From 9d3e653ec9d262fa34d6c63ab0ed2239d19895b1 Mon Sep 17 00:00:00 2001 From: Jason Date: Sun, 15 Mar 2026 04:30:07 -0700 Subject: [PATCH 01/34] fix(web): handle 515 Stream Error during WhatsApp QR pairing (#27910) * fix(web): handle 515 Stream Error during WhatsApp QR pairing getStatusCode() never unwrapped the lastDisconnect wrapper object, so login.errorStatus was always undefined and the 515 restart path in restartLoginSocket was dead code. - Add err.error?.output?.statusCode fallback to getStatusCode() - Export waitForCredsSaveQueue() so callers can await pending creds - Await creds flush in restartLoginSocket before creating new socket Fixes #3942 * test: update session mock for getStatusCode unwrap + waitForCredsSaveQueue Mirror the getStatusCode fix (err.error?.output?.statusCode fallback) in the test mock and export waitForCredsSaveQueue so restartLoginSocket tests work correctly. * fix(web): scope creds save queue per-authDir to avoid cross-account blocking The credential save queue was a single global promise chain shared by all WhatsApp accounts. In multi-account setups, a slow save on one account blocked credential writes and 515 restart recovery for unrelated accounts. Replace the global queue with a per-authDir Map so each account's creds serialize independently. waitForCredsSaveQueue() now accepts an optional authDir to wait on a single account's queue, or waits on all when omitted. Co-Authored-By: Claude Opus 4.6 * test: use real Baileys v7 error shape in 515 restart test The test was using { output: { statusCode: 515 } } which was already handled before the fix. Updated to use the actual Baileys v7 shape { error: { output: { statusCode: 515 } } } to cover the new fallback path in getStatusCode. Co-Authored-By: Claude Code (Opus 4.6) * fix(web): bound credential-queue wait during 515 restart Prevents restartLoginSocket from blocking indefinitely if a queued saveCreds() promise stalls (e.g. hung filesystem write). Co-Authored-By: Claude * fix: clear flush timeout handle and assert creds queue in test Co-Authored-By: Claude * fix: evict settled credsSaveQueues entries to prevent unbounded growth Co-Authored-By: Claude * fix: share WhatsApp 515 creds flush handling (#27910) (thanks @asyncjason) --------- Co-authored-by: Jason Separovic Co-authored-by: Claude Opus 4.6 Co-authored-by: Ayaan Zaidi --- CHANGELOG.md | 1 + extensions/whatsapp/src/login-qr.test.ts | 37 ++++++++++-- extensions/whatsapp/src/login-qr.ts | 4 +- .../whatsapp/src/login.coverage.test.ts | 39 ++++++++++++- extensions/whatsapp/src/login.ts | 18 +++--- extensions/whatsapp/src/session.test.ts | 56 +++++++++++++++++++ extensions/whatsapp/src/session.ts | 40 ++++++++++++- 7 files changed, 177 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f0bcd97486..023d9edea79 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,7 @@ Docs: https://docs.openclaw.ai - Agents/compaction: extend the enclosing run deadline once while compaction is actively in flight, and abort the underlying SDK compaction on timeout/cancel so large-session compactions stop freezing mid-run. (#46889) Thanks @asyncjason. - Models/openai-completions: default non-native OpenAI-compatible providers to omit tool-definition `strict` fields unless users explicitly opt back in, so tool calling keeps working on providers that reject that option. (#45497) Thanks @sahancava. - WhatsApp/reconnect: restore the append recency filter in the extension inbox monitor and handle protobuf `Long` timestamps correctly, so fresh post-reconnect append messages are processed while stale history sync stays suppressed. (#42588) thanks @MonkeyLeeT. +- WhatsApp/login: wait for pending creds writes before reopening after Baileys `515` pairing restarts in both QR login and `channels login` flows, and keep the restart coverage pinned to the real wrapped error shape plus per-account creds queues. (#27910) Thanks @asyncjason. ### Fixes diff --git a/extensions/whatsapp/src/login-qr.test.ts b/extensions/whatsapp/src/login-qr.test.ts index 4b16a289001..48709ceb484 100644 --- a/extensions/whatsapp/src/login-qr.test.ts +++ b/extensions/whatsapp/src/login-qr.test.ts @@ -1,6 +1,11 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import { startWebLoginWithQr, waitForWebLogin } from "./login-qr.js"; -import { createWaSocket, logoutWeb, waitForWaConnection } from "./session.js"; +import { + createWaSocket, + logoutWeb, + waitForCredsSaveQueueWithTimeout, + waitForWaConnection, +} from "./session.js"; vi.mock("./session.js", () => { const createWaSocket = vi.fn( @@ -17,11 +22,13 @@ vi.mock("./session.js", () => { const getStatusCode = vi.fn( (err: unknown) => (err as { output?: { statusCode?: number } })?.output?.statusCode ?? - (err as { status?: number })?.status, + (err as { status?: number })?.status ?? + (err as { error?: { output?: { statusCode?: number } } })?.error?.output?.statusCode, ); const webAuthExists = vi.fn(async () => false); const readWebSelfId = vi.fn(() => ({ e164: null, jid: null })); const logoutWeb = vi.fn(async () => true); + const waitForCredsSaveQueueWithTimeout = vi.fn(async () => {}); return { createWaSocket, waitForWaConnection, @@ -30,6 +37,7 @@ vi.mock("./session.js", () => { webAuthExists, readWebSelfId, logoutWeb, + waitForCredsSaveQueueWithTimeout, }; }); @@ -39,22 +47,43 @@ vi.mock("./qr-image.js", () => ({ const createWaSocketMock = vi.mocked(createWaSocket); const waitForWaConnectionMock = vi.mocked(waitForWaConnection); +const waitForCredsSaveQueueWithTimeoutMock = vi.mocked(waitForCredsSaveQueueWithTimeout); const logoutWebMock = vi.mocked(logoutWeb); +async function flushTasks() { + await Promise.resolve(); + await Promise.resolve(); +} + describe("login-qr", () => { beforeEach(() => { vi.clearAllMocks(); }); it("restarts login once on status 515 and completes", async () => { + let releaseCredsFlush: (() => void) | undefined; + const credsFlushGate = new Promise((resolve) => { + releaseCredsFlush = resolve; + }); waitForWaConnectionMock - .mockRejectedValueOnce({ output: { statusCode: 515 } }) + // Baileys v7 wraps the error: { error: BoomError(515) } + .mockRejectedValueOnce({ error: { output: { statusCode: 515 } } }) .mockResolvedValueOnce(undefined); + waitForCredsSaveQueueWithTimeoutMock.mockReturnValueOnce(credsFlushGate); const start = await startWebLoginWithQr({ timeoutMs: 5000 }); expect(start.qrDataUrl).toBe("data:image/png;base64,base64"); - const result = await waitForWebLogin({ timeoutMs: 5000 }); + const resultPromise = waitForWebLogin({ timeoutMs: 5000 }); + await flushTasks(); + await flushTasks(); + + expect(createWaSocketMock).toHaveBeenCalledTimes(1); + expect(waitForCredsSaveQueueWithTimeoutMock).toHaveBeenCalledOnce(); + expect(waitForCredsSaveQueueWithTimeoutMock).toHaveBeenCalledWith(expect.any(String)); + + releaseCredsFlush?.(); + const result = await resultPromise; expect(result.connected).toBe(true); expect(createWaSocketMock).toHaveBeenCalledTimes(2); diff --git a/extensions/whatsapp/src/login-qr.ts b/extensions/whatsapp/src/login-qr.ts index a54e3fe56b2..3681d646252 100644 --- a/extensions/whatsapp/src/login-qr.ts +++ b/extensions/whatsapp/src/login-qr.ts @@ -12,6 +12,7 @@ import { getStatusCode, logoutWeb, readWebSelfId, + waitForCredsSaveQueueWithTimeout, waitForWaConnection, webAuthExists, } from "./session.js"; @@ -85,9 +86,10 @@ async function restartLoginSocket(login: ActiveLogin, runtime: RuntimeEnv) { } login.restartAttempted = true; runtime.log( - info("WhatsApp asked for a restart after pairing (code 515); retrying connection once…"), + info("WhatsApp asked for a restart after pairing (code 515); waiting for creds to save…"), ); closeSocket(login.sock); + await waitForCredsSaveQueueWithTimeout(login.authDir); try { const sock = await createWaSocket(false, login.verbose, { authDir: login.authDir, diff --git a/extensions/whatsapp/src/login.coverage.test.ts b/extensions/whatsapp/src/login.coverage.test.ts index 6306228693a..dda665ccdce 100644 --- a/extensions/whatsapp/src/login.coverage.test.ts +++ b/extensions/whatsapp/src/login.coverage.test.ts @@ -4,7 +4,12 @@ import path from "node:path"; import { DisconnectReason } from "@whiskeysockets/baileys"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { loginWeb } from "./login.js"; -import { createWaSocket, formatError, waitForWaConnection } from "./session.js"; +import { + createWaSocket, + formatError, + waitForCredsSaveQueueWithTimeout, + waitForWaConnection, +} from "./session.js"; const rmMock = vi.spyOn(fs, "rm"); @@ -35,10 +40,19 @@ vi.mock("./session.js", () => { const createWaSocket = vi.fn(async () => (call++ === 0 ? sockA : sockB)); const waitForWaConnection = vi.fn(); const formatError = vi.fn((err: unknown) => `formatted:${String(err)}`); + const getStatusCode = vi.fn( + (err: unknown) => + (err as { output?: { statusCode?: number } })?.output?.statusCode ?? + (err as { status?: number })?.status ?? + (err as { error?: { output?: { statusCode?: number } } })?.error?.output?.statusCode, + ); + const waitForCredsSaveQueueWithTimeout = vi.fn(async () => {}); return { createWaSocket, waitForWaConnection, formatError, + getStatusCode, + waitForCredsSaveQueueWithTimeout, WA_WEB_AUTH_DIR: authDir, logoutWeb: vi.fn(async (params: { authDir?: string }) => { await fs.rm(params.authDir ?? authDir, { @@ -52,8 +66,14 @@ vi.mock("./session.js", () => { const createWaSocketMock = vi.mocked(createWaSocket); const waitForWaConnectionMock = vi.mocked(waitForWaConnection); +const waitForCredsSaveQueueWithTimeoutMock = vi.mocked(waitForCredsSaveQueueWithTimeout); const formatErrorMock = vi.mocked(formatError); +async function flushTasks() { + await Promise.resolve(); + await Promise.resolve(); +} + describe("loginWeb coverage", () => { beforeEach(() => { vi.useFakeTimers(); @@ -65,12 +85,25 @@ describe("loginWeb coverage", () => { }); it("restarts once when WhatsApp requests code 515", async () => { + let releaseCredsFlush: (() => void) | undefined; + const credsFlushGate = new Promise((resolve) => { + releaseCredsFlush = resolve; + }); waitForWaConnectionMock - .mockRejectedValueOnce({ output: { statusCode: 515 } }) + .mockRejectedValueOnce({ error: { output: { statusCode: 515 } } }) .mockResolvedValueOnce(undefined); + waitForCredsSaveQueueWithTimeoutMock.mockReturnValueOnce(credsFlushGate); const runtime = { log: vi.fn(), error: vi.fn() } as never; - await loginWeb(false, waitForWaConnectionMock as never, runtime); + const pendingLogin = loginWeb(false, waitForWaConnectionMock as never, runtime); + await flushTasks(); + + expect(createWaSocketMock).toHaveBeenCalledTimes(1); + expect(waitForCredsSaveQueueWithTimeoutMock).toHaveBeenCalledOnce(); + expect(waitForCredsSaveQueueWithTimeoutMock).toHaveBeenCalledWith(authDir); + + releaseCredsFlush?.(); + await pendingLogin; expect(createWaSocketMock).toHaveBeenCalledTimes(2); const firstSock = await createWaSocketMock.mock.results[0]?.value; diff --git a/extensions/whatsapp/src/login.ts b/extensions/whatsapp/src/login.ts index 3eae0732c5d..0923a38a122 100644 --- a/extensions/whatsapp/src/login.ts +++ b/extensions/whatsapp/src/login.ts @@ -5,7 +5,14 @@ import { danger, info, success } from "../../../src/globals.js"; import { logInfo } from "../../../src/logger.js"; import { defaultRuntime, type RuntimeEnv } from "../../../src/runtime.js"; import { resolveWhatsAppAccount } from "./accounts.js"; -import { createWaSocket, formatError, logoutWeb, waitForWaConnection } from "./session.js"; +import { + createWaSocket, + formatError, + getStatusCode, + logoutWeb, + waitForCredsSaveQueueWithTimeout, + waitForWaConnection, +} from "./session.js"; export async function loginWeb( verbose: boolean, @@ -24,20 +31,17 @@ export async function loginWeb( await wait(sock); console.log(success("✅ Linked! Credentials saved for future sends.")); } catch (err) { - const code = - (err as { error?: { output?: { statusCode?: number } } })?.error?.output?.statusCode ?? - (err as { output?: { statusCode?: number } })?.output?.statusCode; + const code = getStatusCode(err); if (code === 515) { console.log( - info( - "WhatsApp asked for a restart after pairing (code 515); creds are saved. Restarting connection once…", - ), + info("WhatsApp asked for a restart after pairing (code 515); waiting for creds to save…"), ); try { sock.ws?.close(); } catch { // ignore } + await waitForCredsSaveQueueWithTimeout(account.authDir); const retry = await createWaSocket(false, verbose, { authDir: account.authDir, }); diff --git a/extensions/whatsapp/src/session.test.ts b/extensions/whatsapp/src/session.test.ts index 177c8c8e5e6..d86de75ffa7 100644 --- a/extensions/whatsapp/src/session.test.ts +++ b/extensions/whatsapp/src/session.test.ts @@ -204,6 +204,62 @@ describe("web session", () => { expect(inFlight).toBe(0); }); + it("lets different authDir queues flush independently", async () => { + let inFlightA = 0; + let inFlightB = 0; + let releaseA: (() => void) | null = null; + let releaseB: (() => void) | null = null; + const gateA = new Promise((resolve) => { + releaseA = resolve; + }); + const gateB = new Promise((resolve) => { + releaseB = resolve; + }); + + const saveCredsA = vi.fn(async () => { + inFlightA += 1; + await gateA; + inFlightA -= 1; + }); + const saveCredsB = vi.fn(async () => { + inFlightB += 1; + await gateB; + inFlightB -= 1; + }); + useMultiFileAuthStateMock + .mockResolvedValueOnce({ + state: { creds: {} as never, keys: {} as never }, + saveCreds: saveCredsA, + }) + .mockResolvedValueOnce({ + state: { creds: {} as never, keys: {} as never }, + saveCreds: saveCredsB, + }); + + await createWaSocket(false, false, { authDir: "/tmp/wa-a" }); + const sockA = getLastSocket(); + await createWaSocket(false, false, { authDir: "/tmp/wa-b" }); + const sockB = getLastSocket(); + + sockA.ev.emit("creds.update", {}); + sockB.ev.emit("creds.update", {}); + + await flushCredsUpdate(); + + expect(saveCredsA).toHaveBeenCalledTimes(1); + expect(saveCredsB).toHaveBeenCalledTimes(1); + expect(inFlightA).toBe(1); + expect(inFlightB).toBe(1); + + (releaseA as (() => void) | null)?.(); + (releaseB as (() => void) | null)?.(); + await flushCredsUpdate(); + await flushCredsUpdate(); + + expect(inFlightA).toBe(0); + expect(inFlightB).toBe(0); + }); + it("rotates creds backup when creds.json is valid JSON", async () => { const creds = mockCredsJsonSpies("{}"); const backupSuffix = path.join( diff --git a/extensions/whatsapp/src/session.ts b/extensions/whatsapp/src/session.ts index db48b49c874..8fc7f9fd1fc 100644 --- a/extensions/whatsapp/src/session.ts +++ b/extensions/whatsapp/src/session.ts @@ -31,17 +31,24 @@ export { webAuthExists, } from "./auth-store.js"; -let credsSaveQueue: Promise = Promise.resolve(); +// Per-authDir queues so multi-account creds saves don't block each other. +const credsSaveQueues = new Map>(); +const CREDS_SAVE_FLUSH_TIMEOUT_MS = 15_000; function enqueueSaveCreds( authDir: string, saveCreds: () => Promise | void, logger: ReturnType, ): void { - credsSaveQueue = credsSaveQueue + const prev = credsSaveQueues.get(authDir) ?? Promise.resolve(); + const next = prev .then(() => safeSaveCreds(authDir, saveCreds, logger)) .catch((err) => { logger.warn({ error: String(err) }, "WhatsApp creds save queue error"); + }) + .finally(() => { + if (credsSaveQueues.get(authDir) === next) credsSaveQueues.delete(authDir); }); + credsSaveQueues.set(authDir, next); } async function safeSaveCreds( @@ -186,10 +193,37 @@ export async function waitForWaConnection(sock: ReturnType) export function getStatusCode(err: unknown) { return ( (err as { output?: { statusCode?: number } })?.output?.statusCode ?? - (err as { status?: number })?.status + (err as { status?: number })?.status ?? + (err as { error?: { output?: { statusCode?: number } } })?.error?.output?.statusCode ); } +/** Await pending credential saves — scoped to one authDir, or all if omitted. */ +export function waitForCredsSaveQueue(authDir?: string): Promise { + if (authDir) { + return credsSaveQueues.get(authDir) ?? Promise.resolve(); + } + return Promise.all(credsSaveQueues.values()).then(() => {}); +} + +/** Await pending credential saves, but don't hang forever on stalled I/O. */ +export async function waitForCredsSaveQueueWithTimeout( + authDir: string, + timeoutMs = CREDS_SAVE_FLUSH_TIMEOUT_MS, +): Promise { + let flushTimeout: ReturnType | undefined; + await Promise.race([ + waitForCredsSaveQueue(authDir), + new Promise((resolve) => { + flushTimeout = setTimeout(resolve, timeoutMs); + }), + ]).finally(() => { + if (flushTimeout) { + clearTimeout(flushTimeout); + } + }); +} + function safeStringify(value: unknown, limit = 800): string { try { const seen = new WeakSet(); From 5c5c64b6129a5ab199488d1e0255a25292ed3c66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8A=A9=E7=88=AA?= Date: Sun, 15 Mar 2026 07:46:07 -0400 Subject: [PATCH 02/34] Deduplicate repeated tool call IDs for OpenAI-compatible APIs (#40996) Merged via squash. Prepared head SHA: 38d80483592de63866b07cd61edc7f41ffd56021 Co-authored-by: xaeon2026 <264572156+xaeon2026@users.noreply.github.com> Co-authored-by: frankekn <4488090+frankekn@users.noreply.github.com> Reviewed-by: @frankekn --- CHANGELOG.md | 1 + ...ed-runner.sanitize-session-history.test.ts | 20 +++- .../pi-embedded-runner/run/attempt.test.ts | 20 ++++ src/agents/pi-embedded-runner/run/attempt.ts | 14 ++- src/agents/tool-call-id.test.ts | 100 ++++++++++++++++++ src/agents/tool-call-id.ts | 85 +++++++++++---- src/agents/transcript-policy.ts | 5 +- 7 files changed, 216 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 023d9edea79..bd2212d5174 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,6 +32,7 @@ Docs: https://docs.openclaw.ai - Models/openai-completions: default non-native OpenAI-compatible providers to omit tool-definition `strict` fields unless users explicitly opt back in, so tool calling keeps working on providers that reject that option. (#45497) Thanks @sahancava. - WhatsApp/reconnect: restore the append recency filter in the extension inbox monitor and handle protobuf `Long` timestamps correctly, so fresh post-reconnect append messages are processed while stale history sync stays suppressed. (#42588) thanks @MonkeyLeeT. - WhatsApp/login: wait for pending creds writes before reopening after Baileys `515` pairing restarts in both QR login and `channels login` flows, and keep the restart coverage pinned to the real wrapped error shape plus per-account creds queues. (#27910) Thanks @asyncjason. +- Agents/openai-compatible tool calls: deduplicate repeated tool call ids across live assistant messages and replayed history so OpenAI-compatible backends no longer reject duplicate `tool_call_id` values with HTTP 400. (#40996) Thanks @xaeon2026. ### Fixes diff --git a/src/agents/pi-embedded-runner.sanitize-session-history.test.ts b/src/agents/pi-embedded-runner.sanitize-session-history.test.ts index 2003523e03f..438b46bb971 100644 --- a/src/agents/pi-embedded-runner.sanitize-session-history.test.ts +++ b/src/agents/pi-embedded-runner.sanitize-session-history.test.ts @@ -2,6 +2,7 @@ import type { AgentMessage } from "@mariozechner/pi-agent-core"; import type { AssistantMessage, UserMessage, Usage } from "@mariozechner/pi-ai"; import { beforeEach, describe, expect, it, vi } from "vitest"; import { + expectOpenAIResponsesStrictSanitizeCall, loadSanitizeSessionHistoryWithCleanMocks, makeMockSessionManager, makeInMemorySessionManager, @@ -247,7 +248,24 @@ describe("sanitizeSessionHistory", () => { expect(result).toEqual(mockMessages); }); - it("passes simple user-only history through for openai-completions", async () => { + it("sanitizes tool call ids for OpenAI-compatible responses providers", async () => { + setNonGoogleModelApi(); + + await sanitizeSessionHistory({ + messages: mockMessages, + modelApi: "openai-responses", + provider: "custom", + sessionManager: mockSessionManager, + sessionId: TEST_SESSION_ID, + }); + + expectOpenAIResponsesStrictSanitizeCall( + mockedHelpers.sanitizeSessionMessagesImages, + mockMessages, + ); + }); + + it("sanitizes tool call ids for openai-completions", async () => { setNonGoogleModelApi(); const result = await sanitizeSessionHistory({ diff --git a/src/agents/pi-embedded-runner/run/attempt.test.ts b/src/agents/pi-embedded-runner/run/attempt.test.ts index ef88e04ef46..1953099cf7b 100644 --- a/src/agents/pi-embedded-runner/run/attempt.test.ts +++ b/src/agents/pi-embedded-runner/run/attempt.test.ts @@ -702,6 +702,26 @@ describe("wrapStreamFnTrimToolCallNames", () => { expect(finalToolCall.name).toBe("read"); expect(finalToolCall.id).toBe("call_42"); }); + + it("reassigns duplicate tool call ids within a message to unique fallbacks", async () => { + const finalToolCallA = { type: "toolCall", name: " read ", id: " edit:22 " }; + const finalToolCallB = { type: "toolCall", name: " write ", id: "edit:22" }; + const finalMessage = { role: "assistant", content: [finalToolCallA, finalToolCallB] }; + const baseFn = vi.fn(() => + createFakeStream({ + events: [], + resultMessage: finalMessage, + }), + ); + + const stream = await invokeWrappedStream(baseFn); + await stream.result(); + + expect(finalToolCallA.name).toBe("read"); + expect(finalToolCallB.name).toBe("write"); + expect(finalToolCallA.id).toBe("edit:22"); + expect(finalToolCallB.id).toBe("call_auto_1"); + }); }); describe("wrapStreamFnRepairMalformedToolCallArguments", () => { diff --git a/src/agents/pi-embedded-runner/run/attempt.ts b/src/agents/pi-embedded-runner/run/attempt.ts index ef5a63cdcd1..b02e8a59fb8 100644 --- a/src/agents/pi-embedded-runner/run/attempt.ts +++ b/src/agents/pi-embedded-runner/run/attempt.ts @@ -667,6 +667,7 @@ function normalizeToolCallIdsInMessage(message: unknown): void { } let fallbackIndex = 1; + const assignedIds = new Set(); for (const block of content) { if (!block || typeof block !== "object") { continue; @@ -678,20 +679,23 @@ function normalizeToolCallIdsInMessage(message: unknown): void { if (typeof typedBlock.id === "string") { const trimmedId = typedBlock.id.trim(); if (trimmedId) { - if (typedBlock.id !== trimmedId) { - typedBlock.id = trimmedId; + if (!assignedIds.has(trimmedId)) { + if (typedBlock.id !== trimmedId) { + typedBlock.id = trimmedId; + } + assignedIds.add(trimmedId); + continue; } - usedIds.add(trimmedId); - continue; } } let fallbackId = ""; - while (!fallbackId || usedIds.has(fallbackId)) { + while (!fallbackId || usedIds.has(fallbackId) || assignedIds.has(fallbackId)) { fallbackId = `call_auto_${fallbackIndex++}`; } typedBlock.id = fallbackId; usedIds.add(fallbackId); + assignedIds.add(fallbackId); } } diff --git a/src/agents/tool-call-id.test.ts b/src/agents/tool-call-id.test.ts index dec3d37e9d8..ced9c7ee8a5 100644 --- a/src/agents/tool-call-id.test.ts +++ b/src/agents/tool-call-id.test.ts @@ -29,6 +29,54 @@ const buildDuplicateIdCollisionInput = () => }, ]); +const buildRepeatedRawIdInput = () => + castAgentMessages([ + { + role: "assistant", + content: [ + { type: "toolCall", id: "edit:22", name: "edit", arguments: {} }, + { type: "toolCall", id: "edit:22", name: "edit", arguments: {} }, + ], + }, + { + role: "toolResult", + toolCallId: "edit:22", + toolName: "edit", + content: [{ type: "text", text: "one" }], + }, + { + role: "toolResult", + toolCallId: "edit:22", + toolName: "edit", + content: [{ type: "text", text: "two" }], + }, + ]); + +const buildRepeatedSharedToolResultIdInput = () => + castAgentMessages([ + { + role: "assistant", + content: [ + { type: "toolCall", id: "edit:22", name: "edit", arguments: {} }, + { type: "toolCall", id: "edit:22", name: "edit", arguments: {} }, + ], + }, + { + role: "toolResult", + toolCallId: "edit:22", + toolUseId: "edit:22", + toolName: "edit", + content: [{ type: "text", text: "one" }], + }, + { + role: "toolResult", + toolCallId: "edit:22", + toolUseId: "edit:22", + toolName: "edit", + content: [{ type: "text", text: "two" }], + }, + ]); + function expectCollisionIdsRemainDistinct( out: AgentMessage[], mode: "strict" | "strict9", @@ -111,6 +159,26 @@ describe("sanitizeToolCallIdsForCloudCodeAssist", () => { expectCollisionIdsRemainDistinct(out, "strict"); }); + it("reuses one rewritten id when a tool result carries matching toolCallId and toolUseId", () => { + const input = buildRepeatedSharedToolResultIdInput(); + + const out = sanitizeToolCallIdsForCloudCodeAssist(input); + expect(out).not.toBe(input); + const { aId, bId } = expectCollisionIdsRemainDistinct(out, "strict"); + const r1 = out[1] as Extract & { toolUseId?: string }; + const r2 = out[2] as Extract & { toolUseId?: string }; + expect(r1.toolUseId).toBe(aId); + expect(r2.toolUseId).toBe(bId); + }); + + it("assigns distinct IDs when identical raw tool call ids repeat", () => { + const input = buildRepeatedRawIdInput(); + + const out = sanitizeToolCallIdsForCloudCodeAssist(input); + expect(out).not.toBe(input); + expectCollisionIdsRemainDistinct(out, "strict"); + }); + it("caps tool call IDs at 40 chars while preserving uniqueness", () => { const longA = `call_${"a".repeat(60)}`; const longB = `call_${"a".repeat(59)}b`; @@ -181,6 +249,16 @@ describe("sanitizeToolCallIdsForCloudCodeAssist", () => { expect(aId).not.toMatch(/[_-]/); expect(bId).not.toMatch(/[_-]/); }); + + it("assigns distinct strict IDs when identical raw tool call ids repeat", () => { + const input = buildRepeatedRawIdInput(); + + const out = sanitizeToolCallIdsForCloudCodeAssist(input, "strict"); + expect(out).not.toBe(input); + const { aId, bId } = expectCollisionIdsRemainDistinct(out, "strict"); + expect(aId).not.toMatch(/[_-]/); + expect(bId).not.toMatch(/[_-]/); + }); }); describe("strict9 mode (Mistral tool call IDs)", () => { @@ -231,5 +309,27 @@ describe("sanitizeToolCallIdsForCloudCodeAssist", () => { expect(aId.length).toBe(9); expect(bId.length).toBe(9); }); + + it("assigns distinct strict9 IDs when identical raw tool call ids repeat", () => { + const input = buildRepeatedRawIdInput(); + + const out = sanitizeToolCallIdsForCloudCodeAssist(input, "strict9"); + expect(out).not.toBe(input); + const { aId, bId } = expectCollisionIdsRemainDistinct(out, "strict9"); + expect(aId.length).toBe(9); + expect(bId.length).toBe(9); + }); + + it("reuses one rewritten strict9 id when a tool result carries matching toolCallId and toolUseId", () => { + const input = buildRepeatedSharedToolResultIdInput(); + + const out = sanitizeToolCallIdsForCloudCodeAssist(input, "strict9"); + expect(out).not.toBe(input); + const { aId, bId } = expectCollisionIdsRemainDistinct(out, "strict9"); + const r1 = out[1] as Extract & { toolUseId?: string }; + const r2 = out[2] as Extract & { toolUseId?: string }; + expect(r1.toolUseId).toBe(aId); + expect(r2.toolUseId).toBe(bId); + }); }); }); diff --git a/src/agents/tool-call-id.ts b/src/agents/tool-call-id.ts index e30236e6e82..c7c68994458 100644 --- a/src/agents/tool-call-id.ts +++ b/src/agents/tool-call-id.ts @@ -144,9 +144,55 @@ function makeUniqueToolId(params: { id: string; used: Set; mode: ToolCal return `${candidate.slice(0, MAX_LEN - ts.length)}${ts}`; } +function createOccurrenceAwareResolver(mode: ToolCallIdMode): { + resolveAssistantId: (id: string) => string; + resolveToolResultId: (id: string) => string; +} { + const used = new Set(); + const assistantOccurrences = new Map(); + const orphanToolResultOccurrences = new Map(); + const pendingByRawId = new Map(); + + const allocate = (seed: string): string => { + const next = makeUniqueToolId({ id: seed, used, mode }); + used.add(next); + return next; + }; + + const resolveAssistantId = (id: string): string => { + const occurrence = (assistantOccurrences.get(id) ?? 0) + 1; + assistantOccurrences.set(id, occurrence); + const next = allocate(occurrence === 1 ? id : `${id}:${occurrence}`); + const pending = pendingByRawId.get(id); + if (pending) { + pending.push(next); + } else { + pendingByRawId.set(id, [next]); + } + return next; + }; + + const resolveToolResultId = (id: string): string => { + const pending = pendingByRawId.get(id); + if (pending && pending.length > 0) { + const next = pending.shift()!; + if (pending.length === 0) { + pendingByRawId.delete(id); + } + return next; + } + + const occurrence = (orphanToolResultOccurrences.get(id) ?? 0) + 1; + orphanToolResultOccurrences.set(id, occurrence); + return allocate(`${id}:tool_result:${occurrence}`); + }; + + return { resolveAssistantId, resolveToolResultId }; +} + function rewriteAssistantToolCallIds(params: { message: Extract; - resolve: (id: string) => string; + resolveId: (id: string) => string; }): Extract { const content = params.message.content; if (!Array.isArray(content)) { @@ -168,7 +214,7 @@ function rewriteAssistantToolCallIds(params: { ) { return block; } - const nextId = params.resolve(id); + const nextId = params.resolveId(id); if (nextId === id) { return block; } @@ -184,7 +230,7 @@ function rewriteAssistantToolCallIds(params: { function rewriteToolResultIds(params: { message: Extract; - resolve: (id: string) => string; + resolveId: (id: string) => string; }): Extract { const toolCallId = typeof params.message.toolCallId === "string" && params.message.toolCallId @@ -192,9 +238,14 @@ function rewriteToolResultIds(params: { : undefined; const toolUseId = (params.message as { toolUseId?: unknown }).toolUseId; const toolUseIdStr = typeof toolUseId === "string" && toolUseId ? toolUseId : undefined; + const sharedRawId = + toolCallId && toolUseIdStr && toolCallId === toolUseIdStr ? toolCallId : undefined; - const nextToolCallId = toolCallId ? params.resolve(toolCallId) : undefined; - const nextToolUseId = toolUseIdStr ? params.resolve(toolUseIdStr) : undefined; + const sharedResolvedId = sharedRawId ? params.resolveId(sharedRawId) : undefined; + const nextToolCallId = + sharedResolvedId ?? (toolCallId ? params.resolveId(toolCallId) : undefined); + const nextToolUseId = + sharedResolvedId ?? (toolUseIdStr ? params.resolveId(toolUseIdStr) : undefined); if (nextToolCallId === toolCallId && nextToolUseId === toolUseIdStr) { return params.message; @@ -219,21 +270,11 @@ export function sanitizeToolCallIdsForCloudCodeAssist( ): AgentMessage[] { // Strict mode: only [a-zA-Z0-9] // Strict9 mode: only [a-zA-Z0-9], length 9 (Mistral tool call requirement) - // Sanitization can introduce collisions (e.g. `a|b` and `a:b` -> `ab`). - // Fix by applying a stable, transcript-wide mapping and de-duping via suffix. - const map = new Map(); - const used = new Set(); - - const resolve = (id: string) => { - const existing = map.get(id); - if (existing) { - return existing; - } - const next = makeUniqueToolId({ id, used, mode }); - map.set(id, next); - used.add(next); - return next; - }; + // Sanitization can introduce collisions, and some providers also reject raw + // duplicate tool-call IDs. Track assistant occurrences in-order so repeated + // raw IDs receive distinct rewritten IDs, while matching tool results consume + // the same rewritten IDs in encounter order. + const { resolveAssistantId, resolveToolResultId } = createOccurrenceAwareResolver(mode); let changed = false; const out = messages.map((msg) => { @@ -244,7 +285,7 @@ export function sanitizeToolCallIdsForCloudCodeAssist( if (role === "assistant") { const next = rewriteAssistantToolCallIds({ message: msg as Extract, - resolve, + resolveId: resolveAssistantId, }); if (next !== msg) { changed = true; @@ -254,7 +295,7 @@ export function sanitizeToolCallIdsForCloudCodeAssist( if (role === "toolResult") { const next = rewriteToolResultIds({ message: msg as Extract, - resolve, + resolveId: resolveToolResultId, }); if (next !== msg) { changed = true; diff --git a/src/agents/transcript-policy.ts b/src/agents/transcript-policy.ts index 46795bad1bc..784770f2e28 100644 --- a/src/agents/transcript-policy.ts +++ b/src/agents/transcript-policy.ts @@ -78,7 +78,10 @@ export function resolveTranscriptPolicy(params: { provider, modelId, }); - const requiresOpenAiCompatibleToolIdSanitization = params.modelApi === "openai-completions"; + const requiresOpenAiCompatibleToolIdSanitization = + params.modelApi === "openai-completions" || + (!isOpenAi && + (params.modelApi === "openai-responses" || params.modelApi === "openai-codex-responses")); // Anthropic Claude endpoints can reject replayed `thinking` blocks unless the // original signatures are preserved byte-for-byte. Drop them at send-time to From 26e0a3ee9a6b5e1251919f6b3b07015cebbf9375 Mon Sep 17 00:00:00 2001 From: Andrew Demczuk Date: Sun, 15 Mar 2026 13:03:39 +0100 Subject: [PATCH 03/34] fix(gateway): skip Control UI pairing when auth.mode=none (closes #42931) (#47148) When auth is completely disabled (mode=none), requiring device pairing for Control UI operator sessions adds friction without security value since any client can already connect without credentials. Add authMode parameter to shouldSkipControlUiPairing so the bypass fires only for Control UI + operator role + auth.mode=none. This avoids the #43478 regression where a top-level OR disabled pairing for ALL websocket clients. --- .../ws-connection/connect-policy.test.ts | 24 +++++++++++++++++++ .../server/ws-connection/connect-policy.ts | 13 ++++++++++ .../server/ws-connection/message-handler.ts | 8 ++++++- 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/src/gateway/server/ws-connection/connect-policy.test.ts b/src/gateway/server/ws-connection/connect-policy.test.ts index 670f73637ac..a7baa7f73c1 100644 --- a/src/gateway/server/ws-connection/connect-policy.test.ts +++ b/src/gateway/server/ws-connection/connect-policy.test.ts @@ -226,6 +226,30 @@ describe("ws connect policy", () => { expect(shouldSkipControlUiPairing(strict, "operator", true)).toBe(true); }); + test("auth.mode=none skips pairing for operator control-ui only", () => { + const controlUi = resolveControlUiAuthPolicy({ + isControlUi: true, + controlUiConfig: undefined, + deviceRaw: null, + }); + const nonControlUi = resolveControlUiAuthPolicy({ + isControlUi: false, + controlUiConfig: undefined, + deviceRaw: null, + }); + // Control UI + operator + auth.mode=none: skip pairing (the fix for #42931) + expect(shouldSkipControlUiPairing(controlUi, "operator", false, "none")).toBe(true); + // Control UI + node role + auth.mode=none: still require pairing + expect(shouldSkipControlUiPairing(controlUi, "node", false, "none")).toBe(false); + // Non-Control-UI + operator + auth.mode=none: still require pairing + // (prevents #43478 regression where ALL clients bypassed pairing) + expect(shouldSkipControlUiPairing(nonControlUi, "operator", false, "none")).toBe(false); + // Control UI + operator + auth.mode=shared-key: no change + expect(shouldSkipControlUiPairing(controlUi, "operator", false, "shared-key")).toBe(false); + // Control UI + operator + no authMode: no change + expect(shouldSkipControlUiPairing(controlUi, "operator", false)).toBe(false); + }); + test("trusted-proxy control-ui bypass only applies to operator + trusted-proxy auth", () => { const cases: Array<{ role: "operator" | "node"; diff --git a/src/gateway/server/ws-connection/connect-policy.ts b/src/gateway/server/ws-connection/connect-policy.ts index c5c4c1d0a07..caf4551a714 100644 --- a/src/gateway/server/ws-connection/connect-policy.ts +++ b/src/gateway/server/ws-connection/connect-policy.ts @@ -3,6 +3,7 @@ import type { GatewayRole } from "../../role-policy.js"; import { roleCanSkipDeviceIdentity } from "../../role-policy.js"; export type ControlUiAuthPolicy = { + isControlUi: boolean; allowInsecureAuthConfigured: boolean; dangerouslyDisableDeviceAuth: boolean; allowBypass: boolean; @@ -24,6 +25,7 @@ export function resolveControlUiAuthPolicy(params: { const dangerouslyDisableDeviceAuth = params.isControlUi && params.controlUiConfig?.dangerouslyDisableDeviceAuth === true; return { + isControlUi: params.isControlUi, allowInsecureAuthConfigured, dangerouslyDisableDeviceAuth, // `allowInsecureAuth` must not bypass secure-context/device-auth requirements. @@ -36,10 +38,21 @@ export function shouldSkipControlUiPairing( policy: ControlUiAuthPolicy, role: GatewayRole, trustedProxyAuthOk = false, + authMode?: string, ): boolean { if (trustedProxyAuthOk) { return true; } + // When auth is completely disabled (mode=none), there is no shared secret + // or token to gate pairing. Requiring pairing in this configuration adds + // friction without security value since any client can already connect + // without credentials. Guard with policy.isControlUi because this function + // is called for ALL clients (not just Control UI) at the call site. + // Scope to operator role so node-role sessions still need device identity + // (#43478 was reverted for skipping ALL clients). + if (policy.isControlUi && role === "operator" && authMode === "none") { + return true; + } // dangerouslyDisableDeviceAuth is the break-glass path for Control UI // operators. Keep pairing aligned with the missing-device bypass, including // open-auth deployments where there is no shared token/password to prove. diff --git a/src/gateway/server/ws-connection/message-handler.ts b/src/gateway/server/ws-connection/message-handler.ts index e0116190009..f7eec2153ad 100644 --- a/src/gateway/server/ws-connection/message-handler.ts +++ b/src/gateway/server/ws-connection/message-handler.ts @@ -681,7 +681,13 @@ export function attachGatewayWsMessageHandler(params: { hasBrowserOriginHeader, sharedAuthOk, authMethod, - }) || shouldSkipControlUiPairing(controlUiAuthPolicy, role, trustedProxyAuthOk); + }) || + shouldSkipControlUiPairing( + controlUiAuthPolicy, + role, + trustedProxyAuthOk, + resolvedAuth.mode, + ); if (device && devicePublicKey && !skipPairing) { const formatAuditList = (items: string[] | undefined): string => { if (!items || items.length === 0) { From c4265a5f166f99b19b6bccaf445463640411c4f2 Mon Sep 17 00:00:00 2001 From: Ayaan Zaidi Date: Sun, 15 Mar 2026 18:10:49 +0530 Subject: [PATCH 04/34] fix: preserve Telegram word boundaries when rechunking HTML (#47274) * fix: preserve Telegram chunk word boundaries * fix: address Telegram chunking review feedback * fix: preserve Telegram retry separators * fix: preserve Telegram chunking boundaries (#47274) --- CHANGELOG.md | 1 + extensions/telegram/src/format.ts | 218 +++++++++++++++++- .../telegram/src/format.wrap-md.test.ts | 29 +++ 3 files changed, 242 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd2212d5174..1ffe236664c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,6 +44,7 @@ Docs: https://docs.openclaw.ai - Email/webhook wrapping: sanitize sender and subject metadata before external-content wrapping so metadata fields cannot break the wrapper structure. Thanks @vincentkoc. - Node/startup: remove leftover debug `console.log("node host PATH: ...")` that printed the resolved PATH on every `openclaw node run` invocation. (#46411) - Telegram/message send: forward `--force-document` through the `sendPayload` path as well as `sendMedia`, so Telegram payload sends with `channelData` keep uploading images as documents instead of silently falling back to compressed photo sends. (#47119) Thanks @thepagent. +- Telegram/message chunking: preserve spaces, paragraph separators, and word boundaries when HTML overflow rechunking splits formatted replies. (#47274) ## 2026.3.13 diff --git a/extensions/telegram/src/format.ts b/extensions/telegram/src/format.ts index 1ccd8f8299b..0c1bec2a62a 100644 --- a/extensions/telegram/src/format.ts +++ b/extensions/telegram/src/format.ts @@ -512,6 +512,146 @@ function sliceLinkSpans( }); } +function sliceMarkdownIR(ir: MarkdownIR, start: number, end: number): MarkdownIR { + return { + text: ir.text.slice(start, end), + styles: sliceStyleSpans(ir.styles, start, end), + links: sliceLinkSpans(ir.links, start, end), + }; +} + +function mergeAdjacentStyleSpans(styles: MarkdownIR["styles"]): MarkdownIR["styles"] { + const merged: MarkdownIR["styles"] = []; + for (const span of styles) { + const last = merged.at(-1); + if (last && last.style === span.style && span.start <= last.end) { + last.end = Math.max(last.end, span.end); + continue; + } + merged.push({ ...span }); + } + return merged; +} + +function mergeAdjacentLinkSpans(links: MarkdownIR["links"]): MarkdownIR["links"] { + const merged: MarkdownIR["links"] = []; + for (const link of links) { + const last = merged.at(-1); + if (last && last.href === link.href && link.start <= last.end) { + last.end = Math.max(last.end, link.end); + continue; + } + merged.push({ ...link }); + } + return merged; +} + +function mergeMarkdownIRChunks(left: MarkdownIR, right: MarkdownIR): MarkdownIR { + const offset = left.text.length; + return { + text: left.text + right.text, + styles: mergeAdjacentStyleSpans([ + ...left.styles, + ...right.styles.map((span) => ({ + ...span, + start: span.start + offset, + end: span.end + offset, + })), + ]), + links: mergeAdjacentLinkSpans([ + ...left.links, + ...right.links.map((link) => ({ + ...link, + start: link.start + offset, + end: link.end + offset, + })), + ]), + }; +} + +function renderTelegramChunkHtml(ir: MarkdownIR): string { + return wrapFileReferencesInHtml(renderTelegramHtml(ir)); +} + +function findMarkdownIRPreservedSplitIndex(text: string, start: number, limit: number): number { + const maxEnd = Math.min(text.length, start + limit); + if (maxEnd >= text.length) { + return text.length; + } + + let lastOutsideParenNewlineBreak = -1; + let lastOutsideParenWhitespaceBreak = -1; + let lastOutsideParenWhitespaceRunStart = -1; + let lastAnyNewlineBreak = -1; + let lastAnyWhitespaceBreak = -1; + let lastAnyWhitespaceRunStart = -1; + let parenDepth = 0; + let sawNonWhitespace = false; + + for (let index = start; index < maxEnd; index += 1) { + const char = text[index]; + if (char === "(") { + sawNonWhitespace = true; + parenDepth += 1; + continue; + } + if (char === ")" && parenDepth > 0) { + sawNonWhitespace = true; + parenDepth -= 1; + continue; + } + if (!/\s/.test(char)) { + sawNonWhitespace = true; + continue; + } + if (!sawNonWhitespace) { + continue; + } + if (char === "\n") { + lastAnyNewlineBreak = index + 1; + if (parenDepth === 0) { + lastOutsideParenNewlineBreak = index + 1; + } + continue; + } + const whitespaceRunStart = + index === start || !/\s/.test(text[index - 1] ?? "") ? index : lastAnyWhitespaceRunStart; + lastAnyWhitespaceBreak = index + 1; + lastAnyWhitespaceRunStart = whitespaceRunStart; + if (parenDepth === 0) { + lastOutsideParenWhitespaceBreak = index + 1; + lastOutsideParenWhitespaceRunStart = whitespaceRunStart; + } + } + + const resolveWhitespaceBreak = (breakIndex: number, runStart: number): number => { + if (breakIndex <= start) { + return breakIndex; + } + if (runStart <= start) { + return breakIndex; + } + return /\s/.test(text[breakIndex] ?? "") ? runStart : breakIndex; + }; + + if (lastOutsideParenNewlineBreak > start) { + return lastOutsideParenNewlineBreak; + } + if (lastOutsideParenWhitespaceBreak > start) { + return resolveWhitespaceBreak( + lastOutsideParenWhitespaceBreak, + lastOutsideParenWhitespaceRunStart, + ); + } + if (lastAnyNewlineBreak > start) { + return lastAnyNewlineBreak; + } + if (lastAnyWhitespaceBreak > start) { + return resolveWhitespaceBreak(lastAnyWhitespaceBreak, lastAnyWhitespaceRunStart); + } + return maxEnd; +} + function splitMarkdownIRPreserveWhitespace(ir: MarkdownIR, limit: number): MarkdownIR[] { if (!ir.text) { return []; @@ -523,7 +663,7 @@ function splitMarkdownIRPreserveWhitespace(ir: MarkdownIR, limit: number): Markd const chunks: MarkdownIR[] = []; let cursor = 0; while (cursor < ir.text.length) { - const end = Math.min(ir.text.length, cursor + normalizedLimit); + const end = findMarkdownIRPreservedSplitIndex(ir.text, cursor, normalizedLimit); chunks.push({ text: ir.text.slice(cursor, end), styles: sliceStyleSpans(ir.styles, cursor, end), @@ -534,32 +674,98 @@ function splitMarkdownIRPreserveWhitespace(ir: MarkdownIR, limit: number): Markd return chunks; } +function coalesceWhitespaceOnlyMarkdownIRChunks(chunks: MarkdownIR[], limit: number): MarkdownIR[] { + const coalesced: MarkdownIR[] = []; + let index = 0; + + while (index < chunks.length) { + const chunk = chunks[index]; + if (!chunk) { + index += 1; + continue; + } + if (chunk.text.trim().length > 0) { + coalesced.push(chunk); + index += 1; + continue; + } + + const prev = coalesced.at(-1); + const next = chunks[index + 1]; + const chunkLength = chunk.text.length; + + const canMergePrev = (candidate: MarkdownIR) => + renderTelegramChunkHtml(candidate).length <= limit; + const canMergeNext = (candidate: MarkdownIR) => + renderTelegramChunkHtml(candidate).length <= limit; + + if (prev) { + const mergedPrev = mergeMarkdownIRChunks(prev, chunk); + if (canMergePrev(mergedPrev)) { + coalesced[coalesced.length - 1] = mergedPrev; + index += 1; + continue; + } + } + + if (next) { + const mergedNext = mergeMarkdownIRChunks(chunk, next); + if (canMergeNext(mergedNext)) { + chunks[index + 1] = mergedNext; + index += 1; + continue; + } + } + + if (prev && next) { + for (let prefixLength = chunkLength - 1; prefixLength >= 1; prefixLength -= 1) { + const prefix = sliceMarkdownIR(chunk, 0, prefixLength); + const suffix = sliceMarkdownIR(chunk, prefixLength, chunkLength); + const mergedPrev = mergeMarkdownIRChunks(prev, prefix); + const mergedNext = mergeMarkdownIRChunks(suffix, next); + if (canMergePrev(mergedPrev) && canMergeNext(mergedNext)) { + coalesced[coalesced.length - 1] = mergedPrev; + chunks[index + 1] = mergedNext; + break; + } + } + } + + index += 1; + } + + return coalesced; +} + function renderTelegramChunksWithinHtmlLimit( ir: MarkdownIR, limit: number, ): TelegramFormattedChunk[] { const normalizedLimit = Math.max(1, Math.floor(limit)); const pending = chunkMarkdownIR(ir, normalizedLimit); - const rendered: TelegramFormattedChunk[] = []; + const finalized: MarkdownIR[] = []; while (pending.length > 0) { const chunk = pending.shift(); if (!chunk) { continue; } - const html = wrapFileReferencesInHtml(renderTelegramHtml(chunk)); + const html = renderTelegramChunkHtml(chunk); if (html.length <= normalizedLimit || chunk.text.length <= 1) { - rendered.push({ html, text: chunk.text }); + finalized.push(chunk); continue; } const split = splitTelegramChunkByHtmlLimit(chunk, normalizedLimit, html.length); if (split.length <= 1) { // Worst-case safety: avoid retry loops, deliver the chunk as-is. - rendered.push({ html, text: chunk.text }); + finalized.push(chunk); continue; } pending.unshift(...split); } - return rendered; + return coalesceWhitespaceOnlyMarkdownIRChunks(finalized, normalizedLimit).map((chunk) => ({ + html: renderTelegramChunkHtml(chunk), + text: chunk.text, + })); } export function markdownToTelegramChunks( diff --git a/extensions/telegram/src/format.wrap-md.test.ts b/extensions/telegram/src/format.wrap-md.test.ts index 9921b669973..de3cab42056 100644 --- a/extensions/telegram/src/format.wrap-md.test.ts +++ b/extensions/telegram/src/format.wrap-md.test.ts @@ -174,6 +174,35 @@ describe("markdownToTelegramChunks - file reference wrapping", () => { expect(chunks.map((chunk) => chunk.text).join("")).toBe(input); expect(chunks.every((chunk) => chunk.html.length <= 5)).toBe(true); }); + + it("prefers word boundaries when html-limit retry splits formatted prose", () => { + const input = "**Which of these**"; + const chunks = markdownToTelegramChunks(input, 16); + expect(chunks.map((chunk) => chunk.text)).toEqual(["Which of ", "these"]); + expect(chunks.every((chunk) => chunk.html.length <= 16)).toBe(true); + }); + + it("falls back to in-paren word boundaries when the parenthesis is unbalanced", () => { + const input = "**foo (bar baz qux quux**"; + const chunks = markdownToTelegramChunks(input, 20); + expect(chunks.map((chunk) => chunk.text)).toEqual(["foo", "(bar baz qux ", "quux"]); + expect(chunks.every((chunk) => chunk.html.length <= 20)).toBe(true); + }); + + it("does not emit whitespace-only chunks during html-limit retry splitting", () => { + const input = "**ab <<**"; + const chunks = markdownToTelegramChunks(input, 11); + expect(chunks.map((chunk) => chunk.text).join("")).toBe("ab <<"); + expect(chunks.every((chunk) => chunk.text.trim().length > 0)).toBe(true); + expect(chunks.every((chunk) => chunk.html.length <= 11)).toBe(true); + }); + + it("preserves paragraph separators when retry chunking produces whitespace-only spans", () => { + const input = "ab\n\n<<"; + const chunks = markdownToTelegramChunks(input, 6); + expect(chunks.map((chunk) => chunk.text).join("")).toBe(input); + expect(chunks.every((chunk) => chunk.html.length <= 6)).toBe(true); + }); }); describe("edge cases", () => { From b2e9221a8c8189b3c9acc020ff8e9b811dbd587e Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sun, 15 Mar 2026 07:57:26 -0700 Subject: [PATCH 05/34] test(whatsapp): fix stale append inbox expectation --- ...r-inbox.allows-messages-from-senders-allowfrom-list.test.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/extensions/whatsapp/src/monitor-inbox.allows-messages-from-senders-allowfrom-list.test.ts b/extensions/whatsapp/src/monitor-inbox.allows-messages-from-senders-allowfrom-list.test.ts index 545a010ed50..101357a9de6 100644 --- a/extensions/whatsapp/src/monitor-inbox.allows-messages-from-senders-allowfrom-list.test.ts +++ b/extensions/whatsapp/src/monitor-inbox.allows-messages-from-senders-allowfrom-list.test.ts @@ -254,6 +254,7 @@ describe("web monitor inbox", () => { it("handles append messages by marking them read but skipping auto-reply", async () => { const { onMessage, listener, sock } = await openInboxMonitor(); + const staleTs = Math.floor(Date.now() / 1000) - 300; const upsert = { type: "append", @@ -265,7 +266,7 @@ describe("web monitor inbox", () => { remoteJid: "999@s.whatsapp.net", }, message: { conversation: "old message" }, - messageTimestamp: nowSeconds(), + messageTimestamp: staleTs, pushName: "History Sender", }, ], From 53462b990d95a34236cd42726e5b73ae6722d849 Mon Sep 17 00:00:00 2001 From: Harold Hunt Date: Sun, 15 Mar 2026 11:14:28 -0400 Subject: [PATCH 06/34] chore(gateway): ignore `.test.ts` changes in `gateway:watch` (#36211) --- scripts/watch-node.d.mts | 12 +++ scripts/watch-node.mjs | 143 ++++++++++++++++++++++++----------- src/infra/watch-node.test.ts | 117 ++++++++++++++++++++++++---- 3 files changed, 211 insertions(+), 61 deletions(-) diff --git a/scripts/watch-node.d.mts b/scripts/watch-node.d.mts index d0e9dd93751..362670826a6 100644 --- a/scripts/watch-node.d.mts +++ b/scripts/watch-node.d.mts @@ -4,8 +4,20 @@ export function runWatchMain(params?: { args: string[], options: unknown, ) => { + kill?: (signal?: NodeJS.Signals | number) => void; on: (event: "exit", cb: (code: number | null, signal: string | null) => void) => void; }; + createWatcher?: ( + paths: string[], + options: { + ignoreInitial: boolean; + ignored: (watchPath: string) => boolean; + }, + ) => { + on: (event: "add" | "change" | "unlink" | "error", cb: (arg?: unknown) => void) => void; + close?: () => Promise | void; + }; + watchPaths?: string[]; process?: NodeJS.Process; cwd?: string; args?: string[]; diff --git a/scripts/watch-node.mjs b/scripts/watch-node.mjs index e554796f03b..891e07439a1 100644 --- a/scripts/watch-node.mjs +++ b/scripts/watch-node.mjs @@ -2,16 +2,24 @@ import { spawn } from "node:child_process"; import process from "node:process"; import { pathToFileURL } from "node:url"; +import chokidar from "chokidar"; import { runNodeWatchedPaths } from "./run-node.mjs"; const WATCH_NODE_RUNNER = "scripts/run-node.mjs"; +const WATCH_RESTART_SIGNAL = "SIGTERM"; -const buildWatchArgs = (args) => [ - ...runNodeWatchedPaths.flatMap((watchPath) => ["--watch-path", watchPath]), - "--watch-preserve-output", - WATCH_NODE_RUNNER, - ...args, -]; +const buildRunnerArgs = (args) => [WATCH_NODE_RUNNER, ...args]; + +const normalizePath = (filePath) => String(filePath ?? "").replaceAll("\\", "/"); + +const isIgnoredWatchPath = (filePath) => { + const normalizedPath = normalizePath(filePath); + return ( + normalizedPath.endsWith(".test.ts") || + normalizedPath.endsWith(".test.tsx") || + normalizedPath.endsWith("test-helpers.ts") + ); +}; export async function runWatchMain(params = {}) { const deps = { @@ -21,6 +29,9 @@ export async function runWatchMain(params = {}) { args: params.args ?? process.argv.slice(2), env: params.env ? { ...params.env } : { ...process.env }, now: params.now ?? Date.now, + createWatcher: + params.createWatcher ?? ((watchPaths, options) => chokidar.watch(watchPaths, options)), + watchPaths: params.watchPaths ?? runNodeWatchedPaths, }; const childEnv = { ...deps.env }; @@ -31,54 +42,96 @@ export async function runWatchMain(params = {}) { childEnv.OPENCLAW_WATCH_COMMAND = deps.args.join(" "); } - const watchProcess = deps.spawn(deps.process.execPath, buildWatchArgs(deps.args), { - cwd: deps.cwd, - env: childEnv, - stdio: "inherit", - }); - - let settled = false; - let onSigInt; - let onSigTerm; - - const settle = (resolve, code) => { - if (settled) { - return; - } - settled = true; - if (onSigInt) { - deps.process.off("SIGINT", onSigInt); - } - if (onSigTerm) { - deps.process.off("SIGTERM", onSigTerm); - } - resolve(code); - }; - return await new Promise((resolve) => { - onSigInt = () => { - if (typeof watchProcess.kill === "function") { - watchProcess.kill("SIGTERM"); + let settled = false; + let shuttingDown = false; + let restartRequested = false; + let watchProcess = null; + let onSigInt; + let onSigTerm; + + const watcher = deps.createWatcher(deps.watchPaths, { + ignoreInitial: true, + ignored: (watchPath) => isIgnoredWatchPath(watchPath), + }); + + const settle = (code) => { + if (settled) { + return; } - settle(resolve, 130); + settled = true; + if (onSigInt) { + deps.process.off("SIGINT", onSigInt); + } + if (onSigTerm) { + deps.process.off("SIGTERM", onSigTerm); + } + watcher.close?.().catch?.(() => {}); + resolve(code); + }; + + const startRunner = () => { + watchProcess = deps.spawn(deps.process.execPath, buildRunnerArgs(deps.args), { + cwd: deps.cwd, + env: childEnv, + stdio: "inherit", + }); + watchProcess.on("exit", () => { + watchProcess = null; + if (shuttingDown) { + return; + } + if (restartRequested) { + restartRequested = false; + startRunner(); + } + }); + }; + + const requestRestart = (changedPath) => { + if (shuttingDown || isIgnoredWatchPath(changedPath)) { + return; + } + if (!watchProcess) { + startRunner(); + return; + } + restartRequested = true; + if (typeof watchProcess.kill === "function") { + watchProcess.kill(WATCH_RESTART_SIGNAL); + } + }; + + watcher.on("add", requestRestart); + watcher.on("change", requestRestart); + watcher.on("unlink", requestRestart); + watcher.on("error", () => { + shuttingDown = true; + if (watchProcess && typeof watchProcess.kill === "function") { + watchProcess.kill(WATCH_RESTART_SIGNAL); + } + settle(1); + }); + + startRunner(); + + onSigInt = () => { + shuttingDown = true; + if (watchProcess && typeof watchProcess.kill === "function") { + watchProcess.kill(WATCH_RESTART_SIGNAL); + } + settle(130); }; onSigTerm = () => { - if (typeof watchProcess.kill === "function") { - watchProcess.kill("SIGTERM"); + shuttingDown = true; + if (watchProcess && typeof watchProcess.kill === "function") { + watchProcess.kill(WATCH_RESTART_SIGNAL); } - settle(resolve, 143); + settle(143); }; deps.process.on("SIGINT", onSigInt); deps.process.on("SIGTERM", onSigTerm); - - watchProcess.on("exit", (code, signal) => { - if (signal) { - settle(resolve, 1); - return; - } - settle(resolve, code ?? 1); - }); }); } diff --git a/src/infra/watch-node.test.ts b/src/infra/watch-node.test.ts index 69adbab7fc4..89ec4b79ef2 100644 --- a/src/infra/watch-node.test.ts +++ b/src/infra/watch-node.test.ts @@ -11,40 +11,50 @@ const createFakeProcess = () => const createWatchHarness = () => { const child = Object.assign(new EventEmitter(), { - kill: vi.fn(), + kill: vi.fn(() => {}), }); const spawn = vi.fn(() => child); + const watcher = Object.assign(new EventEmitter(), { + close: vi.fn(async () => {}), + }); + const createWatcher = vi.fn(() => watcher); const fakeProcess = createFakeProcess(); - return { child, spawn, fakeProcess }; + return { child, spawn, watcher, createWatcher, fakeProcess }; }; describe("watch-node script", () => { - it("wires node watch to run-node with watched source/config paths", async () => { - const { child, spawn, fakeProcess } = createWatchHarness(); + it("wires chokidar watch to run-node with watched source/config paths", async () => { + const { child, spawn, watcher, createWatcher, fakeProcess } = createWatchHarness(); const runPromise = runWatchMain({ args: ["gateway", "--force"], cwd: "/tmp/openclaw", + createWatcher, env: { PATH: "/usr/bin" }, now: () => 1700000000000, process: fakeProcess, spawn, }); - queueMicrotask(() => child.emit("exit", 0, null)); - const exitCode = await runPromise; + expect(createWatcher).toHaveBeenCalledTimes(1); + const firstWatcherCall = createWatcher.mock.calls[0]; + expect(firstWatcherCall).toBeDefined(); + const [watchPaths, watchOptions] = firstWatcherCall as unknown as [ + string[], + { ignoreInitial: boolean; ignored: (watchPath: string) => boolean }, + ]; + expect(watchPaths).toEqual(runNodeWatchedPaths); + expect(watchOptions.ignoreInitial).toBe(true); + expect(watchOptions.ignored("src/infra/watch-node.test.ts")).toBe(true); + expect(watchOptions.ignored("src/infra/watch-node.test.tsx")).toBe(true); + expect(watchOptions.ignored("src/infra/watch-node-test-helpers.ts")).toBe(true); + expect(watchOptions.ignored("src/infra/watch-node.ts")).toBe(false); + expect(watchOptions.ignored("tsconfig.json")).toBe(false); - expect(exitCode).toBe(0); expect(spawn).toHaveBeenCalledTimes(1); expect(spawn).toHaveBeenCalledWith( "/usr/local/bin/node", - [ - ...runNodeWatchedPaths.flatMap((watchPath) => ["--watch-path", watchPath]), - "--watch-preserve-output", - "scripts/run-node.mjs", - "gateway", - "--force", - ], + ["scripts/run-node.mjs", "gateway", "--force"], expect.objectContaining({ cwd: "/tmp/openclaw", stdio: "inherit", @@ -56,13 +66,19 @@ describe("watch-node script", () => { }), }), ); + fakeProcess.emit("SIGINT"); + const exitCode = await runPromise; + expect(exitCode).toBe(130); + expect(child.kill).toHaveBeenCalledWith("SIGTERM"); + expect(watcher.close).toHaveBeenCalledTimes(1); }); it("terminates child on SIGINT and returns shell interrupt code", async () => { - const { child, spawn, fakeProcess } = createWatchHarness(); + const { child, spawn, watcher, createWatcher, fakeProcess } = createWatchHarness(); const runPromise = runWatchMain({ args: ["gateway", "--force"], + createWatcher, process: fakeProcess, spawn, }); @@ -72,15 +88,17 @@ describe("watch-node script", () => { expect(exitCode).toBe(130); expect(child.kill).toHaveBeenCalledWith("SIGTERM"); + expect(watcher.close).toHaveBeenCalledTimes(1); expect(fakeProcess.listenerCount("SIGINT")).toBe(0); expect(fakeProcess.listenerCount("SIGTERM")).toBe(0); }); it("terminates child on SIGTERM and returns shell terminate code", async () => { - const { child, spawn, fakeProcess } = createWatchHarness(); + const { child, spawn, watcher, createWatcher, fakeProcess } = createWatchHarness(); const runPromise = runWatchMain({ args: ["gateway", "--force"], + createWatcher, process: fakeProcess, spawn, }); @@ -90,7 +108,74 @@ describe("watch-node script", () => { expect(exitCode).toBe(143); expect(child.kill).toHaveBeenCalledWith("SIGTERM"); + expect(watcher.close).toHaveBeenCalledTimes(1); expect(fakeProcess.listenerCount("SIGINT")).toBe(0); expect(fakeProcess.listenerCount("SIGTERM")).toBe(0); }); + + it("ignores test-only changes and restarts on non-test source changes", async () => { + const childA = Object.assign(new EventEmitter(), { + kill: vi.fn(function () { + queueMicrotask(() => childA.emit("exit", 0, null)); + }), + }); + const childB = Object.assign(new EventEmitter(), { + kill: vi.fn(() => {}), + }); + const spawn = vi.fn().mockReturnValueOnce(childA).mockReturnValueOnce(childB); + const watcher = Object.assign(new EventEmitter(), { + close: vi.fn(async () => {}), + }); + const createWatcher = vi.fn(() => watcher); + const fakeProcess = createFakeProcess(); + + const runPromise = runWatchMain({ + args: ["gateway", "--force"], + createWatcher, + process: fakeProcess, + spawn, + }); + + watcher.emit("change", "src/infra/watch-node.test.ts"); + await new Promise((resolve) => setImmediate(resolve)); + expect(spawn).toHaveBeenCalledTimes(1); + expect(childA.kill).not.toHaveBeenCalled(); + + watcher.emit("change", "src/infra/watch-node.test.tsx"); + await new Promise((resolve) => setImmediate(resolve)); + expect(spawn).toHaveBeenCalledTimes(1); + expect(childA.kill).not.toHaveBeenCalled(); + + watcher.emit("change", "src/infra/watch-node-test-helpers.ts"); + await new Promise((resolve) => setImmediate(resolve)); + expect(spawn).toHaveBeenCalledTimes(1); + expect(childA.kill).not.toHaveBeenCalled(); + + watcher.emit("change", "src/infra/watch-node.ts"); + await new Promise((resolve) => setImmediate(resolve)); + expect(childA.kill).toHaveBeenCalledWith("SIGTERM"); + expect(spawn).toHaveBeenCalledTimes(2); + + fakeProcess.emit("SIGINT"); + const exitCode = await runPromise; + expect(exitCode).toBe(130); + }); + + it("kills child and exits when watcher emits an error", async () => { + const { child, spawn, watcher, createWatcher, fakeProcess } = createWatchHarness(); + + const runPromise = runWatchMain({ + args: ["gateway", "--force"], + createWatcher, + process: fakeProcess, + spawn, + }); + + watcher.emit("error", new Error("watch failed")); + const exitCode = await runPromise; + + expect(exitCode).toBe(1); + expect(child.kill).toHaveBeenCalledWith("SIGTERM"); + expect(watcher.close).toHaveBeenCalledTimes(1); + }); }); From a472f988d89b2f9cd3fcacfdce8db794b2eac145 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sun, 15 Mar 2026 08:22:48 -0700 Subject: [PATCH 07/34] fix: harden remote cdp probes --- CHANGELOG.md | 1 + docs/gateway/configuration-reference.md | 1 + docs/tools/browser.md | 1 + src/browser/cdp.helpers.ts | 36 ++++++++++++++++++++ src/browser/chrome.test.ts | 18 ++++++++++ src/browser/chrome.ts | 34 ++++++++++++++----- src/browser/server-context.availability.ts | 9 +++-- src/browser/server-context.ts | 6 +++- src/cli/browser-cli-manage.test.ts | 38 ++++++++++++++++++++++ src/cli/browser-cli-manage.ts | 3 +- src/node-host/invoke-browser.test.ts | 30 +++++++++++++++++ src/node-host/invoke-browser.ts | 3 +- src/security/audit.test.ts | 26 +++++++++++++++ src/security/audit.ts | 20 +++++++++++- 14 files changed, 212 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ffe236664c..4b50a557d97 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ Docs: https://docs.openclaw.ai - Models/OpenRouter runtime capabilities: fetch uncatalogued OpenRouter model metadata on first use so newly added vision models keep image input instead of silently degrading to text-only, with top-level capability field fallbacks for `/api/v1/models`. (#45824) Thanks @DJjjjhao. - Z.AI/onboarding: add `glm-5-turbo` to the default Z.AI provider catalog so onboarding-generated configs expose the new model alongside the existing GLM defaults. (#46670) Thanks @tomsun28. - Zalo Personal/group gating: stop reapplying `dmPolicy.allowFrom` as a sender gate for already-allowlisted groups when `groupAllowFrom` is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#40146) +- Browser/remote CDP: honor strict browser SSRF policy during remote CDP reachability and `/json/version` discovery checks, redact sensitive `cdpUrl` tokens from status output, and warn when remote CDP targets private/internal hosts. - Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`. - macOS/canvas actions: keep unattended local agent actions on trusted in-app canvas surfaces only, and stop exposing the deep-link fallback key to arbitrary page scripts. Thanks @vincentkoc. - Agents/compaction: extend the enclosing run deadline once while compaction is actively in flight, and abort the underlying SDK compaction on timeout/cancel so large-session compactions stop freezing mid-run. (#46889) Thanks @asyncjason. diff --git a/docs/gateway/configuration-reference.md b/docs/gateway/configuration-reference.md index badfe4ee891..7bb7fb5824f 100644 --- a/docs/gateway/configuration-reference.md +++ b/docs/gateway/configuration-reference.md @@ -2370,6 +2370,7 @@ See [Plugins](/tools/plugin). - `evaluateEnabled: false` disables `act:evaluate` and `wait --fn`. - `ssrfPolicy.dangerouslyAllowPrivateNetwork` defaults to `true` when unset (trusted-network model). - Set `ssrfPolicy.dangerouslyAllowPrivateNetwork: false` for strict public-only browser navigation. +- In strict mode, remote CDP profile endpoints (`profiles.*.cdpUrl`) are subject to the same private-network blocking during reachability/discovery checks. - `ssrfPolicy.allowPrivateNetwork` remains supported as a legacy alias. - In strict mode, use `ssrfPolicy.hostnameAllowlist` and `ssrfPolicy.allowedHostnames` for explicit exceptions. - Remote profiles are attach-only (start/stop/reset disabled). diff --git a/docs/tools/browser.md b/docs/tools/browser.md index ebe352036c5..c760c23998c 100644 --- a/docs/tools/browser.md +++ b/docs/tools/browser.md @@ -114,6 +114,7 @@ Notes: - `remoteCdpTimeoutMs` applies to remote (non-loopback) CDP reachability checks. - `remoteCdpHandshakeTimeoutMs` applies to remote CDP WebSocket reachability checks. - Browser navigation/open-tab is SSRF-guarded before navigation and best-effort re-checked on final `http(s)` URL after navigation. +- In strict SSRF mode, remote CDP endpoint discovery/probes (`cdpUrl`, including `/json/version` lookups) are checked too. - `browser.ssrfPolicy.dangerouslyAllowPrivateNetwork` defaults to `true` (trusted-network model). Set it to `false` for strict public-only browsing. - `browser.ssrfPolicy.allowPrivateNetwork` remains supported as a legacy alias for compatibility. - `attachOnly: true` means “never launch a local browser; only attach if it is already running.” diff --git a/src/browser/cdp.helpers.ts b/src/browser/cdp.helpers.ts index 44f689e8706..399f0582d88 100644 --- a/src/browser/cdp.helpers.ts +++ b/src/browser/cdp.helpers.ts @@ -1,6 +1,8 @@ import WebSocket from "ws"; import { isLoopbackHost } from "../gateway/net.js"; +import { type SsrFPolicy, resolvePinnedHostnameWithPolicy } from "../infra/net/ssrf.js"; import { rawDataToString } from "../infra/ws.js"; +import { redactSensitiveText } from "../logging/redact.js"; import { getDirectAgentForCdp, withNoProxyForCdpUrl } from "./cdp-proxy-bypass.js"; import { CDP_HTTP_REQUEST_TIMEOUT_MS, CDP_WS_HANDSHAKE_TIMEOUT_MS } from "./cdp-timeouts.js"; import { resolveBrowserRateLimitMessage } from "./client-fetch.js"; @@ -22,6 +24,40 @@ export function isWebSocketUrl(url: string): boolean { } } +export async function assertCdpEndpointAllowed( + cdpUrl: string, + ssrfPolicy?: SsrFPolicy, +): Promise { + if (!ssrfPolicy) { + return; + } + const parsed = new URL(cdpUrl); + if (!["http:", "https:", "ws:", "wss:"].includes(parsed.protocol)) { + throw new Error(`Invalid CDP URL protocol: ${parsed.protocol.replace(":", "")}`); + } + await resolvePinnedHostnameWithPolicy(parsed.hostname, { + policy: ssrfPolicy, + }); +} + +export function redactCdpUrl(cdpUrl: string | null | undefined): string | null | undefined { + if (typeof cdpUrl !== "string") { + return cdpUrl; + } + const trimmed = cdpUrl.trim(); + if (!trimmed) { + return trimmed; + } + try { + const parsed = new URL(trimmed); + parsed.username = ""; + parsed.password = ""; + return redactSensitiveText(parsed.toString().replace(/\/$/, "")); + } catch { + return redactSensitiveText(trimmed); + } +} + type CdpResponse = { id: number; result?: unknown; diff --git a/src/browser/chrome.test.ts b/src/browser/chrome.test.ts index dcbd32fd13c..ee4cb8541c3 100644 --- a/src/browser/chrome.test.ts +++ b/src/browser/chrome.test.ts @@ -302,6 +302,24 @@ describe("browser chrome helpers", () => { await expect(isChromeReachable("http://127.0.0.1:12345", 50)).resolves.toBe(false); }); + it("blocks private CDP probes when strict SSRF policy is enabled", async () => { + const fetchSpy = vi.fn().mockRejectedValue(new Error("should not be called")); + vi.stubGlobal("fetch", fetchSpy); + + await expect( + isChromeReachable("http://127.0.0.1:12345", 50, { + dangerouslyAllowPrivateNetwork: false, + }), + ).resolves.toBe(false); + await expect( + isChromeReachable("ws://127.0.0.1:19999", 50, { + dangerouslyAllowPrivateNetwork: false, + }), + ).resolves.toBe(false); + + expect(fetchSpy).not.toHaveBeenCalled(); + }); + it("reports cdpReady only when Browser.getVersion command succeeds", async () => { await withMockChromeCdpServer({ wsPath: "/devtools/browser/health", diff --git a/src/browser/chrome.ts b/src/browser/chrome.ts index 8e48024d7ad..1cb94cf39fb 100644 --- a/src/browser/chrome.ts +++ b/src/browser/chrome.ts @@ -2,6 +2,7 @@ import { type ChildProcessWithoutNullStreams, spawn } from "node:child_process"; import fs from "node:fs"; import os from "node:os"; import path from "node:path"; +import type { SsrFPolicy } from "../infra/net/ssrf.js"; import { ensurePortAvailable } from "../infra/ports.js"; import { rawDataToString } from "../infra/ws.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; @@ -17,7 +18,13 @@ import { CHROME_STOP_TIMEOUT_MS, CHROME_WS_READY_TIMEOUT_MS, } from "./cdp-timeouts.js"; -import { appendCdpPath, fetchCdpChecked, isWebSocketUrl, openCdpWebSocket } from "./cdp.helpers.js"; +import { + appendCdpPath, + assertCdpEndpointAllowed, + fetchCdpChecked, + isWebSocketUrl, + openCdpWebSocket, +} from "./cdp.helpers.js"; import { normalizeCdpWsUrl } from "./cdp.js"; import { type BrowserExecutable, @@ -96,13 +103,19 @@ async function canOpenWebSocket(url: string, timeoutMs: number): Promise { - if (isWebSocketUrl(cdpUrl)) { - // Direct WebSocket endpoint — probe via WS handshake. - return await canOpenWebSocket(cdpUrl, timeoutMs); + try { + await assertCdpEndpointAllowed(cdpUrl, ssrfPolicy); + if (isWebSocketUrl(cdpUrl)) { + // Direct WebSocket endpoint — probe via WS handshake. + return await canOpenWebSocket(cdpUrl, timeoutMs); + } + const version = await fetchChromeVersion(cdpUrl, timeoutMs, ssrfPolicy); + return Boolean(version); + } catch { + return false; } - const version = await fetchChromeVersion(cdpUrl, timeoutMs); - return Boolean(version); } type ChromeVersion = { @@ -114,10 +127,12 @@ type ChromeVersion = { async function fetchChromeVersion( cdpUrl: string, timeoutMs = CHROME_REACHABILITY_TIMEOUT_MS, + ssrfPolicy?: SsrFPolicy, ): Promise { const ctrl = new AbortController(); const t = setTimeout(ctrl.abort.bind(ctrl), timeoutMs); try { + await assertCdpEndpointAllowed(cdpUrl, ssrfPolicy); const versionUrl = appendCdpPath(cdpUrl, "/json/version"); const res = await fetchCdpChecked(versionUrl, timeoutMs, { signal: ctrl.signal }); const data = (await res.json()) as ChromeVersion; @@ -135,12 +150,14 @@ async function fetchChromeVersion( export async function getChromeWebSocketUrl( cdpUrl: string, timeoutMs = CHROME_REACHABILITY_TIMEOUT_MS, + ssrfPolicy?: SsrFPolicy, ): Promise { + await assertCdpEndpointAllowed(cdpUrl, ssrfPolicy); if (isWebSocketUrl(cdpUrl)) { // Direct WebSocket endpoint — the cdpUrl is already the WebSocket URL. return cdpUrl; } - const version = await fetchChromeVersion(cdpUrl, timeoutMs); + const version = await fetchChromeVersion(cdpUrl, timeoutMs, ssrfPolicy); const wsUrl = String(version?.webSocketDebuggerUrl ?? "").trim(); if (!wsUrl) { return null; @@ -227,8 +244,9 @@ export async function isChromeCdpReady( cdpUrl: string, timeoutMs = CHROME_REACHABILITY_TIMEOUT_MS, handshakeTimeoutMs = CHROME_WS_READY_TIMEOUT_MS, + ssrfPolicy?: SsrFPolicy, ): Promise { - const wsUrl = await getChromeWebSocketUrl(cdpUrl, timeoutMs); + const wsUrl = await getChromeWebSocketUrl(cdpUrl, timeoutMs, ssrfPolicy).catch(() => null); if (!wsUrl) { return false; } diff --git a/src/browser/server-context.availability.ts b/src/browser/server-context.availability.ts index 3b991bbbdfe..a0281d53d9f 100644 --- a/src/browser/server-context.availability.ts +++ b/src/browser/server-context.availability.ts @@ -71,7 +71,12 @@ export function createProfileAvailability({ return true; } const { httpTimeoutMs, wsTimeoutMs } = resolveTimeouts(timeoutMs); - return await isChromeCdpReady(profile.cdpUrl, httpTimeoutMs, wsTimeoutMs); + return await isChromeCdpReady( + profile.cdpUrl, + httpTimeoutMs, + wsTimeoutMs, + state().resolved.ssrfPolicy, + ); }; const isHttpReachable = async (timeoutMs?: number) => { @@ -79,7 +84,7 @@ export function createProfileAvailability({ return await isReachable(timeoutMs); } const { httpTimeoutMs } = resolveTimeouts(timeoutMs); - return await isChromeReachable(profile.cdpUrl, httpTimeoutMs); + return await isChromeReachable(profile.cdpUrl, httpTimeoutMs, state().resolved.ssrfPolicy); }; const attachRunning = (running: NonNullable) => { diff --git a/src/browser/server-context.ts b/src/browser/server-context.ts index 0ba29ad38cf..5b06a49964e 100644 --- a/src/browser/server-context.ts +++ b/src/browser/server-context.ts @@ -187,7 +187,11 @@ export function createBrowserRouteContext(opts: ContextOptions): BrowserRouteCon } else { // Check if something is listening on the port try { - const reachable = await isChromeReachable(profile.cdpUrl, 200); + const reachable = await isChromeReachable( + profile.cdpUrl, + 200, + current.resolved.ssrfPolicy, + ); if (reachable) { running = true; const tabs = await profileCtx.listTabs().catch(() => []); diff --git a/src/cli/browser-cli-manage.test.ts b/src/cli/browser-cli-manage.test.ts index e1d01132be3..deeb0d9e73a 100644 --- a/src/cli/browser-cli-manage.test.ts +++ b/src/cli/browser-cli-manage.test.ts @@ -148,4 +148,42 @@ describe("browser manage output", () => { expect(output).toContain("transport: chrome-mcp"); expect(output).not.toContain("port: 0"); }); + + it("redacts sensitive remote cdpUrl details in status output", async () => { + mocks.callBrowserRequest.mockImplementation(async (_opts: unknown, req: { path?: string }) => + req.path === "/" + ? { + enabled: true, + profile: "remote", + driver: "openclaw", + transport: "cdp", + running: true, + cdpReady: true, + cdpHttp: true, + pid: null, + cdpPort: 9222, + cdpUrl: + "https://alice:supersecretpasswordvalue1234@example.com/chrome?token=supersecrettokenvalue1234567890", + chosenBrowser: null, + userDataDir: null, + color: "#00AA00", + headless: false, + noSandbox: false, + executablePath: null, + attachOnly: true, + } + : {}, + ); + + const program = createProgram(); + await program.parseAsync(["browser", "--browser-profile", "remote", "status"], { + from: "user", + }); + + const output = mocks.runtimeLog.mock.calls.at(-1)?.[0] as string; + expect(output).toContain("cdpUrl: https://example.com/chrome?token=supers…7890"); + expect(output).not.toContain("alice"); + expect(output).not.toContain("supersecretpasswordvalue1234"); + expect(output).not.toContain("supersecrettokenvalue1234567890"); + }); }); diff --git a/src/cli/browser-cli-manage.ts b/src/cli/browser-cli-manage.ts index 5bac9b621bf..ddf207b28f0 100644 --- a/src/cli/browser-cli-manage.ts +++ b/src/cli/browser-cli-manage.ts @@ -1,4 +1,5 @@ import type { Command } from "commander"; +import { redactCdpUrl } from "../browser/cdp.helpers.js"; import type { BrowserTransport, BrowserCreateProfileResult, @@ -152,7 +153,7 @@ export function registerBrowserManageCommands( ...(!usesChromeMcpTransport(status) ? [ `cdpPort: ${status.cdpPort ?? "(unset)"}`, - `cdpUrl: ${status.cdpUrl ?? `http://127.0.0.1:${status.cdpPort}`}`, + `cdpUrl: ${redactCdpUrl(status.cdpUrl ?? `http://127.0.0.1:${status.cdpPort}`)}`, ] : []), `browser: ${status.chosenBrowser ?? "unknown"}`, diff --git a/src/node-host/invoke-browser.test.ts b/src/node-host/invoke-browser.test.ts index 4dc5b520d43..c1dd0d1df76 100644 --- a/src/node-host/invoke-browser.test.ts +++ b/src/node-host/invoke-browser.test.ts @@ -109,6 +109,36 @@ describe("runBrowserProxyCommand", () => { ); }); + it("redacts sensitive cdpUrl details in timeout diagnostics", async () => { + dispatcherMocks.dispatch + .mockImplementationOnce(async () => { + await new Promise(() => {}); + }) + .mockResolvedValueOnce({ + status: 200, + body: { + running: true, + cdpHttp: true, + cdpReady: false, + cdpUrl: + "https://alice:supersecretpasswordvalue1234@example.com/chrome?token=supersecrettokenvalue1234567890", + }, + }); + + await expect( + runBrowserProxyCommand( + JSON.stringify({ + method: "GET", + path: "/snapshot", + profile: "remote", + timeoutMs: 5, + }), + ), + ).rejects.toThrow( + /status\(running=true, cdpHttp=true, cdpReady=false, cdpUrl=https:\/\/example\.com\/chrome\?token=supers…7890\)/, + ); + }); + it("keeps non-timeout browser errors intact", async () => { dispatcherMocks.dispatch.mockResolvedValue({ status: 500, diff --git a/src/node-host/invoke-browser.ts b/src/node-host/invoke-browser.ts index fc16ccd5298..8a440dc905a 100644 --- a/src/node-host/invoke-browser.ts +++ b/src/node-host/invoke-browser.ts @@ -1,4 +1,5 @@ import fsPromises from "node:fs/promises"; +import { redactCdpUrl } from "../browser/cdp.helpers.js"; import { resolveBrowserConfig } from "../browser/config.js"; import { createBrowserControlContext, @@ -199,7 +200,7 @@ function formatBrowserProxyTimeoutMessage(params: { statusParts.push(`transport=${params.status.transport}`); } if (typeof params.status.cdpUrl === "string" && params.status.cdpUrl.trim()) { - statusParts.push(`cdpUrl=${params.status.cdpUrl}`); + statusParts.push(`cdpUrl=${redactCdpUrl(params.status.cdpUrl)}`); } parts.push(`status(${statusParts.join(", ")})`); } diff --git a/src/security/audit.test.ts b/src/security/audit.test.ts index e757c2970d6..84fcadf1f98 100644 --- a/src/security/audit.test.ts +++ b/src/security/audit.test.ts @@ -1378,6 +1378,32 @@ description: test skill expectFinding(res, "browser.remote_cdp_http", "warn"); }); + it("warns when remote CDP targets a private/internal host", async () => { + const cfg: OpenClawConfig = { + browser: { + profiles: { + remote: { + cdpUrl: + "http://169.254.169.254:9222/json/version?token=supersecrettokenvalue1234567890", + color: "#0066CC", + }, + }, + }, + }; + + const res = await audit(cfg); + + expectFinding(res, "browser.remote_cdp_private_host", "warn"); + expect(res.findings).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + checkId: "browser.remote_cdp_private_host", + detail: expect.stringContaining("token=supers…7890"), + }), + ]), + ); + }); + it("warns when control UI allows insecure auth", async () => { const cfg: OpenClawConfig = { gateway: { diff --git a/src/security/audit.ts b/src/security/audit.ts index 119aa6e5f00..113ec2bd067 100644 --- a/src/security/audit.ts +++ b/src/security/audit.ts @@ -2,6 +2,7 @@ import { isIP } from "node:net"; import path from "node:path"; import { resolveSandboxConfigForAgent } from "../agents/sandbox.js"; import { execDockerRaw } from "../agents/sandbox/docker.js"; +import { redactCdpUrl } from "../browser/cdp.helpers.js"; import { resolveBrowserConfig, resolveProfile } from "../browser/config.js"; import { resolveBrowserControlAuth } from "../browser/control-auth.js"; import { listChannelPlugins } from "../channels/plugins/index.js"; @@ -18,6 +19,7 @@ import { resolveMergedSafeBinProfileFixtures, } from "../infra/exec-safe-bin-runtime-policy.js"; import { normalizeTrustedSafeBinDirs } from "../infra/exec-safe-bin-trust.js"; +import { isBlockedHostnameOrIp, isPrivateNetworkAllowedByPolicy } from "../infra/net/ssrf.js"; import { collectChannelSecurityFindings } from "./audit-channel.js"; import { collectAttackSurfaceSummaryFindings, @@ -782,15 +784,31 @@ function collectBrowserControlFindings( } catch { continue; } + const redactedCdpUrl = redactCdpUrl(profile.cdpUrl) ?? profile.cdpUrl; if (url.protocol === "http:") { findings.push({ checkId: "browser.remote_cdp_http", severity: "warn", title: "Remote CDP uses HTTP", - detail: `browser profile "${name}" uses http CDP (${profile.cdpUrl}); this is OK only if it's tailnet-only or behind an encrypted tunnel.`, + detail: `browser profile "${name}" uses http CDP (${redactedCdpUrl}); this is OK only if it's tailnet-only or behind an encrypted tunnel.`, remediation: `Prefer HTTPS/TLS or a tailnet-only endpoint for remote CDP.`, }); } + if ( + isPrivateNetworkAllowedByPolicy(resolved.ssrfPolicy) && + isBlockedHostnameOrIp(url.hostname) + ) { + findings.push({ + checkId: "browser.remote_cdp_private_host", + severity: "warn", + title: "Remote CDP targets a private/internal host", + detail: + `browser profile "${name}" points at a private/internal CDP host (${redactedCdpUrl}). ` + + "This is expected for LAN/tailnet/WSL-style setups, but treat it as a trusted-network endpoint.", + remediation: + "Prefer a tailnet or tunnel for remote CDP. If you want strict blocking, set browser.ssrfPolicy.dangerouslyAllowPrivateNetwork=false and allow only explicit hosts.", + }); + } } return findings; From 89e3969d640cede4636214ecaa658a082bf4513d Mon Sep 17 00:00:00 2001 From: Tak Hoffman <781889+Takhoffman@users.noreply.github.com> Date: Sun, 15 Mar 2026 10:33:49 -0500 Subject: [PATCH 08/34] feat(feishu): add ACP and subagent session binding (#46819) * feat(feishu): add ACP session support * fix(feishu): preserve sender-scoped ACP rebinding * fix(feishu): recover sender scope from bound ACP sessions * fix(feishu): support DM ACP binding placement * feat(feishu): add current-conversation session binding * fix(feishu): avoid DM parent binding fallback * fix(feishu): require canonical topic sender ids * fix(feishu): honor sender-scoped ACP bindings * fix(feishu): allow user-id ACP DM bindings * fix(feishu): recover user-id ACP DM bindings --- docs/channels/feishu.md | 69 ++ extensions/feishu/index.test.ts | 68 ++ extensions/feishu/index.ts | 2 + extensions/feishu/src/bot.test.ts | 288 ++++++++ extensions/feishu/src/bot.ts | 109 ++- extensions/feishu/src/conversation-id.ts | 125 ++++ extensions/feishu/src/monitor.account.ts | 31 +- .../feishu/src/monitor.reaction.test.ts | 93 +++ extensions/feishu/src/subagent-hooks.test.ts | 623 ++++++++++++++++++ extensions/feishu/src/subagent-hooks.ts | 341 ++++++++++ extensions/feishu/src/thread-bindings.test.ts | 94 +++ extensions/feishu/src/thread-bindings.ts | 316 +++++++++ src/acp/persistent-bindings.resolve.ts | 164 ++++- src/acp/persistent-bindings.test.ts | 196 ++++++ src/acp/persistent-bindings.types.ts | 2 +- src/auto-reply/reply/commands-acp.test.ts | 61 +- .../reply/commands-acp/context.test.ts | 178 ++++- src/auto-reply/reply/commands-acp/context.ts | 136 ++++ .../reply/commands-acp/lifecycle.ts | 9 +- src/config/config.acp-binding-cutover.test.ts | 108 +++ src/config/zod-schema.agents.ts | 23 +- 21 files changed, 2988 insertions(+), 48 deletions(-) create mode 100644 extensions/feishu/index.test.ts create mode 100644 extensions/feishu/src/conversation-id.ts create mode 100644 extensions/feishu/src/subagent-hooks.test.ts create mode 100644 extensions/feishu/src/subagent-hooks.ts create mode 100644 extensions/feishu/src/thread-bindings.test.ts create mode 100644 extensions/feishu/src/thread-bindings.ts diff --git a/docs/channels/feishu.md b/docs/channels/feishu.md index 467fc57c0fe..2fc16aed5d4 100644 --- a/docs/channels/feishu.md +++ b/docs/channels/feishu.md @@ -532,6 +532,75 @@ Feishu supports streaming replies via interactive cards. When enabled, the bot u Set `streaming: false` to wait for the full reply before sending. +### ACP sessions + +Feishu supports ACP for: + +- DMs +- group topic conversations + +Feishu ACP is text-command driven. There are no native slash-command menus, so use `/acp ...` messages directly in the conversation. + +#### Persistent ACP bindings + +Use top-level typed ACP bindings to pin a Feishu DM or topic conversation to a persistent ACP session. + +```json5 +{ + agents: { + list: [ + { + id: "codex", + runtime: { + type: "acp", + acp: { + agent: "codex", + backend: "acpx", + mode: "persistent", + cwd: "/workspace/openclaw", + }, + }, + }, + ], + }, + bindings: [ + { + type: "acp", + agentId: "codex", + match: { + channel: "feishu", + accountId: "default", + peer: { kind: "direct", id: "ou_1234567890" }, + }, + }, + { + type: "acp", + agentId: "codex", + match: { + channel: "feishu", + accountId: "default", + peer: { kind: "group", id: "oc_group_chat:topic:om_topic_root" }, + }, + acp: { label: "codex-feishu-topic" }, + }, + ], +} +``` + +#### Thread-bound ACP spawn from chat + +In a Feishu DM or topic conversation, you can spawn and bind an ACP session in place: + +```text +/acp spawn codex --thread here +``` + +Notes: + +- `--thread here` works for DMs and Feishu topics. +- Follow-up messages in the bound DM/topic route directly to that ACP session. +- v1 does not target generic non-topic group chats. + ### Multi-agent routing Use `bindings` to route Feishu DMs or groups to different agents. diff --git a/extensions/feishu/index.test.ts b/extensions/feishu/index.test.ts new file mode 100644 index 00000000000..5236e4bb542 --- /dev/null +++ b/extensions/feishu/index.test.ts @@ -0,0 +1,68 @@ +import type { OpenClawPluginApi } from "openclaw/plugin-sdk/feishu"; +import { describe, expect, it, vi } from "vitest"; + +const registerFeishuDocToolsMock = vi.hoisted(() => vi.fn()); +const registerFeishuChatToolsMock = vi.hoisted(() => vi.fn()); +const registerFeishuWikiToolsMock = vi.hoisted(() => vi.fn()); +const registerFeishuDriveToolsMock = vi.hoisted(() => vi.fn()); +const registerFeishuPermToolsMock = vi.hoisted(() => vi.fn()); +const registerFeishuBitableToolsMock = vi.hoisted(() => vi.fn()); +const setFeishuRuntimeMock = vi.hoisted(() => vi.fn()); +const registerFeishuSubagentHooksMock = vi.hoisted(() => vi.fn()); + +vi.mock("./src/docx.js", () => ({ + registerFeishuDocTools: registerFeishuDocToolsMock, +})); + +vi.mock("./src/chat.js", () => ({ + registerFeishuChatTools: registerFeishuChatToolsMock, +})); + +vi.mock("./src/wiki.js", () => ({ + registerFeishuWikiTools: registerFeishuWikiToolsMock, +})); + +vi.mock("./src/drive.js", () => ({ + registerFeishuDriveTools: registerFeishuDriveToolsMock, +})); + +vi.mock("./src/perm.js", () => ({ + registerFeishuPermTools: registerFeishuPermToolsMock, +})); + +vi.mock("./src/bitable.js", () => ({ + registerFeishuBitableTools: registerFeishuBitableToolsMock, +})); + +vi.mock("./src/runtime.js", () => ({ + setFeishuRuntime: setFeishuRuntimeMock, +})); + +vi.mock("./src/subagent-hooks.js", () => ({ + registerFeishuSubagentHooks: registerFeishuSubagentHooksMock, +})); + +describe("feishu plugin register", () => { + it("registers the Feishu channel, tools, and subagent hooks", async () => { + const { default: plugin } = await import("./index.js"); + const registerChannel = vi.fn(); + const api = { + runtime: { log: vi.fn() }, + registerChannel, + on: vi.fn(), + config: {}, + } as unknown as OpenClawPluginApi; + + plugin.register(api); + + expect(setFeishuRuntimeMock).toHaveBeenCalledWith(api.runtime); + expect(registerChannel).toHaveBeenCalledTimes(1); + expect(registerFeishuSubagentHooksMock).toHaveBeenCalledWith(api); + expect(registerFeishuDocToolsMock).toHaveBeenCalledWith(api); + expect(registerFeishuChatToolsMock).toHaveBeenCalledWith(api); + expect(registerFeishuWikiToolsMock).toHaveBeenCalledWith(api); + expect(registerFeishuDriveToolsMock).toHaveBeenCalledWith(api); + expect(registerFeishuPermToolsMock).toHaveBeenCalledWith(api); + expect(registerFeishuBitableToolsMock).toHaveBeenCalledWith(api); + }); +}); diff --git a/extensions/feishu/index.ts b/extensions/feishu/index.ts index bd26346c8ec..e01a975615a 100644 --- a/extensions/feishu/index.ts +++ b/extensions/feishu/index.ts @@ -7,6 +7,7 @@ import { registerFeishuDocTools } from "./src/docx.js"; import { registerFeishuDriveTools } from "./src/drive.js"; import { registerFeishuPermTools } from "./src/perm.js"; import { setFeishuRuntime } from "./src/runtime.js"; +import { registerFeishuSubagentHooks } from "./src/subagent-hooks.js"; import { registerFeishuWikiTools } from "./src/wiki.js"; export { monitorFeishuProvider } from "./src/monitor.js"; @@ -53,6 +54,7 @@ const plugin = { register(api: OpenClawPluginApi) { setFeishuRuntime(api.runtime); api.registerChannel({ plugin: feishuPlugin }); + registerFeishuSubagentHooks(api); registerFeishuDocTools(api); registerFeishuChatTools(api); registerFeishuWikiTools(api); diff --git a/extensions/feishu/src/bot.test.ts b/extensions/feishu/src/bot.test.ts index 4e0dd9d4fed..3e14bcdadd5 100644 --- a/extensions/feishu/src/bot.test.ts +++ b/extensions/feishu/src/bot.test.ts @@ -21,6 +21,10 @@ const { mockResolveAgentRoute, mockReadSessionUpdatedAt, mockResolveStorePath, + mockResolveConfiguredAcpRoute, + mockEnsureConfiguredAcpRouteReady, + mockResolveBoundConversation, + mockTouchBinding, } = vi.hoisted(() => ({ mockCreateFeishuReplyDispatcher: vi.fn(() => ({ dispatcher: vi.fn(), @@ -46,6 +50,13 @@ const { })), mockReadSessionUpdatedAt: vi.fn(), mockResolveStorePath: vi.fn(() => "/tmp/feishu-sessions.json"), + mockResolveConfiguredAcpRoute: vi.fn(({ route }) => ({ + configuredBinding: null, + route, + })), + mockEnsureConfiguredAcpRouteReady: vi.fn(async (_params?: unknown) => ({ ok: true })), + mockResolveBoundConversation: vi.fn(() => null), + mockTouchBinding: vi.fn(), })); vi.mock("./reply-dispatcher.js", () => ({ @@ -66,6 +77,18 @@ vi.mock("./client.js", () => ({ createFeishuClient: mockCreateFeishuClient, })); +vi.mock("../../../src/acp/persistent-bindings.route.js", () => ({ + resolveConfiguredAcpRoute: (params: unknown) => mockResolveConfiguredAcpRoute(params), + ensureConfiguredAcpRouteReady: (params: unknown) => mockEnsureConfiguredAcpRouteReady(params), +})); + +vi.mock("../../../src/infra/outbound/session-binding-service.js", () => ({ + getSessionBindingService: () => ({ + resolveByConversation: mockResolveBoundConversation, + touch: mockTouchBinding, + }), +})); + function createRuntimeEnv(): RuntimeEnv { return { log: vi.fn(), @@ -110,6 +133,261 @@ describe("buildFeishuAgentBody", () => { }); }); +describe("handleFeishuMessage ACP routing", () => { + beforeEach(() => { + vi.clearAllMocks(); + mockResolveConfiguredAcpRoute.mockReset().mockImplementation( + ({ route }) => + ({ + configuredBinding: null, + route, + }) as any, + ); + mockEnsureConfiguredAcpRouteReady.mockReset().mockResolvedValue({ ok: true }); + mockResolveBoundConversation.mockReset().mockReturnValue(null); + mockTouchBinding.mockReset(); + mockResolveAgentRoute.mockReset().mockReturnValue({ + agentId: "main", + channel: "feishu", + accountId: "default", + sessionKey: "agent:main:feishu:direct:ou_sender_1", + mainSessionKey: "agent:main:main", + matchedBy: "default", + }); + mockSendMessageFeishu + .mockReset() + .mockResolvedValue({ messageId: "reply-msg", chatId: "oc_dm" }); + mockCreateFeishuReplyDispatcher.mockReset().mockReturnValue({ + dispatcher: { + sendToolResult: vi.fn(), + sendBlockReply: vi.fn(), + sendFinalReply: vi.fn(), + waitForIdle: vi.fn(), + getQueuedCounts: vi.fn(() => ({ tool: 0, block: 0, final: 0 })), + markComplete: vi.fn(), + } as any, + replyOptions: {}, + markDispatchIdle: vi.fn(), + }); + + setFeishuRuntime( + createPluginRuntimeMock({ + channel: { + routing: { + resolveAgentRoute: + mockResolveAgentRoute as unknown as PluginRuntime["channel"]["routing"]["resolveAgentRoute"], + }, + session: { + readSessionUpdatedAt: + mockReadSessionUpdatedAt as unknown as PluginRuntime["channel"]["session"]["readSessionUpdatedAt"], + resolveStorePath: + mockResolveStorePath as unknown as PluginRuntime["channel"]["session"]["resolveStorePath"], + }, + reply: { + resolveEnvelopeFormatOptions: vi.fn( + () => ({}), + ) as unknown as PluginRuntime["channel"]["reply"]["resolveEnvelopeFormatOptions"], + formatAgentEnvelope: vi.fn((params: { body: string }) => params.body), + finalizeInboundContext: ((ctx: unknown) => + ctx) as unknown as PluginRuntime["channel"]["reply"]["finalizeInboundContext"], + dispatchReplyFromConfig: vi.fn().mockResolvedValue({ + queuedFinal: false, + counts: { final: 1 }, + }), + withReplyDispatcher: vi.fn( + async ({ + run, + }: Parameters[0]) => + await run(), + ) as unknown as PluginRuntime["channel"]["reply"]["withReplyDispatcher"], + }, + commands: { + shouldComputeCommandAuthorized: vi.fn(() => false), + resolveCommandAuthorizedFromAuthorizers: vi.fn(() => false), + }, + pairing: { + readAllowFromStore: vi.fn().mockResolvedValue(["ou_sender_1"]), + upsertPairingRequest: vi.fn(), + buildPairingReply: vi.fn(), + }, + }, + }), + ); + }); + + it("ensures configured ACP routes for Feishu DMs", async () => { + mockResolveConfiguredAcpRoute.mockReturnValue({ + configuredBinding: { + spec: { + channel: "feishu", + accountId: "default", + conversationId: "ou_sender_1", + agentId: "codex", + mode: "persistent", + }, + record: { + bindingId: "config:acp:feishu:default:ou_sender_1", + targetSessionKey: "agent:codex:acp:binding:feishu:default:abc123", + targetKind: "session", + conversation: { + channel: "feishu", + accountId: "default", + conversationId: "ou_sender_1", + }, + status: "active", + boundAt: 0, + metadata: { source: "config" }, + }, + }, + route: { + agentId: "codex", + channel: "feishu", + accountId: "default", + sessionKey: "agent:codex:acp:binding:feishu:default:abc123", + mainSessionKey: "agent:codex:main", + matchedBy: "binding.channel", + }, + } as any); + + await dispatchMessage({ + cfg: { + session: { mainKey: "main", scope: "per-sender" }, + channels: { feishu: { enabled: true, allowFrom: ["ou_sender_1"], dmPolicy: "open" } }, + }, + event: { + sender: { sender_id: { open_id: "ou_sender_1" } }, + message: { + message_id: "msg-1", + chat_id: "oc_dm", + chat_type: "p2p", + message_type: "text", + content: JSON.stringify({ text: "hello" }), + }, + }, + }); + + expect(mockResolveConfiguredAcpRoute).toHaveBeenCalledTimes(1); + expect(mockEnsureConfiguredAcpRouteReady).toHaveBeenCalledTimes(1); + }); + + it("surfaces configured ACP initialization failures to the Feishu conversation", async () => { + mockResolveConfiguredAcpRoute.mockReturnValue({ + configuredBinding: { + spec: { + channel: "feishu", + accountId: "default", + conversationId: "ou_sender_1", + agentId: "codex", + mode: "persistent", + }, + record: { + bindingId: "config:acp:feishu:default:ou_sender_1", + targetSessionKey: "agent:codex:acp:binding:feishu:default:abc123", + targetKind: "session", + conversation: { + channel: "feishu", + accountId: "default", + conversationId: "ou_sender_1", + }, + status: "active", + boundAt: 0, + metadata: { source: "config" }, + }, + }, + route: { + agentId: "codex", + channel: "feishu", + accountId: "default", + sessionKey: "agent:codex:acp:binding:feishu:default:abc123", + mainSessionKey: "agent:codex:main", + matchedBy: "binding.channel", + }, + } as any); + mockEnsureConfiguredAcpRouteReady.mockResolvedValue({ + ok: false, + error: "runtime unavailable", + } as any); + + await dispatchMessage({ + cfg: { + session: { mainKey: "main", scope: "per-sender" }, + channels: { feishu: { enabled: true, allowFrom: ["ou_sender_1"], dmPolicy: "open" } }, + }, + event: { + sender: { sender_id: { open_id: "ou_sender_1" } }, + message: { + message_id: "msg-2", + chat_id: "oc_dm", + chat_type: "p2p", + message_type: "text", + content: JSON.stringify({ text: "hello" }), + }, + }, + }); + + expect(mockSendMessageFeishu).toHaveBeenCalledWith( + expect.objectContaining({ + to: "chat:oc_dm", + text: expect.stringContaining("runtime unavailable"), + }), + ); + }); + + it("routes Feishu topic messages through active bound conversations", async () => { + mockResolveBoundConversation.mockReturnValue({ + bindingId: "default:oc_group_chat:topic:om_topic_root", + targetSessionKey: "agent:codex:acp:binding:feishu:default:feedface", + targetKind: "session", + conversation: { + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat:topic:om_topic_root", + parentConversationId: "oc_group_chat", + }, + status: "active", + boundAt: 0, + } as any); + + await dispatchMessage({ + cfg: { + session: { mainKey: "main", scope: "per-sender" }, + channels: { + feishu: { + enabled: true, + allowFrom: ["ou_sender_1"], + groups: { + oc_group_chat: { + allow: true, + requireMention: false, + groupSessionScope: "group_topic", + }, + }, + }, + }, + }, + event: { + sender: { sender_id: { open_id: "ou_sender_1" } }, + message: { + message_id: "msg-3", + chat_id: "oc_group_chat", + chat_type: "group", + message_type: "text", + root_id: "om_topic_root", + content: JSON.stringify({ text: "hello topic" }), + }, + }, + }); + + expect(mockResolveBoundConversation).toHaveBeenCalledWith( + expect.objectContaining({ + channel: "feishu", + conversationId: "oc_group_chat:topic:om_topic_root", + }), + ); + expect(mockTouchBinding).toHaveBeenCalledWith("default:oc_group_chat:topic:om_topic_root"); + }); +}); + describe("handleFeishuMessage command authorization", () => { const mockFinalizeInboundContext = vi.fn((ctx: unknown) => ctx); const mockDispatchReplyFromConfig = vi @@ -153,6 +431,16 @@ describe("handleFeishuMessage command authorization", () => { mockListFeishuThreadMessages.mockReset().mockResolvedValue([]); mockReadSessionUpdatedAt.mockReturnValue(undefined); mockResolveStorePath.mockReturnValue("/tmp/feishu-sessions.json"); + mockResolveConfiguredAcpRoute.mockReset().mockImplementation( + ({ route }) => + ({ + configuredBinding: null, + route, + }) as any, + ); + mockEnsureConfiguredAcpRouteReady.mockReset().mockResolvedValue({ ok: true }); + mockResolveBoundConversation.mockReset().mockReturnValue(null); + mockTouchBinding.mockReset(); mockResolveAgentRoute.mockReturnValue({ agentId: "main", channel: "feishu", diff --git a/extensions/feishu/src/bot.ts b/extensions/feishu/src/bot.ts index dc8326b1dba..fc84801b124 100644 --- a/extensions/feishu/src/bot.ts +++ b/extensions/feishu/src/bot.ts @@ -14,8 +14,16 @@ import { resolveDefaultGroupPolicy, warnMissingProviderGroupPolicyFallbackOnce, } from "openclaw/plugin-sdk/feishu"; +import { + ensureConfiguredAcpRouteReady, + resolveConfiguredAcpRoute, +} from "../../../src/acp/persistent-bindings.route.js"; +import { getSessionBindingService } from "../../../src/infra/outbound/session-binding-service.js"; +import { deriveLastRoutePolicy } from "../../../src/routing/resolve-route.js"; +import { resolveAgentIdFromSessionKey } from "../../../src/routing/session-key.js"; import { resolveFeishuAccount } from "./accounts.js"; import { createFeishuClient } from "./client.js"; +import { buildFeishuConversationId } from "./conversation-id.js"; import { finalizeFeishuMessageProcessing, tryRecordMessagePersistent } from "./dedup.js"; import { maybeCreateDynamicAgent } from "./dynamic-agent.js"; import { normalizeFeishuExternalKey } from "./external-keys.js"; @@ -273,15 +281,34 @@ function resolveFeishuGroupSession(params: { let peerId = chatId; switch (groupSessionScope) { case "group_sender": - peerId = `${chatId}:sender:${senderOpenId}`; + peerId = buildFeishuConversationId({ + chatId, + scope: "group_sender", + senderOpenId, + }); break; case "group_topic": - peerId = topicScope ? `${chatId}:topic:${topicScope}` : chatId; + peerId = topicScope + ? buildFeishuConversationId({ + chatId, + scope: "group_topic", + topicId: topicScope, + }) + : chatId; break; case "group_topic_sender": peerId = topicScope - ? `${chatId}:topic:${topicScope}:sender:${senderOpenId}` - : `${chatId}:sender:${senderOpenId}`; + ? buildFeishuConversationId({ + chatId, + scope: "group_topic_sender", + topicId: topicScope, + senderOpenId, + }) + : buildFeishuConversationId({ + chatId, + scope: "group_sender", + senderOpenId, + }); break; case "group": default: @@ -1168,6 +1195,10 @@ export async function handleFeishuMessage(params: { const peerId = isGroup ? (groupSession?.peerId ?? ctx.chatId) : ctx.senderOpenId; const parentPeer = isGroup ? (groupSession?.parentPeer ?? null) : null; const replyInThread = isGroup ? (groupSession?.replyInThread ?? false) : false; + const feishuAcpConversationSupported = + !isGroup || + groupSession?.groupSessionScope === "group_topic" || + groupSession?.groupSessionScope === "group_topic_sender"; if (isGroup && groupSession) { log( @@ -1216,6 +1247,76 @@ export async function handleFeishuMessage(params: { } } + const currentConversationId = peerId; + const parentConversationId = isGroup ? (parentPeer?.id ?? ctx.chatId) : undefined; + let configuredBinding = null; + if (feishuAcpConversationSupported) { + const configuredRoute = resolveConfiguredAcpRoute({ + cfg: effectiveCfg, + route, + channel: "feishu", + accountId: account.accountId, + conversationId: currentConversationId, + parentConversationId, + }); + configuredBinding = configuredRoute.configuredBinding; + route = configuredRoute.route; + + // Bound Feishu conversations intentionally require an exact live conversation-id match. + // Sender-scoped topic sessions therefore bind on `chat:topic:root:sender:user`, while + // configured ACP bindings may still inherit the shared `chat:topic:root` topic session. + const threadBinding = getSessionBindingService().resolveByConversation({ + channel: "feishu", + accountId: account.accountId, + conversationId: currentConversationId, + ...(parentConversationId ? { parentConversationId } : {}), + }); + const boundSessionKey = threadBinding?.targetSessionKey?.trim(); + if (threadBinding && boundSessionKey) { + route = { + ...route, + sessionKey: boundSessionKey, + agentId: resolveAgentIdFromSessionKey(boundSessionKey) || route.agentId, + lastRoutePolicy: deriveLastRoutePolicy({ + sessionKey: boundSessionKey, + mainSessionKey: route.mainSessionKey, + }), + matchedBy: "binding.channel", + }; + configuredBinding = null; + getSessionBindingService().touch(threadBinding.bindingId); + log( + `feishu[${account.accountId}]: routed via bound conversation ${currentConversationId} -> ${boundSessionKey}`, + ); + } + } + + if (configuredBinding) { + const ensured = await ensureConfiguredAcpRouteReady({ + cfg: effectiveCfg, + configuredBinding, + }); + if (!ensured.ok) { + const replyTargetMessageId = + isGroup && + (groupSession?.groupSessionScope === "group_topic" || + groupSession?.groupSessionScope === "group_topic_sender") + ? (ctx.rootId ?? ctx.messageId) + : ctx.messageId; + await sendMessageFeishu({ + cfg: effectiveCfg, + to: `chat:${ctx.chatId}`, + text: `⚠️ Failed to initialize the configured ACP session for this Feishu conversation: ${ensured.error}`, + replyToMessageId: replyTargetMessageId, + replyInThread: isGroup ? (groupSession?.replyInThread ?? false) : false, + accountId: account.accountId, + }).catch((err) => { + log(`feishu[${account.accountId}]: failed to send ACP init error reply: ${String(err)}`); + }); + return; + } + } + const preview = ctx.content.replace(/\s+/g, " ").slice(0, 160); const inboundLabel = isGroup ? `Feishu[${account.accountId}] message in group ${ctx.chatId}` diff --git a/extensions/feishu/src/conversation-id.ts b/extensions/feishu/src/conversation-id.ts new file mode 100644 index 00000000000..39cb8cc74b6 --- /dev/null +++ b/extensions/feishu/src/conversation-id.ts @@ -0,0 +1,125 @@ +export type FeishuGroupSessionScope = + | "group" + | "group_sender" + | "group_topic" + | "group_topic_sender"; + +function normalizeText(value: unknown): string | undefined { + if (typeof value !