openclaw
diff --git a/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎extensions/matrix/src/actions.account-propagation.test.ts‎
Lines changed: 41 additions & 0 deletions b/‎extensions/matrix/src/actions.account-propagation.test.ts‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎extensions/matrix/src/actions.test.ts‎
Lines changed: 26 additions & 0 deletions b/‎extensions/matrix/src/actions.test.ts‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎extensions/matrix/src/actions.ts‎
Lines changed: 9 additions & 4 deletions b/‎extensions/matrix/src/actions.ts‎
Lines changed: 9 additions & 4 deletions
diff --git a/‎extensions/matrix/src/runtime-api.ts‎
Lines changed: 1 addition & 0 deletions b/‎extensions/matrix/src/runtime-api.ts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/agents/channel-tools.ts‎
Lines changed: 2 additions & 0 deletions b/‎src/agents/channel-tools.ts‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/agents/cli-runner.spawn.test.ts‎
Lines changed: 68 additions & 0 deletions b/‎src/agents/cli-runner.spawn.test.ts‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎src/agents/cli-runner.ts‎
Lines changed: 10 additions & 20 deletions b/‎src/agents/cli-runner.ts‎
Lines changed: 10 additions & 20 deletions
diff --git a/‎src/agents/cli-runner/bundle-mcp.test.ts‎
Lines changed: 5 additions & 2 deletions b/‎src/agents/cli-runner/bundle-mcp.test.ts‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎src/agents/cli-runner/prepare.ts‎
Lines changed: 1 addition & 0 deletions b/‎src/agents/cli-runner/prepare.ts‎
Lines changed: 1 addition & 0 deletions
@@ -288,6 +288,9 @@ Docs: https://docs.openclaw.ai
 - CLI/tasks: `openclaw tasks cancel` now records operator cancellation for CLI runtime tasks instead of returning "Task runtime does not support cancellation yet", so stuck `running` CLI tasks can be cleared. (#62419) Thanks @neeravmakwana.
 - Sessions/context: resolve context window limits using the active provider plus model (not bare model id alone) when persisting session usage, applying inline directives, and sizing memory-flush / preflight compaction thresholds, so duplicate model ids across providers no longer leak the wrong `contextTokens` into the session store or `/status`. (#62472) Thanks @neeravmakwana.
 - Channels/setup: exclude workspace shadow entries from channel setup catalog lookups and align trust checks with auto-enable so workspace-scoped overrides no longer bypass the trusted catalog. (`GHSA-82qx-6vj7-p8m2`) Thanks @zsxsoft.
+- Reply execution: prefer the active runtime snapshot over stale queued reply config during embedded reply and follow-up execution so SecretRef-backed reply turns stop crashing after secrets have already resolved. (#62693) Thanks @mbelinky.
+- Android/manual connect: allow blank port input only for TLS manual gateway endpoints so standard HTTPS Tailscale hosts default to `443` without silently changing cleartext manual connects. (#63134) Thanks @Tyler-RNG.
+- Matrix/agents: hide owner-only `set-profile` from embedded agent channel-action discovery so non-owner runs stop advertising profile updates they cannot execute. (#62662) Thanks @eleqtrizit.
 
 ## 2026.4.5
 
 
@@ -91,6 +91,7 @@ describe("matrixMessageActions account propagation", () => {
     await matrixMessageActions.handleAction?.(
       createContext({
         action: profileAction,
+        senderIsOwner: true,
         accountId: "ops",
         params: {
           displayName: "Ops Bot",
@@ -111,10 +112,50 @@ describe("matrixMessageActions account propagation", () => {
     );
   });
 
