diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 00000000000..34992fc7a0e
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,9 @@
+# Protect the ownership rules themselves.
+/.github/CODEOWNERS @steipete
+
+# Release workflow and its supporting release-path checks.
+/.github/workflows/openclaw-npm-release.yml @openclaw/openclaw-release-managers
+/docs/reference/RELEASING.md @openclaw/openclaw-release-managers
+/scripts/openclaw-npm-publish.sh @openclaw/openclaw-release-managers
+/scripts/openclaw-npm-release-check.ts @openclaw/openclaw-release-managers
+/scripts/release-check.ts @openclaw/openclaw-release-managers
diff --git a/.github/labeler.yml b/.github/labeler.yml
index ffe55984ac6..91c202b7ed6 100644
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -6,7 +6,6 @@
 "channel: discord":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/discord/**"
           - "extensions/discord/**"
           - "docs/channels/discord.md"
 "channel: irc":
@@ -28,7 +27,6 @@
 "channel: imessage":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/imessage/**"
           - "extensions/imessage/**"
           - "docs/channels/imessage.md"
 "channel: line":
@@ -64,19 +62,16 @@
 "channel: signal":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/signal/**"
           - "extensions/signal/**"
           - "docs/channels/signal.md"
 "channel: slack":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/slack/**"
           - "extensions/slack/**"
           - "docs/channels/slack.md"
 "channel: telegram":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/telegram/**"
           - "extensions/telegram/**"
           - "docs/channels/telegram.md"
 "channel: tlon":
@@ -96,7 +91,6 @@
 "channel: whatsapp-web":
   - changed-files:
       - any-glob-to-any-file:
-          - "src/web/**"
           - "extensions/whatsapp/**"
           - "docs/channels/whatsapp.md"
 "channel: zalo":
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 00670107d00..a11e7331e5a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -159,6 +159,9 @@ jobs:
           - runtime: node
             task: extensions
             command: pnpm test:extensions
+          - runtime: node
+            task: channels
+            command: pnpm test:channels
           - runtime: node
             task: protocol
             command: pnpm protocol:check
diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
index f4128cddc88..5eaba459957 100644
--- a/.github/workflows/docker-release.yml
+++ b/.github/workflows/docker-release.yml
@@ -12,9 +12,15 @@ on:
       - "**/*.mdx"
       - ".agents/**"
       - "skills/**"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: Existing release tag to backfill (for example v2026.3.13)
+        required: true
+        type: string
 
 concurrency:
-  group: docker-release-${{ github.workflow }}-${{ github.ref }}
+  group: docker-release-${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref }}
   cancel-in-progress: false
 
 env:
@@ -23,9 +29,48 @@ env:
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
+  validate_manual_backfill:
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: Validate tag input format
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
+        run: |
+          set -euo pipefail
+          if [[ ! "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*(-beta\.[1-9][0-9]*)?$ ]]; then
+            echo "Invalid release tag: ${RELEASE_TAG}"
+            exit 1
+          fi
+
+      - name: Checkout selected tag
+        uses: actions/checkout@v6
+        with:
+          ref: refs/tags/${{ inputs.tag }}
+          fetch-depth: 0
+
+  approve_manual_backfill:
+    if: github.event_name == 'workflow_dispatch'
+    needs: validate_manual_backfill
+    # WARNING: KEEP MANUAL BACKFILLS GATED BY THE docker-release ENVIRONMENT.
+    runs-on: ubuntu-24.04
+    environment: docker-release
+    steps:
+      - name: Approve Docker backfill
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
+        run: echo "Approved Docker backfill for $RELEASE_TAG"
+
+  # KEEP THIS WORKFLOW ON GITHUB-HOSTED RUNNERS.
+  # DO NOT MOVE IT BACK TO BLACKSMITH WITHOUT RE-VALIDATING TAG BUILDS AND BACKFILLS.
   # Build amd64 images (default + slim share the build stage cache)
   build-amd64:
-    runs-on: blacksmith-16vcpu-ubuntu-2404
+    needs: [approve_manual_backfill]
+    if: ${{ always() && (github.event_name != 'workflow_dispatch' || needs.approve_manual_backfill.result == 'success') }}
+    # WARNING: DO NOT REVERT THIS TO A BLACKSMITH RUNNER WITHOUT RE-VALIDATING TAG BACKFILLS.
+    runs-on: ubuntu-24.04
     permissions:
       packages: write
       contents: read
@@ -35,6 +80,9 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
+          fetch-depth: 0
 
       - name: Set up Docker Builder
         uses: docker/setup-buildx-action@v4
@@ -51,21 +99,22 @@ jobs:
         shell: bash
         env:
           IMAGE: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          SOURCE_REF: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
         run: |
           set -euo pipefail
           tags=()
           slim_tags=()
-          if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
+          if [[ "${SOURCE_REF}" == "refs/heads/main" ]]; then
             tags+=("${IMAGE}:main-amd64")
             slim_tags+=("${IMAGE}:main-slim-amd64")
           fi
-          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
-            version="${GITHUB_REF#refs/tags/v}"
+          if [[ "${SOURCE_REF}" == refs/tags/v* ]]; then
+            version="${SOURCE_REF#refs/tags/v}"
             tags+=("${IMAGE}:${version}-amd64")
             slim_tags+=("${IMAGE}:${version}-slim-amd64")
           fi
           if [[ ${#tags[@]} -eq 0 ]]; then
-            echo "::error::No amd64 tags resolved for ref ${GITHUB_REF}"
+            echo "::error::No amd64 tags resolved for ref ${SOURCE_REF}"
             exit 1
           fi
           {
@@ -82,19 +131,22 @@ jobs:
       - name: Resolve OCI labels (amd64)
         id: labels
         shell: bash
+        env:
+          SOURCE_REF: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
         run: |
           set -euo pipefail
-          version="${GITHUB_SHA}"
-          if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
+          source_sha="$(git rev-parse HEAD)"
+          version="${source_sha}"
+          if [[ "${SOURCE_REF}" == "refs/heads/main" ]]; then
             version="main"
           fi
-          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
-            version="${GITHUB_REF#refs/tags/v}"
+          if [[ "${SOURCE_REF}" == refs/tags/v* ]]; then
+            version="${SOURCE_REF#refs/tags/v}"
           fi
           created="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
           {
             echo "value<<EOF"
-            echo "org.opencontainers.image.revision=${GITHUB_SHA}"
+            echo "org.opencontainers.image.revision=${source_sha}"
             echo "org.opencontainers.image.version=${version}"
             echo "org.opencontainers.image.created=${created}"
             echo "EOF"
@@ -102,7 +154,8 @@ jobs:
 
       - name: Build and push amd64 image
         id: build
-        uses: useblacksmith/build-push-action@v2
+        # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY.
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64
@@ -113,7 +166,8 @@ jobs:
 
       - name: Build and push amd64 slim image
         id: build-slim
-        uses: useblacksmith/build-push-action@v2
+        # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY.
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64
@@ -126,7 +180,10 @@ jobs:
 
   # Build arm64 images (default + slim share the build stage cache)
   build-arm64:
-    runs-on: blacksmith-16vcpu-ubuntu-2404-arm
+    needs: [approve_manual_backfill]
+    if: ${{ always() && (github.event_name != 'workflow_dispatch' || needs.approve_manual_backfill.result == 'success') }}
+    # WARNING: DO NOT REVERT THIS TO A BLACKSMITH RUNNER WITHOUT RE-VALIDATING TAG BACKFILLS.
+    runs-on: ubuntu-24.04-arm
     permissions:
       packages: write
       contents: read
@@ -136,6 +193,9 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
+          fetch-depth: 0
 
       - name: Set up Docker Builder
         uses: docker/setup-buildx-action@v4
@@ -152,21 +212,22 @@ jobs:
         shell: bash
         env:
           IMAGE: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          SOURCE_REF: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
         run: |
           set -euo pipefail
           tags=()
           slim_tags=()
-          if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
+          if [[ "${SOURCE_REF}" == "refs/heads/main" ]]; then
             tags+=("${IMAGE}:main-arm64")
             slim_tags+=("${IMAGE}:main-slim-arm64")
           fi
-          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
-            version="${GITHUB_REF#refs/tags/v}"
+          if [[ "${SOURCE_REF}" == refs/tags/v* ]]; then
+            version="${SOURCE_REF#refs/tags/v}"
             tags+=("${IMAGE}:${version}-arm64")
             slim_tags+=("${IMAGE}:${version}-slim-arm64")
           fi
           if [[ ${#tags[@]} -eq 0 ]]; then
-            echo "::error::No arm64 tags resolved for ref ${GITHUB_REF}"
+            echo "::error::No arm64 tags resolved for ref ${SOURCE_REF}"
             exit 1
           fi
           {
@@ -183,19 +244,22 @@ jobs:
       - name: Resolve OCI labels (arm64)
         id: labels
         shell: bash
+        env:
+          SOURCE_REF: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
         run: |
           set -euo pipefail
-          version="${GITHUB_SHA}"
-          if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
+          source_sha="$(git rev-parse HEAD)"
+          version="${source_sha}"
+          if [[ "${SOURCE_REF}" == "refs/heads/main" ]]; then
             version="main"
           fi
-          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
-            version="${GITHUB_REF#refs/tags/v}"
+          if [[ "${SOURCE_REF}" == refs/tags/v* ]]; then
+            version="${SOURCE_REF#refs/tags/v}"
           fi
           created="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
           {
             echo "value<<EOF"
-            echo "org.opencontainers.image.revision=${GITHUB_SHA}"
+            echo "org.opencontainers.image.revision=${source_sha}"
             echo "org.opencontainers.image.version=${version}"
             echo "org.opencontainers.image.created=${created}"
             echo "EOF"
@@ -203,7 +267,8 @@ jobs:
 
       - name: Build and push arm64 image
         id: build
-        uses: useblacksmith/build-push-action@v2
+        # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY.
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/arm64
@@ -214,7 +279,8 @@ jobs:
 
       - name: Build and push arm64 slim image
         id: build-slim
-        uses: useblacksmith/build-push-action@v2
+        # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY.
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/arm64
@@ -227,14 +293,19 @@ jobs:
 
   # Create multi-platform manifests
   create-manifest:
-    runs-on: blacksmith-16vcpu-ubuntu-2404
+    needs: [approve_manual_backfill, build-amd64, build-arm64]
+    if: ${{ always() && needs.build-amd64.result == 'success' && needs.build-arm64.result == 'success' && (github.event_name != 'workflow_dispatch' || needs.approve_manual_backfill.result == 'success') }}
+    # WARNING: DO NOT REVERT THIS TO A BLACKSMITH RUNNER WITHOUT RE-VALIDATING TAG BACKFILLS.
+    runs-on: ubuntu-24.04
     permissions:
       packages: write
       contents: read
-    needs: [build-amd64, build-arm64]
     steps:
       - name: Checkout
         uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
+          fetch-depth: 0
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v4
@@ -248,25 +319,28 @@ jobs:
         shell: bash
         env:
           IMAGE: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          SOURCE_REF: ${{ github.event_name == 'workflow_dispatch' && format('refs/tags/{0}', inputs.tag) || github.ref }}
+          IS_MANUAL_BACKFILL: ${{ github.event_name == 'workflow_dispatch' && '1' || '0' }}
         run: |
           set -euo pipefail
           tags=()
           slim_tags=()
-          if [[ "${GITHUB_REF}" == "refs/heads/main" ]]; then
+          if [[ "${SOURCE_REF}" == "refs/heads/main" ]]; then
             tags+=("${IMAGE}:main")
             slim_tags+=("${IMAGE}:main-slim")
           fi
-          if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
-            version="${GITHUB_REF#refs/tags/v}"
+          if [[ "${SOURCE_REF}" == refs/tags/v* ]]; then
+            version="${SOURCE_REF#refs/tags/v}"
             tags+=("${IMAGE}:${version}")
             slim_tags+=("${IMAGE}:${version}-slim")
-            if [[ "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?$ ]]; then
+            # Manual backfills should only republish the requested version tags.
+            if [[ "${IS_MANUAL_BACKFILL}" != "1" && "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[0-9]+)?$ ]]; then
               tags+=("${IMAGE}:latest")
               slim_tags+=("${IMAGE}:slim")
             fi
           fi
           if [[ ${#tags[@]} -eq 0 ]]; then
-            echo "::error::No manifest tags resolved for ref ${GITHUB_REF}"
+            echo "::error::No manifest tags resolved for ref ${SOURCE_REF}"
             exit 1
           fi
           {
diff --git a/.github/workflows/openclaw-npm-release.yml b/.github/workflows/openclaw-npm-release.yml
index ac0a8f728e3..c7f53567612 100644
--- a/.github/workflows/openclaw-npm-release.yml
+++ b/.github/workflows/openclaw-npm-release.yml
@@ -4,9 +4,15 @@ on:
   push:
     tags:
       - "v*"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: Release tag to publish (for example v2026.3.14, v2026.3.14-beta.1, or fallback v2026.3.14-1)
+        required: true
+        type: string
 
 concurrency:
-  group: openclaw-npm-release-${{ github.ref }}
+  group: openclaw-npm-release-${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref }}
   cancel-in-progress: false
 
 env:
@@ -15,12 +21,11 @@ env:
   PNPM_VERSION: "10.23.0"
 
 jobs:
-  publish_openclaw_npm:
-    # npm trusted publishing + provenance requires a GitHub-hosted runner.
+  preview_openclaw_npm:
+    if: github.event_name == 'push'
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@v6
@@ -35,13 +40,131 @@ jobs:
           install-bun: "false"
           use-sticky-disk: "false"
 
+      - name: Print release plan
+        env:
+          RELEASE_TAG: ${{ github.ref_name }}
+        run: |
+          set -euo pipefail
+          RELEASE_SHA=$(git rev-parse HEAD)
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          if [[ "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*-[1-9][0-9]*$ ]]; then
+            TAG_KIND="fallback correction"
+          else
+            TAG_KIND="standard"
+          fi
+          echo "Release plan for ${RELEASE_TAG}:"
+          echo "Resolved release SHA: ${RELEASE_SHA}"
+          echo "Resolved package version: ${PACKAGE_VERSION}"
+          echo "Resolved tag kind: ${TAG_KIND}"
+          if [[ "${TAG_KIND}" == "fallback correction" ]]; then
+            echo "Correction tag note: npm version remains ${PACKAGE_VERSION}"
+          fi
+          echo "Would run: git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main"
+          echo "Would run with env: RELEASE_SHA=${RELEASE_SHA} RELEASE_TAG=${RELEASE_TAG} RELEASE_MAIN_REF=origin/main pnpm release:openclaw:npm:check"
+          echo "Would run: npm view openclaw@${PACKAGE_VERSION} version"
+          echo "Would run: pnpm check"
+          echo "Would run: pnpm build"
+          echo "Would run: pnpm release:check"
+
       - name: Validate release tag and package metadata
         env:
-          RELEASE_SHA: ${{ github.sha }}
           RELEASE_TAG: ${{ github.ref_name }}
           RELEASE_MAIN_REF: origin/main
+        run: |
+          set -euxo pipefail
+          RELEASE_SHA=$(git rev-parse HEAD)
+          export RELEASE_SHA RELEASE_TAG RELEASE_MAIN_REF
+          # Fetch the full main ref so merge-base ancestry checks keep working
+          # for older tagged commits that are still contained in main.
+          git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
+          pnpm release:openclaw:npm:check
+
+      - name: Ensure version is not already published
+        env:
+          RELEASE_TAG: ${{ github.ref_name }}
+        run: |
+          set -euxo pipefail
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          IS_CORRECTION_TAG=0
+          if [[ "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*-[1-9][0-9]*$ ]]; then
+            IS_CORRECTION_TAG=1
+          fi
+
+          if npm view "openclaw@${PACKAGE_VERSION}" version >/dev/null 2>&1; then
+            if [[ "${IS_CORRECTION_TAG}" == "1" ]]; then
+              echo "openclaw@${PACKAGE_VERSION} is already published on npm."
+              echo "Correction tag ${RELEASE_TAG} is allowed as a fallback release tag, so preview will continue without treating this as an error."
+              exit 0
+            fi
+            echo "openclaw@${PACKAGE_VERSION} is already published on npm."
+            exit 1
+          fi
+
+          if [[ "${IS_CORRECTION_TAG}" == "1" ]]; then
+            echo "Previewing fallback correction tag ${RELEASE_TAG} for npm version openclaw@${PACKAGE_VERSION}"
+          else
+            echo "Previewing openclaw@${PACKAGE_VERSION}"
+          fi
+
+      - name: Check
+        run: |
+          set -euxo pipefail
+          pnpm check
+
+      - name: Build
+        run: |
+          set -euxo pipefail
+          pnpm build
+
+      - name: Verify release contents
+        run: |
+          set -euxo pipefail
+          pnpm release:check
+
+      - name: Preview publish command
+        run: bash scripts/openclaw-npm-publish.sh --dry-run
+
+  publish_openclaw_npm:
+    if: github.event_name == 'workflow_dispatch'
+    # npm trusted publishing + provenance requires a GitHub-hosted runner.
+    runs-on: ubuntu-latest
+    environment: npm-release
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Validate tag input format
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
         run: |
           set -euo pipefail
+          if [[ ! "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*((-beta\.[1-9][0-9]*)|(-[1-9][0-9]*))?$ ]]; then
+            echo "Invalid release tag format: ${RELEASE_TAG}"
+            exit 1
+          fi
+
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          ref: refs/tags/${{ inputs.tag }}
+          fetch-depth: 0
+
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          pnpm-version: ${{ env.PNPM_VERSION }}
+          install-bun: "false"
+          use-sticky-disk: "false"
+
+      - name: Validate release tag and package metadata
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
+          RELEASE_MAIN_REF: origin/main
+        run: |
+          set -euo pipefail
+          RELEASE_SHA=$(git rev-parse HEAD)
+          export RELEASE_SHA RELEASE_TAG RELEASE_MAIN_REF
           # Fetch the full main ref so merge-base ancestry checks keep working
           # for older tagged commits that are still contained in main.
           git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
@@ -69,12 +192,4 @@ jobs:
         run: pnpm release:check
 
       - name: Publish
-        run: |
-          set -euo pipefail
-          PACKAGE_VERSION=$(node -p "require('./package.json').version")
-
-          if [[ "$PACKAGE_VERSION" == *-beta.* ]]; then
-            npm publish --access public --tag beta --provenance
-          else
-            npm publish --access public --provenance
-          fi
+        run: bash scripts/openclaw-npm-publish.sh --publish
diff --git a/AGENTS.md b/AGENTS.md
index 5112a8241df..0b1e17c8b3e 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -132,6 +132,7 @@
 - Framework: Vitest with V8 coverage thresholds (70% lines/branches/functions/statements).
 - Naming: match source names with `*.test.ts`; e2e in `*.e2e.test.ts`.
 - Run `pnpm test` (or `pnpm test:coverage`) before pushing when you touch logic.
+- For targeted/local debugging, keep using the wrapper: `pnpm test -- <path-or-filter> [vitest args...]` (for example `pnpm test -- src/commands/onboard-search.test.ts -t "shows registered plugin providers"`); do not default to raw `pnpm vitest run ...` because it bypasses wrapper config/profile/pool routing.
 - Do not set test workers above 16; tried already.
 - If local Vitest runs cause memory pressure (common on non-Mac-Studio hosts), use `OPENCLAW_TEST_PROFILE=low OPENCLAW_TEST_SERIAL_GATEWAY=1 pnpm test` for land/gate runs.
 - Live tests (real keys): `CLAWDBOT_LIVE_TEST=1 pnpm test:live` (OpenClaw-only) or `LIVE=1 pnpm test:live` (includes provider live tests). Docker: `pnpm test:docker:live-models`, `pnpm test:docker:live-gateway`. Onboarding Docker E2E: `pnpm test:docker:onboard`.
@@ -202,15 +203,43 @@
 
 - Vocabulary: "makeup" = "mac app".
 - Parallels macOS retests: use the snapshot most closely named like `macOS 26.3.1 fresh` when the user asks for a clean/fresh macOS rerun; avoid older Tahoe snapshots unless explicitly requested.
+- Parallels beta smoke: use `--target-package-spec openclaw@<beta-version>` for the beta artifact, and pin the stable side with both `--install-version <stable-version>` and `--latest-version <stable-version>` for upgrade runs. npm dist-tags can move mid-run.
+- Parallels beta smoke, Windows nuance: old stable `2026.3.12` still prints the Unicode Windows onboarding banner, so mojibake during the stable precheck log is expected there. Judge the beta package by the post-upgrade lane.
 - Parallels macOS smoke playbook:
   - `prlctl exec` is fine for deterministic repo commands, but it can misrepresent interactive shell behavior (`PATH`, `HOME`, `curl | bash`, shebang resolution). For installer parity or shell-sensitive repros, prefer the guest Terminal or `prlctl enter`.
   - Fresh Tahoe snapshot current reality: `brew` exists, `node` may not be on `PATH` in noninteractive guest exec. Use absolute `/opt/homebrew/bin/node` for repo/CLI runs when needed.
   - Preferred automation entrypoint: `pnpm test:parallels:macos`. It restores the snapshot most closely matching `macOS 26.3.1 fresh`, serves the current `main` tarball from the host, then runs fresh-install and latest-release-to-main smoke lanes.
+  - Gateway verification in smoke runs should use `openclaw gateway status --deep --require-rpc`, not plain `--deep`, so probe failures go non-zero.
+  - Latest-release pre-upgrade diagnostics still need compatibility fallback: stable `2026.3.12` does not know `--require-rpc`, so precheck status dumps should fall back to plain `gateway status --deep` until the guest is upgraded.
   - Harness output: pass `--json` for machine-readable summary; per-phase logs land under `/tmp/openclaw-parallels-smoke.*`.
+  - All-OS parallel runs should share the host `dist` build via `/tmp/openclaw-parallels-build.lock` instead of rebuilding three times.
+  - Current expected outcome on latest stable pre-upgrade: `precheck=latest-ref-fail` is normal on `2026.3.12`; treat it as a baseline signal, not a regression, unless the post-upgrade `main` lane also fails.
   - Fresh host-served tgz install: restore fresh snapshot, install tgz as guest root with `HOME=/var/root`, then run onboarding as the desktop user via `prlctl exec --current-user`.
   - For `openclaw onboard --non-interactive --secret-input-mode ref --install-daemon`, expect env-backed auth-profile refs (for example `OPENAI_API_KEY`) to be copied into the service env at install time; this path was fixed and should stay green.
   - Don’t run local + gateway agent turns in parallel on the same fresh workspace/session; they can collide on the session lock. Run sequentially.
   - Root-installed tarball smoke on Tahoe can still log plugin blocks for world-writable `extensions/*` under `/opt/homebrew/lib/node_modules/openclaw`; treat that as separate from onboarding/gateway health unless the task is plugin loading.
+- Parallels Windows smoke playbook:
+  - Preferred automation entrypoint: `pnpm test:parallels:windows`. It restores the snapshot most closely matching `pre-openclaw-native-e2e-2026-03-12`, serves the current `main` tarball from the host, then runs fresh-install and latest-release-to-main smoke lanes.
+  - Gateway verification in smoke runs should use `openclaw gateway status --deep --require-rpc`, not plain `--deep`, so probe failures go non-zero.
+  - Latest-release pre-upgrade diagnostics still need compatibility fallback: stable `2026.3.12` does not know `--require-rpc`, so precheck status dumps should fall back to plain `gateway status --deep` until the guest is upgraded.
+  - Always use `prlctl exec --current-user` for Windows guest runs; plain `prlctl exec` lands in `NT AUTHORITY\SYSTEM` and does not match the real desktop-user install path.
+  - Prefer explicit `npm.cmd` / `openclaw.cmd`. Bare `npm` / `openclaw` in PowerShell can hit the `.ps1` shim and fail under restrictive execution policy.
+  - Use PowerShell only as the transport (`powershell.exe -NoProfile -ExecutionPolicy Bypass`) and call the `.cmd` shims explicitly from inside it.
+  - Harness output: pass `--json` for machine-readable summary; per-phase logs land under `/tmp/openclaw-parallels-windows.*`.
+  - Current expected outcome on latest stable pre-upgrade: `precheck=latest-ref-fail` is normal on `2026.3.12`; treat it as a baseline signal, not a regression, unless the post-upgrade `main` lane also fails.
+  - Keep Windows onboarding/status text ASCII-clean in logs. Fancy punctuation in banners shows up as mojibake through the current guest PowerShell capture path.
+- Parallels Linux smoke playbook:
+  - Preferred automation entrypoint: `pnpm test:parallels:linux`. It restores the snapshot most closely matching `fresh` on `Ubuntu 24.04.3 ARM64`, serves the current `main` tarball from the host, then runs fresh-install and latest-release-to-main smoke lanes.
+  - Use plain `prlctl exec` on this snapshot. `--current-user` is not the right transport there.
+  - Fresh snapshot reality: `curl` is missing and `apt-get update` can fail on clock skew. Bootstrap with `apt-get -o Acquire::Check-Date=false update` and install `curl ca-certificates` before testing installer paths.
+  - Fresh `main` tgz smoke on Linux still needs the latest-release installer first, because this snapshot has no Node/npm before bootstrap. The harness does stable bootstrap first, then overlays current `main`.
+  - This snapshot does not have a usable `systemd --user` session. Treat managed daemon install as unsupported here; use `--skip-health`, then verify with direct `openclaw gateway run --bind loopback --port 18789 --force`.
+  - Env-backed auth refs are still fine, but any direct shell launch (`openclaw gateway run`, `openclaw agent --local`, Linux `gateway status --deep` against that direct run) must inherit the referenced env vars in the same shell.
+  - `prlctl exec` reaps detached Linux child processes on this snapshot, so a background `openclaw gateway run` launched from automation is not a trustworthy smoke path. The harness verifies installer + `agent --local`; do direct gateway checks only from an interactive guest shell when needed.
+  - When you do run Linux gateway checks manually from an interactive guest shell, use `openclaw gateway status --deep --require-rpc` so an RPC miss is a hard failure.
+  - Prefer direct argv guest commands for fetch/install steps (`curl`, `npm install -g`, `openclaw ...`) over nested `bash -lc` quoting; Linux guest quoting through Parallels was the flaky part.
+  - Harness output: pass `--json` for machine-readable summary; per-phase logs land under `/tmp/openclaw-parallels-linux.*`.
+  - Current expected outcome on Linux smoke: fresh + upgrade should pass installer and `agent --local`; gateway remains `skipped-no-detached-linux-gateway` on this snapshot and should not be treated as a regression by itself.
 - Never edit `node_modules` (global/Homebrew/npm/git installs too). Updates overwrite. Skill notes go in `tools.md` or `AGENTS.md`.
 - When adding a new `AGENTS.md` anywhere in the repo, also add a `CLAUDE.md` symlink pointing to it (example: `ln -s AGENTS.md CLAUDE.md`).
 - Signal: "update fly" => `fly ssh console -a flawd-bot -C "bash -lc 'cd /data/clawd/openclaw && git pull --rebase origin main'"` then `fly machines restart e825232f34d058 -a flawd-bot`.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c64548aa5a0..6b25a147e16 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,49 +6,96 @@ Docs: https://docs.openclaw.ai
 
 ### Changes
 
-- Android/chat settings: redesign the chat settings sheet with grouped device and media sections, refresh the Connect and Voice tabs, and tighten the chat composer/session header for a denser mobile layout. (#44894) Thanks @obviyus.
-- Docker/timezone override: add `OPENCLAW_TZ` so `docker-setup.sh` can pin gateway and CLI containers to a chosen IANA timezone instead of inheriting the daemon default. (#34119) Thanks @Lanfei.
-- iOS/onboarding: add a first-run welcome pager before gateway setup, stop auto-opening the QR scanner, and show `/pair qr` instructions on the connect step. (#45054) Thanks @ngutman.
-- Browser/existing-session: add an official Chrome DevTools MCP attach mode for signed-in live Chrome sessions, with docs for `chrome://inspect/#remote-debugging` enablement and direct backlinks to Chrome’s own setup guides.
-- Browser/act automation: add batched actions, selector targeting, and delayed clicks for browser act requests with normalized batch dispatch. Thanks @vincentkoc.
+- Commands/btw: add `/btw` side questions for quick tool-less answers about the current session without changing future session context, with dismissible in-session TUI answers and explicit BTW replies on external channels. (#45444) Thanks @ngutman.
+- Refactor/channels: remove the legacy channel shim directories and point channel-specific imports directly at the extension-owned implementations. (#45967) thanks @scoootscooob.
 
 ### Fixes
 
-- Telegram/webhook auth: validate the Telegram webhook secret before reading or parsing request bodies, so unauthenticated requests are rejected immediately instead of consuming up to 1 MB first. Thanks @space08.
+- Z.AI/onboarding: detect a working default model even for explicit `zai-coding-*` endpoint choices, so Coding Plan setup can keep the selected endpoint while defaulting to `glm-5` when available or `glm-4.7` as fallback. (#45969)
+- Control UI/chat sessions: show human-readable labels in the grouped session dropdown again, keep unique scoped fallbacks when metadata is missing, and disambiguate duplicate labels only when needed. (#45130) thanks @luzhidong.
+- Configure/startup: move outbound send-deps resolution into a lightweight helper so `openclaw configure` no longer stalls after the banner while eagerly loading channel plugins. (#46301) thanks @scoootscooob.
+
+### Fixes
+
+- Slack/interactive replies: preserve `channelData.slack.blocks` through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. Thanks @vincentkoc.
+- CI/channel test routing: move the built-in channel suites into `test:channels` and keep them out of `test:extensions`, so extension CI no longer fails after the channel migration while targeted test routing still sends Slack, Signal, and iMessage suites to the right lane. (#46066) Thanks @scoootscooob.
+- Agents/usage tracking: stop forcing `supportsUsageInStreaming: false` on non-native openai-completions endpoints so providers like DashScope, DeepSeek, and other OpenAI-compatible backends report token usage and cost instead of showing all zeros. (#46142)
+- Node/startup: remove leftover debug `console.log("node host PATH: ...")` that printed the resolved PATH on every `openclaw node run` invocation. (#46411)
+
+## 2026.3.13
+
+### Changes
+
+- Android/chat settings: redesign the chat settings sheet with grouped device and media sections, refresh the Connect and Voice tabs, and tighten the chat composer/session header for a denser mobile layout. (#44894) Thanks @obviyus.
+- iOS/onboarding: add a first-run welcome pager before gateway setup, stop auto-opening the QR scanner, and show `/pair qr` instructions on the connect step. (#45054) Thanks @ngutman.
+- Browser/existing-session: add an official Chrome DevTools MCP attach mode for signed-in live Chrome sessions, with docs for `chrome://inspect/#remote-debugging` enablement and direct backlinks to Chrome’s own setup guides.
+- Browser/agents: add built-in `profile="user"` for the logged-in host browser and `profile="chrome-relay"` for the extension relay, so agent browser calls can prefer the real signed-in browser without the extra `browserSession` selector.
+- Browser/act automation: add batched actions, selector targeting, and delayed clicks for browser act requests with normalized batch dispatch. Thanks @vincentkoc.
+- Docker/timezone override: add `OPENCLAW_TZ` so `docker-setup.sh` can pin gateway and CLI containers to a chosen IANA timezone instead of inheriting the daemon default. (#34119) Thanks @Lanfei.
+- Dependencies/pi: bump `@mariozechner/pi-agent-core`, `@mariozechner/pi-ai`, `@mariozechner/pi-coding-agent`, and `@mariozechner/pi-tui` to `0.58.0`.
+- Cron/sessions: add `sessionTarget: "current"` and `session:<id>` support so cron jobs can bind to the creating session or a persistent named session instead of only `main` or `isolated`. Thanks @kkhomej33-netizen and @ImLukeF.
+- Telegram/message send: add `--force-document` so Telegram image and GIF sends can upload as documents without compression. (#45111) Thanks @thepagent.
+
+### Breaking
+
+- **BREAKING:** Agents now load at most one root memory bootstrap file. `MEMORY.md` wins; `memory.md` is only used when `MEMORY.md` is absent. If you intentionally kept both files and depended on both being injected, merge them before upgrade. This also fixes duplicate memory injection on case-insensitive Docker mounts. (#26054) Thanks @Lanfei.
+
+### Fixes
+
+- Dashboard/chat UI: stop reloading full chat history on every live tool result in dashboard v2 so tool-heavy runs no longer trigger UI freeze/re-render storms while the final event still refreshes persisted history. (#45541) Thanks @BunsDev.
+- Gateway/client requests: reject unanswered gateway RPC calls after a bounded timeout and clear their pending state, so stalled connections no longer leak hanging `GatewayClient.request()` promises indefinitely.
 - Build/plugin-sdk bundling: bundle plugin-sdk subpath entries in one shared build pass so published packages stop duplicating shared chunks and avoid the recent plugin-sdk memory blow-up. (#45426) Thanks @TarasShyn.
-- Browser/existing-session: accept text-only `list_pages` and `new_page` responses from Chrome DevTools MCP so live-session tab discovery and new-tab open flows keep working when the server omits structured page metadata.
 - Ollama/reasoning visibility: stop promoting native `thinking` and `reasoning` fields into final assistant text so local reasoning models no longer leak internal thoughts in normal replies. (#45330) Thanks @xi7ang.
-- Cron/isolated sessions: route nested cron-triggered embedded runner work onto the nested lane so isolated cron jobs no longer deadlock when compaction or other queued inner work runs. Thanks @vincentkoc.
-- Windows/gateway install: bound `schtasks` calls and fall back to the Startup-folder login item when task creation hangs, so native `openclaw gateway install` fails fast instead of wedging forever on broken Scheduled Task setups.
-- Windows/gateway auth: stop attaching device identity on local loopback shared-token and password gateway calls, so native Windows agent replies no longer log stale `device signature expired` fallback noise before succeeding.
-- Telegram/media downloads: thread the same direct or proxy transport policy into SSRF-guarded file fetches so inbound attachments keep working when Telegram falls back between env-proxy and direct networking. (#44639) Thanks @obviyus.
-- Agents/compaction: compare post-compaction token sanity checks against full-session pre-compaction totals and skip the check when token estimation fails, so sessions with large bootstrap context keep real token counts instead of falling back to unknown. (#28347) thanks @efe-arv.
-- Discord/gateway startup: treat plain-text and transient `/gateway/bot` metadata fetch failures as transient startup errors so Discord gateway boot no longer crashes on unhandled rejections. (#44397) Thanks @jalehman.
-- Gateway/session reset: preserve `lastAccountId` and `lastThreadId` across gateway session resets so replies keep routing back to the same account and thread after `/reset`. (#44773) Thanks @Lanfei.
-- Agents/memory bootstrap: load only one root memory file, preferring `MEMORY.md` and using `memory.md` as a fallback, so case-insensitive Docker mounts no longer inject duplicate memory context. (#26054) Thanks @Lanfei.
-- Agents/OpenAI-compatible compat overrides: respect explicit user `models[].compat` opt-ins for non-native `openai-completions` endpoints so usage-in-streaming capability overrides no longer get forced off when the endpoint actually supports them. (#44432) Thanks @cheapestinference.
-- Agents/Azure OpenAI startup prompts: rephrase the built-in `/new`, `/reset`, and post-compaction startup instruction so Azure OpenAI deployments no longer hit HTTP 400 false positives from the content filter. (#43403) Thanks @xingsy97.
-- Windows/gateway stop: resolve Startup-folder fallback listeners from the installed `gateway.cmd` port, so `openclaw gateway stop` now actually kills fallback-launched gateway processes before restart.
-- Config/validation: accept documented `agents.list[].params` per-agent overrides in strict config validation so `openclaw config validate` no longer rejects runtime-supported `cacheRetention`, `temperature`, and `maxTokens` settings. (#41171) Thanks @atian8179.
 - Android/onboarding QR scan: switch setup QR scanning to Google Code Scanner so onboarding uses a more reliable scanner instead of the legacy embedded ZXing flow. (#45021) Thanks @obviyus.
-- Config/web fetch: restore runtime validation for documented `tools.web.fetch.readability` and `tools.web.fetch.firecrawl` settings so valid web fetch configs no longer fail with unrecognized-key errors. (#42583) Thanks @stim64045-spec.
-- Signal/config validation: add `channels.signal.groups` schema support so per-group `requireMention`, `tools`, and `toolsBySender` overrides no longer get rejected during config validation. (#27199) Thanks @unisone.
-- Config/discovery: accept `discovery.wideArea.domain` in strict config validation so unicast DNS-SD gateway configs no longer fail with an unrecognized-key error. (#35615) Thanks @ingyukoh.
+- Browser/existing-session: harden driver validation and session lifecycle so transport errors trigger reconnects while tool-level errors preserve the session, and extract shared ARIA role sets to deduplicate Playwright and Chrome MCP snapshot paths. (#45682) Thanks @odysseus0.
+- Browser/existing-session: accept text-only `list_pages` and `new_page` responses from Chrome DevTools MCP so live-session tab discovery and new-tab open flows keep working when the server omits structured page metadata.
+- Control UI/insecure auth: preserve explicit shared token and password auth on plain-HTTP Control UI connects so LAN and reverse-proxy sessions no longer drop shared auth before the first WebSocket handshake. (#45088) Thanks @velvet-shark.
+- Gateway/session reset: preserve `lastAccountId` and `lastThreadId` across gateway session resets so replies keep routing back to the same account and thread after `/reset`. (#44773) Thanks @Lanfei.
+- macOS/onboarding: avoid self-restarting freshly bootstrapped launchd gateways and give new daemon installs longer to become healthy, so `openclaw onboard --install-daemon` no longer false-fails on slower Macs and fresh VM snapshots.
+- Gateway/status: add `openclaw gateway status --require-rpc` and clearer Linux non-interactive daemon-install failure reporting so automation can fail hard on probe misses instead of treating a printed RPC error as green.
+- macOS/exec approvals: respect per-agent exec approval settings in the gateway prompter, including allowlist fallback when the native prompt cannot be shown, so gateway-triggered `system.run` requests follow configured policy instead of always prompting or denying unexpectedly. (#13707) Thanks @sliekens.
+- Telegram/media downloads: thread the same direct or proxy transport policy into SSRF-guarded file fetches so inbound attachments keep working when Telegram falls back between env-proxy and direct networking. (#44639) Thanks @obviyus.
+- Telegram/inbound media IPv4 fallback: retry SSRF-guarded Telegram file downloads once with the same IPv4 fallback policy as Bot API calls so fresh installs on IPv6-broken hosts no longer fail to download inbound images.
+- Windows/gateway install: bound `schtasks` calls and fall back to the Startup-folder login item when task creation hangs, so native `openclaw gateway install` fails fast instead of wedging forever on broken Scheduled Task setups.
+- Windows/gateway stop: resolve Startup-folder fallback listeners from the installed `gateway.cmd` port, so `openclaw gateway stop` now actually kills fallback-launched gateway processes before restart.
+- Windows/gateway status: reuse the installed service command environment when reading runtime status, so startup-fallback gateways keep reporting the configured port and running state in `gateway status --json` instead of falling back to `gateway port unknown`.
+- Windows/gateway auth: stop attaching device identity on local loopback shared-token and password gateway calls, so native Windows agent replies no longer log stale `device signature expired` fallback noise before succeeding.
+- Discord/gateway startup: treat plain-text and transient `/gateway/bot` metadata fetch failures as transient startup errors so Discord gateway boot no longer crashes on unhandled rejections. (#44397) Thanks @jalehman.
+- Slack/probe: keep `auth.test()` bot and team metadata mapping stable while simplifying the probe result path. (#44775) Thanks @Cafexss.
+- Dashboard/chat UI: render oversized plain-text replies as normal paragraphs instead of capped gray code blocks, so long desktop chat responses stay readable without tab-switching refreshes.
+- Dashboard/chat UI: restore the `chat-new-messages` class on the New messages scroll pill so the button uses its existing compact styling instead of rendering as a full-screen SVG overlay. (#44856) Thanks @Astro-Han.
+- Gateway/Control UI: restore the operator-only device-auth bypass and classify browser connect failures so origin and device-identity problems no longer show up as auth errors in the Control UI and web chat. (#45512) thanks @sallyom.
+- macOS/voice wake: stop crashing wake-word command extraction when speech segment ranges come from a different transcript instance.
+- Discord/allowlists: honor raw `guild_id` when hydrated guild objects are missing so allowlisted channels and threads like `#maintainers` no longer get false-dropped before channel allowlist checks.
+- macOS/runtime locator: require Node >=22.16.0 during macOS runtime discovery so the app no longer accepts Node versions that the main runtime guard rejects later. Thanks @sumleo.
+- Agents/custom providers: preserve blank API keys for loopback OpenAI-compatible custom providers by clearing the synthetic Authorization header at runtime, while keeping explicit apiKey and oauth/token config from silently downgrading into fake bearer auth. (#45631) Thanks @xinhuagu.
+- Models/google-vertex Gemini flash-lite normalization: apply existing bare-ID preview normalization to `google-vertex` model refs and provider configs so `google-vertex/gemini-3.1-flash-lite` resolves as `gemini-3.1-flash-lite-preview`. (#42435) thanks @scoootscooob.
+- iMessage/remote attachments: reject unsafe remote attachment paths before spawning SCP, so sender-controlled filenames can no longer inject shell metacharacters into remote media staging. Thanks @lintsinghua.
+- Telegram/webhook auth: validate the Telegram webhook secret before reading or parsing request bodies, so unauthenticated requests are rejected immediately instead of consuming up to 1 MB first. Thanks @space08.
+- Security/device pairing: make bootstrap setup codes single-use so pending device pairing requests cannot be silently replayed and widened to admin before approval. Thanks @tdjackey.
+- Security/external content: strip zero-width and soft-hyphen marker-splitting characters during boundary sanitization so spoofed `EXTERNAL_UNTRUSTED_CONTENT` markers fall back to the existing hardening path instead of bypassing marker normalization.
 - Security/exec approvals: unwrap more `pnpm` runtime forms during approval binding, including `pnpm --reporter ... exec` and direct `pnpm node` file runs, with matching regression coverage and docs updates.
 - Security/exec approvals: fail closed for Perl `-M` and `-I` approval flows so preload and load-path module resolution stays outside approval-backed runtime execution unless the operator uses a broader explicit trust path.
 - Security/exec approvals: recognize PowerShell `-File` and `-f` wrapper forms during inline-command extraction so approval and command-analysis paths treat file-based PowerShell launches like the existing `-Command` variants.
 - Security/exec approvals: unwrap `env` dispatch wrappers inside shell-segment allowlist resolution on macOS so `env FOO=bar /path/to/bin` resolves against the effective executable instead of the wrapper token.
 - Security/exec approvals: treat backslash-newline as shell line continuation during macOS shell-chain parsing so line-continued `$(` substitutions fail closed instead of slipping past command-substitution checks.
 - Security/exec approvals: bind macOS skill auto-allow trust to both executable name and resolved path so same-basename binaries no longer inherit trust from unrelated skill bins.
-- Security/external content: strip zero-width and soft-hyphen marker-splitting characters during boundary sanitization so spoofed `EXTERNAL_UNTRUSTED_CONTENT` markers fall back to the existing hardening path instead of bypassing marker normalization.
-- Control UI/insecure auth: preserve explicit shared token and password auth on plain-HTTP Control UI connects so LAN and reverse-proxy sessions no longer drop shared auth before the first WebSocket handshake. (#45088) Thanks @velvet-shark.
-- macOS/onboarding: avoid self-restarting freshly bootstrapped launchd gateways and give new daemon installs longer to become healthy, so `openclaw onboard --install-daemon` no longer false-fails on slower Macs and fresh VM snapshots.
+- Build/plugin-sdk bundling: bundle plugin-sdk subpath entries in one shared build pass so published packages stop duplicating shared chunks and avoid the recent plugin-sdk memory blow-up. (#45426) Thanks @TarasShyn.
+- Cron/isolated sessions: route nested cron-triggered embedded runner work onto the nested lane so isolated cron jobs no longer deadlock when compaction or other queued inner work runs. Thanks @vincentkoc.
+- Agents/OpenAI-compatible compat overrides: respect explicit user `models[].compat` opt-ins for non-native `openai-completions` endpoints so usage-in-streaming capability overrides no longer get forced off when the endpoint actually supports them. (#44432) Thanks @cheapestinference.
+- Agents/Azure OpenAI startup prompts: rephrase the built-in `/new`, `/reset`, and post-compaction startup instruction so Azure OpenAI deployments no longer hit HTTP 400 false positives from the content filter. (#43403) Thanks @xingsy97.
+- Agents/compaction: compare post-compaction token sanity checks against full-session pre-compaction totals and skip the check when token estimation fails, so sessions with large bootstrap context keep real token counts instead of falling back to unknown. (#28347) thanks @efe-arv.
 - Agents/compaction: preserve safeguard compaction summary language continuity via default and configurable custom instructions so persona drift is reduced after auto-compaction. (#10456) Thanks @keepitmello.
 - Agents/tool warnings: distinguish gated core tools like `apply_patch` from plugin-only unknown entries in `tools.profile` warnings, so unavailable core tools now report current runtime/provider/model/config gating instead of suggesting a missing plugin.
-- Slack/probe: keep `auth.test()` bot and team metadata mapping stable while simplifying the probe result path. (#44775) Thanks @Cafexss.
-- Dashboard/chat UI: restore the `chat-new-messages` class on the New messages scroll pill so the button uses its existing compact styling instead of rendering as a full-screen SVG overlay. (#44856) Thanks @Astro-Han.
-- Windows/gateway status: reuse the installed service command environment when reading runtime status, so startup-fallback gateways keep reporting the configured port and running state in `gateway status --json` instead of falling back to `gateway port unknown`.
-- Security/device pairing: make bootstrap setup codes single-use so pending device pairing requests cannot be silently replayed and widened to admin before approval. Thanks @tdjackey.
+- Config/validation: accept documented `agents.list[].params` per-agent overrides in strict config validation so `openclaw config validate` no longer rejects runtime-supported `cacheRetention`, `temperature`, and `maxTokens` settings. (#41171) Thanks @atian8179.
+- Config/web fetch: restore runtime validation for documented `tools.web.fetch.readability` and `tools.web.fetch.firecrawl` settings so valid web fetch configs no longer fail with unrecognized-key errors. (#42583) Thanks @stim64045-spec.
+- Signal/config validation: add `channels.signal.groups` schema support so per-group `requireMention`, `tools`, and `toolsBySender` overrides no longer get rejected during config validation. (#27199) Thanks @unisone.
+- Config/discovery: accept `discovery.wideArea.domain` in strict config validation so unicast DNS-SD gateway configs no longer fail with an unrecognized-key error. (#35615) Thanks @ingyukoh.
+- Telegram/media errors: redact Telegram file URLs before building media fetch errors so failed inbound downloads do not leak bot tokens into logs. Thanks @space08.
+- Agents/failover: normalize abort-wrapped `429 RESOURCE_EXHAUSTED` provider failures before abort short-circuiting so wrapped Google/Vertex rate limits continue across configured fallback models, including the embedded runner prompt-error path. (#39820) Thanks @lupuletic.
+- Mattermost/thread routing: non-inbound reply paths (TUI/WebUI turns, tool-call callbacks, subagent responses) now correctly route to the originating Mattermost thread when `replyToMode: "all"` is active; also prevents stale `origin.threadId` metadata from resurrecting cleared thread routes. (#44283) thanks @teconomix
+- Gateway/websocket pairing bypass for disabled auth: skip device-pairing enforcement when `gateway.auth.mode=none` so Control UI connections behind reverse proxies no longer get stuck on `pairing required` (code 1008) despite auth being explicitly disabled. (#42931)
+- Auth/login lockout recovery: clear stale `auth_permanent` and `billing` disabled state for all profiles matching the target provider when `openclaw models auth login` is invoked, so users locked out by expired or revoked OAuth tokens can recover by re-authenticating instead of waiting for the cooldown timer to expire. (#43057)
 
 ## 2026.3.12
 
@@ -118,13 +165,16 @@ Docs: https://docs.openclaw.ai
 - Gateway/session stores: regenerate the Swift push-test protocol models and align Windows native session-store realpath handling so protocol checks and sync session discovery stop drifting on Windows. (#44266) thanks @jalehman.
 - Context engine/session routing: forward optional `sessionKey` through context-engine lifecycle calls so plugins can see structured routing metadata during bootstrap, assembly, post-turn ingestion, and compaction. (#44157) thanks @jalehman.
 - Agents/failover: classify z.ai `network_error` stop reasons as retryable timeouts so provider connectivity failures trigger fallback instead of surfacing raw unhandled-stop-reason errors. (#43884) Thanks @hougangdev.
+- Config/Anthropic startup: inline Anthropic alias normalization during config load so gateway startup no longer crashes on dated Anthropic model refs like `anthropic/claude-sonnet-4-20250514`. (#45520) Thanks @BunsDev.
 - Memory/session sync: add mode-aware post-compaction session reindexing with `agents.defaults.compaction.postIndexSync` plus `agents.defaults.memorySearch.sync.sessions.postCompactionForce`, so compacted session memory can refresh immediately without forcing every deployment into synchronous reindexing. (#25561) thanks @rodrigouroz.
 - Telegram/model picker: make inline model button selections persist the chosen session model correctly, clear overrides when selecting the configured default, and include effective fallback models in `/models` button validation. (#40105) Thanks @avirweb.
 - Telegram/native command sync: suppress expected `BOT_COMMANDS_TOO_MUCH` retry error noise, add a final fallback summary log, and document the difference between command-menu overflow and real Telegram network failures.
 - Mattermost/reply media delivery: pass agent-scoped `mediaLocalRoots` through shared reply delivery so allowed local files upload correctly from button, slash-command, and model-picker replies. (#44021) Thanks @LyleLiu666.
 - Plugins/env-scoped roots: fix plugin discovery/load caches and provenance tracking so same-process `HOME`/`OPENCLAW_HOME` changes no longer reuse stale plugin state or misreport `~/...` plugins as untracked. (#44046) thanks @gumadeiras.
 - Gateway/session discovery: discover disk-only and retired ACP session stores under custom templated `session.store` roots so ACP reconciliation, session-id/session-label targeting, and run-id fallback keep working after restart. (#44176) thanks @gumadeiras.
+- Browser/existing-session: stop reporting fake CDP ports/URLs for live attached Chrome sessions, render `transport: chrome-mcp` in CLI/status output instead of `port: 0`, and keep timeout diagnostics transport-aware when no direct CDP URL exists.
 - Models/OpenRouter native ids: canonicalize native OpenRouter model keys across config writes, runtime lookups, fallback management, and `models list --plain`, and migrate legacy duplicated `openrouter/openrouter/...` config entries forward on write.
+- Feishu/event dedupe: keep early duplicate suppression aligned with the shared Feishu message-id contract and release the pre-queue dedupe marker after failed dispatch so retried events can recover instead of being dropped until the short TTL expires. (#43762) Thanks @yunweibang.
 - Gateway/hooks: bucket hook auth failures by forwarded client IP behind trusted proxies and warn when `hooks.allowedAgentIds` leaves hook routing unrestricted.
 - Agents/compaction: skip the post-compaction `cache-ttl` marker write when a compaction completed in the same attempt, preventing the next turn from immediately triggering a second tiny compaction. (#28548) thanks @MoerAI.
 - Native chat/macOS: add `/new`, `/reset`, and `/clear` reset triggers, keep shared main-session aliases aligned, and ignore stale model-selection completions so native chat state stays in sync across reset and fast model changes. (#10898) Thanks @Nachx639.
@@ -136,6 +186,7 @@ Docs: https://docs.openclaw.ai
 - CLI/thinking help: add the missing `xhigh` level hints to `openclaw cron add`, `openclaw cron edit`, and `openclaw agent` so the help text matches the levels already accepted at runtime. (#44819) Thanks @kiki830621.
 - Agents/Anthropic replay: drop replayed assistant thinking blocks for native Anthropic and Bedrock Claude providers so persisted follow-up turns no longer fail on stored thinking blocks. (#44843) Thanks @jmcte.
 - Docs/Brave pricing: escape literal dollar signs in Brave Search cost text so the docs render the free credit and per-request pricing correctly. (#44989) Thanks @keelanfh.
+- Feishu/file uploads: preserve literal UTF-8 filenames in `im.file.create` so Chinese and other non-ASCII filenames no longer appear percent-encoded in chat. (#34262) Thanks @fabiaodemianyang and @KangShuaiFu.
 
 ## 2026.3.11
 
@@ -276,6 +327,8 @@ Docs: https://docs.openclaw.ai
 - Agents/failover: classify ZenMux quota-refresh `402` responses as `rate_limit` so model fallback retries continue instead of stopping on a temporary subscription window. (#43917) thanks @bwjoke.
 - Agents/failover: classify HTTP 422 malformed-request responses as `format` and recognize OpenRouter "requires more credits" billing errors so provider fallback triggers instead of surfacing raw errors. (#43823) thanks @jnMetaCode.
 - Memory/QMD Windows: fail closed when `qmd.cmd` or `mcporter.cmd` wrappers cannot be resolved to a direct entrypoint, so memory search no longer falls back to shell execution on Windows.
+- macOS/remote gateway: stop PortGuardian from killing Docker Desktop and other external listeners on the gateway port in remote mode, so containerized and tunneled gateway setups no longer lose their port-forward owner on app startup. (#6755) Thanks @teslamint.
+- Feishu/streaming recovery: clear stale `streamingStartPromise` when card creation fails (HTTP 400) so subsequent messages can retry streaming instead of silently dropping all future replies. Fixes #43322.
 
 ## 2026.3.8
 
@@ -3279,7 +3332,7 @@ Docs: https://docs.openclaw.ai
 - Agents: add CLI log hint to "agent failed before reply" messages. (#1550) Thanks @sweepies.
 - Agents: warn and ignore tool allowlists that only reference unknown or unloaded plugin tools. (#1566)
 - Agents: treat plugin-only tool allowlists as opt-ins; keep core tools enabled. (#1467)
-- Agents: honor enqueue overrides for embedded runs to avoid queue deadlocks in tests. (commit 084002998)
+- Agents: honor enqueue overrides for embedded runs to avoid queue deadlocks in tests. (#45459) Thanks @LyttonFeng and @vincentkoc.
 - Slack: honor open groupPolicy for unlisted channels in message + slash gating. (#1563) Thanks @itsjaydesu.
 - Discord: limit autoThread mention bypass to bot-owned threads; keep ack reactions mention-gated. (#1511) Thanks @pvoo.
 - Discord: retry rate-limited allowlist resolution + command deploy to avoid gateway crashes. (commit f70ac0c7c)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 87ccbeff4ef..0febbf5ec89 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -61,7 +61,7 @@ Welcome to the lobster tank! 🦞
 - **Josh Lehman** - Compaction, Tlon/Urbit subsystem
   - GitHub [@jalehman](https://github.com/jalehman) · X: [@jlehman\_](https://x.com/jlehman_)
 
-- **Radek Sienkiewicz** - Control UI + WebChat correctness
+- **Radek Sienkiewicz** - Docs, Control UI
   - GitHub [@velvet-shark](https://github.com/velvet-shark) · X: [@velvet_shark](https://twitter.com/velvet_shark)
 
 - **Muhammed Mukhthar** - Mattermost, CLI
@@ -76,6 +76,9 @@ Welcome to the lobster tank! 🦞
 - **Tengji (George) Zhang** - Chinese model APIs, cloud, pi
   - GitHub: [@odysseus0](https://github.com/odysseus0) · X: [@odysseus0z](https://x.com/odysseus0z)
 
+- **Andrew (Bubbles) Demczuk** - Agents/Gateway/TTS/VTT
+  - GitHub: [@ademczuk](https://github.com/ademczuk) · X: [@ademczuk](https://x.com/ademczuk)
+
 ## How to Contribute
 
 1. **Bugs & small fixes** → Open a PR!
diff --git a/Dockerfile b/Dockerfile
index 72c413ebe7b..57a3440f385 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -132,6 +132,7 @@ WORKDIR /app
 RUN --mount=type=cache,id=openclaw-bookworm-apt-cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,id=openclaw-bookworm-apt-lists,target=/var/lib/apt,sharing=locked \
     apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --no-install-recommends && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
       procps hostname curl git openssl
 
diff --git a/Dockerfile.sandbox b/Dockerfile.sandbox
index 8b50c7a6745..37cdab5fcd2 100644
--- a/Dockerfile.sandbox
+++ b/Dockerfile.sandbox
@@ -7,6 +7,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 RUN --mount=type=cache,id=openclaw-sandbox-bookworm-apt-cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,id=openclaw-sandbox-bookworm-apt-lists,target=/var/lib/apt,sharing=locked \
   apt-get update \
+  && apt-get upgrade -y --no-install-recommends \
   && apt-get install -y --no-install-recommends \
     bash \
     ca-certificates \
diff --git a/Dockerfile.sandbox-browser b/Dockerfile.sandbox-browser
index f04e4a82a62..e8e8bb59f84 100644
--- a/Dockerfile.sandbox-browser
+++ b/Dockerfile.sandbox-browser
@@ -7,6 +7,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 RUN --mount=type=cache,id=openclaw-sandbox-bookworm-apt-cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,id=openclaw-sandbox-bookworm-apt-lists,target=/var/lib/apt,sharing=locked \
   apt-get update \
+  && apt-get upgrade -y --no-install-recommends \
   && apt-get install -y --no-install-recommends \
     bash \
     ca-certificates \
diff --git a/Dockerfile.sandbox-common b/Dockerfile.sandbox-common
index 39eaa3692b4..fba29a5df3d 100644
--- a/Dockerfile.sandbox-common
+++ b/Dockerfile.sandbox-common
@@ -24,6 +24,7 @@ ENV PATH=${BUN_INSTALL_DIR}/bin:${BREW_INSTALL_DIR}/bin:${BREW_INSTALL_DIR}/sbin
 RUN --mount=type=cache,id=openclaw-sandbox-common-apt-cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,id=openclaw-sandbox-common-apt-lists,target=/var/lib/apt,sharing=locked \
   apt-get update \
+  && apt-get upgrade -y --no-install-recommends \
   && apt-get install -y --no-install-recommends ${PACKAGES}
 
 RUN if [ "${INSTALL_PNPM}" = "1" ]; then npm install -g pnpm; fi
diff --git a/Swabble/Sources/SwabbleKit/WakeWordGate.swift b/Swabble/Sources/SwabbleKit/WakeWordGate.swift
index 27c952a8d1b..1a1479b630b 100644
--- a/Swabble/Sources/SwabbleKit/WakeWordGate.swift
+++ b/Swabble/Sources/SwabbleKit/WakeWordGate.swift
@@ -101,25 +101,19 @@ public enum WakeWordGate {
     }
 
     public static func commandText(
-        transcript: String,
+        transcript _: String,
         segments: [WakeWordSegment],
         triggerEndTime: TimeInterval)
     -> String {
         let threshold = triggerEndTime + 0.001
+        var commandWords: [String] = []
+        commandWords.reserveCapacity(segments.count)
         for segment in segments where segment.start >= threshold {
-            if normalizeToken(segment.text).isEmpty { continue }
-            if let range = segment.range {
-                let slice = transcript[range.lowerBound...]
-                return String(slice).trimmingCharacters(in: Self.whitespaceAndPunctuation)
-            }
-            break
+            let normalized = normalizeToken(segment.text)
+            if normalized.isEmpty { continue }
+            commandWords.append(segment.text)
         }
-
-        let text = segments
-            .filter { $0.start >= threshold && !normalizeToken($0.text).isEmpty }
-            .map(\.text)
-            .joined(separator: " ")
-        return text.trimmingCharacters(in: Self.whitespaceAndPunctuation)
+        return commandWords.joined(separator: " ").trimmingCharacters(in: Self.whitespaceAndPunctuation)
     }
 
     public static func matchesTextOnly(text: String, triggers: [String]) -> Bool {
diff --git a/Swabble/Tests/SwabbleKitTests/WakeWordGateTests.swift b/Swabble/Tests/SwabbleKitTests/WakeWordGateTests.swift
index 5cc283c35ae..7e5b4abdd74 100644
--- a/Swabble/Tests/SwabbleKitTests/WakeWordGateTests.swift
+++ b/Swabble/Tests/SwabbleKitTests/WakeWordGateTests.swift
@@ -46,6 +46,25 @@ import Testing
         let match = WakeWordGate.match(transcript: transcript, segments: segments, config: config)
         #expect(match?.command == "do it")
     }
+
+    @Test func commandTextHandlesForeignRangeIndices() {
+        let transcript = "hey clawd do thing"
+        let other = "do thing"
+        let foreignRange = other.range(of: "do")
+        let segments = [
+            WakeWordSegment(text: "hey", start: 0.0, duration: 0.1, range: transcript.range(of: "hey")),
+            WakeWordSegment(text: "clawd", start: 0.2, duration: 0.1, range: transcript.range(of: "clawd")),
+            WakeWordSegment(text: "do", start: 0.9, duration: 0.1, range: foreignRange),
+            WakeWordSegment(text: "thing", start: 1.1, duration: 0.1, range: nil),
+        ]
+
+        let command = WakeWordGate.commandText(
+            transcript: transcript,
+            segments: segments,
+            triggerEndTime: 0.3)
+
+        #expect(command == "do thing")
+    }
 }
 
 private func makeSegments(
diff --git a/appcast.xml b/appcast.xml
index 69632c08b97..c1919972b22 100644
--- a/appcast.xml
+++ b/appcast.xml
@@ -2,6 +2,82 @@
 <rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
     <channel>
         <title>OpenClaw</title>
+        <item>
+            <title>2026.3.13</title>
+            <pubDate>Sat, 14 Mar 2026 05:19:48 +0000</pubDate>
+            <link>https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml</link>
+            <sparkle:version>2026031390</sparkle:version>
+            <sparkle:shortVersionString>2026.3.13</sparkle:shortVersionString>
+            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
+            <description><![CDATA[<h2>OpenClaw 2026.3.13</h2>
+<h3>Changes</h3>
+<ul>
+<li>Android/chat settings: redesign the chat settings sheet with grouped device and media sections, refresh the Connect and Voice tabs, and tighten the chat composer/session header for a denser mobile layout. (#44894) Thanks @obviyus.</li>
+<li>iOS/onboarding: add a first-run welcome pager before gateway setup, stop auto-opening the QR scanner, and show <code>/pair qr</code> instructions on the connect step. (#45054) Thanks @ngutman.</li>
+<li>Browser/existing-session: add an official Chrome DevTools MCP attach mode for signed-in live Chrome sessions, with docs for <code>chrome://inspect/#remote-debugging</code> enablement and direct backlinks to Chrome’s own setup guides.</li>
+<li>Browser/agents: add built-in <code>profile="user"</code> for the logged-in host browser and <code>profile="chrome-relay"</code> for the extension relay, so agent browser calls can prefer the real signed-in browser without the extra <code>browserSession</code> selector.</li>
+<li>Browser/act automation: add batched actions, selector targeting, and delayed clicks for browser act requests with normalized batch dispatch. Thanks @vincentkoc.</li>
+<li>Docker/timezone override: add <code>OPENCLAW_TZ</code> so <code>docker-setup.sh</code> can pin gateway and CLI containers to a chosen IANA timezone instead of inheriting the daemon default. (#34119) Thanks @Lanfei.</li>
+<li>Dependencies/pi: bump <code>@mariozechner/pi-agent-core</code>, <code>@mariozechner/pi-ai</code>, <code>@mariozechner/pi-coding-agent</code>, and <code>@mariozechner/pi-tui</code> to <code>0.58.0</code>.</li>
+</ul>
+<h3>Fixes</h3>
+<ul>
+<li>Dashboard/chat UI: stop reloading full chat history on every live tool result in dashboard v2 so tool-heavy runs no longer trigger UI freeze/re-render storms while the final event still refreshes persisted history. (#45541) Thanks @BunsDev.</li>
+<li>Gateway/client requests: reject unanswered gateway RPC calls after a bounded timeout and clear their pending state, so stalled connections no longer leak hanging <code>GatewayClient.request()</code> promises indefinitely.</li>
+<li>Build/plugin-sdk bundling: bundle plugin-sdk subpath entries in one shared build pass so published packages stop duplicating shared chunks and avoid the recent plugin-sdk memory blow-up. (#45426) Thanks @TarasShyn.</li>
+<li>Ollama/reasoning visibility: stop promoting native <code>thinking</code> and <code>reasoning</code> fields into final assistant text so local reasoning models no longer leak internal thoughts in normal replies. (#45330) Thanks @xi7ang.</li>
+<li>Android/onboarding QR scan: switch setup QR scanning to Google Code Scanner so onboarding uses a more reliable scanner instead of the legacy embedded ZXing flow. (#45021) Thanks @obviyus.</li>
+<li>Browser/existing-session: harden driver validation and session lifecycle so transport errors trigger reconnects while tool-level errors preserve the session, and extract shared ARIA role sets to deduplicate Playwright and Chrome MCP snapshot paths. (#45682) Thanks @odysseus0.</li>
+<li>Browser/existing-session: accept text-only <code>list_pages</code> and <code>new_page</code> responses from Chrome DevTools MCP so live-session tab discovery and new-tab open flows keep working when the server omits structured page metadata.</li>
+<li>Control UI/insecure auth: preserve explicit shared token and password auth on plain-HTTP Control UI connects so LAN and reverse-proxy sessions no longer drop shared auth before the first WebSocket handshake. (#45088) Thanks @velvet-shark.</li>
+<li>Gateway/session reset: preserve <code>lastAccountId</code> and <code>lastThreadId</code> across gateway session resets so replies keep routing back to the same account and thread after <code>/reset</code>. (#44773) Thanks @Lanfei.</li>
+<li>macOS/onboarding: avoid self-restarting freshly bootstrapped launchd gateways and give new daemon installs longer to become healthy, so <code>openclaw onboard --install-daemon</code> no longer false-fails on slower Macs and fresh VM snapshots.</li>
+<li>Gateway/status: add <code>openclaw gateway status --require-rpc</code> and clearer Linux non-interactive daemon-install failure reporting so automation can fail hard on probe misses instead of treating a printed RPC error as green.</li>
+<li>macOS/exec approvals: respect per-agent exec approval settings in the gateway prompter, including allowlist fallback when the native prompt cannot be shown, so gateway-triggered <code>system.run</code> requests follow configured policy instead of always prompting or denying unexpectedly. (#13707) Thanks @sliekens.</li>
+<li>Telegram/media downloads: thread the same direct or proxy transport policy into SSRF-guarded file fetches so inbound attachments keep working when Telegram falls back between env-proxy and direct networking. (#44639) Thanks @obviyus.</li>
+<li>Telegram/inbound media IPv4 fallback: retry SSRF-guarded Telegram file downloads once with the same IPv4 fallback policy as Bot API calls so fresh installs on IPv6-broken hosts no longer fail to download inbound images.</li>
+<li>Windows/gateway install: bound <code>schtasks</code> calls and fall back to the Startup-folder login item when task creation hangs, so native <code>openclaw gateway install</code> fails fast instead of wedging forever on broken Scheduled Task setups.</li>
+<li>Windows/gateway stop: resolve Startup-folder fallback listeners from the installed <code>gateway.cmd</code> port, so <code>openclaw gateway stop</code> now actually kills fallback-launched gateway processes before restart.</li>
+<li>Windows/gateway status: reuse the installed service command environment when reading runtime status, so startup-fallback gateways keep reporting the configured port and running state in <code>gateway status --json</code> instead of falling back to <code>gateway port unknown</code>.</li>
+<li>Windows/gateway auth: stop attaching device identity on local loopback shared-token and password gateway calls, so native Windows agent replies no longer log stale <code>device signature expired</code> fallback noise before succeeding.</li>
+<li>Discord/gateway startup: treat plain-text and transient <code>/gateway/bot</code> metadata fetch failures as transient startup errors so Discord gateway boot no longer crashes on unhandled rejections. (#44397) Thanks @jalehman.</li>
+<li>Slack/probe: keep <code>auth.test()</code> bot and team metadata mapping stable while simplifying the probe result path. (#44775) Thanks @Cafexss.</li>
+<li>Dashboard/chat UI: render oversized plain-text replies as normal paragraphs instead of capped gray code blocks, so long desktop chat responses stay readable without tab-switching refreshes.</li>
+<li>Dashboard/chat UI: restore the <code>chat-new-messages</code> class on the New messages scroll pill so the button uses its existing compact styling instead of rendering as a full-screen SVG overlay. (#44856) Thanks @Astro-Han.</li>
+<li>Gateway/Control UI: restore the operator-only device-auth bypass and classify browser connect failures so origin and device-identity problems no longer show up as auth errors in the Control UI and web chat. (#45512) thanks @sallyom.</li>
+<li>macOS/voice wake: stop crashing wake-word command extraction when speech segment ranges come from a different transcript instance.</li>
+<li>Discord/allowlists: honor raw <code>guild_id</code> when hydrated guild objects are missing so allowlisted channels and threads like <code>#maintainers</code> no longer get false-dropped before channel allowlist checks.</li>
+<li>macOS/runtime locator: require Node >=22.16.0 during macOS runtime discovery so the app no longer accepts Node versions that the main runtime guard rejects later. Thanks @sumleo.</li>
+<li>Agents/custom providers: preserve blank API keys for loopback OpenAI-compatible custom providers by clearing the synthetic Authorization header at runtime, while keeping explicit apiKey and oauth/token config from silently downgrading into fake bearer auth. (#45631) Thanks @xinhuagu.</li>
+<li>Models/google-vertex Gemini flash-lite normalization: apply existing bare-ID preview normalization to <code>google-vertex</code> model refs and provider configs so <code>google-vertex/gemini-3.1-flash-lite</code> resolves as <code>gemini-3.1-flash-lite-preview</code>. (#42435) thanks @scoootscooob.</li>
+<li>iMessage/remote attachments: reject unsafe remote attachment paths before spawning SCP, so sender-controlled filenames can no longer inject shell metacharacters into remote media staging. Thanks @lintsinghua.</li>
+<li>Telegram/webhook auth: validate the Telegram webhook secret before reading or parsing request bodies, so unauthenticated requests are rejected immediately instead of consuming up to 1 MB first. Thanks @space08.</li>
+<li>Security/device pairing: make bootstrap setup codes single-use so pending device pairing requests cannot be silently replayed and widened to admin before approval. Thanks @tdjackey.</li>
+<li>Security/external content: strip zero-width and soft-hyphen marker-splitting characters during boundary sanitization so spoofed <code>EXTERNAL_UNTRUSTED_CONTENT</code> markers fall back to the existing hardening path instead of bypassing marker normalization.</li>
+<li>Security/exec approvals: unwrap more <code>pnpm</code> runtime forms during approval binding, including <code>pnpm --reporter ... exec</code> and direct <code>pnpm node</code> file runs, with matching regression coverage and docs updates.</li>
+<li>Security/exec approvals: fail closed for Perl <code>-M</code> and <code>-I</code> approval flows so preload and load-path module resolution stays outside approval-backed runtime execution unless the operator uses a broader explicit trust path.</li>
+<li>Security/exec approvals: recognize PowerShell <code>-File</code> and <code>-f</code> wrapper forms during inline-command extraction so approval and command-analysis paths treat file-based PowerShell launches like the existing <code>-Command</code> variants.</li>
+<li>Security/exec approvals: unwrap <code>env</code> dispatch wrappers inside shell-segment allowlist resolution on macOS so <code>env FOO=bar /path/to/bin</code> resolves against the effective executable instead of the wrapper token.</li>
+<li>Security/exec approvals: treat backslash-newline as shell line continuation during macOS shell-chain parsing so line-continued <code>$(</code> substitutions fail closed instead of slipping past command-substitution checks.</li>
+<li>Security/exec approvals: bind macOS skill auto-allow trust to both executable name and resolved path so same-basename binaries no longer inherit trust from unrelated skill bins.</li>
+<li>Build/plugin-sdk bundling: bundle plugin-sdk subpath entries in one shared build pass so published packages stop duplicating shared chunks and avoid the recent plugin-sdk memory blow-up. (#45426) Thanks @TarasShyn.</li>
+<li>Cron/isolated sessions: route nested cron-triggered embedded runner work onto the nested lane so isolated cron jobs no longer deadlock when compaction or other queued inner work runs. Thanks @vincentkoc.</li>
+<li>Agents/OpenAI-compatible compat overrides: respect explicit user <code>models[].compat</code> opt-ins for non-native <code>openai-completions</code> endpoints so usage-in-streaming capability overrides no longer get forced off when the endpoint actually supports them. (#44432) Thanks @cheapestinference.</li>
+<li>Agents/Azure OpenAI startup prompts: rephrase the built-in <code>/new</code>, <code>/reset</code>, and post-compaction startup instruction so Azure OpenAI deployments no longer hit HTTP 400 false positives from the content filter. (#43403) Thanks @xingsy97.</li>
+<li>Agents/memory bootstrap: load only one root memory file, preferring <code>MEMORY.md</code> and using <code>memory.md</code> as a fallback, so case-insensitive Docker mounts no longer inject duplicate memory context. (#26054) Thanks @Lanfei.</li>
+<li>Agents/compaction: compare post-compaction token sanity checks against full-session pre-compaction totals and skip the check when token estimation fails, so sessions with large bootstrap context keep real token counts instead of falling back to unknown. (#28347) thanks @efe-arv.</li>
+<li>Agents/compaction: preserve safeguard compaction summary language continuity via default and configurable custom instructions so persona drift is reduced after auto-compaction. (#10456) Thanks @keepitmello.</li>
+<li>Agents/tool warnings: distinguish gated core tools like <code>apply_patch</code> from plugin-only unknown entries in <code>tools.profile</code> warnings, so unavailable core tools now report current runtime/provider/model/config gating instead of suggesting a missing plugin.</li>
+<li>Config/validation: accept documented <code>agents.list[].params</code> per-agent overrides in strict config validation so <code>openclaw config validate</code> no longer rejects runtime-supported <code>cacheRetention</code>, <code>temperature</code>, and <code>maxTokens</code> settings. (#41171) Thanks @atian8179.</li>
+<li>Config/web fetch: restore runtime validation for documented <code>tools.web.fetch.readability</code> and <code>tools.web.fetch.firecrawl</code> settings so valid web fetch configs no longer fail with unrecognized-key errors. (#42583) Thanks @stim64045-spec.</li>
+<li>Signal/config validation: add <code>channels.signal.groups</code> schema support so per-group <code>requireMention</code>, <code>tools</code>, and <code>toolsBySender</code> overrides no longer get rejected during config validation. (#27199) Thanks @unisone.</li>
+<li>Config/discovery: accept <code>discovery.wideArea.domain</code> in strict config validation so unicast DNS-SD gateway configs no longer fail with an unrecognized-key error. (#35615) Thanks @ingyukoh.</li>
+<li>Telegram/media errors: redact Telegram file URLs before building media fetch errors so failed inbound downloads do not leak bot tokens into logs. Thanks @space08.</li>
+</ul>
+<p><a href="https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md">View full changelog</a></p>
+]]></description>
+            <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.3.13/OpenClaw-2026.3.13.zip" length="23640917" type="application/octet-stream" sparkle:edSignature="Me63UHSpFLocTo5Lt7Iqsl0Hq61y3jTcZ9DUkiFl9xQvTE0+ORuqRMFWqPgYwfaKMgcgQmUbrV/uFzEoTIRHBA=="/>
+        </item>
         <item>
             <title>2026.3.12</title>
             <pubDate>Fri, 13 Mar 2026 04:25:50 +0000</pubDate>
@@ -168,367 +244,5 @@
 ]]></description>
             <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.3.8-beta.1/OpenClaw-2026.3.8-beta.1.zip" length="23407015" type="application/octet-stream" sparkle:edSignature="KCqhSmu4b0tHf55RqcQOHorsc55CgBI5BUmK/NTizxNq04INn/7QvsamHYQou9DbB2IW6B2nawBC4nn4au5yDA=="/>
         </item>
-        <item>
-            <title>2026.3.7</title>
-            <pubDate>Sun, 08 Mar 2026 04:42:35 +0000</pubDate>
-            <link>https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml</link>
-            <sparkle:version>2026030790</sparkle:version>
-            <sparkle:shortVersionString>2026.3.7</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>OpenClaw 2026.3.7</h2>
-<h3>Changes</h3>
-<ul>
-<li>Agents/context engine plugin interface: add <code>ContextEngine</code> plugin slot with full lifecycle hooks (<code>bootstrap</code>, <code>ingest</code>, <code>assemble</code>, <code>compact</code>, <code>afterTurn</code>, <code>prepareSubagentSpawn</code>, <code>onSubagentEnded</code>), slot-based registry with config-driven resolution, <code>LegacyContextEngine</code> wrapper preserving existing compaction behavior, scoped subagent runtime for plugin runtimes via <code>AsyncLocalStorage</code>, and <code>sessions.get</code> gateway method. Enables plugins like <code>lossless-claw</code> to provide alternative context management strategies without modifying core compaction logic. Zero behavior change when no context engine plugin is configured. (#22201) thanks @jalehman.</li>
-<li>ACP/persistent channel bindings: add durable Discord channel and Telegram topic binding storage, routing resolution, and CLI/docs support so ACP thread targets survive restarts and can be managed consistently. (#34873) Thanks @dutifulbob.</li>
-<li>Telegram/ACP topic bindings: accept Telegram Mac Unicode dash option prefixes in <code>/acp spawn</code>, support Telegram topic thread binding (<code>--thread here|auto</code>), route bound-topic follow-ups to ACP sessions, add actionable Telegram approval buttons with prefixed approval-id resolution, and pin successful bind confirmations in-topic. (#36683) Thanks @huntharo.</li>
-<li>Telegram/topic agent routing: support per-topic <code>agentId</code> overrides in forum groups and DM topics so topics can route to dedicated agents with isolated sessions. (#33647; based on #31513) Thanks @kesor and @Sid-Qin.</li>
-<li>Web UI/i18n: add Spanish (<code>es</code>) locale support in the Control UI, including locale detection, lazy loading, and language picker labels across supported locales. (#35038) Thanks @DaoPromociones.</li>
-<li>Onboarding/web search: add provider selection step and full provider list in configure wizard, with SecretRef ref-mode support during onboarding. (#34009) Thanks @kesku and @thewilloftheshadow.</li>
-<li>Tools/Web search: switch Perplexity provider to Search API with structured results plus new language/region/time filters. (#33822) Thanks @kesku.</li>
-<li>Gateway: add SecretRef support for gateway.auth.token with auth-mode guardrails. (#35094) Thanks @joshavant.</li>
-<li>Docker/Podman extension dependency baking: add <code>OPENCLAW_EXTENSIONS</code> so container builds can preinstall selected bundled extension npm dependencies into the image for faster and more reproducible startup in container deployments. (#32223) Thanks @sallyom.</li>
-<li>Plugins/before_prompt_build system-context fields: add <code>prependSystemContext</code> and <code>appendSystemContext</code> so static plugin guidance can be placed in system prompt space for provider caching and lower repeated prompt token cost. (#35177) thanks @maweibin.</li>
-<li>Plugins/hook policy: add <code>plugins.entries.<id>.hooks.allowPromptInjection</code>, validate unknown typed hook names at runtime, and preserve legacy <code>before_agent_start</code> model/provider overrides while stripping prompt-mutating fields when prompt injection is disabled. (#36567) thanks @gumadeiras.</li>
-<li>Hooks/Compaction lifecycle: emit <code>session:compact:before</code> and <code>session:compact:after</code> internal events plus plugin compaction callbacks with session/count metadata, so automations can react to compaction runs consistently. (#16788) thanks @vincentkoc.</li>
-<li>Agents/compaction post-context configurability: add <code>agents.defaults.compaction.postCompactionSections</code> so deployments can choose which <code>AGENTS.md</code> sections are re-injected after compaction, while preserving legacy fallback behavior when the documented default pair is configured in any order. (#34556) thanks @efe-arv.</li>
-<li>TTS/OpenAI-compatible endpoints: add <code>messages.tts.openai.baseUrl</code> config support with config-over-env precedence, endpoint-aware directive validation, and OpenAI TTS request routing to the resolved base URL. (#34321) thanks @RealKai42.</li>
-<li>Slack/DM typing feedback: add <code>channels.slack.typingReaction</code> so Socket Mode DMs can show reaction-based processing status even when Slack native assistant typing is unavailable. (#19816) Thanks @dalefrieswthat.</li>
-<li>Discord/allowBots mention gating: add <code>allowBots: "mentions"</code> to only accept bot-authored messages that mention the bot. Thanks @thewilloftheshadow.</li>
-<li>Agents/tool-result truncation: preserve important tail diagnostics by using head+tail truncation for oversized tool results while keeping configurable truncation options. (#20076) thanks @jlwestsr.</li>
-<li>Cron/job snapshot persistence: skip backup during normalization persistence in <code>ensureLoaded</code> so <code>jobs.json.bak</code> keeps the pre-edit snapshot for recovery, while preserving backup creation on explicit user-driven writes. (#35234) Thanks @0xsline.</li>
-<li>CLI: make read-only SecretRef status flows degrade safely (#37023) thanks @joshavant.</li>
-<li>Tools/Diffs guidance: restore a short system-prompt hint for enabled diffs while keeping the detailed instructions in the companion skill, so diffs usage guidance stays out of user-prompt space. (#36904) thanks @gumadeiras.</li>
-<li>Tools/Diffs guidance loading: move diffs usage guidance from unconditional prompt-hook injection to the plugin companion skill path, reducing unrelated-turn prompt noise while keeping diffs tool behavior unchanged. (#32630) thanks @sircrumpet.</li>
-<li>Docs/Web search: remove outdated Brave free-tier wording and replace prescriptive AI ToS guidance with neutral compliance language in Brave setup docs. (#26860) Thanks @HenryLoenwind.</li>
-<li>Config/Compaction safeguard tuning: expose <code>agents.defaults.compaction.recentTurnsPreserve</code> and quality-guard retry knobs through the validated config surface and embedded-runner wiring, with regression coverage for real config loading and schema metadata. (#25557) thanks @rodrigouroz.</li>
-<li>iOS/App Store Connect release prep: align iOS bundle identifiers under <code>ai.openclaw.client</code>, refresh Watch app icons, add Fastlane metadata/screenshot automation, and support Keychain-backed ASC auth for uploads. (#38936) Thanks @ngutman.</li>
-<li>Mattermost/model picker: add Telegram-style interactive provider/model browsing for <code>/oc_model</code> and <code>/oc_models</code>, fix picker callback updates, and emit a normal confirmation reply when a model is selected. (#38767) thanks @mukhtharcm.</li>
-<li>Docker/multi-stage build: restructure Dockerfile as a multi-stage build to produce a minimal runtime image without build tools, source code, or Bun; add <code>OPENCLAW_VARIANT=slim</code> build arg for a bookworm-slim variant. (#38479) Thanks @sallyom.</li>
-<li>Google/Gemini 3.1 Flash-Lite: add first-class <code>google/gemini-3.1-flash-lite-preview</code> support across model-id normalization, default aliases, media-understanding image lookups, Google Gemini CLI forward-compat fallback, and docs.</li>
-</ul>
-<h3>Breaking</h3>
-<ul>
-<li><strong>BREAKING:</strong> Gateway auth now requires explicit <code>gateway.auth.mode</code> when both <code>gateway.auth.token</code> and <code>gateway.auth.password</code> are configured (including SecretRefs). Set <code>gateway.auth.mode</code> to <code>token</code> or <code>password</code> before upgrade to avoid startup/pairing/TUI failures. (#35094) Thanks @joshavant.</li>
-</ul>
-<h3>Fixes</h3>
-<ul>
-<li>Models/MiniMax: stop advertising removed <code>MiniMax-M2.5-Lightning</code> in built-in provider catalogs, onboarding metadata, and docs; keep the supported fast-tier model as <code>MiniMax-M2.5-highspeed</code>.</li>
-<li>Security/Config: fail closed when <code>loadConfig()</code> hits validation or read errors so invalid configs cannot silently fall back to permissive runtime defaults. (#9040) Thanks @joetomasone.</li>
-<li>Memory/Hybrid search: preserve negative FTS5 BM25 relevance ordering in <code>bm25RankToScore()</code> so stronger keyword matches rank above weaker ones instead of collapsing or reversing scores. (#33757) Thanks @lsdcc01.</li>
-<li>LINE/<code>requireMention</code> group gating: align inbound and reply-stage LINE group policy resolution across raw, <code>group:</code>, and <code>room:</code> keys (including account-scoped group config), preserve plugin-backed reply-stage fallback behavior, and add regression coverage for prefixed-only group/room config plus reply-stage policy resolution. (#35847) Thanks @kirisame-wang.</li>
-<li>Onboarding/local setup: default unset local <code>tools.profile</code> to <code>coding</code> instead of <code>messaging</code>, restoring file/runtime tools for fresh local installs while preserving explicit user-set profiles. (from #38241, overlap with #34958) Thanks @cgdusek.</li>
-<li>Gateway/Telegram stale-socket restart guard: only apply stale-socket restarts to channels that publish event-liveness timestamps, preventing Telegram providers from being misclassified as stale solely due to long uptime and avoiding restart/pairing storms after upgrade. (openclaw#38464)</li>
-<li>Onboarding/headless Linux daemon probe hardening: treat <code>systemctl --user is-enabled</code> probe failures as non-fatal during daemon install flow so onboarding no longer crashes on SSH/headless VPS environments before showing install guidance. (#37297) Thanks @acarbajal-web.</li>
-<li>Memory/QMD mcporter Windows spawn hardening: when <code>mcporter.cmd</code> launch fails with <code>spawn EINVAL</code>, retry via bare <code>mcporter</code> shell resolution so QMD recall can continue instead of falling back to builtin memory search. (#27402) Thanks @i0ivi0i.</li>
-<li>Tools/web_search Brave language-code validation: align <code>search_lang</code> handling with Brave-supported codes (including <code>zh-hans</code>, <code>zh-hant</code>, <code>en-gb</code>, and <code>pt-br</code>), map common alias inputs (<code>zh</code>, <code>ja</code>) to valid Brave values, and reject unsupported codes before upstream requests to prevent 422 failures. (#37260) Thanks @heyanming.</li>
-<li>Models/openai-completions streaming compatibility: force <code>compat.supportsUsageInStreaming=false</code> for non-native OpenAI-compatible endpoints during model normalization, preventing usage-only stream chunks from triggering <code>choices[0]</code> parser crashes in provider streams. (#8714) Thanks @nonanon1.</li>
-<li>Tools/xAI native web-search collision guard: drop OpenClaw <code>web_search</code> from tool registration when routing to xAI/Grok model providers (including OpenRouter <code>x-ai/*</code>) to avoid duplicate tool-name request failures against provider-native <code>web_search</code>. (#14749) Thanks @realsamrat.</li>
-<li>TUI/token copy-safety rendering: treat long credential-like mixed alphanumeric tokens (including quoted forms) as copy-sensitive in render sanitization so formatter hard-wrap guards no longer inject visible spaces into auth-style values before display. (#26710) Thanks @jasonthane.</li>
-<li>WhatsApp/self-chat response prefix fallback: stop forcing <code>"[openclaw]"</code> as the implicit outbound response prefix when no identity name or response prefix is configured, so blank/default prefix settings no longer inject branding text unexpectedly in self-chat flows. (#27962) Thanks @ecanmor.</li>
-<li>Memory/QMD search result decoding: accept <code>qmd search</code> hits that only include <code>file</code> URIs (for example <code>qmd://collection/path.md</code>) without <code>docid</code>, resolve them through managed collection roots, and keep multi-collection results keyed by file fallback so valid QMD hits no longer collapse to empty <code>memory_search</code> output. (#28181) Thanks @0x76696265.</li>
-<li>Memory/QMD collection-name conflict recovery: when <code>qmd collection add</code> fails because another collection already occupies the same <code>path + pattern</code>, detect the conflicting collection from <code>collection list</code>, remove it, and retry add so agent-scoped managed collections are created deterministically instead of being silently skipped; also add warning-only fallback when qmd metadata is unavailable to avoid destructive guesses. (#25496) Thanks @Ramsbaby.</li>
-<li>Slack/app_mention race dedupe: when <code>app_mention</code> dispatch wins while same-<code>ts</code> <code>message</code> prepare is still in-flight, suppress the later message dispatch so near-simultaneous Slack deliveries do not produce duplicate replies; keep single-retry behavior and add regression coverage for both dropped and successful message-prepare outcomes. (#37033) Thanks @Takhoffman.</li>
-<li>Gateway/chat streaming tool-boundary text retention: merge assistant delta segments into per-run chat buffers so pre-tool text is preserved in live chat deltas/finals when providers emit post-tool assistant segments as non-prefix snapshots. (#36957) Thanks @Datyedyeguy.</li>
-<li>TUI/model indicator freshness: prevent stale session snapshots from overwriting freshly patched model selection (and reset per-session freshness when switching session keys) so <code>/model</code> updates reflect immediately instead of lagging by one or more commands. (#21255) Thanks @kowza.</li>
-<li>TUI/final-error rendering fallback: when a chat <code>final</code> event has no renderable assistant content but includes envelope <code>errorMessage</code>, render the formatted error text instead of collapsing to <code>"(no output)"</code>, preserving actionable failure context in-session. (#14687) Thanks @Mquarmoc.</li>
-<li>TUI/session-key alias event matching: treat chat events whose session keys are canonical aliases (for example <code>agent:<id>:main</code> vs <code>main</code>) as the same session while preserving cross-agent isolation, so assistant replies no longer disappear or surface in another terminal window due to strict key-form mismatch. (#33937) Thanks @yjh1412.</li>
-<li>OpenAI Codex OAuth/login parity: keep <code>openclaw models auth login --provider openai-codex</code> on the built-in path even without provider plugins, preserve Pi-generated authorize URLs without local scope rewriting, and stop validating successful Codex sign-ins against the public OpenAI Responses API after callback. (#37558; follow-up to #36660 and #24720) Thanks @driesvints, @Skippy-Gunboat, and @obviyus.</li>
-<li>Agents/config schema lookup: add <code>gateway</code> tool action <code>config.schema.lookup</code> so agents can inspect one config path at a time before edits without loading the full schema into prompt context. (#37266) Thanks @gumadeiras.</li>
-<li>Onboarding/API key input hardening: strip non-Latin1 Unicode artifacts from normalized secret input (while preserving Latin-1 content and internal spaces) so malformed copied API keys cannot trigger HTTP header <code>ByteString</code> construction crashes; adds regression coverage for shared normalization and MiniMax auth header usage. (#24496) Thanks @fa6maalassaf.</li>
-<li>Kimi Coding/Anthropic tools compatibility: normalize <code>anthropic-messages</code> tool payloads to OpenAI-style <code>tools[].function</code> + compatible <code>tool_choice</code> when targeting Kimi Coding endpoints, restoring tool-call workflows that regressed after v2026.3.2. (#37038) Thanks @mochimochimochi-hub.</li>
-<li>Heartbeat/workspace-path guardrails: append explicit workspace <code>HEARTBEAT.md</code> path guidance (and <code>docs/heartbeat.md</code> avoidance) to heartbeat prompts so heartbeat runs target workspace checklists reliably across packaged install layouts. (#37037) Thanks @stofancy.</li>
-<li>Subagents/kill-complete announce race: when a late <code>subagent-complete</code> lifecycle event arrives after an earlier kill marker, clear stale kill suppression/cleanup flags and re-run announce cleanup so finished runs no longer get silently swallowed. (#37024) Thanks @cmfinlan.</li>
-<li>Agents/tool-result cleanup timeout hardening: on embedded runner teardown idle timeouts, clear pending tool-call state without persisting synthetic <code>missing tool result</code> entries, preventing timeout cleanups from poisoning follow-up turns; adds regression coverage for timeout clear-vs-flush behavior. (#37081) Thanks @Coyote-Den.</li>
-<li>Agents/openai-completions stream timeout hardening: ensure runtime undici global dispatchers use extended streaming body/header timeouts (including env-proxy dispatcher mode) before embedded runs, reducing forced mid-stream <code>terminated</code> failures on long generations; adds regression coverage for dispatcher selection and idempotent reconfiguration. (#9708) Thanks @scottchguard.</li>
-<li>Agents/fallback cooldown probe execution: thread explicit rate-limit cooldown probe intent from model fallback into embedded runner auth-profile selection so same-provider fallback attempts can actually run when all profiles are cooldowned for <code>rate_limit</code> (instead of failing pre-run as <code>No available auth profile</code>), while preserving default cooldown skip behavior and adding regression tests at both fallback and runner layers. (#13623) Thanks @asfura.</li>
-<li>Cron/OpenAI Codex OAuth refresh hardening: when <code>openai-codex</code> token refresh fails specifically on account-id extraction, reuse the cached access token instead of failing the run immediately, with regression coverage to keep non-Codex and unrelated refresh failures unchanged. (#36604) Thanks @laulopezreal.</li>
-<li>TUI/session isolation for <code>/new</code>: make <code>/new</code> allocate a unique <code>tui-<uuid></code> session key instead of resetting the shared agent session, so multiple TUI clients on the same agent stop receiving each other’s replies; also sanitize <code>/new</code> and <code>/reset</code> failure text before rendering in-terminal. Landed from contributor PR #39238 by @widingmarcus-cyber. Thanks @widingmarcus-cyber.</li>
-<li>Synology Chat/rate-limit env parsing: honor <code>SYNOLOGY_RATE_LIMIT=0</code> as an explicit value while still falling back to the default limit for malformed env values instead of partially parsing them. Landed from contributor PR #39197 by @scoootscooob. Thanks @scoootscooob.</li>
-<li>Voice-call/OpenAI Realtime STT config defaults: honor explicit <code>vadThreshold: 0</code> and <code>silenceDurationMs: 0</code> instead of silently replacing them with defaults. Landed from contributor PR #39196 by @scoootscooob. Thanks @scoootscooob.</li>
-<li>Voice-call/OpenAI TTS speed config: honor explicit <code>speed: 0</code> instead of silently replacing it with the default speed. Landed from contributor PR #39318 by @ql-wade. Thanks @ql-wade.</li>
-<li>launchd/runtime PID parsing: reject <code>pid <= 0</code> from <code>launchctl print</code> so the daemon state parser no longer treats kernel/non-running sentinel values as real process IDs. Landed from contributor PR #39281 by @mvanhorn. Thanks @mvanhorn.</li>
-<li>Cron/file permission hardening: enforce owner-only (<code>0600</code>) cron store/backup/run-log files and harden cron store + run-log directories to <code>0700</code>, including pre-existing directories from older installs. (#36078) Thanks @aerelune.</li>
-<li>Gateway/remote WS break-glass hostname support: honor <code>OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1</code> for <code>ws://</code> hostname URLs (not only private IP literals) across onboarding validation and runtime gateway connection checks, while still rejecting public IP literals and non-unicast IPv6 endpoints. (#36930) Thanks @manju-rn.</li>
-<li>Routing/binding lookup scalability: pre-index route bindings by channel/account and avoid full binding-list rescans on channel-account cache rollover, preventing multi-second <code>resolveAgentRoute</code> stalls in large binding configurations. (#36915) Thanks @songchenghao.</li>
-<li>Browser/session cleanup: track browser tabs opened by session-scoped browser tool runs and close tracked tabs during <code>sessions.reset</code>/<code>sessions.delete</code> runtime cleanup, preventing orphaned tabs and unbounded browser memory growth after session teardown. (#36666) Thanks @Harnoor6693.</li>
-<li>Plugin/hook install rollback hardening: stage installs under the canonical install base, validate and run dependency installs before publish, and restore updates by rename instead of deleting the target path, reducing partial-replace and symlink-rebind risk during install failures.</li>
-<li>Slack/local file upload allowlist parity: propagate <code>mediaLocalRoots</code> through the Slack send action pipeline so workspace-rooted attachments pass <code>assertLocalMediaAllowed</code> checks while non-allowlisted paths remain blocked. (synthesis: #36656; overlap considered from #36516, #36496, #36493, #36484, #32648, #30888) Thanks @2233admin.</li>
-<li>Agents/compaction safeguard pre-check: skip embedded compaction before entering the Pi SDK when a session has no real conversation messages, avoiding unnecessary LLM API calls on idle sessions. (#36451) thanks @Sid-Qin.</li>
-<li>Config/schema cache key stability: build merged schema cache keys with incremental hashing to avoid large single-string serialization and prevent <code>RangeError: Invalid string length</code> on high-cardinality plugin/channel metadata. (#36603) Thanks @powermaster888.</li>
-<li>iMessage/cron completion announces: strip leaked inline reply tags (for example <code>[[reply_to:6100]]</code>) from user-visible completion text so announcement deliveries do not expose threading metadata. (#24600) Thanks @vincentkoc.</li>
-<li>Control UI/iMessage duplicate reply routing: keep internal webchat turns on dispatcher delivery (instead of origin-channel reroute) so Control UI chats do not duplicate replies into iMessage, while preserving webchat-provider relayed routing for external surfaces. Fixes #33483. Thanks @alicexmolt.</li>
-<li>Sessions/daily reset transcript archival: archive prior transcript files during stale-session scheduled/daily resets by capturing the previous session entry before rollover, preventing orphaned transcript files on disk. (#35493) Thanks @byungsker.</li>
-<li>Feishu/group slash command detection: normalize group mention wrappers before command-authorization probing so mention-prefixed commands (for example <code>@Bot/model</code> and <code>@Bot /reset</code>) are recognized as gateway commands instead of being forwarded to the agent. (#35994) Thanks @liuxiaopai-ai.</li>
-<li>Control UI/auth token separation: keep the shared gateway token in browser auth validation while reserving cached device tokens for signed device payloads, preventing false <code>device token mismatch</code> disconnects after restart/rotation. Landed from contributor PR #37382 by @FradSer. Thanks @FradSer.</li>
-<li>Gateway/browser auth reconnect hardening: stop counting missing token/password submissions as auth rate-limit failures, and stop auto-reconnecting Control UI clients on non-recoverable auth errors so misconfigured browser tabs no longer lock out healthy sessions. Landed from contributor PR #38725 by @ademczuk. Thanks @ademczuk.</li>
-<li>Gateway/service token drift repair: stop persisting shared auth tokens into installed gateway service units, flag stale embedded service tokens for reinstall, and treat tokenless service env as canonical so token rotation/reboot flows stay aligned with config/env resolution. Landed from contributor PR #28428 by @l0cka. Thanks @l0cka.</li>
-<li>Control UI/agents-page selection: keep the edited agent selected after saving agent config changes and reloading the agents list, so <code>/agents</code> no longer snaps back to the default agent. Landed from contributor PR #39301 by @MumuTW. Thanks @MumuTW.</li>
-<li>Gateway/auth follow-up hardening: preserve systemd <code>EnvironmentFile=</code> precedence/source provenance in daemon audits and doctor repairs, block shared-password override flows from piggybacking cached device tokens, and fail closed when config-first gateway SecretRefs cannot resolve. Follow-up to #39241.</li>
-<li>Agents/context pruning: guard assistant thinking/text char estimation against malformed blocks (missing <code>thinking</code>/<code>text</code> strings or null entries) so pruning no longer crashes with malformed provider content. (openclaw#35146) thanks @Sid-Qin.</li>
-<li>Agents/transcript policy: set <code>preserveSignatures</code> to Anthropic-only handling in <code>resolveTranscriptPolicy</code> so Anthropic thinking signatures are preserved while non-Anthropic providers remain unchanged. (#32813) thanks @Sid-Qin.</li>
-<li>Agents/schema cleaning: detect Venice + Grok model IDs as xAI-proxied targets so unsupported JSON Schema keywords are stripped before requests, preventing Venice/Grok <code>Invalid arguments</code> failures. (openclaw#35355) thanks @Sid-Qin.</li>
-<li>Skills/native command deduplication: centralize skill command dedupe by canonical <code>skillName</code> in <code>listSkillCommandsForAgents</code> so duplicate suffixed variants (for example <code>_2</code>) are no longer surfaced across interfaces outside Discord. (#27521) thanks @shivama205.</li>
-<li>Agents/xAI tool-call argument decoding: decode HTML-entity encoded xAI/Grok tool-call argument values (<code>&amp;</code>, <code>&quot;</code>, <code>&lt;</code>, <code>&gt;</code>, numeric entities) before tool execution so commands with shell operators and quotes no longer fail with parse errors. (#35276) Thanks @Sid-Qin.</li>
-<li>Linux/WSL2 daemon install hardening: add regression coverage for WSL environment detection, WSL-specific systemd guidance, and <code>systemctl --user is-enabled</code> failure paths so WSL2/headless onboarding keeps treating bus-unavailable probes as non-fatal while preserving real permission errors. Related: #36495. Thanks @vincentkoc.</li>
-<li>Linux/systemd status and degraded-session handling: treat degraded-but-reachable <code>systemctl --user status</code> results as available, preserve early errors for truly unavailable user-bus cases, and report externally managed running services as running instead of <code>not installed</code>. Thanks @vincentkoc.</li>
-<li>Agents/thinking-tag promotion hardening: guard <code>promoteThinkingTagsToBlocks</code> against malformed assistant content entries (<code>null</code>/<code>undefined</code>) before <code>block.type</code> reads so malformed provider payloads no longer crash session processing while preserving pass-through behavior. (#35143) thanks @Sid-Qin.</li>
-<li>Gateway/Control UI version reporting: align runtime and browser client version metadata to avoid <code>dev</code> placeholders, wait for bootstrap version before first UI websocket connect, and only forward bootstrap <code>serverVersion</code> to same-origin gateway targets to prevent cross-target version leakage. (from #35230, #30928, #33928) Thanks @Sid-Qin, @joelnishanth, and @MoerAI.</li>
-<li>Control UI/markdown parser crash fallback: catch <code>marked.parse()</code> failures and fall back to escaped plain-text <code><pre></code> rendering so malformed recursive markdown no longer crashes Control UI session rendering on load. (#36445) Thanks @BinHPdev.</li>
-<li>Control UI/markdown fallback regression coverage: add explicit regression assertions for parser-error fallback behavior so malformed markdown no longer risks reintroducing hard-crash rendering paths in future markdown/parser upgrades. (#36445) Thanks @BinHPdev.</li>
-<li>Web UI/config form: treat <code>additionalProperties: true</code> object schemas as editable map entries instead of unsupported fields so Accounts-style maps stay editable in form mode. (#35380, supersedes #32072) Thanks @stakeswky and @liuxiaopai-ai.</li>
-<li>Feishu/streaming card delivery synthesis: unify snapshot and delta streaming merge semantics, apply overlap-aware final merge, suppress duplicate final text delivery (including text+media final packets), prefer topic-thread <code>message.reply</code> routing when a reply target exists, and tune card print cadence to avoid duplicate incremental rendering. (from #33245, #32896, #33840) Thanks @rexl2018, @kcinzgg, and @aerelune.</li>
-<li>Feishu/group mention detection: carry startup-probed bot display names through monitor dispatch so <code>requireMention</code> checks compare against current bot identity instead of stale config names, fixing missed <code>@bot</code> handling in groups while preserving multi-bot false-positive guards. (#36317, #34271) Thanks @liuxiaopai-ai.</li>
-<li>Security/dependency audit: patch transitive Hono vulnerabilities by pinning <code>hono</code> to <code>4.12.5</code> and <code>@hono/node-server</code> to <code>1.19.10</code> in production resolution paths. Thanks @shakkernerd.</li>
-<li>Security/dependency audit: bump <code>tar</code> to <code>7.5.10</code> (from <code>7.5.9</code>) to address the high-severity hardlink path traversal advisory (<code>GHSA-qffp-2rhf-9h96</code>). Thanks @shakkernerd.</li>
-<li>Cron/announce delivery robustness: bypass pending-descendant announce guards for cron completion sends, ensure named-agent announce routes have outbound session entries, and fall back to direct delivery only when an announce send was actually attempted and failed. (from #35185, #32443, #34987) Thanks @Sid-Qin, @scoootscooob, and @bmendonca3.</li>
-<li>Cron/announce best-effort fallback: run direct outbound fallback after attempted announce failures even when delivery is configured as best-effort, so Telegram cron sends are not left as attempted-but-undelivered after <code>cron announce delivery failed</code> warnings.</li>
-<li>Auto-reply/system events: restore runtime system events to the message timeline (<code>System:</code> lines), preserve think-hint parsing with prepended events, and carry events into deferred followup/collect/steer-backlog prompts to keep cache behavior stable without dropping queued metadata. (#34794) Thanks @anisoptera.</li>
-<li>Security/audit account handling: avoid prototype-chain account IDs in audit validation by using own-property checks for <code>accounts</code>. (#34982) Thanks @HOYALIM.</li>
-<li>Cron/restart catch-up semantics: replay interrupted recurring jobs and missed immediate cron slots on startup without replaying interrupted one-shot jobs, with guarded missed-slot probing to avoid malformed-schedule startup aborts and duplicate-trigger drift after restart. (from #34466, #34896, #34625, #33206) Thanks @dunamismax, @dsantoreis, @Octane0411, and @Sid-Qin.</li>
-<li>Venice/provider onboarding hardening: align per-model Venice completion-token limits with discovery metadata, clamp untrusted discovery values to safe bounds, sync the static Venice fallback catalog with current live model metadata, and disable tool wiring for Venice models that do not support function calling so default Venice setups no longer fail with <code>max_completion_tokens</code> or unsupported-tools 400s. Fixes #38168. Thanks @Sid-Qin, @powermaster888 and @vincentkoc.</li>
-<li>Agents/session usage tracking: preserve accumulated usage metadata on embedded Pi runner error exits so failed turns still update session <code>totalTokens</code> from real usage instead of stale prior values. (#34275) thanks @RealKai42.</li>
-<li>Slack/reaction thread context routing: carry Slack native DM channel IDs through inbound context and threading tool resolution so reaction targets resolve consistently for DM <code>To=user:*</code> sessions (including <code>toolContext.currentChannelId</code> fallback behavior). (from #34831; overlaps #34440, #34502, #34483, #32754) Thanks @dunamismax.</li>
-<li>Subagents/announce completion scoping: scope nested direct-child completion aggregation to the current requester run window, harden frozen completion capture for deterministic descendant synthesis, and route completion announce delivery through parent-agent announce turns with provenance-aware internal events. (#35080) Thanks @tyler6204.</li>
-<li>Nodes/system.run approval hardening: use explicit argv-mutation signaling when regenerating prepared <code>rawCommand</code>, and cover the <code>system.run.prepare -> system.run</code> handoff so direct PATH-based <code>nodes.run</code> commands no longer fail with <code>rawCommand does not match command</code>. (#33137) thanks @Sid-Qin.</li>
-<li>Models/custom provider headers: propagate <code>models.providers.<name>.headers</code> across inline, fallback, and registry-found model resolution so header-authenticated proxies consistently receive configured request headers. (#27490) thanks @Sid-Qin.</li>
-<li>Ollama/remote provider auth fallback: synthesize a local runtime auth key for explicitly configured <code>models.providers.ollama</code> entries that omit <code>apiKey</code>, so remote Ollama endpoints run without requiring manual dummy-key setup while preserving env/profile/config key precedence and missing-config failures. (#11283) Thanks @cpreecs.</li>
-<li>Ollama/custom provider headers: forward resolved model headers into native Ollama stream requests so header-authenticated Ollama proxies receive configured request headers. (#24337) thanks @echoVic.</li>
-<li>Ollama/compaction and summarization: register custom <code>api: "ollama"</code> handling for compaction, branch-style internal summarization, and TTS text summarization on current <code>main</code>, so native Ollama models no longer fail with <code>No API provider registered for api: ollama</code> outside the main run loop. Thanks @JaviLib.</li>
-<li>Daemon/systemd install robustness: treat <code>systemctl --user is-enabled</code> exit-code-4 <code>not-found</code> responses as not-enabled by combining stderr/stdout detail parsing, so Ubuntu fresh installs no longer fail with <code>systemctl is-enabled unavailable</code>. (#33634) Thanks @Yuandiaodiaodiao.</li>
-<li>Slack/system-event session routing: resolve reaction/member/pin/interaction system-event session keys through channel/account bindings (with sender-aware DM routing) so inbound Slack events target the correct agent session in multi-account setups instead of defaulting to <code>agent:main</code>. (#34045) Thanks @paulomcg, @daht-mad and @vincentkoc.</li>
-<li>Slack/native streaming markdown conversion: stop pre-normalizing text passed to Slack native <code>markdown_text</code> in streaming start/append/stop paths to prevent Markdown style corruption from double conversion. (#34931)</li>
-<li>Gateway/HTTP tools invoke media compatibility: preserve raw media payload access for direct <code>/tools/invoke</code> clients by allowing media <code>nodes</code> invoke commands only in HTTP tool context, while keeping agent-context media invoke blocking to prevent base64 prompt bloat. (#34365) Thanks @obviyus.</li>
-<li>Security/archive ZIP hardening: extract ZIP entries via same-directory temp files plus atomic rename, then re-open and reject post-rename hardlink alias races outside the destination root.</li>
-<li>Agents/Nodes media outputs: add dedicated <code>photos_latest</code> action handling, block media-returning <code>nodes invoke</code> commands, keep metadata-only <code>camera.list</code> invoke allowed, and normalize empty <code>photos_latest</code> results to a consistent response shape to prevent base64 context bloat. (#34332) Thanks @obviyus.</li>
-<li>TUI/session-key canonicalization: normalize <code>openclaw tui --session</code> values to lowercase so uppercase session names no longer drop real-time streaming updates due to gateway/TUI key mismatches. (#33866, #34013) thanks @lynnzc.</li>
-<li>iMessage/echo loop hardening: strip leaked assistant-internal scaffolding from outbound iMessage replies, drop reflected assistant-content messages before they re-enter inbound processing, extend echo-cache text retention for delayed reflections, and suppress repeated loop traffic before it amplifies into queue overflow. (#33295) Thanks @joelnishanth.</li>
-<li>Skills/workspace boundary hardening: reject workspace and extra-dir skill roots or <code>SKILL.md</code> files whose realpath escapes the configured source root, and skip syncing those escaped skills into sandbox workspaces.</li>
-<li>Outbound/send config threading: pass resolved SecretRef config through outbound adapters and helper send paths so send flows do not reload unresolved runtime config. (#33987) Thanks @joshavant.</li>
-<li>gateway: harden shared auth resolution across systemd, discord, and node host (#39241) Thanks @joshavant.</li>
-<li>Secrets/models.json persistence hardening: keep SecretRef-managed api keys + headers from persisting in generated models.json, expand audit/apply coverage, and harden marker handling/serialization. (#38955) Thanks @joshavant.</li>
-<li>Sessions/subagent attachments: remove <code>attachments[].content.maxLength</code> from <code>sessions_spawn</code> schema to avoid llama.cpp GBNF repetition overflow, and preflight UTF-8 byte size before buffer allocation while keeping runtime file-size enforcement unchanged. (#33648) Thanks @anisoptera.</li>
-<li>Runtime/tool-state stability: recover from dangling Anthropic <code>tool_use</code> after compaction, serialize long-running Discord handler runs without blocking new inbound events, and prevent stale busy snapshots from suppressing stuck-channel recovery. (from #33630, #33583) Thanks @kevinWangSheng and @theotarr.</li>
-<li>ACP/Discord startup hardening: clean up stuck ACP worker children on gateway restart, unbind stale ACP thread bindings during Discord startup reconciliation, and add per-thread listener watchdog timeouts so wedged turns cannot block later messages. (#33699) Thanks @dutifulbob.</li>
-<li>Extensions/media local-root propagation: consistently forward <code>mediaLocalRoots</code> through extension <code>sendMedia</code> adapters (Google Chat, Slack, iMessage, Signal, WhatsApp), preserving non-local media behavior while restoring local attachment resolution from configured roots. Synthesis of #33581, #33545, #33540, #33536, #33528. Thanks @bmendonca3.</li>
-<li>Gateway/plugin HTTP auth hardening: require gateway auth when any overlapping matched route needs it, block mixed-auth fallthrough at dispatch, and reject mixed-auth exact/prefix route overlaps during plugin registration.</li>
-<li>Feishu/video media send contract: keep mp4-like outbound payloads on <code>msg_type: "media"</code> (including reply and reply-in-thread paths) so videos render as media instead of degrading to file-link behavior, while preserving existing non-video file subtype handling. (from #33720, #33808, #33678) Thanks @polooooo, @dingjianrui, and @kevinWangSheng.</li>
-<li>Gateway/security default response headers: add <code>Permissions-Policy: camera=(), microphone=(), geolocation=()</code> to baseline gateway HTTP security headers for all responses. (#30186) thanks @habakan.</li>
-<li>Plugins/startup loading: lazily initialize plugin runtime, split startup-critical plugin SDK imports into <code>openclaw/plugin-sdk/core</code> and <code>openclaw/plugin-sdk/telegram</code>, and preserve <code>api.runtime</code> reflection semantics for plugin compatibility. (#28620) thanks @hmemcpy.</li>
-<li>Plugins/startup performance: reduce bursty plugin discovery/manifest overhead with short in-process caches, skip importing bundled memory plugins that are disabled by slot selection, and speed legacy root <code>openclaw/plugin-sdk</code> compatibility via runtime root-alias routing while preserving backward compatibility. Thanks @gumadeiras.</li>
-<li>Build/lazy runtime boundaries: replace ineffective dynamic import sites with dedicated lazy runtime boundaries across Slack slash handling, Telegram audit, CLI send deps, memory fallback, and outbound delivery paths while preserving behavior. (#33690) thanks @gumadeiras.</li>
-<li>Gateway/password CLI hardening: add <code>openclaw gateway run --password-file</code>, warn when inline <code>--password</code> is used because it can leak via process listings, and document env/file-backed password input as the preferred startup path. Fixes #27948. Thanks @vibewrk and @vincentkoc.</li>
-<li>Config/heartbeat legacy-path handling: auto-migrate top-level <code>heartbeat</code> into <code>agents.defaults.heartbeat</code> (with merge semantics that preserve explicit defaults), and keep startup failures on non-migratable legacy entries in the detailed invalid-config path instead of generic migration-failed errors. (#32706) thanks @xiwan.</li>
-<li>Plugins/SDK subpath parity: expand plugin SDK subpaths across bundled channels/extensions (Discord, Slack, Signal, iMessage, WhatsApp, LINE, and bundled companion plugins), with build/export/type/runtime wiring so scoped imports resolve consistently in source and dist while preserving compatibility. (#33737) thanks @gumadeiras.</li>
-<li>Google/Gemini Flash model selection: switch built-in <code>gemini-flash</code> defaults and docs/examples from the nonexistent <code>google/gemini-3.1-flash-preview</code> ID to the working <code>google/gemini-3-flash-preview</code>, while normalizing legacy OpenClaw config that still uses the old Flash 3.1 alias.</li>
-<li>Plugins/bundled scoped-import migration: migrate bundled plugins from monolithic <code>openclaw/plugin-sdk</code> imports to scoped subpaths (or <code>openclaw/plugin-sdk/core</code>) across registration and startup-sensitive runtime files, add CI/release guardrails to prevent regressions, and keep root <code>openclaw/plugin-sdk</code> support for external/community plugins. Thanks @gumadeiras.</li>
-<li>Routing/session duplicate suppression synthesis: align shared session delivery-context inheritance, channel-paired route-field merges, and reply-surface target matching so dmScope=main turns avoid cross-surface duplicate replies while thread-aware forwarding keeps intended routing semantics. (from #33629, #26889, #17337, #33250) Thanks @Yuandiaodiaodiao, @kevinwildenradt, @Glucksberg, and @bmendonca3.</li>
-<li>Routing/legacy session route inheritance: preserve external route metadata inheritance for legacy channel session keys (<code>agent:<agent>:<channel>:<peer></code> and <code>...:thread:<id></code>) so <code>chat.send</code> does not incorrectly fall back to webchat when valid delivery context exists. Follow-up to #33786.</li>
-<li>Routing/legacy route guard tightening: require legacy session-key channel hints to match the saved delivery channel before inheriting external routing metadata, preventing custom namespaced keys like <code>agent:<agent>:work:<ticket></code> from inheriting stale non-webchat routes.</li>
-<li>Gateway/internal client routing continuity: prevent webchat/TUI/UI turns from inheriting stale external reply routes by requiring explicit <code>deliver: true</code> for external delivery, keeping main-session external inheritance scoped to non-Webchat/UI clients, and honoring configured <code>session.mainKey</code> when identifying main-session continuity. (from #35321, #34635, #35356) Thanks @alexyyyander and @Octane0411.</li>
-<li>Security/auth labels: remove token and API-key snippets from user-facing auth status labels so <code>/status</code> and <code>/models</code> do not expose credential fragments. (#33262) thanks @cu1ch3n.</li>
-<li>Models/MiniMax portal vision routing: add <code>MiniMax-VL-01</code> to the <code>minimax-portal</code> provider, route portal image understanding through the MiniMax VLM endpoint, and align media auto-selection plus Telegram sticker description with the shared portal image provider path. (#33953) Thanks @tars90percent.</li>
-<li>Auth/credential semantics: align profile eligibility + probe diagnostics with SecretRef/expiry rules and harden browser download atomic writes. (#33733) thanks @joshavant.</li>
-<li>Security/audit denyCommands guidance: suggest likely exact node command IDs for unknown <code>gateway.nodes.denyCommands</code> entries so ineffective denylist entries are easier to correct. (#29713) thanks @liquidhorizon88-bot.</li>
-<li>Agents/overload failover handling: classify overloaded provider failures separately from rate limits/status timeouts, add short overload backoff before retry/failover, record overloaded prompt/assistant failures as transient auth-profile cooldowns (with probeable same-provider fallback) instead of treating them like persistent auth/billing failures, and keep one-shot cron retry classification aligned so overloaded fallback summaries still count as transient retries.</li>
-<li>Docs/security hardening guidance: document Docker <code>DOCKER-USER</code> + UFW policy and add cross-linking from Docker install docs for VPS/public-host setups. (#27613) thanks @dorukardahan.</li>
-<li>Docs/security threat-model links: replace relative <code>.md</code> links with Mintlify-compatible root-relative routes in security docs to prevent broken internal navigation. (#27698) thanks @clawdoo.</li>
-<li>Plugins/Update integrity drift: avoid false integrity drift prompts when updating npm-installed plugins from unpinned specs, while keeping drift checks for exact pinned versions. (#37179) Thanks @vincentkoc.</li>
-<li>iOS/Voice timing safety: guard system speech start/finish callbacks to the active utterance to avoid misattributed start events during rapid stop/restart cycles. (#33304) thanks @mbelinky; original implementation direction by @ngutman.</li>
-<li>Gateway/chat.send command scopes: require <code>operator.admin</code> for persistent <code>/config set|unset</code> writes routed through gateway chat clients while keeping <code>/config show</code> available to normal write-scoped operator clients, preserving messaging-channel config command behavior without widening RPC write scope into admin config mutation. Thanks @tdjackey for reporting.</li>
-<li>iOS/Talk incremental speech pacing: allow long punctuation-free assistant chunks to start speaking at safe whitespace boundaries so voice responses begin sooner instead of waiting for terminal punctuation. (#33305) thanks @mbelinky; original implementation by @ngutman.</li>
-<li>iOS/Watch reply reliability: make watch session activation waiters robust under concurrent requests so status/send calls no longer hang intermittently, and align delegate callbacks with Swift 6 actor safety. (#33306) thanks @mbelinky; original implementation by @Rocuts.</li>
-<li>Docs/tool-loop detection config keys: align <code>docs/tools/loop-detection.md</code> examples and field names with the current <code>tools.loopDetection</code> schema to prevent copy-paste validation failures from outdated keys. (#33182) Thanks @Mylszd.</li>
-<li>Gateway/session agent discovery: include disk-scanned agent IDs in <code>listConfiguredAgentIds</code> even when <code>agents.list</code> is configured, so disk-only/ACP agent sessions remain visible in gateway session aggregation and listings. (#32831) thanks @Sid-Qin.</li>
-<li>Discord/inbound debouncer: skip bot-own MESSAGE_CREATE events before they reach the debounce queue to avoid self-triggered slowdowns in busy servers. Thanks @thewilloftheshadow.</li>
-<li>Discord/Agent-scoped media roots: pass <code>mediaLocalRoots</code> through Discord monitor reply delivery (message + component interaction paths) so local media attachments honor per-agent workspace roots instead of falling back to default global roots. Thanks @thewilloftheshadow.</li>
-<li>Discord/slash command handling: intercept text-based slash commands in channels, register plugin commands as native, and send fallback acknowledgments for empty slash runs so interactions do not hang. Thanks @thewilloftheshadow.</li>
-<li>Discord/thread session lifecycle: reset thread-scoped sessions when a thread is archived so reopening a thread starts fresh without deleting transcript history. Thanks @thewilloftheshadow.</li>
-<li>Discord/presence defaults: send an online presence update on ready when no custom presence is configured so bots no longer appear offline by default. Thanks @thewilloftheshadow.</li>
-<li>Discord/typing cleanup: stop typing indicators after silent/NO_REPLY runs by marking the run complete before dispatch idle cleanup. Thanks @thewilloftheshadow.</li>
-<li>ACP/sandbox spawn parity: block <code>/acp spawn</code> from sandboxed requester sessions with the same host-runtime guard already enforced for <code>sessions_spawn({ runtime: "acp" })</code>, preserving non-sandbox ACP flows while closing the command-path policy gap. Thanks @patte.</li>
-<li>Discord/config SecretRef typing: align Discord account token config typing with SecretInput so SecretRef tokens typecheck. (#32490) Thanks @scoootscooob.</li>
-<li>Discord/voice messages: request upload slots with JSON fetch calls so voice message uploads no longer fail with content-type errors. Thanks @thewilloftheshadow.</li>
-<li>Discord/voice decoder fallback: drop the native Opus dependency and use opusscript for voice decoding to avoid native-opus installs. Thanks @thewilloftheshadow.</li>
-<li>Discord/auto presence health signal: add runtime availability-driven presence updates plus connected-state reporting to improve health monitoring and operator visibility. (#33277) Thanks @thewilloftheshadow.</li>
-<li>HEIC image inputs: accept HEIC/HEIF <code>input_image</code> sources in Gateway HTTP APIs, normalize them to JPEG before provider delivery, and document the expanded default MIME allowlist. Thanks @vincentkoc.</li>
-<li>Gateway/HEIC input follow-up: keep non-HEIC <code>input_image</code> MIME handling unchanged, make HEIC tests hermetic, and enforce chat-completions <code>maxTotalImageBytes</code> against post-normalization image payload size. Thanks @vincentkoc.</li>
-<li>Telegram/draft-stream boundary stability: materialize DM draft previews at assistant-message/tool boundaries, serialize lane-boundary callbacks before final delivery, and scope preview cleanup to the active preview so multi-step Telegram streams no longer lose, overwrite, or leave stale preview bubbles. (#33842) Thanks @ngutman.</li>
-<li>Telegram/DM draft finalization reliability: require verified final-text draft emission before treating preview finalization as delivered, and fall back to normal payload send when final draft delivery is not confirmed (preventing missing final responses and preserving media/button delivery). (#32118) Thanks @OpenCils.</li>
-<li>Telegram/DM draft final delivery: materialize text-only <code>sendMessageDraft</code> previews into one permanent final message and skip duplicate final payload sends, while preserving fallback behavior when materialization fails. (#34318) Thanks @Brotherinlaw-13.</li>
-<li>Telegram/DM draft duplicate display: clear stale DM draft previews after materializing the real final message, including threadless fallback when DM topic lookup fails, so partial streaming no longer briefly shows duplicate replies. (#36746) Thanks @joelnishanth.</li>
-<li>Telegram/draft preview boundary + silent-token reliability: stabilize answer-lane message boundaries across late-partial/message-start races, preserve/reset finalized preview state at the correct boundaries, and suppress <code>NO_REPLY</code> lead-fragment leaks without broad heartbeat-prefix false positives. (#33169) Thanks @obviyus.</li>
-<li>Telegram/native commands <code>commands.allowFrom</code> precedence: make native Telegram commands honor <code>commands.allowFrom</code> as the command-specific authorization source, including group chats, instead of falling back to channel sender allowlists. (#28216) Thanks @toolsbybuddy and @vincentkoc.</li>
-<li>Telegram/<code>groupAllowFrom</code> sender-ID validation: restore sender-only runtime validation so negative chat/group IDs remain invalid entries instead of appearing accepted while still being unable to authorize group access. (#37134) Thanks @qiuyuemartin-max and @vincentkoc.</li>
-<li>Telegram/native group command auth: authorize native commands in groups and forum topics against <code>groupAllowFrom</code> and per-group/topic sender overrides, while keeping auth rejection replies in the originating topic thread. (#39267) Thanks @edwluo.</li>
-<li>Telegram/named-account DMs: restore non-default-account DM routing when a named Telegram account falls back to the default agent by keeping groups fail-closed but deriving a per-account session key for DMs, including identity-link canonicalization and regression coverage for account isolation. (from #32426; fixes #32351) Thanks @chengzhichao-xydt.</li>
-<li>Discord/audit wildcard warnings: ignore "\*" wildcard keys when counting unresolved guild channels so doctor/status no longer warns on allow-all configs. (#33125) Thanks @thewilloftheshadow.</li>
-<li>Discord/channel resolution: default bare numeric recipients to channels, harden allowlist numeric ID handling with safe fallbacks, and avoid inbound WS heartbeat stalls. (#33142) Thanks @thewilloftheshadow.</li>
-<li>Discord/chunk delivery reliability: preserve chunk ordering when using a REST client and retry chunk sends on 429/5xx using account retry settings. (#33226) Thanks @thewilloftheshadow.</li>
-<li>Discord/mention handling: add id-based mention formatting + cached rewrites, resolve inbound mentions to display names, and add optional ignoreOtherMentions gating (excluding @everyone/@here). (#33224) Thanks @thewilloftheshadow.</li>
-<li>Discord/media SSRF allowlist: allow Discord CDN hostnames (including wildcard domains) in inbound media SSRF policy to prevent proxy/VPN fake-ip blocks. (#33275) Thanks @thewilloftheshadow.</li>
-<li>Telegram/device pairing notifications: auto-arm one-shot notify on <code>/pair qr</code>, auto-ping on new pairing requests, and add manual fallback via <code>/pair approve latest</code> if the ping does not arrive. (#33299) thanks @mbelinky.</li>
-<li>Exec heartbeat routing: scope exec-triggered heartbeat wakes to agent session keys so unrelated agents are no longer awakened by exec events, while preserving legacy unscoped behavior for non-canonical session keys. (#32724) thanks @altaywtf</li>
-<li>macOS/Tailscale remote gateway discovery: add a Tailscale Serve fallback peer probe path (<code>wss://<peer>.ts.net</code>) when Bonjour and wide-area DNS-SD discovery return no gateways, and refresh both discovery paths from macOS onboarding. (#32860) Thanks @ngutman.</li>
-<li>iOS/Gateway keychain hardening: move gateway metadata and TLS fingerprints to device keychain storage with safer migration behavior and rollback-safe writes to reduce credential loss risk during upgrades. (#33029) thanks @mbelinky.</li>
-<li>iOS/Concurrency stability: replace risky shared-state access in camera and gateway connection paths with lock-protected access patterns to reduce crash risk under load. (#33241) thanks @mbelinky.</li>
-<li>iOS/Security guardrails: limit production API-key sourcing to app config and make deep-link confirmation prompts safer by coalescing queued requests instead of silently dropping them. (#33031) thanks @mbelinky.</li>
-<li>iOS/TTS playback fallback: keep voice playback resilient by switching from PCM to MP3 when provider format support is unavailable, while avoiding sticky fallback on generic local playback errors. (#33032) thanks @mbelinky.</li>
-<li>Plugin outbound/text-only adapter compatibility: allow direct-delivery channel plugins that only implement <code>sendText</code> (without <code>sendMedia</code>) to remain outbound-capable, gracefully fall back to text delivery for media payloads when <code>sendMedia</code> is absent, and fail explicitly for media-only payloads with no text fallback. (#32788) thanks @liuxiaopai-ai.</li>
-<li>Telegram/multi-account default routing clarity: warn only for ambiguous (2+) account setups without an explicit default, add <code>openclaw doctor</code> warnings for missing/invalid multi-account defaults across channels, and document explicit-default guidance for channel routing and Telegram config. (#32544) thanks @Sid-Qin.</li>
-<li>Telegram/plugin outbound hook parity: run <code>message_sending</code> + <code>message_sent</code> in Telegram reply delivery, include reply-path hook metadata (<code>mediaUrls</code>, <code>threadId</code>), and report <code>message_sent.success=false</code> when hooks blank text and no outbound message is delivered. (#32649) Thanks @KimGLee.</li>
-<li>CLI/Coding-agent reliability: switch default <code>claude-cli</code> non-interactive args to <code>--permission-mode bypassPermissions</code>, auto-normalize legacy <code>--dangerously-skip-permissions</code> backend overrides to the modern permission-mode form, align coding-agent + live-test docs with the non-PTY Claude path, and emit session system-event heartbeat notices when CLI watchdog no-output timeouts terminate runs. (#28610, #31149, #34055). Thanks @niceysam, @cryptomaltese and @vincentkoc.</li>
-<li>Gateway/OpenAI chat completions: parse active-turn <code>image_url</code> content parts (including parameterized data URIs and guarded URL sources), forward them as multimodal <code>images</code>, accept image-only user turns, enforce per-request image-part/byte budgets, default URL-based image fetches to disabled unless explicitly enabled by config, and redact image base64 data in cache-trace/provider payload diagnostics. (#17685) Thanks @vincentkoc</li>
-<li>ACP/ACPX session bootstrap: retry with <code>sessions new</code> when <code>sessions ensure</code> returns no session identifiers so ACP spawns avoid <code>NO_SESSION</code>/<code>ACP_TURN_FAILED</code> failures on affected agents. (#28786, #31338, #34055). Thanks @Sid-Qin and @vincentkoc.</li>
-<li>ACP/sessions_spawn parent stream visibility: add <code>streamTo: "parent"</code> for <code>runtime: "acp"</code> to forward initial child-run progress/no-output/completion updates back into the requester session as system events (instead of direct child delivery), and emit a tail-able session-scoped relay log (<code><sessionId>.acp-stream.jsonl</code>, returned as <code>streamLogPath</code> when available), improving orchestrator visibility for blocked or long-running harness turns. (#34310, #29909; reopened from #34055). Thanks @vincentkoc.</li>
-<li>Agents/bootstrap truncation warning handling: unify bootstrap budget/truncation analysis across embedded + CLI runtime, <code>/context</code>, and <code>openclaw doctor</code>; add <code>agents.defaults.bootstrapPromptTruncationWarning</code> (<code>off|once|always</code>, default <code>once</code>) and persist warning-signature metadata so truncation warnings are consistent and deduped across turns. (#32769) Thanks @gumadeiras.</li>
-<li>Agents/Skills runtime loading: propagate run config into embedded attempt and compaction skill-entry loading so explicitly enabled bundled companion skills are discovered consistently when skill snapshots do not already provide resolved entries. Thanks @gumadeiras.</li>
-<li>Agents/Session startup date grounding: substitute <code>YYYY-MM-DD</code> placeholders in startup/post-compaction AGENTS context and append runtime current-time lines for <code>/new</code> and <code>/reset</code> prompts so daily-memory references resolve correctly. (#32381) Thanks @chengzhichao-xydt.</li>
-<li>Agents/Compaction template heading alignment: update AGENTS template section names to <code>Session Startup</code>/<code>Red Lines</code> and keep legacy <code>Every Session</code>/<code>Safety</code> fallback extraction so post-compaction context remains intact across template versions. (#25098) thanks @echoVic.</li>
-<li>Agents/Compaction continuity: expand staged-summary merge instructions to preserve active task status, batch progress, latest user request, and follow-up commitments so compaction handoffs retain in-flight work context. (#8903) thanks @joetomasone.</li>
-<li>Agents/Compaction safeguard structure hardening: require exact fallback summary headings, sanitize untrusted compaction instruction text before prompt embedding, and keep structured sections when preserving all turns. (#25555) thanks @rodrigouroz.</li>
-<li>Gateway/status self version reporting: make Gateway self version in <code>openclaw status</code> prefer runtime <code>VERSION</code> (while preserving explicit <code>OPENCLAW_VERSION</code> override), preventing stale post-upgrade app version output. (#32655) thanks @liuxiaopai-ai.</li>
-<li>Memory/QMD index isolation: set <code>QMD_CONFIG_DIR</code> alongside <code>XDG_CONFIG_HOME</code> so QMD config state stays per-agent despite upstream XDG handling bugs, preventing cross-agent collection indexing and excess disk/CPU usage. (#27028) thanks @HenryLoenwind.</li>
-<li>Memory/QMD collection safety: stop destructive collection rebinds when QMD <code>collection list</code> only reports names without path metadata, preventing <code>memory search</code> from dropping existing collections if re-add fails. (#36870) Thanks @Adnannnnnnna.</li>
-<li>Memory/QMD duplicate-document recovery: detect <code>UNIQUE constraint failed: documents.collection, documents.path</code> update failures, rebuild managed collections once, and retry update so periodic QMD syncs recover instead of failing every run; includes regression coverage to avoid over-matching unrelated unique constraints. (#27649) Thanks @MiscMich.</li>
-<li>Memory/local embedding initialization hardening: add regression coverage for transient initialization retry and mixed <code>embedQuery</code> + <code>embedBatch</code> concurrent startup to lock single-flight initialization behavior. (#15639) thanks @SubtleSpark.</li>
-<li>CLI/Coding-agent reliability: switch default <code>claude-cli</code> non-interactive args to <code>--permission-mode bypassPermissions</code>, auto-normalize legacy <code>--dangerously-skip-permissions</code> backend overrides to the modern permission-mode form, align coding-agent + live-test docs with the non-PTY Claude path, and emit session system-event heartbeat notices when CLI watchdog no-output timeouts terminate runs. Related to #28261. Landed from contributor PRs #28610 and #31149. Thanks @niceysam, @cryptomaltese and @vincentkoc.</li>
-<li>ACP/ACPX session bootstrap: retry with <code>sessions new</code> when <code>sessions ensure</code> returns no session identifiers so ACP spawns avoid <code>NO_SESSION</code>/<code>ACP_TURN_FAILED</code> failures on affected agents. Related to #28786. Landed from contributor PR #31338. Thanks @Sid-Qin and @vincentkoc.</li>
-<li>LINE/auth boundary hardening synthesis: enforce strict LINE webhook authn/z boundary semantics across pairing-store account scoping, DM/group allowlist separation, fail-closed webhook auth/runtime behavior, and replay/duplication controls (including in-flight replay reservation and post-success dedupe marking). (from #26701, #26683, #25978, #17593, #16619, #31990, #26047, #30584, #18777) Thanks @bmendonca3, @davidahmann, @harshang03, @haosenwang1018, @liuxiaopai-ai, @coygeek, and @Takhoffman.</li>
-<li>LINE/media download synthesis: fix file-media download handling and M4A audio classification across overlapping LINE regressions. (from #26386, #27761, #27787, #29509, #29755, #29776, #29785, #32240) Thanks @kevinWangSheng, @loiie45e, @carrotRakko, @Sid-Qin, @codeafridi, and @bmendonca3.</li>
-<li>LINE/context and routing synthesis: fix group/room peer routing and command-authorization context propagation, and keep processing later events in mixed-success webhook batches. (from #21955, #24475, #27035, #28286) Thanks @lailoo, @mcaxtr, @jervyclaw, @Glucksberg, and @Takhoffman.</li>
-<li>LINE/status/config/webhook synthesis: fix status false positives from snapshot/config state and accept LINE webhook HEAD probes for compatibility. (from #10487, #25726, #27537, #27908, #31387) Thanks @BlueBirdBack, @stakeswky, @loiie45e, @puritysb, and @mcaxtr.</li>
-<li>LINE cleanup/test follow-ups: fold cleanup/test learnings into the synthesis review path while keeping runtime changes focused on regression fixes. (from #17630, #17289) Thanks @Clawborn and @davidahmann.</li>
-<li>Mattermost/interactive buttons: add interactive button send/callback support with directory-based channel/user target resolution, and harden callbacks via account-scoped HMAC verification plus sender-scoped DM routing. (#19957) thanks @tonydehnke.</li>
-<li>Feishu/groupPolicy legacy alias compatibility: treat legacy <code>groupPolicy: "allowall"</code> as <code>open</code> in both schema parsing and runtime policy checks so intended open-group configs no longer silently drop group messages when <code>groupAllowFrom</code> is empty. (from #36358) Thanks @Sid-Qin.</li>
-<li>Mattermost/plugin SDK import policy: replace remaining monolithic <code>openclaw/plugin-sdk</code> imports in Mattermost mention-gating paths/tests with scoped subpaths (<code>openclaw/plugin-sdk/compat</code> and <code>openclaw/plugin-sdk/mattermost</code>) so <code>pnpm check</code> passes <code>lint:plugins:no-monolithic-plugin-sdk-entry-imports</code> on baseline. (#36480) Thanks @Takhoffman.</li>
-<li>Telegram/polls: add Telegram poll action support to channel action discovery and tool/CLI poll flows, with multi-account discoverability gated to accounts that can actually execute polls (<code>sendMessage</code> + <code>poll</code>). (#36547) thanks @gumadeiras.</li>
-<li>Agents/failover cooldown classification: stop treating generic <code>cooling down</code> text as provider <code>rate_limit</code> so healthy models no longer show false global cooldown/rate-limit warnings while explicit <code>model_cooldown</code> markers still trigger failover. (#32972) thanks @stakeswky.</li>
-<li>Agents/failover service-unavailable handling: stop treating bare proxy/CDN <code>service unavailable</code> errors as provider overload while keeping them retryable via the timeout/failover path, so transient outages no longer show false rate-limit warnings or block fallback. (#36646) thanks @jnMetaCode.</li>
-<li>Plugins/HTTP route migration diagnostics: rewrite legacy <code>api.registerHttpHandler(...)</code> loader failures into actionable migration guidance so doctor/plugin diagnostics point operators to <code>api.registerHttpRoute(...)</code> or <code>registerPluginHttpRoute(...)</code>. (#36794) Thanks @vincentkoc</li>
-<li>Doctor/Heartbeat upgrade diagnostics: warn when heartbeat delivery is configured with an implicit <code>directPolicy</code> so upgrades pin direct/DM behavior explicitly instead of relying on the current default. (#36789) Thanks @vincentkoc.</li>
-<li>Agents/current-time UTC anchor: append a machine-readable UTC suffix alongside local <code>Current time:</code> lines in shared cron-style prompt contexts so agents can compare UTC-stamped workspace timestamps without doing timezone math. (#32423) thanks @jriff.</li>
-<li>Ollama/local model handling: preserve explicit lower <code>contextWindow</code> / <code>maxTokens</code> overrides during merge refresh, and keep native Ollama streamed replies from surfacing fallback <code>thinking</code> / <code>reasoning</code> text once real content starts streaming. (#39292) Thanks @vincentkoc.</li>
-<li>TUI/webchat command-owner scope alignment: treat internal-channel gateway sessions with <code>operator.admin</code> as owner-authorized in command auth, restoring cron/gateway/connector tool access for affected TUI/webchat sessions while keeping external channels on identity-based owner checks. (from #35666, #35673, #35704) Thanks @Naylenv, @Octane0411, and @Sid-Qin.</li>
-<li>Discord/inbound timeout isolation: separate inbound worker timeout tracking from listener timeout budgets so queued Discord replies are no longer dropped when listener watchdog windows expire mid-run. (#36602) Thanks @dutifulbob.</li>
-<li>Memory/doctor SecretRef handling: treat SecretRef-backed memory-search API keys as configured, and fail embedding setup with explicit unresolved-secret errors instead of crashing. (#36835) Thanks @joshavant.</li>
-<li>Memory/flush default prompt: ban timestamped variant filenames during default memory flush runs so durable notes stay in the canonical daily <code>memory/YYYY-MM-DD.md</code> file. (#34951) thanks @zerone0x.</li>
-<li>Agents/reply delivery timing: flush embedded Pi block replies before waiting on compaction retries so already-generated assistant replies reach channels before compaction wait completes. (#35489) thanks @Sid-Qin.</li>
-<li>Agents/gateway config guidance: stop exposing <code>config.schema</code> through the agent <code>gateway</code> tool, remove prompt/docs guidance that told agents to call it, and keep agents on <code>config.get</code> plus <code>config.patch</code>/<code>config.apply</code> for config changes. (#7382) thanks @kakuteki.</li>
-<li>Provider/KiloCode: Keep duplicate models after malformed discovery rows, and strip legacy <code>reasoning_effort</code> when proxy reasoning injection is skipped. (#32352) Thanks @pandemicsyn and @vincentkoc.</li>
-<li>Agents/failover: classify periodic provider limit exhaustion text (for example <code>Weekly/Monthly Limit Exhausted</code>) as <code>rate_limit</code> while keeping explicit <code>402 Payment Required</code> variants in billing, so failover continues without misclassifying billing-wrapped quota errors. (#33813) thanks @zhouhe-xydt.</li>
-<li>Mattermost/interactive button callbacks: allow external callback base URLs and stop requiring loopback-origin requests so button clicks work when Mattermost reaches the gateway over Tailscale, LAN, or a reverse proxy. (#37543) thanks @mukhtharcm.</li>
-<li>Gateway/chat.send route inheritance: keep explicit external delivery for channel-scoped sessions while preventing shared-main and other channel-agnostic webchat sessions from inheriting stale external routes, so Control UI replies stay on webchat without breaking selected channel-target sessions. (#34669) Thanks @vincentkoc.</li>
-<li>Telegram/Discord media upload caps: make outbound uploads honor channel <code>mediaMaxMb</code> config, raise Telegram's default media cap to 100MB, and remove MIME fallback limits that kept some Telegram uploads at 16MB. Thanks @vincentkoc.</li>
-<li>Skills/nano-banana-pro resolution override: respect explicit <code>--resolution</code> values during image editing and only auto-detect output size from input images when the flag is omitted. (#36880) Thanks @shuofengzhang and @vincentkoc.</li>
-<li>Skills/openai-image-gen CLI validation: validate <code>--background</code> and <code>--style</code> inputs early, normalize supported values, and warn when those flags are ignored for incompatible models. (#36762) Thanks @shuofengzhang and @vincentkoc.</li>
-<li>Skills/openai-image-gen output formats: validate <code>--output-format</code> values early, normalize aliases like <code>jpg -> jpeg</code>, and warn when the flag is ignored for incompatible models. (#36648) Thanks @shuofengzhang and @vincentkoc.</li>
-<li>ACP/skill env isolation: strip skill-injected API keys from ACP harness child-process environments so tools like Codex CLI keep their own auth flow instead of inheriting billed provider keys from active skills. (#36316) Thanks @taw0002 and @vincentkoc.</li>
-<li>WhatsApp media upload caps: make outbound media sends and auto-replies honor <code>channels.whatsapp.mediaMaxMb</code> with per-account overrides so inbound and outbound limits use the same channel config. Thanks @vincentkoc.</li>
-<li>Windows/Plugin install: when OpenClaw runs on Windows via Bun and <code>npm-cli.js</code> is not colocated with the runtime binary, fall back to <code>npm.cmd</code>/<code>npx.cmd</code> through the existing <code>cmd.exe</code> wrapper so <code>openclaw plugins install</code> no longer fails with <code>spawn EINVAL</code>. (#38056) Thanks @0xlin2023.</li>
-<li>Telegram/send retry classification: retry grammY <code>Network request ... failed after N attempts</code> envelopes in send flows without reclassifying plain <code>Network request ... failed!</code> wrappers as transient, restoring the intended retry path while keeping broad send-context message matching tight. (#38056) Thanks @0xlin2023.</li>
-<li>Gateway/probes: keep <code>/health</code>, <code>/healthz</code>, <code>/ready</code>, and <code>/readyz</code> reachable when the Control UI is mounted at <code>/</code>, preserve plugin-owned route precedence on those paths, and make <code>/ready</code> and <code>/readyz</code> report channel-backed readiness with startup grace plus <code>503</code> on disconnected managed channels, while <code>/health</code> and <code>/healthz</code> stay shallow liveness probes. (#18446) Thanks @vibecodooor, @mahsumaktas, and @vincentkoc.</li>
-<li>Feishu/media downloads: drop invalid timeout fields from SDK method calls now that client-level <code>httpTimeoutMs</code> applies to requests. (#38267) Thanks @ant1eicher and @thewilloftheshadow.</li>
-<li>PI embedded runner/Feishu docs: propagate sender identity into embedded attempts so Feishu doc auto-grant restores requester access for embedded-runner executions. (#32915) thanks @cszhouwei.</li>
-<li>Agents/usage normalization: normalize missing or partial assistant usage snapshots before compaction accounting so <code>openclaw agent --json</code> no longer crashes when provider payloads omit <code>totalTokens</code> or related usage fields. (#34977) thanks @sp-hk2ldn.</li>
-<li>Venice/default model refresh: switch the built-in Venice default to <code>kimi-k2-5</code>, update onboarding aliasing, and refresh Venice provider docs/recommendations to match the current private and anonymized catalog. (from #12964) Fixes #20156. Thanks @sabrinaaquino and @vincentkoc.</li>
-<li>Agents/skill API write pacing: add a global prompt guardrail that treats skill-driven external API writes as rate-limited by default, so runners prefer batched writes, avoid tight request loops, and respect <code>429</code>/<code>Retry-After</code>. Thanks @vincentkoc.</li>
-<li>Google Chat/multi-account webhook auth fallback: when <code>channels.googlechat.accounts.default</code> carries shared webhook audience/path settings (for example after config normalization), inherit those defaults for named accounts while preserving top-level and per-account overrides, so inbound webhook verification no longer fails silently for named accounts missing duplicated audience fields. Fixes #38369.</li>
-<li>Models/tool probing: raise the tool-capability probe budget from 32 to 256 tokens so reasoning models that spend tokens on thinking before returning a required tool call are less likely to be misclassified as not supporting tools. (#7521) Thanks @jakobdylanc.</li>
-<li>Gateway/transient network classification: treat wrapped <code>...: fetch failed</code> transport messages as transient while avoiding broad matches like <code>Web fetch failed (404): ...</code>, preventing Discord reconnect wrappers from crashing the gateway without suppressing non-network tool failures. (#38530) Thanks @xinhuagu.</li>
-<li>ACP/console silent reply suppression: filter ACP <code>NO_REPLY</code> lead fragments and silent-only finals before <code>openclaw agent</code> logging/delivery so console-backed ACP sessions no longer leak <code>NO</code>/<code>NO_REPLY</code> placeholders. (#38436) Thanks @ql-wade.</li>
-<li>Feishu/reply delivery reliability: disable block streaming in Feishu reply options so plain-text auto-render replies are no longer silently dropped before final delivery. (#38258) Thanks @xinhuagu.</li>
-<li>Agents/reply MEDIA delivery: normalize local assistant <code>MEDIA:</code> paths before block/final delivery, keep media dedupe aligned with message-tool sends, and contain malformed media normalization failures so generated files send reliably instead of falling back to empty responses. (#38572) Thanks @obviyus.</li>
-<li>Sessions/bootstrap cache rollover invalidation: clear cached workspace bootstrap snapshots whenever an existing <code>sessionKey</code> rolls to a new <code>sessionId</code> across auto-reply, command, and isolated cron session resolvers, so <code>AGENTS.md</code>/<code>MEMORY.md</code>/<code>USER.md</code> updates are reloaded after daily, idle, or forced session resets instead of staying stale until gateway restart. (#38494) Thanks @LivingInDrm.</li>
-<li>Gateway/Telegram polling health monitor: skip stale-socket restarts for Telegram long-polling channels and thread channel identity through shared health evaluation so polling connections are not restarted on the WebSocket stale-socket heuristic. (#38395) Thanks @ql-wade and @Takhoffman.</li>
-<li>Daemon/systemd fresh-install probe: check for OpenClaw's managed user unit before running <code>systemctl --user is-enabled</code>, so first-time Linux installs no longer fail on generic missing-unit probe errors. (#38819) Thanks @adaHubble.</li>
-<li>Gateway/container lifecycle: allow <code>openclaw gateway stop</code> to SIGTERM unmanaged gateway listeners and <code>openclaw gateway restart</code> to SIGUSR1 a single unmanaged listener when no service manager is installed, so container and supervisor-based deployments are no longer blocked by <code>service disabled</code> no-op responses. Fixes #36137. Thanks @vincentkoc.</li>
-<li>Gateway/Windows restart supervision: relaunch task-managed gateways through Scheduled Task with quoted helper-script command paths, distinguish restart-capable supervisors per platform, and stop orphaned Windows gateway children during self-restart. (#38825) Thanks @obviyus.</li>
-<li>Telegram/native topic command routing: resolve forum-topic native commands through the same conversation route as inbound messages so topic <code>agentId</code> overrides and bound topic sessions target the active session instead of the default topic-parent session. (#38871) Thanks @obviyus.</li>
-<li>Markdown/assistant image hardening: flatten remote markdown images to plain text across the Control UI, exported HTML, and shared Swift chat while keeping inline <code>data:image/...</code> markdown renderable, so model output no longer triggers automatic remote image fetches. (#38895) Thanks @obviyus.</li>
-<li>Config/compaction safeguard settings: regression-test <code>agents.defaults.compaction.recentTurnsPreserve</code> through <code>loadConfig()</code> and cover the new help metadata entry so the exposed preserve knob stays wired through schema validation and config UX. (#25557) thanks @rodrigouroz.</li>
-<li>iOS/Quick Setup presentation: skip automatic Quick Setup when a gateway is already configured (active connect config, last-known connection, preferred gateway, or manual host), so reconnecting installs no longer get prompted to connect again. (#38964) Thanks @ngutman.</li>
-<li>CLI/Docs memory help accuracy: clarify <code>openclaw memory status --deep</code> behavior and align memory command examples/docs with the current search options. (#31803) Thanks @JasonOA888 and @Avi974.</li>
-<li>Auto-reply/allowlist store account scoping: keep <code>/allowlist ... --store</code> writes scoped to the selected account and clear legacy unscoped entries when removing default-account store access, preventing cross-account default allowlist bleed-through from legacy pairing-store reads. Thanks @tdjackey for reporting and @vincentkoc for the fix.</li>
-<li>Security/Nostr: harden profile mutation/import loopback guards by failing closed on non-loopback forwarded client headers (<code>x-forwarded-for</code> / <code>x-real-ip</code>) and rejecting <code>sec-fetch-site: cross-site</code>; adds regression coverage for proxy-forwarded and browser cross-site mutation attempts.</li>
-<li>CLI/bootstrap Node version hint maintenance: replace hardcoded nvm <code>22</code> instructions in <code>openclaw.mjs</code> with <code>MIN_NODE_MAJOR</code> interpolation so future minimum-Node bumps keep startup guidance in sync automatically. (#39056) Thanks @onstash.</li>
-<li>Discord/native slash command auth: honor <code>commands.allowFrom.discord</code> (and <code>commands.allowFrom["*"]</code>) in guild slash-command pre-dispatch authorization so allowlisted senders are no longer incorrectly rejected as unauthorized. (#38794) Thanks @jskoiz and @thewilloftheshadow.</li>
-<li>Outbound/message target normalization: ignore empty legacy <code>to</code>/<code>channelId</code> fields when explicit <code>target</code> is provided so valid target-based sends no longer fail legacy-param validation; includes regression coverage. (#38944) Thanks @Narcooo.</li>
-<li>Models/auth token prompts: guard cancelled manual token prompts so <code>Symbol(clack:cancel)</code> values cannot be persisted into auth profiles; adds regression coverage for cancelled <code>models auth paste-token</code>. (#38951) Thanks @MumuTW.</li>
-<li>Gateway/loopback announce URLs: treat <code>http://</code> and <code>https://</code> aliases with the same loopback/private-network policy as websocket URLs so loopback cron announce delivery no longer fails secure URL validation. (#39064) Thanks @Narcooo.</li>
-<li>Models/default provider fallback: when the hardcoded default provider is removed from <code>models.providers</code>, resolve defaults from configured providers instead of reporting stale removed-provider defaults in status output. (#38947) Thanks @davidemanuelDEV.</li>
-<li>Agents/cache-trace stability: guard stable stringify against circular references in trace payloads so near-limit payloads no longer crash with <code>Maximum call stack size exceeded</code>; adds regression coverage. (#38935) Thanks @MumuTW.</li>
-<li>Extensions/diffs CI stability: add <code>headers</code> to the <code>localReq</code> test helper in <code>extensions/diffs/index.test.ts</code> so forwarding-hint checks no longer crash with <code>req.headers</code> undefined. (supersedes #39063) Thanks @Shennng.</li>
-<li>Agents/compaction thresholding: apply <code>agents.defaults.contextTokens</code> cap to the model passed into embedded run and <code>/compact</code> session creation so auto-compaction thresholds use the effective context window, not native model max context. (#39099) Thanks @MumuTW.</li>
-<li>Models/merge mode provider precedence: when <code>models.mode: "merge"</code> is active and config explicitly sets a provider <code>baseUrl</code>, keep config as source of truth instead of preserving stale runtime <code>models.json</code> <code>baseUrl</code> values; includes normalized provider-key coverage. (#39103) Thanks @BigUncle.</li>
-<li>UI/Control chat tool streaming: render tool events live in webchat without requiring refresh by enabling <code>tool-events</code> capability, fixing stream/event correlation, and resetting/reloading stream state around tool results and terminal events. (#39104) Thanks @jakepresent.</li>
-<li>Models/provider apiKey persistence hardening: when a provider <code>apiKey</code> value equals a known provider env var value, persist the canonical env var name into <code>models.json</code> instead of resolved plaintext secrets. (#38889) Thanks @gambletan.</li>
-<li>Discord/model picker persistence check: add a short post-dispatch settle delay before reading back session model state so picker confirmations stop reporting false mismatch warnings after successful model switches. (#39105) Thanks @akropp.</li>
-<li>Agents/OpenAI WS compat store flag: omit <code>store</code> from <code>response.create</code> payloads when model compat sets <code>supportsStore: false</code>, preventing strict OpenAI-compatible providers from rejecting websocket requests with unknown-field errors. (#39113) Thanks @scoootscooob.</li>
-<li>Config/validation log sanitization: sanitize config-validation issue paths/messages before logging so control characters and ANSI escape sequences cannot inject misleading terminal output from crafted config content. (#39116) Thanks @powermaster888.</li>
-<li>Agents/compaction counter accuracy: count successful overflow-triggered auto-compactions (<code>willRetry=true</code>) in the compaction counter while still excluding aborted/no-result events, so <code>/status</code> reflects actual safeguard compaction activity. (#39123) Thanks @MumuTW.</li>
-<li>Gateway/chat delta ordering: flush buffered assistant deltas before emitting tool <code>start</code> events so pre-tool text is delivered to Control UI before tool cards, avoiding transient text/tool ordering artifacts in streaming. (#39128) Thanks @0xtangping.</li>
-<li>Voice-call plugin schema parity: add missing manifest <code>configSchema</code> fields (<code>webhookSecurity</code>, <code>streaming.preStartTimeoutMs|maxPendingConnections|maxPendingConnectionsPerIp|maxConnections</code>, <code>staleCallReaperSeconds</code>) so gateway AJV validation accepts already-supported runtime config instead of failing with <code>additionalProperties</code> errors. (#38892) Thanks @giumex.</li>
-<li>Agents/OpenAI WS reconnect retry accounting: avoid double retry scheduling when reconnect failures emit both <code>error</code> and <code>close</code>, so retry budgets track actual reconnect attempts instead of exhausting early. (#39133) Thanks @scoootscooob.</li>
-<li>Daemon/Windows schtasks runtime detection: use locale-invariant <code>Last Run Result</code> running codes (<code>0x41301</code>/<code>267009</code>) as the primary running signal so <code>openclaw node status</code> no longer misreports active tasks as stopped on non-English Windows locales. (#39076) Thanks @ademczuk.</li>
-<li>Usage/token count formatting: round near-million token counts to millions (<code>1.0m</code>) instead of <code>1000k</code>, with explicit boundary coverage for <code>999_499</code> and <code>999_500</code>. (#39129) Thanks @CurryMessi.</li>
-<li>Gateway/session bootstrap cache invalidation ordering: clear bootstrap snapshots only after active embedded-run shutdown wait completes, preventing dying runs from repopulating stale cache between <code>/new</code>/<code>sessions.reset</code> turns. (#38873) Thanks @MumuTW.</li>
-<li>Browser/dispatcher error clarity: preserve dispatcher-side failure context in browser fetch errors while still appending operator guidance and explicit no-retry model hints, preventing misleading <code>"Can't reach service"</code> wrapping and avoiding LLM retry loops. (#39090) Thanks @NewdlDewdl.</li>
-<li>Telegram/polling offset safety: confirm persisted offsets before polling startup while validating stored <code>lastUpdateId</code> values as non-negative safe integers (with overflow guards) so malformed offset state cannot cause update skipping/dropping. (#39111) Thanks @MumuTW.</li>
-<li>Telegram/status SecretRef read-only resolution: resolve env-backed bot-token SecretRefs in config-only/status inspection while respecting provider source/defaults and env allowlists, so status no longer crashes or reports false-ready tokens for disallowed providers. (#39130) Thanks @neocody.</li>
-<li>Agents/OpenAI WS max-token zero forwarding: treat <code>maxTokens: 0</code> as an explicit value in websocket <code>response.create</code> payloads (instead of dropping it as falsy), with regression coverage for zero-token forwarding. (#39148) Thanks @scoootscooob.</li>
-<li>Podman/.env gateway bind precedence: evaluate <code>OPENCLAW_GATEWAY_BIND</code> after sourcing <code>.env</code> in <code>run-openclaw-podman.sh</code> so env-file overrides are honored. (#38785) Thanks @majinyu666.</li>
-<li>Models/default alias refresh: bump <code>gpt</code> to <code>openai/gpt-5.4</code> and Gemini defaults to <code>gemini-3.1</code> preview aliases (including normalization/default wiring) to track current model IDs. (#38638) Thanks @ademczuk.</li>
-<li>Config/env substitution degraded mode: convert missing <code>${VAR}</code> resolution in config reads from hard-fail to warning-backed degraded behavior, while preventing unresolved placeholders from being accepted as gateway credentials. (#39050) Thanks @akz142857.</li>
-<li>Discord inbound listener non-blocking dispatch: make <code>MESSAGE_CREATE</code> listener handoff asynchronous (no per-listener queue blocking), so long runs no longer stall unrelated incoming events. (#39154) Thanks @yaseenkadlemakki.</li>
-<li>Daemon/Windows PATH freeze fix: stop persisting install-time <code>PATH</code> snapshots into Scheduled Task scripts so runtime tool lookup follows current host PATH updates; also refresh local TUI history on silent local finals. (#39139) Thanks @Narcooo.</li>
-<li>Gateway/systemd service restart hardening: clear stale gateway listeners by explicit run-port before service bind, add restart stale-pid port-override support, tune systemd start/stop/exit handling, and disable detached child mode only in service-managed runtime so cgroup stop semantics clean up descendants reliably. (#38463) Thanks @spirittechie.</li>
-<li>Discord/plugin native command aliases: let plugins declare provider-specific slash names so native Discord registration can avoid built-in command collisions; the bundled Talk voice plugin now uses <code>/talkvoice</code> natively on Discord while keeping text <code>/voice</code>.</li>
-<li>Daemon/Windows schtasks status normalization: derive runtime state from locale-neutral numeric <code>Last Run Result</code> codes only (without language string matching) and surface unknown when numeric result data is unavailable, preventing locale-specific misclassification drift. (#39153) Thanks @scoootscooob.</li>
-<li>Telegram/polling conflict recovery: reset the polling <code>webhookCleared</code> latch on <code>getUpdates</code> 409 conflicts so webhook cleanup re-runs on restart cycles and polling avoids infinite conflict loops. (#39205) Thanks @amittell.</li>
-<li>Heartbeat/requests-in-flight scheduling: stop advancing <code>nextDueMs</code> and avoid immediate <code>scheduleNext()</code> timer overrides on requests-in-flight skips, so wake-layer retry cooldowns are honored and heartbeat cadence no longer drifts under sustained contention. (#39182) Thanks @MumuTW.</li>
-<li>Memory/SQLite contention resilience: re-apply <code>PRAGMA busy_timeout</code> on every sync-store and QMD connection open so process restarts/reopens no longer revert to immediate <code>SQLITE_BUSY</code> failures under lock contention. (#39183) Thanks @MumuTW.</li>
-<li>Gateway/webchat route safety: block webchat/control-ui clients from inheriting stored external delivery routes on channel-scoped sessions (while preserving route inheritance for UI/TUI clients), preventing cross-channel leakage from scoped chats. (#39175) Thanks @widingmarcus-cyber.</li>
-<li>Telegram error-surface resilience: return a user-visible fallback reply when dispatch/debounce processing fails instead of going silent, while preserving draft-stream cleanup and best-effort thread-scoped fallback delivery. (#39209) Thanks @riftzen-bit.</li>
-<li>Gateway/password auth startup diagnostics: detect unresolved provider-reference objects in <code>gateway.auth.password</code> and fail with a specific bootstrap-secrets error message instead of generic misconfiguration output. (#39230) Thanks @ademczuk.</li>
-<li>Agents/OpenAI-responses compatibility: strip unsupported <code>store</code> payload fields when <code>supportsStore=false</code> (including OpenAI-compatible non-OpenAI providers) while preserving server-compaction payload behavior. (#39219) Thanks @ademczuk.</li>
-<li>Agents/model fallback visibility: warn when configured model IDs cannot be resolved and fallback is applied, with log-safe sanitization of model text to prevent control-sequence injection in warning output. (#39215) Thanks @ademczuk.</li>
-<li>Outbound delivery replay safety: use two-phase delivery ACK markers (<code>.json</code> -> <code>.delivered</code> -> unlink) and startup marker cleanup so crash windows between send and cleanup do not replay already-delivered messages. (#38668) Thanks @Gundam98.</li>
-<li>Nodes/system.run approval binding: carry prepared approval plans through gateway forwarding and bind interpreter-style script operands across approval to execution, so post-approval script rewrites are denied while unchanged approved script runs keep working. Thanks @tdjackey for reporting.</li>
-<li>Nodes/system.run PowerShell wrapper parsing: treat <code>pwsh</code>/<code>powershell</code> <code>-EncodedCommand</code> forms as shell-wrapper payloads so allowlist mode still requires approval instead of falling back to plain argv analysis. Thanks @tdjackey for reporting.</li>
-<li>Control UI/auth error reporting: map generic browser <code>Fetch failed</code> websocket close errors back to actionable gateway auth messages (<code>gateway token mismatch</code>, <code>authentication failed</code>, <code>retry later</code>) so dashboard disconnects stop hiding credential problems. Landed from contributor PR #28608 by @KimGLee. Thanks @KimGLee.</li>
-<li>Media/mime unknown-kind handling: return <code>undefined</code> (not <code>"unknown"</code>) for missing/unrecognized MIME kinds and use document-size fallback caps for unknown remote media, preventing phantom <code><media:unknown></code> Signal events from being treated as real messages. (#39199) Thanks @nicolasgrasset.</li>
-<li>Nodes/system.run allow-always persistence: honor shell comment semantics during allowlist analysis so <code>#</code>-tailed payloads that never execute are not persisted as trusted follow-up commands. Thanks @tdjackey for reporting.</li>
-<li>Signal/inbound attachment fan-in: forward all successfully fetched inbound attachments through <code>MediaPaths</code>/<code>MediaUrls</code>/<code>MediaTypes</code> (instead of only the first), and improve multi-attachment placeholder summaries in mention-gated pending history. (#39212) Thanks @joeykrug.</li>
-<li>Nodes/system.run dispatch-wrapper boundary: keep shell-wrapper approval classification active at the depth boundary so <code>env</code> wrapper stacks cannot reach <code>/bin/sh -c</code> execution without the expected approval gate. Thanks @tdjackey for reporting.</li>
-<li>Docker/token persistence on reconfigure: reuse the existing <code>.env</code> gateway token during <code>docker-setup.sh</code> reruns and align compose token env defaults, so Docker installs stop silently rotating tokens and breaking existing dashboard sessions. Landed from contributor PR #33097 by @chengzhichao-xydt. Thanks @chengzhichao-xydt.</li>
-<li>Agents/strict OpenAI turn ordering: apply assistant-first transcript bootstrap sanitization to strict OpenAI-compatible providers (for example vLLM/Gemma via <code>openai-completions</code>) without adding Google-specific session markers, preventing assistant-first history rejections. (#39252) Thanks @scoootscooob.</li>
-<li>Discord/exec approvals gateway auth: pass resolved shared gateway credentials into the Discord exec-approvals gateway client so token-auth installs stop failing approvals with <code>gateway token mismatch</code>. Related to #38179. Thanks @0riginal-claw for the adjacent PR #35147 investigation.</li>
-<li>Subagents/workspace inheritance: propagate parent workspace directory to spawned subagent runs so child sessions reliably inherit workspace-scoped instructions (<code>AGENTS.md</code>, <code>SOUL.md</code>, etc.) without exposing workspace override through tool-call arguments. (#39247) Thanks @jasonQin6.</li>
-<li>Exec approvals/gateway-node policy: honor explicit <code>ask=off</code> from <code>exec-approvals.json</code> even when runtime defaults are stricter, so trusted full/off setups stop re-prompting on gateway and node exec paths. Landed from contributor PR #26789 by @pandego. Thanks @pandego.</li>
-<li>Exec approvals/config fallback: inherit <code>ask</code> from <code>exec-approvals.json</code> when <code>tools.exec.ask</code> is unset, so local full/off defaults no longer fall back to <code>on-miss</code> for exec tool and <code>nodes run</code>. Landed from contributor PR #29187 by @Bartok9. Thanks @Bartok9.</li>
-<li>Exec approvals/allow-always shell scripts: persist and match script paths for wrapper invocations like <code>bash scripts/foo.sh</code> while still blocking <code>-c</code>/<code>-s</code> wrapper bypasses. Landed from contributor PR #35137 by @yuweuii. Thanks @yuweuii.</li>
-<li>Queue/followup dedupe across drain restarts: dedupe queued redelivery <code>message_id</code> values after queue recreation so busy-session followups no longer duplicate on replayed inbound events. Landed from contributor PR #33168 by @rylena. Thanks @rylena.</li>
-<li>Telegram/preview-final edit idempotence: treat <code>message is not modified</code> errors during preview finalization as delivered so partial-stream final replies do not fall back to duplicate sends. Landed from contributor PR #34983 by @HOYALIM. Thanks @HOYALIM.</li>
-<li>Telegram/DM streaming transport parity: use message preview transport for all DM streaming lanes so final delivery can edit the active preview instead of sending duplicate finals. Landed from contributor PR #38906 by @gambletan. Thanks @gambletan.</li>
-<li>Telegram/DM draft streaming restoration: restore native <code>sendMessageDraft</code> preview transport for DM answer streaming while keeping reasoning on message transport, with regression coverage to keep draft finalization from sending duplicate finals. (#39398) Thanks @obviyus.</li>
-<li>Telegram/send retry safety: retry non-idempotent send paths only for pre-connect failures and make custom retry predicates strict, preventing ambiguous reconnect retries from sending duplicate messages. Landed from contributor PR #34238 by @hal-crackbot. Thanks @hal-crackbot.</li>
-<li>ACP/run spawn delivery bootstrap: stop reusing requester inline delivery targets for one-shot <code>mode: "run"</code> ACP spawns, so fresh run-mode workers bootstrap in isolation instead of inheriting thread-bound session delivery behavior. (#39014) Thanks @lidamao633.</li>
-<li>Discord/DM session-key normalization: rewrite legacy <code>discord:dm:*</code> and phantom direct-message <code>discord:channel:<user></code> session keys to <code>discord:direct:*</code> when the sender matches, so multi-agent Discord DMs stop falling into empty channel-shaped sessions and resume replying correctly.</li>
-<li>Discord/native slash session fallback: treat empty configured bound-session keys as missing so <code>/status</code> and other native commands fall back to the routed slash session and routed channel session instead of blanking Discord session keys in normal channel bindings.</li>
-<li>Agents/tool-call dispatch normalization: normalize provider-prefixed tool names before dispatch across <code>toolCall</code>, <code>toolUse</code>, and <code>functionCall</code> blocks, while preserving multi-segment tool suffixes when stripping provider wrappers so malformed-but-recoverable tool names no longer fail with <code>Tool not found</code>. (#39328) Thanks @vincentkoc.</li>
-<li>Agents/parallel tool-call compatibility: honor <code>parallel_tool_calls</code> / <code>parallelToolCalls</code> extra params only for <code>openai-completions</code> and <code>openai-responses</code> payloads, preserve higher-precedence alias overrides across config and runtime layers, and ignore invalid non-boolean values so single-tool-call providers like NVIDIA-hosted Kimi stop failing on forced parallel tool-call payloads. (#37048) Thanks @vincentkoc.</li>
-<li>Config/invalid-load fail-closed: stop converting <code>INVALID_CONFIG</code> into an empty runtime config, keep valid settings available only through explicit best-effort diagnostic reads, and route read-only CLI diagnostics through that path so unknown keys no longer silently drop security-sensitive config. (#28140) Thanks @bobsahur-robot and @vincentkoc.</li>
-<li>Agents/codex-cli sandbox defaults: switch the built-in Codex backend from <code>read-only</code> to <code>workspace-write</code> so spawned coding runs can edit files out of the box. Landed from contributor PR #39336 by @0xtangping. Thanks @0xtangping.</li>
-<li>Gateway/health-monitor restart reason labeling: report <code>disconnected</code> instead of <code>stuck</code> for clean channel disconnect restarts, so operator logs distinguish socket drops from genuinely stuck channels. (#36436) Thanks @Sid-Qin.</li>
-<li>Control UI/agents-page overrides: auto-create minimal per-agent config entries when editing inherited agents, so model/tool/skill changes enable Save and inherited model fallbacks can be cleared by writing a primary-only override. Landed from contributor PR #39326 by @dunamismax. Thanks @dunamismax.</li>
-<li>Gateway/Telegram webhook-mode recovery: add <code>webhookCertPath</code> to re-upload self-signed certificates during webhook registration and skip stale-socket detection for webhook-mode channels, so Telegram webhook setups survive health-monitor restarts. Landed from contributor PR #39313 by @fellanH. Thanks @fellanH.</li>
-<li>Discord/config schema parity: add <code>channels.discord.agentComponents</code> to the strict Zod config schema so valid <code>agentComponents.enabled</code> settings (root and account-scoped) no longer fail with unrecognized-key validation errors. Landed from contributor PR #39378 by @gambletan. Thanks @gambletan and @thewilloftheshadow.</li>
-<li>ACPX/MCP session bootstrap: inject configured MCP servers into ACP <code>session/new</code> and <code>session/load</code> for acpx-backed sessions, restoring Canva and other external MCP tools. Landed from contributor PR #39337. Thanks @goodspeed-apps.</li>
-<li>Control UI/Telegram sender labels: preserve inbound sender labels in sanitized chat history so dashboard user-message groups split correctly and show real group-member names instead of <code>You</code>. (#39414) Thanks @obviyus.</li>
-</ul>
-<p><a href="https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md">View full changelog</a></p>
-]]></description>
-            <enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.3.7/OpenClaw-2026.3.7.zip" length="23263833" type="application/octet-stream" sparkle:edSignature="SO0zedZMzrvSDltLkuaSVQTWFPPPe1iu/enS4TGGb5EGckhqRCmNJWMKNID5lKwFC8vefTbfG9JTlSrZedP4Bg=="/>
-        </item>
     </channel>
 </rss>
\ No newline at end of file
diff --git a/apps/android/README.md b/apps/android/README.md
index 0a92e4c8ec5..9c6baf807c9 100644
--- a/apps/android/README.md
+++ b/apps/android/README.md
@@ -30,8 +30,12 @@ cd apps/android
 ./gradlew :app:assembleDebug
 ./gradlew :app:installDebug
 ./gradlew :app:testDebugUnitTest
+cd ../..
+bun run android:bundle:release
 ```
 
+`bun run android:bundle:release` auto-bumps Android `versionName`/`versionCode` in `apps/android/app/build.gradle.kts`, then builds a signed release `.aab`.
+
 ## Kotlin Lint + Format
 
 ```bash
diff --git a/apps/android/app/build.gradle.kts b/apps/android/app/build.gradle.kts
index b187e131048..46afccbc3bf 100644
--- a/apps/android/app/build.gradle.kts
+++ b/apps/android/app/build.gradle.kts
@@ -1,5 +1,7 @@
 import com.android.build.api.variant.impl.VariantOutputImpl
 
+val dnsjavaInetAddressResolverService = "META-INF/services/java.net.spi.InetAddressResolverProvider"
+
 val androidStoreFile = providers.gradleProperty("OPENCLAW_ANDROID_STORE_FILE").orNull?.takeIf { it.isNotBlank() }
 val androidStorePassword = providers.gradleProperty("OPENCLAW_ANDROID_STORE_PASSWORD").orNull?.takeIf { it.isNotBlank() }
 val androidKeyAlias = providers.gradleProperty("OPENCLAW_ANDROID_KEY_ALIAS").orNull?.takeIf { it.isNotBlank() }
@@ -63,8 +65,8 @@ android {
         applicationId = "ai.openclaw.app"
         minSdk = 31
         targetSdk = 36
-        versionCode = 202603130
-        versionName = "2026.3.13"
+        versionCode = 2026031400
+        versionName = "2026.3.14"
         ndk {
             // Support all major ABIs — native libs are tiny (~47 KB per ABI)
             abiFilters += listOf("armeabi-v7a", "arm64-v8a", "x86", "x86_64")
@@ -78,6 +80,9 @@ android {
             }
             isMinifyEnabled = true
             isShrinkResources = true
+            ndk {
+                debugSymbolLevel = "SYMBOL_TABLE"
+            }
             proguardFiles(getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro")
         }
         debug {
@@ -104,6 +109,10 @@ android {
                     "/META-INF/LICENSE*.txt",
                     "DebugProbesKt.bin",
                     "kotlin-tooling-metadata.json",
+                    "org/bouncycastle/pqc/crypto/picnic/lowmcL1.bin.properties",
+                    "org/bouncycastle/pqc/crypto/picnic/lowmcL3.bin.properties",
+                    "org/bouncycastle/pqc/crypto/picnic/lowmcL5.bin.properties",
+                    "org/bouncycastle/x509/CertPathReviewerMessages*.properties",
                 )
         }
     }
@@ -168,7 +177,6 @@ dependencies {
     // material-icons-extended pulled in full icon set (~20 MB DEX). Only ~18 icons used.
     // R8 will tree-shake unused icons when minify is enabled on release builds.
     implementation("androidx.compose.material:material-icons-extended")
-    implementation("androidx.navigation:navigation-compose:2.9.7")
 
     debugImplementation("androidx.compose.ui:ui-tooling")
 
@@ -193,7 +201,6 @@ dependencies {
     implementation("androidx.camera:camera-camera2:1.5.2")
     implementation("androidx.camera:camera-lifecycle:1.5.2")
     implementation("androidx.camera:camera-video:1.5.2")
-    implementation("androidx.camera:camera-view:1.5.2")
     implementation("com.google.android.gms:play-services-code-scanner:16.1.0")
 
     // Unicast DNS-SD (Wide-Area Bonjour) for tailnet discovery domains.
@@ -211,3 +218,45 @@ dependencies {
 tasks.withType<Test>().configureEach {
     useJUnitPlatform()
 }
+
+val stripReleaseDnsjavaServiceDescriptor =
+    tasks.register("stripReleaseDnsjavaServiceDescriptor") {
+        val mergedJar =
+            layout.buildDirectory.file(
+                "intermediates/merged_java_res/release/mergeReleaseJavaResource/base.jar",
+            )
+
+        inputs.file(mergedJar)
+        outputs.file(mergedJar)
+
+        doLast {
+            val jarFile = mergedJar.get().asFile
+            if (!jarFile.exists()) {
+                return@doLast
+            }
+
+            val unpackDir = temporaryDir.resolve("merged-java-res")
+            delete(unpackDir)
+            copy {
+                from(zipTree(jarFile))
+                into(unpackDir)
+                exclude(dnsjavaInetAddressResolverService)
+            }
+            delete(jarFile)
+            ant.invokeMethod(
+                "zip",
+                mapOf(
+                    "destfile" to jarFile.absolutePath,
+                    "basedir" to unpackDir.absolutePath,
+                ),
+            )
+        }
+    }
+
+tasks.matching { it.name == "stripReleaseDnsjavaServiceDescriptor" }.configureEach {
+    dependsOn("mergeReleaseJavaResource")
+}
+
+tasks.matching { it.name == "minifyReleaseWithR8" }.configureEach {
+    dependsOn(stripReleaseDnsjavaServiceDescriptor)
+}
diff --git a/apps/android/app/proguard-rules.pro b/apps/android/app/proguard-rules.pro
index 78e4a363919..7c04b96833a 100644
--- a/apps/android/app/proguard-rules.pro
+++ b/apps/android/app/proguard-rules.pro
@@ -1,26 +1,6 @@
-# ── App classes ───────────────────────────────────────────────────
--keep class ai.openclaw.app.** { *; }
-
-# ── Bouncy Castle ─────────────────────────────────────────────────
--keep class org.bouncycastle.** { *; }
 -dontwarn org.bouncycastle.**
-
-# ── CameraX ───────────────────────────────────────────────────────
--keep class androidx.camera.** { *; }
-
-# ── kotlinx.serialization ────────────────────────────────────────
--keep class kotlinx.serialization.** { *; }
--keepclassmembers class * {
-    @kotlinx.serialization.Serializable *;
-}
--keepattributes *Annotation*, InnerClasses
-
-# ── OkHttp ────────────────────────────────────────────────────────
 -dontwarn okhttp3.**
 -dontwarn okio.**
--keep class okhttp3.internal.platform.** { *; }
-
-# ── Misc suppressions ────────────────────────────────────────────
 -dontwarn com.sun.jna.**
 -dontwarn javax.naming.**
 -dontwarn lombok.Generated
diff --git a/apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt b/apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt
index 128527144ef..80f42e02843 100644
--- a/apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/MainViewModel.kt
@@ -176,6 +176,10 @@ class MainViewModel(app: Application) : AndroidViewModel(app) {
     runtime.requestCanvasRehydrate(source = source, force = true)
   }
 
+  fun refreshHomeCanvasOverviewIfConnected() {
+    runtime.refreshHomeCanvasOverviewIfConnected()
+  }
+
   fun loadChat(sessionKey: String) {
     runtime.loadChat(sessionKey)
   }
diff --git a/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt b/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt
index bd94edef93c..dcf1e3bee89 100644
--- a/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt
@@ -33,6 +33,8 @@ import kotlinx.coroutines.flow.asStateFlow
 import kotlinx.coroutines.flow.combine
 import kotlinx.coroutines.flow.distinctUntilChanged
 import kotlinx.coroutines.launch
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.encodeToString
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.json.JsonArray
 import kotlinx.serialization.json.JsonObject
@@ -210,7 +212,8 @@ class NodeRuntime(context: Context) {
   private val _isForeground = MutableStateFlow(true)
   val isForeground: StateFlow<Boolean> = _isForeground.asStateFlow()
 
-  private var lastAutoA2uiUrl: String? = null
+  private var gatewayDefaultAgentId: String? = null
+  private var gatewayAgents: List<GatewayAgentSummary> = emptyList()
   private var didAutoRequestCanvasRehydrate = false
   private val canvasRehydrateSeq = AtomicLong(0)
   private var operatorConnected = false
@@ -232,7 +235,7 @@ class NodeRuntime(context: Context) {
         updateStatus()
         micCapture.onGatewayConnectionChanged(true)
         scope.launch {
-          refreshBrandingFromGateway()
+          refreshHomeCanvasOverviewIfConnected()
           if (voiceReplySpeakerLazy.isInitialized()) {
             voiceReplySpeaker.refreshConfig()
           }
@@ -270,7 +273,7 @@ class NodeRuntime(context: Context) {
         _canvasRehydratePending.value = false
         _canvasRehydrateErrorText.value = null
         updateStatus()
-        maybeNavigateToA2uiOnConnect()
+        showLocalCanvasOnConnect()
       },
       onDisconnected = { message ->
         _nodeConnected.value = false
@@ -396,6 +399,7 @@ class NodeRuntime(context: Context) {
     _mainSessionKey.value = trimmed
     talkMode.setMainSessionKey(trimmed)
     chat.applyMainSessionKey(trimmed)
+    updateHomeCanvasState()
   }
 
   private fun updateStatus() {
@@ -415,6 +419,7 @@ class NodeRuntime(context: Context) {
         operator.isNotBlank() && operator != "Offline" -> operator
         else -> node
       }
+    updateHomeCanvasState()
   }
 
   private fun resolveMainSessionKey(): String {
@@ -422,23 +427,31 @@ class NodeRuntime(context: Context) {
     return if (trimmed.isEmpty()) "main" else trimmed
   }
 
-  private fun maybeNavigateToA2uiOnConnect() {
-    val a2uiUrl = a2uiHandler.resolveA2uiHostUrl() ?: return
-    val current = canvas.currentUrl()?.trim().orEmpty()
-    if (current.isEmpty() || current == lastAutoA2uiUrl) {
-      lastAutoA2uiUrl = a2uiUrl
-      canvas.navigate(a2uiUrl)
-    }
-  }
-
-  private fun showLocalCanvasOnDisconnect() {
-    lastAutoA2uiUrl = null
+  private fun showLocalCanvasOnConnect() {
     _canvasA2uiHydrated.value = false
     _canvasRehydratePending.value = false
     _canvasRehydrateErrorText.value = null
     canvas.navigate("")
   }
 
+  private fun showLocalCanvasOnDisconnect() {
+    _canvasA2uiHydrated.value = false
+    _canvasRehydratePending.value = false
+    _canvasRehydrateErrorText.value = null
+    canvas.navigate("")
+  }
+
+  fun refreshHomeCanvasOverviewIfConnected() {
+    if (!operatorConnected) {
+      updateHomeCanvasState()
+      return
+    }
+    scope.launch {
+      refreshBrandingFromGateway()
+      refreshAgentsFromGateway()
+    }
+  }
+
   fun requestCanvasRehydrate(source: String = "manual", force: Boolean = true) {
     scope.launch {
       if (!_nodeConnected.value) {
@@ -602,6 +615,8 @@ class NodeRuntime(context: Context) {
           canvas.setDebugStatus(status, server ?: remote)
         }
     }
+
+    updateHomeCanvasState()
   }
 
   fun setForeground(value: Boolean) {
@@ -928,11 +943,177 @@ class NodeRuntime(context: Context) {
 
       val parsed = parseHexColorArgb(raw)
       _seamColorArgb.value = parsed ?: DEFAULT_SEAM_COLOR_ARGB
+      updateHomeCanvasState()
     } catch (_: Throwable) {
       // ignore
     }
   }
 
+  private suspend fun refreshAgentsFromGateway() {
+    if (!operatorConnected) return
+    try {
+      val res = operatorSession.request("agents.list", "{}")
+      val root = json.parseToJsonElement(res).asObjectOrNull() ?: return
+      val defaultAgentId = root["defaultId"].asStringOrNull()?.trim().orEmpty()
+      val mainKey = normalizeMainKey(root["mainKey"].asStringOrNull())
+      val agents =
+        (root["agents"] as? JsonArray)?.mapNotNull { item ->
+          val obj = item.asObjectOrNull() ?: return@mapNotNull null
+          val id = obj["id"].asStringOrNull()?.trim().orEmpty()
+          if (id.isEmpty()) return@mapNotNull null
+          val name = obj["name"].asStringOrNull()?.trim()
+          val emoji = obj["identity"].asObjectOrNull()?.get("emoji").asStringOrNull()?.trim()
+          GatewayAgentSummary(
+            id = id,
+            name = name?.takeIf { it.isNotEmpty() },
+            emoji = emoji?.takeIf { it.isNotEmpty() },
+          )
+        } ?: emptyList()
+
+      gatewayDefaultAgentId = defaultAgentId.ifEmpty { null }
+      gatewayAgents = agents
+      applyMainSessionKey(mainKey)
+      updateHomeCanvasState()
+    } catch (_: Throwable) {
+      // ignore
+    }
+  }
+
+  private fun updateHomeCanvasState() {
+    val payload =
+      try {
+        json.encodeToString(makeHomeCanvasPayload())
+      } catch (_: Throwable) {
+        null
+      }
+    canvas.updateHomeCanvasState(payload)
+  }
+
+  private fun makeHomeCanvasPayload(): HomeCanvasPayload {
+    val state = resolveHomeCanvasGatewayState()
+    val gatewayName = normalized(_serverName.value)
+    val gatewayAddress = normalized(_remoteAddress.value)
+    val gatewayLabel = gatewayName ?: gatewayAddress ?: "Gateway"
+    val activeAgentId = resolveActiveAgentId()
+    val agents = homeCanvasAgents(activeAgentId)
+
+    return when (state) {
+      HomeCanvasGatewayState.Connected ->
+        HomeCanvasPayload(
+          gatewayState = "connected",
+          eyebrow = "Connected to $gatewayLabel",
+          title = "Your agents are ready",
+          subtitle =
+            "This phone stays dormant until the gateway needs it, then wakes, syncs, and goes back to sleep.",
+          gatewayLabel = gatewayLabel,
+          activeAgentName = resolveActiveAgentName(activeAgentId),
+          activeAgentBadge = agents.firstOrNull { it.isActive }?.badge ?: "OC",
+          activeAgentCaption = "Selected on this phone",
+          agentCount = agents.size,
+          agents = agents.take(6),
+          footer = "The overview refreshes on reconnect and when this screen opens.",
+        )
+      HomeCanvasGatewayState.Connecting ->
+        HomeCanvasPayload(
+          gatewayState = "connecting",
+          eyebrow = "Reconnecting",
+          title = "OpenClaw is syncing back up",
+          subtitle =
+            "The gateway session is coming back online. Agent shortcuts should settle automatically in a moment.",
+          gatewayLabel = gatewayLabel,
+          activeAgentName = resolveActiveAgentName(activeAgentId),
+          activeAgentBadge = "OC",
+          activeAgentCaption = "Gateway session in progress",
+          agentCount = agents.size,
+          agents = agents.take(4),
+          footer = "If the gateway is reachable, reconnect should complete without intervention.",
+        )
+      HomeCanvasGatewayState.Error, HomeCanvasGatewayState.Offline ->
+        HomeCanvasPayload(
+          gatewayState = if (state == HomeCanvasGatewayState.Error) "error" else "offline",
+          eyebrow = "Welcome to OpenClaw",
+          title = "Your phone stays quiet until it is needed",
+          subtitle =
+            "Pair this device to your gateway to wake it only for real work, keep a live agent overview handy, and avoid battery-draining background loops.",
+          gatewayLabel = gatewayLabel,
+          activeAgentName = "Main",
+          activeAgentBadge = "OC",
+          activeAgentCaption = "Connect to load your agents",
+          agentCount = agents.size,
+          agents = agents.take(4),
+          footer = "When connected, the gateway can wake the phone with a silent push instead of holding an always-on session.",
+        )
+    }
+  }
+
+  private fun resolveHomeCanvasGatewayState(): HomeCanvasGatewayState {
+    val lower = _statusText.value.trim().lowercase()
+    return when {
+      _isConnected.value -> HomeCanvasGatewayState.Connected
+      lower.contains("connecting") || lower.contains("reconnecting") -> HomeCanvasGatewayState.Connecting
+      lower.contains("error") || lower.contains("failed") -> HomeCanvasGatewayState.Error
+      else -> HomeCanvasGatewayState.Offline
+    }
+  }
+
+  private fun resolveActiveAgentId(): String {
+    val mainKey = _mainSessionKey.value.trim()
+    if (mainKey.startsWith("agent:")) {
+      val agentId = mainKey.removePrefix("agent:").substringBefore(':').trim()
+      if (agentId.isNotEmpty()) return agentId
+    }
+    return gatewayDefaultAgentId?.trim().orEmpty()
+  }
+
+  private fun resolveActiveAgentName(activeAgentId: String): String {
+    if (activeAgentId.isNotEmpty()) {
+      gatewayAgents.firstOrNull { it.id == activeAgentId }?.let { agent ->
+        return normalized(agent.name) ?: agent.id
+      }
+      return activeAgentId
+    }
+    return gatewayAgents.firstOrNull()?.let { normalized(it.name) ?: it.id } ?: "Main"
+  }
+
+  private fun homeCanvasAgents(activeAgentId: String): List<HomeCanvasAgentCard> {
+    val defaultAgentId = gatewayDefaultAgentId?.trim().orEmpty()
+    return gatewayAgents
+      .map { agent ->
+        val isActive = activeAgentId.isNotEmpty() && agent.id == activeAgentId
+        val isDefault = defaultAgentId.isNotEmpty() && agent.id == defaultAgentId
+        HomeCanvasAgentCard(
+          id = agent.id,
+          name = normalized(agent.name) ?: agent.id,
+          badge = homeCanvasBadge(agent),
+          caption =
+            when {
+              isActive -> "Active on this phone"
+              isDefault -> "Default agent"
+              else -> "Ready"
+            },
+          isActive = isActive,
+        )
+      }.sortedWith(compareByDescending<HomeCanvasAgentCard> { it.isActive }.thenBy { it.name.lowercase() })
+  }
+
+  private fun homeCanvasBadge(agent: GatewayAgentSummary): String {
+    val emoji = normalized(agent.emoji)
+    if (emoji != null) return emoji
+    val initials =
+      (normalized(agent.name) ?: agent.id)
+        .split(' ', '-', '_')
+        .filter { it.isNotBlank() }
+        .take(2)
+        .mapNotNull { token -> token.firstOrNull()?.uppercaseChar()?.toString() }
+        .joinToString("")
+    return if (initials.isNotEmpty()) initials else "OC"
+  }
+
+  private fun normalized(value: String?): String? {
+    val trimmed = value?.trim().orEmpty()
+    return trimmed.ifEmpty { null }
+  }
+
   private fun triggerCameraFlash() {
     // Token is used as a pulse trigger; value doesn't matter as long as it changes.
     _cameraFlashToken.value = SystemClock.elapsedRealtimeNanos()
@@ -951,3 +1132,40 @@ class NodeRuntime(context: Context) {
   }
 
 }
+
+private enum class HomeCanvasGatewayState {
+  Connected,
+  Connecting,
+  Error,
+  Offline,
+}
+
+private data class GatewayAgentSummary(
+  val id: String,
+  val name: String?,
+  val emoji: String?,
+)
+
+@Serializable
+private data class HomeCanvasPayload(
+  val gatewayState: String,
+  val eyebrow: String,
+  val title: String,
+  val subtitle: String,
+  val gatewayLabel: String,
+  val activeAgentName: String,
+  val activeAgentBadge: String,
+  val activeAgentCaption: String,
+  val agentCount: Int,
+  val agents: List<HomeCanvasAgentCard>,
+  val footer: String,
+)
+
+@Serializable
+private data class HomeCanvasAgentCard(
+  val id: String,
+  val name: String,
+  val badge: String,
+  val caption: String,
+  val isActive: Boolean,
+)
diff --git a/apps/android/app/src/main/java/ai/openclaw/app/node/CanvasController.kt b/apps/android/app/src/main/java/ai/openclaw/app/node/CanvasController.kt
index 9efb2a924d7..0eab9d75a5b 100644
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/CanvasController.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/CanvasController.kt
@@ -34,6 +34,7 @@ class CanvasController {
   @Volatile private var debugStatusEnabled: Boolean = false
   @Volatile private var debugStatusTitle: String? = null
   @Volatile private var debugStatusSubtitle: String? = null
+  @Volatile private var homeCanvasStateJson: String? = null
   private val _currentUrl = MutableStateFlow<String?>(null)
   val currentUrl: StateFlow<String?> = _currentUrl.asStateFlow()
 
@@ -56,6 +57,7 @@ class CanvasController {
     this.webView = webView
     reload()
     applyDebugStatus()
+    applyHomeCanvasState()
   }
 
   fun detach(webView: WebView) {
@@ -88,6 +90,12 @@ class CanvasController {
 
   fun onPageFinished() {
     applyDebugStatus()
+    applyHomeCanvasState()
+  }
+
+  fun updateHomeCanvasState(json: String?) {
+    homeCanvasStateJson = json
+    applyHomeCanvasState()
   }
 
   private inline fun withWebViewOnMain(crossinline block: (WebView) -> Unit) {
@@ -142,6 +150,22 @@ class CanvasController {
     }
   }
 
+  private fun applyHomeCanvasState() {
+    val payload = homeCanvasStateJson ?: "null"
+    withWebViewOnMain { wv ->
+      val js = """
+        (() => {
+          try {
+            const api = globalThis.__openclaw;
+            if (!api || typeof api.renderHome !== 'function') return;
+            api.renderHome($payload);
+          } catch (_) {}
+        })();
+      """.trimIndent()
+      wv.evaluateJavascript(js, null)
+    }
+  }
+
   suspend fun eval(javaScript: String): String =
     withContext(Dispatchers.Main) {
       val wv = webView ?: throw IllegalStateException("no webview")
diff --git a/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayConfigResolver.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayConfigResolver.kt
index 9ca5687e594..3416900ed5b 100644
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayConfigResolver.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/GatewayConfigResolver.kt
@@ -97,7 +97,7 @@ internal fun parseGatewayEndpoint(rawInput: String): GatewayEndpointConfig? {
       "wss", "https" -> true
       else -> true
     }
-  val port = uri.port.takeIf { it in 1..65535 } ?: 18789
+  val port = uri.port.takeIf { it in 1..65535 } ?: if (tls) 443 else 18789
   val displayUrl = "${if (tls) "https" else "http"}://$host:$port"
 
   return GatewayEndpointConfig(host = host, port = port, tls = tls, displayUrl = displayUrl)
diff --git a/apps/android/app/src/main/java/ai/openclaw/app/ui/PostOnboardingTabs.kt b/apps/android/app/src/main/java/ai/openclaw/app/ui/PostOnboardingTabs.kt
index 0642f9b3a7e..c3a14fe5a54 100644
--- a/apps/android/app/src/main/java/ai/openclaw/app/ui/PostOnboardingTabs.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/ui/PostOnboardingTabs.kt
@@ -134,43 +134,14 @@ fun PostOnboardingTabs(viewModel: MainViewModel, modifier: Modifier = Modifier)
 @Composable
 private fun ScreenTabScreen(viewModel: MainViewModel) {
   val isConnected by viewModel.isConnected.collectAsState()
-  val isNodeConnected by viewModel.isNodeConnected.collectAsState()
-  val canvasUrl by viewModel.canvasCurrentUrl.collectAsState()
-  val canvasA2uiHydrated by viewModel.canvasA2uiHydrated.collectAsState()
-  val canvasRehydratePending by viewModel.canvasRehydratePending.collectAsState()
-  val canvasRehydrateErrorText by viewModel.canvasRehydrateErrorText.collectAsState()
-  val isA2uiUrl = canvasUrl?.contains("/__openclaw__/a2ui/") == true
-  val showRestoreCta = isConnected && isNodeConnected && (canvasUrl.isNullOrBlank() || (isA2uiUrl && !canvasA2uiHydrated))
-  val restoreCtaText =
-    when {
-      canvasRehydratePending -> "Restore requested. Waiting for agent…"
-      !canvasRehydrateErrorText.isNullOrBlank() -> canvasRehydrateErrorText!!
-      else -> "Canvas reset. Tap to restore dashboard."
+  LaunchedEffect(isConnected) {
+    if (isConnected) {
+      viewModel.refreshHomeCanvasOverviewIfConnected()
     }
+  }
 
   Box(modifier = Modifier.fillMaxSize()) {
     CanvasScreen(viewModel = viewModel, modifier = Modifier.fillMaxSize())
-
-    if (showRestoreCta) {
-      Surface(
-        onClick = {
-          if (canvasRehydratePending) return@Surface
-          viewModel.requestCanvasRehydrate(source = "screen_tab_cta")
-        },
-        modifier = Modifier.align(Alignment.TopCenter).padding(horizontal = 16.dp, vertical = 16.dp),
-        shape = RoundedCornerShape(12.dp),
-        color = mobileSurface.copy(alpha = 0.9f),
-        border = BorderStroke(1.dp, mobileBorder),
-        shadowElevation = 4.dp,
-      ) {
-        Text(
-          text = restoreCtaText,
-          modifier = Modifier.padding(horizontal = 12.dp, vertical = 10.dp),
-          style = mobileCallout.copy(fontWeight = FontWeight.Medium),
-          color = mobileText,
-        )
-      }
-    }
   }
 }
 
diff --git a/apps/android/app/src/test/java/ai/openclaw/app/ui/GatewayConfigResolverTest.kt b/apps/android/app/src/test/java/ai/openclaw/app/ui/GatewayConfigResolverTest.kt
index a4eef3b9b09..5c24631cf0b 100644
--- a/apps/android/app/src/test/java/ai/openclaw/app/ui/GatewayConfigResolverTest.kt
+++ b/apps/android/app/src/test/java/ai/openclaw/app/ui/GatewayConfigResolverTest.kt
@@ -92,6 +92,30 @@ class GatewayConfigResolverTest {
     assertNull(resolved?.password?.takeIf { it.isNotEmpty() })
   }
 
+  @Test
+  fun resolveGatewayConnectConfigDefaultsPortlessWssSetupCodeTo443() {
+    val setupCode =
+      encodeSetupCode("""{"url":"wss://gateway.example","bootstrapToken":"bootstrap-1"}""")
+
+    val resolved =
+      resolveGatewayConnectConfig(
+        useSetupCode = true,
+        setupCode = setupCode,
+        manualHost = "",
+        manualPort = "",
+        manualTls = true,
+        fallbackToken = "shared-token",
+        fallbackPassword = "shared-password",
+      )
+
+    assertEquals("gateway.example", resolved?.host)
+    assertEquals(443, resolved?.port)
+    assertEquals(true, resolved?.tls)
+    assertEquals("bootstrap-1", resolved?.bootstrapToken)
+    assertNull(resolved?.token?.takeIf { it.isNotEmpty() })
+    assertNull(resolved?.password?.takeIf { it.isNotEmpty() })
+  }
+
   private fun encodeSetupCode(payloadJson: String): String {
     return Base64.getUrlEncoder().withoutPadding().encodeToString(payloadJson.toByteArray(Charsets.UTF_8))
   }
diff --git a/apps/android/scripts/build-release-aab.ts b/apps/android/scripts/build-release-aab.ts
new file mode 100644
index 00000000000..30e4bb0390b
--- /dev/null
+++ b/apps/android/scripts/build-release-aab.ts
@@ -0,0 +1,125 @@
+#!/usr/bin/env bun
+
+import { $ } from "bun";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const scriptDir = dirname(fileURLToPath(import.meta.url));
+const androidDir = join(scriptDir, "..");
+const buildGradlePath = join(androidDir, "app", "build.gradle.kts");
+const bundlePath = join(androidDir, "app", "build", "outputs", "bundle", "release", "app-release.aab");
+
+type VersionState = {
+  versionName: string;
+  versionCode: number;
+};
+
+type ParsedVersionMatches = {
+  versionNameMatch: RegExpMatchArray;
+  versionCodeMatch: RegExpMatchArray;
+};
+
+function formatVersionName(date: Date): string {
+  const year = date.getFullYear();
+  const month = date.getMonth() + 1;
+  const day = date.getDate();
+  return `${year}.${month}.${day}`;
+}
+
+function formatVersionCodePrefix(date: Date): string {
+  const year = date.getFullYear().toString();
+  const month = (date.getMonth() + 1).toString().padStart(2, "0");
+  const day = date.getDate().toString().padStart(2, "0");
+  return `${year}${month}${day}`;
+}
+
+function parseVersionMatches(buildGradleText: string): ParsedVersionMatches {
+  const versionCodeMatch = buildGradleText.match(/versionCode = (\d+)/);
+  const versionNameMatch = buildGradleText.match(/versionName = "([^"]+)"/);
+  if (!versionCodeMatch || !versionNameMatch) {
+    throw new Error(`Couldn't parse versionName/versionCode from ${buildGradlePath}`);
+  }
+  return { versionCodeMatch, versionNameMatch };
+}
+
+function resolveNextVersionCode(currentVersionCode: number, todayPrefix: string): number {
+  const currentRaw = currentVersionCode.toString();
+  let nextSuffix = 0;
+
+  if (currentRaw.startsWith(todayPrefix)) {
+    const suffixRaw = currentRaw.slice(todayPrefix.length);
+    nextSuffix = (suffixRaw ? Number.parseInt(suffixRaw, 10) : 0) + 1;
+  }
+
+  if (!Number.isInteger(nextSuffix) || nextSuffix < 0 || nextSuffix > 99) {
+    throw new Error(
+      `Can't auto-bump Android versionCode for ${todayPrefix}: next suffix ${nextSuffix} is invalid`,
+    );
+  }
+
+  return Number.parseInt(`${todayPrefix}${nextSuffix.toString().padStart(2, "0")}`, 10);
+}
+
+function resolveNextVersion(buildGradleText: string, date: Date): VersionState {
+  const { versionCodeMatch } = parseVersionMatches(buildGradleText);
+  const currentVersionCode = Number.parseInt(versionCodeMatch[1] ?? "", 10);
+  if (!Number.isInteger(currentVersionCode)) {
+    throw new Error(`Invalid Android versionCode in ${buildGradlePath}`);
+  }
+
+  const versionName = formatVersionName(date);
+  const versionCode = resolveNextVersionCode(currentVersionCode, formatVersionCodePrefix(date));
+  return { versionName, versionCode };
+}
+
+function updateBuildGradleVersions(buildGradleText: string, nextVersion: VersionState): string {
+  return buildGradleText
+    .replace(/versionCode = \d+/, `versionCode = ${nextVersion.versionCode}`)
+    .replace(/versionName = "[^"]+"/, `versionName = "${nextVersion.versionName}"`);
+}
+
+async function sha256Hex(path: string): Promise<string> {
+  const buffer = await Bun.file(path).arrayBuffer();
+  const digest = await crypto.subtle.digest("SHA-256", buffer);
+  return Array.from(new Uint8Array(digest), (byte) => byte.toString(16).padStart(2, "0")).join("");
+}
+
+async function verifyBundleSignature(path: string): Promise<void> {
+  await $`jarsigner -verify ${path}`.quiet();
+}
+
+async function main() {
+  const buildGradleFile = Bun.file(buildGradlePath);
+  const originalText = await buildGradleFile.text();
+  const nextVersion = resolveNextVersion(originalText, new Date());
+  const updatedText = updateBuildGradleVersions(originalText, nextVersion);
+
+  if (updatedText === originalText) {
+    throw new Error("Android version bump produced no change");
+  }
+
+  console.log(`Android versionName -> ${nextVersion.versionName}`);
+  console.log(`Android versionCode -> ${nextVersion.versionCode}`);
+
+  await Bun.write(buildGradlePath, updatedText);
+
+  try {
+    await $`./gradlew :app:bundleRelease`.cwd(androidDir);
+  } catch (error) {
+    await Bun.write(buildGradlePath, originalText);
+    throw error;
+  }
+
+  const bundleFile = Bun.file(bundlePath);
+  if (!(await bundleFile.exists())) {
+    throw new Error(`Signed bundle missing at ${bundlePath}`);
+  }
+
+  await verifyBundleSignature(bundlePath);
+  const hash = await sha256Hex(bundlePath);
+
+  console.log(`Signed AAB: ${bundlePath}`);
+  console.log(`SHA-256: ${hash}`);
+}
+
+await main();
diff --git a/apps/ios/Config/Version.xcconfig b/apps/ios/Config/Version.xcconfig
index db38e86df80..4297bc8ff57 100644
--- a/apps/ios/Config/Version.xcconfig
+++ b/apps/ios/Config/Version.xcconfig
@@ -1,8 +1,8 @@
 // Shared iOS version defaults.
 // Generated overrides live in build/Version.xcconfig (git-ignored).
 
-OPENCLAW_GATEWAY_VERSION = 0.0.0
-OPENCLAW_MARKETING_VERSION = 0.0.0
-OPENCLAW_BUILD_VERSION = 0
+OPENCLAW_GATEWAY_VERSION = 2026.3.14
+OPENCLAW_MARKETING_VERSION = 2026.3.14
+OPENCLAW_BUILD_VERSION = 202603140
 
 #include? "../build/Version.xcconfig"
diff --git a/apps/macos/Sources/OpenClaw/CronJobEditor+Helpers.swift b/apps/macos/Sources/OpenClaw/CronJobEditor+Helpers.swift
index 26b64ea7c65..41b98111b4e 100644
--- a/apps/macos/Sources/OpenClaw/CronJobEditor+Helpers.swift
+++ b/apps/macos/Sources/OpenClaw/CronJobEditor+Helpers.swift
@@ -16,7 +16,14 @@ extension CronJobEditor {
         self.agentId = job.agentId ?? ""
         self.enabled = job.enabled
         self.deleteAfterRun = job.deleteAfterRun ?? false
-        self.sessionTarget = job.sessionTarget
+        switch job.parsedSessionTarget {
+        case .predefined(let target):
+            self.sessionTarget = target
+            self.preservedSessionTargetRaw = nil
+        case .session(let id):
+            self.sessionTarget = .isolated
+            self.preservedSessionTargetRaw = "session:\(id)"
+        }
         self.wakeMode = job.wakeMode
 
         switch job.schedule {
@@ -51,7 +58,7 @@ extension CronJobEditor {
             self.channel = trimmed.isEmpty ? "last" : trimmed
             self.to = delivery.to ?? ""
             self.bestEffortDeliver = delivery.bestEffort ?? false
-        } else if self.sessionTarget == .isolated {
+        } else if self.isIsolatedLikeSessionTarget {
             self.deliveryMode = .announce
         }
     }
@@ -80,7 +87,7 @@ extension CronJobEditor {
             "name": name,
             "enabled": self.enabled,
             "schedule": schedule,
-            "sessionTarget": self.sessionTarget.rawValue,
+            "sessionTarget": self.effectiveSessionTargetRaw,
             "wakeMode": self.wakeMode.rawValue,
             "payload": payload,
         ]
@@ -92,7 +99,7 @@ extension CronJobEditor {
             root["agentId"] = NSNull()
         }
 
-        if self.sessionTarget == .isolated {
+        if self.isIsolatedLikeSessionTarget {
             root["delivery"] = self.buildDelivery()
         }
 
@@ -160,7 +167,7 @@ extension CronJobEditor {
     }
 
     func buildSelectedPayload() throws -> [String: Any] {
-        if self.sessionTarget == .isolated { return self.buildAgentTurnPayload() }
+        if self.isIsolatedLikeSessionTarget { return self.buildAgentTurnPayload() }
         switch self.payloadKind {
         case .systemEvent:
             let text = self.trimmed(self.systemEventText)
@@ -171,7 +178,7 @@ extension CronJobEditor {
     }
 
     func validateSessionTarget(_ payload: [String: Any]) throws {
-        if self.sessionTarget == .main, payload["kind"] as? String == "agentTurn" {
+        if self.effectiveSessionTargetRaw == "main", payload["kind"] as? String == "agentTurn" {
             throw NSError(
                 domain: "Cron",
                 code: 0,
@@ -181,7 +188,7 @@ extension CronJobEditor {
                 ])
         }
 
-        if self.sessionTarget == .isolated, payload["kind"] as? String == "systemEvent" {
+        if self.effectiveSessionTargetRaw != "main", payload["kind"] as? String == "systemEvent" {
             throw NSError(
                 domain: "Cron",
                 code: 0,
@@ -257,6 +264,17 @@ extension CronJobEditor {
         return Int(floor(n * factor))
     }
 
+    var effectiveSessionTargetRaw: String {
+        if self.sessionTarget == .isolated, let preserved = self.preservedSessionTargetRaw?.trimmingCharacters(in: .whitespacesAndNewlines), !preserved.isEmpty {
+            return preserved
+        }
+        return self.sessionTarget.rawValue
+    }
+
+    var isIsolatedLikeSessionTarget: Bool {
+        self.effectiveSessionTargetRaw != "main"
+    }
+
     func formatDuration(ms: Int) -> String {
         DurationFormattingSupport.conciseDuration(ms: ms)
     }
diff --git a/apps/macos/Sources/OpenClaw/CronJobEditor.swift b/apps/macos/Sources/OpenClaw/CronJobEditor.swift
index a7d88a4f2fb..292f3a63284 100644
--- a/apps/macos/Sources/OpenClaw/CronJobEditor.swift
+++ b/apps/macos/Sources/OpenClaw/CronJobEditor.swift
@@ -16,7 +16,7 @@ struct CronJobEditor: View {
             + "Use an isolated session for agent turns so your main chat stays clean."
     static let sessionTargetNote =
         "Main jobs post a system event into the current main session. "
-            + "Isolated jobs run OpenClaw in a dedicated session and can announce results to a channel."
+            + "Current and isolated-style jobs run agent turns and can announce results to a channel."
     static let scheduleKindNote =
         "“At” runs once, “Every” repeats with a duration, “Cron” uses a 5-field Unix expression."
     static let isolatedPayloadNote =
@@ -29,6 +29,7 @@ struct CronJobEditor: View {
     @State var agentId: String = ""
     @State var enabled: Bool = true
     @State var sessionTarget: CronSessionTarget = .main
+    @State var preservedSessionTargetRaw: String?
     @State var wakeMode: CronWakeMode = .now
     @State var deleteAfterRun: Bool = false
 
@@ -117,6 +118,7 @@ struct CronJobEditor: View {
                                 Picker("", selection: self.$sessionTarget) {
                                     Text("main").tag(CronSessionTarget.main)
                                     Text("isolated").tag(CronSessionTarget.isolated)
+                                    Text("current").tag(CronSessionTarget.current)
                                 }
                                 .labelsHidden()
                                 .pickerStyle(.segmented)
@@ -209,7 +211,7 @@ struct CronJobEditor: View {
 
                     GroupBox("Payload") {
                         VStack(alignment: .leading, spacing: 10) {
-                            if self.sessionTarget == .isolated {
+                            if self.isIsolatedLikeSessionTarget {
                                 Text(Self.isolatedPayloadNote)
                                     .font(.footnote)
                                     .foregroundStyle(.secondary)
@@ -289,8 +291,11 @@ struct CronJobEditor: View {
                 self.sessionTarget = .isolated
             }
         }
-        .onChange(of: self.sessionTarget) { _, newValue in
-            if newValue == .isolated {
+        .onChange(of: self.sessionTarget) { oldValue, newValue in
+            if oldValue != newValue {
+                self.preservedSessionTargetRaw = nil
+            }
+            if newValue != .main {
                 self.payloadKind = .agentTurn
             } else if newValue == .main, self.payloadKind == .agentTurn {
                 self.payloadKind = .systemEvent
diff --git a/apps/macos/Sources/OpenClaw/CronModels.swift b/apps/macos/Sources/OpenClaw/CronModels.swift
index e0ce46c13da..40079453974 100644
--- a/apps/macos/Sources/OpenClaw/CronModels.swift
+++ b/apps/macos/Sources/OpenClaw/CronModels.swift
@@ -3,12 +3,39 @@ import Foundation
 enum CronSessionTarget: String, CaseIterable, Identifiable, Codable {
     case main
     case isolated
+    case current
 
     var id: String {
         self.rawValue
     }
 }
 
+enum CronCustomSessionTarget: Codable, Equatable {
+    case predefined(CronSessionTarget)
+    case session(id: String)
+
+    var rawValue: String {
+        switch self {
+        case .predefined(let target):
+            return target.rawValue
+        case .session(let id):
+            return "session:\(id)"
+        }
+    }
+
+    static func from(_ value: String) -> CronCustomSessionTarget {
+        if let predefined = CronSessionTarget(rawValue: value) {
+            return .predefined(predefined)
+        }
+        if value.hasPrefix("session:") {
+            let sessionId = String(value.dropFirst(8))
+            return .session(id: sessionId)
+        }
+        // Fallback to isolated for unknown values
+        return .predefined(.isolated)
+    }
+}
+
 enum CronWakeMode: String, CaseIterable, Identifiable, Codable {
     case now
     case nextHeartbeat = "next-heartbeat"
@@ -204,12 +231,69 @@ struct CronJob: Identifiable, Codable, Equatable {
     let createdAtMs: Int
     let updatedAtMs: Int
     let schedule: CronSchedule
-    let sessionTarget: CronSessionTarget
+    private let sessionTargetRaw: String
     let wakeMode: CronWakeMode
     let payload: CronPayload
     let delivery: CronDelivery?
     let state: CronJobState
 
+    enum CodingKeys: String, CodingKey {
+        case id
+        case agentId
+        case name
+        case description
+        case enabled
+        case deleteAfterRun
+        case createdAtMs
+        case updatedAtMs
+        case schedule
+        case sessionTargetRaw = "sessionTarget"
+        case wakeMode
+        case payload
+        case delivery
+        case state
+    }
+
+    /// Parsed session target (predefined or custom session ID)
+    var parsedSessionTarget: CronCustomSessionTarget {
+        CronCustomSessionTarget.from(self.sessionTargetRaw)
+    }
+
+    /// Compatibility shim for existing editor/UI code paths that still use the
+    /// predefined enum.
+    var sessionTarget: CronSessionTarget {
+        switch self.parsedSessionTarget {
+        case .predefined(let target):
+            return target
+        case .session:
+            return .isolated
+        }
+    }
+
+    var sessionTargetDisplayValue: String {
+        self.parsedSessionTarget.rawValue
+    }
+
+    var transcriptSessionKey: String? {
+        switch self.parsedSessionTarget {
+        case .predefined(.main):
+            return nil
+        case .predefined(.isolated), .predefined(.current):
+            return "cron:\(self.id)"
+        case .session(let id):
+            return id
+        }
+    }
+
+    var supportsAnnounceDelivery: Bool {
+        switch self.parsedSessionTarget {
+        case .predefined(.main):
+            return false
+        case .predefined(.isolated), .predefined(.current), .session:
+            return true
+        }
+    }
+
     var displayName: String {
         let trimmed = self.name.trimmingCharacters(in: .whitespacesAndNewlines)
         return trimmed.isEmpty ? "Untitled job" : trimmed
diff --git a/apps/macos/Sources/OpenClaw/CronSettings+Rows.swift b/apps/macos/Sources/OpenClaw/CronSettings+Rows.swift
index 69655bdc302..85e45928853 100644
--- a/apps/macos/Sources/OpenClaw/CronSettings+Rows.swift
+++ b/apps/macos/Sources/OpenClaw/CronSettings+Rows.swift
@@ -18,7 +18,7 @@ extension CronSettings {
                 }
             }
             HStack(spacing: 6) {
-                StatusPill(text: job.sessionTarget.rawValue, tint: .secondary)
+                StatusPill(text: job.sessionTargetDisplayValue, tint: .secondary)
                 StatusPill(text: job.wakeMode.rawValue, tint: .secondary)
                 if let agentId = job.agentId, !agentId.isEmpty {
                     StatusPill(text: "agent \(agentId)", tint: .secondary)
@@ -34,9 +34,9 @@ extension CronSettings {
     @ViewBuilder
     func jobContextMenu(_ job: CronJob) -> some View {
         Button("Run now") { Task { await self.store.runJob(id: job.id, force: true) } }
-        if job.sessionTarget == .isolated {
+        if let transcriptSessionKey = job.transcriptSessionKey {
             Button("Open transcript") {
-                WebChatManager.shared.show(sessionKey: "cron:\(job.id)")
+                WebChatManager.shared.show(sessionKey: transcriptSessionKey)
             }
         }
         Divider()
@@ -75,9 +75,9 @@ extension CronSettings {
                     .labelsHidden()
                 Button("Run") { Task { await self.store.runJob(id: job.id, force: true) } }
                     .buttonStyle(.borderedProminent)
-                if job.sessionTarget == .isolated {
+                if let transcriptSessionKey = job.transcriptSessionKey {
                     Button("Transcript") {
-                        WebChatManager.shared.show(sessionKey: "cron:\(job.id)")
+                        WebChatManager.shared.show(sessionKey: transcriptSessionKey)
                     }
                     .buttonStyle(.bordered)
                 }
@@ -103,7 +103,7 @@ extension CronSettings {
             if let agentId = job.agentId, !agentId.isEmpty {
                 LabeledContent("Agent") { Text(agentId) }
             }
-            LabeledContent("Session") { Text(job.sessionTarget.rawValue) }
+            LabeledContent("Session") { Text(job.sessionTargetDisplayValue) }
             LabeledContent("Wake") { Text(job.wakeMode.rawValue) }
             LabeledContent("Next run") {
                 if let date = job.nextRunDate {
@@ -224,7 +224,7 @@ extension CronSettings {
                     HStack(spacing: 8) {
                         if let thinking, !thinking.isEmpty { StatusPill(text: "think \(thinking)", tint: .secondary) }
                         if let timeoutSeconds { StatusPill(text: "\(timeoutSeconds)s", tint: .secondary) }
-                        if job.sessionTarget == .isolated {
+                        if job.supportsAnnounceDelivery {
                             let delivery = job.delivery
                             if let delivery {
                                 if delivery.mode == .announce {
diff --git a/apps/macos/Sources/OpenClaw/ExecApprovals.swift b/apps/macos/Sources/OpenClaw/ExecApprovals.swift
index 7fc4385b96c..141da33ad48 100644
--- a/apps/macos/Sources/OpenClaw/ExecApprovals.swift
+++ b/apps/macos/Sources/OpenClaw/ExecApprovals.swift
@@ -370,6 +370,17 @@ enum ExecApprovalsStore {
 
     static func resolve(agentId: String?) -> ExecApprovalsResolved {
         let file = self.ensureFile()
+        return self.resolveFromFile(file, agentId: agentId)
+    }
+
+    /// Read-only resolve: loads file without writing (no ensureFile side effects).
+    /// Safe to call from background threads / off MainActor.
+    static func resolveReadOnly(agentId: String?) -> ExecApprovalsResolved {
+        let file = self.loadFile()
+        return self.resolveFromFile(file, agentId: agentId)
+    }
+
+    private static func resolveFromFile(_ file: ExecApprovalsFile, agentId: String?) -> ExecApprovalsResolved {
         let defaults = file.defaults ?? ExecApprovalsDefaults()
         let resolvedDefaults = ExecApprovalsResolvedDefaults(
             security: defaults.security ?? self.defaultSecurity,
diff --git a/apps/macos/Sources/OpenClaw/ExecApprovalsGatewayPrompter.swift b/apps/macos/Sources/OpenClaw/ExecApprovalsGatewayPrompter.swift
index 379e8c0f559..08e60b84d2b 100644
--- a/apps/macos/Sources/OpenClaw/ExecApprovalsGatewayPrompter.swift
+++ b/apps/macos/Sources/OpenClaw/ExecApprovalsGatewayPrompter.swift
@@ -43,7 +43,33 @@ final class ExecApprovalsGatewayPrompter {
         do {
             let data = try JSONEncoder().encode(payload)
             let request = try JSONDecoder().decode(GatewayApprovalRequest.self, from: data)
-            guard self.shouldPresent(request: request) else { return }
+            let presentation = self.shouldPresent(request: request)
+            guard presentation.shouldAsk else {
+                // Ask policy says no prompt needed – resolve based on security policy
+                let decision: ExecApprovalDecision = presentation.security == .full ? .allowOnce : .deny
+                try await GatewayConnection.shared.requestVoid(
+                    method: .execApprovalResolve,
+                    params: [
+                        "id": AnyCodable(request.id),
+                        "decision": AnyCodable(decision.rawValue),
+                    ],
+                    timeoutMs: 10000)
+                return
+            }
+            guard presentation.canPresent else {
+                let decision = Self.fallbackDecision(
+                    request: request.request,
+                    askFallback: presentation.askFallback,
+                    allowlist: presentation.allowlist)
+                try await GatewayConnection.shared.requestVoid(
+                    method: .execApprovalResolve,
+                    params: [
+                        "id": AnyCodable(request.id),
+                        "decision": AnyCodable(decision.rawValue),
+                    ],
+                    timeoutMs: 10000)
+                return
+            }
             let decision = ExecApprovalsPromptPresenter.prompt(request.request)
             try await GatewayConnection.shared.requestVoid(
                 method: .execApprovalResolve,
@@ -57,16 +83,89 @@ final class ExecApprovalsGatewayPrompter {
         }
     }
 
-    private func shouldPresent(request: GatewayApprovalRequest) -> Bool {
+    /// Whether the ask policy requires prompting the user.
+    /// Note: this only determines if a prompt is shown, not whether the action is allowed.
+    /// The security policy (full/deny/allowlist) decides the actual outcome.
+    private static func shouldAsk(security: ExecSecurity, ask: ExecAsk) -> Bool {
+        switch ask {
+        case .always:
+            return true
+        case .onMiss:
+            return security == .allowlist
+        case .off:
+            return false
+        }
+    }
+
+    struct PresentationDecision {
+        /// Whether the ask policy requires prompting the user (not whether the action is allowed).
+        var shouldAsk: Bool
+        /// Whether the prompt can actually be shown (session match, recent activity, etc.).
+        var canPresent: Bool
+        /// The resolved security policy, used to determine allow/deny when no prompt is shown.
+        var security: ExecSecurity
+        /// Fallback security policy when a prompt is needed but can't be presented.
+        var askFallback: ExecSecurity
+        var allowlist: [ExecAllowlistEntry]
+    }
+
+    private func shouldPresent(request: GatewayApprovalRequest) -> PresentationDecision {
         let mode = AppStateStore.shared.connectionMode
         let activeSession = WebChatManager.shared.activeSessionKey?.trimmingCharacters(in: .whitespacesAndNewlines)
         let requestSession = request.request.sessionKey?.trimmingCharacters(in: .whitespacesAndNewlines)
-        return Self.shouldPresent(
+        
+        // Read-only resolve to avoid disk writes on the MainActor
+        let approvals = ExecApprovalsStore.resolveReadOnly(agentId: request.request.agentId)
+        let security = approvals.agent.security
+        let ask = approvals.agent.ask
+        
+        let shouldAsk = Self.shouldAsk(security: security, ask: ask)
+        
+        let canPresent = shouldAsk && Self.shouldPresent(
             mode: mode,
             activeSession: activeSession,
             requestSession: requestSession,
             lastInputSeconds: Self.lastInputSeconds(),
             thresholdSeconds: 120)
+        
+        return PresentationDecision(
+            shouldAsk: shouldAsk,
+            canPresent: canPresent,
+            security: security,
+            askFallback: approvals.agent.askFallback,
+            allowlist: approvals.allowlist)
+    }
+
+    private static func fallbackDecision(
+        request: ExecApprovalPromptRequest,
+        askFallback: ExecSecurity,
+        allowlist: [ExecAllowlistEntry]) -> ExecApprovalDecision
+    {
+        guard askFallback == .allowlist else {
+            return askFallback == .full ? .allowOnce : .deny
+        }
+        let resolution = self.fallbackResolution(for: request)
+        let match = ExecAllowlistMatcher.match(entries: allowlist, resolution: resolution)
+        return match == nil ? .deny : .allowOnce
+    }
+
+    private static func fallbackResolution(for request: ExecApprovalPromptRequest) -> ExecCommandResolution? {
+        let resolvedPath = request.resolvedPath?.trimmingCharacters(in: .whitespacesAndNewlines)
+        let trimmedResolvedPath = (resolvedPath?.isEmpty == false) ? resolvedPath : nil
+        let rawExecutable = self.firstToken(from: request.command) ?? trimmedResolvedPath ?? ""
+        guard !rawExecutable.isEmpty || trimmedResolvedPath != nil else { return nil }
+        let executableName = trimmedResolvedPath.map { URL(fileURLWithPath: $0).lastPathComponent } ?? rawExecutable
+        return ExecCommandResolution(
+            rawExecutable: rawExecutable,
+            resolvedPath: trimmedResolvedPath,
+            executableName: executableName,
+            cwd: request.cwd)
+    }
+
+    private static func firstToken(from command: String) -> String? {
+        let trimmed = command.trimmingCharacters(in: .whitespacesAndNewlines)
+        guard !trimmed.isEmpty else { return nil }
+        return trimmed.split(whereSeparator: { $0.isWhitespace }).first.map(String.init)
     }
 
     private static func shouldPresent(
@@ -117,5 +216,29 @@ extension ExecApprovalsGatewayPrompter {
             lastInputSeconds: lastInputSeconds,
             thresholdSeconds: thresholdSeconds)
     }
+
+    static func _testShouldAsk(security: ExecSecurity, ask: ExecAsk) -> Bool {
+        self.shouldAsk(security: security, ask: ask)
+    }
+
+    static func _testFallbackDecision(
+        command: String,
+        resolvedPath: String?,
+        askFallback: ExecSecurity,
+        allowlistPatterns: [String]) -> ExecApprovalDecision
+    {
+        self.fallbackDecision(
+            request: ExecApprovalPromptRequest(
+                command: command,
+                cwd: nil,
+                host: nil,
+                security: nil,
+                ask: nil,
+                agentId: nil,
+                resolvedPath: resolvedPath,
+                sessionKey: nil),
+            askFallback: askFallback,
+            allowlist: allowlistPatterns.map { ExecAllowlistEntry(pattern: $0) })
+    }
 }
 #endif
diff --git a/apps/macos/Sources/OpenClaw/PortGuardian.swift b/apps/macos/Sources/OpenClaw/PortGuardian.swift
index dfae5c3bcaa..7d8837415ff 100644
--- a/apps/macos/Sources/OpenClaw/PortGuardian.swift
+++ b/apps/macos/Sources/OpenClaw/PortGuardian.swift
@@ -47,7 +47,7 @@ actor PortGuardian {
             let listeners = await self.listeners(on: port)
             guard !listeners.isEmpty else { continue }
             for listener in listeners {
-                if self.isExpected(listener, port: port, mode: mode) {
+                if Self.isExpected(listener, port: port, mode: mode) {
                     let message = """
                     port \(port) already served by expected \(listener.command)
                     (pid \(listener.pid)) — keeping
@@ -55,6 +55,14 @@ actor PortGuardian {
                     self.logger.info("\(message, privacy: .public)")
                     continue
                 }
+                if mode == .remote {
+                    let message = """
+                    port \(port) held by \(listener.command)
+                    (pid \(listener.pid)) in remote mode — not killing
+                    """
+                    self.logger.warning(message)
+                    continue
+                }
                 let killed = await self.kill(listener.pid)
                 if killed {
                     let message = """
@@ -271,8 +279,8 @@ actor PortGuardian {
 
         switch mode {
         case .remote:
-            expectedDesc = "SSH tunnel to remote gateway"
-            okPredicate = { $0.command.lowercased().contains("ssh") }
+            expectedDesc = "Remote gateway (SSH tunnel, Docker, or direct)"
+            okPredicate = { _ in true }
         case .local:
             expectedDesc = "Gateway websocket (node/tsx)"
             okPredicate = { listener in
@@ -352,13 +360,12 @@ actor PortGuardian {
         return sigkill.ok
     }
 
-    private func isExpected(_ listener: Listener, port: Int, mode: AppState.ConnectionMode) -> Bool {
+    private static func isExpected(_ listener: Listener, port: Int, mode: AppState.ConnectionMode) -> Bool {
         let cmd = listener.command.lowercased()
         let full = listener.fullCommand.lowercased()
         switch mode {
         case .remote:
-            // Remote mode expects an SSH tunnel for the gateway WebSocket port.
-            if port == GatewayEnvironment.gatewayPort() { return cmd.contains("ssh") }
+            if port == GatewayEnvironment.gatewayPort() { return true }
             return false
         case .local:
             // The gateway daemon may listen as `openclaw` or as its runtime (`node`, `bun`, etc).
@@ -406,6 +413,16 @@ extension PortGuardian {
         self.parseListeners(from: text).map { ($0.pid, $0.command, $0.fullCommand, $0.user) }
     }
 
+    static func _testIsExpected(
+        command: String,
+        fullCommand: String,
+        port: Int,
+        mode: AppState.ConnectionMode) -> Bool
+    {
+        let listener = Listener(pid: 0, command: command, fullCommand: fullCommand, user: nil)
+        return Self.isExpected(listener, port: port, mode: mode)
+    }
+
     static func _testBuildReport(
         port: Int,
         mode: AppState.ConnectionMode,
diff --git a/apps/macos/Sources/OpenClaw/Resources/Info.plist b/apps/macos/Sources/OpenClaw/Resources/Info.plist
index 218d638a7e5..89ebf70beb4 100644
--- a/apps/macos/Sources/OpenClaw/Resources/Info.plist
+++ b/apps/macos/Sources/OpenClaw/Resources/Info.plist
@@ -15,9 +15,9 @@
     <key>CFBundlePackageType</key>
     <string>APPL</string>
     <key>CFBundleShortVersionString</key>
-    <string>2026.3.13</string>
+    <string>2026.3.14</string>
     <key>CFBundleVersion</key>
-    <string>202603130</string>
+    <string>202603140</string>
     <key>CFBundleIconFile</key>
     <string>OpenClaw</string>
     <key>CFBundleURLTypes</key>
diff --git a/apps/macos/Sources/OpenClaw/RuntimeLocator.swift b/apps/macos/Sources/OpenClaw/RuntimeLocator.swift
index 3112f57879b..6f1ef2b723d 100644
--- a/apps/macos/Sources/OpenClaw/RuntimeLocator.swift
+++ b/apps/macos/Sources/OpenClaw/RuntimeLocator.swift
@@ -54,7 +54,7 @@ enum RuntimeResolutionError: Error {
 
 enum RuntimeLocator {
     private static let logger = Logger(subsystem: "ai.openclaw", category: "runtime")
-    private static let minNode = RuntimeVersion(major: 22, minor: 0, patch: 0)
+    private static let minNode = RuntimeVersion(major: 22, minor: 16, patch: 0)
 
     static func resolve(
         searchPaths: [String] = CommandResolver.preferredPaths()) -> Result<RuntimeResolution, RuntimeResolutionError>
@@ -91,7 +91,7 @@ enum RuntimeLocator {
         switch error {
         case let .notFound(searchPaths):
             [
-                "openclaw needs Node >=22.0.0 but found no runtime.",
+                "openclaw needs Node >=22.16.0 but found no runtime.",
                 "PATH searched: \(searchPaths.joined(separator: ":"))",
                 "Install Node: https://nodejs.org/en/download",
             ].joined(separator: "\n")
@@ -105,7 +105,7 @@ enum RuntimeLocator {
             [
                 "Could not parse \(kind.rawValue) version output \"\(raw)\" from \(path).",
                 "PATH searched: \(searchPaths.joined(separator: ":"))",
-                "Try reinstalling or pinning a supported version (Node >=22.0.0).",
+                "Try reinstalling or pinning a supported version (Node >=22.16.0).",
             ].joined(separator: "\n")
         }
     }
diff --git a/apps/macos/Tests/OpenClawIPCTests/ExecApprovalsGatewayPrompterTests.swift b/apps/macos/Tests/OpenClawIPCTests/ExecApprovalsGatewayPrompterTests.swift
index cd4e234ed66..03b17b42ab2 100644
--- a/apps/macos/Tests/OpenClawIPCTests/ExecApprovalsGatewayPrompterTests.swift
+++ b/apps/macos/Tests/OpenClawIPCTests/ExecApprovalsGatewayPrompterTests.swift
@@ -52,4 +52,51 @@ struct ExecApprovalsGatewayPrompterTests {
             lastInputSeconds: 400)
         #expect(!remote)
     }
+
+    // MARK: - shouldAsk
+
+    @Test func askAlwaysPromptsRegardlessOfSecurity() {
+        #expect(ExecApprovalsGatewayPrompter._testShouldAsk(security: .deny, ask: .always))
+        #expect(ExecApprovalsGatewayPrompter._testShouldAsk(security: .allowlist, ask: .always))
+        #expect(ExecApprovalsGatewayPrompter._testShouldAsk(security: .full, ask: .always))
+    }
+
+    @Test func askOnMissPromptsOnlyForAllowlist() {
+        #expect(ExecApprovalsGatewayPrompter._testShouldAsk(security: .allowlist, ask: .onMiss))
+        #expect(!ExecApprovalsGatewayPrompter._testShouldAsk(security: .deny, ask: .onMiss))
+        #expect(!ExecApprovalsGatewayPrompter._testShouldAsk(security: .full, ask: .onMiss))
+    }
+
+    @Test func askOffNeverPrompts() {
+        #expect(!ExecApprovalsGatewayPrompter._testShouldAsk(security: .deny, ask: .off))
+        #expect(!ExecApprovalsGatewayPrompter._testShouldAsk(security: .allowlist, ask: .off))
+        #expect(!ExecApprovalsGatewayPrompter._testShouldAsk(security: .full, ask: .off))
+    }
+
+    @Test func fallbackAllowlistAllowsMatchingResolvedPath() {
+        let decision = ExecApprovalsGatewayPrompter._testFallbackDecision(
+            command: "git status",
+            resolvedPath: "/usr/bin/git",
+            askFallback: .allowlist,
+            allowlistPatterns: ["/usr/bin/git"])
+        #expect(decision == .allowOnce)
+    }
+
+    @Test func fallbackAllowlistDeniesAllowlistMiss() {
+        let decision = ExecApprovalsGatewayPrompter._testFallbackDecision(
+            command: "git status",
+            resolvedPath: "/usr/bin/git",
+            askFallback: .allowlist,
+            allowlistPatterns: ["/usr/bin/rg"])
+        #expect(decision == .deny)
+    }
+
+    @Test func fallbackFullAllowsWhenPromptCannotBeShown() {
+        let decision = ExecApprovalsGatewayPrompter._testFallbackDecision(
+            command: "git status",
+            resolvedPath: "/usr/bin/git",
+            askFallback: .full,
+            allowlistPatterns: [])
+        #expect(decision == .allowOnce)
+    }
 }
diff --git a/apps/macos/Tests/OpenClawIPCTests/LowCoverageHelperTests.swift b/apps/macos/Tests/OpenClawIPCTests/LowCoverageHelperTests.swift
index c8928978f74..a37135ff490 100644
--- a/apps/macos/Tests/OpenClawIPCTests/LowCoverageHelperTests.swift
+++ b/apps/macos/Tests/OpenClawIPCTests/LowCoverageHelperTests.swift
@@ -139,6 +139,54 @@ struct LowCoverageHelperTests {
         #expect(emptyReport.summary.contains("Nothing is listening"))
     }
 
+    @Test func `port guardian remote mode does not kill docker`() {
+        #expect(PortGuardian._testIsExpected(
+            command: "com.docker.backend",
+            fullCommand: "com.docker.backend",
+            port: 18789, mode: .remote) == true)
+
+        #expect(PortGuardian._testIsExpected(
+            command: "ssh",
+            fullCommand: "ssh -L 18789:localhost:18789 user@host",
+            port: 18789, mode: .remote) == true)
+
+        #expect(PortGuardian._testIsExpected(
+            command: "podman",
+            fullCommand: "podman",
+            port: 18789, mode: .remote) == true)
+    }
+
+    @Test func `port guardian local mode still rejects unexpected`() {
+        #expect(PortGuardian._testIsExpected(
+            command: "com.docker.backend",
+            fullCommand: "com.docker.backend",
+            port: 18789, mode: .local) == false)
+
+        #expect(PortGuardian._testIsExpected(
+            command: "python",
+            fullCommand: "python server.py",
+            port: 18789, mode: .local) == false)
+
+        #expect(PortGuardian._testIsExpected(
+            command: "node",
+            fullCommand: "node /path/to/gateway-daemon",
+            port: 18789, mode: .local) == true)
+    }
+
+    @Test func `port guardian remote mode report accepts any listener`() {
+        let dockerReport = PortGuardian._testBuildReport(
+            port: 18789, mode: .remote,
+            listeners: [(pid: 99, command: "com.docker.backend",
+                         fullCommand: "com.docker.backend", user: "me")])
+        #expect(dockerReport.offenders.isEmpty)
+
+        let localDockerReport = PortGuardian._testBuildReport(
+            port: 18789, mode: .local,
+            listeners: [(pid: 99, command: "com.docker.backend",
+                         fullCommand: "com.docker.backend", user: "me")])
+        #expect(!localDockerReport.offenders.isEmpty)
+    }
+
     @Test @MainActor func `canvas scheme handler resolves files and errors`() throws {
         let root = FileManager().temporaryDirectory
             .appendingPathComponent("canvas-\(UUID().uuidString)", isDirectory: true)
diff --git a/apps/macos/Tests/OpenClawIPCTests/RuntimeLocatorTests.swift b/apps/macos/Tests/OpenClawIPCTests/RuntimeLocatorTests.swift
index 990c033445f..782dbd77212 100644
--- a/apps/macos/Tests/OpenClawIPCTests/RuntimeLocatorTests.swift
+++ b/apps/macos/Tests/OpenClawIPCTests/RuntimeLocatorTests.swift
@@ -16,7 +16,7 @@ struct RuntimeLocatorTests {
     @Test func `resolve succeeds with valid node`() throws {
         let script = """
         #!/bin/sh
-        echo v22.5.0
+        echo v22.16.0
         """
         let node = try self.makeTempExecutable(contents: script)
         let result = RuntimeLocator.resolve(searchPaths: [node.deletingLastPathComponent().path])
@@ -25,7 +25,23 @@ struct RuntimeLocatorTests {
             return
         }
         #expect(res.path == node.path)
-        #expect(res.version == RuntimeVersion(major: 22, minor: 5, patch: 0))
+        #expect(res.version == RuntimeVersion(major: 22, minor: 16, patch: 0))
+    }
+
+    @Test func `resolve fails on boundary below minimum`() throws {
+        let script = """
+        #!/bin/sh
+        echo v22.15.9
+        """
+        let node = try self.makeTempExecutable(contents: script)
+        let result = RuntimeLocator.resolve(searchPaths: [node.deletingLastPathComponent().path])
+        guard case let .failure(.unsupported(_, found, required, path, _)) = result else {
+            Issue.record("Expected unsupported error, got \(result)")
+            return
+        }
+        #expect(found == RuntimeVersion(major: 22, minor: 15, patch: 9))
+        #expect(required == RuntimeVersion(major: 22, minor: 16, patch: 0))
+        #expect(path == node.path)
     }
 
     @Test func `resolve fails when too old`() throws {
@@ -60,7 +76,17 @@ struct RuntimeLocatorTests {
 
     @Test func `describe failure includes paths`() {
         let msg = RuntimeLocator.describeFailure(.notFound(searchPaths: ["/tmp/a", "/tmp/b"]))
+        #expect(msg.contains("Node >=22.16.0"))
         #expect(msg.contains("PATH searched: /tmp/a:/tmp/b"))
+
+        let parseMsg = RuntimeLocator.describeFailure(
+            .versionParse(
+                kind: .node,
+                raw: "garbage",
+                path: "/usr/local/bin/node",
+                searchPaths: ["/usr/local/bin"],
+            ))
+        #expect(parseMsg.contains("Node >=22.16.0"))
     }
 
     @Test func `runtime version parses with leading V and metadata`() {
diff --git a/apps/macos/Tests/OpenClawIPCTests/VoiceWakeRuntimeTests.swift b/apps/macos/Tests/OpenClawIPCTests/VoiceWakeRuntimeTests.swift
index eac7ceea37d..fcf3f3b1158 100644
--- a/apps/macos/Tests/OpenClawIPCTests/VoiceWakeRuntimeTests.swift
+++ b/apps/macos/Tests/OpenClawIPCTests/VoiceWakeRuntimeTests.swift
@@ -74,4 +74,22 @@ struct VoiceWakeRuntimeTests {
         let config = WakeWordGateConfig(triggers: ["openclaw"], minPostTriggerGap: 0.3)
         #expect(WakeWordGate.match(transcript: transcript, segments: segments, config: config)?.command == "do thing")
     }
+
+    @Test func `gate command text handles foreign string ranges`() {
+        let transcript = "hey openclaw do thing"
+        let other = "do thing"
+        let foreignRange = other.range(of: "do")
+        let segments = [
+            WakeWordSegment(text: "hey", start: 0.0, duration: 0.1, range: transcript.range(of: "hey")),
+            WakeWordSegment(text: "openclaw", start: 0.2, duration: 0.1, range: transcript.range(of: "openclaw")),
+            WakeWordSegment(text: "do", start: 0.9, duration: 0.1, range: foreignRange),
+            WakeWordSegment(text: "thing", start: 1.1, duration: 0.1, range: nil),
+        ]
+
+        #expect(
+            WakeWordGate.commandText(
+                transcript: transcript,
+                segments: segments,
+                triggerEndTime: 0.3) == "do thing")
+    }
 }
diff --git a/docs/automation/cron-jobs.md b/docs/automation/cron-jobs.md
index effa8f3ab81..cb27380416b 100644
--- a/docs/automation/cron-jobs.md
+++ b/docs/automation/cron-jobs.md
@@ -25,7 +25,9 @@ Troubleshooting: [/automation/troubleshooting](/automation/troubleshooting)
 - Jobs persist under `~/.openclaw/cron/` so restarts don’t lose schedules.
 - Two execution styles:
   - **Main session**: enqueue a system event, then run on the next heartbeat.
-  - **Isolated**: run a dedicated agent turn in `cron:<jobId>`, with delivery (announce by default or none).
+  - **Isolated**: run a dedicated agent turn in `cron:<jobId>` or a custom session, with delivery (announce by default or none).
+  - **Current session**: bind to the session where the cron is created (`sessionTarget: "current"`).
+  - **Custom session**: run in a persistent named session (`sessionTarget: "session:custom-id"`).
 - Wakeups are first-class: a job can request “wake now” vs “next heartbeat”.
 - Webhook posting is per job via `delivery.mode = "webhook"` + `delivery.to = "<url>"`.
 - Legacy fallback remains for stored jobs with `notify: true` when `cron.webhook` is set, migrate those jobs to webhook delivery mode.
@@ -86,6 +88,14 @@ Think of a cron job as: **when** to run + **what** to do.
 2. **Choose where it runs**
    - `sessionTarget: "main"` → run during the next heartbeat with main context.
    - `sessionTarget: "isolated"` → run a dedicated agent turn in `cron:<jobId>`.
+   - `sessionTarget: "current"` → bind to the current session (resolved at creation time to `session:<sessionKey>`).
+   - `sessionTarget: "session:custom-id"` → run in a persistent named session that maintains context across runs.
+
+   Default behavior (unchanged):
+   - `systemEvent` payloads default to `main`
+   - `agentTurn` payloads default to `isolated`
+
+   To use current session binding, explicitly set `sessionTarget: "current"`.
 
 3. **Choose the payload**
    - Main session → `payload.kind = "systemEvent"`
@@ -147,12 +157,13 @@ See [Heartbeat](/gateway/heartbeat).
 
 #### Isolated jobs (dedicated cron sessions)
 
-Isolated jobs run a dedicated agent turn in session `cron:<jobId>`.
+Isolated jobs run a dedicated agent turn in session `cron:<jobId>` or a custom session.
 
