fix(weixin): startAccount preserves session routing#93686
Conversation
|
Codex review: needs maintainer review before merge. Reviewed June 26, 2026, 2:29 AM ET / 06:29 UTC. Summary PR surface: Source +22, Tests +103. Total +125 across 4 files. Reproducibility: yes. Current main has a source-level reproduction path: manifest listing normalizes raw account keys while manifest resolution looks up the normalized id directly in the raw accounts map before Gateway startAccount handoff; the PR body also provides redacted live Weixin startup/status output after the fix. Review metrics: 1 noteworthy metric.
Stored data model Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Land this or an equivalent normalized manifest account resolver after maintainer acceptance of the shared helper hardening; localize the guard if maintainers want the SDK helper contract preserved for now. Do we have a high-confidence way to reproduce the issue? Yes. Current main has a source-level reproduction path: manifest listing normalizes raw account keys while manifest resolution looks up the normalized id directly in the raw accounts map before Gateway startAccount handoff; the PR body also provides redacted live Weixin startup/status output after the fix. Is this the best way to solve the issue? Yes, with a maintainer compatibility choice left. Aligning manifest listing and resolution through the normalized lookup invariant is the narrow generic fix; the shared helper hardening is best if maintainers accept the SDK behavior change, otherwise the guard should be localized. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 4fc504d321b6. Label changesLabel justifications:
Evidence reviewedPR surface: Source +22, Tests +103. Total +125 across 4 files. View PR surface stats
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. Re-review progress:
|
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. Re-review progress:
|
|
checking |
|
I think the main Weixin/session-routing fix is pointed at the right problem: manifest account listing emits the route-safe normalized id, while resolution previously looked up that normalized id directly in the raw One remaining issue is in the shared lookup helper, not the Weixin-specific path. Could we tighten the helper/call contract so config-map candidate keys are normalized with the optional/validating normalizer, or otherwise skipped when their canonical form is invalid, instead of falling back to |
Thanks for the detailed review, I'll take a look~ |
|
@sliverp Thanks for the follow-up. I updated the PR to address the shared helper gap you pointed out:
The branch has been pushed; the last watch window had no failing checks, only a few still pending. |
|
Landed via temp rebase onto main.
Thanks @zhangguiping-xydt! |
* fix(channels): resolve manifest account config by normalized id * fix(routing): ignore blocked keys during normalized account lookup * fix(routing): block normalized unsafe account keys * test(routing): type normalized account lookup case * trigger CI * fix account lookup invalid key fallback * fix(weixin): startAccount preserves session routing (openclaw#93686) (thanks @zhangguiping-xydt) --------- Co-authored-by: sliverp <870080352@qq.com>
* fix(channels): resolve manifest account config by normalized id * fix(routing): ignore blocked keys during normalized account lookup * fix(routing): block normalized unsafe account keys * test(routing): type normalized account lookup case * trigger CI * fix account lookup invalid key fallback * fix(weixin): startAccount preserves session routing (openclaw#93686) (thanks @zhangguiping-xydt) --------- Co-authored-by: sliverp <870080352@qq.com>
Summary
What problem does this PR solve?
accountsobject. A raw key like59000514e8ad@im.botcould be listed as59000514e8ad-im-botbut then fail to resolve beforestartAccount."constructor "cannot collapse throughnormalizeAccountIdtodefault.Why does this matter now?
What is the intended outcome?
default.What is intentionally out of scope?
What does success look like?
defaultthrough the shared normalized lookup helper.What should reviewers focus on?
resolveNormalizedAccountEntryis the source-of-truth helper for normalized config-map account lookup, and manifest account resolution calls it with the optional validating normalizer for config keys.Summary guidance
This PR description is the contributor's durable explanation of the change. Write it for human maintainers first; ClawSweeper and Barnacle use the same text to understand intent, proof, risk, and current review state.
Describe the intent and outcome in 2-5 bullets. Avoid restating the diff; reviewers and bots can read the changed files.
If this PR fixes a plugin beta-release blocker, title it
fix(<plugin-id>): beta blocker - <summary>and link the matchingBeta blocker: <plugin-name> - <summary>issue labeledbeta-blocker. Contributors cannot label PRs, so the title is the PR-side signal for maintainers and automation.Linked context
Which issue does this close?
Closes #93556.
Which issues, PRs, or discussions are related?
Related #93686.
Was this requested by a maintainer or owner?
Yes. A maintainer requested tightening the shared lookup helper so invalid raw config-map keys do not collapse to
default.Linked context guidance
Link the issue, PR, discussion, maintainer request, or owner request that explains why this PR should exist. Maintainer context helps reviewers and automation distinguish intended work from drive-by churn.
