Expose reload kind in config schema lookup

[LLagoon3]

Summary

Describe the problem and fix in 2–5 bullets:

• Problem: config.schema.lookup exposed field schema and UI hints, but not whether changing the field can hot-reload or requires a Gateway restart.
• Why it matters: users and tools could not tell from schema lookup whether config changes like gateway.handshakeTimeoutMs are hot-reloadable or restart-required.
• What changed: lookup results and immediate child summaries now include optional reloadKind metadata (restart, hot, or none) resolved through the existing config reload rule matcher.
• What did NOT change (scope boundary): this does not alter config patch behavior, reload planning semantics, the full generated JSON schema, or add a second reload rule table.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes Schema doesn't expose hot-reload vs restart-required behavior for config fields #81409
• Related #
• This PR fixes a bug or regression

Real behavior proof (required for external PRs)

• Behavior or issue addressed: config.schema.lookup now reports the reload behavior for a looked-up config path and its immediate children.
• Real environment tested: local OpenClaw checkout, isolated dev Gateway using HOME=/tmp/oc81409-pr-home, port 19809, built from this branch.
• Exact steps or command run after this patch:

pnpm build:strict-smoke
HOME=/tmp/oc81409-pr-home node openclaw.mjs gateway run --dev --auth none --port 19809 --tailscale off --allow-unconfigured
TOKEN=$(node -e "console.log(require('/tmp/oc81409-pr-home/.openclaw/openclaw.json').gateway.auth.token)")
HOME=/tmp/oc81409-pr-home node openclaw.mjs gateway call --url ws://127.0.0.1:19809 --token "$TOKEN" --json --params '{"path":"gateway.handshakeTimeoutMs"}' config.schema.lookup
HOME=/tmp/oc81409-pr-home node openclaw.mjs gateway call --url ws://127.0.0.1:19809 --token "$TOKEN" --json --params '{"path":"gateway"}' config.schema.lookup

• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output):

{
  "path": "gateway.handshakeTimeoutMs",
  "schema": {
    "type": "integer",
    "minimum": 1,
    "maximum": 9007199254740991,
    "title": "Gateway Handshake Timeout",
    "description": "Pre-auth Gateway WebSocket handshake timeout in milliseconds. Use higher values on loaded or low-powered hosts where local clients can connect during startup warmup. OPENCLAW_HANDSHAKE_TIMEOUT_MS still takes precedence."
  },
  "reloadKind": "restart",
  "hint": {
    "label": "Gateway Handshake Timeout",
    "help": "Pre-auth Gateway WebSocket handshake timeout in milliseconds. Use higher values on loaded or low-powered hosts where local clients can connect during startup warmup. OPENCLAW_HANDSHAKE_TIMEOUT_MS still takes precedence.",
    "tags": ["network", "performance"]
  },
  "hintPath": "gateway.handshakeTimeoutMs",
  "children": []
}

{
  "path": "gateway",
  "reloadKind": "restart",
  "children": [
    {
      "path": "gateway.handshakeTimeoutMs",
      "reloadKind": "restart"
    },
    {
      "path": "gateway.channelHealthCheckMinutes",
      "reloadKind": "hot"
    }
  ]
}

• Observed result after fix: restart-required and hot-reloadable fields are distinguishable through config.schema.lookup.
• What was not tested: plugin-provided reload metadata beyond existing config-reload unit coverage.
• Before evidence (optional but encouraged): issue Schema doesn't expose hot-reload vs restart-required behavior for config fields #81409 documents that the same lookup output did not expose hot-reload vs restart-required behavior.

Root Cause (if applicable)

• Root cause: schema lookup and config reload planning were implemented as separate paths. lookupConfigSchema() returned schema/UI hint metadata only, while restart/hot/no-op decisions lived in config-reload-plan.ts.
• Missing detection / guardrail: no lookup-level test asserted that reload planning metadata was surfaced to schema consumers.
• Contributing context (if known): config patch planning already had this information, but schema lookup had no resolver hook to reuse it.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: src/config/schema.test.ts
• Scenario the test should lock in: when a reload metadata resolver is provided, lookupConfigSchema() includes reloadKind on the looked-up path and child summaries.
• Why this is the smallest reliable guardrail: it validates the schema lookup behavior without requiring a live Gateway or duplicating reload plan tests.
• Existing test that already covers this (if any): src/gateway/config-reload.test.ts covers the reload rule semantics themselves.
• If no new test is added, why not: N/A; a test was added.

User-visible / Behavior Changes

config.schema.lookup responses now include optional reloadKind metadata for the requested path and immediate children.

