Device pairing: cover constrained setup code verification

* Android: add mobile dark theme

* Android: fix remaining dark mode card surfaces

* Android: address dark mode review comments

* fix(android): theme onboarding flow

* fix: add Android dark theme coverage (#46249) (thanks @sibbl)

---------

Co-authored-by: Ayaan Zaidi <hi@obviy.us>

.github/CODEOWNERS

@@ -0,0 +1,54 @@
+# Protect the ownership rules themselves.
+/.github/CODEOWNERS @steipete
+
+# WARNING: GitHub CODEOWNERS uses last-match-wins semantics.
+# If you add overlapping rules below the secops block, include @openclaw/secops
+# on those entries too or you can silently remove required secops review.
+# Security-sensitive code, config, and docs require secops review.
+/SECURITY.md @openclaw/secops
+/.github/dependabot.yml @openclaw/secops
+/.github/codeql/ @openclaw/secops
+/.github/workflows/codeql.yml @openclaw/secops
+/src/security/ @openclaw/secops
+/src/secrets/ @openclaw/secops
+/src/config/*secret*.ts @openclaw/secops
+/src/config/**/*secret*.ts @openclaw/secops
+/src/gateway/*auth*.ts @openclaw/secops
+/src/gateway/**/*auth*.ts @openclaw/secops
+/src/gateway/*secret*.ts @openclaw/secops
+/src/gateway/**/*secret*.ts @openclaw/secops
+/src/gateway/security-path*.ts @openclaw/secops
+/src/gateway/resolve-configured-secret-input-string*.ts @openclaw/secops
+/src/gateway/protocol/**/*secret*.ts @openclaw/secops
+/src/gateway/server-methods/secrets*.ts @openclaw/secops
+/src/agents/*auth*.ts @openclaw/secops
+/src/agents/**/*auth*.ts @openclaw/secops
+/src/agents/auth-profiles*.ts @openclaw/secops
+/src/agents/auth-health*.ts @openclaw/secops
+/src/agents/auth-profiles/ @openclaw/secops
+/src/agents/sandbox.ts @openclaw/secops
+/src/agents/sandbox-*.ts @openclaw/secops
+/src/agents/sandbox/ @openclaw/secops
+/src/infra/secret-file*.ts @openclaw/secops
+/src/cron/stagger.ts @openclaw/secops
+/src/cron/service/jobs.ts @openclaw/secops
+/docs/security/ @openclaw/secops
+/docs/gateway/authentication.md @openclaw/secops
+/docs/gateway/sandbox-vs-tool-policy-vs-elevated.md @openclaw/secops
+/docs/gateway/sandboxing.md @openclaw/secops
+/docs/gateway/secrets-plan-contract.md @openclaw/secops
+/docs/gateway/secrets.md @openclaw/secops
+/docs/gateway/security/ @openclaw/secops
+/docs/cli/approvals.md @openclaw/secops
+/docs/cli/sandbox.md @openclaw/secops
+/docs/cli/security.md @openclaw/secops
+/docs/cli/secrets.md @openclaw/secops
+/docs/reference/secretref-credential-surface.md @openclaw/secops
+/docs/reference/secretref-user-supplied-credentials-matrix.json @openclaw/secops
+
+# Release workflow and its supporting release-path checks.
+/.github/workflows/openclaw-npm-release.yml @openclaw/openclaw-release-managers
+/docs/reference/RELEASING.md @openclaw/openclaw-release-managers
+/scripts/openclaw-npm-publish.sh @openclaw/openclaw-release-managers
+/scripts/openclaw-npm-release-check.ts @openclaw/openclaw-release-managers
+/scripts/release-check.ts @openclaw/openclaw-release-managers

.github/labeler.yml

@@ -6,7 +6,6 @@
 "channel: discord":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/discord/**"
           - "extensions/discord/**"
           - "docs/channels/discord.md"
 "channel: irc":
@@ -28,7 +27,6 @@
 "channel: imessage":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/imessage/**"
           - "extensions/imessage/**"
           - "docs/channels/imessage.md"
 "channel: line":
@@ -64,19 +62,16 @@
 "channel: signal":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/signal/**"
           - "extensions/signal/**"
           - "docs/channels/signal.md"
 "channel: slack":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/slack/**"
           - "extensions/slack/**"
           - "docs/channels/slack.md"
 "channel: telegram":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/telegram/**"
           - "extensions/telegram/**"
           - "docs/channels/telegram.md"
 "channel: tlon":
@@ -96,7 +91,6 @@
 "channel: whatsapp-web":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/web/**"
           - "extensions/whatsapp/**"
           - "docs/channels/whatsapp.md"
 "channel: zalo":

.github/workflows/ci.yml

@@ -159,6 +159,9 @@ jobs:
           - runtime: node
             task: extensions
             command: pnpm test:extensions
+          - runtime: node
+            task: channels
+            command: pnpm test:channels
           - runtime: node
             task: protocol
             command: pnpm protocol:check

.github/workflows/docker-release.yml

@@ -12,9 +12,15 @@ on:
       - "**/*.mdx"
       - ".agents/**"
       - "skills/**"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: Existing release tag to backfill (for example v2026.3.13)
+        required: true
+        type: string
 
 concurrency:
-  group: docker-release-${{ github.workflow }}-${{ github.ref }}
+  group: docker-release-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref }}
   cancel-in-progress: false
 
 env:
@@ -23,9 +29,48 @@ env:
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
+  validate_manual_backfill:
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: Validate tag input format
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
+        run: |
+          set -euo pipefail
+          if [[ ! "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*(-beta\.[1-9][0-9]*)?$ ]]; then
+            echo "Invalid release tag: ${RELEASE_TAG}"
+            exit 1
+          fi
+
+      - name: Checkout selected tag
+        uses: actions/checkout@v6
+        with:
+          ref: refs/tags/${{ inputs.tag }}
+          fetch-depth: 0
+
+  approve_manual_backfill:
+    if: github.event_name == 'workflow_dispatch'
+    needs: validate_manual_backfill
+    # WARNING: KEEP MANUAL BACKFILLS GATED BY THE docker-release ENVIRONMENT.
+    runs-on: ubuntu-24.04
+    environment: docker-release
+    steps:
+      - name: Approve Docker backfill
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
+        run: echo "Approved Docker backfill for $RELEASE_TAG"
+
+  # KEEP THIS WORKFLOW ON GITHUB-HOSTED RUNNERS.
+  # DO NOT MOVE IT BACK TO BLACKSMITH WITHOUT RE-VALIDATING TAG BUILDS AND BACKFILLS.
   # Build amd64 images (default + slim share the build stage cache)
   build-amd64:
-    runs-on: blacksmith-16vcpu-ubuntu-2404
+    needs: [approve_manual_backfill]
+    if: ${{ always() && (github.event_name != 'workflow_dispatch' || needs.approve_manual_backfill.result == 'success') }}
+    # WARNING: DO NOT REVERT THIS TO A BLACKSMITH RUNNER WITHOUT RE-VALIDATING TAG BACKFILLS.
+    runs-on: ubuntu-24.04
     permissions:
       packages: write
       contents: read
@@ -35,6 +80,9 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
+          fetch-depth: 0
 
       - name: Set up Docker Builder
         uses: docker/setup-buildx-action@v4
@@ -51,21 +99,22 @@ jobs:
         shell: bash
         env:
           IMAGE: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          SOURCE_REF: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
         run: |
           set -euo pipefail
           tags=()
           slim_tags=()
-          if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
+          if [[ "${SOURCE_REF}" == "refs/heads/main" ]]; then
             tags+=("${IMAGE}:main-amd64")
             slim_tags+=("${IMAGE}:main-slim-amd64")
           fi
-          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
-            version="${GITHUB_REF#refs/tags/v}"
+          if [[ "${SOURCE_REF}" == refs/tags/v* ]]; then
+            version="${SOURCE_REF#refs/tags/v}"
             tags+=("${IMAGE}:${version}-amd64")
             slim_tags+=("${IMAGE}:${version}-slim-amd64")
           fi
           if [[ ${#tags[@]} -eq 0 ]]; then
-            echo "::error::No amd64 tags resolved for ref ${GITHUB_REF}"
+            echo "::error::No amd64 tags resolved for ref ${SOURCE_REF}"
             exit 1
           fi
           {
@@ -82,19 +131,22 @@ jobs:
       - name: Resolve OCI labels (amd64)
         id: labels
         shell: bash
+        env:
+          SOURCE_REF: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
         run: |
           set -euo pipefail
-          version="${GITHUB_SHA}"
-          if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
+          source_sha="$(git rev-parse HEAD)"
+          version="${source_sha}"
+          if [[ "${SOURCE_REF}" == "refs/heads/main" ]]; then
             version="main"
           fi
-          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
-            version="${GITHUB_REF#refs/tags/v}"
+          if [[ "${SOURCE_REF}" == refs/tags/v* ]]; then
+            version="${SOURCE_REF#refs/tags/v}"
           fi
           created="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
           {
             echo "value<<EOF"
-            echo "org.opencontainers.image.revision=${GITHUB_SHA}"
+            echo "org.opencontainers.image.revision=${source_sha}"
             echo "org.opencontainers.image.version=${version}"
             echo "org.opencontainers.image.created=${created}"
             echo "EOF"
@@ -102,7 +154,8 @@ jobs:
 
       - name: Build and push amd64 image
         id: build
-        uses: useblacksmith/build-push-action@v2
+        # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY.
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64
@@ -113,7 +166,8 @@ jobs:
 
       - name: Build and push amd64 slim image
         id: build-slim
-        uses: useblacksmith/build-push-action@v2
+        # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY.
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64
@@ -126,7 +180,10 @@ jobs:
 
   # Build arm64 images (default + slim share the build stage cache)
   build-arm64:
-    runs-on: blacksmith-16vcpu-ubuntu-2404-arm
+    needs: [approve_manual_backfill]
+    if: ${{ always() && (github.event_name != 'workflow_dispatch' || needs.approve_manual_backfill.result == 'success') }}
+    # WARNING: DO NOT REVERT THIS TO A BLACKSMITH RUNNER WITHOUT RE-VALIDATING TAG BACKFILLS.
+    runs-on: ubuntu-24.04-arm
     permissions:
       packages: write
       contents: read
@@ -136,6 +193,9 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
+          fetch-depth: 0
 
       - name: Set up Docker Builder
         uses: docker/setup-buildx-action@v4
@@ -152,21 +212,22 @@ jobs:
         shell: bash
         env:
           IMAGE: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          SOURCE_REF: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
         run: |
           set -euo pipefail
           tags=()
           slim_tags=()
-          if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
+          if [[ "${SOURCE_REF}" == "refs/heads/main" ]]; then
             tags+=("${IMAGE}:main-arm64")
             slim_tags+=("${IMAGE}:main-slim-arm64")
           fi
-          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
-            version="${GITHUB_REF#refs/tags/v}"
+          if [[ "${SOURCE_REF}" == refs/tags/v* ]]; then
+            version="${SOURCE_REF#refs/tags/v}"
             tags+=("${IMAGE}:${version}-arm64")
             slim_tags+=("${IMAGE}:${version}-slim-arm64")
           fi
           if [[ ${#tags[@]} -eq 0 ]]; then
-            echo "::error::No arm64 tags resolved for ref ${GITHUB_REF}"
+            echo "::error::No arm64 tags resolved for ref ${SOURCE_REF}"
             exit 1
           fi
           {
@@ -183,19 +244,22 @@ jobs:
       - name: Resolve OCI labels (arm64)
         id: labels
         shell: bash
+        env:
+          SOURCE_REF: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
         run: |
           set -euo pipefail
-          version="${GITHUB_SHA}"
-          if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
+          source_sha="$(git rev-parse HEAD)"
+          version="${source_sha}"
+          if [[ "${SOURCE_REF}" == "refs/heads/main" ]]; then
             version="main"
           fi
-          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
-            version="${GITHUB_REF#refs/tags/v}"
+          if [[ "${SOURCE_REF}" == refs/tags/v* ]]; then
+            version="${SOURCE_REF#refs/tags/v}"
           fi
           created="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
           {
             echo "value<<EOF"
-            echo "org.opencontainers.image.revision=${GITHUB_SHA}"
+            echo "org.opencontainers.image.revision=${source_sha}"
             echo "org.opencontainers.image.version=${version}"
             echo "org.opencontainers.image.created=${created}"
             echo "EOF"
@@ -203,7 +267,8 @@ jobs:
 
       - name: Build and push arm64 image
         id: build
-        uses: useblacksmith/build-push-action@v2
+        # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY.
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/arm64
@@ -214,7 +279,8 @@ jobs:
 
       - name: Build and push arm64 slim image
         id: build-slim
-        uses: useblacksmith/build-push-action@v2
+        # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY.
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/arm64
@@ -227,14 +293,19 @@ jobs:
 
   # Create multi-platform manifests
   create-manifest:
-    runs-on: blacksmith-16vcpu-ubuntu-2404
+    needs: [approve_manual_backfill, build-amd64, build-arm64]
+    if: ${{ always() && needs.build-amd64.result == 'success' && needs.build-arm64.result == 'success' && (github.event_name != 'workflow_dispatch' || needs.approve_manual_backfill.result == 'success') }}
+    # WARNING: DO NOT REVERT THIS TO A BLACKSMITH RUNNER WITHOUT RE-VALIDATING TAG BACKFILLS.
+    runs-on: ubuntu-24.04
     permissions:
       packages: write
       contents: read
-    needs: [build-amd64, build-arm64]
     steps:
       - name: Checkout
         uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
+          fetch-depth: 0
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v4
@@ -248,25 +319,28 @@ jobs:
         shell: bash
         env:
           IMAGE: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          SOURCE_REF: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
+          IS_MANUAL_BACKFILL: ${{ github.event_name == 'workflow_dispatch' && '1' || '0' }}
         run: |
           set -euo pipefail
           tags=()
           slim_tags=()
-          if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
+          if [[ "${SOURCE_REF}" == "refs/heads/main" ]]; then
             tags+=("${IMAGE}:main")
             slim_tags+=("${IMAGE}:main-slim")
           fi
-          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
-            version="${GITHUB_REF#refs/tags/v}"
+          if [[ "${SOURCE_REF}" == refs/tags/v* ]]; then
+            version="${SOURCE_REF#refs/tags/v}"
             tags+=("${IMAGE}:${version}")
             slim_tags+=("${IMAGE}:${version}-slim")
-            if [[ "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?$ ]]; then
+            # Manual backfills should only republish the requested version tags.
+            if [[ "${IS_MANUAL_BACKFILL}" != "1" && "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?$ ]]; then
               tags+=("${IMAGE}:latest")
               slim_tags+=("${IMAGE}:slim")
             fi
           fi
           if [[ ${#tags[@]} -eq 0 ]]; then
-            echo "::error::No manifest tags resolved for ref ${GITHUB_REF}"
+            echo "::error::No manifest tags resolved for ref ${SOURCE_REF}"
             exit 1
           fi
           {

.github/workflows/openclaw-npm-release.yml

@@ -4,9 +4,15 @@ on:
   push:
     tags:
       - "v*"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: Release tag to publish (for example v2026.3.14, v2026.3.14-beta.1, or fallback v2026.3.14-1)
+        required: true
+        type: string
 
 concurrency:
-  group: openclaw-npm-release-${{ github.ref }}
+  group: openclaw-npm-release-${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref }}
   cancel-in-progress: false
 
 env:
@@ -15,12 +21,11 @@ env:
   PNPM_VERSION: "10.23.0"
 
 jobs:
-  publish_openclaw_npm:
-    # npm trusted publishing + provenance requires a GitHub-hosted runner.
+  preview_openclaw_npm:
+    if: github.event_name == 'push'
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@v6
@@ -35,13 +40,131 @@ jobs:
           install-bun: "false"
           use-sticky-disk: "false"
 
+      - name: Print release plan
+        env:
+          RELEASE_TAG: ${{ github.ref_name }}
+        run: |
+          set -euo pipefail
+          RELEASE_SHA=$(git rev-parse HEAD)
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          if [[ "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*-[1-9][0-9]*$ ]]; then
+            TAG_KIND="fallback correction"
+          else
+            TAG_KIND="standard"
+          fi
+          echo "Release plan for ${RELEASE_TAG}:"
+          echo "Resolved release SHA: ${RELEASE_SHA}"
+          echo "Resolved package version: ${PACKAGE_VERSION}"
+          echo "Resolved tag kind: ${TAG_KIND}"
+          if [[ "${TAG_KIND}" == "fallback correction" ]]; then
+            echo "Correction tag note: npm version remains ${PACKAGE_VERSION}"
+          fi
+          echo "Would run: git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main"
+          echo "Would run with env: RELEASE_SHA=${RELEASE_SHA} RELEASE_TAG=${RELEASE_TAG} RELEASE_MAIN_REF=origin/main pnpm release:openclaw:npm:check"
+          echo "Would run: npm view openclaw@${PACKAGE_VERSION} version"
+          echo "Would run: pnpm check"
+          echo "Would run: pnpm build"
+          echo "Would run: pnpm release:check"
+
       - name: Validate release tag and package metadata
         env:
-          RELEASE_SHA: ${{ github.sha }}
           RELEASE_TAG: ${{ github.ref_name }}
           RELEASE_MAIN_REF: origin/main
+        run: |
+          set -euxo pipefail
+          RELEASE_SHA=$(git rev-parse HEAD)
+          export RELEASE_SHA RELEASE_TAG RELEASE_MAIN_REF
+          # Fetch the full main ref so merge-base ancestry checks keep working
+          # for older tagged commits that are still contained in main.
+          git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
+          pnpm release:openclaw:npm:check
+
+      - name: Ensure version is not already published
+        env:
+          RELEASE_TAG: ${{ github.ref_name }}
+        run: |
+          set -euxo pipefail
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          IS_CORRECTION_TAG=0
+          if [[ "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*-[1-9][0-9]*$ ]]; then
+            IS_CORRECTION_TAG=1
+          fi
+
+          if npm view "openclaw@${PACKAGE_VERSION}" version >/dev/null 2>&1; then
+            if [[ "${IS_CORRECTION_TAG}" == "1" ]]; then
+              echo "openclaw@${PACKAGE_VERSION} is already published on npm."
+              echo "Correction tag ${RELEASE_TAG} is allowed as a fallback release tag, so preview will continue without treating this as an error."
+              exit 0
+            fi
+            echo "openclaw@${PACKAGE_VERSION} is already published on npm."
+            exit 1
+          fi
+
+          if [[ "${IS_CORRECTION_TAG}" == "1" ]]; then
+            echo "Previewing fallback correction tag ${RELEASE_TAG} for npm version openclaw@${PACKAGE_VERSION}"
+          else
+            echo "Previewing openclaw@${PACKAGE_VERSION}"
+          fi
+
+      - name: Check
+        run: |
+          set -euxo pipefail
+          pnpm check
+
+      - name: Build
+        run: |
+          set -euxo pipefail
+          pnpm build
+
+      - name: Verify release contents
+        run: |
+          set -euxo pipefail
+          pnpm release:check
+
+      - name: Preview publish command
+        run: bash scripts/openclaw-npm-publish.sh --dry-run
+
+  publish_openclaw_npm:
+    if: github.event_name == 'workflow_dispatch'
+    # npm trusted publishing + provenance requires a GitHub-hosted runner.
+    runs-on: ubuntu-latest
+    environment: npm-release
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Validate tag input format
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
         run: |
           set -euo pipefail
+          if [[ ! "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*((-beta\.[1-9][0-9]*)|(-[1-9][0-9]*))?$ ]]; then
+            echo "Invalid release tag format: ${RELEASE_TAG}"
+            exit 1
+          fi
+
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: refs/tags/${{ inputs.tag }}
+          fetch-depth: 0
+
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          pnpm-version: ${{ env.PNPM_VERSION }}
+          install-bun: "false"
+          use-sticky-disk: "false"
+
+      - name: Validate release tag and package metadata
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
+          RELEASE_MAIN_REF: origin/main
+        run: |
+          set -euo pipefail
+          RELEASE_SHA=$(git rev-parse HEAD)
+          export RELEASE_SHA RELEASE_TAG RELEASE_MAIN_REF
           # Fetch the full main ref so merge-base ancestry checks keep working
           # for older tagged commits that are still contained in main.
           git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
@@ -69,17 +192,4 @@ jobs:
         run: pnpm release:check
 
       - name: Publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: |
-          set -euo pipefail
-          if [[ -n "${NODE_AUTH_TOKEN:-}" ]]; then
-            printf '//registry.npmjs.org/:_authToken=%s\n' "$NODE_AUTH_TOKEN" > "$HOME/.npmrc"
-          fi
-          PACKAGE_VERSION=$(node -p "require('./package.json').version")
-
-          if [[ "$PACKAGE_VERSION" == *-beta.* ]]; then
-            npm publish --access public --tag beta --provenance
-          else
-            npm publish --access public --provenance
-          fi
+        run: bash scripts/openclaw-npm-publish.sh --publish

.github/workflows/workflow-sanity.yml

@@ -4,6 +4,7 @@ on:
   pull_request:
   push:
     branches: [main]
+  workflow_dispatch:
 
 concurrency:
   group: workflow-sanity-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
@@ -14,6 +15,7 @@ env:
 
 jobs:
   no-tabs:
+    if: github.event_name != 'workflow_dispatch'
     runs-on: blacksmith-16vcpu-ubuntu-2404
     steps:
       - name: Checkout
@@ -45,6 +47,7 @@ jobs:
           PY
 
   actionlint:
+    if: github.event_name != 'workflow_dispatch'
     runs-on: blacksmith-16vcpu-ubuntu-2404
     steps:
       - name: Checkout
@@ -68,3 +71,19 @@ jobs:
 
       - name: Disallow direct inputs interpolation in composite run blocks
         run: python3 scripts/check-composite-action-input-interpolation.py
+
+  config-docs-drift:
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: blacksmith-16vcpu-ubuntu-2404
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          install-bun: "false"
+          use-sticky-disk: "false"
+
+      - name: Check config docs drift statefile
+        run: pnpm config:docs:check

.secrets.baseline

@@ -12314,14 +12314,14 @@
         "filename": "src/config/schema.help.ts",
         "hashed_secret": "9f4cda226d3868676ac7f86f59e4190eb94bd208",
         "is_verified": false,
-        "line_number": 653
+        "line_number": 657
       },
       {
         "type": "Secret Keyword",
         "filename": "src/config/schema.help.ts",
         "hashed_secret": "01822c8bbf6a8b136944b14182cb885100ec2eae",
         "is_verified": false,
-        "line_number": 686
+        "line_number": 690
       }
     ],
     "src/config/schema.irc.ts": [
@@ -12360,14 +12360,14 @@
         "filename": "src/config/schema.labels.ts",
         "hashed_secret": "e73c9fcad85cd4eecc74181ec4bdb31064d68439",
         "is_verified": false,
-        "line_number": 217
+        "line_number": 219
       },
       {
         "type": "Secret Keyword",
         "filename": "src/config/schema.labels.ts",
         "hashed_secret": "2eda7cd978f39eebec3bf03e4410a40e14167fff",
         "is_verified": false,
-        "line_number": 326
+        "line_number": 328
       }
     ],
     "src/config/slack-http-config.test.ts": [

AGENTS.md

@@ -9,6 +9,7 @@
 - PR review conversations: if a bot leaves review conversations on your PR, address them and resolve those conversations yourself once fixed. Leave a conversation unresolved only when reviewer or maintainer judgment is still needed; do not leave bot-conversation cleanup to maintainers.
 - GitHub searching footgun: don't limit yourself to the first 500 issues or PRs when wanting to search all. Unless you're supposed to look at the most recent, keep going until you've reached the last page in the search
 - Security advisory analysis: before triage/severity decisions, read `SECURITY.md` to align with OpenClaw's trust model and design boundaries.
+- Do not edit files covered by security-focused `CODEOWNERS` rules unless a listed owner explicitly asked for the change or is already reviewing it with you. Treat those paths as restricted surfaces, not drive-by cleanup.
 
