Skip to content

refactor: share native approval route gates#87770

Merged
kevinslin merged 7 commits into
openclaw:mainfrom
kevinslin:dev/kevinlin/native-approval-channel-routes
May 29, 2026
Merged

refactor: share native approval route gates#87770
kevinslin merged 7 commits into
openclaw:mainfrom
kevinslin:dev/kevinlin/native-approval-channel-routes

Conversation

@kevinslin

@kevinslin kevinslin commented May 28, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Adds createNativeApprovalChannelRouteGates to the public plugin SDK native approval runtime surface.
  • Converts WhatsApp, Signal, and iMessage native approval routing to the shared route-gate helper while keeping channel-specific target normalization and transport/account lookup local.
  • Updates SDK docs and refreshes the plugin SDK API baseline for the new exported helper.
  • Keeps native delivery, shared forwarding fallback suppression, and local /approve fallback responsibilities separate.

Linked context

Related #87413

Requested by maintainer via Codex implementation spec for native approval channel routes.

Real behavior proof (required for external PRs)

  • Behavior or issue addressed: Native approval channels duplicated the same exec/plugin approval forwarding route-gate logic. This change centralizes the shared approval-family, mode, filter, account-binding, session-target, and explicit-target checks in the plugin SDK and adopts it in WhatsApp, Signal, and iMessage.
  • Real environment tested: Local macOS prod Pi gateway from the PR worktree, WhatsApp desktop app, Signal sender account, and iMessage through the approved Google Voice SMS thread.
  • Exact steps or command run after this patch: node scripts/build-all.mjs gatewayWatch; OPENCLAW_PROFILE=prod OPENCLAW_CONFIG_PATH="$HOME/.openclaw/openclaw.json" node dist/index.js gateway --port 18789; live WhatsApp, Signal, and iMessage approval rows for exec/plugin approve and deny; node .mem/main/proofs/demo-35-prod-approval-matrix-whatsapp-signal-imessage/scripts/validate-artifacts.mjs; uvx showboat verify .mem/main/proofs/demo-35-prod-approval-matrix-whatsapp-signal-imessage/raw/showboat-summary.md; git diff --check.
  • Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output): Durable Showboat proof at .mem/main/proofs/demo-35-prod-approval-matrix-whatsapp-signal-imessage/raw/showboat-summary.md verifies the full approval matrix. The validator reports pass for setup, WhatsApp plugin approve/deny, WhatsApp exec approve/deny, Signal plugin approve/deny, Signal exec approve/deny, iMessage plugin approve/deny, iMessage exec approve/deny, video blocker artifact, and no src/infra/* diff. iMessage screenshot proof is saved under .mem/main/proofs/demo-35-prod-approval-matrix-whatsapp-signal-imessage/raw/imessage-exec-deny-2613-messages-proof.png.
  • Observed result after fix: WhatsApp, Signal, and iMessage/Google Voice each created one live approval request for exec approve, exec deny, plugin approve, and plugin deny. /approve ... allow-once resolved approve rows and produced the expected success/file-created result. /approve ... deny resolved deny rows and blocked the plugin or left the requested /tmp file absent.
  • What was not tested: Unit tests were not rerun for the latest live-proof fixes per maintainer direction for this pass.
  • Proof limitations or environment constraints: The iMessage native request/followup send path logged imsg rpc timeout (send) in some rows even though the Google Voice surface showed the request or decision and the gateway resolved the approval. Video capture was skipped to avoid recording unrelated private messaging content; raw/video-blocker.md records that blocker.
  • Before evidence (optional but encouraged): The replaced channel files each carried local copies of approval forwarding config selection, mode checks, filter matching, account target matching, and session/target route checks.

Tests and validation

  • node scripts/build-all.mjs gatewayWatch
  • Live prod gateway on port 18789 with OPENCLAW_PROFILE=prod and OPENCLAW_CONFIG_PATH="$HOME/.openclaw/openclaw.json"
  • Live WhatsApp, Signal, and iMessage/Google Voice approval rows for plugin approve, plugin deny, exec approve, and exec deny
  • node .mem/main/proofs/demo-35-prod-approval-matrix-whatsapp-signal-imessage/scripts/validate-artifacts.mjs
  • uvx showboat verify .mem/main/proofs/demo-35-prod-approval-matrix-whatsapp-signal-imessage/raw/showboat-summary.md
  • git diff --check
  • No unit tests were run for the latest live-proof fixes per maintainer direction.

Regression coverage already present in src/plugin-sdk/approval-native-helpers.test.ts covers exec/plugin family separation, nativeSessionOnly, filters, default-account fallback, single-enabled-account fallback, and explicit target eligibility. Existing WhatsApp, Signal, and iMessage native approval tests cover the adopted channel behavior.

Risk checklist

Did user-visible behavior change? (Yes/No)

Yes. Native approval-capable channels now share one SDK route-gate implementation for the same intended approval forwarding decisions.

Did config, environment, or migration behavior change? (Yes/No)

No. This does not add or migrate config keys; it reuses existing approvals.exec and approvals.plugin config.

