feat: add --session-key support to system wake/event

[BrennerSpear]

What

Add optional --session-key parameter to all wake/system-event entry points so callers can deliver events to a specific agent session instead of default fan-out.

Supersedes #35125 and #34944.

Entry Points

• CLI: openclaw system event "text" --session-key <key>
• WS wake: { method: "wake", params: { text, mode, sessionKey } }
• WS system-event: { method: "system-event", params: { text, sessionKey, ... } }
• HTTP /hooks/wake: POST { text, mode, sessionKey } — gated by policy
• HTTP hook mappings: { action: "wake", sessionKey: "hook:{{payload.id}}" }

Core Behavior

• With sessionKey: Canonicalize, validate, enqueue event to that session, requestHeartbeatNow to wake it
• Without sessionKey: Preserve existing fan-out (no behavioral change)

Safety

• Cross-agent keys throw (never silently reroute)
• Malformed agent-scoped keys (< 3 segments) rejected
• HTTP hook sessionKey gated by hooks.allowRequestSessionKey + prefix allowlist
• dispatchWakeHook returns result object (errors propagated)
• State mutation only after validation

Changes since v5 (#35125)

• Fixed: system-event WS handler now calls requestHeartbeatNow for targeted sessions — previously events to non-main sessions would silently stall (same bug that was fixed in wake and hooks paths in v5, but missed in system-event)
• Audited: All three targeted-session paths (cron.ts, server/hooks.ts, system.ts) verified to have requestHeartbeatNow after enqueueSystemEvent

Testing

• 23 files changed, ~1306 insertions
• 103 tests pass across 9 test files
• All 9 anti-patterns verified

Closes #35125, closes #34944

[greptile-apps]

Greptile Summary

This PR adds an optional --session-key parameter to all wake/system-event entry points (CLI, WebSocket, HTTP hooks, hook mappings), allowing callers to deliver events to a specific agent session rather than relying on the default fan-out. The implementation is thorough: cross-agent targeting is rejected, malformed keys are caught early, all three targeted-session paths (cron.ts, server/hooks.ts, system.ts) call requestHeartbeatNow after enqueue (fixing a prior stall bug), and the HTTP hook path gates session key use behind hooks.allowRequestSessionKey + prefix allowlist policies.

Two minor style/UX concerns were identified:

1. Swift naming: The WakeParams.sessionkey property (and related structs) use all-lowercase, violating Swift camelCase conventions and affecting the public API surface.
2. Node presence routing: When system-event receives text starting with "Node:", the sessionKey parameter is silently ignored (intentionally routed to mainSessionKey). Callers receive success responses with no indication their routing hint was disregarded.

The core logic is sound and well-tested (103 tests across 9 files), with proper validation ordering and no security issues detected. These findings are non-blocking style/UX concerns, not correctness bugs.

Confidence Score: 4/5

• Safe to merge. No logic bugs, security issues, or correctness problems. Two minor style/UX concerns identified.
• The PR implements session-key routing safely with proper validation, cross-agent safety checks, and comprehensive tests (103 across 9 files). The core functionality is sound. The two identified issues are non-blocking style concerns: Swift naming conventions and a UX clarity gap for Node presence events. Neither affects correctness, security, or data integrity.
• apps/macos/Sources/OpenClawProtocol/GatewayModels.swift and apps/shared/OpenClawKit/Sources/OpenClawProtocol/GatewayModels.swift for Swift naming convention improvements.

_{Last reviewed commit: 84a7b17}

[greptile-apps]

When the event text starts with "Node:", any provided sessionKey parameter is not validated and has no effect — the handler always routes Node presence events to mainSessionKey (line 137). The caller receives { ok: true } with no indication their routing hint was ignored.

While this behavior appears intentional (Node presence events are system-generated and should go to the main session), callers expecting targeted dispatch may be confused. Consider either:

1. Explicitly reject sessionKey for Node presence lines with a descriptive error message
2. Document that Node presence events always route to the main session, so callers understand the exception

This would improve clarity for future maintainers and callers reading the API.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/gateway/server-methods/system.ts
Line: 49-58

Comment:
When the event text starts with `"Node:"`, any provided `sessionKey` parameter is not validated and has no effect — the handler always routes Node presence events to `mainSessionKey` (line 137). The caller receives `{ ok: true }` with no indication their routing hint was ignored.

While this behavior appears intentional (Node presence events are system-generated and should go to the main session), callers expecting targeted dispatch may be confused. Consider either:

1. **Explicitly reject** `sessionKey` for Node presence lines with a descriptive error message
2. **Document** that Node presence events always route to the main session, so callers understand the exception

This would improve clarity for future maintainers and callers reading the API.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

The property sessionkey uses all-lowercase naming, which violates Swift camelCase conventions. The public API exposes this as wakeParams.sessionkey instead of the idiomatic wakeParams.sessionKey. Since CodingKeys is already explicitly defined, renaming is safe and straightforward. Rename the property to follow Swift conventions. This same naming issue appears throughout both GatewayModels.swift files — consider updating all affected structs for consistency.

Prompt To Fix With AI

This is a comment left during a code review.
Path: apps/macos/Sources/OpenClawProtocol/GatewayModels.swift
Line: 694

Comment:
The property `sessionkey` uses all-lowercase naming, which violates Swift camelCase conventions. The public API exposes this as `wakeParams.sessionkey` instead of the idiomatic `wakeParams.sessionKey`. Since `CodingKeys` is already explicitly defined, renaming is safe and straightforward. Rename the property to follow Swift conventions. This same naming issue appears throughout both GatewayModels.swift files — consider updating all affected structs for consistency.

How can I resolve this? If you propose a fix, please make it concise.

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

[BrennerSpear]

@Takhoffman Would you be willing to review this? It touches the gateway session-key routing, hooks dispatch, and heartbeat wake paths — areas you've been active in recently (custom session key inheritance, session delivery invariants, cron hardening).

TL;DR: adds an optional --session-key param to all wake/system-event entry points so callers can target a specific agent session instead of fan-out. All three targeted paths (cron, hooks, system-event) call requestHeartbeatNow after enqueue. 103 tests, Greptile 4/5.

[BrennerSpear]

@vincentkoc Would love your review on this — it touches hooks dispatch, gateway wake paths, and session key routing, which fall under your ownership area. Summary in the PR description. All tests pass, Greptile 4/5. Thanks!

[openclaw-barnacle]

This pull request has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[openclaw-barnacle]

Closing due to inactivity.
If you believe this PR should be revived, post in #pr-thunderdome-dangerzone on Discord to talk to a maintainer.
That channel is the escape hatch for high-quality PRs that get auto-closed.

[prtags]

Related work from PRtags group obliging-seahorse-7nmd

Title: Open PR duplicate: wake hooks ignore explicit session targets

Number	Title
#35231*	feat: add --session-key support to system wake/event
#70268	fix: route wake hooks to explicit sessions

* This PR