 ## Auto-close labels (issues and PRs)
 
@@ -203,6 +204,8 @@
 
 - Vocabulary: "makeup" = "mac app".
 - Parallels macOS retests: use the snapshot most closely named like `macOS 26.3.1 fresh` when the user asks for a clean/fresh macOS rerun; avoid older Tahoe snapshots unless explicitly requested.
+- Parallels beta smoke: use `--target-package-spec openclaw@<beta-version>` for the beta artifact, and pin the stable side with both `--install-version <stable-version>` and `--latest-version <stable-version>` for upgrade runs. npm dist-tags can move mid-run.
+- Parallels beta smoke, Windows nuance: old stable `2026.3.12` still prints the Unicode Windows onboarding banner, so mojibake during the stable precheck log is expected there. Judge the beta package by the post-upgrade lane.
 - Parallels macOS smoke playbook:
   - `prlctl exec` is fine for deterministic repo commands, but it can misrepresent interactive shell behavior (`PATH`, `HOME`, `curl | bash`, shebang resolution). For installer parity or shell-sensitive repros, prefer the guest Terminal or `prlctl enter`.
   - Fresh Tahoe snapshot current reality: `brew` exists, `node` may not be on `PATH` in noninteractive guest exec. Use absolute `/opt/homebrew/bin/node` for repo/CLI runs when needed.

CHANGELOG.md

@@ -4,6 +4,36 @@ Docs: https://docs.openclaw.ai
 
 ## Unreleased
 
+### Changes
+
+- Commands/btw: add `/btw` side questions for quick tool-less answers about the current session without changing future session context, with dismissible in-session TUI answers and explicit BTW replies on external channels. (#45444) Thanks @ngutman.
+- Refactor/channels: remove the legacy channel shim directories and point channel-specific imports directly at the extension-owned implementations. (#45967) thanks @scoootscooob.
+- Feishu/streaming: add `onReasoningStream` and `onReasoningEnd` support to streaming cards, so `/reasoning stream` renders thinking tokens as markdown blockquotes in the same card — matching the Telegram channel's reasoning lane behavior.
+- Feishu/cards: add identity-aware structured card headers and note footers for Feishu replies and direct sends, while keeping that presentation wired through the shared outbound identity path. (#29938) Thanks @nszhsl.
+- Gateway/health monitor: add configurable stale-event thresholds and restart limits, plus per-channel and per-account `healthMonitor.enabled` overrides, while keeping the existing global disable path on `gateway.channelHealthCheckMinutes=0`. (#42107) Thanks @rstar327.
+- Android/mobile: add a system-aware dark theme across onboarding and post-onboarding screens so the app follows the device theme through setup, chat, and voice flows. (#46249) Thanks @sibbl.
+
+### Fixes
+
+- Z.AI/onboarding: detect a working default model even for explicit `zai-coding-*` endpoint choices, so Coding Plan setup can keep the selected endpoint while defaulting to `glm-5` when available or `glm-4.7` as fallback. (#45969)
+- Zalo/plugin runtime: export `resolveClientIp` from `openclaw/plugin-sdk/zalo` so installed builds no longer crash on startup when the webhook monitor loads from the packaged extension instead of the monorepo source tree. (#46549) Thanks @No898.
+- Z.AI/onboarding: add `glm-5-turbo` to the default Z.AI provider catalog so onboarding-generated configs expose the new model alongside the existing GLM defaults. (#46670) Thanks @tomsun28.
+- Control UI/chat sessions: show human-readable labels in the grouped session dropdown again, keep unique scoped fallbacks when metadata is missing, and disambiguate duplicate labels only when needed. (#45130) thanks @luzhidong.
+- Configure/startup: move outbound send-deps resolution into a lightweight helper so `openclaw configure` no longer stalls after the banner while eagerly loading channel plugins. (#46301) thanks @scoootscooob.
+- Zalo Personal/group gating: stop reapplying `dmPolicy.allowFrom` as a sender gate for already-allowlisted groups when `groupAllowFrom` is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#40146)
+- Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`.
+- Device pairing/setup codes: bind setup-code pairing to the intended node role and scope set so approval keeps the expected device profile. Thanks @vincentkoc.
+
+### Fixes
+
+- Slack/interactive replies: preserve `channelData.slack.blocks` through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. Thanks @vincentkoc.
+- CI/channel test routing: move the built-in channel suites into `test:channels` and keep them out of `test:extensions`, so extension CI no longer fails after the channel migration while targeted test routing still sends Slack, Signal, and iMessage suites to the right lane. (#46066) Thanks @scoootscooob.
+- Node/startup: remove leftover debug `console.log("node host PATH: ...")` that printed the resolved PATH on every `openclaw node run` invocation. (#46411)
+- Control UI/dashboard: preserve structured gateway shutdown reasons across restart disconnects so config-triggered restarts no longer fall back to `disconnected (1006): no reason`. (#46532) Thanks @vincentkoc.
+- Feishu/topic threads: fetch full thread context, including prior bot replies, when starting a topic-thread session so follow-up turns in Feishu topics keep the right conversation state. Thanks @Coobiw.
+- Browser/profiles: drop the auto-created `chrome-relay` browser profile; users who need the Chrome extension relay must now create their own profile via `openclaw browser create-profile`. (#45777) Thanks @odysseus0.
+- Docs/Mintlify: fix MDX marker syntax on Perplexity, Model Providers, Moonshot, and exec approvals pages so local docs preview no longer breaks rendering or leaves stale pages unpublished. (#46695) Thanks @velvet-shark.
+
 ## 2026.3.13
 
 ### Changes
@@ -15,6 +45,12 @@ Docs: https://docs.openclaw.ai
 - Browser/act automation: add batched actions, selector targeting, and delayed clicks for browser act requests with normalized batch dispatch. Thanks @vincentkoc.
 - Docker/timezone override: add `OPENCLAW_TZ` so `docker-setup.sh` can pin gateway and CLI containers to a chosen IANA timezone instead of inheriting the daemon default. (#34119) Thanks @Lanfei.
 - Dependencies/pi: bump `@mariozechner/pi-agent-core`, `@mariozechner/pi-ai`, `@mariozechner/pi-coding-agent`, and `@mariozechner/pi-tui` to `0.58.0`.
+- Cron/sessions: add `sessionTarget: "current"` and `session:<id>` support so cron jobs can bind to the creating session or a persistent named session instead of only `main` or `isolated`. Thanks @kkhomej33-netizen and @ImLukeF.
+- Telegram/message send: add `--force-document` so Telegram image and GIF sends can upload as documents without compression. (#45111) Thanks @thepagent.
+
+### Breaking
+
+- **BREAKING:** Agents now load at most one root memory bootstrap file. `MEMORY.md` wins; `memory.md` is only used when `MEMORY.md` is absent. If you intentionally kept both files and depended on both being injected, merge them before upgrade. This also fixes duplicate memory injection on case-insensitive Docker mounts. (#26054) Thanks @Lanfei.
 
 ### Fixes
 
@@ -60,7 +96,6 @@ Docs: https://docs.openclaw.ai
 - Cron/isolated sessions: route nested cron-triggered embedded runner work onto the nested lane so isolated cron jobs no longer deadlock when compaction or other queued inner work runs. Thanks @vincentkoc.
 - Agents/OpenAI-compatible compat overrides: respect explicit user `models[].compat` opt-ins for non-native `openai-completions` endpoints so usage-in-streaming capability overrides no longer get forced off when the endpoint actually supports them. (#44432) Thanks @cheapestinference.
 - Agents/Azure OpenAI startup prompts: rephrase the built-in `/new`, `/reset`, and post-compaction startup instruction so Azure OpenAI deployments no longer hit HTTP 400 false positives from the content filter. (#43403) Thanks @xingsy97.
-- Agents/memory bootstrap: load only one root memory file, preferring `MEMORY.md` and using `memory.md` as a fallback, so case-insensitive Docker mounts no longer inject duplicate memory context. (#26054) Thanks @Lanfei.
 - Agents/compaction: compare post-compaction token sanity checks against full-session pre-compaction totals and skip the check when token estimation fails, so sessions with large bootstrap context keep real token counts instead of falling back to unknown. (#28347) thanks @efe-arv.
 - Agents/compaction: preserve safeguard compaction summary language continuity via default and configurable custom instructions so persona drift is reduced after auto-compaction. (#10456) Thanks @keepitmello.
 - Agents/tool warnings: distinguish gated core tools like `apply_patch` from plugin-only unknown entries in `tools.profile` warnings, so unavailable core tools now report current runtime/provider/model/config gating instead of suggesting a missing plugin.
@@ -69,6 +104,12 @@ Docs: https://docs.openclaw.ai
 - Signal/config validation: add `channels.signal.groups` schema support so per-group `requireMention`, `tools`, and `toolsBySender` overrides no longer get rejected during config validation. (#27199) Thanks @unisone.
 - Config/discovery: accept `discovery.wideArea.domain` in strict config validation so unicast DNS-SD gateway configs no longer fail with an unrecognized-key error. (#35615) Thanks @ingyukoh.
 - Telegram/media errors: redact Telegram file URLs before building media fetch errors so failed inbound downloads do not leak bot tokens into logs. Thanks @space08.
+- Agents/failover: normalize abort-wrapped `429 RESOURCE_EXHAUSTED` provider failures before abort short-circuiting so wrapped Google/Vertex rate limits continue across configured fallback models, including the embedded runner prompt-error path. (#39820) Thanks @lupuletic.
+- Mattermost/thread routing: non-inbound reply paths (TUI/WebUI turns, tool-call callbacks, subagent responses) now correctly route to the originating Mattermost thread when `replyToMode: "all"` is active; also prevents stale `origin.threadId` metadata from resurrecting cleared thread routes. (#44283) thanks @teconomix
+- Gateway/websocket pairing bypass for disabled auth: skip device-pairing enforcement when `gateway.auth.mode=none` so Control UI connections behind reverse proxies no longer get stuck on `pairing required` (code 1008) despite auth being explicitly disabled. (#42931)
+- Auth/login lockout recovery: clear stale `auth_permanent` and `billing` disabled state for all profiles matching the target provider when `openclaw models auth login` is invoked, so users locked out by expired or revoked OAuth tokens can recover by re-authenticating instead of waiting for the cooldown timer to expire. (#43057)
+- Auto-reply/context-engine compaction: persist the exact embedded-run metadata compaction count for main and followup runner session accounting, so metadata-only auto-compactions no longer undercount multi-compaction runs. (#42629) thanks @uf-hy.
+- Auth/Codex CLI reuse: sync reused Codex CLI credentials into the supported `openai-codex:default` OAuth profile instead of reviving the deprecated `openai-codex:codex-cli` slot, so doctor cleanup no longer loops. (#45353) thanks @Gugu-sugar.
 
 ## 2026.3.12
 
@@ -301,6 +342,7 @@ Docs: https://docs.openclaw.ai
 - Agents/failover: classify HTTP 422 malformed-request responses as `format` and recognize OpenRouter "requires more credits" billing errors so provider fallback triggers instead of surfacing raw errors. (#43823) thanks @jnMetaCode.
 - Memory/QMD Windows: fail closed when `qmd.cmd` or `mcporter.cmd` wrappers cannot be resolved to a direct entrypoint, so memory search no longer falls back to shell execution on Windows.
 - macOS/remote gateway: stop PortGuardian from killing Docker Desktop and other external listeners on the gateway port in remote mode, so containerized and tunneled gateway setups no longer lose their port-forward owner on app startup. (#6755) Thanks @teslamint.
+- Feishu/streaming recovery: clear stale `streamingStartPromise` when card creation fails (HTTP 400) so subsequent messages can retry streaming instead of silently dropping all future replies. Fixes #43322.
 
 ## 2026.3.8
 

CONTRIBUTING.md

@@ -61,7 +61,7 @@ Welcome to the lobster tank! 🦞
 - **Josh Lehman** - Compaction, Tlon/Urbit subsystem
   - GitHub [@jalehman](https://github.com/jalehman) · X: [@jlehman\_](https://x.com/jlehman_)
 
-- **Radek Sienkiewicz** - Control UI + WebChat correctness
+- **Radek Sienkiewicz** - Docs, Control UI
   - GitHub [@velvet-shark](https://github.com/velvet-shark) · X: [@velvet_shark](https://twitter.com/velvet_shark)
 
 - **Muhammed Mukhthar** - Mattermost, CLI
@@ -76,6 +76,9 @@ Welcome to the lobster tank! 🦞
 - **Tengji (George) Zhang** - Chinese model APIs, cloud, pi
   - GitHub: [@odysseus0](https://github.com/odysseus0) · X: [@odysseus0z](https://x.com/odysseus0z)
 
+- **Andrew (Bubbles) Demczuk** - Agents/Gateway/TTS/VTT
+  - GitHub: [@ademczuk](https://github.com/ademczuk) · X: [@ademczuk](https://x.com/ademczuk)
+
 ## How to Contribute
 
 1. **Bugs & small fixes** → Open a PR!
@@ -93,6 +96,7 @@ Welcome to the lobster tank! 🦞
 - Reply to or resolve bot review conversations you addressed before asking for review again
 - **Include screenshots** — one showing the problem/before, one showing the fix/after (for UI or visual changes)
 - Use American English spelling and grammar in code, comments, docs, and UI strings
+- Do not edit files covered by `CODEOWNERS` security ownership unless a listed owner explicitly asked for the change or is already reviewing it with you. Treat those paths as restricted review surfaces, not opportunistic cleanup targets.
 
 ## Review Conversations Are Author-Owned
 

Dockerfile

@@ -134,7 +134,7 @@ RUN --mount=type=cache,id=openclaw-bookworm-apt-cache,target=/var/cache/apt,shar
     apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --no-install-recommends && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-      procps hostname curl git openssl
+      procps hostname curl git lsof openssl
 
 RUN chown node:node /app
 

apps/android/app/src/main/java/ai/openclaw/app/ui/ConnectTabScreen.kt

@@ -51,6 +51,7 @@ import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.text.input.KeyboardType
 import androidx.compose.ui.unit.dp
 import ai.openclaw.app.MainViewModel
+import ai.openclaw.app.ui.mobileCardSurface
 
 private enum class ConnectInputMode {
   SetupCode,
@@ -144,7 +145,7 @@ fun ConnectTabScreen(viewModel: MainViewModel) {
     Surface(
       modifier = Modifier.fillMaxWidth(),
       shape = RoundedCornerShape(14.dp),
-      color = Color.White,
+      color = mobileCardSurface,
       border = BorderStroke(1.dp, mobileBorder),
     ) {
       Column {
@@ -205,7 +206,7 @@ fun ConnectTabScreen(viewModel: MainViewModel) {
         shape = RoundedCornerShape(14.dp),
         colors =
           ButtonDefaults.buttonColors(
-            containerColor = Color.White,
+            containerColor = mobileCardSurface,
             contentColor = mobileDanger,
           ),
         border = BorderStroke(1.dp, mobileDanger.copy(alpha = 0.4f)),
@@ -298,7 +299,7 @@ fun ConnectTabScreen(viewModel: MainViewModel) {
       Surface(
         modifier = Modifier.fillMaxWidth(),
         shape = RoundedCornerShape(14.dp),
-        color = Color.White,
+        color = mobileCardSurface,
         border = BorderStroke(1.dp, mobileBorder),
       ) {
         Column(
@@ -480,7 +481,7 @@ private fun MethodChip(label: String, active: Boolean, onClick: () -> Unit) {
         containerColor = if (active) mobileAccent else mobileSurface,
         contentColor = if (active) Color.White else mobileText,
       ),
-    border = BorderStroke(1.dp, if (active) Color(0xFF184DAF) else mobileBorderStrong),
+    border = BorderStroke(1.dp, if (active) mobileAccentBorderStrong else mobileBorderStrong),
   ) {
     Text(label, style = mobileCaption1.copy(fontWeight = FontWeight.Bold))
   }
@@ -509,10 +510,10 @@ private fun CommandBlock(command: String) {
     modifier = Modifier.fillMaxWidth(),
     shape = RoundedCornerShape(12.dp),
     color = mobileCodeBg,
-    border = BorderStroke(1.dp, Color(0xFF2B2E35)),
+    border = BorderStroke(1.dp, mobileCodeBorder),
   ) {
     Row(modifier = Modifier.fillMaxWidth(), verticalAlignment = Alignment.CenterVertically) {
-      Box(modifier = Modifier.width(3.dp).height(42.dp).background(Color(0xFF3FC97A)))
+      Box(modifier = Modifier.width(3.dp).height(42.dp).background(mobileCodeAccent))
       Text(
         text = command,
         modifier = Modifier.padding(horizontal = 12.dp, vertical = 10.dp),

apps/android/app/src/main/java/ai/openclaw/app/ui/MobileUiTokens.kt

@@ -1,5 +1,7 @@
 package ai.openclaw.app.ui
 
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.staticCompositionLocalOf
 import androidx.compose.ui.graphics.Brush
 import androidx.compose.ui.graphics.Color
 import androidx.compose.ui.text.TextStyle
@@ -9,32 +11,147 @@ import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.unit.sp
 import ai.openclaw.app.R
 
-internal val mobileBackgroundGradient =
-  Brush.verticalGradient(
-    listOf(
-      Color(0xFFFFFFFF),
-      Color(0xFFF7F8FA),
-      Color(0xFFEFF1F5),
-    ),
+// ---------------------------------------------------------------------------
+// MobileColors – semantic color tokens with light + dark variants
+// ---------------------------------------------------------------------------
+
+internal data class MobileColors(
+  val surface: Color,
+  val surfaceStrong: Color,
+  val cardSurface: Color,
+  val border: Color,
+  val borderStrong: Color,
+  val text: Color,
+  val textSecondary: Color,
+  val textTertiary: Color,
+  val accent: Color,
+  val accentSoft: Color,
+  val accentBorderStrong: Color,
+  val success: Color,
+  val successSoft: Color,
+  val warning: Color,
+  val warningSoft: Color,
+  val danger: Color,
+  val dangerSoft: Color,
+  val codeBg: Color,
+  val codeText: Color,
+  val codeBorder: Color,
+  val codeAccent: Color,
+  val chipBorderConnected: Color,
+  val chipBorderConnecting: Color,
+  val chipBorderWarning: Color,
+  val chipBorderError: Color,
+)
+
+internal fun lightMobileColors() =
+  MobileColors(
+    surface = Color(0xFFF6F7FA),
+    surfaceStrong = Color(0xFFECEEF3),
+    cardSurface = Color(0xFFFFFFFF),
+    border = Color(0xFFE5E7EC),
+    borderStrong = Color(0xFFD6DAE2),
+    text = Color(0xFF17181C),
+    textSecondary = Color(0xFF5D6472),
+    textTertiary = Color(0xFF99A0AE),
+    accent = Color(0xFF1D5DD8),
+    accentSoft = Color(0xFFECF3FF),
+    accentBorderStrong = Color(0xFF184DAF),
+    success = Color(0xFF2F8C5A),
+    successSoft = Color(0xFFEEF9F3),
+    warning = Color(0xFFC8841A),
+    warningSoft = Color(0xFFFFF8EC),
+    danger = Color(0xFFD04B4B),
+    dangerSoft = Color(0xFFFFF2F2),
+    codeBg = Color(0xFF15171B),
+    codeText = Color(0xFFE8EAEE),
+    codeBorder = Color(0xFF2B2E35),
+    codeAccent = Color(0xFF3FC97A),
+    chipBorderConnected = Color(0xFFCFEBD8),
+    chipBorderConnecting = Color(0xFFD5E2FA),
+    chipBorderWarning = Color(0xFFEED8B8),
+    chipBorderError = Color(0xFFF3C8C8),
   )
 
-internal val mobileSurface = Color(0xFFF6F7FA)
-internal val mobileSurfaceStrong = Color(0xFFECEEF3)
-internal val mobileBorder = Color(0xFFE5E7EC)
-internal val mobileBorderStrong = Color(0xFFD6DAE2)
-internal val mobileText = Color(0xFF17181C)
-internal val mobileTextSecondary = Color(0xFF5D6472)
-internal val mobileTextTertiary = Color(0xFF99A0AE)
-internal val mobileAccent = Color(0xFF1D5DD8)
-internal val mobileAccentSoft = Color(0xFFECF3FF)
-internal val mobileSuccess = Color(0xFF2F8C5A)
-internal val mobileSuccessSoft = Color(0xFFEEF9F3)
-internal val mobileWarning = Color(0xFFC8841A)
-internal val mobileWarningSoft = Color(0xFFFFF8EC)
-internal val mobileDanger = Color(0xFFD04B4B)
-internal val mobileDangerSoft = Color(0xFFFFF2F2)
-internal val mobileCodeBg = Color(0xFF15171B)
-internal val mobileCodeText = Color(0xFFE8EAEE)
+internal fun darkMobileColors() =
+  MobileColors(
+    surface = Color(0xFF1A1C20),
+    surfaceStrong = Color(0xFF24262B),
+    cardSurface = Color(0xFF1E2024),
+    border = Color(0xFF2E3038),
+    borderStrong = Color(0xFF3A3D46),
+    text = Color(0xFFE4E5EA),
+    textSecondary = Color(0xFFA0A6B4),
+    textTertiary = Color(0xFF6B7280),
+    accent = Color(0xFF6EA8FF),
+    accentSoft = Color(0xFF1A2A44),
+    accentBorderStrong = Color(0xFF5B93E8),
+    success = Color(0xFF5FBB85),
+    successSoft = Color(0xFF152E22),
+    warning = Color(0xFFE8A844),
+    warningSoft = Color(0xFF2E2212),
+    danger = Color(0xFFE87070),
+    dangerSoft = Color(0xFF2E1616),
+    codeBg = Color(0xFF111317),
+    codeText = Color(0xFFE8EAEE),
+    codeBorder = Color(0xFF2B2E35),
+    codeAccent = Color(0xFF3FC97A),
+    chipBorderConnected = Color(0xFF1E4A30),
+    chipBorderConnecting = Color(0xFF1E3358),
+    chipBorderWarning = Color(0xFF3E3018),
+    chipBorderError = Color(0xFF3E1E1E),
+  )
+
+internal val LocalMobileColors = staticCompositionLocalOf { lightMobileColors() }
+
+internal object MobileColorsAccessor {
+  val current: MobileColors
+    @Composable get() = LocalMobileColors.current
+}
+
+// ---------------------------------------------------------------------------
+// Backward-compatible top-level accessors (composable getters)
+// ---------------------------------------------------------------------------
+// These allow existing call sites to keep using `mobileSurface`, `mobileText`, etc.
+// without converting every file at once. Each resolves to the themed value.
+
+internal val mobileSurface: Color @Composable get() = LocalMobileColors.current.surface
+internal val mobileSurfaceStrong: Color @Composable get() = LocalMobileColors.current.surfaceStrong
+internal val mobileCardSurface: Color @Composable get() = LocalMobileColors.current.cardSurface
+internal val mobileBorder: Color @Composable get() = LocalMobileColors.current.border
+internal val mobileBorderStrong: Color @Composable get() = LocalMobileColors.current.borderStrong
+internal val mobileText: Color @Composable get() = LocalMobileColors.current.text
+internal val mobileTextSecondary: Color @Composable get() = LocalMobileColors.current.textSecondary
+internal val mobileTextTertiary: Color @Composable get() = LocalMobileColors.current.textTertiary
+internal val mobileAccent: Color @Composable get() = LocalMobileColors.current.accent
+internal val mobileAccentSoft: Color @Composable get() = LocalMobileColors.current.accentSoft
+internal val mobileAccentBorderStrong: Color @Composable get() = LocalMobileColors.current.accentBorderStrong
+internal val mobileSuccess: Color @Composable get() = LocalMobileColors.current.success
+internal val mobileSuccessSoft: Color @Composable get() = LocalMobileColors.current.successSoft
+internal val mobileWarning: Color @Composable get() = LocalMobileColors.current.warning
+internal val mobileWarningSoft: Color @Composable get() = LocalMobileColors.current.warningSoft
+internal val mobileDanger: Color @Composable get() = LocalMobileColors.current.danger
+internal val mobileDangerSoft: Color @Composable get() = LocalMobileColors.current.dangerSoft
+internal val mobileCodeBg: Color @Composable get() = LocalMobileColors.current.codeBg
+internal val mobileCodeText: Color @Composable get() = LocalMobileColors.current.codeText
+internal val mobileCodeBorder: Color @Composable get() = LocalMobileColors.current.codeBorder
+internal val mobileCodeAccent: Color @Composable get() = LocalMobileColors.current.codeAccent
+
+// Background gradient – light fades white→gray, dark fades near-black→dark-gray
+internal val mobileBackgroundGradient: Brush
+  @Composable get() {
+    val colors = LocalMobileColors.current
+    return Brush.verticalGradient(
+      listOf(
+        colors.surface,
+        colors.surfaceStrong,
+        colors.surfaceStrong,
+      ),
+    )
+  }
+
+// ---------------------------------------------------------------------------
+// Typography tokens (theme-independent)
+// ---------------------------------------------------------------------------
 
 internal val mobileFontFamily =
   FontFamily(
@@ -44,6 +161,15 @@ internal val mobileFontFamily =
     Font(resId = R.font.manrope_700_bold, weight = FontWeight.Bold),
   )
 
