fix(mattermost): anchor slash state on globalThis (#68113)

[clawsweeper]

Makes #90389 merge-ready for the ClawSweeper automerge loop.
The edit pass should inspect the live PR diff, review comments, and failing checks; rebase if needed; keep the contributor branch credited; and stop only when validation is green or an external blocker is proven.

ClawSweeper 🐠 replacement reef notes:

• Cluster: automerge-openclaw-openclaw-90389
• Source PRs: fix(mattermost): anchor slash state on globalThis (#68113) #90389
• Credit: Source PR: fix(mattermost): anchor slash state on globalThis (#68113) #90389
• Validation: pnpm check:changed
• Replacement reason: ClawSweeper could not update the source PR branch directly, so it opened a writable replacement PR instead.
• Automerge requested by: @Takhoffman

• Repair fallback: GitHub rejected the repair branch push because it updates workflow files and the ClawSweeper app token does not have workflows permission

Inherited issue-closing references from the source PR:
Closes #68113

Co-author credit kept:

• @ly85206559: Co-authored-by: ly85206559 12526624+ly85206559@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against 3cf28a1.

[clawsweeper]

🦞✅
ClawSweeper merged this PR after the passing review.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=3cf28a1f9603d9ddfcc8ea56a4c5520b3fb89e4d)
Merge status: merged by ClawSweeper automerge
Merged at: 2026-06-05T04:10:44Z
Merge commit: 69d1d786491c

What merged:

• The branch stores Mattermost slash-command account state in a process-wide Symbol.for/globalThis Map and adds module-reload regression coverage.
• PR surface: Source +21, Tests +43. Total +64 across 2 files.
• Reproducibility: yes. at source level: current main's route handler returns 503 when its module-local accoun ... pulate state through a separate loader path. I did not run a live Mattermost POST in this read-only review.

Automerge notes:

• No ClawSweeper repair was needed after automerge opt-in.

The automerge loop is complete.

Automerge progress:

• 2026-06-05 03:42:48 UTC review queued 3cf28a1f9603 (queued)

• 2026-06-05 04:10:33 UTC review passed 3cf28a1f9603 (structured ClawSweeper verdict: pass (sha=3cf28a1f9603d9ddfcc8ea56a4c5520b3fb89...)

• 2026-06-05 03:50:05 UTC repair queued 3cf28a1f9603 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26994197130

• 2026-06-05 03:53:50 UTC repair started (running) in 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/26994197130 automerge-openclaw-openclaw-90389

• 2026-06-05 03:53:54 UTC repair completed 3cf28a1f9603 (no branch change) in 5s Run: https://github.com/openclaw/clawsweeper/actions/runs/26994197130 no planned fix actions

• 2026-06-05 03:53:53 UTC review queued 3cf28a1f9603 (after no-op repair)

• 2026-06-05 04:01:24 UTC repair queued 3cf28a1f9603 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26994546071

• 2026-06-05 04:04:44 UTC repair started (running) in 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/26994546071 automerge-openclaw-openclaw-90389

• 2026-06-05 04:04:48 UTC repair completed 3cf28a1f9603 (no branch change) in 5s Run: https://github.com/openclaw/clawsweeper/actions/runs/26994546071 no planned fix actions

• 2026-06-05 04:04:47 UTC review queued 3cf28a1f9603 (after no-op repair)

• 2026-06-05 04:10:46 UTC merged 3cf28a1f9603 (merged by ClawSweeper automerge)

[clawsweeper]

Codex review: passed. Reviewed June 5, 2026, 12:10 AM ET / 04:10 UTC.

Summary
The branch stores Mattermost slash-command account state in a process-wide Symbol.for/globalThis Map and adds module-reload regression coverage.

PR surface: Source +21, Tests +43. Total +64 across 2 files.

Reproducibility: yes. at source level: current main's route handler returns 503 when its module-local accountStates is empty, while monitor activation can populate state through a separate loader path. I did not run a live Mattermost POST in this read-only review.

Review metrics: none identified.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• A full Mattermost-hosted slash POST through the reported reverse-proxy setup would remove the remaining end-to-end proof gap.

Risk before merge

• [P1] Full Mattermost-hosted slash POST behind nginx was not directly exercised in this review; the supplied terminal proof covers local gateway activation and callback readiness after activation.