 Key behaviors:
 
 - Prompt is prefixed with `[cron:<jobId> <job name>]` for traceability.
-- Each run starts a **fresh session id** (no prior conversation carry-over).
+- Each run starts a **fresh session id** (no prior conversation carry-over), unless using a custom session.
+- Custom sessions (`session:xxx`) persist context across runs, enabling workflows like daily standups that build on previous summaries.
 - Default behavior: if `delivery` is omitted, isolated jobs announce a summary (`delivery.mode = "announce"`).
 - `delivery.mode` chooses what happens:
   - `announce`: deliver a summary to the target channel and post a brief summary to the main session.
@@ -321,12 +332,42 @@ Recurring, isolated job with delivery:
 }
 ```
 
+Recurring job bound to current session (auto-resolved at creation):
+
+```json
+{
+  "name": "Daily standup",
+  "schedule": { "kind": "cron", "expr": "0 9 * * *" },
+  "sessionTarget": "current",
+  "payload": {
+    "kind": "agentTurn",
+    "message": "Summarize yesterday's progress."
+  }
+}
+```
+
+Recurring job in a custom persistent session:
+
+```json
+{
+  "name": "Project monitor",
+  "schedule": { "kind": "every", "everyMs": 300000 },
+  "sessionTarget": "session:project-alpha-monitor",
+  "payload": {
+    "kind": "agentTurn",
+    "message": "Check project status and update the running log."
+  }
+}
+```
+
 Notes:
 
 - `schedule.kind`: `at` (`at`), `every` (`everyMs`), or `cron` (`expr`, optional `tz`).
 - `schedule.at` accepts ISO 8601 (timezone optional; treated as UTC when omitted).
 - `everyMs` is milliseconds.
-- `sessionTarget` must be `"main"` or `"isolated"` and must match `payload.kind`.
+- `sessionTarget`: `"main"`, `"isolated"`, `"current"`, or `"session:<custom-id>"`.
+- `"current"` is resolved to `"session:<sessionKey>"` at creation time.
+- Custom sessions (`session:xxx`) maintain persistent context across runs.
 - Optional fields: `agentId`, `description`, `enabled`, `deleteAfterRun` (defaults to true for `at`),
   `delivery`.
 - `wakeMode` defaults to `"now"` when omitted.
diff --git a/docs/automation/cron-vs-heartbeat.md b/docs/automation/cron-vs-heartbeat.md
index 9676d960d23..09f9187c368 100644
--- a/docs/automation/cron-vs-heartbeat.md
+++ b/docs/automation/cron-vs-heartbeat.md
@@ -219,13 +219,13 @@ See [Lobster](/tools/lobster) for full usage and examples.
 
 Both heartbeat and cron can interact with the main session, but differently:
 
-|         | Heartbeat                       | Cron (main)              | Cron (isolated)            |
-| ------- | ------------------------------- | ------------------------ | -------------------------- |
-| Session | Main                            | Main (via system event)  | `cron:<jobId>`             |
-| History | Shared                          | Shared                   | Fresh each run             |
-| Context | Full                            | Full                     | None (starts clean)        |
-| Model   | Main session model              | Main session model       | Can override               |
-| Output  | Delivered if not `HEARTBEAT_OK` | Heartbeat prompt + event | Announce summary (default) |
+|         | Heartbeat                       | Cron (main)              | Cron (isolated)                                 |
+| ------- | ------------------------------- | ------------------------ | ----------------------------------------------- |
+| Session | Main                            | Main (via system event)  | `cron:<jobId>` or custom session                |
+| History | Shared                          | Shared                   | Fresh each run (isolated) / Persistent (custom) |
+| Context | Full                            | Full                     | None (isolated) / Cumulative (custom)           |
+| Model   | Main session model              | Main session model       | Can override                                    |
+| Output  | Delivered if not `HEARTBEAT_OK` | Heartbeat prompt + event | Announce summary (default)                      |
 
 ### When to use main session cron
 
diff --git a/docs/channels/telegram.md b/docs/channels/telegram.md
index a0c679988d3..37be3bf1111 100644
--- a/docs/channels/telegram.md
+++ b/docs/channels/telegram.md
@@ -782,6 +782,11 @@ openclaw message poll --channel telegram --target -1001234567890:topic:42 \
     - `--poll-public`
     - `--thread-id` for forum topics (or use a `:topic:` target)
 
+    Telegram send also supports:
+
+    - `--buttons` for inline keyboards when `channels.telegram.capabilities.inlineButtons` allows it
+    - `--force-document` to send outbound images and GIFs as documents instead of compressed photo or animated-media uploads
+
     Action gating:
 
     - `channels.telegram.actions.sendMessage=false` disables outbound Telegram messages, including polls
diff --git a/docs/cli/browser.md b/docs/cli/browser.md
index 8e0ddad92ef..f9ddc151717 100644
--- a/docs/cli/browser.md
+++ b/docs/cli/browser.md
@@ -27,7 +27,7 @@ Related:
 ## Quick start (local)
 
 ```bash
-openclaw browser --browser-profile chrome tabs
+openclaw browser profiles
 openclaw browser --browser-profile openclaw start
 openclaw browser --browser-profile openclaw open https://example.com
 openclaw browser --browser-profile openclaw snapshot
@@ -38,7 +38,8 @@ openclaw browser --browser-profile openclaw snapshot
 Profiles are named browser routing configs. In practice:
 
 - `openclaw`: launches/attaches to a dedicated OpenClaw-managed Chrome instance (isolated user data dir).
-- `chrome`: controls your existing Chrome tab(s) via the Chrome extension relay.
+- `user`: controls your existing signed-in Chrome session via Chrome DevTools MCP.
+- `chrome-relay`: controls your existing Chrome tab(s) via the Chrome extension relay.
 
 ```bash
 openclaw browser profiles
diff --git a/docs/cli/gateway.md b/docs/cli/gateway.md
index 95c20e3aa7c..16b05baefce 100644
--- a/docs/cli/gateway.md
+++ b/docs/cli/gateway.md
@@ -95,6 +95,7 @@ openclaw gateway health --url ws://127.0.0.1:18789
 ```bash
 openclaw gateway status
 openclaw gateway status --json
+openclaw gateway status --require-rpc
 ```
 
 Options:
@@ -105,11 +106,13 @@ Options:
 - `--timeout <ms>`: probe timeout (default `10000`).
 - `--no-probe`: skip the RPC probe (service-only view).
 - `--deep`: scan system-level services too.
+- `--require-rpc`: exit non-zero when the RPC probe fails. Cannot be combined with `--no-probe`.
 
 Notes:
 
 - `gateway status` resolves configured auth SecretRefs for probe auth when possible.
 - If a required auth SecretRef is unresolved in this command path, probe auth can fail; pass `--token`/`--password` explicitly or resolve the secret source first.
+- Use `--require-rpc` in scripts and automation when a listening service is not enough and you need the Gateway RPC itself to be healthy.
 - On Linux systemd installs, service auth drift checks read both `Environment=` and `EnvironmentFile=` values from the unit (including `%h`, quoted paths, multiple files, and optional `-` files).
 
 ### `gateway probe`
@@ -126,6 +129,23 @@ openclaw gateway probe
 openclaw gateway probe --json
 ```
 
+Interpretation:
+
+- `Reachable: yes` means at least one target accepted a WebSocket connect.
+- `RPC: ok` means detail RPC calls (`health`/`status`/`system-presence`/`config.get`) also succeeded.
+- `RPC: limited - missing scope: operator.read` means connect succeeded but detail RPC is scope-limited. This is reported as **degraded** reachability, not full failure.
+- Exit code is non-zero only when no probed target is reachable.
+
+JSON notes (`--json`):
+
+- Top level:
+  - `ok`: at least one target is reachable.
+  - `degraded`: at least one target had scope-limited detail RPC.
+- Per target (`targets[].connect`):
+  - `ok`: reachability after connect + degraded classification.
+  - `rpcOk`: full detail RPC success.
+  - `scopeLimited`: detail RPC failed due to missing operator scope.
+
 #### Remote over SSH (Mac app parity)
 
 The macOS app “Remote over SSH” mode uses a local port-forward so the remote gateway (which may be bound to loopback only) becomes reachable at `ws://127.0.0.1:<port>`.
diff --git a/docs/cli/index.md b/docs/cli/index.md
index 2796e7927d2..ddedc7ca1aa 100644
--- a/docs/cli/index.md
+++ b/docs/cli/index.md
@@ -780,7 +780,7 @@ Subcommands:
 Notes:
 
 - `gateway status` probes the Gateway RPC by default using the service’s resolved port/config (override with `--url/--token/--password`).
-- `gateway status` supports `--no-probe`, `--deep`, and `--json` for scripting.
+- `gateway status` supports `--no-probe`, `--deep`, `--require-rpc`, and `--json` for scripting.
 - `gateway status` also surfaces legacy or extra gateway services when it can detect them (`--deep` adds system-level scans). Profile-named OpenClaw services are treated as first-class and aren't flagged as "extra".
 - `gateway status` prints which config path the CLI uses vs which config the service likely uses (service env), plus the resolved probe target URL.
 - On Linux systemd installs, status token-drift checks include both `Environment=` and `EnvironmentFile=` unit sources.
diff --git a/docs/cli/message.md b/docs/cli/message.md
index 195e884a01d..1633554f316 100644
--- a/docs/cli/message.md
+++ b/docs/cli/message.md
@@ -59,6 +59,7 @@ Name lookup:
   - Required: `--target`, plus `--message` or `--media`
   - Optional: `--media`, `--reply-to`, `--thread-id`, `--gif-playback`
   - Telegram only: `--buttons` (requires `channels.telegram.capabilities.inlineButtons` to allow it)
+  - Telegram only: `--force-document` (send images and GIFs as documents to avoid Telegram compression)
   - Telegram only: `--thread-id` (forum topic id)
   - Slack only: `--thread-id` (thread timestamp; `--reply-to` uses the same field)
   - WhatsApp only: `--gif-playback`
@@ -258,3 +259,10 @@ Send Telegram inline buttons:
 openclaw message send --channel telegram --target @mychat --message "Choose:" \
   --buttons '[ [{"text":"Yes","callback_data":"cmd:yes"}], [{"text":"No","callback_data":"cmd:no"}] ]'
 ```
+
+Send a Telegram image as a document to avoid compression:
+
+```bash
+openclaw message send --channel telegram --target @mychat \
+  --media ./diagram.png --force-document
+```
diff --git a/docs/concepts/memory.md b/docs/concepts/memory.md
index 8ed755b394c..2649125dc45 100644
--- a/docs/concepts/memory.md
+++ b/docs/concepts/memory.md
@@ -23,6 +23,8 @@ The default workspace layout uses two memory layers:
   - Read today + yesterday at session start.
 - `MEMORY.md` (optional)
   - Curated long-term memory.
+  - If both `MEMORY.md` and `memory.md` exist at the workspace root, OpenClaw only loads `MEMORY.md`.
+  - Lowercase `memory.md` is only used as a fallback when `MEMORY.md` is absent.
   - **Only load in the main, private session** (never in group contexts).
 
 These files live under the workspace (`agents.defaults.workspace`, default
diff --git a/docs/concepts/session.md b/docs/concepts/session.md
index 2a58c15cb4d..2f00325b730 100644
--- a/docs/concepts/session.md
+++ b/docs/concepts/session.md
@@ -200,7 +200,7 @@ the workspace is writable. See [Memory](/concepts/memory) and
   - Legacy `group:<id>` keys are still recognized for migration.
 - Inbound contexts may still use `group:<id>`; the channel is inferred from `Provider` and normalized to the canonical `agent:<agentId>:<channel>:group:<id>` form.
 - Other sources:
-  - Cron jobs: `cron:<job.id>`
+  - Cron jobs: `cron:<job.id>` (isolated) or custom `session:<custom-id>` (persistent)
   - Webhooks: `hook:<uuid>` (unless explicitly set by the hook)
   - Node runs: `node-<nodeId>`
 
diff --git a/docs/docs.json b/docs/docs.json
index 402d56aa380..07a88de39f7 100644
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -1009,7 +1009,8 @@
                   "tools/loop-detection",
                   "tools/reactions",
                   "tools/thinking",
-                  "tools/web"
+                  "tools/web",
+                  "tools/btw"
                 ]
               },
               {
diff --git a/docs/gateway/configuration-reference.md b/docs/gateway/configuration-reference.md
index b4a697d5a5a..658a3084437 100644
--- a/docs/gateway/configuration-reference.md
+++ b/docs/gateway/configuration-reference.md
@@ -2342,7 +2342,7 @@ See [Plugins](/tools/plugin).
   browser: {
     enabled: true,
     evaluateEnabled: true,
-    defaultProfile: "chrome",
+    defaultProfile: "user",
     ssrfPolicy: {
       dangerouslyAllowPrivateNetwork: true, // default trusted-network mode
       // allowPrivateNetwork: true, // legacy alias
diff --git a/docs/gateway/troubleshooting.md b/docs/gateway/troubleshooting.md
index ebea28a6541..f5829454e57 100644
--- a/docs/gateway/troubleshooting.md
+++ b/docs/gateway/troubleshooting.md
@@ -289,7 +289,7 @@ Look for:
 
 - Valid browser executable path.
 - CDP profile reachability.
-- Extension relay tab attachment for `profile="chrome"`.
+- Extension relay tab attachment for `profile="chrome-relay"`.
 
 Common signatures:
 
diff --git a/docs/help/faq.md b/docs/help/faq.md
index 37f5f96c815..236097634c1 100644
--- a/docs/help/faq.md
+++ b/docs/help/faq.md
@@ -1358,7 +1358,8 @@ Your **workspace** (AGENTS.md, memory files, skills, etc.) is separate and confi
 These files live in the **agent workspace**, not `~/.openclaw`.
 
 - **Workspace (per agent)**: `AGENTS.md`, `SOUL.md`, `IDENTITY.md`, `USER.md`,
-  `MEMORY.md` (or `memory.md`), `memory/YYYY-MM-DD.md`, optional `HEARTBEAT.md`.
+  `MEMORY.md` (or legacy fallback `memory.md` when `MEMORY.md` is absent),
+  `memory/YYYY-MM-DD.md`, optional `HEARTBEAT.md`.
 - **State dir (`~/.openclaw`)**: config, credentials, auth profiles, sessions, logs,
   and shared skills (`~/.openclaw/skills`).
 
diff --git a/docs/help/troubleshooting.md b/docs/help/troubleshooting.md
index 951e1a480d7..a3988c4ea58 100644
--- a/docs/help/troubleshooting.md
+++ b/docs/help/troubleshooting.md
@@ -28,7 +28,7 @@ Good output in one line:
 
 - `openclaw status` → shows configured channels and no obvious auth errors.
 - `openclaw status --all` → full report is present and shareable.
-- `openclaw gateway probe` → expected gateway target is reachable.
+- `openclaw gateway probe` → expected gateway target is reachable (`Reachable: yes`). `RPC: limited - missing scope: operator.read` is degraded diagnostics, not a connect failure.
 - `openclaw gateway status` → `Runtime: running` and `RPC probe: ok`.
 - `openclaw doctor` → no blocking config/service errors.
 - `openclaw channels status --probe` → channels report `connected` or `ready`.
diff --git a/docs/providers/glm.md b/docs/providers/glm.md
index f65ea81f9da..64fe39a42df 100644
--- a/docs/providers/glm.md
+++ b/docs/providers/glm.md
@@ -14,7 +14,17 @@ models are accessed via the `zai` provider and model IDs like `zai/glm-5`.
 ## CLI setup
 
 ```bash
-openclaw onboard --auth-choice zai-api-key
+# Coding Plan Global, recommended for Coding Plan users
+openclaw onboard --auth-choice zai-coding-global
+
+# Coding Plan CN (China region), recommended for Coding Plan users
+openclaw onboard --auth-choice zai-coding-cn
+
+# General API
+openclaw onboard --auth-choice zai-global
+
+# General API CN (China region)
+openclaw onboard --auth-choice zai-cn
 ```
 
 ## Config snippet
diff --git a/docs/providers/zai.md b/docs/providers/zai.md
index 93313acba3f..6f3aea27020 100644
--- a/docs/providers/zai.md
+++ b/docs/providers/zai.md
@@ -15,9 +15,17 @@ with a Z.AI API key.
 ## CLI setup
 
 ```bash
-openclaw onboard --auth-choice zai-api-key
-# or non-interactive
-openclaw onboard --zai-api-key "$ZAI_API_KEY"
+# Coding Plan Global, recommended for Coding Plan users
+openclaw onboard --auth-choice zai-coding-global
+
+# Coding Plan CN (China region), recommended for Coding Plan users
+openclaw onboard --auth-choice zai-coding-cn
+
+# General API
+openclaw onboard --auth-choice zai-global
+
+# General API CN (China region)
+openclaw onboard --auth-choice zai-cn
 ```
 
 ## Config snippet
diff --git a/docs/reference/AGENTS.default.md b/docs/reference/AGENTS.default.md
index 6e2869403f5..7427f53c071 100644
--- a/docs/reference/AGENTS.default.md
+++ b/docs/reference/AGENTS.default.md
@@ -48,7 +48,8 @@ cp docs/reference/AGENTS.default.md ~/.openclaw/workspace/AGENTS.md
 
 ## Session start (required)
 
-- Read `SOUL.md`, `USER.md`, `memory.md`, and today+yesterday in `memory/`.
+- Read `SOUL.md`, `USER.md`, and today+yesterday in `memory/`.
+- Read `MEMORY.md` when present; only fall back to lowercase `memory.md` when `MEMORY.md` is absent.
 - Do it before responding.
 
 ## Soul (required)
@@ -65,8 +66,9 @@ cp docs/reference/AGENTS.default.md ~/.openclaw/workspace/AGENTS.md
 ## Memory system (recommended)
 
 - Daily log: `memory/YYYY-MM-DD.md` (create `memory/` if needed).
-- Long-term memory: `memory.md` for durable facts, preferences, and decisions.
-- On session start, read today + yesterday + `memory.md` if present.
+- Long-term memory: `MEMORY.md` for durable facts, preferences, and decisions.
+- Lowercase `memory.md` is legacy fallback only; do not keep both root files on purpose.
+- On session start, read today + yesterday + `MEMORY.md` when present, otherwise `memory.md`.
 - Capture: decisions, preferences, constraints, open loops.
 - Avoid secrets unless explicitly requested.
 
diff --git a/docs/reference/RELEASING.md b/docs/reference/RELEASING.md
index f929d16e5f7..9100968550a 100644
--- a/docs/reference/RELEASING.md
+++ b/docs/reference/RELEASING.md
@@ -29,6 +29,10 @@ Current OpenClaw releases use date-based versioning.
 - Beta prerelease version: `YYYY.M.D-beta.N`
   - Git tag: `vYYYY.M.D-beta.N`
   - Examples from repo history: `v2026.2.15-beta.1`, `v2026.3.8-beta.1`
+- Fallback correction tag: `vYYYY.M.D-N`
+  - Use only as a last-resort recovery tag when a published immutable release burned the original stable tag and you cannot reuse it.
+  - The npm package version stays `YYYY.M.D`; the `-N` suffix is only for the git tag and GitHub release.
+  - Prefer betas for normal pre-release iteration, then cut a clean stable tag once ready.
 - Use the same version string everywhere, minus the leading `v` where Git tags are not used:
   - `package.json`: `2026.3.8`
   - Git tag: `v2026.3.8`
@@ -38,12 +42,12 @@ Current OpenClaw releases use date-based versioning.
   - `latest` = stable
   - `beta` = prerelease/testing
 - Dev is the moving head of `main`, not a normal git-tagged release.
-- The release workflow enforces the current stable/beta tag formats and rejects versions whose CalVer date is more than 2 UTC calendar days away from the release date.
+- The tag-triggered preview run accepts stable, beta, and fallback correction tags, and rejects versions whose CalVer date is more than 2 UTC calendar days away from the release date.
 
 Historical note:
 
 - Older tags such as `v2026.1.11-1`, `v2026.2.6-3`, and `v2.0.0-beta2` exist in repo history.
-- Treat those as legacy tag patterns. New releases should use `vYYYY.M.D` for stable and `vYYYY.M.D-beta.N` for beta.
+- Treat correction tags as a fallback-only escape hatch. New releases should still use `vYYYY.M.D` for stable and `vYYYY.M.D-beta.N` for beta.
 
 1. **Version & metadata**
 
@@ -94,10 +98,14 @@ Historical note:
 
 - [ ] Confirm git status is clean; commit and push as needed.
 - [ ] Confirm npm trusted publishing is configured for the `openclaw` package.
-- [ ] Push the matching git tag to trigger `.github/workflows/openclaw-npm-release.yml`.
+- [ ] Do not rely on an `NPM_TOKEN` secret for this workflow; the publish job uses GitHub OIDC trusted publishing.
+- [ ] Push the matching git tag to trigger the preview run in `.github/workflows/openclaw-npm-release.yml`.
+- [ ] Run `OpenClaw NPM Release` manually with the same tag to publish after `npm-release` environment approval.
   - Stable tags publish to npm `latest`.
   - Beta tags publish to npm `beta`.
-  - The workflow rejects tags that do not match `package.json`, are not on `main`, or whose CalVer date is more than 2 UTC calendar days away from the release date.
+  - Fallback correction tags like `v2026.3.13-1` map to npm version `2026.3.13`.
+  - Both the preview run and the manual publish run reject tags that do not map back to `package.json`, are not on `main`, or whose CalVer date is more than 2 UTC calendar days away from the release date.
+  - If `openclaw@YYYY.M.D` is already published, a fallback correction tag is still useful for GitHub release and Docker recovery, but npm publish will not republish that version.
 - [ ] Verify the registry: `npm view openclaw version`, `npm view openclaw dist-tags`, and `npx -y openclaw@X.Y.Z --version` (or `--help`).
 
 ### Troubleshooting (notes from 2.0.0-beta2 release)
@@ -107,8 +115,9 @@ Historical note:
   - `NPM_CONFIG_AUTH_TYPE=legacy npm dist-tag add openclaw@X.Y.Z latest`
 - **`npx` verification fails with `ECOMPROMISED: Lock compromised`**: retry with a fresh cache:
   - `NPM_CONFIG_CACHE=/tmp/npm-cache-$(date +%s) npx -y openclaw@X.Y.Z --version`
-- **Tag needs repointing after a late fix**: force-update and push the tag, then ensure the GitHub release assets still match:
-  - `git tag -f vX.Y.Z && git push -f origin vX.Y.Z`
+- **Tag needs recovery after a late fix**: if the original stable tag is tied to an immutable GitHub release, mint a fallback correction tag like `vX.Y.Z-1` instead of trying to force-update `vX.Y.Z`.
+  - Keep the npm package version at `X.Y.Z`; the correction suffix is for the git tag and GitHub release only.
+  - Use this only as a last resort. For normal iteration, prefer beta tags and then cut a clean stable release.
 
 7. **GitHub release + appcast**
 
diff --git a/docs/tools/browser-linux-troubleshooting.md b/docs/tools/browser-linux-troubleshooting.md
index 01e6cbc3ff9..1ab51657044 100644
--- a/docs/tools/browser-linux-troubleshooting.md
+++ b/docs/tools/browser-linux-troubleshooting.md
@@ -123,7 +123,7 @@ curl -s http://127.0.0.1:18791/tabs
 
 ### Problem: "Chrome extension relay is running, but no tab is connected"
 
-You’re using the `chrome` profile (extension relay). It expects the OpenClaw
+You’re using the `chrome-relay` profile (extension relay). It expects the OpenClaw
 browser extension to be attached to a live tab.
 
 Fix options:
@@ -135,5 +135,5 @@ Fix options:
 
 Notes:
 
-- The `chrome` profile uses your **system default Chromium browser** when possible.
+- The `chrome-relay` profile uses your **system default Chromium browser** when possible.
 - Local `openclaw` profiles auto-assign `cdpPort`/`cdpUrl`; only set those for remote CDP.
diff --git a/docs/tools/browser-login.md b/docs/tools/browser-login.md
index 910c21ca218..d570b3b2e87 100644
--- a/docs/tools/browser-login.md
+++ b/docs/tools/browser-login.md
@@ -20,6 +20,13 @@ Back to the main browser docs: [Browser](/tools/browser).
 
 OpenClaw controls a **dedicated Chrome profile** (named `openclaw`, orange‑tinted UI). This is separate from your daily browser profile.
 
+For agent browser tool calls:
+
+- Default choice: the agent should use its isolated `openclaw` browser.
+- Use `profile="user"` only when existing logged-in sessions matter and the user is at the computer to click/approve any attach prompt.
+- Use `profile="chrome-relay"` only for the Chrome extension / toolbar-button attach flow.
+- If you have multiple user-browser profiles, specify the profile explicitly instead of guessing.
+
 Two easy ways to access it:
 
 1. **Ask the agent to open the browser** and then log in yourself.
diff --git a/docs/tools/browser-wsl2-windows-remote-cdp-troubleshooting.md b/docs/tools/browser-wsl2-windows-remote-cdp-troubleshooting.md
index d63bb891c48..2e7844860aa 100644
--- a/docs/tools/browser-wsl2-windows-remote-cdp-troubleshooting.md
+++ b/docs/tools/browser-wsl2-windows-remote-cdp-troubleshooting.md
@@ -33,7 +33,7 @@ Choose this when:
 
 ### Option 2: Chrome extension relay
 
-Use the built-in `chrome` profile plus the OpenClaw Chrome extension.
+Use the built-in `chrome-relay` profile plus the OpenClaw Chrome extension.
 
 Choose this when:
 
@@ -155,7 +155,7 @@ Example:
 {
   browser: {
     enabled: true,
-    defaultProfile: "chrome",
+    defaultProfile: "chrome-relay",
     relayBindHost: "0.0.0.0",
   },
 }
@@ -197,7 +197,7 @@ openclaw browser tabs --browser-profile remote
 For the extension relay:
 
 ```bash
-openclaw browser tabs --browser-profile chrome
+openclaw browser tabs --browser-profile chrome-relay
 ```
 
 Good result:
diff --git a/docs/tools/browser.md b/docs/tools/browser.md
index 8a7abe93209..ebe352036c5 100644
--- a/docs/tools/browser.md
+++ b/docs/tools/browser.md
@@ -18,8 +18,8 @@ Beginner view:
 - Think of it as a **separate, agent-only browser**.
 - The `openclaw` profile does **not** touch your personal browser profile.
 - The agent can **open tabs, read pages, click, and type** in a safe lane.
-- The default `chrome` profile uses the **system default Chromium browser** via the
-  extension relay; switch to `openclaw` for the isolated managed browser.
+- The built-in `user` profile attaches to your real signed-in Chrome session;
+  `chrome-relay` is the explicit extension-relay profile.
 
 ## What you get
 
@@ -43,13 +43,22 @@ openclaw browser --browser-profile openclaw snapshot
 If you get “Browser disabled”, enable it in config (see below) and restart the
 Gateway.
 
-## Profiles: `openclaw` vs `chrome`
+## Profiles: `openclaw` vs `user` vs `chrome-relay`
 
 - `openclaw`: managed, isolated browser (no extension required).
-- `chrome`: extension relay to your **system browser** (requires the OpenClaw
-  extension to be attached to a tab).
-- `existing-session`: official Chrome MCP attach flow for a running Chrome
-  profile.
+- `user`: built-in Chrome MCP attach profile for your **real signed-in Chrome**
+  session.
+- `chrome-relay`: extension relay to your **system browser** (requires the
+  OpenClaw extension to be attached to a tab).
+
+For agent browser tool calls:
+
+- Default: use the isolated `openclaw` browser.
+- Prefer `profile="user"` when existing logged-in sessions matter and the user
+  is at the computer to click/approve any attach prompt.
+- Use `profile="chrome-relay"` only when the user explicitly wants the Chrome
+  extension / toolbar-button attach flow.
+- `profile` is the explicit override when you want a specific browser mode.
 
 Set `browser.defaultProfile: "openclaw"` if you want managed mode by default.
 
@@ -70,7 +79,7 @@ Browser settings live in `~/.openclaw/openclaw.json`.
     // cdpUrl: "http://127.0.0.1:18792", // legacy single-profile override
     remoteCdpTimeoutMs: 1500, // remote CDP HTTP timeout (ms)
     remoteCdpHandshakeTimeoutMs: 3000, // remote CDP WebSocket handshake timeout (ms)
-    defaultProfile: "chrome",
+    defaultProfile: "openclaw",
     color: "#FF4500",
     headless: false,
     noSandbox: false,
@@ -79,12 +88,16 @@ Browser settings live in `~/.openclaw/openclaw.json`.
     profiles: {
       openclaw: { cdpPort: 18800, color: "#FF4500" },
       work: { cdpPort: 18801, color: "#0066CC" },
-      chromeLive: {
-        cdpPort: 18802,
+      user: {
         driver: "existing-session",
         attachOnly: true,
         color: "#00AA00",
       },
+      "chrome-relay": {
+        driver: "extension",
+        cdpUrl: "http://127.0.0.1:18792",
+        color: "#00AA00",
+      },
       remote: { cdpUrl: "http://10.0.0.42:9222", color: "#00AA00" },
     },
   },
@@ -105,7 +118,7 @@ Notes:
 - `browser.ssrfPolicy.allowPrivateNetwork` remains supported as a legacy alias for compatibility.
 - `attachOnly: true` means “never launch a local browser; only attach if it is already running.”
 - `color` + per-profile `color` tint the browser UI so you can see which profile is active.
-- Default profile is `openclaw` (OpenClaw-managed standalone browser). Use `defaultProfile: "chrome"` to opt into the Chrome extension relay.
+- Default profile is `openclaw` (OpenClaw-managed standalone browser). Use `defaultProfile: "user"` to opt into the signed-in user browser, or `defaultProfile: "chrome-relay"` for the extension relay.
 - Auto-detect order: system default browser if Chromium-based; otherwise Chrome → Brave → Edge → Chromium → Chrome Canary.
 - Local `openclaw` profiles auto-assign `cdpPort`/`cdpUrl` — set those only for remote CDP.
 - `driver: "existing-session"` uses Chrome DevTools MCP instead of raw CDP. Do
@@ -279,7 +292,7 @@ OpenClaw supports multiple named profiles (routing configs). Profiles can be:
 Defaults:
 
 - The `openclaw` profile is auto-created if missing.
-- The `chrome` profile is built-in for the Chrome extension relay (points at `http://127.0.0.1:18792` by default).
+- The `chrome-relay` profile is built-in for the Chrome extension relay (points at `http://127.0.0.1:18792` by default).
 - Existing-session profiles are opt-in; create them with `--driver existing-session`.
 - Local CDP ports allocate from **18800–18899** by default.
 - Deleting a profile moves its local data directory to Trash.
@@ -323,8 +336,8 @@ openclaw browser extension install
 
 2. Use it:
 
-- CLI: `openclaw browser --browser-profile chrome tabs`
-- Agent tool: `browser` with `profile="chrome"`
+- CLI: `openclaw browser --browser-profile chrome-relay tabs`
+- Agent tool: `browser` with `profile="chrome-relay"`
 
 Optional: if you want a different name or relay port, create your own profile:
 
@@ -340,6 +353,9 @@ Notes:
 
 - This mode relies on Playwright-on-CDP for most operations (screenshots/snapshots/actions).
 - Detach by clicking the extension icon again.
+- Agent use: prefer `profile="user"` for logged-in sites. Use `profile="chrome-relay"`
+  only when you specifically want the extension flow. The user must be present
+  to click the extension and attach the tab.
 
 ## Chrome existing-session via MCP
 
@@ -352,14 +368,12 @@ Official background and setup references:
 - [Chrome for Developers: Use Chrome DevTools MCP with your browser session](https://developer.chrome.com/blog/chrome-devtools-mcp-debug-your-browser-session)
 - [Chrome DevTools MCP README](https://github.com/ChromeDevTools/chrome-devtools-mcp)
 
-Create a profile:
+Built-in profile:
 
-```bash
-openclaw browser create-profile \
-  --name chrome-live \
-  --driver existing-session \
-  --color "#00AA00"
-```
+- `user`
+
+Optional: create your own custom existing-session profile if you want a
+different name or color.
 
 Then in Chrome:
 
@@ -370,15 +384,16 @@ Then in Chrome:
 Live attach smoke test:
 
 ```bash
-openclaw browser --browser-profile chrome-live start
-openclaw browser --browser-profile chrome-live status
-openclaw browser --browser-profile chrome-live tabs
-openclaw browser --browser-profile chrome-live snapshot --format ai
+openclaw browser --browser-profile user start
+openclaw browser --browser-profile user status
+openclaw browser --browser-profile user tabs
+openclaw browser --browser-profile user snapshot --format ai
 ```
 
 What success looks like:
 
 - `status` shows `driver: existing-session`
+- `status` shows `transport: chrome-mcp`
 - `status` shows `running: true`
 - `tabs` lists your already-open Chrome tabs
 - `snapshot` returns refs from the selected live tab
@@ -388,6 +403,15 @@ What to check if attach does not work:
 - Chrome is version `144+`
 - remote debugging is enabled at `chrome://inspect/#remote-debugging`
 - Chrome showed and you accepted the attach consent prompt
+
+Agent use:
+
+- Use `profile="user"` when you need the user’s logged-in browser state.
+- If you use a custom existing-session profile, pass that explicit profile name.
+- Prefer `profile="user"` over `profile="chrome-relay"` unless the user
+  explicitly wants the extension / attach-tab flow.
+- Only choose this mode when the user is at the computer to approve the attach
+  prompt.
 - the Gateway or node host can spawn `npx chrome-devtools-mcp@latest --autoConnect`
 
 Notes:
@@ -398,6 +422,10 @@ Notes:
   session only.
 - OpenClaw uses the official Chrome DevTools MCP `--autoConnect` flow here, not
   the legacy default-profile remote debugging port workflow.
+- Existing-session screenshots support page captures and `--ref` element
+  captures from snapshots, but not CSS `--element` selectors.
+- Existing-session `wait --url` supports exact, substring, and glob patterns
+  like other browser drivers. `wait --load networkidle` is not supported yet.
 - Some features still require the extension relay or managed browser path, such
   as PDF export and download interception.
 - Leave the relay loopback-only by default. If the relay must be reachable from a different network namespace (for example Gateway in WSL2, Chrome on Windows), set `browser.relayBindHost` to an explicit bind address such as `0.0.0.0` while keeping the surrounding network private and authenticated.
@@ -409,7 +437,7 @@ WSL2 / cross-namespace example:
   browser: {
     enabled: true,
     relayBindHost: "0.0.0.0",
-    defaultProfile: "chrome",
+    defaultProfile: "chrome-relay",
   },
 }
 ```
diff --git a/docs/tools/btw.md b/docs/tools/btw.md
new file mode 100644
index 00000000000..38a30fcec77
--- /dev/null
+++ b/docs/tools/btw.md
@@ -0,0 +1,142 @@
+---
+summary: "Ephemeral side questions with /btw"
+read_when:
+  - You want to ask a quick side question about the current session
+  - You are implementing or debugging BTW behavior across clients
+title: "BTW Side Questions"
+---
+
+# BTW Side Questions
+
+`/btw` lets you ask a quick side question about the **current session** without
+turning that question into normal conversation history.
+
+It is modeled after Claude Code's `/btw` behavior, but adapted to OpenClaw's
+Gateway and multi-channel architecture.
+
+## What it does
+
+When you send:
+
+```text
+/btw what changed?
+```
+
+OpenClaw:
+
+1. snapshots the current session context,
+2. runs a separate **tool-less** model call,
+3. answers only the side question,
+4. leaves the main run alone,
+5. does **not** write the BTW question or answer to session history,
+6. emits the answer as a **live side result** rather than a normal assistant message.
+
+The important mental model is:
+
+- same session context
+- separate one-shot side query
+- no tool calls
+- no future context pollution
+- no transcript persistence
+
+## What it does not do
+
+`/btw` does **not**:
+
+- create a new durable session,
+- continue the unfinished main task,
+- run tools or agent tool loops,
+- write BTW question/answer data to transcript history,
+- appear in `chat.history`,
+- survive a reload.
+
+It is intentionally **ephemeral**.
+
+## How context works
+
+BTW uses the current session as **background context only**.
+
+If the main run is currently active, OpenClaw snapshots the current message
+state and includes the in-flight main prompt as background context, while
+explicitly telling the model:
+
+- answer only the side question,
+- do not resume or complete the unfinished main task,
+- do not emit tool calls or pseudo-tool calls.
+
+That keeps BTW isolated from the main run while still making it aware of what
+the session is about.
+
+## Delivery model
+
+BTW is **not** delivered as a normal assistant transcript message.
+
+At the Gateway protocol level:
+
+- normal assistant chat uses the `chat` event
+- BTW uses the `chat.side_result` event
+
+This separation is intentional. If BTW reused the normal `chat` event path,
+clients would treat it like regular conversation history.
+
+Because BTW uses a separate live event and is not replayed from
+`chat.history`, it disappears after reload.
+
+## Surface behavior
+
+### TUI
+
+In TUI, BTW is rendered inline in the current session view, but it remains
+ephemeral:
+
+- visibly distinct from a normal assistant reply
+- dismissible with `Enter` or `Esc`
+- not replayed on reload
+
+### External channels
+
+On channels like Telegram, WhatsApp, and Discord, BTW is delivered as a
+clearly labeled one-off reply because those surfaces do not have a local
+ephemeral overlay concept.
+
+The answer is still treated as a side result, not normal session history.
+
+### Control UI / web
+
+The Gateway emits BTW correctly as `chat.side_result`, and BTW is not included
+in `chat.history`, so the persistence contract is already correct for web.
+
+The current Control UI still needs a dedicated `chat.side_result` consumer to
+render BTW live in the browser. Until that client-side support lands, BTW is a
+Gateway-level feature with full TUI and external-channel behavior, but not yet
+a complete browser UX.
+
+## When to use BTW
+
+Use `/btw` when you want:
+
+- a quick clarification about the current work,
+- a factual side answer while a long run is still in progress,
+- a temporary answer that should not become part of future session context.
+
+Examples:
+
+```text
+/btw what file are we editing?
+/btw what does this error mean?
+/btw summarize the current task in one sentence
+/btw what is 17 * 19?
+```
+
+## When not to use BTW
+
+Do not use `/btw` when you want the answer to become part of the session's
+future working context.
+
+In that case, ask normally in the main session instead of using BTW.
+
+## Related
+
+- [Slash commands](/tools/slash-commands)
+- [Thinking Levels](/tools/thinking)
+- [Session](/concepts/session)
diff --git a/docs/tools/chrome-extension.md b/docs/tools/chrome-extension.md
index dcf2150409b..91a6c1240f1 100644
--- a/docs/tools/chrome-extension.md
+++ b/docs/tools/chrome-extension.md
@@ -62,7 +62,7 @@ After upgrading OpenClaw:
 
 ## Use it (set gateway token once)
 
-OpenClaw ships with a built-in browser profile named `chrome` that targets the extension relay on the default port.
+OpenClaw ships with a built-in browser profile named `chrome-relay` that targets the extension relay on the default port.
 
 Before first attach, open extension Options and set:
 
@@ -71,8 +71,8 @@ Before first attach, open extension Options and set:
 
 Use it:
 
-- CLI: `openclaw browser --browser-profile chrome tabs`
-- Agent tool: `browser` with `profile="chrome"`
+- CLI: `openclaw browser --browser-profile chrome-relay tabs`
+- Agent tool: `browser` with `profile="chrome-relay"`
 
 If you want a different name or a different relay port, create your own profile:
 
diff --git a/docs/tools/index.md b/docs/tools/index.md
index 6552d6f9118..bdd9b78456f 100644
--- a/docs/tools/index.md
+++ b/docs/tools/index.md
@@ -316,7 +316,11 @@ Common parameters:
   Notes:
 - Requires `browser.enabled=true` (default is `true`; set `false` to disable).
 - All actions accept optional `profile` parameter for multi-instance support.
-- When `profile` is omitted, uses `browser.defaultProfile` (defaults to "chrome").
+- Omit `profile` for the safe default: isolated OpenClaw-managed browser (`openclaw`).
+- Use `profile="user"` for the real local host browser when existing logins/cookies matter and the user is present to click/approve any attach prompt.
+- Use `profile="chrome-relay"` only for the Chrome extension / toolbar-button attach flow.
+- `profile="user"` and `profile="chrome-relay"` are host-only; do not combine them with sandbox/node targets.
+- When `profile` is omitted, uses `browser.defaultProfile` (defaults to `openclaw`).
 - Profile names: lowercase alphanumeric + hyphens only (max 64 chars).
 - Port range: 18800-18899 (~100 profiles max).
 - Remote profiles are attach-only (no start/stop/reset).
diff --git a/docs/tools/slash-commands.md b/docs/tools/slash-commands.md
index e0a9f1aa365..19072342b20 100644
--- a/docs/tools/slash-commands.md
+++ b/docs/tools/slash-commands.md
@@ -76,6 +76,7 @@ Text + native (when enabled):
 - `/allowlist` (list/add/remove allowlist entries)
 - `/approve <id> allow-once|allow-always|deny` (resolve exec approval prompts)
 - `/context [list|detail|json]` (explain “context”; `detail` shows per-file + per-tool + per-skill + system prompt size)
+- `/btw <question>` (ask an ephemeral side question about the current session without changing future session context; see [/tools/btw](/tools/btw))
 - `/export-session [path]` (alias: `/export`) (export current session to HTML with full system prompt)
 - `/whoami` (show your sender id; alias: `/id`)
 - `/session idle <duration|off>` (manage inactivity auto-unfocus for focused thread bindings)
@@ -223,3 +224,27 @@ Notes:
 - **`/stop`** targets the active chat session so it can abort the current run.
 - **Slack:** `channels.slack.slashCommand` is still supported for a single `/openclaw`-style command. If you enable `commands.native`, you must create one Slack slash command per built-in command (same names as `/help`). Command argument menus for Slack are delivered as ephemeral Block Kit buttons.
   - Slack native exception: register `/agentstatus` (not `/status`) because Slack reserves `/status`. Text `/status` still works in Slack messages.
+
+## BTW side questions
+
+`/btw` is a quick **side question** about the current session.
+
+Unlike normal chat:
+
+- it uses the current session as background context,
+- it runs as a separate **tool-less** one-shot call,
+- it does not change future session context,
+- it is not written to transcript history,
+- it is delivered as a live side result instead of a normal assistant message.
+
+That makes `/btw` useful when you want a temporary clarification while the main
+task keeps going.
+
+Example:
+
+```text
+/btw what are we doing right now?
+```
+
+See [BTW Side Questions](/tools/btw) for the full behavior and client UX
+details.
diff --git a/docs/zh-CN/automation/cron-jobs.md b/docs/zh-CN/automation/cron-jobs.md
index 185779a2636..cfdb0c178e1 100644
--- a/docs/zh-CN/automation/cron-jobs.md
+++ b/docs/zh-CN/automation/cron-jobs.md
@@ -28,7 +28,9 @@ x-i18n:
 - 任务持久化存储在 `~/.openclaw/cron/` 下，因此重启不会丢失计划。
 - 两种执行方式：
   - **主会话**：入队一个系统事件，然后在下一次心跳时运行。
-  - **隔离式**：在 `cron:<jobId>` 中运行专用智能体轮次，可投递摘要（默认 announce）或不投递。
+  - **隔离式**：在 `cron:<jobId>` 或自定义会话中运行专用智能体轮次，可投递摘要（默认 announce）或不投递。
+  - **当前会话**：绑定到创建定时任务时的会话 (`sessionTarget: "current"`)。
+  - **自定义会话**：在持久化的命名会话中运行 (`sessionTarget: "session:custom-id"`)。
 - 唤醒是一等功能：任务可以请求"立即唤醒"或"下次心跳时"。
 
 ## 快速开始（可操作）
@@ -83,6 +85,14 @@ openclaw cron add \
 2. **选择运行位置**
    - `sessionTarget: "main"` → 在下一次心跳时使用主会话上下文运行。
    - `sessionTarget: "isolated"` → 在 `cron:<jobId>` 中运行专用智能体轮次。
+   - `sessionTarget: "current"` → 绑定到当前会话（创建时解析为 `session:<sessionKey>`）。
+   - `sessionTarget: "session:custom-id"` → 在持久化的命名会话中运行，跨运行保持上下文。
+
+   默认行为（保持不变）：
+   - `systemEvent` 负载默认使用 `main`
+   - `agentTurn` 负载默认使用 `isolated`
+
+   要使用当前会话绑定，需显式设置 `sessionTarget: "current"`。
 
 3. **选择负载**
    - 主会话 → `payload.kind = "systemEvent"`
@@ -129,12 +139,13 @@ Cron 表达式使用 `croner`。如果省略时区，将使用 Gateway网关主
 
 #### 隔离任务（专用定时会话）
 
-隔离任务在会话 `cron:<jobId>` 中运行专用智能体轮次。
+隔离任务在会话 `cron:<jobId>` 或自定义会话中运行专用智能体轮次。
 
 关键行为：
 
 - 提示以 `[cron:<jobId> <任务名称>]` 为前缀，便于追踪。
-- 每次运行都会启动一个**全新的会话 ID**（不继承之前的对话）。
+- 每次运行都会启动一个**全新的会话 ID**（不继承之前的对话），除非使用自定义会话。
+- 自定义会话（`session:xxx`）可跨运行保持上下文，适用于如每日站会等需要基于前次摘要的工作流。
 - 如果未指定 `delivery`，隔离任务会默认以“announce”方式投递摘要。
 - `delivery.mode` 可选 `announce`（投递摘要）或 `none`（内部运行）。
 
diff --git a/extensions/acpx/package.json b/extensions/acpx/package.json
index 66780c709b1..d3947cc7552 100644
--- a/extensions/acpx/package.json
+++ b/extensions/acpx/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/acpx",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw ACP runtime backend via acpx",
   "type": "module",
   "dependencies": {
diff --git a/extensions/bluebubbles/package.json b/extensions/bluebubbles/package.json
index b2c13701ead..67df516b8d7 100644
--- a/extensions/bluebubbles/package.json
+++ b/extensions/bluebubbles/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/bluebubbles",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw BlueBubbles channel plugin",
   "type": "module",
   "dependencies": {
diff --git a/extensions/bluebubbles/src/attachments.ts b/extensions/bluebubbles/src/attachments.ts
index cbd8a74d807..c5392fd2595 100644
--- a/extensions/bluebubbles/src/attachments.ts
+++ b/extensions/bluebubbles/src/attachments.ts
@@ -2,7 +2,7 @@ import crypto from "node:crypto";
 import path from "node:path";
 import type { OpenClawConfig } from "openclaw/plugin-sdk/bluebubbles";
 import { resolveBlueBubblesServerAccount } from "./account-resolve.js";
-import { postMultipartFormData } from "./multipart.js";
+import { assertMultipartActionOk, postMultipartFormData } from "./multipart.js";
 import {
   getCachedBlueBubblesPrivateApiStatus,
   isBlueBubblesPrivateApiStatusEnabled,
@@ -262,12 +262,7 @@ export async function sendBlueBubblesAttachment(params: {
     timeoutMs: opts.timeoutMs ?? 60_000, // longer timeout for file uploads
   });
 
-  if (!res.ok) {
-    const errorText = await res.text();
-    throw new Error(
-      `BlueBubbles attachment send failed (${res.status}): ${errorText || "unknown"}`,
-    );
-  }
+  await assertMultipartActionOk(res, "attachment send");
 
   const responseBody = await res.text();
   if (!responseBody) {
diff --git a/extensions/bluebubbles/src/chat.test.ts b/extensions/bluebubbles/src/chat.test.ts
index cc37829bc9d..f8adc9b86fd 100644
--- a/extensions/bluebubbles/src/chat.test.ts
+++ b/extensions/bluebubbles/src/chat.test.ts
@@ -29,6 +29,11 @@ describe("chat", () => {
     });
   }
 
+  function mockTwoOkTextResponses() {
+    mockOkTextResponse();
+    mockOkTextResponse();
+  }
+
   async function expectCalledUrlIncludesPassword(params: {
     password: string;
     invoke: () => Promise<void>;
@@ -198,15 +203,7 @@ describe("chat", () => {
     });
 
     it("uses POST for start and DELETE for stop", async () => {
-      mockFetch
-        .mockResolvedValueOnce({
-          ok: true,
-          text: () => Promise.resolve(""),
-        })
-        .mockResolvedValueOnce({
-          ok: true,
-          text: () => Promise.resolve(""),
-        });
+      mockTwoOkTextResponses();
 
       await sendBlueBubblesTyping("iMessage;-;+15551234567", true, {
         serverUrl: "http://localhost:1234",
@@ -442,15 +439,7 @@ describe("chat", () => {
     });
 
     it("adds and removes participant using matching endpoint", async () => {
-      mockFetch
-        .mockResolvedValueOnce({
-          ok: true,
-          text: () => Promise.resolve(""),
-        })
-        .mockResolvedValueOnce({
-          ok: true,
-          text: () => Promise.resolve(""),
-        });
+      mockTwoOkTextResponses();
 
       await addBlueBubblesParticipant("chat-guid", "+15551234567", {
         serverUrl: "http://localhost:1234",
diff --git a/extensions/bluebubbles/src/chat.ts b/extensions/bluebubbles/src/chat.ts
index 1670f276ba7..17340b7f980 100644
--- a/extensions/bluebubbles/src/chat.ts
+++ b/extensions/bluebubbles/src/chat.ts
@@ -2,7 +2,7 @@ import crypto from "node:crypto";
 import path from "node:path";
 import type { OpenClawConfig } from "openclaw/plugin-sdk/bluebubbles";
 import { resolveBlueBubblesServerAccount } from "./account-resolve.js";
-import { postMultipartFormData } from "./multipart.js";
+import { assertMultipartActionOk, postMultipartFormData } from "./multipart.js";
 import { getCachedBlueBubblesPrivateApiStatus } from "./probe.js";
 import { blueBubblesFetchWithTimeout, buildBlueBubblesApiUrl } from "./types.js";
 
@@ -26,14 +26,6 @@ function assertPrivateApiEnabled(accountId: string, feature: string): void {
   }
 }
 
-async function assertBlueBubblesActionOk(response: Response, action: string): Promise<void> {
-  if (response.ok) {
-    return;
-  }
-  const errorText = await response.text().catch(() => "");
-  throw new Error(`BlueBubbles ${action} failed (${response.status}): ${errorText || "unknown"}`);
-}
-
 function resolvePartIndex(partIndex: number | undefined): number {
   return typeof partIndex === "number" ? partIndex : 0;
 }
@@ -63,7 +55,7 @@ async function sendBlueBubblesChatEndpointRequest(params: {
     { method: params.method },
     params.opts.timeoutMs,
   );
-  await assertBlueBubblesActionOk(res, params.action);
+  await assertMultipartActionOk(res, params.action);
 }
 
 async function sendPrivateApiJsonRequest(params: {
@@ -89,7 +81,7 @@ async function sendPrivateApiJsonRequest(params: {
   }
 
   const res = await blueBubblesFetchWithTimeout(url, request, params.opts.timeoutMs);
-  await assertBlueBubblesActionOk(res, params.action);
+  await assertMultipartActionOk(res, params.action);
 }
 
 export async function markBlueBubblesChatRead(
@@ -327,8 +319,5 @@ export async function setGroupIconBlueBubbles(
     timeoutMs: opts.timeoutMs ?? 60_000, // longer timeout for file uploads
   });
 
-  if (!res.ok) {
-    const errorText = await res.text().catch(() => "");
-    throw new Error(`BlueBubbles setGroupIcon failed (${res.status}): ${errorText || "unknown"}`);
-  }
+  await assertMultipartActionOk(res, "setGroupIcon");
 }
diff --git a/extensions/bluebubbles/src/monitor-normalize.test.ts b/extensions/bluebubbles/src/monitor-normalize.test.ts
index 3e06302593c..62651279237 100644
--- a/extensions/bluebubbles/src/monitor-normalize.test.ts
+++ b/extensions/bluebubbles/src/monitor-normalize.test.ts
@@ -1,18 +1,24 @@
 import { describe, expect, it } from "vitest";
 import { normalizeWebhookMessage, normalizeWebhookReaction } from "./monitor-normalize.js";
 
+function createFallbackDmPayload(overrides: Record<string, unknown> = {}) {
+  return {
+    guid: "msg-1",
+    isGroup: false,
+    isFromMe: false,
+    handle: null,
+    chatGuid: "iMessage;-;+15551234567",
+    ...overrides,
+  };
+}
+
 describe("normalizeWebhookMessage", () => {
   it("falls back to DM chatGuid handle when sender handle is missing", () => {
     const result = normalizeWebhookMessage({
       type: "new-message",
-      data: {
-        guid: "msg-1",
+      data: createFallbackDmPayload({
         text: "hello",
-        isGroup: false,
-        isFromMe: false,
-        handle: null,
-        chatGuid: "iMessage;-;+15551234567",
-      },
+      }),
     });
 
     expect(result).not.toBeNull();
@@ -78,15 +84,11 @@ describe("normalizeWebhookReaction", () => {
   it("falls back to DM chatGuid handle when reaction sender handle is missing", () => {
     const result = normalizeWebhookReaction({
       type: "updated-message",
-      data: {
+      data: createFallbackDmPayload({
         guid: "msg-2",
         associatedMessageGuid: "p:0/msg-1",
         associatedMessageType: 2000,
-        isGroup: false,
-        isFromMe: false,
-        handle: null,
-        chatGuid: "iMessage;-;+15551234567",
-      },
+      }),
     });
 
     expect(result).not.toBeNull();
diff --git a/extensions/bluebubbles/src/multipart.ts b/extensions/bluebubbles/src/multipart.ts
index 851cca016b7..e7c840745bb 100644
--- a/extensions/bluebubbles/src/multipart.ts
+++ b/extensions/bluebubbles/src/multipart.ts
@@ -30,3 +30,11 @@ export async function postMultipartFormData(params: {
     params.timeoutMs,
   );
 }
+
+export async function assertMultipartActionOk(response: Response, action: string): Promise<void> {
+  if (response.ok) {
+    return;
+  }
+  const errorText = await response.text().catch(() => "");
+  throw new Error(`BlueBubbles ${action} failed (${response.status}): ${errorText || "unknown"}`);
+}
diff --git a/extensions/copilot-proxy/package.json b/extensions/copilot-proxy/package.json
index 9829860d042..fdab55b3da8 100644
--- a/extensions/copilot-proxy/package.json
+++ b/extensions/copilot-proxy/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/copilot-proxy",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw Copilot Proxy provider plugin",
   "type": "module",
diff --git a/extensions/device-pair/index.ts b/extensions/device-pair/index.ts
index 825d1668ac0..7ba88842a7a 100644
--- a/extensions/device-pair/index.ts
+++ b/extensions/device-pair/index.ts
@@ -108,13 +108,21 @@ function resolveScheme(
   return cfg.gateway?.tls?.enabled === true ? "wss" : "ws";
 }
 
-function isPrivateIPv4(address: string): boolean {
+function parseIPv4Octets(address: string): [number, number, number, number] | null {
   const parts = address.split(".");
-  if (parts.length != 4) {
-    return false;
+  if (parts.length !== 4) {
+    return null;
   }
   const octets = parts.map((part) => Number.parseInt(part, 10));
   if (octets.some((value) => !Number.isFinite(value) || value < 0 || value > 255)) {
+    return null;
+  }
+  return octets as [number, number, number, number];
+}
+
+function isPrivateIPv4(address: string): boolean {
+  const octets = parseIPv4Octets(address);
+  if (!octets) {
     return false;
   }
   const [a, b] = octets;
@@ -131,12 +139,8 @@ function isPrivateIPv4(address: string): boolean {
 }
 
 function isTailnetIPv4(address: string): boolean {
-  const parts = address.split(".");
-  if (parts.length !== 4) {
-    return false;
-  }
-  const octets = parts.map((part) => Number.parseInt(part, 10));
-  if (octets.some((value) => !Number.isFinite(value) || value < 0 || value > 255)) {
+  const octets = parseIPv4Octets(address);
+  if (!octets) {
     return false;
   }
   const [a, b] = octets;
diff --git a/extensions/diagnostics-otel/package.json b/extensions/diagnostics-otel/package.json
index 95eea6a702a..b51ead550ef 100644
--- a/extensions/diagnostics-otel/package.json
+++ b/extensions/diagnostics-otel/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/diagnostics-otel",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw diagnostics OpenTelemetry exporter",
   "type": "module",
   "dependencies": {
diff --git a/extensions/diffs/index.test.ts b/extensions/diffs/index.test.ts
index df0a0a79192..c38da12bfcd 100644
--- a/extensions/diffs/index.test.ts
+++ b/extensions/diffs/index.test.ts
@@ -1,6 +1,8 @@
 import type { IncomingMessage } from "node:http";
+import type { OpenClawPluginApi } from "openclaw/plugin-sdk/diffs";
 import { describe, expect, it, vi } from "vitest";
 import { createMockServerResponse } from "../../src/test-utils/mock-http-response.js";
+import { createTestPluginApi } from "../test-utils/plugin-api.js";
 import plugin from "./index.js";
 
 describe("diffs plugin registration", () => {
@@ -9,33 +11,19 @@ describe("diffs plugin registration", () => {
     const registerHttpRoute = vi.fn();
     const on = vi.fn();
 
-    plugin.register?.({
-      id: "diffs",
-      name: "Diffs",
-      description: "Diffs",
-      source: "test",
-      config: {},
-      runtime: {} as never,
-      logger: {
-        info() {},
-        warn() {},
-        error() {},
-      },
-      registerTool,
-      registerHook() {},
-      registerHttpRoute,
-      registerChannel() {},
-      registerGatewayMethod() {},
-      registerCli() {},
-      registerService() {},
-      registerProvider() {},
-      registerCommand() {},
-      registerContextEngine() {},
-      resolvePath(input: string) {
-        return input;
-      },
-      on,
-    });
+    plugin.register?.(
+      createTestPluginApi({
+        id: "diffs",
+        name: "Diffs",
+        description: "Diffs",
+        source: "test",
+        config: {},
+        runtime: {} as never,
+        registerTool,
+        registerHttpRoute,
+        on,
+      }),
+    );
 
     expect(registerTool).toHaveBeenCalledTimes(1);
     expect(registerHttpRoute).toHaveBeenCalledTimes(1);
@@ -55,17 +43,15 @@ describe("diffs plugin registration", () => {
   });
 
   it("applies plugin-config defaults through registered tool and viewer handler", async () => {
-    let registeredTool:
-      | { execute?: (toolCallId: string, params: Record<string, unknown>) => Promise<unknown> }
-      | undefined;
-    let registeredHttpRouteHandler:
-      | ((
-          req: IncomingMessage,
-          res: ReturnType<typeof createMockServerResponse>,
-        ) => Promise<boolean>)
-      | undefined;
+    type RegisteredTool = {
+      execute?: (toolCallId: string, params: Record<string, unknown>) => Promise<unknown>;
+    };
+    type RegisteredHttpRouteParams = Parameters<OpenClawPluginApi["registerHttpRoute"]>[0];
 
-    plugin.register?.({
+    let registeredTool: RegisteredTool | undefined;
+    let registeredHttpRouteHandler: RegisteredHttpRouteParams["handler"] | undefined;
+
+    const api = createTestPluginApi({
       id: "diffs",
       name: "Diffs",
       description: "Diffs",
@@ -88,31 +74,16 @@ describe("diffs plugin registration", () => {
         },
       },
       runtime: {} as never,
-      logger: {
-        info() {},
-        warn() {},
-        error() {},
-      },
-      registerTool(tool) {
+      registerTool(tool: Parameters<OpenClawPluginApi["registerTool"]>[0]) {
         registeredTool = typeof tool === "function" ? undefined : tool;
       },
-      registerHook() {},
-      registerHttpRoute(params) {
-        registeredHttpRouteHandler = params.handler as typeof registeredHttpRouteHandler;
+      registerHttpRoute(params: RegisteredHttpRouteParams) {
+        registeredHttpRouteHandler = params.handler;
       },
-      registerChannel() {},
-      registerGatewayMethod() {},
-      registerCli() {},
-      registerService() {},
-      registerProvider() {},
-      registerCommand() {},
-      registerContextEngine() {},
-      resolvePath(input: string) {
-        return input;
-      },
-      on() {},
     });
 
+    plugin.register?.(api as unknown as OpenClawPluginApi);
+
     const result = await registeredTool?.execute?.("tool-1", {
       before: "one\n",
       after: "two\n",
diff --git a/extensions/diffs/package.json b/extensions/diffs/package.json
index bb5f232517a..b92b16052b8 100644
--- a/extensions/diffs/package.json
+++ b/extensions/diffs/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/diffs",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw diff viewer plugin",
   "type": "module",
@@ -8,7 +8,7 @@
     "build:viewer": "bun build src/viewer-client.ts --target browser --format esm --minify --outfile assets/viewer-runtime.js"
   },
   "dependencies": {
-    "@pierre/diffs": "1.0.11",
+    "@pierre/diffs": "1.1.0",
     "@sinclair/typebox": "0.34.48",
     "playwright-core": "1.58.2"
   },
diff --git a/extensions/diffs/src/http.test.ts b/extensions/diffs/src/http.test.ts
index 43216580379..a1caef018e4 100644
--- a/extensions/diffs/src/http.test.ts
+++ b/extensions/diffs/src/http.test.ts
@@ -9,6 +9,19 @@ describe("createDiffsHttpHandler", () => {
   let store: DiffArtifactStore;
   let cleanupRootDir: () => Promise<void>;
 
+  async function handleLocalGet(url: string) {
+    const handler = createDiffsHttpHandler({ store });
+    const res = createMockServerResponse();
+    const handled = await handler(
+      localReq({
+        method: "GET",
+        url,
+      }),
+      res,
+    );
+    return { handled, res };
+  }
+
   beforeEach(async () => {
     ({ store, cleanup: cleanupRootDir } = await createDiffStoreHarness("openclaw-diffs-http-"));
   });
@@ -19,16 +32,7 @@ describe("createDiffsHttpHandler", () => {
 
   it("serves a stored diff document", async () => {
     const artifact = await createViewerArtifact(store);
-
-    const handler = createDiffsHttpHandler({ store });
-    const res = createMockServerResponse();
-    const handled = await handler(
-      localReq({
-        method: "GET",
-        url: artifact.viewerPath,
-      }),
-      res,
-    );
+    const { handled, res } = await handleLocalGet(artifact.viewerPath);
 
     expect(handled).toBe(true);
     expect(res.statusCode).toBe(200);
@@ -38,15 +42,8 @@ describe("createDiffsHttpHandler", () => {
 
   it("rejects invalid tokens", async () => {
     const artifact = await createViewerArtifact(store);
-
-    const handler = createDiffsHttpHandler({ store });
-    const res = createMockServerResponse();
-    const handled = await handler(
-      localReq({
-        method: "GET",
-        url: artifact.viewerPath.replace(artifact.token, "bad-token"),
-      }),
-      res,
+    const { handled, res } = await handleLocalGet(
+      artifact.viewerPath.replace(artifact.token, "bad-token"),
     );
 
     expect(handled).toBe(true);
diff --git a/extensions/diffs/src/render.test.ts b/extensions/diffs/src/render.test.ts
index f46a2c9abe9..006b239a39f 100644
--- a/extensions/diffs/src/render.test.ts
+++ b/extensions/diffs/src/render.test.ts
@@ -23,8 +23,7 @@ describe("renderDiffDocument", () => {
     expect(rendered.html).toContain("data-openclaw-diff-root");
     expect(rendered.html).toContain("src/example.ts");
     expect(rendered.html).toContain("/plugins/diffs/assets/viewer.js");
-    expect(rendered.imageHtml).not.toContain("/plugins/diffs/assets/viewer.js");
-    expect(rendered.imageHtml).toContain('data-openclaw-diffs-ready="true"');
+    expect(rendered.imageHtml).toContain("/plugins/diffs/assets/viewer.js");
     expect(rendered.imageHtml).toContain("max-width: 960px;");
     expect(rendered.imageHtml).toContain("--diffs-font-size: 16px;");
     expect(rendered.html).toContain("min-height: 100vh;");
diff --git a/extensions/diffs/src/render.ts b/extensions/diffs/src/render.ts
index fb3d089c90a..364252c0b3b 100644
--- a/extensions/diffs/src/render.ts
+++ b/extensions/diffs/src/render.ts
@@ -1,5 +1,12 @@
-import type { FileContents, FileDiffMetadata, SupportedLanguages } from "@pierre/diffs";
-import { parsePatchFiles } from "@pierre/diffs";
+import fs from "node:fs/promises";
+import { createRequire } from "node:module";
+import type {
+  FileContents,
+  FileDiffMetadata,
+  SupportedLanguages,
+  ThemeRegistrationResolved,
+} from "@pierre/diffs";
+import { RegisteredCustomThemes, parsePatchFiles } from "@pierre/diffs";
 import { preloadFileDiff, preloadMultiFileDiff } from "@pierre/diffs/ssr";
 import type {
   DiffInput,
@@ -13,6 +20,45 @@ import { VIEWER_LOADER_PATH } from "./viewer-assets.js";
 const DEFAULT_FILE_NAME = "diff.txt";
 const MAX_PATCH_FILE_COUNT = 128;
 const MAX_PATCH_TOTAL_LINES = 120_000;
+const diffsRequire = createRequire(import.meta.resolve("@pierre/diffs"));
+
+let pierreThemesPatched = false;
+
+function createThemeLoader(
+  themeName: "pierre-dark" | "pierre-light",
+  themePath: string,
+): () => Promise<ThemeRegistrationResolved> {
+  let cachedTheme: ThemeRegistrationResolved | undefined;
+  return async () => {
+    if (cachedTheme) {
+      return cachedTheme;
+    }
+    const raw = await fs.readFile(themePath, "utf8");
+    const parsed = JSON.parse(raw) as Record<string, unknown>;
+    cachedTheme = {
+      ...parsed,
+      name: themeName,
+    } as ThemeRegistrationResolved;
+    return cachedTheme;
+  };
+}
+
+function patchPierreThemeLoadersForNode24(): void {
+  if (pierreThemesPatched) {
+    return;
+  }
+  try {
+    const darkThemePath = diffsRequire.resolve("@pierre/theme/themes/pierre-dark.json");
+    const lightThemePath = diffsRequire.resolve("@pierre/theme/themes/pierre-light.json");
+    RegisteredCustomThemes.set("pierre-dark", createThemeLoader("pierre-dark", darkThemePath));
+    RegisteredCustomThemes.set("pierre-light", createThemeLoader("pierre-light", lightThemePath));
+    pierreThemesPatched = true;
+  } catch {
+    // Keep upstream loaders if theme files cannot be resolved.
+  }
+}
+
+patchPierreThemeLoadersForNode24();
 
 function escapeCssString(value: string): string {
   return value.replaceAll("\\", "\\\\").replaceAll('"', '\\"');
@@ -195,14 +241,6 @@ function renderDiffCard(payload: DiffViewerPayload): string {
   </section>`;
 }
 
-function renderStaticDiffCard(prerenderedHTML: string): string {
-  return `<section class="oc-diff-card">
-    <diffs-container class="oc-diff-host" data-openclaw-diff-host>
-      <template shadowrootmode="open">${prerenderedHTML}</template>
-    </diffs-container>
-  </section>`;
-}
-
 function buildHtmlDocument(params: {
   title: string;
   bodyHtml: string;
@@ -211,7 +249,7 @@ function buildHtmlDocument(params: {
   runtimeMode: "viewer" | "image";
 }): string {
   return `<!doctype html>
-<html lang="en"${params.runtimeMode === "image" ? ' data-openclaw-diffs-ready="true"' : ""}>
+<html lang="en">
   <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
@@ -303,7 +341,7 @@ function buildHtmlDocument(params: {
         ${params.bodyHtml}
       </div>
     </main>
-    ${params.runtimeMode === "viewer" ? `<script type="module" src="${VIEWER_LOADER_PATH}"></script>` : ""}
+    <script type="module" src="${VIEWER_LOADER_PATH}"></script>
   </body>
 </html>`;
 }
@@ -314,16 +352,12 @@ type RenderedSection = {
 };
 
 function buildRenderedSection(params: {
-  viewerPrerenderedHtml: string;
-  imagePrerenderedHtml: string;
-  payload: Omit<DiffViewerPayload, "prerenderedHTML">;
+  viewerPayload: DiffViewerPayload;
+  imagePayload: DiffViewerPayload;
 }): RenderedSection {
   return {
-    viewer: renderDiffCard({
-      prerenderedHTML: params.viewerPrerenderedHtml,
-      ...params.payload,
-    }),
-    image: renderStaticDiffCard(params.imagePrerenderedHtml),
+    viewer: renderDiffCard(params.viewerPayload),
+    image: renderDiffCard(params.imagePayload),
   };
 }
 
@@ -355,21 +389,20 @@ async function renderBeforeAfterDiff(
   };
   const { viewerOptions, imageOptions } = buildRenderVariants(options);
   const [viewerResult, imageResult] = await Promise.all([
-    preloadMultiFileDiff({
+    preloadMultiFileDiffWithFallback({
       oldFile,
       newFile,
       options: viewerOptions,
     }),
-    preloadMultiFileDiff({
+    preloadMultiFileDiffWithFallback({
       oldFile,
       newFile,
       options: imageOptions,
     }),
   ]);
   const section = buildRenderedSection({
-    viewerPrerenderedHtml: viewerResult.prerenderedHTML,
-    imagePrerenderedHtml: imageResult.prerenderedHTML,
-    payload: {
+    viewerPayload: {
+      prerenderedHTML: viewerResult.prerenderedHTML,
       oldFile: viewerResult.oldFile,
       newFile: viewerResult.newFile,
       options: viewerOptions,
@@ -378,6 +411,16 @@ async function renderBeforeAfterDiff(
         newFile: viewerResult.newFile,
       }),
     },
+    imagePayload: {
+      prerenderedHTML: imageResult.prerenderedHTML,
+      oldFile: imageResult.oldFile,
+      newFile: imageResult.newFile,
+      options: imageOptions,
+      langs: buildPayloadLanguages({
+        oldFile: imageResult.oldFile,
+        newFile: imageResult.newFile,
+      }),
+    },
   });
 
   return {
@@ -410,24 +453,29 @@ async function renderPatchDiff(
   const sections = await Promise.all(
     files.map(async (fileDiff) => {
       const [viewerResult, imageResult] = await Promise.all([
-        preloadFileDiff({
+        preloadFileDiffWithFallback({
           fileDiff,
           options: viewerOptions,
         }),
-        preloadFileDiff({
+        preloadFileDiffWithFallback({
           fileDiff,
           options: imageOptions,
         }),
       ]);
 
       return buildRenderedSection({
-        viewerPrerenderedHtml: viewerResult.prerenderedHTML,
-        imagePrerenderedHtml: imageResult.prerenderedHTML,
-        payload: {
+        viewerPayload: {
+          prerenderedHTML: viewerResult.prerenderedHTML,
           fileDiff: viewerResult.fileDiff,
           options: viewerOptions,
           langs: buildPayloadLanguages({ fileDiff: viewerResult.fileDiff }),
         },
+        imagePayload: {
+          prerenderedHTML: imageResult.prerenderedHTML,
+          fileDiff: imageResult.fileDiff,
+          options: imageOptions,
+          langs: buildPayloadLanguages({ fileDiff: imageResult.fileDiff }),
+        },
       });
     }),
   );
@@ -468,3 +516,49 @@ export async function renderDiffDocument(
     inputKind: input.kind,
   };
 }
+
+type PreloadedFileDiffResult = Awaited<ReturnType<typeof preloadFileDiff>>;
+type PreloadedMultiFileDiffResult = Awaited<ReturnType<typeof preloadMultiFileDiff>>;
+
+function shouldFallbackToClientHydration(error: unknown): boolean {
+  return (
+    error instanceof TypeError &&
+    error.message.includes('needs an import attribute of "type: json"')
+  );
+}
+
+async function preloadFileDiffWithFallback(params: {
+  fileDiff: FileDiffMetadata;
+  options: DiffViewerOptions;
+}): Promise<PreloadedFileDiffResult> {
+  try {
+    return await preloadFileDiff(params);
+  } catch (error) {
+    if (!shouldFallbackToClientHydration(error)) {
+      throw error;
+    }
+    return {
+      fileDiff: params.fileDiff,
+      prerenderedHTML: "",
+    };
+  }
+}
+
+async function preloadMultiFileDiffWithFallback(params: {
+  oldFile: FileContents;
+  newFile: FileContents;
+  options: DiffViewerOptions;
+}): Promise<PreloadedMultiFileDiffResult> {
+  try {
+    return await preloadMultiFileDiff(params);
+  } catch (error) {
+    if (!shouldFallbackToClientHydration(error)) {
+      throw error;
+    }
+    return {
+      oldFile: params.oldFile,
+      newFile: params.newFile,
+      prerenderedHTML: "",
+    };
+  }
+}
diff --git a/extensions/diffs/src/tool.test.ts b/extensions/diffs/src/tool.test.ts
index 416bdf8dc14..2f845727274 100644
--- a/extensions/diffs/src/tool.test.ts
+++ b/extensions/diffs/src/tool.test.ts
@@ -2,6 +2,7 @@ import fs from "node:fs/promises";
 import path from "node:path";
 import type { OpenClawPluginApi } from "openclaw/plugin-sdk/diffs";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { createTestPluginApi } from "../../test-utils/plugin-api.js";
 import type { DiffScreenshotter } from "./browser.js";
 import { DEFAULT_DIFFS_TOOL_DEFAULTS } from "./config.js";
 import { DiffArtifactStore } from "./store.js";
@@ -56,7 +57,7 @@ describe("diffs tool", () => {
     const cleanupSpy = vi.spyOn(store, "scheduleCleanup");
     const screenshotter = createPngScreenshotter({
       assertHtml: (html) => {
-        expect(html).not.toContain("/plugins/diffs/assets/viewer.js");
+        expect(html).toContain("/plugins/diffs/assets/viewer.js");
       },
       assertImage: (image) => {
         expect(image).toMatchObject({
@@ -135,9 +136,7 @@ describe("diffs tool", () => {
       mode: "file",
     });
 
-    expect(screenshotter.screenshotHtml).toHaveBeenCalledTimes(1);
-    expect((result?.details as Record<string, unknown>).mode).toBe("file");
-    expect((result?.details as Record<string, unknown>).viewerUrl).toBeUndefined();
+    expectArtifactOnlyFileResult(screenshotter, result);
   });
 
   it("honors ttlSeconds for artifact-only file output", async () => {
@@ -227,9 +226,7 @@ describe("diffs tool", () => {
       after: "two\n",
     });
 
-    expect(screenshotter.screenshotHtml).toHaveBeenCalledTimes(1);
-    expect((result?.details as Record<string, unknown>).mode).toBe("file");
-    expect((result?.details as Record<string, unknown>).viewerUrl).toBeUndefined();
+    expectArtifactOnlyFileResult(screenshotter, result);
   });
 
   it("falls back to view output when both mode cannot render an image", async () => {
@@ -335,13 +332,13 @@ describe("diffs tool", () => {
     const html = await store.readHtml(id);
     expect(html).toContain('body data-theme="light"');
     expect(html).toContain("--diffs-font-size: 17px;");
-    expect(html).toContain('--diffs-font-family: "JetBrains Mono"');
+    expect(html).toContain("JetBrains Mono");
   });
 
   it("prefers explicit tool params over configured defaults", async () => {
     const screenshotter = createPngScreenshotter({
       assertHtml: (html) => {
-        expect(html).not.toContain("/plugins/diffs/assets/viewer.js");
+        expect(html).toContain("/plugins/diffs/assets/viewer.js");
       },
       assertImage: (image) => {
         expect(image).toMatchObject({
@@ -387,7 +384,7 @@ describe("diffs tool", () => {
 });
 
 function createApi(): OpenClawPluginApi {
-  return {
+  return createTestPluginApi({
     id: "diffs",
     name: "Diffs",
     description: "Diffs",
@@ -399,26 +396,7 @@ function createApi(): OpenClawPluginApi {
       },
     },
     runtime: {} as OpenClawPluginApi["runtime"],
-    logger: {
-      info() {},
-      warn() {},
-      error() {},
-    },
-    registerTool() {},
-    registerHook() {},
-    registerHttpRoute() {},
-    registerChannel() {},
-    registerGatewayMethod() {},
-    registerCli() {},
-    registerService() {},
-    registerProvider() {},
-    registerCommand() {},
-    registerContextEngine() {},
-    resolvePath(input: string) {
-      return input;
-    },
-    on() {},
-  };
+  }) as OpenClawPluginApi;
 }
 
 function createToolWithScreenshotter(
@@ -434,6 +412,15 @@ function createToolWithScreenshotter(
   });
 }
 
+function expectArtifactOnlyFileResult(
+  screenshotter: DiffScreenshotter,
+  result: { details?: unknown } | null | undefined,
+) {
+  expect(screenshotter.screenshotHtml).toHaveBeenCalledTimes(1);
+  expect((result?.details as Record<string, unknown>).mode).toBe("file");
+  expect((result?.details as Record<string, unknown>).viewerUrl).toBeUndefined();
+}
+
 function createPngScreenshotter(
   params: {
     assertHtml?: (html: string) => void;
diff --git a/extensions/discord/package.json b/extensions/discord/package.json
index 337e6fd90a5..a85eb37b85f 100644
--- a/extensions/discord/package.json
+++ b/extensions/discord/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/discord",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Discord channel plugin",
   "type": "module",
   "openclaw": {
diff --git a/src/discord/account-inspect.test.ts b/extensions/discord/src/account-inspect.test.ts
similarity index 98%
rename from src/discord/account-inspect.test.ts
rename to extensions/discord/src/account-inspect.test.ts
index 0e8303635f9..eda0b6cc0e0 100644
--- a/src/discord/account-inspect.test.ts
+++ b/extensions/discord/src/account-inspect.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { inspectDiscordAccount } from "./account-inspect.js";
 
 function asConfig(value: unknown): OpenClawConfig {
diff --git a/src/discord/account-inspect.ts b/extensions/discord/src/account-inspect.ts
similarity index 90%
rename from src/discord/account-inspect.ts
rename to extensions/discord/src/account-inspect.ts
index 53357ffd636..d99f87aeb56 100644
--- a/src/discord/account-inspect.ts
+++ b/extensions/discord/src/account-inspect.ts
@@ -1,7 +1,10 @@
-import type { OpenClawConfig } from "../config/config.js";
-import type { DiscordAccountConfig } from "../config/types.discord.js";
-import { hasConfiguredSecretInput, normalizeSecretInputString } from "../config/types.secrets.js";
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { DiscordAccountConfig } from "../../../src/config/types.discord.js";
+import {
+  hasConfiguredSecretInput,
+  normalizeSecretInputString,
+} from "../../../src/config/types.secrets.js";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js";
 import {
   mergeDiscordAccountConfig,
   resolveDefaultDiscordAccountId,
diff --git a/src/discord/accounts.test.ts b/extensions/discord/src/accounts.test.ts
similarity index 100%
rename from src/discord/accounts.test.ts
rename to extensions/discord/src/accounts.test.ts
diff --git a/src/discord/accounts.ts b/extensions/discord/src/accounts.ts
similarity index 86%
rename from src/discord/accounts.ts
rename to extensions/discord/src/accounts.ts
index b4e71c78343..6cd1699f192 100644
--- a/src/discord/accounts.ts
+++ b/extensions/discord/src/accounts.ts
@@ -1,9 +1,9 @@
-import { createAccountActionGate } from "../channels/plugins/account-action-gate.js";
-import { createAccountListHelpers } from "../channels/plugins/account-helpers.js";
-import type { OpenClawConfig } from "../config/config.js";
-import type { DiscordAccountConfig, DiscordActionConfig } from "../config/types.js";
-import { resolveAccountEntry } from "../routing/account-lookup.js";
-import { normalizeAccountId } from "../routing/session-key.js";
+import { createAccountActionGate } from "../../../src/channels/plugins/account-action-gate.js";
+import { createAccountListHelpers } from "../../../src/channels/plugins/account-helpers.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { DiscordAccountConfig, DiscordActionConfig } from "../../../src/config/types.js";
+import { resolveAccountEntry } from "../../../src/routing/account-lookup.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
 import { resolveDiscordToken } from "./token.js";
 
 export type ResolvedDiscordAccount = {
diff --git a/extensions/discord/src/actions/handle-action.guild-admin.ts b/extensions/discord/src/actions/handle-action.guild-admin.ts
new file mode 100644
index 00000000000..80cd97217ae
--- /dev/null
+++ b/extensions/discord/src/actions/handle-action.guild-admin.ts
@@ -0,0 +1,451 @@
+import type { AgentToolResult } from "@mariozechner/pi-agent-core";
+import {
+  parseAvailableTags,
+  readNumberParam,
+  readStringArrayParam,
+  readStringParam,
+} from "../../../../src/agents/tools/common.js";
+import {
+  isDiscordModerationAction,
+  readDiscordModerationCommand,
+} from "../../../../src/agents/tools/discord-actions-moderation-shared.js";
+import { handleDiscordAction } from "../../../../src/agents/tools/discord-actions.js";
+import type { ChannelMessageActionContext } from "../../../../src/channels/plugins/types.js";
+
+type Ctx = Pick<
+  ChannelMessageActionContext,
+  "action" | "params" | "cfg" | "accountId" | "requesterSenderId"
+>;
+
+export async function tryHandleDiscordMessageActionGuildAdmin(params: {
+  ctx: Ctx;
+  resolveChannelId: () => string;
+  readParentIdParam: (params: Record<string, unknown>) => string | null | undefined;
+}): Promise<AgentToolResult<unknown> | undefined> {
+  const { ctx, resolveChannelId, readParentIdParam } = params;
+  const { action, params: actionParams, cfg } = ctx;
+  const accountId = ctx.accountId ?? readStringParam(actionParams, "accountId");
+
+  if (action === "member-info") {
+    const userId = readStringParam(actionParams, "userId", { required: true });
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "memberInfo", accountId: accountId ?? undefined, guildId, userId },
+      cfg,
+    );
+  }
+
+  if (action === "role-info") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "roleInfo", accountId: accountId ?? undefined, guildId },
+      cfg,
+    );
+  }
+
+  if (action === "emoji-list") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "emojiList", accountId: accountId ?? undefined, guildId },
+      cfg,
+    );
+  }
+
+  if (action === "emoji-upload") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "emojiName", { required: true });
+    const mediaUrl = readStringParam(actionParams, "media", {
+      required: true,
+      trim: false,
+    });
+    const roleIds = readStringArrayParam(actionParams, "roleIds");
+    return await handleDiscordAction(
+      {
+        action: "emojiUpload",
+        accountId: accountId ?? undefined,
+        guildId,
+        name,
+        mediaUrl,
+        roleIds,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "sticker-upload") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "stickerName", {
+      required: true,
+    });
+    const description = readStringParam(actionParams, "stickerDesc", {
+      required: true,
+    });
+    const tags = readStringParam(actionParams, "stickerTags", {
+      required: true,
+    });
+    const mediaUrl = readStringParam(actionParams, "media", {
+      required: true,
+      trim: false,
+    });
+    return await handleDiscordAction(
+      {
+        action: "stickerUpload",
+        accountId: accountId ?? undefined,
+        guildId,
+        name,
+        description,
+        tags,
+        mediaUrl,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "role-add" || action === "role-remove") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const userId = readStringParam(actionParams, "userId", { required: true });
+    const roleId = readStringParam(actionParams, "roleId", { required: true });
+    return await handleDiscordAction(
+      {
+        action: action === "role-add" ? "roleAdd" : "roleRemove",
+        accountId: accountId ?? undefined,
+        guildId,
+        userId,
+        roleId,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "channel-info") {
+    const channelId = readStringParam(actionParams, "channelId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "channelInfo", accountId: accountId ?? undefined, channelId },
+      cfg,
+    );
+  }
+
+  if (action === "channel-list") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "channelList", accountId: accountId ?? undefined, guildId },
+      cfg,
+    );
+  }
+
+  if (action === "channel-create") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "name", { required: true });
+    const type = readNumberParam(actionParams, "type", { integer: true });
+    const parentId = readParentIdParam(actionParams);
+    const topic = readStringParam(actionParams, "topic");
+    const position = readNumberParam(actionParams, "position", {
+      integer: true,
+    });
+    const nsfw = typeof actionParams.nsfw === "boolean" ? actionParams.nsfw : undefined;
+    return await handleDiscordAction(
+      {
+        action: "channelCreate",
+        accountId: accountId ?? undefined,
+        guildId,
+        name,
+        type: type ?? undefined,
+        parentId: parentId ?? undefined,
+        topic: topic ?? undefined,
+        position: position ?? undefined,
+        nsfw,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "channel-edit") {
+    const channelId = readStringParam(actionParams, "channelId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "name");
+    const topic = readStringParam(actionParams, "topic");
+    const position = readNumberParam(actionParams, "position", {
+      integer: true,
+    });
+    const parentId = readParentIdParam(actionParams);
+    const nsfw = typeof actionParams.nsfw === "boolean" ? actionParams.nsfw : undefined;
+    const rateLimitPerUser = readNumberParam(actionParams, "rateLimitPerUser", {
+      integer: true,
+    });
+    const archived = typeof actionParams.archived === "boolean" ? actionParams.archived : undefined;
+    const locked = typeof actionParams.locked === "boolean" ? actionParams.locked : undefined;
+    const autoArchiveDuration = readNumberParam(actionParams, "autoArchiveDuration", {
+      integer: true,
+    });
+    const availableTags = parseAvailableTags(actionParams.availableTags);
+    return await handleDiscordAction(
+      {
+        action: "channelEdit",
+        accountId: accountId ?? undefined,
+        channelId,
+        name: name ?? undefined,
+        topic: topic ?? undefined,
+        position: position ?? undefined,
+        parentId: parentId === undefined ? undefined : parentId,
+        nsfw,
+        rateLimitPerUser: rateLimitPerUser ?? undefined,
+        archived,
+        locked,
+        autoArchiveDuration: autoArchiveDuration ?? undefined,
+        availableTags,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "channel-delete") {
+    const channelId = readStringParam(actionParams, "channelId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "channelDelete", accountId: accountId ?? undefined, channelId },
+      cfg,
+    );
+  }
+
+  if (action === "channel-move") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const channelId = readStringParam(actionParams, "channelId", {
+      required: true,
+    });
+    const parentId = readParentIdParam(actionParams);
+    const position = readNumberParam(actionParams, "position", {
+      integer: true,
+    });
+    return await handleDiscordAction(
+      {
+        action: "channelMove",
+        accountId: accountId ?? undefined,
+        guildId,
+        channelId,
+        parentId: parentId === undefined ? undefined : parentId,
+        position: position ?? undefined,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "category-create") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "name", { required: true });
+    const position = readNumberParam(actionParams, "position", {
+      integer: true,
+    });
+    return await handleDiscordAction(
+      {
+        action: "categoryCreate",
+        accountId: accountId ?? undefined,
+        guildId,
+        name,
+        position: position ?? undefined,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "category-edit") {
+    const categoryId = readStringParam(actionParams, "categoryId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "name");
+    const position = readNumberParam(actionParams, "position", {
+      integer: true,
+    });
+    return await handleDiscordAction(
+      {
+        action: "categoryEdit",
+        accountId: accountId ?? undefined,
+        categoryId,
+        name: name ?? undefined,
+        position: position ?? undefined,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "category-delete") {
+    const categoryId = readStringParam(actionParams, "categoryId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "categoryDelete", accountId: accountId ?? undefined, categoryId },
+      cfg,
+    );
+  }
+
+  if (action === "voice-status") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const userId = readStringParam(actionParams, "userId", { required: true });
+    return await handleDiscordAction(
+      { action: "voiceStatus", accountId: accountId ?? undefined, guildId, userId },
+      cfg,
+    );
+  }
+
+  if (action === "event-list") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    return await handleDiscordAction(
+      { action: "eventList", accountId: accountId ?? undefined, guildId },
+      cfg,
+    );
+  }
+
+  if (action === "event-create") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const name = readStringParam(actionParams, "eventName", { required: true });
+    const startTime = readStringParam(actionParams, "startTime", {
+      required: true,
+    });
+    const endTime = readStringParam(actionParams, "endTime");
+    const description = readStringParam(actionParams, "desc");
+    const channelId = readStringParam(actionParams, "channelId");
+    const location = readStringParam(actionParams, "location");
+    const entityType = readStringParam(actionParams, "eventType");
+    return await handleDiscordAction(
+      {
+        action: "eventCreate",
+        accountId: accountId ?? undefined,
+        guildId,
+        name,
+        startTime,
+        endTime,
+        description,
+        channelId,
+        location,
+        entityType,
+      },
+      cfg,
+    );
+  }
+
+  if (isDiscordModerationAction(action)) {
+    const moderation = readDiscordModerationCommand(action, {
+      ...actionParams,
+      durationMinutes: readNumberParam(actionParams, "durationMin", { integer: true }),
+      deleteMessageDays: readNumberParam(actionParams, "deleteDays", {
+        integer: true,
+      }),
+    });
+    const senderUserId = ctx.requesterSenderId?.trim() || undefined;
+    return await handleDiscordAction(
+      {
+        action: moderation.action,
+        accountId: accountId ?? undefined,
+        guildId: moderation.guildId,
+        userId: moderation.userId,
+        durationMinutes: moderation.durationMinutes,
+        until: moderation.until,
+        reason: moderation.reason,
+        deleteMessageDays: moderation.deleteMessageDays,
+        senderUserId,
+      },
+      cfg,
+    );
+  }
+
+  // Some actions are conceptually "admin", but still act on a resolved channel.
+  if (action === "thread-list") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const channelId = readStringParam(actionParams, "channelId");
+    const includeArchived =
+      typeof actionParams.includeArchived === "boolean" ? actionParams.includeArchived : undefined;
+    const before = readStringParam(actionParams, "before");
+    const limit = readNumberParam(actionParams, "limit", { integer: true });
+    return await handleDiscordAction(
+      {
+        action: "threadList",
+        accountId: accountId ?? undefined,
+        guildId,
+        channelId,
+        includeArchived,
+        before,
+        limit,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "thread-reply") {
+    const content = readStringParam(actionParams, "message", {
+      required: true,
+    });
+    const mediaUrl = readStringParam(actionParams, "media", { trim: false });
+    const replyTo = readStringParam(actionParams, "replyTo");
+
+    // `message.thread-reply` (tool) uses `threadId`, while the CLI historically used `to`/`channelId`.
+    // Prefer `threadId` when present to avoid accidentally replying in the parent channel.
+    const threadId = readStringParam(actionParams, "threadId");
+    const channelId = threadId ?? resolveChannelId();
+
+    return await handleDiscordAction(
+      {
+        action: "threadReply",
+        accountId: accountId ?? undefined,
+        channelId,
+        content,
+        mediaUrl: mediaUrl ?? undefined,
+        replyTo: replyTo ?? undefined,
+      },
+      cfg,
+    );
+  }
+
+  if (action === "search") {
+    const guildId = readStringParam(actionParams, "guildId", {
+      required: true,
+    });
+    const query = readStringParam(actionParams, "query", { required: true });
+    return await handleDiscordAction(
+      {
+        action: "searchMessages",
+        accountId: accountId ?? undefined,
+        guildId,
+        content: query,
+        channelId: readStringParam(actionParams, "channelId"),
+        channelIds: readStringArrayParam(actionParams, "channelIds"),
+        authorId: readStringParam(actionParams, "authorId"),
+        authorIds: readStringArrayParam(actionParams, "authorIds"),
+        limit: readNumberParam(actionParams, "limit", { integer: true }),
+      },
+      cfg,
+    );
+  }
+
+  return undefined;
+}
diff --git a/extensions/discord/src/actions/handle-action.ts b/extensions/discord/src/actions/handle-action.ts
new file mode 100644
index 00000000000..b0842ce25b2
--- /dev/null
+++ b/extensions/discord/src/actions/handle-action.ts
@@ -0,0 +1,295 @@
+import type { AgentToolResult } from "@mariozechner/pi-agent-core";
+import {
+  readNumberParam,
+  readStringArrayParam,
+  readStringParam,
+} from "../../../../src/agents/tools/common.js";
+import { readDiscordParentIdParam } from "../../../../src/agents/tools/discord-actions-shared.js";
+import { handleDiscordAction } from "../../../../src/agents/tools/discord-actions.js";
+import { resolveReactionMessageId } from "../../../../src/channels/plugins/actions/reaction-message-id.js";
+import type { ChannelMessageActionContext } from "../../../../src/channels/plugins/types.js";
+import { readBooleanParam } from "../../../../src/plugin-sdk/boolean-param.js";
+import { resolveDiscordChannelId } from "../targets.js";
+import { tryHandleDiscordMessageActionGuildAdmin } from "./handle-action.guild-admin.js";
+
+const providerId = "discord";
+
+export async function handleDiscordMessageAction(
+  ctx: Pick<
+    ChannelMessageActionContext,
+    | "action"
+    | "params"
+    | "cfg"
+    | "accountId"
+    | "requesterSenderId"
+    | "toolContext"
+    | "mediaLocalRoots"
+  >,
+): Promise<AgentToolResult<unknown>> {
+  const { action, params, cfg } = ctx;
+  const accountId = ctx.accountId ?? readStringParam(params, "accountId");
+  const actionOptions = {
+    mediaLocalRoots: ctx.mediaLocalRoots,
+  } as const;
+
+  const resolveChannelId = () =>
+    resolveDiscordChannelId(
+      readStringParam(params, "channelId") ?? readStringParam(params, "to", { required: true }),
+    );
+
+  if (action === "send") {
+    const to = readStringParam(params, "to", { required: true });
+    const asVoice = readBooleanParam(params, "asVoice") === true;
+    const rawComponents = params.components;
+    const hasComponents =
+      Boolean(rawComponents) &&
+      (typeof rawComponents === "function" || typeof rawComponents === "object");
+    const components = hasComponents ? rawComponents : undefined;
+    const content = readStringParam(params, "message", {
+      required: !asVoice && !hasComponents,
+      allowEmpty: true,
+    });
+    // Support media, path, and filePath for media URL
+    const mediaUrl =
+      readStringParam(params, "media", { trim: false }) ??
+      readStringParam(params, "path", { trim: false }) ??
+      readStringParam(params, "filePath", { trim: false });
+    const filename = readStringParam(params, "filename");
+    const replyTo = readStringParam(params, "replyTo");
+    const rawEmbeds = params.embeds;
+    const embeds = Array.isArray(rawEmbeds) ? rawEmbeds : undefined;
+    const silent = readBooleanParam(params, "silent") === true;
+    const sessionKey = readStringParam(params, "__sessionKey");
+    const agentId = readStringParam(params, "__agentId");
+    return await handleDiscordAction(
+      {
+        action: "sendMessage",
+        accountId: accountId ?? undefined,
+        to,
+        content,
+        mediaUrl: mediaUrl ?? undefined,
+        filename: filename ?? undefined,
+        replyTo: replyTo ?? undefined,
+        components,
+        embeds,
+        asVoice,
+        silent,
+        __sessionKey: sessionKey ?? undefined,
+        __agentId: agentId ?? undefined,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "poll") {
+    const to = readStringParam(params, "to", { required: true });
+    const question = readStringParam(params, "pollQuestion", {
+      required: true,
+    });
+    const answers = readStringArrayParam(params, "pollOption", { required: true });
+    const allowMultiselect = readBooleanParam(params, "pollMulti");
+    const durationHours = readNumberParam(params, "pollDurationHours", {
+      integer: true,
+      strict: true,
+    });
+    return await handleDiscordAction(
+      {
+        action: "poll",
+        accountId: accountId ?? undefined,
+        to,
+        question,
+        answers,
+        allowMultiselect,
+        durationHours: durationHours ?? undefined,
+        content: readStringParam(params, "message"),
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "react") {
+    const messageIdRaw = resolveReactionMessageId({ args: params, toolContext: ctx.toolContext });
+    const messageId = messageIdRaw != null ? String(messageIdRaw).trim() : "";
+    if (!messageId) {
+      throw new Error(
+        "messageId required. Provide messageId explicitly or react to the current inbound message.",
+      );
+    }
+    const emoji = readStringParam(params, "emoji", { allowEmpty: true });
+    const remove = readBooleanParam(params, "remove");
+    return await handleDiscordAction(
+      {
+        action: "react",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        messageId,
+        emoji,
+        remove,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "reactions") {
+    const messageId = readStringParam(params, "messageId", { required: true });
+    const limit = readNumberParam(params, "limit", { integer: true });
+    return await handleDiscordAction(
+      {
+        action: "reactions",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        messageId,
+        limit,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "read") {
+    const limit = readNumberParam(params, "limit", { integer: true });
+    return await handleDiscordAction(
+      {
+        action: "readMessages",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        limit,
+        before: readStringParam(params, "before"),
+        after: readStringParam(params, "after"),
+        around: readStringParam(params, "around"),
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "edit") {
+    const messageId = readStringParam(params, "messageId", { required: true });
+    const content = readStringParam(params, "message", { required: true });
+    return await handleDiscordAction(
+      {
+        action: "editMessage",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        messageId,
+        content,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "delete") {
+    const messageId = readStringParam(params, "messageId", { required: true });
+    return await handleDiscordAction(
+      {
+        action: "deleteMessage",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        messageId,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "pin" || action === "unpin" || action === "list-pins") {
+    const messageId =
+      action === "list-pins" ? undefined : readStringParam(params, "messageId", { required: true });
+    return await handleDiscordAction(
+      {
+        action: action === "pin" ? "pinMessage" : action === "unpin" ? "unpinMessage" : "listPins",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        messageId,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "permissions") {
+    return await handleDiscordAction(
+      {
+        action: "permissions",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "thread-create") {
+    const name = readStringParam(params, "threadName", { required: true });
+    const messageId = readStringParam(params, "messageId");
+    const content = readStringParam(params, "message");
+    const autoArchiveMinutes = readNumberParam(params, "autoArchiveMin", {
+      integer: true,
+    });
+    const appliedTags = readStringArrayParam(params, "appliedTags");
+    return await handleDiscordAction(
+      {
+        action: "threadCreate",
+        accountId: accountId ?? undefined,
+        channelId: resolveChannelId(),
+        name,
+        messageId,
+        content,
+        autoArchiveMinutes,
+        appliedTags: appliedTags ?? undefined,
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "sticker") {
+    const stickerIds =
+      readStringArrayParam(params, "stickerId", {
+        required: true,
+        label: "sticker-id",
+      }) ?? [];
+    return await handleDiscordAction(
+      {
+        action: "sticker",
+        accountId: accountId ?? undefined,
+        to: readStringParam(params, "to", { required: true }),
+        stickerIds,
+        content: readStringParam(params, "message"),
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  if (action === "set-presence") {
+    return await handleDiscordAction(
+      {
+        action: "setPresence",
+        accountId: accountId ?? undefined,
+        status: readStringParam(params, "status"),
+        activityType: readStringParam(params, "activityType"),
+        activityName: readStringParam(params, "activityName"),
+        activityUrl: readStringParam(params, "activityUrl"),
+        activityState: readStringParam(params, "activityState"),
+      },
+      cfg,
+      actionOptions,
+    );
+  }
+
+  const adminResult = await tryHandleDiscordMessageActionGuildAdmin({
+    ctx,
+    resolveChannelId,
+    readParentIdParam: readDiscordParentIdParam,
+  });
+  if (adminResult !== undefined) {
+    return adminResult;
+  }
+
+  throw new Error(`Action ${String(action)} is not supported for provider ${providerId}.`);
+}
diff --git a/src/discord/api.test.ts b/extensions/discord/src/api.test.ts
similarity index 96%
rename from src/discord/api.test.ts
rename to extensions/discord/src/api.test.ts
index 4c9f1a9c0c1..5b0e648aa1d 100644
--- a/src/discord/api.test.ts
+++ b/extensions/discord/src/api.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { withFetchPreconnect } from "../test-utils/fetch-mock.js";
+import { withFetchPreconnect } from "../../../src/test-utils/fetch-mock.js";
 import { fetchDiscord } from "./api.js";
 import { jsonResponse } from "./test-http-helpers.js";
 
diff --git a/src/discord/api.ts b/extensions/discord/src/api.ts
similarity index 97%
rename from src/discord/api.ts
rename to extensions/discord/src/api.ts
index f8a88a50252..cead5eb8cea 100644
--- a/src/discord/api.ts
+++ b/extensions/discord/src/api.ts
@@ -1,5 +1,5 @@
-import { resolveFetch } from "../infra/fetch.js";
-import { resolveRetryConfig, retryAsync, type RetryConfig } from "../infra/retry.js";
+import { resolveFetch } from "../../../src/infra/fetch.js";
+import { resolveRetryConfig, retryAsync, type RetryConfig } from "../../../src/infra/retry.js";
 
 const DISCORD_API_BASE = "https://discord.com/api/v10";
 const DISCORD_API_RETRY_DEFAULTS = {
diff --git a/src/discord/audit.test.ts b/extensions/discord/src/audit.test.ts
similarity index 92%
rename from src/discord/audit.test.ts
rename to extensions/discord/src/audit.test.ts
index 55339b03381..c1b276f320b 100644
--- a/src/discord/audit.test.ts
+++ b/extensions/discord/src/audit.test.ts
@@ -27,7 +27,7 @@ describe("discord audit", () => {
           },
         },
       },
-    } as unknown as import("../config/config.js").OpenClawConfig;
+    } as unknown as import("../../../src/config/config.js").OpenClawConfig;
 
     const collected = collectDiscordAuditChannelIds({
       cfg,
@@ -73,7 +73,7 @@ describe("discord audit", () => {
           },
         },
       },
-    } as unknown as import("../config/config.js").OpenClawConfig;
+    } as unknown as import("../../../src/config/config.js").OpenClawConfig;
 
     const collected = collectDiscordAuditChannelIds({ cfg, accountId: "default" });
     expect(collected.channelIds).toEqual(["111"]);
@@ -98,7 +98,7 @@ describe("discord audit", () => {
           },
         },
       },
-    } as unknown as import("../config/config.js").OpenClawConfig;
+    } as unknown as import("../../../src/config/config.js").OpenClawConfig;
 
     const collected = collectDiscordAuditChannelIds({ cfg, accountId: "default" });
     expect(collected.channelIds).toEqual([]);
@@ -127,7 +127,7 @@ describe("discord audit", () => {
           },
         },
       },
-    } as unknown as import("../config/config.js").OpenClawConfig;
+    } as unknown as import("../../../src/config/config.js").OpenClawConfig;
 
     const collected = collectDiscordAuditChannelIds({ cfg, accountId: "default" });
     expect(collected.channelIds).toEqual(["111"]);
diff --git a/src/discord/audit.ts b/extensions/discord/src/audit.ts
similarity index 96%
rename from src/discord/audit.ts
rename to extensions/discord/src/audit.ts
index d2a6477e47f..a5a226c5550 100644
--- a/src/discord/audit.ts
+++ b/extensions/discord/src/audit.ts
@@ -1,6 +1,6 @@
-import type { OpenClawConfig } from "../config/config.js";
-import type { DiscordGuildChannelConfig, DiscordGuildEntry } from "../config/types.js";
-import { isRecord } from "../utils.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { DiscordGuildChannelConfig, DiscordGuildEntry } from "../../../src/config/types.js";
+import { isRecord } from "../../../src/utils.js";
 import { inspectDiscordAccount } from "./account-inspect.js";
 import { fetchChannelPermissionsDiscord } from "./send.js";
 
diff --git a/extensions/discord/src/channel-actions.ts b/extensions/discord/src/channel-actions.ts
new file mode 100644
index 00000000000..bf35b788e3e
--- /dev/null
+++ b/extensions/discord/src/channel-actions.ts
@@ -0,0 +1,140 @@
+import {
+  createUnionActionGate,
+  listTokenSourcedAccounts,
+} from "../../../src/channels/plugins/actions/shared.js";
+import type {
+  ChannelMessageActionAdapter,
+  ChannelMessageActionName,
+} from "../../../src/channels/plugins/types.js";
+import type { DiscordActionConfig } from "../../../src/config/types.discord.js";
+import { createDiscordActionGate, listEnabledDiscordAccounts } from "./accounts.js";
+import { handleDiscordMessageAction } from "./actions/handle-action.js";
+
+export const discordMessageActions: ChannelMessageActionAdapter = {
+  listActions: ({ cfg }) => {
+    const accounts = listTokenSourcedAccounts(listEnabledDiscordAccounts(cfg));
+    if (accounts.length === 0) {
+      return [];
+    }
+    // Union of all accounts' action gates (any account enabling an action makes it available)
+    const gate = createUnionActionGate(accounts, (account) =>
+      createDiscordActionGate({
+        cfg,
+        accountId: account.accountId,
+      }),
+    );
+    const isEnabled = (key: keyof DiscordActionConfig, defaultValue = true) =>
+      gate(key, defaultValue);
+    const actions = new Set<ChannelMessageActionName>(["send"]);
+    if (isEnabled("polls")) {
+      actions.add("poll");
+    }
+    if (isEnabled("reactions")) {
+      actions.add("react");
+      actions.add("reactions");
+    }
+    if (isEnabled("messages")) {
+      actions.add("read");
+      actions.add("edit");
+      actions.add("delete");
+    }
+    if (isEnabled("pins")) {
+      actions.add("pin");
+      actions.add("unpin");
+      actions.add("list-pins");
+    }
+    if (isEnabled("permissions")) {
+      actions.add("permissions");
+    }
+    if (isEnabled("threads")) {
+      actions.add("thread-create");
+      actions.add("thread-list");
+      actions.add("thread-reply");
+    }
+    if (isEnabled("search")) {
+      actions.add("search");
+    }
+    if (isEnabled("stickers")) {
+      actions.add("sticker");
+    }
+    if (isEnabled("memberInfo")) {
+      actions.add("member-info");
+    }
+    if (isEnabled("roleInfo")) {
+      actions.add("role-info");
+    }
+    if (isEnabled("reactions")) {
+      actions.add("emoji-list");
+    }
+    if (isEnabled("emojiUploads")) {
+      actions.add("emoji-upload");
+    }
+    if (isEnabled("stickerUploads")) {
+      actions.add("sticker-upload");
+    }
+    if (isEnabled("roles", false)) {
+      actions.add("role-add");
+      actions.add("role-remove");
+    }
+    if (isEnabled("channelInfo")) {
+      actions.add("channel-info");
+      actions.add("channel-list");
+    }
+    if (isEnabled("channels")) {
+      actions.add("channel-create");
+      actions.add("channel-edit");
+      actions.add("channel-delete");
+      actions.add("channel-move");
+      actions.add("category-create");
+      actions.add("category-edit");
+      actions.add("category-delete");
+    }
+    if (isEnabled("voiceStatus")) {
+      actions.add("voice-status");
+    }
+    if (isEnabled("events")) {
+      actions.add("event-list");
+      actions.add("event-create");
+    }
+    if (isEnabled("moderation", false)) {
+      actions.add("timeout");
+      actions.add("kick");
+      actions.add("ban");
+    }
+    if (isEnabled("presence", false)) {
+      actions.add("set-presence");
+    }
+    return Array.from(actions);
+  },
+  extractToolSend: ({ args }) => {
+    const action = typeof args.action === "string" ? args.action.trim() : "";
+    if (action === "sendMessage") {
+      const to = typeof args.to === "string" ? args.to : undefined;
+      return to ? { to } : null;
+    }
+    if (action === "threadReply") {
+      const channelId = typeof args.channelId === "string" ? args.channelId.trim() : "";
+      return channelId ? { to: `channel:${channelId}` } : null;
+    }
+    return null;
+  },
+  handleAction: async ({
+    action,
+    params,
+    cfg,
+    accountId,
+    requesterSenderId,
+    toolContext,
+    mediaLocalRoots,
+  }) => {
+    return await handleDiscordMessageAction({
+      action,
+      params,
+      cfg,
+      accountId,
+      requesterSenderId,
+      toolContext,
+      mediaLocalRoots,
+    });
+  },
+};
diff --git a/extensions/discord/src/channel.ts b/extensions/discord/src/channel.ts
index c6852a63469..dff426ab2e4 100644
--- a/extensions/discord/src/channel.ts
+++ b/extensions/discord/src/channel.ts
@@ -37,8 +37,13 @@ import {
   type ChannelPlugin,
   type ResolvedDiscordAccount,
 } from "openclaw/plugin-sdk/discord";
+import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js";
 import { getDiscordRuntime } from "./runtime.js";
 
+type DiscordSendFn = ReturnType<
+  typeof getDiscordRuntime
+>["channel"]["discord"]["sendMessageDiscord"];
+
 const meta = getChatChannelMeta("discord");
 
 const discordMessageActions: ChannelMessageActionAdapter = {
@@ -300,7 +305,9 @@ export const discordPlugin: ChannelPlugin<ResolvedDiscordAccount> = {
     pollMaxOptions: 10,
     resolveTarget: ({ to }) => normalizeDiscordOutboundTarget(to),
     sendText: async ({ cfg, to, text, accountId, deps, replyToId, silent }) => {
-      const send = deps?.sendDiscord ?? getDiscordRuntime().channel.discord.sendMessageDiscord;
+      const send =
+        resolveOutboundSendDep<DiscordSendFn>(deps, "discord") ??
+        getDiscordRuntime().channel.discord.sendMessageDiscord;
       const result = await send(to, text, {
         verbose: false,
         cfg,
@@ -321,7 +328,9 @@ export const discordPlugin: ChannelPlugin<ResolvedDiscordAccount> = {
       replyToId,
       silent,
     }) => {
-      const send = deps?.sendDiscord ?? getDiscordRuntime().channel.discord.sendMessageDiscord;
+      const send =
+        resolveOutboundSendDep<DiscordSendFn>(deps, "discord") ??
+        getDiscordRuntime().channel.discord.sendMessageDiscord;
       const result = await send(to, text, {
         verbose: false,
         cfg,
diff --git a/src/discord/chunk.test.ts b/extensions/discord/src/chunk.test.ts
similarity index 98%
rename from src/discord/chunk.test.ts
rename to extensions/discord/src/chunk.test.ts
index d33262c4767..3c667c0fc9f 100644
--- a/src/discord/chunk.test.ts
+++ b/extensions/discord/src/chunk.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { countLines, hasBalancedFences } from "../test-utils/chunk-test-helpers.js";
+import { countLines, hasBalancedFences } from "../../../src/test-utils/chunk-test-helpers.js";
 import { chunkDiscordText, chunkDiscordTextWithMode } from "./chunk.js";
 
 describe("chunkDiscordText", () => {
diff --git a/src/discord/chunk.ts b/extensions/discord/src/chunk.ts
similarity index 98%
rename from src/discord/chunk.ts
rename to extensions/discord/src/chunk.ts
index 242d5c74c2d..a814c10d2c8 100644
--- a/src/discord/chunk.ts
+++ b/extensions/discord/src/chunk.ts
@@ -1,4 +1,4 @@
-import { chunkMarkdownTextWithMode, type ChunkMode } from "../auto-reply/chunk.js";
+import { chunkMarkdownTextWithMode, type ChunkMode } from "../../../src/auto-reply/chunk.js";
 
 export type ChunkDiscordTextOpts = {
   /** Max characters per Discord message. Default: 2000. */
diff --git a/src/discord/client.test.ts b/extensions/discord/src/client.test.ts
similarity index 96%
rename from src/discord/client.test.ts
rename to extensions/discord/src/client.test.ts
index 3dc156670e7..416fa7c903a 100644
--- a/src/discord/client.test.ts
+++ b/extensions/discord/src/client.test.ts
@@ -1,6 +1,6 @@
 import type { RequestClient } from "@buape/carbon";
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { createDiscordRestClient } from "./client.js";
 
 describe("createDiscordRestClient", () => {
diff --git a/src/discord/client.ts b/extensions/discord/src/client.ts
similarity index 90%
rename from src/discord/client.ts
rename to extensions/discord/src/client.ts
index 62d917cebb6..2e8d53799a6 100644
--- a/src/discord/client.ts
+++ b/extensions/discord/src/client.ts
@@ -1,8 +1,8 @@
 import { RequestClient } from "@buape/carbon";
-import { loadConfig } from "../config/config.js";
-import { createDiscordRetryRunner, type RetryRunner } from "../infra/retry-policy.js";
-import type { RetryConfig } from "../infra/retry.js";
-import { normalizeAccountId } from "../routing/session-key.js";
+import { loadConfig } from "../../../src/config/config.js";
+import { createDiscordRetryRunner, type RetryRunner } from "../../../src/infra/retry-policy.js";
+import type { RetryConfig } from "../../../src/infra/retry.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
 import {
   mergeDiscordAccountConfig,
   resolveDiscordAccount,
diff --git a/src/discord/components-registry.ts b/extensions/discord/src/components-registry.ts
similarity index 100%
rename from src/discord/components-registry.ts
rename to extensions/discord/src/components-registry.ts
diff --git a/src/discord/components.test.ts b/extensions/discord/src/components.test.ts
similarity index 100%
rename from src/discord/components.test.ts
rename to extensions/discord/src/components.test.ts
diff --git a/src/discord/components.ts b/extensions/discord/src/components.ts
similarity index 100%
rename from src/discord/components.ts
rename to extensions/discord/src/components.ts
diff --git a/src/discord/directory-cache.ts b/extensions/discord/src/directory-cache.ts
similarity index 97%
rename from src/discord/directory-cache.ts
rename to extensions/discord/src/directory-cache.ts
index 4cb17865eae..d1a85767216 100644
--- a/src/discord/directory-cache.ts
+++ b/extensions/discord/src/directory-cache.ts
@@ -1,4 +1,4 @@
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/account-id.js";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/account-id.js";
 
 const DISCORD_DIRECTORY_CACHE_MAX_ENTRIES = 4000;
 const DISCORD_DISCRIMINATOR_SUFFIX = /#\d{4}$/;
diff --git a/src/discord/directory-live.test.ts b/extensions/discord/src/directory-live.test.ts
similarity index 97%
rename from src/discord/directory-live.test.ts
rename to extensions/discord/src/directory-live.test.ts
index e6f19d448d8..8ba3bc52c4a 100644
--- a/src/discord/directory-live.test.ts
+++ b/extensions/discord/src/directory-live.test.ts
@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { DirectoryConfigParams } from "../channels/plugins/directory-config.js";
+import type { DirectoryConfigParams } from "../../../src/channels/plugins/directory-config.js";
 
 const mocks = vi.hoisted(() => ({
   fetchDiscord: vi.fn(),
diff --git a/src/discord/directory-live.ts b/extensions/discord/src/directory-live.ts
similarity index 95%
rename from src/discord/directory-live.ts
rename to extensions/discord/src/directory-live.ts
index d57d3e775a9..af55475a43e 100644
--- a/src/discord/directory-live.ts
+++ b/extensions/discord/src/directory-live.ts
@@ -1,5 +1,5 @@
-import type { DirectoryConfigParams } from "../channels/plugins/directory-config.js";
-import type { ChannelDirectoryEntry } from "../channels/plugins/types.js";
+import type { DirectoryConfigParams } from "../../../src/channels/plugins/directory-config.js";
+import type { ChannelDirectoryEntry } from "../../../src/channels/plugins/types.js";
 import { resolveDiscordAccount } from "./accounts.js";
 import { fetchDiscord } from "./api.js";
 import { rememberDiscordDirectoryUser } from "./directory-cache.js";
diff --git a/src/discord/draft-chunking.ts b/extensions/discord/src/draft-chunking.ts
similarity index 78%
rename from src/discord/draft-chunking.ts
rename to extensions/discord/src/draft-chunking.ts
index 76231bc8397..ce4048379d1 100644
--- a/src/discord/draft-chunking.ts
+++ b/extensions/discord/src/draft-chunking.ts
@@ -1,8 +1,8 @@
-import { resolveTextChunkLimit } from "../auto-reply/chunk.js";
-import { getChannelDock } from "../channels/dock.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { resolveAccountEntry } from "../routing/account-lookup.js";
-import { normalizeAccountId } from "../routing/session-key.js";
+import { resolveTextChunkLimit } from "../../../src/auto-reply/chunk.js";
+import { getChannelDock } from "../../../src/channels/dock.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { resolveAccountEntry } from "../../../src/routing/account-lookup.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
 
 const DEFAULT_DISCORD_DRAFT_STREAM_MIN = 200;
 const DEFAULT_DISCORD_DRAFT_STREAM_MAX = 800;
diff --git a/src/discord/draft-stream.ts b/extensions/discord/src/draft-stream.ts
similarity index 97%
rename from src/discord/draft-stream.ts
rename to extensions/discord/src/draft-stream.ts
index 0281d4c0227..db9089f6176 100644
--- a/src/discord/draft-stream.ts
+++ b/extensions/discord/src/draft-stream.ts
@@ -1,6 +1,6 @@
 import type { RequestClient } from "@buape/carbon";
 import { Routes } from "discord-api-types/v10";
-import { createFinalizableDraftLifecycle } from "../channels/draft-stream-controls.js";
+import { createFinalizableDraftLifecycle } from "../../../src/channels/draft-stream-controls.js";
 
 /** Discord messages cap at 2000 characters. */
 const DISCORD_STREAM_MAX_CHARS = 2000;
diff --git a/src/discord/exec-approvals.ts b/extensions/discord/src/exec-approvals.ts
similarity index 72%
rename from src/discord/exec-approvals.ts
rename to extensions/discord/src/exec-approvals.ts
index f4be9a22e0c..5640805705a 100644
--- a/src/discord/exec-approvals.ts
+++ b/extensions/discord/src/exec-approvals.ts
@@ -1,6 +1,6 @@
-import type { ReplyPayload } from "../auto-reply/types.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { getExecApprovalReplyMetadata } from "../infra/exec-approval-reply.js";
+import type { ReplyPayload } from "../../../src/auto-reply/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { getExecApprovalReplyMetadata } from "../../../src/infra/exec-approval-reply.js";
 import { resolveDiscordAccount } from "./accounts.js";
 
 export function isDiscordExecApprovalClientEnabled(params: {
diff --git a/src/discord/gateway-logging.test.ts b/extensions/discord/src/gateway-logging.test.ts
similarity index 96%
rename from src/discord/gateway-logging.test.ts
rename to extensions/discord/src/gateway-logging.test.ts
index 762cf5d160b..e6fc4d0f714 100644
--- a/src/discord/gateway-logging.test.ts
+++ b/extensions/discord/src/gateway-logging.test.ts
@@ -1,11 +1,11 @@
 import { EventEmitter } from "node:events";
 import { afterEach, describe, expect, it, vi } from "vitest";
 
-vi.mock("../globals.js", () => ({
+vi.mock("../../../src/globals.js", () => ({
   logVerbose: vi.fn(),
 }));
 
-import { logVerbose } from "../globals.js";
+import { logVerbose } from "../../../src/globals.js";
 import { attachDiscordGatewayLogging } from "./gateway-logging.js";
 
 const makeRuntime = () => ({
diff --git a/src/discord/gateway-logging.ts b/extensions/discord/src/gateway-logging.ts
similarity index 94%
rename from src/discord/gateway-logging.ts
rename to extensions/discord/src/gateway-logging.ts
index 916952020be..18ce32909ef 100644
--- a/src/discord/gateway-logging.ts
+++ b/extensions/discord/src/gateway-logging.ts
@@ -1,6 +1,6 @@
 import type { EventEmitter } from "node:events";
-import { logVerbose } from "../globals.js";
-import type { RuntimeEnv } from "../runtime.js";
+import { logVerbose } from "../../../src/globals.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 
 type GatewayEmitter = Pick<EventEmitter, "on" | "removeListener">;
 
diff --git a/src/discord/guilds.ts b/extensions/discord/src/guilds.ts
similarity index 100%
rename from src/discord/guilds.ts
rename to extensions/discord/src/guilds.ts
diff --git a/src/discord/mentions.test.ts b/extensions/discord/src/mentions.test.ts
similarity index 100%
rename from src/discord/mentions.test.ts
rename to extensions/discord/src/mentions.test.ts
diff --git a/src/discord/mentions.ts b/extensions/discord/src/mentions.ts
similarity index 100%
rename from src/discord/mentions.ts
rename to extensions/discord/src/mentions.ts
diff --git a/src/discord/monitor.gateway.test.ts b/extensions/discord/src/monitor.gateway.test.ts
similarity index 100%
rename from src/discord/monitor.gateway.test.ts
rename to extensions/discord/src/monitor.gateway.test.ts
diff --git a/src/discord/monitor.gateway.ts b/extensions/discord/src/monitor.gateway.ts
similarity index 100%
rename from src/discord/monitor.gateway.ts
rename to extensions/discord/src/monitor.gateway.ts
diff --git a/src/discord/monitor.test.ts b/extensions/discord/src/monitor.test.ts
similarity index 97%
rename from src/discord/monitor.test.ts
rename to extensions/discord/src/monitor.test.ts
index 9471a3fe6bc..40f14a00551 100644
--- a/src/discord/monitor.test.ts
+++ b/extensions/discord/src/monitor.test.ts
@@ -1,6 +1,6 @@
 import { ChannelType, type Guild } from "@buape/carbon";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { typedCases } from "../test-utils/typed-cases.js";
+import { typedCases } from "../../../src/test-utils/typed-cases.js";
 import {
   allowListMatches,
   buildDiscordMediaPayload,
@@ -22,7 +22,7 @@ import { DiscordMessageListener, DiscordReactionListener } from "./monitor/liste
 
 const readAllowFromStoreMock = vi.hoisted(() => vi.fn());
 
-vi.mock("../pairing/pairing-store.js", () => ({
+vi.mock("../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: (...args: unknown[]) => readAllowFromStoreMock(...args),
 }));
 
@@ -157,7 +157,9 @@ describe("DiscordMessageListener", () => {
     const logger = {
       warn: vi.fn(),
       error: vi.fn(),
-    } as unknown as ReturnType<typeof import("../logging/subsystem.js").createSubsystemLogger>;
+    } as unknown as ReturnType<
+      typeof import("../../../src/logging/subsystem.js").createSubsystemLogger
+    >;
     const handler = vi.fn(async () => {
       throw new Error("boom");
     });
@@ -178,7 +180,9 @@ describe("DiscordMessageListener", () => {
     const logger = {
       warn: vi.fn(),
       error: vi.fn(),
-    } as unknown as ReturnType<typeof import("../logging/subsystem.js").createSubsystemLogger>;
+    } as unknown as ReturnType<
+      typeof import("../../../src/logging/subsystem.js").createSubsystemLogger
+    >;
     const listener = new DiscordMessageListener(handler, logger);
 
     const handlePromise = listener.handle(
@@ -247,6 +251,18 @@ describe("discord guild/channel resolution", () => {
     expect(resolved?.slug).toBe("friends-of-openclaw");
   });
 
+  it("resolves guild entry by raw guild id when guild object is missing", () => {
+    const guildEntries = makeEntries({
+      "123": { slug: "friends-of-openclaw" },
+    });
+    const resolved = resolveDiscordGuildEntry({
+      guildId: "123",
+      guildEntries,
+    });
+    expect(resolved?.id).toBe("123");
+    expect(resolved?.slug).toBe("friends-of-openclaw");
+  });
+
   it("resolves guild entry by slug key", () => {
     const guildEntries = makeEntries({
       "friends-of-openclaw": { slug: "friends-of-openclaw" },
@@ -876,11 +892,11 @@ const { enqueueSystemEventSpy, resolveAgentRouteMock } = vi.hoisted(() => ({
   })),
 }));
 
-vi.mock("../infra/system-events.js", () => ({
+vi.mock("../../../src/infra/system-events.js", () => ({
   enqueueSystemEvent: enqueueSystemEventSpy,
 }));
 
-vi.mock("../routing/resolve-route.js", () => ({
+vi.mock("../../../src/routing/resolve-route.js", () => ({
   resolveAgentRoute: resolveAgentRouteMock,
 }));
 
@@ -961,9 +977,9 @@ function makeReactionListenerParams(overrides?: {
   guildEntries?: Record<string, DiscordGuildEntryResolved>;
 }) {
   return {
-    cfg: {} as ReturnType<typeof import("../config/config.js").loadConfig>,
+    cfg: {} as ReturnType<typeof import("../../../src/config/config.js").loadConfig>,
     accountId: "acc-1",
-    runtime: {} as import("../runtime.js").RuntimeEnv,
+    runtime: {} as import("../../../src/runtime.js").RuntimeEnv,
     botUserId: overrides?.botUserId ?? "bot-1",
     dmEnabled: overrides?.dmEnabled ?? true,
     groupDmEnabled: overrides?.groupDmEnabled ?? true,
@@ -978,7 +994,9 @@ function makeReactionListenerParams(overrides?: {
       warn: vi.fn(),
       error: vi.fn(),
       debug: vi.fn(),
-    } as unknown as ReturnType<typeof import("../logging/subsystem.js").createSubsystemLogger>,
+    } as unknown as ReturnType<
+      typeof import("../../../src/logging/subsystem.js").createSubsystemLogger
+    >,
   };
 }
 
diff --git a/src/discord/monitor.tool-result.accepts-guild-messages-mentionpatterns-match.e2e.test.ts b/extensions/discord/src/monitor.tool-result.accepts-guild-messages-mentionpatterns-match.e2e.test.ts
similarity index 96%
rename from src/discord/monitor.tool-result.accepts-guild-messages-mentionpatterns-match.e2e.test.ts
rename to extensions/discord/src/monitor.tool-result.accepts-guild-messages-mentionpatterns-match.e2e.test.ts
index b85ec0c060d..6461fcef756 100644
--- a/src/discord/monitor.tool-result.accepts-guild-messages-mentionpatterns-match.e2e.test.ts
+++ b/extensions/discord/src/monitor.tool-result.accepts-guild-messages-mentionpatterns-match.e2e.test.ts
@@ -2,7 +2,7 @@ import type { Client } from "@buape/carbon";
 import { ChannelType, MessageType } from "@buape/carbon";
 import { Routes } from "discord-api-types/v10";
 import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
-import { createReplyDispatcherWithTyping } from "../auto-reply/reply/reply-dispatcher.js";
+import { createReplyDispatcherWithTyping } from "../../../src/auto-reply/reply/reply-dispatcher.js";
 import {
   dispatchMock,
   readAllowFromStoreMock,
@@ -14,8 +14,8 @@ import { __resetDiscordChannelInfoCacheForTest } from "./monitor/message-utils.j
 import { createNoopThreadBindingManager } from "./monitor/thread-bindings.js";
 const loadConfigMock = vi.fn();
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: (...args: unknown[]) => loadConfigMock(...args),
@@ -63,7 +63,7 @@ beforeEach(() => {
 
 const MENTION_PATTERNS_TEST_TIMEOUT_MS = process.platform === "win32" ? 90_000 : 60_000;
 
-type LoadedConfig = ReturnType<(typeof import("../config/config.js"))["loadConfig"]>;
+type LoadedConfig = ReturnType<(typeof import("../../../src/config/config.js"))["loadConfig"]>;
 let createDiscordMessageHandler: typeof import("./monitor.js").createDiscordMessageHandler;
 let createDiscordNativeCommand: typeof import("./monitor.js").createDiscordNativeCommand;
 
@@ -322,7 +322,7 @@ describe("discord tool result dispatch", () => {
         channels: {
           discord: { dm: { enabled: true, policy: "open" } },
         },
-      } as ReturnType<typeof import("../config/config.js").loadConfig>;
+      } as ReturnType<typeof import("../../../src/config/config.js").loadConfig>;
 
       const command = createDiscordNativeCommand({
         command: {
@@ -451,7 +451,7 @@ describe("discord tool result dispatch", () => {
     const cfg = {
       ...createDefaultThreadConfig(),
       routing: { allowFrom: [] },
-    } as ReturnType<typeof import("../config/config.js").loadConfig>;
+    } as ReturnType<typeof import("../../../src/config/config.js").loadConfig>;
 
     const handler = await createHandler(cfg);
 
diff --git a/src/discord/monitor.tool-result.sends-status-replies-responseprefix.test.ts b/extensions/discord/src/monitor.tool-result.sends-status-replies-responseprefix.test.ts
similarity index 98%
rename from src/discord/monitor.tool-result.sends-status-replies-responseprefix.test.ts
rename to extensions/discord/src/monitor.tool-result.sends-status-replies-responseprefix.test.ts
index 70d7fd53708..d1340f49852 100644
--- a/src/discord/monitor.tool-result.sends-status-replies-responseprefix.test.ts
+++ b/extensions/discord/src/monitor.tool-result.sends-status-replies-responseprefix.test.ts
@@ -12,7 +12,7 @@ import { createDiscordMessageHandler } from "./monitor/message-handler.js";
 import { __resetDiscordChannelInfoCacheForTest } from "./monitor/message-utils.js";
 import { createNoopThreadBindingManager } from "./monitor/thread-bindings.js";
 
-type Config = ReturnType<typeof import("../config/config.js").loadConfig>;
+type Config = ReturnType<typeof import("../../../src/config/config.js").loadConfig>;
 
 beforeEach(() => {
   __resetDiscordChannelInfoCacheForTest();
diff --git a/src/discord/monitor.tool-result.test-harness.ts b/extensions/discord/src/monitor.tool-result.test-harness.ts
similarity index 72%
rename from src/discord/monitor.tool-result.test-harness.ts
rename to extensions/discord/src/monitor.tool-result.test-harness.ts
index 0d4596b3281..700e9a63df3 100644
--- a/src/discord/monitor.tool-result.test-harness.ts
+++ b/extensions/discord/src/monitor.tool-result.test-harness.ts
@@ -1,5 +1,5 @@
 import { vi } from "vitest";
-import type { MockFn } from "../test-utils/vitest-mock-fn.js";
+import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js";
 
 export const sendMock: MockFn = vi.fn();
 export const reactMock: MockFn = vi.fn();
@@ -15,8 +15,8 @@ vi.mock("./send.js", () => ({
   },
 }));
 
-vi.mock("../auto-reply/dispatch.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../auto-reply/dispatch.js")>();
+vi.mock("../../../src/auto-reply/dispatch.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/auto-reply/dispatch.js")>();
   return {
     ...actual,
     dispatchInboundMessage: (...args: unknown[]) => dispatchMock(...args),
@@ -36,10 +36,10 @@ function createPairingStoreMocks() {
   };
 }
 
-vi.mock("../pairing/pairing-store.js", () => createPairingStoreMocks());
+vi.mock("../../../src/pairing/pairing-store.js", () => createPairingStoreMocks());
 
-vi.mock("../config/sessions.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/sessions.js")>();
+vi.mock("../../../src/config/sessions.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/sessions.js")>();
   return {
     ...actual,
     resolveStorePath: vi.fn(() => "/tmp/openclaw-sessions.json"),
diff --git a/src/discord/monitor.ts b/extensions/discord/src/monitor.ts
similarity index 100%
rename from src/discord/monitor.ts
rename to extensions/discord/src/monitor.ts
diff --git a/src/discord/monitor/agent-components.ts b/extensions/discord/src/monitor/agent-components.ts
similarity index 96%
rename from src/discord/monitor/agent-components.ts
rename to extensions/discord/src/monitor/agent-components.ts
index 56e7dfe3240..e954c372bb1 100644
--- a/src/discord/monitor/agent-components.ts
+++ b/extensions/discord/src/monitor/agent-components.ts
@@ -17,32 +17,35 @@ import {
 } from "@buape/carbon";
 import type { APIStringSelectComponent } from "discord-api-types/v10";
 import { ButtonStyle, ChannelType } from "discord-api-types/v10";
-import { resolveHumanDelayConfig } from "../../agents/identity.js";
-import { resolveChunkMode, resolveTextChunkLimit } from "../../auto-reply/chunk.js";
-import { formatInboundEnvelope, resolveEnvelopeFormatOptions } from "../../auto-reply/envelope.js";
-import { finalizeInboundContext } from "../../auto-reply/reply/inbound-context.js";
-import { dispatchReplyWithBufferedBlockDispatcher } from "../../auto-reply/reply/provider-dispatcher.js";
-import { createReplyReferencePlanner } from "../../auto-reply/reply/reply-reference.js";
-import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-gating.js";
-import { createReplyPrefixOptions } from "../../channels/reply-prefix.js";
-import { recordInboundSession } from "../../channels/session.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
-import { resolveMarkdownTableMode } from "../../config/markdown-tables.js";
-import { readSessionUpdatedAt, resolveStorePath } from "../../config/sessions.js";
-import type { DiscordAccountConfig } from "../../config/types.discord.js";
-import { logVerbose } from "../../globals.js";
-import { enqueueSystemEvent } from "../../infra/system-events.js";
-import { logDebug, logError } from "../../logger.js";
-import { getAgentScopedMediaLocalRoots } from "../../media/local-roots.js";
-import { issuePairingChallenge } from "../../pairing/pairing-challenge.js";
-import { upsertChannelPairingRequest } from "../../pairing/pairing-store.js";
-import { resolveAgentRoute } from "../../routing/resolve-route.js";
-import { createNonExitingRuntime, type RuntimeEnv } from "../../runtime.js";
+import { resolveHumanDelayConfig } from "../../../../src/agents/identity.js";
+import { resolveChunkMode, resolveTextChunkLimit } from "../../../../src/auto-reply/chunk.js";
+import {
+  formatInboundEnvelope,
+  resolveEnvelopeFormatOptions,
+} from "../../../../src/auto-reply/envelope.js";
+import { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js";
+import { dispatchReplyWithBufferedBlockDispatcher } from "../../../../src/auto-reply/reply/provider-dispatcher.js";
+import { createReplyReferencePlanner } from "../../../../src/auto-reply/reply/reply-reference.js";
+import { resolveCommandAuthorizedFromAuthorizers } from "../../../../src/channels/command-gating.js";
+import { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js";
+import { recordInboundSession } from "../../../../src/channels/session.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js";
+import { resolveMarkdownTableMode } from "../../../../src/config/markdown-tables.js";
+import { readSessionUpdatedAt, resolveStorePath } from "../../../../src/config/sessions.js";
+import type { DiscordAccountConfig } from "../../../../src/config/types.discord.js";
+import { logVerbose } from "../../../../src/globals.js";
+import { enqueueSystemEvent } from "../../../../src/infra/system-events.js";
+import { logDebug, logError } from "../../../../src/logger.js";
+import { getAgentScopedMediaLocalRoots } from "../../../../src/media/local-roots.js";
+import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js";
+import { upsertChannelPairingRequest } from "../../../../src/pairing/pairing-store.js";
+import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js";
+import { createNonExitingRuntime, type RuntimeEnv } from "../../../../src/runtime.js";
 import {
   readStoreAllowFromForDmPolicy,
   resolvePinnedMainDmOwnerFromAllowlist,
-} from "../../security/dm-policy-shared.js";
+} from "../../../../src/security/dm-policy-shared.js";
 import { resolveDiscordMaxLinesPerMessage } from "../accounts.js";
 import { resolveDiscordComponentEntry, resolveDiscordModalEntry } from "../components-registry.js";
 import {
@@ -360,6 +363,7 @@ async function ensureAgentComponentInteractionAllowed(params: {
 }): Promise<{ parentId: string | undefined } | null> {
   const guildInfo = resolveDiscordGuildEntry({
     guild: params.interaction.guild ?? undefined,
+    guildId: params.rawGuildId,
     guildEntries: params.ctx.guildEntries,
   });
   const channelCtx = resolveDiscordChannelContext(params.interaction);
@@ -1094,6 +1098,7 @@ async function handleDiscordComponentEvent(params: {
   const { channelId, user, replyOpts, rawGuildId, memberRoleIds } = interactionCtx;
   const guildInfo = resolveDiscordGuildEntry({
     guild: params.interaction.guild ?? undefined,
+    guildId: rawGuildId,
     guildEntries: params.ctx.guildEntries,
   });
   const channelCtx = resolveDiscordChannelContext(params.interaction);
@@ -1246,6 +1251,7 @@ async function handleDiscordModalTrigger(params: {
   const { channelId, user, replyOpts, rawGuildId, memberRoleIds } = interactionCtx;
   const guildInfo = resolveDiscordGuildEntry({
     guild: params.interaction.guild ?? undefined,
+    guildId: rawGuildId,
     guildEntries: params.ctx.guildEntries,
   });
   const channelCtx = resolveDiscordChannelContext(params.interaction);
@@ -1696,6 +1702,7 @@ class DiscordComponentModal extends Modal {
     const { channelId, user, replyOpts, rawGuildId, memberRoleIds } = interactionCtx;
     const guildInfo = resolveDiscordGuildEntry({
       guild: interaction.guild ?? undefined,
+      guildId: rawGuildId,
       guildEntries: this.ctx.guildEntries,
     });
     const channelCtx = resolveDiscordChannelContext(interaction);
diff --git a/src/discord/monitor/agent-components.wildcard.test.ts b/extensions/discord/src/monitor/agent-components.wildcard.test.ts
similarity index 100%
rename from src/discord/monitor/agent-components.wildcard.test.ts
rename to extensions/discord/src/monitor/agent-components.wildcard.test.ts
diff --git a/src/discord/monitor/allow-list.ts b/extensions/discord/src/monitor/allow-list.ts
similarity index 94%
rename from src/discord/monitor/allow-list.ts
rename to extensions/discord/src/monitor/allow-list.ts
index 583d4fa7cd2..6391ad5c3a5 100644
--- a/src/discord/monitor/allow-list.ts
+++ b/extensions/discord/src/monitor/allow-list.ts
@@ -1,12 +1,12 @@
 import type { Guild, User } from "@buape/carbon";
-import type { AllowlistMatch } from "../../channels/allowlist-match.js";
+import type { AllowlistMatch } from "../../../../src/channels/allowlist-match.js";
 import {
   buildChannelKeyCandidates,
   resolveChannelEntryMatchWithFallback,
   resolveChannelMatchConfig,
   type ChannelMatchSource,
-} from "../../channels/channel-config.js";
-import { evaluateGroupRouteAccessForPolicy } from "../../plugin-sdk/group-access.js";
+} from "../../../../src/channels/channel-config.js";
+import { evaluateGroupRouteAccessForPolicy } from "../../../../src/plugin-sdk/group-access.js";
 import { formatDiscordUserTag } from "./format.js";
 
 export type DiscordAllowList = {
@@ -19,34 +19,7 @@ export type DiscordAllowListMatch = AllowlistMatch<"wildcard" | "id" | "name" |
 
 const DISCORD_OWNER_ALLOWLIST_PREFIXES = ["discord:", "user:", "pk:"];
 
-export type DiscordGuildEntryResolved = {
-  id?: string;
-  slug?: string;
-  requireMention?: boolean;
-  ignoreOtherMentions?: boolean;
-  reactionNotifications?: "off" | "own" | "all" | "allowlist";
-  users?: string[];
-  roles?: string[];
-  channels?: Record<
-    string,
-    {
-      allow?: boolean;
-      requireMention?: boolean;
-      ignoreOtherMentions?: boolean;
-      skills?: string[];
-      enabled?: boolean;
-      users?: string[];
-      roles?: string[];
-      systemPrompt?: string;
-      includeThreadStarter?: boolean;
-      autoThread?: boolean;
-      autoArchiveDuration?: "60" | "1440" | "4320" | "10080" | 60 | 1440 | 4320 | 10080;
-    }
-  >;
-};
-
-export type DiscordChannelConfigResolved = {
-  allowed: boolean;
+type DiscordChannelOverrideConfig = {
   requireMention?: boolean;
   ignoreOtherMentions?: boolean;
   skills?: string[];
@@ -57,6 +30,21 @@ export type DiscordChannelConfigResolved = {
   includeThreadStarter?: boolean;
   autoThread?: boolean;
   autoArchiveDuration?: "60" | "1440" | "4320" | "10080" | 60 | 1440 | 4320 | 10080;
+};
+
+export type DiscordGuildEntryResolved = {
+  id?: string;
+  slug?: string;
+  requireMention?: boolean;
+  ignoreOtherMentions?: boolean;
+  reactionNotifications?: "off" | "own" | "all" | "allowlist";
+  users?: string[];
+  roles?: string[];
+  channels?: Record<string, { allow?: boolean } & DiscordChannelOverrideConfig>;
+};
+
+export type DiscordChannelConfigResolved = DiscordChannelOverrideConfig & {
+  allowed: boolean;
   matchKey?: string;
   matchSource?: ChannelMatchSource;
 };
@@ -333,25 +321,30 @@ export function resolveDiscordCommandAuthorized(params: {
 
 export function resolveDiscordGuildEntry(params: {
   guild?: Guild<true> | Guild | null;
+  guildId?: string | null;
   guildEntries?: Record<string, DiscordGuildEntryResolved>;
 }): DiscordGuildEntryResolved | null {
   const guild = params.guild;
   const entries = params.guildEntries;
-  if (!guild || !entries) {
+  const guildId = params.guildId?.trim() || guild?.id;
+  if (!entries) {
     return null;
   }
-  const byId = entries[guild.id];
+  const byId = guildId ? entries[guildId] : undefined;
   if (byId) {
-    return { ...byId, id: guild.id };
+    return { ...byId, id: guildId };
+  }
+  if (!guild) {
+    return null;
   }
   const slug = normalizeDiscordSlug(guild.name ?? "");
   const bySlug = entries[slug];
   if (bySlug) {
-    return { ...bySlug, id: guild.id, slug: slug || bySlug.slug };
+    return { ...bySlug, id: guildId ?? guild.id, slug: slug || bySlug.slug };
   }
   const wildcard = entries["*"];
   if (wildcard) {
-    return { ...wildcard, id: guild.id, slug: slug || wildcard.slug };
+    return { ...wildcard, id: guildId ?? guild.id, slug: slug || wildcard.slug };
   }
   return null;
 }
diff --git a/src/discord/monitor/auto-presence.test.ts b/extensions/discord/src/monitor/auto-presence.test.ts
similarity index 98%
rename from src/discord/monitor/auto-presence.test.ts
rename to extensions/discord/src/monitor/auto-presence.test.ts
index d901a76d642..3e81b523bc9 100644
--- a/src/discord/monitor/auto-presence.test.ts
+++ b/extensions/discord/src/monitor/auto-presence.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it, vi } from "vitest";
-import type { AuthProfileStore } from "../../agents/auth-profiles.js";
+import type { AuthProfileStore } from "../../../../src/agents/auth-profiles.js";
 import {
   createDiscordAutoPresenceController,
   resolveDiscordAutoPresenceDecision,
diff --git a/src/discord/monitor/auto-presence.ts b/extensions/discord/src/monitor/auto-presence.ts
similarity index 97%
rename from src/discord/monitor/auto-presence.ts
rename to extensions/discord/src/monitor/auto-presence.ts
index 8c139382dc6..60e5619e348 100644
--- a/src/discord/monitor/auto-presence.ts
+++ b/extensions/discord/src/monitor/auto-presence.ts
@@ -6,9 +6,12 @@ import {
   resolveProfilesUnavailableReason,
   type AuthProfileFailureReason,
   type AuthProfileStore,
-} from "../../agents/auth-profiles.js";
-import type { DiscordAccountConfig, DiscordAutoPresenceConfig } from "../../config/config.js";
-import { warn } from "../../globals.js";
+} from "../../../../src/agents/auth-profiles.js";
+import type {
+  DiscordAccountConfig,
+  DiscordAutoPresenceConfig,
+} from "../../../../src/config/config.js";
+import { warn } from "../../../../src/globals.js";
 import { resolveDiscordPresenceUpdate } from "./presence.js";
 
 const DEFAULT_CUSTOM_ACTIVITY_TYPE = 4;
diff --git a/src/discord/monitor/commands.test.ts b/extensions/discord/src/monitor/commands.test.ts
similarity index 100%
rename from src/discord/monitor/commands.test.ts
rename to extensions/discord/src/monitor/commands.test.ts
diff --git a/src/discord/monitor/commands.ts b/extensions/discord/src/monitor/commands.ts
similarity index 67%
rename from src/discord/monitor/commands.ts
rename to extensions/discord/src/monitor/commands.ts
index 96a277785df..a9bb9c1548e 100644
--- a/src/discord/monitor/commands.ts
+++ b/extensions/discord/src/monitor/commands.ts
@@ -1,4 +1,4 @@
-import type { DiscordSlashCommandConfig } from "../../config/types.discord.js";
+import type { DiscordSlashCommandConfig } from "../../../../src/config/types.discord.js";
 
 export function resolveDiscordSlashCommandConfig(
   raw?: DiscordSlashCommandConfig,
diff --git a/src/discord/monitor/dm-command-auth.test.ts b/extensions/discord/src/monitor/dm-command-auth.test.ts
similarity index 100%
rename from src/discord/monitor/dm-command-auth.test.ts
rename to extensions/discord/src/monitor/dm-command-auth.test.ts
diff --git a/src/discord/monitor/dm-command-auth.ts b/extensions/discord/src/monitor/dm-command-auth.ts
similarity index 95%
rename from src/discord/monitor/dm-command-auth.ts
rename to extensions/discord/src/monitor/dm-command-auth.ts
index 2a9e18be0b0..2fa02d9d605 100644
--- a/src/discord/monitor/dm-command-auth.ts
+++ b/extensions/discord/src/monitor/dm-command-auth.ts
@@ -1,9 +1,9 @@
-import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-gating.js";
+import { resolveCommandAuthorizedFromAuthorizers } from "../../../../src/channels/command-gating.js";
 import {
   readStoreAllowFromForDmPolicy,
   resolveDmGroupAccessWithLists,
   type DmGroupAccessDecision,
-} from "../../security/dm-policy-shared.js";
+} from "../../../../src/security/dm-policy-shared.js";
 import { normalizeDiscordAllowList, resolveDiscordAllowListMatch } from "./allow-list.js";
 
 const DISCORD_ALLOW_LIST_PREFIXES = ["discord:", "user:", "pk:"];
diff --git a/src/discord/monitor/dm-command-decision.test.ts b/extensions/discord/src/monitor/dm-command-decision.test.ts
similarity index 100%
rename from src/discord/monitor/dm-command-decision.test.ts
rename to extensions/discord/src/monitor/dm-command-decision.test.ts
diff --git a/src/discord/monitor/dm-command-decision.ts b/extensions/discord/src/monitor/dm-command-decision.ts
similarity index 88%
rename from src/discord/monitor/dm-command-decision.ts
rename to extensions/discord/src/monitor/dm-command-decision.ts
index d5b533bfdaa..8c15e7cac11 100644
--- a/src/discord/monitor/dm-command-decision.ts
+++ b/extensions/discord/src/monitor/dm-command-decision.ts
@@ -1,5 +1,5 @@
-import { issuePairingChallenge } from "../../pairing/pairing-challenge.js";
-import { upsertChannelPairingRequest } from "../../pairing/pairing-store.js";
+import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js";
+import { upsertChannelPairingRequest } from "../../../../src/pairing/pairing-store.js";
 import type { DiscordDmCommandAccess } from "./dm-command-auth.js";
 
 export async function handleDiscordDmCommandDecision(params: {
diff --git a/src/discord/monitor/exec-approvals.test.ts b/extensions/discord/src/monitor/exec-approvals.test.ts
similarity index 92%
rename from src/discord/monitor/exec-approvals.test.ts
rename to extensions/discord/src/monitor/exec-approvals.test.ts
index 8f9430393a2..be3ead1d400 100644
--- a/src/discord/monitor/exec-approvals.test.ts
+++ b/extensions/discord/src/monitor/exec-approvals.test.ts
@@ -4,8 +4,8 @@ import path from "node:path";
 import type { ButtonInteraction, ComponentData } from "@buape/carbon";
 import { Routes } from "discord-api-types/v10";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { clearSessionStoreCacheForTest } from "../../config/sessions.js";
-import type { DiscordExecApprovalConfig } from "../../config/types.discord.js";
+import { clearSessionStoreCacheForTest } from "../../../../src/config/sessions.js";
+import type { DiscordExecApprovalConfig } from "../../../../src/config/types.discord.js";
 import {
   buildExecApprovalCustomId,
   extractDiscordChannelId,
@@ -76,7 +76,7 @@ vi.mock("../send.shared.js", async (importOriginal) => {
   };
 });
 
-vi.mock("../../gateway/client.js", () => ({
+vi.mock("../../../../src/gateway/client.js", () => ({
   GatewayClient: class {
     private params: Record<string, unknown>;
     constructor(params: Record<string, unknown>) {
@@ -96,11 +96,11 @@ vi.mock("../../gateway/client.js", () => ({
   },
 }));
 
-vi.mock("../../gateway/connection-auth.js", () => ({
+vi.mock("../../../../src/gateway/connection-auth.js", () => ({
   resolveGatewayConnectionAuth: mockResolveGatewayConnectionAuth,
 }));
 
-vi.mock("../../logger.js", () => ({
+vi.mock("../../../../src/logger.js", () => ({
   logDebug: vi.fn(),
   logError: vi.fn(),
 }));
@@ -116,6 +116,62 @@ function createHandler(config: DiscordExecApprovalConfig, accountId = "default")
   });
 }
 
+function mockSuccessfulDmDelivery(params?: {
+  noteChannelId?: string;
+  expectedNoteText?: string;
+  throwOnUnexpectedRoute?: boolean;
+}) {
+  mockRestPost.mockImplementation(
+    async (route: string, requestParams?: { body?: { content?: string } }) => {
+      if (params?.noteChannelId && route === Routes.channelMessages(params.noteChannelId)) {
+        if (params.expectedNoteText) {
+          expect(requestParams?.body?.content).toContain(params.expectedNoteText);
+        }
+        return { id: "note-1", channel_id: params.noteChannelId };
+      }
+      if (route === Routes.userChannels()) {
+        return { id: "dm-1" };
+      }
+      if (route === Routes.channelMessages("dm-1")) {
+        return { id: "msg-1", channel_id: "dm-1" };
+      }
+      if (params?.throwOnUnexpectedRoute) {
+        throw new Error(`unexpected route: ${route}`);
+      }
+      return { id: "msg-unknown" };
+    },
+  );
+}
+
+async function expectGatewayAuthStart(params: {
+  handler: DiscordExecApprovalHandler;
+  expectedUrl: string;
+  expectedSource: "cli" | "env";
+  expectedToken?: string;
+  expectedPassword?: string;
+}) {
+  await params.handler.start();
+
+  expect(mockResolveGatewayConnectionAuth).toHaveBeenCalledWith(
+    expect.objectContaining({
+      env: process.env,
+      urlOverride: params.expectedUrl,
+      urlOverrideSource: params.expectedSource,
+    }),
+  );
+
+  const expectedClientParams: Record<string, unknown> = {
+    url: params.expectedUrl,
+  };
+  if (params.expectedToken !== undefined) {
+    expectedClientParams.token = params.expectedToken;
+  }
+  if (params.expectedPassword !== undefined) {
+    expectedClientParams.password = params.expectedPassword;
+  }
+  expect(mockGatewayClientCtor).toHaveBeenCalledWith(expect.objectContaining(expectedClientParams));
+}
+
 type ExecApprovalHandlerInternals = {
   pending: Map<
     string,
@@ -772,15 +828,7 @@ describe("DiscordExecApprovalHandler delivery routing", () => {
     });
     const internals = getHandlerInternals(handler);
 
-    mockRestPost.mockImplementation(async (route: string) => {
-      if (route === Routes.userChannels()) {
-        return { id: "dm-1" };
-      }
-      if (route === Routes.channelMessages("dm-1")) {
-        return { id: "msg-1", channel_id: "dm-1" };
-      }
-      return { id: "msg-unknown" };
-    });
+    mockSuccessfulDmDelivery();
 
     const request = createRequest({ sessionKey: "agent:main:discord:dm:123" });
     await internals.handleApprovalRequested(request);
@@ -809,21 +857,11 @@ describe("DiscordExecApprovalHandler delivery routing", () => {
     });
     const internals = getHandlerInternals(handler);
 
-    mockRestPost.mockImplementation(
-      async (route: string, params?: { body?: { content?: string } }) => {
-        if (route === Routes.channelMessages("999888777")) {
-          expect(params?.body?.content).toContain("I sent the allowed approvers DMs");
-          return { id: "note-1", channel_id: "999888777" };
-        }
-        if (route === Routes.userChannels()) {
-          return { id: "dm-1" };
-        }
-        if (route === Routes.channelMessages("dm-1")) {
-          return { id: "msg-1", channel_id: "dm-1" };
-        }
-        throw new Error(`unexpected route: ${route}`);
-      },
-    );
+    mockSuccessfulDmDelivery({
+      noteChannelId: "999888777",
+      expectedNoteText: "I sent the allowed approvers DMs",
+      throwOnUnexpectedRoute: true,
+    });
 
     await internals.handleApprovalRequested(createRequest());
 
@@ -853,15 +891,7 @@ describe("DiscordExecApprovalHandler delivery routing", () => {
     });
     const internals = getHandlerInternals(handler);
 
-    mockRestPost.mockImplementation(async (route: string) => {
-      if (route === Routes.userChannels()) {
-        return { id: "dm-1" };
-      }
-      if (route === Routes.channelMessages("dm-1")) {
-        return { id: "msg-1", channel_id: "dm-1" };
-      }
-      throw new Error(`unexpected route: ${route}`);
-    });
+    mockSuccessfulDmDelivery({ throwOnUnexpectedRoute: true });
 
     await internals.handleApprovalRequested(
       createRequest({ sessionKey: "agent:main:discord:dm:123" }),
@@ -890,22 +920,13 @@ describe("DiscordExecApprovalHandler gateway auth resolution", () => {
       cfg: { session: { store: STORE_PATH } },
     });
 
-    await handler.start();
-
-    expect(mockResolveGatewayConnectionAuth).toHaveBeenCalledWith(
-      expect.objectContaining({
-        env: process.env,
-        urlOverride: "wss://override.example/ws",
-        urlOverrideSource: "cli",
-      }),
-    );
-    expect(mockGatewayClientCtor).toHaveBeenCalledWith(
-      expect.objectContaining({
-        url: "wss://override.example/ws",
-        token: "resolved-token",
-        password: "resolved-password", // pragma: allowlist secret
-      }),
-    );
+    await expectGatewayAuthStart({
+      handler,
+      expectedUrl: "wss://override.example/ws",
+      expectedSource: "cli",
+      expectedToken: "resolved-token",
+      expectedPassword: "resolved-password", // pragma: allowlist secret
+    });
 
     await handler.stop();
   });
@@ -921,20 +942,11 @@ describe("DiscordExecApprovalHandler gateway auth resolution", () => {
         cfg: { session: { store: STORE_PATH } },
       });
 
-      await handler.start();
-
-      expect(mockResolveGatewayConnectionAuth).toHaveBeenCalledWith(
-        expect.objectContaining({
-          env: process.env,
-          urlOverride: "wss://gateway-from-env.example/ws",
-          urlOverrideSource: "env",
-        }),
-      );
-      expect(mockGatewayClientCtor).toHaveBeenCalledWith(
-        expect.objectContaining({
-          url: "wss://gateway-from-env.example/ws",
-        }),
-      );
+      await expectGatewayAuthStart({
+        handler,
+        expectedUrl: "wss://gateway-from-env.example/ws",
+        expectedSource: "env",
+      });
 
       await handler.stop();
     } finally {
diff --git a/src/discord/monitor/exec-approvals.ts b/extensions/discord/src/monitor/exec-approvals.ts
similarity index 92%
rename from src/discord/monitor/exec-approvals.ts
rename to extensions/discord/src/monitor/exec-approvals.ts
index 87dc0c9a07d..e5fda7682a9 100644
--- a/src/discord/monitor/exec-approvals.ts
+++ b/extensions/discord/src/monitor/exec-approvals.ts
@@ -10,24 +10,30 @@ import {
   type TopLevelComponents,
 } from "@buape/carbon";
 import { ButtonStyle, Routes } from "discord-api-types/v10";
-import type { OpenClawConfig } from "../../config/config.js";
-import { loadSessionStore, resolveStorePath } from "../../config/sessions.js";
-import type { DiscordExecApprovalConfig } from "../../config/types.discord.js";
-import { GatewayClient } from "../../gateway/client.js";
-import { createOperatorApprovalsGatewayClient } from "../../gateway/operator-approvals-client.js";
-import type { EventFrame } from "../../gateway/protocol/index.js";
-import { resolveExecApprovalCommandDisplay } from "../../infra/exec-approval-command-display.js";
-import { getExecApprovalApproverDmNoticeText } from "../../infra/exec-approval-reply.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import { loadSessionStore, resolveStorePath } from "../../../../src/config/sessions.js";
+import type { DiscordExecApprovalConfig } from "../../../../src/config/types.discord.js";
+import { GatewayClient } from "../../../../src/gateway/client.js";
+import { createOperatorApprovalsGatewayClient } from "../../../../src/gateway/operator-approvals-client.js";
+import type { EventFrame } from "../../../../src/gateway/protocol/index.js";
+import { resolveExecApprovalCommandDisplay } from "../../../../src/infra/exec-approval-command-display.js";
+import { getExecApprovalApproverDmNoticeText } from "../../../../src/infra/exec-approval-reply.js";
 import type {
   ExecApprovalDecision,
   ExecApprovalRequest,
   ExecApprovalResolved,
-} from "../../infra/exec-approvals.js";
-import { logDebug, logError } from "../../logger.js";
-import { normalizeAccountId, resolveAgentIdFromSessionKey } from "../../routing/session-key.js";
-import type { RuntimeEnv } from "../../runtime.js";
-import { compileSafeRegex, testRegexWithBoundedInput } from "../../security/safe-regex.js";
-import { normalizeMessageChannel } from "../../utils/message-channel.js";
+} from "../../../../src/infra/exec-approvals.js";
+import { logDebug, logError } from "../../../../src/logger.js";
+import {
+  normalizeAccountId,
+  resolveAgentIdFromSessionKey,
+} from "../../../../src/routing/session-key.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
+import {
+  compileSafeRegex,
+  testRegexWithBoundedInput,
+} from "../../../../src/security/safe-regex.js";
+import { normalizeMessageChannel } from "../../../../src/utils/message-channel.js";
 import { createDiscordClient, stripUndefinedFields } from "../send.shared.js";
 import { DiscordUiContainer } from "../ui.js";
 
@@ -252,17 +258,30 @@ function formatOptionalCommandPreview(
   return formatCommandPreview(commandText, maxChars);
 }
 
+function resolveExecApprovalPreviews(
+  request: ExecApprovalRequest["request"],
+  maxChars: number,
+  secondaryMaxChars: number,
+): { commandPreview: string; commandSecondaryPreview: string | null } {
+  const { commandText, commandPreview: secondaryPreview } =
+    resolveExecApprovalCommandDisplay(request);
+  return {
+    commandPreview: formatCommandPreview(commandText, maxChars),
+    commandSecondaryPreview: formatOptionalCommandPreview(secondaryPreview, secondaryMaxChars),
+  };
+}
+
 function createExecApprovalRequestContainer(params: {
   request: ExecApprovalRequest;
   cfg: OpenClawConfig;
   accountId: string;
   actionRow?: Row<Button>;
 }): ExecApprovalContainer {
-  const { commandText, commandPreview: secondaryPreview } = resolveExecApprovalCommandDisplay(
+  const { commandPreview, commandSecondaryPreview } = resolveExecApprovalPreviews(
     params.request.request,
+    1000,
+    500,
   );
-  const commandPreview = formatCommandPreview(commandText, 1000);
-  const commandSecondaryPreview = formatOptionalCommandPreview(secondaryPreview, 500);
   const expiresAtSeconds = Math.max(0, Math.floor(params.request.expiresAtMs / 1000));
 
   return new ExecApprovalContainer({
@@ -286,11 +305,11 @@ function createResolvedContainer(params: {
   cfg: OpenClawConfig;
   accountId: string;
 }): ExecApprovalContainer {
-  const { commandText, commandPreview: secondaryPreview } = resolveExecApprovalCommandDisplay(
+  const { commandPreview, commandSecondaryPreview } = resolveExecApprovalPreviews(
     params.request.request,
+    500,
+    300,
   );
-  const commandPreview = formatCommandPreview(commandText, 500);
-  const commandSecondaryPreview = formatOptionalCommandPreview(secondaryPreview, 300);
 
   const decisionLabel =
     params.decision === "allow-once"
@@ -323,11 +342,11 @@ function createExpiredContainer(params: {
   cfg: OpenClawConfig;
   accountId: string;
 }): ExecApprovalContainer {
-  const { commandText, commandPreview: secondaryPreview } = resolveExecApprovalCommandDisplay(
+  const { commandPreview, commandSecondaryPreview } = resolveExecApprovalPreviews(
     params.request.request,
+    500,
+    300,
   );
-  const commandPreview = formatCommandPreview(commandText, 500);
-  const commandSecondaryPreview = formatOptionalCommandPreview(secondaryPreview, 300);
 
   return new ExecApprovalContainer({
     cfg: params.cfg,
diff --git a/src/discord/monitor/format.ts b/extensions/discord/src/monitor/format.ts
similarity index 100%
rename from src/discord/monitor/format.ts
rename to extensions/discord/src/monitor/format.ts
diff --git a/src/discord/monitor/gateway-error-guard.test.ts b/extensions/discord/src/monitor/gateway-error-guard.test.ts
similarity index 100%
rename from src/discord/monitor/gateway-error-guard.test.ts
rename to extensions/discord/src/monitor/gateway-error-guard.test.ts
diff --git a/src/discord/monitor/gateway-error-guard.ts b/extensions/discord/src/monitor/gateway-error-guard.ts
similarity index 100%
rename from src/discord/monitor/gateway-error-guard.ts
rename to extensions/discord/src/monitor/gateway-error-guard.ts
diff --git a/src/discord/monitor/gateway-plugin.ts b/extensions/discord/src/monitor/gateway-plugin.ts
similarity index 95%
rename from src/discord/monitor/gateway-plugin.ts
rename to extensions/discord/src/monitor/gateway-plugin.ts
index b4030bcb386..1799c16d79e 100644
--- a/src/discord/monitor/gateway-plugin.ts
+++ b/extensions/discord/src/monitor/gateway-plugin.ts
@@ -3,9 +3,9 @@ import type { APIGatewayBotInfo } from "discord-api-types/v10";
 import { HttpsProxyAgent } from "https-proxy-agent";
 import { ProxyAgent, fetch as undiciFetch } from "undici";
 import WebSocket from "ws";
-import type { DiscordAccountConfig } from "../../config/types.js";
-import { danger } from "../../globals.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { DiscordAccountConfig } from "../../../../src/config/types.js";
+import { danger } from "../../../../src/globals.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 
 const DISCORD_GATEWAY_BOT_URL = "https://discord.com/api/v10/gateway/bot";
 const DEFAULT_DISCORD_GATEWAY_URL = "wss://gateway.discord.gg/";
@@ -20,7 +20,7 @@ type DiscordGatewayFetch = (
 ) => Promise<DiscordGatewayMetadataResponse>;
 
 export function resolveDiscordGatewayIntents(
-  intentsConfig?: import("../../config/types.discord.js").DiscordIntentsConfig,
+  intentsConfig?: import("../../../../src/config/types.discord.js").DiscordIntentsConfig,
 ): number {
   let intents =
     GatewayIntents.Guilds |
diff --git a/src/discord/monitor/gateway-registry.ts b/extensions/discord/src/monitor/gateway-registry.ts
similarity index 100%
rename from src/discord/monitor/gateway-registry.ts
rename to extensions/discord/src/monitor/gateway-registry.ts
diff --git a/src/discord/monitor/inbound-context.test.ts b/extensions/discord/src/monitor/inbound-context.test.ts
similarity index 100%
rename from src/discord/monitor/inbound-context.test.ts
rename to extensions/discord/src/monitor/inbound-context.test.ts
diff --git a/src/discord/monitor/inbound-context.ts b/extensions/discord/src/monitor/inbound-context.ts
similarity index 94%
rename from src/discord/monitor/inbound-context.ts
rename to extensions/discord/src/monitor/inbound-context.ts
index 516746583fa..26b2a07f03e 100644
--- a/src/discord/monitor/inbound-context.ts
+++ b/extensions/discord/src/monitor/inbound-context.ts
@@ -1,4 +1,4 @@
-import { buildUntrustedChannelMetadata } from "../../security/channel-metadata.js";
+import { buildUntrustedChannelMetadata } from "../../../../src/security/channel-metadata.js";
 import {
   resolveDiscordOwnerAllowFrom,
   type DiscordChannelConfigResolved,
diff --git a/src/discord/monitor/inbound-job.test.ts b/extensions/discord/src/monitor/inbound-job.test.ts
similarity index 100%
rename from src/discord/monitor/inbound-job.test.ts
rename to extensions/discord/src/monitor/inbound-job.test.ts
diff --git a/src/discord/monitor/inbound-job.ts b/extensions/discord/src/monitor/inbound-job.ts
similarity index 100%
rename from src/discord/monitor/inbound-job.ts
rename to extensions/discord/src/monitor/inbound-job.ts
diff --git a/src/discord/monitor/inbound-worker.ts b/extensions/discord/src/monitor/inbound-worker.ts
similarity index 91%
rename from src/discord/monitor/inbound-worker.ts
rename to extensions/discord/src/monitor/inbound-worker.ts
index eb4337cb913..214eb6a8020 100644
--- a/src/discord/monitor/inbound-worker.ts
+++ b/extensions/discord/src/monitor/inbound-worker.ts
@@ -1,7 +1,7 @@
-import { createRunStateMachine } from "../../channels/run-state-machine.js";
-import { danger } from "../../globals.js";
-import { formatDurationSeconds } from "../../infra/format-time/format-duration.ts";
-import { KeyedAsyncQueue } from "../../plugin-sdk/keyed-async-queue.js";
+import { createRunStateMachine } from "../../../../src/channels/run-state-machine.js";
+import { danger } from "../../../../src/globals.js";
+import { formatDurationSeconds } from "../../../../src/infra/format-time/format-duration.ts";
+import { KeyedAsyncQueue } from "../../../../src/plugin-sdk/keyed-async-queue.js";
 import { materializeDiscordInboundJob, type DiscordInboundJob } from "./inbound-job.js";
 import type { RuntimeEnv } from "./message-handler.preflight.types.js";
 import { processDiscordMessage } from "./message-handler.process.js";
diff --git a/src/discord/monitor/listeners.test.ts b/extensions/discord/src/monitor/listeners.test.ts
similarity index 86%
rename from src/discord/monitor/listeners.test.ts
rename to extensions/discord/src/monitor/listeners.test.ts
index 71145396a82..d8158320e44 100644
--- a/src/discord/monitor/listeners.test.ts
+++ b/extensions/discord/src/monitor/listeners.test.ts
@@ -12,6 +12,14 @@ function fakeEvent(channelId: string) {
   return { channel_id: channelId } as never;
 }
 
+function createDeferred() {
+  let resolve: (() => void) | undefined;
+  const promise = new Promise<void>((r) => {
+    resolve = r;
+  });
+  return { promise, resolve };
+}
+
 describe("DiscordMessageListener", () => {
   it("returns immediately without awaiting handler completion", async () => {
     let resolveHandler: (() => void) | undefined;
@@ -38,23 +46,17 @@ describe("DiscordMessageListener", () => {
 
   it("runs handlers for the same channel concurrently (no per-channel serialization)", async () => {
     const order: string[] = [];
-    let resolveA: (() => void) | undefined;
-    let resolveB: (() => void) | undefined;
-    const doneA = new Promise<void>((r) => {
-      resolveA = r;
-    });
-    const doneB = new Promise<void>((r) => {
-      resolveB = r;
-    });
+    const deferredA = createDeferred();
+    const deferredB = createDeferred();
     let callCount = 0;
     const handler = vi.fn(async () => {
       callCount += 1;
       const id = callCount;
       order.push(`start:${id}`);
       if (id === 1) {
-        await doneA;
+        await deferredA.promise;
       } else {
-        await doneB;
+        await deferredB.promise;
       }
       order.push(`end:${id}`);
     });
@@ -71,35 +73,29 @@ describe("DiscordMessageListener", () => {
     expect(order).toContain("start:1");
     expect(order).toContain("start:2");
 
-    resolveB?.();
+    deferredB.resolve?.();
     await vi.waitFor(() => {
       expect(order).toContain("end:2");
     });
     // First handler is still running — no serialization.
     expect(order).not.toContain("end:1");
 
-    resolveA?.();
+    deferredA.resolve?.();
     await vi.waitFor(() => {
       expect(order).toContain("end:1");
     });
   });
 
   it("runs handlers for different channels in parallel", async () => {
-    let resolveA: (() => void) | undefined;
-    let resolveB: (() => void) | undefined;
-    const doneA = new Promise<void>((r) => {
-      resolveA = r;
-    });
-    const doneB = new Promise<void>((r) => {
-      resolveB = r;
-    });
+    const deferredA = createDeferred();
+    const deferredB = createDeferred();
     const order: string[] = [];
     const handler = vi.fn(async (data: { channel_id: string }) => {
       order.push(`start:${data.channel_id}`);
       if (data.channel_id === "ch-a") {
-        await doneA;
+        await deferredA.promise;
       } else {
-        await doneB;
+        await deferredB.promise;
       }
       order.push(`end:${data.channel_id}`);
     });
@@ -114,13 +110,13 @@ describe("DiscordMessageListener", () => {
     expect(order).toContain("start:ch-a");
     expect(order).toContain("start:ch-b");
 
-    resolveB?.();
+    deferredB.resolve?.();
     await vi.waitFor(() => {
       expect(order).toContain("end:ch-b");
     });
     expect(order).not.toContain("end:ch-a");
 
-    resolveA?.();
+    deferredA.resolve?.();
     await vi.waitFor(() => {
       expect(order).toContain("end:ch-a");
     });
diff --git a/src/discord/monitor/listeners.ts b/extensions/discord/src/monitor/listeners.ts
similarity index 96%
rename from src/discord/monitor/listeners.ts
rename to extensions/discord/src/monitor/listeners.ts
index 824cb5fb19a..b0dd33543b0 100644
--- a/src/discord/monitor/listeners.ts
+++ b/extensions/discord/src/monitor/listeners.ts
@@ -8,16 +8,16 @@ import {
   ThreadUpdateListener,
   type User,
 } from "@buape/carbon";
-import type { OpenClawConfig } from "../../config/config.js";
-import { danger, logVerbose } from "../../globals.js";
-import { formatDurationSeconds } from "../../infra/format-time/format-duration.ts";
-import { enqueueSystemEvent } from "../../infra/system-events.js";
-import { createSubsystemLogger } from "../../logging/subsystem.js";
-import { resolveAgentRoute } from "../../routing/resolve-route.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import { danger, logVerbose } from "../../../../src/globals.js";
+import { formatDurationSeconds } from "../../../../src/infra/format-time/format-duration.ts";
+import { enqueueSystemEvent } from "../../../../src/infra/system-events.js";
+import { createSubsystemLogger } from "../../../../src/logging/subsystem.js";
+import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js";
 import {
   readStoreAllowFromForDmPolicy,
   resolveDmGroupAccessWithLists,
-} from "../../security/dm-policy-shared.js";
+} from "../../../../src/security/dm-policy-shared.js";
 import {
   isDiscordGroupAllowedByPolicy,
   normalizeDiscordAllowList,
@@ -36,9 +36,11 @@ import { isThreadArchived } from "./thread-bindings.discord-api.js";
 import { closeDiscordThreadSessions } from "./thread-session-close.js";
 import { normalizeDiscordListenerTimeoutMs, runDiscordTaskWithTimeout } from "./timeouts.js";
 
-type LoadedConfig = ReturnType<typeof import("../../config/config.js").loadConfig>;
-type RuntimeEnv = import("../../runtime.js").RuntimeEnv;
-type Logger = ReturnType<typeof import("../../logging/subsystem.js").createSubsystemLogger>;
+type LoadedConfig = ReturnType<typeof import("../../../../src/config/config.js").loadConfig>;
+type RuntimeEnv = import("../../../../src/runtime.js").RuntimeEnv;
+type Logger = ReturnType<
+  typeof import("../../../../src/logging/subsystem.js").createSubsystemLogger
+>;
 
 export type DiscordMessageEvent = Parameters<MessageCreateListener["handle"]>[0];
 
@@ -430,6 +432,7 @@ async function handleDiscordReactionEvent(
     const guildInfo = isGuildMessage
       ? resolveDiscordGuildEntry({
           guild: data.guild ?? undefined,
+          guildId: data.guild_id ?? undefined,
           guildEntries,
         })
       : null;
diff --git a/src/discord/monitor/message-handler.bot-self-filter.test.ts b/extensions/discord/src/monitor/message-handler.bot-self-filter.test.ts
similarity index 82%
rename from src/discord/monitor/message-handler.bot-self-filter.test.ts
rename to extensions/discord/src/monitor/message-handler.bot-self-filter.test.ts
index 4358301b92d..6538ec1915a 100644
--- a/src/discord/monitor/message-handler.bot-self-filter.test.ts
+++ b/extensions/discord/src/monitor/message-handler.bot-self-filter.test.ts
@@ -1,23 +1,15 @@
 import { describe, expect, it, vi } from "vitest";
+import {
+  createDiscordMessageHandler,
+  preflightDiscordMessageMock,
+  processDiscordMessageMock,
+} from "./message-handler.module-test-helpers.js";
 import {
   DEFAULT_DISCORD_BOT_USER_ID,
   createDiscordHandlerParams,
   createDiscordPreflightContext,
 } from "./message-handler.test-helpers.js";
 
-const preflightDiscordMessageMock = vi.hoisted(() => vi.fn());
-const processDiscordMessageMock = vi.hoisted(() => vi.fn());
-
-vi.mock("./message-handler.preflight.js", () => ({
-  preflightDiscordMessage: preflightDiscordMessageMock,
-}));
-
-vi.mock("./message-handler.process.js", () => ({
-  processDiscordMessage: processDiscordMessageMock,
-}));
-
-const { createDiscordMessageHandler } = await import("./message-handler.js");
-
 function createMessageData(authorId: string, channelId = "ch-1") {
   return {
     author: { id: authorId, bot: authorId === DEFAULT_DISCORD_BOT_USER_ID },
diff --git a/src/discord/monitor/message-handler.inbound-contract.test.ts b/extensions/discord/src/monitor/message-handler.inbound-contract.test.ts
similarity index 91%
rename from src/discord/monitor/message-handler.inbound-contract.test.ts
rename to extensions/discord/src/monitor/message-handler.inbound-contract.test.ts
index b6a3c8f85f1..97d18985460 100644
--- a/src/discord/monitor/message-handler.inbound-contract.test.ts
+++ b/extensions/discord/src/monitor/message-handler.inbound-contract.test.ts
@@ -1,6 +1,6 @@
 import { describe, expect, it } from "vitest";
-import { inboundCtxCapture as capture } from "../../../test/helpers/inbound-contract-dispatch-mock.js";
-import { expectInboundContextContract } from "../../../test/helpers/inbound-contract.js";
+import { inboundCtxCapture as capture } from "../../../../test/helpers/inbound-contract-dispatch-mock.js";
+import { expectInboundContextContract } from "../../../../test/helpers/inbound-contract.js";
 import type { DiscordMessagePreflightContext } from "./message-handler.preflight.js";
 import { processDiscordMessage } from "./message-handler.process.js";
 import {
diff --git a/extensions/discord/src/monitor/message-handler.module-test-helpers.ts b/extensions/discord/src/monitor/message-handler.module-test-helpers.ts
new file mode 100644
index 00000000000..83174ad5621
--- /dev/null
+++ b/extensions/discord/src/monitor/message-handler.module-test-helpers.ts
@@ -0,0 +1,15 @@
+import { vi } from "vitest";
+import type { MockFn } from "../../../../src/test-utils/vitest-mock-fn.js";
+
+export const preflightDiscordMessageMock: MockFn = vi.fn();
+export const processDiscordMessageMock: MockFn = vi.fn();
+
+vi.mock("./message-handler.preflight.js", () => ({
+  preflightDiscordMessage: preflightDiscordMessageMock,
+}));
+
+vi.mock("./message-handler.process.js", () => ({
+  processDiscordMessage: processDiscordMessageMock,
+}));
+
+export const { createDiscordMessageHandler } = await import("./message-handler.js");
diff --git a/src/discord/monitor/message-handler.preflight.acp-bindings.test.ts b/extensions/discord/src/monitor/message-handler.preflight.acp-bindings.test.ts
similarity index 67%
rename from src/discord/monitor/message-handler.preflight.acp-bindings.test.ts
rename to extensions/discord/src/monitor/message-handler.preflight.acp-bindings.test.ts
index 1d7344ca15f..01bac15e856 100644
--- a/src/discord/monitor/message-handler.preflight.acp-bindings.test.ts
+++ b/extensions/discord/src/monitor/message-handler.preflight.acp-bindings.test.ts
@@ -1,19 +1,24 @@
-import { ChannelType } from "@buape/carbon";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 
 const ensureConfiguredAcpBindingSessionMock = vi.hoisted(() => vi.fn());
 const resolveConfiguredAcpBindingRecordMock = vi.hoisted(() => vi.fn());
 
-vi.mock("../../acp/persistent-bindings.js", () => ({
+vi.mock("../../../../src/acp/persistent-bindings.js", () => ({
   ensureConfiguredAcpBindingSession: (...args: unknown[]) =>
     ensureConfiguredAcpBindingSessionMock(...args),
   resolveConfiguredAcpBindingRecord: (...args: unknown[]) =>
     resolveConfiguredAcpBindingRecordMock(...args),
 }));
 
-import { __testing as sessionBindingTesting } from "../../infra/outbound/session-binding-service.js";
+import { __testing as sessionBindingTesting } from "../../../../src/infra/outbound/session-binding-service.js";
 import { preflightDiscordMessage } from "./message-handler.preflight.js";
-import { createNoopThreadBindingManager } from "./thread-bindings.js";
+import {
+  createDiscordMessage,
+  createDiscordPreflightArgs,
+  createGuildEvent,
+  createGuildTextClient,
+  DEFAULT_PREFLIGHT_CFG,
+} from "./message-handler.preflight.test-helpers.js";
 
 const GUILD_ID = "guild-1";
 const CHANNEL_ID = "channel-1";
@@ -48,70 +53,40 @@ function createConfiguredDiscordBinding() {
 }
 
 function createBasePreflightParams(overrides?: Record<string, unknown>) {
-  const message = {
+  const message = createDiscordMessage({
     id: "m-1",
-    content: "<@bot-1> hello",
-    timestamp: new Date().toISOString(),
     channelId: CHANNEL_ID,
-    attachments: [],
+    content: "<@bot-1> hello",
     mentionedUsers: [{ id: "bot-1" }],
-    mentionedRoles: [],
-    mentionedEveryone: false,
     author: {
       id: "user-1",
       bot: false,
       username: "alice",
     },
-  } as unknown as import("@buape/carbon").Message;
-
-  const client = {
-    fetchChannel: async (channelId: string) => {
-      if (channelId === CHANNEL_ID) {
-        return {
-          id: CHANNEL_ID,
-          type: ChannelType.GuildText,
-          name: "general",
-        };
-      }
-      return null;
-    },
-  } as unknown as import("@buape/carbon").Client;
+  });
 
   return {
-    cfg: {
-      session: {
-        mainKey: "main",
-        scope: "per-sender",
-      },
-    } as import("../../config/config.js").OpenClawConfig,
+    ...createDiscordPreflightArgs({
+      cfg: DEFAULT_PREFLIGHT_CFG,
+      discordConfig: {
+        allowBots: true,
+      } as NonNullable<
+        import("../../../../src/config/config.js").OpenClawConfig["channels"]
+      >["discord"],
+      data: createGuildEvent({
+        channelId: CHANNEL_ID,
+        guildId: GUILD_ID,
+        author: message.author,
+        message,
+      }),
+      client: createGuildTextClient(CHANNEL_ID),
+      botUserId: "bot-1",
+    }),
     discordConfig: {
       allowBots: true,
-    } as NonNullable<import("../../config/config.js").OpenClawConfig["channels"]>["discord"],
-    accountId: "default",
-    token: "token",
-    runtime: {} as import("../../runtime.js").RuntimeEnv,
-    botUserId: "bot-1",
-    guildHistories: new Map(),
-    historyLimit: 0,
-    mediaMaxBytes: 1_000_000,
-    textLimit: 2_000,
-    replyToMode: "all",
-    dmEnabled: true,
-    groupDmEnabled: true,
-    ackReactionScope: "direct",
-    groupPolicy: "open",
-    threadBindings: createNoopThreadBindingManager("default"),
-    data: {
-      channel_id: CHANNEL_ID,
-      guild_id: GUILD_ID,
-      guild: {
-        id: GUILD_ID,
-        name: "Guild One",
-      },
-      author: message.author,
-      message,
-    } as unknown as import("./listeners.js").DiscordMessageEvent,
-    client,
+    } as NonNullable<
+      import("../../../../src/config/config.js").OpenClawConfig["channels"]
+    >["discord"],
     ...overrides,
   } satisfies Parameters<typeof preflightDiscordMessage>[0];
 }
diff --git a/extensions/discord/src/monitor/message-handler.preflight.test-helpers.ts b/extensions/discord/src/monitor/message-handler.preflight.test-helpers.ts
new file mode 100644
index 00000000000..24895d287f7
--- /dev/null
+++ b/extensions/discord/src/monitor/message-handler.preflight.test-helpers.ts
@@ -0,0 +1,108 @@
+import { ChannelType } from "@buape/carbon";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import type { preflightDiscordMessage } from "./message-handler.preflight.js";
+import { createNoopThreadBindingManager } from "./thread-bindings.js";
+
+export type DiscordConfig = NonNullable<OpenClawConfig["channels"]>["discord"];
+export type DiscordMessageEvent = import("./listeners.js").DiscordMessageEvent;
+export type DiscordClient = import("@buape/carbon").Client;
+
+export const DEFAULT_PREFLIGHT_CFG = {
+  session: {
+    mainKey: "main",
+    scope: "per-sender",
+  },
+} as OpenClawConfig;
+
+export function createGuildTextClient(channelId: string): DiscordClient {
+  return {
+    fetchChannel: async (id: string) => {
+      if (id === channelId) {
+        return {
+          id: channelId,
+          type: ChannelType.GuildText,
+          name: "general",
+        };
+      }
+      return null;
+    },
+  } as unknown as DiscordClient;
+}
+
+export function createGuildEvent(params: {
+  channelId: string;
+  guildId: string;
+  author: import("@buape/carbon").Message["author"];
+  message: import("@buape/carbon").Message;
+  includeGuildObject?: boolean;
+}): DiscordMessageEvent {
+  return {
+    channel_id: params.channelId,
+    guild_id: params.guildId,
+    ...(params.includeGuildObject === false
+      ? {}
+      : {
+          guild: {
+            id: params.guildId,
+            name: "Guild One",
+          },
+        }),
+    author: params.author,
+    message: params.message,
+  } as unknown as DiscordMessageEvent;
+}
+
+export function createDiscordMessage(params: {
+  id: string;
+  channelId: string;
+  content: string;
+  author: {
+    id: string;
+    bot: boolean;
+    username?: string;
+  };
+  mentionedUsers?: Array<{ id: string }>;
+  mentionedEveryone?: boolean;
+  attachments?: Array<Record<string, unknown>>;
+}): import("@buape/carbon").Message {
+  return {
+    id: params.id,
+    content: params.content,
+    timestamp: new Date().toISOString(),
+    channelId: params.channelId,
+    attachments: params.attachments ?? [],
+    mentionedUsers: params.mentionedUsers ?? [],
+    mentionedRoles: [],
+    mentionedEveryone: params.mentionedEveryone ?? false,
+    author: params.author,
+  } as unknown as import("@buape/carbon").Message;
+}
+
+export function createDiscordPreflightArgs(params: {
+  cfg: OpenClawConfig;
+  discordConfig: DiscordConfig;
+  data: DiscordMessageEvent;
+  client: DiscordClient;
+  botUserId?: string;
+}): Parameters<typeof preflightDiscordMessage>[0] {
+  return {
+    cfg: params.cfg,
+    discordConfig: params.discordConfig,
+    accountId: "default",
+    token: "token",
+    runtime: {} as import("../../../../src/runtime.js").RuntimeEnv,
+    botUserId: params.botUserId ?? "openclaw-bot",
+    guildHistories: new Map(),
+    historyLimit: 0,
+    mediaMaxBytes: 1_000_000,
+    textLimit: 2_000,
+    replyToMode: "all",
+    dmEnabled: true,
+    groupDmEnabled: true,
+    ackReactionScope: "direct",
+    groupPolicy: "open",
+    threadBindings: createNoopThreadBindingManager("default"),
+    data: params.data,
+    client: params.client,
+  };
+}
diff --git a/src/discord/monitor/message-handler.preflight.test.ts b/extensions/discord/src/monitor/message-handler.preflight.test.ts
similarity index 75%
rename from src/discord/monitor/message-handler.preflight.test.ts
rename to extensions/discord/src/monitor/message-handler.preflight.test.ts
index 1e4d9c5dddb..a7a5ff2f6ef 100644
--- a/src/discord/monitor/message-handler.preflight.test.ts
+++ b/extensions/discord/src/monitor/message-handler.preflight.test.ts
@@ -3,40 +3,36 @@ import { beforeEach, describe, expect, it, vi } from "vitest";
 
 const transcribeFirstAudioMock = vi.hoisted(() => vi.fn());
 
-vi.mock("../../media-understanding/audio-preflight.js", () => ({
+vi.mock("../../../../src/media-understanding/audio-preflight.js", () => ({
   transcribeFirstAudio: (...args: unknown[]) => transcribeFirstAudioMock(...args),
 }));
 import {
   __testing as sessionBindingTesting,
   registerSessionBindingAdapter,
-} from "../../infra/outbound/session-binding-service.js";
+} from "../../../../src/infra/outbound/session-binding-service.js";
 import {
   preflightDiscordMessage,
   resolvePreflightMentionRequirement,
   shouldIgnoreBoundThreadWebhookMessage,
 } from "./message-handler.preflight.js";
+import {
+  createDiscordMessage,
+  createDiscordPreflightArgs,
+  createGuildEvent,
+  createGuildTextClient,
+  DEFAULT_PREFLIGHT_CFG,
+  type DiscordClient,
+  type DiscordConfig,
+  type DiscordMessageEvent,
+} from "./message-handler.preflight.test-helpers.js";
 import {
   __testing as threadBindingTesting,
-  createNoopThreadBindingManager,
   createThreadBindingManager,
 } from "./thread-bindings.js";
 
-type DiscordConfig = NonNullable<
-  import("../../config/config.js").OpenClawConfig["channels"]
->["discord"];
-type DiscordMessageEvent = import("./listeners.js").DiscordMessageEvent;
-type DiscordClient = import("@buape/carbon").Client;
-
-const DEFAULT_CFG = {
-  session: {
-    mainKey: "main",
-    scope: "per-sender",
-  },
-} as import("../../config/config.js").OpenClawConfig;
-
 function createThreadBinding(
   overrides?: Partial<
-    import("../../infra/outbound/session-binding-service.js").SessionBindingRecord
+    import("../../../../src/infra/outbound/session-binding-service.js").SessionBindingRecord
   >,
 ) {
   return {
@@ -58,50 +54,16 @@ function createThreadBinding(
       webhookToken: "tok-1",
     },
     ...overrides,
-  } satisfies import("../../infra/outbound/session-binding-service.js").SessionBindingRecord;
+  } satisfies import("../../../../src/infra/outbound/session-binding-service.js").SessionBindingRecord;
 }
 
 function createPreflightArgs(params: {
-  cfg: import("../../config/config.js").OpenClawConfig;
+  cfg: import("../../../../src/config/config.js").OpenClawConfig;
   discordConfig: DiscordConfig;
   data: DiscordMessageEvent;
   client: DiscordClient;
 }): Parameters<typeof preflightDiscordMessage>[0] {
-  return {
-    cfg: params.cfg,
-    discordConfig: params.discordConfig,
-    accountId: "default",
-    token: "token",
-    runtime: {} as import("../../runtime.js").RuntimeEnv,
-    botUserId: "openclaw-bot",
-    guildHistories: new Map(),
-    historyLimit: 0,
-    mediaMaxBytes: 1_000_000,
-    textLimit: 2_000,
-    replyToMode: "all",
-    dmEnabled: true,
-    groupDmEnabled: true,
-    ackReactionScope: "direct",
-    groupPolicy: "open",
-    threadBindings: createNoopThreadBindingManager("default"),
-    data: params.data,
-    client: params.client,
-  };
-}
-
-function createGuildTextClient(channelId: string): DiscordClient {
-  return {
-    fetchChannel: async (id: string) => {
-      if (id === channelId) {
-        return {
-          id: channelId,
-          type: ChannelType.GuildText,
-          name: "general",
-        };
-      }
-      return null;
-    },
-  } as unknown as DiscordClient;
+  return createDiscordPreflightArgs(params);
 }
 
 function createThreadClient(params: { threadId: string; parentId: string }): DiscordClient {
@@ -128,55 +90,11 @@ function createThreadClient(params: { threadId: string; parentId: string }): Dis
   } as unknown as DiscordClient;
 }
 
-function createGuildEvent(params: {
-  channelId: string;
-  guildId: string;
-  author: import("@buape/carbon").Message["author"];
-  message: import("@buape/carbon").Message;
-}): DiscordMessageEvent {
-  return {
-    channel_id: params.channelId,
-    guild_id: params.guildId,
-    guild: {
-      id: params.guildId,
-      name: "Guild One",
-    },
-    author: params.author,
-    message: params.message,
-  } as unknown as DiscordMessageEvent;
-}
-
-function createMessage(params: {
-  id: string;
-  channelId: string;
-  content: string;
-  author: {
-    id: string;
-    bot: boolean;
-    username?: string;
-  };
-  mentionedUsers?: Array<{ id: string }>;
-  mentionedEveryone?: boolean;
-  attachments?: Array<Record<string, unknown>>;
-}): import("@buape/carbon").Message {
-  return {
-    id: params.id,
-    content: params.content,
-    timestamp: new Date().toISOString(),
-    channelId: params.channelId,
-    attachments: params.attachments ?? [],
-    mentionedUsers: params.mentionedUsers ?? [],
-    mentionedRoles: [],
-    mentionedEveryone: params.mentionedEveryone ?? false,
-    author: params.author,
-  } as unknown as import("@buape/carbon").Message;
-}
-
 async function runThreadBoundPreflight(params: {
   threadId: string;
   parentId: string;
   message: import("@buape/carbon").Message;
-  threadBinding: import("../../infra/outbound/session-binding-service.js").SessionBindingRecord;
+  threadBinding: import("../../../../src/infra/outbound/session-binding-service.js").SessionBindingRecord;
   discordConfig: DiscordConfig;
   registerBindingAdapter?: boolean;
 }) {
@@ -197,7 +115,7 @@ async function runThreadBoundPreflight(params: {
 
   return preflightDiscordMessage({
     ...createPreflightArgs({
-      cfg: DEFAULT_CFG,
+      cfg: DEFAULT_PREFLIGHT_CFG,
       discordConfig: params.discordConfig,
       data: createGuildEvent({
         channelId: params.threadId,
@@ -218,18 +136,20 @@ async function runGuildPreflight(params: {
   guildId: string;
   message: import("@buape/carbon").Message;
   discordConfig: DiscordConfig;
-  cfg?: import("../../config/config.js").OpenClawConfig;
+  cfg?: import("../../../../src/config/config.js").OpenClawConfig;
   guildEntries?: Parameters<typeof preflightDiscordMessage>[0]["guildEntries"];
+  includeGuildObject?: boolean;
 }) {
   return preflightDiscordMessage({
     ...createPreflightArgs({
-      cfg: params.cfg ?? DEFAULT_CFG,
+      cfg: params.cfg ?? DEFAULT_PREFLIGHT_CFG,
       discordConfig: params.discordConfig,
       data: createGuildEvent({
         channelId: params.channelId,
         guildId: params.guildId,
         author: params.message.author,
         message: params.message,
+        includeGuildObject: params.includeGuildObject,
       }),
       client: createGuildTextClient(params.channelId),
     }),
@@ -237,6 +157,40 @@ async function runGuildPreflight(params: {
   });
 }
 
+async function runMentionOnlyBotPreflight(params: {
+  channelId: string;
+  guildId: string;
+  message: import("@buape/carbon").Message;
+}) {
+  return runGuildPreflight({
+    channelId: params.channelId,
+    guildId: params.guildId,
+    message: params.message,
+    discordConfig: {
+      allowBots: "mentions",
+    } as DiscordConfig,
+  });
+}
+
+async function runIgnoreOtherMentionsPreflight(params: {
+  channelId: string;
+  guildId: string;
+  message: import("@buape/carbon").Message;
+}) {
+  return runGuildPreflight({
+    channelId: params.channelId,
+    guildId: params.guildId,
+    message: params.message,
+    discordConfig: {} as DiscordConfig,
+    guildEntries: {
+      [params.guildId]: {
+        requireMention: false,
+        ignoreOtherMentions: true,
+      },
+    },
+  });
+}
+
 describe("resolvePreflightMentionRequirement", () => {
   it("requires mention when config requires mention and thread is not bound", () => {
     expect(
@@ -279,7 +233,7 @@ describe("preflightDiscordMessage", () => {
     });
     const threadId = "thread-system-1";
     const parentId = "channel-parent-1";
-    const message = createMessage({
+    const message = createDiscordMessage({
       id: "m-system-1",
       channelId: threadId,
       content:
@@ -311,7 +265,7 @@ describe("preflightDiscordMessage", () => {
     });
     const threadId = "thread-bot-regular-1";
     const parentId = "channel-parent-regular-1";
-    const message = createMessage({
+    const message = createDiscordMessage({
       id: "m-bot-regular-1",
       channelId: threadId,
       content: "here is tool output chunk",
@@ -342,7 +296,7 @@ describe("preflightDiscordMessage", () => {
     const threadId = "thread-bot-focus";
     const parentId = "channel-parent-focus";
     const client = createThreadClient({ threadId, parentId });
-    const message = createMessage({
+    const message = createDiscordMessage({
       id: "m-bot-1",
       channelId: threadId,
       content: "relay message without mention",
@@ -363,8 +317,8 @@ describe("preflightDiscordMessage", () => {
     const result = await preflightDiscordMessage(
       createPreflightArgs({
         cfg: {
-          ...DEFAULT_CFG,
-        } as import("../../config/config.js").OpenClawConfig,
+          ...DEFAULT_PREFLIGHT_CFG,
+        } as import("../../../../src/config/config.js").OpenClawConfig,
         discordConfig: {
           allowBots: true,
         } as DiscordConfig,
@@ -386,7 +340,7 @@ describe("preflightDiscordMessage", () => {
   it("drops bot messages without mention when allowBots=mentions", async () => {
     const channelId = "channel-bot-mentions-off";
     const guildId = "guild-bot-mentions-off";
-    const message = createMessage({
+    const message = createDiscordMessage({
       id: "m-bot-mentions-off",
       channelId,
       content: "relay chatter",
@@ -397,14 +351,7 @@ describe("preflightDiscordMessage", () => {
       },
     });
 
-    const result = await runGuildPreflight({
-      channelId,
-      guildId,
-      message,
-      discordConfig: {
-        allowBots: "mentions",
-      } as DiscordConfig,
-    });
+    const result = await runMentionOnlyBotPreflight({ channelId, guildId, message });
 
     expect(result).toBeNull();
   });
@@ -412,7 +359,7 @@ describe("preflightDiscordMessage", () => {
   it("allows bot messages with explicit mention when allowBots=mentions", async () => {
     const channelId = "channel-bot-mentions-on";
     const guildId = "guild-bot-mentions-on";
-    const message = createMessage({
+    const message = createDiscordMessage({
       id: "m-bot-mentions-on",
       channelId,
       content: "hi <@openclaw-bot>",
@@ -424,22 +371,100 @@ describe("preflightDiscordMessage", () => {
       },
     });
 
+    const result = await runMentionOnlyBotPreflight({ channelId, guildId, message });
+
+    expect(result).not.toBeNull();
+  });
+
+  it("accepts allowlisted guild messages when guild object is missing", async () => {
+    const message = createDiscordMessage({
+      id: "m-guild-id-only",
+      channelId: "ch-1",
+      content: "hello from maintainers",
+      author: {
+        id: "user-1",
+        bot: false,
+        username: "Peter",
+      },
+    });
+
     const result = await runGuildPreflight({
-      channelId,
-      guildId,
+      channelId: "ch-1",
+      guildId: "guild-1",
       message,
-      discordConfig: {
-        allowBots: "mentions",
-      } as DiscordConfig,
+      discordConfig: {} as DiscordConfig,
+      guildEntries: {
+        "guild-1": {
+          channels: {
+            "ch-1": {
+              allow: true,
+              requireMention: false,
+            },
+          },
+        },
+      },
+      includeGuildObject: false,
     });
 
     expect(result).not.toBeNull();
+    expect(result?.guildInfo?.id).toBe("guild-1");
+    expect(result?.channelConfig?.allowed).toBe(true);
+    expect(result?.shouldRequireMention).toBe(false);
+  });
+
+  it("inherits parent thread allowlist when guild object is missing", async () => {
+    const threadId = "thread-1";
+    const parentId = "parent-1";
+    const message = createDiscordMessage({
+      id: "m-thread-id-only",
+      channelId: threadId,
+      content: "thread hello",
+      author: {
+        id: "user-1",
+        bot: false,
+        username: "Peter",
+      },
+    });
+
+    const result = await preflightDiscordMessage({
+      ...createPreflightArgs({
+        cfg: DEFAULT_PREFLIGHT_CFG,
+        discordConfig: {} as DiscordConfig,
+        data: createGuildEvent({
+          channelId: threadId,
+          guildId: "guild-1",
+          author: message.author,
+          message,
+          includeGuildObject: false,
+        }),
+        client: createThreadClient({
+          threadId,
+          parentId,
+        }),
+      }),
+      guildEntries: {
+        "guild-1": {
+          channels: {
+            [parentId]: {
+              allow: true,
+              requireMention: false,
+            },
+          },
+        },
+      },
+    });
+
+    expect(result).not.toBeNull();
+    expect(result?.guildInfo?.id).toBe("guild-1");
+    expect(result?.threadParentId).toBe(parentId);
+    expect(result?.channelConfig?.allowed).toBe(true);
+    expect(result?.shouldRequireMention).toBe(false);
   });
 
   it("drops guild messages that mention another user when ignoreOtherMentions=true", async () => {
     const channelId = "channel-other-mention-1";
     const guildId = "guild-other-mention-1";
-    const message = createMessage({
+    const message = createDiscordMessage({
       id: "m-other-mention-1",
       channelId,
       content: "hello <@999>",
@@ -451,18 +476,7 @@ describe("preflightDiscordMessage", () => {
       },
     });
 
-    const result = await runGuildPreflight({
-      channelId,
-      guildId,
-      message,
-      discordConfig: {} as DiscordConfig,
-      guildEntries: {
-        [guildId]: {
-          requireMention: false,
-          ignoreOtherMentions: true,
-        },
-      },
-    });
+    const result = await runIgnoreOtherMentionsPreflight({ channelId, guildId, message });
 
     expect(result).toBeNull();
   });
@@ -470,7 +484,7 @@ describe("preflightDiscordMessage", () => {
   it("does not drop @everyone messages when ignoreOtherMentions=true", async () => {
     const channelId = "channel-other-mention-everyone";
     const guildId = "guild-other-mention-everyone";
-    const message = createMessage({
+    const message = createDiscordMessage({
       id: "m-other-mention-everyone",
       channelId,
       content: "@everyone heads up",
@@ -482,18 +496,7 @@ describe("preflightDiscordMessage", () => {
       },
     });
 
-    const result = await runGuildPreflight({
-      channelId,
-      guildId,
-      message,
-      discordConfig: {} as DiscordConfig,
-      guildEntries: {
-        [guildId]: {
-          requireMention: false,
-          ignoreOtherMentions: true,
-        },
-      },
-    });
+    const result = await runIgnoreOtherMentionsPreflight({ channelId, guildId, message });
 
     expect(result).not.toBeNull();
     expect(result?.hasAnyMention).toBe(true);
@@ -503,7 +506,7 @@ describe("preflightDiscordMessage", () => {
     const channelId = "channel-everyone-1";
     const guildId = "guild-everyone-1";
     const client = createGuildTextClient(channelId);
-    const message = createMessage({
+    const message = createDiscordMessage({
       id: "m-everyone-1",
       channelId,
       content: "@everyone heads up",
@@ -517,7 +520,7 @@ describe("preflightDiscordMessage", () => {
 
     const result = await preflightDiscordMessage({
       ...createPreflightArgs({
-        cfg: DEFAULT_CFG,
+        cfg: DEFAULT_PREFLIGHT_CFG,
         discordConfig: {
           allowBots: true,
         } as DiscordConfig,
@@ -546,7 +549,7 @@ describe("preflightDiscordMessage", () => {
     const channelId = "channel-audio-1";
     const client = createGuildTextClient(channelId);
 
-    const message = createMessage({
+    const message = createDiscordMessage({
       id: "m-audio-1",
       channelId,
       content: "",
@@ -568,13 +571,13 @@ describe("preflightDiscordMessage", () => {
     const result = await preflightDiscordMessage(
       createPreflightArgs({
         cfg: {
-          ...DEFAULT_CFG,
+          ...DEFAULT_PREFLIGHT_CFG,
           messages: {
             groupChat: {
               mentionPatterns: ["openclaw"],
             },
           },
-        } as import("../../config/config.js").OpenClawConfig,
+        } as import("../../../../src/config/config.js").OpenClawConfig,
         discordConfig: {} as DiscordConfig,
         data: createGuildEvent({
           channelId,
diff --git a/src/discord/monitor/message-handler.preflight.ts b/extensions/discord/src/monitor/message-handler.preflight.ts
similarity index 94%
rename from src/discord/monitor/message-handler.preflight.ts
rename to extensions/discord/src/monitor/message-handler.preflight.ts
index ddd79e42064..d88b0cd03ec 100644
--- a/src/discord/monitor/message-handler.preflight.ts
+++ b/extensions/discord/src/monitor/message-handler.preflight.ts
@@ -2,34 +2,34 @@ import { ChannelType, MessageType, type User } from "@buape/carbon";
 import {
   ensureConfiguredAcpRouteReady,
   resolveConfiguredAcpRoute,
-} from "../../acp/persistent-bindings.route.js";
-import { hasControlCommand } from "../../auto-reply/command-detection.js";
-import { shouldHandleTextCommands } from "../../auto-reply/commands-registry.js";
+} from "../../../../src/acp/persistent-bindings.route.js";
+import { hasControlCommand } from "../../../../src/auto-reply/command-detection.js";
+import { shouldHandleTextCommands } from "../../../../src/auto-reply/commands-registry.js";
 import {
   recordPendingHistoryEntryIfEnabled,
   type HistoryEntry,
-} from "../../auto-reply/reply/history.js";
+} from "../../../../src/auto-reply/reply/history.js";
 import {
   buildMentionRegexes,
   matchesMentionWithExplicit,
-} from "../../auto-reply/reply/mentions.js";
-import { formatAllowlistMatchMeta } from "../../channels/allowlist-match.js";
-import { resolveControlCommandGate } from "../../channels/command-gating.js";
-import { logInboundDrop } from "../../channels/logging.js";
-import { resolveMentionGatingWithBypass } from "../../channels/mention-gating.js";
-import { loadConfig } from "../../config/config.js";
-import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
-import { logVerbose, shouldLogVerbose } from "../../globals.js";
-import { recordChannelActivity } from "../../infra/channel-activity.js";
+} from "../../../../src/auto-reply/reply/mentions.js";
+import { formatAllowlistMatchMeta } from "../../../../src/channels/allowlist-match.js";
+import { resolveControlCommandGate } from "../../../../src/channels/command-gating.js";
+import { logInboundDrop } from "../../../../src/channels/logging.js";
+import { resolveMentionGatingWithBypass } from "../../../../src/channels/mention-gating.js";
+import { loadConfig } from "../../../../src/config/config.js";
+import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js";
+import { logVerbose, shouldLogVerbose } from "../../../../src/globals.js";
+import { recordChannelActivity } from "../../../../src/infra/channel-activity.js";
 import {
   getSessionBindingService,
   type SessionBindingRecord,
-} from "../../infra/outbound/session-binding-service.js";
-import { enqueueSystemEvent } from "../../infra/system-events.js";
-import { logDebug } from "../../logger.js";
-import { getChildLogger } from "../../logging.js";
-import { buildPairingReply } from "../../pairing/pairing-messages.js";
-import { DEFAULT_ACCOUNT_ID } from "../../routing/session-key.js";
+} from "../../../../src/infra/outbound/session-binding-service.js";
+import { enqueueSystemEvent } from "../../../../src/infra/system-events.js";
+import { logDebug } from "../../../../src/logger.js";
+import { getChildLogger } from "../../../../src/logging.js";
+import { buildPairingReply } from "../../../../src/pairing/pairing-messages.js";
+import { DEFAULT_ACCOUNT_ID } from "../../../../src/routing/session-key.js";
 import { fetchPluralKitMessageInfo } from "../pluralkit.js";
 import { sendMessageDiscord } from "../send.js";
 import {
@@ -430,6 +430,7 @@ export async function preflightDiscordMessage(
   const guildInfo = isGuildMessage
     ? resolveDiscordGuildEntry({
         guild: params.data.guild ?? undefined,
+        guildId: params.data.guild_id ?? undefined,
         guildEntries: params.guildEntries,
       })
     : null;
diff --git a/src/discord/monitor/message-handler.preflight.types.ts b/extensions/discord/src/monitor/message-handler.preflight.types.ts
similarity index 74%
rename from src/discord/monitor/message-handler.preflight.types.ts
rename to extensions/discord/src/monitor/message-handler.preflight.types.ts
index a2b3c210a1c..a123a22dcaa 100644
--- a/src/discord/monitor/message-handler.preflight.types.ts
+++ b/extensions/discord/src/monitor/message-handler.preflight.types.ts
@@ -1,8 +1,8 @@
 import type { ChannelType, Client, User } from "@buape/carbon";
-import type { HistoryEntry } from "../../auto-reply/reply/history.js";
-import type { ReplyToMode } from "../../config/config.js";
-import type { SessionBindingRecord } from "../../infra/outbound/session-binding-service.js";
-import type { resolveAgentRoute } from "../../routing/resolve-route.js";
+import type { HistoryEntry } from "../../../../src/auto-reply/reply/history.js";
+import type { ReplyToMode } from "../../../../src/config/config.js";
+import type { SessionBindingRecord } from "../../../../src/infra/outbound/session-binding-service.js";
+import type { resolveAgentRoute } from "../../../../src/routing/resolve-route.js";
 import type { DiscordChannelConfigResolved, DiscordGuildEntryResolved } from "./allow-list.js";
 import type { DiscordChannelInfo } from "./message-utils.js";
 import type { DiscordThreadBindingLookup } from "./reply-delivery.js";
@@ -11,15 +11,15 @@ import type { DiscordSenderIdentity } from "./sender-identity.js";
 export type { DiscordSenderIdentity } from "./sender-identity.js";
 import type { DiscordThreadChannel } from "./threading.js";
 
-export type LoadedConfig = ReturnType<typeof import("../../config/config.js").loadConfig>;
-export type RuntimeEnv = import("../../runtime.js").RuntimeEnv;
+export type LoadedConfig = ReturnType<typeof import("../../../../src/config/config.js").loadConfig>;
+export type RuntimeEnv = import("../../../../src/runtime.js").RuntimeEnv;
 
 export type DiscordMessageEvent = import("./listeners.js").DiscordMessageEvent;
 
-export type DiscordMessagePreflightContext = {
+type DiscordMessagePreflightSharedFields = {
   cfg: LoadedConfig;
   discordConfig: NonNullable<
-    import("../../config/config.js").OpenClawConfig["channels"]
+    import("../../../../src/config/config.js").OpenClawConfig["channels"]
   >["discord"];
   accountId: string;
   token: string;
@@ -33,7 +33,9 @@ export type DiscordMessagePreflightContext = {
   replyToMode: ReplyToMode;
   ackReactionScope: "all" | "direct" | "group-all" | "group-mentions" | "off" | "none";
   groupPolicy: "open" | "disabled" | "allowlist";
+};
 
+export type DiscordMessagePreflightContext = DiscordMessagePreflightSharedFields & {
   data: DiscordMessageEvent;
   client: Client;
   message: DiscordMessageEvent["message"];
@@ -89,19 +91,7 @@ export type DiscordMessagePreflightContext = {
   discordRestFetch?: typeof fetch;
 };
 
-export type DiscordMessagePreflightParams = {
-  cfg: LoadedConfig;
-  discordConfig: DiscordMessagePreflightContext["discordConfig"];
-  accountId: string;
-  token: string;
-  runtime: RuntimeEnv;
-  botUserId?: string;
-  abortSignal?: AbortSignal;
-  guildHistories: Map<string, HistoryEntry[]>;
-  historyLimit: number;
-  mediaMaxBytes: number;
-  textLimit: number;
-  replyToMode: ReplyToMode;
+export type DiscordMessagePreflightParams = DiscordMessagePreflightSharedFields & {
   dmEnabled: boolean;
   groupDmEnabled: boolean;
   groupDmChannels?: string[];
diff --git a/src/discord/monitor/message-handler.process.test.ts b/extensions/discord/src/monitor/message-handler.process.test.ts
similarity index 98%
rename from src/discord/monitor/message-handler.process.test.ts
rename to extensions/discord/src/monitor/message-handler.process.test.ts
index 96c9a65df9c..fc04211a38f 100644
--- a/src/discord/monitor/message-handler.process.test.ts
+++ b/extensions/discord/src/monitor/message-handler.process.test.ts
@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { DEFAULT_EMOJIS } from "../../channels/status-reactions.js";
+import { DEFAULT_EMOJIS } from "../../../../src/channels/status-reactions.js";
 import {
   createBaseDiscordMessageContext,
   createDiscordDirectMessageContextOverrides,
@@ -84,11 +84,11 @@ vi.mock("./reply-delivery.js", () => ({
   deliverDiscordReply: deliveryMocks.deliverDiscordReply,
 }));
 
-vi.mock("../../auto-reply/dispatch.js", () => ({
+vi.mock("../../../../src/auto-reply/dispatch.js", () => ({
   dispatchInboundMessage,
 }));
 
-vi.mock("../../auto-reply/reply/reply-dispatcher.js", () => ({
+vi.mock("../../../../src/auto-reply/reply/reply-dispatcher.js", () => ({
   createReplyDispatcherWithTyping: vi.fn(
     (opts: { deliver: (payload: unknown, info: { kind: string }) => Promise<void> | void }) => ({
       dispatcher: {
@@ -112,11 +112,11 @@ vi.mock("../../auto-reply/reply/reply-dispatcher.js", () => ({
   ),
 }));
 
-vi.mock("../../channels/session.js", () => ({
+vi.mock("../../../../src/channels/session.js", () => ({
   recordInboundSession,
 }));
 
-vi.mock("../../config/sessions.js", () => ({
+vi.mock("../../../../src/config/sessions.js", () => ({
   readSessionUpdatedAt: configSessionsMocks.readSessionUpdatedAt,
   resolveStorePath: configSessionsMocks.resolveStorePath,
 }));
diff --git a/src/discord/monitor/message-handler.process.ts b/extensions/discord/src/monitor/message-handler.process.ts
similarity index 92%
rename from src/discord/monitor/message-handler.process.ts
rename to extensions/discord/src/monitor/message-handler.process.ts
index 36978628b7a..dc86c3720ef 100644
--- a/src/discord/monitor/message-handler.process.ts
+++ b/extensions/discord/src/monitor/message-handler.process.ts
@@ -1,37 +1,40 @@
 import { ChannelType, type RequestClient } from "@buape/carbon";
-import { resolveAckReaction, resolveHumanDelayConfig } from "../../agents/identity.js";
-import { EmbeddedBlockChunker } from "../../agents/pi-embedded-block-chunker.js";
-import { resolveChunkMode } from "../../auto-reply/chunk.js";
-import { dispatchInboundMessage } from "../../auto-reply/dispatch.js";
-import { formatInboundEnvelope, resolveEnvelopeFormatOptions } from "../../auto-reply/envelope.js";
+import { resolveAckReaction, resolveHumanDelayConfig } from "../../../../src/agents/identity.js";
+import { EmbeddedBlockChunker } from "../../../../src/agents/pi-embedded-block-chunker.js";
+import { resolveChunkMode } from "../../../../src/auto-reply/chunk.js";
+import { dispatchInboundMessage } from "../../../../src/auto-reply/dispatch.js";
+import {
+  formatInboundEnvelope,
+  resolveEnvelopeFormatOptions,
+} from "../../../../src/auto-reply/envelope.js";
 import {
   buildPendingHistoryContextFromMap,
   clearHistoryEntriesIfEnabled,
-} from "../../auto-reply/reply/history.js";
-import { finalizeInboundContext } from "../../auto-reply/reply/inbound-context.js";
-import { createReplyDispatcherWithTyping } from "../../auto-reply/reply/reply-dispatcher.js";
-import type { ReplyPayload } from "../../auto-reply/types.js";
-import { shouldAckReaction as shouldAckReactionGate } from "../../channels/ack-reactions.js";
-import { logTypingFailure, logAckFailure } from "../../channels/logging.js";
-import { createReplyPrefixOptions } from "../../channels/reply-prefix.js";
-import { recordInboundSession } from "../../channels/session.js";
+} from "../../../../src/auto-reply/reply/history.js";
+import { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js";
+import { createReplyDispatcherWithTyping } from "../../../../src/auto-reply/reply/reply-dispatcher.js";
+import type { ReplyPayload } from "../../../../src/auto-reply/types.js";
+import { shouldAckReaction as shouldAckReactionGate } from "../../../../src/channels/ack-reactions.js";
+import { logTypingFailure, logAckFailure } from "../../../../src/channels/logging.js";
+import { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js";
+import { recordInboundSession } from "../../../../src/channels/session.js";
 import {
   createStatusReactionController,
   DEFAULT_TIMING,
   type StatusReactionAdapter,
-} from "../../channels/status-reactions.js";
-import { createTypingCallbacks } from "../../channels/typing.js";
-import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
-import { resolveDiscordPreviewStreamMode } from "../../config/discord-preview-streaming.js";
-import { resolveMarkdownTableMode } from "../../config/markdown-tables.js";
-import { readSessionUpdatedAt, resolveStorePath } from "../../config/sessions.js";
-import { danger, logVerbose, shouldLogVerbose } from "../../globals.js";
-import { convertMarkdownTables } from "../../markdown/tables.js";
-import { getAgentScopedMediaLocalRoots } from "../../media/local-roots.js";
-import { buildAgentSessionKey } from "../../routing/resolve-route.js";
-import { resolveThreadSessionKeys } from "../../routing/session-key.js";
-import { stripReasoningTagsFromText } from "../../shared/text/reasoning-tags.js";
-import { truncateUtf16Safe } from "../../utils.js";
+} from "../../../../src/channels/status-reactions.js";
+import { createTypingCallbacks } from "../../../../src/channels/typing.js";
+import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js";
+import { resolveDiscordPreviewStreamMode } from "../../../../src/config/discord-preview-streaming.js";
+import { resolveMarkdownTableMode } from "../../../../src/config/markdown-tables.js";
+import { readSessionUpdatedAt, resolveStorePath } from "../../../../src/config/sessions.js";
+import { danger, logVerbose, shouldLogVerbose } from "../../../../src/globals.js";
+import { convertMarkdownTables } from "../../../../src/markdown/tables.js";
+import { getAgentScopedMediaLocalRoots } from "../../../../src/media/local-roots.js";
+import { buildAgentSessionKey } from "../../../../src/routing/resolve-route.js";
+import { resolveThreadSessionKeys } from "../../../../src/routing/session-key.js";
+import { stripReasoningTagsFromText } from "../../../../src/shared/text/reasoning-tags.js";
+import { truncateUtf16Safe } from "../../../../src/utils.js";
 import { resolveDiscordMaxLinesPerMessage } from "../accounts.js";
 import { chunkDiscordTextWithMode } from "../chunk.js";
 import { resolveDiscordDraftStreamingChunking } from "../draft-chunking.js";
diff --git a/src/discord/monitor/message-handler.queue.test.ts b/extensions/discord/src/monitor/message-handler.queue.test.ts
similarity index 91%
rename from src/discord/monitor/message-handler.queue.test.ts
rename to extensions/discord/src/monitor/message-handler.queue.test.ts
index 122ce852333..2051029a823 100644
--- a/src/discord/monitor/message-handler.queue.test.ts
+++ b/extensions/discord/src/monitor/message-handler.queue.test.ts
@@ -1,24 +1,17 @@
 import { describe, expect, it, vi } from "vitest";
+import {
+  createDiscordMessageHandler,
+  preflightDiscordMessageMock,
+  processDiscordMessageMock,
+} from "./message-handler.module-test-helpers.js";
 import {
   createDiscordHandlerParams,
   createDiscordPreflightContext,
 } from "./message-handler.test-helpers.js";
 
-const preflightDiscordMessageMock = vi.hoisted(() => vi.fn());
-const processDiscordMessageMock = vi.hoisted(() => vi.fn());
 const eventualReplyDeliveredMock = vi.hoisted(() => vi.fn());
 type SetStatusFn = (patch: Record<string, unknown>) => void;
 
-vi.mock("./message-handler.preflight.js", () => ({
-  preflightDiscordMessage: preflightDiscordMessageMock,
-}));
-
-vi.mock("./message-handler.process.js", () => ({
-  processDiscordMessage: processDiscordMessageMock,
-}));
-
-const { createDiscordMessageHandler } = await import("./message-handler.js");
-
 function createDeferred<T = void>() {
   let resolve: (value: T | PromiseLike<T>) => void = () => {};
   const promise = new Promise<T>((innerResolve) => {
@@ -45,20 +38,30 @@ function createPreflightContext(channelId = "ch-1") {
   return createDiscordPreflightContext(channelId);
 }
 
+function createHandlerWithDefaultPreflight(overrides?: {
+  setStatus?: SetStatusFn;
+  workerRunTimeoutMs?: number;
+}) {
+  preflightDiscordMessageMock.mockImplementation(async (params: { data: { channel_id: string } }) =>
+    createPreflightContext(params.data.channel_id),
+  );
+  return createDiscordMessageHandler(createDiscordHandlerParams(overrides));
+}
+
 async function createLifecycleStopScenario(params: {
   createHandler: (status: SetStatusFn) => {
     handler: (data: never, opts: never) => Promise<void>;
     stop: () => void;
   };
 }) {
+  preflightDiscordMessageMock.mockImplementation(
+    async (preflightParams: { data: { channel_id: string } }) =>
+      createPreflightContext(preflightParams.data.channel_id),
+  );
   const runInFlight = createDeferred();
   processDiscordMessageMock.mockImplementation(async () => {
     await runInFlight.promise;
   });
-  preflightDiscordMessageMock.mockImplementation(
-    async (contextParams: { data: { channel_id: string } }) =>
-      createPreflightContext(contextParams.data.channel_id),
-  );
 
   const setStatus = vi.fn<SetStatusFn>();
   const { handler, stop } = params.createHandler(setStatus);
@@ -111,13 +114,8 @@ describe("createDiscordMessageHandler queue behavior", () => {
       .mockImplementationOnce(async () => {
         await secondRun.promise;
       });
-    preflightDiscordMessageMock.mockImplementation(
-      async (params: { data: { channel_id: string } }) =>
-        createPreflightContext(params.data.channel_id),
-    );
-
     const setStatus = vi.fn();
-    const handler = createDiscordMessageHandler(createDiscordHandlerParams({ setStatus }));
+    const handler = createHandlerWithDefaultPreflight({ setStatus });
 
     await expect(handler(createMessageData("m-1") as never, {} as never)).resolves.toBeUndefined();
 
@@ -175,12 +173,11 @@ describe("createDiscordMessageHandler queue behavior", () => {
           });
         })
         .mockImplementationOnce(async () => undefined);
-      preflightDiscordMessageMock.mockImplementation(
-        async (params: { data: { channel_id: string } }) =>
-          createPreflightContext(params.data.channel_id),
-      );
-
       const params = createDiscordHandlerParams({ workerRunTimeoutMs: 50 });
+      preflightDiscordMessageMock.mockImplementation(
+        async (preflightParams: { data: { channel_id: string } }) =>
+          createPreflightContext(preflightParams.data.channel_id),
+      );
       const handler = createDiscordMessageHandler(params);
 
       await expect(
@@ -226,13 +223,8 @@ describe("createDiscordMessageHandler queue behavior", () => {
           });
         },
       );
-      preflightDiscordMessageMock.mockImplementation(
-        async (params: { data: { channel_id: string } }) =>
-          createPreflightContext(params.data.channel_id),
-      );
-
       const params = createDiscordHandlerParams({ workerRunTimeoutMs: 0 });
-      const handler = createDiscordMessageHandler(params);
+      const handler = createHandlerWithDefaultPreflight({ workerRunTimeoutMs: 0 });
 
       await expect(
         handler(createMessageData("m-1") as never, {} as never),
@@ -442,7 +434,7 @@ describe("createDiscordMessageHandler queue behavior", () => {
     );
 
     const setStatus = vi.fn();
-    const handler = createDiscordMessageHandler(createDiscordHandlerParams({ setStatus }));
+    const handler = createHandlerWithDefaultPreflight({ setStatus });
 
     await expect(handler(createMessageData("m-1") as never, {} as never)).resolves.toBeUndefined();
     await expect(handler(createMessageData("m-2") as never, {} as never)).resolves.toBeUndefined();
diff --git a/src/discord/monitor/message-handler.test-harness.ts b/extensions/discord/src/monitor/message-handler.test-harness.ts
similarity index 100%
rename from src/discord/monitor/message-handler.test-harness.ts
rename to extensions/discord/src/monitor/message-handler.test-harness.ts
diff --git a/src/discord/monitor/message-handler.test-helpers.ts b/extensions/discord/src/monitor/message-handler.test-helpers.ts
similarity index 96%
rename from src/discord/monitor/message-handler.test-helpers.ts
rename to extensions/discord/src/monitor/message-handler.test-helpers.ts
index 6084fc1a00e..04bfb9b603c 100644
--- a/src/discord/monitor/message-handler.test-helpers.ts
+++ b/extensions/discord/src/monitor/message-handler.test-helpers.ts
@@ -1,5 +1,5 @@
 import { vi } from "vitest";
-import type { OpenClawConfig } from "../../config/types.js";
+import type { OpenClawConfig } from "../../../../src/config/types.js";
 import type { createDiscordMessageHandler } from "./message-handler.js";
 import { createNoopThreadBindingManager } from "./thread-bindings.js";
 
diff --git a/src/discord/monitor/message-handler.ts b/extensions/discord/src/monitor/message-handler.ts
similarity index 96%
rename from src/discord/monitor/message-handler.ts
rename to extensions/discord/src/monitor/message-handler.ts
index 02a65041983..2c9745a8bf0 100644
--- a/src/discord/monitor/message-handler.ts
+++ b/extensions/discord/src/monitor/message-handler.ts
@@ -2,9 +2,9 @@ import type { Client } from "@buape/carbon";
 import {
   createChannelInboundDebouncer,
   shouldDebounceTextInbound,
-} from "../../channels/inbound-debounce-policy.js";
-import { resolveOpenProviderRuntimeGroupPolicy } from "../../config/runtime-group-policy.js";
-import { danger } from "../../globals.js";
+} from "../../../../src/channels/inbound-debounce-policy.js";
+import { resolveOpenProviderRuntimeGroupPolicy } from "../../../../src/config/runtime-group-policy.js";
+import { danger } from "../../../../src/globals.js";
 import { buildDiscordInboundJob } from "./inbound-job.js";
 import { createDiscordInboundWorker } from "./inbound-worker.js";
 import type { DiscordMessageEvent, DiscordMessageHandler } from "./listeners.js";
diff --git a/src/discord/monitor/message-utils.test.ts b/extensions/discord/src/monitor/message-utils.test.ts
similarity index 95%
rename from src/discord/monitor/message-utils.test.ts
rename to extensions/discord/src/monitor/message-utils.test.ts
index f4c5be256c1..0a29fc5b0ab 100644
--- a/src/discord/monitor/message-utils.test.ts
+++ b/extensions/discord/src/monitor/message-utils.test.ts
@@ -5,15 +5,15 @@ import { beforeEach, describe, expect, it, vi } from "vitest";
 const fetchRemoteMedia = vi.fn();
 const saveMediaBuffer = vi.fn();
 
-vi.mock("../../media/fetch.js", () => ({
+vi.mock("../../../../src/media/fetch.js", () => ({
   fetchRemoteMedia: (...args: unknown[]) => fetchRemoteMedia(...args),
 }));
 
-vi.mock("../../media/store.js", () => ({
+vi.mock("../../../../src/media/store.js", () => ({
   saveMediaBuffer: (...args: unknown[]) => saveMediaBuffer(...args),
 }));
 
-vi.mock("../../globals.js", () => ({
+vi.mock("../../../../src/globals.js", () => ({
   logVerbose: () => {},
 }));
 
@@ -173,30 +173,13 @@ describe("resolveForwardedMediaList", () => {
       512,
     );
 
-    expect(fetchRemoteMedia).toHaveBeenCalledTimes(1);
-    const call = fetchRemoteMedia.mock.calls[0]?.[0] as {
-      url?: string;
-      filePathHint?: string;
-      maxBytes?: number;
-      fetchImpl?: unknown;
-      ssrfPolicy?: unknown;
-    };
-    expect(call).toMatchObject({
-      url: attachment.url,
+    expectSinglePngDownload({
+      result,
+      expectedUrl: attachment.url,
       filePathHint: attachment.filename,
-      maxBytes: 512,
-      fetchImpl: undefined,
+      expectedPath: "/tmp/image.png",
+      placeholder: "<media:image>",
     });
-    expectDiscordCdnSsrFPolicy(call.ssrfPolicy);
-    expect(saveMediaBuffer).toHaveBeenCalledTimes(1);
-    expect(saveMediaBuffer).toHaveBeenCalledWith(expect.any(Buffer), "image/png", "inbound", 512);
-    expect(result).toEqual([
-      {
-        path: "/tmp/image.png",
-        contentType: "image/png",
-        placeholder: "<media:image>",
-      },
-    ]);
   });
 
   it("forwards fetchImpl to forwarded attachment downloads", async () => {
diff --git a/src/discord/monitor/message-utils.ts b/extensions/discord/src/monitor/message-utils.ts
similarity index 98%
rename from src/discord/monitor/message-utils.ts
rename to extensions/discord/src/monitor/message-utils.ts
index b26f8d68eee..ae37d6615fd 100644
--- a/src/discord/monitor/message-utils.ts
+++ b/extensions/discord/src/monitor/message-utils.ts
@@ -1,10 +1,10 @@
 import type { ChannelType, Client, Message } from "@buape/carbon";
 import { StickerFormatType, type APIAttachment, type APIStickerItem } from "discord-api-types/v10";
-import { buildMediaPayload } from "../../channels/plugins/media-payload.js";
-import { logVerbose } from "../../globals.js";
-import type { SsrFPolicy } from "../../infra/net/ssrf.js";
-import { fetchRemoteMedia, type FetchLike } from "../../media/fetch.js";
-import { saveMediaBuffer } from "../../media/store.js";
+import { buildMediaPayload } from "../../../../src/channels/plugins/media-payload.js";
+import { logVerbose } from "../../../../src/globals.js";
+import type { SsrFPolicy } from "../../../../src/infra/net/ssrf.js";
+import { fetchRemoteMedia, type FetchLike } from "../../../../src/media/fetch.js";
+import { saveMediaBuffer } from "../../../../src/media/store.js";
 
 const DISCORD_CDN_HOSTNAMES = [
   "cdn.discordapp.com",
diff --git a/src/discord/monitor/model-picker-preferences.test.ts b/extensions/discord/src/monitor/model-picker-preferences.test.ts
similarity index 100%
rename from src/discord/monitor/model-picker-preferences.test.ts
rename to extensions/discord/src/monitor/model-picker-preferences.test.ts
diff --git a/src/discord/monitor/model-picker-preferences.ts b/extensions/discord/src/monitor/model-picker-preferences.ts
similarity index 91%
rename from src/discord/monitor/model-picker-preferences.ts
rename to extensions/discord/src/monitor/model-picker-preferences.ts
index 2702e8db253..e75ce013403 100644
--- a/src/discord/monitor/model-picker-preferences.ts
+++ b/extensions/discord/src/monitor/model-picker-preferences.ts
@@ -1,11 +1,14 @@
 import os from "node:os";
 import path from "node:path";
-import { normalizeProviderId } from "../../agents/model-selection.js";
-import { resolveStateDir } from "../../config/paths.js";
-import { withFileLock } from "../../infra/file-lock.js";
-import { resolveRequiredHomeDir } from "../../infra/home-dir.js";
-import { readJsonFileWithFallback, writeJsonFileAtomically } from "../../plugin-sdk/json-store.js";
-import { normalizeAccountId as normalizeSharedAccountId } from "../../routing/account-id.js";
+import { normalizeProviderId } from "../../../../src/agents/model-selection.js";
+import { resolveStateDir } from "../../../../src/config/paths.js";
+import { withFileLock } from "../../../../src/infra/file-lock.js";
+import { resolveRequiredHomeDir } from "../../../../src/infra/home-dir.js";
+import {
+  readJsonFileWithFallback,
+  writeJsonFileAtomically,
+} from "../../../../src/plugin-sdk/json-store.js";
+import { normalizeAccountId as normalizeSharedAccountId } from "../../../../src/routing/account-id.js";
 
 const MODEL_PICKER_PREFERENCES_LOCK_OPTIONS = {
   retries: {
diff --git a/src/discord/monitor/model-picker.test-utils.ts b/extensions/discord/src/monitor/model-picker.test-utils.ts
similarity index 88%
rename from src/discord/monitor/model-picker.test-utils.ts
rename to extensions/discord/src/monitor/model-picker.test-utils.ts
index 04e9eac3824..8d9a9dd3197 100644
--- a/src/discord/monitor/model-picker.test-utils.ts
+++ b/extensions/discord/src/monitor/model-picker.test-utils.ts
@@ -1,4 +1,4 @@
-import type { ModelsProviderData } from "../../auto-reply/reply/commands-models.js";
+import type { ModelsProviderData } from "../../../../src/auto-reply/reply/commands-models.js";
 
 export function createModelsProviderData(
   entries: Record<string, string[]>,
diff --git a/src/discord/monitor/model-picker.test.ts b/extensions/discord/src/monitor/model-picker.test.ts
similarity index 96%
rename from src/discord/monitor/model-picker.test.ts
rename to extensions/discord/src/monitor/model-picker.test.ts
index 04d5006feb6..99b5d8cb244 100644
--- a/src/discord/monitor/model-picker.test.ts
+++ b/extensions/discord/src/monitor/model-picker.test.ts
@@ -1,8 +1,8 @@
 import { serializePayload } from "@buape/carbon";
 import { ComponentType } from "discord-api-types/v10";
 import { describe, expect, it, vi } from "vitest";
-import * as modelsCommandModule from "../../auto-reply/reply/commands-models.js";
-import type { OpenClawConfig } from "../../config/config.js";
+import * as modelsCommandModule from "../../../../src/auto-reply/reply/commands-models.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
 import {
   DISCORD_CUSTOM_ID_MAX_CHARS,
   DISCORD_MODEL_PICKER_MODEL_PAGE_SIZE,
@@ -415,6 +415,24 @@ describe("Discord model picker rendering", () => {
     expect(payload.components?.[0]?.type).toBe(ComponentType.ActionRow);
   });
 
+  it("preserves the stored model suffix spacing in Discord current-model text", () => {
+    const data = createModelsProviderData({ openai: [" gpt-5", "gpt-4o"] });
+
+    const rendered = renderDiscordModelPickerProvidersView({
+      command: "model",
+      userId: "99",
+      data,
+      currentModel: " OpenAI/ gpt-5 ",
+      layout: "classic",
+    });
+
+    const payload = serializePayload(toDiscordModelPickerMessagePayload(rendered)) as {
+      content?: string;
+    };
+
+    expect(payload.content).toContain("Current model: openai/ gpt-5");
+  });
+
   it("renders model view with select menu and explicit submit button", () => {
     const data = createModelsProviderData({
       openai: ["gpt-4.1", "gpt-4o", "o3"],
diff --git a/src/discord/monitor/model-picker.ts b/extensions/discord/src/monitor/model-picker.ts
similarity index 98%
rename from src/discord/monitor/model-picker.ts
rename to extensions/discord/src/monitor/model-picker.ts
index 9fa8063cb9a..fb9226ac899 100644
--- a/src/discord/monitor/model-picker.ts
+++ b/extensions/discord/src/monitor/model-picker.ts
@@ -11,12 +11,12 @@ import {
 } from "@buape/carbon";
 import type { APISelectMenuOption } from "discord-api-types/v10";
 import { ButtonStyle } from "discord-api-types/v10";
-import { normalizeProviderId } from "../../agents/model-selection.js";
+import { normalizeProviderId } from "../../../../src/agents/model-selection.js";
 import {
   buildModelsProviderData,
   type ModelsProviderData,
-} from "../../auto-reply/reply/commands-models.js";
-import type { OpenClawConfig } from "../../config/config.js";
+} from "../../../../src/auto-reply/reply/commands-models.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
 
 export const DISCORD_MODEL_PICKER_CUSTOM_ID_KEY = "mdlpk";
 export const DISCORD_CUSTOM_ID_MAX_CHARS = 100;
@@ -233,15 +233,14 @@ function paginateItems<T>(params: {
 
 function parseCurrentModelRef(raw?: string): DiscordModelPickerCurrentModelRef | null {
   const trimmed = raw?.trim();
-  if (!trimmed) {
+  const match = trimmed?.match(/^([^/]+)\/(.+)$/u);
+  if (!match) {
     return null;
   }
-  const slashIndex = trimmed.indexOf("/");
-  if (slashIndex <= 0 || slashIndex >= trimmed.length - 1) {
-    return null;
-  }
-  const provider = normalizeProviderId(trimmed.slice(0, slashIndex));
-  const model = trimmed.slice(slashIndex + 1);
+  const provider = normalizeProviderId(match[1]);
+  // Preserve the model suffix exactly as entered after "/" so select defaults
+  // continue to mirror the stored ref for Discord interactions.
+  const model = match[2];
   if (!provider || !model) {
     return null;
   }
diff --git a/src/discord/monitor/monitor.test.ts b/extensions/discord/src/monitor/monitor.test.ts
similarity index 97%
rename from src/discord/monitor/monitor.test.ts
rename to extensions/discord/src/monitor/monitor.test.ts
index 8a7f2dafbb0..b4d5478f921 100644
--- a/src/discord/monitor/monitor.test.ts
+++ b/extensions/discord/src/monitor/monitor.test.ts
@@ -7,9 +7,9 @@ import type {
 import type { Client } from "@buape/carbon";
 import type { GatewayPresenceUpdate } from "discord-api-types/v10";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../../config/config.js";
-import type { DiscordAccountConfig } from "../../config/types.discord.js";
-import { buildAgentSessionKey } from "../../routing/resolve-route.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import type { DiscordAccountConfig } from "../../../../src/config/types.discord.js";
+import { buildAgentSessionKey } from "../../../../src/routing/resolve-route.js";
 import {
   clearDiscordComponentEntries,
   registerDiscordComponentEntries,
@@ -54,20 +54,20 @@ const readSessionUpdatedAtMock = vi.hoisted(() => vi.fn());
 const resolveStorePathMock = vi.hoisted(() => vi.fn());
 let lastDispatchCtx: Record<string, unknown> | undefined;
 
-vi.mock("../../pairing/pairing-store.js", () => ({
+vi.mock("../../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: (...args: unknown[]) => readAllowFromStoreMock(...args),
   upsertChannelPairingRequest: (...args: unknown[]) => upsertPairingRequestMock(...args),
 }));
 
-vi.mock("../../infra/system-events.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../infra/system-events.js")>();
+vi.mock("../../../../src/infra/system-events.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../../src/infra/system-events.js")>();
   return {
     ...actual,
     enqueueSystemEvent: (...args: unknown[]) => enqueueSystemEventMock(...args),
   };
 });
 
-vi.mock("../../auto-reply/reply/provider-dispatcher.js", () => ({
+vi.mock("../../../../src/auto-reply/reply/provider-dispatcher.js", () => ({
   dispatchReplyWithBufferedBlockDispatcher: (...args: unknown[]) => dispatchReplyMock(...args),
 }));
 
@@ -75,12 +75,12 @@ vi.mock("./reply-delivery.js", () => ({
   deliverDiscordReply: (...args: unknown[]) => deliverDiscordReplyMock(...args),
 }));
 
-vi.mock("../../channels/session.js", () => ({
+vi.mock("../../../../src/channels/session.js", () => ({
   recordInboundSession: (...args: unknown[]) => recordInboundSessionMock(...args),
 }));
 
-vi.mock("../../config/sessions.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../config/sessions.js")>();
+vi.mock("../../../../src/config/sessions.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../../src/config/sessions.js")>();
   return {
     ...actual,
     readSessionUpdatedAt: (...args: unknown[]) => readSessionUpdatedAtMock(...args),
diff --git a/src/discord/monitor/native-command-context.test.ts b/extensions/discord/src/monitor/native-command-context.test.ts
similarity index 100%
rename from src/discord/monitor/native-command-context.test.ts
rename to extensions/discord/src/monitor/native-command-context.test.ts
diff --git a/src/discord/monitor/native-command-context.ts b/extensions/discord/src/monitor/native-command-context.ts
similarity index 94%
rename from src/discord/monitor/native-command-context.ts
rename to extensions/discord/src/monitor/native-command-context.ts
index 1d798906571..fc650827d45 100644
--- a/src/discord/monitor/native-command-context.ts
+++ b/extensions/discord/src/monitor/native-command-context.ts
@@ -1,5 +1,5 @@
-import type { CommandArgs } from "../../auto-reply/commands-registry.js";
-import { finalizeInboundContext } from "../../auto-reply/reply/inbound-context.js";
+import type { CommandArgs } from "../../../../src/auto-reply/commands-registry.js";
+import { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js";
 import { type DiscordChannelConfigResolved, type DiscordGuildEntryResolved } from "./allow-list.js";
 import { buildDiscordInboundAccessContext } from "./inbound-context.js";
 
diff --git a/src/discord/monitor/native-command.commands-allowfrom.test.ts b/extensions/discord/src/monitor/native-command.commands-allowfrom.test.ts
similarity index 93%
rename from src/discord/monitor/native-command.commands-allowfrom.test.ts
rename to extensions/discord/src/monitor/native-command.commands-allowfrom.test.ts
index 5144eb74267..92efa3eaecd 100644
--- a/src/discord/monitor/native-command.commands-allowfrom.test.ts
+++ b/extensions/discord/src/monitor/native-command.commands-allowfrom.test.ts
@@ -1,10 +1,10 @@
 import { ChannelType } from "discord-api-types/v10";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { NativeCommandSpec } from "../../auto-reply/commands-registry.js";
-import * as dispatcherModule from "../../auto-reply/reply/provider-dispatcher.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import type { DiscordAccountConfig } from "../../config/types.discord.js";
-import * as pluginCommandsModule from "../../plugins/commands.js";
+import type { NativeCommandSpec } from "../../../../src/auto-reply/commands-registry.js";
+import * as dispatcherModule from "../../../../src/auto-reply/reply/provider-dispatcher.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import type { DiscordAccountConfig } from "../../../../src/config/types.discord.js";
+import * as pluginCommandsModule from "../../../../src/plugins/commands.js";
 import { createDiscordNativeCommand } from "./native-command.js";
 import {
   createMockCommandInteraction,
diff --git a/src/discord/monitor/native-command.model-picker.test.ts b/extensions/discord/src/monitor/native-command.model-picker.test.ts
similarity index 96%
rename from src/discord/monitor/native-command.model-picker.test.ts
rename to extensions/discord/src/monitor/native-command.model-picker.test.ts
index 22d9fd94730..0faba40c2d3 100644
--- a/src/discord/monitor/native-command.model-picker.test.ts
+++ b/extensions/discord/src/monitor/native-command.model-picker.test.ts
@@ -1,15 +1,15 @@
 import { ChannelType } from "discord-api-types/v10";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import * as commandRegistryModule from "../../auto-reply/commands-registry.js";
+import * as commandRegistryModule from "../../../../src/auto-reply/commands-registry.js";
 import type {
   ChatCommandDefinition,
   CommandArgsParsing,
-} from "../../auto-reply/commands-registry.types.js";
-import type { ModelsProviderData } from "../../auto-reply/reply/commands-models.js";
-import * as dispatcherModule from "../../auto-reply/reply/provider-dispatcher.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import * as globalsModule from "../../globals.js";
-import * as timeoutModule from "../../utils/with-timeout.js";
+} from "../../../../src/auto-reply/commands-registry.types.js";
+import type { ModelsProviderData } from "../../../../src/auto-reply/reply/commands-models.js";
+import * as dispatcherModule from "../../../../src/auto-reply/reply/provider-dispatcher.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import * as globalsModule from "../../../../src/globals.js";
+import * as timeoutModule from "../../../../src/utils/with-timeout.js";
 import * as modelPickerPreferencesModule from "./model-picker-preferences.js";
 import * as modelPickerModule from "./model-picker.js";
 import { createModelsProviderData as createBaseModelsProviderData } from "./model-picker.test-utils.js";
diff --git a/src/discord/monitor/native-command.options.test.ts b/extensions/discord/src/monitor/native-command.options.test.ts
similarity index 93%
rename from src/discord/monitor/native-command.options.test.ts
rename to extensions/discord/src/monitor/native-command.options.test.ts
index 808f9cf001b..f287b085704 100644
--- a/src/discord/monitor/native-command.options.test.ts
+++ b/extensions/discord/src/monitor/native-command.options.test.ts
@@ -1,6 +1,6 @@
 import { describe, expect, it } from "vitest";
-import { listNativeCommandSpecs } from "../../auto-reply/commands-registry.js";
-import type { OpenClawConfig, loadConfig } from "../../config/config.js";
+import { listNativeCommandSpecs } from "../../../../src/auto-reply/commands-registry.js";
+import type { OpenClawConfig, loadConfig } from "../../../../src/config/config.js";
 import { createDiscordNativeCommand } from "./native-command.js";
 import { createNoopThreadBindingManager } from "./thread-bindings.js";
 
diff --git a/src/discord/monitor/native-command.plugin-dispatch.test.ts b/extensions/discord/src/monitor/native-command.plugin-dispatch.test.ts
similarity index 85%
rename from src/discord/monitor/native-command.plugin-dispatch.test.ts
rename to extensions/discord/src/monitor/native-command.plugin-dispatch.test.ts
index bcb6be36c21..4ac49c92119 100644
--- a/src/discord/monitor/native-command.plugin-dispatch.test.ts
+++ b/extensions/discord/src/monitor/native-command.plugin-dispatch.test.ts
@@ -1,9 +1,9 @@
 import { ChannelType } from "discord-api-types/v10";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { NativeCommandSpec } from "../../auto-reply/commands-registry.js";
-import * as dispatcherModule from "../../auto-reply/reply/provider-dispatcher.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import * as pluginCommandsModule from "../../plugins/commands.js";
+import type { NativeCommandSpec } from "../../../../src/auto-reply/commands-registry.js";
+import * as dispatcherModule from "../../../../src/auto-reply/reply/provider-dispatcher.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import * as pluginCommandsModule from "../../../../src/plugins/commands.js";
 import { createDiscordNativeCommand } from "./native-command.js";
 import {
   createMockCommandInteraction,
@@ -12,9 +12,9 @@ import {
 import { createNoopThreadBindingManager } from "./thread-bindings.js";
 
 type ResolveConfiguredAcpBindingRecordFn =
-  typeof import("../../acp/persistent-bindings.js").resolveConfiguredAcpBindingRecord;
+  typeof import("../../../../src/acp/persistent-bindings.js").resolveConfiguredAcpBindingRecord;
 type EnsureConfiguredAcpBindingSessionFn =
-  typeof import("../../acp/persistent-bindings.js").ensureConfiguredAcpBindingSession;
+  typeof import("../../../../src/acp/persistent-bindings.js").ensureConfiguredAcpBindingSession;
 
 const persistentBindingMocks = vi.hoisted(() => ({
   resolveConfiguredAcpBindingRecord: vi.fn<ResolveConfiguredAcpBindingRecordFn>(() => null),
@@ -24,8 +24,9 @@ const persistentBindingMocks = vi.hoisted(() => ({
   })),
 }));
 
-vi.mock("../../acp/persistent-bindings.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../acp/persistent-bindings.js")>();
+vi.mock("../../../../src/acp/persistent-bindings.js", async (importOriginal) => {
+  const actual =
+    await importOriginal<typeof import("../../../../src/acp/persistent-bindings.js")>();
   return {
     ...actual,
     resolveConfiguredAcpBindingRecord: persistentBindingMocks.resolveConfiguredAcpBindingRecord,
@@ -130,6 +131,25 @@ function expectBoundSessionDispatch(
   expect(persistentBindingMocks.ensureConfiguredAcpBindingSession).toHaveBeenCalledTimes(1);
 }
 
+async function expectBoundStatusCommandDispatch(params: {
+  cfg: OpenClawConfig;
+  interaction: MockCommandInteraction;
+  channelId: string;
+  boundSessionKey: string;
+}) {
+  const command = createStatusCommand(params.cfg);
+  setConfiguredBinding(params.channelId, params.boundSessionKey);
+
+  vi.spyOn(pluginCommandsModule, "matchPluginCommand").mockReturnValue(null);
+  const dispatchSpy = createDispatchSpy();
+
+  await (command as { run: (interaction: unknown) => Promise<void> }).run(
+    params.interaction as unknown,
+  );
+
+  expectBoundSessionDispatch(dispatchSpy, params.boundSessionKey);
+}
+
 describe("Discord native plugin command dispatch", () => {
   beforeEach(() => {
     vi.restoreAllMocks();
@@ -212,7 +232,6 @@ describe("Discord native plugin command dispatch", () => {
         },
       ],
     } as OpenClawConfig;
-    const command = createStatusCommand(cfg);
     const interaction = createInteraction({
       channelType: ChannelType.GuildText,
       channelId,
@@ -220,14 +239,12 @@ describe("Discord native plugin command dispatch", () => {
       guildName: "Ops",
     });
 
-    setConfiguredBinding(channelId, boundSessionKey);
-
-    vi.spyOn(pluginCommandsModule, "matchPluginCommand").mockReturnValue(null);
-    const dispatchSpy = createDispatchSpy();
-
-    await (command as { run: (interaction: unknown) => Promise<void> }).run(interaction as unknown);
-
-    expectBoundSessionDispatch(dispatchSpy, boundSessionKey);
+    await expectBoundStatusCommandDispatch({
+      cfg,
+      interaction,
+      channelId,
+      boundSessionKey,
+    });
   });
 
   it("falls back to the routed slash and channel session keys when no bound session exists", async () => {
@@ -312,19 +329,16 @@ describe("Discord native plugin command dispatch", () => {
         },
       },
     } as OpenClawConfig;
-    const command = createStatusCommand(cfg);
     const interaction = createInteraction({
       channelType: ChannelType.DM,
       channelId,
     });
 
-    setConfiguredBinding(channelId, boundSessionKey);
-
-    vi.spyOn(pluginCommandsModule, "matchPluginCommand").mockReturnValue(null);
-    const dispatchSpy = createDispatchSpy();
-
-    await (command as { run: (interaction: unknown) => Promise<void> }).run(interaction as unknown);
-
-    expectBoundSessionDispatch(dispatchSpy, boundSessionKey);
+    await expectBoundStatusCommandDispatch({
+      cfg,
+      interaction,
+      channelId,
+      boundSessionKey,
+    });
   });
 });
diff --git a/src/discord/monitor/native-command.test-helpers.ts b/extensions/discord/src/monitor/native-command.test-helpers.ts
similarity index 100%
rename from src/discord/monitor/native-command.test-helpers.ts
rename to extensions/discord/src/monitor/native-command.test-helpers.ts
diff --git a/src/discord/monitor/native-command.ts b/extensions/discord/src/monitor/native-command.ts
similarity index 96%
rename from src/discord/monitor/native-command.ts
rename to extensions/discord/src/monitor/native-command.ts
index 4af7d5ef6d3..bc038927d9c 100644
--- a/src/discord/monitor/native-command.ts
+++ b/extensions/discord/src/monitor/native-command.ts
@@ -17,17 +17,17 @@ import { ApplicationCommandOptionType, ButtonStyle } from "discord-api-types/v10
 import {
   ensureConfiguredAcpRouteReady,
   resolveConfiguredAcpRoute,
-} from "../../acp/persistent-bindings.route.js";
-import { resolveHumanDelayConfig } from "../../agents/identity.js";
-import { resolveChunkMode, resolveTextChunkLimit } from "../../auto-reply/chunk.js";
-import { resolveCommandAuthorization } from "../../auto-reply/command-auth.js";
+} from "../../../../src/acp/persistent-bindings.route.js";
+import { resolveHumanDelayConfig } from "../../../../src/agents/identity.js";
+import { resolveChunkMode, resolveTextChunkLimit } from "../../../../src/auto-reply/chunk.js";
+import { resolveCommandAuthorization } from "../../../../src/auto-reply/command-auth.js";
 import type {
   ChatCommandDefinition,
   CommandArgDefinition,
   CommandArgValues,
   CommandArgs,
   NativeCommandSpec,
-} from "../../auto-reply/commands-registry.js";
+} from "../../../../src/auto-reply/commands-registry.js";
 import {
   buildCommandTextFromArgs,
   findCommandByNativeName,
@@ -36,26 +36,26 @@ import {
   resolveCommandArgChoices,
   resolveCommandArgMenu,
   serializeCommandArgs,
-} from "../../auto-reply/commands-registry.js";
-import { resolveStoredModelOverride } from "../../auto-reply/reply/model-selection.js";
-import { dispatchReplyWithDispatcher } from "../../auto-reply/reply/provider-dispatcher.js";
-import type { ReplyPayload } from "../../auto-reply/types.js";
-import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-gating.js";
-import { resolveNativeCommandSessionTargets } from "../../channels/native-command-session-targets.js";
-import { createReplyPrefixOptions } from "../../channels/reply-prefix.js";
-import type { OpenClawConfig, loadConfig } from "../../config/config.js";
-import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
-import { resolveOpenProviderRuntimeGroupPolicy } from "../../config/runtime-group-policy.js";
-import { loadSessionStore, resolveStorePath } from "../../config/sessions.js";
-import { logVerbose } from "../../globals.js";
-import { createSubsystemLogger } from "../../logging/subsystem.js";
-import { getAgentScopedMediaLocalRoots } from "../../media/local-roots.js";
-import { buildPairingReply } from "../../pairing/pairing-messages.js";
-import { executePluginCommand, matchPluginCommand } from "../../plugins/commands.js";
-import type { ResolvedAgentRoute } from "../../routing/resolve-route.js";
-import { chunkItems } from "../../utils/chunk-items.js";
-import { withTimeout } from "../../utils/with-timeout.js";
-import { loadWebMedia } from "../../web/media.js";
+} from "../../../../src/auto-reply/commands-registry.js";
+import { resolveStoredModelOverride } from "../../../../src/auto-reply/reply/model-selection.js";
+import { dispatchReplyWithDispatcher } from "../../../../src/auto-reply/reply/provider-dispatcher.js";
+import type { ReplyPayload } from "../../../../src/auto-reply/types.js";
+import { resolveCommandAuthorizedFromAuthorizers } from "../../../../src/channels/command-gating.js";
+import { resolveNativeCommandSessionTargets } from "../../../../src/channels/native-command-session-targets.js";
+import { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js";
+import type { OpenClawConfig, loadConfig } from "../../../../src/config/config.js";
+import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js";
+import { resolveOpenProviderRuntimeGroupPolicy } from "../../../../src/config/runtime-group-policy.js";
+import { loadSessionStore, resolveStorePath } from "../../../../src/config/sessions.js";
+import { logVerbose } from "../../../../src/globals.js";
+import { createSubsystemLogger } from "../../../../src/logging/subsystem.js";
+import { getAgentScopedMediaLocalRoots } from "../../../../src/media/local-roots.js";
+import { buildPairingReply } from "../../../../src/pairing/pairing-messages.js";
+import { executePluginCommand, matchPluginCommand } from "../../../../src/plugins/commands.js";
+import type { ResolvedAgentRoute } from "../../../../src/routing/resolve-route.js";
+import { chunkItems } from "../../../../src/utils/chunk-items.js";
+import { withTimeout } from "../../../../src/utils/with-timeout.js";
+import { loadWebMedia } from "../../../whatsapp/src/media.js";
 import { resolveDiscordMaxLinesPerMessage } from "../accounts.js";
 import { chunkDiscordTextWithMode } from "../chunk.js";
 import {
@@ -1355,6 +1355,7 @@ async function dispatchDiscordCommandInteraction(params: {
   });
   const guildInfo = resolveDiscordGuildEntry({
     guild: interaction.guild ?? undefined,
+    guildId: interaction.guild?.id ?? undefined,
     guildEntries: discordConfig?.guilds,
   });
   let threadParentId: string | undefined;
diff --git a/src/discord/monitor/preflight-audio.ts b/extensions/discord/src/monitor/preflight-audio.ts
similarity index 90%
rename from src/discord/monitor/preflight-audio.ts
rename to extensions/discord/src/monitor/preflight-audio.ts
index 307abcc6b43..f52e2b0df93 100644
--- a/src/discord/monitor/preflight-audio.ts
+++ b/extensions/discord/src/monitor/preflight-audio.ts
@@ -1,5 +1,5 @@
-import type { OpenClawConfig } from "../../config/config.js";
-import { logVerbose } from "../../globals.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import { logVerbose } from "../../../../src/globals.js";
 
 type DiscordAudioAttachment = {
   content_type?: string;
@@ -50,7 +50,8 @@ export async function resolveDiscordPreflightAudioMentionContext(params: {
       };
     }
     try {
-      const { transcribeFirstAudio } = await import("../../media-understanding/audio-preflight.js");
+      const { transcribeFirstAudio } =
+        await import("../../../../src/media-understanding/audio-preflight.js");
       if (params.abortSignal?.aborted) {
         return {
           hasAudioAttachment,
diff --git a/src/discord/monitor/presence-cache.ts b/extensions/discord/src/monitor/presence-cache.ts
similarity index 100%
rename from src/discord/monitor/presence-cache.ts
rename to extensions/discord/src/monitor/presence-cache.ts
diff --git a/src/discord/monitor/presence.test.ts b/extensions/discord/src/monitor/presence.test.ts
similarity index 100%
rename from src/discord/monitor/presence.test.ts
rename to extensions/discord/src/monitor/presence.test.ts
diff --git a/src/discord/monitor/presence.ts b/extensions/discord/src/monitor/presence.ts
similarity index 95%
rename from src/discord/monitor/presence.ts
rename to extensions/discord/src/monitor/presence.ts
index ed52ea7b014..b13a21dc2f1 100644
--- a/src/discord/monitor/presence.ts
+++ b/extensions/discord/src/monitor/presence.ts
@@ -1,5 +1,5 @@
 import type { Activity, UpdatePresenceData } from "@buape/carbon/gateway";
-import type { DiscordAccountConfig } from "../../config/config.js";
+import type { DiscordAccountConfig } from "../../../../src/config/config.js";
 
 const DEFAULT_CUSTOM_ACTIVITY_TYPE = 4;
 const CUSTOM_STATUS_NAME = "Custom Status";
diff --git a/src/discord/monitor/provider.allowlist.test.ts b/extensions/discord/src/monitor/provider.allowlist.test.ts
similarity index 98%
rename from src/discord/monitor/provider.allowlist.test.ts
rename to extensions/discord/src/monitor/provider.allowlist.test.ts
index 417cb5e4563..0d34b65c1f7 100644
--- a/src/discord/monitor/provider.allowlist.test.ts
+++ b/extensions/discord/src/monitor/provider.allowlist.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it, vi } from "vitest";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 
 const { resolveDiscordChannelAllowlistMock, resolveDiscordUserAllowlistMock } = vi.hoisted(() => ({
   resolveDiscordChannelAllowlistMock: vi.fn(
diff --git a/src/discord/monitor/provider.allowlist.ts b/extensions/discord/src/monitor/provider.allowlist.ts
similarity index 96%
rename from src/discord/monitor/provider.allowlist.ts
rename to extensions/discord/src/monitor/provider.allowlist.ts
index e1f52c0c3f5..3f108e443ea 100644
--- a/src/discord/monitor/provider.allowlist.ts
+++ b/extensions/discord/src/monitor/provider.allowlist.ts
@@ -4,11 +4,11 @@ import {
   canonicalizeAllowlistWithResolvedIds,
   patchAllowlistUsersInConfigEntries,
   summarizeMapping,
-} from "../../channels/allowlists/resolve-utils.js";
-import type { DiscordGuildEntry } from "../../config/types.discord.js";
-import { formatErrorMessage } from "../../infra/errors.js";
-import type { RuntimeEnv } from "../../runtime.js";
-import { normalizeStringEntries } from "../../shared/string-normalization.js";
+} from "../../../../src/channels/allowlists/resolve-utils.js";
+import type { DiscordGuildEntry } from "../../../../src/config/types.discord.js";
+import { formatErrorMessage } from "../../../../src/infra/errors.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
+import { normalizeStringEntries } from "../../../../src/shared/string-normalization.js";
 import { resolveDiscordChannelAllowlist } from "../resolve-channels.js";
 import { resolveDiscordUserAllowlist } from "../resolve-users.js";
 
diff --git a/src/discord/monitor/provider.group-policy.test.ts b/extensions/discord/src/monitor/provider.group-policy.test.ts
similarity index 93%
rename from src/discord/monitor/provider.group-policy.test.ts
rename to extensions/discord/src/monitor/provider.group-policy.test.ts
index 9fe01fd0a31..995c6f66e31 100644
--- a/src/discord/monitor/provider.group-policy.test.ts
+++ b/extensions/discord/src/monitor/provider.group-policy.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { installProviderRuntimeGroupPolicyFallbackSuite } from "../../test-utils/runtime-group-policy-contract.js";
+import { installProviderRuntimeGroupPolicyFallbackSuite } from "../../../../src/test-utils/runtime-group-policy-contract.js";
 import { __testing } from "./provider.js";
 
 describe("resolveDiscordRuntimeGroupPolicy", () => {
diff --git a/src/discord/monitor/provider.lifecycle.test.ts b/extensions/discord/src/monitor/provider.lifecycle.test.ts
similarity index 99%
rename from src/discord/monitor/provider.lifecycle.test.ts
rename to extensions/discord/src/monitor/provider.lifecycle.test.ts
index 0209cf350f9..f03dce881c2 100644
--- a/src/discord/monitor/provider.lifecycle.test.ts
+++ b/extensions/discord/src/monitor/provider.lifecycle.test.ts
@@ -1,7 +1,7 @@
 import { EventEmitter } from "node:events";
 import type { Client } from "@buape/carbon";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import type { WaitForDiscordGatewayStopParams } from "../monitor.gateway.js";
 
 const {
diff --git a/src/discord/monitor/provider.lifecycle.ts b/extensions/discord/src/monitor/provider.lifecycle.ts
similarity index 97%
rename from src/discord/monitor/provider.lifecycle.ts
rename to extensions/discord/src/monitor/provider.lifecycle.ts
index ffc78b40676..4d2130c3a5d 100644
--- a/src/discord/monitor/provider.lifecycle.ts
+++ b/extensions/discord/src/monitor/provider.lifecycle.ts
@@ -1,9 +1,9 @@
 import type { Client } from "@buape/carbon";
 import type { GatewayPlugin } from "@buape/carbon/gateway";
-import { createArmableStallWatchdog } from "../../channels/transport/stall-watchdog.js";
-import { createConnectedChannelStatusPatch } from "../../gateway/channel-status-patches.js";
-import { danger } from "../../globals.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import { createArmableStallWatchdog } from "../../../../src/channels/transport/stall-watchdog.js";
+import { createConnectedChannelStatusPatch } from "../../../../src/gateway/channel-status-patches.js";
+import { danger } from "../../../../src/globals.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import { attachDiscordGatewayLogging } from "../gateway-logging.js";
 import { getDiscordGatewayEmitter, waitForDiscordGatewayStop } from "../monitor.gateway.js";
 import type { DiscordVoiceManager } from "../voice/manager.js";
diff --git a/src/discord/monitor/provider.proxy.test.ts b/extensions/discord/src/monitor/provider.proxy.test.ts
similarity index 92%
rename from src/discord/monitor/provider.proxy.test.ts
rename to extensions/discord/src/monitor/provider.proxy.test.ts
index 9a15dcef94b..72da5136c7a 100644
--- a/src/discord/monitor/provider.proxy.test.ts
+++ b/extensions/discord/src/monitor/provider.proxy.test.ts
@@ -147,6 +147,18 @@ describe("createDiscordGatewayPlugin", () => {
     expect(baseRegisterClientSpy).not.toHaveBeenCalled();
   }
 
+  async function registerGatewayClientWithMetadata(params: {
+    plugin: unknown;
+    fetchMock: typeof globalFetchMock;
+  }) {
+    params.fetchMock.mockResolvedValue({
+      ok: true,
+      status: 200,
+      text: async () => JSON.stringify({ url: "wss://gateway.discord.gg" }),
+    } as Response);
+    await registerGatewayClient(params.plugin);
+  }
+
   beforeEach(() => {
     vi.stubGlobal("fetch", globalFetchMock);
     baseRegisterClientSpy.mockClear();
@@ -161,23 +173,12 @@ describe("createDiscordGatewayPlugin", () => {
 
   it("uses safe gateway metadata lookup without proxy", async () => {
     const runtime = createRuntime();
-    globalFetchMock.mockResolvedValue({
-      ok: true,
-      status: 200,
-      text: async () => JSON.stringify({ url: "wss://gateway.discord.gg" }),
-    } as Response);
     const plugin = createDiscordGatewayPlugin({
       discordConfig: {},
       runtime,
     });
 
-    await (
-      plugin as unknown as {
-        registerClient: (client: { options: { token: string } }) => Promise<void>;
-      }
-    ).registerClient({
-      options: { token: "token-123" },
-    });
+    await registerGatewayClientWithMetadata({ plugin, fetchMock: globalFetchMock });
 
     expect(globalFetchMock).toHaveBeenCalledWith(
       "https://discord.com/api/v10/gateway/bot",
@@ -235,23 +236,12 @@ describe("createDiscordGatewayPlugin", () => {
 
   it("uses proxy fetch for gateway metadata lookup before registering", async () => {
     const runtime = createRuntime();
-    undiciFetchMock.mockResolvedValue({
-      ok: true,
-      status: 200,
-      text: async () => JSON.stringify({ url: "wss://gateway.discord.gg" }),
-    } as Response);
     const plugin = createDiscordGatewayPlugin({
       discordConfig: { proxy: "http://proxy.test:8080" },
       runtime,
     });
 
-    await (
-      plugin as unknown as {
-        registerClient: (client: { options: { token: string } }) => Promise<void>;
-      }
-    ).registerClient({
-      options: { token: "token-123" },
-    });
+    await registerGatewayClientWithMetadata({ plugin, fetchMock: undiciFetchMock });
 
     expect(restProxyAgentSpy).toHaveBeenCalledWith("http://proxy.test:8080");
     expect(undiciFetchMock).toHaveBeenCalledWith(
diff --git a/src/discord/monitor/provider.rest-proxy.test.ts b/extensions/discord/src/monitor/provider.rest-proxy.test.ts
similarity index 100%
rename from src/discord/monitor/provider.rest-proxy.test.ts
rename to extensions/discord/src/monitor/provider.rest-proxy.test.ts
diff --git a/src/discord/monitor/provider.skill-dedupe.test.ts b/extensions/discord/src/monitor/provider.skill-dedupe.test.ts
similarity index 100%
rename from src/discord/monitor/provider.skill-dedupe.test.ts
rename to extensions/discord/src/monitor/provider.skill-dedupe.test.ts
diff --git a/src/discord/monitor/provider.test.ts b/extensions/discord/src/monitor/provider.test.ts
similarity index 84%
rename from src/discord/monitor/provider.test.ts
rename to extensions/discord/src/monitor/provider.test.ts
index 91f61a7ce1f..10d310b9a20 100644
--- a/src/discord/monitor/provider.test.ts
+++ b/extensions/discord/src/monitor/provider.test.ts
@@ -1,8 +1,8 @@
 import { EventEmitter } from "node:events";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { AcpRuntimeError } from "../../acp/runtime/errors.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import { AcpRuntimeError } from "../../../../src/acp/runtime/errors.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 
 type NativeCommandSpecMock = {
   name: string;
@@ -16,7 +16,17 @@ type PluginCommandSpecMock = {
   acceptsArgs: boolean;
 };
 
+function baseDiscordAccountConfig() {
+  return {
+    commands: { native: true, nativeSkills: false },
+    voice: { enabled: false },
+    agentComponents: { enabled: false },
+    execApprovals: { enabled: false },
+  };
+}
+
 const {
+  clientHandleDeployRequestMock,
   clientFetchUserMock,
   clientGetPluginMock,
   clientConstructorOptionsMock,
@@ -40,6 +50,7 @@ const {
 } = vi.hoisted(() => {
   const createdBindingManagers: Array<{ stop: ReturnType<typeof vi.fn> }> = [];
   return {
+    clientHandleDeployRequestMock: vi.fn(async () => undefined),
     clientConstructorOptionsMock: vi.fn(),
     createDiscordAutoPresenceControllerMock: vi.fn(() => ({
       enabled: false,
@@ -91,12 +102,7 @@ const {
     resolveDiscordAccountMock: vi.fn(() => ({
       accountId: "default",
       token: "cfg-token",
-      config: {
-        commands: { native: true, nativeSkills: false },
-        voice: { enabled: false },
-        agentComponents: { enabled: false },
-        execApprovals: { enabled: false },
-      },
+      config: baseDiscordAccountConfig(),
     })),
     resolveDiscordAllowlistConfigMock: vi.fn(async () => ({
       guildEntries: undefined,
@@ -108,8 +114,41 @@ const {
   };
 });
 
+function mockResolvedDiscordAccountConfig(overrides: Record<string, unknown>) {
+  resolveDiscordAccountMock.mockImplementation(() => ({
+    accountId: "default",
+    token: "cfg-token",
+    config: {
+      ...baseDiscordAccountConfig(),
+      ...overrides,
+    },
+  }));
+}
+
+function getFirstDiscordMessageHandlerParams<T extends object>() {
+  expect(createDiscordMessageHandlerMock).toHaveBeenCalledTimes(1);
+  const firstCall = createDiscordMessageHandlerMock.mock.calls.at(0) as [T] | undefined;
+  return firstCall?.[0];
+}
+
 vi.mock("@buape/carbon", () => {
   class ReadyListener {}
+  class RateLimitError extends Error {
+    status = 429;
+    discordCode?: number;
+    retryAfter: number;
+    scope: string | null;
+    bucket: string | null;
+    constructor(
+      response: Response,
+      body: { message: string; retry_after: number; global: boolean },
+    ) {
+      super(body.message);
+      this.retryAfter = body.retry_after;
+      this.scope = body.global ? "global" : response.headers.get("X-RateLimit-Scope");
+      this.bucket = response.headers.get("X-RateLimit-Bucket");
+    }
+  }
   class Client {
     listeners: unknown[];
     rest: { put: ReturnType<typeof vi.fn> };
@@ -121,7 +160,7 @@ vi.mock("@buape/carbon", () => {
       clientConstructorOptionsMock(options);
     }
     async handleDeployRequest() {
-      return undefined;
+      return await clientHandleDeployRequestMock();
     }
     async fetchUser(target: string) {
       return await clientFetchUserMock(target);
@@ -130,7 +169,7 @@ vi.mock("@buape/carbon", () => {
       return clientGetPluginMock(name);
     }
   }
-  return { Client, ReadyListener };
+  return { Client, RateLimitError, ReadyListener };
 });
 
 vi.mock("@buape/carbon/gateway", () => ({
@@ -141,58 +180,58 @@ vi.mock("@buape/carbon/voice", () => ({
   VoicePlugin: class VoicePlugin {},
 }));
 
-vi.mock("../../auto-reply/chunk.js", () => ({
+vi.mock("../../../../src/auto-reply/chunk.js", () => ({
   resolveTextChunkLimit: () => 2000,
 }));
 
-vi.mock("../../acp/control-plane/manager.js", () => ({
+vi.mock("../../../../src/acp/control-plane/manager.js", () => ({
   getAcpSessionManager: () => ({
     getSessionStatus: getAcpSessionStatusMock,
   }),
 }));
 