Did security, auth, secrets, network, or tool execution behavior change? (Yes/No)

Yes. Approval routing affects where exec/plugin approval prompts are eligible to appear, so the highest-risk area is suppressing a fallback prompt when native delivery cannot actually own the same route.

What is the highest-risk area?

Forwarding fallback suppression and account-scoped target matching across session and explicit-target modes.

How is that risk mitigated?

The helper preserves the previous per-channel checks, adds direct helper tests for family/mode/filter/account behavior, keeps target-only shared fallback delivery available when native session handling is not eligible, and passes existing channel-specific fallback suppression tests plus Slack QA lab native approval scenarios.

Current review state

Ready for maintainer review. CI is pending after PR creation.

@openclaw-barnacle openclaw-barnacle Bot added docs Improvements or additions to documentation channel: imessage Channel integration: imessage channel: signal Channel integration: signal channel: whatsapp-web Channel integration: whatsapp-web size: XL maintainer Maintainer-authored PR labels May 28, 2026
@clawsweeper

clawsweeper Bot commented May 28, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Codex review: needs real behavior proof before merge. Reviewed May 29, 2026, 6:31 PM ET / 22:31 UTC.

Summary
Adds public createNativeApprovalChannelRouteGates, migrates WhatsApp, Signal, and iMessage native approval routing to it, updates SDK docs/baseline, and carries related iMessage SMS-threading, UI i18n, protocol-generator, and test-harness repairs.

PR surface: Source +116, Tests +210, Docs +1, Generated 0, Other -12. Total +315 across 68 files.

Reproducibility: not applicable. as a refactor PR rather than a bug report. Source inspection shows the new route-gate implementation and tests, but the claimed live behavior could not be independently inspected because proof artifacts were not attached.

Review metrics: 2 noteworthy metrics.

  • Public Plugin SDK exports: 1 added. The new route-gate helper is exported from approval-native-runtime, making its options and defaults a plugin-facing contract before merge.
  • Native approval channels migrated: 3 channels. WhatsApp, Signal, and iMessage now rely on one shared route-gate implementation, so one helper bug would affect all three delivery surfaces.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🦐 gold shrimp
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • [P1] Attach a redacted Showboat summary, terminal/log output, screenshot, recording, or linked artifact that shows the after-fix approval matrix; redact API keys, phone numbers, IPs, private endpoints, and other private details.
  • Ask maintainers to confirm the public createNativeApprovalChannelRouteGates API shape and whether the overlapping split PRs should replace parts of this branch.

Proof guidance:

  • [P1] Needs stronger real behavior proof before merge: The PR describes live WhatsApp, Signal, and iMessage testing, but the evidence is only local .mem paths that reviewers cannot inspect; attach redacted proof and update the PR body to trigger re-review.

Mantis proof suggestion
The changed behavior is native approval delivery across visible desktop transports, where a real visual proof would materially improve review confidence. A maintainer can ask Mantis to capture proof by posting a new PR comment that starts with the OpenClaw Mantis account mention, followed by:

visual task: verify live WhatsApp, Signal, and iMessage exec/plugin approve and deny prompts route to the intended surface and fallback is not suppressed incorrectly.

Risk before merge

  • [P1] The new helper is a public Plugin SDK export, so its option names, return shape, and default forwarding-mode semantics become a third-party plugin contract if merged.
  • [P2] Native approval route gates decide where exec/plugin approval prompts may appear and when shared forwarding fallback is suppressed; a mismatch can misroute approval prompts or hide the fallback operators expect.
  • [P1] The PR claims live WhatsApp, Signal, and iMessage proof, but the cited Showboat summary and screenshot are local .mem paths that are not attached or present for review.
  • [P1] This broad branch overlaps open related PRs for the same route-gate refactor and extracted approval fixes, so maintainers should decide which branch owns which behavior before merge.

Maintainer options:

  1. Attach proof and confirm API shape (recommended)
    Require an inspectable redacted Showboat summary, terminal/log output, screenshot or artifact plus maintainer confirmation that this public SDK helper is the intended approval-routing contract.
  2. Split the extracted fixes
    Keep the route-gate refactor separate from the iMessage SMS, approval-command, UI i18n, protocol-generator, and test-harness repairs if maintainers want lower-risk landing slices.
  3. Accept maintainer-owned approval risk
    A maintainer may land the broad branch as-is only if they explicitly own the public API and native approval routing risk despite the uninspectable contributor proof.

Next step before merge

  • [P1] Protected maintainer labeling, public Plugin SDK API direction, uninspectable real behavior proof, and overlapping related PRs require maintainer handling rather than an automated repair.

Security
Cleared: No concrete secret, dependency, CI, or supply-chain regression was found, but approval routing is security-sensitive and remains captured as merge risk.

Review details

Best possible solution:

Land only after maintainers confirm the SDK contract and route-gate semantics, attach inspectable redacted live proof, and reconcile the overlapping extracted PRs so this branch owns one coherent change.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a refactor PR rather than a bug report. Source inspection shows the new route-gate implementation and tests, but the claimed live behavior could not be independently inspected because proof artifacts were not attached.

Is this the best way to solve the issue?

