Skip to content

fix: keep trusted policies with hook registry#94545

Merged
jesse-merhi merged 5 commits into
mainfrom
jesse/fix-trusted-policy-registry
Jun 22, 2026
Merged

fix: keep trusted policies with hook registry#94545
jesse-merhi merged 5 commits into
mainfrom
jesse/fix-trusted-policy-registry

Conversation

@jesse-merhi

@jesse-merhi jesse-merhi commented Jun 18, 2026

Copy link
Copy Markdown
Member

Summary

  • Fix before_tool_call trusted-policy lookup so it uses the same composed live plugin registry view as the global hook runner.
  • Keep the composed registry getter internal, outside the public plugin SDK barrel.
  • Preserve trusted-policy tier order across composed registries: bundled policies still run before installed policies.
  • Add regression coverage for active-registry drift, later global-runner reinitialization, pinned Gateway registries, cross-registry policy ordering, SDK export guardrails, and the existing exec-env hook mock path.

What Changed

A Gateway run can keep plugin hooks live through the global hook runner while a later scoped/default registry becomes the active registry. Current main composes hook dispatch from the latest initialized registry plus live active/pinned registries. Before this change, trusted policies were still read from a single active/latest registry path, so a hook from a pinned Gateway registry could run while that registry's trusted policy was invisible.

The fixed path exposes an internal composed registry view and passes that registry into trusted-policy diagnostics and evaluation. src/plugins/hook-runner-global.ts stays the public hook-runner module; src/plugins/hook-runner-global-state.ts owns the internal composed-registry state.

The composed policy list is owner-filtered across live registries, then ordered by the existing trusted-policy contract: bundled policies first, installed policies after. That matters because trusted-policy blocks are terminal and policy parameter rewrites feed later policies.

Flow

flowchart TD
  A[Tool call enters before_tool_call path] --> B[Read composed hook-runner registry]
  B --> C{Trusted policies present?}
  C -- yes --> D[Run trusted policies from same live registry as hooks]
  C -- no --> E[Skip trusted policy phase]
  D --> F{Policy blocks or rewrites?}
  F -- block --> G[Stop before ordinary hook]
  F -- rewrite --> H[Pass adjusted params onward]
  F -- allow --> H
  E --> H
  H --> I{before_tool_call hooks present?}
  I -- yes --> J[Run ordinary plugin hooks]
  I -- no --> K[Execute tool]
  J --> K
Loading

Behavior Addressed

Case Before After
Pinned Gateway registry has atl-sec-core, later registry becomes active Hook can still run, but trusted policy lookup may miss the pinned registry Hook and trusted policy use the same composed live registry view
Later active registry has an installed policy, pinned registry has a bundled policy Raw live-source order can put installed policy first Bundled policy remains first, matching the registry/docs contract
Public SDK barrel re-exports hook-runner helpers A new composed-registry getter could leak internal trusted-policy state Internal getter lives in hook-runner-global-state.ts, with guardrail coverage
Existing tests mock only getGlobalHookRunner() New registry getter can be missing from the mock and fail closed in unrelated coverage Focused mock now returns null for the internal registry lookup so resolve-exec-env tests stay scoped

Real behavior proof

Behavior addressed: split-registry trusted-policy bypass in runBeforeToolCallHook(...), including the current composed global hook-runner path, trusted-policy ordering across live registries, SDK export boundaries, and the existing exec-env hook path that uses a mocked hook runner.

Real environment tested: local OpenClaw worktree on current origin/main, branch jesse/fix-trusted-policy-registry, commit e5314c0272619d109e3c6fd767200c2a6d68d61a.

Exact steps or command run after this patch:

node scripts/run-vitest.mjs src/plugins/contracts/plugin-sdk-runtime-api-guardrails.test.ts src/agents/agent-tools.before-tool-call.embedded-mode.test.ts src/agents/bash-tools.exec.resolve-env-hook.test.ts src/plugins/hook-runner-global.test.ts src/plugins/hook-runner-global.compose.test.ts src/plugins/contracts/host-hooks.contract.test.ts
node scripts/run-tsgo.mjs -p tsconfig.core.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/core.tsbuildinfo
node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.test.src.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/test-src.tsbuildinfo
git diff --check
mmdc -i /tmp/pr-94545-flow.mmd -o /tmp/pr-94545-flow.svg