+internal val mobileDisplay =
+  TextStyle(
+    fontFamily = mobileFontFamily,
+    fontWeight = FontWeight.Bold,
+    fontSize = 34.sp,
+    lineHeight = 40.sp,
+    letterSpacing = (-0.8).sp,
+  )
+
 internal val mobileTitle1 =
   TextStyle(
     fontFamily = mobileFontFamily,

apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt

@@ -81,7 +81,6 @@ import androidx.compose.ui.Modifier
 import androidx.compose.ui.graphics.Brush
 import androidx.compose.ui.graphics.Color
 import androidx.compose.ui.text.TextStyle
-import androidx.compose.ui.text.font.Font
 import androidx.compose.ui.text.font.FontFamily
 import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.text.input.KeyboardType
@@ -94,7 +93,6 @@ import androidx.lifecycle.LifecycleEventObserver
 import androidx.lifecycle.compose.LocalLifecycleOwner
 import ai.openclaw.app.LocationMode
 import ai.openclaw.app.MainViewModel
-import ai.openclaw.app.R
 import ai.openclaw.app.node.DeviceNotificationListenerService
 import com.google.mlkit.vision.barcode.common.Barcode
 import com.google.mlkit.vision.codescanner.GmsBarcodeScannerOptions
@@ -129,95 +127,80 @@ private enum class SpecialAccessToggle {
   NotificationListener,
 }
 
-private val onboardingBackgroundGradient =
-  listOf(
-    Color(0xFFFFFFFF),
-    Color(0xFFF7F8FA),
-    Color(0xFFEFF1F5),
-  )
-private val onboardingSurface = Color(0xFFF6F7FA)
-private val onboardingBorder = Color(0xFFE5E7EC)
-private val onboardingBorderStrong = Color(0xFFD6DAE2)
-private val onboardingText = Color(0xFF17181C)
-private val onboardingTextSecondary = Color(0xFF4D5563)
-private val onboardingTextTertiary = Color(0xFF8A92A2)
-private val onboardingAccent = Color(0xFF1D5DD8)
-private val onboardingAccentSoft = Color(0xFFECF3FF)
-private val onboardingSuccess = Color(0xFF2F8C5A)
-private val onboardingWarning = Color(0xFFC8841A)
-private val onboardingCommandBg = Color(0xFF15171B)
-private val onboardingCommandBorder = Color(0xFF2B2E35)
-private val onboardingCommandAccent = Color(0xFF3FC97A)
-private val onboardingCommandText = Color(0xFFE8EAEE)
+private val onboardingBackgroundGradient: Brush
+  @Composable get() = mobileBackgroundGradient
 
-private val onboardingFontFamily =
-  FontFamily(
-    Font(resId = R.font.manrope_400_regular, weight = FontWeight.Normal),
-    Font(resId = R.font.manrope_500_medium, weight = FontWeight.Medium),
-    Font(resId = R.font.manrope_600_semibold, weight = FontWeight.SemiBold),
-    Font(resId = R.font.manrope_700_bold, weight = FontWeight.Bold),
-  )
+private val onboardingSurface: Color
+  @Composable get() = mobileCardSurface
 
-private val onboardingDisplayStyle =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.Bold,
-    fontSize = 34.sp,
-    lineHeight = 40.sp,
-    letterSpacing = (-0.8).sp,
-  )
+private val onboardingBorder: Color
+  @Composable get() = mobileBorder
 
-private val onboardingTitle1Style =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.SemiBold,
-    fontSize = 24.sp,
-    lineHeight = 30.sp,
-    letterSpacing = (-0.5).sp,
-  )
+private val onboardingBorderStrong: Color
+  @Composable get() = mobileBorderStrong
 
-private val onboardingHeadlineStyle =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.SemiBold,
-    fontSize = 16.sp,
-    lineHeight = 22.sp,
-    letterSpacing = (-0.1).sp,
-  )
+private val onboardingText: Color
+  @Composable get() = mobileText
 
-private val onboardingBodyStyle =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.Medium,
-    fontSize = 15.sp,
-    lineHeight = 22.sp,
-  )
+private val onboardingTextSecondary: Color
+  @Composable get() = mobileTextSecondary
 
-private val onboardingCalloutStyle =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.Medium,
-    fontSize = 14.sp,
-    lineHeight = 20.sp,
-  )
+private val onboardingTextTertiary: Color
+  @Composable get() = mobileTextTertiary
 
-private val onboardingCaption1Style =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.Medium,
-    fontSize = 12.sp,
-    lineHeight = 16.sp,
-    letterSpacing = 0.2.sp,
-  )
+private val onboardingAccent: Color
+  @Composable get() = mobileAccent
 
-private val onboardingCaption2Style =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.Medium,
-    fontSize = 11.sp,
-    lineHeight = 14.sp,
-    letterSpacing = 0.4.sp,
-  )
+private val onboardingAccentSoft: Color
+  @Composable get() = mobileAccentSoft
+
+private val onboardingAccentBorderStrong: Color
+  @Composable get() = mobileAccentBorderStrong
+
+private val onboardingSuccess: Color
+  @Composable get() = mobileSuccess
+
+private val onboardingSuccessSoft: Color
+  @Composable get() = mobileSuccessSoft
+
+private val onboardingWarning: Color
+  @Composable get() = mobileWarning
+
+private val onboardingWarningSoft: Color
+  @Composable get() = mobileWarningSoft
+
+private val onboardingCommandBg: Color
+  @Composable get() = mobileCodeBg
+
+private val onboardingCommandBorder: Color
+  @Composable get() = mobileCodeBorder
+
+private val onboardingCommandAccent: Color
+  @Composable get() = mobileCodeAccent
+
+private val onboardingCommandText: Color
+  @Composable get() = mobileCodeText
+
+private val onboardingDisplayStyle: TextStyle
+  get() = mobileDisplay
+
+private val onboardingTitle1Style: TextStyle
+  get() = mobileTitle1
+
+private val onboardingHeadlineStyle: TextStyle
+  get() = mobileHeadline
+
+private val onboardingBodyStyle: TextStyle
+  get() = mobileBody
+
+private val onboardingCalloutStyle: TextStyle
+  get() = mobileCallout
+
+private val onboardingCaption1Style: TextStyle
+  get() = mobileCaption1
+
+private val onboardingCaption2Style: TextStyle
+  get() = mobileCaption2
 
 @Composable
 fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
@@ -495,7 +478,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
     modifier =
       modifier
         .fillMaxSize()
-        .background(Brush.verticalGradient(onboardingBackgroundGradient)),
+        .background(onboardingBackgroundGradient),
   ) {
     Column(
       modifier =
@@ -755,13 +738,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
               onClick = { step = OnboardingStep.Gateway },
               modifier = Modifier.weight(1f).height(52.dp),
               shape = RoundedCornerShape(14.dp),
-              colors =
-                ButtonDefaults.buttonColors(
-                  containerColor = onboardingAccent,
-                  contentColor = Color.White,
-                  disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
-                  disabledContentColor = Color.White,
-                ),
+              colors = onboardingPrimaryButtonColors(),
             ) {
               Text("Next", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
             }
@@ -807,13 +784,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
               },
               modifier = Modifier.weight(1f).height(52.dp),
               shape = RoundedCornerShape(14.dp),
-              colors =
-                ButtonDefaults.buttonColors(
-                  containerColor = onboardingAccent,
-                  contentColor = Color.White,
-                  disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
-                  disabledContentColor = Color.White,
-                ),
+              colors = onboardingPrimaryButtonColors(),
             ) {
               Text("Next", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
             }
@@ -827,13 +798,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
               },
               modifier = Modifier.weight(1f).height(52.dp),
               shape = RoundedCornerShape(14.dp),
-              colors =
-                ButtonDefaults.buttonColors(
-                  containerColor = onboardingAccent,
-                  contentColor = Color.White,
-                  disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
-                  disabledContentColor = Color.White,
-                ),
+              colors = onboardingPrimaryButtonColors(),
             ) {
               Text("Next", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
             }
@@ -844,13 +809,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
                 onClick = { viewModel.setOnboardingCompleted(true) },
                 modifier = Modifier.weight(1f).height(52.dp),
                 shape = RoundedCornerShape(14.dp),
-                colors =
-                  ButtonDefaults.buttonColors(
-                    containerColor = onboardingAccent,
-                    contentColor = Color.White,
-                    disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
-                    disabledContentColor = Color.White,
-                  ),
+                colors = onboardingPrimaryButtonColors(),
               ) {
                 Text("Finish", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
               }
@@ -883,13 +842,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
                 },
                 modifier = Modifier.weight(1f).height(52.dp),
                 shape = RoundedCornerShape(14.dp),
-                colors =
-                  ButtonDefaults.buttonColors(
-                    containerColor = onboardingAccent,
-                    contentColor = Color.White,
-                    disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
-                    disabledContentColor = Color.White,
-                  ),
+                colors = onboardingPrimaryButtonColors(),
               ) {
                 Text("Connect", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
               }
@@ -901,6 +854,36 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
   }
 }
 
+@Composable
+private fun onboardingPrimaryButtonColors() =
+  ButtonDefaults.buttonColors(
+    containerColor = onboardingAccent,
+    contentColor = Color.White,
+    disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
+    disabledContentColor = Color.White.copy(alpha = 0.9f),
+  )
+
+@Composable
+private fun onboardingTextFieldColors() =
+  OutlinedTextFieldDefaults.colors(
+    focusedContainerColor = onboardingSurface,
+    unfocusedContainerColor = onboardingSurface,
+    focusedBorderColor = onboardingAccent,
+    unfocusedBorderColor = onboardingBorder,
+    focusedTextColor = onboardingText,
+    unfocusedTextColor = onboardingText,
+    cursorColor = onboardingAccent,
+  )
+
+@Composable
+private fun onboardingSwitchColors() =
+  SwitchDefaults.colors(
+    checkedTrackColor = onboardingAccent,
+    uncheckedTrackColor = onboardingBorderStrong,
+    checkedThumbColor = Color.White,
+    uncheckedThumbColor = Color.White,
+  )
+
 @Composable
 private fun StepRail(current: OnboardingStep) {
   val steps = OnboardingStep.entries
@@ -1005,11 +988,7 @@ private fun GatewayStep(
       onClick = onScanQrClick,
       modifier = Modifier.fillMaxWidth().height(48.dp),
       shape = RoundedCornerShape(12.dp),
-      colors =
-        ButtonDefaults.buttonColors(
-          containerColor = onboardingAccent,
-          contentColor = Color.White,
-        ),
+      colors = onboardingPrimaryButtonColors(),
     ) {
       Text("Scan QR code", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
     }
@@ -1059,15 +1038,7 @@ private fun GatewayStep(
             textStyle = onboardingBodyStyle.copy(fontFamily = FontFamily.Monospace, color = onboardingText),
             shape = RoundedCornerShape(14.dp),
             colors =
-              OutlinedTextFieldDefaults.colors(
-                focusedContainerColor = onboardingSurface,
-                unfocusedContainerColor = onboardingSurface,
-                focusedBorderColor = onboardingAccent,
-                unfocusedBorderColor = onboardingBorder,
-                focusedTextColor = onboardingText,
-                unfocusedTextColor = onboardingText,
-                cursorColor = onboardingAccent,
-              ),
+              onboardingTextFieldColors(),
           )
           if (!resolvedEndpoint.isNullOrBlank()) {
             ResolvedEndpoint(endpoint = resolvedEndpoint)
@@ -1097,15 +1068,7 @@ private fun GatewayStep(
             textStyle = onboardingBodyStyle.copy(color = onboardingText),
             shape = RoundedCornerShape(14.dp),
             colors =
-              OutlinedTextFieldDefaults.colors(
-                focusedContainerColor = onboardingSurface,
-                unfocusedContainerColor = onboardingSurface,
-                focusedBorderColor = onboardingAccent,
-                unfocusedBorderColor = onboardingBorder,
-                focusedTextColor = onboardingText,
-                unfocusedTextColor = onboardingText,
-                cursorColor = onboardingAccent,
-              ),
+              onboardingTextFieldColors(),
           )
 
           Text("PORT", style = onboardingCaption1Style.copy(letterSpacing = 0.9.sp), color = onboardingTextSecondary)
@@ -1119,15 +1082,7 @@ private fun GatewayStep(
             textStyle = onboardingBodyStyle.copy(fontFamily = FontFamily.Monospace, color = onboardingText),
             shape = RoundedCornerShape(14.dp),
             colors =
-              OutlinedTextFieldDefaults.colors(
-                focusedContainerColor = onboardingSurface,
-                unfocusedContainerColor = onboardingSurface,
-                focusedBorderColor = onboardingAccent,
-                unfocusedBorderColor = onboardingBorder,
-                focusedTextColor = onboardingText,
-                unfocusedTextColor = onboardingText,
-                cursorColor = onboardingAccent,
-              ),
+              onboardingTextFieldColors(),
           )
 
           Row(
@@ -1143,12 +1098,7 @@ private fun GatewayStep(
               checked = manualTls,
               onCheckedChange = onManualTlsChange,
               colors =
-                SwitchDefaults.colors(
-                  checkedTrackColor = onboardingAccent,
-                  uncheckedTrackColor = onboardingBorderStrong,
-                  checkedThumbColor = Color.White,
-                  uncheckedThumbColor = Color.White,
-                ),
+                onboardingSwitchColors(),
             )
           }
 
@@ -1163,15 +1113,7 @@ private fun GatewayStep(
             textStyle = onboardingBodyStyle.copy(color = onboardingText),
             shape = RoundedCornerShape(14.dp),
             colors =
-              OutlinedTextFieldDefaults.colors(
-                focusedContainerColor = onboardingSurface,
-                unfocusedContainerColor = onboardingSurface,
-                focusedBorderColor = onboardingAccent,
-                unfocusedBorderColor = onboardingBorder,
-                focusedTextColor = onboardingText,
-                unfocusedTextColor = onboardingText,
-                cursorColor = onboardingAccent,
-              ),
+              onboardingTextFieldColors(),
           )
 
           Text("PASSWORD (OPTIONAL)", style = onboardingCaption1Style.copy(letterSpacing = 0.9.sp), color = onboardingTextSecondary)
@@ -1185,15 +1127,7 @@ private fun GatewayStep(
             textStyle = onboardingBodyStyle.copy(color = onboardingText),
             shape = RoundedCornerShape(14.dp),
             colors =
-              OutlinedTextFieldDefaults.colors(
-                focusedContainerColor = onboardingSurface,
-                unfocusedContainerColor = onboardingSurface,
-                focusedBorderColor = onboardingAccent,
-                unfocusedBorderColor = onboardingBorder,
-                focusedTextColor = onboardingText,
-                unfocusedTextColor = onboardingText,
-                cursorColor = onboardingAccent,
-              ),
+              onboardingTextFieldColors(),
           )
 
           if (!manualResolvedEndpoint.isNullOrBlank()) {
@@ -1261,7 +1195,7 @@ private fun GatewayModeChip(
         containerColor = if (active) onboardingAccent else onboardingSurface,
         contentColor = if (active) Color.White else onboardingText,
       ),
-    border = androidx.compose.foundation.BorderStroke(1.dp, if (active) Color(0xFF184DAF) else onboardingBorderStrong),
+    border = androidx.compose.foundation.BorderStroke(1.dp, if (active) onboardingAccentBorderStrong else onboardingBorderStrong),
   ) {
     Text(
       text = label,
@@ -1524,13 +1458,7 @@ private fun PermissionToggleRow(
       checked = checked,
       onCheckedChange = onCheckedChange,
       enabled = enabled,
-      colors =
-        SwitchDefaults.colors(
-          checkedTrackColor = onboardingAccent,
-          uncheckedTrackColor = onboardingBorderStrong,
-          checkedThumbColor = Color.White,
-          uncheckedThumbColor = Color.White,
-        ),
+      colors = onboardingSwitchColors(),
     )
   }
 }
@@ -1605,7 +1533,7 @@ private fun FinalStep(
       Surface(
         modifier = Modifier.fillMaxWidth(),
         shape = RoundedCornerShape(14.dp),
-        color = Color(0xFFEEF9F3),
+        color = onboardingSuccessSoft,
         border = androidx.compose.foundation.BorderStroke(1.dp, onboardingSuccess.copy(alpha = 0.2f)),
       ) {
         Row(
@@ -1641,7 +1569,7 @@ private fun FinalStep(
       Surface(
         modifier = Modifier.fillMaxWidth(),
         shape = RoundedCornerShape(14.dp),
-        color = Color(0xFFFFF8EC),
+        color = onboardingWarningSoft,
         border = androidx.compose.foundation.BorderStroke(1.dp, onboardingWarning.copy(alpha = 0.2f)),
       ) {
         Column(

apps/android/app/src/main/java/ai/openclaw/app/ui/OpenClawTheme.kt

@@ -5,6 +5,7 @@ import androidx.compose.material3.MaterialTheme
 import androidx.compose.material3.dynamicDarkColorScheme
 import androidx.compose.material3.dynamicLightColorScheme
 import androidx.compose.runtime.Composable
+import androidx.compose.runtime.CompositionLocalProvider
 import androidx.compose.ui.graphics.Color
 import androidx.compose.ui.platform.LocalContext
 
@@ -13,8 +14,11 @@ fun OpenClawTheme(content: @Composable () -> Unit) {
   val context = LocalContext.current
   val isDark = isSystemInDarkTheme()
   val colorScheme = if (isDark) dynamicDarkColorScheme(context) else dynamicLightColorScheme(context)
+  val mobileColors = if (isDark) darkMobileColors() else lightMobileColors()
 
-  MaterialTheme(colorScheme = colorScheme, content = content)
+  CompositionLocalProvider(LocalMobileColors provides mobileColors) {
+    MaterialTheme(colorScheme = colorScheme, content = content)
+  }
 }
 
 @Composable

apps/android/app/src/main/java/ai/openclaw/app/ui/PostOnboardingTabs.kt

@@ -159,28 +159,28 @@ private fun TopStatusBar(
           mobileSuccessSoft,
           mobileSuccess,
           mobileSuccess,
-          Color(0xFFCFEBD8),
+          LocalMobileColors.current.chipBorderConnected,
         )
       StatusVisual.Connecting ->
         listOf(
           mobileAccentSoft,
           mobileAccent,
           mobileAccent,
-          Color(0xFFD5E2FA),
+          LocalMobileColors.current.chipBorderConnecting,
         )
       StatusVisual.Warning ->
         listOf(
           mobileWarningSoft,
           mobileWarning,
           mobileWarning,
-          Color(0xFFEED8B8),
+          LocalMobileColors.current.chipBorderWarning,
         )
       StatusVisual.Error ->
         listOf(
           mobileDangerSoft,
           mobileDanger,
           mobileDanger,
-          Color(0xFFF3C8C8),
+          LocalMobileColors.current.chipBorderError,
         )
       StatusVisual.Offline ->
         listOf(
@@ -249,7 +249,7 @@ private fun BottomTabBar(
   ) {
     Surface(
       modifier = Modifier.fillMaxWidth(),
-      color = Color.White.copy(alpha = 0.97f),
+      color = mobileCardSurface.copy(alpha = 0.97f),
       shape = RoundedCornerShape(topStart = 24.dp, topEnd = 24.dp),
       border = BorderStroke(1.dp, mobileBorder),
       shadowElevation = 6.dp,
@@ -270,7 +270,7 @@ private fun BottomTabBar(
             modifier = Modifier.weight(1f).heightIn(min = 58.dp),
             shape = RoundedCornerShape(16.dp),
             color = if (active) mobileAccentSoft else Color.Transparent,
-            border = if (active) BorderStroke(1.dp, Color(0xFFD5E2FA)) else null,
+            border = if (active) BorderStroke(1.dp, LocalMobileColors.current.chipBorderConnecting) else null,
             shadowElevation = 0.dp,
           ) {
             Column(

apps/android/app/src/main/java/ai/openclaw/app/ui/SettingsSheet.kt

@@ -736,11 +736,12 @@ private fun settingsTextFieldColors() =
     cursorColor = mobileAccent,
   )
 
+@Composable
 private fun Modifier.settingsRowModifier() =
   this
     .fillMaxWidth()
     .border(width = 1.dp, color = mobileBorder, shape = RoundedCornerShape(14.dp))
-    .background(Color.White, RoundedCornerShape(14.dp))
+    .background(mobileCardSurface, RoundedCornerShape(14.dp))
 
 @Composable
 private fun settingsPrimaryButtonColors() =

apps/android/app/src/main/java/ai/openclaw/app/ui/VoiceTabScreen.kt

@@ -363,7 +363,7 @@ private fun VoiceTurnBubble(entry: VoiceConversationEntry) {
     Surface(
       modifier = Modifier.fillMaxWidth(0.90f),
       shape = RoundedCornerShape(12.dp),
-      color = if (isUser) mobileAccentSoft else Color.White,
+      color = if (isUser) mobileAccentSoft else mobileCardSurface,
       border = BorderStroke(1.dp, if (isUser) mobileAccent else mobileBorderStrong),
     ) {
       Column(
@@ -391,7 +391,7 @@ private fun VoiceThinkingBubble() {
     Surface(
       modifier = Modifier.fillMaxWidth(0.68f),
       shape = RoundedCornerShape(12.dp),
-      color = Color.White,
+      color = mobileCardSurface,
       border = BorderStroke(1.dp, mobileBorderStrong),
     ) {
       Row(

