[Fix] Prefer external session delivery context

[samzong]

Summary

What problem does this PR solve?

• sessions_send announce delivery could fall back to stale internal WebChat route fields even when the persisted session row had an external delivery context.

Why does this matter now?

• Issue sessions_send reply routes to webchat instead of origin channel (Feishu) #76104 reports Feishu-originated sessions_send replies being routed to WebChat instead of the originating external conversation.

What is the intended outcome?

• A deliverable external deliveryContext wins over stale internal route data, while preserving account and thread metadata.

What is intentionally out of scope?

• No Feishu-specific branch.
• No new config flag.
• No broader channel routing rewrite.

What does success look like?

• A row with stale webchat route state and external delivery context resolves to the external target and sends through that channel.
• Tool-only contexts such as sessions_send are not treated as channel delivery targets.

What should reviewers focus on?

• The precedence rule in src/utils/delivery-context.shared.ts.
• The sessions_send announce path through src/agents/tools/sessions-announce-target.ts.
• Whether the fix stays generic instead of special-casing one channel.

Linked context

Which issue does this close?

Closes #76104

Which issues, PRs, or discussions are related?

Related #33786, #47797, #63143, #63506, #66073, #72806

Was this requested by a maintainer or owner?

Issue #76104 came from user-reported behavior and maintainer triage.

Real behavior proof (required for external PRs)

• Behavior or issue addressed: sessions_send announce target resolution no longer lets stale internal webchat route state override a deliverable external deliveryContext.

• Real environment tested: Local OpenClaw Gateway child process with a temp config/state dir, real WebSocket Gateway RPC, real sessions.list, production resolveAnnounceTarget, real send RPC, bundled qa-channel plugin loaded through the OpenClaw plugin loader, and qa-lab HTTP bus outbound capture. qa-channel is OpenClaw's deterministic transport for exercising the same channel plugin boundary as external transports.

• Exact steps or command run after this patch: Ran node --import tsx --input-type=module from the repo root with a proof script that started qa-lab bus, wrote a temp OpenClaw config, loaded the clickclack and qa-channel plugin registry entries through loadOpenClawPlugins, seeded sessions.json with channel=webchat, lastTo=session:dashboard, and deliveryContext.channel=qa-channel, started node scripts/run-node.mjs gateway run --port <port> --auth token --token <token> --allow-unconfigured --ws-log compact, called sessions.list, called production resolveAnnounceTarget, called Gateway send, and waited for the qa-lab bus outbound message.

• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output):

  Config warnings:
  - plugins: plugin: ignored plugins.load.paths entry that points at OpenClaw's legacy bundled plugin directory; remove this redundant path or run openclaw doctor --fix
  [proof] gateway health ok version=unknown port=49308
  [proof] qa-channel bus=http://127.0.0.1:49309
  [proof] qa-channel ready accountStatus=running
  [proof] sessions.list row key=agent:main:clickclack:channel:proof-room channel=webchat lastChannel=qa-channel lastTo=group:qa-proof-room route.channel=undefined route.to=undefined deliveryContext.channel=qa-channel deliveryContext.to=group:qa-proof-room deliveryContext.threadId=thread-77
  [proof] resolveAnnounceTarget channel=qa-channel to=group:qa-proof-room accountId=default threadId=thread-77
  [proof] send RPC ok channel=qa-channel messageId=7a28b92b-50c8-406c-92a6-6eeff7799046
  [proof] qa-bus outbound direction=outbound conversation.kind=channel conversation.id=qa-proof-room threadId=thread-77 text=real-proof-76104-31e07741
  [proof] PASS external deliveryContext won over stale webchat route and delivered through qa-channel outbound bus
  

• Observed result after fix: The announce target resolved to qa-channel/group:qa-proof-room/thread-77, and the Gateway send RPC produced an outbound qa-bus message for that conversation and thread. It did not target session:dashboard or WebChat.

• What was not tested: Live Feishu delivery with real Feishu credentials was not run in this local environment.