Evidence after fix:

focused Vitest: 3 shards passed, 6 files passed, 98 tests passed
core tsgo: passed
source-test tsgo: passed
git diff --check: passed
Mermaid diagram validation: passed

Native review: 3 consecutive clean `codex review --base origin/main` passes on e5314c0272619d109e3c6fd767200c2a6d68d61a
Cold review: 3 consecutive clean independent cold-review passes on the same tree

Observed result after fix: the before-tool-call tests create a Gateway registry with a trusted policy, replace/reinitialize later registries, and confirm the trusted policy still blocks before the ordinary hook runs. The hook-runner-global tests verify the composed registry exposes the pinned Gateway trusted policy after later initialization and keeps bundled policies before installed policies across live registries. The SDK guardrail test verifies the internal composed-registry getter and trusted-policy field do not leak through the public runtime barrel. The resolve-exec-env test verifies existing before-tool-call mocked-hook coverage still reaches the exec host instead of failing closed on the new registry lookup.

What was not tested: a rebuilt ASSP/RovoClaw container using this patched OpenClaw commit was not run after the code change. Upstream Codex tests were not run; Codex source was inspected for the PreToolUse contract.

Verification

node scripts/run-vitest.mjs src/plugins/contracts/plugin-sdk-runtime-api-guardrails.test.ts src/agents/agent-tools.before-tool-call.embedded-mode.test.ts src/agents/bash-tools.exec.resolve-env-hook.test.ts src/plugins/hook-runner-global.test.ts src/plugins/hook-runner-global.compose.test.ts src/plugins/contracts/host-hooks.contract.test.ts
[test] passed 3 Vitest shards in 11.86s

node scripts/run-tsgo.mjs -p tsconfig.core.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/core.tsbuildinfo
passed

node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.test.src.json --incremental --tsBuildInfoFile .artifacts/tsgo-cache/test-src.tsbuildinfo
passed

git diff --check
passed

@openclaw-barnacle openclaw-barnacle Bot added agents Agent runtime and tooling size: S maintainer Maintainer-authored PR labels Jun 18, 2026
@clawsweeper

clawsweeper Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Codex review: needs maintainer review before merge. Reviewed June 20, 2026, 8:17 PM ET / 00:17 UTC.

Summary
The PR routes before_tool_call trusted-policy diagnostics and evaluation through the composed global hook-runner registry, keeps that getter internal, preserves bundled-before-installed policy ordering, and adds focused regression coverage.

PR surface: Source +89, Tests +228. Total +317 across 9 files.

Reproducibility: yes. at source level. Current main composes hook dispatch from live registries while trusted-policy diagnostics and evaluation still read the active registry, and the PR adds focused regression coverage for that split.

Review metrics: 1 noteworthy metric.

  • Trusted-policy lookup sources: 1 execution path, 1 diagnostic path changed. These lookups decide which configured trusted policies can block tool execution before ordinary plugin hooks run.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🦞 diamond lobster
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Maintainer can request live gateway/container proof if they want runtime confidence beyond focused tests and CI.

Risk before merge

  • [P1] Merging intentionally changes the security-boundary decision source: trusted policies from composed live and pinned registries can now block tool calls that current main would miss.
  • [P1] The PR proof is strong targeted terminal proof, but the PR body says a rebuilt gateway/container scenario was not run for this exact follow-up.
  • [P1] The protected maintainer label and security-boundary semantics make this a human maintainer review item rather than an automated cleanup close.

Maintainer options:

  1. Accept Composed-Policy Enforcement (recommended)
    Merge after maintainer review confirms trusted policies from the composed live registry should enforce before ordinary hooks where current main skipped them.
  2. Request Live Gateway Proof
    Ask for rebuilt gateway or container proof showing a pinned trusted policy blocks a real tool call after a later registry activation.
  3. Pause If Precedence Is Unsettled
    Hold the PR if maintainers want a different cross-registry precedence rule for bundled and installed trusted policies.

Next step before merge

  • [P2] Protected maintainer PR and security-boundary semantics need human review rather than an automated repair lane.

Security
Cleared: No concrete supply-chain, credential, or sandbox regression was found; the diff is security-sensitive because it tightens trusted-policy enforcement and needs maintainer boundary review.