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatComposer.kt

@@ -46,11 +46,13 @@ import androidx.compose.ui.text.style.TextOverflow
 import androidx.compose.ui.unit.dp
 import androidx.compose.ui.unit.sp
 import ai.openclaw.app.ui.mobileAccent
+import ai.openclaw.app.ui.mobileAccentBorderStrong
 import ai.openclaw.app.ui.mobileAccentSoft
 import ai.openclaw.app.ui.mobileBorder
 import ai.openclaw.app.ui.mobileBorderStrong
 import ai.openclaw.app.ui.mobileCallout
 import ai.openclaw.app.ui.mobileCaption1
+import ai.openclaw.app.ui.mobileCardSurface
 import ai.openclaw.app.ui.mobileHeadline
 import ai.openclaw.app.ui.mobileSurface
 import ai.openclaw.app.ui.mobileText
@@ -110,7 +112,7 @@ fun ChatComposer(
         Surface(
           onClick = { showThinkingMenu = true },
           shape = RoundedCornerShape(14.dp),
-          color = Color.White,
+          color = mobileCardSurface,
           border = BorderStroke(1.dp, mobileBorderStrong),
         ) {
           Row(
@@ -177,7 +179,7 @@ fun ChatComposer(
             disabledContainerColor = mobileBorderStrong,
             disabledContentColor = mobileTextTertiary,
           ),
-        border = BorderStroke(1.dp, if (canSend) Color(0xFF154CAD) else mobileBorderStrong),
+        border = BorderStroke(1.dp, if (canSend) mobileAccentBorderStrong else mobileBorderStrong),
       ) {
         if (sendBusy) {
           CircularProgressIndicator(modifier = Modifier.size(16.dp), strokeWidth = 2.dp, color = Color.White)
@@ -211,9 +213,9 @@ private fun SecondaryActionButton(
     shape = RoundedCornerShape(14.dp),
     colors =
       ButtonDefaults.buttonColors(
-        containerColor = Color.White,
+        containerColor = mobileCardSurface,
         contentColor = mobileTextSecondary,
-        disabledContainerColor = Color.White,
+        disabledContainerColor = mobileCardSurface,
         disabledContentColor = mobileTextTertiary,
       ),
     border = BorderStroke(1.dp, mobileBorderStrong),
@@ -303,7 +305,7 @@ private fun AttachmentChip(fileName: String, onRemove: () -> Unit) {
       Surface(
         onClick = onRemove,
         shape = RoundedCornerShape(999.dp),
-        color = Color.White,
+        color = mobileCardSurface,
         border = BorderStroke(1.dp, mobileBorderStrong),
       ) {
         Text(

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMarkdown.kt

@@ -94,7 +94,7 @@ private val markdownParser: Parser by lazy {
 @Composable
 fun ChatMarkdown(text: String, textColor: Color) {
   val document = remember(text) { markdownParser.parse(text) as Document }
-  val inlineStyles = InlineStyles(inlineCodeBg = mobileCodeBg, inlineCodeColor = mobileCodeText)
+  val inlineStyles = InlineStyles(inlineCodeBg = mobileCodeBg, inlineCodeColor = mobileCodeText, linkColor = mobileAccent, baseCallout = mobileCallout)
 
   Column(verticalArrangement = Arrangement.spacedBy(10.dp)) {
     RenderMarkdownBlocks(
@@ -124,7 +124,7 @@ private fun RenderMarkdownBlocks(
         val headingText = remember(current) { buildInlineMarkdown(current.firstChild, inlineStyles) }
         Text(
           text = headingText,
-          style = headingStyle(current.level),
+          style = headingStyle(current.level, inlineStyles.baseCallout),
           color = textColor,
         )
       }
@@ -231,7 +231,7 @@ private fun RenderParagraph(
 
   Text(
     text = annotated,
-    style = mobileCallout,
+    style = inlineStyles.baseCallout,
     color = textColor,
   )
 }
@@ -315,7 +315,7 @@ private fun RenderListItem(
   ) {
     Text(
       text = marker,
-      style = mobileCallout.copy(fontWeight = FontWeight.SemiBold),
+      style = inlineStyles.baseCallout.copy(fontWeight = FontWeight.SemiBold),
       color = textColor,
       modifier = Modifier.width(24.dp),
     )
@@ -360,7 +360,7 @@ private fun RenderTableBlock(
           val cell = row.cells.getOrNull(index) ?: AnnotatedString("")
           Text(
             text = cell,
-            style = if (row.isHeader) mobileCaption1.copy(fontWeight = FontWeight.SemiBold) else mobileCallout,
+            style = if (row.isHeader) mobileCaption1.copy(fontWeight = FontWeight.SemiBold) else inlineStyles.baseCallout,
             color = textColor,
             modifier = Modifier
               .border(1.dp, mobileTextSecondary.copy(alpha = 0.22f))
@@ -417,6 +417,7 @@ private fun buildInlineMarkdown(start: Node?, inlineStyles: InlineStyles): Annot
       node = start,
       inlineCodeBg = inlineStyles.inlineCodeBg,
       inlineCodeColor = inlineStyles.inlineCodeColor,
+      linkColor = inlineStyles.linkColor,
     )
   }
 }
@@ -425,6 +426,7 @@ private fun AnnotatedString.Builder.appendInlineNode(
   node: Node?,
   inlineCodeBg: Color,
   inlineCodeColor: Color,
+  linkColor: Color,
 ) {
   var current = node
   while (current != null) {
@@ -445,27 +447,27 @@ private fun AnnotatedString.Builder.appendInlineNode(
       }
       is Emphasis -> {
         withStyle(SpanStyle(fontStyle = FontStyle.Italic)) {
-          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor)
+          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor, linkColor = linkColor)
         }
       }
       is StrongEmphasis -> {
         withStyle(SpanStyle(fontWeight = FontWeight.SemiBold)) {
-          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor)
+          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor, linkColor = linkColor)
         }
       }
       is Strikethrough -> {
         withStyle(SpanStyle(textDecoration = TextDecoration.LineThrough)) {
-          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor)
+          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor, linkColor = linkColor)
         }
       }
       is Link -> {
         withStyle(
           SpanStyle(
-            color = mobileAccent,
+            color = linkColor,
             textDecoration = TextDecoration.Underline,
           ),
         ) {
-          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor)
+          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor, linkColor = linkColor)
         }
       }
       is MarkdownImage -> {
@@ -482,7 +484,7 @@ private fun AnnotatedString.Builder.appendInlineNode(
         }
       }
       else -> {
-        appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor)
+        appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor, linkColor = linkColor)
       }
     }
     current = current.next
@@ -519,19 +521,21 @@ private fun parseDataImageDestination(destination: String?): ParsedDataImage? {
   return ParsedDataImage(mimeType = "image/$subtype", base64 = base64)
 }
 
-private fun headingStyle(level: Int): TextStyle {
+private fun headingStyle(level: Int, baseCallout: TextStyle): TextStyle {
   return when (level.coerceIn(1, 6)) {
-    1 -> mobileCallout.copy(fontSize = 22.sp, lineHeight = 28.sp, fontWeight = FontWeight.Bold)
-    2 -> mobileCallout.copy(fontSize = 20.sp, lineHeight = 26.sp, fontWeight = FontWeight.Bold)
-    3 -> mobileCallout.copy(fontSize = 18.sp, lineHeight = 24.sp, fontWeight = FontWeight.SemiBold)
-    4 -> mobileCallout.copy(fontSize = 16.sp, lineHeight = 22.sp, fontWeight = FontWeight.SemiBold)
-    else -> mobileCallout.copy(fontWeight = FontWeight.SemiBold)
+    1 -> baseCallout.copy(fontSize = 22.sp, lineHeight = 28.sp, fontWeight = FontWeight.Bold)
+    2 -> baseCallout.copy(fontSize = 20.sp, lineHeight = 26.sp, fontWeight = FontWeight.Bold)
+    3 -> baseCallout.copy(fontSize = 18.sp, lineHeight = 24.sp, fontWeight = FontWeight.SemiBold)
+    4 -> baseCallout.copy(fontSize = 16.sp, lineHeight = 22.sp, fontWeight = FontWeight.SemiBold)
+    else -> baseCallout.copy(fontWeight = FontWeight.SemiBold)
   }
 }
 
 private data class InlineStyles(
   val inlineCodeBg: Color,
   val inlineCodeColor: Color,
+  val linkColor: Color,
+  val baseCallout: TextStyle,
 )
 
 private data class TableRenderRow(

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMessageListCard.kt

@@ -19,6 +19,7 @@ import ai.openclaw.app.chat.ChatMessage
 import ai.openclaw.app.chat.ChatPendingToolCall
 import ai.openclaw.app.ui.mobileBorder
 import ai.openclaw.app.ui.mobileCallout
+import ai.openclaw.app.ui.mobileCardSurface
 import ai.openclaw.app.ui.mobileHeadline
 import ai.openclaw.app.ui.mobileText
 import ai.openclaw.app.ui.mobileTextSecondary
@@ -85,7 +86,7 @@ private fun EmptyChatHint(modifier: Modifier = Modifier, healthOk: Boolean) {
   Surface(
     modifier = modifier.fillMaxWidth(),
     shape = RoundedCornerShape(14.dp),
-    color = androidx.compose.ui.graphics.Color.White.copy(alpha = 0.9f),
+    color = mobileCardSurface.copy(alpha = 0.9f),
     border = androidx.compose.foundation.BorderStroke(1.dp, mobileBorder),
   ) {
     androidx.compose.foundation.layout.Column(

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMessageViews.kt

@@ -36,7 +36,9 @@ import ai.openclaw.app.ui.mobileBorderStrong
 import ai.openclaw.app.ui.mobileCallout
 import ai.openclaw.app.ui.mobileCaption1
 import ai.openclaw.app.ui.mobileCaption2
+import ai.openclaw.app.ui.mobileCardSurface
 import ai.openclaw.app.ui.mobileCodeBg
+import ai.openclaw.app.ui.mobileCodeBorder
 import ai.openclaw.app.ui.mobileCodeText
 import ai.openclaw.app.ui.mobileHeadline
 import ai.openclaw.app.ui.mobileText
@@ -194,6 +196,7 @@ fun ChatStreamingAssistantBubble(text: String) {
   }
 }
 
+@Composable
 private fun bubbleStyle(role: String): ChatBubbleStyle {
   return when (role) {
     "user" ->
@@ -215,7 +218,7 @@ private fun bubbleStyle(role: String): ChatBubbleStyle {
     else ->
       ChatBubbleStyle(
         alignEnd = false,
-        containerColor = Color.White,
+        containerColor = mobileCardSurface,
         borderColor = mobileBorderStrong,
         roleColor = mobileTextSecondary,
       )
@@ -239,7 +242,7 @@ private fun ChatBase64Image(base64: String, mimeType: String?) {
     Surface(
       shape = RoundedCornerShape(10.dp),
       border = BorderStroke(1.dp, mobileBorder),
-      color = Color.White,
+      color = mobileCardSurface,
       modifier = Modifier.fillMaxWidth(),
     ) {
       Image(
@@ -277,7 +280,7 @@ fun ChatCodeBlock(code: String, language: String?) {
   Surface(
     shape = RoundedCornerShape(8.dp),
     color = mobileCodeBg,
-    border = BorderStroke(1.dp, Color(0xFF2B2E35)),
+    border = BorderStroke(1.dp, mobileCodeBorder),
     modifier = Modifier.fillMaxWidth(),
   ) {
     Column(modifier = Modifier.padding(horizontal = 10.dp, vertical = 8.dp), verticalArrangement = Arrangement.spacedBy(4.dp)) {

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatSheetContent.kt

@@ -36,12 +36,15 @@ import ai.openclaw.app.MainViewModel
 import ai.openclaw.app.chat.ChatSessionEntry
 import ai.openclaw.app.chat.OutgoingAttachment
 import ai.openclaw.app.ui.mobileAccent
+import ai.openclaw.app.ui.mobileAccentBorderStrong
 import ai.openclaw.app.ui.mobileBorder
 import ai.openclaw.app.ui.mobileBorderStrong
 import ai.openclaw.app.ui.mobileCallout
+import ai.openclaw.app.ui.mobileCardSurface
 import ai.openclaw.app.ui.mobileCaption1
 import ai.openclaw.app.ui.mobileCaption2
 import ai.openclaw.app.ui.mobileDanger
+import ai.openclaw.app.ui.mobileDangerSoft
 import ai.openclaw.app.ui.mobileText
 import ai.openclaw.app.ui.mobileTextSecondary
 import java.io.ByteArrayOutputStream
@@ -168,8 +171,8 @@ private fun ChatThreadSelector(
       Surface(
         onClick = { onSelectSession(entry.key) },
         shape = RoundedCornerShape(14.dp),
-        color = if (active) mobileAccent else Color.White,
-        border = BorderStroke(1.dp, if (active) Color(0xFF154CAD) else mobileBorderStrong),
+        color = if (active) mobileAccent else mobileCardSurface,
+        border = BorderStroke(1.dp, if (active) mobileAccentBorderStrong else mobileBorderStrong),
         tonalElevation = 0.dp,
         shadowElevation = 0.dp,
       ) {
@@ -190,7 +193,7 @@ private fun ChatThreadSelector(
 private fun ChatErrorRail(errorText: String) {
   Surface(
     modifier = Modifier.fillMaxWidth(),
-    color = androidx.compose.ui.graphics.Color.White,
+    color = mobileDangerSoft,
     shape = RoundedCornerShape(12.dp),
     border = androidx.compose.foundation.BorderStroke(1.dp, mobileDanger),
   ) {

apps/android/app/src/main/res/values-night/themes.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <style name="Theme.OpenClawNode" parent="Theme.Material3.DayNight.NoActionBar">
+        <item name="android:statusBarColor">@android:color/transparent</item>
+        <item name="android:navigationBarColor">@android:color/transparent</item>
+        <item name="android:windowLightStatusBar">false</item>
+    </style>
+</resources>

apps/ios/Config/Version.xcconfig

@@ -1,8 +1,8 @@
 // Shared iOS version defaults.
 // Generated overrides live in build/Version.xcconfig (git-ignored).
 
-OPENCLAW_GATEWAY_VERSION = 0.0.0
-OPENCLAW_MARKETING_VERSION = 0.0.0
-OPENCLAW_BUILD_VERSION = 0
+OPENCLAW_GATEWAY_VERSION = 2026.3.14
+OPENCLAW_MARKETING_VERSION = 2026.3.14
+OPENCLAW_BUILD_VERSION = 202603140
 
 #include? "../build/Version.xcconfig"

apps/macos/Sources/OpenClaw/CronJobEditor+Helpers.swift

@@ -16,7 +16,14 @@ extension CronJobEditor {
         self.agentId = job.agentId ?? ""
         self.enabled = job.enabled
         self.deleteAfterRun = job.deleteAfterRun ?? false
-        self.sessionTarget = job.sessionTarget
+        switch job.parsedSessionTarget {
+        case .predefined(let target):
+            self.sessionTarget = target
+            self.preservedSessionTargetRaw = nil
+        case .session(let id):
+            self.sessionTarget = .isolated
+            self.preservedSessionTargetRaw = "session:\(id)"
+        }
         self.wakeMode = job.wakeMode
 
         switch job.schedule {
@@ -51,7 +58,7 @@ extension CronJobEditor {
             self.channel = trimmed.isEmpty ? "last" : trimmed
             self.to = delivery.to ?? ""
             self.bestEffortDeliver = delivery.bestEffort ?? false
-        } else if self.sessionTarget == .isolated {
+        } else if self.isIsolatedLikeSessionTarget {
             self.deliveryMode = .announce
         }
     }
@@ -80,7 +87,7 @@ extension CronJobEditor {
             "name": name,
             "enabled": self.enabled,
             "schedule": schedule,
-            "sessionTarget": self.sessionTarget.rawValue,
+            "sessionTarget": self.effectiveSessionTargetRaw,
             "wakeMode": self.wakeMode.rawValue,
             "payload": payload,
         ]
@@ -92,7 +99,7 @@ extension CronJobEditor {
             root["agentId"] = NSNull()
         }
 
-        if self.sessionTarget == .isolated {
+        if self.isIsolatedLikeSessionTarget {
             root["delivery"] = self.buildDelivery()
         }
 
@@ -160,7 +167,7 @@ extension CronJobEditor {
     }
 
     func buildSelectedPayload() throws -> [String: Any] {
-        if self.sessionTarget == .isolated { return self.buildAgentTurnPayload() }
+        if self.isIsolatedLikeSessionTarget { return self.buildAgentTurnPayload() }
         switch self.payloadKind {
         case .systemEvent:
             let text = self.trimmed(self.systemEventText)
@@ -171,7 +178,7 @@ extension CronJobEditor {
     }
 
     func validateSessionTarget(_ payload: [String: Any]) throws {
-        if self.sessionTarget == .main, payload["kind"] as? String == "agentTurn" {
+        if self.effectiveSessionTargetRaw == "main", payload["kind"] as? String == "agentTurn" {
             throw NSError(
                 domain: "Cron",
                 code: 0,
@@ -181,7 +188,7 @@ extension CronJobEditor {
                 ])
         }
 
-        if self.sessionTarget == .isolated, payload["kind"] as? String == "systemEvent" {
+        if self.effectiveSessionTargetRaw != "main", payload["kind"] as? String == "systemEvent" {
             throw NSError(
                 domain: "Cron",
                 code: 0,
@@ -257,6 +264,17 @@ extension CronJobEditor {
         return Int(floor(n * factor))
     }
 
+    var effectiveSessionTargetRaw: String {
+        if self.sessionTarget == .isolated, let preserved = self.preservedSessionTargetRaw?.trimmingCharacters(in: .whitespacesAndNewlines), !preserved.isEmpty {
+            return preserved
+        }
+        return self.sessionTarget.rawValue
+    }
+
+    var isIsolatedLikeSessionTarget: Bool {
+        self.effectiveSessionTargetRaw != "main"
+    }
+
     func formatDuration(ms: Int) -> String {
         DurationFormattingSupport.conciseDuration(ms: ms)
     }

apps/macos/Sources/OpenClaw/CronJobEditor.swift

@@ -16,7 +16,7 @@ struct CronJobEditor: View {
             + "Use an isolated session for agent turns so your main chat stays clean."
     static let sessionTargetNote =
         "Main jobs post a system event into the current main session. "
-            + "Isolated jobs run OpenClaw in a dedicated session and can announce results to a channel."
+            + "Current and isolated-style jobs run agent turns and can announce results to a channel."
     static let scheduleKindNote =
         "“At” runs once, “Every” repeats with a duration, “Cron” uses a 5-field Unix expression."
     static let isolatedPayloadNote =
@@ -29,6 +29,7 @@ struct CronJobEditor: View {
     @State var agentId: String = ""
     @State var enabled: Bool = true
     @State var sessionTarget: CronSessionTarget = .main
+    @State var preservedSessionTargetRaw: String?
     @State var wakeMode: CronWakeMode = .now
     @State var deleteAfterRun: Bool = false
 
@@ -117,6 +118,7 @@ struct CronJobEditor: View {
                                 Picker("", selection: self.$sessionTarget) {
                                     Text("main").tag(CronSessionTarget.main)
                                     Text("isolated").tag(CronSessionTarget.isolated)
+                                    Text("current").tag(CronSessionTarget.current)
                                 }
                                 .labelsHidden()
                                 .pickerStyle(.segmented)
@@ -209,7 +211,7 @@ struct CronJobEditor: View {
 
                     GroupBox("Payload") {
                         VStack(alignment: .leading, spacing: 10) {
-                            if self.sessionTarget == .isolated {
+                            if self.isIsolatedLikeSessionTarget {
                                 Text(Self.isolatedPayloadNote)
                                     .font(.footnote)
                                     .foregroundStyle(.secondary)
@@ -289,8 +291,11 @@ struct CronJobEditor: View {
                 self.sessionTarget = .isolated
             }
         }
-        .onChange(of: self.sessionTarget) { _, newValue in
-            if newValue == .isolated {
+        .onChange(of: self.sessionTarget) { oldValue, newValue in
+            if oldValue != newValue {
+                self.preservedSessionTargetRaw = nil
+            }
+            if newValue != .main {
                 self.payloadKind = .agentTurn
             } else if newValue == .main, self.payloadKind == .agentTurn {
                 self.payloadKind = .systemEvent

apps/macos/Sources/OpenClaw/CronModels.swift

@@ -3,12 +3,39 @@ import Foundation
 enum CronSessionTarget: String, CaseIterable, Identifiable, Codable {
     case main
     case isolated
+    case current
 
     var id: String {
         self.rawValue
     }
 }
 
+enum CronCustomSessionTarget: Codable, Equatable {
+    case predefined(CronSessionTarget)
+    case session(id: String)
+
+    var rawValue: String {
+        switch self {
+        case .predefined(let target):
+            return target.rawValue
+        case .session(let id):
+            return "session:\(id)"
+        }
+    }
+
+    static func from(_ value: String) -> CronCustomSessionTarget {
+        if let predefined = CronSessionTarget(rawValue: value) {
+            return .predefined(predefined)
+        }
+        if value.hasPrefix("session:") {
+            let sessionId = String(value.dropFirst(8))
+            return .session(id: sessionId)
+        }
+        // Fallback to isolated for unknown values
+        return .predefined(.isolated)
+    }
+}
+
 enum CronWakeMode: String, CaseIterable, Identifiable, Codable {
     case now
     case nextHeartbeat = "next-heartbeat"
@@ -204,12 +231,69 @@ struct CronJob: Identifiable, Codable, Equatable {
     let createdAtMs: Int
     let updatedAtMs: Int
     let schedule: CronSchedule
-    let sessionTarget: CronSessionTarget
+    private let sessionTargetRaw: String
     let wakeMode: CronWakeMode
     let payload: CronPayload
     let delivery: CronDelivery?
     let state: CronJobState
 
