fails with `Tool ... not found` for model outputs like `" read "`. (#27094) Thanks @openperf and @Sid-Qin.
 - Cron/Model overrides: when isolated `payload.model` is no longer allowlisted, fall back to default model selection instead of failing the job, while still returning explicit errors for invalid model strings. (#26717) Thanks @Youyou972.
 - Agents/Model fallback: keep explicit text + image fallback chains reachable even when `agents.defaults.models` allowlists are present, prefer explicit run `agentId` over session-key parsing for followup fallback override resolution (with session-key fallback), treat agent-level fallback overrides as configured in embedded runner preflight, and classify `model_cooldown` / `cooling down` errors as `rate_limit` so failover continues. (#11972, #24137, #17231)
 - Agents/Model fallback: keep same-provider fallback chains active when session model differs from configured primary, infer cooldown reason from provider profile state (instead of `disabledReason` only), keep no-profile fallback providers eligible (env/models.json paths), and only relax same-provider cooldown fallback attempts for `rate_limit`. (#23816) thanks @ramezgaberiel.
@@ -278,6 +306,7 @@ Docs: https://docs.openclaw.ai
 - Exec approvals: treat bare allowlist `*` as a true wildcard for parsed executables, including unresolved PATH lookups, so global opt-in allowlists work as configured. (#25250) Thanks @widingmarcus-cyber.
 - Gateway/Auth: allow trusted-proxy authenticated Control UI websocket sessions to skip device pairing when device identity is absent, preventing false `pairing required` failures behind trusted reverse proxies. (#25428) Thanks @SidQin-cyber.
 - Agents/Tool dispatch: await block-reply flush before tool execution starts so buffered block replies preserve message ordering around tool calls. (#25427) Thanks @SidQin-cyber.
+- Agents/Compaction: harden summarization prompts to preserve opaque identifiers verbatim (UUIDs, IDs, tokens, host/IP/port, URLs), reducing post-compaction identifier drift and hallucinated identifier reconstruction.
 - iOS/Signing: improve `scripts/ios-team-id.sh` for Xcode 16+ by falling back to Xcode-managed provisioning profiles, add actionable guidance when an Apple account exists but no Team ID can be resolved, and ignore Xcode `xcodebuild` output directories (`apps/ios/build`, `apps/shared/OpenClawKit/build`, `Swabble/build`). (#22773) Thanks @brianleach.
 - macOS/Menu bar: stop reusing the injector delegate for the "Usage cost (30 days)" submenu to prevent recursive submenu injection loops when opening cost history. (#25341) Thanks @yingchunbai.
 - Control UI/Chat images: route image-click opens through a shared safe-open helper (allowing only safe URL schemes) and open new tabs with opener isolation to block tabnabbing. (#18685, #25444, #25847) Thanks @Mariana-Codebase and @shakkernerd.

CONTRIBUTING.md

@@ -58,6 +58,9 @@ Welcome to the lobster tank! 🦞
 
 - **Jonathan Taylor** - ACP subsystem, Gateway features/bugs, Gog/Mog/Sog CLI's, SEDMAT
   - Github [@visionik](https://github.com/visionik) · X: [@visionik](https://x.com/visionik)
+    
+- **Josh Lehman** - Compaction, Tlon/Urbit subsystem
+  - Github [@jalehman](https://github.com/jalehman) · X: [@jlehman_](https://x.com/jlehman_)
 
 ## How to Contribute
 

Dockerfile

@@ -51,6 +51,11 @@ RUN pnpm build
 ENV OPENCLAW_PREFER_PNPM=1
 RUN pnpm ui:build
 
+# Expose the CLI binary without requiring npm global writes as non-root.
+USER root
+RUN ln -sf /app/openclaw.mjs /usr/local/bin/openclaw \
+ && chmod 755 /app/openclaw.mjs
+
 ENV NODE_ENV=production
 
 # Security hardening: Run as non-root user

apps/android/README.md

@@ -150,6 +150,56 @@ More details: `docs/platforms/android.md`.
   - `CAMERA` for `camera.snap` and `camera.clip`
   - `RECORD_AUDIO` for `camera.clip` when `includeAudio=true`
 
+## Integration Capability Test (Preconditioned)
+
+This suite assumes setup is already done manually. It does **not** install/run/pair automatically.
+
+Pre-req checklist:
+
+1) Gateway is running and reachable from the Android app.
+2) Android app is connected to that gateway and `openclaw nodes status` shows it as paired + connected.
+3) App stays unlocked and in foreground for the whole run.
+4) Open the app **Screen** tab and keep it active during the run (canvas/A2UI commands require the canvas WebView attached there).
+5) Grant runtime permissions for capabilities you expect to pass (camera/mic/location/notification listener/location, etc.).
+6) No interactive system dialogs should be pending before test start.
+7) Canvas host is enabled and reachable from the device (do not run gateway with `OPENCLAW_SKIP_CANVAS_HOST=1`; startup logs should include `canvas host mounted at .../__openclaw__/`).
+8) Local operator test client pairing is approved. If first run fails with `pairing required`, approve latest pending device pairing request, then rerun:
+9) For A2UI checks, keep the app on **Screen** tab; the node now auto-refreshes canvas capability once on first A2UI reachability failure (TTL-safe retry).
+
+```bash
+openclaw devices list
+openclaw devices approve --latest
+```
+
+Run:
+
+```bash
+pnpm android:test:integration
+```
+
+Optional overrides:
+
+- `OPENCLAW_ANDROID_GATEWAY_URL=ws://...` (default: from your local OpenClaw config)
+- `OPENCLAW_ANDROID_GATEWAY_TOKEN=...`
+- `OPENCLAW_ANDROID_GATEWAY_PASSWORD=...`
+- `OPENCLAW_ANDROID_NODE_ID=...` or `OPENCLAW_ANDROID_NODE_NAME=...`
+
+What it does:
+
+- Reads `node.describe` command list from the selected Android node.
+- Invokes advertised non-interactive commands.
+- Skips `screen.record` in this suite (Android requires interactive per-invocation screen-capture consent).
+- Asserts command contracts (success or expected deterministic error for safe-invalid calls like `sms.send`, `notifications.actions`, `app.update`).
+
+Common failure quick-fixes:
+
+- `pairing required` before tests start:
+  - approve pending device pairing (`openclaw devices approve --latest`) and rerun.
+- `A2UI host not reachable` / `A2UI_HOST_NOT_CONFIGURED`:
+  - ensure gateway canvas host is running and reachable, keep the app on the **Screen** tab. The app will auto-refresh canvas capability once; if it still fails, reconnect app and rerun.
+- `NODE_BACKGROUND_UNAVAILABLE: canvas unavailable`:
+  - app is not effectively ready for canvas commands; keep app foregrounded and **Screen** tab active.
+
 ## Contributions
 
 This Android app is currently being rebuilt.

apps/android/app/build.gradle.kts

@@ -20,8 +20,8 @@ android {
     applicationId = "ai.openclaw.android"
     minSdk = 31
     targetSdk = 36
-    versionCode = 202602260
-    versionName = "2026.2.26"
+    versionCode = 202602270
+    versionName = "2026.2.27"
     ndk {
       // Support all major ABIs — native libs are tiny (~47 KB per ABI)
       abiFilters += listOf("armeabi-v7a", "arm64-v8a", "x86", "x86_64")

apps/android/app/src/main/java/ai/openclaw/android/NodeRuntime.kt

@@ -65,8 +65,6 @@ class NodeRuntime(context: Context) {
   private val cameraHandler: CameraHandler = CameraHandler(
     appContext = appContext,
     camera = camera,
-    prefs = prefs,
-    connectedEndpoint = { connectedEndpoint },
     externalAudioCaptureActive = externalAudioCaptureActive,
     showCameraHud = ::showCameraHud,
     triggerCameraFlash = ::triggerCameraFlash,
@@ -143,6 +141,7 @@ class NodeRuntime(context: Context) {
     locationEnabled = { locationMode.value != LocationMode.Off },
     smsAvailable = { sms.canSendSms() },
     debugBuild = { BuildConfig.DEBUG },
+    refreshNodeCanvasCapability = { nodeSession.refreshNodeCanvasCapability() },
     onCanvasA2uiPush = {
       _canvasA2uiHydrated.value = true
       _canvasRehydratePending.value = false

apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewaySession.kt

@@ -173,6 +173,47 @@ class GatewaySession(
     throw IllegalStateException("${err?.code ?: "UNAVAILABLE"}: ${err?.message ?: "request failed"}")
   }
 
+  suspend fun refreshNodeCanvasCapability(timeoutMs: Long = 8_000): Boolean {
+    val conn = currentConnection ?: return false
+    val response =
+      try {
+        conn.request(
+          "node.canvas.capability.refresh",
+          params = buildJsonObject {},
+          timeoutMs = timeoutMs,
+        )
+      } catch (err: Throwable) {
+        Log.w("OpenClawGateway", "node.canvas.capability.refresh failed: ${err.message ?: err::class.java.simpleName}")
+        return false
+      }
+    if (!response.ok) {
+      val err = response.error
+      Log.w(
+        "OpenClawGateway",
+        "node.canvas.capability.refresh rejected: ${err?.code ?: "UNAVAILABLE"}: ${err?.message ?: "request failed"}",
+      )
+      return false
+    }
+    val payloadObj = response.payloadJson?.let(::parseJsonOrNull)?.asObjectOrNull()
+    val refreshedCapability = payloadObj?.get("canvasCapability").asStringOrNull()?.trim().orEmpty()
+    if (refreshedCapability.isEmpty()) {
+      Log.w("OpenClawGateway", "node.canvas.capability.refresh missing canvasCapability")
+      return false
+    }
+    val scopedCanvasHostUrl = canvasHostUrl?.trim().orEmpty()
+    if (scopedCanvasHostUrl.isEmpty()) {
+      Log.w("OpenClawGateway", "node.canvas.capability.refresh missing local canvasHostUrl")
+      return false
+    }
+    val refreshedUrl = replaceCanvasCapabilityInScopedHostUrl(scopedCanvasHostUrl, refreshedCapability)
+    if (refreshedUrl == null) {
+      Log.w("OpenClawGateway", "node.canvas.capability.refresh unable to rewrite scoped canvas URL")
+      return false
+    }
+    canvasHostUrl = refreshedUrl
+    return true
+  }
+
   private data class RpcResponse(val id: String, val ok: Boolean, val payloadJson: String?, val error: ErrorShape?)
 
   private inner class Connection(
@@ -501,11 +542,16 @@ class GatewaySession(
           } catch (err: Throwable) {
             invokeErrorFromThrowable(err)
           }
-        sendInvokeResult(id, nodeId, result)
+        sendInvokeResult(id, nodeId, result, timeoutMs)
       }
     }
 
-    private suspend fun sendInvokeResult(id: String, nodeId: String, result: InvokeResult) {
+    private suspend fun sendInvokeResult(
+      id: String,
+      nodeId: String,
+      result: InvokeResult,
+      invokeTimeoutMs: Long?,
+    ) {
       val parsedPayload = result.payloadJson?.let { parseJsonOrNull(it) }
       val params =
         buildJsonObject {
@@ -527,10 +573,14 @@ class GatewaySession(
             )
           }
         }
+      val ackTimeoutMs = resolveInvokeResultAckTimeoutMs(invokeTimeoutMs)
       try {
-        request("node.invoke.result", params, timeoutMs = 15_000)
+        request("node.invoke.result", params, timeoutMs = ackTimeoutMs)
       } catch (err: Throwable) {
-        Log.w(loggerTag, "node.invoke.result failed: ${err.message ?: err::class.java.simpleName}")
+        Log.w(
+          loggerTag,
+          "node.invoke.result failed (ackTimeoutMs=$ackTimeoutMs): ${err.message ?: err::class.java.simpleName}",
+        )
       }
     }
 
@@ -687,3 +737,24 @@ private fun parseJsonOrNull(payload: String): JsonElement? {
     null
   }
 }
+
+internal fun replaceCanvasCapabilityInScopedHostUrl(
+  scopedUrl: String,
+  capability: String,
+): String? {
+  val marker = "/__openclaw__/cap/"
+  val markerStart = scopedUrl.indexOf(marker)
+  if (markerStart < 0) return null
+  val capabilityStart = markerStart + marker.length
+  val slashEnd = scopedUrl.indexOf("/", capabilityStart).takeIf { it >= 0 }
+  val queryEnd = scopedUrl.indexOf("?", capabilityStart).takeIf { it >= 0 }
+  val fragmentEnd = scopedUrl.indexOf("#", capabilityStart).takeIf { it >= 0 }
+  val capabilityEnd = listOfNotNull(slashEnd, queryEnd, fragmentEnd).minOrNull() ?: scopedUrl.length
+  if (capabilityEnd <= capabilityStart) return null
+  return scopedUrl.substring(0, capabilityStart) + capability + scopedUrl.substring(capabilityEnd)
+}
+
+internal fun resolveInvokeResultAckTimeoutMs(invokeTimeoutMs: Long?): Long {
+  val normalized = invokeTimeoutMs?.takeIf { it > 0L } ?: 15_000L
+  return normalized.coerceIn(15_000L, 120_000L)
+}

apps/android/app/src/main/java/ai/openclaw/android/node/CameraCaptureManager.kt

@@ -1,13 +1,16 @@
 package ai.openclaw.android.node
 
 import android.Manifest
-import android.content.Context
 import android.annotation.SuppressLint
+import android.content.Context
 import android.graphics.Bitmap
 import android.graphics.BitmapFactory
 import android.graphics.Matrix
-import android.util.Base64
 import android.content.pm.PackageManager
+import android.hardware.camera2.CameraCharacteristics
+import android.util.Base64
+import androidx.camera.camera2.interop.Camera2CameraInfo
+import androidx.camera.core.CameraInfo
 import androidx.exifinterface.media.ExifInterface
 import androidx.lifecycle.LifecycleOwner
 import androidx.camera.core.CameraSelector
@@ -30,6 +33,10 @@ import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.suspendCancellableCoroutine
 import kotlinx.coroutines.withTimeout
 import kotlinx.coroutines.withContext
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+import kotlinx.serialization.json.contentOrNull
 import java.io.ByteArrayOutputStream
 import java.io.File
 import java.util.concurrent.Executor
@@ -40,6 +47,12 @@ import kotlin.coroutines.resumeWithException
 class CameraCaptureManager(private val context: Context) {
   data class Payload(val payloadJson: String)
   data class FilePayload(val file: File, val durationMs: Long, val hasAudio: Boolean)
+  data class CameraDeviceInfo(
+    val id: String,
+    val name: String,
+    val position: String,
+    val deviceType: String,
+  )
 
   @Volatile private var lifecycleOwner: LifecycleOwner? = null
   @Volatile private var permissionRequester: PermissionRequester? = null
@@ -52,6 +65,14 @@ class CameraCaptureManager(private val context: Context) {
     permissionRequester = requester
   }
 
+  suspend fun listDevices(): List<CameraDeviceInfo> =
+    withContext(Dispatchers.Main) {
+      val provider = context.cameraProvider()
+      provider.availableCameraInfos
+        .mapNotNull { info -> cameraDeviceInfoOrNull(info) }
+        .sortedBy { it.id }
+    }
+
   private suspend fun ensureCameraPermission() {
     val granted = checkSelfPermission(context, Manifest.permission.CAMERA) == PackageManager.PERMISSION_GRANTED
     if (granted) return
@@ -80,14 +101,15 @@ class CameraCaptureManager(private val context: Context) {
     withContext(Dispatchers.Main) {
       ensureCameraPermission()
       val owner = lifecycleOwner ?: throw IllegalStateException("UNAVAILABLE: camera not ready")
-      val facing = parseFacing(paramsJson) ?: "front"
-      val quality = (parseQuality(paramsJson) ?: 0.95).coerceIn(0.1, 1.0)
-      val maxWidth = parseMaxWidth(paramsJson) ?: 1600
+      val params = parseParamsObject(paramsJson)
+      val facing = parseFacing(params) ?: "front"
+      val quality = (parseQuality(params) ?: 0.95).coerceIn(0.1, 1.0)
+      val maxWidth = parseMaxWidth(params) ?: 1600
+      val deviceId = parseDeviceId(params)
 
       val provider = context.cameraProvider()
       val capture = ImageCapture.Builder().build()
-      val selector =
-        if (facing == "front") CameraSelector.DEFAULT_FRONT_CAMERA else CameraSelector.DEFAULT_BACK_CAMERA
+      val selector = resolveCameraSelector(provider, facing, deviceId)
 
       provider.unbindAll()
       provider.bindToLifecycle(owner, selector, capture)
@@ -145,12 +167,14 @@ class CameraCaptureManager(private val context: Context) {
     withContext(Dispatchers.Main) {
       ensureCameraPermission()
       val owner = lifecycleOwner ?: throw IllegalStateException("UNAVAILABLE: camera not ready")
-      val facing = parseFacing(paramsJson) ?: "front"
-      val durationMs = (parseDurationMs(paramsJson) ?: 3_000).coerceIn(200, 60_000)
-      val includeAudio = parseIncludeAudio(paramsJson) ?: true
+      val params = parseParamsObject(paramsJson)
+      val facing = parseFacing(params) ?: "front"
+      val durationMs = (parseDurationMs(params) ?: 3_000).coerceIn(200, 60_000)
+      val includeAudio = parseIncludeAudio(params) ?: true
+      val deviceId = parseDeviceId(params)
       if (includeAudio) ensureMicPermission()
 
-      android.util.Log.w("CameraCaptureManager", "clip: start facing=$facing duration=$durationMs audio=$includeAudio")
+      android.util.Log.w("CameraCaptureManager", "clip: start facing=$facing duration=$durationMs audio=$includeAudio deviceId=${deviceId ?: "-"}")
 
       val provider = context.cameraProvider()
       android.util.Log.w("CameraCaptureManager", "clip: got camera provider")
@@ -162,8 +186,7 @@ class CameraCaptureManager(private val context: Context) {
         )
         .build()
       val videoCapture = VideoCapture.withOutput(recorder)
-      val selector =
-        if (facing == "front") CameraSelector.DEFAULT_FRONT_CAMERA else CameraSelector.DEFAULT_BACK_CAMERA
+      val selector = resolveCameraSelector(provider, facing, deviceId)
 
       // CameraX requires a Preview use case for the camera to start producing frames;
       // without it, the encoder may get no data (ERROR_NO_VALID_DATA).
@@ -270,49 +293,104 @@ class CameraCaptureManager(private val context: Context) {
     return rotated
   }
 
-  private fun parseFacing(paramsJson: String?): String? =
-    when {
-      paramsJson?.contains("\"front\"") == true -> "front"
-      paramsJson?.contains("\"back\"") == true -> "back"
-      else -> null
+  private fun parseParamsObject(paramsJson: String?): JsonObject? {
+    if (paramsJson.isNullOrBlank()) return null
+    return try {
+      Json.parseToJsonElement(paramsJson).asObjectOrNull()
+    } catch (_: Throwable) {
+      null
     }
+  }
 
-  private fun parseQuality(paramsJson: String?): Double? =
-    parseNumber(paramsJson, key = "quality")?.toDoubleOrNull()
+  private fun readPrimitive(params: JsonObject?, key: String): JsonPrimitive? =
+    params?.get(key) as? JsonPrimitive
 
-  private fun parseMaxWidth(paramsJson: String?): Int? =
-    parseNumber(paramsJson, key = "maxWidth")?.toIntOrNull()
-
-  private fun parseDurationMs(paramsJson: String?): Int? =
-    parseNumber(paramsJson, key = "durationMs")?.toIntOrNull()
-
-  private fun parseIncludeAudio(paramsJson: String?): Boolean? {
-    val raw = paramsJson ?: return null
-    val key = "\"includeAudio\""
-    val idx = raw.indexOf(key)
-    if (idx < 0) return null
-    val colon = raw.indexOf(':', idx + key.length)
-    if (colon < 0) return null
-    val tail = raw.substring(colon + 1).trimStart()
-    return when {
-      tail.startsWith("true") -> true
-      tail.startsWith("false") -> false
+  private fun parseFacing(params: JsonObject?): String? {
+    val value = readPrimitive(params, "facing")?.contentOrNull?.trim()?.lowercase() ?: return null
+    return when (value) {
+      "front", "back" -> value
       else -> null
     }
   }
 