Review details

Best possible solution:

Land after maintainer security-boundary review confirms the composed trusted-policy semantics, internal getter boundary, and bundled-before-installed ordering are the intended contract.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level. Current main composes hook dispatch from live registries while trusted-policy diagnostics and evaluation still read the active registry, and the PR adds focused regression coverage for that split.

Is this the best way to solve the issue?

Yes. Passing the same composed registry into trusted-policy diagnostics and evaluation is the narrow owner-boundary fix; keeping active-registry lookup preserves the split, while exporting the getter through the SDK would widen internal surface unnecessarily.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 6c2c43d63f4c.

Label changes

Label justifications:

  • P1: The PR addresses a security-sensitive before_tool_call policy-enforcement gap affecting tool execution.
  • merge-risk: 🚨 security-boundary: Merging changes which trusted plugin policies can enforce the tool-execution boundary across composed live registries.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🦞 diamond lobster.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes after-fix terminal proof for focused Vitest shards, tsgo, diff check, Mermaid validation, and observed regression results; it also names the missing rebuilt gateway/container proof.
  • proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix terminal proof for focused Vitest shards, tsgo, diff check, Mermaid validation, and observed regression results; it also names the missing rebuilt gateway/container proof.
Evidence reviewed

PR surface:

Source +89, Tests +228. Total +317 across 9 files.

View PR surface stats
Area Files Added Removed Net
Source 4 241 152 +89
Tests 5 230 2 +228
Docs 0 0 0 0
Config 0 0 0 0
Generated 0 0 0 0
Other 0 0 0 0
Total 9 471 154 +317

What I checked:

  • Repository policy read: Root and scoped AGENTS.md files were read; their plugin-boundary, agent hot-path, SDK-boundary, security-boundary, and Codex-contract review requirements applied to this PR. (AGENTS.md:6, 6c2c43d63f4c)
  • Current main has split policy lookup: Current main reports hook presence from the global hook runner while trusted-policy diagnostics still use the trusted-policy helper default, which reads the active registry. (src/agents/agent-tools.before-tool-call.ts:199, 6c2c43d63f4c)
  • Current main trusted policies default to active registry: The current hasTrustedToolPolicies() and runTrustedToolPolicies() implementations read getActivePluginRegistry(), so a composed/pinned registry can have hooks visible while its trusted policies are missed. (src/plugins/trusted-tool-policy.ts:29, 6c2c43d63f4c)
  • Current main composes hook dispatch: The existing global hook runner already composes live registries for hook dispatch; this is the registry view the PR extends to trusted policies. (src/plugins/hook-runner-global.ts:69, 6c2c43d63f4c)
  • PR routes policy execution through composed registry: At the PR head, runBeforeToolCallHook obtains getGlobalHookRunnerRegistry(), uses it for policy presence, and passes it into trusted-policy evaluation. (src/agents/agent-tools.before-tool-call.ts:1118, e5314c027261)
  • PR keeps composed registry internal and ordered: The new internal state module composes live hook registry sources, owner-filters trusted policies, and sorts bundled policies before installed policies. (src/plugins/hook-runner-global-state.ts:158, e5314c027261)

Likely related people:

  • amknight: Authored the live composed hook-runner registry fix that this PR extends to trusted-policy lookup. (role: recent feature owner; confidence: high; commits: f47eeaf3c8b3, 23eadfa27783; files: src/plugins/hook-runner-global.ts, src/plugins/runtime.ts, src/plugins/loader.ts)
  • vincentkoc: Authored the merged fail-closed trusted-policy hardening and current-main history/blame on the before_tool_call trusted-policy path. (role: trusted-policy contributor and recent area contributor; confidence: high; commits: 1dd5760b5a34, be967545c500, ab165d119cc7; files: src/plugins/trusted-tool-policy.ts, src/agents/agent-tools.before-tool-call.ts, src/plugins/hook-runner-global.ts)
  • 100yenadmin: Path history shows the generic plugin host-hook contracts that introduced the trusted tool policy registration surface. (role: introduced host-hook contract area; confidence: medium; commits: 1adaa28dc86b, cb3853587576; files: src/plugins/trusted-tool-policy.ts, src/plugins/registry.ts, src/plugins/contracts/host-hooks.contract.test.ts)
  • jalehman: Merged and carried review-hardening commits for the generic host-hook and trusted-policy foundation. (role: reviewer and hardening contributor; confidence: medium; commits: 987f9fe49618, 2d8caad3c405; files: src/plugins/trusted-tool-policy.ts, src/plugins/contracts/host-hooks.contract.test.ts)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action. P1 High-priority user-facing bug, regression, or broken workflow. merge-risk: 🚨 security-boundary 🚨 May affect sandboxing, authorization, credentials, or sensitive data. labels Jun 18, 2026
@clawsweeper clawsweeper Bot added rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. and removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action. labels Jun 18, 2026
@clawsweeper clawsweeper Bot added rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. proof: sufficient ClawSweeper judged the real behavior proof convincing. and removed rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. labels Jun 18, 2026
@amknight