Unclear until maintainer signoff: centralizing duplicated route gates fits the SDK boundary if this is the intended public API shape. The safer path is to confirm the contract, attach inspectable live approval-matrix proof, and split unrelated extracted fixes if maintainers want lower landing risk.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 9331ac2cb0a3.

Label changes

Label justifications:

  • P2: This is a normal-priority approval-routing refactor with bounded surfaces but meaningful SDK, delivery, and approval-security review needs.
  • merge-risk: 🚨 compatibility: The PR adds a public Plugin SDK helper and changes shared route-gate behavior for bundled channels, which can affect plugin/API contract expectations.
  • merge-risk: 🚨 message-delivery: The changed gates determine whether native approval prompts or shared fallback prompts are delivered to WhatsApp, Signal, and iMessage targets.
  • merge-risk: 🚨 security-boundary: Exec/plugin approvals authorize sensitive actions, so wrong route matching or fallback suppression can put prompts in the wrong place or hide them.
  • rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🦐 gold shrimp.
  • status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The PR describes live WhatsApp, Signal, and iMessage testing, but the evidence is only local .mem paths that reviewers cannot inspect; attach redacted proof and update the PR body to trigger re-review.
Evidence reviewed

PR surface:

Source +116, Tests +210, Docs +1, Generated 0, Other -12. Total +315 across 68 files.

View PR surface stats
Area Files Added Removed Net
Source 63 523 407 +116
Tests 1 210 0 +210
Docs 2 2 1 +1
Config 0 0 0 0
Generated 1 2 2 0
Other 1 0 12 -12
Total 68 737 422 +315

What I checked:

  • Repository policy read: The full root AGENTS.md was read; it requires full-policy review and treats plugin APIs, provider routing, auth/session state, fallback behavior, and similar surfaces as compatibility/upgrade-sensitive merge risk. (AGENTS.md:24, 9331ac2cb0a3)
  • Plugin SDK boundary policy: The scoped Plugin SDK guide says this directory is the public contract between plugins and core and that changes can affect bundled and third-party plugins. (src/plugin-sdk/AGENTS.md:3, 9331ac2cb0a3)
  • Public helper added: The PR head adds createNativeApprovalChannelRouteGates as the shared route-gate helper with session/target mode checks, filter checks, account matching, and fallback eligibility decisions. (src/plugin-sdk/approval-native-helpers.ts:501, de112d5135a7)
  • SDK export added: The helper is exported from the public approval-native-runtime SDK subpath, making the helper API plugin-facing if merged. (src/plugin-sdk/approval-native-runtime.ts:5, de112d5135a7)
  • Bundled channels migrated: WhatsApp, Signal, and iMessage each construct native approval route gates through the new helper, so one shared helper now controls the route eligibility for all three channels. (extensions/whatsapp/src/approval-native.ts:97, de112d5135a7)
  • Regression tests added: The PR adds focused helper tests covering approval family separation, native-session-only behavior, filters, default and single-enabled-account target fallback, and explicit target eligibility. (src/plugin-sdk/approval-native-helpers.test.ts:79, de112d5135a7)

Likely related people:

  • steipete: Current-main blame on the native approval helper and WhatsApp/Signal/iMessage approval route code points to commit a7820b2 as the local history carrier for this approval-routing surface. (role: recent area contributor; confidence: medium; commits: a7820b2f54ba; files: src/plugin-sdk/approval-native-helpers.ts, extensions/whatsapp/src/approval-native.ts, extensions/signal/src/approval-native.ts)
  • RomneyDa: The related open maintainer PR Refactor native approval route gates #87413 owns the same native approval route-gate refactor and is the closest sibling for SDK/API direction. (role: adjacent feature owner; confidence: medium; commits: 44c356e0026d; files: src/plugin-sdk/approval-native-helpers.ts, extensions/whatsapp/src/approval-native.ts, extensions/signal/src/approval-native.ts)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. P2 Normal backlog priority with limited blast radius. merge-risk: 🚨 compatibility 🚨 May break existing users, config, migrations, defaults, or upgrade paths. merge-risk: 🚨 message-delivery 🚨 May drop, duplicate, misroute, suppress, or wrongly target messages. merge-risk: 🚨 security-boundary 🚨 May affect sandboxing, authorization, credentials, or sensitive data. labels May 28, 2026
@clawsweeper clawsweeper Bot added rating: 🌊 off-meta tidepool PR readiness rating does not apply to this item. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels May 29, 2026
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. and removed rating: 🌊 off-meta tidepool PR readiness rating does not apply to this item. rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. labels May 29, 2026
@kevinslin kevinslin mentioned this pull request May 29, 2026
Open
@kevinslin kevinslin force-pushed the dev/kevinlin/native-approval-channel-routes branch from a1ed208 to 2ac3cdd Compare May 29, 2026 17:38
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. and removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. labels May 29, 2026
@kevinslin kevinslin force-pushed the dev/kevinlin/native-approval-channel-routes branch from 9723250 to 06994f4 Compare May 29, 2026 21:48
@openclaw-barnacle openclaw-barnacle Bot removed the extensions: codex-supervisor Extension: codex-supervisor label May 29, 2026
@kevinslin kevinslin force-pushed the dev/kevinlin/native-approval-channel-routes branch from 06994f4 to 8268b85 Compare May 29, 2026 21:55
@openclaw-barnacle openclaw-barnacle Bot added cli CLI command changes scripts Repository scripts labels May 29, 2026
@kevinslin kevinslin force-pushed the dev/kevinlin/native-approval-channel-routes branch from d9ac7c3 to dc04f0e Compare May 29, 2026 22:04
@openclaw-barnacle openclaw-barnacle Bot added gateway Gateway runtime and removed cli CLI command changes labels May 29, 2026
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. labels May 29, 2026
@kevinslin kevinslin force-pushed the dev/kevinlin/native-approval-channel-routes branch from b7aab62 to 713aed7 Compare May 29, 2026 22:21
@openclaw-barnacle openclaw-barnacle Bot removed the gateway Gateway runtime label May 29, 2026
@kevinslin kevinslin force-pushed the dev/kevinlin/native-approval-channel-routes branch from 713aed7 to de112d5 Compare May 29, 2026 22:23
@kevinslin kevinslin merged commit c576711 into openclaw:main May 29, 2026
102 checks passed
@kevinslin kevinslin deleted the dev/kevinlin/native-approval-channel-routes branch May 29, 2026 22:35
ch1kim0n1 added a commit to ch1kim0n1/openclaw that referenced this pull request May 30, 2026
@ch1kim0n1 @joshavant
@vincentkoc @jesse-merhi @steipete @thewilloftheshadow @giodl73-repo @obviyus @shakkernerd @benjamin1492 @ngutman @RomneyDa @1052326311 @zhangguiping-xydt @giordano-lucas @claude @sallyom @kevinslin @keshavbotagent
fix(reply): hide ACP tool traces from Telegram (#1)
08d85ed 
* fix(exec): bind node auto-review commands

