openclaw
diff --git a/‎.agents/skills/release-openclaw-announcement/SKILL.md‎
Lines changed: 85 additions & 0 deletions b/‎.agents/skills/release-openclaw-announcement/SKILL.md‎
Lines changed: 85 additions & 0 deletions
diff --git a/‎.agents/skills/release-openclaw-announcement/agents/openai.yaml‎
Lines changed: 4 additions & 0 deletions b/‎.agents/skills/release-openclaw-announcement/agents/openai.yaml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/mantis-telegram-desktop-proof.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/mantis-telegram-desktop-proof.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/qa-live-transports-convex.yml‎
Lines changed: 8 additions & 7 deletions b/‎.github/workflows/qa-live-transports-convex.yml‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 2 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/tools/exec.md‎
Lines changed: 4 additions & 3 deletions b/‎docs/tools/exec.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎extensions/phone-control/index.test.ts‎
Lines changed: 47 additions & 4 deletions b/‎extensions/phone-control/index.test.ts‎
Lines changed: 47 additions & 4 deletions
diff --git a/‎extensions/phone-control/index.ts‎
Lines changed: 19 additions & 7 deletions b/‎extensions/phone-control/index.ts‎
Lines changed: 19 additions & 7 deletions
diff --git a/‎extensions/qa-lab/src/cli.runtime.ts‎
Lines changed: 7 additions & 2 deletions b/‎extensions/qa-lab/src/cli.runtime.ts‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎extensions/qa-lab/src/live-transports/slack/slack-live.runtime.test.ts‎
Lines changed: 21 additions & 0 deletions b/‎extensions/qa-lab/src/live-transports/slack/slack-live.runtime.test.ts‎
Lines changed: 21 additions & 0 deletions
@@ -0,0 +1,85 @@
+---
+name: release-openclaw-announcement
+description: "Draft or post OpenClaw beta/stable Discord release announcements from changelog, GitHub release, registry, and validation evidence. Use when announcing a beta, stable release, release candidate, or asking what users should test after an OpenClaw release."
+---
+
+# OpenClaw Release Announcement
+
+Use with `release-openclaw-maintainer` after a beta or stable release is live.
+Use with `openclaw-discord` when actually posting to Discord.
+
+## Evidence First
+
+Before drafting focus areas, read real release evidence:
+
+1. Current GitHub release body for the tag.
+2. `CHANGELOG.md` section for the released base version.
+3. Commits since the previous shipped version or the operator-specified base.
+4. Registry/package metadata for the exact version and current dist-tag.
+5. Validation status that is relevant to user confidence.
+
+Do not claim a full changelog audit unless you did it. If you only read the
+generated release notes or top changelog section, say that and either audit
+properly or draft with that limitation.
+
+For beta focus areas, prioritize user-observable changes over internal test or
+CI mechanics:
+
+- install/update paths
+- OS/platform-specific behavior
+- Gateway startup/restart, config, and runtime behavior
+- provider/model/runtime routing
+- plugin loading and local plugin development
+- channels and media paths
+- security/data-loss/user-impact fixes
+
+Do not let late release-branch fixes automatically dominate the announcement.
+If the version includes a large delta from the previous shipped version, rank
+focus areas by the whole release delta and expected user impact; mention late
+fixes in their natural category.
+
+## Required Copy
+
+Every beta announcement must make beta status explicit and include:
+
+- exact version, e.g. `OpenClaw 2026.5.25-beta.1`
+- one-sentence risk framing: beta, useful for testing, not stable promotion
+- focused test areas derived from evidence, not guesswork
+- update command promoted near the top:
+  ```sh
+  openclaw update --channel beta --yes
+  openclaw --version
+  ```
+- fresh install path:
+  `Install from https://openclaw.ai`
+- GitHub release link
+- concise validation note, without making CI the headline
+
+Do not suggest npm install commands in beta announcements unless the operator
+explicitly asks for npm-specific copy or troubleshooting text. It is fine to use
+registry metadata as evidence; do not turn that into public install guidance.
+
+For stable announcements, use the stable channel wording:
+
+```sh
+openclaw update --channel stable --yes
+openclaw --version
+```
+
+Fresh installs still point to `https://openclaw.ai`.
+
+## Style
+
+- Discord Markdown, no tables.
+- Keep it skimmable: short intro, bullets, commands, links.
+- Lead with what users can feel or test, not proof plumbing.
+- Mention validation only after install/update instructions.
+- Be specific about where feedback is useful.
+- Do not mention private local proof paths in public announcements.
+- Do not overstate unverified platforms, channels, or provider behavior.
+
+## Posting
+
+When asked to post, use the configured Discord workflow from
+`openclaw-discord` or the approved OpenClaw relay. Never print tokens.
+For public channels, inspect the final body before sending.
@@ -0,0 +1,4 @@
+interface:
+  display_name: "OpenClaw Release Announcement"
+  short_description: "Draft Discord beta/stable release announcements from evidence."
+  default_prompt: "Use this skill to draft an OpenClaw beta or stable Discord announcement from changelog, release notes, npm/GitHub release proof, and validation evidence."
@@ -225,6 +225,7 @@ jobs:
       - name: Checkout harness ref
         uses: actions/checkout@v6
         with:
+          ref: main
           persist-credentials: false
           fetch-depth: 0
 