Copy link
Copy Markdown
Member

The fix direction is right (policies should resolve from the same live registry set as hooks), but in composeLiveHookRegistry (src/plugins/hook-runner-global-state.ts) the trusted-policy owner selection is a near-verbatim clone of the hook owner selection directly above it: policyOwnerSourceIndexByPluginId / claimPolicyOwner / trustedPolicyPluginIdsBySource plus the four claim passes. Passes 2 and 3 (loaded → claim, any-plugin → claim) are byte-identical, and pass 4 re-claims using the same id set built for pass 1.

That's ~40 lines of duplicated control flow, which reads as a smell against the repo's "reduce non-test LOC / avoid duplication" bar. A single helper parameterized by the per-source contribution-id sets collapses both:

function selectContributionOwners(
  sources: TrustedPolicyHookRunnerRegistry[],
  contributionIdsBySource: Set<string>[],
): Map<string, number> {
  const owner = new Map<string, number>();
  const claim = (id: string, i: number) => { if (!owner.has(id)) owner.set(id, i); };
  sources.forEach((r, i) => { for (const p of r.plugins) if (p.status === "loaded" && contributionIdsBySource[i].has(p.id)) claim(p.id, i); });
  sources.forEach((r, i) => { for (const p of r.plugins) if (p.status === "loaded") claim(p.id, i); });
  sources.forEach((r, i) => { for (const p of r.plugins) claim(p.id, i); });
  contributionIdsBySource.forEach((ids, i) => { for (const id of ids) claim(id, i); });
  return owner;
}

Hooks pass the hook-id sets, policies pass the policy-id sets. Purely a dedupe — no behavior change intended.

@jesse-merhi jesse-merhi merged commit 4cb94cc into main Jun 22, 2026
212 of 219 checks passed
@jesse-merhi jesse-merhi deleted the jesse/fix-trusted-policy-registry branch June 22, 2026 00:15
vincentkoc pushed a commit that referenced this pull request Jun 22, 2026
* fix: keep trusted policies with hook registry

* fix: compose trusted policies with live hooks

* fix: preserve trusted policy order

* test: update hook runner mock

* fix: keep hook policy registry internal
github-actions Bot pushed a commit to Desicool/openclaw that referenced this pull request Jun 22, 2026
* fix: keep trusted policies with hook registry

* fix: compose trusted policies with live hooks

* fix: preserve trusted policy order

* test: update hook runner mock

* fix: keep hook policy registry internal
eleboucher pushed a commit to eleboucher/homelab that referenced this pull request Jun 24, 2026
…26.6.10) (#1256)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [ghcr.io/openclaw/openclaw](https://openclaw.ai) ([source](https://github.com/openclaw/openclaw)) | patch | `2026.6.9` → `2026.6.10` |

---

### Release Notes

<details>
<summary>openclaw/openclaw (ghcr.io/openclaw/openclaw)</summary>

### [`v2026.6.10`](https://github.com/openclaw/openclaw/blob/HEAD/CHANGELOG.md#2026610)

[Compare Source](openclaw/openclaw@v2026.6.9...v2026.6.10)