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>

* fix(exec): honor node runtime policy for auto-review

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>

* fix(exec): harden auto-review prompt boundaries

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>

* fix(exec): align release validation surfaces

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>

* fix(exec): align release validation checks

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>

* test(e2e): repair release docker smoke fixtures

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>

* fix(exec): resolve auto approvals as runtime

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>

* ci: relax native OpenAI live proof timing

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>

* fix(exec): include mode in doctor policy warnings

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>

* test(release): repair live matrix expectations

Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>

* fix(tts): centralize directive number parsing

* fix(provider): bound Vydra and Comfy media downloads

* fix(discord): validate error code integers

* fix(discord): reject unsafe rate limit headers

* ci(release): make plugin publish retries idempotent

* perf(agent): lazy load embedded agent cli path

* fix(whatsapp): validate inbound timestamps

* refactor: share agent harness loader helpers

* fix(agents): cap unsafe retry-after delays

* perf(agent): defer session resolver for scoped gateway turns

* fix(msteams): ignore unsafe retry-after delays

* refactor: share store writer queue

* fix(slack): reject unsafe inbound timestamps

* fix(discord): reject unsafe retry-after delays

* fix(qa-matrix): cap fault proxy bodies

* fix(discord): bound delivery retry delays

* refactor: share cron state parsing

* Delete changelog directory

* fix(zalouser): reject unsafe inbound timestamps

* fix(cli): avoid underscored gateway test export

* fix(scripts): cap clawtributor avatar probes

* fix(telegram): centralize safe thread id parsing

* fix(googlechat): drop invalid inbound timestamps

* fix(doctor): label auth health by agent (openclaw#85924)

Merged via squash.

Prepared head SHA: 8c179fc
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Reviewed-by: @giodl73-repo

* fix(qqbot): validate token expiry lifetimes

* fix(openai): validate codex oauth token lifetimes

* refactor: share node pairing surface helpers

* fix(anthropic): validate oauth token lifetimes

* fix(scripts): cap memory FD repro RPC bodies

* fix(github-copilot): validate device code lifetimes

* fix(msteams): validate oauth token lifetimes

* refactor: share cli help argv scan

* fix(github-copilot): validate oauth expiry values

* fix(scripts): cap realtime smoke responses

* fix(chutes): validate oauth token lifetimes

* fix(auto-reply): reuse cli sessions for room events

* fix(auto-reply): keep room event cli sessions transient

* fix(agent-core): reject invalid session timestamps

* fix(scripts): cap Claude usage response reads

* refactor: centralize skills subsystem

* refactor: move skill lifecycle code into skills subsystem

* fix: bound skill index cache invalidation

* fix: preserve skill snapshot freshness

* fix: preserve preloaded skill snapshot entries

* refactor: move session skill loader into skills subsystem

* fix: preserve empty skill filter short circuit

* fix: align empty default skill filter behavior

* fix: align skills branch with upstream tar verbose test

* fix: drop stale system prompt override imports

* refactor: centralize skills runtime paths

* refactor: remove stale agents skills barrel

* refactor: use direct skills imports

* refactor: organize skills subsystem layout

* fix: lint centralized skills subsystem

* refactor: split skills index follow-up

* refactor: centralize skills subsystem

* fix: unblock skills centralization checks

* fix: route moved skills tests through unit-fast

* refactor: centralize skills runtime tests

* refactor: share web secret target selection

* refactor: centralize safe expiry parsing

* fix(exec): normalize unsafe timeout values

* fix: persist Copilot SDK session bindings

Persist GitHub Copilot SDK session ids in the plugin-state SQLite store so separate OpenClaw process turns can resume the same Copilot-side session when the compatibility fingerprint still matches.