+    enum CodingKeys: String, CodingKey {
+        case id
+        case agentId
+        case name
+        case description
+        case enabled
+        case deleteAfterRun
+        case createdAtMs
+        case updatedAtMs
+        case schedule
+        case sessionTargetRaw = "sessionTarget"
+        case wakeMode
+        case payload
+        case delivery
+        case state
+    }
+
+    /// Parsed session target (predefined or custom session ID)
+    var parsedSessionTarget: CronCustomSessionTarget {
+        CronCustomSessionTarget.from(self.sessionTargetRaw)
+    }
+
+    /// Compatibility shim for existing editor/UI code paths that still use the
+    /// predefined enum.
+    var sessionTarget: CronSessionTarget {
+        switch self.parsedSessionTarget {
+        case .predefined(let target):
+            return target
+        case .session:
+            return .isolated
+        }
+    }
+
+    var sessionTargetDisplayValue: String {
+        self.parsedSessionTarget.rawValue
+    }
+
+    var transcriptSessionKey: String? {
+        switch self.parsedSessionTarget {
+        case .predefined(.main):
+            return nil
+        case .predefined(.isolated), .predefined(.current):
+            return "cron:\(self.id)"
+        case .session(let id):
+            return id
+        }
+    }
+
+    var supportsAnnounceDelivery: Bool {
+        switch self.parsedSessionTarget {
+        case .predefined(.main):
+            return false
+        case .predefined(.isolated), .predefined(.current), .session:
+            return true
+        }
+    }
+
     var displayName: String {
         let trimmed = self.name.trimmingCharacters(in: .whitespacesAndNewlines)
         return trimmed.isEmpty ? "Untitled job" : trimmed

apps/macos/Sources/OpenClaw/CronSettings+Rows.swift

@@ -18,7 +18,7 @@ extension CronSettings {
                 }
             }
             HStack(spacing: 6) {
-                StatusPill(text: job.sessionTarget.rawValue, tint: .secondary)
+                StatusPill(text: job.sessionTargetDisplayValue, tint: .secondary)
                 StatusPill(text: job.wakeMode.rawValue, tint: .secondary)
                 if let agentId = job.agentId, !agentId.isEmpty {
                     StatusPill(text: "agent \(agentId)", tint: .secondary)
@@ -34,9 +34,9 @@ extension CronSettings {
     @ViewBuilder
     func jobContextMenu(_ job: CronJob) -> some View {
         Button("Run now") { Task { await self.store.runJob(id: job.id, force: true) } }
-        if job.sessionTarget == .isolated {
+        if let transcriptSessionKey = job.transcriptSessionKey {
             Button("Open transcript") {
-                WebChatManager.shared.show(sessionKey: "cron:\(job.id)")
+                WebChatManager.shared.show(sessionKey: transcriptSessionKey)
             }
         }
         Divider()
@@ -75,9 +75,9 @@ extension CronSettings {
                     .labelsHidden()
                 Button("Run") { Task { await self.store.runJob(id: job.id, force: true) } }
                     .buttonStyle(.borderedProminent)
-                if job.sessionTarget == .isolated {
+                if let transcriptSessionKey = job.transcriptSessionKey {
                     Button("Transcript") {
-                        WebChatManager.shared.show(sessionKey: "cron:\(job.id)")
+                        WebChatManager.shared.show(sessionKey: transcriptSessionKey)
                     }
                     .buttonStyle(.bordered)
                 }
@@ -103,7 +103,7 @@ extension CronSettings {
             if let agentId = job.agentId, !agentId.isEmpty {
                 LabeledContent("Agent") { Text(agentId) }
             }
-            LabeledContent("Session") { Text(job.sessionTarget.rawValue) }
+            LabeledContent("Session") { Text(job.sessionTargetDisplayValue) }
             LabeledContent("Wake") { Text(job.wakeMode.rawValue) }
             LabeledContent("Next run") {
                 if let date = job.nextRunDate {
@@ -224,7 +224,7 @@ extension CronSettings {
                     HStack(spacing: 8) {
                         if let thinking, !thinking.isEmpty { StatusPill(text: "think \(thinking)", tint: .secondary) }
                         if let timeoutSeconds { StatusPill(text: "\(timeoutSeconds)s", tint: .secondary) }
-                        if job.sessionTarget == .isolated {
+                        if job.supportsAnnounceDelivery {
                             let delivery = job.delivery
                             if let delivery {
                                 if delivery.mode == .announce {

apps/macos/Sources/OpenClaw/Resources/Info.plist

@@ -15,9 +15,9 @@
     <key>CFBundlePackageType</key>
     <string>APPL</string>
     <key>CFBundleShortVersionString</key>
-    <string>2026.3.13</string>
+    <string>2026.3.14</string>
     <key>CFBundleVersion</key>
-    <string>202603130</string>
+    <string>202603140</string>
     <key>CFBundleIconFile</key>
     <string>OpenClaw</string>
     <key>CFBundleURLTypes</key>

docs/.generated/README.md

@@ -0,0 +1,8 @@
+# Generated Docs Artifacts
+
+These baseline artifacts are generated from the repo-owned OpenClaw config schema and bundled channel/plugin metadata.
+
+- Do not edit `config-baseline.json` by hand.
+- Do not edit `config-baseline.jsonl` by hand.
+- Regenerate it with `pnpm config:docs:gen`.
+- Validate it in CI or locally with `pnpm config:docs:check`.

docs/automation/cron-jobs.md

@@ -25,7 +25,9 @@ Troubleshooting: [/automation/troubleshooting](/automation/troubleshooting)
 - Jobs persist under `~/.openclaw/cron/` so restarts don’t lose schedules.
 - Two execution styles:
   - **Main session**: enqueue a system event, then run on the next heartbeat.
-  - **Isolated**: run a dedicated agent turn in `cron:<jobId>`, with delivery (announce by default or none).
+  - **Isolated**: run a dedicated agent turn in `cron:<jobId>` or a custom session, with delivery (announce by default or none).
+  - **Current session**: bind to the session where the cron is created (`sessionTarget: "current"`).
+  - **Custom session**: run in a persistent named session (`sessionTarget: "session:custom-id"`).
 - Wakeups are first-class: a job can request “wake now” vs “next heartbeat”.
 - Webhook posting is per job via `delivery.mode = "webhook"` + `delivery.to = "<url>"`.
 - Legacy fallback remains for stored jobs with `notify: true` when `cron.webhook` is set, migrate those jobs to webhook delivery mode.
@@ -86,6 +88,14 @@ Think of a cron job as: **when** to run + **what** to do.
 2. **Choose where it runs**
    - `sessionTarget: "main"` → run during the next heartbeat with main context.
    - `sessionTarget: "isolated"` → run a dedicated agent turn in `cron:<jobId>`.
+   - `sessionTarget: "current"` → bind to the current session (resolved at creation time to `session:<sessionKey>`).
+   - `sessionTarget: "session:custom-id"` → run in a persistent named session that maintains context across runs.
+
+   Default behavior (unchanged):
+   - `systemEvent` payloads default to `main`
+   - `agentTurn` payloads default to `isolated`
+
+   To use current session binding, explicitly set `sessionTarget: "current"`.
 
 3. **Choose the payload**
    - Main session → `payload.kind = "systemEvent"`
@@ -147,12 +157,13 @@ See [Heartbeat](/gateway/heartbeat).
 
 #### Isolated jobs (dedicated cron sessions)
 
-Isolated jobs run a dedicated agent turn in session `cron:<jobId>`.
+Isolated jobs run a dedicated agent turn in session `cron:<jobId>` or a custom session.
 
 Key behaviors:
 
 - Prompt is prefixed with `[cron:<jobId> <job name>]` for traceability.
-- Each run starts a **fresh session id** (no prior conversation carry-over).
+- Each run starts a **fresh session id** (no prior conversation carry-over), unless using a custom session.
+- Custom sessions (`session:xxx`) persist context across runs, enabling workflows like daily standups that build on previous summaries.
 - Default behavior: if `delivery` is omitted, isolated jobs announce a summary (`delivery.mode = "announce"`).
 - `delivery.mode` chooses what happens:
   - `announce`: deliver a summary to the target channel and post a brief summary to the main session.
@@ -321,12 +332,42 @@ Recurring, isolated job with delivery:
 }
 ```
 
+Recurring job bound to current session (auto-resolved at creation):
+
+```json
+{
+  "name": "Daily standup",
+  "schedule": { "kind": "cron", "expr": "0 9 * * *" },
+  "sessionTarget": "current",
+  "payload": {
+    "kind": "agentTurn",
+    "message": "Summarize yesterday's progress."
+  }
+}
+```
+
+Recurring job in a custom persistent session:
+
+```json
+{
+  "name": "Project monitor",
+  "schedule": { "kind": "every", "everyMs": 300000 },
+  "sessionTarget": "session:project-alpha-monitor",
+  "payload": {
+    "kind": "agentTurn",
+    "message": "Check project status and update the running log."
+  }
+}
+```
+
 Notes:
 
 - `schedule.kind`: `at` (`at`), `every` (`everyMs`), or `cron` (`expr`, optional `tz`).
 - `schedule.at` accepts ISO 8601 (timezone optional; treated as UTC when omitted).
 - `everyMs` is milliseconds.
-- `sessionTarget` must be `"main"` or `"isolated"` and must match `payload.kind`.
+- `sessionTarget`: `"main"`, `"isolated"`, `"current"`, or `"session:<custom-id>"`.
+- `"current"` is resolved to `"session:<sessionKey>"` at creation time.
+- Custom sessions (`session:xxx`) maintain persistent context across runs.
 - Optional fields: `agentId`, `description`, `enabled`, `deleteAfterRun` (defaults to true for `at`),
   `delivery`.
 - `wakeMode` defaults to `"now"` when omitted.

docs/automation/cron-vs-heartbeat.md

@@ -219,13 +219,13 @@ See [Lobster](/tools/lobster) for full usage and examples.
 
 Both heartbeat and cron can interact with the main session, but differently:
 
-|         | Heartbeat                       | Cron (main)              | Cron (isolated)            |
-| ------- | ------------------------------- | ------------------------ | -------------------------- |
-| Session | Main                            | Main (via system event)  | `cron:<jobId>`             |
-| History | Shared                          | Shared                   | Fresh each run             |
-| Context | Full                            | Full                     | None (starts clean)        |
-| Model   | Main session model              | Main session model       | Can override               |
-| Output  | Delivered if not `HEARTBEAT_OK` | Heartbeat prompt + event | Announce summary (default) |
+|         | Heartbeat                       | Cron (main)              | Cron (isolated)                                 |
+| ------- | ------------------------------- | ------------------------ | ----------------------------------------------- |
+| Session | Main                            | Main (via system event)  | `cron:<jobId>` or custom session                |
+| History | Shared                          | Shared                   | Fresh each run (isolated) / Persistent (custom) |
+| Context | Full                            | Full                     | None (isolated) / Cumulative (custom)           |
+| Model   | Main session model              | Main session model       | Can override                                    |
+| Output  | Delivered if not `HEARTBEAT_OK` | Heartbeat prompt + event | Announce summary (default)                      |
 
 ### When to use main session cron
 

docs/channels/telegram.md

@@ -782,6 +782,11 @@ openclaw message poll --channel telegram --target -1001234567890:topic:42 \
     - `--poll-public`
     - `--thread-id` for forum topics (or use a `:topic:` target)
 
+    Telegram send also supports:
+
+    - `--buttons` for inline keyboards when `channels.telegram.capabilities.inlineButtons` allows it
+    - `--force-document` to send outbound images and GIFs as documents instead of compressed photo or animated-media uploads
+
     Action gating:
 
     - `channels.telegram.actions.sendMessage=false` disables outbound Telegram messages, including polls

docs/cli/gateway.md

@@ -95,6 +95,7 @@ openclaw gateway health --url ws://127.0.0.1:18789
 ```bash
 openclaw gateway status
 openclaw gateway status --json
+openclaw gateway status --require-rpc
 ```
 
 Options:
@@ -105,11 +106,13 @@ Options:
 - `--timeout <ms>`: probe timeout (default `10000`).
 - `--no-probe`: skip the RPC probe (service-only view).
 - `--deep`: scan system-level services too.
+- `--require-rpc`: exit non-zero when the RPC probe fails. Cannot be combined with `--no-probe`.
 
 Notes:
 
 - `gateway status` resolves configured auth SecretRefs for probe auth when possible.
 - If a required auth SecretRef is unresolved in this command path, probe auth can fail; pass `--token`/`--password` explicitly or resolve the secret source first.
+- Use `--require-rpc` in scripts and automation when a listening service is not enough and you need the Gateway RPC itself to be healthy.
 - On Linux systemd installs, service auth drift checks read both `Environment=` and `EnvironmentFile=` values from the unit (including `%h`, quoted paths, multiple files, and optional `-` files).
 
 ### `gateway probe`

docs/cli/index.md

@@ -780,7 +780,7 @@ Subcommands:
 Notes:
 
 - `gateway status` probes the Gateway RPC by default using the service’s resolved port/config (override with `--url/--token/--password`).
-- `gateway status` supports `--no-probe`, `--deep`, and `--json` for scripting.
+- `gateway status` supports `--no-probe`, `--deep`, `--require-rpc`, and `--json` for scripting.
 - `gateway status` also surfaces legacy or extra gateway services when it can detect them (`--deep` adds system-level scans). Profile-named OpenClaw services are treated as first-class and aren't flagged as "extra".
 - `gateway status` prints which config path the CLI uses vs which config the service likely uses (service env), plus the resolved probe target URL.
 - On Linux systemd installs, status token-drift checks include both `Environment=` and `EnvironmentFile=` unit sources.

docs/cli/message.md

@@ -59,6 +59,7 @@ Name lookup:
   - Required: `--target`, plus `--message` or `--media`
   - Optional: `--media`, `--reply-to`, `--thread-id`, `--gif-playback`
   - Telegram only: `--buttons` (requires `channels.telegram.capabilities.inlineButtons` to allow it)
+  - Telegram only: `--force-document` (send images and GIFs as documents to avoid Telegram compression)
   - Telegram only: `--thread-id` (forum topic id)
   - Slack only: `--thread-id` (thread timestamp; `--reply-to` uses the same field)
   - WhatsApp only: `--gif-playback`
@@ -258,3 +259,10 @@ Send Telegram inline buttons:
 openclaw message send --channel telegram --target @mychat --message "Choose:" \
   --buttons '[ [{"text":"Yes","callback_data":"cmd:yes"}], [{"text":"No","callback_data":"cmd:no"}] ]'
 ```
+
+Send a Telegram image as a document to avoid compression:
+
+```bash
+openclaw message send --channel telegram --target @mychat \
+  --media ./diagram.png --force-document
+```

docs/concepts/memory.md

@@ -23,6 +23,8 @@ The default workspace layout uses two memory layers:
   - Read today + yesterday at session start.
 - `MEMORY.md` (optional)
   - Curated long-term memory.
+  - If both `MEMORY.md` and `memory.md` exist at the workspace root, OpenClaw only loads `MEMORY.md`.
+  - Lowercase `memory.md` is only used as a fallback when `MEMORY.md` is absent.
   - **Only load in the main, private session** (never in group contexts).
 
 These files live under the workspace (`agents.defaults.workspace`, default

docs/concepts/model-providers.md

@@ -186,20 +186,15 @@ Moonshot uses OpenAI-compatible endpoints, so configure it as a custom provider:
 
 Kimi K2 model IDs:
 
-<!-- markdownlint-disable MD037 -->
-
-{/_ moonshot-kimi-k2-model-refs:start _/ && null}
-
-<!-- markdownlint-enable MD037 -->
+[//]: # "moonshot-kimi-k2-model-refs:start"
 
 - `moonshot/kimi-k2.5`
 - `moonshot/kimi-k2-0905-preview`
 - `moonshot/kimi-k2-turbo-preview`
 - `moonshot/kimi-k2-thinking`
 - `moonshot/kimi-k2-thinking-turbo`
-  <!-- markdownlint-disable MD037 -->
-  {/_ moonshot-kimi-k2-model-refs:end _/ && null}
-  <!-- markdownlint-enable MD037 -->
+
+[//]: # "moonshot-kimi-k2-model-refs:end"
 
 ```json5
 {

docs/concepts/session.md

@@ -200,7 +200,7 @@ the workspace is writable. See [Memory](/concepts/memory) and
   - Legacy `group:<id>` keys are still recognized for migration.
 - Inbound contexts may still use `group:<id>`; the channel is inferred from `Provider` and normalized to the canonical `agent:<agentId>:<channel>:group:<id>` form.
 - Other sources:
-  - Cron jobs: `cron:<job.id>`
+  - Cron jobs: `cron:<job.id>` (isolated) or custom `session:<custom-id>` (persistent)
   - Webhooks: `hook:<uuid>` (unless explicitly set by the hook)
   - Node runs: `node-<nodeId>`
 

docs/docs.json

@@ -1009,7 +1009,8 @@
                   "tools/loop-detection",
                   "tools/reactions",
                   "tools/thinking",
-                  "tools/web"
+                  "tools/web",
+                  "tools/btw"
                 ]
               },
               {
@@ -1241,7 +1242,6 @@
                 "group": "Security",
                 "pages": [
                   "security/formal-verification",
-                  "security/README",
                   "security/THREAT-MODEL-ATLAS",
                   "security/CONTRIBUTING-THREAT-MODEL"
                 ]
@@ -1597,7 +1597,6 @@
                   "zh-CN/tools/apply-patch",
                   "zh-CN/brave-search",
                   "zh-CN/perplexity",
-                  "zh-CN/tools/diffs",
                   "zh-CN/tools/elevated",
                   "zh-CN/tools/exec",
                   "zh-CN/tools/exec-approvals",

docs/gateway/configuration-reference.md

@@ -975,6 +975,7 @@ Periodic heartbeat runs.
         model: "openai/gpt-5.2-mini",
         includeReasoning: false,
         lightContext: false, // default: false; true keeps only HEARTBEAT.md from workspace bootstrap files
+        isolatedSession: false, // default: false; true runs each heartbeat in a fresh session (no conversation history)
         session: "main",
         to: "+15555550123",
         directPolicy: "allow", // allow (default) | block
@@ -992,6 +993,7 @@ Periodic heartbeat runs.
 - `suppressToolErrorWarnings`: when true, suppresses tool error warning payloads during heartbeat runs.
 - `directPolicy`: direct/DM delivery policy. `allow` (default) permits direct-target delivery. `block` suppresses direct-target delivery and emits `reason=dm-blocked`.
 - `lightContext`: when true, heartbeat runs use lightweight bootstrap context and keep only `HEARTBEAT.md` from workspace bootstrap files.
+- `isolatedSession`: when true, each heartbeat runs in a fresh session with no prior conversation history. Same isolation pattern as cron `sessionTarget: "isolated"`. Reduces per-heartbeat token cost from ~100K to ~2-5K tokens.
 - Per-agent: set `agents.list[].heartbeat`. When any agent defines `heartbeat`, **only those agents** run heartbeats.
 - Heartbeats run full agent turns — shorter intervals burn more tokens.
 

docs/gateway/heartbeat.md

@@ -22,7 +22,8 @@ Troubleshooting: [/automation/troubleshooting](/automation/troubleshooting)
 3. Decide where heartbeat messages should go (`target: "none"` is the default; set `target: "last"` to route to the last contact).
 4. Optional: enable heartbeat reasoning delivery for transparency.
 5. Optional: use lightweight bootstrap context if heartbeat runs only need `HEARTBEAT.md`.
-6. Optional: restrict heartbeats to active hours (local time).
+6. Optional: enable isolated sessions to avoid sending full conversation history each heartbeat.
+7. Optional: restrict heartbeats to active hours (local time).
 
 Example config:
 
@@ -35,6 +36,7 @@ Example config:
         target: "last", // explicit delivery to last contact (default is "none")
         directPolicy: "allow", // default: allow direct/DM targets; set "block" to suppress
         lightContext: true, // optional: only inject HEARTBEAT.md from bootstrap files
+        isolatedSession: true, // optional: fresh session each run (no conversation history)
         // activeHours: { start: "08:00", end: "24:00" },
         // includeReasoning: true, // optional: send separate `Reasoning:` message too
       },
@@ -91,6 +93,7 @@ and logged; a message that is only `HEARTBEAT_OK` is dropped.
         model: "anthropic/claude-opus-4-6",
         includeReasoning: false, // default: false (deliver separate Reasoning: message when available)
         lightContext: false, // default: false; true keeps only HEARTBEAT.md from workspace bootstrap files
+        isolatedSession: false, // default: false; true runs each heartbeat in a fresh session (no conversation history)
         target: "last", // default: none | options: last | none | <channel id> (core or plugin, e.g. "bluebubbles")
         to: "+15551234567", // optional channel-specific override
         accountId: "ops-bot", // optional multi-account channel id
@@ -212,6 +215,7 @@ Use `accountId` to target a specific account on multi-account channels like Tele
 - `model`: optional model override for heartbeat runs (`provider/model`).
 - `includeReasoning`: when enabled, also deliver the separate `Reasoning:` message when available (same shape as `/reasoning on`).
 - `lightContext`: when true, heartbeat runs use lightweight bootstrap context and keep only `HEARTBEAT.md` from workspace bootstrap files.
+- `isolatedSession`: when true, each heartbeat runs in a fresh session with no prior conversation history. Uses the same isolation pattern as cron `sessionTarget: "isolated"`. Dramatically reduces per-heartbeat token cost. Combine with `lightContext: true` for maximum savings. Delivery routing still uses the main session context.
 - `session`: optional session key for heartbeat runs.
   - `main` (default): agent main session.
   - Explicit session key (copy from `openclaw sessions --json` or the [sessions CLI](/cli/sessions)).
@@ -380,6 +384,10 @@ off in group chats.
 
 ## Cost awareness
 
-Heartbeats run full agent turns. Shorter intervals burn more tokens. Keep
-`HEARTBEAT.md` small and consider a cheaper `model` or `target: "none"` if you
-only want internal state updates.
+Heartbeats run full agent turns. Shorter intervals burn more tokens. To reduce cost:
+
+- Use `isolatedSession: true` to avoid sending full conversation history (~100K tokens down to ~2-5K per run).
+- Use `lightContext: true` to limit bootstrap files to just `HEARTBEAT.md`.
+- Set a cheaper `model` (e.g. `ollama/llama3.2:1b`).
+- Keep `HEARTBEAT.md` small.
+- Use `target: "none"` if you only want internal state updates.

docs/gateway/troubleshooting.md

@@ -289,7 +289,7 @@ Look for:
 
 - Valid browser executable path.
 - CDP profile reachability.
-- Extension relay tab attachment for `profile="chrome-relay"`.
+- Extension relay tab attachment (if an extension relay profile is configured).
 
 Common signatures:
 

docs/help/faq.md

@@ -1358,7 +1358,8 @@ Your **workspace** (AGENTS.md, memory files, skills, etc.) is separate and confi
 These files live in the **agent workspace**, not `~/.openclaw`.
 
 - **Workspace (per agent)**: `AGENTS.md`, `SOUL.md`, `IDENTITY.md`, `USER.md`,
-  `MEMORY.md` (or `memory.md`), `memory/YYYY-MM-DD.md`, optional `HEARTBEAT.md`.
+  `MEMORY.md` (or legacy fallback `memory.md` when `MEMORY.md` is absent),
+  `memory/YYYY-MM-DD.md`, optional `HEARTBEAT.md`.
 - **State dir (`~/.openclaw`)**: config, credentials, auth profiles, sessions, logs,
   and shared skills (`~/.openclaw/skills`).
 

docs/perplexity.md

@@ -16,7 +16,7 @@ If you use `OPENROUTER_API_KEY`, an `sk-or-...` key in `tools.web.search.perplex
 
 ## Getting a Perplexity API key
 
-1. Create a Perplexity account at <https://www.perplexity.ai/settings/api>
+1. Create a Perplexity account at [perplexity.ai/settings/api](https://www.perplexity.ai/settings/api)
 2. Generate an API key in the dashboard
 3. Store the key in config or set `PERPLEXITY_API_KEY` in the Gateway environment.
 

docs/providers/glm.md

@@ -14,7 +14,17 @@ models are accessed via the `zai` provider and model IDs like `zai/glm-5`.
 ## CLI setup
 
 ```bash
-openclaw onboard --auth-choice zai-api-key
+# Coding Plan Global, recommended for Coding Plan users
+openclaw onboard --auth-choice zai-coding-global
+
+# Coding Plan CN (China region), recommended for Coding Plan users
+openclaw onboard --auth-choice zai-coding-cn
+
+# General API
+openclaw onboard --auth-choice zai-global
+
+# General API CN (China region)
+openclaw onboard --auth-choice zai-cn
 ```
 
 ## Config snippet

docs/providers/moonshot.md

@@ -15,20 +15,15 @@ Kimi Coding with `kimi-coding/k2p5`.
 
 Current Kimi K2 model IDs:
 
-<!-- markdownlint-disable MD037 -->
-
-{/_ moonshot-kimi-k2-ids:start _/ && null}
-
-<!-- markdownlint-enable MD037 -->
+[//]: # "moonshot-kimi-k2-ids:start"
 
 - `kimi-k2.5`
 - `kimi-k2-0905-preview`
 - `kimi-k2-turbo-preview`
 - `kimi-k2-thinking`
 - `kimi-k2-thinking-turbo`
-  <!-- markdownlint-disable MD037 -->
-  {/_ moonshot-kimi-k2-ids:end _/ && null}
-  <!-- markdownlint-enable MD037 -->
+
+[//]: # "moonshot-kimi-k2-ids:end"
 
 ```bash
 openclaw onboard --auth-choice moonshot-api-key

docs/providers/zai.md

@@ -15,9 +15,17 @@ with a Z.AI API key.
 ## CLI setup
 
 ```bash
-openclaw onboard --auth-choice zai-api-key
-# or non-interactive
-openclaw onboard --zai-api-key "$ZAI_API_KEY"
+# Coding Plan Global, recommended for Coding Plan users
+openclaw onboard --auth-choice zai-coding-global
+
+# Coding Plan CN (China region), recommended for Coding Plan users
+openclaw onboard --auth-choice zai-coding-cn
+
+# General API
+openclaw onboard --auth-choice zai-global
+
+# General API CN (China region)
+openclaw onboard --auth-choice zai-cn
 ```
 
 ## Config snippet

docs/reference/AGENTS.default.md

@@ -48,7 +48,8 @@ cp docs/reference/AGENTS.default.md ~/.openclaw/workspace/AGENTS.md
 
 ## Session start (required)
 
-- Read `SOUL.md`, `USER.md`, `memory.md`, and today+yesterday in `memory/`.
+- Read `SOUL.md`, `USER.md`, and today+yesterday in `memory/`.
+- Read `MEMORY.md` when present; only fall back to lowercase `memory.md` when `MEMORY.md` is absent.
 - Do it before responding.
 