##### Highlights

- **Automatic fast mode for talks:** OpenClaw can enable fast mode for short conversational turns, then return to normal mode for longer runs with bounded fallback and delivery behavior. ([#&#8203;85104](openclaw/openclaw#85104)) Thanks [@&#8203;alexph-dev](https://github.com/alexph-dev) and [@&#8203;vincentkoc](https://github.com/vincentkoc).
- **More reliable model routing:** Zai model synthesis, GLM overload failover, and native reasoning-level selection now follow the active model catalog more consistently. ([#&#8203;94461](openclaw/openclaw#94461), [#&#8203;93241](openclaw/openclaw#93241), [#&#8203;94067](openclaw/openclaw#94067), [#&#8203;94136](openclaw/openclaw#94136)) Thanks [@&#8203;Pandah97](https://github.com/Pandah97), [@&#8203;chrysb](https://github.com/chrysb), [@&#8203;0xghost42](https://github.com/0xghost42), [@&#8203;zhengli0922](https://github.com/zhengli0922), [@&#8203;openperf](https://github.com/openperf), [@&#8203;civiltox](https://github.com/civiltox), and [@&#8203;BorClaw](https://github.com/BorClaw).
- **Safer session and channel state:** channel switches reset stale origin fields, and cron delivery awareness stays attached to the target session. ([#&#8203;95328](openclaw/openclaw#95328), [#&#8203;93580](openclaw/openclaw#93580)) Thanks [@&#8203;ZengWen-DT](https://github.com/ZengWen-DT), [@&#8203;jalehman](https://github.com/jalehman), [@&#8203;gorkem2020](https://github.com/gorkem2020), and [@&#8203;scotthuang](https://github.com/scotthuang).
- **Trusted policies survive hook composition:** composed hook registries keep the trusted tool policies required by approval-sensitive flows. ([#&#8203;94545](openclaw/openclaw#94545)) Thanks [@&#8203;jesse-merhi](https://github.com/jesse-merhi).

##### Changes

- **Agent and channel runtime:** fast-mode state now survives retries, fallback transitions, progress events, and embedded/CLI/ACP normalization; session and channel routing retain the current target and delivery context. ([#&#8203;85104](openclaw/openclaw#85104), [#&#8203;93580](openclaw/openclaw#93580), [#&#8203;95328](openclaw/openclaw#95328)) Thanks [@&#8203;alexph-dev](https://github.com/alexph-dev), [@&#8203;vincentkoc](https://github.com/vincentkoc), [@&#8203;scotthuang](https://github.com/scotthuang), [@&#8203;ZengWen-DT](https://github.com/ZengWen-DT), [@&#8203;jalehman](https://github.com/jalehman), and [@&#8203;gorkem2020](https://github.com/gorkem2020).
- **Provider behavior:** model catalogs now supply the correct Zai base URL, overload classification, and native reasoning controls for live-discovered models. ([#&#8203;94461](openclaw/openclaw#94461), [#&#8203;93241](openclaw/openclaw#93241), [#&#8203;94067](openclaw/openclaw#94067), [#&#8203;94136](openclaw/openclaw#94136)) Thanks [@&#8203;Pandah97](https://github.com/Pandah97), [@&#8203;chrysb](https://github.com/chrysb), [@&#8203;0xghost42](https://github.com/0xghost42), [@&#8203;zhengli0922](https://github.com/zhengli0922), [@&#8203;openperf](https://github.com/openperf), [@&#8203;civiltox](https://github.com/civiltox), and [@&#8203;BorClaw](https://github.com/BorClaw).

##### Fixes

- **Fast-mode and policy correctness:** fallback cutoffs and reset notices are bounded, repeated progress events remain visible, Codex service-tier state is normalized, and trusted policies are not lost when hook registries are composed. ([#&#8203;85104](openclaw/openclaw#85104), [#&#8203;94545](openclaw/openclaw#94545)) Thanks [@&#8203;alexph-dev](https://github.com/alexph-dev), [@&#8203;vincentkoc](https://github.com/vincentkoc), and [@&#8203;jesse-merhi](https://github.com/jesse-merhi).
- **Model and delivery edge cases:** Zai and GLM failover paths use the right runtime metadata, while stale channel-origin state no longer leaks across session changes. ([#&#8203;94461](openclaw/openclaw#94461), [#&#8203;93241](openclaw/openclaw#93241), [#&#8203;95328](openclaw/openclaw#95328)) Thanks [@&#8203;Pandah97](https://github.com/Pandah97), [@&#8203;chrysb](https://github.com/chrysb), [@&#8203;0xghost42](https://github.com/0xghost42), [@&#8203;zhengli0922](https://github.com/zhengli0922), [@&#8203;ZengWen-DT](https://github.com/ZengWen-DT), [@&#8203;jalehman](https://github.com/jalehman), and [@&#8203;gorkem2020](https://github.com/gorkem2020).
- **Provider plugin onboarding:** setup refreshes provider plugin registry metadata after installing setup-selected provider plugins, so auth continuation uses the newly installed provider instead of stale registry state. ([#&#8203;95792](openclaw/openclaw#95792)) Thanks [@&#8203;snowzlmbot](https://github.com/snowzlmbot).