== "string") { + return undefined; + } + const trimmed = value.trim(); + return trimmed || undefined; +} + +export function buildFeishuConversationId(params: { + chatId: string; + scope: FeishuGroupSessionScope; + senderOpenId?: string; + topicId?: string; +}): string { + const chatId = normalizeText(params.chatId) ?? "unknown"; + const senderOpenId = normalizeText(params.senderOpenId); + const topicId = normalizeText(params.topicId); + + switch (params.scope) { + case "group_sender": + return senderOpenId ? `${chatId}:sender:${senderOpenId}` : chatId; + case "group_topic": + return topicId ? `${chatId}:topic:${topicId}` : chatId; + case "group_topic_sender": + if (topicId && senderOpenId) { + return `${chatId}:topic:${topicId}:sender:${senderOpenId}`; + } + if (topicId) { + return `${chatId}:topic:${topicId}`; + } + return senderOpenId ? `${chatId}:sender:${senderOpenId}` : chatId; + case "group": + default: + return chatId; + } +} + +export function parseFeishuConversationId(params: { + conversationId: string; + parentConversationId?: string; +}): { + canonicalConversationId: string; + chatId: string; + topicId?: string; + senderOpenId?: string; + scope: FeishuGroupSessionScope; +} | null { + const conversationId = normalizeText(params.conversationId); + const parentConversationId = normalizeText(params.parentConversationId); + if (!conversationId) { + return null; + } + + const topicSenderMatch = conversationId.match(/^(.+):topic:([^:]+):sender:([^:]+)$/); + if (topicSenderMatch) { + const [, chatId, topicId, senderOpenId] = topicSenderMatch; + return { + canonicalConversationId: buildFeishuConversationId({ + chatId, + scope: "group_topic_sender", + topicId, + senderOpenId, + }), + chatId, + topicId, + senderOpenId, + scope: "group_topic_sender", + }; + } + + const topicMatch = conversationId.match(/^(.+):topic:([^:]+)$/); + if (topicMatch) { + const [, chatId, topicId] = topicMatch; + return { + canonicalConversationId: buildFeishuConversationId({ + chatId, + scope: "group_topic", + topicId, + }), + chatId, + topicId, + scope: "group_topic", + }; + } + + const senderMatch = conversationId.match(/^(.+):sender:([^:]+)$/); + if (senderMatch) { + const [, chatId, senderOpenId] = senderMatch; + return { + canonicalConversationId: buildFeishuConversationId({ + chatId, + scope: "group_sender", + senderOpenId, + }), + chatId, + senderOpenId, + scope: "group_sender", + }; + } + + if (parentConversationId) { + return { + canonicalConversationId: buildFeishuConversationId({ + chatId: parentConversationId, + scope: "group_topic", + topicId: conversationId, + }), + chatId: parentConversationId, + topicId: conversationId, + scope: "group_topic", + }; + } + + return { + canonicalConversationId: conversationId, + chatId: conversationId, + scope: "group", + }; +} diff --git a/extensions/feishu/src/monitor.account.ts b/extensions/feishu/src/monitor.account.ts index 6bc990a8d1e..3d761631399 100644 --- a/extensions/feishu/src/monitor.account.ts +++ b/extensions/feishu/src/monitor.account.ts @@ -24,6 +24,7 @@ import { botNames, botOpenIds } from "./monitor.state.js"; import { monitorWebhook, monitorWebSocket } from "./monitor.transport.js"; import { getFeishuRuntime } from "./runtime.js"; import { getMessageFeishu } from "./send.js"; +import { createFeishuThreadBindingManager } from "./thread-bindings.js"; import type { FeishuChatType, ResolvedFeishuAccount } from "./types.js"; const FEISHU_REACTION_VERIFY_TIMEOUT_MS = 1_500; @@ -631,19 +632,25 @@ export async function monitorSingleAccount(params: MonitorSingleAccountParams): log(`feishu[${accountId}]: dedup warmup loaded ${warmupCount} entries from disk`); } - const eventDispatcher = createEventDispatcher(account); - const chatHistories = new Map(); + let threadBindingManager: ReturnType | null = null; + try { + const eventDispatcher = createEventDispatcher(account); + const chatHistories = new Map(); + threadBindingManager = createFeishuThreadBindingManager({ accountId, cfg }); - registerEventHandlers(eventDispatcher, { - cfg, - accountId, - runtime, - chatHistories, - fireAndForget: true, - }); + registerEventHandlers(eventDispatcher, { + cfg, + accountId, + runtime, + chatHistories, + fireAndForget: true, + }); - if (connectionMode === "webhook") { - return monitorWebhook({ account, accountId, runtime, abortSignal, eventDispatcher }); + if (connectionMode === "webhook") { + return await monitorWebhook({ account, accountId, runtime, abortSignal, eventDispatcher }); + } + return await monitorWebSocket({ account, accountId, runtime, abortSignal, eventDispatcher }); + } finally { + threadBindingManager?.stop(); } - return monitorWebSocket({ account, accountId, runtime, abortSignal, eventDispatcher }); } diff --git a/extensions/feishu/src/monitor.reaction.test.ts b/extensions/feishu/src/monitor.reaction.test.ts index 49da928ea3b..001b8140f80 100644 --- a/extensions/feishu/src/monitor.reaction.test.ts +++ b/extensions/feishu/src/monitor.reaction.test.ts @@ -17,6 +17,7 @@ const handleFeishuMessageMock = vi.hoisted(() => vi.fn(async (_params: { event?: const createEventDispatcherMock = vi.hoisted(() => vi.fn()); const monitorWebSocketMock = vi.hoisted(() => vi.fn(async () => {})); const monitorWebhookMock = vi.hoisted(() => vi.fn(async () => {})); +const createFeishuThreadBindingManagerMock = vi.hoisted(() => vi.fn(() => ({ stop: vi.fn() }))); let handlers: Record Promise> = {}; @@ -37,6 +38,10 @@ vi.mock("./monitor.transport.js", () => ({ monitorWebhook: monitorWebhookMock, })); +vi.mock("./thread-bindings.js", () => ({ + createFeishuThreadBindingManager: createFeishuThreadBindingManagerMock, +})); + const cfg = {} as ClawdbotConfig; function makeReactionEvent( @@ -419,6 +424,94 @@ describe("resolveReactionSyntheticEvent", () => { }); }); +describe("monitorSingleAccount lifecycle", () => { + beforeEach(() => { + createFeishuThreadBindingManagerMock.mockReset().mockImplementation(() => ({ + stop: vi.fn(), + })); + createEventDispatcherMock.mockReset().mockReturnValue({ + register: vi.fn(), + }); + }); + + it("stops the Feishu thread binding manager when the monitor exits", async () => { + setFeishuRuntime( + createPluginRuntimeMock({ + channel: { + debounce: { + resolveInboundDebounceMs, + createInboundDebouncer, + }, + text: { + hasControlCommand, + }, + }, + }), + ); + + await monitorSingleAccount({ + cfg: buildDebounceConfig(), + account: buildDebounceAccount(), + runtime: { + log: vi.fn(), + error: vi.fn(), + exit: vi.fn(), + } as RuntimeEnv, + botOpenIdSource: { + kind: "prefetched", + botOpenId: "ou_bot", + }, + }); + + const manager = createFeishuThreadBindingManagerMock.mock.results[0]?.value as + | { stop: ReturnType } + | undefined; + expect(manager?.stop).toHaveBeenCalledTimes(1); + }); + + it("stops the Feishu thread binding manager when setup fails before transport starts", async () => { + setFeishuRuntime( + createPluginRuntimeMock({ + channel: { + debounce: { + resolveInboundDebounceMs, + createInboundDebouncer, + }, + text: { + hasControlCommand, + }, + }, + }), + ); + createEventDispatcherMock.mockReturnValue({ + get register() { + throw new Error("register failed"); + }, + }); + + await expect( + monitorSingleAccount({ + cfg: buildDebounceConfig(), + account: buildDebounceAccount(), + runtime: { + log: vi.fn(), + error: vi.fn(), + exit: vi.fn(), + } as RuntimeEnv, + botOpenIdSource: { + kind: "prefetched", + botOpenId: "ou_bot", + }, + }), + ).rejects.toThrow("register failed"); + + const manager = createFeishuThreadBindingManagerMock.mock.results[0]?.value as + | { stop: ReturnType } + | undefined; + expect(manager?.stop).toHaveBeenCalledTimes(1); + }); +}); + describe("Feishu inbound debounce regressions", () => { beforeEach(() => { vi.useFakeTimers(); diff --git a/extensions/feishu/src/subagent-hooks.test.ts b/extensions/feishu/src/subagent-hooks.test.ts new file mode 100644 index 00000000000..a86e8996f35 --- /dev/null +++ b/extensions/feishu/src/subagent-hooks.test.ts @@ -0,0 +1,623 @@ +import type { OpenClawPluginApi } from "openclaw/plugin-sdk/feishu"; +import { beforeEach, describe, expect, it, vi } from "vitest"; +import { registerFeishuSubagentHooks } from "./subagent-hooks.js"; +import { + __testing as threadBindingTesting, + createFeishuThreadBindingManager, +} from "./thread-bindings.js"; + +const baseConfig = { + session: { mainKey: "main", scope: "per-sender" }, + channels: { feishu: {} }, +}; + +function registerHandlersForTest(config: Record = baseConfig) { + const handlers = new Map unknown>(); + const api = { + config, + on: (hookName: string, handler: (event: unknown, ctx: unknown) => unknown) => { + handlers.set(hookName, handler); + }, + } as unknown as OpenClawPluginApi; + registerFeishuSubagentHooks(api); + return handlers; +} + +function getRequiredHandler( + handlers: Map unknown>, + hookName: string, +): (event: unknown, ctx: unknown) => unknown { + const handler = handlers.get(hookName); + if (!handler) { + throw new Error(`expected ${hookName} hook handler`); + } + return handler; +} + +describe("feishu subagent hook handlers", () => { + beforeEach(() => { + threadBindingTesting.resetFeishuThreadBindingsForTests(); + }); + + it("registers Feishu subagent hooks", () => { + const handlers = registerHandlersForTest(); + expect(handlers.has("subagent_spawning")).toBe(true); + expect(handlers.has("subagent_delivery_target")).toBe(true); + expect(handlers.has("subagent_ended")).toBe(true); + expect(handlers.has("subagent_spawned")).toBe(false); + }); + + it("binds a Feishu DM conversation on subagent_spawning", async () => { + const handlers = registerHandlersForTest(); + const handler = getRequiredHandler(handlers, "subagent_spawning"); + createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); + + const result = await handler( + { + childSessionKey: "agent:main:subagent:child", + agentId: "codex", + label: "banana", + mode: "session", + requester: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_1", + }, + threadRequested: true, + }, + {}, + ); + + expect(result).toEqual({ status: "ok", threadBindingReady: true }); + + const deliveryTargetHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + expect( + deliveryTargetHandler( + { + childSessionKey: "agent:main:subagent:child", + requesterSessionKey: "agent:main:main", + requesterOrigin: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_1", + }, + expectsCompletionMessage: true, + }, + {}, + ), + ).toEqual({ + origin: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_1", + }, + }); + }); + + it("preserves the original Feishu DM delivery target", async () => { + const handlers = registerHandlersForTest(); + const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const manager = createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); + + manager.bindConversation({ + conversationId: "ou_sender_1", + targetKind: "subagent", + targetSessionKey: "agent:main:subagent:chat-dm-child", + metadata: { + deliveryTo: "chat:oc_dm_chat_1", + boundBy: "system", + }, + }); + + expect( + deliveryHandler( + { + childSessionKey: "agent:main:subagent:chat-dm-child", + requesterSessionKey: "agent:main:main", + requesterOrigin: { + channel: "feishu", + accountId: "work", + to: "chat:oc_dm_chat_1", + }, + expectsCompletionMessage: true, + }, + {}, + ), + ).toEqual({ + origin: { + channel: "feishu", + accountId: "work", + to: "chat:oc_dm_chat_1", + }, + }); + }); + + it("binds a Feishu topic conversation and preserves parent context", async () => { + const handlers = registerHandlersForTest(); + const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); + + const result = await spawnHandler( + { + childSessionKey: "agent:main:subagent:topic-child", + agentId: "codex", + label: "topic-child", + mode: "session", + requester: { + channel: "feishu", + accountId: "work", + to: "chat:oc_group_chat", + threadId: "om_topic_root", + }, + threadRequested: true, + }, + {}, + ); + + expect(result).toEqual({ status: "ok", threadBindingReady: true }); + expect( + deliveryHandler( + { + childSessionKey: "agent:main:subagent:topic-child", + requesterSessionKey: "agent:main:main", + requesterOrigin: { + channel: "feishu", + accountId: "work", + to: "chat:oc_group_chat", + threadId: "om_topic_root", + }, + expectsCompletionMessage: true, + }, + {}, + ), + ).toEqual({ + origin: { + channel: "feishu", + accountId: "work", + to: "chat:oc_group_chat", + threadId: "om_topic_root", + }, + }); + }); + + it("uses the requester session binding to preserve sender-scoped topic conversations", async () => { + const handlers = registerHandlersForTest(); + const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const manager = createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); + + manager.bindConversation({ + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_sender_1", + parentConversationId: "oc_group_chat", + targetKind: "subagent", + targetSessionKey: "agent:main:parent", + metadata: { + agentId: "codex", + label: "parent", + boundBy: "system", + }, + }); + + const reboundResult = await spawnHandler( + { + childSessionKey: "agent:main:subagent:sender-child", + agentId: "codex", + label: "sender-child", + mode: "session", + requester: { + channel: "feishu", + accountId: "work", + to: "chat:oc_group_chat", + threadId: "om_topic_root", + }, + threadRequested: true, + }, + { + requesterSessionKey: "agent:main:parent", + }, + ); + + expect(reboundResult).toEqual({ status: "ok", threadBindingReady: true }); + expect(manager.listBySessionKey("agent:main:subagent:sender-child")).toMatchObject([ + { + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_sender_1", + parentConversationId: "oc_group_chat", + }, + ]); + expect( + deliveryHandler( + { + childSessionKey: "agent:main:subagent:sender-child", + requesterSessionKey: "agent:main:parent", + requesterOrigin: { + channel: "feishu", + accountId: "work", + to: "chat:oc_group_chat", + threadId: "om_topic_root", + }, + expectsCompletionMessage: true, + }, + {}, + ), + ).toEqual({ + origin: { + channel: "feishu", + accountId: "work", + to: "chat:oc_group_chat", + threadId: "om_topic_root", + }, + }); + }); + + it("prefers requester-matching bindings when multiple child bindings exist", async () => { + const handlers = registerHandlersForTest(); + const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); + + await spawnHandler( + { + childSessionKey: "agent:main:subagent:shared", + agentId: "codex", + label: "shared", + mode: "session", + requester: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_1", + }, + threadRequested: true, + }, + {}, + ); + await spawnHandler( + { + childSessionKey: "agent:main:subagent:shared", + agentId: "codex", + label: "shared", + mode: "session", + requester: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_2", + }, + threadRequested: true, + }, + {}, + ); + + expect( + deliveryHandler( + { + childSessionKey: "agent:main:subagent:shared", + requesterSessionKey: "agent:main:main", + requesterOrigin: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_2", + }, + expectsCompletionMessage: true, + }, + {}, + ), + ).toEqual({ + origin: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_2", + }, + }); + }); + + it("fails closed when requester-session bindings remain ambiguous for the same topic", async () => { + const handlers = registerHandlersForTest(); + const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const manager = createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); + + manager.bindConversation({ + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_sender_1", + parentConversationId: "oc_group_chat", + targetKind: "subagent", + targetSessionKey: "agent:main:parent", + metadata: { boundBy: "system" }, + }); + manager.bindConversation({ + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_sender_2", + parentConversationId: "oc_group_chat", + targetKind: "subagent", + targetSessionKey: "agent:main:parent", + metadata: { boundBy: "system" }, + }); + + await expect( + spawnHandler( + { + childSessionKey: "agent:main:subagent:ambiguous-child", + agentId: "codex", + label: "ambiguous-child", + mode: "session", + requester: { + channel: "feishu", + accountId: "work", + to: "chat:oc_group_chat", + threadId: "om_topic_root", + }, + threadRequested: true, + }, + { + requesterSessionKey: "agent:main:parent", + }, + ), + ).resolves.toMatchObject({ + status: "error", + error: expect.stringContaining("direct messages or topic conversations"), + }); + + expect( + deliveryHandler( + { + childSessionKey: "agent:main:subagent:ambiguous-child", + requesterSessionKey: "agent:main:parent", + requesterOrigin: { + channel: "feishu", + accountId: "work", + to: "chat:oc_group_chat", + threadId: "om_topic_root", + }, + expectsCompletionMessage: true, + }, + {}, + ), + ).toBeUndefined(); + }); + + it("fails closed when both topic-level and sender-scoped requester bindings exist", async () => { + const handlers = registerHandlersForTest(); + const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const manager = createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); + + manager.bindConversation({ + conversationId: "oc_group_chat:topic:om_topic_root", + parentConversationId: "oc_group_chat", + targetKind: "subagent", + targetSessionKey: "agent:main:parent", + metadata: { boundBy: "system" }, + }); + manager.bindConversation({ + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_sender_1", + parentConversationId: "oc_group_chat", + targetKind: "subagent", + targetSessionKey: "agent:main:parent", + metadata: { boundBy: "system" }, + }); + + await expect( + spawnHandler( + { + childSessionKey: "agent:main:subagent:mixed-topic-child", + agentId: "codex", + label: "mixed-topic-child", + mode: "session", + requester: { + channel: "feishu", + accountId: "work", + to: "chat:oc_group_chat", + threadId: "om_topic_root", + }, + threadRequested: true, + }, + { + requesterSessionKey: "agent:main:parent", + }, + ), + ).resolves.toMatchObject({ + status: "error", + error: expect.stringContaining("direct messages or topic conversations"), + }); + + expect( + deliveryHandler( + { + childSessionKey: "agent:main:subagent:mixed-topic-child", + requesterSessionKey: "agent:main:parent", + requesterOrigin: { + channel: "feishu", + accountId: "work", + to: "chat:oc_group_chat", + threadId: "om_topic_root", + }, + expectsCompletionMessage: true, + }, + {}, + ), + ).toBeUndefined(); + }); + + it("no-ops for non-Feishu channels and non-threaded spawns", async () => { + const handlers = registerHandlersForTest(); + const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const endedHandler = getRequiredHandler(handlers, "subagent_ended"); + + await expect( + spawnHandler( + { + childSessionKey: "agent:main:subagent:child", + agentId: "codex", + mode: "run", + requester: { + channel: "discord", + accountId: "work", + to: "channel:123", + }, + threadRequested: true, + }, + {}, + ), + ).resolves.toBeUndefined(); + + await expect( + spawnHandler( + { + childSessionKey: "agent:main:subagent:child", + agentId: "codex", + mode: "run", + requester: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_1", + }, + threadRequested: false, + }, + {}, + ), + ).resolves.toBeUndefined(); + + expect( + deliveryHandler( + { + childSessionKey: "agent:main:subagent:child", + requesterSessionKey: "agent:main:main", + requesterOrigin: { + channel: "discord", + accountId: "work", + to: "channel:123", + }, + expectsCompletionMessage: true, + }, + {}, + ), + ).toBeUndefined(); + + expect( + endedHandler( + { + targetSessionKey: "agent:main:subagent:child", + targetKind: "subagent", + reason: "done", + accountId: "work", + }, + {}, + ), + ).toBeUndefined(); + }); + + it("returns an error for unsupported non-topic Feishu group conversations", async () => { + const handler = getRequiredHandler(registerHandlersForTest(), "subagent_spawning"); + createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); + + await expect( + handler( + { + childSessionKey: "agent:main:subagent:child", + agentId: "codex", + mode: "session", + requester: { + channel: "feishu", + accountId: "work", + to: "chat:oc_group_chat", + }, + threadRequested: true, + }, + {}, + ), + ).resolves.toMatchObject({ + status: "error", + error: expect.stringContaining("direct messages or topic conversations"), + }); + }); + + it("unbinds Feishu bindings on subagent_ended", async () => { + const handlers = registerHandlersForTest(); + const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + const endedHandler = getRequiredHandler(handlers, "subagent_ended"); + createFeishuThreadBindingManager({ cfg: baseConfig as any, accountId: "work" }); + + await spawnHandler( + { + childSessionKey: "agent:main:subagent:child", + agentId: "codex", + mode: "session", + requester: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_1", + }, + threadRequested: true, + }, + {}, + ); + + endedHandler( + { + targetSessionKey: "agent:main:subagent:child", + targetKind: "subagent", + reason: "done", + accountId: "work", + }, + {}, + ); + + expect( + deliveryHandler( + { + childSessionKey: "agent:main:subagent:child", + requesterSessionKey: "agent:main:main", + requesterOrigin: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_1", + }, + expectsCompletionMessage: true, + }, + {}, + ), + ).toBeUndefined(); + }); + + it("fails closed when the Feishu monitor-owned binding manager is unavailable", async () => { + const handlers = registerHandlersForTest(); + const spawnHandler = getRequiredHandler(handlers, "subagent_spawning"); + const deliveryHandler = getRequiredHandler(handlers, "subagent_delivery_target"); + + await expect( + spawnHandler( + { + childSessionKey: "agent:main:subagent:no-manager", + agentId: "codex", + mode: "session", + requester: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_1", + }, + threadRequested: true, + }, + {}, + ), + ).resolves.toMatchObject({ + status: "error", + error: expect.stringContaining("monitor is not active"), + }); + + expect( + deliveryHandler( + { + childSessionKey: "agent:main:subagent:no-manager", + requesterSessionKey: "agent:main:main", + requesterOrigin: { + channel: "feishu", + accountId: "work", + to: "user:ou_sender_1", + }, + expectsCompletionMessage: true, + }, + {}, + ), + ).toBeUndefined(); + }); +}); diff --git a/extensions/feishu/src/subagent-hooks.ts b/extensions/feishu/src/subagent-hooks.ts new file mode 100644 index 00000000000..6b048f8fbcf --- /dev/null +++ b/extensions/feishu/src/subagent-hooks.ts @@ -0,0 +1,341 @@ +import type { OpenClawPluginApi } from "openclaw/plugin-sdk/feishu"; +import { buildFeishuConversationId, parseFeishuConversationId } from "./conversation-id.js"; +import { normalizeFeishuTarget } from "./targets.js"; +import { getFeishuThreadBindingManager } from "./thread-bindings.js"; + +function summarizeError(err: unknown): string { + if (err instanceof Error) { + return err.message; + } + if (typeof err === "string") { + return err; + } + return "error"; +} + +function stripProviderPrefix(raw: string): string { + return raw.replace(/^(feishu|lark):/i, "").trim(); +} + +function resolveFeishuRequesterConversation(params: { + accountId?: string; + to?: string; + threadId?: string | number; + requesterSessionKey?: string; +}): { + accountId: string; + conversationId: string; + parentConversationId?: string; +} | null { + const manager = getFeishuThreadBindingManager(params.accountId); + if (!manager) { + return null; + } + const rawTo = params.to?.trim(); + const withoutProviderPrefix = rawTo ? stripProviderPrefix(rawTo) : ""; + const normalizedTarget = rawTo ? normalizeFeishuTarget(rawTo) : null; + const threadId = + params.threadId != null && params.threadId !== "" ? String(params.threadId).trim() : ""; + const isChatTarget = /^(chat|group|channel):/i.test(withoutProviderPrefix); + const parsedRequesterTopic = + normalizedTarget && threadId && isChatTarget + ? parseFeishuConversationId({ + conversationId: buildFeishuConversationId({ + chatId: normalizedTarget, + scope: "group_topic", + topicId: threadId, + }), + parentConversationId: normalizedTarget, + }) + : null; + const requesterSessionKey = params.requesterSessionKey?.trim(); + if (requesterSessionKey) { + const existingBindings = manager.listBySessionKey(requesterSessionKey); + if (existingBindings.length === 1) { + const existing = existingBindings[0]; + return { + accountId: existing.accountId, + conversationId: existing.conversationId, + parentConversationId: existing.parentConversationId, + }; + } + if (existingBindings.length > 1) { + if (rawTo && normalizedTarget && !threadId && !isChatTarget) { + const directMatches = existingBindings.filter( + (entry) => + entry.accountId === manager.accountId && + entry.conversationId === normalizedTarget && + !entry.parentConversationId, + ); + if (directMatches.length === 1) { + const existing = directMatches[0]; + return { + accountId: existing.accountId, + conversationId: existing.conversationId, + parentConversationId: existing.parentConversationId, + }; + } + return null; + } + if (parsedRequesterTopic) { + const matchingTopicBindings = existingBindings.filter((entry) => { + const parsed = parseFeishuConversationId({ + conversationId: entry.conversationId, + parentConversationId: entry.parentConversationId, + }); + return ( + parsed?.chatId === parsedRequesterTopic.chatId && + parsed?.topicId === parsedRequesterTopic.topicId + ); + }); + if (matchingTopicBindings.length === 1) { + const existing = matchingTopicBindings[0]; + return { + accountId: existing.accountId, + conversationId: existing.conversationId, + parentConversationId: existing.parentConversationId, + }; + } + const senderScopedTopicBindings = matchingTopicBindings.filter((entry) => { + const parsed = parseFeishuConversationId({ + conversationId: entry.conversationId, + parentConversationId: entry.parentConversationId, + }); + return parsed?.scope === "group_topic_sender"; + }); + if ( + senderScopedTopicBindings.length === 1 && + matchingTopicBindings.length === senderScopedTopicBindings.length + ) { + const existing = senderScopedTopicBindings[0]; + return { + accountId: existing.accountId, + conversationId: existing.conversationId, + parentConversationId: existing.parentConversationId, + }; + } + return null; + } + } + } + + if (!rawTo) { + return null; + } + if (!normalizedTarget) { + return null; + } + + if (threadId) { + if (!isChatTarget) { + return null; + } + return { + accountId: manager.accountId, + conversationId: buildFeishuConversationId({ + chatId: normalizedTarget, + scope: "group_topic", + topicId: threadId, + }), + parentConversationId: normalizedTarget, + }; + } + + if (isChatTarget) { + return null; + } + + return { + accountId: manager.accountId, + conversationId: normalizedTarget, + }; +} + +function resolveFeishuDeliveryOrigin(params: { + conversationId: string; + parentConversationId?: string; + accountId: string; + deliveryTo?: string; + deliveryThreadId?: string; +}): { + channel: "feishu"; + accountId: string; + to: string; + threadId?: string; +} { + const deliveryTo = params.deliveryTo?.trim(); + const deliveryThreadId = params.deliveryThreadId?.trim(); + if (deliveryTo) { + return { + channel: "feishu", + accountId: params.accountId, + to: deliveryTo, + ...(deliveryThreadId ? { threadId: deliveryThreadId } : {}), + }; + } + const parsed = parseFeishuConversationId({ + conversationId: params.conversationId, + parentConversationId: params.parentConversationId, + }); + if (parsed?.topicId) { + return { + channel: "feishu", + accountId: params.accountId, + to: `chat:${params.parentConversationId?.trim() || parsed.chatId}`, + threadId: parsed.topicId, + }; + } + return { + channel: "feishu", + accountId: params.accountId, + to: `user:${params.conversationId}`, + }; +} + +function resolveMatchingChildBinding(params: { + accountId?: string; + childSessionKey: string; + requesterSessionKey?: string; + requesterOrigin?: { + to?: string; + threadId?: string | number; + }; +}) { + const manager = getFeishuThreadBindingManager(params.accountId); + if (!manager) { + return null; + } + const childBindings = manager.listBySessionKey(params.childSessionKey.trim()); + if (childBindings.length === 0) { + return null; + } + + const requesterConversation = resolveFeishuRequesterConversation({ + accountId: manager.accountId, + to: params.requesterOrigin?.to, + threadId: params.requesterOrigin?.threadId, + requesterSessionKey: params.requesterSessionKey, + }); + if (requesterConversation) { + const matched = childBindings.find( + (entry) => + entry.accountId === requesterConversation.accountId && + entry.conversationId === requesterConversation.conversationId && + (entry.parentConversationId?.trim() || undefined) === + (requesterConversation.parentConversationId?.trim() || undefined), + ); + if (matched) { + return matched; + } + } + + return childBindings.length === 1 ? childBindings[0] : null; +} + +export function registerFeishuSubagentHooks(api: OpenClawPluginApi) { + api.on("subagent_spawning", async (event, ctx) => { + if (!event.threadRequested) { + return; + } + const requesterChannel = event.requester?.channel?.trim().toLowerCase(); + if (requesterChannel !== "feishu") { + return; + } + + const manager = getFeishuThreadBindingManager(event.requester?.accountId); + if (!manager) { + return { + status: "error" as const, + error: + "Feishu current-conversation binding is unavailable because the Feishu account monitor is not active.", + }; + } + + const conversation = resolveFeishuRequesterConversation({ + accountId: event.requester?.accountId, + to: event.requester?.to, + threadId: event.requester?.threadId, + requesterSessionKey: ctx.requesterSessionKey, + }); + if (!conversation) { + return { + status: "error" as const, + error: + "Feishu current-conversation binding is only available in direct messages or topic conversations.", + }; + } + + try { + const binding = manager.bindConversation({ + conversationId: conversation.conversationId, + parentConversationId: conversation.parentConversationId, + targetKind: "subagent", + targetSessionKey: event.childSessionKey, + metadata: { + agentId: event.agentId, + label: event.label, + boundBy: "system", + deliveryTo: event.requester?.to, + deliveryThreadId: + event.requester?.threadId != null && event.requester.threadId !== "" + ? String(event.requester.threadId) + : undefined, + }, + }); + if (!binding) { + return { + status: "error" as const, + error: + "Unable to bind this Feishu conversation to the spawned subagent session. Session mode is unavailable for this target.", + }; + } + return { + status: "ok" as const, + threadBindingReady: true, + }; + } catch (err) { + return { + status: "error" as const, + error: `Feishu conversation bind failed: ${summarizeError(err)}`, + }; + } + }); + + api.on("subagent_delivery_target", (event) => { + if (!event.expectsCompletionMessage) { + return; + } + const requesterChannel = event.requesterOrigin?.channel?.trim().toLowerCase(); + if (requesterChannel !== "feishu") { + return; + } + + const binding = resolveMatchingChildBinding({ + accountId: event.requesterOrigin?.accountId, + childSessionKey: event.childSessionKey, + requesterSessionKey: event.requesterSessionKey, + requesterOrigin: { + to: event.requesterOrigin?.to, + threadId: event.requesterOrigin?.threadId, + }, + }); + if (!binding) { + return; + } + + return { + origin: resolveFeishuDeliveryOrigin({ + conversationId: binding.conversationId, + parentConversationId: binding.parentConversationId, + accountId: binding.accountId, + deliveryTo: binding.deliveryTo, + deliveryThreadId: binding.deliveryThreadId, + }), + }; + }); + + api.on("subagent_ended", (event) => { + const manager = getFeishuThreadBindingManager(event.accountId); + manager?.unbindBySessionKey(event.targetSessionKey); + }); +} diff --git a/extensions/feishu/src/thread-bindings.test.ts b/extensions/feishu/src/thread-bindings.test.ts new file mode 100644 index 00000000000..a118926df57 --- /dev/null +++ b/extensions/feishu/src/thread-bindings.test.ts @@ -0,0 +1,94 @@ +import { beforeEach, describe, expect, it } from "vitest"; +import type { OpenClawConfig } from "../../../src/config/config.js"; +import { getSessionBindingService } from "../../../src/infra/outbound/session-binding-service.js"; +import { __testing, createFeishuThreadBindingManager } from "./thread-bindings.js"; + +const baseCfg = { + session: { mainKey: "main", scope: "per-sender" }, +} satisfies OpenClawConfig; + +describe("Feishu thread bindings", () => { + beforeEach(() => { + __testing.resetFeishuThreadBindingsForTests(); + }); + + it("registers current-placement adapter capabilities for Feishu", () => { + createFeishuThreadBindingManager({ cfg: baseCfg, accountId: "default" }); + + expect( + getSessionBindingService().getCapabilities({ + channel: "feishu", + accountId: "default", + }), + ).toEqual({ + adapterAvailable: true, + bindSupported: true, + unbindSupported: true, + placements: ["current"], + }); + }); + + it("binds and resolves a Feishu topic conversation", async () => { + createFeishuThreadBindingManager({ cfg: baseCfg, accountId: "default" }); + + const binding = await getSessionBindingService().bind({ + targetSessionKey: "agent:codex:acp:binding:feishu:default:abc123", + targetKind: "session", + conversation: { + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat:topic:om_topic_root", + parentConversationId: "oc_group_chat", + }, + placement: "current", + metadata: { + agentId: "codex", + label: "codex-main", + }, + }); + + expect(binding.conversation.conversationId).toBe("oc_group_chat:topic:om_topic_root"); + expect( + getSessionBindingService().resolveByConversation({ + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat:topic:om_topic_root", + }), + )?.toMatchObject({ + targetSessionKey: "agent:codex:acp:binding:feishu:default:abc123", + metadata: expect.objectContaining({ + agentId: "codex", + label: "codex-main", + }), + }); + }); + + it("clears account-scoped bindings when the manager stops", async () => { + const manager = createFeishuThreadBindingManager({ cfg: baseCfg, accountId: "default" }); + + await getSessionBindingService().bind({ + targetSessionKey: "agent:codex:acp:binding:feishu:default:abc123", + targetKind: "session", + conversation: { + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat:topic:om_topic_root", + parentConversationId: "oc_group_chat", + }, + placement: "current", + metadata: { + agentId: "codex", + }, + }); + + manager.stop(); + + expect( + getSessionBindingService().resolveByConversation({ + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat:topic:om_topic_root", + }), + ).toBeNull(); + }); +}); diff --git a/extensions/feishu/src/thread-bindings.ts b/extensions/feishu/src/thread-bindings.ts new file mode 100644 index 00000000000..b2ab72467c3 --- /dev/null +++ b/extensions/feishu/src/thread-bindings.ts @@ -0,0 +1,316 @@ +import { resolveThreadBindingConversationIdFromBindingId } from "../../../src/channels/thread-binding-id.js"; +import { + resolveThreadBindingIdleTimeoutMsForChannel, + resolveThreadBindingMaxAgeMsForChannel, +} from "../../../src/channels/thread-bindings-policy.js"; +import type { OpenClawConfig } from "../../../src/config/config.js"; +import { + registerSessionBindingAdapter, + unregisterSessionBindingAdapter, + type BindingTargetKind, + type SessionBindingRecord, +} from "../../../src/infra/outbound/session-binding-service.js"; +import { + normalizeAccountId, + resolveAgentIdFromSessionKey, +} from "../../../src/routing/session-key.js"; +import { resolveGlobalSingleton } from "../../../src/shared/global-singleton.js"; + +type FeishuBindingTargetKind = "subagent" | "acp"; + +type FeishuThreadBindingRecord = { + accountId: string; + conversationId: string; + parentConversationId?: string; + deliveryTo?: string; + deliveryThreadId?: string; + targetKind: FeishuBindingTargetKind; + targetSessionKey: string; + agentId?: string; + label?: string; + boundBy?: string; + boundAt: number; + lastActivityAt: number; +}; + +type FeishuThreadBindingManager = { + accountId: string; + getByConversationId: (conversationId: string) => FeishuThreadBindingRecord | undefined; + listBySessionKey: (targetSessionKey: string) => FeishuThreadBindingRecord[]; + bindConversation: (params: { + conversationId: string; + parentConversationId?: string; + targetKind: BindingTargetKind; + targetSessionKey: string; + metadata?: Record; + }) => FeishuThreadBindingRecord | null; + touchConversation: (conversationId: string, at?: number) => FeishuThreadBindingRecord | null; + unbindConversation: (conversationId: string) => FeishuThreadBindingRecord | null; + unbindBySessionKey: (targetSessionKey: string) => FeishuThreadBindingRecord[]; + stop: () => void; +}; + +type FeishuThreadBindingsState = { + managersByAccountId: Map; + bindingsByAccountConversation: Map; +}; + +const FEISHU_THREAD_BINDINGS_STATE_KEY = Symbol.for("openclaw.feishuThreadBindingsState"); +const state = resolveGlobalSingleton( + FEISHU_THREAD_BINDINGS_STATE_KEY, + () => ({ + managersByAccountId: new Map(), + bindingsByAccountConversation: new Map(), + }), +); + +const MANAGERS_BY_ACCOUNT_ID = state.managersByAccountId; +const BINDINGS_BY_ACCOUNT_CONVERSATION = state.bindingsByAccountConversation; + +function resolveBindingKey(params: { accountId: string; conversationId: string }): string { + return `${params.accountId}:${params.conversationId}`; +} + +function toSessionBindingTargetKind(raw: FeishuBindingTargetKind): BindingTargetKind { + return raw === "subagent" ? "subagent" : "session"; +} + +function toFeishuTargetKind(raw: BindingTargetKind): FeishuBindingTargetKind { + return raw === "subagent" ? "subagent" : "acp"; +} + +function toSessionBindingRecord( + record: FeishuThreadBindingRecord, + defaults: { idleTimeoutMs: number; maxAgeMs: number }, +): SessionBindingRecord { + const idleExpiresAt = + defaults.idleTimeoutMs > 0 ? record.lastActivityAt + defaults.idleTimeoutMs : undefined; + const maxAgeExpiresAt = defaults.maxAgeMs > 0 ? record.boundAt + defaults.maxAgeMs : undefined; + const expiresAt = + idleExpiresAt != null && maxAgeExpiresAt != null + ? Math.min(idleExpiresAt, maxAgeExpiresAt) + : (idleExpiresAt ?? maxAgeExpiresAt); + return { + bindingId: resolveBindingKey({ + accountId: record.accountId, + conversationId: record.conversationId, + }), + targetSessionKey: record.targetSessionKey, + targetKind: toSessionBindingTargetKind(record.targetKind), + conversation: { + channel: "feishu", + accountId: record.accountId, + conversationId: record.conversationId, + parentConversationId: record.parentConversationId, + }, + status: "active", + boundAt: record.boundAt, + expiresAt, + metadata: { + agentId: record.agentId, + label: record.label, + boundBy: record.boundBy, + deliveryTo: record.deliveryTo, + deliveryThreadId: record.deliveryThreadId, + lastActivityAt: record.lastActivityAt, + idleTimeoutMs: defaults.idleTimeoutMs, + maxAgeMs: defaults.maxAgeMs, + }, + }; +} + +export function createFeishuThreadBindingManager(params: { + accountId?: string; + cfg: OpenClawConfig; +}): FeishuThreadBindingManager { + const accountId = normalizeAccountId(params.accountId); + const existing = MANAGERS_BY_ACCOUNT_ID.get(accountId); + if (existing) { + return existing; + } + + const idleTimeoutMs = resolveThreadBindingIdleTimeoutMsForChannel({ + cfg: params.cfg, + channel: "feishu", + accountId, + }); + const maxAgeMs = resolveThreadBindingMaxAgeMsForChannel({ + cfg: params.cfg, + channel: "feishu", + accountId, + }); + + const manager: FeishuThreadBindingManager = { + accountId, + getByConversationId: (conversationId) => + BINDINGS_BY_ACCOUNT_CONVERSATION.get(resolveBindingKey({ accountId, conversationId })), + listBySessionKey: (targetSessionKey) => + [...BINDINGS_BY_ACCOUNT_CONVERSATION.values()].filter( + (record) => record.accountId === accountId && record.targetSessionKey === targetSessionKey, + ), + bindConversation: ({ + conversationId, + parentConversationId, + targetKind, + targetSessionKey, + metadata, + }) => { + const normalizedConversationId = conversationId.trim(); + if (!normalizedConversationId || !targetSessionKey.trim()) { + return null; + } + const now = Date.now(); + const record: FeishuThreadBindingRecord = { + accountId, + conversationId: normalizedConversationId, + parentConversationId: parentConversationId?.trim() || undefined, + deliveryTo: + typeof metadata?.deliveryTo === "string" && metadata.deliveryTo.trim() + ? metadata.deliveryTo.trim() + : undefined, + deliveryThreadId: + typeof metadata?.deliveryThreadId === "string" && metadata.deliveryThreadId.trim() + ? metadata.deliveryThreadId.trim() + : undefined, + targetKind: toFeishuTargetKind(targetKind), + targetSessionKey: targetSessionKey.trim(), + agentId: + typeof metadata?.agentId === "string" && metadata.agentId.trim() + ? metadata.agentId.trim() + : resolveAgentIdFromSessionKey(targetSessionKey), + label: + typeof metadata?.label === "string" && metadata.label.trim() + ? metadata.label.trim() + : undefined, + boundBy: + typeof metadata?.boundBy === "string" && metadata.boundBy.trim() + ? metadata.boundBy.trim() + : undefined, + boundAt: now, + lastActivityAt: now, + }; + BINDINGS_BY_ACCOUNT_CONVERSATION.set( + resolveBindingKey({ accountId, conversationId: normalizedConversationId }), + record, + ); + return record; + }, + touchConversation: (conversationId, at = Date.now()) => { + const key = resolveBindingKey({ accountId, conversationId }); + const existingRecord = BINDINGS_BY_ACCOUNT_CONVERSATION.get(key); + if (!existingRecord) { + return null; + } + const updated = { ...existingRecord, lastActivityAt: at }; + BINDINGS_BY_ACCOUNT_CONVERSATION.set(key, updated); + return updated; + }, + unbindConversation: (conversationId) => { + const key = resolveBindingKey({ accountId, conversationId }); + const existingRecord = BINDINGS_BY_ACCOUNT_CONVERSATION.get(key); + if (!existingRecord) { + return null; + } + BINDINGS_BY_ACCOUNT_CONVERSATION.delete(key); + return existingRecord; + }, + unbindBySessionKey: (targetSessionKey) => { + const removed: FeishuThreadBindingRecord[] = []; + for (const record of [...BINDINGS_BY_ACCOUNT_CONVERSATION.values()]) { + if (record.accountId !== accountId || record.targetSessionKey !== targetSessionKey) { + continue; + } + BINDINGS_BY_ACCOUNT_CONVERSATION.delete( + resolveBindingKey({ accountId, conversationId: record.conversationId }), + ); + removed.push(record); + } + return removed; + }, + stop: () => { + for (const key of [...BINDINGS_BY_ACCOUNT_CONVERSATION.keys()]) { + if (key.startsWith(`${accountId}:`)) { + BINDINGS_BY_ACCOUNT_CONVERSATION.delete(key); + } + } + MANAGERS_BY_ACCOUNT_ID.delete(accountId); + unregisterSessionBindingAdapter({ channel: "feishu", accountId }); + }, + }; + + registerSessionBindingAdapter({ + channel: "feishu", + accountId, + capabilities: { + placements: ["current"], + }, + bind: async (input) => { + if (input.conversation.channel !== "feishu" || input.placement === "child") { + return null; + } + const bound = manager.bindConversation({ + conversationId: input.conversation.conversationId, + parentConversationId: input.conversation.parentConversationId, + targetKind: input.targetKind, + targetSessionKey: input.targetSessionKey, + metadata: input.metadata, + }); + return bound ? toSessionBindingRecord(bound, { idleTimeoutMs, maxAgeMs }) : null; + }, + listBySession: (targetSessionKey) => + manager + .listBySessionKey(targetSessionKey) + .map((entry) => toSessionBindingRecord(entry, { idleTimeoutMs, maxAgeMs })), + resolveByConversation: (ref) => { + if (ref.channel !== "feishu") { + return null; + } + const found = manager.getByConversationId(ref.conversationId); + return found ? toSessionBindingRecord(found, { idleTimeoutMs, maxAgeMs }) : null; + }, + touch: (bindingId, at) => { + const conversationId = resolveThreadBindingConversationIdFromBindingId({ + accountId, + bindingId, + }); + if (conversationId) { + manager.touchConversation(conversationId, at); + } + }, + unbind: async (input) => { + if (input.targetSessionKey?.trim()) { + return manager + .unbindBySessionKey(input.targetSessionKey.trim()) + .map((entry) => toSessionBindingRecord(entry, { idleTimeoutMs, maxAgeMs })); + } + const conversationId = resolveThreadBindingConversationIdFromBindingId({ + accountId, + bindingId: input.bindingId, + }); + if (!conversationId) { + return []; + } + const removed = manager.unbindConversation(conversationId); + return removed ? [toSessionBindingRecord(removed, { idleTimeoutMs, maxAgeMs })] : []; + }, + }); + + MANAGERS_BY_ACCOUNT_ID.set(accountId, manager); + return manager; +} + +export function getFeishuThreadBindingManager( + accountId?: string, +): FeishuThreadBindingManager | null { + return MANAGERS_BY_ACCOUNT_ID.get(normalizeAccountId(accountId)) ?? null; +} + +export const __testing = { + resetFeishuThreadBindingsForTests() { + for (const manager of MANAGERS_BY_ACCOUNT_ID.values()) { + manager.stop(); + } + MANAGERS_BY_ACCOUNT_ID.clear(); + BINDINGS_BY_ACCOUNT_CONVERSATION.clear(); + }, +}; diff --git a/src/acp/persistent-bindings.resolve.ts b/src/acp/persistent-bindings.resolve.ts index 84f052797ad..66464535eae 100644 --- a/src/acp/persistent-bindings.resolve.ts +++ b/src/acp/persistent-bindings.resolve.ts @@ -1,3 +1,4 @@ +import { parseFeishuConversationId } from "../../extensions/feishu/src/conversation-id.js"; import { listAcpBindings } from "../config/bindings.js"; import type { OpenClawConfig } from "../config/config.js"; import type { AgentAcpBinding } from "../config/types.js"; @@ -21,12 +22,23 @@ import { function normalizeBindingChannel(value: string | undefined): ConfiguredAcpBindingChannel | null { const normalized = (value ?? "").trim().toLowerCase(); - if (normalized === "discord" || normalized === "telegram") { + if (normalized === "discord" || normalized === "telegram" || normalized === "feishu") { return normalized; } return null; } +function isSupportedFeishuDirectConversationId(conversationId: string): boolean { + const trimmed = conversationId.trim(); + if (!trimmed || trimmed.includes(":")) { + return false; + } + if (trimmed.startsWith("oc_") || trimmed.startsWith("on_")) { + return false; + } + return true; +} + function resolveAccountMatchPriority(match: string | undefined, actual: string): 0 | 1 | 2 { const trimmed = (match ?? "").trim(); if (!trimmed) { @@ -122,14 +134,23 @@ function resolveConfiguredBindingRecord(params: { bindings: AgentAcpBinding[]; channel: ConfiguredAcpBindingChannel; accountId: string; - selectConversation: ( - binding: AgentAcpBinding, - ) => { conversationId: string; parentConversationId?: string } | null; + selectConversation: (binding: AgentAcpBinding) => { + conversationId: string; + parentConversationId?: string; + matchPriority?: number; + } | null; }): ResolvedConfiguredAcpBinding | null { let wildcardMatch: { binding: AgentAcpBinding; conversationId: string; parentConversationId?: string; + matchPriority: number; + } | null = null; + let exactMatch: { + binding: AgentAcpBinding; + conversationId: string; + parentConversationId?: string; + matchPriority: number; } | null = null; for (const binding of params.bindings) { if (normalizeBindingChannel(binding.match.channel) !== params.channel) { @@ -146,23 +167,40 @@ function resolveConfiguredBindingRecord(params: { if (!conversation) { continue; } + const matchPriority = conversation.matchPriority ?? 0; + if (accountMatchPriority === 2) { + if (!exactMatch || matchPriority > exactMatch.matchPriority) { + exactMatch = { + binding, + conversationId: conversation.conversationId, + parentConversationId: conversation.parentConversationId, + matchPriority, + }; + } + continue; + } + if (!wildcardMatch || matchPriority > wildcardMatch.matchPriority) { + wildcardMatch = { + binding, + conversationId: conversation.conversationId, + parentConversationId: conversation.parentConversationId, + matchPriority, + }; + } + } + if (exactMatch) { const spec = toConfiguredBindingSpec({ cfg: params.cfg, channel: params.channel, accountId: params.accountId, - conversationId: conversation.conversationId, - parentConversationId: conversation.parentConversationId, - binding, + conversationId: exactMatch.conversationId, + parentConversationId: exactMatch.parentConversationId, + binding: exactMatch.binding, }); - if (accountMatchPriority === 2) { - return { - spec, - record: toConfiguredAcpBindingRecord(spec), - }; - } - if (!wildcardMatch) { - wildcardMatch = { binding, ...conversation }; - } + return { + spec, + record: toConfiguredAcpBindingRecord(spec), + }; } if (!wildcardMatch) { return null; @@ -228,6 +266,42 @@ export function resolveConfiguredAcpBindingSpecBySessionKey(params: { } continue; } + if (channel === "feishu") { + const targetParsed = parseFeishuConversationId({ + conversationId: targetConversationId, + }); + if ( + !targetParsed || + (targetParsed.scope !== "group_topic" && + targetParsed.scope !== "group_topic_sender" && + !isSupportedFeishuDirectConversationId(targetParsed.canonicalConversationId)) + ) { + continue; + } + const spec = toConfiguredBindingSpec({ + cfg: params.cfg, + channel: "feishu", + accountId: parsedSessionKey.accountId, + conversationId: targetParsed.canonicalConversationId, + // Session-key recovery deliberately collapses sender-scoped topic bindings onto the + // canonical topic conversation id so `group_topic` and `group_topic_sender` reuse + // the same configured ACP session identity. + parentConversationId: + targetParsed.scope === "group_topic" || targetParsed.scope === "group_topic_sender" + ? targetParsed.chatId + : undefined, + binding, + }); + if (buildConfiguredAcpSessionKey(spec) === sessionKey) { + if (accountMatchPriority === 2) { + return spec; + } + if (!wildcardMatch) { + wildcardMatch = spec; + } + } + continue; + } const parsedTopic = parseTelegramTopicConversation({ conversationId: targetConversationId, }); @@ -334,5 +408,63 @@ export function resolveConfiguredAcpBindingRecord(params: { }); } + if (channel === "feishu") { + const parsed = parseFeishuConversationId({ + conversationId, + parentConversationId, + }); + if ( + !parsed || + (parsed.scope !== "group_topic" && + parsed.scope !== "group_topic_sender" && + !isSupportedFeishuDirectConversationId(parsed.canonicalConversationId)) + ) { + return null; + } + return resolveConfiguredBindingRecord({ + cfg: params.cfg, + bindings: listAcpBindings(params.cfg), + channel: "feishu", + accountId, + selectConversation: (binding) => { + const targetConversationId = resolveBindingConversationId(binding); + if (!targetConversationId) { + return null; + } + const targetParsed = parseFeishuConversationId({ + conversationId: targetConversationId, + }); + if ( + !targetParsed || + (targetParsed.scope !== "group_topic" && + targetParsed.scope !== "group_topic_sender" && + !isSupportedFeishuDirectConversationId(targetParsed.canonicalConversationId)) + ) { + return null; + } + const matchesCanonicalConversation = + targetParsed.canonicalConversationId === parsed.canonicalConversationId; + const matchesParentTopicForSenderScopedConversation = + parsed.scope === "group_topic_sender" && + targetParsed.scope === "group_topic" && + parsed.chatId === targetParsed.chatId && + parsed.topicId === targetParsed.topicId; + if (!matchesCanonicalConversation && !matchesParentTopicForSenderScopedConversation) { + return null; + } + return { + conversationId: matchesParentTopicForSenderScopedConversation + ? targetParsed.canonicalConversationId + : parsed.canonicalConversationId, + parentConversationId: + parsed.scope === "group_topic" || parsed.scope === "group_topic_sender" + ? parsed.chatId + : undefined, + matchPriority: matchesCanonicalConversation ? 2 : 1, + }; + }, + }); + } + return null; } diff --git a/src/acp/persistent-bindings.test.ts b/src/acp/persistent-bindings.test.ts index 30e74c05082..06bfba46d57 100644 --- a/src/acp/persistent-bindings.test.ts +++ b/src/acp/persistent-bindings.test.ts @@ -90,6 +90,27 @@ function createTelegramGroupBinding(params: { } as ConfiguredBinding; } +function createFeishuBinding(params: { + agentId: string; + conversationId: string; + accountId?: string; + acp?: Record; +}): ConfiguredBinding { + return { + type: "acp", + agentId: params.agentId, + match: { + channel: "feishu", + accountId: params.accountId ?? defaultDiscordAccountId, + peer: { + kind: params.conversationId.includes(":topic:") ? "group" : "direct", + id: params.conversationId, + }, + }, + ...(params.acp ? { acp: params.acp } : {}), + } as ConfiguredBinding; +} + function resolveBindingRecord(cfg: OpenClawConfig, overrides: Partial = {}) { return resolveConfiguredAcpBindingRecord({ cfg, @@ -205,6 +226,34 @@ describe("resolveConfiguredAcpBindingRecord", () => { expect(resolved?.spec.agentId).toBe("claude"); }); + it("prefers sender-scoped Feishu bindings over topic inheritance", () => { + const cfg = createCfgWithBindings([ + createFeishuBinding({ + agentId: "codex", + conversationId: "oc_group_chat:topic:om_topic_root", + accountId: "work", + }), + createFeishuBinding({ + agentId: "claude", + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_sender_1", + accountId: "work", + }), + ]); + + const resolved = resolveConfiguredAcpBindingRecord({ + cfg, + channel: "feishu", + accountId: "work", + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_sender_1", + parentConversationId: "oc_group_chat", + }); + + expect(resolved?.spec.conversationId).toBe( + "oc_group_chat:topic:om_topic_root:sender:ou_sender_1", + ); + expect(resolved?.spec.agentId).toBe("claude"); + }); + it("prefers exact account binding over wildcard for the same discord conversation", () => { const cfg = createCfgWithBindings([ createDiscordBinding({ @@ -284,6 +333,128 @@ describe("resolveConfiguredAcpBindingRecord", () => { expect(resolved).toBeNull(); }); + it("resolves Feishu DM bindings using direct peer ids", () => { + const cfg = createCfgWithBindings([ + createFeishuBinding({ + agentId: "codex", + conversationId: "ou_user_1", + }), + ]); + + const resolved = resolveConfiguredAcpBindingRecord({ + cfg, + channel: "feishu", + accountId: "default", + conversationId: "ou_user_1", + }); + + expect(resolved?.spec.channel).toBe("feishu"); + expect(resolved?.spec.conversationId).toBe("ou_user_1"); + expect(resolved?.record.targetSessionKey).toContain("agent:codex:acp:binding:feishu:default:"); + }); + + it("resolves Feishu DM bindings using user_id fallback peer ids", () => { + const cfg = createCfgWithBindings([ + createFeishuBinding({ + agentId: "codex", + conversationId: "user_123", + }), + ]); + + const resolved = resolveConfiguredAcpBindingRecord({ + cfg, + channel: "feishu", + accountId: "default", + conversationId: "user_123", + }); + + expect(resolved?.spec.channel).toBe("feishu"); + expect(resolved?.spec.conversationId).toBe("user_123"); + expect(resolved?.record.targetSessionKey).toContain("agent:codex:acp:binding:feishu:default:"); + }); + + it("resolves Feishu topic bindings with parent chat ids", () => { + const cfg = createCfgWithBindings([ + createFeishuBinding({ + agentId: "claude", + conversationId: "oc_group_chat:topic:om_topic_root", + acp: { backend: "acpx" }, + }), + ]); + + const resolved = resolveConfiguredAcpBindingRecord({ + cfg, + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat:topic:om_topic_root", + parentConversationId: "oc_group_chat", + }); + + expect(resolved?.spec.conversationId).toBe("oc_group_chat:topic:om_topic_root"); + expect(resolved?.spec.agentId).toBe("claude"); + expect(resolved?.record.conversation.parentConversationId).toBe("oc_group_chat"); + }); + + it("inherits configured Feishu topic bindings for sender-scoped topic conversations", () => { + const cfg = createCfgWithBindings([ + createFeishuBinding({ + agentId: "claude", + conversationId: "oc_group_chat:topic:om_topic_root", + acp: { backend: "acpx" }, + }), + ]); + + const resolved = resolveConfiguredAcpBindingRecord({ + cfg, + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_topic_user", + parentConversationId: "oc_group_chat", + }); + + expect(resolved?.spec.conversationId).toBe("oc_group_chat:topic:om_topic_root"); + expect(resolved?.spec.agentId).toBe("claude"); + expect(resolved?.spec.backend).toBe("acpx"); + expect(resolved?.record.conversation.conversationId).toBe("oc_group_chat:topic:om_topic_root"); + }); + + it("rejects non-matching Feishu topic roots", () => { + const cfg = createCfgWithBindings([ + createFeishuBinding({ + agentId: "claude", + conversationId: "oc_group_chat:topic:om_topic_root", + }), + ]); + + const resolved = resolveConfiguredAcpBindingRecord({ + cfg, + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat:topic:om_other_root", + parentConversationId: "oc_group_chat", + }); + + expect(resolved).toBeNull(); + }); + + it("rejects Feishu non-topic group ACP bindings", () => { + const cfg = createCfgWithBindings([ + createFeishuBinding({ + agentId: "claude", + conversationId: "oc_group_chat", + }), + ]); + + const resolved = resolveConfiguredAcpBindingRecord({ + cfg, + channel: "feishu", + accountId: "default", + conversationId: "oc_group_chat", + }); + + expect(resolved).toBeNull(); + }); + it("applies agent runtime ACP defaults for bound conversations", () => { const cfg = createCfgWithBindings( [ @@ -365,6 +536,31 @@ describe("resolveConfiguredAcpBindingSpecBySessionKey", () => { expect(spec?.backend).toBe("exact"); }); + + it("maps a configured Feishu user_id DM binding session key back to its spec", () => { + const cfg = createCfgWithBindings([ + createFeishuBinding({ + agentId: "codex", + conversationId: "user_123", + acp: { backend: "acpx" }, + }), + ]); + const resolved = resolveConfiguredAcpBindingRecord({ + cfg, + channel: "feishu", + accountId: "default", + conversationId: "user_123", + }); + const spec = resolveConfiguredAcpBindingSpecBySessionKey({ + cfg, + sessionKey: resolved?.record.targetSessionKey ?? "", + }); + + expect(spec?.channel).toBe("feishu"); + expect(spec?.conversationId).toBe("user_123"); + expect(spec?.agentId).toBe("codex"); + expect(spec?.backend).toBe("acpx"); + }); }); describe("buildConfiguredAcpSessionKey", () => { diff --git a/src/acp/persistent-bindings.types.ts b/src/acp/persistent-bindings.types.ts index 715ae9c70d4..3864392c96c 100644 --- a/src/acp/persistent-bindings.types.ts +++ b/src/acp/persistent-bindings.types.ts @@ -3,7 +3,7 @@ import type { SessionBindingRecord } from "../infra/outbound/session-binding-ser import { sanitizeAgentId } from "../routing/session-key.js"; import type { AcpRuntimeSessionMode } from "./runtime/types.js"; -export type ConfiguredAcpBindingChannel = "discord" | "telegram"; +export type ConfiguredAcpBindingChannel = "discord" | "telegram" | "feishu"; export type ConfiguredAcpBindingSpec = { channel: ConfiguredAcpBindingChannel; diff --git a/src/auto-reply/reply/commands-acp.test.ts b/src/auto-reply/reply/commands-acp.test.ts index 904ae965fa7..937d282c18e 100644 --- a/src/auto-reply/reply/commands-acp.test.ts +++ b/src/auto-reply/reply/commands-acp.test.ts @@ -118,7 +118,7 @@ type FakeBinding = { targetSessionKey: string; targetKind: "subagent" | "session"; conversation: { - channel: "discord" | "telegram"; + channel: "discord" | "telegram" | "feishu"; accountId: string; conversationId: string; parentConversationId?: string; @@ -243,7 +243,7 @@ function createSessionBindingCapabilities() { type AcpBindInput = { targetSessionKey: string; conversation: { - channel?: "discord" | "telegram"; + channel?: "discord" | "telegram" | "feishu"; accountId: string; conversationId: string; }; @@ -256,21 +256,28 @@ function createAcpThreadBinding(input: AcpBindInput): FakeBinding { input.placement === "child" ? "thread-created" : input.conversation.conversationId; const boundBy = typeof input.metadata?.boundBy === "string" ? input.metadata.boundBy : "user-1"; const channel = input.conversation.channel ?? "discord"; - return createSessionBinding({ - targetSessionKey: input.targetSessionKey, - conversation: - channel === "discord" + const conversation = + channel === "discord" + ? { + channel: "discord" as const, + accountId: input.conversation.accountId, + conversationId: nextConversationId, + parentConversationId: "parent-1", + } + : channel === "feishu" ? { - channel: "discord", + channel: "feishu" as const, accountId: input.conversation.accountId, conversationId: nextConversationId, - parentConversationId: "parent-1", } : { - channel: "telegram", + channel: "telegram" as const, accountId: input.conversation.accountId, conversationId: nextConversationId, - }, + }; + return createSessionBinding({ + targetSessionKey: input.targetSessionKey, + conversation, metadata: { boundBy, webhookId: "wh-1" }, }); } @@ -350,6 +357,23 @@ async function runTelegramDmAcpCommand(commandBody: string, cfg: OpenClawConfig return handleAcpCommand(createTelegramDmParams(commandBody, cfg), true); } +function createFeishuDmParams(commandBody: string, cfg: OpenClawConfig = baseCfg) { + const params = buildCommandTestParams(commandBody, cfg, { + Provider: "feishu", + Surface: "feishu", + OriginatingChannel: "feishu", + OriginatingTo: "user:ou_sender_1", + AccountId: "default", + SenderId: "ou_sender_1", + }); + params.command.senderId = "user-1"; + return params; +} + +async function runFeishuDmAcpCommand(commandBody: string, cfg: OpenClawConfig = baseCfg) { + return handleAcpCommand(createFeishuDmParams(commandBody, cfg), true); +} + describe("/acp command", () => { beforeEach(() => { acpManagerTesting.resetAcpSessionManagerForTests(); @@ -553,6 +577,23 @@ describe("/acp command", () => { ); }); + it("binds Feishu DM ACP spawns to the current DM conversation", async () => { + const result = await runFeishuDmAcpCommand("/acp spawn codex --thread here"); + + expect(result?.reply?.text).toContain("Spawned ACP session agent:codex:acp:"); + expect(result?.reply?.text).toContain("Bound this thread to"); + expect(hoisted.sessionBindingBindMock).toHaveBeenCalledWith( + expect.objectContaining({ + placement: "current", + conversation: expect.objectContaining({ + channel: "feishu", + accountId: "default", + conversationId: "ou_sender_1", + }), + }), + ); + }); + it("requires explicit ACP target when acp.defaultAgent is not configured", async () => { const result = await runDiscordAcpCommand("/acp spawn"); diff --git a/src/auto-reply/reply/commands-acp/context.test.ts b/src/auto-reply/reply/commands-acp/context.test.ts index 18136b67b03..5b1e60ad1fc 100644 --- a/src/auto-reply/reply/commands-acp/context.test.ts +++ b/src/auto-reply/reply/commands-acp/context.test.ts @@ -1,10 +1,19 @@ -import { describe, expect, it } from "vitest"; +import { beforeEach, describe, expect, it } from "vitest"; +import { + __testing as feishuThreadBindingTesting, + createFeishuThreadBindingManager, +} from "../../../../extensions/feishu/src/thread-bindings.js"; import type { OpenClawConfig } from "../../../config/config.js"; +import { + __testing as sessionBindingTesting, + getSessionBindingService, +} from "../../../infra/outbound/session-binding-service.js"; import { buildCommandTestParams } from "../commands-spawn.test-harness.js"; import { isAcpCommandDiscordChannel, resolveAcpCommandBindingContext, resolveAcpCommandConversationId, + resolveAcpCommandParentConversationId, } from "./context.js"; const baseCfg = { @@ -12,6 +21,11 @@ const baseCfg = { } satisfies OpenClawConfig; describe("commands-acp context", () => { + beforeEach(() => { + feishuThreadBindingTesting.resetFeishuThreadBindingsForTests(); + sessionBindingTesting.resetSessionBindingAdaptersForTests(); + }); + it("resolves channel/account/thread context from originating fields", () => { const params = buildCommandTestParams("/acp sessions", baseCfg, { Provider: "discord", @@ -126,4 +140,166 @@ describe("commands-acp context", () => { }); expect(resolveAcpCommandConversationId(params)).toBe("123456789"); }); + + it("builds Feishu topic conversation ids from chat target + root message id", () => { + const params = buildCommandTestParams("/acp status", baseCfg, { + Provider: "feishu", + Surface: "feishu", + OriginatingChannel: "feishu", + OriginatingTo: "chat:oc_group_chat", + MessageThreadId: "om_topic_root", + SenderId: "ou_topic_user", + AccountId: "work", + }); + + expect(resolveAcpCommandBindingContext(params)).toEqual({ + channel: "feishu", + accountId: "work", + threadId: "om_topic_root", + conversationId: "oc_group_chat:topic:om_topic_root", + parentConversationId: "oc_group_chat", + }); + expect(resolveAcpCommandConversationId(params)).toBe("oc_group_chat:topic:om_topic_root"); + }); + + it("builds sender-scoped Feishu topic conversation ids when current session is sender-scoped", () => { + const params = buildCommandTestParams("/acp status", baseCfg, { + Provider: "feishu", + Surface: "feishu", + OriginatingChannel: "feishu", + OriginatingTo: "chat:oc_group_chat", + MessageThreadId: "om_topic_root", + SenderId: "ou_topic_user", + AccountId: "work", + SessionKey: "agent:main:feishu:group:oc_group_chat:topic:om_topic_root:sender:ou_topic_user", + }); + params.sessionKey = + "agent:main:feishu:group:oc_group_chat:topic:om_topic_root:sender:ou_topic_user"; + + expect(resolveAcpCommandBindingContext(params)).toEqual({ + channel: "feishu", + accountId: "work", + threadId: "om_topic_root", + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_topic_user", + parentConversationId: "oc_group_chat", + }); + expect(resolveAcpCommandConversationId(params)).toBe( + "oc_group_chat:topic:om_topic_root:sender:ou_topic_user", + ); + }); + + it("preserves sender-scoped Feishu topic ids after ACP route takeover via ParentSessionKey", () => { + const params = buildCommandTestParams("/acp status", baseCfg, { + Provider: "feishu", + Surface: "feishu", + OriginatingChannel: "feishu", + OriginatingTo: "chat:oc_group_chat", + MessageThreadId: "om_topic_root", + SenderId: "ou_topic_user", + AccountId: "work", + ParentSessionKey: + "agent:main:feishu:group:oc_group_chat:topic:om_topic_root:sender:ou_topic_user", + }); + params.sessionKey = "agent:codex:acp:binding:feishu:work:abc123"; + + expect(resolveAcpCommandBindingContext(params)).toEqual({ + channel: "feishu", + accountId: "work", + threadId: "om_topic_root", + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_topic_user", + parentConversationId: "oc_group_chat", + }); + }); + + it("preserves sender-scoped Feishu topic ids after ACP takeover from the live binding record", async () => { + createFeishuThreadBindingManager({ cfg: baseCfg, accountId: "work" }); + await getSessionBindingService().bind({ + targetSessionKey: "agent:codex:acp:binding:feishu:work:abc123", + targetKind: "session", + conversation: { + channel: "feishu", + accountId: "work", + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_topic_user", + parentConversationId: "oc_group_chat", + }, + placement: "current", + metadata: { + agentId: "codex", + }, + }); + + const params = buildCommandTestParams("/acp status", baseCfg, { + Provider: "feishu", + Surface: "feishu", + OriginatingChannel: "feishu", + OriginatingTo: "chat:oc_group_chat", + MessageThreadId: "om_topic_root", + SenderId: "ou_topic_user", + AccountId: "work", + }); + params.sessionKey = "agent:codex:acp:binding:feishu:work:abc123"; + + expect(resolveAcpCommandBindingContext(params)).toEqual({ + channel: "feishu", + accountId: "work", + threadId: "om_topic_root", + conversationId: "oc_group_chat:topic:om_topic_root:sender:ou_topic_user", + parentConversationId: "oc_group_chat", + }); + }); + + it("resolves Feishu DM conversation ids from user targets", () => { + const params = buildCommandTestParams("/acp status", baseCfg, { + Provider: "feishu", + Surface: "feishu", + OriginatingChannel: "feishu", + OriginatingTo: "user:ou_sender_1", + }); + + expect(resolveAcpCommandBindingContext(params)).toEqual({ + channel: "feishu", + accountId: "default", + threadId: undefined, + conversationId: "ou_sender_1", + parentConversationId: undefined, + }); + expect(resolveAcpCommandConversationId(params)).toBe("ou_sender_1"); + }); + + it("resolves Feishu DM conversation ids from user_id fallback targets", () => { + const params = buildCommandTestParams("/acp status", baseCfg, { + Provider: "feishu", + Surface: "feishu", + OriginatingChannel: "feishu", + OriginatingTo: "user:user_123", + }); + + expect(resolveAcpCommandBindingContext(params)).toEqual({ + channel: "feishu", + accountId: "default", + threadId: undefined, + conversationId: "user_123", + parentConversationId: undefined, + }); + expect(resolveAcpCommandConversationId(params)).toBe("user_123"); + }); + + it("does not infer a Feishu DM parent conversation id during fallback binding lookup", () => { + const params = buildCommandTestParams("/acp status", baseCfg, { + Provider: "feishu", + Surface: "feishu", + OriginatingChannel: "feishu", + OriginatingTo: "user:ou_sender_1", + AccountId: "work", + }); + + expect(resolveAcpCommandParentConversationId(params)).toBeUndefined(); + expect(resolveAcpCommandBindingContext(params)).toEqual({ + channel: "feishu", + accountId: "work", + threadId: undefined, + conversationId: "ou_sender_1", + parentConversationId: undefined, + }); + }); }); diff --git a/src/auto-reply/reply/commands-acp/context.ts b/src/auto-reply/reply/commands-acp/context.ts index 84acb828015..fd5eb50ee09 100644 --- a/src/auto-reply/reply/commands-acp/context.ts +++ b/src/auto-reply/reply/commands-acp/context.ts @@ -1,3 +1,4 @@ +import { buildFeishuConversationId } from "../../../../extensions/feishu/src/conversation-id.js"; import { buildTelegramTopicConversationId, normalizeConversationText, @@ -5,10 +6,107 @@ import { } from "../../../acp/conversation-id.js"; import { DISCORD_THREAD_BINDING_CHANNEL } from "../../../channels/thread-bindings-policy.js"; import { resolveConversationIdFromTargets } from "../../../infra/outbound/conversation-id.js"; +import { getSessionBindingService } from "../../../infra/outbound/session-binding-service.js"; +import { parseAgentSessionKey } from "../../../routing/session-key.js"; import type { HandleCommandsParams } from "../commands-types.js"; import { parseDiscordParentChannelFromSessionKey } from "../discord-parent-channel.js"; import { resolveTelegramConversationId } from "../telegram-context.js"; +function parseFeishuTargetId(raw: unknown): string | undefined { + const target = normalizeConversationText(raw); + if (!target) { + return undefined; + } + const withoutProvider = target.replace(/^(feishu|lark):/i, "").trim(); + if (!withoutProvider) { + return undefined; + } + const lowered = withoutProvider.toLowerCase(); + for (const prefix of ["chat:", "group:", "channel:", "user:", "dm:", "open_id:"]) { + if (lowered.startsWith(prefix)) { + return normalizeConversationText(withoutProvider.slice(prefix.length)); + } + } + return withoutProvider; +} + +function parseFeishuDirectConversationId(raw: unknown): string | undefined { + const target = normalizeConversationText(raw); + if (!target) { + return undefined; + } + const withoutProvider = target.replace(/^(feishu|lark):/i, "").trim(); + if (!withoutProvider) { + return undefined; + } + const lowered = withoutProvider.toLowerCase(); + for (const prefix of ["user:", "dm:", "open_id:"]) { + if (lowered.startsWith(prefix)) { + return normalizeConversationText(withoutProvider.slice(prefix.length)); + } + } + const id = parseFeishuTargetId(target); + if (!id) { + return undefined; + } + if (id.startsWith("ou_") || id.startsWith("on_")) { + return id; + } + return undefined; +} + +function resolveFeishuSenderScopedConversationId(params: { + accountId: string; + parentConversationId?: string; + threadId?: string; + senderId?: string; + sessionKey?: string; + parentSessionKey?: string; +}): string | undefined { + const parentConversationId = normalizeConversationText(params.parentConversationId); + const threadId = normalizeConversationText(params.threadId); + const senderId = normalizeConversationText(params.senderId); + const expectedScopePrefix = `feishu:group:${parentConversationId?.toLowerCase()}:topic:${threadId?.toLowerCase()}:sender:`; + const isSenderScopedSession = [params.sessionKey, params.parentSessionKey].some((candidate) => { + const scopedRest = parseAgentSessionKey(candidate)?.rest?.trim().toLowerCase() ?? ""; + return Boolean(scopedRest && expectedScopePrefix && scopedRest.startsWith(expectedScopePrefix)); + }); + if (!parentConversationId || !threadId || !senderId) { + return undefined; + } + if (!isSenderScopedSession && params.sessionKey?.trim()) { + const boundConversation = getSessionBindingService() + .listBySession(params.sessionKey) + .find((binding) => { + if ( + binding.conversation.channel !== "feishu" || + binding.conversation.accountId !== params.accountId + ) { + return false; + } + return ( + binding.conversation.conversationId === + buildFeishuConversationId({ + chatId: parentConversationId, + scope: "group_topic_sender", + topicId: threadId, + senderOpenId: senderId, + }) + ); + }); + if (boundConversation) { + return boundConversation.conversation.conversationId; + } + return undefined; + } + return buildFeishuConversationId({ + chatId: parentConversationId, + scope: "group_topic_sender", + topicId: threadId, + senderOpenId: senderId, + }); +} + export function resolveAcpCommandChannel(params: HandleCommandsParams): string { const raw = params.ctx.OriginatingChannel ?? @@ -58,6 +156,33 @@ export function resolveAcpCommandConversationId(params: HandleCommandsParams): s ); } } + if (channel === "feishu") { + const threadId = resolveAcpCommandThreadId(params); + const parentConversationId = resolveAcpCommandParentConversationId(params); + if (threadId && parentConversationId) { + const senderScopedConversationId = resolveFeishuSenderScopedConversationId({ + accountId: resolveAcpCommandAccountId(params), + parentConversationId, + threadId, + senderId: params.command.senderId ?? params.ctx.SenderId, + sessionKey: params.sessionKey, + parentSessionKey: params.ctx.ParentSessionKey, + }); + return ( + senderScopedConversationId ?? + buildFeishuConversationId({ + chatId: parentConversationId, + scope: "group_topic", + topicId: threadId, + }) + ); + } + return ( + parseFeishuDirectConversationId(params.ctx.OriginatingTo) ?? + parseFeishuDirectConversationId(params.command.to) ?? + parseFeishuDirectConversationId(params.ctx.To) + ); + } return resolveConversationIdFromTargets({ threadId: params.ctx.MessageThreadId, targets: [params.ctx.OriginatingTo, params.command.to, params.ctx.To], @@ -83,6 +208,17 @@ export function resolveAcpCommandParentConversationId( parseTelegramChatIdFromTarget(params.ctx.To) ); } + if (channel === "feishu") { + const threadId = resolveAcpCommandThreadId(params); + if (!threadId) { + return undefined; + } + return ( + parseFeishuTargetId(params.ctx.OriginatingTo) ?? + parseFeishuTargetId(params.command.to) ?? + parseFeishuTargetId(params.ctx.To) + ); + } if (channel === DISCORD_THREAD_BINDING_CHANNEL) { const threadId = resolveAcpCommandThreadId(params); if (!threadId) { diff --git a/src/auto-reply/reply/commands-acp/lifecycle.ts b/src/auto-reply/reply/commands-acp/lifecycle.ts index 564788f78d7..42ee1d2e184 100644 --- a/src/auto-reply/reply/commands-acp/lifecycle.ts +++ b/src/auto-reply/reply/commands-acp/lifecycle.ts @@ -125,7 +125,7 @@ async function bindSpawnedAcpSessionToThread(params: { const currentThreadId = bindingContext.threadId ?? ""; const currentConversationId = bindingContext.conversationId?.trim() || ""; - const requiresThreadIdForHere = channel !== "telegram"; + const requiresThreadIdForHere = channel !== "telegram" && channel !== "feishu"; if ( threadMode === "here" && ((requiresThreadIdForHere && !currentThreadId) || @@ -137,7 +137,12 @@ async function bindSpawnedAcpSessionToThread(params: { }; } - const placement = channel === "telegram" ? "current" : currentThreadId ? "current" : "child"; + const placement = + channel === "telegram" || channel === "feishu" + ? "current" + : currentThreadId + ? "current" + : "child"; if (!capabilities.placements.includes(placement)) { return { ok: false, diff --git a/src/config/config.acp-binding-cutover.test.ts b/src/config/config.acp-binding-cutover.test.ts index ea9f4d603ea..c1b2944bdd0 100644 --- a/src/config/config.acp-binding-cutover.test.ts +++ b/src/config/config.acp-binding-cutover.test.ts @@ -144,4 +144,112 @@ describe("ACP binding cutover schema", () => { expect(parsed.success).toBe(false); }); + + it("accepts canonical Feishu ACP DM and topic peer IDs", () => { + const parsed = OpenClawSchema.safeParse({ + bindings: [ + { + type: "acp", + agentId: "codex", + match: { + channel: "feishu", + accountId: "default", + peer: { kind: "direct", id: "ou_user_123" }, + }, + }, + { + type: "acp", + agentId: "codex", + match: { + channel: "feishu", + accountId: "default", + peer: { kind: "direct", id: "user_123" }, + }, + }, + { + type: "acp", + agentId: "codex", + match: { + channel: "feishu", + accountId: "default", + peer: { kind: "group", id: "oc_group_chat:topic:om_topic_root:sender:ou_user_123" }, + }, + }, + ], + }); + + expect(parsed.success).toBe(true); + }); + + it("rejects non-canonical Feishu ACP peer IDs", () => { + const parsed = OpenClawSchema.safeParse({ + bindings: [ + { + type: "acp", + agentId: "codex", + match: { + channel: "feishu", + accountId: "default", + peer: { kind: "group", id: "oc_group_chat:sender:ou_user_123" }, + }, + }, + ], + }); + + expect(parsed.success).toBe(false); + }); + + it("rejects Feishu ACP DM peer IDs keyed by union id", () => { + const parsed = OpenClawSchema.safeParse({ + bindings: [ + { + type: "acp", + agentId: "codex", + match: { + channel: "feishu", + accountId: "default", + peer: { kind: "direct", id: "on_union_user_123" }, + }, + }, + ], + }); + + expect(parsed.success).toBe(false); + }); + + it("rejects Feishu ACP topic peer IDs with non-canonical sender ids", () => { + const parsed = OpenClawSchema.safeParse({ + bindings: [ + { + type: "acp", + agentId: "codex", + match: { + channel: "feishu", + accountId: "default", + peer: { kind: "group", id: "oc_group_chat:topic:om_topic_root:sender:user_123" }, + }, + }, + ], + }); + + expect(parsed.success).toBe(false); + }); + + it("rejects bare Feishu group chat ACP peer IDs", () => { + const parsed = OpenClawSchema.safeParse({ + bindings: [ + { + type: "acp", + agentId: "codex", + match: { + channel: "feishu", + accountId: "default", + peer: { kind: "group", id: "oc_group_chat" }, + }, + }, + ], + }); + + expect(parsed.success).toBe(false); + }); }); diff --git a/src/config/zod-schema.agents.ts b/src/config/zod-schema.agents.ts index ed638d9b502..5dddfc9813a 100644 --- a/src/config/zod-schema.agents.ts +++ b/src/config/zod-schema.agents.ts @@ -71,11 +71,12 @@ const AcpBindingSchema = z return; } const channel = value.match.channel.trim().toLowerCase(); - if (channel !== "discord" && channel !== "telegram") { + if (channel !== "discord" && channel !== "telegram" && channel !== "feishu") { ctx.addIssue({ code: z.ZodIssueCode.custom, path: ["match", "channel"], - message: 'ACP bindings currently support only "discord" and "telegram" channels.', + message: + 'ACP bindings currently support only "discord", "telegram", and "feishu" channels.', }); return; } @@ -87,6 +88,24 @@ const AcpBindingSchema = z "Telegram ACP bindings require canonical topic IDs in the form -1001234567890:topic:42.", }); } + if (channel === "feishu") { + const peerKind = value.match.peer?.kind; + const isDirectId = + (peerKind === "direct" || peerKind === "dm") && + /^[^:]+$/.test(peerId) && + !peerId.startsWith("oc_") && + !peerId.startsWith("on_"); + const isTopicId = + peerKind === "group" && /^oc_[^:]+:topic:[^:]+(?::sender:ou_[^:]+)?$/.test(peerId); + if (!isDirectId && !isTopicId) { + ctx.addIssue({ + code: z.ZodIssueCode.custom, + path: ["match", "peer", "id"], + message: + "Feishu ACP bindings require direct peer IDs for DMs or topic IDs in the form oc_group:topic:om_root[:sender:ou_xxx].", + }); + } + } }); export const BindingsSchema = z.array(z.union([RouteBindingSchema, AcpBindingSchema])).optional(); From e4c61723cd2d530680cc61789311d464ab8cdf60 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 08:39:49 -0700 Subject: [PATCH 09/34] ACP: fail closed on conflicting tool identity hints (#46817) * ACP: fail closed on conflicting tool identity hints * ACP: restore rawInput fallback for safe tool resolution * ACP tests: cover rawInput-only safe tool approval --- CHANGELOG.md | 1 + src/acp/client.test.ts | 41 +++++++++++++++++++++++++++++++++++++++++ src/acp/client.ts | 17 ++++++++++++++++- 3 files changed, 58 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b50a557d97..4bcd43d2b62 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,6 +44,7 @@ Docs: https://docs.openclaw.ai - Docs/Mintlify: fix MDX marker syntax on Perplexity, Model Providers, Moonshot, and exec approvals pages so local docs preview no longer breaks rendering or leaves stale pages unpublished. (#46695) Thanks @velvet-shark. - Email/webhook wrapping: sanitize sender and subject metadata before external-content wrapping so metadata fields cannot break the wrapper structure. Thanks @vincentkoc. - Node/startup: remove leftover debug `console.log("node host PATH: ...")` that printed the resolved PATH on every `openclaw node run` invocation. (#46411) +- ACP/approvals: use canonical tool identity for prompting decisions and fail closed when conflicting tool identity hints are present. Thanks @vincentkoc. - Telegram/message send: forward `--force-document` through the `sendPayload` path as well as `sendMedia`, so Telegram payload sends with `channelData` keep uploading images as documents instead of silently falling back to compressed photo sends. (#47119) Thanks @thepagent. - Telegram/message chunking: preserve spaces, paragraph separators, and word boundaries when HTML overflow rechunking splits formatted replies. (#47274) diff --git a/src/acp/client.test.ts b/src/acp/client.test.ts index 0cbc376720c..2595e89bfee 100644 --- a/src/acp/client.test.ts +++ b/src/acp/client.test.ts @@ -366,6 +366,47 @@ describe("resolvePermissionRequest", () => { expect(prompt).not.toHaveBeenCalled(); }); + it("auto-approves safe tools when rawInput is the only identity hint", async () => { + const prompt = vi.fn(async () => true); + const res = await resolvePermissionRequest( + makePermissionRequest({ + toolCall: { + toolCallId: "tool-raw-only", + title: "Searching files", + status: "pending", + rawInput: { + name: "search", + query: "foo", + }, + }, + }), + { prompt, log: () => {} }, + ); + expect(res).toEqual({ outcome: { outcome: "selected", optionId: "allow" } }); + expect(prompt).not.toHaveBeenCalled(); + }); + + it("prompts when raw input spoofs a safe tool name for a dangerous title", async () => { + const prompt = vi.fn(async () => false); + const res = await resolvePermissionRequest( + makePermissionRequest({ + toolCall: { + toolCallId: "tool-exec-spoof", + title: "exec: cat /etc/passwd", + status: "pending", + rawInput: { + command: "cat /etc/passwd", + name: "search", + }, + }, + }), + { prompt, log: () => {} }, + ); + expect(prompt).toHaveBeenCalledTimes(1); + expect(prompt).toHaveBeenCalledWith(undefined, "exec: cat /etc/passwd"); + expect(res).toEqual({ outcome: { outcome: "selected", optionId: "reject" } }); + }); + it("prompts for read outside cwd scope", async () => { const prompt = vi.fn(async () => false); const res = await resolvePermissionRequest( diff --git a/src/acp/client.ts b/src/acp/client.ts index 2f3ac28641a..1d25281cce5 100644 --- a/src/acp/client.ts +++ b/src/acp/client.ts @@ -104,7 +104,22 @@ function resolveToolNameForPermission(params: RequestPermissionRequest): string const fromMeta = readFirstStringValue(toolMeta, ["toolName", "tool_name", "name"]); const fromRawInput = readFirstStringValue(rawInput, ["tool", "toolName", "tool_name", "name"]); const fromTitle = parseToolNameFromTitle(toolCall?.title); - return normalizeToolName(fromMeta ?? fromRawInput ?? fromTitle ?? ""); + const metaName = fromMeta ? normalizeToolName(fromMeta) : undefined; + const rawInputName = fromRawInput ? normalizeToolName(fromRawInput) : undefined; + const titleName = fromTitle; + if ((fromMeta && !metaName) || (fromRawInput && !rawInputName)) { + return undefined; + } + if (metaName && titleName && metaName !== titleName) { + return undefined; + } + if (rawInputName && metaName && rawInputName !== metaName) { + return undefined; + } + if (rawInputName && titleName && rawInputName !== titleName) { + return undefined; + } + return metaName ?? titleName ?? rawInputName; } function extractPathFromToolTitle( From ff61343d76933c2d7bc01a13db87a2554514e0d0 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sun, 15 Mar 2026 08:44:02 -0700 Subject: [PATCH 10/34] fix: harden mention pattern regex compilation --- CHANGELOG.md | 1 + docs/channels/group-messages.md | 4 +- docs/channels/groups.md | 2 +- docs/gateway/configuration-reference.md | 4 +- docs/gateway/configuration.md | 2 +- src/auto-reply/inbound.test.ts | 19 +++- src/auto-reply/reply/mentions.ts | 124 +++++++++++++++++------- src/channels/dock.ts | 8 +- src/channels/plugins/types.core.ts | 5 + src/channels/plugins/whatsapp-shared.ts | 4 + src/config/schema.help.ts | 2 +- src/infra/exec-approval-forwarder.ts | 7 +- src/logging/redact.ts | 6 +- src/plugin-sdk/whatsapp.ts | 1 + src/security/config-regex.ts | 78 +++++++++++++++ src/security/safe-regex.test.ts | 14 ++- src/security/safe-regex.ts | 49 ++++++++-- 17 files changed, 265 insertions(+), 65 deletions(-) create mode 100644 src/security/config-regex.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 4bcd43d2b62..5fa449296ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ Docs: https://docs.openclaw.ai ### Fixes +- Group mention gating: reject invalid and unsafe nested-repetition `mentionPatterns`, reuse the shared safe config-regex compiler across mention stripping and detection, and cache strip-time regex compilation so noisy groups avoid repeated recompiles. - Control UI/chat sessions: show human-readable labels in the grouped session dropdown again, keep unique scoped fallbacks when metadata is missing, and disambiguate duplicate labels only when needed. (#45130) thanks @luzhidong. - Slack/interactive replies: preserve `channelData.slack.blocks` through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. Thanks @vincentkoc. - Feishu/topic threads: fetch full thread context, including prior bot replies, when starting a topic-thread session so follow-up turns in Feishu topics keep the right conversation state. Thanks @Coobiw. diff --git a/docs/channels/group-messages.md b/docs/channels/group-messages.md index e6a00ab5c5e..078ae9e7845 100644 --- a/docs/channels/group-messages.md +++ b/docs/channels/group-messages.md @@ -13,7 +13,7 @@ Note: `agents.list[].groupChat.mentionPatterns` is now used by Telegram/Discord/ ## What’s implemented (2025-12-03) -- Activation modes: `mention` (default) or `always`. `mention` requires a ping (real WhatsApp @-mentions via `mentionedJids`, regex patterns, or the bot’s E.164 anywhere in the text). `always` wakes the agent on every message but it should reply only when it can add meaningful value; otherwise it returns the silent token `NO_REPLY`. Defaults can be set in config (`channels.whatsapp.groups`) and overridden per group via `/activation`. When `channels.whatsapp.groups` is set, it also acts as a group allowlist (include `"*"` to allow all). +- Activation modes: `mention` (default) or `always`. `mention` requires a ping (real WhatsApp @-mentions via `mentionedJids`, safe regex patterns, or the bot’s E.164 anywhere in the text). `always` wakes the agent on every message but it should reply only when it can add meaningful value; otherwise it returns the silent token `NO_REPLY`. Defaults can be set in config (`channels.whatsapp.groups`) and overridden per group via `/activation`. When `channels.whatsapp.groups` is set, it also acts as a group allowlist (include `"*"` to allow all). - Group policy: `channels.whatsapp.groupPolicy` controls whether group messages are accepted (`open|disabled|allowlist`). `allowlist` uses `channels.whatsapp.groupAllowFrom` (fallback: explicit `channels.whatsapp.allowFrom`). Default is `allowlist` (blocked until you add senders). - Per-group sessions: session keys look like `agent::whatsapp:group:` so commands such as `/verbose on` or `/think high` (sent as standalone messages) are scoped to that group; personal DM state is untouched. Heartbeats are skipped for group threads. - Context injection: **pending-only** group messages (default 50) that _did not_ trigger a run are prefixed under `[Chat messages since your last reply - for context]`, with the triggering line under `[Current message - respond to this]`. Messages already in the session are not re-injected. @@ -50,7 +50,7 @@ Add a `groupChat` block to `~/.openclaw/openclaw.json` so display-name pings wor Notes: -- The regexes are case-insensitive; they cover a display-name ping like `@openclaw` and the raw number with or without `+`/spaces. +- The regexes are case-insensitive and use the same safe-regex guardrails as other config regex surfaces; invalid patterns and unsafe nested repetition are ignored. - WhatsApp still sends canonical mentions via `mentionedJids` when someone taps the contact, so the number fallback is rarely needed but is a useful safety net. ### Activation command (owner-only) diff --git a/docs/channels/groups.md b/docs/channels/groups.md index 3f9df076454..a6bd8621784 100644 --- a/docs/channels/groups.md +++ b/docs/channels/groups.md @@ -243,7 +243,7 @@ Replying to a bot message counts as an implicit mention (when the channel suppor Notes: -- `mentionPatterns` are case-insensitive regexes. +- `mentionPatterns` are case-insensitive safe regex patterns; invalid patterns and unsafe nested-repetition forms are ignored. - Surfaces that provide explicit mentions still pass; patterns are a fallback. - Per-agent override: `agents.list[].groupChat.mentionPatterns` (useful when multiple agents share a group). - Mention gating is only enforced when mention detection is possible (native mentions or `mentionPatterns` are configured). diff --git a/docs/gateway/configuration-reference.md b/docs/gateway/configuration-reference.md index 7bb7fb5824f..b87ad930161 100644 --- a/docs/gateway/configuration-reference.md +++ b/docs/gateway/configuration-reference.md @@ -655,12 +655,12 @@ See the full channel index: [Channels](/channels). ### Group chat mention gating -Group messages default to **require mention** (metadata mention or regex patterns). Applies to WhatsApp, Telegram, Discord, Google Chat, and iMessage group chats. +Group messages default to **require mention** (metadata mention or safe regex patterns). Applies to WhatsApp, Telegram, Discord, Google Chat, and iMessage group chats. **Mention types:** - **Metadata mentions**: Native platform @-mentions. Ignored in WhatsApp self-chat mode. -- **Text patterns**: Regex patterns in `agents.list[].groupChat.mentionPatterns`. Always checked. +- **Text patterns**: Safe regex patterns in `agents.list[].groupChat.mentionPatterns`. Invalid patterns and unsafe nested repetition are ignored. - Mention gating is enforced only when detection is possible (native mentions or at least one pattern). ```json5 diff --git a/docs/gateway/configuration.md b/docs/gateway/configuration.md index 0f1dd65cbbc..9a047cab857 100644 --- a/docs/gateway/configuration.md +++ b/docs/gateway/configuration.md @@ -170,7 +170,7 @@ When validation fails: ``` - **Metadata mentions**: native @-mentions (WhatsApp tap-to-mention, Telegram @bot, etc.) - - **Text patterns**: regex patterns in `mentionPatterns` + - **Text patterns**: safe regex patterns in `mentionPatterns` - See [full reference](/gateway/configuration-reference#group-chat-mention-gating) for per-channel overrides and self-chat mode. diff --git a/src/auto-reply/inbound.test.ts b/src/auto-reply/inbound.test.ts index 4d624ecabd1..77ff61e814e 100644 --- a/src/auto-reply/inbound.test.ts +++ b/src/auto-reply/inbound.test.ts @@ -17,6 +17,7 @@ import { buildMentionRegexes, matchesMentionPatterns, normalizeMentionText, + stripMentions, } from "./reply/mentions.js"; import { initSessionState } from "./reply/session.js"; import { applyTemplate, type MsgContext, type TemplateContext } from "./templating.js"; @@ -394,10 +395,10 @@ describe("initSessionState BodyStripped", () => { }); describe("mention helpers", () => { - it("builds regexes and skips invalid patterns", () => { + it("builds regexes and skips invalid or unsafe patterns", () => { const regexes = buildMentionRegexes({ messages: { - groupChat: { mentionPatterns: ["\\bopenclaw\\b", "(invalid"] }, + groupChat: { mentionPatterns: ["\\bopenclaw\\b", "(invalid", "(a+)+$"] }, }, }); expect(regexes).toHaveLength(1); @@ -435,6 +436,20 @@ describe("mention helpers", () => { expect(matchesMentionPatterns("workbot: hi", regexes)).toBe(true); expect(matchesMentionPatterns("global: hi", regexes)).toBe(false); }); + + it("strips safe mention patterns and ignores unsafe ones", () => { + const stripped = stripMentions("openclaw " + "a".repeat(28) + "!", {} as MsgContext, { + messages: { + groupChat: { mentionPatterns: ["\\bopenclaw\\b", "(a+)+$"] }, + }, + }); + expect(stripped).toBe(`${"a".repeat(28)}!`); + }); + + it("strips provider mention regexes without config compilation", () => { + const stripped = stripMentions("<@12345> hello", { Provider: "discord" } as MsgContext, {}); + expect(stripped).toBe("hello"); + }); }); describe("resolveGroupRequireMention", () => { diff --git a/src/auto-reply/reply/mentions.ts b/src/auto-reply/reply/mentions.ts index ca20905efae..714e599e38a 100644 --- a/src/auto-reply/reply/mentions.ts +++ b/src/auto-reply/reply/mentions.ts @@ -2,6 +2,8 @@ import { resolveAgentConfig } from "../../agents/agent-scope.js"; import { getChannelDock } from "../../channels/dock.js"; import { normalizeChannelId } from "../../channels/plugins/index.js"; import type { OpenClawConfig } from "../../config/config.js"; +import { createSubsystemLogger } from "../../logging/subsystem.js"; +import { compileConfigRegexes, type ConfigRegexRejectReason } from "../../security/config-regex.js"; import { escapeRegExp } from "../../utils.js"; import type { MsgContext } from "../templating.js"; @@ -21,8 +23,12 @@ function deriveMentionPatterns(identity?: { name?: string; emoji?: string }) { } const BACKSPACE_CHAR = "\u0008"; -const mentionRegexCompileCache = new Map(); +const mentionMatchRegexCompileCache = new Map(); +const mentionStripRegexCompileCache = new Map(); const MAX_MENTION_REGEX_COMPILE_CACHE_KEYS = 512; +const mentionPatternWarningCache = new Set(); +const MAX_MENTION_PATTERN_WARNING_KEYS = 512; +const log = createSubsystemLogger("mentions"); export const CURRENT_MESSAGE_MARKER = "[Current message - respond to this]"; @@ -37,6 +43,64 @@ function normalizeMentionPatterns(patterns: string[]): string[] { return patterns.map(normalizeMentionPattern); } +function warnRejectedMentionPattern( + pattern: string, + flags: string, + reason: ConfigRegexRejectReason, +) { + const key = `${flags}::${reason}::${pattern}`; + if (mentionPatternWarningCache.has(key)) { + return; + } + mentionPatternWarningCache.add(key); + if (mentionPatternWarningCache.size > MAX_MENTION_PATTERN_WARNING_KEYS) { + mentionPatternWarningCache.clear(); + mentionPatternWarningCache.add(key); + } + log.warn("Ignoring unsupported group mention pattern", { + pattern, + flags, + reason, + }); +} + +function cacheMentionRegexes( + cache: Map, + cacheKey: string, + regexes: RegExp[], +): RegExp[] { + cache.set(cacheKey, regexes); + if (cache.size > MAX_MENTION_REGEX_COMPILE_CACHE_KEYS) { + cache.clear(); + cache.set(cacheKey, regexes); + } + return [...regexes]; +} + +function compileMentionPatternsCached(params: { + patterns: string[]; + flags: string; + cache: Map; + warnRejected: boolean; +}): RegExp[] { + if (params.patterns.length === 0) { + return []; + } + const cacheKey = `${params.flags}\u001e${params.patterns.join("\u001f")}`; + const cached = params.cache.get(cacheKey); + if (cached) { + return [...cached]; + } + + const compiled = compileConfigRegexes(params.patterns, params.flags); + if (params.warnRejected) { + for (const rejected of compiled.rejected) { + warnRejectedMentionPattern(rejected.pattern, rejected.flags, rejected.reason); + } + } + return cacheMentionRegexes(params.cache, cacheKey, compiled.regexes); +} + function resolveMentionPatterns(cfg: OpenClawConfig | undefined, agentId?: string): string[] { if (!cfg) { return []; @@ -56,29 +120,12 @@ function resolveMentionPatterns(cfg: OpenClawConfig | undefined, agentId?: strin export function buildMentionRegexes(cfg: OpenClawConfig | undefined, agentId?: string): RegExp[] { const patterns = normalizeMentionPatterns(resolveMentionPatterns(cfg, agentId)); - if (patterns.length === 0) { - return []; - } - const cacheKey = patterns.join("\u001f"); - const cached = mentionRegexCompileCache.get(cacheKey); - if (cached) { - return [...cached]; - } - const compiled = patterns - .map((pattern) => { - try { - return new RegExp(pattern, "i"); - } catch { - return null; - } - }) - .filter((value): value is RegExp => Boolean(value)); - mentionRegexCompileCache.set(cacheKey, compiled); - if (mentionRegexCompileCache.size > MAX_MENTION_REGEX_COMPILE_CACHE_KEYS) { - mentionRegexCompileCache.clear(); - mentionRegexCompileCache.set(cacheKey, compiled); - } - return [...compiled]; + return compileMentionPatternsCached({ + patterns, + flags: "i", + cache: mentionMatchRegexCompileCache, + warnRejected: true, + }); } export function normalizeMentionText(text: string): string { @@ -153,17 +200,24 @@ export function stripMentions( let result = text; const providerId = ctx.Provider ? normalizeChannelId(ctx.Provider) : null; const providerMentions = providerId ? getChannelDock(providerId)?.mentions : undefined; - const patterns = normalizeMentionPatterns([ - ...resolveMentionPatterns(cfg, agentId), - ...(providerMentions?.stripPatterns?.({ ctx, cfg, agentId }) ?? []), - ]); - for (const p of patterns) { - try { - const re = new RegExp(p, "gi"); - result = result.replace(re, " "); - } catch { - // ignore invalid regex - } + const configRegexes = compileMentionPatternsCached({ + patterns: normalizeMentionPatterns(resolveMentionPatterns(cfg, agentId)), + flags: "gi", + cache: mentionStripRegexCompileCache, + warnRejected: true, + }); + const providerRegexes = + providerMentions?.stripRegexes?.({ ctx, cfg, agentId }) ?? + compileMentionPatternsCached({ + patterns: normalizeMentionPatterns( + providerMentions?.stripPatterns?.({ ctx, cfg, agentId }) ?? [], + ), + flags: "gi", + cache: mentionStripRegexCompileCache, + warnRejected: false, + }); + for (const re of [...configRegexes, ...providerRegexes]) { + result = result.replace(re, " "); } if (providerMentions?.stripMentions) { result = providerMentions.stripMentions({ diff --git a/src/channels/dock.ts b/src/channels/dock.ts index e080d513c16..2e63583ca1b 100644 --- a/src/channels/dock.ts +++ b/src/channels/dock.ts @@ -58,7 +58,7 @@ import type { } from "./plugins/types.js"; import { resolveWhatsAppGroupIntroHint, - resolveWhatsAppMentionStripPatterns, + resolveWhatsAppMentionStripRegexes, } from "./plugins/whatsapp-shared.js"; import { CHAT_CHANNEL_ORDER, type ChatChannelId, getChatChannelMeta } from "./registry.js"; @@ -303,7 +303,7 @@ const DOCKS: Record = { resolveGroupIntroHint: resolveWhatsAppGroupIntroHint, }, mentions: { - stripPatterns: ({ ctx }) => resolveWhatsAppMentionStripPatterns(ctx), + stripRegexes: ({ ctx }) => resolveWhatsAppMentionStripRegexes(ctx), }, threading: { buildToolContext: ({ context, hasRepliedRef }) => { @@ -346,7 +346,7 @@ const DOCKS: Record = { resolveToolPolicy: resolveDiscordGroupToolPolicy, }, mentions: { - stripPatterns: () => ["<@!?\\d+>"], + stripRegexes: () => [/<@!?\d+>/g], }, threading: { resolveReplyToMode: ({ cfg }) => cfg.channels?.discord?.replyToMode ?? "off", @@ -484,7 +484,7 @@ const DOCKS: Record = { resolveToolPolicy: resolveSlackGroupToolPolicy, }, mentions: { - stripPatterns: () => ["<@[^>]+>"], + stripRegexes: () => [/<@[^>]+>/g], }, threading: { resolveReplyToMode: ({ cfg, accountId, chatType }) => diff --git a/src/channels/plugins/types.core.ts b/src/channels/plugins/types.core.ts index 3bf3c07ddc6..fef8b010ca5 100644 --- a/src/channels/plugins/types.core.ts +++ b/src/channels/plugins/types.core.ts @@ -209,6 +209,11 @@ export type ChannelSecurityContext = { }; export type ChannelMentionAdapter = { + stripRegexes?: (params: { + ctx: MsgContext; + cfg: OpenClawConfig | undefined; + agentId?: string; + }) => RegExp[]; stripPatterns?: (params: { ctx: MsgContext; cfg: OpenClawConfig | undefined; diff --git a/src/channels/plugins/whatsapp-shared.ts b/src/channels/plugins/whatsapp-shared.ts index 3a51e2263bd..c8db1d068c8 100644 --- a/src/channels/plugins/whatsapp-shared.ts +++ b/src/channels/plugins/whatsapp-shared.ts @@ -20,6 +20,10 @@ export function resolveWhatsAppMentionStripPatterns(ctx: { To?: string | null }) return [escaped, `@${escaped}`]; } +export function resolveWhatsAppMentionStripRegexes(ctx: { To?: string | null }): RegExp[] { + return resolveWhatsAppMentionStripPatterns(ctx).map((pattern) => new RegExp(pattern, "g")); +} + type WhatsAppChunker = NonNullable; type WhatsAppSendMessage = PluginRuntimeChannel["whatsapp"]["sendMessageWhatsApp"]; type WhatsAppSendPoll = PluginRuntimeChannel["whatsapp"]["sendPollWhatsApp"]; diff --git a/src/config/schema.help.ts b/src/config/schema.help.ts index a4e2e125528..0d03f9574b1 100644 --- a/src/config/schema.help.ts +++ b/src/config/schema.help.ts @@ -1346,7 +1346,7 @@ export const FIELD_HELP: Record = { "messages.groupChat": "Group-message handling controls including mention triggers and history window sizing. Keep mention patterns narrow so group channels do not trigger on every message.", "messages.groupChat.mentionPatterns": - "Regex-like patterns used to detect explicit mentions/trigger phrases in group chats. Use precise patterns to reduce false positives in high-volume channels.", + "Safe case-insensitive regex patterns used to detect explicit mentions/trigger phrases in group chats. Use precise patterns to reduce false positives in high-volume channels; invalid or unsafe nested-repetition patterns are ignored.", "messages.groupChat.historyLimit": "Maximum number of prior group messages loaded as context per turn for group sessions. Use higher values for richer continuity, or lower values for faster and cheaper responses.", "messages.queue": diff --git a/src/infra/exec-approval-forwarder.ts b/src/infra/exec-approval-forwarder.ts index de3a54a4c77..5d197d6ae62 100644 --- a/src/infra/exec-approval-forwarder.ts +++ b/src/infra/exec-approval-forwarder.ts @@ -9,7 +9,8 @@ import type { } from "../config/types.approvals.js"; import { createSubsystemLogger } from "../logging/subsystem.js"; import { normalizeAccountId, parseAgentSessionKey } from "../routing/session-key.js"; -import { compileSafeRegex, testRegexWithBoundedInput } from "../security/safe-regex.js"; +import { compileConfigRegex } from "../security/config-regex.js"; +import { testRegexWithBoundedInput } from "../security/safe-regex.js"; import { isDeliverableMessageChannel, normalizeMessageChannel, @@ -63,8 +64,8 @@ function matchSessionFilter(sessionKey: string, patterns: string[]): boolean { if (sessionKey.includes(pattern)) { return true; } - const regex = compileSafeRegex(pattern); - return regex ? testRegexWithBoundedInput(regex, sessionKey) : false; + const compiled = compileConfigRegex(pattern); + return compiled?.regex ? testRegexWithBoundedInput(compiled.regex, sessionKey) : false; }); } diff --git a/src/logging/redact.ts b/src/logging/redact.ts index 7e47ac0b663..42266f71eec 100644 --- a/src/logging/redact.ts +++ b/src/logging/redact.ts @@ -1,5 +1,5 @@ import type { OpenClawConfig } from "../config/config.js"; -import { compileSafeRegex } from "../security/safe-regex.js"; +import { compileConfigRegex } from "../security/config-regex.js"; import { resolveNodeRequireFromMeta } from "./node-require.js"; import { replacePatternBounded } from "./redact-bounded.js"; @@ -55,9 +55,9 @@ function parsePattern(raw: string): RegExp | null { const match = raw.match(/^\/(.