-  private fun parseNumber(paramsJson: String?, key: String): String? {
-    val raw = paramsJson ?: return null
-    val needle = "\"$key\""
-    val idx = raw.indexOf(needle)
-    if (idx < 0) return null
-    val colon = raw.indexOf(':', idx + needle.length)
-    if (colon < 0) return null
-    val tail = raw.substring(colon + 1).trimStart()
-    return tail.takeWhile { it.isDigit() || it == '.' }
+  private fun parseQuality(params: JsonObject?): Double? =
+    readPrimitive(params, "quality")?.contentOrNull?.toDoubleOrNull()
+
+  private fun parseMaxWidth(params: JsonObject?): Int? =
+    readPrimitive(params, "maxWidth")
+      ?.contentOrNull
+      ?.toIntOrNull()
+      ?.takeIf { it > 0 }
+
+  private fun parseDurationMs(params: JsonObject?): Int? =
+    readPrimitive(params, "durationMs")?.contentOrNull?.toIntOrNull()
+
+  private fun parseDeviceId(params: JsonObject?): String? =
+    readPrimitive(params, "deviceId")
+      ?.contentOrNull
+      ?.trim()
+      ?.takeIf { it.isNotEmpty() }
+
+  private fun parseIncludeAudio(params: JsonObject?): Boolean? {
+    val value = readPrimitive(params, "includeAudio")?.contentOrNull?.trim()?.lowercase()
+    return when (value) {
+      "true" -> true
+      "false" -> false
+      else -> null
+    }
   }
 
   private fun Context.mainExecutor(): Executor = ContextCompat.getMainExecutor(this)
+
+  private fun resolveCameraSelector(
+    provider: ProcessCameraProvider,
+    facing: String,
+    deviceId: String?,
+  ): CameraSelector {
+    if (deviceId.isNullOrEmpty()) {
+      return if (facing == "front") CameraSelector.DEFAULT_FRONT_CAMERA else CameraSelector.DEFAULT_BACK_CAMERA
+    }
+    val availableIds = provider.availableCameraInfos.mapNotNull { cameraIdOrNull(it) }.toSet()
+    if (!availableIds.contains(deviceId)) {
+      throw IllegalStateException("INVALID_REQUEST: unknown camera deviceId '$deviceId'")
+    }
+    return CameraSelector.Builder()
+      .addCameraFilter { infos -> infos.filter { cameraIdOrNull(it) == deviceId } }
+      .build()
+  }
+
+  private fun cameraDeviceInfoOrNull(info: CameraInfo): CameraDeviceInfo? {
+    val cameraId = cameraIdOrNull(info) ?: return null
+    val lensFacing =
+      runCatching {
+        Camera2CameraInfo.from(info).getCameraCharacteristic(CameraCharacteristics.LENS_FACING)
+      }.getOrNull()
+    val position =
+      when (lensFacing) {
+        CameraCharacteristics.LENS_FACING_FRONT -> "front"
+        CameraCharacteristics.LENS_FACING_BACK -> "back"
+        CameraCharacteristics.LENS_FACING_EXTERNAL -> "external"
+        else -> "unspecified"
+      }
+    val deviceType =
+      if (lensFacing == CameraCharacteristics.LENS_FACING_EXTERNAL) "external" else "builtIn"
+    val name =
+      when (position) {
+        "front" -> "Front Camera"
+        "back" -> "Back Camera"
+        "external" -> "External Camera"
+        else -> "Camera $cameraId"
+      }
+    return CameraDeviceInfo(
+      id = cameraId,
+      name = name,
+      position = position,
+      deviceType = deviceType,
+    )
+  }
+
+  private fun cameraIdOrNull(info: CameraInfo): String? =
+    runCatching { Camera2CameraInfo.from(info).cameraId }.getOrNull()
 }
 
 private suspend fun Context.cameraProvider(): ProcessCameraProvider =

apps/android/app/src/main/java/ai/openclaw/android/node/CameraHandler.kt

@@ -3,25 +3,57 @@ package ai.openclaw.android.node
 import android.content.Context
 import ai.openclaw.android.CameraHudKind
 import ai.openclaw.android.BuildConfig
-import ai.openclaw.android.SecurePrefs
-import ai.openclaw.android.gateway.GatewayEndpoint
 import ai.openclaw.android.gateway.GatewaySession
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.withContext
-import okhttp3.MediaType.Companion.toMediaType
-import okhttp3.RequestBody.Companion.asRequestBody
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonPrimitive
+import kotlinx.serialization.json.buildJsonArray
+import kotlinx.serialization.json.buildJsonObject
+import kotlinx.serialization.json.contentOrNull
+import kotlinx.serialization.json.put
+
+internal const val CAMERA_CLIP_MAX_RAW_BYTES: Long = 18L * 1024L * 1024L
+
+internal fun isCameraClipWithinPayloadLimit(rawBytes: Long): Boolean =
+  rawBytes in 0L..CAMERA_CLIP_MAX_RAW_BYTES
 
 class CameraHandler(
   private val appContext: Context,
   private val camera: CameraCaptureManager,
-  private val prefs: SecurePrefs,
-  private val connectedEndpoint: () -> GatewayEndpoint?,
   private val externalAudioCaptureActive: MutableStateFlow<Boolean>,
   private val showCameraHud: (message: String, kind: CameraHudKind, autoHideMs: Long?) -> Unit,
   private val triggerCameraFlash: () -> Unit,
   private val invokeErrorFromThrowable: (err: Throwable) -> Pair<String, String>,
 ) {
+  suspend fun handleList(_paramsJson: String?): GatewaySession.InvokeResult {
+    return try {
+      val devices = camera.listDevices()
+      val payload =
+        buildJsonObject {
+          put(
+            "devices",
+            buildJsonArray {
+              devices.forEach { device ->
+                add(
+                  buildJsonObject {
+                    put("id", JsonPrimitive(device.id))
+                    put("name", JsonPrimitive(device.name))
+                    put("position", JsonPrimitive(device.position))
+                    put("deviceType", JsonPrimitive(device.deviceType))
+                  },
+                )
+              }
+            },
+          )
+        }.toString()
+      GatewaySession.InvokeResult.ok(payload)
+    } catch (err: Throwable) {
+      val (code, message) = invokeErrorFromThrowable(err)
+      GatewaySession.InvokeResult.error(code = code, message = message)
+    }
+  }
 
   suspend fun handleSnap(paramsJson: String?): GatewaySession.InvokeResult {
     val logFile = if (BuildConfig.DEBUG) java.io.File(appContext.cacheDir, "camera_debug.log") else null
@@ -69,7 +101,7 @@ class CameraHandler(
       clipLogFile?.appendText("[CLIP $ts] $msg\n")
       android.util.Log.w("openclaw", "camera.clip: $msg")
     }
-    val includeAudio = paramsJson?.contains("\"includeAudio\":true") != false
+    val includeAudio = parseIncludeAudio(paramsJson) ?: true
     if (includeAudio) externalAudioCaptureActive.value = true
     try {
       clipLogFile?.writeText("") // clear
@@ -89,62 +121,28 @@ class CameraHandler(
           showCameraHud(message, CameraHudKind.Error, 2400)
           return GatewaySession.InvokeResult.error(code = code, message = message)
         }
-      // Upload file via HTTP instead of base64 through WebSocket
-      clipLog("uploading via HTTP...")
-      val uploadUrl = try {
-        withContext(Dispatchers.IO) {
-          val ep = connectedEndpoint()
-          val gatewayHost = if (ep != null) {
-            val isHttps = ep.tlsEnabled || ep.port == 443
-            if (!isHttps) {
-              clipLog("refusing to upload over plain HTTP — bearer token would be exposed; falling back to base64")
-              throw Exception("HTTPS required for upload (bearer token protection)")
-            }
-            if (ep.port == 443) "https://${ep.host}" else "https://${ep.host}:${ep.port}"
-          } else {
-            clipLog("error: no gateway endpoint connected, cannot upload")
-            throw Exception("no gateway endpoint connected")
-          }
-          val token = prefs.loadGatewayToken() ?: ""
-          val client = okhttp3.OkHttpClient.Builder()
-            .connectTimeout(10, java.util.concurrent.TimeUnit.SECONDS)
-            .writeTimeout(120, java.util.concurrent.TimeUnit.SECONDS)
-            .readTimeout(30, java.util.concurrent.TimeUnit.SECONDS)
-            .build()
-          val body = filePayload.file.asRequestBody("video/mp4".toMediaType())
-          val req = okhttp3.Request.Builder()
-            .url("$gatewayHost/upload/clip.mp4")
-            .put(body)
-            .header("Authorization", "Bearer $token")
-            .build()
-          clipLog("uploading ${filePayload.file.length()} bytes to $gatewayHost/upload/clip.mp4")
-          val resp = client.newCall(req).execute()
-          val respBody = resp.body?.string() ?: ""
-          clipLog("upload response: ${resp.code} $respBody")
-          filePayload.file.delete()
-          if (!resp.isSuccessful) throw Exception("upload failed: HTTP ${resp.code}")
-          // Parse URL from response
-          val urlMatch = Regex("\"url\":\"([^\"]+)\"").find(respBody)
-          urlMatch?.groupValues?.get(1) ?: throw Exception("no url in response: $respBody")
-        }
-      } catch (err: Throwable) {
-        clipLog("upload failed: ${err.message}, falling back to base64")
-        // Fallback to base64 if upload fails
-        val bytes = withContext(Dispatchers.IO) {
-          val b = filePayload.file.readBytes()
-          filePayload.file.delete()
-          b
-        }
-        val base64 = android.util.Base64.encodeToString(bytes, android.util.Base64.NO_WRAP)
-        showCameraHud("Clip captured", CameraHudKind.Success, 1800)
-        return GatewaySession.InvokeResult.ok(
-          """{"format":"mp4","base64":"$base64","durationMs":${filePayload.durationMs},"hasAudio":${filePayload.hasAudio}}"""
+      val rawBytes = filePayload.file.length()
+      if (!isCameraClipWithinPayloadLimit(rawBytes)) {
+        clipLog("payload too large: bytes=$rawBytes max=$CAMERA_CLIP_MAX_RAW_BYTES")
+        withContext(Dispatchers.IO) { filePayload.file.delete() }
+        showCameraHud("Clip too large", CameraHudKind.Error, 2400)
+        return GatewaySession.InvokeResult.error(
+          code = "PAYLOAD_TOO_LARGE",
+          message =
+            "PAYLOAD_TOO_LARGE: camera clip is $rawBytes bytes; max is $CAMERA_CLIP_MAX_RAW_BYTES bytes. Reduce durationMs and retry.",
         )
       }
-      clipLog("returning URL result: $uploadUrl")
+
+      val bytes = withContext(Dispatchers.IO) {
+        val b = filePayload.file.readBytes()
+        filePayload.file.delete()
+        b
+      }
+      val base64 = android.util.Base64.encodeToString(bytes, android.util.Base64.NO_WRAP)
+      clipLog("returning base64 payload")
       showCameraHud("Clip captured", CameraHudKind.Success, 1800)
       return GatewaySession.InvokeResult.ok(
-        """{"format":"mp4","url":"$uploadUrl","durationMs":${filePayload.durationMs},"hasAudio":${filePayload.hasAudio}}"""
+        """{"format":"mp4","base64":"$base64","durationMs":${filePayload.durationMs},"hasAudio":${filePayload.hasAudio}}"""
       )
     } catch (err: Throwable) {
       clipLog("outer error: ${err::class.java.simpleName}: ${err.message}")
@@ -154,4 +152,24 @@ class CameraHandler(
       if (includeAudio) externalAudioCaptureActive.value = false
     }
   }
+
+  private fun parseIncludeAudio(paramsJson: String?): Boolean? {
+    if (paramsJson.isNullOrBlank()) return null
+    val root =
+      try {
+        Json.parseToJsonElement(paramsJson).asObjectOrNull()
+      } catch (_: Throwable) {
+        null
+      } ?: return null
+    val value =
+      (root["includeAudio"] as? JsonPrimitive)
+        ?.contentOrNull
+        ?.trim()
+        ?.lowercase()
+    return when (value) {
+      "true" -> true
+      "false" -> false
+      else -> null
+    }
+  }
 }

apps/android/app/src/main/java/ai/openclaw/android/node/DebugHandler.kt

@@ -62,7 +62,8 @@ class DebugHandler(
         results.add("Signature.Ed25519: FAILED - ${e.javaClass.simpleName}: ${e.message}")
       }
 
-      return GatewaySession.InvokeResult.ok("""{"diagnostics":"${results.joinToString("\\n").replace("\"", "\\\"")}"}"""")
+      val diagnostics = results.joinToString("\n")
+      return GatewaySession.InvokeResult.ok("""{"diagnostics":${JsonPrimitive(diagnostics)}}""")
     } catch (e: Throwable) {
       return GatewaySession.InvokeResult.error(code = "ED25519_TEST_FAILED", message = "${e.javaClass.simpleName}: ${e.message}\n${e.stackTraceToString().take(500)}")
     }

apps/android/app/src/main/java/ai/openclaw/android/node/DeviceHandler.kt

@@ -1,8 +1,11 @@
 package ai.openclaw.android.node
 
+import android.Manifest
+import android.app.ActivityManager
 import android.content.Context
 import android.content.Intent
 import android.content.IntentFilter
+import android.content.pm.PackageManager
 import android.net.ConnectivityManager
 import android.net.NetworkCapabilities
 import android.os.BatteryManager
@@ -11,6 +14,7 @@ import android.os.Environment
 import android.os.PowerManager
 import android.os.StatFs
 import android.os.SystemClock
+import androidx.core.content.ContextCompat
 import ai.openclaw.android.BuildConfig
 import ai.openclaw.android.gateway.GatewaySession
 import java.util.Locale
@@ -22,6 +26,13 @@ import kotlinx.serialization.json.put
 class DeviceHandler(
   private val appContext: Context,
 ) {
+  private data class BatterySnapshot(
+    val status: Int,
+    val plugged: Int,
+    val levelFraction: Double?,
+    val temperatureC: Double?,
+  )
+
   fun handleDeviceStatus(_paramsJson: String?): GatewaySession.InvokeResult {
     return GatewaySession.InvokeResult.ok(statusPayloadJson())
   }
@@ -30,12 +41,16 @@ class DeviceHandler(
     return GatewaySession.InvokeResult.ok(infoPayloadJson())
   }
 
+  fun handleDevicePermissions(_paramsJson: String?): GatewaySession.InvokeResult {
+    return GatewaySession.InvokeResult.ok(permissionsPayloadJson())
+  }
+
+  fun handleDeviceHealth(_paramsJson: String?): GatewaySession.InvokeResult {
+    return GatewaySession.InvokeResult.ok(healthPayloadJson())
+  }
+
   private fun statusPayloadJson(): String {
-    val batteryIntent = appContext.registerReceiver(null, IntentFilter(Intent.ACTION_BATTERY_CHANGED))
-    val batteryStatus =
-      batteryIntent?.getIntExtra(BatteryManager.EXTRA_STATUS, BatteryManager.BATTERY_STATUS_UNKNOWN)
-        ?: BatteryManager.BATTERY_STATUS_UNKNOWN
-    val batteryLevel = batteryLevelFraction(batteryIntent)
+    val battery = readBatterySnapshot()
     val powerManager = appContext.getSystemService(PowerManager::class.java)
     val storage = StatFs(Environment.getDataDirectory().absolutePath)
     val totalBytes = storage.totalBytes
@@ -50,8 +65,8 @@ class DeviceHandler(
       put(
         "battery",
         buildJsonObject {
-          batteryLevel?.let { put("level", JsonPrimitive(it)) }
-          put("state", JsonPrimitive(mapBatteryState(batteryStatus)))
+          battery.levelFraction?.let { put("level", JsonPrimitive(it)) }
+          put("state", JsonPrimitive(mapBatteryState(battery.status)))
           put("lowPowerModeEnabled", JsonPrimitive(powerManager?.isPowerSaveMode == true))
         },
       )
@@ -112,6 +127,151 @@ class DeviceHandler(
     }.toString()
   }
 
+  private fun permissionsPayloadJson(): String {
+    val canSendSms = appContext.packageManager.hasSystemFeature(PackageManager.FEATURE_TELEPHONY)
+    val notificationAccess = DeviceNotificationListenerService.isAccessEnabled(appContext)
+    return buildJsonObject {
+      put(
+        "permissions",
+        buildJsonObject {
+          put(
+            "camera",
+            permissionStateJson(
+              granted = hasPermission(Manifest.permission.CAMERA),
+              promptableWhenDenied = true,
+            ),
+          )
+          put(
+            "microphone",
+            permissionStateJson(
+              granted = hasPermission(Manifest.permission.RECORD_AUDIO),
+              promptableWhenDenied = true,
+            ),
+          )
+          put(
+            "location",
+            permissionStateJson(
+              granted =
+                hasPermission(Manifest.permission.ACCESS_FINE_LOCATION) ||
+                  hasPermission(Manifest.permission.ACCESS_COARSE_LOCATION),
+              promptableWhenDenied = true,
+            ),
+          )
+          put(
+            "backgroundLocation",
+            permissionStateJson(
+              granted = hasPermission(Manifest.permission.ACCESS_BACKGROUND_LOCATION),
+              promptableWhenDenied = true,
+            ),
+          )
+          put(
+            "sms",
+            permissionStateJson(
+              granted = hasPermission(Manifest.permission.SEND_SMS) && canSendSms,
+              promptableWhenDenied = canSendSms,
+            ),
+          )
+          put(
+            "notificationListener",
+            permissionStateJson(
+              granted = notificationAccess,
+              promptableWhenDenied = true,
+            ),
+          )
+          // Screen capture on Android is interactive per-capture consent, not a sticky app permission.
+          put(
+            "screenCapture",
+            permissionStateJson(
+              granted = false,
+              promptableWhenDenied = true,
+            ),
+          )
+        },
+      )
+    }.toString()
+  }
+
+  private fun healthPayloadJson(): String {
+    val battery = readBatterySnapshot()
+    val batteryManager = appContext.getSystemService(BatteryManager::class.java)
+    val currentNowUa = batteryManager?.getLongProperty(BatteryManager.BATTERY_PROPERTY_CURRENT_NOW)
+    val currentNowMa =
+      if (currentNowUa == null || currentNowUa == Long.MIN_VALUE) {
+        null
+      } else {
+        currentNowUa.toDouble() / 1_000.0
+      }
+
+    val powerManager = appContext.getSystemService(PowerManager::class.java)
+    val activityManager = appContext.getSystemService(ActivityManager::class.java)
+    val memoryInfo = ActivityManager.MemoryInfo()
+    activityManager?.getMemoryInfo(memoryInfo)
+    val totalRamBytes = memoryInfo.totalMem.coerceAtLeast(0L)
+    val availableRamBytes = memoryInfo.availMem.coerceAtLeast(0L)
+    val usedRamBytes = (totalRamBytes - availableRamBytes).coerceAtLeast(0L)
+    val lowMemory = memoryInfo.lowMemory
+    val memoryPressure = mapMemoryPressure(totalRamBytes, availableRamBytes, lowMemory)
+
+    return buildJsonObject {
+      put(
+        "memory",
+        buildJsonObject {
+          put("pressure", JsonPrimitive(memoryPressure))
+          put("totalRamBytes", JsonPrimitive(totalRamBytes))
+          put("availableRamBytes", JsonPrimitive(availableRamBytes))
+          put("usedRamBytes", JsonPrimitive(usedRamBytes))
+          put("thresholdBytes", JsonPrimitive(memoryInfo.threshold.coerceAtLeast(0L)))
+          put("lowMemory", JsonPrimitive(lowMemory))
+        },
+      )
+      put(
+        "battery",
+        buildJsonObject {
+          put("state", JsonPrimitive(mapBatteryState(battery.status)))
+          put("chargingType", JsonPrimitive(mapChargingType(battery.plugged)))
+          battery.temperatureC?.let { put("temperatureC", JsonPrimitive(it)) }
+          currentNowMa?.let { put("currentMa", JsonPrimitive(it)) }
+        },
+      )
+      put(
+        "power",
+        buildJsonObject {
+          put("dozeModeEnabled", JsonPrimitive(powerManager?.isDeviceIdleMode == true))
+          put("lowPowerModeEnabled", JsonPrimitive(powerManager?.isPowerSaveMode == true))
+        },
+      )
+      put(
+        "system",
+        buildJsonObject {
+          Build.VERSION.SECURITY_PATCH
+            ?.trim()
+            ?.takeIf { it.isNotEmpty() }
+            ?.let { put("securityPatchLevel", JsonPrimitive(it)) }
+        },
+      )
+    }.toString()
+  }
+
+  private fun readBatterySnapshot(): BatterySnapshot {
+    val intent = appContext.registerReceiver(null, IntentFilter(Intent.ACTION_BATTERY_CHANGED))
+    val status =
+      intent?.getIntExtra(BatteryManager.EXTRA_STATUS, BatteryManager.BATTERY_STATUS_UNKNOWN)
+        ?: BatteryManager.BATTERY_STATUS_UNKNOWN
+    val plugged = intent?.getIntExtra(BatteryManager.EXTRA_PLUGGED, 0) ?: 0
+    val temperatureC =
+      intent
+        ?.getIntExtra(BatteryManager.EXTRA_TEMPERATURE, Int.MIN_VALUE)
+        ?.takeIf { it != Int.MIN_VALUE }
+        ?.toDouble()
+        ?.div(10.0)
+    return BatterySnapshot(
+      status = status,
+      plugged = plugged,
+      levelFraction = batteryLevelFraction(intent),
+      temperatureC = temperatureC,
+    )
+  }
+
   private fun batteryLevelFraction(intent: Intent?): Double? {
     val rawLevel = intent?.getIntExtra(BatteryManager.EXTRA_LEVEL, -1) ?: -1
     val rawScale = intent?.getIntExtra(BatteryManager.EXTRA_SCALE, -1) ?: -1
@@ -128,6 +288,16 @@ class DeviceHandler(
     }
   }
 
+  private fun mapChargingType(plugged: Int): String {
+    return when (plugged) {
+      BatteryManager.BATTERY_PLUGGED_AC -> "ac"
+      BatteryManager.BATTERY_PLUGGED_USB -> "usb"
+      BatteryManager.BATTERY_PLUGGED_WIRELESS -> "wireless"
+      BatteryManager.BATTERY_PLUGGED_DOCK -> "dock"
+      else -> "none"
+    }
+  }
+
   private fun mapThermalState(powerManager: PowerManager?): String {
     val thermal = powerManager?.currentThermalStatus ?: return "nominal"
     return when (thermal) {
@@ -150,6 +320,30 @@ class DeviceHandler(
     }
   }
 
+  private fun permissionStateJson(granted: Boolean, promptableWhenDenied: Boolean) =
+    buildJsonObject {
+      put("status", JsonPrimitive(if (granted) "granted" else "denied"))
+      put("promptable", JsonPrimitive(!granted && promptableWhenDenied))
+    }
+
+  private fun hasPermission(permission: String): Boolean {
+    return (
+      ContextCompat.checkSelfPermission(appContext, permission) == PackageManager.PERMISSION_GRANTED
+      )
+  }
+
+  private fun mapMemoryPressure(totalBytes: Long, availableBytes: Long, lowMemory: Boolean): String {
+    if (totalBytes <= 0L) return if (lowMemory) "critical" else "unknown"
+    if (lowMemory) return "critical"
+    val freeRatio = availableBytes.toDouble() / totalBytes.toDouble()
+    return when {
+      freeRatio <= 0.05 -> "critical"
+      freeRatio <= 0.15 -> "high"
+      freeRatio <= 0.30 -> "moderate"
+      else -> "normal"
+    }
+  }
+
   private fun networkInterfacesJson(caps: NetworkCapabilities?) =
     buildJsonArray {
       if (caps == null) return@buildJsonArray

apps/android/app/src/main/java/ai/openclaw/android/node/DeviceNotificationListenerService.kt

@@ -2,8 +2,10 @@ package ai.openclaw.android.node
 
 import android.app.Notification
 import android.app.NotificationManager
+import android.app.RemoteInput
 import android.content.ComponentName
 import android.content.Context
+import android.content.Intent
 import android.os.Build
 import android.service.notification.NotificationListenerService
 import android.service.notification.StatusBarNotification
@@ -34,6 +36,28 @@ data class DeviceNotificationSnapshot(
   val notifications: List<DeviceNotificationEntry>,
 )
 
