[RFC] Plugin session extensions and patch actions

[100yenadmin]

Summary

Add a namespaced plugin session extension API so plugins can persist typed per-session state, expose an explicit public projection to gateway/UI clients, and mutate that state through gateway-authorized patch actions.

This is proposed SDK surface, not currently implemented API.

Why this matters

Plan Mode is the forcing case: PR #71676 adds root SessionEntry fields and hardcoded sessions.patch behavior. A first-class plugin needs the same durability, validation, projection, broadcast, and lifecycle behavior without Plan Mode-specific core fields.

The same host seam is reusable for any plugin that owns per-session workflow state: review gates, release/deploy workflows, memory/context managers, incident/ticket bots, cost governors, channel bindings, telemetry exporters, and workspace policy plugins.

Current SDK surface

OpenClaw currently has fixed core session state, fixed sessions.patch, hardcoded gateway session rows, an internal post-write session:patch hook, and plugin gateway RPCs with declared scopes.

Those surfaces are useful but insufficient: a plugin can expose a separate RPC, but it cannot register typed session state that participates in native session patch, projection, broadcast, reset, delete, compaction, and disabled-plugin semantics.

Proposed solution

Add a generic registration surface such as:

api.registerSessionExtension({
  key,
  schema,
  publicProjection,
  patchActions,
  lifecycle,
});

Patch routing can be either a dedicated sessions.pluginPatch method or an additive sessions.patch.plugin envelope. Maintainers should choose one shape before implementation.

Reusable plugin examples

• Plan Mode stores mode, approval status, question state, pending injection ids, blocking subagent ids, and nudge job ids.
• Review gates store PR id, unresolved findings, reviewer decisions, and merge gate state.
• Release plugins store environment, rollout phase, freeze window, and rollback id.
• Memory plugins store pins, recall cursors, compaction policy, and source visibility.
• Budget governors store spend counters, thresholds, override decisions, and expiry.
• Channel plugins store thread bindings, delivery preferences, and auth handoff state.
• Incident bots store severity, owner, ticket sync cursor, and SLA deadline.

Decisions needed

• sessions.pluginPatch method vs sessions.patch.plugin envelope.
• Public projection shape for session list/detail rows.
• Patch action schema and handler typing.
• Lifecycle hooks for reset, delete, compaction, migration, and plugin disablement.
• Stable error codes for unknown plugin, unknown action, invalid payload, disabled plugin, and handler failure.
• Gateway scope declaration and host enforcement model for patch actions.

Acceptance criteria

• A fixture plugin can persist extension state.
• Invalid payload fails closed without writing state.
• Public projection appears in session rows/details.
• Private extension fields do not leak.
• Reset/delete/compaction lifecycle clears extension state.
• Disabled plugin extension cannot be patched or projected.
• Gateway scopes are enforced by the host before the plugin handler runs.

References

• RFC PR: [plugin sdk] docs: plugin host hook RFC #71731
• Source behavior/parity oracle: Plan Mode rebased onto upstream/main + executing-state subsystem #71676
• Full RFC packet: docs/plan/plan-mode-plugin-host-hooks-rfc.md

Current replacement stack (2026-04-30)

#72082 was the earlier implementation vehicle. Current review should use the merged foundation #72287 plus #73384 and draft #74483. For this session-extension slice, #72287 carries the core plugin-owned session extension foundation; #73384 exercises workflow/session-action projection and Gateway normalization; #74483 adds the follow-up SessionEntry slot projection surface.

[100yenadmin]

Current SDK audit against the #71427 standard:

Verdict: this RFC is not resolved by current SDK hooks. OpenClaw has fixed core session state, fixed sessions.patch, hardcoded gateway session rows, an internal post-write session:patch hook, and scoped plugin gateway RPCs. Those are useful adjacent surfaces, but they do not let a plugin register typed durable session state that participates in native session patch, projection, broadcast, and lifecycle semantics.

What exists today:

• Core can persist and patch known root session fields.
• Plugins can expose separate gateway RPCs with declared scopes.
• Internal code can observe some session patch activity after the host patch path runs.