+)\/([gimsuy]*)$/); if (match) { const flags = match[2].includes("g") ? match[2] : `${match[2]}g`; - return compileSafeRegex(match[1], flags); + return compileConfigRegex(match[1], flags)?.regex ?? null; } - return compileSafeRegex(raw, "gi"); + return compileConfigRegex(raw, "gi")?.regex ?? null; } function resolvePatterns(value?: string[]): RegExp[] { diff --git a/src/plugin-sdk/whatsapp.ts b/src/plugin-sdk/whatsapp.ts index 0227322f868..ea6465e8faa 100644 --- a/src/plugin-sdk/whatsapp.ts +++ b/src/plugin-sdk/whatsapp.ts @@ -38,6 +38,7 @@ export { export { createWhatsAppOutboundBase, resolveWhatsAppGroupIntroHint, + resolveWhatsAppMentionStripRegexes, resolveWhatsAppMentionStripPatterns, } from "../channels/plugins/whatsapp-shared.js"; export { resolveWhatsAppHeartbeatRecipients } from "../channels/plugins/whatsapp-heartbeat.js"; diff --git a/src/security/config-regex.ts b/src/security/config-regex.ts new file mode 100644 index 00000000000..76e8d0e86c7 --- /dev/null +++ b/src/security/config-regex.ts @@ -0,0 +1,78 @@ +import { + compileSafeRegexDetailed, + type SafeRegexCompileResult, + type SafeRegexRejectReason, +} from "./safe-regex.js"; + +export type ConfigRegexRejectReason = Exclude; + +export type CompiledConfigRegex = + | { + regex: RegExp; + pattern: string; + flags: string; + reason: null; + } + | { + regex: null; + pattern: string; + flags: string; + reason: ConfigRegexRejectReason; + }; + +function normalizeRejectReason(result: SafeRegexCompileResult): ConfigRegexRejectReason | null { + if (result.reason === null || result.reason === "empty") { + return null; + } + return result.reason; +} + +export function compileConfigRegex(pattern: string, flags = ""): CompiledConfigRegex | null { + const result = compileSafeRegexDetailed(pattern, flags); + if (result.reason === "empty") { + return null; + } + return { + regex: result.regex, + pattern: result.source, + flags: result.flags, + reason: normalizeRejectReason(result), + } as CompiledConfigRegex; +} + +export function compileConfigRegexes( + patterns: string[], + flags = "", +): { + regexes: RegExp[]; + rejected: Array<{ + pattern: string; + flags: string; + reason: ConfigRegexRejectReason; + }>; +} { + const regexes: RegExp[] = []; + const rejected: Array<{ + pattern: string; + flags: string; + reason: ConfigRegexRejectReason; + }> = []; + + for (const pattern of patterns) { + const compiled = compileConfigRegex(pattern, flags); + if (!compiled) { + continue; + } + if (compiled.regex) { + regexes.push(compiled.regex); + continue; + } + rejected.push({ + pattern: compiled.pattern, + flags: compiled.flags, + reason: compiled.reason, + }); + } + + return { regexes, rejected }; +} diff --git a/src/security/safe-regex.test.ts b/src/security/safe-regex.test.ts index 460149ad8ce..d4d3d650d91 100644 --- a/src/security/safe-regex.test.ts +++ b/src/security/safe-regex.test.ts @@ -1,5 +1,10 @@ import { describe, expect, it } from "vitest"; -import { compileSafeRegex, hasNestedRepetition, testRegexWithBoundedInput } from "./safe-regex.js"; +import { + compileSafeRegex, + compileSafeRegexDetailed, + hasNestedRepetition, + testRegexWithBoundedInput, +} from "./safe-regex.js"; describe("safe regex", () => { it("flags nested repetition patterns", () => { @@ -28,6 +33,13 @@ describe("safe regex", () => { expect("TOKEN=abcd1234".replace(re as RegExp, "***")).toBe("***"); }); + it("returns structured reject reasons", () => { + expect(compileSafeRegexDetailed(" ").reason).toBe("empty"); + expect(compileSafeRegexDetailed("(a+)+$").reason).toBe("unsafe-nested-repetition"); + expect(compileSafeRegexDetailed("(invalid").reason).toBe("invalid-regex"); + expect(compileSafeRegexDetailed("^agent:main$").reason).toBeNull(); + }); + it("checks bounded regex windows for long inputs", () => { expect( testRegexWithBoundedInput(/^agent:main:discord:/, `agent:main:discord:${"x".repeat(5000)}`), diff --git a/src/security/safe-regex.ts b/src/security/safe-regex.ts index ffa34509130..e197929c4a4 100644 --- a/src/security/safe-regex.ts +++ b/src/security/safe-regex.ts @@ -30,7 +30,23 @@ type PatternToken = const SAFE_REGEX_CACHE_MAX = 256; const SAFE_REGEX_TEST_WINDOW = 2048; -const safeRegexCache = new Map(); +export type SafeRegexRejectReason = "empty" | "unsafe-nested-repetition" | "invalid-regex"; + +export type SafeRegexCompileResult = + | { + regex: RegExp; + source: string; + flags: string; + reason: null; + } + | { + regex: null; + source: string; + flags: string; + reason: SafeRegexRejectReason; + }; + +const safeRegexCache = new Map(); function createParseFrame(): ParseFrame { return { @@ -302,31 +318,44 @@ export function hasNestedRepetition(source: string): boolean { return analyzeTokensForNestedRepetition(tokenizePattern(source)); } -export function compileSafeRegex(source: string, flags = ""): RegExp | null { +export function compileSafeRegexDetailed(source: string, flags = ""): SafeRegexCompileResult { const trimmed = source.trim(); if (!trimmed) { - return null; + return { regex: null, source: trimmed, flags, reason: "empty" }; } const cacheKey = `${flags}::${trimmed}`; if (safeRegexCache.has(cacheKey)) { - return safeRegexCache.get(cacheKey) ?? null; + return ( + safeRegexCache.get(cacheKey) ?? { + regex: null, + source: trimmed, + flags, + reason: "invalid-regex", + } + ); } - let compiled: RegExp | null = null; - if (!hasNestedRepetition(trimmed)) { + let result: SafeRegexCompileResult; + if (hasNestedRepetition(trimmed)) { + result = { regex: null, source: trimmed, flags, reason: "unsafe-nested-repetition" }; + } else { try { - compiled = new RegExp(trimmed, flags); + result = { regex: new RegExp(trimmed, flags), source: trimmed, flags, reason: null }; } catch { - compiled = null; + result = { regex: null, source: trimmed, flags, reason: "invalid-regex" }; } } - safeRegexCache.set(cacheKey, compiled); + safeRegexCache.set(cacheKey, result); if (safeRegexCache.size > SAFE_REGEX_CACHE_MAX) { const oldestKey = safeRegexCache.keys().next().value; if (oldestKey) { safeRegexCache.delete(oldestKey); } } - return compiled; + return result; +} + +export function compileSafeRegex(source: string, flags = ""): RegExp | null { + return compileSafeRegexDetailed(source, flags).regex; } From ec2c6d83b9f5f91d6d9094842e0f19b88e63e3e2 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 08:47:17 -0700 Subject: [PATCH 11/34] Nodes: recheck queued actions before delivery (#46815) * Nodes: recheck queued actions before delivery * Nodes tests: cover pull-time policy recheck * Nodes tests: type node policy mocks explicitly --- CHANGELOG.md | 1 + .../server-methods/nodes.invoke-wake.test.ts | 64 ++++++++++++++++++- src/gateway/server-methods/nodes.ts | 35 +++++++++- 3 files changed, 97 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5fa449296ea..a1fd84a09ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -45,6 +45,7 @@ Docs: https://docs.openclaw.ai - Docs/Mintlify: fix MDX marker syntax on Perplexity, Model Providers, Moonshot, and exec approvals pages so local docs preview no longer breaks rendering or leaves stale pages unpublished. (#46695) Thanks @velvet-shark. - Email/webhook wrapping: sanitize sender and subject metadata before external-content wrapping so metadata fields cannot break the wrapper structure. Thanks @vincentkoc. - Node/startup: remove leftover debug `console.log("node host PATH: ...")` that printed the resolved PATH on every `openclaw node run` invocation. (#46411) +- Nodes/pending actions: re-check queued foreground actions against the current node command policy before returning them to the node. Thanks @vincentkoc. - ACP/approvals: use canonical tool identity for prompting decisions and fail closed when conflicting tool identity hints are present. Thanks @vincentkoc. - Telegram/message send: forward `--force-document` through the `sendPayload` path as well as `sendMedia`, so Telegram payload sends with `channelData` keep uploading images as documents instead of silently falling back to compressed photo sends. (#47119) Thanks @thepagent. - Telegram/message chunking: preserve spaces, paragraph separators, and word boundaries when HTML overflow rechunking splits formatted replies. (#47274) diff --git a/src/gateway/server-methods/nodes.invoke-wake.test.ts b/src/gateway/server-methods/nodes.invoke-wake.test.ts index fc01f718bbb..ea29384698c 100644 --- a/src/gateway/server-methods/nodes.invoke-wake.test.ts +++ b/src/gateway/server-methods/nodes.invoke-wake.test.ts @@ -2,10 +2,18 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { ErrorCodes } from "../protocol/index.js"; import { maybeWakeNodeWithApns, nodeHandlers } from "./nodes.js"; +type MockNodeCommandPolicyParams = { + command: string; + declaredCommands?: string[]; + allowlist: Set; +}; + const mocks = vi.hoisted(() => ({ loadConfig: vi.fn(() => ({})), - resolveNodeCommandAllowlist: vi.fn(() => []), - isNodeCommandAllowed: vi.fn(() => ({ ok: true })), + resolveNodeCommandAllowlist: vi.fn<() => Set>(() => new Set()), + isNodeCommandAllowed: vi.fn< + (params: MockNodeCommandPolicyParams) => { ok: true } | { ok: false; reason: string } + >(() => ({ ok: true })), sanitizeNodeInvokeParamsForForwarding: vi.fn(({ rawParams }: { rawParams: unknown }) => ({ ok: true, params: rawParams, @@ -518,6 +526,58 @@ describe("node.invoke APNs wake path", () => { }); }); + it("drops queued actions that are no longer allowed at pull time", async () => { + mocks.loadApnsRegistration.mockResolvedValue(null); + const allowlistedCommands = new Set(["camera.snap", "canvas.navigate"]); + mocks.resolveNodeCommandAllowlist.mockImplementation(() => new Set(allowlistedCommands)); + mocks.isNodeCommandAllowed.mockImplementation( + ({ command, declaredCommands, allowlist }: MockNodeCommandPolicyParams) => { + if (!allowlist.has(command)) { + return { ok: false, reason: "command not allowlisted" }; + } + if (!declaredCommands.includes(command)) { + return { ok: false, reason: "command not declared by node" }; + } + return { ok: true }; + }, + ); + + const nodeRegistry = { + get: vi.fn(() => ({ + nodeId: "ios-node-policy", + commands: ["camera.snap", "canvas.navigate"], + platform: "iOS 26.4.0", + })), + invoke: vi.fn().mockResolvedValue({ + ok: false, + error: { + code: "NODE_BACKGROUND_UNAVAILABLE", + message: "NODE_BACKGROUND_UNAVAILABLE: canvas/camera/screen commands require foreground", + }, + }), + }; + + await invokeNode({ + nodeRegistry, + requestParams: { + nodeId: "ios-node-policy", + command: "camera.snap", + params: { facing: "front" }, + idempotencyKey: "idem-policy", + }, + }); + + allowlistedCommands.delete("camera.snap"); + + const pullRespond = await pullPending("ios-node-policy"); + const pullCall = pullRespond.mock.calls[0] as RespondCall | undefined; + expect(pullCall?.[0]).toBe(true); + expect(pullCall?.[1]).toMatchObject({ + nodeId: "ios-node-policy", + actions: [], + }); + }); + it("dedupes queued foreground actions by idempotency key", async () => { mocks.loadApnsRegistration.mockResolvedValue(null); diff --git a/src/gateway/server-methods/nodes.ts b/src/gateway/server-methods/nodes.ts index 7f78809abbb..ae6c8090b6c 100644 --- a/src/gateway/server-methods/nodes.ts +++ b/src/gateway/server-methods/nodes.ts @@ -26,6 +26,7 @@ import { import { isNodeCommandAllowed, resolveNodeCommandAllowlist } from "../node-command-policy.js"; import { sanitizeNodeInvokeParamsForForwarding } from "../node-invoke-sanitize.js"; import { + type ConnectParams, ErrorCodes, errorShape, validateNodeDescribeParams, @@ -218,6 +219,38 @@ function listPendingNodeActions(nodeId: string): PendingNodeAction[] { return prunePendingNodeActions(nodeId, Date.now()); } +function resolveAllowedPendingNodeActions(params: { + nodeId: string; + client: { connect?: ConnectParams | null } | null; +}): PendingNodeAction[] { + const pending = listPendingNodeActions(params.nodeId); + if (pending.length === 0) { + return pending; + } + const connect = params.client?.connect; + const declaredCommands = Array.isArray(connect?.commands) ? connect.commands : []; + const allowlist = resolveNodeCommandAllowlist(loadConfig(), { + platform: connect?.client?.platform, + deviceFamily: connect?.client?.deviceFamily, + }); + const allowed = pending.filter((entry) => { + const result = isNodeCommandAllowed({ + command: entry.command, + declaredCommands, + allowlist, + }); + return result.ok; + }); + if (allowed.length !== pending.length) { + if (allowed.length === 0) { + pendingNodeActionsById.delete(params.nodeId); + } else { + pendingNodeActionsById.set(params.nodeId, allowed); + } + } + return allowed; +} + function ackPendingNodeActions(nodeId: string, ids: string[]): PendingNodeAction[] { if (ids.length === 0) { return listPendingNodeActions(nodeId); @@ -805,7 +838,7 @@ export const nodeHandlers: GatewayRequestHandlers = { return; } - const pending = listPendingNodeActions(trimmedNodeId); + const pending = resolveAllowedPendingNodeActions({ nodeId: trimmedNodeId, client }); respond( true, { From 87c4ae36b4ccbcac25ceb238ef357297761f4bdc Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sun, 15 Mar 2026 08:50:23 -0700 Subject: [PATCH 12/34] refactor: drop deprecated whatsapp mention pattern sdk helper --- extensions/whatsapp/src/channel.ts | 4 ++-- src/channels/plugins/whatsapp-shared.ts | 8 ++------ src/plugin-sdk/subpaths.test.ts | 2 ++ src/plugin-sdk/whatsapp.ts | 1 - 4 files changed, 6 insertions(+), 9 deletions(-) diff --git a/extensions/whatsapp/src/channel.ts b/extensions/whatsapp/src/channel.ts index 28de41a9fea..8a60dc44432 100644 --- a/extensions/whatsapp/src/channel.ts +++ b/extensions/whatsapp/src/channel.ts @@ -24,7 +24,7 @@ import { resolveWhatsAppGroupIntroHint, resolveWhatsAppGroupToolPolicy, resolveWhatsAppHeartbeatRecipients, - resolveWhatsAppMentionStripPatterns, + resolveWhatsAppMentionStripRegexes, WhatsAppConfigSchema, type ChannelMessageActionName, type ChannelPlugin, @@ -214,7 +214,7 @@ export const whatsappPlugin: ChannelPlugin = { resolveGroupIntroHint: resolveWhatsAppGroupIntroHint, }, mentions: { - stripPatterns: ({ ctx }) => resolveWhatsAppMentionStripPatterns(ctx), + stripRegexes: ({ ctx }) => resolveWhatsAppMentionStripRegexes(ctx), }, commands: { enforceOwnerForCommands: true, diff --git a/src/channels/plugins/whatsapp-shared.ts b/src/channels/plugins/whatsapp-shared.ts index c8db1d068c8..c798e7fe3ca 100644 --- a/src/channels/plugins/whatsapp-shared.ts +++ b/src/channels/plugins/whatsapp-shared.ts @@ -11,17 +11,13 @@ export function resolveWhatsAppGroupIntroHint(): string { return WHATSAPP_GROUP_INTRO_HINT; } -export function resolveWhatsAppMentionStripPatterns(ctx: { To?: string | null }): string[] { +export function resolveWhatsAppMentionStripRegexes(ctx: { To?: string | null }): RegExp[] { const selfE164 = (ctx.To ?? "").replace(/^whatsapp:/, ""); if (!selfE164) { return []; } const escaped = escapeRegExp(selfE164); - return [escaped, `@${escaped}`]; -} - -export function resolveWhatsAppMentionStripRegexes(ctx: { To?: string | null }): RegExp[] { - return resolveWhatsAppMentionStripPatterns(ctx).map((pattern) => new RegExp(pattern, "g")); + return [new RegExp(escaped, "g"), new RegExp(`@${escaped}`, "g")]; } type WhatsAppChunker = NonNullable; diff --git a/src/plugin-sdk/subpaths.test.ts b/src/plugin-sdk/subpaths.test.ts index 592b6de73cf..2d971c82255 100644 --- a/src/plugin-sdk/subpaths.test.ts +++ b/src/plugin-sdk/subpaths.test.ts @@ -87,6 +87,8 @@ describe("plugin-sdk subpath exports", () => { // WhatsApp-specific functions (resolveWhatsAppAccount, whatsappOnboardingAdapter) moved to extensions/whatsapp/src/ expect(typeof whatsappSdk.WhatsAppConfigSchema).toBe("object"); expect(typeof whatsappSdk.resolveWhatsAppOutboundTarget).toBe("function"); + expect(typeof whatsappSdk.resolveWhatsAppMentionStripRegexes).toBe("function"); + expect("resolveWhatsAppMentionStripPatterns" in whatsappSdk).toBe(false); }); it("exports LINE helpers", () => { diff --git a/src/plugin-sdk/whatsapp.ts b/src/plugin-sdk/whatsapp.ts index ea6465e8faa..f18a953bf7a 100644 --- a/src/plugin-sdk/whatsapp.ts +++ b/src/plugin-sdk/whatsapp.ts @@ -39,7 +39,6 @@ export { createWhatsAppOutboundBase, resolveWhatsAppGroupIntroHint, resolveWhatsAppMentionStripRegexes, - resolveWhatsAppMentionStripPatterns, } from "../channels/plugins/whatsapp-shared.js"; export { resolveWhatsAppHeartbeatRecipients } from "../channels/plugins/whatsapp-heartbeat.js"; export { WhatsAppConfigSchema } from "../config/zod-schema.providers-whatsapp.js"; From f5cd7c390d6b592bf932e7dba6efce100b70defd Mon Sep 17 00:00:00 2001 From: Aditya Chaudhary <55331140+ItsAditya-xyz@users.noreply.github.com> Date: Sun, 15 Mar 2026 21:31:31 +0530 Subject: [PATCH 13/34] added a fix for memory leak on 2gb ram (#46522) --- src/agents/model-id-normalization.ts | 23 ++++++++++++++++++ src/agents/model-selection.ts | 2 +- ...onfig.providers.google-antigravity.test.ts | 2 +- src/agents/models-config.providers.ts | 24 ++----------------- .../providers/google/inline-data.ts | 2 +- 5 files changed, 28 insertions(+), 25 deletions(-) create mode 100644 src/agents/model-id-normalization.ts diff --git a/src/agents/model-id-normalization.ts b/src/agents/model-id-normalization.ts new file mode 100644 index 00000000000..9b0b27a7f01 --- /dev/null +++ b/src/agents/model-id-normalization.ts @@ -0,0 +1,23 @@ +// Keep model ID normalization dependency-free so config parsing and other +// startup-only paths do not pull in provider discovery or plugin loading. +export function normalizeGoogleModelId(id: string): string { + if (id === "gemini-3-pro") { + return "gemini-3-pro-preview"; + } + if (id === "gemini-3-flash") { + return "gemini-3-flash-preview"; + } + if (id === "gemini-3.1-pro") { + return "gemini-3.1-pro-preview"; + } + if (id === "gemini-3.1-flash-lite") { + return "gemini-3.1-flash-lite-preview"; + } + // Preserve compatibility with earlier OpenClaw docs/config that pointed at a + // non-existent Gemini Flash preview ID. Google's current Flash text model is + // `gemini-3-flash-preview`. + if (id === "gemini-3.1-flash" || id === "gemini-3.1-flash-preview") { + return "gemini-3-flash-preview"; + } + return id; +} diff --git a/src/agents/model-selection.ts b/src/agents/model-selection.ts index 72cd5951292..1f73ca6a1b4 100644 --- a/src/agents/model-selection.ts +++ b/src/agents/model-selection.ts @@ -13,9 +13,9 @@ import { resolveAgentModelFallbacksOverride, } from "./agent-scope.js"; import { DEFAULT_MODEL, DEFAULT_PROVIDER } from "./defaults.js"; +import { normalizeGoogleModelId } from "./model-id-normalization.js"; import type { ModelCatalogEntry } from "./model-catalog.js"; import { splitTrailingAuthProfile } from "./model-ref-profile.js"; -import { normalizeGoogleModelId } from "./models-config.providers.js"; const log = createSubsystemLogger("model-selection"); diff --git a/src/agents/models-config.providers.google-antigravity.test.ts b/src/agents/models-config.providers.google-antigravity.test.ts index ea20608b866..f14cab01493 100644 --- a/src/agents/models-config.providers.google-antigravity.test.ts +++ b/src/agents/models-config.providers.google-antigravity.test.ts @@ -2,9 +2,9 @@ import { mkdtempSync } from "node:fs"; import { tmpdir } from "node:os"; import { join } from "node:path"; import { describe, expect, it } from "vitest"; +import { normalizeGoogleModelId } from "./model-id-normalization.js"; import { normalizeAntigravityModelId, - normalizeGoogleModelId, normalizeProviders, type ProviderConfig, } from "./models-config.providers.js"; diff --git a/src/agents/models-config.providers.ts b/src/agents/models-config.providers.ts index b4ef8f4b0b1..229a861c0e5 100644 --- a/src/agents/models-config.providers.ts +++ b/src/agents/models-config.providers.ts @@ -8,6 +8,7 @@ import { isRecord } from "../utils.js"; import { normalizeOptionalSecretInput } from "../utils/normalize-secret-input.js"; import { ensureAuthProfileStore, listProfilesForProvider } from "./auth-profiles.js"; import { discoverBedrockModels } from "./bedrock-discovery.js"; +import { normalizeGoogleModelId } from "./model-id-normalization.js"; import { buildCloudflareAiGatewayModelDefinition, resolveCloudflareAiGatewayBaseUrl, @@ -70,6 +71,7 @@ import { } from "./model-auth-markers.js"; import { resolveAwsSdkEnvVarName, resolveEnvApiKey } from "./model-auth.js"; export { resolveOllamaApiBase } from "./models-config.providers.discovery.js"; +export { normalizeGoogleModelId }; type ModelsConfig = NonNullable; export type ProviderConfig = NonNullable[string]; @@ -223,28 +225,6 @@ function resolveApiKeyFromProfiles(params: { return undefined; } -export function normalizeGoogleModelId(id: string): string { - if (id === "gemini-3-pro") { - return "gemini-3-pro-preview"; - } - if (id === "gemini-3-flash") { - return "gemini-3-flash-preview"; - } - if (id === "gemini-3.1-pro") { - return "gemini-3.1-pro-preview"; - } - if (id === "gemini-3.1-flash-lite") { - return "gemini-3.1-flash-lite-preview"; - } - // Preserve compatibility with earlier OpenClaw docs/config that pointed at a - // non-existent Gemini Flash preview ID. Google's current Flash text model is - // `gemini-3-flash-preview`. - if (id === "gemini-3.1-flash" || id === "gemini-3.1-flash-preview") { - return "gemini-3-flash-preview"; - } - return id; -} - const ANTIGRAVITY_BARE_PRO_IDS = new Set(["gemini-3-pro", "gemini-3.1-pro", "gemini-3-1-pro"]); export function normalizeAntigravityModelId(id: string): string { diff --git a/src/media-understanding/providers/google/inline-data.ts b/src/media-understanding/providers/google/inline-data.ts index 69fd41871e8..18116a54bc2 100644 --- a/src/media-understanding/providers/google/inline-data.ts +++ b/src/media-understanding/providers/google/inline-data.ts @@ -1,4 +1,4 @@ -import { normalizeGoogleModelId } from "../../../agents/models-config.providers.js"; +import { normalizeGoogleModelId } from "../../../agents/model-id-normalization.js"; import { parseGeminiAuth } from "../../../infra/gemini-auth.js"; import { assertOkOrThrowHttpError, normalizeBaseUrl, postJsonRequest } from "../shared.js"; From a60fd3feedeea9535840b9ddcd921330f4c769bc Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 09:00:28 -0700 Subject: [PATCH 14/34] Nodes tests: prove pull-time policy revalidation --- .../server-methods/nodes.invoke-wake.test.ts | 43 +++++++++++++------ 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/src/gateway/server-methods/nodes.invoke-wake.test.ts b/src/gateway/server-methods/nodes.invoke-wake.test.ts index ea29384698c..f86eb43f437 100644 --- a/src/gateway/server-methods/nodes.invoke-wake.test.ts +++ b/src/gateway/server-methods/nodes.invoke-wake.test.ts @@ -221,9 +221,10 @@ async function invokeNode(params: { return respond; } -function createNodeClient(nodeId: string) { +function createNodeClient(nodeId: string, commands?: string[]) { return { connect: { + ...(commands ? { commands } : {}), role: "node" as const, client: { id: nodeId, @@ -236,26 +237,26 @@ function createNodeClient(nodeId: string) { }; } -async function pullPending(nodeId: string) { +async function pullPending(nodeId: string, commands?: string[]) { const respond = vi.fn(); await nodeHandlers["node.pending.pull"]({ params: {}, respond: respond as never, context: {} as never, - client: createNodeClient(nodeId) as never, + client: createNodeClient(nodeId, commands) as never, req: { type: "req", id: "req-node-pending", method: "node.pending.pull" }, isWebchatConnect: () => false, }); return respond; } -async function ackPending(nodeId: string, ids: string[]) { +async function ackPending(nodeId: string, ids: string[], commands?: string[]) { const respond = vi.fn(); await nodeHandlers["node.pending.ack"]({ params: { ids }, respond: respond as never, context: {} as never, - client: createNodeClient(nodeId) as never, + client: createNodeClient(nodeId, commands) as never, req: { type: "req", id: "req-node-pending-ack", method: "node.pending.ack" }, isWebchatConnect: () => false, }); @@ -267,7 +268,7 @@ describe("node.invoke APNs wake path", () => { mocks.loadConfig.mockClear(); mocks.loadConfig.mockReturnValue({}); mocks.resolveNodeCommandAllowlist.mockClear(); - mocks.resolveNodeCommandAllowlist.mockReturnValue([]); + mocks.resolveNodeCommandAllowlist.mockReturnValue(new Set()); mocks.isNodeCommandAllowed.mockClear(); mocks.isNodeCommandAllowed.mockReturnValue({ ok: true }); mocks.sanitizeNodeInvokeParamsForForwarding.mockClear(); @@ -478,7 +479,7 @@ describe("node.invoke APNs wake path", () => { expect(call?.[2]?.message).toBe("node command queued until iOS returns to foreground"); expect(mocks.sendApnsBackgroundWake).not.toHaveBeenCalled(); - const pullRespond = await pullPending("ios-node-queued"); + const pullRespond = await pullPending("ios-node-queued", ["canvas.navigate"]); const pullCall = pullRespond.mock.calls[0] as RespondCall | undefined; expect(pullCall?.[0]).toBe(true); expect(pullCall?.[1]).toMatchObject({ @@ -491,7 +492,7 @@ describe("node.invoke APNs wake path", () => { ], }); - const repeatedPullRespond = await pullPending("ios-node-queued"); + const repeatedPullRespond = await pullPending("ios-node-queued", ["canvas.navigate"]); const repeatedPullCall = repeatedPullRespond.mock.calls[0] as RespondCall | undefined; expect(repeatedPullCall?.[0]).toBe(true); expect(repeatedPullCall?.[1]).toMatchObject({ @@ -508,7 +509,7 @@ describe("node.invoke APNs wake path", () => { ?.actions?.[0]?.id; expect(queuedActionId).toBeTruthy(); - const ackRespond = await ackPending("ios-node-queued", [queuedActionId!]); + const ackRespond = await ackPending("ios-node-queued", [queuedActionId!], ["canvas.navigate"]); const ackCall = ackRespond.mock.calls[0] as RespondCall | undefined; expect(ackCall?.[0]).toBe(true); expect(ackCall?.[1]).toMatchObject({ @@ -517,7 +518,7 @@ describe("node.invoke APNs wake path", () => { remainingCount: 0, }); - const emptyPullRespond = await pullPending("ios-node-queued"); + const emptyPullRespond = await pullPending("ios-node-queued", ["canvas.navigate"]); const emptyPullCall = emptyPullRespond.mock.calls[0] as RespondCall | undefined; expect(emptyPullCall?.[0]).toBe(true); expect(emptyPullCall?.[1]).toMatchObject({ @@ -535,7 +536,7 @@ describe("node.invoke APNs wake path", () => { if (!allowlist.has(command)) { return { ok: false, reason: "command not allowlisted" }; } - if (!declaredCommands.includes(command)) { + if (!declaredCommands?.includes(command)) { return { ok: false, reason: "command not declared by node" }; } return { ok: true }; @@ -567,9 +568,25 @@ describe("node.invoke APNs wake path", () => { }, }); + const preChangePullRespond = await pullPending("ios-node-policy", [ + "camera.snap", + "canvas.navigate", + ]); + const preChangePullCall = preChangePullRespond.mock.calls[0] as RespondCall | undefined; + expect(preChangePullCall?.[0]).toBe(true); + expect(preChangePullCall?.[1]).toMatchObject({ + nodeId: "ios-node-policy", + actions: [ + expect.objectContaining({ + command: "camera.snap", + paramsJSON: JSON.stringify({ facing: "front" }), + }), + ], + }); + allowlistedCommands.delete("camera.snap"); - const pullRespond = await pullPending("ios-node-policy"); + const pullRespond = await pullPending("ios-node-policy", ["camera.snap", "canvas.navigate"]); const pullCall = pullRespond.mock.calls[0] as RespondCall | undefined; expect(pullCall?.[0]).toBe(true); expect(pullCall?.[1]).toMatchObject({ @@ -615,7 +632,7 @@ describe("node.invoke APNs wake path", () => { }, }); - const pullRespond = await pullPending("ios-node-dedupe"); + const pullRespond = await pullPending("ios-node-dedupe", ["canvas.navigate"]); const pullCall = pullRespond.mock.calls[0] as RespondCall | undefined; expect(pullCall?.[0]).toBe(true); expect(pullCall?.[1]).toMatchObject({ From 7c0a849ed7c48c199b508721a881ffefafcd46fb Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sun, 15 Mar 2026 09:01:53 -0700 Subject: [PATCH 15/34] fix: harden device token rotation denial paths --- CHANGELOG.md | 1 + src/gateway/server-methods/devices.ts | 54 +++++++++++++++++-- .../server.auth.compat-baseline.test.ts | 6 ++- .../server.device-token-rotate-authz.test.ts | 45 ++++++++++++++-- src/infra/device-pairing.test.ts | 24 ++++++--- src/infra/device-pairing.ts | 20 +++++-- 6 files changed, 129 insertions(+), 21 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a1fd84a09ba..95a68bc92cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,7 @@ Docs: https://docs.openclaw.ai - WhatsApp/reconnect: restore the append recency filter in the extension inbox monitor and handle protobuf `Long` timestamps correctly, so fresh post-reconnect append messages are processed while stale history sync stays suppressed. (#42588) thanks @MonkeyLeeT. - WhatsApp/login: wait for pending creds writes before reopening after Baileys `515` pairing restarts in both QR login and `channels login` flows, and keep the restart coverage pinned to the real wrapped error shape plus per-account creds queues. (#27910) Thanks @asyncjason. - Agents/openai-compatible tool calls: deduplicate repeated tool call ids across live assistant messages and replayed history so OpenAI-compatible backends no longer reject duplicate `tool_call_id` values with HTTP 400. (#40996) Thanks @xaeon2026. +- Security/device pairing: harden `device.token.rotate` deny handling by keeping public failures generic while logging internal deny reasons and preserving approved-baseline enforcement. (`GHSA-7jrw-x62h-64p8`) ### Fixes diff --git a/src/gateway/server-methods/devices.ts b/src/gateway/server-methods/devices.ts index a068b2dfac5..4becd52edcc 100644 --- a/src/gateway/server-methods/devices.ts +++ b/src/gateway/server-methods/devices.ts @@ -4,6 +4,7 @@ import { listDevicePairing, removePairedDevice, type DeviceAuthToken, + type RotateDeviceTokenDenyReason, rejectDevicePairing, revokeDeviceToken, rotateDeviceToken, @@ -24,6 +25,8 @@ import { } from "../protocol/index.js"; import type { GatewayRequestHandlers } from "./types.js"; +const DEVICE_TOKEN_ROTATION_DENIED_MESSAGE = "device token rotation denied"; + function redactPairedDevice( device: { tokens?: Record } & Record, ) { @@ -53,6 +56,19 @@ function resolveMissingRequestedScope(params: { return null; } +function logDeviceTokenRotationDenied(params: { + log: { warn: (message: string) => void }; + deviceId: string; + role: string; + reason: RotateDeviceTokenDenyReason | "caller-missing-scope" | "unknown-device-or-role"; + scope?: string | null; +}) { + const suffix = params.scope ? ` scope=${params.scope}` : ""; + params.log.warn( + `device token rotation denied device=${params.deviceId} role=${params.role} reason=${params.reason}${suffix}`, + ); +} + export const deviceHandlers: GatewayRequestHandlers = { "device.pair.list": async ({ params, respond }) => { if (!validateDevicePairListParams(params)) { @@ -189,7 +205,17 @@ export const deviceHandlers: GatewayRequestHandlers = { }; const pairedDevice = await getPairedDevice(deviceId); if (!pairedDevice) { - respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "unknown deviceId/role")); + logDeviceTokenRotationDenied({ + log: context.logGateway, + deviceId, + role, + reason: "unknown-device-or-role", + }); + respond( + false, + undefined, + errorShape(ErrorCodes.INVALID_REQUEST, DEVICE_TOKEN_ROTATION_DENIED_MESSAGE), + ); return; } const callerScopes = Array.isArray(client?.connect?.scopes) ? client.connect.scopes : []; @@ -202,18 +228,36 @@ export const deviceHandlers: GatewayRequestHandlers = { callerScopes, }); if (missingScope) { + logDeviceTokenRotationDenied({ + log: context.logGateway, + deviceId, + role, + reason: "caller-missing-scope", + scope: missingScope, + }); respond( false, undefined, - errorShape(ErrorCodes.INVALID_REQUEST, `missing scope: ${missingScope}`), + errorShape(ErrorCodes.INVALID_REQUEST, DEVICE_TOKEN_ROTATION_DENIED_MESSAGE), ); return; } - const entry = await rotateDeviceToken({ deviceId, role, scopes }); - if (!entry) { - respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "unknown deviceId/role")); + const rotated = await rotateDeviceToken({ deviceId, role, scopes }); + if (!rotated.ok) { + logDeviceTokenRotationDenied({ + log: context.logGateway, + deviceId, + role, + reason: rotated.reason, + }); + respond( + false, + undefined, + errorShape(ErrorCodes.INVALID_REQUEST, DEVICE_TOKEN_ROTATION_DENIED_MESSAGE), + ); return; } + const entry = rotated.entry; context.logGateway.info( `device token rotated device=${deviceId} role=${entry.role} scopes=${entry.scopes.join(",")}`, ); diff --git a/src/gateway/server.auth.compat-baseline.test.ts b/src/gateway/server.auth.compat-baseline.test.ts index 27fc4abc72d..630e53de84f 100644 --- a/src/gateway/server.auth.compat-baseline.test.ts +++ b/src/gateway/server.auth.compat-baseline.test.ts @@ -174,7 +174,9 @@ describe("gateway auth compatibility baseline", () => { role: "operator", scopes: ["operator.admin"], }); - expect(rotated?.token).toBeTruthy(); + expect(rotated.ok).toBe(true); + const rotatedToken = rotated.ok ? rotated.entry.token : ""; + expect(rotatedToken).toBeTruthy(); const ws = await openWs(port); try { @@ -182,7 +184,7 @@ describe("gateway auth compatibility baseline", () => { skipDefaultAuth: true, client: { ...BACKEND_GATEWAY_CLIENT }, deviceIdentityPath: identityPath, - deviceToken: String(rotated?.token ?? ""), + deviceToken: rotatedToken, scopes: ["operator.admin"], }); expect(res.ok).toBe(true); diff --git a/src/gateway/server.device-token-rotate-authz.test.ts b/src/gateway/server.device-token-rotate-authz.test.ts index 9f3ecdaf719..efb4d5e44b1 100644 --- a/src/gateway/server.device-token-rotate-authz.test.ts +++ b/src/gateway/server.device-token-rotate-authz.test.ts @@ -87,11 +87,13 @@ async function issuePairingScopedTokenForAdminApprovedDevice(name: string): Prom role: "operator", scopes: ["operator.pairing"], }); - expect(rotated?.token).toBeTruthy(); + expect(rotated.ok).toBe(true); + const pairingToken = rotated.ok ? rotated.entry.token : ""; + expect(pairingToken).toBeTruthy(); return { deviceId: paired.identity.deviceId, identityPath: paired.identityPath, - pairingToken: String(rotated?.token ?? ""), + pairingToken, }; } @@ -221,7 +223,7 @@ describe("gateway device.token.rotate caller scope guard", () => { scopes: ["operator.admin"], }); expect(rotate.ok).toBe(false); - expect(rotate.error?.message).toBe("missing scope: operator.admin"); + expect(rotate.error?.message).toBe("device token rotation denied"); const paired = await getPairedDevice(attacker.deviceId); expect(paired?.tokens?.operator?.scopes).toEqual(["operator.pairing"]); @@ -266,7 +268,7 @@ describe("gateway device.token.rotate caller scope guard", () => { }); expect(rotate.ok).toBe(false); - expect(rotate.error?.message).toBe("missing scope: operator.admin"); + expect(rotate.error?.message).toBe("device token rotation denied"); await waitForMacrotasks(); expect(sawInvoke).toBe(false); @@ -281,4 +283,39 @@ describe("gateway device.token.rotate caller scope guard", () => { started.envSnapshot.restore(); } }); + + test("returns the same public deny for unknown devices and caller scope failures", async () => { + const started = await startServerWithClient("secret"); + const attacker = await issuePairingScopedTokenForAdminApprovedDevice("rotate-deny-shape"); + + let pairingWs: WebSocket | undefined; + try { + pairingWs = await connectPairingScopedOperator({ + port: started.port, + identityPath: attacker.identityPath, + deviceToken: attacker.pairingToken, + }); + + const missingScope = await rpcReq(pairingWs, "device.token.rotate", { + deviceId: attacker.deviceId, + role: "operator", + scopes: ["operator.admin"], + }); + const unknownDevice = await rpcReq(pairingWs, "device.token.rotate", { + deviceId: "missing-device", + role: "operator", + scopes: ["operator.pairing"], + }); + + expect(missingScope.ok).toBe(false); + expect(unknownDevice.ok).toBe(false); + expect(missingScope.error?.message).toBe("device token rotation denied"); + expect(unknownDevice.error?.message).toBe("device token rotation denied"); + } finally { + pairingWs?.close(); + started.ws.close(); + await started.server.close(); + started.envSnapshot.restore(); + } + }); }); diff --git a/src/infra/device-pairing.test.ts b/src/infra/device-pairing.test.ts index ddf0826d048..4deb04a8912 100644 --- a/src/infra/device-pairing.test.ts +++ b/src/infra/device-pairing.test.ts @@ -13,6 +13,7 @@ import { rotateDeviceToken, verifyDeviceToken, type PairedDevice, + type RotateDeviceTokenResult, } from "./device-pairing.js"; import { resolvePairingPaths } from "./pairing-files.js"; @@ -55,6 +56,14 @@ function requireToken(token: string | undefined): string { return token; } +function requireRotatedEntry(result: RotateDeviceTokenResult) { + expect(result.ok).toBe(true); + if (!result.ok) { + throw new Error(`expected rotated token entry, got ${result.reason}`); + } + return result.entry; +} + async function overwritePairedOperatorTokenScopes(baseDir: string, scopes: string[]) { const { pairedPath } = resolvePairingPaths(baseDir, "devices"); const pairedByDeviceId = JSON.parse(await readFile(pairedPath, "utf8")) as Record< @@ -204,22 +213,24 @@ describe("device pairing tokens", () => { const baseDir = await mkdtemp(join(tmpdir(), "openclaw-device-pairing-")); await setupPairedOperatorDevice(baseDir, ["operator.admin"]); - await rotateDeviceToken({ + const downscoped = await rotateDeviceToken({ deviceId: "device-1", role: "operator", scopes: ["operator.read"], baseDir, }); + expect(downscoped.ok).toBe(true); let paired = await getPairedDevice("device-1", baseDir); expect(paired?.tokens?.operator?.scopes).toEqual(["operator.read"]); expect(paired?.scopes).toEqual(["operator.admin"]); expect(paired?.approvedScopes).toEqual(["operator.admin"]); - await rotateDeviceToken({ + const reused = await rotateDeviceToken({ deviceId: "device-1", role: "operator", baseDir, }); + expect(reused.ok).toBe(true); paired = await getPairedDevice("device-1", baseDir); expect(paired?.tokens?.operator?.scopes).toEqual(["operator.read"]); }); @@ -255,7 +266,7 @@ describe("device pairing tokens", () => { scopes: ["operator.admin"], baseDir, }); - expect(rotated).toBeNull(); + expect(rotated).toEqual({ ok: false, reason: "scope-outside-approved-baseline" }); const after = await getPairedDevice("device-1", baseDir); expect(after?.tokens?.operator?.token).toEqual(before?.tokens?.operator?.token); @@ -357,12 +368,13 @@ describe("device pairing tokens", () => { scopes: ["operator.talk.secrets"], baseDir, }); - expect(rotated?.scopes).toEqual(["operator.talk.secrets"]); + const entry = requireRotatedEntry(rotated); + expect(entry.scopes).toEqual(["operator.talk.secrets"]); await expect( verifyOperatorToken({ baseDir, - token: requireToken(rotated?.token), + token: requireToken(entry.token), scopes: ["operator.talk.secrets"], }), ).resolves.toEqual({ ok: true }); @@ -395,7 +407,7 @@ describe("device pairing tokens", () => { scopes: ["operator.admin"], baseDir, }), - ).resolves.toBeNull(); + ).resolves.toEqual({ ok: false, reason: "missing-approved-scope-baseline" }); }); test("treats multibyte same-length token input as mismatch without throwing", async () => { diff --git a/src/infra/device-pairing.ts b/src/infra/device-pairing.ts index 5bd2909a56e..d16cd06f0cc 100644 --- a/src/infra/device-pairing.ts +++ b/src/infra/device-pairing.ts @@ -48,6 +48,15 @@ export type DeviceAuthTokenSummary = { lastUsedAtMs?: number; }; +export type RotateDeviceTokenDenyReason = + | "unknown-device-or-role" + | "missing-approved-scope-baseline" + | "scope-outside-approved-baseline"; + +export type RotateDeviceTokenResult = + | { ok: true; entry: DeviceAuthToken } + | { ok: false; reason: RotateDeviceTokenDenyReason }; + export type PairedDevice = { deviceId: string; publicKey: string; @@ -587,7 +596,7 @@ export async function rotateDeviceToken(params: { role: string; scopes?: string[]; baseDir?: string; -}): Promise { +}): Promise { return await withLock(async () => { const state = await loadState(params.baseDir); const context = resolveDeviceTokenUpdateContext({ @@ -596,13 +605,16 @@ export async function rotateDeviceToken(params: { role: params.role, }); if (!context) { - return null; + return { ok: false, reason: "unknown-device-or-role" }; } const { device, role, tokens, existing } = context; const requestedScopes = normalizeDeviceAuthScopes( params.scopes ?? existing?.scopes ?? device.scopes, ); const approvedScopes = resolveApprovedDeviceScopeBaseline(device); + if (!approvedScopes) { + return { ok: false, reason: "missing-approved-scope-baseline" }; + } if ( !scopesWithinApprovedDeviceBaseline({ role, @@ -610,7 +622,7 @@ export async function rotateDeviceToken(params: { approvedScopes, }) ) { - return null; + return { ok: false, reason: "scope-outside-approved-baseline" }; } const now = Date.now(); const next = buildDeviceAuthToken({ @@ -624,7 +636,7 @@ export async function rotateDeviceToken(params: { device.tokens = tokens; state.pairedByDeviceId[device.deviceId] = device; await persistState(state, params.baseDir); - return next; + return { ok: true, entry: next }; }); } From 0c7ae04262ea61b43edc8276b8cc1d62a01842f8 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sun, 15 Mar 2026 09:02:55 -0700 Subject: [PATCH 16/34] style: format imported model helpers --- src/agents/model-selection.ts | 2 +- src/agents/models-config.providers.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/agents/model-selection.ts b/src/agents/model-selection.ts index 1f73ca6a1b4..0f8f5568618 100644 --- a/src/agents/model-selection.ts +++ b/src/agents/model-selection.ts @@ -13,8 +13,8 @@ import { resolveAgentModelFallbacksOverride, } from "./agent-scope.js"; import { DEFAULT_MODEL, DEFAULT_PROVIDER } from "./defaults.js"; -import { normalizeGoogleModelId } from "./model-id-normalization.js"; import type { ModelCatalogEntry } from "./model-catalog.js"; +import { normalizeGoogleModelId } from "./model-id-normalization.js"; import { splitTrailingAuthProfile } from "./model-ref-profile.js"; const log = createSubsystemLogger("model-selection"); diff --git a/src/agents/models-config.providers.ts b/src/agents/models-config.providers.ts index 229a861c0e5..03110d3fba5 100644 --- a/src/agents/models-config.providers.ts +++ b/src/agents/models-config.providers.ts @@ -8,11 +8,11 @@ import { isRecord } from "../utils.js"; import { normalizeOptionalSecretInput } from "../utils/normalize-secret-input.js"; import { ensureAuthProfileStore, listProfilesForProvider } from "./auth-profiles.js"; import { discoverBedrockModels } from "./bedrock-discovery.js"; -import { normalizeGoogleModelId } from "./model-id-normalization.js"; import { buildCloudflareAiGatewayModelDefinition, resolveCloudflareAiGatewayBaseUrl, } from "./cloudflare-ai-gateway.js"; +import { normalizeGoogleModelId } from "./model-id-normalization.js"; import { buildHuggingfaceProvider, buildKilocodeProviderWithDiscovery, From 8d44b16b7cc7705dc878ef7cc9fbcba6dcb9e179 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 09:07:10 -0700 Subject: [PATCH 17/34] Plugins: preserve scoped ids and reserve bundled duplicates (#47413) * Plugins: preserve scoped ids and reserve bundled duplicates * Changelog: add plugin scoped id note * Plugins: harden scoped install ids * Plugins: reserve scoped install dirs * Plugins: migrate legacy scoped update ids --- CHANGELOG.md | 1 + src/infra/install-safe-path.ts | 4 +- src/infra/install-target.ts | 2 + src/plugins/install.test.ts | 81 +++++++++++++++++++++++---- src/plugins/install.ts | 77 ++++++++++++++++++++++--- src/plugins/loader.test.ts | 40 ++++++++++++- src/plugins/loader.ts | 22 +++++--- src/plugins/manifest-registry.test.ts | 30 ++++++++++ src/plugins/manifest-registry.ts | 24 ++++++-- src/plugins/update.test.ts | 57 +++++++++++++++++++ src/plugins/update.ts | 80 +++++++++++++++++++++++++- 11 files changed, 377 insertions(+), 41 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95a68bc92cb..6b05fec4ff7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -50,6 +50,7 @@ Docs: https://docs.openclaw.ai - ACP/approvals: use canonical tool identity for prompting decisions and fail closed when conflicting tool identity hints are present. Thanks @vincentkoc. - Telegram/message send: forward `--force-document` through the `sendPayload` path as well as `sendMedia`, so Telegram payload sends with `channelData` keep uploading images as documents instead of silently falling back to compressed photo sends. (#47119) Thanks @thepagent. - Telegram/message chunking: preserve spaces, paragraph separators, and word boundaries when HTML overflow rechunking splits formatted replies. (#47274) +- Plugins/scoped ids: preserve scoped plugin ids during install and config keying, and keep bundled plugins ahead of discovered duplicate ids by default so `@scope/name` plugins no longer collide with unscoped installs. Thanks @vincentkoc. ## 2026.3.13 diff --git a/src/infra/install-safe-path.ts b/src/infra/install-safe-path.ts index 13cc88562ed..a2f012e70fb 100644 --- a/src/infra/install-safe-path.ts +++ b/src/infra/install-safe-path.ts @@ -47,8 +47,10 @@ export function resolveSafeInstallDir(params: { baseDir: string; id: string; invalidNameMessage: string; + nameEncoder?: (id: string) => string; }): { ok: true; path: string } | { ok: false; error: string } { - const targetDir = path.join(params.baseDir, safeDirName(params.id)); + const encodedName = (params.nameEncoder ?? safeDirName)(params.id); + const targetDir = path.join(params.baseDir, encodedName); const resolvedBase = path.resolve(params.baseDir); const resolvedTarget = path.resolve(targetDir); const relative = path.relative(resolvedBase, resolvedTarget); diff --git a/src/infra/install-target.ts b/src/infra/install-target.ts index 38dd103c01c..dd954a92112 100644 --- a/src/infra/install-target.ts +++ b/src/infra/install-target.ts @@ -7,12 +7,14 @@ export async function resolveCanonicalInstallTarget(params: { id: string; invalidNameMessage: string; boundaryLabel: string; + nameEncoder?: (id: string) => string; }): Promise<{ ok: true; targetDir: string } | { ok: false; error: string }> { await fs.mkdir(params.baseDir, { recursive: true }); const targetDirResult = resolveSafeInstallDir({ baseDir: params.baseDir, id: params.id, invalidNameMessage: params.invalidNameMessage, + nameEncoder: params.nameEncoder, }); if (!targetDirResult.ok) { return { ok: false, error: targetDirResult.error }; diff --git a/src/plugins/install.test.ts b/src/plugins/install.test.ts index 5f698a8e64b..db2fcfaf8f9 100644 --- a/src/plugins/install.test.ts +++ b/src/plugins/install.test.ts @@ -3,6 +3,7 @@ import os from "node:os"; import path from "node:path"; import * as tar from "tar"; import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; +import { safePathSegmentHashed } from "../infra/install-safe-path.js"; import * as skillScanner from "../security/skill-scanner.js"; import { expectSingleNpmPackIgnoreScriptsCall } from "../test-utils/exec-assertions.js"; import { @@ -20,6 +21,7 @@ let installPluginFromDir: typeof import("./install.js").installPluginFromDir; let installPluginFromNpmSpec: typeof import("./install.js").installPluginFromNpmSpec; let installPluginFromPath: typeof import("./install.js").installPluginFromPath; let PLUGIN_INSTALL_ERROR_CODE: typeof import("./install.js").PLUGIN_INSTALL_ERROR_CODE; +let resolvePluginInstallDir: typeof import("./install.js").resolvePluginInstallDir; let runCommandWithTimeout: typeof import("../process/exec.js").runCommandWithTimeout; let suiteTempRoot = ""; let suiteFixtureRoot = ""; @@ -157,7 +159,9 @@ async function setupVoiceCallArchiveInstall(params: { outName: string; version: } function expectPluginFiles(result: { targetDir: string }, stateDir: string, pluginId: string) { - expect(result.targetDir).toBe(path.join(stateDir, "extensions", pluginId)); + expect(result.targetDir).toBe( + resolvePluginInstallDir(pluginId, path.join(stateDir, "extensions")), + ); expect(fs.existsSync(path.join(result.targetDir, "package.json"))).toBe(true); expect(fs.existsSync(path.join(result.targetDir, "dist", "index.js"))).toBe(true); } @@ -331,6 +335,7 @@ beforeAll(async () => { installPluginFromNpmSpec, installPluginFromPath, PLUGIN_INSTALL_ERROR_CODE, + resolvePluginInstallDir, } = await import("./install.js")); ({ runCommandWithTimeout } = await import("../process/exec.js")); @@ -394,7 +399,7 @@ beforeEach(() => { }); describe("installPluginFromArchive", () => { - it("installs into ~/.openclaw/extensions and uses unscoped id", async () => { + it("installs into ~/.openclaw/extensions and preserves scoped package ids", async () => { const { stateDir, archivePath, extensionsDir } = await setupVoiceCallArchiveInstall({ outName: "plugin.tgz", version: "0.0.1", @@ -404,7 +409,7 @@ describe("installPluginFromArchive", () => { archivePath, extensionsDir, }); - expectSuccessfulArchiveInstall({ result, stateDir, pluginId: "voice-call" }); + expectSuccessfulArchiveInstall({ result, stateDir, pluginId: "@openclaw/voice-call" }); }); it("rejects installing when plugin already exists", async () => { @@ -443,7 +448,7 @@ describe("installPluginFromArchive", () => { archivePath, extensionsDir, }); - expectSuccessfulArchiveInstall({ result, stateDir, pluginId: "zipper" }); + expectSuccessfulArchiveInstall({ result, stateDir, pluginId: "@openclaw/zipper" }); }); it("allows updates when mode is update", async () => { @@ -615,16 +620,17 @@ describe("installPluginFromArchive", () => { }); describe("installPluginFromDir", () => { - function expectInstalledAsMemoryCognee( + function expectInstalledWithPluginId( result: Awaited>, extensionsDir: string, + pluginId: string, ) { expect(result.ok).toBe(true); if (!result.ok) { return; } - expect(result.pluginId).toBe("memory-cognee"); - expect(result.targetDir).toBe(path.join(extensionsDir, "memory-cognee")); + expect(result.pluginId).toBe(pluginId); + expect(result.targetDir).toBe(resolvePluginInstallDir(pluginId, extensionsDir)); } it("uses --ignore-scripts for dependency install", async () => { @@ -689,17 +695,17 @@ describe("installPluginFromDir", () => { logger: { info: (msg: string) => infoMessages.push(msg), warn: () => {} }, }); - expectInstalledAsMemoryCognee(res, extensionsDir); + expectInstalledWithPluginId(res, extensionsDir, "memory-cognee"); expect( infoMessages.some((msg) => msg.includes( - 'Plugin manifest id "memory-cognee" differs from npm package name "cognee-openclaw"', + 'Plugin manifest id "memory-cognee" differs from npm package name "@openclaw/cognee-openclaw"', ), ), ).toBe(true); }); - it("normalizes scoped manifest ids to unscoped install keys", async () => { + it("preserves scoped manifest ids as install keys", async () => { const { pluginDir, extensionsDir } = setupManifestInstallFixture({ manifestId: "@team/memory-cognee", }); @@ -707,11 +713,62 @@ describe("installPluginFromDir", () => { const res = await installPluginFromDir({ dirPath: pluginDir, extensionsDir, - expectedPluginId: "memory-cognee", + expectedPluginId: "@team/memory-cognee", logger: { info: () => {}, warn: () => {} }, }); - expectInstalledAsMemoryCognee(res, extensionsDir); + expectInstalledWithPluginId(res, extensionsDir, "@team/memory-cognee"); + }); + + it("preserves scoped package names when no plugin manifest id is present", async () => { + const { pluginDir, extensionsDir } = setupInstallPluginFromDirFixture(); + + const res = await installPluginFromDir({ + dirPath: pluginDir, + extensionsDir, + }); + + expectInstalledWithPluginId(res, extensionsDir, "@openclaw/test-plugin"); + }); + + it("accepts legacy unscoped expected ids for scoped package names without manifest ids", async () => { + const { pluginDir, extensionsDir } = setupInstallPluginFromDirFixture(); + + const res = await installPluginFromDir({ + dirPath: pluginDir, + extensionsDir, + expectedPluginId: "test-plugin", + }); + + expectInstalledWithPluginId(res, extensionsDir, "@openclaw/test-plugin"); + }); + + it("rejects bare @ as an invalid scoped id", () => { + expect(() => resolvePluginInstallDir("@")).toThrow( + "invalid plugin name: scoped ids must use @scope/name format", + ); + }); + + it("rejects empty scoped segments like @/name", () => { + expect(() => resolvePluginInstallDir("@/name")).toThrow( + "invalid plugin name: scoped ids must use @scope/name format", + ); + }); + + it("rejects two-segment ids without a scope prefix", () => { + expect(() => resolvePluginInstallDir("team/name")).toThrow( + "invalid plugin name: scoped ids must use @scope/name format", + ); + }); + + it("uses a unique hashed install dir for scoped ids", () => { + const extensionsDir = path.join(makeTempDir(), "extensions"); + const scopedTarget = resolvePluginInstallDir("@scope/name", extensionsDir); + const hashedFlatId = safePathSegmentHashed("@scope/name"); + const flatTarget = resolvePluginInstallDir(hashedFlatId, extensionsDir); + + expect(path.basename(scopedTarget)).toBe(`@${hashedFlatId}`); + expect(scopedTarget).not.toBe(flatTarget); }); }); diff --git a/src/plugins/install.ts b/src/plugins/install.ts index e6e107877cf..ab87377d32e 100644 --- a/src/plugins/install.ts +++ b/src/plugins/install.ts @@ -11,6 +11,7 @@ import { installPackageDir } from "../infra/install-package-dir.js"; import { resolveSafeInstallDir, safeDirName, + safePathSegmentHashed, unscopedPackageName, } from "../infra/install-safe-path.js"; import { @@ -84,19 +85,68 @@ function safeFileName(input: string): string { return safeDirName(input); } +function encodePluginInstallDirName(pluginId: string): string { + const trimmed = pluginId.trim(); + if (!trimmed.includes("/")) { + return safeDirName(trimmed); + } + // Scoped plugin ids need a reserved on-disk namespace so they cannot collide + // with valid unscoped ids that happen to match the hashed slug. + return `@${safePathSegmentHashed(trimmed)}`; +} + function validatePluginId(pluginId: string): string | null { - if (!pluginId) { + const trimmed = pluginId.trim(); + if (!trimmed) { return "invalid plugin name: missing"; } - if (pluginId === "." || pluginId === "..") { - return "invalid plugin name: reserved path segment"; - } - if (pluginId.includes("/") || pluginId.includes("\\")) { + if (trimmed.includes("\\")) { return "invalid plugin name: path separators not allowed"; } + const segments = trimmed.split("/"); + if (segments.some((segment) => !segment)) { + return "invalid plugin name: malformed scope"; + } + if (segments.some((segment) => segment === "." || segment === "..")) { + return "invalid plugin name: reserved path segment"; + } + if (segments.length === 1) { + if (trimmed.startsWith("@")) { + return "invalid plugin name: scoped ids must use @scope/name format"; + } + return null; + } + if (segments.length !== 2) { + return "invalid plugin name: path separators not allowed"; + } + if (!segments[0]?.startsWith("@") || segments[0].length < 2) { + return "invalid plugin name: scoped ids must use @scope/name format"; + } return null; } +function matchesExpectedPluginId(params: { + expectedPluginId?: string; + pluginId: string; + manifestPluginId?: string; + npmPluginId: string; +}): boolean { + if (!params.expectedPluginId) { + return true; + } + if (params.expectedPluginId === params.pluginId) { + return true; + } + // Backward compatibility: older install records keyed scoped npm packages by + // their unscoped package name. Preserve update-in-place for those records + // unless the package declares an explicit manifest id override. + return ( + !params.manifestPluginId && + params.pluginId === params.npmPluginId && + params.expectedPluginId === unscopedPackageName(params.npmPluginId) + ); +} + function ensureOpenClawExtensions(params: { manifest: PackageManifest }): | { ok: true; @@ -195,6 +245,7 @@ export function resolvePluginInstallDir(pluginId: string, extensionsDir?: string baseDir: extensionsBase, id: pluginId, invalidNameMessage: "invalid plugin name: path traversal detected", + nameEncoder: encodePluginInstallDirName, }); if (!targetDirResult.ok) { throw new Error(targetDirResult.error); @@ -233,8 +284,8 @@ async function installPluginFromPackageDir( } const extensions = extensionsResult.entries; - const pkgName = typeof manifest.name === "string" ? manifest.name : ""; - const npmPluginId = pkgName ? unscopedPackageName(pkgName) : "plugin"; + const pkgName = typeof manifest.name === "string" ? manifest.name.trim() : ""; + const npmPluginId = pkgName || "plugin"; // Prefer the canonical `id` from openclaw.plugin.json over the npm package name. // This avoids a latent key-mismatch bug: if the manifest id (e.g. "memory-cognee") @@ -243,7 +294,7 @@ async function installPluginFromPackageDir( const ocManifestResult = loadPluginManifest(params.packageDir); const manifestPluginId = ocManifestResult.ok && ocManifestResult.manifest.id - ? unscopedPackageName(ocManifestResult.manifest.id) + ? ocManifestResult.manifest.id.trim() : undefined; const pluginId = manifestPluginId ?? npmPluginId; @@ -251,7 +302,14 @@ async function installPluginFromPackageDir( if (pluginIdError) { return { ok: false, error: pluginIdError }; } - if (params.expectedPluginId && params.expectedPluginId !== pluginId) { + if ( + !matchesExpectedPluginId({ + expectedPluginId: params.expectedPluginId, + pluginId, + manifestPluginId, + npmPluginId, + }) + ) { return { ok: false, error: `plugin id mismatch: expected ${params.expectedPluginId}, got ${pluginId}`, @@ -313,6 +371,7 @@ async function installPluginFromPackageDir( id: pluginId, invalidNameMessage: "invalid plugin name: path traversal detected", boundaryLabel: "extensions directory", + nameEncoder: encodePluginInstallDirName, }); if (!targetDirResult.ok) { return { ok: false, error: targetDirResult.error }; diff --git a/src/plugins/loader.test.ts b/src/plugins/loader.test.ts index 4771d98aa31..c37cfbfd46c 100644 --- a/src/plugins/loader.test.ts +++ b/src/plugins/loader.test.ts @@ -1692,7 +1692,37 @@ describe("loadOpenClawPlugins", () => { expect(workspacePlugin?.status).toBe("loaded"); }); - it("lets an explicitly trusted workspace plugin shadow a bundled plugin with the same id", () => { + it("keeps scoped and unscoped plugin ids distinct", () => { + useNoBundledPlugins(); + const scoped = writePlugin({ + id: "@team/shadowed", + body: `module.exports = { id: "@team/shadowed", register() {} };`, + filename: "scoped.cjs", + }); + const unscoped = writePlugin({ + id: "shadowed", + body: `module.exports = { id: "shadowed", register() {} };`, + filename: "unscoped.cjs", + }); + + const registry = loadOpenClawPlugins({ + cache: false, + config: { + plugins: { + load: { paths: [scoped.file, unscoped.file] }, + allow: ["@team/shadowed", "shadowed"], + }, + }, + }); + + expect(registry.plugins.find((entry) => entry.id === "@team/shadowed")?.status).toBe("loaded"); + expect(registry.plugins.find((entry) => entry.id === "shadowed")?.status).toBe("loaded"); + expect( + registry.diagnostics.some((diag) => String(diag.message).includes("duplicate plugin id")), + ).toBe(false); + }); + + it("keeps bundled plugins ahead of trusted workspace duplicates with the same id", () => { const bundledDir = makeTempDir(); writePlugin({ id: "shadowed", @@ -1719,6 +1749,9 @@ describe("loadOpenClawPlugins", () => { plugins: { enabled: true, allow: ["shadowed"], + entries: { + shadowed: { enabled: true }, + }, }, }, }); @@ -1726,8 +1759,9 @@ describe("loadOpenClawPlugins", () => { const entries = registry.plugins.filter((entry) => entry.id === "shadowed"); const loaded = entries.find((entry) => entry.status === "loaded"); const overridden = entries.find((entry) => entry.status === "disabled"); - expect(loaded?.origin).toBe("workspace"); - expect(overridden?.origin).toBe("bundled"); + expect(loaded?.origin).toBe("bundled"); + expect(overridden?.origin).toBe("workspace"); + expect(overridden?.error).toContain("overridden by bundled plugin"); }); it("warns when loaded non-bundled plugin has no install/load-path provenance", () => { diff --git a/src/plugins/loader.ts b/src/plugins/loader.ts index 698918964f9..253ad63afc4 100644 --- a/src/plugins/loader.ts +++ b/src/plugins/loader.ts @@ -485,16 +485,20 @@ function resolveCandidateDuplicateRank(params: { env: params.env, }); - switch (params.candidate.origin) { - case "config": - return 0; - case "workspace": - return 1; - case "global": - return isExplicitInstall ? 2 : 4; - case "bundled": - return 3; + if (params.candidate.origin === "config") { + return 0; } + if (params.candidate.origin === "global" && isExplicitInstall) { + return 1; + } + if (params.candidate.origin === "bundled") { + // Bundled plugin ids stay reserved unless the operator configured an override. + return 2; + } + if (params.candidate.origin === "workspace") { + return 3; + } + return 4; } function compareDuplicateCandidateOrder(params: { diff --git a/src/plugins/manifest-registry.test.ts b/src/plugins/manifest-registry.test.ts index bbdc8020d6e..214c9b3b23f 100644 --- a/src/plugins/manifest-registry.test.ts +++ b/src/plugins/manifest-registry.test.ts @@ -225,6 +225,36 @@ describe("loadPluginManifestRegistry", () => { ).toBe(true); }); + it("reports bundled plugins as the duplicate winner for workspace duplicates", () => { + const bundledDir = makeTempDir(); + const workspaceDir = makeTempDir(); + const manifest = { id: "shadowed", configSchema: { type: "object" } }; + writeManifest(bundledDir, manifest); + writeManifest(workspaceDir, manifest); + + const registry = loadPluginManifestRegistry({ + cache: false, + candidates: [ + createPluginCandidate({ + idHint: "shadowed", + rootDir: bundledDir, + origin: "bundled", + }), + createPluginCandidate({ + idHint: "shadowed", + rootDir: workspaceDir, + origin: "workspace", + }), + ], + }); + + expect( + registry.diagnostics.some((diag) => + diag.message.includes("workspace plugin will be overridden by bundled plugin"), + ), + ).toBe(true); + }); + it("suppresses duplicate warning when candidates share the same physical directory via symlink", () => { const realDir = makeTempDir(); const manifest = { id: "feishu", configSchema: { type: "object" } }; diff --git a/src/plugins/manifest-registry.ts b/src/plugins/manifest-registry.ts index 79fb3facf8e..285b3042004 100644 --- a/src/plugins/manifest-registry.ts +++ b/src/plugins/manifest-registry.ts @@ -13,7 +13,8 @@ type SeenIdEntry = { recordIndex: number; }; -// Precedence: config > workspace > explicit-install global > bundled > auto-discovered global +// Canonicalize identical physical plugin roots with the most explicit source. +// This only applies when multiple candidates resolve to the same on-disk plugin. const PLUGIN_ORIGIN_RANK: Readonly> = { config: 0, workspace: 1, @@ -167,17 +168,28 @@ function resolveDuplicatePrecedenceRank(params: { config?: OpenClawConfig; env: NodeJS.ProcessEnv; }): number { - if (params.candidate.origin === "global") { - return matchesInstalledPluginRecord({ + if (params.candidate.origin === "config") { + return 0; + } + if ( + params.candidate.origin === "global" && + matchesInstalledPluginRecord({ pluginId: params.pluginId, candidate: params.candidate, config: params.config, env: params.env, }) - ? 2 - : 4; + ) { + return 1; } - return PLUGIN_ORIGIN_RANK[params.candidate.origin]; + if (params.candidate.origin === "bundled") { + // Bundled plugin ids are reserved unless the operator explicitly overrides them. + return 2; + } + if (params.candidate.origin === "workspace") { + return 3; + } + return 4; } export function loadPluginManifestRegistry(params: { diff --git a/src/plugins/update.test.ts b/src/plugins/update.test.ts index 65ef9966a83..4d3b72ed65d 100644 --- a/src/plugins/update.test.ts +++ b/src/plugins/update.test.ts @@ -156,6 +156,63 @@ describe("updateNpmInstalledPlugins", () => { }, ]); }); + + it("migrates legacy unscoped install keys when a scoped npm package updates", async () => { + installPluginFromNpmSpecMock.mockResolvedValue({ + ok: true, + pluginId: "@openclaw/voice-call", + targetDir: "/tmp/openclaw-voice-call", + version: "0.0.2", + extensions: ["index.ts"], + }); + + const { updateNpmInstalledPlugins } = await import("./update.js"); + const result = await updateNpmInstalledPlugins({ + config: { + plugins: { + allow: ["voice-call"], + deny: ["voice-call"], + slots: { memory: "voice-call" }, + entries: { + "voice-call": { + enabled: false, + hooks: { allowPromptInjection: false }, + }, + }, + installs: { + "voice-call": { + source: "npm", + spec: "@openclaw/voice-call", + installPath: "/tmp/voice-call", + }, + }, + }, + }, + pluginIds: ["voice-call"], + }); + + expect(installPluginFromNpmSpecMock).toHaveBeenCalledWith( + expect.objectContaining({ + spec: "@openclaw/voice-call", + expectedPluginId: "voice-call", + }), + ); + expect(result.config.plugins?.allow).toEqual(["@openclaw/voice-call"]); + expect(result.config.plugins?.deny).toEqual(["@openclaw/voice-call"]); + expect(result.config.plugins?.slots?.memory).toBe("@openclaw/voice-call"); + expect(result.config.plugins?.entries?.["@openclaw/voice-call"]).toEqual({ + enabled: false, + hooks: { allowPromptInjection: false }, + }); + expect(result.config.plugins?.entries?.["voice-call"]).toBeUndefined(); + expect(result.config.plugins?.installs?.["@openclaw/voice-call"]).toMatchObject({ + source: "npm", + spec: "@openclaw/voice-call", + installPath: "/tmp/openclaw-voice-call", + version: "0.0.2", + }); + expect(result.config.plugins?.installs?.["voice-call"]).toBeUndefined(); + }); }); describe("syncPluginsForUpdateChannel", () => { diff --git a/src/plugins/update.ts b/src/plugins/update.ts index b214558bc57..af6434e84cc 100644 --- a/src/plugins/update.ts +++ b/src/plugins/update.ts @@ -172,6 +172,79 @@ function buildLoadPathHelpers(existing: string[], env: NodeJS.ProcessEnv = proce }; } +function replacePluginIdInList( + entries: string[] | undefined, + fromId: string, + toId: string, +): string[] | undefined { + if (!entries || entries.length === 0 || fromId === toId) { + return entries; + } + const next: string[] = []; + for (const entry of entries) { + const value = entry === fromId ? toId : entry; + if (!next.includes(value)) { + next.push(value); + } + } + return next; +} + +function migratePluginConfigId(cfg: OpenClawConfig, fromId: string, toId: string): OpenClawConfig { + if (fromId === toId) { + return cfg; + } + + const installs = cfg.plugins?.installs; + const entries = cfg.plugins?.entries; + const slots = cfg.plugins?.slots; + const allow = replacePluginIdInList(cfg.plugins?.allow, fromId, toId); + const deny = replacePluginIdInList(cfg.plugins?.deny, fromId, toId); + + const nextInstalls = installs ? { ...installs } : undefined; + if (nextInstalls && fromId in nextInstalls) { + const record = nextInstalls[fromId]; + if (record && !(toId in nextInstalls)) { + nextInstalls[toId] = record; + } + delete nextInstalls[fromId]; + } + + const nextEntries = entries ? { ...entries } : undefined; + if (nextEntries && fromId in nextEntries) { + const entry = nextEntries[fromId]; + if (entry) { + nextEntries[toId] = nextEntries[toId] + ? { + ...entry, + ...nextEntries[toId], + } + : entry; + } + delete nextEntries[fromId]; + } + + const nextSlots = + slots?.memory === fromId + ? { + ...slots, + memory: toId, + } + : slots; + + return { + ...cfg, + plugins: { + ...cfg.plugins, + allow, + deny, + entries: nextEntries, + installs: nextInstalls, + slots: nextSlots, + }, + }; +} + function createPluginUpdateIntegrityDriftHandler(params: { pluginId: string; dryRun: boolean; @@ -362,9 +435,14 @@ export async function updateNpmInstalledPlugins(params: { continue; } + const resolvedPluginId = result.pluginId; + if (resolvedPluginId !== pluginId) { + next = migratePluginConfigId(next, pluginId, resolvedPluginId); + } + const nextVersion = result.version ?? (await readInstalledPackageVersion(result.targetDir)); next = recordPluginInstall(next, { - pluginId, + pluginId: resolvedPluginId, source: "npm", spec: record.spec, installPath: result.targetDir, From 67b2d1b8e82e7002c8820a3542cf8e569b1d3dcf Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 09:10:40 -0700 Subject: [PATCH 18/34] CLI: reduce channels add startup memory (#46784) * CLI: lazy-load channel subcommand handlers * Channels: defer add command dependencies * CLI: skip status JSON plugin preload * CLI: cover status JSON route preload * Status: trim JSON security audit path * Status: update JSON fast-path tests * CLI: cover root help fast path * CLI: fast-path root help * Status: keep JSON security parity * Status: restore JSON security tests * CLI: document status plugin preload * Channels: reuse Telegram account import --- src/cli/channels-cli.ts | 16 ++++++------- src/cli/program/command-registry.ts | 4 ++++ src/cli/program/root-help.ts | 29 +++++++++++++++++++++++ src/cli/program/routes.test.ts | 2 +- src/cli/run-main.exit.test.ts | 25 ++++++++++++++++++++ src/cli/run-main.test.ts | 10 ++++++++ src/cli/run-main.ts | 17 +++++++++++++- src/commands/channels/add.ts | 36 ++++++++++++++++++----------- src/commands/status.test.ts | 10 ++++++-- 9 files changed, 123 insertions(+), 26 deletions(-) create mode 100644 src/cli/program/root-help.ts diff --git a/src/cli/channels-cli.ts b/src/cli/channels-cli.ts index 8a1b8eb3f53..3015ed1d42a 100644 --- a/src/cli/channels-cli.ts +++ b/src/cli/channels-cli.ts @@ -1,13 +1,4 @@ import type { Command } from "commander"; -import { - channelsAddCommand, - channelsCapabilitiesCommand, - channelsListCommand, - channelsLogsCommand, - channelsRemoveCommand, - channelsResolveCommand, - channelsStatusCommand, -} from "../commands/channels.js"; import { danger } from "../globals.js"; import { defaultRuntime } from "../runtime.js"; import { formatDocsLink } from "../terminal/links.js"; @@ -96,6 +87,7 @@ export function registerChannelsCli(program: Command) { .option("--json", "Output JSON", false) .action(async (opts) => { await runChannelsCommand(async () => { + const { channelsListCommand } = await import("../commands/channels.js"); await channelsListCommand(opts, defaultRuntime); }); }); @@ -108,6 +100,7 @@ export function registerChannelsCli(program: Command) { .option("--json", "Output JSON", false) .action(async (opts) => { await runChannelsCommand(async () => { + const { channelsStatusCommand } = await import("../commands/channels.js"); await channelsStatusCommand(opts, defaultRuntime); }); }); @@ -122,6 +115,7 @@ export function registerChannelsCli(program: Command) { .option("--json", "Output JSON", false) .action(async (opts) => { await runChannelsCommand(async () => { + const { channelsCapabilitiesCommand } = await import("../commands/channels.js"); await channelsCapabilitiesCommand(opts, defaultRuntime); }); }); @@ -136,6 +130,7 @@ export function registerChannelsCli(program: Command) { .option("--json", "Output JSON", false) .action(async (entries, opts) => { await runChannelsCommand(async () => { + const { channelsResolveCommand } = await import("../commands/channels.js"); await channelsResolveCommand( { channel: opts.channel as string | undefined, @@ -157,6 +152,7 @@ export function registerChannelsCli(program: Command) { .option("--json", "Output JSON", false) .action(async (opts) => { await runChannelsCommand(async () => { + const { channelsLogsCommand } = await import("../commands/channels.js"); await channelsLogsCommand(opts, defaultRuntime); }); }); @@ -200,6 +196,7 @@ export function registerChannelsCli(program: Command) { .option("--use-env", "Use env token (default account only)", false) .action(async (opts, command) => { await runChannelsCommand(async () => { + const { channelsAddCommand } = await import("../commands/channels.js"); const hasFlags = hasExplicitOptions(command, optionNamesAdd); await channelsAddCommand(opts, defaultRuntime, { hasFlags }); }); @@ -213,6 +210,7 @@ export function registerChannelsCli(program: Command) { .option("--delete", "Delete config entries (no prompt)", false) .action(async (opts, command) => { await runChannelsCommand(async () => { + const { channelsRemoveCommand } = await import("../commands/channels.js"); const hasFlags = hasExplicitOptions(command, optionNamesRemove); await channelsRemoveCommand(opts, defaultRuntime, { hasFlags }); }); diff --git a/src/cli/program/command-registry.ts b/src/cli/program/command-registry.ts index 3e2338f3475..ad468878aeb 100644 --- a/src/cli/program/command-registry.ts +++ b/src/cli/program/command-registry.ts @@ -235,6 +235,10 @@ function collectCoreCliCommandNames(predicate?: (command: CoreCliCommandDescript return names; } +export function getCoreCliCommandDescriptors(): ReadonlyArray { + return coreEntries.flatMap((entry) => entry.commands); +} + export function getCoreCliCommandNames(): string[] { return collectCoreCliCommandNames(); } diff --git a/src/cli/program/root-help.ts b/src/cli/program/root-help.ts new file mode 100644 index 00000000000..b80302e9818 --- /dev/null +++ b/src/cli/program/root-help.ts @@ -0,0 +1,29 @@ +import { Command } from "commander"; +import { VERSION } from "../../version.js"; +import { getCoreCliCommandDescriptors } from "./command-registry.js"; +import { configureProgramHelp } from "./help.js"; +import { getSubCliEntries } from "./register.subclis.js"; + +function buildRootHelpProgram(): Command { + const program = new Command(); + configureProgramHelp(program, { + programVersion: VERSION, + channelOptions: [], + messageChannelOptions: "", + agentChannelOptions: "", + }); + + for (const command of getCoreCliCommandDescriptors()) { + program.command(command.name).description(command.description); + } + for (const command of getSubCliEntries()) { + program.command(command.name).description(command.description); + } + + return program; +} + +export function outputRootHelp(): void { + const program = buildRootHelpProgram(); + program.outputHelp(); +} diff --git a/src/cli/program/routes.test.ts b/src/cli/program/routes.test.ts index 61be251097e..e7958a684a5 100644 --- a/src/cli/program/routes.test.ts +++ b/src/cli/program/routes.test.ts @@ -32,7 +32,7 @@ describe("program routes", () => { await expect(route?.run(argv)).resolves.toBe(false); } - it("matches status route and always loads plugins for security parity", () => { + it("matches status route and always preloads plugins", () => { const route = expectRoute(["status"]); expect(route?.loadPlugins).toBe(true); }); diff --git a/src/cli/run-main.exit.test.ts b/src/cli/run-main.exit.test.ts index 3e56c1ce794..6af996ed820 100644 --- a/src/cli/run-main.exit.test.ts +++ b/src/cli/run-main.exit.test.ts @@ -7,6 +7,8 @@ const normalizeEnvMock = vi.hoisted(() => vi.fn()); const ensurePathMock = vi.hoisted(() => vi.fn()); const assertRuntimeMock = vi.hoisted(() => vi.fn()); const closeAllMemorySearchManagersMock = vi.hoisted(() => vi.fn(async () => {})); +const outputRootHelpMock = vi.hoisted(() => vi.fn()); +const buildProgramMock = vi.hoisted(() => vi.fn()); vi.mock("./route.js", () => ({ tryRouteCli: tryRouteCliMock, @@ -32,6 +34,14 @@ vi.mock("../memory/search-manager.js", () => ({ closeAllMemorySearchManagers: closeAllMemorySearchManagersMock, })); +vi.mock("./program/root-help.js", () => ({ + outputRootHelp: outputRootHelpMock, +})); + +vi.mock("./program.js", () => ({ + buildProgram: buildProgramMock, +})); + const { runCli } = await import("./run-main.js"); describe("runCli exit behavior", () => { @@ -52,4 +62,19 @@ describe("runCli exit behavior", () => { expect(exitSpy).not.toHaveBeenCalled(); exitSpy.mockRestore(); }); + + it("renders root help without building the full program", async () => { + const exitSpy = vi.spyOn(process, "exit").mockImplementation(((code?: number) => { + throw new Error(`unexpected process.exit(${String(code)})`); + }) as typeof process.exit); + + await runCli(["node", "openclaw", "--help"]); + + expect(tryRouteCliMock).not.toHaveBeenCalled(); + expect(outputRootHelpMock).toHaveBeenCalledTimes(1); + expect(buildProgramMock).not.toHaveBeenCalled(); + expect(closeAllMemorySearchManagersMock).toHaveBeenCalledTimes(1); + expect(exitSpy).not.toHaveBeenCalled(); + exitSpy.mockRestore(); + }); }); diff --git a/src/cli/run-main.test.ts b/src/cli/run-main.test.ts index 495a23684d1..63259259134 100644 --- a/src/cli/run-main.test.ts +++ b/src/cli/run-main.test.ts @@ -4,6 +4,7 @@ import { shouldEnsureCliPath, shouldRegisterPrimarySubcommand, shouldSkipPluginCommandRegistration, + shouldUseRootHelpFastPath, } from "./run-main.js"; describe("rewriteUpdateFlagArgv", () => { @@ -126,3 +127,12 @@ describe("shouldEnsureCliPath", () => { expect(shouldEnsureCliPath(["node", "openclaw", "acp", "-v"])).toBe(true); }); }); + +describe("shouldUseRootHelpFastPath", () => { + it("uses the fast path for root help only", () => { + expect(shouldUseRootHelpFastPath(["node", "openclaw", "--help"])).toBe(true); + expect(shouldUseRootHelpFastPath(["node", "openclaw", "--profile", "work", "-h"])).toBe(true); + expect(shouldUseRootHelpFastPath(["node", "openclaw", "status", "--help"])).toBe(false); + expect(shouldUseRootHelpFastPath(["node", "openclaw", "--help", "status"])).toBe(false); + }); +}); diff --git a/src/cli/run-main.ts b/src/cli/run-main.ts index c0673ddf2af..188448a64e4 100644 --- a/src/cli/run-main.ts +++ b/src/cli/run-main.ts @@ -8,7 +8,12 @@ import { ensureOpenClawCliOnPath } from "../infra/path-env.js"; import { assertSupportedRuntime } from "../infra/runtime-guard.js"; import { installUnhandledRejectionHandler } from "../infra/unhandled-rejections.js"; import { enableConsoleCapture } from "../logging.js"; -import { getCommandPathWithRootOptions, getPrimaryCommand, hasHelpOrVersion } from "./argv.js"; +import { + getCommandPathWithRootOptions, + getPrimaryCommand, + hasHelpOrVersion, + isRootHelpInvocation, +} from "./argv.js"; import { applyCliProfileEnv, parseCliProfileArgs } from "./profile.js"; import { tryRouteCli } from "./route.js"; import { normalizeWindowsArgv } from "./windows-argv.js"; @@ -71,6 +76,10 @@ export function shouldEnsureCliPath(argv: string[]): boolean { return true; } +export function shouldUseRootHelpFastPath(argv: string[]): boolean { + return isRootHelpInvocation(argv); +} + export async function runCli(argv: string[] = process.argv) { let normalizedArgv = normalizeWindowsArgv(argv); const parsedProfile = parseCliProfileArgs(normalizedArgv); @@ -92,6 +101,12 @@ export async function runCli(argv: string[] = process.argv) { assertSupportedRuntime(); try { + if (shouldUseRootHelpFastPath(normalizedArgv)) { + const { outputRootHelp } = await import("./program/root-help.js"); + outputRootHelp(); + return; + } + if (await tryRouteCli(normalizedArgv)) { return; } diff --git a/src/commands/channels/add.ts b/src/commands/channels/add.ts index 3cc2f305870..52a358f4946 100644 --- a/src/commands/channels/add.ts +++ b/src/commands/channels/add.ts @@ -1,5 +1,3 @@ -import { resolveTelegramAccount } from "../../../extensions/telegram/src/accounts.js"; -import { deleteTelegramUpdateOffset } from "../../../extensions/telegram/src/update-offset-store.js"; import { resolveAgentWorkspaceDir, resolveDefaultAgentId } from "../../agents/agent-scope.js"; import { listChannelPluginCatalogEntries } from "../../channels/plugins/catalog.js"; import { parseOptionalDelimitedEntries } from "../../channels/plugins/helpers.js"; @@ -11,13 +9,7 @@ import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../routing/session-ke import { defaultRuntime, type RuntimeEnv } from "../../runtime.js"; import { createClackPrompter } from "../../wizard/clack-prompter.js"; import { applyAgentBindings, describeBinding } from "../agents.bindings.js"; -import { buildAgentSummaries } from "../agents.config.js"; -import { setupChannels } from "../onboard-channels.js"; import type { ChannelChoice } from "../onboard-types.js"; -import { - ensureOnboardingPluginInstalled, - reloadOnboardingPluginRegistry, -} from "../onboarding/plugin-install.js"; import { applyAccountName, applyChannelAccountConfig } from "./add-mutators.js"; import { channelLabel, requireValidConfig, shouldUseWizard } from "./shared.js"; @@ -56,6 +48,10 @@ export async function channelsAddCommand( const useWizard = shouldUseWizard(params); if (useWizard) { + const [{ buildAgentSummaries }, { setupChannels }] = await Promise.all([ + import("../agents.config.js"), + import("../onboard-channels.js"), + ]); const prompter = createClackPrompter(); let selection: ChannelChoice[] = []; const accountIds: Partial> = {}; @@ -176,6 +172,8 @@ export async function channelsAddCommand( let catalogEntry = channel ? undefined : resolveCatalogChannelEntry(rawChannel, nextConfig); if (!channel && catalogEntry) { + const { ensureOnboardingPluginInstalled, reloadOnboardingPluginRegistry } = + await import("../onboarding/plugin-install.js"); const prompter = createClackPrompter(); const workspaceDir = resolveAgentWorkspaceDir(nextConfig, resolveDefaultAgentId(nextConfig)); const result = await ensureOnboardingPluginInstalled({ @@ -269,10 +267,20 @@ export async function channelsAddCommand( return; } - const previousTelegramToken = - channel === "telegram" - ? resolveTelegramAccount({ cfg: nextConfig, accountId }).token.trim() - : ""; + let previousTelegramToken = ""; + let resolveTelegramAccount: + | (( + params: Parameters< + typeof import("../../../extensions/telegram/src/accounts.js").resolveTelegramAccount + >[0], + ) => ReturnType< + typeof import("../../../extensions/telegram/src/accounts.js").resolveTelegramAccount + >) + | undefined; + if (channel === "telegram") { + ({ resolveTelegramAccount } = await import("../../../extensions/telegram/src/accounts.js")); + previousTelegramToken = resolveTelegramAccount({ cfg: nextConfig, accountId }).token.trim(); + } if (accountId !== DEFAULT_ACCOUNT_ID) { nextConfig = moveSingleAccountChannelSectionToDefaultAccount({ @@ -288,7 +296,9 @@ export async function channelsAddCommand( input, }); - if (channel === "telegram") { + if (channel === "telegram" && resolveTelegramAccount) { + const { deleteTelegramUpdateOffset } = + await import("../../../extensions/telegram/src/update-offset-store.js"); const nextTelegramToken = resolveTelegramAccount({ cfg: nextConfig, accountId }).token.trim(); if (previousTelegramToken !== nextTelegramToken) { // Clear stale polling offsets after Telegram token rotation. diff --git a/src/commands/status.test.ts b/src/commands/status.test.ts index e307ffa3694..c40693302ac 100644 --- a/src/commands/status.test.ts +++ b/src/commands/status.test.ts @@ -417,6 +417,12 @@ describe("statusCommand", () => { expect(payload.securityAudit.summary.warn).toBe(1); expect(payload.gatewayService.label).toBe("LaunchAgent"); expect(payload.nodeService.label).toBe("LaunchAgent"); + expect(mocks.runSecurityAudit).toHaveBeenCalledWith( + expect.objectContaining({ + includeFilesystem: true, + includeChannelSecurity: true, + }), + ); }); it("surfaces unknown usage when totalTokens is missing", async () => { @@ -505,8 +511,8 @@ describe("statusCommand", () => { await statusCommand({ json: true }, runtime as never); const payload = JSON.parse(String(runtimeLogMock.mock.calls.at(-1)?.[0])); - expect(payload.gateway.error).toContain("gateway.auth.token"); - expect(payload.gateway.error).toContain("SecretRef"); + expect(payload.gateway.error ?? payload.gateway.authWarning ?? null).not.toBeNull(); + expect(runtime.error).not.toHaveBeenCalled(); }); it("surfaces channel runtime errors from the gateway", async () => { From a47722de7e3c9cbda8d5512747ca7e3bb8f6ee66 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 09:24:24 -0700 Subject: [PATCH 19/34] Integrations: tighten inbound callback and allowlist checks (#46787) * Integrations: harden inbound callback and allowlist handling * Integrations: address review follow-ups * Update CHANGELOG.md * Mattermost: avoid command-gating open button callbacks --- CHANGELOG.md | 4 +- extensions/googlechat/src/auth.test.ts | 97 +++++++++++++++++++ extensions/googlechat/src/auth.ts | 31 +++++- extensions/googlechat/src/monitor-webhook.ts | 2 + .../src/mattermost/interactions.test.ts | 31 ++++++ .../mattermost/src/mattermost/interactions.ts | 35 +++++++ .../mattermost/src/mattermost/monitor.ts | 39 ++++++++ .../nextcloud-talk/src/inbound.authz.test.ts | 73 ++++++++++++++ extensions/nextcloud-talk/src/inbound.ts | 1 - extensions/nextcloud-talk/src/policy.ts | 10 +- extensions/twitch/src/access-control.test.ts | 7 ++ extensions/twitch/src/access-control.ts | 8 +- src/config/types.googlechat.ts | 2 + src/config/zod-schema.providers-core.ts | 1 + 14 files changed, 323 insertions(+), 18 deletions(-) create mode 100644 extensions/googlechat/src/auth.test.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b05fec4ff7..98b77975d4d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ Docs: https://docs.openclaw.ai - Zalo Personal/group gating: stop reapplying `dmPolicy.allowFrom` as a sender gate for already-allowlisted groups when `groupAllowFrom` is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#40146) - Browser/remote CDP: honor strict browser SSRF policy during remote CDP reachability and `/json/version` discovery checks, redact sensitive `cdpUrl` tokens from status output, and warn when remote CDP targets private/internal hosts. - Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`. +- Inbound policy hardening: tighten callback and webhook sender checks across Mattermost and Google Chat, match Nextcloud Talk rooms by stable room token, and treat explicit empty Twitch allowlists as deny-all. Thanks @vincentkoc. - macOS/canvas actions: keep unattended local agent actions on trusted in-app canvas surfaces only, and stop exposing the deep-link fallback key to arbitrary page scripts. Thanks @vincentkoc. - Agents/compaction: extend the enclosing run deadline once while compaction is actively in flight, and abort the underlying SDK compaction on timeout/cancel so large-session compactions stop freezing mid-run. (#46889) Thanks @asyncjason. - Models/openai-completions: default non-native OpenAI-compatible providers to omit tool-definition `strict` fields unless users explicitly opt back in, so tool calling keeps working on providers that reject that option. (#45497) Thanks @sahancava. @@ -36,9 +37,6 @@ Docs: https://docs.openclaw.ai - WhatsApp/login: wait for pending creds writes before reopening after Baileys `515` pairing restarts in both QR login and `channels login` flows, and keep the restart coverage pinned to the real wrapped error shape plus per-account creds queues. (#27910) Thanks @asyncjason. - Agents/openai-compatible tool calls: deduplicate repeated tool call ids across live assistant messages and replayed history so OpenAI-compatible backends no longer reject duplicate `tool_call_id` values with HTTP 400. (#40996) Thanks @xaeon2026. - Security/device pairing: harden `device.token.rotate` deny handling by keeping public failures generic while logging internal deny reasons and preserving approved-baseline enforcement. (`GHSA-7jrw-x62h-64p8`) - -### Fixes - - Slack/interactive replies: preserve `channelData.slack.blocks` through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. Thanks @vincentkoc. - Zalo/plugin runtime: export `resolveClientIp` from `openclaw/plugin-sdk/zalo` so installed builds no longer crash on startup when the webhook monitor loads from the packaged extension instead of the monorepo source tree. (#46549) Thanks @No898. - CI/channel test routing: move the built-in channel suites into `test:channels` and keep them out of `test:extensions`, so extension CI no longer fails after the channel migration while targeted test routing still sends Slack, Signal, and iMessage suites to the right lane. (#46066) Thanks @scoootscooob. diff --git a/extensions/googlechat/src/auth.test.ts b/extensions/googlechat/src/auth.test.ts new file mode 100644 index 00000000000..9fa39e51c65 --- /dev/null +++ b/extensions/googlechat/src/auth.test.ts @@ -0,0 +1,97 @@ +import { beforeEach, describe, expect, it, vi } from "vitest"; + +const mocks = vi.hoisted(() => ({ + verifyIdToken: vi.fn(), +})); + +vi.mock("google-auth-library", () => ({ + GoogleAuth: class {}, + OAuth2Client: class { + verifyIdToken = mocks.verifyIdToken; + }, +})); + +const { verifyGoogleChatRequest } = await import("./auth.js"); + +function mockTicket(payload: Record) { + mocks.verifyIdToken.mockResolvedValue({ + getPayload: () => payload, + }); +} + +describe("verifyGoogleChatRequest", () => { + beforeEach(() => { + mocks.verifyIdToken.mockReset(); + }); + + it("accepts Google Chat app-url tokens from the Chat issuer", async () => { + mockTicket({ + email: "chat@system.gserviceaccount.com", + email_verified: true, + }); + + await expect( + verifyGoogleChatRequest({ + bearer: "token", + audienceType: "app-url", + audience: "https://example.com/googlechat", + }), + ).resolves.toEqual({ ok: true }); + }); + + it("rejects add-on tokens when no principal binding is configured", async () => { + mockTicket({ + email: "service-123@gcp-sa-gsuiteaddons.iam.gserviceaccount.com", + email_verified: true, + sub: "principal-1", + }); + + await expect( + verifyGoogleChatRequest({ + bearer: "token", + audienceType: "app-url", + audience: "https://example.com/googlechat", + }), + ).resolves.toEqual({ + ok: false, + reason: "missing add-on principal binding", + }); + }); + + it("accepts add-on tokens only when the bound principal matches", async () => { + mockTicket({ + email: "service-123@gcp-sa-gsuiteaddons.iam.gserviceaccount.com", + email_verified: true, + sub: "principal-1", + }); + + await expect( + verifyGoogleChatRequest({ + bearer: "token", + audienceType: "app-url", + audience: "https://example.com/googlechat", + expectedAddOnPrincipal: "principal-1", + }), + ).resolves.toEqual({ ok: true }); + }); + + it("rejects add-on tokens when the bound principal does not match", async () => { + mockTicket({ + email: "service-123@gcp-sa-gsuiteaddons.iam.gserviceaccount.com", + email_verified: true, + sub: "principal-2", + }); + + await expect( + verifyGoogleChatRequest({ + bearer: "token", + audienceType: "app-url", + audience: "https://example.com/googlechat", + expectedAddOnPrincipal: "principal-1", + }), + ).resolves.toEqual({ + ok: false, + reason: "unexpected add-on principal: principal-2", + }); + }); +}); diff --git a/extensions/googlechat/src/auth.ts b/extensions/googlechat/src/auth.ts index 6870ea8ec0f..dd20d1267f7 100644 --- a/extensions/googlechat/src/auth.ts +++ b/extensions/googlechat/src/auth.ts @@ -94,6 +94,7 @@ export async function verifyGoogleChatRequest(params: { bearer?: string | null; audienceType?: GoogleChatAudienceType | null; audience?: string | null; + expectedAddOnPrincipal?: string | null; }): Promise<{ ok: boolean; reason?: string }> { const bearer = params.bearer?.trim(); if (!bearer) { @@ -112,10 +113,32 @@ export async function verifyGoogleChatRequest(params: { audience, }); const payload = ticket.getPayload(); - const email = payload?.email ?? ""; - const ok = - payload?.email_verified && (email === CHAT_ISSUER || ADDON_ISSUER_PATTERN.test(email)); - return ok ? { ok: true } : { ok: false, reason: `invalid issuer: ${email}` }; + const email = String(payload?.email ?? "") + .trim() + .toLowerCase(); + if (!payload?.email_verified) { + return { ok: false, reason: "email not verified" }; + } + if (email === CHAT_ISSUER) { + return { ok: true }; + } + if (!ADDON_ISSUER_PATTERN.test(email)) { + return { ok: false, reason: `invalid issuer: ${email}` }; + } + const expectedAddOnPrincipal = params.expectedAddOnPrincipal?.trim().toLowerCase(); + if (!expectedAddOnPrincipal) { + return { ok: false, reason: "missing add-on principal binding" }; + } + const tokenPrincipal = String(payload?.sub ?? "") + .trim() + .toLowerCase(); + if (!tokenPrincipal || tokenPrincipal !== expectedAddOnPrincipal) { + return { + ok: false, + reason: `unexpected add-on principal: ${tokenPrincipal || ""}`, + }; + } + return { ok: true }; } catch (err) { return { ok: false, reason: err instanceof Error ? err.message : "invalid token" }; } diff --git a/extensions/googlechat/src/monitor-webhook.ts b/extensions/googlechat/src/monitor-webhook.ts index cde54214575..56f355cce83 100644 --- a/extensions/googlechat/src/monitor-webhook.ts +++ b/extensions/googlechat/src/monitor-webhook.ts @@ -132,6 +132,7 @@ export function createGoogleChatWebhookRequestHandler(params: { bearer: headerBearer, audienceType: target.audienceType, audience: target.audience, + expectedAddOnPrincipal: target.account.config.appPrincipal, }); return verification.ok; }, @@ -166,6 +167,7 @@ export function createGoogleChatWebhookRequestHandler(params: { bearer: parsed.addOnBearerToken, audienceType: target.audienceType, audience: target.audience, + expectedAddOnPrincipal: target.account.config.appPrincipal, }); return verification.ok; }, diff --git a/extensions/mattermost/src/mattermost/interactions.test.ts b/extensions/mattermost/src/mattermost/interactions.test.ts index 62c7bdb757f..dea16d51e57 100644 --- a/extensions/mattermost/src/mattermost/interactions.test.ts +++ b/extensions/mattermost/src/mattermost/interactions.test.ts @@ -738,6 +738,37 @@ describe("createMattermostInteractionHandler", () => { expectSuccessfulApprovalUpdate(res, requestLog); }); + it("blocks button dispatch when the sender is not allowed for the action", async () => { + const { context, token } = createActionContext(); + const dispatchButtonClick = vi.fn(); + const handleInteraction = vi.fn(); + const handler = createMattermostInteractionHandler({ + client: { + request: async (_path: string, init?: { method?: string }) => + init?.method === "PUT" ? { id: "post-1" } : createActionPost(), + } as unknown as MattermostClient, + botUserId: "bot", + accountId: "acct", + authorizeButtonClick: async () => ({ + ok: false, + response: { + ephemeral_text: "blocked", + }, + }), + handleInteraction, + dispatchButtonClick, + }); + + const res = await runHandler(handler, { + body: createInteractionBody({ context, token }), + }); + + expect(res.statusCode).toBe(200); + expect(res.body).toContain("blocked"); + expect(handleInteraction).not.toHaveBeenCalled(); + expect(dispatchButtonClick).not.toHaveBeenCalled(); + }); + it("forwards fetched post threading metadata to session and button callbacks", async () => { const enqueueSystemEvent = vi.fn(); setMattermostRuntime({ diff --git a/extensions/mattermost/src/mattermost/interactions.ts b/extensions/mattermost/src/mattermost/interactions.ts index f99d0b5d3ac..f4ef06cf1ed 100644 --- a/extensions/mattermost/src/mattermost/interactions.ts +++ b/extensions/mattermost/src/mattermost/interactions.ts @@ -37,6 +37,10 @@ export type MattermostInteractionResponse = { ephemeral_text?: string; }; +export type MattermostInteractionAuthorizationResult = + | { ok: true } + | { ok: false; statusCode?: number; response?: MattermostInteractionResponse }; + export type MattermostInteractiveButtonInput = { id?: string; callback_data?: string; @@ -404,6 +408,10 @@ export function createMattermostInteractionHandler(params: { context: Record; post: MattermostPost; }) => Promise; + authorizeButtonClick?: (opts: { + payload: MattermostInteractionPayload; + post: MattermostPost; + }) => Promise; dispatchButtonClick?: (opts: { channelId: string; userId: string; @@ -566,6 +574,33 @@ export function createMattermostInteractionHandler(params: { `post=${payload.post_id} channel=${payload.channel_id}`, ); + if (params.authorizeButtonClick) { + try { + const authorization = await params.authorizeButtonClick({ + payload, + post: originalPost, + }); + if (!authorization.ok) { + res.statusCode = authorization.statusCode ?? 200; + res.setHeader("Content-Type", "application/json"); + res.end( + JSON.stringify( + authorization.response ?? { + ephemeral_text: "You are not allowed to use this action here.", + }, + ), + ); + return; + } + } catch (err) { + log?.(`mattermost interaction: authorization failed: ${String(err)}`); + res.statusCode = 500; + res.setHeader("Content-Type", "application/json"); + res.end(JSON.stringify({ error: "Interaction authorization failed" })); + return; + } + } + if (params.handleInteraction) { try { const response = await params.handleInteraction({ diff --git a/extensions/mattermost/src/mattermost/monitor.ts b/extensions/mattermost/src/mattermost/monitor.ts index 16e3bd6434a..e56e4a9b9af 100644 --- a/extensions/mattermost/src/mattermost/monitor.ts +++ b/extensions/mattermost/src/mattermost/monitor.ts @@ -567,6 +567,45 @@ export async function monitorMattermostProvider(opts: MonitorMattermostOpts = {} trustedProxies: cfg.gateway?.trustedProxies, allowRealIpFallback: cfg.gateway?.allowRealIpFallback === true, handleInteraction: handleModelPickerInteraction, + authorizeButtonClick: async ({ payload, post }) => { + const channelInfo = await resolveChannelInfo(payload.channel_id); + const isDirect = channelInfo?.type?.trim().toUpperCase() === "D"; + const allowTextCommands = core.channel.commands.shouldHandleTextCommands({ + cfg, + surface: "mattermost", + }); + const decision = authorizeMattermostCommandInvocation({ + account, + cfg, + senderId: payload.user_id, + senderName: payload.user_name ?? "", + channelId: payload.channel_id, + channelInfo, + storeAllowFrom: isDirect + ? await readStoreAllowFromForDmPolicy({ + provider: "mattermost", + accountId: account.accountId, + dmPolicy: account.config.dmPolicy ?? "pairing", + readStore: pairing.readStoreForDmPolicy, + }) + : undefined, + allowTextCommands, + hasControlCommand: false, + }); + if (decision.ok) { + return { ok: true }; + } + return { + ok: false, + response: { + update: { + message: post.message ?? "", + props: post.props as Record | undefined, + }, + ephemeral_text: `OpenClaw ignored this action for ${decision.roomLabel}.`, + }, + }; + }, resolveSessionKey: async ({ channelId, userId, post }) => { const channelInfo = await resolveChannelInfo(channelId); const kind = mapMattermostChannelTypeToChatType(channelInfo?.type); diff --git a/extensions/nextcloud-talk/src/inbound.authz.test.ts b/extensions/nextcloud-talk/src/inbound.authz.test.ts index f19fa73e020..bde32abdb3c 100644 --- a/extensions/nextcloud-talk/src/inbound.authz.test.ts +++ b/extensions/nextcloud-talk/src/inbound.authz.test.ts @@ -81,4 +81,77 @@ describe("nextcloud-talk inbound authz", () => { }); expect(buildMentionRegexes).not.toHaveBeenCalled(); }); + + it("matches group rooms by token instead of colliding room names", async () => { + const readAllowFromStore = vi.fn(async () => []); + const buildMentionRegexes = vi.fn(() => [/@openclaw/i]); + + setNextcloudTalkRuntime({ + channel: { + pairing: { + readAllowFromStore, + }, + commands: { + shouldHandleTextCommands: () => false, + }, + text: { + hasControlCommand: () => false, + }, + mentions: { + buildMentionRegexes, + matchesMentionPatterns: () => false, + }, + }, + } as unknown as PluginRuntime); + + const message: NextcloudTalkInboundMessage = { + messageId: "m-2", + roomToken: "room-attacker", + roomName: "Room Trusted", + senderId: "trusted-user", + senderName: "Trusted User", + text: "hello", + mediaType: "text/plain", + timestamp: Date.now(), + isGroupChat: true, + }; + + const account: ResolvedNextcloudTalkAccount = { + accountId: "default", + enabled: true, + baseUrl: "", + secret: "", + secretSource: "none", + config: { + dmPolicy: "pairing", + allowFrom: [], + groupPolicy: "allowlist", + groupAllowFrom: ["trusted-user"], + rooms: { + "room-trusted": { + enabled: true, + }, + }, + }, + }; + + await handleNextcloudTalkInbound({ + message, + account, + config: { + channels: { + "nextcloud-talk": { + groupPolicy: "allowlist", + groupAllowFrom: ["trusted-user"], + }, + }, + }, + runtime: { + log: vi.fn(), + error: vi.fn(), + } as unknown as RuntimeEnv, + }); + + expect(buildMentionRegexes).not.toHaveBeenCalled(); + }); }); diff --git a/extensions/nextcloud-talk/src/inbound.ts b/extensions/nextcloud-talk/src/inbound.ts index 081029782f8..10ecd924fd7 100644 --- a/extensions/nextcloud-talk/src/inbound.ts +++ b/extensions/nextcloud-talk/src/inbound.ts @@ -114,7 +114,6 @@ export async function handleNextcloudTalkInbound(params: { const roomMatch = resolveNextcloudTalkRoomMatch({ rooms: account.config.rooms, roomToken, - roomName, }); const roomConfig = roomMatch.roomConfig; if (isGroup && !roomMatch.allowed) { diff --git a/extensions/nextcloud-talk/src/policy.ts b/extensions/nextcloud-talk/src/policy.ts index 1157384b578..15e19da84de 100644 --- a/extensions/nextcloud-talk/src/policy.ts +++ b/extensions/nextcloud-talk/src/policy.ts @@ -57,16 +57,10 @@ export type NextcloudTalkRoomMatch = { export function resolveNextcloudTalkRoomMatch(params: { rooms?: Record; roomToken: string; - roomName?: string | null; }): NextcloudTalkRoomMatch { const rooms = params.rooms ?? {}; const allowlistConfigured = Object.keys(rooms).length > 0; - const roomName = params.roomName?.trim() || undefined; - const roomCandidates = buildChannelKeyCandidates( - params.roomToken, - roomName, - roomName ? normalizeChannelSlug(roomName) : undefined, - ); + const roomCandidates = buildChannelKeyCandidates(params.roomToken); const match = resolveChannelEntryMatchWithFallback({ entries: rooms, keys: roomCandidates, @@ -101,11 +95,9 @@ export function resolveNextcloudTalkGroupToolPolicy( if (!roomToken) { return undefined; } - const roomName = params.groupChannel?.trim() || undefined; const match = resolveNextcloudTalkRoomMatch({ rooms: cfg.channels?.["nextcloud-talk"]?.rooms, roomToken, - roomName, }); return match.roomConfig?.tools ?? match.wildcardConfig?.tools; } diff --git a/extensions/twitch/src/access-control.test.ts b/extensions/twitch/src/access-control.test.ts index 3d522246700..597ef897f90 100644 --- a/extensions/twitch/src/access-control.test.ts +++ b/extensions/twitch/src/access-control.test.ts @@ -160,6 +160,13 @@ describe("checkTwitchAccessControl", () => { }); }); + it("blocks everyone when allowFrom is explicitly empty", () => { + expectAllowFromBlocked({ + allowFrom: [], + reason: "allowFrom", + }); + }); + it("blocks messages without userId", () => { expectAllowFromBlocked({ allowFrom: ["123456"], diff --git a/extensions/twitch/src/access-control.ts b/extensions/twitch/src/access-control.ts index 5555096d27d..1c4a043d42b 100644 --- a/extensions/twitch/src/access-control.ts +++ b/extensions/twitch/src/access-control.ts @@ -48,8 +48,14 @@ export function checkTwitchAccessControl(params: { } } - if (account.allowFrom && account.allowFrom.length > 0) { + if (account.allowFrom !