+enum class NotificationActionKind {
+  Open,
+  Dismiss,
+  Reply,
+}
+
+data class NotificationActionRequest(
+  val key: String,
+  val kind: NotificationActionKind,
+  val replyText: String? = null,
+)
+
+data class NotificationActionResult(
+  val ok: Boolean,
+  val code: String? = null,
+  val message: String? = null,
+)
+
+internal fun actionRequiresClearableNotification(kind: NotificationActionKind): Boolean {
+  return kind == NotificationActionKind.Dismiss
+}
+
 private object DeviceNotificationStore {
   private val lock = Any()
   private var connected = false
@@ -85,15 +109,26 @@ private object DeviceNotificationStore {
 class DeviceNotificationListenerService : NotificationListenerService() {
   override fun onListenerConnected() {
     super.onListenerConnected()
+    activeService = this
     DeviceNotificationStore.setConnected(true)
     refreshActiveNotifications()
   }
 
   override fun onListenerDisconnected() {
+    if (activeService === this) {
+      activeService = null
+    }
     DeviceNotificationStore.setConnected(false)
     super.onListenerDisconnected()
   }
 
+  override fun onDestroy() {
+    if (activeService === this) {
+      activeService = null
+    }
+    super.onDestroy()
+  }
+
   override fun onNotificationPosted(sbn: StatusBarNotification?) {
     super.onNotificationPosted(sbn)
     val entry = sbn?.toEntry() ?: return
@@ -139,6 +174,8 @@ class DeviceNotificationListenerService : NotificationListenerService() {
   }
 
   companion object {
+    @Volatile private var activeService: DeviceNotificationListenerService? = null
+
     private fun serviceComponent(context: Context): ComponentName {
       return ComponentName(context, DeviceNotificationListenerService::class.java)
     }
@@ -160,5 +197,119 @@ class DeviceNotificationListenerService : NotificationListenerService() {
         NotificationListenerService.requestRebind(serviceComponent(context))
       }
     }
+
+    fun executeAction(context: Context, request: NotificationActionRequest): NotificationActionResult {
+      if (!isAccessEnabled(context)) {
+        return NotificationActionResult(
+          ok = false,
+          code = "NOTIFICATIONS_DISABLED",
+          message = "NOTIFICATIONS_DISABLED: enable notification access in system Settings",
+        )
+      }
+      val service = activeService
+        ?: return NotificationActionResult(
+          ok = false,
+          code = "NOTIFICATIONS_UNAVAILABLE",
+          message = "NOTIFICATIONS_UNAVAILABLE: notification listener not connected",
+        )
+      return service.executeActionInternal(request)
+    }
+  }
+
+  private fun executeActionInternal(request: NotificationActionRequest): NotificationActionResult {
+    val sbn =
+      activeNotifications
+        ?.firstOrNull { it.key == request.key }
+        ?: return NotificationActionResult(
+          ok = false,
+          code = "NOTIFICATION_NOT_FOUND",
+          message = "NOTIFICATION_NOT_FOUND: notification key not found",
+        )
+    if (actionRequiresClearableNotification(request.kind) && !sbn.isClearable) {
+      return NotificationActionResult(
+        ok = false,
+        code = "NOTIFICATION_NOT_CLEARABLE",
+        message = "NOTIFICATION_NOT_CLEARABLE: notification is ongoing or protected",
+      )
+    }
+
+    return when (request.kind) {
+      NotificationActionKind.Open -> {
+        val pendingIntent = sbn.notification.contentIntent
+          ?: return NotificationActionResult(
+            ok = false,
+            code = "ACTION_UNAVAILABLE",
+            message = "ACTION_UNAVAILABLE: notification has no open action",
+          )
+        runCatching {
+          pendingIntent.send()
+        }.fold(
+          onSuccess = { NotificationActionResult(ok = true) },
+          onFailure = { err ->
+            NotificationActionResult(
+              ok = false,
+              code = "ACTION_FAILED",
+              message = "ACTION_FAILED: ${err.message ?: "open failed"}",
+            )
+          },
+        )
+      }
+
+      NotificationActionKind.Dismiss -> {
+        runCatching {
+          cancelNotification(sbn.key)
+          DeviceNotificationStore.remove(sbn.key)
+        }.fold(
+          onSuccess = { NotificationActionResult(ok = true) },
+          onFailure = { err ->
+            NotificationActionResult(
+              ok = false,
+              code = "ACTION_FAILED",
+              message = "ACTION_FAILED: ${err.message ?: "dismiss failed"}",
+            )
+          },
+        )
+      }
+
+      NotificationActionKind.Reply -> {
+        val replyText = request.replyText?.trim().orEmpty()
+        if (replyText.isEmpty()) {
+          return NotificationActionResult(
+            ok = false,
+            code = "INVALID_REQUEST",
+            message = "INVALID_REQUEST: replyText required for reply action",
+          )
+        }
+        val action =
+          sbn.notification.actions
+            ?.firstOrNull { candidate ->
+              candidate.actionIntent != null && !candidate.remoteInputs.isNullOrEmpty()
+            }
+            ?: return NotificationActionResult(
+              ok = false,
+              code = "ACTION_UNAVAILABLE",
+              message = "ACTION_UNAVAILABLE: notification has no reply action",
+            )
+        val remoteInputs = action.remoteInputs ?: emptyArray()
+        val fillInIntent = Intent()
+        val replyBundle = android.os.Bundle()
+        for (remoteInput in remoteInputs) {
+          replyBundle.putCharSequence(remoteInput.resultKey, replyText)
+        }
+        RemoteInput.addResultsToIntent(remoteInputs, fillInIntent, replyBundle)
+        runCatching {
+          action.actionIntent.send(this, 0, fillInIntent)
+        }.fold(
+          onSuccess = { NotificationActionResult(ok = true) },
+          onFailure = { err ->
+            NotificationActionResult(
+              ok = false,
+              code = "ACTION_FAILED",
+              message = "ACTION_FAILED: ${err.message ?: "reply failed"}",
+            )
+          },
+        )
+      }
+    }
   }
 }

apps/android/app/src/main/java/ai/openclaw/android/node/InvokeCommandRegistry.kt

@@ -62,6 +62,11 @@ object InvokeCommandRegistry {
         name = OpenClawScreenCommand.Record.rawValue,
         requiresForeground = true,
       ),
+      InvokeCommandSpec(
+        name = OpenClawCameraCommand.List.rawValue,
+        requiresForeground = true,
+        availability = InvokeCommandAvailability.CameraEnabled,
+      ),
       InvokeCommandSpec(
         name = OpenClawCameraCommand.Snap.rawValue,
         requiresForeground = true,
@@ -82,9 +87,18 @@ object InvokeCommandRegistry {
       InvokeCommandSpec(
         name = OpenClawDeviceCommand.Info.rawValue,
       ),
+      InvokeCommandSpec(
+        name = OpenClawDeviceCommand.Permissions.rawValue,
+      ),
+      InvokeCommandSpec(
+        name = OpenClawDeviceCommand.Health.rawValue,
+      ),
       InvokeCommandSpec(
         name = OpenClawNotificationsCommand.List.rawValue,
       ),
+      InvokeCommandSpec(
+        name = OpenClawNotificationsCommand.Actions.rawValue,
+      ),
       InvokeCommandSpec(
         name = OpenClawSmsCommand.Send.rawValue,
         availability = InvokeCommandAvailability.SmsAvailable,

apps/android/app/src/main/java/ai/openclaw/android/node/InvokeDispatcher.kt

@@ -26,6 +26,7 @@ class InvokeDispatcher(
   private val locationEnabled: () -> Boolean,
   private val smsAvailable: () -> Boolean,
   private val debugBuild: () -> Boolean,
+  private val refreshNodeCanvasCapability: suspend () -> Boolean,
   private val onCanvasA2uiPush: () -> Unit,
   private val onCanvasA2uiReset: () -> Unit,
 ) {
@@ -112,6 +113,7 @@ class InvokeDispatcher(
       }
 
       // Camera commands
+      OpenClawCameraCommand.List.rawValue -> cameraHandler.handleList(paramsJson)
       OpenClawCameraCommand.Snap.rawValue -> cameraHandler.handleSnap(paramsJson)
       OpenClawCameraCommand.Clip.rawValue -> cameraHandler.handleClip(paramsJson)
 
@@ -121,9 +123,12 @@ class InvokeDispatcher(
       // Device commands
       OpenClawDeviceCommand.Status.rawValue -> deviceHandler.handleDeviceStatus(paramsJson)
       OpenClawDeviceCommand.Info.rawValue -> deviceHandler.handleDeviceInfo(paramsJson)
+      OpenClawDeviceCommand.Permissions.rawValue -> deviceHandler.handleDevicePermissions(paramsJson)
+      OpenClawDeviceCommand.Health.rawValue -> deviceHandler.handleDeviceHealth(paramsJson)
 
       // Notifications command
       OpenClawNotificationsCommand.List.rawValue -> notificationsHandler.handleNotificationsList(paramsJson)
+      OpenClawNotificationsCommand.Actions.rawValue -> notificationsHandler.handleNotificationsActions(paramsJson)
 
       // Screen command
       OpenClawScreenCommand.Record.rawValue -> screenHandler.handleScreenRecord(paramsJson)
@@ -145,17 +150,30 @@ class InvokeDispatcher(
   private suspend fun withReadyA2ui(
     block: suspend () -> GatewaySession.InvokeResult,
   ): GatewaySession.InvokeResult {
-    val a2uiUrl = a2uiHandler.resolveA2uiHostUrl()
+    var a2uiUrl = a2uiHandler.resolveA2uiHostUrl()
       ?: return GatewaySession.InvokeResult.error(
         code = "A2UI_HOST_NOT_CONFIGURED",
         message = "A2UI_HOST_NOT_CONFIGURED: gateway did not advertise canvas host",
       )
-    val ready = a2uiHandler.ensureA2uiReady(a2uiUrl)
-    if (!ready) {
-      return GatewaySession.InvokeResult.error(
-        code = "A2UI_HOST_UNAVAILABLE",
-        message = "A2UI host not reachable",
-      )
+    val readyOnFirstCheck = a2uiHandler.ensureA2uiReady(a2uiUrl)
+    if (!readyOnFirstCheck) {
+      if (!refreshNodeCanvasCapability()) {
+        return GatewaySession.InvokeResult.error(
+          code = "A2UI_HOST_UNAVAILABLE",
+          message = "A2UI_HOST_UNAVAILABLE: A2UI host not reachable",
+        )
+      }
+      a2uiUrl = a2uiHandler.resolveA2uiHostUrl()
+        ?: return GatewaySession.InvokeResult.error(
+          code = "A2UI_HOST_NOT_CONFIGURED",
+          message = "A2UI_HOST_NOT_CONFIGURED: gateway did not advertise canvas host",
+        )
+      if (!a2uiHandler.ensureA2uiReady(a2uiUrl)) {
+        return GatewaySession.InvokeResult.error(
+          code = "A2UI_HOST_UNAVAILABLE",
+          message = "A2UI_HOST_UNAVAILABLE: A2UI host not reachable",
+        )
+      }
     }
     return block()
   }

apps/android/app/src/main/java/ai/openclaw/android/node/NotificationsHandler.kt

@@ -2,15 +2,20 @@ package ai.openclaw.android.node
 
 import android.content.Context
 import ai.openclaw.android.gateway.GatewaySession
+import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonArray
+import kotlinx.serialization.json.JsonObject
 import kotlinx.serialization.json.JsonPrimitive
 import kotlinx.serialization.json.buildJsonObject
+import kotlinx.serialization.json.contentOrNull
 import kotlinx.serialization.json.put
 
 internal interface NotificationsStateProvider {
   fun readSnapshot(context: Context): DeviceNotificationSnapshot
 
   fun requestServiceRebind(context: Context)
+
+  fun executeAction(context: Context, request: NotificationActionRequest): NotificationActionResult
 }
 
 private object SystemNotificationsStateProvider : NotificationsStateProvider {
@@ -29,6 +34,10 @@ private object SystemNotificationsStateProvider : NotificationsStateProvider {
   override fun requestServiceRebind(context: Context) {
     DeviceNotificationListenerService.requestServiceRebind(context)
   }
+
+  override fun executeAction(context: Context, request: NotificationActionRequest): NotificationActionResult {
+    return DeviceNotificationListenerService.executeAction(context, request)
+  }
 }
 
 class NotificationsHandler private constructor(
@@ -38,11 +47,80 @@ class NotificationsHandler private constructor(
   constructor(appContext: Context) : this(appContext = appContext, stateProvider = SystemNotificationsStateProvider)
 
   suspend fun handleNotificationsList(_paramsJson: String?): GatewaySession.InvokeResult {
+    val snapshot = readSnapshotWithRebind()
+    return GatewaySession.InvokeResult.ok(snapshotPayloadJson(snapshot))
+  }
+
+  suspend fun handleNotificationsActions(paramsJson: String?): GatewaySession.InvokeResult {
+    readSnapshotWithRebind()
+
+    val params = parseParamsObject(paramsJson)
+      ?: return GatewaySession.InvokeResult.error(
+        code = "INVALID_REQUEST",
+        message = "INVALID_REQUEST: expected JSON object",
+      )
+    val key =
+      readString(params, "key")
+        ?: return GatewaySession.InvokeResult.error(
+          code = "INVALID_REQUEST",
+          message = "INVALID_REQUEST: key required",
+        )
+    val actionRaw =
+      readString(params, "action")?.lowercase()
+        ?: return GatewaySession.InvokeResult.error(
+          code = "INVALID_REQUEST",
+          message = "INVALID_REQUEST: action required (open|dismiss|reply)",
+        )
+    val action =
+      when (actionRaw) {
+        "open" -> NotificationActionKind.Open
+        "dismiss" -> NotificationActionKind.Dismiss
+        "reply" -> NotificationActionKind.Reply
+        else ->
+          return GatewaySession.InvokeResult.error(
+            code = "INVALID_REQUEST",
+            message = "INVALID_REQUEST: action must be open|dismiss|reply",
+          )
+      }
+    val replyText = readString(params, "replyText")
+    if (action == NotificationActionKind.Reply && replyText.isNullOrBlank()) {
+      return GatewaySession.InvokeResult.error(
+        code = "INVALID_REQUEST",
+        message = "INVALID_REQUEST: replyText required for reply action",
+      )
+    }
+
+    val result =
+      stateProvider.executeAction(
+        appContext,
+        NotificationActionRequest(
+          key = key,
+          kind = action,
+          replyText = replyText,
+        ),
+      )
+    if (!result.ok) {
+      return GatewaySession.InvokeResult.error(
+        code = result.code ?: "UNAVAILABLE",
+        message = result.message ?: "notification action failed",
+      )
+    }
+
+    val payload =
+      buildJsonObject {
+        put("ok", JsonPrimitive(true))
+        put("key", JsonPrimitive(key))
+        put("action", JsonPrimitive(actionRaw))
+      }.toString()
+    return GatewaySession.InvokeResult.ok(payload)
+  }
+
+  private fun readSnapshotWithRebind(): DeviceNotificationSnapshot {
     val snapshot = stateProvider.readSnapshot(appContext)
     if (snapshot.enabled && !snapshot.connected) {
       stateProvider.requestServiceRebind(appContext)
     }
-    return GatewaySession.InvokeResult.ok(snapshotPayloadJson(snapshot))
+    return snapshot
   }
 
   private fun snapshotPayloadJson(snapshot: DeviceNotificationSnapshot): String {
@@ -72,6 +150,21 @@ class NotificationsHandler private constructor(
     }.toString()
   }
 
+  private fun parseParamsObject(paramsJson: String?): JsonObject? {
+    if (paramsJson.isNullOrBlank()) return null
+    return try {
+      Json.parseToJsonElement(paramsJson).asObjectOrNull()
+    } catch (_: Throwable) {
+      null
+    }
+  }
+
+  private fun readString(params: JsonObject, key: String): String? =
+    (params[key] as? JsonPrimitive)
+      ?.contentOrNull
+      ?.trim()
+      ?.takeIf { it.isNotEmpty() }
+
   companion object {
     internal fun forTesting(
       appContext: Context,

apps/android/app/src/main/java/ai/openclaw/android/node/ScreenRecordManager.kt

@@ -10,6 +10,10 @@ import ai.openclaw.android.ScreenCaptureRequester
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.delay
 import kotlinx.coroutines.withContext
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+import kotlinx.serialization.json.contentOrNull
 import java.io.File
 import kotlin.math.roundToInt
 
@@ -35,12 +39,13 @@ class ScreenRecordManager(private val context: Context) {
             "SCREEN_PERMISSION_REQUIRED: grant Screen Recording permission",
           )
 
-      val durationMs = (parseDurationMs(paramsJson) ?: 10_000).coerceIn(250, 60_000)
-      val fps = (parseFps(paramsJson) ?: 10.0).coerceIn(1.0, 60.0)
+      val params = parseParamsObject(paramsJson)
+      val durationMs = (parseDurationMs(params) ?: 10_000).coerceIn(250, 60_000)
+      val fps = (parseFps(params) ?: 10.0).coerceIn(1.0, 60.0)
       val fpsInt = fps.roundToInt().coerceIn(1, 60)
-      val screenIndex = parseScreenIndex(paramsJson)
-      val includeAudio = parseIncludeAudio(paramsJson) ?: true
-      val format = parseString(paramsJson, key = "format")
+      val screenIndex = parseScreenIndex(params)
+      val includeAudio = parseIncludeAudio(params) ?: true
+      val format = parseString(params, key = "format")
       if (format != null && format.lowercase() != "mp4") {
         throw IllegalArgumentException("INVALID_REQUEST: screen format must be mp4")
       }
@@ -141,55 +146,38 @@ class ScreenRecordManager(private val context: Context) {
     }
   }
 
-  private fun parseDurationMs(paramsJson: String?): Int? =
-    parseNumber(paramsJson, key = "durationMs")?.toIntOrNull()
+  private fun parseParamsObject(paramsJson: String?): JsonObject? {
+    if (paramsJson.isNullOrBlank()) return null
+    return try {
+      Json.parseToJsonElement(paramsJson).asObjectOrNull()
+    } catch (_: Throwable) {
+      null
+    }
+  }
 
-  private fun parseFps(paramsJson: String?): Double? =
-    parseNumber(paramsJson, key = "fps")?.toDoubleOrNull()
+  private fun readPrimitive(params: JsonObject?, key: String): JsonPrimitive? =
+    params?.get(key) as? JsonPrimitive
 
-  private fun parseScreenIndex(paramsJson: String?): Int? =
-    parseNumber(paramsJson, key = "screenIndex")?.toIntOrNull()
+  private fun parseDurationMs(params: JsonObject?): Int? =
+    readPrimitive(params, "durationMs")?.contentOrNull?.toIntOrNull()
 
-  private fun parseIncludeAudio(paramsJson: String?): Boolean? {
-    val raw = paramsJson ?: return null
-    val key = "\"includeAudio\""
-    val idx = raw.indexOf(key)
-    if (idx < 0) return null
-    val colon = raw.indexOf(':', idx + key.length)
-    if (colon < 0) return null
-    val tail = raw.substring(colon + 1).trimStart()
-    return when {
-      tail.startsWith("true") -> true
-      tail.startsWith("false") -> false
+  private fun parseFps(params: JsonObject?): Double? =
+    readPrimitive(params, "fps")?.contentOrNull?.toDoubleOrNull()
+
+  private fun parseScreenIndex(params: JsonObject?): Int? =
+    readPrimitive(params, "screenIndex")?.contentOrNull?.toIntOrNull()
+
+  private fun parseIncludeAudio(params: JsonObject?): Boolean? {
+    val value = readPrimitive(params, "includeAudio")?.contentOrNull?.trim()?.lowercase()
+    return when (value) {
+      "true" -> true
+      "false" -> false
       else -> null
     }
   }
 
-  private fun parseNumber(paramsJson: String?, key: String): String? {
-    val raw = paramsJson ?: return null
-    val needle = "\"$key\""
-    val idx = raw.indexOf(needle)
-    if (idx < 0) return null
-    val colon = raw.indexOf(':', idx + needle.length)
-    if (colon < 0) return null
-    val tail = raw.substring(colon + 1).trimStart()
-    return tail.takeWhile { it.isDigit() || it == '.' || it == '-' }
-  }
-
-  private fun parseString(paramsJson: String?, key: String): String? {
-    val raw = paramsJson ?: return null
-    val needle = "\"$key\""
-    val idx = raw.indexOf(needle)
-    if (idx < 0) return null
-    val colon = raw.indexOf(':', idx + needle.length)
-    if (colon < 0) return null
-    val tail = raw.substring(colon + 1).trimStart()
-    if (!tail.startsWith('\"')) return null
-    val rest = tail.drop(1)
-    val end = rest.indexOf('\"')
-    if (end < 0) return null
-    return rest.substring(0, end)
-  }
+  private fun parseString(params: JsonObject?, key: String): String? =
+    readPrimitive(params, key)?.contentOrNull
 
   private fun estimateBitrate(width: Int, height: Int, fps: Int): Int {
     val pixels = width.toLong() * height.toLong()

apps/android/app/src/main/java/ai/openclaw/android/protocol/OpenClawProtocolConstants.kt

@@ -35,6 +35,7 @@ enum class OpenClawCanvasA2UICommand(val rawValue: String) {
 }
 
 enum class OpenClawCameraCommand(val rawValue: String) {
+  List("camera.list"),
   Snap("camera.snap"),
   Clip("camera.clip"),
   ;
@@ -74,6 +75,8 @@ enum class OpenClawLocationCommand(val rawValue: String) {
 enum class OpenClawDeviceCommand(val rawValue: String) {
   Status("device.status"),
   Info("device.info"),
+  Permissions("device.permissions"),
+  Health("device.health"),
   ;
 
   companion object {
@@ -83,6 +86,7 @@ enum class OpenClawDeviceCommand(val rawValue: String) {
 
 enum class OpenClawNotificationsCommand(val rawValue: String) {
   List("notifications.list"),
+  Actions("notifications.actions"),
   ;
 
   companion object {

apps/android/app/src/test/java/ai/openclaw/android/gateway/GatewaySessionInvokeTest.kt