Maintainer options:

1. Decide the mitigation before merge
   Land this replacement PR through the normal automerge and check gates, then close the linked Mattermost slash-command bug once the fix is on main.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• [P2] No repair lane is needed because the automerge-opted PR has no blocking review findings.

Security
Cleared: The diff changes Mattermost plugin runtime state sharing and tests only; it does not touch CI, dependencies, permissions, package execution, or credential handling surfaces.

Review details

Best possible solution:

Land this replacement PR through the normal automerge and check gates, then close the linked Mattermost slash-command bug once the fix is on main.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level: current main's route handler returns 503 when its module-local accountStates is empty, while monitor activation can populate state through a separate loader path. I did not run a live Mattermost POST in this read-only review.

Is this the best way to solve the issue?

Yes. Sharing only the per-process Mattermost slash state Map is a narrow owner-local fix for the dual-loader state split; forcing a broader plugin-loader rewrite would touch more of the bundled plugin bootstrap contract.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against cb5bb9b936bb.

Label changes

Label justifications:

• P1: The PR fixes a reported regression that blocks Mattermost native slash-command workflows for affected users.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🦞 diamond lobster.
• status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (terminal): The linked source PR supplies after-fix terminal proof showing gateway activation followed by the callback returning HTTP 405 instead of the reported HTTP 503 initialization response.
• proof: sufficient: Contributor real behavior proof is sufficient. The linked source PR supplies after-fix terminal proof showing gateway activation followed by the callback returning HTTP 405 instead of the reported HTTP 503 initialization response.

Evidence reviewed

PR surface:

Source +21, Tests +43. Total +64 across 2 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	1	23	2	+21
Tests	1	44	1	+43
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	2	67	3	+64

What I checked:

• Current main has module-local slash state: Current main declares accountStates as a plain module-level Map and the route handler returns the reported 503 text whenever that route-side Map is empty. (extensions/mattermost/src/mattermost/slash-state.ts:66, cb5bb9b936bb)
• Route registration and activation use different loader paths: The Mattermost entrypoint loads the slash route through loadBundledEntryExportSync, while monitor activation imports slash-state and calls activateSlashCommands after command registration. (extensions/mattermost/index.ts:9, cb5bb9b936bb)
• PR shares the intended Map: The PR head stores the slash account-state Map under Symbol.for("openclaw.mattermost.slash-account-states") on globalThis and reuses it for subsequent module instances. (extensions/mattermost/src/mattermost/slash-state.ts:65, 3cf28a1f9603)
• Regression coverage exercises module reload: The added test activates a token, resets modules, reimports slash-state, and verifies the reloaded module still resolves the token to the account. (extensions/mattermost/src/mattermost/slash-state.test.ts:73, 3cf28a1f9603)
• Related PR and issue context support the fix shape: The source PR includes terminal proof of activation followed by the callback returning HTTP 405 instead of 503, and the original issue discussion reports the same globalThis-style fix resolved installed v2026.4.15; older alternate PRs are closed unmerged, so they do not supersede this PR. (3cf28a1f9603)
• Diff hygiene check: Whitespace/conflict-marker diff check is clean for the two touched files. (3cf28a1f9603)

Likely related people:

• steipete: Local blame and GitHub path history show recent work on the Mattermost entrypoint and runtime-cycle/loader boundary involved in the split module instance path. (role: recent area contributor; confidence: high; commits: 14690904f033, 0c278bb93c2d, 51affb81b9a5; files: extensions/mattermost/index.ts, extensions/mattermost/src/mattermost/slash-state.ts)
• mukhtharcm: GitHub commit history shows native Mattermost slash command support, including the slash-state surface, was introduced in the merged native slash command feature commit. (role: introduced behavior; confidence: high; commits: b1b41eb44323; files: extensions/mattermost/index.ts, extensions/mattermost/src/mattermost/slash-state.ts)
• eleqtrizit: Recent Mattermost slash callback validation and routing work touched the same slash-state and slash-http behavior family. (role: recent adjacent contributor; confidence: medium; commits: 9c0975c1c20e; files: extensions/mattermost/src/mattermost/slash-state.ts, extensions/mattermost/src/mattermost/slash-http.ts)
• vincentkoc: Recent Mattermost plugin and slash-state/docs work makes this a plausible routing contact for the channel area. (role: recent adjacent contributor; confidence: medium; commits: aa2f964bda07, d3fc6c0cc79f; files: extensions/mattermost/src/mattermost/slash-state.ts, docs/channels/mattermost.md)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.