fix(runtime): preserve reviewed routing and transcript behavior

[vincentkoc]

Summary

• Problem: two review-thread regressions were still live after the broader runtime cleanup: Discord username/handle sends no longer had the plugin directory resolver wired into the messaging target resolver, and generated gateway transcript files could be reused after a stale session row rotated to a new session id.
• Why it matters: username-targeted Discord DMs should keep resolving through the directory/cache path, and /new/session reset should not append a fresh session into the previous generated transcript file.
• What changed: Discord now exposes a lazy messaging.targetResolver.resolveTarget bridge to resolveDiscordTarget, and gateway session merge drops stale sessionFile when sessionId changes so the generated transcript path can rotate.
• What did NOT change: no Discord send transport behavior, permission model, explicit user:/channel: parsing, or custom transcript path migration policy changed beyond the stale-session reset case.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Related: review follow-up for runtime regressions
• This PR fixes a bug or regression

Real behavior proof (required for external PRs)

• Behavior or issue addressed: Discord username target resolution and generated gateway transcript rotation on session reset.
• Real environment tested: local macOS checkout for focused regression tests; remote Crabbox/Blacksmith changed gate passed on tbx_01kr4z72c5zfhb9c43pm106zav.
• Exact steps or command run after this patch: pnpm test:serial src/agents/bash-tools.exec-host-node.test.ts src/agents/pi-embedded-subscribe.handlers.tools.test.ts src/infra/outbound/sanitize-text.test.ts src/infra/outbound/deliver.test.ts extensions/telegram/src/bot.helpers.test.ts extensions/telegram/src/bot.create-telegram-bot.test.ts extensions/whatsapp/src/inbound/send-api.test.ts extensions/discord/src/audit.test.ts extensions/discord/src/channel.test.ts src/gateway/server-methods/agent.test.ts
• Evidence after fix: 7 Vitest shards passed in 39.57s; 10 files, 372 tests.
• Observed result after fix: focused reviewed surfaces pass, including new Discord target resolver and gateway transcript reset coverage.
• What was not tested: live Discord send and live gateway session reset against a running external gateway; remote pnpm check:changed did not execute because the Blacksmith Testbox job stayed queued.
• Before evidence: reviewer reported the runtime regressions against the previous patch.

Root Cause (if applicable)

• Root cause: the generic outbound resolver integration did not expose the Discord directory resolver, and stale session merge logic preserved a generated transcript path even when the session id changed.
• Missing detection / guardrail: no regression test asserted username resolution through discordPlugin.messaging.targetResolver, and no gateway test covered stale stored session rows with generated transcript paths rotating to a new session id.
• Contributing context (if known): other reviewed items were already fixed on current origin/main; this PR locks the remaining two live gaps.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: extensions/discord/src/channel.test.ts, src/gateway/server-methods/agent.test.ts.
• Scenario the test should lock in: Discord username input resolves through the directory-backed target resolver; stale generated transcript paths are dropped when an existing session entry rotates ids.
• Why this is the smallest reliable guardrail: both regressions were contract wiring bugs at local seams, so targeted tests catch them without requiring a live channel or external gateway.
• Existing test that already covers this (if any): existing channel/gateway suites covered adjacent behavior but not these exact regressions.
• If no new test is added, why not: N/A.

User-visible / Behavior Changes

• Discord username/handle outbound targets resolve again through the Discord directory path.
• Generated gateway transcript paths rotate on session reset instead of reusing the old session file.

Diagram (if applicable)

N/A

Security Impact (required)

• New permissions/capabilities? (Yes/No) No
• Secrets/tokens handling changed? (Yes/No) No
• New/changed network calls? (Yes/No) No
• Command/tool execution surface changed? (Yes/No) No
• Data access scope changed? (Yes/No) No
• If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

• OS: macOS local checkout; Blacksmith Testbox attempted for remote changed gate.
• Runtime/container: Node/pnpm workspace.
• Model/provider: N/A.
• Integration/channel (if any): Discord, Gateway sessions.
• Relevant config (redacted): synthetic tests only.

Steps

1. Run the focused reviewed-surface regression suite listed above.
2. Run pnpm changed:lanes --json.
3. Attempt remote Crabbox/Blacksmith pnpm check:changed.

Expected

• Targeted regression tests pass.
• Changed lanes select core, core tests, extensions, and extension tests.
• Remote changed gate executes when Testbox capacity is available.

Actual

• Targeted regression tests passed.
• pnpm changed:lanes --json selected core, coreTests, extensions, and extensionTests.
• Crabbox/Blacksmith lease tbx_01kr4z72c5zfhb9c43pm106zav passed pnpm check:changed in 3m12s command time, exit 0. Actions run: https://github.com/openclaw/openclaw/actions/runs/25584797503.

Evidence

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

• Verified scenarios: focused reviewed-surface test bundle, git diff --check, changed-lane selection, Crabbox/Blacksmith pnpm check:changed pass.
• Edge cases checked: Discord directory result returns source: "directory"; gateway stale transcript path clears only when stored sessionId differs from the active session id.
• What you did not verify: live Discord DM send and live gateway transcript creation; remote pnpm check:changed passed on Crabbox/Blacksmith.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Migration needed? (Yes/No) No
• If yes, exact upgrade steps: N/A

Risks and Mitigations

• Risk: Discord target resolver mapping could accidentally misclassify non-user target forms.
  • Mitigation: keep explicit kind mapping narrow and delegate normalization/directory lookup to the existing Discord resolver.
• Risk: generated transcript rotation could clear a stale path in edge cases that previously reused it.
  • Mitigation: only clear when the stored entry's sessionId differs from the new active sessionId; same-session paths are preserved.