@@ -439,4 +439,128 @@ class GatewaySessionInvokeTest {
       server.shutdown()
     }
   }
+
+  @Test
+  fun refreshNodeCanvasCapability_sendsObjectParamsAndUpdatesScopedUrl() = runBlocking {
+    val json = Json { ignoreUnknownKeys = true }
+    val connected = CompletableDeferred<Unit>()
+    val refreshRequestParams = CompletableDeferred<String?>()
+    val lastDisconnect = AtomicReference("")
+    val server =
+      MockWebServer().apply {
+        dispatcher =
+          object : Dispatcher() {
+            override fun dispatch(request: RecordedRequest): MockResponse {
+              return MockResponse().withWebSocketUpgrade(
+                object : WebSocketListener() {
+                  override fun onOpen(webSocket: WebSocket, response: Response) {
+                    webSocket.send(
+                      """{"type":"event","event":"connect.challenge","payload":{"nonce":"android-test-nonce"}}""",
+                    )
+                  }
+
+                  override fun onMessage(webSocket: WebSocket, text: String) {
+                    val frame = json.parseToJsonElement(text).jsonObject
+                    if (frame["type"]?.jsonPrimitive?.content != "req") return
+                    val id = frame["id"]?.jsonPrimitive?.content ?: return
+                    val method = frame["method"]?.jsonPrimitive?.content ?: return
+                    when (method) {
+                      "connect" -> {
+                        webSocket.send(
+                          """{"type":"res","id":"$id","ok":true,"payload":{"canvasHostUrl":"http://127.0.0.1/__openclaw__/cap/old-cap","snapshot":{"sessionDefaults":{"mainSessionKey":"main"}}}}""",
+                        )
+                      }
+                      "node.canvas.capability.refresh" -> {
+                        if (!refreshRequestParams.isCompleted) {
+                          refreshRequestParams.complete(frame["params"]?.toString())
+                        }
+                        webSocket.send(
+                          """{"type":"res","id":"$id","ok":true,"payload":{"canvasCapability":"new-cap"}}""",
+                        )
+                        webSocket.close(1000, "done")
+                      }
+                    }
+                  }
+                },
+              )
+            }
+          }
+        start()
+      }
+
+    val app = RuntimeEnvironment.getApplication()
+    val sessionJob = SupervisorJob()
+    val deviceAuthStore = InMemoryDeviceAuthStore()
+    val session =
+      GatewaySession(
+        scope = CoroutineScope(sessionJob + Dispatchers.Default),
+        identityStore = DeviceIdentityStore(app),
+        deviceAuthStore = deviceAuthStore,
+        onConnected = { _, _, _ ->
+          if (!connected.isCompleted) connected.complete(Unit)
+        },
+        onDisconnected = { message ->
+          lastDisconnect.set(message)
+        },
+        onEvent = { _, _ -> },
+        onInvoke = { GatewaySession.InvokeResult.ok("""{"handled":true}""") },
+      )
+
+    try {
+      session.connect(
+        endpoint =
+          GatewayEndpoint(
+            stableId = "manual|127.0.0.1|${server.port}",
+            name = "test",
+            host = "127.0.0.1",
+            port = server.port,
+            tlsEnabled = false,
+          ),
+        token = "test-token",
+        password = null,
+        options =
+          GatewayConnectOptions(
+            role = "node",
+            scopes = listOf("node:invoke"),
+            caps = emptyList(),
+            commands = emptyList(),
+            permissions = emptyMap(),
+            client =
+              GatewayClientInfo(
+                id = "openclaw-android-test",
+                displayName = "Android Test",
+                version = "1.0.0-test",
+                platform = "android",
+                mode = "node",
+                instanceId = "android-test-instance",
+                deviceFamily = "android",
+                modelIdentifier = "test",
+              ),
+          ),
+        tls = null,
+      )
+
+      val connectedWithinTimeout = withTimeoutOrNull(8_000) {
+        connected.await()
+        true
+      } == true
+      if (!connectedWithinTimeout) {
+        throw AssertionError("never connected; lastDisconnect=${lastDisconnect.get()}; requests=${server.requestCount}")
+      }
+
+      val refreshed = session.refreshNodeCanvasCapability(timeoutMs = 8_000)
+      val refreshParamsJson = withTimeout(8_000) { refreshRequestParams.await() }
+
+      assertEquals(true, refreshed)
+      assertEquals("{}", refreshParamsJson)
+      assertEquals(
+        "http://127.0.0.1:${server.port}/__openclaw__/cap/new-cap",
+        session.currentCanvasHostUrl(),
+      )
+    } finally {
+      session.disconnect()
+      sessionJob.cancelAndJoin()
+      server.shutdown()
+    }
+  }
 }

apps/android/app/src/test/java/ai/openclaw/android/gateway/GatewaySessionInvokeTimeoutTest.kt

@@ -0,0 +1,47 @@
+package ai.openclaw.android.gateway
+
+import org.junit.Assert.assertEquals
+import org.junit.Test
+
+class GatewaySessionInvokeTimeoutTest {
+  @Test
+  fun resolveInvokeResultAckTimeoutMs_usesFloorWhenMissingOrTooSmall() {
+    assertEquals(15_000L, resolveInvokeResultAckTimeoutMs(null))
+    assertEquals(15_000L, resolveInvokeResultAckTimeoutMs(0L))
+    assertEquals(15_000L, resolveInvokeResultAckTimeoutMs(5_000L))
+  }
+
+  @Test
+  fun resolveInvokeResultAckTimeoutMs_usesInvokeBudgetWithinBounds() {
+    assertEquals(30_000L, resolveInvokeResultAckTimeoutMs(30_000L))
+    assertEquals(90_000L, resolveInvokeResultAckTimeoutMs(90_000L))
+  }
+
+  @Test
+  fun resolveInvokeResultAckTimeoutMs_capsAtUpperBound() {
+    assertEquals(120_000L, resolveInvokeResultAckTimeoutMs(121_000L))
+    assertEquals(120_000L, resolveInvokeResultAckTimeoutMs(Long.MAX_VALUE))
+  }
+
+  @Test
+  fun replaceCanvasCapabilityInScopedHostUrl_rewritesTerminalCapabilitySegment() {
+    assertEquals(
+      "http://127.0.0.1:18789/__openclaw__/cap/new-token",
+      replaceCanvasCapabilityInScopedHostUrl(
+        "http://127.0.0.1:18789/__openclaw__/cap/old-token",
+        "new-token",
+      ),
+    )
+  }
+
+  @Test
+  fun replaceCanvasCapabilityInScopedHostUrl_rewritesWhenQueryAndFragmentPresent() {
+    assertEquals(
+      "http://127.0.0.1:18789/__openclaw__/cap/new-token?a=1#frag",
+      replaceCanvasCapabilityInScopedHostUrl(
+        "http://127.0.0.1:18789/__openclaw__/cap/old-token?a=1#frag",
+        "new-token",
+      ),
+    )
+  }
+}

apps/android/app/src/test/java/ai/openclaw/android/node/CameraHandlerTest.kt

@@ -0,0 +1,25 @@
+package ai.openclaw.android.node
+
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Test
+
+class CameraHandlerTest {
+  @Test
+  fun isCameraClipWithinPayloadLimit_allowsZeroAndLimit() {
+    assertTrue(isCameraClipWithinPayloadLimit(0L))
+    assertTrue(isCameraClipWithinPayloadLimit(CAMERA_CLIP_MAX_RAW_BYTES))
+  }
+
+  @Test
+  fun isCameraClipWithinPayloadLimit_rejectsNegativeAndTooLarge() {
+    assertFalse(isCameraClipWithinPayloadLimit(-1L))
+    assertFalse(isCameraClipWithinPayloadLimit(CAMERA_CLIP_MAX_RAW_BYTES + 1L))
+  }
+
+  @Test
+  fun cameraClipMaxRawBytes_matchesExpectedBudget() {
+    assertEquals(18L * 1024L * 1024L, CAMERA_CLIP_MAX_RAW_BYTES)
+  }
+}

apps/android/app/src/test/java/ai/openclaw/android/node/DeviceHandlerTest.kt

@@ -73,6 +73,68 @@ class DeviceHandlerTest {
     assertTrue(payload.getValue("uptimeSeconds").jsonPrimitive.double >= 0.0)
   }
 
+  @Test
+  fun handleDevicePermissions_returnsExpectedShape() {
+    val handler = DeviceHandler(appContext())
+
+    val result = handler.handleDevicePermissions(null)
+
+    assertTrue(result.ok)
+    val payload = parsePayload(result.payloadJson)
+    val permissions = payload.getValue("permissions").jsonObject
+    val expected =
+      listOf(
+        "camera",
+        "microphone",
+        "location",
+        "backgroundLocation",
+        "sms",
+        "notificationListener",
+        "screenCapture",
+      )
+    for (key in expected) {
+      val state = permissions.getValue(key).jsonObject
+      val status = state.getValue("status").jsonPrimitive.content
+      assertTrue(status == "granted" || status == "denied")
+      state.getValue("promptable").jsonPrimitive.boolean
+    }
+  }
+
+  @Test
+  fun handleDeviceHealth_returnsExpectedShape() {
+    val handler = DeviceHandler(appContext())
+
+    val result = handler.handleDeviceHealth(null)
+
+    assertTrue(result.ok)
+    val payload = parsePayload(result.payloadJson)
+    val memory = payload.getValue("memory").jsonObject
+    val battery = payload.getValue("battery").jsonObject
+    val power = payload.getValue("power").jsonObject
+    val system = payload.getValue("system").jsonObject
+
+    val pressure = memory.getValue("pressure").jsonPrimitive.content
+    assertTrue(pressure in setOf("normal", "moderate", "high", "critical", "unknown"))
+    val totalRamBytes = memory.getValue("totalRamBytes").jsonPrimitive.content.toLong()
+    val availableRamBytes = memory.getValue("availableRamBytes").jsonPrimitive.content.toLong()
+    val usedRamBytes = memory.getValue("usedRamBytes").jsonPrimitive.content.toLong()
+    assertTrue(totalRamBytes >= 0L)
+    assertTrue(availableRamBytes >= 0L)
+    assertTrue(usedRamBytes >= 0L)
+    memory.getValue("lowMemory").jsonPrimitive.boolean
+
+    val batteryState = battery.getValue("state").jsonPrimitive.content
+    assertTrue(batteryState in setOf("unknown", "unplugged", "charging", "full"))
+    val chargingType = battery.getValue("chargingType").jsonPrimitive.content
+    assertTrue(chargingType in setOf("none", "ac", "usb", "wireless", "dock"))
+    battery["temperatureC"]?.jsonPrimitive?.double
+    battery["currentMa"]?.jsonPrimitive?.double
+
+    power.getValue("dozeModeEnabled").jsonPrimitive.boolean
+    power.getValue("lowPowerModeEnabled").jsonPrimitive.boolean
+    system["securityPatchLevel"]?.jsonPrimitive?.content
+  }
+
   private fun appContext(): Context = RuntimeEnvironment.getApplication()
 
   private fun parsePayload(payloadJson: String?): JsonObject {

apps/android/app/src/test/java/ai/openclaw/android/node/InvokeCommandRegistryTest.kt

@@ -22,10 +22,14 @@ class InvokeCommandRegistryTest {
 
     assertFalse(commands.contains(OpenClawCameraCommand.Snap.rawValue))
     assertFalse(commands.contains(OpenClawCameraCommand.Clip.rawValue))
+    assertFalse(commands.contains(OpenClawCameraCommand.List.rawValue))
     assertFalse(commands.contains(OpenClawLocationCommand.Get.rawValue))
     assertTrue(commands.contains(OpenClawDeviceCommand.Status.rawValue))
     assertTrue(commands.contains(OpenClawDeviceCommand.Info.rawValue))
+    assertTrue(commands.contains(OpenClawDeviceCommand.Permissions.rawValue))
+    assertTrue(commands.contains(OpenClawDeviceCommand.Health.rawValue))
     assertTrue(commands.contains(OpenClawNotificationsCommand.List.rawValue))
+    assertTrue(commands.contains(OpenClawNotificationsCommand.Actions.rawValue))
     assertFalse(commands.contains(OpenClawSmsCommand.Send.rawValue))
     assertFalse(commands.contains("debug.logs"))
     assertFalse(commands.contains("debug.ed25519"))
@@ -44,10 +48,14 @@ class InvokeCommandRegistryTest {
 
     assertTrue(commands.contains(OpenClawCameraCommand.Snap.rawValue))
     assertTrue(commands.contains(OpenClawCameraCommand.Clip.rawValue))
+    assertTrue(commands.contains(OpenClawCameraCommand.List.rawValue))
     assertTrue(commands.contains(OpenClawLocationCommand.Get.rawValue))
     assertTrue(commands.contains(OpenClawDeviceCommand.Status.rawValue))
     assertTrue(commands.contains(OpenClawDeviceCommand.Info.rawValue))
+    assertTrue(commands.contains(OpenClawDeviceCommand.Permissions.rawValue))
+    assertTrue(commands.contains(OpenClawDeviceCommand.Health.rawValue))
     assertTrue(commands.contains(OpenClawNotificationsCommand.List.rawValue))
+    assertTrue(commands.contains(OpenClawNotificationsCommand.Actions.rawValue))
     assertTrue(commands.contains(OpenClawSmsCommand.Send.rawValue))
     assertTrue(commands.contains("debug.logs"))
     assertTrue(commands.contains("debug.ed25519"))

apps/android/app/src/test/java/ai/openclaw/android/node/NotificationsHandlerTest.kt

@@ -95,6 +95,98 @@ class NotificationsHandlerTest {
       assertEquals(0, provider.rebindRequests)
     }
 
+  @Test
+  fun notificationsActions_executesDismissAction() =
+    runTest {
+      val provider =
+        FakeNotificationsStateProvider(
+          DeviceNotificationSnapshot(
+            enabled = true,
+            connected = true,
+            notifications = listOf(sampleEntry("n2")),
+          ),
+        )
+      val handler = NotificationsHandler.forTesting(appContext = appContext(), stateProvider = provider)
+
+      val result = handler.handleNotificationsActions("""{"key":"n2","action":"dismiss"}""")
+
+      assertTrue(result.ok)
+      assertNull(result.error)
+      val payload = parsePayload(result)
+      assertTrue(payload.getValue("ok").jsonPrimitive.boolean)
+      assertEquals("n2", payload.getValue("key").jsonPrimitive.content)
+      assertEquals("dismiss", payload.getValue("action").jsonPrimitive.content)
+      assertEquals("n2", provider.lastAction?.key)
+      assertEquals(NotificationActionKind.Dismiss, provider.lastAction?.kind)
+    }
+
+  @Test
+  fun notificationsActions_requiresReplyTextForReplyAction() =
+    runTest {
+      val provider =
+        FakeNotificationsStateProvider(
+          DeviceNotificationSnapshot(
+            enabled = true,
+            connected = true,
+            notifications = listOf(sampleEntry("n3")),
+          ),
+        )
+      val handler = NotificationsHandler.forTesting(appContext = appContext(), stateProvider = provider)
+
+      val result = handler.handleNotificationsActions("""{"key":"n3","action":"reply"}""")
+
+      assertFalse(result.ok)
+      assertEquals("INVALID_REQUEST", result.error?.code)
+      assertEquals(0, provider.actionRequests)
+    }
+
+  @Test
+  fun notificationsActions_propagatesProviderError() =
+    runTest {
+      val provider =
+        FakeNotificationsStateProvider(
+          DeviceNotificationSnapshot(
+            enabled = true,
+            connected = true,
+            notifications = listOf(sampleEntry("n4")),
+          ),
+        ).also {
+          it.actionResult =
+            NotificationActionResult(
+              ok = false,
+              code = "NOTIFICATION_NOT_FOUND",
+              message = "NOTIFICATION_NOT_FOUND: notification key not found",
+            )
+        }
+      val handler = NotificationsHandler.forTesting(appContext = appContext(), stateProvider = provider)
+
+      val result = handler.handleNotificationsActions("""{"key":"n4","action":"open"}""")
+
+      assertFalse(result.ok)
+      assertEquals("NOTIFICATION_NOT_FOUND", result.error?.code)
+      assertEquals(1, provider.actionRequests)
+    }
+
+  @Test
+  fun notificationsActions_requestsRebindWhenEnabledButDisconnected() =
+    runTest {
+      val provider =
+        FakeNotificationsStateProvider(
+          DeviceNotificationSnapshot(
+            enabled = true,
+            connected = false,
+            notifications = listOf(sampleEntry("n5")),
+          ),
+        )
+      val handler = NotificationsHandler.forTesting(appContext = appContext(), stateProvider = provider)
+
+      val result = handler.handleNotificationsActions("""{"key":"n5","action":"open"}""")
+
+      assertTrue(result.ok)
+      assertEquals(1, provider.rebindRequests)
+      assertEquals(1, provider.actionRequests)
+    }
+
   @Test
   fun sanitizeNotificationTextReturnsNullForBlankInput() {
     assertNull(sanitizeNotificationText(null))
@@ -110,6 +202,13 @@ class NotificationsHandlerTest {
     assertTrue((sanitized ?: "").all { it == 'x' })
   }
 
+  @Test
+  fun notificationsActionClearablePolicy_onlyRequiresClearableForDismiss() {
+    assertTrue(actionRequiresClearableNotification(NotificationActionKind.Dismiss))
+    assertFalse(actionRequiresClearableNotification(NotificationActionKind.Open))
+    assertFalse(actionRequiresClearableNotification(NotificationActionKind.Reply))
+  }
+
   private fun parsePayload(result: GatewaySession.InvokeResult): JsonObject {
     val payloadJson = result.payloadJson ?: error("expected payload")
     return Json.parseToJsonElement(payloadJson).jsonObject
@@ -137,10 +236,23 @@ private class FakeNotificationsStateProvider(
 ) : NotificationsStateProvider {
   var rebindRequests: Int = 0
     private set
+  var actionRequests: Int = 0
+    private set
+  var actionResult: NotificationActionResult = NotificationActionResult(ok = true)
+  var lastAction: NotificationActionRequest? = null
 
   override fun readSnapshot(context: Context): DeviceNotificationSnapshot = snapshot
 
   override fun requestServiceRebind(context: Context) {
     rebindRequests += 1
   }
+
+  override fun executeAction(
+    context: Context,
+    request: NotificationActionRequest,
+  ): NotificationActionResult {
+    actionRequests += 1
+    lastAction = request
+    return actionResult
+  }
 }

apps/android/app/src/test/java/ai/openclaw/android/protocol/OpenClawProtocolConstantsTest.kt

@@ -31,6 +31,13 @@ class OpenClawProtocolConstantsTest {
     assertEquals("device", OpenClawCapability.Device.rawValue)
   }
 
+  @Test
+  fun cameraCommandsUseStableStrings() {
+    assertEquals("camera.list", OpenClawCameraCommand.List.rawValue)
+    assertEquals("camera.snap", OpenClawCameraCommand.Snap.rawValue)
+    assertEquals("camera.clip", OpenClawCameraCommand.Clip.rawValue)
+  }
+
   @Test
   fun screenCommandsUseStableStrings() {
     assertEquals("screen.record", OpenClawScreenCommand.Record.rawValue)
@@ -39,11 +46,14 @@ class OpenClawProtocolConstantsTest {
   @Test
   fun notificationsCommandsUseStableStrings() {
     assertEquals("notifications.list", OpenClawNotificationsCommand.List.rawValue)
+    assertEquals("notifications.actions", OpenClawNotificationsCommand.Actions.rawValue)
   }
 
   @Test
   fun deviceCommandsUseStableStrings() {
     assertEquals("device.status", OpenClawDeviceCommand.Status.rawValue)
     assertEquals("device.info", OpenClawDeviceCommand.Info.rawValue)
+    assertEquals("device.permissions", OpenClawDeviceCommand.Permissions.rawValue)
+    assertEquals("device.health", OpenClawDeviceCommand.Health.rawValue)
   }
 }

apps/ios/ShareExtension/Info.plist

@@ -17,9 +17,9 @@
 	<key>CFBundlePackageType</key>
 	<string>XPC!</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2026.2.26</string>
+	<string>2026.2.27</string>
 	<key>CFBundleVersion</key>
-	<string>20260226</string>
+	<string>20260227</string>
 	<key>NSExtension</key>
 	<dict>
 		<key>NSExtensionAttributes</key>

apps/ios/Sources/Info.plist

@@ -19,7 +19,7 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2026.2.26</string>
+	<string>2026.2.27</string>
 	<key>CFBundleURLTypes</key>
 	<array>
 		<dict>
@@ -32,7 +32,7 @@
 		</dict>
 	</array>
 	<key>CFBundleVersion</key>
-	<string>20260226</string>
+	<string>20260227</string>
 	<key>NSAppTransportSecurity</key>
 	<dict>
 		<key>NSAllowsArbitraryLoadsInWebContent</key>

apps/ios/Tests/Info.plist

@@ -17,8 +17,8 @@
 	<key>CFBundlePackageType</key>
 			<string>BNDL</string>
 			<key>CFBundleShortVersionString</key>
-			<string>2026.2.26</string>
+			<string>2026.2.27</string>
 			<key>CFBundleVersion</key>
-			<string>20260226</string>
+			<string>20260227</string>
 		</dict>
 	</plist>

apps/ios/WatchApp/Info.plist

@@ -17,9 +17,9 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2026.2.26</string>
+	<string>2026.2.27</string>
 	<key>CFBundleVersion</key>
-	<string>20260226</string>
+	<string>20260227</string>
 	<key>WKCompanionAppBundleIdentifier</key>
 	<string>$(OPENCLAW_APP_BUNDLE_ID)</string>
 	<key>WKWatchKitApp</key>

apps/ios/WatchExtension/Info.plist

@@ -15,9 +15,9 @@
 	<key>CFBundleName</key>
 	<string>$(PRODUCT_NAME)</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2026.2.26</string>
+	<string>2026.2.27</string>
 	<key>CFBundleVersion</key>
-	<string>20260226</string>
+	<string>20260227</string>
 	<key>NSExtension</key>
 	<dict>
 		<key>NSExtensionAttributes</key>

apps/ios/project.yml

@@ -92,8 +92,8 @@ targets:
           - CFBundleURLName: ai.openclaw.ios
             CFBundleURLSchemes:
               - openclaw
-        CFBundleShortVersionString: "2026.2.26"
-        CFBundleVersion: "20260226"
+        CFBundleShortVersionString: "2026.2.27"
+        CFBundleVersion: "20260227"
         UILaunchScreen: {}
         UIApplicationSceneManifest:
           UIApplicationSupportsMultipleScenes: false
@@ -148,8 +148,8 @@ targets:
       path: ShareExtension/Info.plist
       properties:
         CFBundleDisplayName: OpenClaw Share
-        CFBundleShortVersionString: "2026.2.26"
-        CFBundleVersion: "20260226"
+        CFBundleShortVersionString: "2026.2.27"
+        CFBundleVersion: "20260227"
         NSExtension:
           NSExtensionPointIdentifier: com.apple.share-services
           NSExtensionPrincipalClass: "$(PRODUCT_MODULE_NAME).ShareViewController"
@@ -179,8 +179,8 @@ targets:
       path: WatchApp/Info.plist
       properties:
         CFBundleDisplayName: OpenClaw
-        CFBundleShortVersionString: "2026.2.26"
-        CFBundleVersion: "20260226"
+        CFBundleShortVersionString: "2026.2.27"
+        CFBundleVersion: "20260227"
         WKCompanionAppBundleIdentifier: "$(OPENCLAW_APP_BUNDLE_ID)"
         WKWatchKitApp: true
 