• Proof limitations or environment constraints: The proof uses OpenClaw's bundled deterministic qa-channel transport in place of Feishu while keeping the changed Gateway/session route-resolution boundary real. The warning about plugins.load.paths is from intentionally pointing the temp config at a bundled plugin directory for the local proof run; the plugin still loaded and ran.

• Before evidence (optional but encouraged): No live pre-patch capture was kept. The proof seeded the stale webchat route shape from the reported failure and captured the after-fix Gateway behavior on this PR head.

Tests and validation

Which commands did you run?

• node --import tsx --input-type=module real Gateway/qa-channel proof command above.
• node scripts/run-vitest.mjs src/gateway/server.sessions-send.test.ts
• node scripts/run-vitest.mjs src/utils/delivery-context.test.ts src/agents/tools/sessions.test.ts
• pnpm exec oxfmt --check src/gateway/server.sessions-send.test.ts src/utils/delivery-context.shared.ts src/utils/delivery-context.test.ts src/agents/tools/sessions.test.ts
• git diff --cached --check
• .agents/skills/autoreview/scripts/autoreview --mode local

What regression coverage was added or updated?

• Added coverage for external delivery context winning over stale internal WebChat route state in the session delivery-context merge logic.
• Added coverage for sessions_send announce delivery through Gateway send using the external delivery context.
• Updated session target coverage so tool-only contexts are not promoted as channel delivery targets.

What failed before this fix, if known?

• The reported failure mode was that a Feishu-originated sessions_send reply could route to WebChat because stale internal session route fields won over the persisted external delivery context.

If no test was added, why not?

• Regression coverage was added.

Risk checklist

Did user-visible behavior change? (Yes/No)

Yes.

Did config, environment, or migration behavior change? (Yes/No)

No.

Did security, auth, secrets, network, or tool execution behavior change? (Yes/No)

No.

What is the highest-risk area?

Session delivery-context precedence for channel replies and sessions_send announce delivery.

How is that risk mitigated?

The change is scoped to internal/non-delivery route fallback handling, keeps external route-first behavior intact, and is covered by focused regression tests plus the real Gateway/qa-channel proof above.

Current review state

What is the next action?

Ready for maintainer review.

What is still waiting on author, maintainer, CI, or external proof?

Waiting on GitHub CI and maintainer review.

Which bot or reviewer comments were addressed?

The PR body was rewritten to follow the template's Real behavior proof format with real Gateway behavior proof instead of using unit-test output as proof.

[clawsweeper]

Codex review: found issues before merge. Reviewed May 28, 2026, 10:53 PM ET / 02:53 UTC.

Summary
The PR changes session announce routing so a persisted external deliveryContext can win over stale internal WebChat route fields, adds Feishu metadata and routing tests, and refreshes adjacent cron/TUI test support and prompt snapshots.

PR surface: Source +50, Tests +307. Total +357 across 15 files.

Reproducibility: yes. Source inspection shows current main can return the parsed Feishu session-key fallback before sessions.list hydration unless the channel metadata opt-in is present; the linked report provides the mixed webchat plus Feishu deliveryContext row shape.

Review metrics: 2 noteworthy metrics.

• Announce lookup opt-ins: 1 runtime channel opt-in added, 0 package/catalog opt-ins added. Feishu announce delivery depends on the opt-in being present on every metadata surface that can represent the channel before sessions.list hydration runs.
• Shared routing precedence: 1 session delivery normalizer changed. The PR changes persisted session delivery precedence for mixed internal and external route state, which is user-visible for upgraded sessions.

Merge readiness
Overall: 🦐 gold shrimp
Proof: 🦞 diamond lobster
Patch quality: 🦐 gold shrimp
Result: needs maintainer review before merge.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P2] Mirror preferSessionLookupForAnnounceTarget into Feishu package/catalog metadata and add a focused test for that surface.
• Rebase or otherwise resolve the dirty branch against current main before maintainer merge review.
• Rerun the targeted sessions_send, delivery-context, Feishu metadata, and snapshot checks on the final head.

