feat(qqbot): add /bot-group-allways command to toggle mention requirement

[cxyhhhhh]

Summary

Problem: Users cannot conveniently toggle defaultRequireMention for qqbot groups. Config changes via replaceConfigFile() didn't take effect immediately due to getRuntimeConfig() caching the first loaded snapshot.

Solution: Add /bot-group-allways slash command and clear runtime config cache after write.

Changes:

• Add /bot-group-allways on|off|status command
• Support named accounts and default account
• Call clearRuntimeConfigSnapshot() after config write for immediate effect
• Add unit tests (309 lines) and update group config tests (56 lines)

Real behavior proof

Before:

17:20:32 [qqbot] Skipped group inbound: reason=skip_no_mention

After:

17:28:13 [reload] config hot reload applied (channels.qqbot.accounts.102901613.defaultRequireMention)

Steps tested:

1. DM to bot: /bot-group-allways on
2. Bot replies: "✅ 群自主发言已设置为 on"
3. Send message in group without @ → AI responds
4. clearRuntimeConfigSnapshot() called, next getRuntimeConfig() returns fresh config

Tests and validation

npm test -- --testPathPattern="register-group-allways|group"
npm run typecheck
npm run lint

Risk checklist

• User-visible behavior change? Yes - new slash command (additive, not breaking)
• Config/environment change? Yes - clearRuntimeConfigSnapshot() called after config write
• Security/auth change? No
• Highest-risk area: clearRuntimeConfigSnapshot() performance impact
• Mitigation: Only called after successful replaceConfigFile(), synchronous and fast

Current review state

Next action: Maintainer review for API design and cache invalidation approach

Addressed:

• Caching issue with clearRuntimeConfigSnapshot()
• Unit tests added
• Both named and default account support

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 9, 2026, 3:05 AM ET / 07:05 UTC.

Summary
The branch adds a QQBot /bot-group-allways C2C admin command, an account-level defaultRequireMention fallback in group config resolution, tests, and an explicit runtime config snapshot clear after config writes.

PR surface: Source +138, Tests +367. Total +505 across 5 files.

Reproducibility: yes. for the patch defects from source inspection: current main documents and resolves groups["*"].requireMention, while the PR writes a lower-priority defaultRequireMention and reads status from captured account config. I did not run live QQBot.

Review metrics: 1 noteworthy metric.

• Config/default surfaces: 1 added. The PR adds defaultRequireMention as a new QQBot mention-default layer, which is compatibility-sensitive because current users already have the wildcard group default path.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🦐 gold shrimp
Patch quality: 🧂 unranked krab
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Use one supported mention-default contract and read command state from live runtime config.
• [P1] Add redacted proof showing the command reply and an unmentioned QQ group message receiving a response after the toggle.

Proof guidance:

• [P1] Needs stronger real behavior proof before merge: The screenshot shows QQ group replies, but it does not show the /bot-group-allways command reply or prove that the command toggle caused the unmentioned group response. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• [P1] Merging as-is creates an undocumented account-level QQBot mention default beside the documented groups["*"].requireMention default, so support and upgrades can disagree about which setting controls replies.
• [P1] The new command can report success while existing wildcard group config still controls whether unmentioned QQBot group messages reach the agent.
• [P1] The explicit runtime snapshot clear after an afterWrite: { mode: "auto" } config write bypasses the normal refreshed snapshot/source metadata path and needs config-owner approval if retained.
• [P1] The latest screenshot improves proof that a QQ group can receive replies, but it still does not show the command response or the command-caused before/after toggle path.

Maintainer options:

1. Keep One Default Path (recommended)
   Revise the command to use the documented wildcard group default and read live runtime config before status/no-op decisions.
2. Accept A New Config Contract
   Maintainers can intentionally keep defaultRequireMention, but should add docs, schema/help metadata, upgrade behavior, and tests for precedence against existing group defaults.
3. Pause Until Command Proof
   Keep the PR paused until redacted proof shows the actual command reply and the resulting unmentioned group response in a real QQBot setup.

Next step before merge

• [P1] Maintainer review is needed for the QQBot mention-default config contract and for complete external QQBot proof; this is not a safe autonomous repair lane yet.

Security
Cleared: No dependency, workflow, secret-handling, or supply-chain change was found; the group-exposure concern is covered as config/message-delivery merge risk.

Review findings

• [P1] Use the existing wildcard group default — extensions/qqbot/src/engine/config/group.ts:80
• [P1] Read command state from live config — extensions/qqbot/src/engine/commands/builtin/register-group-allways.ts:32-33

Review details

Best possible solution:

Keep one QQBot mention-default contract by making the admin command read and write groups["*"].requireMention, or explicitly approve and document a defaultRequireMention migration, then show redacted QQBot proof of the command reply plus an unmentioned group response.

Do we have a high-confidence way to reproduce the issue?

Yes for the patch defects from source inspection: current main documents and resolves groups["*"].requireMention, while the PR writes a lower-priority defaultRequireMention and reads status from captured account config. I did not run live QQBot.

Is this the best way to solve the issue?

No. A C2C admin command is plausible, but this implementation should either use the existing wildcard group default or land an explicit maintainer-approved config contract, and it should read live runtime config before status/no-op decisions.