Diagram (if applicable)

Before:
config.schema.lookup -> schema + UI hints

After:
config.schema.lookup -> schema + UI hints + reloadKind from existing reload rules

Security Impact (required)

• New permissions/capabilities? (Yes/No) No
• Secrets/tokens handling changed? (Yes/No) No
• New/changed network calls? (Yes/No) No
• Command/tool execution surface changed? (Yes/No) No
• Data access scope changed? (Yes/No) No
• If any Yes, explain risk + mitigation: N/A

Repro + Verification

Environment

• OS: Linux 6.8.0-111-generic x64
• Runtime/container: local Node.js v24.13.0, isolated dev Gateway with HOME=/tmp/oc81409-pr-home
• Model/provider: N/A
• Integration/channel (if any): Gateway RPC / CLI
• Relevant config (redacted): dev config generated under /tmp/oc81409-pr-home/.openclaw/openclaw.json; Gateway token used locally only and not included here.

Steps

1. Build the local checkout with pnpm build:strict-smoke.
2. Start a dev Gateway from this branch with isolated HOME and port 19809.
3. Call config.schema.lookup for gateway.handshakeTimeoutMs.
4. Call config.schema.lookup for gateway and inspect child summaries.

Expected

• gateway.handshakeTimeoutMs reports reloadKind: "restart".
• gateway.channelHealthCheckMinutes appears in child summaries with reloadKind: "hot".

Actual

• Matches expected output shown in the Real behavior proof section.

Evidence

Attach at least one:

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Targeted checks run locally:

node scripts/run-vitest.mjs run --config test/vitest/vitest.runtime-config.config.ts src/config/schema.test.ts
# 34 passed

node scripts/run-vitest.mjs run --config test/vitest/vitest.gateway.config.ts src/gateway/config-reload.test.ts
# 73 passed

pnpm tsgo:test
# passed

pnpm build:strict-smoke
# passed

Human Verification (required)

What you personally verified (not just CI), and how:

• Verified scenarios:
  • gateway.handshakeTimeoutMs lookup now returns reloadKind: "restart".
  • gateway lookup child summaries include both restart-required and hot-reloadable children.
  • Existing reload rule tests still pass.
• Edge cases checked:
  • Resolver is optional, so existing direct schema lookup callers can continue without reload metadata.
  • Metadata is attached only to lookup result/children, avoiding a broader full-schema contract change.
• What you did not verify:
  • Plugin-provided reload rule metadata through a third-party plugin runtime.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

If a bot review conversation is addressed by this PR, resolve that conversation yourself. Do not leave bot review conversation cleanup for maintainers.

Compatibility / Migration

• Backward compatible? (Yes/No) Yes
• Config/env changes? (Yes/No) No
• Migration needed? (Yes/No) No
• If yes, exact upgrade steps: N/A

Risks and Mitigations

• Risk: schema lookup consumers may ignore the new optional field.
  • Mitigation: field is additive and optional.
• Risk: reload metadata could diverge if a second rule source were introduced.
  • Mitigation: this PR reuses the existing reload rule matcher instead of duplicating rules.

AI-assisted disclosure

This PR was prepared with AI assistance. I reviewed the change, understand the code path, and ran the local verification listed above.

[clawsweeper]

Codex review: needs maintainer review before merge.

Summary
The PR adds optional reloadKind metadata to config.schema.lookup results and child summaries, wires the Gateway lookup handler to the reload resolver, updates protocol docs/schema/Swift model, and adds focused schema/reload tests plus one live-agent test type cleanup.

Reproducibility: yes. The issue is source-reproducible from current main because lookup omits reload metadata while reload planning already classifies the same paths, and the linked release-level Docker proof demonstrates the user-visible gap.

Real behavior proof
Sufficient (live_output): The PR body includes after-fix live Gateway commands and copied JSON output showing the changed lookup behavior in a real local Gateway setup.

Next step before merge
No ClawSweeper repair is needed because the prior blocker is addressed and there is no discrete diff-level finding for an automated worker to fix.

Security
Cleared: The diff adds read-only schema/protocol metadata, docs, generated client shape, and tests without changing dependencies, workflows, secrets, permissions, network calls, or execution surfaces.

Review details

Best possible solution:

Land the additive lookup metadata contract once required checks are green, keeping the resolver tied to the existing reload planner semantics rather than introducing a second rule table.

Do we have a high-confidence way to reproduce the issue?

Yes. The issue is source-reproducible from current main because lookup omits reload metadata while reload planning already classifies the same paths, and the linked release-level Docker proof demonstrates the user-visible gap.

Is this the best way to solve the issue?

