perf: defer configured Slack full startup

[steipete]

Summary

• Add a setup-runtime registration hook for bundled channel setup entries, with guarded API lifetime and rollback when registration fails.
• Load deferred configured channel setup runtimes before gateway listen, then load the full runtime after bind so HTTP routes are ready without activating Slack early.
• Move Slack webhook route registration into a shared config-only path and wire the Slack setup entry to register those routes.
• Document the setup-runtime hook and deferred configured-channel startup contract.

Verification

• git diff --check
• node --check src/plugin-sdk/channel-entry-contract.ts src/plugins/loader-channel-setup.ts src/plugins/loader.ts src/plugins/registry.ts src/gateway/server-startup-plugins.ts src/gateway/server.impl.ts extensions/slack/index.ts extensions/slack/setup-entry.ts extensions/slack/src/http/plugin-routes.ts
• node scripts/run-vitest.mjs src/plugin-sdk/channel-entry-contract.test.ts src/plugins/loader.test.ts src/gateway/server-startup-plugins.test.ts extensions/slack/index.test.ts passed: 4 files, 163 tests.
• node scripts/run-vitest.mjs src/plugins/channel-plugin-ids.test.ts src/plugins/plugin-lookup-table.test.ts src/plugins/manifest-registry-installed.test.ts extensions/slack/src/channel.lazy-seams.test.ts passed: 4 files, 135 tests.
• node scripts/generate-npm-shrinkwrap.mjs --check --package-dir extensions/slack
• pnpm docs:list
• pnpm check:docs
• pnpm build
• OPENCLAW_TESTBOX=0 pnpm check:changed
• .agents/skills/autoreview/scripts/autoreview --mode branch --base origin/main: clean, no accepted/actionable findings.

Real behavior proof

Behavior addressed: Configured Slack HTTP mode no longer has to fully activate Slack before the gateway binds just to register webhook routes.

Real environment tested: Local macOS gateway run with fake Slack HTTP config, Discord and Telegram disabled, startup trace and plugin load profile enabled.

Exact steps or command run after this patch: Started node scripts/run-node.mjs gateway run --force --bind loopback --port 19442 with OPENCLAW_GATEWAY_STARTUP_TRACE=1, OPENCLAW_PLUGIN_LOAD_PROFILE=1, isolated OPENCLAW_CONFIG_PATH, OPENCLAW_HOME, OPENCLAW_STATE_DIR, and OPENCLAW_RUN_NODE_CPU_PROF_DIR=.artifacts/perf-slack-defer-gateway-final.

Evidence after fix: Trace showed Slack setup-runtime pre-bind at 229.1ms, http.bound at 2025.4ms, then full Slack runtime post-bind at 12.9ms with plugins.runtime-post-bind completing at 2926.6ms. CPU profile: .artifacts/perf-slack-defer-gateway-final/openclaw-gateway-23172-2026-05-28T17-17-54-512Z.cpuprofile.

Observed result after fix: Slack webhook routes were available before bind through setup-runtime registration, while full Slack provider/channel activation moved after listen and still started normally; fake Slack auth failed later as expected for the isolated config.

What was not tested: Real Slack credentials or a live Slack webhook delivery were not used; this proof isolates startup ordering and route registration behavior.

[github-actions]

Dependency Changes Detected

This PR changes dependency-related files. Maintainers should confirm these changes are intentional.

Changed files:

• extensions/slack/package.json

Maintainer follow-up:

• Review whether the dependency changes are intentional.
• Inspect resolved package deltas when lockfile, shrinkwrap, or workspace dependency policy changes are present.
• Treat package-lock.json and npm-shrinkwrap.json diffs as security-review surfaces.
• Run pnpm deps:changes:report -- --base-ref origin/main --markdown /tmp/dependency-changes.md --json /tmp/dependency-changes.json locally for detailed release-style evidence.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed May 28, 2026, 3:26 PM ET / 19:26 UTC.

Summary
The PR adds a bundled setup-runtime registration hook, uses it to register Slack HTTP routes before gateway listen, defers configured Slack full runtime loading until post-listen activation, and updates docs/tests.

PR surface: Source +68, Tests +303, Docs +11, Config +3. Total +385 across 16 files.

Reproducibility: not applicable. as a bug reproduction: this is a performance/startup contract PR, and the PR body supplies after-fix startup trace proof rather than a failing current-main repro.

Review metrics: 1 noteworthy metric.

• Startup contract surfaces: 1 setup-runtime hook added, 1 plugin startup flag added, 1 host floor changed. These are compatibility-sensitive surfaces that affect plugin SDK behavior, startup ordering, and Slack install/update eligibility.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Let the in-progress exact-head checks finish or explain any non-passing result.
• Get maintainer acceptance for the setup-runtime route contract and Slack minHost/startup metadata change.

Mantis proof suggestion
A real Slack HTTP-mode smoke would materially reduce the remaining transport-delivery uncertainty after the startup-order proof. A maintainer can ask Mantis to capture proof by posting a new PR comment that starts with the OpenClaw Mantis account mention, followed by:

slack desktop smoke: verify a configured Slack HTTP webhook still delivers after gateway bind when Slack full runtime is deferred.

Risk before merge

• [P1] This expands the bundled setup-runtime/plugin SDK contract and allows setup-runtime registrations to publish gateway HTTP/method surfaces before full activation, which needs maintainer acceptance beyond green tests.
• [P1] The Slack package host floor and startup metadata change can affect install/update compatibility for external Slack plugin users and must align with the next shipped OpenClaw host version.
• [P1] The proof covers startup ordering with fake Slack config, but it does not prove a live Slack HTTP webhook delivery after deferred full runtime activation.
• [P1] The current head still had exact-head checks in progress, so merge should wait for those checks to finish or be explicitly explained.