Full review comments:

• [P1] Use the existing wildcard group default — extensions/qqbot/src/engine/config/group.ts:80
  Current QQBot docs and resolver already use groups["*"].requireMention as the every-group default. Adding defaultRequireMention creates a second source of truth with lower precedence, so an existing wildcard entry can keep controlling delivery while this command writes a different key; make the command use the wildcard path or add an explicit maintainer-approved config contract and migration.
  Confidence: 0.92
• [P1] Read command state from live config — extensions/qqbot/src/engine/commands/builtin/register-group-allways.ts:32-33
  The handler checks ctx.accountConfig before fetching runtime config, but that object is copied from the GatewayAccount captured by the connection context. After a config write, the live inbound gate can use refreshed runtime config while this command can still report/no-op from stale account state; load the current QQBot account config from runtime.config.current() before status and same-state checks.
  Confidence: 0.9

Overall correctness: patch is incorrect
Overall confidence: 0.9

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against f57c3b55fdc4.

Label changes

Label changes:

• add proof: 📸 screenshot: Contributor real behavior proof includes screenshot evidence. The screenshot shows QQ group replies, but it does not show the /bot-group-allways command reply or prove that the command toggle caused the unmentioned group response.

Label justifications:

• P2: This is a normal-priority QQBot feature/config PR with concrete compatibility and delivery blockers, not an urgent production regression.
• merge-risk: 🚨 compatibility: The PR adds a new QQBot config/default surface that can conflict with the documented groups["*"].requireMention upgrade path.
• merge-risk: 🚨 message-delivery: The changed default controls whether unmentioned QQBot group messages are skipped or delivered to the agent.
• rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🦐 gold shrimp and patch quality is 🧂 unranked krab.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The screenshot shows QQ group replies, but it does not show the /bot-group-allways command reply or prove that the command toggle caused the unmentioned group response. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.
• proof: 📸 screenshot: Contributor real behavior proof includes screenshot evidence. The screenshot shows QQ group replies, but it does not show the /bot-group-allways command reply or prove that the command toggle caused the unmentioned group response.

Evidence reviewed

PR surface:

Source +138, Tests +367. Total +505 across 5 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	3	139	1	+138
Tests	2	367	0	+367
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	5	506	1	+505

What I checked:

• Repository policy applied: Root AGENTS.md and scoped extensions/AGENTS.md were read; the PR touches bundled plugin config/default behavior, which the policy treats as compatibility-sensitive. (AGENTS.md:1, f57c3b55fdc4)
• Current documented QQBot default path: Current docs say groups["*"] sets defaults for every QQBot group and list requireMention as the documented setting with default true. Public docs: docs/channels/qqbot.md. (docs/channels/qqbot.md:170, f57c3b55fdc4)
• Current main resolver precedence: Current main resolves QQBot requireMention from specific group, then wildcard group, then the built-in default; there is no account-level mention fallback in the current resolver. (extensions/qqbot/src/engine/config/group.ts:72, f57c3b55fdc4)
• PR adds a lower-priority config fallback: The PR adds defaultRequireMention below specific and wildcard group config, so existing wildcard config can override the new command's written value. (extensions/qqbot/src/engine/config/group.ts:80, 995770d78bf7)
• PR reads command state from captured account config: The new handler reads ctx.accountConfig?.defaultRequireMention before loading runtime config, then uses that value for status and same-state decisions. (extensions/qqbot/src/engine/commands/builtin/register-group-allways.ts:32, 995770d78bf7)
• Current command context uses connection account config: Current main builds slash command context with accountConfig: account.config from the gateway connection context, not by reloading the live runtime config for each command status/no-op check. (extensions/qqbot/src/engine/commands/slash-command-handler.ts:105, f57c3b55fdc4)

Likely related people:

• sliverp: History shows prior merged QQBot channel/config work, and this person is also the current assignee who posted the latest QQ proof screenshot. (role: adjacent QQBot contributor; confidence: medium; commits: bf6f506dfae6, 65b781f9ae3a; files: extensions/qqbot/openclaw.plugin.json, docs/channels/qqbot.md, extensions/qqbot/src/channel.ts)
• Vincent Koc: Recent history includes QQBot release/baseline and command/auth related work around the current bundled plugin surface. (role: recent area contributor; confidence: medium; commits: 2e08f0f4221f, 72af92ba4e27; files: extensions/qqbot/src/engine/config/group.ts, extensions/qqbot/src/engine/commands/builtin/register-approve.ts, docs/channels/qqbot.md)
• Peter Steinberger: History shows prior QQBot docs and config helper work relevant to whether a new public config surface should exist. (role: adjacent docs/config contributor; confidence: medium; commits: cebe697082ad, 6243ca50e0d2; files: docs/channels/qqbot.md, extensions/qqbot/src/config-schema.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[sliverp]

proof:

@clawsweeper review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27189341516
• Updated: 2026-06-09T07:06:03.617Z

[sliverp]

Landed via temp rebase onto main.

• Gate: skipped per maintainer (small additive feat, isolated to qqbot extension)
• Land commit: 56780c8
• Merge commit: d12b7b0

Thanks @cxyhhhhh!