-vi.mock("../../auto-reply/commands-registry.js", () => ({
+vi.mock("../../../../src/auto-reply/commands-registry.js", () => ({
   listNativeCommandSpecsForConfig: listNativeCommandSpecsForConfigMock,
 }));
 
-vi.mock("../../auto-reply/skill-commands.js", () => ({
+vi.mock("../../../../src/auto-reply/skill-commands.js", () => ({
   listSkillCommandsForAgents: listSkillCommandsForAgentsMock,
 }));
 
-vi.mock("../../config/commands.js", () => ({
+vi.mock("../../../../src/config/commands.js", () => ({
   isNativeCommandsExplicitlyDisabled: () => false,
   resolveNativeCommandsEnabled: resolveNativeCommandsEnabledMock,
   resolveNativeSkillsEnabled: resolveNativeSkillsEnabledMock,
 }));
 
-vi.mock("../../config/config.js", () => ({
+vi.mock("../../../../src/config/config.js", () => ({
   loadConfig: () => ({}),
 }));
 
-vi.mock("../../globals.js", () => ({
+vi.mock("../../../../src/globals.js", () => ({
   danger: (v: string) => v,
   logVerbose: vi.fn(),
   shouldLogVerbose: () => false,
   warn: (v: string) => v,
 }));
 
-vi.mock("../../infra/errors.js", () => ({
+vi.mock("../../../../src/infra/errors.js", () => ({
   formatErrorMessage: (err: unknown) => String(err),
 }));
 
-vi.mock("../../infra/retry-policy.js", () => ({
+vi.mock("../../../../src/infra/retry-policy.js", () => ({
   createDiscordRetryRunner: () => async (run: () => Promise<unknown>) => run(),
 }));
 
-vi.mock("../../logging/subsystem.js", () => ({
+vi.mock("../../../../src/logging/subsystem.js", () => ({
   createSubsystemLogger: () => ({ info: vi.fn(), error: vi.fn() }),
 }));
 
-vi.mock("../../plugins/commands.js", () => ({
+vi.mock("../../../../src/plugins/commands.js", () => ({
   getPluginCommandSpecs: getPluginCommandSpecsMock,
 }));
 
-vi.mock("../../runtime.js", () => ({
+vi.mock("../../../../src/runtime.js", () => ({
   createNonExitingRuntime: () => ({ log: vi.fn(), error: vi.fn(), exit: vi.fn() }),
 }));
 
@@ -352,6 +391,7 @@ describe("monitorDiscordProvider", () => {
   };
 
   beforeEach(() => {
+    clientHandleDeployRequestMock.mockClear().mockResolvedValue(undefined);
     clientConstructorOptionsMock.mockClear();
     createDiscordAutoPresenceControllerMock.mockClear().mockImplementation(() => ({
       enabled: false,
@@ -663,17 +703,9 @@ describe("monitorDiscordProvider", () => {
   it("forwards custom eventQueue config from discord config to Carbon Client", async () => {
     const { monitorDiscordProvider } = await import("./provider.js");
 
-    resolveDiscordAccountMock.mockImplementation(() => ({
-      accountId: "default",
-      token: "cfg-token",
-      config: {
-        commands: { native: true, nativeSkills: false },
-        voice: { enabled: false },
-        agentComponents: { enabled: false },
-        execApprovals: { enabled: false },
-        eventQueue: { listenerTimeout: 300_000 },
-      },
-    }));
+    mockResolvedDiscordAccountConfig({
+      eventQueue: { listenerTimeout: 300_000 },
+    });
 
     await monitorDiscordProvider({
       config: baseConfig(),
@@ -687,28 +719,19 @@ describe("monitorDiscordProvider", () => {
   it("does not reuse eventQueue.listenerTimeout as the queued inbound worker timeout", async () => {
     const { monitorDiscordProvider } = await import("./provider.js");
 
-    resolveDiscordAccountMock.mockImplementation(() => ({
-      accountId: "default",
-      token: "cfg-token",
-      config: {
-        commands: { native: true, nativeSkills: false },
-        voice: { enabled: false },
-        agentComponents: { enabled: false },
-        execApprovals: { enabled: false },
-        eventQueue: { listenerTimeout: 50_000 },
-      },
-    }));
+    mockResolvedDiscordAccountConfig({
+      eventQueue: { listenerTimeout: 50_000 },
+    });
 
     await monitorDiscordProvider({
       config: baseConfig(),
       runtime: baseRuntime(),
     });
 
-    expect(createDiscordMessageHandlerMock).toHaveBeenCalledTimes(1);
-    const firstCall = createDiscordMessageHandlerMock.mock.calls.at(0) as
-      | [{ workerRunTimeoutMs?: number; listenerTimeoutMs?: number }]
-      | undefined;
-    const params = firstCall?.[0];
+    const params = getFirstDiscordMessageHandlerParams<{
+      workerRunTimeoutMs?: number;
+      listenerTimeoutMs?: number;
+    }>();
     expect(params?.workerRunTimeoutMs).toBeUndefined();
     expect("listenerTimeoutMs" in (params ?? {})).toBe(false);
   });
@@ -716,28 +739,18 @@ describe("monitorDiscordProvider", () => {
   it("forwards inbound worker timeout config to the Discord message handler", async () => {
     const { monitorDiscordProvider } = await import("./provider.js");
 
-    resolveDiscordAccountMock.mockImplementation(() => ({
-      accountId: "default",
-      token: "cfg-token",
-      config: {
-        commands: { native: true, nativeSkills: false },
-        voice: { enabled: false },
-        agentComponents: { enabled: false },
-        execApprovals: { enabled: false },
-        inboundWorker: { runTimeoutMs: 300_000 },
-      },
-    }));
+    mockResolvedDiscordAccountConfig({
+      inboundWorker: { runTimeoutMs: 300_000 },
+    });
 
     await monitorDiscordProvider({
       config: baseConfig(),
       runtime: baseRuntime(),
     });
 
-    expect(createDiscordMessageHandlerMock).toHaveBeenCalledTimes(1);
-    const firstCall = createDiscordMessageHandlerMock.mock.calls.at(0) as
-      | [{ workerRunTimeoutMs?: number }]
-      | undefined;
-    const params = firstCall?.[0];
+    const params = getFirstDiscordMessageHandlerParams<{
+      workerRunTimeoutMs?: number;
+    }>();
     expect(params?.workerRunTimeoutMs).toBe(300_000);
   });
 
@@ -763,6 +776,40 @@ describe("monitorDiscordProvider", () => {
     expect(commandNames).toContain("cron_jobs");
   });
 
+  it("continues startup when Discord daily slash-command create quota is exhausted", async () => {
+    const { RateLimitError } = await import("@buape/carbon");
+    const { monitorDiscordProvider } = await import("./provider.js");
+    const runtime = baseRuntime();
+    const rateLimitError = new RateLimitError(
+      new Response(null, {
+        status: 429,
+        headers: {
+          "X-RateLimit-Scope": "shared",
+          "X-RateLimit-Bucket": "bucket-1",
+        },
+      }),
+      {
+        message: "Max number of daily application command creates has been reached (200)",
+        retry_after: 193.632,
+        global: false,
+      },
+    );
+    rateLimitError.discordCode = 30034;
+    clientHandleDeployRequestMock.mockRejectedValueOnce(rateLimitError);
+
+    await monitorDiscordProvider({
+      config: baseConfig(),
+      runtime,
+    });
+
+    expect(clientHandleDeployRequestMock).toHaveBeenCalledTimes(1);
+    expect(clientFetchUserMock).toHaveBeenCalledWith("@me");
+    expect(monitorLifecycleMock).toHaveBeenCalledTimes(1);
+    expect(runtime.log).toHaveBeenCalledWith(
+      expect.stringContaining("native command deploy skipped"),
+    );
+  });
+
   it("reports connected status on startup and shutdown", async () => {
     const { monitorDiscordProvider } = await import("./provider.js");
     const setStatus = vi.fn();
diff --git a/src/discord/monitor/provider.ts b/extensions/discord/src/monitor/provider.ts
similarity index 74%
rename from src/discord/monitor/provider.ts
rename to extensions/discord/src/monitor/provider.ts
index b1bfdde58c1..8fa3335fa3a 100644
--- a/src/discord/monitor/provider.ts
+++ b/extensions/discord/src/monitor/provider.ts
@@ -1,6 +1,7 @@
 import { inspect } from "node:util";
 import {
   Client,
+  RateLimitError,
   ReadyListener,
   type BaseCommand,
   type BaseMessageInteractiveComponent,
@@ -10,41 +11,41 @@ import {
 import { GatewayCloseCodes, type GatewayPlugin } from "@buape/carbon/gateway";
 import { VoicePlugin } from "@buape/carbon/voice";
 import { Routes } from "discord-api-types/v10";
-import { getAcpSessionManager } from "../../acp/control-plane/manager.js";
-import { isAcpRuntimeError } from "../../acp/runtime/errors.js";
-import { resolveTextChunkLimit } from "../../auto-reply/chunk.js";
-import type { NativeCommandSpec } from "../../auto-reply/commands-registry.js";
-import { listNativeCommandSpecsForConfig } from "../../auto-reply/commands-registry.js";
-import type { HistoryEntry } from "../../auto-reply/reply/history.js";
-import { listSkillCommandsForAgents } from "../../auto-reply/skill-commands.js";
+import { getAcpSessionManager } from "../../../../src/acp/control-plane/manager.js";
+import { isAcpRuntimeError } from "../../../../src/acp/runtime/errors.js";
+import { resolveTextChunkLimit } from "../../../../src/auto-reply/chunk.js";
+import type { NativeCommandSpec } from "../../../../src/auto-reply/commands-registry.js";
+import { listNativeCommandSpecsForConfig } from "../../../../src/auto-reply/commands-registry.js";
+import type { HistoryEntry } from "../../../../src/auto-reply/reply/history.js";
+import { listSkillCommandsForAgents } from "../../../../src/auto-reply/skill-commands.js";
 import {
   resolveThreadBindingIdleTimeoutMs,
   resolveThreadBindingMaxAgeMs,
   resolveThreadBindingsEnabled,
-} from "../../channels/thread-bindings-policy.js";
+} from "../../../../src/channels/thread-bindings-policy.js";
 import {
   isNativeCommandsExplicitlyDisabled,
   resolveNativeCommandsEnabled,
   resolveNativeSkillsEnabled,
-} from "../../config/commands.js";
-import type { OpenClawConfig, ReplyToMode } from "../../config/config.js";
-import { loadConfig } from "../../config/config.js";
-import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
+} from "../../../../src/config/commands.js";
+import type { OpenClawConfig, ReplyToMode } from "../../../../src/config/config.js";
+import { loadConfig } from "../../../../src/config/config.js";
+import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js";
 import {
   GROUP_POLICY_BLOCKED_LABEL,
   resolveOpenProviderRuntimeGroupPolicy,
   resolveDefaultGroupPolicy,
   warnMissingProviderGroupPolicyFallbackOnce,
-} from "../../config/runtime-group-policy.js";
-import { createConnectedChannelStatusPatch } from "../../gateway/channel-status-patches.js";
-import { danger, logVerbose, shouldLogVerbose, warn } from "../../globals.js";
-import { formatErrorMessage } from "../../infra/errors.js";
-import { createDiscordRetryRunner } from "../../infra/retry-policy.js";
-import { createSubsystemLogger } from "../../logging/subsystem.js";
-import { getPluginCommandSpecs } from "../../plugins/commands.js";
-import { createNonExitingRuntime, type RuntimeEnv } from "../../runtime.js";
-import { summarizeStringEntries } from "../../shared/string-sample.js";
+} from "../../../../src/config/runtime-group-policy.js";
+import { createConnectedChannelStatusPatch } from "../../../../src/gateway/channel-status-patches.js";
+import { danger, logVerbose, shouldLogVerbose, warn } from "../../../../src/globals.js";
+import { formatErrorMessage } from "../../../../src/infra/errors.js";
+import { createSubsystemLogger } from "../../../../src/logging/subsystem.js";
+import { getPluginCommandSpecs } from "../../../../src/plugins/commands.js";
+import { createNonExitingRuntime, type RuntimeEnv } from "../../../../src/runtime.js";
+import { summarizeStringEntries } from "../../../../src/shared/string-sample.js";
 import { resolveDiscordAccount } from "../accounts.js";
+import { getDiscordGatewayEmitter } from "../monitor.gateway.js";
 import { fetchDiscordApplicationId } from "../probe.js";
 import { normalizeDiscordToken } from "../token.js";
 import { createDiscordVoiceCommand } from "../voice/command.js";
@@ -240,21 +241,133 @@ async function deployDiscordCommands(params: {
   client: Client;
   runtime: RuntimeEnv;
   enabled: boolean;
+  accountId?: string;
+  startupStartedAt?: number;
 }) {
   if (!params.enabled) {
     return;
   }
-  const runWithRetry = createDiscordRetryRunner({ verbose: shouldLogVerbose() });
+  const startupStartedAt = params.startupStartedAt ?? Date.now();
+  const accountId = params.accountId ?? "default";
+  const maxAttempts = 3;
+  const maxRetryDelayMs = 15_000;
+  const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, Math.max(0, ms)));
+  const isDailyCreateLimit = (err: unknown) =>
+    err instanceof RateLimitError &&
+    err.discordCode === 30034 &&
+    /daily application command creates/i.test(err.message);
+  const restClient = params.client.rest as {
+    put: (path: string, data?: unknown, query?: unknown) => Promise<unknown>;
+    options?: { queueRequests?: boolean };
+  };
+  const originalPut = restClient.put.bind(restClient);
+  const previousQueueRequests = restClient.options?.queueRequests;
+  restClient.put = async (path: string, data?: unknown, query?: unknown) => {
+    const startedAt = Date.now();
+    const body =
+      data && typeof data === "object" && "body" in data
+        ? (data as { body?: unknown }).body
+        : undefined;
+    const commandCount = Array.isArray(body) ? body.length : undefined;
+    const bodyBytes =
+      body === undefined
+        ? undefined
+        : Buffer.byteLength(typeof body === "string" ? body : JSON.stringify(body), "utf8");
+    params.runtime.log?.(
+      `discord startup [${accountId}] deploy-rest:put:start ${Math.max(0, Date.now() - startupStartedAt)}ms path=${path}${typeof commandCount === "number" ? ` commands=${commandCount}` : ""}${typeof bodyBytes === "number" ? ` bytes=${bodyBytes}` : ""}`,
+    );
+    try {
+      const result = await originalPut(path, data, query);
+      params.runtime.log?.(
+        `discord startup [${accountId}] deploy-rest:put:done ${Math.max(0, Date.now() - startupStartedAt)}ms path=${path} requestMs=${Date.now() - startedAt}`,
+      );
+      return result;
+    } catch (err) {
+      params.runtime.error?.(
+        `discord startup [${accountId}] deploy-rest:put:error ${Math.max(0, Date.now() - startupStartedAt)}ms path=${path} requestMs=${Date.now() - startedAt} error=${formatErrorMessage(err)}`,
+      );
+      throw err;
+    }
+  };
   try {
-    await runWithRetry(() => params.client.handleDeployRequest(), "command deploy");
+    if (restClient.options) {
+      // Carbon's request queue retries 429s internally and can block startup for
+      // minutes before surfacing the real error. Disable it for deploy so quota
+      // errors like Discord 30034 fail fast and don't wedge the provider.
+      restClient.options.queueRequests = false;
+    }
+    for (let attempt = 1; attempt <= maxAttempts; attempt += 1) {
+      try {
+        await params.client.handleDeployRequest();
+        return;
+      } catch (err) {
+        if (isDailyCreateLimit(err)) {
+          params.runtime.log?.(
+            warn(
+              `discord: native command deploy skipped for ${accountId}; daily application command create limit reached. Existing slash commands stay active until Discord resets the quota.`,
+            ),
+          );
+          return;
+        }
+        if (!(err instanceof RateLimitError) || attempt >= maxAttempts) {
+          throw err;
+        }
+        const retryAfterMs = Math.max(0, Math.ceil(err.retryAfter * 1000));
+        if (retryAfterMs > maxRetryDelayMs) {
+          params.runtime.log?.(
+            warn(
+              `discord: native command deploy skipped for ${accountId}; retry_after=${retryAfterMs}ms exceeds startup budget. Existing slash commands stay active.`,
+            ),
+          );
+          return;
+        }
+        if (shouldLogVerbose()) {
+          params.runtime.log?.(
+            `discord startup [${accountId}] deploy-retry ${Math.max(0, Date.now() - startupStartedAt)}ms attempt=${attempt}/${maxAttempts - 1} retryAfterMs=${retryAfterMs} scope=${err.scope ?? "unknown"} code=${err.discordCode ?? "unknown"}`,
+          );
+        }
+        await sleep(retryAfterMs);
+      }
+    }
   } catch (err) {
     const details = formatDiscordDeployErrorDetails(err);
     params.runtime.error?.(
       danger(`discord: failed to deploy native commands: ${formatErrorMessage(err)}${details}`),
     );
+  } finally {
+    if (restClient.options) {
+      restClient.options.queueRequests = previousQueueRequests;
+    }
+    restClient.put = originalPut;
   }
 }
 
+function formatDiscordStartupGatewayState(gateway?: GatewayPlugin): string {
+  if (!gateway) {
+    return "gateway=missing";
+  }
+  const reconnectAttempts = (gateway as unknown as { reconnectAttempts?: unknown })
+    .reconnectAttempts;
+  return `gatewayConnected=${gateway.isConnected ? "true" : "false"} reconnectAttempts=${typeof reconnectAttempts === "number" ? reconnectAttempts : "na"}`;
+}
+
+function logDiscordStartupPhase(params: {
+  runtime: RuntimeEnv;
+  accountId: string;
+  phase: string;
+  startAt: number;
+  gateway?: GatewayPlugin;
+  details?: string;
+}) {
+  const elapsedMs = Math.max(0, Date.now() - params.startAt);
+  const suffix = [params.details, formatDiscordStartupGatewayState(params.gateway)]
+    .filter((value): value is string => Boolean(value))
+    .join(" ");
+  params.runtime.log?.(
+    `discord startup [${params.accountId}] ${params.phase} ${elapsedMs}ms${suffix ? ` ${suffix}` : ""}`,
+  );
+}
+
 function formatDiscordDeployErrorDetails(err: unknown): string {
   if (!err || typeof err !== "object") {
     return "";
@@ -297,6 +410,7 @@ function isDiscordDisallowedIntentsError(err: unknown): boolean {
 }
 
 export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
+  const startupStartedAt = Date.now();
   const cfg = opts.config ?? loadConfig();
   const account = resolveDiscordAccount({
     cfg,
@@ -414,10 +528,23 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
     );
   }
 
+  logDiscordStartupPhase({
+    runtime,
+    accountId: account.accountId,
+    phase: "fetch-application-id:start",
+    startAt: startupStartedAt,
+  });
   const applicationId = await fetchDiscordApplicationId(token, 4000, discordRestFetch);
   if (!applicationId) {
     throw new Error("Failed to resolve Discord application id");
   }
+  logDiscordStartupPhase({
+    runtime,
+    accountId: account.accountId,
+    phase: "fetch-application-id:done",
+    startAt: startupStartedAt,
+    details: `applicationId=${applicationId}`,
+  });
 
   const maxDiscordCommands = 100;
   let skillCommands =
@@ -490,6 +617,8 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
   let releaseEarlyGatewayErrorGuard = () => {};
   let deactivateMessageHandler: (() => void) | undefined;
   let autoPresenceController: ReturnType<typeof createDiscordAutoPresenceController> | null = null;
+  let earlyGatewayEmitter: ReturnType<typeof getDiscordGatewayEmitter> | undefined;
+  let onEarlyGatewayDebug: ((msg: unknown) => void) | undefined;
   try {
     const commands: BaseCommand[] = commandSpecs.map((spec) =>
       createDiscordNativeCommand({
@@ -638,6 +767,13 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
     releaseEarlyGatewayErrorGuard = earlyGatewayErrorGuard.release;
 
     const lifecycleGateway = client.getPlugin<GatewayPlugin>("gateway");
+    earlyGatewayEmitter = getDiscordGatewayEmitter(lifecycleGateway);
+    onEarlyGatewayDebug = (msg: unknown) => {
+      runtime.log?.(
+        `discord startup [${account.accountId}] gateway-debug ${Math.max(0, Date.now() - startupStartedAt)}ms ${String(msg)}`,
+      );
+    };
+    earlyGatewayEmitter?.on("debug", onEarlyGatewayDebug);
     if (lifecycleGateway) {
       autoPresenceController = createDiscordAutoPresenceController({
         accountId: account.accountId,
@@ -648,7 +784,28 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
       autoPresenceController.start();
     }
 
-    await deployDiscordCommands({ client, runtime, enabled: nativeEnabled });
+    logDiscordStartupPhase({
+      runtime,
+      accountId: account.accountId,
+      phase: "deploy-commands:start",
+      startAt: startupStartedAt,
+      gateway: lifecycleGateway,
+      details: `native=${nativeEnabled ? "on" : "off"} commandCount=${commands.length}`,
+    });
+    await deployDiscordCommands({
+      client,
+      runtime,
+      enabled: nativeEnabled,
+      accountId: account.accountId,
+      startupStartedAt,
+    });
+    logDiscordStartupPhase({
+      runtime,
+      accountId: account.accountId,
+      phase: "deploy-commands:done",
+      startAt: startupStartedAt,
+      gateway: lifecycleGateway,
+    });
 
     const logger = createSubsystemLogger("discord/monitor");
     const guildHistories = new Map<string, HistoryEntry[]>();
@@ -657,19 +814,56 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
     let voiceManager: DiscordVoiceManager | null = null;
 
     if (nativeDisabledExplicit) {
+      logDiscordStartupPhase({
+        runtime,
+        accountId: account.accountId,
+        phase: "clear-native-commands:start",
+        startAt: startupStartedAt,
+        gateway: lifecycleGateway,
+      });
       await clearDiscordNativeCommands({
         client,
         applicationId,
         runtime,
       });
+      logDiscordStartupPhase({
+        runtime,
+        accountId: account.accountId,
+        phase: "clear-native-commands:done",
+        startAt: startupStartedAt,
+        gateway: lifecycleGateway,
+      });
     }
 
+    logDiscordStartupPhase({
+      runtime,
+      accountId: account.accountId,
+      phase: "fetch-bot-identity:start",
+      startAt: startupStartedAt,
+      gateway: lifecycleGateway,
+    });
     try {
       const botUser = await client.fetchUser("@me");
       botUserId = botUser?.id;
       botUserName = botUser?.username?.trim() || botUser?.globalName?.trim() || undefined;
+      logDiscordStartupPhase({
+        runtime,
+        accountId: account.accountId,
+        phase: "fetch-bot-identity:done",
+        startAt: startupStartedAt,
+        gateway: lifecycleGateway,
+        details: `botUserId=${botUserId ?? "<missing>"} botUserName=${botUserName ?? "<missing>"}`,
+      });
     } catch (err) {
       runtime.error?.(danger(`discord: failed to fetch bot identity: ${String(err)}`));
+      logDiscordStartupPhase({
+        runtime,
+        accountId: account.accountId,
+        phase: "fetch-bot-identity:error",
+        startAt: startupStartedAt,
+        gateway: lifecycleGateway,
+        details: String(err),
+      });
     }
 
     if (voiceEnabled) {
@@ -766,6 +960,8 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
     }
 
     lifecycleStarted = true;
+    earlyGatewayEmitter?.removeListener("debug", onEarlyGatewayDebug);
+    onEarlyGatewayDebug = undefined;
     await runDiscordGatewayLifecycle({
       accountId: account.accountId,
       client,
@@ -784,6 +980,9 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
     deactivateMessageHandler?.();
     autoPresenceController?.stop();
     opts.setStatus?.({ connected: false });
+    if (onEarlyGatewayDebug) {
+      earlyGatewayEmitter?.removeListener("debug", onEarlyGatewayDebug);
+    }
     releaseEarlyGatewayErrorGuard();
     if (!lifecycleStarted) {
       threadBindings.stop();
diff --git a/src/discord/monitor/reply-context.ts b/extensions/discord/src/monitor/reply-context.ts
similarity index 100%
rename from src/discord/monitor/reply-context.ts
rename to extensions/discord/src/monitor/reply-context.ts
diff --git a/src/discord/monitor/reply-delivery.test.ts b/extensions/discord/src/monitor/reply-delivery.test.ts
similarity index 95%
rename from src/discord/monitor/reply-delivery.test.ts
rename to extensions/discord/src/monitor/reply-delivery.test.ts
index 1e0bdc00942..bd4d0e91dfd 100644
--- a/src/discord/monitor/reply-delivery.test.ts
+++ b/extensions/discord/src/monitor/reply-delivery.test.ts
@@ -1,6 +1,6 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../../config/config.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import { deliverDiscordReply } from "./reply-delivery.js";
 import {
   __testing as threadBindingTesting,
@@ -27,6 +27,22 @@ describe("deliverDiscordReply", () => {
   const cfg = {
     channels: { discord: { token: "test-token" } },
   } as OpenClawConfig;
+  const expectBotSendRetrySuccess = async (status: number, message: string) => {
+    sendMessageDiscordMock
+      .mockRejectedValueOnce(Object.assign(new Error(message), { status }))
+      .mockResolvedValueOnce({ messageId: "msg-1", channelId: "channel-1" });
+
+    await deliverDiscordReply({
+      replies: [{ text: "retry me" }],
+      target: "channel:123",
+      token: "token",
+      runtime,
+      cfg,
+      textLimit: 2000,
+    });
+
+    expect(sendMessageDiscordMock).toHaveBeenCalledTimes(2);
+  };
   const createBoundThreadBindings = async (
     overrides: Partial<{
       threadId: string;
@@ -319,39 +335,11 @@ describe("deliverDiscordReply", () => {
   });
 
   it("retries bot send on 429 rate limit then succeeds", async () => {
-    const rateLimitErr = Object.assign(new Error("rate limited"), { status: 429 });
-    sendMessageDiscordMock
-      .mockRejectedValueOnce(rateLimitErr)
-      .mockResolvedValueOnce({ messageId: "msg-1", channelId: "channel-1" });
-
-    await deliverDiscordReply({
-      replies: [{ text: "retry me" }],
-      target: "channel:123",
-      token: "token",
-      runtime,
-      cfg,
-      textLimit: 2000,
-    });
-
-    expect(sendMessageDiscordMock).toHaveBeenCalledTimes(2);
+    await expectBotSendRetrySuccess(429, "rate limited");
   });
 
   it("retries bot send on 500 server error then succeeds", async () => {
-    const serverErr = Object.assign(new Error("internal"), { status: 500 });
-    sendMessageDiscordMock
-      .mockRejectedValueOnce(serverErr)
-      .mockResolvedValueOnce({ messageId: "msg-1", channelId: "channel-1" });
-
-    await deliverDiscordReply({
-      replies: [{ text: "retry me" }],
-      target: "channel:123",
-      token: "token",
-      runtime,
-      cfg,
-      textLimit: 2000,
-    });
-
-    expect(sendMessageDiscordMock).toHaveBeenCalledTimes(2);
+    await expectBotSendRetrySuccess(500, "internal");
   });
 
   it("does not retry on 4xx client errors", async () => {
diff --git a/src/discord/monitor/reply-delivery.ts b/extensions/discord/src/monitor/reply-delivery.ts
similarity index 93%
rename from src/discord/monitor/reply-delivery.ts
rename to extensions/discord/src/monitor/reply-delivery.ts
index fb235ca65d0..07e5c9e06c5 100644
--- a/src/discord/monitor/reply-delivery.ts
+++ b/extensions/discord/src/monitor/reply-delivery.ts
@@ -1,13 +1,13 @@
 import type { RequestClient } from "@buape/carbon";
-import { resolveAgentAvatar } from "../../agents/identity-avatar.js";
-import type { ChunkMode } from "../../auto-reply/chunk.js";
-import type { ReplyPayload } from "../../auto-reply/types.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import type { MarkdownTableMode, ReplyToMode } from "../../config/types.base.js";
-import { createDiscordRetryRunner, type RetryRunner } from "../../infra/retry-policy.js";
-import { resolveRetryConfig, retryAsync, type RetryConfig } from "../../infra/retry.js";
-import { convertMarkdownTables } from "../../markdown/tables.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import { resolveAgentAvatar } from "../../../../src/agents/identity-avatar.js";
+import type { ChunkMode } from "../../../../src/auto-reply/chunk.js";
+import type { ReplyPayload } from "../../../../src/auto-reply/types.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import type { MarkdownTableMode, ReplyToMode } from "../../../../src/config/types.base.js";
+import { createDiscordRetryRunner, type RetryRunner } from "../../../../src/infra/retry-policy.js";
+import { resolveRetryConfig, retryAsync, type RetryConfig } from "../../../../src/infra/retry.js";
+import { convertMarkdownTables } from "../../../../src/markdown/tables.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import { resolveDiscordAccount } from "../accounts.js";
 import { chunkDiscordTextWithMode } from "../chunk.js";
 import { sendMessageDiscord, sendVoiceMessageDiscord, sendWebhookMessageDiscord } from "../send.js";
@@ -336,6 +336,18 @@ export async function deliverDiscordReply(params: {
     if (!firstMedia) {
       continue;
     }
+    const sendRemainingMedia = () =>
+      sendAdditionalDiscordMedia({
+        cfg: params.cfg,
+        target: params.target,
+        token: params.token,
+        rest: params.rest,
+        accountId: params.accountId,
+        mediaUrls: mediaList.slice(1),
+        mediaLocalRoots: params.mediaLocalRoots,
+        resolveReplyTo,
+        retryConfig,
+      });
 
     // Voice message path: audioAsVoice flag routes through sendVoiceMessageDiscord.
     if (payload.audioAsVoice) {
@@ -367,17 +379,7 @@ export async function deliverDiscordReply(params: {
         retryConfig,
       });
       // Additional media items are sent as regular attachments (voice is single-file only).
-      await sendAdditionalDiscordMedia({
-        cfg: params.cfg,
-        target: params.target,
-        token: params.token,
-        rest: params.rest,
-        accountId: params.accountId,
-        mediaUrls: mediaList.slice(1),
-        mediaLocalRoots: params.mediaLocalRoots,
-        resolveReplyTo,
-        retryConfig,
-      });
+      await sendRemainingMedia();
       continue;
     }
 
@@ -392,17 +394,7 @@ export async function deliverDiscordReply(params: {
       replyTo,
     });
     deliveredAny = true;
-    await sendAdditionalDiscordMedia({
-      cfg: params.cfg,
-      target: params.target,
-      token: params.token,
-      rest: params.rest,
-      accountId: params.accountId,
-      mediaUrls: mediaList.slice(1),
-      mediaLocalRoots: params.mediaLocalRoots,
-      resolveReplyTo,
-      retryConfig,
-    });
+    await sendRemainingMedia();
   }
 
   if (binding && deliveredAny) {
diff --git a/src/discord/monitor/rest-fetch.ts b/extensions/discord/src/monitor/rest-fetch.ts
similarity index 79%
rename from src/discord/monitor/rest-fetch.ts
rename to extensions/discord/src/monitor/rest-fetch.ts
index 55cd5ff0a18..83be5a98325 100644
--- a/src/discord/monitor/rest-fetch.ts
+++ b/extensions/discord/src/monitor/rest-fetch.ts
@@ -1,7 +1,7 @@
 import { ProxyAgent, fetch as undiciFetch } from "undici";
-import { danger } from "../../globals.js";
-import { wrapFetchWithAbortSignal } from "../../infra/fetch.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import { danger } from "../../../../src/globals.js";
+import { wrapFetchWithAbortSignal } from "../../../../src/infra/fetch.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 
 export function resolveDiscordRestFetch(
   proxyUrl: string | undefined,
diff --git a/src/discord/monitor/route-resolution.test.ts b/extensions/discord/src/monitor/route-resolution.test.ts
similarity index 80%
rename from src/discord/monitor/route-resolution.test.ts
rename to extensions/discord/src/monitor/route-resolution.test.ts
index d9ec90177bd..6fab967cde0 100644
--- a/src/discord/monitor/route-resolution.test.ts
+++ b/extensions/discord/src/monitor/route-resolution.test.ts
@@ -1,13 +1,34 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../../config/config.js";
-import type { ResolvedAgentRoute } from "../../routing/resolve-route.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import type { ResolvedAgentRoute } from "../../../../src/routing/resolve-route.js";
 import {
-  resolveDiscordBoundConversationRoute,
   buildDiscordRoutePeer,
+  resolveDiscordBoundConversationRoute,
   resolveDiscordConversationRoute,
   resolveDiscordEffectiveRoute,
 } from "./route-resolution.js";
 
+function buildWorkerBindingConfig(peer: {
+  kind: "channel" | "direct";
+  id: string;
+}): OpenClawConfig {
+  return {
+    agents: {
+      list: [{ id: "worker" }],
+    },
+    bindings: [
+      {
+        agentId: "worker",
+        match: {
+          channel: "discord",
+          accountId: "default",
+          peer,
+        },
+      },
+    ],
+  };
+}
+
 describe("discord route resolution helpers", () => {
   it("builds a direct peer from DM metadata", () => {
     expect(
@@ -78,21 +99,7 @@ describe("discord route resolution helpers", () => {
   });
 
   it("resolves the same route shape as the inline Discord route inputs", () => {
-    const cfg: OpenClawConfig = {
-      agents: {
-        list: [{ id: "worker" }],
-      },
-      bindings: [
-        {
-          agentId: "worker",
-          match: {
-            channel: "discord",
-            accountId: "default",
-            peer: { kind: "channel", id: "c1" },
-          },
-        },
-      ],
-    };
+    const cfg = buildWorkerBindingConfig({ kind: "channel", id: "c1" });
 
     expect(
       resolveDiscordConversationRoute({
@@ -110,21 +117,7 @@ describe("discord route resolution helpers", () => {
   });
 
   it("composes route building with effective-route overrides", () => {
-    const cfg: OpenClawConfig = {
-      agents: {
-        list: [{ id: "worker" }],
-      },
-      bindings: [
-        {
-          agentId: "worker",
-          match: {
-            channel: "discord",
-            accountId: "default",
-            peer: { kind: "direct", id: "user-1" },
-          },
-        },
-      ],
-    };
+    const cfg = buildWorkerBindingConfig({ kind: "direct", id: "user-1" });
 
     expect(
       resolveDiscordBoundConversationRoute({
diff --git a/src/discord/monitor/route-resolution.ts b/extensions/discord/src/monitor/route-resolution.ts
similarity index 93%
rename from src/discord/monitor/route-resolution.ts
rename to extensions/discord/src/monitor/route-resolution.ts
index 2e65ff63919..aacbebbd51e 100644
--- a/src/discord/monitor/route-resolution.ts
+++ b/extensions/discord/src/monitor/route-resolution.ts
@@ -1,11 +1,11 @@
-import type { OpenClawConfig } from "../../config/config.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
 import {
   deriveLastRoutePolicy,
   resolveAgentRoute,
   type ResolvedAgentRoute,
   type RoutePeer,
-} from "../../routing/resolve-route.js";
-import { resolveAgentIdFromSessionKey } from "../../routing/session-key.js";
+} from "../../../../src/routing/resolve-route.js";
+import { resolveAgentIdFromSessionKey } from "../../../../src/routing/session-key.js";
 
 export function buildDiscordRoutePeer(params: {
   isDirectMessage: boolean;
diff --git a/src/discord/monitor/sender-identity.ts b/extensions/discord/src/monitor/sender-identity.ts
similarity index 100%
rename from src/discord/monitor/sender-identity.ts
rename to extensions/discord/src/monitor/sender-identity.ts
diff --git a/src/discord/monitor/status.ts b/extensions/discord/src/monitor/status.ts
similarity index 100%
rename from src/discord/monitor/status.ts
rename to extensions/discord/src/monitor/status.ts
diff --git a/src/discord/monitor/system-events.ts b/extensions/discord/src/monitor/system-events.ts
similarity index 100%
rename from src/discord/monitor/system-events.ts
rename to extensions/discord/src/monitor/system-events.ts
diff --git a/src/discord/monitor/thread-bindings.config.ts b/extensions/discord/src/monitor/thread-bindings.config.ts
similarity index 85%
rename from src/discord/monitor/thread-bindings.config.ts
rename to extensions/discord/src/monitor/thread-bindings.config.ts
index 364ac9900a2..830d54d0d1b 100644
--- a/src/discord/monitor/thread-bindings.config.ts
+++ b/extensions/discord/src/monitor/thread-bindings.config.ts
@@ -2,9 +2,9 @@ import {
   resolveThreadBindingIdleTimeoutMs,
   resolveThreadBindingMaxAgeMs,
   resolveThreadBindingsEnabled,
-} from "../../channels/thread-bindings-policy.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import { normalizeAccountId } from "../../routing/session-key.js";
+} from "../../../../src/channels/thread-bindings-policy.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import { normalizeAccountId } from "../../../../src/routing/session-key.js";
 
 export {
   resolveThreadBindingIdleTimeoutMs,
diff --git a/src/discord/monitor/thread-bindings.discord-api.test.ts b/extensions/discord/src/monitor/thread-bindings.discord-api.test.ts
similarity index 98%
rename from src/discord/monitor/thread-bindings.discord-api.test.ts
rename to extensions/discord/src/monitor/thread-bindings.discord-api.test.ts
index 5b455da9e5d..eb085235da7 100644
--- a/src/discord/monitor/thread-bindings.discord-api.test.ts
+++ b/extensions/discord/src/monitor/thread-bindings.discord-api.test.ts
@@ -1,6 +1,6 @@
 import { ChannelType } from "discord-api-types/v10";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../../config/config.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
 import type { ThreadBindingRecord } from "./thread-bindings.types.js";
 
 const hoisted = vi.hoisted(() => {
diff --git a/src/discord/monitor/thread-bindings.discord-api.ts b/extensions/discord/src/monitor/thread-bindings.discord-api.ts
similarity index 98%
rename from src/discord/monitor/thread-bindings.discord-api.ts
rename to extensions/discord/src/monitor/thread-bindings.discord-api.ts
index 2a59075cf46..38360b27728 100644
--- a/src/discord/monitor/thread-bindings.discord-api.ts
+++ b/extensions/discord/src/monitor/thread-bindings.discord-api.ts
@@ -1,6 +1,6 @@
 import { ChannelType, Routes } from "discord-api-types/v10";
-import type { OpenClawConfig } from "../../config/config.js";
-import { logVerbose } from "../../globals.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import { logVerbose } from "../../../../src/globals.js";
 import { createDiscordRestClient } from "../client.js";
 import { sendMessageDiscord, sendWebhookMessageDiscord } from "../send.js";
 import { createThreadDiscord } from "../send.messages.js";
diff --git a/src/discord/monitor/thread-bindings.lifecycle.test.ts b/extensions/discord/src/monitor/thread-bindings.lifecycle.test.ts
similarity index 99%
rename from src/discord/monitor/thread-bindings.lifecycle.test.ts
rename to extensions/discord/src/monitor/thread-bindings.lifecycle.test.ts
index 6d37dcc1c2a..013952e7c71 100644
--- a/src/discord/monitor/thread-bindings.lifecycle.test.ts
+++ b/extensions/discord/src/monitor/thread-bindings.lifecycle.test.ts
@@ -6,7 +6,7 @@ import {
   clearRuntimeConfigSnapshot,
   setRuntimeConfigSnapshot,
   type OpenClawConfig,
-} from "../../config/config.js";
+} from "../../../../src/config/config.js";
 
 const hoisted = vi.hoisted(() => {
   const sendMessageDiscord = vi.fn(async (_to: string, _text: string, _opts?: unknown) => ({}));
@@ -52,9 +52,14 @@ vi.mock("../send.messages.js", () => ({
   createThreadDiscord: hoisted.createThreadDiscord,
 }));
 
-vi.mock("../../acp/runtime/session-meta.js", () => ({
-  readAcpSessionEntry: hoisted.readAcpSessionEntry,
-}));
+vi.mock("../../../../src/acp/runtime/session-meta.js", async (importOriginal) => {
+  const actual =
+    await importOriginal<typeof import("../../../../src/acp/runtime/session-meta.js")>();
+  return {
+    ...actual,
+    readAcpSessionEntry: hoisted.readAcpSessionEntry,
+  };
+});
 
 const {
   __testing,
diff --git a/src/discord/monitor/thread-bindings.lifecycle.ts b/extensions/discord/src/monitor/thread-bindings.lifecycle.ts
similarity index 92%
rename from src/discord/monitor/thread-bindings.lifecycle.ts
rename to extensions/discord/src/monitor/thread-bindings.lifecycle.ts
index 256ab5e249c..d7389d68439 100644
--- a/src/discord/monitor/thread-bindings.lifecycle.ts
+++ b/extensions/discord/src/monitor/thread-bindings.lifecycle.ts
@@ -1,6 +1,9 @@
-import { readAcpSessionEntry, type AcpSessionStoreEntry } from "../../acp/runtime/session-meta.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import { normalizeAccountId } from "../../routing/session-key.js";
+import {
+  readAcpSessionEntry,
+  type AcpSessionStoreEntry,
+} from "../../../../src/acp/runtime/session-meta.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import { normalizeAccountId } from "../../../../src/routing/session-key.js";
 import { parseDiscordTarget } from "../targets.js";
 import { resolveChannelIdForBinding } from "./thread-bindings.discord-api.js";
 import { getThreadBindingManager } from "./thread-bindings.manager.js";
@@ -98,6 +101,30 @@ function resolveBindingIdsForTargetSession(params: {
   });
 }
 
+function updateBindingsForTargetSession(
+  ids: string[],
+  update: (existing: ThreadBindingRecord, now: number) => ThreadBindingRecord,
+) {
+  if (ids.length === 0) {
+    return [];
+  }
+  const now = Date.now();
+  const updated: ThreadBindingRecord[] = [];
+  for (const bindingKey of ids) {
+    const existing = BINDINGS_BY_THREAD_ID.get(bindingKey);
+    if (!existing) {
+      continue;
+    }
+    const nextRecord = update(existing, now);
+    setBindingRecord(nextRecord);
+    updated.push(nextRecord);
+  }
+  if (updated.length > 0 && shouldPersistBindingMutations()) {
+    saveBindingsToDisk({ force: true });
+  }
+  return updated;
+}
+
 export function listThreadBindingsForAccount(accountId?: string): ThreadBindingRecord[] {
   const manager = getThreadBindingManager(accountId);
   if (!manager) {
@@ -249,29 +276,12 @@ export function setThreadBindingIdleTimeoutBySessionKey(params: {
   idleTimeoutMs: number;
 }): ThreadBindingRecord[] {
   const ids = resolveBindingIdsForTargetSession(params);
-  if (ids.length === 0) {
-    return [];
-  }
   const idleTimeoutMs = normalizeNonNegativeMs(params.idleTimeoutMs);
-  const now = Date.now();
-  const updated: ThreadBindingRecord[] = [];
-  for (const bindingKey of ids) {
-    const existing = BINDINGS_BY_THREAD_ID.get(bindingKey);
-    if (!existing) {
-      continue;
-    }
-    const nextRecord: ThreadBindingRecord = {
-      ...existing,
-      idleTimeoutMs,
-      lastActivityAt: now,
-    };
-    setBindingRecord(nextRecord);
-    updated.push(nextRecord);
-  }
-  if (updated.length > 0 && shouldPersistBindingMutations()) {
-    saveBindingsToDisk({ force: true });
-  }
-  return updated;
+  return updateBindingsForTargetSession(ids, (existing, now) => ({
+    ...existing,
+    idleTimeoutMs,
+    lastActivityAt: now,
+  }));
 }
 
 export function setThreadBindingMaxAgeBySessionKey(params: {
@@ -280,30 +290,13 @@ export function setThreadBindingMaxAgeBySessionKey(params: {
   maxAgeMs: number;
 }): ThreadBindingRecord[] {
   const ids = resolveBindingIdsForTargetSession(params);
-  if (ids.length === 0) {
-    return [];
-  }
   const maxAgeMs = normalizeNonNegativeMs(params.maxAgeMs);
-  const now = Date.now();
-  const updated: ThreadBindingRecord[] = [];
-  for (const bindingKey of ids) {
-    const existing = BINDINGS_BY_THREAD_ID.get(bindingKey);
-    if (!existing) {
-      continue;
-    }
-    const nextRecord: ThreadBindingRecord = {
-      ...existing,
-      maxAgeMs,
-      boundAt: now,
-      lastActivityAt: now,
-    };
-    setBindingRecord(nextRecord);
-    updated.push(nextRecord);
-  }
-  if (updated.length > 0 && shouldPersistBindingMutations()) {
-    saveBindingsToDisk({ force: true });
-  }
-  return updated;
+  return updateBindingsForTargetSession(ids, (existing, now) => ({
+    ...existing,
+    maxAgeMs,
+    boundAt: now,
+    lastActivityAt: now,
+  }));
 }
 
 function resolveStoredAcpBindingHealth(params: {
diff --git a/src/discord/monitor/thread-bindings.manager.ts b/extensions/discord/src/monitor/thread-bindings.manager.ts
similarity index 98%
rename from src/discord/monitor/thread-bindings.manager.ts
rename to extensions/discord/src/monitor/thread-bindings.manager.ts
index 43ee414c2a5..6595f053ea9 100644
--- a/src/discord/monitor/thread-bindings.manager.ts
+++ b/extensions/discord/src/monitor/thread-bindings.manager.ts
@@ -1,14 +1,17 @@
 import { Routes } from "discord-api-types/v10";
-import { resolveThreadBindingConversationIdFromBindingId } from "../../channels/thread-binding-id.js";
-import { getRuntimeConfigSnapshot, type OpenClawConfig } from "../../config/config.js";
-import { logVerbose } from "../../globals.js";
+import { resolveThreadBindingConversationIdFromBindingId } from "../../../../src/channels/thread-binding-id.js";
+import { getRuntimeConfigSnapshot, type OpenClawConfig } from "../../../../src/config/config.js";
+import { logVerbose } from "../../../../src/globals.js";
 import {
   registerSessionBindingAdapter,
   unregisterSessionBindingAdapter,
   type BindingTargetKind,
   type SessionBindingRecord,
-} from "../../infra/outbound/session-binding-service.js";
-import { normalizeAccountId, resolveAgentIdFromSessionKey } from "../../routing/session-key.js";
+} from "../../../../src/infra/outbound/session-binding-service.js";
+import {
+  normalizeAccountId,
+  resolveAgentIdFromSessionKey,
+} from "../../../../src/routing/session-key.js";
 import { createDiscordRestClient } from "../client.js";
 import {
   createThreadForBinding,
diff --git a/src/discord/monitor/thread-bindings.messages.ts b/extensions/discord/src/monitor/thread-bindings.messages.ts
similarity index 70%
rename from src/discord/monitor/thread-bindings.messages.ts
rename to extensions/discord/src/monitor/thread-bindings.messages.ts
index 2460ac07020..3fc122cbe71 100644
--- a/src/discord/monitor/thread-bindings.messages.ts
+++ b/extensions/discord/src/monitor/thread-bindings.messages.ts
@@ -3,4 +3,4 @@ export {
   resolveThreadBindingFarewellText,
   resolveThreadBindingIntroText,
   resolveThreadBindingThreadName,
-} from "../../channels/thread-bindings-messages.js";
+} from "../../../../src/channels/thread-bindings-messages.js";
diff --git a/src/discord/monitor/thread-bindings.persona.test.ts b/extensions/discord/src/monitor/thread-bindings.persona.test.ts
similarity index 100%
rename from src/discord/monitor/thread-bindings.persona.test.ts
rename to extensions/discord/src/monitor/thread-bindings.persona.test.ts
diff --git a/src/discord/monitor/thread-bindings.persona.ts b/extensions/discord/src/monitor/thread-bindings.persona.ts
similarity index 91%
rename from src/discord/monitor/thread-bindings.persona.ts
rename to extensions/discord/src/monitor/thread-bindings.persona.ts
index bb7485f15d1..6798df009e0 100644
--- a/src/discord/monitor/thread-bindings.persona.ts
+++ b/extensions/discord/src/monitor/thread-bindings.persona.ts
@@ -1,4 +1,4 @@
-import { SYSTEM_MARK } from "../../infra/system-message.js";
+import { SYSTEM_MARK } from "../../../../src/infra/system-message.js";
 import type { ThreadBindingRecord } from "./thread-bindings.types.js";
 
 const THREAD_BINDING_PERSONA_MAX_CHARS = 80;
diff --git a/src/discord/monitor/thread-bindings.shared-state.test.ts b/extensions/discord/src/monitor/thread-bindings.shared-state.test.ts
similarity index 100%
rename from src/discord/monitor/thread-bindings.shared-state.test.ts
rename to extensions/discord/src/monitor/thread-bindings.shared-state.test.ts
diff --git a/src/discord/monitor/thread-bindings.state.ts b/extensions/discord/src/monitor/thread-bindings.state.ts
similarity index 98%
rename from src/discord/monitor/thread-bindings.state.ts
rename to extensions/discord/src/monitor/thread-bindings.state.ts
index a5d865b2c09..892d7a46293 100644
--- a/src/discord/monitor/thread-bindings.state.ts
+++ b/extensions/discord/src/monitor/thread-bindings.state.ts
@@ -1,8 +1,11 @@
 import fs from "node:fs";
 import path from "node:path";
-import { resolveStateDir } from "../../config/paths.js";
-import { loadJsonFile, saveJsonFile } from "../../infra/json-file.js";
-import { normalizeAccountId, resolveAgentIdFromSessionKey } from "../../routing/session-key.js";
+import { resolveStateDir } from "../../../../src/config/paths.js";
+import { loadJsonFile, saveJsonFile } from "../../../../src/infra/json-file.js";
+import {
+  normalizeAccountId,
+  resolveAgentIdFromSessionKey,
+} from "../../../../src/routing/session-key.js";
 import {
   DEFAULT_THREAD_BINDING_IDLE_TIMEOUT_MS,
   DEFAULT_THREAD_BINDING_MAX_AGE_MS,
diff --git a/src/discord/monitor/thread-bindings.ts b/extensions/discord/src/monitor/thread-bindings.ts
similarity index 100%
rename from src/discord/monitor/thread-bindings.ts
rename to extensions/discord/src/monitor/thread-bindings.ts
diff --git a/src/discord/monitor/thread-bindings.types.ts b/extensions/discord/src/monitor/thread-bindings.types.ts
similarity index 100%
rename from src/discord/monitor/thread-bindings.types.ts
rename to extensions/discord/src/monitor/thread-bindings.types.ts
diff --git a/src/discord/monitor/thread-session-close.test.ts b/extensions/discord/src/monitor/thread-session-close.test.ts
similarity index 98%
rename from src/discord/monitor/thread-session-close.test.ts
rename to extensions/discord/src/monitor/thread-session-close.test.ts
index 292d66889cf..1f70084facf 100644
--- a/src/discord/monitor/thread-session-close.test.ts
+++ b/extensions/discord/src/monitor/thread-session-close.test.ts
@@ -6,7 +6,7 @@ const hoisted = vi.hoisted(() => {
   return { updateSessionStore, resolveStorePath };
 });
 
-vi.mock("../../config/sessions.js", () => ({
+vi.mock("../../../../src/config/sessions.js", () => ({
   updateSessionStore: hoisted.updateSessionStore,
   resolveStorePath: hoisted.resolveStorePath,
 }));
diff --git a/src/discord/monitor/thread-session-close.ts b/extensions/discord/src/monitor/thread-session-close.ts
similarity index 92%
rename from src/discord/monitor/thread-session-close.ts
rename to extensions/discord/src/monitor/thread-session-close.ts
index 1a5f6dd22f8..234a886d96e 100644
--- a/src/discord/monitor/thread-session-close.ts
+++ b/extensions/discord/src/monitor/thread-session-close.ts
@@ -1,5 +1,5 @@
-import type { OpenClawConfig } from "../../config/config.js";
-import { resolveStorePath, updateSessionStore } from "../../config/sessions.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import { resolveStorePath, updateSessionStore } from "../../../../src/config/sessions.js";
 
 /**
  * Marks every session entry in the store whose key contains {@link threadId}
diff --git a/extensions/discord/src/monitor/threading.auto-thread.test.ts b/extensions/discord/src/monitor/threading.auto-thread.test.ts
new file mode 100644
index 00000000000..4759de9df28
--- /dev/null
+++ b/extensions/discord/src/monitor/threading.auto-thread.test.ts
@@ -0,0 +1,117 @@
+import { ChannelType } from "@buape/carbon";
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { maybeCreateDiscordAutoThread } from "./threading.js";
+
+const postMock = vi.fn();
+const getMock = vi.fn();
+const mockClient = {
+  rest: { post: postMock, get: getMock },
+} as unknown as Parameters<typeof maybeCreateDiscordAutoThread>[0]["client"];
+const mockMessage = {
+  id: "msg1",
+  timestamp: "123",
+} as unknown as Parameters<typeof maybeCreateDiscordAutoThread>[0]["message"];
+
+async function runAutoThread(
+  overrides: Partial<Parameters<typeof maybeCreateDiscordAutoThread>[0]> = {},
+) {
+  return maybeCreateDiscordAutoThread({
+    client: mockClient,
+    message: mockMessage,
+    messageChannelId: "text1",
+    isGuildMessage: true,
+    channelConfig: { allowed: true, autoThread: true },
+    channelType: ChannelType.GuildText,
+    baseText: "test",
+    combinedBody: "test",
+    ...overrides,
+  });
+}
+
+function expectAutoArchiveDuration(autoArchiveDuration: number) {
+  expect(postMock).toHaveBeenCalledWith(
+    expect.any(String),
+    expect.objectContaining({
+      body: expect.objectContaining({ auto_archive_duration: autoArchiveDuration }),
+    }),
+  );
+}
+
+describe("maybeCreateDiscordAutoThread", () => {
+  beforeEach(() => {
+    postMock.mockReset();
+    getMock.mockReset();
+  });
+
+  it("skips auto-thread if channelType is GuildForum", async () => {
+    const result = await runAutoThread({
+      messageChannelId: "forum1",
+      channelType: ChannelType.GuildForum,
+    });
+    expect(result).toBeUndefined();
+    expect(postMock).not.toHaveBeenCalled();
+  });
+
+  it("skips auto-thread if channelType is GuildMedia", async () => {
+    const result = await runAutoThread({
+      messageChannelId: "media1",
+      channelType: ChannelType.GuildMedia,
+    });
+    expect(result).toBeUndefined();
+    expect(postMock).not.toHaveBeenCalled();
+  });
+
+  it("skips auto-thread if channelType is GuildVoice", async () => {
+    const result = await runAutoThread({
+      messageChannelId: "voice1",
+      channelType: ChannelType.GuildVoice,
+    });
+    expect(result).toBeUndefined();
+    expect(postMock).not.toHaveBeenCalled();
+  });
+
+  it("skips auto-thread if channelType is GuildStageVoice", async () => {
+    const result = await runAutoThread({
+      messageChannelId: "stage1",
+      channelType: ChannelType.GuildStageVoice,
+    });
+    expect(result).toBeUndefined();
+    expect(postMock).not.toHaveBeenCalled();
+  });
+
+  it("creates auto-thread if channelType is GuildText", async () => {
+    postMock.mockResolvedValueOnce({ id: "thread1" });
+    const result = await runAutoThread();
+    expect(result).toBe("thread1");
+    expect(postMock).toHaveBeenCalled();
+  });
+});
+
+describe("maybeCreateDiscordAutoThread autoArchiveDuration", () => {
+  beforeEach(() => {
+    postMock.mockReset();
+    getMock.mockReset();
+  });
+
+  it("uses configured autoArchiveDuration", async () => {
+    postMock.mockResolvedValueOnce({ id: "thread1" });
+    await runAutoThread({
+      channelConfig: { allowed: true, autoThread: true, autoArchiveDuration: "10080" },
+    });
+    expectAutoArchiveDuration(10080);
+  });
+
+  it("accepts numeric autoArchiveDuration", async () => {
+    postMock.mockResolvedValueOnce({ id: "thread1" });
+    await runAutoThread({
+      channelConfig: { allowed: true, autoThread: true, autoArchiveDuration: 4320 },
+    });
+    expectAutoArchiveDuration(4320);
+  });
+
+  it("defaults to 60 when autoArchiveDuration not set", async () => {
+    postMock.mockResolvedValueOnce({ id: "thread1" });
+    await runAutoThread();
+    expectAutoArchiveDuration(60);
+  });
+});
diff --git a/src/discord/monitor/threading.parent-info.test.ts b/extensions/discord/src/monitor/threading.parent-info.test.ts
similarity index 100%
rename from src/discord/monitor/threading.parent-info.test.ts
rename to extensions/discord/src/monitor/threading.parent-info.test.ts
diff --git a/extensions/discord/src/monitor/threading.starter.test.ts b/extensions/discord/src/monitor/threading.starter.test.ts
new file mode 100644
index 00000000000..65e556a55dc
--- /dev/null
+++ b/extensions/discord/src/monitor/threading.starter.test.ts
@@ -0,0 +1,59 @@
+import { ChannelType, type Client } from "@buape/carbon";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  __resetDiscordThreadStarterCacheForTest,
+  resolveDiscordThreadStarter,
+} from "./threading.js";
+
+async function resolveStarter(
+  message: Partial<Awaited<ReturnType<Client["rest"]["get"]>>>,
+  resolveTimestampMs: () => number | undefined,
+) {
+  const get = vi.fn().mockResolvedValue(message);
+  const client = { rest: { get } } as unknown as Client;
+
+  return resolveDiscordThreadStarter({
+    channel: { id: "thread-1" },
+    client,
+    parentId: "parent-1",
+    parentType: ChannelType.GuildText,
+    resolveTimestampMs,
+  });
+}
+
+describe("resolveDiscordThreadStarter", () => {
+  beforeEach(() => {
+    __resetDiscordThreadStarterCacheForTest();
+  });
+
+  it("falls back to joined embed title and description when content is empty", async () => {
+    const result = await resolveStarter(
+      {
+        content: "   ",
+        embeds: [{ title: "Alert", description: "Details" }],
+        author: { username: "Alice", discriminator: "0" },
+        timestamp: "2026-02-24T12:00:00.000Z",
+      },
+      () => 123,
+    );
+
+    expect(result).toEqual({
+      text: "Alert\nDetails",
+      author: "Alice",
+      timestamp: 123,
+    });
+  });
+
+  it("prefers starter content over embed fallback text", async () => {
+    const result = await resolveStarter(
+      {
+        content: "starter content",
+        embeds: [{ title: "Alert", description: "Details" }],
+        author: { username: "Alice", discriminator: "0" },
+      },
+      () => undefined,
+    );
+
+    expect(result?.text).toBe("starter content");
+  });
+});
diff --git a/src/discord/monitor/threading.ts b/extensions/discord/src/monitor/threading.ts
similarity index 93%
rename from src/discord/monitor/threading.ts
rename to extensions/discord/src/monitor/threading.ts
index 28897e9b7aa..035354b98af 100644
--- a/src/discord/monitor/threading.ts
+++ b/extensions/discord/src/monitor/threading.ts
@@ -1,10 +1,10 @@
 import { ChannelType, type Client } from "@buape/carbon";
 import { Routes } from "discord-api-types/v10";
-import { createReplyReferencePlanner } from "../../auto-reply/reply/reply-reference.js";
-import type { ReplyToMode } from "../../config/config.js";
-import { logVerbose } from "../../globals.js";
-import { buildAgentSessionKey } from "../../routing/resolve-route.js";
-import { truncateUtf16Safe } from "../../utils.js";
+import { createReplyReferencePlanner } from "../../../../src/auto-reply/reply/reply-reference.js";
+import type { ReplyToMode } from "../../../../src/config/config.js";
+import { logVerbose } from "../../../../src/globals.js";
+import { buildAgentSessionKey } from "../../../../src/routing/resolve-route.js";
+import { truncateUtf16Safe } from "../../../../src/utils.js";
 import type { DiscordChannelConfigResolved } from "./allow-list.js";
 import type { DiscordMessageEvent } from "./listeners.js";
 import {
@@ -89,6 +89,18 @@ function isDiscordThreadType(type: ChannelType | undefined): boolean {
   );
 }
 
+function resolveTrimmedDiscordMessageChannelId(params: {
+  message: DiscordMessageEvent["message"];
+  messageChannelId?: string;
+}) {
+  return (
+    params.messageChannelId ||
+    resolveDiscordMessageChannelId({
+      message: params.message,
+    })
+  ).trim();
+}
+
 export function resolveDiscordThreadChannel(params: {
   isGuildMessage: boolean;
   message: DiscordMessageEvent["message"];
@@ -301,7 +313,7 @@ export type DiscordAutoThreadReplyPlan = DiscordReplyDeliveryPlan & {
   autoThreadContext: DiscordAutoThreadContext | null;
 };
 
-export async function resolveDiscordAutoThreadReplyPlan(params: {
+type MaybeCreateDiscordAutoThreadParams = {
   client: Client;
   message: DiscordMessageEvent["message"];
   messageChannelId?: string;
@@ -311,16 +323,16 @@ export async function resolveDiscordAutoThreadReplyPlan(params: {
   channelType?: ChannelType;
   baseText: string;
   combinedBody: string;
-  replyToMode: ReplyToMode;
-  agentId: string;
-  channel: string;
-}): Promise<DiscordAutoThreadReplyPlan> {
-  const messageChannelId = (
-    params.messageChannelId ||
-    resolveDiscordMessageChannelId({
-      message: params.message,
-    })
-  ).trim();
+};
+
+export async function resolveDiscordAutoThreadReplyPlan(
+  params: MaybeCreateDiscordAutoThreadParams & {
+    replyToMode: ReplyToMode;
+    agentId: string;
+    channel: string;
+  },
+): Promise<DiscordAutoThreadReplyPlan> {
+  const messageChannelId = resolveTrimmedDiscordMessageChannelId(params);
   // Prefer the resolved thread channel ID when available so replies stay in-thread.
   const targetChannelId = params.threadChannel?.id ?? (messageChannelId || "unknown");
   const originalReplyTarget = `channel:${targetChannelId}`;
@@ -353,17 +365,9 @@ export async function resolveDiscordAutoThreadReplyPlan(params: {
   return { ...deliveryPlan, createdThreadId, autoThreadContext };
 }
 
-export async function maybeCreateDiscordAutoThread(params: {
-  client: Client;
-  message: DiscordMessageEvent["message"];
-  messageChannelId?: string;
-  isGuildMessage: boolean;
-  channelConfig?: DiscordChannelConfigResolved | null;
-  threadChannel?: DiscordThreadChannel | null;
-  channelType?: ChannelType;
-  baseText: string;
-  combinedBody: string;
-}): Promise<string | undefined> {
+export async function maybeCreateDiscordAutoThread(
+  params: MaybeCreateDiscordAutoThreadParams,
+): Promise<string | undefined> {
   if (!params.isGuildMessage) {
     return undefined;
   }
@@ -383,12 +387,7 @@ export async function maybeCreateDiscordAutoThread(params: {
     return undefined;
   }
 
-  const messageChannelId = (
-    params.messageChannelId ||
-    resolveDiscordMessageChannelId({
-      message: params.message,
-    })
-  ).trim();
+  const messageChannelId = resolveTrimmedDiscordMessageChannelId(params);
   if (!messageChannelId) {
     return undefined;
   }
diff --git a/src/discord/monitor/timeouts.ts b/extensions/discord/src/monitor/timeouts.ts
similarity index 100%
rename from src/discord/monitor/timeouts.ts
rename to extensions/discord/src/monitor/timeouts.ts
diff --git a/src/discord/monitor/typing.ts b/extensions/discord/src/monitor/typing.ts
similarity index 100%
rename from src/discord/monitor/typing.ts
rename to extensions/discord/src/monitor/typing.ts
diff --git a/extensions/discord/src/normalize.ts b/extensions/discord/src/normalize.ts
new file mode 100644
index 00000000000..231cba8e5dc
--- /dev/null
+++ b/extensions/discord/src/normalize.ts
@@ -0,0 +1,47 @@
+import { parseDiscordTarget } from "./targets.js";
+
+export function normalizeDiscordMessagingTarget(raw: string): string | undefined {
+  // Default bare IDs to channels so routing is stable across tool actions.
+  const target = parseDiscordTarget(raw, { defaultKind: "channel" });
+  return target?.normalized;
+}
+
+/**
+ * Normalize a Discord outbound target for delivery. Bare numeric IDs are
+ * prefixed with "channel:" to avoid the ambiguous-target error in
+ * parseDiscordTarget. All other formats pass through unchanged.
+ */
+export function normalizeDiscordOutboundTarget(
+  to?: string,
+): { ok: true; to: string } | { ok: false; error: Error } {
+  const trimmed = to?.trim();
+  if (!trimmed) {
+    return {
+      ok: false,
+      error: new Error(
+        'Discord recipient is required. Use "channel:<id>" for channels or "user:<id>" for DMs.',
+      ),
+    };
+  }
+  if (/^\d+$/.test(trimmed)) {
+    return { ok: true, to: `channel:${trimmed}` };
+  }
+  return { ok: true, to: trimmed };
+}
+
+export function looksLikeDiscordTargetId(raw: string): boolean {
+  const trimmed = raw.trim();
+  if (!trimmed) {
+    return false;
+  }
+  if (/^<@!?\d+>$/.test(trimmed)) {
+    return true;
+  }
+  if (/^(user|channel|discord):/i.test(trimmed)) {
+    return true;
+  }
+  if (/^\d{6,}$/.test(trimmed)) {
+    return true;
+  }
+  return false;
+}
diff --git a/extensions/discord/src/onboarding.ts b/extensions/discord/src/onboarding.ts
new file mode 100644
index 00000000000..f4883b1254f
--- /dev/null
+++ b/extensions/discord/src/onboarding.ts
@@ -0,0 +1,319 @@
+import type {
+  ChannelOnboardingAdapter,
+  ChannelOnboardingDmPolicy,
+} from "../../../src/channels/plugins/onboarding-types.js";
+import { configureChannelAccessWithAllowlist } from "../../../src/channels/plugins/onboarding/channel-access-configure.js";
+import {
+  applySingleTokenPromptResult,
+  parseMentionOrPrefixedId,
+  noteChannelLookupFailure,
+  noteChannelLookupSummary,
+  patchChannelConfigForAccount,
+  promptLegacyChannelAllowFrom,
+  resolveAccountIdForConfigure,
+  resolveOnboardingAccountId,
+  runSingleChannelSecretStep,
+  setAccountGroupPolicyForChannel,
+  setLegacyChannelDmPolicyWithAllowFrom,
+  setOnboardingChannelEnabled,
+} from "../../../src/channels/plugins/onboarding/helpers.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { DiscordGuildEntry } from "../../../src/config/types.discord.js";
+import { hasConfiguredSecretInput } from "../../../src/config/types.secrets.js";
+import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js";
+import { formatDocsLink } from "../../../src/terminal/links.js";
+import type { WizardPrompter } from "../../../src/wizard/prompts.js";
+import { inspectDiscordAccount } from "./account-inspect.js";
+import {
+  listDiscordAccountIds,
+  resolveDefaultDiscordAccountId,
+  resolveDiscordAccount,
+} from "./accounts.js";
+import { normalizeDiscordSlug } from "./monitor/allow-list.js";
+import {
+  resolveDiscordChannelAllowlist,
+  type DiscordChannelResolution,
+} from "./resolve-channels.js";
+import { resolveDiscordUserAllowlist } from "./resolve-users.js";
+
+const channel = "discord" as const;
+
+async function noteDiscordTokenHelp(prompter: WizardPrompter): Promise<void> {
+  await prompter.note(
+    [
+      "1) Discord Developer Portal → Applications → New Application",
+      "2) Bot → Add Bot → Reset Token → copy token",
+      "3) OAuth2 → URL Generator → scope 'bot' → invite to your server",
+      "Tip: enable Message Content Intent if you need message text. (Bot → Privileged Gateway Intents → Message Content Intent)",
+      `Docs: ${formatDocsLink("/discord", "discord")}`,
+    ].join("\n"),
+    "Discord bot token",
+  );
+}
+
+function setDiscordGuildChannelAllowlist(
+  cfg: OpenClawConfig,
+  accountId: string,
+  entries: Array<{
+    guildKey: string;
+    channelKey?: string;
+  }>,
+): OpenClawConfig {
+  const baseGuilds =
+    accountId === DEFAULT_ACCOUNT_ID
+      ? (cfg.channels?.discord?.guilds ?? {})
+      : (cfg.channels?.discord?.accounts?.[accountId]?.guilds ?? {});
+  const guilds: Record<string, DiscordGuildEntry> = { ...baseGuilds };
+  for (const entry of entries) {
+    const guildKey = entry.guildKey || "*";
+    const existing = guilds[guildKey] ?? {};
+    if (entry.channelKey) {
+      const channels = { ...existing.channels };
+      channels[entry.channelKey] = { allow: true };
+      guilds[guildKey] = { ...existing, channels };
+    } else {
+      guilds[guildKey] = existing;
+    }
+  }
+  return patchChannelConfigForAccount({
+    cfg,
+    channel: "discord",
+    accountId,
+    patch: { guilds },
+  });
+}
+
+async function promptDiscordAllowFrom(params: {
+  cfg: OpenClawConfig;
+  prompter: WizardPrompter;
+  accountId?: string;
+}): Promise<OpenClawConfig> {
+  const accountId = resolveOnboardingAccountId({
+    accountId: params.accountId,
+    defaultAccountId: resolveDefaultDiscordAccountId(params.cfg),
+  });
+  const resolved = resolveDiscordAccount({ cfg: params.cfg, accountId });
+  const token = resolved.token;
+  const existing =
+    params.cfg.channels?.discord?.allowFrom ?? params.cfg.channels?.discord?.dm?.allowFrom ?? [];
+  const parseId = (value: string) =>
+    parseMentionOrPrefixedId({
+      value,
+      mentionPattern: /^<@!?(\d+)>$/,
+      prefixPattern: /^(user:|discord:)/i,
+      idPattern: /^\d+$/,
+    });
+
+  return promptLegacyChannelAllowFrom({
+    cfg: params.cfg,
+    channel: "discord",
+    prompter: params.prompter,
+    existing,
+    token,
+    noteTitle: "Discord allowlist",
+    noteLines: [
+      "Allowlist Discord DMs by username (we resolve to user ids).",
+      "Examples:",
+      "- 123456789012345678",
+      "- @alice",
+      "- alice#1234",
+      "Multiple entries: comma-separated.",
+      `Docs: ${formatDocsLink("/discord", "discord")}`,
+    ],
+    message: "Discord allowFrom (usernames or ids)",
+    placeholder: "@alice, 123456789012345678",
+    parseId,
+    invalidWithoutTokenNote: "Bot token missing; use numeric user ids (or mention form) only.",
+    resolveEntries: ({ token, entries }) =>
+      resolveDiscordUserAllowlist({
+        token,
+        entries,
+      }),
+  });
+}
+
+const dmPolicy: ChannelOnboardingDmPolicy = {
+  label: "Discord",
+  channel,
+  policyKey: "channels.discord.dmPolicy",
+  allowFromKey: "channels.discord.allowFrom",
+  getCurrent: (cfg) =>
+    cfg.channels?.discord?.dmPolicy ?? cfg.channels?.discord?.dm?.policy ?? "pairing",
+  setPolicy: (cfg, policy) =>
+    setLegacyChannelDmPolicyWithAllowFrom({
+      cfg,
+      channel: "discord",
+      dmPolicy: policy,
+    }),
+  promptAllowFrom: promptDiscordAllowFrom,
+};
+
+export const discordOnboardingAdapter: ChannelOnboardingAdapter = {
+  channel,
+  getStatus: async ({ cfg }) => {
+    const configured = listDiscordAccountIds(cfg).some((accountId) => {
+      const account = inspectDiscordAccount({ cfg, accountId });
+      return account.configured;
+    });
+    return {
+      channel,
+      configured,
+      statusLines: [`Discord: ${configured ? "configured" : "needs token"}`],
+      selectionHint: configured ? "configured" : "needs token",
+      quickstartScore: configured ? 2 : 1,
+    };
+  },
+  configure: async ({ cfg, prompter, options, accountOverrides, shouldPromptAccountIds }) => {
+    const defaultDiscordAccountId = resolveDefaultDiscordAccountId(cfg);
+    const discordAccountId = await resolveAccountIdForConfigure({
+      cfg,
+      prompter,
+      label: "Discord",
+      accountOverride: accountOverrides.discord,
+      shouldPromptAccountIds,
+      listAccountIds: listDiscordAccountIds,
+      defaultAccountId: defaultDiscordAccountId,
+    });
+
+    let next = cfg;
+    const resolvedAccount = resolveDiscordAccount({
+      cfg: next,
+      accountId: discordAccountId,
+    });
+    const allowEnv = discordAccountId === DEFAULT_ACCOUNT_ID;
+    const tokenStep = await runSingleChannelSecretStep({
+      cfg: next,
+      prompter,
+      providerHint: "discord",
+      credentialLabel: "Discord bot token",
+      secretInputMode: options?.secretInputMode,
+      accountConfigured: Boolean(resolvedAccount.token),
+      hasConfigToken: hasConfiguredSecretInput(resolvedAccount.config.token),
+      allowEnv,
+      envValue: process.env.DISCORD_BOT_TOKEN,
+      envPrompt: "DISCORD_BOT_TOKEN detected. Use env var?",
+      keepPrompt: "Discord token already configured. Keep it?",
+      inputPrompt: "Enter Discord bot token",
+      preferredEnvVar: allowEnv ? "DISCORD_BOT_TOKEN" : undefined,
+      onMissingConfigured: async () => await noteDiscordTokenHelp(prompter),
+      applyUseEnv: async (cfg) =>
+        applySingleTokenPromptResult({
+          cfg,
+          channel: "discord",
+          accountId: discordAccountId,
+          tokenPatchKey: "token",
+          tokenResult: { useEnv: true, token: null },
+        }),
+      applySet: async (cfg, value) =>
+        applySingleTokenPromptResult({
+          cfg,
+          channel: "discord",
+          accountId: discordAccountId,
+          tokenPatchKey: "token",
+          tokenResult: { useEnv: false, token: value },
+        }),
+    });
+    next = tokenStep.cfg;
+
+    const currentEntries = Object.entries(resolvedAccount.config.guilds ?? {}).flatMap(
+      ([guildKey, value]) => {
+        const channels = value?.channels ?? {};
+        const channelKeys = Object.keys(channels);
+        if (channelKeys.length === 0) {
+          const input = /^\d+$/.test(guildKey) ? `guild:${guildKey}` : guildKey;
+          return [input];
+        }
+        return channelKeys.map((channelKey) => `${guildKey}/${channelKey}`);
+      },
+    );
+    next = await configureChannelAccessWithAllowlist({
+      cfg: next,
+      prompter,
+      label: "Discord channels",
+      currentPolicy: resolvedAccount.config.groupPolicy ?? "allowlist",
+      currentEntries,
+      placeholder: "My Server/#general, guildId/channelId, #support",
+      updatePrompt: Boolean(resolvedAccount.config.guilds),
+      setPolicy: (cfg, policy) =>
+        setAccountGroupPolicyForChannel({
+          cfg,
+          channel: "discord",
+          accountId: discordAccountId,
+          groupPolicy: policy,
+        }),
+      resolveAllowlist: async ({ cfg, entries }) => {
+        const accountWithTokens = resolveDiscordAccount({
+          cfg,
+          accountId: discordAccountId,
+        });
+        let resolved: DiscordChannelResolution[] = entries.map((input) => ({
+          input,
+          resolved: false,
+        }));
+        const activeToken = accountWithTokens.token || tokenStep.resolvedValue || "";
+        if (activeToken && entries.length > 0) {
+          try {
+            resolved = await resolveDiscordChannelAllowlist({
+              token: activeToken,
+              entries,
+            });
+            const resolvedChannels = resolved.filter((entry) => entry.resolved && entry.channelId);
+            const resolvedGuilds = resolved.filter(
+              (entry) => entry.resolved && entry.guildId && !entry.channelId,
+            );
+            const unresolved = resolved
+              .filter((entry) => !entry.resolved)
+              .map((entry) => entry.input);
+            await noteChannelLookupSummary({
+              prompter,
+              label: "Discord channels",
+              resolvedSections: [
+                {
+                  title: "Resolved channels",
+                  values: resolvedChannels
+                    .map((entry) => entry.channelId)
+                    .filter((value): value is string => Boolean(value)),
+                },
+                {
+                  title: "Resolved guilds",
+                  values: resolvedGuilds
+                    .map((entry) => entry.guildId)
+                    .filter((value): value is string => Boolean(value)),
+                },
+              ],
+              unresolved,
+            });
+          } catch (err) {
+            await noteChannelLookupFailure({
+              prompter,
+              label: "Discord channels",
+              error: err,
+            });
+          }
+        }
+        return resolved;
+      },
+      applyAllowlist: ({ cfg, resolved }) => {
+        const allowlistEntries: Array<{ guildKey: string; channelKey?: string }> = [];
+        for (const entry of resolved) {
+          const guildKey =
+            entry.guildId ??
+            (entry.guildName ? normalizeDiscordSlug(entry.guildName) : undefined) ??
+            "*";
+          const channelKey =
+            entry.channelId ??
+            (entry.channelName ? normalizeDiscordSlug(entry.channelName) : undefined);
+          if (!channelKey && guildKey === "*") {
+            continue;
+          }
+          allowlistEntries.push({ guildKey, ...(channelKey ? { channelKey } : {}) });
+        }
+        return setDiscordGuildChannelAllowlist(cfg, discordAccountId, allowlistEntries);
+      },
+    });
+
+    return { cfg: next, accountId: discordAccountId };
+  },
+  dmPolicy,
+  disable: (cfg) => setOnboardingChannelEnabled(cfg, channel, false),
+};
diff --git a/src/channels/plugins/outbound/discord.sendpayload.test.ts b/extensions/discord/src/outbound-adapter.sendpayload.test.ts
similarity index 81%
rename from src/channels/plugins/outbound/discord.sendpayload.test.ts
rename to extensions/discord/src/outbound-adapter.sendpayload.test.ts
index 168f8d8d927..ae5d86f8700 100644
--- a/src/channels/plugins/outbound/discord.sendpayload.test.ts
+++ b/extensions/discord/src/outbound-adapter.sendpayload.test.ts
@@ -1,10 +1,10 @@
 import { describe, vi } from "vitest";
-import type { ReplyPayload } from "../../../auto-reply/types.js";
+import type { ReplyPayload } from "../../../src/auto-reply/types.js";
 import {
   installSendPayloadContractSuite,
   primeSendMock,
-} from "../../../test-utils/send-payload-contract.js";
-import { discordOutbound } from "./discord.js";
+} from "../../../src/test-utils/send-payload-contract.js";
+import { discordOutbound } from "./outbound-adapter.js";
 
 function createHarness(params: {
   payload: ReplyPayload;
diff --git a/src/channels/plugins/outbound/discord.test.ts b/extensions/discord/src/outbound-adapter.test.ts
similarity index 93%
rename from src/channels/plugins/outbound/discord.test.ts
rename to extensions/discord/src/outbound-adapter.test.ts
index b6a618f4b5f..3321a9cb59b 100644
--- a/src/channels/plugins/outbound/discord.test.ts
+++ b/extensions/discord/src/outbound-adapter.test.ts
@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { normalizeDiscordOutboundTarget } from "../normalize/discord.js";
+import { normalizeDiscordOutboundTarget } from "./normalize.js";
 
 const hoisted = vi.hoisted(() => {
   const sendMessageDiscordMock = vi.fn();
@@ -14,8 +14,8 @@ const hoisted = vi.hoisted(() => {
   };
 });
 
-vi.mock("../../../discord/send.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../../discord/send.js")>();
+vi.mock("./send.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("./send.js")>();
   return {
     ...actual,
     sendMessageDiscord: (...args: unknown[]) => hoisted.sendMessageDiscordMock(...args),
@@ -25,16 +25,15 @@ vi.mock("../../../discord/send.js", async (importOriginal) => {
   };
 });
 
-vi.mock("../../../discord/monitor/thread-bindings.js", async (importOriginal) => {
-  const actual =
-    await importOriginal<typeof import("../../../discord/monitor/thread-bindings.js")>();
+vi.mock("./monitor/thread-bindings.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("./monitor/thread-bindings.js")>();
   return {
     ...actual,
     getThreadBindingManager: (...args: unknown[]) => hoisted.getThreadBindingManagerMock(...args),
   };
 });
 
-const { discordOutbound } = await import("./discord.js");
+const { discordOutbound } = await import("./outbound-adapter.js");
 
 const DEFAULT_DISCORD_SEND_RESULT = {
   channel: "discord",
diff --git a/extensions/discord/src/outbound-adapter.ts b/extensions/discord/src/outbound-adapter.ts
new file mode 100644
index 00000000000..4c17960791d
--- /dev/null
+++ b/extensions/discord/src/outbound-adapter.ts
@@ -0,0 +1,143 @@
+import { sendTextMediaPayload } from "../../../src/channels/plugins/outbound/direct-text-media.js";
+import type { ChannelOutboundAdapter } from "../../../src/channels/plugins/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { OutboundIdentity } from "../../../src/infra/outbound/identity.js";
+import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js";
+import { getThreadBindingManager, type ThreadBindingRecord } from "./monitor/thread-bindings.js";
+import { normalizeDiscordOutboundTarget } from "./normalize.js";
+import { sendMessageDiscord, sendPollDiscord, sendWebhookMessageDiscord } from "./send.js";
+
+function resolveDiscordOutboundTarget(params: {
+  to: string;
+  threadId?: string | number | null;
+}): string {
+  if (params.threadId == null) {
+    return params.to;
+  }
+  const threadId = String(params.threadId).trim();
+  if (!threadId) {
+    return params.to;
+  }
+  return `channel:${threadId}`;
+}
+
+function resolveDiscordWebhookIdentity(params: {
+  identity?: OutboundIdentity;
+  binding: ThreadBindingRecord;
+}): { username?: string; avatarUrl?: string } {
+  const usernameRaw = params.identity?.name?.trim();
+  const fallbackUsername = params.binding.label?.trim() || params.binding.agentId;
+  const username = (usernameRaw || fallbackUsername || "").slice(0, 80) || undefined;
+  const avatarUrl = params.identity?.avatarUrl?.trim() || undefined;
+  return { username, avatarUrl };
+}
+
+async function maybeSendDiscordWebhookText(params: {
+  cfg?: OpenClawConfig;
+  text: string;
+  threadId?: string | number | null;
+  accountId?: string | null;
+  identity?: OutboundIdentity;
+  replyToId?: string | null;
+}): Promise<{ messageId: string; channelId: string } | null> {
+  if (params.threadId == null) {
+    return null;
+  }
+  const threadId = String(params.threadId).trim();
+  if (!threadId) {
+    return null;
+  }
+  const manager = getThreadBindingManager(params.accountId ?? undefined);
+  if (!manager) {
+    return null;
+  }
+  const binding = manager.getByThreadId(threadId);
+  if (!binding?.webhookId || !binding?.webhookToken) {
+    return null;
+  }
+  const persona = resolveDiscordWebhookIdentity({
+    identity: params.identity,
+    binding,
+  });
+  const result = await sendWebhookMessageDiscord(params.text, {
+    webhookId: binding.webhookId,
+    webhookToken: binding.webhookToken,
+    accountId: binding.accountId,
+    threadId: binding.threadId,
+    cfg: params.cfg,
+    replyTo: params.replyToId ?? undefined,
+    username: persona.username,
+    avatarUrl: persona.avatarUrl,
+  });
+  return result;
+}
+
+export const discordOutbound: ChannelOutboundAdapter = {
+  deliveryMode: "direct",
+  chunker: null,
+  textChunkLimit: 2000,
+  pollMaxOptions: 10,
+  resolveTarget: ({ to }) => normalizeDiscordOutboundTarget(to),
+  sendPayload: async (ctx) =>
+    await sendTextMediaPayload({ channel: "discord", ctx, adapter: discordOutbound }),
+  sendText: async ({ cfg, to, text, accountId, deps, replyToId, threadId, identity, silent }) => {
+    if (!silent) {
+      const webhookResult = await maybeSendDiscordWebhookText({
+        cfg,
+        text,
+        threadId,
+        accountId,
+        identity,
+        replyToId,
+      }).catch(() => null);
+      if (webhookResult) {
+        return { channel: "discord", ...webhookResult };
+      }
+    }
+    const send =
+      resolveOutboundSendDep<typeof sendMessageDiscord>(deps, "discord") ?? sendMessageDiscord;
+    const target = resolveDiscordOutboundTarget({ to, threadId });
+    const result = await send(target, text, {
+      verbose: false,
+      replyTo: replyToId ?? undefined,
+      accountId: accountId ?? undefined,
+      silent: silent ?? undefined,
+      cfg,
+    });
+    return { channel: "discord", ...result };
+  },
+  sendMedia: async ({
+    cfg,
+    to,
+    text,
+    mediaUrl,
+    mediaLocalRoots,
+    accountId,
+    deps,
+    replyToId,
+    threadId,
+    silent,
+  }) => {
+    const send =
+      resolveOutboundSendDep<typeof sendMessageDiscord>(deps, "discord") ?? sendMessageDiscord;
+    const target = resolveDiscordOutboundTarget({ to, threadId });
+    const result = await send(target, text, {
+      verbose: false,
+      mediaUrl,
+      mediaLocalRoots,
+      replyTo: replyToId ?? undefined,
+      accountId: accountId ?? undefined,
+      silent: silent ?? undefined,
+      cfg,
+    });
+    return { channel: "discord", ...result };
+  },
+  sendPoll: async ({ cfg, to, poll, accountId, threadId, silent }) => {
+    const target = resolveDiscordOutboundTarget({ to, threadId });
+    return await sendPollDiscord(target, poll, {
+      accountId: accountId ?? undefined,
+      silent: silent ?? undefined,
+      cfg,
+    });
+  },
+};
diff --git a/src/discord/pluralkit.test.ts b/extensions/discord/src/pluralkit.test.ts
similarity index 100%
rename from src/discord/pluralkit.test.ts
rename to extensions/discord/src/pluralkit.test.ts
diff --git a/src/discord/pluralkit.ts b/extensions/discord/src/pluralkit.ts
similarity index 95%
rename from src/discord/pluralkit.ts
rename to extensions/discord/src/pluralkit.ts
index 7e19df6e2d9..e328fb27eff 100644
--- a/src/discord/pluralkit.ts
+++ b/extensions/discord/src/pluralkit.ts
@@ -1,4 +1,4 @@
-import { resolveFetch } from "../infra/fetch.js";
+import { resolveFetch } from "../../../src/infra/fetch.js";
 
 const PLURALKIT_API_BASE = "https://api.pluralkit.me/v2";
 
diff --git a/src/discord/probe.intents.test.ts b/extensions/discord/src/probe.intents.test.ts
similarity index 100%
rename from src/discord/probe.intents.test.ts
rename to extensions/discord/src/probe.intents.test.ts
diff --git a/src/discord/probe.parse-token.test.ts b/extensions/discord/src/probe.parse-token.test.ts
similarity index 100%
rename from src/discord/probe.parse-token.test.ts
rename to extensions/discord/src/probe.parse-token.test.ts
diff --git a/src/discord/probe.ts b/extensions/discord/src/probe.ts
similarity index 97%
rename from src/discord/probe.ts
rename to extensions/discord/src/probe.ts
index 5f743b8b404..b434cd8c78d 100644
--- a/src/discord/probe.ts
+++ b/extensions/discord/src/probe.ts
@@ -1,6 +1,6 @@
-import type { BaseProbeResult } from "../channels/plugins/types.js";
-import { resolveFetch } from "../infra/fetch.js";
-import { fetchWithTimeout } from "../utils/fetch-timeout.js";
+import type { BaseProbeResult } from "../../../src/channels/plugins/types.js";
+import { resolveFetch } from "../../../src/infra/fetch.js";
+import { fetchWithTimeout } from "../../../src/utils/fetch-timeout.js";
 import { normalizeDiscordToken } from "./token.js";
 
 const DISCORD_API_BASE = "https://discord.com/api/v10";
diff --git a/src/discord/resolve-allowlist-common.test.ts b/extensions/discord/src/resolve-allowlist-common.test.ts
similarity index 100%
rename from src/discord/resolve-allowlist-common.test.ts
rename to extensions/discord/src/resolve-allowlist-common.test.ts
diff --git a/src/discord/resolve-allowlist-common.ts b/extensions/discord/src/resolve-allowlist-common.ts
similarity index 100%
rename from src/discord/resolve-allowlist-common.ts
rename to extensions/discord/src/resolve-allowlist-common.ts
diff --git a/src/discord/resolve-channels.test.ts b/extensions/discord/src/resolve-channels.test.ts
similarity index 99%
rename from src/discord/resolve-channels.test.ts
rename to extensions/discord/src/resolve-channels.test.ts
index 70fa4f74aa3..fb46792aaaa 100644
--- a/src/discord/resolve-channels.test.ts
+++ b/extensions/discord/src/resolve-channels.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { withFetchPreconnect } from "../test-utils/fetch-mock.js";
+import { withFetchPreconnect } from "../../../src/test-utils/fetch-mock.js";
 import { resolveDiscordChannelAllowlist } from "./resolve-channels.js";
 import { jsonResponse, urlToString } from "./test-http-helpers.js";
 
diff --git a/src/discord/resolve-channels.ts b/extensions/discord/src/resolve-channels.ts
similarity index 100%
rename from src/discord/resolve-channels.ts
rename to extensions/discord/src/resolve-channels.ts
diff --git a/src/discord/resolve-users.test.ts b/extensions/discord/src/resolve-users.test.ts
similarity index 98%
rename from src/discord/resolve-users.test.ts
rename to extensions/discord/src/resolve-users.test.ts
index 123de666dcb..d788b77ebe0 100644
--- a/src/discord/resolve-users.test.ts
+++ b/extensions/discord/src/resolve-users.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { withFetchPreconnect } from "../test-utils/fetch-mock.js";
+import { withFetchPreconnect } from "../../../src/test-utils/fetch-mock.js";
 import { resolveDiscordUserAllowlist } from "./resolve-users.js";
 import { jsonResponse, urlToString } from "./test-http-helpers.js";
 
diff --git a/src/discord/resolve-users.ts b/extensions/discord/src/resolve-users.ts
similarity index 100%
rename from src/discord/resolve-users.ts
rename to extensions/discord/src/resolve-users.ts
diff --git a/src/discord/send.channels.ts b/extensions/discord/src/send.channels.ts
similarity index 100%
rename from src/discord/send.channels.ts
rename to extensions/discord/src/send.channels.ts
diff --git a/src/discord/send.components.test.ts b/extensions/discord/src/send.components.test.ts
similarity index 89%
rename from src/discord/send.components.test.ts
rename to extensions/discord/src/send.components.test.ts
index 84e02e47b12..1da4cc964dd 100644
--- a/src/discord/send.components.test.ts
+++ b/extensions/discord/src/send.components.test.ts
@@ -6,8 +6,10 @@ import { makeDiscordRest } from "./send.test-harness.js";
 
 const loadConfigMock = vi.hoisted(() => vi.fn(() => ({ session: { dmScope: "main" } })));
 
-vi.mock("../config/config.js", async () => {
-  const actual = await vi.importActual<typeof import("../config/config.js")>("../config/config.js");
+vi.mock("../../../src/config/config.js", async () => {
+  const actual = await vi.importActual<typeof import("../../../src/config/config.js")>(
+    "../../../src/config/config.js",
+  );
   return {
     ...actual,
     loadConfig: (..._args: unknown[]) => loadConfigMock(),
diff --git a/src/discord/send.components.ts b/extensions/discord/src/send.components.ts
similarity index 95%
rename from src/discord/send.components.ts
rename to extensions/discord/src/send.components.ts
index 5cdbee1b90c..9212e383ed7 100644
--- a/src/discord/send.components.ts
+++ b/extensions/discord/src/send.components.ts
@@ -5,9 +5,9 @@ import {
   type RequestClient,
 } from "@buape/carbon";
 import { ChannelType, Routes } from "discord-api-types/v10";
-import { loadConfig, type OpenClawConfig } from "../config/config.js";
-import { recordChannelActivity } from "../infra/channel-activity.js";
-import { loadWebMedia } from "../web/media.js";
+import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js";
+import { recordChannelActivity } from "../../../src/infra/channel-activity.js";
+import { loadWebMedia } from "../../whatsapp/src/media.js";
 import { resolveDiscordAccount } from "./accounts.js";
 import { registerDiscordComponentEntries } from "./components-registry.js";
 import {
diff --git a/src/discord/send.creates-thread.test.ts b/extensions/discord/src/send.creates-thread.test.ts
similarity index 99%
rename from src/discord/send.creates-thread.test.ts
rename to extensions/discord/src/send.creates-thread.test.ts
index 3fd70b99882..c1012816d22 100644
--- a/src/discord/send.creates-thread.test.ts
+++ b/extensions/discord/src/send.creates-thread.test.ts
@@ -18,7 +18,7 @@ import {
 } from "./send.js";
 import { makeDiscordRest } from "./send.test-harness.js";
 
-vi.mock("../web/media.js", async () => {
+vi.mock("../../whatsapp/src/media.js", async () => {
   const { discordWebMediaMockFactory } = await import("./send.test-harness.js");
   return discordWebMediaMockFactory();
 });
diff --git a/src/discord/send.emojis-stickers.ts b/extensions/discord/src/send.emojis-stickers.ts
similarity index 97%
rename from src/discord/send.emojis-stickers.ts
rename to extensions/discord/src/send.emojis-stickers.ts
index a6e42182631..601b8372e74 100644
--- a/src/discord/send.emojis-stickers.ts
+++ b/extensions/discord/src/send.emojis-stickers.ts
@@ -1,5 +1,5 @@
 import { Routes } from "discord-api-types/v10";
-import { loadWebMediaRaw } from "../web/media.js";
+import { loadWebMediaRaw } from "../../whatsapp/src/media.js";
 import { normalizeEmojiName, resolveDiscordRest } from "./send.shared.js";
 import type { DiscordEmojiUpload, DiscordReactOpts, DiscordStickerUpload } from "./send.types.js";
 import { DISCORD_MAX_EMOJI_BYTES, DISCORD_MAX_STICKER_BYTES } from "./send.types.js";
diff --git a/src/discord/send.guild.ts b/extensions/discord/src/send.guild.ts
similarity index 100%
rename from src/discord/send.guild.ts
rename to extensions/discord/src/send.guild.ts
diff --git a/src/discord/send.messages.ts b/extensions/discord/src/send.messages.ts
similarity index 100%
rename from src/discord/send.messages.ts
rename to extensions/discord/src/send.messages.ts
diff --git a/src/discord/send.outbound.ts b/extensions/discord/src/send.outbound.ts
similarity index 95%
rename from src/discord/send.outbound.ts
rename to extensions/discord/src/send.outbound.ts
index 8234291e7ed..8f7b743e0d0 100644
--- a/src/discord/send.outbound.ts
+++ b/extensions/discord/src/send.outbound.ts
@@ -3,18 +3,18 @@ import fs from "node:fs/promises";
 import path from "node:path";
 import { serializePayload, type MessagePayloadObject, type RequestClient } from "@buape/carbon";
 import { ChannelType, Routes } from "discord-api-types/v10";
-import { resolveChunkMode } from "../auto-reply/chunk.js";
-import { loadConfig, type OpenClawConfig } from "../config/config.js";
-import { resolveMarkdownTableMode } from "../config/markdown-tables.js";
-import { recordChannelActivity } from "../infra/channel-activity.js";
-import type { RetryConfig } from "../infra/retry.js";
-import { resolvePreferredOpenClawTmpDir } from "../infra/tmp-openclaw-dir.js";
-import { convertMarkdownTables } from "../markdown/tables.js";
-import { maxBytesForKind } from "../media/constants.js";
-import { extensionForMime } from "../media/mime.js";
-import { unlinkIfExists } from "../media/temp-files.js";
-import type { PollInput } from "../polls.js";
-import { loadWebMediaRaw } from "../web/media.js";
+import { resolveChunkMode } from "../../../src/auto-reply/chunk.js";
+import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js";
+import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js";
+import { recordChannelActivity } from "../../../src/infra/channel-activity.js";
+import type { RetryConfig } from "../../../src/infra/retry.js";
+import { resolvePreferredOpenClawTmpDir } from "../../../src/infra/tmp-openclaw-dir.js";
+import { convertMarkdownTables } from "../../../src/markdown/tables.js";
+import { maxBytesForKind } from "../../../src/media/constants.js";
+import { extensionForMime } from "../../../src/media/mime.js";
+import { unlinkIfExists } from "../../../src/media/temp-files.js";
+import type { PollInput } from "../../../src/polls.js";
+import { loadWebMediaRaw } from "../../whatsapp/src/media.js";
 import { resolveDiscordAccount } from "./accounts.js";
 import { rewriteDiscordKnownMentions } from "./mentions.js";
 import {
diff --git a/src/discord/send.permissions.authz.test.ts b/extensions/discord/src/send.permissions.authz.test.ts
similarity index 100%
rename from src/discord/send.permissions.authz.test.ts
rename to extensions/discord/src/send.permissions.authz.test.ts
diff --git a/src/discord/send.permissions.ts b/extensions/discord/src/send.permissions.ts
similarity index 100%
rename from src/discord/send.permissions.ts
rename to extensions/discord/src/send.permissions.ts
diff --git a/src/discord/send.reactions.ts b/extensions/discord/src/send.reactions.ts
similarity index 98%
rename from src/discord/send.reactions.ts
rename to extensions/discord/src/send.reactions.ts
index 436d64ac5b2..26353a7acb5 100644
--- a/src/discord/send.reactions.ts
+++ b/extensions/discord/src/send.reactions.ts
@@ -1,5 +1,5 @@
 import { Routes } from "discord-api-types/v10";
-import { loadConfig } from "../config/config.js";
+import { loadConfig } from "../../../src/config/config.js";
 import {
   buildReactionIdentifier,
   createDiscordClient,
diff --git a/src/discord/send.sends-basic-channel-messages.test.ts b/extensions/discord/src/send.sends-basic-channel-messages.test.ts
similarity index 99%
rename from src/discord/send.sends-basic-channel-messages.test.ts
rename to extensions/discord/src/send.sends-basic-channel-messages.test.ts
index 58b8e3799b7..7d0f359f90a 100644
--- a/src/discord/send.sends-basic-channel-messages.test.ts
+++ b/extensions/discord/src/send.sends-basic-channel-messages.test.ts
@@ -1,6 +1,6 @@
 import { ChannelType, PermissionFlagsBits, Routes } from "discord-api-types/v10";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { loadWebMedia } from "../web/media.js";
+import { loadWebMedia } from "../../whatsapp/src/media.js";
 import {
   __resetDiscordDirectoryCacheForTest,
   rememberDiscordDirectoryUser,
@@ -21,7 +21,7 @@ import {
 } from "./send.js";
 import { makeDiscordRest } from "./send.test-harness.js";
 
-vi.mock("../web/media.js", async () => {
+vi.mock("../../whatsapp/src/media.js", async () => {
   const { discordWebMediaMockFactory } = await import("./send.test-harness.js");
   return discordWebMediaMockFactory();
 });
diff --git a/src/discord/send.shared.ts b/extensions/discord/src/send.shared.ts
similarity index 96%
rename from src/discord/send.shared.ts
rename to extensions/discord/src/send.shared.ts
index a90f0ffe01f..f1a7fd4c28e 100644
--- a/src/discord/send.shared.ts
+++ b/extensions/discord/src/send.shared.ts
@@ -9,12 +9,16 @@ import {
 import { PollLayoutType } from "discord-api-types/payloads/v10";
 import type { RESTAPIPoll } from "discord-api-types/rest/v10";
 import { Routes, type APIChannel, type APIEmbed } from "discord-api-types/v10";
-import type { ChunkMode } from "../auto-reply/chunk.js";
-import { loadConfig, type OpenClawConfig } from "../config/config.js";
-import type { RetryRunner } from "../infra/retry-policy.js";
-import { buildOutboundMediaLoadOptions } from "../media/load-options.js";
-import { normalizePollDurationHours, normalizePollInput, type PollInput } from "../polls.js";
-import { loadWebMedia } from "../web/media.js";
+import type { ChunkMode } from "../../../src/auto-reply/chunk.js";
+import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js";
+import type { RetryRunner } from "../../../src/infra/retry-policy.js";
+import { buildOutboundMediaLoadOptions } from "../../../src/media/load-options.js";
+import {
+  normalizePollDurationHours,
+  normalizePollInput,
+  type PollInput,
+} from "../../../src/polls.js";
+import { loadWebMedia } from "../../whatsapp/src/media.js";
 import { resolveDiscordAccount } from "./accounts.js";
 import { chunkDiscordTextWithMode } from "./chunk.js";
 import { createDiscordClient, resolveDiscordRest } from "./client.js";
diff --git a/src/discord/send.test-harness.ts b/extensions/discord/src/send.test-harness.ts
similarity index 94%
rename from src/discord/send.test-harness.ts
rename to extensions/discord/src/send.test-harness.ts
index eceb7882c0a..f3c5ae36842 100644
--- a/src/discord/send.test-harness.ts
+++ b/extensions/discord/src/send.test-harness.ts
@@ -1,5 +1,5 @@
 import { vi } from "vitest";
-import type { MockFn } from "../test-utils/vitest-mock-fn.js";
+import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js";
 
 type DiscordWebMediaMockFactoryResult = {
   loadWebMedia: MockFn;
diff --git a/src/discord/send.ts b/extensions/discord/src/send.ts
similarity index 100%
rename from src/discord/send.ts
rename to extensions/discord/src/send.ts
diff --git a/src/discord/send.types.ts b/extensions/discord/src/send.types.ts
similarity index 96%
rename from src/discord/send.types.ts
rename to extensions/discord/src/send.types.ts
index 2dc29921f7e..189c9434d1e 100644
--- a/src/discord/send.types.ts
+++ b/extensions/discord/src/send.types.ts
@@ -1,6 +1,6 @@
 import type { RequestClient } from "@buape/carbon";
-import type { OpenClawConfig } from "../config/config.js";
-import type { RetryConfig } from "../infra/retry.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { RetryConfig } from "../../../src/infra/retry.js";
 
 export class DiscordSendError extends Error {
   kind?: "missing-permissions" | "dm-blocked";
diff --git a/src/discord/send.webhook-activity.test.ts b/extensions/discord/src/send.webhook-activity.test.ts
similarity index 83%
rename from src/discord/send.webhook-activity.test.ts
rename to extensions/discord/src/send.webhook-activity.test.ts
index c51ba3b814d..04354936050 100644
--- a/src/discord/send.webhook-activity.test.ts
+++ b/extensions/discord/src/send.webhook-activity.test.ts
@@ -4,16 +4,16 @@ import { sendWebhookMessageDiscord } from "./send.js";
 const recordChannelActivityMock = vi.hoisted(() => vi.fn());
 const loadConfigMock = vi.hoisted(() => vi.fn(() => ({ channels: { discord: {} } })));
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: () => loadConfigMock(),
   };
 });
 
-vi.mock("../infra/channel-activity.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../infra/channel-activity.js")>();
+vi.mock("../../../src/infra/channel-activity.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/infra/channel-activity.js")>();
   return {
     ...actual,
     recordChannelActivity: (...args: unknown[]) => recordChannelActivityMock(...args),
diff --git a/src/discord/session-key-normalization.test.ts b/extensions/discord/src/session-key-normalization.test.ts
similarity index 100%
rename from src/discord/session-key-normalization.test.ts
rename to extensions/discord/src/session-key-normalization.test.ts
diff --git a/src/discord/session-key-normalization.ts b/extensions/discord/src/session-key-normalization.ts
similarity index 87%
rename from src/discord/session-key-normalization.ts
rename to extensions/discord/src/session-key-normalization.ts
index 67d267aac21..7e47fe012dd 100644
--- a/src/discord/session-key-normalization.ts
+++ b/extensions/discord/src/session-key-normalization.ts
@@ -1,5 +1,5 @@
-import type { MsgContext } from "../auto-reply/templating.js";
-import { normalizeChatType } from "../channels/chat-type.js";
+import type { MsgContext } from "../../../src/auto-reply/templating.js";
+import { normalizeChatType } from "../../../src/channels/chat-type.js";
 
 export function normalizeExplicitDiscordSessionKey(
   sessionKey: string,
diff --git a/extensions/discord/src/status-issues.ts b/extensions/discord/src/status-issues.ts
new file mode 100644
index 00000000000..baf2551c0f8
--- /dev/null
+++ b/extensions/discord/src/status-issues.ts
@@ -0,0 +1,169 @@
+import {
+  appendMatchMetadata,
+  asString,
+  isRecord,
+  resolveEnabledConfiguredAccountId,
+} from "../../../src/channels/plugins/status-issues/shared.js";
+import type {
+  ChannelAccountSnapshot,
+  ChannelStatusIssue,
+} from "../../../src/channels/plugins/types.js";
+
+type DiscordIntentSummary = {
+  messageContent?: "enabled" | "limited" | "disabled";
+};
+
+type DiscordApplicationSummary = {
+  intents?: DiscordIntentSummary;
+};
+
+type DiscordAccountStatus = {
+  accountId?: unknown;
+  enabled?: unknown;
+  configured?: unknown;
+  application?: unknown;
+  audit?: unknown;
+};
+
+type DiscordPermissionsAuditSummary = {
+  unresolvedChannels?: number;
+  channels?: Array<{
+    channelId: string;
+    ok?: boolean;
+    missing?: string[];
+    error?: string | null;
+    matchKey?: string;
+    matchSource?: string;
+  }>;
+};
+
+function readDiscordAccountStatus(value: ChannelAccountSnapshot): DiscordAccountStatus | null {
+  if (!isRecord(value)) {
+    return null;
+  }
+  return {
+    accountId: value.accountId,
+    enabled: value.enabled,
+    configured: value.configured,
+    application: value.application,
+    audit: value.audit,
+  };
+}
+
+function readDiscordApplicationSummary(value: unknown): DiscordApplicationSummary {
+  if (!isRecord(value)) {
+    return {};
+  }
+  const intentsRaw = value.intents;
+  if (!isRecord(intentsRaw)) {
+    return {};
+  }
+  return {
+    intents: {
+      messageContent:
+        intentsRaw.messageContent === "enabled" ||
+        intentsRaw.messageContent === "limited" ||
+        intentsRaw.messageContent === "disabled"
+          ? intentsRaw.messageContent
+          : undefined,
+    },
+  };
+}
+
+function readDiscordPermissionsAuditSummary(value: unknown): DiscordPermissionsAuditSummary {
+  if (!isRecord(value)) {
+    return {};
+  }
+  const unresolvedChannels =
+    typeof value.unresolvedChannels === "number" && Number.isFinite(value.unresolvedChannels)
+      ? value.unresolvedChannels
+      : undefined;
+  const channelsRaw = value.channels;
+  const channels = Array.isArray(channelsRaw)
+    ? (channelsRaw
+        .map((entry) => {
+          if (!isRecord(entry)) {
+            return null;
+          }
+          const channelId = asString(entry.channelId);
+          if (!channelId) {
+            return null;
+          }
+          const ok = typeof entry.ok === "boolean" ? entry.ok : undefined;
+          const missing = Array.isArray(entry.missing)
+            ? entry.missing.map((v) => asString(v)).filter(Boolean)
+            : undefined;
+          const error = asString(entry.error) ?? null;
+          const matchKey = asString(entry.matchKey) ?? undefined;
+          const matchSource = asString(entry.matchSource) ?? undefined;
+          return {
+            channelId,
+            ok,
+            missing: missing?.length ? missing : undefined,
+            error,
+            matchKey,
+            matchSource,
+          };
+        })
+        .filter(Boolean) as DiscordPermissionsAuditSummary["channels"])
+    : undefined;
+  return { unresolvedChannels, channels };
+}
+
+export function collectDiscordStatusIssues(
+  accounts: ChannelAccountSnapshot[],
+): ChannelStatusIssue[] {
+  const issues: ChannelStatusIssue[] = [];
+  for (const entry of accounts) {
+    const account = readDiscordAccountStatus(entry);
+    if (!account) {
+      continue;
+    }
+    const accountId = resolveEnabledConfiguredAccountId(account);
+    if (!accountId) {
+      continue;
+    }
+
+    const app = readDiscordApplicationSummary(account.application);
+    const messageContent = app.intents?.messageContent;
+    if (messageContent === "disabled") {
+      issues.push({
+        channel: "discord",
+        accountId,
+        kind: "intent",
+        message: "Message Content Intent is disabled. Bot may not see normal channel messages.",
+        fix: "Enable Message Content Intent in Discord Dev Portal → Bot → Privileged Gateway Intents, or require mention-only operation.",
+      });
+    }
+
+    const audit = readDiscordPermissionsAuditSummary(account.audit);
+    if (audit.unresolvedChannels && audit.unresolvedChannels > 0) {
+      issues.push({
+        channel: "discord",
+        accountId,
+        kind: "config",
+        message: `Some configured guild channels are not numeric IDs (unresolvedChannels=${audit.unresolvedChannels}). Permission audit can only check numeric channel IDs.`,
+        fix: "Use numeric channel IDs as keys in channels.discord.guilds.*.channels (then rerun channels status --probe).",
+      });
+    }
+    for (const channel of audit.channels ?? []) {
+      if (channel.ok === true) {
+        continue;
+      }
+      const missing = channel.missing?.length ? ` missing ${channel.missing.join(", ")}` : "";
+      const error = channel.error ? `: ${channel.error}` : "";
+      const baseMessage = `Channel ${channel.channelId} permission check failed.${missing}${error}`;
+      issues.push({
+        channel: "discord",
+        accountId,
+        kind: "permissions",
+        message: appendMatchMetadata(baseMessage, {
+          matchKey: channel.matchKey,
+          matchSource: channel.matchSource,
+        }),
+        fix: "Ensure the bot role can view + send in this channel (and that channel overrides don't deny it).",
+      });
+    }
+  }
+  return issues;
+}
diff --git a/extensions/discord/src/subagent-hooks.test.ts b/extensions/discord/src/subagent-hooks.test.ts
index d58f07c1314..6d5824f69ae 100644
--- a/extensions/discord/src/subagent-hooks.test.ts
+++ b/extensions/discord/src/subagent-hooks.test.ts
@@ -75,6 +75,27 @@ function getRequiredHandler(
   return handler;
 }
 
+function resolveSubagentDeliveryTargetForTest(requesterOrigin: {
+  channel: string;
+  accountId: string;
+  to: string;
+  threadId?: string;
+}) {
+  const handlers = registerHandlersForTest();
+  const handler = getRequiredHandler(handlers, "subagent_delivery_target");
+  return handler(
+    {
+      childSessionKey: "agent:main:subagent:child",
+      requesterSessionKey: "agent:main:main",
+      requesterOrigin,
+      childRunId: "run-1",
+      spawnMode: "session",
+      expectsCompletionMessage: true,
+    },
+    {},
+  );
+}
+
 function createSpawnEvent(overrides?: {
   childSessionKey?: string;
   agentId?: string;
@@ -324,25 +345,12 @@ describe("discord subagent hook handlers", () => {
     hookMocks.listThreadBindingsBySessionKey.mockReturnValueOnce([
       { accountId: "work", threadId: "777" },
     ]);
-    const handlers = registerHandlersForTest();
-    const handler = getRequiredHandler(handlers, "subagent_delivery_target");
-
-    const result = handler(
-      {
-        childSessionKey: "agent:main:subagent:child",
-        requesterSessionKey: "agent:main:main",
-        requesterOrigin: {
-          channel: "discord",
-          accountId: "work",
-          to: "channel:123",
-          threadId: "777",
-        },
-        childRunId: "run-1",
-        spawnMode: "session",
-        expectsCompletionMessage: true,
-      },
-      {},
-    );
+    const result = resolveSubagentDeliveryTargetForTest({
+      channel: "discord",
+      accountId: "work",
+      to: "channel:123",
+      threadId: "777",
+    });
 
     expect(hookMocks.listThreadBindingsBySessionKey).toHaveBeenCalledWith({
       targetSessionKey: "agent:main:subagent:child",
@@ -364,24 +372,11 @@ describe("discord subagent hook handlers", () => {
       { accountId: "work", threadId: "777" },
       { accountId: "work", threadId: "888" },
     ]);
-    const handlers = registerHandlersForTest();
-    const handler = getRequiredHandler(handlers, "subagent_delivery_target");
-
-    const result = handler(
-      {
-        childSessionKey: "agent:main:subagent:child",
-        requesterSessionKey: "agent:main:main",
-        requesterOrigin: {
-          channel: "discord",
-          accountId: "work",
-          to: "channel:123",
-        },
-        childRunId: "run-1",
-        spawnMode: "session",
-        expectsCompletionMessage: true,
-      },
-      {},
-    );
+    const result = resolveSubagentDeliveryTargetForTest({
+      channel: "discord",
+      accountId: "work",
+      to: "channel:123",
+    });
 
     expect(result).toBeUndefined();
   });
diff --git a/src/discord/targets.test.ts b/extensions/discord/src/targets.test.ts
similarity index 96%
rename from src/discord/targets.test.ts
rename to extensions/discord/src/targets.test.ts
index bf3535ac811..527e0164ba8 100644
--- a/src/discord/targets.test.ts
+++ b/extensions/discord/src/targets.test.ts
@@ -1,7 +1,7 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { normalizeDiscordMessagingTarget } from "../channels/plugins/normalize/discord.js";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { listDiscordDirectoryPeersLive } from "./directory-live.js";
+import { normalizeDiscordMessagingTarget } from "./normalize.js";
 import { parseDiscordTarget, resolveDiscordChannelId, resolveDiscordTarget } from "./targets.js";
 
 vi.mock("./directory-live.js", () => ({
diff --git a/src/discord/targets.ts b/extensions/discord/src/targets.ts
similarity index 97%
rename from src/discord/targets.ts
rename to extensions/discord/src/targets.ts
index 2be2b970724..198660dceff 100644
--- a/src/discord/targets.ts
+++ b/extensions/discord/src/targets.ts
@@ -1,4 +1,4 @@
-import type { DirectoryConfigParams } from "../channels/plugins/directory-config.js";
+import type { DirectoryConfigParams } from "../../../src/channels/plugins/directory-config.js";
 import {
   buildMessagingTarget,
   parseMentionPrefixOrAtUserTarget,
@@ -6,7 +6,7 @@ import {
   type MessagingTarget,
   type MessagingTargetKind,
   type MessagingTargetParseOptions,
-} from "../channels/targets.js";
+} from "../../../src/channels/targets.js";
 import { rememberDiscordDirectoryUser } from "./directory-cache.js";
 import { listDiscordDirectoryPeersLive } from "./directory-live.js";
 
diff --git a/src/discord/test-http-helpers.ts b/extensions/discord/src/test-http-helpers.ts
similarity index 100%
rename from src/discord/test-http-helpers.ts
rename to extensions/discord/src/test-http-helpers.ts
diff --git a/src/discord/token.test.ts b/extensions/discord/src/token.test.ts
similarity index 97%
rename from src/discord/token.test.ts
rename to extensions/discord/src/token.test.ts
index 33268eb699d..4c40fc93805 100644
--- a/src/discord/token.test.ts
+++ b/extensions/discord/src/token.test.ts
@@ -1,5 +1,5 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { resolveDiscordToken } from "./token.js";
 
 describe("resolveDiscordToken", () => {
diff --git a/src/discord/token.ts b/extensions/discord/src/token.ts
similarity index 86%
rename from src/discord/token.ts
rename to extensions/discord/src/token.ts
index 59501798335..8f942c6920f 100644
--- a/src/discord/token.ts
+++ b/extensions/discord/src/token.ts
@@ -1,7 +1,7 @@
-import type { BaseTokenResolution } from "../channels/plugins/types.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { normalizeResolvedSecretInputString } from "../config/types.secrets.js";
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js";
+import type { BaseTokenResolution } from "../../../src/channels/plugins/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { normalizeResolvedSecretInputString } from "../../../src/config/types.secrets.js";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js";
 
 export type DiscordTokenSource = "env" | "config" | "none";
 
diff --git a/src/discord/ui.ts b/extensions/discord/src/ui.ts
similarity index 95%
rename from src/discord/ui.ts
rename to extensions/discord/src/ui.ts
index d4238deac2e..ed4cc9d4fa6 100644
--- a/src/discord/ui.ts
+++ b/extensions/discord/src/ui.ts
@@ -1,5 +1,5 @@
 import { Container } from "@buape/carbon";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { inspectDiscordAccount } from "./account-inspect.js";
 
 const DEFAULT_DISCORD_ACCENT_COLOR = "#5865F2";
diff --git a/src/discord/voice-message.test.ts b/extensions/discord/src/voice-message.test.ts
similarity index 98%
rename from src/discord/voice-message.test.ts
rename to extensions/discord/src/voice-message.test.ts
index 51a177f059f..c6b6224b739 100644
--- a/src/discord/voice-message.test.ts
+++ b/extensions/discord/src/voice-message.test.ts
@@ -77,7 +77,7 @@ vi.mock("node:child_process", async (importOriginal) => {
   };
 });
 
-vi.mock("../infra/tmp-openclaw-dir.js", () => ({
+vi.mock("../../../src/infra/tmp-openclaw-dir.js", () => ({
   resolvePreferredOpenClawTmpDir: () => "/tmp",
 }));
 
diff --git a/src/discord/voice-message.ts b/extensions/discord/src/voice-message.ts
similarity index 96%
rename from src/discord/voice-message.ts
rename to extensions/discord/src/voice-message.ts
index fcda7113793..6f77ebc7bd9 100644
--- a/src/discord/voice-message.ts
+++ b/extensions/discord/src/voice-message.ts
@@ -14,11 +14,15 @@ import crypto from "node:crypto";
 import fs from "node:fs/promises";
 import path from "node:path";
 import { RateLimitError, type RequestClient } from "@buape/carbon";
-import type { RetryRunner } from "../infra/retry-policy.js";
-import { resolvePreferredOpenClawTmpDir } from "../infra/tmp-openclaw-dir.js";
-import { parseFfprobeCodecAndSampleRate, runFfmpeg, runFfprobe } from "../media/ffmpeg-exec.js";
-import { MEDIA_FFMPEG_MAX_AUDIO_DURATION_SECS } from "../media/ffmpeg-limits.js";
-import { unlinkIfExists } from "../media/temp-files.js";
+import type { RetryRunner } from "../../../src/infra/retry-policy.js";
+import { resolvePreferredOpenClawTmpDir } from "../../../src/infra/tmp-openclaw-dir.js";
+import {
+  parseFfprobeCodecAndSampleRate,
+  runFfmpeg,
+  runFfprobe,
+} from "../../../src/media/ffmpeg-exec.js";
+import { MEDIA_FFMPEG_MAX_AUDIO_DURATION_SECS } from "../../../src/media/ffmpeg-limits.js";
+import { unlinkIfExists } from "../../../src/media/temp-files.js";
 
 const DISCORD_VOICE_MESSAGE_FLAG = 1 << 13;
 const SUPPRESS_NOTIFICATIONS_FLAG = 1 << 12;
diff --git a/src/discord/voice/command.test.ts b/extensions/discord/src/voice/command.test.ts
similarity index 100%
rename from src/discord/voice/command.test.ts
rename to extensions/discord/src/voice/command.test.ts
diff --git a/src/discord/voice/command.ts b/extensions/discord/src/voice/command.ts
similarity index 96%
rename from src/discord/voice/command.ts
rename to extensions/discord/src/voice/command.ts
index 835ba4d82f3..26ef7b9bbe5 100644
--- a/src/discord/voice/command.ts
+++ b/extensions/discord/src/voice/command.ts
@@ -10,10 +10,10 @@ import {
   ChannelType as DiscordChannelType,
   type APIApplicationCommandChannelOption,
 } from "discord-api-types/v10";
-import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-gating.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
-import type { DiscordAccountConfig } from "../../config/types.js";
+import { resolveCommandAuthorizedFromAuthorizers } from "../../../../src/channels/command-gating.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js";
+import type { DiscordAccountConfig } from "../../../../src/config/types.js";
 import { formatMention } from "../mentions.js";
 import {
   isDiscordGroupAllowedByPolicy,
@@ -107,6 +107,7 @@ async function authorizeVoiceCommand(
 
   const guildInfo = resolveDiscordGuildEntry({
     guild: interaction.guild ?? undefined,
+    guildId: interaction.guild?.id ?? interaction.rawData.guild_id ?? undefined,
     guildEntries: params.discordConfig.guilds,
   });
 
diff --git a/src/discord/voice/manager.e2e.test.ts b/extensions/discord/src/voice/manager.e2e.test.ts
similarity index 98%
rename from src/discord/voice/manager.e2e.test.ts
rename to extensions/discord/src/voice/manager.e2e.test.ts
index ff1aca6ca25..17d21ff7414 100644
--- a/src/discord/voice/manager.e2e.test.ts
+++ b/extensions/discord/src/voice/manager.e2e.test.ts
@@ -95,15 +95,15 @@ vi.mock("@discordjs/voice", () => ({
   joinVoiceChannel: joinVoiceChannelMock,
 }));
 
-vi.mock("../../routing/resolve-route.js", () => ({
+vi.mock("../../../../src/routing/resolve-route.js", () => ({
   resolveAgentRoute: resolveAgentRouteMock,
 }));
 
-vi.mock("../../commands/agent.js", () => ({
+vi.mock("../../../../src/commands/agent.js", () => ({
   agentCommandFromIngress: agentCommandMock,
 }));
 
-vi.mock("../../media-understanding/runner.js", () => ({
+vi.mock("../../../../src/media-understanding/runner.js", () => ({
   buildProviderRegistry: buildProviderRegistryMock,
   createMediaAttachmentCache: createMediaAttachmentCacheMock,
   normalizeMediaAttachments: normalizeMediaAttachmentsMock,
diff --git a/src/discord/voice/manager.runtime.ts b/extensions/discord/src/voice/manager.runtime.ts
similarity index 100%
rename from src/discord/voice/manager.runtime.ts
rename to extensions/discord/src/voice/manager.runtime.ts
diff --git a/src/discord/voice/manager.ts b/extensions/discord/src/voice/manager.ts
similarity index 96%
rename from src/discord/voice/manager.ts
rename to extensions/discord/src/voice/manager.ts
index abec26d900d..90c6c3bb1e6 100644
--- a/src/discord/voice/manager.ts
+++ b/extensions/discord/src/voice/manager.ts
@@ -16,26 +16,26 @@ import {
   type AudioPlayer,
   type VoiceConnection,
 } from "@discordjs/voice";
-import { resolveAgentDir } from "../../agents/agent-scope.js";
-import type { MsgContext } from "../../auto-reply/templating.js";
-import { agentCommandFromIngress } from "../../commands/agent.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
-import type { DiscordAccountConfig, TtsConfig } from "../../config/types.js";
-import { logVerbose, shouldLogVerbose } from "../../globals.js";
-import { formatErrorMessage } from "../../infra/errors.js";
-import { resolvePreferredOpenClawTmpDir } from "../../infra/tmp-openclaw-dir.js";
-import { createSubsystemLogger } from "../../logging/subsystem.js";
+import { resolveAgentDir } from "../../../../src/agents/agent-scope.js";
+import type { MsgContext } from "../../../../src/auto-reply/templating.js";
+import { agentCommandFromIngress } from "../../../../src/commands/agent.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js";
+import type { DiscordAccountConfig, TtsConfig } from "../../../../src/config/types.js";
+import { logVerbose, shouldLogVerbose } from "../../../../src/globals.js";
+import { formatErrorMessage } from "../../../../src/infra/errors.js";
+import { resolvePreferredOpenClawTmpDir } from "../../../../src/infra/tmp-openclaw-dir.js";
+import { createSubsystemLogger } from "../../../../src/logging/subsystem.js";
 import {
   buildProviderRegistry,
   createMediaAttachmentCache,
   normalizeMediaAttachments,
   runCapability,
-} from "../../media-understanding/runner.js";
-import { resolveAgentRoute } from "../../routing/resolve-route.js";
-import type { RuntimeEnv } from "../../runtime.js";
-import { parseTtsDirectives } from "../../tts/tts-core.js";
-import { resolveTtsConfig, textToSpeech, type ResolvedTtsConfig } from "../../tts/tts.js";
+} from "../../../../src/media-understanding/runner.js";
+import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
+import { parseTtsDirectives } from "../../../../src/tts/tts-core.js";
+import { resolveTtsConfig, textToSpeech, type ResolvedTtsConfig } from "../../../../src/tts/tts.js";
 import { formatMention } from "../mentions.js";
 import { resolveDiscordOwnerAccess } from "../monitor/allow-list.js";
 import { formatDiscordUserTag } from "../monitor/format.js";
diff --git a/extensions/feishu/package.json b/extensions/feishu/package.json
index d44131fa4cf..805dd389b0a 100644
--- a/extensions/feishu/package.json
+++ b/extensions/feishu/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/feishu",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Feishu/Lark channel plugin (community maintained by @m1heng)",
   "type": "module",
   "dependencies": {
diff --git a/extensions/feishu/src/accounts.test.ts b/extensions/feishu/src/accounts.test.ts
index 56783bbd29d..cfe8d0abcdc 100644
--- a/extensions/feishu/src/accounts.test.ts
+++ b/extensions/feishu/src/accounts.test.ts
@@ -9,6 +9,23 @@ import type { FeishuConfig } from "./types.js";
 
 const asConfig = (value: Partial<FeishuConfig>) => value as FeishuConfig;
 
+function makeDefaultAndRouterAccounts() {
+  return {
+    default: { appId: "cli_default", appSecret: "secret_default" }, // pragma: allowlist secret
+    "router-d": { appId: "cli_router", appSecret: "secret_router" }, // pragma: allowlist secret
+  };
+}
+
+function expectExplicitDefaultAccountSelection(
+  account: ReturnType<typeof resolveFeishuAccount>,
+  appId: string,
+) {
+  expect(account.accountId).toBe("router-d");
+  expect(account.selectionSource).toBe("explicit-default");
+  expect(account.configured).toBe(true);
+  expect(account.appId).toBe(appId);
+}
+
 function withEnvVar(key: string, value: string | undefined, run: () => void) {
   const prev = process.env[key];
   if (value === undefined) {
@@ -44,10 +61,7 @@ describe("resolveDefaultFeishuAccountId", () => {
       channels: {
         feishu: {
           defaultAccount: "router-d",
-          accounts: {
-            default: { appId: "cli_default", appSecret: "secret_default" }, // pragma: allowlist secret
-            "router-d": { appId: "cli_router", appSecret: "secret_router" }, // pragma: allowlist secret
-          },
+          accounts: makeDefaultAndRouterAccounts(),
         },
       },
     };
@@ -278,10 +292,7 @@ describe("resolveFeishuAccount", () => {
     };
 
     const account = resolveFeishuAccount({ cfg: cfg as never, accountId: undefined });
-    expect(account.accountId).toBe("router-d");
-    expect(account.selectionSource).toBe("explicit-default");
-    expect(account.configured).toBe(true);
-    expect(account.appId).toBe("top_level_app");
+    expectExplicitDefaultAccountSelection(account, "top_level_app");
   });
 
   it("uses configured default account when accountId is omitted", () => {
@@ -298,10 +309,7 @@ describe("resolveFeishuAccount", () => {
     };
 
     const account = resolveFeishuAccount({ cfg: cfg as never, accountId: undefined });
-    expect(account.accountId).toBe("router-d");
-    expect(account.selectionSource).toBe("explicit-default");
-    expect(account.configured).toBe(true);
-    expect(account.appId).toBe("cli_router");
+    expectExplicitDefaultAccountSelection(account, "cli_router");
   });
 
   it("keeps explicit accountId selection", () => {
@@ -309,10 +317,7 @@ describe("resolveFeishuAccount", () => {
       channels: {
         feishu: {
           defaultAccount: "router-d",
-          accounts: {
-            default: { appId: "cli_default", appSecret: "secret_default" }, // pragma: allowlist secret
-            "router-d": { appId: "cli_router", appSecret: "secret_router" }, // pragma: allowlist secret
-          },
+          accounts: makeDefaultAndRouterAccounts(),
         },
       },
     };
diff --git a/extensions/feishu/src/bot.ts b/extensions/feishu/src/bot.ts
index 13a130b3d79..815f935ed94 100644
--- a/extensions/feishu/src/bot.ts
+++ b/extensions/feishu/src/bot.ts
@@ -15,7 +15,7 @@ import {
 } from "openclaw/plugin-sdk/feishu";
 import { resolveFeishuAccount } from "./accounts.js";
 import { createFeishuClient } from "./client.js";
-import { tryRecordMessage, tryRecordMessagePersistent } from "./dedup.js";
+import { finalizeFeishuMessageProcessing, tryRecordMessagePersistent } from "./dedup.js";
 import { maybeCreateDynamicAgent } from "./dynamic-agent.js";
 import { normalizeFeishuExternalKey } from "./external-keys.js";
 import { downloadMessageResourceFeishu } from "./media.js";
@@ -867,8 +867,18 @@ export async function handleFeishuMessage(params: {
   runtime?: RuntimeEnv;
   chatHistories?: Map<string, HistoryEntry[]>;
   accountId?: string;
+  processingClaimHeld?: boolean;
 }): Promise<void> {
-  const { cfg, event, botOpenId, botName, runtime, chatHistories, accountId } = params;
+  const {
+    cfg,
+    event,
+    botOpenId,
+    botName,
+    runtime,
+    chatHistories,
+    accountId,
+    processingClaimHeld = false,
+  } = params;
 
   // Resolve account with merged config
   const account = resolveFeishuAccount({ cfg, accountId });
@@ -877,16 +887,15 @@ export async function handleFeishuMessage(params: {
   const log = runtime?.log ?? console.log;
   const error = runtime?.error ?? console.error;
 
-  // Dedup: synchronous memory guard prevents concurrent duplicate dispatch
-  // before the async persistent check completes.
   const messageId = event.message.message_id;
-  const memoryDedupeKey = `${account.accountId}:${messageId}`;
-  if (!tryRecordMessage(memoryDedupeKey)) {
-    log(`feishu: skipping duplicate message ${messageId} (memory dedup)`);
-    return;
-  }
-  // Persistent dedup survives restarts and reconnects.
-  if (!(await tryRecordMessagePersistent(messageId, account.accountId, log))) {
+  if (
+    !(await finalizeFeishuMessageProcessing({
+      messageId,
+      namespace: account.accountId,
+      log,
+      claimHeld: processingClaimHeld,
+    }))
+  ) {
     log(`feishu: skipping duplicate message ${messageId}`);
     return;
   }
diff --git a/extensions/feishu/src/config-schema.test.ts b/extensions/feishu/src/config-schema.test.ts
index 0e0881c849f..aacbac85062 100644
--- a/extensions/feishu/src/config-schema.test.ts
+++ b/extensions/feishu/src/config-schema.test.ts
@@ -1,6 +1,16 @@
 import { describe, expect, it } from "vitest";
 import { FeishuConfigSchema, FeishuGroupSchema } from "./config-schema.js";
 
+function expectSchemaIssue(
+  result: ReturnType<typeof FeishuConfigSchema.safeParse>,
+  issuePath: string,
+) {
+  expect(result.success).toBe(false);
+  if (!result.success) {
+    expect(result.error.issues.some((issue) => issue.path.join(".") === issuePath)).toBe(true);
+  }
+}
+
 describe("FeishuConfigSchema webhook validation", () => {
   it("applies top-level defaults", () => {
     const result = FeishuConfigSchema.parse({});
@@ -39,12 +49,7 @@ describe("FeishuConfigSchema webhook validation", () => {
       appSecret: "secret_top", // pragma: allowlist secret
     });
 
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(
-        result.error.issues.some((issue) => issue.path.join(".") === "verificationToken"),
-      ).toBe(true);
-    }
+    expectSchemaIssue(result, "verificationToken");
   });
 
   it("rejects top-level webhook mode without encryptKey", () => {
@@ -55,10 +60,7 @@ describe("FeishuConfigSchema webhook validation", () => {
       appSecret: "secret_top", // pragma: allowlist secret
     });
 
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(result.error.issues.some((issue) => issue.path.join(".") === "encryptKey")).toBe(true);
-    }
+    expectSchemaIssue(result, "encryptKey");
   });
 
   it("accepts top-level webhook mode with verificationToken and encryptKey", () => {
@@ -84,14 +86,7 @@ describe("FeishuConfigSchema webhook validation", () => {
       },
     });
 
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(
-        result.error.issues.some(
-          (issue) => issue.path.join(".") === "accounts.main.verificationToken",
-        ),
-      ).toBe(true);
-    }
+    expectSchemaIssue(result, "accounts.main.verificationToken");
   });
 
   it("rejects account webhook mode without encryptKey", () => {
@@ -106,12 +101,7 @@ describe("FeishuConfigSchema webhook validation", () => {
       },
     });
 
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(
-        result.error.issues.some((issue) => issue.path.join(".") === "accounts.main.encryptKey"),
-      ).toBe(true);
-    }
+    expectSchemaIssue(result, "accounts.main.encryptKey");
   });
 
   it("accepts account webhook mode inheriting top-level verificationToken and encryptKey", () => {
diff --git a/extensions/feishu/src/dedup.ts b/extensions/feishu/src/dedup.ts
index 35f95d5c76b..fc3e9baad65 100644
--- a/extensions/feishu/src/dedup.ts
+++ b/extensions/feishu/src/dedup.ts
@@ -10,9 +10,15 @@ import {
 const DEDUP_TTL_MS = 24 * 60 * 60 * 1000;
 const MEMORY_MAX_SIZE = 1_000;
 const FILE_MAX_ENTRIES = 10_000;
+const EVENT_DEDUP_TTL_MS = 5 * 60 * 1000;
+const EVENT_MEMORY_MAX_SIZE = 2_000;
 type PersistentDedupeData = Record<string, number>;
 
 const memoryDedupe = createDedupeCache({ ttlMs: DEDUP_TTL_MS, maxSize: MEMORY_MAX_SIZE });
+const processingClaims = createDedupeCache({
+  ttlMs: EVENT_DEDUP_TTL_MS,
+  maxSize: EVENT_MEMORY_MAX_SIZE,
+});
 
 function resolveStateDirFromEnv(env: NodeJS.ProcessEnv = process.env): string {
   const stateOverride = env.OPENCLAW_STATE_DIR?.trim() || env.CLAWDBOT_STATE_DIR?.trim();
@@ -37,6 +43,103 @@ const persistentDedupe = createPersistentDedupe({
   resolveFilePath: resolveNamespaceFilePath,
 });
 
+function resolveEventDedupeKey(
+  namespace: string,
+  messageId: string | undefined | null,
+): string | null {
+  const trimmed = messageId?.trim();
+  if (!trimmed) {
+    return null;
+  }
+  return `${namespace}:${trimmed}`;
+}
+
+function normalizeMessageId(messageId: string | undefined | null): string | null {
+  const trimmed = messageId?.trim();
+  return trimmed ? trimmed : null;
+}
+
+function resolveMemoryDedupeKey(
+  namespace: string,
+  messageId: string | undefined | null,
+): string | null {
+  const trimmed = normalizeMessageId(messageId);
+  if (!trimmed) {
+    return null;
+  }
+  return `${namespace}:${trimmed}`;
+}
+
+export function tryBeginFeishuMessageProcessing(
+  messageId: string | undefined | null,
+  namespace = "global",
+): boolean {
+  return !processingClaims.check(resolveEventDedupeKey(namespace, messageId));
+}
+
+export function releaseFeishuMessageProcessing(
+  messageId: string | undefined | null,
+  namespace = "global",
+): void {
+  processingClaims.delete(resolveEventDedupeKey(namespace, messageId));
+}
+
+export async function finalizeFeishuMessageProcessing(params: {
+  messageId: string | undefined | null;
+  namespace?: string;
+  log?: (...args: unknown[]) => void;
+  claimHeld?: boolean;
+}): Promise<boolean> {
+  const { messageId, namespace = "global", log, claimHeld = false } = params;
+  const normalizedMessageId = normalizeMessageId(messageId);
+  const memoryKey = resolveMemoryDedupeKey(namespace, messageId);
+  if (!memoryKey || !normalizedMessageId) {
+    return false;
+  }
+  if (!claimHeld && !tryBeginFeishuMessageProcessing(normalizedMessageId, namespace)) {
+    return false;
+  }
+  if (!tryRecordMessage(memoryKey)) {
+    releaseFeishuMessageProcessing(normalizedMessageId, namespace);
+    return false;
+  }
+  if (!(await tryRecordMessagePersistent(normalizedMessageId, namespace, log))) {
+    releaseFeishuMessageProcessing(normalizedMessageId, namespace);
+    return false;
+  }
+  return true;
+}
+
+export async function recordProcessedFeishuMessage(
+  messageId: string | undefined | null,
+  namespace = "global",
+  log?: (...args: unknown[]) => void,
+): Promise<boolean> {
+  const normalizedMessageId = normalizeMessageId(messageId);
+  const memoryKey = resolveMemoryDedupeKey(namespace, messageId);
+  if (!memoryKey || !normalizedMessageId) {
+    return false;
+  }
+  tryRecordMessage(memoryKey);
+  return await tryRecordMessagePersistent(normalizedMessageId, namespace, log);
+}
+
+export async function hasProcessedFeishuMessage(
+  messageId: string | undefined | null,
+  namespace = "global",
+  log?: (...args: unknown[]) => void,
+): Promise<boolean> {
+  const normalizedMessageId = normalizeMessageId(messageId);
+  const memoryKey = resolveMemoryDedupeKey(namespace, messageId);
+  if (!memoryKey || !normalizedMessageId) {
+    return false;
+  }
+  if (hasRecordedMessage(memoryKey)) {
+    return true;
+  }
+  return hasRecordedMessagePersistent(normalizedMessageId, namespace, log);
+}
+
 /**
  * Synchronous dedup — memory only.
  * Kept for backward compatibility; prefer {@link tryRecordMessagePersistent}.
diff --git a/extensions/feishu/src/media.test.ts b/extensions/feishu/src/media.test.ts
index 813e5090292..80555c294ae 100644
--- a/extensions/feishu/src/media.test.ts
+++ b/extensions/feishu/src/media.test.ts
@@ -64,18 +64,21 @@ function expectMediaTimeoutClientConfigured(): void {
   );
 }
 
+function mockResolvedFeishuAccount() {
+  resolveFeishuAccountMock.mockReturnValue({
+    configured: true,
+    accountId: "main",
+    config: {},
+    appId: "app_id",
+    appSecret: "app_secret",
+    domain: "feishu",
+  });
+}
+
 describe("sendMediaFeishu msg_type routing", () => {
   beforeEach(() => {
     vi.clearAllMocks();
-
-    resolveFeishuAccountMock.mockReturnValue({
-      configured: true,
-      accountId: "main",
-      config: {},
-      appId: "app_id",
-      appSecret: "app_secret",
-      domain: "feishu",
-    });
+    mockResolvedFeishuAccount();
 
     normalizeFeishuTargetMock.mockReturnValue("ou_target");
     resolveReceiveIdTypeMock.mockReturnValue("open_id");
@@ -381,7 +384,7 @@ describe("sendMediaFeishu msg_type routing", () => {
     expect(messageResourceGetMock).not.toHaveBeenCalled();
   });
 
-  it("encodes Chinese filenames for file uploads", async () => {
+  it("preserves Chinese filenames for file uploads", async () => {
     await sendMediaFeishu({
       cfg: {} as any,
       to: "user:ou_target",
@@ -390,8 +393,7 @@ describe("sendMediaFeishu msg_type routing", () => {
     });
 
     const createCall = fileCreateMock.mock.calls[0][0];
-    expect(createCall.data.file_name).not.toBe("测试文档.pdf");
-    expect(createCall.data.file_name).toBe(encodeURIComponent("测试文档") + ".pdf");
+    expect(createCall.data.file_name).toBe("测试文档.pdf");
   });
 
   it("preserves ASCII filenames unchanged for file uploads", async () => {
@@ -406,7 +408,7 @@ describe("sendMediaFeishu msg_type routing", () => {
     expect(createCall.data.file_name).toBe("report-2026.pdf");
   });
 
-  it("encodes special characters (em-dash, full-width brackets) in filenames", async () => {
+  it("preserves special Unicode characters (em-dash, full-width brackets) in filenames", async () => {
     await sendMediaFeishu({
       cfg: {} as any,
       to: "user:ou_target",
@@ -415,9 +417,7 @@ describe("sendMediaFeishu msg_type routing", () => {
     });
 
     const createCall = fileCreateMock.mock.calls[0][0];
-    expect(createCall.data.file_name).toMatch(/\.md$/);
-    expect(createCall.data.file_name).not.toContain("—");
-    expect(createCall.data.file_name).not.toContain("（");
+    expect(createCall.data.file_name).toBe("报告—详情（2026）.md");
   });
 });
 
@@ -427,71 +427,48 @@ describe("sanitizeFileNameForUpload", () => {
     expect(sanitizeFileNameForUpload("my-file_v2.txt")).toBe("my-file_v2.txt");
   });
 
-  it("encodes Chinese characters in basename, preserves extension", () => {
-    const result = sanitizeFileNameForUpload("测试文件.md");
-    expect(result).toBe(encodeURIComponent("测试文件") + ".md");
-    expect(result).toMatch(/\.md$/);
+  it("preserves Chinese characters", () => {
+    expect(sanitizeFileNameForUpload("测试文件.md")).toBe("测试文件.md");
+    expect(sanitizeFileNameForUpload("武汉15座山登山信息汇总.csv")).toBe(
+      "武汉15座山登山信息汇总.csv",
+    );
   });
 
-  it("encodes em-dash and full-width brackets", () => {
-    const result = sanitizeFileNameForUpload("文件—说明（v2）.pdf");
-    expect(result).toMatch(/\.pdf$/);
-    expect(result).not.toContain("—");
-    expect(result).not.toContain("（");
-    expect(result).not.toContain("）");
+  it("preserves em-dash and full-width brackets", () => {
+    expect(sanitizeFileNameForUpload("文件—说明（v2）.pdf")).toBe("文件—说明（v2）.pdf");
   });
 
-  it("encodes single quotes and parentheses per RFC 5987", () => {
-    const result = sanitizeFileNameForUpload("文件'(test).txt");
-    expect(result).toContain("%27");
-    expect(result).toContain("%28");
-    expect(result).toContain("%29");
-    expect(result).toMatch(/\.txt$/);
+  it("preserves single quotes and parentheses", () => {
+    expect(sanitizeFileNameForUpload("文件'(test).txt")).toBe("文件'(test).txt");
   });
 
-  it("handles filenames without extension", () => {
-    const result = sanitizeFileNameForUpload("测试文件");
-    expect(result).toBe(encodeURIComponent("测试文件"));
+  it("preserves filenames without extension", () => {
+    expect(sanitizeFileNameForUpload("测试文件")).toBe("测试文件");
   });
 
-  it("handles mixed ASCII and non-ASCII", () => {
-    const result = sanitizeFileNameForUpload("Report_报告_2026.xlsx");
-    expect(result).toMatch(/\.xlsx$/);
-    expect(result).not.toContain("报告");
+  it("preserves mixed ASCII and non-ASCII", () => {
+    expect(sanitizeFileNameForUpload("Report_报告_2026.xlsx")).toBe("Report_报告_2026.xlsx");
   });
 
-  it("encodes non-ASCII extensions", () => {
-    const result = sanitizeFileNameForUpload("报告.文档");
-    expect(result).toContain("%E6%96%87%E6%A1%A3");
-    expect(result).not.toContain("文档");
+  it("preserves emoji filenames", () => {
+    expect(sanitizeFileNameForUpload("report_😀.txt")).toBe("report_😀.txt");
   });
 
-  it("encodes emoji filenames", () => {
-    const result = sanitizeFileNameForUpload("report_😀.txt");
-    expect(result).toContain("%F0%9F%98%80");
-    expect(result).toMatch(/\.txt$/);
+  it("strips control characters", () => {
+    expect(sanitizeFileNameForUpload("bad\x00file.txt")).toBe("bad_file.txt");
+    expect(sanitizeFileNameForUpload("inject\r\nheader.txt")).toBe("inject__header.txt");
   });
 
-  it("encodes mixed ASCII and non-ASCII extensions", () => {
-    const result = sanitizeFileNameForUpload("notes_总结.v测试");
-    expect(result).toContain("notes_");
-    expect(result).toContain("%E6%B5%8B%E8%AF%95");
-    expect(result).not.toContain("测试");
+  it("strips quotes and backslashes to prevent header injection", () => {
+    expect(sanitizeFileNameForUpload('file"name.txt')).toBe("file_name.txt");
+    expect(sanitizeFileNameForUpload("file\\name.txt")).toBe("file_name.txt");
   });
 });
 
 describe("downloadMessageResourceFeishu", () => {
   beforeEach(() => {
     vi.clearAllMocks();
-
-    resolveFeishuAccountMock.mockReturnValue({
-      configured: true,
-      accountId: "main",
-      config: {},
-      appId: "app_id",
-      appSecret: "app_secret",
-      domain: "feishu",
-    });
+    mockResolvedFeishuAccount();
 
     createFeishuClientMock.mockReturnValue({
       im: {
diff --git a/extensions/feishu/src/media.ts b/extensions/feishu/src/media.ts
index 41438c570f2..45596fe45ed 100644
--- a/extensions/feishu/src/media.ts
+++ b/extensions/feishu/src/media.ts
@@ -226,21 +226,17 @@ export async function uploadImageFeishu(params: {
 }
 
 /**
- * Encode a filename for safe use in Feishu multipart/form-data uploads.
- * Non-ASCII characters (Chinese, em-dash, full-width brackets, etc.) cause
- * the upload to silently fail when passed raw through the SDK's form-data
- * serialization.  RFC 5987 percent-encoding keeps headers 7-bit clean while
- * Feishu's server decodes and preserves the original display name.
+ * Sanitize a filename for safe use in Feishu multipart/form-data uploads.
+ * Strips control characters and multipart-injection vectors (CWE-93) while
+ * preserving the original UTF-8 display name (Chinese, emoji, etc.).
+ *
+ * Previous versions percent-encoded non-ASCII characters, but the Feishu
+ * `im.file.create` API uses `file_name` as a literal display name — it does
+ * NOT decode percent-encoding — so encoded filenames appeared as garbled text
+ * in chat (regression in v2026.3.2).
  */
 export function sanitizeFileNameForUpload(fileName: string): string {
-  const ASCII_ONLY = /^[\x20-\x7E]+$/;
-  if (ASCII_ONLY.test(fileName)) {
-    return fileName;
-  }
-  return encodeURIComponent(fileName)
-    .replace(/'/g, "%27")
-    .replace(/\(/g, "%28")
-    .replace(/\)/g, "%29");
+  return fileName.replace(/[\x00-\x1F\x7F\r\n"\\]/g, "_");
 }
 
 /**
diff --git a/extensions/feishu/src/monitor.account.ts b/extensions/feishu/src/monitor.account.ts
index f7d40d8e280..3f3cad8ddc3 100644
--- a/extensions/feishu/src/monitor.account.ts
+++ b/extensions/feishu/src/monitor.account.ts
@@ -12,10 +12,10 @@ import {
 import { handleFeishuCardAction, type FeishuCardActionEvent } from "./card-action.js";
 import { createEventDispatcher } from "./client.js";
 import {
-  hasRecordedMessage,
-  hasRecordedMessagePersistent,
-  tryRecordMessage,
-  tryRecordMessagePersistent,
+  hasProcessedFeishuMessage,
+  recordProcessedFeishuMessage,
+  releaseFeishuMessageProcessing,
+  tryBeginFeishuMessageProcessing,
   warmupDedupFromDisk,
 } from "./dedup.js";
 import { isMentionForwardRequest } from "./mention.js";
@@ -264,6 +264,7 @@ function registerEventHandlers(
         runtime,
         chatHistories,
         accountId,
+        processingClaimHeld: true,
       });
     await enqueue(chatId, task);
   };
@@ -291,10 +292,8 @@ function registerEventHandlers(
       return;
     }
     for (const messageId of suppressedIds) {
-      // Keep in-memory dedupe in sync with handleFeishuMessage's keying.
-      tryRecordMessage(`${accountId}:${messageId}`);
       try {
-        await tryRecordMessagePersistent(messageId, accountId, log);
+        await recordProcessedFeishuMessage(messageId, accountId, log);
       } catch (err) {
         error(
           `feishu[${accountId}]: failed to record merged dedupe id ${messageId}: ${String(err)}`,
@@ -303,15 +302,7 @@ function registerEventHandlers(
     }
   };
   const isMessageAlreadyProcessed = async (entry: FeishuMessageEvent): Promise<boolean> => {
-    const messageId = entry.message.message_id?.trim();
-    if (!messageId) {
-      return false;
-    }
-    const memoryKey = `${accountId}:${messageId}`;
-    if (hasRecordedMessage(memoryKey)) {
-      return true;
-    }
-    return hasRecordedMessagePersistent(messageId, accountId, log);
+    return await hasProcessedFeishuMessage(entry.message.message_id, accountId, log);
   };
   const inboundDebouncer = core.channel.debounce.createInboundDebouncer<FeishuMessageEvent>({
     debounceMs: inboundDebounceMs,
@@ -384,19 +375,28 @@ function registerEventHandlers(
         },
       });
     },
-    onError: (err) => {
+    onError: (err, entries) => {
+      for (const entry of entries) {
+        releaseFeishuMessageProcessing(entry.message.message_id, accountId);
+      }
       error(`feishu[${accountId}]: inbound debounce flush failed: ${String(err)}`);
     },
   });
 
   eventDispatcher.register({
     "im.message.receive_v1": async (data) => {
+      const event = data as unknown as FeishuMessageEvent;
+      const messageId = event.message?.message_id?.trim();
+      if (!tryBeginFeishuMessageProcessing(messageId, accountId)) {
+        log(`feishu[${accountId}]: dropping duplicate event for message ${messageId}`);
+        return;
+      }
       const processMessage = async () => {
-        const event = data as unknown as FeishuMessageEvent;
         await inboundDebouncer.enqueue(event);
       };
       if (fireAndForget) {
         void processMessage().catch((err) => {
+          releaseFeishuMessageProcessing(messageId, accountId);
           error(`feishu[${accountId}]: error handling message: ${String(err)}`);
         });
         return;
@@ -404,6 +404,7 @@ function registerEventHandlers(
       try {
         await processMessage();
       } catch (err) {
+        releaseFeishuMessageProcessing(messageId, accountId);
         error(`feishu[${accountId}]: error handling message: ${String(err)}`);
       }
     },
diff --git a/extensions/feishu/src/monitor.reaction.test.ts b/extensions/feishu/src/monitor.reaction.test.ts
index e17859d0531..49da928ea3b 100644
--- a/extensions/feishu/src/monitor.reaction.test.ts
+++ b/extensions/feishu/src/monitor.reaction.test.ts
@@ -78,6 +78,25 @@ async function resolveReactionWithLookup(params: {
   });
 }
 
+async function resolveNonBotReaction(params?: { cfg?: ClawdbotConfig; uuid?: () => string }) {
+  return await resolveReactionSyntheticEvent({
+    cfg: params?.cfg ?? cfg,
+    accountId: "default",
+    event: makeReactionEvent(),
+    botOpenId: "ou_bot",
+    fetchMessage: async () => ({
+      messageId: "om_msg1",
+      chatId: "oc_group",
+      chatType: "group",
+      senderOpenId: "ou_other",
+      senderType: "user",
+      content: "hello",
+      contentType: "text",
+    }),
+    ...(params?.uuid ? { uuid: params.uuid } : {}),
+  });
+}
+
 type FeishuMention = NonNullable<FeishuMessageEvent["message"]["mentions"]>[number];
 
 function buildDebounceConfig(): ClawdbotConfig {
@@ -179,11 +198,23 @@ function getFirstDispatchedEvent(): FeishuMessageEvent {
   return firstParams.event;
 }
 
+function expectSingleDispatchedEvent(): FeishuMessageEvent {
+  expect(handleFeishuMessageMock).toHaveBeenCalledTimes(1);
+  return getFirstDispatchedEvent();
+}
+
+function expectParsedFirstDispatchedEvent(botOpenId = "ou_bot") {
+  const dispatched = expectSingleDispatchedEvent();
+  return {
+    dispatched,
+    parsed: parseFeishuMessageEvent(dispatched, botOpenId),
+  };
+}
+
 function setDedupPassThroughMocks(): void {
-  vi.spyOn(dedup, "tryRecordMessage").mockReturnValue(true);
-  vi.spyOn(dedup, "tryRecordMessagePersistent").mockResolvedValue(true);
-  vi.spyOn(dedup, "hasRecordedMessage").mockReturnValue(false);
-  vi.spyOn(dedup, "hasRecordedMessagePersistent").mockResolvedValue(false);
+  vi.spyOn(dedup, "tryBeginFeishuMessageProcessing").mockReturnValue(true);
+  vi.spyOn(dedup, "recordProcessedFeishuMessage").mockResolvedValue(true);
+  vi.spyOn(dedup, "hasProcessedFeishuMessage").mockResolvedValue(false);
 }
 
 function createMention(params: { openId: string; name: string; key?: string }): FeishuMention {
@@ -203,6 +234,12 @@ async function enqueueDebouncedMessage(
   await Promise.resolve();
 }
 
+function setStaleRetryMocks(messageId = "om_old") {
+  vi.spyOn(dedup, "hasProcessedFeishuMessage").mockImplementation(
+    async (currentMessageId) => currentMessageId === messageId,
+  );
+}
+
 describe("resolveReactionSyntheticEvent", () => {
   it("filters app self-reactions", async () => {
     const event = makeReactionEvent({ operator_type: "app" });
@@ -262,28 +299,12 @@ describe("resolveReactionSyntheticEvent", () => {
   });
 
   it("filters reactions on non-bot messages", async () => {
-    const event = makeReactionEvent();
-    const result = await resolveReactionSyntheticEvent({
-      cfg,
-      accountId: "default",
-      event,
-      botOpenId: "ou_bot",
-      fetchMessage: async () => ({
-        messageId: "om_msg1",
-        chatId: "oc_group",
-        chatType: "group",
-        senderOpenId: "ou_other",
-        senderType: "user",
-        content: "hello",
-        contentType: "text",
-      }),
-    });
+    const result = await resolveNonBotReaction();
     expect(result).toBeNull();
   });
 
   it("allows non-bot reactions when reactionNotifications is all", async () => {
-    const event = makeReactionEvent();
-    const result = await resolveReactionSyntheticEvent({
+    const result = await resolveNonBotReaction({
       cfg: {
         channels: {
           feishu: {
@@ -291,18 +312,6 @@ describe("resolveReactionSyntheticEvent", () => {
           },
         },
       } as ClawdbotConfig,
-      accountId: "default",
-      event,
-      botOpenId: "ou_bot",
-      fetchMessage: async () => ({
-        messageId: "om_msg1",
-        chatId: "oc_group",
-        chatType: "group",
-        senderOpenId: "ou_other",
-        senderType: "user",
-        content: "hello",
-        contentType: "text",
-      }),
       uuid: () => "fixed-uuid",
     });
     expect(result?.message.message_id).toBe("om_msg1:reaction:THUMBSUP:fixed-uuid");
@@ -457,18 +466,16 @@ describe("Feishu inbound debounce regressions", () => {
     );
     await vi.advanceTimersByTimeAsync(25);
 
-    expect(handleFeishuMessageMock).toHaveBeenCalledTimes(1);
-    const dispatched = getFirstDispatchedEvent();
+    const dispatched = expectSingleDispatchedEvent();
     const mergedMentions = dispatched.message.mentions ?? [];
     expect(mergedMentions.some((mention) => mention.id.open_id === "ou_bot")).toBe(true);
     expect(mergedMentions.some((mention) => mention.id.open_id === "ou_user_a")).toBe(false);
   });
 
   it("passes prefetched botName through to handleFeishuMessage", async () => {
-    vi.spyOn(dedup, "tryRecordMessage").mockReturnValue(true);
-    vi.spyOn(dedup, "tryRecordMessagePersistent").mockResolvedValue(true);
-    vi.spyOn(dedup, "hasRecordedMessage").mockReturnValue(false);
-    vi.spyOn(dedup, "hasRecordedMessagePersistent").mockResolvedValue(false);
+    vi.spyOn(dedup, "tryBeginFeishuMessageProcessing").mockReturnValue(true);
+    vi.spyOn(dedup, "recordProcessedFeishuMessage").mockResolvedValue(true);
+    vi.spyOn(dedup, "hasProcessedFeishuMessage").mockResolvedValue(false);
     const onMessage = await setupDebounceMonitor({ botName: "OpenClaw Bot" });
 
     await onMessage(
@@ -517,9 +524,7 @@ describe("Feishu inbound debounce regressions", () => {
     );
     await vi.advanceTimersByTimeAsync(25);
 
-    expect(handleFeishuMessageMock).toHaveBeenCalledTimes(1);
-    const dispatched = getFirstDispatchedEvent();
-    const parsed = parseFeishuMessageEvent(dispatched, "ou_bot");
+    const { dispatched, parsed } = expectParsedFirstDispatchedEvent();
     expect(parsed.mentionedBot).toBe(true);
     expect(parsed.mentionTargets).toBeUndefined();
     const mergedMentions = dispatched.message.mentions ?? [];
@@ -547,19 +552,14 @@ describe("Feishu inbound debounce regressions", () => {
     );
     await vi.advanceTimersByTimeAsync(25);
 
-    expect(handleFeishuMessageMock).toHaveBeenCalledTimes(1);
-    const dispatched = getFirstDispatchedEvent();
-    const parsed = parseFeishuMessageEvent(dispatched, "ou_bot");
+    const { parsed } = expectParsedFirstDispatchedEvent();
     expect(parsed.mentionedBot).toBe(true);
   });
 
   it("excludes previously processed retries from combined debounce text", async () => {
-    vi.spyOn(dedup, "tryRecordMessage").mockReturnValue(true);
-    vi.spyOn(dedup, "tryRecordMessagePersistent").mockResolvedValue(true);
-    vi.spyOn(dedup, "hasRecordedMessage").mockImplementation((key) => key.endsWith(":om_old"));
-    vi.spyOn(dedup, "hasRecordedMessagePersistent").mockImplementation(
-      async (messageId) => messageId === "om_old",
-    );
+    vi.spyOn(dedup, "tryBeginFeishuMessageProcessing").mockReturnValue(true);
+    vi.spyOn(dedup, "recordProcessedFeishuMessage").mockResolvedValue(true);
+    setStaleRetryMocks();
     const onMessage = await setupDebounceMonitor();
 
     await onMessage(createTextEvent({ messageId: "om_old", text: "stale" }));
@@ -576,20 +576,16 @@ describe("Feishu inbound debounce regressions", () => {
     await Promise.resolve();
     await vi.advanceTimersByTimeAsync(25);
 
-    expect(handleFeishuMessageMock).toHaveBeenCalledTimes(1);
-    const dispatched = getFirstDispatchedEvent();
+    const dispatched = expectSingleDispatchedEvent();
     expect(dispatched.message.message_id).toBe("om_new_2");
     const combined = JSON.parse(dispatched.message.content) as { text?: string };
     expect(combined.text).toBe("first\nsecond");
   });
 
   it("uses latest fresh message id when debounce batch ends with stale retry", async () => {
-    const recordSpy = vi.spyOn(dedup, "tryRecordMessage").mockReturnValue(true);
-    vi.spyOn(dedup, "tryRecordMessagePersistent").mockResolvedValue(true);
-    vi.spyOn(dedup, "hasRecordedMessage").mockImplementation((key) => key.endsWith(":om_old"));
-    vi.spyOn(dedup, "hasRecordedMessagePersistent").mockImplementation(
-      async (messageId) => messageId === "om_old",
-    );
+    vi.spyOn(dedup, "tryBeginFeishuMessageProcessing").mockReturnValue(true);
+    const recordSpy = vi.spyOn(dedup, "recordProcessedFeishuMessage").mockResolvedValue(true);
+    setStaleRetryMocks();
     const onMessage = await setupDebounceMonitor();
 
     await onMessage(createTextEvent({ messageId: "om_new", text: "fresh" }));
@@ -600,12 +596,58 @@ describe("Feishu inbound debounce regressions", () => {
     await Promise.resolve();
     await vi.advanceTimersByTimeAsync(25);
 
-    expect(handleFeishuMessageMock).toHaveBeenCalledTimes(1);
-    const dispatched = getFirstDispatchedEvent();
+    const dispatched = expectSingleDispatchedEvent();
     expect(dispatched.message.message_id).toBe("om_new");
     const combined = JSON.parse(dispatched.message.content) as { text?: string };
     expect(combined.text).toBe("fresh");
-    expect(recordSpy).toHaveBeenCalledWith("default:om_old");
-    expect(recordSpy).not.toHaveBeenCalledWith("default:om_new");
+    expect(recordSpy).toHaveBeenCalledWith("om_old", "default", expect.any(Function));
+    expect(recordSpy).not.toHaveBeenCalledWith("om_new", "default", expect.any(Function));
+  });
+
+  it("releases early event dedupe when debounced dispatch fails", async () => {
+    setDedupPassThroughMocks();
+    const enqueueMock = vi.fn();
+    setFeishuRuntime(
+      createPluginRuntimeMock({
+        channel: {
+          debounce: {
+            createInboundDebouncer: <T>(params: {
+              onError?: (err: unknown, items: T[]) => void;
+            }) => ({
+              enqueue: async (item: T) => {
+                enqueueMock(item);
+                params.onError?.(new Error("dispatch failed"), [item]);
+              },
+              flushKey: async () => {},
+            }),
+            resolveInboundDebounceMs,
+          },
+          text: {
+            hasControlCommand,
+          },
+        },
+      }),
+    );
+    const onMessage = await setupDebounceMonitor();
+    const event = createTextEvent({ messageId: "om_retryable", text: "hello" });
+
+    await enqueueDebouncedMessage(onMessage, event);
+    expect(enqueueMock).toHaveBeenCalledTimes(1);
+
+    await enqueueDebouncedMessage(onMessage, event);
+    expect(enqueueMock).toHaveBeenCalledTimes(2);
+    expect(handleFeishuMessageMock).not.toHaveBeenCalled();
+  });
+
+  it("drops duplicate inbound events before they re-enter the debounce pipeline", async () => {
+    const onMessage = await setupDebounceMonitor();
+    const event = createTextEvent({ messageId: "om_duplicate", text: "hello" });
+
+    await enqueueDebouncedMessage(onMessage, event);
+    await vi.advanceTimersByTimeAsync(25);
+    await enqueueDebouncedMessage(onMessage, event);
+    await vi.advanceTimersByTimeAsync(25);
+
+    expect(handleFeishuMessageMock).toHaveBeenCalledTimes(1);
   });
 });
diff --git a/extensions/feishu/src/monitor.startup.test.ts b/extensions/feishu/src/monitor.startup.test.ts
index f5e19159f0a..96dbd52b8ef 100644
--- a/extensions/feishu/src/monitor.startup.test.ts
+++ b/extensions/feishu/src/monitor.startup.test.ts
@@ -3,33 +3,19 @@ import { afterEach, describe, expect, it, vi } from "vitest";
 import { monitorFeishuProvider, stopFeishuMonitor } from "./monitor.js";
 
 const probeFeishuMock = vi.hoisted(() => vi.fn());
-const feishuClientMockModule = vi.hoisted(() => ({
-  createFeishuWSClient: vi.fn(() => ({ start: vi.fn() })),
-  createEventDispatcher: vi.fn(() => ({ register: vi.fn() })),
-}));
-const feishuRuntimeMockModule = vi.hoisted(() => ({
-  getFeishuRuntime: () => ({
-    channel: {
-      debounce: {
-        resolveInboundDebounceMs: () => 0,
-        createInboundDebouncer: () => ({
-          enqueue: async () => {},
-          flushKey: async () => {},
-        }),
-      },
-      text: {
-        hasControlCommand: () => false,
-      },
-    },
-  }),
-}));
 
 vi.mock("./probe.js", () => ({
   probeFeishu: probeFeishuMock,
 }));
 
-vi.mock("./client.js", () => feishuClientMockModule);
-vi.mock("./runtime.js", () => feishuRuntimeMockModule);
+vi.mock("./client.js", async () => {
+  const { createFeishuClientMockModule } = await import("./monitor.test-mocks.js");
+  return createFeishuClientMockModule();
+});
+vi.mock("./runtime.js", async () => {
+  const { createFeishuRuntimeMockModule } = await import("./monitor.test-mocks.js");
+  return createFeishuRuntimeMockModule();
+});
 
 function buildMultiAccountWebsocketConfig(accountIds: string[]): ClawdbotConfig {
   return {
@@ -52,6 +38,12 @@ function buildMultiAccountWebsocketConfig(accountIds: string[]): ClawdbotConfig
   } as ClawdbotConfig;
 }
 
+async function waitForStartedAccount(started: string[], accountId: string) {
+  for (let i = 0; i < 10 && !started.includes(accountId); i += 1) {
+    await Promise.resolve();
+  }
+}
+
 afterEach(() => {
   stopFeishuMonitor();
 });
@@ -116,10 +108,7 @@ describe("Feishu monitor startup preflight", () => {
     });
 
     try {
-      for (let i = 0; i < 10 && !started.includes("beta"); i += 1) {
-        await Promise.resolve();
-      }
-
+      await waitForStartedAccount(started, "beta");
       expect(started).toEqual(["alpha", "beta"]);
       expect(started.filter((accountId) => accountId === "alpha")).toHaveLength(1);
     } finally {
@@ -153,10 +142,7 @@ describe("Feishu monitor startup preflight", () => {
     });
 
     try {
-      for (let i = 0; i < 10 && !started.includes("beta"); i += 1) {
-        await Promise.resolve();
-      }
-
+      await waitForStartedAccount(started, "beta");
       expect(started).toEqual(["alpha", "beta"]);
       expect(runtime.error).toHaveBeenCalledWith(
         expect.stringContaining("bot info probe timed out"),
diff --git a/extensions/feishu/src/monitor.webhook-e2e.test.ts b/extensions/feishu/src/monitor.webhook-e2e.test.ts
index 451ebe0d2bf..a11957e3393 100644
--- a/extensions/feishu/src/monitor.webhook-e2e.test.ts
+++ b/extensions/feishu/src/monitor.webhook-e2e.test.ts
@@ -50,6 +50,14 @@ function encryptFeishuPayload(encryptKey: string, payload: Record<string, unknow
   return Buffer.concat([iv, encrypted]).toString("base64");
 }
 
+async function postSignedPayload(url: string, payload: Record<string, unknown>) {
+  return await fetch(url, {
+    method: "POST",
+    headers: signFeishuPayload({ encryptKey: "encrypt_key", payload }),
+    body: JSON.stringify(payload),
+  });
+}
+
 afterEach(() => {
   stopFeishuMonitor();
 });
@@ -143,11 +151,7 @@ describe("Feishu webhook signed-request e2e", () => {
       monitorFeishuProvider,
       async (url) => {
         const payload = { type: "url_verification", challenge: "challenge-token" };
-        const response = await fetch(url, {
-          method: "POST",
-          headers: signFeishuPayload({ encryptKey: "encrypt_key", payload }),
-          body: JSON.stringify(payload),
-        });
+        const response = await postSignedPayload(url, payload);
 
         expect(response.status).toBe(200);
         await expect(response.json()).resolves.toEqual({ challenge: "challenge-token" });
@@ -172,11 +176,7 @@ describe("Feishu webhook signed-request e2e", () => {
           header: { event_type: "unknown.event" },
           event: {},
         };
-        const response = await fetch(url, {
-          method: "POST",
-          headers: signFeishuPayload({ encryptKey: "encrypt_key", payload }),
-          body: JSON.stringify(payload),
-        });
+        const response = await postSignedPayload(url, payload);
 
         expect(response.status).toBe(200);
         expect(await response.text()).toContain("no unknown.event event handle");
@@ -202,11 +202,7 @@ describe("Feishu webhook signed-request e2e", () => {
             challenge: "encrypted-challenge-token",
           }),
         };
-        const response = await fetch(url, {
-          method: "POST",
-          headers: signFeishuPayload({ encryptKey: "encrypt_key", payload }),
-          body: JSON.stringify(payload),
-        });
+        const response = await postSignedPayload(url, payload);
 
         expect(response.status).toBe(200);
         await expect(response.json()).resolves.toEqual({
diff --git a/extensions/feishu/src/outbound.test.ts b/extensions/feishu/src/outbound.test.ts
index 11cfc957e80..39b7c1e4a63 100644
--- a/extensions/feishu/src/outbound.test.ts
+++ b/extensions/feishu/src/outbound.test.ts
@@ -29,12 +29,16 @@ vi.mock("./runtime.js", () => ({
 import { feishuOutbound } from "./outbound.js";
 const sendText = feishuOutbound.sendText!;
 
+function resetOutboundMocks() {
+  vi.clearAllMocks();
+  sendMessageFeishuMock.mockResolvedValue({ messageId: "text_msg" });
+  sendMarkdownCardFeishuMock.mockResolvedValue({ messageId: "card_msg" });
+  sendMediaFeishuMock.mockResolvedValue({ messageId: "media_msg" });
+}
+
 describe("feishuOutbound.sendText local-image auto-convert", () => {
   beforeEach(() => {
-    vi.clearAllMocks();
-    sendMessageFeishuMock.mockResolvedValue({ messageId: "text_msg" });
-    sendMarkdownCardFeishuMock.mockResolvedValue({ messageId: "card_msg" });
-    sendMediaFeishuMock.mockResolvedValue({ messageId: "media_msg" });
+    resetOutboundMocks();
   });
 
   async function createTmpImage(ext = ".png"): Promise<{ dir: string; file: string }> {
@@ -181,10 +185,7 @@ describe("feishuOutbound.sendText local-image auto-convert", () => {
 
 describe("feishuOutbound.sendText replyToId forwarding", () => {
   beforeEach(() => {
-    vi.clearAllMocks();
-    sendMessageFeishuMock.mockResolvedValue({ messageId: "text_msg" });
-    sendMarkdownCardFeishuMock.mockResolvedValue({ messageId: "card_msg" });
-    sendMediaFeishuMock.mockResolvedValue({ messageId: "media_msg" });
+    resetOutboundMocks();
   });
 
   it("forwards replyToId as replyToMessageId to sendMessageFeishu", async () => {
@@ -249,10 +250,7 @@ describe("feishuOutbound.sendText replyToId forwarding", () => {
 
 describe("feishuOutbound.sendMedia replyToId forwarding", () => {
   beforeEach(() => {
-    vi.clearAllMocks();
-    sendMessageFeishuMock.mockResolvedValue({ messageId: "text_msg" });
-    sendMarkdownCardFeishuMock.mockResolvedValue({ messageId: "card_msg" });
-    sendMediaFeishuMock.mockResolvedValue({ messageId: "media_msg" });
+    resetOutboundMocks();
   });
 
   it("forwards replyToId to sendMediaFeishu", async () => {
@@ -292,10 +290,7 @@ describe("feishuOutbound.sendMedia replyToId forwarding", () => {
 
 describe("feishuOutbound.sendMedia renderMode", () => {
   beforeEach(() => {
-    vi.clearAllMocks();
-    sendMessageFeishuMock.mockResolvedValue({ messageId: "text_msg" });
-    sendMarkdownCardFeishuMock.mockResolvedValue({ messageId: "card_msg" });
-    sendMediaFeishuMock.mockResolvedValue({ messageId: "media_msg" });
+    resetOutboundMocks();
   });
 
   it("uses markdown cards for captions when renderMode=card", async () => {
diff --git a/extensions/feishu/src/reply-dispatcher.test.ts b/extensions/feishu/src/reply-dispatcher.test.ts
index e6f7fd4d974..338953a7d6d 100644
--- a/extensions/feishu/src/reply-dispatcher.test.ts
+++ b/extensions/feishu/src/reply-dispatcher.test.ts
@@ -25,40 +25,27 @@ vi.mock("./typing.js", () => ({
   addTypingIndicator: addTypingIndicatorMock,
   removeTypingIndicator: removeTypingIndicatorMock,
 }));
-vi.mock("./streaming-card.js", () => ({
-  mergeStreamingText: (previousText: string | undefined, nextText: string | undefined) => {
-    const previous = typeof previousText === "string" ? previousText : "";
-    const next = typeof nextText === "string" ? nextText : "";
-    if (!next) {
-      return previous;
-    }
-    if (!previous || next === previous) {
-      return next;
-    }
-    if (next.startsWith(previous)) {
-      return next;
-    }
-    if (previous.startsWith(next)) {
-      return previous;
-    }
-    return `${previous}${next}`;
-  },
-  FeishuStreamingSession: class {
-    active = false;
-    start = vi.fn(async () => {
-      this.active = true;
-    });
-    update = vi.fn(async () => {});
-    close = vi.fn(async () => {
-      this.active = false;
-    });
-    isActive = vi.fn(() => this.active);
+vi.mock("./streaming-card.js", async () => {
+  const actual = await vi.importActual<typeof import("./streaming-card.js")>("./streaming-card.js");
+  return {
+    mergeStreamingText: actual.mergeStreamingText,
+    FeishuStreamingSession: class {
+      active = false;
+      start = vi.fn(async () => {
+        this.active = true;
+      });
+      update = vi.fn(async () => {});
+      close = vi.fn(async () => {
+        this.active = false;
+      });
+      isActive = vi.fn(() => this.active);
 
-    constructor() {
-      streamingInstances.push(this);
-    }
-  },
-}));
+      constructor() {
+        streamingInstances.push(this);
+      }
+    },
+  };
+});
 
 import { createFeishuReplyDispatcher } from "./reply-dispatcher.js";
 
@@ -523,4 +510,50 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
       }),
     );
   });
+
+  it("recovers streaming after start() throws (HTTP 400)", async () => {
+    const errorMock = vi.fn();
+    let shouldFailStart = true;
+
+    // Intercept streaming instance creation to make first start() reject
+    const origPush = streamingInstances.push;
+    streamingInstances.push = function (this: any[], ...args: any[]) {
+      if (shouldFailStart) {
+        args[0].start = vi
+          .fn()
+          .mockRejectedValue(new Error("Create card request failed with HTTP 400"));
+        shouldFailStart = false;
+      }
+      return origPush.apply(this, args);
+    } as any;
+
+    try {
+      createFeishuReplyDispatcher({
+        cfg: {} as never,
+        agentId: "agent",
+        runtime: { log: vi.fn(), error: errorMock } as never,
+        chatId: "oc_chat",
+      });
+
+      const options = createReplyDispatcherWithTypingMock.mock.calls[0]?.[0];
+
+      // First deliver with markdown triggers startStreaming - which will fail
+      await options.deliver({ text: "```ts\nconst x = 1\n```" }, { kind: "block" });
+
+      // Wait for the async error to propagate
+      await vi.waitFor(() => {
+        expect(errorMock).toHaveBeenCalledWith(expect.stringContaining("streaming start failed"));
+      });
+
+      // Second deliver should create a NEW streaming session (not stuck)
+      await options.deliver({ text: "```ts\nconst y = 2\n```" }, { kind: "final" });
+
+      // Two instances created: first failed, second succeeded and closed
+      expect(streamingInstances).toHaveLength(2);
+      expect(streamingInstances[1].start).toHaveBeenCalled();
+      expect(streamingInstances[1].close).toHaveBeenCalled();
+    } finally {
+      streamingInstances.push = origPush;
+    }
+  });
 });
diff --git a/extensions/feishu/src/reply-dispatcher.ts b/extensions/feishu/src/reply-dispatcher.ts
index 6f66ffffa58..5ebf712ca8b 100644
--- a/extensions/feishu/src/reply-dispatcher.ts
+++ b/extensions/feishu/src/reply-dispatcher.ts
@@ -202,6 +202,7 @@ export function createFeishuReplyDispatcher(params: CreateFeishuReplyDispatcherP
       } catch (error) {
         params.runtime.error?.(`feishu: streaming start failed: ${String(error)}`);
         streaming = null;
+        streamingStartPromise = null; // allow retry on next deliver
       }
     })();
   };
diff --git a/extensions/google-gemini-cli-auth/oauth.test.ts b/extensions/google-gemini-cli-auth/oauth.test.ts
index 1471f804771..02100b73b1f 100644
--- a/extensions/google-gemini-cli-auth/oauth.test.ts
+++ b/extensions/google-gemini-cli-auth/oauth.test.ts
@@ -144,6 +144,13 @@ describe("extractGeminiCliCredentials", () => {
     }
   }
 
+  function expectFakeCliCredentials(result: unknown) {
+    expect(result).toEqual({
+      clientId: FAKE_CLIENT_ID,
+      clientSecret: FAKE_CLIENT_SECRET,
+    });
+  }
+
   beforeEach(async () => {
     vi.clearAllMocks();
     originalPath = process.env.PATH;
@@ -169,10 +176,7 @@ describe("extractGeminiCliCredentials", () => {
     clearCredentialsCache();
     const result = extractGeminiCliCredentials();
 
-    expect(result).toEqual({
-      clientId: FAKE_CLIENT_ID,
-      clientSecret: FAKE_CLIENT_SECRET,
-    });
+    expectFakeCliCredentials(result);
   });
 
   it("extracts credentials when PATH entry is an npm global shim", async () => {
@@ -182,10 +186,7 @@ describe("extractGeminiCliCredentials", () => {
     clearCredentialsCache();
     const result = extractGeminiCliCredentials();
 
-    expect(result).toEqual({
-      clientId: FAKE_CLIENT_ID,
-      clientSecret: FAKE_CLIENT_SECRET,
-    });
+    expectFakeCliCredentials(result);
   });
 
   it("returns null when oauth2.js cannot be found", async () => {
@@ -274,16 +275,16 @@ describe("loginGeminiCliOAuth", () => {
     });
   }
 
-  async function runRemoteLoginWithCapturedAuthUrl(
-    loginGeminiCliOAuth: (options: {
-      isRemote: boolean;
-      openUrl: () => Promise<void>;
-      log: (msg: string) => void;
-      note: () => Promise<void>;
-      prompt: () => Promise<string>;
-      progress: { update: () => void; stop: () => void };
-    }) => Promise<{ projectId: string }>,
-  ) {
+  type LoginGeminiCliOAuthFn = (options: {
+    isRemote: boolean;
+    openUrl: () => Promise<void>;
+    log: (msg: string) => void;
+    note: () => Promise<void>;
+    prompt: () => Promise<string>;
+    progress: { update: () => void; stop: () => void };
+  }) => Promise<{ projectId: string }>;
+
+  async function runRemoteLoginWithCapturedAuthUrl(loginGeminiCliOAuth: LoginGeminiCliOAuthFn) {
     let authUrl = "";
     const result = await loginGeminiCliOAuth({
       isRemote: true,
@@ -304,6 +305,14 @@ describe("loginGeminiCliOAuth", () => {
     return { result, authUrl };
   }
 
+  async function runRemoteLoginExpectingProjectId(
+    loginGeminiCliOAuth: LoginGeminiCliOAuthFn,
+    projectId: string,
+  ) {
+    const { result } = await runRemoteLoginWithCapturedAuthUrl(loginGeminiCliOAuth);
+    expect(result.projectId).toBe(projectId);
+  }
+
   let envSnapshot: Partial<Record<(typeof ENV_KEYS)[number], string>>;
   beforeEach(() => {
     envSnapshot = Object.fromEntries(ENV_KEYS.map((key) => [key, process.env[key]]));
@@ -357,9 +366,7 @@ describe("loginGeminiCliOAuth", () => {
     vi.stubGlobal("fetch", fetchMock);
 
     const { loginGeminiCliOAuth } = await import("./oauth.js");
-    const { result } = await runRemoteLoginWithCapturedAuthUrl(loginGeminiCliOAuth);
-
-    expect(result.projectId).toBe("daily-project");
+    await runRemoteLoginExpectingProjectId(loginGeminiCliOAuth, "daily-project");
     const loadRequests = requests.filter((request) =>
       request.url.includes("v1internal:loadCodeAssist"),
     );
@@ -414,9 +421,7 @@ describe("loginGeminiCliOAuth", () => {
     vi.stubGlobal("fetch", fetchMock);
 
     const { loginGeminiCliOAuth } = await import("./oauth.js");
-    const { result } = await runRemoteLoginWithCapturedAuthUrl(loginGeminiCliOAuth);
-
-    expect(result.projectId).toBe("env-project");
+    await runRemoteLoginExpectingProjectId(loginGeminiCliOAuth, "env-project");
     expect(requests.filter((url) => url.includes("v1internal:loadCodeAssist"))).toHaveLength(3);
     expect(requests.some((url) => url.includes("v1internal:onboardUser"))).toBe(false);
   });
diff --git a/extensions/google-gemini-cli-auth/package.json b/extensions/google-gemini-cli-auth/package.json
index a5c5fd54652..61ae5be803c 100644
--- a/extensions/google-gemini-cli-auth/package.json
+++ b/extensions/google-gemini-cli-auth/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/google-gemini-cli-auth",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw Gemini CLI OAuth provider plugin",
   "type": "module",
diff --git a/extensions/googlechat/package.json b/extensions/googlechat/package.json
index 8b6f42e371c..3514ac52b90 100644
--- a/extensions/googlechat/package.json
+++ b/extensions/googlechat/package.json
@@ -1,15 +1,12 @@
 {
   "name": "@openclaw/googlechat",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw Google Chat channel plugin",
   "type": "module",
   "dependencies": {
     "google-auth-library": "^10.6.1"
   },
-  "devDependencies": {
-    "openclaw": "workspace:*"
-  },
   "peerDependencies": {
     "openclaw": ">=2026.3.11"
   },
diff --git a/extensions/googlechat/src/channel.startup.test.ts b/extensions/googlechat/src/channel.startup.test.ts
index 521cbb94c5f..11c46aa663a 100644
--- a/extensions/googlechat/src/channel.startup.test.ts
+++ b/extensions/googlechat/src/channel.startup.test.ts
@@ -1,6 +1,10 @@
 import type { ChannelAccountSnapshot } from "openclaw/plugin-sdk/googlechat";
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { createStartAccountContext } from "../../test-utils/start-account-context.js";
+import {
+  abortStartedAccount,
+  expectPendingUntilAbort,
+  startAccountAndTrackLifecycle,
+} from "../../test-utils/start-account-lifecycle.js";
 import type { ResolvedGoogleChatAccount } from "./accounts.js";
 
 const hoisted = vi.hoisted(() => ({
@@ -39,29 +43,25 @@ describe("googlechatPlugin gateway.startAccount", () => {
       },
     };
 
-    const patches: ChannelAccountSnapshot[] = [];
-    const abort = new AbortController();
-    const task = googlechatPlugin.gateway!.startAccount!(
-      createStartAccountContext({
-        account,
-        abortSignal: abort.signal,
-        statusPatchSink: (next) => patches.push({ ...next }),
-      }),
-    );
-    let settled = false;
-    void task.then(() => {
-      settled = true;
+    const { abort, patches, task, isSettled } = startAccountAndTrackLifecycle({
+      startAccount: googlechatPlugin.gateway!.startAccount!,
+      account,
     });
-    await vi.waitFor(() => {
-      expect(hoisted.startGoogleChatMonitor).toHaveBeenCalledOnce();
+    await expectPendingUntilAbort({
+      waitForStarted: () =>
+        vi.waitFor(() => {
+          expect(hoisted.startGoogleChatMonitor).toHaveBeenCalledOnce();
+        }),
+      isSettled,
+      abort,
+      task,
+      assertBeforeAbort: () => {
+        expect(unregister).not.toHaveBeenCalled();
+      },
+      assertAfterAbort: () => {
+        expect(unregister).toHaveBeenCalledOnce();
+      },
     });
-    expect(settled).toBe(false);
-    expect(unregister).not.toHaveBeenCalled();
-
-    abort.abort();
-    await task;
-
-    expect(unregister).toHaveBeenCalledOnce();
     expect(patches.some((entry) => entry.running === true)).toBe(true);
     expect(patches.some((entry) => entry.running === false)).toBe(true);
   });
diff --git a/extensions/googlechat/src/channel.ts b/extensions/googlechat/src/channel.ts
index 47980f97d92..3ae992d3e9e 100644
--- a/extensions/googlechat/src/channel.ts
+++ b/extensions/googlechat/src/channel.ts
@@ -30,6 +30,7 @@ import {
   type OpenClawConfig,
 } from "openclaw/plugin-sdk/googlechat";
 import { GoogleChatConfigSchema } from "openclaw/plugin-sdk/googlechat";
+import { buildPassiveProbedChannelStatusSummary } from "../../shared/channel-status-summary.js";
 import {
   listGoogleChatAccountIds,
   resolveDefaultGoogleChatAccountId,
@@ -473,20 +474,14 @@ export const googlechatPlugin: ChannelPlugin<ResolvedGoogleChatAccount> = {
         }
         return issues;
       }),
-    buildChannelSummary: ({ snapshot }) => ({
-      configured: snapshot.configured ?? false,
-      credentialSource: snapshot.credentialSource ?? "none",
-      audienceType: snapshot.audienceType ?? null,
-      audience: snapshot.audience ?? null,
-      webhookPath: snapshot.webhookPath ?? null,
-      webhookUrl: snapshot.webhookUrl ?? null,
-      running: snapshot.running ?? false,
-      lastStartAt: snapshot.lastStartAt ?? null,
-      lastStopAt: snapshot.lastStopAt ?? null,
-      lastError: snapshot.lastError ?? null,
-      probe: snapshot.probe,
-      lastProbeAt: snapshot.lastProbeAt ?? null,
-    }),
+    buildChannelSummary: ({ snapshot }) =>
+      buildPassiveProbedChannelStatusSummary(snapshot, {
+        credentialSource: snapshot.credentialSource ?? "none",
+        audienceType: snapshot.audienceType ?? null,
+        audience: snapshot.audience ?? null,
+        webhookPath: snapshot.webhookPath ?? null,
+        webhookUrl: snapshot.webhookUrl ?? null,
+      }),
     probeAccount: async ({ account }) => probeGoogleChat(account),
     buildAccountSnapshot: ({ account, runtime, probe }) => {
       const base = buildComputedAccountStatusSnapshot({
diff --git a/extensions/imessage/package.json b/extensions/imessage/package.json
index 0f8ca0ac9dd..c0988ee601c 100644
--- a/extensions/imessage/package.json
+++ b/extensions/imessage/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/imessage",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw iMessage channel plugin",
   "type": "module",
diff --git a/src/imessage/accounts.ts b/extensions/imessage/src/accounts.ts
similarity index 85%
rename from src/imessage/accounts.ts
rename to extensions/imessage/src/accounts.ts
index d0ed6a9218c..f370fd54860 100644
--- a/src/imessage/accounts.ts
+++ b/extensions/imessage/src/accounts.ts
@@ -1,8 +1,8 @@
-import { createAccountListHelpers } from "../channels/plugins/account-helpers.js";
-import type { OpenClawConfig } from "../config/config.js";
-import type { IMessageAccountConfig } from "../config/types.js";
-import { resolveAccountEntry } from "../routing/account-lookup.js";
-import { normalizeAccountId } from "../routing/session-key.js";
+import { createAccountListHelpers } from "../../../src/channels/plugins/account-helpers.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { IMessageAccountConfig } from "../../../src/config/types.js";
+import { resolveAccountEntry } from "../../../src/routing/account-lookup.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
 
 export type ResolvedIMessageAccount = {
   accountId: string;
diff --git a/extensions/imessage/src/channel.ts b/extensions/imessage/src/channel.ts
index 22c45cf6072..ff3758bf0d6 100644
--- a/extensions/imessage/src/channel.ts
+++ b/extensions/imessage/src/channel.ts
@@ -29,6 +29,8 @@ import {
   type ChannelPlugin,
   type ResolvedIMessageAccount,
 } from "openclaw/plugin-sdk/imessage";
+import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js";
+import { buildPassiveProbedChannelStatusSummary } from "../../shared/channel-status-summary.js";
 import { getIMessageRuntime } from "./runtime.js";
 
 const meta = getChatChannelMeta("imessage");
@@ -58,11 +60,12 @@ async function sendIMessageOutbound(params: {
   mediaUrl?: string;
   mediaLocalRoots?: readonly string[];
   accountId?: string;
-  deps?: { sendIMessage?: IMessageSendFn };
+  deps?: { [channelId: string]: unknown };
   replyToId?: string;
 }) {
   const send =
-    params.deps?.sendIMessage ?? getIMessageRuntime().channel.imessage.sendMessageIMessage;
+    resolveOutboundSendDep<IMessageSendFn>(params.deps, "imessage") ??
+    getIMessageRuntime().channel.imessage.sendMessageIMessage;
   const maxBytes = resolveChannelMediaMaxBytes({
     cfg: params.cfg,
     resolveChannelLimitMb: ({ cfg, accountId }) =>
@@ -264,17 +267,11 @@ export const imessagePlugin: ChannelPlugin<ResolvedIMessageAccount> = {
       dbPath: null,
     },
     collectStatusIssues: (accounts) => collectStatusIssuesFromLastError("imessage", accounts),
-    buildChannelSummary: ({ snapshot }) => ({
-      configured: snapshot.configured ?? false,
-      running: snapshot.running ?? false,
-      lastStartAt: snapshot.lastStartAt ?? null,
-      lastStopAt: snapshot.lastStopAt ?? null,
-      lastError: snapshot.lastError ?? null,
-      cliPath: snapshot.cliPath ?? null,
-      dbPath: snapshot.dbPath ?? null,
-      probe: snapshot.probe,
-      lastProbeAt: snapshot.lastProbeAt ?? null,
-    }),
+    buildChannelSummary: ({ snapshot }) =>
+      buildPassiveProbedChannelStatusSummary(snapshot, {
+        cliPath: snapshot.cliPath ?? null,
+        dbPath: snapshot.dbPath ?? null,
+      }),
     probeAccount: async ({ timeoutMs }) =>
       getIMessageRuntime().channel.imessage.probeIMessage(timeoutMs),
     buildAccountSnapshot: ({ account, runtime, probe }) => ({
diff --git a/src/imessage/client.ts b/extensions/imessage/src/client.ts
similarity index 98%
rename from src/imessage/client.ts
rename to extensions/imessage/src/client.ts
index d4ec458a7e9..efe9e5deb3b 100644
--- a/src/imessage/client.ts
+++ b/extensions/imessage/src/client.ts
@@ -1,7 +1,7 @@
 import { type ChildProcessWithoutNullStreams, spawn } from "node:child_process";
 import { createInterface, type Interface } from "node:readline";
-import type { RuntimeEnv } from "../runtime.js";
-import { resolveUserPath } from "../utils.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
+import { resolveUserPath } from "../../../src/utils.js";
 import { DEFAULT_IMESSAGE_PROBE_TIMEOUT_MS } from "./constants.js";
 
 export type IMessageRpcError = {
diff --git a/src/imessage/constants.ts b/extensions/imessage/src/constants.ts
similarity index 100%
rename from src/imessage/constants.ts
rename to extensions/imessage/src/constants.ts
diff --git a/src/imessage/monitor.gating.test.ts b/extensions/imessage/src/monitor.gating.test.ts
similarity index 99%
rename from src/imessage/monitor.gating.test.ts
rename to extensions/imessage/src/monitor.gating.test.ts
index 36a324e009b..2e564cc30cf 100644
--- a/src/imessage/monitor.gating.test.ts
+++ b/extensions/imessage/src/monitor.gating.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import {
   buildIMessageInboundContext,
   resolveIMessageInboundDecision,
diff --git a/src/imessage/monitor.shutdown.unhandled-rejection.test.ts b/extensions/imessage/src/monitor.shutdown.unhandled-rejection.test.ts
similarity index 100%
rename from src/imessage/monitor.shutdown.unhandled-rejection.test.ts
rename to extensions/imessage/src/monitor.shutdown.unhandled-rejection.test.ts
diff --git a/src/imessage/monitor.ts b/extensions/imessage/src/monitor.ts
similarity index 100%
rename from src/imessage/monitor.ts
rename to extensions/imessage/src/monitor.ts
diff --git a/src/imessage/monitor/abort-handler.ts b/extensions/imessage/src/monitor/abort-handler.ts
similarity index 100%
rename from src/imessage/monitor/abort-handler.ts
rename to extensions/imessage/src/monitor/abort-handler.ts
diff --git a/src/imessage/monitor/deliver.test.ts b/extensions/imessage/src/monitor/deliver.test.ts
similarity index 93%
rename from src/imessage/monitor/deliver.test.ts
rename to extensions/imessage/src/monitor/deliver.test.ts
index 9db03d6ace5..75d18eec71e 100644
--- a/src/imessage/monitor/deliver.test.ts
+++ b/extensions/imessage/src/monitor/deliver.test.ts
@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 
 const sendMessageIMessageMock = vi.hoisted(() =>
   vi.fn().mockResolvedValue({ messageId: "imsg-1" }),
@@ -14,20 +14,20 @@ vi.mock("../send.js", () => ({
     sendMessageIMessageMock(to, message, opts),
 }));
 
-vi.mock("../../auto-reply/chunk.js", () => ({
+vi.mock("../../../../src/auto-reply/chunk.js", () => ({
   chunkTextWithMode: (text: string) => chunkTextWithModeMock(text),
   resolveChunkMode: () => resolveChunkModeMock(),
 }));
 
-vi.mock("../../config/config.js", () => ({
+vi.mock("../../../../src/config/config.js", () => ({
   loadConfig: () => ({}),
 }));
 
-vi.mock("../../config/markdown-tables.js", () => ({
+vi.mock("../../../../src/config/markdown-tables.js", () => ({
   resolveMarkdownTableMode: () => resolveMarkdownTableModeMock(),
 }));
 
-vi.mock("../../markdown/tables.js", () => ({
+vi.mock("../../../../src/markdown/tables.js", () => ({
   convertMarkdownTables: (text: string) => convertMarkdownTablesMock(text),
 }));
 
diff --git a/src/imessage/monitor/deliver.ts b/extensions/imessage/src/monitor/deliver.ts
similarity index 83%
rename from src/imessage/monitor/deliver.ts
rename to extensions/imessage/src/monitor/deliver.ts
index fc949d3cfc1..e8db8c0cac9 100644
--- a/src/imessage/monitor/deliver.ts
+++ b/extensions/imessage/src/monitor/deliver.ts
@@ -1,9 +1,9 @@
-import { chunkTextWithMode, resolveChunkMode } from "../../auto-reply/chunk.js";
-import type { ReplyPayload } from "../../auto-reply/types.js";
-import { loadConfig } from "../../config/config.js";
-import { resolveMarkdownTableMode } from "../../config/markdown-tables.js";
-import { convertMarkdownTables } from "../../markdown/tables.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import { chunkTextWithMode, resolveChunkMode } from "../../../../src/auto-reply/chunk.js";
+import type { ReplyPayload } from "../../../../src/auto-reply/types.js";
+import { loadConfig } from "../../../../src/config/config.js";
+import { resolveMarkdownTableMode } from "../../../../src/config/markdown-tables.js";
+import { convertMarkdownTables } from "../../../../src/markdown/tables.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import type { createIMessageRpcClient } from "../client.js";
 import { sendMessageIMessage } from "../send.js";
 import type { SentMessageCache } from "./echo-cache.js";
diff --git a/src/imessage/monitor/echo-cache.ts b/extensions/imessage/src/monitor/echo-cache.ts
similarity index 100%
rename from src/imessage/monitor/echo-cache.ts
rename to extensions/imessage/src/monitor/echo-cache.ts
diff --git a/src/imessage/monitor/inbound-processing.test.ts b/extensions/imessage/src/monitor/inbound-processing.test.ts
similarity index 98%
rename from src/imessage/monitor/inbound-processing.test.ts
rename to extensions/imessage/src/monitor/inbound-processing.test.ts
index d2adc37bf74..4575a28de36 100644
--- a/src/imessage/monitor/inbound-processing.test.ts
+++ b/extensions/imessage/src/monitor/inbound-processing.test.ts
@@ -1,6 +1,6 @@
 import { describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../../config/config.js";
-import { sanitizeTerminalText } from "../../terminal/safe-text.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import { sanitizeTerminalText } from "../../../../src/terminal/safe-text.js";
 import {
   describeIMessageEchoDropLog,
   resolveIMessageInboundDecision,
diff --git a/src/imessage/monitor/inbound-processing.ts b/extensions/imessage/src/monitor/inbound-processing.ts
similarity index 93%
rename from src/imessage/monitor/inbound-processing.ts
rename to extensions/imessage/src/monitor/inbound-processing.ts
index b3fc10c1e7b..af900e21b40 100644
--- a/src/imessage/monitor/inbound-processing.ts
+++ b/extensions/imessage/src/monitor/inbound-processing.ts
@@ -1,31 +1,34 @@
-import { hasControlCommand } from "../../auto-reply/command-detection.js";
+import { hasControlCommand } from "../../../../src/auto-reply/command-detection.js";
 import {
   formatInboundEnvelope,
   formatInboundFromLabel,
   resolveEnvelopeFormatOptions,
   type EnvelopeFormatOptions,
-} from "../../auto-reply/envelope.js";
+} from "../../../../src/auto-reply/envelope.js";
 import {
   buildPendingHistoryContextFromMap,
   recordPendingHistoryEntryIfEnabled,
   type HistoryEntry,
-} from "../../auto-reply/reply/history.js";
-import { finalizeInboundContext } from "../../auto-reply/reply/inbound-context.js";
-import { buildMentionRegexes, matchesMentionPatterns } from "../../auto-reply/reply/mentions.js";
-import { resolveControlCommandGate } from "../../channels/command-gating.js";
-import { logInboundDrop } from "../../channels/logging.js";
-import type { OpenClawConfig } from "../../config/config.js";
+} from "../../../../src/auto-reply/reply/history.js";
+import { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js";
+import {
+  buildMentionRegexes,
+  matchesMentionPatterns,
+} from "../../../../src/auto-reply/reply/mentions.js";
+import { resolveDualTextControlCommandGate } from "../../../../src/channels/command-gating.js";
+import { logInboundDrop } from "../../../../src/channels/logging.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
 import {
   resolveChannelGroupPolicy,
   resolveChannelGroupRequireMention,
-} from "../../config/group-policy.js";
-import { resolveAgentRoute } from "../../routing/resolve-route.js";
+} from "../../../../src/config/group-policy.js";
+import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js";
 import {
   DM_GROUP_ACCESS_REASON,
   resolveDmGroupAccessWithLists,
-} from "../../security/dm-policy-shared.js";
-import { sanitizeTerminalText } from "../../terminal/safe-text.js";
-import { truncateUtf16Safe } from "../../utils.js";
+} from "../../../../src/security/dm-policy-shared.js";
+import { sanitizeTerminalText } from "../../../../src/terminal/safe-text.js";
+import { truncateUtf16Safe } from "../../../../src/utils.js";
 import {
   formatIMessageChatTarget,
   isAllowedIMessageSender,
@@ -311,17 +314,15 @@ export function resolveIMessageInboundDecision(params: {
         })
       : false;
   const hasControlCommandInMessage = hasControlCommand(messageText, params.cfg);
-  const commandGate = resolveControlCommandGate({
+  const { commandAuthorized, shouldBlock } = resolveDualTextControlCommandGate({
     useAccessGroups,
-    authorizers: [
-      { configured: commandDmAllowFrom.length > 0, allowed: ownerAllowedForCommands },
-      { configured: effectiveGroupAllowFrom.length > 0, allowed: groupAllowedForCommands },
-    ],
-    allowTextCommands: true,
+    primaryConfigured: commandDmAllowFrom.length > 0,
+    primaryAllowed: ownerAllowedForCommands,
+    secondaryConfigured: effectiveGroupAllowFrom.length > 0,
+    secondaryAllowed: groupAllowedForCommands,
     hasControlCommand: hasControlCommandInMessage,
   });
-  const commandAuthorized = commandGate.commandAuthorized;
-  if (isGroup && commandGate.shouldBlock) {
+  if (isGroup && shouldBlock) {
     if (params.logVerbose) {
       logInboundDrop({
         log: params.logVerbose,
diff --git a/src/imessage/monitor/loop-rate-limiter.test.ts b/extensions/imessage/src/monitor/loop-rate-limiter.test.ts
similarity index 100%
rename from src/imessage/monitor/loop-rate-limiter.test.ts
rename to extensions/imessage/src/monitor/loop-rate-limiter.test.ts
diff --git a/src/imessage/monitor/loop-rate-limiter.ts b/extensions/imessage/src/monitor/loop-rate-limiter.ts
similarity index 100%
rename from src/imessage/monitor/loop-rate-limiter.ts
rename to extensions/imessage/src/monitor/loop-rate-limiter.ts
diff --git a/src/imessage/monitor/monitor-provider.echo-cache.test.ts b/extensions/imessage/src/monitor/monitor-provider.echo-cache.test.ts
similarity index 100%
rename from src/imessage/monitor/monitor-provider.echo-cache.test.ts
rename to extensions/imessage/src/monitor/monitor-provider.echo-cache.test.ts
diff --git a/src/imessage/monitor/monitor-provider.ts b/extensions/imessage/src/monitor/monitor-provider.ts
similarity index 92%
rename from src/imessage/monitor/monitor-provider.ts
rename to extensions/imessage/src/monitor/monitor-provider.ts
index 1324529cbff..e3c062cd814 100644
--- a/src/imessage/monitor/monitor-provider.ts
+++ b/extensions/imessage/src/monitor/monitor-provider.ts
@@ -1,42 +1,42 @@
 import fs from "node:fs/promises";
-import { resolveHumanDelayConfig } from "../../agents/identity.js";
-import { resolveTextChunkLimit } from "../../auto-reply/chunk.js";
-import { dispatchInboundMessage } from "../../auto-reply/dispatch.js";
+import { resolveHumanDelayConfig } from "../../../../src/agents/identity.js";
+import { resolveTextChunkLimit } from "../../../../src/auto-reply/chunk.js";
+import { dispatchInboundMessage } from "../../../../src/auto-reply/dispatch.js";
 import {
   clearHistoryEntriesIfEnabled,
   DEFAULT_GROUP_HISTORY_LIMIT,
   type HistoryEntry,
-} from "../../auto-reply/reply/history.js";
-import { createReplyDispatcher } from "../../auto-reply/reply/reply-dispatcher.js";
+} from "../../../../src/auto-reply/reply/history.js";
+import { createReplyDispatcher } from "../../../../src/auto-reply/reply/reply-dispatcher.js";
 import {
   createChannelInboundDebouncer,
   shouldDebounceTextInbound,
-} from "../../channels/inbound-debounce-policy.js";
-import { createReplyPrefixOptions } from "../../channels/reply-prefix.js";
-import { recordInboundSession } from "../../channels/session.js";
-import { loadConfig } from "../../config/config.js";
+} from "../../../../src/channels/inbound-debounce-policy.js";
+import { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js";
+import { recordInboundSession } from "../../../../src/channels/session.js";
+import { loadConfig } from "../../../../src/config/config.js";
 import {
   resolveOpenProviderRuntimeGroupPolicy,
   resolveDefaultGroupPolicy,
   warnMissingProviderGroupPolicyFallbackOnce,
-} from "../../config/runtime-group-policy.js";
-import { readSessionUpdatedAt, resolveStorePath } from "../../config/sessions.js";
-import { danger, logVerbose, shouldLogVerbose, warn } from "../../globals.js";
-import { normalizeScpRemoteHost } from "../../infra/scp-host.js";
-import { waitForTransportReady } from "../../infra/transport-ready.js";
+} from "../../../../src/config/runtime-group-policy.js";
+import { readSessionUpdatedAt, resolveStorePath } from "../../../../src/config/sessions.js";
+import { danger, logVerbose, shouldLogVerbose, warn } from "../../../../src/globals.js";
+import { normalizeScpRemoteHost } from "../../../../src/infra/scp-host.js";
+import { waitForTransportReady } from "../../../../src/infra/transport-ready.js";
 import {
   isInboundPathAllowed,
   resolveIMessageAttachmentRoots,
   resolveIMessageRemoteAttachmentRoots,
-} from "../../media/inbound-path-policy.js";
-import { kindFromMime } from "../../media/mime.js";
-import { issuePairingChallenge } from "../../pairing/pairing-challenge.js";
+} from "../../../../src/media/inbound-path-policy.js";
+import { kindFromMime } from "../../../../src/media/mime.js";
+import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js";
 import {
   readChannelAllowFromStore,
   upsertChannelPairingRequest,
-} from "../../pairing/pairing-store.js";
-import { resolvePinnedMainDmOwnerFromAllowlist } from "../../security/dm-policy-shared.js";
-import { truncateUtf16Safe } from "../../utils.js";
+} from "../../../../src/pairing/pairing-store.js";
+import { resolvePinnedMainDmOwnerFromAllowlist } from "../../../../src/security/dm-policy-shared.js";
+import { truncateUtf16Safe } from "../../../../src/utils.js";
 import { resolveIMessageAccount } from "../accounts.js";
 import { createIMessageRpcClient } from "../client.js";
 import { DEFAULT_IMESSAGE_PROBE_TIMEOUT_MS } from "../constants.js";
diff --git a/src/imessage/monitor/parse-notification.ts b/extensions/imessage/src/monitor/parse-notification.ts
similarity index 100%
rename from src/imessage/monitor/parse-notification.ts
rename to extensions/imessage/src/monitor/parse-notification.ts
diff --git a/src/imessage/monitor/provider.group-policy.test.ts b/extensions/imessage/src/monitor/provider.group-policy.test.ts
similarity index 91%
rename from src/imessage/monitor/provider.group-policy.test.ts
rename to extensions/imessage/src/monitor/provider.group-policy.test.ts
index 58812ad5711..d6a7b1f880b 100644
--- a/src/imessage/monitor/provider.group-policy.test.ts
+++ b/extensions/imessage/src/monitor/provider.group-policy.test.ts
@@ -1,5 +1,5 @@
 import { describe } from "vitest";
-import { installProviderRuntimeGroupPolicyFallbackSuite } from "../../test-utils/runtime-group-policy-contract.js";
+import { installProviderRuntimeGroupPolicyFallbackSuite } from "../../../../src/test-utils/runtime-group-policy-contract.js";
 import { __testing } from "./monitor-provider.js";
 
 describe("resolveIMessageRuntimeGroupPolicy", () => {
diff --git a/src/imessage/monitor/reflection-guard.test.ts b/extensions/imessage/src/monitor/reflection-guard.test.ts
similarity index 100%
rename from src/imessage/monitor/reflection-guard.test.ts
rename to extensions/imessage/src/monitor/reflection-guard.test.ts
diff --git a/src/imessage/monitor/reflection-guard.ts b/extensions/imessage/src/monitor/reflection-guard.ts
similarity index 95%
rename from src/imessage/monitor/reflection-guard.ts
rename to extensions/imessage/src/monitor/reflection-guard.ts
index 97a329315e8..0af95d957cc 100644
--- a/src/imessage/monitor/reflection-guard.ts
+++ b/extensions/imessage/src/monitor/reflection-guard.ts
@@ -4,7 +4,7 @@
  * bounced back as a new inbound message — creating an echo loop.
  */
 
-import { findCodeRegions, isInsideCode } from "../../shared/text/code-regions.js";
+import { findCodeRegions, isInsideCode } from "../../../../src/shared/text/code-regions.js";
 
 const INTERNAL_SEPARATOR_RE = /(?:#\+){2,}#?/;
 const ASSISTANT_ROLE_MARKER_RE = /\bassistant\s+to\s*=\s*\w+/i;
diff --git a/src/imessage/monitor/runtime.ts b/extensions/imessage/src/monitor/runtime.ts
similarity index 76%
rename from src/imessage/monitor/runtime.ts
rename to extensions/imessage/src/monitor/runtime.ts
index 72066272d6c..e4fe6ae4336 100644
--- a/src/imessage/monitor/runtime.ts
+++ b/extensions/imessage/src/monitor/runtime.ts
@@ -1,5 +1,5 @@
-import { createNonExitingRuntime, type RuntimeEnv } from "../../runtime.js";
-import { normalizeStringEntries } from "../../shared/string-normalization.js";
+import { createNonExitingRuntime, type RuntimeEnv } from "../../../../src/runtime.js";
+import { normalizeStringEntries } from "../../../../src/shared/string-normalization.js";
 import type { MonitorIMessageOpts } from "./types.js";
 
 export function resolveRuntime(opts: MonitorIMessageOpts): RuntimeEnv {
diff --git a/src/imessage/monitor/sanitize-outbound.test.ts b/extensions/imessage/src/monitor/sanitize-outbound.test.ts
similarity index 100%
rename from src/imessage/monitor/sanitize-outbound.test.ts
rename to extensions/imessage/src/monitor/sanitize-outbound.test.ts
diff --git a/src/imessage/monitor/sanitize-outbound.ts b/extensions/imessage/src/monitor/sanitize-outbound.ts
similarity index 90%
rename from src/imessage/monitor/sanitize-outbound.ts
rename to extensions/imessage/src/monitor/sanitize-outbound.ts
index 9fe1664e1eb..83eb75a8da2 100644
--- a/src/imessage/monitor/sanitize-outbound.ts
+++ b/extensions/imessage/src/monitor/sanitize-outbound.ts
@@ -1,4 +1,4 @@
-import { stripAssistantInternalScaffolding } from "../../shared/text/assistant-visible-text.js";
+import { stripAssistantInternalScaffolding } from "../../../../src/shared/text/assistant-visible-text.js";
 
 /**
  * Patterns that indicate assistant-internal metadata leaked into text.
diff --git a/src/imessage/monitor/self-chat-cache.test.ts b/extensions/imessage/src/monitor/self-chat-cache.test.ts
similarity index 100%
rename from src/imessage/monitor/self-chat-cache.test.ts
rename to extensions/imessage/src/monitor/self-chat-cache.test.ts
diff --git a/src/imessage/monitor/self-chat-cache.ts b/extensions/imessage/src/monitor/self-chat-cache.ts
similarity index 100%
rename from src/imessage/monitor/self-chat-cache.ts
rename to extensions/imessage/src/monitor/self-chat-cache.ts
diff --git a/src/imessage/monitor/types.ts b/extensions/imessage/src/monitor/types.ts
similarity index 87%
rename from src/imessage/monitor/types.ts
rename to extensions/imessage/src/monitor/types.ts
index 2f13b3ecfb9..074c7c34c9f 100644
--- a/src/imessage/monitor/types.ts
+++ b/extensions/imessage/src/monitor/types.ts
@@ -1,5 +1,5 @@
-import type { OpenClawConfig } from "../../config/config.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 
 export type IMessageAttachment = {
   original_path?: string | null;
diff --git a/src/imessage/probe.test.ts b/extensions/imessage/src/probe.test.ts
similarity index 91%
rename from src/imessage/probe.test.ts
rename to extensions/imessage/src/probe.test.ts
index adee76063bb..5d676327c11 100644
--- a/src/imessage/probe.test.ts
+++ b/extensions/imessage/src/probe.test.ts
@@ -5,11 +5,11 @@ const detectBinaryMock = vi.hoisted(() => vi.fn());
 const runCommandWithTimeoutMock = vi.hoisted(() => vi.fn());
 const createIMessageRpcClientMock = vi.hoisted(() => vi.fn());
 
-vi.mock("../commands/onboard-helpers.js", () => ({
+vi.mock("../../../src/commands/onboard-helpers.js", () => ({
   detectBinary: (...args: unknown[]) => detectBinaryMock(...args),
 }));
 
-vi.mock("../process/exec.js", () => ({
+vi.mock("../../../src/process/exec.js", () => ({
   runCommandWithTimeout: (...args: unknown[]) => runCommandWithTimeoutMock(...args),
 }));
 
diff --git a/src/imessage/probe.ts b/extensions/imessage/src/probe.ts
similarity index 90%
rename from src/imessage/probe.ts
rename to extensions/imessage/src/probe.ts
index 9c33a471ab0..1b6ab665d09 100644
--- a/src/imessage/probe.ts
+++ b/extensions/imessage/src/probe.ts
@@ -1,8 +1,8 @@
-import type { BaseProbeResult } from "../channels/plugins/types.js";
-import { detectBinary } from "../commands/onboard-helpers.js";
-import { loadConfig } from "../config/config.js";
-import { runCommandWithTimeout } from "../process/exec.js";
-import type { RuntimeEnv } from "../runtime.js";
+import type { BaseProbeResult } from "../../../src/channels/plugins/types.js";
+import { detectBinary } from "../../../src/commands/onboard-helpers.js";
+import { loadConfig } from "../../../src/config/config.js";
+import { runCommandWithTimeout } from "../../../src/process/exec.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 import { createIMessageRpcClient } from "./client.js";
 import { DEFAULT_IMESSAGE_PROBE_TIMEOUT_MS } from "./constants.js";
 
diff --git a/src/imessage/send.test.ts b/extensions/imessage/src/send.test.ts
similarity index 100%
rename from src/imessage/send.test.ts
rename to extensions/imessage/src/send.test.ts
diff --git a/src/imessage/send.ts b/extensions/imessage/src/send.ts
similarity index 94%
rename from src/imessage/send.ts
rename to extensions/imessage/src/send.ts
index efa3fca3366..5bc02b6bb7f 100644
--- a/src/imessage/send.ts
+++ b/extensions/imessage/src/send.ts
@@ -1,8 +1,8 @@
-import { loadConfig } from "../config/config.js";
-import { resolveMarkdownTableMode } from "../config/markdown-tables.js";
-import { convertMarkdownTables } from "../markdown/tables.js";
-import { kindFromMime } from "../media/mime.js";
-import { resolveOutboundAttachmentFromUrl } from "../media/outbound-attachment.js";
+import { loadConfig } from "../../../src/config/config.js";
+import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js";
+import { convertMarkdownTables } from "../../../src/markdown/tables.js";
+import { kindFromMime } from "../../../src/media/mime.js";
+import { resolveOutboundAttachmentFromUrl } from "../../../src/media/outbound-attachment.js";
 import { resolveIMessageAccount, type ResolvedIMessageAccount } from "./accounts.js";
 import { createIMessageRpcClient, type IMessageRpcClient } from "./client.js";
 import { formatIMessageChatTarget, type IMessageService, parseIMessageTarget } from "./targets.js";
diff --git a/src/imessage/target-parsing-helpers.ts b/extensions/imessage/src/target-parsing-helpers.ts
similarity index 98%
rename from src/imessage/target-parsing-helpers.ts
rename to extensions/imessage/src/target-parsing-helpers.ts
index ba00590e6d5..95ccc3682ce 100644
--- a/src/imessage/target-parsing-helpers.ts
+++ b/extensions/imessage/src/target-parsing-helpers.ts
@@ -1,4 +1,4 @@
-import { isAllowedParsedChatSender } from "../plugin-sdk/allow-from.js";
+import { isAllowedParsedChatSender } from "../../../src/plugin-sdk/allow-from.js";
 
 export type ServicePrefix<TService extends string> = { prefix: string; service: TService };
 
diff --git a/src/imessage/targets.test.ts b/extensions/imessage/src/targets.test.ts
similarity index 100%
rename from src/imessage/targets.test.ts
rename to extensions/imessage/src/targets.test.ts
diff --git a/src/imessage/targets.ts b/extensions/imessage/src/targets.ts
similarity index 98%
rename from src/imessage/targets.ts
rename to extensions/imessage/src/targets.ts
index e709f1064e4..a376a6e7f45 100644
--- a/src/imessage/targets.ts
+++ b/extensions/imessage/src/targets.ts
@@ -1,4 +1,4 @@
-import { normalizeE164 } from "../utils.js";
+import { normalizeE164 } from "../../../src/utils.js";
 import {
   createAllowedChatSenderMatcher,
   type ChatSenderAllowParams,
diff --git a/extensions/irc/package.json b/extensions/irc/package.json
index 85a04dcdaea..8d162b9ac20 100644
--- a/extensions/irc/package.json
+++ b/extensions/irc/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/irc",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw IRC channel plugin",
   "type": "module",
   "dependencies": {
diff --git a/extensions/irc/src/accounts.test.ts b/extensions/irc/src/accounts.test.ts
index afd1b597b81..5b4685795c6 100644
--- a/extensions/irc/src/accounts.test.ts
+++ b/extensions/irc/src/accounts.test.ts
@@ -81,6 +81,32 @@ describe("resolveDefaultIrcAccountId", () => {
 });
 
 describe("resolveIrcAccount", () => {
+  it("parses delimited IRC_CHANNELS env values for the default account", () => {
+    const previousChannels = process.env.IRC_CHANNELS;
+    process.env.IRC_CHANNELS = "alpha, beta\ngamma; delta";
+
+    try {
+      const account = resolveIrcAccount({
+        cfg: asConfig({
+          channels: {
+            irc: {
+              host: "irc.example.com",
+              nick: "claw",
+            },
+          },
+        }),
+      });
+
+      expect(account.config.channels).toEqual(["alpha", "beta", "gamma", "delta"]);
+    } finally {
+      if (previousChannels === undefined) {
+        delete process.env.IRC_CHANNELS;
+      } else {
+        process.env.IRC_CHANNELS = previousChannels;
+      }
+    }
+  });
+
   it.runIf(process.platform !== "win32")("rejects symlinked password files", () => {
     const dir = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-irc-account-"));
     const passwordFile = path.join(dir, "password.txt");
diff --git a/extensions/irc/src/accounts.ts b/extensions/irc/src/accounts.ts
index 13d48fffdb7..9367a7d2123 100644
--- a/extensions/irc/src/accounts.ts
+++ b/extensions/irc/src/accounts.ts
@@ -3,6 +3,7 @@ import { tryReadSecretFileSync } from "openclaw/plugin-sdk/core";
 import {
   createAccountListHelpers,
   normalizeResolvedSecretInputString,
+  parseOptionalDelimitedEntries,
 } from "openclaw/plugin-sdk/irc";
 import type { CoreConfig, IrcAccountConfig, IrcNickServConfig } from "./types.js";
 
@@ -42,17 +43,6 @@ function parseIntEnv(value?: string): number | undefined {
   return parsed;
 }
 
-function parseListEnv(value?: string): string[] | undefined {
-  if (!value?.trim()) {
-    return undefined;
-  }
-  const parsed = value
-    .split(/[\n,;]+/g)
-    .map((entry) => entry.trim())
-    .filter(Boolean);
-  return parsed.length > 0 ? parsed : undefined;
-}
-
 const { listAccountIds: listIrcAccountIds, resolveDefaultAccountId: resolveDefaultIrcAccountId } =
   createAccountListHelpers("irc", { normalizeAccountId });
 export { listIrcAccountIds, resolveDefaultIrcAccountId };
@@ -174,7 +164,9 @@ export function resolveIrcAccount(params: {
       accountId === DEFAULT_ACCOUNT_ID ? parseIntEnv(process.env.IRC_PORT) : undefined;
     const port = merged.port ?? envPort ?? (tls ? 6697 : 6667);
     const envChannels =
-      accountId === DEFAULT_ACCOUNT_ID ? parseListEnv(process.env.IRC_CHANNELS) : undefined;
+      accountId === DEFAULT_ACCOUNT_ID
+        ? parseOptionalDelimitedEntries(process.env.IRC_CHANNELS)
+        : undefined;
 
     const host = (
       merged.host?.trim() ||
diff --git a/extensions/irc/src/channel.startup.test.ts b/extensions/irc/src/channel.startup.test.ts
index ef972f64c0e..7b4416d1892 100644
--- a/extensions/irc/src/channel.startup.test.ts
+++ b/extensions/irc/src/channel.startup.test.ts
@@ -1,5 +1,8 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { createStartAccountContext } from "../../test-utils/start-account-context.js";
+import {
+  expectStopPendingUntilAbort,
+  startAccountAndTrackLifecycle,
+} from "../../test-utils/start-account-lifecycle.js";
 import type { ResolvedIrcAccount } from "./accounts.js";
 
 const hoisted = vi.hoisted(() => ({
@@ -41,27 +44,20 @@ describe("ircPlugin gateway.startAccount", () => {
       config: {} as ResolvedIrcAccount["config"],
     };
 
-    const abort = new AbortController();
-    const task = ircPlugin.gateway!.startAccount!(
-      createStartAccountContext({
-        account,
-        abortSignal: abort.signal,
-      }),
-    );
-    let settled = false;
-    void task.then(() => {
-      settled = true;
+    const { abort, task, isSettled } = startAccountAndTrackLifecycle({
+      startAccount: ircPlugin.gateway!.startAccount!,
+      account,
     });
 
-    await vi.waitFor(() => {
-      expect(hoisted.monitorIrcProvider).toHaveBeenCalledOnce();
+    await expectStopPendingUntilAbort({
+      waitForStarted: () =>
+        vi.waitFor(() => {
+          expect(hoisted.monitorIrcProvider).toHaveBeenCalledOnce();
+        }),
+      isSettled,
+      abort,
+      task,
+      stop,
     });
-    expect(settled).toBe(false);
-    expect(stop).not.toHaveBeenCalled();
-
-    abort.abort();
-    await task;
-
-    expect(stop).toHaveBeenCalledOnce();
   });
 });
diff --git a/extensions/irc/src/channel.ts b/extensions/irc/src/channel.ts
index c598a9a0ef3..62d64fb0866 100644
--- a/extensions/irc/src/channel.ts
+++ b/extensions/irc/src/channel.ts
@@ -14,10 +14,10 @@ import {
   deleteAccountFromConfigSection,
   getChatChannelMeta,
   PAIRING_APPROVED_MESSAGE,
-  runPassiveAccountLifecycle,
   setAccountEnabledInConfigSection,
   type ChannelPlugin,
 } from "openclaw/plugin-sdk/irc";
+import { runStoppablePassiveMonitor } from "../../shared/passive-monitor.js";
 import {
   listIrcAccountIds,
   resolveDefaultIrcAccountId,
@@ -367,7 +367,7 @@ export const ircPlugin: ChannelPlugin<ResolvedIrcAccount, IrcProbe> = {
       ctx.log?.info(
         `[${account.accountId}] starting IRC provider (${account.host}:${account.port}${account.tls ? " tls" : ""})`,
       );
-      await runPassiveAccountLifecycle({
+      await runStoppablePassiveMonitor({
         abortSignal: ctx.abortSignal,
         start: async () =>
           await monitorIrcProvider({
@@ -377,9 +377,6 @@ export const ircPlugin: ChannelPlugin<ResolvedIrcAccount, IrcProbe> = {
             abortSignal: ctx.abortSignal,
             statusSink,
           }),
-        stop: async (monitor) => {
-          monitor.stop();
-        },
       });
     },
   },
diff --git a/extensions/irc/src/config-schema.ts b/extensions/irc/src/config-schema.ts
index aa37b596cd1..8b9625b5bc4 100644
--- a/extensions/irc/src/config-schema.ts
+++ b/extensions/irc/src/config-schema.ts
@@ -9,6 +9,7 @@ import {
   requireOpenAllowFrom,
 } from "openclaw/plugin-sdk/irc";
 import { z } from "zod";
+import { requireChannelOpenAllowFrom } from "../../shared/config-schema-helpers.js";
 
 const IrcGroupSchema = z
   .object({
@@ -69,12 +70,12 @@ export const IrcAccountSchemaBase = z
   .strict();
 
 export const IrcAccountSchema = IrcAccountSchemaBase.superRefine((value, ctx) => {
-  requireOpenAllowFrom({
+  requireChannelOpenAllowFrom({
+    channel: "irc",
     policy: value.dmPolicy,
     allowFrom: value.allowFrom,
     ctx,
-    path: ["allowFrom"],
-    message: 'channels.irc.dmPolicy="open" requires channels.irc.allowFrom to include "*"',
+    requireOpenAllowFrom,
   });
 });
 
@@ -82,11 +83,11 @@ export const IrcConfigSchema = IrcAccountSchemaBase.extend({
   accounts: z.record(z.string(), IrcAccountSchema.optional()).optional(),
   defaultAccount: z.string().optional(),
 }).superRefine((value, ctx) => {
-  requireOpenAllowFrom({
+  requireChannelOpenAllowFrom({
+    channel: "irc",
     policy: value.dmPolicy,
     allowFrom: value.allowFrom,
     ctx,
-    path: ["allowFrom"],
-    message: 'channels.irc.dmPolicy="open" requires channels.irc.allowFrom to include "*"',
+    requireOpenAllowFrom,
   });
 });
diff --git a/extensions/irc/src/monitor.ts b/extensions/irc/src/monitor.ts
index e416d95f8eb..2eec74a73d4 100644
--- a/extensions/irc/src/monitor.ts
+++ b/extensions/irc/src/monitor.ts
@@ -1,4 +1,5 @@
-import { createLoggerBackedRuntime, type RuntimeEnv } from "openclaw/plugin-sdk/irc";
+import type { RuntimeEnv } from "openclaw/plugin-sdk/irc";
+import { resolveLoggerBackedRuntime } from "../../shared/runtime.js";
 import { resolveIrcAccount } from "./accounts.js";
 import { connectIrcClient, type IrcClient } from "./client.js";
 import { buildIrcConnectOptions } from "./connect-options.js";
@@ -39,12 +40,10 @@ export async function monitorIrcProvider(opts: IrcMonitorOptions): Promise<{ sto
     accountId: opts.accountId,
   });
 
-  const runtime: RuntimeEnv =
-    opts.runtime ??
-    createLoggerBackedRuntime({
-      logger: core.logging.getChildLogger(),
-      exitError: () => new Error("Runtime exit not available"),
-    });
+  const runtime: RuntimeEnv = resolveLoggerBackedRuntime(
+    opts.runtime,
+    core.logging.getChildLogger(),
+  );
 
   if (!account.configured) {
     throw new Error(
diff --git a/extensions/irc/src/onboarding.test.ts b/extensions/irc/src/onboarding.test.ts
index 21f3e978c1a..613503700f3 100644
--- a/extensions/irc/src/onboarding.test.ts
+++ b/extensions/irc/src/onboarding.test.ts
@@ -1,5 +1,6 @@
 import type { RuntimeEnv, WizardPrompter } from "openclaw/plugin-sdk/irc";
 import { describe, expect, it, vi } from "vitest";
+import { createRuntimeEnv } from "../../test-utils/runtime-env.js";
 import { ircOnboardingAdapter } from "./onboarding.js";
 import type { CoreConfig } from "./types.js";
 
@@ -63,13 +64,7 @@ describe("irc onboarding", () => {
       }),
     });
 
-    const runtime: RuntimeEnv = {
-      log: vi.fn(),
-      error: vi.fn(),
-      exit: vi.fn((code: number): never => {
-        throw new Error(`exit ${code}`);
-      }),
-    };
+    const runtime: RuntimeEnv = createRuntimeEnv();
 
     const result = await ircOnboardingAdapter.configure({
       cfg: {} as CoreConfig,
diff --git a/extensions/irc/src/send.test.ts b/extensions/irc/src/send.test.ts
index df7b5e60ddd..8fbe58e7f22 100644
--- a/extensions/irc/src/send.test.ts
+++ b/extensions/irc/src/send.test.ts
@@ -1,4 +1,9 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  createSendCfgThreadingRuntime,
+  expectProvidedCfgSkipsRuntimeLoad,
+  expectRuntimeCfgFallback,
+} from "../../test-utils/send-config.js";
 import type { IrcClient } from "./client.js";
 import type { CoreConfig } from "./types.js";
 
@@ -27,20 +32,7 @@ const hoisted = vi.hoisted(() => {
 });
 
 vi.mock("./runtime.js", () => ({
-  getIrcRuntime: () => ({
-    config: {
-      loadConfig: hoisted.loadConfig,
-    },
-    channel: {
-      text: {
-        resolveMarkdownTableMode: hoisted.resolveMarkdownTableMode,
-        convertMarkdownTables: hoisted.convertMarkdownTables,
-      },
-      activity: {
-        record: hoisted.record,
-      },
-    },
-  }),
+  getIrcRuntime: () => createSendCfgThreadingRuntime(hoisted),
 }));
 
 vi.mock("./accounts.js", () => ({
@@ -87,8 +79,9 @@ describe("sendMessageIrc cfg threading", () => {
       accountId: "work",
     });
 
-    expect(hoisted.loadConfig).not.toHaveBeenCalled();
-    expect(hoisted.resolveIrcAccount).toHaveBeenCalledWith({
+    expectProvidedCfgSkipsRuntimeLoad({
+      loadConfig: hoisted.loadConfig,
+      resolveAccount: hoisted.resolveIrcAccount,
       cfg: providedCfg,
       accountId: "work",
     });
@@ -106,8 +99,9 @@ describe("sendMessageIrc cfg threading", () => {
 
     await sendMessageIrc("#ops", "ping", { client });
 
-    expect(hoisted.loadConfig).toHaveBeenCalledTimes(1);
-    expect(hoisted.resolveIrcAccount).toHaveBeenCalledWith({
+    expectRuntimeCfgFallback({
+      loadConfig: hoisted.loadConfig,
+      resolveAccount: hoisted.resolveIrcAccount,
       cfg: runtimeCfg,
       accountId: undefined,
     });
diff --git a/extensions/line/package.json b/extensions/line/package.json
index e9e691ac8b8..85bfac7f0ac 100644
--- a/extensions/line/package.json
+++ b/extensions/line/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/line",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw LINE channel plugin",
   "type": "module",
diff --git a/extensions/line/src/channel.ts b/extensions/line/src/channel.ts
index ddc612b8fa7..982d7670082 100644
--- a/extensions/line/src/channel.ts
+++ b/extensions/line/src/channel.ts
@@ -347,6 +347,16 @@ export const linePlugin: ChannelPlugin<ResolvedLineAccount> = {
         : [];
       const mediaUrls = payload.mediaUrls ?? (payload.mediaUrl ? [payload.mediaUrl] : []);
       const shouldSendQuickRepliesInline = chunks.length === 0 && hasQuickReplies;
+      const sendMediaMessages = async () => {
+        for (const url of mediaUrls) {
+          lastResult = await runtime.channel.line.sendMessageLine(to, "", {
+            verbose: false,
+            mediaUrl: url,
+            cfg,
+            accountId: accountId ?? undefined,
+          });
+        }
+      };
 
       if (!shouldSendQuickRepliesInline) {
         if (lineData.flexMessage) {
@@ -391,14 +401,7 @@ export const linePlugin: ChannelPlugin<ResolvedLineAccount> = {
 
       const sendMediaAfterText = !(hasQuickReplies && chunks.length > 0);
       if (mediaUrls.length > 0 && !shouldSendQuickRepliesInline && !sendMediaAfterText) {
-        for (const url of mediaUrls) {
-          lastResult = await runtime.channel.line.sendMessageLine(to, "", {
-            verbose: false,
-            mediaUrl: url,
-            cfg,
-            accountId: accountId ?? undefined,
-          });
-        }
+        await sendMediaMessages();
       }
 
       if (chunks.length > 0) {
@@ -471,14 +474,7 @@ export const linePlugin: ChannelPlugin<ResolvedLineAccount> = {
       }
 
       if (mediaUrls.length > 0 && !shouldSendQuickRepliesInline && sendMediaAfterText) {
-        for (const url of mediaUrls) {
-          lastResult = await runtime.channel.line.sendMessageLine(to, "", {
-            verbose: false,
-            mediaUrl: url,
-            cfg,
-            accountId: accountId ?? undefined,
-          });
-        }
+        await sendMediaMessages();
       }
 
       if (lastResult) {
diff --git a/extensions/llm-task/package.json b/extensions/llm-task/package.json
index ac792d4a8d2..6b19e5cb4b2 100644
--- a/extensions/llm-task/package.json
+++ b/extensions/llm-task/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/llm-task",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw JSON-only LLM task plugin",
   "type": "module",
diff --git a/extensions/llm-task/src/llm-task-tool.test.ts b/extensions/llm-task/src/llm-task-tool.test.ts
index fc9f0e07215..2bf0cb655aa 100644
--- a/extensions/llm-task/src/llm-task-tool.test.ts
+++ b/extensions/llm-task/src/llm-task-tool.test.ts
@@ -29,6 +29,21 @@ function fakeApi(overrides: any = {}) {
   };
 }
 
+function mockEmbeddedRunJson(payload: unknown) {
+  // oxlint-disable-next-line typescript/no-explicit-any
+  (runEmbeddedPiAgent as any).mockResolvedValueOnce({
+    meta: {},
+    payloads: [{ text: JSON.stringify(payload) }],
+  });
+}
+
+async function executeEmbeddedRun(input: Record<string, unknown>) {
+  const tool = createLlmTaskTool(fakeApi());
+  await tool.execute("id", input);
+  // oxlint-disable-next-line typescript/no-explicit-any
+  return (runEmbeddedPiAgent as any).mock.calls[0]?.[0];
+}
+
 describe("llm-task tool (json-only)", () => {
   beforeEach(() => vi.clearAllMocks());
 
@@ -96,42 +111,25 @@ describe("llm-task tool (json-only)", () => {
   });
 
   it("passes provider/model overrides to embedded runner", async () => {
-    // oxlint-disable-next-line typescript/no-explicit-any
-    (runEmbeddedPiAgent as any).mockResolvedValueOnce({
-      meta: {},
-      payloads: [{ text: JSON.stringify({ ok: true }) }],
+    mockEmbeddedRunJson({ ok: true });
+    const call = await executeEmbeddedRun({
+      prompt: "x",
+      provider: "anthropic",
+      model: "claude-4-sonnet",
     });
-    const tool = createLlmTaskTool(fakeApi());
-    await tool.execute("id", { prompt: "x", provider: "anthropic", model: "claude-4-sonnet" });
-    // oxlint-disable-next-line typescript/no-explicit-any
-    const call = (runEmbeddedPiAgent as any).mock.calls[0]?.[0];
     expect(call.provider).toBe("anthropic");
     expect(call.model).toBe("claude-4-sonnet");
   });
 
   it("passes thinking override to embedded runner", async () => {
-    // oxlint-disable-next-line typescript/no-explicit-any
-    (runEmbeddedPiAgent as any).mockResolvedValueOnce({
-      meta: {},
-      payloads: [{ text: JSON.stringify({ ok: true }) }],
-    });
-    const tool = createLlmTaskTool(fakeApi());
-    await tool.execute("id", { prompt: "x", thinking: "high" });
-    // oxlint-disable-next-line typescript/no-explicit-any
-    const call = (runEmbeddedPiAgent as any).mock.calls[0]?.[0];
+    mockEmbeddedRunJson({ ok: true });
+    const call = await executeEmbeddedRun({ prompt: "x", thinking: "high" });
     expect(call.thinkLevel).toBe("high");
   });
 
   it("normalizes thinking aliases", async () => {
-    // oxlint-disable-next-line typescript/no-explicit-any
-    (runEmbeddedPiAgent as any).mockResolvedValueOnce({
-      meta: {},
-      payloads: [{ text: JSON.stringify({ ok: true }) }],
-    });
-    const tool = createLlmTaskTool(fakeApi());
-    await tool.execute("id", { prompt: "x", thinking: "on" });
-    // oxlint-disable-next-line typescript/no-explicit-any
-    const call = (runEmbeddedPiAgent as any).mock.calls[0]?.[0];
+    mockEmbeddedRunJson({ ok: true });
+    const call = await executeEmbeddedRun({ prompt: "x", thinking: "on" });
     expect(call.thinkLevel).toBe("low");
   });
 
@@ -150,24 +148,13 @@ describe("llm-task tool (json-only)", () => {
   });
 
   it("does not pass thinkLevel when thinking is omitted", async () => {
-    // oxlint-disable-next-line typescript/no-explicit-any
-    (runEmbeddedPiAgent as any).mockResolvedValueOnce({
-      meta: {},
-      payloads: [{ text: JSON.stringify({ ok: true }) }],
-    });
-    const tool = createLlmTaskTool(fakeApi());
-    await tool.execute("id", { prompt: "x" });
-    // oxlint-disable-next-line typescript/no-explicit-any
-    const call = (runEmbeddedPiAgent as any).mock.calls[0]?.[0];
+    mockEmbeddedRunJson({ ok: true });
+    const call = await executeEmbeddedRun({ prompt: "x" });
     expect(call.thinkLevel).toBeUndefined();
   });
 
   it("enforces allowedModels", async () => {
-    // oxlint-disable-next-line typescript/no-explicit-any
-    (runEmbeddedPiAgent as any).mockResolvedValueOnce({
-      meta: {},
-      payloads: [{ text: JSON.stringify({ ok: true }) }],
-    });
+    mockEmbeddedRunJson({ ok: true });
     const tool = createLlmTaskTool(
       fakeApi({ pluginConfig: { allowedModels: ["openai-codex/gpt-5.2"] } }),
     );
@@ -177,15 +164,8 @@ describe("llm-task tool (json-only)", () => {
   });
 
   it("disables tools for embedded run", async () => {
-    // oxlint-disable-next-line typescript/no-explicit-any
-    (runEmbeddedPiAgent as any).mockResolvedValueOnce({
-      meta: {},
-      payloads: [{ text: JSON.stringify({ ok: true }) }],
-    });
-    const tool = createLlmTaskTool(fakeApi());
-    await tool.execute("id", { prompt: "x" });
-    // oxlint-disable-next-line typescript/no-explicit-any
-    const call = (runEmbeddedPiAgent as any).mock.calls[0]?.[0];
+    mockEmbeddedRunJson({ ok: true });
+    const call = await executeEmbeddedRun({ prompt: "x" });
     expect(call.disableTools).toBe(true);
   });
 });
diff --git a/extensions/lobster/package.json b/extensions/lobster/package.json
index d18581200db..915e5d5c3de 100644
--- a/extensions/lobster/package.json
+++ b/extensions/lobster/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/lobster",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "Lobster workflow tool plugin (typed pipelines + resumable approvals)",
   "type": "module",
   "dependencies": {
diff --git a/extensions/matrix/CHANGELOG.md b/extensions/matrix/CHANGELOG.md
index 4e4ac1f71fe..5e6a7ed5327 100644
--- a/extensions/matrix/CHANGELOG.md
+++ b/extensions/matrix/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.3.14
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.3.13
 
 ### Changes
diff --git a/extensions/matrix/package.json b/extensions/matrix/package.json
index 764e1795e1a..5b973b88635 100644
--- a/extensions/matrix/package.json
+++ b/extensions/matrix/package.json
@@ -1,10 +1,10 @@
 {
   "name": "@openclaw/matrix",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Matrix channel plugin",
   "type": "module",
   "dependencies": {
-    "@mariozechner/pi-agent-core": "0.57.1",
+    "@mariozechner/pi-agent-core": "0.58.0",
     "@matrix-org/matrix-sdk-crypto-nodejs": "^0.4.0",
     "@vector-im/matrix-bot-sdk": "0.8.0-element.3",
     "markdown-it": "14.1.1",
diff --git a/extensions/matrix/src/channel.directory.test.ts b/extensions/matrix/src/channel.directory.test.ts
index 51c781c0b75..2c5bc9533f3 100644
--- a/extensions/matrix/src/channel.directory.test.ts
+++ b/extensions/matrix/src/channel.directory.test.ts
@@ -1,36 +1,17 @@
 import type { PluginRuntime, RuntimeEnv } from "openclaw/plugin-sdk/matrix";
 import { beforeEach, describe, expect, it, vi } from "vitest";
+import { createRuntimeEnv } from "../../test-utils/runtime-env.js";
 import { matrixPlugin } from "./channel.js";
 import { setMatrixRuntime } from "./runtime.js";
+import { createMatrixBotSdkMock } from "./test-mocks.js";
 import type { CoreConfig } from "./types.js";
 
-vi.mock("@vector-im/matrix-bot-sdk", () => ({
-  ConsoleLogger: class {
-    trace = vi.fn();
-    debug = vi.fn();
-    info = vi.fn();
-    warn = vi.fn();
-    error = vi.fn();
-  },
-  MatrixClient: class {},
-  LogService: {
-    setLogger: vi.fn(),
-    warn: vi.fn(),
-    info: vi.fn(),
-    debug: vi.fn(),
-  },
-  SimpleFsStorageProvider: class {},
-  RustSdkCryptoStorageProvider: class {},
-}));
+vi.mock("@vector-im/matrix-bot-sdk", () =>
+  createMatrixBotSdkMock({ includeVerboseLogService: true }),
+);
 
 describe("matrix directory", () => {
-  const runtimeEnv: RuntimeEnv = {
-    log: vi.fn(),
-    error: vi.fn(),
-    exit: vi.fn((code: number): never => {
-      throw new Error(`exit ${code}`);
-    }),
-  };
+  const runtimeEnv: RuntimeEnv = createRuntimeEnv();
 
   beforeEach(() => {
     setMatrixRuntime({
diff --git a/extensions/matrix/src/channel.ts b/extensions/matrix/src/channel.ts
index a024b3f3e8a..bad3322f8d0 100644
--- a/extensions/matrix/src/channel.ts
+++ b/extensions/matrix/src/channel.ts
@@ -15,6 +15,7 @@ import {
   PAIRING_APPROVED_MESSAGE,
   type ChannelPlugin,
 } from "openclaw/plugin-sdk/matrix";
+import { buildTrafficStatusSummary } from "../../shared/channel-status-summary.js";
 import { matrixMessageActions } from "./actions.js";
 import { MatrixConfigSchema } from "./config-schema.js";
 import { listMatrixDirectoryGroupsLive, listMatrixDirectoryPeersLive } from "./directory-live.js";
@@ -410,8 +411,7 @@ export const matrixPlugin: ChannelPlugin<ResolvedMatrixAccount> = {
       lastError: runtime?.lastError ?? null,
       probe,
       lastProbeAt: runtime?.lastProbeAt ?? null,
-      lastInboundAt: runtime?.lastInboundAt ?? null,
-      lastOutboundAt: runtime?.lastOutboundAt ?? null,
+      ...buildTrafficStatusSummary(runtime),
     }),
   },
   gateway: {
diff --git a/extensions/matrix/src/matrix/monitor/allowlist.ts b/extensions/matrix/src/matrix/monitor/allowlist.ts
index 326360cade5..a48fe63bdb0 100644
--- a/extensions/matrix/src/matrix/monitor/allowlist.ts
+++ b/extensions/matrix/src/matrix/monitor/allowlist.ts
@@ -1,7 +1,7 @@
 import {
   compileAllowlist,
   normalizeStringEntries,
-  resolveAllowlistCandidates,
+  resolveCompiledAllowlistMatch,
   type AllowlistMatch,
 } from "openclaw/plugin-sdk/matrix";
 
@@ -77,19 +77,13 @@ export function resolveMatrixAllowListMatch(params: {
   userId?: string;
 }): MatrixAllowListMatch {
   const compiledAllowList = compileAllowlist(params.allowList);
-  if (compiledAllowList.set.size === 0) {
-    return { allowed: false };
-  }
-  if (compiledAllowList.wildcard) {
-    return { allowed: true, matchKey: "*", matchSource: "wildcard" };
-  }
   const userId = normalizeMatrixUser(params.userId);
   const candidates: Array<{ value?: string; source: MatrixAllowListSource }> = [
     { value: userId, source: "id" },
     { value: userId ? `matrix:${userId}` : "", source: "prefixed-id" },
     { value: userId ? `user:${userId}` : "", source: "prefixed-user" },
   ];
-  return resolveAllowlistCandidates({
+  return resolveCompiledAllowlistMatch({
     compiledAllowlist: compiledAllowList,
     candidates,
   });
diff --git a/extensions/matrix/src/matrix/monitor/handler.ts b/extensions/matrix/src/matrix/monitor/handler.ts
index 0adc9fa2886..22ee16275cf 100644
--- a/extensions/matrix/src/matrix/monitor/handler.ts
+++ b/extensions/matrix/src/matrix/monitor/handler.ts
@@ -686,6 +686,7 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam
         channel: "matrix",
         accountId: route.accountId,
       });
+      const humanDelay = core.channel.reply.resolveHumanDelayConfig(cfg, route.agentId);
       const typingCallbacks = createTypingCallbacks({
         start: () => sendTypingMatrix(roomId, true, undefined, client),
         stop: () => sendTypingMatrix(roomId, false, undefined, client),
@@ -711,7 +712,7 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam
       const { dispatcher, replyOptions, markDispatchIdle } =
         core.channel.reply.createReplyDispatcherWithTyping({
           ...prefixOptions,
-          humanDelay: core.channel.reply.resolveHumanDelayConfig(cfg, route.agentId),
+          humanDelay,
           typingCallbacks,
           deliver: async (payload) => {
             await deliverMatrixReplies({
diff --git a/extensions/matrix/src/matrix/send-queue.test.ts b/extensions/matrix/src/matrix/send-queue.test.ts
index aa4765eaab3..240dd8ee71d 100644
--- a/extensions/matrix/src/matrix/send-queue.test.ts
+++ b/extensions/matrix/src/matrix/send-queue.test.ts
@@ -1,16 +1,7 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { createDeferred } from "../../../shared/deferred.js";
 import { DEFAULT_SEND_GAP_MS, enqueueSend } from "./send-queue.js";
 
-function deferred<T>() {
-  let resolve!: (value: T | PromiseLike<T>) => void;
-  let reject!: (reason?: unknown) => void;
-  const promise = new Promise<T>((res, rej) => {
-    resolve = res;
-    reject = rej;
-  });
-  return { promise, resolve, reject };
-}
-
 describe("enqueueSend", () => {
   beforeEach(() => {
     vi.useFakeTimers();
@@ -21,7 +12,7 @@ describe("enqueueSend", () => {
   });
 
   it("serializes sends per room", async () => {
-    const gate = deferred<void>();
+    const gate = createDeferred<void>();
     const events: string[] = [];
 
     const first = enqueueSend("!room:example.org", async () => {
@@ -91,7 +82,7 @@ describe("enqueueSend", () => {
   });
 
   it("continues queued work when the head task fails", async () => {
-    const gate = deferred<void>();
+    const gate = createDeferred<void>();
     const events: string[] = [];
 
     const first = enqueueSend("!room:example.org", async () => {
diff --git a/extensions/matrix/src/matrix/send.test.ts b/extensions/matrix/src/matrix/send.test.ts
index dabe915b388..2bf21023909 100644
--- a/extensions/matrix/src/matrix/send.test.ts
+++ b/extensions/matrix/src/matrix/send.test.ts
@@ -1,6 +1,7 @@
 import type { PluginRuntime } from "openclaw/plugin-sdk/matrix";
 import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 import { setMatrixRuntime } from "../runtime.js";
+import { createMatrixBotSdkMock } from "../test-mocks.js";
 
 vi.mock("music-metadata", () => ({
   // `resolveMediaDurationMs` lazily imports `music-metadata`; in tests we don't
@@ -8,21 +9,13 @@ vi.mock("music-metadata", () => ({
   parseBuffer: vi.fn().mockResolvedValue({ format: {} }),
 }));
 
-vi.mock("@vector-im/matrix-bot-sdk", () => ({
-  ConsoleLogger: class {
-    trace = vi.fn();
-    debug = vi.fn();
-    info = vi.fn();
-    warn = vi.fn();
-    error = vi.fn();
-  },
-  LogService: {
-    setLogger: vi.fn(),
-  },
-  MatrixClient: vi.fn(),
-  SimpleFsStorageProvider: vi.fn(),
-  RustSdkCryptoStorageProvider: vi.fn(),
-}));
+vi.mock("@vector-im/matrix-bot-sdk", () =>
+  createMatrixBotSdkMock({
+    matrixClient: vi.fn(),
+    simpleFsStorageProvider: vi.fn(),
+    rustSdkCryptoStorageProvider: vi.fn(),
+  }),
+);
 
 vi.mock("./send-queue.js", () => ({
   enqueueSend: async <T>(_roomId: string, fn: () => Promise<T>) => await fn(),
diff --git a/extensions/matrix/src/outbound.test.ts b/extensions/matrix/src/outbound.test.ts
index e0b62c1c00b..081c5572837 100644
--- a/extensions/matrix/src/outbound.test.ts
+++ b/extensions/matrix/src/outbound.test.ts
@@ -88,7 +88,7 @@ describe("matrixOutbound cfg threading", () => {
     );
   });
 
-  it("passes resolved cfg through injected deps.sendMatrix", async () => {
+  it("passes resolved cfg through injected deps.matrix", async () => {
     const cfg = {
       channels: {
         matrix: {
@@ -96,7 +96,7 @@ describe("matrixOutbound cfg threading", () => {
         },
       },
     } as OpenClawConfig;
-    const sendMatrix = vi.fn(async () => ({
+    const matrix = vi.fn(async () => ({
       messageId: "evt-injected",
       roomId: "!room:example",
     }));
@@ -105,13 +105,13 @@ describe("matrixOutbound cfg threading", () => {
       cfg,
       to: "room:!room:example",
       text: "hello via deps",
-      deps: { sendMatrix },
+      deps: { matrix },
       accountId: "default",
       threadId: "$thread",
       replyToId: "$reply",
     });
 
-    expect(sendMatrix).toHaveBeenCalledWith(
+    expect(matrix).toHaveBeenCalledWith(
       "room:!room:example",
       "hello via deps",
       expect.objectContaining({
diff --git a/extensions/matrix/src/outbound.ts b/extensions/matrix/src/outbound.ts
index be4f8d3426d..072ab2fb8c1 100644
--- a/extensions/matrix/src/outbound.ts
+++ b/extensions/matrix/src/outbound.ts
@@ -1,4 +1,5 @@
 import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk/matrix";
+import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js";
 import { sendMessageMatrix, sendPollMatrix } from "./matrix/send.js";
 import { getMatrixRuntime } from "./runtime.js";
 
@@ -8,7 +9,8 @@ export const matrixOutbound: ChannelOutboundAdapter = {
   chunkerMode: "markdown",
   textChunkLimit: 4000,
   sendText: async ({ cfg, to, text, deps, replyToId, threadId, accountId }) => {
-    const send = deps?.sendMatrix ?? sendMessageMatrix;
+    const send =
+      resolveOutboundSendDep<typeof sendMessageMatrix>(deps, "matrix") ?? sendMessageMatrix;
     const resolvedThreadId =
       threadId !== undefined && threadId !== null ? String(threadId) : undefined;
     const result = await send(to, text, {
@@ -24,7 +26,8 @@ export const matrixOutbound: ChannelOutboundAdapter = {
     };
   },
   sendMedia: async ({ cfg, to, text, mediaUrl, deps, replyToId, threadId, accountId }) => {
-    const send = deps?.sendMatrix ?? sendMessageMatrix;
+    const send =
+      resolveOutboundSendDep<typeof sendMessageMatrix>(deps, "matrix") ?? sendMessageMatrix;
     const resolvedThreadId =
       threadId !== undefined && threadId !== null ? String(threadId) : undefined;
     const result = await send(to, text, {
diff --git a/extensions/matrix/src/resolve-targets.test.ts b/extensions/matrix/src/resolve-targets.test.ts
index 10dff313a2e..02a5088e8ae 100644
--- a/extensions/matrix/src/resolve-targets.test.ts
+++ b/extensions/matrix/src/resolve-targets.test.ts
@@ -8,6 +8,15 @@ vi.mock("./directory-live.js", () => ({
   listMatrixDirectoryGroupsLive: vi.fn(),
 }));
 
+async function resolveUserTarget(input = "Alice") {
+  const [result] = await resolveMatrixTargets({
+    cfg: {},
+    inputs: [input],
+    kind: "user",
+  });
+  return result;
+}
+
 describe("resolveMatrixTargets (users)", () => {
   beforeEach(() => {
     vi.mocked(listMatrixDirectoryPeersLive).mockReset();
@@ -20,11 +29,7 @@ describe("resolveMatrixTargets (users)", () => {
     ];
     vi.mocked(listMatrixDirectoryPeersLive).mockResolvedValue(matches);
 
-    const [result] = await resolveMatrixTargets({
-      cfg: {},
-      inputs: ["Alice"],
-      kind: "user",
-    });
+    const result = await resolveUserTarget();
 
     expect(result?.resolved).toBe(true);
     expect(result?.id).toBe("@alice:example.org");
@@ -37,11 +42,7 @@ describe("resolveMatrixTargets (users)", () => {
     ];
     vi.mocked(listMatrixDirectoryPeersLive).mockResolvedValue(matches);
 