The fingerprint covers provider/model/cwd, resolved agent id, resolved Copilot home, and auth identity. Plugin-state lookup/register/delete failures are non-fatal, stale rows are invalidated, and reset delete failures use an in-process tombstone so reset does not accidentally reuse a durable binding.

Also routes the QQBot token POST through the plugin SDK SSRF guard with capture disabled for the secret-bearing request, preserving the current token lifetime validation from main.

Verification: focused Copilot and QQBot Vitest suites, raw channel fetch guard, autoreview clean, Blacksmith Testbox pnpm check:changed tbx_01kst9fwjmsfzwaxqatszcbf40, live local Copilot two-turn smoke with the same SDK session id persisted in SQLite.

Refs openclaw#88064

* fix(exec): cap node run timeouts

* perf(agent): skip plugin validation for gateway dispatch

* fix(scripts): cap firecrawl compare HTML reads

* fix(xai): normalize unsafe oauth lifetimes

* refactor: share e2e text file helpers

* fix(google): normalize unsafe oauth expiry

* fix(openai): normalize codex device lifetimes

* refactor: reuse e2e text tail helper

* test(xai): type device-code note mock

* fix(minimax): reject unsafe oauth expiry

* fix(ci): cap dependency guard error bodies

* fix(google-meet): normalize oauth expiry

* fix(command): stabilize claude-cli transcript resume (openclaw#81048)

Fix claude-cli transcript resume so session-id rotation and transcript flush timing do not drop valid resume state.

- Capture the latest claude-cli session_id from JSONL output.
- Resolve Claude project transcript paths through the shared canonical project-dir resolver.
- Probe transcript content from the actual CLI process cwd.
- Thanks @benjamin1492!

* refactor: share codex e2e install helpers

* fix(feishu): bound streaming token expiry

* fix(openshell): cap command timeout config

* refactor: centralize timer-safe timeout bounds

* refactor: share e2e websocket open helper

* fix(minimax): guard oauth token fetches (openclaw#88088)

* fix(feishu): normalize app registration poll timers

* fix(google): reject unsafe vertex adc lifetimes

* fix(scripts): cap npm packument reads

* fix(auth): reject unsafe wham reset windows

* refactor: share qa report arg parsing

* fix(retry): cap unsafe retry delays

* fix(sandbox): bound novnc observer token ttl

* feat(workboard): add agent coordination tools

Summary:
- Add Workboard agent coordination tools for list/read/claim/heartbeat/release/comment/proof/unblock flows.
- Store artifacts, claims, diagnostics, and notifications in the Workboard SQLite-backed plugin state; surface the new metadata through Gateway, Control UI, docs, and plugin manifest contracts.
- Add scoped claim authorization, token redaction, stale diagnostic cleanup, atomic proof artifact writes, and generated i18n metadata.

Verification:
- pnpm test ui/src/i18n/test/translate.test.ts extensions/browser/src/cli/browser-cli-actions-input/register.element.test.ts extensions/workboard/src/store.test.ts extensions/workboard/src/gateway.test.ts extensions/workboard/src/tools.test.ts ui/src/ui/controllers/workboard.test.ts ui/src/ui/views/workboard.test.ts
- pnpm ui:i18n:check
- env -u OPENCLAW_TESTBOX pnpm check:changed
- autoreview --mode local: clean
- PR CI passed; Windows checkout failure rerun passed on attempt 2

* perf(gateway): reuse session maintenance config during turns

* fix(node-host): cap timeout wrapper delays

* fix(talk): cap fast context timeout delay

* fix(e2e): harden kitchen sink probe body caps

* refactor: share bounded response reader

* fix(providers): cap model request timeout delays

* fix(oauth): cap request abort timeout delays

* test: speed up slow assertions

* test: stabilize slow assertion timings

* test: shard channel import guardrails

* perf(sessions): patch single-entry store writes

* refactor: share script bounded response helper

* fix(codex): cap responses request timeout delays

* fix(scripts): cap gh-read json bodies

* fix(lmstudio): cap model fetch timeout delays

* feat(ios): default to hosted push relay (openclaw#88096)

Merged via squash.

Prepared head SHA: 75f939a
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman

* fix(minimax): cap tts timeout delays

* build(plugins): externalize copilot runtime

* refactor: share codex app server start context

* test(file-transfer): remove stale tar fixture awaits

* fix(runtime): centralize safe timer timeout resolution

* refactor: share ui chat send wrapper

* docs(plugins): clarify external plugin installs

* fix: close native hook relay replacement race

* fix(qa-lab): cap credential broker request timeouts

* refactor: share e2e incremental line reader

* test(ci): fix main test expectations (openclaw#88122)

* fix(copilot): cap oauth request timeouts

* fix(oauth): cap tls preflight timeout

* build(plugins): externalize tokenjuice

* docs(plugins): add external package readmes

* perf: reuse gateway session and plugin metadata paths

* fix(exec): bind node auto-review to prepared plans

* fix(auth): cap GitHub Copilot OAuth timeouts

* docs(skills): expand Discrawl archive workflow

* fix(discord): cap request timeout signals

* fix(agents): preserve rotated compaction session identity

Fix `sessions.json` persistence after compaction transcript rotation.