@@ -203,8 +203,8 @@ targets:
       path: WatchExtension/Info.plist
       properties:
         CFBundleDisplayName: OpenClaw
-        CFBundleShortVersionString: "2026.2.26"
-        CFBundleVersion: "20260226"
+        CFBundleShortVersionString: "2026.2.27"
+        CFBundleVersion: "20260227"
         NSExtension:
           NSExtensionAttributes:
             WKAppBundleIdentifier: "$(OPENCLAW_WATCH_APP_BUNDLE_ID)"
@@ -237,5 +237,5 @@ targets:
       path: Tests/Info.plist
       properties:
         CFBundleDisplayName: OpenClawTests
-        CFBundleShortVersionString: "2026.2.26"
-        CFBundleVersion: "20260226"
+        CFBundleShortVersionString: "2026.2.27"
+        CFBundleVersion: "20260227"

apps/macos/Sources/OpenClaw/Resources/Info.plist

@@ -15,9 +15,9 @@
     <key>CFBundlePackageType</key>
     <string>APPL</string>
     <key>CFBundleShortVersionString</key>
-    <string>2026.2.26</string>
+    <string>2026.2.27</string>
     <key>CFBundleVersion</key>
-    <string>202602260</string>
+    <string>202602270</string>
     <key>CFBundleIconFile</key>
     <string>OpenClaw</string>
     <key>CFBundleURLTypes</key>

docs/channels/discord.md

@@ -642,7 +642,8 @@ Default slash command settings:
     - `/focus <target>` bind current/new thread to a subagent/session target
     - `/unfocus` remove current thread binding
     - `/agents` show active runs and binding state
-    - `/session ttl <duration|off>` inspect/update auto-unfocus TTL for focused bindings
+    - `/session idle <duration|off>` inspect/update inactivity auto-unfocus for focused bindings
+    - `/session max-age <duration|off>` inspect/update hard max age for focused bindings
 
     Config:
 
@@ -651,14 +652,16 @@ Default slash command settings:
   session: {
     threadBindings: {
       enabled: true,
-      ttlHours: 24,
+      idleHours: 24,
+      maxAgeHours: 0,
     },
   },
   channels: {
     discord: {
       threadBindings: {
         enabled: true,
-        ttlHours: 24,
+        idleHours: 24,
+        maxAgeHours: 0,
         spawnSubagentSessions: false, // opt-in
       },
     },

docs/channels/grammy.md

@@ -1,31 +0,0 @@
----
-summary: "Telegram Bot API integration via grammY with setup notes"
-read_when:
-  - Working on Telegram or grammY pathways
-title: grammY
----
-
-# grammY Integration (Telegram Bot API)
-
-# Why grammY
-
-- TS-first Bot API client with built-in long-poll + webhook helpers, middleware, error handling, rate limiter.
-- Cleaner media helpers than hand-rolling fetch + FormData; supports all Bot API methods.
-- Extensible: proxy support via custom fetch, session middleware (optional), type-safe context.
-
-# What we shipped
-
-- **Single client path:** fetch-based implementation removed; grammY is now the sole Telegram client (send + gateway) with the grammY throttler enabled by default.
-- **Gateway:** `monitorTelegramProvider` builds a grammY `Bot`, wires mention/allowlist gating, media download via `getFile`/`download`, and delivers replies with `sendMessage/sendPhoto/sendVideo/sendAudio/sendDocument`. Supports long-poll or webhook via `webhookCallback`.
-- **Proxy:** optional `channels.telegram.proxy` uses `undici.ProxyAgent` through grammY’s `client.baseFetch`.
-- **Webhook support:** `webhook-set.ts` wraps `setWebhook/deleteWebhook`; `webhook.ts` hosts the callback with health + graceful shutdown. Gateway enables webhook mode when `channels.telegram.webhookUrl` + `channels.telegram.webhookSecret` are set (otherwise it long-polls).
-- **Sessions:** direct chats collapse into the agent main session (`agent:<agentId>:<mainKey>`); groups use `agent:<agentId>:telegram:group:<chatId>`; replies route back to the same channel.
-- **Config knobs:** `channels.telegram.botToken`, `channels.telegram.dmPolicy`, `channels.telegram.groups` (allowlist + mention defaults), `channels.telegram.allowFrom`, `channels.telegram.groupAllowFrom`, `channels.telegram.groupPolicy`, `channels.telegram.mediaMaxMb`, `channels.telegram.linkPreview`, `channels.telegram.proxy`, `channels.telegram.webhookSecret`, `channels.telegram.webhookUrl`, `channels.telegram.webhookHost`.
-- **Live stream preview:** `channels.telegram.streaming` (`off | partial | block | progress`) sends a temporary message and updates it with `editMessageText`. This is separate from channel block streaming.
-- **Tests:** grammy mocks cover DM + group mention gating and outbound send; more media/webhook fixtures still welcome.
-
-Open questions
-
-- Optional grammY plugins (throttler) if we hit Bot API 429s.
-- Add more structured media tests (stickers, voice notes).
-- Make webhook listen port configurable (currently fixed to 8787 unless wired through the gateway).

docs/channels/index.md

@@ -43,6 +43,5 @@ Text is supported everywhere; media and reactions vary by channel.
   stores more state on disk.
 - Group behavior varies by channel; see [Groups](/channels/groups).
 - DM pairing and allowlists are enforced for safety; see [Security](/gateway/security).
-- Telegram internals: [grammY notes](/channels/grammy).
 - Troubleshooting: [Channel troubleshooting](/channels/troubleshooting).
 - Model providers are documented separately; see [Model Providers](/providers/models).

docs/channels/telegram.md

@@ -117,7 +117,7 @@ Token resolution order is account-aware. In practice, config values win over env
     `dmPolicy: "allowlist"` with empty `allowFrom` blocks all DMs and is rejected by config validation.
     The onboarding wizard accepts `@username` input and resolves it to numeric IDs.
     If you upgraded and your config contains `@username` allowlist entries, run `openclaw doctor --fix` to resolve them (best-effort; requires a Telegram bot token).
-    If you previously relied on pairing-store allowlist files, `openclaw doctor --fix` can auto-migrate recovered entries into `channels.telegram.allowFrom`.
+    If you previously relied on pairing-store allowlist files, `openclaw doctor --fix` can recover entries into `channels.telegram.allowFrom` in allowlist flows (for example when `dmPolicy: "allowlist"` has no explicit IDs yet).
 
     ### Finding your Telegram user ID
 
@@ -138,10 +138,12 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
   </Tab>
 
   <Tab title="Group policy and allowlists">
-    There are two independent controls:
+    Two controls apply together:
 
     1. **Which groups are allowed** (`channels.telegram.groups`)
-       - no `groups` config: all groups allowed
+       - no `groups` config:
+         - with `groupPolicy: "open"`: any group can pass group-ID checks
+         - with `groupPolicy: "allowlist"` (default): groups are blocked until you add `groups` entries (or `"*"`)
        - `groups` configured: acts as allowlist (explicit IDs or `"*"`)
 
     2. **Which senders are allowed in groups** (`channels.telegram.groupPolicy`)
@@ -150,8 +152,11 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
        - `disabled`
 
     `groupAllowFrom` is used for group sender filtering. If not set, Telegram falls back to `allowFrom`.
-    `groupAllowFrom` entries must be numeric Telegram user IDs.
-    Runtime note: if `channels.telegram` is completely missing, runtime falls back to `groupPolicy="allowlist"` for group policy evaluation (even if `channels.defaults.groupPolicy` is set).
+    `groupAllowFrom` entries should be numeric Telegram user IDs (`telegram:` / `tg:` prefixes are normalized).
+    Non-numeric entries are ignored for sender authorization.
+    Security boundary (`2026.2.25+`): group sender auth does **not** inherit DM pairing-store approvals.
+    Pairing stays DM-only. For groups, set `groupAllowFrom` or per-group/per-topic `allowFrom`.
+    Runtime note: if `channels.telegram` is completely missing, runtime defaults to fail-closed `groupPolicy="allowlist"` unless `channels.defaults.groupPolicy` is explicitly set.
 
     Example: allow any member in one specific group:
 
@@ -385,17 +390,19 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
     - `react` (`chatId`, `messageId`, `emoji`)
     - `deleteMessage` (`chatId`, `messageId`)
     - `editMessage` (`chatId`, `messageId`, `content`)
+    - `createForumTopic` (`chatId`, `name`, optional `iconColor`, `iconCustomEmojiId`)
 
-    Channel message actions expose ergonomic aliases (`send`, `react`, `delete`, `edit`, `sticker`, `sticker-search`).
+    Channel message actions expose ergonomic aliases (`send`, `react`, `delete`, `edit`, `sticker`, `sticker-search`, `topic-create`).
 
     Gating controls:
 
     - `channels.telegram.actions.sendMessage`
-    - `channels.telegram.actions.editMessage`
     - `channels.telegram.actions.deleteMessage`
     - `channels.telegram.actions.reactions`
     - `channels.telegram.actions.sticker` (default: disabled)
 
+    Note: `edit` and `topic-create` are currently enabled by default and do not have separate `channels.telegram.actions.*` toggles.
+
     Reaction removal semantics: [/tools/reactions](/tools/reactions)
 
   </Accordion>
@@ -612,6 +619,7 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
     - set `channels.telegram.webhookSecret` (required when webhook URL is set)
     - optional `channels.telegram.webhookPath` (default `/telegram-webhook`)
     - optional `channels.telegram.webhookHost` (default `127.0.0.1`)
+    - optional `channels.telegram.webhookPort` (default `8787`)
 
     Default local listener for webhook mode binds to `127.0.0.1:8787`.
 
@@ -629,7 +637,7 @@ curl "https://api.telegram.org/bot<bot_token>/getUpdates"
     - DM history controls:
       - `channels.telegram.dmHistoryLimit`
       - `channels.telegram.dms["<user_id>"].historyLimit`
-    - outbound Telegram API retries are configurable via `channels.telegram.retry`.
+    - `channels.telegram.retry` config applies to Telegram send helpers (CLI/tools/actions) for recoverable outbound API errors.
 
     CLI send target can be numeric chat ID or username:
 
@@ -718,9 +726,10 @@ Primary reference:
 - `channels.telegram.botToken`: bot token (BotFather).
 - `channels.telegram.tokenFile`: read token from file path.
 - `channels.telegram.dmPolicy`: `pairing | allowlist | open | disabled` (default: pairing).
-- `channels.telegram.allowFrom`: DM allowlist (numeric Telegram user IDs). `allowlist` requires at least one sender ID. `open` requires `"*"`. `openclaw doctor --fix` can resolve legacy `@username` entries to IDs and can restore allowlist entries from pairing-store files when available.
+- `channels.telegram.allowFrom`: DM allowlist (numeric Telegram user IDs). `allowlist` requires at least one sender ID. `open` requires `"*"`. `openclaw doctor --fix` can resolve legacy `@username` entries to IDs and can recover allowlist entries from pairing-store files in allowlist migration flows.
+- `channels.telegram.defaultTo`: default Telegram target used by CLI `--deliver` when no explicit `--reply-to` is provided.
 - `channels.telegram.groupPolicy`: `open | allowlist | disabled` (default: allowlist).
-- `channels.telegram.groupAllowFrom`: group sender allowlist (numeric Telegram user IDs). `openclaw doctor --fix` can resolve legacy `@username` entries to IDs.
+- `channels.telegram.groupAllowFrom`: group sender allowlist (numeric Telegram user IDs). `openclaw doctor --fix` can resolve legacy `@username` entries to IDs. Non-numeric entries are ignored at auth time. Group auth does not use DM pairing-store fallback (`2026.2.25+`).
 - Multi-account precedence:
   - `channels.telegram.accounts.default.allowFrom` and `channels.telegram.accounts.default.groupAllowFrom` apply only to the `default` account.
   - Named accounts inherit `channels.telegram.allowFrom` and `channels.telegram.groupAllowFrom` when account-level values are unset.
@@ -737,13 +746,14 @@ Primary reference:
   - `channels.telegram.groups.<id>.topics.<threadId>.requireMention`: per-topic mention gating override.
 - `channels.telegram.capabilities.inlineButtons`: `off | dm | group | all | allowlist` (default: allowlist).
 - `channels.telegram.accounts.<account>.capabilities.inlineButtons`: per-account override.
+- `channels.telegram.commands.nativeSkills`: enable/disable Telegram native skills commands.
 - `channels.telegram.replyToMode`: `off | first | all` (default: `off`).
 - `channels.telegram.textChunkLimit`: outbound chunk size (chars).
 - `channels.telegram.chunkMode`: `length` (default) or `newline` to split on blank lines (paragraph boundaries) before length chunking.
 - `channels.telegram.linkPreview`: toggle link previews for outbound messages (default: true).
-- `channels.telegram.streaming`: `off | partial | block | progress` (live stream preview; default: `off`; `progress` maps to `partial`).
-- `channels.telegram.mediaMaxMb`: inbound/outbound media cap (MB).
-- `channels.telegram.retry`: retry policy for outbound Telegram API calls (attempts, minDelayMs, maxDelayMs, jitter).
+- `channels.telegram.streaming`: `off | partial | block | progress` (live stream preview; default: `off`; `progress` maps to `partial`; `block` is legacy preview mode compatibility).
+- `channels.telegram.mediaMaxMb`: inbound Telegram media download/processing cap (MB).
+- `channels.telegram.retry`: retry policy for Telegram send helpers (CLI/tools/actions) on recoverable outbound API errors (attempts, minDelayMs, maxDelayMs, jitter).
 - `channels.telegram.network.autoSelectFamily`: override Node autoSelectFamily (true=enable, false=disable). Defaults to enabled on Node 22+, with WSL2 defaulting to disabled.
 - `channels.telegram.network.dnsResultOrder`: override DNS result order (`ipv4first` or `verbatim`). Defaults to `ipv4first` on Node 22+.
 - `channels.telegram.proxy`: proxy URL for Bot API calls (SOCKS/HTTP).
@@ -751,6 +761,7 @@ Primary reference:
 - `channels.telegram.webhookSecret`: webhook secret (required when webhookUrl is set).
 - `channels.telegram.webhookPath`: local webhook path (default `/telegram-webhook`).
 - `channels.telegram.webhookHost`: local webhook bind host (default `127.0.0.1`).
+- `channels.telegram.webhookPort`: local webhook bind port (default `8787`).
 - `channels.telegram.actions.reactions`: gate Telegram tool reactions.
 - `channels.telegram.actions.sendMessage`: gate Telegram tool message sends.
 - `channels.telegram.actions.deleteMessage`: gate Telegram tool message deletes.
@@ -764,7 +775,7 @@ Telegram-specific high-signal fields:
 
 - startup/auth: `enabled`, `botToken`, `tokenFile`, `accounts.*`
 - access control: `dmPolicy`, `allowFrom`, `groupPolicy`, `groupAllowFrom`, `groups`, `groups.*.topics.*`
-- command/menu: `commands.native`, `customCommands`
+- command/menu: `commands.native`, `commands.nativeSkills`, `customCommands`
 - threading/replies: `replyToMode`
 - streaming: `streaming` (preview), `blockStreaming`
 - formatting/delivery: `textChunkLimit`, `chunkMode`, `linkPreview`, `responsePrefix`

docs/cli/security.md

@@ -40,6 +40,61 @@ It warns when `gateway.auth.mode="none"` leaves Gateway HTTP APIs reachable with
 Settings prefixed with `dangerous`/`dangerously` are explicit break-glass operator overrides; enabling one is not, by itself, a security vulnerability report.
 For the complete dangerous-parameter inventory, see the "Insecure or dangerous flags summary" section in [Security](/gateway/security).
 
+## Skill security
+
+Community skills (installed from ClawHub) are subject to additional security enforcement:
+
+- **SKILL.md scanning**: content is scanned for prompt injection patterns, capability inflation, and boundary spoofing before entering the system prompt. Skills with critical findings are blocked from loading.
+- **Capability declarations**: community skills should declare `capabilities` (e.g., `shell`, `network`) in frontmatter for visibility and policy checks.
+- **Current rollout scope**: command-dispatch safety checks and SKILL.md scanning are active in this phase; broader runtime capability gating is rolling out in stages.
+- **Command dispatch gating**: community skills using `command-dispatch: tool` can't dispatch to dangerous tools without the matching capability.
+- **Audit logging**: all security events are tagged with `category: "security"` and include session context for forensics. View in the web UI Logs tab using the Security filter.
+
+See `openclaw skills check` for a runtime security overview, `openclaw skills info <name>` for per-skill details, and [Skills — Tool enforcement matrix](/tools/skills#tool-enforcement-matrix) for the complete tool-by-tool breakdown.
+
+### Tool enforcement matrix
+
+Every tool falls into one of three tiers when community skills are loaded:
+
+**Always denied** — blocked unconditionally, no capability can override:
+
+| Tool      | Reason                                                          |
+| --------- | --------------------------------------------------------------- |
+| `gateway` | Control-plane reconfiguration (restart, shutdown, auth changes) |
+| `nodes`   | Cluster node management (add/remove compute, redirect traffic)  |
+
+**Capability-gated** — blocked by default, allowed if the skill declares the matching capability:
+
+| Capability   | Tools                                          | What it unlocks                         |
+| ------------ | ---------------------------------------------- | --------------------------------------- |
+| `shell`      | `exec`, `process`                              | Run shell commands and manage processes |
+| `filesystem` | `write`, `edit`, `apply_patch`                 | File mutations (read is always allowed) |
+| `network`    | `web_fetch`, `web_search`                      | Outbound HTTP requests                  |
+| `browser`    | `browser`                                      | Browser automation                      |
+| `sessions`   | `sessions_spawn`, `sessions_send`, `subagents` | Cross-session orchestration             |
+| `messaging`  | `message`                                      | Send messages to configured channels    |
+| `scheduling` | `cron`                                         | Schedule recurring jobs                 |
+
+**Always allowed** — safe read-only or output-only tools, no capability required:
+
+| Tool                                                  | Why safe                          |
+| ----------------------------------------------------- | --------------------------------- |
+| `read`                                                | Read-only file access             |
+| `memory_search`, `memory_get`                         | Read-only memory access           |
+| `agents_list`                                         | List agents (read-only)           |
+| `sessions_list`, `sessions_history`, `session_status` | Session introspection (read-only) |
+| `canvas`                                              | UI rendering (output-only)        |
+| `image`                                               | Image generation (output-only)    |
+| `tts`                                                 | Text-to-speech (output-only)      |
+
+A community skill with no capabilities declared gets access only to the always-allowed tier. Declare capabilities in SKILL.md frontmatter:
+
+```yaml
+metadata:
+  openclaw:
+    capabilities: [shell, filesystem, network]
+```
+
 ## JSON output
 
 Use `--json` for CI/policy checks:

docs/cli/skills.md

@@ -18,9 +18,175 @@ Related:
 
 ## Commands
 
+Quick command list:
+
 ```bash
 openclaw skills list
 openclaw skills list --eligible
 openclaw skills info <name>
 openclaw skills check
+openclaw skills check --json
+```
+
+### `openclaw skills list`
+
+List all skills with status, capabilities, and source.
+
+```bash
+openclaw skills list              # all skills
+openclaw skills list --eligible   # only ready-to-use skills
+openclaw skills list --json       # JSON output
+openclaw skills list -v           # verbose (show missing requirements)
+```
+
+Output columns: **Status** (`+ ready`, `x missing`, `x blocked`), **Skill** (name + capability icons), **Description**, **Source**.
+
+Capability icons displayed next to skill names:
+
+| Icon | Capability                               |
+| ---- | ---------------------------------------- |
+| `>_` | `shell` — run shell commands             |
+| `📂` | `filesystem` — read/write files          |
+| `🌐` | `network` — outbound HTTP                |
+| `🔍` | `browser` — browser automation           |
+| `⚡` | `sessions` — cross-session orchestration |
+| `✉️` | `messaging` — send channel messages      |
+| `⏰` | `scheduling` — recurring jobs            |
+
+Skills blocked by security scanning show `x blocked` instead of `x missing`.
+
+Example output:
+
+```
+Skills (10/12 ready)
+
+Status      Skill                          Description                          Source
++ ready     git-autopush >_ 🌐            Automate git workflows               openclaw-managed
++ ready     think                          Extended thinking                    bundled
++ ready     peekaboo 🔍 ⚡                 Browser peek and screenshot          bundled
+x missing   summarize >_                   Summarize with CLI tool              bundled
+x blocked   evil-injector >_               Totally harmless skill               openclaw-managed
+- disabled  old-skill                      Deprecated skill                     workspace
+```
+
+With `-v` (verbose), the **Missing** column appears:
+
+```
+Status      Skill              Description          Source              Missing
++ ready     git-autopush >_ 🌐 Automate git wor...  openclaw-managed
+x missing   summarize >_       Summarize with...    bundled             bins: summarize
+x blocked   evil-injector >_   Totally harmless...  openclaw-managed
++ ready     sketch-tool 🌐 >_  Generate sketches    openclaw-managed
+```
+
+### `openclaw skills info <name>`
+
+Show detailed information about a single skill including security status.
+
+```bash
+openclaw skills info git-helper
+openclaw skills info git-helper --json
+```
+
+Displays: description, source, file path, capabilities (with descriptions), security scan results, requirements (met/unmet), and install options.
+
+Example output:
+
+```
+git-autopush + Ready
+
+  Automate git commit, push, and PR workflows.
+
+  Source        openclaw-managed
+  Path          ~/.openclaw/skills/git-autopush/SKILL.md
+  Homepage      https://github.com/example/git-autopush
+  Primary env   GH_TOKEN
+
+  Capabilities
+  >_ shell        Run shell commands
+  🌐 network      Make outbound HTTP requests
+
+  Security
+  Scan          + clean
+
+  Requirements
+  bin           git         + ok
+  bin           gh          + ok
+  env           GH_TOKEN    + ok
+```
+
+For a skill with missing requirements:
+
+```
+summarize x Missing requirements
+
+  Summarize URLs and files using the summarize CLI.
+
+  Source        bundled
+  Path          /opt/openclaw/skills/summarize/SKILL.md
+
+  Capabilities
+  >_ shell        Run shell commands
+
+  Security
+  Scan          + clean
+
+  Requirements
+  bin           summarize   x missing
+
+  Install options
+  brew          Install summarize (brew install summarize)
+```
+
+For a skill blocked by scanning:
+
+```
+evil-injector x Blocked (security)
+
+  Totally harmless skill.
+
+  Source        openclaw-managed
+  Path          ~/.openclaw/skills/evil-injector/SKILL.md
+
+  Capabilities
+  >_ shell        Run shell commands
+
+  Security
+  Scan          [blocked] prompt injection detected
+```
+
+### `openclaw skills check`
+
+Security-focused overview of all skills.
+
+```bash
+openclaw skills check
+openclaw skills check --json
+```
+
+Shows: total/eligible/disabled/blocked/missing counts, capabilities requested by community skills, runtime policy restrictions, and scan result summary.
+
+Example output:
+
+```
+Skills Status Check
+
+Status                      Count
+Total                       12
+Eligible                    10
+Disabled                    1
+Blocked (allowlist)         0
+Missing requirements        1
+
+Community skill capabilities
+Icon    Capability    #    Skills
+>_      shell         3    git-autopush, deploy-helper, node-runner
+📂      filesystem    2    git-autopush, file-editor
+🌐      network       2    git-autopush, sketch-tool
+
+Scan results
+Result      #
+Clean       11
+Warning     1
+Blocked     0
 ```

docs/concepts/compaction.md

@@ -22,6 +22,7 @@ Compaction **persists** in the session’s JSONL history.
 ## Configuration
 
 Use the `agents.defaults.compaction` setting in your `openclaw.json` to configure compaction behavior (mode, target tokens, etc.).
+Compaction summarization preserves opaque identifiers by default (`identifierPolicy: "strict"`). You can override this with `identifierPolicy: "off"` or provide custom text with `identifierPolicy: "custom"` and `identifierInstructions`.
 