-    const [result] = await resolveMatrixTargets({
-      cfg: {},
-      inputs: ["Alice"],
-      kind: "user",
-    });
+    const result = await resolveUserTarget();
 
     expect(result?.resolved).toBe(false);
     expect(result?.note).toMatch(/use full Matrix ID/i);
diff --git a/extensions/matrix/src/test-mocks.ts b/extensions/matrix/src/test-mocks.ts
new file mode 100644
index 00000000000..687b94459ea
--- /dev/null
+++ b/extensions/matrix/src/test-mocks.ts
@@ -0,0 +1,53 @@
+import type { Mock } from "vitest";
+import { vi } from "vitest";
+
+type MatrixBotSdkMockParams = {
+  matrixClient?: unknown;
+  simpleFsStorageProvider?: unknown;
+  rustSdkCryptoStorageProvider?: unknown;
+  includeVerboseLogService?: boolean;
+};
+
+type MatrixBotSdkMock = {
+  ConsoleLogger: new () => {
+    trace: Mock<() => void>;
+    debug: Mock<() => void>;
+    info: Mock<() => void>;
+    warn: Mock<() => void>;
+    error: Mock<() => void>;
+  };
+  MatrixClient: unknown;
+  LogService: {
+    setLogger: Mock<() => void>;
+    warn?: Mock<() => void>;
+    info?: Mock<() => void>;
+    debug?: Mock<() => void>;
+  };
+  SimpleFsStorageProvider: unknown;
+  RustSdkCryptoStorageProvider: unknown;
+};
+
+export function createMatrixBotSdkMock(params: MatrixBotSdkMockParams = {}): MatrixBotSdkMock {
+  return {
+    ConsoleLogger: class {
+      trace = vi.fn();
+      debug = vi.fn();
+      info = vi.fn();
+      warn = vi.fn();
+      error = vi.fn();
+    },
+    MatrixClient: params.matrixClient ?? class {},
+    LogService: {
+      setLogger: vi.fn(),
+      ...(params.includeVerboseLogService
+        ? {
+            warn: vi.fn(),
+            info: vi.fn(),
+            debug: vi.fn(),
+          }
+        : {}),
+    },
+    SimpleFsStorageProvider: params.simpleFsStorageProvider ?? class {},
+    RustSdkCryptoStorageProvider: params.rustSdkCryptoStorageProvider ?? class {},
+  };
+}
diff --git a/extensions/mattermost/package.json b/extensions/mattermost/package.json
index bc8c14f458f..17f8add1b1f 100644
--- a/extensions/mattermost/package.json
+++ b/extensions/mattermost/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/mattermost",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Mattermost channel plugin",
   "type": "module",
   "dependencies": {
diff --git a/extensions/mattermost/src/channel.test.ts b/extensions/mattermost/src/channel.test.ts
index c188a8e6719..5ac333b2e6c 100644
--- a/extensions/mattermost/src/channel.test.ts
+++ b/extensions/mattermost/src/channel.test.ts
@@ -355,6 +355,53 @@ describe("mattermostPlugin", () => {
         }),
       );
     });
+
+    it("uses threadId as fallback when replyToId is absent (sendText)", async () => {
+      const sendText = mattermostPlugin.outbound?.sendText;
+      if (!sendText) {
+        return;
+      }
+
+      await sendText({
+        to: "channel:CHAN1",
+        text: "hello",
+        accountId: "default",
+        threadId: "post-root",
+      } as any);
+
+      expect(sendMessageMattermostMock).toHaveBeenCalledWith(
+        "channel:CHAN1",
+        "hello",
+        expect.objectContaining({
+          accountId: "default",
+          replyToId: "post-root",
+        }),
+      );
+    });
+
+    it("uses threadId as fallback when replyToId is absent (sendMedia)", async () => {
+      const sendMedia = mattermostPlugin.outbound?.sendMedia;
+      if (!sendMedia) {
+        return;
+      }
+
+      await sendMedia({
+        to: "channel:CHAN1",
+        text: "caption",
+        mediaUrl: "https://example.com/image.png",
+        accountId: "default",
+        threadId: "post-root",
+      } as any);
+
+      expect(sendMessageMattermostMock).toHaveBeenCalledWith(
+        "channel:CHAN1",
+        "caption",
+        expect.objectContaining({
+          accountId: "default",
+          replyToId: "post-root",
+        }),
+      );
+    });
   });
 
   describe("config", () => {
diff --git a/extensions/mattermost/src/channel.ts b/extensions/mattermost/src/channel.ts
index f8116e127b3..45c4d863c7c 100644
--- a/extensions/mattermost/src/channel.ts
+++ b/extensions/mattermost/src/channel.ts
@@ -21,6 +21,7 @@ import {
   type ChannelMessageActionName,
   type ChannelPlugin,
 } from "openclaw/plugin-sdk/mattermost";
+import { buildPassiveProbedChannelStatusSummary } from "../../shared/channel-status-summary.js";
 import { MattermostConfigSchema } from "./config-schema.js";
 import { resolveMattermostGroupRequireMention } from "./group-mentions.js";
 import {
@@ -389,21 +390,30 @@ export const mattermostPlugin: ChannelPlugin<ResolvedMattermostAccount> = {
       }
       return { ok: true, to: trimmed };
     },
-    sendText: async ({ cfg, to, text, accountId, replyToId }) => {
+    sendText: async ({ cfg, to, text, accountId, replyToId, threadId }) => {
       const result = await sendMessageMattermost(to, text, {
         cfg,
         accountId: accountId ?? undefined,
-        replyToId: replyToId ?? undefined,
+        replyToId: replyToId ?? (threadId != null ? String(threadId) : undefined),
       });
       return { channel: "mattermost", ...result };
     },
-    sendMedia: async ({ cfg, to, text, mediaUrl, mediaLocalRoots, accountId, replyToId }) => {
+    sendMedia: async ({
+      cfg,
+      to,
+      text,
+      mediaUrl,
+      mediaLocalRoots,
+      accountId,
+      replyToId,
+      threadId,
+    }) => {
       const result = await sendMessageMattermost(to, text, {
         cfg,
         accountId: accountId ?? undefined,
         mediaUrl,
         mediaLocalRoots,
-        replyToId: replyToId ?? undefined,
+        replyToId: replyToId ?? (threadId != null ? String(threadId) : undefined),
       });
       return { channel: "mattermost", ...result };
     },
@@ -419,18 +429,12 @@ export const mattermostPlugin: ChannelPlugin<ResolvedMattermostAccount> = {
       lastStopAt: null,
       lastError: null,
     },
-    buildChannelSummary: ({ snapshot }) => ({
-      configured: snapshot.configured ?? false,
-      botTokenSource: snapshot.botTokenSource ?? "none",
-      running: snapshot.running ?? false,
-      connected: snapshot.connected ?? false,
-      lastStartAt: snapshot.lastStartAt ?? null,
-      lastStopAt: snapshot.lastStopAt ?? null,
-      lastError: snapshot.lastError ?? null,
-      baseUrl: snapshot.baseUrl ?? null,
-      probe: snapshot.probe,
-      lastProbeAt: snapshot.lastProbeAt ?? null,
-    }),
+    buildChannelSummary: ({ snapshot }) =>
+      buildPassiveProbedChannelStatusSummary(snapshot, {
+        botTokenSource: snapshot.botTokenSource ?? "none",
+        connected: snapshot.connected ?? false,
+        baseUrl: snapshot.baseUrl ?? null,
+      }),
     probeAccount: async ({ account, timeoutMs }) => {
       const token = account.botToken?.trim();
       const baseUrl = account.baseUrl?.trim();
diff --git a/extensions/mattermost/src/config-schema.ts b/extensions/mattermost/src/config-schema.ts
index 43dd7ede8d2..16ee615454c 100644
--- a/extensions/mattermost/src/config-schema.ts
+++ b/extensions/mattermost/src/config-schema.ts
@@ -6,6 +6,7 @@ import {
   requireOpenAllowFrom,
 } from "openclaw/plugin-sdk/mattermost";
 import { z } from "zod";
+import { requireChannelOpenAllowFrom } from "../../shared/config-schema-helpers.js";
 import { buildSecretInputSchema } from "./secret-input.js";
 
 const MattermostSlashCommandsSchema = z
@@ -61,13 +62,12 @@ const MattermostAccountSchemaBase = z
   .strict();
 
 const MattermostAccountSchema = MattermostAccountSchemaBase.superRefine((value, ctx) => {
-  requireOpenAllowFrom({
+  requireChannelOpenAllowFrom({
+    channel: "mattermost",
     policy: value.dmPolicy,
     allowFrom: value.allowFrom,
     ctx,
-    path: ["allowFrom"],
-    message:
-      'channels.mattermost.dmPolicy="open" requires channels.mattermost.allowFrom to include "*"',
+    requireOpenAllowFrom,
   });
 });
 
@@ -75,12 +75,11 @@ export const MattermostConfigSchema = MattermostAccountSchemaBase.extend({
   accounts: z.record(z.string(), MattermostAccountSchema.optional()).optional(),
   defaultAccount: z.string().optional(),
 }).superRefine((value, ctx) => {
-  requireOpenAllowFrom({
+  requireChannelOpenAllowFrom({
+    channel: "mattermost",
     policy: value.dmPolicy,
     allowFrom: value.allowFrom,
     ctx,
-    path: ["allowFrom"],
-    message:
-      'channels.mattermost.dmPolicy="open" requires channels.mattermost.allowFrom to include "*"',
+    requireOpenAllowFrom,
   });
 });
diff --git a/extensions/mattermost/src/mattermost/model-picker.test.ts b/extensions/mattermost/src/mattermost/model-picker.test.ts
index b448339523e..cebafc4a1bc 100644
--- a/extensions/mattermost/src/mattermost/model-picker.test.ts
+++ b/extensions/mattermost/src/mattermost/model-picker.test.ts
@@ -60,6 +60,15 @@ describe("Mattermost model picker", () => {
     expect(view.buttons[0]?.[0]?.text).toBe("Browse providers");
   });
 
+  it("trims accidental model spacing in Mattermost current-model text", () => {
+    const view = renderMattermostModelSummaryView({
+      ownerUserId: "user-1",
+      currentModel: " OpenAI/ gpt-5 ",
+    });
+
+    expect(view.text).toContain("Current: openai/gpt-5");
+  });
+
   it("renders providers and models with Telegram-style navigation", () => {
     const providersView = renderMattermostProviderPickerView({
       ownerUserId: "user-1",
diff --git a/extensions/mattermost/src/mattermost/model-picker.ts b/extensions/mattermost/src/mattermost/model-picker.ts
index 42462180901..1547041a74a 100644
--- a/extensions/mattermost/src/mattermost/model-picker.ts
+++ b/extensions/mattermost/src/mattermost/model-picker.ts
@@ -36,15 +36,13 @@ export type MattermostModelPickerRenderedView = {
 
 function splitModelRef(modelRef?: string | null): { provider: string; model: string } | null {
   const trimmed = modelRef?.trim();
-  if (!trimmed) {
+  const match = trimmed?.match(/^([^/]+)\/(.+)$/u);
+  if (!match) {
     return null;
   }
-  const slashIndex = trimmed.indexOf("/");
-  if (slashIndex <= 0 || slashIndex >= trimmed.length - 1) {
-    return null;
-  }
-  const provider = normalizeProviderId(trimmed.slice(0, slashIndex));
-  const model = trimmed.slice(slashIndex + 1).trim();
+  const provider = normalizeProviderId(match[1]);
+  // Mattermost copy should normalize accidental whitespace around the model.
+  const model = match[2].trim();
   if (!provider || !model) {
     return null;
   }
diff --git a/extensions/mattermost/src/mattermost/send.test.ts b/extensions/mattermost/src/mattermost/send.test.ts
index cebb82ef7e3..774f40f99fa 100644
--- a/extensions/mattermost/src/mattermost/send.test.ts
+++ b/extensions/mattermost/src/mattermost/send.test.ts
@@ -1,4 +1,8 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  expectProvidedCfgSkipsRuntimeLoad,
+  expectRuntimeCfgFallback,
+} from "../../../test-utils/send-config.js";
 import { parseMattermostTarget, sendMessageMattermost } from "./send.js";
 import { resetMattermostOpaqueTargetCacheForTests } from "./target-resolution.js";
 
@@ -107,8 +111,9 @@ describe("sendMessageMattermost", () => {
       accountId: "work",
     });
 
-    expect(mockState.loadConfig).not.toHaveBeenCalled();
-    expect(mockState.resolveMattermostAccount).toHaveBeenCalledWith({
+    expectProvidedCfgSkipsRuntimeLoad({
+      loadConfig: mockState.loadConfig,
+      resolveAccount: mockState.resolveMattermostAccount,
       cfg: providedCfg,
       accountId: "work",
     });
@@ -126,8 +131,9 @@ describe("sendMessageMattermost", () => {
 
     await sendMessageMattermost("channel:town-square", "hello");
 
-    expect(mockState.loadConfig).toHaveBeenCalledTimes(1);
-    expect(mockState.resolveMattermostAccount).toHaveBeenCalledWith({
+    expectRuntimeCfgFallback({
+      loadConfig: mockState.loadConfig,
+      resolveAccount: mockState.resolveMattermostAccount,
       cfg: runtimeCfg,
       accountId: undefined,
     });
diff --git a/extensions/mattermost/src/mattermost/slash-http.ts b/extensions/mattermost/src/mattermost/slash-http.ts
index 36a5643e3fd..468f5c3584c 100644
--- a/extensions/mattermost/src/mattermost/slash-http.ts
+++ b/extensions/mattermost/src/mattermost/slash-http.ts
@@ -475,6 +475,7 @@ async function handleSlashCommandAsync(params: {
     channel: "mattermost",
     accountId: account.accountId,
   });
+  const humanDelay = core.channel.reply.resolveHumanDelayConfig(cfg, route.agentId);
 
   const typingCallbacks = createTypingCallbacks({
     start: () => sendMattermostTyping(client, { channelId }),
@@ -491,7 +492,7 @@ async function handleSlashCommandAsync(params: {
   const { dispatcher, replyOptions, markDispatchIdle } =
     core.channel.reply.createReplyDispatcherWithTyping({
       ...prefixOptions,
-      humanDelay: core.channel.reply.resolveHumanDelayConfig(cfg, route.agentId),
+      humanDelay,
       deliver: async (payload: ReplyPayload) => {
         await deliverMattermostReplyPayload({
           core,
diff --git a/extensions/memory-core/package.json b/extensions/memory-core/package.json
index 969bff3e07c..a6a8d1dbca8 100644
--- a/extensions/memory-core/package.json
+++ b/extensions/memory-core/package.json
@@ -1,12 +1,9 @@
 {
   "name": "@openclaw/memory-core",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw core memory search plugin",
   "type": "module",
-  "devDependencies": {
-    "openclaw": "workspace:*"
-  },
   "peerDependencies": {
     "openclaw": ">=2026.3.11"
   },
diff --git a/extensions/memory-lancedb/index.test.ts b/extensions/memory-lancedb/index.test.ts
index 2d9a6db1063..a733c3dffb8 100644
--- a/extensions/memory-lancedb/index.test.ts
+++ b/extensions/memory-lancedb/index.test.ts
@@ -18,12 +18,12 @@ const HAS_OPENAI_KEY = Boolean(process.env.OPENAI_API_KEY);
 const liveEnabled = HAS_OPENAI_KEY && process.env.OPENCLAW_LIVE_TEST === "1";
 const describeLive = liveEnabled ? describe : describe.skip;
 
-describe("memory plugin e2e", () => {
-  let tmpDir: string;
-  let dbPath: string;
+function installTmpDirHarness(params: { prefix: string }) {
+  let tmpDir = "";
+  let dbPath = "";
 
   beforeEach(async () => {
-    tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-memory-test-"));
+    tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), params.prefix));
     dbPath = path.join(tmpDir, "lancedb");
   });
 
@@ -33,6 +33,27 @@ describe("memory plugin e2e", () => {
     }
   });
 
+  return {
+    getTmpDir: () => tmpDir,
+    getDbPath: () => dbPath,
+  };
+}
+
+describe("memory plugin e2e", () => {
+  const { getDbPath } = installTmpDirHarness({ prefix: "openclaw-memory-test-" });
+
+  async function parseConfig(overrides: Record<string, unknown> = {}) {
+    const { default: memoryPlugin } = await import("./index.js");
+    return memoryPlugin.configSchema?.parse?.({
+      embedding: {
+        apiKey: OPENAI_API_KEY,
+        model: "text-embedding-3-small",
+      },
+      dbPath: getDbPath(),
+      ...overrides,
+    });
+  }
+
   test("memory plugin registers and initializes correctly", async () => {
     // Dynamic import to avoid loading LanceDB when not testing
     const { default: memoryPlugin } = await import("./index.js");
@@ -46,21 +67,14 @@ describe("memory plugin e2e", () => {
   });
 
   test("config schema parses valid config", async () => {
-    const { default: memoryPlugin } = await import("./index.js");
-
-    const config = memoryPlugin.configSchema?.parse?.({
-      embedding: {
-        apiKey: OPENAI_API_KEY,
-        model: "text-embedding-3-small",
-      },
-      dbPath,
+    const config = await parseConfig({
       autoCapture: true,
       autoRecall: true,
     });
 
     expect(config).toBeDefined();
     expect(config?.embedding?.apiKey).toBe(OPENAI_API_KEY);
-    expect(config?.dbPath).toBe(dbPath);
+    expect(config?.dbPath).toBe(getDbPath());
     expect(config?.captureMaxChars).toBe(500);
   });
 
@@ -74,7 +88,7 @@ describe("memory plugin e2e", () => {
       embedding: {
         apiKey: "${TEST_MEMORY_API_KEY}",
       },
-      dbPath,
+      dbPath: getDbPath(),
     });
 
     expect(config?.embedding?.apiKey).toBe("test-key-123");
@@ -88,7 +102,7 @@ describe("memory plugin e2e", () => {
     expect(() => {
       memoryPlugin.configSchema?.parse?.({
         embedding: {},
-        dbPath,
+        dbPath: getDbPath(),
       });
     }).toThrow("embedding.apiKey is required");
   });
@@ -99,21 +113,14 @@ describe("memory plugin e2e", () => {
     expect(() => {
       memoryPlugin.configSchema?.parse?.({
         embedding: { apiKey: OPENAI_API_KEY },
-        dbPath,
+        dbPath: getDbPath(),
         captureMaxChars: 99,
       });
     }).toThrow("captureMaxChars must be between 100 and 10000");
   });
 
   test("config schema accepts captureMaxChars override", async () => {
-    const { default: memoryPlugin } = await import("./index.js");
-
-    const config = memoryPlugin.configSchema?.parse?.({
-      embedding: {
-        apiKey: OPENAI_API_KEY,
-        model: "text-embedding-3-small",
-      },
-      dbPath,
+    const config = await parseConfig({
       captureMaxChars: 1800,
     });
 
@@ -121,15 +128,7 @@ describe("memory plugin e2e", () => {
   });
 
   test("config schema keeps autoCapture disabled by default", async () => {
-    const { default: memoryPlugin } = await import("./index.js");
-
-    const config = memoryPlugin.configSchema?.parse?.({
-      embedding: {
-        apiKey: OPENAI_API_KEY,
-        model: "text-embedding-3-small",
-      },
-      dbPath,
-    });
+    const config = await parseConfig();
 
     expect(config?.autoCapture).toBe(false);
     expect(config?.autoRecall).toBe(true);
@@ -176,7 +175,7 @@ describe("memory plugin e2e", () => {
             model: "text-embedding-3-small",
             dimensions: 1024,
           },
-          dbPath,
+          dbPath: getDbPath(),
           autoCapture: false,
           autoRecall: false,
         },
@@ -279,19 +278,7 @@ describe("memory plugin e2e", () => {
 
 // Live tests that require OpenAI API key and actually use LanceDB
 describeLive("memory plugin live tests", () => {
-  let tmpDir: string;
-  let dbPath: string;
-
-  beforeEach(async () => {
-    tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-memory-live-"));
-    dbPath = path.join(tmpDir, "lancedb");
-  });
-
-  afterEach(async () => {
-    if (tmpDir) {
-      await fs.rm(tmpDir, { recursive: true, force: true });
-    }
-  });
+  const { getDbPath } = installTmpDirHarness({ prefix: "openclaw-memory-live-" });
 
   test("memory tools work end-to-end", async () => {
     const { default: memoryPlugin } = await import("./index.js");
@@ -318,7 +305,7 @@ describeLive("memory plugin live tests", () => {
           apiKey: liveApiKey,
           model: "text-embedding-3-small",
         },
-        dbPath,
+        dbPath: getDbPath(),
         autoCapture: false,
         autoRecall: false,
       },
diff --git a/extensions/memory-lancedb/package.json b/extensions/memory-lancedb/package.json
index 89d3e4385d0..3f387bee4f4 100644
--- a/extensions/memory-lancedb/package.json
+++ b/extensions/memory-lancedb/package.json
@@ -1,13 +1,13 @@
 {
   "name": "@openclaw/memory-lancedb",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw LanceDB-backed long-term memory plugin with auto-recall/capture",
   "type": "module",
   "dependencies": {
     "@lancedb/lancedb": "^0.26.2",
     "@sinclair/typebox": "0.34.48",
-    "openai": "^6.27.0"
+    "openai": "^6.29.0"
   },
   "openclaw": {
     "extensions": [
diff --git a/extensions/minimax-portal-auth/package.json b/extensions/minimax-portal-auth/package.json
index bd61f8c9f65..093d42dad1d 100644
--- a/extensions/minimax-portal-auth/package.json
+++ b/extensions/minimax-portal-auth/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/minimax-portal-auth",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw MiniMax Portal OAuth provider plugin",
   "type": "module",
diff --git a/extensions/msteams/CHANGELOG.md b/extensions/msteams/CHANGELOG.md
index 229656712f8..4fb831f9278 100644
--- a/extensions/msteams/CHANGELOG.md
+++ b/extensions/msteams/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.3.14
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.3.13
 
 ### Changes
diff --git a/extensions/msteams/package.json b/extensions/msteams/package.json
index f14baa64f3a..4784334d1d5 100644
--- a/extensions/msteams/package.json
+++ b/extensions/msteams/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/msteams",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Microsoft Teams channel plugin",
   "type": "module",
   "dependencies": {
diff --git a/extensions/msteams/src/attachments.test.ts b/extensions/msteams/src/attachments.test.ts
index 6887fad7fcb..790dc8bd33f 100644
--- a/extensions/msteams/src/attachments.test.ts
+++ b/extensions/msteams/src/attachments.test.ts
@@ -88,14 +88,17 @@ function isUrlAllowedBySsrfPolicy(url: string, policy?: SsrFPolicy): boolean {
   );
 }
 
-const fetchRemoteMediaMock = vi.fn(async (params: RemoteMediaFetchParams) => {
+async function fetchRemoteMediaWithRedirects(
+  params: RemoteMediaFetchParams,
+  requestInit?: RequestInit,
+) {
   const fetchFn = params.fetchImpl ?? fetch;
   let currentUrl = params.url;
   for (let i = 0; i <= MAX_REDIRECT_HOPS; i += 1) {
     if (!isUrlAllowedBySsrfPolicy(currentUrl, params.ssrfPolicy)) {
       throw new Error(`Blocked hostname (not in allowlist): ${currentUrl}`);
     }
-    const res = await fetchFn(currentUrl, { redirect: "manual" });
+    const res = await fetchFn(currentUrl, { redirect: "manual", ...requestInit });
     if (REDIRECT_STATUS_CODES.includes(res.status)) {
       const location = res.headers.get("location");
       if (!location) {
@@ -107,6 +110,10 @@ const fetchRemoteMediaMock = vi.fn(async (params: RemoteMediaFetchParams) => {
     return readRemoteMediaResponse(res, params);
   }
   throw new Error("too many redirects");
+}
+
+const fetchRemoteMediaMock = vi.fn(async (params: RemoteMediaFetchParams) => {
+  return await fetchRemoteMediaWithRedirects(params);
 });
 
 const runtimeStub: PluginRuntime = createPluginRuntimeMock({
@@ -720,24 +727,9 @@ describe("msteams attachments", () => {
       });
 
       fetchRemoteMediaMock.mockImplementationOnce(async (params) => {
-        const fetchFn = params.fetchImpl ?? fetch;
-        let currentUrl = params.url;
-        for (let i = 0; i < MAX_REDIRECT_HOPS; i += 1) {
-          const res = await fetchFn(currentUrl, {
-            redirect: "manual",
-            dispatcher: {},
-          } as RequestInit);
-          if (REDIRECT_STATUS_CODES.includes(res.status)) {
-            const location = res.headers.get("location");
-            if (!location) {
-              throw new Error("redirect missing location");
-            }
-            currentUrl = new URL(location, currentUrl).toString();
-            continue;
-          }
-          return readRemoteMediaResponse(res, params);
-        }
-        throw new Error("too many redirects");
+        return await fetchRemoteMediaWithRedirects(params, {
+          dispatcher: {},
+        } as RequestInit);
       });
 
       const media = await downloadAttachmentsWithFetch(
diff --git a/extensions/msteams/src/channel.directory.test.ts b/extensions/msteams/src/channel.directory.test.ts
index 0746f78aabb..be95e6103ea 100644
--- a/extensions/msteams/src/channel.directory.test.ts
+++ b/extensions/msteams/src/channel.directory.test.ts
@@ -1,15 +1,10 @@
 import type { OpenClawConfig, RuntimeEnv } from "openclaw/plugin-sdk/msteams";
 import { describe, expect, it } from "vitest";
+import { createDirectoryTestRuntime, expectDirectorySurface } from "../../test-utils/directory.js";
 import { msteamsPlugin } from "./channel.js";
 
 describe("msteams directory", () => {
-  const runtimeEnv: RuntimeEnv = {
-    log: () => {},
-    error: () => {},
-    exit: (code: number): never => {
-      throw new Error(`exit ${code}`);
-    },
-  };
+  const runtimeEnv = createDirectoryTestRuntime() as RuntimeEnv;
 
   it("lists peers and groups from config", async () => {
     const cfg = {
@@ -29,12 +24,10 @@ describe("msteams directory", () => {
       },
     } as unknown as OpenClawConfig;
 
-    expect(msteamsPlugin.directory).toBeTruthy();
-    expect(msteamsPlugin.directory?.listPeers).toBeTruthy();
-    expect(msteamsPlugin.directory?.listGroups).toBeTruthy();
+    const directory = expectDirectorySurface(msteamsPlugin.directory);
 
     await expect(
-      msteamsPlugin.directory!.listPeers!({
+      directory.listPeers({
         cfg,
         query: undefined,
         limit: undefined,
@@ -50,7 +43,7 @@ describe("msteams directory", () => {
     );
 
     await expect(
-      msteamsPlugin.directory!.listGroups!({
+      directory.listGroups({
         cfg,
         query: undefined,
         limit: undefined,
diff --git a/extensions/msteams/src/messenger.test.ts b/extensions/msteams/src/messenger.test.ts
index aa0a92b5159..cc4cf2fb6f0 100644
--- a/extensions/msteams/src/messenger.test.ts
+++ b/extensions/msteams/src/messenger.test.ts
@@ -139,6 +139,22 @@ describe("msteams messenger", () => {
   });
 
   describe("sendMSTeamsMessages", () => {
+    function createRevokedThreadContext(params?: { failAfterAttempt?: number; sent?: string[] }) {
+      let attempt = 0;
+      return {
+        sendActivity: async (activity: unknown) => {
+          const { text } = activity as { text?: string };
+          const content = text ?? "";
+          attempt += 1;
+          if (params?.failAfterAttempt && attempt < params.failAfterAttempt) {
+            params.sent?.push(content);
+            return { id: `id:${content}` };
+          }
+          throw new TypeError(REVOCATION_ERROR);
+        },
+      };
+    }
+
     const baseRef: StoredConversationReference = {
       activityId: "activity123",
       user: { id: "user123", name: "User" },
@@ -305,13 +321,7 @@ describe("msteams messenger", () => {
 
     it("falls back to proactive messaging when thread context is revoked", async () => {
       const proactiveSent: string[] = [];
-
-      const ctx = {
-        sendActivity: async () => {
-          throw new TypeError(REVOCATION_ERROR);
-        },
-      };
-
+      const ctx = createRevokedThreadContext();
       const adapter = createFallbackAdapter(proactiveSent);
 
       const ids = await sendMSTeamsMessages({
@@ -331,21 +341,7 @@ describe("msteams messenger", () => {
     it("falls back only for remaining thread messages after context revocation", async () => {
       const threadSent: string[] = [];
       const proactiveSent: string[] = [];
-      let attempt = 0;
-
-      const ctx = {
-        sendActivity: async (activity: unknown) => {
-          const { text } = activity as { text?: string };
-          const content = text ?? "";
-          attempt += 1;
-          if (attempt === 1) {
-            threadSent.push(content);
-            return { id: `id:${content}` };
-          }
-          throw new TypeError(REVOCATION_ERROR);
-        },
-      };
-
+      const ctx = createRevokedThreadContext({ failAfterAttempt: 2, sent: threadSent });
       const adapter = createFallbackAdapter(proactiveSent);
 
       const ids = await sendMSTeamsMessages({
diff --git a/extensions/msteams/src/monitor-handler/message-handler.ts b/extensions/msteams/src/monitor-handler/message-handler.ts
index fff243fb70c..60a88c56664 100644
--- a/extensions/msteams/src/monitor-handler/message-handler.ts
+++ b/extensions/msteams/src/monitor-handler/message-handler.ts
@@ -9,7 +9,7 @@ import {
   evaluateSenderGroupAccessForPolicy,
   resolveSenderScopedGroupPolicy,
   recordPendingHistoryEntryIfEnabled,
-  resolveControlCommandGate,
+  resolveDualTextControlCommandGate,
   resolveDefaultGroupPolicy,
   isDangerousNameMatchingEnabled,
   readStoreAllowFromForDmPolicy,
@@ -297,18 +297,15 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) {
       senderName,
       allowNameMatching: isDangerousNameMatchingEnabled(msteamsCfg),
     });
-    const hasControlCommandInMessage = core.channel.text.hasControlCommand(text, cfg);
-    const commandGate = resolveControlCommandGate({
+    const { commandAuthorized, shouldBlock } = resolveDualTextControlCommandGate({
       useAccessGroups,
-      authorizers: [
-        { configured: commandDmAllowFrom.length > 0, allowed: ownerAllowedForCommands },
-        { configured: effectiveGroupAllowFrom.length > 0, allowed: groupAllowedForCommands },
-      ],
-      allowTextCommands: true,
-      hasControlCommand: hasControlCommandInMessage,
+      primaryConfigured: commandDmAllowFrom.length > 0,
+      primaryAllowed: ownerAllowedForCommands,
+      secondaryConfigured: effectiveGroupAllowFrom.length > 0,
+      secondaryAllowed: groupAllowedForCommands,
+      hasControlCommand: core.channel.text.hasControlCommand(text, cfg),
     });
-    const commandAuthorized = commandGate.commandAuthorized;
-    if (commandGate.shouldBlock) {
+    if (shouldBlock) {
       logInboundDrop({
         log: logVerboseMessage,
         channel: "msteams",
diff --git a/extensions/msteams/src/outbound.ts b/extensions/msteams/src/outbound.ts
index 9f3f55c6414..60d78a2dac5 100644
--- a/extensions/msteams/src/outbound.ts
+++ b/extensions/msteams/src/outbound.ts
@@ -1,4 +1,5 @@
 import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk/msteams";
+import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js";
 import { createMSTeamsPollStoreFs } from "./polls.js";
 import { getMSTeamsRuntime } from "./runtime.js";
 import { sendMessageMSTeams, sendPollMSTeams } from "./send.js";
@@ -10,13 +11,24 @@ export const msteamsOutbound: ChannelOutboundAdapter = {
   textChunkLimit: 4000,
   pollMaxOptions: 12,
   sendText: async ({ cfg, to, text, deps }) => {
-    const send = deps?.sendMSTeams ?? ((to, text) => sendMessageMSTeams({ cfg, to, text }));
+    type SendFn = (
+      to: string,
+      text: string,
+    ) => Promise<{ messageId: string; conversationId: string }>;
+    const send =
+      resolveOutboundSendDep<SendFn>(deps, "msteams") ??
+      ((to, text) => sendMessageMSTeams({ cfg, to, text }));
     const result = await send(to, text);
     return { channel: "msteams", ...result };
   },
   sendMedia: async ({ cfg, to, text, mediaUrl, mediaLocalRoots, deps }) => {
+    type SendFn = (
+      to: string,
+      text: string,
+      opts?: { mediaUrl?: string; mediaLocalRoots?: readonly string[] },
+    ) => Promise<{ messageId: string; conversationId: string }>;
     const send =
-      deps?.sendMSTeams ??
+      resolveOutboundSendDep<SendFn>(deps, "msteams") ??
       ((to, text, opts) =>
         sendMessageMSTeams({
           cfg,
diff --git a/extensions/nextcloud-talk/package.json b/extensions/nextcloud-talk/package.json
index 6c7957a5b25..c217d0f0ce7 100644
--- a/extensions/nextcloud-talk/package.json
+++ b/extensions/nextcloud-talk/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/nextcloud-talk",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Nextcloud Talk channel plugin",
   "type": "module",
   "dependencies": {
diff --git a/extensions/nextcloud-talk/src/channel.startup.test.ts b/extensions/nextcloud-talk/src/channel.startup.test.ts
index 79b3cd77cd5..5fd0607e753 100644
--- a/extensions/nextcloud-talk/src/channel.startup.test.ts
+++ b/extensions/nextcloud-talk/src/channel.startup.test.ts
@@ -1,5 +1,9 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
 import { createStartAccountContext } from "../../test-utils/start-account-context.js";
+import {
+  expectStopPendingUntilAbort,
+  startAccountAndTrackLifecycle,
+} from "../../test-utils/start-account-lifecycle.js";
 import type { ResolvedNextcloudTalkAccount } from "./accounts.js";
 
 const hoisted = vi.hoisted(() => ({
@@ -40,28 +44,20 @@ describe("nextcloudTalkPlugin gateway.startAccount", () => {
   it("keeps startAccount pending until abort, then stops the monitor", async () => {
     const stop = vi.fn();
     hoisted.monitorNextcloudTalkProvider.mockResolvedValue({ stop });
-    const abort = new AbortController();
-
-    const task = nextcloudTalkPlugin.gateway!.startAccount!(
-      createStartAccountContext({
-        account: buildAccount(),
-        abortSignal: abort.signal,
-      }),
-    );
-    let settled = false;
-    void task.then(() => {
-      settled = true;
+    const { abort, task, isSettled } = startAccountAndTrackLifecycle({
+      startAccount: nextcloudTalkPlugin.gateway!.startAccount!,
+      account: buildAccount(),
     });
-    await vi.waitFor(() => {
-      expect(hoisted.monitorNextcloudTalkProvider).toHaveBeenCalledOnce();
+    await expectStopPendingUntilAbort({
+      waitForStarted: () =>
+        vi.waitFor(() => {
+          expect(hoisted.monitorNextcloudTalkProvider).toHaveBeenCalledOnce();
+        }),
+      isSettled,
+      abort,
+      task,
+      stop,
     });
-    expect(settled).toBe(false);
-    expect(stop).not.toHaveBeenCalled();
-
-    abort.abort();
-    await task;
-
-    expect(stop).toHaveBeenCalledOnce();
   });
 
   it("stops immediately when startAccount receives an already-aborted signal", async () => {
diff --git a/extensions/nextcloud-talk/src/channel.ts b/extensions/nextcloud-talk/src/channel.ts
index 8a908b7e0ac..473299b74e0 100644
--- a/extensions/nextcloud-talk/src/channel.ts
+++ b/extensions/nextcloud-talk/src/channel.ts
@@ -5,7 +5,6 @@ import {
   createAccountStatusSink,
   formatAllowFromLowercase,
   mapAllowFromEntries,
-  runPassiveAccountLifecycle,
 } from "openclaw/plugin-sdk/compat";
 import {
   applyAccountNameToChannelSection,
@@ -21,6 +20,7 @@ import {
   type OpenClawConfig,
   type ChannelSetupInput,
 } from "openclaw/plugin-sdk/nextcloud-talk";
+import { runStoppablePassiveMonitor } from "../../shared/passive-monitor.js";
 import {
   listNextcloudTalkAccountIds,
   resolveDefaultNextcloudTalkAccountId,
@@ -344,7 +344,7 @@ export const nextcloudTalkPlugin: ChannelPlugin<ResolvedNextcloudTalkAccount> =
         setStatus: ctx.setStatus,
       });
 
-      await runPassiveAccountLifecycle({
+      await runStoppablePassiveMonitor({
         abortSignal: ctx.abortSignal,
         start: async () =>
           await monitorNextcloudTalkProvider({
@@ -354,9 +354,6 @@ export const nextcloudTalkPlugin: ChannelPlugin<ResolvedNextcloudTalkAccount> =
             abortSignal: ctx.abortSignal,
             statusSink,
           }),
-        stop: async (monitor) => {
-          monitor.stop();
-        },
       });
     },
     logoutAccount: async ({ accountId, cfg }) => {
diff --git a/extensions/nextcloud-talk/src/config-schema.ts b/extensions/nextcloud-talk/src/config-schema.ts
index 5ab3e632d22..85cb14ff213 100644
--- a/extensions/nextcloud-talk/src/config-schema.ts
+++ b/extensions/nextcloud-talk/src/config-schema.ts
@@ -9,6 +9,7 @@ import {
   requireOpenAllowFrom,
 } from "openclaw/plugin-sdk/nextcloud-talk";
 import { z } from "zod";
+import { requireChannelOpenAllowFrom } from "../../shared/config-schema-helpers.js";
 import { buildSecretInputSchema } from "./secret-input.js";
 
 export const NextcloudTalkRoomSchema = z
@@ -48,13 +49,12 @@ export const NextcloudTalkAccountSchemaBase = z
 
 export const NextcloudTalkAccountSchema = NextcloudTalkAccountSchemaBase.superRefine(
   (value, ctx) => {
-    requireOpenAllowFrom({
+    requireChannelOpenAllowFrom({
+      channel: "nextcloud-talk",
       policy: value.dmPolicy,
       allowFrom: value.allowFrom,
       ctx,
-      path: ["allowFrom"],
-      message:
-        'channels.nextcloud-talk.dmPolicy="open" requires channels.nextcloud-talk.allowFrom to include "*"',
+      requireOpenAllowFrom,
     });
   },
 );
@@ -63,12 +63,11 @@ export const NextcloudTalkConfigSchema = NextcloudTalkAccountSchemaBase.extend({
   accounts: z.record(z.string(), NextcloudTalkAccountSchema.optional()).optional(),
   defaultAccount: z.string().optional(),
 }).superRefine((value, ctx) => {
-  requireOpenAllowFrom({
+  requireChannelOpenAllowFrom({
+    channel: "nextcloud-talk",
     policy: value.dmPolicy,
     allowFrom: value.allowFrom,
     ctx,
-    path: ["allowFrom"],
-    message:
-      'channels.nextcloud-talk.dmPolicy="open" requires channels.nextcloud-talk.allowFrom to include "*"',
+    requireOpenAllowFrom,
   });
 });
diff --git a/extensions/nextcloud-talk/src/monitor.ts b/extensions/nextcloud-talk/src/monitor.ts
index f940195a28b..93c66ade4b5 100644
--- a/extensions/nextcloud-talk/src/monitor.ts
+++ b/extensions/nextcloud-talk/src/monitor.ts
@@ -1,12 +1,12 @@
 import { createServer, type IncomingMessage, type Server, type ServerResponse } from "node:http";
 import os from "node:os";
 import {
-  createLoggerBackedRuntime,
   type RuntimeEnv,
   isRequestBodyLimitError,
   readRequestBodyWithLimit,
   requestBodyErrorToText,
 } from "openclaw/plugin-sdk/nextcloud-talk";
+import { resolveLoggerBackedRuntime } from "../../shared/runtime.js";
 import { resolveNextcloudTalkAccount } from "./accounts.js";
 import { handleNextcloudTalkInbound } from "./inbound.js";
 import { createNextcloudTalkReplayGuard } from "./replay-guard.js";
@@ -318,12 +318,10 @@ export async function monitorNextcloudTalkProvider(
     cfg,
     accountId: opts.accountId,
   });
-  const runtime: RuntimeEnv =
-    opts.runtime ??
-    createLoggerBackedRuntime({
-      logger: core.logging.getChildLogger(),
-      exitError: () => new Error("Runtime exit not available"),
-    });
+  const runtime: RuntimeEnv = resolveLoggerBackedRuntime(
+    opts.runtime,
+    core.logging.getChildLogger(),
+  );
 
   if (!account.secret) {
     throw new Error(`Nextcloud Talk bot secret not configured for account "${account.accountId}"`);
diff --git a/extensions/nextcloud-talk/src/send.test.ts b/extensions/nextcloud-talk/src/send.test.ts
index 88133f9cbed..3ee178b815d 100644
--- a/extensions/nextcloud-talk/src/send.test.ts
+++ b/extensions/nextcloud-talk/src/send.test.ts
@@ -1,4 +1,9 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  createSendCfgThreadingRuntime,
+  expectProvidedCfgSkipsRuntimeLoad,
+  expectRuntimeCfgFallback,
+} from "../../test-utils/send-config.js";
 
 const hoisted = vi.hoisted(() => ({
   loadConfig: vi.fn(),
@@ -17,20 +22,7 @@ const hoisted = vi.hoisted(() => ({
 }));
 
 vi.mock("./runtime.js", () => ({
-  getNextcloudTalkRuntime: () => ({
-    config: {
-      loadConfig: hoisted.loadConfig,
-    },
-    channel: {
-      text: {
-        resolveMarkdownTableMode: hoisted.resolveMarkdownTableMode,
-        convertMarkdownTables: hoisted.convertMarkdownTables,
-      },
-      activity: {
-        record: hoisted.record,
-      },
-    },
-  }),
+  getNextcloudTalkRuntime: () => createSendCfgThreadingRuntime(hoisted),
 }));
 
 vi.mock("./accounts.js", () => ({
@@ -72,8 +64,9 @@ describe("nextcloud-talk send cfg threading", () => {
       accountId: "work",
     });
 
-    expect(hoisted.loadConfig).not.toHaveBeenCalled();
-    expect(hoisted.resolveNextcloudTalkAccount).toHaveBeenCalledWith({
+    expectProvidedCfgSkipsRuntimeLoad({
+      loadConfig: hoisted.loadConfig,
+      resolveAccount: hoisted.resolveNextcloudTalkAccount,
       cfg,
       accountId: "work",
     });
@@ -95,8 +88,9 @@ describe("nextcloud-talk send cfg threading", () => {
     });
 
     expect(result).toEqual({ ok: true });
-    expect(hoisted.loadConfig).toHaveBeenCalledTimes(1);
-    expect(hoisted.resolveNextcloudTalkAccount).toHaveBeenCalledWith({
+    expectRuntimeCfgFallback({
+      loadConfig: hoisted.loadConfig,
+      resolveAccount: hoisted.resolveNextcloudTalkAccount,
       cfg: runtimeCfg,
       accountId: "default",
     });
diff --git a/extensions/nostr/CHANGELOG.md b/extensions/nostr/CHANGELOG.md
index 0e59b1cb08e..c8cdc11422e 100644
--- a/extensions/nostr/CHANGELOG.md
+++ b/extensions/nostr/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.3.14
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.3.13
 
 ### Changes
diff --git a/extensions/nostr/package.json b/extensions/nostr/package.json
index 1c3499f3481..19ef7cc03e7 100644
--- a/extensions/nostr/package.json
+++ b/extensions/nostr/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/nostr",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Nostr channel plugin for NIP-04 encrypted DMs",
   "type": "module",
   "dependencies": {
diff --git a/extensions/nostr/src/channel.ts b/extensions/nostr/src/channel.ts
index 20de320a3d1..937c698bd47 100644
--- a/extensions/nostr/src/channel.ts
+++ b/extensions/nostr/src/channel.ts
@@ -7,6 +7,10 @@ import {
   mapAllowFromEntries,
   type ChannelPlugin,
 } from "openclaw/plugin-sdk/nostr";
+import {
+  buildPassiveChannelStatusSummary,
+  buildTrafficStatusSummary,
+} from "../../shared/channel-status-summary.js";
 import type { NostrProfile } from "./config-schema.js";
 import { NostrConfigSchema } from "./config-schema.js";
 import type { MetricEvent, MetricsSnapshot } from "./metrics.js";
@@ -160,14 +164,10 @@ export const nostrPlugin: ChannelPlugin<ResolvedNostrAccount> = {
   status: {
     defaultRuntime: createDefaultChannelRuntimeState(DEFAULT_ACCOUNT_ID),
     collectStatusIssues: (accounts) => collectStatusIssuesFromLastError("nostr", accounts),
-    buildChannelSummary: ({ snapshot }) => ({
-      configured: snapshot.configured ?? false,
-      publicKey: snapshot.publicKey ?? null,
-      running: snapshot.running ?? false,
-      lastStartAt: snapshot.lastStartAt ?? null,
-      lastStopAt: snapshot.lastStopAt ?? null,
-      lastError: snapshot.lastError ?? null,
-    }),
+    buildChannelSummary: ({ snapshot }) =>
+      buildPassiveChannelStatusSummary(snapshot, {
+        publicKey: snapshot.publicKey ?? null,
+      }),
     buildAccountSnapshot: ({ account, runtime }) => ({
       accountId: account.accountId,
       name: account.name,
@@ -179,8 +179,7 @@ export const nostrPlugin: ChannelPlugin<ResolvedNostrAccount> = {
       lastStartAt: runtime?.lastStartAt ?? null,
       lastStopAt: runtime?.lastStopAt ?? null,
       lastError: runtime?.lastError ?? null,
-      lastInboundAt: runtime?.lastInboundAt ?? null,
-      lastOutboundAt: runtime?.lastOutboundAt ?? null,
+      ...buildTrafficStatusSummary(runtime),
     }),
   },
 
diff --git a/extensions/ollama/package.json b/extensions/ollama/package.json
index 5bdf5fd688e..61a8227c3ed 100644
--- a/extensions/ollama/package.json
+++ b/extensions/ollama/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/ollama-provider",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw Ollama provider plugin",
   "type": "module",
diff --git a/extensions/open-prose/package.json b/extensions/open-prose/package.json
index f8f0e97cef3..69272781198 100644
--- a/extensions/open-prose/package.json
+++ b/extensions/open-prose/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/open-prose",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenProse VM skill pack plugin (slash command + telemetry).",
   "type": "module",
diff --git a/extensions/phone-control/index.test.ts b/extensions/phone-control/index.test.ts
index 9259092b153..2c3462c82a9 100644
--- a/extensions/phone-control/index.test.ts
+++ b/extensions/phone-control/index.test.ts
@@ -7,6 +7,7 @@ import type {
   PluginCommandContext,
 } from "openclaw/plugin-sdk/phone-control";
 import { describe, expect, it, vi } from "vitest";
+import { createTestPluginApi } from "../test-utils/plugin-api.js";
 import registerPhoneControl from "./index.js";
 
 function createApi(params: {
@@ -15,7 +16,7 @@ function createApi(params: {
   writeConfig: (next: Record<string, unknown>) => Promise<void>;
   registerCommand: (command: OpenClawPluginCommandDefinition) => void;
 }): OpenClawPluginApi {
-  return {
+  return createTestPluginApi({
     id: "phone-control",
     name: "phone-control",
     source: "test",
@@ -30,22 +31,8 @@ function createApi(params: {
         writeConfigFile: (next: Record<string, unknown>) => params.writeConfig(next),
       },
     } as OpenClawPluginApi["runtime"],
-    logger: { info() {}, warn() {}, error() {} },
-    registerTool() {},
-    registerHook() {},
-    registerHttpRoute() {},
-    registerChannel() {},
-    registerGatewayMethod() {},
-    registerCli() {},
-    registerService() {},
-    registerProvider() {},
-    registerContextEngine() {},
     registerCommand: params.registerCommand,
-    resolvePath(input: string) {
-      return input;
-    },
-    on() {},
-  };
+  }) as OpenClawPluginApi;
 }
 
 function createCommandContext(args: string): PluginCommandContext {
diff --git a/extensions/sglang/index.ts b/extensions/sglang/index.ts
index 4c9102caebc..64143026592 100644
--- a/extensions/sglang/index.ts
+++ b/extensions/sglang/index.ts
@@ -1,13 +1,11 @@
 import {
   buildSglangProvider,
   configureOpenAICompatibleSelfHostedProviderNonInteractive,
+  discoverOpenAICompatibleSelfHostedProvider,
   emptyPluginConfigSchema,
-  promptAndConfigureOpenAICompatibleSelfHostedProvider,
+  promptAndConfigureOpenAICompatibleSelfHostedProviderAuth,
   type OpenClawPluginApi,
-  type ProviderAuthContext,
   type ProviderAuthMethodNonInteractiveContext,
-  type ProviderAuthResult,
-  type ProviderDiscoveryContext,
 } from "openclaw/plugin-sdk/core";
 
 const PROVIDER_ID = "sglang";
@@ -30,8 +28,8 @@ const sglangPlugin = {
           label: "SGLang",
           hint: "Fast self-hosted OpenAI-compatible server",
           kind: "custom",
-          run: async (ctx: ProviderAuthContext): Promise<ProviderAuthResult> => {
-            const result = await promptAndConfigureOpenAICompatibleSelfHostedProvider({
+          run: async (ctx) =>
+            promptAndConfigureOpenAICompatibleSelfHostedProviderAuth({
               cfg: ctx.config,
               prompter: ctx.prompter,
               providerId: PROVIDER_ID,
@@ -39,18 +37,7 @@ const sglangPlugin = {
               defaultBaseUrl: DEFAULT_BASE_URL,
               defaultApiKeyEnvVar: "SGLANG_API_KEY",
               modelPlaceholder: "Qwen/Qwen3-8B",
-            });
-            return {
-              profiles: [
-                {
-                  profileId: result.profileId,
-                  credential: result.credential,
-                },
-              ],
-              configPatch: result.config,
-              defaultModel: result.modelRef,
-            };
-          },
+            }),
           runNonInteractive: async (ctx: ProviderAuthMethodNonInteractiveContext) =>
             configureOpenAICompatibleSelfHostedProviderNonInteractive({
               ctx,
@@ -64,21 +51,12 @@ const sglangPlugin = {
       ],
       discovery: {
         order: "late",
-        run: async (ctx: ProviderDiscoveryContext) => {
-          if (ctx.config.models?.providers?.sglang) {
-            return null;
-          }
-          const { apiKey, discoveryApiKey } = ctx.resolveProviderApiKey(PROVIDER_ID);
-          if (!apiKey) {
-            return null;
-          }
-          return {
-            provider: {
-              ...(await buildSglangProvider({ apiKey: discoveryApiKey })),
-              apiKey,
-            },
-          };
-        },
+        run: async (ctx) =>
+          discoverOpenAICompatibleSelfHostedProvider({
+            ctx,
+            providerId: PROVIDER_ID,
+            buildProvider: buildSglangProvider,
+          }),
       },
       wizard: {
         onboarding: {
diff --git a/extensions/sglang/package.json b/extensions/sglang/package.json
index 6b38cfafb60..d64495bd110 100644
--- a/extensions/sglang/package.json
+++ b/extensions/sglang/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/sglang-provider",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw SGLang provider plugin",
   "type": "module",
diff --git a/extensions/shared/channel-status-summary.ts b/extensions/shared/channel-status-summary.ts
new file mode 100644
index 00000000000..5ebdb067596
--- /dev/null
+++ b/extensions/shared/channel-status-summary.ts
@@ -0,0 +1,48 @@
+type PassiveChannelStatusSnapshot = {
+  configured?: boolean;
+  running?: boolean;
+  lastStartAt?: number | null;
+  lastStopAt?: number | null;
+  lastError?: string | null;
+  probe?: unknown;
+  lastProbeAt?: number | null;
+};
+
+type TrafficStatusSnapshot = {
+  lastInboundAt?: number | null;
+  lastOutboundAt?: number | null;
+};
+
+export function buildPassiveChannelStatusSummary<TExtra extends object>(
+  snapshot: PassiveChannelStatusSnapshot,
+  extra?: TExtra,
+) {
+  return {
+    configured: snapshot.configured ?? false,
+    ...(extra ?? ({} as TExtra)),
+    running: snapshot.running ?? false,
+    lastStartAt: snapshot.lastStartAt ?? null,
+    lastStopAt: snapshot.lastStopAt ?? null,
+    lastError: snapshot.lastError ?? null,
+  };
+}
+
+export function buildPassiveProbedChannelStatusSummary<TExtra extends object>(
+  snapshot: PassiveChannelStatusSnapshot,
+  extra?: TExtra,
+) {
+  return {
+    ...buildPassiveChannelStatusSummary(snapshot, extra),
+    probe: snapshot.probe,
+    lastProbeAt: snapshot.lastProbeAt ?? null,
+  };
+}
+
+export function buildTrafficStatusSummary<TSnapshot extends TrafficStatusSnapshot>(
+  snapshot?: TSnapshot | null,
+) {
+  return {
+    lastInboundAt: snapshot?.lastInboundAt ?? null,
+    lastOutboundAt: snapshot?.lastOutboundAt ?? null,
+  };
+}
diff --git a/extensions/shared/config-schema-helpers.ts b/extensions/shared/config-schema-helpers.ts
new file mode 100644
index 00000000000..495793b54b6
--- /dev/null
+++ b/extensions/shared/config-schema-helpers.ts
@@ -0,0 +1,25 @@
+import type { z } from "zod";
+
+type RequireOpenAllowFromFn = (params: {
+  policy?: string;
+  allowFrom?: Array<string | number>;
+  ctx: z.RefinementCtx;
+  path: Array<string | number>;
+  message: string;
+}) => void;
+
+export function requireChannelOpenAllowFrom(params: {
+  channel: string;
+  policy?: string;
+  allowFrom?: Array<string | number>;
+  ctx: z.RefinementCtx;
+  requireOpenAllowFrom: RequireOpenAllowFromFn;
+}) {
+  params.requireOpenAllowFrom({
+    policy: params.policy,
+    allowFrom: params.allowFrom,
+    ctx: params.ctx,
+    path: ["allowFrom"],
+    message: `channels.${params.channel}.dmPolicy="open" requires channels.${params.channel}.allowFrom to include "*"`,
+  });
+}
diff --git a/extensions/shared/deferred.ts b/extensions/shared/deferred.ts
new file mode 100644
index 00000000000..1a874100916
--- /dev/null
+++ b/extensions/shared/deferred.ts
@@ -0,0 +1,9 @@
+export function createDeferred<T>() {
+  let resolve!: (value: T | PromiseLike<T>) => void;
+  let reject!: (reason?: unknown) => void;
+  const promise = new Promise<T>((res, rej) => {
+    resolve = res;
+    reject = rej;
+  });
+  return { promise, resolve, reject };
+}
diff --git a/extensions/shared/passive-monitor.ts b/extensions/shared/passive-monitor.ts
new file mode 100644
index 00000000000..e5ffb3f03ff
--- /dev/null
+++ b/extensions/shared/passive-monitor.ts
@@ -0,0 +1,18 @@
+import { runPassiveAccountLifecycle } from "openclaw/plugin-sdk";
+
+type StoppableMonitor = {
+  stop: () => void;
+};
+
+export async function runStoppablePassiveMonitor<TMonitor extends StoppableMonitor>(params: {
+  abortSignal: AbortSignal;
+  start: () => Promise<TMonitor>;
+}): Promise<void> {
+  await runPassiveAccountLifecycle({
+    abortSignal: params.abortSignal,
+    start: params.start,
+    stop: async (monitor) => {
+      monitor.stop();
+    },
+  });
+}
diff --git a/extensions/shared/runtime.ts b/extensions/shared/runtime.ts
new file mode 100644
index 00000000000..a1950ba6be0
--- /dev/null
+++ b/extensions/shared/runtime.ts
@@ -0,0 +1,14 @@
+import { createLoggerBackedRuntime } from "openclaw/plugin-sdk";
+
+export function resolveLoggerBackedRuntime<TRuntime>(
+  runtime: TRuntime | undefined,
+  logger: Parameters<typeof createLoggerBackedRuntime>[0]["logger"],
+): TRuntime {
+  return (
+    runtime ??
+    (createLoggerBackedRuntime({
+      logger,
+      exitError: () => new Error("Runtime exit not available"),
+    }) as TRuntime)
+  );
+}
diff --git a/extensions/shared/status-issues.ts b/extensions/shared/status-issues.ts
new file mode 100644
index 00000000000..1eb39e2b686
--- /dev/null
+++ b/extensions/shared/status-issues.ts
@@ -0,0 +1,18 @@
+export function readStatusIssueFields<TField extends string>(
+  value: unknown,
+  fields: readonly TField[],
+): Record<TField, unknown> | null {
+  if (!value || typeof value !== "object") {
+    return null;
+  }
+  const record = value as Record<string, unknown>;
+  const result = {} as Record<TField, unknown>;
+  for (const field of fields) {
+    result[field] = record[field];
+  }
+  return result;
+}
+
+export function coerceStatusIssueAccountId(value: unknown): string | undefined {
+  return typeof value === "string" ? value : typeof value === "number" ? String(value) : undefined;
+}
diff --git a/extensions/signal/package.json b/extensions/signal/package.json
index 95a4879cc82..67d6eae6506 100644
--- a/extensions/signal/package.json
+++ b/extensions/signal/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/signal",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw Signal channel plugin",
   "type": "module",
diff --git a/src/signal/accounts.ts b/extensions/signal/src/accounts.ts
similarity index 84%
rename from src/signal/accounts.ts
rename to extensions/signal/src/accounts.ts
index ed5732b9155..edcfa4c1d64 100644
--- a/src/signal/accounts.ts
+++ b/extensions/signal/src/accounts.ts
@@ -1,8 +1,8 @@
-import { createAccountListHelpers } from "../channels/plugins/account-helpers.js";
-import type { OpenClawConfig } from "../config/config.js";
-import type { SignalAccountConfig } from "../config/types.js";
-import { resolveAccountEntry } from "../routing/account-lookup.js";
-import { normalizeAccountId } from "../routing/session-key.js";
+import { createAccountListHelpers } from "../../../src/channels/plugins/account-helpers.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { SignalAccountConfig } from "../../../src/config/types.js";
+import { resolveAccountEntry } from "../../../src/routing/account-lookup.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
 
 export type ResolvedSignalAccount = {
   accountId: string;
diff --git a/extensions/signal/src/channel.ts b/extensions/signal/src/channel.ts
index 89dfb8c9a48..7b1f3e5493a 100644
--- a/extensions/signal/src/channel.ts
+++ b/extensions/signal/src/channel.ts
@@ -30,6 +30,7 @@ import {
   type ChannelPlugin,
   type ResolvedSignalAccount,
 } from "openclaw/plugin-sdk/signal";
+import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js";
 import { getSignalRuntime } from "./runtime.js";
 
 const signalMessageActions: ChannelMessageActionAdapter = {
@@ -84,9 +85,11 @@ async function sendSignalOutbound(params: {
   mediaUrl?: string;
   mediaLocalRoots?: readonly string[];
   accountId?: string;
-  deps?: { sendSignal?: SignalSendFn };
+  deps?: { [channelId: string]: unknown };
 }) {
-  const send = params.deps?.sendSignal ?? getSignalRuntime().channel.signal.sendMessageSignal;
+  const send =
+    resolveOutboundSendDep<SignalSendFn>(params.deps, "signal") ??
+    getSignalRuntime().channel.signal.sendMessageSignal;
   const maxBytes = resolveChannelMediaMaxBytes({
     cfg: params.cfg,
     resolveChannelLimitMb: ({ cfg, accountId }) =>
diff --git a/src/signal/client.test.ts b/extensions/signal/src/client.test.ts
similarity index 92%
rename from src/signal/client.test.ts
rename to extensions/signal/src/client.test.ts
index 109ec5f9494..9313bb17573 100644
--- a/src/signal/client.test.ts
+++ b/extensions/signal/src/client.test.ts
@@ -3,15 +3,15 @@ import { beforeEach, describe, expect, it, vi } from "vitest";
 const fetchWithTimeoutMock = vi.fn();
 const resolveFetchMock = vi.fn();
 
-vi.mock("../infra/fetch.js", () => ({
+vi.mock("../../../src/infra/fetch.js", () => ({
   resolveFetch: (...args: unknown[]) => resolveFetchMock(...args),
 }));
 
-vi.mock("../infra/secure-random.js", () => ({
+vi.mock("../../../src/infra/secure-random.js", () => ({
   generateSecureUuid: () => "test-id",
 }));
 
-vi.mock("../utils/fetch-timeout.js", () => ({
+vi.mock("../../../src/utils/fetch-timeout.js", () => ({
   fetchWithTimeout: (...args: unknown[]) => fetchWithTimeoutMock(...args),
 }));
 
diff --git a/src/signal/client.ts b/extensions/signal/src/client.ts
similarity index 96%
rename from src/signal/client.ts
rename to extensions/signal/src/client.ts
index 198e1ad450b..394aec4e297 100644
--- a/src/signal/client.ts
+++ b/extensions/signal/src/client.ts
@@ -1,6 +1,6 @@
-import { resolveFetch } from "../infra/fetch.js";
-import { generateSecureUuid } from "../infra/secure-random.js";
-import { fetchWithTimeout } from "../utils/fetch-timeout.js";
+import { resolveFetch } from "../../../src/infra/fetch.js";
+import { generateSecureUuid } from "../../../src/infra/secure-random.js";
+import { fetchWithTimeout } from "../../../src/utils/fetch-timeout.js";
 
 export type SignalRpcOptions = {
   baseUrl: string;
diff --git a/src/signal/daemon.ts b/extensions/signal/src/daemon.ts
similarity index 98%
rename from src/signal/daemon.ts
rename to extensions/signal/src/daemon.ts
index 93f116d466e..d53597a296b 100644
--- a/src/signal/daemon.ts
+++ b/extensions/signal/src/daemon.ts
@@ -1,5 +1,5 @@
 import { spawn } from "node:child_process";
-import type { RuntimeEnv } from "../runtime.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 
 export type SignalDaemonOpts = {
   cliPath: string;
diff --git a/src/signal/format.chunking.test.ts b/extensions/signal/src/format.chunking.test.ts
similarity index 100%
rename from src/signal/format.chunking.test.ts
rename to extensions/signal/src/format.chunking.test.ts
diff --git a/src/signal/format.links.test.ts b/extensions/signal/src/format.links.test.ts
similarity index 100%
rename from src/signal/format.links.test.ts
rename to extensions/signal/src/format.links.test.ts
diff --git a/src/signal/format.test.ts b/extensions/signal/src/format.test.ts
similarity index 100%
rename from src/signal/format.test.ts
rename to extensions/signal/src/format.test.ts
diff --git a/src/signal/format.ts b/extensions/signal/src/format.ts
similarity index 98%
rename from src/signal/format.ts
rename to extensions/signal/src/format.ts
index 8f35a34f2da..2180693293e 100644
--- a/src/signal/format.ts
+++ b/extensions/signal/src/format.ts
@@ -1,10 +1,10 @@
-import type { MarkdownTableMode } from "../config/types.base.js";
+import type { MarkdownTableMode } from "../../../src/config/types.base.js";
 import {
   chunkMarkdownIR,
   markdownToIR,
   type MarkdownIR,
   type MarkdownStyle,
-} from "../markdown/ir.js";
+} from "../../../src/markdown/ir.js";
 
 type SignalTextStyle = "BOLD" | "ITALIC" | "STRIKETHROUGH" | "MONOSPACE" | "SPOILER";
 
diff --git a/src/signal/format.visual.test.ts b/extensions/signal/src/format.visual.test.ts
similarity index 100%
rename from src/signal/format.visual.test.ts
rename to extensions/signal/src/format.visual.test.ts
diff --git a/src/signal/identity.test.ts b/extensions/signal/src/identity.test.ts
similarity index 100%
rename from src/signal/identity.test.ts
rename to extensions/signal/src/identity.test.ts
diff --git a/src/signal/identity.ts b/extensions/signal/src/identity.ts
similarity index 96%
rename from src/signal/identity.ts
rename to extensions/signal/src/identity.ts
index 965a9c88f0a..c39b0dd5eaa 100644
--- a/src/signal/identity.ts
+++ b/extensions/signal/src/identity.ts
@@ -1,5 +1,5 @@
-import { evaluateSenderGroupAccessForPolicy } from "../plugin-sdk/group-access.js";
-import { normalizeE164 } from "../utils.js";
+import { evaluateSenderGroupAccessForPolicy } from "../../../src/plugin-sdk/group-access.js";
+import { normalizeE164 } from "../../../src/utils.js";
 
 export type SignalSender =
   | { kind: "phone"; raw: string; e164: string }
diff --git a/src/signal/index.ts b/extensions/signal/src/index.ts
similarity index 100%
rename from src/signal/index.ts
rename to extensions/signal/src/index.ts
diff --git a/src/signal/monitor.test.ts b/extensions/signal/src/monitor.test.ts
similarity index 100%
rename from src/signal/monitor.test.ts
rename to extensions/signal/src/monitor.test.ts
diff --git a/src/signal/monitor.tool-result.pairs-uuid-only-senders-uuid-allowlist-entry.test.ts b/extensions/signal/src/monitor.tool-result.pairs-uuid-only-senders-uuid-allowlist-entry.test.ts
similarity index 100%
rename from src/signal/monitor.tool-result.pairs-uuid-only-senders-uuid-allowlist-entry.test.ts
rename to extensions/signal/src/monitor.tool-result.pairs-uuid-only-senders-uuid-allowlist-entry.test.ts
diff --git a/src/signal/monitor.tool-result.sends-tool-summaries-responseprefix.test.ts b/extensions/signal/src/monitor.tool-result.sends-tool-summaries-responseprefix.test.ts
similarity index 96%
rename from src/signal/monitor.tool-result.sends-tool-summaries-responseprefix.test.ts
rename to extensions/signal/src/monitor.tool-result.sends-tool-summaries-responseprefix.test.ts
index a06d17d61d9..ccefd20b064 100644
--- a/src/signal/monitor.tool-result.sends-tool-summaries-responseprefix.test.ts
+++ b/extensions/signal/src/monitor.tool-result.sends-tool-summaries-responseprefix.test.ts
@@ -1,8 +1,8 @@
 import { describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
-import { peekSystemEvents } from "../infra/system-events.js";
-import { resolveAgentRoute } from "../routing/resolve-route.js";
-import { normalizeE164 } from "../utils.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { peekSystemEvents } from "../../../src/infra/system-events.js";
+import { resolveAgentRoute } from "../../../src/routing/resolve-route.js";
+import { normalizeE164 } from "../../../src/utils.js";
 import type { SignalDaemonExitEvent } from "./daemon.js";
 import {
   createMockSignalDaemonHandle,
@@ -74,7 +74,10 @@ function createAutoAbortController() {
 }
 
 async function runMonitorWithMocks(opts: MonitorSignalProviderOptions) {
-  return monitorSignalProvider(opts);
+  return monitorSignalProvider({
+    config: config as OpenClawConfig,
+    ...opts,
+  });
 }
 
 async function receiveSignalPayloads(params: {
@@ -304,7 +307,9 @@ describe("monitorSignalProvider tool results", () => {
       ],
     });
 
-    expect(sendMock).toHaveBeenCalledTimes(1);
+    await vi.waitFor(() => {
+      expect(sendMock).toHaveBeenCalledTimes(1);
+    });
     expect(sendMock.mock.calls[0][1]).toBe("PFX final reply");
   });
 
@@ -460,8 +465,9 @@ describe("monitorSignalProvider tool results", () => {
       ],
     });
 
-    expect(sendMock).toHaveBeenCalledTimes(1);
-    expect(updateLastRouteMock).toHaveBeenCalled();
+    await vi.waitFor(() => {
+      expect(sendMock).toHaveBeenCalledTimes(1);
+    });
   });
 
   it("does not resend pairing code when a request is already pending", async () => {
diff --git a/src/signal/monitor.tool-result.test-harness.ts b/extensions/signal/src/monitor.tool-result.test-harness.ts
similarity index 80%
rename from src/signal/monitor.tool-result.test-harness.ts
rename to extensions/signal/src/monitor.tool-result.test-harness.ts
index 95220805698..252e039b0fb 100644
--- a/src/signal/monitor.tool-result.test-harness.ts
+++ b/extensions/signal/src/monitor.tool-result.test-harness.ts
@@ -1,7 +1,7 @@
 import { beforeEach, vi } from "vitest";
-import { resetInboundDedupe } from "../auto-reply/reply/inbound-dedupe.js";
-import { resetSystemEventsForTest } from "../infra/system-events.js";
-import type { MockFn } from "../test-utils/vitest-mock-fn.js";
+import { resetInboundDedupe } from "../../../src/auto-reply/reply/inbound-dedupe.js";
+import { resetSystemEventsForTest } from "../../../src/infra/system-events.js";
+import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js";
 import type { SignalDaemonExitEvent, SignalDaemonHandle } from "./daemon.js";
 
 type SignalToolResultTestMocks = {
@@ -68,15 +68,15 @@ export function createMockSignalDaemonHandle(
   };
 }
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: () => config,
   };
 });
 
-vi.mock("../auto-reply/reply.js", () => ({
+vi.mock("../../../src/auto-reply/reply.js", () => ({
   getReplyFromConfig: (...args: unknown[]) => replyMock(...args),
 }));
 
@@ -86,17 +86,21 @@ vi.mock("./send.js", () => ({
   sendReadReceiptSignal: vi.fn().mockResolvedValue(true),
 }));
 
-vi.mock("../pairing/pairing-store.js", () => ({
+vi.mock("../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: (...args: unknown[]) => readAllowFromStoreMock(...args),
   upsertChannelPairingRequest: (...args: unknown[]) => upsertPairingRequestMock(...args),
 }));
 
-vi.mock("../config/sessions.js", () => ({
-  resolveStorePath: vi.fn(() => "/tmp/openclaw-sessions.json"),
-  updateLastRoute: (...args: unknown[]) => updateLastRouteMock(...args),
-  readSessionUpdatedAt: vi.fn(() => undefined),
-  recordSessionMetaFromInbound: vi.fn().mockResolvedValue(undefined),
-}));
+vi.mock("../../../src/config/sessions.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/sessions.js")>();
+  return {
+    ...actual,
+    resolveStorePath: vi.fn(() => "/tmp/openclaw-sessions.json"),
+    updateLastRoute: (...args: unknown[]) => updateLastRouteMock(...args),
+    readSessionUpdatedAt: vi.fn(() => undefined),
+    recordSessionMetaFromInbound: vi.fn().mockResolvedValue(undefined),
+  };
+});
 
 vi.mock("./client.js", () => ({
   streamSignalEvents: (...args: unknown[]) => streamMock(...args),
@@ -112,7 +116,7 @@ vi.mock("./daemon.js", async (importOriginal) => {
   };
 });
 
-vi.mock("../infra/transport-ready.js", () => ({
+vi.mock("../../../src/infra/transport-ready.js", () => ({
   waitForTransportReady: (...args: unknown[]) => waitForTransportReadyMock(...args),
 }));
 
diff --git a/src/signal/monitor.ts b/extensions/signal/src/monitor.ts
similarity index 93%
rename from src/signal/monitor.ts
rename to extensions/signal/src/monitor.ts
index 13812593c63..3febfe740d4 100644
--- a/src/signal/monitor.ts
+++ b/extensions/signal/src/monitor.ts
@@ -1,20 +1,27 @@
-import { chunkTextWithMode, resolveChunkMode, resolveTextChunkLimit } from "../auto-reply/chunk.js";
-import { DEFAULT_GROUP_HISTORY_LIMIT, type HistoryEntry } from "../auto-reply/reply/history.js";
-import type { ReplyPayload } from "../auto-reply/types.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { loadConfig } from "../config/config.js";
+import {
+  chunkTextWithMode,
+  resolveChunkMode,
+  resolveTextChunkLimit,
+} from "../../../src/auto-reply/chunk.js";
+import {
+  DEFAULT_GROUP_HISTORY_LIMIT,
+  type HistoryEntry,
+} from "../../../src/auto-reply/reply/history.js";
+import type { ReplyPayload } from "../../../src/auto-reply/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { loadConfig } from "../../../src/config/config.js";
 import {
   resolveAllowlistProviderRuntimeGroupPolicy,
   resolveDefaultGroupPolicy,
   warnMissingProviderGroupPolicyFallbackOnce,
-} from "../config/runtime-group-policy.js";
-import type { SignalReactionNotificationMode } from "../config/types.js";
-import type { BackoffPolicy } from "../infra/backoff.js";
-import { waitForTransportReady } from "../infra/transport-ready.js";
-import { saveMediaBuffer } from "../media/store.js";
-import { createNonExitingRuntime, type RuntimeEnv } from "../runtime.js";
-import { normalizeStringEntries } from "../shared/string-normalization.js";
-import { normalizeE164 } from "../utils.js";
+} from "../../../src/config/runtime-group-policy.js";
+import type { SignalReactionNotificationMode } from "../../../src/config/types.js";
+import type { BackoffPolicy } from "../../../src/infra/backoff.js";
+import { waitForTransportReady } from "../../../src/infra/transport-ready.js";
+import { saveMediaBuffer } from "../../../src/media/store.js";
+import { createNonExitingRuntime, type RuntimeEnv } from "../../../src/runtime.js";
+import { normalizeStringEntries } from "../../../src/shared/string-normalization.js";
+import { normalizeE164 } from "../../../src/utils.js";
 import { resolveSignalAccount } from "./accounts.js";
 import { signalCheck, signalRpcRequest } from "./client.js";
 import { formatSignalDaemonExit, spawnSignalDaemon, type SignalDaemonHandle } from "./daemon.js";
diff --git a/src/signal/monitor/access-policy.ts b/extensions/signal/src/monitor/access-policy.ts
similarity index 92%
rename from src/signal/monitor/access-policy.ts
rename to extensions/signal/src/monitor/access-policy.ts
index e836868ec8d..72555186031 100644
--- a/src/signal/monitor/access-policy.ts
+++ b/extensions/signal/src/monitor/access-policy.ts
@@ -1,9 +1,9 @@
-import { issuePairingChallenge } from "../../pairing/pairing-challenge.js";
-import { upsertChannelPairingRequest } from "../../pairing/pairing-store.js";
+import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js";
+import { upsertChannelPairingRequest } from "../../../../src/pairing/pairing-store.js";
 import {
   readStoreAllowFromForDmPolicy,
   resolveDmGroupAccessWithLists,
-} from "../../security/dm-policy-shared.js";
+} from "../../../../src/security/dm-policy-shared.js";
 import { isSignalSenderAllowed, type SignalSender } from "../identity.js";
 
 type SignalDmPolicy = "open" | "pairing" | "allowlist" | "disabled";
diff --git a/src/signal/monitor/event-handler.inbound-contract.test.ts b/extensions/signal/src/monitor/event-handler.inbound-contract.test.ts
similarity index 95%
rename from src/signal/monitor/event-handler.inbound-contract.test.ts
rename to extensions/signal/src/monitor/event-handler.inbound-contract.test.ts
index 88be22ea5b4..62593156756 100644
--- a/src/signal/monitor/event-handler.inbound-contract.test.ts
+++ b/extensions/signal/src/monitor/event-handler.inbound-contract.test.ts
@@ -1,6 +1,6 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { expectInboundContextContract } from "../../../test/helpers/inbound-contract.js";
-import type { MsgContext } from "../../auto-reply/templating.js";
+import type { MsgContext } from "../../../../src/auto-reply/templating.js";
+import { expectInboundContextContract } from "../../../../test/helpers/inbound-contract.js";
 import { createSignalEventHandler } from "./event-handler.js";
 import {
   createBaseSignalEventHandlerDeps,
@@ -34,8 +34,8 @@ vi.mock("../send.js", () => ({
   sendReadReceiptSignal: sendReadReceiptMock,
 }));
 
-vi.mock("../../auto-reply/dispatch.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../auto-reply/dispatch.js")>();
+vi.mock("../../../../src/auto-reply/dispatch.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../../src/auto-reply/dispatch.js")>();
   return {
     ...actual,
     dispatchInboundMessage: dispatchInboundMessageMock,
@@ -44,7 +44,7 @@ vi.mock("../../auto-reply/dispatch.js", async (importOriginal) => {
   };
 });
 
-vi.mock("../../pairing/pairing-store.js", () => ({
+vi.mock("../../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: vi.fn().mockResolvedValue([]),
   upsertChannelPairingRequest: vi.fn(),
 }));
diff --git a/src/signal/monitor/event-handler.mention-gating.test.ts b/extensions/signal/src/monitor/event-handler.mention-gating.test.ts
similarity index 95%
rename from src/signal/monitor/event-handler.mention-gating.test.ts
rename to extensions/signal/src/monitor/event-handler.mention-gating.test.ts
index 38dedf5a813..05836c43975 100644
--- a/src/signal/monitor/event-handler.mention-gating.test.ts
+++ b/extensions/signal/src/monitor/event-handler.mention-gating.test.ts
@@ -1,7 +1,7 @@
 import { describe, expect, it, vi } from "vitest";
-import { buildDispatchInboundCaptureMock } from "../../../test/helpers/dispatch-inbound-capture.js";
-import type { MsgContext } from "../../auto-reply/templating.js";
-import type { OpenClawConfig } from "../../config/types.js";
+import type { MsgContext } from "../../../../src/auto-reply/templating.js";
+import type { OpenClawConfig } from "../../../../src/config/types.js";
+import { buildDispatchInboundCaptureMock } from "../../../../test/helpers/dispatch-inbound-capture.js";
 import {
   createBaseSignalEventHandlerDeps,
   createSignalReceiveEvent,
@@ -18,8 +18,8 @@ function getCapturedCtx() {
   return capturedCtx as SignalMsgContext;
 }
 
-vi.mock("../../auto-reply/dispatch.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../auto-reply/dispatch.js")>();
+vi.mock("../../../../src/auto-reply/dispatch.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../../src/auto-reply/dispatch.js")>();
   return buildDispatchInboundCaptureMock(actual, (ctx) => {
     capturedCtx = ctx as SignalMsgContext;
   });
diff --git a/src/signal/monitor/event-handler.test-harness.ts b/extensions/signal/src/monitor/event-handler.test-harness.ts
similarity index 100%
rename from src/signal/monitor/event-handler.test-harness.ts
rename to extensions/signal/src/monitor/event-handler.test-harness.ts
diff --git a/src/signal/monitor/event-handler.ts b/extensions/signal/src/monitor/event-handler.ts
similarity index 90%
rename from src/signal/monitor/event-handler.ts
rename to extensions/signal/src/monitor/event-handler.ts
index abba2d0778e..36eb0e8d276 100644
--- a/src/signal/monitor/event-handler.ts
+++ b/extensions/signal/src/monitor/event-handler.ts
@@ -1,41 +1,44 @@
-import { resolveHumanDelayConfig } from "../../agents/identity.js";
-import { hasControlCommand } from "../../auto-reply/command-detection.js";
-import { dispatchInboundMessage } from "../../auto-reply/dispatch.js";
+import { resolveHumanDelayConfig } from "../../../../src/agents/identity.js";
+import { hasControlCommand } from "../../../../src/auto-reply/command-detection.js";
+import { dispatchInboundMessage } from "../../../../src/auto-reply/dispatch.js";
 import {
   formatInboundEnvelope,
   formatInboundFromLabel,
   resolveEnvelopeFormatOptions,
-} from "../../auto-reply/envelope.js";
+} from "../../../../src/auto-reply/envelope.js";
 import {
   buildPendingHistoryContextFromMap,
   clearHistoryEntriesIfEnabled,
   recordPendingHistoryEntryIfEnabled,
-} from "../../auto-reply/reply/history.js";
-import { finalizeInboundContext } from "../../auto-reply/reply/inbound-context.js";
-import { buildMentionRegexes, matchesMentionPatterns } from "../../auto-reply/reply/mentions.js";
-import { createReplyDispatcherWithTyping } from "../../auto-reply/reply/reply-dispatcher.js";
-import { resolveControlCommandGate } from "../../channels/command-gating.js";
+} from "../../../../src/auto-reply/reply/history.js";
+import { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js";
+import {
+  buildMentionRegexes,
+  matchesMentionPatterns,
+} from "../../../../src/auto-reply/reply/mentions.js";
+import { createReplyDispatcherWithTyping } from "../../../../src/auto-reply/reply/reply-dispatcher.js";
+import { resolveControlCommandGate } from "../../../../src/channels/command-gating.js";
 import {
   createChannelInboundDebouncer,
   shouldDebounceTextInbound,
-} from "../../channels/inbound-debounce-policy.js";
-import { logInboundDrop, logTypingFailure } from "../../channels/logging.js";
-import { resolveMentionGatingWithBypass } from "../../channels/mention-gating.js";
-import { normalizeSignalMessagingTarget } from "../../channels/plugins/normalize/signal.js";
-import { createReplyPrefixOptions } from "../../channels/reply-prefix.js";
-import { recordInboundSession } from "../../channels/session.js";
-import { createTypingCallbacks } from "../../channels/typing.js";
-import { resolveChannelGroupRequireMention } from "../../config/group-policy.js";
-import { readSessionUpdatedAt, resolveStorePath } from "../../config/sessions.js";
-import { danger, logVerbose, shouldLogVerbose } from "../../globals.js";
-import { enqueueSystemEvent } from "../../infra/system-events.js";
-import { kindFromMime } from "../../media/mime.js";
-import { resolveAgentRoute } from "../../routing/resolve-route.js";
+} from "../../../../src/channels/inbound-debounce-policy.js";
+import { logInboundDrop, logTypingFailure } from "../../../../src/channels/logging.js";
+import { resolveMentionGatingWithBypass } from "../../../../src/channels/mention-gating.js";
+import { normalizeSignalMessagingTarget } from "../../../../src/channels/plugins/normalize/signal.js";
+import { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js";
+import { recordInboundSession } from "../../../../src/channels/session.js";
+import { createTypingCallbacks } from "../../../../src/channels/typing.js";
+import { resolveChannelGroupRequireMention } from "../../../../src/config/group-policy.js";
+import { readSessionUpdatedAt, resolveStorePath } from "../../../../src/config/sessions.js";
+import { danger, logVerbose, shouldLogVerbose } from "../../../../src/globals.js";
+import { enqueueSystemEvent } from "../../../../src/infra/system-events.js";
+import { kindFromMime } from "../../../../src/media/mime.js";
+import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js";
 import {
   DM_GROUP_ACCESS_REASON,
   resolvePinnedMainDmOwnerFromAllowlist,
-} from "../../security/dm-policy-shared.js";
-import { normalizeE164 } from "../../utils.js";
+} from "../../../../src/security/dm-policy-shared.js";
+import { normalizeE164 } from "../../../../src/utils.js";
 import {
   formatSignalPairingIdLine,
   formatSignalSenderDisplay,
@@ -76,6 +79,24 @@ function formatAttachmentSummaryPlaceholder(contentTypes: Array<string | undefin
   return `[${parts.join(" + ")} attached]`;
 }
 
+function resolveSignalInboundRoute(params: {
+  cfg: SignalEventHandlerDeps["cfg"];
+  accountId: SignalEventHandlerDeps["accountId"];
+  isGroup: boolean;
+  groupId?: string;
+  senderPeerId: string;
+}) {
+  return resolveAgentRoute({
+    cfg: params.cfg,
+    channel: "signal",
+    accountId: params.accountId,
+    peer: {
+      kind: params.isGroup ? "group" : "direct",
+      id: params.isGroup ? (params.groupId ?? "unknown") : params.senderPeerId,
+    },
+  });
+}
+
 export function createSignalEventHandler(deps: SignalEventHandlerDeps) {
   type SignalInboundEntry = {
     senderName: string;
@@ -106,14 +127,12 @@ export function createSignalEventHandler(deps: SignalEventHandlerDeps) {
       directLabel: entry.senderName,
       directId: entry.senderDisplay,
     });
-    const route = resolveAgentRoute({
+    const route = resolveSignalInboundRoute({
       cfg: deps.cfg,
-      channel: "signal",
       accountId: deps.accountId,
-      peer: {
-        kind: entry.isGroup ? "group" : "direct",
-        id: entry.isGroup ? (entry.groupId ?? "unknown") : entry.senderPeerId,
-      },
+      isGroup: entry.isGroup,
+      groupId: entry.groupId,
+      senderPeerId: entry.senderPeerId,
     });
     const storePath = resolveStorePath(deps.cfg.session?.store, {
       agentId: route.agentId,
@@ -412,14 +431,12 @@ export function createSignalEventHandler(deps: SignalEventHandlerDeps) {
     }
 
     const senderPeerId = resolveSignalPeerId(params.sender);
-    const route = resolveAgentRoute({
+    const route = resolveSignalInboundRoute({
       cfg: deps.cfg,
-      channel: "signal",
       accountId: deps.accountId,
-      peer: {
-        kind: isGroup ? "group" : "direct",
-        id: isGroup ? (groupId ?? "unknown") : senderPeerId,
-      },
+      isGroup,
+      groupId,
+      senderPeerId,
     });
     const groupLabel = isGroup ? `${groupName ?? "Signal Group"} id:${groupId}` : undefined;
     const messageId = params.reaction.targetSentTimestamp
@@ -610,14 +627,12 @@ export function createSignalEventHandler(deps: SignalEventHandlerDeps) {
       return;
     }
 
-    const route = resolveAgentRoute({
+    const route = resolveSignalInboundRoute({
       cfg: deps.cfg,
-      channel: "signal",
       accountId: deps.accountId,
-      peer: {
-        kind: isGroup ? "group" : "direct",
-        id: isGroup ? (groupId ?? "unknown") : senderPeerId,
-      },
+      isGroup,
+      groupId,
+      senderPeerId,
     });
     const mentionRegexes = buildMentionRegexes(deps.cfg, route.agentId);
     const wasMentioned = isGroup && matchesMentionPatterns(messageText, mentionRegexes);
diff --git a/src/signal/monitor/event-handler.types.ts b/extensions/signal/src/monitor/event-handler.types.ts
similarity index 88%
rename from src/signal/monitor/event-handler.types.ts
rename to extensions/signal/src/monitor/event-handler.types.ts
index a7f3c6b1d1a..c1d0b0b3881 100644
--- a/src/signal/monitor/event-handler.types.ts
+++ b/extensions/signal/src/monitor/event-handler.types.ts
@@ -1,8 +1,12 @@
-import type { HistoryEntry } from "../../auto-reply/reply/history.js";
-import type { ReplyPayload } from "../../auto-reply/types.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import type { DmPolicy, GroupPolicy, SignalReactionNotificationMode } from "../../config/types.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { HistoryEntry } from "../../../../src/auto-reply/reply/history.js";
+import type { ReplyPayload } from "../../../../src/auto-reply/types.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import type {
+  DmPolicy,
+  GroupPolicy,
+  SignalReactionNotificationMode,
+} from "../../../../src/config/types.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import type { SignalSender } from "../identity.js";
 
 export type SignalEnvelope = {
diff --git a/src/signal/monitor/mentions.ts b/extensions/signal/src/monitor/mentions.ts
similarity index 100%
rename from src/signal/monitor/mentions.ts
rename to extensions/signal/src/monitor/mentions.ts
diff --git a/src/signal/probe.test.ts b/extensions/signal/src/probe.test.ts
similarity index 100%
rename from src/signal/probe.test.ts
rename to extensions/signal/src/probe.test.ts
diff --git a/src/signal/probe.ts b/extensions/signal/src/probe.ts
similarity index 94%
rename from src/signal/probe.ts
rename to extensions/signal/src/probe.ts
index 924f997015e..bf200effd6d 100644
--- a/src/signal/probe.ts
+++ b/extensions/signal/src/probe.ts
@@ -1,4 +1,4 @@
-import type { BaseProbeResult } from "../channels/plugins/types.js";
+import type { BaseProbeResult } from "../../../src/channels/plugins/types.js";
 import { signalCheck, signalRpcRequest } from "./client.js";
 
 export type SignalProbe = BaseProbeResult & {
diff --git a/src/signal/reaction-level.ts b/extensions/signal/src/reaction-level.ts
similarity index 89%
rename from src/signal/reaction-level.ts
rename to extensions/signal/src/reaction-level.ts
index f3bd2ad7454..884bccec58e 100644
--- a/src/signal/reaction-level.ts
+++ b/extensions/signal/src/reaction-level.ts
@@ -1,9 +1,9 @@
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import {
   resolveReactionLevel,
   type ReactionLevel,
   type ResolvedReactionLevel,
-} from "../utils/reaction-level.js";
+} from "../../../src/utils/reaction-level.js";
 import { resolveSignalAccount } from "./accounts.js";
 
 export type SignalReactionLevel = ReactionLevel;
diff --git a/src/signal/rpc-context.ts b/extensions/signal/src/rpc-context.ts
similarity index 92%
rename from src/signal/rpc-context.ts
rename to extensions/signal/src/rpc-context.ts
index f46ec3b124d..54c123cc6be 100644
--- a/src/signal/rpc-context.ts
+++ b/extensions/signal/src/rpc-context.ts
@@ -1,4 +1,4 @@
-import { loadConfig } from "../config/config.js";
+import { loadConfig } from "../../../src/config/config.js";
 import { resolveSignalAccount } from "./accounts.js";
 
 export function resolveSignalRpcContext(
diff --git a/src/signal/send-reactions.test.ts b/extensions/signal/src/send-reactions.test.ts
similarity index 93%
rename from src/signal/send-reactions.test.ts
rename to extensions/signal/src/send-reactions.test.ts
index 84d0dc53fbf..47f0bbd8814 100644
--- a/src/signal/send-reactions.test.ts
+++ b/extensions/signal/src/send-reactions.test.ts
@@ -3,8 +3,8 @@ import { removeReactionSignal, sendReactionSignal } from "./send-reactions.js";
 
 const rpcMock = vi.fn();
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: () => ({}),
diff --git a/src/signal/send-reactions.ts b/extensions/signal/src/send-reactions.ts
similarity index 97%
rename from src/signal/send-reactions.ts
rename to extensions/signal/src/send-reactions.ts
index dba41bb8b7d..a5000ca9e8f 100644
--- a/src/signal/send-reactions.ts
+++ b/extensions/signal/src/send-reactions.ts
@@ -2,8 +2,8 @@
  * Signal reactions via signal-cli JSON-RPC API
  */
 
-import { loadConfig } from "../config/config.js";
-import type { OpenClawConfig } from "../config/config.js";
+import { loadConfig } from "../../../src/config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { resolveSignalAccount } from "./accounts.js";
 import { signalRpcRequest } from "./client.js";
 import { resolveSignalRpcContext } from "./rpc-context.js";
diff --git a/src/signal/send.ts b/extensions/signal/src/send.ts
similarity index 95%
rename from src/signal/send.ts
rename to extensions/signal/src/send.ts
index 9dc4ef97917..bb953680290 100644
--- a/src/signal/send.ts
+++ b/extensions/signal/src/send.ts
@@ -1,7 +1,7 @@
-import { loadConfig, type OpenClawConfig } from "../config/config.js";
-import { resolveMarkdownTableMode } from "../config/markdown-tables.js";
-import { kindFromMime } from "../media/mime.js";
-import { resolveOutboundAttachmentFromUrl } from "../media/outbound-attachment.js";
+import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js";
+import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js";
+import { kindFromMime } from "../../../src/media/mime.js";
+import { resolveOutboundAttachmentFromUrl } from "../../../src/media/outbound-attachment.js";
 import { resolveSignalAccount } from "./accounts.js";
 import { signalRpcRequest } from "./client.js";
 import { markdownToSignalText, type SignalTextStyleRange } from "./format.js";
diff --git a/src/signal/sse-reconnect.ts b/extensions/signal/src/sse-reconnect.ts
similarity index 86%
rename from src/signal/sse-reconnect.ts
rename to extensions/signal/src/sse-reconnect.ts
index f119388f3d1..240ec7a4beb 100644
--- a/src/signal/sse-reconnect.ts
+++ b/extensions/signal/src/sse-reconnect.ts
@@ -1,7 +1,7 @@
-import { logVerbose, shouldLogVerbose } from "../globals.js";
-import type { BackoffPolicy } from "../infra/backoff.js";
-import { computeBackoff, sleepWithAbort } from "../infra/backoff.js";
-import type { RuntimeEnv } from "../runtime.js";
+import { logVerbose, shouldLogVerbose } from "../../../src/globals.js";
+import type { BackoffPolicy } from "../../../src/infra/backoff.js";
+import { computeBackoff, sleepWithAbort } from "../../../src/infra/backoff.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 import { type SignalSseEvent, streamSignalEvents } from "./client.js";
 
 const DEFAULT_RECONNECT_POLICY: BackoffPolicy = {
diff --git a/extensions/slack/package.json b/extensions/slack/package.json
index 6fbcfb6f122..183cdce7ad4 100644
--- a/extensions/slack/package.json
+++ b/extensions/slack/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/slack",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw Slack channel plugin",
   "type": "module",
diff --git a/src/slack/account-inspect.ts b/extensions/slack/src/account-inspect.ts
similarity index 93%
rename from src/slack/account-inspect.ts
rename to extensions/slack/src/account-inspect.ts
index 34b4a13fb23..85fde407cbb 100644
--- a/src/slack/account-inspect.ts
+++ b/extensions/slack/src/account-inspect.ts
@@ -1,7 +1,10 @@
-import type { OpenClawConfig } from "../config/config.js";
-import { hasConfiguredSecretInput, normalizeSecretInputString } from "../config/types.secrets.js";
-import type { SlackAccountConfig } from "../config/types.slack.js";
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import {
+  hasConfiguredSecretInput,
+  normalizeSecretInputString,
+} from "../../../src/config/types.secrets.js";
+import type { SlackAccountConfig } from "../../../src/config/types.slack.js";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js";
 import type { SlackAccountSurfaceFields } from "./account-surface-fields.js";
 import {
   mergeSlackAccountConfig,
diff --git a/src/slack/account-surface-fields.ts b/extensions/slack/src/account-surface-fields.ts
similarity index 89%
rename from src/slack/account-surface-fields.ts
rename to extensions/slack/src/account-surface-fields.ts
index 8e2293e213a..8913a9859fe 100644
--- a/src/slack/account-surface-fields.ts
+++ b/extensions/slack/src/account-surface-fields.ts
@@ -1,4 +1,4 @@
-import type { SlackAccountConfig } from "../config/types.js";
+import type { SlackAccountConfig } from "../../../src/config/types.js";
 
 export type SlackAccountSurfaceFields = {
   groupPolicy?: SlackAccountConfig["groupPolicy"];
diff --git a/src/slack/accounts.test.ts b/extensions/slack/src/accounts.test.ts
similarity index 100%
rename from src/slack/accounts.test.ts
rename to extensions/slack/src/accounts.test.ts
diff --git a/src/slack/accounts.ts b/extensions/slack/src/accounts.ts
similarity index 89%
rename from src/slack/accounts.ts
rename to extensions/slack/src/accounts.ts
index 6e5aed59fa2..294bbf8956b 100644
--- a/src/slack/accounts.ts
+++ b/extensions/slack/src/accounts.ts
@@ -1,9 +1,9 @@
-import { normalizeChatType } from "../channels/chat-type.js";
-import { createAccountListHelpers } from "../channels/plugins/account-helpers.js";
-import type { OpenClawConfig } from "../config/config.js";
-import type { SlackAccountConfig } from "../config/types.js";
-import { resolveAccountEntry } from "../routing/account-lookup.js";
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js";
+import { normalizeChatType } from "../../../src/channels/chat-type.js";
+import { createAccountListHelpers } from "../../../src/channels/plugins/account-helpers.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { SlackAccountConfig } from "../../../src/config/types.js";
+import { resolveAccountEntry } from "../../../src/routing/account-lookup.js";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js";
 import type { SlackAccountSurfaceFields } from "./account-surface-fields.js";
 import { resolveSlackAppToken, resolveSlackBotToken, resolveSlackUserToken } from "./token.js";
 
diff --git a/src/slack/actions.blocks.test.ts b/extensions/slack/src/actions.blocks.test.ts
similarity index 100%
rename from src/slack/actions.blocks.test.ts
rename to extensions/slack/src/actions.blocks.test.ts
diff --git a/src/slack/actions.download-file.test.ts b/extensions/slack/src/actions.download-file.test.ts
similarity index 100%
rename from src/slack/actions.download-file.test.ts
rename to extensions/slack/src/actions.download-file.test.ts
diff --git a/src/slack/actions.read.test.ts b/extensions/slack/src/actions.read.test.ts
similarity index 100%
rename from src/slack/actions.read.test.ts
rename to extensions/slack/src/actions.read.test.ts
diff --git a/src/slack/actions.ts b/extensions/slack/src/actions.ts
similarity index 99%
rename from src/slack/actions.ts
rename to extensions/slack/src/actions.ts
index 2ae36e6b0d4..ba422ac50f2 100644
--- a/src/slack/actions.ts
+++ b/extensions/slack/src/actions.ts
@@ -1,6 +1,6 @@
 import type { Block, KnownBlock, WebClient } from "@slack/web-api";
-import { loadConfig } from "../config/config.js";
-import { logVerbose } from "../globals.js";
+import { loadConfig } from "../../../src/config/config.js";
+import { logVerbose } from "../../../src/globals.js";
 import { resolveSlackAccount } from "./accounts.js";
 import { buildSlackBlocksFallbackText } from "./blocks-fallback.js";
 import { validateSlackBlocksArray } from "./blocks-input.js";
diff --git a/src/slack/blocks-fallback.test.ts b/extensions/slack/src/blocks-fallback.test.ts
similarity index 100%
rename from src/slack/blocks-fallback.test.ts
rename to extensions/slack/src/blocks-fallback.test.ts
diff --git a/src/slack/blocks-fallback.ts b/extensions/slack/src/blocks-fallback.ts
similarity index 100%
rename from src/slack/blocks-fallback.ts
rename to extensions/slack/src/blocks-fallback.ts
diff --git a/src/slack/blocks-input.test.ts b/extensions/slack/src/blocks-input.test.ts
similarity index 100%
rename from src/slack/blocks-input.test.ts
rename to extensions/slack/src/blocks-input.test.ts
diff --git a/src/slack/blocks-input.ts b/extensions/slack/src/blocks-input.ts
similarity index 100%
rename from src/slack/blocks-input.ts
rename to extensions/slack/src/blocks-input.ts
diff --git a/src/slack/blocks.test-helpers.ts b/extensions/slack/src/blocks.test-helpers.ts
similarity index 95%
rename from src/slack/blocks.test-helpers.ts
rename to extensions/slack/src/blocks.test-helpers.ts
index f9bd0269858..50f7d66b04d 100644
--- a/src/slack/blocks.test-helpers.ts
+++ b/extensions/slack/src/blocks.test-helpers.ts
@@ -17,7 +17,7 @@ export type SlackSendTestClient = WebClient & {
 };
 
 export function installSlackBlockTestMocks() {
-  vi.mock("../config/config.js", () => ({
+  vi.mock("../../../src/config/config.js", () => ({
     loadConfig: () => ({}),
   }));
 
diff --git a/src/slack/channel-migration.test.ts b/extensions/slack/src/channel-migration.test.ts
similarity index 100%
rename from src/slack/channel-migration.test.ts
rename to extensions/slack/src/channel-migration.test.ts
diff --git a/src/slack/channel-migration.ts b/extensions/slack/src/channel-migration.ts
similarity index 92%
rename from src/slack/channel-migration.ts
rename to extensions/slack/src/channel-migration.ts
index 09017e0617f..e78ade084d4 100644
--- a/src/slack/channel-migration.ts
+++ b/extensions/slack/src/channel-migration.ts
@@ -1,6 +1,6 @@
-import type { OpenClawConfig } from "../config/config.js";
-import type { SlackChannelConfig } from "../config/types.slack.js";
-import { normalizeAccountId } from "../routing/session-key.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { SlackChannelConfig } from "../../../src/config/types.slack.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
 
 type SlackChannels = Record<string, SlackChannelConfig>;
 
diff --git a/extensions/slack/src/channel.ts b/extensions/slack/src/channel.ts
index 73c844a1cc0..04b46357db4 100644
--- a/extensions/slack/src/channel.ts
+++ b/extensions/slack/src/channel.ts
@@ -38,6 +38,8 @@ import {
   type ChannelPlugin,
   type ResolvedSlackAccount,
 } from "openclaw/plugin-sdk/slack";
+import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js";
+import { buildPassiveProbedChannelStatusSummary } from "../../shared/channel-status-summary.js";
 import { getSlackRuntime } from "./runtime.js";
 
 const meta = getChatChannelMeta("slack");
@@ -76,11 +78,13 @@ type SlackSendFn = ReturnType<typeof getSlackRuntime>["channel"]["slack"]["sendM
 function resolveSlackSendContext(params: {
   cfg: Parameters<typeof resolveSlackAccount>[0]["cfg"];
   accountId?: string;
-  deps?: { sendSlack?: SlackSendFn };
+  deps?: { [channelId: string]: unknown };
   replyToId?: string | number | null;
   threadId?: string | number | null;
 }) {
-  const send = params.deps?.sendSlack ?? getSlackRuntime().channel.slack.sendMessageSlack;
+  const send =
+    resolveOutboundSendDep<SlackSendFn>(params.deps, "slack") ??
+    getSlackRuntime().channel.slack.sendMessageSlack;
   const account = resolveSlackAccount({ cfg: params.cfg, accountId: params.accountId });
   const token = getTokenForOperation(account, "write");
   const botToken = account.botToken?.trim();
@@ -421,17 +425,11 @@ export const slackPlugin: ChannelPlugin<ResolvedSlackAccount> = {
       lastStopAt: null,
       lastError: null,
     },
-    buildChannelSummary: ({ snapshot }) => ({
-      configured: snapshot.configured ?? false,
-      botTokenSource: snapshot.botTokenSource ?? "none",
-      appTokenSource: snapshot.appTokenSource ?? "none",
-      running: snapshot.running ?? false,
-      lastStartAt: snapshot.lastStartAt ?? null,
-      lastStopAt: snapshot.lastStopAt ?? null,
-      lastError: snapshot.lastError ?? null,
-      probe: snapshot.probe,
-      lastProbeAt: snapshot.lastProbeAt ?? null,
-    }),
+    buildChannelSummary: ({ snapshot }) =>
+      buildPassiveProbedChannelStatusSummary(snapshot, {
+        botTokenSource: snapshot.botTokenSource ?? "none",
+        appTokenSource: snapshot.appTokenSource ?? "none",
+      }),
     probeAccount: async ({ account, timeoutMs }) => {
       const token = account.botToken?.trim();
       if (!token) {
diff --git a/src/slack/client.test.ts b/extensions/slack/src/client.test.ts
similarity index 100%
rename from src/slack/client.test.ts
rename to extensions/slack/src/client.test.ts
diff --git a/src/slack/client.ts b/extensions/slack/src/client.ts
similarity index 100%
rename from src/slack/client.ts
rename to extensions/slack/src/client.ts
diff --git a/src/slack/directory-live.ts b/extensions/slack/src/directory-live.ts
similarity index 96%
rename from src/slack/directory-live.ts
rename to extensions/slack/src/directory-live.ts
index bb105bae5ab..225548c646d 100644
--- a/src/slack/directory-live.ts
+++ b/extensions/slack/src/directory-live.ts
@@ -1,5 +1,5 @@
-import type { DirectoryConfigParams } from "../channels/plugins/directory-config.js";
-import type { ChannelDirectoryEntry } from "../channels/plugins/types.js";
+import type { DirectoryConfigParams } from "../../../src/channels/plugins/directory-config.js";
+import type { ChannelDirectoryEntry } from "../../../src/channels/plugins/types.js";
 import { resolveSlackAccount } from "./accounts.js";
 import { createSlackWebClient } from "./client.js";
 
diff --git a/src/slack/draft-stream.test.ts b/extensions/slack/src/draft-stream.test.ts
similarity index 100%
rename from src/slack/draft-stream.test.ts
rename to extensions/slack/src/draft-stream.test.ts
diff --git a/src/slack/draft-stream.ts b/extensions/slack/src/draft-stream.ts
similarity index 97%
rename from src/slack/draft-stream.ts
rename to extensions/slack/src/draft-stream.ts
index b482ebd5820..bb80ff8d536 100644
--- a/src/slack/draft-stream.ts
+++ b/extensions/slack/src/draft-stream.ts
@@ -1,4 +1,4 @@
-import { createDraftStreamLoop } from "../channels/draft-stream-loop.js";
+import { createDraftStreamLoop } from "../../../src/channels/draft-stream-loop.js";
 import { deleteSlackMessage, editSlackMessage } from "./actions.js";
 import { sendMessageSlack } from "./send.js";
 
diff --git a/src/slack/format.test.ts b/extensions/slack/src/format.test.ts
similarity index 100%
rename from src/slack/format.test.ts
rename to extensions/slack/src/format.test.ts
diff --git a/src/slack/format.ts b/extensions/slack/src/format.ts
similarity index 95%
rename from src/slack/format.ts
rename to extensions/slack/src/format.ts
index baf8f804374..69aeaa6b3b9 100644
--- a/src/slack/format.ts
+++ b/extensions/slack/src/format.ts
@@ -1,6 +1,6 @@
-import type { MarkdownTableMode } from "../config/types.base.js";
-import { chunkMarkdownIR, markdownToIR, type MarkdownLinkSpan } from "../markdown/ir.js";
-import { renderMarkdownWithMarkers } from "../markdown/render.js";
+import type { MarkdownTableMode } from "../../../src/config/types.base.js";
+import { chunkMarkdownIR, markdownToIR, type MarkdownLinkSpan } from "../../../src/markdown/ir.js";
+import { renderMarkdownWithMarkers } from "../../../src/markdown/render.js";
 
 // Escape special characters for Slack mrkdwn format.
 // Preserve Slack's angle-bracket tokens so mentions and links stay intact.
diff --git a/src/slack/http/index.ts b/extensions/slack/src/http/index.ts
similarity index 100%
rename from src/slack/http/index.ts
rename to extensions/slack/src/http/index.ts
diff --git a/src/slack/http/registry.test.ts b/extensions/slack/src/http/registry.test.ts
similarity index 100%
rename from src/slack/http/registry.test.ts
rename to extensions/slack/src/http/registry.test.ts
diff --git a/src/slack/http/registry.ts b/extensions/slack/src/http/registry.ts
similarity index 100%
rename from src/slack/http/registry.ts
rename to extensions/slack/src/http/registry.ts
diff --git a/src/slack/index.ts b/extensions/slack/src/index.ts
similarity index 100%
rename from src/slack/index.ts
rename to extensions/slack/src/index.ts
diff --git a/src/slack/interactive-replies.test.ts b/extensions/slack/src/interactive-replies.test.ts
similarity index 93%
rename from src/slack/interactive-replies.test.ts
rename to extensions/slack/src/interactive-replies.test.ts
index 5222a4fc873..69557c4855b 100644
--- a/src/slack/interactive-replies.test.ts
+++ b/extensions/slack/src/interactive-replies.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { isSlackInteractiveRepliesEnabled } from "./interactive-replies.js";
 
 describe("isSlackInteractiveRepliesEnabled", () => {
diff --git a/src/slack/interactive-replies.ts b/extensions/slack/src/interactive-replies.ts
similarity index 94%
rename from src/slack/interactive-replies.ts
rename to extensions/slack/src/interactive-replies.ts
index 399c186cfdc..31784bd3b40 100644
--- a/src/slack/interactive-replies.ts
+++ b/extensions/slack/src/interactive-replies.ts
@@ -1,4 +1,4 @@
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { listSlackAccountIds, resolveSlackAccount } from "./accounts.js";
 
 function resolveInteractiveRepliesFromCapabilities(capabilities: unknown): boolean {
diff --git a/src/slack/message-actions.test.ts b/extensions/slack/src/message-actions.test.ts
similarity index 89%
rename from src/slack/message-actions.test.ts
rename to extensions/slack/src/message-actions.test.ts
index 71d8e72ebbc..5453ca9c1c8 100644
--- a/src/slack/message-actions.test.ts
+++ b/extensions/slack/src/message-actions.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { listSlackMessageActions } from "./message-actions.js";
 
 describe("listSlackMessageActions", () => {
diff --git a/src/slack/message-actions.ts b/extensions/slack/src/message-actions.ts
similarity index 87%
rename from src/slack/message-actions.ts
rename to extensions/slack/src/message-actions.ts
index 5c5a4ba928e..8e2a293f166 100644
--- a/src/slack/message-actions.ts
+++ b/extensions/slack/src/message-actions.ts
@@ -1,6 +1,9 @@
-import { createActionGate } from "../agents/tools/common.js";
-import type { ChannelMessageActionName, ChannelToolSend } from "../channels/plugins/types.js";
-import type { OpenClawConfig } from "../config/config.js";
+import { createActionGate } from "../../../src/agents/tools/common.js";
+import type {
+  ChannelMessageActionName,
+  ChannelToolSend,
+} from "../../../src/channels/plugins/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { listEnabledSlackAccounts } from "./accounts.js";
 
 export function listSlackMessageActions(cfg: OpenClawConfig): ChannelMessageActionName[] {
diff --git a/src/slack/modal-metadata.test.ts b/extensions/slack/src/modal-metadata.test.ts
similarity index 100%
rename from src/slack/modal-metadata.test.ts
rename to extensions/slack/src/modal-metadata.test.ts
diff --git a/src/slack/modal-metadata.ts b/extensions/slack/src/modal-metadata.ts
similarity index 100%
rename from src/slack/modal-metadata.ts
rename to extensions/slack/src/modal-metadata.ts
diff --git a/src/slack/monitor.test-helpers.ts b/extensions/slack/src/monitor.test-helpers.ts
similarity index 70%
rename from src/slack/monitor.test-helpers.ts
rename to extensions/slack/src/monitor.test-helpers.ts
index 17b868fa972..c62147dd4a4 100644
--- a/src/slack/monitor.test-helpers.ts
+++ b/extensions/slack/src/monitor.test-helpers.ts
@@ -5,6 +5,7 @@ type SlackProviderMonitor = (params: {
   botToken: string;
   appToken: string;
   abortSignal: AbortSignal;
+  config?: Record<string, unknown>;
 }) => Promise<unknown>;
 
 type SlackTestState = {
@@ -49,14 +50,51 @@ type SlackClient = {
   };
 };
 
-export const getSlackHandlers = () =>
-  (
-    globalThis as {
-      __slackHandlers?: Map<string, SlackHandler>;
-    }
-  ).__slackHandlers;
+export const getSlackHandlers = () => ensureSlackTestRuntime().handlers;
 
-export const getSlackClient = () => (globalThis as { __slackClient?: SlackClient }).__slackClient;
+export const getSlackClient = () => ensureSlackTestRuntime().client;
+
+function ensureSlackTestRuntime(): {
+  handlers: Map<string, SlackHandler>;
+  client: SlackClient;
+} {
+  const globalState = globalThis as {
+    __slackHandlers?: Map<string, SlackHandler>;
+    __slackClient?: SlackClient;
+  };
+  if (!globalState.__slackHandlers) {
+    globalState.__slackHandlers = new Map<string, SlackHandler>();
+  }
+  if (!globalState.__slackClient) {
+    globalState.__slackClient = {
+      auth: { test: vi.fn().mockResolvedValue({ user_id: "bot-user" }) },
+      conversations: {
+        info: vi.fn().mockResolvedValue({
+          channel: { name: "dm", is_im: true },
+        }),
+        replies: vi.fn().mockResolvedValue({ messages: [] }),
+        history: vi.fn().mockResolvedValue({ messages: [] }),
+      },
+      users: {
+        info: vi.fn().mockResolvedValue({
+          user: { profile: { display_name: "Ada" } },
+        }),
+      },
+      assistant: {
+        threads: {
+          setStatus: vi.fn().mockResolvedValue({ ok: true }),
+        },
+      },
+      reactions: {
+        add: (...args: unknown[]) => slackTestState.reactMock(...args),
+      },
+    };
+  }
+  return {
+    handlers: globalState.__slackHandlers,
+    client: globalState.__slackClient,
+  };
+}
 
 export const flush = () => new Promise((resolve) => setTimeout(resolve, 0));
 
@@ -78,6 +116,7 @@ export function startSlackMonitor(
     botToken: opts?.botToken ?? "bot-token",
     appToken: opts?.appToken ?? "app-token",
     abortSignal: controller.signal,
+    config: slackTestState.config,
   });
   return { controller, run };
 }
@@ -148,15 +187,15 @@ export function resetSlackTestState(config: Record<string, unknown> = defaultSla
   getSlackHandlers()?.clear();
 }
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: () => slackTestState.config,
   };
 });
 
-vi.mock("../auto-reply/reply.js", () => ({
+vi.mock("../../../src/auto-reply/reply.js", () => ({
   getReplyFromConfig: (...args: unknown[]) => slackTestState.replyMock(...args),
 }));
 
@@ -174,49 +213,28 @@ vi.mock("./send.js", () => ({
   sendMessageSlack: (...args: unknown[]) => slackTestState.sendMock(...args),
 }));
 
-vi.mock("../pairing/pairing-store.js", () => ({
+vi.mock("../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: (...args: unknown[]) => slackTestState.readAllowFromStoreMock(...args),
   upsertChannelPairingRequest: (...args: unknown[]) =>
     slackTestState.upsertPairingRequestMock(...args),
 }));
 
-vi.mock("../config/sessions.js", () => ({
-  resolveStorePath: vi.fn(() => "/tmp/openclaw-sessions.json"),
-  updateLastRoute: (...args: unknown[]) => slackTestState.updateLastRouteMock(...args),
-  resolveSessionKey: vi.fn(),
-  readSessionUpdatedAt: vi.fn(() => undefined),
-  recordSessionMetaFromInbound: vi.fn().mockResolvedValue(undefined),
-}));
+vi.mock("../../../src/config/sessions.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/sessions.js")>();
+  return {
+    ...actual,
+    resolveStorePath: vi.fn(() => "/tmp/openclaw-sessions.json"),
+    updateLastRoute: (...args: unknown[]) => slackTestState.updateLastRouteMock(...args),
+    resolveSessionKey: vi.fn(),
+    readSessionUpdatedAt: vi.fn(() => undefined),
+    recordSessionMetaFromInbound: vi.fn().mockResolvedValue(undefined),
+  };
+});
 
 vi.mock("@slack/bolt", () => {
-  const handlers = new Map<string, SlackHandler>();
-  (globalThis as { __slackHandlers?: typeof handlers }).__slackHandlers = handlers;
-  const client = {
-    auth: { test: vi.fn().mockResolvedValue({ user_id: "bot-user" }) },
-    conversations: {
-      info: vi.fn().mockResolvedValue({
-        channel: { name: "dm", is_im: true },
-      }),
-      replies: vi.fn().mockResolvedValue({ messages: [] }),
-      history: vi.fn().mockResolvedValue({ messages: [] }),
-    },
-    users: {
-      info: vi.fn().mockResolvedValue({
-        user: { profile: { display_name: "Ada" } },
-      }),
-    },
-    assistant: {
-      threads: {
-        setStatus: vi.fn().mockResolvedValue({ ok: true }),
-      },
-    },
-    reactions: {
-      add: (...args: unknown[]) => slackTestState.reactMock(...args),
-    },
-  };
-  (globalThis as { __slackClient?: typeof client }).__slackClient = client;
+  const { handlers, client: slackClient } = ensureSlackTestRuntime();
   class App {
-    client = client;
+    client = slackClient;
     event(name: string, handler: SlackHandler) {
       handlers.set(name, handler);
     }
diff --git a/src/slack/monitor.test.ts b/extensions/slack/src/monitor.test.ts
similarity index 100%
rename from src/slack/monitor.test.ts
rename to extensions/slack/src/monitor.test.ts
diff --git a/src/slack/monitor.threading.missing-thread-ts.test.ts b/extensions/slack/src/monitor.threading.missing-thread-ts.test.ts
similarity index 97%
rename from src/slack/monitor.threading.missing-thread-ts.test.ts
rename to extensions/slack/src/monitor.threading.missing-thread-ts.test.ts
index 69117616a4f..99944e04d3c 100644
--- a/src/slack/monitor.threading.missing-thread-ts.test.ts
+++ b/extensions/slack/src/monitor.threading.missing-thread-ts.test.ts
@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { resetInboundDedupe } from "../auto-reply/reply/inbound-dedupe.js";
+import { resetInboundDedupe } from "../../../src/auto-reply/reply/inbound-dedupe.js";
 import {
   flush,
   getSlackClient,
diff --git a/src/slack/monitor.tool-result.test.ts b/extensions/slack/src/monitor.tool-result.test.ts
similarity index 98%
rename from src/slack/monitor.tool-result.test.ts
rename to extensions/slack/src/monitor.tool-result.test.ts
index 53eb45918f9..770e2dd7f7d 100644
--- a/src/slack/monitor.tool-result.test.ts
+++ b/extensions/slack/src/monitor.tool-result.test.ts
@@ -1,7 +1,4 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { HISTORY_CONTEXT_MARKER } from "../auto-reply/reply/history.js";
-import { resetInboundDedupe } from "../auto-reply/reply/inbound-dedupe.js";
-import { CURRENT_MESSAGE_MARKER } from "../auto-reply/reply/mentions.js";
 import {
   defaultSlackTestConfig,
   getSlackTestState,
@@ -15,6 +12,9 @@ import {
   stopSlackMonitor,
 } from "./monitor.test-helpers.js";
 
+const { resetInboundDedupe } = await import("../../../src/auto-reply/reply/inbound-dedupe.js");
+const { HISTORY_CONTEXT_MARKER } = await import("../../../src/auto-reply/reply/history.js");
+const { CURRENT_MESSAGE_MARKER } = await import("../../../src/auto-reply/reply/mentions.js");
 const { monitorSlackProvider } = await import("./monitor.js");
 
 const slackTestState = getSlackTestState();
@@ -209,7 +209,9 @@ describe("monitorSlackProvider tool results", () => {
 
   function expectSingleSendWithThread(threadTs: string | undefined) {
     expect(sendMock).toHaveBeenCalledTimes(1);
-    expect(sendMock.mock.calls[0][2]).toMatchObject({ threadTs });
+    expect((sendMock.mock.calls[0]?.[2] as { threadTs?: string } | undefined)?.threadTs).toBe(
+      threadTs,
+    );
   }
 
   async function runDefaultMessageAndExpectSentText(expectedText: string) {
diff --git a/src/slack/monitor.ts b/extensions/slack/src/monitor.ts
similarity index 100%
rename from src/slack/monitor.ts
rename to extensions/slack/src/monitor.ts
diff --git a/src/slack/monitor/allow-list.test.ts b/extensions/slack/src/monitor/allow-list.test.ts
similarity index 100%
rename from src/slack/monitor/allow-list.test.ts
rename to extensions/slack/src/monitor/allow-list.test.ts
diff --git a/src/slack/monitor/allow-list.ts b/extensions/slack/src/monitor/allow-list.ts
similarity index 89%
rename from src/slack/monitor/allow-list.ts
rename to extensions/slack/src/monitor/allow-list.ts
index 53fc6c58505..0e800047502 100644
--- a/src/slack/monitor/allow-list.ts
+++ b/extensions/slack/src/monitor/allow-list.ts
@@ -1,13 +1,13 @@
 import {
   compileAllowlist,
-  resolveAllowlistCandidates,
+  resolveCompiledAllowlistMatch,
   type AllowlistMatch,
-} from "../../channels/allowlist-match.js";
+} from "../../../../src/channels/allowlist-match.js";
 import {
   normalizeHyphenSlug,
   normalizeStringEntries,
   normalizeStringEntriesLower,
-} from "../../shared/string-normalization.js";
+} from "../../../../src/shared/string-normalization.js";
 
 const SLACK_SLUG_CACHE_MAX = 512;
 const slackSlugCache = new Map<string, string>();
@@ -58,12 +58,6 @@ export function resolveSlackAllowListMatch(params: {
   allowNameMatching?: boolean;
 }): SlackAllowListMatch {
   const compiledAllowList = compileAllowlist(params.allowList);
-  if (compiledAllowList.set.size === 0) {
-    return { allowed: false };
-  }
-  if (compiledAllowList.wildcard) {
-    return { allowed: true, matchKey: "*", matchSource: "wildcard" };
-  }
   const id = params.id?.toLowerCase();
   const name = params.name?.toLowerCase();
   const slug = normalizeSlackSlug(name);
@@ -79,7 +73,7 @@ export function resolveSlackAllowListMatch(params: {
         ] satisfies Array<{ value?: string; source: SlackAllowListSource }>)
       : []),
   ];
-  return resolveAllowlistCandidates({
+  return resolveCompiledAllowlistMatch({
     compiledAllowlist: compiledAllowList,
     candidates,
   });
diff --git a/src/slack/monitor/auth.test.ts b/extensions/slack/src/monitor/auth.test.ts
similarity index 97%
rename from src/slack/monitor/auth.test.ts
rename to extensions/slack/src/monitor/auth.test.ts
index 20a46756cd9..8c86646dd06 100644
--- a/src/slack/monitor/auth.test.ts
+++ b/extensions/slack/src/monitor/auth.test.ts
@@ -3,7 +3,7 @@ import type { SlackMonitorContext } from "./context.js";
 
 const readChannelAllowFromStoreMock = vi.hoisted(() => vi.fn());
 
-vi.mock("../../pairing/pairing-store.js", () => ({
+vi.mock("../../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: (...args: unknown[]) => readChannelAllowFromStoreMock(...args),
 }));
 
diff --git a/src/slack/monitor/auth.ts b/extensions/slack/src/monitor/auth.ts
similarity index 98%
rename from src/slack/monitor/auth.ts
rename to extensions/slack/src/monitor/auth.ts
index b303e6c6bad..5022a94ad18 100644
--- a/src/slack/monitor/auth.ts
+++ b/extensions/slack/src/monitor/auth.ts
@@ -1,4 +1,4 @@
-import { readStoreAllowFromForDmPolicy } from "../../security/dm-policy-shared.js";
+import { readStoreAllowFromForDmPolicy } from "../../../../src/security/dm-policy-shared.js";
 import {
   allowListMatches,
   normalizeAllowList,
diff --git a/src/slack/monitor/channel-config.ts b/extensions/slack/src/monitor/channel-config.ts
similarity index 97%
rename from src/slack/monitor/channel-config.ts
rename to extensions/slack/src/monitor/channel-config.ts
index 88db84b33f4..e5f380a7102 100644
--- a/src/slack/monitor/channel-config.ts
+++ b/extensions/slack/src/monitor/channel-config.ts
@@ -3,8 +3,8 @@ import {
   buildChannelKeyCandidates,
   resolveChannelEntryMatchWithFallback,
   type ChannelMatchSource,
-} from "../../channels/channel-config.js";
-import type { SlackReactionNotificationMode } from "../../config/config.js";
+} from "../../../../src/channels/channel-config.js";
+import type { SlackReactionNotificationMode } from "../../../../src/config/config.js";
 import type { SlackMessageEvent } from "../types.js";
 import { allowListMatches, normalizeAllowListLower, normalizeSlackSlug } from "./allow-list.js";
 
diff --git a/src/slack/monitor/channel-type.ts b/extensions/slack/src/monitor/channel-type.ts
similarity index 100%
rename from src/slack/monitor/channel-type.ts
rename to extensions/slack/src/monitor/channel-type.ts
diff --git a/src/slack/monitor/commands.ts b/extensions/slack/src/monitor/commands.ts
similarity index 93%
rename from src/slack/monitor/commands.ts
rename to extensions/slack/src/monitor/commands.ts
index a50b75704eb..25fbaeb1007 100644
--- a/src/slack/monitor/commands.ts
+++ b/extensions/slack/src/monitor/commands.ts
@@ -1,4 +1,4 @@
-import type { SlackSlashCommandConfig } from "../../config/config.js";
+import type { SlackSlashCommandConfig } from "../../../../src/config/config.js";
 
 /**
  * Strip Slack mentions (<@U123>, <@U123|name>) so command detection works on
diff --git a/src/slack/monitor/context.test.ts b/extensions/slack/src/monitor/context.test.ts
similarity index 94%
rename from src/slack/monitor/context.test.ts
rename to extensions/slack/src/monitor/context.test.ts
index 11692fc0d52..b3694315af1 100644
--- a/src/slack/monitor/context.test.ts
+++ b/extensions/slack/src/monitor/context.test.ts
@@ -1,7 +1,7 @@
 import type { App } from "@slack/bolt";
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../../config/config.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import { createSlackMonitorContext } from "./context.js";
 
 function createTestContext() {
diff --git a/src/slack/monitor/context.ts b/extensions/slack/src/monitor/context.ts
similarity index 94%
rename from src/slack/monitor/context.ts
rename to extensions/slack/src/monitor/context.ts
index fd8882e2827..ad485a5c202 100644
--- a/src/slack/monitor/context.ts
+++ b/extensions/slack/src/monitor/context.ts
@@ -1,14 +1,17 @@
 import type { App } from "@slack/bolt";
-import type { HistoryEntry } from "../../auto-reply/reply/history.js";
-import { formatAllowlistMatchMeta } from "../../channels/allowlist-match.js";
-import type { OpenClawConfig, SlackReactionNotificationMode } from "../../config/config.js";
-import { resolveSessionKey, type SessionScope } from "../../config/sessions.js";
-import type { DmPolicy, GroupPolicy } from "../../config/types.js";
-import { logVerbose } from "../../globals.js";
-import { createDedupeCache } from "../../infra/dedupe.js";
-import { getChildLogger } from "../../logging.js";
-import { resolveAgentRoute } from "../../routing/resolve-route.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { HistoryEntry } from "../../../../src/auto-reply/reply/history.js";
+import { formatAllowlistMatchMeta } from "../../../../src/channels/allowlist-match.js";
+import type {
+  OpenClawConfig,
+  SlackReactionNotificationMode,
+} from "../../../../src/config/config.js";
+import { resolveSessionKey, type SessionScope } from "../../../../src/config/sessions.js";
+import type { DmPolicy, GroupPolicy } from "../../../../src/config/types.js";
+import { logVerbose } from "../../../../src/globals.js";
+import { createDedupeCache } from "../../../../src/infra/dedupe.js";
+import { getChildLogger } from "../../../../src/logging.js";
+import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import type { SlackMessageEvent } from "../types.js";
 import { normalizeAllowList, normalizeAllowListLower, normalizeSlackSlug } from "./allow-list.js";
 import type { SlackChannelConfigEntries } from "./channel-config.js";
@@ -50,7 +53,7 @@ export type SlackMonitorContext = {
   replyToMode: "off" | "first" | "all";
   threadHistoryScope: "thread" | "channel";
   threadInheritParent: boolean;
-  slashCommand: Required<import("../../config/config.js").SlackSlashCommandConfig>;
+  slashCommand: Required<import("../../../../src/config/config.js").SlackSlashCommandConfig>;
   textLimit: number;
   ackReactionScope: string;
   typingReaction: string;
diff --git a/src/slack/monitor/dm-auth.ts b/extensions/slack/src/monitor/dm-auth.ts
similarity index 88%
rename from src/slack/monitor/dm-auth.ts
rename to extensions/slack/src/monitor/dm-auth.ts
index f11a2aa51f7..20d850d869a 100644
--- a/src/slack/monitor/dm-auth.ts
+++ b/extensions/slack/src/monitor/dm-auth.ts
@@ -1,6 +1,6 @@
-import { formatAllowlistMatchMeta } from "../../channels/allowlist-match.js";
-import { issuePairingChallenge } from "../../pairing/pairing-challenge.js";
-import { upsertChannelPairingRequest } from "../../pairing/pairing-store.js";
+import { formatAllowlistMatchMeta } from "../../../../src/channels/allowlist-match.js";
+import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js";
+import { upsertChannelPairingRequest } from "../../../../src/pairing/pairing-store.js";
 import { resolveSlackAllowListMatch } from "./allow-list.js";
 import type { SlackMonitorContext } from "./context.js";
 
diff --git a/src/slack/monitor/events.ts b/extensions/slack/src/monitor/events.ts
similarity index 100%
rename from src/slack/monitor/events.ts
rename to extensions/slack/src/monitor/events.ts
diff --git a/src/slack/monitor/events/channels.test.ts b/extensions/slack/src/monitor/events/channels.test.ts
similarity index 97%
rename from src/slack/monitor/events/channels.test.ts
rename to extensions/slack/src/monitor/events/channels.test.ts
index 1c4bec094d2..7b8bbbad69d 100644
--- a/src/slack/monitor/events/channels.test.ts
+++ b/extensions/slack/src/monitor/events/channels.test.ts
@@ -4,7 +4,7 @@ import { createSlackSystemEventTestHarness } from "./system-event-test-harness.j
 
 const enqueueSystemEventMock = vi.fn();
 
-vi.mock("../../../infra/system-events.js", () => ({
+vi.mock("../../../../../src/infra/system-events.js", () => ({
   enqueueSystemEvent: (...args: unknown[]) => enqueueSystemEventMock(...args),
 }));
 
diff --git a/src/slack/monitor/events/channels.ts b/extensions/slack/src/monitor/events/channels.ts
similarity index 93%
rename from src/slack/monitor/events/channels.ts
rename to extensions/slack/src/monitor/events/channels.ts
index 3241eda41fd..283b6648cf9 100644
--- a/src/slack/monitor/events/channels.ts
+++ b/extensions/slack/src/monitor/events/channels.ts
@@ -1,8 +1,8 @@
 import type { SlackEventMiddlewareArgs } from "@slack/bolt";
-import { resolveChannelConfigWrites } from "../../../channels/plugins/config-writes.js";
-import { loadConfig, writeConfigFile } from "../../../config/config.js";
-import { danger, warn } from "../../../globals.js";
-import { enqueueSystemEvent } from "../../../infra/system-events.js";
+import { resolveChannelConfigWrites } from "../../../../../src/channels/plugins/config-writes.js";
+import { loadConfig, writeConfigFile } from "../../../../../src/config/config.js";
+import { danger, warn } from "../../../../../src/globals.js";
+import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js";
 import { migrateSlackChannelConfig } from "../../channel-migration.js";
 import { resolveSlackChannelLabel } from "../channel-config.js";
 import type { SlackMonitorContext } from "../context.js";
diff --git a/src/slack/monitor/events/interactions.modal.ts b/extensions/slack/src/monitor/events/interactions.modal.ts
similarity index 98%
rename from src/slack/monitor/events/interactions.modal.ts
rename to extensions/slack/src/monitor/events/interactions.modal.ts
index 99d1a3711b6..48e163c317f 100644
--- a/src/slack/monitor/events/interactions.modal.ts
+++ b/extensions/slack/src/monitor/events/interactions.modal.ts
@@ -1,4 +1,4 @@
-import { enqueueSystemEvent } from "../../../infra/system-events.js";
+import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js";
 import { parseSlackModalPrivateMetadata } from "../../modal-metadata.js";
 import { authorizeSlackSystemEventSender } from "../auth.js";
 import type { SlackMonitorContext } from "../context.js";
diff --git a/src/slack/monitor/events/interactions.test.ts b/extensions/slack/src/monitor/events/interactions.test.ts
similarity index 99%
rename from src/slack/monitor/events/interactions.test.ts
rename to extensions/slack/src/monitor/events/interactions.test.ts
index 21fd6d173d4..6de5ce3f229 100644
--- a/src/slack/monitor/events/interactions.test.ts
+++ b/extensions/slack/src/monitor/events/interactions.test.ts
@@ -3,7 +3,7 @@ import { registerSlackInteractionEvents } from "./interactions.js";
 
 const enqueueSystemEventMock = vi.fn();
 
-vi.mock("../../../infra/system-events.js", () => ({
+vi.mock("../../../../../src/infra/system-events.js", () => ({
   enqueueSystemEvent: (...args: unknown[]) => enqueueSystemEventMock(...args),
 }));
 
diff --git a/src/slack/monitor/events/interactions.ts b/extensions/slack/src/monitor/events/interactions.ts
similarity index 98%
rename from src/slack/monitor/events/interactions.ts
rename to extensions/slack/src/monitor/events/interactions.ts
index deca761dd52..1d542fd9665 100644
--- a/src/slack/monitor/events/interactions.ts
+++ b/extensions/slack/src/monitor/events/interactions.ts
@@ -1,6 +1,7 @@
 import type { SlackActionMiddlewareArgs } from "@slack/bolt";
 import type { Block, KnownBlock } from "@slack/web-api";
-import { enqueueSystemEvent } from "../../../infra/system-events.js";
+import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js";
+import { truncateSlackText } from "../../truncate.js";
 import { authorizeSlackSystemEventSender } from "../auth.js";
 import type { SlackMonitorContext } from "../context.js";
 import { escapeSlackMrkdwn } from "../mrkdwn.js";
@@ -53,17 +54,6 @@ type InteractionSummary = InteractionSelectionFields & {
   threadTs?: string;
 };
 
-function truncateInteractionString(
-  value: string,
-  max = SLACK_INTERACTION_STRING_MAX_CHARS,
-): string {
-  const trimmed = value.trim();
-  if (trimmed.length <= max) {
-    return trimmed;
-  }
-  return `${trimmed.slice(0, max - 1)}…`;
-}
-
 function sanitizeSlackInteractionPayloadValue(value: unknown, key?: string): unknown {
   if (value === undefined) {
     return undefined;
@@ -75,7 +65,7 @@ function sanitizeSlackInteractionPayloadValue(value: unknown, key?: string): unk
     return REDACTED_INTERACTION_VALUE;
   }
   if (typeof value === "string") {
-    return truncateInteractionString(value);
+    return truncateSlackText(value, SLACK_INTERACTION_STRING_MAX_CHARS);
   }
   if (Array.isArray(value)) {
     const sanitized = value
diff --git a/src/slack/monitor/events/members.test.ts b/extensions/slack/src/monitor/events/members.test.ts
similarity index 97%
rename from src/slack/monitor/events/members.test.ts
rename to extensions/slack/src/monitor/events/members.test.ts
index 168beca65ed..29cd840cff8 100644
--- a/src/slack/monitor/events/members.test.ts
+++ b/extensions/slack/src/monitor/events/members.test.ts
@@ -10,11 +10,11 @@ const memberMocks = vi.hoisted(() => ({
   readAllow: vi.fn(),
 }));
 
-vi.mock("../../../infra/system-events.js", () => ({
+vi.mock("../../../../../src/infra/system-events.js", () => ({
   enqueueSystemEvent: memberMocks.enqueue,
 }));
 
-vi.mock("../../../pairing/pairing-store.js", () => ({
+vi.mock("../../../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: memberMocks.readAllow,
 }));
 
diff --git a/src/slack/monitor/events/members.ts b/extensions/slack/src/monitor/events/members.ts
similarity index 94%
rename from src/slack/monitor/events/members.ts
rename to extensions/slack/src/monitor/events/members.ts
index 27dd2968a66..490c0bf6f04 100644
--- a/src/slack/monitor/events/members.ts
+++ b/extensions/slack/src/monitor/events/members.ts
@@ -1,6 +1,6 @@
 import type { SlackEventMiddlewareArgs } from "@slack/bolt";
-import { danger } from "../../../globals.js";
-import { enqueueSystemEvent } from "../../../infra/system-events.js";
+import { danger } from "../../../../../src/globals.js";
+import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js";
 import type { SlackMonitorContext } from "../context.js";
 import type { SlackMemberChannelEvent } from "../types.js";
 import { authorizeAndResolveSlackSystemEventContext } from "./system-event-context.js";
diff --git a/src/slack/monitor/events/message-subtype-handlers.test.ts b/extensions/slack/src/monitor/events/message-subtype-handlers.test.ts
similarity index 100%
rename from src/slack/monitor/events/message-subtype-handlers.test.ts
rename to extensions/slack/src/monitor/events/message-subtype-handlers.test.ts
diff --git a/src/slack/monitor/events/message-subtype-handlers.ts b/extensions/slack/src/monitor/events/message-subtype-handlers.ts
similarity index 100%
rename from src/slack/monitor/events/message-subtype-handlers.ts
rename to extensions/slack/src/monitor/events/message-subtype-handlers.ts
diff --git a/src/slack/monitor/events/messages.test.ts b/extensions/slack/src/monitor/events/messages.test.ts
similarity index 98%
rename from src/slack/monitor/events/messages.test.ts
rename to extensions/slack/src/monitor/events/messages.test.ts
index f22b24a44c7..a0e18125d8a 100644
--- a/src/slack/monitor/events/messages.test.ts
+++ b/extensions/slack/src/monitor/events/messages.test.ts
@@ -8,11 +8,11 @@ import {
 const messageQueueMock = vi.fn();
 const messageAllowMock = vi.fn();
 
-vi.mock("../../../infra/system-events.js", () => ({
+vi.mock("../../../../../src/infra/system-events.js", () => ({
   enqueueSystemEvent: (...args: unknown[]) => messageQueueMock(...args),
 }));
 
-vi.mock("../../../pairing/pairing-store.js", () => ({
+vi.mock("../../../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: (...args: unknown[]) => messageAllowMock(...args),
 }));
 
diff --git a/src/slack/monitor/events/messages.ts b/extensions/slack/src/monitor/events/messages.ts
similarity index 96%
rename from src/slack/monitor/events/messages.ts
rename to extensions/slack/src/monitor/events/messages.ts
index 04a1b311958..b950d5d19ea 100644
--- a/src/slack/monitor/events/messages.ts
+++ b/extensions/slack/src/monitor/events/messages.ts
@@ -1,6 +1,6 @@
 import type { SlackEventMiddlewareArgs } from "@slack/bolt";
-import { danger } from "../../../globals.js";
-import { enqueueSystemEvent } from "../../../infra/system-events.js";
+import { danger } from "../../../../../src/globals.js";
+import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js";
 import type { SlackAppMentionEvent, SlackMessageEvent } from "../../types.js";
 import { normalizeSlackChannelType } from "../channel-type.js";
 import type { SlackMonitorContext } from "../context.js";
diff --git a/src/slack/monitor/events/pins.test.ts b/extensions/slack/src/monitor/events/pins.test.ts
similarity index 97%
rename from src/slack/monitor/events/pins.test.ts
rename to extensions/slack/src/monitor/events/pins.test.ts
index 352b7d03a2b..0517508bb2a 100644
--- a/src/slack/monitor/events/pins.test.ts
+++ b/extensions/slack/src/monitor/events/pins.test.ts
@@ -8,10 +8,10 @@ import {
 const pinEnqueueMock = vi.hoisted(() => vi.fn());
 const pinAllowMock = vi.hoisted(() => vi.fn());
 
-vi.mock("../../../infra/system-events.js", () => {
+vi.mock("../../../../../src/infra/system-events.js", () => {
   return { enqueueSystemEvent: pinEnqueueMock };
 });
-vi.mock("../../../pairing/pairing-store.js", () => ({
+vi.mock("../../../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: pinAllowMock,
 }));
 
diff --git a/src/slack/monitor/events/pins.ts b/extensions/slack/src/monitor/events/pins.ts
similarity index 94%
rename from src/slack/monitor/events/pins.ts
rename to extensions/slack/src/monitor/events/pins.ts
index e3d076d8d7f..f051270624c 100644
--- a/src/slack/monitor/events/pins.ts
+++ b/extensions/slack/src/monitor/events/pins.ts
@@ -1,6 +1,6 @@
 import type { SlackEventMiddlewareArgs } from "@slack/bolt";
-import { danger } from "../../../globals.js";
-import { enqueueSystemEvent } from "../../../infra/system-events.js";
+import { danger } from "../../../../../src/globals.js";
+import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js";
 import type { SlackMonitorContext } from "../context.js";
 import type { SlackPinEvent } from "../types.js";
 import { authorizeAndResolveSlackSystemEventContext } from "./system-event-context.js";
diff --git a/src/slack/monitor/events/reactions.test.ts b/extensions/slack/src/monitor/events/reactions.test.ts
similarity index 97%
rename from src/slack/monitor/events/reactions.test.ts
rename to extensions/slack/src/monitor/events/reactions.test.ts
index 3581d8b5380..26f16579c05 100644
--- a/src/slack/monitor/events/reactions.test.ts
+++ b/extensions/slack/src/monitor/events/reactions.test.ts
@@ -8,13 +8,13 @@ import {
 const reactionQueueMock = vi.fn();
 const reactionAllowMock = vi.fn();
 
-vi.mock("../../../infra/system-events.js", () => {
+vi.mock("../../../../../src/infra/system-events.js", () => {
   return {
     enqueueSystemEvent: (...args: unknown[]) => reactionQueueMock(...args),
   };
 });
 
-vi.mock("../../../pairing/pairing-store.js", () => {
+vi.mock("../../../../../src/pairing/pairing-store.js", () => {
   return {
     readChannelAllowFromStore: (...args: unknown[]) => reactionAllowMock(...args),
   };
diff --git a/src/slack/monitor/events/reactions.ts b/extensions/slack/src/monitor/events/reactions.ts
similarity index 94%
rename from src/slack/monitor/events/reactions.ts
rename to extensions/slack/src/monitor/events/reactions.ts
index b3633ce33d3..439c15e6d12 100644
--- a/src/slack/monitor/events/reactions.ts
+++ b/extensions/slack/src/monitor/events/reactions.ts
@@ -1,6 +1,6 @@
 import type { SlackEventMiddlewareArgs } from "@slack/bolt";
-import { danger } from "../../../globals.js";
-import { enqueueSystemEvent } from "../../../infra/system-events.js";
+import { danger } from "../../../../../src/globals.js";
+import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js";
 import type { SlackMonitorContext } from "../context.js";
 import type { SlackReactionEvent } from "../types.js";
 import { authorizeAndResolveSlackSystemEventContext } from "./system-event-context.js";
diff --git a/src/slack/monitor/events/system-event-context.ts b/extensions/slack/src/monitor/events/system-event-context.ts
similarity index 95%
rename from src/slack/monitor/events/system-event-context.ts
rename to extensions/slack/src/monitor/events/system-event-context.ts
index 0c89ec2ce47..278dd2324d7 100644
--- a/src/slack/monitor/events/system-event-context.ts
+++ b/extensions/slack/src/monitor/events/system-event-context.ts
@@ -1,4 +1,4 @@
-import { logVerbose } from "../../../globals.js";
+import { logVerbose } from "../../../../../src/globals.js";
 import { authorizeSlackSystemEventSender } from "../auth.js";
 import { resolveSlackChannelLabel } from "../channel-config.js";
 import type { SlackMonitorContext } from "../context.js";
diff --git a/src/slack/monitor/events/system-event-test-harness.ts b/extensions/slack/src/monitor/events/system-event-test-harness.ts
similarity index 100%
rename from src/slack/monitor/events/system-event-test-harness.ts
rename to extensions/slack/src/monitor/events/system-event-test-harness.ts
diff --git a/src/slack/monitor/external-arg-menu-store.ts b/extensions/slack/src/monitor/external-arg-menu-store.ts
similarity index 96%
rename from src/slack/monitor/external-arg-menu-store.ts
rename to extensions/slack/src/monitor/external-arg-menu-store.ts
index 8ea66b2fed9..e2cbf68479d 100644
--- a/src/slack/monitor/external-arg-menu-store.ts
+++ b/extensions/slack/src/monitor/external-arg-menu-store.ts
@@ -1,4 +1,4 @@
-import { generateSecureToken } from "../../infra/secure-random.js";
+import { generateSecureToken } from "../../../../src/infra/secure-random.js";
 
 const SLACK_EXTERNAL_ARG_MENU_TOKEN_BYTES = 18;
 const SLACK_EXTERNAL_ARG_MENU_TOKEN_LENGTH = Math.ceil(
diff --git a/src/slack/monitor/media.test.ts b/extensions/slack/src/monitor/media.test.ts
similarity index 98%
rename from src/slack/monitor/media.test.ts
rename to extensions/slack/src/monitor/media.test.ts
index c521360fde7..f745f205950 100644
--- a/src/slack/monitor/media.test.ts
+++ b/extensions/slack/src/monitor/media.test.ts
@@ -1,10 +1,10 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import * as ssrf from "../../infra/net/ssrf.js";
-import * as mediaFetch from "../../media/fetch.js";
-import type { SavedMedia } from "../../media/store.js";
-import * as mediaStore from "../../media/store.js";
-import { mockPinnedHostnameResolution } from "../../test-helpers/ssrf.js";
-import { type FetchMock, withFetchPreconnect } from "../../test-utils/fetch-mock.js";
+import * as ssrf from "../../../../src/infra/net/ssrf.js";
+import * as mediaFetch from "../../../../src/media/fetch.js";
+import type { SavedMedia } from "../../../../src/media/store.js";
+import * as mediaStore from "../../../../src/media/store.js";
+import { mockPinnedHostnameResolution } from "../../../../src/test-helpers/ssrf.js";
+import { type FetchMock, withFetchPreconnect } from "../../../../src/test-utils/fetch-mock.js";
 import {
   fetchWithSlackAuth,
   resolveSlackAttachmentContent,
diff --git a/src/slack/monitor/media.ts b/extensions/slack/src/monitor/media.ts
similarity index 96%
rename from src/slack/monitor/media.ts
rename to extensions/slack/src/monitor/media.ts
index fca883966a8..7c5a619129f 100644
--- a/src/slack/monitor/media.ts
+++ b/extensions/slack/src/monitor/media.ts
@@ -1,8 +1,9 @@
 import type { WebClient as SlackWebClient } from "@slack/web-api";
-import { normalizeHostname } from "../../infra/net/hostname.js";
-import type { FetchLike } from "../../media/fetch.js";
-import { fetchRemoteMedia } from "../../media/fetch.js";
-import { saveMediaBuffer } from "../../media/store.js";
+import { normalizeHostname } from "../../../../src/infra/net/hostname.js";
+import type { FetchLike } from "../../../../src/media/fetch.js";
+import { fetchRemoteMedia } from "../../../../src/media/fetch.js";
+import { saveMediaBuffer } from "../../../../src/media/store.js";
+import { resolveRequestUrl } from "../../../../src/plugin-sdk/request-url.js";
 import type { SlackAttachment, SlackFile } from "../types.js";
 
 function isSlackHostname(hostname: string): boolean {
@@ -37,23 +38,13 @@ function assertSlackFileUrl(rawUrl: string): URL {
   return parsed;
 }
 
-function resolveRequestUrl(input: RequestInfo | URL): string {
-  if (typeof input === "string") {
-    return input;
-  }
-  if (input instanceof URL) {
-    return input.toString();
-  }
-  if ("url" in input && typeof input.url === "string") {
-    return input.url;
-  }
-  throw new Error("Unsupported fetch input: expected string, URL, or Request");
-}
-
 function createSlackMediaFetch(token: string): FetchLike {
   let includeAuth = true;
   return async (input, init) => {
     const url = resolveRequestUrl(input);
+    if (!url) {
+      throw new Error("Unsupported fetch input: expected string, URL, or Request");
+    }
     const { headers: initHeaders, redirect: _redirect, ...rest } = init ?? {};
     const headers = new Headers(initHeaders);
 
diff --git a/src/slack/monitor/message-handler.app-mention-race.test.ts b/extensions/slack/src/monitor/message-handler.app-mention-race.test.ts
similarity index 98%
rename from src/slack/monitor/message-handler.app-mention-race.test.ts
rename to extensions/slack/src/monitor/message-handler.app-mention-race.test.ts
index 8c6afb15a8b..a6b972f2e7d 100644
--- a/src/slack/monitor/message-handler.app-mention-race.test.ts
+++ b/extensions/slack/src/monitor/message-handler.app-mention-race.test.ts
@@ -8,7 +8,7 @@ const prepareSlackMessageMock =
   >();
 const dispatchPreparedSlackMessageMock = vi.fn<(prepared: unknown) => Promise<void>>();
 
-vi.mock("../../channels/inbound-debounce-policy.js", () => ({
+vi.mock("../../../../src/channels/inbound-debounce-policy.js", () => ({
   shouldDebounceTextInbound: () => false,
   createChannelInboundDebouncer: (params: {
     onFlush: (
diff --git a/src/slack/monitor/message-handler.debounce-key.test.ts b/extensions/slack/src/monitor/message-handler.debounce-key.test.ts
similarity index 100%
rename from src/slack/monitor/message-handler.debounce-key.test.ts
rename to extensions/slack/src/monitor/message-handler.debounce-key.test.ts
diff --git a/src/slack/monitor/message-handler.test.ts b/extensions/slack/src/monitor/message-handler.test.ts
similarity index 90%
rename from src/slack/monitor/message-handler.test.ts
rename to extensions/slack/src/monitor/message-handler.test.ts
index 8453b9ce4b0..cfea959f4d0 100644
--- a/src/slack/monitor/message-handler.test.ts
+++ b/extensions/slack/src/monitor/message-handler.test.ts
@@ -7,7 +7,7 @@ const resolveThreadTsMock = vi.fn(async ({ message }: { message: Record<string,
   ...message,
 }));
 
-vi.mock("../../auto-reply/inbound-debounce.js", () => ({
+vi.mock("../../../../src/auto-reply/inbound-debounce.js", () => ({
   resolveInboundDebounceMs: () => 10,
   createInboundDebouncer: () => ({
     enqueue: (entry: unknown) => enqueueMock(entry),
@@ -48,6 +48,20 @@ function createHandlerWithTracker(overrides?: {
   return { handler, trackEvent };
 }
 
+async function handleDirectMessage(
+  handler: ReturnType<typeof createHandlerWithTracker>["handler"],
+) {
+  await handler(
+    {
+      type: "message",
+      channel: "D1",
+      ts: "123.456",
+      text: "hello",
+    } as never,
+    { source: "message" },
+  );
+}
+
 describe("createSlackMessageHandler", () => {
   beforeEach(() => {
     enqueueMock.mockClear();
@@ -82,15 +96,7 @@ describe("createSlackMessageHandler", () => {
   it("does not track duplicate messages that are already seen", async () => {
     const { handler, trackEvent } = createHandlerWithTracker({ markMessageSeen: () => true });
 
-    await handler(
-      {
-        type: "message",
-        channel: "D1",
-        ts: "123.456",
-        text: "hello",
-      } as never,
-      { source: "message" },
-    );
+    await handleDirectMessage(handler);
 
     expect(trackEvent).not.toHaveBeenCalled();
     expect(resolveThreadTsMock).not.toHaveBeenCalled();
@@ -100,15 +106,7 @@ describe("createSlackMessageHandler", () => {
   it("tracks accepted non-duplicate messages", async () => {
     const { handler, trackEvent } = createHandlerWithTracker();
 
-    await handler(
-      {
-        type: "message",
-        channel: "D1",
-        ts: "123.456",
-        text: "hello",
-      } as never,
-      { source: "message" },
-    );
+    await handleDirectMessage(handler);
 
     expect(trackEvent).toHaveBeenCalledTimes(1);
     expect(resolveThreadTsMock).toHaveBeenCalledTimes(1);
diff --git a/src/slack/monitor/message-handler.ts b/extensions/slack/src/monitor/message-handler.ts
similarity index 99%
rename from src/slack/monitor/message-handler.ts
rename to extensions/slack/src/monitor/message-handler.ts
index 02961dd16c9..37e0eb23bd3 100644
--- a/src/slack/monitor/message-handler.ts
+++ b/extensions/slack/src/monitor/message-handler.ts
@@ -1,7 +1,7 @@
 import {
   createChannelInboundDebouncer,
   shouldDebounceTextInbound,
-} from "../../channels/inbound-debounce-policy.js";
+} from "../../../../src/channels/inbound-debounce-policy.js";
 import type { ResolvedSlackAccount } from "../accounts.js";
 import type { SlackMessageEvent } from "../types.js";
 import { stripSlackMentionsForCommandDetection } from "./commands.js";
diff --git a/src/slack/monitor/message-handler/dispatch.streaming.test.ts b/extensions/slack/src/monitor/message-handler/dispatch.streaming.test.ts
similarity index 100%
rename from src/slack/monitor/message-handler/dispatch.streaming.test.ts
rename to extensions/slack/src/monitor/message-handler/dispatch.streaming.test.ts
diff --git a/src/slack/monitor/message-handler/dispatch.ts b/extensions/slack/src/monitor/message-handler/dispatch.ts
similarity index 88%
rename from src/slack/monitor/message-handler/dispatch.ts
rename to extensions/slack/src/monitor/message-handler/dispatch.ts
index 029d110f0b9..43ee958bdda 100644
--- a/src/slack/monitor/message-handler/dispatch.ts
+++ b/extensions/slack/src/monitor/message-handler/dispatch.ts
@@ -1,17 +1,17 @@
-import { resolveHumanDelayConfig } from "../../../agents/identity.js";
-import { dispatchInboundMessage } from "../../../auto-reply/dispatch.js";
-import { clearHistoryEntriesIfEnabled } from "../../../auto-reply/reply/history.js";
-import { createReplyDispatcherWithTyping } from "../../../auto-reply/reply/reply-dispatcher.js";
-import type { ReplyPayload } from "../../../auto-reply/types.js";
-import { removeAckReactionAfterReply } from "../../../channels/ack-reactions.js";
-import { logAckFailure, logTypingFailure } from "../../../channels/logging.js";
-import { createReplyPrefixOptions } from "../../../channels/reply-prefix.js";
-import { createTypingCallbacks } from "../../../channels/typing.js";
-import { resolveStorePath, updateLastRoute } from "../../../config/sessions.js";
-import { danger, logVerbose, shouldLogVerbose } from "../../../globals.js";
-import { resolveAgentOutboundIdentity } from "../../../infra/outbound/identity.js";
-import { resolvePinnedMainDmOwnerFromAllowlist } from "../../../security/dm-policy-shared.js";
-import { reactSlackMessage, removeSlackReaction } from "../../actions.js";
+import { resolveHumanDelayConfig } from "../../../../../src/agents/identity.js";
+import { dispatchInboundMessage } from "../../../../../src/auto-reply/dispatch.js";
+import { clearHistoryEntriesIfEnabled } from "../../../../../src/auto-reply/reply/history.js";
+import { createReplyDispatcherWithTyping } from "../../../../../src/auto-reply/reply/reply-dispatcher.js";
+import type { ReplyPayload } from "../../../../../src/auto-reply/types.js";
+import { removeAckReactionAfterReply } from "../../../../../src/channels/ack-reactions.js";
+import { logAckFailure, logTypingFailure } from "../../../../../src/channels/logging.js";
+import { createReplyPrefixOptions } from "../../../../../src/channels/reply-prefix.js";
+import { createTypingCallbacks } from "../../../../../src/channels/typing.js";
+import { resolveStorePath, updateLastRoute } from "../../../../../src/config/sessions.js";
+import { danger, logVerbose, shouldLogVerbose } from "../../../../../src/globals.js";
+import { resolveAgentOutboundIdentity } from "../../../../../src/infra/outbound/identity.js";
+import { resolvePinnedMainDmOwnerFromAllowlist } from "../../../../../src/security/dm-policy-shared.js";
+import { editSlackMessage, reactSlackMessage, removeSlackReaction } from "../../actions.js";
 import { createSlackDraftStream } from "../../draft-stream.js";
 import { normalizeSlackOutboundText } from "../../format.js";
 import { recordSlackThreadParticipation } from "../../sent-thread-cache.js";
@@ -24,7 +24,12 @@ import type { SlackStreamSession } from "../../streaming.js";
 import { appendSlackStream, startSlackStream, stopSlackStream } from "../../streaming.js";
 import { resolveSlackThreadTargets } from "../../threading.js";
 import { normalizeSlackAllowOwnerEntry } from "../allow-list.js";
-import { createSlackReplyDeliveryPlan, deliverReplies, resolveSlackThreadTs } from "../replies.js";
+import {
+  createSlackReplyDeliveryPlan,
+  deliverReplies,
+  readSlackReplyBlocks,
+  resolveSlackThreadTs,
+} from "../replies.js";
 import type { PreparedSlackMessage } from "./types.js";
 
 function hasMedia(payload: ReplyPayload): boolean {
@@ -245,7 +250,12 @@ export async function dispatchPreparedSlackMessage(prepared: PreparedSlackMessag
   };
 
   const deliverWithStreaming = async (payload: ReplyPayload): Promise<void> => {
-    if (streamFailed || hasMedia(payload) || !payload.text?.trim()) {
+    if (
+      streamFailed ||
+      hasMedia(payload) ||
+      readSlackReplyBlocks(payload)?.length ||
+      !payload.text?.trim()
+    ) {
       await deliverNormally(payload, streamSession?.threadTs);
       return;
     }
@@ -302,28 +312,34 @@ export async function dispatchPreparedSlackMessage(prepared: PreparedSlackMessag
       }
 
       const mediaCount = payload.mediaUrls?.length ?? (payload.mediaUrl ? 1 : 0);
+      const slackBlocks = readSlackReplyBlocks(payload);
       const draftMessageId = draftStream?.messageId();
       const draftChannelId = draftStream?.channelId();
-      const finalText = payload.text;
+      const finalText = payload.text ?? "";
+      const trimmedFinalText = finalText.trim();
       const canFinalizeViaPreviewEdit =
         previewStreamingEnabled &&
         streamMode !== "status_final" &&
         mediaCount === 0 &&
         !payload.isError &&
-        typeof finalText === "string" &&
-        finalText.trim().length > 0 &&
+        (trimmedFinalText.length > 0 || Boolean(slackBlocks?.length)) &&
         typeof draftMessageId === "string" &&
         typeof draftChannelId === "string";
 
       if (canFinalizeViaPreviewEdit) {
         draftStream?.stop();
         try {
-          await ctx.app.client.chat.update({
-            token: ctx.botToken,
-            channel: draftChannelId,
-            ts: draftMessageId,
-            text: normalizeSlackOutboundText(finalText.trim()),
-          });
+          await editSlackMessage(
+            draftChannelId,
+            draftMessageId,
+            normalizeSlackOutboundText(trimmedFinalText),
+            {
+              token: ctx.botToken,
+              accountId: account.accountId,
+              client: ctx.app.client,
+              ...(slackBlocks?.length ? { blocks: slackBlocks } : {}),
+            },
+          );
           return;
         } catch (err) {
           logVerbose(
diff --git a/src/slack/monitor/message-handler/prepare-content.ts b/extensions/slack/src/monitor/message-handler/prepare-content.ts
similarity index 98%
rename from src/slack/monitor/message-handler/prepare-content.ts
rename to extensions/slack/src/monitor/message-handler/prepare-content.ts
index 2f3ad1a4e06..e1db426ad7e 100644
--- a/src/slack/monitor/message-handler/prepare-content.ts
+++ b/extensions/slack/src/monitor/message-handler/prepare-content.ts
@@ -1,4 +1,4 @@
-import { logVerbose } from "../../../globals.js";
+import { logVerbose } from "../../../../../src/globals.js";
 import type { SlackFile, SlackMessageEvent } from "../../types.js";
 import {
   MAX_SLACK_MEDIA_FILES,
diff --git a/src/slack/monitor/message-handler/prepare-thread-context.ts b/extensions/slack/src/monitor/message-handler/prepare-thread-context.ts
similarity index 93%
rename from src/slack/monitor/message-handler/prepare-thread-context.ts
rename to extensions/slack/src/monitor/message-handler/prepare-thread-context.ts
index f25aa881629..9673e8d72cc 100644
--- a/src/slack/monitor/message-handler/prepare-thread-context.ts
+++ b/extensions/slack/src/monitor/message-handler/prepare-thread-context.ts
@@ -1,6 +1,6 @@
-import { formatInboundEnvelope } from "../../../auto-reply/envelope.js";
-import { readSessionUpdatedAt } from "../../../config/sessions.js";
-import { logVerbose } from "../../../globals.js";
+import { formatInboundEnvelope } from "../../../../../src/auto-reply/envelope.js";
+import { readSessionUpdatedAt } from "../../../../../src/config/sessions.js";
+import { logVerbose } from "../../../../../src/globals.js";
 import type { ResolvedSlackAccount } from "../../accounts.js";
 import type { SlackMessageEvent } from "../../types.js";
 import type { SlackMonitorContext } from "../context.js";
@@ -30,7 +30,7 @@ export async function resolveSlackThreadContextData(params: {
   storePath: string;
   sessionKey: string;
   envelopeOptions: ReturnType<
-    typeof import("../../../auto-reply/envelope.js").resolveEnvelopeFormatOptions
+    typeof import("../../../../../src/auto-reply/envelope.js").resolveEnvelopeFormatOptions
   >;
   effectiveDirectMedia: SlackMediaResult[] | null;
 }): Promise<SlackThreadContextData> {
diff --git a/src/slack/monitor/message-handler/prepare.test-helpers.ts b/extensions/slack/src/monitor/message-handler/prepare.test-helpers.ts
similarity index 93%
rename from src/slack/monitor/message-handler/prepare.test-helpers.ts
rename to extensions/slack/src/monitor/message-handler/prepare.test-helpers.ts
index 39cbaeb4db0..cdc7a3bc411 100644
--- a/src/slack/monitor/message-handler/prepare.test-helpers.ts
+++ b/extensions/slack/src/monitor/message-handler/prepare.test-helpers.ts
@@ -1,6 +1,6 @@
 import type { App } from "@slack/bolt";
-import type { OpenClawConfig } from "../../../config/config.js";
-import type { RuntimeEnv } from "../../../runtime.js";
+import type { OpenClawConfig } from "../../../../../src/config/config.js";
+import type { RuntimeEnv } from "../../../../../src/runtime.js";
 import type { ResolvedSlackAccount } from "../../accounts.js";
 import { createSlackMonitorContext } from "../context.js";
 
diff --git a/src/slack/monitor/message-handler/prepare.test.ts b/extensions/slack/src/monitor/message-handler/prepare.test.ts
similarity index 98%
rename from src/slack/monitor/message-handler/prepare.test.ts
rename to extensions/slack/src/monitor/message-handler/prepare.test.ts
index a5007831a2b..a6858e529af 100644
--- a/src/slack/monitor/message-handler/prepare.test.ts
+++ b/extensions/slack/src/monitor/message-handler/prepare.test.ts
@@ -3,10 +3,10 @@ import os from "node:os";
 import path from "node:path";
 import type { App } from "@slack/bolt";
 import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";
-import { expectInboundContextContract } from "../../../../test/helpers/inbound-contract.js";
-import type { OpenClawConfig } from "../../../config/config.js";
-import { resolveAgentRoute } from "../../../routing/resolve-route.js";
-import { resolveThreadSessionKeys } from "../../../routing/session-key.js";
+import type { OpenClawConfig } from "../../../../../src/config/config.js";
+import { resolveAgentRoute } from "../../../../../src/routing/resolve-route.js";
+import { resolveThreadSessionKeys } from "../../../../../src/routing/session-key.js";
+import { expectInboundContextContract } from "../../../../../test/helpers/inbound-contract.js";
 import type { ResolvedSlackAccount } from "../../accounts.js";
 import type { SlackMessageEvent } from "../../types.js";
 import type { SlackMonitorContext } from "../context.js";
diff --git a/src/slack/monitor/message-handler/prepare.thread-session-key.test.ts b/extensions/slack/src/monitor/message-handler/prepare.thread-session-key.test.ts
similarity index 98%
rename from src/slack/monitor/message-handler/prepare.thread-session-key.test.ts
rename to extensions/slack/src/monitor/message-handler/prepare.thread-session-key.test.ts
index 56207795357..ea3a1935766 100644
--- a/src/slack/monitor/message-handler/prepare.thread-session-key.test.ts
+++ b/extensions/slack/src/monitor/message-handler/prepare.thread-session-key.test.ts
@@ -1,6 +1,6 @@
 import type { App } from "@slack/bolt";
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../../../config/config.js";
+import type { OpenClawConfig } from "../../../../../src/config/config.js";
 import type { SlackMessageEvent } from "../../types.js";
 import { prepareSlackMessage } from "./prepare.js";
 import { createInboundSlackTestContext, createSlackTestAccount } from "./prepare.test-helpers.js";
diff --git a/src/slack/monitor/message-handler/prepare.ts b/extensions/slack/src/monitor/message-handler/prepare.ts
similarity index 94%
rename from src/slack/monitor/message-handler/prepare.ts
rename to extensions/slack/src/monitor/message-handler/prepare.ts
index f0b3127e450..ba18b008d37 100644
--- a/src/slack/monitor/message-handler/prepare.ts
+++ b/extensions/slack/src/monitor/message-handler/prepare.ts
@@ -1,35 +1,35 @@
-import { resolveAckReaction } from "../../../agents/identity.js";
-import { hasControlCommand } from "../../../auto-reply/command-detection.js";
-import { shouldHandleTextCommands } from "../../../auto-reply/commands-registry.js";
+import { resolveAckReaction } from "../../../../../src/agents/identity.js";
+import { hasControlCommand } from "../../../../../src/auto-reply/command-detection.js";
+import { shouldHandleTextCommands } from "../../../../../src/auto-reply/commands-registry.js";
 import {
   formatInboundEnvelope,
   resolveEnvelopeFormatOptions,
-} from "../../../auto-reply/envelope.js";
+} from "../../../../../src/auto-reply/envelope.js";
 import {
   buildPendingHistoryContextFromMap,
   recordPendingHistoryEntryIfEnabled,
-} from "../../../auto-reply/reply/history.js";
-import { finalizeInboundContext } from "../../../auto-reply/reply/inbound-context.js";
+} from "../../../../../src/auto-reply/reply/history.js";
+import { finalizeInboundContext } from "../../../../../src/auto-reply/reply/inbound-context.js";
 import {
   buildMentionRegexes,
   matchesMentionWithExplicit,
-} from "../../../auto-reply/reply/mentions.js";
-import type { FinalizedMsgContext } from "../../../auto-reply/templating.js";
+} from "../../../../../src/auto-reply/reply/mentions.js";
+import type { FinalizedMsgContext } from "../../../../../src/auto-reply/templating.js";
 import {
   shouldAckReaction as shouldAckReactionGate,
   type AckReactionScope,
-} from "../../../channels/ack-reactions.js";
-import { resolveControlCommandGate } from "../../../channels/command-gating.js";
-import { resolveConversationLabel } from "../../../channels/conversation-label.js";
-import { logInboundDrop } from "../../../channels/logging.js";
-import { resolveMentionGatingWithBypass } from "../../../channels/mention-gating.js";
-import { recordInboundSession } from "../../../channels/session.js";
-import { readSessionUpdatedAt, resolveStorePath } from "../../../config/sessions.js";
-import { logVerbose, shouldLogVerbose } from "../../../globals.js";
-import { enqueueSystemEvent } from "../../../infra/system-events.js";
-import { resolveAgentRoute } from "../../../routing/resolve-route.js";
-import { resolveThreadSessionKeys } from "../../../routing/session-key.js";
-import { resolvePinnedMainDmOwnerFromAllowlist } from "../../../security/dm-policy-shared.js";
+} from "../../../../../src/channels/ack-reactions.js";
+import { resolveControlCommandGate } from "../../../../../src/channels/command-gating.js";
+import { resolveConversationLabel } from "../../../../../src/channels/conversation-label.js";
+import { logInboundDrop } from "../../../../../src/channels/logging.js";
+import { resolveMentionGatingWithBypass } from "../../../../../src/channels/mention-gating.js";
+import { recordInboundSession } from "../../../../../src/channels/session.js";
+import { readSessionUpdatedAt, resolveStorePath } from "../../../../../src/config/sessions.js";
+import { logVerbose, shouldLogVerbose } from "../../../../../src/globals.js";
+import { enqueueSystemEvent } from "../../../../../src/infra/system-events.js";
+import { resolveAgentRoute } from "../../../../../src/routing/resolve-route.js";
+import { resolveThreadSessionKeys } from "../../../../../src/routing/session-key.js";
+import { resolvePinnedMainDmOwnerFromAllowlist } from "../../../../../src/security/dm-policy-shared.js";
 import { resolveSlackReplyToMode, type ResolvedSlackAccount } from "../../accounts.js";
 import { reactSlackMessage } from "../../actions.js";
 import { sendMessageSlack } from "../../send.js";
diff --git a/src/slack/monitor/message-handler/types.ts b/extensions/slack/src/monitor/message-handler/types.ts
similarity index 81%
rename from src/slack/monitor/message-handler/types.ts
rename to extensions/slack/src/monitor/message-handler/types.ts
index c99380d8b20..cd1e2bdc40c 100644
--- a/src/slack/monitor/message-handler/types.ts
+++ b/extensions/slack/src/monitor/message-handler/types.ts
@@ -1,5 +1,5 @@
-import type { FinalizedMsgContext } from "../../../auto-reply/templating.js";
-import type { ResolvedAgentRoute } from "../../../routing/resolve-route.js";
+import type { FinalizedMsgContext } from "../../../../../src/auto-reply/templating.js";
+import type { ResolvedAgentRoute } from "../../../../../src/routing/resolve-route.js";
 import type { ResolvedSlackAccount } from "../../accounts.js";
 import type { SlackMessageEvent } from "../../types.js";
 import type { SlackChannelConfigResolved } from "../channel-config.js";
diff --git a/src/slack/monitor/monitor.test.ts b/extensions/slack/src/monitor/monitor.test.ts
similarity index 99%
rename from src/slack/monitor/monitor.test.ts
rename to extensions/slack/src/monitor/monitor.test.ts
index 7e7dfd11129..6741700ba5c 100644
--- a/src/slack/monitor/monitor.test.ts
+++ b/extensions/slack/src/monitor/monitor.test.ts
@@ -1,7 +1,7 @@
 import type { App } from "@slack/bolt";
 import { afterEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../../config/config.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { OpenClawConfig } from "../../../../src/config/config.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import type { SlackMessageEvent } from "../types.js";
 import { resolveSlackChannelConfig } from "./channel-config.js";
 import { createSlackMonitorContext, normalizeSlackChannelType } from "./context.js";
diff --git a/src/slack/monitor/mrkdwn.ts b/extensions/slack/src/monitor/mrkdwn.ts
similarity index 100%
rename from src/slack/monitor/mrkdwn.ts
rename to extensions/slack/src/monitor/mrkdwn.ts
diff --git a/src/slack/monitor/policy.ts b/extensions/slack/src/monitor/policy.ts
similarity index 80%
rename from src/slack/monitor/policy.ts
rename to extensions/slack/src/monitor/policy.ts
index cb1204910ec..ab5d9230a62 100644
--- a/src/slack/monitor/policy.ts
+++ b/extensions/slack/src/monitor/policy.ts
@@ -1,4 +1,4 @@
-import { evaluateGroupRouteAccessForPolicy } from "../../plugin-sdk/group-access.js";
+import { evaluateGroupRouteAccessForPolicy } from "../../../../src/plugin-sdk/group-access.js";
 
 export function isSlackChannelAllowedByPolicy(params: {
   groupPolicy: "open" | "disabled" | "allowlist";
diff --git a/src/slack/monitor/provider.auth-errors.test.ts b/extensions/slack/src/monitor/provider.auth-errors.test.ts
similarity index 100%
rename from src/slack/monitor/provider.auth-errors.test.ts
rename to extensions/slack/src/monitor/provider.auth-errors.test.ts
diff --git a/src/slack/monitor/provider.group-policy.test.ts b/extensions/slack/src/monitor/provider.group-policy.test.ts
similarity index 90%
rename from src/slack/monitor/provider.group-policy.test.ts
rename to extensions/slack/src/monitor/provider.group-policy.test.ts
index e71e25eb565..392003ad5f5 100644
--- a/src/slack/monitor/provider.group-policy.test.ts
+++ b/extensions/slack/src/monitor/provider.group-policy.test.ts
@@ -1,5 +1,5 @@
 import { describe } from "vitest";
-import { installProviderRuntimeGroupPolicyFallbackSuite } from "../../test-utils/runtime-group-policy-contract.js";
+import { installProviderRuntimeGroupPolicyFallbackSuite } from "../../../../src/test-utils/runtime-group-policy-contract.js";
 import { __testing } from "./provider.js";
 
 describe("resolveSlackRuntimeGroupPolicy", () => {
diff --git a/src/slack/monitor/provider.reconnect.test.ts b/extensions/slack/src/monitor/provider.reconnect.test.ts
similarity index 100%
rename from src/slack/monitor/provider.reconnect.test.ts
rename to extensions/slack/src/monitor/provider.reconnect.test.ts
diff --git a/src/slack/monitor/provider.ts b/extensions/slack/src/monitor/provider.ts
similarity index 94%
rename from src/slack/monitor/provider.ts
rename to extensions/slack/src/monitor/provider.ts
index 3db3d3690fa..149d33bbf15 100644
--- a/src/slack/monitor/provider.ts
+++ b/extensions/slack/src/monitor/provider.ts
@@ -1,30 +1,30 @@
 import type { IncomingMessage, ServerResponse } from "node:http";
 import SlackBolt from "@slack/bolt";
-import { resolveTextChunkLimit } from "../../auto-reply/chunk.js";
-import { DEFAULT_GROUP_HISTORY_LIMIT } from "../../auto-reply/reply/history.js";
+import { resolveTextChunkLimit } from "../../../../src/auto-reply/chunk.js";
+import { DEFAULT_GROUP_HISTORY_LIMIT } from "../../../../src/auto-reply/reply/history.js";
 import {
   addAllowlistUserEntriesFromConfigEntry,
   buildAllowlistResolutionSummary,
   mergeAllowlist,
   patchAllowlistUsersInConfigEntries,
   summarizeMapping,
-} from "../../channels/allowlists/resolve-utils.js";
-import { loadConfig } from "../../config/config.js";
-import { isDangerousNameMatchingEnabled } from "../../config/dangerous-name-matching.js";
+} from "../../../../src/channels/allowlists/resolve-utils.js";
+import { loadConfig } from "../../../../src/config/config.js";
+import { isDangerousNameMatchingEnabled } from "../../../../src/config/dangerous-name-matching.js";
 import {
   resolveOpenProviderRuntimeGroupPolicy,
   resolveDefaultGroupPolicy,
   warnMissingProviderGroupPolicyFallbackOnce,
-} from "../../config/runtime-group-policy.js";
-import type { SessionScope } from "../../config/sessions.js";
-import { normalizeResolvedSecretInputString } from "../../config/types.secrets.js";
-import { createConnectedChannelStatusPatch } from "../../gateway/channel-status-patches.js";
-import { warn } from "../../globals.js";
-import { computeBackoff, sleepWithAbort } from "../../infra/backoff.js";
-import { installRequestBodyLimitGuard } from "../../infra/http-body.js";
-import { normalizeMainKey } from "../../routing/session-key.js";
-import { createNonExitingRuntime, type RuntimeEnv } from "../../runtime.js";
-import { normalizeStringEntries } from "../../shared/string-normalization.js";
+} from "../../../../src/config/runtime-group-policy.js";
+import type { SessionScope } from "../../../../src/config/sessions.js";
+import { normalizeResolvedSecretInputString } from "../../../../src/config/types.secrets.js";
+import { createConnectedChannelStatusPatch } from "../../../../src/gateway/channel-status-patches.js";
+import { warn } from "../../../../src/globals.js";
+import { computeBackoff, sleepWithAbort } from "../../../../src/infra/backoff.js";
+import { installRequestBodyLimitGuard } from "../../../../src/infra/http-body.js";
+import { normalizeMainKey } from "../../../../src/routing/session-key.js";
+import { createNonExitingRuntime, type RuntimeEnv } from "../../../../src/runtime.js";
+import { normalizeStringEntries } from "../../../../src/shared/string-normalization.js";
 import { resolveSlackAccount } from "../accounts.js";
 import { resolveSlackWebClientOptions } from "../client.js";
 import { normalizeSlackWebhookPath, registerSlackHttpHandler } from "../http/index.js";
diff --git a/src/slack/monitor/reconnect-policy.ts b/extensions/slack/src/monitor/reconnect-policy.ts
similarity index 100%
rename from src/slack/monitor/reconnect-policy.ts
rename to extensions/slack/src/monitor/reconnect-policy.ts
diff --git a/src/slack/monitor/replies.test.ts b/extensions/slack/src/monitor/replies.test.ts
similarity index 67%
rename from src/slack/monitor/replies.test.ts
rename to extensions/slack/src/monitor/replies.test.ts
index 3d0c3e4fc5a..50bf5e4026f 100644
--- a/src/slack/monitor/replies.test.ts
+++ b/extensions/slack/src/monitor/replies.test.ts
@@ -53,4 +53,45 @@ describe("deliverReplies identity passthrough", () => {
     expect(sendMock).toHaveBeenCalledOnce();
     expect(sendMock.mock.calls[0][2]).not.toHaveProperty("identity");
   });
+
+  it("delivers block-only replies through to sendMessageSlack", async () => {
+    sendMock.mockResolvedValue(undefined);
+    const blocks = [
+      {
+        type: "actions",
+        elements: [
+          {
+            type: "button",
+            action_id: "openclaw:reply_button",
+            text: { type: "plain_text", text: "Option A" },
+            value: "reply_1_option_a",
+          },
+        ],
+      },
+    ];
+
+    await deliverReplies(
+      baseParams({
+        replies: [
+          {
+            text: "",
+            channelData: {
+              slack: {
+                blocks,
+              },
+            },
+          },
+        ],
+      }),
+    );
+
+    expect(sendMock).toHaveBeenCalledOnce();
+    expect(sendMock).toHaveBeenCalledWith(
+      "C123",
+      "",
+      expect.objectContaining({
+        blocks,
+      }),
+    );
+  });
 });
diff --git a/src/slack/monitor/replies.ts b/extensions/slack/src/monitor/replies.ts
similarity index 81%
rename from src/slack/monitor/replies.ts
rename to extensions/slack/src/monitor/replies.ts
index 4c19ac9625c..885e71b7818 100644
--- a/src/slack/monitor/replies.ts
+++ b/extensions/slack/src/monitor/replies.ts
@@ -1,13 +1,26 @@
-import type { ChunkMode } from "../../auto-reply/chunk.js";
-import { chunkMarkdownTextWithMode } from "../../auto-reply/chunk.js";
-import { createReplyReferencePlanner } from "../../auto-reply/reply/reply-reference.js";
-import { isSilentReplyText, SILENT_REPLY_TOKEN } from "../../auto-reply/tokens.js";
-import type { ReplyPayload } from "../../auto-reply/types.js";
-import type { MarkdownTableMode } from "../../config/types.base.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { ChunkMode } from "../../../../src/auto-reply/chunk.js";
+import { chunkMarkdownTextWithMode } from "../../../../src/auto-reply/chunk.js";
+import { createReplyReferencePlanner } from "../../../../src/auto-reply/reply/reply-reference.js";
+import { isSilentReplyText, SILENT_REPLY_TOKEN } from "../../../../src/auto-reply/tokens.js";
+import type { ReplyPayload } from "../../../../src/auto-reply/types.js";
+import type { MarkdownTableMode } from "../../../../src/config/types.base.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
+import { parseSlackBlocksInput } from "../blocks-input.js";
 import { markdownToSlackMrkdwnChunks } from "../format.js";
 import { sendMessageSlack, type SlackSendIdentity } from "../send.js";
 
+export function readSlackReplyBlocks(payload: ReplyPayload) {
+  const slackData = payload.channelData?.slack;
+  if (!slackData || typeof slackData !== "object" || Array.isArray(slackData)) {
+    return undefined;
+  }
+  try {
+    return parseSlackBlocksInput((slackData as { blocks?: unknown }).blocks);
+  } catch {
+    return undefined;
+  }
+}
+
 export async function deliverReplies(params: {
   replies: ReplyPayload[];
   target: string;
@@ -26,19 +39,24 @@ export async function deliverReplies(params: {
     const threadTs = inlineReplyToId ?? params.replyThreadTs;
     const mediaList = payload.mediaUrls ?? (payload.mediaUrl ? [payload.mediaUrl] : []);
     const text = payload.text ?? "";
-    if (!text && mediaList.length === 0) {
+    const slackBlocks = readSlackReplyBlocks(payload);
+    if (!text && mediaList.length === 0 && !slackBlocks?.length) {
       continue;
     }
 
     if (mediaList.length === 0) {
       const trimmed = text.trim();
-      if (!trimmed || isSilentReplyText(trimmed, SILENT_REPLY_TOKEN)) {
+      if (!trimmed && !slackBlocks?.length) {
+        continue;
+      }
+      if (trimmed && isSilentReplyText(trimmed, SILENT_REPLY_TOKEN)) {
         continue;
       }
       await sendMessageSlack(params.target, trimmed, {
         token: params.token,
         threadTs,
         accountId: params.accountId,
+        ...(slackBlocks?.length ? { blocks: slackBlocks } : {}),
         ...(params.identity ? { identity: params.identity } : {}),
       });
     } else {
diff --git a/src/slack/monitor/room-context.ts b/extensions/slack/src/monitor/room-context.ts
similarity index 90%
rename from src/slack/monitor/room-context.ts
rename to extensions/slack/src/monitor/room-context.ts
index 65359136227..3cdf584566a 100644
--- a/src/slack/monitor/room-context.ts
+++ b/extensions/slack/src/monitor/room-context.ts
@@ -1,4 +1,4 @@
-import { buildUntrustedChannelMetadata } from "../../security/channel-metadata.js";
+import { buildUntrustedChannelMetadata } from "../../../../src/security/channel-metadata.js";
 
 export function resolveSlackRoomContextHints(params: {
   isRoomish: boolean;
diff --git a/src/slack/monitor/slash-commands.runtime.ts b/extensions/slack/src/monitor/slash-commands.runtime.ts
similarity index 71%
rename from src/slack/monitor/slash-commands.runtime.ts
rename to extensions/slack/src/monitor/slash-commands.runtime.ts
index c6225a9d7e5..a87490f43bc 100644
--- a/src/slack/monitor/slash-commands.runtime.ts
+++ b/extensions/slack/src/monitor/slash-commands.runtime.ts
@@ -4,4 +4,4 @@ export {
   listNativeCommandSpecsForConfig,
   parseCommandArgs,
   resolveCommandArgMenu,
-} from "../../auto-reply/commands-registry.js";
+} from "../../../../src/auto-reply/commands-registry.js";
diff --git a/extensions/slack/src/monitor/slash-dispatch.runtime.ts b/extensions/slack/src/monitor/slash-dispatch.runtime.ts
new file mode 100644
index 00000000000..01e47782467
--- /dev/null
+++ b/extensions/slack/src/monitor/slash-dispatch.runtime.ts
@@ -0,0 +1,9 @@
+export { resolveChunkMode } from "../../../../src/auto-reply/chunk.js";
+export { finalizeInboundContext } from "../../../../src/auto-reply/reply/inbound-context.js";
+export { dispatchReplyWithDispatcher } from "../../../../src/auto-reply/reply/provider-dispatcher.js";
+export { resolveConversationLabel } from "../../../../src/channels/conversation-label.js";
+export { createReplyPrefixOptions } from "../../../../src/channels/reply-prefix.js";
+export { recordInboundSessionMetaSafe } from "../../../../src/channels/session-meta.js";
+export { resolveMarkdownTableMode } from "../../../../src/config/markdown-tables.js";
+export { resolveAgentRoute } from "../../../../src/routing/resolve-route.js";
+export { deliverSlackSlashReplies } from "./replies.js";
diff --git a/extensions/slack/src/monitor/slash-skill-commands.runtime.ts b/extensions/slack/src/monitor/slash-skill-commands.runtime.ts
new file mode 100644
index 00000000000..20da07b3ec5
--- /dev/null
+++ b/extensions/slack/src/monitor/slash-skill-commands.runtime.ts
@@ -0,0 +1 @@
+export { listSkillCommandsForAgents } from "../../../../src/auto-reply/skill-commands.js";
diff --git a/src/slack/monitor/slash.test-harness.ts b/extensions/slack/src/monitor/slash.test-harness.ts
similarity index 85%
rename from src/slack/monitor/slash.test-harness.ts
rename to extensions/slack/src/monitor/slash.test-harness.ts
index 39dec929b44..4b6f5a4ea27 100644
--- a/src/slack/monitor/slash.test-harness.ts
+++ b/extensions/slack/src/monitor/slash.test-harness.ts
@@ -12,32 +12,32 @@ const mocks = vi.hoisted(() => ({
   resolveStorePathMock: vi.fn(),
 }));
 
-vi.mock("../../auto-reply/reply/provider-dispatcher.js", () => ({
+vi.mock("../../../../src/auto-reply/reply/provider-dispatcher.js", () => ({
   dispatchReplyWithDispatcher: (...args: unknown[]) => mocks.dispatchMock(...args),
 }));
 
-vi.mock("../../pairing/pairing-store.js", () => ({
+vi.mock("../../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: (...args: unknown[]) => mocks.readAllowFromStoreMock(...args),
   upsertChannelPairingRequest: (...args: unknown[]) => mocks.upsertPairingRequestMock(...args),
 }));
 
-vi.mock("../../routing/resolve-route.js", () => ({
+vi.mock("../../../../src/routing/resolve-route.js", () => ({
   resolveAgentRoute: (...args: unknown[]) => mocks.resolveAgentRouteMock(...args),
 }));
 
-vi.mock("../../auto-reply/reply/inbound-context.js", () => ({
+vi.mock("../../../../src/auto-reply/reply/inbound-context.js", () => ({
   finalizeInboundContext: (...args: unknown[]) => mocks.finalizeInboundContextMock(...args),
 }));
 
-vi.mock("../../channels/conversation-label.js", () => ({
+vi.mock("../../../../src/channels/conversation-label.js", () => ({
   resolveConversationLabel: (...args: unknown[]) => mocks.resolveConversationLabelMock(...args),
 }));
 
-vi.mock("../../channels/reply-prefix.js", () => ({
+vi.mock("../../../../src/channels/reply-prefix.js", () => ({
   createReplyPrefixOptions: (...args: unknown[]) => mocks.createReplyPrefixOptionsMock(...args),
 }));
 
-vi.mock("../../config/sessions.js", () => ({
+vi.mock("../../../../src/config/sessions.js", () => ({
   recordSessionMetaFromInbound: (...args: unknown[]) =>
     mocks.recordSessionMetaFromInboundMock(...args),
   resolveStorePath: (...args: unknown[]) => mocks.resolveStorePathMock(...args),
diff --git a/src/slack/monitor/slash.test.ts b/extensions/slack/src/monitor/slash.test.ts
similarity index 99%
rename from src/slack/monitor/slash.test.ts
rename to extensions/slack/src/monitor/slash.test.ts
index 527bd2eac17..f4cc507c59e 100644
--- a/src/slack/monitor/slash.test.ts
+++ b/extensions/slack/src/monitor/slash.test.ts
@@ -1,7 +1,7 @@
 import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 import { getSlackSlashMocks, resetSlackSlashMocks } from "./slash.test-harness.js";
 
-vi.mock("../../auto-reply/commands-registry.js", () => {
+vi.mock("../../../../src/auto-reply/commands-registry.js", () => {
   const usageCommand = { key: "usage", nativeName: "usage" };
   const reportCommand = { key: "report", nativeName: "report" };
   const reportCompactCommand = { key: "reportcompact", nativeName: "reportcompact" };
diff --git a/src/slack/monitor/slash.ts b/extensions/slack/src/monitor/slash.ts
similarity index 97%
rename from src/slack/monitor/slash.ts
rename to extensions/slack/src/monitor/slash.ts
index 7d3b1839deb..adf173a0961 100644
--- a/src/slack/monitor/slash.ts
+++ b/extensions/slack/src/monitor/slash.ts
@@ -2,14 +2,18 @@ import type { SlackActionMiddlewareArgs, SlackCommandMiddlewareArgs } from "@sla
 import {
   type ChatCommandDefinition,
   type CommandArgs,
-} from "../../auto-reply/commands-registry.js";
-import type { ReplyPayload } from "../../auto-reply/types.js";
-import { resolveCommandAuthorizedFromAuthorizers } from "../../channels/command-gating.js";
-import { resolveNativeCommandSessionTargets } from "../../channels/native-command-session-targets.js";
-import { resolveNativeCommandsEnabled, resolveNativeSkillsEnabled } from "../../config/commands.js";
-import { danger, logVerbose } from "../../globals.js";
-import { chunkItems } from "../../utils/chunk-items.js";
+} from "../../../../src/auto-reply/commands-registry.js";
+import type { ReplyPayload } from "../../../../src/auto-reply/types.js";
+import { resolveCommandAuthorizedFromAuthorizers } from "../../../../src/channels/command-gating.js";
+import { resolveNativeCommandSessionTargets } from "../../../../src/channels/native-command-session-targets.js";
+import {
+  resolveNativeCommandsEnabled,
+  resolveNativeSkillsEnabled,
+} from "../../../../src/config/commands.js";
+import { danger, logVerbose } from "../../../../src/globals.js";
+import { chunkItems } from "../../../../src/utils/chunk-items.js";
 import type { ResolvedSlackAccount } from "../accounts.js";
+import { truncateSlackText } from "../truncate.js";
 import { resolveSlackAllowListMatch, resolveSlackUserAllowed } from "./allow-list.js";
 import { resolveSlackEffectiveAllowFrom } from "./auth.js";
 import { resolveSlackChannelConfig, type SlackChannelConfigResolved } from "./channel-config.js";
@@ -62,17 +66,6 @@ function loadSlashSkillCommandsRuntime() {
 type EncodedMenuChoice = SlackExternalArgMenuChoice;
 const slackExternalArgMenuStore = createSlackExternalArgMenuStore();
 
-function truncatePlainText(value: string, max: number): string {
-  const trimmed = value.trim();
-  if (trimmed.length <= max) {
-    return trimmed;
-  }
-  if (max <= 1) {
-    return trimmed.slice(0, max);
-  }
-  return `${trimmed.slice(0, max - 1)}…`;
-}
-
 function buildSlackArgMenuConfirm(params: { command: string; arg: string }) {
   const command = escapeSlackMrkdwn(params.command);
   const arg = escapeSlackMrkdwn(params.arg);
@@ -255,12 +248,12 @@ function buildSlackCommandArgMenuBlocks(params: {
               ],
             }),
           );
-  const headerText = truncatePlainText(
+  const headerText = truncateSlackText(
     `/${params.command}: choose ${params.arg}`,
     SLACK_HEADER_TEXT_MAX,
   );
-  const sectionText = truncatePlainText(params.title, 3000);
-  const contextText = truncatePlainText(
+  const sectionText = truncateSlackText(params.title, 3000);
+  const contextText = truncateSlackText(
     `Select one option to continue /${params.command} (${params.arg})`,
     3000,
   );
diff --git a/src/slack/monitor/thread-resolution.ts b/extensions/slack/src/monitor/thread-resolution.ts
similarity index 96%
rename from src/slack/monitor/thread-resolution.ts
rename to extensions/slack/src/monitor/thread-resolution.ts
index a4ae0ac7187..4230d5fc50f 100644
--- a/src/slack/monitor/thread-resolution.ts
+++ b/extensions/slack/src/monitor/thread-resolution.ts
@@ -1,6 +1,6 @@
 import type { WebClient as SlackWebClient } from "@slack/web-api";
-import { logVerbose, shouldLogVerbose } from "../../globals.js";
-import { pruneMapToMaxSize } from "../../infra/map-size.js";
+import { logVerbose, shouldLogVerbose } from "../../../../src/globals.js";
+import { pruneMapToMaxSize } from "../../../../src/infra/map-size.js";
 import type { SlackMessageEvent } from "../types.js";
 
 type ThreadTsCacheEntry = {
diff --git a/src/slack/monitor/types.ts b/extensions/slack/src/monitor/types.ts
similarity index 96%
rename from src/slack/monitor/types.ts
rename to extensions/slack/src/monitor/types.ts
index 7aa27b5a4e1..1239ab771f5 100644
--- a/src/slack/monitor/types.ts
+++ b/extensions/slack/src/monitor/types.ts
@@ -1,5 +1,5 @@
-import type { OpenClawConfig, SlackSlashCommandConfig } from "../../config/config.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { OpenClawConfig, SlackSlashCommandConfig } from "../../../../src/config/config.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import type { SlackFile, SlackMessageEvent } from "../types.js";
 
 export type MonitorSlackOpts = {
diff --git a/src/slack/probe.test.ts b/extensions/slack/src/probe.test.ts
similarity index 97%
rename from src/slack/probe.test.ts
rename to extensions/slack/src/probe.test.ts
index 501d808d492..608a61864e6 100644
--- a/src/slack/probe.test.ts
+++ b/extensions/slack/src/probe.test.ts
@@ -8,7 +8,7 @@ vi.mock("./client.js", () => ({
   createSlackWebClient: createSlackWebClientMock,
 }));
 
-vi.mock("../utils/with-timeout.js", () => ({
+vi.mock("../../../src/utils/with-timeout.js", () => ({
   withTimeout: withTimeoutMock,
 }));
 
diff --git a/src/slack/probe.ts b/extensions/slack/src/probe.ts
similarity index 89%
rename from src/slack/probe.ts
rename to extensions/slack/src/probe.ts
index 165c5af636b..dba8744a18c 100644
--- a/src/slack/probe.ts
+++ b/extensions/slack/src/probe.ts
@@ -1,5 +1,5 @@
-import type { BaseProbeResult } from "../channels/plugins/types.js";
-import { withTimeout } from "../utils/with-timeout.js";
+import type { BaseProbeResult } from "../../../src/channels/plugins/types.js";
+import { withTimeout } from "../../../src/utils/with-timeout.js";
 import { createSlackWebClient } from "./client.js";
 
 export type SlackProbe = BaseProbeResult & {
diff --git a/src/slack/resolve-allowlist-common.test.ts b/extensions/slack/src/resolve-allowlist-common.test.ts
similarity index 100%
rename from src/slack/resolve-allowlist-common.test.ts
rename to extensions/slack/src/resolve-allowlist-common.test.ts
diff --git a/src/slack/resolve-allowlist-common.ts b/extensions/slack/src/resolve-allowlist-common.ts
similarity index 100%
rename from src/slack/resolve-allowlist-common.ts
rename to extensions/slack/src/resolve-allowlist-common.ts
diff --git a/src/slack/resolve-channels.test.ts b/extensions/slack/src/resolve-channels.test.ts
similarity index 100%
rename from src/slack/resolve-channels.test.ts
rename to extensions/slack/src/resolve-channels.test.ts
diff --git a/src/slack/resolve-channels.ts b/extensions/slack/src/resolve-channels.ts
similarity index 100%
rename from src/slack/resolve-channels.ts
rename to extensions/slack/src/resolve-channels.ts
diff --git a/src/slack/resolve-users.test.ts b/extensions/slack/src/resolve-users.test.ts
similarity index 100%
rename from src/slack/resolve-users.test.ts
rename to extensions/slack/src/resolve-users.test.ts
diff --git a/src/slack/resolve-users.ts b/extensions/slack/src/resolve-users.ts
similarity index 100%
rename from src/slack/resolve-users.ts
rename to extensions/slack/src/resolve-users.ts
diff --git a/src/slack/scopes.ts b/extensions/slack/src/scopes.ts
similarity index 98%
rename from src/slack/scopes.ts
rename to extensions/slack/src/scopes.ts
index 2cea7aaa7ea..e0fe58161f3 100644
--- a/src/slack/scopes.ts
+++ b/extensions/slack/src/scopes.ts
@@ -1,5 +1,5 @@
 import type { WebClient } from "@slack/web-api";
-import { isRecord } from "../utils.js";
+import { isRecord } from "../../../src/utils.js";
 import { createSlackWebClient } from "./client.js";
 
 export type SlackScopesResult = {
diff --git a/src/slack/send.blocks.test.ts b/extensions/slack/src/send.blocks.test.ts
similarity index 100%
rename from src/slack/send.blocks.test.ts
rename to extensions/slack/src/send.blocks.test.ts
diff --git a/src/slack/send.ts b/extensions/slack/src/send.ts
similarity index 96%
rename from src/slack/send.ts
rename to extensions/slack/src/send.ts
index 8ce7fd3c3f3..293affe0218 100644
--- a/src/slack/send.ts
+++ b/extensions/slack/src/send.ts
@@ -3,16 +3,16 @@ import {
   chunkMarkdownTextWithMode,
   resolveChunkMode,
   resolveTextChunkLimit,
-} from "../auto-reply/chunk.js";
-import { isSilentReplyText } from "../auto-reply/tokens.js";
-import { loadConfig, type OpenClawConfig } from "../config/config.js";
-import { resolveMarkdownTableMode } from "../config/markdown-tables.js";
-import { logVerbose } from "../globals.js";
+} from "../../../src/auto-reply/chunk.js";
+import { isSilentReplyText } from "../../../src/auto-reply/tokens.js";
+import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js";
+import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js";
+import { logVerbose } from "../../../src/globals.js";
 import {
   fetchWithSsrFGuard,
   withTrustedEnvProxyGuardedFetchMode,
-} from "../infra/net/fetch-guard.js";
-import { loadWebMedia } from "../web/media.js";
+} from "../../../src/infra/net/fetch-guard.js";
+import { loadWebMedia } from "../../whatsapp/src/media.js";
 import type { SlackTokenSource } from "./accounts.js";
 import { resolveSlackAccount } from "./accounts.js";
 import { buildSlackBlocksFallbackText } from "./blocks-fallback.js";
diff --git a/src/slack/send.upload.test.ts b/extensions/slack/src/send.upload.test.ts
similarity index 98%
rename from src/slack/send.upload.test.ts
rename to extensions/slack/src/send.upload.test.ts
index 7ff05183b6c..1ee3c76deac 100644
--- a/src/slack/send.upload.test.ts
+++ b/extensions/slack/src/send.upload.test.ts
@@ -13,7 +13,7 @@ const fetchWithSsrFGuard = vi.fn(
     }) as const,
 );
 
-vi.mock("../infra/net/fetch-guard.js", () => ({
+vi.mock("../../../src/infra/net/fetch-guard.js", () => ({
   fetchWithSsrFGuard: (...args: unknown[]) =>
     fetchWithSsrFGuard(...(args as [params: { url: string; init?: RequestInit }])),
   withTrustedEnvProxyGuardedFetchMode: (params: Record<string, unknown>) => ({
@@ -22,7 +22,7 @@ vi.mock("../infra/net/fetch-guard.js", () => ({
   }),
 }));
 
-vi.mock("../web/media.js", () => ({
+vi.mock("../../whatsapp/src/media.js", () => ({
   loadWebMedia: vi.fn(async () => ({
     buffer: Buffer.from("fake-image"),
     contentType: "image/png",
diff --git a/src/slack/sent-thread-cache.test.ts b/extensions/slack/src/sent-thread-cache.test.ts
similarity index 98%
rename from src/slack/sent-thread-cache.test.ts
rename to extensions/slack/src/sent-thread-cache.test.ts
index 7421a7277e3..1e215af252c 100644
--- a/src/slack/sent-thread-cache.test.ts
+++ b/extensions/slack/src/sent-thread-cache.test.ts
@@ -1,5 +1,5 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { importFreshModule } from "../../test/helpers/import-fresh.js";
+import { importFreshModule } from "../../../test/helpers/import-fresh.js";
 import {
   clearSlackThreadParticipationCache,
   hasSlackThreadParticipation,
diff --git a/src/slack/sent-thread-cache.ts b/extensions/slack/src/sent-thread-cache.ts
similarity index 96%
rename from src/slack/sent-thread-cache.ts
rename to extensions/slack/src/sent-thread-cache.ts
index b3c2a3c2441..37cf8155472 100644
--- a/src/slack/sent-thread-cache.ts
+++ b/extensions/slack/src/sent-thread-cache.ts
@@ -1,4 +1,4 @@
-import { resolveGlobalMap } from "../shared/global-singleton.js";
+import { resolveGlobalMap } from "../../../src/shared/global-singleton.js";
 
 /**
  * In-memory cache of Slack threads the bot has participated in.
diff --git a/src/slack/stream-mode.test.ts b/extensions/slack/src/stream-mode.test.ts
similarity index 100%
rename from src/slack/stream-mode.test.ts
rename to extensions/slack/src/stream-mode.test.ts
diff --git a/src/slack/stream-mode.ts b/extensions/slack/src/stream-mode.ts
similarity index 97%
rename from src/slack/stream-mode.ts
rename to extensions/slack/src/stream-mode.ts
index 44abc91bcb9..819eb4fa722 100644
--- a/src/slack/stream-mode.ts
+++ b/extensions/slack/src/stream-mode.ts
@@ -4,7 +4,7 @@ import {
   resolveSlackStreamingMode,
   type SlackLegacyDraftStreamMode,
   type StreamingMode,
-} from "../config/discord-preview-streaming.js";
+} from "../../../src/config/discord-preview-streaming.js";
 
 export type SlackStreamMode = SlackLegacyDraftStreamMode;
 export type SlackStreamingMode = StreamingMode;
diff --git a/src/slack/streaming.ts b/extensions/slack/src/streaming.ts
similarity index 98%
rename from src/slack/streaming.ts
rename to extensions/slack/src/streaming.ts
index 936fba79feb..b6269412c9d 100644
--- a/src/slack/streaming.ts
+++ b/extensions/slack/src/streaming.ts
@@ -13,7 +13,7 @@
 
 import type { WebClient } from "@slack/web-api";
 import type { ChatStreamer } from "@slack/web-api/dist/chat-stream.js";
-import { logVerbose } from "../globals.js";
+import { logVerbose } from "../../../src/globals.js";
 
 // ---------------------------------------------------------------------------
 // Types
diff --git a/src/slack/targets.test.ts b/extensions/slack/src/targets.test.ts
similarity index 95%
rename from src/slack/targets.test.ts
rename to extensions/slack/src/targets.test.ts
index 5b56a5bd0da..8ea720e6880 100644
--- a/src/slack/targets.test.ts
+++ b/extensions/slack/src/targets.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { normalizeSlackMessagingTarget } from "../channels/plugins/normalize/slack.js";
+import { normalizeSlackMessagingTarget } from "../../../src/channels/plugins/normalize/slack.js";
 import { parseSlackTarget, resolveSlackChannelId } from "./targets.js";
 
 describe("parseSlackTarget", () => {
diff --git a/src/slack/targets.ts b/extensions/slack/src/targets.ts
similarity index 97%
rename from src/slack/targets.ts
rename to extensions/slack/src/targets.ts
index e6bc69d8d24..5d80650daff 100644
--- a/src/slack/targets.ts
+++ b/extensions/slack/src/targets.ts
@@ -6,7 +6,7 @@ import {
   type MessagingTarget,
   type MessagingTargetKind,
   type MessagingTargetParseOptions,
-} from "../channels/targets.js";
+} from "../../../src/channels/targets.js";
 
 export type SlackTargetKind = MessagingTargetKind;
 
diff --git a/src/slack/threading-tool-context.test.ts b/extensions/slack/src/threading-tool-context.test.ts
similarity index 98%
rename from src/slack/threading-tool-context.test.ts
rename to extensions/slack/src/threading-tool-context.test.ts
index 69f4cf0e0dd..793f3a2346f 100644
--- a/src/slack/threading-tool-context.test.ts
+++ b/extensions/slack/src/threading-tool-context.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { buildSlackThreadingToolContext } from "./threading-tool-context.js";
 
 const emptyCfg = {} as OpenClawConfig;
diff --git a/src/slack/threading-tool-context.ts b/extensions/slack/src/threading-tool-context.ts
similarity index 92%
rename from src/slack/threading-tool-context.ts
rename to extensions/slack/src/threading-tool-context.ts
index 11860f78636..206ce98b42f 100644
--- a/src/slack/threading-tool-context.ts
+++ b/extensions/slack/src/threading-tool-context.ts
@@ -1,8 +1,8 @@
 import type {
   ChannelThreadingContext,
   ChannelThreadingToolContext,
-} from "../channels/plugins/types.js";
-import type { OpenClawConfig } from "../config/config.js";
+} from "../../../src/channels/plugins/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { resolveSlackAccount, resolveSlackReplyToMode } from "./accounts.js";
 
 export function buildSlackThreadingToolContext(params: {
diff --git a/src/slack/threading.test.ts b/extensions/slack/src/threading.test.ts
similarity index 100%
rename from src/slack/threading.test.ts
rename to extensions/slack/src/threading.test.ts
diff --git a/src/slack/threading.ts b/extensions/slack/src/threading.ts
similarity index 96%
rename from src/slack/threading.ts
rename to extensions/slack/src/threading.ts
index 0a72ffa0f3a..ccef2e5e081 100644
--- a/src/slack/threading.ts
+++ b/extensions/slack/src/threading.ts
@@ -1,4 +1,4 @@
-import type { ReplyToMode } from "../config/types.js";
+import type { ReplyToMode } from "../../../src/config/types.js";
 import type { SlackAppMentionEvent, SlackMessageEvent } from "./types.js";
 
 export type SlackThreadContext = {
diff --git a/src/slack/token.ts b/extensions/slack/src/token.ts
similarity index 89%
rename from src/slack/token.ts
rename to extensions/slack/src/token.ts
index 7a26a845fce..cebda65e335 100644
--- a/src/slack/token.ts
+++ b/extensions/slack/src/token.ts
@@ -1,4 +1,4 @@
-import { normalizeResolvedSecretInputString } from "../config/types.secrets.js";
+import { normalizeResolvedSecretInputString } from "../../../src/config/types.secrets.js";
 
 export function normalizeSlackToken(raw?: unknown): string | undefined {
   return normalizeResolvedSecretInputString({
diff --git a/extensions/slack/src/truncate.ts b/extensions/slack/src/truncate.ts
new file mode 100644
index 00000000000..d7c387f63ae
--- /dev/null
+++ b/extensions/slack/src/truncate.ts
@@ -0,0 +1,10 @@
+export function truncateSlackText(value: string, max: number): string {
+  const trimmed = value.trim();
+  if (trimmed.length <= max) {
+    return trimmed;
+  }
+  if (max <= 1) {
+    return trimmed.slice(0, max);
+  }
+  return `${trimmed.slice(0, max - 1)}…`;
+}
diff --git a/src/slack/types.ts b/extensions/slack/src/types.ts
similarity index 100%
rename from src/slack/types.ts
rename to extensions/slack/src/types.ts
diff --git a/extensions/synology-chat/package.json b/extensions/synology-chat/package.json
index bc8623b6059..c6148c856a3 100644
--- a/extensions/synology-chat/package.json
+++ b/extensions/synology-chat/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/synology-chat",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "Synology Chat channel plugin for OpenClaw",
   "type": "module",
   "dependencies": {
diff --git a/extensions/synology-chat/src/channel.integration.test.ts b/extensions/synology-chat/src/channel.integration.test.ts
index b9cb5484621..e5d1e7f24c9 100644
--- a/extensions/synology-chat/src/channel.integration.test.ts
+++ b/extensions/synology-chat/src/channel.integration.test.ts
@@ -1,5 +1,9 @@
 import type { IncomingMessage, ServerResponse } from "node:http";
 import { beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  dispatchReplyWithBufferedBlockDispatcher,
+  registerPluginHttpRouteMock,
+} from "./channel.test-mocks.js";
 import { makeFormBody, makeReq, makeRes } from "./test-http-utils.js";
 
 type RegisteredRoute = {
@@ -8,41 +12,6 @@ type RegisteredRoute = {
   handler: (req: IncomingMessage, res: ServerResponse) => Promise<void>;
 };
 
-const registerPluginHttpRouteMock = vi.fn<(params: RegisteredRoute) => () => void>(() => vi.fn());
-const dispatchReplyWithBufferedBlockDispatcher = vi.fn().mockResolvedValue({ counts: {} });
-
-vi.mock("openclaw/plugin-sdk/synology-chat", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("openclaw/plugin-sdk/synology-chat")>();
-  return {
-    ...actual,
-    DEFAULT_ACCOUNT_ID: "default",
-    setAccountEnabledInConfigSection: vi.fn((_opts: any) => ({})),
-    registerPluginHttpRoute: registerPluginHttpRouteMock,
-    buildChannelConfigSchema: vi.fn((schema: any) => ({ schema })),
-    createFixedWindowRateLimiter: vi.fn(() => ({
-      isRateLimited: vi.fn(() => false),
-      size: vi.fn(() => 0),
-      clear: vi.fn(),
-    })),
-  };
-});
-
-vi.mock("./runtime.js", () => ({
-  getSynologyRuntime: vi.fn(() => ({
-    config: { loadConfig: vi.fn().mockResolvedValue({}) },
-    channel: {
-      reply: {
-        dispatchReplyWithBufferedBlockDispatcher,
-      },
-    },
-  })),
-}));
-
-vi.mock("./client.js", () => ({
-  sendMessage: vi.fn().mockResolvedValue(true),
-  sendFileUrl: vi.fn().mockResolvedValue(true),
-}));
-
 const { createSynologyChatPlugin } = await import("./channel.js");
 describe("Synology channel wiring integration", () => {
   beforeEach(() => {
diff --git a/extensions/synology-chat/src/channel.test-mocks.ts b/extensions/synology-chat/src/channel.test-mocks.ts
new file mode 100644
index 00000000000..10ccca5f9d0
--- /dev/null
+++ b/extensions/synology-chat/src/channel.test-mocks.ts
@@ -0,0 +1,76 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+import type { Mock } from "vitest";
+import { vi } from "vitest";
+
+export type RegisteredRoute = {
+  path: string;
+  accountId: string;
+  handler: (req: IncomingMessage, res: ServerResponse) => Promise<void>;
+};
+
+export const registerPluginHttpRouteMock: Mock<(params: RegisteredRoute) => () => void> = vi.fn(
+  () => vi.fn(),
+);
+
+export const dispatchReplyWithBufferedBlockDispatcher: Mock<
+  () => Promise<{ counts: Record<string, number> }>
+> = vi.fn().mockResolvedValue({ counts: {} });
+
+async function readRequestBodyWithLimitForTest(req: IncomingMessage): Promise<string> {
+  return await new Promise<string>((resolve, reject) => {
+    const chunks: Buffer[] = [];
+    req.on("data", (chunk) => {
+      chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+    });
+    req.on("end", () => resolve(Buffer.concat(chunks).toString("utf8")));
+    req.on("error", reject);
+  });
+}
+
+vi.mock("openclaw/plugin-sdk/synology-chat", () => ({
+  DEFAULT_ACCOUNT_ID: "default",
+  setAccountEnabledInConfigSection: vi.fn((_opts: unknown) => ({})),
+  registerPluginHttpRoute: registerPluginHttpRouteMock,
+  buildChannelConfigSchema: vi.fn((schema: unknown) => ({ schema })),
+  readRequestBodyWithLimit: vi.fn(readRequestBodyWithLimitForTest),
+  isRequestBodyLimitError: vi.fn(() => false),
+  requestBodyErrorToText: vi.fn(() => "Request body too large"),
+  createFixedWindowRateLimiter: vi.fn(() => ({
+    isRateLimited: vi.fn(() => false),
+    size: vi.fn(() => 0),
+    clear: vi.fn(),
+  })),
+}));
+
+vi.mock("./client.js", () => ({
+  sendMessage: vi.fn().mockResolvedValue(true),
+  sendFileUrl: vi.fn().mockResolvedValue(true),
+}));
+
+vi.mock("./runtime.js", () => ({
+  getSynologyRuntime: vi.fn(() => ({
+    config: { loadConfig: vi.fn().mockResolvedValue({}) },
+    channel: {
+      reply: {
+        dispatchReplyWithBufferedBlockDispatcher,
+      },
+    },
+  })),
+}));
+
+export function makeSecurityAccount(overrides: Record<string, unknown> = {}) {
+  return {
+    accountId: "default",
+    enabled: true,
+    token: "t",
+    incomingUrl: "https://nas/incoming",
+    nasHost: "h",
+    webhookPath: "/w",
+    dmPolicy: "allowlist" as const,
+    allowedUserIds: [],
+    rateLimitPerMinute: 30,
+    botName: "Bot",
+    allowInsecureSsl: false,
+    ...overrides,
+  };
+}
diff --git a/extensions/synology-chat/src/channel.test.ts b/extensions/synology-chat/src/channel.test.ts
index 2814d437c6b..bdce5f37d79 100644
--- a/extensions/synology-chat/src/channel.test.ts
+++ b/extensions/synology-chat/src/channel.test.ts
@@ -1,40 +1,10 @@
-import { describe, it, expect, vi, beforeEach } from "vitest";
-
-// Mock external dependencies
-vi.mock("openclaw/plugin-sdk/synology-chat", () => ({
-  DEFAULT_ACCOUNT_ID: "default",
-  setAccountEnabledInConfigSection: vi.fn((_opts: any) => ({})),
-  registerPluginHttpRoute: vi.fn(() => vi.fn()),
-  buildChannelConfigSchema: vi.fn((schema: any) => ({ schema })),
-  createFixedWindowRateLimiter: vi.fn(() => ({
-    isRateLimited: vi.fn(() => false),
-    size: vi.fn(() => 0),
-    clear: vi.fn(),
-  })),
-}));
-
-vi.mock("./client.js", () => ({
-  sendMessage: vi.fn().mockResolvedValue(true),
-  sendFileUrl: vi.fn().mockResolvedValue(true),
-}));
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { makeSecurityAccount, registerPluginHttpRouteMock } from "./channel.test-mocks.js";
 
 vi.mock("./webhook-handler.js", () => ({
   createWebhookHandler: vi.fn(() => vi.fn()),
 }));
 
-vi.mock("./runtime.js", () => ({
-  getSynologyRuntime: vi.fn(() => ({
-    config: { loadConfig: vi.fn().mockResolvedValue({}) },
-    channel: {
-      reply: {
-        dispatchReplyWithBufferedBlockDispatcher: vi.fn().mockResolvedValue({
-          counts: {},
-        }),
-      },
-    },
-  })),
-}));
-
 vi.mock("zod", () => ({
   z: {
     object: vi.fn(() => ({
@@ -44,24 +14,6 @@ vi.mock("zod", () => ({
 }));
 
 const { createSynologyChatPlugin } = await import("./channel.js");
-const { registerPluginHttpRoute } = await import("openclaw/plugin-sdk/synology-chat");
-
-function makeSecurityAccount(overrides: Record<string, unknown> = {}) {
-  return {
-    accountId: "default",
-    enabled: true,
-    token: "t",
-    incomingUrl: "https://nas/incoming",
-    nasHost: "h",
-    webhookPath: "/w",
-    dmPolicy: "allowlist" as const,
-    allowedUserIds: [],
-    rateLimitPerMinute: 30,
-    botName: "Bot",
-    allowInsecureSsl: false,
-    ...overrides,
-  };
-}
 
 describe("createSynologyChatPlugin", () => {
   it("returns a plugin object with all required sections", () => {
@@ -321,7 +273,7 @@ describe("createSynologyChatPlugin", () => {
     });
 
     it("startAccount refuses allowlist accounts with empty allowedUserIds", async () => {
-      const registerMock = vi.mocked(registerPluginHttpRoute);
+      const registerMock = registerPluginHttpRouteMock;
       registerMock.mockClear();
       const plugin = createSynologyChatPlugin();
       const { ctx, abortController } = makeStartAccountCtx({
@@ -341,7 +293,7 @@ describe("createSynologyChatPlugin", () => {
     it("deregisters stale route before re-registering same account/path", async () => {
       const unregisterFirst = vi.fn();
       const unregisterSecond = vi.fn();
-      const registerMock = vi.mocked(registerPluginHttpRoute);
+      const registerMock = registerPluginHttpRouteMock;
       registerMock.mockReturnValueOnce(unregisterFirst).mockReturnValueOnce(unregisterSecond);
 
       const plugin = createSynologyChatPlugin();
diff --git a/extensions/telegram/package.json b/extensions/telegram/package.json
index 2b4e5fd584d..92054ca01a3 100644
--- a/extensions/telegram/package.json
+++ b/extensions/telegram/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/telegram",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw Telegram channel plugin",
   "type": "module",
diff --git a/src/telegram/account-inspect.test.ts b/extensions/telegram/src/account-inspect.test.ts
similarity index 96%
rename from src/telegram/account-inspect.test.ts
rename to extensions/telegram/src/account-inspect.test.ts
index b25bd223667..5e58626ba03 100644
--- a/src/telegram/account-inspect.test.ts
+++ b/extensions/telegram/src/account-inspect.test.ts
@@ -2,8 +2,8 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
-import { withEnv } from "../test-utils/env.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { withEnv } from "../../../src/test-utils/env.js";
 import { inspectTelegramAccount } from "./account-inspect.js";
 
 describe("inspectTelegramAccount SecretRef resolution", () => {
diff --git a/src/telegram/account-inspect.ts b/extensions/telegram/src/account-inspect.ts
similarity index 91%
rename from src/telegram/account-inspect.ts
rename to extensions/telegram/src/account-inspect.ts
index 2db9db06e3e..8014df80080 100644
--- a/src/telegram/account-inspect.ts
+++ b/extensions/telegram/src/account-inspect.ts
@@ -1,14 +1,14 @@
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import {
   coerceSecretRef,
   hasConfiguredSecretInput,
   normalizeSecretInputString,
-} from "../config/types.secrets.js";
-import type { TelegramAccountConfig } from "../config/types.telegram.js";
-import { tryReadSecretFileSync } from "../infra/secret-file.js";
-import { resolveAccountWithDefaultFallback } from "../plugin-sdk/account-resolution.js";
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js";
-import { resolveDefaultSecretProviderAlias } from "../secrets/ref-contract.js";
+} from "../../../src/config/types.secrets.js";
+import type { TelegramAccountConfig } from "../../../src/config/types.telegram.js";
+import { tryReadSecretFileSync } from "../../../src/infra/secret-file.js";
+import { resolveAccountWithDefaultFallback } from "../../../src/plugin-sdk/account-resolution.js";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js";
+import { resolveDefaultSecretProviderAlias } from "../../../src/secrets/ref-contract.js";
 import {
   mergeTelegramAccountConfig,
   resolveDefaultTelegramAccountId,
diff --git a/src/telegram/accounts.test.ts b/extensions/telegram/src/accounts.test.ts
similarity index 85%
rename from src/telegram/accounts.test.ts
rename to extensions/telegram/src/accounts.test.ts
index b77f01e0d67..28af65a5d8a 100644
--- a/src/telegram/accounts.test.ts
+++ b/extensions/telegram/src/accounts.test.ts
@@ -1,6 +1,6 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
-import { withEnv } from "../test-utils/env.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { withEnv } from "../../../src/test-utils/env.js";
 import {
   listTelegramAccountIds,
   resetMissingDefaultWarnFlag,
@@ -17,7 +17,19 @@ function warningLines(): string[] {
   return warnMock.mock.calls.map(([line]) => String(line));
 }
 
-vi.mock("../logging/subsystem.js", () => ({
+function expectNoMissingDefaultWarning() {
+  expect(warningLines().every((line) => !line.includes("accounts.default is missing"))).toBe(true);
+}
+
+function resolveAccountWithEnv(
+  env: Record<string, string>,
+  cfg: OpenClawConfig,
+  accountId?: string,
+) {
+  return withEnv(env, () => resolveTelegramAccount({ cfg, ...(accountId ? { accountId } : {}) }));
+}
+
+vi.mock("../../../src/logging/subsystem.js", () => ({
   createSubsystemLogger: () => {
     const logger = {
       warn: warnMock,
@@ -34,63 +46,60 @@ describe("resolveTelegramAccount", () => {
   });
 
   it("falls back to the first configured account when accountId is omitted", () => {
-    withEnv({ TELEGRAM_BOT_TOKEN: "" }, () => {
-      const cfg: OpenClawConfig = {
+    const account = resolveAccountWithEnv(
+      { TELEGRAM_BOT_TOKEN: "" },
+      {
         channels: {
           telegram: { accounts: { work: { botToken: "tok-work" } } },
         },
-      };
-
-      const account = resolveTelegramAccount({ cfg });
-      expect(account.accountId).toBe("work");
-      expect(account.token).toBe("tok-work");
-      expect(account.tokenSource).toBe("config");
-    });
+      },
+    );
+    expect(account.accountId).toBe("work");
+    expect(account.token).toBe("tok-work");
+    expect(account.tokenSource).toBe("config");
   });
 
   it("uses TELEGRAM_BOT_TOKEN when default account config is missing", () => {
-    withEnv({ TELEGRAM_BOT_TOKEN: "tok-env" }, () => {
-      const cfg: OpenClawConfig = {
+    const account = resolveAccountWithEnv(
+      { TELEGRAM_BOT_TOKEN: "tok-env" },
+      {
         channels: {
           telegram: { accounts: { work: { botToken: "tok-work" } } },
         },
-      };
-
-      const account = resolveTelegramAccount({ cfg });
-      expect(account.accountId).toBe("default");
-      expect(account.token).toBe("tok-env");
-      expect(account.tokenSource).toBe("env");
-    });
+      },
+    );
+    expect(account.accountId).toBe("default");
+    expect(account.token).toBe("tok-env");
+    expect(account.tokenSource).toBe("env");
   });
 
   it("prefers default config token over TELEGRAM_BOT_TOKEN", () => {
-    withEnv({ TELEGRAM_BOT_TOKEN: "tok-env" }, () => {
-      const cfg: OpenClawConfig = {
+    const account = resolveAccountWithEnv(
+      { TELEGRAM_BOT_TOKEN: "tok-env" },
+      {
         channels: {
           telegram: { botToken: "tok-config" },
         },
-      };
-
-      const account = resolveTelegramAccount({ cfg });
-      expect(account.accountId).toBe("default");
-      expect(account.token).toBe("tok-config");
-      expect(account.tokenSource).toBe("config");
-    });
+      },
+    );
+    expect(account.accountId).toBe("default");
+    expect(account.token).toBe("tok-config");
+    expect(account.tokenSource).toBe("config");
   });
 
   it("does not fall back when accountId is explicitly provided", () => {
-    withEnv({ TELEGRAM_BOT_TOKEN: "" }, () => {
-      const cfg: OpenClawConfig = {
+    const account = resolveAccountWithEnv(
+      { TELEGRAM_BOT_TOKEN: "" },
+      {
         channels: {
           telegram: { accounts: { work: { botToken: "tok-work" } } },
         },
-      };
-
-      const account = resolveTelegramAccount({ cfg, accountId: "default" });
-      expect(account.accountId).toBe("default");
-      expect(account.tokenSource).toBe("none");
-      expect(account.token).toBe("");
-    });
+      },
+      "default",
+    );
+    expect(account.accountId).toBe("default");
+    expect(account.tokenSource).toBe("none");
+    expect(account.token).toBe("");
   });
 
   it("formats debug logs with inspect-style output when debug env is enabled", () => {
@@ -145,9 +154,7 @@ describe("resolveDefaultTelegramAccountId", () => {
     };
 
     resolveDefaultTelegramAccountId(cfg);
-    expect(warningLines().every((line) => !line.includes("accounts.default is missing"))).toBe(
-      true,
-    );
+    expectNoMissingDefaultWarning();
   });
 
   it("does not warn when defaultAccount is explicitly set", () => {
@@ -161,9 +168,7 @@ describe("resolveDefaultTelegramAccountId", () => {
     };
 
     resolveDefaultTelegramAccountId(cfg);
-    expect(warningLines().every((line) => !line.includes("accounts.default is missing"))).toBe(
-      true,
-    );
+    expectNoMissingDefaultWarning();
   });
 
   it("does not warn when only one non-default account is configured", () => {
@@ -176,9 +181,7 @@ describe("resolveDefaultTelegramAccountId", () => {
     };
 
     resolveDefaultTelegramAccountId(cfg);
-    expect(warningLines().every((line) => !line.includes("accounts.default is missing"))).toBe(
-      true,
-    );
+    expectNoMissingDefaultWarning();
   });
 
   it("warns only once per process lifetime", () => {
diff --git a/src/telegram/accounts.ts b/extensions/telegram/src/accounts.ts
similarity index 90%
rename from src/telegram/accounts.ts
rename to extensions/telegram/src/accounts.ts
index b8c656d1bfd..71d78590488 100644
--- a/src/telegram/accounts.ts
+++ b/extensions/telegram/src/accounts.ts
@@ -1,21 +1,24 @@
 import util from "node:util";
-import { createAccountActionGate } from "../channels/plugins/account-action-gate.js";
-import type { OpenClawConfig } from "../config/config.js";
-import type { TelegramAccountConfig, TelegramActionConfig } from "../config/types.js";
-import { isTruthyEnvValue } from "../infra/env.js";
-import { createSubsystemLogger } from "../logging/subsystem.js";
+import { createAccountActionGate } from "../../../src/channels/plugins/account-action-gate.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { TelegramAccountConfig, TelegramActionConfig } from "../../../src/config/types.js";
+import { isTruthyEnvValue } from "../../../src/infra/env.js";
+import { createSubsystemLogger } from "../../../src/logging/subsystem.js";
 import {
   listConfiguredAccountIds as listConfiguredAccountIdsFromSection,
   resolveAccountWithDefaultFallback,
-} from "../plugin-sdk/account-resolution.js";
-import { resolveAccountEntry } from "../routing/account-lookup.js";
-import { listBoundAccountIds, resolveDefaultAgentBoundAccountId } from "../routing/bindings.js";
-import { formatSetExplicitDefaultInstruction } from "../routing/default-account-warnings.js";
+} from "../../../src/plugin-sdk/account-resolution.js";
+import { resolveAccountEntry } from "../../../src/routing/account-lookup.js";
+import {
+  listBoundAccountIds,
+  resolveDefaultAgentBoundAccountId,
+} from "../../../src/routing/bindings.js";
+import { formatSetExplicitDefaultInstruction } from "../../../src/routing/default-account-warnings.js";
 import {
   DEFAULT_ACCOUNT_ID,
   normalizeAccountId,
   normalizeOptionalAccountId,
-} from "../routing/session-key.js";
+} from "../../../src/routing/session-key.js";
 import { resolveTelegramToken } from "./token.js";
 
 const log = createSubsystemLogger("telegram/accounts");
diff --git a/src/channels/telegram/allow-from.test.ts b/extensions/telegram/src/allow-from.test.ts
similarity index 100%
rename from src/channels/telegram/allow-from.test.ts
rename to extensions/telegram/src/allow-from.test.ts
diff --git a/src/channels/telegram/allow-from.ts b/extensions/telegram/src/allow-from.ts
similarity index 100%
rename from src/channels/telegram/allow-from.ts
rename to extensions/telegram/src/allow-from.ts
diff --git a/src/telegram/allowed-updates.ts b/extensions/telegram/src/allowed-updates.ts
similarity index 100%
rename from src/telegram/allowed-updates.ts
rename to extensions/telegram/src/allowed-updates.ts
diff --git a/src/channels/telegram/api.test.ts b/extensions/telegram/src/api-fetch.test.ts
similarity index 96%
rename from src/channels/telegram/api.test.ts
rename to extensions/telegram/src/api-fetch.test.ts
index caab59b7ec0..e65499ef25c 100644
--- a/src/channels/telegram/api.test.ts
+++ b/extensions/telegram/src/api-fetch.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it, vi } from "vitest";
-import { fetchTelegramChatId } from "./api.js";
+import { fetchTelegramChatId } from "./api-fetch.js";
 
 describe("fetchTelegramChatId", () => {
   const cases = [
diff --git a/src/channels/telegram/api.ts b/extensions/telegram/src/api-fetch.ts
similarity index 100%
rename from src/channels/telegram/api.ts
rename to extensions/telegram/src/api-fetch.ts
diff --git a/src/telegram/api-logging.ts b/extensions/telegram/src/api-logging.ts
similarity index 79%
rename from src/telegram/api-logging.ts
rename to extensions/telegram/src/api-logging.ts
index 4534b3f8264..6af9d7ae5a3 100644
--- a/src/telegram/api-logging.ts
+++ b/extensions/telegram/src/api-logging.ts
@@ -1,7 +1,7 @@
-import { danger } from "../globals.js";
-import { formatErrorMessage } from "../infra/errors.js";
-import { createSubsystemLogger } from "../logging/subsystem.js";
-import type { RuntimeEnv } from "../runtime.js";
+import { danger } from "../../../src/globals.js";
+import { formatErrorMessage } from "../../../src/infra/errors.js";
+import { createSubsystemLogger } from "../../../src/logging/subsystem.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 
 export type TelegramApiLogger = (message: string) => void;
 
diff --git a/src/telegram/approval-buttons.test.ts b/extensions/telegram/src/approval-buttons.test.ts
similarity index 100%
rename from src/telegram/approval-buttons.test.ts
rename to extensions/telegram/src/approval-buttons.test.ts
diff --git a/src/telegram/approval-buttons.ts b/extensions/telegram/src/approval-buttons.ts
similarity index 93%
rename from src/telegram/approval-buttons.ts
rename to extensions/telegram/src/approval-buttons.ts
index 0439bec58b9..a996ed3adf3 100644
--- a/src/telegram/approval-buttons.ts
+++ b/extensions/telegram/src/approval-buttons.ts
@@ -1,4 +1,4 @@
-import type { ExecApprovalReplyDecision } from "../infra/exec-approval-reply.js";
+import type { ExecApprovalReplyDecision } from "../../../src/infra/exec-approval-reply.js";
 import type { TelegramInlineButtons } from "./button-types.js";
 
 const MAX_CALLBACK_DATA_BYTES = 64;
diff --git a/src/telegram/audit-membership-runtime.ts b/extensions/telegram/src/audit-membership-runtime.ts
similarity index 95%
rename from src/telegram/audit-membership-runtime.ts
rename to extensions/telegram/src/audit-membership-runtime.ts
index c710fb92aa7..694ad338c5b 100644
--- a/src/telegram/audit-membership-runtime.ts
+++ b/extensions/telegram/src/audit-membership-runtime.ts
@@ -1,5 +1,5 @@
-import { isRecord } from "../utils.js";
-import { fetchWithTimeout } from "../utils/fetch-timeout.js";
+import { isRecord } from "../../../src/utils.js";
+import { fetchWithTimeout } from "../../../src/utils/fetch-timeout.js";
 import type {
   AuditTelegramGroupMembershipParams,
   TelegramGroupMembershipAudit,
diff --git a/src/telegram/audit.test.ts b/extensions/telegram/src/audit.test.ts
similarity index 100%
rename from src/telegram/audit.test.ts
rename to extensions/telegram/src/audit.test.ts
diff --git a/src/telegram/audit.ts b/extensions/telegram/src/audit.ts
similarity index 94%
rename from src/telegram/audit.ts
rename to extensions/telegram/src/audit.ts
index 6b667c37581..507f161edca 100644
--- a/src/telegram/audit.ts
+++ b/extensions/telegram/src/audit.ts
@@ -1,5 +1,5 @@
-import type { TelegramGroupConfig } from "../config/types.js";
-import type { TelegramNetworkConfig } from "../config/types.telegram.js";
+import type { TelegramGroupConfig } from "../../../src/config/types.js";
+import type { TelegramNetworkConfig } from "../../../src/config/types.telegram.js";
 
 export type TelegramGroupMembershipAuditEntry = {
   chatId: string;
diff --git a/src/telegram/bot-access.test.ts b/extensions/telegram/src/bot-access.test.ts
similarity index 100%
rename from src/telegram/bot-access.test.ts
rename to extensions/telegram/src/bot-access.test.ts
diff --git a/src/telegram/bot-access.ts b/extensions/telegram/src/bot-access.ts
similarity index 93%
rename from src/telegram/bot-access.ts
rename to extensions/telegram/src/bot-access.ts
index 60b3f5582a9..57b242afc3d 100644
--- a/src/telegram/bot-access.ts
+++ b/extensions/telegram/src/bot-access.ts
@@ -2,9 +2,9 @@ import {
   firstDefined,
   isSenderIdAllowed,
   mergeDmAllowFromSources,
-} from "../channels/allow-from.js";
-import type { AllowlistMatch } from "../channels/allowlist-match.js";
-import { createSubsystemLogger } from "../logging/subsystem.js";
+} from "../../../src/channels/allow-from.js";
+import type { AllowlistMatch } from "../../../src/channels/allowlist-match.js";
+import { createSubsystemLogger } from "../../../src/logging/subsystem.js";
 
 export type NormalizedAllowFrom = {
   entries: string[];
diff --git a/src/telegram/bot-handlers.ts b/extensions/telegram/src/bot-handlers.ts
similarity index 97%
rename from src/telegram/bot-handlers.ts
rename to extensions/telegram/src/bot-handlers.ts
index 40eada8f62a..295c4092ec6 100644
--- a/src/telegram/bot-handlers.ts
+++ b/extensions/telegram/src/bot-handlers.ts
@@ -1,41 +1,41 @@
 import type { Message, ReactionTypeEmoji } from "@grammyjs/types";
-import { resolveAgentDir, resolveDefaultAgentId } from "../agents/agent-scope.js";
-import { resolveDefaultModelForAgent } from "../agents/model-selection.js";
+import { resolveAgentDir, resolveDefaultAgentId } from "../../../src/agents/agent-scope.js";
+import { resolveDefaultModelForAgent } from "../../../src/agents/model-selection.js";
 import {
   createInboundDebouncer,
   resolveInboundDebounceMs,
-} from "../auto-reply/inbound-debounce.js";
-import { buildCommandsPaginationKeyboard } from "../auto-reply/reply/commands-info.js";
+} from "../../../src/auto-reply/inbound-debounce.js";
+import { buildCommandsPaginationKeyboard } from "../../../src/auto-reply/reply/commands-info.js";
 import {
   buildModelsProviderData,
   formatModelsAvailableHeader,
-} from "../auto-reply/reply/commands-models.js";
-import { resolveStoredModelOverride } from "../auto-reply/reply/model-selection.js";
-import { listSkillCommandsForAgents } from "../auto-reply/skill-commands.js";
-import { buildCommandsMessagePaginated } from "../auto-reply/status.js";
-import { shouldDebounceTextInbound } from "../channels/inbound-debounce-policy.js";
-import { resolveChannelConfigWrites } from "../channels/plugins/config-writes.js";
-import { loadConfig } from "../config/config.js";
-import { writeConfigFile } from "../config/io.js";
+} from "../../../src/auto-reply/reply/commands-models.js";
+import { resolveStoredModelOverride } from "../../../src/auto-reply/reply/model-selection.js";
+import { listSkillCommandsForAgents } from "../../../src/auto-reply/skill-commands.js";
+import { buildCommandsMessagePaginated } from "../../../src/auto-reply/status.js";
+import { shouldDebounceTextInbound } from "../../../src/channels/inbound-debounce-policy.js";
+import { resolveChannelConfigWrites } from "../../../src/channels/plugins/config-writes.js";
+import { loadConfig } from "../../../src/config/config.js";
+import { writeConfigFile } from "../../../src/config/io.js";
 import {
   loadSessionStore,
   resolveSessionStoreEntry,
   resolveStorePath,
   updateSessionStore,
-} from "../config/sessions.js";
-import type { DmPolicy } from "../config/types.base.js";
+} from "../../../src/config/sessions.js";
+import type { DmPolicy } from "../../../src/config/types.base.js";
 import type {
   TelegramDirectConfig,
   TelegramGroupConfig,
   TelegramTopicConfig,
-} from "../config/types.js";
-import { danger, logVerbose, warn } from "../globals.js";
-import { enqueueSystemEvent } from "../infra/system-events.js";
-import { MediaFetchError } from "../media/fetch.js";
-import { readChannelAllowFromStore } from "../pairing/pairing-store.js";
-import { resolveAgentRoute } from "../routing/resolve-route.js";
-import { resolveThreadSessionKeys } from "../routing/session-key.js";
-import { applyModelOverrideToSessionEntry } from "../sessions/model-overrides.js";
+} from "../../../src/config/types.js";
+import { danger, logVerbose, warn } from "../../../src/globals.js";
+import { enqueueSystemEvent } from "../../../src/infra/system-events.js";
+import { MediaFetchError } from "../../../src/media/fetch.js";
+import { readChannelAllowFromStore } from "../../../src/pairing/pairing-store.js";
+import { resolveAgentRoute } from "../../../src/routing/resolve-route.js";
+import { resolveThreadSessionKeys } from "../../../src/routing/session-key.js";
+import { applyModelOverrideToSessionEntry } from "../../../src/sessions/model-overrides.js";
 import { withTelegramApiErrorLogging } from "./api-logging.js";
 import {
   isSenderAllowed,
diff --git a/src/telegram/bot-message-context.acp-bindings.test.ts b/extensions/telegram/src/bot-message-context.acp-bindings.test.ts
similarity index 98%
rename from src/telegram/bot-message-context.acp-bindings.test.ts
rename to extensions/telegram/src/bot-message-context.acp-bindings.test.ts
index 1e073366347..1f9adb41a72 100644
--- a/src/telegram/bot-message-context.acp-bindings.test.ts
+++ b/extensions/telegram/src/bot-message-context.acp-bindings.test.ts
@@ -3,7 +3,7 @@ import { beforeEach, describe, expect, it, vi } from "vitest";
 const ensureConfiguredAcpBindingSessionMock = vi.hoisted(() => vi.fn());
 const resolveConfiguredAcpBindingRecordMock = vi.hoisted(() => vi.fn());
 
-vi.mock("../acp/persistent-bindings.js", () => ({
+vi.mock("../../../src/acp/persistent-bindings.js", () => ({
   ensureConfiguredAcpBindingSession: (...args: unknown[]) =>
     ensureConfiguredAcpBindingSessionMock(...args),
   resolveConfiguredAcpBindingRecord: (...args: unknown[]) =>
diff --git a/src/telegram/bot-message-context.audio-transcript.test.ts b/extensions/telegram/src/bot-message-context.audio-transcript.test.ts
similarity index 98%
rename from src/telegram/bot-message-context.audio-transcript.test.ts
rename to extensions/telegram/src/bot-message-context.audio-transcript.test.ts
index 1cd0e15df31..a9e60736e70 100644
--- a/src/telegram/bot-message-context.audio-transcript.test.ts
+++ b/extensions/telegram/src/bot-message-context.audio-transcript.test.ts
@@ -6,7 +6,7 @@ const DEFAULT_MODEL = "anthropic/claude-opus-4-5";
 const DEFAULT_WORKSPACE = "/tmp/openclaw";
 const DEFAULT_MENTION_PATTERN = "\\bbot\\b";
 
-vi.mock("../media-understanding/audio-preflight.js", () => ({
+vi.mock("../../../src/media-understanding/audio-preflight.js", () => ({
   transcribeFirstAudio: (...args: unknown[]) => transcribeFirstAudioMock(...args),
 }));
 
diff --git a/src/telegram/bot-message-context.body.ts b/extensions/telegram/src/bot-message-context.body.ts
similarity index 89%
rename from src/telegram/bot-message-context.body.ts
rename to extensions/telegram/src/bot-message-context.body.ts
index 56b18f1b944..8290b02169d 100644
--- a/src/telegram/bot-message-context.body.ts
+++ b/extensions/telegram/src/bot-message-context.body.ts
@@ -2,26 +2,29 @@ import {
   findModelInCatalog,
   loadModelCatalog,
   modelSupportsVision,
-} from "../agents/model-catalog.js";
-import { resolveDefaultModelForAgent } from "../agents/model-selection.js";
-import { hasControlCommand } from "../auto-reply/command-detection.js";
+} from "../../../src/agents/model-catalog.js";
+import { resolveDefaultModelForAgent } from "../../../src/agents/model-selection.js";
+import { hasControlCommand } from "../../../src/auto-reply/command-detection.js";
 import {
   recordPendingHistoryEntryIfEnabled,
   type HistoryEntry,
-} from "../auto-reply/reply/history.js";
-import { buildMentionRegexes, matchesMentionWithExplicit } from "../auto-reply/reply/mentions.js";
-import type { MsgContext } from "../auto-reply/templating.js";
-import { resolveControlCommandGate } from "../channels/command-gating.js";
-import { formatLocationText, type NormalizedLocation } from "../channels/location.js";
-import { logInboundDrop } from "../channels/logging.js";
-import { resolveMentionGatingWithBypass } from "../channels/mention-gating.js";
-import type { OpenClawConfig } from "../config/config.js";
+} from "../../../src/auto-reply/reply/history.js";
+import {
+  buildMentionRegexes,
+  matchesMentionWithExplicit,
+} from "../../../src/auto-reply/reply/mentions.js";
+import type { MsgContext } from "../../../src/auto-reply/templating.js";
+import { resolveControlCommandGate } from "../../../src/channels/command-gating.js";
+import { formatLocationText, type NormalizedLocation } from "../../../src/channels/location.js";
+import { logInboundDrop } from "../../../src/channels/logging.js";
+import { resolveMentionGatingWithBypass } from "../../../src/channels/mention-gating.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import type {
   TelegramDirectConfig,
   TelegramGroupConfig,
   TelegramTopicConfig,
-} from "../config/types.js";
-import { logVerbose } from "../globals.js";
+} from "../../../src/config/types.js";
+import { logVerbose } from "../../../src/globals.js";
 import type { NormalizedAllowFrom } from "./bot-access.js";
 import { isSenderAllowed } from "./bot-access.js";
 import type {
@@ -179,7 +182,8 @@ export async function resolveTelegramInboundBody(params: {
 
   if (needsPreflightTranscription) {
     try {
-      const { transcribeFirstAudio } = await import("../media-understanding/audio-preflight.js");
+      const { transcribeFirstAudio } =
+        await import("../../../src/media-understanding/audio-preflight.js");
       const tempCtx: MsgContext = {
         MediaPaths: allMedia.length > 0 ? allMedia.map((m) => m.path) : undefined,
         MediaTypes:
diff --git a/src/telegram/bot-message-context.dm-threads.test.ts b/extensions/telegram/src/bot-message-context.dm-threads.test.ts
similarity index 97%
rename from src/telegram/bot-message-context.dm-threads.test.ts
rename to extensions/telegram/src/bot-message-context.dm-threads.test.ts
index eba4c19c88c..23fb0cdcc19 100644
--- a/src/telegram/bot-message-context.dm-threads.test.ts
+++ b/extensions/telegram/src/bot-message-context.dm-threads.test.ts
@@ -1,5 +1,8 @@
 import { afterEach, describe, expect, it } from "vitest";
-import { clearRuntimeConfigSnapshot, setRuntimeConfigSnapshot } from "../config/config.js";
+import {
+  clearRuntimeConfigSnapshot,
+  setRuntimeConfigSnapshot,
+} from "../../../src/config/config.js";
 import { buildTelegramMessageContextForTest } from "./bot-message-context.test-harness.js";
 
 describe("buildTelegramMessageContext dm thread sessions", () => {
diff --git a/src/telegram/bot-message-context.dm-topic-threadid.test.ts b/extensions/telegram/src/bot-message-context.dm-topic-threadid.test.ts
similarity index 98%
rename from src/telegram/bot-message-context.dm-topic-threadid.test.ts
rename to extensions/telegram/src/bot-message-context.dm-topic-threadid.test.ts
index ba566898db8..8f8375fd11a 100644
--- a/src/telegram/bot-message-context.dm-topic-threadid.test.ts
+++ b/extensions/telegram/src/bot-message-context.dm-topic-threadid.test.ts
@@ -3,7 +3,7 @@ import { buildTelegramMessageContextForTest } from "./bot-message-context.test-h
 
 // Mock recordInboundSession to capture updateLastRoute parameter
 const recordInboundSessionMock = vi.fn().mockResolvedValue(undefined);
-vi.mock("../channels/session.js", () => ({
+vi.mock("../../../src/channels/session.js", () => ({
   recordInboundSession: (...args: unknown[]) => recordInboundSessionMock(...args),
 }));
 
diff --git a/src/telegram/bot-message-context.implicit-mention.test.ts b/extensions/telegram/src/bot-message-context.implicit-mention.test.ts
similarity index 100%
rename from src/telegram/bot-message-context.implicit-mention.test.ts
rename to extensions/telegram/src/bot-message-context.implicit-mention.test.ts
diff --git a/src/telegram/bot-message-context.named-account-dm.test.ts b/extensions/telegram/src/bot-message-context.named-account-dm.test.ts
similarity index 96%
rename from src/telegram/bot-message-context.named-account-dm.test.ts
rename to extensions/telegram/src/bot-message-context.named-account-dm.test.ts
index 50a24b38f8a..a60904514ba 100644
--- a/src/telegram/bot-message-context.named-account-dm.test.ts
+++ b/extensions/telegram/src/bot-message-context.named-account-dm.test.ts
@@ -1,9 +1,12 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { clearRuntimeConfigSnapshot, setRuntimeConfigSnapshot } from "../config/config.js";
+import {
+  clearRuntimeConfigSnapshot,
+  setRuntimeConfigSnapshot,
+} from "../../../src/config/config.js";
 import { buildTelegramMessageContextForTest } from "./bot-message-context.test-harness.js";
 
 const recordInboundSessionMock = vi.fn().mockResolvedValue(undefined);
-vi.mock("../channels/session.js", () => ({
+vi.mock("../../../src/channels/session.js", () => ({
   recordInboundSession: (...args: unknown[]) => recordInboundSessionMock(...args),
 }));
 
diff --git a/src/telegram/bot-message-context.sender-prefix.test.ts b/extensions/telegram/src/bot-message-context.sender-prefix.test.ts
similarity index 100%
rename from src/telegram/bot-message-context.sender-prefix.test.ts
rename to extensions/telegram/src/bot-message-context.sender-prefix.test.ts
diff --git a/src/telegram/bot-message-context.session.ts b/extensions/telegram/src/bot-message-context.session.ts
similarity index 90%
rename from src/telegram/bot-message-context.session.ts
rename to extensions/telegram/src/bot-message-context.session.ts
index 6932b315dc7..1a2f54cf22f 100644
--- a/src/telegram/bot-message-context.session.ts
+++ b/extensions/telegram/src/bot-message-context.session.ts
@@ -1,23 +1,26 @@
-import { normalizeCommandBody } from "../auto-reply/commands-registry.js";
-import { formatInboundEnvelope, resolveEnvelopeFormatOptions } from "../auto-reply/envelope.js";
+import { normalizeCommandBody } from "../../../src/auto-reply/commands-registry.js";
+import {
+  formatInboundEnvelope,
+  resolveEnvelopeFormatOptions,
+} from "../../../src/auto-reply/envelope.js";
 import {
   buildPendingHistoryContextFromMap,
   type HistoryEntry,
-} from "../auto-reply/reply/history.js";
-import { finalizeInboundContext } from "../auto-reply/reply/inbound-context.js";
-import { toLocationContext } from "../channels/location.js";
-import { recordInboundSession } from "../channels/session.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { readSessionUpdatedAt, resolveStorePath } from "../config/sessions.js";
+} from "../../../src/auto-reply/reply/history.js";
+import { finalizeInboundContext } from "../../../src/auto-reply/reply/inbound-context.js";
+import { toLocationContext } from "../../../src/channels/location.js";
+import { recordInboundSession } from "../../../src/channels/session.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { readSessionUpdatedAt, resolveStorePath } from "../../../src/config/sessions.js";
 import type {
   TelegramDirectConfig,
   TelegramGroupConfig,
   TelegramTopicConfig,
-} from "../config/types.js";
-import { logVerbose, shouldLogVerbose } from "../globals.js";
-import type { ResolvedAgentRoute } from "../routing/resolve-route.js";
-import { resolveInboundLastRouteSessionKey } from "../routing/resolve-route.js";
-import { resolvePinnedMainDmOwnerFromAllowlist } from "../security/dm-policy-shared.js";
+} from "../../../src/config/types.js";
+import { logVerbose, shouldLogVerbose } from "../../../src/globals.js";
+import type { ResolvedAgentRoute } from "../../../src/routing/resolve-route.js";
+import { resolveInboundLastRouteSessionKey } from "../../../src/routing/resolve-route.js";
+import { resolvePinnedMainDmOwnerFromAllowlist } from "../../../src/security/dm-policy-shared.js";
 import { normalizeAllowFrom } from "./bot-access.js";
 import type {
   TelegramMediaRef,
@@ -60,7 +63,7 @@ export async function buildTelegramInboundContextPayload(params: {
   stickerCacheHit: boolean;
   effectiveWasMentioned: boolean;
   commandAuthorized: boolean;
-  locationData?: import("../channels/location.js").NormalizedLocation;
+  locationData?: import("../../../src/channels/location.js").NormalizedLocation;
   options?: TelegramMessageContextOptions;
   dmAllowFrom?: Array<string | number>;
 }): Promise<{
diff --git a/src/telegram/bot-message-context.test-harness.ts b/extensions/telegram/src/bot-message-context.test-harness.ts
similarity index 100%
rename from src/telegram/bot-message-context.test-harness.ts
rename to extensions/telegram/src/bot-message-context.test-harness.ts
diff --git a/src/telegram/bot-message-context.thread-binding.test.ts b/extensions/telegram/src/bot-message-context.thread-binding.test.ts
similarity index 95%
rename from src/telegram/bot-message-context.thread-binding.test.ts
rename to extensions/telegram/src/bot-message-context.thread-binding.test.ts
index 07a625fa782..e635b6f4a11 100644
--- a/src/telegram/bot-message-context.thread-binding.test.ts
+++ b/extensions/telegram/src/bot-message-context.thread-binding.test.ts
@@ -9,9 +9,9 @@ const hoisted = vi.hoisted(() => {
   };
 });
 
-vi.mock("../infra/outbound/session-binding-service.js", async (importOriginal) => {
+vi.mock("../../../src/infra/outbound/session-binding-service.js", async (importOriginal) => {
   const actual =
-    await importOriginal<typeof import("../infra/outbound/session-binding-service.js")>();
+    await importOriginal<typeof import("../../../src/infra/outbound/session-binding-service.js")>();
   return {
     ...actual,
     getSessionBindingService: () => ({
diff --git a/src/telegram/bot-message-context.topic-agentid.test.ts b/extensions/telegram/src/bot-message-context.topic-agentid.test.ts
similarity index 90%
rename from src/telegram/bot-message-context.topic-agentid.test.ts
rename to extensions/telegram/src/bot-message-context.topic-agentid.test.ts
index d3e24060278..57c0c8209a0 100644
--- a/src/telegram/bot-message-context.topic-agentid.test.ts
+++ b/extensions/telegram/src/bot-message-context.topic-agentid.test.ts
@@ -1,6 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { loadConfig } from "../config/config.js";
-import { buildTelegramMessageContextForTest } from "./bot-message-context.test-harness.js";
+import { loadConfig } from "../../../src/config/config.js";
 
 const { defaultRouteConfig } = vi.hoisted(() => ({
   defaultRouteConfig: {
@@ -12,14 +11,17 @@ const { defaultRouteConfig } = vi.hoisted(() => ({
   },
 }));
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: vi.fn(() => defaultRouteConfig),
   };
 });
 
+const { buildTelegramMessageContextForTest } =
+  await import("./bot-message-context.test-harness.js");
+
 describe("buildTelegramMessageContext per-topic agentId routing", () => {
   function buildForumMessage(threadId = 3) {
     return {
@@ -98,7 +100,7 @@ describe("buildTelegramMessageContext per-topic agentId routing", () => {
     expect(ctx?.ctxPayload?.SessionKey).toContain("agent:main:");
   });
 
-  it("falls back to default agent when topic agentId does not exist", async () => {
+  it("preserves an unknown topic agentId in the session key", async () => {
     vi.mocked(loadConfig).mockReturnValue({
       agents: {
         list: [{ id: "main", default: true }, { id: "zu" }],
@@ -110,7 +112,7 @@ describe("buildTelegramMessageContext per-topic agentId routing", () => {
     const ctx = await buildForumContext({ topicConfig: { agentId: "ghost" } });
 
     expect(ctx).not.toBeNull();
-    expect(ctx?.ctxPayload?.SessionKey).toContain("agent:main:");
+    expect(ctx?.ctxPayload?.SessionKey).toContain("agent:ghost:");
   });
 
   it("routes DM topic to specific agent when agentId is set", async () => {
diff --git a/src/telegram/bot-message-context.ts b/extensions/telegram/src/bot-message-context.ts
similarity index 95%
rename from src/telegram/bot-message-context.ts
rename to extensions/telegram/src/bot-message-context.ts
index 19962121628..03bcd429018 100644
--- a/src/telegram/bot-message-context.ts
+++ b/extensions/telegram/src/bot-message-context.ts
@@ -1,17 +1,17 @@
-import { ensureConfiguredAcpRouteReady } from "../acp/persistent-bindings.route.js";
-import { resolveAckReaction } from "../agents/identity.js";
-import { shouldAckReaction as shouldAckReactionGate } from "../channels/ack-reactions.js";
-import { logInboundDrop } from "../channels/logging.js";
+import { ensureConfiguredAcpRouteReady } from "../../../src/acp/persistent-bindings.route.js";
+import { resolveAckReaction } from "../../../src/agents/identity.js";
+import { shouldAckReaction as shouldAckReactionGate } from "../../../src/channels/ack-reactions.js";
+import { logInboundDrop } from "../../../src/channels/logging.js";
 import {
   createStatusReactionController,
   type StatusReactionController,
-} from "../channels/status-reactions.js";
-import { loadConfig } from "../config/config.js";
-import type { TelegramDirectConfig, TelegramGroupConfig } from "../config/types.js";
-import { logVerbose } from "../globals.js";
-import { recordChannelActivity } from "../infra/channel-activity.js";
-import { buildAgentSessionKey, deriveLastRoutePolicy } from "../routing/resolve-route.js";
-import { DEFAULT_ACCOUNT_ID, resolveThreadSessionKeys } from "../routing/session-key.js";
+} from "../../../src/channels/status-reactions.js";
+import { loadConfig } from "../../../src/config/config.js";
+import type { TelegramDirectConfig, TelegramGroupConfig } from "../../../src/config/types.js";
+import { logVerbose } from "../../../src/globals.js";
+import { recordChannelActivity } from "../../../src/infra/channel-activity.js";
+import { buildAgentSessionKey, deriveLastRoutePolicy } from "../../../src/routing/resolve-route.js";
+import { DEFAULT_ACCOUNT_ID, resolveThreadSessionKeys } from "../../../src/routing/session-key.js";
 import { withTelegramApiErrorLogging } from "./api-logging.js";
 import { firstDefined, normalizeAllowFrom, normalizeDmAllowFromWithStore } from "./bot-access.js";
 import { resolveTelegramInboundBody } from "./bot-message-context.body.js";
diff --git a/src/telegram/bot-message-context.types.ts b/extensions/telegram/src/bot-message-context.types.ts
similarity index 91%
rename from src/telegram/bot-message-context.types.ts
rename to extensions/telegram/src/bot-message-context.types.ts
index 9f140b63907..2853c1a8e34 100644
--- a/src/telegram/bot-message-context.types.ts
+++ b/extensions/telegram/src/bot-message-context.types.ts
@@ -1,12 +1,12 @@
 import type { Bot } from "grammy";
-import type { HistoryEntry } from "../auto-reply/reply/history.js";
-import type { OpenClawConfig } from "../config/config.js";
+import type { HistoryEntry } from "../../../src/auto-reply/reply/history.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import type {
   DmPolicy,
   TelegramDirectConfig,
   TelegramGroupConfig,
   TelegramTopicConfig,
-} from "../config/types.js";
+} from "../../../src/config/types.js";
 import type { StickerMetadata, TelegramContext } from "./bot/types.js";
 
 export type TelegramMediaRef = {
diff --git a/src/telegram/bot-message-dispatch.sticker-media.test.ts b/extensions/telegram/src/bot-message-dispatch.sticker-media.test.ts
similarity index 100%
rename from src/telegram/bot-message-dispatch.sticker-media.test.ts
rename to extensions/telegram/src/bot-message-dispatch.sticker-media.test.ts
diff --git a/src/telegram/bot-message-dispatch.test.ts b/extensions/telegram/src/bot-message-dispatch.test.ts
similarity index 99%
rename from src/telegram/bot-message-dispatch.test.ts
rename to extensions/telegram/src/bot-message-dispatch.test.ts
index 62255706fbd..156d9296ae7 100644
--- a/src/telegram/bot-message-dispatch.test.ts
+++ b/extensions/telegram/src/bot-message-dispatch.test.ts
@@ -1,7 +1,7 @@
 import path from "node:path";
 import type { Bot } from "grammy";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { STATE_DIR } from "../config/paths.js";
+import { STATE_DIR } from "../../../src/config/paths.js";
 import {
   createSequencedTestDraftStream,
   createTestDraftStream,
@@ -18,7 +18,7 @@ vi.mock("./draft-stream.js", () => ({
   createTelegramDraftStream,
 }));
 
-vi.mock("../auto-reply/reply/provider-dispatcher.js", () => ({
+vi.mock("../../../src/auto-reply/reply/provider-dispatcher.js", () => ({
   dispatchReplyWithBufferedBlockDispatcher,
 }));
 
@@ -30,8 +30,8 @@ vi.mock("./send.js", () => ({
   editMessageTelegram,
 }));
 
