perf(tui): prewarm runtime plugins before first send

[RomneyDa]

Profile Evidence

Run	CPU profile	Startup ready	Submit -> first model request	startup.runtime-plugins on first submit	First-turn embedded duration	Request -> visible response
Before	.artifacts/tui-local-cpu/full-surface-1780700761191/openclaw-tui-99042-2026-06-05T23-06-02-328Z.cpuprofile	4,494ms	12,683ms	5,164ms	10,824ms	17ms
After	.artifacts/tui-local-cpu/full-surface-runtime-prewarm-1780701756700/openclaw-tui-98266-2026-06-05T23-22-43-120Z.cpuprofile	10,929ms	7,412ms	1ms	3,859ms	20ms

The local mocked Responses server still returned in ~20ms, so the user-visible freeze is before provider I/O. This patch moves the measured ensureRuntimePluginsLoaded cold activation out of the first submit path and into the embedded TUI history readiness path.

Summary

• Warm embedded local runtime plugins inside EmbeddedTuiBackend.loadHistory() using the same resolved agent workspace as the local send path.
• Keep the TUI backend contract unchanged: no prewarmAgentRuntime hook, no public harness prewarm API, and no separate warming runtime submit state.
• Return best-effort warmup status as part of the existing history response so TUI can show a system message if runtime warmup fails while still rendering history.
• Leave gateway TUI behavior unchanged; this targets only local embedded TUI startup before first send.

Relationship to #86981

#86981 prewarms the selected plugin harness runtime and was stacked on the closed #86930 base hook. In this repro the selected harness is the built-in OpenClaw runtime, so that approach does not remove the measured ensureRuntimePluginsLoaded spike. This PR targets the measured local embedded TUI stage directly without adding another hook seam.

Verification

• node scripts/run-vitest.mjs src/tui/embedded-backend.test.ts src/tui/tui-session-actions.test.ts src/tui/tui.test.ts src/tui/tui-command-handlers.test.ts
• git diff --check origin/main...HEAD
• .agents/skills/autoreview/scripts/autoreview --mode local
• Profiled pnpm openclaw tui --local with an isolated config and mocked local Responses endpoint before and after the patch.

Notes

The previous check-lint failure on the pre-rebase head was unrelated to this PR; the reported files were src/agents/sandbox/registry.ts and src/agents/sandbox/registry.test.ts, while this PR only touches TUI files.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 9, 2026, 4:19 AM ET / 08:19 UTC.

Summary
The PR prewarms embedded local TUI runtime plugins during history loading, returns best-effort warmup status in the history payload, and shows a system message if prewarm fails.

PR surface: Source +32, Tests +49. Total +81 across 3 files.

Reproducibility: yes. for the code path, but not as a freshly rerun performance profile: current main lacks embedded history prewarm and the PR body provides before/after profile data. This read-only review did not rerun the local TUI profiling, and the current head changed after the profile evidence.

Review metrics: 1 noteworthy metric.

• Profiled latency tradeoff: startup ready +6,435ms; first-turn embedded duration -6,965ms. The PR moves measured cold plugin work from first send into local TUI startup/history readiness, so maintainers should review the availability tradeoff before merge.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P2] Refresh the local TUI profile on the current head after the workspace-parity fix.
• [P2] Have maintainers explicitly accept the slower history/startup readiness tradeoff before merge.

Risk before merge

• [P1] The PR intentionally moves cold runtime-plugin activation into embedded history loading; the PR body reports startup ready increasing from 4,494ms to 10,929ms while first-turn embedded duration drops from 10,824ms to 3,859ms.
• [P1] The final head includes a workspace-parity correction after the profile evidence, so maintainers should confirm the final startup-versus-first-send numbers before accepting the tradeoff.

Maintainer options:

1. Refresh final-head profile before merge (recommended)
   Reprofile the current head after the workspace-parity fix so the measured startup and first-send latency tradeoff matches the code being merged.
2. Accept the startup tradeoff
   Maintainers can intentionally accept slower local TUI history readiness if the first-send freeze reduction is the more important user-visible behavior.
3. Pause for a sidecar warmup
   If startup readiness must remain fast, pause this branch and move the warmup into a cancellable post-ready sidecar instead of blocking history load.

Next step before merge

• [P2] Protected maintainer ownership plus the startup-versus-first-send latency tradeoff make this a human review decision rather than an automated repair lane.