== undefined) { const allowFrom = account.allowFrom; + if (allowFrom.length === 0) { + return { + allowed: false, + reason: "sender is not in allowFrom allowlist", + }; + } const senderId = message.userId; if (!senderId) { diff --git a/src/config/types.googlechat.ts b/src/config/types.googlechat.ts index fdfc23fd866..1951e51db10 100644 --- a/src/config/types.googlechat.ts +++ b/src/config/types.googlechat.ts @@ -75,6 +75,8 @@ export type GoogleChatAccountConfig = { audienceType?: "app-url" | "project-number"; /** Audience value (app URL or project number). */ audience?: string; + /** Exact add-on principal to accept when app-url delivery uses add-on tokens. */ + appPrincipal?: string; /** Google Chat webhook path (default: /googlechat). */ webhookPath?: string; /** Google Chat webhook URL (used to derive the path). */ diff --git a/src/config/zod-schema.providers-core.ts b/src/config/zod-schema.providers-core.ts index e6e4a3aacd2..5f7dd7b8e48 100644 --- a/src/config/zod-schema.providers-core.ts +++ b/src/config/zod-schema.providers-core.ts @@ -767,6 +767,7 @@ export const GoogleChatAccountSchema = z serviceAccountFile: z.string().optional(), audienceType: z.enum(["app-url", "project-number"]).optional(), audience: z.string().optional(), + appPrincipal: z.string().optional(), webhookPath: z.string().optional(), webhookUrl: z.string().optional(), botUser: z.string().optional(), From 229426a257e49694a59fa4e3895861d02a4d767f Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 09:28:44 -0700 Subject: [PATCH 20/34] ACP: require admin scope for mutating internal actions (#46789) * ACP: require admin scope for mutating internal actions * ACP: cover operator admin mutating actions * ACP: gate internal status behind admin scope --- src/auto-reply/reply/commands-acp.test.ts | 77 +++++++++++++++++++++++ src/auto-reply/reply/commands-acp.ts | 27 ++++++++ 2 files changed, 104 insertions(+) diff --git a/src/auto-reply/reply/commands-acp.test.ts b/src/auto-reply/reply/commands-acp.test.ts index 937d282c18e..e41fbd80ec2 100644 --- a/src/auto-reply/reply/commands-acp.test.ts +++ b/src/auto-reply/reply/commands-acp.test.ts @@ -2,6 +2,7 @@ import { beforeEach, describe, expect, it, vi } from "vitest"; import { AcpRuntimeError } from "../../acp/runtime/errors.js"; import type { OpenClawConfig } from "../../config/config.js"; import type { SessionBindingRecord } from "../../infra/outbound/session-binding-service.js"; +import { INTERNAL_MESSAGE_CHANNEL } from "../../utils/message-channel.js"; const hoisted = vi.hoisted(() => { const callGatewayMock = vi.fn(); @@ -374,6 +375,24 @@ async function runFeishuDmAcpCommand(commandBody: string, cfg: OpenClawConfig = return handleAcpCommand(createFeishuDmParams(commandBody, cfg), true); } +async function runInternalAcpCommand(params: { + commandBody: string; + scopes: string[]; + cfg?: OpenClawConfig; +}) { + const commandParams = buildCommandTestParams(params.commandBody, params.cfg ?? baseCfg, { + Provider: INTERNAL_MESSAGE_CHANNEL, + Surface: INTERNAL_MESSAGE_CHANNEL, + OriginatingChannel: INTERNAL_MESSAGE_CHANNEL, + OriginatingTo: "webchat:conversation-1", + GatewayClientScopes: params.scopes, + }); + commandParams.command.channel = INTERNAL_MESSAGE_CHANNEL; + commandParams.command.senderId = "user-1"; + commandParams.command.senderIsOwner = true; + return handleAcpCommand(commandParams, true); +} + describe("/acp command", () => { beforeEach(() => { acpManagerTesting.resetAcpSessionManagerForTests(); @@ -824,6 +843,64 @@ describe("/acp command", () => { expect(result?.reply?.text).toContain("Updated ACP runtime mode"); }); + it("blocks mutating /acp actions for internal operator.write clients", async () => { + const result = await runInternalAcpCommand({ + commandBody: "/acp set-mode plan", + scopes: ["operator.write"], + }); + + expect(result?.shouldContinue).toBe(false); + expect(result?.reply?.text).toContain("requires operator.admin"); + }); + + it("blocks /acp status for internal operator.write clients", async () => { + const result = await runInternalAcpCommand({ + commandBody: "/acp status", + scopes: ["operator.write"], + }); + + expect(result?.shouldContinue).toBe(false); + expect(result?.reply?.text).toContain("requires operator.admin"); + }); + + it("keeps read-only /acp actions available to internal operator.write clients", async () => { + hoisted.listAcpSessionEntriesMock.mockResolvedValue([ + createAcpSessionEntry({ + identity: { + state: "resolved", + source: "status", + acpxSessionId: "runtime-1", + agentSessionId: "session-1", + lastUpdatedAt: Date.now(), + }, + }), + ]); + + const result = await runInternalAcpCommand({ + commandBody: "/acp sessions", + scopes: ["operator.write"], + }); + + expect(result?.shouldContinue).toBe(false); + expect(result?.reply?.text).toContain("ACP sessions"); + }); + + it("allows mutating /acp actions for internal operator.admin clients", async () => { + mockBoundThreadSession(); + + const result = await runInternalAcpCommand({ + commandBody: "/acp set-mode plan", + scopes: ["operator.admin"], + }); + + expect(hoisted.setModeMock).toHaveBeenCalledWith( + expect.objectContaining({ + mode: "plan", + }), + ); + expect(result?.reply?.text).toContain("Updated ACP runtime mode"); + }); + it("updates ACP config options and keeps cwd local when using /acp set", async () => { mockBoundThreadSession(); diff --git a/src/auto-reply/reply/commands-acp.ts b/src/auto-reply/reply/commands-acp.ts index 2eef395c9a2..e23faf74d10 100644 --- a/src/auto-reply/reply/commands-acp.ts +++ b/src/auto-reply/reply/commands-acp.ts @@ -1,4 +1,5 @@ import { logVerbose } from "../../globals.js"; +import { requireGatewayClientScopeForInternalChannel } from "./command-gates.js"; import { handleAcpDoctorAction, handleAcpInstallAction, @@ -56,6 +57,21 @@ const ACP_ACTION_HANDLERS: Record, AcpActionHandler> sessions: async (params, tokens) => handleAcpSessionsAction(params, tokens), }; +const ACP_MUTATING_ACTIONS = new Set([ + "spawn", + "cancel", + "steer", + "close", + "status", + "set-mode", + "set", + "cwd", + "permissions", + "timeout", + "model", + "reset-options", +]); + export const handleAcpCommand: CommandHandler = async (params, allowTextCommands) => { if (!allowTextCommands) { return null; @@ -78,6 +94,17 @@ export const handleAcpCommand: CommandHandler = async (params, allowTextCommands return stopWithText(resolveAcpHelpText()); } + if (ACP_MUTATING_ACTIONS.has(action)) { + const scopeBlock = requireGatewayClientScopeForInternalChannel(params, { + label: "/acp", + allowedScopes: ["operator.admin"], + missingText: "This /acp action requires operator.admin on the internal channel.", + }); + if (scopeBlock) { + return scopeBlock; + } + } + const handler = ACP_ACTION_HANDLERS[action]; return handler ? await handler(params, tokens) : stopWithText(resolveAcpHelpText()); }; From a493f01a9033a6ad87af8fb4c7f0efc9b891540b Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 09:33:37 -0700 Subject: [PATCH 21/34] Changelog: add missing PR credits --- CHANGELOG.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 98b77975d4d..9d65d324d22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,7 +29,7 @@ Docs: https://docs.openclaw.ai - Zalo Personal/group gating: stop reapplying `dmPolicy.allowFrom` as a sender gate for already-allowlisted groups when `groupAllowFrom` is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#40146) - Browser/remote CDP: honor strict browser SSRF policy during remote CDP reachability and `/json/version` discovery checks, redact sensitive `cdpUrl` tokens from status output, and warn when remote CDP targets private/internal hosts. - Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`. -- Inbound policy hardening: tighten callback and webhook sender checks across Mattermost and Google Chat, match Nextcloud Talk rooms by stable room token, and treat explicit empty Twitch allowlists as deny-all. Thanks @vincentkoc. +- Inbound policy hardening: tighten callback and webhook sender checks across Mattermost and Google Chat, match Nextcloud Talk rooms by stable room token, and treat explicit empty Twitch allowlists as deny-all. (#46787) Thanks @zpbrent, @ijxpwastaken and @vincentkoc. - macOS/canvas actions: keep unattended local agent actions on trusted in-app canvas surfaces only, and stop exposing the deep-link fallback key to arbitrary page scripts. Thanks @vincentkoc. - Agents/compaction: extend the enclosing run deadline once while compaction is actively in flight, and abort the underlying SDK compaction on timeout/cancel so large-session compactions stop freezing mid-run. (#46889) Thanks @asyncjason. - Models/openai-completions: default non-native OpenAI-compatible providers to omit tool-definition `strict` fields unless users explicitly opt back in, so tool calling keeps working on providers that reject that option. (#45497) Thanks @sahancava. @@ -44,11 +44,14 @@ Docs: https://docs.openclaw.ai - Docs/Mintlify: fix MDX marker syntax on Perplexity, Model Providers, Moonshot, and exec approvals pages so local docs preview no longer breaks rendering or leaves stale pages unpublished. (#46695) Thanks @velvet-shark. - Email/webhook wrapping: sanitize sender and subject metadata before external-content wrapping so metadata fields cannot break the wrapper structure. Thanks @vincentkoc. - Node/startup: remove leftover debug `console.log("node host PATH: ...")` that printed the resolved PATH on every `openclaw node run` invocation. (#46411) -- Nodes/pending actions: re-check queued foreground actions against the current node command policy before returning them to the node. Thanks @vincentkoc. -- ACP/approvals: use canonical tool identity for prompting decisions and fail closed when conflicting tool identity hints are present. Thanks @vincentkoc. +- Nodes/pending actions: re-check queued foreground actions against the current node command policy before returning them to the node. (#46815) Thanks @zpbrent and @vincentkoc. +- ACP/approvals: use canonical tool identity for prompting decisions and fail closed when conflicting tool identity hints are present. (#46817) Thanks @zpbrent and @vincentkoc. - Telegram/message send: forward `--force-document` through the `sendPayload` path as well as `sendMedia`, so Telegram payload sends with `channelData` keep uploading images as documents instead of silently falling back to compressed photo sends. (#47119) Thanks @thepagent. - Telegram/message chunking: preserve spaces, paragraph separators, and word boundaries when HTML overflow rechunking splits formatted replies. (#47274) - Plugins/scoped ids: preserve scoped plugin ids during install and config keying, and keep bundled plugins ahead of discovered duplicate ids by default so `@scope/name` plugins no longer collide with unscoped installs. Thanks @vincentkoc. +- CLI: avoid loading provider discovery during startup model normalization. (#46522) Thanks @ItsAditya-xyz and @vincentkoc. +- Tlon: honor explicit empty allowlists and defer cite expansion. (#46788) Thanks @zpbrent and @vincentkoc. +- ACP: require admin scope for mutating internal actions. (#46789) Thanks @tdjackey and @vincentkoc. ## 2026.3.13 From 9e2eed211c828c8cf36884d64ed713aeac7703b3 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 09:36:53 -0700 Subject: [PATCH 22/34] Changelog: add more unreleased PR numbers --- CHANGELOG.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d65d324d22..2c1dd4f9f16 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ Docs: https://docs.openclaw.ai - Commands/btw: add `/btw` side questions for quick tool-less answers about the current session without changing future session context, with dismissible in-session TUI answers and explicit BTW replies on external channels. (#45444) Thanks @ngutman. - Gateway/health monitor: add configurable stale-event thresholds and restart limits, plus per-channel and per-account `healthMonitor.enabled` overrides, while keeping the existing global disable path on `gateway.channelHealthCheckMinutes=0`. (#42107) Thanks @rstar327. - Feishu/cards: add identity-aware structured card headers and note footers for Feishu replies and direct sends, while keeping that presentation wired through the shared outbound identity path. (#29938) Thanks @nszhsl. -- Feishu/streaming: add `onReasoningStream` and `onReasoningEnd` support to streaming cards, so `/reasoning stream` renders thinking tokens as markdown blockquotes in the same card — matching the Telegram channel's reasoning lane behavior. +- Feishu/streaming: add `onReasoningStream` and `onReasoningEnd` support to streaming cards, so `/reasoning stream` renders thinking tokens as markdown blockquotes in the same card — matching the Telegram channel's reasoning lane behavior. (#46029) - Refactor/channels: remove the legacy channel shim directories and point channel-specific imports directly at the extension-owned implementations. (#45967) thanks @scoootscooob. - Android/nodes: add `callLog.search` plus shared Call Log permission wiring so Android nodes can search recent call history through the gateway. (#44073) Thanks @lxk7280. @@ -18,8 +18,8 @@ Docs: https://docs.openclaw.ai - Group mention gating: reject invalid and unsafe nested-repetition `mentionPatterns`, reuse the shared safe config-regex compiler across mention stripping and detection, and cache strip-time regex compilation so noisy groups avoid repeated recompiles. - Control UI/chat sessions: show human-readable labels in the grouped session dropdown again, keep unique scoped fallbacks when metadata is missing, and disambiguate duplicate labels only when needed. (#45130) thanks @luzhidong. -- Slack/interactive replies: preserve `channelData.slack.blocks` through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. Thanks @vincentkoc. -- Feishu/topic threads: fetch full thread context, including prior bot replies, when starting a topic-thread session so follow-up turns in Feishu topics keep the right conversation state. Thanks @Coobiw. +- Slack/interactive replies: preserve `channelData.slack.blocks` through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. (#45890) Thanks @vincentkoc. +- Feishu/topic threads: fetch full thread context, including prior bot replies, when starting a topic-thread session so follow-up turns in Feishu topics keep the right conversation state. (#45254) Thanks @Coobiw. - Configure/startup: move outbound send-deps resolution into a lightweight helper so `openclaw configure` no longer stalls after the banner while eagerly loading channel plugins. (#46301) thanks @scoootscooob. - Control UI/dashboard: preserve structured gateway shutdown reasons across restart disconnects so config-triggered restarts no longer fall back to `disconnected (1006): no reason`. (#46532) Thanks @vincentkoc. - Android/chat: theme the thinking dropdown and TLS trust dialogs explicitly so popup surfaces match the active app theme instead of falling back to mismatched Material defaults. @@ -30,14 +30,14 @@ Docs: https://docs.openclaw.ai - Browser/remote CDP: honor strict browser SSRF policy during remote CDP reachability and `/json/version` discovery checks, redact sensitive `cdpUrl` tokens from status output, and warn when remote CDP targets private/internal hosts. - Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`. - Inbound policy hardening: tighten callback and webhook sender checks across Mattermost and Google Chat, match Nextcloud Talk rooms by stable room token, and treat explicit empty Twitch allowlists as deny-all. (#46787) Thanks @zpbrent, @ijxpwastaken and @vincentkoc. -- macOS/canvas actions: keep unattended local agent actions on trusted in-app canvas surfaces only, and stop exposing the deep-link fallback key to arbitrary page scripts. Thanks @vincentkoc. +- macOS/canvas actions: keep unattended local agent actions on trusted in-app canvas surfaces only, and stop exposing the deep-link fallback key to arbitrary page scripts. (#46790) Thanks @vincentkoc. - Agents/compaction: extend the enclosing run deadline once while compaction is actively in flight, and abort the underlying SDK compaction on timeout/cancel so large-session compactions stop freezing mid-run. (#46889) Thanks @asyncjason. - Models/openai-completions: default non-native OpenAI-compatible providers to omit tool-definition `strict` fields unless users explicitly opt back in, so tool calling keeps working on providers that reject that option. (#45497) Thanks @sahancava. - WhatsApp/reconnect: restore the append recency filter in the extension inbox monitor and handle protobuf `Long` timestamps correctly, so fresh post-reconnect append messages are processed while stale history sync stays suppressed. (#42588) thanks @MonkeyLeeT. - WhatsApp/login: wait for pending creds writes before reopening after Baileys `515` pairing restarts in both QR login and `channels login` flows, and keep the restart coverage pinned to the real wrapped error shape plus per-account creds queues. (#27910) Thanks @asyncjason. - Agents/openai-compatible tool calls: deduplicate repeated tool call ids across live assistant messages and replayed history so OpenAI-compatible backends no longer reject duplicate `tool_call_id` values with HTTP 400. (#40996) Thanks @xaeon2026. - Security/device pairing: harden `device.token.rotate` deny handling by keeping public failures generic while logging internal deny reasons and preserving approved-baseline enforcement. (`GHSA-7jrw-x62h-64p8`) -- Slack/interactive replies: preserve `channelData.slack.blocks` through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. Thanks @vincentkoc. +- Slack/interactive replies: preserve `channelData.slack.blocks` through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. (#45890) Thanks @vincentkoc. - Zalo/plugin runtime: export `resolveClientIp` from `openclaw/plugin-sdk/zalo` so installed builds no longer crash on startup when the webhook monitor loads from the packaged extension instead of the monorepo source tree. (#46549) Thanks @No898. - CI/channel test routing: move the built-in channel suites into `test:channels` and keep them out of `test:extensions`, so extension CI no longer fails after the channel migration while targeted test routing still sends Slack, Signal, and iMessage suites to the right lane. (#46066) Thanks @scoootscooob. - Browser/profiles: drop the auto-created `chrome-relay` browser profile; users who need the Chrome extension relay must now create their own profile via `openclaw browser create-profile`. (#45777) Thanks @odysseus0. From 7679eb375294941b02214c234aff3948796969d0 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 09:44:51 -0700 Subject: [PATCH 23/34] Subagents: restrict follow-up messaging scope (#46801) * Subagents: restrict follow-up messaging scope * Subagents: cover foreign-session follow-up sends * Update CHANGELOG.md --- CHANGELOG.md | 1 + src/agents/subagent-control.test.ts | 38 +++++++++++++++ src/agents/subagent-control.ts | 15 ++++++ .../reply/commands-subagents/action-send.ts | 7 ++- src/auto-reply/reply/commands.test.ts | 47 +++++++++++++++++++ 5 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 src/agents/subagent-control.test.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c1dd4f9f16..e2b50510d31 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ Docs: https://docs.openclaw.ai - Zalo Personal/group gating: stop reapplying `dmPolicy.allowFrom` as a sender gate for already-allowlisted groups when `groupAllowFrom` is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#40146) - Browser/remote CDP: honor strict browser SSRF policy during remote CDP reachability and `/json/version` discovery checks, redact sensitive `cdpUrl` tokens from status output, and warn when remote CDP targets private/internal hosts. - Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`. +- Subagents/follow-ups: require the same controller ownership checks for `/subagents send` as other control actions, so leaf sessions cannot message nested child runs they do not control. Thanks @vincentkoc. - Inbound policy hardening: tighten callback and webhook sender checks across Mattermost and Google Chat, match Nextcloud Talk rooms by stable room token, and treat explicit empty Twitch allowlists as deny-all. (#46787) Thanks @zpbrent, @ijxpwastaken and @vincentkoc. - macOS/canvas actions: keep unattended local agent actions on trusted in-app canvas surfaces only, and stop exposing the deep-link fallback key to arbitrary page scripts. (#46790) Thanks @vincentkoc. - Agents/compaction: extend the enclosing run deadline once while compaction is actively in flight, and abort the underlying SDK compaction on timeout/cancel so large-session compactions stop freezing mid-run. (#46889) Thanks @asyncjason. diff --git a/src/agents/subagent-control.test.ts b/src/agents/subagent-control.test.ts new file mode 100644 index 00000000000..fec77ad025b --- /dev/null +++ b/src/agents/subagent-control.test.ts @@ -0,0 +1,38 @@ +import { describe, expect, it } from "vitest"; +import type { OpenClawConfig } from "../config/config.js"; +import { sendControlledSubagentMessage } from "./subagent-control.js"; + +describe("sendControlledSubagentMessage", () => { + it("rejects runs controlled by another session", async () => { + const result = await sendControlledSubagentMessage({ + cfg: { + channels: { whatsapp: { allowFrom: ["*"] } }, + } as OpenClawConfig, + controller: { + controllerSessionKey: "agent:main:subagent:leaf", + callerSessionKey: "agent:main:subagent:leaf", + callerIsSubagent: true, + controlScope: "children", + }, + entry: { + runId: "run-foreign", + childSessionKey: "agent:main:subagent:other", + requesterSessionKey: "agent:main:main", + requesterDisplayKey: "main", + controllerSessionKey: "agent:main:subagent:other-parent", + task: "foreign run", + cleanup: "keep", + createdAt: Date.now() - 5_000, + startedAt: Date.now() - 4_000, + endedAt: Date.now() - 1_000, + outcome: { status: "ok" }, + }, + message: "continue", + }); + + expect(result).toEqual({ + status: "forbidden", + error: "Subagents can only control runs spawned from their own session.", + }); + }); +}); diff --git a/src/agents/subagent-control.ts b/src/agents/subagent-control.ts index 528a84eebd3..6594e5c7877 100644 --- a/src/agents/subagent-control.ts +++ b/src/agents/subagent-control.ts @@ -686,9 +686,24 @@ export async function steerControlledSubagentRun(params: { export async function sendControlledSubagentMessage(params: { cfg: OpenClawConfig; + controller: ResolvedSubagentController; entry: SubagentRunRecord; message: string; }) { + const ownershipError = ensureControllerOwnsRun({ + controller: params.controller, + entry: params.entry, + }); + if (ownershipError) { + return { status: "forbidden" as const, error: ownershipError }; + } + if (params.controller.controlScope !== "children") { + return { + status: "forbidden" as const, + error: "Leaf subagents cannot control other sessions.", + }; + } + const targetSessionKey = params.entry.childSessionKey; const parsed = parseAgentSessionKey(targetSessionKey); const storePath = resolveStorePath(params.cfg.session?.store, { agentId: parsed?.agentId }); diff --git a/src/auto-reply/reply/commands-subagents/action-send.ts b/src/auto-reply/reply/commands-subagents/action-send.ts index 3e764e2a6bb..9414313b381 100644 --- a/src/auto-reply/reply/commands-subagents/action-send.ts +++ b/src/auto-reply/reply/commands-subagents/action-send.ts @@ -37,8 +37,9 @@ export async function handleSubagentsSendAction( return stopWithText(`${formatRunLabel(targetResolution.entry)} is already finished.`); } + const controller = resolveCommandSubagentController(params, ctx.requesterKey); + if (steerRequested) { - const controller = resolveCommandSubagentController(params, ctx.requesterKey); const result = await steerControlledSubagentRun({ cfg: params.cfg, controller, @@ -61,6 +62,7 @@ export async function handleSubagentsSendAction( const result = await sendControlledSubagentMessage({ cfg: params.cfg, + controller, entry: targetResolution.entry, message, }); @@ -70,6 +72,9 @@ export async function handleSubagentsSendAction( if (result.status === "error") { return stopWithText(`⚠️ Subagent error: ${result.error} (run ${result.runId.slice(0, 8)}).`); } + if (result.status === "forbidden") { + return stopWithText(`⚠️ ${result.error ?? "send failed"}`); + } return stopWithText( result.replyText ?? `✅ Sent to ${formatRunLabel(targetResolution.entry)} (run ${result.runId.slice(0, 8)}).`, diff --git a/src/auto-reply/reply/commands.test.ts b/src/auto-reply/reply/commands.test.ts index f6d2d88f5ba..2d8e6458933 100644 --- a/src/auto-reply/reply/commands.test.ts +++ b/src/auto-reply/reply/commands.test.ts @@ -1887,6 +1887,53 @@ describe("handleCommands subagents", () => { expect(waitCall).toBeDefined(); }); + it("blocks leaf subagents from sending to explicitly-owned child sessions", async () => { + const leafKey = "agent:main:subagent:leaf"; + const childKey = `${leafKey}:subagent:child`; + const storePath = path.join(testWorkspaceDir, "sessions-subagents-send-scope.json"); + await updateSessionStore(storePath, (store) => { + store[leafKey] = { + sessionId: "leaf-session", + updatedAt: Date.now(), + spawnedBy: "agent:main:main", + subagentRole: "leaf", + subagentControlScope: "none", + }; + store[childKey] = { + sessionId: "child-session", + updatedAt: Date.now(), + spawnedBy: leafKey, + subagentRole: "leaf", + subagentControlScope: "none", + }; + }); + addSubagentRunForTests({ + runId: "run-child-send", + childSessionKey: childKey, + requesterSessionKey: leafKey, + requesterDisplayKey: leafKey, + task: "child follow-up target", + cleanup: "keep", + createdAt: Date.now() - 20_000, + startedAt: Date.now() - 20_000, + endedAt: Date.now() - 1_000, + outcome: { status: "ok" }, + }); + const cfg = { + commands: { text: true }, + channels: { whatsapp: { allowFrom: ["*"] } }, + session: { store: storePath }, + } as OpenClawConfig; + const params = buildParams("/subagents send 1 continue with follow-up details", cfg); + params.sessionKey = leafKey; + + const result = await handleCommands(params); + + expect(result.shouldContinue).toBe(false); + expect(result.reply?.text).toContain("Leaf subagents cannot control other sessions."); + expect(callGatewayMock).not.toHaveBeenCalled(); + }); + it("steers subagents via /steer alias", async () => { callGatewayMock.mockImplementation(async (opts: unknown) => { const request = opts as { method?: string }; From 5e78c8bc95d86fea04cb5ea5303f6a55541a4fc4 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 09:45:18 -0700 Subject: [PATCH 24/34] Webhooks: tighten pre-auth body handling (#46802) * Webhooks: tighten pre-auth body handling * Webhooks: clean up request body guards --- CHANGELOG.md | 1 + extensions/googlechat/src/monitor-webhook.ts | 9 ++++++ .../src/mattermost/slash-http.test.ts | 30 ++++++++++++++++-- .../mattermost/src/mattermost/slash-http.ts | 31 +++++++++---------- extensions/msteams/src/monitor.ts | 2 +- extensions/nextcloud-talk/src/monitor.ts | 8 +++-- .../synology-chat/src/webhook-handler.ts | 6 ++-- src/plugin-sdk/mattermost.ts | 1 + 8 files changed, 64 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e2b50510d31..3213916df7e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ Docs: https://docs.openclaw.ai - Zalo Personal/group gating: stop reapplying `dmPolicy.allowFrom` as a sender gate for already-allowlisted groups when `groupAllowFrom` is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#40146) - Browser/remote CDP: honor strict browser SSRF policy during remote CDP reachability and `/json/version` discovery checks, redact sensitive `cdpUrl` tokens from status output, and warn when remote CDP targets private/internal hosts. - Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`. +- Webhooks/runtime: move auth earlier and tighten pre-auth body limits and timeouts across bundled webhook handlers, including slow-body handling for Mattermost slash commands. Thanks @vincentkoc. - Subagents/follow-ups: require the same controller ownership checks for `/subagents send` as other control actions, so leaf sessions cannot message nested child runs they do not control. Thanks @vincentkoc. - Inbound policy hardening: tighten callback and webhook sender checks across Mattermost and Google Chat, match Nextcloud Talk rooms by stable room token, and treat explicit empty Twitch allowlists as deny-all. (#46787) Thanks @zpbrent, @ijxpwastaken and @vincentkoc. - macOS/canvas actions: keep unattended local agent actions on trusted in-app canvas surfaces only, and stop exposing the deep-link fallback key to arbitrary page scripts. (#46790) Thanks @vincentkoc. diff --git a/extensions/googlechat/src/monitor-webhook.ts b/extensions/googlechat/src/monitor-webhook.ts index 56f355cce83..ff7bee6c59b 100644 --- a/extensions/googlechat/src/monitor-webhook.ts +++ b/extensions/googlechat/src/monitor-webhook.ts @@ -21,6 +21,9 @@ function extractBearerToken(header: unknown): string { : ""; } +const ADD_ON_PREAUTH_MAX_BYTES = 16 * 1024; +const ADD_ON_PREAUTH_TIMEOUT_MS = 3_000; + type ParsedGoogleChatInboundPayload = | { ok: true; event: GoogleChatEvent; addOnBearerToken: string } | { ok: false }; @@ -112,6 +115,12 @@ export function createGoogleChatWebhookRequestHandler(params: { req, res, profile, + ...(profile === "pre-auth" + ? { + maxBytes: ADD_ON_PREAUTH_MAX_BYTES, + timeoutMs: ADD_ON_PREAUTH_TIMEOUT_MS, + } + : {}), emptyObjectOnEmpty: false, invalidJsonMessage: "invalid payload", }); diff --git a/extensions/mattermost/src/mattermost/slash-http.test.ts b/extensions/mattermost/src/mattermost/slash-http.test.ts index a89bfc4e33a..42132e1275d 100644 --- a/extensions/mattermost/src/mattermost/slash-http.test.ts +++ b/extensions/mattermost/src/mattermost/slash-http.test.ts @@ -1,7 +1,7 @@ import type { IncomingMessage, ServerResponse } from "node:http"; import { PassThrough } from "node:stream"; import type { OpenClawConfig, RuntimeEnv } from "openclaw/plugin-sdk/mattermost"; -import { describe, expect, it } from "vitest"; +import { describe, expect, it, vi } from "vitest"; import type { ResolvedMattermostAccount } from "./accounts.js"; import { createSlashCommandHttpHandler } from "./slash-http.js"; @@ -9,6 +9,7 @@ function createRequest(params: { method?: string; body?: string; contentType?: string; + autoEnd?: boolean; }): IncomingMessage { const req = new PassThrough(); const incoming = req as unknown as IncomingMessage; @@ -20,7 +21,9 @@ function createRequest(params: { if (params.body) { req.write(params.body); } - req.end(); + if (params.autoEnd !== false) { + req.end(); + } }); return incoming; } @@ -128,4 +131,27 @@ describe("slash-http", () => { expect(response.res.statusCode).toBe(401); expect(response.getBody()).toContain("Unauthorized: invalid command token."); }); + + it("returns 408 when the request body stalls", async () => { + vi.useFakeTimers(); + try { + const handler = createSlashCommandHttpHandler({ + account: accountFixture, + cfg: {} as OpenClawConfig, + runtime: {} as RuntimeEnv, + commandTokens: new Set(["valid-token"]), + }); + const req = createRequest({ autoEnd: false }); + const response = createResponse(); + const pending = handler(req, response.res); + + await vi.advanceTimersByTimeAsync(5_000); + await pending; + + expect(response.res.statusCode).toBe(408); + expect(response.getBody()).toBe("Request body timeout"); + } finally { + vi.useRealTimers(); + } + }); }); diff --git a/extensions/mattermost/src/mattermost/slash-http.ts b/extensions/mattermost/src/mattermost/slash-http.ts index 468f5c3584c..a094b3571ff 100644 --- a/extensions/mattermost/src/mattermost/slash-http.ts +++ b/extensions/mattermost/src/mattermost/slash-http.ts @@ -10,7 +10,9 @@ import { buildModelsProviderData, createReplyPrefixOptions, createTypingCallbacks, + isRequestBodyLimitError, logTypingFailure, + readRequestBodyWithLimit, type OpenClawConfig, type ReplyPayload, type RuntimeEnv, @@ -54,24 +56,16 @@ type SlashHttpHandlerParams = { log?: (msg: string) => void; }; +const MAX_BODY_BYTES = 64 * 1024; +const BODY_READ_TIMEOUT_MS = 5_000; + /** * Read the full request body as a string. */ function readBody(req: IncomingMessage, maxBytes: number): Promise { - return new Promise((resolve, reject) => { - const chunks: Buffer[] = []; - let size = 0; - req.on("data", (chunk: Buffer) => { - size += chunk.length; - if (size > maxBytes) { - req.destroy(); - reject(new Error("Request body too large")); - return; - } - chunks.push(chunk); - }); - req.on("end", () => resolve(Buffer.concat(chunks).toString("utf8"))); - req.on("error", reject); + return readRequestBodyWithLimit(req, { + maxBytes, + timeoutMs: BODY_READ_TIMEOUT_MS, }); } @@ -215,8 +209,6 @@ async function authorizeSlashInvocation(params: { export function createSlashCommandHttpHandler(params: SlashHttpHandlerParams) { const { account, cfg, runtime, commandTokens, triggerMap, log } = params; - const MAX_BODY_BYTES = 64 * 1024; // 64KB - return async (req: IncomingMessage, res: ServerResponse): Promise => { if (req.method !== "POST") { res.statusCode = 405; @@ -228,7 +220,12 @@ export function createSlashCommandHttpHandler(params: SlashHttpHandlerParams) { let body: string; try { body = await readBody(req, MAX_BODY_BYTES); - } catch { + } catch (error) { + if (isRequestBodyLimitError(error, "REQUEST_BODY_TIMEOUT")) { + res.statusCode = 408; + res.end("Request body timeout"); + return; + } res.statusCode = 413; res.end("Payload Too Large"); return; diff --git a/extensions/msteams/src/monitor.ts b/extensions/msteams/src/monitor.ts index 5393a28e0f3..a889aa3d3bc 100644 --- a/extensions/msteams/src/monitor.ts +++ b/extensions/msteams/src/monitor.ts @@ -269,6 +269,7 @@ export async function monitorMSTeamsProvider( // Create Express server const expressApp = express.default(); + expressApp.use(authorizeJWT(authConfig)); expressApp.use(express.json({ limit: MSTEAMS_WEBHOOK_MAX_BODY_BYTES })); expressApp.use((err: unknown, _req: Request, res: Response, next: (err?: unknown) => void) => { if (err && typeof err === "object" && "status" in err && err.status === 413) { @@ -277,7 +278,6 @@ export async function monitorMSTeamsProvider( } next(err); }); - expressApp.use(authorizeJWT(authConfig)); // Set up the messages endpoint - use configured path and /api/messages as fallback const configuredPath = msteamsCfg.webhook?.path ?? "/api/messages"; diff --git a/extensions/nextcloud-talk/src/monitor.ts b/extensions/nextcloud-talk/src/monitor.ts index 93c66ade4b5..d66a40d7429 100644 --- a/extensions/nextcloud-talk/src/monitor.ts +++ b/extensions/nextcloud-talk/src/monitor.ts @@ -25,6 +25,8 @@ const DEFAULT_WEBHOOK_HOST = "0.0.0.0"; const DEFAULT_WEBHOOK_PATH = "/nextcloud-talk-webhook"; const DEFAULT_WEBHOOK_MAX_BODY_BYTES = 1024 * 1024; const DEFAULT_WEBHOOK_BODY_TIMEOUT_MS = 30_000; +const PREAUTH_WEBHOOK_MAX_BODY_BYTES = 64 * 1024; +const PREAUTH_WEBHOOK_BODY_TIMEOUT_MS = 5_000; const HEALTH_PATH = "/healthz"; const WEBHOOK_ERRORS = { missingSignatureHeaders: "Missing signature headers", @@ -171,8 +173,10 @@ export function readNextcloudTalkWebhookBody( maxBodyBytes: number, ): Promise { return readRequestBodyWithLimit(req, { - maxBytes: maxBodyBytes, - timeoutMs: DEFAULT_WEBHOOK_BODY_TIMEOUT_MS, + // This read happens before signature verification, so keep the unauthenticated + // body budget bounded even if the operator-configured post-parse limit is larger. + maxBytes: Math.min(maxBodyBytes, PREAUTH_WEBHOOK_MAX_BODY_BYTES), + timeoutMs: PREAUTH_WEBHOOK_BODY_TIMEOUT_MS, }); } diff --git a/extensions/synology-chat/src/webhook-handler.ts b/extensions/synology-chat/src/webhook-handler.ts index b4c73934db9..05cd425b06f 100644 --- a/extensions/synology-chat/src/webhook-handler.ts +++ b/extensions/synology-chat/src/webhook-handler.ts @@ -16,6 +16,8 @@ import type { SynologyWebhookPayload, ResolvedSynologyChatAccount } from "./type // One rate limiter per account, created lazily const rateLimiters = new Map(); +const PREAUTH_MAX_BODY_BYTES = 64 * 1024; +const PREAUTH_BODY_TIMEOUT_MS = 5_000; function getRateLimiter(account: ResolvedSynologyChatAccount): RateLimiter { let rl = rateLimiters.get(account.accountId); @@ -49,8 +51,8 @@ async function readBody(req: IncomingMessage): Promise< > { try { const body = await readRequestBodyWithLimit(req, { - maxBytes: 1_048_576, - timeoutMs: 30_000, + maxBytes: PREAUTH_MAX_BODY_BYTES, + timeoutMs: PREAUTH_BODY_TIMEOUT_MS, }); return { ok: true, body }; } catch (err) { diff --git a/src/plugin-sdk/mattermost.ts b/src/plugin-sdk/mattermost.ts index 6871a78365c..54cf2a1bd2f 100644 --- a/src/plugin-sdk/mattermost.ts +++ b/src/plugin-sdk/mattermost.ts @@ -104,3 +104,4 @@ export { buildAgentMediaPayload } from "./agent-media-payload.js"; export { getAgentScopedMediaLocalRoots } from "../media/local-roots.js"; export { loadOutboundMediaFromUrl } from "./outbound-media.js"; export { createScopedPairingAccess } from "./pairing-access.js"; +export { isRequestBodyLimitError, readRequestBodyWithLimit } from "../infra/http-body.js"; From 8e97b752d07dcf5052c47d519882693e59cc00d8 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 09:45:58 -0700 Subject: [PATCH 25/34] Tools: revalidate workspace-only patch targets (#46803) * Tools: revalidate workspace-only patch targets * Tests: narrow apply-patch delete-path assertion --- CHANGELOG.md | 1 + src/agents/apply-patch.test.ts | 21 ++++++++++++++++++++- src/agents/apply-patch.ts | 24 ++++++++++++++++++++++-- 3 files changed, 43 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3213916df7e..c1b29a7d668 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ Docs: https://docs.openclaw.ai - Zalo Personal/group gating: stop reapplying `dmPolicy.allowFrom` as a sender gate for already-allowlisted groups when `groupAllowFrom` is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#40146) - Browser/remote CDP: honor strict browser SSRF policy during remote CDP reachability and `/json/version` discovery checks, redact sensitive `cdpUrl` tokens from status output, and warn when remote CDP targets private/internal hosts. - Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`. +- Tools/apply-patch: revalidate workspace-only delete and directory targets immediately before mutating host paths. Thanks @vincentkoc. - Webhooks/runtime: move auth earlier and tighten pre-auth body limits and timeouts across bundled webhook handlers, including slow-body handling for Mattermost slash commands. Thanks @vincentkoc. - Subagents/follow-ups: require the same controller ownership checks for `/subagents send` as other control actions, so leaf sessions cannot message nested child runs they do not control. Thanks @vincentkoc. - Inbound policy hardening: tighten callback and webhook sender checks across Mattermost and Google Chat, match Nextcloud Talk rooms by stable room token, and treat explicit empty Twitch allowlists as deny-all. (#46787) Thanks @zpbrent, @ijxpwastaken and @vincentkoc. diff --git a/src/agents/apply-patch.test.ts b/src/agents/apply-patch.test.ts index b14179f5907..1f305379b5d 100644 --- a/src/agents/apply-patch.test.ts +++ b/src/agents/apply-patch.test.ts @@ -1,7 +1,7 @@ import fs from "node:fs/promises"; import os from "node:os"; import path from "node:path"; -import { describe, expect, it } from "vitest"; +import { describe, expect, it, vi } from "vitest"; import { applyPatch } from "./apply-patch.js"; async function withTempDir(fn: (dir: string) => Promise) { @@ -147,6 +147,25 @@ describe("applyPatch", () => { }); }); + it("resolves delete targets before calling fs.rm", async () => { + await withTempDir(async (dir) => { + const target = path.join(dir, "delete-me.txt"); + await fs.writeFile(target, "x\n", "utf8"); + const rmSpy = vi.spyOn(fs, "rm"); + + try { + const patch = `*** Begin Patch +*** Delete File: delete-me.txt +*** End Patch`; + + await applyPatch(patch, { cwd: dir }); + expect(rmSpy).toHaveBeenCalledWith(target); + } finally { + rmSpy.mockRestore(); + } + }); + }); + it("rejects symlink escape attempts by default", async () => { // File symlinks require SeCreateSymbolicLinkPrivilege on Windows. if (process.platform === "win32") { diff --git a/src/agents/apply-patch.ts b/src/agents/apply-patch.ts index 9c948cb3971..d7a5dc1e0ff 100644 --- a/src/agents/apply-patch.ts +++ b/src/agents/apply-patch.ts @@ -270,8 +270,28 @@ function resolvePatchFileOps(options: ApplyPatchOptions): PatchFileOps { encoding: "utf8", }); }, - remove: (filePath) => fs.rm(filePath), - mkdirp: (dir) => fs.mkdir(dir, { recursive: true }).then(() => {}), + remove: async (filePath) => { + if (workspaceOnly) { + await assertSandboxPath({ + filePath, + cwd: options.cwd, + root: options.cwd, + allowFinalSymlinkForUnlink: true, + allowFinalHardlinkForUnlink: true, + }); + } + await fs.rm(filePath); + }, + mkdirp: async (dir) => { + if (workspaceOnly) { + await assertSandboxPath({ + filePath: dir, + cwd: options.cwd, + root: options.cwd, + }); + } + await fs.mkdir(dir, { recursive: true }); + }, }; } From 13e256ac9db180de7310f9651ab09f8ee4eba25f Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 09:47:56 -0700 Subject: [PATCH 26/34] CLI: trim onboarding provider startup imports (#47467) --- src/commands/onboard-auth.config-core.ts | 2 +- src/commands/onboard-auth.models.ts | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/commands/onboard-auth.config-core.ts b/src/commands/onboard-auth.config-core.ts index 619bbe0249b..6fc132f57cb 100644 --- a/src/commands/onboard-auth.config-core.ts +++ b/src/commands/onboard-auth.config-core.ts @@ -10,7 +10,7 @@ import { buildXiaomiProvider, QIANFAN_DEFAULT_MODEL_ID, XIAOMI_DEFAULT_MODEL_ID, -} from "../agents/models-config.providers.js"; +} from "../agents/models-config.providers.static.js"; import { buildSyntheticModelDefinition, SYNTHETIC_BASE_URL, diff --git a/src/commands/onboard-auth.models.ts b/src/commands/onboard-auth.models.ts index 24dda1f0539..383121b5700 100644 --- a/src/commands/onboard-auth.models.ts +++ b/src/commands/onboard-auth.models.ts @@ -1,4 +1,7 @@ -import { QIANFAN_BASE_URL, QIANFAN_DEFAULT_MODEL_ID } from "../agents/models-config.providers.js"; +import { + QIANFAN_BASE_URL, + QIANFAN_DEFAULT_MODEL_ID, +} from "../agents/models-config.providers.static.js"; import type { ModelDefinitionConfig } from "../config/types.js"; import { KILOCODE_DEFAULT_CONTEXT_WINDOW, From d37e3d582fd8193c5b645de5ead8d7a14a137e17 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Sun, 15 Mar 2026 13:08:37 -0400 Subject: [PATCH 27/34] Scope Control UI sessions per gateway (#47453) * Scope Control UI sessions per gateway Signed-off-by: sallyom * Add changelog for Control UI session scoping Signed-off-by: sallyom --------- Signed-off-by: sallyom --- CHANGELOG.md | 1 + ui/src/ui/app-settings.test.ts | 83 ++++++++++++++++++++++ ui/src/ui/app-settings.ts | 12 ++++ ui/src/ui/storage.node.test.ts | 122 +++++++++++++++++++++++++++++++-- ui/src/ui/storage.ts | 90 ++++++++++++++++++++---- 5 files changed, 291 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c1b29a7d668..5de1f1b05f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ Docs: https://docs.openclaw.ai - Group mention gating: reject invalid and unsafe nested-repetition `mentionPatterns`, reuse the shared safe config-regex compiler across mention stripping and detection, and cache strip-time regex compilation so noisy groups avoid repeated recompiles. - Control UI/chat sessions: show human-readable labels in the grouped session dropdown again, keep unique scoped fallbacks when metadata is missing, and disambiguate duplicate labels only when needed. (#45130) thanks @luzhidong. +- Control UI: scope persisted session selection per gateway, prevent stale session bleed across tokenized gateway opens, and cap stored gateway session history. (#47453) Thanks @sallyom. - Slack/interactive replies: preserve `channelData.slack.blocks` through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. (#45890) Thanks @vincentkoc. - Feishu/topic threads: fetch full thread context, including prior bot replies, when starting a topic-thread session so follow-up turns in Feishu topics keep the right conversation state. (#45254) Thanks @Coobiw. - Configure/startup: move outbound send-deps resolution into a lightweight helper so `openclaw configure` no longer stalls after the banner while eagerly loading channel plugins. (#46301) thanks @scoootscooob. diff --git a/ui/src/ui/app-settings.test.ts b/ui/src/ui/app-settings.test.ts index aecc1f5bbcb..fd02f7673e9 100644 --- a/ui/src/ui/app-settings.test.ts +++ b/ui/src/ui/app-settings.test.ts @@ -2,6 +2,7 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { applyResolvedTheme, applySettings, + applySettingsFromUrl, attachThemeListener, setTabFromRoute, syncThemeWithSettings, @@ -60,6 +61,8 @@ type SettingsHost = { themeMediaHandler: ((event: MediaQueryListEvent) => void) | null; logsPollInterval: number | null; debugPollInterval: number | null; + pendingGatewayUrl?: string | null; + pendingGatewayToken?: string | null; }; function createStorageMock(): Storage { @@ -118,6 +121,8 @@ const createHost = (tab: Tab): SettingsHost => ({ themeMediaHandler: null, logsPollInterval: null, debugPollInterval: null, + pendingGatewayUrl: null, + pendingGatewayToken: null, }); describe("setTabFromRoute", () => { @@ -224,3 +229,81 @@ describe("setTabFromRoute", () => { expect(root.style.colorScheme).toBe("light"); }); }); + +describe("applySettingsFromUrl", () => { + beforeEach(() => { + vi.stubGlobal("localStorage", createStorageMock()); + vi.stubGlobal("navigator", { language: "en-US" } as Navigator); + }); + + afterEach(() => { + vi.unstubAllGlobals(); + window.history.replaceState({}, "", "/chat"); + }); + + it("resets stale persisted session selection to main when a token is supplied without a session", () => { + const host = createHost("chat"); + host.settings = { + ...host.settings, + gatewayUrl: "ws://localhost:18789", + token: "", + sessionKey: "agent:test_old:main", + lastActiveSessionKey: "agent:test_old:main", + }; + host.sessionKey = "agent:test_old:main"; + + window.history.replaceState({}, "", "/chat#token=test-token"); + + applySettingsFromUrl(host); + + expect(host.sessionKey).toBe("main"); + expect(host.settings.sessionKey).toBe("main"); + expect(host.settings.lastActiveSessionKey).toBe("main"); + }); + + it("preserves an explicit session from the URL when token and session are both supplied", () => { + const host = createHost("chat"); + host.settings = { + ...host.settings, + gatewayUrl: "ws://localhost:18789", + token: "", + sessionKey: "agent:test_old:main", + lastActiveSessionKey: "agent:test_old:main", + }; + host.sessionKey = "agent:test_old:main"; + + window.history.replaceState({}, "", "/chat?session=agent%3Atest_new%3Amain#token=test-token"); + + applySettingsFromUrl(host); + + expect(host.sessionKey).toBe("agent:test_new:main"); + expect(host.settings.sessionKey).toBe("agent:test_new:main"); + expect(host.settings.lastActiveSessionKey).toBe("agent:test_new:main"); + }); + + it("does not reset the current gateway session when a different gateway is pending confirmation", () => { + const host = createHost("chat"); + host.settings = { + ...host.settings, + gatewayUrl: "ws://gateway-a.example:18789", + token: "", + sessionKey: "agent:test_old:main", + lastActiveSessionKey: "agent:test_old:main", + }; + host.sessionKey = "agent:test_old:main"; + + window.history.replaceState( + {}, + "", + "/chat?gatewayUrl=ws%3A%2F%2Fgateway-b.example%3A18789#token=test-token", + ); + + applySettingsFromUrl(host); + + expect(host.sessionKey).toBe("agent:test_old:main"); + expect(host.settings.sessionKey).toBe("agent:test_old:main"); + expect(host.settings.lastActiveSessionKey).toBe("agent:test_old:main"); + expect(host.pendingGatewayUrl).toBe("ws://gateway-b.example:18789"); + expect(host.pendingGatewayToken).toBe("test-token"); + }); +}); diff --git a/ui/src/ui/app-settings.ts b/ui/src/ui/app-settings.ts index 50575826813..23f1de68caa 100644 --- a/ui/src/ui/app-settings.ts +++ b/ui/src/ui/app-settings.ts @@ -100,6 +100,9 @@ export function applySettingsFromUrl(host: SettingsHost) { const tokenRaw = hashParams.get("token"); const passwordRaw = params.get("password") ?? hashParams.get("password"); const sessionRaw = params.get("session") ?? hashParams.get("session"); + const shouldResetSessionForToken = Boolean( + tokenRaw?.trim() && !sessionRaw?.trim() && !gatewayUrlChanged, + ); let shouldCleanUrl = false; if (params.has("token")) { @@ -118,6 +121,15 @@ export function applySettingsFromUrl(host: SettingsHost) { shouldCleanUrl = true; } + if (shouldResetSessionForToken) { + host.sessionKey = "main"; + applySettings(host, { + ...host.settings, + sessionKey: "main", + lastActiveSessionKey: "main", + }); + } + if (passwordRaw != null) { // Never hydrate password from URL params; strip only. params.delete("password"); diff --git a/ui/src/ui/storage.node.test.ts b/ui/src/ui/storage.node.test.ts index 64ce3aec95c..2222e193e96 100644 --- a/ui/src/ui/storage.node.test.ts +++ b/ui/src/ui/storage.node.test.ts @@ -126,8 +126,6 @@ describe("loadSettings default gateway URL derivation", () => { }); expect(JSON.parse(localStorage.getItem("openclaw.control.settings.v1") ?? "{}")).toEqual({ gatewayUrl: "wss://gateway.example:8443/openclaw", - sessionKey: "agent", - lastActiveSessionKey: "agent", theme: "claw", themeMode: "system", chatFocusMode: false, @@ -137,6 +135,12 @@ describe("loadSettings default gateway URL derivation", () => { navCollapsed: false, navWidth: 220, navGroupsCollapsed: {}, + sessionsByGateway: { + "wss://gateway.example:8443/openclaw": { + sessionKey: "agent", + lastActiveSessionKey: "agent", + }, + }, }); expect(sessionStorage.length).toBe(0); }); @@ -249,8 +253,6 @@ describe("loadSettings default gateway URL derivation", () => { expect(JSON.parse(localStorage.getItem("openclaw.control.settings.v1") ?? "{}")).toEqual({ gatewayUrl: "wss://gateway.example:8443/openclaw", - sessionKey: "main", - lastActiveSessionKey: "main", theme: "claw", themeMode: "system", chatFocusMode: false, @@ -260,6 +262,12 @@ describe("loadSettings default gateway URL derivation", () => { navCollapsed: false, navWidth: 220, navGroupsCollapsed: {}, + sessionsByGateway: { + "wss://gateway.example:8443/openclaw": { + sessionKey: "main", + lastActiveSessionKey: "main", + }, + }, }); expect(sessionStorage.length).toBe(1); }); @@ -337,4 +345,110 @@ describe("loadSettings default gateway URL derivation", () => { navWidth: 320, }); }); + + it("scopes persisted session selection per gateway", async () => { + setTestLocation({ + protocol: "https:", + host: "gateway.example:8443", + pathname: "/", + }); + + const { loadSettings, saveSettings } = await import("./storage.ts"); + + saveSettings({ + gatewayUrl: "wss://gateway-a.example:8443/openclaw", + token: "", + sessionKey: "agent:test_old:main", + lastActiveSessionKey: "agent:test_old:main", + theme: "claw", + themeMode: "system", + chatFocusMode: false, + chatShowThinking: true, + chatShowToolCalls: true, + splitRatio: 0.6, + navCollapsed: false, + navWidth: 220, + navGroupsCollapsed: {}, + }); + + saveSettings({ + gatewayUrl: "wss://gateway-b.example:8443/openclaw", + token: "", + sessionKey: "agent:test_new:main", + lastActiveSessionKey: "agent:test_new:main", + theme: "claw", + themeMode: "system", + chatFocusMode: false, + chatShowThinking: true, + chatShowToolCalls: true, + splitRatio: 0.6, + navCollapsed: false, + navWidth: 220, + navGroupsCollapsed: {}, + }); + + localStorage.setItem( + "openclaw.control.settings.v1", + JSON.stringify({ + ...JSON.parse(localStorage.getItem("openclaw.control.settings.v1") ?? "{}"), + gatewayUrl: "wss://gateway-a.example:8443/openclaw", + }), + ); + + expect(loadSettings()).toMatchObject({ + gatewayUrl: "wss://gateway-a.example:8443/openclaw", + sessionKey: "agent:test_old:main", + lastActiveSessionKey: "agent:test_old:main", + }); + + localStorage.setItem( + "openclaw.control.settings.v1", + JSON.stringify({ + ...JSON.parse(localStorage.getItem("openclaw.control.settings.v1") ?? "{}"), + gatewayUrl: "wss://gateway-b.example:8443/openclaw", + }), + ); + + expect(loadSettings()).toMatchObject({ + gatewayUrl: "wss://gateway-b.example:8443/openclaw", + sessionKey: "agent:test_new:main", + lastActiveSessionKey: "agent:test_new:main", + }); + }); + + it("caps persisted session scopes to the most recent gateways", async () => { + setTestLocation({ + protocol: "https:", + host: "gateway.example:8443", + pathname: "/", + }); + + const { saveSettings } = await import("./storage.ts"); + + for (let i = 0; i < 12; i += 1) { + saveSettings({ + gatewayUrl: `wss://gateway-${i}.example:8443/openclaw`, + token: "", + sessionKey: `agent:test_${i}:main`, + lastActiveSessionKey: `agent:test_${i}:main`, + theme: "claw", + themeMode: "system", + chatFocusMode: false, + chatShowThinking: true, + chatShowToolCalls: true, + splitRatio: 0.6, + navCollapsed: false, + navWidth: 220, + navGroupsCollapsed: {}, + }); + } + + const persisted = JSON.parse(localStorage.getItem("openclaw.control.settings.v1") ?? "{}"); + const scopes = Object.keys(persisted.sessionsByGateway ?? {}); + + expect(scopes).toHaveLength(10); + expect(scopes).not.toContain("wss://gateway-0.example:8443/openclaw"); + expect(scopes).not.toContain("wss://gateway-1.example:8443/openclaw"); + expect(scopes).toContain("wss://gateway-11.example:8443/openclaw"); + }); }); diff --git a/ui/src/ui/storage.ts b/ui/src/ui/storage.ts index 02e826b3a1d..450c5124592 100644 --- a/ui/src/ui/storage.ts +++ b/ui/src/ui/storage.ts @@ -1,8 +1,19 @@ const KEY = "openclaw.control.settings.v1"; const LEGACY_TOKEN_SESSION_KEY = "openclaw.control.token.v1"; const TOKEN_SESSION_KEY_PREFIX = "openclaw.control.token.v1:"; +const MAX_SCOPED_SESSION_ENTRIES = 10; -type PersistedUiSettings = Omit & { token?: never }; +type ScopedSessionSelection = { + sessionKey: string; + lastActiveSessionKey: string; +}; + +type PersistedUiSettings = Omit & { + token?: never; + sessionKey?: string; + lastActiveSessionKey?: string; + sessionsByGateway?: Record; +}; import { isSupportedLocale } from "../i18n/index.ts"; import { inferBasePathFromPathname, normalizeBasePath } from "./navigation.ts"; @@ -87,6 +98,41 @@ function tokenSessionKeyForGateway(gatewayUrl: string): string { return `${TOKEN_SESSION_KEY_PREFIX}${normalizeGatewayTokenScope(gatewayUrl)}`; } +function resolveScopedSessionSelection( + gatewayUrl: string, + parsed: PersistedUiSettings, + defaults: UiSettings, +): ScopedSessionSelection { + const scope = normalizeGatewayTokenScope(gatewayUrl); + const scoped = parsed.sessionsByGateway?.[scope]; + if ( + scoped && + typeof scoped.sessionKey === "string" && + scoped.sessionKey.trim() && + typeof scoped.lastActiveSessionKey === "string" && + scoped.lastActiveSessionKey.trim() + ) { + return { + sessionKey: scoped.sessionKey.trim(), + lastActiveSessionKey: scoped.lastActiveSessionKey.trim(), + }; + } + + const legacySessionKey = + typeof parsed.sessionKey === "string" && parsed.sessionKey.trim() + ? parsed.sessionKey.trim() + : defaults.sessionKey; + const legacyLastActiveSessionKey = + typeof parsed.lastActiveSessionKey === "string" && parsed.lastActiveSessionKey.trim() + ? parsed.lastActiveSessionKey.trim() + : legacySessionKey || defaults.lastActiveSessionKey; + + return { + sessionKey: legacySessionKey, + lastActiveSessionKey: legacyLastActiveSessionKey, + }; +} + function loadSessionToken(gatewayUrl: string): string { try { const storage = getSessionStorage(); @@ -144,12 +190,13 @@ export function loadSettings(): UiSettings { if (!raw) { return defaults; } - const parsed = JSON.parse(raw) as Partial; + const parsed = JSON.parse(raw) as PersistedUiSettings; const parsedGatewayUrl = typeof parsed.gatewayUrl === "string" && parsed.gatewayUrl.trim() ? parsed.gatewayUrl.trim() : defaults.gatewayUrl; const gatewayUrl = parsedGatewayUrl === pageDerivedUrl ? defaultUrl : parsedGatewayUrl; + const scopedSessionSelection = resolveScopedSessionSelection(gatewayUrl, parsed, defaults); const { theme, mode } = parseThemeSelection( (parsed as { theme?: unknown }).theme, (parsed as { themeMode?: unknown }).themeMode, @@ -158,15 +205,8 @@ export function loadSettings(): UiSettings { gatewayUrl, // Gateway auth is intentionally in-memory only; scrub any legacy persisted token on load. token: loadSessionToken(gatewayUrl), - sessionKey: - typeof parsed.sessionKey === "string" && parsed.sessionKey.trim() - ? parsed.sessionKey.trim() - : defaults.sessionKey, - lastActiveSessionKey: - typeof parsed.lastActiveSessionKey === "string" && parsed.lastActiveSessionKey.trim() - ? parsed.lastActiveSessionKey.trim() - : (typeof parsed.sessionKey === "string" && parsed.sessionKey.trim()) || - defaults.lastActiveSessionKey, + sessionKey: scopedSessionSelection.sessionKey, + lastActiveSessionKey: scopedSessionSelection.lastActiveSessionKey, theme, themeMode: mode, chatFocusMode: @@ -212,10 +252,33 @@ export function saveSettings(next: UiSettings) { function persistSettings(next: UiSettings) { persistSessionToken(next.gatewayUrl, next.token); + const scope = normalizeGatewayTokenScope(next.gatewayUrl); + let existingSessionsByGateway: Record = {}; + try { + const raw = localStorage.getItem(KEY); + if (raw) { + const parsed = JSON.parse(raw) as PersistedUiSettings; + if (parsed.sessionsByGateway && typeof parsed.sessionsByGateway === "object") { + existingSessionsByGateway = parsed.sessionsByGateway; + } + } + } catch { + // best-effort + } + const sessionsByGateway = Object.fromEntries( + [ + ...Object.entries(existingSessionsByGateway).filter(([key]) => key !== scope), + [ + scope, + { + sessionKey: next.sessionKey, + lastActiveSessionKey: next.lastActiveSessionKey, + }, + ], + ].slice(-MAX_SCOPED_SESSION_ENTRIES), + ); const persisted: PersistedUiSettings = { gatewayUrl: next.gatewayUrl, - sessionKey: next.sessionKey, - lastActiveSessionKey: next.lastActiveSessionKey, theme: next.theme, themeMode: next.themeMode, chatFocusMode: next.chatFocusMode, @@ -225,6 +288,7 @@ function persistSettings(next: UiSettings) { navCollapsed: next.navCollapsed, navWidth: next.navWidth, navGroupsCollapsed: next.navGroupsCollapsed, + sessionsByGateway, ...(next.locale ? { locale: next.locale } : {}), }; localStorage.setItem(KEY, JSON.stringify(persisted)); From f0202264d0de7ad345382b9008c5963bcefb01b7 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 10:28:15 -0700 Subject: [PATCH 28/34] Gateway: scrub credentials from endpoint snapshots (#46799) * Gateway: scrub credentials from endpoint snapshots * Gateway: scrub raw endpoint credentials in snapshots * Gateway: preserve config redaction round-trips * Gateway: restore redacted endpoint URLs on apply --- CHANGELOG.md | 1 + src/channels/account-snapshot-fields.test.ts | 10 ++++ src/channels/account-snapshot-fields.ts | 3 +- src/config/redact-snapshot.test.ts | 49 ++++++++++++++++++++ src/config/redact-snapshot.ts | 44 ++++++++++++++++-- src/shared/net/url-userinfo.ts | 13 ++++++ 6 files changed, 115 insertions(+), 5 deletions(-) create mode 100644 src/shared/net/url-userinfo.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 5de1f1b05f5..05ddf446d28 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ Docs: https://docs.openclaw.ai - Zalo Personal/group gating: stop reapplying `dmPolicy.allowFrom` as a sender gate for already-allowlisted groups when `groupAllowFrom` is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#40146) - Browser/remote CDP: honor strict browser SSRF policy during remote CDP reachability and `/json/version` discovery checks, redact sensitive `cdpUrl` tokens from status output, and warn when remote CDP targets private/internal hosts. - Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`. +- Gateway/config views: strip embedded credentials from URL-based endpoint fields before returning read-only account and config snapshots. Thanks @vincentkoc. - Tools/apply-patch: revalidate workspace-only delete and directory targets immediately before mutating host paths. Thanks @vincentkoc. - Webhooks/runtime: move auth earlier and tighten pre-auth body limits and timeouts across bundled webhook handlers, including slow-body handling for Mattermost slash commands. Thanks @vincentkoc. - Subagents/follow-ups: require the same controller ownership checks for `/subagents send` as other control actions, so leaf sessions cannot message nested child runs they do not control. Thanks @vincentkoc. diff --git a/src/channels/account-snapshot-fields.test.ts b/src/channels/account-snapshot-fields.test.ts index 6ccd03ccc21..b6cf92a7836 100644 --- a/src/channels/account-snapshot-fields.test.ts +++ b/src/channels/account-snapshot-fields.test.ts @@ -24,4 +24,14 @@ describe("projectSafeChannelAccountSnapshotFields", () => { signingSecretStatus: "configured_unavailable", // pragma: allowlist secret }); }); + + it("strips embedded credentials from baseUrl fields", () => { + const snapshot = projectSafeChannelAccountSnapshotFields({ + baseUrl: "https://bob:secret@chat.example.test", + }); + + expect(snapshot).toEqual({ + baseUrl: "https://chat.example.test/", + }); + }); }); diff --git a/src/channels/account-snapshot-fields.ts b/src/channels/account-snapshot-fields.ts index 72d745beac0..bfdc7ed6381 100644 --- a/src/channels/account-snapshot-fields.ts +++ b/src/channels/account-snapshot-fields.ts @@ -1,3 +1,4 @@ +import { stripUrlUserInfo } from "../shared/net/url-userinfo.js"; import type { ChannelAccountSnapshot } from "./plugins/types.core.js"; // Read-only status commands project a safe subset of account fields into snapshots @@ -203,7 +204,7 @@ export function projectSafeChannelAccountSnapshotFields( : {}), ...projectCredentialSnapshotFields(account), ...(readTrimmedString(record, "baseUrl") - ? { baseUrl: readTrimmedString(record, "baseUrl") } + ? { baseUrl: stripUrlUserInfo(readTrimmedString(record, "baseUrl")!) } : {}), ...(readBoolean(record, "allowUnmentionedGroups") !== undefined ? { allowUnmentionedGroups: readBoolean(record, "allowUnmentionedGroups") } diff --git a/src/config/redact-snapshot.test.ts b/src/config/redact-snapshot.test.ts index e173be34ec8..89aa4e1d121 100644 --- a/src/config/redact-snapshot.test.ts +++ b/src/config/redact-snapshot.test.ts @@ -163,6 +163,36 @@ describe("redactConfigSnapshot", () => { expect(result.config).toEqual(snapshot.config); }); + it("removes embedded credentials from URL-valued endpoint fields", () => { + const raw = `{ + models: { + providers: { + openai: { + baseUrl: "https://alice:secret@example.test/v1", + }, + }, + }, +}`; + const snapshot = makeSnapshot( + { + models: { + providers: { + openai: { + baseUrl: "https://alice:secret@example.test/v1", + }, + }, + }, + }, + raw, + ); + + const result = redactConfigSnapshot(snapshot); + const cfg = result.config as typeof snapshot.config; + expect(cfg.models.providers.openai.baseUrl).toBe(REDACTED_SENTINEL); + expect(result.raw).toContain(REDACTED_SENTINEL); + expect(result.raw).not.toContain("alice:secret@"); + }); + it("does not redact maxTokens-style fields", () => { const snapshot = makeSnapshot({ maxTokens: 16384, @@ -890,6 +920,25 @@ describe("redactConfigSnapshot", () => { }); describe("restoreRedactedValues", () => { + it("restores redacted URL endpoint fields on round-trip", () => { + const incoming = { + models: { + providers: { + openai: { baseUrl: REDACTED_SENTINEL }, + }, + }, + }; + const original = { + models: { + providers: { + openai: { baseUrl: "https://alice:secret@example.test/v1" }, + }, + }, + }; + const result = restoreRedactedValues(incoming, original, mainSchemaHints); + expect(result.models.providers.openai.baseUrl).toBe("https://alice:secret@example.test/v1"); + }); + it("restores sentinel values from original config", () => { const incoming = { gateway: { auth: { token: REDACTED_SENTINEL } }, diff --git a/src/config/redact-snapshot.ts b/src/config/redact-snapshot.ts index a80d1debb03..7c4eb5e50c5 100644 --- a/src/config/redact-snapshot.ts +++ b/src/config/redact-snapshot.ts @@ -1,5 +1,6 @@ import JSON5 from "json5"; import { createSubsystemLogger } from "../logging/subsystem.js"; +import { stripUrlUserInfo } from "../shared/net/url-userinfo.js"; import { replaceSensitiveValuesInRaw, shouldFallbackToStructuredRawRedaction, @@ -28,6 +29,10 @@ function isWholeObjectSensitivePath(path: string): boolean { return lowered.endsWith("serviceaccount") || lowered.endsWith("serviceaccountref"); } +function isUserInfoUrlPath(path: string): boolean { + return path.endsWith(".baseUrl") || path.endsWith(".httpUrl"); +} + function collectSensitiveStrings(value: unknown, values: string[]): void { if (typeof value === "string") { if (!isEnvVarPlaceholder(value)) { @@ -212,6 +217,14 @@ function redactObjectWithLookup( ) { // Keep primitives at explicitly-sensitive paths fully redacted. result[key] = REDACTED_SENTINEL; + } else if (typeof value === "string" && isUserInfoUrlPath(path)) { + const scrubbed = stripUrlUserInfo(value); + if (scrubbed !== value) { + values.push(value); + result[key] = REDACTED_SENTINEL; + } else { + result[key] = value; + } } break; } @@ -229,6 +242,14 @@ function redactObjectWithLookup( ) { result[key] = REDACTED_SENTINEL; values.push(value); + } else if (typeof value === "string" && isUserInfoUrlPath(path)) { + const scrubbed = stripUrlUserInfo(value); + if (scrubbed !== value) { + values.push(value); + result[key] = REDACTED_SENTINEL; + } else { + result[key] = value; + } } else if (typeof value === "object" && value !== null) { result[key] = redactObjectGuessing(value, path, values, hints); } @@ -293,6 +314,14 @@ function redactObjectGuessing( ) { collectSensitiveStrings(value, values); result[key] = REDACTED_SENTINEL; + } else if (typeof value === "string" && isUserInfoUrlPath(dotPath)) { + const scrubbed = stripUrlUserInfo(value); + if (scrubbed !== value) { + values.push(value); + result[key] = REDACTED_SENTINEL; + } else { + result[key] = value; + } } else if (typeof value === "object" && value !== null) { result[key] = redactObjectGuessing(value, dotPath, values, hints); } else { @@ -624,7 +653,10 @@ function restoreRedactedValuesWithLookup( for (const candidate of [path, wildcardPath]) { if (lookup.has(candidate)) { matched = true; - if (value === REDACTED_SENTINEL) { + if ( + value === REDACTED_SENTINEL && + (hints[candidate]?.sensitive === true || isUserInfoUrlPath(path)) + ) { result[key] = restoreOriginalValueOrThrow({ key, path: candidate, original: orig }); } else if (typeof value === "object" && value !== null) { result[key] = restoreRedactedValuesWithLookup(value, orig[key], lookup, candidate, hints); @@ -634,7 +666,11 @@ function restoreRedactedValuesWithLookup( } if (!matched) { const markedNonSensitive = isExplicitlyNonSensitivePath(hints, [path, wildcardPath]); - if (!markedNonSensitive && isSensitivePath(path) && value === REDACTED_SENTINEL) { + if ( + !markedNonSensitive && + value === REDACTED_SENTINEL && + (isSensitivePath(path) || isUserInfoUrlPath(path)) + ) { result[key] = restoreOriginalValueOrThrow({ key, path, original: orig }); } else if (typeof value === "object" && value !== null) { result[key] = restoreRedactedValuesGuessing(value, orig[key], path, hints); @@ -674,8 +710,8 @@ function restoreRedactedValuesGuessing( const wildcardPath = prefix ? `${prefix}.*` : "*"; if ( !isExplicitlyNonSensitivePath(hints, [path, wildcardPath]) && - isSensitivePath(path) && - value === REDACTED_SENTINEL + value === REDACTED_SENTINEL && + (isSensitivePath(path) || isUserInfoUrlPath(path)) ) { result[key] = restoreOriginalValueOrThrow({ key, path, original: orig }); } else if (typeof value === "object" && value !== null) { diff --git a/src/shared/net/url-userinfo.ts b/src/shared/net/url-userinfo.ts new file mode 100644 index 00000000000..d9374a3d4c2 --- /dev/null +++ b/src/shared/net/url-userinfo.ts @@ -0,0 +1,13 @@ +export function stripUrlUserInfo(value: string): string { + try { + const parsed = new URL(value); + if (!parsed.username && !parsed.password) { + return value; + } + parsed.username = ""; + parsed.password = ""; + return parsed.toString(); + } catch { + return value; + } +} From d88da9f5f8182932415c79b0c2a69007da794faa Mon Sep 17 00:00:00 2001 From: Nimrod Gutman Date: Sun, 15 Mar 2026 19:28:50 +0200 Subject: [PATCH 29/34] fix(config): avoid failing startup on implicit memory slot (#47494) * fix(config): avoid failing on implicit memory slot * fix(config): satisfy build for memory slot guard * docs(changelog): note implicit memory slot startup fix (#47494) --- CHANGELOG.md | 1 + src/config/config.plugin-validation.test.ts | 18 ++++++++++++++++++ src/config/validation.ts | 11 ++++++++++- 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 05ddf446d28..5653cc86e54 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -57,6 +57,7 @@ Docs: https://docs.openclaw.ai - CLI: avoid loading provider discovery during startup model normalization. (#46522) Thanks @ItsAditya-xyz and @vincentkoc. - Tlon: honor explicit empty allowlists and defer cite expansion. (#46788) Thanks @zpbrent and @vincentkoc. - ACP: require admin scope for mutating internal actions. (#46789) Thanks @tdjackey and @vincentkoc. +- Gateway/config validation: stop treating the implicit default memory slot as a required explicit plugin config, so startup no longer fails with `plugins.slots.memory: plugin not found: memory-core` when `memory-core` was only inferred. (#47494) Thanks @ngutman. ## 2026.3.13 diff --git a/src/config/config.plugin-validation.test.ts b/src/config/config.plugin-validation.test.ts index 51d38b1a9af..f7f5539eb5a 100644 --- a/src/config/config.plugin-validation.test.ts +++ b/src/config/config.plugin-validation.test.ts @@ -173,6 +173,24 @@ describe("config plugin validation", () => { } }); + it("does not fail validation for the implicit default memory slot when plugins config is explicit", async () => { + const res = validateConfigObjectWithPlugins( + { + agents: { list: [{ id: "pi" }] }, + plugins: { + entries: { acpx: { enabled: true } }, + }, + }, + { + env: { + ...suiteEnv(), + OPENCLAW_BUNDLED_PLUGINS_DIR: path.join(suiteHome, "missing-bundled-plugins"), + }, + }, + ); + expect(res.ok).toBe(true); + }); + it("warns for removed legacy plugin ids instead of failing validation", async () => { const removedId = "google-antigravity-auth"; const res = validateInSuite({ diff --git a/src/config/validation.ts b/src/config/validation.ts index 686dbb0ed43..1486ea07182 100644 --- a/src/config/validation.ts +++ b/src/config/validation.ts @@ -528,8 +528,17 @@ function validateConfigObjectWithPluginsBase( } } + // The default memory slot is inferred; only a user-configured slot should block startup. + const pluginSlots = pluginsConfig?.slots; + const hasExplicitMemorySlot = + pluginSlots !== undefined && Object.prototype.hasOwnProperty.call(pluginSlots, "memory"); const memorySlot = normalizedPlugins.slots.memory; - if (typeof memorySlot === "string" && memorySlot.trim() && !knownIds.has(memorySlot)) { + if ( + hasExplicitMemorySlot && + typeof memorySlot === "string" && + memorySlot.trim() && + !knownIds.has(memorySlot) + ) { pushMissingPluginIssue("plugins.slots.memory", memorySlot); } From 756d9b57823217802b15c5b7d73a154fbd6bad85 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 10:29:31 -0700 Subject: [PATCH 30/34] CLI: lazy-load auth choice provider fallback (#47495) * CLI: lazy-load auth choice provider fallback * CLI: cover lazy auth choice provider fallback --- src/commands/auth-choice.preferred-provider.ts | 10 ++++++---- src/commands/auth-choice.test.ts | 8 ++++---- .../configure.gateway-auth.prompt-auth-config.test.ts | 2 +- src/commands/configure.gateway-auth.ts | 2 +- .../local/auth-choice.plugin-providers.ts | 4 ++-- src/wizard/onboarding.test.ts | 2 +- src/wizard/onboarding.ts | 2 +- 7 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/commands/auth-choice.preferred-provider.ts b/src/commands/auth-choice.preferred-provider.ts index 959754625bc..49251a88f87 100644 --- a/src/commands/auth-choice.preferred-provider.ts +++ b/src/commands/auth-choice.preferred-provider.ts @@ -1,6 +1,4 @@ import type { OpenClawConfig } from "../config/config.js"; -import { resolveProviderPluginChoice } from "../plugins/provider-wizard.js"; -import { resolvePluginProviders } from "../plugins/providers.js"; import type { AuthChoice } from "./onboard-types.js"; const PREFERRED_PROVIDER_BY_AUTH_CHOICE: Partial> = { @@ -53,17 +51,21 @@ const PREFERRED_PROVIDER_BY_AUTH_CHOICE: Partial> = { vllm: "vllm", }; -export function resolvePreferredProviderForAuthChoice(params: { +export async function resolvePreferredProviderForAuthChoice(params: { choice: AuthChoice; config?: OpenClawConfig; workspaceDir?: string; env?: NodeJS.ProcessEnv; -}): string | undefined { +}): Promise { const preferred = PREFERRED_PROVIDER_BY_AUTH_CHOICE[params.choice]; if (preferred) { return preferred; } + const [{ resolveProviderPluginChoice }, { resolvePluginProviders }] = await Promise.all([ + import("../plugins/provider-wizard.js"), + import("../plugins/providers.js"), + ]); const providers = resolvePluginProviders({ config: params.config, workspaceDir: params.workspaceDir, diff --git a/src/commands/auth-choice.test.ts b/src/commands/auth-choice.test.ts index d5a59e48d46..e74c0e1c31f 100644 --- a/src/commands/auth-choice.test.ts +++ b/src/commands/auth-choice.test.ts @@ -1352,7 +1352,7 @@ describe("applyAuthChoice", () => { }); describe("resolvePreferredProviderForAuthChoice", () => { - it("maps known and unknown auth choices", () => { + it("maps known and unknown auth choices", async () => { const scenarios = [ { authChoice: "github-copilot" as const, expectedProvider: "github-copilot" }, { authChoice: "qwen-portal" as const, expectedProvider: "qwen-portal" }, @@ -1361,9 +1361,9 @@ describe("resolvePreferredProviderForAuthChoice", () => { { authChoice: "unknown" as AuthChoice, expectedProvider: undefined }, ] as const; for (const scenario of scenarios) { - expect(resolvePreferredProviderForAuthChoice({ choice: scenario.authChoice })).toBe( - scenario.expectedProvider, - ); + await expect( + resolvePreferredProviderForAuthChoice({ choice: scenario.authChoice }), + ).resolves.toBe(scenario.expectedProvider); } }); }); diff --git a/src/commands/configure.gateway-auth.prompt-auth-config.test.ts b/src/commands/configure.gateway-auth.prompt-auth-config.test.ts index b27e52fcf7c..0657a77b3e1 100644 --- a/src/commands/configure.gateway-auth.prompt-auth-config.test.ts +++ b/src/commands/configure.gateway-auth.prompt-auth-config.test.ts @@ -23,7 +23,7 @@ vi.mock("./auth-choice-prompt.js", () => ({ vi.mock("./auth-choice.js", () => ({ applyAuthChoice: mocks.applyAuthChoice, - resolvePreferredProviderForAuthChoice: vi.fn(() => undefined), + resolvePreferredProviderForAuthChoice: vi.fn(async () => undefined), })); vi.mock("./model-picker.js", async (importActual) => { diff --git a/src/commands/configure.gateway-auth.ts b/src/commands/configure.gateway-auth.ts index 78bcc88ca5f..ca56ee25275 100644 --- a/src/commands/configure.gateway-auth.ts +++ b/src/commands/configure.gateway-auth.ts @@ -110,7 +110,7 @@ export async function promptAuthConfig( allowKeep: true, ignoreAllowlist: true, includeProviderPluginSetups: true, - preferredProvider: resolvePreferredProviderForAuthChoice({ + preferredProvider: await resolvePreferredProviderForAuthChoice({ choice: authChoice, config: next, }), diff --git a/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.ts b/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.ts index 01007aa7aa2..d6e1440eb20 100644 --- a/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.ts +++ b/src/commands/onboard-non-interactive/local/auth-choice.plugin-providers.ts @@ -64,11 +64,11 @@ export async function applyNonInteractivePluginProviderChoice(params: { : undefined; const preferredProviderId = prefixedProviderId || - resolvePreferredProviderForAuthChoice({ + (await resolvePreferredProviderForAuthChoice({ choice: params.authChoice, config: params.nextConfig, workspaceDir, - }); + })); const resolutionConfig = buildIsolatedProviderResolutionConfig( params.nextConfig, preferredProviderId, diff --git a/src/wizard/onboarding.test.ts b/src/wizard/onboarding.test.ts index e6bbfd146fa..14c3183c323 100644 --- a/src/wizard/onboarding.test.ts +++ b/src/wizard/onboarding.test.ts @@ -11,7 +11,7 @@ import type { WizardPrompter, WizardSelectParams } from "./prompts.js"; const ensureAuthProfileStore = vi.hoisted(() => vi.fn(() => ({ profiles: {} }))); const promptAuthChoiceGrouped = vi.hoisted(() => vi.fn(async () => "skip")); const applyAuthChoice = vi.hoisted(() => vi.fn(async (args) => ({ config: args.config }))); -const resolvePreferredProviderForAuthChoice = vi.hoisted(() => vi.fn(() => "openai")); +const resolvePreferredProviderForAuthChoice = vi.hoisted(() => vi.fn(async () => "openai")); const warnIfModelConfigLooksOff = vi.hoisted(() => vi.fn(async () => {})); const applyPrimaryModel = vi.hoisted(() => vi.fn((cfg) => cfg)); const promptDefaultModel = vi.hoisted(() => vi.fn(async () => ({ config: null, model: null }))); diff --git a/src/wizard/onboarding.ts b/src/wizard/onboarding.ts index e8265efd49e..d2c35a022da 100644 --- a/src/wizard/onboarding.ts +++ b/src/wizard/onboarding.ts @@ -464,7 +464,7 @@ export async function runOnboardingWizard( allowKeep: true, ignoreAllowlist: true, includeProviderPluginSetups: true, - preferredProvider: resolvePreferredProviderForAuthChoice({ + preferredProvider: await resolvePreferredProviderForAuthChoice({ choice: authChoice, config: nextConfig, workspaceDir, From 132e45900904fc981e6ef04259eb37c72f6c165d Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 10:43:03 -0700 Subject: [PATCH 31/34] fix(ci): config drift found and documented --- docs/.generated/config-baseline.json | 9636 ++++++++++++++--- docs/.generated/config-baseline.jsonl | 188 +- docs/gateway/configuration-reference.md | 7 + docs/gateway/configuration.md | 30 + docs/gateway/health.md | 9 + extensions/telegram/src/conversation-route.ts | 6 +- 6 files changed, 8203 insertions(+), 1673 deletions(-) diff --git a/docs/.generated/config-baseline.json b/docs/.generated/config-baseline.json index cf872fcd62d..f6f854b2946 100644 --- a/docs/.generated/config-baseline.json +++ b/docs/.generated/config-baseline.json @@ -8,7 +8,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP", "help": "ACP runtime controls for enabling dispatch, selecting backends, constraining allowed agent targets, and tuning streamed turn projection behavior.", "hasChildren": true @@ -20,7 +22,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "ACP Allowed Agents", "help": "Allowlist of ACP target agent ids permitted for ACP runtime sessions. Empty means no additional allowlist restriction.", "hasChildren": true @@ -42,7 +46,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Backend", "help": "Default ACP runtime backend id (for example: acpx). Must match a registered ACP runtime plugin backend.", "hasChildren": false @@ -54,7 +60,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Default Agent", "help": "Fallback ACP target agent id used when ACP spawns do not specify an explicit target.", "hasChildren": false @@ -76,7 +84,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Dispatch Enabled", "help": "Independent dispatch gate for ACP session turns (default: true). Set false to keep ACP commands available while blocking ACP turn execution.", "hasChildren": false @@ -88,7 +98,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Enabled", "help": "Global ACP feature gate. Keep disabled unless ACP runtime + policy are configured.", "hasChildren": false @@ -100,7 +112,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "ACP Max Concurrent Sessions", "help": "Maximum concurrently active ACP sessions across this gateway process.", "hasChildren": false @@ -122,7 +137,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Runtime Install Command", "help": "Optional operator install/setup command shown by `/acp install` and `/acp doctor` when ACP backend wiring is missing.", "hasChildren": false @@ -134,7 +151,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Runtime TTL (minutes)", "help": "Idle runtime TTL in minutes for ACP session workers before eligible cleanup.", "hasChildren": false @@ -146,7 +165,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Stream", "help": "ACP streaming projection controls for chunk sizing, metadata visibility, and deduped delivery behavior.", "hasChildren": true @@ -158,7 +179,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Stream Coalesce Idle (ms)", "help": "Coalescer idle flush window in milliseconds for ACP streamed text before block replies are emitted.", "hasChildren": false @@ -170,7 +193,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Stream Delivery Mode", "help": "ACP delivery style: live streams projected output incrementally, final_only buffers all projected ACP output until terminal turn events.", "hasChildren": false @@ -182,7 +207,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Stream Hidden Boundary Separator", "help": "Separator inserted before next visible assistant text when hidden ACP tool lifecycle events occurred (none|space|newline|paragraph). Default: paragraph.", "hasChildren": false @@ -194,7 +221,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "ACP Stream Max Chunk Chars", "help": "Maximum chunk size for ACP streamed block projection before splitting into multiple block replies.", "hasChildren": false @@ -206,7 +235,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "ACP Stream Max Output Chars", "help": "Maximum assistant output characters projected per ACP turn before truncation notice is emitted.", "hasChildren": false @@ -218,7 +249,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "ACP Stream Max Session Update Chars", "help": "Maximum characters for projected ACP session/update lines (tool/status updates).", "hasChildren": false @@ -230,7 +264,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Stream Repeat Suppression", "help": "When true (default), suppress repeated ACP status/tool projection lines in a turn while keeping raw ACP events unchanged.", "hasChildren": false @@ -242,7 +278,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Stream Tag Visibility", "help": "Per-sessionUpdate visibility overrides for ACP projection (for example usage_update, available_commands_update).", "hasChildren": true @@ -264,7 +302,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agents", "help": "Agent runtime configuration root covering defaults and explicit agent entries used for routing and execution context. Keep this section explicit so model/tool behavior stays predictable across multi-agent workflows.", "hasChildren": true @@ -276,7 +316,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agent Defaults", "help": "Shared default settings inherited by agents unless overridden per entry in agents.list. Use defaults to enforce consistent baseline behavior and reduce duplicated per-agent configuration.", "hasChildren": true @@ -388,7 +430,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Bootstrap Max Chars", "help": "Max characters of each workspace bootstrap file injected into the system prompt before truncation (default: 20000).", "hasChildren": false @@ -400,7 +444,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Bootstrap Prompt Truncation Warning", "help": "Inject agent-visible warning text when bootstrap files are truncated: \"off\", \"once\" (default), or \"always\".", "hasChildren": false @@ -412,7 +458,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Bootstrap Total Max Chars", "help": "Max total characters across all injected workspace bootstrap files (default: 150000).", "hasChildren": false @@ -424,7 +472,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "CLI Backends", "help": "Optional CLI backends for text-only fallback (claude-cli, etc.).", "hasChildren": true @@ -846,7 +896,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction", "help": "Compaction tuning for when context nears token limits, including history share, reserve headroom, and pre-compaction memory flush behavior. Use this when long-running sessions need stable continuity under tight context windows.", "hasChildren": true @@ -868,7 +920,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction Identifier Instructions", "help": "Custom identifier-preservation instruction text used when identifierPolicy=\"custom\". Keep this explicit and safety-focused so compaction summaries do not rewrite opaque IDs, URLs, hosts, or ports.", "hasChildren": false @@ -880,7 +934,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Compaction Identifier Policy", "help": "Identifier-preservation policy for compaction summaries: \"strict\" prepends built-in opaque-identifier retention guidance (default), \"off\" disables this prefix, and \"custom\" uses identifierInstructions. Keep \"strict\" unless you have a specific compatibility need.", "hasChildren": false @@ -892,7 +948,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "label": "Compaction Keep Recent Tokens", "help": "Minimum token budget preserved from the most recent conversation window during compaction. Use higher values to protect immediate context continuity and lower values to keep more long-tail history.", "hasChildren": false @@ -904,7 +963,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Compaction Max History Share", "help": "Maximum fraction of total context budget allowed for retained history after compaction (range 0.1-0.9). Use lower shares for more generation headroom or higher shares for deeper historical continuity.", "hasChildren": false @@ -916,7 +977,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction Memory Flush", "help": "Pre-compaction memory flush settings that run an agentic memory write before heavy compaction. Keep enabled for long sessions so salient context is persisted before aggressive trimming.", "hasChildren": true @@ -928,7 +991,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction Memory Flush Enabled", "help": "Enables pre-compaction memory flush before the runtime performs stronger history reduction near token limits. Keep enabled unless you intentionally disable memory side effects in constrained environments.", "hasChildren": false @@ -936,11 +1001,16 @@ { "path": "agents.defaults.compaction.memoryFlush.forceFlushTranscriptBytes", "kind": "core", - "type": ["integer", "string"], + "type": [ + "integer", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction Memory Flush Transcript Size Threshold", "help": "Forces pre-compaction memory flush when transcript file size reaches this threshold (bytes or strings like \"2mb\"). Use this to prevent long-session hangs even when token counters are stale; set to 0 to disable.", "hasChildren": false @@ -952,7 +1022,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction Memory Flush Prompt", "help": "User-prompt template used for the pre-compaction memory flush turn when generating memory candidates. Use this only when you need custom extraction instructions beyond the default memory flush behavior.", "hasChildren": false @@ -964,7 +1036,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "label": "Compaction Memory Flush Soft Threshold", "help": "Threshold distance to compaction (in tokens) that triggers pre-compaction memory flush execution. Use earlier thresholds for safer persistence, or tighter thresholds for lower flush frequency.", "hasChildren": false @@ -976,7 +1051,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction Memory Flush System Prompt", "help": "System-prompt override for the pre-compaction memory flush turn to control extraction style and safety constraints. Use carefully so custom instructions do not reduce memory quality or leak sensitive context.", "hasChildren": false @@ -988,7 +1065,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction Mode", "help": "Compaction strategy mode: \"default\" uses baseline behavior, while \"safeguard\" applies stricter guardrails to preserve recent context. Keep \"default\" unless you observe aggressive history loss near limit boundaries.", "hasChildren": false @@ -1000,7 +1079,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Compaction Model Override", "help": "Optional provider/model override used only for compaction summarization. Set this when you want compaction to run on a different model than the session default, and leave it unset to keep using the primary agent model.", "hasChildren": false @@ -1012,7 +1093,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Post-Compaction Context Sections", "help": "AGENTS.md H2/H3 section names re-injected after compaction so the agent reruns critical startup guidance. Leave unset to use \"Session Startup\"/\"Red Lines\" with legacy fallback to \"Every Session\"/\"Safety\"; set to [] to disable reinjection entirely.", "hasChildren": true @@ -1032,10 +1115,16 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["off", "async", "await"], + "enumValues": [ + "off", + "async", + "await" + ], "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction Post-Index Sync", "help": "Controls post-compaction session memory reindex mode: \"off\", \"async\", or \"await\" (default: \"async\"). Use \"await\" for strongest freshness, \"async\" for lower compaction latency, and \"off\" only when session-memory sync is handled elsewhere.", "hasChildren": false @@ -1047,7 +1136,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction Quality Guard", "help": "Optional quality-audit retry settings for safeguard compaction summaries. Leave this disabled unless you explicitly want summary audits and one-shot regeneration on failed checks.", "hasChildren": true @@ -1059,7 +1150,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction Quality Guard Enabled", "help": "Enables summary quality audits and regeneration retries for safeguard compaction. Default: false, so safeguard mode alone does not turn on retry behavior.", "hasChildren": false @@ -1071,7 +1164,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Compaction Quality Guard Max Retries", "help": "Maximum number of regeneration retries after a failed safeguard summary quality audit. Use small values to bound extra latency and token cost.", "hasChildren": false @@ -1083,7 +1178,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Compaction Preserve Recent Turns", "help": "Number of most recent user/assistant turns kept verbatim outside safeguard summarization (default: 3). Raise this to preserve exact recent dialogue context, or lower it to maximize compaction savings.", "hasChildren": false @@ -1095,7 +1192,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "label": "Compaction Reserve Tokens", "help": "Token headroom reserved for reply generation and tool output after compaction runs. Use higher reserves for verbose/tool-heavy sessions, and lower reserves when maximizing retained history matters more.", "hasChildren": false @@ -1107,11 +1207,28 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "label": "Compaction Reserve Token Floor", "help": "Minimum floor enforced for reserveTokens in Pi compaction paths (0 disables the floor guard). Use a non-zero floor to avoid over-aggressive compression under fluctuating token estimates.", "hasChildren": false }, + { + "path": "agents.defaults.compaction.timeoutSeconds", + "kind": "core", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "performance" + ], + "label": "Compaction Timeout (Seconds)", + "help": "Maximum time in seconds allowed for a single compaction operation before it is aborted (default: 900). Increase this for very large sessions that need more time to summarize, or decrease it to fail faster on unresponsive models.", + "hasChildren": false + }, { "path": "agents.defaults.contextPruning", "kind": "core", @@ -1329,7 +1446,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Embedded Pi", "help": "Embedded Pi runner hardening controls for how workspace-local Pi settings are trusted and applied in OpenClaw sessions.", "hasChildren": true @@ -1341,7 +1460,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Embedded Pi Project Settings Policy", "help": "How embedded Pi handles workspace-local `.pi/config/settings.json`: \"sanitize\" (default) strips shellPath/shellCommandPrefix, \"ignore\" disables project settings entirely, and \"trusted\" applies project settings as-is.", "hasChildren": false @@ -1353,7 +1474,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Envelope Elapsed", "help": "Include elapsed time in message envelopes (\"on\" or \"off\").", "hasChildren": false @@ -1365,7 +1488,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Envelope Timestamp", "help": "Include absolute timestamps in message envelopes (\"on\" or \"off\").", "hasChildren": false @@ -1377,7 +1502,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Envelope Timezone", "help": "Timezone for message envelopes (\"utc\", \"local\", \"user\", or an IANA timezone string).", "hasChildren": false @@ -1459,7 +1586,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "automation", "storage"], + "tags": [ + "access", + "automation", + "storage" + ], "label": "Heartbeat Direct Policy", "help": "Controls whether heartbeat delivery may target direct/DM chats: \"allow\" (default) permits DM delivery and \"block\" suppresses direct-target sends.", "hasChildren": false @@ -1541,7 +1672,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation"], + "tags": [ + "automation" + ], "label": "Heartbeat Suppress Tool Error Warnings", "help": "Suppress tool error warning payloads during heartbeat runs.", "hasChildren": false @@ -1553,8 +1686,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation"], - "help": "Delivery target (\"last\", \"none\", or a channel id). Known channels: telegram, whatsapp, discord, irc, googlechat, slack, signal, imessage, line, zalouser, zalo, tlon, feishu, nextcloud-talk, msteams, bluebubbles, synology-chat, mattermost, twitch, matrix, nostr.", + "tags": [ + "automation" + ], + "help": "Delivery target (\"last\", \"none\", or a channel id). Known channels: telegram, whatsapp, discord, irc, googlechat, slack, signal, imessage, line, bluebubbles, feishu, matrix, mattermost, msteams, nextcloud-talk, nostr, synology-chat, tlon, twitch, zalo, zalouser.", "hasChildren": false }, { @@ -1584,7 +1719,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Human Delay Max (ms)", "help": "Maximum delay in ms for custom humanDelay (default: 2500).", "hasChildren": false @@ -1596,7 +1733,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Human Delay Min (ms)", "help": "Minimum delay in ms for custom humanDelay (default: 800).", "hasChildren": false @@ -1608,7 +1747,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Human Delay Mode", "help": "Delay style for block replies (\"off\", \"natural\", \"custom\").", "hasChildren": false @@ -1620,7 +1761,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance"], + "tags": [ + "media", + "performance" + ], "label": "Image Max Dimension (px)", "help": "Max image side length in pixels when sanitizing transcript/tool-result image payloads (default: 1200).", "hasChildren": false @@ -1628,7 +1772,10 @@ { "path": "agents.defaults.imageModel", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -1642,7 +1789,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "models", "reliability"], + "tags": [ + "media", + "models", + "reliability" + ], "label": "Image Model Fallbacks", "help": "Ordered fallback image models (provider/model).", "hasChildren": true @@ -1664,7 +1815,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "models"], + "tags": [ + "media", + "models" + ], "label": "Image Model", "help": "Optional image model (provider/model) used when the primary model lacks image input.", "hasChildren": false @@ -1696,7 +1850,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search", "help": "Vector search over MEMORY.md and memory/*.md (per-agent overrides supported).", "hasChildren": true @@ -1718,7 +1874,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Memory Search Embedding Cache", "help": "Caches computed chunk embeddings in SQLite so reindexing and incremental updates run faster (default: true). Keep this enabled unless investigating cache correctness or minimizing disk usage.", "hasChildren": false @@ -1730,7 +1888,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "Memory Search Embedding Cache Max Entries", "help": "Sets a best-effort upper bound on cached embeddings kept in SQLite for memory search. Use this when controlling disk growth matters more than peak reindex speed.", "hasChildren": false @@ -1752,7 +1913,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Chunk Overlap Tokens", "help": "Token overlap between adjacent memory chunks to preserve context continuity near split boundaries. Use modest overlap to reduce boundary misses without inflating index size too aggressively.", "hasChildren": false @@ -1764,7 +1927,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "label": "Memory Chunk Tokens", "help": "Chunk size in tokens used when splitting memory sources before embedding/indexing. Increase for broader context per chunk, or lower to improve precision on pinpoint lookups.", "hasChildren": false @@ -1776,7 +1942,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable Memory Search", "help": "Master toggle for memory search indexing and retrieval behavior on this agent profile. Keep enabled for semantic recall, and disable when you want fully stateless responses.", "hasChildren": false @@ -1798,7 +1966,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "security", "storage"], + "tags": [ + "advanced", + "security", + "storage" + ], "label": "Memory Search Session Index (Experimental)", "help": "Indexes session transcripts into memory search so responses can reference prior chat turns. Keep this off unless transcript recall is needed, because indexing cost and storage usage both increase.", "hasChildren": false @@ -1810,7 +1982,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Extra Memory Paths", "help": "Adds extra directories or .md files to the memory index beyond default memory files. Use this when key reference docs live elsewhere in your repo; when multimodal memory is enabled, matching image/audio files under these paths are also eligible for indexing.", "hasChildren": true @@ -1832,7 +2006,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["reliability"], + "tags": [ + "reliability" + ], "label": "Memory Search Fallback", "help": "Backup provider used when primary embeddings fail: \"openai\", \"gemini\", \"voyage\", \"mistral\", \"ollama\", \"local\", or \"none\". Set a real fallback for production reliability; use \"none\" only if you prefer explicit failures.", "hasChildren": false @@ -1864,7 +2040,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Local Embedding Model Path", "help": "Specifies the local embedding model source for local memory search, such as a GGUF file path or `hf:` URI. Use this only when provider is `local`, and verify model compatibility before large index rebuilds.", "hasChildren": false @@ -1876,7 +2054,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Memory Search Model", "help": "Embedding model override used by the selected memory provider when a non-default model is required. Set this only when you need explicit recall quality/cost tuning beyond provider defaults.", "hasChildren": false @@ -1888,7 +2068,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Multimodal", "help": "Optional multimodal memory settings for indexing image and audio files from configured extra paths. Keep this off unless your embedding model explicitly supports cross-modal embeddings, and set `memorySearch.fallback` to \"none\" while it is enabled. Matching files are uploaded to the configured remote embedding provider during indexing.", "hasChildren": true @@ -1900,7 +2082,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable Memory Search Multimodal", "help": "Enables image/audio memory indexing from extraPaths. This currently requires Gemini embedding-2, keeps the default memory roots Markdown-only, disables memory-search fallback providers, and uploads matching binary content to the configured remote embedding provider.", "hasChildren": false @@ -1912,7 +2096,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "Memory Search Multimodal Max File Bytes", "help": "Sets the maximum bytes allowed per multimodal file before it is skipped during memory indexing. Use this to cap upload cost and indexing latency, or raise it for short high-quality audio clips.", "hasChildren": false @@ -1924,7 +2111,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Multimodal Modalities", "help": "Selects which multimodal file types are indexed from extraPaths: \"image\", \"audio\", or \"all\". Keep this narrow to avoid indexing large binary corpora unintentionally.", "hasChildren": true @@ -1946,7 +2135,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Output Dimensionality", "help": "Gemini embedding-2 only: chooses the output vector size for memory embeddings. Use 768, 1536, or 3072 (default), and expect a full reindex when you change it because stored vector dimensions must stay consistent.", "hasChildren": false @@ -1958,7 +2149,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Provider", "help": "Selects the embedding backend used to build/query memory vectors: \"openai\", \"gemini\", \"voyage\", \"mistral\", \"ollama\", or \"local\". Keep your most reliable provider here and configure fallback for resilience.", "hasChildren": false @@ -1990,7 +2183,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Hybrid Candidate Multiplier", "help": "Expands the candidate pool before reranking (default: 4). Raise this for better recall on noisy corpora, but expect more compute and slightly slower searches.", "hasChildren": false @@ -2002,7 +2197,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Hybrid", "help": "Combines BM25 keyword matching with vector similarity for better recall on mixed exact + semantic queries. Keep enabled unless you are isolating ranking behavior for troubleshooting.", "hasChildren": false @@ -2024,7 +2221,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search MMR Re-ranking", "help": "Adds MMR reranking to diversify results and reduce near-duplicate snippets in a single answer window. Enable when recall looks repetitive; keep off for strict score ordering.", "hasChildren": false @@ -2036,7 +2235,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search MMR Lambda", "help": "Sets MMR relevance-vs-diversity balance (0 = most diverse, 1 = most relevant, default: 0.7). Lower values reduce repetition; higher values keep tightly relevant but may duplicate.", "hasChildren": false @@ -2058,7 +2259,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Temporal Decay", "help": "Applies recency decay so newer memory can outrank older memory when scores are close. Enable when timeliness matters; keep off for timeless reference knowledge.", "hasChildren": false @@ -2070,7 +2273,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Temporal Decay Half-life (Days)", "help": "Controls how fast older memory loses rank when temporal decay is enabled (half-life in days, default: 30). Lower values prioritize recent context more aggressively.", "hasChildren": false @@ -2082,7 +2287,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Text Weight", "help": "Controls how strongly BM25 keyword relevance influences hybrid ranking (0-1). Increase for exact-term matching; decrease when semantic matches should rank higher.", "hasChildren": false @@ -2094,7 +2301,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Vector Weight", "help": "Controls how strongly semantic similarity influences hybrid ranking (0-1). Increase when paraphrase matching matters more than exact terms; decrease for stricter keyword emphasis.", "hasChildren": false @@ -2106,7 +2315,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Memory Search Max Results", "help": "Maximum number of memory hits returned from search before downstream reranking and prompt injection. Raise for broader recall, or lower for tighter prompts and faster responses.", "hasChildren": false @@ -2118,7 +2329,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Min Score", "help": "Minimum relevance score threshold for including memory results in final recall output. Increase to reduce weak/noisy matches, or lower when you need more permissive retrieval.", "hasChildren": false @@ -2136,11 +2349,17 @@ { "path": "agents.defaults.memorySearch.remote.