##### Complete contribution record

This audited record covers the complete v2026.6.9..HEAD history: 12 merged PRs. The generation manifest also supplies direct commits as editorial input; the grouped notes above prioritize user impact.

##### Pull requests

- **PR [#&#8203;86627](openclaw/openclaw#86627 Keep core doctor health in contribution order. Thanks [@&#8203;giodl73-repo](https://github.com/giodl73-repo).
- **PR [#&#8203;93580](openclaw/openclaw#93580 fix: preserve cron delivery awareness for target sessions. Thanks [@&#8203;scotthuang](https://github.com/scotthuang) and [@&#8203;jalehman](https://github.com/jalehman).
- **PR [#&#8203;95030](openclaw/openclaw#95030 refactor: add SDK transcript identity target API. Thanks [@&#8203;jalehman](https://github.com/jalehman).
- **PR [#&#8203;94838](openclaw/openclaw#94838 refactor(copilot): complete harness lifecycle parity. Thanks [@&#8203;vincentkoc](https://github.com/vincentkoc).
- **PR [#&#8203;95328](openclaw/openclaw#95328 fix(sessions): reset stale per-channel origin fields on channel switch. Related [#&#8203;95325](openclaw/openclaw#95325). Thanks [@&#8203;ZengWen-DT](https://github.com/ZengWen-DT) and [@&#8203;jalehman](https://github.com/jalehman) and [@&#8203;gorkem2020](https://github.com/gorkem2020).
- **PR [#&#8203;94461](openclaw/openclaw#94461 fix(zai): fall back to manifest baseUrl for synthesized GLM-5 models. Related [#&#8203;94269](openclaw/openclaw#94269). Thanks [@&#8203;Pandah97](https://github.com/Pandah97) and [@&#8203;chrysb](https://github.com/chrysb).
- **PR [#&#8203;93241](openclaw/openclaw#93241 fix(agents): classify Zhipu GLM overload as overloaded for failover. Related [#&#8203;93211](openclaw/openclaw#93211). Thanks [@&#8203;0xghost42](https://github.com/0xghost42) and [@&#8203;zhengli0922](https://github.com/zhengli0922).
- **PR [#&#8203;94067](openclaw/openclaw#94067 fix(channels): resolve native /think menu levels via runtime catalog for live-discovered models. Related [#&#8203;93835](openclaw/openclaw#93835). Thanks [@&#8203;openperf](https://github.com/openperf) and [@&#8203;civiltox](https://github.com/civiltox).
- **PR [#&#8203;94136](openclaw/openclaw#94136 fix(zai): expose GLM-5.2 reasoning levels \[AI-assisted]. Thanks [@&#8203;BorClaw](https://github.com/BorClaw).
- **PR [#&#8203;85104](openclaw/openclaw#85104 feat: fast talks auto mode. Related [#&#8203;85087](openclaw/openclaw#85087). Thanks [@&#8203;alexph-dev](https://github.com/alexph-dev).
- **PR [#&#8203;94545](openclaw/openclaw#94545 fix: keep trusted policies with hook registry. Thanks [@&#8203;jesse-merhi](https://github.com/jesse-merhi).
- **PR [#&#8203;95792](openclaw/openclaw#95792 fix(onboard): refresh provider plugin registry after setup installs. Related [#&#8203;95765](openclaw/openclaw#95765). Thanks [@&#8203;snowzlmbot](https://github.com/snowzlmbot).

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDEuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEwMS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19-->

Reviewed-on: https://git.erwanleboucher.dev/eleboucher/homelab/pulls/1256
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agents Agent runtime and tooling maintainer Maintainer-authored PR merge-risk: 🚨 security-boundary 🚨 May affect sandboxing, authorization, credentials, or sensitive data. P1 High-priority user-facing bug, regression, or broken workflow. proof: sufficient ClawSweeper judged the real behavior proof convincing. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. size: L status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants