Add session-scoped continuation lease workflow API

[PollyBot13]

Summary

• add a plugin host workflow API for requesting one same-session continuation lease
• add a matching clear API for terminal/paused states
• pass trusted session context through the API instead of accepting model-selected session routing
• expose the workflow API through the plugin SDK
• add focused scheduled-turn contract coverage

Why

Agents can already continue work when the model stays on target and the runtime path is lucky. The missing runtime primitive is a narrow, reviewable way for a feature to ask for one follow-up turn in the same trusted session, with host-owned routing and an explicit clear path.

This PR adds that primitive without adding a new autonomous product surface. A bundled plugin can ask the host to enqueue the next turn for the same trusted session, without introducing cross-session targeting, fanout, or model-selected routing.

This is intentionally narrower than #79925. It does not add silent wake modes, cross-session delegation, trusted insertion into sibling sessions, or host-wide fanout. It is also complementary to #85232: that PR recovers an already-queued stuck session; this API gives a plugin a narrow way to create one same-session follow-up turn in the first place.

Safety

• session identity comes from host-owned command/tool context
• callers pass session: ctx; the model does not provide a target sessionKey
• continuation leases are same-session only
• replacement is best-effort on the existing scheduled-turn host hook
• clear removes the matching same-session lease when a feature reaches a stop state
• the SDK test helper exposes no-op defaults for both workflow APIs, so downstream plugin tests can use the new facade without custom stubs

Tests

pnpm exec vitest run --config test/vitest/vitest.contracts-plugin.config.ts \
  src/plugins/contracts/host-hooks.contract.test.ts \
  src/plugins/contracts/scheduled-turns.contract.test.ts \
  src/plugins/contracts/plugin-sdk-index.test.ts \
  src/plugins/contracts/plugin-sdk-index.bundle.test.ts \
  src/plugins/contracts/plugin-sdk-subpaths.test.ts

pnpm tsgo:core:test
pnpm build

Also verified as part of the stacked branch:

pnpm exec vitest run --config test/vitest/vitest.contracts-plugin.config.ts \
  src/plugins/contracts/host-hooks.contract.test.ts \
  src/plugins/contracts/scheduled-turns.contract.test.ts \
  src/plugins/contracts/plugin-sdk-index.test.ts \
  src/plugins/contracts/plugin-sdk-index.bundle.test.ts \
  src/plugins/contracts/plugin-sdk-subpaths.test.ts \
  src/plugins/contracts/package-manifest.contract.test.ts \
  src/plugins/contracts/plugin-entry-guardrails.test.ts \
  src/plugins/contracts/plugin-tool-contracts.test.ts

Real behavior proof

• Behavior or issue addressed: Plugin code can request and clear a same-session continuation lease through the new SDK workflow facade without taking a model-provided session target.
• Real environment tested: Local OpenClaw checkout tmp/upstream-prs/openclaw-goal on branch goal-command-minimal, commit 1e24225457, with the scaffold commit 325f4c1f27 underneath.
• Exact steps or command run after this patch: Ran a live pnpm exec tsx command in the checkout that imports createTestPluginApi() from src/plugin-sdk/plugin-test-api.ts, then calls api.session.workflow.requestSessionContinuationLease(...) and api.session.workflow.clearSessionContinuationLease(...) with sessionKey: "agent:proof:session" and leaseKey: "active-goal".
• Evidence after fix: Terminal output from that command:

{"request":{"enqueued":false,"reason":"test plugin api"},"clear":{"removed":0,"failed":0}}

• Observed result after fix: The SDK test API exposes both workflow methods and they return structured results instead of throwing or being absent. The contract tests cover the real scheduled-turn host hook replacement/clear behavior; this live command verifies the public SDK facade is callable from a real checkout.
• What was not tested: No production gateway was started for this scaffold-only PR; the follow-up /goal PR includes a live command-handler proof for the user-facing flow.

Follow-up

A stacked follow-up PR adds the user-facing /goal command on top of this API: #85723.

That PR is the concrete product proof for this runtime primitive: humans get lifecycle controls and lightweight observability, while the model only gets bounded same-session continuation through goal_status.