+  it("rejects self-profile updates for non-owner callers", async () => {
+    await expect(
+      matrixMessageActions.handleAction?.(
+        createContext({
+          action: profileAction,
+          senderIsOwner: false,
+          accountId: "ops",
+          params: {
+            displayName: "Ops Bot",
+          },
+        }),
+      ),
+    ).rejects.toMatchObject({
+      name: "ToolAuthorizationError",
+      message: "Matrix profile updates require owner access.",
+    });
+
+    expect(mocks.handleMatrixAction).not.toHaveBeenCalled();
+  });
+
+  it("rejects self-profile updates when owner status is unknown", async () => {
+    await expect(
+      matrixMessageActions.handleAction?.(
+        createContext({
+          action: profileAction,
+          accountId: "ops",
+          params: {
+            displayName: "Ops Bot",
+          },
+        }),
+      ),
+    ).rejects.toMatchObject({
+      name: "ToolAuthorizationError",
+      message: "Matrix profile updates require owner access.",
+    });
+
+    expect(mocks.handleMatrixAction).not.toHaveBeenCalled();
+  });
+
   it("forwards local avatar paths for self-profile updates", async () => {
     await matrixMessageActions.handleAction?.(
       createContext({
         action: profileAction,
+        senderIsOwner: true,
         accountId: "ops",
         params: {
           path: "/tmp/avatar.jpg",
 
@@ -78,6 +78,7 @@ describe("matrixMessageActions", () => {
 
     const discovery = describeMessageTool({
       cfg: createConfiguredMatrixConfig(),
+      senderIsOwner: true,
     } as never);
     if (!discovery) {
       throw new Error("describeMessageTool returned null");
@@ -96,6 +97,31 @@ describe("matrixMessageActions", () => {
     expect(properties.avatarPath).toBeDefined();
   });
 
+  it("hides self-profile updates for non-owner discovery", () => {
+    const discovery = matrixMessageActions.describeMessageTool({
+      cfg: createConfiguredMatrixConfig(),
+      senderIsOwner: false,
+    } as never);
+    if (!discovery) {
+      throw new Error("describeMessageTool returned null");
+    }
+
+    expect(discovery.actions).not.toContain(profileAction);
+    expect(discovery.schema).toBeNull();
+  });
+
+  it("hides self-profile updates when owner status is unknown", () => {
+    const discovery = matrixMessageActions.describeMessageTool({
+      cfg: createConfiguredMatrixConfig(),
+    } as never);
+    if (!discovery) {
+      throw new Error("describeMessageTool returned null");
+    }
+
+    expect(discovery.actions).not.toContain(profileAction);
+    expect(discovery.schema).toBeNull();
+  });
+
   it("hides gated actions when the default Matrix account disables them", () => {
     const discovery = matrixMessageActions.describeMessageTool({
       cfg: {
 
@@ -7,11 +7,11 @@ import {
   createActionGate,
   readNumberParam,
   readStringParam,
+  ToolAuthorizationError,
   type ChannelMessageActionAdapter,
   type ChannelMessageActionContext,
   type ChannelMessageActionName,
   type ChannelMessageToolDiscovery,
-  type ChannelToolSend,
 } from "./runtime-api.js";
 import type { CoreConfig } from "./types.js";
 
@@ -35,6 +35,7 @@ const MATRIX_PLUGIN_HANDLED_ACTIONS = new Set<ChannelMessageActionName>([
 function createMatrixExposedActions(params: {
   gate: ReturnType<typeof createActionGate>;
   encryptionEnabled: boolean;
+  senderIsOwner?: boolean;
 }) {
   const actions = new Set<ChannelMessageActionName>(["poll", "poll-vote"]);
   if (params.gate("messages")) {
@@ -52,7 +53,7 @@ function createMatrixExposedActions(params: {
     actions.add("unpin");
     actions.add("list-pins");
   }
-  if (params.gate("profile")) {
+  if (params.gate("profile") && params.senderIsOwner === true) {
     actions.add("set-profile");
   }
   if (params.gate("memberInfo")) {
@@ -109,7 +110,7 @@ function buildMatrixProfileToolSchema(): NonNullable<ChannelMessageToolDiscovery
 }
 