 ## Soul (required)
@@ -65,8 +66,9 @@ cp docs/reference/AGENTS.default.md ~/.openclaw/workspace/AGENTS.md
 ## Memory system (recommended)
 
 - Daily log: `memory/YYYY-MM-DD.md` (create `memory/` if needed).
-- Long-term memory: `memory.md` for durable facts, preferences, and decisions.
-- On session start, read today + yesterday + `memory.md` if present.
+- Long-term memory: `MEMORY.md` for durable facts, preferences, and decisions.
+- Lowercase `memory.md` is legacy fallback only; do not keep both root files on purpose.
+- On session start, read today + yesterday + `MEMORY.md` when present, otherwise `memory.md`.
 - Capture: decisions, preferences, constraints, open loops.
 - Avoid secrets unless explicitly requested.
 

docs/reference/RELEASING.md

@@ -29,6 +29,10 @@ Current OpenClaw releases use date-based versioning.
 - Beta prerelease version: `YYYY.M.D-beta.N`
   - Git tag: `vYYYY.M.D-beta.N`
   - Examples from repo history: `v2026.2.15-beta.1`, `v2026.3.8-beta.1`
+- Fallback correction tag: `vYYYY.M.D-N`
+  - Use only as a last-resort recovery tag when a published immutable release burned the original stable tag and you cannot reuse it.
+  - The npm package version stays `YYYY.M.D`; the `-N` suffix is only for the git tag and GitHub release.
+  - Prefer betas for normal pre-release iteration, then cut a clean stable tag once ready.
 - Use the same version string everywhere, minus the leading `v` where Git tags are not used:
   - `package.json`: `2026.3.8`
   - Git tag: `v2026.3.8`
@@ -38,12 +42,12 @@ Current OpenClaw releases use date-based versioning.
   - `latest` = stable
   - `beta` = prerelease/testing
 - Dev is the moving head of `main`, not a normal git-tagged release.
-- The release workflow enforces the current stable/beta tag formats and rejects versions whose CalVer date is more than 2 UTC calendar days away from the release date.
+- The tag-triggered preview run accepts stable, beta, and fallback correction tags, and rejects versions whose CalVer date is more than 2 UTC calendar days away from the release date.
 
 Historical note:
 
 - Older tags such as `v2026.1.11-1`, `v2026.2.6-3`, and `v2.0.0-beta2` exist in repo history.
-- Treat those as legacy tag patterns. New releases should use `vYYYY.M.D` for stable and `vYYYY.M.D-beta.N` for beta.
+- Treat correction tags as a fallback-only escape hatch. New releases should still use `vYYYY.M.D` for stable and `vYYYY.M.D-beta.N` for beta.
 
 1. **Version & metadata**
 
@@ -72,6 +76,7 @@ Historical note:
 - [ ] `pnpm check`
 - [ ] `pnpm test` (or `pnpm test:coverage` if you need coverage output)
 - [ ] `pnpm release:check` (verifies npm pack contents)
+- [ ] If `pnpm config:docs:check` fails as part of release validation and the config-surface change is intentional, run `pnpm config:docs:gen`, review `docs/.generated/config-baseline.json` and `docs/.generated/config-baseline.jsonl`, commit the updated baselines, then rerun `pnpm release:check`.
 - [ ] `OPENCLAW_INSTALL_SMOKE_SKIP_NONROOT=1 pnpm test:install:smoke` (Docker install smoke test, fast path; required before release)
   - If the immediate previous npm release is known broken, set `OPENCLAW_INSTALL_SMOKE_PREVIOUS=<last-good-version>` or `OPENCLAW_INSTALL_SMOKE_SKIP_PREVIOUS=1` for the preinstall step.
 - [ ] (Optional) Full installer smoke (adds non-root + CLI coverage): `pnpm test:install:smoke`
@@ -94,10 +99,14 @@ Historical note:
 
 - [ ] Confirm git status is clean; commit and push as needed.
 - [ ] Confirm npm trusted publishing is configured for the `openclaw` package.
-- [ ] Push the matching git tag to trigger `.github/workflows/openclaw-npm-release.yml`.
+- [ ] Do not rely on an `NPM_TOKEN` secret for this workflow; the publish job uses GitHub OIDC trusted publishing.
+- [ ] Push the matching git tag to trigger the preview run in `.github/workflows/openclaw-npm-release.yml`.
+- [ ] Run `OpenClaw NPM Release` manually with the same tag to publish after `npm-release` environment approval.
   - Stable tags publish to npm `latest`.
   - Beta tags publish to npm `beta`.
-  - The workflow rejects tags that do not match `package.json`, are not on `main`, or whose CalVer date is more than 2 UTC calendar days away from the release date.
+  - Fallback correction tags like `v2026.3.13-1` map to npm version `2026.3.13`.
+  - Both the preview run and the manual publish run reject tags that do not map back to `package.json`, are not on `main`, or whose CalVer date is more than 2 UTC calendar days away from the release date.
+  - If `openclaw@YYYY.M.D` is already published, a fallback correction tag is still useful for GitHub release and Docker recovery, but npm publish will not republish that version.
 - [ ] Verify the registry: `npm view openclaw version`, `npm view openclaw dist-tags`, and `npx -y openclaw@X.Y.Z --version` (or `--help`).
 
 ### Troubleshooting (notes from 2.0.0-beta2 release)
@@ -107,8 +116,9 @@ Historical note:
   - `NPM_CONFIG_AUTH_TYPE=legacy npm dist-tag add openclaw@X.Y.Z latest`
 - **`npx` verification fails with `ECOMPROMISED: Lock compromised`**: retry with a fresh cache:
   - `NPM_CONFIG_CACHE=/tmp/npm-cache-$(date +%s) npx -y openclaw@X.Y.Z --version`
-- **Tag needs repointing after a late fix**: force-update and push the tag, then ensure the GitHub release assets still match:
-  - `git tag -f vX.Y.Z && git push -f origin vX.Y.Z`
+- **Tag needs recovery after a late fix**: if the original stable tag is tied to an immutable GitHub release, mint a fallback correction tag like `vX.Y.Z-1` instead of trying to force-update `vX.Y.Z`.
+  - Keep the npm package version at `X.Y.Z`; the correction suffix is for the git tag and GitHub release only.
+  - Use this only as a last resort. For normal iteration, prefer beta tags and then cut a clean stable release.
 
 7. **GitHub release + appcast**
 

docs/security/README.md

@@ -1,17 +0,0 @@
-# OpenClaw Security & Trust
-
-**Live:** [trust.openclaw.ai](https://trust.openclaw.ai)
-
-## Documents
-
-- [Threat Model](/security/THREAT-MODEL-ATLAS) - MITRE ATLAS-based threat model for the OpenClaw ecosystem
-- [Contributing to the Threat Model](/security/CONTRIBUTING-THREAT-MODEL) - How to add threats, mitigations, and attack chains
-
-## Reporting Vulnerabilities
-
-See the [Trust page](https://trust.openclaw.ai) for full reporting instructions covering all repos.
-
-## Contact
-
-- **Jamieson O'Reilly** ([@theonejvo](https://twitter.com/theonejvo)) - Security & Trust
-- Discord: #security channel

docs/tools/browser-linux-troubleshooting.md

@@ -25,7 +25,7 @@ Note, selecting 'chromium-browser' instead of 'chromium'
 chromium-browser is already the newest version (2:1snap1-0ubuntu2).
 ```
 
-This is NOT a real browser — it's just a wrapper.
+This is NOT a real browser - it's just a wrapper.
 
 ### Solution 1: Install Google Chrome (Recommended)
 
@@ -123,7 +123,7 @@ curl -s http://127.0.0.1:18791/tabs
 
 ### Problem: "Chrome extension relay is running, but no tab is connected"
 
-You’re using the `chrome-relay` profile (extension relay). It expects the OpenClaw
+You're using an extension relay profile. It expects the OpenClaw
 browser extension to be attached to a live tab.
 
 Fix options:

docs/tools/btw.md

@@ -0,0 +1,142 @@
+---
+summary: "Ephemeral side questions with /btw"
+read_when:
+  - You want to ask a quick side question about the current session
+  - You are implementing or debugging BTW behavior across clients
+title: "BTW Side Questions"
+---
+
+# BTW Side Questions
+
+`/btw` lets you ask a quick side question about the **current session** without
+turning that question into normal conversation history.
+
+It is modeled after Claude Code's `/btw` behavior, but adapted to OpenClaw's
+Gateway and multi-channel architecture.
+
+## What it does
+
+When you send:
+
+```text
+/btw what changed?
+```
+
+OpenClaw:
+
+1. snapshots the current session context,
+2. runs a separate **tool-less** model call,
+3. answers only the side question,
+4. leaves the main run alone,
+5. does **not** write the BTW question or answer to session history,
+6. emits the answer as a **live side result** rather than a normal assistant message.
+
+The important mental model is:
+
+- same session context
+- separate one-shot side query
+- no tool calls
+- no future context pollution
+- no transcript persistence
+
+## What it does not do
+
+`/btw` does **not**:
+
+- create a new durable session,
+- continue the unfinished main task,
+- run tools or agent tool loops,
+- write BTW question/answer data to transcript history,
+- appear in `chat.history`,
+- survive a reload.
+
+It is intentionally **ephemeral**.
+
+## How context works
+
+BTW uses the current session as **background context only**.
+
+If the main run is currently active, OpenClaw snapshots the current message
+state and includes the in-flight main prompt as background context, while
+explicitly telling the model:
+
+- answer only the side question,
+- do not resume or complete the unfinished main task,
+- do not emit tool calls or pseudo-tool calls.
+
+That keeps BTW isolated from the main run while still making it aware of what
+the session is about.
+
+## Delivery model
+
+BTW is **not** delivered as a normal assistant transcript message.
+
+At the Gateway protocol level:
+
+- normal assistant chat uses the `chat` event
+- BTW uses the `chat.side_result` event
+
+This separation is intentional. If BTW reused the normal `chat` event path,
+clients would treat it like regular conversation history.
+
+Because BTW uses a separate live event and is not replayed from
+`chat.history`, it disappears after reload.
+
+## Surface behavior
+
+### TUI
+
+In TUI, BTW is rendered inline in the current session view, but it remains
+ephemeral:
+
+- visibly distinct from a normal assistant reply
+- dismissible with `Enter` or `Esc`
+- not replayed on reload
+
+### External channels
+
+On channels like Telegram, WhatsApp, and Discord, BTW is delivered as a
+clearly labeled one-off reply because those surfaces do not have a local
+ephemeral overlay concept.
+
+The answer is still treated as a side result, not normal session history.
+
+### Control UI / web
+
+The Gateway emits BTW correctly as `chat.side_result`, and BTW is not included
+in `chat.history`, so the persistence contract is already correct for web.
+
+The current Control UI still needs a dedicated `chat.side_result` consumer to
+render BTW live in the browser. Until that client-side support lands, BTW is a
+Gateway-level feature with full TUI and external-channel behavior, but not yet
+a complete browser UX.
+
+## When to use BTW
+
+Use `/btw` when you want:
+
+- a quick clarification about the current work,
+- a factual side answer while a long run is still in progress,
+- a temporary answer that should not become part of future session context.
+
+Examples:
+
+```text
+/btw what file are we editing?
+/btw what does this error mean?
+/btw summarize the current task in one sentence
+/btw what is 17 * 19?
+```
+
+## When not to use BTW
+
+Do not use `/btw` when you want the answer to become part of the session's
+future working context.
+
+In that case, ask normally in the main session instead of using BTW.
+
+## Related
+
+- [Slash commands](/tools/slash-commands)
+- [Thinking Levels](/tools/thinking)
+- [Session](/concepts/session)

docs/tools/chrome-extension.md

@@ -62,19 +62,14 @@ After upgrading OpenClaw:
 
 ## Use it (set gateway token once)
 
-OpenClaw ships with a built-in browser profile named `chrome-relay` that targets the extension relay on the default port.
+To use the extension relay, create a browser profile for it:
 
 Before first attach, open extension Options and set:
 
 - `Port` (default `18792`)
 - `Gateway token` (must match `gateway.auth.token` / `OPENCLAW_GATEWAY_TOKEN`)
 
-Use it:
-
-- CLI: `openclaw browser --browser-profile chrome-relay tabs`
-- Agent tool: `browser` with `profile="chrome-relay"`
-
-If you want a different name or a different relay port, create your own profile:
+Then create a profile:
 