Real behavior proof (required for external PRs)
Behavior or issue addressed: a live external
openclaw-weixinchannel account whose raw provider ID normalizes to a route-safe account ID can be loaded by the Gateway, started through the channel plugin, and reported as running instead of being dropped beforestartAccount.Real environment tested: macOS Darwin 25.5.0, Node v24.15.0, OpenClaw 2026.6.2, external
@tencent-weixin/openclaw-weixin@2.4.3, isolated OpenClaw home, live QR login with Weixin.Exact steps or command run after this patch:
Evidence after fix (sanitized live output from the existing PR proof):
Observed result after fix: the external Weixin manifest account is listed with the route-safe ID, resolves back to the raw configured account entry, enters provider startup, starts the Weixin monitor, and is reported by
channels status --probeasenabled, configured, running; the issue-specificunable to resolveaccount failure beforestartAccountis no longer present.What was not tested: a fresh live Weixin login was not re-run for the small maintainer follow-up commit; the follow-up is a shared helper guard for invalid config-map candidate keys and is covered by focused regression tests below.
Proof limitations or environment constraints: local dependency installation reports a
node-llama-cpppostinstall build failure because this machine has CMake 3.18.2 while that package asks for CMake 3.19+, but the focused Vitest suites needed for this PR ran successfully from the installed workspace.Before evidence (optional but encouraged): the new regression test failed before the helper guard with
expected { id: 'blocked' } to deeply equal undefinedforresolveNormalizedAccountEntry({ "constructor ": cfg }, "default", normalizeAccountId).Real behavior proof guidance
External contributors must show after-fix evidence from a real OpenClaw setup. Unit tests, mocks, lint, typechecks, snapshots, and CI are supplemental only.
Screenshots are encouraged even for CLI, console, text, or log changes. Terminal screenshots, copied live output, redacted runtime logs, recordings, and linked artifacts count.
If your environment cannot produce the ideal proof, explain that under
Proof limitations or environment constraintsso reviewers and ClawSweeper can direct the next step properly.Be mindful of private information like IP addresses, API keys, phone numbers, non-public endpoints, or other private details when providing evidence.
Tests and validation
Which commands did you run?
src/routing/account-lookup.test.tsviapnpm exec vitest run src/routing/account-lookup.test.ts— pass, 8 tests.src/channels/plugins/read-only.test.tsviapnpm exec vitest run src/channels/plugins/read-only.test.ts— pass, 31 tests.What regression coverage was added or updated?
resolveNormalizedAccountEntry({ "constructor ": cfg }, "default", normalizeAccountId)returnsundefinedinstead of selecting the invalid raw key as the default account.59000514e8ad@im.botresolving through their route-safe account IDs.What failed before this fix, if known?
{ id: "blocked" }for the invalid"constructor "key when resolvingdefault.If no test was added, why not?
Testing guidance
List focused commands, not every incidental check. CI is useful support, but external PRs still need real behavior proof above when behavior changes.
Risk checklist
Did user-visible behavior change? (
Yes/No)Yes, only for invalid account config keys that previously collapsed to
defaultduring normalized fallback lookup.Did config, environment, or migration behavior change? (
Yes/No)No migration or schema change. Existing valid account keys keep the same matching behavior.
Did security, auth, secrets, network, or tool execution behavior change? (
Yes/No)Yes, the account lookup helper is stricter about invalid/prototype-like config-map keys so they cannot be selected through fallback matching.
What is the highest-risk area?
merge-risk: compatibility,merge-risk: security-boundary, and session/account routing state.resolveNormalizedAccountEntryis exported through plugin SDK account surfaces, so the compatibility-sensitive behavior is that invalid raw account keys which only matched through fallback normalization now stop matching.How is that risk mitigated?
Risk guidance
Use this for author judgment that is not obvious from the diff. ClawSweeper can see touched files, but it cannot know which behavior you think is risky, why the risk is acceptable, or what mitigation reviewers should verify.
Current review state
What is the next action?
Maintainer review after this PR update; local submit checks, focused validations, and remote exact-head CI are complete.
What is still waiting on author, maintainer, CI, or external proof?
Which bot or reviewer comments were addressed?
checks-node-compact-small-whole-2validation state is stale because the exact-head check has completed successfully.checkingmaintainer signal is superseded by the later concrete follow-up and no longer has a separate author action."constructor "collapsing todefaultis fixed by the helper guard and regression test.Review state guidance
Keep this as the durable state for review progress. If useful information appears in comments, fold the current next action or blocker back here so maintainers and ClawSweeper do not need to reconstruct state from comment history.