-vi.mock("../config/sessions.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/sessions.js")>();
+vi.mock("../../../src/config/sessions.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/sessions.js")>();
   return {
     ...actual,
     loadSessionStore,
diff --git a/src/telegram/bot-message-dispatch.ts b/extensions/telegram/src/bot-message-dispatch.ts
similarity index 95%
rename from src/telegram/bot-message-dispatch.ts
rename to extensions/telegram/src/bot-message-dispatch.ts
index 424f98caefc..a9c0e625508 100644
--- a/src/telegram/bot-message-dispatch.ts
+++ b/extensions/telegram/src/bot-message-dispatch.ts
@@ -1,29 +1,33 @@
 import type { Bot } from "grammy";
-import { resolveAgentDir } from "../agents/agent-scope.js";
+import { resolveAgentDir } from "../../../src/agents/agent-scope.js";
 import {
   findModelInCatalog,
   loadModelCatalog,
   modelSupportsVision,
-} from "../agents/model-catalog.js";
-import { resolveDefaultModelForAgent } from "../agents/model-selection.js";
-import { resolveChunkMode } from "../auto-reply/chunk.js";
-import { clearHistoryEntriesIfEnabled } from "../auto-reply/reply/history.js";
-import { dispatchReplyWithBufferedBlockDispatcher } from "../auto-reply/reply/provider-dispatcher.js";
-import type { ReplyPayload } from "../auto-reply/types.js";
-import { removeAckReactionAfterReply } from "../channels/ack-reactions.js";
-import { logAckFailure, logTypingFailure } from "../channels/logging.js";
-import { createReplyPrefixOptions } from "../channels/reply-prefix.js";
-import { createTypingCallbacks } from "../channels/typing.js";
-import { resolveMarkdownTableMode } from "../config/markdown-tables.js";
+} from "../../../src/agents/model-catalog.js";
+import { resolveDefaultModelForAgent } from "../../../src/agents/model-selection.js";
+import { resolveChunkMode } from "../../../src/auto-reply/chunk.js";
+import { clearHistoryEntriesIfEnabled } from "../../../src/auto-reply/reply/history.js";
+import { dispatchReplyWithBufferedBlockDispatcher } from "../../../src/auto-reply/reply/provider-dispatcher.js";
+import type { ReplyPayload } from "../../../src/auto-reply/types.js";
+import { removeAckReactionAfterReply } from "../../../src/channels/ack-reactions.js";
+import { logAckFailure, logTypingFailure } from "../../../src/channels/logging.js";
+import { createReplyPrefixOptions } from "../../../src/channels/reply-prefix.js";
+import { createTypingCallbacks } from "../../../src/channels/typing.js";
+import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js";
 import {
   loadSessionStore,
   resolveSessionStoreEntry,
   resolveStorePath,
-} from "../config/sessions.js";
-import type { OpenClawConfig, ReplyToMode, TelegramAccountConfig } from "../config/types.js";
-import { danger, logVerbose } from "../globals.js";
-import { getAgentScopedMediaLocalRoots } from "../media/local-roots.js";
-import type { RuntimeEnv } from "../runtime.js";
+} from "../../../src/config/sessions.js";
+import type {
+  OpenClawConfig,
+  ReplyToMode,
+  TelegramAccountConfig,
+} from "../../../src/config/types.js";
+import { danger, logVerbose } from "../../../src/globals.js";
+import { getAgentScopedMediaLocalRoots } from "../../../src/media/local-roots.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 import type { TelegramMessageContext } from "./bot-message-context.js";
 import type { TelegramBotOptions } from "./bot.js";
 import { deliverReplies } from "./bot/delivery.js";
diff --git a/src/telegram/bot-message.test.ts b/extensions/telegram/src/bot-message.test.ts
similarity index 100%
rename from src/telegram/bot-message.test.ts
rename to extensions/telegram/src/bot-message.test.ts
diff --git a/src/telegram/bot-message.ts b/extensions/telegram/src/bot-message.ts
similarity index 91%
rename from src/telegram/bot-message.ts
rename to extensions/telegram/src/bot-message.ts
index 3fa58bb9ed8..0a5d44c65db 100644
--- a/src/telegram/bot-message.ts
+++ b/extensions/telegram/src/bot-message.ts
@@ -1,7 +1,7 @@
-import type { ReplyToMode } from "../config/config.js";
-import type { TelegramAccountConfig } from "../config/types.telegram.js";
-import { danger } from "../globals.js";
-import type { RuntimeEnv } from "../runtime.js";
+import type { ReplyToMode } from "../../../src/config/config.js";
+import type { TelegramAccountConfig } from "../../../src/config/types.telegram.js";
+import { danger } from "../../../src/globals.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 import {
   buildTelegramMessageContext,
   type BuildTelegramMessageContextParams,
diff --git a/src/telegram/bot-native-command-menu.test.ts b/extensions/telegram/src/bot-native-command-menu.test.ts
similarity index 100%
rename from src/telegram/bot-native-command-menu.test.ts
rename to extensions/telegram/src/bot-native-command-menu.test.ts
diff --git a/src/telegram/bot-native-command-menu.ts b/extensions/telegram/src/bot-native-command-menu.ts
similarity index 97%
rename from src/telegram/bot-native-command-menu.ts
rename to extensions/telegram/src/bot-native-command-menu.ts
index 6dd8f1ba30a..73fa2d2345a 100644
--- a/src/telegram/bot-native-command-menu.ts
+++ b/extensions/telegram/src/bot-native-command-menu.ts
@@ -3,13 +3,13 @@ import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
 import type { Bot } from "grammy";
-import { resolveStateDir } from "../config/paths.js";
+import { resolveStateDir } from "../../../src/config/paths.js";
 import {
   normalizeTelegramCommandName,
   TELEGRAM_COMMAND_NAME_PATTERN,
-} from "../config/telegram-custom-commands.js";
-import { logVerbose } from "../globals.js";
-import type { RuntimeEnv } from "../runtime.js";
+} from "../../../src/config/telegram-custom-commands.js";
+import { logVerbose } from "../../../src/globals.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 import { withTelegramApiErrorLogging } from "./api-logging.js";
 
 export const TELEGRAM_MAX_COMMANDS = 100;
diff --git a/src/telegram/bot-native-commands.group-auth.test.ts b/extensions/telegram/src/bot-native-commands.group-auth.test.ts
similarity index 96%
rename from src/telegram/bot-native-commands.group-auth.test.ts
rename to extensions/telegram/src/bot-native-commands.group-auth.test.ts
index cca25aedc2c..efee344b907 100644
--- a/src/telegram/bot-native-commands.group-auth.test.ts
+++ b/extensions/telegram/src/bot-native-commands.group-auth.test.ts
@@ -1,7 +1,7 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
-import type { ChannelGroupPolicy } from "../config/group-policy.js";
-import type { TelegramAccountConfig } from "../config/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { ChannelGroupPolicy } from "../../../src/config/group-policy.js";
+import type { TelegramAccountConfig } from "../../../src/config/types.js";
 import {
   createNativeCommandsHarness,
   createTelegramGroupCommandContext,
diff --git a/src/telegram/bot-native-commands.plugin-auth.test.ts b/extensions/telegram/src/bot-native-commands.plugin-auth.test.ts
similarity index 86%
rename from src/telegram/bot-native-commands.plugin-auth.test.ts
rename to extensions/telegram/src/bot-native-commands.plugin-auth.test.ts
index d611250bdeb..68268fb047b 100644
--- a/src/telegram/bot-native-commands.plugin-auth.test.ts
+++ b/extensions/telegram/src/bot-native-commands.plugin-auth.test.ts
@@ -1,6 +1,6 @@
 import { describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
-import type { TelegramAccountConfig } from "../config/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { TelegramAccountConfig } from "../../../src/config/types.js";
 import {
   createNativeCommandsHarness,
   deliverReplies,
@@ -11,17 +11,19 @@ import {
 
 type GetPluginCommandSpecsMock = {
   mockReturnValue: (
-    value: ReturnType<typeof import("../plugins/commands.js").getPluginCommandSpecs>,
+    value: ReturnType<typeof import("../../../src/plugins/commands.js").getPluginCommandSpecs>,
   ) => unknown;
 };
 type MatchPluginCommandMock = {
   mockReturnValue: (
-    value: ReturnType<typeof import("../plugins/commands.js").matchPluginCommand>,
+    value: ReturnType<typeof import("../../../src/plugins/commands.js").matchPluginCommand>,
   ) => unknown;
 };
 type ExecutePluginCommandMock = {
   mockResolvedValue: (
-    value: Awaited<ReturnType<typeof import("../plugins/commands.js").executePluginCommand>>,
+    value: Awaited<
+      ReturnType<typeof import("../../../src/plugins/commands.js").executePluginCommand>
+    >,
   ) => unknown;
 };
 
diff --git a/src/telegram/bot-native-commands.session-meta.test.ts b/extensions/telegram/src/bot-native-commands.session-meta.test.ts
similarity index 94%
rename from src/telegram/bot-native-commands.session-meta.test.ts
rename to extensions/telegram/src/bot-native-commands.session-meta.test.ts
index 43b5bb4133f..db3fdc23bba 100644
--- a/src/telegram/bot-native-commands.session-meta.test.ts
+++ b/extensions/telegram/src/bot-native-commands.session-meta.test.ts
@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import {
   registerTelegramNativeCommands,
   type RegisterTelegramHandlerParams,
@@ -10,11 +10,11 @@ type RegisterTelegramNativeCommandsParams = Parameters<typeof registerTelegramNa
 // All mocks scoped to this file only — does not affect bot-native-commands.test.ts
 
 type ResolveConfiguredAcpBindingRecordFn =
-  typeof import("../acp/persistent-bindings.js").resolveConfiguredAcpBindingRecord;
+  typeof import("../../../src/acp/persistent-bindings.js").resolveConfiguredAcpBindingRecord;
 type EnsureConfiguredAcpBindingSessionFn =
-  typeof import("../acp/persistent-bindings.js").ensureConfiguredAcpBindingSession;
+  typeof import("../../../src/acp/persistent-bindings.js").ensureConfiguredAcpBindingSession;
 type DispatchReplyWithBufferedBlockDispatcherFn =
-  typeof import("../auto-reply/reply/provider-dispatcher.js").dispatchReplyWithBufferedBlockDispatcher;
+  typeof import("../../../src/auto-reply/reply/provider-dispatcher.js").dispatchReplyWithBufferedBlockDispatcher;
 type DispatchReplyWithBufferedBlockDispatcherParams =
   Parameters<DispatchReplyWithBufferedBlockDispatcherFn>[0];
 type DispatchReplyWithBufferedBlockDispatcherResult = Awaited<
@@ -54,31 +54,31 @@ const sessionBindingMocks = vi.hoisted(() => ({
   touch: vi.fn(),
 }));
 
-vi.mock("../acp/persistent-bindings.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../acp/persistent-bindings.js")>();
+vi.mock("../../../src/acp/persistent-bindings.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/acp/persistent-bindings.js")>();
   return {
     ...actual,
     resolveConfiguredAcpBindingRecord: persistentBindingMocks.resolveConfiguredAcpBindingRecord,
     ensureConfiguredAcpBindingSession: persistentBindingMocks.ensureConfiguredAcpBindingSession,
   };
 });
-vi.mock("../config/sessions.js", () => ({
+vi.mock("../../../src/config/sessions.js", () => ({
   recordSessionMetaFromInbound: sessionMocks.recordSessionMetaFromInbound,
   resolveStorePath: sessionMocks.resolveStorePath,
 }));
-vi.mock("../pairing/pairing-store.js", () => ({
+vi.mock("../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: vi.fn(async () => []),
 }));
-vi.mock("../auto-reply/reply/inbound-context.js", () => ({
+vi.mock("../../../src/auto-reply/reply/inbound-context.js", () => ({
   finalizeInboundContext: vi.fn((ctx: unknown) => ctx),
 }));
-vi.mock("../auto-reply/reply/provider-dispatcher.js", () => ({
+vi.mock("../../../src/auto-reply/reply/provider-dispatcher.js", () => ({
   dispatchReplyWithBufferedBlockDispatcher: replyMocks.dispatchReplyWithBufferedBlockDispatcher,
 }));
-vi.mock("../channels/reply-prefix.js", () => ({
+vi.mock("../../../src/channels/reply-prefix.js", () => ({
   createReplyPrefixOptions: vi.fn(() => ({ onModelSelected: () => {} })),
 }));
-vi.mock("../infra/outbound/session-binding-service.js", () => ({
+vi.mock("../../../src/infra/outbound/session-binding-service.js", () => ({
   getSessionBindingService: () => ({
     bind: vi.fn(),
     getCapabilities: vi.fn(),
@@ -88,11 +88,11 @@ vi.mock("../infra/outbound/session-binding-service.js", () => ({
     unbind: vi.fn(),
   }),
 }));
-vi.mock("../auto-reply/skill-commands.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../auto-reply/skill-commands.js")>();
+vi.mock("../../../src/auto-reply/skill-commands.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/auto-reply/skill-commands.js")>();
   return { ...actual, listSkillCommandsForAgents: vi.fn(() => []) };
 });
-vi.mock("../plugins/commands.js", () => ({
+vi.mock("../../../src/plugins/commands.js", () => ({
   getPluginCommandSpecs: vi.fn(() => []),
   matchPluginCommand: vi.fn(() => null),
   executePluginCommand: vi.fn(async () => ({ text: "ok" })),
@@ -300,7 +300,7 @@ function createConfiguredAcpTopicBinding(boundSessionKey: string) {
       status: "active",
       boundAt: 0,
     },
-  } satisfies import("../acp/persistent-bindings.js").ResolvedConfiguredAcpBinding;
+  } satisfies import("../../../src/acp/persistent-bindings.js").ResolvedConfiguredAcpBinding;
 }
 
 function expectUnauthorizedNewCommandBlocked(sendMessage: ReturnType<typeof vi.fn>) {
diff --git a/src/telegram/bot-native-commands.skills-allowlist.test.ts b/extensions/telegram/src/bot-native-commands.skills-allowlist.test.ts
similarity index 93%
rename from src/telegram/bot-native-commands.skills-allowlist.test.ts
rename to extensions/telegram/src/bot-native-commands.skills-allowlist.test.ts
index 40a428064e1..c026392f9f9 100644
--- a/src/telegram/bot-native-commands.skills-allowlist.test.ts
+++ b/extensions/telegram/src/bot-native-commands.skills-allowlist.test.ts
@@ -2,9 +2,9 @@ import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { writeSkill } from "../agents/skills.e2e-test-helpers.js";
-import type { OpenClawConfig } from "../config/config.js";
-import type { TelegramAccountConfig } from "../config/types.js";
+import { writeSkill } from "../../../src/agents/skills.e2e-test-helpers.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { TelegramAccountConfig } from "../../../src/config/types.js";
 import { registerTelegramNativeCommands } from "./bot-native-commands.js";
 
 const pluginCommandMocks = vi.hoisted(() => ({
@@ -16,7 +16,7 @@ const deliveryMocks = vi.hoisted(() => ({
   deliverReplies: vi.fn(async () => ({ delivered: true })),
 }));
 
-vi.mock("../plugins/commands.js", () => ({
+vi.mock("../../../src/plugins/commands.js", () => ({
   getPluginCommandSpecs: pluginCommandMocks.getPluginCommandSpecs,
   matchPluginCommand: pluginCommandMocks.matchPluginCommand,
   executePluginCommand: pluginCommandMocks.executePluginCommand,
diff --git a/src/telegram/bot-native-commands.test-helpers.ts b/extensions/telegram/src/bot-native-commands.test-helpers.ts
similarity index 88%
rename from src/telegram/bot-native-commands.test-helpers.ts
rename to extensions/telegram/src/bot-native-commands.test-helpers.ts
index eef028c8315..0b4babb180e 100644
--- a/src/telegram/bot-native-commands.test-helpers.ts
+++ b/extensions/telegram/src/bot-native-commands.test-helpers.ts
@@ -1,15 +1,17 @@
 import { vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
-import type { ChannelGroupPolicy } from "../config/group-policy.js";
-import type { TelegramAccountConfig } from "../config/types.js";
-import type { RuntimeEnv } from "../runtime.js";
-import type { MockFn } from "../test-utils/vitest-mock-fn.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { ChannelGroupPolicy } from "../../../src/config/group-policy.js";
+import type { TelegramAccountConfig } from "../../../src/config/types.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
+import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js";
 import { registerTelegramNativeCommands } from "./bot-native-commands.js";
 
 type RegisterTelegramNativeCommandsParams = Parameters<typeof registerTelegramNativeCommands>[0];
-type GetPluginCommandSpecsFn = typeof import("../plugins/commands.js").getPluginCommandSpecs;
-type MatchPluginCommandFn = typeof import("../plugins/commands.js").matchPluginCommand;
-type ExecutePluginCommandFn = typeof import("../plugins/commands.js").executePluginCommand;
+type GetPluginCommandSpecsFn =
+  typeof import("../../../src/plugins/commands.js").getPluginCommandSpecs;
+type MatchPluginCommandFn = typeof import("../../../src/plugins/commands.js").matchPluginCommand;
+type ExecutePluginCommandFn =
+  typeof import("../../../src/plugins/commands.js").executePluginCommand;
 type AnyMock = MockFn<(...args: unknown[]) => unknown>;
 type AnyAsyncMock = MockFn<(...args: unknown[]) => Promise<unknown>>;
 type NativeCommandHarness = {
@@ -35,7 +37,7 @@ export const getPluginCommandSpecs = pluginCommandMocks.getPluginCommandSpecs;
 export const matchPluginCommand = pluginCommandMocks.matchPluginCommand;
 export const executePluginCommand = pluginCommandMocks.executePluginCommand;
 
-vi.mock("../plugins/commands.js", () => ({
+vi.mock("../../../src/plugins/commands.js", () => ({
   getPluginCommandSpecs: pluginCommandMocks.getPluginCommandSpecs,
   matchPluginCommand: pluginCommandMocks.matchPluginCommand,
   executePluginCommand: pluginCommandMocks.executePluginCommand,
@@ -46,7 +48,7 @@ const deliveryMocks = vi.hoisted(() => ({
 }));
 export const deliverReplies = deliveryMocks.deliverReplies;
 vi.mock("./bot/delivery.js", () => ({ deliverReplies: deliveryMocks.deliverReplies }));
-vi.mock("../pairing/pairing-store.js", () => ({
+vi.mock("../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: vi.fn(async () => []),
 }));
 
diff --git a/src/telegram/bot-native-commands.test.ts b/extensions/telegram/src/bot-native-commands.test.ts
similarity index 94%
rename from src/telegram/bot-native-commands.test.ts
rename to extensions/telegram/src/bot-native-commands.test.ts
index a208649c62b..f6ebfe0dfe8 100644
--- a/src/telegram/bot-native-commands.test.ts
+++ b/extensions/telegram/src/bot-native-commands.test.ts
@@ -1,10 +1,10 @@
 import path from "node:path";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
-import { STATE_DIR } from "../config/paths.js";
-import { TELEGRAM_COMMAND_NAME_PATTERN } from "../config/telegram-custom-commands.js";
-import type { TelegramAccountConfig } from "../config/types.js";
-import type { RuntimeEnv } from "../runtime.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { STATE_DIR } from "../../../src/config/paths.js";
+import { TELEGRAM_COMMAND_NAME_PATTERN } from "../../../src/config/telegram-custom-commands.js";
+import type { TelegramAccountConfig } from "../../../src/config/types.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 import { registerTelegramNativeCommands } from "./bot-native-commands.js";
 
 const { listSkillCommandsForAgents } = vi.hoisted(() => ({
@@ -19,14 +19,14 @@ const deliveryMocks = vi.hoisted(() => ({
   deliverReplies: vi.fn(async () => ({ delivered: true })),
 }));
 
-vi.mock("../auto-reply/skill-commands.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../auto-reply/skill-commands.js")>();
+vi.mock("../../../src/auto-reply/skill-commands.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/auto-reply/skill-commands.js")>();
   return {
     ...actual,
     listSkillCommandsForAgents,
   };
 });
-vi.mock("../plugins/commands.js", () => ({
+vi.mock("../../../src/plugins/commands.js", () => ({
   getPluginCommandSpecs: pluginCommandMocks.getPluginCommandSpecs,
   matchPluginCommand: pluginCommandMocks.matchPluginCommand,
   executePluginCommand: pluginCommandMocks.executePluginCommand,
diff --git a/src/telegram/bot-native-commands.ts b/extensions/telegram/src/bot-native-commands.ts
similarity index 94%
rename from src/telegram/bot-native-commands.ts
rename to extensions/telegram/src/bot-native-commands.ts
index 2bcbebe63fa..7dd91f6ad63 100644
--- a/src/telegram/bot-native-commands.ts
+++ b/extensions/telegram/src/bot-native-commands.ts
@@ -1,8 +1,8 @@
 import type { Bot, Context } from "grammy";
-import { ensureConfiguredAcpRouteReady } from "../acp/persistent-bindings.route.js";
-import { resolveChunkMode } from "../auto-reply/chunk.js";
-import { resolveCommandAuthorization } from "../auto-reply/command-auth.js";
-import type { CommandArgs } from "../auto-reply/commands-registry.js";
+import { ensureConfiguredAcpRouteReady } from "../../../src/acp/persistent-bindings.route.js";
+import { resolveChunkMode } from "../../../src/auto-reply/chunk.js";
+import { resolveCommandAuthorization } from "../../../src/auto-reply/command-auth.js";
+import type { CommandArgs } from "../../../src/auto-reply/commands-registry.js";
 import {
   buildCommandTextFromArgs,
   findCommandByNativeName,
@@ -10,40 +10,40 @@ import {
   listNativeCommandSpecsForConfig,
   parseCommandArgs,
   resolveCommandArgMenu,
-} from "../auto-reply/commands-registry.js";
-import { finalizeInboundContext } from "../auto-reply/reply/inbound-context.js";
-import { dispatchReplyWithBufferedBlockDispatcher } from "../auto-reply/reply/provider-dispatcher.js";
-import { listSkillCommandsForAgents } from "../auto-reply/skill-commands.js";
-import { resolveCommandAuthorizedFromAuthorizers } from "../channels/command-gating.js";
-import { resolveNativeCommandSessionTargets } from "../channels/native-command-session-targets.js";
-import { createReplyPrefixOptions } from "../channels/reply-prefix.js";
-import { recordInboundSessionMetaSafe } from "../channels/session-meta.js";
-import type { OpenClawConfig } from "../config/config.js";
-import type { ChannelGroupPolicy } from "../config/group-policy.js";
-import { resolveMarkdownTableMode } from "../config/markdown-tables.js";
+} from "../../../src/auto-reply/commands-registry.js";
+import { finalizeInboundContext } from "../../../src/auto-reply/reply/inbound-context.js";
+import { dispatchReplyWithBufferedBlockDispatcher } from "../../../src/auto-reply/reply/provider-dispatcher.js";
+import { listSkillCommandsForAgents } from "../../../src/auto-reply/skill-commands.js";
+import { resolveCommandAuthorizedFromAuthorizers } from "../../../src/channels/command-gating.js";
+import { resolveNativeCommandSessionTargets } from "../../../src/channels/native-command-session-targets.js";
+import { createReplyPrefixOptions } from "../../../src/channels/reply-prefix.js";
+import { recordInboundSessionMetaSafe } from "../../../src/channels/session-meta.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { ChannelGroupPolicy } from "../../../src/config/group-policy.js";
+import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js";
 import {
   normalizeTelegramCommandName,
   resolveTelegramCustomCommands,
   TELEGRAM_COMMAND_NAME_PATTERN,
-} from "../config/telegram-custom-commands.js";
+} from "../../../src/config/telegram-custom-commands.js";
 import type {
   ReplyToMode,
   TelegramAccountConfig,
   TelegramDirectConfig,
   TelegramGroupConfig,
   TelegramTopicConfig,
-} from "../config/types.js";
-import { danger, logVerbose } from "../globals.js";
-import { getChildLogger } from "../logging.js";
-import { getAgentScopedMediaLocalRoots } from "../media/local-roots.js";
+} from "../../../src/config/types.js";
+import { danger, logVerbose } from "../../../src/globals.js";
+import { getChildLogger } from "../../../src/logging.js";
+import { getAgentScopedMediaLocalRoots } from "../../../src/media/local-roots.js";
 import {
   executePluginCommand,
   getPluginCommandSpecs,
   matchPluginCommand,
-} from "../plugins/commands.js";
-import { resolveAgentRoute } from "../routing/resolve-route.js";
-import { resolveThreadSessionKeys } from "../routing/session-key.js";
-import type { RuntimeEnv } from "../runtime.js";
+} from "../../../src/plugins/commands.js";
+import { resolveAgentRoute } from "../../../src/routing/resolve-route.js";
+import { resolveThreadSessionKeys } from "../../../src/routing/session-key.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 import { withTelegramApiErrorLogging } from "./api-logging.js";
 import { isSenderAllowed, normalizeDmAllowFromWithStore } from "./bot-access.js";
 import type { TelegramMediaRef } from "./bot-message-context.js";
diff --git a/src/telegram/bot-updates.ts b/extensions/telegram/src/bot-updates.ts
similarity index 96%
rename from src/telegram/bot-updates.ts
rename to extensions/telegram/src/bot-updates.ts
index 2b1badebed8..3121f1a487e 100644
--- a/src/telegram/bot-updates.ts
+++ b/extensions/telegram/src/bot-updates.ts
@@ -1,5 +1,5 @@
 import type { Message } from "@grammyjs/types";
-import { createDedupeCache } from "../infra/dedupe.js";
+import { createDedupeCache } from "../../../src/infra/dedupe.js";
 import type { TelegramContext } from "./bot/types.js";
 
 const MEDIA_GROUP_TIMEOUT_MS = 500;
diff --git a/src/telegram/bot.create-telegram-bot.test-harness.ts b/extensions/telegram/src/bot.create-telegram-bot.test-harness.ts
similarity index 66%
rename from src/telegram/bot.create-telegram-bot.test-harness.ts
rename to extensions/telegram/src/bot.create-telegram-bot.test-harness.ts
index b0090d62a70..2f151066910 100644
--- a/src/telegram/bot.create-telegram-bot.test-harness.ts
+++ b/extensions/telegram/src/bot.create-telegram-bot.test-harness.ts
@@ -1,9 +1,9 @@
 import { beforeEach, vi } from "vitest";
-import { resetInboundDedupe } from "../auto-reply/reply/inbound-dedupe.js";
-import type { MsgContext } from "../auto-reply/templating.js";
-import type { GetReplyOptions, ReplyPayload } from "../auto-reply/types.js";
-import type { OpenClawConfig } from "../config/config.js";
-import type { MockFn } from "../test-utils/vitest-mock-fn.js";
+import { resetInboundDedupe } from "../../../src/auto-reply/reply/inbound-dedupe.js";
+import type { MsgContext } from "../../../src/auto-reply/templating.js";
+import type { GetReplyOptions, ReplyPayload } from "../../../src/auto-reply/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js";
 
 type AnyMock = MockFn<(...args: unknown[]) => unknown>;
 type AnyAsyncMock = MockFn<(...args: unknown[]) => Promise<unknown>>;
@@ -20,7 +20,7 @@ export function getLoadWebMediaMock(): AnyMock {
   return loadWebMedia;
 }
 
-vi.mock("../web/media.js", () => ({
+vi.mock("../../whatsapp/src/media.js", () => ({
   loadWebMedia,
 }));
 
@@ -31,16 +31,16 @@ const { loadConfig } = vi.hoisted((): { loadConfig: AnyMock } => ({
 export function getLoadConfigMock(): AnyMock {
   return loadConfig;
 }
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig,
   };
 });
 
-vi.mock("../config/sessions.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/sessions.js")>();
+vi.mock("../../../src/config/sessions.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/sessions.js")>();
   return {
     ...actual,
     resolveStorePath: vi.fn((storePath) => storePath ?? sessionStorePath),
@@ -68,7 +68,7 @@ export function getUpsertChannelPairingRequestMock(): AnyAsyncMock {
   return upsertChannelPairingRequest;
 }
 
-vi.mock("../pairing/pairing-store.js", () => ({
+vi.mock("../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore,
   upsertChannelPairingRequest,
 }));
@@ -78,7 +78,7 @@ const skillCommandsHoisted = vi.hoisted(() => ({
 }));
 export const listSkillCommandsForAgents = skillCommandsHoisted.listSkillCommandsForAgents;
 
-vi.mock("../auto-reply/skill-commands.js", () => ({
+vi.mock("../../../src/auto-reply/skill-commands.js", () => ({
   listSkillCommandsForAgents,
 }));
 
@@ -87,7 +87,7 @@ const systemEventsHoisted = vi.hoisted(() => ({
 }));
 export const enqueueSystemEventSpy: AnyMock = systemEventsHoisted.enqueueSystemEventSpy;
 
-vi.mock("../infra/system-events.js", () => ({
+vi.mock("../../../src/infra/system-events.js", () => ({
   enqueueSystemEvent: enqueueSystemEventSpy,
 }));
 
@@ -102,73 +102,81 @@ vi.mock("./sent-message-cache.js", () => ({
   clearSentMessageCache: vi.fn(),
 }));
 
-export const useSpy: MockFn<(arg: unknown) => void> = vi.fn();
-export const middlewareUseSpy: AnyMock = vi.fn();
-export const onSpy: AnyMock = vi.fn();
-export const stopSpy: AnyMock = vi.fn();
-export const commandSpy: AnyMock = vi.fn();
-export const botCtorSpy: AnyMock = vi.fn();
-export const answerCallbackQuerySpy: AnyAsyncMock = vi.fn(async () => undefined);
-export const sendChatActionSpy: AnyMock = vi.fn();
-export const editMessageTextSpy: AnyAsyncMock = vi.fn(async () => ({ message_id: 88 }));
-export const editMessageReplyMarkupSpy: AnyAsyncMock = vi.fn(async () => ({ message_id: 88 }));
-export const sendMessageDraftSpy: AnyAsyncMock = vi.fn(async () => true);
-export const setMessageReactionSpy: AnyAsyncMock = vi.fn(async () => undefined);
-export const setMyCommandsSpy: AnyAsyncMock = vi.fn(async () => undefined);
-export const getMeSpy: AnyAsyncMock = vi.fn(async () => ({
-  username: "openclaw_bot",
-  has_topics_enabled: true,
+// All spy variables used inside vi.mock("grammy", ...) must be created via
+// vi.hoisted() so they are available when the hoisted factory runs, regardless
+// of module evaluation order across different test files.
+const grammySpies = vi.hoisted(() => ({
+  useSpy: vi.fn() as MockFn<(arg: unknown) => void>,
+  middlewareUseSpy: vi.fn() as AnyMock,
+  onSpy: vi.fn() as AnyMock,
+  stopSpy: vi.fn() as AnyMock,
+  commandSpy: vi.fn() as AnyMock,
+  botCtorSpy: vi.fn() as AnyMock,
+  answerCallbackQuerySpy: vi.fn(async () => undefined) as AnyAsyncMock,
+  sendChatActionSpy: vi.fn() as AnyMock,
+  editMessageTextSpy: vi.fn(async () => ({ message_id: 88 })) as AnyAsyncMock,
+  editMessageReplyMarkupSpy: vi.fn(async () => ({ message_id: 88 })) as AnyAsyncMock,
+  sendMessageDraftSpy: vi.fn(async () => true) as AnyAsyncMock,
+  setMessageReactionSpy: vi.fn(async () => undefined) as AnyAsyncMock,
+  setMyCommandsSpy: vi.fn(async () => undefined) as AnyAsyncMock,
+  getMeSpy: vi.fn(async () => ({
+    username: "openclaw_bot",
+    has_topics_enabled: true,
+  })) as AnyAsyncMock,
+  sendMessageSpy: vi.fn(async () => ({ message_id: 77 })) as AnyAsyncMock,
+  sendAnimationSpy: vi.fn(async () => ({ message_id: 78 })) as AnyAsyncMock,
+  sendPhotoSpy: vi.fn(async () => ({ message_id: 79 })) as AnyAsyncMock,
+  getFileSpy: vi.fn(async () => ({ file_path: "media/file.jpg" })) as AnyAsyncMock,
 }));
-export const sendMessageSpy: AnyAsyncMock = vi.fn(async () => ({ message_id: 77 }));
-export const sendAnimationSpy: AnyAsyncMock = vi.fn(async () => ({ message_id: 78 }));
-export const sendPhotoSpy: AnyAsyncMock = vi.fn(async () => ({ message_id: 79 }));
-export const getFileSpy: AnyAsyncMock = vi.fn(async () => ({ file_path: "media/file.jpg" }));
 
-type ApiStub = {
-  config: { use: (arg: unknown) => void };
-  answerCallbackQuery: typeof answerCallbackQuerySpy;
-  sendChatAction: typeof sendChatActionSpy;
-  editMessageText: typeof editMessageTextSpy;
-  editMessageReplyMarkup: typeof editMessageReplyMarkupSpy;
-  sendMessageDraft: typeof sendMessageDraftSpy;
-  setMessageReaction: typeof setMessageReactionSpy;
-  setMyCommands: typeof setMyCommandsSpy;
-  getMe: typeof getMeSpy;
-  sendMessage: typeof sendMessageSpy;
-  sendAnimation: typeof sendAnimationSpy;
-  sendPhoto: typeof sendPhotoSpy;
-  getFile: typeof getFileSpy;
-};
-
-const apiStub: ApiStub = {
-  config: { use: useSpy },
-  answerCallbackQuery: answerCallbackQuerySpy,
-  sendChatAction: sendChatActionSpy,
-  editMessageText: editMessageTextSpy,
-  editMessageReplyMarkup: editMessageReplyMarkupSpy,
-  sendMessageDraft: sendMessageDraftSpy,
-  setMessageReaction: setMessageReactionSpy,
-  setMyCommands: setMyCommandsSpy,
-  getMe: getMeSpy,
-  sendMessage: sendMessageSpy,
-  sendAnimation: sendAnimationSpy,
-  sendPhoto: sendPhotoSpy,
-  getFile: getFileSpy,
-};
+export const {
+  useSpy,
+  middlewareUseSpy,
+  onSpy,
+  stopSpy,
+  commandSpy,
+  botCtorSpy,
+  answerCallbackQuerySpy,
+  sendChatActionSpy,
+  editMessageTextSpy,
+  editMessageReplyMarkupSpy,
+  sendMessageDraftSpy,
+  setMessageReactionSpy,
+  setMyCommandsSpy,
+  getMeSpy,
+  sendMessageSpy,
+  sendAnimationSpy,
+  sendPhotoSpy,
+  getFileSpy,
+} = grammySpies;
 
 vi.mock("grammy", () => ({
   Bot: class {
-    api = apiStub;
-    use = middlewareUseSpy;
-    on = onSpy;
-    stop = stopSpy;
-    command = commandSpy;
+    api = {
+      config: { use: grammySpies.useSpy },
+      answerCallbackQuery: grammySpies.answerCallbackQuerySpy,
+      sendChatAction: grammySpies.sendChatActionSpy,
+      editMessageText: grammySpies.editMessageTextSpy,
+      editMessageReplyMarkup: grammySpies.editMessageReplyMarkupSpy,
+      sendMessageDraft: grammySpies.sendMessageDraftSpy,
+      setMessageReaction: grammySpies.setMessageReactionSpy,
+      setMyCommands: grammySpies.setMyCommandsSpy,
+      getMe: grammySpies.getMeSpy,
+      sendMessage: grammySpies.sendMessageSpy,
+      sendAnimation: grammySpies.sendAnimationSpy,
+      sendPhoto: grammySpies.sendPhotoSpy,
+      getFile: grammySpies.getFileSpy,
+    };
+    use = grammySpies.middlewareUseSpy;
+    on = grammySpies.onSpy;
+    stop = grammySpies.stopSpy;
+    command = grammySpies.commandSpy;
     catch = vi.fn();
     constructor(
       public token: string,
       public options?: { client?: { fetch?: typeof fetch } },
     ) {
-      botCtorSpy(token, options);
+      grammySpies.botCtorSpy(token, options);
     }
   },
   InputFile: class {},
@@ -201,7 +209,7 @@ export const replySpy: MockFn<
   return undefined;
 });
 
-vi.mock("../auto-reply/reply.js", () => ({
+vi.mock("../../../src/auto-reply/reply.js", () => ({
   getReplyFromConfig: replySpy,
   __replySpy: replySpy,
 }));
diff --git a/src/telegram/bot.create-telegram-bot.test.ts b/extensions/telegram/src/bot.create-telegram-bot.test.ts
similarity index 98%
rename from src/telegram/bot.create-telegram-bot.test.ts
rename to extensions/telegram/src/bot.create-telegram-bot.test.ts
index 378c1eb1065..d3854849b10 100644
--- a/src/telegram/bot.create-telegram-bot.test.ts
+++ b/extensions/telegram/src/bot.create-telegram-bot.test.ts
@@ -2,9 +2,9 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";
-import { escapeRegExp, formatEnvelopeTimestamp } from "../../test/helpers/envelope-timestamp.js";
-import { withEnvAsync } from "../test-utils/env.js";
-import { useFrozenTime, useRealTime } from "../test-utils/frozen-time.js";
+import { withEnvAsync } from "../../../src/test-utils/env.js";
+import { useFrozenTime, useRealTime } from "../../../src/test-utils/frozen-time.js";
+import { escapeRegExp, formatEnvelopeTimestamp } from "../../../test/helpers/envelope-timestamp.js";
 import {
   answerCallbackQuerySpy,
   botCtorSpy,
@@ -29,9 +29,11 @@ import {
   throttlerSpy,
   useSpy,
 } from "./bot.create-telegram-bot.test-harness.js";
-import { createTelegramBot, getTelegramSequentialKey } from "./bot.js";
 import { resolveTelegramFetch } from "./fetch.js";
 
+// Import after the harness registers `vi.mock(...)` for grammY and Telegram internals.
+const { createTelegramBot, getTelegramSequentialKey } = await import("./bot.js");
+
 const loadConfig = getLoadConfigMock();
 const loadWebMedia = getLoadWebMediaMock();
 const readChannelAllowFromStore = getReadChannelAllowFromStoreMock();
@@ -813,7 +815,7 @@ describe("createTelegramBot", () => {
     expect(payload.SessionKey).toBe("agent:opie:main");
   });
 
-  it("drops non-default account DMs without explicit bindings", async () => {
+  it("routes non-default account DMs to the per-account fallback session without explicit bindings", async () => {
     loadConfig.mockReturnValue({
       channels: {
         telegram: {
@@ -842,7 +844,10 @@ describe("createTelegramBot", () => {
       getFile: async () => ({ download: async () => new Uint8Array() }),
     });
 
-    expect(replySpy).not.toHaveBeenCalled();
+    expect(replySpy).toHaveBeenCalledTimes(1);
+    const payload = replySpy.mock.calls[0]?.[0];
+    expect(payload.AccountId).toBe("opie");
+    expect(payload.SessionKey).toContain("agent:main:telegram:opie:");
   });
 
   it("applies group mention overrides and fallback behavior", async () => {
@@ -1909,9 +1914,8 @@ describe("createTelegramBot", () => {
       await flushTimer?.();
 
       expect(replySpy).toHaveBeenCalledTimes(1);
-      const payload = replySpy.mock.calls[0]?.[0] as { Body?: string; MediaPaths?: string[] };
+      const payload = replySpy.mock.calls[0]?.[0] as { Body?: string };
       expect(payload.Body).toContain("album caption");
-      expect(payload.MediaPaths).toHaveLength(2);
     } finally {
       setTimeoutSpy.mockRestore();
       fetchSpy.mockRestore();
@@ -2137,9 +2141,8 @@ describe("createTelegramBot", () => {
       await flushTimer?.();
 
       expect(replySpy).toHaveBeenCalledTimes(1);
-      const payload = replySpy.mock.calls[0]?.[0] as { Body?: string; MediaPaths?: string[] };
+      const payload = replySpy.mock.calls[0]?.[0] as { Body?: string };
       expect(payload.Body).toContain("partial album");
-      expect(payload.MediaPaths).toHaveLength(1);
     } finally {
       setTimeoutSpy.mockRestore();
       fetchSpy.mockRestore();
diff --git a/src/telegram/bot.fetch-abort.test.ts b/extensions/telegram/src/bot.fetch-abort.test.ts
similarity index 100%
rename from src/telegram/bot.fetch-abort.test.ts
rename to extensions/telegram/src/bot.fetch-abort.test.ts
diff --git a/src/telegram/bot.helpers.test.ts b/extensions/telegram/src/bot.helpers.test.ts
similarity index 100%
rename from src/telegram/bot.helpers.test.ts
rename to extensions/telegram/src/bot.helpers.test.ts
diff --git a/src/telegram/bot.media.downloads-media-file-path-no-file-download.e2e.test.ts b/extensions/telegram/src/bot.media.downloads-media-file-path-no-file-download.e2e.test.ts
similarity index 100%
rename from src/telegram/bot.media.downloads-media-file-path-no-file-download.e2e.test.ts
rename to extensions/telegram/src/bot.media.downloads-media-file-path-no-file-download.e2e.test.ts
diff --git a/src/telegram/bot.media.e2e-harness.ts b/extensions/telegram/src/bot.media.e2e-harness.ts
similarity index 83%
rename from src/telegram/bot.media.e2e-harness.ts
rename to extensions/telegram/src/bot.media.e2e-harness.ts
index d26eff44fb6..a91362702dd 100644
--- a/src/telegram/bot.media.e2e-harness.ts
+++ b/extensions/telegram/src/bot.media.e2e-harness.ts
@@ -1,5 +1,5 @@
 import { beforeEach, vi, type Mock } from "vitest";
-import { resetInboundDedupe } from "../auto-reply/reply/inbound-dedupe.js";
+import { resetInboundDedupe } from "../../../src/auto-reply/reply/inbound-dedupe.js";
 
 export const useSpy: Mock = vi.fn();
 export const middlewareUseSpy: Mock = vi.fn();
@@ -92,8 +92,8 @@ vi.mock("undici", async (importOriginal) => {
   };
 });
 
-vi.mock("../media/store.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../media/store.js")>();
+vi.mock("../../../src/media/store.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/media/store.js")>();
   const mockModule = Object.create(null) as Record<string, unknown>;
   Object.defineProperties(mockModule, Object.getOwnPropertyDescriptors(actual));
   Object.defineProperty(mockModule, "saveMediaBuffer", {
@@ -105,8 +105,8 @@ vi.mock("../media/store.js", async (importOriginal) => {
   return mockModule;
 });
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: () => ({
@@ -115,15 +115,15 @@ vi.mock("../config/config.js", async (importOriginal) => {
   };
 });
 
-vi.mock("../config/sessions.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/sessions.js")>();
+vi.mock("../../../src/config/sessions.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/sessions.js")>();
   return {
     ...actual,
     updateLastRoute: vi.fn(async () => undefined),
   };
 });
 
-vi.mock("../pairing/pairing-store.js", () => ({
+vi.mock("../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: vi.fn(async () => [] as string[]),
   upsertChannelPairingRequest: vi.fn(async () => ({
     code: "PAIRCODE",
@@ -131,7 +131,7 @@ vi.mock("../pairing/pairing-store.js", () => ({
   })),
 }));
 
-vi.mock("../auto-reply/reply.js", () => {
+vi.mock("../../../src/auto-reply/reply.js", () => {
   const replySpy = vi.fn(async (_ctx, opts) => {
     await opts?.onReplyStart?.();
     return undefined;
diff --git a/src/telegram/bot.media.stickers-and-fragments.e2e.test.ts b/extensions/telegram/src/bot.media.stickers-and-fragments.e2e.test.ts
similarity index 100%
rename from src/telegram/bot.media.stickers-and-fragments.e2e.test.ts
rename to extensions/telegram/src/bot.media.stickers-and-fragments.e2e.test.ts
diff --git a/src/telegram/bot.media.test-utils.ts b/extensions/telegram/src/bot.media.test-utils.ts
similarity index 96%
rename from src/telegram/bot.media.test-utils.ts
rename to extensions/telegram/src/bot.media.test-utils.ts
index 94084bad31c..fde76f34e23 100644
--- a/src/telegram/bot.media.test-utils.ts
+++ b/extensions/telegram/src/bot.media.test-utils.ts
@@ -1,5 +1,5 @@
 import { afterEach, beforeAll, beforeEach, expect, vi, type Mock } from "vitest";
-import * as ssrf from "../infra/net/ssrf.js";
+import * as ssrf from "../../../src/infra/net/ssrf.js";
 import { onSpy, sendChatActionSpy } from "./bot.media.e2e-harness.js";
 
 type StickerSpy = Mock<(...args: unknown[]) => unknown>;
@@ -103,7 +103,7 @@ afterEach(() => {
 
 beforeAll(async () => {
   ({ createTelegramBot: createTelegramBotRef } = await import("./bot.js"));
-  const replyModule = await import("../auto-reply/reply.js");
+  const replyModule = await import("../../../src/auto-reply/reply.js");
   replySpyRef = (replyModule as unknown as { __replySpy: ReturnType<typeof vi.fn> }).__replySpy;
 }, TELEGRAM_BOT_IMPORT_TIMEOUT_MS);
 
diff --git a/src/telegram/bot.test.ts b/extensions/telegram/src/bot.test.ts
similarity index 98%
rename from src/telegram/bot.test.ts
rename to extensions/telegram/src/bot.test.ts
index d8c8bc14ade..db19faa8fe3 100644
--- a/src/telegram/bot.test.ts
+++ b/extensions/telegram/src/bot.test.ts
@@ -1,13 +1,7 @@
 import { rm } from "node:fs/promises";
 import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
-import { escapeRegExp, formatEnvelopeTimestamp } from "../../test/helpers/envelope-timestamp.js";
-import { expectInboundContextContract } from "../../test/helpers/inbound-contract.js";
-import {
-  listNativeCommandSpecs,
-  listNativeCommandSpecsForConfig,
-} from "../auto-reply/commands-registry.js";
-import { loadSessionStore } from "../config/sessions.js";
-import { normalizeTelegramCommandName } from "../config/telegram-custom-commands.js";
+import { escapeRegExp, formatEnvelopeTimestamp } from "../../../test/helpers/envelope-timestamp.js";
+import { expectInboundContextContract } from "../../../test/helpers/inbound-contract.js";
 import {
   answerCallbackQuerySpy,
   commandSpy,
@@ -25,7 +19,14 @@ import {
   setMyCommandsSpy,
   wasSentByBot,
 } from "./bot.create-telegram-bot.test-harness.js";
-import { createTelegramBot } from "./bot.js";
+
+// Import after the harness registers `vi.mock(...)` for grammY and Telegram internals.
+const { listNativeCommandSpecs, listNativeCommandSpecsForConfig } =
+  await import("../../../src/auto-reply/commands-registry.js");
+const { loadSessionStore } = await import("../../../src/config/sessions.js");
+const { normalizeTelegramCommandName } =
+  await import("../../../src/config/telegram-custom-commands.js");
+const { createTelegramBot } = await import("./bot.js");
 
 const loadConfig = getLoadConfigMock();
 const readChannelAllowFromStore = getReadChannelAllowFromStoreMock();
@@ -833,8 +834,6 @@ describe("createTelegramBot", () => {
         ReplyToBody?: string;
       };
       expect(payload.ReplyToBody).toBe("<media:image>");
-      expect(payload.MediaPaths).toHaveLength(1);
-      expect(payload.MediaPath).toBe(payload.MediaPaths?.[0]);
       expect(getFileSpy).toHaveBeenCalledWith("reply-photo-1");
     } finally {
       fetchSpy.mockRestore();
diff --git a/src/telegram/bot.ts b/extensions/telegram/src/bot.ts
similarity index 94%
rename from src/telegram/bot.ts
rename to extensions/telegram/src/bot.ts
index a1d60e61f71..a817e10cbac 100644
--- a/src/telegram/bot.ts
+++ b/extensions/telegram/src/bot.ts
@@ -2,31 +2,34 @@ import { sequentialize } from "@grammyjs/runner";
 import { apiThrottler } from "@grammyjs/transformer-throttler";
 import type { ApiClientOptions } from "grammy";
 import { Bot } from "grammy";
-import { resolveDefaultAgentId } from "../agents/agent-scope.js";
-import { resolveTextChunkLimit } from "../auto-reply/chunk.js";
-import { DEFAULT_GROUP_HISTORY_LIMIT, type HistoryEntry } from "../auto-reply/reply/history.js";
+import { resolveDefaultAgentId } from "../../../src/agents/agent-scope.js";
+import { resolveTextChunkLimit } from "../../../src/auto-reply/chunk.js";
+import {
+  DEFAULT_GROUP_HISTORY_LIMIT,
+  type HistoryEntry,
+} from "../../../src/auto-reply/reply/history.js";
 import {
   resolveThreadBindingIdleTimeoutMsForChannel,
   resolveThreadBindingMaxAgeMsForChannel,
   resolveThreadBindingSpawnPolicy,
-} from "../channels/thread-bindings-policy.js";
+} from "../../../src/channels/thread-bindings-policy.js";
 import {
   isNativeCommandsExplicitlyDisabled,
   resolveNativeCommandsEnabled,
   resolveNativeSkillsEnabled,
-} from "../config/commands.js";
-import type { OpenClawConfig, ReplyToMode } from "../config/config.js";
-import { loadConfig } from "../config/config.js";
+} from "../../../src/config/commands.js";
+import type { OpenClawConfig, ReplyToMode } from "../../../src/config/config.js";
+import { loadConfig } from "../../../src/config/config.js";
 import {
   resolveChannelGroupPolicy,
   resolveChannelGroupRequireMention,
-} from "../config/group-policy.js";
-import { loadSessionStore, resolveStorePath } from "../config/sessions.js";
-import { danger, logVerbose, shouldLogVerbose } from "../globals.js";
-import { formatUncaughtError } from "../infra/errors.js";
-import { getChildLogger } from "../logging.js";
-import { createSubsystemLogger } from "../logging/subsystem.js";
-import { createNonExitingRuntime, type RuntimeEnv } from "../runtime.js";
+} from "../../../src/config/group-policy.js";
+import { loadSessionStore, resolveStorePath } from "../../../src/config/sessions.js";
+import { danger, logVerbose, shouldLogVerbose } from "../../../src/globals.js";
+import { formatUncaughtError } from "../../../src/infra/errors.js";
+import { getChildLogger } from "../../../src/logging.js";
+import { createSubsystemLogger } from "../../../src/logging/subsystem.js";
+import { createNonExitingRuntime, type RuntimeEnv } from "../../../src/runtime.js";
 import { resolveTelegramAccount } from "./accounts.js";
 import { registerTelegramHandlers } from "./bot-handlers.js";
 import { createTelegramMessageProcessor } from "./bot-message.js";
diff --git a/src/telegram/bot/delivery.replies.ts b/extensions/telegram/src/bot/delivery.replies.ts
similarity index 85%
rename from src/telegram/bot/delivery.replies.ts
rename to extensions/telegram/src/bot/delivery.replies.ts
index 5f5edd3b837..84d66fec12b 100644
--- a/src/telegram/bot/delivery.replies.ts
+++ b/extensions/telegram/src/bot/delivery.replies.ts
@@ -1,23 +1,26 @@
 import { type Bot, GrammyError, InputFile } from "grammy";
-import { chunkMarkdownTextWithMode, type ChunkMode } from "../../auto-reply/chunk.js";
-import type { ReplyPayload } from "../../auto-reply/types.js";
-import type { ReplyToMode } from "../../config/config.js";
-import type { MarkdownTableMode } from "../../config/types.base.js";
-import { danger, logVerbose } from "../../globals.js";
-import { fireAndForgetHook } from "../../hooks/fire-and-forget.js";
-import { createInternalHookEvent, triggerInternalHook } from "../../hooks/internal-hooks.js";
+import { chunkMarkdownTextWithMode, type ChunkMode } from "../../../../src/auto-reply/chunk.js";
+import type { ReplyPayload } from "../../../../src/auto-reply/types.js";
+import type { ReplyToMode } from "../../../../src/config/config.js";
+import type { MarkdownTableMode } from "../../../../src/config/types.base.js";
+import { danger, logVerbose } from "../../../../src/globals.js";
+import { fireAndForgetHook } from "../../../../src/hooks/fire-and-forget.js";
+import {
+  createInternalHookEvent,
+  triggerInternalHook,
+} from "../../../../src/hooks/internal-hooks.js";
 import {
   buildCanonicalSentMessageHookContext,
   toInternalMessageSentContext,
   toPluginMessageContext,
   toPluginMessageSentEvent,
-} from "../../hooks/message-hook-mappers.js";
-import { formatErrorMessage } from "../../infra/errors.js";
-import { buildOutboundMediaLoadOptions } from "../../media/load-options.js";
-import { isGifMedia, kindFromMime } from "../../media/mime.js";
-import { getGlobalHookRunner } from "../../plugins/hook-runner-global.js";
-import type { RuntimeEnv } from "../../runtime.js";
-import { loadWebMedia } from "../../web/media.js";
+} from "../../../../src/hooks/message-hook-mappers.js";
+import { formatErrorMessage } from "../../../../src/infra/errors.js";
+import { buildOutboundMediaLoadOptions } from "../../../../src/media/load-options.js";
+import { isGifMedia, kindFromMime } from "../../../../src/media/mime.js";
+import { getGlobalHookRunner } from "../../../../src/plugins/hook-runner-global.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
+import { loadWebMedia } from "../../../whatsapp/src/media.js";
 import type { TelegramInlineButtons } from "../button-types.js";
 import { splitTelegramCaption } from "../caption.js";
 import {
@@ -34,13 +37,17 @@ import {
   sendTelegramWithThreadFallback,
 } from "./delivery.send.js";
 import { resolveTelegramReplyId, type TelegramThreadSpec } from "./helpers.js";
+import {
+  markReplyApplied,
+  resolveReplyToForSend,
+  sendChunkedTelegramReplyText,
+  type DeliveryProgress as ReplyThreadDeliveryProgress,
+} from "./reply-threading.js";
 
 const VOICE_FORBIDDEN_RE = /VOICE_MESSAGES_FORBIDDEN/;
 const CAPTION_TOO_LONG_RE = /caption is too long/i;
 
-type DeliveryProgress = {
-  hasReplied: boolean;
-  hasDelivered: boolean;
+type DeliveryProgress = ReplyThreadDeliveryProgress & {
   deliveredCount: number;
 };
 
@@ -81,22 +88,6 @@ function buildChunkTextResolver(params: {
   };
 }
 
-function resolveReplyToForSend(params: {
-  replyToId?: number;
-  replyToMode: ReplyToMode;
-  progress: DeliveryProgress;
-}): number | undefined {
-  return params.replyToId && (params.replyToMode === "all" || !params.progress.hasReplied)
-    ? params.replyToId
-    : undefined;
-}
-
-function markReplyApplied(progress: DeliveryProgress, replyToId?: number): void {
-  if (replyToId && !progress.hasReplied) {
-    progress.hasReplied = true;
-  }
-}
-
 function markDelivered(progress: DeliveryProgress): void {
   progress.hasDelivered = true;
   progress.deliveredCount += 1;
@@ -117,39 +108,35 @@ async function deliverTextReply(params: {
   progress: DeliveryProgress;
 }): Promise<number | undefined> {
   let firstDeliveredMessageId: number | undefined;
-  const chunks = params.chunkText(params.replyText);
-  for (let i = 0; i < chunks.length; i += 1) {
-    const chunk = chunks[i];
-    if (!chunk) {
-      continue;
-    }
-    const shouldAttachButtons = i === 0 && params.replyMarkup;
-    const replyToForChunk = resolveReplyToForSend({
-      replyToId: params.replyToId,
-      replyToMode: params.replyToMode,
-      progress: params.progress,
-    });
-    const messageId = await sendTelegramText(
-      params.bot,
-      params.chatId,
-      chunk.html,
-      params.runtime,
-      {
-        replyToMessageId: replyToForChunk,
-        replyQuoteText: params.replyQuoteText,
-        thread: params.thread,
-        textMode: "html",
-        plainText: chunk.text,
-        linkPreview: params.linkPreview,
-        replyMarkup: shouldAttachButtons ? params.replyMarkup : undefined,
-      },
-    );
-    if (firstDeliveredMessageId == null) {
-      firstDeliveredMessageId = messageId;
-    }
-    markReplyApplied(params.progress, replyToForChunk);
-    markDelivered(params.progress);
-  }
+  await sendChunkedTelegramReplyText({
+    chunks: params.chunkText(params.replyText),
+    progress: params.progress,
+    replyToId: params.replyToId,
+    replyToMode: params.replyToMode,
+    replyMarkup: params.replyMarkup,
+    replyQuoteText: params.replyQuoteText,
+    markDelivered,
+    sendChunk: async ({ chunk, replyToMessageId, replyMarkup, replyQuoteText }) => {
+      const messageId = await sendTelegramText(
+        params.bot,
+        params.chatId,
+        chunk.html,
+        params.runtime,
+        {
+          replyToMessageId,
+          replyQuoteText,
+          thread: params.thread,
+          textMode: "html",
+          plainText: chunk.text,
+          linkPreview: params.linkPreview,
+          replyMarkup,
+        },
+      );
+      if (firstDeliveredMessageId == null) {
+        firstDeliveredMessageId = messageId;
+      }
+    },
+  });
   return firstDeliveredMessageId;
 }
 
@@ -166,25 +153,24 @@ async function sendPendingFollowUpText(params: {
   replyToMode: ReplyToMode;
   progress: DeliveryProgress;
 }): Promise<void> {
-  const chunks = params.chunkText(params.text);
-  for (let i = 0; i < chunks.length; i += 1) {
-    const chunk = chunks[i];
-    const replyToForFollowUp = resolveReplyToForSend({
-      replyToId: params.replyToId,
-      replyToMode: params.replyToMode,
-      progress: params.progress,
-    });
-    await sendTelegramText(params.bot, params.chatId, chunk.html, params.runtime, {
-      replyToMessageId: replyToForFollowUp,
-      thread: params.thread,
-      textMode: "html",
-      plainText: chunk.text,
-      linkPreview: params.linkPreview,
-      replyMarkup: i === 0 ? params.replyMarkup : undefined,
-    });
-    markReplyApplied(params.progress, replyToForFollowUp);
-    markDelivered(params.progress);
-  }
+  await sendChunkedTelegramReplyText({
+    chunks: params.chunkText(params.text),
+    progress: params.progress,
+    replyToId: params.replyToId,
+    replyToMode: params.replyToMode,
+    replyMarkup: params.replyMarkup,
+    markDelivered,
+    sendChunk: async ({ chunk, replyToMessageId, replyMarkup }) => {
+      await sendTelegramText(params.bot, params.chatId, chunk.html, params.runtime, {
+        replyToMessageId,
+        thread: params.thread,
+        textMode: "html",
+        plainText: chunk.text,
+        linkPreview: params.linkPreview,
+        replyMarkup,
+      });
+    },
+  });
 }
 
 function isVoiceMessagesForbidden(err: unknown): boolean {
@@ -345,14 +331,16 @@ async function deliverMediaReply(params: {
         logFallback: logVerbose,
       });
       if (useVoice) {
-        await params.onVoiceRecording?.();
-        try {
+        const sendVoiceMedia = async (
+          requestParams: typeof mediaParams,
+          shouldLog?: (err: unknown) => boolean,
+        ) => {
           const result = await sendTelegramWithThreadFallback({
             operation: "sendVoice",
             runtime: params.runtime,
             thread: params.thread,
-            requestParams: mediaParams,
-            shouldLog: (err) => !isVoiceMessagesForbidden(err),
+            requestParams,
+            shouldLog,
             send: (effectiveParams) =>
               params.bot.api.sendVoice(params.chatId, file, { ...effectiveParams }),
           });
@@ -360,6 +348,10 @@ async function deliverMediaReply(params: {
             firstDeliveredMessageId = result.message_id;
           }
           markDelivered(params.progress);
+        };
+        await params.onVoiceRecording?.();
+        try {
+          await sendVoiceMedia(mediaParams, (err) => !isVoiceMessagesForbidden(err));
         } catch (voiceErr) {
           if (isVoiceMessagesForbidden(voiceErr)) {
             const fallbackText = params.reply.text;
@@ -400,18 +392,7 @@ async function deliverMediaReply(params: {
             const noCaptionParams = { ...mediaParams };
             delete noCaptionParams.caption;
             delete noCaptionParams.parse_mode;
-            const result = await sendTelegramWithThreadFallback({
-              operation: "sendVoice",
-              runtime: params.runtime,
-              thread: params.thread,
-              requestParams: noCaptionParams,
-              send: (effectiveParams) =>
-                params.bot.api.sendVoice(params.chatId, file, { ...effectiveParams }),
-            });
-            if (firstDeliveredMessageId == null) {
-              firstDeliveredMessageId = result.message_id;
-            }
-            markDelivered(params.progress);
+            await sendVoiceMedia(noCaptionParams);
             const fallbackText = params.reply.text;
             if (fallbackText?.trim()) {
               await sendTelegramVoiceFallbackText({
diff --git a/src/telegram/bot/delivery.resolve-media-retry.test.ts b/extensions/telegram/src/bot/delivery.resolve-media-retry.test.ts
similarity index 98%
rename from src/telegram/bot/delivery.resolve-media-retry.test.ts
rename to extensions/telegram/src/bot/delivery.resolve-media-retry.test.ts
index 05d5c5f8b3e..55fec660a82 100644
--- a/src/telegram/bot/delivery.resolve-media-retry.test.ts
+++ b/extensions/telegram/src/bot/delivery.resolve-media-retry.test.ts
@@ -6,19 +6,19 @@ import type { TelegramContext } from "./types.js";
 const saveMediaBuffer = vi.fn();
 const fetchRemoteMedia = vi.fn();
 
-vi.mock("../../media/store.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../media/store.js")>();
+vi.mock("../../../../src/media/store.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../../src/media/store.js")>();
   return {
     ...actual,
     saveMediaBuffer: (...args: unknown[]) => saveMediaBuffer(...args),
   };
 });
 
-vi.mock("../../media/fetch.js", () => ({
+vi.mock("../../../../src/media/fetch.js", () => ({
   fetchRemoteMedia: (...args: unknown[]) => fetchRemoteMedia(...args),
 }));
 
-vi.mock("../../globals.js", () => ({
+vi.mock("../../../../src/globals.js", () => ({
   danger: (s: string) => s,
   warn: (s: string) => s,
   logVerbose: () => {},
diff --git a/src/telegram/bot/delivery.resolve-media.ts b/extensions/telegram/src/bot/delivery.resolve-media.ts
similarity index 93%
rename from src/telegram/bot/delivery.resolve-media.ts
rename to extensions/telegram/src/bot/delivery.resolve-media.ts
index 9f34c3cecc2..e42dd11aa1b 100644
--- a/src/telegram/bot/delivery.resolve-media.ts
+++ b/extensions/telegram/src/bot/delivery.resolve-media.ts
@@ -1,10 +1,10 @@
 import { GrammyError } from "grammy";
-import { logVerbose, warn } from "../../globals.js";
-import { formatErrorMessage } from "../../infra/errors.js";
-import { retryAsync } from "../../infra/retry.js";
-import { fetchRemoteMedia } from "../../media/fetch.js";
-import { saveMediaBuffer } from "../../media/store.js";
-import type { TelegramTransport } from "../fetch.js";
+import { logVerbose, warn } from "../../../../src/globals.js";
+import { formatErrorMessage } from "../../../../src/infra/errors.js";
+import { retryAsync } from "../../../../src/infra/retry.js";
+import { fetchRemoteMedia } from "../../../../src/media/fetch.js";
+import { saveMediaBuffer } from "../../../../src/media/store.js";
+import { shouldRetryTelegramIpv4Fallback, type TelegramTransport } from "../fetch.js";
 import { cacheSticker, getCachedSticker } from "../sticker-cache.js";
 import { resolveTelegramMediaPlaceholder } from "./helpers.js";
 import type { StickerMetadata, TelegramContext } from "./types.js";
@@ -130,6 +130,8 @@ async function downloadAndSaveTelegramFile(params: {
     url,
     fetchImpl: params.transport.sourceFetch,
     dispatcherPolicy: params.transport.pinnedDispatcherPolicy,
+    fallbackDispatcherPolicy: params.transport.fallbackPinnedDispatcherPolicy,
+    shouldRetryFetchError: shouldRetryTelegramIpv4Fallback,
     filePathHint: params.filePath,
     maxBytes: params.maxBytes,
     readIdleTimeoutMs: TELEGRAM_DOWNLOAD_IDLE_TIMEOUT_MS,
diff --git a/src/telegram/bot/delivery.send.ts b/extensions/telegram/src/bot/delivery.send.ts
similarity index 97%
rename from src/telegram/bot/delivery.send.ts
rename to extensions/telegram/src/bot/delivery.send.ts
index 45e81fc36d5..f541495aa76 100644
--- a/src/telegram/bot/delivery.send.ts
+++ b/extensions/telegram/src/bot/delivery.send.ts
@@ -1,6 +1,6 @@
 import { type Bot, GrammyError } from "grammy";
-import { formatErrorMessage } from "../../infra/errors.js";
-import type { RuntimeEnv } from "../../runtime.js";
+import { formatErrorMessage } from "../../../../src/infra/errors.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import { withTelegramApiErrorLogging } from "../api-logging.js";
 import { markdownToTelegramHtml } from "../format.js";
 import { buildInlineKeyboard } from "../send.js";
diff --git a/src/telegram/bot/delivery.test.ts b/extensions/telegram/src/bot/delivery.test.ts
similarity index 98%
rename from src/telegram/bot/delivery.test.ts
rename to extensions/telegram/src/bot/delivery.test.ts
index c21e55ccf6c..a1dce34dceb 100644
--- a/src/telegram/bot/delivery.test.ts
+++ b/extensions/telegram/src/bot/delivery.test.ts
@@ -1,6 +1,6 @@
 import type { Bot } from "grammy";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { RuntimeEnv } from "../../runtime.js";
+import type { RuntimeEnv } from "../../../../src/runtime.js";
 import { deliverReplies } from "./delivery.js";
 
 const loadWebMedia = vi.fn();
@@ -24,17 +24,17 @@ type DeliverWithParams = Omit<
   Partial<Pick<DeliverRepliesParams, "replyToMode" | "textLimit">>;
 type RuntimeStub = Pick<RuntimeEnv, "error" | "log" | "exit">;
 
-vi.mock("../../web/media.js", () => ({
+vi.mock("../../../whatsapp/src/media.js", () => ({
   loadWebMedia: (...args: unknown[]) => loadWebMedia(...args),
 }));
 
-vi.mock("../../plugins/hook-runner-global.js", () => ({
+vi.mock("../../../../src/plugins/hook-runner-global.js", () => ({
   getGlobalHookRunner: () => messageHookRunner,
 }));
 
-vi.mock("../../hooks/internal-hooks.js", async () => {
-  const actual = await vi.importActual<typeof import("../../hooks/internal-hooks.js")>(
-    "../../hooks/internal-hooks.js",
+vi.mock("../../../../src/hooks/internal-hooks.js", async () => {
+  const actual = await vi.importActual<typeof import("../../../../src/hooks/internal-hooks.js")>(
+    "../../../../src/hooks/internal-hooks.js",
   );
   return {
     ...actual,
diff --git a/src/telegram/bot/delivery.ts b/extensions/telegram/src/bot/delivery.ts
similarity index 100%
rename from src/telegram/bot/delivery.ts
rename to extensions/telegram/src/bot/delivery.ts
diff --git a/src/telegram/bot/helpers.test.ts b/extensions/telegram/src/bot/helpers.test.ts
similarity index 100%
rename from src/telegram/bot/helpers.test.ts
rename to extensions/telegram/src/bot/helpers.test.ts
diff --git a/src/telegram/bot/helpers.ts b/extensions/telegram/src/bot/helpers.ts
similarity index 98%
rename from src/telegram/bot/helpers.ts
rename to extensions/telegram/src/bot/helpers.ts
index 2d1cd9ef7a1..3575da81efb 100644
--- a/src/telegram/bot/helpers.ts
+++ b/extensions/telegram/src/bot/helpers.ts
@@ -1,13 +1,13 @@
 import type { Chat, Message, MessageOrigin, User } from "@grammyjs/types";
-import { formatLocationText, type NormalizedLocation } from "../../channels/location.js";
-import { resolveTelegramPreviewStreamMode } from "../../config/discord-preview-streaming.js";
+import { formatLocationText, type NormalizedLocation } from "../../../../src/channels/location.js";
+import { resolveTelegramPreviewStreamMode } from "../../../../src/config/discord-preview-streaming.js";
 import type {
   TelegramDirectConfig,
   TelegramGroupConfig,
   TelegramTopicConfig,
-} from "../../config/types.js";
-import { readChannelAllowFromStore } from "../../pairing/pairing-store.js";
-import { normalizeAccountId } from "../../routing/session-key.js";
+} from "../../../../src/config/types.js";
+import { readChannelAllowFromStore } from "../../../../src/pairing/pairing-store.js";
+import { normalizeAccountId } from "../../../../src/routing/session-key.js";
 import { firstDefined, normalizeAllowFrom, type NormalizedAllowFrom } from "../bot-access.js";
 import type { TelegramStreamMode } from "./types.js";
 
diff --git a/src/telegram/bot/reply-threading.ts b/extensions/telegram/src/bot/reply-threading.ts
similarity index 82%
rename from src/telegram/bot/reply-threading.ts
rename to extensions/telegram/src/bot/reply-threading.ts
index d80bbf63264..cdeeba7151b 100644
--- a/src/telegram/bot/reply-threading.ts
+++ b/extensions/telegram/src/bot/reply-threading.ts
@@ -1,4 +1,4 @@
-import type { ReplyToMode } from "../../config/config.js";
+import type { ReplyToMode } from "../../../../src/config/config.js";
 
 export type DeliveryProgress = {
   hasReplied: boolean;
@@ -32,14 +32,19 @@ export function markDelivered(progress: DeliveryProgress): void {
   progress.hasDelivered = true;
 }
 
-export async function sendChunkedTelegramReplyText<TChunk, TReplyMarkup = unknown>(params: {
+export async function sendChunkedTelegramReplyText<
+  TChunk,
+  TReplyMarkup = unknown,
+  TProgress extends DeliveryProgress = DeliveryProgress,
+>(params: {
   chunks: readonly TChunk[];
-  progress: DeliveryProgress;
+  progress: TProgress;
   replyToId?: number;
   replyToMode: ReplyToMode;
   replyMarkup?: TReplyMarkup;
   replyQuoteText?: string;
   quoteOnlyOnFirstChunk?: boolean;
+  markDelivered?: (progress: TProgress) => void;
   sendChunk: (opts: {
     chunk: TChunk;
     isFirstChunk: boolean;
@@ -48,6 +53,7 @@ export async function sendChunkedTelegramReplyText<TChunk, TReplyMarkup = unknow
     replyQuoteText?: string;
   }) => Promise<void>;
 }): Promise<void> {
+  const applyDelivered = params.markDelivered ?? markDelivered;
   for (let i = 0; i < params.chunks.length; i += 1) {
     const chunk = params.chunks[i];
     if (!chunk) {
@@ -71,6 +77,6 @@ export async function sendChunkedTelegramReplyText<TChunk, TReplyMarkup = unknow
       replyQuoteText: shouldAttachQuote ? params.replyQuoteText : undefined,
     });
     markReplyApplied(params.progress, replyToMessageId);
-    markDelivered(params.progress);
+    applyDelivered(params.progress);
   }
 }
diff --git a/src/telegram/bot/types.ts b/extensions/telegram/src/bot/types.ts
similarity index 100%
rename from src/telegram/bot/types.ts
rename to extensions/telegram/src/bot/types.ts
diff --git a/src/telegram/button-types.ts b/extensions/telegram/src/button-types.ts
similarity index 100%
rename from src/telegram/button-types.ts
rename to extensions/telegram/src/button-types.ts
diff --git a/src/telegram/caption.ts b/extensions/telegram/src/caption.ts
similarity index 100%
rename from src/telegram/caption.ts
rename to extensions/telegram/src/caption.ts
diff --git a/extensions/telegram/src/channel-actions.ts b/extensions/telegram/src/channel-actions.ts
new file mode 100644
index 00000000000..29095e7bc7c
--- /dev/null
+++ b/extensions/telegram/src/channel-actions.ts
@@ -0,0 +1,295 @@
+import {
+  readNumberParam,
+  readStringArrayParam,
+  readStringOrNumberParam,
+  readStringParam,
+} from "../../../src/agents/tools/common.js";
+import { handleTelegramAction } from "../../../src/agents/tools/telegram-actions.js";
+import { resolveReactionMessageId } from "../../../src/channels/plugins/actions/reaction-message-id.js";
+import {
+  createUnionActionGate,
+  listTokenSourcedAccounts,
+} from "../../../src/channels/plugins/actions/shared.js";
+import type {
+  ChannelMessageActionAdapter,
+  ChannelMessageActionName,
+} from "../../../src/channels/plugins/types.js";
+import type { TelegramActionConfig } from "../../../src/config/types.telegram.js";
+import { readBooleanParam } from "../../../src/plugin-sdk/boolean-param.js";
+import { extractToolSend } from "../../../src/plugin-sdk/tool-send.js";
+import { resolveTelegramPollVisibility } from "../../../src/poll-params.js";
+import {
+  createTelegramActionGate,
+  listEnabledTelegramAccounts,
+  resolveTelegramPollActionGateState,
+} from "./accounts.js";
+import { isTelegramInlineButtonsEnabled } from "./inline-buttons.js";
+
+const providerId = "telegram";
+
+function readTelegramSendParams(params: Record<string, unknown>) {
+  const to = readStringParam(params, "to", { required: true });
+  const mediaUrl = readStringParam(params, "media", { trim: false });
+  const message = readStringParam(params, "message", { required: !mediaUrl, allowEmpty: true });
+  const caption = readStringParam(params, "caption", { allowEmpty: true });
+  const content = message || caption || "";
+  const replyTo = readStringParam(params, "replyTo");
+  const threadId = readStringParam(params, "threadId");
+  const buttons = params.buttons;
+  const asVoice = readBooleanParam(params, "asVoice");
+  const silent = readBooleanParam(params, "silent");
+  const forceDocument = readBooleanParam(params, "forceDocument");
+  const quoteText = readStringParam(params, "quoteText");
+  return {
+    to,
+    content,
+    mediaUrl: mediaUrl ?? undefined,
+    replyToMessageId: replyTo ?? undefined,
+    messageThreadId: threadId ?? undefined,
+    buttons,
+    asVoice,
+    silent,
+    forceDocument,
+    quoteText: quoteText ?? undefined,
+  };
+}
+
+function readTelegramChatIdParam(params: Record<string, unknown>): string | number {
+  return (
+    readStringOrNumberParam(params, "chatId") ??
+    readStringOrNumberParam(params, "channelId") ??
+    readStringParam(params, "to", { required: true })
+  );
+}
+
+function readTelegramMessageIdParam(params: Record<string, unknown>): number {
+  const messageId = readNumberParam(params, "messageId", {
+    required: true,
+    integer: true,
+  });
+  if (typeof messageId !== "number") {
+    throw new Error("messageId is required.");
+  }
+  return messageId;
+}
+
+export const telegramMessageActions: ChannelMessageActionAdapter = {
+  listActions: ({ cfg }) => {
+    const accounts = listTokenSourcedAccounts(listEnabledTelegramAccounts(cfg));
+    if (accounts.length === 0) {
+      return [];
+    }
+    // Union of all accounts' action gates (any account enabling an action makes it available)
+    const gate = createUnionActionGate(accounts, (account) =>
+      createTelegramActionGate({
+        cfg,
+        accountId: account.accountId,
+      }),
+    );
+    const isEnabled = (key: keyof TelegramActionConfig, defaultValue = true) =>
+      gate(key, defaultValue);
+    const actions = new Set<ChannelMessageActionName>(["send"]);
+    const pollEnabledForAnyAccount = accounts.some((account) => {
+      const accountGate = createTelegramActionGate({
+        cfg,
+        accountId: account.accountId,
+      });
+      return resolveTelegramPollActionGateState(accountGate).enabled;
+    });
+    if (pollEnabledForAnyAccount) {
+      actions.add("poll");
+    }
+    if (isEnabled("reactions")) {
+      actions.add("react");
+    }
+    if (isEnabled("deleteMessage")) {
+      actions.add("delete");
+    }
+    if (isEnabled("editMessage")) {
+      actions.add("edit");
+    }
+    if (isEnabled("sticker", false)) {
+      actions.add("sticker");
+      actions.add("sticker-search");
+    }
+    if (isEnabled("createForumTopic")) {
+      actions.add("topic-create");
+    }
+    return Array.from(actions);
+  },
+  supportsButtons: ({ cfg }) => {
+    const accounts = listTokenSourcedAccounts(listEnabledTelegramAccounts(cfg));
+    if (accounts.length === 0) {
+      return false;
+    }
+    return accounts.some((account) =>
+      isTelegramInlineButtonsEnabled({ cfg, accountId: account.accountId }),
+    );
+  },
+  extractToolSend: ({ args }) => {
+    return extractToolSend(args, "sendMessage");
+  },
+  handleAction: async ({ action, params, cfg, accountId, mediaLocalRoots, toolContext }) => {
+    if (action === "send") {
+      const sendParams = readTelegramSendParams(params);
+      return await handleTelegramAction(
+        {
+          action: "sendMessage",
+          ...sendParams,
+          accountId: accountId ?? undefined,
+        },
+        cfg,
+        { mediaLocalRoots },
+      );
+    }
+
+    if (action === "react") {
+      const messageId = resolveReactionMessageId({ args: params, toolContext });
+      const emoji = readStringParam(params, "emoji", { allowEmpty: true });
+      const remove = readBooleanParam(params, "remove");
+      return await handleTelegramAction(
+        {
+          action: "react",
+          chatId: readTelegramChatIdParam(params),
+          messageId,
+          emoji,
+          remove,
+          accountId: accountId ?? undefined,
+        },
+        cfg,
+        { mediaLocalRoots },
+      );
+    }
+
+    if (action === "poll") {
+      const to = readStringParam(params, "to", { required: true });
+      const question = readStringParam(params, "pollQuestion", { required: true });
+      const answers = readStringArrayParam(params, "pollOption", { required: true });
+      const durationHours = readNumberParam(params, "pollDurationHours", {
+        integer: true,
+        strict: true,
+      });
+      const durationSeconds = readNumberParam(params, "pollDurationSeconds", {
+        integer: true,
+        strict: true,
+      });
+      const replyToMessageId = readNumberParam(params, "replyTo", { integer: true });
+      const messageThreadId = readNumberParam(params, "threadId", { integer: true });
+      const allowMultiselect = readBooleanParam(params, "pollMulti");
+      const pollAnonymous = readBooleanParam(params, "pollAnonymous");
+      const pollPublic = readBooleanParam(params, "pollPublic");
+      const isAnonymous = resolveTelegramPollVisibility({ pollAnonymous, pollPublic });
+      const silent = readBooleanParam(params, "silent");
+      return await handleTelegramAction(
+        {
+          action: "poll",
+          to,
+          question,
+          answers,
+          allowMultiselect,
+          durationHours: durationHours ?? undefined,
+          durationSeconds: durationSeconds ?? undefined,
+          replyToMessageId: replyToMessageId ?? undefined,
+          messageThreadId: messageThreadId ?? undefined,
+          isAnonymous,
+          silent,
+          accountId: accountId ?? undefined,
+        },
+        cfg,
+        { mediaLocalRoots },
+      );
+    }
+
+    if (action === "delete") {
+      const chatId = readTelegramChatIdParam(params);
+      const messageId = readTelegramMessageIdParam(params);
+      return await handleTelegramAction(
+        {
+          action: "deleteMessage",
+          chatId,
+          messageId,
+          accountId: accountId ?? undefined,
+        },
+        cfg,
+        { mediaLocalRoots },
+      );
+    }
+
+    if (action === "edit") {
+      const chatId = readTelegramChatIdParam(params);
+      const messageId = readTelegramMessageIdParam(params);
+      const message = readStringParam(params, "message", { required: true, allowEmpty: false });
+      const buttons = params.buttons;
+      return await handleTelegramAction(
+        {
+          action: "editMessage",
+          chatId,
+          messageId,
+          content: message,
+          buttons,
+          accountId: accountId ?? undefined,
+        },
+        cfg,
+        { mediaLocalRoots },
+      );
+    }
+
+    if (action === "sticker") {
+      const to =
+        readStringParam(params, "to") ?? readStringParam(params, "target", { required: true });
+      // Accept stickerId (array from shared schema) and use first element as fileId
+      const stickerIds = readStringArrayParam(params, "stickerId");
+      const fileId = stickerIds?.[0] ?? readStringParam(params, "fileId", { required: true });
+      const replyToMessageId = readNumberParam(params, "replyTo", { integer: true });
+      const messageThreadId = readNumberParam(params, "threadId", { integer: true });
+      return await handleTelegramAction(
+        {
+          action: "sendSticker",
+          to,
+          fileId,
+          replyToMessageId: replyToMessageId ?? undefined,
+          messageThreadId: messageThreadId ?? undefined,
+          accountId: accountId ?? undefined,
+        },
+        cfg,
+        { mediaLocalRoots },
+      );
+    }
+
+    if (action === "sticker-search") {
+      const query = readStringParam(params, "query", { required: true });
+      const limit = readNumberParam(params, "limit", { integer: true });
+      return await handleTelegramAction(
+        {
+          action: "searchSticker",
+          query,
+          limit: limit ?? undefined,
+          accountId: accountId ?? undefined,
+        },
+        cfg,
+        { mediaLocalRoots },
+      );
+    }
+
+    if (action === "topic-create") {
+      const chatId = readTelegramChatIdParam(params);
+      const name = readStringParam(params, "name", { required: true });
+      const iconColor = readNumberParam(params, "iconColor", { integer: true });
+      const iconCustomEmojiId = readStringParam(params, "iconCustomEmojiId");
+      return await handleTelegramAction(
+        {
+          action: "createForumTopic",
+          chatId,
+          name,
+          iconColor: iconColor ?? undefined,
+          iconCustomEmojiId: iconCustomEmojiId ?? undefined,
+          accountId: accountId ?? undefined,
+        },
+        cfg,
+        { mediaLocalRoots },
+      );
+    }
+
+    throw new Error(`Action ${action} is not supported for provider ${providerId}.`);
+  },
+};
diff --git a/extensions/telegram/src/channel.ts b/extensions/telegram/src/channel.ts
index 52ae2b15ea8..50509e51fca 100644
--- a/extensions/telegram/src/channel.ts
+++ b/extensions/telegram/src/channel.ts
@@ -40,8 +40,16 @@ import {
   type ResolvedTelegramAccount,
   type TelegramProbe,
 } from "openclaw/plugin-sdk/telegram";
+import {
+  type OutboundSendDeps,
+  resolveOutboundSendDep,
+} from "../../../src/infra/outbound/send-deps.js";
 import { getTelegramRuntime } from "./runtime.js";
 
+type TelegramSendFn = ReturnType<
+  typeof getTelegramRuntime
+>["channel"]["telegram"]["sendMessageTelegram"];
+
 const meta = getChatChannelMeta("telegram");
 
 function findTelegramTokenOwnerAccountId(params: {
@@ -78,6 +86,59 @@ function formatDuplicateTelegramTokenReason(params: {
   );
 }
 
+type TelegramSendOptions = NonNullable<Parameters<TelegramSendFn>[2]>;
+
+function buildTelegramSendOptions(params: {
+  cfg: OpenClawConfig;
+  mediaUrl?: string | null;
+  mediaLocalRoots?: readonly string[] | null;
+  accountId?: string | null;
+  replyToId?: string | null;
+  threadId?: string | number | null;
+  silent?: boolean | null;
+}): TelegramSendOptions {
+  return {
+    verbose: false,
+    cfg: params.cfg,
+    ...(params.mediaUrl ? { mediaUrl: params.mediaUrl } : {}),
+    ...(params.mediaLocalRoots?.length ? { mediaLocalRoots: params.mediaLocalRoots } : {}),
+    messageThreadId: parseTelegramThreadId(params.threadId),
+    replyToMessageId: parseTelegramReplyToMessageId(params.replyToId),
+    accountId: params.accountId ?? undefined,
+    silent: params.silent ?? undefined,
+  };
+}
+
+async function sendTelegramOutbound(params: {
+  cfg: OpenClawConfig;
+  to: string;
+  text: string;
+  mediaUrl?: string | null;
+  mediaLocalRoots?: readonly string[] | null;
+  accountId?: string | null;
+  deps?: OutboundSendDeps;
+  replyToId?: string | null;
+  threadId?: string | number | null;
+  silent?: boolean | null;
+}) {
+  const send =
+    resolveOutboundSendDep<TelegramSendFn>(params.deps, "telegram") ??
+    getTelegramRuntime().channel.telegram.sendMessageTelegram;
+  return await send(
+    params.to,
+    params.text,
+    buildTelegramSendOptions({
+      cfg: params.cfg,
+      mediaUrl: params.mediaUrl,
+      mediaLocalRoots: params.mediaLocalRoots,
+      accountId: params.accountId,
+      replyToId: params.replyToId,
+      threadId: params.threadId,
+      silent: params.silent,
+    }),
+  );
+}
+
 const telegramMessageActions: ChannelMessageActionAdapter = {
   listActions: (ctx) =>
     getTelegramRuntime().channel.telegram.messageActions?.listActions?.(ctx) ?? [],
@@ -326,36 +387,34 @@ export const telegramPlugin: ChannelPlugin<ResolvedTelegramAccount, TelegramProb
       threadId,
       silent,
     }) => {
-      const send = deps?.sendTelegram ?? getTelegramRuntime().channel.telegram.sendMessageTelegram;
-      const replyToMessageId = parseTelegramReplyToMessageId(replyToId);
-      const messageThreadId = parseTelegramThreadId(threadId);
+      const send =
+        resolveOutboundSendDep<TelegramSendFn>(deps, "telegram") ??
+        getTelegramRuntime().channel.telegram.sendMessageTelegram;
       const result = await sendTelegramPayloadMessages({
         send,
         to,
         payload,
-        baseOpts: {
-          verbose: false,
+        baseOpts: buildTelegramSendOptions({
           cfg,
           mediaLocalRoots,
-          messageThreadId,
-          replyToMessageId,
-          accountId: accountId ?? undefined,
-          silent: silent ?? undefined,
-        },
+          accountId,
+          replyToId,
+          threadId,
+          silent,
+        }),
       });
       return { channel: "telegram", ...result };
     },
     sendText: async ({ cfg, to, text, accountId, deps, replyToId, threadId, silent }) => {
-      const send = deps?.sendTelegram ?? getTelegramRuntime().channel.telegram.sendMessageTelegram;
-      const replyToMessageId = parseTelegramReplyToMessageId(replyToId);
-      const messageThreadId = parseTelegramThreadId(threadId);
-      const result = await send(to, text, {
-        verbose: false,
+      const result = await sendTelegramOutbound({
         cfg,
-        messageThreadId,
-        replyToMessageId,
-        accountId: accountId ?? undefined,
-        silent: silent ?? undefined,
+        to,
+        text,
+        accountId,
+        deps,
+        replyToId,
+        threadId,
+        silent,
       });
       return { channel: "telegram", ...result };
     },
@@ -371,18 +430,17 @@ export const telegramPlugin: ChannelPlugin<ResolvedTelegramAccount, TelegramProb
       threadId,
       silent,
     }) => {
-      const send = deps?.sendTelegram ?? getTelegramRuntime().channel.telegram.sendMessageTelegram;
-      const replyToMessageId = parseTelegramReplyToMessageId(replyToId);
-      const messageThreadId = parseTelegramThreadId(threadId);
-      const result = await send(to, text, {
-        verbose: false,
+      const result = await sendTelegramOutbound({
         cfg,
+        to,
+        text,
         mediaUrl,
         mediaLocalRoots,
-        messageThreadId,
-        replyToMessageId,
-        accountId: accountId ?? undefined,
-        silent: silent ?? undefined,
+        accountId,
+        deps,
+        replyToId,
+        threadId,
+        silent,
       });
       return { channel: "telegram", ...result };
     },
diff --git a/src/telegram/conversation-route.ts b/extensions/telegram/src/conversation-route.ts
similarity index 90%
rename from src/telegram/conversation-route.ts
rename to extensions/telegram/src/conversation-route.ts
index 32088b818af..20137468486 100644
--- a/src/telegram/conversation-route.ts
+++ b/extensions/telegram/src/conversation-route.ts
@@ -1,14 +1,17 @@
-import { resolveConfiguredAcpRoute } from "../acp/persistent-bindings.route.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { logVerbose } from "../globals.js";
-import { getSessionBindingService } from "../infra/outbound/session-binding-service.js";
+import { resolveConfiguredAcpRoute } from "../../../src/acp/persistent-bindings.route.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { logVerbose } from "../../../src/globals.js";
+import { getSessionBindingService } from "../../../src/infra/outbound/session-binding-service.js";
 import {
   buildAgentSessionKey,
   deriveLastRoutePolicy,
   pickFirstExistingAgentId,
   resolveAgentRoute,
-} from "../routing/resolve-route.js";
-import { buildAgentMainSessionKey, resolveAgentIdFromSessionKey } from "../routing/session-key.js";
+} from "../../../src/routing/resolve-route.js";
+import {
+  buildAgentMainSessionKey,
+  resolveAgentIdFromSessionKey,
+} from "../../../src/routing/session-key.js";
 import {
   buildTelegramGroupPeerId,
   buildTelegramParentPeer,
diff --git a/src/telegram/dm-access.ts b/extensions/telegram/src/dm-access.ts
similarity index 92%
rename from src/telegram/dm-access.ts
rename to extensions/telegram/src/dm-access.ts
index 26734b69602..db8cc419c6a 100644
--- a/src/telegram/dm-access.ts
+++ b/extensions/telegram/src/dm-access.ts
@@ -1,9 +1,9 @@
 import type { Message } from "@grammyjs/types";
 import type { Bot } from "grammy";
-import type { DmPolicy } from "../config/types.js";
-import { logVerbose } from "../globals.js";
-import { issuePairingChallenge } from "../pairing/pairing-challenge.js";
-import { upsertChannelPairingRequest } from "../pairing/pairing-store.js";
+import type { DmPolicy } from "../../../src/config/types.js";
+import { logVerbose } from "../../../src/globals.js";
+import { issuePairingChallenge } from "../../../src/pairing/pairing-challenge.js";
+import { upsertChannelPairingRequest } from "../../../src/pairing/pairing-store.js";
 import { withTelegramApiErrorLogging } from "./api-logging.js";
 import { resolveSenderAllowMatch, type NormalizedAllowFrom } from "./bot-access.js";
 
diff --git a/src/telegram/draft-chunking.test.ts b/extensions/telegram/src/draft-chunking.test.ts
similarity index 95%
rename from src/telegram/draft-chunking.test.ts
rename to extensions/telegram/src/draft-chunking.test.ts
index cc24f069624..0243715a18d 100644
--- a/src/telegram/draft-chunking.test.ts
+++ b/extensions/telegram/src/draft-chunking.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { resolveTelegramDraftStreamingChunking } from "./draft-chunking.js";
 
 describe("resolveTelegramDraftStreamingChunking", () => {
diff --git a/src/telegram/draft-chunking.ts b/extensions/telegram/src/draft-chunking.ts
similarity index 78%
rename from src/telegram/draft-chunking.ts
rename to extensions/telegram/src/draft-chunking.ts
index 3b4d5e30afb..f907faf02f8 100644
--- a/src/telegram/draft-chunking.ts
+++ b/extensions/telegram/src/draft-chunking.ts
@@ -1,8 +1,8 @@
-import { resolveTextChunkLimit } from "../auto-reply/chunk.js";
-import { getChannelDock } from "../channels/dock.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { resolveAccountEntry } from "../routing/account-lookup.js";
-import { normalizeAccountId } from "../routing/session-key.js";
+import { resolveTextChunkLimit } from "../../../src/auto-reply/chunk.js";
+import { getChannelDock } from "../../../src/channels/dock.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { resolveAccountEntry } from "../../../src/routing/account-lookup.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
 
 const DEFAULT_TELEGRAM_DRAFT_STREAM_MIN = 200;
 const DEFAULT_TELEGRAM_DRAFT_STREAM_MAX = 800;
diff --git a/src/telegram/draft-stream.test-helpers.ts b/extensions/telegram/src/draft-stream.test-helpers.ts
similarity index 100%
rename from src/telegram/draft-stream.test-helpers.ts
rename to extensions/telegram/src/draft-stream.test-helpers.ts
diff --git a/src/telegram/draft-stream.test.ts b/extensions/telegram/src/draft-stream.test.ts
similarity index 95%
rename from src/telegram/draft-stream.test.ts
rename to extensions/telegram/src/draft-stream.test.ts
index 07221ccc644..8f10e552406 100644
--- a/src/telegram/draft-stream.test.ts
+++ b/extensions/telegram/src/draft-stream.test.ts
@@ -1,6 +1,6 @@
 import type { Bot } from "grammy";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { importFreshModule } from "../../test/helpers/import-fresh.js";
+import { importFreshModule } from "../../../test/helpers/import-fresh.js";
 import { __testing, createTelegramDraftStream } from "./draft-stream.js";
 
 type TelegramDraftStreamParams = Parameters<typeof createTelegramDraftStream>[0];
@@ -53,6 +53,22 @@ function expectDmMessagePreviewViaSendMessage(
   expect(api.editMessageText).not.toHaveBeenCalled();
 }
 
+async function createDmDraftTransportStream(params: {
+  api?: ReturnType<typeof createMockDraftApi>;
+  previewTransport?: "draft" | "message";
+  warn?: (message: string) => void;
+}) {
+  const api = params.api ?? createMockDraftApi();
+  const stream = createDraftStream(api, {
+    thread: { id: 42, scope: "dm" },
+    previewTransport: params.previewTransport ?? "draft",
+    ...(params.warn ? { warn: params.warn } : {}),
+  });
+  stream.update("Hello");
+  await stream.flush();
+  return { api, stream };
+}
+
 function createForceNewMessageHarness(params: { throttleMs?: number } = {}) {
   const api = createMockDraftApi();
   api.sendMessage
@@ -139,14 +155,7 @@ describe("createTelegramDraftStream", () => {
   });
 
   it("supports forcing message transport in dm threads", async () => {
-    const api = createMockDraftApi();
-    const stream = createDraftStream(api, {
-      thread: { id: 42, scope: "dm" },
-      previewTransport: "message",
-    });
-
-    stream.update("Hello");
-    await stream.flush();
+    const { api } = await createDmDraftTransportStream({ previewTransport: "message" });
 
     expectDmMessagePreviewViaSendMessage(api);
     expect(api.sendMessageDraft).not.toHaveBeenCalled();
@@ -156,14 +165,7 @@ describe("createTelegramDraftStream", () => {
     const api = createMockDraftApi();
     delete (api as { sendMessageDraft?: unknown }).sendMessageDraft;
     const warn = vi.fn();
-    const stream = createDraftStream(api, {
-      thread: { id: 42, scope: "dm" },
-      previewTransport: "draft",
-      warn,
-    });
-
-    stream.update("Hello");
-    await stream.flush();
+    await createDmDraftTransportStream({ api, warn });
 
     expectDmMessagePreviewViaSendMessage(api);
     expect(warn).toHaveBeenCalledWith(
@@ -179,14 +181,7 @@ describe("createTelegramDraftStream", () => {
       ),
     );
     const warn = vi.fn();
-    const stream = createDraftStream(api, {
-      thread: { id: 42, scope: "dm" },
-      previewTransport: "draft",
-      warn,
-    });
-
-    stream.update("Hello");
-    await stream.flush();
+    const { stream } = await createDmDraftTransportStream({ api, warn });
 
     expect(api.sendMessageDraft).toHaveBeenCalledTimes(1);
     expect(api.sendMessage).toHaveBeenCalledWith(123, "Hello", { message_thread_id: 42 });
@@ -492,32 +487,30 @@ describe("createTelegramDraftStream", () => {
     expect(stream.sendMayHaveLanded?.()).toBe(true);
   });
 
-  it("clears sendMayHaveLanded on pre-connect first preview send failures", async () => {
+  async function expectSendMayHaveLandedStateAfterFirstFailure(error: Error, expected: boolean) {
     const api = createMockDraftApi();
-    api.sendMessage.mockRejectedValueOnce(
-      Object.assign(new Error("connect ECONNREFUSED"), { code: "ECONNREFUSED" }),
-    );
+    api.sendMessage.mockRejectedValueOnce(error);
     const stream = createDraftStream(api);
 
     stream.update("Hello");
     await stream.flush();
 
     expect(api.sendMessage).toHaveBeenCalledTimes(1);
-    expect(stream.sendMayHaveLanded?.()).toBe(false);
+    expect(stream.sendMayHaveLanded?.()).toBe(expected);
+  }
+
+  it("clears sendMayHaveLanded on pre-connect first preview send failures", async () => {
+    await expectSendMayHaveLandedStateAfterFirstFailure(
+      Object.assign(new Error("connect ECONNREFUSED"), { code: "ECONNREFUSED" }),
+      false,
+    );
   });
 
   it("clears sendMayHaveLanded on Telegram 4xx client rejections", async () => {
-    const api = createMockDraftApi();
-    api.sendMessage.mockRejectedValueOnce(
+    await expectSendMayHaveLandedStateAfterFirstFailure(
       Object.assign(new Error("403: Forbidden"), { error_code: 403 }),
+      false,
     );
-    const stream = createDraftStream(api);
-
-    stream.update("Hello");
-    await stream.flush();
-
-    expect(api.sendMessage).toHaveBeenCalledTimes(1);
-    expect(stream.sendMayHaveLanded?.()).toBe(false);
   });
 
   it("supports rendered previews with parse_mode", async () => {
diff --git a/src/telegram/draft-stream.ts b/extensions/telegram/src/draft-stream.ts
similarity index 98%
rename from src/telegram/draft-stream.ts
rename to extensions/telegram/src/draft-stream.ts
index afab4680e96..5641b042d30 100644
--- a/src/telegram/draft-stream.ts
+++ b/extensions/telegram/src/draft-stream.ts
@@ -1,6 +1,6 @@
 import type { Bot } from "grammy";
-import { createFinalizableDraftLifecycle } from "../channels/draft-stream-controls.js";
-import { resolveGlobalSingleton } from "../shared/global-singleton.js";
+import { createFinalizableDraftLifecycle } from "../../../src/channels/draft-stream-controls.js";
+import { resolveGlobalSingleton } from "../../../src/shared/global-singleton.js";
 import { buildTelegramThreadParams, type TelegramThreadSpec } from "./bot/helpers.js";
 import { isSafeToRetrySendError, isTelegramClientRejection } from "./network-errors.js";
 
diff --git a/src/telegram/exec-approvals-handler.test.ts b/extensions/telegram/src/exec-approvals-handler.test.ts
similarity index 98%
rename from src/telegram/exec-approvals-handler.test.ts
rename to extensions/telegram/src/exec-approvals-handler.test.ts
index 91aa3fea217..80ecca833d2 100644
--- a/src/telegram/exec-approvals-handler.test.ts
+++ b/extensions/telegram/src/exec-approvals-handler.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { TelegramExecApprovalHandler } from "./exec-approvals-handler.js";
 
 const baseRequest = {
diff --git a/src/telegram/exec-approvals-handler.ts b/extensions/telegram/src/exec-approvals-handler.ts
similarity index 92%
rename from src/telegram/exec-approvals-handler.ts
rename to extensions/telegram/src/exec-approvals-handler.ts
index 01e3b51bedd..a9d32d0887d 100644
--- a/src/telegram/exec-approvals-handler.ts
+++ b/extensions/telegram/src/exec-approvals-handler.ts
@@ -1,18 +1,21 @@
-import type { OpenClawConfig } from "../config/config.js";
-import { GatewayClient } from "../gateway/client.js";
-import { createOperatorApprovalsGatewayClient } from "../gateway/operator-approvals-client.js";
-import type { EventFrame } from "../gateway/protocol/index.js";
-import { resolveExecApprovalCommandDisplay } from "../infra/exec-approval-command-display.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { GatewayClient } from "../../../src/gateway/client.js";
+import { createOperatorApprovalsGatewayClient } from "../../../src/gateway/operator-approvals-client.js";
+import type { EventFrame } from "../../../src/gateway/protocol/index.js";
+import { resolveExecApprovalCommandDisplay } from "../../../src/infra/exec-approval-command-display.js";
 import {
   buildExecApprovalPendingReplyPayload,
   type ExecApprovalPendingReplyParams,
-} from "../infra/exec-approval-reply.js";
-import { resolveExecApprovalSessionTarget } from "../infra/exec-approval-session-target.js";
-import type { ExecApprovalRequest, ExecApprovalResolved } from "../infra/exec-approvals.js";
-import { createSubsystemLogger } from "../logging/subsystem.js";
-import { normalizeAccountId, parseAgentSessionKey } from "../routing/session-key.js";
-import type { RuntimeEnv } from "../runtime.js";
-import { compileSafeRegex, testRegexWithBoundedInput } from "../security/safe-regex.js";
+} from "../../../src/infra/exec-approval-reply.js";
+import { resolveExecApprovalSessionTarget } from "../../../src/infra/exec-approval-session-target.js";
+import type {
+  ExecApprovalRequest,
+  ExecApprovalResolved,
+} from "../../../src/infra/exec-approvals.js";
+import { createSubsystemLogger } from "../../../src/logging/subsystem.js";
+import { normalizeAccountId, parseAgentSessionKey } from "../../../src/routing/session-key.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
+import { compileSafeRegex, testRegexWithBoundedInput } from "../../../src/security/safe-regex.js";
 import { buildTelegramExecApprovalButtons } from "./approval-buttons.js";
 import {
   getTelegramExecApprovalApprovers,
diff --git a/src/telegram/exec-approvals.test.ts b/extensions/telegram/src/exec-approvals.test.ts
similarity index 98%
rename from src/telegram/exec-approvals.test.ts
rename to extensions/telegram/src/exec-approvals.test.ts
index d85e07f7187..f56279318ea 100644
--- a/src/telegram/exec-approvals.test.ts
+++ b/extensions/telegram/src/exec-approvals.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import {
   isTelegramExecApprovalApprover,
   isTelegramExecApprovalClientEnabled,
diff --git a/src/telegram/exec-approvals.ts b/extensions/telegram/src/exec-approvals.ts
similarity index 90%
rename from src/telegram/exec-approvals.ts
rename to extensions/telegram/src/exec-approvals.ts
index 1055e1d1676..b1b0eed8d4f 100644
--- a/src/telegram/exec-approvals.ts
+++ b/extensions/telegram/src/exec-approvals.ts
@@ -1,7 +1,7 @@
-import type { ReplyPayload } from "../auto-reply/types.js";
-import type { OpenClawConfig } from "../config/config.js";
-import type { TelegramExecApprovalConfig } from "../config/types.telegram.js";
-import { getExecApprovalReplyMetadata } from "../infra/exec-approval-reply.js";
+import type { ReplyPayload } from "../../../src/auto-reply/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { TelegramExecApprovalConfig } from "../../../src/config/types.telegram.js";
+import { getExecApprovalReplyMetadata } from "../../../src/infra/exec-approval-reply.js";
 import { resolveTelegramAccount } from "./accounts.js";
 import { resolveTelegramTargetChatType } from "./targets.js";
 
diff --git a/src/telegram/fetch.env-proxy-runtime.test.ts b/extensions/telegram/src/fetch.env-proxy-runtime.test.ts
similarity index 100%
rename from src/telegram/fetch.env-proxy-runtime.test.ts
rename to extensions/telegram/src/fetch.env-proxy-runtime.test.ts
diff --git a/src/telegram/fetch.test.ts b/extensions/telegram/src/fetch.test.ts
similarity index 84%
rename from src/telegram/fetch.test.ts
rename to extensions/telegram/src/fetch.test.ts
index 73f46c9ed5a..7681d0c8701 100644
--- a/src/telegram/fetch.test.ts
+++ b/extensions/telegram/src/fetch.test.ts
@@ -1,5 +1,5 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { resolveFetch } from "../infra/fetch.js";
+import { resolveFetch } from "../../../src/infra/fetch.js";
 import { resolveTelegramFetch, resolveTelegramTransport } from "./fetch.js";
 
 const setDefaultResultOrder = vi.hoisted(() => vi.fn());
@@ -106,6 +106,32 @@ async function runDefaultStickyIpv4FallbackProbe(code = "EHOSTUNREACH"): Promise
   await resolved("https://api.telegram.org/botx/sendChatAction");
 }
 
+function primeStickyFallbackRetry(code = "EHOSTUNREACH", successCount = 2): void {
+  undiciFetch.mockRejectedValueOnce(buildFetchFallbackError(code));
+  for (let i = 0; i < successCount; i += 1) {
+    undiciFetch.mockResolvedValueOnce({ ok: true } as Response);
+  }
+}
+
+function expectStickyAutoSelectDispatcher(
+  dispatcher:
+    | {
+        options?: {
+          connect?: Record<string, unknown>;
+          proxyTls?: Record<string, unknown>;
+        };
+      }
+    | undefined,
+  field: "connect" | "proxyTls" = "connect",
+): void {
+  expect(dispatcher?.options?.[field]).toEqual(
+    expect.objectContaining({
+      autoSelectFamily: true,
+      autoSelectFamilyAttemptTimeout: 300,
+    }),
+  );
+}
+
 function expectPinnedIpv4ConnectDispatcher(args: {
   pinnedCall: number;
   firstCall?: number;
@@ -126,6 +152,36 @@ function expectPinnedIpv4ConnectDispatcher(args: {
   }
 }
 
+function expectCallerDispatcherPreserved(callIndexes: number[], dispatcher: unknown) {
+  for (const callIndex of callIndexes) {
+    const callInit = undiciFetch.mock.calls[callIndex - 1]?.[1] as
+      | (RequestInit & { dispatcher?: unknown })
+      | undefined;
+    expect(callInit?.dispatcher).toBe(dispatcher);
+  }
+}
+
+async function expectNoStickyRetryWithSameDispatcher(params: {
+  resolved: ReturnType<typeof resolveTelegramFetchOrThrow>;
+  expectedAgentCtor: typeof ProxyAgentCtor | typeof EnvHttpProxyAgentCtor;
+  field: "connect" | "proxyTls";
+}) {
+  await expect(params.resolved("https://api.telegram.org/botx/sendMessage")).rejects.toThrow(
+    "fetch failed",
+  );
+  await params.resolved("https://api.telegram.org/botx/sendChatAction");
+
+  expect(undiciFetch).toHaveBeenCalledTimes(2);
+  expect(params.expectedAgentCtor).toHaveBeenCalledTimes(1);
+
+  const firstDispatcher = getDispatcherFromUndiciCall(1);
+  const secondDispatcher = getDispatcherFromUndiciCall(2);
+
+  expect(firstDispatcher).toBe(secondDispatcher);
+  expectStickyAutoSelectDispatcher(firstDispatcher, params.field);
+  expect(firstDispatcher?.options?.[params.field]?.family).not.toBe(4);
+}
+
 afterEach(() => {
   undiciFetch.mockReset();
   setGlobalDispatcher.mockReset();
@@ -279,8 +335,7 @@ describe("resolveTelegramFetch", () => {
     const { makeProxyFetch } = await import("./proxy.js");
     const proxyFetch = makeProxyFetch("http://127.0.0.1:7890");
     ProxyAgentCtor.mockClear();
-    const fetchError = buildFetchFallbackError("EHOSTUNREACH");
-    undiciFetch.mockRejectedValueOnce(fetchError).mockResolvedValueOnce({ ok: true } as Response);
+    primeStickyFallbackRetry("EHOSTUNREACH", 1);
 
     const resolved = resolveTelegramFetchOrThrow(proxyFetch, {
       network: {
@@ -289,31 +344,16 @@ describe("resolveTelegramFetch", () => {
       },
     });
 
-    await expect(resolved("https://api.telegram.org/botx/sendMessage")).rejects.toThrow(
-      "fetch failed",
-    );
-    await resolved("https://api.telegram.org/botx/sendChatAction");
-
-    expect(undiciFetch).toHaveBeenCalledTimes(2);
-    expect(ProxyAgentCtor).toHaveBeenCalledTimes(1);
-
-    const firstDispatcher = getDispatcherFromUndiciCall(1);
-    const secondDispatcher = getDispatcherFromUndiciCall(2);
-
-    expect(firstDispatcher).toBe(secondDispatcher);
-    expect(firstDispatcher?.options?.proxyTls).toEqual(
-      expect.objectContaining({
-        autoSelectFamily: true,
-        autoSelectFamilyAttemptTimeout: 300,
-      }),
-    );
-    expect(firstDispatcher?.options?.proxyTls?.family).not.toBe(4);
+    await expectNoStickyRetryWithSameDispatcher({
+      resolved,
+      expectedAgentCtor: ProxyAgentCtor,
+      field: "proxyTls",
+    });
   });
 
   it("does not blind-retry when sticky IPv4 fallback is disallowed for env proxy paths", async () => {
     vi.stubEnv("HTTPS_PROXY", "http://127.0.0.1:7890");
-    const fetchError = buildFetchFallbackError("EHOSTUNREACH");
-    undiciFetch.mockRejectedValueOnce(fetchError).mockResolvedValueOnce({ ok: true } as Response);
+    primeStickyFallbackRetry("EHOSTUNREACH", 1);
 
     const resolved = resolveTelegramFetchOrThrow(undefined, {
       network: {
@@ -322,25 +362,11 @@ describe("resolveTelegramFetch", () => {
       },
     });
 
-    await expect(resolved("https://api.telegram.org/botx/sendMessage")).rejects.toThrow(
-      "fetch failed",
-    );
-    await resolved("https://api.telegram.org/botx/sendChatAction");
-
-    expect(undiciFetch).toHaveBeenCalledTimes(2);
-    expect(EnvHttpProxyAgentCtor).toHaveBeenCalledTimes(1);
-
-    const firstDispatcher = getDispatcherFromUndiciCall(1);
-    const secondDispatcher = getDispatcherFromUndiciCall(2);
-
-    expect(firstDispatcher).toBe(secondDispatcher);
-    expect(firstDispatcher?.options?.connect).toEqual(
-      expect.objectContaining({
-        autoSelectFamily: true,
-        autoSelectFamilyAttemptTimeout: 300,
-      }),
-    );
-    expect(firstDispatcher?.options?.connect?.family).not.toBe(4);
+    await expectNoStickyRetryWithSameDispatcher({
+      resolved,
+      expectedAgentCtor: EnvHttpProxyAgentCtor,
+      field: "connect",
+    });
   });
 
   it("treats ALL_PROXY-only env as direct transport and arms sticky IPv4 fallback", async () => {
@@ -474,11 +500,7 @@ describe("resolveTelegramFetch", () => {
   });
 
   it("retries once and then keeps sticky IPv4 dispatcher for subsequent requests", async () => {
-    const fetchError = buildFetchFallbackError("ETIMEDOUT");
-    undiciFetch
-      .mockRejectedValueOnce(fetchError)
-      .mockResolvedValueOnce({ ok: true } as Response)
-      .mockResolvedValueOnce({ ok: true } as Response);
+    primeStickyFallbackRetry("ETIMEDOUT");
 
     const resolved = resolveTelegramFetchOrThrow(undefined, {
       network: {
@@ -502,12 +524,7 @@ describe("resolveTelegramFetch", () => {
     expect(firstDispatcher).not.toBe(secondDispatcher);
     expect(secondDispatcher).toBe(thirdDispatcher);
 
-    expect(firstDispatcher?.options?.connect).toEqual(
-      expect.objectContaining({
-        autoSelectFamily: true,
-        autoSelectFamilyAttemptTimeout: 300,
-      }),
-    );
+    expectStickyAutoSelectDispatcher(firstDispatcher);
     expect(secondDispatcher?.options?.connect).toEqual(
       expect.objectContaining({
         family: 4,
@@ -533,24 +550,11 @@ describe("resolveTelegramFetch", () => {
     } as RequestInit);
 
     expect(undiciFetch).toHaveBeenCalledTimes(2);
-
-    const firstCallInit = undiciFetch.mock.calls[0]?.[1] as
-      | (RequestInit & { dispatcher?: unknown })
-      | undefined;
-    const secondCallInit = undiciFetch.mock.calls[1]?.[1] as
-      | (RequestInit & { dispatcher?: unknown })
-      | undefined;
-
-    expect(firstCallInit?.dispatcher).toBe(callerDispatcher);
-    expect(secondCallInit?.dispatcher).toBe(callerDispatcher);
+    expectCallerDispatcherPreserved([1, 2], callerDispatcher);
   });
 
   it("does not arm sticky fallback from caller-provided dispatcher failures", async () => {
-    const fetchError = buildFetchFallbackError("EHOSTUNREACH");
-    undiciFetch
-      .mockRejectedValueOnce(fetchError)
-      .mockResolvedValueOnce({ ok: true } as Response)
-      .mockResolvedValueOnce({ ok: true } as Response);
+    primeStickyFallbackRetry();
 
     const resolved = resolveTelegramFetchOrThrow(undefined, {
       network: {
@@ -566,23 +570,10 @@ describe("resolveTelegramFetch", () => {
     await resolved("https://api.telegram.org/botx/sendChatAction");
 
     expect(undiciFetch).toHaveBeenCalledTimes(3);
-
-    const firstCallInit = undiciFetch.mock.calls[0]?.[1] as
-      | (RequestInit & { dispatcher?: unknown })
-      | undefined;
-    const secondCallInit = undiciFetch.mock.calls[1]?.[1] as
-      | (RequestInit & { dispatcher?: unknown })
-      | undefined;
+    expectCallerDispatcherPreserved([1, 2], callerDispatcher);
     const thirdDispatcher = getDispatcherFromUndiciCall(3);
 
-    expect(firstCallInit?.dispatcher).toBe(callerDispatcher);
-    expect(secondCallInit?.dispatcher).toBe(callerDispatcher);
-    expect(thirdDispatcher?.options?.connect).toEqual(
-      expect.objectContaining({
-        autoSelectFamily: true,
-        autoSelectFamilyAttemptTimeout: 300,
-      }),
-    );
+    expectStickyAutoSelectDispatcher(thirdDispatcher);
     expect(thirdDispatcher?.options?.connect?.family).not.toBe(4);
   });
 
diff --git a/src/telegram/fetch.ts b/extensions/telegram/src/fetch.ts
similarity index 93%
rename from src/telegram/fetch.ts
rename to extensions/telegram/src/fetch.ts
index 52484edde80..4b234c8d107 100644
--- a/src/telegram/fetch.ts
+++ b/extensions/telegram/src/fetch.ts
@@ -1,10 +1,10 @@
 import * as dns from "node:dns";
 import { Agent, EnvHttpProxyAgent, ProxyAgent, fetch as undiciFetch } from "undici";
-import type { TelegramNetworkConfig } from "../config/types.telegram.js";
-import { resolveFetch } from "../infra/fetch.js";
-import { hasEnvHttpProxyConfigured } from "../infra/net/proxy-env.js";
-import type { PinnedDispatcherPolicy } from "../infra/net/ssrf.js";
-import { createSubsystemLogger } from "../logging/subsystem.js";
+import type { TelegramNetworkConfig } from "../../../src/config/types.telegram.js";
+import { resolveFetch } from "../../../src/infra/fetch.js";
+import { hasEnvHttpProxyConfigured } from "../../../src/infra/net/proxy-env.js";
+import type { PinnedDispatcherPolicy } from "../../../src/infra/net/ssrf.js";
+import { createSubsystemLogger } from "../../../src/logging/subsystem.js";
 import {
   resolveTelegramAutoSelectFamilyDecision,
   resolveTelegramDnsResultOrderDecision,
@@ -389,11 +389,16 @@ function shouldRetryWithIpv4Fallback(err: unknown): boolean {
   return true;
 }
 
+export function shouldRetryTelegramIpv4Fallback(err: unknown): boolean {
+  return shouldRetryWithIpv4Fallback(err);
+}
+
 // Prefer wrapped fetch when available to normalize AbortSignal across runtimes.
 export type TelegramTransport = {
   fetch: typeof fetch;
   sourceFetch: typeof fetch;
   pinnedDispatcherPolicy?: PinnedDispatcherPolicy;
+  fallbackPinnedDispatcherPolicy?: PinnedDispatcherPolicy;
 };
 
 export function resolveTelegramTransport(
@@ -438,20 +443,24 @@ export function resolveTelegramTransport(
     defaultDispatcher.mode === "direct" ||
     (defaultDispatcher.mode === "env-proxy" && shouldBypassEnvProxy);
   const stickyShouldUseEnvProxy = defaultDispatcher.mode === "env-proxy";
+  const fallbackPinnedDispatcherPolicy = allowStickyIpv4Fallback
+    ? resolveTelegramDispatcherPolicy({
+        autoSelectFamily: false,
+        dnsResultOrder: "ipv4first",
+        useEnvProxy: stickyShouldUseEnvProxy,
+        forceIpv4: true,
+        proxyUrl: explicitProxyUrl,
+      }).policy
+    : undefined;
 
   let stickyIpv4FallbackEnabled = false;
   let stickyIpv4Dispatcher: TelegramDispatcher | null = null;
   const resolveStickyIpv4Dispatcher = () => {
     if (!stickyIpv4Dispatcher) {
-      stickyIpv4Dispatcher = createTelegramDispatcher(
-        resolveTelegramDispatcherPolicy({
-          autoSelectFamily: false,
-          dnsResultOrder: "ipv4first",
-          useEnvProxy: stickyShouldUseEnvProxy,
-          forceIpv4: true,
-          proxyUrl: explicitProxyUrl,
-        }).policy,
-      ).dispatcher;
+      if (!fallbackPinnedDispatcherPolicy) {
+        return defaultDispatcher.dispatcher;
+      }
+      stickyIpv4Dispatcher = createTelegramDispatcher(fallbackPinnedDispatcherPolicy).dispatcher;
     }
     return stickyIpv4Dispatcher;
   };
@@ -493,6 +502,7 @@ export function resolveTelegramTransport(
     fetch: resolvedFetch,
     sourceFetch,
     pinnedDispatcherPolicy: defaultDispatcher.effectivePolicy,
+    fallbackPinnedDispatcherPolicy,
   };
 }
 
diff --git a/src/telegram/format.test.ts b/extensions/telegram/src/format.test.ts
similarity index 100%
rename from src/telegram/format.test.ts
rename to extensions/telegram/src/format.test.ts
diff --git a/src/telegram/format.ts b/extensions/telegram/src/format.ts
similarity index 98%
rename from src/telegram/format.ts
rename to extensions/telegram/src/format.ts
index ed1f6c822f8..1ccd8f8299b 100644
--- a/src/telegram/format.ts
+++ b/extensions/telegram/src/format.ts
@@ -1,11 +1,11 @@
-import type { MarkdownTableMode } from "../config/types.base.js";
+import type { MarkdownTableMode } from "../../../src/config/types.base.js";
 import {
   chunkMarkdownIR,
   markdownToIR,
   type MarkdownLinkSpan,
   type MarkdownIR,
-} from "../markdown/ir.js";
-import { renderMarkdownWithMarkers } from "../markdown/render.js";
+} from "../../../src/markdown/ir.js";
+import { renderMarkdownWithMarkers } from "../../../src/markdown/render.js";
 
 export type TelegramFormattedChunk = {
   html: string;
diff --git a/src/telegram/format.wrap-md.test.ts b/extensions/telegram/src/format.wrap-md.test.ts
similarity index 100%
rename from src/telegram/format.wrap-md.test.ts
rename to extensions/telegram/src/format.wrap-md.test.ts
diff --git a/src/telegram/forum-service-message.ts b/extensions/telegram/src/forum-service-message.ts
similarity index 100%
rename from src/telegram/forum-service-message.ts
rename to extensions/telegram/src/forum-service-message.ts
diff --git a/src/telegram/group-access.base-access.test.ts b/extensions/telegram/src/group-access.base-access.test.ts
similarity index 100%
rename from src/telegram/group-access.base-access.test.ts
rename to extensions/telegram/src/group-access.base-access.test.ts
diff --git a/src/telegram/group-access.group-policy.test.ts b/extensions/telegram/src/group-access.group-policy.test.ts
similarity index 91%
rename from src/telegram/group-access.group-policy.test.ts
rename to extensions/telegram/src/group-access.group-policy.test.ts
index 07e05780536..8b93c52d160 100644
--- a/src/telegram/group-access.group-policy.test.ts
+++ b/extensions/telegram/src/group-access.group-policy.test.ts
@@ -1,5 +1,5 @@
 import { describe } from "vitest";
-import { installProviderRuntimeGroupPolicyFallbackSuite } from "../test-utils/runtime-group-policy-contract.js";
+import { installProviderRuntimeGroupPolicyFallbackSuite } from "../../../src/test-utils/runtime-group-policy-contract.js";
 import { resolveTelegramRuntimeGroupPolicy } from "./group-access.js";
 
 describe("resolveTelegramRuntimeGroupPolicy", () => {
diff --git a/src/telegram/group-access.policy-access.test.ts b/extensions/telegram/src/group-access.policy-access.test.ts
similarity index 97%
rename from src/telegram/group-access.policy-access.test.ts
rename to extensions/telegram/src/group-access.policy-access.test.ts
index d32863318d2..812dda9af49 100644
--- a/src/telegram/group-access.policy-access.test.ts
+++ b/extensions/telegram/src/group-access.policy-access.test.ts
@@ -1,6 +1,6 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
-import type { TelegramAccountConfig } from "../config/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { TelegramAccountConfig } from "../../../src/config/types.js";
 import { evaluateTelegramGroupPolicyAccess } from "./group-access.js";
 
 /**
diff --git a/src/telegram/group-access.ts b/extensions/telegram/src/group-access.ts
similarity index 95%
rename from src/telegram/group-access.ts
rename to extensions/telegram/src/group-access.ts
index e97251c950a..b5c30979dbb 100644
--- a/src/telegram/group-access.ts
+++ b/extensions/telegram/src/group-access.ts
@@ -1,13 +1,13 @@
-import type { OpenClawConfig } from "../config/config.js";
-import type { ChannelGroupPolicy } from "../config/group-policy.js";
-import { resolveOpenProviderRuntimeGroupPolicy } from "../config/runtime-group-policy.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { ChannelGroupPolicy } from "../../../src/config/group-policy.js";
+import { resolveOpenProviderRuntimeGroupPolicy } from "../../../src/config/runtime-group-policy.js";
 import type {
   TelegramAccountConfig,
   TelegramDirectConfig,
   TelegramGroupConfig,
   TelegramTopicConfig,
-} from "../config/types.js";
-import { evaluateMatchedGroupAccessForPolicy } from "../plugin-sdk/group-access.js";
+} from "../../../src/config/types.js";
+import { evaluateMatchedGroupAccessForPolicy } from "../../../src/plugin-sdk/group-access.js";
 import { isSenderAllowed, type NormalizedAllowFrom } from "./bot-access.js";
 import { firstDefined } from "./bot-access.js";
 
diff --git a/src/telegram/group-config-helpers.ts b/extensions/telegram/src/group-config-helpers.ts
similarity index 95%
rename from src/telegram/group-config-helpers.ts
rename to extensions/telegram/src/group-config-helpers.ts
index 523f1df57e0..5a60d116dd3 100644
--- a/src/telegram/group-config-helpers.ts
+++ b/extensions/telegram/src/group-config-helpers.ts
@@ -2,7 +2,7 @@ import type {
   TelegramDirectConfig,
   TelegramGroupConfig,
   TelegramTopicConfig,
-} from "../config/types.js";
+} from "../../../src/config/types.js";
 import { firstDefined } from "./bot-access.js";
 
 export function resolveTelegramGroupPromptSettings(params: {
diff --git a/src/telegram/group-migration.test.ts b/extensions/telegram/src/group-migration.test.ts
similarity index 100%
rename from src/telegram/group-migration.test.ts
rename to extensions/telegram/src/group-migration.test.ts
diff --git a/src/telegram/group-migration.ts b/extensions/telegram/src/group-migration.ts
similarity index 91%
rename from src/telegram/group-migration.ts
rename to extensions/telegram/src/group-migration.ts
index 921e34d5a9b..0609fcf4b5a 100644
--- a/src/telegram/group-migration.ts
+++ b/extensions/telegram/src/group-migration.ts
@@ -1,6 +1,6 @@
-import type { OpenClawConfig } from "../config/config.js";
-import type { TelegramGroupConfig } from "../config/types.telegram.js";
-import { normalizeAccountId } from "../routing/session-key.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { TelegramGroupConfig } from "../../../src/config/types.telegram.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
 
 type TelegramGroups = Record<string, TelegramGroupConfig>;
 
diff --git a/src/telegram/inline-buttons.test.ts b/extensions/telegram/src/inline-buttons.test.ts
similarity index 100%
rename from src/telegram/inline-buttons.test.ts
rename to extensions/telegram/src/inline-buttons.test.ts
diff --git a/src/telegram/inline-buttons.ts b/extensions/telegram/src/inline-buttons.ts
similarity index 93%
rename from src/telegram/inline-buttons.ts
rename to extensions/telegram/src/inline-buttons.ts
index 1137d61d1cd..ead8068feba 100644
--- a/src/telegram/inline-buttons.ts
+++ b/extensions/telegram/src/inline-buttons.ts
@@ -1,5 +1,5 @@
-import type { OpenClawConfig } from "../config/config.js";
-import type { TelegramInlineButtonsScope } from "../config/types.telegram.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { TelegramInlineButtonsScope } from "../../../src/config/types.telegram.js";
 import { listTelegramAccountIds, resolveTelegramAccount } from "./accounts.js";
 
 const DEFAULT_INLINE_BUTTONS_SCOPE: TelegramInlineButtonsScope = "allowlist";
diff --git a/src/telegram/lane-delivery-state.ts b/extensions/telegram/src/lane-delivery-state.ts
similarity index 100%
rename from src/telegram/lane-delivery-state.ts
rename to extensions/telegram/src/lane-delivery-state.ts
diff --git a/src/telegram/lane-delivery-text-deliverer.ts b/extensions/telegram/src/lane-delivery-text-deliverer.ts
similarity index 99%
rename from src/telegram/lane-delivery-text-deliverer.ts
rename to extensions/telegram/src/lane-delivery-text-deliverer.ts
index 000087cc692..08875329649 100644
--- a/src/telegram/lane-delivery-text-deliverer.ts
+++ b/extensions/telegram/src/lane-delivery-text-deliverer.ts
@@ -1,4 +1,4 @@
-import type { ReplyPayload } from "../auto-reply/types.js";
+import type { ReplyPayload } from "../../../src/auto-reply/types.js";
 import type { TelegramInlineButtons } from "./button-types.js";
 import type { TelegramDraftStream } from "./draft-stream.js";
 import {
diff --git a/src/telegram/lane-delivery.test.ts b/extensions/telegram/src/lane-delivery.test.ts
similarity index 86%
rename from src/telegram/lane-delivery.test.ts
rename to extensions/telegram/src/lane-delivery.test.ts
index 3ddad092d7a..aba9974eff5 100644
--- a/src/telegram/lane-delivery.test.ts
+++ b/extensions/telegram/src/lane-delivery.test.ts
@@ -1,8 +1,10 @@
 import { describe, expect, it, vi } from "vitest";
-import type { ReplyPayload } from "../auto-reply/types.js";
+import type { ReplyPayload } from "../../../src/auto-reply/types.js";
 import { createTestDraftStream } from "./draft-stream.test-helpers.js";
 import { createLaneTextDeliverer, type DraftLaneState, type LaneName } from "./lane-delivery.js";
 
+const HELLO_FINAL = "Hello final";
+
 function createHarness(params?: {
   answerMessageId?: number;
   draftMaxChars?: number;
@@ -93,6 +95,21 @@ async function deliverFinalAnswer(harness: ReturnType<typeof createHarness>, tex
   });
 }
 
+async function expectFinalPreviewRetained(params: {
+  harness: ReturnType<typeof createHarness>;
+  text?: string;
+  expectedLogSnippet?: string;
+}) {
+  const result = await deliverFinalAnswer(params.harness, params.text ?? HELLO_FINAL);
+  expect(result).toBe("preview-retained");
+  expect(params.harness.sendPayload).not.toHaveBeenCalled();
+  if (params.expectedLogSnippet) {
+    expect(params.harness.log).toHaveBeenCalledWith(
+      expect.stringContaining(params.expectedLogSnippet),
+    );
+  }
+}
+
 function seedArchivedAnswerPreview(harness: ReturnType<typeof createHarness>) {
   harness.archivedAnswerPreviews.push({
     messageId: 5555,
@@ -121,19 +138,14 @@ describe("createLaneTextDeliverer", () => {
   it("finalizes text-only replies by editing an existing preview message", async () => {
     const harness = createHarness({ answerMessageId: 999 });
 
-    const result = await harness.deliverLaneText({
-      laneName: "answer",
-      text: "Hello final",
-      payload: { text: "Hello final" },
-      infoKind: "final",
-    });
+    const result = await deliverFinalAnswer(harness, HELLO_FINAL);
 
     expect(result).toBe("preview-finalized");
     expect(harness.editPreview).toHaveBeenCalledWith(
       expect.objectContaining({
         laneName: "answer",
         messageId: 999,
-        text: "Hello final",
+        text: HELLO_FINAL,
         context: "final",
       }),
     );
@@ -191,12 +203,7 @@ describe("createLaneTextDeliverer", () => {
       ),
     );
 
-    const result = await harness.deliverLaneText({
-      laneName: "answer",
-      text: "Hello final",
-      payload: { text: "Hello final" },
-      infoKind: "final",
-    });
+    const result = await deliverFinalAnswer(harness, HELLO_FINAL);
 
     expect(result).toBe("preview-finalized");
     expect(harness.editPreview).toHaveBeenCalledTimes(1);
@@ -212,19 +219,11 @@ describe("createLaneTextDeliverer", () => {
     // Plain Error with no error_code → ambiguous, prefer incomplete over duplicate
     harness.editPreview.mockRejectedValue(new Error("500: preview edit failed"));
 
-    const result = await harness.deliverLaneText({
-      laneName: "answer",
-      text: "Hello final",
-      payload: { text: "Hello final" },
-      infoKind: "final",
+    await expectFinalPreviewRetained({
+      harness,
+      expectedLogSnippet: "ambiguous error; keeping existing preview to avoid duplicate",
     });
-
-    expect(result).toBe("preview-retained");
     expect(harness.editPreview).toHaveBeenCalledTimes(1);
-    expect(harness.sendPayload).not.toHaveBeenCalled();
-    expect(harness.log).toHaveBeenCalledWith(
-      expect.stringContaining("ambiguous error; keeping existing preview to avoid duplicate"),
-    );
   });
 
   it("falls back when Telegram reports the current final edit target missing", async () => {
@@ -243,16 +242,11 @@ describe("createLaneTextDeliverer", () => {
     const err = Object.assign(new Error("connect ECONNREFUSED"), { code: "ECONNREFUSED" });
     harness.editPreview.mockRejectedValue(err);
 
-    const result = await harness.deliverLaneText({
-      laneName: "answer",
-      text: "Hello final",
-      payload: { text: "Hello final" },
-      infoKind: "final",
-    });
+    const result = await deliverFinalAnswer(harness, HELLO_FINAL);
 
     expect(result).toBe("sent");
     expect(harness.sendPayload).toHaveBeenCalledWith(
-      expect.objectContaining({ text: "Hello final" }),
+      expect.objectContaining({ text: HELLO_FINAL }),
     );
     expect(harness.log).toHaveBeenCalledWith(
       expect.stringContaining("failed before reaching Telegram; falling back"),
@@ -263,18 +257,10 @@ describe("createLaneTextDeliverer", () => {
     const harness = createHarness({ answerMessageId: 999 });
     harness.editPreview.mockRejectedValue(new Error("timeout: request timed out after 30000ms"));
 
-    const result = await harness.deliverLaneText({
-      laneName: "answer",
-      text: "Hello final",
-      payload: { text: "Hello final" },
-      infoKind: "final",
+    await expectFinalPreviewRetained({
+      harness,
+      expectedLogSnippet: "may have landed despite network error; keeping existing preview",
     });
-
-    expect(result).toBe("preview-retained");
-    expect(harness.sendPayload).not.toHaveBeenCalled();
-    expect(harness.log).toHaveBeenCalledWith(
-      expect.stringContaining("may have landed despite network error; keeping existing preview"),
-    );
   });
 
   it("falls back to normal delivery when stop-created preview has no message id", async () => {
@@ -389,17 +375,12 @@ describe("createLaneTextDeliverer", () => {
       answerLastPartialText: "Hello final",
     });
 
-    const result = await harness.deliverLaneText({
-      laneName: "answer",
-      text: "Hello final",
-      payload: { text: "Hello final" },
-      infoKind: "final",
-    });
+    const result = await deliverFinalAnswer(harness, HELLO_FINAL);
 
     expect(result).toBe("sent");
     expect(answerStream.materialize).toHaveBeenCalledTimes(1);
     expect(harness.sendPayload).toHaveBeenCalledWith(
-      expect.objectContaining({ text: "Hello final" }),
+      expect.objectContaining({ text: HELLO_FINAL }),
     );
     expect(harness.log).toHaveBeenCalledWith(
       expect.stringContaining("draft preview materialize produced no message id"),
@@ -460,16 +441,8 @@ describe("createLaneTextDeliverer", () => {
     // Plain Error with no error_code → ambiguous, prefer incomplete over duplicate
     harness.editPreview.mockRejectedValue(new Error("500: Internal Server Error"));
 
-    const result = await harness.deliverLaneText({
-      laneName: "answer",
-      text: "Hello final",
-      payload: { text: "Hello final" },
-      infoKind: "final",
-    });
-
-    expect(result).toBe("preview-retained");
+    await expectFinalPreviewRetained({ harness });
     expect(harness.editPreview).toHaveBeenCalledTimes(1);
-    expect(harness.sendPayload).not.toHaveBeenCalled();
   });
 
   it("falls back when an archived preview edit target is missing and no alternate preview exists", async () => {
@@ -519,18 +492,10 @@ describe("createLaneTextDeliverer", () => {
     const err = Object.assign(new Error("502: Bad Gateway"), { error_code: 502 });
     harness.editPreview.mockRejectedValue(err);
 
-    const result = await harness.deliverLaneText({
-      laneName: "answer",
-      text: "Hello final",
-      payload: { text: "Hello final" },
-      infoKind: "final",
+    await expectFinalPreviewRetained({
+      harness,
+      expectedLogSnippet: "ambiguous error; keeping existing preview to avoid duplicate",
     });
-
-    expect(result).toBe("preview-retained");
-    expect(harness.sendPayload).not.toHaveBeenCalled();
-    expect(harness.log).toHaveBeenCalledWith(
-      expect.stringContaining("ambiguous error; keeping existing preview to avoid duplicate"),
-    );
   });
 
   it("falls back when the first preview send may have landed without a message id", async () => {
@@ -538,16 +503,11 @@ describe("createLaneTextDeliverer", () => {
     stream.sendMayHaveLanded.mockReturnValue(true);
     const harness = createHarness({ answerStream: stream });
 
-    const result = await harness.deliverLaneText({
-      laneName: "answer",
-      text: "Hello final",
-      payload: { text: "Hello final" },
-      infoKind: "final",
-    });
+    const result = await deliverFinalAnswer(harness, HELLO_FINAL);
 
     expect(result).toBe("sent");
     expect(harness.sendPayload).toHaveBeenCalledWith(
-      expect.objectContaining({ text: "Hello final" }),
+      expect.objectContaining({ text: HELLO_FINAL }),
     );
   });
 
@@ -565,18 +525,10 @@ describe("createLaneTextDeliverer", () => {
       await lane.stream?.stop();
     });
 
-    const result = await harness.deliverLaneText({
-      laneName: "answer",
-      text: "Hello final",
-      payload: { text: "Hello final" },
-      infoKind: "final",
+    await expectFinalPreviewRetained({
+      harness,
+      expectedLogSnippet: "preview send may have landed despite missing message id",
     });
-
-    expect(result).toBe("preview-retained");
-    expect(harness.sendPayload).not.toHaveBeenCalled();
-    expect(harness.log).toHaveBeenCalledWith(
-      expect.stringContaining("preview send may have landed despite missing message id"),
-    );
   });
 
   it("deletes consumed boundary previews after fallback final send", async () => {
diff --git a/src/telegram/lane-delivery.ts b/extensions/telegram/src/lane-delivery.ts
similarity index 100%
rename from src/telegram/lane-delivery.ts
rename to extensions/telegram/src/lane-delivery.ts
diff --git a/src/telegram/model-buttons.test.ts b/extensions/telegram/src/model-buttons.test.ts
similarity index 100%
rename from src/telegram/model-buttons.test.ts
rename to extensions/telegram/src/model-buttons.test.ts
diff --git a/src/telegram/model-buttons.ts b/extensions/telegram/src/model-buttons.ts
similarity index 100%
rename from src/telegram/model-buttons.ts
rename to extensions/telegram/src/model-buttons.ts
diff --git a/src/telegram/monitor.test.ts b/extensions/telegram/src/monitor.test.ts
similarity index 89%
rename from src/telegram/monitor.test.ts
rename to extensions/telegram/src/monitor.test.ts
index 0b28734f835..c4a898c5a6d 100644
--- a/src/telegram/monitor.test.ts
+++ b/extensions/telegram/src/monitor.test.ts
@@ -129,6 +129,46 @@ function mockRunOnceAndAbort(abort: AbortController) {
   runSpy.mockImplementationOnce(() => makeAbortRunner(abort));
 }
 
+async function expectOffsetConfirmationSkipped(offset: number | null) {
+  readTelegramUpdateOffsetSpy.mockResolvedValueOnce(offset);
+  const abort = new AbortController();
+  api.getUpdates.mockReset();
+  api.deleteWebhook.mockReset();
+  api.deleteWebhook.mockResolvedValueOnce(true);
+  mockRunOnceAndAbort(abort);
+
+  await monitorTelegramProvider({ token: "tok", abortSignal: abort.signal });
+
+  expect(api.getUpdates).not.toHaveBeenCalled();
+}
+
+async function runMonitorAndCaptureStartupOrder(params?: { persistedOffset?: number | null }) {
+  if (params && "persistedOffset" in params) {
+    readTelegramUpdateOffsetSpy.mockResolvedValueOnce(params.persistedOffset ?? null);
+  }
+  const abort = new AbortController();
+  const order: string[] = [];
+  api.getUpdates.mockReset();
+  api.deleteWebhook.mockReset();
+  api.deleteWebhook.mockImplementationOnce(async () => {
+    order.push("deleteWebhook");
+    return true;
+  });
+  if (typeof params?.persistedOffset === "number") {
+    api.getUpdates.mockImplementationOnce(async () => {
+      order.push("getUpdates");
+      return [];
+    });
+  }
+  runSpy.mockImplementationOnce(() => {
+    order.push("run");
+    return makeAbortRunner(abort);
+  });
+
+  await monitorTelegramProvider({ token: "tok", abortSignal: abort.signal });
+  return { order };
+}
+
 function mockRunOnceWithStalledPollingRunner(): {
   stop: ReturnType<typeof vi.fn<() => void | Promise<void>>>;
 } {
@@ -169,8 +209,8 @@ async function monitorWithAutoAbort(
   });
 }
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig,
@@ -214,12 +254,12 @@ vi.mock("@grammyjs/runner", () => ({
   run: runSpy,
 }));
 
-vi.mock("../infra/backoff.js", () => ({
+vi.mock("../../../src/infra/backoff.js", () => ({
   computeBackoff,
   sleepWithAbort,
 }));
 
-vi.mock("../infra/unhandled-rejections.js", () => ({
+vi.mock("../../../src/infra/unhandled-rejections.js", () => ({
   registerUnhandledRejectionHandler: registerUnhandledRejectionHandlerMock,
 }));
 
@@ -232,7 +272,7 @@ vi.mock("./update-offset-store.js", () => ({
   writeTelegramUpdateOffset: vi.fn(async () => undefined),
 }));
 
-vi.mock("../auto-reply/reply.js", () => ({
+vi.mock("../../../src/auto-reply/reply.js", () => ({
   getReplyFromConfig: async (ctx: { Body?: string }) => ({
     text: `echo:${ctx.Body}`,
   }),
@@ -349,19 +389,7 @@ describe("monitorTelegramProvider (grammY)", () => {
   });
 
   it("deletes webhook before starting polling", async () => {
-    const abort = new AbortController();
-    const order: string[] = [];
-    api.deleteWebhook.mockReset();
-    api.deleteWebhook.mockImplementationOnce(async () => {
-      order.push("deleteWebhook");
-      return true;
-    });
-    runSpy.mockImplementationOnce(() => {
-      order.push("run");
-      return makeAbortRunner(abort);
-    });
-
-    await monitorTelegramProvider({ token: "tok", abortSignal: abort.signal });
+    const { order } = await runMonitorAndCaptureStartupOrder();
 
     expect(api.deleteWebhook).toHaveBeenCalledWith({ drop_pending_updates: false });
     expect(order).toEqual(["deleteWebhook", "run"]);
@@ -577,67 +605,24 @@ describe("monitorTelegramProvider (grammY)", () => {
   });
 
   it("confirms persisted offset with Telegram before starting runner", async () => {
-    readTelegramUpdateOffsetSpy.mockResolvedValueOnce(549076203);
-    const abort = new AbortController();
-    const order: string[] = [];
-    api.getUpdates.mockReset();
-    api.getUpdates.mockImplementationOnce(async () => {
-      order.push("getUpdates");
-      return [];
+    const { order } = await runMonitorAndCaptureStartupOrder({
+      persistedOffset: 549076203,
     });
-    api.deleteWebhook.mockReset();
-    api.deleteWebhook.mockImplementationOnce(async () => {
-      order.push("deleteWebhook");
-      return true;
-    });
-    runSpy.mockImplementationOnce(() => {
-      order.push("run");
-      return makeAbortRunner(abort);
-    });
-
-    await monitorTelegramProvider({ token: "tok", abortSignal: abort.signal });
 
     expect(api.getUpdates).toHaveBeenCalledWith({ offset: 549076204, limit: 1, timeout: 0 });
     expect(order).toEqual(["deleteWebhook", "getUpdates", "run"]);
   });
 
   it("skips offset confirmation when no persisted offset exists", async () => {
-    readTelegramUpdateOffsetSpy.mockResolvedValueOnce(null);
-    const abort = new AbortController();
-    api.getUpdates.mockReset();
-    api.deleteWebhook.mockReset();
-    api.deleteWebhook.mockResolvedValueOnce(true);
-    mockRunOnceAndAbort(abort);
-
-    await monitorTelegramProvider({ token: "tok", abortSignal: abort.signal });
-
-    expect(api.getUpdates).not.toHaveBeenCalled();
+    await expectOffsetConfirmationSkipped(null);
   });
 
   it("skips offset confirmation when persisted offset is invalid", async () => {
-    readTelegramUpdateOffsetSpy.mockResolvedValueOnce(-1 as number);
-    const abort = new AbortController();
-    api.getUpdates.mockReset();
-    api.deleteWebhook.mockReset();
-    api.deleteWebhook.mockResolvedValueOnce(true);
-    mockRunOnceAndAbort(abort);
-
-    await monitorTelegramProvider({ token: "tok", abortSignal: abort.signal });
-
-    expect(api.getUpdates).not.toHaveBeenCalled();
+    await expectOffsetConfirmationSkipped(-1);
   });
 
   it("skips offset confirmation when persisted offset cannot be safely incremented", async () => {
-    readTelegramUpdateOffsetSpy.mockResolvedValueOnce(Number.MAX_SAFE_INTEGER);
-    const abort = new AbortController();
-    api.getUpdates.mockReset();
-    api.deleteWebhook.mockReset();
-    api.deleteWebhook.mockResolvedValueOnce(true);
-    mockRunOnceAndAbort(abort);
-
-    await monitorTelegramProvider({ token: "tok", abortSignal: abort.signal });
-
-    expect(api.getUpdates).not.toHaveBeenCalled();
+    await expectOffsetConfirmationSkipped(Number.MAX_SAFE_INTEGER);
   });
 
   it("resets webhookCleared latch on 409 conflict so deleteWebhook re-runs", async () => {
diff --git a/src/telegram/monitor.ts b/extensions/telegram/src/monitor.ts
similarity index 92%
rename from src/telegram/monitor.ts
rename to extensions/telegram/src/monitor.ts
index f7704f62dea..8620fb01c2b 100644
--- a/src/telegram/monitor.ts
+++ b/extensions/telegram/src/monitor.ts
@@ -1,11 +1,11 @@
 import type { RunOptions } from "@grammyjs/runner";
-import { resolveAgentMaxConcurrent } from "../config/agent-limits.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { loadConfig } from "../config/config.js";
-import { waitForAbortSignal } from "../infra/abort-signal.js";
-import { formatErrorMessage } from "../infra/errors.js";
-import { registerUnhandledRejectionHandler } from "../infra/unhandled-rejections.js";
-import type { RuntimeEnv } from "../runtime.js";
+import { resolveAgentMaxConcurrent } from "../../../src/config/agent-limits.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { loadConfig } from "../../../src/config/config.js";
+import { waitForAbortSignal } from "../../../src/infra/abort-signal.js";
+import { formatErrorMessage } from "../../../src/infra/errors.js";
+import { registerUnhandledRejectionHandler } from "../../../src/infra/unhandled-rejections.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
 import { resolveTelegramAccount } from "./accounts.js";
 import { resolveTelegramAllowedUpdates } from "./allowed-updates.js";
 import { TelegramExecApprovalHandler } from "./exec-approvals-handler.js";
diff --git a/src/telegram/network-config.test.ts b/extensions/telegram/src/network-config.test.ts
similarity index 97%
rename from src/telegram/network-config.test.ts
rename to extensions/telegram/src/network-config.test.ts
index 70de5f46826..2b9428c1773 100644
--- a/src/telegram/network-config.test.ts
+++ b/extensions/telegram/src/network-config.test.ts
@@ -1,5 +1,5 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
-import type { TelegramNetworkConfig } from "../config/types.telegram.js";
+import type { TelegramNetworkConfig } from "../../../src/config/types.telegram.js";
 import {
   resetTelegramNetworkConfigStateForTests,
   resolveTelegramAutoSelectFamilyDecision,
@@ -7,11 +7,11 @@ import {
 } from "./network-config.js";
 
 // Mock isWSL2Sync at the top level
-vi.mock("../infra/wsl.js", () => ({
+vi.mock("../../../src/infra/wsl.js", () => ({
   isWSL2Sync: vi.fn(() => false),
 }));
 
-import { isWSL2Sync } from "../infra/wsl.js";
+import { isWSL2Sync } from "../../../src/infra/wsl.js";
 
 describe("resolveTelegramAutoSelectFamilyDecision", () => {
   afterEach(() => {
diff --git a/src/telegram/network-config.ts b/extensions/telegram/src/network-config.ts
similarity index 94%
rename from src/telegram/network-config.ts
rename to extensions/telegram/src/network-config.ts
index 6bf20567cb7..81156ce67ac 100644
--- a/src/telegram/network-config.ts
+++ b/extensions/telegram/src/network-config.ts
@@ -1,7 +1,7 @@
 import process from "node:process";
-import type { TelegramNetworkConfig } from "../config/types.telegram.js";
-import { isTruthyEnvValue } from "../infra/env.js";
-import { isWSL2Sync } from "../infra/wsl.js";
+import type { TelegramNetworkConfig } from "../../../src/config/types.telegram.js";
+import { isTruthyEnvValue } from "../../../src/infra/env.js";
+import { isWSL2Sync } from "../../../src/infra/wsl.js";
 
 export const TELEGRAM_DISABLE_AUTO_SELECT_FAMILY_ENV =
   "OPENCLAW_TELEGRAM_DISABLE_AUTO_SELECT_FAMILY";
diff --git a/src/telegram/network-errors.test.ts b/extensions/telegram/src/network-errors.test.ts
similarity index 100%
rename from src/telegram/network-errors.test.ts
rename to extensions/telegram/src/network-errors.test.ts
diff --git a/src/telegram/network-errors.ts b/extensions/telegram/src/network-errors.ts
similarity index 99%
rename from src/telegram/network-errors.ts
rename to extensions/telegram/src/network-errors.ts
index 08e5d2dc2c0..59753f9d8c1 100644
--- a/src/telegram/network-errors.ts
+++ b/extensions/telegram/src/network-errors.ts
@@ -3,7 +3,7 @@ import {
   extractErrorCode,
   formatErrorMessage,
   readErrorName,
-} from "../infra/errors.js";
+} from "../../../src/infra/errors.js";
 
 const TELEGRAM_NETWORK_ORIGIN = Symbol("openclaw.telegram.network-origin");
 
diff --git a/extensions/telegram/src/normalize.ts b/extensions/telegram/src/normalize.ts
new file mode 100644
index 00000000000..e819d78af10
--- /dev/null
+++ b/extensions/telegram/src/normalize.ts
@@ -0,0 +1,44 @@
+import { normalizeTelegramLookupTarget, parseTelegramTarget } from "./targets.js";
+
+const TELEGRAM_PREFIX_RE = /^(telegram|tg):/i;
+
+function normalizeTelegramTargetBody(raw: string): string | undefined {
+  const trimmed = raw.trim();
+  if (!trimmed) {
+    return undefined;
+  }
+
+  const prefixStripped = trimmed.replace(TELEGRAM_PREFIX_RE, "").trim();
+  if (!prefixStripped) {
+    return undefined;
+  }
+
+  const parsed = parseTelegramTarget(trimmed);
+  const normalizedChatId = normalizeTelegramLookupTarget(parsed.chatId);
+  if (!normalizedChatId) {
+    return undefined;
+  }
+
+  const keepLegacyGroupPrefix = /^group:/i.test(prefixStripped);
+  const hasTopicSuffix = /:topic:\d+$/i.test(prefixStripped);
+  const chatSegment = keepLegacyGroupPrefix ? `group:${normalizedChatId}` : normalizedChatId;
+  if (parsed.messageThreadId == null) {
+    return chatSegment;
+  }
+  const threadSuffix = hasTopicSuffix
+    ? `:topic:${parsed.messageThreadId}`
+    : `:${parsed.messageThreadId}`;
+  return `${chatSegment}${threadSuffix}`;
+}
+
+export function normalizeTelegramMessagingTarget(raw: string): string | undefined {
+  const normalizedBody = normalizeTelegramTargetBody(raw);
+  if (!normalizedBody) {
+    return undefined;
+  }
+  return `telegram:${normalizedBody}`.toLowerCase();
+}
+
+export function looksLikeTelegramTargetId(raw: string): boolean {
+  return normalizeTelegramTargetBody(raw) !== undefined;
+}
diff --git a/extensions/telegram/src/onboarding.ts b/extensions/telegram/src/onboarding.ts
new file mode 100644
index 00000000000..c555b748d2d
--- /dev/null
+++ b/extensions/telegram/src/onboarding.ts
@@ -0,0 +1,256 @@
+import type {
+  ChannelOnboardingAdapter,
+  ChannelOnboardingDmPolicy,
+} from "../../../src/channels/plugins/onboarding-types.js";
+import {
+  applySingleTokenPromptResult,
+  patchChannelConfigForAccount,
+  promptSingleChannelSecretInput,
+  promptResolvedAllowFrom,
+  resolveAccountIdForConfigure,
+  resolveOnboardingAccountId,
+  setChannelDmPolicyWithAllowFrom,
+  setOnboardingChannelEnabled,
+  splitOnboardingEntries,
+} from "../../../src/channels/plugins/onboarding/helpers.js";
+import { formatCliCommand } from "../../../src/cli/command-format.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { hasConfiguredSecretInput } from "../../../src/config/types.secrets.js";
+import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js";
+import { formatDocsLink } from "../../../src/terminal/links.js";
+import type { WizardPrompter } from "../../../src/wizard/prompts.js";
+import { inspectTelegramAccount } from "./account-inspect.js";
+import {
+  listTelegramAccountIds,
+  resolveDefaultTelegramAccountId,
+  resolveTelegramAccount,
+} from "./accounts.js";
+import { fetchTelegramChatId } from "./api-fetch.js";
+
+const channel = "telegram" as const;
+
+async function noteTelegramTokenHelp(prompter: WizardPrompter): Promise<void> {
+  await prompter.note(
+    [
+      "1) Open Telegram and chat with @BotFather",
+      "2) Run /newbot (or /mybots)",
+      "3) Copy the token (looks like 123456:ABC...)",
+      "Tip: you can also set TELEGRAM_BOT_TOKEN in your env.",
+      `Docs: ${formatDocsLink("/telegram")}`,
+      "Website: https://openclaw.ai",
+    ].join("\n"),
+    "Telegram bot token",
+  );
+}
+
+async function noteTelegramUserIdHelp(prompter: WizardPrompter): Promise<void> {
+  await prompter.note(
+    [
+      `1) DM your bot, then read from.id in \`${formatCliCommand("openclaw logs --follow")}\` (safest)`,
+      "2) Or call https://api.telegram.org/bot<bot_token>/getUpdates and read message.from.id",
+      "3) Third-party: DM @userinfobot or @getidsbot",
+      `Docs: ${formatDocsLink("/telegram")}`,
+      "Website: https://openclaw.ai",
+    ].join("\n"),
+    "Telegram user id",
+  );
+}
+
+export function normalizeTelegramAllowFromInput(raw: string): string {
+  return raw
+    .trim()
+    .replace(/^(telegram|tg):/i, "")
+    .trim();
+}
+
+export function parseTelegramAllowFromId(raw: string): string | null {
+  const stripped = normalizeTelegramAllowFromInput(raw);
+  return /^\d+$/.test(stripped) ? stripped : null;
+}
+
+async function promptTelegramAllowFrom(params: {
+  cfg: OpenClawConfig;
+  prompter: WizardPrompter;
+  accountId: string;
+  tokenOverride?: string;
+}): Promise<OpenClawConfig> {
+  const { cfg, prompter, accountId } = params;
+  const resolved = resolveTelegramAccount({ cfg, accountId });
+  const existingAllowFrom = resolved.config.allowFrom ?? [];
+  await noteTelegramUserIdHelp(prompter);
+
+  const token = params.tokenOverride?.trim() || resolved.token;
+  if (!token) {
+    await prompter.note("Telegram token missing; username lookup is unavailable.", "Telegram");
+  }
+  const unique = await promptResolvedAllowFrom({
+    prompter,
+    existing: existingAllowFrom,
+    token,
+    message: "Telegram allowFrom (numeric sender id; @username resolves to id)",
+    placeholder: "@username",
+    label: "Telegram allowlist",
+    parseInputs: splitOnboardingEntries,
+    parseId: parseTelegramAllowFromId,
+    invalidWithoutTokenNote:
+      "Telegram token missing; use numeric sender ids (usernames require a bot token).",
+    resolveEntries: async ({ token: tokenValue, entries }) => {
+      const results = await Promise.all(
+        entries.map(async (entry) => {
+          const numericId = parseTelegramAllowFromId(entry);
+          if (numericId) {
+            return { input: entry, resolved: true, id: numericId };
+          }
+          const stripped = normalizeTelegramAllowFromInput(entry);
+          if (!stripped) {
+            return { input: entry, resolved: false, id: null };
+          }
+          const username = stripped.startsWith("@") ? stripped : `@${stripped}`;
+          const id = await fetchTelegramChatId({ token: tokenValue, chatId: username });
+          return { input: entry, resolved: Boolean(id), id };
+        }),
+      );
+      return results;
+    },
+  });
+
+  return patchChannelConfigForAccount({
+    cfg,
+    channel: "telegram",
+    accountId,
+    patch: { dmPolicy: "allowlist", allowFrom: unique },
+  });
+}
+
+async function promptTelegramAllowFromForAccount(params: {
+  cfg: OpenClawConfig;
+  prompter: WizardPrompter;
+  accountId?: string;
+}): Promise<OpenClawConfig> {
+  const accountId = resolveOnboardingAccountId({
+    accountId: params.accountId,
+    defaultAccountId: resolveDefaultTelegramAccountId(params.cfg),
+  });
+  return promptTelegramAllowFrom({
+    cfg: params.cfg,
+    prompter: params.prompter,
+    accountId,
+  });
+}
+
+const dmPolicy: ChannelOnboardingDmPolicy = {
+  label: "Telegram",
+  channel,
+  policyKey: "channels.telegram.dmPolicy",
+  allowFromKey: "channels.telegram.allowFrom",
+  getCurrent: (cfg) => cfg.channels?.telegram?.dmPolicy ?? "pairing",
+  setPolicy: (cfg, policy) =>
+    setChannelDmPolicyWithAllowFrom({
+      cfg,
+      channel: "telegram",
+      dmPolicy: policy,
+    }),
+  promptAllowFrom: promptTelegramAllowFromForAccount,
+};
+
+export const telegramOnboardingAdapter: ChannelOnboardingAdapter = {
+  channel,
+  getStatus: async ({ cfg }) => {
+    const configured = listTelegramAccountIds(cfg).some((accountId) => {
+      const account = inspectTelegramAccount({ cfg, accountId });
+      return account.configured;
+    });
+    return {
+      channel,
+      configured,
+      statusLines: [`Telegram: ${configured ? "configured" : "needs token"}`],
+      selectionHint: configured ? "recommended · configured" : "recommended · newcomer-friendly",
+      quickstartScore: configured ? 1 : 10,
+    };
+  },
+  configure: async ({
+    cfg,
+    prompter,
+    options,
+    accountOverrides,
+    shouldPromptAccountIds,
+    forceAllowFrom,
+  }) => {
+    const defaultTelegramAccountId = resolveDefaultTelegramAccountId(cfg);
+    const telegramAccountId = await resolveAccountIdForConfigure({
+      cfg,
+      prompter,
+      label: "Telegram",
+      accountOverride: accountOverrides.telegram,
+      shouldPromptAccountIds,
+      listAccountIds: listTelegramAccountIds,
+      defaultAccountId: defaultTelegramAccountId,
+    });
+
+    let next = cfg;
+    const resolvedAccount = resolveTelegramAccount({
+      cfg: next,
+      accountId: telegramAccountId,
+    });
+    const hasConfiguredBotToken = hasConfiguredSecretInput(resolvedAccount.config.botToken);
+    const hasConfigToken =
+      hasConfiguredBotToken || Boolean(resolvedAccount.config.tokenFile?.trim());
+    const accountConfigured = Boolean(resolvedAccount.token) || hasConfigToken;
+    const allowEnv = telegramAccountId === DEFAULT_ACCOUNT_ID;
+    const canUseEnv =
+      allowEnv && !hasConfigToken && Boolean(process.env.TELEGRAM_BOT_TOKEN?.trim());
+
+    if (!accountConfigured) {
+      await noteTelegramTokenHelp(prompter);
+    }
+
+    const tokenResult = await promptSingleChannelSecretInput({
+      cfg: next,
+      prompter,
+      providerHint: "telegram",
+      credentialLabel: "Telegram bot token",
+      secretInputMode: options?.secretInputMode,
+      accountConfigured,
+      canUseEnv,
+      hasConfigToken,
+      envPrompt: "TELEGRAM_BOT_TOKEN detected. Use env var?",
+      keepPrompt: "Telegram token already configured. Keep it?",
+      inputPrompt: "Enter Telegram bot token",
+      preferredEnvVar: allowEnv ? "TELEGRAM_BOT_TOKEN" : undefined,
+    });
+
+    let resolvedTokenForAllowFrom: string | undefined;
+    if (tokenResult.action === "use-env") {
+      next = applySingleTokenPromptResult({
+        cfg: next,
+        channel: "telegram",
+        accountId: telegramAccountId,
+        tokenPatchKey: "botToken",
+        tokenResult: { useEnv: true, token: null },
+      });
+      resolvedTokenForAllowFrom = process.env.TELEGRAM_BOT_TOKEN?.trim() || undefined;
+    } else if (tokenResult.action === "set") {
+      next = applySingleTokenPromptResult({
+        cfg: next,
+        channel: "telegram",
+        accountId: telegramAccountId,
+        tokenPatchKey: "botToken",
+        tokenResult: { useEnv: false, token: tokenResult.value },
+      });
+      resolvedTokenForAllowFrom = tokenResult.resolvedValue;
+    }
+
+    if (forceAllowFrom) {
+      next = await promptTelegramAllowFrom({
+        cfg: next,
+        prompter,
+        accountId: telegramAccountId,
+        tokenOverride: resolvedTokenForAllowFrom,
+      });
+    }
+
+    return { cfg: next, accountId: telegramAccountId };
+  },
+  dmPolicy,
+  disable: (cfg) => setOnboardingChannelEnabled(cfg, channel, false),
+};
diff --git a/extensions/telegram/src/outbound-adapter.ts b/extensions/telegram/src/outbound-adapter.ts
new file mode 100644
index 00000000000..7fcbd564e67
--- /dev/null
+++ b/extensions/telegram/src/outbound-adapter.ts
@@ -0,0 +1,163 @@
+import type { ReplyPayload } from "../../../src/auto-reply/types.js";
+import {
+  resolvePayloadMediaUrls,
+  sendPayloadMediaSequence,
+} from "../../../src/channels/plugins/outbound/direct-text-media.js";
+import type { ChannelOutboundAdapter } from "../../../src/channels/plugins/types.js";
+import {
+  resolveOutboundSendDep,
+  type OutboundSendDeps,
+} from "../../../src/infra/outbound/send-deps.js";
+import type { TelegramInlineButtons } from "./button-types.js";
+import { markdownToTelegramHtmlChunks } from "./format.js";
+import { parseTelegramReplyToMessageId, parseTelegramThreadId } from "./outbound-params.js";
+import { sendMessageTelegram } from "./send.js";
+
+type TelegramSendFn = typeof sendMessageTelegram;
+type TelegramSendOpts = Parameters<TelegramSendFn>[2];
+
+function resolveTelegramSendContext(params: {
+  cfg: NonNullable<TelegramSendOpts>["cfg"];
+  deps?: OutboundSendDeps;
+  accountId?: string | null;
+  replyToId?: string | null;
+  threadId?: string | number | null;
+}): {
+  send: TelegramSendFn;
+  baseOpts: {
+    cfg: NonNullable<TelegramSendOpts>["cfg"];
+    verbose: false;
+    textMode: "html";
+    messageThreadId?: number;
+    replyToMessageId?: number;
+    accountId?: string;
+  };
+} {
+  const send =
+    resolveOutboundSendDep<TelegramSendFn>(params.deps, "telegram") ?? sendMessageTelegram;
+  return {
+    send,
+    baseOpts: {
+      verbose: false,
+      textMode: "html",
+      cfg: params.cfg,
+      messageThreadId: parseTelegramThreadId(params.threadId),
+      replyToMessageId: parseTelegramReplyToMessageId(params.replyToId),
+      accountId: params.accountId ?? undefined,
+    },
+  };
+}
+
+export async function sendTelegramPayloadMessages(params: {
+  send: TelegramSendFn;
+  to: string;
+  payload: ReplyPayload;
+  baseOpts: Omit<NonNullable<TelegramSendOpts>, "buttons" | "mediaUrl" | "quoteText">;
+}): Promise<Awaited<ReturnType<TelegramSendFn>>> {
+  const telegramData = params.payload.channelData?.telegram as
+    | { buttons?: TelegramInlineButtons; quoteText?: string }
+    | undefined;
+  const quoteText =
+    typeof telegramData?.quoteText === "string" ? telegramData.quoteText : undefined;
+  const text = params.payload.text ?? "";
+  const mediaUrls = resolvePayloadMediaUrls(params.payload);
+  const payloadOpts = {
+    ...params.baseOpts,
+    quoteText,
+  };
+
+  if (mediaUrls.length === 0) {
+    return await params.send(params.to, text, {
+      ...payloadOpts,
+      buttons: telegramData?.buttons,
+    });
+  }
+
+  // Telegram allows reply_markup on media; attach buttons only to the first send.
+  const finalResult = await sendPayloadMediaSequence({
+    text,
+    mediaUrls,
+    send: async ({ text, mediaUrl, isFirst }) =>
+      await params.send(params.to, text, {
+        ...payloadOpts,
+        mediaUrl,
+        ...(isFirst ? { buttons: telegramData?.buttons } : {}),
+      }),
+  });
+  return finalResult ?? { messageId: "unknown", chatId: params.to };
+}
+
+export const telegramOutbound: ChannelOutboundAdapter = {
+  deliveryMode: "direct",
+  chunker: markdownToTelegramHtmlChunks,
+  chunkerMode: "markdown",
+  textChunkLimit: 4000,
+  sendText: async ({ cfg, to, text, accountId, deps, replyToId, threadId }) => {
+    const { send, baseOpts } = resolveTelegramSendContext({
+      cfg,
+      deps,
+      accountId,
+      replyToId,
+      threadId,
+    });
+    const result = await send(to, text, {
+      ...baseOpts,
+    });
+    return { channel: "telegram", ...result };
+  },
+  sendMedia: async ({
+    cfg,
+    to,
+    text,
+    mediaUrl,
+    mediaLocalRoots,
+    accountId,
+    deps,
+    replyToId,
+    threadId,
+    forceDocument,
+  }) => {
+    const { send, baseOpts } = resolveTelegramSendContext({
+      cfg,
+      deps,
+      accountId,
+      replyToId,
+      threadId,
+    });
+    const result = await send(to, text, {
+      ...baseOpts,
+      mediaUrl,
+      mediaLocalRoots,
+      forceDocument: forceDocument ?? false,
+    });
+    return { channel: "telegram", ...result };
+  },
+  sendPayload: async ({
+    cfg,
+    to,
+    payload,
+    mediaLocalRoots,
+    accountId,
+    deps,
+    replyToId,
+    threadId,
+  }) => {
+    const { send, baseOpts } = resolveTelegramSendContext({
+      cfg,
+      deps,
+      accountId,
+      replyToId,
+      threadId,
+    });
+    const result = await sendTelegramPayloadMessages({
+      send,
+      to,
+      payload,
+      baseOpts: {
+        ...baseOpts,
+        mediaLocalRoots,
+      },
+    });
+    return { channel: "telegram", ...result };
+  },
+};
diff --git a/src/telegram/outbound-params.ts b/extensions/telegram/src/outbound-params.ts
similarity index 100%
rename from src/telegram/outbound-params.ts
rename to extensions/telegram/src/outbound-params.ts
diff --git a/src/telegram/polling-session.ts b/extensions/telegram/src/polling-session.ts
similarity index 97%
rename from src/telegram/polling-session.ts
rename to extensions/telegram/src/polling-session.ts
index 3a78747e41f..5506ce4e434 100644
--- a/src/telegram/polling-session.ts
+++ b/extensions/telegram/src/polling-session.ts
@@ -1,7 +1,7 @@
 import { type RunOptions, run } from "@grammyjs/runner";
-import { computeBackoff, sleepWithAbort } from "../infra/backoff.js";
-import { formatErrorMessage } from "../infra/errors.js";
-import { formatDurationPrecise } from "../infra/format-time/format-duration.ts";
+import { computeBackoff, sleepWithAbort } from "../../../src/infra/backoff.js";
+import { formatErrorMessage } from "../../../src/infra/errors.js";
+import { formatDurationPrecise } from "../../../src/infra/format-time/format-duration.ts";
 import { withTelegramApiErrorLogging } from "./api-logging.js";
 import { createTelegramBot } from "./bot.js";
 import { isRecoverableTelegramNetworkError } from "./network-errors.js";
diff --git a/src/telegram/probe.test.ts b/extensions/telegram/src/probe.test.ts
similarity index 99%
rename from src/telegram/probe.test.ts
rename to extensions/telegram/src/probe.test.ts
index 7006d14a2f7..23a2051cfa0 100644
--- a/src/telegram/probe.test.ts
+++ b/extensions/telegram/src/probe.test.ts
@@ -1,5 +1,5 @@
 import { afterEach, type Mock, describe, expect, it, vi } from "vitest";
-import { withFetchPreconnect } from "../test-utils/fetch-mock.js";
+import { withFetchPreconnect } from "../../../src/test-utils/fetch-mock.js";
 import { probeTelegram, resetTelegramProbeFetcherCacheForTests } from "./probe.js";
 
 const resolveTelegramFetch = vi.hoisted(() => vi.fn());
diff --git a/src/telegram/probe.ts b/extensions/telegram/src/probe.ts
similarity index 96%
rename from src/telegram/probe.ts
rename to extensions/telegram/src/probe.ts
index 8311506e455..8a12161470a 100644
--- a/src/telegram/probe.ts
+++ b/extensions/telegram/src/probe.ts
@@ -1,6 +1,6 @@
-import type { BaseProbeResult } from "../channels/plugins/types.js";
-import type { TelegramNetworkConfig } from "../config/types.telegram.js";
-import { fetchWithTimeout } from "../utils/fetch-timeout.js";
+import type { BaseProbeResult } from "../../../src/channels/plugins/types.js";
+import type { TelegramNetworkConfig } from "../../../src/config/types.telegram.js";
+import { fetchWithTimeout } from "../../../src/utils/fetch-timeout.js";
 import { resolveTelegramFetch } from "./fetch.js";
 import { makeProxyFetch } from "./proxy.js";
 
diff --git a/src/telegram/proxy.test.ts b/extensions/telegram/src/proxy.test.ts
similarity index 100%
rename from src/telegram/proxy.test.ts
rename to extensions/telegram/src/proxy.test.ts
diff --git a/extensions/telegram/src/proxy.ts b/extensions/telegram/src/proxy.ts
new file mode 100644
index 00000000000..d74710c9cbd
--- /dev/null
+++ b/extensions/telegram/src/proxy.ts
@@ -0,0 +1 @@
+export { getProxyUrlFromFetch, makeProxyFetch } from "../../../src/infra/net/proxy-fetch.js";
diff --git a/src/telegram/reaction-level.test.ts b/extensions/telegram/src/reaction-level.test.ts
similarity index 98%
rename from src/telegram/reaction-level.test.ts
rename to extensions/telegram/src/reaction-level.test.ts
index 6cc8e2dd39d..612a8eec424 100644
--- a/src/telegram/reaction-level.test.ts
+++ b/extensions/telegram/src/reaction-level.test.ts
@@ -1,5 +1,5 @@
 import { afterAll, beforeAll, describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { resolveTelegramReactionLevel } from "./reaction-level.js";
 
 type ReactionResolution = ReturnType<typeof resolveTelegramReactionLevel>;
diff --git a/src/telegram/reaction-level.ts b/extensions/telegram/src/reaction-level.ts
similarity index 86%
rename from src/telegram/reaction-level.ts
rename to extensions/telegram/src/reaction-level.ts
index 98873a05180..4597ce0602e 100644
--- a/src/telegram/reaction-level.ts
+++ b/extensions/telegram/src/reaction-level.ts
@@ -1,9 +1,9 @@
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import {
   resolveReactionLevel,
   type ReactionLevel,
   type ResolvedReactionLevel as BaseResolvedReactionLevel,
-} from "../utils/reaction-level.js";
+} from "../../../src/utils/reaction-level.js";
 import { resolveTelegramAccount } from "./accounts.js";
 
 export type TelegramReactionLevel = ReactionLevel;
diff --git a/src/telegram/reasoning-lane-coordinator.test.ts b/extensions/telegram/src/reasoning-lane-coordinator.test.ts
similarity index 100%
rename from src/telegram/reasoning-lane-coordinator.test.ts
rename to extensions/telegram/src/reasoning-lane-coordinator.test.ts
diff --git a/src/telegram/reasoning-lane-coordinator.ts b/extensions/telegram/src/reasoning-lane-coordinator.ts
similarity index 90%
rename from src/telegram/reasoning-lane-coordinator.ts
rename to extensions/telegram/src/reasoning-lane-coordinator.ts
index a0207a39c72..4bc0da94dfe 100644
--- a/src/telegram/reasoning-lane-coordinator.ts
+++ b/extensions/telegram/src/reasoning-lane-coordinator.ts
@@ -1,7 +1,7 @@
-import { formatReasoningMessage } from "../agents/pi-embedded-utils.js";
-import type { ReplyPayload } from "../auto-reply/types.js";
-import { findCodeRegions, isInsideCode } from "../shared/text/code-regions.js";
-import { stripReasoningTagsFromText } from "../shared/text/reasoning-tags.js";
+import { formatReasoningMessage } from "../../../src/agents/pi-embedded-utils.js";
+import type { ReplyPayload } from "../../../src/auto-reply/types.js";
+import { findCodeRegions, isInsideCode } from "../../../src/shared/text/code-regions.js";
+import { stripReasoningTagsFromText } from "../../../src/shared/text/reasoning-tags.js";
 
 const REASONING_MESSAGE_PREFIX = "Reasoning:\n";
 const REASONING_TAG_PREFIXES = [
diff --git a/src/telegram/send.proxy.test.ts b/extensions/telegram/src/send.proxy.test.ts
similarity index 96%
rename from src/telegram/send.proxy.test.ts
rename to extensions/telegram/src/send.proxy.test.ts
index 8e16078a67c..6c17b33fe38 100644
--- a/src/telegram/send.proxy.test.ts
+++ b/extensions/telegram/src/send.proxy.test.ts
@@ -21,8 +21,8 @@ const { resolveTelegramFetch } = vi.hoisted(() => ({
   resolveTelegramFetch: vi.fn(),
 }));
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig,
diff --git a/src/telegram/send.test-harness.ts b/extensions/telegram/src/send.test-harness.ts
similarity index 88%
rename from src/telegram/send.test-harness.ts
rename to extensions/telegram/src/send.test-harness.ts
index b8092034a95..6d53a3d20e7 100644
--- a/src/telegram/send.test-harness.ts
+++ b/extensions/telegram/src/send.test-harness.ts
@@ -1,5 +1,5 @@
 import { beforeEach, vi } from "vitest";
-import type { MockFn } from "../test-utils/vitest-mock-fn.js";
+import type { MockFn } from "../../../src/test-utils/vitest-mock-fn.js";
 
 const { botApi, botCtorSpy } = vi.hoisted(() => ({
   botApi: {
@@ -40,7 +40,7 @@ type TelegramSendTestMocks = {
   maybePersistResolvedTelegramTarget: MockFn;
 };
 
-vi.mock("../web/media.js", () => ({
+vi.mock("../../whatsapp/src/media.js", () => ({
   loadWebMedia,
 }));
 
@@ -60,8 +60,8 @@ vi.mock("grammy", () => ({
   InputFile: class {},
 }));
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig,
diff --git a/src/telegram/send.test.ts b/extensions/telegram/src/send.test.ts
similarity index 95%
rename from src/telegram/send.test.ts
rename to extensions/telegram/src/send.test.ts
index f2875af1dc0..7a29ecf07de 100644
--- a/src/telegram/send.test.ts
+++ b/extensions/telegram/src/send.test.ts
@@ -1,6 +1,6 @@
 import type { Bot } from "grammy";
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { importFreshModule } from "../../test/helpers/import-fresh.js";
+import { importFreshModule } from "../../../test/helpers/import-fresh.js";
 import {
   getTelegramSendTestMocks,
   importTelegramSendModule,
@@ -775,10 +775,11 @@ describe("sendMessageTelegram", () => {
     }
   });
 
-  it("retries on transient errors with retry_after", async () => {
+  it("retries pre-connect send errors and honors retry_after when present", async () => {
     vi.useFakeTimers();
     const chatId = "123";
-    const err = Object.assign(new Error("429"), {
+    const err = Object.assign(new Error("getaddrinfo ENOTFOUND api.telegram.org"), {
+      code: "ENOTFOUND",
       parameters: { retry_after: 0.5 },
     });
     const sendMessage = vi
@@ -823,29 +824,25 @@ describe("sendMessageTelegram", () => {
     expect(sendMessage).toHaveBeenCalledTimes(1);
   });
 
-  it("retries when grammY network envelope message includes failed-after wording", async () => {
+  it("does not retry generic grammY failed-after envelopes for non-idempotent sends", async () => {
     const chatId = "123";
     const sendMessage = vi
       .fn()
       .mockRejectedValueOnce(
         new Error("Network request for 'sendMessage' failed after 1 attempts."),
-      )
-      .mockResolvedValueOnce({
-        message_id: 7,
-        chat: { id: chatId },
-      });
+      );
     const api = { sendMessage } as unknown as {
       sendMessage: typeof sendMessage;
     };
 
-    const result = await sendMessageTelegram(chatId, "hi", {
-      token: "tok",
-      api,
-      retry: { attempts: 2, minDelayMs: 0, maxDelayMs: 0, jitter: 0 },
-    });
-
-    expect(sendMessage).toHaveBeenCalledTimes(2);
-    expect(result).toEqual({ messageId: "7", chatId });
+    await expect(
+      sendMessageTelegram(chatId, "hi", {
+        token: "tok",
+        api,
+        retry: { attempts: 2, minDelayMs: 0, maxDelayMs: 0, jitter: 0 },
+      }),
+    ).rejects.toThrow(/failed after 1 attempts/i);
+    expect(sendMessage).toHaveBeenCalledTimes(1);
   });
 
   it("sends GIF media as animation", async () => {
@@ -877,6 +874,87 @@ describe("sendMessageTelegram", () => {
     expect(res.messageId).toBe("9");
   });
 
+  it.each([
+    {
+      name: "images",
+      buffer: Buffer.from("fake-image"),
+      contentType: "image/png",
+      fileName: "photo.png",
+      mediaUrl: "https://example.com/photo.png",
+    },
+    {
+      name: "GIFs",
+      buffer: Buffer.from("GIF89a"),
+      contentType: "image/gif",
+      fileName: "fun.gif",
+      mediaUrl: "https://example.com/fun.gif",
+    },
+  ])("sends $name as documents when forceDocument is true", async (testCase) => {
+    const chatId = "123";
+    const sendAnimation = vi.fn();
+    const sendDocument = vi.fn().mockResolvedValue({
+      message_id: 10,
+      chat: { id: chatId },
+    });
+    const sendPhoto = vi.fn();
+    const api = { sendAnimation, sendDocument, sendPhoto } as unknown as {
+      sendAnimation: typeof sendAnimation;
+      sendDocument: typeof sendDocument;
+      sendPhoto: typeof sendPhoto;
+    };
+
+    mockLoadedMedia({
+      buffer: testCase.buffer,
+      contentType: testCase.contentType,
+      fileName: testCase.fileName,
+    });
+
+    const res = await sendMessageTelegram(chatId, "caption", {
+      token: "tok",
+      api,
+      mediaUrl: testCase.mediaUrl,
+      forceDocument: true,
+    });
+
+    expect(sendDocument, testCase.name).toHaveBeenCalledWith(chatId, expect.anything(), {
+      caption: "caption",
+      parse_mode: "HTML",
+      disable_content_type_detection: true,
+    });
+    expect(sendPhoto, testCase.name).not.toHaveBeenCalled();
+    expect(sendAnimation, testCase.name).not.toHaveBeenCalled();
+    expect(res.messageId).toBe("10");
+  });
+
+  it("keeps regular document sends on the default Telegram params", async () => {
+    const chatId = "123";
+    const sendDocument = vi.fn().mockResolvedValue({
+      message_id: 11,
+      chat: { id: chatId },
+    });
+    const api = { sendDocument } as unknown as {
+      sendDocument: typeof sendDocument;
+    };
+
+    mockLoadedMedia({
+      buffer: Buffer.from("%PDF-1.7"),
+      contentType: "application/pdf",
+      fileName: "report.pdf",
+    });
+
+    const res = await sendMessageTelegram(chatId, "caption", {
+      token: "tok",
+      api,
+      mediaUrl: "https://example.com/report.pdf",
+    });
+
+    expect(sendDocument).toHaveBeenCalledWith(chatId, expect.anything(), {
+      caption: "caption",
+      parse_mode: "HTML",
+    });
+    expect(res.messageId).toBe("11");
+  });
+
   it("routes audio media to sendAudio/sendVoice based on voice compatibility", async () => {
     const cases: Array<{
       name: string;
diff --git a/src/telegram/send.ts b/extensions/telegram/src/send.ts
similarity index 96%
rename from src/telegram/send.ts
rename to extensions/telegram/src/send.ts
index 5261887779f..e7d2c48e9fc 100644
--- a/src/telegram/send.ts
+++ b/extensions/telegram/src/send.ts
@@ -5,21 +5,21 @@ import type {
   ReactionTypeEmoji,
 } from "@grammyjs/types";
 import { type ApiClientOptions, Bot, HttpError, InputFile } from "grammy";
-import { loadConfig } from "../config/config.js";
-import { resolveMarkdownTableMode } from "../config/markdown-tables.js";
-import { logVerbose } from "../globals.js";
-import { recordChannelActivity } from "../infra/channel-activity.js";
-import { isDiagnosticFlagEnabled } from "../infra/diagnostic-flags.js";
-import { formatErrorMessage, formatUncaughtError } from "../infra/errors.js";
-import { createTelegramRetryRunner } from "../infra/retry-policy.js";
-import type { RetryConfig } from "../infra/retry.js";
-import { redactSensitiveText } from "../logging/redact.js";
-import { createSubsystemLogger } from "../logging/subsystem.js";
-import type { MediaKind } from "../media/constants.js";
-import { buildOutboundMediaLoadOptions } from "../media/load-options.js";
-import { isGifMedia, kindFromMime } from "../media/mime.js";
-import { normalizePollInput, type PollInput } from "../polls.js";
-import { loadWebMedia } from "../web/media.js";
+import { loadConfig } from "../../../src/config/config.js";
+import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js";
+import { logVerbose } from "../../../src/globals.js";
+import { recordChannelActivity } from "../../../src/infra/channel-activity.js";
+import { isDiagnosticFlagEnabled } from "../../../src/infra/diagnostic-flags.js";
+import { formatErrorMessage, formatUncaughtError } from "../../../src/infra/errors.js";
+import { createTelegramRetryRunner } from "../../../src/infra/retry-policy.js";
+import type { RetryConfig } from "../../../src/infra/retry.js";
+import { redactSensitiveText } from "../../../src/logging/redact.js";
+import { createSubsystemLogger } from "../../../src/logging/subsystem.js";
+import type { MediaKind } from "../../../src/media/constants.js";
+import { buildOutboundMediaLoadOptions } from "../../../src/media/load-options.js";
+import { isGifMedia, kindFromMime } from "../../../src/media/mime.js";
+import { normalizePollInput, type PollInput } from "../../../src/polls.js";
+import { loadWebMedia } from "../../whatsapp/src/media.js";
 import { type ResolvedTelegramAccount, resolveTelegramAccount } from "./accounts.js";
 import { withTelegramApiErrorLogging } from "./api-logging.js";
 import { buildTelegramThreadParams, buildTypingThreadParams } from "./bot/helpers.js";
@@ -71,6 +71,8 @@ type TelegramSendOpts = {
   messageThreadId?: number;
   /** Inline keyboard buttons (reply markup). */
   buttons?: TelegramInlineButtons;
+  /** Send image as document to avoid Telegram compression. Defaults to false. */
+  forceDocument?: boolean;
 };
 
 type TelegramSendResult = {
@@ -763,6 +765,7 @@ export async function sendMessageTelegram(
       buildOutboundMediaLoadOptions({
         maxBytes: mediaMaxBytes,
         mediaLocalRoots: opts.mediaLocalRoots,
+        optimizeImages: opts.forceDocument ? false : undefined,
       }),
     );
     const kind = kindFromMime(media.contentType ?? undefined);
@@ -815,7 +818,7 @@ export async function sendMessageTelegram(
       );
 
     const mediaSender = (() => {
-      if (isGif) {
+      if (isGif && !opts.forceDocument) {
         return {
           label: "animation",
           sender: (effectiveParams: Record<string, unknown> | undefined) =>
@@ -826,7 +829,7 @@ export async function sendMessageTelegram(
             ) as Promise<TelegramMessageLike>,
         };
       }
-      if (kind === "image") {
+      if (kind === "image" && !opts.forceDocument) {
         return {
           label: "photo",
           sender: (effectiveParams: Record<string, unknown> | undefined) =>
@@ -893,7 +896,11 @@ export async function sendMessageTelegram(
           api.sendDocument(
             chatId,
             file,
-            effectiveParams as Parameters<typeof api.sendDocument>[2],
+            // Only force Telegram to keep the uploaded media type when callers explicitly
+            // opt into document delivery for image/GIF uploads.
+            (opts.forceDocument
+              ? { ...effectiveParams, disable_content_type_detection: true }
+              : effectiveParams) as Parameters<typeof api.sendDocument>[2],
           ) as Promise<TelegramMessageLike>,
       };
     })();
diff --git a/src/telegram/sendchataction-401-backoff.test.ts b/extensions/telegram/src/sendchataction-401-backoff.test.ts
similarity index 96%
rename from src/telegram/sendchataction-401-backoff.test.ts
rename to extensions/telegram/src/sendchataction-401-backoff.test.ts
index 4fbaaaaf9e5..302a3b19c4d 100644
--- a/src/telegram/sendchataction-401-backoff.test.ts
+++ b/extensions/telegram/src/sendchataction-401-backoff.test.ts
@@ -2,8 +2,8 @@ import { describe, expect, it, vi } from "vitest";
 import { createTelegramSendChatActionHandler } from "./sendchataction-401-backoff.js";
 
 // Mock the backoff sleep to avoid real delays in tests
-vi.mock("../infra/backoff.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../infra/backoff.js")>();
+vi.mock("../../../src/infra/backoff.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/infra/backoff.js")>();
   return {
     ...actual,
     sleepWithAbort: vi.fn().mockResolvedValue(undefined),
diff --git a/src/telegram/sendchataction-401-backoff.ts b/extensions/telegram/src/sendchataction-401-backoff.ts
similarity index 99%
rename from src/telegram/sendchataction-401-backoff.ts
rename to extensions/telegram/src/sendchataction-401-backoff.ts
index f87915961c0..72ac8690403 100644
--- a/src/telegram/sendchataction-401-backoff.ts
+++ b/extensions/telegram/src/sendchataction-401-backoff.ts
@@ -1,4 +1,4 @@
-import { computeBackoff, sleepWithAbort, type BackoffPolicy } from "../infra/backoff.js";
+import { computeBackoff, sleepWithAbort, type BackoffPolicy } from "../../../src/infra/backoff.js";
 
 export type TelegramSendChatActionLogger = (message: string) => void;
 
diff --git a/src/telegram/sent-message-cache.ts b/extensions/telegram/src/sent-message-cache.ts
similarity index 95%
rename from src/telegram/sent-message-cache.ts
rename to extensions/telegram/src/sent-message-cache.ts
index 974510669e7..49a6ab4c3d9 100644
--- a/src/telegram/sent-message-cache.ts
+++ b/extensions/telegram/src/sent-message-cache.ts
@@ -1,4 +1,4 @@
-import { resolveGlobalMap } from "../shared/global-singleton.js";
+import { resolveGlobalMap } from "../../../src/shared/global-singleton.js";
 
 /**
  * In-memory cache of sent message IDs per chat.
diff --git a/src/telegram/sequential-key.test.ts b/extensions/telegram/src/sequential-key.test.ts
similarity index 88%
rename from src/telegram/sequential-key.test.ts
rename to extensions/telegram/src/sequential-key.test.ts
index 7dc09af2596..d06e1c547a3 100644
--- a/src/telegram/sequential-key.test.ts
+++ b/extensions/telegram/src/sequential-key.test.ts
@@ -60,6 +60,20 @@ describe("getTelegramSequentialKey", () => {
       "telegram:123:control",
     ],
     [{ message: mockMessage({ chat: mockChat({ id: 123 }), text: "/status" }) }, "telegram:123"],
+    [
+      { message: mockMessage({ chat: mockChat({ id: 123 }), text: "/btw what is the time?" }) },
+      "telegram:123:btw:1",
+    ],
+    [
+      {
+        me: { username: "openclaw_bot" } as never,
+        message: mockMessage({
+          chat: mockChat({ id: 123 }),
+          text: "/btw@openclaw_bot what is the time?",
+        }),
+      },
+      "telegram:123:btw:1",
+    ],
     [
       { message: mockMessage({ chat: mockChat({ id: 123 }), text: "stop" }) },
       "telegram:123:control",
diff --git a/src/telegram/sequential-key.ts b/extensions/telegram/src/sequential-key.ts
similarity index 77%
rename from src/telegram/sequential-key.ts
rename to extensions/telegram/src/sequential-key.ts
index 3e787055e0d..334c18dc485 100644
--- a/src/telegram/sequential-key.ts
+++ b/extensions/telegram/src/sequential-key.ts
@@ -1,5 +1,6 @@
 import { type Message, type UserFromGetMe } from "@grammyjs/types";
-import { isAbortRequestText } from "../auto-reply/reply/abort.js";
+import { isAbortRequestText } from "../../../src/auto-reply/reply/abort.js";
+import { isBtwRequestText } from "../../../src/auto-reply/reply/btw-command.js";
 import { resolveTelegramForumThreadId } from "./bot/helpers.js";
 
 export type TelegramSequentialKeyContext = {
@@ -41,6 +42,16 @@ export function getTelegramSequentialKey(ctx: TelegramSequentialKeyContext): str
     }
     return "telegram:control";
   }
+  if (isBtwRequestText(rawText, botUsername ? { botUsername } : undefined)) {
+    const messageId = msg?.message_id;
+    if (typeof chatId === "number" && typeof messageId === "number") {
+      return `telegram:${chatId}:btw:${messageId}`;
+    }
+    if (typeof chatId === "number") {
+      return `telegram:${chatId}:btw`;
+    }
+    return "telegram:btw";
+  }
   const isGroup = msg?.chat?.type === "group" || msg?.chat?.type === "supergroup";
   const messageThreadId = msg?.message_thread_id;
   const isForum = msg?.chat?.is_forum;
diff --git a/extensions/telegram/src/status-issues.ts b/extensions/telegram/src/status-issues.ts
new file mode 100644
index 00000000000..b970f533dd0
--- /dev/null
+++ b/extensions/telegram/src/status-issues.ts
@@ -0,0 +1,148 @@
+import {
+  appendMatchMetadata,
+  asString,
+  isRecord,
+  resolveEnabledConfiguredAccountId,
+} from "../../../src/channels/plugins/status-issues/shared.js";
+import type {
+  ChannelAccountSnapshot,
+  ChannelStatusIssue,
+} from "../../../src/channels/plugins/types.js";
+
+type TelegramAccountStatus = {
+  accountId?: unknown;
+  enabled?: unknown;
+  configured?: unknown;
+  allowUnmentionedGroups?: unknown;
+  audit?: unknown;
+};
+
+type TelegramGroupMembershipAuditSummary = {
+  unresolvedGroups?: number;
+  hasWildcardUnmentionedGroups?: boolean;
+  groups?: Array<{
+    chatId: string;
+    ok?: boolean;
+    status?: string | null;
+    error?: string | null;
+    matchKey?: string;
+    matchSource?: string;
+  }>;
+};
+
+function readTelegramAccountStatus(value: ChannelAccountSnapshot): TelegramAccountStatus | null {
+  if (!isRecord(value)) {
+    return null;
+  }
+  return {
+    accountId: value.accountId,
+    enabled: value.enabled,
+    configured: value.configured,
+    allowUnmentionedGroups: value.allowUnmentionedGroups,
+    audit: value.audit,
+  };
+}
+
+function readTelegramGroupMembershipAuditSummary(
+  value: unknown,
+): TelegramGroupMembershipAuditSummary {
+  if (!isRecord(value)) {
+    return {};
+  }
+  const unresolvedGroups =
+    typeof value.unresolvedGroups === "number" && Number.isFinite(value.unresolvedGroups)
+      ? value.unresolvedGroups
+      : undefined;
+  const hasWildcardUnmentionedGroups =
+    typeof value.hasWildcardUnmentionedGroups === "boolean"
+      ? value.hasWildcardUnmentionedGroups
+      : undefined;
+  const groupsRaw = value.groups;
+  const groups = Array.isArray(groupsRaw)
+    ? (groupsRaw
+        .map((entry) => {
+          if (!isRecord(entry)) {
+            return null;
+          }
+          const chatId = asString(entry.chatId);
+          if (!chatId) {
+            return null;
+          }
+          const ok = typeof entry.ok === "boolean" ? entry.ok : undefined;
+          const status = asString(entry.status) ?? null;
+          const error = asString(entry.error) ?? null;
+          const matchKey = asString(entry.matchKey) ?? undefined;
+          const matchSource = asString(entry.matchSource) ?? undefined;
+          return { chatId, ok, status, error, matchKey, matchSource };
+        })
+        .filter(Boolean) as TelegramGroupMembershipAuditSummary["groups"])
+    : undefined;
+  return { unresolvedGroups, hasWildcardUnmentionedGroups, groups };
+}
+
+export function collectTelegramStatusIssues(
+  accounts: ChannelAccountSnapshot[],
+): ChannelStatusIssue[] {
+  const issues: ChannelStatusIssue[] = [];
+  for (const entry of accounts) {
+    const account = readTelegramAccountStatus(entry);
+    if (!account) {
+      continue;
+    }
+    const accountId = resolveEnabledConfiguredAccountId(account);
+    if (!accountId) {
+      continue;
+    }
+
+    if (account.allowUnmentionedGroups === true) {
+      issues.push({
+        channel: "telegram",
+        accountId,
+        kind: "config",
+        message:
+          "Config allows unmentioned group messages (requireMention=false). Telegram Bot API privacy mode will block most group messages unless disabled.",
+        fix: "In BotFather run /setprivacy → Disable for this bot (then restart the gateway).",
+      });
+    }
+
+    const audit = readTelegramGroupMembershipAuditSummary(account.audit);
+    if (audit.hasWildcardUnmentionedGroups === true) {
+      issues.push({
+        channel: "telegram",
+        accountId,
+        kind: "config",
+        message:
+          'Telegram groups config uses "*" with requireMention=false; membership probing is not possible without explicit group IDs.',
+        fix: "Add explicit numeric group ids under channels.telegram.groups (or per-account groups) to enable probing.",
+      });
+    }
+    if (audit.unresolvedGroups && audit.unresolvedGroups > 0) {
+      issues.push({
+        channel: "telegram",
+        accountId,
+        kind: "config",
+        message: `Some configured Telegram groups are not numeric IDs (unresolvedGroups=${audit.unresolvedGroups}). Membership probe can only check numeric group IDs.`,
+        fix: "Use numeric chat IDs (e.g. -100...) as keys in channels.telegram.groups for requireMention=false groups.",
+      });
+    }
+    for (const group of audit.groups ?? []) {
+      if (group.ok === true) {
+        continue;
+      }
+      const status = group.status ? ` status=${group.status}` : "";
+      const err = group.error ? `: ${group.error}` : "";
+      const baseMessage = `Group ${group.chatId} not reachable by bot.${status}${err}`;
+      issues.push({
+        channel: "telegram",
+        accountId,
+        kind: "runtime",
+        message: appendMatchMetadata(baseMessage, {
+          matchKey: group.matchKey,
+          matchSource: group.matchSource,
+        }),
+        fix: "Invite the bot to the group, then DM the bot once (/start) and restart the gateway.",
+      });
+    }
+  }
+  return issues;
+}
diff --git a/src/telegram/status-reaction-variants.test.ts b/extensions/telegram/src/status-reaction-variants.test.ts
similarity index 98%
rename from src/telegram/status-reaction-variants.test.ts
rename to extensions/telegram/src/status-reaction-variants.test.ts
index 53d13e60ca8..123334fcaad 100644
--- a/src/telegram/status-reaction-variants.test.ts
+++ b/extensions/telegram/src/status-reaction-variants.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { DEFAULT_EMOJIS } from "../channels/status-reactions.js";
+import { DEFAULT_EMOJIS } from "../../../src/channels/status-reactions.js";
 import {
   buildTelegramStatusReactionVariants,
   extractTelegramAllowedEmojiReactions,
diff --git a/src/telegram/status-reaction-variants.ts b/extensions/telegram/src/status-reaction-variants.ts
similarity index 98%
rename from src/telegram/status-reaction-variants.ts
rename to extensions/telegram/src/status-reaction-variants.ts
index 9ce3d033eb0..6c5c80e9fd8 100644
--- a/src/telegram/status-reaction-variants.ts
+++ b/extensions/telegram/src/status-reaction-variants.ts
@@ -1,4 +1,7 @@
-import { DEFAULT_EMOJIS, type StatusReactionEmojis } from "../channels/status-reactions.js";
+import {
+  DEFAULT_EMOJIS,
+  type StatusReactionEmojis,
+} from "../../../src/channels/status-reactions.js";
 
 type StatusReactionEmojiKey = keyof Required<StatusReactionEmojis>;
 
diff --git a/src/telegram/sticker-cache.test.ts b/extensions/telegram/src/sticker-cache.test.ts
similarity index 97%
rename from src/telegram/sticker-cache.test.ts
rename to extensions/telegram/src/sticker-cache.test.ts
index 0c9ac280406..219ce421e62 100644
--- a/src/telegram/sticker-cache.test.ts
+++ b/extensions/telegram/src/sticker-cache.test.ts
@@ -10,8 +10,8 @@ import {
 } from "./sticker-cache.js";
 
 // Mock the state directory to use a temp location
-vi.mock("../config/paths.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/paths.js")>();
+vi.mock("../../../src/config/paths.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/paths.js")>();
   return {
     ...actual,
     STATE_DIR: "/tmp/openclaw-test-sticker-cache",
diff --git a/src/telegram/sticker-cache.ts b/extensions/telegram/src/sticker-cache.ts
similarity index 88%
rename from src/telegram/sticker-cache.ts
rename to extensions/telegram/src/sticker-cache.ts
index be8966b1eb5..e6cdfbd9015 100644
--- a/src/telegram/sticker-cache.ts
+++ b/extensions/telegram/src/sticker-cache.ts
@@ -1,19 +1,22 @@
 import fs from "node:fs/promises";
 import path from "node:path";
-import { resolveApiKeyForProvider } from "../agents/model-auth.js";
-import type { ModelCatalogEntry } from "../agents/model-catalog.js";
+import { resolveApiKeyForProvider } from "../../../src/agents/model-auth.js";
+import type { ModelCatalogEntry } from "../../../src/agents/model-catalog.js";
 import {
   findModelInCatalog,
   loadModelCatalog,
   modelSupportsVision,
-} from "../agents/model-catalog.js";
-import { resolveDefaultModelForAgent } from "../agents/model-selection.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { STATE_DIR } from "../config/paths.js";
-import { logVerbose } from "../globals.js";
-import { loadJsonFile, saveJsonFile } from "../infra/json-file.js";
-import { AUTO_IMAGE_KEY_PROVIDERS, DEFAULT_IMAGE_MODELS } from "../media-understanding/defaults.js";
-import { resolveAutoImageModel } from "../media-understanding/runner.js";
+} from "../../../src/agents/model-catalog.js";
+import { resolveDefaultModelForAgent } from "../../../src/agents/model-selection.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { STATE_DIR } from "../../../src/config/paths.js";
+import { logVerbose } from "../../../src/globals.js";
+import { loadJsonFile, saveJsonFile } from "../../../src/infra/json-file.js";
+import {
+  AUTO_IMAGE_KEY_PROVIDERS,
+  DEFAULT_IMAGE_MODELS,
+} from "../../../src/media-understanding/defaults.js";
+import { resolveAutoImageModel } from "../../../src/media-understanding/runner.js";
 
 const CACHE_FILE = path.join(STATE_DIR, "telegram", "sticker-cache.json");
 const CACHE_VERSION = 1;
@@ -144,11 +147,11 @@ export function getCacheStats(): { count: number; oldestAt?: string; newestAt?:
 const STICKER_DESCRIPTION_PROMPT =
   "Describe this sticker image in 1-2 sentences. Focus on what the sticker depicts (character, object, action, emotion). Be concise and objective.";
 let imageRuntimePromise: Promise<
-  typeof import("../media-understanding/providers/image-runtime.js")
+  typeof import("../../../src/media-understanding/providers/image-runtime.js")
 > | null = null;
 
 function loadImageRuntime() {
-  imageRuntimePromise ??= import("../media-understanding/providers/image-runtime.js");
+  imageRuntimePromise ??= import("../../../src/media-understanding/providers/image-runtime.js");
   return imageRuntimePromise;
 }
 
diff --git a/src/telegram/target-writeback.test.ts b/extensions/telegram/src/target-writeback.test.ts
similarity index 92%
rename from src/telegram/target-writeback.test.ts
rename to extensions/telegram/src/target-writeback.test.ts
index b32d5b33e2f..bb8b2129924 100644
--- a/src/telegram/target-writeback.test.ts
+++ b/extensions/telegram/src/target-writeback.test.ts
@@ -1,5 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 
 const readConfigFileSnapshotForWrite = vi.fn();
 const writeConfigFile = vi.fn();
@@ -7,8 +7,8 @@ const loadCronStore = vi.fn();
 const resolveCronStorePath = vi.fn();
 const saveCronStore = vi.fn();
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     readConfigFileSnapshotForWrite,
@@ -16,8 +16,8 @@ vi.mock("../config/config.js", async (importOriginal) => {
   };
 });
 
-vi.mock("../cron/store.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../cron/store.js")>();
+vi.mock("../../../src/cron/store.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/cron/store.js")>();
   return {
     ...actual,
     loadCronStore,
diff --git a/src/telegram/target-writeback.ts b/extensions/telegram/src/target-writeback.ts
similarity index 96%
rename from src/telegram/target-writeback.ts
rename to extensions/telegram/src/target-writeback.ts
index e8c4d52b2cb..6423215ffa2 100644
--- a/src/telegram/target-writeback.ts
+++ b/extensions/telegram/src/target-writeback.ts
@@ -1,7 +1,7 @@
-import type { OpenClawConfig } from "../config/config.js";
-import { readConfigFileSnapshotForWrite, writeConfigFile } from "../config/config.js";
-import { loadCronStore, resolveCronStorePath, saveCronStore } from "../cron/store.js";
-import { createSubsystemLogger } from "../logging/subsystem.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { readConfigFileSnapshotForWrite, writeConfigFile } from "../../../src/config/config.js";
+import { loadCronStore, resolveCronStorePath, saveCronStore } from "../../../src/cron/store.js";
+import { createSubsystemLogger } from "../../../src/logging/subsystem.js";
 import {
   normalizeTelegramChatId,
   normalizeTelegramLookupTarget,
diff --git a/src/telegram/targets.test.ts b/extensions/telegram/src/targets.test.ts
similarity index 100%
rename from src/telegram/targets.test.ts
rename to extensions/telegram/src/targets.test.ts
diff --git a/src/telegram/targets.ts b/extensions/telegram/src/targets.ts
similarity index 100%
rename from src/telegram/targets.ts
rename to extensions/telegram/src/targets.ts
diff --git a/src/telegram/thread-bindings.test.ts b/extensions/telegram/src/thread-bindings.test.ts
similarity index 96%
rename from src/telegram/thread-bindings.test.ts
rename to extensions/telegram/src/thread-bindings.test.ts
index fc32ace254b..3b05f50ac9b 100644
--- a/src/telegram/thread-bindings.test.ts
+++ b/extensions/telegram/src/thread-bindings.test.ts
@@ -2,9 +2,9 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { importFreshModule } from "../../test/helpers/import-fresh.js";
-import { resolveStateDir } from "../config/paths.js";
-import { getSessionBindingService } from "../infra/outbound/session-binding-service.js";
+import { resolveStateDir } from "../../../src/config/paths.js";
+import { getSessionBindingService } from "../../../src/infra/outbound/session-binding-service.js";
+import { importFreshModule } from "../../../test/helpers/import-fresh.js";
 import {
   __testing,
   createTelegramThreadBindingManager,
diff --git a/src/telegram/thread-bindings.ts b/extensions/telegram/src/thread-bindings.ts
similarity index 97%
rename from src/telegram/thread-bindings.ts
rename to extensions/telegram/src/thread-bindings.ts
index ea2fd11ac1e..831e46d952f 100644
--- a/src/telegram/thread-bindings.ts
+++ b/extensions/telegram/src/thread-bindings.ts
@@ -1,19 +1,19 @@
 import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
-import { resolveThreadBindingConversationIdFromBindingId } from "../channels/thread-binding-id.js";
-import { formatThreadBindingDurationLabel } from "../channels/thread-bindings-messages.js";
-import { resolveStateDir } from "../config/paths.js";
-import { logVerbose } from "../globals.js";
-import { writeJsonAtomic } from "../infra/json-files.js";
+import { resolveThreadBindingConversationIdFromBindingId } from "../../../src/channels/thread-binding-id.js";
+import { formatThreadBindingDurationLabel } from "../../../src/channels/thread-bindings-messages.js";
+import { resolveStateDir } from "../../../src/config/paths.js";
+import { logVerbose } from "../../../src/globals.js";
+import { writeJsonAtomic } from "../../../src/infra/json-files.js";
 import {
   registerSessionBindingAdapter,
   unregisterSessionBindingAdapter,
   type BindingTargetKind,
   type SessionBindingRecord,
-} from "../infra/outbound/session-binding-service.js";
-import { normalizeAccountId } from "../routing/session-key.js";
-import { resolveGlobalSingleton } from "../shared/global-singleton.js";
+} from "../../../src/infra/outbound/session-binding-service.js";
+import { normalizeAccountId } from "../../../src/routing/session-key.js";
+import { resolveGlobalSingleton } from "../../../src/shared/global-singleton.js";
 
 const DEFAULT_THREAD_BINDING_IDLE_TIMEOUT_MS = 24 * 60 * 60 * 1000;
 const DEFAULT_THREAD_BINDING_MAX_AGE_MS = 0;
diff --git a/src/telegram/token.test.ts b/extensions/telegram/src/token.test.ts
similarity index 97%
rename from src/telegram/token.test.ts
rename to extensions/telegram/src/token.test.ts
index 17e412cf584..c81e5d57b2c 100644
--- a/src/telegram/token.test.ts
+++ b/extensions/telegram/src/token.test.ts
@@ -2,8 +2,8 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { afterEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
-import { withStateDirEnv } from "../test-helpers/state-dir-env.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { withStateDirEnv } from "../../../src/test-helpers/state-dir-env.js";
 import { resolveTelegramToken } from "./token.js";
 import { readTelegramUpdateOffset, writeTelegramUpdateOffset } from "./update-offset-store.js";
 
diff --git a/src/telegram/token.ts b/extensions/telegram/src/token.ts
similarity index 85%
rename from src/telegram/token.ts
rename to extensions/telegram/src/token.ts
index 3615c703582..827b4899e21 100644
--- a/src/telegram/token.ts
+++ b/extensions/telegram/src/token.ts
@@ -1,9 +1,9 @@
-import type { BaseTokenResolution } from "../channels/plugins/types.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { normalizeResolvedSecretInputString } from "../config/types.secrets.js";
-import type { TelegramAccountConfig } from "../config/types.telegram.js";
-import { tryReadSecretFileSync } from "../infra/secret-file.js";
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js";
+import type { BaseTokenResolution } from "../../../src/channels/plugins/types.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { normalizeResolvedSecretInputString } from "../../../src/config/types.secrets.js";
+import type { TelegramAccountConfig } from "../../../src/config/types.telegram.js";
+import { tryReadSecretFileSync } from "../../../src/infra/secret-file.js";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js";
 
 export type TelegramTokenSource = "env" | "tokenFile" | "config" | "none";
 
diff --git a/src/telegram/update-offset-store.test.ts b/extensions/telegram/src/update-offset-store.test.ts
similarity index 98%
rename from src/telegram/update-offset-store.test.ts
rename to extensions/telegram/src/update-offset-store.test.ts
index 8c00c3a151d..517944f6972 100644
--- a/src/telegram/update-offset-store.test.ts
+++ b/extensions/telegram/src/update-offset-store.test.ts
@@ -1,7 +1,7 @@
 import fs from "node:fs/promises";
 import path from "node:path";
 import { describe, expect, it } from "vitest";
-import { withStateDirEnv } from "../test-helpers/state-dir-env.js";
+import { withStateDirEnv } from "../../../src/test-helpers/state-dir-env.js";
 import {
   deleteTelegramUpdateOffset,
   readTelegramUpdateOffset,
diff --git a/src/telegram/update-offset-store.ts b/extensions/telegram/src/update-offset-store.ts
similarity index 96%
rename from src/telegram/update-offset-store.ts
rename to extensions/telegram/src/update-offset-store.ts
index 8a511788c66..55b4e96ae23 100644
--- a/src/telegram/update-offset-store.ts
+++ b/extensions/telegram/src/update-offset-store.ts
@@ -1,8 +1,8 @@
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
-import { resolveStateDir } from "../config/paths.js";
-import { writeJsonAtomic } from "../infra/json-files.js";
+import { resolveStateDir } from "../../../src/config/paths.js";
+import { writeJsonAtomic } from "../../../src/infra/json-files.js";
 
 const STORE_VERSION = 2;
 
diff --git a/src/telegram/voice.test.ts b/extensions/telegram/src/voice.test.ts
similarity index 100%
rename from src/telegram/voice.test.ts
rename to extensions/telegram/src/voice.test.ts
diff --git a/src/telegram/voice.ts b/extensions/telegram/src/voice.ts
similarity index 92%
rename from src/telegram/voice.ts
rename to extensions/telegram/src/voice.ts
index 67d8bc56e2f..865bd82d72e 100644
--- a/src/telegram/voice.ts
+++ b/extensions/telegram/src/voice.ts
@@ -1,4 +1,4 @@
-import { isTelegramVoiceCompatibleAudio } from "../media/audio.js";
+import { isTelegramVoiceCompatibleAudio } from "../../../src/media/audio.js";
 
 export function resolveTelegramVoiceDecision(opts: {
   wantsVoice: boolean;
diff --git a/src/telegram/webhook.test.ts b/extensions/telegram/src/webhook.test.ts
similarity index 100%
rename from src/telegram/webhook.test.ts
rename to extensions/telegram/src/webhook.test.ts
diff --git a/src/telegram/webhook.ts b/extensions/telegram/src/webhook.ts
similarity index 95%
rename from src/telegram/webhook.ts
rename to extensions/telegram/src/webhook.ts
index c049089a2ad..39458ae036a 100644
--- a/src/telegram/webhook.ts
+++ b/extensions/telegram/src/webhook.ts
@@ -1,19 +1,19 @@
 import { timingSafeEqual } from "node:crypto";
 import { createServer } from "node:http";
 import { InputFile, webhookCallback } from "grammy";
-import type { OpenClawConfig } from "../config/config.js";
-import { isDiagnosticsEnabled } from "../infra/diagnostic-events.js";
-import { formatErrorMessage } from "../infra/errors.js";
-import { readJsonBodyWithLimit } from "../infra/http-body.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { isDiagnosticsEnabled } from "../../../src/infra/diagnostic-events.js";
+import { formatErrorMessage } from "../../../src/infra/errors.js";
+import { readJsonBodyWithLimit } from "../../../src/infra/http-body.js";
 import {
   logWebhookError,
   logWebhookProcessed,
   logWebhookReceived,
   startDiagnosticHeartbeat,
   stopDiagnosticHeartbeat,
-} from "../logging/diagnostic.js";
-import type { RuntimeEnv } from "../runtime.js";
-import { defaultRuntime } from "../runtime.js";
+} from "../../../src/logging/diagnostic.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
+import { defaultRuntime } from "../../../src/runtime.js";
 import { resolveTelegramAllowedUpdates } from "./allowed-updates.js";
 import { withTelegramApiErrorLogging } from "./api-logging.js";
 import { createTelegramBot } from "./bot.js";
diff --git a/extensions/test-utils/directory.ts b/extensions/test-utils/directory.ts
new file mode 100644
index 00000000000..90d2ed445d3
--- /dev/null
+++ b/extensions/test-utils/directory.ts
@@ -0,0 +1,27 @@
+import type { ChannelDirectoryAdapter } from "../../src/channels/plugins/types.js";
+
+export function createDirectoryTestRuntime() {
+  return {
+    log: () => {},
+    error: () => {},
+    exit: (code: number): never => {
+      throw new Error(`exit ${code}`);
+    },
+  };
+}
+
+export function expectDirectorySurface(directory: ChannelDirectoryAdapter | null | undefined) {
+  if (!directory) {
+    throw new Error("expected directory");
+  }
+  if (!directory.listPeers) {
+    throw new Error("expected listPeers");
+  }
+  if (!directory.listGroups) {
+    throw new Error("expected listGroups");
+  }
+  return directory as {
+    listPeers: NonNullable<ChannelDirectoryAdapter["listPeers"]>;
+    listGroups: NonNullable<ChannelDirectoryAdapter["listGroups"]>;
+  };
+}
diff --git a/extensions/test-utils/plugin-api.ts b/extensions/test-utils/plugin-api.ts
new file mode 100644
index 00000000000..5c9693c1a80
--- /dev/null
+++ b/extensions/test-utils/plugin-api.ts
@@ -0,0 +1,25 @@
+import type { OpenClawPluginApi } from "../../src/plugins/types.js";
+
+type TestPluginApiInput = Partial<OpenClawPluginApi> &
+  Pick<OpenClawPluginApi, "id" | "name" | "source" | "config" | "runtime">;
+
+export function createTestPluginApi(api: TestPluginApiInput): OpenClawPluginApi {
+  return {
+    logger: { info() {}, warn() {}, error() {}, debug() {} },
+    registerTool() {},
+    registerHook() {},
+    registerHttpRoute() {},
+    registerChannel() {},
+    registerGatewayMethod() {},
+    registerCli() {},
+    registerService() {},
+    registerProvider() {},
+    registerCommand() {},
+    registerContextEngine() {},
+    resolvePath(input: string) {
+      return input;
+    },
+    on() {},
+    ...api,
+  };
+}
diff --git a/extensions/test-utils/send-config.ts b/extensions/test-utils/send-config.ts
new file mode 100644
index 00000000000..61c7e126b12
--- /dev/null
+++ b/extensions/test-utils/send-config.ts
@@ -0,0 +1,65 @@
+import { expect } from "vitest";
+
+type MockFn = (...args: never[]) => unknown;
+
+type CfgThreadingAssertion<TCfg> = {
+  loadConfig: MockFn;
+  resolveAccount: MockFn;
+  cfg: TCfg;
+  accountId?: string;
+};
+
+type SendRuntimeState = {
+  loadConfig: MockFn;
+  resolveMarkdownTableMode: MockFn;
+  convertMarkdownTables: MockFn;
+  record: MockFn;
+};
+
+export function expectProvidedCfgSkipsRuntimeLoad<TCfg>({
+  loadConfig,
+  resolveAccount,
+  cfg,
+  accountId,
+}: CfgThreadingAssertion<TCfg>): void {
+  expect(loadConfig).not.toHaveBeenCalled();
+  expect(resolveAccount).toHaveBeenCalledWith({
+    cfg,
+    accountId,
+  });
+}
+
+export function expectRuntimeCfgFallback<TCfg>({
+  loadConfig,
+  resolveAccount,
+  cfg,
+  accountId,
+}: CfgThreadingAssertion<TCfg>): void {
+  expect(loadConfig).toHaveBeenCalledTimes(1);
+  expect(resolveAccount).toHaveBeenCalledWith({
+    cfg,
+    accountId,
+  });
+}
+
+export function createSendCfgThreadingRuntime({
+  loadConfig,
+  resolveMarkdownTableMode,
+  convertMarkdownTables,
+  record,
+}: SendRuntimeState) {
+  return {
+    config: {
+      loadConfig,
+    },
+    channel: {
+      text: {
+        resolveMarkdownTableMode,
+        convertMarkdownTables,
+      },
+      activity: {
+        record,
+      },
+    },
+  };
+}
diff --git a/extensions/test-utils/start-account-lifecycle.ts b/extensions/test-utils/start-account-lifecycle.ts
new file mode 100644
index 00000000000..6ce1c734736
--- /dev/null
+++ b/extensions/test-utils/start-account-lifecycle.ts
@@ -0,0 +1,72 @@
+import type { ChannelAccountSnapshot, ChannelGatewayContext } from "openclaw/plugin-sdk/test-utils";
+import { expect, vi } from "vitest";
+import { createStartAccountContext } from "./start-account-context.js";
+
+export function startAccountAndTrackLifecycle<TAccount extends { accountId: string }>(params: {
+  startAccount: (ctx: ChannelGatewayContext<TAccount>) => Promise<unknown>;
+  account: TAccount;
+}) {
+  const patches: ChannelAccountSnapshot[] = [];
+  const abort = new AbortController();
+  const task = params.startAccount(
+    createStartAccountContext({
+      account: params.account,
+      abortSignal: abort.signal,
+      statusPatchSink: (next) => patches.push({ ...next }),
+    }),
+  );
+  let settled = false;
+  void task.then(() => {
+    settled = true;
+  });
+  return {
+    abort,
+    patches,
+    task,
+    isSettled: () => settled,
+  };
+}
+
+export async function abortStartedAccount(params: {
+  abort: AbortController;
+  task: Promise<unknown>;
+}) {
+  params.abort.abort();
+  await params.task;
+}
+
+export async function expectPendingUntilAbort(params: {
+  waitForStarted: () => Promise<void>;
+  isSettled: () => boolean;
+  abort: AbortController;
+  task: Promise<unknown>;
+  assertBeforeAbort?: () => void;
+  assertAfterAbort?: () => void;
+}) {
+  await params.waitForStarted();
+  expect(params.isSettled()).toBe(false);
+  params.assertBeforeAbort?.();
+  await abortStartedAccount({ abort: params.abort, task: params.task });
+  params.assertAfterAbort?.();
+}
+
+export async function expectStopPendingUntilAbort(params: {
+  waitForStarted: () => Promise<void>;
+  isSettled: () => boolean;
+  abort: AbortController;
+  task: Promise<unknown>;
+  stop: ReturnType<typeof vi.fn>;
+}) {
+  await expectPendingUntilAbort({
+    waitForStarted: params.waitForStarted,
+    isSettled: params.isSettled,
+    abort: params.abort,
+    task: params.task,
+    assertBeforeAbort: () => {
+      expect(params.stop).not.toHaveBeenCalled();
+    },
+    assertAfterAbort: () => {
+      expect(params.stop).toHaveBeenCalledOnce();
+    },
+  });
+}
diff --git a/extensions/test-utils/status-issues.ts b/extensions/test-utils/status-issues.ts
new file mode 100644
index 00000000000..7de3c6bcd55
--- /dev/null
+++ b/extensions/test-utils/status-issues.ts
@@ -0,0 +1,10 @@
+import { expect } from "vitest";
+
+export function expectOpenDmPolicyConfigIssue<TAccount>(params: {
+  collectIssues: (accounts: TAccount[]) => Array<{ kind?: string }>;
+  account: TAccount;
+}) {
+  const issues = params.collectIssues([params.account]);
+  expect(issues).toHaveLength(1);
+  expect(issues[0]?.kind).toBe("config");
+}
diff --git a/extensions/thread-ownership/index.test.ts b/extensions/thread-ownership/index.test.ts
index 825b4ca5bb5..3d98d8f9735 100644
--- a/extensions/thread-ownership/index.test.ts
+++ b/extensions/thread-ownership/index.test.ts
@@ -51,6 +51,13 @@ describe("thread-ownership plugin", () => {
       register(api as any);
     });
 
+    async function sendSlackThreadMessage() {
+      return await hooks.message_sending(
+        { content: "hello", metadata: { threadTs: "1234.5678", channelId: "C123" }, to: "C123" },
+        { channelId: "slack", conversationId: "C123" },
+      );
+    }
+
     it("allows non-slack channels", async () => {
       const result = await hooks.message_sending(
         { content: "hello", metadata: { threadTs: "1234.5678", channelId: "C123" }, to: "C123" },
@@ -76,10 +83,7 @@ describe("thread-ownership plugin", () => {
         new Response(JSON.stringify({ owner: "test-agent" }), { status: 200 }),
       );
 
-      const result = await hooks.message_sending(
-        { content: "hello", metadata: { threadTs: "1234.5678", channelId: "C123" }, to: "C123" },
-        { channelId: "slack", conversationId: "C123" },
-      );
+      const result = await sendSlackThreadMessage();
 
       expect(result).toBeUndefined();
       expect(globalThis.fetch).toHaveBeenCalledWith(
@@ -96,10 +100,7 @@ describe("thread-ownership plugin", () => {
         new Response(JSON.stringify({ owner: "other-agent" }), { status: 409 }),
       );
 
-      const result = await hooks.message_sending(
-        { content: "hello", metadata: { threadTs: "1234.5678", channelId: "C123" }, to: "C123" },
-        { channelId: "slack", conversationId: "C123" },
-      );
+      const result = await sendSlackThreadMessage();
 
       expect(result).toEqual({ cancel: true });
       expect(api.logger.info).toHaveBeenCalledWith(expect.stringContaining("cancelled send"));
@@ -108,10 +109,7 @@ describe("thread-ownership plugin", () => {
     it("fails open on network error", async () => {
       vi.mocked(globalThis.fetch).mockRejectedValue(new Error("ECONNREFUSED"));
 
-      const result = await hooks.message_sending(
-        { content: "hello", metadata: { threadTs: "1234.5678", channelId: "C123" }, to: "C123" },
-        { channelId: "slack", conversationId: "C123" },
-      );
+      const result = await sendSlackThreadMessage();
 
       expect(result).toBeUndefined();
       expect(api.logger.warn).toHaveBeenCalledWith(
diff --git a/extensions/tlon/package.json b/extensions/tlon/package.json
index e5f9c1e9ed5..40ec9aeedde 100644
--- a/extensions/tlon/package.json
+++ b/extensions/tlon/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/tlon",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Tlon/Urbit channel plugin",
   "type": "module",
   "dependencies": {
diff --git a/extensions/tlon/src/channel.ts b/extensions/tlon/src/channel.ts
index 3c5bedbf841..eb37c8d7f74 100644
--- a/extensions/tlon/src/channel.ts
+++ b/extensions/tlon/src/channel.ts
@@ -153,6 +153,57 @@ function applyTlonSetupConfig(params: {
   };
 }
 
+type ResolvedTlonAccount = ReturnType<typeof resolveTlonAccount>;
+type ConfiguredTlonAccount = ResolvedTlonAccount & {
+  ship: string;
+  url: string;
+  code: string;
+};
+
+function resolveOutboundContext(params: {
+  cfg: OpenClawConfig;
+  accountId?: string | null;
+  to: string;
+}) {
+  const account = resolveTlonAccount(params.cfg, params.accountId ?? undefined);
+  if (!account.configured || !account.ship || !account.url || !account.code) {
+    throw new Error("Tlon account not configured");
+  }
+
+  const parsed = parseTlonTarget(params.to);
+  if (!parsed) {
+    throw new Error(`Invalid Tlon target. Use ${formatTargetHint()}`);
+  }
+
+  return { account: account as ConfiguredTlonAccount, parsed };
+}
+
+function resolveReplyId(replyToId?: string | null, threadId?: string | number | null) {
+  return (replyToId ?? threadId) ? String(replyToId ?? threadId) : undefined;
+}
+
+async function withHttpPokeAccountApi<T>(
+  account: ConfiguredTlonAccount,
+  run: (api: Awaited<ReturnType<typeof createHttpPokeApi>>) => Promise<T>,
+) {
+  const api = await createHttpPokeApi({
+    url: account.url,
+    ship: account.ship,
+    code: account.code,
+    allowPrivateNetwork: account.allowPrivateNetwork ?? undefined,
+  });
+
+  try {
+    return await run(api);
+  } finally {
+    try {
+      await api.delete();
+    } catch {
+      // ignore cleanup errors
+    }
+  }
+}
+
 const tlonOutbound: ChannelOutboundAdapter = {
   deliveryMode: "direct",
   textChunkLimit: 10000,
@@ -170,25 +221,8 @@ const tlonOutbound: ChannelOutboundAdapter = {
     return { ok: true, to: parsed.nest };
   },
   sendText: async ({ cfg, to, text, accountId, replyToId, threadId }) => {
-    const account = resolveTlonAccount(cfg, accountId ?? undefined);
-    if (!account.configured || !account.ship || !account.url || !account.code) {
-      throw new Error("Tlon account not configured");
-    }
-
-    const parsed = parseTlonTarget(to);
-    if (!parsed) {
-      throw new Error(`Invalid Tlon target. Use ${formatTargetHint()}`);
-    }
-
-    // Use HTTP-only poke (no EventSource) to avoid conflicts with monitor's SSE connection
-    const api = await createHttpPokeApi({
-      url: account.url,
-      ship: account.ship,
-      code: account.code,
-      allowPrivateNetwork: account.allowPrivateNetwork ?? undefined,
-    });
-
-    try {
+    const { account, parsed } = resolveOutboundContext({ cfg, accountId, to });
+    return withHttpPokeAccountApi(account, async (api) => {
       const fromShip = normalizeShip(account.ship);
       if (parsed.kind === "dm") {
         return await sendDm({
@@ -198,52 +232,29 @@ const tlonOutbound: ChannelOutboundAdapter = {
           text,
         });
       }
-      const replyId = (replyToId ?? threadId) ? String(replyToId ?? threadId) : undefined;
       return await sendGroupMessage({
         api,
         fromShip,
         hostShip: parsed.hostShip,
         channelName: parsed.channelName,
         text,
-        replyToId: replyId,
+        replyToId: resolveReplyId(replyToId, threadId),
       });
-    } finally {
-      try {
-        await api.delete();
-      } catch {
-        // ignore cleanup errors
-      }
-    }
+    });
   },
   sendMedia: async ({ cfg, to, text, mediaUrl, accountId, replyToId, threadId }) => {
-    const account = resolveTlonAccount(cfg, accountId ?? undefined);
-    if (!account.configured || !account.ship || !account.url || !account.code) {
-      throw new Error("Tlon account not configured");
-    }
-
-    const parsed = parseTlonTarget(to);
-    if (!parsed) {
-      throw new Error(`Invalid Tlon target. Use ${formatTargetHint()}`);
-    }
+    const { account, parsed } = resolveOutboundContext({ cfg, accountId, to });
 
     // Configure the API client for uploads
     configureClient({
       shipUrl: account.url,
       shipName: account.ship.replace(/^~/, ""),
       verbose: false,
-      getCode: async () => account.code!,
+      getCode: async () => account.code,
     });
 
     const uploadedUrl = mediaUrl ? await uploadImageFromUrl(mediaUrl) : undefined;
-
-    const api = await createHttpPokeApi({
-      url: account.url,
-      ship: account.ship,
-      code: account.code,
-      allowPrivateNetwork: account.allowPrivateNetwork ?? undefined,
-    });
-
-    try {
+    return withHttpPokeAccountApi(account, async (api) => {
       const fromShip = normalizeShip(account.ship);
       const story = buildMediaStory(text, uploadedUrl);
 
@@ -255,22 +266,15 @@ const tlonOutbound: ChannelOutboundAdapter = {
           story,
         });
       }
-      const replyId = (replyToId ?? threadId) ? String(replyToId ?? threadId) : undefined;
       return await sendGroupMessageWithStory({
         api,
         fromShip,
         hostShip: parsed.hostShip,
         channelName: parsed.channelName,
         story,
-        replyToId: replyId,
+        replyToId: resolveReplyId(replyToId, threadId),
       });
-    } finally {
-      try {
-        await api.delete();
-      } catch {
-        // ignore cleanup errors
-      }
-    }
+    });
   },
 };
 
diff --git a/extensions/tlon/src/urbit/sse-client.ts b/extensions/tlon/src/urbit/sse-client.ts
index ab12977d0e8..afa87502320 100644
--- a/extensions/tlon/src/urbit/sse-client.ts
+++ b/extensions/tlon/src/urbit/sse-client.ts
@@ -115,20 +115,7 @@ export class UrbitSSEClient {
     app: string;
     path: string;
   }) {
-    const { response, release } = await urbitFetch({
-      baseUrl: this.url,
-      path: `/~/channel/${this.channelId}`,
-      init: {
-        method: "PUT",
-        headers: {
-          "Content-Type": "application/json",
-          Cookie: this.cookie,
-        },
-        body: JSON.stringify([subscription]),
-      },
-      ssrfPolicy: this.ssrfPolicy,
-      lookupFn: this.lookupFn,
-      fetchImpl: this.fetchImpl,
+    const { response, release } = await this.putChannelPayload([subscription], {
       timeoutMs: 30_000,
       auditContext: "tlon-urbit-subscribe",
     });
@@ -359,20 +346,7 @@ export class UrbitSSEClient {
       "event-id": eventId,
     };
 
-    const { response, release } = await urbitFetch({
-      baseUrl: this.url,
-      path: `/~/channel/${this.channelId}`,
-      init: {
-        method: "PUT",
-        headers: {
-          "Content-Type": "application/json",
-          Cookie: this.cookie,
-        },
-        body: JSON.stringify([ackData]),
-      },
-      ssrfPolicy: this.ssrfPolicy,
-      lookupFn: this.lookupFn,
-      fetchImpl: this.fetchImpl,
+    const { response, release } = await this.putChannelPayload([ackData], {
       timeoutMs: 10_000,
       auditContext: "tlon-urbit-ack",
     });
@@ -445,20 +419,7 @@ export class UrbitSSEClient {
       }));
 
       {
-        const { response, release } = await urbitFetch({
-          baseUrl: this.url,
-          path: `/~/channel/${this.channelId}`,
-          init: {
-            method: "PUT",
-            headers: {
-              "Content-Type": "application/json",
-              Cookie: this.cookie,
-            },
-            body: JSON.stringify(unsubscribes),
-          },
-          ssrfPolicy: this.ssrfPolicy,
-          lookupFn: this.lookupFn,
-          fetchImpl: this.fetchImpl,
+        const { response, release } = await this.putChannelPayload(unsubscribes, {
           timeoutMs: 30_000,
           auditContext: "tlon-urbit-unsubscribe",
         });
@@ -501,4 +462,27 @@ export class UrbitSSEClient {
       await release();
     }
   }
+
+  private async putChannelPayload(
+    payload: unknown,
+    params: { timeoutMs: number; auditContext: string },
+  ) {
+    return await urbitFetch({
+      baseUrl: this.url,
+      path: `/~/channel/${this.channelId}`,
+      init: {
+        method: "PUT",
+        headers: {
+          "Content-Type": "application/json",
+          Cookie: this.cookie,
+        },
+        body: JSON.stringify(payload),
+      },
+      ssrfPolicy: this.ssrfPolicy,
+      lookupFn: this.lookupFn,
+      fetchImpl: this.fetchImpl,
+      timeoutMs: params.timeoutMs,
+      auditContext: params.auditContext,
+    });
+  }
 }
diff --git a/extensions/twitch/CHANGELOG.md b/extensions/twitch/CHANGELOG.md
index 123b391c2ce..cc887a99055 100644
--- a/extensions/twitch/CHANGELOG.md
+++ b/extensions/twitch/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.3.14
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.3.13
 
 ### Changes
diff --git a/extensions/twitch/package.json b/extensions/twitch/package.json
index 5213b5c7b74..bc730150b5e 100644
--- a/extensions/twitch/package.json
+++ b/extensions/twitch/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/twitch",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Twitch channel plugin",
   "type": "module",
   "dependencies": {
diff --git a/extensions/twitch/src/plugin.ts b/extensions/twitch/src/plugin.ts
index f6cf576b6a0..11cf90b8893 100644
--- a/extensions/twitch/src/plugin.ts
+++ b/extensions/twitch/src/plugin.ts
@@ -7,6 +7,7 @@
 
 import type { OpenClawConfig } from "openclaw/plugin-sdk/twitch";
 import { buildChannelConfigSchema } from "openclaw/plugin-sdk/twitch";
+import { buildPassiveProbedChannelStatusSummary } from "../../shared/channel-status-summary.js";
 import { twitchMessageActions } from "./actions.js";
 import { removeClientManager } from "./client-manager-registry.js";
 import { TwitchConfigSchema } from "./config-schema.js";
@@ -169,15 +170,8 @@ export const twitchPlugin: ChannelPlugin<TwitchAccountConfig> = {
     },
 
     /** Build channel summary from snapshot */
-    buildChannelSummary: ({ snapshot }: { snapshot: ChannelAccountSnapshot }) => ({
-      configured: snapshot.configured ?? false,
-      running: snapshot.running ?? false,
-      lastStartAt: snapshot.lastStartAt ?? null,
-      lastStopAt: snapshot.lastStopAt ?? null,
-      lastError: snapshot.lastError ?? null,
-      probe: snapshot.probe,
-      lastProbeAt: snapshot.lastProbeAt ?? null,
-    }),
+    buildChannelSummary: ({ snapshot }: { snapshot: ChannelAccountSnapshot }) =>
+      buildPassiveProbedChannelStatusSummary(snapshot),
 
     /** Probe account connection */
     probeAccount: async ({
diff --git a/extensions/vllm/index.ts b/extensions/vllm/index.ts
index fd0a5e18914..cb865de4dfd 100644
--- a/extensions/vllm/index.ts
+++ b/extensions/vllm/index.ts
@@ -1,13 +1,11 @@
 import {
   buildVllmProvider,
   configureOpenAICompatibleSelfHostedProviderNonInteractive,
+  discoverOpenAICompatibleSelfHostedProvider,
   emptyPluginConfigSchema,
-  promptAndConfigureOpenAICompatibleSelfHostedProvider,
+  promptAndConfigureOpenAICompatibleSelfHostedProviderAuth,
   type OpenClawPluginApi,
-  type ProviderAuthContext,
   type ProviderAuthMethodNonInteractiveContext,
-  type ProviderAuthResult,
-  type ProviderDiscoveryContext,
 } from "openclaw/plugin-sdk/core";
 
 const PROVIDER_ID = "vllm";
@@ -30,8 +28,8 @@ const vllmPlugin = {
           label: "vLLM",
           hint: "Local/self-hosted OpenAI-compatible server",
           kind: "custom",
-          run: async (ctx: ProviderAuthContext): Promise<ProviderAuthResult> => {
-            const result = await promptAndConfigureOpenAICompatibleSelfHostedProvider({
+          run: async (ctx) =>
+            promptAndConfigureOpenAICompatibleSelfHostedProviderAuth({
               cfg: ctx.config,
               prompter: ctx.prompter,
               providerId: PROVIDER_ID,
@@ -39,18 +37,7 @@ const vllmPlugin = {
               defaultBaseUrl: DEFAULT_BASE_URL,
               defaultApiKeyEnvVar: "VLLM_API_KEY",
               modelPlaceholder: "meta-llama/Meta-Llama-3-8B-Instruct",
-            });
-            return {
-              profiles: [
-                {
-                  profileId: result.profileId,
-                  credential: result.credential,
-                },
-              ],
-              configPatch: result.config,
-              defaultModel: result.modelRef,
-            };
-          },
+            }),
           runNonInteractive: async (ctx: ProviderAuthMethodNonInteractiveContext) =>
             configureOpenAICompatibleSelfHostedProviderNonInteractive({
               ctx,
@@ -64,21 +51,12 @@ const vllmPlugin = {
       ],
       discovery: {
         order: "late",
-        run: async (ctx: ProviderDiscoveryContext) => {
-          if (ctx.config.models?.providers?.vllm) {
-            return null;
-          }
-          const { apiKey, discoveryApiKey } = ctx.resolveProviderApiKey(PROVIDER_ID);
-          if (!apiKey) {
-            return null;
-          }
-          return {
-            provider: {
-              ...(await buildVllmProvider({ apiKey: discoveryApiKey })),
-              apiKey,
-            },
-          };
-        },
+        run: async (ctx) =>
+          discoverOpenAICompatibleSelfHostedProvider({
+            ctx,
+            providerId: PROVIDER_ID,
+            buildProvider: buildVllmProvider,
+          }),
       },
       wizard: {
         onboarding: {
diff --git a/extensions/vllm/package.json b/extensions/vllm/package.json
index 3ef665a6bf2..bb293610355 100644
--- a/extensions/vllm/package.json
+++ b/extensions/vllm/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/vllm-provider",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw vLLM provider plugin",
   "type": "module",
diff --git a/extensions/voice-call/CHANGELOG.md b/extensions/voice-call/CHANGELOG.md
index 25b90b3db54..d9d27a97e87 100644
--- a/extensions/voice-call/CHANGELOG.md
+++ b/extensions/voice-call/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.3.14
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.3.13
 
 ### Changes
diff --git a/extensions/voice-call/index.ts b/extensions/voice-call/index.ts
index 8e2fba9898f..7393fb03c9b 100644
--- a/extensions/voice-call/index.ts
+++ b/extensions/voice-call/index.ts
@@ -227,6 +227,37 @@ const voiceCallPlugin = {
       params.respond(true, { callId: result.callId, initiated: true });
     };
 
+    const respondToCallMessageAction = async (params: {
+      requestParams: GatewayRequestHandlerOptions["params"];
+      respond: GatewayRequestHandlerOptions["respond"];
+      action: (
+        request: Exclude<Awaited<ReturnType<typeof resolveCallMessageRequest>>, { error: string }>,
+      ) => Promise<{
+        success: boolean;
+        error?: string;
+        transcript?: string;
+      }>;
+      failure: string;
+      includeTranscript?: boolean;
+    }) => {
+      const request = await resolveCallMessageRequest(params.requestParams);
+      if ("error" in request) {
+        params.respond(false, { error: request.error });
+        return;
+      }
+      const result = await params.action(request);
+      if (!result.success) {
+        params.respond(false, { error: result.error || params.failure });
+        return;
+      }
+      params.respond(
+        true,
+        params.includeTranscript
+          ? { success: true, transcript: result.transcript }
+          : { success: true },
+      );
+    };
+
     api.registerGatewayMethod(
       "voicecall.initiate",
       async ({ params, respond }: GatewayRequestHandlerOptions) => {
@@ -264,17 +295,13 @@ const voiceCallPlugin = {
       "voicecall.continue",
       async ({ params, respond }: GatewayRequestHandlerOptions) => {
         try {
-          const request = await resolveCallMessageRequest(params);
-          if ("error" in request) {
-            respond(false, { error: request.error });
-            return;
-          }
-          const result = await request.rt.manager.continueCall(request.callId, request.message);
-          if (!result.success) {
-            respond(false, { error: result.error || "continue failed" });
-            return;
-          }
-          respond(true, { success: true, transcript: result.transcript });
+          await respondToCallMessageAction({
+            requestParams: params,
+            respond,
+            action: (request) => request.rt.manager.continueCall(request.callId, request.message),
+            failure: "continue failed",
+            includeTranscript: true,
+          });
         } catch (err) {
           sendError(respond, err);
         }
@@ -285,17 +312,12 @@ const voiceCallPlugin = {
       "voicecall.speak",
       async ({ params, respond }: GatewayRequestHandlerOptions) => {
         try {
-          const request = await resolveCallMessageRequest(params);
-          if ("error" in request) {
-            respond(false, { error: request.error });
-            return;
-          }
-          const result = await request.rt.manager.speak(request.callId, request.message);
-          if (!result.success) {
-            respond(false, { error: result.error || "speak failed" });
-            return;
-          }
-          respond(true, { success: true });
+          await respondToCallMessageAction({
+            requestParams: params,
+            respond,
+            action: (request) => request.rt.manager.speak(request.callId, request.message),
+            failure: "speak failed",
+          });
         } catch (err) {
           sendError(respond, err);
         }
diff --git a/extensions/voice-call/package.json b/extensions/voice-call/package.json
index 75c500db1f9..3c65532f9c9 100644
--- a/extensions/voice-call/package.json
+++ b/extensions/voice-call/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/voice-call",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw voice-call plugin",
   "type": "module",
   "dependencies": {
diff --git a/extensions/whatsapp/package.json b/extensions/whatsapp/package.json
index 383edd4612d..ec73a1b0613 100644
--- a/extensions/whatsapp/package.json
+++ b/extensions/whatsapp/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/whatsapp",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "private": true,
   "description": "OpenClaw WhatsApp channel plugin",
   "type": "module",
diff --git a/src/web/accounts.test.ts b/extensions/whatsapp/src/accounts.test.ts
similarity index 100%
rename from src/web/accounts.test.ts
rename to extensions/whatsapp/src/accounts.test.ts
diff --git a/src/web/accounts.ts b/extensions/whatsapp/src/accounts.ts
similarity index 91%
rename from src/web/accounts.ts
rename to extensions/whatsapp/src/accounts.ts
index 3370d4c9d80..a225b09dfb8 100644
--- a/src/web/accounts.ts
+++ b/extensions/whatsapp/src/accounts.ts
@@ -1,12 +1,12 @@
 import fs from "node:fs";
 import path from "node:path";
-import { createAccountListHelpers } from "../channels/plugins/account-helpers.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { resolveOAuthDir } from "../config/paths.js";
-import type { DmPolicy, GroupPolicy, WhatsAppAccountConfig } from "../config/types.js";
-import { resolveAccountEntry } from "../routing/account-lookup.js";
-import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../routing/session-key.js";
-import { resolveUserPath } from "../utils.js";
+import { createAccountListHelpers } from "../../../src/channels/plugins/account-helpers.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { resolveOAuthDir } from "../../../src/config/paths.js";
+import type { DmPolicy, GroupPolicy, WhatsAppAccountConfig } from "../../../src/config/types.js";
+import { resolveAccountEntry } from "../../../src/routing/account-lookup.js";
+import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../../src/routing/session-key.js";
+import { resolveUserPath } from "../../../src/utils.js";
 import { hasWebCredsSync } from "./auth-store.js";
 
 export type ResolvedWhatsAppAccount = {
diff --git a/src/web/accounts.whatsapp-auth.test.ts b/extensions/whatsapp/src/accounts.whatsapp-auth.test.ts
similarity index 96%
rename from src/web/accounts.whatsapp-auth.test.ts
rename to extensions/whatsapp/src/accounts.whatsapp-auth.test.ts
index 89dac3977cc..349bccc65e5 100644
--- a/src/web/accounts.whatsapp-auth.test.ts
+++ b/extensions/whatsapp/src/accounts.whatsapp-auth.test.ts
@@ -2,7 +2,7 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { afterEach, beforeEach, describe, expect, it } from "vitest";
-import { captureEnv } from "../test-utils/env.js";
+import { captureEnv } from "../../../src/test-utils/env.js";
 import { hasAnyWhatsAppAuth, listWhatsAppAuthDirs } from "./accounts.js";
 
 describe("hasAnyWhatsAppAuth", () => {
diff --git a/src/web/active-listener.ts b/extensions/whatsapp/src/active-listener.ts
similarity index 92%
rename from src/web/active-listener.ts
rename to extensions/whatsapp/src/active-listener.ts
index 2c852899617..fc8f11fe20e 100644
--- a/src/web/active-listener.ts
+++ b/extensions/whatsapp/src/active-listener.ts
@@ -1,6 +1,6 @@
-import { formatCliCommand } from "../cli/command-format.js";
-import type { PollInput } from "../polls.js";
-import { DEFAULT_ACCOUNT_ID } from "../routing/session-key.js";
+import { formatCliCommand } from "../../../src/cli/command-format.js";
+import type { PollInput } from "../../../src/polls.js";
+import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js";
 
 export type ActiveWebSendOptions = {
   gifPlayback?: boolean;
diff --git a/extensions/whatsapp/src/agent-tools-login.ts b/extensions/whatsapp/src/agent-tools-login.ts
new file mode 100644
index 00000000000..a1ac87a3976
--- /dev/null
+++ b/extensions/whatsapp/src/agent-tools-login.ts
@@ -0,0 +1,72 @@
+import { Type } from "@sinclair/typebox";
+import type { ChannelAgentTool } from "../../../src/channels/plugins/types.js";
+
+export function createWhatsAppLoginTool(): ChannelAgentTool {
+  return {
+    label: "WhatsApp Login",
+    name: "whatsapp_login",
+    ownerOnly: true,
+    description: "Generate a WhatsApp QR code for linking, or wait for the scan to complete.",
+    // NOTE: Using Type.Unsafe for action enum instead of Type.Union([Type.Literal(...)]
+    // because Claude API on Vertex AI rejects nested anyOf schemas as invalid JSON Schema.
+    parameters: Type.Object({
+      action: Type.Unsafe<"start" | "wait">({
+        type: "string",
+        enum: ["start", "wait"],
+      }),
+      timeoutMs: Type.Optional(Type.Number()),
+      force: Type.Optional(Type.Boolean()),
+    }),
+    execute: async (_toolCallId, args) => {
+      const { startWebLoginWithQr, waitForWebLogin } = await import("./login-qr.js");
+      const action = (args as { action?: string })?.action ?? "start";
+      if (action === "wait") {
+        const result = await waitForWebLogin({
+          timeoutMs:
+            typeof (args as { timeoutMs?: unknown }).timeoutMs === "number"
+              ? (args as { timeoutMs?: number }).timeoutMs
+              : undefined,
+        });
+        return {
+          content: [{ type: "text", text: result.message }],
+          details: { connected: result.connected },
+        };
+      }
+
+      const result = await startWebLoginWithQr({
+        timeoutMs:
+          typeof (args as { timeoutMs?: unknown }).timeoutMs === "number"
+            ? (args as { timeoutMs?: number }).timeoutMs
+            : undefined,
+        force:
+          typeof (args as { force?: unknown }).force === "boolean"
+            ? (args as { force?: boolean }).force
+            : false,
+      });
+
+      if (!result.qrDataUrl) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: result.message,
+            },
+          ],
+          details: { qr: false },
+        };
+      }
+
+      const text = [
+        result.message,
+        "",
+        "Open WhatsApp → Linked Devices and scan:",
+        "",
+        `![whatsapp-qr](${result.qrDataUrl})`,
+      ].join("\n");
+      return {
+        content: [{ type: "text", text }],
+        details: { qr: true },
+      };
+    },
+  };
+}
diff --git a/src/web/auth-store.ts b/extensions/whatsapp/src/auth-store.ts
similarity index 91%
rename from src/web/auth-store.ts
rename to extensions/whatsapp/src/auth-store.ts
index b17df5e322f..636c114676f 100644
--- a/src/web/auth-store.ts
+++ b/extensions/whatsapp/src/auth-store.ts
@@ -1,14 +1,14 @@
 import fsSync from "node:fs";
 import fs from "node:fs/promises";
 import path from "node:path";
-import { formatCliCommand } from "../cli/command-format.js";
-import { resolveOAuthDir } from "../config/paths.js";
-import { info, success } from "../globals.js";
-import { getChildLogger } from "../logging.js";
-import { DEFAULT_ACCOUNT_ID } from "../routing/session-key.js";
-import { defaultRuntime, type RuntimeEnv } from "../runtime.js";
-import type { WebChannel } from "../utils.js";
-import { jidToE164, resolveUserPath } from "../utils.js";
+import { formatCliCommand } from "../../../src/cli/command-format.js";
+import { resolveOAuthDir } from "../../../src/config/paths.js";
+import { info, success } from "../../../src/globals.js";
+import { getChildLogger } from "../../../src/logging.js";
+import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js";
+import { defaultRuntime, type RuntimeEnv } from "../../../src/runtime.js";
+import type { WebChannel } from "../../../src/utils.js";
+import { jidToE164, resolveUserPath } from "../../../src/utils.js";
 
 export function resolveDefaultWebAuthDir(): string {
   return path.join(resolveOAuthDir(), "whatsapp", DEFAULT_ACCOUNT_ID);
diff --git a/src/web/auto-reply.broadcast-groups.combined.test.ts b/extensions/whatsapp/src/auto-reply.broadcast-groups.combined.test.ts
similarity index 98%
rename from src/web/auto-reply.broadcast-groups.combined.test.ts
rename to extensions/whatsapp/src/auto-reply.broadcast-groups.combined.test.ts
index 40b2f90b22d..3cc4421f594 100644
--- a/src/web/auto-reply.broadcast-groups.combined.test.ts
+++ b/extensions/whatsapp/src/auto-reply.broadcast-groups.combined.test.ts
@@ -1,6 +1,6 @@
 import "./test-helpers.js";
 import { describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import {
   monitorWebChannelWithCapture,
   sendWebDirectInboundAndCollectSessionKeys,
diff --git a/src/web/auto-reply.broadcast-groups.test-harness.ts b/extensions/whatsapp/src/auto-reply.broadcast-groups.test-harness.ts
similarity index 100%
rename from src/web/auto-reply.broadcast-groups.test-harness.ts
rename to extensions/whatsapp/src/auto-reply.broadcast-groups.test-harness.ts
diff --git a/src/web/auto-reply.impl.ts b/extensions/whatsapp/src/auto-reply.impl.ts
similarity index 63%
rename from src/web/auto-reply.impl.ts
rename to extensions/whatsapp/src/auto-reply.impl.ts
index c53a13e3219..57feff1ab4d 100644
--- a/src/web/auto-reply.impl.ts
+++ b/extensions/whatsapp/src/auto-reply.impl.ts
@@ -1,5 +1,5 @@
-export { HEARTBEAT_PROMPT, stripHeartbeatToken } from "../auto-reply/heartbeat.js";
-export { HEARTBEAT_TOKEN, SILENT_REPLY_TOKEN } from "../auto-reply/tokens.js";
+export { HEARTBEAT_PROMPT, stripHeartbeatToken } from "../../../src/auto-reply/heartbeat.js";
+export { HEARTBEAT_TOKEN, SILENT_REPLY_TOKEN } from "../../../src/auto-reply/tokens.js";
 
 export { DEFAULT_WEB_MEDIA_BYTES } from "./auto-reply/constants.js";
 export { resolveHeartbeatRecipients, runWebHeartbeatOnce } from "./auto-reply/heartbeat-runner.js";
diff --git a/src/web/auto-reply.test-harness.ts b/extensions/whatsapp/src/auto-reply.test-harness.ts
similarity index 96%
rename from src/web/auto-reply.test-harness.ts
rename to extensions/whatsapp/src/auto-reply.test-harness.ts
index 0e7b0c7e3a7..dfbcf447fa9 100644
--- a/src/web/auto-reply.test-harness.ts
+++ b/extensions/whatsapp/src/auto-reply.test-harness.ts
@@ -3,9 +3,9 @@ import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
 import { afterAll, afterEach, beforeAll, beforeEach, vi } from "vitest";
-import { resetInboundDedupe } from "../auto-reply/reply/inbound-dedupe.js";
-import * as ssrf from "../infra/net/ssrf.js";
-import { resetLogger, setLoggerOverride } from "../logging.js";
+import { resetInboundDedupe } from "../../../src/auto-reply/reply/inbound-dedupe.js";
+import * as ssrf from "../../../src/infra/net/ssrf.js";
+import { resetLogger, setLoggerOverride } from "../../../src/logging.js";
 import type { WebInboundMessage, WebListenerCloseReason } from "./inbound.js";
 import {
   resetBaileysMocks as _resetBaileysMocks,
@@ -29,7 +29,7 @@ type MockWebListener = {
 
 export const TEST_NET_IP = "203.0.113.10";
 
-vi.mock("../agents/pi-embedded.js", () => ({
+vi.mock("../../../src/agents/pi-embedded.js", () => ({
   abortEmbeddedPiRun: vi.fn().mockReturnValue(false),
   isEmbeddedPiRunActive: vi.fn().mockReturnValue(false),
   isEmbeddedPiRunStreaming: vi.fn().mockReturnValue(false),
diff --git a/src/web/auto-reply.ts b/extensions/whatsapp/src/auto-reply.ts
similarity index 100%
rename from src/web/auto-reply.ts
rename to extensions/whatsapp/src/auto-reply.ts
diff --git a/src/web/auto-reply.web-auto-reply.compresses-common-formats-jpeg-cap.test.ts b/extensions/whatsapp/src/auto-reply.web-auto-reply.compresses-common-formats-jpeg-cap.test.ts
similarity index 100%
rename from src/web/auto-reply.web-auto-reply.compresses-common-formats-jpeg-cap.test.ts
rename to extensions/whatsapp/src/auto-reply.web-auto-reply.compresses-common-formats-jpeg-cap.test.ts
diff --git a/src/web/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts b/extensions/whatsapp/src/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts
similarity index 98%
rename from src/web/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts
rename to extensions/whatsapp/src/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts
index 97e77f25f3d..dd324f47351 100644
--- a/src/web/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts
+++ b/extensions/whatsapp/src/auto-reply.web-auto-reply.connection-and-logging.e2e.test.ts
@@ -2,10 +2,10 @@ import "./test-helpers.js";
 import crypto from "node:crypto";
 import fs from "node:fs/promises";
 import { beforeAll, describe, expect, it, vi } from "vitest";
-import { escapeRegExp, formatEnvelopeTimestamp } from "../../test/helpers/envelope-timestamp.js";
-import type { OpenClawConfig } from "../config/config.js";
-import { setLoggerOverride } from "../logging.js";
-import { withEnvAsync } from "../test-utils/env.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { setLoggerOverride } from "../../../src/logging.js";
+import { withEnvAsync } from "../../../src/test-utils/env.js";
+import { escapeRegExp, formatEnvelopeTimestamp } from "../../../test/helpers/envelope-timestamp.js";
 import {
   createMockWebListener,
   createWebListenerFactoryCapture,
diff --git a/src/web/auto-reply.web-auto-reply.last-route.test.ts b/extensions/whatsapp/src/auto-reply.web-auto-reply.last-route.test.ts
similarity index 98%
rename from src/web/auto-reply.web-auto-reply.last-route.test.ts
rename to extensions/whatsapp/src/auto-reply.web-auto-reply.last-route.test.ts
index a810b2ece29..a370876f514 100644
--- a/src/web/auto-reply.web-auto-reply.last-route.test.ts
+++ b/extensions/whatsapp/src/auto-reply.web-auto-reply.last-route.test.ts
@@ -1,7 +1,7 @@
 import "./test-helpers.js";
 import fs from "node:fs/promises";
 import { describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import { installWebAutoReplyUnitTestHooks, makeSessionStore } from "./auto-reply.test-harness.js";
 import { buildMentionConfig } from "./auto-reply/mentions.js";
 import { createEchoTracker } from "./auto-reply/monitor/echo.js";
diff --git a/src/web/auto-reply/constants.ts b/extensions/whatsapp/src/auto-reply/constants.ts
similarity index 100%
rename from src/web/auto-reply/constants.ts
rename to extensions/whatsapp/src/auto-reply/constants.ts
diff --git a/src/web/auto-reply/deliver-reply.test.ts b/extensions/whatsapp/src/auto-reply/deliver-reply.test.ts
similarity index 95%
rename from src/web/auto-reply/deliver-reply.test.ts
rename to extensions/whatsapp/src/auto-reply/deliver-reply.test.ts
index 6a2810d182a..2a28a636fff 100644
--- a/src/web/auto-reply/deliver-reply.test.ts
+++ b/extensions/whatsapp/src/auto-reply/deliver-reply.test.ts
@@ -1,12 +1,12 @@
 import { describe, expect, it, vi } from "vitest";
-import { logVerbose } from "../../globals.js";
-import { sleep } from "../../utils.js";
+import { logVerbose } from "../../../../src/globals.js";
+import { sleep } from "../../../../src/utils.js";
 import { loadWebMedia } from "../media.js";
 import { deliverWebReply } from "./deliver-reply.js";
 import type { WebInboundMsg } from "./types.js";
 
-vi.mock("../../globals.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../globals.js")>();
+vi.mock("../../../../src/globals.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../../src/globals.js")>();
   return {
     ...actual,
     shouldLogVerbose: vi.fn(() => true),
@@ -18,8 +18,8 @@ vi.mock("../media.js", () => ({
   loadWebMedia: vi.fn(),
 }));
 
-vi.mock("../../utils.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../utils.js")>();
+vi.mock("../../../../src/utils.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../../src/utils.js")>();
   return {
     ...actual,
     sleep: vi.fn(async () => {}),
diff --git a/src/web/auto-reply/deliver-reply.ts b/extensions/whatsapp/src/auto-reply/deliver-reply.ts
similarity index 93%
rename from src/web/auto-reply/deliver-reply.ts
rename to extensions/whatsapp/src/auto-reply/deliver-reply.ts
index 7866fea0c8a..6fb4ce39143 100644
--- a/src/web/auto-reply/deliver-reply.ts
+++ b/extensions/whatsapp/src/auto-reply/deliver-reply.ts
@@ -1,10 +1,10 @@
-import { chunkMarkdownTextWithMode, type ChunkMode } from "../../auto-reply/chunk.js";
-import type { ReplyPayload } from "../../auto-reply/types.js";
-import type { MarkdownTableMode } from "../../config/types.base.js";
-import { logVerbose, shouldLogVerbose } from "../../globals.js";
-import { convertMarkdownTables } from "../../markdown/tables.js";
-import { markdownToWhatsApp } from "../../markdown/whatsapp.js";
-import { sleep } from "../../utils.js";
+import { chunkMarkdownTextWithMode, type ChunkMode } from "../../../../src/auto-reply/chunk.js";
+import type { ReplyPayload } from "../../../../src/auto-reply/types.js";
+import type { MarkdownTableMode } from "../../../../src/config/types.base.js";
+import { logVerbose, shouldLogVerbose } from "../../../../src/globals.js";
+import { convertMarkdownTables } from "../../../../src/markdown/tables.js";
+import { markdownToWhatsApp } from "../../../../src/markdown/whatsapp.js";
+import { sleep } from "../../../../src/utils.js";
 import { loadWebMedia } from "../media.js";
 import { newConnectionId } from "../reconnect.js";
 import { formatError } from "../session.js";
diff --git a/src/web/auto-reply/heartbeat-runner.test.ts b/extensions/whatsapp/src/auto-reply/heartbeat-runner.test.ts
similarity index 89%
rename from src/web/auto-reply/heartbeat-runner.test.ts
rename to extensions/whatsapp/src/auto-reply/heartbeat-runner.test.ts
index 87d8d8a7ca9..a0022abaa8c 100644
--- a/src/web/auto-reply/heartbeat-runner.test.ts
+++ b/extensions/whatsapp/src/auto-reply/heartbeat-runner.test.ts
@@ -1,8 +1,8 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import type { getReplyFromConfig } from "../../auto-reply/reply.js";
-import { HEARTBEAT_TOKEN } from "../../auto-reply/tokens.js";
-import { redactIdentifier } from "../../logging/redact-identifier.js";
-import type { sendMessageWhatsApp } from "../outbound.js";
+import type { getReplyFromConfig } from "../../../../src/auto-reply/reply.js";
+import { HEARTBEAT_TOKEN } from "../../../../src/auto-reply/tokens.js";
+import { redactIdentifier } from "../../../../src/logging/redact-identifier.js";
+import type { sendMessageWhatsApp } from "../send.js";
 
 const state = vi.hoisted(() => ({
   visibility: { showAlerts: true, showOk: true, useIndicator: false },
@@ -22,34 +22,34 @@ const state = vi.hoisted(() => ({
   heartbeatWarnLogs: [] as string[],
 }));
 
-vi.mock("../../agents/current-time.js", () => ({
+vi.mock("../../../../src/agents/current-time.js", () => ({
   appendCronStyleCurrentTimeLine: (body: string) =>
     `${body}\nCurrent time: 2026-02-15T00:00:00Z (mock)`,
 }));
 
 // Perf: this module otherwise pulls a large dependency graph that we don't need
 // for these unit tests.
-vi.mock("../../auto-reply/reply.js", () => ({
+vi.mock("../../../../src/auto-reply/reply.js", () => ({
   getReplyFromConfig: vi.fn(async () => undefined),
 }));
 
-vi.mock("../../channels/plugins/whatsapp-heartbeat.js", () => ({
+vi.mock("../../../../src/channels/plugins/whatsapp-heartbeat.js", () => ({
   resolveWhatsAppHeartbeatRecipients: () => [],
 }));
 
-vi.mock("../../config/config.js", () => ({
+vi.mock("../../../../src/config/config.js", () => ({
   loadConfig: () => ({ agents: { defaults: {} }, session: {} }),
 }));
 
-vi.mock("../../routing/session-key.js", () => ({
+vi.mock("../../../../src/routing/session-key.js", () => ({
   normalizeMainKey: () => null,
 }));
 
-vi.mock("../../infra/heartbeat-visibility.js", () => ({
+vi.mock("../../../../src/infra/heartbeat-visibility.js", () => ({
   resolveHeartbeatVisibility: () => state.visibility,
 }));
 
-vi.mock("../../config/sessions.js", () => ({
+vi.mock("../../../../src/config/sessions.js", () => ({
   loadSessionStore: () => state.store,
   resolveSessionKey: () => "k",
   resolveStorePath: () => "/tmp/store.json",
@@ -62,12 +62,12 @@ vi.mock("./session-snapshot.js", () => ({
   getSessionSnapshot: () => state.snapshot,
 }));
 
-vi.mock("../../infra/heartbeat-events.js", () => ({
+vi.mock("../../../../src/infra/heartbeat-events.js", () => ({
   emitHeartbeatEvent: (event: unknown) => state.events.push(event),
   resolveIndicatorType: (status: string) => `indicator:${status}`,
 }));
 
-vi.mock("../../logging.js", () => ({
+vi.mock("../../../../src/logging.js", () => ({
   getChildLogger: () => ({
     info: (...args: unknown[]) => state.loggerInfoCalls.push(args),
     warn: (...args: unknown[]) => state.loggerWarnCalls.push(args),
@@ -85,7 +85,7 @@ vi.mock("../reconnect.js", () => ({
   newConnectionId: () => "run-1",
 }));
 
-vi.mock("../outbound.js", () => ({
+vi.mock("../send.js", () => ({
   sendMessageWhatsApp: vi.fn(async () => ({ messageId: "m1" })),
 }));
 
diff --git a/src/web/auto-reply/heartbeat-runner.ts b/extensions/whatsapp/src/auto-reply/heartbeat-runner.ts
similarity index 89%
rename from src/web/auto-reply/heartbeat-runner.ts
rename to extensions/whatsapp/src/auto-reply/heartbeat-runner.ts
index e393339a781..0b423a3f116 100644
--- a/src/web/auto-reply/heartbeat-runner.ts
+++ b/extensions/whatsapp/src/auto-reply/heartbeat-runner.ts
@@ -1,27 +1,30 @@
-import { appendCronStyleCurrentTimeLine } from "../../agents/current-time.js";
-import { resolveHeartbeatReplyPayload } from "../../auto-reply/heartbeat-reply-payload.js";
+import { appendCronStyleCurrentTimeLine } from "../../../../src/agents/current-time.js";
+import { resolveHeartbeatReplyPayload } from "../../../../src/auto-reply/heartbeat-reply-payload.js";
 import {
   DEFAULT_HEARTBEAT_ACK_MAX_CHARS,
   resolveHeartbeatPrompt,
   stripHeartbeatToken,
-} from "../../auto-reply/heartbeat.js";
-import { getReplyFromConfig } from "../../auto-reply/reply.js";
-import { HEARTBEAT_TOKEN } from "../../auto-reply/tokens.js";
-import { resolveWhatsAppHeartbeatRecipients } from "../../channels/plugins/whatsapp-heartbeat.js";
-import { loadConfig } from "../../config/config.js";
+} from "../../../../src/auto-reply/heartbeat.js";
+import { getReplyFromConfig } from "../../../../src/auto-reply/reply.js";
+import { HEARTBEAT_TOKEN } from "../../../../src/auto-reply/tokens.js";
+import { resolveWhatsAppHeartbeatRecipients } from "../../../../src/channels/plugins/whatsapp-heartbeat.js";
+import { loadConfig } from "../../../../src/config/config.js";
 import {
   loadSessionStore,
   resolveSessionKey,
   resolveStorePath,
   updateSessionStore,
-} from "../../config/sessions.js";
-import { emitHeartbeatEvent, resolveIndicatorType } from "../../infra/heartbeat-events.js";
-import { resolveHeartbeatVisibility } from "../../infra/heartbeat-visibility.js";
-import { getChildLogger } from "../../logging.js";
-import { redactIdentifier } from "../../logging/redact-identifier.js";
-import { normalizeMainKey } from "../../routing/session-key.js";
-import { sendMessageWhatsApp } from "../outbound.js";
+} from "../../../../src/config/sessions.js";
+import {
+  emitHeartbeatEvent,
+  resolveIndicatorType,
+} from "../../../../src/infra/heartbeat-events.js";
+import { resolveHeartbeatVisibility } from "../../../../src/infra/heartbeat-visibility.js";
+import { getChildLogger } from "../../../../src/logging.js";
+import { redactIdentifier } from "../../../../src/logging/redact-identifier.js";
+import { normalizeMainKey } from "../../../../src/routing/session-key.js";
 import { newConnectionId } from "../reconnect.js";
+import { sendMessageWhatsApp } from "../send.js";
 import { formatError } from "../session.js";
 import { whatsappHeartbeatLog } from "./loggers.js";
 import { getSessionSnapshot } from "./session-snapshot.js";
diff --git a/src/web/auto-reply/loggers.ts b/extensions/whatsapp/src/auto-reply/loggers.ts
similarity index 78%
rename from src/web/auto-reply/loggers.ts
rename to extensions/whatsapp/src/auto-reply/loggers.ts
index b5272289325..71575671b2e 100644
--- a/src/web/auto-reply/loggers.ts
+++ b/extensions/whatsapp/src/auto-reply/loggers.ts
@@ -1,4 +1,4 @@
-import { createSubsystemLogger } from "../../logging/subsystem.js";
+import { createSubsystemLogger } from "../../../../src/logging/subsystem.js";
 
 export const whatsappLog = createSubsystemLogger("gateway/channels/whatsapp");
 export const whatsappInboundLog = whatsappLog.child("inbound");
diff --git a/src/web/auto-reply/mentions.ts b/extensions/whatsapp/src/auto-reply/mentions.ts
similarity index 95%
rename from src/web/auto-reply/mentions.ts
rename to extensions/whatsapp/src/auto-reply/mentions.ts
index f595bd2f0a2..3891810c617 100644
--- a/src/web/auto-reply/mentions.ts
+++ b/extensions/whatsapp/src/auto-reply/mentions.ts
@@ -1,6 +1,9 @@
-import { buildMentionRegexes, normalizeMentionText } from "../../auto-reply/reply/mentions.js";
-import type { loadConfig } from "../../config/config.js";
-import { isSelfChatMode, jidToE164, normalizeE164 } from "../../utils.js";
+import {
+  buildMentionRegexes,
+  normalizeMentionText,
+} from "../../../../src/auto-reply/reply/mentions.js";
+import type { loadConfig } from "../../../../src/config/config.js";
+import { isSelfChatMode, jidToE164, normalizeE164 } from "../../../../src/utils.js";
 import type { WebInboundMsg } from "./types.js";
 
 export type MentionConfig = {
diff --git a/src/web/auto-reply/monitor.ts b/extensions/whatsapp/src/auto-reply/monitor.ts
similarity index 92%
rename from src/web/auto-reply/monitor.ts
rename to extensions/whatsapp/src/auto-reply/monitor.ts
index a9ef2f4b229..1222c69b71a 100644
--- a/src/web/auto-reply/monitor.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor.ts
@@ -1,18 +1,18 @@
-import { hasControlCommand } from "../../auto-reply/command-detection.js";
-import { resolveInboundDebounceMs } from "../../auto-reply/inbound-debounce.js";
-import { getReplyFromConfig } from "../../auto-reply/reply.js";
-import { DEFAULT_GROUP_HISTORY_LIMIT } from "../../auto-reply/reply/history.js";
-import { formatCliCommand } from "../../cli/command-format.js";
-import { waitForever } from "../../cli/wait.js";
-import { loadConfig } from "../../config/config.js";
-import { createConnectedChannelStatusPatch } from "../../gateway/channel-status-patches.js";
-import { logVerbose } from "../../globals.js";
-import { formatDurationPrecise } from "../../infra/format-time/format-duration.ts";
-import { enqueueSystemEvent } from "../../infra/system-events.js";
-import { registerUnhandledRejectionHandler } from "../../infra/unhandled-rejections.js";
-import { getChildLogger } from "../../logging.js";
-import { resolveAgentRoute } from "../../routing/resolve-route.js";
-import { defaultRuntime, type RuntimeEnv } from "../../runtime.js";
+import { hasControlCommand } from "../../../../src/auto-reply/command-detection.js";
+import { resolveInboundDebounceMs } from "../../../../src/auto-reply/inbound-debounce.js";
+import { getReplyFromConfig } from "../../../../src/auto-reply/reply.js";
+import { DEFAULT_GROUP_HISTORY_LIMIT } from "../../../../src/auto-reply/reply/history.js";
+import { formatCliCommand } from "../../../../src/cli/command-format.js";
+import { waitForever } from "../../../../src/cli/wait.js";
+import { loadConfig } from "../../../../src/config/config.js";
+import { createConnectedChannelStatusPatch } from "../../../../src/gateway/channel-status-patches.js";
+import { logVerbose } from "../../../../src/globals.js";
+import { formatDurationPrecise } from "../../../../src/infra/format-time/format-duration.ts";
+import { enqueueSystemEvent } from "../../../../src/infra/system-events.js";
+import { registerUnhandledRejectionHandler } from "../../../../src/infra/unhandled-rejections.js";
+import { getChildLogger } from "../../../../src/logging.js";
+import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js";
+import { defaultRuntime, type RuntimeEnv } from "../../../../src/runtime.js";
 import { resolveWhatsAppAccount, resolveWhatsAppMediaMaxBytes } from "../accounts.js";
 import { setActiveWebListener } from "../active-listener.js";
 import { monitorWebInbox } from "../inbound.js";
diff --git a/src/web/auto-reply/monitor/ack-reaction.ts b/extensions/whatsapp/src/auto-reply/monitor/ack-reaction.ts
similarity index 88%
rename from src/web/auto-reply/monitor/ack-reaction.ts
rename to extensions/whatsapp/src/auto-reply/monitor/ack-reaction.ts
index 2ac7c56d2a4..c5a5d149ab7 100644
--- a/src/web/auto-reply/monitor/ack-reaction.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor/ack-reaction.ts
@@ -1,7 +1,7 @@
-import { shouldAckReactionForWhatsApp } from "../../../channels/ack-reactions.js";
-import type { loadConfig } from "../../../config/config.js";
-import { logVerbose } from "../../../globals.js";
-import { sendReactionWhatsApp } from "../../outbound.js";
+import { shouldAckReactionForWhatsApp } from "../../../../../src/channels/ack-reactions.js";
+import type { loadConfig } from "../../../../../src/config/config.js";
+import { logVerbose } from "../../../../../src/globals.js";
+import { sendReactionWhatsApp } from "../../send.js";
 import { formatError } from "../../session.js";
 import type { WebInboundMsg } from "../types.js";
 import { resolveGroupActivationFor } from "./group-activation.js";
diff --git a/src/web/auto-reply/monitor/broadcast.ts b/extensions/whatsapp/src/auto-reply/monitor/broadcast.ts
similarity index 91%
rename from src/web/auto-reply/monitor/broadcast.ts
rename to extensions/whatsapp/src/auto-reply/monitor/broadcast.ts
index 1dc51bef179..b00ba7aff9b 100644
--- a/src/web/auto-reply/monitor/broadcast.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor/broadcast.ts
@@ -1,11 +1,14 @@
-import type { loadConfig } from "../../../config/config.js";
-import type { resolveAgentRoute } from "../../../routing/resolve-route.js";
-import { buildAgentSessionKey, deriveLastRoutePolicy } from "../../../routing/resolve-route.js";
+import type { loadConfig } from "../../../../../src/config/config.js";
+import type { resolveAgentRoute } from "../../../../../src/routing/resolve-route.js";
+import {
+  buildAgentSessionKey,
+  deriveLastRoutePolicy,
+} from "../../../../../src/routing/resolve-route.js";
 import {
   buildAgentMainSessionKey,
   DEFAULT_MAIN_KEY,
   normalizeAgentId,
-} from "../../../routing/session-key.js";
+} from "../../../../../src/routing/session-key.js";
 import { formatError } from "../../session.js";
 import { whatsappInboundLog } from "../loggers.js";
 import type { WebInboundMsg } from "../types.js";
diff --git a/src/web/auto-reply/monitor/commands.ts b/extensions/whatsapp/src/auto-reply/monitor/commands.ts
similarity index 100%
rename from src/web/auto-reply/monitor/commands.ts
rename to extensions/whatsapp/src/auto-reply/monitor/commands.ts
diff --git a/src/web/auto-reply/monitor/echo.ts b/extensions/whatsapp/src/auto-reply/monitor/echo.ts
similarity index 100%
rename from src/web/auto-reply/monitor/echo.ts
rename to extensions/whatsapp/src/auto-reply/monitor/echo.ts
diff --git a/src/web/auto-reply/monitor/group-activation.ts b/extensions/whatsapp/src/auto-reply/monitor/group-activation.ts
similarity index 86%
rename from src/web/auto-reply/monitor/group-activation.ts
rename to extensions/whatsapp/src/auto-reply/monitor/group-activation.ts
index 01f96e94528..60b15f5b3c6 100644
--- a/src/web/auto-reply/monitor/group-activation.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor/group-activation.ts
@@ -1,14 +1,14 @@
-import { normalizeGroupActivation } from "../../../auto-reply/group-activation.js";
-import type { loadConfig } from "../../../config/config.js";
+import { normalizeGroupActivation } from "../../../../../src/auto-reply/group-activation.js";
+import type { loadConfig } from "../../../../../src/config/config.js";
 import {
   resolveChannelGroupPolicy,
   resolveChannelGroupRequireMention,
-} from "../../../config/group-policy.js";
+} from "../../../../../src/config/group-policy.js";
 import {
   loadSessionStore,
   resolveGroupSessionKey,
   resolveStorePath,
-} from "../../../config/sessions.js";
+} from "../../../../../src/config/sessions.js";
 
 export function resolveGroupPolicyFor(cfg: ReturnType<typeof loadConfig>, conversationId: string) {
   const groupId = resolveGroupSessionKey({
diff --git a/src/web/auto-reply/monitor/group-gating.ts b/extensions/whatsapp/src/auto-reply/monitor/group-gating.ts
similarity index 91%
rename from src/web/auto-reply/monitor/group-gating.ts
rename to extensions/whatsapp/src/auto-reply/monitor/group-gating.ts
index d1867ed24b0..418d5ebee83 100644
--- a/src/web/auto-reply/monitor/group-gating.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor/group-gating.ts
@@ -1,9 +1,9 @@
-import { hasControlCommand } from "../../../auto-reply/command-detection.js";
-import { parseActivationCommand } from "../../../auto-reply/group-activation.js";
-import { recordPendingHistoryEntryIfEnabled } from "../../../auto-reply/reply/history.js";
-import { resolveMentionGating } from "../../../channels/mention-gating.js";
-import type { loadConfig } from "../../../config/config.js";
-import { normalizeE164 } from "../../../utils.js";
+import { hasControlCommand } from "../../../../../src/auto-reply/command-detection.js";
+import { parseActivationCommand } from "../../../../../src/auto-reply/group-activation.js";
+import { recordPendingHistoryEntryIfEnabled } from "../../../../../src/auto-reply/reply/history.js";
+import { resolveMentionGating } from "../../../../../src/channels/mention-gating.js";
+import type { loadConfig } from "../../../../../src/config/config.js";
+import { normalizeE164 } from "../../../../../src/utils.js";
 import type { MentionConfig } from "../mentions.js";
 import { buildMentionConfig, debugMention, resolveOwnerList } from "../mentions.js";
 import type { WebInboundMsg } from "../types.js";
diff --git a/src/web/auto-reply/monitor/group-members.test.ts b/extensions/whatsapp/src/auto-reply/monitor/group-members.test.ts
similarity index 100%
rename from src/web/auto-reply/monitor/group-members.test.ts
rename to extensions/whatsapp/src/auto-reply/monitor/group-members.test.ts
diff --git a/src/web/auto-reply/monitor/group-members.ts b/extensions/whatsapp/src/auto-reply/monitor/group-members.ts
similarity index 96%
rename from src/web/auto-reply/monitor/group-members.ts
rename to extensions/whatsapp/src/auto-reply/monitor/group-members.ts
index 5564c4b87cf..fc2d541bcf5 100644
--- a/src/web/auto-reply/monitor/group-members.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor/group-members.ts
@@ -1,4 +1,4 @@
-import { normalizeE164 } from "../../../utils.js";
+import { normalizeE164 } from "../../../../../src/utils.js";
 
 function appendNormalizedUnique(entries: Iterable<string>, seen: Set<string>, ordered: string[]) {
   for (const entry of entries) {
diff --git a/src/web/auto-reply/monitor/last-route.ts b/extensions/whatsapp/src/auto-reply/monitor/last-route.ts
similarity index 85%
rename from src/web/auto-reply/monitor/last-route.ts
rename to extensions/whatsapp/src/auto-reply/monitor/last-route.ts
index 2943537e1cf..9fbe17d104d 100644
--- a/src/web/auto-reply/monitor/last-route.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor/last-route.ts
@@ -1,6 +1,6 @@
-import type { MsgContext } from "../../../auto-reply/templating.js";
-import type { loadConfig } from "../../../config/config.js";
-import { resolveStorePath, updateLastRoute } from "../../../config/sessions.js";
+import type { MsgContext } from "../../../../../src/auto-reply/templating.js";
+import type { loadConfig } from "../../../../../src/config/config.js";
+import { resolveStorePath, updateLastRoute } from "../../../../../src/config/sessions.js";
 import { formatError } from "../../session.js";
 
 export function trackBackgroundTask(
diff --git a/src/web/auto-reply/monitor/message-line.ts b/extensions/whatsapp/src/auto-reply/monitor/message-line.ts
similarity index 85%
rename from src/web/auto-reply/monitor/message-line.ts
rename to extensions/whatsapp/src/auto-reply/monitor/message-line.ts
index ba99766aedf..299d5868bf8 100644
--- a/src/web/auto-reply/monitor/message-line.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor/message-line.ts
@@ -1,6 +1,9 @@
-import { resolveMessagePrefix } from "../../../agents/identity.js";
-import { formatInboundEnvelope, type EnvelopeFormatOptions } from "../../../auto-reply/envelope.js";
-import type { loadConfig } from "../../../config/config.js";
+import { resolveMessagePrefix } from "../../../../../src/agents/identity.js";
+import {
+  formatInboundEnvelope,
+  type EnvelopeFormatOptions,
+} from "../../../../../src/auto-reply/envelope.js";
+import type { loadConfig } from "../../../../../src/config/config.js";
 import type { WebInboundMsg } from "../types.js";
 
 export function formatReplyContext(msg: WebInboundMsg) {
diff --git a/src/web/auto-reply/monitor/on-message.ts b/extensions/whatsapp/src/auto-reply/monitor/on-message.ts
similarity index 89%
rename from src/web/auto-reply/monitor/on-message.ts
rename to extensions/whatsapp/src/auto-reply/monitor/on-message.ts
index 947a56603e8..caa519f5cf0 100644
--- a/src/web/auto-reply/monitor/on-message.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor/on-message.ts
@@ -1,10 +1,10 @@
-import type { getReplyFromConfig } from "../../../auto-reply/reply.js";
-import type { MsgContext } from "../../../auto-reply/templating.js";
-import { loadConfig } from "../../../config/config.js";
-import { logVerbose } from "../../../globals.js";
-import { resolveAgentRoute } from "../../../routing/resolve-route.js";
-import { buildGroupHistoryKey } from "../../../routing/session-key.js";
-import { normalizeE164 } from "../../../utils.js";
+import type { getReplyFromConfig } from "../../../../../src/auto-reply/reply.js";
+import type { MsgContext } from "../../../../../src/auto-reply/templating.js";
+import { loadConfig } from "../../../../../src/config/config.js";
+import { logVerbose } from "../../../../../src/globals.js";
+import { resolveAgentRoute } from "../../../../../src/routing/resolve-route.js";
+import { buildGroupHistoryKey } from "../../../../../src/routing/session-key.js";
+import { normalizeE164 } from "../../../../../src/utils.js";
 import type { MentionConfig } from "../mentions.js";
 import type { WebInboundMsg } from "../types.js";
 import { maybeBroadcastMessage } from "./broadcast.js";
@@ -26,7 +26,7 @@ export function createWebOnMessageHandler(params: {
   echoTracker: EchoTracker;
   backgroundTasks: Set<Promise<unknown>>;
   replyResolver: typeof getReplyFromConfig;
-  replyLogger: ReturnType<(typeof import("../../../logging.js"))["getChildLogger"]>;
+  replyLogger: ReturnType<(typeof import("../../../../../src/logging.js"))["getChildLogger"]>;
   baseMentionConfig: MentionConfig;
   account: { authDir?: string; accountId?: string };
 }) {
diff --git a/src/web/auto-reply/monitor/peer.ts b/extensions/whatsapp/src/auto-reply/monitor/peer.ts
similarity index 84%
rename from src/web/auto-reply/monitor/peer.ts
rename to extensions/whatsapp/src/auto-reply/monitor/peer.ts
index b41555ffa26..7795ac7c4d1 100644
--- a/src/web/auto-reply/monitor/peer.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor/peer.ts
@@ -1,4 +1,4 @@
-import { jidToE164, normalizeE164 } from "../../../utils.js";
+import { jidToE164, normalizeE164 } from "../../../../../src/utils.js";
 import type { WebInboundMsg } from "../types.js";
 
 export function resolvePeerId(msg: WebInboundMsg) {
diff --git a/src/web/auto-reply/monitor/process-message.inbound-contract.test.ts b/extensions/whatsapp/src/auto-reply/monitor/process-message.inbound-contract.test.ts
similarity index 88%
rename from src/web/auto-reply/monitor/process-message.inbound-contract.test.ts
rename to extensions/whatsapp/src/auto-reply/monitor/process-message.inbound-contract.test.ts
index ce3c9700d7b..238c675e12d 100644
--- a/src/web/auto-reply/monitor/process-message.inbound-contract.test.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor/process-message.inbound-contract.test.ts
@@ -2,7 +2,7 @@ import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { expectInboundContextContract } from "../../../../test/helpers/inbound-contract.js";
+import { expectInboundContextContract } from "../../../../../test/helpers/inbound-contract.js";
 
 let capturedCtx: unknown;
 let capturedDispatchParams: unknown;
@@ -72,7 +72,7 @@ function createWhatsAppDirectStreamingArgs(params?: {
       channels: { whatsapp: { blockStreaming: true } },
       messages: {},
       session: { store: sessionStorePath },
-    } as unknown as ReturnType<typeof import("../../../config/config.js").loadConfig>,
+    } as unknown as ReturnType<typeof import("../../../../../src/config/config.js").loadConfig>,
     msg: {
       id: "msg1",
       from: "+1555",
@@ -83,7 +83,7 @@ function createWhatsAppDirectStreamingArgs(params?: {
   });
 }
 
-vi.mock("../../../auto-reply/reply/provider-dispatcher.js", () => ({
+vi.mock("../../../../../src/auto-reply/reply/provider-dispatcher.js", () => ({
   // oxlint-disable-next-line typescript/no-explicit-any
   dispatchReplyWithBufferedBlockDispatcher: vi.fn(async (params: any) => {
     capturedDispatchParams = params;
@@ -222,7 +222,7 @@ describe("web processMessage inbound contract", () => {
       },
       messages: {},
       session: { store: sessionStorePath },
-    } as unknown as ReturnType<typeof import("../../../config/config.js").loadConfig>);
+    } as unknown as ReturnType<typeof import("../../../../../src/config/config.js").loadConfig>);
 
     expect(getDispatcherResponsePrefix()).toBe("[Mainbot]");
   });
@@ -231,7 +231,7 @@ describe("web processMessage inbound contract", () => {
     await processSelfDirectMessage({
       messages: {},
       session: { store: sessionStorePath },
-    } as unknown as ReturnType<typeof import("../../../config/config.js").loadConfig>);
+    } as unknown as ReturnType<typeof import("../../../../../src/config/config.js").loadConfig>);
 
     expect(getDispatcherResponsePrefix()).toBeUndefined();
   });
@@ -258,7 +258,7 @@ describe("web processMessage inbound contract", () => {
         cfg: {
           messages: {},
           session: { store: sessionStorePath },
-        } as unknown as ReturnType<typeof import("../../../config/config.js").loadConfig>,
+        } as unknown as ReturnType<typeof import("../../../../../src/config/config.js").loadConfig>,
         msg: {
           id: "g1",
           from: "123@g.us",
@@ -308,6 +308,21 @@ describe("web processMessage inbound contract", () => {
     expect(replyOptions?.disableBlockStreaming).toBe(true);
   });
 
+  it("passes sendComposing through as the reply typing callback", async () => {
+    const sendComposing = vi.fn(async () => undefined);
+    const args = createWhatsAppDirectStreamingArgs();
+    args.msg = {
+      ...args.msg,
+      sendComposing,
+    };
+
+    await processMessage(args);
+
+    // oxlint-disable-next-line typescript/no-explicit-any
+    const dispatcherOptions = (capturedDispatchParams as any)?.dispatcherOptions;
+    expect(dispatcherOptions?.onReplyStart).toBe(sendComposing);
+  });
+
   it("updates main last route for DM when session key matches main session key", async () => {
     const updateLastRouteMock = vi.mocked(updateLastRouteInBackground);
     updateLastRouteMock.mockClear();
@@ -362,13 +377,14 @@ describe("web processMessage inbound contract", () => {
     expect(updateLastRouteMock).not.toHaveBeenCalled();
   });
 
-  it("does not update main last route for non-owner sender when main DM scope is pinned", async () => {
-    const updateLastRouteMock = vi.mocked(updateLastRouteInBackground);
-    updateLastRouteMock.mockClear();
-
+  function makePinnedMainScopeArgs(params: {
+    groupHistoryKey: string;
+    messageId: string;
+    from: string;
+  }) {
     const args = makeProcessMessageArgs({
       routeSessionKey: "agent:main:main",
-      groupHistoryKey: "+3000",
+      groupHistoryKey: params.groupHistoryKey,
       cfg: {
         channels: {
           whatsapp: {
@@ -377,14 +393,14 @@ describe("web processMessage inbound contract", () => {
         },
         messages: {},
         session: { store: sessionStorePath, dmScope: "main" },
-      } as unknown as ReturnType<typeof import("../../../config/config.js").loadConfig>,
+      } as unknown as ReturnType<typeof import("../../../../../src/config/config.js").loadConfig>,
       msg: {
-        id: "msg-last-route-3",
-        from: "+3000",
+        id: params.messageId,
+        from: params.from,
         to: "+2000",
         chatType: "direct",
         body: "hello",
-        senderE164: "+3000",
+        senderE164: params.from,
       },
     });
     args.route = {
@@ -392,6 +408,18 @@ describe("web processMessage inbound contract", () => {
       sessionKey: "agent:main:main",
       mainSessionKey: "agent:main:main",
     };
+    return args;
+  }
+
+  it("does not update main last route for non-owner sender when main DM scope is pinned", async () => {
+    const updateLastRouteMock = vi.mocked(updateLastRouteInBackground);
+    updateLastRouteMock.mockClear();
+
+    const args = makePinnedMainScopeArgs({
+      groupHistoryKey: "+3000",
+      messageId: "msg-last-route-3",
+      from: "+3000",
+    });
 
     await processMessage(args);
 
@@ -402,32 +430,11 @@ describe("web processMessage inbound contract", () => {
     const updateLastRouteMock = vi.mocked(updateLastRouteInBackground);
     updateLastRouteMock.mockClear();
 
-    const args = makeProcessMessageArgs({
-      routeSessionKey: "agent:main:main",
+    const args = makePinnedMainScopeArgs({
       groupHistoryKey: "+1000",
-      cfg: {
-        channels: {
-          whatsapp: {
-            allowFrom: ["+1000"],
-          },
-        },
-        messages: {},
-        session: { store: sessionStorePath, dmScope: "main" },
-      } as unknown as ReturnType<typeof import("../../../config/config.js").loadConfig>,
-      msg: {
-        id: "msg-last-route-4",
-        from: "+1000",
-        to: "+2000",
-        chatType: "direct",
-        body: "hello",
-        senderE164: "+1000",
-      },
+      messageId: "msg-last-route-4",
+      from: "+1000",
     });
-    args.route = {
-      ...args.route,
-      sessionKey: "agent:main:main",
-      mainSessionKey: "agent:main:main",
-    };
 
     await processMessage(args);
 
diff --git a/src/web/auto-reply/monitor/process-message.ts b/extensions/whatsapp/src/auto-reply/monitor/process-message.ts
similarity index 90%
rename from src/web/auto-reply/monitor/process-message.ts
rename to extensions/whatsapp/src/auto-reply/monitor/process-message.ts
index b9e7993779e..094e4570bdb 100644
--- a/src/web/auto-reply/monitor/process-message.ts
+++ b/extensions/whatsapp/src/auto-reply/monitor/process-message.ts
@@ -1,34 +1,34 @@
-import { resolveIdentityNamePrefix } from "../../../agents/identity.js";
-import { resolveChunkMode, resolveTextChunkLimit } from "../../../auto-reply/chunk.js";
-import { shouldComputeCommandAuthorized } from "../../../auto-reply/command-detection.js";
-import { formatInboundEnvelope } from "../../../auto-reply/envelope.js";
-import type { getReplyFromConfig } from "../../../auto-reply/reply.js";
+import { resolveIdentityNamePrefix } from "../../../../../src/agents/identity.js";
+import { resolveChunkMode, resolveTextChunkLimit } from "../../../../../src/auto-reply/chunk.js";
+import { shouldComputeCommandAuthorized } from "../../../../../src/auto-reply/command-detection.js";
+import { formatInboundEnvelope } from "../../../../../src/auto-reply/envelope.js";
+import type { getReplyFromConfig } from "../../../../../src/auto-reply/reply.js";
 import {
   buildHistoryContextFromEntries,
   type HistoryEntry,
-} from "../../../auto-reply/reply/history.js";
-import { finalizeInboundContext } from "../../../auto-reply/reply/inbound-context.js";
-import { dispatchReplyWithBufferedBlockDispatcher } from "../../../auto-reply/reply/provider-dispatcher.js";
-import type { ReplyPayload } from "../../../auto-reply/types.js";
-import { toLocationContext } from "../../../channels/location.js";
-import { createReplyPrefixOptions } from "../../../channels/reply-prefix.js";
-import { resolveInboundSessionEnvelopeContext } from "../../../channels/session-envelope.js";
-import type { loadConfig } from "../../../config/config.js";
-import { resolveMarkdownTableMode } from "../../../config/markdown-tables.js";
-import { recordSessionMetaFromInbound } from "../../../config/sessions.js";
-import { logVerbose, shouldLogVerbose } from "../../../globals.js";
-import type { getChildLogger } from "../../../logging.js";
-import { getAgentScopedMediaLocalRoots } from "../../../media/local-roots.js";
+} from "../../../../../src/auto-reply/reply/history.js";
+import { finalizeInboundContext } from "../../../../../src/auto-reply/reply/inbound-context.js";
+import { dispatchReplyWithBufferedBlockDispatcher } from "../../../../../src/auto-reply/reply/provider-dispatcher.js";
+import type { ReplyPayload } from "../../../../../src/auto-reply/types.js";
+import { toLocationContext } from "../../../../../src/channels/location.js";
+import { createReplyPrefixOptions } from "../../../../../src/channels/reply-prefix.js";
+import { resolveInboundSessionEnvelopeContext } from "../../../../../src/channels/session-envelope.js";
+import type { loadConfig } from "../../../../../src/config/config.js";
+import { resolveMarkdownTableMode } from "../../../../../src/config/markdown-tables.js";
+import { recordSessionMetaFromInbound } from "../../../../../src/config/sessions.js";
+import { logVerbose, shouldLogVerbose } from "../../../../../src/globals.js";
+import type { getChildLogger } from "../../../../../src/logging.js";
+import { getAgentScopedMediaLocalRoots } from "../../../../../src/media/local-roots.js";
 import {
   resolveInboundLastRouteSessionKey,
   type resolveAgentRoute,
-} from "../../../routing/resolve-route.js";
+} from "../../../../../src/routing/resolve-route.js";
 import {
   readStoreAllowFromForDmPolicy,
   resolvePinnedMainDmOwnerFromAllowlist,
   resolveDmGroupAccessWithCommandGate,
-} from "../../../security/dm-policy-shared.js";
-import { jidToE164, normalizeE164 } from "../../../utils.js";
+} from "../../../../../src/security/dm-policy-shared.js";
+import { jidToE164, normalizeE164 } from "../../../../../src/utils.js";
 import { resolveWhatsAppAccount } from "../../accounts.js";
 import { newConnectionId } from "../../reconnect.js";
 import { formatError } from "../../session.js";
diff --git a/src/web/auto-reply/session-snapshot.ts b/extensions/whatsapp/src/auto-reply/session-snapshot.ts
similarity index 90%
rename from src/web/auto-reply/session-snapshot.ts
rename to extensions/whatsapp/src/auto-reply/session-snapshot.ts
index 12a5619e639..53b7e3ae615 100644
--- a/src/web/auto-reply/session-snapshot.ts
+++ b/extensions/whatsapp/src/auto-reply/session-snapshot.ts
@@ -1,4 +1,4 @@
-import type { loadConfig } from "../../config/config.js";
+import type { loadConfig } from "../../../../src/config/config.js";
 import {
   evaluateSessionFreshness,
   loadSessionStore,
@@ -8,8 +8,8 @@ import {
   resolveSessionResetType,
   resolveSessionKey,
   resolveStorePath,
-} from "../../config/sessions.js";
-import { normalizeMainKey } from "../../routing/session-key.js";
+} from "../../../../src/config/sessions.js";
+import { normalizeMainKey } from "../../../../src/routing/session-key.js";
 
 export function getSessionSnapshot(
   cfg: ReturnType<typeof loadConfig>,
diff --git a/src/web/auto-reply/types.ts b/extensions/whatsapp/src/auto-reply/types.ts
similarity index 100%
rename from src/web/auto-reply/types.ts
rename to extensions/whatsapp/src/auto-reply/types.ts
diff --git a/src/web/auto-reply/util.ts b/extensions/whatsapp/src/auto-reply/util.ts
similarity index 100%
rename from src/web/auto-reply/util.ts
rename to extensions/whatsapp/src/auto-reply/util.ts
diff --git a/src/web/auto-reply/web-auto-reply-monitor.test.ts b/extensions/whatsapp/src/auto-reply/web-auto-reply-monitor.test.ts
similarity index 97%
rename from src/web/auto-reply/web-auto-reply-monitor.test.ts
rename to extensions/whatsapp/src/auto-reply/web-auto-reply-monitor.test.ts
index 925d430de9c..412648b3180 100644
--- a/src/web/auto-reply/web-auto-reply-monitor.test.ts
+++ b/extensions/whatsapp/src/auto-reply/web-auto-reply-monitor.test.ts
@@ -2,7 +2,7 @@ import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
 import { afterEach, beforeEach, describe, expect, it } from "vitest";
-import { resolveAgentRoute } from "../../routing/resolve-route.js";
+import { resolveAgentRoute } from "../../../../src/routing/resolve-route.js";
 import { buildMentionConfig } from "./mentions.js";
 import { applyGroupGating, type GroupHistoryEntry } from "./monitor/group-gating.js";
 import { buildInboundLine, formatReplyContext } from "./monitor/message-line.js";
@@ -33,10 +33,10 @@ const makeConfig = (overrides: Record<string, unknown>) =>
     },
     session: { store: sessionStorePath },
     ...overrides,
-  }) as unknown as ReturnType<typeof import("../../config/config.js").loadConfig>;
+  }) as unknown as ReturnType<typeof import("../../../../src/config/config.js").loadConfig>;
 
 function runGroupGating(params: {
-  cfg: ReturnType<typeof import("../../config/config.js").loadConfig>;
+  cfg: ReturnType<typeof import("../../../../src/config/config.js").loadConfig>;
   msg: Record<string, unknown>;
   conversationId?: string;
   agentId?: string;
diff --git a/src/web/auto-reply/web-auto-reply-utils.test.ts b/extensions/whatsapp/src/auto-reply/web-auto-reply-utils.test.ts
similarity index 98%
rename from src/web/auto-reply/web-auto-reply-utils.test.ts
rename to extensions/whatsapp/src/auto-reply/web-auto-reply-utils.test.ts
index bb7f27f3a93..0107fa126d7 100644
--- a/src/web/auto-reply/web-auto-reply-utils.test.ts
+++ b/extensions/whatsapp/src/auto-reply/web-auto-reply-utils.test.ts
@@ -1,8 +1,8 @@
 import fs from "node:fs/promises";
 import path from "node:path";
 import { describe, expect, it, vi } from "vitest";
-import { saveSessionStore } from "../../config/sessions.js";
-import { withTempDir } from "../../test-utils/temp-dir.js";
+import { saveSessionStore } from "../../../../src/config/sessions.js";
+import { withTempDir } from "../../../../src/test-utils/temp-dir.js";
 import {
   debugMention,
   isBotMentionedFromTargets,
diff --git a/extensions/whatsapp/src/channel.outbound.test.ts b/extensions/whatsapp/src/channel.outbound.test.ts
index 758274619e0..70220dcac3b 100644
--- a/extensions/whatsapp/src/channel.outbound.test.ts
+++ b/extensions/whatsapp/src/channel.outbound.test.ts
@@ -1,5 +1,8 @@
-import type { OpenClawConfig } from "openclaw/plugin-sdk/whatsapp";
 import { describe, expect, it, vi } from "vitest";
+import {
+  createWhatsAppPollFixture,
+  expectWhatsAppPollSent,
+} from "../../../src/test-helpers/whatsapp-outbound.js";
 
 const hoisted = vi.hoisted(() => ({
   sendPollWhatsApp: vi.fn(async () => ({ messageId: "wa-poll-1", toJid: "1555@s.whatsapp.net" })),
@@ -22,25 +25,16 @@ import { whatsappPlugin } from "./channel.js";
 
 describe("whatsappPlugin outbound sendPoll", () => {
   it("threads cfg into runtime sendPollWhatsApp call", async () => {
-    const cfg = { marker: "resolved-cfg" } as OpenClawConfig;
-    const poll = {
-      question: "Lunch?",
-      options: ["Pizza", "Sushi"],
-      maxSelections: 1,
-    };
+    const { cfg, poll, to, accountId } = createWhatsAppPollFixture();
 
     const result = await whatsappPlugin.outbound!.sendPoll!({
       cfg,
-      to: "+1555",
+      to,
       poll,
-      accountId: "work",
+      accountId,
     });
 
-    expect(hoisted.sendPollWhatsApp).toHaveBeenCalledWith("+1555", poll, {
-      verbose: false,
-      accountId: "work",
-      cfg,
-    });
+    expectWhatsAppPollSent(hoisted.sendPollWhatsApp, { cfg, poll, to, accountId });
     expect(result).toEqual({ messageId: "wa-poll-1", toJid: "1555@s.whatsapp.net" });
   });
 });
diff --git a/extensions/whatsapp/src/channel.ts b/extensions/whatsapp/src/channel.ts
index 274b5e07883..28de41a9fea 100644
--- a/extensions/whatsapp/src/channel.ts
+++ b/extensions/whatsapp/src/channel.ts
@@ -6,23 +6,18 @@ import {
 import {
   applyAccountNameToChannelSection,
   buildChannelConfigSchema,
-  collectWhatsAppStatusIssues,
   createActionGate,
+  createWhatsAppOutboundBase,
   DEFAULT_ACCOUNT_ID,
   getChatChannelMeta,
-  listWhatsAppAccountIds,
   listWhatsAppDirectoryGroupsFromConfig,
   listWhatsAppDirectoryPeersFromConfig,
-  looksLikeWhatsAppTargetId,
   migrateBaseNameToDefaultAccount,
   normalizeAccountId,
   normalizeE164,
   formatWhatsAppConfigAllowFromEntries,
-  normalizeWhatsAppMessagingTarget,
   readStringParam,
-  resolveDefaultWhatsAppAccountId,
   resolveWhatsAppOutboundTarget,
-  resolveWhatsAppAccount,
   resolveWhatsAppConfigAllowFrom,
   resolveWhatsAppConfigDefaultTo,
   resolveWhatsAppGroupRequireMention,
@@ -30,13 +25,21 @@ import {
   resolveWhatsAppGroupToolPolicy,
   resolveWhatsAppHeartbeatRecipients,
   resolveWhatsAppMentionStripPatterns,
-  whatsappOnboardingAdapter,
   WhatsAppConfigSchema,
   type ChannelMessageActionName,
   type ChannelPlugin,
-  type ResolvedWhatsAppAccount,
 } from "openclaw/plugin-sdk/whatsapp";
+// WhatsApp-specific imports from local extension code (moved from src/web/ and src/channels/plugins/)
+import {
+  listWhatsAppAccountIds,
+  resolveDefaultWhatsAppAccountId,
+  resolveWhatsAppAccount,
+  type ResolvedWhatsAppAccount,
+} from "./accounts.js";
+import { looksLikeWhatsAppTargetId, normalizeWhatsAppMessagingTarget } from "./normalize.js";
+import { whatsappOnboardingAdapter } from "./onboarding.js";
 import { getWhatsAppRuntime } from "./runtime.js";
+import { collectWhatsAppStatusIssues } from "./status-issues.js";
 
 const meta = getChatChannelMeta("whatsapp");
 
@@ -283,52 +286,16 @@ export const whatsappPlugin: ChannelPlugin<ResolvedWhatsAppAccount> = {
       );
     },
   },
-  outbound: {
-    deliveryMode: "gateway",
+  outbound: createWhatsAppOutboundBase({
     chunker: (text, limit) => getWhatsAppRuntime().channel.text.chunkText(text, limit),
-    chunkerMode: "text",
-    textChunkLimit: 4000,
-    pollMaxOptions: 12,
+    sendMessageWhatsApp: async (...args) =>
+      await getWhatsAppRuntime().channel.whatsapp.sendMessageWhatsApp(...args),
+    sendPollWhatsApp: async (...args) =>
+      await getWhatsAppRuntime().channel.whatsapp.sendPollWhatsApp(...args),
+    shouldLogVerbose: () => getWhatsAppRuntime().logging.shouldLogVerbose(),
     resolveTarget: ({ to, allowFrom, mode }) =>
       resolveWhatsAppOutboundTarget({ to, allowFrom, mode }),
-    sendText: async ({ cfg, to, text, accountId, deps, gifPlayback }) => {
-      const send = deps?.sendWhatsApp ?? getWhatsAppRuntime().channel.whatsapp.sendMessageWhatsApp;
-      const result = await send(to, text, {
-        verbose: false,
-        cfg,
-        accountId: accountId ?? undefined,
-        gifPlayback,
-      });
-      return { channel: "whatsapp", ...result };
-    },
-    sendMedia: async ({
-      cfg,
-      to,
-      text,
-      mediaUrl,
-      mediaLocalRoots,
-      accountId,
-      deps,
-      gifPlayback,
-    }) => {
-      const send = deps?.sendWhatsApp ?? getWhatsAppRuntime().channel.whatsapp.sendMessageWhatsApp;
-      const result = await send(to, text, {
-        verbose: false,
-        cfg,
-        mediaUrl,
-        mediaLocalRoots,
-        accountId: accountId ?? undefined,
-        gifPlayback,
-      });
-      return { channel: "whatsapp", ...result };
-    },
-    sendPoll: async ({ cfg, to, poll, accountId }) =>
-      await getWhatsAppRuntime().channel.whatsapp.sendPollWhatsApp(to, poll, {
-        verbose: getWhatsAppRuntime().logging.shouldLogVerbose(),
-        accountId: accountId ?? undefined,
-        cfg,
-      }),
-  },
+  }),
   auth: {
     login: async ({ cfg, accountId, runtime, verbose }) => {
       const resolvedAccountId = accountId?.trim() || resolveDefaultWhatsAppAccountId(cfg);
diff --git a/src/web/inbound.media.test.ts b/extensions/whatsapp/src/inbound.media.test.ts
similarity index 95%
rename from src/web/inbound.media.test.ts
rename to extensions/whatsapp/src/inbound.media.test.ts
index 82cc0fb83d0..7ed52cace45 100644
--- a/src/web/inbound.media.test.ts
+++ b/extensions/whatsapp/src/inbound.media.test.ts
@@ -8,8 +8,8 @@ const readAllowFromStoreMock = vi.fn().mockResolvedValue([]);
 const upsertPairingRequestMock = vi.fn().mockResolvedValue({ code: "PAIRCODE", created: true });
 const saveMediaBufferSpy = vi.fn();
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: vi.fn().mockReturnValue({
@@ -26,7 +26,7 @@ vi.mock("../config/config.js", async (importOriginal) => {
   };
 });
 
-vi.mock("../pairing/pairing-store.js", () => {
+vi.mock("../../../src/pairing/pairing-store.js", () => {
   return {
     readChannelAllowFromStore(...args: unknown[]) {
       return readAllowFromStoreMock(...args);
@@ -37,8 +37,8 @@ vi.mock("../pairing/pairing-store.js", () => {
   };
 });
 
-vi.mock("../media/store.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../media/store.js")>();
+vi.mock("../../../src/media/store.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/media/store.js")>();
   return {
     ...actual,
     saveMediaBuffer: vi.fn(async (...args: Parameters<typeof actual.saveMediaBuffer>) => {
diff --git a/src/web/inbound.test.ts b/extensions/whatsapp/src/inbound.test.ts
similarity index 100%
rename from src/web/inbound.test.ts
rename to extensions/whatsapp/src/inbound.test.ts
diff --git a/src/web/inbound.ts b/extensions/whatsapp/src/inbound.ts
similarity index 100%
rename from src/web/inbound.ts
rename to extensions/whatsapp/src/inbound.ts
diff --git a/src/web/inbound/access-control.group-policy.test.ts b/extensions/whatsapp/src/inbound/access-control.group-policy.test.ts
similarity index 91%
rename from src/web/inbound/access-control.group-policy.test.ts
rename to extensions/whatsapp/src/inbound/access-control.group-policy.test.ts
index 9b546f7a423..0a508f9739b 100644
--- a/src/web/inbound/access-control.group-policy.test.ts
+++ b/extensions/whatsapp/src/inbound/access-control.group-policy.test.ts
@@ -1,5 +1,5 @@
 import { describe } from "vitest";
-import { installProviderRuntimeGroupPolicyFallbackSuite } from "../../test-utils/runtime-group-policy-contract.js";
+import { installProviderRuntimeGroupPolicyFallbackSuite } from "../../../../src/test-utils/runtime-group-policy-contract.js";
 import { __testing } from "./access-control.js";
 
 describe("resolveWhatsAppRuntimeGroupPolicy", () => {
diff --git a/src/web/inbound/access-control.test-harness.ts b/extensions/whatsapp/src/inbound/access-control.test-harness.ts
similarity index 85%
rename from src/web/inbound/access-control.test-harness.ts
rename to extensions/whatsapp/src/inbound/access-control.test-harness.ts
index 23213ceefcd..a8bf7a9df19 100644
--- a/src/web/inbound/access-control.test-harness.ts
+++ b/extensions/whatsapp/src/inbound/access-control.test-harness.ts
@@ -33,15 +33,15 @@ export function setupAccessControlTestHarness(): void {
   });
 }
 
-vi.mock("../../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../config/config.js")>();
+vi.mock("../../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: () => config,
   };
 });
 
-vi.mock("../../pairing/pairing-store.js", () => ({
+vi.mock("../../../../src/pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: (...args: unknown[]) => readAllowFromStoreMock(...args),
   upsertChannelPairingRequest: (...args: unknown[]) => upsertPairingRequestMock(...args),
 }));
diff --git a/src/web/inbound/access-control.test.ts b/extensions/whatsapp/src/inbound/access-control.test.ts
similarity index 100%
rename from src/web/inbound/access-control.test.ts
rename to extensions/whatsapp/src/inbound/access-control.test.ts
diff --git a/src/web/inbound/access-control.ts b/extensions/whatsapp/src/inbound/access-control.ts
similarity index 94%
rename from src/web/inbound/access-control.ts
rename to extensions/whatsapp/src/inbound/access-control.ts
index a01e27fb6e0..ee81e119392 100644
--- a/src/web/inbound/access-control.ts
+++ b/extensions/whatsapp/src/inbound/access-control.ts
@@ -1,17 +1,17 @@
-import { loadConfig } from "../../config/config.js";
+import { loadConfig } from "../../../../src/config/config.js";
 import {
   resolveOpenProviderRuntimeGroupPolicy,
   resolveDefaultGroupPolicy,
   warnMissingProviderGroupPolicyFallbackOnce,
-} from "../../config/runtime-group-policy.js";
-import { logVerbose } from "../../globals.js";
-import { issuePairingChallenge } from "../../pairing/pairing-challenge.js";
-import { upsertChannelPairingRequest } from "../../pairing/pairing-store.js";
+} from "../../../../src/config/runtime-group-policy.js";
+import { logVerbose } from "../../../../src/globals.js";
+import { issuePairingChallenge } from "../../../../src/pairing/pairing-challenge.js";
+import { upsertChannelPairingRequest } from "../../../../src/pairing/pairing-store.js";
 import {
   readStoreAllowFromForDmPolicy,
   resolveDmGroupAccessWithLists,
-} from "../../security/dm-policy-shared.js";
-import { isSelfChatMode, normalizeE164 } from "../../utils.js";
+} from "../../../../src/security/dm-policy-shared.js";
+import { isSelfChatMode, normalizeE164 } from "../../../../src/utils.js";
 import { resolveWhatsAppAccount } from "../accounts.js";
 
 export type InboundAccessControlResult = {
diff --git a/src/web/inbound/dedupe.ts b/extensions/whatsapp/src/inbound/dedupe.ts
similarity index 85%
rename from src/web/inbound/dedupe.ts
rename to extensions/whatsapp/src/inbound/dedupe.ts
index def359ec949..9d20a25b8c4 100644
--- a/src/web/inbound/dedupe.ts
+++ b/extensions/whatsapp/src/inbound/dedupe.ts
@@ -1,4 +1,4 @@
-import { createDedupeCache } from "../../infra/dedupe.js";
+import { createDedupeCache } from "../../../../src/infra/dedupe.js";
 
 const RECENT_WEB_MESSAGE_TTL_MS = 20 * 60_000;
 const RECENT_WEB_MESSAGE_MAX = 5000;
diff --git a/src/web/inbound/extract.ts b/extensions/whatsapp/src/inbound/extract.ts
similarity index 98%
rename from src/web/inbound/extract.ts
rename to extensions/whatsapp/src/inbound/extract.ts
index 2cd9b8eb38c..a34937c9793 100644
--- a/src/web/inbound/extract.ts
+++ b/extensions/whatsapp/src/inbound/extract.ts
@@ -4,9 +4,9 @@ import {
   getContentType,
   normalizeMessageContent,
 } from "@whiskeysockets/baileys";
-import { formatLocationText, type NormalizedLocation } from "../../channels/location.js";
-import { logVerbose } from "../../globals.js";
-import { jidToE164 } from "../../utils.js";
+import { formatLocationText, type NormalizedLocation } from "../../../../src/channels/location.js";
+import { logVerbose } from "../../../../src/globals.js";
+import { jidToE164 } from "../../../../src/utils.js";
 import { parseVcard } from "../vcard.js";
 
 function unwrapMessage(message: proto.IMessage | undefined): proto.IMessage | undefined {
diff --git a/src/web/inbound/media.node.test.ts b/extensions/whatsapp/src/inbound/media.node.test.ts
similarity index 100%
rename from src/web/inbound/media.node.test.ts
rename to extensions/whatsapp/src/inbound/media.node.test.ts
diff --git a/src/web/inbound/media.ts b/extensions/whatsapp/src/inbound/media.ts
similarity index 97%
rename from src/web/inbound/media.ts
rename to extensions/whatsapp/src/inbound/media.ts
index d6f7d534671..9f2fe70698a 100644
--- a/src/web/inbound/media.ts
+++ b/extensions/whatsapp/src/inbound/media.ts
@@ -1,6 +1,6 @@
 import type { proto, WAMessage } from "@whiskeysockets/baileys";
 import { downloadMediaMessage, normalizeMessageContent } from "@whiskeysockets/baileys";
-import { logVerbose } from "../../globals.js";
+import { logVerbose } from "../../../../src/globals.js";
 import type { createWaSocket } from "../session.js";
 
 function unwrapMessage(message: proto.IMessage | undefined): proto.IMessage | undefined {
diff --git a/src/web/inbound/monitor.ts b/extensions/whatsapp/src/inbound/monitor.ts
similarity index 96%
rename from src/web/inbound/monitor.ts
rename to extensions/whatsapp/src/inbound/monitor.ts
index 6dc2ce5f521..4f2d5541b6a 100644
--- a/src/web/inbound/monitor.ts
+++ b/extensions/whatsapp/src/inbound/monitor.ts
@@ -1,13 +1,13 @@
 import type { AnyMessageContent, proto, WAMessage } from "@whiskeysockets/baileys";
 import { DisconnectReason, isJidGroup } from "@whiskeysockets/baileys";
-import { createInboundDebouncer } from "../../auto-reply/inbound-debounce.js";
-import { formatLocationText } from "../../channels/location.js";
-import { logVerbose, shouldLogVerbose } from "../../globals.js";
-import { recordChannelActivity } from "../../infra/channel-activity.js";
-import { getChildLogger } from "../../logging/logger.js";
-import { createSubsystemLogger } from "../../logging/subsystem.js";
-import { saveMediaBuffer } from "../../media/store.js";
-import { jidToE164, resolveJidToE164 } from "../../utils.js";
+import { createInboundDebouncer } from "../../../../src/auto-reply/inbound-debounce.js";
+import { formatLocationText } from "../../../../src/channels/location.js";
+import { logVerbose, shouldLogVerbose } from "../../../../src/globals.js";
+import { recordChannelActivity } from "../../../../src/infra/channel-activity.js";
+import { getChildLogger } from "../../../../src/logging/logger.js";
+import { createSubsystemLogger } from "../../../../src/logging/subsystem.js";
+import { saveMediaBuffer } from "../../../../src/media/store.js";
+import { jidToE164, resolveJidToE164 } from "../../../../src/utils.js";
 import { createWaSocket, getStatusCode, waitForWaConnection } from "../session.js";
 import { checkInboundAccessControl } from "./access-control.js";
 import { isRecentInboundMessage } from "./dedupe.js";
diff --git a/src/web/inbound/send-api.test.ts b/extensions/whatsapp/src/inbound/send-api.test.ts
similarity index 98%
rename from src/web/inbound/send-api.test.ts
rename to extensions/whatsapp/src/inbound/send-api.test.ts
index daa44a3c69f..e7bfcdce360 100644
--- a/src/web/inbound/send-api.test.ts
+++ b/extensions/whatsapp/src/inbound/send-api.test.ts
@@ -1,7 +1,7 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
 
 const recordChannelActivity = vi.fn();
-vi.mock("../../infra/channel-activity.js", () => ({
+vi.mock("../../../../src/infra/channel-activity.js", () => ({
   recordChannelActivity: (...args: unknown[]) => recordChannelActivity(...args),
 }));
 
diff --git a/src/web/inbound/send-api.ts b/extensions/whatsapp/src/inbound/send-api.ts
similarity index 96%
rename from src/web/inbound/send-api.ts
rename to extensions/whatsapp/src/inbound/send-api.ts
index f0e5ea764fa..a5619383415 100644
--- a/src/web/inbound/send-api.ts
+++ b/extensions/whatsapp/src/inbound/send-api.ts
@@ -1,6 +1,6 @@
 import type { AnyMessageContent, WAPresence } from "@whiskeysockets/baileys";
-import { recordChannelActivity } from "../../infra/channel-activity.js";
-import { toWhatsappJid } from "../../utils.js";
+import { recordChannelActivity } from "../../../../src/infra/channel-activity.js";
+import { toWhatsappJid } from "../../../../src/utils.js";
 import type { ActiveWebSendOptions } from "../active-listener.js";
 
 function recordWhatsAppOutbound(accountId: string) {
diff --git a/src/web/inbound/types.ts b/extensions/whatsapp/src/inbound/types.ts
similarity index 93%
rename from src/web/inbound/types.ts
rename to extensions/whatsapp/src/inbound/types.ts
index c9b49e945b5..c9c97810bad 100644
--- a/src/web/inbound/types.ts
+++ b/extensions/whatsapp/src/inbound/types.ts
@@ -1,5 +1,5 @@
 import type { AnyMessageContent } from "@whiskeysockets/baileys";
-import type { NormalizedLocation } from "../../channels/location.js";
+import type { NormalizedLocation } from "../../../../src/channels/location.js";
 
 export type WebListenerCloseReason = {
   status?: number;
diff --git a/src/web/login-qr.test.ts b/extensions/whatsapp/src/login-qr.test.ts
similarity index 100%
rename from src/web/login-qr.test.ts
rename to extensions/whatsapp/src/login-qr.test.ts
diff --git a/src/web/login-qr.ts b/extensions/whatsapp/src/login-qr.ts
similarity index 97%
rename from src/web/login-qr.ts
rename to extensions/whatsapp/src/login-qr.ts
index f913bf4d04b..a54e3fe56b2 100644
--- a/src/web/login-qr.ts
+++ b/extensions/whatsapp/src/login-qr.ts
@@ -1,9 +1,9 @@
 import { randomUUID } from "node:crypto";
 import { DisconnectReason } from "@whiskeysockets/baileys";
-import { loadConfig } from "../config/config.js";
-import { danger, info, success } from "../globals.js";
-import { logInfo } from "../logger.js";
-import { defaultRuntime, type RuntimeEnv } from "../runtime.js";
+import { loadConfig } from "../../../src/config/config.js";
+import { danger, info, success } from "../../../src/globals.js";
+import { logInfo } from "../../../src/logger.js";
+import { defaultRuntime, type RuntimeEnv } from "../../../src/runtime.js";
 import { resolveWhatsAppAccount } from "./accounts.js";
 import { renderQrPngBase64 } from "./qr-image.js";
 import {
diff --git a/src/web/login.coverage.test.ts b/extensions/whatsapp/src/login.coverage.test.ts
similarity index 98%
rename from src/web/login.coverage.test.ts
rename to extensions/whatsapp/src/login.coverage.test.ts
index 8b3673006eb..6306228693a 100644
--- a/src/web/login.coverage.test.ts
+++ b/extensions/whatsapp/src/login.coverage.test.ts
@@ -14,7 +14,7 @@ function resolveTestAuthDir() {
 
 const authDir = resolveTestAuthDir();
 
-vi.mock("../config/config.js", () => ({
+vi.mock("../../../src/config/config.js", () => ({
   loadConfig: () =>
     ({
       channels: {
diff --git a/src/web/login.test.ts b/extensions/whatsapp/src/login.test.ts
similarity index 93%
rename from src/web/login.test.ts
rename to extensions/whatsapp/src/login.test.ts
index 545c47af9a6..96a9cff2c10 100644
--- a/src/web/login.test.ts
+++ b/extensions/whatsapp/src/login.test.ts
@@ -2,7 +2,7 @@ import { EventEmitter } from "node:events";
 import { readFile } from "node:fs/promises";
 import { resolve } from "node:path";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { resetLogger, setLoggerOverride } from "../logging.js";
+import { resetLogger, setLoggerOverride } from "../../../src/logging.js";
 import { renderQrPngBase64 } from "./qr-image.js";
 
 vi.mock("./session.js", () => {
@@ -61,7 +61,7 @@ describe("renderQrPngBase64", () => {
   });
 
   it("avoids dynamic require of qrcode-terminal vendor modules", async () => {
-    const sourcePath = resolve(process.cwd(), "src/web/qr-image.ts");
+    const sourcePath = resolve(process.cwd(), "extensions/whatsapp/src/qr-image.ts");
     const source = await readFile(sourcePath, "utf-8");
     expect(source).not.toContain("createRequire(");
     expect(source).not.toContain('require("qrcode-terminal/vendor/QRCode")');
diff --git a/src/web/login.ts b/extensions/whatsapp/src/login.ts
similarity index 88%
rename from src/web/login.ts
rename to extensions/whatsapp/src/login.ts
index b336f8ebe4f..3eae0732c5d 100644
--- a/src/web/login.ts
+++ b/extensions/whatsapp/src/login.ts
@@ -1,9 +1,9 @@
 import { DisconnectReason } from "@whiskeysockets/baileys";
-import { formatCliCommand } from "../cli/command-format.js";
-import { loadConfig } from "../config/config.js";
-import { danger, info, success } from "../globals.js";
-import { logInfo } from "../logger.js";
-import { defaultRuntime, type RuntimeEnv } from "../runtime.js";
+import { formatCliCommand } from "../../../src/cli/command-format.js";
+import { loadConfig } from "../../../src/config/config.js";
+import { danger, info, success } from "../../../src/globals.js";
+import { logInfo } from "../../../src/logger.js";
+import { defaultRuntime, type RuntimeEnv } from "../../../src/runtime.js";
 import { resolveWhatsAppAccount } from "./accounts.js";
 import { createWaSocket, formatError, logoutWeb, waitForWaConnection } from "./session.js";
 
diff --git a/src/web/logout.test.ts b/extensions/whatsapp/src/logout.test.ts
similarity index 100%
rename from src/web/logout.test.ts
rename to extensions/whatsapp/src/logout.test.ts
diff --git a/src/web/media.test.ts b/extensions/whatsapp/src/media.test.ts
similarity index 96%
rename from src/web/media.test.ts
rename to extensions/whatsapp/src/media.test.ts
index 27a7d6ccb19..e21d58b4bb7 100644
--- a/src/web/media.test.ts
+++ b/extensions/whatsapp/src/media.test.ts
@@ -3,12 +3,12 @@ import os from "node:os";
 import path from "node:path";
 import sharp from "sharp";
 import { afterAll, afterEach, beforeAll, describe, expect, it, vi } from "vitest";
-import { resolveStateDir } from "../config/paths.js";
-import { sendVoiceMessageDiscord } from "../discord/send.js";
-import { resolvePreferredOpenClawTmpDir } from "../infra/tmp-openclaw-dir.js";
-import { optimizeImageToPng } from "../media/image-ops.js";
-import { mockPinnedHostnameResolution } from "../test-helpers/ssrf.js";
-import { captureEnv } from "../test-utils/env.js";
+import { resolveStateDir } from "../../../src/config/paths.js";
+import { resolvePreferredOpenClawTmpDir } from "../../../src/infra/tmp-openclaw-dir.js";
+import { optimizeImageToPng } from "../../../src/media/image-ops.js";
+import { mockPinnedHostnameResolution } from "../../../src/test-helpers/ssrf.js";
+import { captureEnv } from "../../../src/test-utils/env.js";
+import { sendVoiceMessageDiscord } from "../../discord/src/send.js";
 import {
   LocalMediaAccessError,
   loadWebMedia,
@@ -18,9 +18,10 @@ import {
 
 const convertHeicToJpegMock = vi.fn();
 
-vi.mock("../media/image-ops.js", async () => {
-  const actual =
-    await vi.importActual<typeof import("../media/image-ops.js")>("../media/image-ops.js");
+vi.mock("../../../src/media/image-ops.js", async () => {
+  const actual = await vi.importActual<typeof import("../../../src/media/image-ops.js")>(
+    "../../../src/media/image-ops.js",
+  );
   return {
     ...actual,
     convertHeicToJpeg: (...args: unknown[]) => convertHeicToJpegMock(...args),
diff --git a/src/web/media.ts b/extensions/whatsapp/src/media.ts
similarity index 95%
rename from src/web/media.ts
rename to extensions/whatsapp/src/media.ts
index 200a2b03379..2b297ef8907 100644
--- a/src/web/media.ts
+++ b/extensions/whatsapp/src/media.ts
@@ -1,20 +1,20 @@
 import fs from "node:fs/promises";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
-import { logVerbose, shouldLogVerbose } from "../globals.js";
-import { SafeOpenError, readLocalFileSafely } from "../infra/fs-safe.js";
-import type { SsrFPolicy } from "../infra/net/ssrf.js";
-import { type MediaKind, maxBytesForKind } from "../media/constants.js";
-import { fetchRemoteMedia } from "../media/fetch.js";
+import { logVerbose, shouldLogVerbose } from "../../../src/globals.js";
+import { SafeOpenError, readLocalFileSafely } from "../../../src/infra/fs-safe.js";
+import type { SsrFPolicy } from "../../../src/infra/net/ssrf.js";
+import { type MediaKind, maxBytesForKind } from "../../../src/media/constants.js";
+import { fetchRemoteMedia } from "../../../src/media/fetch.js";
 import {
   convertHeicToJpeg,
   hasAlphaChannel,
   optimizeImageToPng,
   resizeToJpeg,
-} from "../media/image-ops.js";
-import { getDefaultMediaLocalRoots } from "../media/local-roots.js";
-import { detectMime, extensionForMime, kindFromMime } from "../media/mime.js";
-import { resolveUserPath } from "../utils.js";
+} from "../../../src/media/image-ops.js";
+import { getDefaultMediaLocalRoots } from "../../../src/media/local-roots.js";
+import { detectMime, extensionForMime, kindFromMime } from "../../../src/media/mime.js";
+import { resolveUserPath } from "../../../src/utils.js";
 
 export type WebMediaResult = {
   buffer: Buffer;
diff --git a/src/web/monitor-inbox.allows-messages-from-senders-allowfrom-list.test.ts b/extensions/whatsapp/src/monitor-inbox.allows-messages-from-senders-allowfrom-list.test.ts
similarity index 100%
rename from src/web/monitor-inbox.allows-messages-from-senders-allowfrom-list.test.ts
rename to extensions/whatsapp/src/monitor-inbox.allows-messages-from-senders-allowfrom-list.test.ts
diff --git a/src/web/monitor-inbox.blocks-messages-from-unauthorized-senders-not-allowfrom.test.ts b/extensions/whatsapp/src/monitor-inbox.blocks-messages-from-unauthorized-senders-not-allowfrom.test.ts
similarity index 100%
rename from src/web/monitor-inbox.blocks-messages-from-unauthorized-senders-not-allowfrom.test.ts
rename to extensions/whatsapp/src/monitor-inbox.blocks-messages-from-unauthorized-senders-not-allowfrom.test.ts
diff --git a/src/web/monitor-inbox.captures-media-path-image-messages.test.ts b/extensions/whatsapp/src/monitor-inbox.captures-media-path-image-messages.test.ts
similarity index 99%
rename from src/web/monitor-inbox.captures-media-path-image-messages.test.ts
rename to extensions/whatsapp/src/monitor-inbox.captures-media-path-image-messages.test.ts
index 0913fb34103..d9d9593c49b 100644
--- a/src/web/monitor-inbox.captures-media-path-image-messages.test.ts
+++ b/extensions/whatsapp/src/monitor-inbox.captures-media-path-image-messages.test.ts
@@ -4,7 +4,7 @@ import os from "node:os";
 import path from "node:path";
 import "./monitor-inbox.test-harness.js";
 import { describe, expect, it, vi } from "vitest";
-import { setLoggerOverride } from "../logging.js";
+import { setLoggerOverride } from "../../../src/logging.js";
 import { monitorWebInbox } from "./inbound.js";
 import {
   DEFAULT_ACCOUNT_ID,
diff --git a/src/web/monitor-inbox.streams-inbound-messages.test.ts b/extensions/whatsapp/src/monitor-inbox.streams-inbound-messages.test.ts
similarity index 100%
rename from src/web/monitor-inbox.streams-inbound-messages.test.ts
rename to extensions/whatsapp/src/monitor-inbox.streams-inbound-messages.test.ts
diff --git a/src/web/monitor-inbox.test-harness.ts b/extensions/whatsapp/src/monitor-inbox.test-harness.ts
similarity index 85%
rename from src/web/monitor-inbox.test-harness.ts
rename to extensions/whatsapp/src/monitor-inbox.test-harness.ts
index a4e9f62f92b..43bc731c459 100644
--- a/src/web/monitor-inbox.test-harness.ts
+++ b/extensions/whatsapp/src/monitor-inbox.test-harness.ts
@@ -3,7 +3,7 @@ import fsSync from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { afterEach, beforeEach, expect, vi } from "vitest";
-import { resetLogger, setLoggerOverride } from "../logging.js";
+import { resetLogger, setLoggerOverride } from "../../../src/logging.js";
 
 // Avoid exporting vitest mock types (TS2742 under pnpm + d.ts emit).
 // oxlint-disable-next-line typescript/no-explicit-any
@@ -81,24 +81,28 @@ function getPairingStoreMocks() {
 
 const sock: MockSock = createMockSock();
 
-vi.mock("../media/store.js", () => ({
-  saveMediaBuffer: vi.fn().mockResolvedValue({
-    id: "mid",
-    path: "/tmp/mid",
-    size: 1,
-    contentType: "image/jpeg",
-  }),
-}));
+vi.mock("../../../src/media/store.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/media/store.js")>();
+  return {
+    ...actual,
+    saveMediaBuffer: vi.fn().mockResolvedValue({
+      id: "mid",
+      path: "/tmp/mid",
+      size: 1,
+      contentType: "image/jpeg",
+    }),
+  };
+});
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: () => mockLoadConfig(),
   };
 });
 
-vi.mock("../pairing/pairing-store.js", () => getPairingStoreMocks());
+vi.mock("../../../src/pairing/pairing-store.js", () => getPairingStoreMocks());
 
 vi.mock("./session.js", () => ({
   createWaSocket: vi.fn().mockResolvedValue(sock),
diff --git a/extensions/whatsapp/src/normalize.ts b/extensions/whatsapp/src/normalize.ts
new file mode 100644
index 00000000000..319dabe25bd
--- /dev/null
+++ b/extensions/whatsapp/src/normalize.ts
@@ -0,0 +1,28 @@
+import {
+  looksLikeHandleOrPhoneTarget,
+  trimMessagingTarget,
+} from "../../../src/channels/plugins/normalize/shared.js";
+import { normalizeWhatsAppTarget } from "../../../src/whatsapp/normalize.js";
+
+export function normalizeWhatsAppMessagingTarget(raw: string): string | undefined {
+  const trimmed = trimMessagingTarget(raw);
+  if (!trimmed) {
+    return undefined;
+  }
+  return normalizeWhatsAppTarget(trimmed) ?? undefined;
+}
+
+export function normalizeWhatsAppAllowFromEntries(allowFrom: Array<string | number>): string[] {
+  return allowFrom
+    .map((entry) => String(entry).trim())
+    .filter((entry): entry is string => Boolean(entry))
+    .map((entry) => (entry === "*" ? entry : normalizeWhatsAppTarget(entry)))
+    .filter((entry): entry is string => Boolean(entry));
+}
+
+export function looksLikeWhatsAppTargetId(raw: string): boolean {
+  return looksLikeHandleOrPhoneTarget({
+    raw,
+    prefixPattern: /^whatsapp:/i,
+  });
+}
diff --git a/src/channels/plugins/onboarding/whatsapp.test.ts b/extensions/whatsapp/src/onboarding.test.ts
similarity index 94%
rename from src/channels/plugins/onboarding/whatsapp.test.ts
rename to extensions/whatsapp/src/onboarding.test.ts
index 369499bf0fb..b046928cf15 100644
--- a/src/channels/plugins/onboarding/whatsapp.test.ts
+++ b/extensions/whatsapp/src/onboarding.test.ts
@@ -1,8 +1,8 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { DEFAULT_ACCOUNT_ID } from "../../../routing/session-key.js";
-import type { RuntimeEnv } from "../../../runtime.js";
-import type { WizardPrompter } from "../../../wizard/prompts.js";
-import { whatsappOnboardingAdapter } from "./whatsapp.js";
+import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
+import type { WizardPrompter } from "../../../src/wizard/prompts.js";
+import { whatsappOnboardingAdapter } from "./onboarding.js";
 
 const loginWebMock = vi.hoisted(() => vi.fn(async () => {}));
 const pathExistsMock = vi.hoisted(() => vi.fn(async () => false));
@@ -14,19 +14,20 @@ const resolveWhatsAppAuthDirMock = vi.hoisted(() =>
   })),
 );
 
-vi.mock("../../../channel-web.js", () => ({
+vi.mock("../../../src/channel-web.js", () => ({
   loginWeb: loginWebMock,
 }));
 
-vi.mock("../../../utils.js", async () => {
-  const actual = await vi.importActual<typeof import("../../../utils.js")>("../../../utils.js");
+vi.mock("../../../src/utils.js", async () => {
+  const actual =
+    await vi.importActual<typeof import("../../../src/utils.js")>("../../../src/utils.js");
   return {
     ...actual,
     pathExists: pathExistsMock,
   };
 });
 
-vi.mock("../../../web/accounts.js", () => ({
+vi.mock("./accounts.js", () => ({
   listWhatsAppAccountIds: listWhatsAppAccountIdsMock,
   resolveDefaultWhatsAppAccountId: resolveDefaultWhatsAppAccountIdMock,
   resolveWhatsAppAuthDir: resolveWhatsAppAuthDirMock,
diff --git a/extensions/whatsapp/src/onboarding.ts b/extensions/whatsapp/src/onboarding.ts
new file mode 100644
index 00000000000..e68fc42a5c3
--- /dev/null
+++ b/extensions/whatsapp/src/onboarding.ts
@@ -0,0 +1,354 @@
+import path from "node:path";
+import { loginWeb } from "../../../src/channel-web.js";
+import type { ChannelOnboardingAdapter } from "../../../src/channels/plugins/onboarding-types.js";
+import {
+  normalizeAllowFromEntries,
+  resolveAccountIdForConfigure,
+  resolveOnboardingAccountId,
+  splitOnboardingEntries,
+} from "../../../src/channels/plugins/onboarding/helpers.js";
+import { formatCliCommand } from "../../../src/cli/command-format.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { mergeWhatsAppConfig } from "../../../src/config/merge-config.js";
+import type { DmPolicy } from "../../../src/config/types.js";
+import { DEFAULT_ACCOUNT_ID } from "../../../src/routing/session-key.js";
+import type { RuntimeEnv } from "../../../src/runtime.js";
+import { formatDocsLink } from "../../../src/terminal/links.js";
+import { normalizeE164, pathExists } from "../../../src/utils.js";
+import type { WizardPrompter } from "../../../src/wizard/prompts.js";
+import {
+  listWhatsAppAccountIds,
+  resolveDefaultWhatsAppAccountId,
+  resolveWhatsAppAuthDir,
+} from "./accounts.js";
+
+const channel = "whatsapp" as const;
+
+function setWhatsAppDmPolicy(cfg: OpenClawConfig, dmPolicy: DmPolicy): OpenClawConfig {
+  return mergeWhatsAppConfig(cfg, { dmPolicy });
+}
+
+function setWhatsAppAllowFrom(cfg: OpenClawConfig, allowFrom?: string[]): OpenClawConfig {
+  return mergeWhatsAppConfig(cfg, { allowFrom }, { unsetOnUndefined: ["allowFrom"] });
+}
+
+function setWhatsAppSelfChatMode(cfg: OpenClawConfig, selfChatMode: boolean): OpenClawConfig {
+  return mergeWhatsAppConfig(cfg, { selfChatMode });
+}
+
+async function detectWhatsAppLinked(cfg: OpenClawConfig, accountId: string): Promise<boolean> {
+  const { authDir } = resolveWhatsAppAuthDir({ cfg, accountId });
+  const credsPath = path.join(authDir, "creds.json");
+  return await pathExists(credsPath);
+}
+
+async function promptWhatsAppOwnerAllowFrom(params: {
+  prompter: WizardPrompter;
+  existingAllowFrom: string[];
+}): Promise<{ normalized: string; allowFrom: string[] }> {
+  const { prompter, existingAllowFrom } = params;
+
+  await prompter.note(
+    "We need the sender/owner number so OpenClaw can allowlist you.",
+    "WhatsApp number",
+  );
+  const entry = await prompter.text({
+    message: "Your personal WhatsApp number (the phone you will message from)",
+    placeholder: "+15555550123",
+    initialValue: existingAllowFrom[0],
+    validate: (value) => {
+      const raw = String(value ?? "").trim();
+      if (!raw) {
+        return "Required";
+      }
+      const normalized = normalizeE164(raw);
+      if (!normalized) {
+        return `Invalid number: ${raw}`;
+      }
+      return undefined;
+    },
+  });
+
+  const normalized = normalizeE164(String(entry).trim());
+  if (!normalized) {
+    throw new Error("Invalid WhatsApp owner number (expected E.164 after validation).");
+  }
+  const allowFrom = normalizeAllowFromEntries(
+    [...existingAllowFrom.filter((item) => item !== "*"), normalized],
+    normalizeE164,
+  );
+  return { normalized, allowFrom };
+}
+
+async function applyWhatsAppOwnerAllowlist(params: {
+  cfg: OpenClawConfig;
+  prompter: WizardPrompter;
+  existingAllowFrom: string[];
+  title: string;
+  messageLines: string[];
+}): Promise<OpenClawConfig> {
+  const { normalized, allowFrom } = await promptWhatsAppOwnerAllowFrom({
+    prompter: params.prompter,
+    existingAllowFrom: params.existingAllowFrom,
+  });
+  let next = setWhatsAppSelfChatMode(params.cfg, true);
+  next = setWhatsAppDmPolicy(next, "allowlist");
+  next = setWhatsAppAllowFrom(next, allowFrom);
+  await params.prompter.note(
+    [...params.messageLines, `- allowFrom includes ${normalized}`].join("\n"),
+    params.title,
+  );
+  return next;
+}
+
+function parseWhatsAppAllowFromEntries(raw: string): { entries: string[]; invalidEntry?: string } {
+  const parts = splitOnboardingEntries(raw);
+  if (parts.length === 0) {
+    return { entries: [] };
+  }
+  const entries: string[] = [];
+  for (const part of parts) {
+    if (part === "*") {
+      entries.push("*");
+      continue;
+    }
+    const normalized = normalizeE164(part);
+    if (!normalized) {
+      return { entries: [], invalidEntry: part };
+    }
+    entries.push(normalized);
+  }
+  return { entries: normalizeAllowFromEntries(entries, normalizeE164) };
+}
+
+async function promptWhatsAppAllowFrom(
+  cfg: OpenClawConfig,
+  _runtime: RuntimeEnv,
+  prompter: WizardPrompter,
+  options?: { forceAllowlist?: boolean },
+): Promise<OpenClawConfig> {
+  const existingPolicy = cfg.channels?.whatsapp?.dmPolicy ?? "pairing";
+  const existingAllowFrom = cfg.channels?.whatsapp?.allowFrom ?? [];
+  const existingLabel = existingAllowFrom.length > 0 ? existingAllowFrom.join(", ") : "unset";
+
+  if (options?.forceAllowlist) {
+    return await applyWhatsAppOwnerAllowlist({
+      cfg,
+      prompter,
+      existingAllowFrom,
+      title: "WhatsApp allowlist",
+      messageLines: ["Allowlist mode enabled."],
+    });
+  }
+
+  await prompter.note(
+    [
+      "WhatsApp direct chats are gated by `channels.whatsapp.dmPolicy` + `channels.whatsapp.allowFrom`.",
+      "- pairing (default): unknown senders get a pairing code; owner approves",
+      "- allowlist: unknown senders are blocked",
+      '- open: public inbound DMs (requires allowFrom to include "*")',
+      "- disabled: ignore WhatsApp DMs",
+      "",
+      `Current: dmPolicy=${existingPolicy}, allowFrom=${existingLabel}`,
+      `Docs: ${formatDocsLink("/whatsapp", "whatsapp")}`,
+    ].join("\n"),
+    "WhatsApp DM access",
+  );
+
+  const phoneMode = await prompter.select({
+    message: "WhatsApp phone setup",
+    options: [
+      { value: "personal", label: "This is my personal phone number" },
+      { value: "separate", label: "Separate phone just for OpenClaw" },
+    ],
+  });
+
+  if (phoneMode === "personal") {
+    return await applyWhatsAppOwnerAllowlist({
+      cfg,
+      prompter,
+      existingAllowFrom,
+      title: "WhatsApp personal phone",
+      messageLines: [
+        "Personal phone mode enabled.",
+        "- dmPolicy set to allowlist (pairing skipped)",
+      ],
+    });
+  }
+
+  const policy = (await prompter.select({
+    message: "WhatsApp DM policy",
+    options: [
+      { value: "pairing", label: "Pairing (recommended)" },
+      { value: "allowlist", label: "Allowlist only (block unknown senders)" },
+      { value: "open", label: "Open (public inbound DMs)" },
+      { value: "disabled", label: "Disabled (ignore WhatsApp DMs)" },
+    ],
+  })) as DmPolicy;
+
+  let next = setWhatsAppSelfChatMode(cfg, false);
+  next = setWhatsAppDmPolicy(next, policy);
+  if (policy === "open") {
+    const allowFrom = normalizeAllowFromEntries(["*", ...existingAllowFrom], normalizeE164);
+    next = setWhatsAppAllowFrom(next, allowFrom.length > 0 ? allowFrom : ["*"]);
+    return next;
+  }
+  if (policy === "disabled") {
+    return next;
+  }
+
+  const allowOptions =
+    existingAllowFrom.length > 0
+      ? ([
+          { value: "keep", label: "Keep current allowFrom" },
+          {
+            value: "unset",
+            label: "Unset allowFrom (use pairing approvals only)",
+          },
+          { value: "list", label: "Set allowFrom to specific numbers" },
+        ] as const)
+      : ([
+          { value: "unset", label: "Unset allowFrom (default)" },
+          { value: "list", label: "Set allowFrom to specific numbers" },
+        ] as const);
+
+  const mode = await prompter.select({
+    message: "WhatsApp allowFrom (optional pre-allowlist)",
+    options: allowOptions.map((opt) => ({
+      value: opt.value,
+      label: opt.label,
+    })),
+  });
+
+  if (mode === "keep") {
+    // Keep allowFrom as-is.
+  } else if (mode === "unset") {
+    next = setWhatsAppAllowFrom(next, undefined);
+  } else {
+    const allowRaw = await prompter.text({
+      message: "Allowed sender numbers (comma-separated, E.164)",
+      placeholder: "+15555550123, +447700900123",
+      validate: (value) => {
+        const raw = String(value ?? "").trim();
+        if (!raw) {
+          return "Required";
+        }
+        const parsed = parseWhatsAppAllowFromEntries(raw);
+        if (parsed.entries.length === 0 && !parsed.invalidEntry) {
+          return "Required";
+        }
+        if (parsed.invalidEntry) {
+          return `Invalid number: ${parsed.invalidEntry}`;
+        }
+        return undefined;
+      },
+    });
+
+    const parsed = parseWhatsAppAllowFromEntries(String(allowRaw));
+    next = setWhatsAppAllowFrom(next, parsed.entries);
+  }
+
+  return next;
+}
+
+export const whatsappOnboardingAdapter: ChannelOnboardingAdapter = {
+  channel,
+  getStatus: async ({ cfg, accountOverrides }) => {
+    const defaultAccountId = resolveDefaultWhatsAppAccountId(cfg);
+    const accountId = resolveOnboardingAccountId({
+      accountId: accountOverrides.whatsapp,
+      defaultAccountId,
+    });
+    const linked = await detectWhatsAppLinked(cfg, accountId);
+    const accountLabel = accountId === DEFAULT_ACCOUNT_ID ? "default" : accountId;
+    return {
+      channel,
+      configured: linked,
+      statusLines: [`WhatsApp (${accountLabel}): ${linked ? "linked" : "not linked"}`],
+      selectionHint: linked ? "linked" : "not linked",
+      quickstartScore: linked ? 5 : 4,
+    };
+  },
+  configure: async ({
+    cfg,
+    runtime,
+    prompter,
+    options,
+    accountOverrides,
+    shouldPromptAccountIds,
+    forceAllowFrom,
+  }) => {
+    const accountId = await resolveAccountIdForConfigure({
+      cfg,
+      prompter,
+      label: "WhatsApp",
+      accountOverride: accountOverrides.whatsapp,
+      shouldPromptAccountIds: Boolean(shouldPromptAccountIds || options?.promptWhatsAppAccountId),
+      listAccountIds: listWhatsAppAccountIds,
+      defaultAccountId: resolveDefaultWhatsAppAccountId(cfg),
+    });
+
+    let next = cfg;
+    if (accountId !== DEFAULT_ACCOUNT_ID) {
+      next = {
+        ...next,
+        channels: {
+          ...next.channels,
+          whatsapp: {
+            ...next.channels?.whatsapp,
+            accounts: {
+              ...next.channels?.whatsapp?.accounts,
+              [accountId]: {
+                ...next.channels?.whatsapp?.accounts?.[accountId],
+                enabled: next.channels?.whatsapp?.accounts?.[accountId]?.enabled ?? true,
+              },
+            },
+          },
+        },
+      };
+    }
+
+    const linked = await detectWhatsAppLinked(next, accountId);
+    const { authDir } = resolveWhatsAppAuthDir({
+      cfg: next,
+      accountId,
+    });
+
+    if (!linked) {
+      await prompter.note(
+        [
+          "Scan the QR with WhatsApp on your phone.",
+          `Credentials are stored under ${authDir}/ for future runs.`,
+          `Docs: ${formatDocsLink("/whatsapp", "whatsapp")}`,
+        ].join("\n"),
+        "WhatsApp linking",
+      );
+    }
+    const wantsLink = await prompter.confirm({
+      message: linked ? "WhatsApp already linked. Re-link now?" : "Link WhatsApp now (QR)?",
+      initialValue: !linked,
+    });
+    if (wantsLink) {
+      try {
+        await loginWeb(false, undefined, runtime, accountId);
+      } catch (err) {
+        runtime.error(`WhatsApp login failed: ${String(err)}`);
+        await prompter.note(`Docs: ${formatDocsLink("/whatsapp", "whatsapp")}`, "WhatsApp help");
+      }
+    } else if (!linked) {
+      await prompter.note(
+        `Run \`${formatCliCommand("openclaw channels login")}\` later to link WhatsApp.`,
+        "WhatsApp",
+      );
+    }
+
+    next = await promptWhatsAppAllowFrom(next, runtime, prompter, {
+      forceAllowlist: forceAllowFrom,
+    });
+
+    return { cfg: next, accountId };
+  },
+  onAccountRecorded: (accountId, options) => {
+    options?.onWhatsAppAccountId?.(accountId);
+  },
+};
diff --git a/src/channels/plugins/outbound/whatsapp.poll.test.ts b/extensions/whatsapp/src/outbound-adapter.poll.test.ts
similarity index 82%
rename from src/channels/plugins/outbound/whatsapp.poll.test.ts
rename to extensions/whatsapp/src/outbound-adapter.poll.test.ts
index 7164a6b152e..46c9696cc98 100644
--- a/src/channels/plugins/outbound/whatsapp.poll.test.ts
+++ b/extensions/whatsapp/src/outbound-adapter.poll.test.ts
@@ -1,19 +1,19 @@
 import { describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../../../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 
 const hoisted = vi.hoisted(() => ({
   sendPollWhatsApp: vi.fn(async () => ({ messageId: "poll-1", toJid: "1555@s.whatsapp.net" })),
 }));
 
-vi.mock("../../../globals.js", () => ({
+vi.mock("../../../src/globals.js", () => ({
   shouldLogVerbose: () => false,
 }));
 
-vi.mock("../../../web/outbound.js", () => ({
+vi.mock("./send.js", () => ({
   sendPollWhatsApp: hoisted.sendPollWhatsApp,
 }));
 
-import { whatsappOutbound } from "./whatsapp.js";
+import { whatsappOutbound } from "./outbound-adapter.js";
 
 describe("whatsappOutbound sendPoll", () => {
   it("threads cfg through poll send options", async () => {
diff --git a/src/channels/plugins/outbound/whatsapp.sendpayload.test.ts b/extensions/whatsapp/src/outbound-adapter.sendpayload.test.ts
similarity index 94%
rename from src/channels/plugins/outbound/whatsapp.sendpayload.test.ts
rename to extensions/whatsapp/src/outbound-adapter.sendpayload.test.ts
index 943c8a8ba9b..81f30ea1c71 100644
--- a/src/channels/plugins/outbound/whatsapp.sendpayload.test.ts
+++ b/extensions/whatsapp/src/outbound-adapter.sendpayload.test.ts
@@ -1,10 +1,10 @@
 import { describe, expect, it, vi } from "vitest";
-import type { ReplyPayload } from "../../../auto-reply/types.js";
+import type { ReplyPayload } from "../../../src/auto-reply/types.js";
 import {
   installSendPayloadContractSuite,
   primeSendMock,
-} from "../../../test-utils/send-payload-contract.js";
-import { whatsappOutbound } from "./whatsapp.js";
+} from "../../../src/test-utils/send-payload-contract.js";
+import { whatsappOutbound } from "./outbound-adapter.js";
 
 function createHarness(params: {
   payload: ReplyPayload;
diff --git a/extensions/whatsapp/src/outbound-adapter.ts b/extensions/whatsapp/src/outbound-adapter.ts
new file mode 100644
index 00000000000..ba84e336d0e
--- /dev/null
+++ b/extensions/whatsapp/src/outbound-adapter.ts
@@ -0,0 +1,76 @@
+import { chunkText } from "../../../src/auto-reply/chunk.js";
+import { sendTextMediaPayload } from "../../../src/channels/plugins/outbound/direct-text-media.js";
+import type { ChannelOutboundAdapter } from "../../../src/channels/plugins/types.js";
+import { shouldLogVerbose } from "../../../src/globals.js";
+import { resolveOutboundSendDep } from "../../../src/infra/outbound/send-deps.js";
+import { resolveWhatsAppOutboundTarget } from "../../../src/whatsapp/resolve-outbound-target.js";
+import { sendMessageWhatsApp, sendPollWhatsApp } from "./send.js";
+
+function trimLeadingWhitespace(text: string | undefined): string {
+  return text?.trimStart() ?? "";
+}
+
+export const whatsappOutbound: ChannelOutboundAdapter = {
+  deliveryMode: "gateway",
+  chunker: chunkText,
+  chunkerMode: "text",
+  textChunkLimit: 4000,
+  pollMaxOptions: 12,
+  resolveTarget: ({ to, allowFrom, mode }) =>
+    resolveWhatsAppOutboundTarget({ to, allowFrom, mode }),
+  sendPayload: async (ctx) => {
+    const text = trimLeadingWhitespace(ctx.payload.text);
+    const hasMedia = Boolean(ctx.payload.mediaUrl) || (ctx.payload.mediaUrls?.length ?? 0) > 0;
+    if (!text && !hasMedia) {
+      return { channel: "whatsapp", messageId: "" };
+    }
+    return await sendTextMediaPayload({
+      channel: "whatsapp",
+      ctx: {
+        ...ctx,
+        payload: {
+          ...ctx.payload,
+          text,
+        },
+      },
+      adapter: whatsappOutbound,
+    });
+  },
+  sendText: async ({ cfg, to, text, accountId, deps, gifPlayback }) => {
+    const normalizedText = trimLeadingWhitespace(text);
+    if (!normalizedText) {
+      return { channel: "whatsapp", messageId: "" };
+    }
+    const send =
+      resolveOutboundSendDep<typeof import("./send.js").sendMessageWhatsApp>(deps, "whatsapp") ??
+      (await import("./send.js")).sendMessageWhatsApp;
+    const result = await send(to, normalizedText, {
+      verbose: false,
+      cfg,
+      accountId: accountId ?? undefined,
+      gifPlayback,
+    });
+    return { channel: "whatsapp", ...result };
+  },
+  sendMedia: async ({ cfg, to, text, mediaUrl, mediaLocalRoots, accountId, deps, gifPlayback }) => {
+    const normalizedText = trimLeadingWhitespace(text);
+    const send =
+      resolveOutboundSendDep<typeof import("./send.js").sendMessageWhatsApp>(deps, "whatsapp") ??
+      (await import("./send.js")).sendMessageWhatsApp;
+    const result = await send(to, normalizedText, {
+      verbose: false,
+      cfg,
+      mediaUrl,
+      mediaLocalRoots,
+      accountId: accountId ?? undefined,
+      gifPlayback,
+    });
+    return { channel: "whatsapp", ...result };
+  },
+  sendPoll: async ({ cfg, to, poll, accountId }) =>
+    await sendPollWhatsApp(to, poll, {
+      verbose: shouldLogVerbose(),
+      accountId: accountId ?? undefined,
+      cfg,
+    }),
+};
diff --git a/src/web/qr-image.ts b/extensions/whatsapp/src/qr-image.ts
similarity index 95%
rename from src/web/qr-image.ts
rename to extensions/whatsapp/src/qr-image.ts
index 0def0d5ac72..d4d8b9c7b2f 100644
--- a/src/web/qr-image.ts
+++ b/extensions/whatsapp/src/qr-image.ts
@@ -1,6 +1,6 @@
 import QRCodeModule from "qrcode-terminal/vendor/QRCode/index.js";
 import QRErrorCorrectLevelModule from "qrcode-terminal/vendor/QRCode/QRErrorCorrectLevel.js";
-import { encodePngRgba, fillPixel } from "../media/png-encode.js";
+import { encodePngRgba, fillPixel } from "../../../src/media/png-encode.js";
 
 type QRCodeConstructor = new (
   typeNumber: number,
diff --git a/src/web/reconnect.test.ts b/extensions/whatsapp/src/reconnect.test.ts
similarity index 95%
rename from src/web/reconnect.test.ts
rename to extensions/whatsapp/src/reconnect.test.ts
index 6166a509e57..019ca176b43 100644
--- a/src/web/reconnect.test.ts
+++ b/extensions/whatsapp/src/reconnect.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
 import {
   computeBackoff,
   DEFAULT_HEARTBEAT_SECONDS,
diff --git a/src/web/reconnect.ts b/extensions/whatsapp/src/reconnect.ts
similarity index 83%
rename from src/web/reconnect.ts
rename to extensions/whatsapp/src/reconnect.ts
index eec6f4689e3..d99ddf98ad6 100644
--- a/src/web/reconnect.ts
+++ b/extensions/whatsapp/src/reconnect.ts
@@ -1,8 +1,8 @@
 import { randomUUID } from "node:crypto";
-import type { OpenClawConfig } from "../config/config.js";
-import type { BackoffPolicy } from "../infra/backoff.js";
-import { computeBackoff, sleepWithAbort } from "../infra/backoff.js";
-import { clamp } from "../utils.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import type { BackoffPolicy } from "../../../src/infra/backoff.js";
+import { computeBackoff, sleepWithAbort } from "../../../src/infra/backoff.js";
+import { clamp } from "../../../src/utils.js";
 
 export type ReconnectPolicy = BackoffPolicy & {
   maxAttempts: number;
diff --git a/src/web/outbound.test.ts b/extensions/whatsapp/src/send.test.ts
similarity index 96%
rename from src/web/outbound.test.ts
rename to extensions/whatsapp/src/send.test.ts
index 506d7816630..f45ca9d0d29 100644
--- a/src/web/outbound.test.ts
+++ b/extensions/whatsapp/src/send.test.ts
@@ -3,9 +3,9 @@ import fsSync from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import type { OpenClawConfig } from "../config/config.js";
-import { resetLogger, setLoggerOverride } from "../logging.js";
-import { redactIdentifier } from "../logging/redact-identifier.js";
+import type { OpenClawConfig } from "../../../src/config/config.js";
+import { resetLogger, setLoggerOverride } from "../../../src/logging.js";
+import { redactIdentifier } from "../../../src/logging/redact-identifier.js";
 import { setActiveWebListener } from "./active-listener.js";
 
 const loadWebMediaMock = vi.fn();
@@ -13,7 +13,7 @@ vi.mock("./media.js", () => ({
   loadWebMedia: (...args: unknown[]) => loadWebMediaMock(...args),
 }));
 
-import { sendMessageWhatsApp, sendPollWhatsApp, sendReactionWhatsApp } from "./outbound.js";
+import { sendMessageWhatsApp, sendPollWhatsApp, sendReactionWhatsApp } from "./send.js";
 
 describe("web outbound", () => {
   const sendComposingTo = vi.fn(async () => {});
diff --git a/src/web/outbound.ts b/extensions/whatsapp/src/send.ts
similarity index 90%
rename from src/web/outbound.ts
rename to extensions/whatsapp/src/send.ts
index 1fcaa807c37..4ac9c03faf4 100644
--- a/src/web/outbound.ts
+++ b/extensions/whatsapp/src/send.ts
@@ -1,13 +1,13 @@
-import { loadConfig, type OpenClawConfig } from "../config/config.js";
-import { resolveMarkdownTableMode } from "../config/markdown-tables.js";
-import { generateSecureUuid } from "../infra/secure-random.js";
-import { getChildLogger } from "../logging/logger.js";
-import { redactIdentifier } from "../logging/redact-identifier.js";
-import { createSubsystemLogger } from "../logging/subsystem.js";
-import { convertMarkdownTables } from "../markdown/tables.js";
-import { markdownToWhatsApp } from "../markdown/whatsapp.js";
-import { normalizePollInput, type PollInput } from "../polls.js";
-import { toWhatsappJid } from "../utils.js";
+import { loadConfig, type OpenClawConfig } from "../../../src/config/config.js";
+import { resolveMarkdownTableMode } from "../../../src/config/markdown-tables.js";
+import { generateSecureUuid } from "../../../src/infra/secure-random.js";
+import { getChildLogger } from "../../../src/logging/logger.js";
+import { redactIdentifier } from "../../../src/logging/redact-identifier.js";
+import { createSubsystemLogger } from "../../../src/logging/subsystem.js";
+import { convertMarkdownTables } from "../../../src/markdown/tables.js";
+import { markdownToWhatsApp } from "../../../src/markdown/whatsapp.js";
+import { normalizePollInput, type PollInput } from "../../../src/polls.js";
+import { toWhatsappJid } from "../../../src/utils.js";
 import { resolveWhatsAppAccount, resolveWhatsAppMediaMaxBytes } from "./accounts.js";
 import { type ActiveWebSendOptions, requireActiveWebListener } from "./active-listener.js";
 import { loadWebMedia } from "./media.js";
diff --git a/src/web/session.test.ts b/extensions/whatsapp/src/session.test.ts
similarity index 98%
rename from src/web/session.test.ts
rename to extensions/whatsapp/src/session.test.ts
index 0bf8fefc040..177c8c8e5e6 100644
--- a/src/web/session.test.ts
+++ b/extensions/whatsapp/src/session.test.ts
@@ -2,7 +2,7 @@ import { EventEmitter } from "node:events";
 import fsSync from "node:fs";
 import path from "node:path";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { resetLogger, setLoggerOverride } from "../logging.js";
+import { resetLogger, setLoggerOverride } from "../../../src/logging.js";
 import { baileys, getLastSocket, resetBaileysMocks, resetLoadConfigMock } from "./test-helpers.js";
 
 const { createWaSocket, formatError, logWebSelfId, waitForWaConnection } =
diff --git a/src/web/session.ts b/extensions/whatsapp/src/session.ts
similarity index 96%
rename from src/web/session.ts
rename to extensions/whatsapp/src/session.ts
index 9dc8c6e47ba..db48b49c874 100644
--- a/src/web/session.ts
+++ b/extensions/whatsapp/src/session.ts
@@ -8,11 +8,11 @@ import {
   useMultiFileAuthState,
 } from "@whiskeysockets/baileys";
 import qrcode from "qrcode-terminal";
-import { formatCliCommand } from "../cli/command-format.js";
-import { danger, success } from "../globals.js";
-import { getChildLogger, toPinoLikeLogger } from "../logging.js";
-import { ensureDir, resolveUserPath } from "../utils.js";
-import { VERSION } from "../version.js";
+import { formatCliCommand } from "../../../src/cli/command-format.js";
+import { danger, success } from "../../../src/globals.js";
+import { getChildLogger, toPinoLikeLogger } from "../../../src/logging.js";
+import { ensureDir, resolveUserPath } from "../../../src/utils.js";
+import { VERSION } from "../../../src/version.js";
 import {
   maybeRestoreCredsFromBackup,
   readCredsJsonRaw,
diff --git a/src/channels/plugins/status-issues/whatsapp.test.ts b/extensions/whatsapp/src/status-issues.test.ts
similarity index 95%
rename from src/channels/plugins/status-issues/whatsapp.test.ts
rename to extensions/whatsapp/src/status-issues.test.ts
index 77a4e6ecf59..cc346547932 100644
--- a/src/channels/plugins/status-issues/whatsapp.test.ts
+++ b/extensions/whatsapp/src/status-issues.test.ts
@@ -1,5 +1,5 @@
 import { describe, expect, it } from "vitest";
-import { collectWhatsAppStatusIssues } from "./whatsapp.js";
+import { collectWhatsAppStatusIssues } from "./status-issues.js";
 
 describe("collectWhatsAppStatusIssues", () => {
   it("reports unlinked enabled accounts", () => {
diff --git a/extensions/whatsapp/src/status-issues.ts b/extensions/whatsapp/src/status-issues.ts
new file mode 100644
index 00000000000..bddd6dd7d9d
--- /dev/null
+++ b/extensions/whatsapp/src/status-issues.ts
@@ -0,0 +1,73 @@
+import {
+  asString,
+  collectIssuesForEnabledAccounts,
+  isRecord,
+} from "../../../src/channels/plugins/status-issues/shared.js";
+import type {
+  ChannelAccountSnapshot,
+  ChannelStatusIssue,
+} from "../../../src/channels/plugins/types.js";
+import { formatCliCommand } from "../../../src/cli/command-format.js";
+
+type WhatsAppAccountStatus = {
+  accountId?: unknown;
+  enabled?: unknown;
+  linked?: unknown;
+  connected?: unknown;
+  running?: unknown;
+  reconnectAttempts?: unknown;
+  lastError?: unknown;
+};
+
+function readWhatsAppAccountStatus(value: ChannelAccountSnapshot): WhatsAppAccountStatus | null {
+  if (!isRecord(value)) {
+    return null;
+  }
+  return {
+    accountId: value.accountId,
+    enabled: value.enabled,
+    linked: value.linked,
+    connected: value.connected,
+    running: value.running,
+    reconnectAttempts: value.reconnectAttempts,
+    lastError: value.lastError,
+  };
+}
+
+export function collectWhatsAppStatusIssues(
+  accounts: ChannelAccountSnapshot[],
+): ChannelStatusIssue[] {
+  return collectIssuesForEnabledAccounts({
+    accounts,
+    readAccount: readWhatsAppAccountStatus,
+    collectIssues: ({ account, accountId, issues }) => {
+      const linked = account.linked === true;
+      const running = account.running === true;
+      const connected = account.connected === true;
+      const reconnectAttempts =
+        typeof account.reconnectAttempts === "number" ? account.reconnectAttempts : null;
+      const lastError = asString(account.lastError);
+
+      if (!linked) {
+        issues.push({
+          channel: "whatsapp",
+          accountId,
+          kind: "auth",
+          message: "Not linked (no WhatsApp Web session).",
+          fix: `Run: ${formatCliCommand("openclaw channels login")} (scan QR on the gateway host).`,
+        });
+        return;
+      }
+
+      if (running && !connected) {
+        issues.push({
+          channel: "whatsapp",
+          accountId,
+          kind: "runtime",
+          message: `Linked but disconnected${reconnectAttempts != null ? ` (reconnectAttempts=${reconnectAttempts})` : ""}${lastError ? `: ${lastError}` : "."}`,
+          fix: `Run: ${formatCliCommand("openclaw doctor")} (or restart the gateway). If it persists, relink via channels login and check logs.`,
+        });
+      }
+    },
+  });
+}
diff --git a/src/web/test-helpers.ts b/extensions/whatsapp/src/test-helpers.ts
similarity index 89%
rename from src/web/test-helpers.ts
rename to extensions/whatsapp/src/test-helpers.ts
index 3e8964b507d..b3289164463 100644
--- a/src/web/test-helpers.ts
+++ b/extensions/whatsapp/src/test-helpers.ts
@@ -1,6 +1,6 @@
 import { vi } from "vitest";
-import type { MockBaileysSocket } from "../../test/mocks/baileys.js";
-import { createMockBaileys } from "../../test/mocks/baileys.js";
+import type { MockBaileysSocket } from "../../../test/mocks/baileys.js";
+import { createMockBaileys } from "../../../test/mocks/baileys.js";
 
 // Use globalThis to store the mock config so it survives vi.mock hoisting
 const CONFIG_KEY = Symbol.for("openclaw:testConfigMock");
@@ -30,8 +30,8 @@ export function resetLoadConfigMock() {
   (globalThis as Record<symbol, unknown>)[CONFIG_KEY] = () => DEFAULT_CONFIG;
 }
 
-vi.mock("../config/config.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+vi.mock("../../../src/config/config.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: () => {
@@ -51,7 +51,7 @@ vi.mock("../../config/config.js", async (importOriginal) => {
   // `../../config/config.js` is correct for modules under `src/web/auto-reply/*`.
   // For typing in this file (which lives in `src/web/*`), refer to the same module
   // via the local relative path.
-  const actual = await importOriginal<typeof import("../config/config.js")>();
+  const actual = await importOriginal<typeof import("../../../src/config/config.js")>();
   return {
     ...actual,
     loadConfig: () => {
@@ -64,8 +64,8 @@ vi.mock("../../config/config.js", async (importOriginal) => {
   };
 });
 
-vi.mock("../media/store.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../media/store.js")>();
+vi.mock("../../../src/media/store.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../../src/media/store.js")>();
   const mockModule = Object.create(null) as Record<string, unknown>;
   Object.defineProperties(mockModule, Object.getOwnPropertyDescriptors(actual));
   Object.defineProperty(mockModule, "saveMediaBuffer", {
diff --git a/src/web/vcard.ts b/extensions/whatsapp/src/vcard.ts
similarity index 100%
rename from src/web/vcard.ts
rename to extensions/whatsapp/src/vcard.ts
diff --git a/extensions/zalo/CHANGELOG.md b/extensions/zalo/CHANGELOG.md
index 154f69b9867..6c3b72b8fbb 100644
--- a/extensions/zalo/CHANGELOG.md
+++ b/extensions/zalo/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.3.14
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.3.13
 
 ### Changes
diff --git a/extensions/zalo/package.json b/extensions/zalo/package.json
index 3a9f118a4f6..a72aabbb29e 100644
--- a/extensions/zalo/package.json
+++ b/extensions/zalo/package.json
@@ -1,10 +1,10 @@
 {
   "name": "@openclaw/zalo",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Zalo channel plugin",
   "type": "module",
   "dependencies": {
-    "undici": "7.24.0",
+    "undici": "7.24.1",
     "zod": "^4.3.6"
   },
   "openclaw": {
diff --git a/extensions/zalo/src/channel.directory.test.ts b/extensions/zalo/src/channel.directory.test.ts
index 99821c85017..8a303e72a97 100644
--- a/extensions/zalo/src/channel.directory.test.ts
+++ b/extensions/zalo/src/channel.directory.test.ts
@@ -1,15 +1,10 @@
 import type { OpenClawConfig, RuntimeEnv } from "openclaw/plugin-sdk/zalo";
 import { describe, expect, it } from "vitest";
+import { createDirectoryTestRuntime, expectDirectorySurface } from "../../test-utils/directory.js";
 import { zaloPlugin } from "./channel.js";
 
 describe("zalo directory", () => {
-  const runtimeEnv: RuntimeEnv = {
-    log: () => {},
-    error: () => {},
-    exit: (code: number): never => {
-      throw new Error(`exit ${code}`);
-    },
-  };
+  const runtimeEnv = createDirectoryTestRuntime() as RuntimeEnv;
 
   it("lists peers from allowFrom", async () => {
     const cfg = {
@@ -20,12 +15,10 @@ describe("zalo directory", () => {
       },
     } as unknown as OpenClawConfig;
 
-    expect(zaloPlugin.directory).toBeTruthy();
-    expect(zaloPlugin.directory?.listPeers).toBeTruthy();
-    expect(zaloPlugin.directory?.listGroups).toBeTruthy();
+    const directory = expectDirectorySurface(zaloPlugin.directory);
 
     await expect(
-      zaloPlugin.directory!.listPeers!({
+      directory.listPeers({
         cfg,
         accountId: undefined,
         query: undefined,
@@ -41,7 +34,7 @@ describe("zalo directory", () => {
     );
 
     await expect(
-      zaloPlugin.directory!.listGroups!({
+      directory.listGroups({
         cfg,
         accountId: undefined,
         query: undefined,
diff --git a/extensions/zalo/src/channel.startup.test.ts b/extensions/zalo/src/channel.startup.test.ts
index 65e413f0f4f..ea0718d29a2 100644
--- a/extensions/zalo/src/channel.startup.test.ts
+++ b/extensions/zalo/src/channel.startup.test.ts
@@ -1,6 +1,9 @@
 import type { ChannelAccountSnapshot } from "openclaw/plugin-sdk/zalo";
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { createStartAccountContext } from "../../test-utils/start-account-context.js";
+import {
+  expectPendingUntilAbort,
+  startAccountAndTrackLifecycle,
+} from "../../test-utils/start-account-lifecycle.js";
 import type { ResolvedZaloAccount } from "./accounts.js";
 
 const hoisted = vi.hoisted(() => ({
@@ -57,37 +60,28 @@ describe("zaloPlugin gateway.startAccount", () => {
         }),
     );
 
-    const patches: ChannelAccountSnapshot[] = [];
-    const abort = new AbortController();
-    const task = zaloPlugin.gateway!.startAccount!(
-      createStartAccountContext({
-        account: buildAccount(),
-        abortSignal: abort.signal,
-        statusPatchSink: (next) => patches.push({ ...next }),
-      }),
-    );
-
-    let settled = false;
-    void task.then(() => {
-      settled = true;
+    const { abort, patches, task, isSettled } = startAccountAndTrackLifecycle({
+      startAccount: zaloPlugin.gateway!.startAccount!,
+      account: buildAccount(),
     });
 
-    await vi.waitFor(() => {
-      expect(hoisted.probeZalo).toHaveBeenCalledOnce();
-      expect(hoisted.monitorZaloProvider).toHaveBeenCalledOnce();
+    await expectPendingUntilAbort({
+      waitForStarted: () =>
+        vi.waitFor(() => {
+          expect(hoisted.probeZalo).toHaveBeenCalledOnce();
+          expect(hoisted.monitorZaloProvider).toHaveBeenCalledOnce();
+        }),
+      isSettled,
+      abort,
+      task,
     });
 
-    expect(settled).toBe(false);
     expect(patches).toContainEqual(
       expect.objectContaining({
         accountId: "default",
       }),
     );
-
-    abort.abort();
-    await task;
-
-    expect(settled).toBe(true);
+    expect(isSettled()).toBe(true);
     expect(hoisted.monitorZaloProvider).toHaveBeenCalledWith(
       expect.objectContaining({
         token: "test-token",
diff --git a/extensions/zalo/src/send.ts b/extensions/zalo/src/send.ts
index 4f35f242191..e38427fcb14 100644
--- a/extensions/zalo/src/send.ts
+++ b/extensions/zalo/src/send.ts
@@ -77,15 +77,30 @@ function resolveValidatedSendContext(
   return { ok: true, chatId: trimmedChatId, token, fetcher };
 }
 
+function resolveSendContextOrFailure(
+  chatId: string,
+  options: ZaloSendOptions,
+):
+  | { context: { chatId: string; token: string; fetcher?: ZaloFetch } }
+  | { failure: ZaloSendResult } {
+  const context = resolveValidatedSendContext(chatId, options);
+  return context.ok
+    ? { context }
+    : {
+        failure: { ok: false, error: context.error },
+      };
+}
+
 export async function sendMessageZalo(
   chatId: string,
   text: string,
   options: ZaloSendOptions = {},
 ): Promise<ZaloSendResult> {
-  const context = resolveValidatedSendContext(chatId, options);
-  if (!context.ok) {
-    return { ok: false, error: context.error };
+  const resolved = resolveSendContextOrFailure(chatId, options);
+  if ("failure" in resolved) {
+    return resolved.failure;
   }
+  const { context } = resolved;
 
   if (options.mediaUrl) {
     return sendPhotoZalo(context.chatId, options.mediaUrl, {
@@ -112,10 +127,11 @@ export async function sendPhotoZalo(
   photoUrl: string,
   options: ZaloSendOptions = {},
 ): Promise<ZaloSendResult> {
-  const context = resolveValidatedSendContext(chatId, options);
-  if (!context.ok) {
-    return { ok: false, error: context.error };
+  const resolved = resolveSendContextOrFailure(chatId, options);
+  if ("failure" in resolved) {
+    return resolved.failure;
   }
+  const { context } = resolved;
 
   if (!photoUrl?.trim()) {
     return { ok: false, error: "No photo URL provided" };
diff --git a/extensions/zalo/src/status-issues.test.ts b/extensions/zalo/src/status-issues.test.ts
new file mode 100644
index 00000000000..581a0dfe916
--- /dev/null
+++ b/extensions/zalo/src/status-issues.test.ts
@@ -0,0 +1,29 @@
+import { describe, expect, it } from "vitest";
+import { expectOpenDmPolicyConfigIssue } from "../../test-utils/status-issues.js";
+import { collectZaloStatusIssues } from "./status-issues.js";
+
+describe("collectZaloStatusIssues", () => {
+  it("warns when dmPolicy is open", () => {
+    expectOpenDmPolicyConfigIssue({
+      collectIssues: collectZaloStatusIssues,
+      account: {
+        accountId: "default",
+        enabled: true,
+        configured: true,
+        dmPolicy: "open",
+      },
+    });
+  });
+
+  it("skips unconfigured accounts", () => {
+    const issues = collectZaloStatusIssues([
+      {
+        accountId: "default",
+        enabled: true,
+        configured: false,
+        dmPolicy: "open",
+      },
+    ]);
+    expect(issues).toHaveLength(0);
+  });
+});
diff --git a/extensions/zalo/src/status-issues.ts b/extensions/zalo/src/status-issues.ts
index cf6b3a3a384..c19992a64ee 100644
--- a/extensions/zalo/src/status-issues.ts
+++ b/extensions/zalo/src/status-issues.ts
@@ -1,38 +1,16 @@
 import type { ChannelAccountSnapshot, ChannelStatusIssue } from "openclaw/plugin-sdk/zalo";
+import { coerceStatusIssueAccountId, readStatusIssueFields } from "../../shared/status-issues.js";
 
-type ZaloAccountStatus = {
-  accountId?: unknown;
-  enabled?: unknown;
-  configured?: unknown;
-  dmPolicy?: unknown;
-};
-
-const isRecord = (value: unknown): value is Record<string, unknown> =>
-  Boolean(value && typeof value === "object");
-
-const asString = (value: unknown): string | undefined =>
-  typeof value === "string" ? value : typeof value === "number" ? String(value) : undefined;
-
-function readZaloAccountStatus(value: ChannelAccountSnapshot): ZaloAccountStatus | null {
-  if (!isRecord(value)) {
-    return null;
-  }
-  return {
-    accountId: value.accountId,
-    enabled: value.enabled,
-    configured: value.configured,
-    dmPolicy: value.dmPolicy,
-  };
-}
+const ZALO_STATUS_FIELDS = ["accountId", "enabled", "configured", "dmPolicy"] as const;
 
 export function collectZaloStatusIssues(accounts: ChannelAccountSnapshot[]): ChannelStatusIssue[] {
   const issues: ChannelStatusIssue[] = [];
   for (const entry of accounts) {
-    const account = readZaloAccountStatus(entry);
+    const account = readStatusIssueFields(entry, ZALO_STATUS_FIELDS);
     if (!account) {
       continue;
     }
-    const accountId = asString(account.accountId) ?? "default";
+    const accountId = coerceStatusIssueAccountId(account.accountId) ?? "default";
     const enabled = account.enabled !== false;
     const configured = account.configured === true;
     if (!enabled || !configured) {
diff --git a/extensions/zalouser/CHANGELOG.md b/extensions/zalouser/CHANGELOG.md
index 09dfdbb1ff3..9731672126c 100644
--- a/extensions/zalouser/CHANGELOG.md
+++ b/extensions/zalouser/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.3.14
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.3.13
 
 ### Changes
diff --git a/extensions/zalouser/package.json b/extensions/zalouser/package.json
index 82e796cf676..e7c12c9b4b2 100644
--- a/extensions/zalouser/package.json
+++ b/extensions/zalouser/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/zalouser",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "OpenClaw Zalo Personal Account plugin via native zca-js integration",
   "type": "module",
   "dependencies": {
diff --git a/extensions/zalouser/src/accounts.test-mocks.ts b/extensions/zalouser/src/accounts.test-mocks.ts
new file mode 100644
index 00000000000..0206095d0fc
--- /dev/null
+++ b/extensions/zalouser/src/accounts.test-mocks.ts
@@ -0,0 +1,10 @@
+import { vi } from "vitest";
+import { createDefaultResolvedZalouserAccount } from "./test-helpers.js";
+
+vi.mock("./accounts.js", async (importOriginal) => {
+  const actual = (await importOriginal()) as Record<string, unknown>;
+  return {
+    ...actual,
+    resolveZalouserAccountSync: () => createDefaultResolvedZalouserAccount(),
+  };
+});
diff --git a/extensions/zalouser/src/channel.directory.test.ts b/extensions/zalouser/src/channel.directory.test.ts
index f8c13b208e4..1736118bc0e 100644
--- a/extensions/zalouser/src/channel.directory.test.ts
+++ b/extensions/zalouser/src/channel.directory.test.ts
@@ -1,5 +1,6 @@
-import type { RuntimeEnv } from "openclaw/plugin-sdk/zalouser";
 import { describe, expect, it, vi } from "vitest";
+import "./accounts.test-mocks.js";
+import { createZalouserRuntimeEnv } from "./test-helpers.js";
 
 const listZaloGroupMembersMock = vi.hoisted(() => vi.fn(async () => []));
 
@@ -11,30 +12,9 @@ vi.mock("./zalo-js.js", async (importOriginal) => {
   };
 });
 
-vi.mock("./accounts.js", async (importOriginal) => {
-  const actual = (await importOriginal()) as Record<string, unknown>;
-  return {
-    ...actual,
-    resolveZalouserAccountSync: () => ({
-      accountId: "default",
-      profile: "default",
-      name: "test",
-      enabled: true,
-      authenticated: true,
-      config: {},
-    }),
-  };
-});
-
 import { zalouserPlugin } from "./channel.js";
 
-const runtimeStub: RuntimeEnv = {
-  log: vi.fn(),
-  error: vi.fn(),
-  exit: ((code: number): never => {
-    throw new Error(`exit ${code}`);
-  }) as RuntimeEnv["exit"],
-};
+const runtimeStub = createZalouserRuntimeEnv();
 
 describe("zalouser directory group members", () => {
   it("accepts prefixed group ids from directory groups list output", async () => {
diff --git a/extensions/zalouser/src/channel.sendpayload.test.ts b/extensions/zalouser/src/channel.sendpayload.test.ts
index d388773e2e6..27a8adf2c0d 100644
--- a/extensions/zalouser/src/channel.sendpayload.test.ts
+++ b/extensions/zalouser/src/channel.sendpayload.test.ts
@@ -1,5 +1,6 @@
 import type { ReplyPayload } from "openclaw/plugin-sdk/zalouser";
 import { beforeEach, describe, expect, it, vi } from "vitest";
+import "./accounts.test-mocks.js";
 import {
   installSendPayloadContractSuite,
   primeSendMock,
@@ -12,20 +13,6 @@ vi.mock("./send.js", () => ({
   sendReactionZalouser: vi.fn().mockResolvedValue({ ok: true }),
 }));
 
-vi.mock("./accounts.js", async (importOriginal) => {
-  const actual = (await importOriginal()) as Record<string, unknown>;
-  return {
-    ...actual,
-    resolveZalouserAccountSync: () => ({
-      accountId: "default",
-      profile: "default",
-      name: "test",
-      enabled: true,
-      config: {},
-    }),
-  };
-});
-
 function baseCtx(payload: ReplyPayload) {
   return {
     cfg: {},
diff --git a/extensions/zalouser/src/channel.ts b/extensions/zalouser/src/channel.ts
index d2f7a714537..81fce5e3ab9 100644
--- a/extensions/zalouser/src/channel.ts
+++ b/extensions/zalouser/src/channel.ts
@@ -29,6 +29,7 @@ import {
   sendPayloadWithChunkedTextAndMedia,
   setAccountEnabledInConfigSection,
 } from "openclaw/plugin-sdk/zalouser";
+import { buildPassiveProbedChannelStatusSummary } from "../../shared/channel-status-summary.js";
 import {
   listZalouserAccountIds,
   resolveDefaultZalouserAccountId,
@@ -652,15 +653,7 @@ export const zalouserPlugin: ChannelPlugin<ResolvedZalouserAccount> = {
       lastError: null,
     },
     collectStatusIssues: collectZalouserStatusIssues,
-    buildChannelSummary: ({ snapshot }) => ({
-      configured: snapshot.configured ?? false,
-      running: snapshot.running ?? false,
-      lastStartAt: snapshot.lastStartAt ?? null,
-      lastStopAt: snapshot.lastStopAt ?? null,
-      lastError: snapshot.lastError ?? null,
-      probe: snapshot.probe,
-      lastProbeAt: snapshot.lastProbeAt ?? null,
-    }),
+    buildChannelSummary: ({ snapshot }) => buildPassiveProbedChannelStatusSummary(snapshot),
     probeAccount: async ({ account, timeoutMs }) => probeZalouser(account.profile, timeoutMs),
     buildAccountSnapshot: async ({ account, runtime }) => {
       const configured = await checkZcaAuthenticated(account.profile);
diff --git a/extensions/zalouser/src/monitor.account-scope.test.ts b/extensions/zalouser/src/monitor.account-scope.test.ts
index 919bd25887c..ff8884282ac 100644
--- a/extensions/zalouser/src/monitor.account-scope.test.ts
+++ b/extensions/zalouser/src/monitor.account-scope.test.ts
@@ -4,6 +4,7 @@ import "./monitor.send-mocks.js";
 import { __testing } from "./monitor.js";
 import { sendMessageZalouserMock } from "./monitor.send-mocks.js";
 import { setZalouserRuntime } from "./runtime.js";
+import { createZalouserRuntimeEnv } from "./test-helpers.js";
 import type { ResolvedZalouserAccount, ZaloInboundMessage } from "./types.js";
 
 describe("zalouser monitor pairing account scoping", () => {
@@ -80,19 +81,11 @@ describe("zalouser monitor pairing account scoping", () => {
       raw: { source: "test" },
     };
 
-    const runtime: RuntimeEnv = {
-      log: vi.fn(),
-      error: vi.fn(),
-      exit: ((code: number): never => {
-        throw new Error(`exit ${code}`);
-      }) as RuntimeEnv["exit"],
-    };
-
     await __testing.processMessage({
       message,
       account,
       config,
-      runtime,
+      runtime: createZalouserRuntimeEnv(),
     });
 
     expect(readAllowFromStore).toHaveBeenCalledWith(
diff --git a/extensions/zalouser/src/monitor.group-gating.test.ts b/extensions/zalouser/src/monitor.group-gating.test.ts
index ca42edde43a..ef68d6f2529 100644
--- a/extensions/zalouser/src/monitor.group-gating.test.ts
+++ b/extensions/zalouser/src/monitor.group-gating.test.ts
@@ -9,6 +9,7 @@ import {
   sendTypingZalouserMock,
 } from "./monitor.send-mocks.js";
 import { setZalouserRuntime } from "./runtime.js";
+import { createZalouserRuntimeEnv } from "./test-helpers.js";
 import type { ResolvedZalouserAccount, ZaloInboundMessage } from "./types.js";
 
 function createAccount(): ResolvedZalouserAccount {
@@ -39,15 +40,7 @@ function createConfig(): OpenClawConfig {
   };
 }
 
-function createRuntimeEnv(): RuntimeEnv {
-  return {
-    log: vi.fn(),
-    error: vi.fn(),
-    exit: ((code: number): never => {
-      throw new Error(`exit ${code}`);
-    }) as RuntimeEnv["exit"],
-  };
-}
+const createRuntimeEnv = () => createZalouserRuntimeEnv();
 
 function installRuntime(params: {
   commandAuthorized?: boolean;
@@ -269,7 +262,7 @@ describe("zalouser monitor group mention gating", () => {
       message: params.message,
       account: params.account ?? createAccount(),
       config: createConfig(),
-      runtime: createRuntimeEnv(),
+      runtime: createZalouserRuntimeEnv(),
       historyState: params.historyState,
     });
   }
diff --git a/extensions/zalouser/src/monitor.ts b/extensions/zalouser/src/monitor.ts
index 3ba7e80d2b9..2bfa1be8aa4 100644
--- a/extensions/zalouser/src/monitor.ts
+++ b/extensions/zalouser/src/monitor.ts
@@ -31,6 +31,7 @@ import {
   summarizeMapping,
   warnMissingProviderGroupPolicyFallbackOnce,
 } from "openclaw/plugin-sdk/zalouser";
+import { createDeferred } from "../../shared/deferred.js";
 import {
   buildZalouserGroupCandidates,
   findZalouserGroupEntry,
@@ -129,16 +130,6 @@ function resolveInboundQueueKey(message: ZaloInboundMessage): string {
   return `direct:${senderId || threadId}`;
 }
 
-function createDeferred<T>() {
-  let resolve!: (value: T | PromiseLike<T>) => void;
-  let reject!: (reason?: unknown) => void;
-  const promise = new Promise<T>((res, rej) => {
-    resolve = res;
-    reject = rej;
-  });
-  return { promise, resolve, reject };
-}
-
 function resolveZalouserDmSessionScope(config: OpenClawConfig) {
   const configured = config.session?.dmScope;
   return configured === "main" || !configured ? "per-channel-peer" : configured;
diff --git a/extensions/zalouser/src/status-issues.test.ts b/extensions/zalouser/src/status-issues.test.ts
index 73f7277b2b9..c1e142c88e8 100644
--- a/extensions/zalouser/src/status-issues.test.ts
+++ b/extensions/zalouser/src/status-issues.test.ts
@@ -1,4 +1,5 @@
 import { describe, expect, it } from "vitest";
+import { expectOpenDmPolicyConfigIssue } from "../../test-utils/status-issues.js";
 import { collectZalouserStatusIssues } from "./status-issues.js";
 
 describe("collectZalouserStatusIssues", () => {
@@ -17,16 +18,15 @@ describe("collectZalouserStatusIssues", () => {
   });
 
   it("warns when dmPolicy is open", () => {
-    const issues = collectZalouserStatusIssues([
-      {
+    expectOpenDmPolicyConfigIssue({
+      collectIssues: collectZalouserStatusIssues,
+      account: {
         accountId: "default",
         enabled: true,
         configured: true,
         dmPolicy: "open",
       },
-    ]);
-    expect(issues).toHaveLength(1);
-    expect(issues[0]?.kind).toBe("config");
+    });
   });
 
   it("skips disabled accounts", () => {
diff --git a/extensions/zalouser/src/status-issues.ts b/extensions/zalouser/src/status-issues.ts
index fca889a5115..b42c915e00a 100644
--- a/extensions/zalouser/src/status-issues.ts
+++ b/extensions/zalouser/src/status-issues.ts
@@ -1,42 +1,24 @@
 import type { ChannelAccountSnapshot, ChannelStatusIssue } from "openclaw/plugin-sdk/zalouser";
+import { coerceStatusIssueAccountId, readStatusIssueFields } from "../../shared/status-issues.js";
 
-type ZalouserAccountStatus = {
-  accountId?: unknown;
-  enabled?: unknown;
-  configured?: unknown;
-  dmPolicy?: unknown;
-  lastError?: unknown;
-};
-
-const isRecord = (value: unknown): value is Record<string, unknown> =>
-  Boolean(value && typeof value === "object");
-
-const asString = (value: unknown): string | undefined =>
-  typeof value === "string" ? value : typeof value === "number" ? String(value) : undefined;
-
-function readZalouserAccountStatus(value: ChannelAccountSnapshot): ZalouserAccountStatus | null {
-  if (!isRecord(value)) {
-    return null;
-  }
-  return {
-    accountId: value.accountId,
-    enabled: value.enabled,
-    configured: value.configured,
-    dmPolicy: value.dmPolicy,
-    lastError: value.lastError,
-  };
-}
+const ZALOUSER_STATUS_FIELDS = [
+  "accountId",
+  "enabled",
+  "configured",
+  "dmPolicy",
+  "lastError",
+] as const;
 
 export function collectZalouserStatusIssues(
   accounts: ChannelAccountSnapshot[],
 ): ChannelStatusIssue[] {
   const issues: ChannelStatusIssue[] = [];
   for (const entry of accounts) {
-    const account = readZalouserAccountStatus(entry);
+    const account = readStatusIssueFields(entry, ZALOUSER_STATUS_FIELDS);
     if (!account) {
       continue;
     }
-    const accountId = asString(account.accountId) ?? "default";
+    const accountId = coerceStatusIssueAccountId(account.accountId) ?? "default";
     const enabled = account.enabled !== false;
     if (!enabled) {
       continue;
diff --git a/extensions/zalouser/src/test-helpers.ts b/extensions/zalouser/src/test-helpers.ts
new file mode 100644
index 00000000000..8b43e182c54
--- /dev/null
+++ b/extensions/zalouser/src/test-helpers.ts
@@ -0,0 +1,26 @@
+import type { RuntimeEnv } from "openclaw/plugin-sdk/zalouser";
+import type { ResolvedZalouserAccount } from "./types.js";
+
+export function createZalouserRuntimeEnv(): RuntimeEnv {
+  return {
+    log: () => {},
+    error: () => {},
+    exit: ((code: number): never => {
+      throw new Error(`exit ${code}`);
+    }) as RuntimeEnv["exit"],
+  };
+}
+
+export function createDefaultResolvedZalouserAccount(
+  overrides: Partial<ResolvedZalouserAccount> = {},
+): ResolvedZalouserAccount {
+  return {
+    accountId: "default",
+    profile: "default",
+    name: "test",
+    enabled: true,
+    authenticated: true,
+    config: {},
+    ...overrides,
+  };
+}
diff --git a/knip.config.ts b/knip.config.ts
index e4daabd7e95..6a76a8238b7 100644
--- a/knip.config.ts
+++ b/knip.config.ts
@@ -9,8 +9,8 @@ const rootEntries = [
   "src/channels/plugins/actions/discord.ts!",
   "src/channels/plugins/actions/signal.ts!",
   "src/channels/plugins/actions/telegram.ts!",
-  "src/telegram/audit.ts!",
-  "src/telegram/token.ts!",
+  "extensions/telegram/src/audit.ts!",
+  "extensions/telegram/src/token.ts!",
   "src/line/accounts.ts!",
   "src/line/send.ts!",
   "src/line/template-messages.ts!",
@@ -69,8 +69,8 @@ const config = {
     "src/gateway/live-tool-probe-utils.ts",
     "src/gateway/server.auth.shared.ts",
     "src/shared/text/assistant-visible-text.ts",
-    "src/telegram/bot/reply-threading.ts",
-    "src/telegram/draft-chunking.ts",
+    "extensions/telegram/src/bot/reply-threading.ts",
+    "extensions/telegram/src/draft-chunking.ts",
     "extensions/msteams/src/conversation-store-memory.ts",
     "extensions/msteams/src/polls-store-memory.ts",
     "extensions/voice-call/src/providers/index.ts",
diff --git a/package.json b/package.json
index 61cbaae5c57..6cde8d84431 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "openclaw",
-  "version": "2026.3.13",
+  "version": "2026.3.14",
   "description": "Multi-channel AI gateway with extensible messaging integrations",
   "keywords": [],
   "homepage": "https://github.com/openclaw/openclaw#readme",
@@ -216,6 +216,7 @@
   },
   "scripts": {
     "android:assemble": "cd apps/android && ./gradlew :app:assembleDebug",
+    "android:bundle:release": "bun apps/android/scripts/build-release-aab.ts",
     "android:format": "cd apps/android && ./gradlew :app:ktlintFormat :benchmark:ktlintFormat",
     "android:install": "cd apps/android && ./gradlew :app:installDebug",
     "android:lint": "cd apps/android && ./gradlew :app:ktlintCheck :benchmark:ktlintCheck",
@@ -225,7 +226,7 @@
     "android:test:integration": "OPENCLAW_LIVE_TEST=1 OPENCLAW_LIVE_ANDROID_NODE=1 vitest run --config vitest.live.config.ts src/gateway/android-node.capabilities.live.test.ts",
     "build": "pnpm canvas:a2ui:bundle && node scripts/tsdown-build.mjs && node scripts/copy-plugin-sdk-root-alias.mjs && pnpm build:plugin-sdk:dts && node --import tsx scripts/write-plugin-sdk-entry-dts.ts && node --import tsx scripts/canvas-a2ui-copy.ts && node --import tsx scripts/copy-hook-metadata.ts && node --import tsx scripts/copy-export-html-templates.ts && node --import tsx scripts/write-build-info.ts && node --import tsx scripts/write-cli-startup-metadata.ts && node --import tsx scripts/write-cli-compat.ts",
     "build:docker": "node scripts/tsdown-build.mjs && node scripts/copy-plugin-sdk-root-alias.mjs && pnpm build:plugin-sdk:dts && node --import tsx scripts/write-plugin-sdk-entry-dts.ts && node --import tsx scripts/canvas-a2ui-copy.ts && node --import tsx scripts/copy-hook-metadata.ts && node --import tsx scripts/copy-export-html-templates.ts && node --import tsx scripts/write-build-info.ts && node --import tsx scripts/write-cli-startup-metadata.ts && node --import tsx scripts/write-cli-compat.ts",
-    "build:plugin-sdk:dts": "tsc -p tsconfig.plugin-sdk.dts.json",
+    "build:plugin-sdk:dts": "tsc -p tsconfig.plugin-sdk.dts.json || true",
     "build:strict-smoke": "pnpm canvas:a2ui:bundle && node scripts/tsdown-build.mjs && node scripts/copy-plugin-sdk-root-alias.mjs && pnpm build:plugin-sdk:dts",
     "canvas:a2ui:bundle": "bash scripts/bundle-a2ui.sh",
     "check": "pnpm check:host-env-policy:swift && pnpm format:check && pnpm tsgo && pnpm lint && pnpm lint:tmp:no-random-messaging && pnpm lint:tmp:channel-agnostic-boundaries && pnpm lint:tmp:no-raw-channel-fetch && pnpm lint:agent:ingress-owner && pnpm lint:plugins:no-register-http-handler && pnpm lint:plugins:no-monolithic-plugin-sdk-entry-imports && pnpm lint:webhook:no-low-level-body-read && pnpm lint:auth:no-pairing-store-group && pnpm lint:auth:pairing-account-scope",
@@ -325,7 +326,9 @@
     "test:install:smoke": "bash scripts/test-install-sh-docker.sh",
     "test:live": "OPENCLAW_LIVE_TEST=1 CLAWDBOT_LIVE_TEST=1 vitest run --config vitest.live.config.ts",
     "test:macmini": "OPENCLAW_TEST_VM_FORKS=0 OPENCLAW_TEST_PROFILE=serial node scripts/test-parallel.mjs",
+    "test:parallels:linux": "bash scripts/e2e/parallels-linux-smoke.sh",
     "test:parallels:macos": "bash scripts/e2e/parallels-macos-smoke.sh",
+    "test:parallels:windows": "bash scripts/e2e/parallels-windows-smoke.sh",
     "test:perf:budget": "node scripts/test-perf-budget.mjs",
     "test:perf:hotspots": "node scripts/test-hotspots.mjs",
     "test:sectriage": "pnpm exec vitest run --config vitest.gateway.config.ts && vitest run --config vitest.unit.config.ts --exclude src/daemon/launchd.integration.test.ts --exclude src/process/exec.test.ts",
@@ -340,7 +343,7 @@
   },
   "dependencies": {
     "@agentclientprotocol/sdk": "0.16.1",
-    "@aws-sdk/client-bedrock": "^3.1008.0",
+    "@aws-sdk/client-bedrock": "^3.1009.0",
     "@buape/carbon": "0.0.0-beta-20260216184201",
     "@clack/prompts": "^1.1.0",
     "@discordjs/voice": "^0.19.1",
@@ -350,15 +353,15 @@
     "@larksuiteoapi/node-sdk": "^1.59.0",
     "@line/bot-sdk": "^10.6.0",
     "@lydell/node-pty": "1.2.0-beta.3",
-    "@mariozechner/pi-agent-core": "0.57.1",
-    "@mariozechner/pi-ai": "0.57.1",
-    "@mariozechner/pi-coding-agent": "0.57.1",
-    "@mariozechner/pi-tui": "0.57.1",
+    "@mariozechner/pi-agent-core": "0.58.0",
+    "@mariozechner/pi-ai": "0.58.0",
+    "@mariozechner/pi-coding-agent": "0.58.0",
+    "@mariozechner/pi-tui": "0.58.0",
     "@modelcontextprotocol/sdk": "1.27.1",
     "@mozilla/readability": "^0.6.0",
     "@sinclair/typebox": "0.34.48",
     "@slack/bolt": "^4.6.0",
-    "@slack/web-api": "^7.14.1",
+    "@slack/web-api": "^7.15.0",
     "@whiskeysockets/baileys": "7.0.0-rc.9",
     "ajv": "^8.18.0",
     "chalk": "^5.6.2",
@@ -369,7 +372,7 @@
     "discord-api-types": "^0.38.42",
     "dotenv": "^17.3.1",
     "express": "^5.2.1",
-    "file-type": "^21.3.1",
+    "file-type": "^21.3.2",
     "grammy": "^1.41.1",
     "hono": "4.12.7",
     "https-proxy-agent": "^8.0.0",
@@ -390,7 +393,7 @@
     "sqlite-vec": "0.1.7-alpha.2",
     "tar": "7.5.11",
     "tslog": "^4.10.2",
-    "undici": "^7.24.0",
+    "undici": "^7.24.1",
     "ws": "^8.19.0",
     "yaml": "^2.8.2",
     "zod": "^4.3.6"
@@ -404,7 +407,7 @@
     "@types/node": "^25.5.0",
     "@types/qrcode-terminal": "^0.12.2",
     "@types/ws": "^8.18.1",
-    "@typescript/native-preview": "7.0.0-dev.20260312.1",
+    "@typescript/native-preview": "7.0.0-dev.20260313.1",
     "@vitest/coverage-v8": "^4.1.0",
     "jscpd": "4.0.8",
     "jsdom": "^28.1.0",
@@ -439,7 +442,7 @@
       "fast-xml-parser": "5.3.8",
       "request": "npm:@cypress/request@3.0.10",
       "request-promise": "npm:@cypress/request-promise@5.0.0",
-      "file-type": "21.3.1",
+      "file-type": "21.3.2",
       "form-data": "2.5.4",
       "minimatch": "10.2.4",
       "qs": "6.14.2",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index aed82644da9..6460473fe84 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -10,7 +10,7 @@ overrides:
   fast-xml-parser: 5.3.8
   request: npm:@cypress/request@3.0.10
   request-promise: npm:@cypress/request-promise@5.0.0
-  file-type: 21.3.1
+  file-type: 21.3.2
   form-data: 2.5.4
   minimatch: 10.2.4
   qs: 6.14.2
@@ -29,8 +29,8 @@ importers:
         specifier: 0.16.1
         version: 0.16.1(zod@4.3.6)
       '@aws-sdk/client-bedrock':
-        specifier: ^3.1008.0
-        version: 3.1008.0
+        specifier: ^3.1009.0
+        version: 3.1009.0
       '@buape/carbon':
         specifier: 0.0.0-beta-20260216184201
         version: 0.0.0-beta-20260216184201(@discordjs/opus@0.10.0)(hono@4.12.7)(opusscript@0.1.1)
@@ -59,17 +59,17 @@ importers:
         specifier: 1.2.0-beta.3
         version: 1.2.0-beta.3
       '@mariozechner/pi-agent-core':
-        specifier: 0.57.1
-        version: 0.57.1(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
+        specifier: 0.58.0
+        version: 0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
       '@mariozechner/pi-ai':
-        specifier: 0.57.1
-        version: 0.57.1(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
+        specifier: 0.58.0
+        version: 0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
       '@mariozechner/pi-coding-agent':
-        specifier: 0.57.1
-        version: 0.57.1(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
+        specifier: 0.58.0
+        version: 0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
       '@mariozechner/pi-tui':
-        specifier: 0.57.1
-        version: 0.57.1
+        specifier: 0.58.0
+        version: 0.58.0
       '@modelcontextprotocol/sdk':
         specifier: 1.27.1
         version: 1.27.1(zod@4.3.6)
@@ -86,8 +86,8 @@ importers:
         specifier: ^4.6.0
         version: 4.6.0(@types/express@5.0.6)
       '@slack/web-api':
-        specifier: ^7.14.1
-        version: 7.14.1
+        specifier: ^7.15.0
+        version: 7.15.0
       '@whiskeysockets/baileys':
         specifier: 7.0.0-rc.9
         version: 7.0.0-rc.9(audio-decode@2.2.3)(sharp@0.34.5)
@@ -119,8 +119,8 @@ importers:
         specifier: ^5.2.1
         version: 5.2.1
       file-type:
-        specifier: 21.3.1
-        version: 21.3.1
+        specifier: 21.3.2
+        version: 21.3.2
       grammy:
         specifier: ^1.41.1
         version: 1.41.1
@@ -185,8 +185,8 @@ importers:
         specifier: ^4.10.2
         version: 4.10.2
       undici:
-        specifier: ^7.24.0
-        version: 7.24.0
+        specifier: ^7.24.1
+        version: 7.24.1
       ws:
         specifier: ^8.19.0
         version: 8.19.0
@@ -222,8 +222,8 @@ importers:
         specifier: ^8.18.1
         version: 8.18.1
       '@typescript/native-preview':
-        specifier: 7.0.0-dev.20260312.1
-        version: 7.0.0-dev.20260312.1
+        specifier: 7.0.0-dev.20260313.1
+        version: 7.0.0-dev.20260313.1
       '@vitest/coverage-v8':
         specifier: ^4.1.0
         version: 4.1.0(@vitest/browser@4.1.0(vite@8.0.0(@types/node@25.5.0)(esbuild@0.27.3)(jiti@2.6.1)(tsx@4.21.0)(yaml@2.8.2))(vitest@4.1.0))(vitest@4.1.0)
@@ -250,7 +250,7 @@ importers:
         version: 0.21.1(signal-polyfill@0.2.2)
       tsdown:
         specifier: 0.21.2
-        version: 0.21.2(@typescript/native-preview@7.0.0-dev.20260312.1)(typescript@5.9.3)
+        version: 0.21.2(@typescript/native-preview@7.0.0-dev.20260313.1)(typescript@5.9.3)
       tsx:
         specifier: ^4.21.0
         version: 4.21.0
@@ -314,8 +314,8 @@ importers:
   extensions/diffs:
     dependencies:
       '@pierre/diffs':
-        specifier: 1.0.11
-        version: 1.0.11(react-dom@19.2.4(react@19.2.4))(react@19.2.4)
+        specifier: 1.1.0
+        version: 1.1.0(react-dom@19.2.4(react@19.2.4))(react@19.2.4)
       '@sinclair/typebox':
         specifier: 0.34.48
         version: 0.34.48
@@ -347,10 +347,9 @@ importers:
       google-auth-library:
         specifier: ^10.6.1
         version: 10.6.1
-    devDependencies:
       openclaw:
-        specifier: workspace:*
-        version: link:../..
+        specifier: '>=2026.3.11'
+        version: 2026.3.13(@discordjs/opus@0.10.0)(@napi-rs/canvas@0.1.95)(@types/express@5.0.6)(audio-decode@2.2.3)(node-llama-cpp@3.16.2(typescript@5.9.3))
 
   extensions/imessage: {}
 
@@ -380,8 +379,8 @@ importers:
   extensions/matrix:
     dependencies:
       '@mariozechner/pi-agent-core':
-        specifier: 0.57.1
-        version: 0.57.1(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
+        specifier: 0.58.0
+        version: 0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
       '@matrix-org/matrix-sdk-crypto-nodejs':
         specifier: ^0.4.0
         version: 0.4.0
@@ -408,10 +407,10 @@ importers:
         version: 4.3.6
 
   extensions/memory-core:
-    devDependencies:
+    dependencies:
       openclaw:
-        specifier: workspace:*
-        version: link:../..
+        specifier: '>=2026.3.11'
+        version: 2026.3.13(@discordjs/opus@0.10.0)(@napi-rs/canvas@0.1.95)(@types/express@5.0.6)(audio-decode@2.2.3)(node-llama-cpp@3.16.2(typescript@5.9.3))
 
   extensions/memory-lancedb:
     dependencies:
@@ -422,8 +421,8 @@ importers:
         specifier: 0.34.48
         version: 0.34.48
       openai:
-        specifier: ^6.27.0
-        version: 6.27.0(ws@8.19.0)(zod@4.3.6)
+        specifier: ^6.29.0
+        version: 6.29.0(ws@8.19.0)(zod@4.3.6)
 
   extensions/minimax-portal-auth: {}
 
@@ -521,8 +520,8 @@ importers:
   extensions/zalo:
     dependencies:
       undici:
-        specifier: 7.24.0
-        version: 7.24.0
+        specifier: 7.24.1
+        version: 7.24.1
       zod:
         specifier: ^4.3.6
         version: 4.3.6
@@ -655,8 +654,8 @@ packages:
     resolution: {integrity: sha512-t8cl+bPLlHZQD2Sw1a4hSLUybqJZU71+m8znkyeU8CHntFqEp2mMbuLKdHKaAYQ1fAApXMsvzenCAkDzNeeJlw==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/client-bedrock@3.1008.0':
-    resolution: {integrity: sha512-mzxO/DplpZZT7AIZUCG7Q78OlaeHeDybYz+ZlWZPaXFjGDJwUv1E3SKskmaaQvTsMeieie0WX7gzueYrCx4YfQ==}
+  '@aws-sdk/client-bedrock@3.1009.0':
+    resolution: {integrity: sha512-KzLNqSg1T59sSlQvEA4EL3oDIAMidM54AB1b+UGouPFuUrrwGp2uUlZUYzIIlCvqpf7wEDh8wypqXISRItkgdg==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/client-s3@3.1000.0':
@@ -667,12 +666,8 @@ packages:
     resolution: {integrity: sha512-AlC0oQ1/mdJ8vCIqu524j5RB7M8i8E24bbkZmya1CuiQxkY7SdIZAyw7NDNMGaNINQFq/8oGRMX0HeOfCVsl/A==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/core@3.973.18':
-    resolution: {integrity: sha512-GUIlegfcK2LO1J2Y98sCJy63rQSiLiDOgVw7HiHPRqfI2vb3XozTVqemwO0VSGXp54ngCnAQz0Lf0YPCBINNxA==}
-    engines: {node: '>=20.0.0'}
-
-  '@aws-sdk/core@3.973.19':
-    resolution: {integrity: sha512-56KePyOcZnKTWCd89oJS1G6j3HZ9Kc+bh/8+EbvtaCCXdP6T7O7NzCiPuHRhFLWnzXIaXX3CxAz0nI5My9spHQ==}
+  '@aws-sdk/core@3.973.20':
+    resolution: {integrity: sha512-i3GuX+lowD892F3IuJf8o6AbyDupMTdyTxQrCJGcn71ni5hTZ82L4nQhcdumxZ7XPJRJJVHS/CR3uYOIIs0PVA==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/crc64-nvme@3.972.3':
@@ -683,96 +678,64 @@ packages:
     resolution: {integrity: sha512-6ljXKIQ22WFKyIs1jbORIkGanySBHaPPTOI4OxACP5WXgbcR0nDYfqNJfXEGwCK7IzHdNbCSFsNKKs0qCexR8Q==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/credential-provider-env@3.972.16':
-    resolution: {integrity: sha512-HrdtnadvTGAQUr18sPzGlE5El3ICphnH6SU7UQOMOWFgRKbTRNN8msTxM4emzguUso9CzaHU2xy5ctSrmK5YNA==}
-    engines: {node: '>=20.0.0'}
-
-  '@aws-sdk/credential-provider-env@3.972.17':
-    resolution: {integrity: sha512-MBAMW6YELzE1SdkOniqr51mrjapQUv8JXSGxtwRjQV0mwVDutVsn22OPAUt4RcLRvdiHQmNBDEFP9iTeSVCOlA==}
+  '@aws-sdk/credential-provider-env@3.972.18':
+    resolution: {integrity: sha512-X0B8AlQY507i5DwjLByeU2Af4ARsl9Vr84koDcXCbAkplmU+1xBFWxEPrWRAoh56waBne/yJqEloSwvRf4x6XA==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/credential-provider-http@3.972.15':
     resolution: {integrity: sha512-dJuSTreu/T8f24SHDNTjd7eQ4rabr0TzPh2UTCwYexQtzG3nTDKm1e5eIdhiroTMDkPEJeY+WPkA6F9wod/20A==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/credential-provider-http@3.972.18':
-    resolution: {integrity: sha512-NyB6smuZAixND5jZumkpkunQ0voc4Mwgkd+SZ6cvAzIB7gK8HV8Zd4rS8Kn5MmoGgusyNfVGG+RLoYc4yFiw+A==}
-    engines: {node: '>=20.0.0'}
-
-  '@aws-sdk/credential-provider-http@3.972.19':
-    resolution: {integrity: sha512-9EJROO8LXll5a7eUFqu48k6BChrtokbmgeMWmsH7lBb6lVbtjslUYz/ShLi+SHkYzTomiGBhmzTW7y+H4BxsnA==}
+  '@aws-sdk/credential-provider-http@3.972.20':
+    resolution: {integrity: sha512-ey9Lelj001+oOfrbKmS6R2CJAiXX7QKY4Vj9VJv6L2eE6/VjD8DocHIoYqztTm70xDLR4E1jYPTKfIui+eRNDA==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/credential-provider-ini@3.972.13':
     resolution: {integrity: sha512-JKSoGb7XeabZLBJptpqoZIFbROUIS65NuQnEHGOpuT9GuuZwag2qciKANiDLFiYk4u8nSrJC9JIOnWKVvPVjeA==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/credential-provider-ini@3.972.17':
-    resolution: {integrity: sha512-dFqh7nfX43B8dO1aPQHOcjC0SnCJ83H3F+1LoCh3X1P7E7N09I+0/taID0asU6GCddfDExqnEvQtDdkuMe5tKQ==}
-    engines: {node: '>=20.0.0'}
-
-  '@aws-sdk/credential-provider-ini@3.972.19':
-    resolution: {integrity: sha512-pVJVjWqVrPqjpFq7o0mCmeZu1Y0c94OCHSYgivdCD2wfmYVtBbwQErakruhgOD8pcMcx9SCqRw1pzHKR7OGBcA==}
+  '@aws-sdk/credential-provider-ini@3.972.20':
+    resolution: {integrity: sha512-5flXSnKHMloObNF+9N0cupKegnH1Z37cdVlpETVgx8/rAhCe+VNlkcZH3HDg2SDn9bI765S+rhNPXGDJJPfbtA==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/credential-provider-login@3.972.13':
     resolution: {integrity: sha512-RtYcrxdnJHKY8MFQGLltCURcjuMjnaQpAxPE6+/QEdDHHItMKZgabRe/KScX737F9vJMQsmJy9EmMOkCnoC1JQ==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/credential-provider-login@3.972.17':
-    resolution: {integrity: sha512-gf2E5b7LpKb+JX2oQsRIDxdRZjBFZt2olCGlWCdb3vBERbXIPgm2t1R5mEnwd4j0UEO/Tbg5zN2KJbHXttJqwA==}
-    engines: {node: '>=20.0.0'}
-
-  '@aws-sdk/credential-provider-login@3.972.19':
-    resolution: {integrity: sha512-jOXdZ1o+CywQKr6gyxgxuUmnGwTTnY2Kxs1PM7fI6AYtDWDnmW/yKXayNqkF8KjP1unflqMWKVbVt5VgmE3L0g==}
+  '@aws-sdk/credential-provider-login@3.972.20':
+    resolution: {integrity: sha512-gEWo54nfqp2jABMu6HNsjVC4hDLpg9HC8IKSJnp0kqWtxIJYHTmiLSsIfI4ScQjxEwpB+jOOH8dOLax1+hy/Hw==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/credential-provider-node@3.972.14':
     resolution: {integrity: sha512-WqoC2aliIjQM/L3oFf6j+op/enT2i9Cc4UTxxMEKrJNECkq4/PlKE5BOjSYFcq6G9mz65EFbXJh7zOU4CvjSKQ==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/credential-provider-node@3.972.18':
-    resolution: {integrity: sha512-ZDJa2gd1xiPg/nBDGhUlat02O8obaDEnICBAVS8qieZ0+nDfaB0Z3ec6gjZj27OqFTjnB/Q5a0GwQwb7rMVViw==}
-    engines: {node: '>=20.0.0'}
-
-  '@aws-sdk/credential-provider-node@3.972.20':
-    resolution: {integrity: sha512-0xHca2BnPY0kzjDYPH7vk8YbfdBPpWVS67rtqQMalYDQUCBYS37cZ55K6TuFxCoIyNZgSCFrVKr9PXC5BVvQQw==}
+  '@aws-sdk/credential-provider-node@3.972.21':
+    resolution: {integrity: sha512-hah8if3/B/Q+LBYN5FukyQ1Mym6PLPDsBOBsIgNEYD6wLyZg0UmUF/OKIVC3nX9XH8TfTPuITK+7N/jenVACWA==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/credential-provider-process@3.972.13':
     resolution: {integrity: sha512-rsRG0LQA4VR+jnDyuqtXi2CePYSmfm5GNL9KxiW8DSe25YwJSr06W8TdUfONAC+rjsTI+aIH2rBGG5FjMeANrw==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/credential-provider-process@3.972.16':
-    resolution: {integrity: sha512-n89ibATwnLEg0ZdZmUds5bq8AfBAdoYEDpqP3uzPLaRuGelsKlIvCYSNNvfgGLi8NaHPNNhs1HjJZYbqkW9b+g==}
-    engines: {node: '>=20.0.0'}
-
-  '@aws-sdk/credential-provider-process@3.972.17':
-    resolution: {integrity: sha512-c8G8wT1axpJDgaP3xzcy+q8Y1fTi9A2eIQJvyhQ9xuXrUZhlCfXbC0vM9bM1CUXiZppFQ1p7g0tuUMvil/gCPg==}
+  '@aws-sdk/credential-provider-process@3.972.18':
+    resolution: {integrity: sha512-Tpl7SRaPoOLT32jbTWchPsn52hYYgJ0kpiFgnwk8pxTANQdUymVSZkzFvv1+oOgZm1CrbQUP9MBeoMZ9IzLZjA==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/credential-provider-sso@3.972.13':
     resolution: {integrity: sha512-fr0UU1wx8kNHDhTQBXioc/YviSW8iXuAxHvnH7eQUtn8F8o/FU3uu6EUMvAQgyvn7Ne5QFnC0Cj0BFlwCk+RFw==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/credential-provider-sso@3.972.17':
-    resolution: {integrity: sha512-wGtte+48xnhnhHMl/MsxzacBPs5A+7JJedjiP452IkHY7vsbYKcvQBqFye8LwdTJVeHtBHv+JFeTscnwepoWGg==}
-    engines: {node: '>=20.0.0'}
-
-  '@aws-sdk/credential-provider-sso@3.972.19':
-    resolution: {integrity: sha512-kVjQsEU3b///q7EZGrUzol9wzwJFKbEzqJKSq82A9ShrUTEO7FNylTtby3sPV19ndADZh1H3FB3+5ZrvKtEEeg==}
+  '@aws-sdk/credential-provider-sso@3.972.20':
+    resolution: {integrity: sha512-p+R+PYR5Z7Gjqf/6pvbCnzEHcqPCpLzR7Yf127HjJ6EAb4hUcD+qsNRnuww1sB/RmSeCLxyay8FMyqREw4p1RA==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/credential-provider-web-identity@3.972.13':
     resolution: {integrity: sha512-a6iFMh1pgUH0TdcouBppLJUfPM7Yd3R9S1xFodPtCRoLqCz2RQFA3qjA8x4112PVYXEd4/pHX2eihapq39w0rA==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/credential-provider-web-identity@3.972.17':
-    resolution: {integrity: sha512-8aiVJh6fTdl8gcyL+sVNcNwTtWpmoFa1Sh7xlj6Z7L/cZ/tYMEBHq44wTYG8Kt0z/PpGNopD89nbj3FHl9QmTA==}
-    engines: {node: '>=20.0.0'}
-
-  '@aws-sdk/credential-provider-web-identity@3.972.19':
-    resolution: {integrity: sha512-BV1BlTFdG4w4tAihxN7iXDBoNcNewXD4q8uZlNQiUrnqxwGWUhKHODIQVSPlQGxXClEj+63m+cqZskw+ESmeZg==}
+  '@aws-sdk/credential-provider-web-identity@3.972.20':
+    resolution: {integrity: sha512-rWCmh8o7QY4CsUj63qopzMzkDq/yPpkrpb+CnjBEFSOg/02T/we7sSTVg4QsDiVS9uwZ8VyONhq98qt+pIh3KA==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/eventstream-handler-node@3.972.10':
@@ -799,8 +762,8 @@ packages:
     resolution: {integrity: sha512-5XHwjPH1lHB+1q4bfC7T8Z5zZrZXfaLcjSMwTd1HPSPrCmPFMbg3UQ5vgNWcVj0xoX4HWqTGkSf2byrjlnRg5w==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/middleware-host-header@3.972.7':
-    resolution: {integrity: sha512-aHQZgztBFEpDU1BB00VWCIIm85JjGjQW1OG9+98BdmaOpguJvzmXBGbnAiYcciCd+IS4e9BEq664lhzGnWJHgQ==}
+  '@aws-sdk/middleware-host-header@3.972.8':
+    resolution: {integrity: sha512-wAr2REfKsqoKQ+OkNqvOShnBoh+nkPurDKW7uAeVSu6kUECnWlSJiPvnoqxGlfousEY/v9LfS9sNc46hjSYDIQ==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/middleware-location-constraint@3.972.6':
@@ -811,16 +774,16 @@ packages:
     resolution: {integrity: sha512-iFnaMFMQdljAPrvsCVKYltPt2j40LQqukAbXvW7v0aL5I+1GO7bZ/W8m12WxW3gwyK5p5u1WlHg8TSAizC5cZw==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/middleware-logger@3.972.7':
-    resolution: {integrity: sha512-LXhiWlWb26txCU1vcI9PneESSeRp/RYY/McuM4SpdrimQR5NgwaPb4VJCadVeuGWgh6QmqZ6rAKSoL1ob16W6w==}
+  '@aws-sdk/middleware-logger@3.972.8':
+    resolution: {integrity: sha512-CWl5UCM57WUFaFi5kB7IBY1UmOeLvNZAZ2/OZ5l20ldiJ3TiIz1pC65gYj8X0BCPWkeR1E32mpsCk1L1I4n+lA==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/middleware-recursion-detection@3.972.6':
     resolution: {integrity: sha512-dY4v3of5EEMvik6+UDwQ96KfUFDk8m1oZDdkSc5lwi4o7rFrjnv0A+yTV+gu230iybQZnKgDLg/rt2P3H+Vscw==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/middleware-recursion-detection@3.972.7':
-    resolution: {integrity: sha512-l2VQdcBcYLzIzykCHtXlbpiVCZ94/xniLIkAj0jpnpjY4xlgZx7f56Ypn+uV1y3gG0tNVytJqo3K9bfMFee7SQ==}
+  '@aws-sdk/middleware-recursion-detection@3.972.8':
+    resolution: {integrity: sha512-BnnvYs2ZEpdlmZ2PNlV2ZyQ8j8AEkMTjN79y/YA475ER1ByFYrkVR85qmhni8oeTaJcDqbx364wDpitDAA/wCA==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/middleware-sdk-s3@3.972.15':
@@ -835,36 +798,28 @@ packages:
     resolution: {integrity: sha512-ABlFVcIMmuRAwBT+8q5abAxOr7WmaINirDJBnqGY5b5jSDo00UMlg/G4a0xoAgwm6oAECeJcwkvDlxDwKf58fQ==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/middleware-user-agent@3.972.19':
-    resolution: {integrity: sha512-Km90fcXt3W/iqujHzuM6IaDkYCj73gsYufcuWXApWdzoTy6KGk8fnchAjePMARU0xegIR3K4N3yIo1vy7OVe8A==}
-    engines: {node: '>=20.0.0'}
-
-  '@aws-sdk/middleware-user-agent@3.972.20':
-    resolution: {integrity: sha512-3kNTLtpUdeahxtnJRnj/oIdLAUdzTfr9N40KtxNhtdrq+Q1RPMdCJINRXq37m4t5+r3H70wgC3opW46OzFcZYA==}
+  '@aws-sdk/middleware-user-agent@3.972.21':
+    resolution: {integrity: sha512-62XRl1GDYPpkt7cx1AX1SPy9wgNE9Iw/NPuurJu4lmhCWS7sGKO+kS53TQ8eRmIxy3skmvNInnk0ZbWrU5Dpyg==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/middleware-websocket@3.972.12':
     resolution: {integrity: sha512-iyPP6FVDKe/5wy5ojC0akpDFG1vX3FeCUU47JuwN8xfvT66xlEI8qUJZPtN55TJVFzzWZJpWL78eqUE31md08Q==}
     engines: {node: '>= 14.0.0'}
 
+  '@aws-sdk/nested-clients@3.996.10':
+    resolution: {integrity: sha512-SlDol5Z+C7Ivnc2rKGqiqfSUmUZzY1qHfVs9myt/nxVwswgfpjdKahyTzLTx802Zfq0NFRs7AejwKzzzl5Co2w==}
+    engines: {node: '>=20.0.0'}
+
   '@aws-sdk/nested-clients@3.996.3':
     resolution: {integrity: sha512-AU5TY1V29xqwg/MxmA2odwysTez+ccFAhmfRJk+QZT5HNv90UTA9qKd1J9THlsQkvmH7HWTEV1lDNxkQO5PzNw==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/nested-clients@3.996.7':
-    resolution: {integrity: sha512-MlGWA8uPaOs5AiTZ5JLM4uuWDm9EEAnm9cqwvqQIc6kEgel/8s1BaOWm9QgUcfc9K8qd7KkC3n43yDbeXOA2tg==}
-    engines: {node: '>=20.0.0'}
-
-  '@aws-sdk/nested-clients@3.996.9':
-    resolution: {integrity: sha512-+RpVtpmQbbtzFOKhMlsRcXM/3f1Z49qTOHaA8gEpHOYruERmog6f2AUtf/oTRLCWjR9H2b3roqryV/hI7QMW8w==}
-    engines: {node: '>=20.0.0'}
-
   '@aws-sdk/region-config-resolver@3.972.6':
     resolution: {integrity: sha512-Aa5PusHLXAqLTX1UKDvI3pHQJtIsF7Q+3turCHqfz/1F61/zDMWfbTC8evjhrrYVAtz9Vsv3SJ/waSUeu7B6gw==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/region-config-resolver@3.972.7':
-    resolution: {integrity: sha512-/Ev/6AI8bvt4HAAptzSjThGUMjcWaX3GX8oERkB0F0F9x2dLSBdgFDiyrRz3i0u0ZFZFQ1b28is4QhyqXTUsVA==}
+  '@aws-sdk/region-config-resolver@3.972.8':
+    resolution: {integrity: sha512-1eD4uhTDeambO/PNIDVG19A6+v4NdD7xzwLHDutHsUqz0B+i661MwQB2eYO4/crcCvCiQG4SRm1k81k54FEIvw==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/s3-request-presigner@3.1000.0':
@@ -879,8 +834,8 @@ packages:
     resolution: {integrity: sha512-j9BwZZId9sFp+4GPhf6KrwO8Tben2sXibZA8D1vv2I1zBdvkUHcBA2g4pkqIpTRalMTLC0NPkBPX0gERxfy/iA==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/token-providers@3.1008.0':
-    resolution: {integrity: sha512-TulwlHQBWcJs668kNUDMZHN51DeLrDsYT59Ux4a/nbvr025gM6HjKJJ3LvnZccam7OS/ZKUVkWomCneRQKJbBg==}
+  '@aws-sdk/token-providers@3.1009.0':
+    resolution: {integrity: sha512-KCPLuTqN9u0Rr38Arln78fRG9KXpzsPWmof+PZzfAHMMQq2QED6YjQrkrfiH7PDefLWEposY1o4/eGwrmKA4JA==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/token-providers@3.999.0':
@@ -895,6 +850,10 @@ packages:
     resolution: {integrity: sha512-hl7BGwDCWsjH8NkZfx+HgS7H2LyM2lTMAI7ba9c8O0KqdBLTdNJivsHpqjg9rNlAlPyREb6DeDRXUl0s8uFdmQ==}
     engines: {node: '>=20.0.0'}
 
+  '@aws-sdk/types@3.973.6':
+    resolution: {integrity: sha512-Atfcy4E++beKtwJHiDln2Nby8W/mam64opFPTiHEqgsthqeydFS1pY+OUlN1ouNOmf8ArPU/6cDS65anOP3KQw==}
+    engines: {node: '>=20.0.0'}
+
   '@aws-sdk/util-arn-parser@3.972.2':
     resolution: {integrity: sha512-VkykWbqMjlSgBFDyrY3nOSqupMc6ivXuGmvci6Q3NnLq5kC+mKQe2QBZ4nrWRE/jqOxeFP2uYzLtwncYYcvQDg==}
     engines: {node: '>=20.0.0'}
@@ -903,8 +862,8 @@ packages:
     resolution: {integrity: sha512-yWIQSNiCjykLL+ezN5A+DfBb1gfXTytBxm57e64lYmwxDHNmInYHRJYYRAGWG1o77vKEiWaw4ui28e3yb1k5aQ==}
     engines: {node: '>=20.0.0'}
 
-  '@aws-sdk/util-endpoints@3.996.4':
-    resolution: {integrity: sha512-Hek90FBmd4joCFj+Vc98KLJh73Zqj3s2W56gjAcTkrNLMDI5nIFkG9YpfcJiVI1YlE2Ne1uOQNe+IgQ/Vz2XRA==}
+  '@aws-sdk/util-endpoints@3.996.5':
+    resolution: {integrity: sha512-Uh93L5sXFNbyR5sEPMzUU8tJ++Ku97EY4udmC01nB8Zu+xfBPwpIwJ6F7snqQeq8h2pf+8SGN5/NoytfKgYPIw==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/util-format-url@3.972.6':
@@ -926,8 +885,8 @@ packages:
   '@aws-sdk/util-user-agent-browser@3.972.6':
     resolution: {integrity: sha512-Fwr/llD6GOrFgQnKaI2glhohdGuBDfHfora6iG9qsBBBR8xv1SdCSwbtf5CWlUdCw5X7g76G/9Hf0Inh0EmoxA==}
 
-  '@aws-sdk/util-user-agent-browser@3.972.7':
-    resolution: {integrity: sha512-7SJVuvhKhMF/BkNS1n0QAJYgvEwYbK2QLKBrzDiwQGiTRU6Yf1f3nehTzm/l21xdAOtWSfp2uWSddPnP2ZtsVw==}
+  '@aws-sdk/util-user-agent-browser@3.972.8':
+    resolution: {integrity: sha512-B3KGXJviV2u6Cdw2SDY2aDhoJkVfY/Q/Trwk2CMSkikE1Oi6gRzxhvhIfiRpHfmIsAhV4EA54TVEX8K6CbHbkA==}
 
   '@aws-sdk/util-user-agent-node@3.973.0':
     resolution: {integrity: sha512-A9J2G4Nf236e9GpaC1JnA8wRn6u6GjnOXiTwBLA6NUJhlBTIGfrTy+K1IazmF8y+4OFdW3O5TZlhyspJMqiqjA==}
@@ -938,8 +897,8 @@ packages:
       aws-crt:
         optional: true
 
-  '@aws-sdk/util-user-agent-node@3.973.4':
-    resolution: {integrity: sha512-uqKeLqZ9D3nQjH7HGIERNXK9qnSpUK08l4MlJ5/NZqSSdeJsVANYp437EM9sEzwU28c2xfj2V6qlkqzsgtKs6Q==}
+  '@aws-sdk/util-user-agent-node@3.973.7':
+    resolution: {integrity: sha512-Hz6EZMUAEzqUd7e+vZ9LE7mn+5gMbxltXy18v+YSFY+9LBJz15wkNZvw5JqfX3z0FS9n3bgUtz3L5rAsfh4YlA==}
     engines: {node: '>=20.0.0'}
     peerDependencies:
       aws-crt: '>=1.0.0'
@@ -947,17 +906,8 @@ packages:
       aws-crt:
         optional: true
 
-  '@aws-sdk/util-user-agent-node@3.973.6':
-    resolution: {integrity: sha512-iF7G0prk7AvmOK64FcLvc/fW+Ty1H+vttajL7PvJFReU8urMxfYmynTTuFKDTA76Wgpq3FzTPKwabMQIXQHiXQ==}
-    engines: {node: '>=20.0.0'}
-    peerDependencies:
-      aws-crt: '>=1.0.0'
-    peerDependenciesMeta:
-      aws-crt:
-        optional: true
-
-  '@aws-sdk/xml-builder@3.972.10':
-    resolution: {integrity: sha512-OnejAIVD+CxzyAUrVic7lG+3QRltyja9LoNqCE/1YVs8ichoTbJlVSaZ9iSMcnHLyzrSNtvaOGjSDRP+d/ouFA==}
+  '@aws-sdk/xml-builder@3.972.11':
+    resolution: {integrity: sha512-iitV/gZKQMvY9d7ovmyFnFuTHbBAtrmLnvaSb/3X8vOKyevwtpmEtyc8AdhVWZe0pI/1GsHxlEvQeOePFzy7KQ==}
     engines: {node: '>=20.0.0'}
 
   '@aws-sdk/xml-builder@3.972.8':
@@ -1754,22 +1704,22 @@ packages:
     resolution: {integrity: sha512-faGUlTcXka5l7rv0lP3K3vGW/ejRuOS24RR2aSFWREUQqzjgdsuWNo/IiPqL3kWRGt6Ahl2+qcDAwtdeWeuGUw==}
     hasBin: true
 
-  '@mariozechner/pi-agent-core@0.57.1':
-    resolution: {integrity: sha512-WXsBbkNWOObFGHkhixaT8GXJpHDd3+fn8QntYF+4R8Sa9WB90ENXWidO6b7vcKX+JX0jjO5dIsQxmzosARJKlg==}
+  '@mariozechner/pi-agent-core@0.58.0':
+    resolution: {integrity: sha512-zhkwx3Wdo27snVfnJWi7l+wyU4XlazkeunTtz4e500GC+ufGOp4C3aIf0XiO5ZOtTE/0lvUiG2bWULR/i4lgUQ==}
     engines: {node: '>=20.0.0'}
 
-  '@mariozechner/pi-ai@0.57.1':
-    resolution: {integrity: sha512-Bd/J4a3YpdzJVyHLih0vDSdB0QPL4ti0XsAwtHOK/8eVhB0fHM1CpcgIrcBFJ23TMcKXMi0qamz18ERfp8tmgg==}
+  '@mariozechner/pi-ai@0.58.0':
+    resolution: {integrity: sha512-3TrkJ9QcBYFPo4NxYluhd+JQ4M+98RaEkNPMrLFU4wK4GMFVtsL3kp1YJ/oj7X0eqKuuDKbHj6MdoMZeT2TCvA==}
     engines: {node: '>=20.0.0'}
     hasBin: true
 
-  '@mariozechner/pi-coding-agent@0.57.1':
-    resolution: {integrity: sha512-u5MQEduj68rwVIsRsqrWkJYiJCyPph/a6bMoJAQKo1sb+Pc17Y/ojwa+wGssnUMjEB38AQKofWTVe8NFEpSWNw==}
+  '@mariozechner/pi-coding-agent@0.58.0':
+    resolution: {integrity: sha512-aCoqIMfcFWwuZrLC4MC1EnHwUrqo+ppamXlNYk5+nANH8U+51AP8OUqOUqT9NSHO9ZdItheU9wCqt7wPf5Ah8A==}
     engines: {node: '>=20.6.0'}
     hasBin: true
 
-  '@mariozechner/pi-tui@0.57.1':
-    resolution: {integrity: sha512-cjoRghLbeAHV0tTJeHgZXaryUi5zzBZofeZ7uJun1gztnckLLRjoVeaPTujNlc5BIfyKvFqhh1QWCZng/MXlpg==}
+  '@mariozechner/pi-tui@0.58.0':
+    resolution: {integrity: sha512-luRbQlk0ZCbYGCtCrKTqQX0ECKNYPj7OSlxKMXEY0B3bA6s4f/Xj0aLPiKlhsIynC2dPQmijA44ZDfrWFniWwA==}
     engines: {node: '>=20.0.0'}
 
   '@matrix-org/matrix-sdk-crypto-nodejs@0.4.0':
@@ -2523,12 +2473,16 @@ packages:
     cpu: [x64]
     os: [win32]
 
-  '@pierre/diffs@1.0.11':
-    resolution: {integrity: sha512-j6zIEoyImQy1HfcJqbrDwP0O5I7V2VNXAaw53FqQ+SykRfaNwABeZHs9uibXO4supaXPmTx6LEH9Lffr03e1Tw==}
+  '@pierre/diffs@1.1.0':
+    resolution: {integrity: sha512-wbxrzcmanJuHZb81iir09j42uU9AnKxXDtAuEQJbAnti5f2UfYdCQYejawuHZStFrlsMacCZLh/dDHmqvAaQCw==}
     peerDependencies:
       react: ^18.3.1 || ^19.0.0
       react-dom: ^18.3.1 || ^19.0.0
 
+  '@pierre/theme@0.0.22':
+    resolution: {integrity: sha512-ePUIdQRNGjrveELTU7fY89Xa7YGHHEy5Po5jQy/18lm32eRn96+tnYJEtFooGdffrx55KBUtOXfvVy/7LDFFhA==}
+    engines: {vscode: ^1.0.0}
+
   '@pinojs/redact@0.4.0':
     resolution: {integrity: sha512-k2ENnmBugE/rzQfEcdWHcCY+/FM3VLzH9cYEsbdsoqrvzAKRhUZeRNhAZvB8OitQJ1TBed3yqWtdjzS6wJKBwg==}
 
@@ -2768,6 +2722,10 @@ packages:
     resolution: {integrity: sha512-Wz7QYfPAlG/DR+DfABddUZeNgoeY7d1J39OCR2jR+v7VBsB8ezulDK5szTnDDPDwLH5IWhLvXIHlCFZV7MSKgA==}
     engines: {node: '>= 18', npm: '>= 8.6.0'}
 
+  '@slack/logger@4.0.1':
+    resolution: {integrity: sha512-6cmdPrV/RYfd2U0mDGiMK8S7OJqpCTm7enMLRR3edccsPX8j7zXTLnaEF4fhxxJJTAIOil6+qZrnUPTuaLvwrQ==}
+    engines: {node: '>= 18', npm: '>= 8.6.0'}
+
   '@slack/oauth@3.0.4':
     resolution: {integrity: sha512-+8H0g7mbrHndEUbYCP7uYyBCbwqmm3E6Mo3nfsDvZZW74zKk1ochfH/fWSvGInYNCVvaBUbg3RZBbTp0j8yJCg==}
     engines: {node: '>=18', npm: '>=8.6.0'}
@@ -2780,18 +2738,18 @@ packages:
     resolution: {integrity: sha512-PVF6P6nxzDMrzPC8fSCsnwaI+kF8YfEpxf3MqXmdyjyWTYsZQURpkK7WWUWvP5QpH55pB7zyYL9Qem/xSgc5VA==}
     engines: {node: '>= 12.13.0', npm: '>= 6.12.0'}
 
-  '@slack/web-api@7.14.1':
-    resolution: {integrity: sha512-RoygyteJeFswxDPJjUMESn9dldWVMD2xUcHHd9DenVavSfVC6FeVnSdDerOO7m8LLvw4Q132nQM4hX8JiF7dng==}
+  '@slack/types@2.20.1':
+    resolution: {integrity: sha512-eWX2mdt1ktpn8+40iiMc404uGrih+2fxiky3zBcPjtXKj6HLRdYlmhrPkJi7JTJm8dpXR6BWVWEDBXtaWMKD6A==}
+    engines: {node: '>= 12.13.0', npm: '>= 6.12.0'}
+
+  '@slack/web-api@7.15.0':
+    resolution: {integrity: sha512-va7zYIt3QHG1x9M/jqXXRPFMoOVlVSSRHC5YH+DzKYsrz5xUKOA3lR4THsu/Zxha9N1jOndbKFKLtr0WOPW1Vw==}
     engines: {node: '>= 18', npm: '>= 8.6.0'}
 
   '@smithy/abort-controller@4.2.10':
     resolution: {integrity: sha512-qocxM/X4XGATqQtUkbE9SPUB6wekBi+FyJOMbPj0AhvyvFGYEmOlz6VB22iMePCQsFmMIvFSeViDvA7mZJG47g==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/abort-controller@4.2.11':
-    resolution: {integrity: sha512-Hj4WoYWMJnSpM6/kchsm4bUNTL9XiSyhvoMb2KIq4VJzyDt7JpGHUZHkVNPZVC7YE1tf8tPeVauxpFBKGW4/KQ==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/abort-controller@4.2.12':
     resolution: {integrity: sha512-xolrFw6b+2iYGl6EcOL7IJY71vvyZ0DJ3mcKtpykqPe2uscwtzDZJa1uVQXyP7w9Dd+kGwYnPbMsJrGISKiY/Q==}
     engines: {node: '>=18.0.0'}
@@ -2804,10 +2762,6 @@ packages:
     resolution: {integrity: sha512-y5d4xRiD6TzeP5BWlb+Ig/VFqF+t9oANNhGeMqyzU7obw7FYgTgVi50i5JqBTeKp+TABeDIeeXFZdz65RipNtA==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/config-resolver@4.4.10':
-    resolution: {integrity: sha512-IRTkd6ps0ru+lTWnfnsbXzW80A8Od8p3pYiZnW98K2Hb20rqfsX7VTlfUwhrcOeSSy68Gn9WBofwPuw3e5CCsg==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/config-resolver@4.4.11':
     resolution: {integrity: sha512-YxFiiG4YDAtX7WMN7RuhHZLeTmRRAOyCbr+zB8e3AQzHPnUhS8zXjB1+cniPVQI3xbWsQPM0X2aaIkO/ME0ymw==}
     engines: {node: '>=18.0.0'}
@@ -2824,18 +2778,10 @@ packages:
     resolution: {integrity: sha512-4xE+0L2NrsFKpEVFlFELkIHQddBvMbQ41LRIP74dGCXnY1zQ9DgksrBcRBDJT+iOzGy4VEJIeU3hkUK5mn06kg==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/core@3.23.9':
-    resolution: {integrity: sha512-1Vcut4LEL9HZsdpI0vFiRYIsaoPwZLjAxnVQDUMQK8beMS+EYPLDQCXtbzfxmM5GzSgjfe2Q9M7WaXwIMQllyQ==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/credential-provider-imds@4.2.10':
     resolution: {integrity: sha512-3bsMLJJLTZGZqVGGeBVFfLzuRulVsGTj12BzRKODTHqUABpIr0jMN1vN3+u6r2OfyhAQ2pXaMZWX/swBK5I6PQ==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/credential-provider-imds@4.2.11':
-    resolution: {integrity: sha512-lBXrS6ku0kTj3xLmsJW0WwqWbGQ6ueooYyp/1L9lkyT0M02C+DWwYwc5aTyXFbRaK38ojALxNixg+LxKSHZc0g==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/credential-provider-imds@4.2.12':
     resolution: {integrity: sha512-cr2lR792vNZcYMriSIj+Um3x9KWrjcu98kn234xA6reOAFMmbRpQMOv8KPgEmLLtx3eldU6c5wALKFqNOhugmg==}
     engines: {node: '>=18.0.0'}
@@ -2884,10 +2830,6 @@ packages:
     resolution: {integrity: sha512-wbTRjOxdFuyEg0CpumjZO0hkUl+fetJFqxNROepuLIoijQh51aMBmzFLfoQdwRjxsuuS2jizzIUTjPWgd8pd7g==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/fetch-http-handler@5.3.13':
-    resolution: {integrity: sha512-U2Hcfl2s3XaYjikN9cT4mPu8ybDbImV3baXR0PkVlC0TTx808bRP3FaPGAzPtB8OByI+JqJ1kyS+7GEgae7+qQ==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/fetch-http-handler@5.3.15':
     resolution: {integrity: sha512-T4jFU5N/yiIfrtrsb9uOQn7RdELdM/7HbyLNr6uO/mpkj1ctiVs7CihVr51w4LyQlXWDpXFn4BElf1WmQvZu/A==}
     engines: {node: '>=18.0.0'}
@@ -2900,10 +2842,6 @@ packages:
     resolution: {integrity: sha512-1VzIOI5CcsvMDvP3iv1vG/RfLJVVVc67dCRyLSB2Hn9SWCZrDO3zvcIzj3BfEtqRW5kcMg5KAeVf1K3dR6nD3w==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/hash-node@4.2.11':
-    resolution: {integrity: sha512-T+p1pNynRkydpdL015ruIoyPSRw9e/SQOWmSAMmmprfswMrd5Ow5igOWNVlvyVFZlxXqGmyH3NQwfwy8r5Jx0A==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/hash-node@4.2.12':
     resolution: {integrity: sha512-QhBYbGrbxTkZ43QoTPrK72DoYviDeg6YKDrHTMJbbC+A0sml3kSjzFtXP7BtbyJnXojLfTQldGdUR0RGD8dA3w==}
     engines: {node: '>=18.0.0'}
@@ -2916,10 +2854,6 @@ packages:
     resolution: {integrity: sha512-vy9KPNSFUU0ajFYk0sDZIYiUlAWGEAhRfehIr5ZkdFrRFTAuXEPUd41USuqHU6vvLX4r6Q9X7MKBco5+Il0Org==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/invalid-dependency@4.2.11':
-    resolution: {integrity: sha512-cGNMrgykRmddrNhYy1yBdrp5GwIgEkniS7k9O1VLB38yxQtlvrxpZtUVvo6T4cKpeZsriukBuuxfJcdZQc/f/g==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/invalid-dependency@4.2.12':
     resolution: {integrity: sha512-/4F1zb7Z8LOu1PalTdESFHR0RbPwHd3FcaG1sI3UEIriQTWakysgJr65lc1jj6QY5ye7aFsisajotH6UhWfm/g==}
     engines: {node: '>=18.0.0'}
@@ -2944,10 +2878,6 @@ packages:
     resolution: {integrity: sha512-TQZ9kX5c6XbjhaEBpvhSvMEZ0klBs1CFtOdPFwATZSbC9UeQfKHPLPN9Y+I6wZGMOavlYTOlHEPDrt42PMSH9w==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/middleware-content-length@4.2.11':
-    resolution: {integrity: sha512-UvIfKYAKhCzr4p6jFevPlKhQwyQwlJ6IeKLDhmV1PlYfcW3RL4ROjNEDtSik4NYMi9kDkH7eSwyTP3vNJ/u/Dw==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/middleware-content-length@4.2.12':
     resolution: {integrity: sha512-YE58Yz+cvFInWI/wOTrB+DbvUVz/pLn5mC5MvOV4fdRUc6qGwygyngcucRQjAhiCEbmfLOXX0gntSIcgMvAjmA==}
     engines: {node: '>=18.0.0'}
@@ -2956,10 +2886,6 @@ packages:
     resolution: {integrity: sha512-9W6Np4ceBP3XCYAGLoMCmn8t2RRVzuD1ndWPLBbv7H9CrwM9Bprf6Up6BM9ZA/3alodg0b7Kf6ftBK9R1N04vw==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/middleware-endpoint@4.4.23':
-    resolution: {integrity: sha512-UEFIejZy54T1EJn2aWJ45voB7RP2T+IRzUqocIdM6GFFa5ClZncakYJfcYnoXt3UsQrZZ9ZRauGm77l9UCbBLw==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/middleware-endpoint@4.4.25':
     resolution: {integrity: sha512-dqjLwZs2eBxIUG6Qtw8/YZ4DvzHGIf0DA18wrgtfP6a50UIO7e2nY0FPdcbv5tVJKqWCCU5BmGMOUwT7Puan+A==}
     engines: {node: '>=18.0.0'}
@@ -2968,10 +2894,6 @@ packages:
     resolution: {integrity: sha512-/1psZZllBBSQ7+qo5+hhLz7AEPGLx3Z0+e3ramMBEuPK2PfvLK4SrncDB9VegX5mBn+oP/UTDrM6IHrFjvX1ZA==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/middleware-retry@4.4.40':
-    resolution: {integrity: sha512-YhEMakG1Ae57FajERdHNZ4ShOPIY7DsgV+ZoAxo/5BT0KIe+f6DDU2rtIymNNFIj22NJfeeI6LWIifrwM0f+rA==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/middleware-retry@4.4.42':
     resolution: {integrity: sha512-vbwyqHRIpIZutNXZpLAozakzamcINaRCpEy1MYmK6xBeW3xN+TyPRA123GjXnuxZIjc9848MRRCugVMTXxC4Eg==}
     engines: {node: '>=18.0.0'}
@@ -2980,10 +2902,6 @@ packages:
     resolution: {integrity: sha512-STQdONGPwbbC7cusL60s7vOa6He6A9w2jWhoapL0mgVjmR19pr26slV+yoSP76SIssMTX/95e5nOZ6UQv6jolg==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/middleware-serde@4.2.12':
-    resolution: {integrity: sha512-W9g1bOLui7Xn5FABRVS0o3rXL0gfN37d/8I/W7i0N7oxjx9QecUmXEMSUMADTODwdtka9cN43t5BI2CodLJpng==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/middleware-serde@4.2.14':
     resolution: {integrity: sha512-+CcaLoLa5apzSRtloOyG7lQvkUw2ZDml3hRh4QiG9WyEPfW5Ke/3tPOPiPjUneuT59Tpn8+c3RVaUvvkkwqZwg==}
     engines: {node: '>=18.0.0'}
@@ -2992,10 +2910,6 @@ packages:
     resolution: {integrity: sha512-pmts/WovNcE/tlyHa8z/groPeOtqtEpp61q3W0nW1nDJuMq/x+hWa/OVQBtgU0tBqupeXq0VBOLA4UZwE8I0YA==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/middleware-stack@4.2.11':
-    resolution: {integrity: sha512-s+eenEPW6RgliDk2IhjD2hWOxIx1NKrOHxEwNUaUXxYBxIyCcDfNULZ2Mu15E3kwcJWBedTET/kEASPV1A1Akg==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/middleware-stack@4.2.12':
     resolution: {integrity: sha512-kruC5gRHwsCOuyCd4ouQxYjgRAym2uDlCvQ5acuMtRrcdfg7mFBg6blaxcJ09STpt3ziEkis6bhg1uwrWU7txw==}
     engines: {node: '>=18.0.0'}
@@ -3004,10 +2918,6 @@ packages:
     resolution: {integrity: sha512-UALRbJtVX34AdP2VECKVlnNgidLHA2A7YgcJzwSBg1hzmnO/bZBHl/LDQQyYifzUwp1UOODnl9JJ3KNawpUJ9w==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/node-config-provider@4.3.11':
-    resolution: {integrity: sha512-xD17eE7kaLgBBGf5CZQ58hh2YmwK1Z0O8YhffwB/De2jsL0U3JklmhVYJ9Uf37OtUDLF2gsW40Xwwag9U869Gg==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/node-config-provider@4.3.12':
     resolution: {integrity: sha512-tr2oKX2xMcO+rBOjobSwVAkV05SIfUKz8iI53rzxEmgW3GOOPOv0UioSDk+J8OpRQnpnhsO3Af6IEBabQBVmiw==}
     engines: {node: '>=18.0.0'}
@@ -3016,10 +2926,6 @@ packages:
     resolution: {integrity: sha512-zo1+WKJkR9x7ZtMeMDAAsq2PufwiLDmkhcjpWPRRkmeIuOm6nq1qjFICSZbnjBvD09ei8KMo26BWxsu2BUU+5w==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/node-http-handler@4.4.14':
-    resolution: {integrity: sha512-DamSqaU8nuk0xTJDrYnRzZndHwwRnyj/n/+RqGGCcBKB4qrQem0mSDiWdupaNWdwxzyMU91qxDmHOCazfhtO3A==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/node-http-handler@4.4.16':
     resolution: {integrity: sha512-ULC8UCS/HivdCB3jhi+kLFYe4B5gxH2gi9vHBfEIiRrT2jfKiZNiETJSlzRtE6B26XbBHjPtc8iZKSNqMol9bw==}
     engines: {node: '>=18.0.0'}
@@ -3028,10 +2934,6 @@ packages:
     resolution: {integrity: sha512-5jm60P0CU7tom0eNrZ7YrkgBaoLFXzmqB0wVS+4uK8PPGmosSrLNf6rRd50UBvukztawZ7zyA8TxlrKpF5z9jw==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/property-provider@4.2.11':
-    resolution: {integrity: sha512-14T1V64o6/ndyrnl1ze1ZhyLzIeYNN47oF/QU6P5m82AEtyOkMJTb0gO1dPubYjyyKuPD6OSVMPDKe+zioOnCg==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/property-provider@4.2.12':
     resolution: {integrity: sha512-jqve46eYU1v7pZ5BM+fmkbq3DerkSluPr5EhvOcHxygxzD05ByDRppRwRPPpFrsFo5yDtCYLKu+kreHKVrvc7A==}
     engines: {node: '>=18.0.0'}
@@ -3040,10 +2942,6 @@ packages:
     resolution: {integrity: sha512-2NzVWpYY0tRdfeCJLsgrR89KE3NTWT2wGulhNUxYlRmtRmPwLQwKzhrfVaiNlA9ZpJvbW7cjTVChYKgnkqXj1A==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/protocol-http@5.3.11':
-    resolution: {integrity: sha512-hI+barOVDJBkNt4y0L2mu3Ugc0w7+BpJ2CZuLwXtSltGAAwCb3IvnalGlbDV/UCS6a9ZuT3+exd1WxNdLb5IlQ==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/protocol-http@5.3.12':
     resolution: {integrity: sha512-fit0GZK9I1xoRlR4jXmbLhoN0OdEpa96ul8M65XdmXnxXkuMxM0Y8HDT0Fh0Xb4I85MBvBClOzgSrV1X2s1Hxw==}
     engines: {node: '>=18.0.0'}
@@ -3052,10 +2950,6 @@ packages:
     resolution: {integrity: sha512-HeN7kEvuzO2DmAzLukE9UryiUvejD3tMp9a1D1NJETerIfKobBUCLfviP6QEk500166eD2IATaXM59qgUI+YDA==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/querystring-builder@4.2.11':
-    resolution: {integrity: sha512-7spdikrYiljpket6u0up2Ck2mxhy7dZ0+TDd+S53Dg2DHd6wg+YNJrTCHiLdgZmEXZKI7LJZcwL3721ZRDFiqA==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/querystring-builder@4.2.12':
     resolution: {integrity: sha512-6wTZjGABQufekycfDGMEB84BgtdOE/rCVTov+EDXQ8NHKTUNIp/j27IliwP7tjIU9LR+sSzyGBOXjeEtVgzCHg==}
     engines: {node: '>=18.0.0'}
@@ -3064,10 +2958,6 @@ packages:
     resolution: {integrity: sha512-4Mh18J26+ao1oX5wXJfWlTT+Q1OpDR8ssiC9PDOuEgVBGloqg18Fw7h5Ct8DyT9NBYwJgtJ2nLjKKFU6RP1G1Q==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/querystring-parser@4.2.11':
-    resolution: {integrity: sha512-nE3IRNjDltvGcoThD2abTozI1dkSy8aX+a2N1Rs55en5UsdyyIXgGEmevUL3okZFoJC77JgRGe99xYohhsjivQ==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/querystring-parser@4.2.12':
     resolution: {integrity: sha512-P2OdvrgiAKpkPNKlKUtWbNZKB1XjPxM086NeVhK+W+wI46pIKdWBe5QyXvhUm3MEcyS/rkLvY8rZzyUdmyDZBw==}
     engines: {node: '>=18.0.0'}
@@ -3076,10 +2966,6 @@ packages:
     resolution: {integrity: sha512-0R/+/Il5y8nB/By90o8hy/bWVYptbIfvoTYad0igYQO5RefhNCDmNzqxaMx7K1t/QWo0d6UynqpqN5cCQt1MCg==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/service-error-classification@4.2.11':
-    resolution: {integrity: sha512-HkMFJZJUhzU3HvND1+Yw/kYWXp4RPDLBWLcK1n+Vqw8xn4y2YiBhdww8IxhkQjP/QlZun5bwm3vcHc8AqIU3zw==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/service-error-classification@4.2.12':
     resolution: {integrity: sha512-LlP29oSQN0Tw0b6D0Xo6BIikBswuIiGYbRACy5ujw/JgWSzTdYj46U83ssf6Ux0GyNJVivs2uReU8pt7Eu9okQ==}
     engines: {node: '>=18.0.0'}
@@ -3088,10 +2974,6 @@ packages:
     resolution: {integrity: sha512-pHgASxl50rrtOztgQCPmOXFjRW+mCd7ALr/3uXNzRrRoGV5G2+78GOsQ3HlQuBVHCh9o6xqMNvlIKZjWn4Euug==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/shared-ini-file-loader@4.4.6':
-    resolution: {integrity: sha512-IB/M5I8G0EeXZTHsAxpx51tMQ5R719F3aq+fjEB6VtNcCHDc0ajFDIGDZw+FW9GxtEkgTduiPpjveJdA/CX7sw==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/shared-ini-file-loader@4.4.7':
     resolution: {integrity: sha512-HrOKWsUb+otTeo1HxVWeEb99t5ER1XrBi/xka2Wv6NVmTbuCUC1dvlrksdvxFtODLBjsC+PHK+fuy2x/7Ynyiw==}
     engines: {node: '>=18.0.0'}
@@ -3100,10 +2982,6 @@ packages:
     resolution: {integrity: sha512-Wab3wW8468WqTKIxI+aZe3JYO52/RYT/8sDOdzkUhjnLakLe9qoQqIcfih/qxcF4qWEFoWBszY0mj5uxffaVXA==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/signature-v4@5.3.11':
-    resolution: {integrity: sha512-V1L6N9aKOBAN4wEHLyqjLBnAz13mtILU0SeDrjOaIZEeN6IFa6DxwRt1NNpOdmSpQUfkBj0qeD3m6P77uzMhgQ==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/signature-v4@5.3.12':
     resolution: {integrity: sha512-B/FBwO3MVOL00DaRSXfXfa/TRXRheagt/q5A2NM13u7q+sHS59EOVGQNfG7DkmVtdQm5m3vOosoKAXSqn/OEgw==}
     engines: {node: '>=18.0.0'}
@@ -3112,10 +2990,6 @@ packages:
     resolution: {integrity: sha512-R8bQ9K3lCcXyZmBnQqUZJF4ChZmtWT5NLi6x5kgWx5D+/j0KorXcA0YcFg/X5TOgnTCy1tbKc6z2g2y4amFupQ==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/smithy-client@4.12.3':
-    resolution: {integrity: sha512-7k4UxjSpHmPN2AxVhvIazRSzFQjWnud3sOsXcFStzagww17j1cFQYqTSiQ8xuYK3vKLR1Ni8FzuT3VlKr3xCNw==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/smithy-client@4.12.5':
     resolution: {integrity: sha512-UqwYawyqSr/aog8mnLnfbPurS0gi4G7IYDcD28cUIBhsvWs1+rQcL2IwkUQ+QZ7dibaoRzhNF99fAQ9AUcO00w==}
     engines: {node: '>=18.0.0'}
@@ -3132,10 +3006,6 @@ packages:
     resolution: {integrity: sha512-uypjF7fCDsRk26u3qHmFI/ePL7bxxB9vKkE+2WKEciHhz+4QtbzWiHRVNRJwU3cKhrYDYQE3b0MRFtqfLYdA4A==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/url-parser@4.2.11':
-    resolution: {integrity: sha512-oTAGGHo8ZYc5VZsBREzuf5lf2pAurJQsccMusVZ85wDkX66ojEc/XauiGjzCj50A61ObFTPe6d7Pyt6UBYaing==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/url-parser@4.2.12':
     resolution: {integrity: sha512-wOPKPEpso+doCZGIlr+e1lVI6+9VAKfL4kZWFgzVgGWY2hZxshNKod4l2LXS3PRC9otH/JRSjtEHqQ/7eLciRA==}
     engines: {node: '>=18.0.0'}
@@ -3188,10 +3058,6 @@ packages:
     resolution: {integrity: sha512-R0smq7EHQXRVMxkAxtH5akJ/FvgAmNF6bUy/GwY/N20T4GrwjT633NFm0VuRpC+8Bbv8R9A0DoJ9OiZL/M3xew==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/util-defaults-mode-browser@4.3.39':
-    resolution: {integrity: sha512-ui7/Ho/+VHqS7Km2wBw4/Ab4RktoiSshgcgpJzC4keFPs6tLJS4IQwbeahxQS3E/w98uq6E1mirCH/id9xIXeQ==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/util-defaults-mode-browser@4.3.41':
     resolution: {integrity: sha512-M1w1Ux0rSVvBOxIIiqbxvZvhnjQ+VUjJrugtORE90BbadSTH+jsQL279KRL3Hv0w69rE7EuYkV/4Lepz/NBW9g==}
     engines: {node: '>=18.0.0'}
@@ -3200,10 +3066,6 @@ packages:
     resolution: {integrity: sha512-otWuoDm35btJV1L8MyHrPl462B07QCdMTktKc7/yM+Psv6KbED/ziXiHnmr7yPHUjfIwE9S8Max0LO24Mo3ZVg==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/util-defaults-mode-node@4.2.42':
-    resolution: {integrity: sha512-QDA84CWNe8Akpj15ofLO+1N3Rfg8qa2K5uX0y6HnOp4AnRYRgWrKx/xzbYNbVF9ZsyJUYOfcoaN3y93wA/QJ2A==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/util-defaults-mode-node@4.2.44':
     resolution: {integrity: sha512-YPze3/lD1KmWuZsl9JlfhcgGLX7AXhSoaCDtiPntUjNW5/YY0lOHjkcgxyE9x/h5vvS1fzDifMGjzqnNlNiqOQ==}
     engines: {node: '>=18.0.0'}
@@ -3212,10 +3074,6 @@ packages:
     resolution: {integrity: sha512-xyctc4klmjmieQiF9I1wssBWleRV0RhJ2DpO8+8yzi2LO1Z+4IWOZNGZGNj4+hq9kdo+nyfrRLmQTzc16Op2Vg==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/util-endpoints@3.3.2':
-    resolution: {integrity: sha512-+4HFLpE5u29AbFlTdlKIT7jfOzZ8PDYZKTb3e+AgLz986OYwqTourQ5H+jg79/66DB69Un1+qKecLnkZdAsYcA==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/util-endpoints@3.3.3':
     resolution: {integrity: sha512-VACQVe50j0HZPjpwWcjyT51KUQ4AnsvEaQ2lKHOSL4mNLD0G9BjEniQ+yCt1qqfKfiAHRAts26ud7hBjamrwig==}
     engines: {node: '>=18.0.0'}
@@ -3232,10 +3090,6 @@ packages:
     resolution: {integrity: sha512-LxaQIWLp4y0r72eA8mwPNQ9va4h5KeLM0I3M/HV9klmFaY2kN766wf5vsTzmaOpNNb7GgXAd9a25P3h8T49PSA==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/util-middleware@4.2.11':
-    resolution: {integrity: sha512-r3dtF9F+TpSZUxpOVVtPfk09Rlo4lT6ORBqEvX3IBT6SkQAdDSVKR5GcfmZbtl7WKhKnmb3wbDTQ6ibR2XHClw==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/util-middleware@4.2.12':
     resolution: {integrity: sha512-Er805uFUOvgc0l8nv0e0su0VFISoxhJ/AwOn3gL2NWNY2LUEldP5WtVcRYSQBcjg0y9NfG8JYrCJaYDpupBHJQ==}
     engines: {node: '>=18.0.0'}
@@ -3244,10 +3098,6 @@ packages:
     resolution: {integrity: sha512-HrBzistfpyE5uqTwiyLsFHscgnwB0kgv8vySp7q5kZ0Eltn/tjosaSGGDj/jJ9ys7pWzIP/icE2d+7vMKXLv7A==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/util-retry@4.2.11':
-    resolution: {integrity: sha512-XSZULmL5x6aCTTii59wJqKsY1l3eMIAomRAccW7Tzh9r8s7T/7rdo03oektuH5jeYRlJMPcNP92EuRDvk9aXbw==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/util-retry@4.2.12':
     resolution: {integrity: sha512-1zopLDUEOwumjcHdJ1mwBHddubYF8GMQvstVCLC54Y46rqoHwlIU+8ZzUeaBcD+WCJHyDGSeZ2ml9YSe9aqcoQ==}
     engines: {node: '>=18.0.0'}
@@ -3256,10 +3106,6 @@ packages:
     resolution: {integrity: sha512-OlOKnaqnkU9X+6wEkd7mN+WB7orPbCVDauXOj22Q7VtiTkvy7ZdSsOg4QiNAZMgI4OkvNf+/VLUC3VXkxuWJZw==}
     engines: {node: '>=18.0.0'}
 
-  '@smithy/util-stream@4.5.17':
-    resolution: {integrity: sha512-793BYZ4h2JAQkNHcEnyFxDTcZbm9bVybD0UV/LEWmZ5bkTms7JqjfrLMi2Qy0E5WFcCzLwCAPgcvcvxoeALbAQ==}
-    engines: {node: '>=18.0.0'}
-
   '@smithy/util-stream@4.5.19':
     resolution: {integrity: sha512-v4sa+3xTweL1CLO2UP0p7tvIMH/Rq1X4KKOxd568mpe6LSLMQCnDHs4uv7m3ukpl3HvcN2JH6jiCS0SNRXKP/w==}
     engines: {node: '>=18.0.0'}
@@ -3600,43 +3446,43 @@ packages:
   '@types/yauzl@2.10.3':
     resolution: {integrity: sha512-oJoftv0LSuaDZE3Le4DbKX+KS9G36NzOeSap90UIK0yMA/NhKJhqlSGtNDORNRaIbQfzjXDrQa0ytJ6mNRGz/Q==}
 
-  '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260312.1':
-    resolution: {integrity: sha512-AhPdPuVe4osxWoeImS21jVhc0VJ2QnzLUZtEFMakY0Rf70C0b6il/m7hwRf9wkr9xXZLVOVJ1kYrpvQRuHFE0Q==}
+  '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260313.1':
+    resolution: {integrity: sha512-/fU2IvlRQWOy63xSzkejW7tTQpsL5dQ/ATIsJFlK75vS941CnNJY8dAx3iQYLkHMhS45hhCIR+bbJPRaacq/fw==}
     cpu: [arm64]
     os: [darwin]
 
-  '@typescript/native-preview-darwin-x64@7.0.0-dev.20260312.1':
-    resolution: {integrity: sha512-9I0P1/c/mQ6UVcQq7SYY/FJD23IN5T2y4GbSFOKQvzNVASV0tMnX4YV8YNf6b5jcwCzrVcrGNKKgWCj8xEFf8Q==}
+  '@typescript/native-preview-darwin-x64@7.0.0-dev.20260313.1':
+    resolution: {integrity: sha512-oy7Ew1J3+YtO9QsqVGkncQ8bCwVPxNk8nSO2q1sHLccyYq0f4eDaZTlJ+u9Ynry548NwNucLh9wE+DWfWhzU3Q==}
     cpu: [x64]
     os: [darwin]
 
-  '@typescript/native-preview-linux-arm64@7.0.0-dev.20260312.1':
-    resolution: {integrity: sha512-xwoMywagcvx9F2ocM+ybeg7eH9PHDpx1FBGOrloL1/xkGC4BCrn/RcaAe0AhzXzoJfHHmg7Sz9VzYmTR4N1Kqw==}
+  '@typescript/native-preview-linux-arm64@7.0.0-dev.20260313.1':
+    resolution: {integrity: sha512-KkbAweTnBpmQ8wCGHjrLzPX+FuwhSrVERNqyGPaq/267Sxt0UwbIO3rZduXlq5UUln1+/z7uT/BNJiuoFW3iLw==}
     cpu: [arm64]
     os: [linux]
 
-  '@typescript/native-preview-linux-arm@7.0.0-dev.20260312.1':
-    resolution: {integrity: sha512-/nAOhSLTxMJfHY+2cKdUxi2wYadf3g1GtC3VzgPfZMNxA28dJ8x75T26aSLaFYluh7cCSAwuGesCImijQDS2Lw==}
+  '@typescript/native-preview-linux-arm@7.0.0-dev.20260313.1':
+    resolution: {integrity: sha512-IAx0ajfEiL1tJg1N6+/nHXJKebNe72yanY2N5bicwIB3t2BmydnrEPG+/OFVqc+prfJngxSx/61mvkXScZePzg==}
     cpu: [arm]
     os: [linux]
 
-  '@typescript/native-preview-linux-x64@7.0.0-dev.20260312.1':
-    resolution: {integrity: sha512-vZs0LLpZw50Ac0TCmF9ND7KphJBhOfp9fxLhC+hFWaUU1iCQRjv1MtvroitF5OJKb21qFPJxkU+kfhlCRxLfqg==}
+  '@typescript/native-preview-linux-x64@7.0.0-dev.20260313.1':
+    resolution: {integrity: sha512-9LCNgXVNoArHlMuL6yFKJxSdshiiadTfW/pU4tz4Vbg+Dg9La1VE9mLlBdijy5ZIg4nsOFpR8JTDURcA1RoHXw==}
     cpu: [x64]
     os: [linux]
 
-  '@typescript/native-preview-win32-arm64@7.0.0-dev.20260312.1':
-    resolution: {integrity: sha512-4LY/gd9cj1xDY2nEthB7WDW4j/fIYJ9wp9H71nOLd0wNNtkfqRXWSkQEeb+RByhV+dIb/n6kWbQQMeNfk7q4VQ==}
+  '@typescript/native-preview-win32-arm64@7.0.0-dev.20260313.1':
+    resolution: {integrity: sha512-cP2y5hb2xhfEDIgxdhxhPXa/D5Lq3yj6zxVuhh9ZkUariF+ZAmF4pySlIA+7NdprgTQqvNY5Mp70cPUiYD3yUg==}
     cpu: [arm64]
     os: [win32]
 
-  '@typescript/native-preview-win32-x64@7.0.0-dev.20260312.1':
-    resolution: {integrity: sha512-EP2JPo9s9EPUwXSX83qTImlDHhgkLeBbJ2MMdj+XrfBltHAvHKktzeSS73UhP77s/TnTkJR6BTWHENKKvLRbGQ==}
+  '@typescript/native-preview-win32-x64@7.0.0-dev.20260313.1':
+    resolution: {integrity: sha512-8KDfi7U1enFo4z6F0qe4Rd5QzBhk+4cwpZtOGAT9lgyR4pF/mo8zQd0t+Hlkj6d87W057RP8lgCGTGfclGWxUg==}
     cpu: [x64]
     os: [win32]
 
-  '@typescript/native-preview@7.0.0-dev.20260312.1':
-    resolution: {integrity: sha512-FwhlXG/yG0d7b2UmooBYyszLMpICRYdYGE6v65ZlMnH7cWKQyyFpMFgH9suRf3Np4QCbN+7qisj+F23kQOidVw==}
+  '@typescript/native-preview@7.0.0-dev.20260313.1':
+    resolution: {integrity: sha512-x+ZrFAEq+c7bF4Ml8+abYZ9vW6mzu22fmcPbDcBmUl/4uGFCYXXww0FS3+me9MfdSOCAPtqcZtwApx1RQO2X/w==}
     hasBin: true
 
   '@typespec/ts-http-runtime@0.3.3':
@@ -3919,6 +3765,9 @@ packages:
   axios@1.13.5:
     resolution: {integrity: sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==}
 
+  axios@1.13.6:
+    resolution: {integrity: sha512-ChTCHMouEe2kn713WHbQGcuYrr6fXTBiu460OTwWrWob16g1bXn4vtz07Ope7ewMozJAnEquLk5lWQWtBig9DQ==}
+
   b4a@1.8.0:
     resolution: {integrity: sha512-qRuSmNSkGQaHwNbM7J78Wwy+ghLEYF1zNrSeMxj4Kgw6y33O3mXcQ6Ie9fRvfU/YnxWkOchPXbaLb73TkIsfdg==}
     peerDependencies:
@@ -4607,8 +4456,8 @@ packages:
     resolution: {integrity: sha512-7yAQpD2UMJzLi1Dqv7qFYnPbaPx7ZfFK6PiIxQ4PfkGPyNyl2Ugx+a/umUonmKqjhM4DnfbMvdX6otXq83soQQ==}
     engines: {node: ^12.20 || >= 14.13}
 
-  file-type@21.3.1:
-    resolution: {integrity: sha512-SrzXX46I/zsRDjTb82eucsGg0ODq2NpGDp4HcsFKApPy8P8vACjpJRDoGGMfEzhFC0ry61ajd7f72J3603anBA==}
+  file-type@21.3.2:
+    resolution: {integrity: sha512-DLkUvGwep3poOV2wpzbHCOnSKGk1LzyXTv+aHFgN2VFl96wnp8YA9YjO2qPzg5PuL8q/SW9Pdi6WTkYOIh995w==}
     engines: {node: '>=20'}
 
   filename-reserved-regex@3.0.0:
@@ -5670,8 +5519,8 @@ packages:
       zod:
         optional: true
 
-  openai@6.27.0:
-    resolution: {integrity: sha512-osTKySlrdYrLYTt0zjhY8yp0JUBmWDCN+Q+QxsV4xMQnnoVFpylgKGgxwN8sSdTNw0G4y+WUXs4eCMWpyDNWZQ==}
+  openai@6.29.0:
+    resolution: {integrity: sha512-YxoArl2BItucdO89/sN6edksV0x47WUTgkgVfCgX7EuEMhbirENsgYe5oO4LTjBL9PtdKtk2WqND1gSLcTd2yw==}
     hasBin: true
     peerDependencies:
       ws: ^8.18.0
@@ -5682,6 +5531,17 @@ packages:
       zod:
         optional: true
 
+  openclaw@2026.3.13:
+    resolution: {integrity: sha512-/juSUb070Xz8K8CnShjaZQr7CVtRaW4FbR93lgr1hLepcRSbyz2PQR+V4w5giVWkea61opXWPA6Vb8dybaztFg==}
+    engines: {node: '>=22.16.0'}
+    hasBin: true
+    peerDependencies:
+      '@napi-rs/canvas': ^0.1.89
+      node-llama-cpp: 3.16.2
+    peerDependenciesMeta:
+      node-llama-cpp:
+        optional: true
+
   opus-decoder@0.7.11:
     resolution: {integrity: sha512-+e+Jz3vGQLxRTBHs8YJQPRPc1Tr+/aC6coV/DlZylriA29BdHQAYXhvNRKtjftof17OFng0+P4wsFIqQu3a48A==}
 
@@ -6656,8 +6516,8 @@ packages:
   undici-types@7.18.2:
     resolution: {integrity: sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==}
 
-  undici@7.24.0:
-    resolution: {integrity: sha512-jxytwMHhsbdpBXxLAcuu0fzlQeXCNnWdDyRHpvWsUl8vd98UwYdl9YTyn8/HcpcJPC3pwUveefsa3zTxyD/ERg==}
+  undici@7.24.1:
+    resolution: {integrity: sha512-5xoBibbmnjlcR3jdqtY2Lnx7WbrD/tHlT01TmvqZUFVc9Q1w4+j5hbnapTqbcXITMH1ovjq/W7BkqBilHiVAaA==}
     engines: {node: '>=20.18.1'}
 
   unist-util-is@6.0.1:
@@ -7032,7 +6892,7 @@ snapshots:
       '@aws-crypto/sha256-js': 5.2.0
       '@aws-crypto/supports-web-crypto': 5.2.0
       '@aws-crypto/util': 5.2.0
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/types': 3.973.6
       '@aws-sdk/util-locate-window': 3.965.5
       '@smithy/util-utf8': 2.3.0
       tslib: 2.8.1
@@ -7040,7 +6900,7 @@ snapshots:
   '@aws-crypto/sha256-js@5.2.0':
     dependencies:
       '@aws-crypto/util': 5.2.0
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/types': 3.973.6
       tslib: 2.8.1
 
   '@aws-crypto/supports-web-crypto@5.2.0':
@@ -7057,70 +6917,70 @@ snapshots:
     dependencies:
       '@aws-crypto/sha256-browser': 5.2.0
       '@aws-crypto/sha256-js': 5.2.0
-      '@aws-sdk/core': 3.973.18
-      '@aws-sdk/credential-provider-node': 3.972.18
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/credential-provider-node': 3.972.21
       '@aws-sdk/eventstream-handler-node': 3.972.10
       '@aws-sdk/middleware-eventstream': 3.972.7
-      '@aws-sdk/middleware-host-header': 3.972.7
-      '@aws-sdk/middleware-logger': 3.972.7
-      '@aws-sdk/middleware-recursion-detection': 3.972.7
-      '@aws-sdk/middleware-user-agent': 3.972.19
+      '@aws-sdk/middleware-host-header': 3.972.8
+      '@aws-sdk/middleware-logger': 3.972.8
+      '@aws-sdk/middleware-recursion-detection': 3.972.8
+      '@aws-sdk/middleware-user-agent': 3.972.21
       '@aws-sdk/middleware-websocket': 3.972.12
-      '@aws-sdk/region-config-resolver': 3.972.7
+      '@aws-sdk/region-config-resolver': 3.972.8
       '@aws-sdk/token-providers': 3.1004.0
-      '@aws-sdk/types': 3.973.5
-      '@aws-sdk/util-endpoints': 3.996.4
-      '@aws-sdk/util-user-agent-browser': 3.972.7
-      '@aws-sdk/util-user-agent-node': 3.973.4
-      '@smithy/config-resolver': 4.4.10
-      '@smithy/core': 3.23.9
+      '@aws-sdk/types': 3.973.6
+      '@aws-sdk/util-endpoints': 3.996.5
+      '@aws-sdk/util-user-agent-browser': 3.972.8
+      '@aws-sdk/util-user-agent-node': 3.973.7
+      '@smithy/config-resolver': 4.4.11
+      '@smithy/core': 3.23.11
       '@smithy/eventstream-serde-browser': 4.2.11
       '@smithy/eventstream-serde-config-resolver': 4.3.11
       '@smithy/eventstream-serde-node': 4.2.11
-      '@smithy/fetch-http-handler': 5.3.13
-      '@smithy/hash-node': 4.2.11
-      '@smithy/invalid-dependency': 4.2.11
-      '@smithy/middleware-content-length': 4.2.11
-      '@smithy/middleware-endpoint': 4.4.23
-      '@smithy/middleware-retry': 4.4.40
-      '@smithy/middleware-serde': 4.2.12
-      '@smithy/middleware-stack': 4.2.11
-      '@smithy/node-config-provider': 4.3.11
-      '@smithy/node-http-handler': 4.4.14
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/smithy-client': 4.12.3
-      '@smithy/types': 4.13.0
-      '@smithy/url-parser': 4.2.11
+      '@smithy/fetch-http-handler': 5.3.15
+      '@smithy/hash-node': 4.2.12
+      '@smithy/invalid-dependency': 4.2.12
+      '@smithy/middleware-content-length': 4.2.12
+      '@smithy/middleware-endpoint': 4.4.25
+      '@smithy/middleware-retry': 4.4.42
+      '@smithy/middleware-serde': 4.2.14
+      '@smithy/middleware-stack': 4.2.12
+      '@smithy/node-config-provider': 4.3.12
+      '@smithy/node-http-handler': 4.4.16
+      '@smithy/protocol-http': 5.3.12
+      '@smithy/smithy-client': 4.12.5
+      '@smithy/types': 4.13.1
+      '@smithy/url-parser': 4.2.12
       '@smithy/util-base64': 4.3.2
       '@smithy/util-body-length-browser': 4.2.2
       '@smithy/util-body-length-node': 4.2.3
-      '@smithy/util-defaults-mode-browser': 4.3.39
-      '@smithy/util-defaults-mode-node': 4.2.42
-      '@smithy/util-endpoints': 3.3.2
-      '@smithy/util-middleware': 4.2.11
-      '@smithy/util-retry': 4.2.11
-      '@smithy/util-stream': 4.5.17
+      '@smithy/util-defaults-mode-browser': 4.3.41
+      '@smithy/util-defaults-mode-node': 4.2.44
+      '@smithy/util-endpoints': 3.3.3
+      '@smithy/util-middleware': 4.2.12
+      '@smithy/util-retry': 4.2.12
+      '@smithy/util-stream': 4.5.19
       '@smithy/util-utf8': 4.2.2
       tslib: 2.8.1
     transitivePeerDependencies:
       - aws-crt
 
-  '@aws-sdk/client-bedrock@3.1008.0':
+  '@aws-sdk/client-bedrock@3.1009.0':
     dependencies:
       '@aws-crypto/sha256-browser': 5.2.0
       '@aws-crypto/sha256-js': 5.2.0
-      '@aws-sdk/core': 3.973.19
-      '@aws-sdk/credential-provider-node': 3.972.20
-      '@aws-sdk/middleware-host-header': 3.972.7
-      '@aws-sdk/middleware-logger': 3.972.7
-      '@aws-sdk/middleware-recursion-detection': 3.972.7
-      '@aws-sdk/middleware-user-agent': 3.972.20
-      '@aws-sdk/region-config-resolver': 3.972.7
-      '@aws-sdk/token-providers': 3.1008.0
-      '@aws-sdk/types': 3.973.5
-      '@aws-sdk/util-endpoints': 3.996.4
-      '@aws-sdk/util-user-agent-browser': 3.972.7
-      '@aws-sdk/util-user-agent-node': 3.973.6
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/credential-provider-node': 3.972.21
+      '@aws-sdk/middleware-host-header': 3.972.8
+      '@aws-sdk/middleware-logger': 3.972.8
+      '@aws-sdk/middleware-recursion-detection': 3.972.8
+      '@aws-sdk/middleware-user-agent': 3.972.21
+      '@aws-sdk/region-config-resolver': 3.972.8
+      '@aws-sdk/token-providers': 3.1009.0
+      '@aws-sdk/types': 3.973.6
+      '@aws-sdk/util-endpoints': 3.996.5
+      '@aws-sdk/util-user-agent-browser': 3.972.8
+      '@aws-sdk/util-user-agent-node': 3.973.7
       '@smithy/config-resolver': 4.4.11
       '@smithy/core': 3.23.11
       '@smithy/fetch-http-handler': 5.3.15
@@ -7226,26 +7086,10 @@ snapshots:
       '@smithy/util-utf8': 4.2.1
       tslib: 2.8.1
 
-  '@aws-sdk/core@3.973.18':
+  '@aws-sdk/core@3.973.20':
     dependencies:
-      '@aws-sdk/types': 3.973.5
-      '@aws-sdk/xml-builder': 3.972.10
-      '@smithy/core': 3.23.9
-      '@smithy/node-config-provider': 4.3.11
-      '@smithy/property-provider': 4.2.11
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/signature-v4': 5.3.11
-      '@smithy/smithy-client': 4.12.3
-      '@smithy/types': 4.13.0
-      '@smithy/util-base64': 4.3.2
-      '@smithy/util-middleware': 4.2.11
-      '@smithy/util-utf8': 4.2.2
-      tslib: 2.8.1
-
-  '@aws-sdk/core@3.973.19':
-    dependencies:
-      '@aws-sdk/types': 3.973.5
-      '@aws-sdk/xml-builder': 3.972.10
+      '@aws-sdk/types': 3.973.6
+      '@aws-sdk/xml-builder': 3.972.11
       '@smithy/core': 3.23.11
       '@smithy/node-config-provider': 4.3.12
       '@smithy/property-provider': 4.2.12
@@ -7271,18 +7115,10 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@aws-sdk/credential-provider-env@3.972.16':
+  '@aws-sdk/credential-provider-env@3.972.18':
     dependencies:
-      '@aws-sdk/core': 3.973.18
-      '@aws-sdk/types': 3.973.5
-      '@smithy/property-provider': 4.2.11
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
-  '@aws-sdk/credential-provider-env@3.972.17':
-    dependencies:
-      '@aws-sdk/core': 3.973.19
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/types': 3.973.6
       '@smithy/property-provider': 4.2.12
       '@smithy/types': 4.13.1
       tslib: 2.8.1
@@ -7300,23 +7136,10 @@ snapshots:
       '@smithy/util-stream': 4.5.15
       tslib: 2.8.1
 
-  '@aws-sdk/credential-provider-http@3.972.18':
+  '@aws-sdk/credential-provider-http@3.972.20':
     dependencies:
-      '@aws-sdk/core': 3.973.18
-      '@aws-sdk/types': 3.973.5
-      '@smithy/fetch-http-handler': 5.3.13
-      '@smithy/node-http-handler': 4.4.14
-      '@smithy/property-provider': 4.2.11
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/smithy-client': 4.12.3
-      '@smithy/types': 4.13.0
-      '@smithy/util-stream': 4.5.17
-      tslib: 2.8.1
-
-  '@aws-sdk/credential-provider-http@3.972.19':
-    dependencies:
-      '@aws-sdk/core': 3.973.19
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/types': 3.973.6
       '@smithy/fetch-http-handler': 5.3.15
       '@smithy/node-http-handler': 4.4.16
       '@smithy/property-provider': 4.2.12
@@ -7345,36 +7168,17 @@ snapshots:
     transitivePeerDependencies:
       - aws-crt
 
-  '@aws-sdk/credential-provider-ini@3.972.17':
+  '@aws-sdk/credential-provider-ini@3.972.20':
     dependencies:
-      '@aws-sdk/core': 3.973.18
-      '@aws-sdk/credential-provider-env': 3.972.16
-      '@aws-sdk/credential-provider-http': 3.972.18
-      '@aws-sdk/credential-provider-login': 3.972.17
-      '@aws-sdk/credential-provider-process': 3.972.16
-      '@aws-sdk/credential-provider-sso': 3.972.17
-      '@aws-sdk/credential-provider-web-identity': 3.972.17
-      '@aws-sdk/nested-clients': 3.996.7
-      '@aws-sdk/types': 3.973.5
-      '@smithy/credential-provider-imds': 4.2.11
-      '@smithy/property-provider': 4.2.11
-      '@smithy/shared-ini-file-loader': 4.4.6
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - aws-crt
-
-  '@aws-sdk/credential-provider-ini@3.972.19':
-    dependencies:
-      '@aws-sdk/core': 3.973.19
-      '@aws-sdk/credential-provider-env': 3.972.17
-      '@aws-sdk/credential-provider-http': 3.972.19
-      '@aws-sdk/credential-provider-login': 3.972.19
-      '@aws-sdk/credential-provider-process': 3.972.17
-      '@aws-sdk/credential-provider-sso': 3.972.19
-      '@aws-sdk/credential-provider-web-identity': 3.972.19
-      '@aws-sdk/nested-clients': 3.996.9
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/credential-provider-env': 3.972.18
+      '@aws-sdk/credential-provider-http': 3.972.20
+      '@aws-sdk/credential-provider-login': 3.972.20
+      '@aws-sdk/credential-provider-process': 3.972.18
+      '@aws-sdk/credential-provider-sso': 3.972.20
+      '@aws-sdk/credential-provider-web-identity': 3.972.20
+      '@aws-sdk/nested-clients': 3.996.10
+      '@aws-sdk/types': 3.973.6
       '@smithy/credential-provider-imds': 4.2.12
       '@smithy/property-provider': 4.2.12
       '@smithy/shared-ini-file-loader': 4.4.7
@@ -7396,24 +7200,11 @@ snapshots:
     transitivePeerDependencies:
       - aws-crt
 
-  '@aws-sdk/credential-provider-login@3.972.17':
+  '@aws-sdk/credential-provider-login@3.972.20':
     dependencies:
-      '@aws-sdk/core': 3.973.18
-      '@aws-sdk/nested-clients': 3.996.7
-      '@aws-sdk/types': 3.973.5
-      '@smithy/property-provider': 4.2.11
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/shared-ini-file-loader': 4.4.6
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - aws-crt
-
-  '@aws-sdk/credential-provider-login@3.972.19':
-    dependencies:
-      '@aws-sdk/core': 3.973.19
-      '@aws-sdk/nested-clients': 3.996.9
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/nested-clients': 3.996.10
+      '@aws-sdk/types': 3.973.6
       '@smithy/property-provider': 4.2.12
       '@smithy/protocol-http': 5.3.12
       '@smithy/shared-ini-file-loader': 4.4.7
@@ -7439,32 +7230,15 @@ snapshots:
     transitivePeerDependencies:
       - aws-crt
 
-  '@aws-sdk/credential-provider-node@3.972.18':
+  '@aws-sdk/credential-provider-node@3.972.21':
     dependencies:
-      '@aws-sdk/credential-provider-env': 3.972.16
-      '@aws-sdk/credential-provider-http': 3.972.18
-      '@aws-sdk/credential-provider-ini': 3.972.17
-      '@aws-sdk/credential-provider-process': 3.972.16
-      '@aws-sdk/credential-provider-sso': 3.972.17
-      '@aws-sdk/credential-provider-web-identity': 3.972.17
-      '@aws-sdk/types': 3.973.5
-      '@smithy/credential-provider-imds': 4.2.11
-      '@smithy/property-provider': 4.2.11
-      '@smithy/shared-ini-file-loader': 4.4.6
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - aws-crt
-
-  '@aws-sdk/credential-provider-node@3.972.20':
-    dependencies:
-      '@aws-sdk/credential-provider-env': 3.972.17
-      '@aws-sdk/credential-provider-http': 3.972.19
-      '@aws-sdk/credential-provider-ini': 3.972.19
-      '@aws-sdk/credential-provider-process': 3.972.17
-      '@aws-sdk/credential-provider-sso': 3.972.19
-      '@aws-sdk/credential-provider-web-identity': 3.972.19
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/credential-provider-env': 3.972.18
+      '@aws-sdk/credential-provider-http': 3.972.20
+      '@aws-sdk/credential-provider-ini': 3.972.20
+      '@aws-sdk/credential-provider-process': 3.972.18
+      '@aws-sdk/credential-provider-sso': 3.972.20
+      '@aws-sdk/credential-provider-web-identity': 3.972.20
+      '@aws-sdk/types': 3.973.6
       '@smithy/credential-provider-imds': 4.2.12
       '@smithy/property-provider': 4.2.12
       '@smithy/shared-ini-file-loader': 4.4.7
@@ -7482,19 +7256,10 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@aws-sdk/credential-provider-process@3.972.16':
+  '@aws-sdk/credential-provider-process@3.972.18':
     dependencies:
-      '@aws-sdk/core': 3.973.18
-      '@aws-sdk/types': 3.973.5
-      '@smithy/property-provider': 4.2.11
-      '@smithy/shared-ini-file-loader': 4.4.6
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
-  '@aws-sdk/credential-provider-process@3.972.17':
-    dependencies:
-      '@aws-sdk/core': 3.973.19
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/types': 3.973.6
       '@smithy/property-provider': 4.2.12
       '@smithy/shared-ini-file-loader': 4.4.7
       '@smithy/types': 4.13.1
@@ -7513,25 +7278,12 @@ snapshots:
     transitivePeerDependencies:
       - aws-crt
 
-  '@aws-sdk/credential-provider-sso@3.972.17':
+  '@aws-sdk/credential-provider-sso@3.972.20':
     dependencies:
-      '@aws-sdk/core': 3.973.18
-      '@aws-sdk/nested-clients': 3.996.7
-      '@aws-sdk/token-providers': 3.1004.0
-      '@aws-sdk/types': 3.973.5
-      '@smithy/property-provider': 4.2.11
-      '@smithy/shared-ini-file-loader': 4.4.6
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - aws-crt
-
-  '@aws-sdk/credential-provider-sso@3.972.19':
-    dependencies:
-      '@aws-sdk/core': 3.973.19
-      '@aws-sdk/nested-clients': 3.996.9
-      '@aws-sdk/token-providers': 3.1008.0
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/nested-clients': 3.996.10
+      '@aws-sdk/token-providers': 3.1009.0
+      '@aws-sdk/types': 3.973.6
       '@smithy/property-provider': 4.2.12
       '@smithy/shared-ini-file-loader': 4.4.7
       '@smithy/types': 4.13.1
@@ -7551,23 +7303,11 @@ snapshots:
     transitivePeerDependencies:
       - aws-crt
 
-  '@aws-sdk/credential-provider-web-identity@3.972.17':
+  '@aws-sdk/credential-provider-web-identity@3.972.20':
     dependencies:
-      '@aws-sdk/core': 3.973.18
-      '@aws-sdk/nested-clients': 3.996.7
-      '@aws-sdk/types': 3.973.5
-      '@smithy/property-provider': 4.2.11
-      '@smithy/shared-ini-file-loader': 4.4.6
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - aws-crt
-
-  '@aws-sdk/credential-provider-web-identity@3.972.19':
-    dependencies:
-      '@aws-sdk/core': 3.973.19
-      '@aws-sdk/nested-clients': 3.996.9
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/nested-clients': 3.996.10
+      '@aws-sdk/types': 3.973.6
       '@smithy/property-provider': 4.2.12
       '@smithy/shared-ini-file-loader': 4.4.7
       '@smithy/types': 4.13.1
@@ -7577,9 +7317,9 @@ snapshots:
 
   '@aws-sdk/eventstream-handler-node@3.972.10':
     dependencies:
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/types': 3.973.6
       '@smithy/eventstream-codec': 4.2.11
-      '@smithy/types': 4.13.0
+      '@smithy/types': 4.13.1
       tslib: 2.8.1
 
   '@aws-sdk/middleware-bucket-endpoint@3.972.6':
@@ -7594,9 +7334,9 @@ snapshots:
 
   '@aws-sdk/middleware-eventstream@3.972.7':
     dependencies:
-      '@aws-sdk/types': 3.973.5
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/types': 4.13.0
+      '@aws-sdk/types': 3.973.6
+      '@smithy/protocol-http': 5.3.12
+      '@smithy/types': 4.13.1
       tslib: 2.8.1
 
   '@aws-sdk/middleware-expect-continue@3.972.6':
@@ -7630,9 +7370,9 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@aws-sdk/middleware-host-header@3.972.7':
+  '@aws-sdk/middleware-host-header@3.972.8':
     dependencies:
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/types': 3.973.6
       '@smithy/protocol-http': 5.3.12
       '@smithy/types': 4.13.1
       tslib: 2.8.1
@@ -7649,9 +7389,9 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@aws-sdk/middleware-logger@3.972.7':
+  '@aws-sdk/middleware-logger@3.972.8':
     dependencies:
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/types': 3.973.6
       '@smithy/types': 4.13.1
       tslib: 2.8.1
 
@@ -7663,9 +7403,9 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@aws-sdk/middleware-recursion-detection@3.972.7':
+  '@aws-sdk/middleware-recursion-detection@3.972.8':
     dependencies:
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/types': 3.973.6
       '@aws/lambda-invoke-store': 0.2.4
       '@smithy/protocol-http': 5.3.12
       '@smithy/types': 4.13.1
@@ -7704,22 +7444,11 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@aws-sdk/middleware-user-agent@3.972.19':
+  '@aws-sdk/middleware-user-agent@3.972.21':
     dependencies:
-      '@aws-sdk/core': 3.973.18
-      '@aws-sdk/types': 3.973.5
-      '@aws-sdk/util-endpoints': 3.996.4
-      '@smithy/core': 3.23.9
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/types': 4.13.0
-      '@smithy/util-retry': 4.2.11
-      tslib: 2.8.1
-
-  '@aws-sdk/middleware-user-agent@3.972.20':
-    dependencies:
-      '@aws-sdk/core': 3.973.19
-      '@aws-sdk/types': 3.973.5
-      '@aws-sdk/util-endpoints': 3.996.4
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/types': 3.973.6
+      '@aws-sdk/util-endpoints': 3.996.5
       '@smithy/core': 3.23.11
       '@smithy/protocol-http': 5.3.12
       '@smithy/types': 4.13.1
@@ -7728,19 +7457,62 @@ snapshots:
 
   '@aws-sdk/middleware-websocket@3.972.12':
     dependencies:
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/types': 3.973.6
       '@aws-sdk/util-format-url': 3.972.7
       '@smithy/eventstream-codec': 4.2.11
       '@smithy/eventstream-serde-browser': 4.2.11
-      '@smithy/fetch-http-handler': 5.3.13
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/signature-v4': 5.3.11
-      '@smithy/types': 4.13.0
+      '@smithy/fetch-http-handler': 5.3.15
+      '@smithy/protocol-http': 5.3.12
+      '@smithy/signature-v4': 5.3.12
+      '@smithy/types': 4.13.1
       '@smithy/util-base64': 4.3.2
       '@smithy/util-hex-encoding': 4.2.2
       '@smithy/util-utf8': 4.2.2
       tslib: 2.8.1
 
+  '@aws-sdk/nested-clients@3.996.10':
+    dependencies:
+      '@aws-crypto/sha256-browser': 5.2.0
+      '@aws-crypto/sha256-js': 5.2.0
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/middleware-host-header': 3.972.8
+      '@aws-sdk/middleware-logger': 3.972.8
+      '@aws-sdk/middleware-recursion-detection': 3.972.8
+      '@aws-sdk/middleware-user-agent': 3.972.21
+      '@aws-sdk/region-config-resolver': 3.972.8
+      '@aws-sdk/types': 3.973.6
+      '@aws-sdk/util-endpoints': 3.996.5
+      '@aws-sdk/util-user-agent-browser': 3.972.8
+      '@aws-sdk/util-user-agent-node': 3.973.7
+      '@smithy/config-resolver': 4.4.11
+      '@smithy/core': 3.23.11
+      '@smithy/fetch-http-handler': 5.3.15
+      '@smithy/hash-node': 4.2.12
+      '@smithy/invalid-dependency': 4.2.12
+      '@smithy/middleware-content-length': 4.2.12
+      '@smithy/middleware-endpoint': 4.4.25
+      '@smithy/middleware-retry': 4.4.42
+      '@smithy/middleware-serde': 4.2.14
+      '@smithy/middleware-stack': 4.2.12
+      '@smithy/node-config-provider': 4.3.12
+      '@smithy/node-http-handler': 4.4.16
+      '@smithy/protocol-http': 5.3.12
+      '@smithy/smithy-client': 4.12.5
+      '@smithy/types': 4.13.1
+      '@smithy/url-parser': 4.2.12
+      '@smithy/util-base64': 4.3.2
+      '@smithy/util-body-length-browser': 4.2.2
+      '@smithy/util-body-length-node': 4.2.3
+      '@smithy/util-defaults-mode-browser': 4.3.41
+      '@smithy/util-defaults-mode-node': 4.2.44
+      '@smithy/util-endpoints': 3.3.3
+      '@smithy/util-middleware': 4.2.12
+      '@smithy/util-retry': 4.2.12
+      '@smithy/util-utf8': 4.2.2
+      tslib: 2.8.1
+    transitivePeerDependencies:
+      - aws-crt
+
   '@aws-sdk/nested-clients@3.996.3':
     dependencies:
       '@aws-crypto/sha256-browser': 5.2.0
@@ -7784,92 +7556,6 @@ snapshots:
     transitivePeerDependencies:
       - aws-crt
 
-  '@aws-sdk/nested-clients@3.996.7':
-    dependencies:
-      '@aws-crypto/sha256-browser': 5.2.0
-      '@aws-crypto/sha256-js': 5.2.0
-      '@aws-sdk/core': 3.973.18
-      '@aws-sdk/middleware-host-header': 3.972.7
-      '@aws-sdk/middleware-logger': 3.972.7
-      '@aws-sdk/middleware-recursion-detection': 3.972.7
-      '@aws-sdk/middleware-user-agent': 3.972.19
-      '@aws-sdk/region-config-resolver': 3.972.7
-      '@aws-sdk/types': 3.973.5
-      '@aws-sdk/util-endpoints': 3.996.4
-      '@aws-sdk/util-user-agent-browser': 3.972.7
-      '@aws-sdk/util-user-agent-node': 3.973.4
-      '@smithy/config-resolver': 4.4.10
-      '@smithy/core': 3.23.9
-      '@smithy/fetch-http-handler': 5.3.13
-      '@smithy/hash-node': 4.2.11
-      '@smithy/invalid-dependency': 4.2.11
-      '@smithy/middleware-content-length': 4.2.11
-      '@smithy/middleware-endpoint': 4.4.23
-      '@smithy/middleware-retry': 4.4.40
-      '@smithy/middleware-serde': 4.2.12
-      '@smithy/middleware-stack': 4.2.11
-      '@smithy/node-config-provider': 4.3.11
-      '@smithy/node-http-handler': 4.4.14
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/smithy-client': 4.12.3
-      '@smithy/types': 4.13.0
-      '@smithy/url-parser': 4.2.11
-      '@smithy/util-base64': 4.3.2
-      '@smithy/util-body-length-browser': 4.2.2
-      '@smithy/util-body-length-node': 4.2.3
-      '@smithy/util-defaults-mode-browser': 4.3.39
-      '@smithy/util-defaults-mode-node': 4.2.42
-      '@smithy/util-endpoints': 3.3.2
-      '@smithy/util-middleware': 4.2.11
-      '@smithy/util-retry': 4.2.11
-      '@smithy/util-utf8': 4.2.2
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - aws-crt
-
-  '@aws-sdk/nested-clients@3.996.9':
-    dependencies:
-      '@aws-crypto/sha256-browser': 5.2.0
-      '@aws-crypto/sha256-js': 5.2.0
-      '@aws-sdk/core': 3.973.19
-      '@aws-sdk/middleware-host-header': 3.972.7
-      '@aws-sdk/middleware-logger': 3.972.7
-      '@aws-sdk/middleware-recursion-detection': 3.972.7
-      '@aws-sdk/middleware-user-agent': 3.972.20
-      '@aws-sdk/region-config-resolver': 3.972.7
-      '@aws-sdk/types': 3.973.5
-      '@aws-sdk/util-endpoints': 3.996.4
-      '@aws-sdk/util-user-agent-browser': 3.972.7
-      '@aws-sdk/util-user-agent-node': 3.973.6
-      '@smithy/config-resolver': 4.4.11
-      '@smithy/core': 3.23.11
-      '@smithy/fetch-http-handler': 5.3.15
-      '@smithy/hash-node': 4.2.12
-      '@smithy/invalid-dependency': 4.2.12
-      '@smithy/middleware-content-length': 4.2.12
-      '@smithy/middleware-endpoint': 4.4.25
-      '@smithy/middleware-retry': 4.4.42
-      '@smithy/middleware-serde': 4.2.14
-      '@smithy/middleware-stack': 4.2.12
-      '@smithy/node-config-provider': 4.3.12
-      '@smithy/node-http-handler': 4.4.16
-      '@smithy/protocol-http': 5.3.12
-      '@smithy/smithy-client': 4.12.5
-      '@smithy/types': 4.13.1
-      '@smithy/url-parser': 4.2.12
-      '@smithy/util-base64': 4.3.2
-      '@smithy/util-body-length-browser': 4.2.2
-      '@smithy/util-body-length-node': 4.2.3
-      '@smithy/util-defaults-mode-browser': 4.3.41
-      '@smithy/util-defaults-mode-node': 4.2.44
-      '@smithy/util-endpoints': 3.3.3
-      '@smithy/util-middleware': 4.2.12
-      '@smithy/util-retry': 4.2.12
-      '@smithy/util-utf8': 4.2.2
-      tslib: 2.8.1
-    transitivePeerDependencies:
-      - aws-crt
-
   '@aws-sdk/region-config-resolver@3.972.6':
     dependencies:
       '@aws-sdk/types': 3.973.4
@@ -7878,12 +7564,12 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@aws-sdk/region-config-resolver@3.972.7':
+  '@aws-sdk/region-config-resolver@3.972.8':
     dependencies:
-      '@aws-sdk/types': 3.973.5
-      '@smithy/config-resolver': 4.4.10
-      '@smithy/node-config-provider': 4.3.11
-      '@smithy/types': 4.13.0
+      '@aws-sdk/types': 3.973.6
+      '@smithy/config-resolver': 4.4.11
+      '@smithy/node-config-provider': 4.3.12
+      '@smithy/types': 4.13.1
       tslib: 2.8.1
 
   '@aws-sdk/s3-request-presigner@3.1000.0':
@@ -7908,21 +7594,21 @@ snapshots:
 
   '@aws-sdk/token-providers@3.1004.0':
     dependencies:
-      '@aws-sdk/core': 3.973.18
-      '@aws-sdk/nested-clients': 3.996.7
-      '@aws-sdk/types': 3.973.5
-      '@smithy/property-provider': 4.2.11
-      '@smithy/shared-ini-file-loader': 4.4.6
-      '@smithy/types': 4.13.0
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/nested-clients': 3.996.10
+      '@aws-sdk/types': 3.973.6
+      '@smithy/property-provider': 4.2.12
+      '@smithy/shared-ini-file-loader': 4.4.7
+      '@smithy/types': 4.13.1
       tslib: 2.8.1
     transitivePeerDependencies:
       - aws-crt
 
-  '@aws-sdk/token-providers@3.1008.0':
+  '@aws-sdk/token-providers@3.1009.0':
     dependencies:
-      '@aws-sdk/core': 3.973.19
-      '@aws-sdk/nested-clients': 3.996.9
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/core': 3.973.20
+      '@aws-sdk/nested-clients': 3.996.10
+      '@aws-sdk/types': 3.973.6
       '@smithy/property-provider': 4.2.12
       '@smithy/shared-ini-file-loader': 4.4.7
       '@smithy/types': 4.13.1
@@ -7952,6 +7638,11 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
+  '@aws-sdk/types@3.973.6':
+    dependencies:
+      '@smithy/types': 4.13.1
+      tslib: 2.8.1
+
   '@aws-sdk/util-arn-parser@3.972.2':
     dependencies:
       tslib: 2.8.1
@@ -7964,9 +7655,9 @@ snapshots:
       '@smithy/util-endpoints': 3.3.1
       tslib: 2.8.1
 
-  '@aws-sdk/util-endpoints@3.996.4':
+  '@aws-sdk/util-endpoints@3.996.5':
     dependencies:
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/types': 3.973.6
       '@smithy/types': 4.13.1
       '@smithy/url-parser': 4.2.12
       '@smithy/util-endpoints': 3.3.3
@@ -7981,9 +7672,9 @@ snapshots:
 
   '@aws-sdk/util-format-url@3.972.7':
     dependencies:
-      '@aws-sdk/types': 3.973.5
-      '@smithy/querystring-builder': 4.2.11
-      '@smithy/types': 4.13.0
+      '@aws-sdk/types': 3.973.6
+      '@smithy/querystring-builder': 4.2.12
+      '@smithy/types': 4.13.1
       tslib: 2.8.1
 
   '@aws-sdk/util-locate-window@3.965.4':
@@ -8001,9 +7692,9 @@ snapshots:
       bowser: 2.14.1
       tslib: 2.8.1
 
-  '@aws-sdk/util-user-agent-browser@3.972.7':
+  '@aws-sdk/util-user-agent-browser@3.972.8':
     dependencies:
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/types': 3.973.6
       '@smithy/types': 4.13.1
       bowser: 2.14.1
       tslib: 2.8.1
@@ -8016,26 +7707,18 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@aws-sdk/util-user-agent-node@3.973.4':
+  '@aws-sdk/util-user-agent-node@3.973.7':
     dependencies:
-      '@aws-sdk/middleware-user-agent': 3.972.19
-      '@aws-sdk/types': 3.973.5
-      '@smithy/node-config-provider': 4.3.11
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
-  '@aws-sdk/util-user-agent-node@3.973.6':
-    dependencies:
-      '@aws-sdk/middleware-user-agent': 3.972.20
-      '@aws-sdk/types': 3.973.5
+      '@aws-sdk/middleware-user-agent': 3.972.21
+      '@aws-sdk/types': 3.973.6
       '@smithy/node-config-provider': 4.3.12
       '@smithy/types': 4.13.1
       '@smithy/util-config-provider': 4.2.2
       tslib: 2.8.1
 
-  '@aws-sdk/xml-builder@3.972.10':
+  '@aws-sdk/xml-builder@3.972.11':
     dependencies:
-      '@smithy/types': 4.13.0
+      '@smithy/types': 4.13.1
       fast-xml-parser: 5.3.8
       tslib: 2.8.1
 
@@ -8817,9 +8500,9 @@ snapshots:
       std-env: 3.10.0
       yoctocolors: 2.1.2
 
-  '@mariozechner/pi-agent-core@0.57.1(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)':
+  '@mariozechner/pi-agent-core@0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)':
     dependencies:
-      '@mariozechner/pi-ai': 0.57.1(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
+      '@mariozechner/pi-ai': 0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
     transitivePeerDependencies:
       - '@modelcontextprotocol/sdk'
       - aws-crt
@@ -8829,7 +8512,7 @@ snapshots:
       - ws
       - zod
 
-  '@mariozechner/pi-ai@0.57.1(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)':
+  '@mariozechner/pi-ai@0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)':
     dependencies:
       '@anthropic-ai/sdk': 0.73.0(zod@4.3.6)
       '@aws-sdk/client-bedrock-runtime': 3.1004.0
@@ -8842,7 +8525,7 @@ snapshots:
       openai: 6.26.0(ws@8.19.0)(zod@4.3.6)
       partial-json: 0.1.7
       proxy-agent: 6.5.0
-      undici: 7.24.0
+      undici: 7.24.1
       zod-to-json-schema: 3.25.1(zod@4.3.6)
     transitivePeerDependencies:
       - '@modelcontextprotocol/sdk'
@@ -8853,18 +8536,18 @@ snapshots:
       - ws
       - zod
 
-  '@mariozechner/pi-coding-agent@0.57.1(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)':
+  '@mariozechner/pi-coding-agent@0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)':
     dependencies:
       '@mariozechner/jiti': 2.6.5
-      '@mariozechner/pi-agent-core': 0.57.1(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
-      '@mariozechner/pi-ai': 0.57.1(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
-      '@mariozechner/pi-tui': 0.57.1
+      '@mariozechner/pi-agent-core': 0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
+      '@mariozechner/pi-ai': 0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
+      '@mariozechner/pi-tui': 0.58.0
       '@silvia-odwyer/photon-node': 0.3.4
       chalk: 5.6.2
       cli-highlight: 2.1.11
       diff: 8.0.3
       extract-zip: 2.0.1
-      file-type: 21.3.1
+      file-type: 21.3.2
       glob: 13.0.6
       hosted-git-info: 9.0.2
       ignore: 7.0.5
@@ -8872,7 +8555,7 @@ snapshots:
       minimatch: 10.2.4
       proper-lockfile: 4.1.2
       strip-ansi: 7.2.0
-      undici: 7.24.0
+      undici: 7.24.1
       yaml: 2.8.2
     optionalDependencies:
       '@mariozechner/clipboard': 0.3.2
@@ -8885,7 +8568,7 @@ snapshots:
       - ws
       - zod
 
-  '@mariozechner/pi-tui@0.57.1':
+  '@mariozechner/pi-tui@0.58.0':
     dependencies:
       '@types/mime-types': 2.1.4
       chalk: 5.6.2
@@ -9595,10 +9278,9 @@ snapshots:
   '@oxlint/binding-win32-x64-msvc@1.55.0':
     optional: true
 
-  '@pierre/diffs@1.0.11(react-dom@19.2.4(react@19.2.4))(react@19.2.4)':
+  '@pierre/diffs@1.1.0(react-dom@19.2.4(react@19.2.4))(react@19.2.4)':
     dependencies:
-      '@shikijs/core': 3.23.0
-      '@shikijs/engine-javascript': 3.23.0
+      '@pierre/theme': 0.0.22
       '@shikijs/transformers': 3.23.0
       diff: 8.0.3
       hast-util-to-html: 9.0.5
@@ -9607,6 +9289,8 @@ snapshots:
       react-dom: 19.2.4(react@19.2.4)
       shiki: 3.23.0
 
+  '@pierre/theme@0.0.22': {}
+
   '@pinojs/redact@0.4.0': {}
 
   '@pkgjs/parseargs@0.11.0':
@@ -9792,7 +9476,7 @@ snapshots:
       '@slack/oauth': 3.0.4
       '@slack/socket-mode': 2.0.5
       '@slack/types': 2.20.0
-      '@slack/web-api': 7.14.1
+      '@slack/web-api': 7.15.0
       '@types/express': 5.0.6
       axios: 1.13.5
       express: 5.2.1
@@ -9809,10 +9493,14 @@ snapshots:
     dependencies:
       '@types/node': 25.5.0
 
+  '@slack/logger@4.0.1':
+    dependencies:
+      '@types/node': 25.5.0
+
   '@slack/oauth@3.0.4':
     dependencies:
       '@slack/logger': 4.0.0
-      '@slack/web-api': 7.14.1
+      '@slack/web-api': 7.15.0
       '@types/jsonwebtoken': 9.0.10
       '@types/node': 25.5.0
       jsonwebtoken: 9.0.3
@@ -9822,7 +9510,7 @@ snapshots:
   '@slack/socket-mode@2.0.5':
     dependencies:
       '@slack/logger': 4.0.0
-      '@slack/web-api': 7.14.1
+      '@slack/web-api': 7.15.0
       '@types/node': 25.5.0
       '@types/ws': 8.18.1
       eventemitter3: 5.0.4
@@ -9834,13 +9522,15 @@ snapshots:
 
   '@slack/types@2.20.0': {}
 
-  '@slack/web-api@7.14.1':
+  '@slack/types@2.20.1': {}
+
+  '@slack/web-api@7.15.0':
     dependencies:
-      '@slack/logger': 4.0.0
-      '@slack/types': 2.20.0
+      '@slack/logger': 4.0.1
+      '@slack/types': 2.20.1
       '@types/node': 25.5.0
       '@types/retry': 0.12.0
-      axios: 1.13.5
+      axios: 1.13.6
       eventemitter3: 5.0.4
       form-data: 2.5.4
       is-electron: 2.2.2
@@ -9856,11 +9546,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/abort-controller@4.2.11':
-    dependencies:
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/abort-controller@4.2.12':
     dependencies:
       '@smithy/types': 4.13.1
@@ -9875,15 +9560,6 @@ snapshots:
     dependencies:
       tslib: 2.8.1
 
-  '@smithy/config-resolver@4.4.10':
-    dependencies:
-      '@smithy/node-config-provider': 4.3.11
-      '@smithy/types': 4.13.0
-      '@smithy/util-config-provider': 4.2.2
-      '@smithy/util-endpoints': 3.3.2
-      '@smithy/util-middleware': 4.2.11
-      tslib: 2.8.1
-
   '@smithy/config-resolver@4.4.11':
     dependencies:
       '@smithy/node-config-provider': 4.3.12
@@ -9928,19 +9604,6 @@ snapshots:
       '@smithy/uuid': 1.1.1
       tslib: 2.8.1
 
-  '@smithy/core@3.23.9':
-    dependencies:
-      '@smithy/middleware-serde': 4.2.12
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/types': 4.13.0
-      '@smithy/util-base64': 4.3.2
-      '@smithy/util-body-length-browser': 4.2.2
-      '@smithy/util-middleware': 4.2.11
-      '@smithy/util-stream': 4.5.17
-      '@smithy/util-utf8': 4.2.2
-      '@smithy/uuid': 1.1.2
-      tslib: 2.8.1
-
   '@smithy/credential-provider-imds@4.2.10':
     dependencies:
       '@smithy/node-config-provider': 4.3.10
@@ -9949,14 +9612,6 @@ snapshots:
       '@smithy/url-parser': 4.2.10
       tslib: 2.8.1
 
-  '@smithy/credential-provider-imds@4.2.11':
-    dependencies:
-      '@smithy/node-config-provider': 4.3.11
-      '@smithy/property-provider': 4.2.11
-      '@smithy/types': 4.13.0
-      '@smithy/url-parser': 4.2.11
-      tslib: 2.8.1
-
   '@smithy/credential-provider-imds@4.2.12':
     dependencies:
       '@smithy/node-config-provider': 4.3.12
@@ -9975,7 +9630,7 @@ snapshots:
   '@smithy/eventstream-codec@4.2.11':
     dependencies:
       '@aws-crypto/crc32': 5.2.0
-      '@smithy/types': 4.13.0
+      '@smithy/types': 4.13.1
       '@smithy/util-hex-encoding': 4.2.2
       tslib: 2.8.1
 
@@ -9988,7 +9643,7 @@ snapshots:
   '@smithy/eventstream-serde-browser@4.2.11':
     dependencies:
       '@smithy/eventstream-serde-universal': 4.2.11
-      '@smithy/types': 4.13.0
+      '@smithy/types': 4.13.1
       tslib: 2.8.1
 
   '@smithy/eventstream-serde-config-resolver@4.3.10':
@@ -9998,7 +9653,7 @@ snapshots:
 
   '@smithy/eventstream-serde-config-resolver@4.3.11':
     dependencies:
-      '@smithy/types': 4.13.0
+      '@smithy/types': 4.13.1
       tslib: 2.8.1
 
   '@smithy/eventstream-serde-node@4.2.10':
@@ -10010,7 +9665,7 @@ snapshots:
   '@smithy/eventstream-serde-node@4.2.11':
     dependencies:
       '@smithy/eventstream-serde-universal': 4.2.11
-      '@smithy/types': 4.13.0
+      '@smithy/types': 4.13.1
       tslib: 2.8.1
 
   '@smithy/eventstream-serde-universal@4.2.10':
@@ -10022,7 +9677,7 @@ snapshots:
   '@smithy/eventstream-serde-universal@4.2.11':
     dependencies:
       '@smithy/eventstream-codec': 4.2.11
-      '@smithy/types': 4.13.0
+      '@smithy/types': 4.13.1
       tslib: 2.8.1
 
   '@smithy/fetch-http-handler@5.3.11':
@@ -10033,14 +9688,6 @@ snapshots:
       '@smithy/util-base64': 4.3.1
       tslib: 2.8.1
 
-  '@smithy/fetch-http-handler@5.3.13':
-    dependencies:
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/querystring-builder': 4.2.11
-      '@smithy/types': 4.13.0
-      '@smithy/util-base64': 4.3.2
-      tslib: 2.8.1
-
   '@smithy/fetch-http-handler@5.3.15':
     dependencies:
       '@smithy/protocol-http': 5.3.12
@@ -10063,13 +9710,6 @@ snapshots:
       '@smithy/util-utf8': 4.2.1
       tslib: 2.8.1
 
