openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/cli/agents.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/cli/agents.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/cli/sessions.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/cli/sessions.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/reference/session-management-compaction.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/reference/session-management-compaction.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/agents/agent-delete-safety.ts‎
Lines changed: 55 additions & 0 deletions b/‎src/agents/agent-delete-safety.ts‎
Lines changed: 55 additions & 0 deletions
diff --git a/‎src/commands/agents.command-shared.ts‎
Lines changed: 0 additions & 36 deletions b/‎src/commands/agents.command-shared.ts‎
Lines changed: 0 additions & 36 deletions
diff --git a/‎src/commands/agents.commands.delete.ts‎
Lines changed: 64 additions & 60 deletions b/‎src/commands/agents.commands.delete.ts‎
Lines changed: 64 additions & 60 deletions
diff --git a/‎src/commands/agents.delete.test.ts‎
Lines changed: 64 additions & 0 deletions b/‎src/commands/agents.delete.test.ts‎
Lines changed: 64 additions & 0 deletions
@@ -40,7 +40,7 @@ Docs: https://docs.openclaw.ai
 - Models CLI: restore `openclaw models list --provider <id>` catalog and registry fallback rows for unconfigured providers, so provider-specific verification commands no longer report "No models found." Fixes #75517; supersedes #75615. Thanks @lotsoftick and @koshaji.
 - Gateway/macOS: write LaunchAgent services with a canonical system PATH and stop preserving old plist PATH entries, so Volta, asdf, fnm, and pnpm shell paths no longer affect gateway child-process Node resolution. Fixes #75233; supersedes #75246. Thanks @nphyde2.
 - Slack/hooks: preserve bot alert attachment text in message-received hook content when command text is blank. Fixes #76035; refs #76036. Thanks @amsminn.
-- Sessions: route Gateway session-store writes and CLI cleanup maintenance through a dedicated in-process writer and borrow the validated mutable cache during the writer slot, avoiding runtime file locks plus repeated `sessions.json` rereads and JSON clones on hot metadata updates. Refs #68554. Thanks @henkterharmsel.
+- Sessions/agents: route Gateway session-store writes, CLI cleanup maintenance, and agent-delete session purges through a dedicated in-process writer and borrow the validated mutable cache during the writer slot, avoiding runtime file locks plus repeated `sessions.json` rereads and JSON clones on hot metadata updates. Refs #68554. Thanks @henkterharmsel.
 - Control UI/chat: show inline feedback when local slash-command dispatch is unavailable or fails unexpectedly instead of clearing the composer silently. Fixes #52105. Thanks @MooreQiao.
 - Memory/markdown: replace CRLF managed blocks in place and collapse duplicate marker blocks without rewriting unmanaged markdown, so Dreaming and Memory Wiki files self-heal from repeated generated sections. Fixes #75491; supersedes #75495, #75810, and #76008. Thanks @asaenokkostya-coder, @ottodeng, @everettjf, and @lrg913427-dot.
 - Agents/tools: return critical tool-loop circuit-breaker stops as blocked tool results instead of thrown tool failures, so models see the guardrail and stop retrying the same call. Thanks @rayraiser.
 
@@ -152,6 +152,7 @@ Notes:
 - `main` cannot be deleted.
 - Without `--force`, interactive confirmation is required.
 - Workspace, agent state, and session transcript directories are moved to Trash, not hard-deleted.
+- When the Gateway is reachable, deletion is sent through the Gateway so config and session-store cleanup share the same writer as runtime traffic. If the Gateway cannot be reached, the CLI falls back to the offline local path.
 - If another agent's workspace is the same path, inside this workspace, or contains this workspace,
   the workspace is retained and `--json` reports `workspaceRetained`,
   `workspaceRetainedReason`, and `workspaceSharedWith`.
 
@@ -98,7 +98,7 @@ openclaw sessions cleanup --json
 - `--store <path>`: run against a specific `sessions.json` file.
 - `--json`: print a JSON summary. With `--all-agents`, output includes one summary per store.
 
-When a Gateway is reachable, enforcing cleanup for configured agent stores is
+When a Gateway is reachable, non-dry-run cleanup for configured agent stores is
 sent through the Gateway so it shares the same session-store writer as runtime
 traffic. Use `--store <path>` for explicit offline repair of a store file.
 