When the agent runtime rotates from the pre-compaction session transcript to the post-compaction transcript, post-run consumers now receive the effective OpenClaw session id and session file. Backend CLI session ids remain backend metadata and no longer overwrite the top-level OpenClaw session identity.

Refs openclaw#88040.
Thanks @1052326311.

Verification:
- `node scripts/run-vitest.mjs src/agents/agent-command.compaction-rotation.test.ts src/agents/agent-command.live-model-switch.test.ts src/agents/command/session-store.test.ts`
- Autoreview clean
- GitHub CI green on PR head `c3d3c77ddf675bbba0b9ba6681b030a2f69a898c`

* fix: keep compaction timeout snapshots continuable

* feat(ios): add talk tab realtime playback (openclaw#88105)

Merged via squash.

Prepared head SHA: f41112a
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Reviewed-by: @ngutman

* fix(signal): cap container timeout timers

* fix(agents): forward ACP spawn attachments

Forward initial image/file attachments when spawning ACP subagents through the existing sessions_spawn attachment opt-in. Remove the PR-only acpEnabled config split so ACP uses the same attachment gate as other runtimes.

Also fix the PR branch CI fallout: type the browser element CLI request mock and use Vitest env stubs in the Azure speech test to satisfy the changed-path security scan.

Verification:
- GitHub CI passed on f6ca26b.
- Autoreview clean.
- Crabbox AWS live OpenAI proof passed: cbx_a576d49493fe / run_081dcc6c6a1b.

Thanks @zhangguiping-xydt.

* refactor: share e2e bounded response reader

* docs(browser): add Notte cloud browser to direct WebSocket CDP providers

Notte exposes a CDP-compatible WebSocket gateway at
wss://us-prod.notte.cc/sessions/connect?token=<NOTTE_API_KEY> that
auto-creates a session on connect — the same shape OpenClaw's existing
"Direct WebSocket CDP providers" section was generically framed for
(per openclaw#31085).

Real behaviour proof (against wss://us-prod.notte.cc/sessions/connect):

  $ openclaw browser --browser-profile notte open https://example.com
  opened: https://example.com/
  tab: t4
  id: 7FE04AC44931A6E1C799DE4ABF0DC807

A screenshot captured against the same session is a 1254x1111 PNG of
the rendered example.com page.

Playwright connectOverCDP flow against the same URL (today):

  connectOverCDP                                      695ms
  context.newCDPSession(page)                         169ms
  session.send('Target.getTargetInfo') → targetId     87ms
  page.goto('https://example.com')                    631ms
  total                                               1.8s

AI-assisted (Claude Opus 4.7). codex review --base origin/main returned
clean. See PR description for the full pre-flight checklist.

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

* fix(zalo): cap api request timeouts

* fix: stabilize codex supervisor session listing

* fix(qa-matrix): cap substrate request timeouts

* fix(xiaomi): cap tts request timeouts

* refactor: share e2e mock http helpers

* docs(skills): require grouped release changelogs

* fix(zai): cap endpoint probe timeouts

* fix(mattermost): cap dm retry timeouts

* perf: reuse provider handles and strict tool schemas

* feat: add core session goals (openclaw#87469)

* feat: add core session goals

* feat: polish session goals in tui

* fix: resolve goal tool session stores

* fix: keep get goal read-only

* fix: migrate legacy goal session slots

* fix: persist goal token accounting

* fix: validate goal session rows

* refactor: remove unshipped goal legacy handling

* fix: handle goal commands in local tui

* fix: satisfy goal tool display checks

* fix: reset goal budget on overdue resume

* feat: surface session goals across control surfaces

* test: update gateway protocol test import

* test: align goal fixture types with protocol

* fix: scope selected global transcript usage fallback

* fix: scope selected global web subscriptions

* fix: preserve selected global agent during chat dispatch

* fix: scope chat inject to selected global agents

* test: fix timeout mock return types

* fix(crestodian): cap probe timeouts

* fix: keep live OpenClaw session locks during cleanup (openclaw#88129)

Keep session lock cleanup from removing live OpenClaw-owned locks solely because they are old. Cleanup now reports age-only stale locks without deleting them, while still removing dead, orphaned, recycled, malformed-old, and non-OpenClaw-owned locks.

Update doctor docs and regression coverage for the cleanup/repair contract.

Refs openclaw#87779

* fix(agents): cap model scan timeouts

* refactor: share script budget number parsing

* fix(provider): cap operation timeouts

* fix(usage): cap provider usage fetch timeouts

* fix: bound default heartbeat run timeout (openclaw#88133)

Fixes openclaw#87438.