 ```bash
 openclaw browser create-profile \
@@ -84,6 +79,11 @@ openclaw browser create-profile \
   --color "#00AA00"
 ```
 
+Use it:
+
+- CLI: `openclaw browser --browser-profile my-chrome tabs`
+- Agent tool: `browser` with `profile="my-chrome"`
+
 ### Custom Gateway ports
 
 If you're using a custom gateway port, the extension relay port is automatically derived:

docs/tools/exec-approvals.md

@@ -160,13 +160,14 @@ Long options are validated fail-closed in safe-bin mode: unknown flags and ambig
 abbreviations are rejected.
 Denied flags by safe-bin profile:
 
-<!-- SAFE_BIN_DENIED_FLAGS:START -->
+[//]: # "SAFE_BIN_DENIED_FLAGS:START"
 
 - `grep`: `--dereference-recursive`, `--directories`, `--exclude-from`, `--file`, `--recursive`, `-R`, `-d`, `-f`, `-r`
 - `jq`: `--argfile`, `--from-file`, `--library-path`, `--rawfile`, `--slurpfile`, `-L`, `-f`
 - `sort`: `--compress-program`, `--files0-from`, `--output`, `--random-source`, `--temporary-directory`, `-T`, `-o`
 - `wc`: `--files0-from`
-<!-- SAFE_BIN_DENIED_FLAGS:END -->
+
+[//]: # "SAFE_BIN_DENIED_FLAGS:END"
 
 Safe bins also force argv tokens to be treated as **literal text** at execution time (no globbing
 and no `$VARS` expansion) for stdin-only segments, so patterns like `*` or `$HOME/...` cannot be

docs/tools/slash-commands.md

@@ -76,6 +76,7 @@ Text + native (when enabled):
 - `/allowlist` (list/add/remove allowlist entries)
 - `/approve <id> allow-once|allow-always|deny` (resolve exec approval prompts)
 - `/context [list|detail|json]` (explain “context”; `detail` shows per-file + per-tool + per-skill + system prompt size)
+- `/btw <question>` (ask an ephemeral side question about the current session without changing future session context; see [/tools/btw](/tools/btw))
 - `/export-session [path]` (alias: `/export`) (export current session to HTML with full system prompt)
 - `/whoami` (show your sender id; alias: `/id`)
 - `/session idle <duration|off>` (manage inactivity auto-unfocus for focused thread bindings)
@@ -223,3 +224,27 @@ Notes:
 - **`/stop`** targets the active chat session so it can abort the current run.
 - **Slack:** `channels.slack.slashCommand` is still supported for a single `/openclaw`-style command. If you enable `commands.native`, you must create one Slack slash command per built-in command (same names as `/help`). Command argument menus for Slack are delivered as ephemeral Block Kit buttons.
   - Slack native exception: register `/agentstatus` (not `/status`) because Slack reserves `/status`. Text `/status` still works in Slack messages.
+
+## BTW side questions
+
+`/btw` is a quick **side question** about the current session.
+
+Unlike normal chat:
+
+- it uses the current session as background context,
+- it runs as a separate **tool-less** one-shot call,
+- it does not change future session context,
+- it is not written to transcript history,
+- it is delivered as a live side result instead of a normal assistant message.
+
+That makes `/btw` useful when you want a temporary clarification while the main
+task keeps going.
+
+Example:
+
+```text
+/btw what are we doing right now?
+```
+
+See [BTW Side Questions](/tools/btw) for the full behavior and client UX
+details.

docs/zh-CN/automation/cron-jobs.md

@@ -28,7 +28,9 @@ x-i18n:
 - 任务持久化存储在 `~/.openclaw/cron/` 下，因此重启不会丢失计划。
 - 两种执行方式：
   - **主会话**：入队一个系统事件，然后在下一次心跳时运行。
-  - **隔离式**：在 `cron:<jobId>` 中运行专用智能体轮次，可投递摘要（默认 announce）或不投递。
+  - **隔离式**：在 `cron:<jobId>` 或自定义会话中运行专用智能体轮次，可投递摘要（默认 announce）或不投递。
+  - **当前会话**：绑定到创建定时任务时的会话 (`sessionTarget: "current"`)。
+  - **自定义会话**：在持久化的命名会话中运行 (`sessionTarget: "session:custom-id"`)。
 - 唤醒是一等功能：任务可以请求"立即唤醒"或"下次心跳时"。
 
 ## 快速开始（可操作）
@@ -83,6 +85,14 @@ openclaw cron add \
 2. **选择运行位置**
    - `sessionTarget: "main"` → 在下一次心跳时使用主会话上下文运行。
    - `sessionTarget: "isolated"` → 在 `cron:<jobId>` 中运行专用智能体轮次。
+   - `sessionTarget: "current"` → 绑定到当前会话（创建时解析为 `session:<sessionKey>`）。
+   - `sessionTarget: "session:custom-id"` → 在持久化的命名会话中运行，跨运行保持上下文。
+
+   默认行为（保持不变）：
+   - `systemEvent` 负载默认使用 `main`
+   - `agentTurn` 负载默认使用 `isolated`
+
+   要使用当前会话绑定，需显式设置 `sessionTarget: "current"`。
 
 3. **选择负载**
    - 主会话 → `payload.kind = "systemEvent"`
@@ -129,12 +139,13 @@ Cron 表达式使用 `croner`。如果省略时区，将使用 Gateway网关主
 
 #### 隔离任务（专用定时会话）
 
-隔离任务在会话 `cron:<jobId>` 中运行专用智能体轮次。
+隔离任务在会话 `cron:<jobId>` 或自定义会话中运行专用智能体轮次。
 
 关键行为：
 
 - 提示以 `[cron:<jobId> <任务名称>]` 为前缀，便于追踪。
-- 每次运行都会启动一个**全新的会话 ID**（不继承之前的对话）。
+- 每次运行都会启动一个**全新的会话 ID**（不继承之前的对话），除非使用自定义会话。
+- 自定义会话（`session:xxx`）可跨运行保持上下文，适用于如每日站会等需要基于前次摘要的工作流。
 - 如果未指定 `delivery`，隔离任务会默认以“announce”方式投递摘要。
 - `delivery.mode` 可选 `announce`（投递摘要）或 `none`（内部运行）。
 

docs/zh-CN/channels/feishu.md

@@ -149,7 +149,11 @@ Lark（国际版）请使用 https://open.larksuite.com/app，并在配置中设
 在 **事件订阅** 页面：
 
 1. 选择 **使用长连接接收事件**（WebSocket 模式）
-2. 添加事件：`im.message.receive_v1`（接收消息）
+2. 添加事件：
+   - `im.message.receive_v1`
+   - `im.message.reaction.created_v1`
+   - `im.message.reaction.deleted_v1`
+   - `application.bot.menu_v6`
 
 ⚠️ **注意**：如果网关未启动或渠道未添加，长连接设置将保存失败。
 
@@ -435,7 +439,7 @@ openclaw pairing list feishu
 | `/reset`  | 重置对话会话   |
 | `/model`  | 查看/切换模型  |
 
-> 注意：飞书目前不支持原生命令菜单，命令需要以文本形式发送。
+飞书机器人菜单建议直接在飞书开放平台的机器人能力页面配置。OpenClaw 当前支持接收 `application.bot.menu_v6` 事件，并把点击事件转换成普通文本命令（例如 `/menu <eventKey>`）继续走现有消息路由，但不通过渠道配置自动创建或同步菜单。
 
 ## 网关管理命令
 
@@ -526,7 +530,11 @@ openclaw pairing list feishu
   channels: {
     feishu: {
       streaming: true, // 启用流式卡片输出（默认 true）
-      blockStreaming: true, // 启用块级流式（默认 true）
+      blockStreamingCoalesce: {
+        enabled: true,
+        minDelayMs: 50,
+        maxDelayMs: 250,
+      },
     },
   },
 }
@@ -534,6 +542,40 @@ openclaw pairing list feishu
 
 如需禁用流式输出（等待完整回复后一次性发送），可设置 `streaming: false`。
 
+### 交互式卡片
+
+OpenClaw 默认会在需要时发送 Markdown 卡片；如果你需要完整的 Feishu 原生交互式卡片，也可以显式发送原始 `card` payload。
+
+- 默认路径：文本自动渲染或 Markdown 卡片
+- 显式卡片：通过消息动作的 `card` 参数发送原始交互卡片
+- 更新卡片：同一消息支持后续 patch/update
+
+卡片按钮回调当前走文本回退路径：
+
+- 若 `action.value.text` 存在，则作为入站文本继续处理
+- 若 `action.value.command` 存在，则作为命令文本继续处理
+- 其他对象值会序列化为 JSON 文本
+
+这样可以保持与现有消息/命令路由兼容，而不要求下游先理解 Feishu 专有的交互 payload。
+
+### 表情反应
+
+飞书渠道现已完整支持表情反应生命周期：
+
+- 接收 `reaction created`
+- 接收 `reaction deleted`
+- 主动添加反应
+- 主动删除自身反应
+- 查询消息上的反应列表
+
+是否把入站反应转成内部消息，可通过 `reactionNotifications` 控制：
+
+| 值    | 行为                         |
+| ----- | ---------------------------- |
+| `off` | 不生成反应通知               |
+| `own` | 仅当反应发生在机器人消息上时 |
+| `all` | 所有可验证的反应都生成通知   |
+
 ### 消息引用
 
 在群聊中，机器人的回复可以引用用户发送的原始消息，让对话上下文更加清晰。
@@ -653,14 +695,19 @@ openclaw pairing list feishu
 | `channels.feishu.accounts.<id>.domain`            | 单账号 API 域名覆盖               | `feishu`         |
 | `channels.feishu.dmPolicy`                        | 私聊策略                          | `pairing`        |
 | `channels.feishu.allowFrom`                       | 私聊白名单（open_id 列表）        | -                |
-| `channels.feishu.groupPolicy`                     | 群组策略                          | `open`           |
+| `channels.feishu.groupPolicy`                     | 群组策略                          | `allowlist`      |
 | `channels.feishu.groupAllowFrom`                  | 群组白名单                        | -                |
 | `channels.feishu.groups.<chat_id>.requireMention` | 是否需要 @提及                    | `true`           |
 | `channels.feishu.groups.<chat_id>.enabled`        | 是否启用该群组                    | `true`           |
+| `channels.feishu.replyInThread`                   | 群聊回复是否进入飞书话题线程      | `disabled`       |
+| `channels.feishu.groupSessionScope`               | 群聊会话隔离粒度                  | `group`          |
 | `channels.feishu.textChunkLimit`                  | 消息分块大小                      | `2000`           |
 | `channels.feishu.mediaMaxMb`                      | 媒体大小限制                      | `30`             |
 | `channels.feishu.streaming`                       | 启用流式卡片输出                  | `true`           |
-| `channels.feishu.blockStreaming`                  | 启用块级流式                      | `true`           |
+| `channels.feishu.blockStreamingCoalesce.enabled`  | 启用块级流式合并                  | `true`           |
+| `channels.feishu.typingIndicator`                 | 发送“正在输入”状态                | `true`           |
+| `channels.feishu.resolveSenderNames`              | 拉取发送者名称                    | `true`           |
+| `channels.feishu.reactionNotifications`           | 入站反应通知策略                  | `own`            |
 
 ---
 

extensions/acpx/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/acpx",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw ACP runtime backend via acpx",
   "type": "module",
   "dependencies": {

extensions/bluebubbles/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/bluebubbles",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw BlueBubbles channel plugin",
   "type": "module",
   "dependencies": {

extensions/bluebubbles/src/types.ts

@@ -57,6 +57,10 @@ export type BlueBubblesAccountConfig = {
   allowPrivateNetwork?: boolean;
   /** Per-group configuration keyed by chat GUID or identifier. */
   groups?: Record<string, BlueBubblesGroupConfig>;
+  /** Channel health monitor overrides for this channel/account. */
+  healthMonitor?: {
+    enabled?: boolean;
+  };
 };
 
 export type BlueBubblesActionConfig = {

extensions/copilot-proxy/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/copilot-proxy",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw Copilot Proxy provider plugin",
   "type": "module",

extensions/device-pair/index.ts

@@ -407,7 +407,12 @@ export default function register(api: OpenClawPluginApi) {
 
       const payload: SetupPayload = {
         url: urlResult.url,
-        bootstrapToken: (await issueDeviceBootstrapToken()).token,
+        bootstrapToken: (
+          await issueDeviceBootstrapToken({
+            role: "node",
+            scopes: [],
+          })
+        ).token,
       };
 
       if (action === "qr") {

extensions/diagnostics-otel/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/diagnostics-otel",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw diagnostics OpenTelemetry exporter",
   "type": "module",
   "dependencies": {

extensions/diffs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/diffs",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw diff viewer plugin",
   "type": "module",

extensions/diffs/src/render.test.ts

@@ -23,8 +23,7 @@ describe("renderDiffDocument", () => {
     expect(rendered.html).toContain("data-openclaw-diff-root");
     expect(rendered.html).toContain("src/example.ts");
     expect(rendered.html).toContain("/plugins/diffs/assets/viewer.js");
-    expect(rendered.imageHtml).not.toContain("/plugins/diffs/assets/viewer.js");
-    expect(rendered.imageHtml).toContain('data-openclaw-diffs-ready="true"');
+    expect(rendered.imageHtml).toContain("/plugins/diffs/assets/viewer.js");
     expect(rendered.imageHtml).toContain("max-width: 960px;");
     expect(rendered.imageHtml).toContain("--diffs-font-size: 16px;");
     expect(rendered.html).toContain("min-height: 100vh;");

extensions/diffs/src/render.ts

@@ -241,14 +241,6 @@ function renderDiffCard(payload: DiffViewerPayload): string {
   </section>`;
 }
 
-function renderStaticDiffCard(prerenderedHTML: string): string {
-  return `<section class="oc-diff-card">
-    <diffs-container class="oc-diff-host" data-openclaw-diff-host>
-      <template shadowrootmode="open">${prerenderedHTML}</template>
-    </diffs-container>
-  </section>`;
-}
-
 function buildHtmlDocument(params: {
   title: string;
   bodyHtml: string;
@@ -257,7 +249,7 @@ function buildHtmlDocument(params: {
   runtimeMode: "viewer" | "image";
 }): string {
   return `<!doctype html>
-<html lang="en"${params.runtimeMode === "image" ? ' data-openclaw-diffs-ready="true"' : ""}>
+<html lang="en">
   <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
@@ -349,7 +341,7 @@ function buildHtmlDocument(params: {
         ${params.bodyHtml}
       </div>
     </main>
-    ${params.runtimeMode === "viewer" ? `<script type="module" src="${VIEWER_LOADER_PATH}"></script>` : ""}
+    <script type="module" src="${VIEWER_LOADER_PATH}"></script>
   </body>
 </html>`;
 }
@@ -360,16 +352,12 @@ type RenderedSection = {
 };
 
 function buildRenderedSection(params: {
-  viewerPrerenderedHtml: string;
-  imagePrerenderedHtml: string;
-  payload: Omit<DiffViewerPayload, "prerenderedHTML">;
+  viewerPayload: DiffViewerPayload;
+  imagePayload: DiffViewerPayload;
 }): RenderedSection {
   return {
-    viewer: renderDiffCard({
-      prerenderedHTML: params.viewerPrerenderedHtml,
-      ...params.payload,
-    }),
-    image: renderStaticDiffCard(params.imagePrerenderedHtml),
+    viewer: renderDiffCard(params.viewerPayload),
+    image: renderDiffCard(params.imagePayload),
   };
 }
 
@@ -401,21 +389,20 @@ async function renderBeforeAfterDiff(
   };
   const { viewerOptions, imageOptions } = buildRenderVariants(options);
   const [viewerResult, imageResult] = await Promise.all([
-    preloadMultiFileDiff({
+    preloadMultiFileDiffWithFallback({
       oldFile,
       newFile,
       options: viewerOptions,
     }),
-    preloadMultiFileDiff({
+    preloadMultiFileDiffWithFallback({
       oldFile,
       newFile,
       options: imageOptions,
     }),
   ]);
   const section = buildRenderedSection({
-    viewerPrerenderedHtml: viewerResult.prerenderedHTML,
-    imagePrerenderedHtml: imageResult.prerenderedHTML,
-    payload: {
+    viewerPayload: {
+      prerenderedHTML: viewerResult.prerenderedHTML,
       oldFile: viewerResult.oldFile,
       newFile: viewerResult.newFile,
       options: viewerOptions,
@@ -424,6 +411,16 @@ async function renderBeforeAfterDiff(
         newFile: viewerResult.newFile,
       }),
     },
+    imagePayload: {
+      prerenderedHTML: imageResult.prerenderedHTML,
+      oldFile: imageResult.oldFile,
+      newFile: imageResult.newFile,
+      options: imageOptions,
+      langs: buildPayloadLanguages({
+        oldFile: imageResult.oldFile,
+        newFile: imageResult.newFile,
+      }),
+    },
   });
 
   return {
@@ -456,24 +453,29 @@ async function renderPatchDiff(
   const sections = await Promise.all(
     files.map(async (fileDiff) => {
       const [viewerResult, imageResult] = await Promise.all([
-        preloadFileDiff({
+        preloadFileDiffWithFallback({
           fileDiff,
           options: viewerOptions,
         }),
-        preloadFileDiff({
+        preloadFileDiffWithFallback({
           fileDiff,
           options: imageOptions,
         }),
       ]);
 
       return buildRenderedSection({
-        viewerPrerenderedHtml: viewerResult.prerenderedHTML,
-        imagePrerenderedHtml: imageResult.prerenderedHTML,
-        payload: {
+        viewerPayload: {
+          prerenderedHTML: viewerResult.prerenderedHTML,
           fileDiff: viewerResult.fileDiff,
           options: viewerOptions,
           langs: buildPayloadLanguages({ fileDiff: viewerResult.fileDiff }),
         },
+        imagePayload: {
+          prerenderedHTML: imageResult.prerenderedHTML,
+          fileDiff: imageResult.fileDiff,
+          options: imageOptions,
+          langs: buildPayloadLanguages({ fileDiff: imageResult.fileDiff }),
+        },
       });
     }),
   );
@@ -514,3 +516,49 @@ export async function renderDiffDocument(
     inputKind: input.kind,
   };
 }
+
+type PreloadedFileDiffResult = Awaited<ReturnType<typeof preloadFileDiff>>;
+type PreloadedMultiFileDiffResult = Awaited<ReturnType<typeof preloadMultiFileDiff>>;
+
+function shouldFallbackToClientHydration(error: unknown): boolean {
+  return (
+    error instanceof TypeError &&
+    error.message.includes('needs an import attribute of "type: json"')
+  );
+}
+
+async function preloadFileDiffWithFallback(params: {
+  fileDiff: FileDiffMetadata;
+  options: DiffViewerOptions;
+}): Promise<PreloadedFileDiffResult> {
+  try {
+    return await preloadFileDiff(params);
+  } catch (error) {
+    if (!shouldFallbackToClientHydration(error)) {
+      throw error;
+    }
+    return {
+      fileDiff: params.fileDiff,
+      prerenderedHTML: "",
+    };
+  }
+}
+
+async function preloadMultiFileDiffWithFallback(params: {
+  oldFile: FileContents;
+  newFile: FileContents;
+  options: DiffViewerOptions;
+}): Promise<PreloadedMultiFileDiffResult> {
+  try {
+    return await preloadMultiFileDiff(params);
+  } catch (error) {
+    if (!shouldFallbackToClientHydration(error)) {
+      throw error;
+    }
+    return {
+      oldFile: params.oldFile,
+      newFile: params.newFile,
+      prerenderedHTML: "",
+    };
+  }
+}

extensions/diffs/src/tool.test.ts

@@ -57,7 +57,7 @@ describe("diffs tool", () => {
     const cleanupSpy = vi.spyOn(store, "scheduleCleanup");
     const screenshotter = createPngScreenshotter({
       assertHtml: (html) => {
-        expect(html).not.toContain("/plugins/diffs/assets/viewer.js");
+        expect(html).toContain("/plugins/diffs/assets/viewer.js");
       },
       assertImage: (image) => {
         expect(image).toMatchObject({
@@ -332,13 +332,13 @@ describe("diffs tool", () => {
     const html = await store.readHtml(id);
     expect(html).toContain('body data-theme="light"');
     expect(html).toContain("--diffs-font-size: 17px;");
-    expect(html).toContain('--diffs-font-family: "JetBrains Mono"');
+    expect(html).toContain("JetBrains Mono");
   });
 
   it("prefers explicit tool params over configured defaults", async () => {
     const screenshotter = createPngScreenshotter({
       assertHtml: (html) => {
-        expect(html).not.toContain("/plugins/diffs/assets/viewer.js");
+        expect(html).toContain("/plugins/diffs/assets/viewer.js");
       },
       assertImage: (image) => {
         expect(image).toMatchObject({

extensions/discord/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/discord",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Discord channel plugin",
   "type": "module",
   "openclaw": {

extensions/discord/src/account-inspect.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { inspectDiscordAccount } from "./account-inspect.js";
 
 function asConfig(value: unknown): OpenClawConfig {

extensions/discord/src/account-inspect.ts

@@ -1,7 +1,10 @@
-import type { OpenClawConfig } from "../config/config.js";
-import type { DiscordAccountConfig } from "../config/types.discord.js";
-import { hasConfiguredSecretInput, normalizeSecretInputString } from "../config/types.secrets.js";
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { DiscordAccountConfig } from "../../../src/config/types.discord.js";
+import {
+  hasConfiguredSecretInput,
+  normalizeSecretInputString,
+} from "../../../src/config/types.secrets.js";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js";
 import {
   mergeDiscordAccountConfig,
   resolveDefaultDiscordAccountId,

extensions/discord/src/accounts.ts

@@ -1,9 +1,9 @@
-import { createAccountActionGate } from "../channels/plugins/account-action-gate.js";
-import { createAccountListHelpers } from "../channels/plugins/account-helpers.js";
-import type { OpenClawConfig } from "../config/config.js";
-import type { DiscordAccountConfig, DiscordActionConfig } from "../config/types.js";
-import { resolveAccountEntry } from "../routing/account-lookup.js";
-import { normalizeAccountId } from "../routing/session-key.js";
+import { createAccountActionGate } from "../../../src/channels/plugins/account-action-gate.js";
+import { createAccountListHelpers } from "../../../src/channels/plugins/account-helpers.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { DiscordAccountConfig, DiscordActionConfig } from "../../../src/config/types.js";
+import { resolveAccountEntry } from "../../../src/routing/account-lookup.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
 import { resolveDiscordToken } from "./token.js";
 
 export type ResolvedDiscordAccount = {

extensions/discord/src/actions/handle-action.guild-admin.ts

@@ -0,0 +1,451 @@
+import type { AgentToolResult } from "@mariozechner/pi-agent-core";
+import {
+  parseAvailableTags,
+  readNumberParam,
+  readStringArrayParam,
+  readStringParam,
+} from "../../../../src/agents/tools/common.js";
+import {
+  isDiscordModerationAction,
+  readDiscordModerationCommand,
+} from "../../../../src/agents/tools/discord-actions-moderation-shared.js";
+import { handleDiscordAction } from "../../../../src/agents/tools/discord-actions.js";
+import type { ChannelMessageActionContext } from "../../../../src/channels/plugins/types.js";
+
+type Ctx = Pick<
+  ChannelMessageActionContext,
+  "action" | "params" | "cfg" | "accountId" | "requesterSenderId"
+>;
+
+export async function tryHandleDiscordMessageActionGuildAdmin(params: {
+  ctx: Ctx;
+  resolveChannelId: () => string;
+  readParentIdParam: (params: Record<string, unknown>) => string | null | undefined;
+}): Promise<AgentToolResult<unknown> | undefined> {
+  const { ctx, resolveChannelId, readParentIdParam } = params;
+  const { action, params: actionParams, cfg } = ctx;
+  const accountId = ctx.accountId ?? readStringParam(actionParams, "accountId");
+
+  if (action === "member-info") {
+    const userId = readStringParam(actionParams, "userId", { required: true });
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "memberInfo", accountId: accountId ?? undefined, guildId, userId },
+      cfg,
+    );
+  }
+
+  if (action === "role-info") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "roleInfo", accountId: accountId ?? undefined, guildId },
+      cfg,
+    );
+  }
+
+  if (action === "emoji-list") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "emojiList", accountId: accountId ?? undefined, guildId },
+      cfg,
+    );
+  }
+
+  if (action === "emoji-upload") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "emojiName", { required: true });
+    const mediaUrl = readStringParam(actionParams, "media", {
+      required: true,
+      trim: false,
+    });
+    const roleIds = readStringArrayParam(actionParams, "roleIds");
+    return await handleDiscordAction(
+      {
+        action: "emojiUpload",
+        accountId: accountId ?? undefined,
+        guildId,
+        name,
+        mediaUrl,
+        roleIds,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "sticker-upload") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "stickerName", {
+      required: true,
+    });
+    const description = readStringParam(actionParams, "stickerDesc", {
+      required: true,
+    });
+    const tags = readStringParam(actionParams, "stickerTags", {
+      required: true,
+    });
+    const mediaUrl = readStringParam(actionParams, "media", {
+      required: true,
+      trim: false,
+    });
+    return await handleDiscordAction(
+      {
+        action: "stickerUpload",
+        accountId: accountId ?? undefined,
+        guildId,
+        name,
+        description,
+        tags,
+        mediaUrl,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "role-add" || action === "role-remove") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const userId = readStringParam(actionParams, "userId", { required: true });
+    const roleId = readStringParam(actionParams, "roleId", { required: true });
+    return await handleDiscordAction(
+      {
+        action: action === "role-add" ? "roleAdd" : "roleRemove",
+        accountId: accountId ?? undefined,
+        guildId,
+        userId,
+        roleId,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "channel-info") {
+    const channelId = readStringParam(actionParams, "channelId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "channelInfo", accountId: accountId ?? undefined, channelId },
+      cfg,
+    );
+  }
+
+  if (action === "channel-list") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "channelList", accountId: accountId ?? undefined, guildId },
+      cfg,
+    );
+  }
+
+  if (action === "channel-create") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "name", { required: true });
+    const type = readNumberParam(actionParams, "type", { integer: true });
+    const parentId = readParentIdParam(actionParams);
+    const topic = readStringParam(actionParams, "topic");
+    const position = readNumberParam(actionParams, "position", {
+      integer: true,
+    });
+    const nsfw = typeof actionParams.nsfw === "boolean" ? actionParams.nsfw : undefined;
+    return await handleDiscordAction(
+      {
+        action: "channelCreate",
+        accountId: accountId ?? undefined,
+        guildId,
+        name,
+        type: type ?? undefined,
+        parentId: parentId ?? undefined,
+        topic: topic ?? undefined,
+        position: position ?? undefined,
+        nsfw,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "channel-edit") {
+    const channelId = readStringParam(actionParams, "channelId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "name");
+    const topic = readStringParam(actionParams, "topic");
+    const position = readNumberParam(actionParams, "position", {
+      integer: true,
+    });
+    const parentId = readParentIdParam(actionParams);
+    const nsfw = typeof actionParams.nsfw === "boolean" ? actionParams.nsfw : undefined;
+    const rateLimitPerUser = readNumberParam(actionParams, "rateLimitPerUser", {
+      integer: true,
+    });
+    const archived = typeof actionParams.archived === "boolean" ? actionParams.archived : undefined;
+    const locked = typeof actionParams.locked === "boolean" ? actionParams.locked : undefined;
+    const autoArchiveDuration = readNumberParam(actionParams, "autoArchiveDuration", {
+      integer: true,
+    });
+    const availableTags = parseAvailableTags(actionParams.availableTags);
+    return await handleDiscordAction(
+      {
+        action: "channelEdit",
+        accountId: accountId ?? undefined,
+        channelId,
+        name: name ?? undefined,
+        topic: topic ?? undefined,
+        position: position ?? undefined,
+        parentId: parentId === undefined ? undefined : parentId,
+        nsfw,
+        rateLimitPerUser: rateLimitPerUser ?? undefined,
+        archived,
+        locked,
+        autoArchiveDuration: autoArchiveDuration ?? undefined,
+        availableTags,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "channel-delete") {
+    const channelId = readStringParam(actionParams, "channelId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "channelDelete", accountId: accountId ?? undefined, channelId },
+      cfg,
+    );
+  }
+
+  if (action === "channel-move") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const channelId = readStringParam(actionParams, "channelId", {
+      required: true,
+    });
+    const parentId = readParentIdParam(actionParams);
+    const position = readNumberParam(actionParams, "position", {
+      integer: true,
+    });
+    return await handleDiscordAction(
+      {
+        action: "channelMove",
+        accountId: accountId ?? undefined,
+        guildId,
+        channelId,
+        parentId: parentId === undefined ? undefined : parentId,
+        position: position ?? undefined,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "category-create") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "name", { required: true });
+    const position = readNumberParam(actionParams, "position", {
+      integer: true,
+    });
+    return await handleDiscordAction(
+      {
+        action: "categoryCreate",
+        accountId: accountId ?? undefined,
+        guildId,
+        name,
+        position: position ?? undefined,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "category-edit") {
+    const categoryId = readStringParam(actionParams, "categoryId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "name");
+    const position = readNumberParam(actionParams, "position", {
+      integer: true,
+    });
+    return await handleDiscordAction(
+      {
+        action: "categoryEdit",
+        accountId: accountId ?? undefined,
+        categoryId,
+        name: name ?? undefined,
+        position: position ?? undefined,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "category-delete") {
+    const categoryId = readStringParam(actionParams, "categoryId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "categoryDelete", accountId: accountId ?? undefined, categoryId },
+      cfg,
+    );
+  }
+
+  if (action === "voice-status") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const userId = readStringParam(actionParams, "userId", { required: true });
+    return await handleDiscordAction(
+      { action: "voiceStatus", accountId: accountId ?? undefined, guildId, userId },
+      cfg,
+    );
+  }
+
+  if (action === "event-list") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "eventList", accountId: accountId ?? undefined, guildId },
+      cfg,
+    );
+  }
+
+  if (action === "event-create") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "eventName", { required: true });
+    const startTime = readStringParam(actionParams, "startTime", {
+      required: true,
+    });
+    const endTime = readStringParam(actionParams, "endTime");
+    const description = readStringParam(actionParams, "desc");
+    const channelId = readStringParam(actionParams, "channelId");
+    const location = readStringParam(actionParams, "location");
+    const entityType = readStringParam(actionParams, "eventType");
+    return await handleDiscordAction(
+      {
+        action: "eventCreate",
+        accountId: accountId ?? undefined,
+        guildId,
+        name,
+        startTime,
+        endTime,
+        description,
+        channelId,
+        location,
+        entityType,
+      },
+      cfg,
+    );
+  }
+
+  if (isDiscordModerationAction(action)) {
+    const moderation = readDiscordModerationCommand(action, {
+      ...actionParams,
+      durationMinutes: readNumberParam(actionParams, "durationMin", { integer: true }),
+      deleteMessageDays: readNumberParam(actionParams, "deleteDays", {
+        integer: true,
+      }),
+    });
+    const senderUserId = ctx.requesterSenderId?.trim() || undefined;
+    return await handleDiscordAction(
+      {
+        action: moderation.action,
+        accountId: accountId ?? undefined,
+        guildId: moderation.guildId,
+        userId: moderation.userId,
+        durationMinutes: moderation.durationMinutes,
+        until: moderation.until,
+        reason: moderation.reason,
+        deleteMessageDays: moderation.deleteMessageDays,
+        senderUserId,
+      },
+      cfg,
+    );
+  }
+
+  // Some actions are conceptually "admin", but still act on a resolved channel.
+  if (action === "thread-list") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const channelId = readStringParam(actionParams, "channelId");
+    const includeArchived =
+      typeof actionParams.includeArchived === "boolean" ? actionParams.includeArchived : undefined;
+    const before = readStringParam(actionParams, "before");
+    const limit = readNumberParam(actionParams, "limit", { integer: true });
+    return await handleDiscordAction(
+      {
+        action: "threadList",
+        accountId: accountId ?? undefined,
+        guildId,
+        channelId,
+        includeArchived,
+        before,
+        limit,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "thread-reply") {
+    const content = readStringParam(actionParams, "message", {
+      required: true,
+    });
+    const mediaUrl = readStringParam(actionParams, "media", { trim: false });
+    const replyTo = readStringParam(actionParams, "replyTo");
+
+    // `message.thread-reply` (tool) uses `threadId`, while the CLI historically used `to`/`channelId`.
+    // Prefer `threadId` when present to avoid accidentally replying in the parent channel.
+    const threadId = readStringParam(actionParams, "threadId");
+    const channelId = threadId ?? resolveChannelId();
+
+    return await handleDiscordAction(
+      {
+        action: "threadReply",
+        accountId: accountId ?? undefined,
+        channelId,
+        content,
+        mediaUrl: mediaUrl ?? undefined,
+        replyTo: replyTo ?? undefined,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "search") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const query = readStringParam(actionParams, "query", { required: true });
+    return await handleDiscordAction(
+      {
+        action: "searchMessages",
+        accountId: accountId ?? undefined,
+        guildId,
+        content: query,
+        channelId: readStringParam(actionParams, "channelId"),
+        channelIds: readStringArrayParam(actionParams, "channelIds"),
+        authorId: readStringParam(actionParams, "authorId"),
+        authorIds: readStringArrayParam(actionParams, "authorIds"),
+        limit: readNumberParam(actionParams, "limit", { integer: true }),
+      },
+      cfg,
+    );
+  }
+
+  return undefined;
+}

extensions/discord/src/actions/handle-action.ts

@@ -0,0 +1,295 @@
+import type { AgentToolResult } from "@mariozechner/pi-agent-core";
+import {
+  readNumberParam,
+  readStringArrayParam,
+  readStringParam,
+} from "../../../../src/agents/tools/common.js";
+import { readDiscordParentIdParam } from "../../../../src/agents/tools/discord-actions-shared.js";
+import { handleDiscordAction } from "../../../../src/agents/tools/discord-actions.js";
+import { resolveReactionMessageId } from "../../../../src/channels/plugins/actions/reaction-message-id.js";
+import type { ChannelMessageActionContext } from "../../../../src/channels/plugins/types.js";
+import { readBooleanParam } from "../../../../src/plugin-sdk/boolean-param.js";
+import { resolveDiscordChannelId } from "../targets.js";
+import { tryHandleDiscordMessageActionGuildAdmin } from "./handle-action.guild-admin.js";
+
+const providerId = "discord";
+
+export async function handleDiscordMessageAction(
+  ctx: Pick<
+    ChannelMessageActionContext,
+    | "action"
+    | "params"
+    | "cfg"
+    | "accountId"
+    | "requesterSenderId"
+    | "toolContext"
+    | "mediaLocalRoots"
+  >,
+): Promise<AgentToolResult<unknown>> {
+  const { action, params, cfg } = ctx;
+  const accountId = ctx.accountId ?? readStringParam(params, "accountId");
+  const actionOptions = {
+    mediaLocalRoots: ctx.mediaLocalRoots,
+  } as const;
+
+  const resolveChannelId = () =>
+    resolveDiscordChannelId(
+      readStringParam(params, "channelId") ?? readStringParam(params, "to", { required: true }),
+    );
+
+  if (action === "send") {
+    const to = readStringParam(params, "to", { required: true });
+    const asVoice = readBooleanParam(params, "asVoice") === true;
+    const rawComponents = params.components;
+    const hasComponents =
+      Boolean(rawComponents) &&
+      (typeof rawComponents === "function" || typeof rawComponents === "object");
+    const components = hasComponents ? rawComponents : undefined;
+    const content = readStringParam(params, "message", {
+      required: !asVoice && !hasComponents,
+      allowEmpty: true,
+    });
+    // Support media, path, and filePath for media URL
+    const mediaUrl =
+      readStringParam(params, "media", { trim: false }) ??
+      readStringParam(params, "path", { trim: false }) ??
+      readStringParam(params, "filePath", { trim: false });
+    const filename = readStringParam(params, "filename");
+    const replyTo = readStringParam(params, "replyTo");
+    const rawEmbeds = params.embeds;
+    const embeds = Array.isArray(rawEmbeds) ? rawEmbeds : undefined;
+    const silent = readBooleanParam(params, "silent") === true;
+    const sessionKey = readStringParam(params, "__sessionKey");
+    const agentId = readStringParam(params, "__agentId");
+    return await handleDiscordAction(
+      {
+        action: "sendMessage",
+        accountId: accountId ?? undefined,
+        to,
+        content,
+        mediaUrl: mediaUrl ?? undefined,
+        filename: filename ?? undefined,
+        replyTo: replyTo ?? undefined,
+        components,
+        embeds,
+        asVoice,
+        silent,
+        __sessionKey: sessionKey ?? undefined,
+        __agentId: agentId ?? undefined,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "poll") {
+    const to = readStringParam(params, "to", { required: true });
+    const question = readStringParam(params, "pollQuestion", {
+      required: true,
+    });
+    const answers = readStringArrayParam(params, "pollOption", { required: true });
+    const allowMultiselect = readBooleanParam(params, "pollMulti");
+    const durationHours = readNumberParam(params, "pollDurationHours", {
+      integer: true,
+      strict: true,
+    });
+    return await handleDiscordAction(
+      {
+        action: "poll",
+        accountId: accountId ?? undefined,
+        to,
+        question,
+        answers,
+        allowMultiselect,
+        durationHours: durationHours ?? undefined,
+        content: readStringParam(params, "message"),
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "react") {
+    const messageIdRaw = resolveReactionMessageId({ args: params, toolContext: ctx.toolContext });
+    const messageId = messageIdRaw != null ? String(messageIdRaw).trim() : "";
+    if (!messageId) {
+      throw new Error(
+        "messageId required. Provide messageId explicitly or react to the current inbound message.",
+      );
+    }
+    const emoji = readStringParam(params, "emoji", { allowEmpty: true });
+    const remove = readBooleanParam(params, "remove");
+    return await handleDiscordAction(
+      {
+        action: "react",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        messageId,
+        emoji,
+        remove,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "reactions") {
+    const messageId = readStringParam(params, "messageId", { required: true });
+    const limit = readNumberParam(params, "limit", { integer: true });
+    return await handleDiscordAction(
+      {
+        action: "reactions",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        messageId,
+        limit,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "read") {
+    const limit = readNumberParam(params, "limit", { integer: true });
+    return await handleDiscordAction(
+      {
+        action: "readMessages",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        limit,
+        before: readStringParam(params, "before"),
+        after: readStringParam(params, "after"),
+        around: readStringParam(params, "around"),
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "edit") {
+    const messageId = readStringParam(params, "messageId", { required: true });
+    const content = readStringParam(params, "message", { required: true });
+    return await handleDiscordAction(
+      {
+        action: "editMessage",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        messageId,
+        content,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "delete") {
+    const messageId = readStringParam(params, "messageId", { required: true });
+    return await handleDiscordAction(
+      {
+        action: "deleteMessage",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        messageId,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "pin" || action === "unpin" || action === "list-pins") {
+    const messageId =
+      action === "list-pins" ? undefined : readStringParam(params, "messageId", { required: true });
+    return await handleDiscordAction(
+      {
+        action: action === "pin" ? "pinMessage" : action === "unpin" ? "unpinMessage" : "listPins",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        messageId,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "permissions") {
+    return await handleDiscordAction(
+      {
+        action: "permissions",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "thread-create") {
+    const name = readStringParam(params, "threadName", { required: true });
+    const messageId = readStringParam(params, "messageId");
+    const content = readStringParam(params, "message");
+    const autoArchiveMinutes = readNumberParam(params, "autoArchiveMin", {
+      integer: true,
+    });
+    const appliedTags = readStringArrayParam(params, "appliedTags");
+    return await handleDiscordAction(
+      {
+        action: "threadCreate",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        name,
+        messageId,
+        content,
+        autoArchiveMinutes,
+        appliedTags: appliedTags ?? undefined,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "sticker") {
+    const stickerIds =
+      readStringArrayParam(params, "stickerId", {
+        required: true,
+        label: "sticker-id",
+      }) ?? [];
+    return await handleDiscordAction(
+      {
+        action: "sticker",
+        accountId: accountId ?? undefined,
+        to: readStringParam(params, "to", { required: true }),
+        stickerIds,
+        content: readStringParam(params, "message"),
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "set-presence") {
+    return await handleDiscordAction(
+      {
+        action: "setPresence",
+        accountId: accountId ?? undefined,
+        status: readStringParam(params, "status"),
+        activityType: readStringParam(params, "activityType"),
+        activityName: readStringParam(params, "activityName"),
+        activityUrl: readStringParam(params, "activityUrl"),
+        activityState: readStringParam(params, "activityState"),
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  const adminResult = await tryHandleDiscordMessageActionGuildAdmin({
+    ctx,
+    resolveChannelId,
+    readParentIdParam: readDiscordParentIdParam,
+  });
+  if (adminResult !== undefined) {
+    return adminResult;
+  }
+
+  throw new Error(`Action ${String(action)} is not supported for provider ${providerId}.`);
+}

extensions/discord/src/api.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { withFetchPreconnect } from "../test-utils/fetch-mock.js";
+import { withFetchPreconnect } from "../../../src/test-utils/fetch-mock.js";
 import { fetchDiscord } from "./api.js";
 import { jsonResponse } from "./test-http-helpers.js";
 

extensions/discord/src/api.ts

@@ -1,5 +1,5 @@
-import { resolveFetch } from "../infra/fetch.js";
-import { resolveRetryConfig, retryAsync, type RetryConfig } from "../infra/retry.js";
+import { resolveFetch } from "../../../src/infra/fetch.js";
+import { resolveRetryConfig, retryAsync, type RetryConfig } from "../../../src/infra/retry.js";
 
 const DISCORD_API_BASE = "https://discord.com/api/v10";
 const DISCORD_API_RETRY_DEFAULTS = {

extensions/discord/src/audit.test.ts

@@ -27,7 +27,7 @@ describe("discord audit", () => {
           },
         },
       },
-    } as unknown as import("../config/config.js").OpenClawConfig;
+    } as unknown as import("../../../src/config/config.js").OpenClawConfig;
 
     const collected = collectDiscordAuditChannelIds({
       cfg,
@@ -73,7 +73,7 @@ describe("discord audit", () => {
           },
         },
       },
-    } as unknown as import("../config/config.js").OpenClawConfig;
+    } as unknown as import("../../../src/config/config.js").OpenClawConfig;
 
     const collected = collectDiscordAuditChannelIds({ cfg, accountId: "default" });
     expect(collected.channelIds).toEqual(["111"]);
@@ -98,7 +98,7 @@ describe("discord audit", () => {
           },
         },
       },
-    } as unknown as import("../config/config.js").OpenClawConfig;
+    } as unknown as import("../../../src/config/config.js").OpenClawConfig;
 
     const collected = collectDiscordAuditChannelIds({ cfg, accountId: "default" });
     expect(collected.channelIds).toEqual([]);
@@ -127,7 +127,7 @@ describe("discord audit", () => {
           },
         },
       },
-    } as unknown as import("../config/config.js").OpenClawConfig;
+    } as unknown as import("../../../src/config/config.js").OpenClawConfig;
 
     const collected = collectDiscordAuditChannelIds({ cfg, accountId: "default" });
     expect(collected.channelIds).toEqual(["111"]);

extensions/discord/src/audit.ts

@@ -1,6 +1,6 @@
-import type { OpenClawConfig } from "../config/config.js";
-import type { DiscordGuildChannelConfig, DiscordGuildEntry } from "../config/types.js";
-import { isRecord } from "../utils.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { DiscordGuildChannelConfig, DiscordGuildEntry } from "../../../src/config/types.js";
+import { isRecord } from "../../../src/utils.js";
 import { inspectDiscordAccount } from "./account-inspect.js";
 import { fetchChannelPermissionsDiscord } from "./send.js";
 

extensions/discord/src/channel-actions.ts

@@ -0,0 +1,140 @@
+import {
+  createUnionActionGate,
+  listTokenSourcedAccounts,
+} from "../../../src/channels/plugins/actions/shared.js";
+import type {
+  ChannelMessageActionAdapter,
+  ChannelMessageActionName,
+} from "../../../src/channels/plugins/types.js";
+import type { DiscordActionConfig } from "../../../src/config/types.discord.js";
+import { createDiscordActionGate, listEnabledDiscordAccounts } from "./accounts.js";
+import { handleDiscordMessageAction } from "./actions/handle-action.js";
+
+export const discordMessageActions: ChannelMessageActionAdapter = {
+  listActions: ({ cfg }) => {
+    const accounts = listTokenSourcedAccounts(listEnabledDiscordAccounts(cfg));
+    if (accounts.length === 0) {
+      return [];
+    }
+    // Union of all accounts' action gates (any account enabling an action makes it available)
+    const gate = createUnionActionGate(accounts, (account) =>
+      createDiscordActionGate({
+        cfg,
+        accountId: account.accountId,
+      }),
+    );
+    const isEnabled = (key: keyof DiscordActionConfig, defaultValue = true) =>
+      gate(key, defaultValue);
+    const actions = new Set<ChannelMessageActionName>(["send"]);
+    if (isEnabled("polls")) {
+      actions.add("poll");
+    }
+    if (isEnabled("reactions")) {
+      actions.add("react");
+      actions.add("reactions");
+    }
+    if (isEnabled("messages")) {
+      actions.add("read");
+      actions.add("edit");
+      actions.add("delete");
+    }
+    if (isEnabled("pins")) {
+      actions.add("pin");
+      actions.add("unpin");
+      actions.add("list-pins");
+    }
+    if (isEnabled("permissions")) {
+      actions.add("permissions");
+    }
+    if (isEnabled("threads")) {
+      actions.add("thread-create");
+      actions.add("thread-list");
+      actions.add("thread-reply");
+    }
+    if (isEnabled("search")) {
+      actions.add("search");
+    }
+    if (isEnabled("stickers")) {
+      actions.add("sticker");
+    }
+    if (isEnabled("memberInfo")) {
+      actions.add("member-info");
+    }
+    if (isEnabled("roleInfo")) {
+      actions.add("role-info");
+    }
+    if (isEnabled("reactions")) {
+      actions.add("emoji-list");
+    }
+    if (isEnabled("emojiUploads")) {
+      actions.add("emoji-upload");
+    }
+    if (isEnabled("stickerUploads")) {
+      actions.add("sticker-upload");
+    }
+    if (isEnabled("roles", false)) {
+      actions.add("role-add");
+      actions.add("role-remove");
+    }
+    if (isEnabled("channelInfo")) {
+      actions.add("channel-info");
+      actions.add("channel-list");
+    }
+    if (isEnabled("channels")) {
+      actions.add("channel-create");
+      actions.add("channel-edit");
+      actions.add("channel-delete");
+      actions.add("channel-move");
+      actions.add("category-create");
+      actions.add("category-edit");
+      actions.add("category-delete");
+    }
+    if (isEnabled("voiceStatus")) {
+      actions.add("voice-status");
+    }
+    if (isEnabled("events")) {
+      actions.add("event-list");
+      actions.add("event-create");
+    }
+    if (isEnabled("moderation", false)) {
+      actions.add("timeout");
+      actions.add("kick");
+      actions.add("ban");
+    }
+    if (isEnabled("presence", false)) {
+      actions.add("set-presence");
+    }
+    return Array.from(actions);
+  },
+  extractToolSend: ({ args }) => {
+    const action = typeof args.action === "string" ? args.action.trim() : "";
+    if (action === "sendMessage") {
+      const to = typeof args.to === "string" ? args.to : undefined;
+      return to ? { to } : null;
+    }
+    if (action === "threadReply") {
+      const channelId = typeof args.channelId === "string" ? args.channelId.trim() : "";
+      return channelId ? { to: `channel:${channelId}` } : null;
+    }
+    return null;
+  },
+  handleAction: async ({
+    action,
+    params,
+    cfg,
+    accountId,
+    requesterSenderId,
+    toolContext,
+    mediaLocalRoots,
+  }) => {
+    return await handleDiscordMessageAction({
+      action,
+      params,
+      cfg,
+      accountId,
+      requesterSenderId,
+      toolContext,
+      mediaLocalRoots,
+    });
+  },
+};

extensions/discord/src/channel.ts

@@ -37,8 +37,13 @@ import {
   type ChannelPlugin,
   type ResolvedDiscordAccount,
 } from "openclaw/plugin-sdk/discord";
+import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js";
 import { getDiscordRuntime } from "./runtime.js";
 
+type DiscordSendFn = ReturnType<
+  typeof getDiscordRuntime
+>["channel"]["discord"]["sendMessageDiscord"];
+
 const meta = getChatChannelMeta("discord");
 
 const discordMessageActions: ChannelMessageActionAdapter = {
@@ -300,7 +305,9 @@ export const discordPlugin: ChannelPlugin<ResolvedDiscordAccount> = {
     pollMaxOptions: 10,
     resolveTarget: ({ to }) => normalizeDiscordOutboundTarget(to),
     sendText: async ({ cfg, to, text, accountId, deps, replyToId, silent }) => {
-      const send = deps?.sendDiscord ?? getDiscordRuntime().channel.discord.sendMessageDiscord;
+      const send =
+        resolveOutboundSendDep<DiscordSendFn>(deps, "discord") ??
+        getDiscordRuntime().channel.discord.sendMessageDiscord;
       const result = await send(to, text, {
         verbose: false,
         cfg,
@@ -321,7 +328,9 @@ export const discordPlugin: ChannelPlugin<ResolvedDiscordAccount> = {
       replyToId,
       silent,
     }) => {
-      const send = deps?.sendDiscord ?? getDiscordRuntime().channel.discord.sendMessageDiscord;
+      const send =
+        resolveOutboundSendDep<DiscordSendFn>(deps, "discord") ??
+        getDiscordRuntime().channel.discord.sendMessageDiscord;
       const result = await send(to, text, {
         verbose: false,
         cfg,

extensions/discord/src/chunk.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { countLines, hasBalancedFences } from "../test-utils/chunk-test-helpers.js";
+import { countLines, hasBalancedFences } from "../../../src/test-utils/chunk-test-helpers.js";
 import { chunkDiscordText, chunkDiscordTextWithMode } from "./chunk.js";
 
 describe("chunkDiscordText", () => {

extensions/discord/src/chunk.ts

@@ -1,4 +1,4 @@
-import { chunkMarkdownTextWithMode, type ChunkMode } from "../auto-reply/chunk.js";
+import { chunkMarkdownTextWithMode, type ChunkMode } from "../../../src/auto-reply/chunk.js";
 
 export type ChunkDiscordTextOpts = {
   /** Max characters per Discord message. Default: 2000. */

extensions/discord/src/client.test.ts

@@ -1,6 +1,6 @@
 import type { RequestClient } from "@buape/carbon";
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { createDiscordRestClient } from "./client.js";
 
 describe("createDiscordRestClient", () => {

extensions/discord/src/client.ts

@@ -1,8 +1,8 @@
 import { RequestClient } from "@buape/carbon";
-import { loadConfig } from "../config/config.js";
-import { createDiscordRetryRunner, type RetryRunner } from "../infra/retry-policy.js";
-import type { RetryConfig } from "../infra/retry.js";
-import { normalizeAccountId } from "../routing/session-key.js";
+import { loadConfig } from "../../../src/config/config.js";
+import { createDiscordRetryRunner, type RetryRunner } from "../../../src/infra/retry-policy.js";
+import type { RetryConfig } from "../../../src/infra/retry.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
 import {
   mergeDiscordAccountConfig,
   resolveDiscordAccount,

extensions/discord/src/directory-cache.ts

@@ -1,4 +1,4 @@
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/account-id.js";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/account-id.js";
 
 const DISCORD_DIRECTORY_CACHE_MAX_ENTRIES = 4000;
 const DISCORD_DISCRIMINATOR_SUFFIX = /#\d{4}$/;

extensions/discord/src/directory-live.test.ts

@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { DirectoryConfigParams } from "../channels/plugins/directory-config.js";
+import type { DirectoryConfigParams } from "../../../src/channels/plugins/directory-config.js";
 
 const mocks = vi.hoisted(() => ({
   fetchDiscord: vi.fn(),

extensions/discord/src/directory-live.ts

@@ -1,5 +1,5 @@
-import type { DirectoryConfigParams } from "../channels/plugins/directory-config.js";
-import type { ChannelDirectoryEntry } from "../channels/plugins/types.js";
+import type { DirectoryConfigParams } from "../../../src/channels/plugins/directory-config.js";
+import type { ChannelDirectoryEntry } from "../../../src/channels/plugins/types.js";
 import { resolveDiscordAccount } from "./accounts.js";
 import { fetchDiscord } from "./api.js";
 import { rememberDiscordDirectoryUser } from "./directory-cache.js";

extensions/discord/src/draft-chunking.ts

@@ -1,8 +1,8 @@
-import { resolveTextChunkLimit } from "../auto-reply/chunk.js";
-import { getChannelDock } from "../channels/dock.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { resolveAccountEntry } from "../routing/account-lookup.js";
-import { normalizeAccountId } from "../routing/session-key.js";
+import { resolveTextChunkLimit } from "../../../src/auto-reply/chunk.js";
+import { getChannelDock } from "../../../src/channels/dock.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { resolveAccountEntry } from "../../../src/routing/account-lookup.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
 
 const DEFAULT_DISCORD_DRAFT_STREAM_MIN = 200;
 const DEFAULT_DISCORD_DRAFT_STREAM_MAX = 800;

extensions/discord/src/draft-stream.ts

@@ -1,6 +1,6 @@
 import type { RequestClient } from "@buape/carbon";
 import { Routes } from "discord-api-types/v10";
-import { createFinalizableDraftLifecycle } from "../channels/draft-stream-controls.js";
+import { createFinalizableDraftLifecycle } from "../../../src/channels/draft-stream-controls.js";
 
 /** Discord messages cap at 2000 characters. */
 const DISCORD_STREAM_MAX_CHARS = 2000;

extensions/discord/src/exec-approvals.ts

@@ -1,6 +1,6 @@
-import type { ReplyPayload } from "../auto-reply/types.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { getExecApprovalReplyMetadata } from "../infra/exec-approval-reply.js";
+import type { ReplyPayload } from "../../../src/auto-reply/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { getExecApprovalReplyMetadata } from "../../../src/infra/exec-approval-reply.js";
 import { resolveDiscordAccount } from "./accounts.js";
 
 export function isDiscordExecApprovalClientEnabled(params: {

extensions/discord/src/gateway-logging.test.ts

@@ -1,11 +1,11 @@
 import { EventEmitter } from "node:events";
 import { afterEach, describe, expect, it, vi } from "vitest";
 
-vi.mock("../globals.js", () => ({
+vi.mock("../../../src/globals.js", () => ({
   logVerbose: vi.fn(),
 }));
 
-import { logVerbose } from "../globals.js";
+import { logVerbose } from "../../../src/globals.js";
 import { attachDiscordGatewayLogging } from "./gateway-logging.js";
 
 const makeRuntime = () => ({

extensions/discord/src/gateway-logging.ts

@@ -1,6 +1,6 @@
 import type { EventEmitter } from "node:events";
-import { logVerbose } from "../globals.js";
-import type { RuntimeEnv } from "../runtime.js";
+import { logVerbose } from "../../../src/globals.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 
 type GatewayEmitter = Pick<EventEmitter, "on" | "removeListener">;