I am happy to keep the two PRs stacked for easier review or combine them if maintainers prefer one review thread.

[clawsweeper]

Thanks for the context here. I swept through the related work, and this is now duplicate or superseded.

Keep open: this is a useful-looking new plugin/session workflow primitive, but it should not merge as-is because the same-session contract still accepts a separate agent route, the test helper returns the wrong result discriminator, and the supplied proof does not exercise the production scheduler path.

Canonical path: Close this PR as superseded by #80370.

So I’m closing this here and keeping the remaining discussion on #80370.

Review details

Best possible solution:

Close this PR as superseded by #80370.

Do we have a high-confidence way to reproduce the issue?

Yes for the patch defects: source inspection of the PR branch shows agentId is accepted independently of session context and createTestPluginApi returns enqueued while the type and implementation use scheduled. The feature itself is not a bug reproduction.

Is this the best way to solve the issue?

No as-is: the narrow same-session lease shape is plausible, but the safest solution is to derive routing from trusted session context only, align helper/docs with the public contract, and require production-path proof or review alongside the /goal PR.

Security review:

Security review needs attention: The diff has no dependency, workflow, or secret-handling changes, but the new same-session scheduling API needs a routing-boundary fix before merge.

• [medium] Caller-supplied agent route on same-session lease — src/plugins/host-hooks.ts:304
  The new lease params accept agentId separately from the trusted session context and the host hook forwards it to Cron, so a continuation can be scheduled with mismatched session and agent routing metadata.
  Confidence: 0.82

What I checked:

• linked superseding PR: feat(diagnostics): classify skill and tool usage #80370 (feat(diagnostics): classify skill and tool usage) is merged at 2026-05-23T08:08:56Z.
• cluster evidence: the durable review links that PR in the work cluster or recommended risk path.
• no human follow-up: live comments and timeline hydrated by apply contain no non-automation activity after the ClawSweeper review.

Likely related people:

• gauravprasadgp: PR metadata for feat(diagnostics): classify skill and tool usage #80370 identifies this handle on the merged work that introduced the current plugin SDK/scheduled-turn source files now being extended. (role: recent area contributor; confidence: medium; commits: 558a05b6d039; files: src/plugins/host-hook-scheduled-turns.ts, src/plugins/types.ts, src/plugins/registry.ts)
• vincentkoc: The merged PR commit metadata for the current implementation lists this handle as an author of the commit carried into merge commit 558a05b. (role: commit author in current-main history; confidence: medium; commits: 077a75685bfb, 558a05b6d039; files: src/plugins/host-hook-scheduled-turns.ts, src/plugins/types.ts, src/plugins/registry.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 9ede882f08eb.

[clawsweeper]

ClawSweeper applied the proposed close for this PR.

• Action: closed this PR.
• Close reason: duplicate or superseded.
• Evidence: durable ClawSweeper review.

[PollyBot13]

@clawsweeper this closure appears to have picked the wrong superseding target.

Thanks. I think this was closed by automation against the wrong superseding target: #80370 is the diagnostics/skill-tool telemetry PR and does not add a session continuation lease API or /goal continuation workflow.

This PR is intended as the narrow runtime/API scaffold for #85723:

• same-session continuation lease only
• no cross-session targeting
• no fanout
• no model-supplied routing authority
• one plugin-owned lease key per session/plugin replacement path

I have left #85723 stacked on this branch so maintainers can review the runtime primitive separately from the user-facing /goal command. Happy to retarget/combine if that is the preferred review shape.

[wmeerendonk]

@openclaw-barnacle @clawsweeper
Request to reopen:
This PR was auto‑closed as “superseded by #80370”, but that PR is unrelated — it only covers diagnostics/skill‑tool telemetry and does not introduce the session‑scoped continuation lease API or the /goal workflow.

This PR is still required because it provides the narrow runtime/API primitive that #85723 depends on (same‑session continuation lease, no cross‑session routing, no fanout, no model‑selected session targeting).

[wmeerendonk]

@clawsweeper re-review