Security
Cleared: The diff only changes TUI runtime prewarm timing and focused tests; it does not add dependencies, workflows, package metadata, permissions, or new secret handling.

Review details

Best possible solution:

Land only after final-head local TUI proof confirms the moved cold load is worth the slower history/startup path; otherwise use a cancellable post-ready warmup that preserves fast readiness.

Do we have a high-confidence way to reproduce the issue?

Yes for the code path, but not as a freshly rerun performance profile: current main lacks embedded history prewarm and the PR body provides before/after profile data. This read-only review did not rerun the local TUI profiling, and the current head changed after the profile evidence.

Is this the best way to solve the issue?

Acceptable but still a maintainer tradeoff: warming during embedded history is a narrow implementation that preserves the public backend contract, but it deliberately shifts latency into startup/history readiness. A cancellable post-ready warmup is the safer alternative if fast startup is the priority.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 257b251e2690.

Label changes

Label changes:

• add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: The external-contributor proof gate does not apply to this MEMBER-authored maintainer PR, though the PR body includes local before/after profiling evidence.
• remove rating: 🦐 gold shrimp: Current PR rating is rating: 🐚 platinum hermit, so this older rating label is no longer current.
• remove status: ⏳ waiting on author: Current PR status label is status: 👀 ready for maintainer look.

Label justifications:

• P2: This is a bounded embedded TUI performance improvement with limited blast radius, but it affects a real first-send latency path.
• merge-risk: 🚨 availability: Merging can make local embedded TUI startup/history readiness noticeably slower even while improving first-send latency.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: The external-contributor proof gate does not apply to this MEMBER-authored maintainer PR, though the PR body includes local before/after profiling evidence.

Evidence reviewed

PR surface:

Source +32, Tests +49. Total +81 across 3 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	2	33	1	+32
Tests	1	49	0	+49
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	3	82	1	+81

What I checked:

• Protected maintainer item: The live PR metadata reports authorAssociation MEMBER and the maintainer label, so ClawSweeper cleanup should not close it automatically even if the patch looks useful. (001be10a85e9)
• Current main history path: Current main EmbeddedTuiBackend.loadHistory builds session/history/model data and returns without any runtime plugin prewarm result, so the PR is not already implemented on main. (src/tui/embedded-backend.ts:405, 257b251e2690)
• Current send workspace contract: The local send path calls agentCommandFromIngress, whose execution falls back to resolveAgentWorkspaceDir(cfg, sessionAgentId) when no spawned workspace is explicitly passed. (src/agents/agent-command.ts:704, 257b251e2690)
• PR prewarm implementation: The PR helper uses resolveAgentWorkspaceDir and ensureRuntimePluginsLoaded during embedded history loading, then returns runtimePluginsPrewarm in the existing history response. (src/tui/embedded-backend.ts:133, 001be10a85e9)
• PR failure surfacing: The TUI session action layer reads runtimePluginsPrewarm and adds a system message only when best-effort prewarm fails, while still completing history load. (src/tui/tui-session-actions.ts:426, 001be10a85e9)
• CI status at current head: GitHub check runs for the current head showed 166 checks total with no failure, timed_out, cancelled, or action_required conclusions across the paginated check-run data inspected. (001be10a85e9)

Likely related people:

• vincentkoc: Recent git history touches the TUI embedded/session-action surface, and the related closed prewarm PRs in the provided context were authored by this handle. (role: recent TUI prewarm contributor; confidence: high; commits: 2e08f0f4221f, 45fff13b1d60; files: src/tui/embedded-backend.ts, src/tui/tui-session-actions.ts)
• Peter Steinberger: History shows repeated TUI/session-action work plus the runtime-plugin bootstrap commit that underpins the cold-load path this PR moves earlier. (role: adjacent TUI and runtime-plugin contributor; confidence: high; commits: 661af2acd394, 768e606f96c5, 32ebaa37574e; files: src/agents/runtime-plugins.ts, src/tui/tui-session-actions.ts)
• Gustavo Madeira Santana: Runtime plugin history includes shared registry resolution and compatibility helper commits that are directly exercised by ensureRuntimePluginsLoaded. (role: runtime registry contributor; confidence: medium; commits: ee7f5825c85e, fd0aac297c96; files: src/agents/runtime-plugins.ts, src/plugins/runtime/standalone-runtime-registry-loader.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.