 ## Auto-compaction (default on)
 
@@ -54,6 +55,18 @@ Context window is model-specific. OpenClaw uses the model definition from the co
 
 See [/concepts/session-pruning](/concepts/session-pruning) for pruning details.
 
+## OpenAI server-side compaction
+
+OpenClaw also supports OpenAI Responses server-side compaction hints for
+compatible direct OpenAI models. This is separate from local OpenClaw
+compaction and can run alongside it.
+
+- Local compaction: OpenClaw summarizes and persists into session JSONL.
+- Server-side compaction: OpenAI compacts context on the provider side when
+  `store` + `context_management` are enabled.
+
+See [OpenAI provider](/providers/openai) for model params and overrides.
+
 ## Tips
 
 - Use `/compact` when sessions feel stale or context is bloated.

docs/docs.json

@@ -137,7 +137,7 @@
     },
     {
       "source": "/providers/grammy",
-      "destination": "/channels/grammy"
+      "destination": "/channels/telegram"
     },
     {
       "source": "/providers/imessage",
@@ -365,7 +365,11 @@
     },
     {
       "source": "/grammy",
-      "destination": "/channels/grammy"
+      "destination": "/channels/telegram"
+    },
+    {
+      "source": "/channels/grammy",
+      "destination": "/channels/telegram"
     },
     {
       "source": "/group-messages",
@@ -1271,12 +1275,7 @@
               },
               {
                 "group": "Technical reference",
-                "pages": [
-                  "reference/wizard",
-                  "reference/token-use",
-                  "reference/prompt-caching",
-                  "channels/grammy"
-                ]
+                "pages": ["reference/wizard", "reference/token-use", "reference/prompt-caching"]
               },
               {
                 "group": "Concept internals",

docs/experiments/plans/acp-thread-bound-agents.md

@@ -638,7 +638,7 @@ Add independent ACP dispatch kill switch:
 
 - `/focus <sessionKey>` continues to support ACP targets
 - `/unfocus` keeps current semantics
-- `/session ttl` remains the top level TTL override
+- `/session idle` and `/session max-age` replace the old TTL override
 
 ## Phased rollout
 

docs/gateway/configuration-reference.md

@@ -65,6 +65,30 @@ Use `channels.modelByChannel` to pin specific channel IDs to a model. Values acc
 }
 ```
 
+### Channel defaults and heartbeat
+
+Use `channels.defaults` for shared group-policy and heartbeat behavior across providers:
+
+```json5
+{
+  channels: {
+    defaults: {
+      groupPolicy: "allowlist", // open | allowlist | disabled
+      heartbeat: {
+        showOk: false,
+        showAlerts: true,
+        useIndicator: true,
+      },
+    },
+  },
+}
+```
+
+- `channels.defaults.groupPolicy`: fallback group policy when a provider-level `groupPolicy` is unset.
+- `channels.defaults.heartbeat.showOk`: include healthy channel statuses in heartbeat output.
+- `channels.defaults.heartbeat.showAlerts`: include degraded/error statuses in heartbeat output.
+- `channels.defaults.heartbeat.useIndicator`: render compact indicator-style heartbeat output.
+
 ### WhatsApp
 
 WhatsApp runs through the gateway's web channel (Baileys Web). It starts automatically when a linked session exists.
@@ -244,7 +268,8 @@ WhatsApp runs through the gateway's web channel (Baileys Web). It starts automat
       },
       threadBindings: {
         enabled: true,
-        ttlHours: 24,
+        idleHours: 24,
+        maxAgeHours: 0,
         spawnSubagentSessions: false, // opt-in for sessions_spawn({ thread: true })
       },
       voice: {
@@ -279,8 +304,9 @@ WhatsApp runs through the gateway's web channel (Baileys Web). It starts automat
 - Bot-authored messages are ignored by default. `allowBots: true` enables them (own messages still filtered).
 - `maxLinesPerMessage` (default 17) splits tall messages even when under 2000 chars.
 - `channels.discord.threadBindings` controls Discord thread-bound routing:
-  - `enabled`: Discord override for thread-bound session features (`/focus`, `/unfocus`, `/agents`, `/session ttl`, and bound delivery/routing)
-  - `ttlHours`: Discord override for auto-unfocus TTL (`0` disables)
+  - `enabled`: Discord override for thread-bound session features (`/focus`, `/unfocus`, `/agents`, `/session idle`, `/session max-age`, and bound delivery/routing)
+  - `idleHours`: Discord override for inactivity auto-unfocus in hours (`0` disables)
+  - `maxAgeHours`: Discord override for hard max age in hours (`0` disables)
   - `spawnSubagentSessions`: opt-in switch for `sessions_spawn({ thread: true })` auto thread creation/binding
 - `channels.discord.ui.components.accentColor` sets the accent color for Discord components v2 containers.
 - `channels.discord.voice` enables Discord voice channel conversations and optional auto-join + TTS overrides.
@@ -422,12 +448,20 @@ Mattermost ships as a plugin: `openclaw plugins install @openclaw/mattermost`.
 
 Chat modes: `oncall` (respond on @-mention, default), `onmessage` (every message), `onchar` (messages starting with trigger prefix).
 
+- `channels.mattermost.configWrites`: allow or deny Mattermost-initiated config writes.
+- `channels.mattermost.requireMention`: require `@mention` before replying in channels.
+
 ### Signal
 
 ```json5
 {
   channels: {
     signal: {
+      enabled: true,
+      account: "+15555550123", // optional account binding
+      dmPolicy: "pairing",
+      allowFrom: ["+15551234567", "uuid:123e4567-e89b-12d3-a456-426614174000"],
+      configWrites: true,
       reactionNotifications: "own", // off | own | all | allowlist
       reactionAllowlist: ["+15551234567", "uuid:123e4567-e89b-12d3-a456-426614174000"],
       historyLimit: 50,
@@ -438,6 +472,29 @@ Chat modes: `oncall` (respond on @-mention, default), `onmessage` (every message
 
 **Reaction notification modes:** `off`, `own` (default), `all`, `allowlist` (from `reactionAllowlist`).
 
+- `channels.signal.account`: pin channel startup to a specific Signal account identity.
+- `channels.signal.configWrites`: allow or deny Signal-initiated config writes.
+
+### BlueBubbles
+
+BlueBubbles is the recommended iMessage path (plugin-backed, configured under `channels.bluebubbles`).
+
+```json5
+{
+  channels: {
+    bluebubbles: {
+      enabled: true,
+      dmPolicy: "pairing",
+      // serverUrl, password, webhookPath, group controls, and advanced actions:
+      // see /channels/bluebubbles
+    },
+  },
+}
+```
+
+- Core key paths covered here: `channels.bluebubbles`, `channels.bluebubbles.dmPolicy`.
+- Full BlueBubbles channel configuration is documented in [BlueBubbles](/channels/bluebubbles).
+
 ### iMessage
 
 OpenClaw spawns `imsg rpc` (JSON-RPC over stdio). No daemon or port required.
@@ -469,6 +526,7 @@ OpenClaw spawns `imsg rpc` (JSON-RPC over stdio). No daemon or port required.
 - `cliPath` can point to an SSH wrapper; set `remoteHost` (`host` or `user@host`) for SCP attachment fetching.
 - `attachmentRoots` and `remoteAttachmentRoots` restrict inbound attachment paths (default: `/Users/*/Library/Messages/Attachments`).
 - SCP uses strict host-key checking, so ensure the relay host key already exists in `~/.ssh/known_hosts`.
+- `channels.imessage.configWrites`: allow or deny iMessage-initiated config writes.
 
 <Accordion title="iMessage SSH wrapper example">
 
@@ -479,6 +537,52 @@ exec ssh -T gateway-host imsg "$@"
 
 </Accordion>
 
+### Microsoft Teams
+
+Microsoft Teams is extension-backed and configured under `channels.msteams`.
+
+```json5
+{
+  channels: {
+    msteams: {
+      enabled: true,
+      configWrites: true,
+      // appId, appPassword, tenantId, webhook, team/channel policies:
+      // see /channels/msteams
+    },
+  },
+}
+```
+
+- Core key paths covered here: `channels.msteams`, `channels.msteams.configWrites`.
+- Full Teams config (credentials, webhook, DM/group policy, per-team/per-channel overrides) is documented in [Microsoft Teams](/channels/msteams).
+
+### IRC
+
+IRC is extension-backed and configured under `channels.irc`.
+
+```json5
+{
+  channels: {
+    irc: {
+      enabled: true,
+      dmPolicy: "pairing",
+      configWrites: true,
+      nickserv: {
+        enabled: true,
+        service: "NickServ",
+        password: "${IRC_NICKSERV_PASSWORD}",
+        register: false,
+        registerEmail: "bot@example.com",
+      },
+    },
+  },
+}
+```
+
+- Core key paths covered here: `channels.irc`, `channels.irc.dmPolicy`, `channels.irc.configWrites`, `channels.irc.nickserv.*`.
+- Full IRC channel configuration (host/port/TLS/channels/allowlists/mention gating) is documented in [IRC](/channels/irc).
+
 ### Multi-account (all channels)
 
 Run multiple accounts per channel (each with its own `accountId`):
@@ -510,6 +614,11 @@ Run multiple accounts per channel (each with its own `accountId`):
 - Existing channel-only bindings (no `accountId`) keep matching the default account; account-scoped bindings remain optional.
 - `openclaw doctor --fix` also repairs mixed shapes by moving account-scoped top-level single-account values into `accounts.default` when named accounts exist but `default` is missing.
 
+### Other extension channels
+
+Many extension channels are configured as `channels.<id>` and documented in their dedicated channel pages (for example Feishu, Matrix, LINE, Nostr, Zalo, Nextcloud Talk, Synology Chat, and Twitch).
+See the full channel index: [Channels](/channels).
+
 ### Group chat mention gating
 
 Group messages default to **require mention** (metadata mention or regex patterns). Applies to WhatsApp, Telegram, Discord, Google Chat, and iMessage group chats.
@@ -830,6 +939,8 @@ Periodic heartbeat runs.
       compaction: {
         mode: "safeguard", // default | safeguard
         reserveTokensFloor: 24000,
+        identifierPolicy: "strict", // strict | off | custom
+        identifierInstructions: "Preserve deployment IDs, ticket IDs, and host:port pairs exactly.", // used when identifierPolicy=custom
         memoryFlush: {
           enabled: true,
           softThresholdTokens: 6000,
@@ -843,6 +954,8 @@ Periodic heartbeat runs.
 ```
 
 - `mode`: `default` or `safeguard` (chunked summarization for long histories). See [Compaction](/concepts/compaction).
+- `identifierPolicy`: `strict` (default), `off`, or `custom`. `strict` prepends built-in opaque identifier retention guidance during compaction summarization.
+- `identifierInstructions`: optional custom identifier-preservation text used when `identifierPolicy=custom`.
 - `memoryFlush`: silent agentic turn before auto-compaction to store durable memories. Skipped when workspace is read-only.
 
 ### `agents.defaults.contextPruning`
@@ -1267,7 +1380,8 @@ See [Multi-Agent Sandbox & Tools](/tools/multi-agent-sandbox-tools) for preceden
     },
     threadBindings: {
       enabled: true,
-      ttlHours: 24, // default auto-unfocus TTL for thread-bound sessions (0 disables)
+      idleHours: 24, // default inactivity auto-unfocus in hours (`0` disables)
+      maxAgeHours: 0, // default hard max age in hours (`0` disables)
     },
     mainKey: "main", // legacy (runtime always uses "main")
     agentToAgent: { maxPingPongTurns: 5 },
@@ -1304,7 +1418,8 @@ See [Multi-Agent Sandbox & Tools](/tools/multi-agent-sandbox-tools) for preceden
   - `highWaterBytes`: optional target after budget cleanup. Defaults to `80%` of `maxDiskBytes`.
 - **`threadBindings`**: global defaults for thread-bound session features.
   - `enabled`: master default switch (providers can override; Discord uses `channels.discord.threadBindings.enabled`)
-  - `ttlHours`: default auto-unfocus TTL in hours (`0` disables; providers can override)
+  - `idleHours`: default inactivity auto-unfocus in hours (`0` disables; providers can override)
+  - `maxAgeHours`: default hard max age in hours (`0` disables; providers can override)
 
 </Accordion>
 
@@ -1750,6 +1865,25 @@ OpenClaw uses the pi-coding-agent model catalog. Add custom providers via `model
   - Empty or missing agent `apiKey`/`baseUrl` fall back to `models.providers` in config.
   - Use `models.mode: "replace"` when you want config to fully rewrite `models.json`.
 
+### Provider field details
+
+- `models.mode`: provider catalog behavior (`merge` or `replace`).
+- `models.providers`: custom provider map keyed by provider id.
+- `models.providers.*.api`: request adapter (`openai-completions`, `openai-responses`, `anthropic-messages`, `google-generative-ai`, etc).
+- `models.providers.*.apiKey`: provider credential (prefer SecretRef/env substitution).
+- `models.providers.*.auth`: auth strategy (`api-key`, `token`, `oauth`, `aws-sdk`).
+- `models.providers.*.authHeader`: force credential transport in the `Authorization` header when required.
+- `models.providers.*.baseUrl`: upstream API base URL.
+- `models.providers.*.headers`: extra static headers for proxy/tenant routing.
+- `models.providers.*.models`: explicit provider model catalog entries.
+- `models.bedrockDiscovery`: Bedrock auto-discovery settings root.
+- `models.bedrockDiscovery.enabled`: turn discovery polling on/off.
+- `models.bedrockDiscovery.region`: AWS region for discovery.
+- `models.bedrockDiscovery.providerFilter`: optional provider-id filter for targeted discovery.
+- `models.bedrockDiscovery.refreshInterval`: polling interval for discovery refresh.
+- `models.bedrockDiscovery.defaultContextWindow`: fallback context window for discovered models.
+- `models.bedrockDiscovery.defaultMaxTokens`: fallback max output tokens for discovered models.
+
 ### Provider examples
 
 <Accordion title="Cerebras (GLM 4.6 / 4.7)">
@@ -2027,6 +2161,13 @@ See [Local Models](/gateway/local-models). TL;DR: run MiniMax M2.1 via LM Studio
 - Loaded from `~/.openclaw/extensions`, `<workspace>/.openclaw/extensions`, plus `plugins.load.paths`.
 - **Config changes require a gateway restart.**
 - `allow`: optional allowlist (only listed plugins load). `deny` wins.
+- `plugins.entries.<id>.apiKey`: plugin-level API key convenience field (when supported by the plugin).
+- `plugins.entries.<id>.env`: plugin-scoped env var map.
+- `plugins.entries.<id>.config`: plugin-defined config object (validated by plugin schema).
+- `plugins.slots.memory`: pick the active memory plugin id, or `"none"` to disable memory plugins.
+- `plugins.installs`: CLI-managed install metadata used by `openclaw plugins update`.
+  - Includes `source`, `spec`, `sourcePath`, `installPath`, `version`, `resolvedName`, `resolvedVersion`, `resolvedSpec`, `integrity`, `shasum`, `resolvedAt`, `installedAt`.
+  - Treat `plugins.installs.*` as managed state; prefer CLI commands over manual edits.
 
 See [Plugins](/tools/plugin).
 
@@ -2149,11 +2290,11 @@ See [Plugins](/tools/plugin).
 - `port`: single multiplexed port for WS + HTTP. Precedence: `--port` > `OPENCLAW_GATEWAY_PORT` > `gateway.port` > `18789`.
 - `bind`: `auto`, `loopback` (default), `lan` (`0.0.0.0`), `tailnet` (Tailscale IP only), or `custom`.
 - **Auth**: required by default. Non-loopback binds require a shared token/password. Onboarding wizard generates a token by default.
-- `auth.mode: "none"`: explicit no-auth mode. Use only for trusted local loopback setups; this is intentionally not offered by onboarding prompts.
-- `auth.mode: "trusted-proxy"`: delegate auth to an identity-aware reverse proxy and trust identity headers from `gateway.trustedProxies` (see [Trusted Proxy Auth](/gateway/trusted-proxy-auth)).
-- `auth.allowTailscale`: when `true`, Tailscale Serve identity headers can satisfy Control UI/WebSocket auth (verified via `tailscale whois`); HTTP API endpoints still require token/password auth. This tokenless flow assumes the gateway host is trusted. Defaults to `true` when `tailscale.mode = "serve"`.
-- `auth.rateLimit`: optional failed-auth limiter. Applies per client IP and per auth scope (shared-secret and device-token are tracked independently). Blocked attempts return `429` + `Retry-After`.
-  - `auth.rateLimit.exemptLoopback` defaults to `true`; set `false` when you intentionally want localhost traffic rate-limited too (for test setups or strict proxy deployments).
+- `gateway.auth.mode: "none"`: explicit no-auth mode. Use only for trusted local loopback setups; this is intentionally not offered by onboarding prompts.
+- `gateway.auth.mode: "trusted-proxy"`: delegate auth to an identity-aware reverse proxy and trust identity headers from `gateway.trustedProxies` (see [Trusted Proxy Auth](/gateway/trusted-proxy-auth)).
+- `gateway.auth.allowTailscale`: when `true`, Tailscale Serve identity headers can satisfy Control UI/WebSocket auth (verified via `tailscale whois`); HTTP API endpoints still require token/password auth. This tokenless flow assumes the gateway host is trusted. Defaults to `true` when `tailscale.mode = "serve"`.
+- `gateway.auth.rateLimit`: optional failed-auth limiter. Applies per client IP and per auth scope (shared-secret and device-token are tracked independently). Blocked attempts return `429` + `Retry-After`.
+  - `gateway.auth.rateLimit.exemptLoopback` defaults to `true`; set `false` when you intentionally want localhost traffic rate-limited too (for test setups or strict proxy deployments).
 - Browser-origin WS auth attempts are always throttled with loopback exemption disabled (defense-in-depth against browser-based localhost brute force).
 - `tailscale.mode`: `serve` (tailnet only, loopback bind) or `funnel` (public, requires auth).
 - `controlUi.allowedOrigins`: explicit browser-origin allowlist for Gateway WebSocket connects. Required when browser clients are expected from non-loopback origins.
@@ -2599,7 +2740,7 @@ See [Cron Jobs](/automation/cron-jobs).
 
 ## Media model template variables
 
-Template placeholders expanded in `tools.media.*.models[].args`:
+Template placeholders expanded in `tools.media.models[].args`:
 
 | Variable           | Description                                       |
 | ------------------ | ------------------------------------------------- |

docs/gateway/configuration.md

@@ -184,7 +184,8 @@ When validation fails:
         dmScope: "per-channel-peer",  // recommended for multi-user
         threadBindings: {
           enabled: true,
-          ttlHours: 24,
+          idleHours: 24,
+          maxAgeHours: 0,
         },
         reset: {
           mode: "daily",
@@ -196,7 +197,7 @@ When validation fails:
     ```
 
     - `dmScope`: `main` (shared) | `per-peer` | `per-channel-peer` | `per-account-channel-peer`
-    - `threadBindings`: global defaults for thread-bound session routing (Discord supports `/focus`, `/unfocus`, `/agents`, and `/session ttl`).
+    - `threadBindings`: global defaults for thread-bound session routing (Discord supports `/focus`, `/unfocus`, `/agents`, `/session idle`, and `/session max-age`).
     - See [Session Management](/concepts/session) for scoping, identity links, and send policy.
     - See [full reference](/gateway/configuration-reference#session) for all fields.
 

docs/gateway/protocol.md

@@ -215,6 +215,28 @@ The Gateway treats these as **claims** and enforces server-side allowlists.
   Control UI can omit it **only** when `gateway.controlUi.dangerouslyDisableDeviceAuth`
   is enabled for break-glass use.
 - All connections must sign the server-provided `connect.challenge` nonce.
+
+### Device auth migration diagnostics
+
+For legacy clients that still use pre-challenge signing behavior, `connect` now returns
+`DEVICE_AUTH_*` detail codes under `error.details.code` with a stable `error.details.reason`.
+
+Common migration failures:
+
+| Message                     | details.code                     | details.reason           | Meaning                                            |
+| --------------------------- | -------------------------------- | ------------------------ | -------------------------------------------------- |
+| `device nonce required`     | `DEVICE_AUTH_NONCE_REQUIRED`     | `device-nonce-missing`   | Client omitted `device.nonce` (or sent blank).     |
+| `device nonce mismatch`     | `DEVICE_AUTH_NONCE_MISMATCH`     | `device-nonce-mismatch`  | Client signed with a stale/wrong nonce.            |
+| `device signature invalid`  | `DEVICE_AUTH_SIGNATURE_INVALID`  | `device-signature`       | Signature payload does not match v2 payload.       |
+| `device signature expired`  | `DEVICE_AUTH_SIGNATURE_EXPIRED`  | `device-signature-stale` | Signed timestamp is outside allowed skew.          |
+| `device identity mismatch`  | `DEVICE_AUTH_DEVICE_ID_MISMATCH` | `device-id-mismatch`     | `device.id` does not match public key fingerprint. |
+| `device public key invalid` | `DEVICE_AUTH_PUBLIC_KEY_INVALID` | `device-public-key`      | Public key format/canonicalization failed.         |
+
+Migration target:
+
+- Always wait for `connect.challenge`.
+- Sign the v2 payload that includes the server nonce.
+- Send the same nonce in `connect.params.device.nonce`.
 - Preferred signature payload is `v3`, which binds `platform` and `deviceFamily`
   in addition to device/client/role/scopes/token/nonce fields.
 - Legacy `v2` signatures remain accepted for compatibility, but paired-device

docs/gateway/security/index.md

@@ -373,6 +373,14 @@ OpenClaw can refresh the skills list mid-session:
 - **Skills watcher**: changes to `SKILL.md` can update the skills snapshot on the next agent turn.
 - **Remote nodes**: connecting a macOS node can make macOS-only skills eligible (based on bin probing).
 
+Community skills (installed from ClawHub) are subject to runtime security controls:
+
+- **Capabilities**: skills declare required system access (`shell`, `filesystem`, `network`, `browser`, `sessions`, `messaging`, `scheduling`) in `metadata.openclaw.capabilities`. No capabilities means read-only metadata declaration; capability rollout is staged and currently used for visibility and policy checks.
+- **SKILL.md scanning**: content is scanned for prompt injection patterns, capability inflation, and boundary spoofing before entering the system prompt. Skills with critical findings are blocked from loading.
+- **Trust tiers**: `community` skills are enforced, while `builtin` and local/workspace skills are treated as trusted by default.
+- **Command dispatch gating**: community skills using `command-dispatch: tool` cannot dispatch to dangerous tools without declaring the matching capability.
+- **Audit logging**: security events are tagged with `category: "security"` and include session context.
+
 Treat skill folders as **trusted code** and restrict who can modify them.
 
 ## The Threat Model
@@ -686,10 +694,10 @@ Set a token so **all** WS clients must authenticate:
 
 Doctor can generate one for you: `openclaw doctor --generate-gateway-token`.
 
-Note: `gateway.remote.token` / `.password` are client credential sources. They
-do **not** protect local WS access by themselves.
-Local call paths can use `gateway.remote.*` as fallback when `gateway.auth.*`
-is unset.
+Note: in local mode, OpenClaw still accepts `gateway.remote.token` /
+`gateway.remote.password` as fallback credentials when `gateway.auth.*` is
+unset. Prefer setting `gateway.auth.token` (or password mode) explicitly so
+auth behavior is clear.
 Optional: pin remote TLS with `gateway.remote.tlsFingerprint` when using `wss://`.
 
 Local device pairing:

docs/gateway/troubleshooting.md

@@ -80,9 +80,27 @@ Look for:
 Common signatures:
 
 - `device identity required` → non-secure context or missing device auth.
+- `device nonce required` / `device nonce mismatch` → client is not completing the
+  challenge-based device auth flow (`connect.challenge` + `device.nonce`).
+- `device signature invalid` / `device signature expired` → client signed the wrong
+  payload (or stale timestamp) for the current handshake.
 - `unauthorized` / reconnect loop → token/password mismatch.
 - `gateway connect failed:` → wrong host/port/url target.
 
+Device auth v2 migration check:
+
+```bash
+openclaw --version
+openclaw doctor
+openclaw gateway status
+```
+
+If logs show nonce/signature errors, update the connecting client and verify it:
+
+1. waits for `connect.challenge`
+2. signs the challenge-bound payload
+3. sends `connect.params.device.nonce` with the same challenge nonce
+
 Related:
 
 - [/web/control-ui](/web/control-ui)

docs/help/faq.md

@@ -1050,13 +1050,13 @@ Basic flow:
 - Spawn with `sessions_spawn` using `thread: true` (and optionally `mode: "session"` for persistent follow-up).
 - Or manually bind with `/focus <target>`.
 - Use `/agents` to inspect binding state.
-- Use `/session ttl <duration|off>` to control auto-unfocus.
+- Use `/session idle <duration|off>` and `/session max-age <duration|off>` to control auto-unfocus.
 - Use `/unfocus` to detach the thread.
 
 Required config:
 
-- Global defaults: `session.threadBindings.enabled`, `session.threadBindings.ttlHours`.
-- Discord overrides: `channels.discord.threadBindings.enabled`, `channels.discord.threadBindings.ttlHours`.
+- Global defaults: `session.threadBindings.enabled`, `session.threadBindings.idleHours`, `session.threadBindings.maxAgeHours`.
+- Discord overrides: `channels.discord.threadBindings.enabled`, `channels.discord.threadBindings.idleHours`, `channels.discord.threadBindings.maxAgeHours`.
 - Auto-bind on spawn: set `channels.discord.threadBindings.spawnSubagentSessions: true`.
 
 Docs: [Sub-agents](/tools/subagents), [Discord](/channels/discord), [Configuration Reference](/gateway/configuration-reference), [Slash commands](/tools/slash-commands).

docs/help/testing.md

@@ -101,6 +101,23 @@ Use this decision table:
 - Touching gateway networking / WS protocol / pairing: add `pnpm test:e2e`
 - Debugging “my bot is down” / provider-specific failures / tool calling: run a narrowed `pnpm test:live`
 
+## Live: Android node capability sweep
+
+- Test: `src/gateway/android-node.capabilities.live.test.ts`
+- Script: `pnpm android:test:integration`
+- Goal: invoke **every command currently advertised** by a connected Android node and assert command contract behavior.
+- Scope:
+  - Preconditioned/manual setup (the suite does not install/run/pair the app).
+  - Command-by-command gateway `node.invoke` validation for the selected Android node.
+- Required pre-setup:
+  - Android app already connected + paired to the gateway.
+  - App kept in foreground.
+  - Permissions/capture consent granted for capabilities you expect to pass.
+- Optional target overrides:
+  - `OPENCLAW_ANDROID_NODE_ID` or `OPENCLAW_ANDROID_NODE_NAME`.
+  - `OPENCLAW_ANDROID_GATEWAY_URL` / `OPENCLAW_ANDROID_GATEWAY_TOKEN` / `OPENCLAW_ANDROID_GATEWAY_PASSWORD`.
+- Full Android setup details: [Android App](/platforms/android)
+
 ## Live: model smoke (profile keys)
 
 Live tests are split into two layers so we can isolate failures:

docs/nodes/camera.md

@@ -100,6 +100,12 @@ If permissions are missing, the app will prompt when possible; if denied, `camer
 
 Like `canvas.*`, the Android node only allows `camera.*` commands in the **foreground**. Background invocations return `NODE_BACKGROUND_UNAVAILABLE`.
 
+### Android commands (via Gateway `node.invoke`)
+
+- `camera.list`
+  - Response payload:
+    - `devices`: array of `{ id, name, position, deviceType }`
+
 ### Payload guard
 
 Photos are recompressed to keep the base64 payload under 5 MB.

docs/platforms/mac/release.md

@@ -34,17 +34,17 @@ Notes:
 # From repo root; set release IDs so Sparkle feed is enabled.
 # APP_BUILD must be numeric + monotonic for Sparkle compare.
 BUNDLE_ID=ai.openclaw.mac \
-APP_VERSION=2026.2.26 \
+APP_VERSION=2026.2.27 \
 APP_BUILD="$(git rev-list --count HEAD)" \
 BUILD_CONFIG=release \
 SIGN_IDENTITY="Developer ID Application: <Developer Name> (<TEAMID>)" \
 scripts/package-mac-app.sh
 
 # Zip for distribution (includes resource forks for Sparkle delta support)
-ditto -c -k --sequesterRsrc --keepParent dist/OpenClaw.app dist/OpenClaw-2026.2.26.zip
+ditto -c -k --sequesterRsrc --keepParent dist/OpenClaw.app dist/OpenClaw-2026.2.27.zip
 
 # Optional: also build a styled DMG for humans (drag to /Applications)
-scripts/create-dmg.sh dist/OpenClaw.app dist/OpenClaw-2026.2.26.dmg
+scripts/create-dmg.sh dist/OpenClaw.app dist/OpenClaw-2026.2.27.dmg
 
 # Recommended: build + notarize/staple zip + DMG
 # First, create a keychain profile once:
@@ -52,14 +52,14 @@ scripts/create-dmg.sh dist/OpenClaw.app dist/OpenClaw-2026.2.26.dmg
 #     --apple-id "<apple-id>" --team-id "<team-id>" --password "<app-specific-password>"
 NOTARIZE=1 NOTARYTOOL_PROFILE=openclaw-notary \
 BUNDLE_ID=ai.openclaw.mac \
-APP_VERSION=2026.2.26 \
+APP_VERSION=2026.2.27 \
 APP_BUILD="$(git rev-list --count HEAD)" \
 BUILD_CONFIG=release \
 SIGN_IDENTITY="Developer ID Application: <Developer Name> (<TEAMID>)" \
 scripts/package-mac-dist.sh
 
 # Optional: ship dSYM alongside the release
-ditto -c -k --keepParent apps/macos/.build/release/OpenClaw.app.dSYM dist/OpenClaw-2026.2.26.dSYM.zip
+ditto -c -k --keepParent apps/macos/.build/release/OpenClaw.app.dSYM dist/OpenClaw-2026.2.27.dSYM.zip
 ```
 