Risk before merge

• [P1] Merging changes precedence for persisted session rows, so stale or incorrect external deliveryContext values can now override internal WebChat route state and affect upgraded sessions.
• [P2] Feishu package/catalog metadata currently lacks the new announce lookup opt-in, so metadata-derived channel surfaces may still skip sessions.list and route by key fallback instead of the persisted external deliveryContext.
• [P1] The branch is currently dirty against main, so maintainers need a rebase/conflict pass before trusting the final merge result.

Maintainer options:

1. Fix metadata and rebase before merge (recommended)
   Mirror the Feishu announce lookup flag into package/catalog metadata, add coverage for that metadata path, then rebase the dirty branch and rerun the focused routing checks.
2. Accept runtime-only scope deliberately
   Maintainers could land this as-is only if they are comfortable that all affected Feishu sessions_send paths load the full runtime plugin before announce target resolution.
3. Pause until the routing cluster settles
   If the dirty branch overlaps too much with nearby session-routing PRs, pause this PR and keep the linked Feishu issue open until one canonical routing fix owns the cluster.

Next step before merge

• [P2] Human follow-up is needed because the branch is dirty and the remaining metadata-surface blocker affects whether the Feishu routing fix really applies in all supported plugin discovery paths.

Security
Cleared: The diff does not add dependencies, workflows, permissions, secrets handling, downloaded code, or new code-execution paths; the security-sensitive surface is unchanged.

Review findings

• [P1] Mirror the Feishu announce flag into package metadata — extensions/feishu/src/channel.ts:142

Review details

Best possible solution:

Land a rebased PR that keeps the generic delivery-context precedence fix, mirrors the Feishu announce lookup flag across runtime and package/catalog metadata, and preserves the focused regression tests plus real Gateway proof.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection shows current main can return the parsed Feishu session-key fallback before sessions.list hydration unless the channel metadata opt-in is present; the linked report provides the mixed webchat plus Feishu deliveryContext row shape.

Is this the best way to solve the issue?

No, not as-is. The generic precedence change is the right repair direction, but the Feishu opt-in needs package/catalog metadata coverage and the dirty branch needs a rebase before this is the narrow maintainable fix.

Full review comments:

• [P1] Mirror the Feishu announce flag into package metadata — extensions/feishu/src/channel.ts:142
  This only adds the sessions.list announce lookup opt-in to feishuPlugin.meta. Feishu also has package/openclaw channel metadata used by catalog and lightweight plugin surfaces, and that metadata still lacks the flag, so those paths can keep returning the key-derived Feishu fallback before the new external deliveryContext precedence runs. Please mirror the flag into the package/catalog metadata path and cover that lookup surface.
  Confidence: 0.86

Overall correctness: patch is incorrect
Overall confidence: 0.86

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 6e25112aad71.

Label changes

Label changes:

• add merge-risk: 🚨 compatibility: The shared normalizer changes how existing persisted session rows with mixed WebChat and external delivery context are interpreted after upgrade.
• add rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🦞 diamond lobster and patch quality is 🦐 gold shrimp.
• add status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (live_output): The PR body supplies copied live Gateway/qa-channel output showing the after-fix route resolving to the external channel and producing an outbound bus message; it does not cover the remaining Feishu package metadata gap.
• remove rating: 🐚 platinum hermit: Current PR rating is rating: 🦐 gold shrimp, so this older rating label is no longer current.
• remove status: 👀 ready for maintainer look: Current PR status label is status: ⏳ waiting on author.

Label justifications:

• P1: The PR targets a broken sessions_send channel workflow that can route real external-channel replies to WebChat instead of the user’s originating conversation.
• merge-risk: 🚨 compatibility: The shared normalizer changes how existing persisted session rows with mixed WebChat and external delivery context are interpreted after upgrade.
• merge-risk: 🚨 message-delivery: The diff changes the channel and target chosen for sessions_send announce delivery, so a mistake can send replies to the wrong surface or suppress them from the origin channel.
• merge-risk: 🚨 session-state: The behavior depends on persisted session route, origin, last*, and deliveryContext fields, and the PR changes precedence between those stored fields.
• rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🦞 diamond lobster and patch quality is 🦐 gold shrimp.
• status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (live_output): The PR body supplies copied live Gateway/qa-channel output showing the after-fix route resolving to the external channel and producing an outbound bus message; it does not cover the remaining Feishu package metadata gap.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body supplies copied live Gateway/qa-channel output showing the after-fix route resolving to the external channel and producing an outbound bus message; it does not cover the remaining Feishu package metadata gap.

Evidence reviewed

PR surface:

Source +50, Tests +307. Total +357 across 15 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	4	73	23	+50
Tests	11	369	62	+307
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	15	442	85	+357

What I checked:

• Current announce lookup gate: Current main returns the parsed session-key fallback before reading sessions.list unless the channel plugin metadata has preferSessionLookupForAnnounceTarget, so the Feishu fix depends on that flag being present on the channel metadata surface used at runtime. (src/agents/tools/sessions-announce-target.ts:30, 6e25112aad71)
• PR adds only runtime Feishu opt-in: The PR head adds preferSessionLookupForAnnounceTarget to feishuPlugin.meta in channel.ts, which covers the full runtime plugin path. (extensions/feishu/src/channel.ts:142, 7ae56ca8b813)
• Feishu package metadata still lacks the opt-in: The PR head leaves extensions/feishu/package.json openclaw.channel without preferSessionLookupForAnnounceTarget, unlike the runtime metadata and unlike comparable package metadata for Discord/ClickClack. (extensions/feishu/package.json:32, 7ae56ca8b813)
• Package metadata supports the flag: The package manifest type and channel metadata builder already carry preferSessionLookupForAnnounceTarget when package channel metadata provides it, so mirroring the Feishu flag there is the narrow consistency fix. (src/plugins/manifest.ts:1774, 6e25112aad71)
• Real behavior proof supplied: The PR body includes copied live output from a local Gateway child process using real WebSocket Gateway RPC, production resolveAnnounceTarget, Gateway send, plugin loader, qa-channel, and qa-lab outbound capture showing delivery to the external qa-channel target instead of WebChat. (7ae56ca8b813)
• Branch merge state: The provided live GitHub context reports mergeableState dirty for head 7ae56ca against base 6e25112, so the final merge result still needs a rebase/conflict pass. (7ae56ca8b813)

Likely related people:

• mariosousa-finn: Merged related work in fix(agents,gateway): keep subagent announces in the original thread #63143 that changed sessions announce target hydration and tests for thread-aware delivery. (role: recent announce-routing contributor; confidence: high; commits: ac13b09b742d; files: src/agents/tools/sessions-announce-target.ts, src/agents/tools/sessions.test.ts)
• SnowSky1: Merged related work in fix(agents): preserve announce threadId on sessions.list fallback #63506 that preserved threadId on the sessions.list announce fallback path. (role: recent announce-routing contributor; confidence: high; commits: 03f2951e63c4; files: src/agents/tools/sessions-announce-target.ts, src/agents/tools/sessions.test.ts)
• Takhoffman: Authored the related merged routing-invariant synthesis in fix(routing): unify session delivery invariants for duplicate suppression #33786, which the current PR cites as adjacent session delivery-context history. (role: prior session-routing invariant contributor; confidence: medium; commits: 7f2708a8c369; files: src/utils/delivery-context.shared.ts, src/agents/tools/sessions.test.ts)
• brokemac79: Authored related merged work in fix(session): preserve external channel route when webchat views session (#47745) #47797 around preserving external channel routes when WebChat views sessions. (role: prior external-route preservation contributor; confidence: medium; commits: fb47777d3881; files: src/utils/delivery-context.shared.ts, src/config/sessions/delivery-info.ts)
• Dallin Romney: The limited checkout's blame for the current delivery-context and announce-target files points to c8f2bbf, so this is a low-confidence current-main routing signal rather than feature ownership. (role: recent current-main area contributor; confidence: low; commits: c8f2bbf76ddc; files: src/utils/delivery-context.shared.ts, src/agents/tools/sessions-announce-target.ts, extensions/feishu/src/channel.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🌱 uncommon Cosmic Clawlet