Bound unset heartbeat run timeouts so background heartbeat turns no longer inherit the built-in 48-hour interactive agent default. Timeout precedence is explicit heartbeat timeout, explicit global agent timeout, then heartbeat cadence capped at 600 seconds.

Verification:
- git diff --check
- Testbox tbx_01kstna69zvznn4fq7zrqr04a1: corepack pnpm test src/infra/heartbeat-runner.model-override.test.ts -- --reporter=verbose passed 13 tests
- Direct node --import tsx runtime probe verified 300s, 600s, 60s, and 45s timeout precedence cases
- Autoreview clean

Known CI state:
- PR CI run 26661465248 has failures matching latest main CI run 26661386468 at a7820b2; failures are outside this six-file heartbeat/docs diff.

* fix(signal): cap client request timeouts

* fix(feishu): cap async helper timeouts

* refactor: share script bounded response reader

* fix: move compaction planning off the event loop

Move compaction planning work to a bounded worker-thread path so large transcript planning no longer monopolizes the agent event loop. Extract pure planning helpers, sanitize worker inputs before structured clone, package the worker entrypoint, and keep synchronous fallback only for worker-unavailable cases.

Fixes openclaw#86358.

* fix(browser): cap control fetch timeouts

* fix(ci): repair main checks

* fix(browser): cap node runtime timeouts

* fix(codex-supervisor): centralize session limit parsing

* fix(discord): cap monitor helper timeouts

* perf: reuse gateway runtime metadata

* fix(acp): cap turn timeout timers

* refactor: share media temp save wrapper

* fix(tts): cap speech provider timeouts

* fix(media): cap generation provider timeouts

* fix ci mainline checks (openclaw#88137)

* fix(infra): cap request body timeouts

* ci: stabilize main checks

* feat: add skills index

* perf: avoid unnecessary skills index maps

* refactor: share skill command exposure policy

* perf: centralize skill status lookup

* refactor: reuse shared skills prompt formatter

* perf: reuse resolved skills allowlist

* perf: speed up skills filtering

* perf: prepare bundled skill allowlist once

* perf: use set for bundled skill allowlist

* test: preserve real skills status exports

* test: share skills entry fixtures

* test: remove duplicate skill fixture wrappers

* test: complete skills status mock surface

* fix(gateway-client): cap stop wait timeout

* perf: prefer package-local bundled plugin artifacts

* fix(openai): cap codex oauth preflight timeout

* fix(supervisor): narrow stored session limit parsing

* refactor: share diagnostics timeline span helpers

* fix(ci): repair main checks

* fix(ci): break skills loading cycle

* test: fix main CI regressions

* fix(apns): cap relay timeout

* fix(infra): cap jsonl socket timeouts

* fix(infra): cap shell env timeouts

* test: stabilize remaining CI flakes

* fix(apns): cap direct timeout paths

* Add plugin manifest contract for SecretRef provider integrations (openclaw#82326)

* secret-provider-integrations

Signed-off-by: sallyom <somalley@redhat.com>

* feat(secrets): configure plugin provider presets

* secrets: use plugin-managed provider refs

Signed-off-by: sallyom <somalley@redhat.com>

* fix secretref auth profile service env

* test secret provider integration e2e

* fix secretref plugin config service env

* fix secret provider preset schema alignment

* stabilize secret provider service proof

* validate secret provider plugin integrations

* harden secret provider resolver paths

* scope secret provider config validation

* stabilize openai secret provider proof

* fix secret provider metadata proof

* stabilize config baseline proof

* fix secret provider e2e lint

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>

* fix(proxy): cap connect tunnel timeouts

* fix: route media completions through requester agent (openclaw#88141)

* fix(scripts): cap issue labeler response bodies

* refactor: share media understanding post params

* fix(infra): cap transport readiness timeouts

* ci: reduce main workflow critical path

* test(gateway): stabilize live helper shard

* refactor: share native approval route gates

Share native approval route gate helpers across mainstream channel approval runtimes and keep PR openclaw#87770 green on current main.

* fix(channels): centralize stall watchdog timer bounds

* perf: resolve native esm plugin sdk imports

* test: stabilize infra state shard

* fix(nostr): cap profile import relay timers

* test(infra): stabilize main CI tests

* test(infra): preserve script wrapper fixture

* fix(web): cap guarded fetch timeout seconds

* fix(zalouser): cap probe timeout timer

* refactor: add shared sqlite state database

Adds the shared SQLite state database base, moves plugin keyed state into it with doctor migration coverage, and keeps generated Kysely guardrails aligned. Proof: focused SQLite/plugin-state tests, db:kysely:check, lint:kysely, architecture/dependency guards, autoreview, and PR CI all clean.

* fix(codex): recover app-server completion stalls

Fix Codex app-server completion-stall recovery so replay-safe stdio completion-idle failures retry once, while progress/terminal turn-watch timeouts only surface timeout payloads.

Also preserve post-tool completion guards for scoped native response deltas and stabilize the oversized CONNECT timeout regression test picked up from latest main.

