[codex] refresh plugin regression fixtures

[JayZeeDesign]

Summary

• Refresh plugin regression fixtures after the recent main changes by replacing live SSRF-dependent test paths with deterministic guarded-fetch/navigation mocks.
• Update staged-output, progress streaming, and Codex media fixture expectations to match current runtime contracts.
• Add follow-up fixture fixes for Discord and Microsoft Teams progress max-line windows discovered during the completion audit.
• Remove a QA Lab test-only non-null assertion that current full extension lint rejected after rebasing onto latest main.

Real behavior proof

Behavior addressed: Bundled plugin surfaces should still load and expose their runtime command/tool/channel account contracts after the regression fixture updates. The failing areas covered by this patch were deterministic test regressions around guarded network fetch/navigation, staged media outputs, progress streaming line windows, current Codex media thread fixtures, and one current-main extension lint assertion.

Real environment tested: Local macOS checkout after this patch, using the built OpenClaw dist entrypoint at dist/index.js and the published npm:@openclaw/kitchen-sink@latest plugin fixture.

Exact steps or command run after this patch: pnpm test:plugins:kitchen-sink-rpc

Evidence after fix: Terminal output from a real local OpenClaw kitchen-sink RPC walk:

Kitchen Sink RPC walk using npm:@openclaw/kitchen-sink@latest via dist/index.js
{
  "ok": true,
  "pluginId": "openclaw-kitchen-sink-fixture",
  "commands": ["kitchen", "kitchen", "kitchen", "kitchen-sink", "kitchen-sink", "kitchen-sink"],
  "catalogTools": ["kitchen_sink_image_job", "kitchen_sink_search", "kitchen_sink_text"],
  "channelAccount": {
    "accountId": "local",
    "name": "Kitchen Sink Local",
    "enabled": true,
    "configured": true,
    "statusState": "ready",
    "linked": true,
    "running": true,
    "connected": true,
    "mode": "local",
    "health": { "ok": true, "message": "Kitchen Sink local fixture account is ready." },
    "capabilities": ["text", "media", "threads", "dry-run"],
    "probe": { "ok": true, "accountId": "local", "scenarioId": "channel.probe" }
  }
}
Kitchen Sink RPC walk passed

Observed result after fix: OpenClaw loaded the kitchen-sink plugin through the dist entrypoint, discovered the expected command aliases, discovered all three kitchen-sink catalog tools, resolved the local channel account as ready/linked/running/connected, and completed the account probe successfully.

What was not tested: Live third-party provider/channel credentials were not exercised because this patch changes test fixtures and support mocks only; broad plugin contracts and extension shards were run as supplemental coverage.

Verification

• pnpm test:plugins:kitchen-sink-rpc
• pnpm test:contracts:plugins
• pnpm plugins:inventory:check
• pnpm plugins:boundary-report:ci
• pnpm test:extensions
• pnpm test extensions/qa-lab/src/gateway-child.test.ts -- --reporter=verbose
• pnpm check:changed
• git diff --check origin/main..HEAD
• pnpm exec oxfmt --check --threads=1 <changed ts files>

Direct push and merge/auto-merge to openclaw/openclaw:main were attempted, but the authenticated account does not have the required upstream permissions. This PR publishes the validated commits from a fork for maintainer landing.

[clawsweeper]

Codex review: needs maintainer review before merge.

Summary
The PR refreshes plugin regression fixtures and test-support mocks for guarded network resolution, progress streaming windows, staged TTS output, QQBot STT, and a CLI runner assertion.

Reproducibility: not applicable. this is a test fixture refresh PR, not a user bug report. The relevant behavior is reviewable from the current formatter/helper source, the PR diff, CI state, and supplied terminal proof.

Real behavior proof
Sufficient (terminal): Sufficient terminal proof: the PR body includes after-fix kitchen-sink RPC output using the built dist entrypoint and published plugin fixture.

Next step before merge
No repair lane candidate: the patch has no concrete review defect and needs normal maintainer review or landing rather than automated changes.