Maintainer options:

1. Merge after SDK and startup acceptance (recommended)
   Wait for exact-head CI and maintainer acceptance of the setup-runtime route contract, Slack minHost bump, and deferred startup ordering before merge.
2. Add live Slack webhook proof
   Maintainers can ask for a redacted real Slack HTTP webhook delivery run to cover the transport path that the fake-config startup proof does not exercise.
3. Pause if this contract is too broad
   If setup-runtime HTTP/gateway registration is not the desired SDK direction, pause this PR and replace it with a narrower gateway-owned pre-bind route seam.

Next step before merge

• [P2] Protected maintainer-labeled, compatibility-sensitive plugin SDK/startup work needs human acceptance and exact-head CI completion rather than an automated repair.

Security
Cleared: No concrete security or supply-chain defect was found; the package change is metadata-only, with no new dependency, lockfile, workflow, or lifecycle-script change.

Review details

Best possible solution:

Land only after maintainers accept the setup-runtime route contract, the Slack host-floor/startup metadata change, and exact-head CI, with live Slack HTTP delivery proof if maintainers want transport-level confidence.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a bug reproduction: this is a performance/startup contract PR, and the PR body supplies after-fix startup trace proof rather than a failing current-main repro.

Is this the best way to solve the issue?

Yes, with maintainer acceptance: a setup-runtime route hook is a coherent way to keep Slack route registration pre-bind without fully activating Slack, but the SDK and upgrade surface are broad enough that maintainers should explicitly own the contract.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 41366d3f5190.

Label changes

Label changes:

• add merge-risk: 🚨 message-delivery: The diff changes when Slack HTTP webhook routes are registered versus when full Slack runtime delivery handlers activate.
• add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• remove rating: 🦐 gold shrimp: Current PR rating is rating: 🐚 platinum hermit, so this older rating label is no longer current.

Label justifications:

• P2: The PR is a bounded Slack/gateway performance improvement with compatibility-sensitive startup and plugin SDK impact, not an emergency regression.
• merge-risk: 🚨 compatibility: The diff changes a plugin SDK/setup-runtime contract, Slack host compatibility metadata, and configured-channel startup ordering.
• merge-risk: 🚨 message-delivery: The diff changes when Slack HTTP webhook routes are registered versus when full Slack runtime delivery handlers activate.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (logs): The PR body includes after-fix local gateway logs showing Slack setup-runtime pre-bind, HTTP bind, and full Slack runtime post-bind with an isolated fake Slack config; live Slack delivery remains an optional risk reducer.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix local gateway logs showing Slack setup-runtime pre-bind, HTTP bind, and full Slack runtime post-bind with an isolated fake Slack config; live Slack delivery remains an optional risk reducer.

Evidence reviewed

PR surface:

Source +68, Tests +303, Docs +11, Config +3. Total +385 across 16 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	9	125	57	+68
Tests	4	310	7	+303
Docs	2	13	2	+11
Config	1	4	1	+3
Generated	0	0	0	0
Other	0	0	0	0
Total	16	452	67	+385

What I checked:

• Repository policy read: Root and scoped policies for extensions, plugins, plugin SDK, gateway, and docs were read; they mark plugin SDK, startup, config/default, and compatibility behavior as maintainer-sensitive. (AGENTS.md:1, 41366d3f5190)
• Current main startup behavior: Current main calls prepareGatewayPluginBootstrap with loadRuntimePlugins: false during startup, then loads startup plugins later through the post-attach path when runtime plugins were not loaded pre-bind. (src/gateway/server.impl.ts:669, 41366d3f5190)
• Proposed setup-runtime hook: The PR patch adds registerSetupRuntime to the bundled channel setup contract and lets setup-runtime mode register HTTP routes and gateway methods. (src/plugin-sdk/channel-entry-contract.ts:70, 68c7af354b62)
• Slack metadata compatibility surface: The PR raises Slack minHostVersion from >=2026.5.12-beta.1 to >=2026.5.28 and adds openclaw.startup.deferConfiguredChannelFullLoadUntilAfterListen. (extensions/slack/package.json:60, 68c7af354b62)
• CI state: Public check-run status for the current head showed relevant security/plugin-boundary checks passing, with Critical Quality (network-runtime-boundary), Security High (mcp-process-tool-boundary), and preflight still in progress at review time. (68c7af354b62)
• History provenance: Current-main blame for the central startup/plugin SDK/Slack route files points to commit 2e8b3445fb0a9952fe6f5781bd2b39c6b6c05b10; earlier Slack startup lazy-seam work was merged through perf(slack): narrow runtime-setter + lazy-load 4 modules + narrow 2 SDK surfaces #69317. (extensions/slack/src/channel.lazy-seams.test.ts:1, 2e8b3445fb0a)

Likely related people:

• steipete: Current-main blame for the central gateway startup, plugin loader, plugin SDK contract, and Slack route files points to Peter Steinberger's recent commit, and the current PR head is authored by the same handle. (role: recent area contributor; confidence: high; commits: 2e8b3445fb0a, 68c7af354b62; files: src/gateway/server-startup-plugins.ts, src/plugins/loader-channel-setup.ts, src/plugin-sdk/channel-entry-contract.ts)
• amknight: The earlier Slack startup lazy-seam work referenced by current tests was merged in perf(slack): narrow runtime-setter + lazy-load 4 modules + narrow 2 SDK surfaces #69317 and touched Slack startup entrypoint surfaces related to this PR. (role: adjacent feature-history contributor; confidence: medium; commits: 201385548c8a; files: extensions/slack/http-routes-api.ts, extensions/slack/index.ts, extensions/slack/src/channel.lazy-seams.test.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.