 
@@ -52,6 +52,7 @@ env:
   FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
   NODE_VERSION: "24.x"
   OPENCLAW_CI_OPENAI_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_MODEL || 'openai/gpt-5.5' }}
+  OPENCLAW_CI_OPENAI_FALLBACK_MODEL: ${{ vars.OPENCLAW_CI_OPENAI_FALLBACK_MODEL || 'openai/gpt-5.4' }}
   OPENCLAW_BUILD_PRIVATE_QA: "1"
   OPENCLAW_ENABLE_PRIVATE_QA_CLI: "1"
 
@@ -288,7 +289,7 @@ jobs:
             --runtime-parity-tier live-only \
             --concurrency "${QA_PARITY_CONCURRENCY}" \
             --model "${OPENCLAW_CI_OPENAI_MODEL}" \
-            --alt-model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --alt-model "${OPENCLAW_CI_OPENAI_FALLBACK_MODEL}" \
             --runtime-pair openclaw,codex \
             --fast \
             --allow-failures \
@@ -373,7 +374,7 @@ jobs:
             --output-dir "${output_dir}" \
             --provider-mode live-frontier \
             --model "${OPENCLAW_CI_OPENAI_MODEL}" \
-            --alt-model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --alt-model "${OPENCLAW_CI_OPENAI_FALLBACK_MODEL}" \
             --profile "${INPUT_MATRIX_PROFILE}" \
             --fast
           )
@@ -457,7 +458,7 @@ jobs:
             --output-dir "${output_dir}" \
             --provider-mode live-frontier \
             --model "${OPENCLAW_CI_OPENAI_MODEL}" \
-            --alt-model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --alt-model "${OPENCLAW_CI_OPENAI_FALLBACK_MODEL}" \
             --profile "${{ matrix.profile }}" \
             --fast
           )
@@ -555,7 +556,7 @@ jobs:
             --output-dir "${output_dir}" \
             --provider-mode live-frontier \
             --model "${OPENCLAW_CI_OPENAI_MODEL}" \
-            --alt-model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --alt-model "${OPENCLAW_CI_OPENAI_FALLBACK_MODEL}" \
             --fast \
             --credential-source convex \
             --credential-role ci \
@@ -649,7 +650,7 @@ jobs:
             --output-dir "${output_dir}" \
             --provider-mode live-frontier \
             --model openai/gpt-5.5 \
-            --alt-model openai/gpt-5.5 \
+            --alt-model "${OPENCLAW_CI_OPENAI_FALLBACK_MODEL}" \
             --fast \
             --credential-source convex \
             --credential-role ci \
@@ -746,7 +747,7 @@ jobs:
             --output-dir "${output_dir}" \
             --provider-mode live-frontier \
             --model "${OPENCLAW_CI_OPENAI_MODEL}" \
-            --alt-model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --alt-model "${OPENCLAW_CI_OPENAI_FALLBACK_MODEL}" \
             --fast \
             --credential-source convex \
             --credential-role ci \
@@ -840,7 +841,7 @@ jobs:
             --output-dir "${output_dir}" \
             --provider-mode live-frontier \
             --model "${OPENCLAW_CI_OPENAI_MODEL}" \
-            --alt-model "${OPENCLAW_CI_OPENAI_MODEL}" \
+            --alt-model "${OPENCLAW_CI_OPENAI_FALLBACK_MODEL}" \
             --fast \
             --credential-source convex \
             --credential-role ci \
 