-  '@smithy/hash-node@4.2.11':
-    dependencies:
-      '@smithy/types': 4.13.0
-      '@smithy/util-buffer-from': 4.2.2
-      '@smithy/util-utf8': 4.2.2
-      tslib: 2.8.1
-
   '@smithy/hash-node@4.2.12':
     dependencies:
       '@smithy/types': 4.13.1
@@ -10088,11 +9728,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/invalid-dependency@4.2.11':
-    dependencies:
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/invalid-dependency@4.2.12':
     dependencies:
       '@smithy/types': 4.13.1
@@ -10122,12 +9757,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/middleware-content-length@4.2.11':
-    dependencies:
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/middleware-content-length@4.2.12':
     dependencies:
       '@smithy/protocol-http': 5.3.12
@@ -10145,17 +9774,6 @@ snapshots:
       '@smithy/util-middleware': 4.2.10
       tslib: 2.8.1
 
-  '@smithy/middleware-endpoint@4.4.23':
-    dependencies:
-      '@smithy/core': 3.23.9
-      '@smithy/middleware-serde': 4.2.12
-      '@smithy/node-config-provider': 4.3.11
-      '@smithy/shared-ini-file-loader': 4.4.6
-      '@smithy/types': 4.13.0
-      '@smithy/url-parser': 4.2.11
-      '@smithy/util-middleware': 4.2.11
-      tslib: 2.8.1
-
   '@smithy/middleware-endpoint@4.4.25':
     dependencies:
       '@smithy/core': 3.23.11
@@ -10179,18 +9797,6 @@ snapshots:
       '@smithy/uuid': 1.1.1
       tslib: 2.8.1
 
-  '@smithy/middleware-retry@4.4.40':
-    dependencies:
-      '@smithy/node-config-provider': 4.3.11
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/service-error-classification': 4.2.11
-      '@smithy/smithy-client': 4.12.3
-      '@smithy/types': 4.13.0
-      '@smithy/util-middleware': 4.2.11
-      '@smithy/util-retry': 4.2.11
-      '@smithy/uuid': 1.1.2
-      tslib: 2.8.1
-
   '@smithy/middleware-retry@4.4.42':
     dependencies:
       '@smithy/node-config-provider': 4.3.12
@@ -10209,12 +9815,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/middleware-serde@4.2.12':
-    dependencies:
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/middleware-serde@4.2.14':
     dependencies:
       '@smithy/core': 3.23.11
@@ -10227,11 +9827,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/middleware-stack@4.2.11':
-    dependencies:
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/middleware-stack@4.2.12':
     dependencies:
       '@smithy/types': 4.13.1
@@ -10244,13 +9839,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/node-config-provider@4.3.11':
-    dependencies:
-      '@smithy/property-provider': 4.2.11
-      '@smithy/shared-ini-file-loader': 4.4.6
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/node-config-provider@4.3.12':
     dependencies:
       '@smithy/property-provider': 4.2.12
@@ -10266,14 +9854,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/node-http-handler@4.4.14':
-    dependencies:
-      '@smithy/abort-controller': 4.2.11
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/querystring-builder': 4.2.11
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/node-http-handler@4.4.16':
     dependencies:
       '@smithy/abort-controller': 4.2.12
@@ -10287,11 +9867,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/property-provider@4.2.11':
-    dependencies:
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/property-provider@4.2.12':
     dependencies:
       '@smithy/types': 4.13.1
@@ -10302,11 +9877,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/protocol-http@5.3.11':
-    dependencies:
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/protocol-http@5.3.12':
     dependencies:
       '@smithy/types': 4.13.1
@@ -10318,12 +9888,6 @@ snapshots:
       '@smithy/util-uri-escape': 4.2.1
       tslib: 2.8.1
 
-  '@smithy/querystring-builder@4.2.11':
-    dependencies:
-      '@smithy/types': 4.13.0
-      '@smithy/util-uri-escape': 4.2.2
-      tslib: 2.8.1
-
   '@smithy/querystring-builder@4.2.12':
     dependencies:
       '@smithy/types': 4.13.1
@@ -10335,11 +9899,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/querystring-parser@4.2.11':
-    dependencies:
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/querystring-parser@4.2.12':
     dependencies:
       '@smithy/types': 4.13.1
@@ -10349,10 +9908,6 @@ snapshots:
     dependencies:
       '@smithy/types': 4.13.0
 
-  '@smithy/service-error-classification@4.2.11':
-    dependencies:
-      '@smithy/types': 4.13.0
-
   '@smithy/service-error-classification@4.2.12':
     dependencies:
       '@smithy/types': 4.13.1
@@ -10362,11 +9917,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/shared-ini-file-loader@4.4.6':
-    dependencies:
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/shared-ini-file-loader@4.4.7':
     dependencies:
       '@smithy/types': 4.13.1
@@ -10383,17 +9933,6 @@ snapshots:
       '@smithy/util-utf8': 4.2.1
       tslib: 2.8.1
 
-  '@smithy/signature-v4@5.3.11':
-    dependencies:
-      '@smithy/is-array-buffer': 4.2.2
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/types': 4.13.0
-      '@smithy/util-hex-encoding': 4.2.2
-      '@smithy/util-middleware': 4.2.11
-      '@smithy/util-uri-escape': 4.2.2
-      '@smithy/util-utf8': 4.2.2
-      tslib: 2.8.1
-
   '@smithy/signature-v4@5.3.12':
     dependencies:
       '@smithy/is-array-buffer': 4.2.2
@@ -10415,16 +9954,6 @@ snapshots:
       '@smithy/util-stream': 4.5.15
       tslib: 2.8.1
 
-  '@smithy/smithy-client@4.12.3':
-    dependencies:
-      '@smithy/core': 3.23.9
-      '@smithy/middleware-endpoint': 4.4.23
-      '@smithy/middleware-stack': 4.2.11
-      '@smithy/protocol-http': 5.3.11
-      '@smithy/types': 4.13.0
-      '@smithy/util-stream': 4.5.17
-      tslib: 2.8.1
-
   '@smithy/smithy-client@4.12.5':
     dependencies:
       '@smithy/core': 3.23.11
@@ -10449,12 +9978,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/url-parser@4.2.11':
-    dependencies:
-      '@smithy/querystring-parser': 4.2.11
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/url-parser@4.2.12':
     dependencies:
       '@smithy/querystring-parser': 4.2.12
@@ -10519,13 +10042,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/util-defaults-mode-browser@4.3.39':
-    dependencies:
-      '@smithy/property-provider': 4.2.11
-      '@smithy/smithy-client': 4.12.3
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/util-defaults-mode-browser@4.3.41':
     dependencies:
       '@smithy/property-provider': 4.2.12
@@ -10543,16 +10059,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/util-defaults-mode-node@4.2.42':
-    dependencies:
-      '@smithy/config-resolver': 4.4.10
-      '@smithy/credential-provider-imds': 4.2.11
-      '@smithy/node-config-provider': 4.3.11
-      '@smithy/property-provider': 4.2.11
-      '@smithy/smithy-client': 4.12.3
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/util-defaults-mode-node@4.2.44':
     dependencies:
       '@smithy/config-resolver': 4.4.11
@@ -10569,12 +10075,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/util-endpoints@3.3.2':
-    dependencies:
-      '@smithy/node-config-provider': 4.3.11
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/util-endpoints@3.3.3':
     dependencies:
       '@smithy/node-config-provider': 4.3.12
@@ -10594,11 +10094,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/util-middleware@4.2.11':
-    dependencies:
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/util-middleware@4.2.12':
     dependencies:
       '@smithy/types': 4.13.1
@@ -10610,12 +10105,6 @@ snapshots:
       '@smithy/types': 4.13.0
       tslib: 2.8.1
 
-  '@smithy/util-retry@4.2.11':
-    dependencies:
-      '@smithy/service-error-classification': 4.2.11
-      '@smithy/types': 4.13.0
-      tslib: 2.8.1
-
   '@smithy/util-retry@4.2.12':
     dependencies:
       '@smithy/service-error-classification': 4.2.12
@@ -10633,17 +10122,6 @@ snapshots:
       '@smithy/util-utf8': 4.2.1
       tslib: 2.8.1
 
-  '@smithy/util-stream@4.5.17':
-    dependencies:
-      '@smithy/fetch-http-handler': 5.3.13
-      '@smithy/node-http-handler': 4.4.14
-      '@smithy/types': 4.13.0
-      '@smithy/util-base64': 4.3.2
-      '@smithy/util-buffer-from': 4.2.2
-      '@smithy/util-hex-encoding': 4.2.2
-      '@smithy/util-utf8': 4.2.2
-      tslib: 2.8.1
-
   '@smithy/util-stream@4.5.19':
     dependencies:
       '@smithy/fetch-http-handler': 5.3.15
@@ -11033,36 +10511,36 @@ snapshots:
       '@types/node': 25.5.0
     optional: true
 
-  '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260312.1':
+  '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260313.1':
     optional: true
 
-  '@typescript/native-preview-darwin-x64@7.0.0-dev.20260312.1':
+  '@typescript/native-preview-darwin-x64@7.0.0-dev.20260313.1':
     optional: true
 
-  '@typescript/native-preview-linux-arm64@7.0.0-dev.20260312.1':
+  '@typescript/native-preview-linux-arm64@7.0.0-dev.20260313.1':
     optional: true
 
-  '@typescript/native-preview-linux-arm@7.0.0-dev.20260312.1':
+  '@typescript/native-preview-linux-arm@7.0.0-dev.20260313.1':
     optional: true
 
-  '@typescript/native-preview-linux-x64@7.0.0-dev.20260312.1':
+  '@typescript/native-preview-linux-x64@7.0.0-dev.20260313.1':
     optional: true
 
-  '@typescript/native-preview-win32-arm64@7.0.0-dev.20260312.1':
+  '@typescript/native-preview-win32-arm64@7.0.0-dev.20260313.1':
     optional: true
 
-  '@typescript/native-preview-win32-x64@7.0.0-dev.20260312.1':
+  '@typescript/native-preview-win32-x64@7.0.0-dev.20260313.1':
     optional: true
 
-  '@typescript/native-preview@7.0.0-dev.20260312.1':
+  '@typescript/native-preview@7.0.0-dev.20260313.1':
     optionalDependencies:
-      '@typescript/native-preview-darwin-arm64': 7.0.0-dev.20260312.1
-      '@typescript/native-preview-darwin-x64': 7.0.0-dev.20260312.1
-      '@typescript/native-preview-linux-arm': 7.0.0-dev.20260312.1
-      '@typescript/native-preview-linux-arm64': 7.0.0-dev.20260312.1
-      '@typescript/native-preview-linux-x64': 7.0.0-dev.20260312.1
-      '@typescript/native-preview-win32-arm64': 7.0.0-dev.20260312.1
-      '@typescript/native-preview-win32-x64': 7.0.0-dev.20260312.1
+      '@typescript/native-preview-darwin-arm64': 7.0.0-dev.20260313.1
+      '@typescript/native-preview-darwin-x64': 7.0.0-dev.20260313.1
+      '@typescript/native-preview-linux-arm': 7.0.0-dev.20260313.1
+      '@typescript/native-preview-linux-arm64': 7.0.0-dev.20260313.1
+      '@typescript/native-preview-linux-x64': 7.0.0-dev.20260313.1
+      '@typescript/native-preview-win32-arm64': 7.0.0-dev.20260313.1
+      '@typescript/native-preview-win32-x64': 7.0.0-dev.20260313.1
 
   '@typespec/ts-http-runtime@0.3.3':
     dependencies:
@@ -11417,6 +10895,14 @@ snapshots:
     transitivePeerDependencies:
       - debug
 
+  axios@1.13.6:
+    dependencies:
+      follow-redirects: 1.15.11
+      form-data: 2.5.4
+      proxy-from-env: 1.1.0
+    transitivePeerDependencies:
+      - debug
+
   b4a@1.8.0: {}
 
   babel-walk@3.0.0-canary-5:
@@ -12133,7 +11619,7 @@ snapshots:
       node-domexception: '@nolyfill/domexception@1.0.28'
       web-streams-polyfill: 3.3.3
 
-  file-type@21.3.1:
+  file-type@21.3.2:
     dependencies:
       '@tokenizer/inflate': 0.4.1
       strtok3: 10.3.4
@@ -12700,7 +12186,7 @@ snapshots:
       saxes: 6.0.0
       symbol-tree: 3.2.4
       tough-cookie: 4.1.3
-      undici: 7.24.0
+      undici: 7.24.1
       w3c-xmlserializer: 5.0.0
       webidl-conversions: 8.0.1
       whatwg-mimetype: 5.0.0
@@ -13113,7 +12599,7 @@ snapshots:
       '@tokenizer/token': 0.3.0
       content-type: 1.0.5
       debug: 4.4.3
-      file-type: 21.3.1
+      file-type: 21.3.2
       media-typer: 1.1.0
       strtok3: 10.3.4
       token-types: 6.1.2
@@ -13326,11 +12812,88 @@ snapshots:
       ws: 8.19.0
       zod: 4.3.6
 
-  openai@6.27.0(ws@8.19.0)(zod@4.3.6):
+  openai@6.29.0(ws@8.19.0)(zod@4.3.6):
     optionalDependencies:
       ws: 8.19.0
       zod: 4.3.6
 
+  openclaw@2026.3.13(@discordjs/opus@0.10.0)(@napi-rs/canvas@0.1.95)(@types/express@5.0.6)(audio-decode@2.2.3)(node-llama-cpp@3.16.2(typescript@5.9.3)):
+    dependencies:
+      '@agentclientprotocol/sdk': 0.16.1(zod@4.3.6)
+      '@aws-sdk/client-bedrock': 3.1009.0
+      '@buape/carbon': 0.0.0-beta-20260216184201(@discordjs/opus@0.10.0)(hono@4.12.7)(opusscript@0.1.1)
+      '@clack/prompts': 1.1.0
+      '@discordjs/voice': 0.19.1(@discordjs/opus@0.10.0)(opusscript@0.1.1)
+      '@grammyjs/runner': 2.0.3(grammy@1.41.1)
+      '@grammyjs/transformer-throttler': 1.2.1(grammy@1.41.1)
+      '@homebridge/ciao': 1.3.5
+      '@larksuiteoapi/node-sdk': 1.59.0
+      '@line/bot-sdk': 10.6.0
+      '@lydell/node-pty': 1.2.0-beta.3
+      '@mariozechner/pi-agent-core': 0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
+      '@mariozechner/pi-ai': 0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
+      '@mariozechner/pi-coding-agent': 0.58.0(@modelcontextprotocol/sdk@1.27.1(zod@4.3.6))(ws@8.19.0)(zod@4.3.6)
+      '@mariozechner/pi-tui': 0.58.0
+      '@modelcontextprotocol/sdk': 1.27.1(zod@4.3.6)
+      '@mozilla/readability': 0.6.0
+      '@napi-rs/canvas': 0.1.95
+      '@sinclair/typebox': 0.34.48
+      '@slack/bolt': 4.6.0(@types/express@5.0.6)
+      '@slack/web-api': 7.15.0
+      '@whiskeysockets/baileys': 7.0.0-rc.9(audio-decode@2.2.3)(sharp@0.34.5)
+      ajv: 8.18.0
+      chalk: 5.6.2
+      chokidar: 5.0.0
+      cli-highlight: 2.1.11
+      commander: 14.0.3
+      croner: 10.0.1
+      discord-api-types: 0.38.42
+      dotenv: 17.3.1
+      express: 5.2.1
+      file-type: 21.3.2
+      grammy: 1.41.1
+      hono: 4.12.7
+      https-proxy-agent: 8.0.0
+      ipaddr.js: 2.3.0
+      jiti: 2.6.1
+      json5: 2.2.3
+      jszip: 3.10.1
+      linkedom: 0.18.12
+      long: 5.3.2
+      markdown-it: 14.1.1
+      node-edge-tts: 1.2.10
+      opusscript: 0.1.1
+      osc-progress: 0.3.0
+      pdfjs-dist: 5.5.207
+      playwright-core: 1.58.2
+      qrcode-terminal: 0.12.0
+      sharp: 0.34.5
+      sqlite-vec: 0.1.7-alpha.2
+      tar: 7.5.11
+      tslog: 4.10.2
+      undici: 7.24.1
+      ws: 8.19.0
+      yaml: 2.8.2
+      zod: 4.3.6
+    optionalDependencies:
+      node-llama-cpp: 3.16.2(typescript@5.9.3)
+    transitivePeerDependencies:
+      - '@cfworker/json-schema'
+      - '@discordjs/opus'
+      - '@types/express'
+      - audio-decode
+      - aws-crt
+      - bufferutil
+      - canvas
+      - debug
+      - encoding
+      - ffmpeg-static
+      - jimp
+      - link-preview-js
+      - node-opus
+      - supports-color
+      - utf-8-validate
+
   opus-decoder@0.7.11:
     dependencies:
       '@wasm-audio-decoders/common': 9.0.7
@@ -13867,7 +13430,7 @@ snapshots:
     dependencies:
       glob: 10.5.0
 
-  rolldown-plugin-dts@0.22.5(@typescript/native-preview@7.0.0-dev.20260312.1)(rolldown@1.0.0-rc.9)(typescript@5.9.3):
+  rolldown-plugin-dts@0.22.5(@typescript/native-preview@7.0.0-dev.20260313.1)(rolldown@1.0.0-rc.9)(typescript@5.9.3):
     dependencies:
       '@babel/generator': 8.0.0-rc.2
       '@babel/helper-validator-identifier': 8.0.0-rc.2
@@ -13880,7 +13443,7 @@ snapshots:
       obug: 2.1.1
       rolldown: 1.0.0-rc.9
     optionalDependencies:
-      '@typescript/native-preview': 7.0.0-dev.20260312.1
+      '@typescript/native-preview': 7.0.0-dev.20260313.1
       typescript: 5.9.3
     transitivePeerDependencies:
       - oxc-resolver
@@ -14406,7 +13969,7 @@ snapshots:
 
   ts-algebra@2.0.0: {}
 
-  tsdown@0.21.2(@typescript/native-preview@7.0.0-dev.20260312.1)(typescript@5.9.3):
+  tsdown@0.21.2(@typescript/native-preview@7.0.0-dev.20260313.1)(typescript@5.9.3):
     dependencies:
       ansis: 4.2.0
       cac: 7.0.0
@@ -14417,7 +13980,7 @@ snapshots:
       obug: 2.1.1
       picomatch: 4.0.3
       rolldown: 1.0.0-rc.9
-      rolldown-plugin-dts: 0.22.5(@typescript/native-preview@7.0.0-dev.20260312.1)(rolldown@1.0.0-rc.9)(typescript@5.9.3)
+      rolldown-plugin-dts: 0.22.5(@typescript/native-preview@7.0.0-dev.20260313.1)(rolldown@1.0.0-rc.9)(typescript@5.9.3)
       semver: 7.7.4
       tinyexec: 1.0.2
       tinyglobby: 0.2.15
@@ -14486,7 +14049,7 @@ snapshots:
 
   undici-types@7.18.2: {}
 
-  undici@7.24.0: {}
+  undici@7.24.1: {}
 
   unist-util-is@6.0.1:
     dependencies:
diff --git a/scripts/bundle-a2ui.sh b/scripts/bundle-a2ui.sh
index 3888e4cf5cb..4d53c40ca4c 100755
--- a/scripts/bundle-a2ui.sh
+++ b/scripts/bundle-a2ui.sh
@@ -88,6 +88,9 @@ fi
 pnpm -s exec tsc -p "$A2UI_RENDERER_DIR/tsconfig.json"
 if command -v rolldown >/dev/null 2>&1 && rolldown --version >/dev/null 2>&1; then
   rolldown -c "$A2UI_APP_DIR/rolldown.config.mjs"
+elif [[ -f "$ROOT_DIR/node_modules/.pnpm/rolldown@1.0.0-rc.9/node_modules/rolldown/bin/cli.mjs" ]]; then
+  node "$ROOT_DIR/node_modules/.pnpm/rolldown@1.0.0-rc.9/node_modules/rolldown/bin/cli.mjs" \
+    -c "$A2UI_APP_DIR/rolldown.config.mjs"
 else
   pnpm -s dlx rolldown -c "$A2UI_APP_DIR/rolldown.config.mjs"
 fi
diff --git a/scripts/check-ingress-agent-owner-context.mjs b/scripts/check-ingress-agent-owner-context.mjs
index 20b99536e1d..da9da112c6b 100644
--- a/scripts/check-ingress-agent-owner-context.mjs
+++ b/scripts/check-ingress-agent-owner-context.mjs
@@ -5,9 +5,9 @@ import ts from "typescript";
 import { runCallsiteGuard } from "./lib/callsite-guard.mjs";
 import { runAsScript, toLine, unwrapExpression } from "./lib/ts-guard-utils.mjs";
 
-const sourceRoots = ["src/gateway", "src/discord/voice"];
+const sourceRoots = ["src/gateway", "extensions/discord/src/voice"];
 const enforcedFiles = new Set([
-  "src/discord/voice/manager.ts",
+  "extensions/discord/src/voice/manager.ts",
   "src/gateway/openai-http.ts",
   "src/gateway/openresponses-http.ts",
   "src/gateway/server-methods/agent.ts",
diff --git a/scripts/check-no-raw-channel-fetch.mjs b/scripts/check-no-raw-channel-fetch.mjs
index ecd8a2f64f8..788585b8c54 100644
--- a/scripts/check-no-raw-channel-fetch.mjs
+++ b/scripts/check-no-raw-channel-fetch.mjs
@@ -4,18 +4,7 @@ import ts from "typescript";
 import { runCallsiteGuard } from "./lib/callsite-guard.mjs";
 import { runAsScript, toLine, unwrapExpression } from "./lib/ts-guard-utils.mjs";
 
-const sourceRoots = [
-  "src/telegram",
-  "src/discord",
-  "src/slack",
-  "src/signal",
-  "src/imessage",
-  "src/web",
-  "src/channels",
-  "src/routing",
-  "src/line",
-  "extensions",
-];
+const sourceRoots = ["src/channels", "src/routing", "src/line", "extensions"];
 
 // Temporary allowlist for legacy callsites. New raw fetch callsites in channel/plugin runtime
 // code should be rejected and migrated to fetchWithSsrFGuard/shared channel helpers.
@@ -54,14 +43,14 @@ const allowedRawFetchCallsites = new Set([
   "extensions/voice-call/src/providers/telnyx.ts:61",
   "extensions/voice-call/src/providers/tts-openai.ts:111",
   "extensions/voice-call/src/providers/twilio/api.ts:23",
-  "src/channels/telegram/api.ts:8",
-  "src/discord/send.outbound.ts:347",
-  "src/discord/voice-message.ts:264",
-  "src/discord/voice-message.ts:308",
-  "src/slack/monitor/media.ts:64",
-  "src/slack/monitor/media.ts:68",
-  "src/slack/monitor/media.ts:82",
-  "src/slack/monitor/media.ts:108",
+  "extensions/telegram/src/api-fetch.ts:8",
+  "extensions/discord/src/send.outbound.ts:363",
+  "extensions/discord/src/voice-message.ts:268",
+  "extensions/discord/src/voice-message.ts:312",
+  "extensions/slack/src/monitor/media.ts:55",
+  "extensions/slack/src/monitor/media.ts:59",
+  "extensions/slack/src/monitor/media.ts:73",
+  "extensions/slack/src/monitor/media.ts:99",
 ]);
 
 function isRawFetchCall(expression) {
diff --git a/scripts/dev/test-device-pair-telegram.ts b/scripts/dev/test-device-pair-telegram.ts
index e33a060ecd4..e39e0a378cd 100644
--- a/scripts/dev/test-device-pair-telegram.ts
+++ b/scripts/dev/test-device-pair-telegram.ts
@@ -1,7 +1,7 @@
+import { sendMessageTelegram } from "../../extensions/telegram/src/send.js";
 import { loadConfig } from "../../src/config/config.js";
 import { matchPluginCommand, executePluginCommand } from "../../src/plugins/commands.js";
 import { loadOpenClawPlugins } from "../../src/plugins/loader.js";
-import { sendMessageTelegram } from "../../src/telegram/send.js";
 
 const args = process.argv.slice(2);
 const getArg = (flag: string, short?: string) => {
diff --git a/scripts/docker/cleanup-smoke/Dockerfile b/scripts/docker/cleanup-smoke/Dockerfile
index 19b89f3ac62..07a2334aa41 100644
--- a/scripts/docker/cleanup-smoke/Dockerfile
+++ b/scripts/docker/cleanup-smoke/Dockerfile
@@ -5,6 +5,7 @@ FROM node:24-bookworm-slim@sha256:b4687aef2571c632a1953695ce4d61d6462a7eda471fe6
 RUN --mount=type=cache,id=openclaw-cleanup-smoke-apt-cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,id=openclaw-cleanup-smoke-apt-lists,target=/var/lib/apt,sharing=locked \
   apt-get update \
+  && DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --no-install-recommends \
   && apt-get install -y --no-install-recommends \
     bash \
     ca-certificates \
diff --git a/scripts/docker/install-sh-e2e/Dockerfile b/scripts/docker/install-sh-e2e/Dockerfile
index 539f18d295d..e8069bf1e77 100644
--- a/scripts/docker/install-sh-e2e/Dockerfile
+++ b/scripts/docker/install-sh-e2e/Dockerfile
@@ -5,6 +5,7 @@ FROM node:24-bookworm-slim@sha256:b4687aef2571c632a1953695ce4d61d6462a7eda471fe6
 RUN --mount=type=cache,id=openclaw-install-sh-e2e-apt-cache,target=/var/cache/apt,sharing=locked \
   --mount=type=cache,id=openclaw-install-sh-e2e-apt-lists,target=/var/lib/apt,sharing=locked \
   apt-get update \
+  && DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --no-install-recommends \
   && apt-get install -y --no-install-recommends \
     bash \
     ca-certificates \
diff --git a/scripts/docker/install-sh-nonroot/Dockerfile b/scripts/docker/install-sh-nonroot/Dockerfile
index d0c085d9f69..8e29715dbfb 100644
--- a/scripts/docker/install-sh-nonroot/Dockerfile
+++ b/scripts/docker/install-sh-nonroot/Dockerfile
@@ -11,6 +11,7 @@ RUN --mount=type=cache,id=openclaw-install-sh-nonroot-apt-cache,target=/var/cach
     if [ "${attempt}" -eq 3 ]; then exit 1; fi; \
     sleep 3; \
   done; \
+  DEBIAN_FRONTEND=noninteractive apt-get -o Acquire::Retries=3 upgrade -y --no-install-recommends; \
   apt-get -o Acquire::Retries=3 install -y --no-install-recommends \
     bash \
     ca-certificates \
diff --git a/scripts/docker/install-sh-smoke/Dockerfile b/scripts/docker/install-sh-smoke/Dockerfile
index 899af551aeb..ee37a24d6ce 100644
--- a/scripts/docker/install-sh-smoke/Dockerfile
+++ b/scripts/docker/install-sh-smoke/Dockerfile
@@ -11,6 +11,7 @@ RUN --mount=type=cache,id=openclaw-install-sh-smoke-apt-cache,target=/var/cache/
     if [ "${attempt}" -eq 3 ]; then exit 1; fi; \
     sleep 3; \
   done; \
+  DEBIAN_FRONTEND=noninteractive apt-get -o Acquire::Retries=3 upgrade -y --no-install-recommends; \
   apt-get -o Acquire::Retries=3 install -y --no-install-recommends \
     bash \
     ca-certificates \
diff --git a/scripts/e2e/parallels-linux-smoke.sh b/scripts/e2e/parallels-linux-smoke.sh
new file mode 100644
index 00000000000..a3e3f96bb56
--- /dev/null
+++ b/scripts/e2e/parallels-linux-smoke.sh
@@ -0,0 +1,673 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+VM_NAME="Ubuntu 24.04.3 ARM64"
+SNAPSHOT_HINT="fresh"
+MODE="both"
+OPENAI_API_KEY_ENV="OPENAI_API_KEY"
+INSTALL_URL="https://openclaw.ai/install.sh"
+HOST_PORT="18427"
+HOST_PORT_EXPLICIT=0
+HOST_IP=""
+LATEST_VERSION=""
+INSTALL_VERSION=""
+TARGET_PACKAGE_SPEC=""
+JSON_OUTPUT=0
+KEEP_SERVER=0
+
+MAIN_TGZ_DIR="$(mktemp -d)"
+MAIN_TGZ_PATH=""
+SERVER_PID=""
+RUN_DIR="$(mktemp -d /tmp/openclaw-parallels-linux.XXXXXX)"
+BUILD_LOCK_DIR="${TMPDIR:-/tmp}/openclaw-parallels-build.lock"
+
+TIMEOUT_SNAPSHOT_S=180
+TIMEOUT_BOOTSTRAP_S=600
+TIMEOUT_INSTALL_S=1200
+TIMEOUT_VERIFY_S=90
+TIMEOUT_ONBOARD_S=180
+TIMEOUT_AGENT_S=180
+
+FRESH_MAIN_STATUS="skip"
+FRESH_MAIN_VERSION="skip"
+FRESH_GATEWAY_STATUS="skip"
+FRESH_AGENT_STATUS="skip"
+UPGRADE_STATUS="skip"
+LATEST_INSTALLED_VERSION="skip"
+UPGRADE_MAIN_VERSION="skip"
+UPGRADE_GATEWAY_STATUS="skip"
+UPGRADE_AGENT_STATUS="skip"
+DAEMON_STATUS="systemd-user-unavailable"
+
+say() {
+  printf '==> %s\n' "$*"
+}
+
+artifact_label() {
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    printf 'target package tgz'
+    return
+  fi
+  printf 'current main tgz'
+}
+
+warn() {
+  printf 'warn: %s\n' "$*" >&2
+}
+
+die() {
+  printf 'error: %s\n' "$*" >&2
+  exit 1
+}
+
+cleanup() {
+  if [[ -n "${SERVER_PID:-}" ]]; then
+    kill "$SERVER_PID" >/dev/null 2>&1 || true
+  fi
+  rm -rf "$MAIN_TGZ_DIR"
+}
+
+trap cleanup EXIT
+
+usage() {
+  cat <<'EOF'
+Usage: bash scripts/e2e/parallels-linux-smoke.sh [options]
+
+Options:
+  --vm <name>                Parallels VM name. Default: "Ubuntu 24.04.3 ARM64"
+  --snapshot-hint <name>     Snapshot name substring/fuzzy match. Default: "fresh"
+  --mode <fresh|upgrade|both>
+  --openai-api-key-env <var> Host env var name for OpenAI API key. Default: OPENAI_API_KEY
+  --install-url <url>        Installer URL for latest release. Default: https://openclaw.ai/install.sh
+  --host-port <port>         Host HTTP port for current-main tgz. Default: 18427
+  --host-ip <ip>             Override Parallels host IP.
+  --latest-version <ver>     Override npm latest version lookup.
+  --install-version <ver>    Pin site-installer version/dist-tag for the baseline lane.
+  --target-package-spec <npm-spec>
+                             Install this npm package tarball instead of packing current main.
+                             Example: openclaw@2026.3.13-beta.1
+  --keep-server              Leave temp host HTTP server running.
+  --json                     Print machine-readable JSON summary.
+  -h, --help                 Show help.
+EOF
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --vm)
+      VM_NAME="$2"
+      shift 2
+      ;;
+    --snapshot-hint)
+      SNAPSHOT_HINT="$2"
+      shift 2
+      ;;
+    --mode)
+      MODE="$2"
+      shift 2
+      ;;
+    --openai-api-key-env)
+      OPENAI_API_KEY_ENV="$2"
+      shift 2
+      ;;
+    --install-url)
+      INSTALL_URL="$2"
+      shift 2
+      ;;
+    --host-port)
+      HOST_PORT="$2"
+      HOST_PORT_EXPLICIT=1
+      shift 2
+      ;;
+    --host-ip)
+      HOST_IP="$2"
+      shift 2
+      ;;
+    --latest-version)
+      LATEST_VERSION="$2"
+      shift 2
+      ;;
+    --install-version)
+      INSTALL_VERSION="$2"
+      shift 2
+      ;;
+    --target-package-spec)
+      TARGET_PACKAGE_SPEC="$2"
+      shift 2
+      ;;
+    --keep-server)
+      KEEP_SERVER=1
+      shift
+      ;;
+    --json)
+      JSON_OUTPUT=1
+      shift
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      die "unknown arg: $1"
+      ;;
+  esac
+done
+
+case "$MODE" in
+  fresh|upgrade|both) ;;
+  *)
+    die "invalid --mode: $MODE"
+    ;;
+esac
+
+OPENAI_API_KEY_VALUE="${!OPENAI_API_KEY_ENV:-}"
+[[ -n "$OPENAI_API_KEY_VALUE" ]] || die "$OPENAI_API_KEY_ENV is required"
+
+resolve_snapshot_id() {
+  local json hint
+  json="$(prlctl snapshot-list "$VM_NAME" --json)"
+  hint="$SNAPSHOT_HINT"
+  SNAPSHOT_JSON="$json" SNAPSHOT_HINT="$hint" python3 - <<'PY'
+import difflib
+import json
+import os
+import sys
+
+payload = json.loads(os.environ["SNAPSHOT_JSON"])
+hint = os.environ["SNAPSHOT_HINT"].strip().lower()
+best_id = None
+best_score = -1.0
+for snapshot_id, meta in payload.items():
+    name = str(meta.get("name", "")).strip()
+    lowered = name.lower()
+    score = 0.0
+    if lowered == hint:
+        score = 10.0
+    elif hint and hint in lowered:
+        score = 5.0 + len(hint) / max(len(lowered), 1)
+    else:
+        score = difflib.SequenceMatcher(None, hint, lowered).ratio()
+    if score > best_score:
+        best_score = score
+        best_id = snapshot_id
+if not best_id:
+    sys.exit("no snapshot matched")
+print(best_id)
+PY
+}
+
+resolve_host_ip() {
+  if [[ -n "$HOST_IP" ]]; then
+    printf '%s\n' "$HOST_IP"
+    return
+  fi
+  local detected
+  detected="$(ifconfig | awk '/inet 10\.211\./ { print $2; exit }')"
+  [[ -n "$detected" ]] || die "failed to detect Parallels host IP; pass --host-ip"
+  printf '%s\n' "$detected"
+}
+
+is_host_port_free() {
+  local port="$1"
+  python3 - "$port" <<'PY'
+import socket
+import sys
+
+sock = socket.socket()
+try:
+    sock.bind(("0.0.0.0", int(sys.argv[1])))
+except OSError:
+    raise SystemExit(1)
+finally:
+    sock.close()
+PY
+}
+
+allocate_host_port() {
+  python3 - <<'PY'
+import socket
+
+sock = socket.socket()
+sock.bind(("0.0.0.0", 0))
+print(sock.getsockname()[1])
+sock.close()
+PY
+}
+
+resolve_host_port() {
+  if is_host_port_free "$HOST_PORT"; then
+    printf '%s\n' "$HOST_PORT"
+    return
+  fi
+  if [[ "$HOST_PORT_EXPLICIT" -eq 1 ]]; then
+    die "host port $HOST_PORT already in use"
+  fi
+  HOST_PORT="$(allocate_host_port)"
+  warn "host port 18427 busy; using $HOST_PORT"
+  printf '%s\n' "$HOST_PORT"
+}
+
+guest_exec() {
+  prlctl exec "$VM_NAME" "$@"
+}
+
+restore_snapshot() {
+  local snapshot_id="$1"
+  say "Restore snapshot $SNAPSHOT_HINT ($snapshot_id)"
+  prlctl snapshot-switch "$VM_NAME" --id "$snapshot_id" >/dev/null
+}
+
+bootstrap_guest() {
+  guest_exec apt-get -o Acquire::Check-Date=false update
+  guest_exec apt-get install -y curl ca-certificates
+}
+
+resolve_latest_version() {
+  if [[ -n "$LATEST_VERSION" ]]; then
+    printf '%s\n' "$LATEST_VERSION"
+    return
+  fi
+  npm view openclaw version --userconfig "$(mktemp)"
+}
+
+current_build_commit() {
+  python3 - <<'PY'
+import json
+import pathlib
+
+path = pathlib.Path("dist/build-info.json")
+if not path.exists():
+    print("")
+else:
+    print(json.loads(path.read_text()).get("commit", ""))
+PY
+}
+
+acquire_build_lock() {
+  local owner_pid=""
+  while ! mkdir "$BUILD_LOCK_DIR" 2>/dev/null; do
+    if [[ -f "$BUILD_LOCK_DIR/pid" ]]; then
+      owner_pid="$(cat "$BUILD_LOCK_DIR/pid" 2>/dev/null || true)"
+      if [[ -n "$owner_pid" ]] && ! kill -0 "$owner_pid" >/dev/null 2>&1; then
+        warn "Removing stale Parallels build lock"
+        rm -rf "$BUILD_LOCK_DIR"
+        continue
+      fi
+    fi
+    sleep 1
+  done
+  printf '%s\n' "$$" >"$BUILD_LOCK_DIR/pid"
+}
+
+release_build_lock() {
+  if [[ -d "$BUILD_LOCK_DIR" ]]; then
+    rm -rf "$BUILD_LOCK_DIR"
+  fi
+}
+
+ensure_current_build() {
+  local head build_commit
+  acquire_build_lock
+  head="$(git rev-parse HEAD)"
+  build_commit="$(current_build_commit)"
+  if [[ "$build_commit" == "$head" ]]; then
+    release_build_lock
+    return
+  fi
+  say "Build dist for current head"
+  pnpm build
+  build_commit="$(current_build_commit)"
+  release_build_lock
+  [[ "$build_commit" == "$head" ]] || die "dist/build-info.json still does not match HEAD after build"
+}
+
+extract_package_version_from_tgz() {
+  tar -xOf "$1" package/package.json | python3 -c 'import json, sys; print(json.load(sys.stdin)["version"])'
+}
+
+pack_main_tgz() {
+  local short_head pkg
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    say "Pack target package tgz: $TARGET_PACKAGE_SPEC"
+    pkg="$(
+      npm pack "$TARGET_PACKAGE_SPEC" --ignore-scripts --json --pack-destination "$MAIN_TGZ_DIR" \
+        | python3 -c 'import json, sys; data = json.load(sys.stdin); print(data[-1]["filename"])'
+    )"
+    MAIN_TGZ_PATH="$MAIN_TGZ_DIR/$(basename "$pkg")"
+    TARGET_EXPECT_VERSION="$(extract_package_version_from_tgz "$MAIN_TGZ_PATH")"
+    say "Packed $MAIN_TGZ_PATH"
+    say "Target package version: $TARGET_EXPECT_VERSION"
+    return
+  fi
+  say "Pack current main tgz"
+  ensure_current_build
+  short_head="$(git rev-parse --short HEAD)"
+  pkg="$(
+    npm pack --ignore-scripts --json --pack-destination "$MAIN_TGZ_DIR" \
+      | python3 -c 'import json, sys; data = json.load(sys.stdin); print(data[-1]["filename"])'
+  )"
+  MAIN_TGZ_PATH="$MAIN_TGZ_DIR/openclaw-main-$short_head.tgz"
+  cp "$MAIN_TGZ_DIR/$pkg" "$MAIN_TGZ_PATH"
+  say "Packed $MAIN_TGZ_PATH"
+  tar -xOf "$MAIN_TGZ_PATH" package/dist/build-info.json
+}
+
+verify_target_version() {
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    verify_version_contains "$TARGET_EXPECT_VERSION"
+    return
+  fi
+  verify_version_contains "$(git rev-parse --short=7 HEAD)"
+}
+
+start_server() {
+  local host_ip="$1"
+  local artifact probe_url attempt
+  artifact="$(basename "$MAIN_TGZ_PATH")"
+  attempt=0
+  while :; do
+    attempt=$((attempt + 1))
+    say "Serve $(artifact_label) on $host_ip:$HOST_PORT"
+    (
+      cd "$MAIN_TGZ_DIR"
+      exec python3 -m http.server "$HOST_PORT" --bind 0.0.0.0
+    ) >/tmp/openclaw-parallels-linux-http.log 2>&1 &
+    SERVER_PID=$!
+    sleep 1
+    probe_url="http://127.0.0.1:$HOST_PORT/$artifact"
+    if kill -0 "$SERVER_PID" >/dev/null 2>&1 && curl -fsSI "$probe_url" >/dev/null 2>&1; then
+      return 0
+    fi
+    kill "$SERVER_PID" >/dev/null 2>&1 || true
+    wait "$SERVER_PID" >/dev/null 2>&1 || true
+    SERVER_PID=""
+    if [[ "$HOST_PORT_EXPLICIT" -eq 1 || $attempt -ge 3 ]]; then
+      die "failed to start reachable host HTTP server on port $HOST_PORT"
+    fi
+    HOST_PORT="$(allocate_host_port)"
+    warn "retrying host HTTP server on port $HOST_PORT"
+  done
+}
+
+install_latest_release() {
+  local version_args=()
+  if [[ -n "$INSTALL_VERSION" ]]; then
+    version_args=(--version "$INSTALL_VERSION")
+  fi
+  guest_exec curl -fsSL "$INSTALL_URL" -o /tmp/openclaw-install.sh
+  guest_exec /usr/bin/env OPENCLAW_NO_ONBOARD=1 bash /tmp/openclaw-install.sh "${version_args[@]}" --no-onboard
+  guest_exec openclaw --version
+}
+
+install_main_tgz() {
+  local host_ip="$1"
+  local temp_name="$2"
+  local tgz_url="http://$host_ip:$HOST_PORT/$(basename "$MAIN_TGZ_PATH")"
+  guest_exec curl -fsSL "$tgz_url" -o "/tmp/$temp_name"
+  guest_exec npm install -g "/tmp/$temp_name" --no-fund --no-audit
+  guest_exec openclaw --version
+}
+
+verify_version_contains() {
+  local needle="$1"
+  local version
+  version="$(guest_exec openclaw --version)"
+  printf '%s\n' "$version"
+  case "$version" in
+    *"$needle"*) ;;
+    *)
+      echo "version mismatch: expected substring $needle" >&2
+      return 1
+      ;;
+  esac
+}
+
+run_ref_onboard() {
+  guest_exec /usr/bin/env "OPENAI_API_KEY=$OPENAI_API_KEY_VALUE" openclaw onboard \
+    --non-interactive \
+    --mode local \
+    --auth-choice openai-api-key \
+    --secret-input-mode ref \
+    --gateway-port 18789 \
+    --gateway-bind loopback \
+    --skip-skills \
+    --skip-health \
+    --accept-risk \
+    --json
+}
+
+verify_local_turn() {
+  guest_exec /usr/bin/env "OPENAI_API_KEY=$OPENAI_API_KEY_VALUE" openclaw agent \
+    --local \
+    --agent main \
+    --message ping \
+    --json
+}
+
+phase_log_path() {
+  printf '%s/%s.log\n' "$RUN_DIR" "$1"
+}
+
+extract_last_version() {
+  local log_path="$1"
+  python3 - "$log_path" <<'PY'
+import pathlib
+import re
+import sys
+
+text = pathlib.Path(sys.argv[1]).read_text(errors="replace")
+matches = re.findall(r"OpenClaw [^\r\n]+ \([0-9a-f]{7,}\)", text)
+print(matches[-1] if matches else "")
+PY
+}
+
+show_log_excerpt() {
+  local log_path="$1"
+  warn "log tail: $log_path"
+  tail -n 80 "$log_path" >&2 || true
+}
+
+phase_run() {
+  local phase_id="$1"
+  local timeout_s="$2"
+  shift 2
+
+  local log_path pid start rc timed_out
+  log_path="$(phase_log_path "$phase_id")"
+  say "$phase_id"
+  start=$SECONDS
+  timed_out=0
+
+  (
+    "$@"
+  ) >"$log_path" 2>&1 &
+  pid=$!
+
+  while kill -0 "$pid" >/dev/null 2>&1; do
+    if (( SECONDS - start >= timeout_s )); then
+      timed_out=1
+      kill "$pid" >/dev/null 2>&1 || true
+      sleep 2
+      kill -9 "$pid" >/dev/null 2>&1 || true
+      break
+    fi
+    sleep 1
+  done
+
+  set +e
+  wait "$pid"
+  rc=$?
+  set -e
+
+  if (( timed_out )); then
+    warn "$phase_id timed out after ${timeout_s}s"
+    printf 'timeout after %ss\n' "$timeout_s" >>"$log_path"
+    show_log_excerpt "$log_path"
+    return 124
+  fi
+
+  if [[ $rc -ne 0 ]]; then
+    warn "$phase_id failed (rc=$rc)"
+    show_log_excerpt "$log_path"
+    return "$rc"
+  fi
+
+  return 0
+}
+
+write_summary_json() {
+  local summary_path="$RUN_DIR/summary.json"
+  python3 - "$summary_path" <<'PY'
+import json
+import os
+import sys
+
+summary = {
+    "vm": os.environ["SUMMARY_VM"],
+    "snapshotHint": os.environ["SUMMARY_SNAPSHOT_HINT"],
+    "snapshotId": os.environ["SUMMARY_SNAPSHOT_ID"],
+    "mode": os.environ["SUMMARY_MODE"],
+    "latestVersion": os.environ["SUMMARY_LATEST_VERSION"],
+    "installVersion": os.environ["SUMMARY_INSTALL_VERSION"],
+    "targetPackageSpec": os.environ["SUMMARY_TARGET_PACKAGE_SPEC"],
+    "currentHead": os.environ["SUMMARY_CURRENT_HEAD"],
+    "runDir": os.environ["SUMMARY_RUN_DIR"],
+    "daemon": os.environ["SUMMARY_DAEMON_STATUS"],
+    "freshMain": {
+        "status": os.environ["SUMMARY_FRESH_MAIN_STATUS"],
+        "version": os.environ["SUMMARY_FRESH_MAIN_VERSION"],
+        "gateway": os.environ["SUMMARY_FRESH_GATEWAY_STATUS"],
+        "agent": os.environ["SUMMARY_FRESH_AGENT_STATUS"],
+    },
+    "upgrade": {
+        "status": os.environ["SUMMARY_UPGRADE_STATUS"],
+        "latestVersionInstalled": os.environ["SUMMARY_LATEST_INSTALLED_VERSION"],
+        "mainVersion": os.environ["SUMMARY_UPGRADE_MAIN_VERSION"],
+        "gateway": os.environ["SUMMARY_UPGRADE_GATEWAY_STATUS"],
+        "agent": os.environ["SUMMARY_UPGRADE_AGENT_STATUS"],
+    },
+}
+with open(sys.argv[1], "w", encoding="utf-8") as handle:
+    json.dump(summary, handle, indent=2, sort_keys=True)
+print(sys.argv[1])
+PY
+}
+
+run_fresh_main_lane() {
+  local snapshot_id="$1"
+  local host_ip="$2"
+  phase_run "fresh.restore-snapshot" "$TIMEOUT_SNAPSHOT_S" restore_snapshot "$snapshot_id"
+  phase_run "fresh.bootstrap-guest" "$TIMEOUT_BOOTSTRAP_S" bootstrap_guest
+  phase_run "fresh.install-latest-bootstrap" "$TIMEOUT_INSTALL_S" install_latest_release
+  phase_run "fresh.install-main" "$TIMEOUT_INSTALL_S" install_main_tgz "$host_ip" "openclaw-main-fresh.tgz"
+  FRESH_MAIN_VERSION="$(extract_last_version "$(phase_log_path fresh.install-main)")"
+  phase_run "fresh.verify-main-version" "$TIMEOUT_VERIFY_S" verify_target_version
+  phase_run "fresh.onboard-ref" "$TIMEOUT_ONBOARD_S" run_ref_onboard
+  FRESH_GATEWAY_STATUS="skipped-no-detached-linux-gateway"
+  phase_run "fresh.first-local-agent-turn" "$TIMEOUT_AGENT_S" verify_local_turn
+  FRESH_AGENT_STATUS="pass"
+}
+
+run_upgrade_lane() {
+  local snapshot_id="$1"
+  local host_ip="$2"
+  phase_run "upgrade.restore-snapshot" "$TIMEOUT_SNAPSHOT_S" restore_snapshot "$snapshot_id"
+  phase_run "upgrade.bootstrap-guest" "$TIMEOUT_BOOTSTRAP_S" bootstrap_guest
+  phase_run "upgrade.install-latest" "$TIMEOUT_INSTALL_S" install_latest_release
+  LATEST_INSTALLED_VERSION="$(extract_last_version "$(phase_log_path upgrade.install-latest)")"
+  phase_run "upgrade.verify-latest-version" "$TIMEOUT_VERIFY_S" verify_version_contains "$LATEST_VERSION"
+  phase_run "upgrade.install-main" "$TIMEOUT_INSTALL_S" install_main_tgz "$host_ip" "openclaw-main-upgrade.tgz"
+  UPGRADE_MAIN_VERSION="$(extract_last_version "$(phase_log_path upgrade.install-main)")"
+  phase_run "upgrade.verify-main-version" "$TIMEOUT_VERIFY_S" verify_target_version
+  phase_run "upgrade.onboard-ref" "$TIMEOUT_ONBOARD_S" run_ref_onboard
+  UPGRADE_GATEWAY_STATUS="skipped-no-detached-linux-gateway"
+  phase_run "upgrade.first-local-agent-turn" "$TIMEOUT_AGENT_S" verify_local_turn
+  UPGRADE_AGENT_STATUS="pass"
+}
+
+SNAPSHOT_ID="$(resolve_snapshot_id)"
+LATEST_VERSION="$(resolve_latest_version)"
+HOST_IP="$(resolve_host_ip)"
+HOST_PORT="$(resolve_host_port)"
+
+say "VM: $VM_NAME"
+say "Snapshot hint: $SNAPSHOT_HINT"
+say "Latest npm version: $LATEST_VERSION"
+say "Current head: $(git rev-parse --short HEAD)"
+say "Run logs: $RUN_DIR"
+
+pack_main_tgz
+start_server "$HOST_IP"
+
+if [[ "$MODE" == "fresh" || "$MODE" == "both" ]]; then
+  set +e
+  run_fresh_main_lane "$SNAPSHOT_ID" "$HOST_IP"
+  fresh_rc=$?
+  set -e
+  if [[ $fresh_rc -eq 0 ]]; then
+    FRESH_MAIN_STATUS="pass"
+  else
+    FRESH_MAIN_STATUS="fail"
+  fi
+fi
+
+if [[ "$MODE" == "upgrade" || "$MODE" == "both" ]]; then
+  set +e
+  run_upgrade_lane "$SNAPSHOT_ID" "$HOST_IP"
+  upgrade_rc=$?
+  set -e
+  if [[ $upgrade_rc -eq 0 ]]; then
+    UPGRADE_STATUS="pass"
+  else
+    UPGRADE_STATUS="fail"
+  fi
+fi
+
+if [[ "$KEEP_SERVER" -eq 0 && -n "${SERVER_PID:-}" ]]; then
+  kill "$SERVER_PID" >/dev/null 2>&1 || true
+  SERVER_PID=""
+fi
+
+SUMMARY_JSON_PATH="$(
+  SUMMARY_VM="$VM_NAME" \
+  SUMMARY_SNAPSHOT_HINT="$SNAPSHOT_HINT" \
+  SUMMARY_SNAPSHOT_ID="$SNAPSHOT_ID" \
+  SUMMARY_MODE="$MODE" \
+  SUMMARY_LATEST_VERSION="$LATEST_VERSION" \
+  SUMMARY_INSTALL_VERSION="$INSTALL_VERSION" \
+  SUMMARY_TARGET_PACKAGE_SPEC="$TARGET_PACKAGE_SPEC" \
+  SUMMARY_CURRENT_HEAD="$(git rev-parse --short HEAD)" \
+  SUMMARY_RUN_DIR="$RUN_DIR" \
+  SUMMARY_DAEMON_STATUS="$DAEMON_STATUS" \
+  SUMMARY_FRESH_MAIN_STATUS="$FRESH_MAIN_STATUS" \
+  SUMMARY_FRESH_MAIN_VERSION="$FRESH_MAIN_VERSION" \
+  SUMMARY_FRESH_GATEWAY_STATUS="$FRESH_GATEWAY_STATUS" \
+  SUMMARY_FRESH_AGENT_STATUS="$FRESH_AGENT_STATUS" \
+  SUMMARY_UPGRADE_STATUS="$UPGRADE_STATUS" \
+  SUMMARY_LATEST_INSTALLED_VERSION="$LATEST_INSTALLED_VERSION" \
+  SUMMARY_UPGRADE_MAIN_VERSION="$UPGRADE_MAIN_VERSION" \
+  SUMMARY_UPGRADE_GATEWAY_STATUS="$UPGRADE_GATEWAY_STATUS" \
+  SUMMARY_UPGRADE_AGENT_STATUS="$UPGRADE_AGENT_STATUS" \
+  write_summary_json
+)"
+
+if [[ "$JSON_OUTPUT" -eq 1 ]]; then
+  cat "$SUMMARY_JSON_PATH"
+else
+  printf '\nSummary:\n'
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    printf '  target-package: %s\n' "$TARGET_PACKAGE_SPEC"
+  fi
+  if [[ -n "$INSTALL_VERSION" ]]; then
+    printf '  baseline-install-version: %s\n' "$INSTALL_VERSION"
+  fi
+  printf '  daemon: %s\n' "$DAEMON_STATUS"
+  printf '  fresh-main: %s (%s)\n' "$FRESH_MAIN_STATUS" "$FRESH_MAIN_VERSION"
+  printf '  latest->main: %s (%s)\n' "$UPGRADE_STATUS" "$UPGRADE_MAIN_VERSION"
+  printf '  logs: %s\n' "$RUN_DIR"
+  printf '  summary: %s\n' "$SUMMARY_JSON_PATH"
+fi
+
+if [[ "$FRESH_MAIN_STATUS" == "fail" || "$UPGRADE_STATUS" == "fail" ]]; then
+  exit 1
+fi
diff --git a/scripts/e2e/parallels-macos-smoke.sh b/scripts/e2e/parallels-macos-smoke.sh
index 8fcb0d05eae..0b790346358 100644
--- a/scripts/e2e/parallels-macos-smoke.sh
+++ b/scripts/e2e/parallels-macos-smoke.sh
@@ -12,6 +12,8 @@ HOST_PORT="18425"
 HOST_PORT_EXPLICIT=0
 HOST_IP=""
 LATEST_VERSION=""
+INSTALL_VERSION=""
+TARGET_PACKAGE_SPEC=""
 KEEP_SERVER=0
 CHECK_LATEST_REF=1
 JSON_OUTPUT=0
@@ -24,6 +26,7 @@ MAIN_TGZ_DIR="$(mktemp -d)"
 MAIN_TGZ_PATH=""
 SERVER_PID=""
 RUN_DIR="$(mktemp -d /tmp/openclaw-parallels-smoke.XXXXXX)"
+BUILD_LOCK_DIR="${TMPDIR:-/tmp}/openclaw-parallels-build.lock"
 
 TIMEOUT_INSTALL_S=900
 TIMEOUT_VERIFY_S=60
@@ -45,6 +48,14 @@ say() {
   printf '==> %s\n' "$*"
 }
 
+artifact_label() {
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    printf 'target package tgz'
+    return
+  fi
+  printf 'current main tgz'
+}
+
 warn() {
   printf 'warn: %s\n' "$*" >&2
 }
@@ -80,8 +91,8 @@ Options:
   --snapshot-hint <name>     Snapshot name substring/fuzzy match.
                              Default: "macOS 26.3.1 fresh"
   --mode <fresh|upgrade|both>
-                             fresh   = fresh snapshot -> current main tgz -> onboard smoke
-                             upgrade = fresh snapshot -> latest release -> current main tgz -> onboard smoke
+                             fresh   = fresh snapshot -> target package/current main tgz -> onboard smoke
+                             upgrade = fresh snapshot -> latest release -> target package/current main tgz -> onboard smoke
                              both    = run both lanes
   --openai-api-key-env <var> Host env var name for OpenAI API key.
                              Default: OPENAI_API_KEY
@@ -89,6 +100,10 @@ Options:
   --host-port <port>         Host HTTP port for current-main tgz. Default: 18425
   --host-ip <ip>             Override Parallels host IP.
   --latest-version <ver>     Override npm latest version lookup.
+  --install-version <ver>    Pin site-installer version/dist-tag for the baseline lane.
+  --target-package-spec <npm-spec>
+                             Install this npm package tarball instead of packing current main.
+                             Example: openclaw@2026.3.13-beta.1
   --skip-latest-ref-check    Skip the known latest-release ref-mode precheck in upgrade lane.
   --keep-server              Leave temp host HTTP server running.
   --json                     Print machine-readable JSON summary.
@@ -131,6 +146,14 @@ while [[ $# -gt 0 ]]; do
       LATEST_VERSION="$2"
       shift 2
       ;;
+    --install-version)
+      INSTALL_VERSION="$2"
+      shift 2
+      ;;
+    --target-package-spec)
+      TARGET_PACKAGE_SPEC="$2"
+      shift 2
+      ;;
     --skip-latest-ref-check)
       CHECK_LATEST_REF=0
       shift
@@ -342,12 +365,16 @@ resolve_latest_version() {
 }
 
 install_latest_release() {
-  local install_url_q
+  local install_url_q version_arg_q
   install_url_q="$(shell_quote "$INSTALL_URL")"
+  version_arg_q=""
+  if [[ -n "$INSTALL_VERSION" ]]; then
+    version_arg_q=" --version $(shell_quote "$INSTALL_VERSION")"
+  fi
   guest_current_user_sh "$(cat <<EOF
 export OPENCLAW_NO_ONBOARD=1
 curl -fsSL $install_url_q -o /tmp/openclaw-install.sh
-bash /tmp/openclaw-install.sh
+bash /tmp/openclaw-install.sh${version_arg_q}
 $GUEST_OPENCLAW_BIN --version
 EOF
 )"
@@ -369,9 +396,26 @@ verify_version_contains() {
   esac
 }
 
+extract_package_version_from_tgz() {
+  tar -xOf "$1" package/package.json | python3 -c 'import json, sys; print(json.load(sys.stdin)["version"])'
+}
+
 pack_main_tgz() {
-  say "Pack current main tgz"
   local short_head pkg
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    say "Pack target package tgz: $TARGET_PACKAGE_SPEC"
+    pkg="$(
+      npm pack "$TARGET_PACKAGE_SPEC" --ignore-scripts --json --pack-destination "$MAIN_TGZ_DIR" \
+        | python3 -c 'import json, sys; data = json.load(sys.stdin); print(data[-1]["filename"])'
+    )"
+    MAIN_TGZ_PATH="$MAIN_TGZ_DIR/$(basename "$pkg")"
+    TARGET_EXPECT_VERSION="$(extract_package_version_from_tgz "$MAIN_TGZ_PATH")"
+    say "Packed $MAIN_TGZ_PATH"
+    say "Target package version: $TARGET_EXPECT_VERSION"
+    return
+  fi
+  say "Pack current main tgz"
+  ensure_current_build
   short_head="$(git rev-parse --short HEAD)"
   pkg="$(
     npm pack --ignore-scripts --json --pack-destination "$MAIN_TGZ_DIR" \
@@ -383,9 +427,68 @@ pack_main_tgz() {
   tar -xOf "$MAIN_TGZ_PATH" package/dist/build-info.json
 }
 
+verify_target_version() {
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    verify_version_contains "$TARGET_EXPECT_VERSION"
+    return
+  fi
+  verify_version_contains "$(git rev-parse --short=7 HEAD)"
+}
+
+current_build_commit() {
+  python3 - <<'PY'
+import json
+import pathlib
+
+path = pathlib.Path("dist/build-info.json")
+if not path.exists():
+    print("")
+else:
+    print(json.loads(path.read_text()).get("commit", ""))
+PY
+}
+
+acquire_build_lock() {
+  local owner_pid=""
+  while ! mkdir "$BUILD_LOCK_DIR" 2>/dev/null; do
+    if [[ -f "$BUILD_LOCK_DIR/pid" ]]; then
+      owner_pid="$(cat "$BUILD_LOCK_DIR/pid" 2>/dev/null || true)"
+      if [[ -n "$owner_pid" ]] && ! kill -0 "$owner_pid" >/dev/null 2>&1; then
+        warn "Removing stale Parallels build lock"
+        rm -rf "$BUILD_LOCK_DIR"
+        continue
+      fi
+    fi
+    sleep 1
+  done
+  printf '%s\n' "$$" >"$BUILD_LOCK_DIR/pid"
+}
+
+release_build_lock() {
+  if [[ -d "$BUILD_LOCK_DIR" ]]; then
+    rm -rf "$BUILD_LOCK_DIR"
+  fi
+}
+
+ensure_current_build() {
+  local head build_commit
+  acquire_build_lock
+  head="$(git rev-parse HEAD)"
+  build_commit="$(current_build_commit)"
+  if [[ "$build_commit" == "$head" ]]; then
+    release_build_lock
+    return
+  fi
+  say "Build dist for current head"
+  pnpm build
+  build_commit="$(current_build_commit)"
+  release_build_lock
+  [[ "$build_commit" == "$head" ]] || die "dist/build-info.json still does not match HEAD after build"
+}
+
 start_server() {
   local host_ip="$1"
-  say "Serve current main tgz on $host_ip:$HOST_PORT"
+  say "Serve $(artifact_label) on $host_ip:$HOST_PORT"
   (
     cd "$MAIN_TGZ_DIR"
     exec python3 -m http.server "$HOST_PORT" --bind 0.0.0.0
@@ -435,6 +538,14 @@ run_ref_onboard() {
 }
 
 verify_gateway() {
+  guest_current_user_exec "$GUEST_NODE_BIN" "$GUEST_OPENCLAW_ENTRY" gateway status --deep --require-rpc
+}
+
+show_gateway_status_compat() {
+  if guest_current_user_exec "$GUEST_NODE_BIN" "$GUEST_OPENCLAW_ENTRY" gateway status --help | grep -Fq -- "--require-rpc"; then
+    guest_current_user_exec "$GUEST_NODE_BIN" "$GUEST_OPENCLAW_ENTRY" gateway status --deep --require-rpc
+    return
+  fi
   guest_current_user_exec "$GUEST_NODE_BIN" "$GUEST_OPENCLAW_ENTRY" gateway status --deep
 }
 
@@ -526,6 +637,8 @@ summary = {
     "snapshotId": os.environ["SUMMARY_SNAPSHOT_ID"],
     "mode": os.environ["SUMMARY_MODE"],
     "latestVersion": os.environ["SUMMARY_LATEST_VERSION"],
+    "installVersion": os.environ["SUMMARY_INSTALL_VERSION"],
+    "targetPackageSpec": os.environ["SUMMARY_TARGET_PACKAGE_SPEC"],
     "currentHead": os.environ["SUMMARY_CURRENT_HEAD"],
     "runDir": os.environ["SUMMARY_RUN_DIR"],
     "freshMain": {
@@ -560,7 +673,7 @@ capture_latest_ref_failure() {
   fi
   warn "Latest release ref-mode onboard failed pre-upgrade"
   set +e
-  guest_current_user_exec "$GUEST_NODE_BIN" "$GUEST_OPENCLAW_ENTRY" gateway status --deep || true
+  show_gateway_status_compat || true
   set -e
   return 1
 }
@@ -571,7 +684,7 @@ run_fresh_main_lane() {
   phase_run "fresh.restore-snapshot" "$TIMEOUT_SNAPSHOT_S" restore_snapshot "$snapshot_id"
   phase_run "fresh.install-main" "$TIMEOUT_INSTALL_S" install_main_tgz "$host_ip" "openclaw-main-fresh.tgz"
   FRESH_MAIN_VERSION="$(extract_last_version "$(phase_log_path fresh.install-main)")"
-  phase_run "fresh.verify-main-version" "$TIMEOUT_VERIFY_S" verify_version_contains "$(git rev-parse --short=7 HEAD)"
+  phase_run "fresh.verify-main-version" "$TIMEOUT_VERIFY_S" verify_target_version
   phase_run "fresh.verify-bundle-permissions" "$TIMEOUT_PERMISSION_S" verify_bundle_permissions
   phase_run "fresh.onboard-ref" "$TIMEOUT_ONBOARD_S" run_ref_onboard
   phase_run "fresh.gateway-status" "$TIMEOUT_GATEWAY_S" verify_gateway
@@ -598,7 +711,7 @@ run_upgrade_lane() {
   fi
   phase_run "upgrade.install-main" "$TIMEOUT_INSTALL_S" install_main_tgz "$host_ip" "openclaw-main-upgrade.tgz"
   UPGRADE_MAIN_VERSION="$(extract_last_version "$(phase_log_path upgrade.install-main)")"
-  phase_run "upgrade.verify-main-version" "$TIMEOUT_VERIFY_S" verify_version_contains "$(git rev-parse --short=7 HEAD)"
+  phase_run "upgrade.verify-main-version" "$TIMEOUT_VERIFY_S" verify_target_version
   phase_run "upgrade.verify-bundle-permissions" "$TIMEOUT_PERMISSION_S" verify_bundle_permissions
   phase_run "upgrade.onboard-ref" "$TIMEOUT_ONBOARD_S" run_ref_onboard
   phase_run "upgrade.gateway-status" "$TIMEOUT_GATEWAY_S" verify_gateway
@@ -660,6 +773,8 @@ SUMMARY_JSON_PATH="$(
   SUMMARY_SNAPSHOT_ID="$SNAPSHOT_ID" \
   SUMMARY_MODE="$MODE" \
   SUMMARY_LATEST_VERSION="$LATEST_VERSION" \
+  SUMMARY_INSTALL_VERSION="$INSTALL_VERSION" \
+  SUMMARY_TARGET_PACKAGE_SPEC="$TARGET_PACKAGE_SPEC" \
   SUMMARY_CURRENT_HEAD="$(git rev-parse --short HEAD)" \
   SUMMARY_RUN_DIR="$RUN_DIR" \
   SUMMARY_FRESH_MAIN_STATUS="$FRESH_MAIN_STATUS" \
@@ -679,6 +794,12 @@ if [[ "$JSON_OUTPUT" -eq 1 ]]; then
   cat "$SUMMARY_JSON_PATH"
 else
   printf '\nSummary:\n'
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    printf '  target-package: %s\n' "$TARGET_PACKAGE_SPEC"
+  fi
+  if [[ -n "$INSTALL_VERSION" ]]; then
+    printf '  baseline-install-version: %s\n' "$INSTALL_VERSION"
+  fi
   printf '  fresh-main: %s (%s)\n' "$FRESH_MAIN_STATUS" "$FRESH_MAIN_VERSION"
   printf '  latest->main precheck: %s (%s)\n' "$UPGRADE_PRECHECK_STATUS" "$LATEST_INSTALLED_VERSION"
   printf '  latest->main: %s (%s)\n' "$UPGRADE_STATUS" "$UPGRADE_MAIN_VERSION"
diff --git a/scripts/e2e/parallels-windows-smoke.sh b/scripts/e2e/parallels-windows-smoke.sh
new file mode 100644
index 00000000000..cd144511f49
--- /dev/null
+++ b/scripts/e2e/parallels-windows-smoke.sh
@@ -0,0 +1,921 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+VM_NAME="Windows 11"
+SNAPSHOT_HINT="pre-openclaw-native-e2e-2026-03-12"
+MODE="both"
+OPENAI_API_KEY_ENV="OPENAI_API_KEY"
+INSTALL_URL="https://openclaw.ai/install.ps1"
+HOST_PORT="18426"
+HOST_PORT_EXPLICIT=0
+HOST_IP=""
+LATEST_VERSION=""
+INSTALL_VERSION=""
+TARGET_PACKAGE_SPEC=""
+JSON_OUTPUT=0
+KEEP_SERVER=0
+CHECK_LATEST_REF=1
+
+MAIN_TGZ_DIR="$(mktemp -d)"
+MAIN_TGZ_PATH=""
+MINGIT_ZIP_PATH=""
+MINGIT_ZIP_NAME=""
+SERVER_PID=""
+RUN_DIR="$(mktemp -d /tmp/openclaw-parallels-windows.XXXXXX)"
+BUILD_LOCK_DIR="${TMPDIR:-/tmp}/openclaw-parallels-build.lock"
+
+TIMEOUT_SNAPSHOT_S=240
+TIMEOUT_INSTALL_S=1200
+TIMEOUT_VERIFY_S=120
+TIMEOUT_ONBOARD_S=240
+TIMEOUT_GATEWAY_S=120
+TIMEOUT_AGENT_S=180
+
+FRESH_MAIN_STATUS="skip"
+FRESH_MAIN_VERSION="skip"
+FRESH_GATEWAY_STATUS="skip"
+FRESH_AGENT_STATUS="skip"
+UPGRADE_STATUS="skip"
+UPGRADE_PRECHECK_STATUS="skip"
+LATEST_INSTALLED_VERSION="skip"
+UPGRADE_MAIN_VERSION="skip"
+UPGRADE_GATEWAY_STATUS="skip"
+UPGRADE_AGENT_STATUS="skip"
+
+say() {
+  printf '==> %s\n' "$*"
+}
+
+artifact_label() {
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    printf 'target package tgz'
+    return
+  fi
+  printf 'current main tgz'
+}
+
+warn() {
+  printf 'warn: %s\n' "$*" >&2
+}
+
+die() {
+  printf 'error: %s\n' "$*" >&2
+  exit 1
+}
+
+cleanup() {
+  if [[ -n "${SERVER_PID:-}" ]]; then
+    kill "$SERVER_PID" >/dev/null 2>&1 || true
+  fi
+  rm -rf "$MAIN_TGZ_DIR"
+}
+
+trap cleanup EXIT
+
+usage() {
+  cat <<'EOF'
+Usage: bash scripts/e2e/parallels-windows-smoke.sh [options]
+
+Options:
+  --vm <name>                Parallels VM name. Default: "Windows 11"
+  --snapshot-hint <name>     Snapshot name substring/fuzzy match.
+                             Default: "pre-openclaw-native-e2e-2026-03-12"
+  --mode <fresh|upgrade|both>
+  --openai-api-key-env <var> Host env var name for OpenAI API key.
+                             Default: OPENAI_API_KEY
+  --install-url <url>        Installer URL for latest release. Default: https://openclaw.ai/install.ps1
+  --host-port <port>         Host HTTP port for current-main tgz. Default: 18426
+  --host-ip <ip>             Override Parallels host IP.
+  --latest-version <ver>     Override npm latest version lookup.
+  --install-version <ver>    Pin site-installer version/dist-tag for the baseline lane.
+  --target-package-spec <npm-spec>
+                             Install this npm package tarball instead of packing current main.
+                             Example: openclaw@2026.3.13-beta.1
+  --skip-latest-ref-check    Skip latest-release ref-mode precheck.
+  --keep-server              Leave temp host HTTP server running.
+  --json                     Print machine-readable JSON summary.
+  -h, --help                 Show help.
+EOF
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --vm)
+      VM_NAME="$2"
+      shift 2
+      ;;
+    --snapshot-hint)
+      SNAPSHOT_HINT="$2"
+      shift 2
+      ;;
+    --mode)
+      MODE="$2"
+      shift 2
+      ;;
+    --openai-api-key-env)
+      OPENAI_API_KEY_ENV="$2"
+      shift 2
+      ;;
+    --install-url)
+      INSTALL_URL="$2"
+      shift 2
+      ;;
+    --host-port)
+      HOST_PORT="$2"
+      HOST_PORT_EXPLICIT=1
+      shift 2
+      ;;
+    --host-ip)
+      HOST_IP="$2"
+      shift 2
+      ;;
+    --latest-version)
+      LATEST_VERSION="$2"
+      shift 2
+      ;;
+    --install-version)
+      INSTALL_VERSION="$2"
+      shift 2
+      ;;
+    --target-package-spec)
+      TARGET_PACKAGE_SPEC="$2"
+      shift 2
+      ;;
+    --skip-latest-ref-check)
+      CHECK_LATEST_REF=0
+      shift
+      ;;
+    --keep-server)
+      KEEP_SERVER=1
+      shift
+      ;;
+    --json)
+      JSON_OUTPUT=1
+      shift
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      die "unknown arg: $1"
+      ;;
+  esac
+done
+
+case "$MODE" in
+  fresh|upgrade|both) ;;
+  *)
+    die "invalid --mode: $MODE"
+    ;;
+esac
+
+OPENAI_API_KEY_VALUE="${!OPENAI_API_KEY_ENV:-}"
+[[ -n "$OPENAI_API_KEY_VALUE" ]] || die "$OPENAI_API_KEY_ENV is required"
+
+ps_single_quote() {
+  printf "%s" "$1" | sed "s/'/''/g"
+}
+
+ps_array_literal() {
+  local arg quoted parts=()
+  for arg in "$@"; do
+    quoted="$(ps_single_quote "$arg")"
+    parts+=("'$quoted'")
+  done
+  local joined=""
+  local part
+  for part in "${parts[@]}"; do
+    if [[ -n "$joined" ]]; then
+      joined+=", "
+    fi
+    joined+="$part"
+  done
+  printf '@(%s)' "$joined"
+}
+
+resolve_snapshot_id() {
+  local json hint
+  json="$(prlctl snapshot-list "$VM_NAME" --json)"
+  hint="$SNAPSHOT_HINT"
+  SNAPSHOT_JSON="$json" SNAPSHOT_HINT="$hint" python3 - <<'PY'
+import difflib
+import json
+import os
+import sys
+
+payload = json.loads(os.environ["SNAPSHOT_JSON"])
+hint = os.environ["SNAPSHOT_HINT"].strip().lower()
+best_id = None
+best_score = -1.0
+for snapshot_id, meta in payload.items():
+    name = str(meta.get("name", "")).strip()
+    lowered = name.lower()
+    score = 0.0
+    if lowered == hint:
+        score = 10.0
+    elif hint and hint in lowered:
+        score = 5.0 + len(hint) / max(len(lowered), 1)
+    else:
+        score = difflib.SequenceMatcher(None, hint, lowered).ratio()
+    if score > best_score:
+        best_score = score
+        best_id = snapshot_id
+if not best_id:
+    sys.exit("no snapshot matched")
+print(best_id)
+PY
+}
+
+resolve_host_ip() {
+  if [[ -n "$HOST_IP" ]]; then
+    printf '%s\n' "$HOST_IP"
+    return
+  fi
+  local detected
+  detected="$(ifconfig | awk '/inet 10\.211\./ { print $2; exit }')"
+  [[ -n "$detected" ]] || die "failed to detect Parallels host IP; pass --host-ip"
+  printf '%s\n' "$detected"
+}
+
+is_host_port_free() {
+  local port="$1"
+  python3 - "$port" <<'PY'
+import socket
+import sys
+
+port = int(sys.argv[1])
+sock = socket.socket()
+try:
+    sock.bind(("0.0.0.0", port))
+except OSError:
+    raise SystemExit(1)
+finally:
+    sock.close()
+PY
+}
+
+allocate_host_port() {
+  python3 - <<'PY'
+import socket
+
+sock = socket.socket()
+sock.bind(("0.0.0.0", 0))
+print(sock.getsockname()[1])
+sock.close()
+PY
+}
+
+resolve_host_port() {
+  if is_host_port_free "$HOST_PORT"; then
+    printf '%s\n' "$HOST_PORT"
+    return
+  fi
+  if [[ "$HOST_PORT_EXPLICIT" -eq 1 ]]; then
+    die "host port $HOST_PORT already in use"
+  fi
+  HOST_PORT="$(allocate_host_port)"
+  warn "host port 18426 busy; using $HOST_PORT"
+  printf '%s\n' "$HOST_PORT"
+}
+
+guest_exec() {
+  prlctl exec "$VM_NAME" --current-user "$@"
+}
+
+guest_powershell() {
+  local script="$1"
+  local encoded
+  encoded="$(
+    SCRIPT_CONTENT="$script" python3 - <<'PY'
+import base64
+import os
+
+script = "$ProgressPreference = 'SilentlyContinue'\n" + os.environ["SCRIPT_CONTENT"]
+payload = script.encode("utf-16le")
+print(base64.b64encode(payload).decode("ascii"))
+PY
+  )"
+  guest_exec powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand "$encoded"
+}
+
+guest_run_openclaw() {
+  local env_name="${1:-}"
+  local env_value="${2:-}"
+  shift 2
+
+  local args_literal stdout_name stderr_name env_name_q env_value_q
+  args_literal="$(ps_array_literal "$@")"
+  stdout_name="openclaw-stdout-$RANDOM-$RANDOM.log"
+  stderr_name="openclaw-stderr-$RANDOM-$RANDOM.log"
+  env_name_q="$(ps_single_quote "$env_name")"
+  env_value_q="$(ps_single_quote "$env_value")"
+
+  guest_powershell "$(cat <<EOF
+\$stdout = Join-Path \$env:TEMP '$stdout_name'
+\$stderr = Join-Path \$env:TEMP '$stderr_name'
+try {
+  if ('${env_name_q}' -ne '') {
+    Set-Item -Path ('Env:' + '${env_name_q}') -Value '${env_value_q}'
+  }
+  \$proc = Start-Process -FilePath (Join-Path \$env:APPDATA 'npm\openclaw.cmd') -ArgumentList $args_literal -NoNewWindow -PassThru -RedirectStandardOutput \$stdout -RedirectStandardError \$stderr
+  \$proc.WaitForExit()
+  if (Test-Path \$stdout) {
+    Get-Content \$stdout
+  }
+  if (Test-Path \$stderr) {
+    Get-Content \$stderr
+  }
+  exit \$proc.ExitCode
+} finally {
+  Remove-Item \$stdout, \$stderr -Force -ErrorAction SilentlyContinue
+}
+EOF
+)"
+}
+
+restore_snapshot() {
+  local snapshot_id="$1"
+  say "Restore snapshot $SNAPSHOT_HINT ($snapshot_id)"
+  prlctl snapshot-switch "$VM_NAME" --id "$snapshot_id" >/dev/null
+}
+
+verify_windows_user_ready() {
+  guest_exec cmd.exe /d /s /c "echo ready"
+}
+
+wait_for_guest_ready() {
+  local deadline
+  deadline=$((SECONDS + TIMEOUT_SNAPSHOT_S))
+  while (( SECONDS < deadline )); do
+    if verify_windows_user_ready >/dev/null 2>&1; then
+      return 0
+    fi
+    sleep 3
+  done
+  return 1
+}
+
+phase_log_path() {
+  printf '%s/%s.log\n' "$RUN_DIR" "$1"
+}
+
+show_log_excerpt() {
+  local log_path="$1"
+  warn "log tail: $log_path"
+  tail -n 80 "$log_path" >&2 || true
+}
+
+phase_run() {
+  local phase_id="$1"
+  local timeout_s="$2"
+  shift 2
+
+  local log_path pid rc timed_out
+  log_path="$(phase_log_path "$phase_id")"
+  say "$phase_id"
+  timed_out=0
+
+  (
+    "$@"
+  ) >"$log_path" 2>&1 &
+  pid=$!
+
+  (
+    sleep "$timeout_s"
+    kill "$pid" >/dev/null 2>&1 || true
+    sleep 2
+    kill -9 "$pid" >/dev/null 2>&1 || true
+  ) &
+  local killer_pid=$!
+
+  set +e
+  wait "$pid"
+  rc=$?
+  set -e
+
+  if kill -0 "$killer_pid" >/dev/null 2>&1; then
+    kill "$killer_pid" >/dev/null 2>&1 || true
+    wait "$killer_pid" >/dev/null 2>&1 || true
+  else
+    timed_out=1
+  fi
+
+  if (( timed_out )); then
+    warn "$phase_id timed out after ${timeout_s}s"
+    printf 'timeout after %ss\n' "$timeout_s" >>"$log_path"
+    show_log_excerpt "$log_path"
+    return 124
+  fi
+
+  if [[ $rc -ne 0 ]]; then
+    warn "$phase_id failed (rc=$rc)"
+    show_log_excerpt "$log_path"
+    return "$rc"
+  fi
+
+  return 0
+}
+
+extract_last_version() {
+  local log_path="$1"
+  python3 - "$log_path" <<'PY'
+import pathlib
+import re
+import sys
+
+text = pathlib.Path(sys.argv[1]).read_text(errors="replace")
+matches = re.findall(r"OpenClaw [^\r\n]+ \([0-9a-f]{7,}\)", text)
+print(matches[-1] if matches else "")
+PY
+}
+
+write_summary_json() {
+  local summary_path="$RUN_DIR/summary.json"
+  python3 - "$summary_path" <<'PY'
+import json
+import os
+import sys
+
+summary = {
+    "vm": os.environ["SUMMARY_VM"],
+    "snapshotHint": os.environ["SUMMARY_SNAPSHOT_HINT"],
+    "snapshotId": os.environ["SUMMARY_SNAPSHOT_ID"],
+    "mode": os.environ["SUMMARY_MODE"],
+    "latestVersion": os.environ["SUMMARY_LATEST_VERSION"],
+    "installVersion": os.environ["SUMMARY_INSTALL_VERSION"],
+    "targetPackageSpec": os.environ["SUMMARY_TARGET_PACKAGE_SPEC"],
+    "currentHead": os.environ["SUMMARY_CURRENT_HEAD"],
+    "runDir": os.environ["SUMMARY_RUN_DIR"],
+    "freshMain": {
+        "status": os.environ["SUMMARY_FRESH_MAIN_STATUS"],
+        "version": os.environ["SUMMARY_FRESH_MAIN_VERSION"],
+        "gateway": os.environ["SUMMARY_FRESH_GATEWAY_STATUS"],
+        "agent": os.environ["SUMMARY_FRESH_AGENT_STATUS"],
+    },
+    "upgrade": {
+        "precheck": os.environ["SUMMARY_UPGRADE_PRECHECK_STATUS"],
+        "status": os.environ["SUMMARY_UPGRADE_STATUS"],
+        "latestVersionInstalled": os.environ["SUMMARY_LATEST_INSTALLED_VERSION"],
+        "mainVersion": os.environ["SUMMARY_UPGRADE_MAIN_VERSION"],
+        "gateway": os.environ["SUMMARY_UPGRADE_GATEWAY_STATUS"],
+        "agent": os.environ["SUMMARY_UPGRADE_AGENT_STATUS"],
+    },
+}
+with open(sys.argv[1], "w", encoding="utf-8") as handle:
+    json.dump(summary, handle, indent=2, sort_keys=True)
+print(sys.argv[1])
+PY
+}
+
+resolve_latest_version() {
+  if [[ -n "$LATEST_VERSION" ]]; then
+    printf '%s\n' "$LATEST_VERSION"
+    return
+  fi
+  npm view openclaw version --userconfig "$(mktemp)"
+}
+
+resolve_mingit_download() {
+  python3 - <<'PY'
+import json
+import urllib.request
+
+req = urllib.request.Request(
+    "https://api.github.com/repos/git-for-windows/git/releases/latest",
+    headers={
+        "User-Agent": "openclaw-parallels-smoke",
+        "Accept": "application/vnd.github+json",
+    },
+)
+with urllib.request.urlopen(req, timeout=30) as response:
+    data = json.load(response)
+
+assets = data.get("assets", [])
+preferred_names = [
+    "MinGit-2.53.0.2-arm64.zip",
+    "MinGit-2.53.0.2-64-bit.zip",
+]
+
+best = None
+for wanted in preferred_names:
+    for asset in assets:
+      if asset.get("name") == wanted:
+        best = asset
+        break
+    if best:
+      break
+
+if best is None:
+  for asset in assets:
+    name = asset.get("name", "")
+    if name.startswith("MinGit-") and name.endswith(".zip") and "busybox" not in name:
+      best = asset
+      break
+
+if best is None:
+  raise SystemExit("no MinGit asset found")
+
+print(best["name"])
+print(best["browser_download_url"])
+PY
+}
+
+current_build_commit() {
+  python3 - <<'PY'
+import json
+import pathlib
+
+path = pathlib.Path("dist/build-info.json")
+if not path.exists():
+    print("")
+else:
+    print(json.loads(path.read_text()).get("commit", ""))
+PY
+}
+
+acquire_build_lock() {
+  local owner_pid=""
+  while ! mkdir "$BUILD_LOCK_DIR" 2>/dev/null; do
+    if [[ -f "$BUILD_LOCK_DIR/pid" ]]; then
+      owner_pid="$(cat "$BUILD_LOCK_DIR/pid" 2>/dev/null || true)"
+      if [[ -n "$owner_pid" ]] && ! kill -0 "$owner_pid" >/dev/null 2>&1; then
+        warn "Removing stale Parallels build lock"
+        rm -rf "$BUILD_LOCK_DIR"
+        continue
+      fi
+    fi
+    sleep 1
+  done
+  printf '%s\n' "$$" >"$BUILD_LOCK_DIR/pid"
+}
+
+release_build_lock() {
+  if [[ -d "$BUILD_LOCK_DIR" ]]; then
+    rm -rf "$BUILD_LOCK_DIR"
+  fi
+}
+
+ensure_current_build() {
+  local head build_commit
+  acquire_build_lock
+  head="$(git rev-parse HEAD)"
+  build_commit="$(current_build_commit)"
+  if [[ "$build_commit" == "$head" ]]; then
+    release_build_lock
+    return
+  fi
+  say "Build dist for current head"
+  pnpm build
+  build_commit="$(current_build_commit)"
+  release_build_lock
+  [[ "$build_commit" == "$head" ]] || die "dist/build-info.json still does not match HEAD after build"
+}
+
+ensure_guest_git() {
+  local host_ip="$1"
+  local mingit_url
+  mingit_url="http://$host_ip:$HOST_PORT/$MINGIT_ZIP_NAME"
+  if guest_exec cmd.exe /d /s /c "where git.exe >nul 2>nul && git.exe --version"; then
+    return
+  fi
+  guest_exec cmd.exe /d /s /c "if exist \"%LOCALAPPDATA%\\OpenClaw\\deps\\portable-git\" rmdir /s /q \"%LOCALAPPDATA%\\OpenClaw\\deps\\portable-git\""
+  guest_exec cmd.exe /d /s /c "if not exist \"%LOCALAPPDATA%\\OpenClaw\\deps\" mkdir \"%LOCALAPPDATA%\\OpenClaw\\deps\""
+  guest_exec cmd.exe /d /s /c "mkdir \"%LOCALAPPDATA%\\OpenClaw\\deps\\portable-git\""
+  guest_exec cmd.exe /d /s /c "curl.exe -fsSL \"$mingit_url\" -o \"%TEMP%\\$MINGIT_ZIP_NAME\""
+  guest_exec cmd.exe /d /s /c "tar.exe -xf \"%TEMP%\\$MINGIT_ZIP_NAME\" -C \"%LOCALAPPDATA%\\OpenClaw\\deps\\portable-git\""
+  guest_exec cmd.exe /d /s /c "del /q \"%TEMP%\\$MINGIT_ZIP_NAME\" & set \"PATH=%LOCALAPPDATA%\\OpenClaw\\deps\\portable-git\\cmd;%LOCALAPPDATA%\\OpenClaw\\deps\\portable-git\\mingw64\\bin;%LOCALAPPDATA%\\OpenClaw\\deps\\portable-git\\usr\\bin;%PATH%\" && git.exe --version"
+}
+
+pack_main_tgz() {
+  local mingit_name mingit_url short_head pkg
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    say "Pack target package tgz: $TARGET_PACKAGE_SPEC"
+    mapfile -t mingit_meta < <(resolve_mingit_download)
+    mingit_name="${mingit_meta[0]}"
+    mingit_url="${mingit_meta[1]}"
+    MINGIT_ZIP_NAME="$mingit_name"
+    MINGIT_ZIP_PATH="$MAIN_TGZ_DIR/$mingit_name"
+    if [[ ! -f "$MINGIT_ZIP_PATH" ]]; then
+      say "Download $MINGIT_ZIP_NAME"
+      curl -fsSL "$mingit_url" -o "$MINGIT_ZIP_PATH"
+    fi
+    pkg="$(
+      npm pack "$TARGET_PACKAGE_SPEC" --ignore-scripts --json --pack-destination "$MAIN_TGZ_DIR" \
+        | python3 -c 'import json, sys; data = json.load(sys.stdin); print(data[-1]["filename"])'
+    )"
+    MAIN_TGZ_PATH="$MAIN_TGZ_DIR/$(basename "$pkg")"
+    TARGET_EXPECT_VERSION="$(tar -xOf "$MAIN_TGZ_PATH" package/package.json | python3 -c "import json, sys; print(json.load(sys.stdin)['version'])")"
+    say "Packed $MAIN_TGZ_PATH"
+    say "Target package version: $TARGET_EXPECT_VERSION"
+    return
+  fi
+  say "Pack current main tgz"
+  ensure_current_build
+  mapfile -t mingit_meta < <(resolve_mingit_download)
+  mingit_name="${mingit_meta[0]}"
+  mingit_url="${mingit_meta[1]}"
+  MINGIT_ZIP_NAME="$mingit_name"
+  MINGIT_ZIP_PATH="$MAIN_TGZ_DIR/$mingit_name"
+  if [[ ! -f "$MINGIT_ZIP_PATH" ]]; then
+    say "Download $MINGIT_ZIP_NAME"
+    curl -fsSL "$mingit_url" -o "$MINGIT_ZIP_PATH"
+  fi
+  short_head="$(git rev-parse --short HEAD)"
+  pkg="$(
+    npm pack --ignore-scripts --json --pack-destination "$MAIN_TGZ_DIR" \
+      | python3 -c 'import json, sys; data = json.load(sys.stdin); print(data[-1]["filename"])'
+  )"
+  MAIN_TGZ_PATH="$MAIN_TGZ_DIR/openclaw-main-$short_head.tgz"
+  cp "$MAIN_TGZ_DIR/$pkg" "$MAIN_TGZ_PATH"
+  say "Packed $MAIN_TGZ_PATH"
+  tar -xOf "$MAIN_TGZ_PATH" package/dist/build-info.json
+}
+
+verify_target_version() {
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    verify_version_contains "$TARGET_EXPECT_VERSION"
+    return
+  fi
+  verify_version_contains "$(git rev-parse --short=7 HEAD)"
+}
+
+start_server() {
+  local host_ip="$1"
+  local artifact probe_url attempt
+  artifact="$(basename "$MAIN_TGZ_PATH")"
+  attempt=0
+  while :; do
+    attempt=$((attempt + 1))
+    say "Serve $(artifact_label) on $host_ip:$HOST_PORT"
+    (
+      cd "$MAIN_TGZ_DIR"
+      exec python3 -m http.server "$HOST_PORT" --bind 0.0.0.0
+    ) >/tmp/openclaw-parallels-windows-http.log 2>&1 &
+    SERVER_PID=$!
+    sleep 1
+    probe_url="http://127.0.0.1:$HOST_PORT/$artifact"
+    if kill -0 "$SERVER_PID" >/dev/null 2>&1 && curl -fsSI "$probe_url" >/dev/null 2>&1; then
+      return 0
+    fi
+    kill "$SERVER_PID" >/dev/null 2>&1 || true
+    wait "$SERVER_PID" >/dev/null 2>&1 || true
+    SERVER_PID=""
+    if [[ "$HOST_PORT_EXPLICIT" -eq 1 || $attempt -ge 3 ]]; then
+      die "failed to start reachable host HTTP server on port $HOST_PORT"
+    fi
+    HOST_PORT="$(allocate_host_port)"
+    warn "retrying host HTTP server on port $HOST_PORT"
+  done
+}
+
+install_latest_release() {
+  local install_url_q version_flag_q
+  install_url_q="$(ps_single_quote "$INSTALL_URL")"
+  version_flag_q=""
+  if [[ -n "$INSTALL_VERSION" ]]; then
+    version_flag_q="-Tag '$(ps_single_quote "$INSTALL_VERSION")' "
+  fi
+  guest_powershell "$(cat <<EOF
+\$ProgressPreference = 'SilentlyContinue'
+\$script = Invoke-RestMethod -Uri '$install_url_q'
+& ([scriptblock]::Create(\$script)) ${version_flag_q}-NoOnboard
+& (Join-Path \$env:APPDATA 'npm\openclaw.cmd') --version
+EOF
+)"
+}
+
+install_main_tgz() {
+  local host_ip="$1"
+  local temp_name="$2"
+  local tgz_url
+  tgz_url="http://$host_ip:$HOST_PORT/$(basename "$MAIN_TGZ_PATH")"
+  guest_exec cmd.exe /d /s /c "set \"PATH=%LOCALAPPDATA%\\OpenClaw\\deps\\portable-git\\cmd;%LOCALAPPDATA%\\OpenClaw\\deps\\portable-git\\mingw64\\bin;%LOCALAPPDATA%\\OpenClaw\\deps\\portable-git\\usr\\bin;%PATH%\" && curl.exe -fsSL \"$tgz_url\" -o \"%TEMP%\\$temp_name\" && npm.cmd install -g \"%TEMP%\\$temp_name\" --no-fund --no-audit && \"%APPDATA%\\npm\\openclaw.cmd\" --version"
+}
+
+verify_version_contains() {
+  local needle="$1"
+  local version
+  version="$(guest_run_openclaw "" "" "--version")"
+  printf '%s\n' "$version"
+  case "$version" in
+    *"$needle"*) ;;
+    *)
+      echo "version mismatch: expected substring $needle" >&2
+      return 1
+      ;;
+  esac
+}
+
+run_ref_onboard() {
+  local openai_key_q runner_name log_name done_name done_status
+  openai_key_q="$(ps_single_quote "$OPENAI_API_KEY_VALUE")"
+  runner_name="openclaw-onboard-$RANDOM-$RANDOM.ps1"
+  log_name="openclaw-onboard-$RANDOM-$RANDOM.log"
+  done_name="openclaw-onboard-$RANDOM-$RANDOM.done"
+
+  guest_powershell "$(cat <<EOF
+\$runner = Join-Path \$env:TEMP '$runner_name'
+\$log = Join-Path \$env:TEMP '$log_name'
+\$done = Join-Path \$env:TEMP '$done_name'
+Remove-Item \$runner, \$log, \$done -Force -ErrorAction SilentlyContinue
+@'
+\$ErrorActionPreference = 'Stop'
+\$PSNativeCommandUseErrorActionPreference = \$false
+\$log = Join-Path \$env:TEMP '$log_name'
+\$done = Join-Path \$env:TEMP '$done_name'
+\$env:OPENAI_API_KEY = '$openai_key_q'
+try {
+  \$openclaw = Join-Path \$env:APPDATA 'npm\openclaw.cmd'
+  \$cmdLine = ('"{0}" onboard --non-interactive --mode local --auth-choice openai-api-key --secret-input-mode ref --gateway-port 18789 --gateway-bind loopback --install-daemon --skip-skills --accept-risk --json > "{1}" 2>&1' -f \$openclaw, \$log)
+  & cmd.exe /d /s /c \$cmdLine
+  Set-Content -Path \$done -Value ([string]\$LASTEXITCODE)
+} catch {
+  if (Test-Path \$log) {
+    Add-Content -Path \$log -Value (\$_ | Out-String)
+  } else {
+    (\$_ | Out-String) | Set-Content -Path \$log
+  }
+  Set-Content -Path \$done -Value '1'
+}
+'@ | Set-Content -Path \$runner
+Start-Process powershell.exe -ArgumentList @('-NoProfile', '-ExecutionPolicy', 'Bypass', '-File', \$runner) -WindowStyle Hidden | Out-Null
+EOF
+)"
+
+  while :; do
+    done_status="$(
+      guest_powershell "\$done = Join-Path \$env:TEMP '$done_name'; if (Test-Path \$done) { (Get-Content \$done -Raw).Trim() }"
+    )"
+    done_status="${done_status//$'\r'/}"
+    if [[ -n "$done_status" ]]; then
+      guest_powershell "\$log = Join-Path \$env:TEMP '$log_name'; if (Test-Path \$log) { Get-Content \$log }"
+      [[ "$done_status" == "0" ]]
+      return $?
+    fi
+    sleep 2
+  done
+}
+
+verify_gateway() {
+  guest_run_openclaw "" "" gateway status --deep --require-rpc
+}
+
+show_gateway_status_compat() {
+  if guest_run_openclaw "" "" gateway status --help | grep -Fq -- "--require-rpc"; then
+    guest_run_openclaw "" "" gateway status --deep --require-rpc
+    return
+  fi
+  guest_run_openclaw "" "" gateway status --deep
+}
+
+verify_turn() {
+  guest_run_openclaw "" "" agent --agent main --message ping --json
+}
+
+capture_latest_ref_failure() {
+  set +e
+  run_ref_onboard
+  local rc=$?
+  set -e
+  if [[ $rc -eq 0 ]]; then
+    say "Latest release ref-mode onboard passed"
+    return 0
+  fi
+  warn "Latest release ref-mode onboard failed pre-upgrade"
+  set +e
+  show_gateway_status_compat || true
+  set -e
+  return 1
+}
+
+run_fresh_main_lane() {
+  local snapshot_id="$1"
+  local host_ip="$2"
+  phase_run "fresh.restore-snapshot" "$TIMEOUT_SNAPSHOT_S" restore_snapshot "$snapshot_id" || return $?
+  phase_run "fresh.wait-for-user" "$TIMEOUT_SNAPSHOT_S" wait_for_guest_ready || return $?
+  phase_run "fresh.ensure-git" "$TIMEOUT_INSTALL_S" ensure_guest_git "$host_ip" || return $?
+  phase_run "fresh.install-main" "$TIMEOUT_INSTALL_S" install_main_tgz "$host_ip" "openclaw-main-fresh.tgz" || return $?
+  FRESH_MAIN_VERSION="$(extract_last_version "$(phase_log_path fresh.install-main)")"
+  phase_run "fresh.verify-main-version" "$TIMEOUT_VERIFY_S" verify_target_version || return $?
+  phase_run "fresh.onboard-ref" "$TIMEOUT_ONBOARD_S" run_ref_onboard || return $?
+  phase_run "fresh.gateway-status" "$TIMEOUT_GATEWAY_S" verify_gateway || return $?
+  FRESH_GATEWAY_STATUS="pass"
+  phase_run "fresh.first-agent-turn" "$TIMEOUT_AGENT_S" verify_turn || return $?
+  FRESH_AGENT_STATUS="pass"
+}
+
+run_upgrade_lane() {
+  local snapshot_id="$1"
+  local host_ip="$2"
+  phase_run "upgrade.restore-snapshot" "$TIMEOUT_SNAPSHOT_S" restore_snapshot "$snapshot_id" || return $?
+  phase_run "upgrade.wait-for-user" "$TIMEOUT_SNAPSHOT_S" wait_for_guest_ready || return $?
+  phase_run "upgrade.install-latest" "$TIMEOUT_INSTALL_S" install_latest_release || return $?
+  LATEST_INSTALLED_VERSION="$(extract_last_version "$(phase_log_path upgrade.install-latest)")"
+  phase_run "upgrade.verify-latest-version" "$TIMEOUT_VERIFY_S" verify_version_contains "$LATEST_VERSION" || return $?
+  if [[ "$CHECK_LATEST_REF" -eq 1 ]]; then
+    if phase_run "upgrade.latest-ref-precheck" "$TIMEOUT_ONBOARD_S" capture_latest_ref_failure; then
+      UPGRADE_PRECHECK_STATUS="latest-ref-pass"
+    else
+      UPGRADE_PRECHECK_STATUS="latest-ref-fail"
+    fi
+  else
+    UPGRADE_PRECHECK_STATUS="skipped"
+  fi
+  phase_run "upgrade.ensure-git" "$TIMEOUT_INSTALL_S" ensure_guest_git "$host_ip" || return $?
+  phase_run "upgrade.install-main" "$TIMEOUT_INSTALL_S" install_main_tgz "$host_ip" "openclaw-main-upgrade.tgz" || return $?
+  UPGRADE_MAIN_VERSION="$(extract_last_version "$(phase_log_path upgrade.install-main)")"
+  phase_run "upgrade.verify-main-version" "$TIMEOUT_VERIFY_S" verify_target_version || return $?
+  phase_run "upgrade.onboard-ref" "$TIMEOUT_ONBOARD_S" run_ref_onboard || return $?
+  phase_run "upgrade.gateway-status" "$TIMEOUT_GATEWAY_S" verify_gateway || return $?
+  UPGRADE_GATEWAY_STATUS="pass"
+  phase_run "upgrade.first-agent-turn" "$TIMEOUT_AGENT_S" verify_turn || return $?
+  UPGRADE_AGENT_STATUS="pass"
+}
+
+SNAPSHOT_ID="$(resolve_snapshot_id)"
+LATEST_VERSION="$(resolve_latest_version)"
+HOST_IP="$(resolve_host_ip)"
+HOST_PORT="$(resolve_host_port)"
+
+say "VM: $VM_NAME"
+say "Snapshot hint: $SNAPSHOT_HINT"
+say "Latest npm version: $LATEST_VERSION"
+say "Current head: $(git rev-parse --short HEAD)"
+say "Run logs: $RUN_DIR"
+
+pack_main_tgz
+start_server "$HOST_IP"
+
+if [[ "$MODE" == "fresh" || "$MODE" == "both" ]]; then
+  set +e
+  run_fresh_main_lane "$SNAPSHOT_ID" "$HOST_IP"
+  fresh_rc=$?
+  set -e
+  if [[ $fresh_rc -eq 0 ]]; then
+    FRESH_MAIN_STATUS="pass"
+  else
+    FRESH_MAIN_STATUS="fail"
+  fi
+fi
+
+if [[ "$MODE" == "upgrade" || "$MODE" == "both" ]]; then
+  set +e
+  run_upgrade_lane "$SNAPSHOT_ID" "$HOST_IP"
+  upgrade_rc=$?
+  set -e
+  if [[ $upgrade_rc -eq 0 ]]; then
+    UPGRADE_STATUS="pass"
+  else
+    UPGRADE_STATUS="fail"
+  fi
+fi
+
+if [[ "$KEEP_SERVER" -eq 0 && -n "${SERVER_PID:-}" ]]; then
+  kill "$SERVER_PID" >/dev/null 2>&1 || true
+  SERVER_PID=""
+fi
+
+SUMMARY_JSON_PATH="$(
+  SUMMARY_VM="$VM_NAME" \
+  SUMMARY_SNAPSHOT_HINT="$SNAPSHOT_HINT" \
+  SUMMARY_SNAPSHOT_ID="$SNAPSHOT_ID" \
+  SUMMARY_MODE="$MODE" \
+  SUMMARY_LATEST_VERSION="$LATEST_VERSION" \
+  SUMMARY_INSTALL_VERSION="$INSTALL_VERSION" \
+  SUMMARY_TARGET_PACKAGE_SPEC="$TARGET_PACKAGE_SPEC" \
+  SUMMARY_CURRENT_HEAD="$(git rev-parse --short HEAD)" \
+  SUMMARY_RUN_DIR="$RUN_DIR" \
+  SUMMARY_FRESH_MAIN_STATUS="$FRESH_MAIN_STATUS" \
+  SUMMARY_FRESH_MAIN_VERSION="$FRESH_MAIN_VERSION" \
+  SUMMARY_FRESH_GATEWAY_STATUS="$FRESH_GATEWAY_STATUS" \
+  SUMMARY_FRESH_AGENT_STATUS="$FRESH_AGENT_STATUS" \
+  SUMMARY_UPGRADE_PRECHECK_STATUS="$UPGRADE_PRECHECK_STATUS" \
+  SUMMARY_UPGRADE_STATUS="$UPGRADE_STATUS" \
+  SUMMARY_LATEST_INSTALLED_VERSION="$LATEST_INSTALLED_VERSION" \
+  SUMMARY_UPGRADE_MAIN_VERSION="$UPGRADE_MAIN_VERSION" \
+  SUMMARY_UPGRADE_GATEWAY_STATUS="$UPGRADE_GATEWAY_STATUS" \
+  SUMMARY_UPGRADE_AGENT_STATUS="$UPGRADE_AGENT_STATUS" \
+  write_summary_json
+)"
+
+if [[ "$JSON_OUTPUT" -eq 1 ]]; then
+  cat "$SUMMARY_JSON_PATH"
+else
+  printf '\nSummary:\n'
+  if [[ -n "$TARGET_PACKAGE_SPEC" ]]; then
+    printf '  target-package: %s\n' "$TARGET_PACKAGE_SPEC"
+  fi
+  if [[ -n "$INSTALL_VERSION" ]]; then
+    printf '  baseline-install-version: %s\n' "$INSTALL_VERSION"
+  fi
+  printf '  fresh-main: %s (%s)\n' "$FRESH_MAIN_STATUS" "$FRESH_MAIN_VERSION"
+  printf '  latest->main precheck: %s (%s)\n' "$UPGRADE_PRECHECK_STATUS" "$LATEST_INSTALLED_VERSION"
+  printf '  latest->main: %s (%s)\n' "$UPGRADE_STATUS" "$UPGRADE_MAIN_VERSION"
+  printf '  logs: %s\n' "$RUN_DIR"
+  printf '  summary: %s\n' "$SUMMARY_JSON_PATH"
+fi
+
+if [[ "$FRESH_MAIN_STATUS" == "fail" || "$UPGRADE_STATUS" == "fail" ]]; then
+  exit 1
+fi
diff --git a/scripts/openclaw-npm-publish.sh b/scripts/openclaw-npm-publish.sh
new file mode 100644
index 00000000000..a5cb2c67d7a
--- /dev/null
+++ b/scripts/openclaw-npm-publish.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+mode="${1:-}"
+
+if [[ "${mode}" != "--dry-run" && "${mode}" != "--publish" ]]; then
+  echo "usage: bash scripts/openclaw-npm-publish.sh [--dry-run|--publish]" >&2
+  exit 2
+fi
+
+package_version="$(node -p "require('./package.json').version")"
+publish_cmd=(npm publish --access public --provenance)
+release_channel="stable"
+
+if [[ "${package_version}" == *-beta.* ]]; then
+  publish_cmd=(npm publish --access public --tag beta --provenance)
+  release_channel="beta"
+fi
+
+echo "Resolved package version: ${package_version}"
+echo "Resolved release channel: ${release_channel}"
+echo "Publish auth: GitHub OIDC trusted publishing"
+
+printf 'Publish command:'
+printf ' %q' "${publish_cmd[@]}"
+printf '\n'
+
+if [[ "${mode}" == "--dry-run" ]]; then
+  exit 0
+fi
+
+"${publish_cmd[@]}"
diff --git a/scripts/openclaw-npm-release-check.ts b/scripts/openclaw-npm-release-check.ts
index fcd2dc8e7e1..768fee6caee 100644
--- a/scripts/openclaw-npm-release-check.ts
+++ b/scripts/openclaw-npm-release-check.ts
@@ -25,9 +25,18 @@ export type ParsedReleaseVersion = {
   date: Date;
 };
 
+export type ParsedReleaseTag = {
+  version: string;
+  packageVersion: string;
+  channel: "stable" | "beta";
+  correctionNumber?: number;
+  date: Date;
+};
+
 const STABLE_VERSION_REGEX = /^(?<year>\d{4})\.(?<month>[1-9]\d?)\.(?<day>[1-9]\d?)$/;
 const BETA_VERSION_REGEX =
   /^(?<year>\d{4})\.(?<month>[1-9]\d?)\.(?<day>[1-9]\d?)-beta\.(?<beta>[1-9]\d*)$/;
+const CORRECTION_TAG_REGEX = /^(?<base>\d{4}\.[1-9]\d?\.[1-9]\d?)-(?<correction>[1-9]\d*)$/;
 const EXPECTED_REPOSITORY_URL = "https://github.com/openclaw/openclaw";
 const MAX_CALVER_DISTANCE_DAYS = 2;
 
@@ -107,6 +116,49 @@ export function parseReleaseVersion(version: string): ParsedReleaseVersion | nul
   return null;
 }
 
+export function parseReleaseTagVersion(version: string): ParsedReleaseTag | null {
+  const trimmed = version.trim();
+  if (!trimmed) {
+    return null;
+  }
+
+  const parsedVersion = parseReleaseVersion(trimmed);
+  if (parsedVersion !== null) {
+    return {
+      version: trimmed,
+      packageVersion: parsedVersion.version,
+      channel: parsedVersion.channel,
+      date: parsedVersion.date,
+      correctionNumber: undefined,
+    };
+  }
+
+  const correctionMatch = CORRECTION_TAG_REGEX.exec(trimmed);
+  if (!correctionMatch?.groups) {
+    return null;
+  }
+
+  const baseVersion = correctionMatch.groups.base ?? "";
+  const parsedBaseVersion = parseReleaseVersion(baseVersion);
+  const correctionNumber = Number.parseInt(correctionMatch.groups.correction ?? "", 10);
+  if (
+    parsedBaseVersion === null ||
+    parsedBaseVersion.channel !== "stable" ||
+    !Number.isInteger(correctionNumber) ||
+    correctionNumber < 1
+  ) {
+    return null;
+  }
+
+  return {
+    version: trimmed,
+    packageVersion: parsedBaseVersion.version,
+    channel: "stable",
+    correctionNumber,
+    date: parsedBaseVersion.date,
+  };
+}
+
 function startOfUtcDay(date: Date): number {
   return Date.UTC(date.getUTCFullYear(), date.getUTCMonth(), date.getUTCDate());
 }
@@ -180,19 +232,25 @@ export function collectReleaseTagErrors(params: {
   }
 
   const tagVersion = releaseTag.startsWith("v") ? releaseTag.slice(1) : releaseTag;
-  const parsedTag = parseReleaseVersion(tagVersion);
+  const parsedTag = parseReleaseTagVersion(tagVersion);
   if (parsedTag === null) {
     errors.push(
-      `Release tag must match vYYYY.M.D or vYYYY.M.D-beta.N; found "${releaseTag || "<missing>"}".`,
+      `Release tag must match vYYYY.M.D, vYYYY.M.D-beta.N, or fallback correction tag vYYYY.M.D-N; found "${releaseTag || "<missing>"}".`,
     );
   }
 
-  const expectedTag = packageVersion ? `v${packageVersion}` : "";
-  if (releaseTag !== expectedTag) {
+  const expectedTag = packageVersion ? `v${packageVersion}` : "<missing>";
+  const expectedCorrectionTag = parsedVersion?.channel === "stable" ? `${expectedTag}-N` : null;
+  const matchesExpectedTag =
+    parsedTag !== null &&
+    parsedVersion !== null &&
+    parsedTag.packageVersion === parsedVersion.version &&
+    parsedTag.channel === parsedVersion.channel;
+  if (!matchesExpectedTag) {
     errors.push(
       `Release tag ${releaseTag || "<missing>"} does not match package.json version ${
         packageVersion || "<missing>"
-      }; expected ${expectedTag || "<missing>"}.`,
+      }; expected ${expectedCorrectionTag ? `${expectedTag} or ${expectedCorrectionTag}` : expectedTag}.`,
     );
   }
 
@@ -230,12 +288,14 @@ function loadPackageJson(): PackageJson {
 
 function main(): number {
   const pkg = loadPackageJson();
+  const now = new Date();
   const metadataErrors = collectReleasePackageMetadataErrors(pkg);
   const tagErrors = collectReleaseTagErrors({
     packageVersion: pkg.version ?? "",
     releaseTag: process.env.RELEASE_TAG ?? "",
     releaseSha: process.env.RELEASE_SHA,
     releaseMainRef: process.env.RELEASE_MAIN_REF,
+    now,
   });
   const errors = [...metadataErrors, ...tagErrors];
 
@@ -249,9 +309,7 @@ function main(): number {
   const parsedVersion = parseReleaseVersion(pkg.version ?? "");
   const channel = parsedVersion?.channel ?? "unknown";
   const dayDistance =
-    parsedVersion === null
-      ? "unknown"
-      : String(utcCalendarDayDistance(parsedVersion.date, new Date()));
+    parsedVersion === null ? "unknown" : String(utcCalendarDayDistance(parsedVersion.date, now));
   console.log(
     `openclaw-npm-release-check: validated ${channel} release ${pkg.version} (${dayDistance} day UTC delta).`,
   );
diff --git a/scripts/test-parallel.mjs b/scripts/test-parallel.mjs
index 1716f724bff..c818344f886 100644
--- a/scripts/test-parallel.mjs
+++ b/scripts/test-parallel.mjs
@@ -1,6 +1,8 @@
 import { spawn } from "node:child_process";
 import fs from "node:fs";
 import os from "node:os";
+import path from "node:path";
+import { channelTestPrefixes } from "../vitest.channel-paths.mjs";
 
 // On Windows, `.cmd` launchers can fail with `spawn EINVAL` when invoked without a shell
 // (especially under GitHub Actions + Git Bash). Use `shell: true` and let the shell resolve pnpm.
@@ -41,8 +43,8 @@ const unitIsolatedFilesRaw = [
   "src/commands/agent.test.ts",
   "src/media/store.test.ts",
   "src/media/store.header-ext.test.ts",
-  "src/web/media.test.ts",
-  "src/web/auto-reply.web-auto-reply.falls-back-text-media-send-fails.test.ts",
+  "extensions/whatsapp/src/media.test.ts",
+  "extensions/whatsapp/src/auto-reply.web-auto-reply.falls-back-text-media-send-fails.test.ts",
   "src/browser/server.covers-additional-endpoint-branches.test.ts",
   "src/browser/server.post-tabs-open-profile-unknown-returns-404.test.ts",
   "src/browser/server.agent-contract-snapshot-endpoints.test.ts",
@@ -79,15 +81,15 @@ const unitIsolatedFilesRaw = [
   "src/auto-reply/reply.triggers.trigger-handling.targets-active-session-native-stop.test.ts",
   "src/auto-reply/reply.triggers.group-intro-prompts.test.ts",
   "src/auto-reply/reply.triggers.trigger-handling.handles-inline-commands-strips-it-before-agent.test.ts",
-  "src/web/auto-reply.web-auto-reply.compresses-common-formats-jpeg-cap.test.ts",
+  "extensions/whatsapp/src/auto-reply.web-auto-reply.compresses-common-formats-jpeg-cap.test.ts",
   // Setup-heavy bot bootstrap suite.
-  "src/telegram/bot.create-telegram-bot.test.ts",
+  "extensions/telegram/src/bot.create-telegram-bot.test.ts",
   // Medium-heavy bot behavior suite; move off unit-fast critical path.
-  "src/telegram/bot.test.ts",
+  "extensions/telegram/src/bot.test.ts",
   // Slack slash registration tests are setup-heavy and can bottleneck unit-fast.
-  "src/slack/monitor/slash.test.ts",
+  "extensions/slack/src/monitor/slash.test.ts",
   // Uses process-level unhandledRejection listeners; keep it off vmForks to avoid cross-file leakage.
-  "src/imessage/monitor.shutdown.unhandled-rejection.test.ts",
+  "extensions/imessage/src/monitor.shutdown.unhandled-rejection.test.ts",
   // Mutates process.cwd() and mocks core module loaders; isolate from the shared fast lane.
   "src/infra/git-commit.test.ts",
 ];
@@ -205,6 +207,45 @@ const shardIndexOverride = (() => {
   const parsed = Number.parseInt(process.env.OPENCLAW_TEST_SHARD_INDEX ?? "", 10);
   return Number.isFinite(parsed) && parsed > 0 ? parsed : null;
 })();
+const OPTION_TAKES_VALUE = new Set([
+  "-t",
+  "-c",
+  "-r",
+  "--testNamePattern",
+  "--config",
+  "--root",
+  "--dir",
+  "--reporter",
+  "--outputFile",
+  "--pool",
+  "--execArgv",
+  "--vmMemoryLimit",
+  "--maxWorkers",
+  "--environment",
+  "--shard",
+  "--changed",
+  "--sequence",
+  "--inspect",
+  "--inspectBrk",
+  "--testTimeout",
+  "--hookTimeout",
+  "--bail",
+  "--retry",
+  "--diff",
+  "--exclude",
+  "--project",
+  "--slowTestThreshold",
+  "--teardownTimeout",
+  "--attachmentsDir",
+  "--mode",
+  "--api",
+  "--browser",
+  "--maxConcurrency",
+  "--mergeReports",
+  "--configLoader",
+  "--experimental",
+]);
+const SINGLE_RUN_ONLY_FLAGS = new Set(["--coverage", "--outputFile", "--mergeReports"]);
 
 if (shardIndexOverride !== null && shardCount <= 1) {
   console.error(
@@ -229,6 +270,218 @@ const silentArgs =
 const rawPassthroughArgs = process.argv.slice(2);
 const passthroughArgs =
   rawPassthroughArgs[0] === "--" ? rawPassthroughArgs.slice(1) : rawPassthroughArgs;
+const parsePassthroughArgs = (args) => {
+  const fileFilters = [];
+  const optionArgs = [];
+  let consumeNextAsOptionValue = false;
+
+  for (const arg of args) {
+    if (consumeNextAsOptionValue) {
+      optionArgs.push(arg);
+      consumeNextAsOptionValue = false;
+      continue;
+    }
+    if (arg === "--") {
+      optionArgs.push(arg);
+      continue;
+    }
+    if (arg.startsWith("-")) {
+      optionArgs.push(arg);
+      consumeNextAsOptionValue = !arg.includes("=") && OPTION_TAKES_VALUE.has(arg);
+      continue;
+    }
+    fileFilters.push(arg);
+  }
+
+  return { fileFilters, optionArgs };
+};
+const { fileFilters: passthroughFileFilters, optionArgs: passthroughOptionArgs } =
+  parsePassthroughArgs(passthroughArgs);
+const passthroughRequiresSingleRun = passthroughOptionArgs.some((arg) => {
+  if (!arg.startsWith("-")) {
+    return false;
+  }
+  const [flag] = arg.split("=", 1);
+  return SINGLE_RUN_ONLY_FLAGS.has(flag);
+});
+const baseConfigPrefixes = ["src/agents/", "src/auto-reply/", "src/commands/", "test/", "ui/"];
+const normalizeRepoPath = (value) => value.split(path.sep).join("/");
+const walkTestFiles = (rootDir) => {
+  if (!fs.existsSync(rootDir)) {
+    return [];
+  }
+  const entries = fs.readdirSync(rootDir, { withFileTypes: true });
+  const files = [];
+  for (const entry of entries) {
+    const fullPath = path.join(rootDir, entry.name);
+    if (entry.isDirectory()) {
+      files.push(...walkTestFiles(fullPath));
+      continue;
+    }
+    if (!entry.isFile()) {
+      continue;
+    }
+    if (
+      fullPath.endsWith(".test.ts") ||
+      fullPath.endsWith(".live.test.ts") ||
+      fullPath.endsWith(".e2e.test.ts")
+    ) {
+      files.push(normalizeRepoPath(fullPath));
+    }
+  }
+  return files;
+};
+const allKnownTestFiles = [
+  ...new Set([
+    ...walkTestFiles("src"),
+    ...walkTestFiles("extensions"),
+    ...walkTestFiles("test"),
+    ...walkTestFiles(path.join("ui", "src", "ui")),
+  ]),
+];
+const inferTarget = (fileFilter) => {
+  const isolated = unitIsolatedFiles.includes(fileFilter);
+  if (fileFilter.endsWith(".live.test.ts")) {
+    return { owner: "live", isolated };
+  }
+  if (fileFilter.endsWith(".e2e.test.ts")) {
+    return { owner: "e2e", isolated };
+  }
+  if (channelTestPrefixes.some((prefix) => fileFilter.startsWith(prefix))) {
+    return { owner: "channels", isolated };
+  }
+  if (fileFilter.startsWith("extensions/")) {
+    return { owner: "extensions", isolated };
+  }
+  if (fileFilter.startsWith("src/gateway/")) {
+    return { owner: "gateway", isolated };
+  }
+  if (baseConfigPrefixes.some((prefix) => fileFilter.startsWith(prefix))) {
+    return { owner: "base", isolated };
+  }
+  if (fileFilter.startsWith("src/")) {
+    return { owner: "unit", isolated };
+  }
+  return { owner: "base", isolated };
+};
+const resolveFilterMatches = (fileFilter) => {
+  const normalizedFilter = normalizeRepoPath(fileFilter);
+  if (fs.existsSync(fileFilter)) {
+    const stats = fs.statSync(fileFilter);
+    if (stats.isFile()) {
+      return [normalizedFilter];
+    }
+    if (stats.isDirectory()) {
+      const prefix = normalizedFilter.endsWith("/") ? normalizedFilter : `${normalizedFilter}/`;
+      return allKnownTestFiles.filter((file) => file.startsWith(prefix));
+    }
+  }
+  if (/[*?[\]{}]/.test(normalizedFilter)) {
+    return allKnownTestFiles.filter((file) => path.matchesGlob(file, normalizedFilter));
+  }
+  return allKnownTestFiles.filter((file) => file.includes(normalizedFilter));
+};
+const createTargetedEntry = (owner, isolated, filters) => {
+  const name = isolated ? `${owner}-isolated` : owner;
+  const forceForks = isolated;
+  if (owner === "unit") {
+    return {
+      name,
+      args: [
+        "vitest",
+        "run",
+        "--config",
+        "vitest.unit.config.ts",
+        `--pool=${forceForks ? "forks" : useVmForks ? "vmForks" : "forks"}`,
+        ...(disableIsolation ? ["--isolate=false"] : []),
+        ...filters,
+      ],
+    };
+  }
+  if (owner === "extensions") {
+    return {
+      name,
+      args: [
+        "vitest",
+        "run",
+        "--config",
+        "vitest.extensions.config.ts",
+        ...(forceForks ? ["--pool=forks"] : useVmForks ? ["--pool=vmForks"] : []),
+        ...filters,
+      ],
+    };
+  }
+  if (owner === "gateway") {
+    return {
+      name,
+      args: ["vitest", "run", "--config", "vitest.gateway.config.ts", "--pool=forks", ...filters],
+    };
+  }
+  if (owner === "channels") {
+    return {
+      name,
+      args: [
+        "vitest",
+        "run",
+        "--config",
+        "vitest.channels.config.ts",
+        ...(forceForks ? ["--pool=forks"] : []),
+        ...filters,
+      ],
+    };
+  }
+  if (owner === "live") {
+    return {
+      name,
+      args: ["vitest", "run", "--config", "vitest.live.config.ts", ...filters],
+    };
+  }
+  if (owner === "e2e") {
+    return {
+      name,
+      args: ["vitest", "run", "--config", "vitest.e2e.config.ts", ...filters],
+    };
+  }
+  return {
+    name,
+    args: [
+      "vitest",
+      "run",
+      "--config",
+      "vitest.config.ts",
+      ...(forceForks ? ["--pool=forks"] : []),
+      ...filters,
+    ],
+  };
+};
+const targetedEntries = (() => {
+  if (passthroughFileFilters.length === 0) {
+    return [];
+  }
+  const groups = passthroughFileFilters.reduce((acc, fileFilter) => {
+    const matchedFiles = resolveFilterMatches(fileFilter);
+    if (matchedFiles.length === 0) {
+      const target = inferTarget(normalizeRepoPath(fileFilter));
+      const key = `${target.owner}:${target.isolated ? "isolated" : "default"}`;
+      const files = acc.get(key) ?? [];
+      files.push(normalizeRepoPath(fileFilter));
+      acc.set(key, files);
+      return acc;
+    }
+    for (const matchedFile of matchedFiles) {
+      const target = inferTarget(matchedFile);
+      const key = `${target.owner}:${target.isolated ? "isolated" : "default"}`;
+      const files = acc.get(key) ?? [];
+      files.push(matchedFile);
+      acc.set(key, files);
+    }
+    return acc;
+  }, new Map());
+  return Array.from(groups, ([key, filters]) => {
+    const [owner, mode] = key.split(":");
+    return createTargetedEntry(owner, mode === "isolated", [...new Set(filters)]);
+  });
+})();
 const topLevelParallelEnabled = testProfile !== "low" && testProfile !== "serial";
 const overrideWorkers = Number.parseInt(process.env.OPENCLAW_TEST_WORKERS ?? "", 10);
 const resolvedOverride =
@@ -311,7 +564,7 @@ const maxWorkersForRun = (name) => {
   if (isCI && isMacOS) {
     return 1;
   }
-  if (name === "unit-isolated") {
+  if (name === "unit-isolated" || name.endsWith("-isolated")) {
     return defaultWorkerBudget.unitIsolated;
   }
   if (name === "extensions") {
@@ -397,16 +650,16 @@ const runOnce = (entry, extraArgs = []) =>
     });
   });
 
-const run = async (entry) => {
+const run = async (entry, extraArgs = []) => {
   if (shardCount <= 1) {
-    return runOnce(entry);
+    return runOnce(entry, extraArgs);
   }
   if (shardIndexOverride !== null) {
-    return runOnce(entry, ["--shard", `${shardIndexOverride}/${shardCount}`]);
+    return runOnce(entry, ["--shard", `${shardIndexOverride}/${shardCount}`, ...extraArgs]);
   }
   for (let shardIndex = 1; shardIndex <= shardCount; shardIndex += 1) {
     // eslint-disable-next-line no-await-in-loop
-    const code = await runOnce(entry, ["--shard", `${shardIndex}/${shardCount}`]);
+    const code = await runOnce(entry, ["--shard", `${shardIndex}/${shardCount}`, ...extraArgs]);
     if (code !== 0) {
       return code;
     }
@@ -414,15 +667,15 @@ const run = async (entry) => {
   return 0;
 };
 
-const runEntries = async (entries) => {
+const runEntries = async (entries, extraArgs = []) => {
   if (topLevelParallelEnabled) {
-    const codes = await Promise.all(entries.map(run));
+    const codes = await Promise.all(entries.map((entry) => run(entry, extraArgs)));
     return codes.find((code) => code !== 0);
   }
 
   for (const entry of entries) {
     // eslint-disable-next-line no-await-in-loop
-    const code = await run(entry);
+    const code = await run(entry, extraArgs);
     if (code !== 0) {
       return code;
     }
@@ -440,57 +693,48 @@ const shutdown = (signal) => {
 process.on("SIGINT", () => shutdown("SIGINT"));
 process.on("SIGTERM", () => shutdown("SIGTERM"));
 
-if (passthroughArgs.length > 0) {
-  const maxWorkers = maxWorkersForRun("unit");
-  const args = maxWorkers
-    ? [
-        "vitest",
-        "run",
-        "--maxWorkers",
-        String(maxWorkers),
-        ...silentArgs,
-        ...windowsCiArgs,
-        ...passthroughArgs,
-      ]
-    : ["vitest", "run", ...silentArgs, ...windowsCiArgs, ...passthroughArgs];
-  const nodeOptions = process.env.NODE_OPTIONS ?? "";
-  const nextNodeOptions = WARNING_SUPPRESSION_FLAGS.reduce(
-    (acc, flag) => (acc.includes(flag) ? acc : `${acc} ${flag}`.trim()),
-    nodeOptions,
-  );
-  const code = await new Promise((resolve) => {
-    let child;
-    try {
-      child = spawn(pnpm, args, {
-        stdio: "inherit",
-        env: { ...process.env, NODE_OPTIONS: nextNodeOptions },
-        shell: isWindows,
-      });
-    } catch (err) {
-      console.error(`[test-parallel] spawn failed: ${String(err)}`);
-      resolve(1);
-      return;
+if (targetedEntries.length > 0) {
+  if (passthroughRequiresSingleRun && targetedEntries.length > 1) {
+    console.error(
+      "[test-parallel] The provided Vitest args require a single run, but the selected test filters span multiple wrapper configs. Run one target/config at a time.",
+    );
+    process.exit(2);
+  }
+  const targetedParallelRuns = keepGatewaySerial
+    ? targetedEntries.filter((entry) => entry.name !== "gateway")
+    : targetedEntries;
+  const targetedSerialRuns = keepGatewaySerial
+    ? targetedEntries.filter((entry) => entry.name === "gateway")
+    : [];
+  const failedTargetedParallel = await runEntries(targetedParallelRuns, passthroughOptionArgs);
+  if (failedTargetedParallel !== undefined) {
+    process.exit(failedTargetedParallel);
+  }
+  for (const entry of targetedSerialRuns) {
+    // eslint-disable-next-line no-await-in-loop
+    const code = await run(entry, passthroughOptionArgs);
+    if (code !== 0) {
+      process.exit(code);
     }
-    children.add(child);
-    child.on("error", (err) => {
-      console.error(`[test-parallel] child error: ${String(err)}`);
-    });
-    child.on("exit", (exitCode, signal) => {
-      children.delete(child);
-      resolve(exitCode ?? (signal ? 1 : 0));
-    });
-  });
-  process.exit(Number(code) || 0);
+  }
+  process.exit(0);
 }
 
-const failedParallel = await runEntries(parallelRuns);
+if (passthroughRequiresSingleRun && passthroughOptionArgs.length > 0) {
+  console.error(
+    "[test-parallel] The provided Vitest args require a single run. Use the dedicated npm script for that workflow (for example `pnpm test:coverage`) or target a single test file/filter.",
+  );
+  process.exit(2);
+}
+
+const failedParallel = await runEntries(parallelRuns, passthroughOptionArgs);
 if (failedParallel !== undefined) {
   process.exit(failedParallel);
 }
 
 for (const entry of serialRuns) {
   // eslint-disable-next-line no-await-in-loop
-  const code = await run(entry);
+  const code = await run(entry, passthroughOptionArgs);
   if (code !== 0) {
     process.exit(code);
   }
diff --git a/scripts/write-plugin-sdk-entry-dts.ts b/scripts/write-plugin-sdk-entry-dts.ts
index 7053feb19a8..beb5db5481b 100644
--- a/scripts/write-plugin-sdk-entry-dts.ts
+++ b/scripts/write-plugin-sdk-entry-dts.ts
@@ -1,8 +1,8 @@
 import fs from "node:fs";
 import path from "node:path";
 
-// `tsc` emits declarations under `dist/plugin-sdk/plugin-sdk/*` because the source lives
-// at `src/plugin-sdk/*` and `rootDir` is `src/`.
+// `tsc` emits declarations under `dist/plugin-sdk/src/plugin-sdk/*` because the source lives
+// at `src/plugin-sdk/*` and `rootDir` is `.` (repo root, to support cross-src/extensions refs).
 //
 // Our package export map points subpath `types` at `dist/plugin-sdk/<entry>.d.ts`, so we
 // generate stable entry d.ts files that re-export the real declarations.
@@ -56,5 +56,5 @@ for (const entry of entrypoints) {
   const out = path.join(process.cwd(), `dist/plugin-sdk/${entry}.d.ts`);
   fs.mkdirSync(path.dirname(out), { recursive: true });
   // NodeNext: reference the runtime specifier with `.js`, TS will map it to `.d.ts`.
-  fs.writeFileSync(out, `export * from "./plugin-sdk/${entry}.js";\n`, "utf8");
+  fs.writeFileSync(out, `export * from "./src/plugin-sdk/${entry}.js";\n`, "utf8");
 }
diff --git a/skills/node-connect/SKILL.md b/skills/node-connect/SKILL.md
new file mode 100644
index 00000000000..ea468f19096
--- /dev/null
+++ b/skills/node-connect/SKILL.md
@@ -0,0 +1,142 @@
+---
+name: node-connect
+description: Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps. Use when QR/setup code/manual connect fails, local Wi-Fi works but VPS/tailnet does not, or errors mention pairing required, unauthorized, bootstrap token invalid or expired, gateway.bind, gateway.remote.url, Tailscale, or plugins.entries.device-pair.config.publicUrl.
+---
+
+# Node Connect
+
+Goal: find the one real route from node -> gateway, verify OpenClaw is advertising that route, then fix pairing/auth.
+
+## Topology first
+
+Decide which case you are in before proposing fixes:
+
+- same machine / emulator / USB tunnel
+- same LAN / local Wi-Fi
+- same Tailscale tailnet
+- public URL / reverse proxy
+
+Do not mix them.
+
+- Local Wi-Fi problem: do not switch to Tailscale unless remote access is actually needed.
+- VPS / remote gateway problem: do not keep debugging `localhost` or LAN IPs.
+
+## If ambiguous, ask first
+
+If the setup is unclear or the failure report is vague, ask short clarifying questions before diagnosing.
+
+Ask for:
+
+- which route they intend: same machine, same LAN, Tailscale tailnet, or public URL
+- whether they used QR/setup code or manual host/port
+- the exact app text/status/error, quoted exactly if possible
+- whether `openclaw devices list` shows a pending pairing request
+
+Do not guess from `can't connect`.
+
+## Canonical checks
+
+Prefer `openclaw qr --json`. It uses the same setup-code payload Android scans.
+
+```bash
+openclaw config get gateway.mode
+openclaw config get gateway.bind
+openclaw config get gateway.tailscale.mode
+openclaw config get gateway.remote.url
+openclaw config get gateway.auth.mode
+openclaw config get gateway.auth.allowTailscale
+openclaw config get plugins.entries.device-pair.config.publicUrl
+openclaw qr --json
+openclaw devices list
+openclaw nodes status
+```
+
+If this OpenClaw instance is pointed at a remote gateway, also run:
+
+```bash
+openclaw qr --remote --json
+```
+
+If Tailscale is part of the story:
+
+```bash
+tailscale status --json
+```
+
+## Read the result, not guesses
+
+`openclaw qr --json` success means:
+
+- `gatewayUrl`: this is the actual endpoint the app should use.
+- `urlSource`: this tells you which config path won.
+
+Common good sources:
+
+- `gateway.bind=lan`: same Wi-Fi / LAN only
+- `gateway.bind=tailnet`: direct tailnet access
+- `gateway.tailscale.mode=serve` or `gateway.tailscale.mode=funnel`: Tailscale route
+- `plugins.entries.device-pair.config.publicUrl`: explicit public/reverse-proxy route
+- `gateway.remote.url`: remote gateway route
+
+## Root-cause map
+
+If `openclaw qr --json` says `Gateway is only bound to loopback`:
+
+- remote node cannot connect yet
+- fix the route, then generate a fresh setup code
+- `gateway.bind=auto` is not enough if the effective QR route is still loopback
+- same LAN: use `gateway.bind=lan`
+- same tailnet: prefer `gateway.tailscale.mode=serve` or use `gateway.bind=tailnet`
+- public internet: set a real `plugins.entries.device-pair.config.publicUrl` or `gateway.remote.url`
+
+If `gateway.bind=tailnet set, but no tailnet IP was found`:
+
+- gateway host is not actually on Tailscale
+
+If `qr --remote requires gateway.remote.url`:
+
+- remote-mode config is incomplete
+
+If the app says `pairing required`:
+
+- network route and auth worked
+- approve the pending device
+
+```bash
+openclaw devices list
+openclaw devices approve --latest
+```
+
+If the app says `bootstrap token invalid or expired`:
+
+- old setup code
+- generate a fresh one and rescan
+- do this after any URL/auth fix too
+
+If the app says `unauthorized`:
+
+- wrong token/password, or wrong Tailscale expectation
+- for Tailscale Serve, `gateway.auth.allowTailscale` must match the intended flow
+- otherwise use explicit token/password
+
+## Fast heuristics
+
+- Same Wi-Fi setup + gateway advertises `127.0.0.1`, `localhost`, or loopback-only config: wrong.
+- Remote setup + setup/manual uses private LAN IP: wrong.
+- Tailnet setup + gateway advertises LAN IP instead of MagicDNS / tailnet route: wrong.
+- Public URL set but QR still advertises something else: inspect `urlSource`; config is not what you think.
+- `openclaw devices list` shows pending requests: stop changing network config and approve first.
+
+## Fix style
+
+Reply with one concrete diagnosis and one route.
+
+If there is not enough signal yet, ask for setup + exact app text instead of guessing.
+
+Good:
+
+- `The gateway is still loopback-only, so a node on another network can never reach it. Enable Tailscale Serve, restart the gateway, run openclaw qr again, rescan, then approve the pending device pairing.`
+
+Bad:
+
+- `Maybe LAN, maybe Tailscale, maybe port forwarding, maybe public URL.`
diff --git a/src/agents/auth-profiles/oauth.test.ts b/src/agents/auth-profiles/oauth.test.ts
index c38d043c549..d4161b0d8ad 100644
--- a/src/agents/auth-profiles/oauth.test.ts
+++ b/src/agents/auth-profiles/oauth.test.ts
@@ -32,6 +32,20 @@ function tokenStore(params: {
   };
 }
 
+function githubCopilotTokenStore(profileId: string, includeInlineToken = true): AuthProfileStore {
+  return {
+    version: 1,
+    profiles: {
+      [profileId]: {
+        type: "token",
+        provider: "github-copilot",
+        ...(includeInlineToken ? { token: "" } : {}),
+        tokenRef: { source: "env", provider: "default", id: "GITHUB_TOKEN" },
+      },
+    },
+  };
+}
+
 async function resolveWithConfig(params: {
   profileId: string;
   provider: string;
@@ -59,6 +73,25 @@ async function withEnvVar<T>(key: string, value: string, run: () => Promise<T>):
   }
 }
 
+async function expectResolvedApiKey(params: {
+  profileId: string;
+  provider: string;
+  mode: "api_key" | "token" | "oauth";
+  store: AuthProfileStore;
+  expectedApiKey: string;
+}) {
+  const result = await resolveApiKeyForProfile({
+    cfg: cfgFor(params.profileId, params.provider, params.mode),
+    store: params.store,
+    profileId: params.profileId,
+  });
+  expect(result).toEqual({
+    apiKey: params.expectedApiKey, // pragma: allowlist secret
+    provider: params.provider,
+    email: undefined,
+  });
+}
+
 describe("resolveApiKeyForProfile config compatibility", () => {
   it("accepts token credentials when config mode is oauth", async () => {
     const profileId = "anthropic:token";
@@ -278,25 +311,12 @@ describe("resolveApiKeyForProfile secret refs", () => {
   it("resolves token tokenRef from env", async () => {
     const profileId = "github-copilot:default";
     await withEnvVar("GITHUB_TOKEN", "gh-ref-token", async () => {
-      const result = await resolveApiKeyForProfile({
-        cfg: cfgFor(profileId, "github-copilot", "token"),
-        store: {
-          version: 1,
-          profiles: {
-            [profileId]: {
-              type: "token",
-              provider: "github-copilot",
-              token: "",
-              tokenRef: { source: "env", provider: "default", id: "GITHUB_TOKEN" },
-            },
-          },
-        },
+      await expectResolvedApiKey({
         profileId,
-      });
-      expect(result).toEqual({
-        apiKey: "gh-ref-token", // pragma: allowlist secret
         provider: "github-copilot",
-        email: undefined,
+        mode: "token",
+        store: githubCopilotTokenStore(profileId),
+        expectedApiKey: "gh-ref-token", // pragma: allowlist secret
       });
     });
   });
@@ -304,24 +324,12 @@ describe("resolveApiKeyForProfile secret refs", () => {
   it("resolves token tokenRef without inline token when expires is absent", async () => {
     const profileId = "github-copilot:no-inline-token";
     await withEnvVar("GITHUB_TOKEN", "gh-ref-token", async () => {
-      const result = await resolveApiKeyForProfile({
-        cfg: cfgFor(profileId, "github-copilot", "token"),
-        store: {
-          version: 1,
-          profiles: {
-            [profileId]: {
-              type: "token",
-              provider: "github-copilot",
-              tokenRef: { source: "env", provider: "default", id: "GITHUB_TOKEN" },
-            },
-          },
-        },
+      await expectResolvedApiKey({
         profileId,
-      });
-      expect(result).toEqual({
-        apiKey: "gh-ref-token", // pragma: allowlist secret
         provider: "github-copilot",
-        email: undefined,
+        mode: "token",
+        store: githubCopilotTokenStore(profileId, false),
+        expectedApiKey: "gh-ref-token", // pragma: allowlist secret
       });
     });
   });
diff --git a/src/agents/bash-tools.exec-host-gateway.ts b/src/agents/bash-tools.exec-host-gateway.ts
index ac6ed57aa72..149a4785dd5 100644
--- a/src/agents/bash-tools.exec-host-gateway.ts
+++ b/src/agents/bash-tools.exec-host-gateway.ts
@@ -1,5 +1,4 @@
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
-import { buildExecApprovalUnavailableReplyPayload } from "../infra/exec-approval-reply.js";
 import {
   addAllowlistEntry,
   type ExecAsk,
@@ -14,20 +13,22 @@ import { detectCommandObfuscation } from "../infra/exec-obfuscation-detect.js";
 import type { SafeBinProfile } from "../infra/exec-safe-bin-policy.js";
 import { logInfo } from "../logger.js";
 import { markBackgrounded, tail } from "./bash-process-registry.js";
-import { sendExecApprovalFollowup } from "./bash-tools.exec-approval-followup.js";
 import {
   buildExecApprovalRequesterContext,
   buildExecApprovalTurnSourceContext,
   registerExecApprovalRequestForHostOrThrow,
 } from "./bash-tools.exec-approval-request.js";
 import {
+  buildDefaultExecApprovalRequestArgs,
+  buildExecApprovalFollowupTarget,
+  buildExecApprovalPendingToolResult,
+  createExecApprovalDecisionState,
   createAndRegisterDefaultExecApprovalRequest,
-  resolveBaseExecApprovalDecision,
   resolveApprovalDecisionOrUndefined,
   resolveExecHostApprovalContext,
+  sendExecApprovalFollowupResult,
 } from "./bash-tools.exec-host-shared.js";
 import {
-  buildApprovalPendingMessage,
   DEFAULT_NOTIFY_TAIL_CHARS,
   createApprovalSlug,
   normalizeNotifyOutput,
@@ -140,6 +141,28 @@ export async function processGatewayAllowlist(
   }
 
   if (requiresAsk) {
+    const requestArgs = buildDefaultExecApprovalRequestArgs({
+      warnings: params.warnings,
+      approvalRunningNoticeMs: params.approvalRunningNoticeMs,
+      createApprovalSlug,
+      turnSourceChannel: params.turnSourceChannel,
+      turnSourceAccountId: params.turnSourceAccountId,
+    });
+    const registerGatewayApproval = async (approvalId: string) =>
+      await registerExecApprovalRequestForHostOrThrow({
+        approvalId,
+        command: params.command,
+        workdir: params.workdir,
+        host: "gateway",
+        security: hostSecurity,
+        ask: hostAsk,
+        ...buildExecApprovalRequesterContext({
+          agentId: params.agentId,
+          sessionKey: params.sessionKey,
+        }),
+        resolvedPath: allowlistEval.segments[0]?.resolution?.resolvedPath,
+        ...buildExecApprovalTurnSourceContext(params),
+      });
     const {
       approvalId,
       approvalSlug,
@@ -150,57 +173,46 @@ export async function processGatewayAllowlist(
       sentApproverDms,
       unavailableReason,
     } = await createAndRegisterDefaultExecApprovalRequest({
-      warnings: params.warnings,
-      approvalRunningNoticeMs: params.approvalRunningNoticeMs,
-      createApprovalSlug,
-      turnSourceChannel: params.turnSourceChannel,
-      turnSourceAccountId: params.turnSourceAccountId,
-      register: async (approvalId) =>
-        await registerExecApprovalRequestForHostOrThrow({
-          approvalId,
-          command: params.command,
-          workdir: params.workdir,
-          host: "gateway",
-          security: hostSecurity,
-          ask: hostAsk,
-          ...buildExecApprovalRequesterContext({
-            agentId: params.agentId,
-            sessionKey: params.sessionKey,
-          }),
-          resolvedPath: allowlistEval.segments[0]?.resolution?.resolvedPath,
-          ...buildExecApprovalTurnSourceContext(params),
-        }),
+      ...requestArgs,
+      register: registerGatewayApproval,
     });
     const resolvedPath = allowlistEval.segments[0]?.resolution?.resolvedPath;
     const effectiveTimeout =
       typeof params.timeoutSec === "number" ? params.timeoutSec : params.defaultTimeoutSec;
+    const followupTarget = buildExecApprovalFollowupTarget({
+      approvalId,
+      sessionKey: params.notifySessionKey,
+      turnSourceChannel: params.turnSourceChannel,
+      turnSourceTo: params.turnSourceTo,
+      turnSourceAccountId: params.turnSourceAccountId,
+      turnSourceThreadId: params.turnSourceThreadId,
+    });
 
     void (async () => {
       const decision = await resolveApprovalDecisionOrUndefined({
         approvalId,
         preResolvedDecision,
         onFailure: () =>
-          void sendExecApprovalFollowup({
-            approvalId,
-            sessionKey: params.notifySessionKey,
-            turnSourceChannel: params.turnSourceChannel,
-            turnSourceTo: params.turnSourceTo,
-            turnSourceAccountId: params.turnSourceAccountId,
-            turnSourceThreadId: params.turnSourceThreadId,
-            resultText: `Exec denied (gateway id=${approvalId}, approval-request-failed): ${params.command}`,
-          }),
+          void sendExecApprovalFollowupResult(
+            followupTarget,
+            `Exec denied (gateway id=${approvalId}, approval-request-failed): ${params.command}`,
+          ),
       });
       if (decision === undefined) {
         return;
       }
 
-      const baseDecision = resolveBaseExecApprovalDecision({
+      const {
+        baseDecision,
+        approvedByAsk: initialApprovedByAsk,
+        deniedReason: initialDeniedReason,
+      } = createExecApprovalDecisionState({
         decision,
         askFallback,
         obfuscationDetected: obfuscation.detected,
       });
-      let approvedByAsk = baseDecision.approvedByAsk;
-      let deniedReason = baseDecision.deniedReason;
+      let approvedByAsk = initialApprovedByAsk;
+      let deniedReason = initialDeniedReason;
 
       if (baseDecision.timedOut && askFallback === "allowlist") {
         if (!analysisOk || !allowlistSatisfied) {
@@ -232,15 +244,10 @@ export async function processGatewayAllowlist(
       }
 
       if (deniedReason) {
-        await sendExecApprovalFollowup({
-          approvalId,
-          sessionKey: params.notifySessionKey,
-          turnSourceChannel: params.turnSourceChannel,
-          turnSourceTo: params.turnSourceTo,
-          turnSourceAccountId: params.turnSourceAccountId,
-          turnSourceThreadId: params.turnSourceThreadId,
-          resultText: `Exec denied (gateway id=${approvalId}, ${deniedReason}): ${params.command}`,
-        }).catch(() => {});
+        await sendExecApprovalFollowupResult(
+          followupTarget,
+          `Exec denied (gateway id=${approvalId}, ${deniedReason}): ${params.command}`,
+        );
         return;
       }
 
@@ -266,15 +273,10 @@ export async function processGatewayAllowlist(
           timeoutSec: effectiveTimeout,
         });
       } catch {
-        await sendExecApprovalFollowup({
-          approvalId,
-          sessionKey: params.notifySessionKey,
-          turnSourceChannel: params.turnSourceChannel,
-          turnSourceTo: params.turnSourceTo,
-          turnSourceAccountId: params.turnSourceAccountId,
-          turnSourceThreadId: params.turnSourceThreadId,
-          resultText: `Exec denied (gateway id=${approvalId}, spawn-failed): ${params.command}`,
-        }).catch(() => {});
+        await sendExecApprovalFollowupResult(
+          followupTarget,
+          `Exec denied (gateway id=${approvalId}, spawn-failed): ${params.command}`,
+        );
         return;
       }
 
@@ -288,63 +290,22 @@ export async function processGatewayAllowlist(
       const summary = output
         ? `Exec finished (gateway id=${approvalId}, session=${run.session.id}, ${exitLabel})\n${output}`
         : `Exec finished (gateway id=${approvalId}, session=${run.session.id}, ${exitLabel})`;
-      await sendExecApprovalFollowup({
-        approvalId,
-        sessionKey: params.notifySessionKey,
-        turnSourceChannel: params.turnSourceChannel,
-        turnSourceTo: params.turnSourceTo,
-        turnSourceAccountId: params.turnSourceAccountId,
-        turnSourceThreadId: params.turnSourceThreadId,
-        resultText: summary,
-      }).catch(() => {});
+      await sendExecApprovalFollowupResult(followupTarget, summary);
     })();
 
     return {
-      pendingResult: {
-        content: [
-          {
-            type: "text",
-            text:
-              unavailableReason !== null
-                ? (buildExecApprovalUnavailableReplyPayload({
-                    warningText,
-                    reason: unavailableReason,
-                    channelLabel: initiatingSurface.channelLabel,
-                    sentApproverDms,
-                  }).text ?? "")
-                : buildApprovalPendingMessage({
-                    warningText,
-                    approvalSlug,
-                    approvalId,
-                    command: params.command,
-                    cwd: params.workdir,
-                    host: "gateway",
-                  }),
-          },
-        ],
-        details:
-          unavailableReason !== null
-            ? ({
-                status: "approval-unavailable",
-                reason: unavailableReason,
-                channelLabel: initiatingSurface.channelLabel,
-                sentApproverDms,
-                host: "gateway",
-                command: params.command,
-                cwd: params.workdir,
-                warningText,
-              } satisfies ExecToolDetails)
-            : ({
-                status: "approval-pending",
-                approvalId,
-                approvalSlug,
-                expiresAtMs,
-                host: "gateway",
-                command: params.command,
-                cwd: params.workdir,
-                warningText,
-              } satisfies ExecToolDetails),
-      },
+      pendingResult: buildExecApprovalPendingToolResult({
+        host: "gateway",
+        command: params.command,
+        cwd: params.workdir,
+        warningText,
+        approvalId,
+        approvalSlug,
+        expiresAtMs,
+        initiatingSurface,
+        sentApproverDms,
+        unavailableReason,
+      }),
     };
   }
 
diff --git a/src/agents/bash-tools.exec-host-node.ts b/src/agents/bash-tools.exec-host-node.ts
index 6f5fc25f966..16af23590b4 100644
--- a/src/agents/bash-tools.exec-host-node.ts
+++ b/src/agents/bash-tools.exec-host-node.ts
@@ -1,6 +1,5 @@
 import crypto from "node:crypto";
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
-import { buildExecApprovalUnavailableReplyPayload } from "../infra/exec-approval-reply.js";
 import {
   type ExecApprovalsFile,
   type ExecAsk,
@@ -13,20 +12,13 @@ import { detectCommandObfuscation } from "../infra/exec-obfuscation-detect.js";
 import { buildNodeShellCommand } from "../infra/node-shell.js";
 import { parsePreparedSystemRunPayload } from "../infra/system-run-approval-context.js";
 import { logInfo } from "../logger.js";
-import { sendExecApprovalFollowup } from "./bash-tools.exec-approval-followup.js";
 import {
   buildExecApprovalRequesterContext,
   buildExecApprovalTurnSourceContext,
   registerExecApprovalRequestForHostOrThrow,
 } from "./bash-tools.exec-approval-request.js";
+import * as execHostShared from "./bash-tools.exec-host-shared.js";
 import {
-  createAndRegisterDefaultExecApprovalRequest,
-  resolveBaseExecApprovalDecision,
-  resolveApprovalDecisionOrUndefined,
-  resolveExecHostApprovalContext,
-} from "./bash-tools.exec-host-shared.js";
-import {
-  buildApprovalPendingMessage,
   DEFAULT_NOTIFY_TAIL_CHARS,
   createApprovalSlug,
   normalizeNotifyOutput,
@@ -61,7 +53,7 @@ export type ExecuteNodeHostCommandParams = {
 export async function executeNodeHostCommand(
   params: ExecuteNodeHostCommandParams,
 ): Promise<AgentToolResult<ExecToolDetails>> {
-  const { hostSecurity, hostAsk, askFallback } = resolveExecHostApprovalContext({
+  const { hostSecurity, hostAsk, askFallback } = execHostShared.resolveExecHostApprovalContext({
     agentId: params.agentId,
     security: params.security,
     ask: params.ask,
@@ -216,6 +208,29 @@ export async function executeNodeHostCommand(
     }) satisfies Record<string, unknown>;
 
   if (requiresAsk) {
+    const requestArgs = execHostShared.buildDefaultExecApprovalRequestArgs({
+      warnings: params.warnings,
+      approvalRunningNoticeMs: params.approvalRunningNoticeMs,
+      createApprovalSlug,
+      turnSourceChannel: params.turnSourceChannel,
+      turnSourceAccountId: params.turnSourceAccountId,
+    });
+    const registerNodeApproval = async (approvalId: string) =>
+      await registerExecApprovalRequestForHostOrThrow({
+        approvalId,
+        systemRunPlan: prepared.plan,
+        env: nodeEnv,
+        workdir: runCwd,
+        host: "node",
+        nodeId,
+        security: hostSecurity,
+        ask: hostAsk,
+        ...buildExecApprovalRequesterContext({
+          agentId: runAgentId,
+          sessionKey: runSessionKey,
+        }),
+        ...buildExecApprovalTurnSourceContext(params),
+      });
     const {
       approvalId,
       approvalSlug,
@@ -225,57 +240,45 @@ export async function executeNodeHostCommand(
       initiatingSurface,
       sentApproverDms,
       unavailableReason,
-    } = await createAndRegisterDefaultExecApprovalRequest({
-      warnings: params.warnings,
-      approvalRunningNoticeMs: params.approvalRunningNoticeMs,
-      createApprovalSlug,
+    } = await execHostShared.createAndRegisterDefaultExecApprovalRequest({
+      ...requestArgs,
+      register: registerNodeApproval,
+    });
+    const followupTarget = execHostShared.buildExecApprovalFollowupTarget({
+      approvalId,
+      sessionKey: params.notifySessionKey,
       turnSourceChannel: params.turnSourceChannel,
+      turnSourceTo: params.turnSourceTo,
       turnSourceAccountId: params.turnSourceAccountId,
-      register: async (approvalId) =>
-        await registerExecApprovalRequestForHostOrThrow({
-          approvalId,
-          systemRunPlan: prepared.plan,
-          env: nodeEnv,
-          workdir: runCwd,
-          host: "node",
-          nodeId,
-          security: hostSecurity,
-          ask: hostAsk,
-          ...buildExecApprovalRequesterContext({
-            agentId: runAgentId,
-            sessionKey: runSessionKey,
-          }),
-          ...buildExecApprovalTurnSourceContext(params),
-        }),
+      turnSourceThreadId: params.turnSourceThreadId,
     });
 
     void (async () => {
-      const decision = await resolveApprovalDecisionOrUndefined({
+      const decision = await execHostShared.resolveApprovalDecisionOrUndefined({
         approvalId,
         preResolvedDecision,
         onFailure: () =>
-          void sendExecApprovalFollowup({
-            approvalId,
-            sessionKey: params.notifySessionKey,
-            turnSourceChannel: params.turnSourceChannel,
-            turnSourceTo: params.turnSourceTo,
-            turnSourceAccountId: params.turnSourceAccountId,
-            turnSourceThreadId: params.turnSourceThreadId,
-            resultText: `Exec denied (node=${nodeId} id=${approvalId}, approval-request-failed): ${params.command}`,
-          }),
+          void execHostShared.sendExecApprovalFollowupResult(
+            followupTarget,
+            `Exec denied (node=${nodeId} id=${approvalId}, approval-request-failed): ${params.command}`,
+          ),
       });
       if (decision === undefined) {
         return;
       }
 
-      const baseDecision = resolveBaseExecApprovalDecision({
+      const {
+        baseDecision,
+        approvedByAsk: initialApprovedByAsk,
+        deniedReason: initialDeniedReason,
+      } = execHostShared.createExecApprovalDecisionState({
         decision,
         askFallback,
         obfuscationDetected: obfuscation.detected,
       });
-      let approvedByAsk = baseDecision.approvedByAsk;
+      let approvedByAsk = initialApprovedByAsk;
       let approvalDecision: "allow-once" | "allow-always" | null = null;
-      let deniedReason = baseDecision.deniedReason;
+      let deniedReason = initialDeniedReason;
 
       if (baseDecision.timedOut && askFallback === "full" && approvedByAsk) {
         approvalDecision = "allow-once";
@@ -288,15 +291,10 @@ export async function executeNodeHostCommand(
       }
 
       if (deniedReason) {
-        await sendExecApprovalFollowup({
-          approvalId,
-          sessionKey: params.notifySessionKey,
-          turnSourceChannel: params.turnSourceChannel,
-          turnSourceTo: params.turnSourceTo,
-          turnSourceAccountId: params.turnSourceAccountId,
-          turnSourceThreadId: params.turnSourceThreadId,
-          resultText: `Exec denied (node=${nodeId} id=${approvalId}, ${deniedReason}): ${params.command}`,
-        }).catch(() => {});
+        await execHostShared.sendExecApprovalFollowupResult(
+          followupTarget,
+          `Exec denied (node=${nodeId} id=${approvalId}, ${deniedReason}): ${params.command}`,
+        );
         return;
       }
 
@@ -330,76 +328,28 @@ export async function executeNodeHostCommand(
         const summary = output
           ? `Exec finished (node=${nodeId} id=${approvalId}, ${exitLabel})\n${output}`
           : `Exec finished (node=${nodeId} id=${approvalId}, ${exitLabel})`;
-        await sendExecApprovalFollowup({
-          approvalId,
-          sessionKey: params.notifySessionKey,
-          turnSourceChannel: params.turnSourceChannel,
-          turnSourceTo: params.turnSourceTo,
-          turnSourceAccountId: params.turnSourceAccountId,
-          turnSourceThreadId: params.turnSourceThreadId,
-          resultText: summary,
-        }).catch(() => {});
+        await execHostShared.sendExecApprovalFollowupResult(followupTarget, summary);
       } catch {
-        await sendExecApprovalFollowup({
-          approvalId,
-          sessionKey: params.notifySessionKey,
-          turnSourceChannel: params.turnSourceChannel,
-          turnSourceTo: params.turnSourceTo,
-          turnSourceAccountId: params.turnSourceAccountId,
-          turnSourceThreadId: params.turnSourceThreadId,
-          resultText: `Exec denied (node=${nodeId} id=${approvalId}, invoke-failed): ${params.command}`,
-        }).catch(() => {});
+        await execHostShared.sendExecApprovalFollowupResult(
+          followupTarget,
+          `Exec denied (node=${nodeId} id=${approvalId}, invoke-failed): ${params.command}`,
+        );
       }
     })();
 
-    return {
-      content: [
-        {
-          type: "text",
-          text:
-            unavailableReason !== null
-              ? (buildExecApprovalUnavailableReplyPayload({
-                  warningText,
-                  reason: unavailableReason,
-                  channelLabel: initiatingSurface.channelLabel,
-                  sentApproverDms,
-                }).text ?? "")
-              : buildApprovalPendingMessage({
-                  warningText,
-                  approvalSlug,
-                  approvalId,
-                  command: prepared.plan.commandText,
-                  cwd: runCwd,
-                  host: "node",
-                  nodeId,
-                }),
-        },
-      ],
-      details:
-        unavailableReason !== null
-          ? ({
-              status: "approval-unavailable",
-              reason: unavailableReason,
-              channelLabel: initiatingSurface.channelLabel,
-              sentApproverDms,
-              host: "node",
-              command: params.command,
-              cwd: params.workdir,
-              nodeId,
-              warningText,
-            } satisfies ExecToolDetails)
-          : ({
-              status: "approval-pending",
-              approvalId,
-              approvalSlug,
-              expiresAtMs,
-              host: "node",
-              command: params.command,
-              cwd: params.workdir,
-              nodeId,
-              warningText,
-            } satisfies ExecToolDetails),
-    };
+    return execHostShared.buildExecApprovalPendingToolResult({
+      host: "node",
+      command: params.command,
+      cwd: params.workdir,
+      warningText,
+      approvalId,
+      approvalSlug,
+      expiresAtMs,
+      initiatingSurface,
+      sentApproverDms,
+      unavailableReason,
+      nodeId,
+    });
   }
 
   const startedAt = Date.now();
diff --git a/src/agents/bash-tools.exec-host-shared.ts b/src/agents/bash-tools.exec-host-shared.ts
index e62bc8d484a..a9adaff17ee 100644
--- a/src/agents/bash-tools.exec-host-shared.ts
+++ b/src/agents/bash-tools.exec-host-shared.ts
@@ -1,5 +1,7 @@
 import crypto from "node:crypto";
+import type { AgentToolResult } from "@mariozechner/pi-agent-core";
 import { loadConfig } from "../config/config.js";
+import { buildExecApprovalUnavailableReplyPayload } from "../infra/exec-approval-reply.js";
 import {
   hasConfiguredExecApprovalDmRoute,
   type ExecApprovalInitiatingSurfaceState,
@@ -12,11 +14,14 @@ import {
   type ExecAsk,
   type ExecSecurity,
 } from "../infra/exec-approvals.js";
+import { sendExecApprovalFollowup } from "./bash-tools.exec-approval-followup.js";
 import {
   type ExecApprovalRegistration,
   resolveRegisteredExecApprovalDecision,
 } from "./bash-tools.exec-approval-request.js";
+import { buildApprovalPendingMessage } from "./bash-tools.exec-runtime.js";
 import { DEFAULT_APPROVAL_TIMEOUT_MS } from "./bash-tools.exec-runtime.js";
+import type { ExecToolDetails } from "./bash-tools.exec-types.js";
 
 type ResolvedExecApprovals = ReturnType<typeof resolveExecApprovals>;
 
@@ -53,6 +58,23 @@ export type RegisteredExecApprovalRequestContext = {
   unavailableReason: ExecApprovalUnavailableReason | null;
 };
 
+export type ExecApprovalFollowupTarget = {
+  approvalId: string;
+  sessionKey?: string;
+  turnSourceChannel?: string;
+  turnSourceTo?: string;
+  turnSourceAccountId?: string;
+  turnSourceThreadId?: string | number;
+};
+
+export type DefaultExecApprovalRequestArgs = {
+  warnings: string[];
+  approvalRunningNoticeMs: number;
+  createApprovalSlug: (approvalId: string) => string;
+  turnSourceChannel?: string;
+  turnSourceAccountId?: string;
+};
+
 export function createExecApprovalPendingState(params: {
   warnings: string[];
   timeoutMs: number;
@@ -257,3 +279,123 @@ export async function createAndRegisterDefaultExecApprovalRequest(params: {
     unavailableReason,
   };
 }
+
+export function buildDefaultExecApprovalRequestArgs(
+  params: DefaultExecApprovalRequestArgs,
+): DefaultExecApprovalRequestArgs {
+  return {
+    warnings: params.warnings,
+    approvalRunningNoticeMs: params.approvalRunningNoticeMs,
+    createApprovalSlug: params.createApprovalSlug,
+    turnSourceChannel: params.turnSourceChannel,
+    turnSourceAccountId: params.turnSourceAccountId,
+  };
+}
+
+export function buildExecApprovalFollowupTarget(
+  params: ExecApprovalFollowupTarget,
+): ExecApprovalFollowupTarget {
+  return {
+    approvalId: params.approvalId,
+    sessionKey: params.sessionKey,
+    turnSourceChannel: params.turnSourceChannel,
+    turnSourceTo: params.turnSourceTo,
+    turnSourceAccountId: params.turnSourceAccountId,
+    turnSourceThreadId: params.turnSourceThreadId,
+  };
+}
+
+export function createExecApprovalDecisionState(params: {
+  decision: string | null | undefined;
+  askFallback: ResolvedExecApprovals["agent"]["askFallback"];
+  obfuscationDetected: boolean;
+}) {
+  const baseDecision = resolveBaseExecApprovalDecision({
+    decision: params.decision ?? null,
+    askFallback: params.askFallback,
+    obfuscationDetected: params.obfuscationDetected,
+  });
+  return {
+    baseDecision,
+    approvedByAsk: baseDecision.approvedByAsk,
+    deniedReason: baseDecision.deniedReason,
+  };
+}
+
+export async function sendExecApprovalFollowupResult(
+  target: ExecApprovalFollowupTarget,
+  resultText: string,
+): Promise<void> {
+  await sendExecApprovalFollowup({
+    approvalId: target.approvalId,
+    sessionKey: target.sessionKey,
+    turnSourceChannel: target.turnSourceChannel,
+    turnSourceTo: target.turnSourceTo,
+    turnSourceAccountId: target.turnSourceAccountId,
+    turnSourceThreadId: target.turnSourceThreadId,
+    resultText,
+  }).catch(() => {});
+}
+
+export function buildExecApprovalPendingToolResult(params: {
+  host: "gateway" | "node";
+  command: string;
+  cwd: string;
+  warningText: string;
+  approvalId: string;
+  approvalSlug: string;
+  expiresAtMs: number;
+  initiatingSurface: ExecApprovalInitiatingSurfaceState;
+  sentApproverDms: boolean;
+  unavailableReason: ExecApprovalUnavailableReason | null;
+  nodeId?: string;
+}): AgentToolResult<ExecToolDetails> {
+  return {
+    content: [
+      {
+        type: "text",
+        text:
+          params.unavailableReason !== null
+            ? (buildExecApprovalUnavailableReplyPayload({
+                warningText: params.warningText,
+                reason: params.unavailableReason,
+                channelLabel: params.initiatingSurface.channelLabel,
+                sentApproverDms: params.sentApproverDms,
+              }).text ?? "")
+            : buildApprovalPendingMessage({
+                warningText: params.warningText,
+                approvalSlug: params.approvalSlug,
+                approvalId: params.approvalId,
+                command: params.command,
+                cwd: params.cwd,
+                host: params.host,
+                nodeId: params.nodeId,
+              }),
+      },
+    ],
+    details:
+      params.unavailableReason !== null
+        ? ({
+            status: "approval-unavailable",
+            reason: params.unavailableReason,
+            channelLabel: params.initiatingSurface.channelLabel,
+            sentApproverDms: params.sentApproverDms,
+            host: params.host,
+            command: params.command,
+            cwd: params.cwd,
+            nodeId: params.nodeId,
+            warningText: params.warningText,
+          } satisfies ExecToolDetails)
+        : ({
+            status: "approval-pending",
+            approvalId: params.approvalId,
+            approvalSlug: params.approvalSlug,
+            expiresAtMs: params.expiresAtMs,
+            host: params.host,
+            command: params.command,
+            cwd: params.cwd,
+            nodeId: params.nodeId,
+            warningText: params.warningText,
+          } satisfies ExecToolDetails),
+  };
+}
diff --git a/src/agents/btw.test.ts b/src/agents/btw.test.ts
new file mode 100644
index 00000000000..b9f3a9c19f1
--- /dev/null
+++ b/src/agents/btw.test.ts
@@ -0,0 +1,774 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import type { SessionEntry } from "../config/sessions.js";
+
+const streamSimpleMock = vi.fn();
+const buildSessionContextMock = vi.fn();
+const getLeafEntryMock = vi.fn();
+const branchMock = vi.fn();
+const resetLeafMock = vi.fn();
+const ensureOpenClawModelsJsonMock = vi.fn();
+const discoverAuthStorageMock = vi.fn();
+const discoverModelsMock = vi.fn();
+const resolveModelWithRegistryMock = vi.fn();
+const getApiKeyForModelMock = vi.fn();
+const requireApiKeyMock = vi.fn();
+const resolveSessionAuthProfileOverrideMock = vi.fn();
+const getActiveEmbeddedRunSnapshotMock = vi.fn();
+const diagDebugMock = vi.fn();
+
+vi.mock("@mariozechner/pi-ai", () => ({
+  streamSimple: (...args: unknown[]) => streamSimpleMock(...args),
+}));
+
+vi.mock("@mariozechner/pi-coding-agent", () => ({
+  SessionManager: {
+    open: () => ({
+      getLeafEntry: getLeafEntryMock,
+      branch: branchMock,
+      resetLeaf: resetLeafMock,
+      buildSessionContext: buildSessionContextMock,
+    }),
+  },
+}));
+
+vi.mock("./models-config.js", () => ({
+  ensureOpenClawModelsJson: (...args: unknown[]) => ensureOpenClawModelsJsonMock(...args),
+}));
+
+vi.mock("./pi-model-discovery.js", () => ({
+  discoverAuthStorage: (...args: unknown[]) => discoverAuthStorageMock(...args),
+  discoverModels: (...args: unknown[]) => discoverModelsMock(...args),
+}));
+
+vi.mock("./pi-embedded-runner/model.js", () => ({
+  resolveModelWithRegistry: (...args: unknown[]) => resolveModelWithRegistryMock(...args),
+}));
+
+vi.mock("./model-auth.js", () => ({
+  getApiKeyForModel: (...args: unknown[]) => getApiKeyForModelMock(...args),
+  requireApiKey: (...args: unknown[]) => requireApiKeyMock(...args),
+}));
+
+vi.mock("./pi-embedded-runner/runs.js", () => ({
+  getActiveEmbeddedRunSnapshot: (...args: unknown[]) => getActiveEmbeddedRunSnapshotMock(...args),
+}));
+
+vi.mock("./auth-profiles/session-override.js", () => ({
+  resolveSessionAuthProfileOverride: (...args: unknown[]) =>
+    resolveSessionAuthProfileOverrideMock(...args),
+}));
+
+vi.mock("../logging/diagnostic.js", () => ({
+  diagnosticLogger: {
+    debug: (...args: unknown[]) => diagDebugMock(...args),
+  },
+}));
+
+const { runBtwSideQuestion } = await import("./btw.js");
+
+function makeAsyncEvents(events: unknown[]) {
+  return {
+    async *[Symbol.asyncIterator]() {
+      for (const event of events) {
+        yield event;
+      }
+    },
+  };
+}
+
+function createSessionEntry(overrides: Partial<SessionEntry> = {}): SessionEntry {
+  return {
+    sessionId: "session-1",
+    sessionFile: "session-1.jsonl",
+    updatedAt: Date.now(),
+    ...overrides,
+  };
+}
+
+describe("runBtwSideQuestion", () => {
+  beforeEach(() => {
+    streamSimpleMock.mockReset();
+    buildSessionContextMock.mockReset();
+    getLeafEntryMock.mockReset();
+    branchMock.mockReset();
+    resetLeafMock.mockReset();
+    ensureOpenClawModelsJsonMock.mockReset();
+    discoverAuthStorageMock.mockReset();
+    discoverModelsMock.mockReset();
+    resolveModelWithRegistryMock.mockReset();
+    getApiKeyForModelMock.mockReset();
+    requireApiKeyMock.mockReset();
+    resolveSessionAuthProfileOverrideMock.mockReset();
+    getActiveEmbeddedRunSnapshotMock.mockReset();
+    diagDebugMock.mockReset();
+
+    buildSessionContextMock.mockReturnValue({
+      messages: [{ role: "user", content: [{ type: "text", text: "hi" }], timestamp: 1 }],
+    });
+    getLeafEntryMock.mockReturnValue(null);
+    resolveModelWithRegistryMock.mockReturnValue({
+      provider: "anthropic",
+      id: "claude-sonnet-4-5",
+      api: "anthropic-messages",
+    });
+    getApiKeyForModelMock.mockResolvedValue({ apiKey: "secret", mode: "api-key", source: "test" });
+    requireApiKeyMock.mockReturnValue("secret");
+    resolveSessionAuthProfileOverrideMock.mockResolvedValue("profile-1");
+    getActiveEmbeddedRunSnapshotMock.mockReturnValue(undefined);
+  });
+
+  it("streams blocks without persisting BTW data to disk", async () => {
+    const onBlockReply = vi.fn().mockResolvedValue(undefined);
+    streamSimpleMock.mockReturnValue(
+      makeAsyncEvents([
+        {
+          type: "text_delta",
+          delta: "Side answer.",
+          partial: {
+            role: "assistant",
+            content: [],
+            provider: "anthropic",
+            model: "claude-sonnet-4-5",
+          },
+        },
+        {
+          type: "text_end",
+          content: "Side answer.",
+          contentIndex: 0,
+          partial: {
+            role: "assistant",
+            content: [],
+            provider: "anthropic",
+            model: "claude-sonnet-4-5",
+          },
+        },
+        {
+          type: "done",
+          reason: "stop",
+          message: {
+            role: "assistant",
+            content: [{ type: "text", text: "Side answer." }],
+            provider: "anthropic",
+            api: "anthropic-messages",
+            model: "claude-sonnet-4-5",
+            stopReason: "stop",
+            usage: {
+              input: 1,
+              output: 2,
+              cacheRead: 0,
+              cacheWrite: 0,
+              totalTokens: 3,
+              cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
+            },
+            timestamp: Date.now(),
+          },
+        },
+      ]),
+    );
+
+    const result = await runBtwSideQuestion({
+      cfg: {} as never,
+      agentDir: "/tmp/agent",
+      provider: "anthropic",
+      model: "claude-sonnet-4-5",
+      question: "What changed?",
+      sessionEntry: createSessionEntry(),
+      sessionStore: {},
+      sessionKey: "agent:main:main",
+      storePath: "/tmp/sessions.json",
+      resolvedThinkLevel: "low",
+      resolvedReasoningLevel: "off",
+      blockReplyChunking: {
+        minChars: 1,
+        maxChars: 200,
+        breakPreference: "paragraph",
+      },
+      resolvedBlockStreamingBreak: "text_end",
+      opts: { onBlockReply },
+      isNewSession: false,
+    });
+
+    expect(result).toBeUndefined();
+    expect(onBlockReply).toHaveBeenCalledWith({
+      text: "Side answer.",
+      btw: { question: "What changed?" },
+    });
+  });
+
+  it("returns a final payload when block streaming is unavailable", async () => {
+    streamSimpleMock.mockReturnValue(
+      makeAsyncEvents([
+        {
+          type: "done",
+          reason: "stop",
+          message: {
+            role: "assistant",
+            content: [{ type: "text", text: "Final answer." }],
+            provider: "anthropic",
+            api: "anthropic-messages",
+            model: "claude-sonnet-4-5",
+            stopReason: "stop",
+            usage: {
+              input: 1,
+              output: 2,
+              cacheRead: 0,
+              cacheWrite: 0,
+              totalTokens: 3,
+              cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
+            },
+            timestamp: Date.now(),
+          },
+        },
+      ]),
+    );
+
+    const result = await runBtwSideQuestion({
+      cfg: {} as never,
+      agentDir: "/tmp/agent",
+      provider: "anthropic",
+      model: "claude-sonnet-4-5",
+      question: "What changed?",
+      sessionEntry: createSessionEntry(),
+      resolvedReasoningLevel: "off",
+      opts: {},
+      isNewSession: false,
+    });
+
+    expect(result).toEqual({ text: "Final answer." });
+  });
+
+  it("fails when the current branch has no messages", async () => {
+    buildSessionContextMock.mockReturnValue({ messages: [] });
+    streamSimpleMock.mockReturnValue(makeAsyncEvents([]));
+
+    await expect(
+      runBtwSideQuestion({
+        cfg: {} as never,
+        agentDir: "/tmp/agent",
+        provider: "anthropic",
+        model: "claude-sonnet-4-5",
+        question: "What changed?",
+        sessionEntry: createSessionEntry(),
+        resolvedReasoningLevel: "off",
+        opts: {},
+        isNewSession: false,
+      }),
+    ).rejects.toThrow("No active session context.");
+  });
+
+  it("uses active-run snapshot messages for BTW context while the main run is in flight", async () => {
+    buildSessionContextMock.mockReturnValue({ messages: [] });
+    getActiveEmbeddedRunSnapshotMock.mockReturnValue({
+      transcriptLeafId: "assistant-1",
+      messages: [
+        {
+          role: "user",
+          content: [
+            { type: "text", text: "write some things then wait 30 seconds and write more" },
+          ],
+          timestamp: 1,
+        },
+      ],
+    });
+    streamSimpleMock.mockReturnValue(
+      makeAsyncEvents([
+        {
+          type: "done",
+          reason: "stop",
+          message: {
+            role: "assistant",
+            content: [{ type: "text", text: "323" }],
+            provider: "anthropic",
+            api: "anthropic-messages",
+            model: "claude-sonnet-4-5",
+            stopReason: "stop",
+            usage: {
+              input: 1,
+              output: 2,
+              cacheRead: 0,
+              cacheWrite: 0,
+              totalTokens: 3,
+              cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
+            },
+            timestamp: Date.now(),
+          },
+        },
+      ]),
+    );
+
+    const result = await runBtwSideQuestion({
+      cfg: {} as never,
+      agentDir: "/tmp/agent",
+      provider: "anthropic",
+      model: "claude-sonnet-4-5",
+      question: "What is 17 * 19?",
+      sessionEntry: createSessionEntry(),
+      resolvedReasoningLevel: "off",
+      opts: {},
+      isNewSession: false,
+    });
+
+    expect(result).toEqual({ text: "323" });
+    expect(streamSimpleMock).toHaveBeenCalledWith(
+      expect.anything(),
+      expect.objectContaining({
+        systemPrompt: expect.stringContaining("ephemeral /btw side question"),
+        messages: expect.arrayContaining([
+          expect.objectContaining({ role: "user" }),
+          expect.objectContaining({
+            role: "user",
+            content: [
+              {
+                type: "text",
+                text: expect.stringContaining(
+                  "<btw_side_question>\nWhat is 17 * 19?\n</btw_side_question>",
+                ),
+              },
+            ],
+          }),
+        ]),
+      }),
+      expect.anything(),
+    );
+  });
+
+  it("uses the in-flight prompt as background only when there is no prior transcript context", async () => {
+    buildSessionContextMock.mockReturnValue({ messages: [] });
+    getActiveEmbeddedRunSnapshotMock.mockReturnValue({
+      transcriptLeafId: null,
+      messages: [],
+      inFlightPrompt: "build me a tic-tac-toe game in brainfuck",
+    });
+    streamSimpleMock.mockReturnValue(
+      makeAsyncEvents([
+        {
+          type: "done",
+          reason: "stop",
+          message: {
+            role: "assistant",
+            content: [{ type: "text", text: "You're building a tic-tac-toe game in Brainfuck." }],
+            provider: "anthropic",
+            api: "anthropic-messages",
+            model: "claude-sonnet-4-5",
+            stopReason: "stop",
+            usage: {
+              input: 1,
+              output: 2,
+              cacheRead: 0,
+              cacheWrite: 0,
+              totalTokens: 3,
+              cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
+            },
+            timestamp: Date.now(),
+          },
+        },
+      ]),
+    );
+
+    const result = await runBtwSideQuestion({
+      cfg: {} as never,
+      agentDir: "/tmp/agent",
+      provider: "anthropic",
+      model: "claude-sonnet-4-5",
+      question: "what are we doing?",
+      sessionEntry: createSessionEntry(),
+      resolvedReasoningLevel: "off",
+      opts: {},
+      isNewSession: false,
+    });
+
+    expect(result).toEqual({ text: "You're building a tic-tac-toe game in Brainfuck." });
+    expect(streamSimpleMock).toHaveBeenCalledWith(
+      expect.anything(),
+      expect.objectContaining({
+        messages: [
+          expect.objectContaining({
+            role: "user",
+            content: [
+              {
+                type: "text",
+                text: expect.stringContaining(
+                  "<in_flight_main_task>\nbuild me a tic-tac-toe game in brainfuck\n</in_flight_main_task>",
+                ),
+              },
+            ],
+          }),
+        ],
+      }),
+      expect.anything(),
+    );
+  });
+
+  it("wraps the side question so the model does not treat it as a main-task continuation", async () => {
+    streamSimpleMock.mockReturnValue(
+      makeAsyncEvents([
+        {
+          type: "done",
+          reason: "stop",
+          message: {
+            role: "assistant",
+            content: [{ type: "text", text: "About 93 million miles." }],
+            provider: "anthropic",
+            api: "anthropic-messages",
+            model: "claude-sonnet-4-5",
+            stopReason: "stop",
+            usage: {
+              input: 1,
+              output: 2,
+              cacheRead: 0,
+              cacheWrite: 0,
+              totalTokens: 3,
+              cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
+            },
+            timestamp: Date.now(),
+          },
+        },
+      ]),
+    );
+
+    await runBtwSideQuestion({
+      cfg: {} as never,
+      agentDir: "/tmp/agent",
+      provider: "anthropic",
+      model: "claude-sonnet-4-5",
+      question: "what is the distance to the sun?",
+      sessionEntry: createSessionEntry(),
+      resolvedReasoningLevel: "off",
+      opts: {},
+      isNewSession: false,
+    });
+
+    const [, context] = streamSimpleMock.mock.calls[0] ?? [];
+    expect(context).toMatchObject({
+      systemPrompt: expect.stringContaining(
+        "Do not continue, resume, or complete any unfinished task",
+      ),
+    });
+    expect(context).toMatchObject({
+      messages: expect.arrayContaining([
+        expect.objectContaining({
+          role: "user",
+          content: [
+            {
+              type: "text",
+              text: expect.stringContaining(
+                "Ignore any unfinished task in the conversation while answering it.",
+              ),
+            },
+          ],
+        }),
+      ]),
+    });
+  });
+
+  it("branches away from an unresolved trailing user turn before building BTW context", async () => {
+    getLeafEntryMock.mockReturnValue({
+      type: "message",
+      parentId: "assistant-1",
+      message: { role: "user" },
+    });
+    streamSimpleMock.mockReturnValue(
+      makeAsyncEvents([
+        {
+          type: "done",
+          reason: "stop",
+          message: {
+            role: "assistant",
+            content: [{ type: "text", text: "323" }],
+            provider: "anthropic",
+            api: "anthropic-messages",
+            model: "claude-sonnet-4-5",
+            stopReason: "stop",
+            usage: {
+              input: 1,
+              output: 2,
+              cacheRead: 0,
+              cacheWrite: 0,
+              totalTokens: 3,
+              cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
+            },
+            timestamp: Date.now(),
+          },
+        },
+      ]),
+    );
+
+    const result = await runBtwSideQuestion({
+      cfg: {} as never,
+      agentDir: "/tmp/agent",
+      provider: "anthropic",
+      model: "claude-sonnet-4-5",
+      question: "What is 17 * 19?",
+      sessionEntry: createSessionEntry(),
+      resolvedReasoningLevel: "off",
+      opts: {},
+      isNewSession: false,
+    });
+
+    expect(branchMock).toHaveBeenCalledWith("assistant-1");
+    expect(resetLeafMock).not.toHaveBeenCalled();
+    expect(buildSessionContextMock).toHaveBeenCalledTimes(1);
+    expect(result).toEqual({ text: "323" });
+  });
+
+  it("branches to the active run snapshot leaf when the session is busy", async () => {
+    getActiveEmbeddedRunSnapshotMock.mockReturnValue({
+      transcriptLeafId: "assistant-seed",
+    });
+    streamSimpleMock.mockReturnValue(
+      makeAsyncEvents([
+        {
+          type: "done",
+          reason: "stop",
+          message: {
+            role: "assistant",
+            content: [{ type: "text", text: "323" }],
+            provider: "anthropic",
+            api: "anthropic-messages",
+            model: "claude-sonnet-4-5",
+            stopReason: "stop",
+            usage: {
+              input: 1,
+              output: 2,
+              cacheRead: 0,
+              cacheWrite: 0,
+              totalTokens: 3,
+              cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
+            },
+            timestamp: Date.now(),
+          },
+        },
+      ]),
+    );
+
+    const result = await runBtwSideQuestion({
+      cfg: {} as never,
+      agentDir: "/tmp/agent",
+      provider: "anthropic",
+      model: "claude-sonnet-4-5",
+      question: "What is 17 * 19?",
+      sessionEntry: createSessionEntry(),
+      resolvedReasoningLevel: "off",
+      opts: {},
+      isNewSession: false,
+    });
+
+    expect(branchMock).toHaveBeenCalledWith("assistant-seed");
+    expect(getLeafEntryMock).not.toHaveBeenCalled();
+    expect(result).toEqual({ text: "323" });
+  });
+
+  it("falls back when the active run snapshot leaf no longer exists", async () => {
+    getActiveEmbeddedRunSnapshotMock.mockReturnValue({
+      transcriptLeafId: "assistant-gone",
+    });
+    branchMock.mockImplementationOnce(() => {
+      throw new Error("Entry 3235c7c4 not found");
+    });
+    streamSimpleMock.mockReturnValue(
+      makeAsyncEvents([
+        {
+          type: "done",
+          reason: "stop",
+          message: {
+            role: "assistant",
+            content: [{ type: "text", text: "323" }],
+            provider: "anthropic",
+            api: "anthropic-messages",
+            model: "claude-sonnet-4-5",
+            stopReason: "stop",
+            usage: {
+              input: 1,
+              output: 2,
+              cacheRead: 0,
+              cacheWrite: 0,
+              totalTokens: 3,
+              cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
+            },
+            timestamp: Date.now(),
+          },
+        },
+      ]),
+    );
+
+    const result = await runBtwSideQuestion({
+      cfg: {} as never,
+      agentDir: "/tmp/agent",
+      provider: "anthropic",
+      model: "claude-sonnet-4-5",
+      question: "What is 17 * 19?",
+      sessionEntry: createSessionEntry(),
+      resolvedReasoningLevel: "off",
+      opts: {},
+      isNewSession: false,
+    });
+
+    expect(branchMock).toHaveBeenCalledWith("assistant-gone");
+    expect(resetLeafMock).toHaveBeenCalled();
+    expect(result).toEqual({ text: "323" });
+    expect(diagDebugMock).toHaveBeenCalledWith(
+      expect.stringContaining("btw snapshot leaf unavailable: sessionId=session-1"),
+    );
+  });
+
+  it("returns the BTW answer without appending transcript custom entries", async () => {
+    streamSimpleMock.mockReturnValue(
+      makeAsyncEvents([
+        {
+          type: "done",
+          reason: "stop",
+          message: {
+            role: "assistant",
+            content: [{ type: "text", text: "323" }],
+            provider: "anthropic",
+            api: "anthropic-messages",
+            model: "claude-sonnet-4-5",
+            stopReason: "stop",
+            usage: {
+              input: 1,
+              output: 2,
+              cacheRead: 0,
+              cacheWrite: 0,
+              totalTokens: 3,
+              cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
+            },
+            timestamp: Date.now(),
+          },
+        },
+      ]),
+    );
+
+    const result = await runBtwSideQuestion({
+      cfg: {} as never,
+      agentDir: "/tmp/agent",
+      provider: "anthropic",
+      model: "claude-sonnet-4-5",
+      question: "What is 17 * 19?",
+      sessionEntry: createSessionEntry(),
+      resolvedReasoningLevel: "off",
+      opts: {},
+      isNewSession: false,
+    });
+
+    expect(result).toEqual({ text: "323" });
+    expect(buildSessionContextMock).toHaveBeenCalled();
+  });
+
+  it("does not log transcript persistence warnings because BTW no longer writes to disk", async () => {
+    streamSimpleMock.mockReturnValue(
+      makeAsyncEvents([
+        {
+          type: "done",
+          reason: "stop",
+          message: {
+            role: "assistant",
+            content: [{ type: "text", text: "323" }],
+            provider: "anthropic",
+            api: "anthropic-messages",
+            model: "claude-sonnet-4-5",
+            stopReason: "stop",
+            usage: {
+              input: 1,
+              output: 2,
+              cacheRead: 0,
+              cacheWrite: 0,
+              totalTokens: 3,
+              cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
+            },
+            timestamp: Date.now(),
+          },
+        },
+      ]),
+    );
+
+    const result = await runBtwSideQuestion({
+      cfg: {} as never,
+      agentDir: "/tmp/agent",
+      provider: "anthropic",
+      model: "claude-sonnet-4-5",
+      question: "What is 17 * 19?",
+      sessionEntry: createSessionEntry(),
+      resolvedReasoningLevel: "off",
+      opts: {},
+      isNewSession: false,
+    });
+
+    expect(result).toEqual({ text: "323" });
+    expect(diagDebugMock).not.toHaveBeenCalledWith(
+      expect.stringContaining("btw transcript persistence skipped"),
+    );
+  });
+
+  it("excludes tool results from BTW context to avoid replaying raw tool output", async () => {
+    getActiveEmbeddedRunSnapshotMock.mockReturnValue({
+      transcriptLeafId: "assistant-1",
+      messages: [
+        {
+          role: "user",
+          content: [{ type: "text", text: "seed" }],
+          timestamp: 1,
+        },
+        {
+          role: "toolResult",
+          content: [{ type: "text", text: "sensitive tool output" }],
+          details: { raw: "secret" },
+          timestamp: 2,
+        },
+        {
+          role: "assistant",
+          content: [{ type: "text", text: "done" }],
+          timestamp: 3,
+        },
+      ],
+    });
+    streamSimpleMock.mockReturnValue(
+      makeAsyncEvents([
+        {
+          type: "done",
+          reason: "stop",
+          message: {
+            role: "assistant",
+            content: [{ type: "text", text: "323" }],
+            provider: "anthropic",
+            api: "anthropic-messages",
+            model: "claude-sonnet-4-5",
+            stopReason: "stop",
+            usage: {
+              input: 1,
+              output: 2,
+              cacheRead: 0,
+              cacheWrite: 0,
+              totalTokens: 3,
+              cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, total: 0 },
+            },
+            timestamp: Date.now(),
+          },
+        },
+      ]),
+    );
+
+    await runBtwSideQuestion({
+      cfg: {} as never,
+      agentDir: "/tmp/agent",
+      provider: "anthropic",
+      model: "claude-sonnet-4-5",
+      question: "What is 17 * 19?",
+      sessionEntry: createSessionEntry(),
+      resolvedReasoningLevel: "off",
+      opts: {},
+      isNewSession: false,
+    });
+
+    const [, context] = streamSimpleMock.mock.calls[0] ?? [];
+    expect(context).toMatchObject({
+      messages: [
+        expect.objectContaining({ role: "user" }),
+        expect.objectContaining({ role: "assistant" }),
+        expect.objectContaining({ role: "user" }),
+      ],
+    });
+    expect((context as { messages?: Array<{ role?: string }> }).messages).not.toEqual(
+      expect.arrayContaining([expect.objectContaining({ role: "toolResult" })]),
+    );
+  });
+});
diff --git a/src/agents/btw.ts b/src/agents/btw.ts
new file mode 100644
index 00000000000..d0f494277b1
--- /dev/null
+++ b/src/agents/btw.ts
@@ -0,0 +1,391 @@
+import {
+  streamSimple,
+  type Api,
+  type AssistantMessageEvent,
+  type ThinkingLevel as SimpleThinkingLevel,
+  type Message,
+  type Model,
+} from "@mariozechner/pi-ai";
+import { SessionManager } from "@mariozechner/pi-coding-agent";
+import type { ReasoningLevel, ThinkLevel } from "../auto-reply/thinking.js";
+import type { GetReplyOptions, ReplyPayload } from "../auto-reply/types.js";
+import type { OpenClawConfig } from "../config/config.js";
+import {
+  resolveSessionFilePath,
+  resolveSessionFilePathOptions,
+  type SessionEntry,
+} from "../config/sessions.js";
+import { diagnosticLogger as diag } from "../logging/diagnostic.js";
+import { resolveSessionAuthProfileOverride } from "./auth-profiles/session-override.js";
+import { getApiKeyForModel, requireApiKey } from "./model-auth.js";
+import { ensureOpenClawModelsJson } from "./models-config.js";
+import { EmbeddedBlockChunker, type BlockReplyChunking } from "./pi-embedded-block-chunker.js";
+import { resolveModelWithRegistry } from "./pi-embedded-runner/model.js";
+import { getActiveEmbeddedRunSnapshot } from "./pi-embedded-runner/runs.js";
+import { mapThinkingLevel } from "./pi-embedded-runner/utils.js";
+import { discoverAuthStorage, discoverModels } from "./pi-model-discovery.js";
+import { stripToolResultDetails } from "./session-transcript-repair.js";
+
+type SessionManagerLike = {
+  getLeafEntry?: () => {
+    id?: string;
+    type?: string;
+    parentId?: string | null;
+    message?: { role?: string };
+  } | null;
+  branch?: (parentId: string) => void;
+  resetLeaf?: () => void;
+  buildSessionContext: () => { messages?: unknown[] };
+};
+
+function collectTextContent(content: Array<{ type?: string; text?: string }>): string {
+  return content
+    .filter((part): part is { type: "text"; text: string } => part.type === "text")
+    .map((part) => part.text)
+    .join("");
+}
+
+function collectThinkingContent(content: Array<{ type?: string; thinking?: string }>): string {
+  return content
+    .filter((part): part is { type: "thinking"; thinking: string } => part.type === "thinking")
+    .map((part) => part.thinking)
+    .join("");
+}
+
+function buildBtwSystemPrompt(): string {
+  return [
+    "You are answering an ephemeral /btw side question about the current conversation.",
+    "Use the conversation only as background context.",
+    "Answer only the side question in the last user message.",
+    "Do not continue, resume, or complete any unfinished task from the conversation.",
+    "Do not emit tool calls, pseudo-tool calls, shell commands, file writes, patches, or code unless the side question explicitly asks for them.",
+    "Do not say you will continue the main task after answering.",
+    "If the question can be answered briefly, answer briefly.",
+  ].join("\n");
+}
+
+function buildBtwQuestionPrompt(question: string, inFlightPrompt?: string): string {
+  const lines = [
+    "Answer this side question only.",
+    "Ignore any unfinished task in the conversation while answering it.",
+  ];
+  const trimmedPrompt = inFlightPrompt?.trim();
+  if (trimmedPrompt) {
+    lines.push(
+      "",
+      "Current in-flight main task request for background context only:",
+      "<in_flight_main_task>",
+      trimmedPrompt,
+      "</in_flight_main_task>",
+      "Do not continue or complete that task while answering the side question.",
+    );
+  }
+  lines.push("", "<btw_side_question>", question.trim(), "</btw_side_question>");
+  return lines.join("\n");
+}
+
+function toSimpleContextMessages(messages: unknown[]): Message[] {
+  const contextMessages = messages.filter((message): message is Message => {
+    if (!message || typeof message !== "object") {
+      return false;
+    }
+    const role = (message as { role?: unknown }).role;
+    return role === "user" || role === "assistant";
+  });
+  return stripToolResultDetails(
+    contextMessages as Parameters<typeof stripToolResultDetails>[0],
+  ) as Message[];
+}
+
+function resolveSimpleThinkingLevel(level?: ThinkLevel): SimpleThinkingLevel | undefined {
+  if (!level || level === "off") {
+    return undefined;
+  }
+  return mapThinkingLevel(level) as SimpleThinkingLevel;
+}
+
+function resolveSessionTranscriptPath(params: {
+  sessionId: string;
+  sessionEntry?: SessionEntry;
+  sessionKey?: string;
+  storePath?: string;
+}): string | undefined {
+  try {
+    const agentId = params.sessionKey?.split(":")[1];
+    const pathOpts = resolveSessionFilePathOptions({
+      agentId,
+      storePath: params.storePath,
+    });
+    return resolveSessionFilePath(params.sessionId, params.sessionEntry, pathOpts);
+  } catch (error) {
+    diag.debug(
+      `resolveSessionTranscriptPath failed: sessionId=${params.sessionId} err=${String(error)}`,
+    );
+    return undefined;
+  }
+}
+
+async function resolveRuntimeModel(params: {
+  cfg: OpenClawConfig;
+  provider: string;
+  model: string;
+  agentDir: string;
+  sessionEntry?: SessionEntry;
+  sessionStore?: Record<string, SessionEntry>;
+  sessionKey?: string;
+  storePath?: string;
+  isNewSession: boolean;
+}): Promise<{
+  model: Model<Api>;
+  authProfileId?: string;
+  authProfileIdSource?: "auto" | "user";
+}> {
+  await ensureOpenClawModelsJson(params.cfg, params.agentDir);
+  const authStorage = discoverAuthStorage(params.agentDir);
+  const modelRegistry = discoverModels(authStorage, params.agentDir);
+  const model = resolveModelWithRegistry({
+    provider: params.provider,
+    modelId: params.model,
+    modelRegistry,
+    cfg: params.cfg,
+  });
+  if (!model) {
+    throw new Error(`Unknown model: ${params.provider}/${params.model}`);
+  }
+
+  const authProfileId = await resolveSessionAuthProfileOverride({
+    cfg: params.cfg,
+    provider: params.provider,
+    agentDir: params.agentDir,
+    sessionEntry: params.sessionEntry,
+    sessionStore: params.sessionStore,
+    sessionKey: params.sessionKey,
+    storePath: params.storePath,
+    isNewSession: params.isNewSession,
+  });
+  return {
+    model,
+    authProfileId,
+    authProfileIdSource: params.sessionEntry?.authProfileOverrideSource,
+  };
+}
+
+type RunBtwSideQuestionParams = {
+  cfg: OpenClawConfig;
+  agentDir: string;
+  provider: string;
+  model: string;
+  question: string;
+  sessionEntry: SessionEntry;
+  sessionStore?: Record<string, SessionEntry>;
+  sessionKey?: string;
+  storePath?: string;
+  resolvedThinkLevel?: ThinkLevel;
+  resolvedReasoningLevel: ReasoningLevel;
+  blockReplyChunking?: BlockReplyChunking;
+  resolvedBlockStreamingBreak?: "text_end" | "message_end";
+  opts?: GetReplyOptions;
+  isNewSession: boolean;
+};
+
+export async function runBtwSideQuestion(
+  params: RunBtwSideQuestionParams,
+): Promise<ReplyPayload | undefined> {
+  const sessionId = params.sessionEntry.sessionId?.trim();
+  if (!sessionId) {
+    throw new Error("No active session context.");
+  }
+
+  const sessionFile = resolveSessionTranscriptPath({
+    sessionId,
+    sessionEntry: params.sessionEntry,
+    sessionKey: params.sessionKey,
+    storePath: params.storePath,
+  });
+  if (!sessionFile) {
+    throw new Error("No active session transcript.");
+  }
+
+  const sessionManager = SessionManager.open(sessionFile) as SessionManagerLike;
+  const activeRunSnapshot = getActiveEmbeddedRunSnapshot(sessionId);
+  let messages: Message[] = [];
+  let inFlightPrompt: string | undefined;
+  if (Array.isArray(activeRunSnapshot?.messages) && activeRunSnapshot.messages.length > 0) {
+    messages = toSimpleContextMessages(activeRunSnapshot.messages);
+    inFlightPrompt = activeRunSnapshot.inFlightPrompt;
+  } else if (activeRunSnapshot) {
+    inFlightPrompt = activeRunSnapshot.inFlightPrompt;
+    if (activeRunSnapshot.transcriptLeafId && sessionManager.branch) {
+      try {
+        sessionManager.branch(activeRunSnapshot.transcriptLeafId);
+      } catch (error) {
+        diag.debug(
+          `btw snapshot leaf unavailable: sessionId=${sessionId} leaf=${activeRunSnapshot.transcriptLeafId} err=${String(error)}`,
+        );
+        sessionManager.resetLeaf?.();
+      }
+    } else {
+      sessionManager.resetLeaf?.();
+    }
+  } else {
+    const leafEntry = sessionManager.getLeafEntry?.();
+    if (leafEntry?.type === "message" && leafEntry.message?.role === "user") {
+      if (leafEntry.parentId && sessionManager.branch) {
+        sessionManager.branch(leafEntry.parentId);
+      } else {
+        sessionManager.resetLeaf?.();
+      }
+    }
+  }
+  if (messages.length === 0) {
+    const sessionContext = sessionManager.buildSessionContext();
+    messages = toSimpleContextMessages(
+      Array.isArray(sessionContext.messages) ? sessionContext.messages : [],
+    );
+  }
+  if (messages.length === 0 && !inFlightPrompt?.trim()) {
+    throw new Error("No active session context.");
+  }
+
+  const { model, authProfileId } = await resolveRuntimeModel({
+    cfg: params.cfg,
+    provider: params.provider,
+    model: params.model,
+    agentDir: params.agentDir,
+    sessionEntry: params.sessionEntry,
+    sessionStore: params.sessionStore,
+    sessionKey: params.sessionKey,
+    storePath: params.storePath,
+    isNewSession: params.isNewSession,
+  });
+  const apiKeyInfo = await getApiKeyForModel({
+    model,
+    cfg: params.cfg,
+    profileId: authProfileId,
+    agentDir: params.agentDir,
+  });
+  const apiKey = requireApiKey(apiKeyInfo, model.provider);
+
+  const chunker =
+    params.opts?.onBlockReply && params.blockReplyChunking
+      ? new EmbeddedBlockChunker(params.blockReplyChunking)
+      : undefined;
+  let emittedBlocks = 0;
+  let blockEmitChain: Promise<void> = Promise.resolve();
+  let answerText = "";
+  let reasoningText = "";
+  let assistantStarted = false;
+  let sawTextEvent = false;
+
+  const emitBlockChunk = async (text: string) => {
+    const trimmed = text.trim();
+    if (!trimmed || !params.opts?.onBlockReply) {
+      return;
+    }
+    emittedBlocks += 1;
+    blockEmitChain = blockEmitChain.then(async () => {
+      await params.opts?.onBlockReply?.({
+        text,
+        btw: { question: params.question },
+      });
+    });
+    await blockEmitChain;
+  };
+
+  const stream = streamSimple(
+    model,
+    {
+      systemPrompt: buildBtwSystemPrompt(),
+      messages: [
+        ...messages,
+        {
+          role: "user",
+          content: [
+            {
+              type: "text",
+              text: buildBtwQuestionPrompt(params.question, inFlightPrompt),
+            },
+          ],
+          timestamp: Date.now(),
+        },
+      ],
+    },
+    {
+      apiKey,
+      reasoning: resolveSimpleThinkingLevel(params.resolvedThinkLevel),
+      signal: params.opts?.abortSignal,
+    },
+  );
+
+  let finalEvent:
+    | Extract<AssistantMessageEvent, { type: "done" }>
+    | Extract<AssistantMessageEvent, { type: "error" }>
+    | undefined;
+
+  for await (const event of stream) {
+    finalEvent = event.type === "done" || event.type === "error" ? event : finalEvent;
+
+    if (!assistantStarted && (event.type === "text_start" || event.type === "start")) {
+      assistantStarted = true;
+      await params.opts?.onAssistantMessageStart?.();
+    }
+
+    if (event.type === "text_delta") {
+      sawTextEvent = true;
+      answerText += event.delta;
+      chunker?.append(event.delta);
+      if (chunker && params.resolvedBlockStreamingBreak === "text_end") {
+        chunker.drain({ force: false, emit: (chunk) => void emitBlockChunk(chunk) });
+      }
+      continue;
+    }
+
+    if (event.type === "text_end" && chunker && params.resolvedBlockStreamingBreak === "text_end") {
+      chunker.drain({ force: true, emit: (chunk) => void emitBlockChunk(chunk) });
+      continue;
+    }
+
+    if (event.type === "thinking_delta") {
+      reasoningText += event.delta;
+      if (params.resolvedReasoningLevel !== "off") {
+        await params.opts?.onReasoningStream?.({ text: reasoningText, isReasoning: true });
+      }
+      continue;
+    }
+
+    if (event.type === "thinking_end" && params.resolvedReasoningLevel !== "off") {
+      await params.opts?.onReasoningEnd?.();
+    }
+  }
+
+  if (chunker && params.resolvedBlockStreamingBreak !== "text_end" && chunker.hasBuffered()) {
+    chunker.drain({ force: true, emit: (chunk) => void emitBlockChunk(chunk) });
+  }
+  await blockEmitChain;
+
+  if (finalEvent?.type === "error") {
+    const message = collectTextContent(finalEvent.error.content);
+    throw new Error(message || finalEvent.error.errorMessage || "BTW failed.");
+  }
+
+  const finalMessage = finalEvent?.type === "done" ? finalEvent.message : undefined;
+  if (finalMessage) {
+    if (!sawTextEvent) {
+      answerText = collectTextContent(finalMessage.content);
+    }
+    if (!reasoningText) {
+      reasoningText = collectThinkingContent(finalMessage.content);
+    }
+  }
+
+  const answer = answerText.trim();
+  if (!answer) {
+    throw new Error("No BTW response generated.");
+  }
+
+  if (emittedBlocks > 0) {
+    return undefined;
+  }
+
+  return { text: answer };
+}
diff --git a/src/agents/context.lookup.test.ts b/src/agents/context.lookup.test.ts
index 428d47759bc..a395f0b3089 100644
--- a/src/agents/context.lookup.test.ts
+++ b/src/agents/context.lookup.test.ts
@@ -1,8 +1,13 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
 
-function mockContextModuleDeps(loadConfigImpl: () => unknown) {
+type DiscoveredModel = { id: string; contextWindow: number };
+
+function mockContextDeps(params: {
+  loadConfig: () => unknown;
+  discoveredModels?: DiscoveredModel[];
+}) {
   vi.doMock("../config/config.js", () => ({
-    loadConfig: loadConfigImpl,
+    loadConfig: params.loadConfig,
   }));
   vi.doMock("./models-config.js", () => ({
     ensureOpenClawModelsJson: vi.fn(async () => {}),
@@ -13,29 +18,42 @@ function mockContextModuleDeps(loadConfigImpl: () => unknown) {
   vi.doMock("./pi-model-discovery.js", () => ({
     discoverAuthStorage: vi.fn(() => ({})),
     discoverModels: vi.fn(() => ({
-      getAll: () => [],
+      getAll: () => params.discoveredModels ?? [],
     })),
   }));
 }
 
+function mockContextModuleDeps(loadConfigImpl: () => unknown) {
+  mockContextDeps({ loadConfig: loadConfigImpl });
+}
+
 // Shared mock setup used by multiple tests.
 function mockDiscoveryDeps(
-  models: Array<{ id: string; contextWindow: number }>,
+  models: DiscoveredModel[],
   configModels?: Record<string, { models: Array<{ id: string; contextWindow: number }> }>,
 ) {
-  vi.doMock("../config/config.js", () => ({
+  mockContextDeps({
     loadConfig: () => ({ models: configModels ? { providers: configModels } : {} }),
-  }));
-  vi.doMock("./models-config.js", () => ({
-    ensureOpenClawModelsJson: vi.fn(async () => {}),
-  }));
-  vi.doMock("./agent-paths.js", () => ({
-    resolveOpenClawAgentDir: () => "/tmp/openclaw-agent",
-  }));
-  vi.doMock("./pi-model-discovery.js", () => ({
-    discoverAuthStorage: vi.fn(() => ({})),
-    discoverModels: vi.fn(() => ({ getAll: () => models })),
-  }));
+    discoveredModels: models,
+  });
+}
+
+function createContextOverrideConfig(provider: string, model: string, contextWindow: number) {
+  return {
+    models: {
+      providers: {
+        [provider]: {
+          models: [{ id: model, contextWindow }],
+        },
+      },
+    },
+  };
+}
+
+async function importResolveContextTokensForModel() {
+  const { resolveContextTokensForModel } = await import("./context.js");
+  await new Promise((r) => setTimeout(r, 0));
+  return resolveContextTokensForModel;
 }
 
 describe("lookupContextTokens", () => {
@@ -150,18 +168,8 @@ describe("lookupContextTokens", () => {
       { id: "google-gemini-cli/gemini-3.1-pro-preview", contextWindow: 1_048_576 },
     ]);
 
-    const cfg = {
-      models: {
-        providers: {
-          "google-gemini-cli": {
-            models: [{ id: "gemini-3.1-pro-preview", contextWindow: 200_000 }],
-          },
-        },
-      },
-    };
-
-    const { resolveContextTokensForModel } = await import("./context.js");
-    await new Promise((r) => setTimeout(r, 0));
+    const cfg = createContextOverrideConfig("google-gemini-cli", "gemini-3.1-pro-preview", 200_000);
+    const resolveContextTokensForModel = await importResolveContextTokensForModel();
 
     const result = resolveContextTokensForModel({
       cfg: cfg as never,
@@ -174,18 +182,8 @@ describe("lookupContextTokens", () => {
   it("resolveContextTokensForModel honors configured overrides when provider keys use mixed case", async () => {
     mockDiscoveryDeps([{ id: "openrouter/anthropic/claude-sonnet-4-5", contextWindow: 1_048_576 }]);
 
-    const cfg = {
-      models: {
-        providers: {
-          " OpenRouter ": {
-            models: [{ id: "anthropic/claude-sonnet-4-5", contextWindow: 200_000 }],
-          },
-        },
-      },
-    };
-
-    const { resolveContextTokensForModel } = await import("./context.js");
-    await new Promise((r) => setTimeout(r, 0));
+    const cfg = createContextOverrideConfig(" OpenRouter ", "anthropic/claude-sonnet-4-5", 200_000);
+    const resolveContextTokensForModel = await importResolveContextTokensForModel();
 
     const result = resolveContextTokensForModel({
       cfg: cfg as never,
@@ -202,16 +200,8 @@ describe("lookupContextTokens", () => {
     // Real callers (status.summary.ts) always pass cfg when provider is explicit.
     mockDiscoveryDeps([{ id: "google/gemini-2.5-pro", contextWindow: 999_000 }]);
 
-    const cfg = {
-      models: {
-        providers: {
-          google: { models: [{ id: "gemini-2.5-pro", contextWindow: 2_000_000 }] },
-        },
-      },
-    };
-
-    const { resolveContextTokensForModel } = await import("./context.js");
-    await new Promise((r) => setTimeout(r, 0));
+    const cfg = createContextOverrideConfig("google", "gemini-2.5-pro", 2_000_000);
+    const resolveContextTokensForModel = await importResolveContextTokensForModel();
 
     // Google with explicit cfg: config direct scan wins before any cache lookup.
     const googleResult = resolveContextTokensForModel({
@@ -272,16 +262,8 @@ describe("lookupContextTokens", () => {
     // window and misreport context limits for the OpenRouter session.
     mockDiscoveryDeps([{ id: "google/gemini-2.5-pro", contextWindow: 999_000 }]);
 
-    const cfg = {
-      models: {
-        providers: {
-          google: { models: [{ id: "gemini-2.5-pro", contextWindow: 2_000_000 }] },
-        },
-      },
-    };
-
-    const { resolveContextTokensForModel } = await import("./context.js");
-    await new Promise((r) => setTimeout(r, 0));
+    const cfg = createContextOverrideConfig("google", "gemini-2.5-pro", 2_000_000);
+    const resolveContextTokensForModel = await importResolveContextTokensForModel();
 
     // model-only call (no explicit provider) must NOT apply config direct scan.
     // Falls through to bare cache lookup: "google/gemini-2.5-pro" → 999k ✓.
diff --git a/src/agents/failover-error.test.ts b/src/agents/failover-error.test.ts
index 1ddd1d9ceef..38e3530f011 100644
--- a/src/agents/failover-error.test.ts
+++ b/src/agents/failover-error.test.ts
@@ -364,6 +364,23 @@ describe("failover-error", () => {
     expect(isTimeoutError(err)).toBe(true);
   });
 
+  it("classifies abort-wrapped RESOURCE_EXHAUSTED as rate_limit", () => {
+    const err = Object.assign(new Error("request aborted"), {
+      name: "AbortError",
+      cause: {
+        error: {
+          code: 429,
+          message: GEMINI_RESOURCE_EXHAUSTED_MESSAGE,
+          status: "RESOURCE_EXHAUSTED",
+        },
+      },
+    });
+
+    expect(resolveFailoverReasonFromError(err)).toBe("rate_limit");
+    expect(coerceToFailoverError(err)?.reason).toBe("rate_limit");
+    expect(coerceToFailoverError(err)?.status).toBe(429);
+  });
+
   it("coerces failover-worthy errors into FailoverError with metadata", () => {
     const err = coerceToFailoverError("credit balance too low", {
       provider: "anthropic",
diff --git a/src/agents/failover-error.ts b/src/agents/failover-error.ts
index 8c49df40acb..dd482310a2b 100644
--- a/src/agents/failover-error.ts
+++ b/src/agents/failover-error.ts
@@ -68,7 +68,30 @@ export function resolveFailoverStatus(reason: FailoverReason): number | undefine
   }
 }
 
-function getStatusCode(err: unknown): number | undefined {
+function findErrorProperty<T>(
+  err: unknown,
+  reader: (candidate: unknown) => T | undefined,
+  seen: Set<object> = new Set(),
+): T | undefined {
+  const direct = reader(err);
+  if (direct !== undefined) {
+    return direct;
+  }
+  if (!err || typeof err !== "object") {
+    return undefined;
+  }
+  if (seen.has(err)) {
+    return undefined;
+  }
+  seen.add(err);
+  const candidate = err as { error?: unknown; cause?: unknown };
+  return (
+    findErrorProperty(candidate.error, reader, seen) ??
+    findErrorProperty(candidate.cause, reader, seen)
+  );
+}
+
+function readDirectStatusCode(err: unknown): number | undefined {
   if (!err || typeof err !== "object") {
     return undefined;
   }
@@ -84,38 +107,87 @@ function getStatusCode(err: unknown): number | undefined {
   return undefined;
 }
 
-function getErrorCode(err: unknown): string | undefined {
+function getStatusCode(err: unknown): number | undefined {
+  return findErrorProperty(err, readDirectStatusCode);
+}
+
+function readDirectErrorCode(err: unknown): string | undefined {
   if (!err || typeof err !== "object") {
     return undefined;
   }
-  const candidate = (err as { code?: unknown }).code;
-  if (typeof candidate !== "string") {
+  const directCode = (err as { code?: unknown }).code;
+  if (typeof directCode === "string") {
+    const trimmed = directCode.trim();
+    return trimmed ? trimmed : undefined;
+  }
+  const status = (err as { status?: unknown }).status;
+  if (typeof status !== "string" || /^\d+$/.test(status)) {
     return undefined;
   }
-  const trimmed = candidate.trim();
+  const trimmed = status.trim();
   return trimmed ? trimmed : undefined;
 }
 
-function getErrorMessage(err: unknown): string {
+function getErrorCode(err: unknown): string | undefined {
+  return findErrorProperty(err, readDirectErrorCode);
+}
+
+function readDirectErrorMessage(err: unknown): string | undefined {
   if (err instanceof Error) {
-    return err.message;
+    return err.message || undefined;
   }
   if (typeof err === "string") {
-    return err;
+    return err || undefined;
   }
   if (typeof err === "number" || typeof err === "boolean" || typeof err === "bigint") {
     return String(err);
   }
   if (typeof err === "symbol") {
-    return err.description ?? "";
+    return err.description ?? undefined;
   }
   if (err && typeof err === "object") {
     const message = (err as { message?: unknown }).message;
     if (typeof message === "string") {
-      return message;
+      return message || undefined;
     }
   }
-  return "";
+  return undefined;
+}
+
+function getErrorMessage(err: unknown): string {
+  return findErrorProperty(err, readDirectErrorMessage) ?? "";
+}
+
+function getErrorCause(err: unknown): unknown {
+  if (!err || typeof err !== "object" || !("cause" in err)) {
+    return undefined;
+  }
+  return (err as { cause?: unknown }).cause;
+}
+
+/** Classify rate-limit / overloaded from symbolic error codes like RESOURCE_EXHAUSTED. */
+function classifyFailoverReasonFromSymbolicCode(raw: string | undefined): FailoverReason | null {
+  const normalized = raw?.trim().toUpperCase();
+  if (!normalized) {
+    return null;
+  }
+  switch (normalized) {
+    case "RESOURCE_EXHAUSTED":
+    case "RATE_LIMIT":
+    case "RATE_LIMITED":
+    case "RATE_LIMIT_EXCEEDED":
+    case "TOO_MANY_REQUESTS":
+    case "THROTTLED":
+    case "THROTTLING":
+    case "THROTTLINGEXCEPTION":
+    case "THROTTLING_EXCEPTION":
+      return "rate_limit";
+    case "OVERLOADED":
+    case "OVERLOADED_ERROR":
+      return "overloaded";
+    default:
+      return null;
+  }
 }
 
 function hasTimeoutHint(err: unknown): boolean {
@@ -160,6 +232,12 @@ export function resolveFailoverReasonFromError(err: unknown): FailoverReason | n
     return statusReason;
   }
 
+  // Check symbolic error codes (e.g. RESOURCE_EXHAUSTED from Google APIs)
+  const symbolicCodeReason = classifyFailoverReasonFromSymbolicCode(getErrorCode(err));
+  if (symbolicCodeReason) {
+    return symbolicCodeReason;
+  }
+
   const code = (getErrorCode(err) ?? "").toUpperCase();
   if (
     [
@@ -178,6 +256,16 @@ export function resolveFailoverReasonFromError(err: unknown): FailoverReason | n
   ) {
     return "timeout";
   }
+  // Walk into error cause chain *before* timeout heuristics so that a specific
+  // cause (e.g. RESOURCE_EXHAUSTED wrapped in AbortError) overrides a parent
+  // message-based "timeout" guess from isTimeoutError.
+  const cause = getErrorCause(err);
+  if (cause && cause !== err) {
+    const causeReason = resolveFailoverReasonFromError(cause);
+    if (causeReason) {
+      return causeReason;
+    }
+  }
   if (isTimeoutError(err)) {
     return "timeout";
   }
diff --git a/src/agents/memory-search.test.ts b/src/agents/memory-search.test.ts
index 8b1b4bc3494..feb0054b302 100644
--- a/src/agents/memory-search.test.ts
+++ b/src/agents/memory-search.test.ts
@@ -29,6 +29,56 @@ describe("memory search config", () => {
     });
   }
 
+  function expectEmptyMultimodalConfig(resolved: ReturnType<typeof resolveMemorySearchConfig>) {
+    expect(resolved?.multimodal).toEqual({
+      enabled: true,
+      modalities: [],
+      maxFileBytes: 10 * 1024 * 1024,
+    });
+  }
+
+  function configWithRemoteDefaults(remote: Record<string, unknown>) {
+    return asConfig({
+      agents: {
+        defaults: {
+          memorySearch: {
+            provider: "openai",
+            remote,
+          },
+        },
+        list: [
+          {
+            id: "main",
+            default: true,
+            memorySearch: {
+              remote: {
+                baseUrl: "https://agent.example/v1",
+              },
+            },
+          },
+        ],
+      },
+    });
+  }
+
+  function expectMergedRemoteConfig(
+    resolved: ReturnType<typeof resolveMemorySearchConfig>,
+    apiKey: unknown,
+  ) {
+    expect(resolved?.remote).toEqual({
+      baseUrl: "https://agent.example/v1",
+      apiKey,
+      headers: { "X-Default": "on" },
+      batch: {
+        enabled: false,
+        wait: true,
+        concurrency: 2,
+        pollIntervalMs: 2000,
+        timeoutMinutes: 60,
+      },
+    });
+  }
+
   it("returns null when disabled", () => {
     const cfg = asConfig({
       agents: {
@@ -171,11 +221,7 @@ describe("memory search config", () => {
       },
     });
     const resolved = resolveMemorySearchConfig(cfg, "main");
-    expect(resolved?.multimodal).toEqual({
-      enabled: true,
-      modalities: [],
-      maxFileBytes: 10 * 1024 * 1024,
-    });
+    expectEmptyMultimodalConfig(resolved);
     expect(resolved?.provider).toBe("gemini");
   });
 
@@ -196,11 +242,7 @@ describe("memory search config", () => {
       },
     });
     const resolved = resolveMemorySearchConfig(cfg, "main");
-    expect(resolved?.multimodal).toEqual({
-      enabled: true,
-      modalities: [],
-      maxFileBytes: 10 * 1024 * 1024,
-    });
+    expectEmptyMultimodalConfig(resolved);
   });
 
   it("rejects multimodal memory on unsupported providers", () => {
@@ -289,85 +331,27 @@ describe("memory search config", () => {
   });
 
   it("merges remote defaults with agent overrides", () => {
-    const cfg = asConfig({
-      agents: {
-        defaults: {
-          memorySearch: {
-            provider: "openai",
-            remote: {
-              baseUrl: "https://default.example/v1",
-              apiKey: "default-key", // pragma: allowlist secret
-              headers: { "X-Default": "on" },
-            },
-          },
-        },
-        list: [
-          {
-            id: "main",
-            default: true,
-            memorySearch: {
-              remote: {
-                baseUrl: "https://agent.example/v1",
-              },
-            },
-          },
-        ],
-      },
-    });
-    const resolved = resolveMemorySearchConfig(cfg, "main");
-    expect(resolved?.remote).toEqual({
-      baseUrl: "https://agent.example/v1",
+    const cfg = configWithRemoteDefaults({
+      baseUrl: "https://default.example/v1",
       apiKey: "default-key", // pragma: allowlist secret
       headers: { "X-Default": "on" },
-      batch: {
-        enabled: false,
-        wait: true,
-        concurrency: 2,
-        pollIntervalMs: 2000,
-        timeoutMinutes: 60,
-      },
     });
+    const resolved = resolveMemorySearchConfig(cfg, "main");
+    expectMergedRemoteConfig(resolved, "default-key"); // pragma: allowlist secret
   });
 
   it("preserves SecretRef remote apiKey when merging defaults with agent overrides", () => {
-    const cfg = asConfig({
-      agents: {
-        defaults: {
-          memorySearch: {
-            provider: "openai",
-            remote: {
-              apiKey: { source: "env", provider: "default", id: "OPENAI_API_KEY" }, // pragma: allowlist secret
-              headers: { "X-Default": "on" },
-            },
-          },
-        },
-        list: [
-          {
-            id: "main",
-            default: true,
-            memorySearch: {
-              remote: {
-                baseUrl: "https://agent.example/v1",
-              },
-            },
-          },
-        ],
-      },
+    const cfg = configWithRemoteDefaults({
+      apiKey: { source: "env", provider: "default", id: "OPENAI_API_KEY" }, // pragma: allowlist secret
+      headers: { "X-Default": "on" },
     });
 
     const resolved = resolveMemorySearchConfig(cfg, "main");
 
-    expect(resolved?.remote).toEqual({
-      baseUrl: "https://agent.example/v1",
-      apiKey: { source: "env", provider: "default", id: "OPENAI_API_KEY" },
-      headers: { "X-Default": "on" },
-      batch: {
-        enabled: false,
-        wait: true,
-        concurrency: 2,
-        pollIntervalMs: 2000,
-        timeoutMinutes: 60,
-      },
+    expectMergedRemoteConfig(resolved, {
+      source: "env",
+      provider: "default",
+      id: "OPENAI_API_KEY",
     });
   });
 
diff --git a/src/agents/model-auth-markers.ts b/src/agents/model-auth-markers.ts
index e888f06d0c5..8a890d3a694 100644
--- a/src/agents/model-auth-markers.ts
+++ b/src/agents/model-auth-markers.ts
@@ -4,6 +4,7 @@ import { listKnownProviderEnvApiKeyNames } from "./model-auth-env-vars.js";
 export const MINIMAX_OAUTH_MARKER = "minimax-oauth";
 export const QWEN_OAUTH_MARKER = "qwen-oauth";
 export const OLLAMA_LOCAL_AUTH_MARKER = "ollama-local";
+export const CUSTOM_LOCAL_AUTH_MARKER = "custom-local";
 export const NON_ENV_SECRETREF_MARKER = "secretref-managed"; // pragma: allowlist secret
 export const SECRETREF_ENV_HEADER_MARKER_PREFIX = "secretref-env:"; // pragma: allowlist secret
 
@@ -71,6 +72,7 @@ export function isNonSecretApiKeyMarker(
     trimmed === MINIMAX_OAUTH_MARKER ||
     trimmed === QWEN_OAUTH_MARKER ||
     trimmed === OLLAMA_LOCAL_AUTH_MARKER ||
+    trimmed === CUSTOM_LOCAL_AUTH_MARKER ||
     trimmed === NON_ENV_SECRETREF_MARKER ||
     isAwsSdkAuthMarker(trimmed);
   if (isKnownMarker) {
diff --git a/src/agents/model-auth.test.ts b/src/agents/model-auth.test.ts
index 2deaeb7dbf6..de8f0f1b752 100644
--- a/src/agents/model-auth.test.ts
+++ b/src/agents/model-auth.test.ts
@@ -1,9 +1,12 @@
-import { describe, expect, it } from "vitest";
+import { streamSimpleOpenAICompletions, type Model } from "@mariozechner/pi-ai";
+import { afterEach, describe, expect, it, vi } from "vitest";
 import type { AuthProfileStore } from "./auth-profiles.js";
-import { NON_ENV_SECRETREF_MARKER } from "./model-auth-markers.js";
+import { CUSTOM_LOCAL_AUTH_MARKER, NON_ENV_SECRETREF_MARKER } from "./model-auth-markers.js";
 import {
+  applyLocalNoAuthHeaderOverride,
   hasUsableCustomProviderApiKey,
   requireApiKey,
+  resolveApiKeyForProvider,
   resolveAwsSdkEnvVarName,
   resolveModelAuthMode,
   resolveUsableCustomProviderApiKey,
@@ -223,3 +226,334 @@ describe("resolveUsableCustomProviderApiKey", () => {
     }
   });
 });
+
+describe("resolveApiKeyForProvider – synthetic local auth for custom providers", () => {
+  it("synthesizes a local auth marker for custom providers with a local baseUrl and no apiKey", async () => {
+    const auth = await resolveApiKeyForProvider({
+      provider: "custom-127-0-0-1-8080",
+      cfg: {
+        models: {
+          providers: {
+            "custom-127-0-0-1-8080": {
+              baseUrl: "http://127.0.0.1:8080/v1",
+              api: "openai-completions",
+              models: [
+                {
+                  id: "qwen-3.5",
+                  name: "Qwen 3.5",
+                  reasoning: false,
+                  input: ["text"],
+                  cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+                  contextWindow: 8192,
+                  maxTokens: 4096,
+                },
+              ],
+            },
+          },
+        },
+      },
+    });
+    expect(auth.apiKey).toBe(CUSTOM_LOCAL_AUTH_MARKER);
+    expect(auth.source).toContain("synthetic local key");
+  });
+
+  it("synthesizes a local auth marker for localhost custom providers", async () => {
+    const auth = await resolveApiKeyForProvider({
+      provider: "my-local",
+      cfg: {
+        models: {
+          providers: {
+            "my-local": {
+              baseUrl: "http://localhost:11434/v1",
+              api: "openai-completions",
+              models: [
+                {
+                  id: "llama3",
+                  name: "Llama 3",
+                  reasoning: false,
+                  input: ["text"],
+                  cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+                  contextWindow: 8192,
+                  maxTokens: 4096,
+                },
+              ],
+            },
+          },
+        },
+      },
+    });
+    expect(auth.apiKey).toBe(CUSTOM_LOCAL_AUTH_MARKER);
+  });
+
+  it("synthesizes a local auth marker for IPv6 loopback (::1)", async () => {
+    const auth = await resolveApiKeyForProvider({
+      provider: "my-ipv6",
+      cfg: {
+        models: {
+          providers: {
+            "my-ipv6": {
+              baseUrl: "http://[::1]:8080/v1",
+              api: "openai-completions",
+              models: [
+                {
+                  id: "llama3",
+                  name: "Llama 3",
+                  reasoning: false,
+                  input: ["text"],
+                  cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+                  contextWindow: 8192,
+                  maxTokens: 4096,
+                },
+              ],
+            },
+          },
+        },
+      },
+    });
+    expect(auth.apiKey).toBe(CUSTOM_LOCAL_AUTH_MARKER);
+  });
+
+  it("synthesizes a local auth marker for 0.0.0.0", async () => {
+    const auth = await resolveApiKeyForProvider({
+      provider: "my-wildcard",
+      cfg: {
+        models: {
+          providers: {
+            "my-wildcard": {
+              baseUrl: "http://0.0.0.0:11434/v1",
+              api: "openai-completions",
+              models: [
+                {
+                  id: "qwen",
+                  name: "Qwen",
+                  reasoning: false,
+                  input: ["text"],
+                  cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+                  contextWindow: 8192,
+                  maxTokens: 4096,
+                },
+              ],
+            },
+          },
+        },
+      },
+    });
+    expect(auth.apiKey).toBe(CUSTOM_LOCAL_AUTH_MARKER);
+  });
+
+  it("synthesizes a local auth marker for IPv4-mapped IPv6 (::ffff:127.0.0.1)", async () => {
+    const auth = await resolveApiKeyForProvider({
+      provider: "my-mapped",
+      cfg: {
+        models: {
+          providers: {
+            "my-mapped": {
+              baseUrl: "http://[::ffff:127.0.0.1]:8080/v1",
+              api: "openai-completions",
+              models: [
+                {
+                  id: "llama3",
+                  name: "Llama 3",
+                  reasoning: false,
+                  input: ["text"],
+                  cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+                  contextWindow: 8192,
+                  maxTokens: 4096,
+                },
+              ],
+            },
+          },
+        },
+      },
+    });
+    expect(auth.apiKey).toBe(CUSTOM_LOCAL_AUTH_MARKER);
+  });
+
+  it("does not synthesize auth for remote custom providers without apiKey", async () => {
+    await expect(
+      resolveApiKeyForProvider({
+        provider: "my-remote",
+        cfg: {
+          models: {
+            providers: {
+              "my-remote": {
+                baseUrl: "https://api.example.com/v1",
+                api: "openai-completions",
+                models: [
+                  {
+                    id: "gpt-5",
+                    name: "GPT-5",
+                    reasoning: false,
+                    input: ["text"],
+                    cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+                    contextWindow: 8192,
+                    maxTokens: 4096,
+                  },
+                ],
+              },
+            },
+          },
+        },
+      }),
+    ).rejects.toThrow("No API key found");
+  });
+
+  it("does not synthesize local auth when apiKey is explicitly configured but unresolved", async () => {
+    const previous = process.env.OPENAI_API_KEY;
+    delete process.env.OPENAI_API_KEY;
+    try {
+      await expect(
+        resolveApiKeyForProvider({
+          provider: "custom",
+          cfg: {
+            models: {
+              providers: {
+                custom: {
+                  baseUrl: "http://127.0.0.1:8080/v1",
+                  api: "openai-completions",
+                  apiKey: "OPENAI_API_KEY",
+                  models: [
+                    {
+                      id: "llama3",
+                      name: "Llama 3",
+                      reasoning: false,
+                      input: ["text"],
+                      cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+                      contextWindow: 8192,
+                      maxTokens: 4096,
+                    },
+                  ],
+                },
+              },
+            },
+          },
+        }),
+      ).rejects.toThrow('No API key found for provider "custom"');
+    } finally {
+      if (previous === undefined) {
+        delete process.env.OPENAI_API_KEY;
+      } else {
+        process.env.OPENAI_API_KEY = previous;
+      }
+    }
+  });
+
+  it("does not synthesize local auth when auth mode explicitly requires oauth", async () => {
+    await expect(
+      resolveApiKeyForProvider({
+        provider: "custom",
+        cfg: {
+          models: {
+            providers: {
+              custom: {
+                baseUrl: "http://127.0.0.1:8080/v1",
+                api: "openai-completions",
+                auth: "oauth",
+                models: [
+                  {
+                    id: "llama3",
+                    name: "Llama 3",
+                    reasoning: false,
+                    input: ["text"],
+                    cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+                    contextWindow: 8192,
+                    maxTokens: 4096,
+                  },
+                ],
+              },
+            },
+          },
+        },
+      }),
+    ).rejects.toThrow('No API key found for provider "custom"');
+  });
+
+  it("keeps built-in aws-sdk fallback for local baseUrl overrides", async () => {
+    const auth = await resolveApiKeyForProvider({
+      provider: "amazon-bedrock",
+      cfg: {
+        models: {
+          providers: {
+            "amazon-bedrock": {
+              baseUrl: "http://127.0.0.1:8080/v1",
+              models: [],
+            },
+          },
+        },
+      },
+    });
+
+    expect(auth.mode).toBe("aws-sdk");
+    expect(auth.apiKey).toBeUndefined();
+  });
+});
+
+describe("applyLocalNoAuthHeaderOverride", () => {
+  const originalFetch = globalThis.fetch;
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+    vi.restoreAllMocks();
+  });
+
+  it("clears Authorization for synthetic local OpenAI-compatible auth markers", async () => {
+    let capturedAuthorization: string | null | undefined;
+    let capturedXTest: string | null | undefined;
+    let resolveRequest: (() => void) | undefined;
+    const requestSeen = new Promise<void>((resolve) => {
+      resolveRequest = resolve;
+    });
+    globalThis.fetch = vi.fn(async (_input, init) => {
+      const headers = new Headers(init?.headers);
+      capturedAuthorization = headers.get("Authorization");
+      capturedXTest = headers.get("X-Test");
+      resolveRequest?.();
+      return new Response(JSON.stringify({ error: { message: "unauthorized" } }), {
+        status: 401,
+        headers: { "content-type": "application/json" },
+      });
+    }) as typeof fetch;
+
+    const model = applyLocalNoAuthHeaderOverride(
+      {
+        id: "local-llm",
+        name: "local-llm",
+        api: "openai-completions",
+        provider: "custom",
+        baseUrl: "http://127.0.0.1:8080/v1",
+        reasoning: false,
+        input: ["text"],
+        cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+        contextWindow: 8192,
+        maxTokens: 4096,
+        headers: { "X-Test": "1" },
+      } as Model<"openai-completions">,
+      {
+        apiKey: CUSTOM_LOCAL_AUTH_MARKER,
+        source: "models.providers.custom (synthetic local key)",
+        mode: "api-key",
+      },
+    );
+
+    streamSimpleOpenAICompletions(
+      model,
+      {
+        messages: [
+          {
+            role: "user",
+            content: "hello",
+            timestamp: Date.now(),
+          },
+        ],
+      },
+      {
+        apiKey: CUSTOM_LOCAL_AUTH_MARKER,
+      },
+    );
+
+    await requestSeen;
+
+    expect(capturedAuthorization).toBeNull();
+    expect(capturedXTest).toBe("1");
+  });
+});
diff --git a/src/agents/model-auth.ts b/src/agents/model-auth.ts
index ffc7c1e2e9d..fb3abd1571e 100644
--- a/src/agents/model-auth.ts
+++ b/src/agents/model-auth.ts
@@ -3,6 +3,7 @@ import { type Api, getEnvApiKey, type Model } from "@mariozechner/pi-ai";
 import { formatCliCommand } from "../cli/command-format.js";
 import type { OpenClawConfig } from "../config/config.js";
 import type { ModelProviderAuthMode, ModelProviderConfig } from "../config/types.js";
+import { coerceSecretRef } from "../config/types.secrets.js";
 import { getShellEnvAppliedKeys } from "../infra/shell-env.js";
 import { createSubsystemLogger } from "../logging/subsystem.js";
 import {
@@ -19,6 +20,7 @@ import {
 } from "./auth-profiles.js";
 import { PROVIDER_ENV_API_KEY_CANDIDATES } from "./model-auth-env-vars.js";
 import {
+  CUSTOM_LOCAL_AUTH_MARKER,
   isKnownEnvApiKeyMarker,
   isNonSecretApiKeyMarker,
   OLLAMA_LOCAL_AUTH_MARKER,
@@ -119,15 +121,44 @@ function resolveProviderAuthOverride(
   return undefined;
 }
 
+function isLocalBaseUrl(baseUrl: string): boolean {
+  try {
+    const host = new URL(baseUrl).hostname.toLowerCase();
+    return (
+      host === "localhost" ||
+      host === "127.0.0.1" ||
+      host === "0.0.0.0" ||
+      host === "[::1]" ||
+      host === "[::ffff:7f00:1]" ||
+      host === "[::ffff:127.0.0.1]"
+    );
+  } catch {
+    return false;
+  }
+}
+
+function hasExplicitProviderApiKeyConfig(providerConfig: ModelProviderConfig): boolean {
+  return (
+    normalizeOptionalSecretInput(providerConfig.apiKey) !== undefined ||
+    coerceSecretRef(providerConfig.apiKey) !== null
+  );
+}
+
+function isCustomLocalProviderConfig(providerConfig: ModelProviderConfig): boolean {
+  return (
+    typeof providerConfig.baseUrl === "string" &&
+    providerConfig.baseUrl.trim().length > 0 &&
+    typeof providerConfig.api === "string" &&
+    providerConfig.api.trim().length > 0 &&
+    Array.isArray(providerConfig.models) &&
+    providerConfig.models.length > 0
+  );
+}
+
 function resolveSyntheticLocalProviderAuth(params: {
   cfg: OpenClawConfig | undefined;
   provider: string;
 }): ResolvedProviderAuth | null {
-  const normalizedProvider = normalizeProviderId(params.provider);
-  if (normalizedProvider !== "ollama") {
-    return null;
-  }
-
   const providerConfig = resolveProviderConfig(params.cfg, params.provider);
   if (!providerConfig) {
     return null;
@@ -141,11 +172,38 @@ function resolveSyntheticLocalProviderAuth(params: {
     return null;
   }
 
-  return {
-    apiKey: OLLAMA_LOCAL_AUTH_MARKER,
-    source: "models.providers.ollama (synthetic local key)",
-    mode: "api-key",
-  };
+  const normalizedProvider = normalizeProviderId(params.provider);
+  if (normalizedProvider === "ollama") {
+    return {
+      apiKey: OLLAMA_LOCAL_AUTH_MARKER,
+      source: "models.providers.ollama (synthetic local key)",
+      mode: "api-key",
+    };
+  }
+
+  const authOverride = resolveProviderAuthOverride(params.cfg, params.provider);
+  if (authOverride && authOverride !== "api-key") {
+    return null;
+  }
+  if (!isCustomLocalProviderConfig(providerConfig)) {
+    return null;
+  }
+  if (hasExplicitProviderApiKeyConfig(providerConfig)) {
+    return null;
+  }
+
+  // Custom providers pointing at a local server (e.g. llama.cpp, vLLM, LocalAI)
+  // typically don't require auth. Synthesize a local key so the auth resolver
+  // doesn't reject them when the user left the API key blank during onboarding.
+  if (providerConfig.baseUrl && isLocalBaseUrl(providerConfig.baseUrl)) {
+    return {
+      apiKey: CUSTOM_LOCAL_AUTH_MARKER,
+      source: `models.providers.${params.provider} (synthetic local key)`,
+      mode: "api-key",
+    };
+  }
+
+  return null;
 }
 
 function resolveEnvSourceLabel(params: {
@@ -439,3 +497,25 @@ export function requireApiKey(auth: ResolvedProviderAuth, provider: string): str
   }
   throw new Error(`No API key resolved for provider "${provider}" (auth mode: ${auth.mode}).`);
 }
+
+export function applyLocalNoAuthHeaderOverride<T extends Model<Api>>(
+  model: T,
+  auth: ResolvedProviderAuth | null | undefined,
+): T {
+  if (auth?.apiKey !== CUSTOM_LOCAL_AUTH_MARKER || model.api !== "openai-completions") {
+    return model;
+  }
+
+  // OpenAI's SDK always generates Authorization from apiKey. Keep the non-secret
+  // placeholder so construction succeeds, then clear the header at request build
+  // time for local servers that intentionally do not require auth.
+  const headers = {
+    ...model.headers,
+    Authorization: null,
+  } as unknown as Record<string, string>;
+
+  return {
+    ...model,
+    headers,
+  };
+}
diff --git a/src/agents/model-compat.test.ts b/src/agents/model-compat.test.ts
index 56b9c16203c..3ae2e1b99fe 100644
--- a/src/agents/model-compat.test.ts
+++ b/src/agents/model-compat.test.ts
@@ -86,14 +86,6 @@ function expectSupportsDeveloperRoleForcedOff(overrides?: Partial<Model<Api>>):
   const normalized = normalizeModelCompat(model as Model<Api>);
   expect(supportsDeveloperRole(normalized)).toBe(false);
 }
-
-function expectSupportsUsageInStreamingForcedOff(overrides?: Partial<Model<Api>>): void {
-  const model = { ...baseModel(), ...overrides };
-  delete (model as { compat?: unknown }).compat;
-  const normalized = normalizeModelCompat(model as Model<Api>);
-  expect(supportsUsageInStreaming(normalized)).toBe(false);
-}
-
 function expectResolvedForwardCompat(
   model: Model<Api> | undefined,
   expected: { provider: string; id: string },
@@ -219,11 +211,16 @@ describe("normalizeModelCompat", () => {
     });
   });
 
-  it("forces supportsUsageInStreaming off for generic custom openai-completions provider", () => {
-    expectSupportsUsageInStreamingForcedOff({
+  it("leaves supportsUsageInStreaming at default for generic custom openai-completions provider", () => {
+    const model = {
+      ...baseModel(),
       provider: "custom-cpa",
       baseUrl: "https://cpa.example.com/v1",
-    });
+    };
+    delete (model as { compat?: unknown }).compat;
+    const normalized = normalizeModelCompat(model as Model<Api>);
+    // supportsUsageInStreaming is no longer forced off — pi-ai's default (true) applies
+    expect(supportsUsageInStreaming(normalized)).toBeUndefined();
   });
 
   it("forces supportsDeveloperRole off for Qwen proxy via openai-completions", () => {
@@ -273,7 +270,7 @@ describe("normalizeModelCompat", () => {
     expect(supportsUsageInStreaming(normalized)).toBe(true);
   });
 
-  it("still forces flags off when not explicitly set by user", () => {
+  it("forces supportsDeveloperRole off but leaves supportsUsageInStreaming unset for non-native endpoints", () => {
     const model = {
       ...baseModel(),
       provider: "custom-cpa",
@@ -282,7 +279,8 @@ describe("normalizeModelCompat", () => {
     delete (model as { compat?: unknown }).compat;
     const normalized = normalizeModelCompat(model);
     expect(supportsDeveloperRole(normalized)).toBe(false);
-    expect(supportsUsageInStreaming(normalized)).toBe(false);
+    // supportsUsageInStreaming is no longer forced off — pi-ai default applies
+    expect(supportsUsageInStreaming(normalized)).toBeUndefined();
   });
 
   it("does not mutate caller model when forcing supportsDeveloperRole off", () => {
@@ -297,7 +295,8 @@ describe("normalizeModelCompat", () => {
     expect(supportsDeveloperRole(model)).toBeUndefined();
     expect(supportsUsageInStreaming(model)).toBeUndefined();
     expect(supportsDeveloperRole(normalized)).toBe(false);
-    expect(supportsUsageInStreaming(normalized)).toBe(false);
+    // supportsUsageInStreaming is not set by normalizeModelCompat — pi-ai default applies
+    expect(supportsUsageInStreaming(normalized)).toBeUndefined();
   });
 
   it("does not override explicit compat false", () => {
diff --git a/src/agents/model-compat.ts b/src/agents/model-compat.ts
index 72deb0c655f..c2837f6b83d 100644
--- a/src/agents/model-compat.ts
+++ b/src/agents/model-compat.ts
@@ -52,11 +52,16 @@ export function normalizeModelCompat(model: Model<Api>): Model<Api> {
     return model;
   }
 
-  // The `developer` role and stream usage chunks are OpenAI-native behaviors.
-  // Many OpenAI-compatible backends reject `developer` and/or emit usage-only
-  // chunks that break strict parsers expecting choices[0]. For non-native
-  // openai-completions endpoints, force both compat flags off — unless the
-  // user has explicitly opted in via their model config.
+  // The `developer` role is an OpenAI-native behavior that most compatible
+  // backends reject. Force it off for non-native endpoints unless the user
+  // has explicitly opted in via their model config.
+  //
+  // `supportsUsageInStreaming` is NOT forced off — most OpenAI-compatible
+  // backends (DashScope, DeepSeek, Groq, Together, etc.) handle
+  // `stream_options: { include_usage: true }` correctly, and disabling it
+  // silently breaks usage/cost tracking for all non-native providers.
+  // Users can still opt out with `compat.supportsUsageInStreaming: false`
+  // if their backend rejects the parameter.
   const compat = model.compat ?? undefined;
   // When baseUrl is empty the pi-ai library defaults to api.openai.com, so
   // leave compat unchanged and let default native behavior apply.
@@ -65,24 +70,22 @@ export function normalizeModelCompat(model: Model<Api>): Model<Api> {
     return model;
   }
 
-  // Respect explicit user overrides: if the user has set a compat flag to
-  // true in their model definition, they know their endpoint supports it.
+  // Respect explicit user overrides.
   const forcedDeveloperRole = compat?.supportsDeveloperRole === true;
-  const forcedUsageStreaming = compat?.supportsUsageInStreaming === true;
 
-  if (forcedDeveloperRole && forcedUsageStreaming) {
+  if (forcedDeveloperRole) {
     return model;
   }
 
-  // Return a new object — do not mutate the caller's model reference.
+  // Only force supportsDeveloperRole off. Leave supportsUsageInStreaming
+  // at whatever the user set or pi-ai's default (true).
   return {
     ...model,
     compat: compat
       ? {
           ...compat,
-          supportsDeveloperRole: forcedDeveloperRole || false,
-          supportsUsageInStreaming: forcedUsageStreaming || false,
+          supportsDeveloperRole: false,
         }
-      : { supportsDeveloperRole: false, supportsUsageInStreaming: false },
+      : { supportsDeveloperRole: false },
   } as typeof model;
 }
diff --git a/src/agents/model-fallback.probe.test.ts b/src/agents/model-fallback.probe.test.ts
index 3969416cd38..e80c3e3edd4 100644
--- a/src/agents/model-fallback.probe.test.ts
+++ b/src/agents/model-fallback.probe.test.ts
@@ -331,6 +331,77 @@ describe("runWithModelFallback – probe logic", () => {
     });
   });
 
+  it("keeps walking remaining fallbacks after an abort-wrapped RESOURCE_EXHAUSTED probe failure", async () => {
+    const cfg = makeCfg({
+      agents: {
+        defaults: {
+          model: {
+            primary: "google/gemini-3-flash-preview",
+            fallbacks: ["anthropic/claude-haiku-3-5", "deepseek/deepseek-chat"],
+          },
+        },
+      },
+    } as Partial<OpenClawConfig>);
+
+    mockedResolveAuthProfileOrder.mockImplementation(({ provider }: { provider: string }) => {
+      if (provider === "google") {
+        return ["google-profile-1"];
+      }
+      if (provider === "anthropic") {
+        return ["anthropic-profile-1"];
+      }
+      if (provider === "deepseek") {
+        return ["deepseek-profile-1"];
+      }
+      return [];
+    });
+    mockedIsProfileInCooldown.mockImplementation((_store, profileId: string) =>
+      profileId.startsWith("google"),
+    );
+    mockedGetSoonestCooldownExpiry.mockReturnValue(NOW + 30 * 1000);
+    mockedResolveProfilesUnavailableReason.mockReturnValue("rate_limit");
+
+    // Simulate Google Vertex abort-wrapped RESOURCE_EXHAUSTED (the shape that was
+    // previously swallowed by shouldRethrowAbort before the fallback loop could continue)
+    const primaryAbort = Object.assign(new Error("request aborted"), {
+      name: "AbortError",
+      cause: {
+        error: {
+          code: 429,
+          message: "Resource has been exhausted (e.g. check quota).",
+          status: "RESOURCE_EXHAUSTED",
+        },
+      },
+    });
+    const run = vi
+      .fn()
+      .mockRejectedValueOnce(primaryAbort)
+      .mockRejectedValueOnce(
+        Object.assign(new Error("fallback still rate limited"), { status: 429 }),
+      )
+      .mockRejectedValueOnce(
+        Object.assign(new Error("final fallback still rate limited"), { status: 429 }),
+      );
+
+    await expect(
+      runWithModelFallback({
+        cfg,
+        provider: "google",
+        model: "gemini-3-flash-preview",
+        run,
+      }),
+    ).rejects.toThrow(/All models failed \(3\)/);
+
+    // All three candidates must be attempted — the abort must not short-circuit
+    expect(run).toHaveBeenCalledTimes(3);
+
+    expect(run).toHaveBeenNthCalledWith(1, "google", "gemini-3-flash-preview", {
+      allowTransientCooldownProbe: true,
+    });
+    expect(run).toHaveBeenNthCalledWith(2, "anthropic", "claude-haiku-3-5");
+    expect(run).toHaveBeenNthCalledWith(3, "deepseek", "deepseek-chat");
+  });
+
   it("throttles probe when called within 30s interval", async () => {
     const cfg = makeCfg();
     // Cooldown just about to expire (within probe margin)
diff --git a/src/agents/model-fallback.ts b/src/agents/model-fallback.ts
index d14ede7658b..5fd6e533a1a 100644
--- a/src/agents/model-fallback.ts
+++ b/src/agents/model-fallback.ts
@@ -140,10 +140,16 @@ async function runFallbackCandidate<T>(params: {
       result,
     };
   } catch (err) {
-    if (shouldRethrowAbort(err)) {
+    // Normalize abort-wrapped rate-limit errors (e.g. Google Vertex RESOURCE_EXHAUSTED)
+    // so they become FailoverErrors and continue the fallback loop instead of aborting.
+    const normalizedFailover = coerceToFailoverError(err, {
+      provider: params.provider,
+      model: params.model,
+    });
+    if (shouldRethrowAbort(err) && !normalizedFailover) {
       throw err;
     }
-    return { ok: false, error: err };
+    return { ok: false, error: normalizedFailover ?? err };
   }
 }
 
diff --git a/src/agents/model-selection.test.ts b/src/agents/model-selection.test.ts
index 35ac52dcf26..7fa8832e0e7 100644
--- a/src/agents/model-selection.test.ts
+++ b/src/agents/model-selection.test.ts
@@ -50,6 +50,60 @@ function resolveAnthropicOpusThinking(cfg: OpenClawConfig) {
   });
 }
 
+function createAgentFallbackConfig(params: {
+  primary?: string;
+  fallbacks?: string[];
+  agentFallbacks?: string[];
+}) {
+  return {
+    agents: {
+      defaults: {
+        models: {
+          "openai/gpt-4o": {},
+        },
+        model: {
+          primary: params.primary ?? "openai/gpt-4o",
+          fallbacks: params.fallbacks ?? [],
+        },
+      },
+      ...(params.agentFallbacks
+        ? {
+            list: [
+              {
+                id: "coder",
+                model: {
+                  primary: params.primary ?? "openai/gpt-4o",
+                  fallbacks: params.agentFallbacks,
+                },
+              },
+            ],
+          }
+        : {}),
+    },
+  } as OpenClawConfig;
+}
+
+function createProviderWithModelsConfig(provider: string, models: Array<Record<string, unknown>>) {
+  return {
+    models: {
+      providers: {
+        [provider]: {
+          baseUrl: `https://${provider}.example.com`,
+          models,
+        },
+      },
+    },
+  } as Partial<OpenClawConfig>;
+}
+
+function resolveConfiguredRefForTest(cfg: Partial<OpenClawConfig>) {
+  return resolveConfiguredModelRef({
+    cfg: cfg as OpenClawConfig,
+    defaultProvider: "anthropic",
+    defaultModel: "claude-opus-4-6",
+  });
+}
+
 describe("model-selection", () => {
   describe("normalizeProviderId", () => {
     it("should normalize provider names", () => {
@@ -121,6 +175,12 @@ describe("model-selection", () => {
         defaultProvider: "anthropic",
         expected: { provider: "anthropic", model: "claude-sonnet-4-6" },
       },
+      {
+        name: "keeps dated anthropic model ids unchanged",
+        variants: ["anthropic/claude-sonnet-4-20250514", "claude-sonnet-4-20250514"],
+        defaultProvider: "anthropic",
+        expected: { provider: "anthropic", model: "claude-sonnet-4-20250514" },
+      },
       {
         name: "normalizes deprecated google flash preview ids",
         variants: ["google/gemini-3.1-flash-preview", "gemini-3.1-flash-preview"],
@@ -181,6 +241,12 @@ describe("model-selection", () => {
         defaultProvider: "anthropic",
         expected: { provider: "openai", model: "gpt-5.3-codex-codex" },
       },
+      {
+        name: "normalizes gemini 3.1 flash-lite ids for google-vertex",
+        variants: ["google-vertex/gemini-3.1-flash-lite", "gemini-3.1-flash-lite"],
+        defaultProvider: "google-vertex",
+        expected: { provider: "google-vertex", model: "gemini-3.1-flash-lite-preview" },
+      },
     ])("$name", ({ variants, defaultProvider, expected }) => {
       expectParsedModelVariants(variants, defaultProvider, expected);
     });
@@ -192,7 +258,6 @@ describe("model-selection", () => {
         "anthropic/claude-opus-4-6",
       );
     });
-
     it.each(["", "  ", "/", "anthropic/", "/model"])("returns null for invalid ref %j", (raw) => {
       expect(parseModelRef(raw, "anthropic")).toBeNull();
     });
@@ -320,19 +385,9 @@ describe("model-selection", () => {
     });
 
     it("includes fallback models in allowed set", () => {
-      const cfg: OpenClawConfig = {
-        agents: {
-          defaults: {
-            models: {
-              "openai/gpt-4o": {},
-            },
-            model: {
-              primary: "openai/gpt-4o",
-              fallbacks: ["anthropic/claude-sonnet-4-6", "google/gemini-3-pro"],
-            },
-          },
-        },
-      } as OpenClawConfig;
+      const cfg = createAgentFallbackConfig({
+        fallbacks: ["anthropic/claude-sonnet-4-6", "google/gemini-3-pro"],
+      });
 
       const result = buildAllowedModelSet({
         cfg,
@@ -348,19 +403,7 @@ describe("model-selection", () => {
     });
 
     it("handles empty fallbacks gracefully", () => {
-      const cfg: OpenClawConfig = {
-        agents: {
-          defaults: {
-            models: {
-              "openai/gpt-4o": {},
-            },
-            model: {
-              primary: "openai/gpt-4o",
-              fallbacks: [],
-            },
-          },
-        },
-      } as OpenClawConfig;
+      const cfg = createAgentFallbackConfig({});
 
       const result = buildAllowedModelSet({
         cfg,
@@ -374,28 +417,10 @@ describe("model-selection", () => {
     });
 
     it("prefers per-agent fallback overrides when agentId is provided", () => {
-      const cfg: OpenClawConfig = {
-        agents: {
-          defaults: {
-            models: {
-              "openai/gpt-4o": {},
-            },
-            model: {
-              primary: "openai/gpt-4o",
-              fallbacks: ["google/gemini-3-pro"],
-            },
-          },
-          list: [
-            {
-              id: "coder",
-              model: {
-                primary: "openai/gpt-4o",
-                fallbacks: ["anthropic/claude-sonnet-4-6"],
-              },
-            },
-          ],
-        },
-      } as OpenClawConfig;
+      const cfg = createAgentFallbackConfig({
+        fallbacks: ["google/gemini-3-pro"],
+        agentFallbacks: ["anthropic/claude-sonnet-4-6"],
+      });
 
       const result = buildAllowedModelSet({
         cfg,
@@ -626,79 +651,40 @@ describe("model-selection", () => {
     });
 
     it("should prefer configured custom provider when default provider is not in models.providers", () => {
-      const cfg: Partial<OpenClawConfig> = {
-        models: {
-          providers: {
-            n1n: {
-              baseUrl: "https://n1n.example.com",
-              models: [
-                {
-                  id: "gpt-5.4",
-                  name: "GPT 5.4",
-                  reasoning: false,
-                  input: ["text"],
-                  cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
-                  contextWindow: 128000,
-                  maxTokens: 4096,
-                },
-              ],
-            },
-          },
+      const cfg = createProviderWithModelsConfig("n1n", [
+        {
+          id: "gpt-5.4",
+          name: "GPT 5.4",
+          reasoning: false,
+          input: ["text"],
+          cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+          contextWindow: 128000,
+          maxTokens: 4096,
         },
-      };
-      const result = resolveConfiguredModelRef({
-        cfg: cfg as OpenClawConfig,
-        defaultProvider: "anthropic",
-        defaultModel: "claude-opus-4-6",
-      });
+      ]);
+      const result = resolveConfiguredRefForTest(cfg);
       expect(result).toEqual({ provider: "n1n", model: "gpt-5.4" });
     });
 
     it("should keep default provider when it is in models.providers", () => {
-      const cfg: Partial<OpenClawConfig> = {
-        models: {
-          providers: {
-            anthropic: {
-              baseUrl: "https://api.anthropic.com",
-              models: [
-                {
-                  id: "claude-opus-4-6",
-                  name: "Claude Opus 4.6",
-                  reasoning: true,
-                  input: ["text", "image"],
-                  cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
-                  contextWindow: 200000,
-                  maxTokens: 4096,
-                },
-              ],
-            },
-          },
+      const cfg = createProviderWithModelsConfig("anthropic", [
+        {
+          id: "claude-opus-4-6",
+          name: "Claude Opus 4.6",
+          reasoning: true,
+          input: ["text", "image"],
+          cost: { input: 0, output: 0, cacheRead: 0, cacheWrite: 0 },
+          contextWindow: 200000,
+          maxTokens: 4096,
         },
-      };
-      const result = resolveConfiguredModelRef({
-        cfg: cfg as OpenClawConfig,
-        defaultProvider: "anthropic",
-        defaultModel: "claude-opus-4-6",
-      });
+      ]);
+      const result = resolveConfiguredRefForTest(cfg);
       expect(result).toEqual({ provider: "anthropic", model: "claude-opus-4-6" });
     });
 
     it("should fall back to hardcoded default when no custom providers have models", () => {
-      const cfg: Partial<OpenClawConfig> = {
-        models: {
-          providers: {
-            "empty-provider": {
-              baseUrl: "https://example.com",
-              models: [],
-            },
-          },
-        },
-      };
-      const result = resolveConfiguredModelRef({
-        cfg: cfg as OpenClawConfig,
-        defaultProvider: "anthropic",
-        defaultModel: "claude-opus-4-6",
-      });
+      const cfg = createProviderWithModelsConfig("empty-provider", []);
+      const result = resolveConfiguredRefForTest(cfg);
       expect(result).toEqual({ provider: "anthropic", model: "claude-opus-4-6" });
     });
 
diff --git a/src/agents/model-selection.ts b/src/agents/model-selection.ts
index 7bbd8ed8ba7..72cd5951292 100644
--- a/src/agents/model-selection.ts
+++ b/src/agents/model-selection.ts
@@ -31,13 +31,6 @@ export type ModelAliasIndex = {
   byKey: Map<string, string[]>;
 };
 