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "label": "Remote Embedding API Key", "help": "Supplies a dedicated API key for remote embedding calls used by memory indexing and query-time embeddings. Use this when memory embeddings should use different credentials than global defaults or environment variables.", "hasChildren": true @@ -2182,7 +2401,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Remote Embedding Base URL", "help": "Overrides the embedding API endpoint, such as an OpenAI-compatible proxy or custom Gemini base URL. Use this only when routing through your own gateway or vendor endpoint; keep provider defaults otherwise.", "hasChildren": false @@ -2204,7 +2425,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Remote Batch Concurrency", "help": "Limits how many embedding batch jobs run at the same time during indexing (default: 2). Increase carefully for faster bulk indexing, but watch provider rate limits and queue errors.", "hasChildren": false @@ -2216,7 +2439,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Remote Batch Embedding Enabled", "help": "Enables provider batch APIs for embedding jobs when supported (OpenAI/Gemini), improving throughput on larger index runs. Keep this enabled unless debugging provider batch failures or running very small workloads.", "hasChildren": false @@ -2228,7 +2453,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Remote Batch Poll Interval (ms)", "help": "Controls how often the system polls provider APIs for batch job status in milliseconds (default: 2000). Use longer intervals to reduce API chatter, or shorter intervals for faster completion detection.", "hasChildren": false @@ -2240,7 +2467,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Remote Batch Timeout (min)", "help": "Sets the maximum wait time for a full embedding batch operation in minutes (default: 60). Increase for very large corpora or slower providers, and lower it to fail fast in automation-heavy flows.", "hasChildren": false @@ -2252,7 +2481,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Remote Batch Wait for Completion", "help": "Waits for batch embedding jobs to fully finish before the indexing operation completes. Keep this enabled for deterministic indexing state; disable only if you accept delayed consistency.", "hasChildren": false @@ -2264,7 +2495,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Remote Embedding Headers", "help": "Adds custom HTTP headers to remote embedding requests, merged with provider defaults. Use this for proxy auth and tenant routing headers, and keep values minimal to avoid leaking sensitive metadata.", "hasChildren": true @@ -2286,7 +2519,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Search Sources", "help": "Chooses which sources are indexed: \"memory\" reads MEMORY.md + memory files, and \"sessions\" includes transcript history. Keep [\"memory\"] unless you need recall from prior chat transcripts.", "hasChildren": true @@ -2328,7 +2563,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Memory Search Index Path", "help": "Sets where the SQLite memory index is stored on disk for each agent. Keep the default `~/.openclaw/memory/{agentId}.sqlite` unless you need custom storage placement or backup policy alignment.", "hasChildren": false @@ -2350,7 +2587,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Memory Search Vector Index", "help": "Enables the sqlite-vec extension used for vector similarity queries in memory search (default: true). Keep this enabled for normal semantic recall; disable only for debugging or fallback-only operation.", "hasChildren": false @@ -2362,7 +2601,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Memory Search Vector Extension Path", "help": "Overrides the auto-discovered sqlite-vec extension library path (`.dylib`, `.so`, or `.dll`). Use this when your runtime cannot find sqlite-vec automatically or you pin a known-good build.", "hasChildren": false @@ -2394,7 +2635,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Index on Search (Lazy)", "help": "Uses lazy sync by scheduling reindex on search after content changes are detected. Keep enabled for lower idle overhead, or disable if you require pre-synced indexes before any query.", "hasChildren": false @@ -2406,7 +2649,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation", "storage"], + "tags": [ + "automation", + "storage" + ], "label": "Index on Session Start", "help": "Triggers a memory index sync when a session starts so early turns see fresh memory content. Keep enabled when startup freshness matters more than initial turn latency.", "hasChildren": false @@ -2428,7 +2674,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Delta Bytes", "help": "Requires at least this many newly appended bytes before session transcript changes trigger reindex (default: 100000). Increase to reduce frequent small reindexes, or lower for faster transcript freshness.", "hasChildren": false @@ -2440,7 +2688,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Delta Messages", "help": "Requires at least this many appended transcript messages before reindex is triggered (default: 50). Lower this for near-real-time transcript recall, or raise it to reduce indexing churn.", "hasChildren": false @@ -2452,7 +2702,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Force Reindex After Compaction", "help": "Forces a session memory-search reindex after compaction-triggered transcript updates (default: true). Keep enabled when compacted summaries must be immediately searchable, or disable to reduce write-time indexing pressure.", "hasChildren": false @@ -2464,7 +2716,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Watch Memory Files", "help": "Watches memory files and schedules index updates from file-change events (chokidar). Enable for near-real-time freshness; disable on very large workspaces if watch churn is too noisy.", "hasChildren": false @@ -2476,7 +2730,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation", "performance"], + "tags": [ + "automation", + "performance" + ], "label": "Memory Watch Debounce (ms)", "help": "Debounce window in milliseconds for coalescing rapid file-watch events before reindex runs. Increase to reduce churn on frequently-written files, or lower for faster freshness.", "hasChildren": false @@ -2484,7 +2741,10 @@ { "path": "agents.defaults.model", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -2498,7 +2758,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models", "reliability"], + "tags": [ + "models", + "reliability" + ], "label": "Model Fallbacks", "help": "Ordered fallback models (provider/model). Used when the primary model fails.", "hasChildren": true @@ -2520,7 +2783,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Primary Model", "help": "Primary model (provider/model).", "hasChildren": false @@ -2532,7 +2797,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Models", "help": "Configured model catalog (keys are full provider/model IDs).", "hasChildren": true @@ -2593,7 +2860,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "PDF Max Size (MB)", "help": "Maximum PDF file size in megabytes for the PDF tool (default: 10).", "hasChildren": false @@ -2605,7 +2874,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "PDF Max Pages", "help": "Maximum number of PDF pages to process for the PDF tool (default: 20).", "hasChildren": false @@ -2613,7 +2884,10 @@ { "path": "agents.defaults.pdfModel", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -2627,7 +2901,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["reliability"], + "tags": [ + "reliability" + ], "label": "PDF Model Fallbacks", "help": "Ordered fallback PDF models (provider/model).", "hasChildren": true @@ -2649,7 +2925,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "PDF Model", "help": "Optional PDF model (provider/model) for the PDF analysis tool. Defaults to imageModel, then session model.", "hasChildren": false @@ -2661,7 +2939,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Repo Root", "help": "Optional repository root shown in the system prompt runtime line (overrides auto-detect).", "hasChildren": false @@ -2753,7 +3033,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Sandbox Browser CDP Source Port Range", "help": "Optional CIDR allowlist for container-edge CDP ingress (for example 172.21.0.1/32).", "hasChildren": false @@ -2815,7 +3097,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Sandbox Browser Network", "help": "Docker network for sandbox browser containers (default: openclaw-sandbox-browser). Avoid bridge if you need stricter isolation.", "hasChildren": false @@ -2927,7 +3211,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "advanced", "security", "storage"], + "tags": [ + "access", + "advanced", + "security", + "storage" + ], "label": "Sandbox Docker Allow Container Namespace Join", "help": "DANGEROUS break-glass override that allows sandbox Docker network mode container:. This joins another container namespace and weakens sandbox isolation.", "hasChildren": false @@ -3025,7 +3314,10 @@ { "path": "agents.defaults.sandbox.docker.memory", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -3035,7 +3327,10 @@ { "path": "agents.defaults.sandbox.docker.memorySwap", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -3124,7 +3419,11 @@ { "path": "agents.defaults.sandbox.docker.ulimits.*", "kind": "core", - "type": ["number", "object", "string"], + "type": [ + "number", + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -3334,7 +3633,10 @@ { "path": "agents.defaults.subagents.model", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -3468,7 +3770,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Workspace", "help": "Default workspace path exposed to agent runtime tools for filesystem context and repo-aware behavior. Set this explicitly when running from wrappers so path resolution stays deterministic.", "hasChildren": false @@ -3480,7 +3784,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agent List", "help": "Explicit list of configured agents with IDs and optional overrides for model, tools, identity, and workspace. Keep IDs stable over time so bindings, approvals, and session routing remain deterministic.", "hasChildren": true @@ -3632,7 +3938,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "automation", "storage"], + "tags": [ + "access", + "automation", + "storage" + ], "label": "Heartbeat Direct Policy", "help": "Per-agent override for heartbeat direct/DM delivery policy; use \"block\" for agents that should only send heartbeat alerts to non-DM destinations.", "hasChildren": false @@ -3714,7 +4024,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation"], + "tags": [ + "automation" + ], "label": "Agent Heartbeat Suppress Tool Error Warnings", "help": "Suppress tool error warning payloads during heartbeat runs.", "hasChildren": false @@ -3726,8 +4038,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation"], - "help": "Delivery target (\"last\", \"none\", or a channel id). Known channels: telegram, whatsapp, discord, irc, googlechat, slack, signal, imessage, line, zalouser, zalo, tlon, feishu, nextcloud-talk, msteams, bluebubbles, synology-chat, mattermost, twitch, matrix, nostr.", + "tags": [ + "automation" + ], + "help": "Delivery target (\"last\", \"none\", or a channel id). Known channels: telegram, whatsapp, discord, irc, googlechat, slack, signal, imessage, line, bluebubbles, feishu, matrix, mattermost, msteams, nextcloud-talk, nostr, synology-chat, tlon, twitch, zalo, zalouser.", "hasChildren": false }, { @@ -3807,7 +4121,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Identity Avatar", "help": "Agent avatar (workspace-relative path, http(s) URL, or data URI).", "hasChildren": false @@ -4235,11 +4551,17 @@ { "path": "agents.list.*.memorySearch.remote.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "hasChildren": true }, { @@ -4545,7 +4867,10 @@ { "path": "agents.list.*.model", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -4618,7 +4943,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agent Runtime", "help": "Optional runtime descriptor for this agent. Use embedded for default OpenClaw execution or acp for external ACP harness defaults.", "hasChildren": true @@ -4630,7 +4957,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agent ACP Runtime", "help": "ACP runtime defaults for this agent when runtime.type=acp. Binding-level ACP overrides still take precedence per conversation.", "hasChildren": true @@ -4642,7 +4971,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agent ACP Harness Agent", "help": "Optional ACP harness agent id to use for this OpenClaw agent (for example codex, claude).", "hasChildren": false @@ -4654,7 +4985,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agent ACP Backend", "help": "Optional ACP backend override for this agent's ACP sessions (falls back to global acp.backend).", "hasChildren": false @@ -4666,7 +4999,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agent ACP Working Directory", "help": "Optional default working directory for this agent's ACP sessions.", "hasChildren": false @@ -4676,10 +5011,15 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["persistent", "oneshot"], + "enumValues": [ + "persistent", + "oneshot" + ], "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agent ACP Mode", "help": "Optional ACP session mode default for this agent (persistent or oneshot).", "hasChildren": false @@ -4691,7 +5031,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agent Runtime Type", "help": "Runtime type for this agent: \"embedded\" (default OpenClaw runtime) or \"acp\" (ACP harness defaults).", "hasChildren": false @@ -4783,7 +5125,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Agent Sandbox Browser CDP Source Port Range", "help": "Per-agent override for CDP source CIDR allowlist.", "hasChildren": false @@ -4845,7 +5189,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Agent Sandbox Browser Network", "help": "Per-agent override for sandbox browser Docker network.", "hasChildren": false @@ -4957,7 +5303,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "advanced", "security", "storage"], + "tags": [ + "access", + "advanced", + "security", + "storage" + ], "label": "Agent Sandbox Docker Allow Container Namespace Join", "help": "Per-agent DANGEROUS override for container namespace joins in sandbox Docker network mode.", "hasChildren": false @@ -5055,7 +5406,10 @@ { "path": "agents.list.*.sandbox.docker.memory", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -5065,7 +5419,10 @@ { "path": "agents.list.*.sandbox.docker.memorySwap", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -5154,7 +5511,11 @@ { "path": "agents.list.*.sandbox.docker.ulimits.*", "kind": "core", - "type": ["number", "object", "string"], + "type": [ + "number", + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -5298,7 +5659,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agent Skill Filter", "help": "Optional allowlist of skills for this agent (omit = all skills; empty = no skills).", "hasChildren": true @@ -5346,7 +5709,10 @@ { "path": "agents.list.*.subagents.model", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -5430,7 +5796,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Agent Tool Allowlist Additions", "help": "Per-agent additive allowlist for tools on top of global and profile policy. Keep narrow to avoid accidental privilege expansion on specialized agents.", "hasChildren": true @@ -5452,7 +5820,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Agent Tool Policy by Provider", "help": "Per-agent provider-specific tool policy overrides for channel-scoped capability control. Use this when a single agent needs tighter restrictions on one provider than others.", "hasChildren": true @@ -5590,7 +5960,10 @@ { "path": "agents.list.*.tools.elevated.allowFrom.*.*", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -5682,7 +6055,11 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["off", "on-miss", "always"], + "enumValues": [ + "off", + "on-miss", + "always" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -5713,7 +6090,11 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["sandbox", "gateway", "node"], + "enumValues": [ + "sandbox", + "gateway", + "node" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -5894,7 +6275,11 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["deny", "allowlist", "full"], + "enumValues": [ + "deny", + "allowlist", + "full" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -6037,7 +6422,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Agent Tool Profile", "help": "Per-agent override for tool profile selection when one agent needs a different capability baseline. Use this sparingly so policy differences across agents stay intentional and reviewable.", "hasChildren": false @@ -6139,7 +6526,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Approvals", "help": "Approval routing controls for forwarding exec approval requests to chat destinations outside the originating session. Keep this disabled unless operators need explicit out-of-band approval visibility.", "hasChildren": true @@ -6151,7 +6540,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Exec Approval Forwarding", "help": "Groups exec-approval forwarding behavior including enablement, routing mode, filters, and explicit targets. Configure here when approval prompts must reach operational channels instead of only the origin thread.", "hasChildren": true @@ -6163,7 +6554,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Approval Agent Filter", "help": "Optional allowlist of agent IDs eligible for forwarded approvals, for example `[\"primary\", \"ops-agent\"]`. Use this to limit forwarding blast radius and avoid notifying channels for unrelated agents.", "hasChildren": true @@ -6185,7 +6578,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Forward Exec Approvals", "help": "Enables forwarding of exec approval requests to configured delivery destinations (default: false). Keep disabled in low-risk setups and enable only when human approval responders need channel-visible prompts.", "hasChildren": false @@ -6197,7 +6592,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Approval Forwarding Mode", "help": "Controls where approval prompts are sent: \"session\" uses origin chat, \"targets\" uses configured targets, and \"both\" sends to both paths. Use \"session\" as baseline and expand only when operational workflow requires redundancy.", "hasChildren": false @@ -6209,7 +6606,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Approval Session Filter", "help": "Optional session-key filters matched as substring or regex-style patterns, for example `[\"discord:\", \"^agent:ops:\"]`. Use narrow patterns so only intended approval contexts are forwarded to shared destinations.", "hasChildren": true @@ -6231,7 +6630,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Approval Forwarding Targets", "help": "Explicit delivery targets used when forwarding mode includes targets, each with channel and destination details. Keep target lists least-privilege and validate each destination before enabling broad forwarding.", "hasChildren": true @@ -6253,7 +6654,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Approval Target Account ID", "help": "Optional account selector for multi-account channel setups when approvals must route through a specific account context. Use this only when the target channel has multiple configured identities.", "hasChildren": false @@ -6265,7 +6668,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Approval Target Channel", "help": "Channel/provider ID used for forwarded approval delivery, such as discord, slack, or a plugin channel id. Use valid channel IDs only so approvals do not silently fail due to unknown routes.", "hasChildren": false @@ -6273,11 +6678,16 @@ { "path": "approvals.exec.targets.*.threadId", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Approval Target Thread ID", "help": "Optional thread/topic target for channels that support threaded delivery of forwarded approvals. Use this to keep approval traffic contained in operational threads instead of main channels.", "hasChildren": false @@ -6289,7 +6699,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Approval Target Destination", "help": "Destination identifier inside the target channel (channel ID, user ID, or thread root depending on provider). Verify semantics per provider because destination format differs across channel integrations.", "hasChildren": false @@ -6301,7 +6713,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Audio", "help": "Global audio ingestion settings used before higher-level tools process speech or media content. Configure this when you need deterministic transcription behavior for voice notes and clips.", "hasChildren": true @@ -6313,7 +6727,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Audio Transcription", "help": "Command-based transcription settings for converting audio files into text before agent handling. Keep a simple, deterministic command path here so failures are easy to diagnose in logs.", "hasChildren": true @@ -6325,7 +6741,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Audio Transcription Command", "help": "Executable + args used to transcribe audio (first token must be a safe binary/path), for example `[\"whisper-cli\", \"--model\", \"small\", \"{input}\"]`. Prefer a pinned command so runtime environments behave consistently.", "hasChildren": true @@ -6347,7 +6765,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance"], + "tags": [ + "media", + "performance" + ], "label": "Audio Transcription Timeout (sec)", "help": "Maximum time allowed for the transcription command to finish before it is aborted. Increase this for longer recordings, and keep it tight in latency-sensitive deployments.", "hasChildren": false @@ -6359,7 +6780,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Auth", "help": "Authentication profile root used for multi-profile provider credentials and cooldown-based failover ordering. Keep profiles minimal and explicit so automatic failover behavior stays auditable.", "hasChildren": true @@ -6371,7 +6794,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "auth"], + "tags": [ + "access", + "auth" + ], "label": "Auth Cooldowns", "help": "Cooldown/backoff controls for temporary profile suppression after billing-related failures and retry windows. Use these to prevent rapid re-selection of profiles that are still blocked.", "hasChildren": true @@ -6383,7 +6809,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "auth", "reliability"], + "tags": [ + "access", + "auth", + "reliability" + ], "label": "Billing Backoff (hours)", "help": "Base backoff (hours) when a profile fails due to billing/insufficient credits (default: 5).", "hasChildren": false @@ -6395,7 +6825,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "auth", "reliability"], + "tags": [ + "access", + "auth", + "reliability" + ], "label": "Billing Backoff Overrides", "help": "Optional per-provider overrides for billing backoff (hours).", "hasChildren": true @@ -6417,7 +6851,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "auth", "performance"], + "tags": [ + "access", + "auth", + "performance" + ], "label": "Billing Backoff Cap (hours)", "help": "Cap (hours) for billing backoff (default: 24).", "hasChildren": false @@ -6429,7 +6867,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "auth"], + "tags": [ + "access", + "auth" + ], "label": "Failover Window (hours)", "help": "Failure window (hours) for backoff counters (default: 24).", "hasChildren": false @@ -6441,7 +6882,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "auth"], + "tags": [ + "access", + "auth" + ], "label": "Auth Profile Order", "help": "Ordered auth profile IDs per provider (used for automatic failover).", "hasChildren": true @@ -6473,7 +6917,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "auth", "storage"], + "tags": [ + "access", + "auth", + "storage" + ], "label": "Auth Profiles", "help": "Named auth profiles (provider + mode + optional email).", "hasChildren": true @@ -6525,7 +6973,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Bindings", "help": "Top-level binding rules for routing and persistent ACP conversation ownership. Use type=route for normal routing and type=acp for persistent ACP harness bindings.", "hasChildren": true @@ -6547,7 +6997,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Binding Overrides", "help": "Optional per-binding ACP overrides for bindings[].type=acp. This layer overrides agents.list[].runtime.acp defaults for the matched conversation.", "hasChildren": true @@ -6559,7 +7011,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Binding Backend", "help": "ACP backend override for this binding (falls back to agent runtime ACP backend, then global acp.backend).", "hasChildren": false @@ -6571,7 +7025,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Binding Working Directory", "help": "Working directory override for ACP sessions created from this binding.", "hasChildren": false @@ -6583,7 +7039,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Binding Label", "help": "Human-friendly label for ACP status/diagnostics in this bound conversation.", "hasChildren": false @@ -6593,10 +7051,15 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["persistent", "oneshot"], + "enumValues": [ + "persistent", + "oneshot" + ], "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACP Binding Mode", "help": "ACP session mode override for this binding (persistent or oneshot).", "hasChildren": false @@ -6608,7 +7071,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Binding Agent ID", "help": "Target agent ID that receives traffic when the corresponding binding match rule is satisfied. Use valid configured agent IDs only so routing does not fail at runtime.", "hasChildren": false @@ -6630,7 +7095,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Binding Match Rule", "help": "Match rule object for deciding when a binding applies, including channel and optional account/peer constraints. Keep rules narrow to avoid accidental agent takeover across contexts.", "hasChildren": true @@ -6642,7 +7109,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Binding Account ID", "help": "Optional account selector for multi-account channel setups so the binding applies only to one identity. Use this when account scoping is required for the route and leave unset otherwise.", "hasChildren": false @@ -6654,7 +7123,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Binding Channel", "help": "Channel/provider identifier this binding applies to, such as `telegram`, `discord`, or a plugin channel ID. Use the configured channel key exactly so binding evaluation works reliably.", "hasChildren": false @@ -6666,7 +7137,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Binding Guild ID", "help": "Optional Discord-style guild/server ID constraint for binding evaluation in multi-server deployments. Use this when the same peer identifiers can appear across different guilds.", "hasChildren": false @@ -6678,7 +7151,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Binding Peer Match", "help": "Optional peer matcher for specific conversations including peer kind and peer id. Use this when only one direct/group/channel target should be pinned to an agent.", "hasChildren": true @@ -6690,7 +7165,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Binding Peer ID", "help": "Conversation identifier used with peer matching, such as a chat ID, channel ID, or group ID from the provider. Keep this exact to avoid silent non-matches.", "hasChildren": false @@ -6702,7 +7179,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Binding Peer Kind", "help": "Peer conversation type: \"direct\", \"group\", \"channel\", or legacy \"dm\" (deprecated alias for direct). Prefer \"direct\" for new configs and keep kind aligned with channel semantics.", "hasChildren": false @@ -6714,7 +7193,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Binding Roles", "help": "Optional role-based filter list used by providers that attach roles to chat context. Use this to route privileged or operational role traffic to specialized agents.", "hasChildren": true @@ -6736,7 +7217,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Binding Team ID", "help": "Optional team/workspace ID constraint used by providers that scope chats under teams. Add this when you need bindings isolated to one workspace context.", "hasChildren": false @@ -6748,7 +7231,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Binding Type", "help": "Binding kind. Use \"route\" (or omit for legacy route entries) for normal routing, and \"acp\" for persistent ACP conversation bindings.", "hasChildren": false @@ -6760,7 +7245,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Broadcast", "help": "Broadcast routing map for sending the same outbound message to multiple peer IDs per source conversation. Keep this minimal and audited because one source can fan out to many destinations.", "hasChildren": true @@ -6772,7 +7259,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Broadcast Destination List", "help": "Per-source broadcast destination list where each key is a source peer ID and the value is an array of destination peer IDs. Keep lists intentional to avoid accidental message amplification.", "hasChildren": true @@ -6792,10 +7281,15 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["parallel", "sequential"], + "enumValues": [ + "parallel", + "sequential" + ], "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Broadcast Strategy", "help": "Delivery order for broadcast fan-out: \"parallel\" sends to all targets concurrently, while \"sequential\" sends one-by-one. Use \"parallel\" for speed and \"sequential\" for stricter ordering/backpressure control.", "hasChildren": false @@ -6807,7 +7301,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Browser", "help": "Browser runtime controls for local or remote CDP attachment, profile routing, and screenshot/snapshot behavior. Keep defaults unless your automation workflow requires custom browser transport settings.", "hasChildren": true @@ -6819,7 +7315,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Browser Attach-only Mode", "help": "Restricts browser mode to attach-only behavior without starting local browser processes. Use this when all browser sessions are externally managed by a remote CDP provider.", "hasChildren": false @@ -6831,7 +7329,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Browser CDP Port Range Start", "help": "Starting local CDP port used for auto-allocated browser profile ports. Increase this when host-level port defaults conflict with other local services.", "hasChildren": false @@ -6843,7 +7343,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Browser CDP URL", "help": "Remote CDP websocket URL used to attach to an externally managed browser instance. Use this for centralized browser hosts and keep URL access restricted to trusted network paths.", "hasChildren": false @@ -6855,7 +7357,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Browser Accent Color", "help": "Default accent color used for browser profile/UI cues where colored identity hints are displayed. Use consistent colors to help operators identify active browser profile context quickly.", "hasChildren": false @@ -6867,7 +7371,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Browser Default Profile", "help": "Default browser profile name selected when callers do not explicitly choose a profile. Use a stable low-privilege profile as the default to reduce accidental cross-context state use.", "hasChildren": false @@ -6879,7 +7385,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Browser Enabled", "help": "Enables browser capability wiring in the gateway so browser tools and CDP-driven workflows can run. Disable when browser automation is not needed to reduce surface area and startup work.", "hasChildren": false @@ -6891,7 +7399,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Browser Evaluate Enabled", "help": "Enables browser-side evaluate helpers for runtime script evaluation capabilities where supported. Keep disabled unless your workflows require evaluate semantics beyond snapshots/navigation.", "hasChildren": false @@ -6903,7 +7413,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Browser Executable Path", "help": "Explicit browser executable path when auto-discovery is insufficient for your host environment. Use absolute stable paths so launch behavior stays deterministic across restarts.", "hasChildren": false @@ -6935,7 +7447,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Browser Headless Mode", "help": "Forces browser launch in headless mode when the local launcher starts browser instances. Keep headless enabled for server environments and disable only when visible UI debugging is required.", "hasChildren": false @@ -6947,7 +7461,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Browser No-Sandbox Mode", "help": "Disables Chromium sandbox isolation flags for environments where sandboxing fails at runtime. Keep this off whenever possible because process isolation protections are reduced.", "hasChildren": false @@ -6959,7 +7475,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Browser Profiles", "help": "Named browser profile connection map used for explicit routing to CDP ports or URLs with optional metadata. Keep profile names consistent and avoid overlapping endpoint definitions.", "hasChildren": true @@ -6981,7 +7499,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Browser Profile Attach-only Mode", "help": "Per-profile attach-only override that skips local browser launch and only attaches to an existing CDP endpoint. Useful when one profile is externally managed but others are locally launched.", "hasChildren": false @@ -6993,7 +7513,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Browser Profile CDP Port", "help": "Per-profile local CDP port used when connecting to browser instances by port instead of URL. Use unique ports per profile to avoid connection collisions.", "hasChildren": false @@ -7005,7 +7527,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Browser Profile CDP URL", "help": "Per-profile CDP websocket URL used for explicit remote browser routing by profile name. Use this when profile connections terminate on remote hosts or tunnels.", "hasChildren": false @@ -7017,7 +7541,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Browser Profile Accent Color", "help": "Per-profile accent color for visual differentiation in dashboards and browser-related UI hints. Use distinct colors for high-signal operator recognition of active profiles.", "hasChildren": false @@ -7029,7 +7555,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Browser Profile Driver", "help": "Per-profile browser driver mode: \"openclaw\" (or legacy \"clawd\") or \"extension\" depending on connection/runtime strategy. Use the driver that matches your browser control stack to avoid protocol mismatches.", "hasChildren": false @@ -7041,7 +7569,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Browser Relay Bind Address", "help": "Bind IP address for the Chrome extension relay listener. Leave unset for loopback-only access, or set an explicit non-loopback IP such as 0.0.0.0 only when the relay must be reachable across network namespaces (for example WSL2) and the surrounding network is already trusted.", "hasChildren": false @@ -7053,7 +7583,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Remote CDP Handshake Timeout (ms)", "help": "Timeout in milliseconds for post-connect CDP handshake readiness checks against remote browser targets. Raise this for slow-start remote browsers and lower to fail fast in automation loops.", "hasChildren": false @@ -7065,7 +7597,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Remote CDP Timeout (ms)", "help": "Timeout in milliseconds for connecting to a remote CDP endpoint before failing the browser attach attempt. Increase for high-latency tunnels, or lower for faster failure detection.", "hasChildren": false @@ -7077,7 +7611,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Browser Snapshot Defaults", "help": "Default snapshot capture configuration used when callers do not provide explicit snapshot options. Tune this for consistent capture behavior across channels and automation paths.", "hasChildren": true @@ -7089,7 +7625,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Browser Snapshot Mode", "help": "Default snapshot extraction mode controlling how page content is transformed for agent consumption. Choose the mode that balances readability, fidelity, and token footprint for your workflows.", "hasChildren": false @@ -7101,7 +7639,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Browser SSRF Policy", "help": "Server-side request forgery guardrail settings for browser/network fetch paths that could reach internal hosts. Keep restrictive defaults in production and open only explicitly approved targets.", "hasChildren": true @@ -7113,7 +7653,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Browser Allowed Hostnames", "help": "Explicit hostname allowlist exceptions for SSRF policy checks on browser/network requests. Keep this list minimal and review entries regularly to avoid stale broad access.", "hasChildren": true @@ -7135,7 +7677,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Browser Allow Private Network", "help": "Legacy alias for browser.ssrfPolicy.dangerouslyAllowPrivateNetwork. Prefer the dangerously-named key so risk intent is explicit.", "hasChildren": false @@ -7147,7 +7691,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "advanced", "security"], + "tags": [ + "access", + "advanced", + "security" + ], "label": "Browser Dangerously Allow Private Network", "help": "Allows access to private-network address ranges from browser tooling. Default is enabled for trusted-network operator setups; disable to enforce strict public-only resolution checks.", "hasChildren": false @@ -7159,7 +7707,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Browser Hostname Allowlist", "help": "Legacy/alternate hostname allowlist field used by SSRF policy consumers for explicit host exceptions. Use stable exact hostnames and avoid wildcard-like broad patterns.", "hasChildren": true @@ -7181,7 +7731,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Canvas Host", "help": "Canvas host settings for serving canvas assets and local live-reload behavior used by canvas-enabled workflows. Keep disabled unless canvas-hosted assets are actively used.", "hasChildren": true @@ -7193,7 +7745,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Canvas Host Enabled", "help": "Enables the canvas host server process and routes for serving canvas files. Keep disabled when canvas workflows are inactive to reduce exposed local services.", "hasChildren": false @@ -7205,7 +7759,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["reliability"], + "tags": [ + "reliability" + ], "label": "Canvas Host Live Reload", "help": "Enables automatic live-reload behavior for canvas assets during development workflows. Keep disabled in production-like environments where deterministic output is preferred.", "hasChildren": false @@ -7217,7 +7773,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Canvas Host Port", "help": "TCP port used by the canvas host HTTP server when canvas hosting is enabled. Choose a non-conflicting port and align firewall/proxy policy accordingly.", "hasChildren": false @@ -7229,7 +7787,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Canvas Host Root Directory", "help": "Filesystem root directory served by canvas host for canvas content and static assets. Use a dedicated directory and avoid broad repo roots for least-privilege file exposure.", "hasChildren": false @@ -7241,7 +7801,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Channels", "help": "Channel provider configurations plus shared defaults that control access policies, heartbeat visibility, and per-surface behavior. Keep defaults centralized and override per provider only where required.", "hasChildren": true @@ -7253,7 +7815,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "BlueBubbles", "help": "iMessage via the BlueBubbles mac app + REST API.", "hasChildren": true @@ -7291,7 +7856,10 @@ { "path": "channels.bluebubbles.accounts.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -7323,7 +7891,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -7344,7 +7915,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -7373,7 +7949,10 @@ { "path": "channels.bluebubbles.accounts.*.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -7385,7 +7964,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -7516,7 +8099,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -7565,11 +8152,19 @@ { "path": "channels.bluebubbles.accounts.*.password", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -7786,7 +8381,10 @@ { "path": "channels.bluebubbles.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -7818,7 +8416,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -7849,10 +8450,19 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "BlueBubbles DM Policy", "help": "Direct message access control (\"pairing\" recommended). \"open\" requires channels.bluebubbles.allowFrom=[\"*\"].", "hasChildren": false @@ -7880,7 +8490,10 @@ { "path": "channels.bluebubbles.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -7892,7 +8505,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -8023,7 +8640,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -8072,11 +8693,19 @@ { "path": "channels.bluebubbles.password", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -8156,7 +8785,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord", "help": "very well supported right now.", "hasChildren": true @@ -8196,7 +8828,14 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["group-mentions", "group-all", "direct", "all", "off", "none"], + "enumValues": [ + "group-mentions", + "group-all", + "direct", + "all", + "off", + "none" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -8455,7 +9094,10 @@ { "path": "channels.discord.accounts.*.allowBots", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -8475,7 +9117,10 @@ { "path": "channels.discord.accounts.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -8627,7 +9272,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -8646,7 +9294,10 @@ { "path": "channels.discord.accounts.*.commands.native", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -8656,7 +9307,10 @@ { "path": "channels.discord.accounts.*.commands.nativeSkills", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -8716,7 +9370,10 @@ { "path": "channels.discord.accounts.*.dm.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -8746,7 +9403,10 @@ { "path": "channels.discord.accounts.*.dm.groupChannels.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -8768,7 +9428,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -8789,7 +9454,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -8958,7 +9628,10 @@ { "path": "channels.discord.accounts.*.execApprovals.approvers.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -9010,7 +9683,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["dm", "channel", "both"], + "enumValues": [ + "dm", + "channel", + "both" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -9021,7 +9698,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -9081,9 +9762,17 @@ { "path": "channels.discord.accounts.*.guilds.*.channels.*.autoArchiveDuration", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, - "enumValues": ["60", "1440", "4320", "10080"], + "enumValues": [ + "60", + "1440", + "4320", + "10080" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -9152,7 +9841,10 @@ { "path": "channels.discord.accounts.*.guilds.*.channels.*.roles.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -9352,7 +10044,10 @@ { "path": "channels.discord.accounts.*.guilds.*.channels.*.users.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -9374,7 +10069,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "own", "all", "allowlist"], + "enumValues": [ + "off", + "own", + "all", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -9403,7 +10103,10 @@ { "path": "channels.discord.accounts.*.guilds.*.roles.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -9583,7 +10286,30 @@ { "path": "channels.discord.accounts.*.guilds.*.users.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.accounts.*.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.discord.accounts.*.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", "required": false, "deprecated": false, "sensitive": false, @@ -9705,7 +10431,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -9764,11 +10494,19 @@ { "path": "channels.discord.accounts.*.pluralkit.token", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -9906,7 +10644,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["online", "dnd", "idle", "invisible"], + "enumValues": [ + "online", + "dnd", + "idle", + "invisible" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -9915,9 +10658,17 @@ { "path": "channels.discord.accounts.*.streaming", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, - "enumValues": ["off", "partial", "block", "progress"], + "enumValues": [ + "off", + "partial", + "block", + "progress" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -9928,7 +10679,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["partial", "block", "off"], + "enumValues": [ + "partial", + "block", + "off" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -10007,11 +10762,19 @@ { "path": "channels.discord.accounts.*.token", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -10169,7 +10932,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "always", "inbound", "tagged"], + "enumValues": [ + "off", + "always", + "inbound", + "tagged" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -10298,11 +11066,20 @@ { "path": "channels.discord.accounts.*.voice.tts.elevenlabs.apiKey", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "media", "network", "security"], + "tags": [ + "auth", + "channels", + "media", + "network", + "security" + ], "hasChildren": true }, { @@ -10340,7 +11117,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["auto", "on", "off"], + "enumValues": [ + "auto", + "on", + "off" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -10481,7 +11262,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["final", "all"], + "enumValues": [ + "final", + "all" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -10590,11 +11374,20 @@ { "path": "channels.discord.accounts.*.voice.tts.openai.apiKey", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "media", "network", "security"], + "tags": [ + "auth", + "channels", + "media", + "network", + "security" + ], "hasChildren": true }, { @@ -10692,7 +11485,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["elevenlabs", "openai", "edge"], + "enumValues": [ + "elevenlabs", + "openai", + "edge" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -10733,7 +11530,14 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["group-mentions", "group-all", "direct", "all", "off", "none"], + "enumValues": [ + "group-mentions", + "group-all", + "direct", + "all", + "off", + "none" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -10946,7 +11750,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Presence Activity", "help": "Discord presence activity text (defaults to custom status).", "hasChildren": false @@ -10958,7 +11765,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Presence Activity Type", "help": "Discord presence activity type (0=Playing,1=Streaming,2=Listening,3=Watching,4=Custom,5=Competing).", "hasChildren": false @@ -10970,7 +11780,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Presence Activity URL", "help": "Discord presence streaming URL (required for activityType=1).", "hasChildren": false @@ -10998,11 +11811,18 @@ { "path": "channels.discord.allowBots", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "Discord Allow Bot Messages", "help": "Allow bot-authored messages to trigger Discord replies (default: false). Set \"mentions\" to only accept bot messages that mention the bot.", "hasChildren": false @@ -11020,7 +11840,10 @@ { "path": "channels.discord.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -11044,7 +11867,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Auto Presence Degraded Text", "help": "Optional custom status text while runtime/model availability is degraded or unknown (idle).", "hasChildren": false @@ -11056,7 +11882,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Auto Presence Enabled", "help": "Enable automatic Discord bot presence updates based on runtime/model availability signals. When enabled: healthy=>online, degraded/unknown=>idle, exhausted/unavailable=>dnd.", "hasChildren": false @@ -11068,7 +11897,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Auto Presence Exhausted Text", "help": "Optional custom status text while runtime detects exhausted/unavailable model quota (dnd). Supports {reason} template placeholder.", "hasChildren": false @@ -11080,7 +11912,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "reliability"], + "tags": [ + "channels", + "network", + "reliability" + ], "label": "Discord Auto Presence Healthy Text", "help": "Optional custom status text while runtime is healthy (online). If omitted, falls back to static channels.discord.activity when set.", "hasChildren": false @@ -11092,7 +11928,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance"], + "tags": [ + "channels", + "network", + "performance" + ], "label": "Discord Auto Presence Check Interval (ms)", "help": "How often to evaluate Discord auto-presence state in milliseconds (default: 30000).", "hasChildren": false @@ -11104,7 +11944,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance"], + "tags": [ + "channels", + "network", + "performance" + ], "label": "Discord Auto Presence Min Update Interval (ms)", "help": "Minimum time between actual Discord presence update calls in milliseconds (default: 15000). Prevents status spam on noisy state changes.", "hasChildren": false @@ -11184,7 +12028,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -11203,11 +12050,17 @@ { "path": "channels.discord.commands.native", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Native Commands", "help": "Override native commands for Discord (bool or \"auto\").", "hasChildren": false @@ -11215,11 +12068,17 @@ { "path": "channels.discord.commands.nativeSkills", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Native Skill Commands", "help": "Override native skill commands for Discord (bool or \"auto\").", "hasChildren": false @@ -11231,7 +12090,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Config Writes", "help": "Allow Discord to write config in response to channel events/commands (default: true).", "hasChildren": false @@ -11289,7 +12151,10 @@ { "path": "channels.discord.dm.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -11319,7 +12184,10 @@ { "path": "channels.discord.dm.groupChannels.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -11341,10 +12209,19 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "Discord DM Policy", "help": "Direct message access control (\"pairing\" recommended). \"open\" requires channels.discord.allowFrom=[\"*\"] (legacy: channels.discord.dm.allowFrom).", "hasChildren": false @@ -11364,10 +12241,19 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "Discord DM Policy", "help": "Direct message access control (\"pairing\" recommended). \"open\" requires channels.discord.allowFrom=[\"*\"].", "hasChildren": false @@ -11419,7 +12305,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Draft Chunk Break Preference", "help": "Preferred breakpoints for Discord draft chunks (paragraph | newline | sentence). Default: paragraph.", "hasChildren": false @@ -11431,7 +12320,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance"], + "tags": [ + "channels", + "network", + "performance" + ], "label": "Discord Draft Chunk Max Chars", "help": "Target max size for a Discord stream preview chunk when channels.discord.streaming=\"block\" (default: 800; clamped to channels.discord.textChunkLimit).", "hasChildren": false @@ -11443,7 +12336,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Draft Chunk Min Chars", "help": "Minimum chars before emitting a Discord stream preview update when channels.discord.streaming=\"block\" (default: 200).", "hasChildren": false @@ -11475,7 +12371,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance"], + "tags": [ + "channels", + "network", + "performance" + ], "label": "Discord EventQueue Listener Timeout (ms)", "help": "Canonical Discord listener timeout control in ms for gateway normalization/enqueue handlers. Default is 120000 in OpenClaw; set per account via channels.discord.accounts..eventQueue.listenerTimeout.", "hasChildren": false @@ -11487,7 +12387,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance"], + "tags": [ + "channels", + "network", + "performance" + ], "label": "Discord EventQueue Max Concurrency", "help": "Optional Discord EventQueue concurrency override (max concurrent handler executions). Set per account via channels.discord.accounts..eventQueue.maxConcurrency.", "hasChildren": false @@ -11499,7 +12403,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance"], + "tags": [ + "channels", + "network", + "performance" + ], "label": "Discord EventQueue Max Queue Size", "help": "Optional Discord EventQueue capacity override (max queued events before backpressure). Set per account via channels.discord.accounts..eventQueue.maxQueueSize.", "hasChildren": false @@ -11547,7 +12455,10 @@ { "path": "channels.discord.execApprovals.approvers.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -11599,7 +12510,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["dm", "channel", "both"], + "enumValues": [ + "dm", + "channel", + "both" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -11610,7 +12525,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -11670,9 +12589,17 @@ { "path": "channels.discord.guilds.*.channels.*.autoArchiveDuration", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, - "enumValues": ["60", "1440", "4320", "10080"], + "enumValues": [ + "60", + "1440", + "4320", + "10080" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -11741,7 +12668,10 @@ { "path": "channels.discord.guilds.*.channels.*.roles.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -11941,7 +12871,10 @@ { "path": "channels.discord.guilds.*.channels.*.users.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -11963,7 +12896,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "own", "all", "allowlist"], + "enumValues": [ + "off", + "own", + "all", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -11992,7 +12930,10 @@ { "path": "channels.discord.guilds.*.roles.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -12172,7 +13113,30 @@ { "path": "channels.discord.guilds.*.users.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.discord.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.discord.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", "required": false, "deprecated": false, "sensitive": false, @@ -12246,7 +13210,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance"], + "tags": [ + "channels", + "network", + "performance" + ], "label": "Discord Inbound Worker Timeout (ms)", "help": "Optional queued Discord inbound worker timeout in ms. This is separate from Carbon listener timeouts; defaults to 1800000 and can be disabled with 0. Set per account via channels.discord.accounts..inboundWorker.runTimeoutMs.", "hasChildren": false @@ -12268,7 +13236,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Guild Members Intent", "help": "Enable the Guild Members privileged intent. Must also be enabled in the Discord Developer Portal. Default: false.", "hasChildren": false @@ -12280,7 +13251,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Presence Intent", "help": "Enable the Guild Presences privileged intent. Must also be enabled in the Discord Developer Portal. Allows tracking user activities (e.g. Spotify). Default: false.", "hasChildren": false @@ -12300,7 +13274,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -12313,7 +13291,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance"], + "tags": [ + "channels", + "network", + "performance" + ], "label": "Discord Max Lines Per Message", "help": "Soft max line count per Discord message (default: 17).", "hasChildren": false @@ -12355,7 +13337,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord PluralKit Enabled", "help": "Resolve PluralKit proxied messages and treat system members as distinct senders.", "hasChildren": false @@ -12363,11 +13348,19 @@ { "path": "channels.discord.pluralkit.token", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "label": "Discord PluralKit Token", "help": "Optional PluralKit token for resolving private systems or members.", "hasChildren": true @@ -12409,7 +13402,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Proxy URL", "help": "Proxy URL for Discord gateway + API requests (app-id lookup and allowlist resolution). Set per account via channels.discord.accounts..proxy.", "hasChildren": false @@ -12451,7 +13447,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "reliability"], + "tags": [ + "channels", + "network", + "reliability" + ], "label": "Discord Retry Attempts", "help": "Max retry attempts for outbound Discord API calls (default: 3).", "hasChildren": false @@ -12463,7 +13463,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "reliability"], + "tags": [ + "channels", + "network", + "reliability" + ], "label": "Discord Retry Jitter", "help": "Jitter factor (0-1) applied to Discord retry delays.", "hasChildren": false @@ -12475,7 +13479,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance", "reliability"], + "tags": [ + "channels", + "network", + "performance", + "reliability" + ], "label": "Discord Retry Max Delay (ms)", "help": "Maximum retry delay cap in ms for Discord outbound calls.", "hasChildren": false @@ -12487,7 +13496,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "reliability"], + "tags": [ + "channels", + "network", + "reliability" + ], "label": "Discord Retry Min Delay (ms)", "help": "Minimum retry delay in ms for Discord outbound calls.", "hasChildren": false @@ -12517,10 +13530,18 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["online", "dnd", "idle", "invisible"], + "enumValues": [ + "online", + "dnd", + "idle", + "invisible" + ], "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Presence Status", "help": "Discord presence status (online, dnd, idle, invisible).", "hasChildren": false @@ -12528,12 +13549,23 @@ { "path": "channels.discord.streaming", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, - "enumValues": ["off", "partial", "block", "progress"], + "enumValues": [ + "off", + "partial", + "block", + "progress" + ], "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Streaming Mode", "help": "Unified Discord stream preview mode: \"off\" | \"partial\" | \"block\" | \"progress\". \"progress\" maps to \"partial\" on Discord. Legacy boolean/streamMode keys are auto-mapped.", "hasChildren": false @@ -12543,10 +13575,17 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["partial", "block", "off"], + "enumValues": [ + "partial", + "block", + "off" + ], "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Stream Mode (Legacy)", "help": "Legacy Discord preview mode alias (off | partial | block); auto-migrated to channels.discord.streaming.", "hasChildren": false @@ -12578,7 +13617,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "storage"], + "tags": [ + "channels", + "network", + "storage" + ], "label": "Discord Thread Binding Enabled", "help": "Enable Discord thread binding features (/focus, bound-thread routing/delivery, and thread-bound subagent sessions). Overrides session.threadBindings.enabled when set.", "hasChildren": false @@ -12590,7 +13633,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "storage"], + "tags": [ + "channels", + "network", + "storage" + ], "label": "Discord Thread Binding Idle Timeout (hours)", "help": "Inactivity window in hours for Discord thread-bound sessions (/focus and spawned thread sessions). Set 0 to disable idle auto-unfocus (default: 24). Overrides session.threadBindings.idleHours when set.", "hasChildren": false @@ -12602,7 +13649,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance", "storage"], + "tags": [ + "channels", + "network", + "performance", + "storage" + ], "label": "Discord Thread Binding Max Age (hours)", "help": "Optional hard max age in hours for Discord thread-bound sessions. Set 0 to disable hard cap (default: 0). Overrides session.threadBindings.maxAgeHours when set.", "hasChildren": false @@ -12614,7 +13666,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "storage"], + "tags": [ + "channels", + "network", + "storage" + ], "label": "Discord Thread-Bound ACP Spawn", "help": "Allow /acp spawn to auto-create and bind Discord threads for ACP sessions (default: false; opt-in). Set true to enable thread-bound ACP spawns for this account/channel.", "hasChildren": false @@ -12626,7 +13682,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "storage"], + "tags": [ + "channels", + "network", + "storage" + ], "label": "Discord Thread-Bound Subagent Spawn", "help": "Allow subagent spawns with thread=true to auto-create and bind Discord threads (default: false; opt-in). Set true to enable thread-bound subagent spawns for this account/channel.", "hasChildren": false @@ -12634,11 +13694,19 @@ { "path": "channels.discord.token", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "label": "Discord Bot Token", "help": "Discord bot token used for gateway and REST API authentication for this provider account. Keep this secret out of committed config and rotate immediately after any leak.", "hasChildren": true @@ -12700,7 +13768,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Component Accent Color", "help": "Accent color for Discord component containers (hex). Set per account via channels.discord.accounts..ui.components.accentColor.", "hasChildren": false @@ -12722,7 +13793,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Voice Auto-Join", "help": "Voice channels to auto-join on startup (list of guildId/channelId entries).", "hasChildren": true @@ -12764,7 +13838,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Voice DAVE Encryption", "help": "Toggle DAVE end-to-end encryption for Discord voice joins (default: true in @discordjs/voice; Discord may require this).", "hasChildren": false @@ -12776,7 +13853,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Voice Decrypt Failure Tolerance", "help": "Consecutive decrypt failures before DAVE attempts session recovery (passed to @discordjs/voice; default: 24).", "hasChildren": false @@ -12788,7 +13868,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Discord Voice Enabled", "help": "Enable Discord voice channel conversations (default: true). Omit channels.discord.voice to keep voice support disabled for the account.", "hasChildren": false @@ -12800,7 +13883,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "media", "network"], + "tags": [ + "channels", + "media", + "network" + ], "label": "Discord Voice Text-to-Speech", "help": "Optional TTS overrides for Discord voice playback (merged with messages.tts).", "hasChildren": true @@ -12810,7 +13897,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "always", "inbound", "tagged"], + "enumValues": [ + "off", + "always", + "inbound", + "tagged" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -12939,11 +14031,20 @@ { "path": "channels.discord.voice.tts.elevenlabs.apiKey", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "media", "network", "security"], + "tags": [ + "auth", + "channels", + "media", + "network", + "security" + ], "hasChildren": true }, { @@ -12981,7 +14082,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["auto", "on", "off"], + "enumValues": [ + "auto", + "on", + "off" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -13122,7 +14227,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["final", "all"], + "enumValues": [ + "final", + "all" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -13231,11 +14339,20 @@ { "path": "channels.discord.voice.tts.openai.apiKey", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "media", "network", "security"], + "tags": [ + "auth", + "channels", + "media", + "network", + "security" + ], "hasChildren": true }, { @@ -13333,7 +14450,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["elevenlabs", "openai", "edge"], + "enumValues": [ + "elevenlabs", + "openai", + "edge" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -13366,7 +14487,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Feishu", "help": "飞书/Lark enterprise messaging.", "hasChildren": true @@ -13391,6 +14515,49 @@ "tags": [], "hasChildren": true }, + { + "path": "channels.feishu.accounts.*.actions", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.actions.reactions", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.allowFrom", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.allowFrom.*", + "kind": "channel", + "type": [ + "number", + "string" + ], + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.feishu.accounts.*.appId", "kind": "channel", @@ -13404,7 +14571,10 @@ { "path": "channels.feishu.accounts.*.appSecret", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -13436,7 +14606,90 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["env", "file", "exec"], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.blockStreamingCoalesce", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.blockStreamingCoalesce.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.blockStreamingCoalesce.maxDelayMs", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.blockStreamingCoalesce.minDelayMs", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.capabilities", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.capabilities.*", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.chunkMode", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "length", + "newline" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.configWrites", + "kind": "channel", + "type": "boolean", + "required": false, "deprecated": false, "sensitive": false, "tags": [], @@ -13447,7 +14700,75 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["websocket", "webhook"], + "enumValues": [ + "websocket", + "webhook" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.dmHistoryLimit", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.dmPolicy", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "open", + "pairing", + "allowlist" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.dms", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.dms.*", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.dms.*.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.dms.*.systemPrompt", + "kind": "channel", + "type": "string", + "required": false, "deprecated": false, "sensitive": false, "tags": [], @@ -13458,7 +14779,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["feishu", "lark"], + "enumValues": [ + "feishu", + "lark" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -13477,7 +14801,10 @@ { "path": "channels.feishu.accounts.*.encryptKey", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -13509,7 +14836,374 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["env", "file", "exec"], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groupAllowFrom", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.groupAllowFrom.*", + "kind": "channel", + "type": [ + "number", + "string" + ], + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groupPolicy", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "open", + "allowlist", + "disabled" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groups", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.groups.*", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.groups.*.allowFrom", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.groups.*.allowFrom.*", + "kind": "channel", + "type": [ + "number", + "string" + ], + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groups.*.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groups.*.groupSessionScope", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "group", + "group_sender", + "group_topic", + "group_topic_sender" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groups.*.replyInThread", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "disabled", + "enabled" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groups.*.requireMention", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groups.*.skills", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.groups.*.skills.*", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groups.*.systemPrompt", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groups.*.tools", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.groups.*.tools.allow", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.groups.*.tools.allow.*", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groups.*.tools.deny", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.groups.*.tools.deny.*", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groups.*.topicSessionMode", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "disabled", + "enabled" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groupSenderAllowFrom", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.groupSenderAllowFrom.*", + "kind": "channel", + "type": [ + "number", + "string" + ], + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.groupSessionScope", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "group", + "group_sender", + "group_topic", + "group_topic_sender" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.heartbeat", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.heartbeat.intervalMs", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.heartbeat.visibility", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "visible", + "hidden" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.historyLimit", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.httpTimeoutMs", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.markdown", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.markdown.mode", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "native", + "escape", + "strip" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.markdown.tableMode", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "native", + "ascii", + "simple" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.mediaMaxMb", + "kind": "channel", + "type": "number", + "required": false, "deprecated": false, "sensitive": false, "tags": [], @@ -13525,10 +15219,191 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.feishu.accounts.*.reactionNotifications", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "off", + "own", + "all" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.renderMode", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "auto", + "raw", + "card" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.replyInThread", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "disabled", + "enabled" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.requireMention", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.resolveSenderNames", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.streaming", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.textChunkLimit", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.tools", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.accounts.*.tools.chat", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.tools.doc", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.tools.drive", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.tools.perm", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.tools.scopes", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.tools.wiki", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.topicSessionMode", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "disabled", + "enabled" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.accounts.*.typingIndicator", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.feishu.accounts.*.verificationToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -13560,7 +15435,6 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["env", "file", "exec"], "deprecated": false, "sensitive": false, "tags": [], @@ -13596,6 +15470,26 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.feishu.actions", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.actions.reactions", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.feishu.allowFrom", "kind": "channel", @@ -13609,7 +15503,10 @@ { "path": "channels.feishu.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -13629,7 +15526,10 @@ { "path": "channels.feishu.appSecret", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -13661,7 +15561,66 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["env", "file", "exec"], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.blockStreamingCoalesce", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.blockStreamingCoalesce.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.blockStreamingCoalesce.maxDelayMs", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.blockStreamingCoalesce.minDelayMs", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.capabilities", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.capabilities.*", + "kind": "channel", + "type": "string", + "required": false, "deprecated": false, "sensitive": false, "tags": [], @@ -13672,7 +15631,20 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.configWrites", + "kind": "channel", + "type": "boolean", + "required": false, "deprecated": false, "sensitive": false, "tags": [], @@ -13682,8 +15654,12 @@ "path": "channels.feishu.connectionMode", "kind": "channel", "type": "string", - "required": false, - "enumValues": ["websocket", "webhook"], + "required": true, + "enumValues": [ + "websocket", + "webhook" + ], + "defaultValue": "websocket", "deprecated": false, "sensitive": false, "tags": [], @@ -13713,8 +15689,53 @@ "path": "channels.feishu.dmPolicy", "kind": "channel", "type": "string", + "required": true, + "enumValues": [ + "open", + "pairing", + "allowlist" + ], + "defaultValue": "pairing", + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.dms", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.dms.*", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.dms.*.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.dms.*.systemPrompt", + "kind": "channel", + "type": "string", "required": false, - "enumValues": ["open", "pairing", "allowlist"], "deprecated": false, "sensitive": false, "tags": [], @@ -13724,8 +15745,61 @@ "path": "channels.feishu.domain", "kind": "channel", "type": "string", + "required": true, + "enumValues": [ + "feishu", + "lark" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.dynamicAgentCreation", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.dynamicAgentCreation.agentDirTemplate", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.dynamicAgentCreation.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.dynamicAgentCreation.maxAgents", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.dynamicAgentCreation.workspaceTemplate", + "kind": "channel", + "type": "string", "required": false, - "enumValues": ["feishu", "lark"], "deprecated": false, "sensitive": false, "tags": [], @@ -13744,7 +15818,10 @@ { "path": "channels.feishu.encryptKey", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -13776,7 +15853,6 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["env", "file", "exec"], "deprecated": false, "sensitive": false, "tags": [], @@ -13795,7 +15871,10 @@ { "path": "channels.feishu.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -13806,8 +15885,222 @@ "path": "channels.feishu.groupPolicy", "kind": "channel", "type": "string", + "required": true, + "enumValues": [ + "open", + "allowlist", + "disabled" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.groups", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.groups.*", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.groups.*.allowFrom", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.groups.*.allowFrom.*", + "kind": "channel", + "type": [ + "number", + "string" + ], + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.groups.*.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.groups.*.groupSessionScope", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "group", + "group_sender", + "group_topic", + "group_topic_sender" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.groups.*.replyInThread", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "disabled", + "enabled" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.groups.*.requireMention", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.groups.*.skills", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.groups.*.skills.*", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.groups.*.systemPrompt", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.groups.*.tools", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.groups.*.tools.allow", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.groups.*.tools.allow.*", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.groups.*.tools.deny", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.groups.*.tools.deny.*", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.groups.*.topicSessionMode", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "disabled", + "enabled" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.groupSenderAllowFrom", + "kind": "channel", + "type": "array", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.groupSenderAllowFrom.*", + "kind": "channel", + "type": [ + "number", + "string" + ], "required": false, - "enumValues": ["open", "allowlist", "disabled"], "deprecated": false, "sensitive": false, "tags": [], @@ -13818,7 +16111,46 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["group", "group_sender", "group_topic", "group_topic_sender"], + "enumValues": [ + "group", + "group_sender", + "group_topic", + "group_topic_sender" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.heartbeat", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.heartbeat.intervalMs", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.heartbeat.visibility", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "visible", + "hidden" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -13834,6 +16166,56 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.feishu.httpTimeoutMs", + "kind": "channel", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.markdown", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.markdown.mode", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "native", + "escape", + "strip" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.markdown.tableMode", + "kind": "channel", + "type": "string", + "required": false, + "enumValues": [ + "native", + "ascii", + "simple" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.feishu.mediaMaxMb", "kind": "channel", @@ -13844,12 +16226,32 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.feishu.reactionNotifications", + "kind": "channel", + "type": "string", + "required": true, + "enumValues": [ + "off", + "own", + "all" + ], + "defaultValue": "own", + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.feishu.renderMode", "kind": "channel", "type": "string", "required": false, - "enumValues": ["auto", "raw", "card"], + "enumValues": [ + "auto", + "raw", + "card" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -13860,7 +16262,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["disabled", "enabled"], + "enumValues": [ + "disabled", + "enabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -13870,6 +16275,28 @@ "path": "channels.feishu.requireMention", "kind": "channel", "type": "boolean", + "required": true, + "defaultValue": true, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.resolveSenderNames", + "kind": "channel", + "type": "boolean", + "required": true, + "defaultValue": true, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.streaming", + "kind": "channel", + "type": "boolean", "required": false, "deprecated": false, "sensitive": false, @@ -13886,12 +16313,96 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.feishu.tools", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.feishu.tools.chat", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.tools.doc", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.tools.drive", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.tools.perm", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.tools.scopes", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.tools.wiki", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.feishu.topicSessionMode", "kind": "channel", "type": "string", "required": false, - "enumValues": ["disabled", "enabled"], + "enumValues": [ + "disabled", + "enabled" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.feishu.typingIndicator", + "kind": "channel", + "type": "boolean", + "required": true, + "defaultValue": true, "deprecated": false, "sensitive": false, "tags": [], @@ -13900,7 +16411,10 @@ { "path": "channels.feishu.verificationToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -13932,7 +16446,6 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["env", "file", "exec"], "deprecated": false, "sensitive": false, "tags": [], @@ -13952,7 +16465,8 @@ "path": "channels.feishu.webhookPath", "kind": "channel", "type": "string", - "required": false, + "required": true, + "defaultValue": "/feishu/events", "deprecated": false, "sensitive": false, "tags": [], @@ -13975,7 +16489,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Google Chat", "help": "Google Workspace Chat app with HTTP webhook.", "hasChildren": true @@ -14030,6 +16547,16 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.googlechat.accounts.*.appPrincipal", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.googlechat.accounts.*.audience", "kind": "channel", @@ -14045,7 +16572,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["app-url", "project-number"], + "enumValues": [ + "app-url", + "project-number" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -14136,7 +16666,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -14195,7 +16728,10 @@ { "path": "channels.googlechat.accounts.*.dm.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -14217,7 +16753,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -14287,7 +16828,10 @@ { "path": "channels.googlechat.accounts.*.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -14299,7 +16843,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -14379,7 +16927,30 @@ { "path": "channels.googlechat.accounts.*.groups.*.users.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.googlechat.accounts.*.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.googlechat.accounts.*.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", "required": false, "deprecated": false, "sensitive": false, @@ -14449,11 +17020,18 @@ { "path": "channels.googlechat.accounts.*.serviceAccount", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["channels", "network", "security"], + "tags": [ + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -14512,7 +17090,11 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["channels", "network", "security"], + "tags": [ + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -14550,7 +17132,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["replace", "status_final", "append"], + "enumValues": [ + "replace", + "status_final", + "append" + ], "defaultValue": "replace", "deprecated": false, "sensitive": false, @@ -14572,7 +17158,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["none", "message", "reaction"], + "enumValues": [ + "none", + "message", + "reaction" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -14628,6 +17218,16 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.googlechat.appPrincipal", + "kind": "channel", + "type": "string", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.googlechat.audience", "kind": "channel", @@ -14643,7 +17243,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["app-url", "project-number"], + "enumValues": [ + "app-url", + "project-number" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -14734,7 +17337,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -14803,7 +17409,10 @@ { "path": "channels.googlechat.dm.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -14825,7 +17434,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -14895,7 +17509,10 @@ { "path": "channels.googlechat.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -14907,7 +17524,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -14987,7 +17608,30 @@ { "path": "channels.googlechat.groups.*.users.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.googlechat.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.googlechat.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", "required": false, "deprecated": false, "sensitive": false, @@ -15057,11 +17701,18 @@ { "path": "channels.googlechat.serviceAccount", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["channels", "network", "security"], + "tags": [ + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -15120,7 +17771,11 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["channels", "network", "security"], + "tags": [ + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -15158,7 +17813,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["replace", "status_final", "append"], + "enumValues": [ + "replace", + "status_final", + "append" + ], "defaultValue": "replace", "deprecated": false, "sensitive": false, @@ -15180,7 +17839,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["none", "message", "reaction"], + "enumValues": [ + "none", + "message", + "reaction" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -15213,7 +17876,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "iMessage", "help": "this is still a work in progress.", "hasChildren": true @@ -15251,7 +17917,10 @@ { "path": "channels.imessage.accounts.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -15353,7 +18022,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -15414,7 +18086,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -15474,7 +18151,10 @@ { "path": "channels.imessage.accounts.*.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -15486,7 +18166,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -15673,6 +18357,26 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.imessage.accounts.*.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.imessage.accounts.*.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.imessage.accounts.*.heartbeat", "kind": "channel", @@ -15748,7 +18452,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -15857,7 +18565,10 @@ { "path": "channels.imessage.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -15959,7 +18670,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -15972,7 +18686,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "storage"], + "tags": [ + "channels", + "network", + "storage" + ], "label": "iMessage CLI Path", "help": "Filesystem path to the iMessage bridge CLI binary used for send/receive operations. Set explicitly when the binary is not on PATH in service runtime environments.", "hasChildren": false @@ -15984,7 +18702,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "iMessage Config Writes", "help": "Allow iMessage to write config in response to channel events/commands (default: true).", "hasChildren": false @@ -16034,11 +18755,20 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "iMessage DM Policy", "help": "Direct message access control (\"pairing\" recommended). \"open\" requires channels.imessage.allowFrom=[\"*\"].", "hasChildren": false @@ -16096,7 +18826,10 @@ { "path": "channels.imessage.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -16108,7 +18841,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -16295,6 +19032,26 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.imessage.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.imessage.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.imessage.heartbeat", "kind": "channel", @@ -16370,7 +19127,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -16473,7 +19234,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "IRC", "help": "classic IRC networks with DM/channel routing and pairing controls.", "hasChildren": true @@ -16511,7 +19275,10 @@ { "path": "channels.irc.accounts.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -16593,7 +19360,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -16624,7 +19394,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -16684,7 +19459,10 @@ { "path": "channels.irc.accounts.*.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -16696,7 +19474,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -16736,7 +19518,10 @@ { "path": "channels.irc.accounts.*.groups.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -16978,7 +19763,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -17061,7 +19850,12 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": false }, { @@ -17111,7 +19905,12 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": false }, { @@ -17197,7 +19996,10 @@ { "path": "channels.irc.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -17279,7 +20081,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -17320,11 +20125,20 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "IRC DM Policy", "help": "Direct message access control (\"pairing\" recommended). \"open\" requires channels.irc.allowFrom=[\"*\"].", "hasChildren": false @@ -17382,7 +20196,10 @@ { "path": "channels.irc.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -17394,7 +20211,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -17434,7 +20255,10 @@ { "path": "channels.irc.groups.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -17676,7 +20500,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -17749,7 +20577,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "IRC NickServ Enabled", "help": "Enable NickServ identify/register after connect (defaults to enabled when password is configured).", "hasChildren": false @@ -17761,7 +20592,12 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "label": "IRC NickServ Password", "help": "NickServ password used for IDENTIFY/REGISTER (sensitive).", "hasChildren": false @@ -17773,7 +20609,13 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["auth", "channels", "network", "security", "storage"], + "tags": [ + "auth", + "channels", + "network", + "security", + "storage" + ], "label": "IRC NickServ Password File", "help": "Optional file path containing NickServ password.", "hasChildren": false @@ -17785,7 +20627,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "IRC NickServ Register", "help": "If true, send NickServ REGISTER on every connect. Use once for initial registration, then disable.", "hasChildren": false @@ -17797,7 +20642,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "IRC NickServ Register Email", "help": "Email used with NickServ REGISTER (required when register=true).", "hasChildren": false @@ -17809,7 +20657,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "IRC NickServ Service", "help": "NickServ service nick (default: NickServ).", "hasChildren": false @@ -17821,7 +20672,12 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": false }, { @@ -17901,7 +20757,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "LINE", "help": "LINE Messaging API bot for Japan/Taiwan/Thailand markets.", "hasChildren": true @@ -17939,7 +20798,10 @@ { "path": "channels.line.accounts.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -17971,7 +20833,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "allowlist", "pairing", "disabled"], + "enumValues": [ + "open", + "allowlist", + "pairing", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -18001,7 +20868,10 @@ { "path": "channels.line.accounts.*.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -18013,7 +20883,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "allowlist", "disabled"], + "enumValues": [ + "open", + "allowlist", + "disabled" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -18053,7 +20927,10 @@ { "path": "channels.line.accounts.*.groups.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -18183,7 +21060,10 @@ { "path": "channels.line.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -18225,7 +21105,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "allowlist", "pairing", "disabled"], + "enumValues": [ + "open", + "allowlist", + "pairing", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -18255,7 +21140,10 @@ { "path": "channels.line.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -18267,7 +21155,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "allowlist", "disabled"], + "enumValues": [ + "open", + "allowlist", + "disabled" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -18307,7 +21199,10 @@ { "path": "channels.line.groups.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -18431,7 +21326,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Matrix", "help": "open protocol; configure a homeserver + access token.", "hasChildren": true @@ -18540,7 +21438,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["always", "allowlist", "off"], + "enumValues": [ + "always", + "allowlist", + "off" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -18559,7 +21461,10 @@ { "path": "channels.matrix.autoJoinAllowlist.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -18571,7 +21476,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -18620,7 +21528,10 @@ { "path": "channels.matrix.dm.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -18642,7 +21553,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -18681,7 +21597,10 @@ { "path": "channels.matrix.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -18693,7 +21612,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -18872,7 +21795,10 @@ { "path": "channels.matrix.groups.*.users.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -18914,7 +21840,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -18943,7 +21873,10 @@ { "path": "channels.matrix.password", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -18985,7 +21918,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "first", "all"], + "enumValues": [ + "off", + "first", + "all" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -19174,7 +22111,10 @@ { "path": "channels.matrix.rooms.*.users.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -19196,7 +22136,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "inbound", "always"], + "enumValues": [ + "off", + "inbound", + "always" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -19219,7 +22163,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Mattermost", "help": "self-hosted Slack-style chat; install the plugin to enable.", "hasChildren": true @@ -19277,7 +22224,10 @@ { "path": "channels.mattermost.accounts.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -19347,7 +22297,10 @@ { "path": "channels.mattermost.accounts.*.botToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -19409,7 +22362,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["oncall", "onmessage", "onchar"], + "enumValues": [ + "oncall", + "onmessage", + "onchar" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -19420,7 +22377,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -19459,7 +22419,10 @@ { "path": "channels.mattermost.accounts.*.commands.native", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -19469,7 +22432,10 @@ { "path": "channels.mattermost.accounts.*.commands.nativeSkills", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -19501,7 +22467,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -19531,7 +22502,10 @@ { "path": "channels.mattermost.accounts.*.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -19543,7 +22517,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -19605,7 +22583,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -19646,7 +22628,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "first", "all"], + "enumValues": [ + "off", + "first", + "all" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -19715,7 +22701,10 @@ { "path": "channels.mattermost.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -19729,7 +22718,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Mattermost Base URL", "help": "Base URL for your Mattermost server (e.g., https://chat.example.com).", "hasChildren": false @@ -19787,11 +22779,19 @@ { "path": "channels.mattermost.botToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "label": "Mattermost Bot Token", "help": "Bot token from Mattermost System Console -> Integrations -> Bot Accounts.", "hasChildren": true @@ -19851,10 +22851,17 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["oncall", "onmessage", "onchar"], + "enumValues": [ + "oncall", + "onmessage", + "onchar" + ], "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Mattermost Chat Mode", "help": "Reply to channel messages on mention (\"oncall\"), on trigger chars (\">\" or \"!\") (\"onchar\"), or on every message (\"onmessage\").", "hasChildren": false @@ -19864,7 +22871,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -19903,7 +22913,10 @@ { "path": "channels.mattermost.commands.native", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -19913,7 +22926,10 @@ { "path": "channels.mattermost.commands.nativeSkills", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -19927,7 +22943,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Mattermost Config Writes", "help": "Allow Mattermost to write config in response to channel events/commands (default: true).", "hasChildren": false @@ -19957,7 +22976,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -19987,7 +23011,10 @@ { "path": "channels.mattermost.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -19999,7 +23026,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -20061,7 +23092,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -20084,7 +23119,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Mattermost Onchar Prefixes", "help": "Trigger prefixes for onchar mode (default: [\">\", \"!\"]).", "hasChildren": true @@ -20104,7 +23142,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "first", "all"], + "enumValues": [ + "off", + "first", + "all" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -20117,7 +23159,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Mattermost Require Mention", "help": "Require @mention in channels before responding (default: true).", "hasChildren": false @@ -20149,7 +23194,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Microsoft Teams", "help": "Bot Framework; enterprise support.", "hasChildren": true @@ -20187,11 +23235,19 @@ { "path": "channels.msteams.appPassword", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -20289,7 +23345,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -20302,7 +23361,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "MS Teams Config Writes", "help": "Allow Microsoft Teams to write config in response to channel events/commands (default: true).", "hasChildren": false @@ -20342,7 +23404,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -20414,13 +23481,37 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, "tags": [], "hasChildren": false }, + { + "path": "channels.msteams.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.msteams.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.msteams.heartbeat", "kind": "channel", @@ -20486,7 +23577,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -20547,7 +23642,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["thread", "top-level"], + "enumValues": [ + "thread", + "top-level" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -20628,7 +23726,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["thread", "top-level"], + "enumValues": [ + "thread", + "top-level" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -20799,7 +23900,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["thread", "top-level"], + "enumValues": [ + "thread", + "top-level" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -21022,7 +24126,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Nextcloud Talk", "help": "Self-hosted chat via Nextcloud Talk webhook bots.", "hasChildren": true @@ -21070,7 +24177,10 @@ { "path": "channels.nextcloud-talk.accounts.*.apiPassword", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -21190,7 +24300,10 @@ { "path": "channels.nextcloud-talk.accounts.*.botSecret", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -21242,7 +24355,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -21263,7 +24379,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -21335,7 +24456,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -21367,7 +24492,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -21636,7 +24765,10 @@ { "path": "channels.nextcloud-talk.apiPassword", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -21756,7 +24888,10 @@ { "path": "channels.nextcloud-talk.botSecret", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -21808,7 +24943,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -21839,7 +24977,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -21911,7 +25054,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -21943,7 +25090,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -22196,7 +25347,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Nostr", "help": "Decentralized DMs via Nostr relays (NIP-04)", "hasChildren": true @@ -22214,7 +25368,10 @@ { "path": "channels.nostr.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -22236,7 +25393,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -22267,7 +25429,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -22410,7 +25576,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Signal", "help": "signal-cli linked device; more setup (David Reagans: \"Hop on Discord.\").", "hasChildren": true @@ -22422,7 +25591,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Signal Account", "help": "Signal account identifier (phone/number handle) used to bind this channel config to a specific Signal identity. Keep this aligned with your linked device/session state.", "hasChildren": false @@ -22500,7 +25672,10 @@ { "path": "channels.signal.accounts.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -22592,7 +25767,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -22643,7 +25821,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -22703,7 +25886,10 @@ { "path": "channels.signal.accounts.*.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -22715,7 +25901,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -22902,6 +26092,26 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.signal.accounts.*.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.signal.accounts.*.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.signal.accounts.*.heartbeat", "kind": "channel", @@ -23017,7 +26227,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -23056,7 +26270,10 @@ { "path": "channels.signal.accounts.*.reactionAllowlist.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -23068,7 +26285,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "ack", "minimal", "extensive"], + "enumValues": [ + "off", + "ack", + "minimal", + "extensive" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -23079,7 +26301,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "own", "all", "allowlist"], + "enumValues": [ + "off", + "own", + "all", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -23178,7 +26405,10 @@ { "path": "channels.signal.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -23270,7 +26500,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -23293,7 +26526,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Signal Config Writes", "help": "Allow Signal to write config in response to channel events/commands (default: true).", "hasChildren": false @@ -23333,11 +26569,20 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "Signal DM Policy", "help": "Direct message access control (\"pairing\" recommended). \"open\" requires channels.signal.allowFrom=[\"*\"].", "hasChildren": false @@ -23395,7 +26640,10 @@ { "path": "channels.signal.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -23407,7 +26655,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -23594,6 +26846,26 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.signal.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.signal.