 export const matrixMessageActions: ChannelMessageActionAdapter = {
-  describeMessageTool: ({ cfg, accountId }) => {
+  describeMessageTool: ({ cfg, accountId, senderIsOwner }) => {
     const resolvedCfg = cfg as CoreConfig;
     if (!accountId && requiresExplicitMatrixDefaultAccount(resolvedCfg)) {
       return { actions: [], capabilities: [] };
@@ -125,6 +126,7 @@ export const matrixMessageActions: ChannelMessageActionAdapter = {
     const actions = createMatrixExposedActions({
       gate,
       encryptionEnabled: account.config.encryption === true,
+      senderIsOwner,
     });
     const listedActions = Array.from(actions);
     return {
@@ -134,7 +136,7 @@ export const matrixMessageActions: ChannelMessageActionAdapter = {
     };
   },
   supportsAction: ({ action }) => MATRIX_PLUGIN_HANDLED_ACTIONS.has(action),
-  extractToolSend: ({ args }): ChannelToolSend | null => {
+  extractToolSend: ({ args }) => {
     return extractToolSend(args, "sendMessage");
   },
   handleAction: async (ctx: ChannelMessageActionContext) => {
@@ -259,6 +261,9 @@ export const matrixMessageActions: ChannelMessageActionAdapter = {
     }
 
     if (action === "set-profile") {
+      if (ctx.senderIsOwner !== true) {
+        throw new ToolAuthorizationError("Matrix profile updates require owner access.");
+      }
       const avatarPath =
         readStringParam(params, "avatarPath") ??
         readStringParam(params, "path") ??
 
@@ -10,6 +10,7 @@ export {
   readReactionParams,
   readStringArrayParam,
   readStringParam,
+  ToolAuthorizationError,
 } from "openclaw/plugin-sdk/channel-actions";
 export { buildChannelConfigSchema } from "openclaw/plugin-sdk/channel-config-primitives";
 export type { ChannelPlugin } from "openclaw/plugin-sdk/channel-core";
 
@@ -41,6 +41,7 @@ export function listChannelSupportedActions(params: {
   sessionId?: string | null;
   agentId?: string | null;
   requesterSenderId?: string | null;
+  senderIsOwner?: boolean;
 }): ChannelMessageActionName[] {
   const channelId = resolveMessageActionDiscoveryChannelId(params.channel);
   if (!channelId) {
@@ -71,6 +72,7 @@ export function listAllChannelSupportedActions(params: {
   sessionId?: string | null;
   agentId?: string | null;
   requesterSenderId?: string | null;
+  senderIsOwner?: boolean;
 }): ChannelMessageActionName[] {
   const actions = new Set<ChannelMessageActionName>();
   for (const plugin of listChannelPlugins()) {
 
@@ -2,15 +2,21 @@ import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
 import { beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  clearActiveMcpLoopbackRuntime,
+  setActiveMcpLoopbackRuntime,
+} from "../gateway/mcp-http.loopback-runtime.js";
 import { onAgentEvent, resetAgentEventsForTest } from "../infra/agent-events.js";
 import {
   makeBootstrapWarn as realMakeBootstrapWarn,
   resolveBootstrapContextForRun as realResolveBootstrapContextForRun,
 } from "./bootstrap-files.js";
+import { runClaudeCliAgent } from "./cli-runner.js";
 import {
   createManagedRun,
   mockSuccessfulCliRun,
   restoreCliRunnerPrepareTestDeps,
+  setupCliRunnerTestRegistry,
   supervisorSpawnMock,
 } from "./cli-runner.test-support.js";
 import { buildCliEnvAuthLog, executePreparedCliRun } from "./cli-runner/execute.js";
@@ -97,6 +103,19 @@ function buildPreparedCliRunContext(params: {
   };
 }
 
+function createClaudeSuccessRun(sessionId: string) {
+  return createManagedRun({
+    reason: "exit",
+    exitCode: 0,
+    exitSignal: null,
+    durationMs: 50,
+    stdout: JSON.stringify({ message: "ok", session_id: sessionId }),
+    stderr: "",
+    timedOut: false,
+    noOutputTimedOut: false,
+  });
+}
+
 describe("runCliAgent spawn path", () => {
   it("does not inject hardcoded 'Tools are disabled' text into CLI arguments", async () => {
     supervisorSpawnMock.mockResolvedValueOnce(
@@ -367,6 +386,55 @@ describe("runCliAgent spawn path", () => {
     }
   });
 
+  it("ignores legacy claudeSessionId on the compat wrapper", async () => {
+    setupCliRunnerTestRegistry();
+    supervisorSpawnMock.mockResolvedValueOnce(createClaudeSuccessRun("sid-wrapper"));
+
+    await runClaudeCliAgent({
+      sessionId: "openclaw-session",
+      sessionFile: "/tmp/session.jsonl",
+      workspaceDir: "/tmp",
+      prompt: "hi",
+      model: "opus",
+      timeoutMs: 1_000,
+      runId: "run-claude-legacy-wrapper",
+      claudeSessionId: "c9d7b831-1c31-4d22-80b9-1e50ca207d4b",
+    });
+
+    const input = supervisorSpawnMock.mock.calls[0]?.[0] as { argv?: string[]; input?: string };
+    expect(input.argv).not.toContain("--resume");
+    expect(input.argv).not.toContain("c9d7b831-1c31-4d22-80b9-1e50ca207d4b");
+    expect(input.argv).toContain("--session-id");
+    expect(input.input).toContain("hi");
+  });
+
+  it("forwards senderIsOwner through the compat wrapper into bundle MCP env", async () => {
+    setupCliRunnerTestRegistry();
+    setActiveMcpLoopbackRuntime({ port: 23119, token: "loopback-token-123" });
+    try {
+      supervisorSpawnMock.mockResolvedValueOnce(createClaudeSuccessRun("sid-owner"));
+
+      await runClaudeCliAgent({
+        sessionId: "openclaw-session",
+        sessionKey: "agent:main:matrix:room:123",
+        sessionFile: "/tmp/session.jsonl",
+        workspaceDir: "/tmp",
+        prompt: "hi",
+        model: "opus",
+        timeoutMs: 1_000,
+        runId: "run-claude-owner-wrapper",
+        senderIsOwner: false,
+      });
+
+      const input = supervisorSpawnMock.mock.calls[0]?.[0] as {
+        env?: Record<string, string | undefined>;
+      };
+      expect(input.env?.OPENCLAW_MCP_SENDER_IS_OWNER).toBe("false");
+    } finally {
+      clearActiveMcpLoopbackRuntime("loopback-token-123");
+    }
+  });
+
   it("runs CLI through supervisor and returns payload", async () => {
     supervisorSpawnMock.mockResolvedValueOnce(
       createManagedRun({
 
@@ -1,6 +1,3 @@
-import type { ImageContent } from "@mariozechner/pi-ai";
-import type { ThinkLevel } from "../auto-reply/thinking.js";
-import type { OpenClawConfig } from "../config/config.js";
 import { formatErrorMessage } from "../infra/errors.js";
 import { executePreparedCliRun } from "./cli-runner/execute.js";
 import { prepareCliRunContext } from "./cli-runner/prepare.js";
@@ -95,24 +92,14 @@ export async function runPreparedCliAgent(
   }
 }
 
-export async function runClaudeCliAgent(params: {
-  sessionId: string;
-  sessionKey?: string;
-  agentId?: string;
-  sessionFile: string;
-  workspaceDir: string;
-  config?: OpenClawConfig;
-  prompt: string;
+export type RunClaudeCliAgentParams = Omit<RunCliAgentParams, "provider" | "cliSessionId"> & {
   provider?: string;
-  model?: string;
-  thinkLevel?: ThinkLevel;
-  timeoutMs: number;
-  runId: string;
-  extraSystemPrompt?: string;
-  ownerNumbers?: string[];
   claudeSessionId?: string;
-  images?: ImageContent[];
-}): Promise<EmbeddedPiRunResult> {
+};
+
+export async function runClaudeCliAgent(
+  params: RunClaudeCliAgentParams,
+): Promise<EmbeddedPiRunResult> {
   return runCliAgent({
     sessionId: params.sessionId,
     sessionKey: params.sessionKey,
@@ -128,7 +115,10 @@ export async function runClaudeCliAgent(params: {
     runId: params.runId,
     extraSystemPrompt: params.extraSystemPrompt,
     ownerNumbers: params.ownerNumbers,
-    cliSessionId: params.claudeSessionId,
+    // Legacy `claudeSessionId` callers predate the shared CLI session contract.
+    // Ignore it here so the compatibility wrapper does not accidentally resume
+    // an incompatible Claude session on the generic runner path.
     images: params.images,
+    senderIsOwner: params.senderIsOwner,
   });
 }
@@ -213,12 +213,14 @@ describe("prepareCliBundleMcpConfig", () => {
       env: {
         OPENCLAW_MCP_TOKEN: "loopback-token-123",
         OPENCLAW_MCP_SESSION_KEY: "agent:main:telegram:group:chat123",
+        OPENCLAW_MCP_SENDER_IS_OWNER: "false",
       },
     });
 
     expect(prepared.env).toEqual({
       OPENCLAW_MCP_TOKEN: "loopback-token-123",
       OPENCLAW_MCP_SESSION_KEY: "agent:main:telegram:group:chat123",
+      OPENCLAW_MCP_SENDER_IS_OWNER: "false",
     });
 
     await prepared.cleanup?.();
@@ -256,6 +258,7 @@ describe("prepareCliBundleMcpConfig", () => {
             headers: {
               Authorization: "Bearer ${OPENCLAW_MCP_TOKEN}",
               "x-session-key": "${OPENCLAW_MCP_SESSION_KEY}",
+              "x-openclaw-sender-is-owner": "${OPENCLAW_MCP_SENDER_IS_OWNER}",
             },
           },
         },
@@ -266,14 +269,14 @@ describe("prepareCliBundleMcpConfig", () => {
       "exec",
       "--json",
       "-c",
-      'mcp_servers={ openclaw = { url = "http://127.0.0.1:23119/mcp", bearer_token_env_var = "OPENCLAW_MCP_TOKEN", env_http_headers = { x-session-key = "OPENCLAW_MCP_SESSION_KEY" } } }',
+      'mcp_servers={ openclaw = { url = "http://127.0.0.1:23119/mcp", bearer_token_env_var = "OPENCLAW_MCP_TOKEN", env_http_headers = { x-session-key = "OPENCLAW_MCP_SESSION_KEY", x-openclaw-sender-is-owner = "OPENCLAW_MCP_SENDER_IS_OWNER" } } }',
     ]);
     expect(prepared.backend.resumeArgs).toEqual([
       "exec",
       "resume",
       "{sessionId}",
       "-c",
-      'mcp_servers={ openclaw = { url = "http://127.0.0.1:23119/mcp", bearer_token_env_var = "OPENCLAW_MCP_TOKEN", env_http_headers = { x-session-key = "OPENCLAW_MCP_SESSION_KEY" } } }',
+      'mcp_servers={ openclaw = { url = "http://127.0.0.1:23119/mcp", bearer_token_env_var = "OPENCLAW_MCP_TOKEN", env_http_headers = { x-session-key = "OPENCLAW_MCP_SESSION_KEY", x-openclaw-sender-is-owner = "OPENCLAW_MCP_SENDER_IS_OWNER" } } }',
     ]);
     expect(prepared.cleanup).toBeUndefined();
   });
 
@@ -132,6 +132,7 @@ export async function prepareCliRunContext(
           OPENCLAW_MCP_ACCOUNT_ID: params.agentAccountId ?? "",
           OPENCLAW_MCP_SESSION_KEY: params.sessionKey ?? "",
           OPENCLAW_MCP_MESSAGE_CHANNEL: params.messageProvider ?? "",
+          OPENCLAW_MCP_SENDER_IS_OWNER: params.senderIsOwner === true ? "true" : "false",
         }
       : undefined,
     warn: (message) => cliBackendLog.warn(message),
Original file line number	Diff line number	Diff line change
`@@ -132,6 +132,7 @@ export async function prepareCliRunContext(`
`132`	`132`	`OPENCLAW_MCP_ACCOUNT_ID: params.agentAccountId ?? "",`
`133`	`133`	`OPENCLAW_MCP_SESSION_KEY: params.sessionKey ?? "",`
`134`	`134`	`OPENCLAW_MCP_MESSAGE_CHANNEL: params.messageProvider ?? "",`
	`135`	`+ OPENCLAW_MCP_SENDER_IS_OWNER: params.senderIsOwner === true ? "true" : "false",`
`135`	`136`	`}`
`136`	`137`	`: undefined,`
`137`	`138`	`warn: (message) => cliBackendLog.warn(message),`