Co-authored-by: Kelaw - Keshav's Agent <keshavbotagent@gmail.com>

* fix(ci): repair main normalization checks

* fix(zalouser): cap qr login timeouts

* fix(dev): cap Discord smoke response bodies

* fix(agents): centralize terminal run outcome precedence (openclaw#88136)

* fix(agents): centralize terminal run outcome precedence

* docs(agents): explain terminal outcome precedence

* docs(agents): note terminal outcome helper

* fix(agents): preserve pending hard timeout over late completion

* test(agents): align global session scoping expectation

* Revert "test(agents): align global session scoping expectation"

This reverts commit 9b4a0c3.

* test(infra): stabilize CONNECT timeout cap test

* fix(agents): prioritize hard timeout terminal evidence

* fix(gateway): preserve pending hard timeout snapshots

* ci: skip bundled dts in artifact build

* fix(memory): cap qmd process timeouts

* fix(ci): repair main lint gates

* test(infra): avoid max fake-timer jumps (openclaw#88155)

* fix(whatsapp): cap credential flush timeout

* ci: satisfy build profile lint

* refactor: share live transport scenario helpers

* fix(telegram): cap polling lease wait timer

* fix(release): avoid gh api for candidate reads

* fix(release): harden candidate run status polling

* fix(feishu): reopen retryable bot menu replay

* fix(release): avoid gh api in beta smoke

* fix(release): build beta smoke REST curl command

* test(realtime): stabilize websocket timeout test

* test: stabilize realtime websocket timeout

* fix(telegram): centralize positive timer bounds

* fix(providers): cap local service timers

* refactor: share provider oauth runtime helpers

* fix(openrouter): cap music stream timeout

* fix(release): harden release ci summary lookup

* fix(fal): cap video queue deadline

* test(ci): stabilize tool search gateway timeout helper

* fix(reply): hide ACP tool traces from Telegram

Telegram's surface renders tool-call traces poorly compared to Discord's. Add a
per-channel visibility isolation list (currently just `telegram`) so the
dispatch-acp delivery coordinator drops tool/status payloads to those channels
and rewrites error payloads to a sanitized message that points to local logs
instead of leaking the trace.

- New ACP_VISIBILITY_ISOLATED_CHANNELS set + helper prepareAcpPayloadForChannelVisibility
- Coordinator picks the effective target channel (originating or direct) and
  skips delivery when the payload is a tool / status / error trace
- 89 lines of test coverage in dispatch-acp.test.ts for the new path

---------

Signed-off-by: sallyom <somalley@redhat.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
Co-authored-by: Shadow <shadow@openclaw.ai>
Co-authored-by: Gio Della-Libera <giodl73@gmail.com>
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
Co-authored-by: Ayaan Zaidi <hi@obviy.us>
Co-authored-by: Shakker <shakkerdroid@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
Co-authored-by: benjamin1492 <35176637+benjamin1492@users.noreply.github.com>
Co-authored-by: Nimrod Gutman <nimrod.gutman@gmail.com>
Co-authored-by: ngutman <1540134+ngutman@users.noreply.github.com>
Co-authored-by: Dallin Romney <dallinromney@gmail.com>
Co-authored-by: xin zhuang <65798732+1052326311@users.noreply.github.com>
Co-authored-by: zhang-guiping <zhang.guiping@xydigit.com>
Co-authored-by: Lucas Giordano <giordano3102lucas@gmail.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Sally O'Malley <somalley@redhat.com>
Co-authored-by: Kevin Lin <kevin@dendron.so>
Co-authored-by: keshavbotagent <keshavbotagent@gmail.com>
github-actions Bot pushed a commit to Desicool/openclaw that referenced this pull request May 30, 2026
@kevinslin
refactor: share native approval route gates
1a4020d 
Share native approval route gate helpers across mainstream channel approval runtimes and keep PR openclaw#87770 green on current main.
@RomneyDa RomneyDa mentioned this pull request May 31, 2026
Closed
SYU8384 pushed a commit to SYU8384/openclaw that referenced this pull request Jun 3, 2026
@kevinslin
refactor: share native approval route gates
e39b0e9 
Share native approval route gate helpers across mainstream channel approval runtimes and keep PR openclaw#87770 green on current main.
sablehead pushed a commit to sablehead/openclaw that referenced this pull request Jun 10, 2026
@kevinslin
refactor: share native approval route gates
71863e1 
Share native approval route gate helpers across mainstream channel approval runtimes and keep PR openclaw#87770 green on current main.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

agents Agent runtime and tooling app: web-ui App: web-ui channel: imessage Channel integration: imessage channel: signal Channel integration: signal channel: whatsapp-web Channel integration: whatsapp-web docs Improvements or additions to documentation maintainer Maintainer-authored PR merge-risk: 🚨 compatibility 🚨 May break existing users, config, migrations, defaults, or upgrade paths. merge-risk: 🚨 message-delivery 🚨 May drop, duplicate, misroute, suppress, or wrongly target messages. merge-risk: 🚨 security-boundary 🚨 May affect sandboxing, authorization, credentials, or sensitive data. P2 Normal backlog priority with limited blast radius. rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. scripts Repository scripts size: XL status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kevinslin @RomneyDa