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🌱 uncommon.
Trait: sleeps inside passing CI.
Image traits: location CI tidepool; accessory miniature diff map; palette sunrise gold and clean white; mood sparkly; pose leaning over a miniature review desk; shell brushed metal shell; lighting moonlit rim light; background small review tokens.
Share on X: post this hatch
Copy: My PR egg hatched a 🌱 uncommon Cosmic Clawlet in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[samzong]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26551102216
• Updated: 2026-05-28T02:40:33.393Z

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5b85b6e5dd

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Mirror the Feishu announce flag into package metadata

This only opts the runtime feishuPlugin.meta into session lookup, but Feishu is also discovered from the package openclaw.channel metadata/official catalog in setup and lightweight plugin paths. In those contexts the flag remains absent, so resolveAnnounceTarget can still skip the sessions.list hydration and return the parsed Feishu key before the new external deliveryContext precedence runs. Please mirror preferSessionLookupForAnnounceTarget into the Feishu package metadata/catalog so the fix applies when Feishu is discovered without executing channel.ts.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 13f681fb83

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Preserve legacy external account when replacing stale routes

When a stale internal route is present but the legacy session fields still carry the real external account (for example lastChannel: "whatsapp", lastAccountId: "work", and deliveryContext only has channel/to), this merge uses routeContext as the primary value and drops the legacy account because the channels conflict. The following branch then builds the external delivery context from deliveryContext plus this already-stripped internal context, so announce delivery can go out without the stored accountId/threadId for multi-account or threaded sessions. The internal fallback path should still preserve compatible metadata from the legacy external context before discarding the stale route channel.

Useful? React with 👍 / 👎.

[steipete]

Proof for final head 13f681fb839cef5f9abe79f430ce4d55466f44a2.

Behavior addressed: sessions_send delivery now prefers an explicit external deliveryContext over stale internal/webchat fields, while preserving current internal routes when only stale legacy external fields exist. Feishu opts into persisted session lookup for announce delivery. Cron schedule identity accepts the normalized schedule input shape used by execution.

Real environment tested: local macOS checkout plus GitHub PR CI.

Exact steps or command run after this patch:

• pnpm exec oxfmt --check src/utils/delivery-context.shared.ts src/utils/delivery-context.test.ts src/agents/tools/sessions.test.ts src/gateway/server.sessions-send.test.ts extensions/feishu/src/channel.ts extensions/feishu/src/channel.test.ts src/cron/schedule-identity.ts
• pnpm test src/utils/delivery-context.test.ts src/agents/tools/sessions.test.ts extensions/feishu/src/channel.test.ts src/gateway/server.sessions-send.test.ts src/cron/schedule-identity.test.ts -- --reporter=verbose
• /Users/steipete/Projects/agent-skills/skills/autoreview/scripts/autoreview --mode branch --base origin/main
• PR CI on 13f681fb839cef5f9abe79f430ce4d55466f44a2: https://github.com/openclaw/openclaw/actions/runs/26615145463

Evidence after fix: formatting passed, 5 focused Vitest shards passed, autoreview reported no accepted/actionable findings, and PR CI passed.

Observed result after fix: explicit external delivery contexts route announcements to the external conversation, stale legacy external fields no longer override a current webchat route, and Feishu announce targeting uses the stored delivery context.

What was not tested: live Feishu API delivery; coverage is via unit/integration gateway and plugin metadata tests.