Missing host seam:

• api.registerSessionExtension(...) or equivalent namespaced plugin session storage.
• Gateway-routed plugin patch actions with host-enforced scopes and schema validation.
• Explicit public projection into session list/detail rows.
• Reset/delete/compaction cleanup owned by the host.
• Stable disabled-plugin and invalid-payload failure behavior.

This is why this issue should remain open until a host-hook implementation PR adds fixture-plugin coverage for plugin-owned session state and patch actions.

[100yenadmin]

Already implemented? Comparison using the #71427 standard:

Existing surface	Why it may look sufficient	Exact missing SDK contract	Other plugin consumers
Fixed sessions.patch, hardcoded session rows, internal session:patch, plugin gateway RPC scopes	Core can patch known session fields and plugins can expose RPCs	Namespaced plugin session extension with host-owned patch validation, projection, broadcast, lifecycle cleanup, and disabled-plugin behavior	review gates, release workflows, memory managers, budget governors, channel bindings

Verdict: adjacent surfaces exist, but this RFC is not already implemented because plugins cannot own session state through the same lifecycle as native session fields.

[clawsweeper]

Closing this as duplicate or superseded after Codex automated review.

Issue #71732 should close as superseded by open PR #72082, not as implemented on main. Current main still lacks the requested plugin session-extension API, but #72082 is the focused canonical implementation PR and explicitly tracks the #71732 scope: plugin-owned session state, sessions.pluginPatch, projection, validation, cleanup, and fixture coverage.

Best possible solution:

Close #71732 as superseded by the canonical open implementation PR #72082. Maintainers should review the actual API shape, tests, and protocol/client follow-through in #72082; if that PR is closed without replacement, reopen or refile the #71732 session-extension slice rather than treating main as implemented.

What I checked:

• Canonical implementation PR now tracks this RFC slice: Provided GitHub context shows open PR [plugin sdk] Add generic plugin host-hook SDK contracts #72082, "[plugin sdk] Add generic plugin host-hook SDK contracts", with a dedicated section "Plugin Session Extensions And Patch Actions ([RFC] Plugin session extensions and patch actions #71732)" covering plugin-owned JSON-compatible session extension state, Gateway row projection as pluginExtensions, typed sessions.pluginPatch schema/validation, cleanup on reset/delete/disable/restart, and fixture coverage. It also lists [RFC] Plugin session extensions and patch actions #71732 under "RFC Resolution Status" as implemented by that PR if accepted. PR state is open and unmerged, so this is superseded tracking rather than shipped behavior. (3991dbcf4497)
• Current main sessions.patch schema is closed to core fields: SessionsPatchParamsSchema enumerates only known core session patch fields and sets additionalProperties: false; there is no plugin action envelope or sessions.pluginPatch schema on main. (src/gateway/protocol/schema/sessions.ts:131, 631552c55409)
• Gateway handler has no plugin patch dispatch on main: The sessions.patch handler validates with validateSessionsPatchParams, calls applySessionsPatchToStore, then emits the existing post-write session:patch hook. It does not look up registered plugin session extensions or route host-authorized plugin actions before mutation. (src/gateway/server-methods/sessions.ts:1284, 631552c55409)
• Core patch implementation is field-specific: applySessionsPatchToStore normalizes and writes explicit core fields such as lineage, labels, thinking/reasoning levels, exec settings, model, send policy, and group activation, then stores the entry. No namespaced plugin state/action path exists here on main. (src/gateway/sessions-patch.ts:89, 631552c55409)
• Plugin API exposes adjacent hooks/RPCs but not session extension registration: OpenClawPluginApi includes registerHook, registerGatewayMethod, commands, runtime helpers, and other registration surfaces, but no registerSessionExtension or equivalent typed session-extension registration method. (src/plugins/types.ts:2061, 631552c55409)
• Session row projection remains hardcoded on main: GatewaySessionRow and buildGatewaySessionRow expose a fixed list of session fields, with no pluginExtensions projection or registry-driven public projection hook. (src/gateway/session-utils.types.ts:28, 631552c55409)

So I’m closing this here and keeping the remaining discussion on the canonical linked item.

Codex Review notes: model gpt-5.5, reasoning high; reviewed against 631552c55409.