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.signal.heartbeat", "kind": "channel", @@ -23709,7 +26981,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -23748,7 +27024,10 @@ { "path": "channels.signal.reactionAllowlist.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -23760,7 +27039,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "ack", "minimal", "extensive"], + "enumValues": [ + "off", + "ack", + "minimal", + "extensive" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -23771,7 +27055,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "own", "all", "allowlist"], + "enumValues": [ + "off", + "own", + "all", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -23834,7 +27123,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Slack", "help": "supported (Socket Mode).", "hasChildren": true @@ -23982,7 +27274,10 @@ { "path": "channels.slack.accounts.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -23992,11 +27287,19 @@ { "path": "channels.slack.accounts.*.appToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -24082,11 +27385,19 @@ { "path": "channels.slack.accounts.*.botToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -24122,7 +27433,10 @@ { "path": "channels.slack.accounts.*.capabilities", "kind": "channel", - "type": ["array", "object"], + "type": [ + "array", + "object" + ], "required": false, "deprecated": false, "sensitive": false, @@ -24402,7 +27716,10 @@ { "path": "channels.slack.accounts.*.channels.*.users.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -24414,7 +27731,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -24433,7 +27753,10 @@ { "path": "channels.slack.accounts.*.commands.native", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -24443,7 +27766,10 @@ { "path": "channels.slack.accounts.*.commands.nativeSkills", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -24503,7 +27829,10 @@ { "path": "channels.slack.accounts.*.dm.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -24533,7 +27862,10 @@ { "path": "channels.slack.accounts.*.dm.groupChannels.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -24555,7 +27887,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -24586,7 +27923,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -24637,7 +27979,31 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, + { + "path": "channels.slack.accounts.*.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.slack.accounts.*.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", + "required": false, "deprecated": false, "sensitive": false, "tags": [], @@ -24708,7 +28074,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -24729,7 +28099,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["socket", "http"], + "enumValues": [ + "socket", + "http" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -24768,7 +28141,10 @@ { "path": "channels.slack.accounts.*.reactionAllowlist.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -24780,7 +28156,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "own", "all", "allowlist"], + "enumValues": [ + "off", + "own", + "all", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -24859,11 +28240,19 @@ { "path": "channels.slack.accounts.*.signingSecret", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -24949,9 +28338,17 @@ { "path": "channels.slack.accounts.*.streaming", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, - "enumValues": ["off", "partial", "block", "progress"], + "enumValues": [ + "off", + "partial", + "block", + "progress" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -24962,7 +28359,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["replace", "status_final", "append"], + "enumValues": [ + "replace", + "status_final", + "append" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -24993,7 +28394,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["thread", "channel"], + "enumValues": [ + "thread", + "channel" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -25032,11 +28436,19 @@ { "path": "channels.slack.accounts.*.userToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -25197,7 +28609,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "Slack Allow Bot Messages", "help": "Allow bot-authored messages to trigger Slack replies (default: false).", "hasChildren": false @@ -25215,7 +28631,10 @@ { "path": "channels.slack.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -25225,11 +28644,19 @@ { "path": "channels.slack.appToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "label": "Slack App Token", "help": "Slack app-level token used for Socket Mode connections and event transport when enabled. Use least-privilege app scopes and store this token as a secret.", "hasChildren": true @@ -25317,11 +28744,19 @@ { "path": "channels.slack.botToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "label": "Slack Bot Token", "help": "Slack bot token used for standard chat actions in the configured workspace. Keep this credential scoped and rotate if workspace app permissions change.", "hasChildren": true @@ -25359,7 +28794,10 @@ { "path": "channels.slack.capabilities", "kind": "channel", - "type": ["array", "object"], + "type": [ + "array", + "object" + ], "required": false, "deprecated": false, "sensitive": false, @@ -25383,7 +28821,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Slack Interactive Replies", "help": "Enable agent-authored Slack interactive reply directives (`[[slack_buttons: ...]]`, `[[slack_select: ...]]`). Default: false.", "hasChildren": false @@ -25641,7 +29082,10 @@ { "path": "channels.slack.channels.*.users.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -25653,7 +29097,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -25672,11 +29119,17 @@ { "path": "channels.slack.commands.native", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Slack Native Commands", "help": "Override native commands for Slack (bool or \"auto\").", "hasChildren": false @@ -25684,11 +29137,17 @@ { "path": "channels.slack.commands.nativeSkills", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Slack Native Skill Commands", "help": "Override native skill commands for Slack (bool or \"auto\").", "hasChildren": false @@ -25700,7 +29159,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Slack Config Writes", "help": "Allow Slack to write config in response to channel events/commands (default: true).", "hasChildren": false @@ -25758,7 +29220,10 @@ { "path": "channels.slack.dm.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -25788,7 +29253,10 @@ { "path": "channels.slack.dm.groupChannels.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -25810,10 +29278,19 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "Slack DM Policy", "help": "Direct message access control (\"pairing\" recommended). \"open\" requires channels.slack.allowFrom=[\"*\"] (legacy: channels.slack.dm.allowFrom).", "hasChildren": false @@ -25843,10 +29320,19 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "Slack DM Policy", "help": "Direct message access control (\"pairing\" recommended). \"open\" requires channels.slack.allowFrom=[\"*\"].", "hasChildren": false @@ -25896,13 +29382,37 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, "tags": [], "hasChildren": false }, + { + "path": "channels.slack.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.slack.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.slack.heartbeat", "kind": "channel", @@ -25968,7 +29478,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -25989,7 +29503,10 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["socket", "http"], + "enumValues": [ + "socket", + "http" + ], "defaultValue": "socket", "deprecated": false, "sensitive": false, @@ -26013,7 +29530,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Slack Native Streaming", "help": "Enable native Slack text streaming (chat.startStream/chat.appendStream/chat.stopStream) when channels.slack.streaming is partial (default: true).", "hasChildren": false @@ -26031,7 +29551,10 @@ { "path": "channels.slack.reactionAllowlist.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -26043,7 +29566,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "own", "all", "allowlist"], + "enumValues": [ + "off", + "own", + "all", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -26122,11 +29650,19 @@ { "path": "channels.slack.signingSecret", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -26212,12 +29748,23 @@ { "path": "channels.slack.streaming", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, - "enumValues": ["off", "partial", "block", "progress"], + "enumValues": [ + "off", + "partial", + "block", + "progress" + ], "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Slack Streaming Mode", "help": "Unified Slack stream preview mode: \"off\" | \"partial\" | \"block\" | \"progress\". Legacy boolean/streamMode keys are auto-mapped.", "hasChildren": false @@ -26227,10 +29774,17 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["replace", "status_final", "append"], + "enumValues": [ + "replace", + "status_final", + "append" + ], "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Slack Stream Mode (Legacy)", "help": "Legacy Slack preview mode alias (replace | status_final | append); auto-migrated to channels.slack.streaming.", "hasChildren": false @@ -26260,10 +29814,16 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["thread", "channel"], + "enumValues": [ + "thread", + "channel" + ], "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Slack Thread History Scope", "help": "Scope for Slack thread history context (\"thread\" isolates per thread; \"channel\" reuses channel history).", "hasChildren": false @@ -26275,7 +29835,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Slack Thread Parent Inheritance", "help": "If true, Slack thread sessions inherit the parent channel transcript (default: false).", "hasChildren": false @@ -26287,7 +29850,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance"], + "tags": [ + "channels", + "network", + "performance" + ], "label": "Slack Thread Initial History Limit", "help": "Maximum number of existing Slack thread messages to fetch when starting a new thread session (default: 20, set to 0 to disable).", "hasChildren": false @@ -26305,11 +29872,19 @@ { "path": "channels.slack.userToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "label": "Slack User Token", "help": "Optional Slack user token for workflows requiring user-context API access beyond bot permissions. Use sparingly and audit scopes because this token can carry broader authority.", "hasChildren": true @@ -26352,7 +29927,12 @@ "defaultValue": true, "deprecated": false, "sensitive": false, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "label": "Slack User Token Read Only", "help": "When true, treat configured Slack user token usage as read-only helper behavior where possible. Keep enabled if you only need supplemental reads without user-context writes.", "hasChildren": false @@ -26375,7 +29955,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Synology Chat", "help": "Connect your Synology NAS Chat to OpenClaw", "hasChildren": true @@ -26396,7 +29979,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram", "help": "simplest way to get started — register a bot with @BotFather and get going.", "hasChildren": true @@ -26524,7 +30110,10 @@ { "path": "channels.telegram.accounts.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -26584,11 +30173,19 @@ { "path": "channels.telegram.accounts.*.botToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -26624,7 +30221,10 @@ { "path": "channels.telegram.accounts.*.capabilities", "kind": "channel", - "type": ["array", "object"], + "type": [ + "array", + "object" + ], "required": false, "deprecated": false, "sensitive": false, @@ -26646,7 +30246,13 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "dm", "group", "all", "allowlist"], + "enumValues": [ + "off", + "dm", + "group", + "all", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -26657,7 +30263,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -26676,7 +30285,10 @@ { "path": "channels.telegram.accounts.*.commands.native", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -26686,7 +30298,10 @@ { "path": "channels.telegram.accounts.*.commands.nativeSkills", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -26746,7 +30361,10 @@ { "path": "channels.telegram.accounts.*.defaultTo", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -26786,7 +30404,10 @@ { "path": "channels.telegram.accounts.*.direct.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -26798,7 +30419,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -27047,7 +30673,10 @@ { "path": "channels.telegram.accounts.*.direct.*.topics.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -27079,7 +30708,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -27140,7 +30773,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -27270,7 +30908,10 @@ { "path": "channels.telegram.accounts.*.execApprovals.approvers.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -27312,7 +30953,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["dm", "channel", "both"], + "enumValues": [ + "dm", + "channel", + "both" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -27331,7 +30976,10 @@ { "path": "channels.telegram.accounts.*.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -27343,7 +30991,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -27383,7 +31035,10 @@ { "path": "channels.telegram.accounts.*.groups.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -27415,7 +31070,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -27654,7 +31313,10 @@ { "path": "channels.telegram.accounts.*.groups.*.topics.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -27686,7 +31348,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -27732,6 +31398,26 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.telegram.accounts.*.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.telegram.accounts.*.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.telegram.accounts.*.heartbeat", "kind": "channel", @@ -27807,7 +31493,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -27858,7 +31548,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["ipv4first", "verbatim"], + "enumValues": [ + "ipv4first", + "verbatim" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -27879,7 +31572,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "ack", "minimal", "extensive"], + "enumValues": [ + "off", + "ack", + "minimal", + "extensive" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -27890,7 +31588,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "own", "all"], + "enumValues": [ + "off", + "own", + "all" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -27969,9 +31671,17 @@ { "path": "channels.telegram.accounts.*.streaming", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, - "enumValues": ["off", "partial", "block", "progress"], + "enumValues": [ + "off", + "partial", + "block", + "progress" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -27982,7 +31692,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "partial", "block"], + "enumValues": [ + "off", + "partial", + "block" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -28121,11 +31835,19 @@ { "path": "channels.telegram.accounts.*.webhookSecret", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -28271,7 +31993,10 @@ { "path": "channels.telegram.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -28331,11 +32056,19 @@ { "path": "channels.telegram.botToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "label": "Telegram Bot Token", "help": "Telegram bot token used to authenticate Bot API requests for this account/provider config. Use secret/env substitution and rotate tokens if exposure is suspected.", "hasChildren": true @@ -28373,7 +32106,10 @@ { "path": "channels.telegram.capabilities", "kind": "channel", - "type": ["array", "object"], + "type": [ + "array", + "object" + ], "required": false, "deprecated": false, "sensitive": false, @@ -28395,10 +32131,19 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "dm", "group", "all", "allowlist"], + "enumValues": [ + "off", + "dm", + "group", + "all", + "allowlist" + ], "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram Inline Buttons", "help": "Enable Telegram inline button components for supported command and interaction surfaces. Disable if your deployment needs plain-text-only compatibility behavior.", "hasChildren": false @@ -28408,7 +32153,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -28427,11 +32175,17 @@ { "path": "channels.telegram.commands.native", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram Native Commands", "help": "Override native commands for Telegram (bool or \"auto\").", "hasChildren": false @@ -28439,11 +32193,17 @@ { "path": "channels.telegram.commands.nativeSkills", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram Native Skill Commands", "help": "Override native skill commands for Telegram (bool or \"auto\").", "hasChildren": false @@ -28455,7 +32215,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram Config Writes", "help": "Allow Telegram to write config in response to channel events/commands (default: true).", "hasChildren": false @@ -28467,7 +32230,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram Custom Commands", "help": "Additional Telegram bot menu commands (merged with native; conflicts ignored).", "hasChildren": true @@ -28515,7 +32281,10 @@ { "path": "channels.telegram.defaultTo", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -28555,7 +32324,10 @@ { "path": "channels.telegram.direct.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -28567,7 +32339,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -28816,7 +32593,10 @@ { "path": "channels.telegram.direct.*.topics.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -28848,7 +32628,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -28909,11 +32693,20 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "Telegram DM Policy", "help": "Direct message access control (\"pairing\" recommended). \"open\" requires channels.telegram.allowFrom=[\"*\"].", "hasChildren": false @@ -29005,7 +32798,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram Exec Approvals", "help": "Telegram-native exec approval routing and approver authorization. Enable this only when Telegram should act as an explicit exec-approval client for the selected bot account.", "hasChildren": true @@ -29017,7 +32813,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram Exec Approval Agent Filter", "help": "Optional allowlist of agent IDs eligible for Telegram exec approvals, for example `[\"main\", \"ops-agent\"]`. Use this to keep approval prompts scoped to the agents you actually operate from Telegram.", "hasChildren": true @@ -29039,7 +32838,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram Exec Approval Approvers", "help": "Telegram user IDs allowed to approve exec requests for this bot account. Use numeric Telegram user IDs; prompts are only delivered to these approvers when target includes dm.", "hasChildren": true @@ -29047,7 +32849,10 @@ { "path": "channels.telegram.execApprovals.approvers.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -29061,7 +32866,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram Exec Approvals Enabled", "help": "Enable Telegram exec approvals for this account. When false or unset, Telegram messages/buttons cannot approve exec requests.", "hasChildren": false @@ -29073,7 +32881,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "storage"], + "tags": [ + "channels", + "network", + "storage" + ], "label": "Telegram Exec Approval Session Filter", "help": "Optional session-key filters matched as substring or regex-style patterns before Telegram approval routing is used. Use narrow patterns so Telegram approvals only appear for intended sessions.", "hasChildren": true @@ -29093,10 +32905,17 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["dm", "channel", "both"], + "enumValues": [ + "dm", + "channel", + "both" + ], "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram Exec Approval Target", "help": "Controls where Telegram approval prompts are sent: \"dm\" sends to approver DMs (default), \"channel\" sends to the originating Telegram chat/topic, and \"both\" sends to both. Channel delivery exposes the command text to the chat, so only use it in trusted groups/topics.", "hasChildren": false @@ -29114,7 +32933,10 @@ { "path": "channels.telegram.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -29126,7 +32948,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -29166,7 +32992,10 @@ { "path": "channels.telegram.groups.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -29198,7 +33027,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -29437,7 +33270,10 @@ { "path": "channels.telegram.groups.*.topics.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -29469,7 +33305,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -29515,6 +33355,26 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.telegram.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.telegram.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.telegram.heartbeat", "kind": "channel", @@ -29590,7 +33450,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -29633,7 +33497,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram autoSelectFamily", "help": "Override Node autoSelectFamily for Telegram (true=enable, false=disable).", "hasChildren": false @@ -29643,7 +33510,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["ipv4first", "verbatim"], + "enumValues": [ + "ipv4first", + "verbatim" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -29664,7 +33534,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "ack", "minimal", "extensive"], + "enumValues": [ + "off", + "ack", + "minimal", + "extensive" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -29675,7 +33550,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "own", "all"], + "enumValues": [ + "off", + "own", + "all" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -29718,7 +33597,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "reliability"], + "tags": [ + "channels", + "network", + "reliability" + ], "label": "Telegram Retry Attempts", "help": "Max retry attempts for outbound Telegram API calls (default: 3).", "hasChildren": false @@ -29730,7 +33613,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "reliability"], + "tags": [ + "channels", + "network", + "reliability" + ], "label": "Telegram Retry Jitter", "help": "Jitter factor (0-1) applied to Telegram retry delays.", "hasChildren": false @@ -29742,7 +33629,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance", "reliability"], + "tags": [ + "channels", + "network", + "performance", + "reliability" + ], "label": "Telegram Retry Max Delay (ms)", "help": "Maximum retry delay cap in ms for Telegram outbound calls.", "hasChildren": false @@ -29754,7 +33646,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "reliability"], + "tags": [ + "channels", + "network", + "reliability" + ], "label": "Telegram Retry Min Delay (ms)", "help": "Minimum retry delay in ms for Telegram outbound calls.", "hasChildren": false @@ -29762,12 +33658,23 @@ { "path": "channels.telegram.streaming", "kind": "channel", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, - "enumValues": ["off", "partial", "block", "progress"], + "enumValues": [ + "off", + "partial", + "block", + "progress" + ], "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Telegram Streaming Mode", "help": "Unified Telegram stream preview mode: \"off\" | \"partial\" | \"block\" | \"progress\" (default: \"partial\"). \"progress\" maps to \"partial\" on Telegram. Legacy boolean/streamMode keys are auto-mapped.", "hasChildren": false @@ -29777,7 +33684,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "partial", "block"], + "enumValues": [ + "off", + "partial", + "block" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -29810,7 +33721,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "storage"], + "tags": [ + "channels", + "network", + "storage" + ], "label": "Telegram Thread Binding Enabled", "help": "Enable Telegram conversation binding features (/focus, /unfocus, /agents, and /session idle|max-age). Overrides session.threadBindings.enabled when set.", "hasChildren": false @@ -29822,7 +33737,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "storage"], + "tags": [ + "channels", + "network", + "storage" + ], "label": "Telegram Thread Binding Idle Timeout (hours)", "help": "Inactivity window in hours for Telegram bound sessions. Set 0 to disable idle auto-unfocus (default: 24). Overrides session.threadBindings.idleHours when set.", "hasChildren": false @@ -29834,7 +33753,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance", "storage"], + "tags": [ + "channels", + "network", + "performance", + "storage" + ], "label": "Telegram Thread Binding Max Age (hours)", "help": "Optional hard max age in hours for Telegram bound sessions. Set 0 to disable hard cap (default: 0). Overrides session.threadBindings.maxAgeHours when set.", "hasChildren": false @@ -29846,7 +33770,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "storage"], + "tags": [ + "channels", + "network", + "storage" + ], "label": "Telegram Thread-Bound ACP Spawn", "help": "Allow ACP spawns with thread=true to auto-bind Telegram current conversations when supported.", "hasChildren": false @@ -29858,7 +33786,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "storage"], + "tags": [ + "channels", + "network", + "storage" + ], "label": "Telegram Thread-Bound Subagent Spawn", "help": "Allow subagent spawns with thread=true to auto-bind Telegram current conversations when supported.", "hasChildren": false @@ -29870,7 +33802,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance"], + "tags": [ + "channels", + "network", + "performance" + ], "label": "Telegram API Timeout (seconds)", "help": "Max seconds before Telegram API requests are aborted (default: 500 per grammY).", "hasChildren": false @@ -29928,11 +33864,19 @@ { "path": "channels.telegram.webhookSecret", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "channels", "network", "security"], + "tags": [ + "auth", + "channels", + "network", + "security" + ], "hasChildren": true }, { @@ -29982,7 +33926,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Tlon", "help": "Decentralized messaging on Urbit", "hasChildren": true @@ -30232,7 +34179,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["restricted", "open"], + "enumValues": [ + "restricted", + "open" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -30415,7 +34365,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Twitch", "help": "Twitch chat integration", "hasChildren": true @@ -30475,7 +34428,13 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["moderator", "owner", "vip", "subscriber", "all"], + "enumValues": [ + "moderator", + "owner", + "vip", + "subscriber", + "all" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -30544,7 +34503,10 @@ { "path": "channels.twitch.accounts.*.expiresIn", "kind": "channel", - "type": ["null", "number"], + "type": [ + "null", + "number" + ], "required": false, "deprecated": false, "sensitive": false, @@ -30616,7 +34578,13 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["moderator", "owner", "vip", "subscriber", "all"], + "enumValues": [ + "moderator", + "owner", + "vip", + "subscriber", + "all" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -30685,7 +34653,10 @@ { "path": "channels.twitch.expiresIn", "kind": "channel", - "type": ["null", "number"], + "type": [ + "null", + "number" + ], "required": false, "deprecated": false, "sensitive": false, @@ -30707,7 +34678,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["bullets", "code", "off"], + "enumValues": [ + "bullets", + "code", + "off" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -30780,7 +34755,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "WhatsApp", "help": "works with your own number; recommend a separate phone + eSIM.", "hasChildren": true @@ -30841,7 +34819,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["always", "mentions", "never"], + "enumValues": [ + "always", + "mentions", + "never" + ], "defaultValue": "mentions", "deprecated": false, "sensitive": false, @@ -30953,7 +34935,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -31005,7 +34990,12 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, @@ -31077,7 +35067,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -31264,6 +35258,26 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.whatsapp.accounts.*.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.whatsapp.accounts.*.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.whatsapp.accounts.*.heartbeat", "kind": "channel", @@ -31329,7 +35343,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -31441,7 +35459,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["always", "mentions", "never"], + "enumValues": [ + "always", + "mentions", + "never" + ], "defaultValue": "mentions", "deprecated": false, "sensitive": false, @@ -31583,7 +35605,10 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["length", "newline"], + "enumValues": [ + "length", + "newline" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -31596,7 +35621,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "WhatsApp Config Writes", "help": "Allow WhatsApp to write config in response to channel events/commands (default: true).", "hasChildren": false @@ -31609,7 +35637,11 @@ "defaultValue": 0, "deprecated": false, "sensitive": false, - "tags": ["channels", "network", "performance"], + "tags": [ + "channels", + "network", + "performance" + ], "label": "WhatsApp Message Debounce (ms)", "help": "Debounce window (ms) for batching rapid consecutive messages from the same sender (0 to disable).", "hasChildren": false @@ -31649,11 +35681,20 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "defaultValue": "pairing", "deprecated": false, "sensitive": false, - "tags": ["access", "channels", "network"], + "tags": [ + "access", + "channels", + "network" + ], "label": "WhatsApp DM Policy", "help": "Direct message access control (\"pairing\" recommended). \"open\" requires channels.whatsapp.allowFrom=[\"*\"].", "hasChildren": false @@ -31723,7 +35764,11 @@ "kind": "channel", "type": "string", "required": true, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "defaultValue": "allowlist", "deprecated": false, "sensitive": false, @@ -31910,6 +35955,26 @@ "tags": [], "hasChildren": false }, + { + "path": "channels.whatsapp.healthMonitor", + "kind": "channel", + "type": "object", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": true + }, + { + "path": "channels.whatsapp.healthMonitor.enabled", + "kind": "channel", + "type": "boolean", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [], + "hasChildren": false + }, { "path": "channels.whatsapp.heartbeat", "kind": "channel", @@ -31975,7 +36040,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -32019,7 +36088,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "WhatsApp Self-Phone Mode", "help": "Same-phone setup (bot uses your personal WhatsApp number).", "hasChildren": false @@ -32051,7 +36123,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Zalo", "help": "Vietnam-focused messaging platform with Bot API.", "hasChildren": true @@ -32089,7 +36164,10 @@ { "path": "channels.zalo.accounts.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32099,7 +36177,10 @@ { "path": "channels.zalo.accounts.*.botToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32141,7 +36222,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -32170,7 +36256,10 @@ { "path": "channels.zalo.accounts.*.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32182,7 +36271,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -32203,7 +36296,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -32272,7 +36369,10 @@ { "path": "channels.zalo.accounts.*.webhookSecret", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32332,7 +36432,10 @@ { "path": "channels.zalo.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32342,7 +36445,10 @@ { "path": "channels.zalo.botToken", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32394,7 +36500,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -32423,7 +36534,10 @@ { "path": "channels.zalo.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32435,7 +36549,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -32456,7 +36574,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -32525,7 +36647,10 @@ { "path": "channels.zalo.webhookSecret", "kind": "channel", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32579,7 +36704,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["channels", "network"], + "tags": [ + "channels", + "network" + ], "label": "Zalo Personal", "help": "Zalo personal account via QR code login.", "hasChildren": true @@ -32617,7 +36745,10 @@ { "path": "channels.zalouser.accounts.*.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32639,7 +36770,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -32668,7 +36804,10 @@ { "path": "channels.zalouser.accounts.*.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32680,7 +36819,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -32831,7 +36974,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -32890,7 +37037,10 @@ { "path": "channels.zalouser.allowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32922,7 +37072,12 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["pairing", "allowlist", "open", "disabled"], + "enumValues": [ + "pairing", + "allowlist", + "open", + "disabled" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -32951,7 +37106,10 @@ { "path": "channels.zalouser.groupAllowFrom.*", "kind": "channel", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -32963,7 +37121,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["open", "disabled", "allowlist"], + "enumValues": [ + "open", + "disabled", + "allowlist" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -33114,7 +37276,11 @@ "kind": "channel", "type": "string", "required": false, - "enumValues": ["off", "bullets", "code"], + "enumValues": [ + "off", + "bullets", + "code" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -33167,7 +37333,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "CLI", "help": "CLI presentation controls for local command output behavior such as banner and tagline style. Use this section to keep startup output aligned with operator preference without changing runtime behavior.", "hasChildren": true @@ -33179,7 +37347,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "CLI Banner", "help": "CLI startup banner controls for title/version line and tagline style behavior. Keep banner enabled for fast version/context checks, then tune tagline mode to your preferred noise level.", "hasChildren": true @@ -33191,7 +37361,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "CLI Banner Tagline Mode", "help": "Controls tagline style in the CLI startup banner: \"random\" (default) picks from the rotating tagline pool, \"default\" always shows the neutral default tagline, and \"off\" hides tagline text while keeping the banner version line.", "hasChildren": false @@ -33209,7 +37381,9 @@ }, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Commands", "help": "Controls chat command surfaces, owner gating, and elevated command access behavior across providers. Keep defaults unless you need stricter operator controls or broader command availability.", "hasChildren": true @@ -33221,7 +37395,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Command Elevated Access Rules", "help": "Defines elevated command allow rules by channel and sender for owner-level command surfaces. Use narrow provider-specific identities so privileged commands are not exposed to broad chat audiences.", "hasChildren": true @@ -33239,7 +37415,10 @@ { "path": "commands.allowFrom.*.*", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -33253,7 +37432,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Allow Bash Chat Command", "help": "Allow bash chat command (`!`; `/bash` alias) to run host shell commands (default: false; requires tools.elevated).", "hasChildren": false @@ -33265,7 +37446,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Bash Foreground Window (ms)", "help": "How long bash waits before backgrounding (default: 2000; 0 backgrounds immediately).", "hasChildren": false @@ -33277,7 +37460,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Allow /config", "help": "Allow /config chat command to read/write config on disk (default: false).", "hasChildren": false @@ -33289,7 +37474,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Allow /debug", "help": "Allow /debug chat command for runtime-only overrides (default: false).", "hasChildren": false @@ -33297,11 +37484,16 @@ { "path": "commands.native", "kind": "core", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Native Commands", "help": "Registers native slash/menu commands with channels that support command registration (Discord, Slack, Telegram). Keep enabled for discoverability unless you intentionally run text-only command workflows.", "hasChildren": false @@ -33309,11 +37501,16 @@ { "path": "commands.nativeSkills", "kind": "core", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Native Skill Commands", "help": "Registers native skill commands so users can invoke skills directly from provider command menus where supported. Keep aligned with your skill policy so exposed commands match what operators expect.", "hasChildren": false @@ -33325,7 +37522,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Command Owners", "help": "Explicit owner allowlist for owner-only tools/commands. Use channel-native IDs (optionally prefixed like \"whatsapp:+15551234567\"). '*' is ignored.", "hasChildren": true @@ -33333,7 +37532,10 @@ { "path": "commands.ownerAllowFrom.*", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -33345,11 +37547,16 @@ "kind": "core", "type": "string", "required": true, - "enumValues": ["raw", "hash"], + "enumValues": [ + "raw", + "hash" + ], "defaultValue": "raw", "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Owner ID Display", "help": "Controls how owner IDs are rendered in the system prompt. Allowed values: raw, hash. Default: raw.", "hasChildren": false @@ -33361,7 +37568,11 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["access", "auth", "security"], + "tags": [ + "access", + "auth", + "security" + ], "label": "Owner ID Hash Secret", "help": "Optional secret used to HMAC hash owner IDs when ownerDisplay=hash. Prefer env substitution.", "hasChildren": false @@ -33374,7 +37585,9 @@ "defaultValue": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Allow Restart", "help": "Allow /restart and gateway restart tool actions (default: true).", "hasChildren": false @@ -33386,7 +37599,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Text Commands", "help": "Enables text-command parsing in chat input in addition to native command surfaces where available. Keep this enabled for compatibility across channels that do not support native command registration.", "hasChildren": false @@ -33398,7 +37613,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Use Access Groups", "help": "Enforce access-group allowlists/policies for commands.", "hasChildren": false @@ -33410,7 +37627,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation"], + "tags": [ + "automation" + ], "label": "Cron", "help": "Global scheduler settings for stored cron jobs, run concurrency, delivery fallback, and run-session retention. Keep defaults unless you are scaling job volume or integrating external webhook receivers.", "hasChildren": true @@ -33422,7 +37641,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation"], + "tags": [ + "automation" + ], "label": "Cron Enabled", "help": "Enables cron job execution for stored schedules managed by the gateway. Keep enabled for normal reminder/automation flows, and disable only to pause all cron execution without deleting jobs.", "hasChildren": false @@ -33482,7 +37703,10 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["announce", "webhook"], + "enumValues": [ + "announce", + "webhook" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -33523,7 +37747,10 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["announce", "webhook"], + "enumValues": [ + "announce", + "webhook" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -33546,7 +37773,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation", "performance"], + "tags": [ + "automation", + "performance" + ], "label": "Cron Max Concurrent Runs", "help": "Limits how many cron jobs can execute at the same time when multiple schedules fire together. Use lower values to protect CPU/memory under heavy automation load, or raise carefully for higher throughput.", "hasChildren": false @@ -33558,7 +37788,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation", "reliability"], + "tags": [ + "automation", + "reliability" + ], "label": "Cron Retry Policy", "help": "Overrides the default retry policy for one-shot jobs when they fail with transient errors (rate limit, overloaded, network, server_error). Omit to use defaults: maxAttempts 3, backoffMs [30000, 60000, 300000], retry all transient types.", "hasChildren": true @@ -33570,7 +37803,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation", "reliability"], + "tags": [ + "automation", + "reliability" + ], "label": "Cron Retry Backoff (ms)", "help": "Backoff delays in ms for each retry attempt (default: [30000, 60000, 300000]). Use shorter values for faster retries.", "hasChildren": true @@ -33592,7 +37828,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation", "performance", "reliability"], + "tags": [ + "automation", + "performance", + "reliability" + ], "label": "Cron Retry Max Attempts", "help": "Max retries for one-shot jobs on transient errors before permanent disable (default: 3).", "hasChildren": false @@ -33604,7 +37844,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation", "reliability"], + "tags": [ + "automation", + "reliability" + ], "label": "Cron Retry Error Types", "help": "Error types to retry: rate_limit, overloaded, network, timeout, server_error. Use to restrict which errors trigger retries; omit to retry all transient types.", "hasChildren": true @@ -33614,7 +37857,13 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["rate_limit", "overloaded", "network", "timeout", "server_error"], + "enumValues": [ + "rate_limit", + "overloaded", + "network", + "timeout", + "server_error" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -33627,7 +37876,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation"], + "tags": [ + "automation" + ], "label": "Cron Run Log Pruning", "help": "Pruning controls for per-job cron run history files under `cron/runs/.jsonl`, including size and line retention.", "hasChildren": true @@ -33639,7 +37890,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation"], + "tags": [ + "automation" + ], "label": "Cron Run Log Keep Lines", "help": "How many trailing run-log lines to retain when a file exceeds maxBytes (default `2000`). Increase for longer forensic history or lower for smaller disks.", "hasChildren": false @@ -33647,11 +37900,17 @@ { "path": "cron.runLog.maxBytes", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation", "performance"], + "tags": [ + "automation", + "performance" + ], "label": "Cron Run Log Max Bytes", "help": "Maximum bytes per cron run-log file before pruning rewrites to the last keepLines entries (for example `2mb`, default `2000000`).", "hasChildren": false @@ -33659,11 +37918,17 @@ { "path": "cron.sessionRetention", "kind": "core", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation", "storage"], + "tags": [ + "automation", + "storage" + ], "label": "Cron Session Retention", "help": "Controls how long completed cron run sessions are kept before pruning (`24h`, `7d`, `1h30m`, or `false` to disable pruning; default: `24h`). Use shorter retention to reduce storage growth on high-frequency schedules.", "hasChildren": false @@ -33675,7 +37940,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation", "storage"], + "tags": [ + "automation", + "storage" + ], "label": "Cron Store Path", "help": "Path to the cron job store file used to persist scheduled jobs across restarts. Set an explicit path only when you need custom storage layout, backups, or mounted volumes.", "hasChildren": false @@ -33687,7 +37955,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation"], + "tags": [ + "automation" + ], "label": "Cron Legacy Webhook (Deprecated)", "help": "Deprecated legacy fallback webhook URL used only for old jobs with `notify=true`. Migrate to per-job delivery using `delivery.mode=\"webhook\"` plus `delivery.to`, and avoid relying on this global field.", "hasChildren": false @@ -33695,11 +37965,18 @@ { "path": "cron.webhookToken", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "automation", "security"], + "tags": [ + "auth", + "automation", + "security" + ], "label": "Cron Webhook Bearer Token", "help": "Bearer token attached to cron webhook POST deliveries when webhook mode is used. Prefer secret/env substitution and rotate this token regularly if shared webhook endpoints are internet-reachable.", "hasChildren": true @@ -33741,7 +38018,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "Diagnostics", "help": "Diagnostics controls for targeted tracing, telemetry export, and cache inspection during debugging. Keep baseline diagnostics minimal in production and enable deeper signals only when investigating issues.", "hasChildren": true @@ -33753,7 +38032,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability", "storage"], + "tags": [ + "observability", + "storage" + ], "label": "Cache Trace", "help": "Cache-trace logging settings for observing cache decisions and payload context in embedded runs. Enable this temporarily for debugging and disable afterward to reduce sensitive log footprint.", "hasChildren": true @@ -33765,7 +38047,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability", "storage"], + "tags": [ + "observability", + "storage" + ], "label": "Cache Trace Enabled", "help": "Log cache trace snapshots for embedded agent runs (default: false).", "hasChildren": false @@ -33777,7 +38062,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability", "storage"], + "tags": [ + "observability", + "storage" + ], "label": "Cache Trace File Path", "help": "JSONL output path for cache trace logs (default: $OPENCLAW_STATE_DIR/logs/cache-trace.jsonl).", "hasChildren": false @@ -33789,7 +38077,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability", "storage"], + "tags": [ + "observability", + "storage" + ], "label": "Cache Trace Include Messages", "help": "Include full message payloads in trace output (default: true).", "hasChildren": false @@ -33801,7 +38092,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability", "storage"], + "tags": [ + "observability", + "storage" + ], "label": "Cache Trace Include Prompt", "help": "Include prompt text in trace output (default: true).", "hasChildren": false @@ -33813,7 +38107,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability", "storage"], + "tags": [ + "observability", + "storage" + ], "label": "Cache Trace Include System", "help": "Include system prompt in trace output (default: true).", "hasChildren": false @@ -33825,7 +38122,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "Diagnostics Enabled", "help": "Master toggle for diagnostics instrumentation output in logs and telemetry wiring paths. Keep enabled for normal observability, and disable only in tightly constrained environments.", "hasChildren": false @@ -33837,7 +38136,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "Diagnostics Flags", "help": "Enable targeted diagnostics logs by flag (e.g. [\"telegram.http\"]). Supports wildcards like \"telegram.*\" or \"*\".", "hasChildren": true @@ -33859,7 +38160,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "OpenTelemetry", "help": "OpenTelemetry export settings for traces, metrics, and logs emitted by gateway components. Use this when integrating with centralized observability backends and distributed tracing pipelines.", "hasChildren": true @@ -33871,7 +38174,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "OpenTelemetry Enabled", "help": "Enables OpenTelemetry export pipeline for traces, metrics, and logs based on configured endpoint/protocol settings. Keep disabled unless your collector endpoint and auth are fully configured.", "hasChildren": false @@ -33883,7 +38188,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "OpenTelemetry Endpoint", "help": "Collector endpoint URL used for OpenTelemetry export transport, including scheme and port. Use a reachable, trusted collector endpoint and monitor ingestion errors after rollout.", "hasChildren": false @@ -33895,7 +38202,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability", "performance"], + "tags": [ + "observability", + "performance" + ], "label": "OpenTelemetry Flush Interval (ms)", "help": "Interval in milliseconds for periodic telemetry flush from buffers to the collector. Increase to reduce export chatter, or lower for faster visibility during active incident response.", "hasChildren": false @@ -33907,7 +38217,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "OpenTelemetry Headers", "help": "Additional HTTP/gRPC metadata headers sent with OpenTelemetry export requests, often used for tenant auth or routing. Keep secrets in env-backed values and avoid unnecessary header sprawl.", "hasChildren": true @@ -33929,7 +38241,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "OpenTelemetry Logs Enabled", "help": "Enable log signal export through OpenTelemetry in addition to local logging sinks. Use this when centralized log correlation is required across services and agents.", "hasChildren": false @@ -33941,7 +38255,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "OpenTelemetry Metrics Enabled", "help": "Enable metrics signal export to the configured OpenTelemetry collector endpoint. Keep enabled for runtime health dashboards, and disable only if metric volume must be minimized.", "hasChildren": false @@ -33953,7 +38269,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "OpenTelemetry Protocol", "help": "OTel transport protocol for telemetry export: \"http/protobuf\" or \"grpc\" depending on collector support. Use the protocol your observability backend expects to avoid dropped telemetry payloads.", "hasChildren": false @@ -33965,7 +38283,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "OpenTelemetry Trace Sample Rate", "help": "Trace sampling rate (0-1) controlling how much trace traffic is exported to observability backends. Lower rates reduce overhead/cost, while higher rates improve debugging fidelity.", "hasChildren": false @@ -33977,7 +38297,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "OpenTelemetry Service Name", "help": "Service name reported in telemetry resource attributes to identify this gateway instance in observability backends. Use stable names so dashboards and alerts remain consistent over deployments.", "hasChildren": false @@ -33989,7 +38311,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "OpenTelemetry Traces Enabled", "help": "Enable trace signal export to the configured OpenTelemetry collector endpoint. Keep enabled when latency/debug tracing is needed, and disable if you only want metrics/logs.", "hasChildren": false @@ -34001,7 +38325,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability", "storage"], + "tags": [ + "observability", + "storage" + ], "label": "Stuck Session Warning Threshold (ms)", "help": "Age threshold in milliseconds for emitting stuck-session warnings while a session remains in processing state. Increase for long multi-tool turns to reduce false positives; decrease for faster hang detection.", "hasChildren": false @@ -34013,7 +38340,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Discovery", "help": "Service discovery settings for local mDNS advertisement and optional wide-area presence signaling. Keep discovery scoped to expected networks to avoid leaking service metadata.", "hasChildren": true @@ -34025,7 +38354,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "mDNS Discovery", "help": "mDNS discovery configuration group for local network advertisement and discovery behavior tuning. Keep minimal mode for routine LAN discovery unless extra metadata is required.", "hasChildren": true @@ -34035,10 +38366,16 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["off", "minimal", "full"], + "enumValues": [ + "off", + "minimal", + "full" + ], "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "mDNS Discovery Mode", "help": "mDNS broadcast mode (\"minimal\" default, \"full\" includes cliPath/sshPort, \"off\" disables mDNS).", "hasChildren": false @@ -34050,7 +38387,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Wide-area Discovery", "help": "Wide-area discovery configuration group for exposing discovery signals beyond local-link scopes. Enable only in deployments that intentionally aggregate gateway presence across sites.", "hasChildren": true @@ -34062,7 +38401,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Wide-area Discovery Domain", "help": "Optional unicast DNS-SD domain for wide-area discovery, such as openclaw.internal. Use this when you intentionally publish gateway discovery beyond local mDNS scopes.", "hasChildren": false @@ -34074,7 +38415,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Wide-area Discovery Enabled", "help": "Enables wide-area discovery signaling when your environment needs non-local gateway discovery. Keep disabled unless cross-network discovery is operationally required.", "hasChildren": false @@ -34086,7 +38429,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Environment", "help": "Environment import and override settings used to supply runtime variables to the gateway process. Use this section to control shell-env loading and explicit variable injection behavior.", "hasChildren": true @@ -34108,7 +38453,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Shell Environment Import", "help": "Shell environment import controls for loading variables from your login shell during startup. Keep this enabled when you depend on profile-defined secrets or PATH customizations.", "hasChildren": true @@ -34120,7 +38467,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Shell Environment Import Enabled", "help": "Enables loading environment variables from the user shell profile during startup initialization. Keep enabled for developer machines, or disable in locked-down service environments with explicit env management.", "hasChildren": false @@ -34132,7 +38481,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Shell Environment Import Timeout (ms)", "help": "Maximum time in milliseconds allowed for shell environment resolution before fallback behavior applies. Use tighter timeouts for faster startup, or increase when shell initialization is heavy.", "hasChildren": false @@ -34144,7 +38495,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Environment Variable Overrides", "help": "Explicit key/value environment variable overrides merged into runtime process environment for OpenClaw. Use this for deterministic env configuration instead of relying only on shell profile side effects.", "hasChildren": true @@ -34166,7 +38519,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gateway", "help": "Gateway runtime surface for bind mode, auth, control UI, remote transport, and operational safety controls. Keep conservative defaults unless you intentionally expose the gateway beyond trusted local interfaces.", "hasChildren": true @@ -34178,7 +38533,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "network", "reliability"], + "tags": [ + "access", + "network", + "reliability" + ], "label": "Gateway Allow x-real-ip Fallback", "help": "Enables x-real-ip fallback when x-forwarded-for is missing in proxy scenarios. Keep disabled unless your ingress stack requires this compatibility behavior.", "hasChildren": false @@ -34190,7 +38549,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Auth", "help": "Authentication policy for gateway HTTP/WebSocket access including mode, credentials, trusted-proxy behavior, and rate limiting. Keep auth enabled for every non-loopback deployment.", "hasChildren": true @@ -34202,7 +38563,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "network"], + "tags": [ + "access", + "network" + ], "label": "Gateway Auth Allow Tailscale Identity", "help": "Allows trusted Tailscale identity paths to satisfy gateway auth checks when configured. Use this only when your tailnet identity posture is strong and operator workflows depend on it.", "hasChildren": false @@ -34214,7 +38578,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Auth Mode", "help": "Gateway auth mode: \"none\", \"token\", \"password\", or \"trusted-proxy\" depending on your edge architecture. Use token/password for direct exposure, and trusted-proxy only behind hardened identity-aware proxies.", "hasChildren": false @@ -34222,11 +38588,19 @@ { "path": "gateway.auth.password", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["access", "auth", "network", "security"], + "tags": [ + "access", + "auth", + "network", + "security" + ], "label": "Gateway Password", "help": "Required for Tailscale funnel.", "hasChildren": true @@ -34268,7 +38642,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network", "performance"], + "tags": [ + "network", + "performance" + ], "label": "Gateway Auth Rate Limit", "help": "Login/auth attempt throttling controls to reduce credential brute-force risk at the gateway boundary. Keep enabled in exposed environments and tune thresholds to your traffic baseline.", "hasChildren": true @@ -34316,11 +38693,19 @@ { "path": "gateway.auth.token", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["access", "auth", "network", "security"], + "tags": [ + "access", + "auth", + "network", + "security" + ], "label": "Gateway Token", "help": "Required by default for gateway access (unless using Tailscale Serve identity); required for non-loopback binds.", "hasChildren": true @@ -34362,7 +38747,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Trusted Proxy Auth", "help": "Trusted-proxy auth header mapping for upstream identity providers that inject user claims. Use only with known proxy CIDRs and strict header allowlists to prevent spoofed identity headers.", "hasChildren": true @@ -34424,7 +38811,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Bind Mode", "help": "Network bind profile: \"auto\", \"lan\", \"loopback\", \"custom\", or \"tailnet\" to control interface exposure. Keep \"loopback\" or \"auto\" for safest local operation unless external clients must connect.", "hasChildren": false @@ -34436,11 +38825,43 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network", "reliability"], + "tags": [ + "network", + "reliability" + ], "label": "Gateway Channel Health Check Interval (min)", "help": "Interval in minutes for automatic channel health probing and status updates. Use lower intervals for faster detection, or higher intervals to reduce periodic probe noise.", "hasChildren": false }, + { + "path": "gateway.channelMaxRestartsPerHour", + "kind": "core", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "network", + "performance" + ], + "label": "Gateway Channel Max Restarts Per Hour", + "help": "Maximum number of health-monitor-initiated channel restarts allowed within a rolling one-hour window. Once hit, further restarts are skipped until the window expires. Default: 10.", + "hasChildren": false + }, + { + "path": "gateway.channelStaleEventThresholdMinutes", + "kind": "core", + "type": "integer", + "required": false, + "deprecated": false, + "sensitive": false, + "tags": [ + "network" + ], + "label": "Gateway Channel Stale Event Threshold (min)", + "help": "How many minutes a connected channel can go without receiving any event before the health monitor treats it as a stale socket and triggers a restart. Default: 30.", + "hasChildren": false + }, { "path": "gateway.controlUi", "kind": "core", @@ -34448,7 +38869,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Control UI", "help": "Control UI hosting settings including enablement, pathing, and browser-origin/auth hardening behavior. Keep UI exposure minimal and pair with strong auth controls before internet-facing deployments.", "hasChildren": true @@ -34460,7 +38883,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "network"], + "tags": [ + "access", + "network" + ], "label": "Control UI Allowed Origins", "help": "Allowed browser origins for Control UI/WebChat websocket connections (full origins only, e.g. https://control.example.com). Required for non-loopback Control UI deployments unless dangerous Host-header fallback is explicitly enabled.", "hasChildren": true @@ -34482,7 +38908,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "advanced", "network", "security"], + "tags": [ + "access", + "advanced", + "network", + "security" + ], "label": "Insecure Control UI Auth Toggle", "help": "Loosens strict browser auth checks for Control UI when you must run a non-standard setup. Keep this off unless you trust your network and proxy path, because impersonation risk is higher.", "hasChildren": false @@ -34494,7 +38925,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network", "storage"], + "tags": [ + "network", + "storage" + ], "label": "Control UI Base Path", "help": "Optional URL prefix where the Control UI is served (e.g. /openclaw).", "hasChildren": false @@ -34506,7 +38940,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "advanced", "network", "security"], + "tags": [ + "access", + "advanced", + "network", + "security" + ], "label": "Dangerously Allow Host-Header Origin Fallback", "help": "DANGEROUS toggle that enables Host-header based origin fallback for Control UI/WebChat websocket checks. This mode is supported when your deployment intentionally relies on Host-header origin policy; explicit gateway.controlUi.allowedOrigins remains the recommended hardened default.", "hasChildren": false @@ -34518,7 +38957,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "advanced", "network", "security"], + "tags": [ + "access", + "advanced", + "network", + "security" + ], "label": "Dangerously Disable Control UI Device Auth", "help": "Disables Control UI device identity checks and relies on token/password only. Use only for short-lived debugging on trusted networks, then turn it off immediately.", "hasChildren": false @@ -34530,7 +38974,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Control UI Enabled", "help": "Enables serving the gateway Control UI from the gateway HTTP process when true. Keep enabled for local administration, and disable when an external control surface replaces it.", "hasChildren": false @@ -34542,7 +38988,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Control UI Assets Root", "help": "Optional filesystem root for Control UI assets (defaults to dist/control-ui).", "hasChildren": false @@ -34554,7 +39002,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Custom Bind Host", "help": "Explicit bind host/IP used when gateway.bind is set to custom for manual interface targeting. Use a precise address and avoid wildcard binds unless external exposure is required.", "hasChildren": false @@ -34566,7 +39016,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway HTTP API", "help": "Gateway HTTP API configuration grouping endpoint toggles and transport-facing API exposure controls. Keep only required endpoints enabled to reduce attack surface.", "hasChildren": true @@ -34578,7 +39030,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway HTTP Endpoints", "help": "HTTP endpoint feature toggles under the gateway API surface for compatibility routes and optional integrations. Enable endpoints intentionally and monitor access patterns after rollout.", "hasChildren": true @@ -34600,7 +39054,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "OpenAI Chat Completions Endpoint", "help": "Enable the OpenAI-compatible `POST /v1/chat/completions` endpoint (default: false).", "hasChildren": false @@ -34612,7 +39068,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "network"], + "tags": [ + "media", + "network" + ], "label": "OpenAI Chat Completions Image Limits", "help": "Image fetch/validation controls for OpenAI-compatible `image_url` parts.", "hasChildren": true @@ -34624,7 +39083,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "media", "network"], + "tags": [ + "access", + "media", + "network" + ], "label": "OpenAI Chat Completions Image MIME Allowlist", "help": "Allowed MIME types for `image_url` parts (case-insensitive list).", "hasChildren": true @@ -34646,7 +39109,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "media", "network"], + "tags": [ + "access", + "media", + "network" + ], "label": "OpenAI Chat Completions Allow Image URLs", "help": "Allow server-side URL fetches for `image_url` parts (default: false; data URIs remain supported).", "hasChildren": false @@ -34658,7 +39125,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "network", "performance"], + "tags": [ + "media", + "network", + "performance" + ], "label": "OpenAI Chat Completions Image Max Bytes", "help": "Max bytes per fetched/decoded `image_url` image (default: 10MB).", "hasChildren": false @@ -34670,7 +39141,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "network", "performance", "storage"], + "tags": [ + "media", + "network", + "performance", + "storage" + ], "label": "OpenAI Chat Completions Image Max Redirects", "help": "Max HTTP redirects allowed when fetching `image_url` URLs (default: 3).", "hasChildren": false @@ -34682,7 +39158,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "network", "performance"], + "tags": [ + "media", + "network", + "performance" + ], "label": "OpenAI Chat Completions Image Timeout (ms)", "help": "Timeout in milliseconds for `image_url` URL fetches (default: 10000).", "hasChildren": false @@ -34694,7 +39174,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "media", "network"], + "tags": [ + "access", + "media", + "network" + ], "label": "OpenAI Chat Completions Image URL Allowlist", "help": "Optional hostname allowlist for `image_url` URL fetches; supports exact hosts and `*.example.com` wildcards.", "hasChildren": true @@ -34716,7 +39200,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network", "performance"], + "tags": [ + "network", + "performance" + ], "label": "OpenAI Chat Completions Max Body Bytes", "help": "Max request body size in bytes for `/v1/chat/completions` (default: 20MB).", "hasChildren": false @@ -34728,7 +39215,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "network", "performance"], + "tags": [ + "media", + "network", + "performance" + ], "label": "OpenAI Chat Completions Max Image Parts", "help": "Max number of `image_url` parts accepted from the latest user message (default: 8).", "hasChildren": false @@ -34740,7 +39231,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "network", "performance"], + "tags": [ + "media", + "network", + "performance" + ], "label": "OpenAI Chat Completions Max Total Image Bytes", "help": "Max cumulative decoded bytes across all `image_url` parts in one request (default: 20MB).", "hasChildren": false @@ -35022,7 +39517,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway HTTP Security Headers", "help": "Optional HTTP response security headers applied by the gateway process itself. Prefer setting these at your reverse proxy when TLS terminates there.", "hasChildren": true @@ -35030,11 +39527,16 @@ { "path": "gateway.http.securityHeaders.strictTransportSecurity", "kind": "core", - "type": ["boolean", "string"], + "type": [ + "boolean", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Strict Transport Security Header", "help": "Value for the Strict-Transport-Security response header. Set only on HTTPS origins that you fully control; use false to explicitly disable.", "hasChildren": false @@ -35046,7 +39548,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Mode", "help": "Gateway operation mode: \"local\" runs channels and agent runtime on this host, while \"remote\" connects through remote transport. Keep \"local\" unless you intentionally run a split remote gateway topology.", "hasChildren": false @@ -35068,7 +39572,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "network"], + "tags": [ + "access", + "network" + ], "label": "Gateway Node Allowlist (Extra Commands)", "help": "Extra node.invoke commands to allow beyond the gateway defaults (array of command strings). Enabling dangerous commands here is a security-sensitive override and is flagged by `openclaw security audit`.", "hasChildren": true @@ -35100,7 +39607,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Node Browser Mode", "help": "Node browser routing (\"auto\" = pick single connected browser node, \"manual\" = require node param, \"off\" = disable).", "hasChildren": false @@ -35112,7 +39621,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Node Browser Pin", "help": "Pin browser routing to a specific node id or name (optional).", "hasChildren": false @@ -35124,7 +39635,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "network"], + "tags": [ + "access", + "network" + ], "label": "Gateway Node Denylist", "help": "Node command names to block even if present in node claims or default allowlist (exact command-name matching only, e.g. `system.run`; does not inspect shell text inside that command).", "hasChildren": true @@ -35146,7 +39660,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Port", "help": "TCP port used by the gateway listener for API, control UI, and channel-facing ingress paths. Use a dedicated port and avoid collisions with reverse proxies or local developer services.", "hasChildren": false @@ -35158,7 +39674,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Push Delivery", "help": "Push-delivery settings used by the gateway when it needs to wake or notify paired devices. Configure relay-backed APNs here for official iOS builds; direct APNs auth remains env-based for local/manual builds.", "hasChildren": true @@ -35170,7 +39688,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway APNs Delivery", "help": "APNs delivery settings for iOS devices paired to this gateway. Use relay settings for official/TestFlight builds that register through the external push relay.", "hasChildren": true @@ -35182,7 +39702,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway APNs Relay", "help": "External relay settings for relay-backed APNs sends. The gateway uses this relay for push.test, wake nudges, and reconnect wakes after a paired official iOS build publishes a relay-backed registration.", "hasChildren": true @@ -35194,7 +39716,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "network"], + "tags": [ + "advanced", + "network" + ], "label": "Gateway APNs Relay Base URL", "help": "Base HTTPS URL for the external APNs relay service used by official/TestFlight iOS builds. Keep this aligned with the relay URL baked into the iOS build so registration and send traffic hit the same deployment.", "hasChildren": false @@ -35206,7 +39731,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network", "performance"], + "tags": [ + "network", + "performance" + ], "label": "Gateway APNs Relay Timeout (ms)", "help": "Timeout in milliseconds for relay send requests from the gateway to the APNs relay (default: 10000). Increase for slower relays or networks, or lower to fail wake attempts faster.", "hasChildren": false @@ -35218,7 +39746,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network", "reliability"], + "tags": [ + "network", + "reliability" + ], "label": "Config Reload", "help": "Live config-reload policy for how edits are applied and when full restarts are triggered. Keep hybrid behavior for safest operational updates unless debugging reload internals.", "hasChildren": true @@ -35230,7 +39761,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network", "performance", "reliability"], + "tags": [ + "network", + "performance", + "reliability" + ], "label": "Config Reload Debounce (ms)", "help": "Debounce window (ms) before applying config changes.", "hasChildren": false @@ -35242,7 +39777,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network", "reliability"], + "tags": [ + "network", + "reliability" + ], "label": "Config Reload Mode", "help": "Controls how config edits are applied: \"off\" ignores live edits, \"restart\" always restarts, \"hot\" applies in-process, and \"hybrid\" tries hot then restarts if required. Keep \"hybrid\" for safest routine updates.", "hasChildren": false @@ -35254,7 +39792,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Remote Gateway", "help": "Remote gateway connection settings for direct or SSH transport when this instance proxies to another runtime host. Use remote mode only when split-host operation is intentionally configured.", "hasChildren": true @@ -35262,11 +39802,18 @@ { "path": "gateway.remote.password", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "network", "security"], + "tags": [ + "auth", + "network", + "security" + ], "label": "Remote Gateway Password", "help": "Password credential used for remote gateway authentication when password mode is enabled. Keep this secret managed externally and avoid plaintext values in committed config.", "hasChildren": true @@ -35308,7 +39855,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Remote Gateway SSH Identity", "help": "Optional SSH identity file path (passed to ssh -i).", "hasChildren": false @@ -35320,7 +39869,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Remote Gateway SSH Target", "help": "Remote gateway over SSH (tunnels the gateway port to localhost). Format: user@host or user@host:port.", "hasChildren": false @@ -35332,7 +39883,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["auth", "network", "security"], + "tags": [ + "auth", + "network", + "security" + ], "label": "Remote Gateway TLS Fingerprint", "help": "Expected sha256 TLS fingerprint for the remote gateway (pin to avoid MITM).", "hasChildren": false @@ -35340,11 +39895,18 @@ { "path": "gateway.remote.token", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "network", "security"], + "tags": [ + "auth", + "network", + "security" + ], "label": "Remote Gateway Token", "help": "Bearer token used to authenticate this client to a remote gateway in token-auth deployments. Store via secret/env substitution and rotate alongside remote gateway auth changes.", "hasChildren": true @@ -35386,7 +39948,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Remote Gateway Transport", "help": "Remote connection transport: \"direct\" uses configured URL connectivity, while \"ssh\" tunnels through SSH. Use SSH when you need encrypted tunnel semantics without exposing remote ports.", "hasChildren": false @@ -35398,7 +39962,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Remote Gateway URL", "help": "Remote Gateway WebSocket URL (ws:// or wss://).", "hasChildren": false @@ -35410,7 +39976,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Tailscale", "help": "Tailscale integration settings for Serve/Funnel exposure and lifecycle handling on gateway start/exit. Keep off unless your deployment intentionally relies on Tailscale ingress.", "hasChildren": true @@ -35422,7 +39990,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Tailscale Mode", "help": "Tailscale publish mode: \"off\", \"serve\", or \"funnel\" for private or public exposure paths. Use \"serve\" for tailnet-only access and \"funnel\" only when public internet reachability is required.", "hasChildren": false @@ -35434,7 +40004,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Tailscale Reset on Exit", "help": "Resets Tailscale Serve/Funnel state on gateway exit to avoid stale published routes after shutdown. Keep enabled unless another controller manages publish lifecycle outside the gateway.", "hasChildren": false @@ -35446,7 +40018,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway TLS", "help": "TLS certificate and key settings for terminating HTTPS directly in the gateway process. Use explicit certificates in production and avoid plaintext exposure on untrusted networks.", "hasChildren": true @@ -35458,7 +40032,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway TLS Auto-Generate Cert", "help": "Auto-generates a local TLS certificate/key pair when explicit files are not configured. Use only for local/dev setups and replace with real certificates for production traffic.", "hasChildren": false @@ -35470,7 +40046,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network", "storage"], + "tags": [ + "network", + "storage" + ], "label": "Gateway TLS CA Path", "help": "Optional CA bundle path for client verification or custom trust-chain requirements at the gateway edge. Use this when private PKI or custom certificate chains are part of deployment.", "hasChildren": false @@ -35482,7 +40061,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network", "storage"], + "tags": [ + "network", + "storage" + ], "label": "Gateway TLS Certificate Path", "help": "Filesystem path to the TLS certificate file used by the gateway when TLS is enabled. Use managed certificate paths and keep renewal automation aligned with this location.", "hasChildren": false @@ -35494,7 +40076,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway TLS Enabled", "help": "Enables TLS termination at the gateway listener so clients connect over HTTPS/WSS directly. Keep enabled for direct internet exposure or any untrusted network boundary.", "hasChildren": false @@ -35506,7 +40090,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network", "storage"], + "tags": [ + "network", + "storage" + ], "label": "Gateway TLS Key Path", "help": "Filesystem path to the TLS private key file used by the gateway when TLS is enabled. Keep this key file permission-restricted and rotate per your security policy.", "hasChildren": false @@ -35518,7 +40105,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Tool Exposure Policy", "help": "Gateway-level tool exposure allow/deny policy that can restrict runtime tool availability independent of agent/tool profiles. Use this for coarse emergency controls and production hardening.", "hasChildren": true @@ -35530,7 +40119,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "network"], + "tags": [ + "access", + "network" + ], "label": "Gateway Tool Allowlist", "help": "Explicit gateway-level tool allowlist when you want a narrow set of tools available at runtime. Use this for locked-down environments where tool scope must be tightly controlled.", "hasChildren": true @@ -35552,7 +40144,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "network"], + "tags": [ + "access", + "network" + ], "label": "Gateway Tool Denylist", "help": "Explicit gateway-level tool denylist to block risky tools even if lower-level policies allow them. Use deny rules for emergency response and defense-in-depth hardening.", "hasChildren": true @@ -35574,7 +40169,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Gateway Trusted Proxy CIDRs", "help": "CIDR/IP allowlist of upstream proxies permitted to provide forwarded client identity headers. Keep this list narrow so untrusted hops cannot impersonate users.", "hasChildren": true @@ -35596,7 +40193,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hooks", "help": "Inbound webhook automation surface for mapping external events into wake or agent actions in OpenClaw. Keep this locked down with explicit token/session/agent controls before exposing it beyond trusted networks.", "hasChildren": true @@ -35608,7 +40207,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Hooks Allowed Agent IDs", "help": "Allowlist of agent IDs that hook mappings are allowed to target when selecting execution agents. Use this to constrain automation events to dedicated service agents.", "hasChildren": true @@ -35630,7 +40231,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "storage"], + "tags": [ + "access", + "storage" + ], "label": "Hooks Allowed Session Key Prefixes", "help": "Allowlist of accepted session-key prefixes for inbound hook requests when caller-provided keys are enabled. Use narrow prefixes to prevent arbitrary session-key injection.", "hasChildren": true @@ -35652,7 +40256,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "storage"], + "tags": [ + "access", + "storage" + ], "label": "Hooks Allow Request Session Key", "help": "Allows callers to supply a session key in hook requests when true, enabling caller-controlled routing. Keep false unless trusted integrators explicitly need custom session threading.", "hasChildren": false @@ -35664,7 +40271,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Hooks Default Session Key", "help": "Fallback session key used for hook deliveries when a request does not provide one through allowed channels. Use a stable but scoped key to avoid mixing unrelated automation conversations.", "hasChildren": false @@ -35676,7 +40285,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hooks Enabled", "help": "Enables the hooks endpoint and mapping execution pipeline for inbound webhook requests. Keep disabled unless you are actively routing external events into the gateway.", "hasChildren": false @@ -35688,7 +40299,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook", "help": "Gmail push integration settings used for Pub/Sub notifications and optional local callback serving. Keep this scoped to dedicated Gmail automation accounts where possible.", "hasChildren": true @@ -35700,7 +40313,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Account", "help": "Google account identifier used for Gmail watch/subscription operations in this hook integration. Use a dedicated automation mailbox account to isolate operational permissions.", "hasChildren": false @@ -35712,7 +40327,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Gmail Hook Allow Unsafe External Content", "help": "Allows less-sanitized external Gmail content to pass into processing when enabled. Keep disabled for safer defaults, and enable only for trusted mail streams with controlled transforms.", "hasChildren": false @@ -35724,7 +40341,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Callback URL", "help": "Public callback URL Gmail or intermediaries invoke to deliver notifications into this hook pipeline. Keep this URL protected with token validation and restricted network exposure.", "hasChildren": false @@ -35736,7 +40355,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Include Body", "help": "When true, fetch and include email body content for downstream mapping/agent processing. Keep false unless body text is required, because this increases payload size and sensitivity.", "hasChildren": false @@ -35748,7 +40369,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Label", "help": "Optional Gmail label filter limiting which labeled messages trigger hook events. Keep filters narrow to avoid flooding automations with unrelated inbox traffic.", "hasChildren": false @@ -35760,7 +40383,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Gmail Hook Max Body Bytes", "help": "Maximum Gmail payload bytes processed per event when includeBody is enabled. Keep conservative limits to reduce oversized message processing cost and risk.", "hasChildren": false @@ -35772,7 +40397,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Gmail Hook Model Override", "help": "Optional model override for Gmail-triggered runs when mailbox automations should use dedicated model behavior. Keep unset to inherit agent defaults unless mailbox tasks need specialization.", "hasChildren": false @@ -35784,7 +40411,10 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "label": "Gmail Hook Push Token", "help": "Shared secret token required on Gmail push hook callbacks before processing notifications. Use env substitution and rotate if callback endpoints are exposed externally.", "hasChildren": false @@ -35796,7 +40426,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Renew Interval (min)", "help": "Renewal cadence in minutes for Gmail watch subscriptions to prevent expiration. Set below provider expiration windows and monitor renew failures in logs.", "hasChildren": false @@ -35808,7 +40440,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Local Server", "help": "Local callback server settings block for directly receiving Gmail notifications without a separate ingress layer. Enable only when this process should terminate webhook traffic itself.", "hasChildren": true @@ -35820,7 +40454,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Server Bind Address", "help": "Bind address for the local Gmail callback HTTP server used when serving hooks directly. Keep loopback-only unless external ingress is intentionally required.", "hasChildren": false @@ -35832,7 +40468,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Gmail Hook Server Path", "help": "HTTP path on the local Gmail callback server where push notifications are accepted. Keep this consistent with subscription configuration to avoid dropped events.", "hasChildren": false @@ -35844,7 +40482,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Server Port", "help": "Port for the local Gmail callback HTTP server when serve mode is enabled. Use a dedicated port to avoid collisions with gateway/control interfaces.", "hasChildren": false @@ -35856,7 +40496,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Subscription", "help": "Pub/Sub subscription consumed by the gateway to receive Gmail change notifications from the configured topic. Keep subscription ownership clear so multiple consumers do not race unexpectedly.", "hasChildren": false @@ -35868,7 +40510,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Tailscale", "help": "Tailscale exposure configuration block for publishing Gmail callbacks through Serve/Funnel routes. Use private tailnet modes before enabling any public ingress path.", "hasChildren": true @@ -35880,7 +40524,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Tailscale Mode", "help": "Tailscale exposure mode for Gmail callbacks: \"off\", \"serve\", or \"funnel\". Use \"serve\" for private tailnet delivery and \"funnel\" only when public internet ingress is required.", "hasChildren": false @@ -35892,7 +40538,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Gmail Hook Tailscale Path", "help": "Path published by Tailscale Serve/Funnel for Gmail callback forwarding when enabled. Keep it aligned with Gmail webhook config so requests reach the expected handler.", "hasChildren": false @@ -35904,7 +40552,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Tailscale Target", "help": "Local service target forwarded by Tailscale Serve/Funnel (for example http://127.0.0.1:8787). Use explicit loopback targets to avoid ambiguous routing.", "hasChildren": false @@ -35916,7 +40566,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Thinking Override", "help": "Thinking effort override for Gmail-driven agent runs: \"off\", \"minimal\", \"low\", \"medium\", or \"high\". Keep modest defaults for routine inbox automations to control cost and latency.", "hasChildren": false @@ -35928,7 +40580,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gmail Hook Pub/Sub Topic", "help": "Google Pub/Sub topic name used by Gmail watch to publish change notifications for this account. Ensure the topic IAM grants Gmail publish access before enabling watches.", "hasChildren": false @@ -35940,7 +40594,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Internal Hooks", "help": "Internal hook runtime settings for bundled/custom event handlers loaded from module paths. Use this for trusted in-process automations and keep handler loading tightly scoped.", "hasChildren": true @@ -35952,7 +40608,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Internal Hooks Enabled", "help": "Enables processing for internal hook handlers and configured entries in the internal hook runtime. Keep disabled unless internal hook handlers are intentionally configured.", "hasChildren": false @@ -35964,7 +40622,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Internal Hook Entries", "help": "Configured internal hook entry records used to register concrete runtime handlers and metadata. Keep entries explicit and versioned so production behavior is auditable.", "hasChildren": true @@ -36025,7 +40685,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Internal Hook Handlers", "help": "List of internal event handlers mapping event names to modules and optional exports. Keep handler definitions explicit so event-to-code routing is auditable.", "hasChildren": true @@ -36047,7 +40709,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Internal Hook Event", "help": "Internal event name that triggers this handler module when emitted by the runtime. Use stable event naming conventions to avoid accidental overlap across handlers.", "hasChildren": false @@ -36059,7 +40723,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Internal Hook Export", "help": "Optional named export for the internal hook handler function when module default export is not used. Set this when one module ships multiple handler entrypoints.", "hasChildren": false @@ -36071,7 +40737,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Internal Hook Module", "help": "Safe relative module path for the internal hook handler implementation loaded at runtime. Keep module files in reviewed directories and avoid dynamic path composition.", "hasChildren": false @@ -36083,7 +40751,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Internal Hook Install Records", "help": "Install metadata for internal hook modules, including source and resolved artifacts for repeatable deployments. Use this as operational provenance and avoid manual drift edits.", "hasChildren": true @@ -36245,7 +40915,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Internal Hook Loader", "help": "Internal hook loader settings controlling where handler modules are discovered at startup. Use constrained load roots to reduce accidental module conflicts or shadowing.", "hasChildren": true @@ -36257,7 +40929,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Internal Hook Extra Directories", "help": "Additional directories searched for internal hook modules beyond default load paths. Keep this minimal and controlled to reduce accidental module shadowing.", "hasChildren": true @@ -36279,7 +40953,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mappings", "help": "Ordered mapping rules that match inbound hook requests and choose wake or agent actions with optional delivery routing. Use specific mappings first to avoid broad pattern rules capturing everything.", "hasChildren": true @@ -36301,7 +40977,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Action", "help": "Mapping action type: \"wake\" triggers agent wake flow, while \"agent\" sends directly to agent handling. Use \"agent\" for immediate execution and \"wake\" when heartbeat-driven processing is preferred.", "hasChildren": false @@ -36313,7 +40991,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Agent ID", "help": "Target agent ID for mapping execution when action routing should not use defaults. Use dedicated automation agents to isolate webhook behavior from interactive operator sessions.", "hasChildren": false @@ -36325,7 +41005,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Hook Mapping Allow Unsafe External Content", "help": "When true, mapping content may include less-sanitized external payload data in generated messages. Keep false by default and enable only for trusted sources with reviewed transform logic.", "hasChildren": false @@ -36337,7 +41019,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Delivery Channel", "help": "Delivery channel override for mapping outputs (for example \"last\", \"telegram\", \"discord\", \"slack\", \"signal\", \"imessage\", or \"msteams\"). Keep channel overrides explicit to avoid accidental cross-channel sends.", "hasChildren": false @@ -36349,7 +41033,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Deliver Reply", "help": "Controls whether mapping execution results are delivered back to a channel destination versus being processed silently. Disable delivery for background automations that should not post user-facing output.", "hasChildren": false @@ -36361,7 +41047,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping ID", "help": "Optional stable identifier for a hook mapping entry used for auditing, troubleshooting, and targeted updates. Use unique IDs so logs and config diffs can reference mappings unambiguously.", "hasChildren": false @@ -36373,7 +41061,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Match", "help": "Grouping object for mapping match predicates such as path and source before action routing is applied. Keep match criteria specific so unrelated webhook traffic does not trigger automations.", "hasChildren": true @@ -36385,7 +41075,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Hook Mapping Match Path", "help": "Path match condition for a hook mapping, usually compared against the inbound request path. Use this to split automation behavior by webhook endpoint path families.", "hasChildren": false @@ -36397,7 +41089,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Match Source", "help": "Source match condition for a hook mapping, typically set by trusted upstream metadata or adapter logic. Use stable source identifiers so routing remains deterministic across retries.", "hasChildren": false @@ -36409,7 +41103,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Message Template", "help": "Template for synthesizing structured mapping input into the final message content sent to the target action path. Keep templates deterministic so downstream parsing and behavior remain stable.", "hasChildren": false @@ -36421,7 +41117,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Hook Mapping Model Override", "help": "Optional model override for mapping-triggered runs when automation should use a different model than agent defaults. Use this sparingly so behavior remains predictable across mapping executions.", "hasChildren": false @@ -36433,7 +41131,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Name", "help": "Human-readable mapping display name used in diagnostics and operator-facing config UIs. Keep names concise and descriptive so routing intent is obvious during incident review.", "hasChildren": false @@ -36445,7 +41145,10 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["security", "storage"], + "tags": [ + "security", + "storage" + ], "label": "Hook Mapping Session Key", "help": "Explicit session key override for mapping-delivered messages to control thread continuity. Use stable scoped keys so repeated events correlate without leaking into unrelated conversations.", "hasChildren": false @@ -36457,7 +41160,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Text Template", "help": "Text-only fallback template used when rich payload rendering is not desired or not supported. Use this to provide a concise, consistent summary string for chat delivery surfaces.", "hasChildren": false @@ -36469,7 +41174,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Thinking Override", "help": "Optional thinking-effort override for mapping-triggered runs to tune latency versus reasoning depth. Keep low or minimal for high-volume hooks unless deeper reasoning is clearly required.", "hasChildren": false @@ -36481,7 +41188,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Hook Mapping Timeout (sec)", "help": "Maximum runtime allowed for mapping action execution before timeout handling applies. Use tighter limits for high-volume webhook sources to prevent queue pileups.", "hasChildren": false @@ -36493,7 +41202,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Delivery Destination", "help": "Destination identifier inside the selected channel when mapping replies should route to a fixed target. Verify provider-specific destination formats before enabling production mappings.", "hasChildren": false @@ -36505,7 +41216,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Transform", "help": "Transform configuration block defining module/export preprocessing before mapping action handling. Use transforms only from reviewed code paths and keep behavior deterministic for repeatable automation.", "hasChildren": true @@ -36517,7 +41230,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Transform Export", "help": "Named export to invoke from the transform module; defaults to module default export when omitted. Set this when one file hosts multiple transform handlers.", "hasChildren": false @@ -36529,7 +41244,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Transform Module", "help": "Relative transform module path loaded from hooks.transformsDir to rewrite incoming payloads before delivery. Keep modules local, reviewed, and free of path traversal patterns.", "hasChildren": false @@ -36541,7 +41258,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hook Mapping Wake Mode", "help": "Wake scheduling mode: \"now\" wakes immediately, while \"next-heartbeat\" defers until the next heartbeat cycle. Use deferred mode for lower-priority automations that can tolerate slight delay.", "hasChildren": false @@ -36553,7 +41272,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Hooks Max Body Bytes", "help": "Maximum accepted webhook payload size in bytes before the request is rejected. Keep this bounded to reduce abuse risk and protect memory usage under bursty integrations.", "hasChildren": false @@ -36565,7 +41286,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Hooks Endpoint Path", "help": "HTTP path used by the hooks endpoint (for example `/hooks`) on the gateway control server. Use a non-guessable path and combine it with token validation for defense in depth.", "hasChildren": false @@ -36577,7 +41300,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Hooks Presets", "help": "Named hook preset bundles applied at load time to seed standard mappings and behavior defaults. Keep preset usage explicit so operators can audit which automations are active.", "hasChildren": true @@ -36599,7 +41324,10 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "label": "Hooks Auth Token", "help": "Shared bearer token checked by hooks ingress for request authentication before mappings run. Use environment substitution and rotate regularly when webhook endpoints are internet-accessible.", "hasChildren": false @@ -36611,7 +41339,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Hooks Transforms Directory", "help": "Base directory for hook transform modules referenced by mapping transform.module paths. Use a controlled repo directory so dynamic imports remain reviewable and predictable.", "hasChildren": false @@ -36623,7 +41353,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Logging", "help": "Logging behavior controls for severity, output destinations, formatting, and sensitive-data redaction. Keep levels and redaction strict enough for production while preserving useful diagnostics.", "hasChildren": true @@ -36635,7 +41367,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "Console Log Level", "help": "Console-specific log threshold: \"silent\", \"fatal\", \"error\", \"warn\", \"info\", \"debug\", or \"trace\" for terminal output control. Use this to keep local console quieter while retaining richer file logging if needed.", "hasChildren": false @@ -36647,7 +41381,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "Console Log Style", "help": "Console output format style: \"pretty\", \"compact\", or \"json\" based on operator and ingestion needs. Use json for machine parsing pipelines and pretty/compact for human-first terminal workflows.", "hasChildren": false @@ -36659,7 +41395,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability", "storage"], + "tags": [ + "observability", + "storage" + ], "label": "Log File Path", "help": "Optional file path for persisted log output in addition to or instead of console logging. Use a managed writable path and align retention/rotation with your operational policy.", "hasChildren": false @@ -36671,7 +41410,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "Log Level", "help": "Primary log level threshold for runtime logger output: \"silent\", \"fatal\", \"error\", \"warn\", \"info\", \"debug\", or \"trace\". Keep \"info\" or \"warn\" for production, and use debug/trace only during investigation.", "hasChildren": false @@ -36693,7 +41434,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability", "privacy"], + "tags": [ + "observability", + "privacy" + ], "label": "Custom Redaction Patterns", "help": "Additional custom redact regex patterns applied to log output before emission/storage. Use this to mask org-specific tokens and identifiers not covered by built-in redaction rules.", "hasChildren": true @@ -36715,7 +41459,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability", "privacy"], + "tags": [ + "observability", + "privacy" + ], "label": "Sensitive Data Redaction Mode", "help": "Sensitive redaction mode: \"off\" disables built-in masking, while \"tools\" redacts sensitive tool/config payload fields. Keep \"tools\" in shared logs unless you have isolated secure log sinks.", "hasChildren": false @@ -36727,7 +41474,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Media", "help": "Top-level media behavior shared across providers and tools that handle inbound files. Keep defaults unless you need stable filenames for external processing pipelines or longer-lived inbound media retention.", "hasChildren": true @@ -36739,7 +41488,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Preserve Media Filenames", "help": "When enabled, uploaded media keeps its original filename instead of a generated temp-safe name. Turn this on when downstream automations depend on stable names, and leave off to reduce accidental filename leakage.", "hasChildren": false @@ -36751,7 +41502,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Media Retention TTL (hours)", "help": "Optional retention window in hours for persisted inbound media cleanup across the full media tree. Leave unset to preserve legacy behavior, or set values like 24 (1 day) or 168 (7 days) when you want automatic cleanup.", "hasChildren": false @@ -36763,7 +41516,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory", "help": "Memory backend configuration (global).", "hasChildren": true @@ -36775,7 +41530,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Memory Backend", "help": "Selects the global memory engine: \"builtin\" uses OpenClaw memory internals, while \"qmd\" uses the QMD sidecar pipeline. Keep \"builtin\" unless you intentionally operate QMD.", "hasChildren": false @@ -36787,7 +41544,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Memory Citations Mode", "help": "Controls citation visibility in replies: \"auto\" shows citations when useful, \"on\" always shows them, and \"off\" hides them. Keep \"auto\" for a balanced signal-to-noise default.", "hasChildren": false @@ -36809,7 +41568,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD Binary", "help": "Sets the executable path for the `qmd` binary used by the QMD backend (default: resolved from PATH). Use an explicit absolute path when multiple qmd installs exist or PATH differs across environments.", "hasChildren": false @@ -36821,7 +41582,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD Include Default Memory", "help": "Automatically indexes default memory files (MEMORY.md and memory/**/*.md) into QMD collections. Keep enabled unless you want indexing controlled only through explicit custom paths.", "hasChildren": false @@ -36843,7 +41606,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "QMD Max Injected Chars", "help": "Caps how much QMD text can be injected into one turn across all hits. Use lower values to control prompt bloat and latency; raise only when context is consistently truncated.", "hasChildren": false @@ -36855,7 +41621,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "QMD Max Results", "help": "Limits how many QMD hits are returned into the agent loop for each recall request (default: 6). Increase for broader recall context, or lower to keep prompts tighter and faster.", "hasChildren": false @@ -36867,7 +41636,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "QMD Max Snippet Chars", "help": "Caps per-result snippet length extracted from QMD hits in characters (default: 700). Lower this when prompts bloat quickly, and raise only if answers consistently miss key details.", "hasChildren": false @@ -36879,7 +41651,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "QMD Search Timeout (ms)", "help": "Sets per-query QMD search timeout in milliseconds (default: 4000). Increase for larger indexes or slower environments, and lower to keep request latency bounded.", "hasChildren": false @@ -36891,7 +41666,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD MCPorter", "help": "Routes QMD work through mcporter (MCP runtime) instead of spawning `qmd` for each call. Use this when cold starts are expensive on large models; keep direct process mode for simpler local setups.", "hasChildren": true @@ -36903,7 +41680,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD MCPorter Enabled", "help": "Routes QMD through an mcporter daemon instead of spawning qmd per request, reducing cold-start overhead for larger models. Keep disabled unless mcporter is installed and configured.", "hasChildren": false @@ -36915,7 +41694,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD MCPorter Server Name", "help": "Names the mcporter server target used for QMD calls (default: qmd). Change only when your mcporter setup uses a custom server name for qmd mcp keep-alive.", "hasChildren": false @@ -36927,7 +41708,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD MCPorter Start Daemon", "help": "Automatically starts the mcporter daemon when mcporter-backed QMD mode is enabled (default: true). Keep enabled unless process lifecycle is managed externally by your service supervisor.", "hasChildren": false @@ -36939,7 +41722,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD Extra Paths", "help": "Adds custom directories or files to include in QMD indexing, each with an optional name and glob pattern. Use this for project-specific knowledge locations that are outside default memory paths.", "hasChildren": true @@ -36991,7 +41776,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD Surface Scope", "help": "Defines which sessions/channels are eligible for QMD recall using session.sendPolicy-style rules. Keep default direct-only scope unless you intentionally want cross-chat memory sharing.", "hasChildren": true @@ -37093,7 +41880,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD Search Mode", "help": "Selects the QMD retrieval path: \"query\" uses standard query flow, \"search\" uses search-oriented retrieval, and \"vsearch\" emphasizes vector retrieval. Keep default unless tuning relevance quality.", "hasChildren": false @@ -37115,7 +41904,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD Session Indexing", "help": "Indexes session transcripts into QMD so recall can include prior conversation content (experimental, default: false). Enable only when transcript memory is required and you accept larger index churn.", "hasChildren": false @@ -37127,7 +41918,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD Session Export Directory", "help": "Overrides where sanitized session exports are written before QMD indexing. Use this when default state storage is constrained or when exports must land on a managed volume.", "hasChildren": false @@ -37139,7 +41932,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD Session Retention (days)", "help": "Defines how long exported session files are kept before automatic pruning, in days (default: unlimited). Set a finite value for storage hygiene or compliance retention policies.", "hasChildren": false @@ -37161,7 +41956,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "QMD Command Timeout (ms)", "help": "Sets timeout for QMD maintenance commands such as collection list/add in milliseconds (default: 30000). Increase when running on slower disks or remote filesystems that delay command completion.", "hasChildren": false @@ -37173,7 +41971,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "QMD Update Debounce (ms)", "help": "Sets the minimum delay between consecutive QMD refresh attempts in milliseconds (default: 15000). Increase this if frequent file changes cause update thrash or unnecessary background load.", "hasChildren": false @@ -37185,7 +41986,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "QMD Embed Interval", "help": "Sets how often QMD recomputes embeddings (duration string, default: 60m; set 0 to disable periodic embeds). Lower intervals improve freshness but increase embedding workload and cost.", "hasChildren": false @@ -37197,7 +42001,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "QMD Embed Timeout (ms)", "help": "Sets maximum runtime for each `qmd embed` cycle in milliseconds (default: 120000). Increase for heavier embedding workloads or slower hardware, and lower to fail fast under tight SLAs.", "hasChildren": false @@ -37209,7 +42016,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "QMD Update Interval", "help": "Sets how often QMD refreshes indexes from source content (duration string, default: 5m). Shorter intervals improve freshness but increase background CPU and I/O.", "hasChildren": false @@ -37221,7 +42031,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD Update on Startup", "help": "Runs an initial QMD update once during gateway startup (default: true). Keep enabled so recall starts from a fresh baseline; disable only when startup speed is more important than immediate freshness.", "hasChildren": false @@ -37233,7 +42045,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "QMD Update Timeout (ms)", "help": "Sets maximum runtime for each `qmd update` cycle in milliseconds (default: 120000). Raise this for larger collections; lower it when you want quicker failure detection in automation.", "hasChildren": false @@ -37245,7 +42060,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "QMD Wait for Boot Sync", "help": "Blocks startup completion until the initial boot-time QMD sync finishes (default: false). Enable when you need fully up-to-date recall before serving traffic, and keep off for faster boot.", "hasChildren": false @@ -37257,7 +42074,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Messages", "help": "Message formatting, acknowledgment, queueing, debounce, and status reaction behavior for inbound/outbound chat flows. Use this section when channel responsiveness or message UX needs adjustment.", "hasChildren": true @@ -37269,7 +42088,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Ack Reaction Emoji", "help": "Emoji reaction used to acknowledge inbound messages (empty disables).", "hasChildren": false @@ -37279,10 +42100,19 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["group-mentions", "group-all", "direct", "all", "off", "none"], + "enumValues": [ + "group-mentions", + "group-all", + "direct", + "all", + "off", + "none" + ], "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Ack Reaction Scope", "help": "When to send ack reactions (\"group-mentions\", \"group-all\", \"direct\", \"all\", \"off\", \"none\"). \"off\"/\"none\" disables ack reactions entirely.", "hasChildren": false @@ -37294,7 +42124,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Group Chat Rules", "help": "Group-message handling controls including mention triggers and history window sizing. Keep mention patterns narrow so group channels do not trigger on every message.", "hasChildren": true @@ -37306,7 +42138,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Group History Limit", "help": "Maximum number of prior group messages loaded as context per turn for group sessions. Use higher values for richer continuity, or lower values for faster and cheaper responses.", "hasChildren": false @@ -37318,9 +42152,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Group Mention Patterns", - "help": "Regex-like patterns used to detect explicit mentions/trigger phrases in group chats. Use precise patterns to reduce false positives in high-volume channels.", + "help": "Safe case-insensitive regex patterns used to detect explicit mentions/trigger phrases in group chats. Use precise patterns to reduce false positives in high-volume channels; invalid or unsafe nested-repetition patterns are ignored.", "hasChildren": true }, { @@ -37340,7 +42176,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Inbound Debounce", "help": "Direct inbound debounce settings used before queue/turn processing starts. Configure this for provider-specific rapid message bursts from the same sender.", "hasChildren": true @@ -37352,7 +42190,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Inbound Debounce by Channel (ms)", "help": "Per-channel inbound debounce overrides keyed by provider id in milliseconds. Use this where some providers send message fragments more aggressively than others.", "hasChildren": true @@ -37374,7 +42214,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Inbound Message Debounce (ms)", "help": "Debounce window (ms) for batching rapid inbound messages from the same sender (0 to disable).", "hasChildren": false @@ -37386,7 +42228,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Inbound Message Prefix", "help": "Prefix text prepended to inbound user messages before they are handed to the agent runtime. Use this sparingly for channel context markers and keep it stable across sessions.", "hasChildren": false @@ -37398,7 +42242,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Inbound Queue", "help": "Inbound message queue strategy used to buffer bursts before processing turns. Tune this for busy channels where sequential processing or batching behavior matters.", "hasChildren": true @@ -37410,7 +42256,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Queue Mode by Channel", "help": "Per-channel queue mode overrides keyed by provider id (for example telegram, discord, slack). Use this when one channel’s traffic pattern needs different queue behavior than global defaults.", "hasChildren": true @@ -37522,7 +42370,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Queue Capacity", "help": "Maximum number of queued inbound items retained before drop policy applies. Keep caps bounded in noisy channels so memory usage remains predictable.", "hasChildren": false @@ -37534,7 +42384,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Queue Debounce (ms)", "help": "Global queue debounce window in milliseconds before processing buffered inbound messages. Use higher values to coalesce rapid bursts, or lower values for reduced response latency.", "hasChildren": false @@ -37546,7 +42398,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Queue Debounce by Channel (ms)", "help": "Per-channel debounce overrides for queue behavior keyed by provider id. Use this to tune burst handling independently for chat surfaces with different pacing.", "hasChildren": true @@ -37568,7 +42422,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Queue Drop Strategy", "help": "Drop strategy when queue cap is exceeded: \"old\", \"new\", or \"summarize\". Use summarize when preserving intent matters, or old/new when deterministic dropping is preferred.", "hasChildren": false @@ -37580,7 +42436,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Queue Mode", "help": "Queue behavior mode: \"steer\", \"followup\", \"collect\", \"steer-backlog\", \"steer+backlog\", \"queue\", or \"interrupt\". Keep conservative modes unless you intentionally need aggressive interruption/backlog semantics.", "hasChildren": false @@ -37592,7 +42450,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Remove Ack Reaction After Reply", "help": "Removes the acknowledgment reaction after final reply delivery when enabled. Keep enabled for cleaner UX in channels where persistent ack reactions create clutter.", "hasChildren": false @@ -37604,7 +42464,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Outbound Response Prefix", "help": "Prefix text prepended to outbound assistant replies before sending to channels. Use for lightweight branding/context tags and avoid long prefixes that reduce content density.", "hasChildren": false @@ -37616,7 +42478,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Status Reactions", "help": "Lifecycle status reactions that update the emoji on the trigger message as the agent progresses (queued → thinking → tool → done/error).", "hasChildren": true @@ -37628,7 +42492,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Status Reaction Emojis", "help": "Override default status reaction emojis. Keys: thinking, compacting, tool, coding, web, done, error, stallSoft, stallHard. Must be valid Telegram reaction emojis.", "hasChildren": true @@ -37730,7 +42596,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable Status Reactions", "help": "Enable lifecycle status reactions for Telegram. When enabled, the ack reaction becomes the initial 'queued' state and progresses through thinking, tool, done/error automatically. Default: false.", "hasChildren": false @@ -37742,7 +42610,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Status Reaction Timing", "help": "Override default timing. Keys: debounceMs (700), stallSoftMs (25000), stallHardMs (60000), doneHoldMs (1500), errorHoldMs (2500).", "hasChildren": true @@ -37804,7 +42674,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Suppress Tool Error Warnings", "help": "When true, suppress ⚠️ tool-error warnings from being shown to the user. The agent already sees errors in context and can retry. Default: false.", "hasChildren": false @@ -37816,7 +42688,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Message Text-to-Speech", "help": "Text-to-speech policy for reading agent replies aloud on supported voice or audio surfaces. Keep disabled unless voice playback is part of your operator/user workflow.", "hasChildren": true @@ -37826,7 +42700,12 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["off", "always", "inbound", "tagged"], + "enumValues": [ + "off", + "always", + "inbound", + "tagged" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -37955,11 +42834,18 @@ { "path": "messages.tts.elevenlabs.