@@ -21,6 +21,8 @@ Docs: https://docs.openclaw.ai
 
 ### Fixes
 
+- Tighten phone-control mutation authorization [AI]. (#87150) Thanks @pgondhi987.
+- Clarify directive persistence authorization policy [AI]. (#86369) Thanks @pgondhi987.
 - Agents/Codex: keep spawned agent cwd/workspace state separated, keep hook context prompt-local, release session locks on timeout abort, avoid session event queue self-wait, preserve shared app-server state across startup or helper failures, keep native hook relay alive across restarts, route workspace memory through tools, resolve Codex runtime models first, report quarantined dynamic tools, format `skills` command output, and bound compaction/steering retries. (#87218, #86875, #86123, #87399, #87375, #87383, #87400) Thanks @mbelinky, @Alix-007, @luoyanglang, @yetval, and @sjf.
 - Channels: thread canonical session keys into outbound hooks, preserve Matrix room-id case, keep fallback tool warnings mention-inert, retain delivered Slack final replies during late cleanup, continue iMessage polling after denied reactions, suppress duplicate native exec approvals, preserve Telegram SecretRef prompt config, suppress Discord recovered tool warnings, and block untrusted Teams service URLs. (#73706, #75670, #87366, #87451, #87334) Thanks @zeroaltitude, @lukeboyett, @xiaotian, and @eleqtrizit.
 - CLI/auth/doctor/providers: reject malformed numeric/timeout/subcommand-version inputs, wait for respawn child shutdown, bound Codex and GitHub Copilot OAuth/token requests, warm provider auth off the main thread, honor Codex response timeouts, bound local service startup, resolve GPT-5.5 without cached catalog, migrate legacy memory auto-provider config, rewrite non-canonical `api_key` auth profiles, and make doctor restart follow-ups actionable. (#87398, #86281, #87361) Thanks @Patrick-Erichsen, @samzong, @giodl73-repo, and @alkor2000.
 
@@ -164,9 +164,10 @@ Example:
 ## Authorization model
 
 `/exec` is only honored for **authorized senders** (channel allowlists/pairing plus `commands.useAccessGroups`).
-It updates **session state only** and does not write config. To hard-disable exec, deny it via tool
-policy (`tools.deny: ["exec"]` or per-agent). Host approvals still apply unless you explicitly set
-`security=full` and `ask=off`.
+It updates **session state only** and does not write config. Authorized external channel senders may
+set these session defaults. Internal gateway/webchat clients need `operator.admin` to persist them.
+To hard-disable exec, deny it via tool policy (`tools.deny: ["exec"]` or per-agent). Host approvals
+still apply unless you explicitly set `security=full` and `ask=off`.
 
 ## Exec approvals (companion app / node host)
 
 
@@ -129,6 +129,8 @@ describe("phone-control plugin", () => {
   it("arms sms.send as part of the writes group", async () => {
     await withRegisteredPhoneControl(async ({ command, writeConfigFile, getConfig }) => {
       expect(command.name).toBe("phone");
+      expect(command.requiredScopes).toBeUndefined();
+      expect(command.exposeSenderIsOwner).toBe(true);
 
       const res = await command.handler({
         ...createCommandContext("arm writes 30s"),
@@ -163,30 +165,58 @@ describe("phone-control plugin", () => {
     });
   });
 
-  it("allows external channel callers without operator.admin to mutate phone control", async () => {
+  it("blocks external non-owner callers without operator.admin from mutating phone control", async () => {
     await withRegisteredPhoneControl(async ({ command, writeConfigFile }) => {
       const res = await command.handler({
         ...createCommandContext("arm writes 30s"),
         channel: "telegram",
+        senderIsOwner: false,
       });
 
-      expect(res?.text ?? "").toContain("Phone control: armed");
-      expect(writeConfigFile).toHaveBeenCalledTimes(1);
+      expect(res?.text ?? "").toContain("requires operator.admin");
+      expect(writeConfigFile).not.toHaveBeenCalled();
     });
   });
 
-  it("allows external channel callers without operator.admin to disarm phone control", async () => {
+  it("blocks external non-owner callers without operator.admin from disarming phone control", async () => {
     await withRegisteredPhoneControl(async ({ command, writeConfigFile }) => {
       const res = await command.handler({
         ...createCommandContext("disarm"),
         channel: "telegram",
+        senderIsOwner: false,
+      });
+
+      expect(res?.text ?? "").toContain("requires operator.admin");
+      expect(writeConfigFile).not.toHaveBeenCalled();
+    });
+  });
+
+  it("allows external non-owner callers without operator.admin to read phone control status", async () => {
+    await withRegisteredPhoneControl(async ({ command, writeConfigFile }) => {
+      const res = await command.handler({
+        ...createCommandContext("status"),
+        channel: "telegram",
+        senderIsOwner: false,
       });
 
       expect(res?.text ?? "").toContain("Phone control: disarmed.");
       expect(writeConfigFile).not.toHaveBeenCalled();
     });
   });
 
+  it("allows external non-owner callers without operator.admin to read phone control help", async () => {
+    await withRegisteredPhoneControl(async ({ command, writeConfigFile }) => {
+      const res = await command.handler({
+        ...createCommandContext("help"),
+        channel: "telegram",
+        senderIsOwner: false,
+      });
+
+      expect(res?.text ?? "").toContain("/phone status");
+      expect(writeConfigFile).not.toHaveBeenCalled();
+    });
+  });
+
   it("regression: blocks non-webchat gateway callers with operator.write from arm/disarm", async () => {
     await withRegisteredPhoneControl(async ({ command, writeConfigFile }) => {
       const armRes = await command.handler({
@@ -220,6 +250,19 @@ describe("phone-control plugin", () => {
     });
   });
 
+  it("allows external owner callers without gateway scopes to mutate phone control", async () => {
+    await withRegisteredPhoneControl(async ({ command, writeConfigFile }) => {
+      const res = await command.handler({
+        ...createCommandContext("arm writes 30s"),
+        channel: "telegram",
+        senderIsOwner: true,
+      });
+
+      expect(res?.text ?? "").toContain("Phone control: armed");
+      expect(writeConfigFile).toHaveBeenCalledTimes(1);
+    });
+  });
+
   it("allows external channel callers with operator.admin to disarm phone control", async () => {
     await withRegisteredPhoneControl(async ({ command, writeConfigFile }) => {
       await command.handler({
 
@@ -282,14 +282,15 @@ function parseGroup(raw: string | undefined): ArmGroup | null {
   return null;
 }
 
-function requiresAdminToMutatePhoneControl(
-  channel: string,
-  gatewayClientScopes?: readonly string[],
-): boolean {
+function lacksAdminToMutatePhoneControl(params: {
+  senderIsOwner?: boolean;
+  gatewayClientScopes?: readonly string[];
+}): boolean {
+  const { senderIsOwner, gatewayClientScopes } = params;
   if (Array.isArray(gatewayClientScopes)) {
     return !gatewayClientScopes.includes(PHONE_ADMIN_SCOPE);
   }
-  return channel === "webchat";
+  return senderIsOwner !== true;
 }
 
 function formatStatus(state: ArmStateFile | null): string {
@@ -363,6 +364,7 @@ export default definePluginEntry({
       name: "phone",
       description: "Arm/disarm high-risk phone node commands (camera/screen/writes).",
       acceptsArgs: true,
+      exposeSenderIsOwner: true,
       handler: async (ctx) => {
         const args = ctx.args?.trim() ?? "";
         const tokens = args.split(/\s+/).filter(Boolean);
@@ -382,7 +384,12 @@ export default definePluginEntry({
         }
 
         if (action === "disarm") {
-          if (requiresAdminToMutatePhoneControl(ctx.channel, ctx.gatewayClientScopes)) {
+          if (
+            lacksAdminToMutatePhoneControl({
+              senderIsOwner: ctx.senderIsOwner,
+              gatewayClientScopes: ctx.gatewayClientScopes,
+            })
+          ) {
             return {
               text: "⚠️ /phone disarm requires operator.admin.",
             };
@@ -404,7 +411,12 @@ export default definePluginEntry({
         }
 
         if (action === "arm") {
-          if (requiresAdminToMutatePhoneControl(ctx.channel, ctx.gatewayClientScopes)) {
+          if (
+            lacksAdminToMutatePhoneControl({
+              senderIsOwner: ctx.senderIsOwner,
+              gatewayClientScopes: ctx.gatewayClientScopes,
+            })
+          ) {
             return {
               text: "⚠️ /phone arm requires operator.admin.",
             };
 
@@ -521,21 +521,26 @@ function printQaCredentialListTable(credentials: QaCredentialRecord[]) {
   }
   const rows = credentials.map((credential) => ({
     credentialId: credential.credentialId,
+    fingerprint: credential.credentialFingerprint ?? "",
     kind: credential.kind,
     status: credential.status,
     leased: formatQaCredentialLeaseState(credential),
     note: credential.note ?? "",
   }));
   const idWidth = Math.max("credentialId".length, ...rows.map((row) => row.credentialId.length));
+  const fingerprintWidth = Math.max(
+    "fingerprint".length,
+    ...rows.map((row) => row.fingerprint.length),
+  );
   const kindWidth = Math.max("kind".length, ...rows.map((row) => row.kind.length));
   const statusWidth = Math.max("status".length, ...rows.map((row) => row.status.length));
   const leaseWidth = Math.max("leased".length, ...rows.map((row) => row.leased.length));
   process.stdout.write(
-    `${"credentialId".padEnd(idWidth)}  ${"kind".padEnd(kindWidth)}  ${"status".padEnd(statusWidth)}  ${"leased".padEnd(leaseWidth)}  note\n`,
+    `${"credentialId".padEnd(idWidth)}  ${"fingerprint".padEnd(fingerprintWidth)}  ${"kind".padEnd(kindWidth)}  ${"status".padEnd(statusWidth)}  ${"leased".padEnd(leaseWidth)}  note\n`,
   );
   for (const row of rows) {
     process.stdout.write(
-      `${row.credentialId.padEnd(idWidth)}  ${row.kind.padEnd(kindWidth)}  ${row.status.padEnd(statusWidth)}  ${row.leased.padEnd(leaseWidth)}  ${row.note}\n`,
+      `${row.credentialId.padEnd(idWidth)}  ${row.fingerprint.padEnd(fingerprintWidth)}  ${row.kind.padEnd(kindWidth)}  ${row.status.padEnd(statusWidth)}  ${row.leased.padEnd(leaseWidth)}  ${row.note}\n`,
     );
   }
 }
 
@@ -106,6 +106,27 @@ describe("Slack live QA runtime helpers", () => {
     expect(account?.channels?.C123456789?.users).toEqual(["U999999999"]);
   });
 
+  it("overrides both owner and channel allowlists for block scenarios", () => {
+    const cfg = testing.buildSlackQaConfig(
+      {},
+      {
+        channelId: "C123456789",
+        driverBotUserId: "U999999999",
+        overrides: {
+          allowFrom: ["U_NEVER_ALLOWED"],
+          users: ["U_NEVER_ALLOWED"],
+        },
+        sutAccountId: "sut",
+        sutAppToken: "xapp-sut",
+        sutBotToken: "xoxb-sut",
+      },
+    );
+
+    const account = cfg.channels?.slack?.accounts?.sut;
+    expect(account?.allowFrom).toEqual(["U_NEVER_ALLOWED"]);
+    expect(account?.channels?.C123456789?.users).toEqual(["U_NEVER_ALLOWED"]);
+  });
+
   it("extracts Slack native approval button values from blocks", () => {
     expect(
       testing.collectSlackActionValues([