Yes. For this PR's scope, an optional resolver-backed reloadKind on config.schema.lookup is a narrow maintainable solution, and the latest head mirrors the planner's timestamp no-op classification.

What I checked:

• Current main lookup gap: On current main, ConfigSchemaLookupResult and child summaries contain path/schema/hint/children only, and lookupConfigSchema returns no reload metadata, matching the linked issue's reported gap. (src/config/schema.ts:104, 97ed9b2d8295)
• Current main Gateway handler: The current Gateway config.schema.lookup handler calls lookupConfigSchema(schema, path) without any reload metadata resolver. (src/gateway/server-methods/config.ts:292, 97ed9b2d8295)
• PR implements the lookup contract additively: The PR diff adds optional reloadKind to lookup result and child types, the protocol validator, docs, and Swift model, then passes resolveConfigReloadMetadata from the Gateway handler. (src/config/schema.ts:107, 021d9fcf7ebe)
• Prior review finding addressed: The PR head now special-cases legacy plugin install timestamp paths as none in resolveConfigReloadMetadata, and adds regression expectations beside the existing reload-plan no-op test. (src/gateway/config-reload-plan.ts:225, 021d9fcf7ebe)
• Linked issue reproduction and after-fix proof: The linked issue comment reproduces the missing schema metadata on openclaw@2026.5.7, while the PR body includes after-fix live Gateway calls showing gateway.handshakeTimeoutMs as restart and gateway.channelHealthCheckMinutes as hot. (eeef4864494f)
• CI state at review time: The latest head had many successful checks but two plugin contract check failures in untouched plugin-contract paths, so this is not a code-review finding against the PR diff but still a merge gate to clear. (src/plugins/contracts/plugin-sdk-package-contract-guardrails.test.ts:661, 021d9fcf7ebe)

Likely related people:

• gumadeiras: GitHub commit history shows this person authored the path-scoped config.schema.lookup surface and a follow-up for slash-delimited lookup paths. (role: introduced lookup surface; confidence: high; commits: ff971955009a, fa6c0e1b404f; files: src/config/schema.ts, src/gateway/protocol/schema/config.ts, src/gateway/server-methods/config.ts)
• steipete: Recent merged reload-planner work defines the false-restart and plugin-management reload behavior that this PR's metadata resolver must mirror. (role: recent reload planner contributor; confidence: high; commits: f437d96ae261, d678bcfcc7d0; files: src/gateway/config-reload-plan.ts, src/gateway/config-reload.test.ts, src/gateway/config-reload.ts)

Remaining risk / open question:

• The current check suite still showed plugin contract failures in untouched paths at inspection time, so required CI needs to be green before merge.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 97ed9b2d8295.

[LLagoon3]

@clawsweeper re-review

Addressed the P3 docs finding by documenting optional reloadKind on config.schema.lookup results and child summaries in docs/gateway/protocol.md.

Verification:

• pnpm docs:list
• git diff --check
• pnpm docs:check-mdx

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/25835095593
• Updated: 2026-05-14T00:59:11.562Z

[LLagoon3]

Follow-up update after the latest base moved:

• Re-applied this PR on top of current origin/main.
• Kept the ClawSweeper-requested docs update for reloadKind.
• Addressed the current lint failure from the updated base (unknown | undefined -> unknown in src/agents/models.profiles.live.test.ts).
• Minimal local verification only, to avoid heavy host load:
  • pnpm exec oxlint src/agents/models.profiles.live.test.ts
  • git diff --check
  • git diff --cached --check

Full CI is running again on the new head 52b1d175.

[LLagoon3]

@clawsweeper re-review

Addressed the P2 resolver finding:

• resolveConfigReloadMetadata() now mirrors the planner no-op behavior for plugins.installs.<id>.installedAt and plugins.installs.<id>.resolvedAt.
• Added regression coverage in src/gateway/config-reload.test.ts alongside the existing timestamp-only no-op planner test.

Targeted local verification:

• node scripts/run-vitest.mjs run --config test/vitest/vitest.gateway.config.ts src/gateway/config-reload.test.ts (73 passed)
• node scripts/run-vitest.mjs run --config test/vitest/vitest.runtime-config.config.ts src/config/schema.test.ts (34 passed)
• git diff --check

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/25836436102
• Updated: 2026-05-14T01:41:24.378Z

[LLagoon3]

Closing this out in favor of replacement PR #81612.

The branch metadata for this closed PR became corrupted after a bad force-push from a shallow/grafted local state and GitHub showed the whole repository as added. The replacement PR was rebuilt directly on current origin/main and verifies as the intended 10-file diff (+78/-6): #81612