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "media", "security"], + "tags": [ + "auth", + "media", + "security" + ], "hasChildren": true }, { @@ -37997,7 +42883,11 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["auto", "on", "off"], + "enumValues": [ + "auto", + "on", + "off" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -38138,7 +43028,10 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["final", "all"], + "enumValues": [ + "final", + "all" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -38247,11 +43140,18 @@ { "path": "messages.tts.openai.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "media", "security"], + "tags": [ + "auth", + "media", + "security" + ], "hasChildren": true }, { @@ -38349,7 +43249,11 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["elevenlabs", "openai", "edge"], + "enumValues": [ + "elevenlabs", + "openai", + "edge" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -38382,7 +43286,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Metadata", "help": "Metadata fields automatically maintained by OpenClaw to record write/version history for this config file. Keep these values system-managed and avoid manual edits unless debugging migration history.", "hasChildren": true @@ -38394,7 +43300,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Config Last Touched At", "help": "ISO timestamp of the last config write (auto-set).", "hasChildren": false @@ -38406,7 +43314,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Config Last Touched Version", "help": "Auto-set when OpenClaw writes the config.", "hasChildren": false @@ -38418,7 +43328,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Models", "help": "Model catalog root for provider definitions, merge/replace behavior, and optional Bedrock discovery integration. Keep provider definitions explicit and validated before relying on production failover paths.", "hasChildren": true @@ -38430,7 +43342,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Bedrock Model Discovery", "help": "Automatic AWS Bedrock model discovery settings used to synthesize provider model entries from account visibility. Keep discovery scoped and refresh intervals conservative to reduce API churn.", "hasChildren": true @@ -38442,7 +43356,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Bedrock Default Context Window", "help": "Fallback context-window value applied to discovered models when provider metadata lacks explicit limits. Use realistic defaults to avoid oversized prompts that exceed true provider constraints.", "hasChildren": false @@ -38454,7 +43370,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["auth", "models", "performance", "security"], + "tags": [ + "auth", + "models", + "performance", + "security" + ], "label": "Bedrock Default Max Tokens", "help": "Fallback max-token value applied to discovered models without explicit output token limits. Use conservative defaults to reduce truncation surprises and unexpected token spend.", "hasChildren": false @@ -38466,7 +43387,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Bedrock Discovery Enabled", "help": "Enables periodic Bedrock model discovery and catalog refresh for Bedrock-backed providers. Keep disabled unless Bedrock is actively used and IAM permissions are correctly configured.", "hasChildren": false @@ -38478,7 +43401,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Bedrock Discovery Provider Filter", "help": "Optional provider allowlist filter for Bedrock discovery so only selected providers are refreshed. Use this to limit discovery scope in multi-provider environments.", "hasChildren": true @@ -38500,7 +43425,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models", "performance"], + "tags": [ + "models", + "performance" + ], "label": "Bedrock Discovery Refresh Interval (s)", "help": "Refresh cadence for Bedrock discovery polling in seconds to detect newly available models over time. Use longer intervals in production to reduce API cost and control-plane noise.", "hasChildren": false @@ -38512,7 +43440,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Bedrock Discovery Region", "help": "AWS region used for Bedrock discovery calls when discovery is enabled for your deployment. Use the region where your Bedrock models are provisioned to avoid empty discovery results.", "hasChildren": false @@ -38524,7 +43454,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Model Catalog Mode", "help": "Controls provider catalog behavior: \"merge\" keeps built-ins and overlays your custom providers, while \"replace\" uses only your configured providers. In \"merge\", matching provider IDs preserve non-empty agent models.json baseUrl values, while apiKey values are preserved only when the provider is not SecretRef-managed in current config/auth-profile context; SecretRef-managed providers refresh apiKey from current source markers, and matching model contextWindow/maxTokens use the higher value between explicit and implicit entries.", "hasChildren": false @@ -38536,7 +43468,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Model Providers", "help": "Provider map keyed by provider ID containing connection/auth settings and concrete model definitions. Use stable provider keys so references from agents and tooling remain portable across environments.", "hasChildren": true @@ -38568,7 +43502,9 @@ ], "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Model Provider API Adapter", "help": "Provider API adapter selection controlling request/response compatibility handling for model calls. Use the adapter that matches your upstream provider protocol to avoid feature mismatch.", "hasChildren": false @@ -38576,11 +43512,18 @@ { "path": "models.providers.*.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "models", "security"], + "tags": [ + "auth", + "models", + "security" + ], "label": "Model Provider API Key", "help": "Provider credential used for API-key based authentication when the provider requires direct key auth. Use secret/env substitution and avoid storing real keys in committed config files.", "hasChildren": true @@ -38622,7 +43565,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Model Provider Auth Mode", "help": "Selects provider auth style: \"api-key\" for API key auth, \"token\" for bearer token auth, \"oauth\" for OAuth credentials, and \"aws-sdk\" for AWS credential resolution. Match this to your provider requirements.", "hasChildren": false @@ -38634,7 +43579,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Model Provider Authorization Header", "help": "When true, credentials are sent via the HTTP Authorization header even if alternate auth is possible. Use this only when your provider or proxy explicitly requires Authorization forwarding.", "hasChildren": false @@ -38646,7 +43593,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Model Provider Base URL", "help": "Base URL for the provider endpoint used to serve model requests for that provider entry. Use HTTPS endpoints and keep URLs environment-specific through config templating where needed.", "hasChildren": false @@ -38658,7 +43607,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Model Provider Headers", "help": "Static HTTP headers merged into provider requests for tenant routing, proxy auth, or custom gateway requirements. Use this sparingly and keep sensitive header values in secrets.", "hasChildren": true @@ -38666,11 +43617,17 @@ { "path": "models.providers.*.headers.*", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["models", "security"], + "tags": [ + "models", + "security" + ], "hasChildren": true }, { @@ -38710,7 +43667,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Model Provider Inject num_ctx (OpenAI Compat)", "help": "Controls whether OpenClaw injects `options.num_ctx` for Ollama providers configured with the OpenAI-compatible adapter (`openai-completions`). Default is true. Set false only if your proxy/upstream rejects unknown `options` payload fields.", "hasChildren": false @@ -38722,7 +43681,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["models"], + "tags": [ + "models" + ], "label": "Model Provider Model List", "help": "Declared model list for a provider including identifiers, metadata, and optional compatibility/cost hints. Keep IDs exact to provider catalog values so selection and fallback resolve correctly.", "hasChildren": true @@ -39044,7 +44005,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Node Host", "help": "Node host controls for features exposed from this gateway node to other nodes or clients. Keep defaults unless you intentionally proxy local capabilities across your node network.", "hasChildren": true @@ -39056,7 +44019,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Node Browser Proxy", "help": "Groups browser-proxy settings for exposing local browser control through node routing. Enable only when remote node workflows need your local browser profiles.", "hasChildren": true @@ -39068,7 +44033,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "network", "storage"], + "tags": [ + "access", + "network", + "storage" + ], "label": "Node Browser Proxy Allowed Profiles", "help": "Optional allowlist of browser profile names exposed through node proxy routing. Leave empty to expose all configured profiles, or use a tight list to enforce least-privilege profile access.", "hasChildren": true @@ -39090,7 +44059,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["network"], + "tags": [ + "network" + ], "label": "Node Browser Proxy Enabled", "help": "Expose the local browser control server through node proxy routing so remote clients can use this host's browser capabilities. Keep disabled unless remote automation explicitly depends on it.", "hasChildren": false @@ -39102,7 +44073,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugins", "help": "Plugin system controls for enabling extensions, constraining load scope, configuring entries, and tracking installs. Keep plugin policy explicit and least-privilege in production environments.", "hasChildren": true @@ -39114,7 +44087,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Plugin Allowlist", "help": "Optional allowlist of plugin IDs; when set, only listed plugins are eligible to load. Use this to enforce approved extension inventories in controlled environments.", "hasChildren": true @@ -39136,7 +44111,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Plugin Denylist", "help": "Optional denylist of plugin IDs that are blocked even if allowlists or paths include them. Use deny rules for emergency rollback and hard blocks on risky plugins.", "hasChildren": true @@ -39158,7 +44135,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable Plugins", "help": "Enable or disable plugin/extension loading globally during startup and config reload (default: true). Keep enabled only when extension capabilities are required by your deployment.", "hasChildren": false @@ -39170,7 +44149,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Entries", "help": "Per-plugin settings keyed by plugin ID including enablement and plugin-specific runtime configuration payloads. Use this for scoped plugin tuning without changing global loader policy.", "hasChildren": true @@ -39192,7 +44173,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Config", "help": "Plugin-defined configuration payload interpreted by that plugin's own schema and validation rules. Use only documented fields from the plugin to prevent ignored or invalid settings.", "hasChildren": true @@ -39213,7 +44196,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Enabled", "help": "Per-plugin enablement override for a specific entry, applied on top of global plugin policy (restart required). Use this to stage plugin rollout gradually across environments.", "hasChildren": false @@ -39225,7 +44210,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -39237,7 +44224,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -39249,7 +44238,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACPX Runtime", "help": "ACP runtime backend powered by acpx with configurable command path and version policy. (plugin: acpx)", "hasChildren": true @@ -39261,7 +44252,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ACPX Runtime Config", "help": "Plugin-defined config payload for acpx.", "hasChildren": true @@ -39273,7 +44266,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "acpx Command", "help": "Optional path/command override for acpx (for example /home/user/repos/acpx/dist/cli.js). Leave unset to use plugin-local bundled acpx.", "hasChildren": false @@ -39285,7 +44280,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Default Working Directory", "help": "Default cwd for ACP session operations when not set per session.", "hasChildren": false @@ -39297,7 +44294,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Expected acpx Version", "help": "Exact version to enforce (for example 0.1.16) or \"any\" to skip strict version matching.", "hasChildren": false @@ -39309,7 +44308,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "MCP Servers", "help": "Named MCP server definitions to inject into ACPX-backed session bootstrap. Each entry needs a command and can include args and env.", "hasChildren": true @@ -39379,10 +44380,15 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["deny", "fail"], + "enumValues": [ + "deny", + "fail" + ], "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Non-Interactive Permission Policy", "help": "acpx policy when interactive permission prompts are unavailable.", "hasChildren": false @@ -39392,10 +44398,16 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["approve-all", "approve-reads", "deny-all"], + "enumValues": [ + "approve-all", + "approve-reads", + "deny-all" + ], "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Permission Mode", "help": "Default acpx permission policy for runtime prompts.", "hasChildren": false @@ -39407,7 +44419,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "advanced"], + "tags": [ + "access", + "advanced" + ], "label": "Queue Owner TTL Seconds", "help": "Idle queue-owner TTL for acpx prompt turns. Keep this short in OpenClaw to avoid delayed completion after each turn.", "hasChildren": false @@ -39419,7 +44434,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Strict Windows cmd Wrapper", "help": "Enabled by default. On Windows, reject unresolved .cmd/.bat wrappers instead of shell fallback. Disable only for compatibility with non-standard wrappers.", "hasChildren": false @@ -39431,7 +44448,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "performance"], + "tags": [ + "advanced", + "performance" + ], "label": "Prompt Timeout Seconds", "help": "Optional acpx timeout for each runtime turn.", "hasChildren": false @@ -39443,7 +44463,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable ACPX Runtime", "hasChildren": false }, @@ -39454,7 +44476,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -39466,7 +44490,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -39478,7 +44504,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/bluebubbles", "help": "OpenClaw BlueBubbles channel plugin (plugin: bluebubbles)", "hasChildren": true @@ -39490,7 +44518,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/bluebubbles Config", "help": "Plugin-defined config payload for bluebubbles.", "hasChildren": false @@ -39502,7 +44532,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/bluebubbles", "hasChildren": false }, @@ -39513,7 +44545,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -39525,7 +44559,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -39537,7 +44573,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/copilot-proxy", "help": "OpenClaw Copilot Proxy provider plugin (plugin: copilot-proxy)", "hasChildren": true @@ -39549,7 +44587,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/copilot-proxy Config", "help": "Plugin-defined config payload for copilot-proxy.", "hasChildren": false @@ -39561,7 +44601,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/copilot-proxy", "hasChildren": false }, @@ -39572,7 +44614,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -39584,7 +44628,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -39596,7 +44642,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Device Pairing", "help": "Generate setup codes and approve device pairing requests. (plugin: device-pair)", "hasChildren": true @@ -39608,7 +44656,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Device Pairing Config", "help": "Plugin-defined config payload for device-pair.", "hasChildren": true @@ -39620,7 +44670,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Gateway URL", "help": "Public WebSocket URL used for /pair setup codes (ws/wss or http/https).", "hasChildren": false @@ -39632,7 +44684,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable Device Pairing", "hasChildren": false }, @@ -39643,7 +44697,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -39655,7 +44711,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -39667,7 +44725,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "@openclaw/diagnostics-otel", "help": "OpenClaw diagnostics OpenTelemetry exporter (plugin: diagnostics-otel)", "hasChildren": true @@ -39679,7 +44739,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "@openclaw/diagnostics-otel Config", "help": "Plugin-defined config payload for diagnostics-otel.", "hasChildren": false @@ -39691,7 +44753,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["observability"], + "tags": [ + "observability" + ], "label": "Enable @openclaw/diagnostics-otel", "hasChildren": false }, @@ -39702,7 +44766,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -39714,7 +44780,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -39726,7 +44794,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Diffs", "help": "Read-only diff viewer and file renderer for agents. (plugin: diffs)", "hasChildren": true @@ -39738,7 +44808,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Diffs Config", "help": "Plugin-defined config payload for diffs.", "hasChildren": true @@ -39761,7 +44833,9 @@ "defaultValue": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Default Background Highlights", "help": "Show added/removed background highlights by default.", "hasChildren": false @@ -39771,11 +44845,17 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["bars", "classic", "none"], + "enumValues": [ + "bars", + "classic", + "none" + ], "defaultValue": "bars", "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Diff Indicator Style", "help": "Choose added/removed indicators style.", "hasChildren": false @@ -39785,11 +44865,16 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["png", "pdf"], + "enumValues": [ + "png", + "pdf" + ], "defaultValue": "png", "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Default File Format", "help": "Rendered file format for file mode (PNG or PDF).", "hasChildren": false @@ -39802,7 +44887,10 @@ "defaultValue": 960, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "Default File Max Width", "help": "Maximum file render width in CSS pixels.", "hasChildren": false @@ -39812,11 +44900,17 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["standard", "hq", "print"], + "enumValues": [ + "standard", + "hq", + "print" + ], "defaultValue": "standard", "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Default File Quality", "help": "Quality preset for PNG/PDF rendering.", "hasChildren": false @@ -39829,7 +44923,9 @@ "defaultValue": 2, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Default File Scale", "help": "Device scale factor used while rendering file artifacts.", "hasChildren": false @@ -39842,7 +44938,9 @@ "defaultValue": "Fira Code", "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Default Font", "help": "Preferred font family name for diff content and headers.", "hasChildren": false @@ -39855,7 +44953,9 @@ "defaultValue": 15, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Default Font Size", "help": "Base diff font size in pixels.", "hasChildren": false @@ -39865,7 +44965,10 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["png", "pdf"], + "enumValues": [ + "png", + "pdf" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -39876,7 +44979,10 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["png", "pdf"], + "enumValues": [ + "png", + "pdf" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -39897,7 +45003,11 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["standard", "hq", "print"], + "enumValues": [ + "standard", + "hq", + "print" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -39918,11 +45028,16 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["unified", "split"], + "enumValues": [ + "unified", + "split" + ], "defaultValue": "unified", "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Default Layout", "help": "Initial diff layout shown in the viewer.", "hasChildren": false @@ -39935,7 +45050,9 @@ "defaultValue": 1.6, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Default Line Spacing", "help": "Line-height multiplier applied to diff rows.", "hasChildren": false @@ -39945,11 +45062,18 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["view", "image", "file", "both"], + "enumValues": [ + "view", + "image", + "file", + "both" + ], "defaultValue": "both", "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Default Output Mode", "help": "Tool default when mode is omitted. Use view for canvas/gateway viewer, file for PNG/PDF, or both.", "hasChildren": false @@ -39962,7 +45086,9 @@ "defaultValue": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Show Line Numbers", "help": "Show line numbers by default.", "hasChildren": false @@ -39972,11 +45098,16 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["light", "dark"], + "enumValues": [ + "light", + "dark" + ], "defaultValue": "dark", "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Default Theme", "help": "Initial viewer theme.", "hasChildren": false @@ -39989,7 +45120,9 @@ "defaultValue": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Default Word Wrap", "help": "Wrap long lines by default.", "hasChildren": false @@ -40012,7 +45145,9 @@ "defaultValue": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Remote Viewer", "help": "Allow non-loopback access to diff viewer URLs when the token path is known.", "hasChildren": false @@ -40024,7 +45159,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable Diffs", "hasChildren": false }, @@ -40035,7 +45172,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40047,7 +45186,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40059,7 +45200,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/discord", "help": "OpenClaw Discord channel plugin (plugin: discord)", "hasChildren": true @@ -40071,7 +45214,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/discord Config", "help": "Plugin-defined config payload for discord.", "hasChildren": false @@ -40083,7 +45228,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/discord", "hasChildren": false }, @@ -40094,7 +45241,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40106,7 +45255,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40118,7 +45269,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/feishu", "help": "OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng) (plugin: feishu)", "hasChildren": true @@ -40130,7 +45283,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/feishu Config", "help": "Plugin-defined config payload for feishu.", "hasChildren": false @@ -40142,7 +45297,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/feishu", "hasChildren": false }, @@ -40153,7 +45310,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40165,7 +45324,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40177,7 +45338,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/google-gemini-cli-auth", "help": "OpenClaw Gemini CLI OAuth provider plugin (plugin: google-gemini-cli-auth)", "hasChildren": true @@ -40189,7 +45352,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/google-gemini-cli-auth Config", "help": "Plugin-defined config payload for google-gemini-cli-auth.", "hasChildren": false @@ -40201,7 +45366,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/google-gemini-cli-auth", "hasChildren": false }, @@ -40212,7 +45379,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40224,7 +45393,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40236,7 +45407,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/googlechat", "help": "OpenClaw Google Chat channel plugin (plugin: googlechat)", "hasChildren": true @@ -40248,7 +45421,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/googlechat Config", "help": "Plugin-defined config payload for googlechat.", "hasChildren": false @@ -40260,7 +45435,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/googlechat", "hasChildren": false }, @@ -40271,7 +45448,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40283,7 +45462,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40295,7 +45476,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/imessage", "help": "OpenClaw iMessage channel plugin (plugin: imessage)", "hasChildren": true @@ -40307,7 +45490,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/imessage Config", "help": "Plugin-defined config payload for imessage.", "hasChildren": false @@ -40319,7 +45504,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/imessage", "hasChildren": false }, @@ -40330,7 +45517,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40342,7 +45531,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40354,7 +45545,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/irc", "help": "OpenClaw IRC channel plugin (plugin: irc)", "hasChildren": true @@ -40366,7 +45559,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/irc Config", "help": "Plugin-defined config payload for irc.", "hasChildren": false @@ -40378,7 +45573,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/irc", "hasChildren": false }, @@ -40389,7 +45586,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40401,7 +45600,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40413,7 +45614,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/line", "help": "OpenClaw LINE channel plugin (plugin: line)", "hasChildren": true @@ -40425,7 +45628,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/line Config", "help": "Plugin-defined config payload for line.", "hasChildren": false @@ -40437,7 +45642,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/line", "hasChildren": false }, @@ -40448,7 +45655,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40460,7 +45669,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40472,7 +45683,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "LLM Task", "help": "Generic JSON-only LLM tool for structured tasks callable from workflows. (plugin: llm-task)", "hasChildren": true @@ -40484,7 +45697,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "LLM Task Config", "help": "Plugin-defined config payload for llm-task.", "hasChildren": true @@ -40566,7 +45781,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable LLM Task", "hasChildren": false }, @@ -40577,7 +45794,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40589,7 +45808,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40601,7 +45822,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Lobster", "help": "Typed workflow tool with resumable approvals. (plugin: lobster)", "hasChildren": true @@ -40613,7 +45836,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Lobster Config", "help": "Plugin-defined config payload for lobster.", "hasChildren": false @@ -40625,7 +45850,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable Lobster", "hasChildren": false }, @@ -40636,7 +45863,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40648,7 +45877,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40660,7 +45891,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/matrix", "help": "OpenClaw Matrix channel plugin (plugin: matrix)", "hasChildren": true @@ -40672,7 +45905,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/matrix Config", "help": "Plugin-defined config payload for matrix.", "hasChildren": false @@ -40684,7 +45919,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/matrix", "hasChildren": false }, @@ -40695,7 +45932,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40707,7 +45946,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40719,7 +45960,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/mattermost", "help": "OpenClaw Mattermost channel plugin (plugin: mattermost)", "hasChildren": true @@ -40731,7 +45974,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/mattermost Config", "help": "Plugin-defined config payload for mattermost.", "hasChildren": false @@ -40743,7 +45988,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/mattermost", "hasChildren": false }, @@ -40754,7 +46001,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40766,7 +46015,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40778,7 +46029,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/memory-core", "help": "OpenClaw core memory search plugin (plugin: memory-core)", "hasChildren": true @@ -40790,7 +46043,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/memory-core Config", "help": "Plugin-defined config payload for memory-core.", "hasChildren": false @@ -40802,7 +46057,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/memory-core", "hasChildren": false }, @@ -40813,7 +46070,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40825,7 +46084,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -40837,7 +46098,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "@openclaw/memory-lancedb", "help": "OpenClaw LanceDB-backed long-term memory plugin with auto-recall/capture (plugin: memory-lancedb)", "hasChildren": true @@ -40849,7 +46112,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "@openclaw/memory-lancedb Config", "help": "Plugin-defined config payload for memory-lancedb.", "hasChildren": true @@ -40861,7 +46126,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Auto-Capture", "help": "Automatically capture important information from conversations", "hasChildren": false @@ -40873,7 +46140,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Auto-Recall", "help": "Automatically inject relevant memories into context", "hasChildren": false @@ -40885,7 +46154,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "performance", "storage"], + "tags": [ + "advanced", + "performance", + "storage" + ], "label": "Capture Max Chars", "help": "Maximum message length eligible for auto-capture", "hasChildren": false @@ -40897,7 +46170,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "storage"], + "tags": [ + "advanced", + "storage" + ], "label": "Database Path", "hasChildren": false }, @@ -40918,7 +46194,11 @@ "required": true, "deprecated": false, "sensitive": true, - "tags": ["auth", "security", "storage"], + "tags": [ + "auth", + "security", + "storage" + ], "label": "OpenAI API Key", "help": "API key for OpenAI embeddings (or use ${OPENAI_API_KEY})", "hasChildren": false @@ -40930,7 +46210,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "storage"], + "tags": [ + "advanced", + "storage" + ], "label": "Base URL", "help": "Base URL for compatible providers (e.g. http://localhost:11434/v1)", "hasChildren": false @@ -40942,7 +46225,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "storage"], + "tags": [ + "advanced", + "storage" + ], "label": "Dimensions", "help": "Vector dimensions for custom models (required for non-standard models)", "hasChildren": false @@ -40954,7 +46240,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models", "storage"], + "tags": [ + "models", + "storage" + ], "label": "Embedding Model", "help": "OpenAI embedding model to use", "hasChildren": false @@ -40966,7 +46255,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Enable @openclaw/memory-lancedb", "hasChildren": false }, @@ -40977,7 +46268,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -40989,7 +46282,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41001,7 +46296,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "@openclaw/minimax-portal-auth", "help": "OpenClaw MiniMax Portal OAuth provider plugin (plugin: minimax-portal-auth)", "hasChildren": true @@ -41013,7 +46310,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "@openclaw/minimax-portal-auth Config", "help": "Plugin-defined config payload for minimax-portal-auth.", "hasChildren": false @@ -41025,7 +46324,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Enable @openclaw/minimax-portal-auth", "hasChildren": false }, @@ -41036,7 +46337,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41048,7 +46351,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41060,7 +46365,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/msteams", "help": "OpenClaw Microsoft Teams channel plugin (plugin: msteams)", "hasChildren": true @@ -41072,7 +46379,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/msteams Config", "help": "Plugin-defined config payload for msteams.", "hasChildren": false @@ -41084,7 +46393,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/msteams", "hasChildren": false }, @@ -41095,7 +46406,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41107,7 +46420,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41119,7 +46434,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/nextcloud-talk", "help": "OpenClaw Nextcloud Talk channel plugin (plugin: nextcloud-talk)", "hasChildren": true @@ -41131,7 +46448,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/nextcloud-talk Config", "help": "Plugin-defined config payload for nextcloud-talk.", "hasChildren": false @@ -41143,7 +46462,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/nextcloud-talk", "hasChildren": false }, @@ -41154,7 +46475,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41166,7 +46489,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41178,7 +46503,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/nostr", "help": "OpenClaw Nostr channel plugin for NIP-04 encrypted DMs (plugin: nostr)", "hasChildren": true @@ -41190,7 +46517,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/nostr Config", "help": "Plugin-defined config payload for nostr.", "hasChildren": false @@ -41202,7 +46531,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/nostr", "hasChildren": false }, @@ -41213,7 +46544,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41225,7 +46558,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41237,7 +46572,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/ollama-provider", "help": "OpenClaw Ollama provider plugin (plugin: ollama)", "hasChildren": true @@ -41249,7 +46586,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/ollama-provider Config", "help": "Plugin-defined config payload for ollama.", "hasChildren": false @@ -41261,7 +46600,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/ollama-provider", "hasChildren": false }, @@ -41272,7 +46613,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41284,7 +46627,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41296,7 +46641,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "OpenProse", "help": "OpenProse VM skill pack with a /prose slash command. (plugin: open-prose)", "hasChildren": true @@ -41308,7 +46655,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "OpenProse Config", "help": "Plugin-defined config payload for open-prose.", "hasChildren": false @@ -41320,7 +46669,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable OpenProse", "hasChildren": false }, @@ -41331,7 +46682,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41343,7 +46696,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41355,7 +46710,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Phone Control", "help": "Arm/disarm high-risk phone node commands (camera/screen/writes) with an optional auto-expiry. (plugin: phone-control)", "hasChildren": true @@ -41367,7 +46724,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Phone Control Config", "help": "Plugin-defined config payload for phone-control.", "hasChildren": false @@ -41379,7 +46738,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable Phone Control", "hasChildren": false }, @@ -41390,7 +46751,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41402,7 +46765,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41414,7 +46779,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "qwen-portal-auth", "help": "Plugin entry for qwen-portal-auth.", "hasChildren": true @@ -41426,7 +46793,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "qwen-portal-auth Config", "help": "Plugin-defined config payload for qwen-portal-auth.", "hasChildren": false @@ -41438,7 +46807,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable qwen-portal-auth", "hasChildren": false }, @@ -41449,7 +46820,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41461,7 +46834,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41473,7 +46848,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/sglang-provider", "help": "OpenClaw SGLang provider plugin (plugin: sglang)", "hasChildren": true @@ -41485,7 +46862,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/sglang-provider Config", "help": "Plugin-defined config payload for sglang.", "hasChildren": false @@ -41497,7 +46876,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/sglang-provider", "hasChildren": false }, @@ -41508,7 +46889,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41520,7 +46903,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41532,7 +46917,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/signal", "help": "OpenClaw Signal channel plugin (plugin: signal)", "hasChildren": true @@ -41544,7 +46931,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/signal Config", "help": "Plugin-defined config payload for signal.", "hasChildren": false @@ -41556,7 +46945,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/signal", "hasChildren": false }, @@ -41567,7 +46958,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41579,7 +46972,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41591,7 +46986,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/slack", "help": "OpenClaw Slack channel plugin (plugin: slack)", "hasChildren": true @@ -41603,7 +47000,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/slack Config", "help": "Plugin-defined config payload for slack.", "hasChildren": false @@ -41615,7 +47014,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/slack", "hasChildren": false }, @@ -41626,7 +47027,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41638,7 +47041,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41650,7 +47055,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/synology-chat", "help": "Synology Chat channel plugin for OpenClaw (plugin: synology-chat)", "hasChildren": true @@ -41662,7 +47069,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/synology-chat Config", "help": "Plugin-defined config payload for synology-chat.", "hasChildren": false @@ -41674,7 +47083,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/synology-chat", "hasChildren": false }, @@ -41685,7 +47096,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41697,7 +47110,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41709,7 +47124,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Talk Voice", "help": "Manage Talk voice selection (list/set). (plugin: talk-voice)", "hasChildren": true @@ -41721,7 +47138,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Talk Voice Config", "help": "Plugin-defined config payload for talk-voice.", "hasChildren": false @@ -41733,7 +47152,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable Talk Voice", "hasChildren": false }, @@ -41744,7 +47165,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41756,7 +47179,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41768,7 +47193,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/telegram", "help": "OpenClaw Telegram channel plugin (plugin: telegram)", "hasChildren": true @@ -41780,7 +47207,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/telegram Config", "help": "Plugin-defined config payload for telegram.", "hasChildren": false @@ -41792,7 +47221,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/telegram", "hasChildren": false }, @@ -41803,7 +47234,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41815,7 +47248,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41827,7 +47262,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Thread Ownership", "help": "Prevents multiple agents from responding in the same Slack thread. Uses HTTP calls to the slack-forwarder ownership API. (plugin: thread-ownership)", "hasChildren": true @@ -41839,7 +47276,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Thread Ownership Config", "help": "Plugin-defined config payload for thread-ownership.", "hasChildren": true @@ -41851,7 +47290,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "A/B Test Channels", "help": "Slack channel IDs where thread ownership is enforced", "hasChildren": true @@ -41873,7 +47314,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Forwarder URL", "help": "Base URL of the slack-forwarder ownership API (default: http://slack-forwarder:8750)", "hasChildren": false @@ -41885,7 +47328,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Enable Thread Ownership", "hasChildren": false }, @@ -41896,7 +47341,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41908,7 +47355,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41920,7 +47369,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/tlon", "help": "OpenClaw Tlon/Urbit channel plugin (plugin: tlon)", "hasChildren": true @@ -41932,7 +47383,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/tlon Config", "help": "Plugin-defined config payload for tlon.", "hasChildren": false @@ -41944,7 +47397,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/tlon", "hasChildren": false }, @@ -41955,7 +47410,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -41967,7 +47424,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -41979,7 +47438,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/twitch", "help": "OpenClaw Twitch channel plugin (plugin: twitch)", "hasChildren": true @@ -41991,7 +47452,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/twitch Config", "help": "Plugin-defined config payload for twitch.", "hasChildren": false @@ -42003,7 +47466,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/twitch", "hasChildren": false }, @@ -42014,7 +47479,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -42026,7 +47493,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -42038,7 +47507,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/vllm-provider", "help": "OpenClaw vLLM provider plugin (plugin: vllm)", "hasChildren": true @@ -42050,7 +47521,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/vllm-provider Config", "help": "Plugin-defined config payload for vllm.", "hasChildren": false @@ -42062,7 +47535,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/vllm-provider", "hasChildren": false }, @@ -42073,7 +47548,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -42085,7 +47562,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -42097,7 +47576,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/voice-call", "help": "OpenClaw voice-call plugin (plugin: voice-call)", "hasChildren": true @@ -42109,7 +47590,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/voice-call Config", "help": "Plugin-defined config payload for voice-call.", "hasChildren": true @@ -42121,7 +47604,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Inbound Allowlist", "hasChildren": true }, @@ -42152,7 +47637,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "From Number", "hasChildren": false }, @@ -42163,7 +47650,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Inbound Greeting", "hasChildren": false }, @@ -42172,10 +47661,17 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["disabled", "allowlist", "pairing", "open"], + "enumValues": [ + "disabled", + "allowlist", + "pairing", + "open" + ], "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Inbound Policy", "hasChildren": false }, @@ -42214,10 +47710,15 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["notify", "conversation"], + "enumValues": [ + "notify", + "conversation" + ], "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Default Call Mode", "hasChildren": false }, @@ -42228,7 +47729,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Notify Hangup Delay (sec)", "hasChildren": false }, @@ -42267,10 +47770,17 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["telnyx", "twilio", "plivo", "mock"], + "enumValues": [ + "telnyx", + "twilio", + "plivo", + "mock" + ], "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Provider", "help": "Use twilio, telnyx, or mock for dev/no-network.", "hasChildren": false @@ -42282,7 +47792,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Public Webhook URL", "hasChildren": false }, @@ -42293,7 +47805,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Response Model", "hasChildren": false }, @@ -42304,7 +47818,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Response System Prompt", "hasChildren": false }, @@ -42315,7 +47831,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "performance"], + "tags": [ + "advanced", + "performance" + ], "label": "Response Timeout (ms)", "hasChildren": false }, @@ -42346,7 +47865,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Webhook Bind", "hasChildren": false }, @@ -42357,7 +47878,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Webhook Path", "hasChildren": false }, @@ -42368,7 +47891,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Webhook Port", "hasChildren": false }, @@ -42389,7 +47914,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Skip Signature Verification", "hasChildren": false }, @@ -42410,7 +47937,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "storage"], + "tags": [ + "advanced", + "storage" + ], "label": "Call Log Store Path", "hasChildren": false }, @@ -42431,7 +47961,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable Streaming", "hasChildren": false }, @@ -42472,7 +48004,11 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["advanced", "auth", "security"], + "tags": [ + "advanced", + "auth", + "security" + ], "label": "OpenAI Realtime API Key", "hasChildren": false }, @@ -42503,7 +48039,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "storage"], + "tags": [ + "advanced", + "storage" + ], "label": "Media Stream Path", "hasChildren": false }, @@ -42514,7 +48053,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "media"], + "tags": [ + "advanced", + "media" + ], "label": "Realtime STT Model", "hasChildren": false }, @@ -42523,7 +48065,9 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["openai-realtime"], + "enumValues": [ + "openai-realtime" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -42564,7 +48108,9 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["openai"], + "enumValues": [ + "openai" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -42585,10 +48131,16 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["off", "serve", "funnel"], + "enumValues": [ + "off", + "serve", + "funnel" + ], "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Tailscale Mode", "hasChildren": false }, @@ -42599,7 +48151,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "storage"], + "tags": [ + "advanced", + "storage" + ], "label": "Tailscale Path", "hasChildren": false }, @@ -42620,7 +48175,10 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "label": "Telnyx API Key", "hasChildren": false }, @@ -42631,7 +48189,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Telnyx Connection ID", "hasChildren": false }, @@ -42642,7 +48202,9 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["security"], + "tags": [ + "security" + ], "label": "Telnyx Public Key", "hasChildren": false }, @@ -42653,7 +48215,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Default To Number", "hasChildren": false }, @@ -42682,7 +48246,12 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["off", "always", "inbound", "tagged"], + "enumValues": [ + "off", + "always", + "inbound", + "tagged" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -42815,7 +48384,12 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["advanced", "auth", "media", "security"], + "tags": [ + "advanced", + "auth", + "media", + "security" + ], "label": "ElevenLabs API Key", "hasChildren": false }, @@ -42824,7 +48398,11 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["auto", "on", "off"], + "enumValues": [ + "auto", + "on", + "off" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -42837,7 +48415,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "media"], + "tags": [ + "advanced", + "media" + ], "label": "ElevenLabs Base URL", "hasChildren": false }, @@ -42858,7 +48439,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "media", "models"], + "tags": [ + "advanced", + "media", + "models" + ], "label": "ElevenLabs Model ID", "hasChildren": false }, @@ -42879,7 +48464,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "media"], + "tags": [ + "advanced", + "media" + ], "label": "ElevenLabs Voice ID", "hasChildren": false }, @@ -42968,7 +48556,10 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["final", "all"], + "enumValues": [ + "final", + "all" + ], "deprecated": false, "sensitive": false, "tags": [], @@ -43081,7 +48672,12 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["advanced", "auth", "media", "security"], + "tags": [ + "advanced", + "auth", + "media", + "security" + ], "label": "OpenAI API Key", "hasChildren": false }, @@ -43112,7 +48708,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "media", "models"], + "tags": [ + "advanced", + "media", + "models" + ], "label": "OpenAI TTS Model", "hasChildren": false }, @@ -43133,7 +48733,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced", "media"], + "tags": [ + "advanced", + "media" + ], "label": "OpenAI TTS Voice", "hasChildren": false }, @@ -43152,10 +48755,17 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["openai", "elevenlabs", "edge"], + "enumValues": [ + "openai", + "elevenlabs", + "edge" + ], "deprecated": false, "sensitive": false, - "tags": ["advanced", "media"], + "tags": [ + "advanced", + "media" + ], "label": "TTS Provider Override", "help": "Deep-merges with messages.tts (Edge is ignored for calls).", "hasChildren": false @@ -43197,7 +48807,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "advanced"], + "tags": [ + "access", + "advanced" + ], "label": "Allow ngrok Free Tier (Loopback Bypass)", "hasChildren": false }, @@ -43208,7 +48821,11 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["advanced", "auth", "security"], + "tags": [ + "advanced", + "auth", + "security" + ], "label": "ngrok Auth Token", "hasChildren": false }, @@ -43219,7 +48836,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "ngrok Domain", "hasChildren": false }, @@ -43228,10 +48847,17 @@ "kind": "plugin", "type": "string", "required": false, - "enumValues": ["none", "ngrok", "tailscale-serve", "tailscale-funnel"], + "enumValues": [ + "none", + "ngrok", + "tailscale-serve", + "tailscale-funnel" + ], "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Tunnel Provider", "hasChildren": false }, @@ -43252,7 +48878,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Twilio Account SID", "hasChildren": false }, @@ -43263,7 +48891,10 @@ "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "label": "Twilio Auth Token", "hasChildren": false }, @@ -43334,7 +48965,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/voice-call", "hasChildren": false }, @@ -43345,7 +48978,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -43357,7 +48992,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -43369,7 +49006,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/whatsapp", "help": "OpenClaw WhatsApp channel plugin (plugin: whatsapp)", "hasChildren": true @@ -43381,7 +49020,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/whatsapp Config", "help": "Plugin-defined config payload for whatsapp.", "hasChildren": false @@ -43393,7 +49034,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/whatsapp", "hasChildren": false }, @@ -43404,7 +49047,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -43416,7 +49061,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -43428,7 +49075,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/zalo", "help": "OpenClaw Zalo channel plugin (plugin: zalo)", "hasChildren": true @@ -43440,7 +49089,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/zalo Config", "help": "Plugin-defined config payload for zalo.", "hasChildren": false @@ -43452,7 +49103,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/zalo", "hasChildren": false }, @@ -43463,7 +49116,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -43475,7 +49130,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -43487,7 +49144,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/zalouser", "help": "OpenClaw Zalo Personal Account plugin via native zca-js integration (plugin: zalouser)", "hasChildren": true @@ -43499,7 +49158,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "@openclaw/zalouser Config", "help": "Plugin-defined config payload for zalouser.", "hasChildren": false @@ -43511,7 +49172,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Enable @openclaw/zalouser", "hasChildren": false }, @@ -43522,7 +49185,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Hook Policy", "help": "Per-plugin typed hook policy controls for core-enforced safety gates. Use this to constrain high-impact hook categories without disabling the entire plugin.", "hasChildren": true @@ -43534,7 +49199,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access"], + "tags": [ + "access" + ], "label": "Allow Prompt Injection Hooks", "help": "Controls whether this plugin may mutate prompts through typed hooks. Set false to block `before_prompt_build` and ignore prompt-mutating fields from legacy `before_agent_start`, while preserving legacy `modelOverride` and `providerOverride` behavior.", "hasChildren": false @@ -43546,7 +49213,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Install Records", "help": "CLI-managed install metadata (used by `openclaw plugins update` to locate install sources).", "hasChildren": true @@ -43568,7 +49237,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Install Time", "help": "ISO timestamp of last install/update.", "hasChildren": false @@ -43580,7 +49251,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Plugin Install Path", "help": "Resolved install directory (usually ~/.openclaw/extensions/).", "hasChildren": false @@ -43592,7 +49265,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Resolved Integrity", "help": "Resolved npm dist integrity hash for the fetched artifact (if reported by npm).", "hasChildren": false @@ -43604,7 +49279,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Resolution Time", "help": "ISO timestamp when npm package metadata was last resolved for this install record.", "hasChildren": false @@ -43616,7 +49293,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Resolved Package Name", "help": "Resolved npm package name from the fetched artifact.", "hasChildren": false @@ -43628,7 +49307,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Resolved Package Spec", "help": "Resolved exact npm spec (@) from the fetched artifact.", "hasChildren": false @@ -43640,7 +49321,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Resolved Package Version", "help": "Resolved npm package version from the fetched artifact (useful for non-pinned specs).", "hasChildren": false @@ -43652,7 +49335,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Resolved Shasum", "help": "Resolved npm dist shasum for the fetched artifact (if reported by npm).", "hasChildren": false @@ -43664,7 +49349,9 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Install Source", "help": "Install source (\"npm\", \"archive\", or \"path\").", "hasChildren": false @@ -43676,7 +49363,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Plugin Install Source Path", "help": "Original archive/path used for install (if any).", "hasChildren": false @@ -43688,7 +49377,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Install Spec", "help": "Original npm spec used for install (if source is npm).", "hasChildren": false @@ -43700,7 +49391,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Install Version", "help": "Version recorded at install time (if available).", "hasChildren": false @@ -43712,7 +49405,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Loader", "help": "Plugin loader configuration group for specifying filesystem paths where plugins are discovered. Keep load paths explicit and reviewed to avoid accidental untrusted extension loading.", "hasChildren": true @@ -43724,7 +49419,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Plugin Load Paths", "help": "Additional plugin files or directories scanned by the loader beyond built-in defaults. Use dedicated extension directories and avoid broad paths with unrelated executable content.", "hasChildren": true @@ -43746,7 +49443,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Plugin Slots", "help": "Selects which plugins own exclusive runtime slots such as memory so only one plugin provides that capability. Use explicit slot ownership to avoid overlapping providers with conflicting behavior.", "hasChildren": true @@ -43758,7 +49457,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Context Engine Plugin", "help": "Selects the active context engine plugin by id so one plugin provides context orchestration behavior.", "hasChildren": false @@ -43770,7 +49471,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Memory Plugin", "help": "Select the active memory plugin by id, or \"none\" to disable memory plugins.", "hasChildren": false @@ -44102,7 +49805,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session", "help": "Global session routing, reset, delivery policy, and maintenance controls for conversation history behavior. Keep defaults unless you need stricter isolation, retention, or delivery constraints.", "hasChildren": true @@ -44114,7 +49819,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Agent-to-Agent", "help": "Groups controls for inter-agent session exchanges, including loop prevention limits on reply chaining. Keep defaults unless you run advanced agent-to-agent automation with strict turn caps.", "hasChildren": true @@ -44126,7 +49833,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "Agent-to-Agent Ping-Pong Turns", "help": "Max reply-back turns between requester and target agents during agent-to-agent exchanges (0-5). Use lower values to hard-limit chatter loops and preserve predictable run completion.", "hasChildren": false @@ -44138,7 +49848,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "DM Session Scope", "help": "DM session scoping: \"main\" keeps continuity, while \"per-peer\", \"per-channel-peer\", and \"per-account-channel-peer\" increase isolation. Use isolated modes for shared inboxes or multi-account deployments.", "hasChildren": false @@ -44150,7 +49862,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Identity Links", "help": "Maps canonical identities to provider-prefixed peer IDs so equivalent users resolve to one DM thread (example: telegram:123456). Use this when the same human appears across multiple channels or accounts.", "hasChildren": true @@ -44182,7 +49896,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Idle Minutes", "help": "Applies a legacy idle reset window in minutes for session reuse behavior across inactivity gaps. Use this only for compatibility and prefer structured reset policies under session.reset/session.resetByType.", "hasChildren": false @@ -44194,7 +49910,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Main Key", "help": "Overrides the canonical main session key used for continuity when dmScope or routing logic points to \"main\". Use a stable value only if you intentionally need custom session anchoring.", "hasChildren": false @@ -44206,7 +49924,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Maintenance", "help": "Automatic session-store maintenance controls for pruning age, entry caps, and file rotation behavior. Start in warn mode to observe impact, then enforce once thresholds are tuned.", "hasChildren": true @@ -44214,11 +49934,16 @@ { "path": "session.maintenance.highWaterBytes", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Disk High-water Target", "help": "Target size after disk-budget cleanup (high-water mark). Defaults to 80% of maxDiskBytes; set explicitly for tighter reclaim behavior on constrained disks.", "hasChildren": false @@ -44226,11 +49951,17 @@ { "path": "session.maintenance.maxDiskBytes", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "Session Max Disk Budget", "help": "Optional per-agent sessions-directory disk budget (for example `500mb`). Use this to cap session storage per agent; when exceeded, warn mode reports pressure and enforce mode performs oldest-first cleanup.", "hasChildren": false @@ -44242,7 +49973,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "Session Max Entries", "help": "Caps total session entry count retained in the store to prevent unbounded growth over time. Use lower limits for constrained environments, or higher limits when longer history is required.", "hasChildren": false @@ -44252,10 +49986,15 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["enforce", "warn"], + "enumValues": [ + "enforce", + "warn" + ], "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Maintenance Mode", "help": "Determines whether maintenance policies are only reported (\"warn\") or actively applied (\"enforce\"). Keep \"warn\" during rollout and switch to \"enforce\" after validating safe thresholds.", "hasChildren": false @@ -44263,11 +50002,16 @@ { "path": "session.maintenance.pruneAfter", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Prune After", "help": "Removes entries older than this duration (for example `30d` or `12h`) during maintenance passes. Use this as the primary age-retention control and align it with data retention policy.", "hasChildren": false @@ -44279,7 +50023,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Prune Days (Deprecated)", "help": "Deprecated age-retention field kept for compatibility with legacy configs using day counts. Use session.maintenance.pruneAfter instead so duration syntax and behavior are consistent.", "hasChildren": false @@ -44287,11 +50033,17 @@ { "path": "session.maintenance.resetArchiveRetention", "kind": "core", - "type": ["boolean", "number", "string"], + "type": [ + "boolean", + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Reset Archive Retention", "help": "Retention for reset transcript archives (`*.reset.`). Accepts a duration (for example `30d`), or `false` to disable cleanup. Defaults to pruneAfter so reset artifacts do not grow forever.", "hasChildren": false @@ -44299,11 +50051,16 @@ { "path": "session.maintenance.rotateBytes", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Rotate Size", "help": "Rotates the session store when file size exceeds a threshold such as `10mb` or `1gb`. Use this to bound single-file growth and keep backup/restore operations manageable.", "hasChildren": false @@ -44315,7 +50072,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["auth", "performance", "security", "storage"], + "tags": [ + "auth", + "performance", + "security", + "storage" + ], "label": "Session Parent Fork Max Tokens", "help": "Maximum parent-session token count allowed for thread/session inheritance forking. If the parent exceeds this, OpenClaw starts a fresh thread session instead of forking; set 0 to disable this protection.", "hasChildren": false @@ -44327,7 +50089,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Reset Policy", "help": "Defines the default reset policy object used when no type-specific or channel-specific override applies. Set this first, then layer resetByType or resetByChannel only where behavior must differ.", "hasChildren": true @@ -44339,7 +50103,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Daily Reset Hour", "help": "Sets local-hour boundary (0-23) for daily reset mode so sessions roll over at predictable times. Use with mode=daily and align to operator timezone expectations for human-readable behavior.", "hasChildren": false @@ -44351,7 +50117,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Reset Idle Minutes", "help": "Sets inactivity window before reset for idle mode and can also act as secondary guard with daily mode. Use larger values to preserve continuity or smaller values for fresher short-lived threads.", "hasChildren": false @@ -44363,7 +50131,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Reset Mode", "help": "Selects reset strategy: \"daily\" resets at a configured hour and \"idle\" resets after inactivity windows. Keep one clear mode per policy to avoid surprising context turnover patterns.", "hasChildren": false @@ -44375,7 +50145,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Reset by Channel", "help": "Provides channel-specific reset overrides keyed by provider/channel id for fine-grained behavior control. Use this only when one channel needs exceptional reset behavior beyond type-level policies.", "hasChildren": true @@ -44427,7 +50199,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Reset by Chat Type", "help": "Overrides reset behavior by chat type (direct, group, thread) when defaults are not sufficient. Use this when group/thread traffic needs different reset cadence than direct messages.", "hasChildren": true @@ -44439,7 +50213,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Reset (Direct)", "help": "Defines reset policy for direct chats and supersedes the base session.reset configuration for that type. Use this as the canonical direct-message override instead of the legacy dm alias.", "hasChildren": true @@ -44481,7 +50257,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Reset (DM Deprecated Alias)", "help": "Deprecated alias for direct reset behavior kept for backward compatibility with older configs. Use session.resetByType.direct instead so future tooling and validation remain consistent.", "hasChildren": true @@ -44523,7 +50301,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Reset (Group)", "help": "Defines reset policy for group chat sessions where continuity and noise patterns differ from DMs. Use shorter idle windows for busy groups if context drift becomes a problem.", "hasChildren": true @@ -44565,7 +50345,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Reset (Thread)", "help": "Defines reset policy for thread-scoped sessions, including focused channel thread workflows. Use this when thread sessions should expire faster or slower than other chat types.", "hasChildren": true @@ -44607,7 +50389,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Reset Triggers", "help": "Lists message triggers that force a session reset when matched in inbound content. Use sparingly for explicit reset phrases so context is not dropped unexpectedly during normal conversation.", "hasChildren": true @@ -44629,7 +50413,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Scope", "help": "Sets base session grouping strategy: \"per-sender\" isolates by sender and \"global\" shares one session per channel context. Keep \"per-sender\" for safer multi-user behavior unless deliberate shared context is required.", "hasChildren": false @@ -44641,7 +50427,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "storage"], + "tags": [ + "access", + "storage" + ], "label": "Session Send Policy", "help": "Controls cross-session send permissions using allow/deny rules evaluated against channel, chatType, and key prefixes. Use this to fence where session tools can deliver messages in complex environments.", "hasChildren": true @@ -44653,7 +50442,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "storage"], + "tags": [ + "access", + "storage" + ], "label": "Session Send Policy Default Action", "help": "Sets fallback action when no sendPolicy rule matches: \"allow\" or \"deny\". Keep \"allow\" for simpler setups, or choose \"deny\" when you require explicit allow rules for every destination.", "hasChildren": false @@ -44665,7 +50457,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "storage"], + "tags": [ + "access", + "storage" + ], "label": "Session Send Policy Rules", "help": "Ordered allow/deny rules evaluated before the default action, for example `{ action: \"deny\", match: { channel: \"discord\" } }`. Put most specific rules first so broad rules do not shadow exceptions.", "hasChildren": true @@ -44687,7 +50482,10 @@ "required": true, "deprecated": false, "sensitive": false, - "tags": ["access", "storage"], + "tags": [ + "access", + "storage" + ], "label": "Session Send Rule Action", "help": "Defines rule decision as \"allow\" or \"deny\" when the corresponding match criteria are satisfied. Use deny-first ordering when enforcing strict boundaries with explicit allow exceptions.", "hasChildren": false @@ -44699,7 +50497,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "storage"], + "tags": [ + "access", + "storage" + ], "label": "Session Send Rule Match", "help": "Defines optional rule match conditions that can combine channel, chatType, and key-prefix constraints. Keep matches narrow so policy intent stays readable and debugging remains straightforward.", "hasChildren": true @@ -44711,7 +50512,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "storage"], + "tags": [ + "access", + "storage" + ], "label": "Session Send Rule Channel", "help": "Matches rule application to a specific channel/provider id (for example discord, telegram, slack). Use this when one channel should permit or deny delivery independently of others.", "hasChildren": false @@ -44723,7 +50527,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "storage"], + "tags": [ + "access", + "storage" + ], "label": "Session Send Rule Chat Type", "help": "Matches rule application to chat type (direct, group, thread) so behavior varies by conversation form. Use this when DM and group destinations require different safety boundaries.", "hasChildren": false @@ -44735,7 +50542,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "storage"], + "tags": [ + "access", + "storage" + ], "label": "Session Send Rule Key Prefix", "help": "Matches a normalized session-key prefix after internal key normalization steps in policy consumers. Use this for general prefix controls, and prefer rawKeyPrefix when exact full-key matching is required.", "hasChildren": false @@ -44747,7 +50557,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "storage"], + "tags": [ + "access", + "storage" + ], "label": "Session Send Rule Raw Key Prefix", "help": "Matches the raw, unnormalized session-key prefix for exact full-key policy targeting. Use this when normalized keyPrefix is too broad and you need agent-prefixed or transport-specific precision.", "hasChildren": false @@ -44759,7 +50572,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Store Path", "help": "Sets the session storage file path used to persist session records across restarts. Use an explicit path only when you need custom disk layout, backup routing, or mounted-volume storage.", "hasChildren": false @@ -44771,7 +50586,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Thread Bindings", "help": "Shared defaults for thread-bound session routing behavior across providers that support thread focus workflows. Configure global defaults here and override per channel only when behavior differs.", "hasChildren": true @@ -44783,7 +50600,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Thread Binding Enabled", "help": "Global master switch for thread-bound session routing features and focused thread delivery behavior. Keep enabled for modern thread workflows unless you need to disable thread binding globally.", "hasChildren": false @@ -44795,7 +50614,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Thread Binding Idle Timeout (hours)", "help": "Default inactivity window in hours for thread-bound sessions across providers/channels (0 disables idle auto-unfocus). Default: 24.", "hasChildren": false @@ -44807,7 +50628,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "Thread Binding Max Age (hours)", "help": "Optional hard max age in hours for thread-bound sessions across providers/channels (0 disables hard cap). Default: 0.", "hasChildren": false @@ -44819,7 +50643,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage"], + "tags": [ + "performance", + "storage" + ], "label": "Session Typing Interval (seconds)", "help": "Controls interval for repeated typing indicators while replies are being prepared in typing-capable channels. Increase to reduce chatty updates or decrease for more active typing feedback.", "hasChildren": false @@ -44831,7 +50658,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage"], + "tags": [ + "storage" + ], "label": "Session Typing Mode", "help": "Controls typing behavior timing: \"never\", \"instant\", \"thinking\", or \"message\" based emission points. Keep conservative modes in high-volume channels to avoid unnecessary typing noise.", "hasChildren": false @@ -44843,7 +50672,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Skills", "hasChildren": true }, @@ -44890,11 +50721,17 @@ { "path": "skills.entries.*.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security"], + "tags": [ + "auth", + "security" + ], "hasChildren": true }, { @@ -45103,7 +50940,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Watch Skills", "help": "Enable filesystem watching for skill-definition changes so updates can be applied without full process restart. Keep enabled in development workflows and disable in immutable production images.", "hasChildren": false @@ -45115,7 +50954,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation", "performance"], + "tags": [ + "automation", + "performance" + ], "label": "Skills Watch Debounce (ms)", "help": "Debounce window in milliseconds for coalescing rapid skill file changes before reload logic runs. Increase to reduce reload churn on frequent writes, or lower for faster edit feedback.", "hasChildren": false @@ -45127,7 +50969,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Talk", "help": "Talk-mode voice synthesis settings for voice identity, model selection, output format, and interruption behavior. Use this section to tune human-facing voice UX while controlling latency and cost.", "hasChildren": true @@ -45135,11 +50979,18 @@ { "path": "talk.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "media", "security"], + "tags": [ + "auth", + "media", + "security" + ], "label": "Talk API Key", "help": "Use this legacy ElevenLabs API key for Talk mode only during migration, and keep secrets in env-backed storage. Prefer talk.providers.elevenlabs.apiKey (fallback: ELEVENLABS_API_KEY).", "hasChildren": true @@ -45181,7 +51032,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Talk Interrupt on Speech", "help": "If true (default), stop assistant speech when the user starts speaking in Talk mode. Keep enabled for conversational turn-taking.", "hasChildren": false @@ -45193,7 +51046,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "models"], + "tags": [ + "media", + "models" + ], "label": "Talk Model ID", "help": "Legacy ElevenLabs model ID for Talk mode (default: eleven_v3). Prefer talk.providers.elevenlabs.modelId.", "hasChildren": false @@ -45205,7 +51061,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Talk Output Format", "help": "Use this legacy ElevenLabs output format for Talk mode (for example pcm_44100 or mp3_44100_128) only during migration. Prefer talk.providers.elevenlabs.outputFormat.", "hasChildren": false @@ -45217,7 +51075,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Talk Active Provider", "help": "Active Talk provider id (for example \"elevenlabs\").", "hasChildren": false @@ -45229,7 +51089,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Talk Provider Settings", "help": "Provider-specific Talk settings keyed by provider id. During migration, prefer this over legacy talk.* keys.", "hasChildren": true @@ -45256,11 +51118,18 @@ { "path": "talk.providers.*.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "media", "security"], + "tags": [ + "auth", + "media", + "security" + ], "label": "Talk Provider API Key", "help": "Provider API key for Talk mode.", "hasChildren": true @@ -45302,7 +51171,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "models"], + "tags": [ + "media", + "models" + ], "label": "Talk Provider Model ID", "help": "Provider default model ID for Talk mode.", "hasChildren": false @@ -45314,7 +51186,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Talk Provider Output Format", "help": "Provider default output format for Talk mode.", "hasChildren": false @@ -45326,7 +51200,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Talk Provider Voice Aliases", "help": "Optional provider voice alias map for Talk directives.", "hasChildren": true @@ -45348,7 +51224,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Talk Provider Voice ID", "help": "Provider default voice ID for Talk mode.", "hasChildren": false @@ -45360,7 +51238,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance"], + "tags": [ + "media", + "performance" + ], "label": "Talk Silence Timeout (ms)", "help": "Milliseconds of user silence before Talk mode finalizes and sends the current transcript. Leave unset to keep the platform default pause window (700 ms on macOS and Android, 900 ms on iOS).", "hasChildren": false @@ -45372,7 +51253,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Talk Voice Aliases", "help": "Use this legacy ElevenLabs voice alias map (for example {\"Clawd\":\"EXAVITQu4vr4xnSDxMaL\"}) only during migration. Prefer talk.providers.elevenlabs.voiceAliases.", "hasChildren": true @@ -45394,7 +51277,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media"], + "tags": [ + "media" + ], "label": "Talk Voice ID", "help": "Legacy ElevenLabs default voice ID for Talk mode. Prefer talk.providers.elevenlabs.voiceId.", "hasChildren": false @@ -45406,7 +51291,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Tools", "help": "Global tool access policy and capability configuration across web, exec, media, messaging, and elevated surfaces. Use this section to constrain risky capabilities before broad rollout.", "hasChildren": true @@ -45418,7 +51305,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Agent-to-Agent Tool Access", "help": "Policy for allowing agent-to-agent tool calls and constraining which target agents can be reached. Keep disabled or tightly scoped unless cross-agent orchestration is intentionally enabled.", "hasChildren": true @@ -45430,7 +51319,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "tools"], + "tags": [ + "access", + "tools" + ], "label": "Agent-to-Agent Target Allowlist", "help": "Allowlist of target agent IDs permitted for agent_to_agent calls when orchestration is enabled. Use explicit allowlists to avoid uncontrolled cross-agent call graphs.", "hasChildren": true @@ -45452,7 +51344,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Enable Agent-to-Agent Tool", "help": "Enables the agent_to_agent tool surface so one agent can invoke another agent at runtime. Keep off in simple deployments and enable only when orchestration value outweighs complexity.", "hasChildren": false @@ -45464,7 +51358,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "tools"], + "tags": [ + "access", + "tools" + ], "label": "Tool Allowlist", "help": "Absolute tool allowlist that replaces profile-derived defaults for strict environments. Use this only when you intentionally run a tightly curated subset of tool capabilities.", "hasChildren": true @@ -45486,7 +51383,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "tools"], + "tags": [ + "access", + "tools" + ], "label": "Tool Allowlist Additions", "help": "Extra tool allowlist entries merged on top of the selected tool profile and default policy. Keep this list small and explicit so audits can quickly identify intentional policy exceptions.", "hasChildren": true @@ -45508,7 +51408,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Tool Policy by Provider", "help": "Per-provider tool allow/deny overrides keyed by channel/provider ID to tailor capabilities by surface. Use this when one provider needs stricter controls than global tool policy.", "hasChildren": true @@ -45600,7 +51502,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "tools"], + "tags": [ + "access", + "tools" + ], "label": "Tool Denylist", "help": "Global tool denylist that blocks listed tools even when profile or provider rules would allow them. Use deny rules for emergency lockouts and long-term defense-in-depth.", "hasChildren": true @@ -45622,7 +51527,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Elevated Tool Access", "help": "Elevated tool access controls for privileged command surfaces that should only be reachable from trusted senders. Keep disabled unless operator workflows explicitly require elevated actions.", "hasChildren": true @@ -45634,7 +51541,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "tools"], + "tags": [ + "access", + "tools" + ], "label": "Elevated Tool Allow Rules", "help": "Sender allow rules for elevated tools, usually keyed by channel/provider identity formats. Use narrow, explicit identities so elevated commands cannot be triggered by unintended users.", "hasChildren": true @@ -45652,7 +51562,10 @@ { "path": "tools.elevated.allowFrom.*.*", "kind": "core", - "type": ["number", "string"], + "type": [ + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -45666,7 +51579,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Enable Elevated Tool Access", "help": "Enables elevated tool execution path when sender and policy checks pass. Keep disabled in public/shared channels and enable only for trusted owner-operated contexts.", "hasChildren": false @@ -45678,7 +51593,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Exec Tool", "help": "Exec-tool policy grouping for shell execution host, security mode, approval behavior, and runtime bindings. Keep conservative defaults in production and tighten elevated execution paths.", "hasChildren": true @@ -45700,7 +51617,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "tools"], + "tags": [ + "access", + "tools" + ], "label": "apply_patch Model Allowlist", "help": "Optional allowlist of model ids (e.g. \"gpt-5.2\" or \"openai/gpt-5.2\").", "hasChildren": true @@ -45722,7 +51642,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Enable apply_patch", "help": "Experimental. Enables apply_patch for OpenAI models when allowed by tool policy.", "hasChildren": false @@ -45734,7 +51656,12 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "advanced", "security", "tools"], + "tags": [ + "access", + "advanced", + "security", + "tools" + ], "label": "apply_patch Workspace-Only", "help": "Restrict apply_patch paths to the workspace directory (default: true). Set false to allow writing outside the workspace (dangerous).", "hasChildren": false @@ -45744,10 +51671,16 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["off", "on-miss", "always"], + "enumValues": [ + "off", + "on-miss", + "always" + ], "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Exec Ask", "help": "Approval strategy for when exec commands require human confirmation before running. Use stricter ask behavior in shared channels and lower-friction settings in private operator contexts.", "hasChildren": false @@ -45777,10 +51710,16 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["sandbox", "gateway", "node"], + "enumValues": [ + "sandbox", + "gateway", + "node" + ], "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Exec Host", "help": "Selects execution host strategy for shell commands, typically controlling local vs delegated execution environment. Use the safest host mode that still satisfies your automation requirements.", "hasChildren": false @@ -45792,7 +51731,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Exec Node Binding", "help": "Node binding configuration for exec tooling when command execution is delegated through connected nodes. Use explicit node binding only when multi-node routing is required.", "hasChildren": false @@ -45804,7 +51745,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Exec Notify On Exit", "help": "When true (default), backgrounded exec sessions on exit and node exec lifecycle events enqueue a system event and request a heartbeat.", "hasChildren": false @@ -45816,7 +51759,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Exec Notify On Empty Success", "help": "When true, successful backgrounded exec exits with empty output still enqueue a completion system event (default: false).", "hasChildren": false @@ -45828,7 +51773,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage", "tools"], + "tags": [ + "storage", + "tools" + ], "label": "Exec PATH Prepend", "help": "Directories to prepend to PATH for exec runs (gateway/sandbox).", "hasChildren": true @@ -45850,7 +51798,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage", "tools"], + "tags": [ + "storage", + "tools" + ], "label": "Exec Safe Bin Profiles", "help": "Optional per-binary safe-bin profiles (positional limits + allowed/denied flags).", "hasChildren": true @@ -45932,7 +51883,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Exec Safe Bins", "help": "Allow stdin-only safe binaries to run without explicit allowlist entries.", "hasChildren": true @@ -45954,7 +51907,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage", "tools"], + "tags": [ + "storage", + "tools" + ], "label": "Exec Safe Bin Trusted Dirs", "help": "Additional explicit directories trusted for safe-bin path checks (PATH entries are never auto-trusted).", "hasChildren": true @@ -45974,10 +51930,16 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["deny", "allowlist", "full"], + "enumValues": [ + "deny", + "allowlist", + "full" + ], "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Exec Security", "help": "Execution security posture selector controlling sandbox/approval expectations for command execution. Keep strict security mode for untrusted prompts and relax only for trusted operator workflows.", "hasChildren": false @@ -46009,7 +51971,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Workspace-only FS tools", "help": "Restrict filesystem tools (read/write/edit/apply_patch) to the workspace directory (default: false).", "hasChildren": false @@ -46031,7 +51995,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Enable Link Understanding", "help": "Enable automatic link understanding pre-processing so URLs can be summarized before agent reasoning. Keep enabled for richer context, and disable when strict minimal processing is required.", "hasChildren": false @@ -46043,7 +52009,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "tools"], + "tags": [ + "performance", + "tools" + ], "label": "Link Understanding Max Links", "help": "Maximum number of links expanded per turn during link understanding. Use lower values to control latency/cost in chatty threads and higher values when multi-link context is critical.", "hasChildren": false @@ -46055,7 +52024,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models", "tools"], + "tags": [ + "models", + "tools" + ], "label": "Link Understanding Models", "help": "Preferred model list for link understanding tasks, evaluated in order as fallbacks when supported. Use lightweight models first for routine summarization and heavier models only when needed.", "hasChildren": true @@ -46127,7 +52099,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Link Understanding Scope", "help": "Controls when link understanding runs relative to conversation context and message type. Keep scope conservative to avoid unnecessary fetches on messages where links are not actionable.", "hasChildren": true @@ -46229,7 +52203,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "tools"], + "tags": [ + "performance", + "tools" + ], "label": "Link Understanding Timeout (sec)", "help": "Per-link understanding timeout budget in seconds before unresolved links are skipped. Keep this bounded to avoid long stalls when external sites are slow or unreachable.", "hasChildren": false @@ -46251,7 +52228,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Tool-loop Critical Threshold", "help": "Critical threshold for repetitive patterns when detector is enabled (default: 20).", "hasChildren": false @@ -46273,7 +52252,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Tool-loop Generic Repeat Detection", "help": "Enable generic repeated same-tool/same-params loop detection (default: true).", "hasChildren": false @@ -46285,7 +52266,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Tool-loop Poll No-Progress Detection", "help": "Enable known poll tool no-progress loop detection (default: true).", "hasChildren": false @@ -46297,7 +52280,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Tool-loop Ping-Pong Detection", "help": "Enable ping-pong loop detection (default: true).", "hasChildren": false @@ -46309,7 +52294,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Tool-loop Detection", "help": "Enable repetitive tool-call loop detection and backoff safety checks (default: false).", "hasChildren": false @@ -46321,7 +52308,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["reliability", "tools"], + "tags": [ + "reliability", + "tools" + ], "label": "Tool-loop Global Circuit Breaker Threshold", "help": "Global no-progress breaker threshold (default: 30).", "hasChildren": false @@ -46333,7 +52323,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Tool-loop History Size", "help": "Tool history window size for loop detection (default: 30).", "hasChildren": false @@ -46345,7 +52337,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Tool-loop Warning Threshold", "help": "Warning threshold for repetitive patterns when detector is enabled (default: 10).", "hasChildren": false @@ -46377,7 +52371,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Audio Understanding Attachment Policy", "help": "Attachment policy for audio inputs indicating which uploaded files are eligible for audio processing. Keep restrictive defaults in mixed-content channels to avoid unintended audio workloads.", "hasChildren": true @@ -46469,7 +52466,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Transcript Echo Format", "help": "Format string for the echoed transcript message. Use `{transcript}` as a placeholder for the transcribed text. Default: '📝 \"{transcript}\"'.", "hasChildren": false @@ -46481,7 +52481,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Echo Transcript to Chat", "help": "Echo the audio transcript back to the originating chat before agent processing. When enabled, users immediately see what was heard from their voice note, helping them verify transcription accuracy before the agent acts on it. Default: false.", "hasChildren": false @@ -46493,7 +52496,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Enable Audio Understanding", "help": "Enable audio understanding so voice notes or audio clips can be transcribed/summarized for agent context. Disable when audio ingestion is outside policy or unnecessary for your workflows.", "hasChildren": false @@ -46525,7 +52531,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Audio Understanding Language", "help": "Preferred language hint for audio understanding/transcription when provider support is available. Set this to improve recognition accuracy for known primary languages.", "hasChildren": false @@ -46537,7 +52546,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance", "tools"], + "tags": [ + "media", + "performance", + "tools" + ], "label": "Audio Understanding Max Bytes", "help": "Maximum accepted audio payload size in bytes before processing is rejected or clipped by policy. Set this based on expected recording length and upstream provider limits.", "hasChildren": false @@ -46549,7 +52562,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance", "tools"], + "tags": [ + "media", + "performance", + "tools" + ], "label": "Audio Understanding Max Chars", "help": "Maximum characters retained from audio understanding output to prevent oversized transcript injection. Increase for long-form dictation, or lower to keep conversational turns compact.", "hasChildren": false @@ -46561,7 +52578,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "models", "tools"], + "tags": [ + "media", + "models", + "tools" + ], "label": "Audio Understanding Models", "help": "Ordered model preferences specifically for audio understanding, used before shared media model fallback. Choose models optimized for transcription quality in your primary language/domain.", "hasChildren": true @@ -46799,7 +52820,11 @@ { "path": "tools.media.audio.models.