Security
Cleared: Cleared: the diff is confined to test and test-support files and does not change workflows, dependencies, lockfiles, package metadata, secrets handling, or production SSRF enforcement.

Review details

Best possible solution:

Land the focused test-only fixture refresh after normal maintainer review, while leaving production SSRF and channel streaming behavior unchanged.

Do we have a high-confidence way to reproduce the issue?

Not applicable: this is a test fixture refresh PR, not a user bug report. The relevant behavior is reviewable from the current formatter/helper source, the PR diff, CI state, and supplied terminal proof.

Is this the best way to solve the issue?

Yes: deterministic guarded-network mocks and updated fixture expectations are the narrowest maintainable fix for this drift. Changing production SSRF, progress formatting, or channel behavior would be broader than this PR's scope.

What I checked:

• Live PR state: GitHub API shows this PR is open, not draft, at head b6a7da6, with 18 changed files and labels including proof: supplied and proof: sufficient. (b6a7da6400a0)
• Diff scope: The files API and patch show only test and test-support paths changed; no workflows, lockfiles, dependency manifests, package metadata, or production runtime files are modified. (b6a7da6400a0)
• Progress contract: Current main prepends the progress label to the raw progress lines and slices the combined list by maxLines before formatting, matching the PR's Discord and Teams fixture-window updates. (src/plugin-sdk/channel-streaming.ts:795, 8cd978c02a74)
• Current fixture drift: Current main still has the older Discord progress fixture name, maxLines value, and rolling-line expectation that the PR updates to the current progress-label contract. (extensions/discord/src/monitor/message-handler.process.test.ts:1662, 8cd978c02a74)
• SSRF test helper contract: mockPinnedHostnameResolution already injects a deterministic public-address lookup into resolvePinnedHostname and resolvePinnedHostnameWithPolicy, which matches the PR's guarded-network fixture strategy. (src/test-helpers/ssrf.ts:6, 8cd978c02a74)
• CI state: Check-runs for the current head show 88 successes, 23 skipped, 1 neutral, and one cancelled auto-response run; there are no pending or failing non-auto-response check-runs in the API output. (b6a7da6400a0)

Likely related people:

• steipete: GitHub path history ties this person to the channel progress draft feature, multiple Discord progress-rendering changes, and the deterministic SSRF/media test-helper history this PR follows. (role: introduced behavior and adjacent maintainer; confidence: high; commits: c33e57855469, accf774591cf, ef29c85a48c9; files: src/plugin-sdk/channel-streaming.ts, extensions/discord/src/monitor/message-handler.process.test.ts, src/test-helpers/ssrf.ts)
• shakkernerd: Recent commits on the same progress and media fixture surfaces include progress label/window follow-ups plus QQBot STT and TTS fixture hardening. (role: recent maintainer; confidence: high; commits: baffa57c004e, acb3b09e2a09, d1a482ba0bc9; files: src/plugin-sdk/channel-streaming.ts, extensions/qqbot/src/engine/utils/stt.test.ts, extensions/tts-local-cli/speech-provider.test.ts)
• vincentkoc: History links this person to Microsoft Teams progress-line behavior and the kitchen-sink RPC walk used by the PR's real behavior proof path. (role: adjacent owner; confidence: medium; commits: 12dbfab678b8, cf1bd3050947; files: extensions/msteams/src/reply-stream-controller.ts, scripts/e2e/kitchen-sink-rpc-walk.mjs)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 8cd978c02a74.

[JayZeeDesign]

Ready for maintainer landing.

Current head: 42a0ebcdb5df7c0873cdf8446b436c43a21b7015

I rebased onto current main, fixed the follow-up CI/lint issue, force-updated the fork branch, and rechecked the PR. At the time of handoff, gh pr checks 79444 reports no failing checks; the only pending item after the body refresh was Labeler.

I attempted direct push, merge, and auto-merge, but GitHub rejected them because JayZeeDesign does not have upstream merge/write permission.