[clawsweeper]

Codex review: needs maintainer review before merge.

Summary
The branch wires Discord messaging target resolution through the existing directory-backed Discord resolver, clears stale generated gateway transcript paths when session ids rotate, adds regression tests, and updates the changelog.

Reproducibility: yes. source inspection gives a high-confidence reproduction path: current main lacks Discord messaging.targetResolver.resolveTarget and preserves entry.sessionFile through session entry merge when sessionId changes. I did not execute tests because this review was required to keep the checkout read-only.

Real behavior proof
Not applicable: The external-contributor proof gate does not apply to this MEMBER maintainer-labeled PR, though the body does include focused terminal test evidence and clearly notes missing live coverage.

Next step before merge
This is a draft maintainer-labeled PR by a MEMBER; the next action is maintainer review, undraft, and changed-gate validation rather than cleanup closing or automated repair.

Security
Cleared: The diff introduces no concrete security or supply-chain regression; it changes plugin-owned target resolution, gateway session metadata, tests, and changelog only.

Review details

Best possible solution:

Undraft after maintainer review, run the appropriate changed gate for Discord/Gateway runtime surfaces, and land the narrow resolver/sessionFile fix if validation stays green.

Do we have a high-confidence way to reproduce the issue?

Yes, source inspection gives a high-confidence reproduction path: current main lacks Discord messaging.targetResolver.resolveTarget and preserves entry.sessionFile through session entry merge when sessionId changes. I did not execute tests because this review was required to keep the checkout read-only.

Is this the best way to solve the issue?

Yes, the proposed approach appears to be the narrow maintainable fix: it reuses the plugin-owned Discord resolver through a lazy boundary and clears sessionFile only when the stored sessionId differs from the active one. The remaining question is validation completeness, not a better design direction.

Acceptance criteria:

• pnpm test:serial src/agents/bash-tools.exec-host-node.test.ts src/agents/pi-embedded-subscribe.handlers.tools.test.ts src/infra/outbound/sanitize-text.test.ts src/infra/outbound/deliver.test.ts extensions/telegram/src/bot.helpers.test.ts extensions/telegram/src/bot.create-telegram-bot.test.ts extensions/whatsapp/src/inbound/send-api.test.ts extensions/discord/src/audit.test.ts extensions/discord/src/channel.test.ts src/gateway/server-methods/agent.test.ts
• pnpm changed:lanes --json
• pnpm check:changed

What I checked:

• Protected maintainer PR: Live GitHub API data shows this PR is open, draft, authored by vincentkoc with authorAssociation MEMBER, and labeled maintainer, channel: discord, gateway, and size: S. (da5d9ac24f34)
• Current Discord resolver gap: Current main exposes Discord messaging.targetResolver with looksLikeId and hint only, while the existing Discord target resolver already has peer-directory lookup logic that the PR bridges into that surface. (extensions/discord/src/channel.ts:326, 0fca66549794)
• Current gateway transcript carry-over path: Current main builds nextEntryPatch without sessionFile, and mergeSessionEntry spreads the existing entry before the patch, so a stored sessionFile can survive unless explicitly cleared when the sessionId changes. (src/gateway/server-methods/agent.ts:1031, 0fca66549794)
• Patch scope: The diff adds a lazy Discord target-resolver loader, a resolveTarget bridge, focused Discord and gateway regression tests, and a single changelog entry; it does not touch workflows, dependencies, lockfiles, or secret handling. (extensions/discord/src/channel.ts:327, da5d9ac24f34)
• Submitted verification context: The PR body reports a focused local Vitest bundle passing 10 files and 372 tests, while also disclosing that live Discord send, live gateway reset, and the remote changed gate were not completed. (da5d9ac24f34)

Likely related people:

• steipete: Git history and blame in the local checkout show Peter Steinberger as the dominant recent maintainer across the Discord channel surface, outbound routing, plugin SDK seams, and gateway session files touched by this PR. (role: adjacent owner; confidence: high; commits: 113761ab57dc, 7db10d21036a, 4069844795b6; files: extensions/discord/src/channel.ts, extensions/discord/src/target-resolver.ts, src/infra/outbound/target-resolver.ts)
• Takhoffman: Recent merged history on src/gateway/server-methods/agent.ts includes multiple session metadata preservation fixes, which is the same session-store behavior class as the transcript-path change. (role: recent gateway maintainer; confidence: medium; commits: ae9b9575c5f5, f4a45071e34b, c326083ad8fd; files: src/gateway/server-methods/agent.ts)
• vincentkoc: The PR author is a MEMBER and also appears in prior merged Discord channel history, so they are a relevant follow-up owner beyond merely proposing this branch. (role: recent maintainer and prior Discord contributor; confidence: medium; commits: e47b63acaaea; files: extensions/discord/src/channel.ts)

Remaining risk / open question:

• The PR is still draft and the broad changed gate did not execute; the PR body says the Blacksmith/Testbox run stayed queued.
• Live Discord DM sending and live gateway transcript rotation were not verified; the evidence is source inspection plus focused synthetic tests reported by the author.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 0fca66549794.