 ## Appcast entry
@@ -67,7 +67,7 @@ ditto -c -k --keepParent apps/macos/.build/release/OpenClaw.app.dSYM dist/OpenCl
 Use the release note generator so Sparkle renders formatted HTML notes:
 
 ```bash
-SPARKLE_PRIVATE_KEY_FILE=/path/to/ed25519-private-key scripts/make_appcast.sh dist/OpenClaw-2026.2.26.zip https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml
+SPARKLE_PRIVATE_KEY_FILE=/path/to/ed25519-private-key scripts/make_appcast.sh dist/OpenClaw-2026.2.27.zip https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml
 ```
 
 Generates HTML release notes from `CHANGELOG.md` (via [`scripts/changelog-to-html.sh`](https://github.com/openclaw/openclaw/blob/main/scripts/changelog-to-html.sh)) and embeds them in the appcast entry.
@@ -75,7 +75,7 @@ Commit the updated `appcast.xml` alongside the release assets (zip + dSYM) when
 
 ## Publish & verify
 
-- Upload `OpenClaw-2026.2.26.zip` (and `OpenClaw-2026.2.26.dSYM.zip`) to the GitHub release for tag `v2026.2.26`.
+- Upload `OpenClaw-2026.2.27.zip` (and `OpenClaw-2026.2.27.dSYM.zip`) to the GitHub release for tag `v2026.2.27`.
 - Ensure the raw appcast URL matches the baked feed: `https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml`.
 - Sanity checks:
   - `curl -I https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml` returns 200.

docs/providers/openai.md

@@ -83,6 +83,80 @@ OpenClaw uses `pi-ai` for model streaming. For `openai-codex/*` models you can s
 }
 ```
 
+### OpenAI Responses server-side compaction
+
+For direct OpenAI Responses models (`openai/*` using `api: "openai-responses"` with
+`baseUrl` on `api.openai.com`), OpenClaw now auto-enables OpenAI server-side
+compaction payload hints:
+
+- Forces `store: true` (unless model compat sets `supportsStore: false`)
+- Injects `context_management: [{ type: "compaction", compact_threshold: ... }]`
+
+By default, `compact_threshold` is `70%` of model `contextWindow` (or `80000`
+when unavailable).
+
+### Enable server-side compaction explicitly
+
+Use this when you want to force `context_management` injection on compatible
+Responses models (for example Azure OpenAI Responses):
+
+```json5
+{
+  agents: {
+    defaults: {
+      models: {
+        "azure-openai-responses/gpt-4o": {
+          params: {
+            responsesServerCompaction: true,
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+### Enable with a custom threshold
+
+```json5
+{
+  agents: {
+    defaults: {
+      models: {
+        "openai/gpt-5": {
+          params: {
+            responsesServerCompaction: true,
+            responsesCompactThreshold: 120000,
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+### Disable server-side compaction
+
+```json5
+{
+  agents: {
+    defaults: {
+      models: {
+        "openai/gpt-5": {
+          params: {
+            responsesServerCompaction: false,
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+`responsesServerCompaction` only controls `context_management` injection.
+Direct OpenAI Responses models still force `store: true` unless compat sets
+`supportsStore: false`.
+
 ## Notes
 
 - Model refs always use `provider/model` (see [/concepts/models](/concepts/models)).

docs/start/hubs.md

@@ -73,7 +73,6 @@ Use these hubs to discover every page, including deep dives and reference docs t
 - [Model providers hub](/providers/models)
 - [WhatsApp](/channels/whatsapp)
 - [Telegram](/channels/telegram)
-- [Telegram (grammY notes)](/channels/grammy)
 - [Slack](/channels/slack)
 - [Discord](/channels/discord)
 - [Mattermost](/channels/mattermost) (plugin)

docs/tools/acp-agents.md

@@ -68,7 +68,7 @@ When thread bindings are enabled for a channel adapter, ACP sessions can be boun
 - OpenClaw binds a thread to a target ACP session.
 - Follow-up messages in that thread route to the bound ACP session.
 - ACP output is delivered back to the same thread.
-- Unfocus/close/archive/TTL expiry removes the binding.
+- Unfocus/close/archive/idle-timeout or max-age expiry removes the binding.
 
 Thread binding support is adapter-specific. If the active channel adapter does not support thread bindings, OpenClaw returns a clear unsupported/unavailable message.
 
@@ -272,7 +272,8 @@ Thread binding config is channel-adapter specific. Example for Discord:
   session: {
     threadBindings: {
       enabled: true,
-      ttlHours: 24,
+      idleHours: 24,
+      maxAgeHours: 0,
     },
   },
   channels: {

docs/tools/clawhub.md

@@ -11,7 +11,7 @@ title: "ClawHub"
 
 ClawHub is the **public skill registry for OpenClaw**. It is a free service: all skills are public, open, and visible to everyone for sharing and reuse. A skill is just a folder with a `SKILL.md` file (plus supporting text files). You can browse skills in the web app or use the CLI to search, install, update, and publish skills.
 
-Site: [clawhub.ai](https://clawhub.ai)
+Site: [clawhub.com](https://clawhub.com)
 
 ## What ClawHub is
 
@@ -81,9 +81,15 @@ A typical skill includes:
 
 - A `SKILL.md` file with the primary description and usage.
 - Optional configs, scripts, or supporting files used by the skill.
-- Metadata such as tags, summary, and install requirements.
+- Metadata such as tags, summary, install requirements, and capabilities.
+
+ClawHub uses metadata to power discovery and display skill capabilities.
+Skills declare what system access they need via `capabilities` in frontmatter
+(e.g., `shell`, `filesystem`, `network`). OpenClaw enforces these at runtime —
+community skills that use tools without declaring the matching capability are
+blocked. See [Skills](/tools/skills#gating-load-time-filters) for the
+full capability reference.
 
-ClawHub uses metadata to power discovery and safely expose skill capabilities.
 The registry also tracks usage signals (such as stars and downloads) to improve
 ranking and visibility.
 
@@ -103,7 +109,17 @@ ClawHub is open by default. Anyone can upload skills, but a GitHub account must
 be at least one week old to publish. This helps slow down abuse without blocking
 legitimate contributors.
 
-Reporting and moderation:
+### Capabilities and enforcement
+
+Skills declare `capabilities` in their SKILL.md frontmatter to describe what
+system access they need. ClawHub displays these to users before install.
+OpenClaw uses these declarations for visibility and policy checks as capability
+enforcement rolls out in stages. Skills with no capabilities are treated as
+read-only metadata declarations.
+
+Available capabilities: `shell`, `filesystem`, `network`, `browser`, `sessions`, `messaging`, `scheduling`.
+
+### Reporting and moderation
 
 - Any signed in user can report a skill.
 - Report reasons are required and recorded.

docs/tools/creating-skills.md

@@ -39,11 +39,47 @@ description: A simple skill that says hello.
 When the user asks for a greeting, use the `echo` tool to say "Hello from your custom skill!".
 ```
 
-### 3. Add Tools (Optional)
+### 3. Declare Capabilities
+
+If your skill uses system tools, declare them in the `metadata.openclaw.capabilities` field:
+
+```markdown
+---
+name: deploy_helper
+description: Automate deployment workflows.
+metadata: { "openclaw": { "capabilities": ["shell", "filesystem"] } }
+---
+```
+
+Available capabilities: `shell`, `filesystem`, `network`, `browser`, `sessions`, `messaging`, `scheduling`.
+
+You can use either a flat list or a 2-layer object shape under the same key:
+
+```markdown
+---
+name: deploy_helper
+description: Automate deployment workflows.
+metadata:
+  {
+    "openclaw":
+      {
+        "capabilities":
+          {
+            "shell": { "mode": "restricted", "allow": ["git", "gh"] },
+            "network": { "web_search": true, "web_fetch": true },
+          },
+      },
+  }
+---
+```
+
+Skills without capabilities are treated as read-only (model-only instructions). Community skills published to ClawHub should declare capabilities matching their tool usage so policy checks and command-dispatch safety can be applied consistently.
+
+### 4. Add Tools (Optional)
 
 You can define custom tools in the frontmatter or instruct the agent to use existing system tools (like `bash` or `browser`).
 
-### 4. Refresh OpenClaw
+### 5. Refresh OpenClaw
 
 Ask your agent to "refresh skills" or restart the gateway. OpenClaw will discover the new directory and index the `SKILL.md`.
 

docs/tools/index.md

@@ -354,8 +354,9 @@ Core actions:
 - `pending`, `approve`, `reject` (pairing)
 - `notify` (macOS `system.notify`)
 - `run` (macOS `system.run`)
-- `camera_snap`, `camera_clip`, `screen_record`
-- `location_get`
+- `camera_list`, `camera_snap`, `camera_clip`, `screen_record`
+- `location_get`, `notifications_list`, `notifications_action`
+- `device_status`, `device_info`, `device_permissions`, `device_health`
 
 Notes:
 

docs/tools/skills.md

@@ -68,12 +68,202 @@ that up as `<workspace>/skills` on the next session.
 
 ## Security notes
 
-- Treat third-party skills as **untrusted code**. Read them before enabling.
+- Treat third-party skills as **untrusted** until you have reviewed them. Runtime safeguards reduce blast radius but do not eliminate risk — read a skill's SKILL.md and declared capabilities before enabling it.
+- **Capabilities**: Community skills (from ClawHub) should declare `capabilities` in `metadata.openclaw` to describe required system access. Skills without capabilities are treated as read-only metadata declarations. SKILL.md content is scanned for prompt injection before entering the system prompt.
+- **Current rollout scope**: capability declarations are used for visibility, review, and command-dispatch safety checks in this phase. Broader runtime per-tool capability gating is being rolled out in stages.
+- Local and workspace skills are treated as trusted by default. If someone can write to your skill folders, they can inject instructions into the system prompt — restrict who can modify them.
 - Prefer sandboxed runs for untrusted inputs and risky tools. See [Sandboxing](/gateway/sandboxing).
 - `skills.entries.*.env` and `skills.entries.*.apiKey` inject secrets into the **host** process
   for that agent turn (not the sandbox). Keep secrets out of prompts and logs.
 - For a broader threat model and checklists, see [Security](/gateway/security).
 
+### Tool enforcement matrix
+
+Capability declarations map to three policy tiers below. This matrix is the enforcement model and migration target for staged rollout.
+
+**Always denied** — blocked unconditionally when community skills are loaded, regardless of capability declarations:
+
+| Tool      | Reason                                                          |
+| --------- | --------------------------------------------------------------- |
+| `gateway` | Control-plane reconfiguration (restart, shutdown, auth changes) |
+| `nodes`   | Cluster node management (add/remove compute, redirect traffic)  |
+
+**Capability-gated** — tools intended to be governed by capability declarations in `metadata.openclaw.capabilities`:
+
+| Capability   | Tools                                          | What it unlocks                           |
+| ------------ | ---------------------------------------------- | ----------------------------------------- |
+| `shell`      | `exec`, `process`                              | Run shell commands and manage processes   |
+| `filesystem` | `write`, `edit`, `apply_patch`                 | File mutations (`read` is always allowed) |
+| `network`    | `web_fetch`, `web_search`                      | Outbound HTTP requests                    |
+| `browser`    | `browser`                                      | Browser automation                        |
+| `sessions`   | `sessions_spawn`, `sessions_send`, `subagents` | Cross-session orchestration               |
+| `messaging`  | `message`                                      | Send messages to configured channels      |
+| `scheduling` | `cron`                                         | Schedule recurring jobs                   |
+
+**Always allowed** — safe read-only or output-only tools, no capability required:
+
+| Tool                                                  | Why safe                          |
+| ----------------------------------------------------- | --------------------------------- |
+| `read`                                                | Read-only file access             |
+| `memory_search`, `memory_get`                         | Read-only memory access           |
+| `agents_list`                                         | List agents (read-only)           |
+| `sessions_list`, `sessions_history`, `session_status` | Session introspection (read-only) |
+| `canvas`                                              | UI rendering (output-only)        |
+| `image`                                               | Image generation (output-only)    |
+| `tts`                                                 | Text-to-speech (output-only)      |
+
+A community skill with no capabilities declared gets access only to the always-allowed tier.
+
+### Example: correct capability declaration
+
+This skill runs shell commands and makes HTTP requests. It declares both capabilities, so operators and tooling can clearly see intended access:
+
+```markdown
+---
+name: git-autopush
+description: Automate git commit, push, and PR workflows.
+metadata:
+  { "openclaw": { "capabilities": ["shell", "network"], "requires": { "bins": ["git", "gh"] } } }
+---
+
+# git-autopush
+
+When the user asks to push their changes:
+
+1. Run `git add -A && git commit` via the exec tool.
+2. Run `git push` via the exec tool.
+3. If requested, create a PR using `gh pr create`.
+```
+
+`openclaw skills info git-autopush` shows:
+
+```
+git-autopush + Ready
+
+  Automate git commit, push, and PR workflows.
+
+  Source        openclaw-managed
+  Path          ~/.openclaw/skills/git-autopush/SKILL.md
+
+  Capabilities
+  >_ shell        Run shell commands
+  🌐 network      Make outbound HTTP requests
+
+  Security
+  Scan          + clean
+```
+
+### Example: missing capability declaration
+
+This skill runs shell commands but doesn't declare `shell`:
+
+```markdown
+---
+name: deploy-helper
+description: Deploy to production.
+metadata: { "openclaw": { "requires": { "bins": ["rsync"] } } }
+---
+
+# deploy-helper
+
+When the user asks to deploy, run `rsync -avz ./dist/ user@host:/var/www/` via the exec tool.
+```
+
+This skill has no `capabilities` declared, so it's flagged as incomplete capability metadata. `openclaw skills info deploy-helper` shows:
+
+```
+deploy-helper + Ready
+
+  Deploy to production.
+
+  Source        openclaw-managed
+  Path          ~/.openclaw/skills/deploy-helper/SKILL.md
+
+  Capabilities
+  (none — read-only skill)
+
+  Security
+  Scan          + clean
+```
+
+The fix is to add `"capabilities": ["shell"]` to the metadata.
+
+### Example: blocked skill (failed security scan)
+
+If a SKILL.md contains prompt injection patterns, the scan blocks it from loading entirely:
+
+```
+evil-injector x Blocked (security)
+
+  Totally harmless skill.
+
+  Source        openclaw-managed
+  Path          ~/.openclaw/skills/evil-injector/SKILL.md
+
+  Capabilities
+  >_ shell        Run shell commands
+
+  Security
+  Scan          [blocked] prompt injection detected
+```
+
+This skill never enters the system prompt. It shows as `x blocked` in `openclaw skills list`.
+
+### How the model sees skills
+
+The model does not see the full SKILL.md in the system prompt. It only sees a compact XML listing with three fields per skill: `name`, `description`, and `location` (the file path). The model then uses the `read` tool to load the full SKILL.md on demand when the task matches.
+
+This is what the model receives in the system prompt:
+
+```
+## Skills (mandatory)
+Before replying: scan <available_skills> <description> entries.
+- If exactly one skill clearly applies: read its SKILL.md at <location> with `read`, then follow it.
+- If multiple could apply: choose the most specific one, then read/follow it.
+- If none clearly apply: do not read any SKILL.md.
+Constraints: never read more than one skill up front; only read after selecting.
+
+The following skills provide specialized instructions for specific tasks.
+Use the read tool to load a skill's file when the task matches its description.
+When a skill file references a relative path, resolve it against the skill
+directory (parent of SKILL.md / dirname of the path) and use that absolute
+path in tool commands.
+
+<available_skills>
+  <skill>
+    <name>git-autopush</name>
+    <description>Automate git commit, push, and PR workflows.</description>
+    <location>/home/user/.openclaw/skills/git-autopush/SKILL.md</location>
+  </skill>
+  <skill>
+    <name>todoist-cli</name>
+    <description>Manage Todoist tasks, projects, and labels.</description>
+    <location>/home/user/.openclaw/skills/todoist-cli/SKILL.md</location>
+  </skill>
+</available_skills>
+```
+
+**What this means for skill authors:**
+
+- **`description` is your pitch** — it's the only thing the model reads to decide whether to load your skill. Make it specific and task-oriented. "Manage Todoist tasks, projects, and labels from the command line" is better than "Todoist integration."
+- **`name` must be lowercase `[a-z0-9-]`**, max 64 characters, must match the parent directory name.
+- **`description` max 1024 characters.**
+- **Your SKILL.md body is loaded on demand** — it needs to be self-contained instructions the model can follow after reading.
+- **Relative paths in SKILL.md** are resolved against the skill directory. Use relative paths to reference supporting files.
+
+The `Skill` type from `@mariozechner/pi-coding-agent`:
+
+```typescript
+interface Skill {
+  name: string; // from frontmatter (or parent dir name)
+  description: string; // from frontmatter (required, max 1024 chars)
+  filePath: string; // absolute path to SKILL.md
+  baseDir: string; // parent directory of SKILL.md
+  source: string; // origin identifier
+  disableModelInvocation: boolean; // if true, excluded from prompt
+}
+```
+
 ## Format (AgentSkills + Pi-compatible)
 
 `SKILL.md` must include at least:
@@ -116,6 +306,7 @@ metadata:
       {
         "requires": { "bins": ["uv"], "env": ["GEMINI_API_KEY"], "config": ["browser.enabled"] },
         "primaryEnv": "GEMINI_API_KEY",
+        "capabilities": ["browser", "network"],
       },
   }
 ---
@@ -125,14 +316,82 @@ Fields under `metadata.openclaw`:
 
 - `always: true` — always include the skill (skip other gates).
 - `emoji` — optional emoji used by the macOS Skills UI.
-- `homepage` — optional URL shown as “Website” in the macOS Skills UI.
+- `homepage` — optional URL shown as "Website" in the macOS Skills UI.
 - `os` — optional list of platforms (`darwin`, `linux`, `win32`). If set, the skill is only eligible on those OSes.
+- `capabilities` — list of system access the skill needs. Used for security enforcement and user-facing display. Allowed values:
+  - `shell` — run shell commands (maps to `exec`, `process`)
+  - `filesystem` — read/write/edit files (maps to `write`, `edit`, `apply_patch`; `read` is always allowed)
+  - `network` — outbound HTTP (maps to `web_search`, `web_fetch`)
+  - `browser` — browser automation (maps to `browser`)
+  - `sessions` — cross-session orchestration (maps to `sessions_spawn`, `sessions_send`, `subagents`)
+  - `messaging` — send messages to configured channels (maps to `message`)
+  - `scheduling` — schedule recurring jobs (maps to `cron`)
+
+  No capabilities declared = read-only, model-only skill metadata. See [Tool enforcement matrix](#tool-enforcement-matrix) below and [Security](/gateway/security) for rollout and hardening details.
+
+### Capability shape and normalization
+
+OpenClaw accepts both styles under the same `capabilities` key:
+
+Flat list:
+
+```json
+{
+  "openclaw": {
+    "capabilities": ["shell", "network", "sessions"]
+  }
+}
+```
+
+Two-layer object with optional constraints:
+
+```jsonc
+{
+  "openclaw": {
+    "capabilities": {
+      "shell": { "mode": "restricted", "allow": ["git", "gh"] }, // key/value constraints
+      "network": { "web_search": true, "web_fetch": true }, // granular switches
+      "sessions": { "maxDepth": 2 }, // future-safe metadata
+    },
+  },
+}
+```
+
+Array-of-objects also works:
+
+```json
+{
+  "openclaw": {
+    "capabilities": [
+      { "type": "network.search", "constraints": { "provider": "brave" } },
+      { "name": "shell.exec", "constraints": { "mode": "restricted" } }
+    ]
+  }
+}
+```
+
+Normalization behavior:
+
+- OpenClaw normalizes external naming to canonical values (`shell`, `filesystem`, `network`, `browser`, `sessions`, `messaging`, `scheduling`).
+- Examples:
+  - `web_fetch`, `web_search`, `webfetch` -> `network`
+  - `terminal`, `bash`, `exec` -> `shell`
+  - `subagent`, `sessions_spawn` -> `sessions`
+  - `message` -> `messaging`
+  - `cron`, `schedule` -> `scheduling`
+- Constraints are currently advisory metadata (not enforced by the runtime gate yet). Keep them simple key/value pairs for forward compatibility.
+
 - `requires.bins` — list; each must exist on `PATH`.
 - `requires.anyBins` — list; at least one must exist on `PATH`.
 - `requires.env` — list; env var must exist **or** be provided in config.
 - `requires.config` — list of `openclaw.json` paths that must be truthy.
 - `primaryEnv` — env var name associated with `skills.entries.<name>.apiKey`.
 - `install` — optional array of installer specs used by the macOS Skills UI (brew/node/go/uv/download).
+- `cliHelp` — optional CLI help output captured for richer skill details in registry/UI surfaces.
+- `envVars` — optional structured environment declarations (`name`, `required`, `description`).
+- `dependencies` — optional structured dependency declarations (`name`, `type`, optional version/url/repository).
+- `author` — optional author string for display/attribution.
+- `links` — optional link metadata (`homepage`, `repository`, `documentation`, `changelog`).
 
 Note on sandboxing:
 
@@ -195,7 +454,7 @@ Bundled/managed skills can be toggled and supplied with env values:
     entries: {
       "nano-banana-pro": {
         enabled: true,
-        apiKey: { source: "env", provider: "default", id: "GEMINI_API_KEY" }, // or plaintext string
+        apiKey: "GEMINI_KEY_HERE",
         env: {
           GEMINI_API_KEY: "GEMINI_KEY_HERE",
         },
@@ -221,7 +480,6 @@ Rules:
 - `enabled: false` disables the skill even if it’s bundled/installed.
 - `env`: injected **only if** the variable isn’t already set in the process.
 - `apiKey`: convenience for skills that declare `metadata.openclaw.primaryEnv`.
-  Supports plaintext string or SecretRef object (`{ source, provider, id }`).
 - `config`: optional bag for custom per-skill fields; custom keys must live here.
 - `allowBundled`: optional allowlist for **bundled** skills only. If set, only
   bundled skills in the list are eligible (managed/workspace skills unaffected).

docs/tools/slash-commands.md

@@ -78,7 +78,8 @@ Text + native (when enabled):
 - `/context [list|detail|json]` (explain “context”; `detail` shows per-file + per-tool + per-skill + system prompt size)
 - `/export-session [path]` (alias: `/export`) (export current session to HTML with full system prompt)
 - `/whoami` (show your sender id; alias: `/id`)
-- `/session ttl <duration|off>` (manage session-level settings, such as TTL)
+- `/session idle <duration|off>` (manage inactivity auto-unfocus for focused thread bindings)
+- `/session max-age <duration|off>` (manage hard max-age auto-unfocus for focused thread bindings)
 - `/subagents list|kill|log|info|send|steer|spawn` (inspect, control, or spawn sub-agent runs for the current session)
 - `/acp spawn|cancel|steer|close|status|set-mode|set|cwd|permissions|timeout|model|reset-options|doctor|install|sessions` (inspect and control ACP runtime sessions)
 - `/agents` (list thread-bound agents for this session)
@@ -125,7 +126,7 @@ Notes:
 - `/usage` controls the per-response usage footer; `/usage cost` prints a local cost summary from OpenClaw session logs.
 - `/restart` is enabled by default; set `commands.restart: false` to disable it.
 - Discord-only native command: `/vc join|leave|status` controls voice channels (requires `channels.discord.voice` and native commands; not available as text).
-- Discord thread-binding commands (`/focus`, `/unfocus`, `/agents`, `/session ttl`) require effective thread bindings to be enabled (`session.threadBindings.enabled` and/or `channels.discord.threadBindings.enabled`).
+- Discord thread-binding commands (`/focus`, `/unfocus`, `/agents`, `/session idle`, `/session max-age`) require effective thread bindings to be enabled (`session.threadBindings.enabled` and/or `channels.discord.threadBindings.enabled`).
 - ACP command reference and runtime behavior: [ACP Agents](/tools/acp-agents).
 - `/verbose` is meant for debugging and extra visibility; keep it **off** in normal use.
 - Tool failure summaries are still shown when relevant, but detailed failure text is only included when `/verbose` is `on` or `full`.

docs/tools/subagents.md

@@ -30,7 +30,8 @@ These commands work on channels that support persistent thread bindings. See **T
 - `/focus <subagent-label|session-key|session-id|session-label>`
 - `/unfocus`
 - `/agents`
-- `/session ttl <duration|off>`
+- `/session idle <duration|off>`
+- `/session max-age <duration|off>`
 
 `/subagents info` shows run metadata (status, timestamps, session id, transcript path, cleanup).
 
@@ -95,14 +96,14 @@ When thread bindings are enabled for a channel, a sub-agent can stay bound to a
 
 ### Thread supporting channels
 
-- Discord (currently the only supported channel): supports persistent thread-bound subagent sessions (`sessions_spawn` with `thread: true`), manual thread controls (`/focus`, `/unfocus`, `/agents`, `/session ttl`), and adapter keys `channels.discord.threadBindings.enabled`, `channels.discord.threadBindings.ttlHours`, and `channels.discord.threadBindings.spawnSubagentSessions`.
+- Discord (currently the only supported channel): supports persistent thread-bound subagent sessions (`sessions_spawn` with `thread: true`), manual thread controls (`/focus`, `/unfocus`, `/agents`, `/session idle`, `/session max-age`), and adapter keys `channels.discord.threadBindings.enabled`, `channels.discord.threadBindings.idleHours`, `channels.discord.threadBindings.maxAgeHours`, and `channels.discord.threadBindings.spawnSubagentSessions`.
 
 Quick flow:
 
 1. Spawn with `sessions_spawn` using `thread: true` (and optionally `mode: "session"`).
 2. OpenClaw creates or binds a thread to that session target in the active channel.
 3. Replies and follow-up messages in that thread route to the bound session.
-4. Use `/session ttl` to inspect/update auto-unfocus TTL.
+4. Use `/session idle` to inspect/update inactivity auto-unfocus and `/session max-age` to control the hard cap.
 5. Use `/unfocus` to detach manually.
 
 Manual controls:
@@ -110,11 +111,11 @@ Manual controls:
 - `/focus <target>` binds the current thread (or creates one) to a sub-agent/session target.
 - `/unfocus` removes the binding for the current bound thread.
 - `/agents` lists active runs and binding state (`thread:<id>` or `unbound`).
-- `/session ttl` only works for focused bound threads.
+- `/session idle` and `/session max-age` only work for focused bound threads.
 
 Config switches:
 
-- Global default: `session.threadBindings.enabled`, `session.threadBindings.ttlHours`
+- Global default: `session.threadBindings.enabled`, `session.threadBindings.idleHours`, `session.threadBindings.maxAgeHours`
 - Channel override and spawn auto-bind keys are adapter-specific. See **Thread supporting channels** above.
 
 See [Configuration Reference](/gateway/configuration-reference) and [Slash commands](/tools/slash-commands) for current adapter details.

extensions/acpx/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/acpx",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw ACP runtime backend via acpx",
   "type": "module",
   "dependencies": {

extensions/bluebubbles/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/bluebubbles",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw BlueBubbles channel plugin",
   "type": "module",
   "openclaw": {

extensions/copilot-proxy/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/copilot-proxy",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw Copilot Proxy provider plugin",
   "type": "module",

extensions/diagnostics-otel/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/diagnostics-otel",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw diagnostics OpenTelemetry exporter",
   "type": "module",
   "dependencies": {

extensions/discord/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/discord",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw Discord channel plugin",
   "type": "module",
   "openclaw": {

extensions/feishu/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/feishu",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng)",
   "type": "module",
   "dependencies": {

extensions/google-gemini-cli-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/google-gemini-cli-auth",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw Gemini CLI OAuth provider plugin",
   "type": "module",

extensions/googlechat/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/googlechat",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw Google Chat channel plugin",
   "type": "module",

extensions/imessage/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/imessage",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw iMessage channel plugin",
   "type": "module",

extensions/irc/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/irc",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw IRC channel plugin",
   "type": "module",
   "openclaw": {

extensions/line/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/line",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw LINE channel plugin",
   "type": "module",

extensions/llm-task/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/llm-task",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw JSON-only LLM task plugin",
   "type": "module",

extensions/lobster/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/lobster",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "Lobster workflow tool plugin (typed pipelines + resumable approvals)",
   "type": "module",
   "openclaw": {

extensions/matrix/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.2.27
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.2.26
 
 ### Changes

extensions/matrix/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/matrix",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw Matrix channel plugin",
   "type": "module",
   "dependencies": {

extensions/mattermost/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/mattermost",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw Mattermost channel plugin",
   "type": "module",
   "openclaw": {

extensions/memory-core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/memory-core",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw core memory search plugin",
   "type": "module",

extensions/memory-lancedb/config.ts

@@ -5,8 +5,10 @@ import { join } from "node:path";
 export type MemoryConfig = {
   embedding: {
     provider: "openai";
-    model?: string;
+    model: string;
     apiKey: string;
+    baseUrl?: string;
+    dimensions?: number;
   };
   dbPath?: string;
   autoCapture?: boolean;
@@ -81,7 +83,9 @@ function resolveEnvVars(value: string): string {
 
 function resolveEmbeddingModel(embedding: Record<string, unknown>): string {
   const model = typeof embedding.model === "string" ? embedding.model : DEFAULT_MODEL;
-  vectorDimsForModel(model);
+  if (typeof embedding.dimensions !== "number") {
+    vectorDimsForModel(model);
+  }
   return model;
 }
 
@@ -101,7 +105,7 @@ export const memoryConfigSchema = {
     if (!embedding || typeof embedding.apiKey !== "string") {
       throw new Error("embedding.apiKey is required");
     }
-    assertAllowedKeys(embedding, ["apiKey", "model"], "embedding config");
+    assertAllowedKeys(embedding, ["apiKey", "model", "baseUrl", "dimensions"], "embedding config");
 
     const model = resolveEmbeddingModel(embedding);
 
@@ -119,6 +123,9 @@ export const memoryConfigSchema = {
         provider: "openai",
         model,
         apiKey: resolveEnvVars(embedding.apiKey),
+        baseUrl:
+          typeof embedding.baseUrl === "string" ? resolveEnvVars(embedding.baseUrl) : undefined,
+        dimensions: typeof embedding.dimensions === "number" ? embedding.dimensions : undefined,
       },
       dbPath: typeof cfg.dbPath === "string" ? cfg.dbPath : DEFAULT_DB_PATH,
       autoCapture: cfg.autoCapture === true,
@@ -133,6 +140,18 @@ export const memoryConfigSchema = {
       placeholder: "sk-proj-...",
       help: "API key for OpenAI embeddings (or use ${OPENAI_API_KEY})",
     },
+    "embedding.baseUrl": {
+      label: "Base URL",
+      placeholder: "https://api.openai.com/v1",
+      help: "Base URL for compatible providers (e.g. http://localhost:11434/v1)",
+      advanced: true,
+    },
+    "embedding.dimensions": {
+      label: "Dimensions",
+      placeholder: "1536",
+      help: "Vector dimensions for custom models (required for non-standard models)",
+      advanced: true,
+    },
     "embedding.model": {
       label: "Embedding Model",
       placeholder: DEFAULT_MODEL,

extensions/memory-lancedb/index.ts

@@ -166,8 +166,9 @@ class Embeddings {
   constructor(
     apiKey: string,
     private model: string,
+    baseUrl?: string,
   ) {
-    this.client = new OpenAI({ apiKey });
+    this.client = new OpenAI({ apiKey, baseURL: baseUrl });
   }
 
   async embed(text: string): Promise<number[]> {
@@ -293,9 +294,11 @@ const memoryPlugin = {
   register(api: OpenClawPluginApi) {
     const cfg = memoryConfigSchema.parse(api.pluginConfig);
     const resolvedDbPath = api.resolvePath(cfg.dbPath!);
-    const vectorDim = vectorDimsForModel(cfg.embedding.model ?? "text-embedding-3-small");
+    const { model, dimensions, apiKey, baseUrl } = cfg.embedding;
+
+    const vectorDim = dimensions ?? vectorDimsForModel(model);
     const db = new MemoryDB(resolvedDbPath, vectorDim);
-    const embeddings = new Embeddings(cfg.embedding.apiKey, cfg.embedding.model!);
+    const embeddings = new Embeddings(apiKey, model, baseUrl);
 
     api.logger.info(`memory-lancedb: plugin registered (db: ${resolvedDbPath}, lazy init)`);
 

extensions/memory-lancedb/openclaw.plugin.json

@@ -13,6 +13,18 @@
       "placeholder": "text-embedding-3-small",
       "help": "OpenAI embedding model to use"
     },
+    "embedding.baseUrl": {
+      "label": "Base URL",
+      "placeholder": "https://api.openai.com/v1",
+      "help": "Base URL for compatible providers (e.g. http://localhost:11434/v1)",
+      "advanced": true
+    },
+    "embedding.dimensions": {
+      "label": "Dimensions",
+      "placeholder": "1536",
+      "help": "Vector dimensions for custom models (required for non-standard models)",
+      "advanced": true
+    },
     "dbPath": {
       "label": "Database Path",
       "placeholder": "~/.openclaw/memory/lancedb",
@@ -45,8 +57,13 @@
             "type": "string"
           },
           "model": {
-            "type": "string",
-            "enum": ["text-embedding-3-small", "text-embedding-3-large"]
+            "type": "string"
+          },
+          "baseUrl": {
+            "type": "string"
+          },
+          "dimensions": {
+            "type": "number"
           }
         },
         "required": ["apiKey"]

extensions/memory-lancedb/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/memory-lancedb",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw LanceDB-backed long-term memory plugin with auto-recall/capture",
   "type": "module",

extensions/minimax-portal-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/minimax-portal-auth",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw MiniMax Portal OAuth provider plugin",
   "type": "module",

extensions/msteams/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.2.27
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.2.26
 
 ### Changes

extensions/msteams/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/msteams",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw Microsoft Teams channel plugin",
   "type": "module",
   "dependencies": {

extensions/nextcloud-talk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/nextcloud-talk",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw Nextcloud Talk channel plugin",
   "type": "module",
   "openclaw": {

extensions/nostr/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.2.27
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.2.26
 
 ### Changes

extensions/nostr/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/nostr",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw Nostr channel plugin for NIP-04 encrypted DMs",
   "type": "module",
   "dependencies": {

extensions/open-prose/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/open-prose",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenProse VM skill pack plugin (slash command + telemetry).",
   "type": "module",

extensions/signal/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/signal",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw Signal channel plugin",
   "type": "module",

extensions/slack/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/slack",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw Slack channel plugin",
   "type": "module",

extensions/synology-chat/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/synology-chat",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "Synology Chat channel plugin for OpenClaw",
   "type": "module",
   "dependencies": {

extensions/telegram/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/telegram",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw Telegram channel plugin",
   "type": "module",

extensions/tlon/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/tlon",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw Tlon/Urbit channel plugin",
   "type": "module",
   "dependencies": {

extensions/twitch/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.2.27
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.2.26
 
 ### Changes

extensions/twitch/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/twitch",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw Twitch channel plugin",
   "type": "module",
   "dependencies": {

extensions/voice-call/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.2.27
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.2.26
 
 ### Changes

extensions/voice-call/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/voice-call",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "description": "OpenClaw voice-call plugin",
   "type": "module",
   "dependencies": {

extensions/whatsapp/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/whatsapp",
-  "version": "2026.2.26",
+  "version": "2026.2.27",
   "private": true,
   "description": "OpenClaw WhatsApp channel plugin",
   "type": "module",

extensions/zalo/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.2.27
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.2.26
 
 ### Changes