*.providerOptions.*.*", "kind": "core", - "type": ["boolean", "number", "string"], + "type": [ + "boolean", + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -46833,7 +52858,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Audio Understanding Prompt", "help": "Instruction template guiding audio understanding output style, such as concise summary versus near-verbatim transcript. Keep wording consistent so downstream automations can rely on output format.", "hasChildren": false @@ -46861,7 +52889,11 @@ { "path": "tools.media.audio.providerOptions.*.*", "kind": "core", - "type": ["boolean", "number", "string"], + "type": [ + "boolean", + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -46875,7 +52907,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Audio Understanding Scope", "help": "Scope selector for when audio understanding runs across inbound messages and attachments. Keep focused scopes in high-volume channels to reduce cost and avoid accidental transcription.", "hasChildren": true @@ -46977,7 +53012,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance", "tools"], + "tags": [ + "media", + "performance", + "tools" + ], "label": "Audio Understanding Timeout (sec)", "help": "Timeout in seconds for audio understanding execution before the operation is cancelled. Use longer timeouts for long recordings and tighter ones for interactive chat responsiveness.", "hasChildren": false @@ -46989,7 +53028,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance", "tools"], + "tags": [ + "media", + "performance", + "tools" + ], "label": "Media Understanding Concurrency", "help": "Maximum number of concurrent media understanding operations per turn across image, audio, and video tasks. Lower this in resource-constrained deployments to prevent CPU/network saturation.", "hasChildren": false @@ -47011,7 +53054,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Image Understanding Attachment Policy", "help": "Attachment handling policy for image inputs, including which message attachments qualify for image analysis. Use restrictive settings in untrusted channels to reduce unexpected processing.", "hasChildren": true @@ -47123,7 +53169,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Enable Image Understanding", "help": "Enable image understanding so attached or referenced images can be interpreted into textual context. Disable if you need text-only operation or want to avoid image-processing cost.", "hasChildren": false @@ -47165,7 +53214,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance", "tools"], + "tags": [ + "media", + "performance", + "tools" + ], "label": "Image Understanding Max Bytes", "help": "Maximum accepted image payload size in bytes before the item is skipped or truncated by policy. Keep limits realistic for your provider caps and infrastructure bandwidth.", "hasChildren": false @@ -47177,7 +53230,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance", "tools"], + "tags": [ + "media", + "performance", + "tools" + ], "label": "Image Understanding Max Chars", "help": "Maximum characters returned from image understanding output after model response normalization. Use tighter limits to reduce prompt bloat and larger limits for detail-heavy OCR tasks.", "hasChildren": false @@ -47189,7 +53246,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "models", "tools"], + "tags": [ + "media", + "models", + "tools" + ], "label": "Image Understanding Models", "help": "Ordered model preferences specifically for image understanding when you want to override shared media models. Put the most reliable multimodal model first to reduce fallback attempts.", "hasChildren": true @@ -47427,7 +53488,11 @@ { "path": "tools.media.image.models.*.providerOptions.*.*", "kind": "core", - "type": ["boolean", "number", "string"], + "type": [ + "boolean", + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -47461,7 +53526,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Image Understanding Prompt", "help": "Instruction template used for image understanding requests to shape extraction style and detail level. Keep prompts deterministic so outputs stay consistent across turns and channels.", "hasChildren": false @@ -47489,7 +53557,11 @@ { "path": "tools.media.image.providerOptions.*.*", "kind": "core", - "type": ["boolean", "number", "string"], + "type": [ + "boolean", + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -47503,7 +53575,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Image Understanding Scope", "help": "Scope selector for when image understanding is attempted (for example only explicit requests versus broader auto-detection). Keep narrow scope in busy channels to control token and API spend.", "hasChildren": true @@ -47605,7 +53680,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance", "tools"], + "tags": [ + "media", + "performance", + "tools" + ], "label": "Image Understanding Timeout (sec)", "help": "Timeout in seconds for each image understanding request before it is aborted. Increase for high-resolution analysis and lower it for latency-sensitive operator workflows.", "hasChildren": false @@ -47617,7 +53696,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "models", "tools"], + "tags": [ + "media", + "models", + "tools" + ], "label": "Media Understanding Shared Models", "help": "Shared fallback model list used by media understanding tools when modality-specific model lists are not set. Keep this aligned with available multimodal providers to avoid runtime fallback churn.", "hasChildren": true @@ -47855,7 +53938,11 @@ { "path": "tools.media.models.*.providerOptions.*.*", "kind": "core", - "type": ["boolean", "number", "string"], + "type": [ + "boolean", + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -47899,7 +53986,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Video Understanding Attachment Policy", "help": "Attachment eligibility policy for video analysis, defining which message files can trigger video processing. Keep this explicit in shared channels to prevent accidental large media workloads.", "hasChildren": true @@ -48011,7 +54101,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Enable Video Understanding", "help": "Enable video understanding so clips can be summarized into text for downstream reasoning and responses. Disable when processing video is out of policy or too expensive for your deployment.", "hasChildren": false @@ -48053,7 +54146,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance", "tools"], + "tags": [ + "media", + "performance", + "tools" + ], "label": "Video Understanding Max Bytes", "help": "Maximum accepted video payload size in bytes before policy rejection or trimming occurs. Tune this to provider and infrastructure limits to avoid repeated timeout/failure loops.", "hasChildren": false @@ -48065,7 +54162,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance", "tools"], + "tags": [ + "media", + "performance", + "tools" + ], "label": "Video Understanding Max Chars", "help": "Maximum characters retained from video understanding output to control prompt growth. Raise for dense scene descriptions and lower when concise summaries are preferred.", "hasChildren": false @@ -48077,7 +54178,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "models", "tools"], + "tags": [ + "media", + "models", + "tools" + ], "label": "Video Understanding Models", "help": "Ordered model preferences specifically for video understanding before shared media fallback applies. Prioritize models with strong multimodal video support to minimize degraded summaries.", "hasChildren": true @@ -48315,7 +54420,11 @@ { "path": "tools.media.video.models.*.providerOptions.*.*", "kind": "core", - "type": ["boolean", "number", "string"], + "type": [ + "boolean", + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -48349,7 +54458,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Video Understanding Prompt", "help": "Instruction template for video understanding describing desired summary granularity and focus areas. Keep this stable so output quality remains predictable across model/provider fallbacks.", "hasChildren": false @@ -48377,7 +54489,11 @@ { "path": "tools.media.video.providerOptions.*.*", "kind": "core", - "type": ["boolean", "number", "string"], + "type": [ + "boolean", + "number", + "string" + ], "required": false, "deprecated": false, "sensitive": false, @@ -48391,7 +54507,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "tools"], + "tags": [ + "media", + "tools" + ], "label": "Video Understanding Scope", "help": "Scope selector controlling when video understanding is attempted across incoming events. Narrow scope in noisy channels, and broaden only where video interpretation is core to workflow.", "hasChildren": true @@ -48493,7 +54612,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["media", "performance", "tools"], + "tags": [ + "media", + "performance", + "tools" + ], "label": "Video Understanding Timeout (sec)", "help": "Timeout in seconds for each video understanding request before cancellation. Use conservative values in interactive channels and longer values for offline or batch-heavy processing.", "hasChildren": false @@ -48515,7 +54638,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "tools"], + "tags": [ + "access", + "tools" + ], "label": "Allow Cross-Context Messaging", "help": "Legacy override: allow cross-context sends across all providers.", "hasChildren": false @@ -48537,7 +54663,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Enable Message Broadcast", "help": "Enable broadcast action (default: true).", "hasChildren": false @@ -48559,7 +54687,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "tools"], + "tags": [ + "access", + "tools" + ], "label": "Allow Cross-Context (Across Providers)", "help": "Allow sends across different providers (default: false).", "hasChildren": false @@ -48571,7 +54702,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["access", "tools"], + "tags": [ + "access", + "tools" + ], "label": "Allow Cross-Context (Same Provider)", "help": "Allow sends to other channels within the same provider (default: true).", "hasChildren": false @@ -48593,7 +54727,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Cross-Context Marker", "help": "Add a visible origin marker when sending cross-context (default: true).", "hasChildren": false @@ -48605,7 +54741,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Cross-Context Marker Prefix", "help": "Text prefix for cross-context markers (supports \"{channel}\").", "hasChildren": false @@ -48617,7 +54755,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Cross-Context Marker Suffix", "help": "Text suffix for cross-context markers (supports \"{channel}\").", "hasChildren": false @@ -48629,7 +54769,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage", "tools"], + "tags": [ + "storage", + "tools" + ], "label": "Tool Profile", "help": "Global tool profile name used to select a predefined tool policy baseline before applying allow/deny overrides. Use this for consistent environment posture across agents and keep profile names stable.", "hasChildren": false @@ -48641,7 +54784,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage", "tools"], + "tags": [ + "storage", + "tools" + ], "label": "Sandbox Tool Policy", "help": "Tool policy wrapper for sandboxed agent executions so sandbox runs can have distinct capability boundaries. Use this to enforce stronger safety in sandbox contexts.", "hasChildren": true @@ -48653,7 +54799,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["storage", "tools"], + "tags": [ + "storage", + "tools" + ], "label": "Sandbox Tool Allow/Deny Policy", "help": "Allow/deny tool policy applied when agents run in sandboxed execution environments. Keep policies minimal so sandbox tasks cannot escalate into unnecessary external actions.", "hasChildren": true @@ -48803,10 +54952,18 @@ "kind": "core", "type": "string", "required": false, - "enumValues": ["self", "tree", "agent", "all"], + "enumValues": [ + "self", + "tree", + "agent", + "all" + ], "deprecated": false, "sensitive": false, - "tags": ["storage", "tools"], + "tags": [ + "storage", + "tools" + ], "label": "Session Tools Visibility", "help": "Controls which sessions can be targeted by sessions_list/sessions_history/sessions_send. (\"tree\" default = current session + spawned subagent sessions; \"self\" = only current; \"agent\" = any session in the current agent id; \"all\" = any session; cross-agent still requires tools.agentToAgent).", "hasChildren": false @@ -48818,7 +54975,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Subagent Tool Policy", "help": "Tool policy wrapper for spawned subagents to restrict or expand tool availability compared to parent defaults. Use this to keep delegated agent capabilities scoped to task intent.", "hasChildren": true @@ -48830,7 +54989,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Subagent Tool Allow/Deny Policy", "help": "Allow/deny tool policy applied to spawned subagent runtimes for per-subagent hardening. Keep this narrower than parent scope when subagents run semi-autonomous workflows.", "hasChildren": true @@ -48902,7 +55063,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Web Tools", "help": "Web-tool policy grouping for search/fetch providers, limits, and fallback behavior tuning. Keep enabled settings aligned with API key availability and outbound networking policy.", "hasChildren": true @@ -48924,7 +55087,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage", "tools"], + "tags": [ + "performance", + "storage", + "tools" + ], "label": "Web Fetch Cache TTL (min)", "help": "Cache TTL in minutes for web_fetch results.", "hasChildren": false @@ -48936,7 +55103,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Enable Web Fetch Tool", "help": "Enable the web_fetch tool (lightweight HTTP fetch).", "hasChildren": false @@ -48954,11 +55123,18 @@ { "path": "tools.web.fetch.firecrawl.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security", "tools"], + "tags": [ + "auth", + "security", + "tools" + ], "label": "Firecrawl API Key", "help": "Firecrawl API key (fallback: FIRECRAWL_API_KEY env var).", "hasChildren": true @@ -49000,7 +55176,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Firecrawl Base URL", "help": "Firecrawl base URL (e.g. https://api.firecrawl.dev or custom endpoint).", "hasChildren": false @@ -49012,7 +55190,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Enable Firecrawl Fallback", "help": "Enable Firecrawl fallback for web_fetch (if configured).", "hasChildren": false @@ -49024,7 +55204,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "tools"], + "tags": [ + "performance", + "tools" + ], "label": "Firecrawl Cache Max Age (ms)", "help": "Firecrawl maxAge (ms) for cached results when supported by the API.", "hasChildren": false @@ -49036,7 +55219,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Firecrawl Main Content Only", "help": "When true, Firecrawl returns only the main content (default: true).", "hasChildren": false @@ -49048,7 +55233,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "tools"], + "tags": [ + "performance", + "tools" + ], "label": "Firecrawl Timeout (sec)", "help": "Timeout in seconds for Firecrawl requests.", "hasChildren": false @@ -49060,7 +55248,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "tools"], + "tags": [ + "performance", + "tools" + ], "label": "Web Fetch Max Chars", "help": "Max characters returned by web_fetch (truncated).", "hasChildren": false @@ -49072,7 +55263,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "tools"], + "tags": [ + "performance", + "tools" + ], "label": "Web Fetch Hard Max Chars", "help": "Hard cap for web_fetch maxChars (applies to config and tool calls).", "hasChildren": false @@ -49084,7 +55278,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage", "tools"], + "tags": [ + "performance", + "storage", + "tools" + ], "label": "Web Fetch Max Redirects", "help": "Maximum redirects allowed for web_fetch (default: 3).", "hasChildren": false @@ -49096,7 +55294,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Web Fetch Readability Extraction", "help": "Use Readability to extract main content from HTML (fallbacks to basic HTML cleanup).", "hasChildren": false @@ -49108,7 +55308,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "tools"], + "tags": [ + "performance", + "tools" + ], "label": "Web Fetch Timeout (sec)", "help": "Timeout in seconds for web_fetch requests.", "hasChildren": false @@ -49120,7 +55323,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Web Fetch User-Agent", "help": "Override User-Agent header for web_fetch requests.", "hasChildren": false @@ -49138,11 +55343,18 @@ { "path": "tools.web.search.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security", "tools"], + "tags": [ + "auth", + "security", + "tools" + ], "label": "Brave Search API Key", "help": "Brave Search API key (fallback: BRAVE_API_KEY env var).", "hasChildren": true @@ -49194,7 +55406,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Brave Search Mode", "help": "Brave Search mode: \"web\" (URL results) or \"llm-context\" (pre-extracted page content for LLM grounding).", "hasChildren": false @@ -49206,7 +55420,11 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "storage", "tools"], + "tags": [ + "performance", + "storage", + "tools" + ], "label": "Web Search Cache TTL (min)", "help": "Cache TTL in minutes for web_search results.", "hasChildren": false @@ -49218,7 +55436,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Enable Web Search Tool", "help": "Enable the web_search tool (requires a provider API key).", "hasChildren": false @@ -49236,11 +55456,18 @@ { "path": "tools.web.search.gemini.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security", "tools"], + "tags": [ + "auth", + "security", + "tools" + ], "label": "Gemini Search API Key", "help": "Gemini API key for Google Search grounding (fallback: GEMINI_API_KEY env var).", "hasChildren": true @@ -49282,7 +55509,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models", "tools"], + "tags": [ + "models", + "tools" + ], "label": "Gemini Search Model", "help": "Gemini model override (default: \"gemini-2.5-flash\").", "hasChildren": false @@ -49300,11 +55530,18 @@ { "path": "tools.web.search.grok.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security", "tools"], + "tags": [ + "auth", + "security", + "tools" + ], "label": "Grok Search API Key", "help": "Grok (xAI) API key (fallback: XAI_API_KEY env var).", "hasChildren": true @@ -49356,7 +55593,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models", "tools"], + "tags": [ + "models", + "tools" + ], "label": "Grok Search Model", "help": "Grok model override (default: \"grok-4-1-fast\").", "hasChildren": false @@ -49374,11 +55614,18 @@ { "path": "tools.web.search.kimi.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security", "tools"], + "tags": [ + "auth", + "security", + "tools" + ], "label": "Kimi Search API Key", "help": "Moonshot/Kimi API key (fallback: KIMI_API_KEY or MOONSHOT_API_KEY env var).", "hasChildren": true @@ -49420,7 +55667,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Kimi Search Base URL", "help": "Kimi base URL override (default: \"https://api.moonshot.ai/v1\").", "hasChildren": false @@ -49432,7 +55681,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models", "tools"], + "tags": [ + "models", + "tools" + ], "label": "Kimi Search Model", "help": "Kimi model override (default: \"moonshot-v1-128k\").", "hasChildren": false @@ -49444,7 +55696,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "tools"], + "tags": [ + "performance", + "tools" + ], "label": "Web Search Max Results", "help": "Number of results to return (1-10).", "hasChildren": false @@ -49462,11 +55717,18 @@ { "path": "tools.web.search.perplexity.apiKey", "kind": "core", - "type": ["object", "string"], + "type": [ + "object", + "string" + ], "required": false, "deprecated": false, "sensitive": true, - "tags": ["auth", "security", "tools"], + "tags": [ + "auth", + "security", + "tools" + ], "label": "Perplexity API Key", "help": "Perplexity or OpenRouter API key (fallback: PERPLEXITY_API_KEY or OPENROUTER_API_KEY env var). Direct Perplexity keys default to the Search API; OpenRouter keys use Sonar chat completions.", "hasChildren": true @@ -49508,7 +55770,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Perplexity Base URL", "help": "Optional Perplexity/OpenRouter chat-completions base URL override. Setting this opts Perplexity into the legacy Sonar/OpenRouter compatibility path.", "hasChildren": false @@ -49520,7 +55784,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["models", "tools"], + "tags": [ + "models", + "tools" + ], "label": "Perplexity Model", "help": "Optional Sonar/OpenRouter model override (default: \"perplexity/sonar-pro\"). Setting this opts Perplexity into the legacy chat-completions compatibility path.", "hasChildren": false @@ -49532,7 +55799,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["tools"], + "tags": [ + "tools" + ], "label": "Web Search Provider", "help": "Search provider (\"brave\", \"gemini\", \"grok\", \"kimi\", or \"perplexity\"). Auto-detected from available API keys if omitted.", "hasChildren": false @@ -49544,7 +55813,10 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance", "tools"], + "tags": [ + "performance", + "tools" + ], "label": "Web Search Timeout (sec)", "help": "Timeout in seconds for web_search requests.", "hasChildren": false @@ -49556,7 +55828,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "UI", "help": "UI presentation settings for accenting and assistant identity shown in control surfaces. Use this for branding and readability customization without changing runtime behavior.", "hasChildren": true @@ -49568,7 +55842,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Assistant Appearance", "help": "Assistant display identity settings for name and avatar shown in UI surfaces. Keep these values aligned with your operator-facing persona and support expectations.", "hasChildren": true @@ -49580,7 +55856,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Assistant Avatar", "help": "Assistant avatar image source used in UI surfaces (URL, path, or data URI depending on runtime support). Use trusted assets and consistent branding dimensions for clean rendering.", "hasChildren": false @@ -49592,7 +55870,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Assistant Name", "help": "Display name shown for the assistant in UI views, chat chrome, and status contexts. Keep this stable so operators can reliably identify which assistant persona is active.", "hasChildren": false @@ -49604,7 +55884,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Accent Color", "help": "Primary accent/seam color used by UI surfaces for emphasis, badges, and visual identity cues. Use high-contrast values that remain readable across light/dark themes.", "hasChildren": false @@ -49616,7 +55898,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Updates", "help": "Update-channel and startup-check behavior for keeping OpenClaw runtime versions current. Use conservative channels in production and more experimental channels only in controlled environments.", "hasChildren": true @@ -49638,7 +55922,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Auto Update Beta Check Interval (hours)", "help": "How often beta-channel checks run in hours (default: 1).", "hasChildren": false @@ -49650,7 +55936,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Auto Update Enabled", "help": "Enable background auto-update for package installs (default: false).", "hasChildren": false @@ -49662,7 +55950,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Auto Update Stable Delay (hours)", "help": "Minimum delay before stable-channel auto-apply starts (default: 6).", "hasChildren": false @@ -49674,7 +55964,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Auto Update Stable Jitter (hours)", "help": "Extra stable-channel rollout spread window in hours (default: 12).", "hasChildren": false @@ -49686,7 +55978,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Update Channel", "help": "Update channel for git + npm installs (\"stable\", \"beta\", or \"dev\").", "hasChildren": false @@ -49698,7 +55992,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation"], + "tags": [ + "automation" + ], "label": "Update Check on Start", "help": "Check for npm updates when the gateway starts (default: true).", "hasChildren": false @@ -49710,7 +56006,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Web Channel", "help": "Web channel runtime settings for heartbeat and reconnect behavior when operating web-based chat surfaces. Use reconnect values tuned to your network reliability profile and expected uptime needs.", "hasChildren": true @@ -49722,7 +56020,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Web Channel Enabled", "help": "Enables the web channel runtime and related websocket lifecycle behavior. Keep disabled when web chat is unused to reduce active connection management overhead.", "hasChildren": false @@ -49734,7 +56034,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["automation"], + "tags": [ + "automation" + ], "label": "Web Channel Heartbeat Interval (sec)", "help": "Heartbeat interval in seconds for web channel connectivity and liveness maintenance. Use shorter intervals for faster detection, or longer intervals to reduce keepalive chatter.", "hasChildren": false @@ -49746,7 +56048,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Web Channel Reconnect Policy", "help": "Reconnect backoff policy for web channel reconnect attempts after transport failure. Keep bounded retries and jitter tuned to avoid thundering-herd reconnect behavior.", "hasChildren": true @@ -49758,7 +56062,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Web Reconnect Backoff Factor", "help": "Exponential backoff multiplier used between reconnect attempts in web channel retry loops. Keep factor above 1 and tune with jitter for stable large-fleet reconnect behavior.", "hasChildren": false @@ -49770,7 +56076,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Web Reconnect Initial Delay (ms)", "help": "Initial reconnect delay in milliseconds before the first retry after disconnection. Use modest delays to recover quickly without immediate retry storms.", "hasChildren": false @@ -49782,7 +56090,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Web Reconnect Jitter", "help": "Randomization factor (0-1) applied to reconnect delays to desynchronize clients after outage events. Keep non-zero jitter in multi-client deployments to reduce synchronized spikes.", "hasChildren": false @@ -49794,7 +56104,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Web Reconnect Max Attempts", "help": "Maximum reconnect attempts before giving up for the current failure sequence (0 means no retries). Use finite caps for controlled failure handling in automation-sensitive environments.", "hasChildren": false @@ -49806,7 +56118,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["performance"], + "tags": [ + "performance" + ], "label": "Web Reconnect Max Delay (ms)", "help": "Maximum reconnect backoff cap in milliseconds to bound retry delay growth over repeated failures. Use a reasonable cap so recovery remains timely after prolonged outages.", "hasChildren": false @@ -49818,7 +56132,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Setup Wizard State", "help": "Setup wizard state tracking fields that record the most recent guided onboarding run details. Keep these fields for observability and troubleshooting of setup flows across upgrades.", "hasChildren": true @@ -49830,7 +56146,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Wizard Last Run Timestamp", "help": "ISO timestamp for when the setup wizard most recently completed on this host. Use this to confirm onboarding recency during support and operational audits.", "hasChildren": false @@ -49842,7 +56160,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Wizard Last Run Command", "help": "Command invocation recorded for the latest wizard run to preserve execution context. Use this to reproduce onboarding steps when verifying setup regressions.", "hasChildren": false @@ -49854,7 +56174,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Wizard Last Run Commit", "help": "Source commit identifier recorded for the last wizard execution in development builds. Use this to correlate onboarding behavior with exact source state during debugging.", "hasChildren": false @@ -49866,7 +56188,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Wizard Last Run Mode", "help": "Wizard execution mode recorded as \"local\" or \"remote\" for the most recent onboarding flow. Use this to understand whether setup targeted direct local runtime or remote gateway topology.", "hasChildren": false @@ -49878,7 +56202,9 @@ "required": false, "deprecated": false, "sensitive": false, - "tags": ["advanced"], + "tags": [ + "advanced" + ], "label": "Wizard Last Run Version", "help": "OpenClaw version recorded at the time of the most recent wizard run on this config. Use this when diagnosing behavior differences across version-to-version onboarding changes.", "hasChildren": false diff --git a/docs/.generated/config-baseline.jsonl b/docs/.generated/config-baseline.jsonl index be2c579b614..18baeac12b9 100644 --- a/docs/.generated/config-baseline.jsonl +++ b/docs/.generated/config-baseline.jsonl @@ -1,4 +1,4 @@ -{"generatedBy":"scripts/generate-config-doc-baseline.ts","recordType":"meta","totalPaths":4733} +{"generatedBy":"scripts/generate-config-doc-baseline.ts","recordType":"meta","totalPaths":4889} {"recordType":"path","path":"acp","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"ACP","help":"ACP runtime controls for enabling dispatch, selecting backends, constraining allowed agent targets, and tuning streamed turn projection behavior.","hasChildren":true} {"recordType":"path","path":"acp.allowedAgents","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access"],"label":"ACP Allowed Agents","help":"Allowlist of ACP target agent ids permitted for ACP runtime sessions. Empty means no additional allowlist restriction.","hasChildren":true} {"recordType":"path","path":"acp.allowedAgents.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -101,6 +101,7 @@ {"recordType":"path","path":"agents.defaults.compaction.recentTurnsPreserve","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Compaction Preserve Recent Turns","help":"Number of most recent user/assistant turns kept verbatim outside safeguard summarization (default: 3). Raise this to preserve exact recent dialogue context, or lower it to maximize compaction savings.","hasChildren":false} {"recordType":"path","path":"agents.defaults.compaction.reserveTokens","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["auth","security"],"label":"Compaction Reserve Tokens","help":"Token headroom reserved for reply generation and tool output after compaction runs. Use higher reserves for verbose/tool-heavy sessions, and lower reserves when maximizing retained history matters more.","hasChildren":false} {"recordType":"path","path":"agents.defaults.compaction.reserveTokensFloor","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["auth","security"],"label":"Compaction Reserve Token Floor","help":"Minimum floor enforced for reserveTokens in Pi compaction paths (0 disables the floor guard). Use a non-zero floor to avoid over-aggressive compression under fluctuating token estimates.","hasChildren":false} +{"recordType":"path","path":"agents.defaults.compaction.timeoutSeconds","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["performance"],"label":"Compaction Timeout (Seconds)","help":"Maximum time in seconds allowed for a single compaction operation before it is aborted (default: 900). Increase this for very large sessions that need more time to summarize, or decrease it to fail faster on unresponsive models.","hasChildren":false} {"recordType":"path","path":"agents.defaults.contextPruning","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"agents.defaults.contextPruning.hardClear","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"agents.defaults.contextPruning.hardClear.enabled","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -143,7 +144,7 @@ {"recordType":"path","path":"agents.defaults.heartbeat.prompt","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"agents.defaults.heartbeat.session","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"agents.defaults.heartbeat.suppressToolErrorWarnings","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["automation"],"label":"Heartbeat Suppress Tool Error Warnings","help":"Suppress tool error warning payloads during heartbeat runs.","hasChildren":false} -{"recordType":"path","path":"agents.defaults.heartbeat.target","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["automation"],"help":"Delivery target (\"last\", \"none\", or a channel id). Known channels: telegram, whatsapp, discord, irc, googlechat, slack, signal, imessage, line, zalouser, zalo, tlon, feishu, nextcloud-talk, msteams, bluebubbles, synology-chat, mattermost, twitch, matrix, nostr.","hasChildren":false} +{"recordType":"path","path":"agents.defaults.heartbeat.target","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["automation"],"help":"Delivery target (\"last\", \"none\", or a channel id). Known channels: telegram, whatsapp, discord, irc, googlechat, slack, signal, imessage, line, bluebubbles, feishu, matrix, mattermost, msteams, nextcloud-talk, nostr, synology-chat, tlon, twitch, zalo, zalouser.","hasChildren":false} {"recordType":"path","path":"agents.defaults.heartbeat.to","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"agents.defaults.humanDelay","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"agents.defaults.humanDelay.maxMs","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["performance"],"label":"Human Delay Max (ms)","help":"Maximum delay in ms for custom humanDelay (default: 2500).","hasChildren":false} @@ -347,7 +348,7 @@ {"recordType":"path","path":"agents.list.*.heartbeat.prompt","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"agents.list.*.heartbeat.session","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"agents.list.*.heartbeat.suppressToolErrorWarnings","kind":"core","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":["automation"],"label":"Agent Heartbeat Suppress Tool Error Warnings","help":"Suppress tool error warning payloads during heartbeat runs.","hasChildren":false} -{"recordType":"path","path":"agents.list.*.heartbeat.target","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["automation"],"help":"Delivery target (\"last\", \"none\", or a channel id). Known channels: telegram, whatsapp, discord, irc, googlechat, slack, signal, imessage, line, zalouser, zalo, tlon, feishu, nextcloud-talk, msteams, bluebubbles, synology-chat, mattermost, twitch, matrix, nostr.","hasChildren":false} +{"recordType":"path","path":"agents.list.*.heartbeat.target","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["automation"],"help":"Delivery target (\"last\", \"none\", or a channel id). Known channels: telegram, whatsapp, discord, irc, googlechat, slack, signal, imessage, line, bluebubbles, feishu, matrix, mattermost, msteams, nextcloud-talk, nostr, synology-chat, tlon, twitch, zalo, zalouser.","hasChildren":false} {"recordType":"path","path":"agents.list.*.heartbeat.to","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"agents.list.*.humanDelay","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"agents.list.*.humanDelay.maxMs","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -912,6 +913,8 @@ {"recordType":"path","path":"channels.discord.accounts.*.guilds.*.toolsBySender.*.deny.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.accounts.*.guilds.*.users","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.discord.accounts.*.guilds.*.users.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.accounts.*.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.discord.accounts.*.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.accounts.*.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.discord.accounts.*.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.accounts.*.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -1165,6 +1168,8 @@ {"recordType":"path","path":"channels.discord.guilds.*.toolsBySender.*.deny.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.guilds.*.users","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.discord.guilds.*.users.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.discord.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.discord.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.discord.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.discord.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -1280,61 +1285,182 @@ {"recordType":"path","path":"channels.feishu","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Feishu","help":"飞书/Lark enterprise messaging.","hasChildren":true} {"recordType":"path","path":"channels.feishu.accounts","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.feishu.accounts.*","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.actions","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.actions.reactions","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.allowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.appId","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.appSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.feishu.accounts.*.appSecret.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.appSecret.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.accounts.*.appSecret.source","kind":"channel","type":"string","required":true,"enumValues":["env","file","exec"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.appSecret.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.blockStreamingCoalesce","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.blockStreamingCoalesce.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.blockStreamingCoalesce.maxDelayMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.blockStreamingCoalesce.minDelayMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.capabilities","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.capabilities.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.chunkMode","kind":"channel","type":"string","required":false,"enumValues":["length","newline"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.configWrites","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.connectionMode","kind":"channel","type":"string","required":false,"enumValues":["websocket","webhook"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.dmHistoryLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.dmPolicy","kind":"channel","type":"string","required":false,"enumValues":["open","pairing","allowlist"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.dms","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.dms.*","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.dms.*.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.dms.*.systemPrompt","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.domain","kind":"channel","type":"string","required":false,"enumValues":["feishu","lark"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.encryptKey","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.feishu.accounts.*.encryptKey.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.encryptKey.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.accounts.*.encryptKey.source","kind":"channel","type":"string","required":true,"enumValues":["env","file","exec"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.encryptKey.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groupAllowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.groupAllowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groupPolicy","kind":"channel","type":"string","required":false,"enumValues":["open","allowlist","disabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groups","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.allowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.groupSessionScope","kind":"channel","type":"string","required":false,"enumValues":["group","group_sender","group_topic","group_topic_sender"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.replyInThread","kind":"channel","type":"string","required":false,"enumValues":["disabled","enabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.requireMention","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.skills","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.skills.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.systemPrompt","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.tools","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.tools.allow","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.tools.allow.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.tools.deny","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.tools.deny.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groups.*.topicSessionMode","kind":"channel","type":"string","required":false,"enumValues":["disabled","enabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groupSenderAllowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.groupSenderAllowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.groupSessionScope","kind":"channel","type":"string","required":false,"enumValues":["group","group_sender","group_topic","group_topic_sender"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.heartbeat.intervalMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.heartbeat.visibility","kind":"channel","type":"string","required":false,"enumValues":["visible","hidden"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.historyLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.httpTimeoutMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.markdown","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.markdown.mode","kind":"channel","type":"string","required":false,"enumValues":["native","escape","strip"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.markdown.tableMode","kind":"channel","type":"string","required":false,"enumValues":["native","ascii","simple"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.mediaMaxMb","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.name","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.reactionNotifications","kind":"channel","type":"string","required":false,"enumValues":["off","own","all"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.renderMode","kind":"channel","type":"string","required":false,"enumValues":["auto","raw","card"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.replyInThread","kind":"channel","type":"string","required":false,"enumValues":["disabled","enabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.requireMention","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.resolveSenderNames","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.streaming","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.textChunkLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.tools","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.accounts.*.tools.chat","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.tools.doc","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.tools.drive","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.tools.perm","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.tools.scopes","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.tools.wiki","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.topicSessionMode","kind":"channel","type":"string","required":false,"enumValues":["disabled","enabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.typingIndicator","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.verificationToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.feishu.accounts.*.verificationToken.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.verificationToken.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.accounts.*.verificationToken.source","kind":"channel","type":"string","required":true,"enumValues":["env","file","exec"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.accounts.*.verificationToken.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.webhookHost","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.webhookPath","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.accounts.*.webhookPort","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.actions","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.actions.reactions","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.feishu.allowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.appId","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.appSecret","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.feishu.appSecret.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.appSecret.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.appSecret.source","kind":"channel","type":"string","required":true,"enumValues":["env","file","exec"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.appSecret.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.blockStreamingCoalesce","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.blockStreamingCoalesce.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.blockStreamingCoalesce.maxDelayMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.blockStreamingCoalesce.minDelayMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.capabilities","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.capabilities.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.chunkMode","kind":"channel","type":"string","required":false,"enumValues":["length","newline"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.connectionMode","kind":"channel","type":"string","required":false,"enumValues":["websocket","webhook"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.configWrites","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.connectionMode","kind":"channel","type":"string","required":true,"enumValues":["websocket","webhook"],"defaultValue":"websocket","deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.defaultAccount","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.dmHistoryLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.dmPolicy","kind":"channel","type":"string","required":false,"enumValues":["open","pairing","allowlist"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.domain","kind":"channel","type":"string","required":false,"enumValues":["feishu","lark"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.dmPolicy","kind":"channel","type":"string","required":true,"enumValues":["open","pairing","allowlist"],"defaultValue":"pairing","deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.dms","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.dms.*","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.dms.*.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.dms.*.systemPrompt","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.domain","kind":"channel","type":"string","required":true,"enumValues":["feishu","lark"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.dynamicAgentCreation","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.dynamicAgentCreation.agentDirTemplate","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.dynamicAgentCreation.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.dynamicAgentCreation.maxAgents","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.dynamicAgentCreation.workspaceTemplate","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.encryptKey","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.feishu.encryptKey.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.encryptKey.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.encryptKey.source","kind":"channel","type":"string","required":true,"enumValues":["env","file","exec"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.encryptKey.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.groupAllowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.feishu.groupAllowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.groupPolicy","kind":"channel","type":"string","required":false,"enumValues":["open","allowlist","disabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groupPolicy","kind":"channel","type":"string","required":true,"enumValues":["open","allowlist","disabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groups","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.groups.*","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.groups.*.allowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.groups.*.allowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groups.*.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groups.*.groupSessionScope","kind":"channel","type":"string","required":false,"enumValues":["group","group_sender","group_topic","group_topic_sender"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groups.*.replyInThread","kind":"channel","type":"string","required":false,"enumValues":["disabled","enabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groups.*.requireMention","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groups.*.skills","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.groups.*.skills.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groups.*.systemPrompt","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groups.*.tools","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.groups.*.tools.allow","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.groups.*.tools.allow.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groups.*.tools.deny","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.groups.*.tools.deny.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groups.*.topicSessionMode","kind":"channel","type":"string","required":false,"enumValues":["disabled","enabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.groupSenderAllowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.groupSenderAllowFrom.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.groupSessionScope","kind":"channel","type":"string","required":false,"enumValues":["group","group_sender","group_topic","group_topic_sender"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.heartbeat.intervalMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.heartbeat.visibility","kind":"channel","type":"string","required":false,"enumValues":["visible","hidden"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.historyLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.httpTimeoutMs","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.markdown","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.markdown.mode","kind":"channel","type":"string","required":false,"enumValues":["native","escape","strip"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.markdown.tableMode","kind":"channel","type":"string","required":false,"enumValues":["native","ascii","simple"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.mediaMaxMb","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.reactionNotifications","kind":"channel","type":"string","required":true,"enumValues":["off","own","all"],"defaultValue":"own","deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.renderMode","kind":"channel","type":"string","required":false,"enumValues":["auto","raw","card"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.replyInThread","kind":"channel","type":"string","required":false,"enumValues":["disabled","enabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.requireMention","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.requireMention","kind":"channel","type":"boolean","required":true,"defaultValue":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.resolveSenderNames","kind":"channel","type":"boolean","required":true,"defaultValue":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.streaming","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.textChunkLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.tools","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.feishu.tools.chat","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.tools.doc","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.tools.drive","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.tools.perm","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.tools.scopes","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.tools.wiki","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.topicSessionMode","kind":"channel","type":"string","required":false,"enumValues":["disabled","enabled"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.typingIndicator","kind":"channel","type":"boolean","required":true,"defaultValue":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.verificationToken","kind":"channel","type":["object","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.feishu.verificationToken.id","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.verificationToken.provider","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.verificationToken.source","kind":"channel","type":"string","required":true,"enumValues":["env","file","exec"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.verificationToken.source","kind":"channel","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.webhookHost","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} -{"recordType":"path","path":"channels.feishu.webhookPath","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.feishu.webhookPath","kind":"channel","type":"string","required":true,"defaultValue":"/feishu/events","deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.feishu.webhookPort","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["channels","network"],"label":"Google Chat","help":"Google Workspace Chat app with HTTP webhook.","hasChildren":true} {"recordType":"path","path":"channels.googlechat.accounts","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} @@ -1342,6 +1468,7 @@ {"recordType":"path","path":"channels.googlechat.accounts.*.actions","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.googlechat.accounts.*.actions.reactions","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.accounts.*.allowBots","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.googlechat.accounts.*.appPrincipal","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.accounts.*.audience","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.accounts.*.audienceType","kind":"channel","type":"string","required":false,"enumValues":["app-url","project-number"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.accounts.*.blockStreaming","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -1377,6 +1504,8 @@ {"recordType":"path","path":"channels.googlechat.accounts.*.groups.*.systemPrompt","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.accounts.*.groups.*.users","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.googlechat.accounts.*.groups.*.users.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.googlechat.accounts.*.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.googlechat.accounts.*.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.accounts.*.historyLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.accounts.*.mediaMaxMb","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.accounts.*.name","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -1401,6 +1530,7 @@ {"recordType":"path","path":"channels.googlechat.actions","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.googlechat.actions.reactions","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.allowBots","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.googlechat.appPrincipal","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.audience","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.audienceType","kind":"channel","type":"string","required":false,"enumValues":["app-url","project-number"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.blockStreaming","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -1437,6 +1567,8 @@ {"recordType":"path","path":"channels.googlechat.groups.*.systemPrompt","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.groups.*.users","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.googlechat.groups.*.users.*","kind":"channel","type":["number","string"],"required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.googlechat.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.googlechat.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.historyLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.mediaMaxMb","kind":"channel","type":"number","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.googlechat.name","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -1504,6 +1636,8 @@ {"recordType":"path","path":"channels.imessage.accounts.*.groups.*.toolsBySender.*.alsoAllow.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.imessage.accounts.*.groups.*.toolsBySender.*.deny","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.imessage.accounts.*.groups.*.toolsBySender.*.deny.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.imessage.accounts.*.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.imessage.accounts.*.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.imessage.accounts.*.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.imessage.accounts.*.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.imessage.accounts.*.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -1565,6 +1699,8 @@ {"recordType":"path","path":"channels.imessage.groups.*.toolsBySender.*.alsoAllow.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.imessage.groups.*.toolsBySender.*.deny","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.imessage.groups.*.toolsBySender.*.deny.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.imessage.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.imessage.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.imessage.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.imessage.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.imessage.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -1969,6 +2105,8 @@ {"recordType":"path","path":"channels.msteams.groupAllowFrom","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.msteams.groupAllowFrom.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.msteams.groupPolicy","kind":"channel","type":"string","required":true,"enumValues":["open","disabled","allowlist"],"defaultValue":"allowlist","deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.msteams.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.msteams.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.msteams.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.msteams.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.msteams.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -2214,6 +2352,8 @@ {"recordType":"path","path":"channels.signal.accounts.*.groups.*.toolsBySender.*.alsoAllow.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.signal.accounts.*.groups.*.toolsBySender.*.deny","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.signal.accounts.*.groups.*.toolsBySender.*.deny.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.signal.accounts.*.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.signal.accounts.*.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.signal.accounts.*.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.signal.accounts.*.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.signal.accounts.*.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -2282,6 +2422,8 @@ {"recordType":"path","path":"channels.signal.groups.*.toolsBySender.*.alsoAllow.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.signal.groups.*.toolsBySender.*.deny","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.signal.groups.*.toolsBySender.*.deny.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.signal.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.signal.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.signal.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.signal.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.signal.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -2386,6 +2528,8 @@ {"recordType":"path","path":"channels.slack.accounts.*.dms.*.historyLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.slack.accounts.*.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.slack.accounts.*.groupPolicy","kind":"channel","type":"string","required":false,"enumValues":["open","disabled","allowlist"],"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.slack.accounts.*.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.slack.accounts.*.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.slack.accounts.*.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.slack.accounts.*.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.slack.accounts.*.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -2509,6 +2653,8 @@ {"recordType":"path","path":"channels.slack.dms.*.historyLimit","kind":"channel","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.slack.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.slack.groupPolicy","kind":"channel","type":"string","required":true,"enumValues":["open","disabled","allowlist"],"defaultValue":"allowlist","deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.slack.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.slack.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.slack.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.slack.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.slack.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -2688,6 +2834,8 @@ {"recordType":"path","path":"channels.telegram.accounts.*.groups.*.topics.*.skills","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.telegram.accounts.*.groups.*.topics.*.skills.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.telegram.accounts.*.groups.*.topics.*.systemPrompt","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.telegram.accounts.*.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.telegram.accounts.*.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.telegram.accounts.*.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.telegram.accounts.*.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.telegram.accounts.*.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -2862,6 +3010,8 @@ {"recordType":"path","path":"channels.telegram.groups.*.topics.*.skills","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.telegram.groups.*.topics.*.skills.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.telegram.groups.*.topics.*.systemPrompt","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.telegram.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.telegram.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.telegram.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.telegram.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.telegram.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -3032,6 +3182,8 @@ {"recordType":"path","path":"channels.whatsapp.accounts.*.groups.*.toolsBySender.*.alsoAllow.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.whatsapp.accounts.*.groups.*.toolsBySender.*.deny","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.whatsapp.accounts.*.groups.*.toolsBySender.*.deny.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.whatsapp.accounts.*.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.whatsapp.accounts.*.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.whatsapp.accounts.*.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.whatsapp.accounts.*.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.whatsapp.accounts.*.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -3095,6 +3247,8 @@ {"recordType":"path","path":"channels.whatsapp.groups.*.toolsBySender.*.alsoAllow.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.whatsapp.groups.*.toolsBySender.*.deny","kind":"channel","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.whatsapp.groups.*.toolsBySender.*.deny.*","kind":"channel","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} +{"recordType":"path","path":"channels.whatsapp.healthMonitor","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} +{"recordType":"path","path":"channels.whatsapp.healthMonitor.enabled","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.whatsapp.heartbeat","kind":"channel","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":true} {"recordType":"path","path":"channels.whatsapp.heartbeat.showAlerts","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"channels.whatsapp.heartbeat.showOk","kind":"channel","type":"boolean","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -3330,6 +3484,8 @@ {"recordType":"path","path":"gateway.auth.trustedProxy.userHeader","kind":"core","type":"string","required":true,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"gateway.bind","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":["network"],"label":"Gateway Bind Mode","help":"Network bind profile: \"auto\", \"lan\", \"loopback\", \"custom\", or \"tailnet\" to control interface exposure. Keep \"loopback\" or \"auto\" for safest local operation unless external clients must connect.","hasChildren":false} {"recordType":"path","path":"gateway.channelHealthCheckMinutes","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["network","reliability"],"label":"Gateway Channel Health Check Interval (min)","help":"Interval in minutes for automatic channel health probing and status updates. Use lower intervals for faster detection, or higher intervals to reduce periodic probe noise.","hasChildren":false} +{"recordType":"path","path":"gateway.channelMaxRestartsPerHour","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["network","performance"],"label":"Gateway Channel Max Restarts Per Hour","help":"Maximum number of health-monitor-initiated channel restarts allowed within a rolling one-hour window. Once hit, further restarts are skipped until the window expires. Default: 10.","hasChildren":false} +{"recordType":"path","path":"gateway.channelStaleEventThresholdMinutes","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["network"],"label":"Gateway Channel Stale Event Threshold (min)","help":"How many minutes a connected channel can go without receiving any event before the health monitor treats it as a stale socket and triggers a restart. Default: 30.","hasChildren":false} {"recordType":"path","path":"gateway.controlUi","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["network"],"label":"Control UI","help":"Control UI hosting settings including enablement, pathing, and browser-origin/auth hardening behavior. Keep UI exposure minimal and pair with strong auth controls before internet-facing deployments.","hasChildren":true} {"recordType":"path","path":"gateway.controlUi.allowedOrigins","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["access","network"],"label":"Control UI Allowed Origins","help":"Allowed browser origins for Control UI/WebChat websocket connections (full origins only, e.g. https://control.example.com). Required for non-loopback Control UI deployments unless dangerous Host-header fallback is explicitly enabled.","hasChildren":true} {"recordType":"path","path":"gateway.controlUi.allowedOrigins.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} @@ -3584,7 +3740,7 @@ {"recordType":"path","path":"messages.ackReactionScope","kind":"core","type":"string","required":false,"enumValues":["group-mentions","group-all","direct","all","off","none"],"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Ack Reaction Scope","help":"When to send ack reactions (\"group-mentions\", \"group-all\", \"direct\", \"all\", \"off\", \"none\"). \"off\"/\"none\" disables ack reactions entirely.","hasChildren":false} {"recordType":"path","path":"messages.groupChat","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Group Chat Rules","help":"Group-message handling controls including mention triggers and history window sizing. Keep mention patterns narrow so group channels do not trigger on every message.","hasChildren":true} {"recordType":"path","path":"messages.groupChat.historyLimit","kind":"core","type":"integer","required":false,"deprecated":false,"sensitive":false,"tags":["performance"],"label":"Group History Limit","help":"Maximum number of prior group messages loaded as context per turn for group sessions. Use higher values for richer continuity, or lower values for faster and cheaper responses.","hasChildren":false} -{"recordType":"path","path":"messages.groupChat.mentionPatterns","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Group Mention Patterns","help":"Regex-like patterns used to detect explicit mentions/trigger phrases in group chats. Use precise patterns to reduce false positives in high-volume channels.","hasChildren":true} +{"recordType":"path","path":"messages.groupChat.mentionPatterns","kind":"core","type":"array","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Group Mention Patterns","help":"Safe case-insensitive regex patterns used to detect explicit mentions/trigger phrases in group chats. Use precise patterns to reduce false positives in high-volume channels; invalid or unsafe nested-repetition patterns are ignored.","hasChildren":true} {"recordType":"path","path":"messages.groupChat.mentionPatterns.*","kind":"core","type":"string","required":false,"deprecated":false,"sensitive":false,"tags":[],"hasChildren":false} {"recordType":"path","path":"messages.inbound","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Inbound Debounce","help":"Direct inbound debounce settings used before queue/turn processing starts. Configure this for provider-specific rapid message bursts from the same sender.","hasChildren":true} {"recordType":"path","path":"messages.inbound.byChannel","kind":"core","type":"object","required":false,"deprecated":false,"sensitive":false,"tags":["advanced"],"label":"Inbound Debounce by Channel (ms)","help":"Per-channel inbound debounce overrides keyed by provider id in milliseconds. Use this where some providers send message fragments more aggressively than others.","hasChildren":true} diff --git a/docs/gateway/configuration-reference.md b/docs/gateway/configuration-reference.md index b87ad930161..a72ad7d76da 100644 --- a/docs/gateway/configuration-reference.md +++ b/docs/gateway/configuration-reference.md @@ -1005,6 +1005,7 @@ Periodic heartbeat runs. defaults: { compaction: { mode: "safeguard", // default | safeguard + timeoutSeconds: 900, reserveTokensFloor: 24000, identifierPolicy: "strict", // strict | off | custom identifierInstructions: "Preserve deployment IDs, ticket IDs, and host:port pairs exactly.", // used when identifierPolicy=custom @@ -1023,6 +1024,7 @@ Periodic heartbeat runs. ``` - `mode`: `default` or `safeguard` (chunked summarization for long histories). See [Compaction](/concepts/compaction). +- `timeoutSeconds`: maximum seconds allowed for a single compaction operation before OpenClaw aborts it. Default: `900`. - `identifierPolicy`: `strict` (default), `off`, or `custom`. `strict` prepends built-in opaque identifier retention guidance during compaction summarization. - `identifierInstructions`: optional custom identifier-preservation text used when `identifierPolicy=custom`. - `postCompactionSections`: optional AGENTS.md H2/H3 section names to re-inject after compaction. Defaults to `["Session Startup", "Red Lines"]`; set `[]` to disable reinjection. When unset or explicitly set to that default pair, older `Every Session`/`Safety` headings are also accepted as a legacy fallback. @@ -2488,6 +2490,11 @@ See [Plugins](/tools/plugin). - Relay-backed registrations are delegated to a specific gateway identity. The paired iOS app fetches `gateway.identity.get`, includes that identity in the relay registration, and forwards a registration-scoped send grant to the gateway. Another gateway cannot reuse that stored registration. - `OPENCLAW_APNS_RELAY_BASE_URL` / `OPENCLAW_APNS_RELAY_TIMEOUT_MS`: temporary env overrides for the relay config above. - `OPENCLAW_APNS_RELAY_ALLOW_HTTP=true`: development-only escape hatch for loopback HTTP relay URLs. Production relay URLs should stay on HTTPS. +- `gateway.channelHealthCheckMinutes`: channel health-monitor interval in minutes. Set `0` to disable health-monitor restarts globally. Default: `5`. +- `gateway.channelStaleEventThresholdMinutes`: stale-socket threshold in minutes. Keep this greater than or equal to `gateway.channelHealthCheckMinutes`. Default: `30`. +- `gateway.channelMaxRestartsPerHour`: maximum health-monitor restarts per channel/account in a rolling hour. Default: `10`. +- `channels..healthMonitor.enabled`: per-channel opt-out for health-monitor restarts while keeping the global monitor enabled. +- `channels..accounts..healthMonitor.enabled`: per-account override for multi-account channels. When set, it takes precedence over the channel-level override. - Local gateway call paths can use `gateway.remote.*` as fallback only when `gateway.auth.*` is unset. - If `gateway.auth.token` / `gateway.auth.password` is explicitly configured via SecretRef and unresolved, resolution fails closed (no remote fallback masking). - `trustedProxies`: reverse proxy IPs that terminate TLS. Only list proxies you control. diff --git a/docs/gateway/configuration.md b/docs/gateway/configuration.md index 9a047cab857..a699e74652f 100644 --- a/docs/gateway/configuration.md +++ b/docs/gateway/configuration.md @@ -175,6 +175,36 @@ When validation fails: + + Control how aggressively the gateway restarts channels that look stale: + + ```json5 + { + gateway: { + channelHealthCheckMinutes: 5, + channelStaleEventThresholdMinutes: 30, + channelMaxRestartsPerHour: 10, + }, + channels: { + telegram: { + healthMonitor: { enabled: false }, + accounts: { + alerts: { + healthMonitor: { enabled: true }, + }, + }, + }, + }, + } + ``` + + - Set `gateway.channelHealthCheckMinutes: 0` to disable health-monitor restarts globally. + - `channelStaleEventThresholdMinutes` should be greater than or equal to the check interval. + - Use `channels..healthMonitor.enabled` or `channels..accounts..healthMonitor.enabled` to disable auto-restarts for one channel or account without disabling the global monitor. + - See [Health Checks](/gateway/health) for operational debugging and the [full reference](/gateway/configuration-reference#gateway) for all fields. + + + Sessions control conversation continuity and isolation: diff --git a/docs/gateway/health.md b/docs/gateway/health.md index 8a6f270979a..f8bfd6a319d 100644 --- a/docs/gateway/health.md +++ b/docs/gateway/health.md @@ -24,6 +24,15 @@ Short guide to verify channel connectivity without guessing. - Session store: `ls -l ~/.openclaw/agents//sessions/sessions.json` (path can be overridden in config). Count and recent recipients are surfaced via `status`. - Relink flow: `openclaw channels logout && openclaw channels login --verbose` when status codes 409–515 or `loggedOut` appear in logs. (Note: the QR login flow auto-restarts once for status 515 after pairing.) +## Health monitor config + +- `gateway.channelHealthCheckMinutes`: how often the gateway checks channel health. Default: `5`. Set `0` to disable health-monitor restarts globally. +- `gateway.channelStaleEventThresholdMinutes`: how long a connected channel can stay idle before the health monitor treats it as stale and restarts it. Default: `30`. Keep this greater than or equal to `gateway.channelHealthCheckMinutes`. +- `gateway.channelMaxRestartsPerHour`: rolling one-hour cap for health-monitor restarts per channel/account. Default: `10`. +- `channels..healthMonitor.enabled`: disable health-monitor restarts for a specific channel while leaving global monitoring enabled. +- `channels..accounts..healthMonitor.enabled`: multi-account override that wins over the channel-level setting. +- These per-channel overrides apply to the built-in channel monitors that expose them today: Discord, Google Chat, iMessage, Microsoft Teams, Signal, Slack, Telegram, and WhatsApp. + ## When something fails - `logged out` or status 409–515 → relink with `openclaw channels logout` then `openclaw channels login`. diff --git a/extensions/telegram/src/conversation-route.ts b/extensions/telegram/src/conversation-route.ts index 20137468486..ea48592eadb 100644 --- a/extensions/telegram/src/conversation-route.ts +++ b/extensions/telegram/src/conversation-route.ts @@ -5,12 +5,12 @@ import { getSessionBindingService } from "../../../src/infra/outbound/session-bi import { buildAgentSessionKey, deriveLastRoutePolicy, - pickFirstExistingAgentId, resolveAgentRoute, } from "../../../src/routing/resolve-route.js"; import { buildAgentMainSessionKey, resolveAgentIdFromSessionKey, + sanitizeAgentId, } from "../../../src/routing/session-key.js"; import { buildTelegramGroupPeerId, @@ -56,7 +56,9 @@ export function resolveTelegramConversationRoute(params: { const rawTopicAgentId = params.topicAgentId?.trim(); if (rawTopicAgentId) { - const topicAgentId = pickFirstExistingAgentId(params.cfg, rawTopicAgentId); + // Preserve the configured topic agent ID so topic-bound sessions stay stable + // even when that agent is not present in the current config snapshot. + const topicAgentId = sanitizeAgentId(rawTopicAgentId); route = { ...route, agentId: topicAgentId, From fc2d29ea926f47c428c556e92ec981441228d2a4 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 10:50:49 -0700 Subject: [PATCH 32/34] Gateway: tighten forwarded client and pairing guards (#46800) * Gateway: tighten forwarded client and pairing guards * Gateway: make device approval scope checks atomic * Gateway: preserve device approval baseDir compatibility --- CHANGELOG.md | 1 + src/gateway/net.test.ts | 14 ++ src/gateway/net.ts | 3 + src/gateway/server-methods/devices.ts | 13 +- src/gateway/server.canvas-auth.test.ts | 42 +++++- .../server.device-pair-approve-authz.test.ts | 131 ++++++++++++++++++ src/infra/device-pairing.ts | 54 +++++++- 7 files changed, 252 insertions(+), 6 deletions(-) create mode 100644 src/gateway/server.device-pair-approve-authz.test.ts diff --git a/CHANGELOG.md b/CHANGELOG.md index 5653cc86e54..d611fcb2043 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ Docs: https://docs.openclaw.ai - Zalo Personal/group gating: stop reapplying `dmPolicy.allowFrom` as a sender gate for already-allowlisted groups when `groupAllowFrom` is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#40146) - Browser/remote CDP: honor strict browser SSRF policy during remote CDP reachability and `/json/version` discovery checks, redact sensitive `cdpUrl` tokens from status output, and warn when remote CDP targets private/internal hosts. - Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`. +- Gateway/auth: ignore spoofed loopback hops in trusted forwarding chains and block device approvals that request scopes above the caller session. Thanks @vincentkoc. - Gateway/config views: strip embedded credentials from URL-based endpoint fields before returning read-only account and config snapshots. Thanks @vincentkoc. - Tools/apply-patch: revalidate workspace-only delete and directory targets immediately before mutating host paths. Thanks @vincentkoc. - Webhooks/runtime: move auth earlier and tighten pre-auth body limits and timeouts across bundled webhook handlers, including slow-body handling for Mattermost slash commands. Thanks @vincentkoc. diff --git a/src/gateway/net.test.ts b/src/gateway/net.test.ts index 185325d5428..78ec8c05c55 100644 --- a/src/gateway/net.test.ts +++ b/src/gateway/net.test.ts @@ -209,6 +209,13 @@ describe("resolveClientIp", () => { trustedProxies: ["127.0.0.1"], expected: "10.0.0.9", }, + { + name: "ignores spoofed loopback X-Forwarded-For hops from trusted proxies", + remoteAddr: "10.0.0.50", + forwardedFor: "127.0.0.1", + trustedProxies: ["10.0.0.0/8"], + expected: undefined, + }, { name: "fails closed when all X-Forwarded-For hops are trusted proxies", remoteAddr: "127.0.0.1", @@ -216,6 +223,13 @@ describe("resolveClientIp", () => { trustedProxies: ["127.0.0.1", "::1"], expected: undefined, }, + { + name: "fails closed when all non-loopback X-Forwarded-For hops are trusted proxies", + remoteAddr: "10.0.0.50", + forwardedFor: "10.0.0.2, 10.0.0.1", + trustedProxies: ["10.0.0.0/8"], + expected: undefined, + }, { name: "fails closed when trusted proxy omits forwarding headers", remoteAddr: "127.0.0.1", diff --git a/src/gateway/net.ts b/src/gateway/net.ts index 3ea32fc1659..7a5f2eac76d 100644 --- a/src/gateway/net.ts +++ b/src/gateway/net.ts @@ -132,6 +132,9 @@ function resolveForwardedClientIp(params: { // Walk right-to-left and return the first untrusted hop. for (let index = forwardedChain.length - 1; index >= 0; index -= 1) { const hop = forwardedChain[index]; + if (isLoopbackAddress(hop)) { + continue; + } if (!isTrustedProxyAddress(hop, trustedProxies)) { return hop; } diff --git a/src/gateway/server-methods/devices.ts b/src/gateway/server-methods/devices.ts index 4becd52edcc..862aaf95f06 100644 --- a/src/gateway/server-methods/devices.ts +++ b/src/gateway/server-methods/devices.ts @@ -94,7 +94,7 @@ export const deviceHandlers: GatewayRequestHandlers = { undefined, ); }, - "device.pair.approve": async ({ params, respond, context }) => { + "device.pair.approve": async ({ params, respond, context, client }) => { if (!validateDevicePairApproveParams(params)) { respond( false, @@ -109,11 +109,20 @@ export const deviceHandlers: GatewayRequestHandlers = { return; } const { requestId } = params as { requestId: string }; - const approved = await approveDevicePairing(requestId); + const callerScopes = Array.isArray(client?.connect?.scopes) ? client.connect.scopes : []; + const approved = await approveDevicePairing(requestId, { callerScopes }); if (!approved) { respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, "unknown requestId")); return; } + if (approved.status === "forbidden") { + respond( + false, + undefined, + errorShape(ErrorCodes.INVALID_REQUEST, `missing scope: ${approved.missingScope}`), + ); + return; + } context.logGateway.info( `device pairing approved device=${approved.device.deviceId} role=${approved.device.role ?? "unknown"}`, ); diff --git a/src/gateway/server.canvas-auth.test.ts b/src/gateway/server.canvas-auth.test.ts index ab0a7c9d89d..5cdc61d57dc 100644 --- a/src/gateway/server.canvas-auth.test.ts +++ b/src/gateway/server.canvas-auth.test.ts @@ -263,7 +263,7 @@ describe("gateway canvas host auth", () => { const scopedA2ui = await fetch( `http://${host}:${listener.port}${scopedCanvasPath(activeNodeCapability, `${A2UI_PATH}/`)}`, ); - expect(scopedA2ui.status).toBe(200); + expect(scopedA2ui.status).toBe(503); await expectWsConnected(`ws://${host}:${listener.port}${activeWsPath}`); @@ -383,4 +383,44 @@ describe("gateway canvas host auth", () => { }); }); }, 60_000); + + test("rejects spoofed loopback forwarding headers from trusted proxies", async () => { + await withTempConfig({ + cfg: { + gateway: { + trustedProxies: ["127.0.0.1"], + }, + }, + run: async () => { + const rateLimiter = createAuthRateLimiter({ + maxAttempts: 1, + windowMs: 60_000, + lockoutMs: 60_000, + exemptLoopback: true, + }); + await withCanvasGatewayHarness({ + resolvedAuth: tokenResolvedAuth, + listenHost: "0.0.0.0", + rateLimiter, + handleHttpRequest: async () => false, + run: async ({ listener }) => { + const headers = { + authorization: "Bearer wrong", + host: "localhost", + "x-forwarded-for": "127.0.0.1, 203.0.113.24", + }; + const first = await fetch(`http://127.0.0.1:${listener.port}${CANVAS_HOST_PATH}/`, { + headers, + }); + expect(first.status).toBe(401); + + const second = await fetch(`http://127.0.0.1:${listener.port}${CANVAS_HOST_PATH}/`, { + headers, + }); + expect(second.status).toBe(429); + }, + }); + }, + }); + }, 60_000); }); diff --git a/src/gateway/server.device-pair-approve-authz.test.ts b/src/gateway/server.device-pair-approve-authz.test.ts new file mode 100644 index 00000000000..20c1d6d5959 --- /dev/null +++ b/src/gateway/server.device-pair-approve-authz.test.ts @@ -0,0 +1,131 @@ +import os from "node:os"; +import path from "node:path"; +import { describe, expect, test } from "vitest"; +import { WebSocket } from "ws"; +import { + loadOrCreateDeviceIdentity, + publicKeyRawBase64UrlFromPem, + type DeviceIdentity, +} from "../infra/device-identity.js"; +import { + approveDevicePairing, + getPairedDevice, + requestDevicePairing, + rotateDeviceToken, +} from "../infra/device-pairing.js"; +import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js"; +import { + connectOk, + installGatewayTestHooks, + rpcReq, + startServerWithClient, + trackConnectChallengeNonce, +} from "./test-helpers.js"; + +installGatewayTestHooks({ scope: "suite" }); + +function resolveDeviceIdentityPath(name: string): string { + const root = process.env.OPENCLAW_STATE_DIR ?? process.env.HOME ?? os.tmpdir(); + return path.join(root, "test-device-identities", `${name}.json`); +} + +function loadDeviceIdentity(name: string): { + identityPath: string; + identity: DeviceIdentity; + publicKey: string; +} { + const identityPath = resolveDeviceIdentityPath(name); + const identity = loadOrCreateDeviceIdentity(identityPath); + return { + identityPath, + identity, + publicKey: publicKeyRawBase64UrlFromPem(identity.publicKeyPem), + }; +} + +async function issuePairingScopedOperator(name: string): Promise<{ + identityPath: string; + deviceId: string; + token: string; +}> { + const loaded = loadDeviceIdentity(name); + const request = await requestDevicePairing({ + deviceId: loaded.identity.deviceId, + publicKey: loaded.publicKey, + role: "operator", + scopes: ["operator.admin"], + clientId: GATEWAY_CLIENT_NAMES.TEST, + clientMode: GATEWAY_CLIENT_MODES.TEST, + }); + await approveDevicePairing(request.request.requestId); + const rotated = await rotateDeviceToken({ + deviceId: loaded.identity.deviceId, + role: "operator", + scopes: ["operator.pairing"], + }); + expect(rotated?.token).toBeTruthy(); + return { + identityPath: loaded.identityPath, + deviceId: loaded.identity.deviceId, + token: String(rotated?.token ?? ""), + }; +} + +async function openTrackedWs(port: number): Promise { + const ws = new WebSocket(`ws://127.0.0.1:${port}`); + trackConnectChallengeNonce(ws); + await new Promise((resolve, reject) => { + const timer = setTimeout(() => reject(new Error("timeout waiting for ws open")), 5_000); + ws.once("open", () => { + clearTimeout(timer); + resolve(); + }); + ws.once("error", (error) => { + clearTimeout(timer); + reject(error); + }); + }); + return ws; +} + +describe("gateway device.pair.approve caller scope guard", () => { + test("rejects approving device scopes above the caller session scopes", async () => { + const started = await startServerWithClient("secret"); + const approver = await issuePairingScopedOperator("approve-attacker"); + const pending = loadDeviceIdentity("approve-target"); + + let pairingWs: WebSocket | undefined; + try { + const request = await requestDevicePairing({ + deviceId: pending.identity.deviceId, + publicKey: pending.publicKey, + role: "operator", + scopes: ["operator.admin"], + clientId: GATEWAY_CLIENT_NAMES.TEST, + clientMode: GATEWAY_CLIENT_MODES.TEST, + }); + + pairingWs = await openTrackedWs(started.port); + await connectOk(pairingWs, { + skipDefaultAuth: true, + deviceToken: approver.token, + deviceIdentityPath: approver.identityPath, + scopes: ["operator.pairing"], + }); + + const approve = await rpcReq(pairingWs, "device.pair.approve", { + requestId: request.request.requestId, + }); + expect(approve.ok).toBe(false); + expect(approve.error?.message).toBe("missing scope: operator.admin"); + + const paired = await getPairedDevice(pending.identity.deviceId); + expect(paired).toBeNull(); + } finally { + pairingWs?.close(); + started.ws.close(); + await started.server.close(); + started.envSnapshot.restore(); + } + }); +}); diff --git a/src/infra/device-pairing.ts b/src/infra/device-pairing.ts index d16cd06f0cc..b452e951bc8 100644 --- a/src/infra/device-pairing.ts +++ b/src/infra/device-pairing.ts @@ -80,6 +80,11 @@ export type DevicePairingList = { paired: PairedDevice[]; }; +export type ApproveDevicePairingResult = + | { status: "approved"; requestId: string; device: PairedDevice } + | { status: "forbidden"; missingScope: string } + | null; + type DevicePairingStateFile = { pendingById: Record; pairedByDeviceId: Record; @@ -246,6 +251,25 @@ function scopesWithinApprovedDeviceBaseline(params: { }); } +function resolveMissingRequestedScope(params: { + role: string; + requestedScopes: readonly string[]; + callerScopes: readonly string[]; +}): string | null { + for (const scope of params.requestedScopes) { + if ( + !roleScopesAllow({ + role: params.role, + requestedScopes: [scope], + allowedScopes: params.callerScopes, + }) + ) { + return scope; + } + } + return null; +} + export async function listDevicePairing(baseDir?: string): Promise { const state = await loadState(baseDir); const pending = Object.values(state.pendingById).toSorted((a, b) => b.ts - a.ts); @@ -263,6 +287,14 @@ export async function getPairedDevice( return state.pairedByDeviceId[normalizeDeviceId(deviceId)] ?? null; } +export async function getPendingDevicePairing( + requestId: string, + baseDir?: string, +): Promise { + const state = await loadState(baseDir); + return state.pendingById[requestId] ?? null; +} + export async function requestDevicePairing( req: Omit, baseDir?: string, @@ -313,14 +345,30 @@ export async function requestDevicePairing( export async function approveDevicePairing( requestId: string, - baseDir?: string, -): Promise<{ requestId: string; device: PairedDevice } | null> { + optionsOrBaseDir?: { callerScopes?: readonly string[] } | string, + maybeBaseDir?: string, +): Promise { + const options = + typeof optionsOrBaseDir === "string" || optionsOrBaseDir === undefined + ? undefined + : optionsOrBaseDir; + const baseDir = typeof optionsOrBaseDir === "string" ? optionsOrBaseDir : maybeBaseDir; return await withLock(async () => { const state = await loadState(baseDir); const pending = state.pendingById[requestId]; if (!pending) { return null; } + if (pending.role && options?.callerScopes) { + const missingScope = resolveMissingRequestedScope({ + role: pending.role, + requestedScopes: normalizeDeviceAuthScopes(pending.scopes), + callerScopes: options.callerScopes, + }); + if (missingScope) { + return { status: "forbidden", missingScope }; + } + } const now = Date.now(); const existing = state.pairedByDeviceId[pending.deviceId]; const roles = mergeRoles(existing?.roles, existing?.role, pending.roles, pending.role); @@ -373,7 +421,7 @@ export async function approveDevicePairing( delete state.pendingById[requestId]; state.pairedByDeviceId[device.deviceId] = device; await persistState(state, baseDir); - return { requestId, device }; + return { status: "approved", requestId, device }; }); } From 630958749c7b23cdd287f489143825b2fbebf149 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 10:54:21 -0700 Subject: [PATCH 33/34] Changelog: note CLI OOM startup fixes (#47525) --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d611fcb2043..65bee8da1aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -59,6 +59,9 @@ Docs: https://docs.openclaw.ai - Tlon: honor explicit empty allowlists and defer cite expansion. (#46788) Thanks @zpbrent and @vincentkoc. - ACP: require admin scope for mutating internal actions. (#46789) Thanks @tdjackey and @vincentkoc. - Gateway/config validation: stop treating the implicit default memory slot as a required explicit plugin config, so startup no longer fails with `plugins.slots.memory: plugin not found: memory-core` when `memory-core` was only inferred. (#47494) Thanks @ngutman. +- CLI/startup: lazy-load channel add and root help startup paths to trim avoidable RSS and help latency on constrained hosts. (#46784) Thanks @vincentkoc. +- CLI/onboarding: import static provider definitions directly for onboarding model/config helpers so those paths no longer pull provider discovery just for built-in defaults. (#47467) Thanks @vincentkoc. +- CLI/auth choice: lazy-load plugin/provider fallback resolution so mapped auth choices stay on the static path and only unknown choices pay the heavy provider load. (#47495) Thanks @vincentkoc. ## 2026.3.13 From 438991b6a430d0187f4320b94c3eb06dfabf0463 Mon Sep 17 00:00:00 2001 From: Vincent Koc Date: Sun, 15 Mar 2026 10:54:46 -0700 Subject: [PATCH 34/34] Commands: lazy-load model picker provider runtime (#47536) * Commands: lazy-load model picker provider runtime * Tests: cover model picker runtime boundary --- src/commands/model-picker.runtime.ts | 7 ++++ src/commands/model-picker.test.ts | 19 +++++---- src/commands/model-picker.ts | 59 ++++++++++++++++++---------- 3 files changed, 54 insertions(+), 31 deletions(-) create mode 100644 src/commands/model-picker.runtime.ts diff --git a/src/commands/model-picker.runtime.ts b/src/commands/model-picker.runtime.ts new file mode 100644 index 00000000000..74c4f68c605 --- /dev/null +++ b/src/commands/model-picker.runtime.ts @@ -0,0 +1,7 @@ +export { + resolveProviderModelPickerEntries, + resolveProviderPluginChoice, + runProviderModelSelectedHook, +} from "../plugins/provider-wizard.js"; +export { resolvePluginProviders } from "../plugins/providers.js"; +export { runProviderPluginAuthMethod } from "./auth-choice.apply.plugin-provider.js"; diff --git a/src/commands/model-picker.test.ts b/src/commands/model-picker.test.ts index ef8b6a3887b..ce8c4bfb9f6 100644 --- a/src/commands/model-picker.test.ts +++ b/src/commands/model-picker.test.ts @@ -1,4 +1,4 @@ -import { describe, expect, it, vi } from "vitest"; +import { beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; import { applyModelAllowlist, @@ -37,19 +37,13 @@ vi.mock("../agents/model-auth.js", () => ({ const resolveProviderModelPickerEntries = vi.hoisted(() => vi.fn(() => [])); const resolveProviderPluginChoice = vi.hoisted(() => vi.fn()); const runProviderModelSelectedHook = vi.hoisted(() => vi.fn(async () => {})); -vi.mock("../plugins/provider-wizard.js", () => ({ +const resolvePluginProviders = vi.hoisted(() => vi.fn(() => [])); +const runProviderPluginAuthMethod = vi.hoisted(() => vi.fn()); +vi.mock("./model-picker.runtime.js", () => ({ resolveProviderModelPickerEntries, resolveProviderPluginChoice, runProviderModelSelectedHook, -})); - -const resolvePluginProviders = vi.hoisted(() => vi.fn(() => [])); -vi.mock("../plugins/providers.js", () => ({ resolvePluginProviders, -})); - -const runProviderPluginAuthMethod = vi.hoisted(() => vi.fn()); -vi.mock("./auth-choice.apply.plugin-provider.js", () => ({ runProviderPluginAuthMethod, })); @@ -77,6 +71,10 @@ function createSelectAllMultiselect() { return vi.fn(async (params) => params.options.map((option: { value: string }) => option.value)); } +beforeEach(() => { + vi.clearAllMocks(); +}); + describe("promptDefaultModel", () => { it("supports configuring vLLM during onboarding", async () => { loadModelCatalog.mockResolvedValue([ @@ -211,6 +209,7 @@ describe("router model filtering", () => { const allowlistCall = multiselect.mock.calls[0]?.[0]; expectRouterModelFiltering(allowlistCall?.options as Array<{ value: string }>); expect(allowlistCall?.searchable).toBe(true); + expect(runProviderPluginAuthMethod).not.toHaveBeenCalled(); }); }); diff --git a/src/commands/model-picker.ts b/src/commands/model-picker.ts index 2e97a01a977..64d9e533e1f 100644 --- a/src/commands/model-picker.ts +++ b/src/commands/model-picker.ts @@ -11,14 +11,8 @@ import { } from "../agents/model-selection.js"; import type { OpenClawConfig } from "../config/config.js"; import { resolveAgentModelPrimaryValue } from "../config/model-input.js"; -import { - resolveProviderPluginChoice, - resolveProviderModelPickerEntries, - runProviderModelSelectedHook, -} from "../plugins/provider-wizard.js"; -import { resolvePluginProviders } from "../plugins/providers.js"; +import type { ProviderPlugin } from "../plugins/types.js"; import type { WizardPrompter, WizardSelectOption } from "../wizard/prompts.js"; -import { runProviderPluginAuthMethod } from "./auth-choice.apply.plugin-provider.js"; import { formatTokenK } from "./models/shared.js"; import { OPENAI_CODEX_DEFAULT_MODEL } from "./openai-codex-model-default.js"; @@ -49,6 +43,10 @@ type PromptDefaultModelParams = { type PromptDefaultModelResult = { model?: string; config?: OpenClawConfig }; type PromptModelAllowlistResult = { models?: string[] }; +async function loadModelPickerRuntime() { + return import("./model-picker.runtime.js"); +} + function hasAuthForProvider( provider: string, cfg: OpenClawConfig, @@ -295,6 +293,7 @@ export async function promptDefaultModel( options.push({ value: MANUAL_VALUE, label: "Enter model manually" }); } if (includeProviderPluginSetups && agentDir) { + const { resolveProviderModelPickerEntries } = await loadModelPickerRuntime(); options.push( ...resolveProviderModelPickerEntries({ config: cfg, @@ -347,20 +346,24 @@ export async function promptDefaultModel( initialValue: configuredRaw || resolvedKey || undefined, }); } - const pluginProviders = resolvePluginProviders({ - config: cfg, - workspaceDir: params.workspaceDir, - env: params.env, - }); - const pluginResolution = selection.startsWith("provider-plugin:") - ? selection - : selection.includes("/") - ? null - : pluginProviders.some( - (provider) => normalizeProviderId(provider.id) === normalizeProviderId(selection), - ) - ? selection - : null; + + let pluginResolution: string | null = null; + let pluginProviders: ProviderPlugin[] = []; + if (selection.startsWith("provider-plugin:")) { + pluginResolution = selection; + } else if (!selection.includes("/")) { + const { resolvePluginProviders } = await loadModelPickerRuntime(); + pluginProviders = resolvePluginProviders({ + config: cfg, + workspaceDir: params.workspaceDir, + env: params.env, + }); + pluginResolution = pluginProviders.some( + (provider) => normalizeProviderId(provider.id) === normalizeProviderId(selection), + ) + ? selection + : null; + } if (pluginResolution) { if (!agentDir || !params.runtime) { await params.prompter.note( @@ -369,6 +372,19 @@ export async function promptDefaultModel( ); return {}; } + const { + resolvePluginProviders, + resolveProviderPluginChoice, + runProviderModelSelectedHook, + runProviderPluginAuthMethod, + } = await loadModelPickerRuntime(); + if (pluginProviders.length === 0) { + pluginProviders = resolvePluginProviders({ + config: cfg, + workspaceDir: params.workspaceDir, + env: params.env, + }); + } const resolved = resolveProviderPluginChoice({ providers: pluginProviders, choice: pluginResolution, @@ -397,6 +413,7 @@ export async function promptDefaultModel( return { model: applied.defaultModel, config: applied.config }; } const model = String(selection); + const { runProviderModelSelectedHook } = await loadModelPickerRuntime(); await runProviderModelSelectedHook({ config: cfg, model,