 
@@ -85,7 +85,7 @@ Session persistence has automatic maintenance controls (`session.maintenance`) f
 - `maxDiskBytes`: optional sessions-directory budget
 - `highWaterBytes`: optional target after cleanup (default `80%` of `maxDiskBytes`)
 
-Normal Gateway writes flow through a per-store session writer that serializes in-process mutations without taking a runtime file lock. Hot-path patch helpers borrow the validated mutable cache while they hold that writer slot, so large `sessions.json` files are not cloned or reread for every metadata update. Runtime code should prefer `updateSessionStore(...)` or `updateSessionStoreEntry(...)`; direct whole-store saves are compatibility and offline-maintenance tools. When a Gateway is reachable, `openclaw sessions cleanup --enforce` delegates maintenance to the Gateway so cleanup joins the same writer queue; `--store <path>` is the explicit offline repair path for direct file maintenance. `maxEntries` cleanup is still batched for production-sized caps, so a store may briefly exceed the configured cap before the next high-water cleanup rewrites it back down. Session store reads do not prune or cap entries during Gateway startup; use writes or `openclaw sessions cleanup --enforce` for cleanup. `openclaw sessions cleanup --enforce` still applies the configured cap immediately.
+Normal Gateway writes flow through a per-store session writer that serializes in-process mutations without taking a runtime file lock. Hot-path patch helpers borrow the validated mutable cache while they hold that writer slot, so large `sessions.json` files are not cloned or reread for every metadata update. Runtime code should prefer `updateSessionStore(...)` or `updateSessionStoreEntry(...)`; direct whole-store saves are compatibility and offline-maintenance tools. When a Gateway is reachable, non-dry-run `openclaw sessions cleanup` and `openclaw agents delete` delegate store mutations to the Gateway so cleanup joins the same writer queue; `--store <path>` is the explicit offline repair path for direct file maintenance. `maxEntries` cleanup is still batched for production-sized caps, so a store may briefly exceed the configured cap before the next high-water cleanup rewrites it back down. Session store reads do not prune or cap entries during Gateway startup; use writes or `openclaw sessions cleanup --enforce` for cleanup. `openclaw sessions cleanup --enforce` still applies the configured cap immediately.
 
 Maintenance keeps durable external conversation pointers such as group sessions
 and thread-scoped chat sessions, but synthetic runtime entries for cron, hooks,
 
@@ -0,0 +1,55 @@
+import fs from "node:fs";
+import path from "node:path";
+import type { OpenClawConfig } from "../config/types.openclaw.js";
+import { normalizeAgentId } from "../routing/session-key.js";
+import { lowercasePreservingWhitespace } from "../shared/string-coerce.js";
+import { listAgentEntries, resolveAgentWorkspaceDir } from "./agent-scope.js";
+
+function normalizeWorkspacePathForComparison(input: string): string {
+  const resolved = path.resolve(input.replaceAll("\0", ""));
+  let normalized = resolved;
+  try {
+    normalized = fs.realpathSync.native(resolved);
+  } catch {
+    // Keep lexical path for non-existent directories.
+  }
+  if (process.platform === "win32") {
+    return lowercasePreservingWhitespace(normalized);
+  }
+  return normalized;
+}
+
+function isPathWithinRoot(candidatePath: string, rootPath: string): boolean {
+  const relative = path.relative(rootPath, candidatePath);
+  return relative === "" || (!relative.startsWith("..") && !path.isAbsolute(relative));
+}
+
+function workspacePathsOverlap(left: string, right: string): boolean {
+  const normalizedLeft = normalizeWorkspacePathForComparison(left);
+  const normalizedRight = normalizeWorkspacePathForComparison(right);
+  return (
+    isPathWithinRoot(normalizedLeft, normalizedRight) ||
+    isPathWithinRoot(normalizedRight, normalizedLeft)
+  );
+}
+
+export function findOverlappingWorkspaceAgentIds(
+  cfg: OpenClawConfig,
+  agentId: string,
+  workspaceDir: string,
+): string[] {
+  const entries = listAgentEntries(cfg);
+  const normalizedAgentId = normalizeAgentId(agentId);
+  const overlappingAgentIds: string[] = [];
+  for (const entry of entries) {
+    const otherAgentId = normalizeAgentId(entry.id);
+    if (otherAgentId === normalizedAgentId) {
+      continue;
+    }
+    const otherWorkspace = resolveAgentWorkspaceDir(cfg, otherAgentId);
+    if (workspacePathsOverlap(workspaceDir, otherWorkspace)) {
+      overlappingAgentIds.push(otherAgentId);
+    }
+  }
+  return overlappingAgentIds;
+}
@@ -1,9 +1,4 @@
-import { resolveDefaultAgentId } from "../agents/agent-scope.js";
-import { resolveStorePath, updateSessionStore } from "../config/sessions.js";
 import type { OpenClawConfig } from "../config/types.openclaw.js";
-import { resolveStoredSessionOwnerAgentId } from "../gateway/session-store-key.js";
-import { getLogger } from "../logging/logger.js";
-import { normalizeAgentId } from "../routing/session-key.js";
 import type { RuntimeEnv } from "../runtime.js";
 import {
   requireValidConfigFileSnapshot as requireValidConfigFileSnapshotBase,
@@ -21,34 +16,3 @@ export async function requireValidConfigFileSnapshot(runtime: RuntimeEnv) {
 export async function requireValidConfig(runtime: RuntimeEnv): Promise<OpenClawConfig | null> {
   return await requireValidConfigSnapshot(runtime);
 }
-
-/** Purge session store entries for a deleted agent (#65524). Best-effort. */
-export async function purgeAgentSessionStoreEntries(
-  cfg: OpenClawConfig,
-  agentId: string,
-): Promise<void> {
-  try {
-    const normalizedAgentId = normalizeAgentId(agentId);
-    const storeConfig = cfg.session?.store;
-    const storeAgentId =
-      typeof storeConfig === "string" && storeConfig.includes("{agentId}")
-        ? normalizedAgentId
-        : normalizeAgentId(resolveDefaultAgentId(cfg));
-    const storePath = resolveStorePath(cfg.session?.store, { agentId: normalizedAgentId });
-    await updateSessionStore(storePath, (store) => {
-      for (const key of Object.keys(store)) {
-        if (
-          resolveStoredSessionOwnerAgentId({
-            cfg,
-            agentId: storeAgentId,
-            sessionKey: key,
-          }) === normalizedAgentId
-        ) {
-          delete store[key];
-        }
-      }
-    });
-  } catch (err) {
-    getLogger().debug("session store purge skipped during agent delete", err);
-  }
-}
@@ -1,78 +1,56 @@
-import fs from "node:fs";
-import path from "node:path";
+import { findOverlappingWorkspaceAgentIds } from "../agents/agent-delete-safety.js";
 import { resolveAgentDir, resolveAgentWorkspaceDir } from "../agents/agent-scope.js";
 import { replaceConfigFile } from "../config/config.js";
 import { logConfigUpdated } from "../config/logging.js";
-import { resolveSessionTranscriptsDirForAgent } from "../config/sessions.js";
-import type { OpenClawConfig } from "../config/types.openclaw.js";
+import {
+  purgeAgentSessionStoreEntries,
+  resolveSessionTranscriptsDirForAgent,
+} from "../config/sessions.js";
+import { callGateway, isGatewayTransportError } from "../gateway/call.js";
 import { DEFAULT_AGENT_ID, normalizeAgentId } from "../routing/session-key.js";
 import { type RuntimeEnv, writeRuntimeJson } from "../runtime.js";
 import { defaultRuntime } from "../runtime.js";
-import { lowercasePreservingWhitespace } from "../shared/string-coerce.js";
+import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js";
 import { createClackPrompter } from "../wizard/clack-prompter.js";
-import {
-  createQuietRuntime,
-  purgeAgentSessionStoreEntries,
-  requireValidConfigFileSnapshot,
-} from "./agents.command-shared.js";
+import { createQuietRuntime, requireValidConfigFileSnapshot } from "./agents.command-shared.js";
 import { findAgentEntryIndex, listAgentEntries, pruneAgentConfig } from "./agents.config.js";
 import { moveToTrash } from "./onboard-helpers.js";
 
-function normalizeWorkspacePathForComparison(input: string): string {
-  const resolved = path.resolve(input.replaceAll("\0", ""));
-  let normalized = resolved;
-  try {
-    normalized = fs.realpathSync.native(resolved);
-  } catch {
-    // Keep lexical path for non-existent directories.
-  }
-  if (process.platform === "win32") {
-    return lowercasePreservingWhitespace(normalized);
-  }
-  return normalized;
-}
-
-function isPathWithinRoot(candidatePath: string, rootPath: string): boolean {
-  const relative = path.relative(rootPath, candidatePath);
-  return relative === "" || (!relative.startsWith("..") && !path.isAbsolute(relative));
-}
-
-function workspacePathsOverlap(left: string, right: string): boolean {
-  const normalizedLeft = normalizeWorkspacePathForComparison(left);
-  const normalizedRight = normalizeWorkspacePathForComparison(right);
-  return (
-    isPathWithinRoot(normalizedLeft, normalizedRight) ||
-    isPathWithinRoot(normalizedRight, normalizedLeft)
-  );
-}
-
-function findOverlappingWorkspaceAgentIds(
-  cfg: OpenClawConfig,
-  agentId: string,
-  workspaceDir: string,
-): string[] {
-  const entries = listAgentEntries(cfg);
-  const normalizedAgentId = normalizeAgentId(agentId);
-  const overlappingAgentIds: string[] = [];
-  for (const entry of entries) {
-    const otherAgentId = normalizeAgentId(entry.id);
-    if (otherAgentId === normalizedAgentId) {
-      continue;
-    }
-    const otherWorkspace = resolveAgentWorkspaceDir(cfg, otherAgentId);
-    if (workspacePathsOverlap(workspaceDir, otherWorkspace)) {
-      overlappingAgentIds.push(otherAgentId);
-    }
-  }
-  return overlappingAgentIds;
-}
-
 type AgentsDeleteOptions = {
   id: string;
   force?: boolean;
   json?: boolean;
 };
 
+type AgentsDeleteGatewayResult = {
+  ok: true;
+  agentId: string;
+  removedBindings: number;
+};
+
+async function maybeDeleteAgentThroughGateway(params: {
+  agentId: string;
+  deleteFiles: boolean;
+}): Promise<AgentsDeleteGatewayResult | null> {
+  try {
+    return await callGateway<AgentsDeleteGatewayResult>({
+      method: "agents.delete",
+      params: {
+        agentId: params.agentId,
+        deleteFiles: params.deleteFiles,
+      },
+      mode: GATEWAY_CLIENT_MODES.CLI,
+      clientName: GATEWAY_CLIENT_NAMES.CLI,
+      requiredMethods: ["agents.delete"],
+    });
+  } catch (error) {
+    if (isGatewayTransportError(error)) {
+      return null;
+    }
+    throw error;
+  }
+}
+
 export async function agentsDeleteCommand(
   opts: AgentsDeleteOptions,
   runtime: RuntimeEnv = defaultRuntime,
@@ -127,8 +105,34 @@ export async function agentsDeleteCommand(
   const workspaceDir = resolveAgentWorkspaceDir(cfg, agentId);
   const agentDir = resolveAgentDir(cfg, agentId);
   const sessionsDir = resolveSessionTranscriptsDirForAgent(agentId);
-
   const result = pruneAgentConfig(cfg, agentId);
+
+  const gatewayResult = await maybeDeleteAgentThroughGateway({
+    agentId,
+    deleteFiles: true,
+  });
+  if (gatewayResult) {
+    const workspaceSharedWith = findOverlappingWorkspaceAgentIds(cfg, agentId, workspaceDir);
+    const workspaceRetained = workspaceSharedWith.length > 0;
+    if (opts.json) {
+      writeRuntimeJson(runtime, {
+        agentId,
+        workspace: workspaceDir,
+        workspaceRetained: workspaceRetained || undefined,
+        workspaceRetainedReason: workspaceRetained ? "shared" : undefined,
+        workspaceSharedWith: workspaceRetained ? workspaceSharedWith : undefined,
+        agentDir,
+        sessionsDir,
+        removedBindings: gatewayResult.removedBindings,
+        removedAllow: result.removedAllow,
+        transport: "gateway",
+      });
+    } else {
+      runtime.log(`Deleted agent: ${agentId}`);
+    }
+    return;
+  }
+
   await replaceConfigFile({
     nextConfig: result.config,
     ...(baseHash !== undefined ? { baseHash } : {}),
 
@@ -15,12 +15,22 @@ const processMocks = vi.hoisted(() => ({
   runCommandWithTimeout: vi.fn(async () => ({ stdout: "", stderr: "", code: 0 })),
 }));
 
+const gatewayMocks = vi.hoisted(() => ({
+  callGateway: vi.fn(),
+  isGatewayTransportError: vi.fn(),
+}));
+
 vi.mock("../config/config.js", async () => ({
   ...(await vi.importActual<typeof import("../config/config.js")>("../config/config.js")),
   readConfigFileSnapshot: configMocks.readConfigFileSnapshot,
   replaceConfigFile: configMocks.replaceConfigFile,
 }));
 
+vi.mock("../gateway/call.js", () => ({
+  callGateway: gatewayMocks.callGateway,
+  isGatewayTransportError: gatewayMocks.isGatewayTransportError,
+}));
+
 vi.mock("../process/exec.js", () => ({
   runCommandWithTimeout: processMocks.runCommandWithTimeout,
 }));
@@ -75,11 +85,65 @@ describe("agents delete command", () => {
     configMocks.readConfigFileSnapshot.mockReset();
     configMocks.replaceConfigFile.mockReset();
     processMocks.runCommandWithTimeout.mockClear();
+    gatewayMocks.callGateway.mockReset();
+    gatewayMocks.callGateway.mockRejectedValue(
+      Object.assign(new Error("closed"), { name: "GatewayTransportError" }),
+    );
+    gatewayMocks.isGatewayTransportError.mockReset();
+    gatewayMocks.isGatewayTransportError.mockImplementation(
+      (error: unknown) => error instanceof Error && error.name === "GatewayTransportError",
+    );
     runtime.log.mockClear();
     runtime.error.mockClear();
     runtime.exit.mockClear();
   });
 
+  it("routes deletion through the Gateway when reachable", async () => {
+    await withStateDirEnv("openclaw-agents-delete-gateway-", async ({ stateDir }) => {
+      const now = Date.now();
+      const cfg: OpenClawConfig = {
+        agents: {
+          list: [
+            { id: "main", workspace: path.join(stateDir, "workspace-main") },
+            { id: "ops", workspace: path.join(stateDir, "workspace-ops") },
+          ],
+        },
+      } satisfies OpenClawConfig;
+      const sessions = {
+        "agent:ops:main": { sessionId: "sess-ops-main", updatedAt: now + 1 },
+        "agent:main:main": { sessionId: "sess-main", updatedAt: now + 2 },
+      };
+      const storePath = await arrangeAgentsDeleteTest({
+        stateDir,
+        cfg,
+        deletedAgentId: "ops",
+        sessions,
+      });
+      gatewayMocks.callGateway.mockResolvedValue({
+        ok: true,
+        agentId: "ops",
+        removedBindings: 0,
+      });
+
+      await agentsDeleteCommand({ id: "ops", force: true, json: true }, runtime);
+
+      expect(gatewayMocks.callGateway).toHaveBeenCalledWith(
+        expect.objectContaining({
+          method: "agents.delete",
+          params: { agentId: "ops", deleteFiles: true },
+          requiredMethods: ["agents.delete"],
+        }),
+      );
+      expect(configMocks.replaceConfigFile).not.toHaveBeenCalled();
+      expectSessionStore(storePath, sessions);
+      expect(readJsonLogs()[0]).toMatchObject({
+        agentId: "ops",
+        removedBindings: 0,
+        transport: "gateway",
+      });
+    });
+  });
+
   it("purges deleted agent entries from the session store", async () => {
     await withStateDirEnv("openclaw-agents-delete-", async ({ stateDir }) => {
       const now = Date.now();