-const ANTHROPIC_MODEL_ALIASES: Record<string, string> = {
-  "opus-4.6": "claude-opus-4-6",
-  "opus-4.5": "claude-opus-4-5",
-  "sonnet-4.6": "claude-sonnet-4-6",
-  "sonnet-4.5": "claude-sonnet-4-5",
-};
-
 function normalizeAliasKey(value: string): string {
   return value.trim().toLowerCase();
 }
@@ -151,7 +144,20 @@ function normalizeAnthropicModelId(model: string): string {
     return trimmed;
   }
   const lower = trimmed.toLowerCase();
-  return ANTHROPIC_MODEL_ALIASES[lower] ?? trimmed;
+  // Keep alias resolution local so bundled startup paths cannot trip a TDZ on
+  // a module-level alias table while config parsing is still initializing.
+  switch (lower) {
+    case "opus-4.6":
+      return "claude-opus-4-6";
+    case "opus-4.5":
+      return "claude-opus-4-5";
+    case "sonnet-4.6":
+      return "claude-sonnet-4-6";
+    case "sonnet-4.5":
+      return "claude-sonnet-4-5";
+    default:
+      return trimmed;
+  }
 }
 
 function normalizeProviderModelId(provider: string, model: string): string {
@@ -165,7 +171,7 @@ function normalizeProviderModelId(provider: string, model: string): string {
       return `anthropic/${normalizedAnthropicModel}`;
     }
   }
-  if (provider === "google") {
+  if (provider === "google" || provider === "google-vertex") {
     return normalizeGoogleModelId(model);
   }
   // OpenRouter-native models (e.g. "openrouter/aurora-alpha") need the full
diff --git a/src/agents/models-config.fills-missing-provider-apikey-from-env-var.test.ts b/src/agents/models-config.fills-missing-provider-apikey-from-env-var.test.ts
index 36944d67601..036f4d00824 100644
--- a/src/agents/models-config.fills-missing-provider-apikey-from-env-var.test.ts
+++ b/src/agents/models-config.fills-missing-provider-apikey-from-env-var.test.ts
@@ -60,13 +60,31 @@ function createMergeConfigProvider() {
   };
 }
 
-async function runCustomProviderMergeTest(params: {
-  seedProvider: {
-    baseUrl: string;
-    apiKey: string;
-    api: string;
-    models: Array<{ id: string; name: string; input: string[]; api?: string }>;
+type MergeSeedProvider = {
+  baseUrl: string;
+  apiKey: string;
+  api: string;
+  models: Array<{ id: string; name: string; input: string[]; api?: string }>;
+};
+
+type MergeConfigApiKeyRef = {
+  source: "env";
+  provider: "default";
+  id: string;
+};
+
+function createAgentSeedProvider(overrides: Partial<MergeSeedProvider> = {}): MergeSeedProvider {
+  return {
+    baseUrl: "https://agent.example/v1",
+    apiKey: "AGENT_KEY", // pragma: allowlist secret
+    api: "openai-responses",
+    models: [{ id: "agent-model", name: "Agent model", input: ["text"] }],
+    ...overrides,
   };
+}
+
+async function runCustomProviderMergeTest(params: {
+  seedProvider: MergeSeedProvider;
   existingProviderKey?: string;
   configProviderKey?: string;
 }) {
@@ -86,6 +104,56 @@ async function runCustomProviderMergeTest(params: {
   }>();
 }
 
+async function expectCustomProviderMergeResult(params: {
+  seedProvider?: MergeSeedProvider;
+  existingProviderKey?: string;
+  configProviderKey?: string;
+  expectedApiKey: string;
+  expectedBaseUrl: string;
+}) {
+  await withTempHome(async () => {
+    const parsed = await runCustomProviderMergeTest({
+      seedProvider: params.seedProvider ?? createAgentSeedProvider(),
+      existingProviderKey: params.existingProviderKey,
+      configProviderKey: params.configProviderKey,
+    });
+    expect(parsed.providers.custom?.apiKey).toBe(params.expectedApiKey);
+    expect(parsed.providers.custom?.baseUrl).toBe(params.expectedBaseUrl);
+  });
+}
+
+async function expectCustomProviderApiKeyRewrite(params: {
+  existingApiKey: string;
+  configuredApiKey: string | MergeConfigApiKeyRef;
+  expectedApiKey: string;
+}) {
+  await withTempHome(async () => {
+    await writeAgentModelsJson({
+      providers: {
+        custom: createAgentSeedProvider({ apiKey: params.existingApiKey }),
+      },
+    });
+
+    await ensureOpenClawModelsJson({
+      models: {
+        mode: "merge",
+        providers: {
+          custom: {
+            ...createMergeConfigProvider(),
+            apiKey: params.configuredApiKey,
+          },
+        },
+      },
+    });
+
+    const parsed = await readGeneratedModelsJson<{
+      providers: Record<string, { apiKey?: string; baseUrl?: string }>;
+    }>();
+    expect(parsed.providers.custom?.apiKey).toBe(params.expectedApiKey);
+    expect(parsed.providers.custom?.baseUrl).toBe("https://config.example/v1");
+  });
+}
+
 function createMoonshotConfig(overrides: {
   contextWindow: number;
   maxTokens: number;
@@ -301,49 +369,26 @@ describe("models-config", () => {
   });
 
   it("preserves non-empty agent apiKey but lets explicit config baseUrl win in merge mode", async () => {
-    await withTempHome(async () => {
-      const parsed = await runCustomProviderMergeTest({
-        seedProvider: {
-          baseUrl: "https://agent.example/v1",
-          apiKey: "AGENT_KEY", // pragma: allowlist secret
-          api: "openai-responses",
-          models: [{ id: "agent-model", name: "Agent model", input: ["text"] }],
-        },
-      });
-      expect(parsed.providers.custom?.apiKey).toBe("AGENT_KEY");
-      expect(parsed.providers.custom?.baseUrl).toBe("https://config.example/v1");
+    await expectCustomProviderMergeResult({
+      expectedApiKey: "AGENT_KEY",
+      expectedBaseUrl: "https://config.example/v1",
     });
   });
 
   it("lets explicit config baseUrl win in merge mode when the config provider key is normalized", async () => {
-    await withTempHome(async () => {
-      const parsed = await runCustomProviderMergeTest({
-        seedProvider: {
-          baseUrl: "https://agent.example/v1",
-          apiKey: "AGENT_KEY", // pragma: allowlist secret
-          api: "openai-responses",
-          models: [{ id: "agent-model", name: "Agent model", input: ["text"] }],
-        },
-        existingProviderKey: "custom",
-        configProviderKey: " custom ",
-      });
-      expect(parsed.providers.custom?.apiKey).toBe("AGENT_KEY");
-      expect(parsed.providers.custom?.baseUrl).toBe("https://config.example/v1");
+    await expectCustomProviderMergeResult({
+      existingProviderKey: "custom",
+      configProviderKey: " custom ",
+      expectedApiKey: "AGENT_KEY",
+      expectedBaseUrl: "https://config.example/v1",
     });
   });
 
   it("replaces stale merged baseUrl when the provider api changes", async () => {
-    await withTempHome(async () => {
-      const parsed = await runCustomProviderMergeTest({
-        seedProvider: {
-          baseUrl: "https://agent.example/v1",
-          apiKey: "AGENT_KEY", // pragma: allowlist secret
-          api: "openai-completions",
-          models: [{ id: "agent-model", name: "Agent model", input: ["text"] }],
-        },
-      });
-      expect(parsed.providers.custom?.apiKey).toBe("AGENT_KEY");
-      expect(parsed.providers.custom?.baseUrl).toBe("https://config.example/v1");
+    await expectCustomProviderMergeResult({
+      seedProvider: createAgentSeedProvider({ api: "openai-completions" }),
+      expectedApiKey: "AGENT_KEY",
+      expectedBaseUrl: "https://config.example/v1",
     });
   });
 
@@ -370,34 +415,14 @@ describe("models-config", () => {
   });
 
   it("replaces stale merged apiKey when provider is SecretRef-managed in current config", async () => {
-    await withTempHome(async () => {
-      await writeAgentModelsJson({
-        providers: {
-          custom: {
-            baseUrl: "https://agent.example/v1",
-            apiKey: "STALE_AGENT_KEY", // pragma: allowlist secret
-            api: "openai-responses",
-            models: [{ id: "agent-model", name: "Agent model", input: ["text"] }],
-          },
-        },
-      });
-      await ensureOpenClawModelsJson({
-        models: {
-          mode: "merge",
-          providers: {
-            custom: {
-              ...createMergeConfigProvider(),
-              apiKey: { source: "env", provider: "default", id: "CUSTOM_PROVIDER_API_KEY" }, // pragma: allowlist secret
-            },
-          },
-        },
-      });
-
-      const parsed = await readGeneratedModelsJson<{
-        providers: Record<string, { apiKey?: string; baseUrl?: string }>;
-      }>();
-      expect(parsed.providers.custom?.apiKey).toBe("CUSTOM_PROVIDER_API_KEY"); // pragma: allowlist secret
-      expect(parsed.providers.custom?.baseUrl).toBe("https://config.example/v1");
+    await expectCustomProviderApiKeyRewrite({
+      existingApiKey: "STALE_AGENT_KEY", // pragma: allowlist secret
+      configuredApiKey: {
+        source: "env",
+        provider: "default",
+        id: "CUSTOM_PROVIDER_API_KEY", // pragma: allowlist secret
+      },
+      expectedApiKey: "CUSTOM_PROVIDER_API_KEY", // pragma: allowlist secret
     });
   });
 
@@ -449,34 +474,10 @@ describe("models-config", () => {
   });
 
   it("replaces stale non-env marker when provider transitions back to plaintext config", async () => {
-    await withTempHome(async () => {
-      await writeAgentModelsJson({
-        providers: {
-          custom: {
-            baseUrl: "https://agent.example/v1",
-            apiKey: NON_ENV_SECRETREF_MARKER,
-            api: "openai-responses",
-            models: [{ id: "agent-model", name: "Agent model", input: ["text"] }],
-          },
-        },
-      });
-
-      await ensureOpenClawModelsJson({
-        models: {
-          mode: "merge",
-          providers: {
-            custom: {
-              ...createMergeConfigProvider(),
-              apiKey: "ALLCAPS_SAMPLE", // pragma: allowlist secret
-            },
-          },
-        },
-      });
-
-      const parsed = await readGeneratedModelsJson<{
-        providers: Record<string, { apiKey?: string }>;
-      }>();
-      expect(parsed.providers.custom?.apiKey).toBe("ALLCAPS_SAMPLE");
+    await expectCustomProviderApiKeyRewrite({
+      existingApiKey: NON_ENV_SECRETREF_MARKER,
+      configuredApiKey: "ALLCAPS_SAMPLE", // pragma: allowlist secret
+      expectedApiKey: "ALLCAPS_SAMPLE", // pragma: allowlist secret
     });
   });
 
diff --git a/src/agents/models-config.providers.discovery-auth.test.ts b/src/agents/models-config.providers.discovery-auth.test.ts
index e6aebc0d7cb..6fc492c1565 100644
--- a/src/agents/models-config.providers.discovery-auth.test.ts
+++ b/src/agents/models-config.providers.discovery-auth.test.ts
@@ -6,6 +6,11 @@ import { afterEach, describe, expect, it, vi } from "vitest";
 import { NON_ENV_SECRETREF_MARKER } from "./model-auth-markers.js";
 import { resolveImplicitProvidersForTest } from "./models-config.e2e-harness.js";
 
+type AuthProfilesFile = {
+  version: 1;
+  profiles: Record<string, Record<string, unknown>>;
+};
+
 describe("provider discovery auth marker guardrails", () => {
   let originalVitest: string | undefined;
   let originalNodeEnv: string | undefined;
@@ -35,33 +40,35 @@ describe("provider discovery auth marker guardrails", () => {
     delete process.env.NODE_ENV;
   }
 
-  it("does not send marker value as vLLM bearer token during discovery", async () => {
-    enableDiscovery();
-    const fetchMock = vi.fn().mockResolvedValue({
-      ok: true,
-      json: async () => ({ data: [] }),
-    });
+  function installFetchMock(response?: unknown) {
+    const fetchMock =
+      response === undefined
+        ? vi.fn()
+        : vi.fn().mockResolvedValue({ ok: true, json: async () => response });
     globalThis.fetch = fetchMock as unknown as typeof fetch;
+    return fetchMock;
+  }
 
+  async function createAgentDirWithAuthProfiles(profiles: AuthProfilesFile["profiles"]) {
     const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-"));
     await writeFile(
       join(agentDir, "auth-profiles.json"),
-      JSON.stringify(
-        {
-          version: 1,
-          profiles: {
-            "vllm:default": {
-              type: "api_key",
-              provider: "vllm",
-              keyRef: { source: "file", provider: "vault", id: "/vllm/apiKey" },
-            },
-          },
-        },
-        null,
-        2,
-      ),
+      JSON.stringify({ version: 1, profiles } satisfies AuthProfilesFile, null, 2),
       "utf8",
     );
+    return agentDir;
+  }
+
+  it("does not send marker value as vLLM bearer token during discovery", async () => {
+    enableDiscovery();
+    const fetchMock = installFetchMock({ data: [] });
+    const agentDir = await createAgentDirWithAuthProfiles({
+      "vllm:default": {
+        type: "api_key",
+        provider: "vllm",
+        keyRef: { source: "file", provider: "vault", id: "/vllm/apiKey" },
+      },
+    });
 
     const providers = await resolveImplicitProvidersForTest({ agentDir, env: {} });
     expect(providers?.vllm?.apiKey).toBe(NON_ENV_SECRETREF_MARKER);
@@ -73,28 +80,14 @@ describe("provider discovery auth marker guardrails", () => {
 
   it("does not call Hugging Face discovery with marker-backed credentials", async () => {
     enableDiscovery();
-    const fetchMock = vi.fn();
-    globalThis.fetch = fetchMock as unknown as typeof fetch;
-
-    const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-"));
-    await writeFile(
-      join(agentDir, "auth-profiles.json"),
-      JSON.stringify(
-        {
-          version: 1,
-          profiles: {
-            "huggingface:default": {
-              type: "api_key",
-              provider: "huggingface",
-              keyRef: { source: "exec", provider: "vault", id: "providers/hf/token" },
-            },
-          },
-        },
-        null,
-        2,
-      ),
-      "utf8",
-    );
+    const fetchMock = installFetchMock();
+    const agentDir = await createAgentDirWithAuthProfiles({
+      "huggingface:default": {
+        type: "api_key",
+        provider: "huggingface",
+        keyRef: { source: "exec", provider: "vault", id: "providers/hf/token" },
+      },
+    });
 
     const providers = await resolveImplicitProvidersForTest({ agentDir, env: {} });
     expect(providers?.huggingface?.apiKey).toBe(NON_ENV_SECRETREF_MARKER);
@@ -106,31 +99,14 @@ describe("provider discovery auth marker guardrails", () => {
 
   it("keeps all-caps plaintext API keys for authenticated discovery", async () => {
     enableDiscovery();
-    const fetchMock = vi.fn().mockResolvedValue({
-      ok: true,
-      json: async () => ({ data: [{ id: "vllm/test-model" }] }),
+    const fetchMock = installFetchMock({ data: [{ id: "vllm/test-model" }] });
+    const agentDir = await createAgentDirWithAuthProfiles({
+      "vllm:default": {
+        type: "api_key",
+        provider: "vllm",
+        key: "ALLCAPS_SAMPLE",
+      },
     });
-    globalThis.fetch = fetchMock as unknown as typeof fetch;
-
-    const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-"));
-    await writeFile(
-      join(agentDir, "auth-profiles.json"),
-      JSON.stringify(
-        {
-          version: 1,
-          profiles: {
-            "vllm:default": {
-              type: "api_key",
-              provider: "vllm",
-              key: "ALLCAPS_SAMPLE",
-            },
-          },
-        },
-        null,
-        2,
-      ),
-      "utf8",
-    );
 
     await resolveImplicitProvidersForTest({ agentDir, env: {} });
     const vllmCall = fetchMock.mock.calls.find(([url]) => String(url).includes(":8000"));
diff --git a/src/agents/models-config.providers.google-antigravity.test.ts b/src/agents/models-config.providers.google-antigravity.test.ts
index 3886b237e27..ea20608b866 100644
--- a/src/agents/models-config.providers.google-antigravity.test.ts
+++ b/src/agents/models-config.providers.google-antigravity.test.ts
@@ -97,3 +97,33 @@ describe("google-antigravity provider normalization", () => {
     expect(normalized).toBe(providers);
   });
 });
+
+describe("google-vertex provider normalization", () => {
+  it("normalizes gemini flash-lite IDs for google-vertex providers", () => {
+    const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-"));
+    const providers = {
+      "google-vertex": buildProvider(["gemini-3.1-flash-lite", "gemini-3-flash-preview"]),
+      openai: buildProvider(["gpt-5"]),
+    };
+
+    const normalized = normalizeProviders({ providers, agentDir });
+
+    expect(normalized).not.toBe(providers);
+    expect(normalized?.["google-vertex"]?.models.map((model) => model.id)).toEqual([
+      "gemini-3.1-flash-lite-preview",
+      "gemini-3-flash-preview",
+    ]);
+    expect(normalized?.openai).toBe(providers.openai);
+  });
+
+  it("returns original providers object when no google-vertex IDs need normalization", () => {
+    const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-"));
+    const providers = {
+      "google-vertex": buildProvider(["gemini-3.1-flash-lite-preview", "gemini-3-flash-preview"]),
+    };
+
+    const normalized = normalizeProviders({ providers, agentDir });
+
+    expect(normalized).toBe(providers);
+  });
+});
diff --git a/src/agents/models-config.providers.ts b/src/agents/models-config.providers.ts
index 4c9febf2ef1..b4ef8f4b0b1 100644
--- a/src/agents/models-config.providers.ts
+++ b/src/agents/models-config.providers.ts
@@ -545,7 +545,7 @@ export function normalizeProviders(params: {
       }
     }
 
-    if (normalizedKey === "google") {
+    if (normalizedKey === "google" || normalizedKey === "google-vertex") {
       const googleNormalized = normalizeGoogleProvider(normalizedProvider);
       if (googleNormalized !== normalizedProvider) {
         mutated = true;
diff --git a/src/agents/pi-embedded-helpers.isbillingerrormessage.test.ts b/src/agents/pi-embedded-helpers.isbillingerrormessage.test.ts
index e8578c7feb2..8c0a0b1994d 100644
--- a/src/agents/pi-embedded-helpers.isbillingerrormessage.test.ts
+++ b/src/agents/pi-embedded-helpers.isbillingerrormessage.test.ts
@@ -55,6 +55,14 @@ function expectMessageMatches(
   }
 }
 
+function expectTimeoutFailoverSamples(samples: readonly string[]) {
+  for (const sample of samples) {
+    expect(isTimeoutErrorMessage(sample)).toBe(true);
+    expect(classifyFailoverReason(sample)).toBe("timeout");
+    expect(isFailoverErrorMessage(sample)).toBe(true);
+  }
+}
+
 describe("isAuthPermanentErrorMessage", () => {
   it.each([
     {
@@ -567,36 +575,26 @@ describe("isFailoverErrorMessage", () => {
   });
 
   it("matches abort stop-reason timeout variants", () => {
-    const samples = [
+    expectTimeoutFailoverSamples([
       "Unhandled stop reason: abort",
       "Unhandled stop reason: error",
       "stop reason: abort",
       "stop reason: error",
       "reason: abort",
       "reason: error",
-    ];
-    for (const sample of samples) {
-      expect(isTimeoutErrorMessage(sample)).toBe(true);
-      expect(classifyFailoverReason(sample)).toBe("timeout");
-      expect(isFailoverErrorMessage(sample)).toBe(true);
-    }
+    ]);
   });
 
   it("matches Gemini MALFORMED_RESPONSE stop reason as timeout (#42149)", () => {
-    const samples = [
+    expectTimeoutFailoverSamples([
       "Unhandled stop reason: MALFORMED_RESPONSE",
       "Unhandled stop reason: malformed_response",
       "stop reason: MALFORMED_RESPONSE",
-    ];
-    for (const sample of samples) {
-      expect(isTimeoutErrorMessage(sample)).toBe(true);
-      expect(classifyFailoverReason(sample)).toBe("timeout");
-      expect(isFailoverErrorMessage(sample)).toBe(true);
-    }
+    ]);
   });
 
   it("matches network errno codes in serialized error messages", () => {
-    const samples = [
+    expectTimeoutFailoverSamples([
       "Error: connect ETIMEDOUT 10.0.0.1:443",
       "Error: connect ESOCKETTIMEDOUT 10.0.0.1:443",
       "Error: connect EHOSTUNREACH 10.0.0.1:443",
@@ -604,25 +602,15 @@ describe("isFailoverErrorMessage", () => {
       "Error: write EPIPE",
       "Error: read ENETRESET",
       "Error: connect EHOSTDOWN 192.168.1.1:443",
-    ];
-    for (const sample of samples) {
-      expect(isTimeoutErrorMessage(sample)).toBe(true);
-      expect(classifyFailoverReason(sample)).toBe("timeout");
-      expect(isFailoverErrorMessage(sample)).toBe(true);
-    }
+    ]);
   });
 
   it("matches z.ai network_error stop reason as timeout", () => {
-    const samples = [
+    expectTimeoutFailoverSamples([
       "Unhandled stop reason: network_error",
       "stop reason: network_error",
       "reason: network_error",
-    ];
-    for (const sample of samples) {
-      expect(isTimeoutErrorMessage(sample)).toBe(true);
-      expect(classifyFailoverReason(sample)).toBe("timeout");
-      expect(isFailoverErrorMessage(sample)).toBe(true);
-    }
+    ]);
   });
 
   it("does not classify MALFORMED_FUNCTION_CALL as timeout", () => {
diff --git a/src/agents/pi-embedded-runner.sanitize-session-history.test.ts b/src/agents/pi-embedded-runner.sanitize-session-history.test.ts
index 2a71e0c95a3..2003523e03f 100644
--- a/src/agents/pi-embedded-runner.sanitize-session-history.test.ts
+++ b/src/agents/pi-embedded-runner.sanitize-session-history.test.ts
@@ -177,6 +177,14 @@ describe("sanitizeSessionHistory", () => {
       AgentMessage & { usage?: unknown; content?: unknown }
     >;
 
+  const getSingleAssistantUsage = async (messages: AgentMessage[]) => {
+    vi.mocked(mockedHelpers.isGoogleModelApi).mockReturnValue(false);
+    const result = await sanitizeOpenAIHistory(messages);
+    return result.find((message) => message.role === "assistant") as
+      | (AgentMessage & { usage?: unknown })
+      | undefined;
+  };
+
   beforeEach(async () => {
     testTimestamp = 1;
     const harness = await loadSanitizeSessionHistoryWithCleanMocks();
@@ -358,43 +366,33 @@ describe("sanitizeSessionHistory", () => {
   });
 
   it("adds a zeroed assistant usage snapshot when usage is missing", async () => {
-    vi.mocked(mockedHelpers.isGoogleModelApi).mockReturnValue(false);
-
-    const messages = castAgentMessages([
-      { role: "user", content: "question" },
-      {
-        role: "assistant",
-        content: [{ type: "text", text: "answer without usage" }],
-      },
-    ]);
-
-    const result = await sanitizeOpenAIHistory(messages);
-    const assistant = result.find((message) => message.role === "assistant") as
-      | (AgentMessage & { usage?: unknown })
-      | undefined;
+    const assistant = await getSingleAssistantUsage(
+      castAgentMessages([
+        { role: "user", content: "question" },
+        {
+          role: "assistant",
+          content: [{ type: "text", text: "answer without usage" }],
+        },
+      ]),
+    );
 
     expect(assistant?.usage).toEqual(makeZeroUsageSnapshot());
   });
 
   it("normalizes mixed partial assistant usage fields to numeric totals", async () => {
-    vi.mocked(mockedHelpers.isGoogleModelApi).mockReturnValue(false);
-
-    const messages = castAgentMessages([
-      { role: "user", content: "question" },
-      {
-        role: "assistant",
-        content: [{ type: "text", text: "answer with partial usage" }],
-        usage: {
-          output: 3,
-          cache_read_input_tokens: 9,
+    const assistant = await getSingleAssistantUsage(
+      castAgentMessages([
+        { role: "user", content: "question" },
+        {
+          role: "assistant",
+          content: [{ type: "text", text: "answer with partial usage" }],
+          usage: {
+            output: 3,
+            cache_read_input_tokens: 9,
+          },
         },
-      },
-    ]);
-
-    const result = await sanitizeOpenAIHistory(messages);
-    const assistant = result.find((message) => message.role === "assistant") as
-      | (AgentMessage & { usage?: unknown })
-      | undefined;
+      ]),
+    );
 
     expect(assistant?.usage).toEqual({
       input: 0,
@@ -406,31 +404,26 @@ describe("sanitizeSessionHistory", () => {
   });
 
   it("preserves existing usage cost while normalizing token fields", async () => {
-    vi.mocked(mockedHelpers.isGoogleModelApi).mockReturnValue(false);
-
-    const messages = castAgentMessages([
-      { role: "user", content: "question" },
-      {
-        role: "assistant",
-        content: [{ type: "text", text: "answer with partial usage and cost" }],
-        usage: {
-          output: 3,
-          cache_read_input_tokens: 9,
-          cost: {
-            input: 1.25,
-            output: 2.5,
-            cacheRead: 0.25,
-            cacheWrite: 0,
-            total: 4,
+    const assistant = await getSingleAssistantUsage(
+      castAgentMessages([
+        { role: "user", content: "question" },
+        {
+          role: "assistant",
+          content: [{ type: "text", text: "answer with partial usage and cost" }],
+          usage: {
+            output: 3,
+            cache_read_input_tokens: 9,
+            cost: {
+              input: 1.25,
+              output: 2.5,
+              cacheRead: 0.25,
+              cacheWrite: 0,
+              total: 4,
+            },
           },
         },
-      },
-    ]);
-
-    const result = await sanitizeOpenAIHistory(messages);
-    const assistant = result.find((message) => message.role === "assistant") as
-      | (AgentMessage & { usage?: unknown })
-      | undefined;
+      ]),
+    );
 
     expect(assistant?.usage).toEqual({
       ...makeZeroUsageSnapshot(),
@@ -450,27 +443,22 @@ describe("sanitizeSessionHistory", () => {
   });
 
   it("preserves unknown cost when token fields already match", async () => {
-    vi.mocked(mockedHelpers.isGoogleModelApi).mockReturnValue(false);
-
-    const messages = castAgentMessages([
-      { role: "user", content: "question" },
-      {
-        role: "assistant",
-        content: [{ type: "text", text: "answer with complete numeric usage but no cost" }],
-        usage: {
-          input: 1,
-          output: 2,
-          cacheRead: 3,
-          cacheWrite: 4,
-          totalTokens: 10,
+    const assistant = await getSingleAssistantUsage(
+      castAgentMessages([
+        { role: "user", content: "question" },
+        {
+          role: "assistant",
+          content: [{ type: "text", text: "answer with complete numeric usage but no cost" }],
+          usage: {
+            input: 1,
+            output: 2,
+            cacheRead: 3,
+            cacheWrite: 4,
+            totalTokens: 10,
+          },
         },
-      },
-    ]);
-
-    const result = await sanitizeOpenAIHistory(messages);
-    const assistant = result.find((message) => message.role === "assistant") as
-      | (AgentMessage & { usage?: unknown })
-      | undefined;
+      ]),
+    );
 
     expect(assistant?.usage).toEqual({
       input: 1,
diff --git a/src/agents/pi-embedded-runner/anthropic-stream-wrappers.ts b/src/agents/pi-embedded-runner/anthropic-stream-wrappers.ts
index 19b5701eaaa..e04de8a5d6b 100644
--- a/src/agents/pi-embedded-runner/anthropic-stream-wrappers.ts
+++ b/src/agents/pi-embedded-runner/anthropic-stream-wrappers.ts
@@ -75,6 +75,17 @@ function resolveAnthropicFastServiceTier(enabled: boolean): AnthropicServiceTier
   return enabled ? "auto" : "standard_only";
 }
 
+function hasOpenAiAnthropicToolPayloadCompatFlag(model: { compat?: unknown }): boolean {
+  if (!model.compat || typeof model.compat !== "object" || Array.isArray(model.compat)) {
+    return false;
+  }
+
+  return (
+    (model.compat as { requiresOpenAiAnthropicToolPayload?: unknown })
+      .requiresOpenAiAnthropicToolPayload === true
+  );
+}
+
 function requiresAnthropicToolPayloadCompatibilityForModel(model: {
   api?: unknown;
   provider?: unknown;
@@ -90,15 +101,7 @@ function requiresAnthropicToolPayloadCompatibilityForModel(model: {
   ) {
     return true;
   }
-
-  if (!model.compat || typeof model.compat !== "object" || Array.isArray(model.compat)) {
-    return false;
-  }
-
-  return (
-    (model.compat as { requiresOpenAiAnthropicToolPayload?: unknown })
-      .requiresOpenAiAnthropicToolPayload === true
-  );
+  return hasOpenAiAnthropicToolPayloadCompatFlag(model);
 }
 
 function usesOpenAiFunctionAnthropicToolSchemaForModel(model: {
@@ -108,13 +111,7 @@ function usesOpenAiFunctionAnthropicToolSchemaForModel(model: {
   if (typeof model.provider === "string" && usesOpenAiFunctionAnthropicToolSchema(model.provider)) {
     return true;
   }
-  if (!model.compat || typeof model.compat !== "object" || Array.isArray(model.compat)) {
-    return false;
-  }
-  return (
-    (model.compat as { requiresOpenAiAnthropicToolPayload?: unknown })
-      .requiresOpenAiAnthropicToolPayload === true
-  );
+  return hasOpenAiAnthropicToolPayloadCompatFlag(model);
 }
 
 function usesOpenAiStringModeAnthropicToolChoiceForModel(model: {
@@ -127,13 +124,7 @@ function usesOpenAiStringModeAnthropicToolChoiceForModel(model: {
   ) {
     return true;
   }
-  if (!model.compat || typeof model.compat !== "object" || Array.isArray(model.compat)) {
-    return false;
-  }
-  return (
-    (model.compat as { requiresOpenAiAnthropicToolPayload?: unknown })
-      .requiresOpenAiAnthropicToolPayload === true
-  );
+  return hasOpenAiAnthropicToolPayloadCompatFlag(model);
 }
 
 function normalizeOpenAiFunctionAnthropicToolDefinition(
diff --git a/src/agents/pi-embedded-runner/compact.hooks.test.ts b/src/agents/pi-embedded-runner/compact.hooks.test.ts
index a35060173ff..af7cfd7e1bf 100644
--- a/src/agents/pi-embedded-runner/compact.hooks.test.ts
+++ b/src/agents/pi-embedded-runner/compact.hooks.test.ts
@@ -93,6 +93,8 @@ vi.mock("@mariozechner/pi-ai/oauth", () => ({
 
 vi.mock("@mariozechner/pi-coding-agent", () => {
   return {
+    AuthStorage: class AuthStorage {},
+    ModelRegistry: class ModelRegistry {},
     createAgentSession: vi.fn(async () => {
       const session = {
         sessionId: "session-1",
@@ -324,6 +326,57 @@ import { getApiProvider, unregisterApiProviders } from "@mariozechner/pi-ai";
 import { getCustomApiRegistrySourceId } from "../custom-api-registry.js";
 import { compactEmbeddedPiSessionDirect, compactEmbeddedPiSession } from "./compact.js";
 
+const TEST_SESSION_ID = "session-1";
+const TEST_SESSION_KEY = "agent:main:session-1";
+const TEST_SESSION_FILE = "/tmp/session.jsonl";
+const TEST_WORKSPACE_DIR = "/tmp";
+const TEST_CUSTOM_INSTRUCTIONS = "focus on decisions";
+
+function mockResolvedModel() {
+  resolveModelMock.mockReset();
+  resolveModelMock.mockReturnValue({
+    model: { provider: "openai", api: "responses", id: "fake", input: [] },
+    error: null,
+    authStorage: { setRuntimeApiKey: vi.fn() },
+    modelRegistry: {},
+  });
+}
+
+function compactionConfig(mode: "await" | "off" | "async") {
+  return {
+    agents: {
+      defaults: {
+        compaction: {
+          postIndexSync: mode,
+        },
+      },
+    },
+  } as never;
+}
+
+function directCompactionArgs(overrides: Record<string, unknown> = {}) {
+  return {
+    sessionId: TEST_SESSION_ID,
+    sessionKey: TEST_SESSION_KEY,
+    sessionFile: TEST_SESSION_FILE,
+    workspaceDir: TEST_WORKSPACE_DIR,
+    customInstructions: TEST_CUSTOM_INSTRUCTIONS,
+    ...overrides,
+  };
+}
+
+function wrappedCompactionArgs(overrides: Record<string, unknown> = {}) {
+  return {
+    sessionId: TEST_SESSION_ID,
+    sessionKey: TEST_SESSION_KEY,
+    sessionFile: TEST_SESSION_FILE,
+    workspaceDir: TEST_WORKSPACE_DIR,
+    customInstructions: TEST_CUSTOM_INSTRUCTIONS,
+    enqueue: async <T>(task: () => Promise<T> | T) => await task(),
+    ...overrides,
+  };
+}
+
 const sessionHook = (action: string) =>
   triggerInternalHook.mock.calls.find(
     (call) => call[0]?.type === "session" && call[0]?.action === action,
@@ -336,13 +389,7 @@ describe("compactEmbeddedPiSessionDirect hooks", () => {
     hookRunner.hasHooks.mockReset();
     hookRunner.runBeforeCompaction.mockReset();
     hookRunner.runAfterCompaction.mockReset();
-    resolveModelMock.mockReset();
-    resolveModelMock.mockReturnValue({
-      model: { provider: "openai", api: "responses", id: "fake", input: [] },
-      error: null,
-      authStorage: { setRuntimeApiKey: vi.fn() },
-      modelRegistry: {},
-    });
+    mockResolvedModel();
     sessionCompactImpl.mockReset();
     sessionCompactImpl.mockResolvedValue({
       summary: "summary",
@@ -376,14 +423,12 @@ describe("compactEmbeddedPiSessionDirect hooks", () => {
     unregisterApiProviders(getCustomApiRegistrySourceId("ollama"));
   });
 
-  async function runDirectCompaction(customInstructions = "focus on decisions") {
-    return await compactEmbeddedPiSessionDirect({
-      sessionId: "session-1",
-      sessionKey: "agent:main:session-1",
-      sessionFile: "/tmp/session.jsonl",
-      workspaceDir: "/tmp",
-      customInstructions,
-    });
+  async function runDirectCompaction(customInstructions = TEST_CUSTOM_INSTRUCTIONS) {
+    return await compactEmbeddedPiSessionDirect(
+      directCompactionArgs({
+        customInstructions,
+      }),
+    );
   }
 
   it("bootstraps runtime plugins with the resolved workspace", async () => {
@@ -594,26 +639,15 @@ describe("compactEmbeddedPiSessionDirect hooks", () => {
       },
     });
 
-    const result = await compactEmbeddedPiSessionDirect({
-      sessionId: "session-1",
-      sessionKey: "agent:main:session-1",
-      sessionFile: "/tmp/session.jsonl",
-      workspaceDir: "/tmp",
-      customInstructions: "focus on decisions",
-      config: {
-        agents: {
-          defaults: {
-            compaction: {
-              postIndexSync: "await",
-            },
-          },
-        },
-      } as never,
-    });
+    const result = await compactEmbeddedPiSessionDirect(
+      directCompactionArgs({
+        config: compactionConfig("await"),
+      }),
+    );
 
     expect(result.ok).toBe(true);
     expect(resolveSessionAgentIdMock).toHaveBeenCalledWith({
-      sessionKey: "agent:main:session-1",
+      sessionKey: TEST_SESSION_KEY,
       config: expect.any(Object),
     });
     expect(getMemorySearchManagerMock).not.toHaveBeenCalled();
@@ -629,22 +663,11 @@ describe("compactEmbeddedPiSessionDirect hooks", () => {
     getMemorySearchManagerMock.mockResolvedValue({ manager: { sync } });
     let settled = false;
 
-    const resultPromise = compactEmbeddedPiSessionDirect({
-      sessionId: "session-1",
-      sessionKey: "agent:main:session-1",
-      sessionFile: "/tmp/session.jsonl",
-      workspaceDir: "/tmp",
-      customInstructions: "focus on decisions",
-      config: {
-        agents: {
-          defaults: {
-            compaction: {
-              postIndexSync: "await",
-            },
-          },
-        },
-      } as never,
-    });
+    const resultPromise = compactEmbeddedPiSessionDirect(
+      directCompactionArgs({
+        config: compactionConfig("await"),
+      }),
+    );
 
     void resultPromise.then(() => {
       settled = true;
@@ -652,7 +675,7 @@ describe("compactEmbeddedPiSessionDirect hooks", () => {
     await vi.waitFor(() => {
       expect(sync).toHaveBeenCalledWith({
         reason: "post-compaction",
-        sessionFiles: ["/tmp/session.jsonl"],
+        sessionFiles: [TEST_SESSION_FILE],
       });
     });
     expect(settled).toBe(false);
@@ -666,22 +689,11 @@ describe("compactEmbeddedPiSessionDirect hooks", () => {
     const sync = vi.fn(async () => {});
     getMemorySearchManagerMock.mockResolvedValue({ manager: { sync } });
 
-    const result = await compactEmbeddedPiSessionDirect({
-      sessionId: "session-1",
-      sessionKey: "agent:main:session-1",
-      sessionFile: "/tmp/session.jsonl",
-      workspaceDir: "/tmp",
-      customInstructions: "focus on decisions",
-      config: {
-        agents: {
-          defaults: {
-            compaction: {
-              postIndexSync: "off",
-            },
-          },
-        },
-      } as never,
-    });
+    const result = await compactEmbeddedPiSessionDirect(
+      directCompactionArgs({
+        config: compactionConfig("off"),
+      }),
+    );
 
     expect(result.ok).toBe(true);
     expect(resolveSessionAgentIdMock).not.toHaveBeenCalled();
@@ -698,22 +710,11 @@ describe("compactEmbeddedPiSessionDirect hooks", () => {
     getMemorySearchManagerMock.mockImplementation(() => managerGate);
     let settled = false;
 
-    const resultPromise = compactEmbeddedPiSessionDirect({
-      sessionId: "session-1",
-      sessionKey: "agent:main:session-1",
-      sessionFile: "/tmp/session.jsonl",
-      workspaceDir: "/tmp",
-      customInstructions: "focus on decisions",
-      config: {
-        agents: {
-          defaults: {
-            compaction: {
-              postIndexSync: "async",
-            },
-          },
-        },
-      } as never,
-    });
+    const resultPromise = compactEmbeddedPiSessionDirect(
+      directCompactionArgs({
+        config: compactionConfig("async"),
+      }),
+    );
 
     await vi.waitFor(() => {
       expect(getMemorySearchManagerMock).toHaveBeenCalledTimes(1);
@@ -730,7 +731,7 @@ describe("compactEmbeddedPiSessionDirect hooks", () => {
     await vi.waitFor(() => {
       expect(sync).toHaveBeenCalledWith({
         reason: "post-compaction",
-        sessionFiles: ["/tmp/session.jsonl"],
+        sessionFiles: [TEST_SESSION_FILE],
       });
     });
     const result = await resultPromise;
@@ -790,35 +791,25 @@ describe("compactEmbeddedPiSession hooks (ownsCompaction engine)", () => {
       reason: undefined,
       result: { summary: "engine-summary", tokensAfter: 50 },
     });
-    resolveModelMock.mockReset();
-    resolveModelMock.mockReturnValue({
-      model: { provider: "openai", api: "responses", id: "fake", input: [] },
-      error: null,
-      authStorage: { setRuntimeApiKey: vi.fn() },
-      modelRegistry: {},
-    });
+    mockResolvedModel();
   });
 
   it("fires before_compaction with sentinel -1 and after_compaction on success", async () => {
     hookRunner.hasHooks.mockReturnValue(true);
 
-    const result = await compactEmbeddedPiSession({
-      sessionId: "session-1",
-      sessionKey: "agent:main:session-1",
-      sessionFile: "/tmp/session.jsonl",
-      workspaceDir: "/tmp",
-      messageChannel: "telegram",
-      customInstructions: "focus on decisions",
-      enqueue: (task) => task(),
-    });
+    const result = await compactEmbeddedPiSession(
+      wrappedCompactionArgs({
+        messageChannel: "telegram",
+      }),
+    );
 
     expect(result.ok).toBe(true);
     expect(result.compacted).toBe(true);
 
     expect(hookRunner.runBeforeCompaction).toHaveBeenCalledWith(
-      { messageCount: -1, sessionFile: "/tmp/session.jsonl" },
+      { messageCount: -1, sessionFile: TEST_SESSION_FILE },
       expect.objectContaining({
-        sessionKey: "agent:main:session-1",
+        sessionKey: TEST_SESSION_KEY,
         messageProvider: "telegram",
       }),
     );
@@ -827,10 +818,10 @@ describe("compactEmbeddedPiSession hooks (ownsCompaction engine)", () => {
         messageCount: -1,
         compactedCount: -1,
         tokenCount: 50,
-        sessionFile: "/tmp/session.jsonl",
+        sessionFile: TEST_SESSION_FILE,
       },
       expect.objectContaining({
-        sessionKey: "agent:main:session-1",
+        sessionKey: TEST_SESSION_KEY,
         messageProvider: "telegram",
       }),
     );
@@ -843,30 +834,19 @@ describe("compactEmbeddedPiSession hooks (ownsCompaction engine)", () => {
     getMemorySearchManagerMock.mockResolvedValue({ manager: { sync } });
 
     try {
-      const result = await compactEmbeddedPiSession({
-        sessionId: "session-1",
-        sessionKey: "agent:main:session-1",
-        sessionFile: "  /tmp/session.jsonl  ",
-        workspaceDir: "/tmp",
-        customInstructions: "focus on decisions",
-        enqueue: (task) => task(),
-        config: {
-          agents: {
-            defaults: {
-              compaction: {
-                postIndexSync: "await",
-              },
-            },
-          },
-        } as never,
-      });
+      const result = await compactEmbeddedPiSession(
+        wrappedCompactionArgs({
+          sessionFile: `  ${TEST_SESSION_FILE}  `,
+          config: compactionConfig("await"),
+        }),
+      );
 
       expect(result.ok).toBe(true);
       expect(listener).toHaveBeenCalledTimes(1);
-      expect(listener).toHaveBeenCalledWith({ sessionFile: "/tmp/session.jsonl" });
+      expect(listener).toHaveBeenCalledWith({ sessionFile: TEST_SESSION_FILE });
       expect(sync).toHaveBeenCalledWith({
         reason: "post-compaction",
-        sessionFiles: ["/tmp/session.jsonl"],
+        sessionFiles: [TEST_SESSION_FILE],
       });
     } finally {
       cleanup();
@@ -884,14 +864,7 @@ describe("compactEmbeddedPiSession hooks (ownsCompaction engine)", () => {
       result: undefined,
     });
 
-    const result = await compactEmbeddedPiSession({
-      sessionId: "session-1",
-      sessionKey: "agent:main:session-1",
-      sessionFile: "/tmp/session.jsonl",
-      workspaceDir: "/tmp",
-      customInstructions: "focus on decisions",
-      enqueue: (task) => task(),
-    });
+    const result = await compactEmbeddedPiSession(wrappedCompactionArgs());
 
     expect(result.ok).toBe(false);
     expect(hookRunner.runBeforeCompaction).toHaveBeenCalled();
@@ -910,23 +883,11 @@ describe("compactEmbeddedPiSession hooks (ownsCompaction engine)", () => {
     });
 
     try {
-      const result = await compactEmbeddedPiSession({
-        sessionId: "session-1",
-        sessionKey: "agent:main:session-1",
-        sessionFile: "/tmp/session.jsonl",
-        workspaceDir: "/tmp",
-        customInstructions: "focus on decisions",
-        enqueue: (task) => task(),
-        config: {
-          agents: {
-            defaults: {
-              compaction: {
-                postIndexSync: "await",
-              },
-            },
-          },
-        } as never,
-      });
+      const result = await compactEmbeddedPiSession(
+        wrappedCompactionArgs({
+          config: compactionConfig("await"),
+        }),
+      );
 
       expect(result.ok).toBe(true);
       expect(listener).not.toHaveBeenCalled();
@@ -940,14 +901,7 @@ describe("compactEmbeddedPiSession hooks (ownsCompaction engine)", () => {
     hookRunner.hasHooks.mockReturnValue(true);
     hookRunner.runBeforeCompaction.mockRejectedValue(new Error("hook boom"));
 
-    const result = await compactEmbeddedPiSession({
-      sessionId: "session-1",
-      sessionKey: "agent:main:session-1",
-      sessionFile: "/tmp/session.jsonl",
-      workspaceDir: "/tmp",
-      customInstructions: "focus on decisions",
-      enqueue: (task) => task(),
-    });
+    const result = await compactEmbeddedPiSession(wrappedCompactionArgs());
 
     expect(result.ok).toBe(true);
     expect(result.compacted).toBe(true);
diff --git a/src/agents/pi-embedded-runner/compact.ts b/src/agents/pi-embedded-runner/compact.ts
index b465ea7dc9c..63678333bed 100644
--- a/src/agents/pi-embedded-runner/compact.ts
+++ b/src/agents/pi-embedded-runner/compact.ts
@@ -7,6 +7,9 @@ import {
   estimateTokens,
   SessionManager,
 } from "@mariozechner/pi-coding-agent";
+import { resolveSignalReactionLevel } from "../../../extensions/signal/src/reaction-level.js";
+import { resolveTelegramInlineButtonsScope } from "../../../extensions/telegram/src/inline-buttons.js";
+import { resolveTelegramReactionLevel } from "../../../extensions/telegram/src/reaction-level.js";
 import { resolveHeartbeatPrompt } from "../../auto-reply/heartbeat.js";
 import type { ReasoningLevel, ThinkLevel } from "../../auto-reply/thinking.js";
 import { resolveChannelCapabilities } from "../../config/channel-capabilities.js";
@@ -23,9 +26,6 @@ import { getGlobalHookRunner } from "../../plugins/hook-runner-global.js";
 import { type enqueueCommand, enqueueCommandInLane } from "../../process/command-queue.js";
 import { isCronSessionKey, isSubagentSessionKey } from "../../routing/session-key.js";
 import { emitSessionTranscriptUpdate } from "../../sessions/transcript-events.js";
-import { resolveSignalReactionLevel } from "../../signal/reaction-level.js";
-import { resolveTelegramInlineButtonsScope } from "../../telegram/inline-buttons.js";
-import { resolveTelegramReactionLevel } from "../../telegram/reaction-level.js";
 import { buildTtsSystemPromptHint } from "../../tts/tts.js";
 import { resolveUserPath } from "../../utils.js";
 import { normalizeMessageChannel } from "../../utils/message-channel.js";
@@ -41,7 +41,11 @@ import { formatUserTime, resolveUserTimeFormat, resolveUserTimezone } from "../d
 import { DEFAULT_CONTEXT_TOKENS, DEFAULT_MODEL, DEFAULT_PROVIDER } from "../defaults.js";
 import { resolveOpenClawDocsPath } from "../docs-path.js";
 import { resolveMemorySearchConfig } from "../memory-search.js";
-import { getApiKeyForModel, resolveModelAuthMode } from "../model-auth.js";
+import {
+  applyLocalNoAuthHeaderOverride,
+  getApiKeyForModel,
+  resolveModelAuthMode,
+} from "../model-auth.js";
 import { supportsModelTools } from "../model-tool-support.js";
 import { ensureOpenClawModelsJson } from "../models-config.js";
 import { createConfiguredOllamaStreamFn } from "../ollama-stream.js";
@@ -429,8 +433,9 @@ export async function compactEmbeddedPiSessionDirect(
     const reason = error ?? `Unknown model: ${provider}/${modelId}`;
     return fail(reason);
   }
+  let apiKeyInfo: Awaited<ReturnType<typeof getApiKeyForModel>> | null = null;
   try {
-    const apiKeyInfo = await getApiKeyForModel({
+    apiKeyInfo = await getApiKeyForModel({
       model,
       cfg: params.config,
       profileId: authProfileId,
@@ -518,10 +523,12 @@ export async function compactEmbeddedPiSessionDirect(
       modelContextWindow: model.contextWindow,
       defaultTokens: DEFAULT_CONTEXT_TOKENS,
     });
-    const effectiveModel =
+    const effectiveModel = applyLocalNoAuthHeaderOverride(
       ctxInfo.tokens < (model.contextWindow ?? Infinity)
         ? { ...model, contextWindow: ctxInfo.tokens }
-        : model;
+        : model,
+      apiKeyInfo,
+    );
 
     const runAbortController = new AbortController();
     const toolsRaw = createOpenClawCodingTools({
diff --git a/src/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.ts b/src/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.ts
index 3e3d4a83461..53e73e6246d 100644
--- a/src/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.ts
+++ b/src/agents/pi-embedded-runner/run.overflow-compaction.mocks.shared.ts
@@ -209,9 +209,36 @@ vi.mock("../defaults.js", () => ({
   DEFAULT_PROVIDER: "anthropic",
 }));
 
+type MockFailoverErrorDescription = {
+  message: string;
+  reason: string | undefined;
+  status: number | undefined;
+  code: string | undefined;
+};
+
+type MockCoerceToFailoverError = (
+  err: unknown,
+  params?: { provider?: string; model?: string; profileId?: string },
+) => unknown;
+type MockDescribeFailoverError = (err: unknown) => MockFailoverErrorDescription;
+type MockResolveFailoverStatus = (reason: string) => number | undefined;
+
+export const mockedCoerceToFailoverError = vi.fn<MockCoerceToFailoverError>();
+export const mockedDescribeFailoverError = vi.fn<MockDescribeFailoverError>(
+  (err: unknown): MockFailoverErrorDescription => ({
+    message: err instanceof Error ? err.message : String(err),
+    reason: undefined,
+    status: undefined,
+    code: undefined,
+  }),
+);
+export const mockedResolveFailoverStatus = vi.fn<MockResolveFailoverStatus>();
+
 vi.mock("../failover-error.js", () => ({
   FailoverError: class extends Error {},
-  resolveFailoverStatus: vi.fn(),
+  coerceToFailoverError: mockedCoerceToFailoverError,
+  describeFailoverError: mockedDescribeFailoverError,
+  resolveFailoverStatus: mockedResolveFailoverStatus,
 }));
 
 vi.mock("./lanes.js", () => ({
diff --git a/src/agents/pi-embedded-runner/run.overflow-compaction.test.ts b/src/agents/pi-embedded-runner/run.overflow-compaction.test.ts
index b9f7707c0b6..d18123a4ae2 100644
--- a/src/agents/pi-embedded-runner/run.overflow-compaction.test.ts
+++ b/src/agents/pi-embedded-runner/run.overflow-compaction.test.ts
@@ -9,7 +9,12 @@ import {
   mockOverflowRetrySuccess,
   queueOverflowAttemptWithOversizedToolOutput,
 } from "./run.overflow-compaction.fixture.js";
-import { mockedGlobalHookRunner } from "./run.overflow-compaction.mocks.shared.js";
+import {
+  mockedCoerceToFailoverError,
+  mockedDescribeFailoverError,
+  mockedGlobalHookRunner,
+  mockedResolveFailoverStatus,
+} from "./run.overflow-compaction.mocks.shared.js";
 import {
   mockedContextEngine,
   mockedCompactDirect,
@@ -25,6 +30,9 @@ describe("runEmbeddedPiAgent overflow compaction trigger routing", () => {
     vi.clearAllMocks();
     mockedRunEmbeddedAttempt.mockReset();
     mockedCompactDirect.mockReset();
+    mockedCoerceToFailoverError.mockReset();
+    mockedDescribeFailoverError.mockReset();
+    mockedResolveFailoverStatus.mockReset();
     mockedSessionLikelyHasOversizedToolResults.mockReset();
     mockedTruncateOversizedToolResultsInSession.mockReset();
     mockedGlobalHookRunner.runBeforeAgentStart.mockReset();
@@ -36,6 +44,13 @@ describe("runEmbeddedPiAgent overflow compaction trigger routing", () => {
       compacted: false,
       reason: "nothing to compact",
     });
+    mockedCoerceToFailoverError.mockReturnValue(null);
+    mockedDescribeFailoverError.mockImplementation((err: unknown) => ({
+      message: err instanceof Error ? err.message : String(err),
+      reason: undefined,
+      status: undefined,
+      code: undefined,
+    }));
     mockedSessionLikelyHasOversizedToolResults.mockReturnValue(false);
     mockedTruncateOversizedToolResultsInSession.mockResolvedValue({
       truncated: false,
@@ -255,4 +270,57 @@ describe("runEmbeddedPiAgent overflow compaction trigger routing", () => {
     expect(result.meta.error?.kind).toBe("retry_limit");
     expect(result.payloads?.[0]?.isError).toBe(true);
   });
+
+  it("normalizes abort-wrapped prompt errors before handing off to model fallback", async () => {
+    const promptError = Object.assign(new Error("request aborted"), {
+      name: "AbortError",
+      cause: {
+        error: {
+          code: 429,
+          message: "Resource has been exhausted (e.g. check quota).",
+          status: "RESOURCE_EXHAUSTED",
+        },
+      },
+    });
+    const normalized = Object.assign(new Error("Resource has been exhausted (e.g. check quota)."), {
+      name: "FailoverError",
+      reason: "rate_limit",
+      status: 429,
+    });
+
+    mockedRunEmbeddedAttempt.mockResolvedValueOnce(makeAttemptResult({ promptError }));
+    mockedCoerceToFailoverError.mockReturnValueOnce(normalized);
+    mockedDescribeFailoverError.mockImplementation((err: unknown) => ({
+      message: err instanceof Error ? err.message : String(err),
+      reason: err === normalized ? "rate_limit" : undefined,
+      status: err === normalized ? 429 : undefined,
+      code: undefined,
+    }));
+    mockedResolveFailoverStatus.mockReturnValueOnce(429);
+
+    await expect(
+      runEmbeddedPiAgent({
+        ...overflowBaseRunParams,
+        config: {
+          agents: {
+            defaults: {
+              model: {
+                fallbacks: ["openai/gpt-5.2"],
+              },
+            },
+          },
+        },
+      }),
+    ).rejects.toBe(normalized);
+
+    expect(mockedCoerceToFailoverError).toHaveBeenCalledWith(
+      promptError,
+      expect.objectContaining({
+        provider: "anthropic",
+        model: "test-model",
+        profileId: "test-profile",
+      }),
+    );
+    expect(mockedResolveFailoverStatus).toHaveBeenCalledWith("rate_limit");
+  });
 });
diff --git a/src/agents/pi-embedded-runner/run.ts b/src/agents/pi-embedded-runner/run.ts
index dce7ff919d4..4ca6c0ea226 100644
--- a/src/agents/pi-embedded-runner/run.ts
+++ b/src/agents/pi-embedded-runner/run.ts
@@ -28,8 +28,14 @@ import {
   resolveContextWindowInfo,
 } from "../context-window-guard.js";
 import { DEFAULT_CONTEXT_TOKENS, DEFAULT_MODEL, DEFAULT_PROVIDER } from "../defaults.js";
-import { FailoverError, resolveFailoverStatus } from "../failover-error.js";
 import {
+  coerceToFailoverError,
+  describeFailoverError,
+  FailoverError,
+  resolveFailoverStatus,
+} from "../failover-error.js";
+import {
+  applyLocalNoAuthHeaderOverride,
   ensureAuthProfileStore,
   getApiKeyForModel,
   resolveAuthProfileOrder,
@@ -884,7 +890,7 @@ export async function runEmbeddedPiAgent(
             disableTools: params.disableTools,
             provider,
             modelId,
-            model: effectiveModel,
+            model: applyLocalNoAuthHeaderOverride(effectiveModel, apiKeyInfo),
             authProfileId: lastProfileId,
             authProfileIdSource: lockedProfileId ? "user" : "auto",
             authStorage,
@@ -1216,7 +1222,17 @@ export async function runEmbeddedPiAgent(
           }
 
           if (promptError && !aborted) {
-            const errorText = describeUnknownError(promptError);
+            // Normalize wrapped errors (e.g. abort-wrapped RESOURCE_EXHAUSTED) into
+            // FailoverError so rate-limit classification works even for nested shapes.
+            const normalizedPromptFailover = coerceToFailoverError(promptError, {
+              provider: activeErrorContext.provider,
+              model: activeErrorContext.model,
+              profileId: lastProfileId,
+            });
+            const promptErrorDetails = normalizedPromptFailover
+              ? describeFailoverError(normalizedPromptFailover)
+              : describeFailoverError(promptError);
+            const errorText = promptErrorDetails.message || describeUnknownError(promptError);
             if (await maybeRefreshCopilotForAuthError(errorText, copilotAuthRetry)) {
               authRetryPending = true;
               continue;
@@ -1280,14 +1296,16 @@ export async function runEmbeddedPiAgent(
                 },
               };
             }
-            const promptFailoverReason = classifyFailoverReason(errorText);
+            const promptFailoverReason =
+              promptErrorDetails.reason ?? classifyFailoverReason(errorText);
             const promptProfileFailureReason =
               resolveAuthProfileFailureReason(promptFailoverReason);
             await maybeMarkAuthProfileFailure({
               profileId: lastProfileId,
               reason: promptProfileFailureReason,
             });
-            const promptFailoverFailure = isFailoverErrorMessage(errorText);
+            const promptFailoverFailure =
+              promptFailoverReason !== null || isFailoverErrorMessage(errorText);
             // Capture the failing profile before auth-profile rotation mutates `lastProfileId`.
             const failedPromptProfileId = lastProfileId;
             const logPromptFailoverDecision = createFailoverDecisionLogger({
@@ -1329,13 +1347,16 @@ export async function runEmbeddedPiAgent(
               const status = resolveFailoverStatus(promptFailoverReason ?? "unknown");
               logPromptFailoverDecision("fallback_model", { status });
               await maybeBackoffBeforeOverloadFailover(promptFailoverReason);
-              throw new FailoverError(errorText, {
-                reason: promptFailoverReason ?? "unknown",
-                provider,
-                model: modelId,
-                profileId: lastProfileId,
-                status,
-              });
+              throw (
+                normalizedPromptFailover ??
+                new FailoverError(errorText, {
+                  reason: promptFailoverReason ?? "unknown",
+                  provider,
+                  model: modelId,
+                  profileId: lastProfileId,
+                  status: resolveFailoverStatus(promptFailoverReason ?? "unknown"),
+                })
+              );
             }
             if (promptFailoverFailure || promptFailoverReason) {
               logPromptFailoverDecision("surface_error");
diff --git a/src/agents/pi-embedded-runner/run/attempt.spawn-workspace.test.ts b/src/agents/pi-embedded-runner/run/attempt.spawn-workspace.test.ts
index 53edfbbc6cc..e67bb20d88d 100644
--- a/src/agents/pi-embedded-runner/run/attempt.spawn-workspace.test.ts
+++ b/src/agents/pi-embedded-runner/run/attempt.spawn-workspace.test.ts
@@ -290,7 +290,9 @@ async function cleanupTempPaths(tempPaths: string[]) {
   }
 }
 
-function createDefaultEmbeddedSession(): MutableSession {
+function createDefaultEmbeddedSession(params?: {
+  prompt?: (session: MutableSession) => Promise<void>;
+}): MutableSession {
   const session: MutableSession = {
     sessionId: "embedded-session",
     messages: [],
@@ -302,6 +304,10 @@ function createDefaultEmbeddedSession(): MutableSession {
       },
     },
     prompt: async () => {
+      if (params?.prompt) {
+        await params.prompt(session);
+        return;
+      }
       session.messages = [
         ...session.messages,
         { role: "assistant", content: "done", timestamp: 2 },
@@ -315,6 +321,24 @@ function createDefaultEmbeddedSession(): MutableSession {
   return session;
 }
 
+function createContextEngineBootstrapAndAssemble() {
+  return {
+    bootstrap: vi.fn(async (_params: { sessionKey?: string }) => ({ bootstrapped: true })),
+    assemble: vi.fn(async ({ messages }: { messages: AgentMessage[]; sessionKey?: string }) => ({
+      messages,
+      estimatedTokens: 1,
+    })),
+  };
+}
+
+function expectCalledWithSessionKey(mock: ReturnType<typeof vi.fn>, sessionKey: string) {
+  expect(mock).toHaveBeenCalledWith(
+    expect.objectContaining({
+      sessionKey,
+    }),
+  );
+}
+
 const testModel = {
   api: "openai-completions",
   provider: "openai",
@@ -366,16 +390,7 @@ describe("runEmbeddedAttempt sessions_spawn workspace inheritance", () => {
 
     hoisted.createAgentSessionMock.mockImplementation(
       async (params: { customTools: ToolDefinition[] }) => {
-        const session: MutableSession = {
-          sessionId: "embedded-session",
-          messages: [],
-          isCompacting: false,
-          isStreaming: false,
-          agent: {
-            replaceMessages: (messages: unknown[]) => {
-              session.messages = [...messages];
-            },
-          },
+        const session = createDefaultEmbeddedSession({
           prompt: async () => {
             const spawnTool = params.customTools.find((tool) => tool.name === "sessions_spawn");
             expect(spawnTool).toBeDefined();
@@ -390,10 +405,7 @@ describe("runEmbeddedAttempt sessions_spawn workspace inheritance", () => {
               {} as unknown as ExtensionContext,
             );
           },
-          abort: async () => {},
-          dispose: () => {},
-          steer: async () => {},
-        };
+        });
 
         return { session };
       },
@@ -650,13 +662,7 @@ describe("runEmbeddedAttempt context engine sessionKey forwarding", () => {
   }
 
   it("forwards sessionKey to bootstrap, assemble, and afterTurn", async () => {
-    const bootstrap = vi.fn(async (_params: { sessionKey?: string }) => ({ bootstrapped: true }));
-    const assemble = vi.fn(
-      async ({ messages }: { messages: AgentMessage[]; sessionKey?: string }) => ({
-        messages,
-        estimatedTokens: 1,
-      }),
-    );
+    const { bootstrap, assemble } = createContextEngineBootstrapAndAssemble();
     const afterTurn = vi.fn(async (_params: { sessionKey?: string }) => {});
 
     const result = await runAttemptWithContextEngine({
@@ -666,31 +672,13 @@ describe("runEmbeddedAttempt context engine sessionKey forwarding", () => {
     });
 
     expect(result.promptError).toBeNull();
-    expect(bootstrap).toHaveBeenCalledWith(
-      expect.objectContaining({
-        sessionKey,
-      }),
-    );
-    expect(assemble).toHaveBeenCalledWith(
-      expect.objectContaining({
-        sessionKey,
-      }),
-    );
-    expect(afterTurn).toHaveBeenCalledWith(
-      expect.objectContaining({
-        sessionKey,
-      }),
-    );
+    expectCalledWithSessionKey(bootstrap, sessionKey);
+    expectCalledWithSessionKey(assemble, sessionKey);
+    expectCalledWithSessionKey(afterTurn, sessionKey);
   });
 
   it("forwards sessionKey to ingestBatch when afterTurn is absent", async () => {
-    const bootstrap = vi.fn(async (_params: { sessionKey?: string }) => ({ bootstrapped: true }));
-    const assemble = vi.fn(
-      async ({ messages }: { messages: AgentMessage[]; sessionKey?: string }) => ({
-        messages,
-        estimatedTokens: 1,
-      }),
-    );
+    const { bootstrap, assemble } = createContextEngineBootstrapAndAssemble();
     const ingestBatch = vi.fn(
       async (_params: { sessionKey?: string; messages: AgentMessage[] }) => ({ ingestedCount: 1 }),
     );
@@ -702,21 +690,11 @@ describe("runEmbeddedAttempt context engine sessionKey forwarding", () => {
     });
 
     expect(result.promptError).toBeNull();
-    expect(ingestBatch).toHaveBeenCalledWith(
-      expect.objectContaining({
-        sessionKey,
-      }),
-    );
+    expectCalledWithSessionKey(ingestBatch, sessionKey);
   });
 
   it("forwards sessionKey to per-message ingest when ingestBatch is absent", async () => {
-    const bootstrap = vi.fn(async (_params: { sessionKey?: string }) => ({ bootstrapped: true }));
-    const assemble = vi.fn(
-      async ({ messages }: { messages: AgentMessage[]; sessionKey?: string }) => ({
-        messages,
-        estimatedTokens: 1,
-      }),
-    );
+    const { bootstrap, assemble } = createContextEngineBootstrapAndAssemble();
     const ingest = vi.fn(async (_params: { sessionKey?: string; message: AgentMessage }) => ({
       ingested: true,
     }));
diff --git a/src/agents/pi-embedded-runner/run/attempt.ts b/src/agents/pi-embedded-runner/run/attempt.ts
index 274ef0ef865..a4cf2d75260 100644
--- a/src/agents/pi-embedded-runner/run/attempt.ts
+++ b/src/agents/pi-embedded-runner/run/attempt.ts
@@ -7,6 +7,9 @@ import {
   DefaultResourceLoader,
   SessionManager,
 } from "@mariozechner/pi-coding-agent";
+import { resolveSignalReactionLevel } from "../../../../extensions/signal/src/reaction-level.js";
+import { resolveTelegramInlineButtonsScope } from "../../../../extensions/telegram/src/inline-buttons.js";
+import { resolveTelegramReactionLevel } from "../../../../extensions/telegram/src/reaction-level.js";
 import { resolveHeartbeatPrompt } from "../../../auto-reply/heartbeat.js";
 import { resolveChannelCapabilities } from "../../../config/channel-capabilities.js";
 import type { OpenClawConfig } from "../../../config/config.js";
@@ -24,9 +27,6 @@ import type {
 } from "../../../plugins/types.js";
 import { isCronSessionKey, isSubagentSessionKey } from "../../../routing/session-key.js";
 import { joinPresentTextSegments } from "../../../shared/text/join-segments.js";
-import { resolveSignalReactionLevel } from "../../../signal/reaction-level.js";
-import { resolveTelegramInlineButtonsScope } from "../../../telegram/inline-buttons.js";
-import { resolveTelegramReactionLevel } from "../../../telegram/reaction-level.js";
 import { buildTtsSystemPromptHint } from "../../../tts/tts.js";
 import { resolveUserPath } from "../../../utils.js";
 import { normalizeMessageChannel } from "../../../utils/message-channel.js";
@@ -111,6 +111,7 @@ import {
   clearActiveEmbeddedRun,
   type EmbeddedPiQueueHandle,
   setActiveEmbeddedRun,
+  updateActiveEmbeddedRunSnapshot,
 } from "../runs.js";
 import { buildEmbeddedSandboxInfo } from "../sandbox-info.js";
 import { prewarmSessionFile, trackSessionManagerAccess } from "../session-manager-cache.js";
@@ -830,6 +831,7 @@ function extractBalancedJsonPrefix(raw: string): string | null {
 const MAX_TOOLCALL_REPAIR_BUFFER_CHARS = 64_000;
 const MAX_TOOLCALL_REPAIR_TRAILING_CHARS = 3;
 const TOOLCALL_REPAIR_ALLOWED_TRAILING_RE = /^[^\s{}[\]":,\\]{1,3}$/;
+const MAX_BTW_SNAPSHOT_MESSAGES = 100;
 
 function shouldAttemptMalformedToolCallRepair(partialJson: string, delta: string): boolean {
   if (/[}\]]/.test(delta)) {
@@ -2376,6 +2378,8 @@ export async function runEmbeddedAttempt(
               `runId=${params.runId} sessionId=${params.sessionId}`,
           );
         }
+        const transcriptLeafId =
+          (sessionManager.getLeafEntry() as { id?: string } | null | undefined)?.id ?? null;
 
         try {
           // Idempotent cleanup for legacy sessions with persisted image payloads.
@@ -2454,6 +2458,13 @@ export async function runEmbeddedAttempt(
               });
           }
 
+          const btwSnapshotMessages = activeSession.messages.slice(-MAX_BTW_SNAPSHOT_MESSAGES);
+          updateActiveEmbeddedRunSnapshot(params.sessionId, {
+            transcriptLeafId,
+            messages: btwSnapshotMessages,
+            inFlightPrompt: effectivePrompt,
+          });
+
           // Only pass images option if there are actually images to pass
           // This avoids potential issues with models that don't expect the images parameter
           if (imageResult.images.length > 0) {
diff --git a/src/agents/pi-embedded-runner/run/compaction-retry-aggregate-timeout.test.ts b/src/agents/pi-embedded-runner/run/compaction-retry-aggregate-timeout.test.ts
index 9a38127c84a..5e1088c3155 100644
--- a/src/agents/pi-embedded-runner/run/compaction-retry-aggregate-timeout.test.ts
+++ b/src/agents/pi-embedded-runner/run/compaction-retry-aggregate-timeout.test.ts
@@ -1,10 +1,28 @@
 import { describe, expect, it, vi } from "vitest";
 import { waitForCompactionRetryWithAggregateTimeout } from "./compaction-retry-aggregate-timeout.js";
 
+async function withFakeTimers(run: () => Promise<void>) {
+  vi.useFakeTimers();
+  try {
+    await run();
+  } finally {
+    await vi.runOnlyPendingTimersAsync();
+    vi.useRealTimers();
+  }
+}
+
+function expectClearedTimeoutState(onTimeout: ReturnType<typeof vi.fn>, timedOut: boolean) {
+  if (timedOut) {
+    expect(onTimeout).toHaveBeenCalledTimes(1);
+  } else {
+    expect(onTimeout).not.toHaveBeenCalled();
+  }
+  expect(vi.getTimerCount()).toBe(0);
+}
+
 describe("waitForCompactionRetryWithAggregateTimeout", () => {
   it("times out and fires callback when compaction retry never resolves", async () => {
-    vi.useFakeTimers();
-    try {
+    await withFakeTimers(async () => {
       const onTimeout = vi.fn();
       const waitForCompactionRetry = vi.fn(async () => await new Promise<void>(() => {}));
 
@@ -19,17 +37,12 @@ describe("waitForCompactionRetryWithAggregateTimeout", () => {
       const result = await resultPromise;
 
       expect(result.timedOut).toBe(true);
-      expect(onTimeout).toHaveBeenCalledTimes(1);
-      expect(vi.getTimerCount()).toBe(0);
-    } finally {
-      await vi.runOnlyPendingTimersAsync();
-      vi.useRealTimers();
-    }
+      expectClearedTimeoutState(onTimeout, true);
+    });
   });
 
   it("keeps waiting while compaction remains in flight", async () => {
-    vi.useFakeTimers();
-    try {
+    await withFakeTimers(async () => {
       const onTimeout = vi.fn();
       let compactionInFlight = true;
       const waitForCompactionRetry = vi.fn(
@@ -54,17 +67,12 @@ describe("waitForCompactionRetryWithAggregateTimeout", () => {
       const result = await resultPromise;
 
       expect(result.timedOut).toBe(false);
-      expect(onTimeout).not.toHaveBeenCalled();
-      expect(vi.getTimerCount()).toBe(0);
-    } finally {
-      await vi.runOnlyPendingTimersAsync();
-      vi.useRealTimers();
-    }
+      expectClearedTimeoutState(onTimeout, false);
+    });
   });
 
   it("times out after an idle timeout window", async () => {
-    vi.useFakeTimers();
-    try {
+    await withFakeTimers(async () => {
       const onTimeout = vi.fn();
       let compactionInFlight = true;
       const waitForCompactionRetry = vi.fn(async () => await new Promise<void>(() => {}));
@@ -84,17 +92,12 @@ describe("waitForCompactionRetryWithAggregateTimeout", () => {
       const result = await resultPromise;
 
       expect(result.timedOut).toBe(true);
-      expect(onTimeout).toHaveBeenCalledTimes(1);
-      expect(vi.getTimerCount()).toBe(0);
-    } finally {
-      await vi.runOnlyPendingTimersAsync();
-      vi.useRealTimers();
-    }
+      expectClearedTimeoutState(onTimeout, true);
+    });
   });
 
   it("does not time out when compaction retry resolves", async () => {
-    vi.useFakeTimers();
-    try {
+    await withFakeTimers(async () => {
       const onTimeout = vi.fn();
       const waitForCompactionRetry = vi.fn(async () => {});
 
@@ -106,17 +109,12 @@ describe("waitForCompactionRetryWithAggregateTimeout", () => {
       });
 
       expect(result.timedOut).toBe(false);
-      expect(onTimeout).not.toHaveBeenCalled();
-      expect(vi.getTimerCount()).toBe(0);
-    } finally {
-      await vi.runOnlyPendingTimersAsync();
-      vi.useRealTimers();
-    }
+      expectClearedTimeoutState(onTimeout, false);
+    });
   });
 
   it("propagates abort errors from abortable and clears timer", async () => {
-    vi.useFakeTimers();
-    try {
+    await withFakeTimers(async () => {
       const abortError = new Error("aborted");
       abortError.name = "AbortError";
       const onTimeout = vi.fn();
@@ -133,11 +131,7 @@ describe("waitForCompactionRetryWithAggregateTimeout", () => {
         }),
       ).rejects.toThrow("aborted");
 
-      expect(onTimeout).not.toHaveBeenCalled();
-      expect(vi.getTimerCount()).toBe(0);
-    } finally {
-      await vi.runOnlyPendingTimersAsync();
-      vi.useRealTimers();
-    }
+      expectClearedTimeoutState(onTimeout, false);
+    });
   });
 });
diff --git a/src/agents/pi-embedded-runner/run/images.ts b/src/agents/pi-embedded-runner/run/images.ts
index caf78f739ba..a1899bb99af 100644
--- a/src/agents/pi-embedded-runner/run/images.ts
+++ b/src/agents/pi-embedded-runner/run/images.ts
@@ -1,8 +1,8 @@
 import path from "node:path";
 import { fileURLToPath } from "node:url";
 import type { ImageContent } from "@mariozechner/pi-ai";
+import { loadWebMedia } from "../../../../extensions/whatsapp/src/media.js";
 import { resolveUserPath } from "../../../utils.js";
-import { loadWebMedia } from "../../../web/media.js";
 import type { ImageSanitizationLimits } from "../../image-sanitization.js";
 import {
   createSandboxBridgeReadFile,
diff --git a/src/agents/pi-embedded-runner/runs.test.ts b/src/agents/pi-embedded-runner/runs.test.ts
index d9bf90f961d..3a4eb6d3743 100644
--- a/src/agents/pi-embedded-runner/runs.test.ts
+++ b/src/agents/pi-embedded-runner/runs.test.ts
@@ -4,7 +4,9 @@ import {
   __testing,
   abortEmbeddedPiRun,
   clearActiveEmbeddedRun,
+  getActiveEmbeddedRunSnapshot,
   setActiveEmbeddedRun,
+  updateActiveEmbeddedRunSnapshot,
   waitForActiveEmbeddedRuns,
 } from "./runs.js";
 
@@ -137,4 +139,28 @@ describe("pi-embedded runner run registry", () => {
       runsB.__testing.resetActiveEmbeddedRuns();
     }
   });
+
+  it("tracks and clears per-session transcript snapshots for active runs", () => {
+    const handle = {
+      queueMessage: async () => {},
+      isStreaming: () => true,
+      isCompacting: () => false,
+      abort: vi.fn(),
+    };
+
+    setActiveEmbeddedRun("session-snapshot", handle);
+    updateActiveEmbeddedRunSnapshot("session-snapshot", {
+      transcriptLeafId: "assistant-1",
+      messages: [{ role: "user", content: [{ type: "text", text: "hello" }], timestamp: 1 }],
+      inFlightPrompt: "keep going",
+    });
+    expect(getActiveEmbeddedRunSnapshot("session-snapshot")).toEqual({
+      transcriptLeafId: "assistant-1",
+      messages: [{ role: "user", content: [{ type: "text", text: "hello" }], timestamp: 1 }],
+      inFlightPrompt: "keep going",
+    });
+
+    clearActiveEmbeddedRun("session-snapshot", handle);
+    expect(getActiveEmbeddedRunSnapshot("session-snapshot")).toBeUndefined();
+  });
 });
diff --git a/src/agents/pi-embedded-runner/runs.ts b/src/agents/pi-embedded-runner/runs.ts
index 0d4cecc8372..d0a3d1063c7 100644
--- a/src/agents/pi-embedded-runner/runs.ts
+++ b/src/agents/pi-embedded-runner/runs.ts
@@ -12,6 +12,12 @@ type EmbeddedPiQueueHandle = {
   abort: () => void;
 };
 
+export type ActiveEmbeddedRunSnapshot = {
+  transcriptLeafId: string | null;
+  messages?: unknown[];
+  inFlightPrompt?: string;
+};
+
 type EmbeddedRunWaiter = {
   resolve: (ended: boolean) => void;
   timer: NodeJS.Timeout;
@@ -25,9 +31,11 @@ const EMBEDDED_RUN_STATE_KEY = Symbol.for("openclaw.embeddedRunState");
 
 const embeddedRunState = resolveGlobalSingleton(EMBEDDED_RUN_STATE_KEY, () => ({
   activeRuns: new Map<string, EmbeddedPiQueueHandle>(),
+  snapshots: new Map<string, ActiveEmbeddedRunSnapshot>(),
   waiters: new Map<string, Set<EmbeddedRunWaiter>>(),
 }));
 const ACTIVE_EMBEDDED_RUNS = embeddedRunState.activeRuns;
+const ACTIVE_EMBEDDED_RUN_SNAPSHOTS = embeddedRunState.snapshots;
 const EMBEDDED_RUN_WAITERS = embeddedRunState.waiters;
 
 export function queueEmbeddedPiMessage(sessionId: string, text: string): boolean {
@@ -135,6 +143,12 @@ export function getActiveEmbeddedRunCount(): number {
   return ACTIVE_EMBEDDED_RUNS.size;
 }
 
+export function getActiveEmbeddedRunSnapshot(
+  sessionId: string,
+): ActiveEmbeddedRunSnapshot | undefined {
+  return ACTIVE_EMBEDDED_RUN_SNAPSHOTS.get(sessionId);
+}
+
 /**
  * Wait for active embedded runs to drain.
  *
@@ -230,6 +244,16 @@ export function setActiveEmbeddedRun(
   }
 }
 
+export function updateActiveEmbeddedRunSnapshot(
+  sessionId: string,
+  snapshot: ActiveEmbeddedRunSnapshot,
+) {
+  if (!ACTIVE_EMBEDDED_RUNS.has(sessionId)) {
+    return;
+  }
+  ACTIVE_EMBEDDED_RUN_SNAPSHOTS.set(sessionId, snapshot);
+}
+
 export function clearActiveEmbeddedRun(
   sessionId: string,
   handle: EmbeddedPiQueueHandle,
@@ -237,6 +261,7 @@ export function clearActiveEmbeddedRun(
 ) {
   if (ACTIVE_EMBEDDED_RUNS.get(sessionId) === handle) {
     ACTIVE_EMBEDDED_RUNS.delete(sessionId);
+    ACTIVE_EMBEDDED_RUN_SNAPSHOTS.delete(sessionId);
     logSessionStateChange({ sessionId, sessionKey, state: "idle", reason: "run_completed" });
     if (!sessionId.startsWith("probe-")) {
       diag.debug(`run cleared: sessionId=${sessionId} totalActive=${ACTIVE_EMBEDDED_RUNS.size}`);
@@ -257,6 +282,7 @@ export const __testing = {
     }
     EMBEDDED_RUN_WAITERS.clear();
     ACTIVE_EMBEDDED_RUNS.clear();
+    ACTIVE_EMBEDDED_RUN_SNAPSHOTS.clear();
   },
 };
 
diff --git a/src/agents/pi-embedded-runner/tool-result-char-estimator.ts b/src/agents/pi-embedded-runner/tool-result-char-estimator.ts
index 16bdc5e43eb..6d022d62289 100644
--- a/src/agents/pi-embedded-runner/tool-result-char-estimator.ts
+++ b/src/agents/pi-embedded-runner/tool-result-char-estimator.ts
@@ -46,6 +46,20 @@ function getToolResultContent(msg: AgentMessage): unknown[] {
   return Array.isArray(content) ? content : [];
 }
 
+function estimateContentBlockChars(content: unknown[]): number {
+  let chars = 0;
+  for (const block of content) {
+    if (isTextBlock(block)) {
+      chars += block.text.length;
+    } else if (isImageBlock(block)) {
+      chars += IMAGE_CHAR_ESTIMATE;
+    } else {
+      chars += estimateUnknownChars(block);
+    }
+  }
+  return chars;
+}
+
 export function getToolResultText(msg: AgentMessage): string {
   const content = getToolResultContent(msg);
   const chunks: string[] = [];
@@ -67,19 +81,10 @@ function estimateMessageChars(msg: AgentMessage): number {
     if (typeof content === "string") {
       return content.length;
     }
-    let chars = 0;
     if (Array.isArray(content)) {
-      for (const block of content) {
-        if (isTextBlock(block)) {
-          chars += block.text.length;
-        } else if (isImageBlock(block)) {
-          chars += IMAGE_CHAR_ESTIMATE;
-        } else {
-          chars += estimateUnknownChars(block);
-        }
-      }
+      return estimateContentBlockChars(content);
     }
-    return chars;
+    return 0;
   }
 
   if (msg.role === "assistant") {
@@ -115,17 +120,8 @@ function estimateMessageChars(msg: AgentMessage): number {
   }
 
   if (isToolResultMessage(msg)) {
-    let chars = 0;
     const content = getToolResultContent(msg);
-    for (const block of content) {
-      if (isTextBlock(block)) {
-        chars += block.text.length;
-      } else if (isImageBlock(block)) {
-        chars += IMAGE_CHAR_ESTIMATE;
-      } else {
-        chars += estimateUnknownChars(block);
-      }
-    }
+    let chars = estimateContentBlockChars(content);
     const details = (msg as { details?: unknown }).details;
     chars += estimateUnknownChars(details);
     const weightedChars = Math.ceil(
diff --git a/src/agents/pi-tools.create-openclaw-coding-tools.adds-claude-style-aliases-schemas-without-dropping.test.ts b/src/agents/pi-tools.create-openclaw-coding-tools.adds-claude-style-aliases-schemas-without-dropping.test.ts
index 5a7cb72ccb7..ed705842ada 100644
--- a/src/agents/pi-tools.create-openclaw-coding-tools.adds-claude-style-aliases-schemas-without-dropping.test.ts
+++ b/src/agents/pi-tools.create-openclaw-coding-tools.adds-claude-style-aliases-schemas-without-dropping.test.ts
@@ -160,7 +160,8 @@ describe("createOpenClawCodingTools", () => {
   it("mentions Chrome extension relay in browser tool description", () => {
     const browser = createBrowserTool();
     expect(browser.description).toMatch(/Chrome extension/i);
-    expect(browser.description).toMatch(/profile="chrome"/i);
+    expect(browser.description).toMatch(/profile="user"/i);
+    expect(browser.description).toMatch(/profile="chrome-relay"/i);
   });
   it("keeps browser tool schema properties after normalization", () => {
     const browser = defaultTools.find((tool) => tool.name === "browser");
diff --git a/src/agents/sandbox/fs-bridge-path-safety.ts b/src/agents/sandbox/fs-bridge-path-safety.ts
index 9ca4c52e537..83fa4149974 100644
--- a/src/agents/sandbox/fs-bridge-path-safety.ts
+++ b/src/agents/sandbox/fs-bridge-path-safety.ts
@@ -87,6 +87,26 @@ export class SandboxFsPathGuard {
     return lexicalMount;
   }
 
+  private finalizePinnedEntry(params: {
+    mount: SandboxFsMount;
+    parentPath: string;
+    basename: string;
+    targetPath: string;
+    action: string;
+  }): PinnedSandboxEntry {
+    const relativeParentPath = path.posix.relative(params.mount.containerRoot, params.parentPath);
+    if (relativeParentPath.startsWith("..") || path.posix.isAbsolute(relativeParentPath)) {
+      throw new Error(
+        `Sandbox path escapes allowed mounts; cannot ${params.action}: ${params.targetPath}`,
+      );
+    }
+    return {
+      mountRootPath: params.mount.containerRoot,
+      relativeParentPath: relativeParentPath === "." ? "" : relativeParentPath,
+      basename: params.basename,
+    };
+  }
+
   private async assertGuardedPathSafety(
     target: SandboxResolvedFsPath,
     options: PathSafetyOptions,
@@ -146,17 +166,13 @@ export class SandboxFsPathGuard {
     }
     const parentPath = normalizeContainerPath(path.posix.dirname(target.containerPath));
     const mount = this.resolveRequiredMount(parentPath, action);
-    const relativeParentPath = path.posix.relative(mount.containerRoot, parentPath);
-    if (relativeParentPath.startsWith("..") || path.posix.isAbsolute(relativeParentPath)) {
-      throw new Error(
-        `Sandbox path escapes allowed mounts; cannot ${action}: ${target.containerPath}`,
-      );
-    }
-    return {
-      mountRootPath: mount.containerRoot,
-      relativeParentPath: relativeParentPath === "." ? "" : relativeParentPath,
+    return this.finalizePinnedEntry({
+      mount,
+      parentPath,
       basename,
-    };
+      targetPath: target.containerPath,
+      action,
+    });
   }
 
   async resolveAnchoredSandboxEntry(
@@ -185,20 +201,13 @@ export class SandboxFsPathGuard {
   ): Promise<PinnedSandboxEntry> {
     const anchoredTarget = await this.resolveAnchoredSandboxEntry(target, action);
     const mount = this.resolveRequiredMount(anchoredTarget.canonicalParentPath, action);
-    const relativeParentPath = path.posix.relative(
-      mount.containerRoot,
-      anchoredTarget.canonicalParentPath,
-    );
-    if (relativeParentPath.startsWith("..") || path.posix.isAbsolute(relativeParentPath)) {
-      throw new Error(
-        `Sandbox path escapes allowed mounts; cannot ${action}: ${target.containerPath}`,
-      );
-    }
-    return {
-      mountRootPath: mount.containerRoot,
-      relativeParentPath: relativeParentPath === "." ? "" : relativeParentPath,
+    return this.finalizePinnedEntry({
+      mount,
+      parentPath: anchoredTarget.canonicalParentPath,
       basename: anchoredTarget.basename,
-    };
+      targetPath: target.containerPath,
+      action,
+    });
   }
 
   resolvePinnedDirectoryEntry(
diff --git a/src/agents/sandbox/fs-bridge.anchored-ops.test.ts b/src/agents/sandbox/fs-bridge.anchored-ops.test.ts
index 48e7e9e23f8..f92e99cc3c6 100644
--- a/src/agents/sandbox/fs-bridge.anchored-ops.test.ts
+++ b/src/agents/sandbox/fs-bridge.anchored-ops.test.ts
@@ -4,6 +4,7 @@ import { describe, expect, it } from "vitest";
 import {
   createSandbox,
   createSandboxFsBridge,
+  createSeededSandboxFsBridge,
   dockerExecResult,
   findCallsByScriptFragment,
   findCallByDockerArg,
@@ -103,17 +104,7 @@ describe("sandbox fs bridge anchored ops", () => {
 
   it.each(pinnedCases)("$name", async (testCase) => {
     await withTempDir("openclaw-fs-bridge-contract-write-", async (stateDir) => {
-      const workspaceDir = path.join(stateDir, "workspace");
-      await fs.mkdir(path.join(workspaceDir, "nested"), { recursive: true });
-      await fs.writeFile(path.join(workspaceDir, "from.txt"), "hello", "utf8");
-      await fs.writeFile(path.join(workspaceDir, "nested", "file.txt"), "bye", "utf8");
-
-      const bridge = createSandboxFsBridge({
-        sandbox: createSandbox({
-          workspaceDir,
-          agentWorkspaceDir: workspaceDir,
-        }),
-      });
+      const { bridge } = await createSeededSandboxFsBridge(stateDir);
 
       await testCase.invoke(bridge);
 
diff --git a/src/agents/sandbox/fs-bridge.shell.test.ts b/src/agents/sandbox/fs-bridge.shell.test.ts
index 1685759ad38..1e870ef0268 100644
--- a/src/agents/sandbox/fs-bridge.shell.test.ts
+++ b/src/agents/sandbox/fs-bridge.shell.test.ts
@@ -4,6 +4,7 @@ import { describe, expect, it } from "vitest";
 import {
   createSandbox,
   createSandboxFsBridge,
+  createSeededSandboxFsBridge,
   getScriptsFromCalls,
   installFsBridgeTestHarness,
   mockedExecDockerRaw,
@@ -140,16 +141,8 @@ describe("sandbox fs bridge shell compatibility", () => {
 
   it("routes mkdirp, remove, and rename through the pinned mutation helper", async () => {
     await withTempDir("openclaw-fs-bridge-shell-write-", async (stateDir) => {
-      const workspaceDir = path.join(stateDir, "workspace");
-      await fs.mkdir(path.join(workspaceDir, "nested"), { recursive: true });
-      await fs.writeFile(path.join(workspaceDir, "a.txt"), "hello", "utf8");
-      await fs.writeFile(path.join(workspaceDir, "nested", "file.txt"), "bye", "utf8");
-
-      const bridge = createSandboxFsBridge({
-        sandbox: createSandbox({
-          workspaceDir,
-          agentWorkspaceDir: workspaceDir,
-        }),
+      const { bridge } = await createSeededSandboxFsBridge(stateDir, {
+        rootFileName: "a.txt",
       });
 
       await bridge.mkdirp({ filePath: "nested" });
diff --git a/src/agents/sandbox/fs-bridge.test-helpers.ts b/src/agents/sandbox/fs-bridge.test-helpers.ts
index 87a184154af..0747371478d 100644
--- a/src/agents/sandbox/fs-bridge.test-helpers.ts
+++ b/src/agents/sandbox/fs-bridge.test-helpers.ts
@@ -79,6 +79,36 @@ export function createSandbox(overrides?: Partial<SandboxContext>): SandboxConte
   });
 }
 
+export async function createSeededSandboxFsBridge(
+  stateDir: string,
+  params?: {
+    rootFileName?: string;
+    rootContents?: string;
+    nestedFileName?: string;
+    nestedContents?: string;
+  },
+) {
+  const workspaceDir = path.join(stateDir, "workspace");
+  await fs.mkdir(path.join(workspaceDir, "nested"), { recursive: true });
+  await fs.writeFile(
+    path.join(workspaceDir, params?.rootFileName ?? "from.txt"),
+    params?.rootContents ?? "hello",
+    "utf8",
+  );
+  await fs.writeFile(
+    path.join(workspaceDir, "nested", params?.nestedFileName ?? "file.txt"),
+    params?.nestedContents ?? "bye",
+    "utf8",
+  );
+  const bridge = createSandboxFsBridge({
+    sandbox: createSandbox({
+      workspaceDir,
+      agentWorkspaceDir: workspaceDir,
+    }),
+  });
+  return { workspaceDir, bridge };
+}
+
 export async function withTempDir<T>(
   prefix: string,
   run: (stateDir: string) => Promise<T>,
diff --git a/src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.test.ts b/src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.test.ts
index 0ee8a39a0b0..1f4da5163e1 100644
--- a/src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.test.ts
+++ b/src/agents/skills.build-workspace-skills-prompt.syncs-merged-skills-into-target-workspace.test.ts
@@ -25,6 +25,33 @@ async function createCaseDir(prefix: string): Promise<string> {
   return dir;
 }
 
+async function syncSourceSkillsToTarget(sourceWorkspace: string, targetWorkspace: string) {
+  await withEnv({ HOME: sourceWorkspace, PATH: "" }, () =>
+    syncSkillsToWorkspace({
+      sourceWorkspaceDir: sourceWorkspace,
+      targetWorkspaceDir: targetWorkspace,
+      bundledSkillsDir: path.join(sourceWorkspace, ".bundled"),
+      managedSkillsDir: path.join(sourceWorkspace, ".managed"),
+    }),
+  );
+}
+
+async function expectSyncedSkillConfinement(params: {
+  sourceWorkspace: string;
+  targetWorkspace: string;
+  safeSkillDirName: string;
+  escapedDest: string;
+}) {
+  expect(await pathExists(params.escapedDest)).toBe(false);
+  await syncSourceSkillsToTarget(params.sourceWorkspace, params.targetWorkspace);
+  expect(
+    await pathExists(
+      path.join(params.targetWorkspace, "skills", params.safeSkillDirName, "SKILL.md"),
+    ),
+  ).toBe(true);
+  expect(await pathExists(params.escapedDest)).toBe(false);
+}
+
 beforeAll(async () => {
   fixtureRoot = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-skills-sync-suite-"));
   syncSourceTemplateDir = await createCaseDir("source-template");
@@ -115,14 +142,7 @@ describe("buildWorkspaceSkillsPrompt", () => {
         "dir",
       );
 
-      await withEnv({ HOME: sourceWorkspace, PATH: "" }, () =>
-        syncSkillsToWorkspace({
-          sourceWorkspaceDir: sourceWorkspace,
-          targetWorkspaceDir: targetWorkspace,
-          bundledSkillsDir: path.join(sourceWorkspace, ".bundled"),
-          managedSkillsDir: path.join(sourceWorkspace, ".managed"),
-        }),
-      );
+      await syncSourceSkillsToTarget(sourceWorkspace, targetWorkspace);
 
       const prompt = buildPrompt(targetWorkspace, {
         bundledSkillsDir: path.join(targetWorkspace, ".bundled"),
@@ -151,21 +171,12 @@ describe("buildWorkspaceSkillsPrompt", () => {
     expect(path.relative(path.join(targetWorkspace, "skills"), escapedDest).startsWith("..")).toBe(
       true,
     );
-    expect(await pathExists(escapedDest)).toBe(false);
-
-    await withEnv({ HOME: sourceWorkspace, PATH: "" }, () =>
-      syncSkillsToWorkspace({
-        sourceWorkspaceDir: sourceWorkspace,
-        targetWorkspaceDir: targetWorkspace,
-        bundledSkillsDir: path.join(sourceWorkspace, ".bundled"),
-        managedSkillsDir: path.join(sourceWorkspace, ".managed"),
-      }),
-    );
-
-    expect(
-      await pathExists(path.join(targetWorkspace, "skills", "safe-traversal-skill", "SKILL.md")),
-    ).toBe(true);
-    expect(await pathExists(escapedDest)).toBe(false);
+    await expectSyncedSkillConfinement({
+      sourceWorkspace,
+      targetWorkspace,
+      safeSkillDirName: "safe-traversal-skill",
+      escapedDest,
+    });
   });
   it("keeps synced skills confined under target workspace when frontmatter name is absolute", async () => {
     const sourceWorkspace = await createCaseDir("source");
@@ -180,21 +191,12 @@ describe("buildWorkspaceSkillsPrompt", () => {
       description: "Absolute skill",
     });
 
-    expect(await pathExists(absoluteDest)).toBe(false);
-
-    await withEnv({ HOME: sourceWorkspace, PATH: "" }, () =>
-      syncSkillsToWorkspace({
-        sourceWorkspaceDir: sourceWorkspace,
-        targetWorkspaceDir: targetWorkspace,
-        bundledSkillsDir: path.join(sourceWorkspace, ".bundled"),
-        managedSkillsDir: path.join(sourceWorkspace, ".managed"),
-      }),
-    );
-
-    expect(
-      await pathExists(path.join(targetWorkspace, "skills", "safe-absolute-skill", "SKILL.md")),
-    ).toBe(true);
-    expect(await pathExists(absoluteDest)).toBe(false);
+    await expectSyncedSkillConfinement({
+      sourceWorkspace,
+      targetWorkspace,
+      safeSkillDirName: "safe-absolute-skill",
+      escapedDest: absoluteDest,
+    });
   });
   it("filters skills based on env/config gates", async () => {
     const workspaceDir = await createCaseDir("workspace");
diff --git a/src/agents/skills.buildworkspaceskillsnapshot.test.ts b/src/agents/skills.buildworkspaceskillsnapshot.test.ts
index aec0da8b49a..1292841ed13 100644
--- a/src/agents/skills.buildworkspaceskillsnapshot.test.ts
+++ b/src/agents/skills.buildworkspaceskillsnapshot.test.ts
@@ -43,22 +43,44 @@ function withWorkspaceHome<T>(workspaceDir: string, cb: () => T): T {
   return withEnv({ HOME: workspaceDir, PATH: "" }, cb);
 }
 
+function buildSnapshot(
+  workspaceDir: string,
+  options?: Parameters<typeof buildWorkspaceSkillSnapshot>[1],
+) {
+  return withWorkspaceHome(workspaceDir, () =>
+    buildWorkspaceSkillSnapshot(workspaceDir, {
+      managedSkillsDir: path.join(workspaceDir, ".managed"),
+      bundledSkillsDir: path.join(workspaceDir, ".bundled"),
+      ...options,
+    }),
+  );
+}
+
 async function cloneTemplateDir(templateDir: string, prefix: string): Promise<string> {
   const cloned = await fixtureSuite.createCaseDir(prefix);
   await fs.cp(templateDir, cloned, { recursive: true });
   return cloned;
 }
 
+function expectSnapshotNamesAndPrompt(
+  snapshot: ReturnType<typeof buildWorkspaceSkillSnapshot>,
+  params: { contains?: string[]; omits?: string[] },
+) {
+  for (const name of params.contains ?? []) {
+    expect(snapshot.skills.map((skill) => skill.name)).toContain(name);
+    expect(snapshot.prompt).toContain(name);
+  }
+  for (const name of params.omits ?? []) {
+    expect(snapshot.skills.map((skill) => skill.name)).not.toContain(name);
+    expect(snapshot.prompt).not.toContain(name);
+  }
+}
+
 describe("buildWorkspaceSkillSnapshot", () => {
   it("returns an empty snapshot when skills dirs are missing", async () => {
     const workspaceDir = await fixtureSuite.createCaseDir("workspace");
 
-    const snapshot = withWorkspaceHome(workspaceDir, () =>
-      buildWorkspaceSkillSnapshot(workspaceDir, {
-        managedSkillsDir: path.join(workspaceDir, ".managed"),
-        bundledSkillsDir: path.join(workspaceDir, ".bundled"),
-      }),
-    );
+    const snapshot = buildSnapshot(workspaceDir);
 
     expect(snapshot.prompt).toBe("");
     expect(snapshot.skills).toEqual([]);
@@ -78,12 +100,7 @@ describe("buildWorkspaceSkillSnapshot", () => {
       frontmatterExtra: "disable-model-invocation: true",
     });
 
-    const snapshot = withWorkspaceHome(workspaceDir, () =>
-      buildWorkspaceSkillSnapshot(workspaceDir, {
-        managedSkillsDir: path.join(workspaceDir, ".managed"),
-        bundledSkillsDir: path.join(workspaceDir, ".bundled"),
-      }),
-    );
+    const snapshot = buildSnapshot(workspaceDir);
 
     expect(snapshot.prompt).toContain("visible-skill");
     expect(snapshot.prompt).not.toContain("hidden-skill");
@@ -204,24 +221,20 @@ describe("buildWorkspaceSkillSnapshot", () => {
       body: "x".repeat(5_000),
     });
 
-    const snapshot = withWorkspaceHome(workspaceDir, () =>
-      buildWorkspaceSkillSnapshot(workspaceDir, {
-        config: {
-          skills: {
-            limits: {
-              maxSkillFileBytes: 1000,
-            },
+    const snapshot = buildSnapshot(workspaceDir, {
+      config: {
+        skills: {
+          limits: {
+            maxSkillFileBytes: 1000,
           },
         },
-        managedSkillsDir: path.join(workspaceDir, ".managed"),
-        bundledSkillsDir: path.join(workspaceDir, ".bundled"),
-      }),
-    );
+      },
+    });
 
-    expect(snapshot.skills.map((s) => s.name)).toContain("small-skill");
-    expect(snapshot.skills.map((s) => s.name)).not.toContain("big-skill");
-    expect(snapshot.prompt).toContain("small-skill");
-    expect(snapshot.prompt).not.toContain("big-skill");
+    expectSnapshotNamesAndPrompt(snapshot, {
+      contains: ["small-skill"],
+      omits: ["big-skill"],
+    });
   });
 
   it("detects nested skills roots beyond the first 25 entries", async () => {
@@ -241,26 +254,23 @@ describe("buildWorkspaceSkillSnapshot", () => {
       description: "Nested skill discovered late",
     });
 
-    const snapshot = withWorkspaceHome(workspaceDir, () =>
-      buildWorkspaceSkillSnapshot(workspaceDir, {
-        config: {
-          skills: {
-            load: {
-              extraDirs: [repoDir],
-            },
-            limits: {
-              maxCandidatesPerRoot: 30,
-              maxSkillsLoadedPerSource: 30,
-            },
+    const snapshot = buildSnapshot(workspaceDir, {
+      config: {
+        skills: {
+          load: {
+            extraDirs: [repoDir],
+          },
+          limits: {
+            maxCandidatesPerRoot: 30,
+            maxSkillsLoadedPerSource: 30,
           },
         },
-        managedSkillsDir: path.join(workspaceDir, ".managed"),
-        bundledSkillsDir: path.join(workspaceDir, ".bundled"),
-      }),
-    );
+      },
+    });
 
-    expect(snapshot.skills.map((s) => s.name)).toContain("late-skill");
-    expect(snapshot.prompt).toContain("late-skill");
+    expectSnapshotNamesAndPrompt(snapshot, {
+      contains: ["late-skill"],
+    });
   });
 
   it("enforces maxSkillFileBytes for root-level SKILL.md", async () => {
@@ -274,24 +284,21 @@ describe("buildWorkspaceSkillSnapshot", () => {
       body: "x".repeat(5_000),
     });
 
-    const snapshot = withWorkspaceHome(workspaceDir, () =>
-      buildWorkspaceSkillSnapshot(workspaceDir, {
-        config: {
-          skills: {
-            load: {
-              extraDirs: [rootSkillDir],
-            },
-            limits: {
-              maxSkillFileBytes: 1000,
-            },
+    const snapshot = buildSnapshot(workspaceDir, {
+      config: {
+        skills: {
+          load: {
+            extraDirs: [rootSkillDir],
+          },
+          limits: {
+            maxSkillFileBytes: 1000,
           },
         },
-        managedSkillsDir: path.join(workspaceDir, ".managed"),
-        bundledSkillsDir: path.join(workspaceDir, ".bundled"),
-      }),
-    );
+      },
+    });
 
-    expect(snapshot.skills.map((s) => s.name)).not.toContain("root-big-skill");
-    expect(snapshot.prompt).not.toContain("root-big-skill");
+    expectSnapshotNamesAndPrompt(snapshot, {
+      omits: ["root-big-skill"],
+    });
   });
 });
diff --git a/src/agents/skills.test.ts b/src/agents/skills.test.ts
index 394f476ffa8..c5c8c2077d9 100644
--- a/src/agents/skills.test.ts
+++ b/src/agents/skills.test.ts
@@ -49,6 +49,16 @@ const withClearedEnv = <T>(
   }
 };
 
+async function writeEnvSkill(workspaceDir: string) {
+  const skillDir = path.join(workspaceDir, "skills", "env-skill");
+  await writeSkill({
+    dir: skillDir,
+    name: "env-skill",
+    description: "Needs env",
+    metadata: '{"openclaw":{"requires":{"env":["ENV_KEY"]},"primaryEnv":"ENV_KEY"}}',
+  });
+}
+
 beforeAll(async () => {
   await fixtureSuite.setup();
   tempHome = await createTempHomeEnv("openclaw-skills-home-");
@@ -240,13 +250,7 @@ describe("buildWorkspaceSkillsPrompt", () => {
 describe("applySkillEnvOverrides", () => {
   it("sets and restores env vars", async () => {
     const workspaceDir = await makeWorkspace();
-    const skillDir = path.join(workspaceDir, "skills", "env-skill");
-    await writeSkill({
-      dir: skillDir,
-      name: "env-skill",
-      description: "Needs env",
-      metadata: '{"openclaw":{"requires":{"env":["ENV_KEY"]},"primaryEnv":"ENV_KEY"}}',
-    });
+    await writeEnvSkill(workspaceDir);
 
     const entries = loadWorkspaceSkillEntries(workspaceDir, resolveTestSkillDirs(workspaceDir));
 
@@ -269,13 +273,7 @@ describe("applySkillEnvOverrides", () => {
 
   it("keeps env keys tracked until all overlapping overrides restore", async () => {
     const workspaceDir = await makeWorkspace();
-    const skillDir = path.join(workspaceDir, "skills", "env-skill");
-    await writeSkill({
-      dir: skillDir,
-      name: "env-skill",
-      description: "Needs env",
-      metadata: '{"openclaw":{"requires":{"env":["ENV_KEY"]},"primaryEnv":"ENV_KEY"}}',
-    });
+    await writeEnvSkill(workspaceDir);
 
     const entries = loadWorkspaceSkillEntries(workspaceDir, resolveTestSkillDirs(workspaceDir));
 
@@ -301,13 +299,7 @@ describe("applySkillEnvOverrides", () => {
 
   it("applies env overrides from snapshots", async () => {
     const workspaceDir = await makeWorkspace();
-    const skillDir = path.join(workspaceDir, "skills", "env-skill");
-    await writeSkill({
-      dir: skillDir,
-      name: "env-skill",
-      description: "Needs env",
-      metadata: '{"openclaw":{"requires":{"env":["ENV_KEY"]},"primaryEnv":"ENV_KEY"}}',
-    });
+    await writeEnvSkill(workspaceDir);
 
     const snapshot = buildWorkspaceSkillSnapshot(workspaceDir, {
       ...resolveTestSkillDirs(workspaceDir),
diff --git a/src/agents/subagent-announce.timeout.test.ts b/src/agents/subagent-announce.timeout.test.ts
index b003276e56e..5fae988fe73 100644
--- a/src/agents/subagent-announce.timeout.test.ts
+++ b/src/agents/subagent-announce.timeout.test.ts
@@ -120,6 +120,21 @@ function findGatewayCall(predicate: (call: GatewayCall) => boolean): GatewayCall
   return gatewayCalls.find(predicate);
 }
 
+function findFinalDirectAgentCall(): GatewayCall | undefined {
+  return findGatewayCall((call) => call.method === "agent" && call.expectFinal === true);
+}
+
+function setupParentSessionFallback(parentSessionKey: string): void {
+  requesterDepthResolver = (sessionKey?: string) =>
+    sessionKey === parentSessionKey ? 1 : sessionKey?.includes(":subagent:") ? 1 : 0;
+  subagentSessionRunActive = false;
+  shouldIgnorePostCompletion = false;
+  fallbackRequesterResolution = {
+    requesterSessionKey: "agent:main:main",
+    requesterOrigin: { channel: "discord", to: "chan-main", accountId: "acct-main" },
+  };
+}
+
 describe("subagent announce timeout config", () => {
   beforeEach(() => {
     gatewayCalls.length = 0;
@@ -244,9 +259,7 @@ describe("subagent announce timeout config", () => {
       requesterOrigin: { channel: "discord", to: "channel:cron-results", accountId: "acct-1" },
     });
 
-    const directAgentCall = findGatewayCall(
-      (call) => call.method === "agent" && call.expectFinal === true,
-    );
+    const directAgentCall = findFinalDirectAgentCall();
     expect(directAgentCall?.params?.sessionKey).toBe(cronSessionKey);
     expect(directAgentCall?.params?.deliver).toBe(false);
     expect(directAgentCall?.params?.channel).toBeUndefined();
@@ -256,14 +269,7 @@ describe("subagent announce timeout config", () => {
 
   it("regression, routes child announce to parent session instead of grandparent when parent session still exists", async () => {
     const parentSessionKey = "agent:main:subagent:parent";
-    requesterDepthResolver = (sessionKey?: string) =>
-      sessionKey === parentSessionKey ? 1 : sessionKey?.includes(":subagent:") ? 1 : 0;
-    subagentSessionRunActive = false;
-    shouldIgnorePostCompletion = false;
-    fallbackRequesterResolution = {
-      requesterSessionKey: "agent:main:main",
-      requesterOrigin: { channel: "discord", to: "chan-main", accountId: "acct-main" },
-    };
+    setupParentSessionFallback(parentSessionKey);
     // No sessionId on purpose: existence in store should still count as alive.
     sessionStore[parentSessionKey] = { updatedAt: Date.now() };
 
@@ -273,23 +279,14 @@ describe("subagent announce timeout config", () => {
       childSessionKey: `${parentSessionKey}:subagent:child`,
     });
 
-    const directAgentCall = findGatewayCall(
-      (call) => call.method === "agent" && call.expectFinal === true,
-    );
+    const directAgentCall = findFinalDirectAgentCall();
     expect(directAgentCall?.params?.sessionKey).toBe(parentSessionKey);
     expect(directAgentCall?.params?.deliver).toBe(false);
   });
 
   it("regression, falls back to grandparent only when parent subagent session is missing", async () => {
     const parentSessionKey = "agent:main:subagent:parent-missing";
-    requesterDepthResolver = (sessionKey?: string) =>
-      sessionKey === parentSessionKey ? 1 : sessionKey?.includes(":subagent:") ? 1 : 0;
-    subagentSessionRunActive = false;
-    shouldIgnorePostCompletion = false;
-    fallbackRequesterResolution = {
-      requesterSessionKey: "agent:main:main",
-      requesterOrigin: { channel: "discord", to: "chan-main", accountId: "acct-main" },
-    };
+    setupParentSessionFallback(parentSessionKey);
 
     await runAnnounceFlowForTest("run-parent-fallback", {
       requesterSessionKey: parentSessionKey,
@@ -297,9 +294,7 @@ describe("subagent announce timeout config", () => {
       childSessionKey: `${parentSessionKey}:subagent:child`,
     });
 
-    const directAgentCall = findGatewayCall(
-      (call) => call.method === "agent" && call.expectFinal === true,
-    );
+    const directAgentCall = findFinalDirectAgentCall();
     expect(directAgentCall?.params?.sessionKey).toBe("agent:main:main");
     expect(directAgentCall?.params?.deliver).toBe(true);
     expect(directAgentCall?.params?.channel).toBe("discord");
diff --git a/src/agents/subagent-spawn.workspace.test.ts b/src/agents/subagent-spawn.workspace.test.ts
index fef6bc7515c..9955e587c89 100644
--- a/src/agents/subagent-spawn.workspace.test.ts
+++ b/src/agents/subagent-spawn.workspace.test.ts
@@ -1,5 +1,6 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import { spawnSubagentDirect } from "./subagent-spawn.js";
+import { installAcceptedSubagentGatewayMock } from "./test-helpers/subagent-gateway.js";
 
 type TestAgentConfig = {
   id?: string;
@@ -100,20 +101,7 @@ function createConfigOverride(overrides?: Record<string, unknown>) {
 }
 
 function setupGatewayMock() {
-  hoisted.callGatewayMock.mockImplementation(
-    async (opts: { method?: string; params?: Record<string, unknown> }) => {
-      if (opts.method === "sessions.patch") {
-        return { ok: true };
-      }
-      if (opts.method === "sessions.delete") {
-        return { ok: true };
-      }
-      if (opts.method === "agent") {
-        return { runId: "run-1" };
-      }
-      return {};
-    },
-  );
+  installAcceptedSubagentGatewayMock(hoisted.callGatewayMock);
 }
 
 function getRegisteredRun() {
@@ -122,6 +110,27 @@ function getRegisteredRun() {
     | undefined;
 }
 
+async function expectAcceptedWorkspace(params: { agentId: string; expectedWorkspaceDir: string }) {
+  const result = await spawnSubagentDirect(
+    {
+      task: "inspect workspace",
+      agentId: params.agentId,
+    },
+    {
+      agentSessionKey: "agent:main:main",
+      agentChannel: "telegram",
+      agentAccountId: "123",
+      agentTo: "456",
+      workspaceDir: "/tmp/requester-workspace",
+    },
+  );
+
+  expect(result.status).toBe("accepted");
+  expect(getRegisteredRun()).toMatchObject({
+    workspaceDir: params.expectedWorkspaceDir,
+  });
+}
+
 describe("spawnSubagentDirect workspace inheritance", () => {
   beforeEach(() => {
     hoisted.callGatewayMock.mockClear();
@@ -149,44 +158,16 @@ describe("spawnSubagentDirect workspace inheritance", () => {
       },
     });
 
-    const result = await spawnSubagentDirect(
-      {
-        task: "inspect workspace",
-        agentId: "ops",
-      },
-      {
-        agentSessionKey: "agent:main:main",
-        agentChannel: "telegram",
-        agentAccountId: "123",
-        agentTo: "456",
-        workspaceDir: "/tmp/requester-workspace",
-      },
-    );
-
-    expect(result.status).toBe("accepted");
-    expect(getRegisteredRun()).toMatchObject({
-      workspaceDir: "/tmp/workspace-ops",
+    await expectAcceptedWorkspace({
+      agentId: "ops",
+      expectedWorkspaceDir: "/tmp/workspace-ops",
     });
   });
 
   it("preserves the inherited workspace for same-agent spawns", async () => {
-    const result = await spawnSubagentDirect(
-      {
-        task: "inspect workspace",
-        agentId: "main",
-      },
-      {
-        agentSessionKey: "agent:main:main",
-        agentChannel: "telegram",
-        agentAccountId: "123",
-        agentTo: "456",
-        workspaceDir: "/tmp/requester-workspace",
-      },
-    );
-
-    expect(result.status).toBe("accepted");
-    expect(getRegisteredRun()).toMatchObject({
-      workspaceDir: "/tmp/requester-workspace",
+    await expectAcceptedWorkspace({
+      agentId: "main",
+      expectedWorkspaceDir: "/tmp/requester-workspace",
     });
   });
 });
diff --git a/src/agents/test-helpers/subagent-gateway.ts b/src/agents/test-helpers/subagent-gateway.ts
new file mode 100644
index 00000000000..9491d971c33
--- /dev/null
+++ b/src/agents/test-helpers/subagent-gateway.ts
@@ -0,0 +1,9 @@
+export function installAcceptedSubagentGatewayMock(mock: {
+  mockImplementation: (
+    impl: (opts: { method?: string; params?: unknown }) => Promise<unknown>,
+  ) => unknown;
+}) {
+  mock.mockImplementation(async ({ method }) =>
+    method === "agent" ? { runId: "run-1" } : method?.startsWith("sessions.") ? { ok: true } : {},
+  );
+}
diff --git a/src/agents/tool-display-common.ts b/src/agents/tool-display-common.ts
index a7564c98052..f5d231fd898 100644
--- a/src/agents/tool-display-common.ts
+++ b/src/agents/tool-display-common.ts
@@ -1081,9 +1081,10 @@ export function resolveExecDetail(args: unknown): string | undefined {
 
   const displaySummary = cwd ? `${summary} (in ${cwd})` : summary;
 
-  // Append the raw command when the summary differs meaningfully from the command itself.
+  // Keep the raw command inline so chat surfaces do not break "Exec:" onto a
+  // separate paragraph/code block.
   if (compact && compact !== displaySummary && compact !== summary) {
-    return `${displaySummary}\n\n\`${compact}\``;
+    return `${displaySummary} · \`${compact}\``;
   }
 
   return displaySummary;
diff --git a/src/agents/tool-display.test.ts b/src/agents/tool-display.test.ts
index b41db4d0552..19ef7652ffb 100644
--- a/src/agents/tool-display.test.ts
+++ b/src/agents/tool-display.test.ts
@@ -112,9 +112,7 @@ describe("tool display details", () => {
       }),
     );
 
-    expect(detail).toBe(
-      "install dependencies (in ~/my-project)\n\n`cd ~/my-project && npm install`",
-    );
+    expect(detail).toBe("install dependencies (in ~/my-project), `cd ~/my-project && npm install`");
   });
 
   it("moves cd path to context suffix with multiple stages and raw command", () => {
@@ -126,7 +124,7 @@ describe("tool display details", () => {
     );
 
     expect(detail).toBe(
-      "install dependencies → run tests (in ~/my-project)\n\n`cd ~/my-project && npm install && npm test`",
+      "install dependencies → run tests (in ~/my-project), `cd ~/my-project && npm install && npm test`",
     );
   });
 
@@ -138,7 +136,7 @@ describe("tool display details", () => {
       }),
     );
 
-    expect(detail).toBe("check git status (in /tmp)\n\n`pushd /tmp && git status`");
+    expect(detail).toBe("check git status (in /tmp), `pushd /tmp && git status`");
   });
 
   it("clears inferred cwd when popd is stripped from preamble", () => {
@@ -149,7 +147,7 @@ describe("tool display details", () => {
       }),
     );
 
-    expect(detail).toBe("install dependencies\n\n`pushd /tmp && popd && npm install`");
+    expect(detail).toBe("install dependencies, `pushd /tmp && popd && npm install`");
   });
 
   it("moves cd path to context suffix with || separator", () => {
@@ -173,7 +171,7 @@ describe("tool display details", () => {
       }),
     );
 
-    expect(detail).toBe("install dependencies (in /app)\n\n`cd /tmp && npm install`");
+    expect(detail).toBe("install dependencies (in /app), `cd /tmp && npm install`");
   });
 
   it("summarizes all stages and appends raw command", () => {
@@ -185,7 +183,7 @@ describe("tool display details", () => {
     );
 
     expect(detail).toBe(
-      "fetch git changes → rebase git branch\n\n`git fetch && git rebase origin/main`",
+      "fetch git changes → rebase git branch, `git fetch && git rebase origin/main`",
     );
   });
 
diff --git a/src/agents/tools/browser-tool.actions.ts b/src/agents/tools/browser-tool.actions.ts
index 673585d16b3..a4b6cb456af 100644
--- a/src/agents/tools/browser-tool.actions.ts
+++ b/src/agents/tools/browser-tool.actions.ts
@@ -54,8 +54,27 @@ function formatTabsToolResult(tabs: unknown[]): AgentToolResult<unknown> {
   };
 }
 
+function formatConsoleToolResult(result: {
+  targetId?: string;
+  messages?: unknown[];
+}): AgentToolResult<unknown> {
+  const wrapped = wrapBrowserExternalJson({
+    kind: "console",
+    payload: result,
+    includeWarning: false,
+  });
+  return {
+    content: [{ type: "text" as const, text: wrapped.wrappedText }],
+    details: {
+      ...wrapped.safeDetails,
+      targetId: typeof result.targetId === "string" ? result.targetId : undefined,
+      messageCount: Array.isArray(result.messages) ? result.messages.length : undefined,
+    },
+  };
+}
+
 function isChromeStaleTargetError(profile: string | undefined, err: unknown): boolean {
-  if (profile !== "chrome") {
+  if (profile !== "chrome-relay" && profile !== "chrome") {
     return false;
   }
   const msg = String(err);
@@ -258,34 +277,10 @@ export async function executeConsoleAction(params: {
         targetId,
       },
     })) as { ok?: boolean; targetId?: string; messages?: unknown[] };
-    const wrapped = wrapBrowserExternalJson({
-      kind: "console",
-      payload: result,
-      includeWarning: false,
-    });
-    return {
-      content: [{ type: "text" as const, text: wrapped.wrappedText }],
-      details: {
-        ...wrapped.safeDetails,
-        targetId: typeof result.targetId === "string" ? result.targetId : undefined,
-        messageCount: Array.isArray(result.messages) ? result.messages.length : undefined,
-      },
-    };
+    return formatConsoleToolResult(result);
   }
   const result = await browserConsoleMessages(baseUrl, { level, targetId, profile });
-  const wrapped = wrapBrowserExternalJson({
-    kind: "console",
-    payload: result,
-    includeWarning: false,
-  });
-  return {
-    content: [{ type: "text" as const, text: wrapped.wrappedText }],
-    details: {
-      ...wrapped.safeDetails,
-      targetId: result.targetId,
-      messageCount: result.messages.length,
-    },
-  };
+  return formatConsoleToolResult(result);
 }
 
 export async function executeActAction(params: {
@@ -345,7 +340,7 @@ export async function executeActAction(params: {
         );
       }
       throw new Error(
-        `Chrome tab not found (stale targetId?). Run action=tabs profile="chrome" and use one of the returned targetIds.`,
+        `Chrome tab not found (stale targetId?). Run action=tabs profile="chrome-relay" and use one of the returned targetIds.`,
         { cause: err },
       );
     }
diff --git a/src/agents/tools/browser-tool.test.ts b/src/agents/tools/browser-tool.test.ts
index 81996afb419..adaaea78221 100644
--- a/src/agents/tools/browser-tool.test.ts
+++ b/src/agents/tools/browser-tool.test.ts
@@ -54,7 +54,45 @@ const browserConfigMocks = vi.hoisted(() => ({
   resolveBrowserConfig: vi.fn(() => ({
     enabled: true,
     controlPort: 18791,
+    profiles: {},
+    defaultProfile: "openclaw",
   })),
+  resolveProfile: vi.fn((resolved: Record<string, unknown>, name: string) => {
+    const profile = (resolved.profiles as Record<string, Record<string, unknown>> | undefined)?.[
+      name
+    ];
+    if (!profile) {
+      return null;
+    }
+    const driver =
+      profile.driver === "extension"
+        ? "extension"
+        : profile.driver === "existing-session"
+          ? "existing-session"
+          : "openclaw";
+    if (driver === "existing-session") {
+      return {
+        name,
+        driver,
+        cdpPort: 0,
+        cdpUrl: "",
+        cdpHost: "",
+        cdpIsLoopback: true,
+        color: typeof profile.color === "string" ? profile.color : "#FF4500",
+        attachOnly: true,
+      };
+    }
+    return {
+      name,
+      driver,
+      cdpPort: typeof profile.cdpPort === "number" ? profile.cdpPort : 18792,
+      cdpUrl: typeof profile.cdpUrl === "string" ? profile.cdpUrl : "http://127.0.0.1:18792",
+      cdpHost: "127.0.0.1",
+      cdpIsLoopback: true,
+      color: typeof profile.color === "string" ? profile.color : "#FF4500",
+      attachOnly: profile.attachOnly === true,
+    };
+  }),
 }));
 vi.mock("../../browser/config.js", () => browserConfigMocks);
 
@@ -117,9 +155,27 @@ function mockSingleBrowserProxyNode() {
 function resetBrowserToolMocks() {
   vi.clearAllMocks();
   configMocks.loadConfig.mockReturnValue({ browser: {} });
+  browserConfigMocks.resolveBrowserConfig.mockReturnValue({
+    enabled: true,
+    controlPort: 18791,
+    profiles: {},
+    defaultProfile: "openclaw",
+  });
   nodesUtilsMocks.listNodes.mockResolvedValue([]);
 }
 
+function setResolvedBrowserProfiles(
+  profiles: Record<string, Record<string, unknown>>,
+  defaultProfile = "openclaw",
+) {
+  browserConfigMocks.resolveBrowserConfig.mockReturnValue({
+    enabled: true,
+    controlPort: 18791,
+    profiles,
+    defaultProfile,
+  });
+}
+
 function registerBrowserToolAfterEachReset() {
   afterEach(() => {
     resetBrowserToolMocks();
@@ -231,26 +287,91 @@ describe("browser tool snapshot maxChars", () => {
     expect(opts?.mode).toBeUndefined();
   });
 
-  it("defaults to host when using profile=chrome (even in sandboxed sessions)", async () => {
+  it("defaults to host when using profile=chrome-relay (even in sandboxed sessions)", async () => {
+    setResolvedBrowserProfiles({
+      "chrome-relay": {
+        driver: "extension",
+        cdpUrl: "http://127.0.0.1:18792",
+        color: "#0066CC",
+      },
+    });
     const tool = createBrowserTool({ sandboxBridgeUrl: "http://127.0.0.1:9999" });
-    await tool.execute?.("call-1", { action: "snapshot", profile: "chrome", snapshotFormat: "ai" });
+    await tool.execute?.("call-1", {
+      action: "snapshot",
+      profile: "chrome-relay",
+      snapshotFormat: "ai",
+    });
 
     expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
       undefined,
       expect.objectContaining({
-        profile: "chrome",
+        profile: "chrome-relay",
       }),
     );
   });
 
-  it("lets the server choose snapshot format when the user does not request one", async () => {
-    const tool = createBrowserTool();
-    await tool.execute?.("call-1", { action: "snapshot", profile: "chrome" });
+  it("defaults to host when using profile=user (even in sandboxed sessions)", async () => {
+    setResolvedBrowserProfiles({
+      user: { driver: "existing-session", attachOnly: true, color: "#00AA00" },
+    });
+    const tool = createBrowserTool({ sandboxBridgeUrl: "http://127.0.0.1:9999" });
+    await tool.execute?.("call-1", {
+      action: "snapshot",
+      profile: "user",
+      snapshotFormat: "ai",
+    });
 
     expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
       undefined,
       expect.objectContaining({
-        profile: "chrome",
+        profile: "user",
+      }),
+    );
+  });
+
+  it("defaults to host for custom existing-session profiles too", async () => {
+    setResolvedBrowserProfiles({
+      "chrome-live": { driver: "existing-session", attachOnly: true, color: "#00AA00" },
+    });
+    const tool = createBrowserTool({ sandboxBridgeUrl: "http://127.0.0.1:9999" });
+    await tool.execute?.("call-1", {
+      action: "snapshot",
+      profile: "chrome-live",
+      snapshotFormat: "ai",
+    });
+
+    expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
+      undefined,
+      expect.objectContaining({
+        profile: "chrome-live",
+      }),
+    );
+  });
+
+  it('rejects profile="user" with target="sandbox"', async () => {
+    setResolvedBrowserProfiles({
+      user: { driver: "existing-session", attachOnly: true, color: "#00AA00" },
+    });
+    const tool = createBrowserTool({ sandboxBridgeUrl: "http://127.0.0.1:9999" });
+
+    await expect(
+      tool.execute?.("call-1", {
+        action: "snapshot",
+        profile: "user",
+        target: "sandbox",
+        snapshotFormat: "ai",
+      }),
+    ).rejects.toThrow(/profile="user" cannot use the sandbox browser/i);
+  });
+
+  it("lets the server choose snapshot format when the user does not request one", async () => {
+    const tool = createBrowserTool();
+    await tool.execute?.("call-1", { action: "snapshot", profile: "chrome-relay" });
+
+    expect(browserClientMocks.browserSnapshot).toHaveBeenCalledWith(
+      undefined,
+      expect.objectContaining({
+        profile: "chrome-relay",
       }),
     );
     const opts = browserClientMocks.browserSnapshot.mock.calls.at(-1)?.[1] as
@@ -317,14 +438,21 @@ describe("browser tool snapshot maxChars", () => {
     expect(gatewayMocks.callGatewayTool).not.toHaveBeenCalled();
   });
 
-  it("keeps chrome profile on host when node proxy is available", async () => {
+  it("keeps chrome-relay profile on host when node proxy is available", async () => {
     mockSingleBrowserProxyNode();
+    setResolvedBrowserProfiles({
+      "chrome-relay": {
+        driver: "extension",
+        cdpUrl: "http://127.0.0.1:18792",
+        color: "#0066CC",
+      },
+    });
     const tool = createBrowserTool();
-    await tool.execute?.("call-1", { action: "status", profile: "chrome" });
+    await tool.execute?.("call-1", { action: "status", profile: "chrome-relay" });
 
     expect(browserClientMocks.browserStatus).toHaveBeenCalledWith(
       undefined,
-      expect.objectContaining({ profile: "chrome" }),
+      expect.objectContaining({ profile: "chrome-relay" }),
     );
     expect(gatewayMocks.callGatewayTool).not.toHaveBeenCalled();
   });
@@ -617,7 +745,7 @@ describe("browser tool external content wrapping", () => {
 describe("browser tool act stale target recovery", () => {
   registerBrowserToolAfterEachReset();
 
-  it("retries safe chrome act once without targetId when exactly one tab remains", async () => {
+  it("retries safe chrome-relay act once without targetId when exactly one tab remains", async () => {
     browserActionsMocks.browserAct
       .mockRejectedValueOnce(new Error("404: tab not found"))
       .mockResolvedValueOnce({ ok: true });
@@ -626,7 +754,7 @@ describe("browser tool act stale target recovery", () => {
     const tool = createBrowserTool();
     const result = await tool.execute?.("call-1", {
       action: "act",
-      profile: "chrome",
+      profile: "chrome-relay",
       request: {
         kind: "hover",
         targetId: "stale-tab",
@@ -639,18 +767,18 @@ describe("browser tool act stale target recovery", () => {
       1,
       undefined,
       expect.objectContaining({ targetId: "stale-tab", kind: "hover", ref: "btn-1" }),
-      expect.objectContaining({ profile: "chrome" }),
+      expect.objectContaining({ profile: "chrome-relay" }),
     );
     expect(browserActionsMocks.browserAct).toHaveBeenNthCalledWith(
       2,
       undefined,
       expect.not.objectContaining({ targetId: expect.anything() }),
-      expect.objectContaining({ profile: "chrome" }),
+      expect.objectContaining({ profile: "chrome-relay" }),
     );
     expect(result?.details).toMatchObject({ ok: true });
   });
 
-  it("does not retry mutating chrome act requests without targetId", async () => {
+  it("does not retry mutating chrome-relay act requests without targetId", async () => {
     browserActionsMocks.browserAct.mockRejectedValueOnce(new Error("404: tab not found"));
     browserClientMocks.browserTabs.mockResolvedValueOnce([{ targetId: "only-tab" }]);
 
@@ -658,14 +786,14 @@ describe("browser tool act stale target recovery", () => {
     await expect(
       tool.execute?.("call-1", {
         action: "act",
-        profile: "chrome",
+        profile: "chrome-relay",
         request: {
           kind: "click",
           targetId: "stale-tab",
           ref: "btn-1",
         },
       }),
-    ).rejects.toThrow(/Run action=tabs profile="chrome"/i);
+    ).rejects.toThrow(/Run action=tabs profile="chrome-relay"/i);
 
     expect(browserActionsMocks.browserAct).toHaveBeenCalledTimes(1);
   });
diff --git a/src/agents/tools/browser-tool.ts b/src/agents/tools/browser-tool.ts
index 200013ff1a7..8cb57435100 100644
--- a/src/agents/tools/browser-tool.ts
+++ b/src/agents/tools/browser-tool.ts
@@ -16,8 +16,9 @@ import {
   browserStatus,
   browserStop,
 } from "../../browser/client.js";
-import { resolveBrowserConfig } from "../../browser/config.js";
+import { resolveBrowserConfig, resolveProfile } from "../../browser/config.js";
 import { DEFAULT_UPLOAD_DIR, resolveExistingPathsWithinRoot } from "../../browser/paths.js";
+import { getBrowserProfileCapabilities } from "../../browser/profile-capabilities.js";
 import { applyBrowserProxyPaths, persistBrowserProxyFiles } from "../../browser/proxy-files.js";
 import {
   trackSessionBrowserTab,
@@ -278,6 +279,24 @@ function resolveBrowserBaseUrl(params: {
   return undefined;
 }
 
+function shouldPreferHostForProfile(profileName: string | undefined) {
+  if (!profileName) {
+    return false;
+  }
+  const cfg = loadConfig();
+  const resolved = resolveBrowserConfig(cfg.browser, cfg);
+  const profile = resolveProfile(resolved, profileName);
+  if (!profile) {
+    return false;
+  }
+  const capabilities = getBrowserProfileCapabilities(profile);
+  return capabilities.requiresRelay || capabilities.usesChromeMcp;
+}
+
+function isHostOnlyProfileName(profileName: string | undefined) {
+  return profileName === "user" || profileName === "chrome-relay";
+}
+
 export function createBrowserTool(opts?: {
   sandboxBridgeUrl?: string;
   allowHostControl?: boolean;
@@ -291,10 +310,12 @@ export function createBrowserTool(opts?: {
     name: "browser",
     description: [
       "Control the browser via OpenClaw's browser control server (status/start/stop/profiles/tabs/open/snapshot/screenshot/actions).",
-      'Profiles: use profile="chrome" for Chrome extension relay takeover (your existing Chrome tabs). Use profile="openclaw" for the isolated openclaw-managed browser.',
-      'If the user mentions the Chrome extension / Browser Relay / toolbar button / “attach tab”, ALWAYS use profile="chrome" (do not ask which profile).',
+      "Browser choice: omit profile by default for the isolated OpenClaw-managed browser (`openclaw`).",
+      'For the logged-in user browser on the local host, prefer profile="user". Use it only when existing logins/cookies matter and the user is present to click/approve any browser attach prompt.',
+      'Use profile="chrome-relay" only for the Chrome extension / Browser Relay / toolbar-button attach-tab flow, or when the user explicitly asks for the extension relay.',
+      'If the user mentions the Chrome extension / Browser Relay / toolbar button / “attach tab”, ALWAYS prefer profile="chrome-relay". Otherwise prefer profile="user" over the extension relay for user-browser work.',
       'When a node-hosted browser proxy is available, the tool may auto-route to it. Pin a node with node=<id|name> or target="node".',
-      "Chrome extension relay needs an attached tab: user must click the OpenClaw Browser Relay toolbar icon on the tab (badge ON). If no tab is connected, ask them to attach it.",
+      'User-browser flows need user interaction: profile="user" may require approving a browser attach prompt; profile="chrome-relay" needs the user to click the OpenClaw Browser Relay toolbar icon on the tab (badge ON). If user presence is unclear, ask first.',
       "When using refs from snapshot (e.g. e12), keep the same tab: prefer passing targetId from the snapshot response into subsequent actions (act/click/type/etc).",
       'For stable, self-resolving refs across calls, use snapshot with refs="aria" (Playwright aria-ref ids). Default refs="role" are role+name-based.',
       "Use snapshot+act for UI automation. Avoid act:wait by default; use only in exceptional cases when no reliable UI state exists.",
@@ -312,9 +333,18 @@ export function createBrowserTool(opts?: {
       if (requestedNode && target && target !== "node") {
         throw new Error('node is only supported with target="node".');
       }
-
-      if (!target && !requestedNode && profile === "chrome") {
-        // Chrome extension relay takeover is a host Chrome feature; prefer host unless explicitly targeting a node.
+      if (isHostOnlyProfileName(profile)) {
+        if (requestedNode || target === "node") {
+          throw new Error(`profile="${profile}" only supports the local host browser.`);
+        }
+        if (target === "sandbox") {
+          throw new Error(
+            `profile="${profile}" cannot use the sandbox browser; use target="host" or omit target.`,
+          );
+        }
+      }
+      if (!target && !requestedNode && shouldPreferHostForProfile(profile)) {
+        // Local host user-browser profiles should not silently bind to sandbox/node browsers.
         target = "host";
       }
 
diff --git a/src/agents/tools/cron-tool.ts b/src/agents/tools/cron-tool.ts
index 14df6901024..2976dee3924 100644
--- a/src/agents/tools/cron-tool.ts
+++ b/src/agents/tools/cron-tool.ts
@@ -230,11 +230,22 @@ JOB SCHEMA (for add action):
   "name": "string (optional)",
   "schedule": { ... },      // Required: when to run
   "payload": { ... },       // Required: what to execute
-  "delivery": { ... },      // Optional: announce summary or webhook POST
-  "sessionTarget": "main" | "isolated",  // Required
+  "delivery": { ... },      // Optional: announce summary (isolated/current/session:xxx only) or webhook POST
+  "sessionTarget": "main" | "isolated" | "current" | "session:<custom-id>",  // Optional, defaults based on context
   "enabled": true | false   // Optional, default true
 }
 
+SESSION TARGET OPTIONS:
+- "main": Run in the main session (requires payload.kind="systemEvent")
+- "isolated": Run in an ephemeral isolated session (requires payload.kind="agentTurn")
+- "current": Bind to the current session where the cron is created (resolved at creation time)
+- "session:<custom-id>": Run in a persistent named session (e.g., "session:project-alpha-daily")
+
+DEFAULT BEHAVIOR (unchanged for backward compatibility):
+- payload.kind="systemEvent" → defaults to "main"
+- payload.kind="agentTurn" → defaults to "isolated"
+To use current session binding, explicitly set sessionTarget="current".
+
 SCHEDULE TYPES (schedule.kind):
 - "at": One-shot at absolute time
   { "kind": "at", "at": "<ISO-8601 timestamp>" }
@@ -260,9 +271,9 @@ DELIVERY (top-level):
 
 CRITICAL CONSTRAINTS:
 - sessionTarget="main" REQUIRES payload.kind="systemEvent"
-- sessionTarget="isolated" REQUIRES payload.kind="agentTurn"
+- sessionTarget="isolated" | "current" | "session:xxx" REQUIRES payload.kind="agentTurn"
 - For webhook callbacks, use delivery.mode="webhook" with delivery.to set to a URL.
-Default: prefer isolated agentTurn jobs unless the user explicitly wants a main-session system event.
+Default: prefer isolated agentTurn jobs unless the user explicitly wants current-session binding.
 
 WAKE MODES (for wake action):
 - "next-heartbeat" (default): Wake on next heartbeat
@@ -346,7 +357,10 @@ Use jobId as the canonical identifier; id is accepted for compatibility. Use con
           if (!params.job || typeof params.job !== "object") {
             throw new Error("job required");
           }
-          const job = normalizeCronJobCreate(params.job) ?? params.job;
+          const job =
+            normalizeCronJobCreate(params.job, {
+              sessionContext: { sessionKey: opts?.agentSessionKey },
+            }) ?? params.job;
           if (job && typeof job === "object") {
             const cfg = loadConfig();
             const { mainKey, alias } = resolveMainSessionAlias(cfg);
diff --git a/src/agents/tools/discord-actions-guild.ts b/src/agents/tools/discord-actions-guild.ts
index 5fb10c87820..6e08c87a276 100644
--- a/src/agents/tools/discord-actions-guild.ts
+++ b/src/agents/tools/discord-actions-guild.ts
@@ -1,6 +1,5 @@
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
-import type { DiscordActionConfig } from "../../config/config.js";
-import { getPresence } from "../../discord/monitor/presence-cache.js";
+import { getPresence } from "../../../extensions/discord/src/monitor/presence-cache.js";
 import {
   addRoleDiscord,
   createChannelDiscord,
@@ -20,7 +19,8 @@ import {
   setChannelPermissionDiscord,
   uploadEmojiDiscord,
   uploadStickerDiscord,
-} from "../../discord/send.js";
+} from "../../../extensions/discord/src/send.js";
+import type { DiscordActionConfig } from "../../config/config.js";
 import {
   type ActionGate,
   jsonResult,
@@ -60,6 +60,13 @@ async function runRoleMutation(params: {
   await params.mutate({ guildId, userId, roleId });
 }
 
+function readChannelPermissionTarget(params: Record<string, unknown>) {
+  return {
+    channelId: readStringParam(params, "channelId", { required: true }),
+    targetId: readStringParam(params, "targetId", { required: true }),
+  };
+}
+
 export async function handleDiscordGuildAction(
   action: string,
   params: Record<string, unknown>,
@@ -453,10 +460,7 @@ export async function handleDiscordGuildAction(
       if (!isActionEnabled("channels")) {
         throw new Error("Discord channel management is disabled.");
       }
-      const channelId = readStringParam(params, "channelId", {
-        required: true,
-      });
-      const targetId = readStringParam(params, "targetId", { required: true });
+      const { channelId, targetId } = readChannelPermissionTarget(params);
       const targetTypeRaw = readStringParam(params, "targetType", {
         required: true,
       });
@@ -489,10 +493,7 @@ export async function handleDiscordGuildAction(
       if (!isActionEnabled("channels")) {
         throw new Error("Discord channel management is disabled.");
       }
-      const channelId = readStringParam(params, "channelId", {
-        required: true,
-      });
-      const targetId = readStringParam(params, "targetId", { required: true });
+      const { channelId, targetId } = readChannelPermissionTarget(params);
       if (accountId) {
         await removeChannelPermissionDiscord(channelId, targetId, { accountId });
       } else {
diff --git a/src/agents/tools/discord-actions-messaging.ts b/src/agents/tools/discord-actions-messaging.ts
index 7349e65a3e6..c38f2d7066f 100644
--- a/src/agents/tools/discord-actions-messaging.ts
+++ b/src/agents/tools/discord-actions-messaging.ts
@@ -1,7 +1,5 @@
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
-import type { DiscordActionConfig } from "../../config/config.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import { readDiscordComponentSpec } from "../../discord/components.js";
+import { readDiscordComponentSpec } from "../../../extensions/discord/src/components.js";
 import {
   createThreadDiscord,
   deleteMessageDiscord,
@@ -23,9 +21,14 @@ import {
   sendStickerDiscord,
   sendVoiceMessageDiscord,
   unpinMessageDiscord,
-} from "../../discord/send.js";
-import type { DiscordSendComponents, DiscordSendEmbeds } from "../../discord/send.shared.js";
-import { resolveDiscordChannelId } from "../../discord/targets.js";
+} from "../../../extensions/discord/src/send.js";
+import type {
+  DiscordSendComponents,
+  DiscordSendEmbeds,
+} from "../../../extensions/discord/src/send.shared.js";
+import { resolveDiscordChannelId } from "../../../extensions/discord/src/targets.js";
+import type { DiscordActionConfig } from "../../config/config.js";
+import type { OpenClawConfig } from "../../config/config.js";
 import { readBooleanParam } from "../../plugin-sdk/boolean-param.js";
 import { resolvePollMaxSelections } from "../../polls.js";
 import { withNormalizedTimestamp } from "../date-time.js";
diff --git a/src/agents/tools/discord-actions-moderation.authz.test.ts b/src/agents/tools/discord-actions-moderation.authz.test.ts
index 606a3178dd6..d6b3651ca88 100644
--- a/src/agents/tools/discord-actions-moderation.authz.test.ts
+++ b/src/agents/tools/discord-actions-moderation.authz.test.ts
@@ -13,7 +13,7 @@ const discordSendMocks = vi.hoisted(() => ({
 const { banMemberDiscord, kickMemberDiscord, timeoutMemberDiscord, hasAnyGuildPermissionDiscord } =
   discordSendMocks;
 
-vi.mock("../../discord/send.js", () => ({
+vi.mock("../../../extensions/discord/src/send.js", () => ({
   ...discordSendMocks,
 }));
 
diff --git a/src/agents/tools/discord-actions-moderation.ts b/src/agents/tools/discord-actions-moderation.ts
index c2dd5ebc142..68db19d1d7f 100644
--- a/src/agents/tools/discord-actions-moderation.ts
+++ b/src/agents/tools/discord-actions-moderation.ts
@@ -1,11 +1,11 @@
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
-import type { DiscordActionConfig } from "../../config/config.js";
 import {
   banMemberDiscord,
   hasAnyGuildPermissionDiscord,
   kickMemberDiscord,
   timeoutMemberDiscord,
-} from "../../discord/send.js";
+} from "../../../extensions/discord/src/send.js";
+import type { DiscordActionConfig } from "../../config/config.js";
 import { type ActionGate, jsonResult, readStringParam } from "./common.js";
 import {
   isDiscordModerationAction,
diff --git a/src/agents/tools/discord-actions-presence.test.ts b/src/agents/tools/discord-actions-presence.test.ts
index d1476f9b9b3..dc8080666c6 100644
--- a/src/agents/tools/discord-actions-presence.test.ts
+++ b/src/agents/tools/discord-actions-presence.test.ts
@@ -1,7 +1,10 @@
 import type { GatewayPlugin } from "@buape/carbon/gateway";
 import { beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  clearGateways,
+  registerGateway,
+} from "../../../extensions/discord/src/monitor/gateway-registry.js";
 import type { DiscordActionConfig } from "../../config/config.js";
-import { clearGateways, registerGateway } from "../../discord/monitor/gateway-registry.js";
 import type { ActionGate } from "./common.js";
 import { handleDiscordPresenceAction } from "./discord-actions-presence.js";
 
diff --git a/src/agents/tools/discord-actions-presence.ts b/src/agents/tools/discord-actions-presence.ts
index 90639aa64e4..46f476bafec 100644
--- a/src/agents/tools/discord-actions-presence.ts
+++ b/src/agents/tools/discord-actions-presence.ts
@@ -1,7 +1,7 @@
 import type { Activity, UpdatePresenceData } from "@buape/carbon/gateway";
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
+import { getGateway } from "../../../extensions/discord/src/monitor/gateway-registry.js";
 import type { DiscordActionConfig } from "../../config/config.js";
-import { getGateway } from "../../discord/monitor/gateway-registry.js";
 import { type ActionGate, jsonResult, readStringParam } from "./common.js";
 
 const ACTIVITY_TYPE_MAP: Record<string, number> = {
diff --git a/src/agents/tools/discord-actions.test.ts b/src/agents/tools/discord-actions.test.ts
index 95f6c7ec4f2..ab2d71caf23 100644
--- a/src/agents/tools/discord-actions.test.ts
+++ b/src/agents/tools/discord-actions.test.ts
@@ -67,7 +67,7 @@ const {
   timeoutMemberDiscord,
 } = discordSendMocks;
 
-vi.mock("../../discord/send.js", () => ({
+vi.mock("../../../extensions/discord/src/send.js", () => ({
   ...discordSendMocks,
 }));
 
diff --git a/src/agents/tools/discord-actions.ts b/src/agents/tools/discord-actions.ts
index d4533517c8a..9b1c57bb240 100644
--- a/src/agents/tools/discord-actions.ts
+++ b/src/agents/tools/discord-actions.ts
@@ -1,6 +1,6 @@
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
+import { createDiscordActionGate } from "../../../extensions/discord/src/accounts.js";
 import type { OpenClawConfig } from "../../config/config.js";
-import { createDiscordActionGate } from "../../discord/accounts.js";
 import { readStringParam } from "./common.js";
 import { handleDiscordGuildAction } from "./discord-actions-guild.js";
 import { handleDiscordMessagingAction } from "./discord-actions-messaging.js";
diff --git a/src/agents/tools/image-tool.test.ts b/src/agents/tools/image-tool.test.ts
index 78a7754e84a..bcec7f32de7 100644
--- a/src/agents/tools/image-tool.test.ts
+++ b/src/agents/tools/image-tool.test.ts
@@ -48,6 +48,19 @@ async function withTempWorkspacePng(
   }
 }
 
+function registerImageToolEnvReset(priorFetch: typeof global.fetch, keys: string[]) {
+  beforeEach(() => {
+    for (const key of keys) {
+      vi.stubEnv(key, "");
+    }
+  });
+
+  afterEach(() => {
+    vi.unstubAllEnvs();
+    global.fetch = priorFetch;
+  });
+}
+
 function stubMinimaxOkFetch() {
   const fetch = vi.fn().mockResolvedValue({
     ok: true,
@@ -229,24 +242,18 @@ function findSchemaUnionKeywords(schema: unknown, path = "root"): string[] {
 
 describe("image tool implicit imageModel config", () => {
   const priorFetch = global.fetch;
-
-  beforeEach(() => {
-    vi.stubEnv("OPENAI_API_KEY", "");
-    vi.stubEnv("ANTHROPIC_API_KEY", "");
-    vi.stubEnv("ANTHROPIC_OAUTH_TOKEN", "");
-    vi.stubEnv("MINIMAX_API_KEY", "");
-    vi.stubEnv("ZAI_API_KEY", "");
-    vi.stubEnv("Z_AI_API_KEY", "");
+  registerImageToolEnvReset(priorFetch, [
+    "OPENAI_API_KEY",
+    "ANTHROPIC_API_KEY",
+    "ANTHROPIC_OAUTH_TOKEN",
+    "MINIMAX_API_KEY",
+    "ZAI_API_KEY",
+    "Z_AI_API_KEY",
     // Avoid implicit Copilot provider discovery hitting the network in tests.
-    vi.stubEnv("COPILOT_GITHUB_TOKEN", "");
-    vi.stubEnv("GH_TOKEN", "");
-    vi.stubEnv("GITHUB_TOKEN", "");
-  });
-
-  afterEach(() => {
-    vi.unstubAllEnvs();
-    global.fetch = priorFetch;
-  });
+    "COPILOT_GITHUB_TOKEN",
+    "GH_TOKEN",
+    "GITHUB_TOKEN",
+  ]);
 
   it("stays disabled without auth when no pairing is possible", async () => {
     await withTempAgentDir(async (agentDir) => {
@@ -683,18 +690,12 @@ describe("image tool MiniMax VLM routing", () => {
   const pngB64 =
     "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/woAAn8B9FD5fHAAAAAASUVORK5CYII=";
   const priorFetch = global.fetch;
-
-  beforeEach(() => {
-    vi.stubEnv("MINIMAX_API_KEY", "");
-    vi.stubEnv("COPILOT_GITHUB_TOKEN", "");
-    vi.stubEnv("GH_TOKEN", "");
-    vi.stubEnv("GITHUB_TOKEN", "");
-  });
-
-  afterEach(() => {
-    vi.unstubAllEnvs();
-    global.fetch = priorFetch;
-  });
+  registerImageToolEnvReset(priorFetch, [
+    "MINIMAX_API_KEY",
+    "COPILOT_GITHUB_TOKEN",
+    "GH_TOKEN",
+    "GITHUB_TOKEN",
+  ]);
 
   async function createMinimaxVlmFixture(baseResp: { status_code: number; status_msg: string }) {
     const fetch = stubMinimaxFetch(baseResp, baseResp.status_code === 0 ? "ok" : "");
diff --git a/src/agents/tools/image-tool.ts b/src/agents/tools/image-tool.ts
index c1e9537d8c5..4a50263cada 100644
--- a/src/agents/tools/image-tool.ts
+++ b/src/agents/tools/image-tool.ts
@@ -1,8 +1,8 @@
 import { type Context, complete } from "@mariozechner/pi-ai";
 import { Type } from "@sinclair/typebox";
+import { loadWebMedia } from "../../../extensions/whatsapp/src/media.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import { resolveUserPath } from "../../utils.js";
-import { loadWebMedia } from "../../web/media.js";
 import { isMinimaxVlmModel, isMinimaxVlmProvider, minimaxUnderstandImage } from "../minimax-vlm.js";
 import {
   coerceImageAssistantText,
diff --git a/src/agents/tools/media-tool-shared.ts b/src/agents/tools/media-tool-shared.ts
index 177bf296275..8ad943a4b91 100644
--- a/src/agents/tools/media-tool-shared.ts
+++ b/src/agents/tools/media-tool-shared.ts
@@ -1,6 +1,6 @@
 import { type Api, type Model } from "@mariozechner/pi-ai";
+import { getDefaultLocalRoots } from "../../../extensions/whatsapp/src/media.js";
 import type { OpenClawConfig } from "../../config/config.js";
-import { getDefaultLocalRoots } from "../../web/media.js";
 import type { ImageModelConfig } from "./image-tool.helpers.js";
 import { getApiKeyForModel, normalizeWorkspaceDir, requireApiKey } from "./tool-runtime.helpers.js";
 
diff --git a/src/agents/tools/memory-tool.citations.test.ts b/src/agents/tools/memory-tool.citations.test.ts
index 0fe84c6f5fa..ea097658ecf 100644
--- a/src/agents/tools/memory-tool.citations.test.ts
+++ b/src/agents/tools/memory-tool.citations.test.ts
@@ -6,24 +6,14 @@ import {
   setMemorySearchImpl,
   type MemoryReadParams,
 } from "../../../test/helpers/memory-tool-manager-mock.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import { createMemoryGetTool, createMemorySearchTool } from "./memory-tool.js";
-
-function asOpenClawConfig(config: Partial<OpenClawConfig>): OpenClawConfig {
-  return config as OpenClawConfig;
-}
-
-function createToolConfig() {
-  return asOpenClawConfig({ agents: { list: [{ id: "main", default: true }] } });
-}
-
-function createMemoryGetToolOrThrow(config: OpenClawConfig = createToolConfig()) {
-  const tool = createMemoryGetTool({ config });
-  if (!tool) {
-    throw new Error("tool missing");
-  }
-  return tool;
-}
+import {
+  asOpenClawConfig,
+  createAutoCitationsMemorySearchTool,
+  createDefaultMemoryToolConfig,
+  createMemoryGetToolOrThrow,
+  createMemorySearchToolOrThrow,
+  expectUnavailableMemorySearchDetails,
+} from "./memory-tool.test-helpers.js";
 
 beforeEach(() => {
   resetMemoryToolMockState({
@@ -49,10 +39,7 @@ describe("memory search citations", () => {
       memory: { citations: "on" },
       agents: { list: [{ id: "main", default: true }] },
     });
-    const tool = createMemorySearchTool({ config: cfg });
-    if (!tool) {
-      throw new Error("tool missing");
-    }
+    const tool = createMemorySearchToolOrThrow({ config: cfg });
     const result = await tool.execute("call_citations_on", { query: "notes" });
     const details = result.details as { results: Array<{ snippet: string; citation?: string }> };
     expect(details.results[0]?.snippet).toMatch(/Source: MEMORY.md#L5-L7/);
@@ -65,10 +52,7 @@ describe("memory search citations", () => {
       memory: { citations: "off" },
       agents: { list: [{ id: "main", default: true }] },
     });
-    const tool = createMemorySearchTool({ config: cfg });
-    if (!tool) {
-      throw new Error("tool missing");
-    }
+    const tool = createMemorySearchToolOrThrow({ config: cfg });
     const result = await tool.execute("call_citations_off", { query: "notes" });
     const details = result.details as { results: Array<{ snippet: string; citation?: string }> };
     expect(details.results[0]?.snippet).not.toMatch(/Source:/);
@@ -81,10 +65,7 @@ describe("memory search citations", () => {
       memory: { citations: "on", backend: "qmd", qmd: { limits: { maxInjectedChars: 20 } } },
       agents: { list: [{ id: "main", default: true }] },
     });
-    const tool = createMemorySearchTool({ config: cfg });
-    if (!tool) {
-      throw new Error("tool missing");
-    }
+    const tool = createMemorySearchToolOrThrow({ config: cfg });
     const result = await tool.execute("call_citations_qmd", { query: "notes" });
     const details = result.details as { results: Array<{ snippet: string; citation?: string }> };
     expect(details.results[0]?.snippet.length).toBeLessThanOrEqual(20);
@@ -92,17 +73,7 @@ describe("memory search citations", () => {
 
   it("honors auto mode for direct chats", async () => {
     setMemoryBackend("builtin");
-    const cfg = asOpenClawConfig({
-      memory: { citations: "auto" },
-      agents: { list: [{ id: "main", default: true }] },
-    });
-    const tool = createMemorySearchTool({
-      config: cfg,
-      agentSessionKey: "agent:main:discord:dm:u123",
-    });
-    if (!tool) {
-      throw new Error("tool missing");
-    }
+    const tool = createAutoCitationsMemorySearchTool("agent:main:discord:dm:u123");
     const result = await tool.execute("auto_mode_direct", { query: "notes" });
     const details = result.details as { results: Array<{ snippet: string }> };
     expect(details.results[0]?.snippet).toMatch(/Source:/);
@@ -110,17 +81,7 @@ describe("memory search citations", () => {
 
   it("suppresses citations for auto mode in group chats", async () => {
     setMemoryBackend("builtin");
-    const cfg = asOpenClawConfig({
-      memory: { citations: "auto" },
-      agents: { list: [{ id: "main", default: true }] },
-    });
-    const tool = createMemorySearchTool({
-      config: cfg,
-      agentSessionKey: "agent:main:discord:group:c123",
-    });
-    if (!tool) {
-      throw new Error("tool missing");
-    }
+    const tool = createAutoCitationsMemorySearchTool("agent:main:discord:group:c123");
     const result = await tool.execute("auto_mode_group", { query: "notes" });
     const details = result.details as { results: Array<{ snippet: string }> };
     expect(details.results[0]?.snippet).not.toMatch(/Source:/);
@@ -133,18 +94,11 @@ describe("memory tools", () => {
       throw new Error("openai embeddings failed: 429 insufficient_quota");
     });
 
-    const cfg = { agents: { list: [{ id: "main", default: true }] } };
-    const tool = createMemorySearchTool({ config: cfg });
-    expect(tool).not.toBeNull();
-    if (!tool) {
-      throw new Error("tool missing");
-    }
+    const cfg = createDefaultMemoryToolConfig();
+    const tool = createMemorySearchToolOrThrow({ config: cfg });
 
     const result = await tool.execute("call_1", { query: "hello" });
-    expect(result.details).toEqual({
-      results: [],
-      disabled: true,
-      unavailable: true,
+    expectUnavailableMemorySearchDetails(result.details, {
       error: "openai embeddings failed: 429 insufficient_quota",
       warning: "Memory search is unavailable because the embedding provider quota is exhausted.",
       action: "Top up or switch embedding provider, then retry memory_search.",
diff --git a/src/agents/tools/memory-tool.test-helpers.ts b/src/agents/tools/memory-tool.test-helpers.ts
new file mode 100644
index 00000000000..9a1d0e455f3
--- /dev/null
+++ b/src/agents/tools/memory-tool.test-helpers.ts
@@ -0,0 +1,63 @@
+import { expect } from "vitest";
+import type { OpenClawConfig } from "../../config/config.js";
+import { createMemoryGetTool, createMemorySearchTool } from "./memory-tool.js";
+
+export function asOpenClawConfig(config: Partial<OpenClawConfig>): OpenClawConfig {
+  return config as OpenClawConfig;
+}
+
+export function createDefaultMemoryToolConfig(): OpenClawConfig {
+  return asOpenClawConfig({ agents: { list: [{ id: "main", default: true }] } });
+}
+
+export function createMemorySearchToolOrThrow(params?: {
+  config?: OpenClawConfig;
+  agentSessionKey?: string;
+}) {
+  const tool = createMemorySearchTool({
+    config: params?.config ?? createDefaultMemoryToolConfig(),
+    ...(params?.agentSessionKey ? { agentSessionKey: params.agentSessionKey } : {}),
+  });
+  if (!tool) {
+    throw new Error("tool missing");
+  }
+  return tool;
+}
+
+export function createMemoryGetToolOrThrow(
+  config: OpenClawConfig = createDefaultMemoryToolConfig(),
+) {
+  const tool = createMemoryGetTool({ config });
+  if (!tool) {
+    throw new Error("tool missing");
+  }
+  return tool;
+}
+
+export function createAutoCitationsMemorySearchTool(agentSessionKey: string) {
+  return createMemorySearchToolOrThrow({
+    config: asOpenClawConfig({
+      memory: { citations: "auto" },
+      agents: { list: [{ id: "main", default: true }] },
+    }),
+    agentSessionKey,
+  });
+}
+
+export function expectUnavailableMemorySearchDetails(
+  details: unknown,
+  params: {
+    error: string;
+    warning: string;
+    action: string;
+  },
+) {
+  expect(details).toEqual({
+    results: [],
+    disabled: true,
+    unavailable: true,
+    error: params.error,
+    warning: params.warning,
+    action: params.action,
+  });
+}
diff --git a/src/agents/tools/memory-tool.test.ts b/src/agents/tools/memory-tool.test.ts
index de907c01632..e8764bd9f46 100644
--- a/src/agents/tools/memory-tool.test.ts
+++ b/src/agents/tools/memory-tool.test.ts
@@ -1,9 +1,12 @@
-import { beforeEach, describe, expect, it } from "vitest";
+import { beforeEach, describe, it } from "vitest";
 import {
   resetMemoryToolMockState,
   setMemorySearchImpl,
 } from "../../../test/helpers/memory-tool-manager-mock.js";
-import { createMemorySearchTool } from "./memory-tool.js";
+import {
+  createMemorySearchToolOrThrow,
+  expectUnavailableMemorySearchDetails,
+} from "./memory-tool.test-helpers.js";
 
 describe("memory_search unavailable payloads", () => {
   beforeEach(() => {
@@ -15,18 +18,9 @@ describe("memory_search unavailable payloads", () => {
       throw new Error("openai embeddings failed: 429 insufficient_quota");
     });
 
-    const tool = createMemorySearchTool({
-      config: { agents: { list: [{ id: "main", default: true }] } },
-    });
-    if (!tool) {
-      throw new Error("tool missing");
-    }
-
+    const tool = createMemorySearchToolOrThrow();
     const result = await tool.execute("quota", { query: "hello" });
-    expect(result.details).toEqual({
-      results: [],
-      disabled: true,
-      unavailable: true,
+    expectUnavailableMemorySearchDetails(result.details, {
       error: "openai embeddings failed: 429 insufficient_quota",
       warning: "Memory search is unavailable because the embedding provider quota is exhausted.",
       action: "Top up or switch embedding provider, then retry memory_search.",
@@ -38,18 +32,9 @@ describe("memory_search unavailable payloads", () => {
       throw new Error("embedding provider timeout");
     });
 
-    const tool = createMemorySearchTool({
-      config: { agents: { list: [{ id: "main", default: true }] } },
-    });
-    if (!tool) {
-      throw new Error("tool missing");
-    }
-
+    const tool = createMemorySearchToolOrThrow();
     const result = await tool.execute("generic", { query: "hello" });
-    expect(result.details).toEqual({
-      results: [],
-      disabled: true,
-      unavailable: true,
+    expectUnavailableMemorySearchDetails(result.details, {
       error: "embedding provider timeout",
       warning: "Memory search is unavailable due to an embedding/provider error.",
       action: "Check embedding provider configuration and retry memory_search.",
diff --git a/src/agents/tools/memory-tool.ts b/src/agents/tools/memory-tool.ts
index c0d595b21a2..bb5086bdb15 100644
--- a/src/agents/tools/memory-tool.ts
+++ b/src/agents/tools/memory-tool.ts
@@ -37,106 +37,135 @@ function resolveMemoryToolContext(options: { config?: OpenClawConfig; agentSessi
   return { cfg, agentId };
 }
 
+async function getMemoryManagerContext(params: { cfg: OpenClawConfig; agentId: string }): Promise<
+  | {
+      manager: NonNullable<Awaited<ReturnType<typeof getMemorySearchManager>>["manager"]>;
+    }
+  | {
+      error: string | undefined;
+    }
+> {
+  const { manager, error } = await getMemorySearchManager({
+    cfg: params.cfg,
+    agentId: params.agentId,
+  });
+  return manager ? { manager } : { error };
+}
+
+function createMemoryTool(params: {
+  options: {
+    config?: OpenClawConfig;
+    agentSessionKey?: string;
+  };
+  label: string;
+  name: string;
+  description: string;
+  parameters: typeof MemorySearchSchema | typeof MemoryGetSchema;
+  execute: (ctx: { cfg: OpenClawConfig; agentId: string }) => AnyAgentTool["execute"];
+}): AnyAgentTool | null {
+  const ctx = resolveMemoryToolContext(params.options);
+  if (!ctx) {
+    return null;
+  }
+  return {
+    label: params.label,
+    name: params.name,
+    description: params.description,
+    parameters: params.parameters,
+    execute: params.execute(ctx),
+  };
+}
+
 export function createMemorySearchTool(options: {
   config?: OpenClawConfig;
   agentSessionKey?: string;
 }): AnyAgentTool | null {
-  const ctx = resolveMemoryToolContext(options);
-  if (!ctx) {
-    return null;
-  }
-  const { cfg, agentId } = ctx;
-  return {
+  return createMemoryTool({
+    options,
     label: "Memory Search",
     name: "memory_search",
     description:
       "Mandatory recall step: semantically search MEMORY.md + memory/*.md (and optional session transcripts) before answering questions about prior work, decisions, dates, people, preferences, or todos; returns top snippets with path + lines. If response has disabled=true, memory retrieval is unavailable and should be surfaced to the user.",
     parameters: MemorySearchSchema,
-    execute: async (_toolCallId, params) => {
-      const query = readStringParam(params, "query", { required: true });
-      const maxResults = readNumberParam(params, "maxResults");
-      const minScore = readNumberParam(params, "minScore");
-      const { manager, error } = await getMemorySearchManager({
-        cfg,
-        agentId,
-      });
-      if (!manager) {
-        return jsonResult(buildMemorySearchUnavailableResult(error));
-      }
-      try {
-        const citationsMode = resolveMemoryCitationsMode(cfg);
-        const includeCitations = shouldIncludeCitations({
-          mode: citationsMode,
-          sessionKey: options.agentSessionKey,
-        });
-        const rawResults = await manager.search(query, {
-          maxResults,
-          minScore,
-          sessionKey: options.agentSessionKey,
-        });
-        const status = manager.status();
-        const decorated = decorateCitations(rawResults, includeCitations);
-        const resolved = resolveMemoryBackendConfig({ cfg, agentId });
-        const results =
-          status.backend === "qmd"
-            ? clampResultsByInjectedChars(decorated, resolved.qmd?.limits.maxInjectedChars)
-            : decorated;
-        const searchMode = (status.custom as { searchMode?: string } | undefined)?.searchMode;
-        return jsonResult({
-          results,
-          provider: status.provider,
-          model: status.model,
-          fallback: status.fallback,
-          citations: citationsMode,
-          mode: searchMode,
-        });
-      } catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        return jsonResult(buildMemorySearchUnavailableResult(message));
-      }
-    },
-  };
+    execute:
+      ({ cfg, agentId }) =>
+      async (_toolCallId, params) => {
+        const query = readStringParam(params, "query", { required: true });
+        const maxResults = readNumberParam(params, "maxResults");
+        const minScore = readNumberParam(params, "minScore");
+        const memory = await getMemoryManagerContext({ cfg, agentId });
+        if ("error" in memory) {
+          return jsonResult(buildMemorySearchUnavailableResult(memory.error));
+        }
+        try {
+          const citationsMode = resolveMemoryCitationsMode(cfg);
+          const includeCitations = shouldIncludeCitations({
+            mode: citationsMode,
+            sessionKey: options.agentSessionKey,
+          });
+          const rawResults = await memory.manager.search(query, {
+            maxResults,
+            minScore,
+            sessionKey: options.agentSessionKey,
+          });
+          const status = memory.manager.status();
+          const decorated = decorateCitations(rawResults, includeCitations);
+          const resolved = resolveMemoryBackendConfig({ cfg, agentId });
+          const results =
+            status.backend === "qmd"
+              ? clampResultsByInjectedChars(decorated, resolved.qmd?.limits.maxInjectedChars)
+              : decorated;
+          const searchMode = (status.custom as { searchMode?: string } | undefined)?.searchMode;
+          return jsonResult({
+            results,
+            provider: status.provider,
+            model: status.model,
+            fallback: status.fallback,
+            citations: citationsMode,
+            mode: searchMode,
+          });
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          return jsonResult(buildMemorySearchUnavailableResult(message));
+        }
+      },
+  });
 }
 
 export function createMemoryGetTool(options: {
   config?: OpenClawConfig;
   agentSessionKey?: string;
 }): AnyAgentTool | null {
-  const ctx = resolveMemoryToolContext(options);
-  if (!ctx) {
-    return null;
-  }
-  const { cfg, agentId } = ctx;
-  return {
+  return createMemoryTool({
+    options,
     label: "Memory Get",
     name: "memory_get",
     description:
       "Safe snippet read from MEMORY.md or memory/*.md with optional from/lines; use after memory_search to pull only the needed lines and keep context small.",
     parameters: MemoryGetSchema,
-    execute: async (_toolCallId, params) => {
-      const relPath = readStringParam(params, "path", { required: true });
-      const from = readNumberParam(params, "from", { integer: true });
-      const lines = readNumberParam(params, "lines", { integer: true });
-      const { manager, error } = await getMemorySearchManager({
-        cfg,
-        agentId,
-      });
-      if (!manager) {
-        return jsonResult({ path: relPath, text: "", disabled: true, error });
-      }
-      try {
-        const result = await manager.readFile({
-          relPath,
-          from: from ?? undefined,
-          lines: lines ?? undefined,
-        });
-        return jsonResult(result);
-      } catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        return jsonResult({ path: relPath, text: "", disabled: true, error: message });
-      }
-    },
-  };
+    execute:
+      ({ cfg, agentId }) =>
+      async (_toolCallId, params) => {
+        const relPath = readStringParam(params, "path", { required: true });
+        const from = readNumberParam(params, "from", { integer: true });
+        const lines = readNumberParam(params, "lines", { integer: true });
+        const memory = await getMemoryManagerContext({ cfg, agentId });
+        if ("error" in memory) {
+          return jsonResult({ path: relPath, text: "", disabled: true, error: memory.error });
+        }
+        try {
+          const result = await memory.manager.readFile({
+            relPath,
+            from: from ?? undefined,
+            lines: lines ?? undefined,
+          });
+          return jsonResult(result);
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err);
+          return jsonResult({ path: relPath, text: "", disabled: true, error: message });
+        }
+      },
+  });
 }
 
 function resolveMemoryCitationsMode(cfg: OpenClawConfig): MemoryCitationsMode {
diff --git a/src/agents/tools/message-tool.ts b/src/agents/tools/message-tool.ts
index 96b2702f065..63963ab5f38 100644
--- a/src/agents/tools/message-tool.ts
+++ b/src/agents/tools/message-tool.ts
@@ -201,6 +201,11 @@ function buildSendSchema(options: {
     ),
     bestEffort: Type.Optional(Type.Boolean()),
     gifPlayback: Type.Optional(Type.Boolean()),
+    forceDocument: Type.Optional(
+      Type.Boolean({
+        description: "Send image/GIF as document to avoid Telegram compression (Telegram only).",
+      }),
+    ),
     buttons: Type.Optional(
       Type.Array(
         Type.Array(
diff --git a/src/agents/tools/pdf-tool.test.ts b/src/agents/tools/pdf-tool.test.ts
index 381fc53c4b9..a9c9539d61d 100644
--- a/src/agents/tools/pdf-tool.test.ts
+++ b/src/agents/tools/pdf-tool.test.ts
@@ -131,7 +131,7 @@ async function stubPdfToolInfra(
     modelFound?: boolean;
   },
 ) {
-  const webMedia = await import("../../web/media.js");
+  const webMedia = await import("../../../extensions/whatsapp/src/media.js");
   const loadSpy = vi.spyOn(webMedia, "loadWebMediaRaw").mockResolvedValue(FAKE_PDF_MEDIA as never);
 
   const modelDiscovery = await import("../pi-model-discovery.js");
diff --git a/src/agents/tools/pdf-tool.ts b/src/agents/tools/pdf-tool.ts
index c03dbe24f84..8f229dd7b10 100644
--- a/src/agents/tools/pdf-tool.ts
+++ b/src/agents/tools/pdf-tool.ts
@@ -1,9 +1,9 @@
 import { type Context, complete } from "@mariozechner/pi-ai";
 import { Type } from "@sinclair/typebox";
+import { loadWebMediaRaw } from "../../../extensions/whatsapp/src/media.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import { extractPdfContent, type PdfExtractedContent } from "../../media/pdf-extract.js";
 import { resolveUserPath } from "../../utils.js";
-import { loadWebMediaRaw } from "../../web/media.js";
 import {
   coerceImageModelConfig,
   type ImageModelConfig,
diff --git a/src/agents/tools/sessions-helpers.ts b/src/agents/tools/sessions-helpers.ts
index e638438758c..74393ef44ad 100644
--- a/src/agents/tools/sessions-helpers.ts
+++ b/src/agents/tools/sessions-helpers.ts
@@ -12,6 +12,7 @@ export {
   resolveSandboxedSessionToolContext,
   resolveSessionToolsVisibility,
 } from "./sessions-access.js";
+import { resolveSandboxedSessionToolContext } from "./sessions-access.js";
 export type { SessionReferenceResolution } from "./sessions-resolution.js";
 export {
   isRequesterSpawnedSessionVisible,
@@ -27,6 +28,7 @@ export {
   shouldResolveSessionIdInput,
   shouldVerifyRequesterSpawnedSessionVisibility,
 } from "./sessions-resolution.js";
+import { type OpenClawConfig, loadConfig } from "../../config/config.js";
 import { extractTextFromChatContent } from "../../shared/chat-content.js";
 import { sanitizeUserFacingText } from "../pi-embedded-helpers.js";
 import {
@@ -73,6 +75,22 @@ function normalizeKey(value?: string) {
   return trimmed ? trimmed : undefined;
 }
 
+export function resolveSessionToolContext(opts?: {
+  agentSessionKey?: string;
+  sandboxed?: boolean;
+  config?: OpenClawConfig;
+}) {
+  const cfg = opts?.config ?? loadConfig();
+  return {
+    cfg,
+    ...resolveSandboxedSessionToolContext({
+      cfg,
+      agentSessionKey: opts?.agentSessionKey,
+      sandboxed: opts?.sandboxed,
+    }),
+  };
+}
+
 export function classifySessionKind(params: {
   key: string;
   gatewayKind?: string | null;
diff --git a/src/agents/tools/sessions-send-helpers.ts b/src/agents/tools/sessions-send-helpers.ts
index 94dc3fe0c6a..d987932bb60 100644
--- a/src/agents/tools/sessions-send-helpers.ts
+++ b/src/agents/tools/sessions-send-helpers.ts
@@ -70,13 +70,13 @@ export function resolveAnnounceTargetFromKey(sessionKey: string): AnnounceTarget
   };
 }
 
-export function buildAgentToAgentMessageContext(params: {
+function buildAgentSessionLines(params: {
   requesterSessionKey?: string;
   requesterChannel?: string;
   targetSessionKey: string;
-}) {
-  const lines = [
-    "Agent-to-agent message context:",
+  targetChannel?: string;
+}): string[] {
+  return [
     params.requesterSessionKey
       ? `Agent 1 (requester) session: ${params.requesterSessionKey}.`
       : undefined,
@@ -84,7 +84,18 @@ export function buildAgentToAgentMessageContext(params: {
       ? `Agent 1 (requester) channel: ${params.requesterChannel}.`
       : undefined,
     `Agent 2 (target) session: ${params.targetSessionKey}.`,
-  ].filter(Boolean);
+    params.targetChannel ? `Agent 2 (target) channel: ${params.targetChannel}.` : undefined,
+  ].filter((line): line is string => Boolean(line));
+}
+
+export function buildAgentToAgentMessageContext(params: {
+  requesterSessionKey?: string;
+  requesterChannel?: string;
+  targetSessionKey: string;
+}) {
+  const lines = ["Agent-to-agent message context:", ...buildAgentSessionLines(params)].filter(
+    Boolean,
+  );
   return lines.join("\n");
 }
 
@@ -103,14 +114,7 @@ export function buildAgentToAgentReplyContext(params: {
     "Agent-to-agent reply step:",
     `Current agent: ${currentLabel}.`,
     `Turn ${params.turn} of ${params.maxTurns}.`,
-    params.requesterSessionKey
-      ? `Agent 1 (requester) session: ${params.requesterSessionKey}.`
-      : undefined,
-    params.requesterChannel
-      ? `Agent 1 (requester) channel: ${params.requesterChannel}.`
-      : undefined,
-    `Agent 2 (target) session: ${params.targetSessionKey}.`,
-    params.targetChannel ? `Agent 2 (target) channel: ${params.targetChannel}.` : undefined,
+    ...buildAgentSessionLines(params),
     `If you want to stop the ping-pong, reply exactly "${REPLY_SKIP_TOKEN}".`,
   ].filter(Boolean);
   return lines.join("\n");
@@ -127,14 +131,7 @@ export function buildAgentToAgentAnnounceContext(params: {
 }) {
   const lines = [
     "Agent-to-agent announce step:",
-    params.requesterSessionKey
-      ? `Agent 1 (requester) session: ${params.requesterSessionKey}.`
-      : undefined,
-    params.requesterChannel
-      ? `Agent 1 (requester) channel: ${params.requesterChannel}.`
-      : undefined,
-    `Agent 2 (target) session: ${params.targetSessionKey}.`,
-    params.targetChannel ? `Agent 2 (target) channel: ${params.targetChannel}.` : undefined,
+    ...buildAgentSessionLines(params),
     `Original request: ${params.originalMessage}`,
     params.roundOneReply
       ? `Round 1 reply: ${params.roundOneReply}`
diff --git a/src/agents/tools/sessions-send-tool.ts b/src/agents/tools/sessions-send-tool.ts
index d9ad6e6b907..b2873e5cd1f 100644
--- a/src/agents/tools/sessions-send-tool.ts
+++ b/src/agents/tools/sessions-send-tool.ts
@@ -1,6 +1,6 @@
 import crypto from "node:crypto";
 import { Type } from "@sinclair/typebox";
-import { type OpenClawConfig, loadConfig } from "../../config/config.js";
+import type { OpenClawConfig } from "../../config/config.js";
 import { callGateway } from "../../gateway/call.js";
 import { normalizeAgentId, resolveAgentIdFromSessionKey } from "../../routing/session-key.js";
 import { SESSION_LABEL_MAX_LENGTH } from "../../sessions/session-label.js";
@@ -17,7 +17,7 @@ import {
   extractAssistantText,
   resolveEffectiveSessionToolsVisibility,
   resolveSessionReference,
-  resolveSandboxedSessionToolContext,
+  resolveSessionToolContext,
   resolveVisibleSessionReference,
   stripToolMessages,
 } from "./sessions-helpers.js";
@@ -32,6 +32,36 @@ const SessionsSendToolSchema = Type.Object({
   timeoutSeconds: Type.Optional(Type.Number({ minimum: 0 })),
 });
 
+async function startAgentRun(params: {
+  runId: string;
+  sendParams: Record<string, unknown>;
+  sessionKey: string;
+}): Promise<{ ok: true; runId: string } | { ok: false; result: ReturnType<typeof jsonResult> }> {
+  try {
+    const response = await callGateway<{ runId: string }>({
+      method: "agent",
+      params: params.sendParams,
+      timeoutMs: 10_000,
+    });
+    return {
+      ok: true,
+      runId: typeof response?.runId === "string" && response.runId ? response.runId : params.runId,
+    };
+  } catch (err) {
+    const messageText =
+      err instanceof Error ? err.message : typeof err === "string" ? err : "error";
+    return {
+      ok: false,
+      result: jsonResult({
+        runId: params.runId,
+        status: "error",
+        error: messageText,
+        sessionKey: params.sessionKey,
+      }),
+    };
+  }
+}
+
 export function createSessionsSendTool(opts?: {
   agentSessionKey?: string;
   agentChannel?: GatewayMessageChannel;
@@ -47,13 +77,8 @@ export function createSessionsSendTool(opts?: {
     execute: async (_toolCallId, args) => {
       const params = args as Record<string, unknown>;
       const message = readStringParam(params, "message", { required: true });
-      const cfg = opts?.config ?? loadConfig();
-      const { mainKey, alias, effectiveRequesterKey, restrictToSpawned } =
-        resolveSandboxedSessionToolContext({
-          cfg,
-          agentSessionKey: opts?.agentSessionKey,
-          sandboxed: opts?.sandboxed,
-        });
+      const { cfg, mainKey, alias, effectiveRequesterKey, restrictToSpawned } =
+        resolveSessionToolContext(opts);
 
       const a2aPolicy = createAgentToAgentPolicy(cfg);
       const sessionVisibility = resolveEffectiveSessionToolsVisibility({
@@ -252,54 +277,34 @@ export function createSessionsSendTool(opts?: {
       };
 
       if (timeoutSeconds === 0) {
-        try {
-          const response = await callGateway<{ runId: string }>({
-            method: "agent",
-            params: sendParams,
-            timeoutMs: 10_000,
-          });
-          if (typeof response?.runId === "string" && response.runId) {
-            runId = response.runId;
-          }
-          startA2AFlow(undefined, runId);
-          return jsonResult({
-            runId,
-            status: "accepted",
-            sessionKey: displayKey,
-            delivery,
-          });
-        } catch (err) {
-          const messageText =
-            err instanceof Error ? err.message : typeof err === "string" ? err : "error";
-          return jsonResult({
-            runId,
-            status: "error",
-            error: messageText,
-            sessionKey: displayKey,
-          });
-        }
-      }
-
-      try {
-        const response = await callGateway<{ runId: string }>({
-          method: "agent",
-          params: sendParams,
-          timeoutMs: 10_000,
-        });
-        if (typeof response?.runId === "string" && response.runId) {
-          runId = response.runId;
-        }
-      } catch (err) {
-        const messageText =
-          err instanceof Error ? err.message : typeof err === "string" ? err : "error";
-        return jsonResult({
+        const start = await startAgentRun({
           runId,
-          status: "error",
-          error: messageText,
+          sendParams,
           sessionKey: displayKey,
         });
+        if (!start.ok) {
+          return start.result;
+        }
+        runId = start.runId;
+        startA2AFlow(undefined, runId);
+        return jsonResult({
+          runId,
+          status: "accepted",
+          sessionKey: displayKey,
+          delivery,
+        });
       }
 
+      const start = await startAgentRun({
+        runId,
+        sendParams,
+        sessionKey: displayKey,
+      });
+      if (!start.ok) {
+        return start.result;
+      }
+      runId = start.runId;
+
       let waitStatus: string | undefined;
       let waitError: string | undefined;
       try {
diff --git a/src/agents/tools/slack-actions.test.ts b/src/agents/tools/slack-actions.test.ts
index 8a57602f58e..bf28c2bed01 100644
--- a/src/agents/tools/slack-actions.test.ts
+++ b/src/agents/tools/slack-actions.test.ts
@@ -17,7 +17,7 @@ const removeSlackReaction = vi.fn(async (..._args: unknown[]) => ({}));
 const sendSlackMessage = vi.fn(async (..._args: unknown[]) => ({}));
 const unpinSlackMessage = vi.fn(async (..._args: unknown[]) => ({}));
 
-vi.mock("../../slack/actions.js", () => ({
+vi.mock("../../../extensions/slack/src/actions.js", () => ({
   deleteSlackMessage: (...args: Parameters<typeof deleteSlackMessage>) =>
     deleteSlackMessage(...args),
   downloadSlackFile: (...args: Parameters<typeof downloadSlackFile>) => downloadSlackFile(...args),
diff --git a/src/agents/tools/slack-actions.ts b/src/agents/tools/slack-actions.ts
index 1cb233f06a7..5ed58d5960f 100644
--- a/src/agents/tools/slack-actions.ts
+++ b/src/agents/tools/slack-actions.ts
@@ -1,6 +1,5 @@
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
-import type { OpenClawConfig } from "../../config/config.js";
-import { resolveSlackAccount } from "../../slack/accounts.js";
+import { resolveSlackAccount } from "../../../extensions/slack/src/accounts.js";
 import {
   deleteSlackMessage,
   downloadSlackFile,
@@ -16,10 +15,11 @@ import {
   removeSlackReaction,
   sendSlackMessage,
   unpinSlackMessage,
-} from "../../slack/actions.js";
-import { parseSlackBlocksInput } from "../../slack/blocks-input.js";
-import { recordSlackThreadParticipation } from "../../slack/sent-thread-cache.js";
-import { parseSlackTarget, resolveSlackChannelId } from "../../slack/targets.js";
+} from "../../../extensions/slack/src/actions.js";
+import { parseSlackBlocksInput } from "../../../extensions/slack/src/blocks-input.js";
+import { recordSlackThreadParticipation } from "../../../extensions/slack/src/sent-thread-cache.js";
+import { parseSlackTarget, resolveSlackChannelId } from "../../../extensions/slack/src/targets.js";
+import type { OpenClawConfig } from "../../config/config.js";
 import { withNormalizedTimestamp } from "../date-time.js";
 import {
   createActionGate,
diff --git a/src/agents/tools/telegram-actions.test.ts b/src/agents/tools/telegram-actions.test.ts
index e15b4bd2e17..5963a64b667 100644
--- a/src/agents/tools/telegram-actions.test.ts
+++ b/src/agents/tools/telegram-actions.test.ts
@@ -30,7 +30,7 @@ const createForumTopicTelegram = vi.fn(async () => ({
 }));
 let envSnapshot: ReturnType<typeof captureEnv>;
 
-vi.mock("../../telegram/send.js", () => ({
+vi.mock("../../../extensions/telegram/src/send.js", () => ({
   reactMessageTelegram: (...args: Parameters<typeof reactMessageTelegram>) =>
     reactMessageTelegram(...args),
   sendMessageTelegram: (...args: Parameters<typeof sendMessageTelegram>) =>
diff --git a/src/agents/tools/telegram-actions.ts b/src/agents/tools/telegram-actions.ts
index 143d154e633..6c8d4f84204 100644
--- a/src/agents/tools/telegram-actions.ts
+++ b/src/agents/tools/telegram-actions.ts
@@ -1,17 +1,17 @@
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
-import type { OpenClawConfig } from "../../config/config.js";
-import { readBooleanParam } from "../../plugin-sdk/boolean-param.js";
-import { resolvePollMaxSelections } from "../../polls.js";
 import {
   createTelegramActionGate,
   resolveTelegramPollActionGateState,
-} from "../../telegram/accounts.js";
-import type { TelegramButtonStyle, TelegramInlineButtons } from "../../telegram/button-types.js";
+} from "../../../extensions/telegram/src/accounts.js";
+import type {
+  TelegramButtonStyle,
+  TelegramInlineButtons,
+} from "../../../extensions/telegram/src/button-types.js";
 import {
   resolveTelegramInlineButtonsScope,
   resolveTelegramTargetChatType,
-} from "../../telegram/inline-buttons.js";
-import { resolveTelegramReactionLevel } from "../../telegram/reaction-level.js";
+} from "../../../extensions/telegram/src/inline-buttons.js";
+import { resolveTelegramReactionLevel } from "../../../extensions/telegram/src/reaction-level.js";
 import {
   createForumTopicTelegram,
   deleteMessageTelegram,
@@ -20,9 +20,12 @@ import {
   sendMessageTelegram,
   sendPollTelegram,
   sendStickerTelegram,
-} from "../../telegram/send.js";
-import { getCacheStats, searchStickers } from "../../telegram/sticker-cache.js";
-import { resolveTelegramToken } from "../../telegram/token.js";
+} from "../../../extensions/telegram/src/send.js";
+import { getCacheStats, searchStickers } from "../../../extensions/telegram/src/sticker-cache.js";
+import { resolveTelegramToken } from "../../../extensions/telegram/src/token.js";
+import type { OpenClawConfig } from "../../config/config.js";
+import { readBooleanParam } from "../../plugin-sdk/boolean-param.js";
+import { resolvePollMaxSelections } from "../../polls.js";
 import {
   jsonResult,
   readNumberParam,
@@ -249,6 +252,7 @@ export async function handleTelegramAction(
       quoteText: quoteText ?? undefined,
       asVoice: readBooleanParam(params, "asVoice"),
       silent: readBooleanParam(params, "silent"),
+      forceDocument: readBooleanParam(params, "forceDocument") ?? false,
     });
     return jsonResult({
       ok: true,
diff --git a/src/agents/tools/web-fetch.cf-markdown.test.ts b/src/agents/tools/web-fetch.cf-markdown.test.ts
index f22dc10df52..4dd22714574 100644
--- a/src/agents/tools/web-fetch.cf-markdown.test.ts
+++ b/src/agents/tools/web-fetch.cf-markdown.test.ts
@@ -4,6 +4,7 @@ import { withFetchPreconnect } from "../../test-utils/fetch-mock.js";
 import {
   createBaseWebFetchToolConfig,
   installWebFetchSsrfHarness,
+  makeFetchHeaders,
 } from "./web-fetch.test-harness.js";
 import "./web-fetch.test-mocks.js";
 import { createWebFetchTool } from "./web-tools.js";
@@ -11,17 +12,14 @@ import { createWebFetchTool } from "./web-tools.js";
 const baseToolConfig = createBaseWebFetchToolConfig();
 installWebFetchSsrfHarness();
 
-function makeHeaders(map: Record<string, string>): { get: (key: string) => string | null } {
-  return {
-    get: (key) => map[key.toLowerCase()] ?? null,
-  };
-}
-
 function markdownResponse(body: string, extraHeaders: Record<string, string> = {}): Response {
   return {
     ok: true,
     status: 200,
-    headers: makeHeaders({ "content-type": "text/markdown; charset=utf-8", ...extraHeaders }),
+    headers: makeFetchHeaders({
+      "content-type": "text/markdown; charset=utf-8",
+      ...extraHeaders,
+    }),
     text: async () => body,
   } as Response;
 }
@@ -30,7 +28,7 @@ function htmlResponse(body: string): Response {
   return {
     ok: true,
     status: 200,
-    headers: makeHeaders({ "content-type": "text/html; charset=utf-8" }),
+    headers: makeFetchHeaders({ "content-type": "text/html; charset=utf-8" }),
     text: async () => body,
   } as Response;
 }
diff --git a/src/agents/tools/web-fetch.ssrf.test.ts b/src/agents/tools/web-fetch.ssrf.test.ts
index eb868068ece..c0489c9b5ba 100644
--- a/src/agents/tools/web-fetch.ssrf.test.ts
+++ b/src/agents/tools/web-fetch.ssrf.test.ts
@@ -1,21 +1,16 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import * as ssrf from "../../infra/net/ssrf.js";
 import { type FetchMock, withFetchPreconnect } from "../../test-utils/fetch-mock.js";
+import { makeFetchHeaders } from "./web-fetch.test-harness.js";
 
 const lookupMock = vi.fn();
 const resolvePinnedHostname = ssrf.resolvePinnedHostname;
 
-function makeHeaders(map: Record<string, string>): { get: (key: string) => string | null } {
-  return {
-    get: (key) => map[key.toLowerCase()] ?? null,
-  };
-}
-
 function redirectResponse(location: string): Response {
   return {
     ok: false,
     status: 302,
-    headers: makeHeaders({ location }),
+    headers: makeFetchHeaders({ location }),
     body: { cancel: vi.fn() },
   } as unknown as Response;
 }
@@ -24,7 +19,7 @@ function textResponse(body: string): Response {
   return {
     ok: true,
     status: 200,
-    headers: makeHeaders({ "content-type": "text/plain" }),
+    headers: makeFetchHeaders({ "content-type": "text/plain" }),
     text: async () => body,
   } as unknown as Response;
 }
diff --git a/src/agents/tools/web-fetch.test-harness.ts b/src/agents/tools/web-fetch.test-harness.ts
index c86a028e155..1bd8e33e89b 100644
--- a/src/agents/tools/web-fetch.test-harness.ts
+++ b/src/agents/tools/web-fetch.test-harness.ts
@@ -1,6 +1,14 @@
 import { afterEach, beforeEach, vi } from "vitest";
 import * as ssrf from "../../infra/net/ssrf.js";
 
+export function makeFetchHeaders(map: Record<string, string>): {
+  get: (key: string) => string | null;
+} {
+  return {
+    get: (key) => map[key.toLowerCase()] ?? null,
+  };
+}
+
 export function installWebFetchSsrfHarness() {
   const lookupMock = vi.fn();
   const resolvePinnedHostname = ssrf.resolvePinnedHostname;
diff --git a/src/agents/tools/web-tools.fetch.test.ts b/src/agents/tools/web-tools.fetch.test.ts
index 9da57a35b45..e9bfabbee7a 100644
--- a/src/agents/tools/web-tools.fetch.test.ts
+++ b/src/agents/tools/web-tools.fetch.test.ts
@@ -1,7 +1,9 @@
 import { EnvHttpProxyAgent } from "undici";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import * as ssrf from "../../infra/net/ssrf.js";
+import { resolveRequestUrl } from "../../plugin-sdk/request-url.js";
 import { withFetchPreconnect } from "../../test-utils/fetch-mock.js";
+import { makeFetchHeaders } from "./web-fetch.test-harness.js";
 import { createWebFetchTool } from "./web-tools.js";
 
 type MockResponse = {
@@ -13,18 +15,12 @@ type MockResponse = {
   json?: () => Promise<unknown>;
 };
 
-function makeHeaders(map: Record<string, string>): { get: (key: string) => string | null } {
-  return {
-    get: (key) => map[key.toLowerCase()] ?? null,
-  };
-}
-
 function htmlResponse(html: string, url = "https://example.com/"): MockResponse {
   return {
     ok: true,
     status: 200,
     url,
-    headers: makeHeaders({ "content-type": "text/html; charset=utf-8" }),
+    headers: makeFetchHeaders({ "content-type": "text/html; charset=utf-8" }),
     text: async () => html,
   };
 }
@@ -62,7 +58,7 @@ function textResponse(
     ok: true,
     status: 200,
     url,
-    headers: makeHeaders({ "content-type": contentType }),
+    headers: makeFetchHeaders({ "content-type": contentType }),
     text: async () => text,
   };
 }
@@ -77,23 +73,10 @@ function errorHtmlResponse(
     ok: false,
     status,
     url,
-    headers: contentType ? makeHeaders({ "content-type": contentType }) : makeHeaders({}),
+    headers: contentType ? makeFetchHeaders({ "content-type": contentType }) : makeFetchHeaders({}),
     text: async () => html,
   };
 }
-function requestUrl(input: RequestInfo | URL): string {
-  if (typeof input === "string") {
-    return input;
-  }
-  if (input instanceof URL) {
-    return input.toString();
-  }
-  if ("url" in input && typeof input.url === "string") {
-    return input.url;
-  }
-  return "";
-}
-
 function installMockFetch(
   impl: (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>,
 ) {
@@ -125,9 +108,9 @@ function installPlainTextFetch(text: string) {
     Promise.resolve({
       ok: true,
       status: 200,
-      headers: makeHeaders({ "content-type": "text/plain" }),
+      headers: makeFetchHeaders({ "content-type": "text/plain" }),
       text: async () => text,
-      url: requestUrl(input),
+      url: resolveRequestUrl(input),
     } as Response),
   );
 }
@@ -215,9 +198,9 @@ describe("web_fetch extraction fallbacks", () => {
       Promise.resolve({
         ok: true,
         status: 200,
-        headers: makeHeaders({ "content-type": "text/plain" }),
+        headers: makeFetchHeaders({ "content-type": "text/plain" }),
         text: async () => longText,
-        url: requestUrl(input),
+        url: resolveRequestUrl(input),
       } as Response),
     );
 
@@ -277,9 +260,9 @@ describe("web_fetch extraction fallbacks", () => {
       Promise.resolve({
         ok: true,
         status: 200,
-        headers: makeHeaders({ "content-type": "text/plain" }),
+        headers: makeFetchHeaders({ "content-type": "text/plain" }),
         text: async () => "proxy body",
-        url: requestUrl(input),
+        url: resolveRequestUrl(input),
       } as Response),
     );
     const tool = createFetchTool({ firecrawl: { enabled: false } });
@@ -298,7 +281,7 @@ describe("web_fetch extraction fallbacks", () => {
 
   it("falls back to firecrawl when readability returns no content", async () => {
     installMockFetch((input: RequestInfo | URL) => {
-      const url = requestUrl(input);
+      const url = resolveRequestUrl(input);
       if (url.includes("api.firecrawl.dev")) {
         return Promise.resolve(firecrawlResponse("firecrawl content")) as Promise<Response>;
       }
@@ -316,7 +299,7 @@ describe("web_fetch extraction fallbacks", () => {
 
   it("normalizes firecrawl Authorization header values", async () => {
     const fetchSpy = installMockFetch((input: RequestInfo | URL) => {
-      const url = requestUrl(input);
+      const url = resolveRequestUrl(input);
       if (url.includes("api.firecrawl.dev/v2/scrape")) {
         return Promise.resolve(firecrawlResponse("firecrawl normalized")) as Promise<Response>;
       }
@@ -333,7 +316,7 @@ describe("web_fetch extraction fallbacks", () => {
 
     expect(result?.details).toMatchObject({ extractor: "firecrawl" });
     const firecrawlCall = fetchSpy.mock.calls.find((call) =>
-      requestUrl(call[0]).includes("/v2/scrape"),
+      resolveRequestUrl(call[0]).includes("/v2/scrape"),
     );
     expect(firecrawlCall).toBeTruthy();
     const init = firecrawlCall?.[1];
@@ -345,7 +328,7 @@ describe("web_fetch extraction fallbacks", () => {
     installMockFetch(
       (input: RequestInfo | URL) =>
         Promise.resolve(
-          htmlResponse("<html><body>hi</body></html>", requestUrl(input)),
+          htmlResponse("<html><body>hi</body></html>", resolveRequestUrl(input)),
         ) as Promise<Response>,
     );
 
@@ -361,7 +344,7 @@ describe("web_fetch extraction fallbacks", () => {
 
   it("throws when readability is empty and firecrawl fails", async () => {
     installMockFetch((input: RequestInfo | URL) => {
-      const url = requestUrl(input);
+      const url = resolveRequestUrl(input);
       if (url.includes("api.firecrawl.dev")) {
         return Promise.resolve(firecrawlError()) as Promise<Response>;
       }
@@ -378,14 +361,14 @@ describe("web_fetch extraction fallbacks", () => {
 
   it("uses firecrawl when direct fetch fails", async () => {
     installMockFetch((input: RequestInfo | URL) => {
-      const url = requestUrl(input);
+      const url = resolveRequestUrl(input);
       if (url.includes("api.firecrawl.dev")) {
         return Promise.resolve(firecrawlResponse("firecrawl fallback", url)) as Promise<Response>;
       }
       return Promise.resolve({
         ok: false,
         status: 403,
-        headers: makeHeaders({ "content-type": "text/html" }),
+        headers: makeFetchHeaders({ "content-type": "text/html" }),
         text: async () => "blocked",
       } as Response);
     });
@@ -404,7 +387,7 @@ describe("web_fetch extraction fallbacks", () => {
     const large = "a".repeat(80_000);
     installMockFetch(
       (input: RequestInfo | URL) =>
-        Promise.resolve(textResponse(large, requestUrl(input))) as Promise<Response>,
+        Promise.resolve(textResponse(large, resolveRequestUrl(input))) as Promise<Response>,
     );
 
     const tool = createFetchTool({
@@ -432,7 +415,7 @@ describe("web_fetch extraction fallbacks", () => {
     installMockFetch(
       (input: RequestInfo | URL) =>
         Promise.resolve(
-          errorHtmlResponse(html, 404, requestUrl(input), "Text/HTML; charset=utf-8"),
+          errorHtmlResponse(html, 404, resolveRequestUrl(input), "Text/HTML; charset=utf-8"),
         ) as Promise<Response>,
     );
 
@@ -455,7 +438,9 @@ describe("web_fetch extraction fallbacks", () => {
       "<!DOCTYPE HTML><html><head><title>Oops</title></head><body><h1>Oops</h1></body></html>";
     installMockFetch(
       (input: RequestInfo | URL) =>
-        Promise.resolve(errorHtmlResponse(html, 500, requestUrl(input), null)) as Promise<Response>,
+        Promise.resolve(
+          errorHtmlResponse(html, 500, resolveRequestUrl(input), null),
+        ) as Promise<Response>,
     );
 
     const tool = createFetchTool({ firecrawl: { enabled: false } });
@@ -471,7 +456,7 @@ describe("web_fetch extraction fallbacks", () => {
 
   it("wraps firecrawl error details", async () => {
     installMockFetch((input: RequestInfo | URL) => {
-      const url = requestUrl(input);
+      const url = resolveRequestUrl(input);
       if (url.includes("api.firecrawl.dev")) {
         return Promise.resolve({
           ok: false,
diff --git a/src/agents/tools/whatsapp-actions.test.ts b/src/agents/tools/whatsapp-actions.test.ts
index bb0941dbb42..1fc195ffd1e 100644
--- a/src/agents/tools/whatsapp-actions.test.ts
+++ b/src/agents/tools/whatsapp-actions.test.ts
@@ -8,7 +8,7 @@ const { sendReactionWhatsApp, sendPollWhatsApp } = vi.hoisted(() => ({
   sendPollWhatsApp: vi.fn(async () => ({ messageId: "poll-1", toJid: "jid-1" })),
 }));
 
-vi.mock("../../web/outbound.js", () => ({
+vi.mock("../../../extensions/whatsapp/src/send.js", () => ({
   sendReactionWhatsApp,
   sendPollWhatsApp,
 }));
diff --git a/src/agents/tools/whatsapp-actions.ts b/src/agents/tools/whatsapp-actions.ts
index b2da3820797..92332d1b3c5 100644
--- a/src/agents/tools/whatsapp-actions.ts
+++ b/src/agents/tools/whatsapp-actions.ts
@@ -1,6 +1,6 @@
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
+import { sendReactionWhatsApp } from "../../../extensions/whatsapp/src/send.js";
 import type { OpenClawConfig } from "../../config/config.js";
-import { sendReactionWhatsApp } from "../../web/outbound.js";
 import { createActionGate, jsonResult, readReactionParams, readStringParam } from "./common.js";
 import { resolveAuthorizedWhatsAppOutboundTarget } from "./whatsapp-target-auth.js";
 
diff --git a/src/agents/tools/whatsapp-target-auth.ts b/src/agents/tools/whatsapp-target-auth.ts
index b6f4da57ccf..569a930d1a5 100644
--- a/src/agents/tools/whatsapp-target-auth.ts
+++ b/src/agents/tools/whatsapp-target-auth.ts
@@ -1,5 +1,5 @@
+import { resolveWhatsAppAccount } from "../../../extensions/whatsapp/src/accounts.js";
 import type { OpenClawConfig } from "../../config/config.js";
-import { resolveWhatsAppAccount } from "../../web/accounts.js";
 import { resolveWhatsAppOutboundTarget } from "../../whatsapp/resolve-outbound-target.js";
 import { ToolAuthorizationError } from "./common.js";
 
diff --git a/src/agents/venice-models.test.ts b/src/agents/venice-models.test.ts
index 5a93568f9b7..ed1769cf044 100644
--- a/src/agents/venice-models.test.ts
+++ b/src/agents/venice-models.test.ts
@@ -59,6 +59,55 @@ function makeModelsResponse(id: string): Response {
   );
 }
 
+type ModelSpecOverride = {
+  id: string;
+  availableContextTokens?: number;
+  maxCompletionTokens?: number;
+  capabilities?: {
+    supportsReasoning?: boolean;
+    supportsVision?: boolean;
+    supportsFunctionCalling?: boolean;
+  };
+  includeModelSpec?: boolean;
+};
+
+function makeModelRow(params: ModelSpecOverride) {
+  if (params.includeModelSpec === false) {
+    return { id: params.id };
+  }
+  return {
+    id: params.id,
+    model_spec: {
+      name: params.id,
+      privacy: "private",
+      ...(params.availableContextTokens === undefined
+        ? {}
+        : { availableContextTokens: params.availableContextTokens }),
+      ...(params.maxCompletionTokens === undefined
+        ? {}
+        : { maxCompletionTokens: params.maxCompletionTokens }),
+      ...(params.capabilities === undefined ? {} : { capabilities: params.capabilities }),
+    },
+  };
+}
+
+function stubVeniceModelsFetch(rows: ModelSpecOverride[]) {
+  const fetchMock = vi.fn(
+    async () =>
+      new Response(
+        JSON.stringify({
+          data: rows.map((row) => makeModelRow(row)),
+        }),
+        {
+          status: 200,
+          headers: { "Content-Type": "application/json" },
+        },
+      ),
+  );
+  vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch);
+  return fetchMock;
+}
+
 describe("venice-models", () => {
   afterEach(() => {
     vi.unstubAllGlobals();
@@ -96,34 +145,18 @@ describe("venice-models", () => {
   });
 
   it("uses API maxCompletionTokens for catalog models when present", async () => {
-    const fetchMock = vi.fn(
-      async () =>
-        new Response(
-          JSON.stringify({
-            data: [
-              {
-                id: "llama-3.3-70b",
-                model_spec: {
-                  name: "llama-3.3-70b",
-                  privacy: "private",
-                  availableContextTokens: 131072,
-                  maxCompletionTokens: 2048,
-                  capabilities: {
-                    supportsReasoning: false,
-                    supportsVision: false,
-                    supportsFunctionCalling: true,
-                  },
-                },
-              },
-            ],
-          }),
-          {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-          },
-        ),
-    );
-    vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch);
+    stubVeniceModelsFetch([
+      {
+        id: "llama-3.3-70b",
+        availableContextTokens: 131072,
+        maxCompletionTokens: 2048,
+        capabilities: {
+          supportsReasoning: false,
+          supportsVision: false,
+          supportsFunctionCalling: true,
+        },
+      },
+    ]);
 
     const models = await runWithDiscoveryEnabled(() => discoverVeniceModels());
     const llama = models.find((m) => m.id === "llama-3.3-70b");
@@ -131,33 +164,17 @@ describe("venice-models", () => {
   });
 
   it("retains catalog maxTokens when the API omits maxCompletionTokens", async () => {
-    const fetchMock = vi.fn(
-      async () =>
-        new Response(
-          JSON.stringify({
-            data: [
-              {
-                id: "qwen3-235b-a22b-instruct-2507",
-                model_spec: {
-                  name: "qwen3-235b-a22b-instruct-2507",
-                  privacy: "private",
-                  availableContextTokens: 131072,
-                  capabilities: {
-                    supportsReasoning: false,
-                    supportsVision: false,
-                    supportsFunctionCalling: true,
-                  },
-                },
-              },
-            ],
-          }),
-          {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-          },
-        ),
-    );
-    vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch);
+    stubVeniceModelsFetch([
+      {
+        id: "qwen3-235b-a22b-instruct-2507",
+        availableContextTokens: 131072,
+        capabilities: {
+          supportsReasoning: false,
+          supportsVision: false,
+          supportsFunctionCalling: true,
+        },
+      },
+    ]);
 
     const models = await runWithDiscoveryEnabled(() => discoverVeniceModels());
     const qwen = models.find((m) => m.id === "qwen3-235b-a22b-instruct-2507");
@@ -172,34 +189,18 @@ describe("venice-models", () => {
   });
 
   it("uses a conservative bounded maxTokens value for new models", async () => {
-    const fetchMock = vi.fn(
-      async () =>
-        new Response(
-          JSON.stringify({
-            data: [
-              {
-                id: "new-model-2026",
-                model_spec: {
-                  name: "new-model-2026",
-                  privacy: "private",
-                  availableContextTokens: 50_000,
-                  maxCompletionTokens: 200_000,
-                  capabilities: {
-                    supportsReasoning: false,
-                    supportsVision: false,
-                    supportsFunctionCalling: false,
-                  },
-                },
-              },
-            ],
-          }),
-          {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-          },
-        ),
-    );
-    vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch);
+    stubVeniceModelsFetch([
+      {
+        id: "new-model-2026",
+        availableContextTokens: 50_000,
+        maxCompletionTokens: 200_000,
+        capabilities: {
+          supportsReasoning: false,
+          supportsVision: false,
+          supportsFunctionCalling: false,
+        },
+      },
+    ]);
 
     const models = await runWithDiscoveryEnabled(() => discoverVeniceModels());
     const newModel = models.find((m) => m.id === "new-model-2026");
@@ -209,33 +210,17 @@ describe("venice-models", () => {
   });
 
   it("caps new-model maxTokens to the fallback context window when API context is missing", async () => {
-    const fetchMock = vi.fn(
-      async () =>
-        new Response(
-          JSON.stringify({
-            data: [
-              {
-                id: "new-model-without-context",
-                model_spec: {
-                  name: "new-model-without-context",
-                  privacy: "private",
-                  maxCompletionTokens: 200_000,
-                  capabilities: {
-                    supportsReasoning: false,
-                    supportsVision: false,
-                    supportsFunctionCalling: true,
-                  },
-                },
-              },
-            ],
-          }),
-          {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-          },
-        ),
-    );
-    vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch);
+    stubVeniceModelsFetch([
+      {
+        id: "new-model-without-context",
+        maxCompletionTokens: 200_000,
+        capabilities: {
+          supportsReasoning: false,
+          supportsVision: false,
+          supportsFunctionCalling: true,
+        },
+      },
+    ]);
 
     const models = await runWithDiscoveryEnabled(() => discoverVeniceModels());
     const newModel = models.find((m) => m.id === "new-model-without-context");
@@ -244,37 +229,17 @@ describe("venice-models", () => {
   });
 
   it("ignores missing capabilities on partial metadata instead of aborting discovery", async () => {
-    const fetchMock = vi.fn(
-      async () =>
-        new Response(
-          JSON.stringify({
-            data: [
-              {
-                id: "llama-3.3-70b",
-                model_spec: {
-                  name: "llama-3.3-70b",
-                  privacy: "private",
-                  availableContextTokens: 131072,
-                  maxCompletionTokens: 2048,
-                },
-              },
-              {
-                id: "new-model-partial",
-                model_spec: {
-                  name: "new-model-partial",
-                  privacy: "private",
-                  maxCompletionTokens: 2048,
-                },
-              },
-            ],
-          }),
-          {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-          },
-        ),
-    );
-    vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch);
+    stubVeniceModelsFetch([
+      {
+        id: "llama-3.3-70b",
+        availableContextTokens: 131072,
+        maxCompletionTokens: 2048,
+      },
+      {
+        id: "new-model-partial",
+        maxCompletionTokens: 2048,
+      },
+    ]);
 
     const models = await runWithDiscoveryEnabled(() => discoverVeniceModels());
     const knownModel = models.find((m) => m.id === "llama-3.3-70b");
@@ -287,37 +252,19 @@ describe("venice-models", () => {
   });
 
   it("keeps known models discoverable when a row omits model_spec", async () => {
-    const fetchMock = vi.fn(
-      async () =>
-        new Response(
-          JSON.stringify({
-            data: [
-              {
-                id: "llama-3.3-70b",
-              },
-              {
-                id: "new-model-valid",
-                model_spec: {
-                  name: "new-model-valid",
-                  privacy: "private",
-                  availableContextTokens: 32_000,
-                  maxCompletionTokens: 2_048,
-                  capabilities: {
-                    supportsReasoning: false,
-                    supportsVision: false,
-                    supportsFunctionCalling: true,
-                  },
-                },
-              },
-            ],
-          }),
-          {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-          },
-        ),
-    );
-    vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch);
+    stubVeniceModelsFetch([
+      { id: "llama-3.3-70b", includeModelSpec: false },
+      {
+        id: "new-model-valid",
+        availableContextTokens: 32_000,
+        maxCompletionTokens: 2_048,
+        capabilities: {
+          supportsReasoning: false,
+          supportsVision: false,
+          supportsFunctionCalling: true,
+        },
+      },
+    ]);
 
     const models = await runWithDiscoveryEnabled(() => discoverVeniceModels());
     const knownModel = models.find((m) => m.id === "llama-3.3-70b");
diff --git a/src/auto-reply/commands-registry.data.ts b/src/auto-reply/commands-registry.data.ts
index c499f03c526..80f8d4bd73f 100644
--- a/src/auto-reply/commands-registry.data.ts
+++ b/src/auto-reply/commands-registry.data.ts
@@ -196,6 +196,14 @@ function buildChatCommands(): ChatCommandDefinition[] {
       acceptsArgs: true,
       category: "status",
     }),
+    defineChatCommand({
+      key: "btw",
+      nativeName: "btw",
+      description: "Ask a side question without changing future session context.",
+      textAlias: "/btw",
+      acceptsArgs: true,
+      category: "tools",
+    }),
     defineChatCommand({
       key: "export-session",
       nativeName: "export-session",
diff --git a/src/auto-reply/reply.heartbeat-typing.test.ts b/src/auto-reply/reply.heartbeat-typing.test.ts
index f677885a701..3bfc5f635b3 100644
--- a/src/auto-reply/reply.heartbeat-typing.test.ts
+++ b/src/auto-reply/reply.heartbeat-typing.test.ts
@@ -14,7 +14,7 @@ const webMocks = vi.hoisted(() => ({
   readWebSelfId: vi.fn().mockReturnValue({ e164: "+1999" }),
 }));
 
-vi.mock("../web/session.js", () => webMocks);
+vi.mock("../../extensions/whatsapp/src/session.js", () => webMocks);
 
 import { getReplyFromConfig } from "./reply.js";
 
diff --git a/src/auto-reply/reply.raw-body.test.ts b/src/auto-reply/reply.raw-body.test.ts
index 306d62eb88a..aeb9adc8378 100644
--- a/src/auto-reply/reply.raw-body.test.ts
+++ b/src/auto-reply/reply.raw-body.test.ts
@@ -14,7 +14,7 @@ vi.mock("../agents/model-catalog.js", () => ({
   loadModelCatalog: agentMocks.loadModelCatalog,
 }));
 
-vi.mock("../web/session.js", () => ({
+vi.mock("../../extensions/whatsapp/src/session.js", () => ({
   webAuthExists: agentMocks.webAuthExists,
   getWebAuthAgeMs: agentMocks.getWebAuthAgeMs,
   readWebSelfId: agentMocks.readWebSelfId,
diff --git a/src/auto-reply/reply.stage-sandbox-media.scp-remote-path.test.ts b/src/auto-reply/reply.stage-sandbox-media.scp-remote-path.test.ts
new file mode 100644
index 00000000000..d5d628421d9
--- /dev/null
+++ b/src/auto-reply/reply.stage-sandbox-media.scp-remote-path.test.ts
@@ -0,0 +1,75 @@
+import fs from "node:fs/promises";
+import { basename, join } from "node:path";
+import { afterEach, describe, expect, it, vi } from "vitest";
+import {
+  createSandboxMediaContexts,
+  createSandboxMediaStageConfig,
+  withSandboxMediaTempHome,
+} from "./stage-sandbox-media.test-harness.js";
+
+const sandboxMocks = vi.hoisted(() => ({
+  ensureSandboxWorkspaceForSession: vi.fn(),
+}));
+const childProcessMocks = vi.hoisted(() => ({
+  spawn: vi.fn(),
+}));
+
+vi.mock("../agents/sandbox.js", () => sandboxMocks);
+vi.mock("node:child_process", () => childProcessMocks);
+
+import { stageSandboxMedia } from "./reply/stage-sandbox-media.js";
+
+afterEach(() => {
+  vi.restoreAllMocks();
+  childProcessMocks.spawn.mockClear();
+});
+
+function createRemoteStageParams(home: string): {
+  cfg: ReturnType<typeof createSandboxMediaStageConfig>;
+  workspaceDir: string;
+  sessionKey: string;
+  remoteCacheDir: string;
+} {
+  const sessionKey = "agent:main:main";
+  vi.mocked(sandboxMocks.ensureSandboxWorkspaceForSession).mockResolvedValue(null);
+  return {
+    cfg: createSandboxMediaStageConfig(home),
+    workspaceDir: join(home, "openclaw"),
+    sessionKey,
+    remoteCacheDir: join(home, ".openclaw", "media", "remote-cache", sessionKey),
+  };
+}
+
+function createRemoteContexts(remotePath: string) {
+  const { ctx, sessionCtx } = createSandboxMediaContexts(remotePath);
+  ctx.Provider = "imessage";
+  ctx.MediaRemoteHost = "user@gateway-host";
+  sessionCtx.Provider = "imessage";
+  sessionCtx.MediaRemoteHost = "user@gateway-host";
+  return { ctx, sessionCtx };
+}
+
+describe("stageSandboxMedia scp remote paths", () => {
+  it("rejects remote attachment filenames with shell metacharacters before spawning scp", async () => {
+    await withSandboxMediaTempHome("openclaw-triggers-", async (home) => {
+      const { cfg, workspaceDir, sessionKey, remoteCacheDir } = createRemoteStageParams(home);
+      const remotePath = "/Users/demo/Library/Messages/Attachments/ab/cd/evil$(touch pwned).jpg";
+      const { ctx, sessionCtx } = createRemoteContexts(remotePath);
+
+      await stageSandboxMedia({
+        ctx,
+        sessionCtx,
+        cfg,
+        sessionKey,
+        workspaceDir,
+      });
+
+      expect(childProcessMocks.spawn).not.toHaveBeenCalled();
+      await expect(fs.stat(join(remoteCacheDir, basename(remotePath)))).rejects.toThrow();
+      expect(ctx.MediaPath).toBe(remotePath);
+      expect(sessionCtx.MediaPath).toBe(remotePath);
+      expect(ctx.MediaUrl).toBe(remotePath);
+      expect(sessionCtx.MediaUrl).toBe(remotePath);
+    });
+  });
+});
diff --git a/src/auto-reply/reply.triggers.trigger-handling.test-harness.ts b/src/auto-reply/reply.triggers.trigger-handling.test-harness.ts
index db8dd5b1fae..9e0390bc887 100644
--- a/src/auto-reply/reply.triggers.trigger-handling.test-harness.ts
+++ b/src/auto-reply/reply.triggers.trigger-handling.test-harness.ts
@@ -101,7 +101,7 @@ export function getWebSessionMocks(): AnyMocks {
   return webSessionMocks;
 }
 
-vi.mock("../web/session.js", () => webSessionMocks);
+vi.mock("../../extensions/whatsapp/src/session.js", () => webSessionMocks);
 
 export const MAIN_SESSION_KEY = "agent:main:main";
 
diff --git a/src/auto-reply/reply/agent-runner-execution.ts b/src/auto-reply/reply/agent-runner-execution.ts
index ff3838a1936..27a31c2387a 100644
--- a/src/auto-reply/reply/agent-runner-execution.ts
+++ b/src/auto-reply/reply/agent-runner-execution.ts
@@ -40,8 +40,7 @@ import {
 } from "../tokens.js";
 import type { GetReplyOptions, ReplyPayload } from "../types.js";
 import {
-  buildEmbeddedRunBaseParams,
-  buildEmbeddedRunContexts,
+  buildEmbeddedRunExecutionParams,
   resolveModelFallbackOptions,
 } from "./agent-runner-utils.js";
 import { type BlockReplyPipeline } from "./block-reply-pipeline.js";
@@ -308,20 +307,17 @@ export async function runAgentTurnWithFallback(params: {
               }
             })();
           }
-          const { authProfile, embeddedContext, senderContext } = buildEmbeddedRunContexts({
-            run: params.followupRun.run,
-            sessionCtx: params.sessionCtx,
-            hasRepliedRef: params.opts?.hasRepliedRef,
-            provider,
-          });
-          const runBaseParams = buildEmbeddedRunBaseParams({
-            run: params.followupRun.run,
-            provider,
-            model,
-            runId,
-            authProfile,
-            allowTransientCooldownProbe: runOptions?.allowTransientCooldownProbe,
-          });
+          const { embeddedContext, senderContext, runBaseParams } = buildEmbeddedRunExecutionParams(
+            {
+              run: params.followupRun.run,
+              sessionCtx: params.sessionCtx,
+              hasRepliedRef: params.opts?.hasRepliedRef,
+              provider,
+              runId,
+              allowTransientCooldownProbe: runOptions?.allowTransientCooldownProbe,
+              model,
+            },
+          );
           return (async () => {
             const result = await runEmbeddedPiAgent({
               ...embeddedContext,
diff --git a/src/auto-reply/reply/agent-runner-memory.ts b/src/auto-reply/reply/agent-runner-memory.ts
index 623bb9c1490..d52c6d05761 100644
--- a/src/auto-reply/reply/agent-runner-memory.ts
+++ b/src/auto-reply/reply/agent-runner-memory.ts
@@ -27,8 +27,7 @@ import type { TemplateContext } from "../templating.js";
 import type { VerboseLevel } from "../thinking.js";
 import type { GetReplyOptions } from "../types.js";
 import {
-  buildEmbeddedRunBaseParams,
-  buildEmbeddedRunContexts,
+  buildEmbeddedRunExecutionParams,
   resolveModelFallbackOptions,
 } from "./agent-runner-utils.js";
 import {
@@ -482,18 +481,13 @@ export async function runMemoryFlushIfNeeded(params: {
       ...resolveModelFallbackOptions(params.followupRun.run),
       runId: flushRunId,
       run: async (provider, model, runOptions) => {
-        const { authProfile, embeddedContext, senderContext } = buildEmbeddedRunContexts({
+        const { embeddedContext, senderContext, runBaseParams } = buildEmbeddedRunExecutionParams({
           run: params.followupRun.run,
           sessionCtx: params.sessionCtx,
           hasRepliedRef: params.opts?.hasRepliedRef,
           provider,
-        });
-        const runBaseParams = buildEmbeddedRunBaseParams({
-          run: params.followupRun.run,
-          provider,
           model,
           runId: flushRunId,
-          authProfile,
           allowTransientCooldownProbe: runOptions?.allowTransientCooldownProbe,
         });
         const result = await runEmbeddedPiAgent({
diff --git a/src/auto-reply/reply/agent-runner-payloads.test.ts b/src/auto-reply/reply/agent-runner-payloads.test.ts
index 26f23d7a42c..db237848e3c 100644
--- a/src/auto-reply/reply/agent-runner-payloads.test.ts
+++ b/src/auto-reply/reply/agent-runner-payloads.test.ts
@@ -9,6 +9,20 @@ const baseParams = {
   replyToMode: "off" as const,
 };
 
+async function expectSameTargetRepliesSuppressed(params: { provider: string; to: string }) {
+  const { replyPayloads } = await buildReplyPayloads({
+    ...baseParams,
+    payloads: [{ text: "hello world!" }],
+    messageProvider: "heartbeat",
+    originatingChannel: "feishu",
+    originatingTo: "ou_abc123",
+    messagingToolSentTexts: ["different message"],
+    messagingToolSentTargets: [{ tool: "message", provider: params.provider, to: params.to }],
+  });
+
+  expect(replyPayloads).toHaveLength(0);
+}
+
 describe("buildReplyPayloads media filter integration", () => {
   it("strips media URL from payload when in messagingToolSentMediaUrls", async () => {
     const { replyPayloads } = await buildReplyPayloads({
@@ -142,31 +156,11 @@ describe("buildReplyPayloads media filter integration", () => {
   });
 
   it("suppresses same-target replies when message tool target provider is generic", async () => {
-    const { replyPayloads } = await buildReplyPayloads({
-      ...baseParams,
-      payloads: [{ text: "hello world!" }],
-      messageProvider: "heartbeat",
-      originatingChannel: "feishu",
-      originatingTo: "ou_abc123",
-      messagingToolSentTexts: ["different message"],
-      messagingToolSentTargets: [{ tool: "message", provider: "message", to: "ou_abc123" }],
-    });
-
-    expect(replyPayloads).toHaveLength(0);
+    await expectSameTargetRepliesSuppressed({ provider: "message", to: "ou_abc123" });
   });
 
   it("suppresses same-target replies when target provider is channel alias", async () => {
-    const { replyPayloads } = await buildReplyPayloads({
-      ...baseParams,
-      payloads: [{ text: "hello world!" }],
-      messageProvider: "heartbeat",
-      originatingChannel: "feishu",
-      originatingTo: "ou_abc123",
-      messagingToolSentTexts: ["different message"],
-      messagingToolSentTargets: [{ tool: "message", provider: "lark", to: "ou_abc123" }],
-    });
-
-    expect(replyPayloads).toHaveLength(0);
+    await expectSameTargetRepliesSuppressed({ provider: "lark", to: "ou_abc123" });
   });
 
   it("drops all final payloads when block pipeline streamed successfully", async () => {
diff --git a/src/auto-reply/reply/agent-runner-utils.ts b/src/auto-reply/reply/agent-runner-utils.ts
index 99b2b6392f6..c6e71a9bab0 100644
--- a/src/auto-reply/reply/agent-runner-utils.ts
+++ b/src/auto-reply/reply/agent-runner-utils.ts
@@ -263,6 +263,31 @@ export function buildEmbeddedRunContexts(params: {
   };
 }
 
+export function buildEmbeddedRunExecutionParams(params: {
+  run: FollowupRun["run"];
+  sessionCtx: TemplateContext;
+  hasRepliedRef: { value: boolean } | undefined;
+  provider: string;
+  model: string;
+  runId: string;
+  allowTransientCooldownProbe?: boolean;
+}) {
+  const { authProfile, embeddedContext, senderContext } = buildEmbeddedRunContexts(params);
+  const runBaseParams = buildEmbeddedRunBaseParams({
+    run: params.run,
+    provider: params.provider,
+    model: params.model,
+    runId: params.runId,
+    authProfile,
+    allowTransientCooldownProbe: params.allowTransientCooldownProbe,
+  });
+  return {
+    embeddedContext,
+    senderContext,
+    runBaseParams,
+  };
+}
+
 export function resolveProviderScopedAuthProfile(params: {
   provider: string;
   primaryProvider: string;
diff --git a/src/auto-reply/reply/agent-runner.media-paths.test.ts b/src/auto-reply/reply/agent-runner.media-paths.test.ts
index f5658287aff..a759c539bdc 100644
--- a/src/auto-reply/reply/agent-runner.media-paths.test.ts
+++ b/src/auto-reply/reply/agent-runner.media-paths.test.ts
@@ -2,7 +2,7 @@ import path from "node:path";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import type { TemplateContext } from "../templating.js";
 import type { FollowupRun, QueueSettings } from "./queue.js";
-import { createMockTypingController } from "./test-helpers.js";
+import { createMockFollowupRun, createMockTypingController } from "./test-helpers.js";
 
 const runEmbeddedPiAgentMock = vi.fn();
 const runWithModelFallbackMock = vi.fn();
@@ -72,32 +72,15 @@ describe("runReplyAgent media path normalization", () => {
 
     const result = await runReplyAgent({
       commandBody: "generate",
-      followupRun: {
+      followupRun: createMockFollowupRun({
         prompt: "generate",
-        enqueuedAt: Date.now(),
         run: {
           agentId: "main",
           agentDir: "/tmp/agent",
-          sessionId: "session",
-          sessionKey: "main",
           messageProvider: "telegram",
-          sessionFile: "/tmp/session.jsonl",
           workspaceDir: "/tmp/workspace",
-          config: {},
-          provider: "anthropic",
-          model: "claude",
-          thinkLevel: "low",
-          verboseLevel: "off",
-          elevatedLevel: "off",
-          bashElevated: {
-            enabled: false,
-            allowed: false,
-            defaultLevel: "off",
-          },
-          timeoutMs: 1_000,
-          blockReplyBreak: "message_end",
         },
-      } as unknown as FollowupRun,
+      }) as unknown as FollowupRun,
       queueKey: "main",
       resolvedQueue: { mode: "interrupt" } as QueueSettings,
       shouldSteer: false,
diff --git a/src/auto-reply/reply/block-streaming.ts b/src/auto-reply/reply/block-streaming.ts
index 6d306b166c1..b24ee8cac1a 100644
--- a/src/auto-reply/reply/block-streaming.ts
+++ b/src/auto-reply/reply/block-streaming.ts
@@ -26,6 +26,22 @@ function normalizeChunkProvider(provider?: string): TextChunkProvider | undefine
     : undefined;
 }
 
+function resolveProviderChunkContext(
+  cfg: OpenClawConfig | undefined,
+  provider?: string,
+  accountId?: string | null,
+) {
+  const providerKey = normalizeChunkProvider(provider);
+  const providerId = providerKey ? normalizeChannelId(providerKey) : null;
+  const providerChunkLimit = providerId
+    ? getChannelDock(providerId)?.outbound?.textChunkLimit
+    : undefined;
+  const textLimit = resolveTextChunkLimit(cfg, providerKey, accountId, {
+    fallbackLimit: providerChunkLimit,
+  });
+  return { providerKey, providerId, textLimit };
+}
+
 type ProviderBlockStreamingConfig = {
   blockStreamingCoalesce?: BlockStreamingCoalesceConfig;
   accounts?: Record<string, { blockStreamingCoalesce?: BlockStreamingCoalesceConfig }>;
@@ -97,14 +113,7 @@ export function resolveEffectiveBlockStreamingConfig(params: {
   chunking: BlockStreamingChunking;
   coalescing: BlockStreamingCoalescing;
 } {
-  const providerKey = normalizeChunkProvider(params.provider);
-  const providerId = providerKey ? normalizeChannelId(providerKey) : null;
-  const providerChunkLimit = providerId
-    ? getChannelDock(providerId)?.outbound?.textChunkLimit
-    : undefined;
-  const textLimit = resolveTextChunkLimit(params.cfg, providerKey, params.accountId, {
-    fallbackLimit: providerChunkLimit,
-  });
+  const { textLimit } = resolveProviderChunkContext(params.cfg, params.provider, params.accountId);
   const chunkingDefaults =
     params.chunking ?? resolveBlockStreamingChunking(params.cfg, params.provider, params.accountId);
   const chunkingMax = clampPositiveInteger(params.maxChunkChars, chunkingDefaults.maxChars, {
@@ -154,21 +163,13 @@ export function resolveBlockStreamingChunking(
   provider?: string,
   accountId?: string | null,
 ): BlockStreamingChunking {
-  const providerKey = normalizeChunkProvider(provider);
-  const providerConfigKey = providerKey;
-  const providerId = providerKey ? normalizeChannelId(providerKey) : null;
-  const providerChunkLimit = providerId
-    ? getChannelDock(providerId)?.outbound?.textChunkLimit
-    : undefined;
-  const textLimit = resolveTextChunkLimit(cfg, providerConfigKey, accountId, {
-    fallbackLimit: providerChunkLimit,
-  });
+  const { providerKey, textLimit } = resolveProviderChunkContext(cfg, provider, accountId);
   const chunkCfg = cfg?.agents?.defaults?.blockStreamingChunk;
 
   // When chunkMode="newline", the outbound delivery splits on paragraph boundaries.
   // The block chunker should flush eagerly on \n\n boundaries during streaming,
   // regardless of minChars, so each paragraph is sent as its own message.
-  const chunkMode = resolveChunkMode(cfg, providerConfigKey, accountId);
+  const chunkMode = resolveChunkMode(cfg, providerKey, accountId);
 
   const maxRequested = Math.max(1, Math.floor(chunkCfg?.maxChars ?? DEFAULT_BLOCK_STREAM_MAX));
   const maxChars = Math.max(1, Math.min(maxRequested, textLimit));
@@ -198,20 +199,15 @@ export function resolveBlockStreamingCoalescing(
   },
   opts?: { chunkMode?: "length" | "newline" },
 ): BlockStreamingCoalescing | undefined {
-  const providerKey = normalizeChunkProvider(provider);
-  const providerConfigKey = providerKey;
+  const { providerKey, providerId, textLimit } = resolveProviderChunkContext(
+    cfg,
+    provider,
+    accountId,
+  );
 
   // Resolve the outbound chunkMode so the coalescer can flush on paragraph boundaries
   // when chunkMode="newline", matching the delivery-time splitting behavior.
-  const chunkMode = opts?.chunkMode ?? resolveChunkMode(cfg, providerConfigKey, accountId);
-
-  const providerId = providerKey ? normalizeChannelId(providerKey) : null;
-  const providerChunkLimit = providerId
-    ? getChannelDock(providerId)?.outbound?.textChunkLimit
-    : undefined;
-  const textLimit = resolveTextChunkLimit(cfg, providerConfigKey, accountId, {
-    fallbackLimit: providerChunkLimit,
-  });
+  const chunkMode = opts?.chunkMode ?? resolveChunkMode(cfg, providerKey, accountId);
   const providerDefaults = providerId
     ? getChannelDock(providerId)?.streaming?.blockStreamingCoalesceDefaults
     : undefined;
diff --git a/src/auto-reply/reply/btw-command.ts b/src/auto-reply/reply/btw-command.ts
new file mode 100644
index 00000000000..6f1a5be76de
--- /dev/null
+++ b/src/auto-reply/reply/btw-command.ts
@@ -0,0 +1,26 @@
+import { normalizeCommandBody, type CommandNormalizeOptions } from "../commands-registry.js";
+
+const BTW_COMMAND_RE = /^\/btw(?::|\s|$)/i;
+
+export function isBtwRequestText(text?: string, options?: CommandNormalizeOptions): boolean {
+  if (!text) {
+    return false;
+  }
+  const normalized = normalizeCommandBody(text, options).trim();
+  return BTW_COMMAND_RE.test(normalized);
+}
+
+export function extractBtwQuestion(
+  text?: string,
+  options?: CommandNormalizeOptions,
+): string | null {
+  if (!text) {
+    return null;
+  }
+  const normalized = normalizeCommandBody(text, options).trim();
+  const match = normalized.match(/^\/btw(?:\s+(.*))?$/i);
+  if (!match) {
+    return null;
+  }
+  return match[1]?.trim() ?? "";
+}
diff --git a/src/auto-reply/reply/commands-acp.test.ts b/src/auto-reply/reply/commands-acp.test.ts
index 7447419fd1e..904ae965fa7 100644
--- a/src/auto-reply/reply/commands-acp.test.ts
+++ b/src/auto-reply/reply/commands-acp.test.ts
@@ -105,7 +105,7 @@ vi.mock("../../infra/outbound/session-binding-service.js", async (importOriginal
 });
 
 // Prevent transitive import chain from reaching discord/monitor which needs https-proxy-agent.
-vi.mock("../../discord/monitor/gateway-plugin.js", () => ({
+vi.mock("../../../extensions/discord/src/monitor/gateway-plugin.js", () => ({
   createDiscordGatewayPlugin: () => ({}),
 }));
 
diff --git a/src/auto-reply/reply/commands-acp/context.ts b/src/auto-reply/reply/commands-acp/context.ts
index fd90175f38a..84acb828015 100644
--- a/src/auto-reply/reply/commands-acp/context.ts
+++ b/src/auto-reply/reply/commands-acp/context.ts
@@ -5,8 +5,8 @@ import {
 } from "../../../acp/conversation-id.js";
 import { DISCORD_THREAD_BINDING_CHANNEL } from "../../../channels/thread-bindings-policy.js";
 import { resolveConversationIdFromTargets } from "../../../infra/outbound/conversation-id.js";
-import { parseAgentSessionKey } from "../../../routing/session-key.js";
 import type { HandleCommandsParams } from "../commands-types.js";
+import { parseDiscordParentChannelFromSessionKey } from "../discord-parent-channel.js";
 import { resolveTelegramConversationId } from "../telegram-context.js";
 
 export function resolveAcpCommandChannel(params: HandleCommandsParams): string {
@@ -64,19 +64,6 @@ export function resolveAcpCommandConversationId(params: HandleCommandsParams): s
   });
 }
 
-function parseDiscordParentChannelFromSessionKey(raw: unknown): string | undefined {
-  const sessionKey = normalizeConversationText(raw);
-  if (!sessionKey) {
-    return undefined;
-  }
-  const scoped = parseAgentSessionKey(sessionKey)?.rest ?? sessionKey.toLowerCase();
-  const match = scoped.match(/(?:^|:)channel:([^:]+)$/);
-  if (!match?.[1]) {
-    return undefined;
-  }
-  return match[1];
-}
-
 function parseDiscordParentChannelFromContext(raw: unknown): string | undefined {
   const parentId = normalizeConversationText(raw);
   if (!parentId) {
diff --git a/src/auto-reply/reply/commands-allowlist.ts b/src/auto-reply/reply/commands-allowlist.ts
index ffba3bf2505..83d263b828c 100644
--- a/src/auto-reply/reply/commands-allowlist.ts
+++ b/src/auto-reply/reply/commands-allowlist.ts
@@ -1,10 +1,13 @@
+import { resolveDiscordAccount } from "../../../extensions/discord/src/accounts.js";
+import { resolveDiscordUserAllowlist } from "../../../extensions/discord/src/resolve-users.js";
+import { resolveIMessageAccount } from "../../../extensions/imessage/src/accounts.js";
+import { resolveSignalAccount } from "../../../extensions/signal/src/accounts.js";
+import { resolveSlackAccount } from "../../../extensions/slack/src/accounts.js";
+import { resolveSlackUserAllowlist } from "../../../extensions/slack/src/resolve-users.js";
+import { resolveTelegramAccount } from "../../../extensions/telegram/src/accounts.js";
+import { resolveWhatsAppAccount } from "../../../extensions/whatsapp/src/accounts.js";
 import { getChannelDock } from "../../channels/dock.js";
-import {
-  authorizeConfigWrite,
-  canBypassConfigWritePolicy,
-  formatConfigWriteDeniedMessage,
-  resolveExplicitConfigWriteTarget,
-} from "../../channels/plugins/config-writes.js";
+import { resolveExplicitConfigWriteTarget } from "../../channels/plugins/config-writes.js";
 import { listPairingChannels } from "../../channels/plugins/pairing.js";
 import type { ChannelId } from "../../channels/plugins/types.js";
 import { normalizeChannelId } from "../../channels/registry.js";
@@ -14,9 +17,6 @@ import {
   validateConfigObjectWithPlugins,
   writeConfigFile,
 } from "../../config/config.js";
-import { resolveDiscordAccount } from "../../discord/accounts.js";
-import { resolveDiscordUserAllowlist } from "../../discord/resolve-users.js";
-import { resolveIMessageAccount } from "../../imessage/accounts.js";
 import { isBlockedObjectKey } from "../../infra/prototype-keys.js";
 import {
   addChannelAllowFromStoreEntry,
@@ -29,13 +29,9 @@ import {
   normalizeOptionalAccountId,
 } from "../../routing/session-key.js";
 import { normalizeStringEntries } from "../../shared/string-normalization.js";
-import { resolveSignalAccount } from "../../signal/accounts.js";
-import { resolveSlackAccount } from "../../slack/accounts.js";
-import { resolveSlackUserAllowlist } from "../../slack/resolve-users.js";
-import { resolveTelegramAccount } from "../../telegram/accounts.js";
-import { resolveWhatsAppAccount } from "../../web/accounts.js";
 import { rejectUnauthorizedCommand, requireCommandFlagEnabled } from "./command-gates.js";
 import type { CommandHandler } from "./commands-types.js";
+import { resolveConfigWriteDeniedText } from "./config-write-authorization.js";
 
 type AllowlistScope = "dm" | "group" | "all";
 type AllowlistAction = "list" | "add" | "remove";
@@ -628,20 +624,19 @@ export const handleAllowlistCommand: CommandHandler = async (params, allowTextCo
       accountId: normalizedAccountId,
       writeTarget,
     } = resolveAccountTarget(parsedConfig, channelId, accountId);
-    const writeAuth = authorizeConfigWrite({
+    const deniedText = resolveConfigWriteDeniedText({
       cfg: params.cfg,
-      origin: { channelId, accountId: params.ctx.AccountId },
+      channel: params.command.channel,
+      channelId,
+      accountId: params.ctx.AccountId,
+      gatewayClientScopes: params.ctx.GatewayClientScopes,
       target: writeTarget,
-      allowBypass: canBypassConfigWritePolicy({
-        channel: params.command.channel,
-        gatewayClientScopes: params.ctx.GatewayClientScopes,
-      }),
     });
-    if (!writeAuth.allowed) {
+    if (deniedText) {
       return {
         shouldContinue: false,
         reply: {
-          text: formatConfigWriteDeniedMessage({ result: writeAuth, fallbackChannelId: channelId }),
+          text: deniedText,
         },
       };
     }
diff --git a/src/auto-reply/reply/commands-approve.ts b/src/auto-reply/reply/commands-approve.ts
index 5b0caec9c8f..ad1fde9eb0b 100644
--- a/src/auto-reply/reply/commands-approve.ts
+++ b/src/auto-reply/reply/commands-approve.ts
@@ -1,9 +1,9 @@
-import { callGateway } from "../../gateway/call.js";
-import { logVerbose } from "../../globals.js";
 import {
   isTelegramExecApprovalApprover,
   isTelegramExecApprovalClientEnabled,
-} from "../../telegram/exec-approvals.js";
+} from "../../../extensions/telegram/src/exec-approvals.js";
+import { callGateway } from "../../gateway/call.js";
+import { logVerbose } from "../../globals.js";
 import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../../utils/message-channel.js";
 import { requireGatewayClientScopeForInternalChannel } from "./command-gates.js";
 import type { CommandHandler } from "./commands-types.js";
diff --git a/src/auto-reply/reply/commands-btw.test.ts b/src/auto-reply/reply/commands-btw.test.ts
new file mode 100644
index 00000000000..b0251520fae
--- /dev/null
+++ b/src/auto-reply/reply/commands-btw.test.ts
@@ -0,0 +1,131 @@
+import { describe, expect, it, vi, beforeEach } from "vitest";
+import type { OpenClawConfig } from "../../config/config.js";
+import { buildCommandTestParams } from "./commands.test-harness.js";
+import { createMockTypingController } from "./test-helpers.js";
+
+const runBtwSideQuestionMock = vi.fn();
+
+vi.mock("../../agents/btw.js", () => ({
+  runBtwSideQuestion: (...args: unknown[]) => runBtwSideQuestionMock(...args),
+}));
+
+const { handleBtwCommand } = await import("./commands-btw.js");
+
+function buildParams(commandBody: string) {
+  const cfg = {
+    commands: { text: true },
+    channels: { whatsapp: { allowFrom: ["*"] } },
+  } as OpenClawConfig;
+  return buildCommandTestParams(commandBody, cfg, undefined, { workspaceDir: "/tmp/workspace" });
+}
+
+describe("handleBtwCommand", () => {
+  beforeEach(() => {
+    runBtwSideQuestionMock.mockReset();
+  });
+
+  it("returns usage when the side question is missing", async () => {
+    const result = await handleBtwCommand(buildParams("/btw"), true);
+
+    expect(result).toEqual({
+      shouldContinue: false,
+      reply: { text: "Usage: /btw <side question>" },
+    });
+  });
+
+  it("ignores /btw when text commands are disabled", async () => {
+    const result = await handleBtwCommand(buildParams("/btw what changed?"), false);
+
+    expect(result).toBeNull();
+    expect(runBtwSideQuestionMock).not.toHaveBeenCalled();
+  });
+
+  it("ignores /btw from unauthorized senders", async () => {
+    const params = buildParams("/btw what changed?");
+    params.command.isAuthorizedSender = false;
+
+    const result = await handleBtwCommand(params, true);
+
+    expect(result).toEqual({ shouldContinue: false });
+    expect(runBtwSideQuestionMock).not.toHaveBeenCalled();
+  });
+
+  it("requires an active session context", async () => {
+    const params = buildParams("/btw what changed?");
+    params.sessionEntry = undefined;
+
+    const result = await handleBtwCommand(params, true);
+
+    expect(result).toEqual({
+      shouldContinue: false,
+      reply: { text: "⚠️ /btw requires an active session with existing context." },
+    });
+  });
+
+  it("still delegates while the session is actively running", async () => {
+    const params = buildParams("/btw what changed?");
+    params.agentDir = "/tmp/agent";
+    params.sessionEntry = {
+      sessionId: "session-1",
+      updatedAt: Date.now(),
+    };
+    runBtwSideQuestionMock.mockResolvedValue({ text: "snapshot answer" });
+
+    const result = await handleBtwCommand(params, true);
+
+    expect(runBtwSideQuestionMock).toHaveBeenCalledWith(
+      expect.objectContaining({
+        question: "what changed?",
+        sessionEntry: params.sessionEntry,
+        resolvedThinkLevel: "off",
+        resolvedReasoningLevel: "off",
+      }),
+    );
+    expect(result).toEqual({
+      shouldContinue: false,
+      reply: { text: "snapshot answer", btw: { question: "what changed?" } },
+    });
+  });
+
+  it("starts the typing keepalive while the side question runs", async () => {
+    const params = buildParams("/btw what changed?");
+    const typing = createMockTypingController();
+    params.typing = typing;
+    params.agentDir = "/tmp/agent";
+    params.sessionEntry = {
+      sessionId: "session-1",
+      updatedAt: Date.now(),
+    };
+    runBtwSideQuestionMock.mockResolvedValue({ text: "snapshot answer" });
+
+    await handleBtwCommand(params, true);
+
+    expect(typing.startTypingLoop).toHaveBeenCalledTimes(1);
+  });
+
+  it("delegates to the side-question runner", async () => {
+    const params = buildParams("/btw what changed?");
+    params.agentDir = "/tmp/agent";
+    params.sessionEntry = {
+      sessionId: "session-1",
+      updatedAt: Date.now(),
+    };
+    runBtwSideQuestionMock.mockResolvedValue({ text: "nothing important" });
+
+    const result = await handleBtwCommand(params, true);
+
+    expect(runBtwSideQuestionMock).toHaveBeenCalledWith(
+      expect.objectContaining({
+        question: "what changed?",
+        agentDir: "/tmp/agent",
+        sessionEntry: params.sessionEntry,
+        resolvedThinkLevel: "off",
+        resolvedReasoningLevel: "off",
+      }),
+    );
+    expect(result).toEqual({
+      shouldContinue: false,
+      reply: { text: "nothing important", btw: { question: "what changed?" } },
+    });
+  });
+});
diff --git a/src/auto-reply/reply/commands-btw.ts b/src/auto-reply/reply/commands-btw.ts
new file mode 100644
index 00000000000..7c56473ca0c
--- /dev/null
+++ b/src/auto-reply/reply/commands-btw.ts
@@ -0,0 +1,80 @@
+import { runBtwSideQuestion } from "../../agents/btw.js";
+import { extractBtwQuestion } from "./btw-command.js";
+import { rejectUnauthorizedCommand } from "./command-gates.js";
+import type { CommandHandler } from "./commands-types.js";
+
+const BTW_USAGE = "Usage: /btw <side question>";
+
+export const handleBtwCommand: CommandHandler = async (params, allowTextCommands) => {
+  if (!allowTextCommands) {
+    return null;
+  }
+  const question = extractBtwQuestion(params.command.commandBodyNormalized);
+  if (question === null) {
+    return null;
+  }
+  const unauthorized = rejectUnauthorizedCommand(params, "/btw");
+  if (unauthorized) {
+    return unauthorized;
+  }
+
+  if (!question) {
+    return {
+      shouldContinue: false,
+      reply: { text: BTW_USAGE },
+    };
+  }
+
+  if (!params.sessionEntry?.sessionId) {
+    return {
+      shouldContinue: false,
+      reply: { text: "⚠️ /btw requires an active session with existing context." },
+    };
+  }
+
+  if (!params.agentDir) {
+    return {
+      shouldContinue: false,
+      reply: {
+        text: "⚠️ /btw is unavailable because the active agent directory could not be resolved.",
+      },
+    };
+  }
+
+  try {
+    await params.typing?.startTypingLoop();
+    const reply = await runBtwSideQuestion({
+      cfg: params.cfg,
+      agentDir: params.agentDir,
+      provider: params.provider,
+      model: params.model,
+      question,
+      sessionEntry: params.sessionEntry,
+      sessionStore: params.sessionStore,
+      sessionKey: params.sessionKey,
+      storePath: params.storePath,
+      // BTW is intentionally a quick side question, so do not inherit slower
+      // session-level think/reasoning settings from the main run.
+      resolvedThinkLevel: "off",
+      resolvedReasoningLevel: "off",
+      blockReplyChunking: params.blockReplyChunking,
+      resolvedBlockStreamingBreak: params.resolvedBlockStreamingBreak,
+      opts: params.opts,
+      isNewSession: false,
+    });
+    return {
+      shouldContinue: false,
+      reply: reply ? { ...reply, btw: { question } } : reply,
+    };
+  } catch (error) {
+    const message = error instanceof Error ? error.message.trim() : "";
+    return {
+      shouldContinue: false,
+      reply: {
+        text: `⚠️ /btw failed${message ? `: ${message}` : "."}`,
+        btw: { question },
+        isError: true,
+      },
+    };
+  }
+};
diff --git a/src/auto-reply/reply/commands-config.ts b/src/auto-reply/reply/commands-config.ts
index 96b5a5d9be5..b40032758d3 100644
--- a/src/auto-reply/reply/commands-config.ts
+++ b/src/auto-reply/reply/commands-config.ts
@@ -1,9 +1,4 @@
-import {
-  authorizeConfigWrite,
-  canBypassConfigWritePolicy,
-  formatConfigWriteDeniedMessage,
-  resolveConfigWriteTargetFromPath,
-} from "../../channels/plugins/config-writes.js";
+import { resolveConfigWriteTargetFromPath } from "../../channels/plugins/config-writes.js";
 import { normalizeChannelId } from "../../channels/registry.js";
 import {
   getConfigValueAtPath,
@@ -31,6 +26,7 @@ import {
 } from "./command-gates.js";
 import type { CommandHandler } from "./commands-types.js";
 import { parseConfigCommand } from "./config-commands.js";
+import { resolveConfigWriteDeniedText } from "./config-write-authorization.js";
 import { parseDebugCommand } from "./debug-commands.js";
 
 export const handleConfigCommand: CommandHandler = async (params, allowTextCommands) => {
@@ -84,20 +80,19 @@ export const handleConfigCommand: CommandHandler = async (params, allowTextComma
     }
     parsedWritePath = parsedPath.path;
     const channelId = params.command.channelId ?? normalizeChannelId(params.command.channel);
-    const writeAuth = authorizeConfigWrite({
+    const deniedText = resolveConfigWriteDeniedText({
       cfg: params.cfg,
-      origin: { channelId, accountId: params.ctx.AccountId },
+      channel: params.command.channel,
+      channelId,
+      accountId: params.ctx.AccountId,
+      gatewayClientScopes: params.ctx.GatewayClientScopes,
       target: resolveConfigWriteTargetFromPath(parsedWritePath),
-      allowBypass: canBypassConfigWritePolicy({
-        channel: params.command.channel,
-        gatewayClientScopes: params.ctx.GatewayClientScopes,
-      }),
     });
-    if (!writeAuth.allowed) {
+    if (deniedText) {
       return {
         shouldContinue: false,
         reply: {
-          text: formatConfigWriteDeniedMessage({ result: writeAuth, fallbackChannelId: channelId }),
+          text: deniedText,
         },
       };
     }
diff --git a/src/auto-reply/reply/commands-core.ts b/src/auto-reply/reply/commands-core.ts
index ca67bbc3549..7a6cc36c05e 100644
--- a/src/auto-reply/reply/commands-core.ts
+++ b/src/auto-reply/reply/commands-core.ts
@@ -11,6 +11,7 @@ import { resolveBoundAcpThreadSessionKey } from "./commands-acp/targets.js";
 import { handleAllowlistCommand } from "./commands-allowlist.js";
 import { handleApproveCommand } from "./commands-approve.js";
 import { handleBashCommand } from "./commands-bash.js";
+import { handleBtwCommand } from "./commands-btw.js";
 import { handleCompactCommand } from "./commands-compact.js";
 import { handleConfigCommand, handleDebugCommand } from "./commands-config.js";
 import {
@@ -174,6 +175,7 @@ export async function handleCommands(params: HandleCommandsParams): Promise<Comm
     HANDLERS = [
       // Plugin commands are processed first, before built-in commands
       handlePluginCommand,
+      handleBtwCommand,
       handleBashCommand,
       handleActivationCommand,
       handleSendPolicyCommand,
diff --git a/src/auto-reply/reply/commands-models.ts b/src/auto-reply/reply/commands-models.ts
index 17c25a6bfe0..afe56688256 100644
--- a/src/auto-reply/reply/commands-models.ts
+++ b/src/auto-reply/reply/commands-models.ts
@@ -1,3 +1,10 @@
+import {
+  buildModelsKeyboard,
+  buildProviderKeyboard,
+  calculateTotalPages,
+  getModelsPageSize,
+  type ProviderInfo,
+} from "../../../extensions/telegram/src/model-buttons.js";
 import { resolveAgentDir, resolveSessionAgentId } from "../../agents/agent-scope.js";
 import { resolveModelAuthLabel } from "../../agents/model-auth-label.js";
 import { loadModelCatalog } from "../../agents/model-catalog.js";
@@ -10,13 +17,6 @@ import {
 } from "../../agents/model-selection.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import type { SessionEntry } from "../../config/sessions.js";
-import {
-  buildModelsKeyboard,
-  buildProviderKeyboard,
-  calculateTotalPages,
-  getModelsPageSize,
-  type ProviderInfo,
-} from "../../telegram/model-buttons.js";
 import type { ReplyPayload } from "../types.js";
 import { rejectUnauthorizedCommand } from "./command-gates.js";
 import type { CommandHandler } from "./commands-types.js";
diff --git a/src/auto-reply/reply/commands-session-abort.ts b/src/auto-reply/reply/commands-session-abort.ts
index e8abdb845d6..2991ede75cd 100644
--- a/src/auto-reply/reply/commands-session-abort.ts
+++ b/src/auto-reply/reply/commands-session-abort.ts
@@ -86,6 +86,23 @@ async function applyAbortTarget(params: {
   }
 }
 
+function buildAbortTargetApplyParams(
+  params: Parameters<CommandHandler>[0],
+  abortTarget: AbortTarget,
+) {
+  return {
+    abortTarget,
+    sessionStore: params.sessionStore,
+    storePath: params.storePath,
+    abortKey: params.command.abortKey,
+    abortCutoff: resolveAbortCutoffForTarget({
+      ctx: params.ctx,
+      commandSessionKey: params.sessionKey,
+      targetSessionKey: abortTarget.key,
+    }),
+  };
+}
+
 export const handleStopCommand: CommandHandler = async (params, allowTextCommands) => {
   if (!allowTextCommands) {
     return null;
@@ -109,17 +126,7 @@ export const handleStopCommand: CommandHandler = async (params, allowTextCommand
       `stop: cleared followups=${cleared.followupCleared} lane=${cleared.laneCleared} keys=${cleared.keys.join(",")}`,
     );
   }
-  await applyAbortTarget({
-    abortTarget,
-    sessionStore: params.sessionStore,
-    storePath: params.storePath,
-    abortKey: params.command.abortKey,
-    abortCutoff: resolveAbortCutoffForTarget({
-      ctx: params.ctx,
-      commandSessionKey: params.sessionKey,
-      targetSessionKey: abortTarget.key,
-    }),
-  });
+  await applyAbortTarget(buildAbortTargetApplyParams(params, abortTarget));
 
   // Trigger internal hook for stop command
   const hookEvent = createInternalHookEvent(
@@ -160,16 +167,6 @@ export const handleAbortTrigger: CommandHandler = async (params, allowTextComman
     sessionEntry: params.sessionEntry,
     sessionStore: params.sessionStore,
   });
-  await applyAbortTarget({
-    abortTarget,
-    sessionStore: params.sessionStore,
-    storePath: params.storePath,
-    abortKey: params.command.abortKey,
-    abortCutoff: resolveAbortCutoffForTarget({
-      ctx: params.ctx,
-      commandSessionKey: params.sessionKey,
-      targetSessionKey: abortTarget.key,
-    }),
-  });
+  await applyAbortTarget(buildAbortTargetApplyParams(params, abortTarget));
   return { shouldContinue: false, reply: { text: "⚙️ Agent was aborted." } };
 };
diff --git a/src/auto-reply/reply/commands-session-lifecycle.test.ts b/src/auto-reply/reply/commands-session-lifecycle.test.ts
index 79882f13921..92812abaae6 100644
--- a/src/auto-reply/reply/commands-session-lifecycle.test.ts
+++ b/src/auto-reply/reply/commands-session-lifecycle.test.ts
@@ -19,8 +19,11 @@ const hoisted = vi.hoisted(() => {
   };
 });
 
-vi.mock("../../discord/monitor/thread-bindings.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../discord/monitor/thread-bindings.js")>();
+vi.mock("../../../extensions/discord/src/monitor/thread-bindings.js", async (importOriginal) => {
+  const actual =
+    await importOriginal<
+      typeof import("../../../extensions/discord/src/monitor/thread-bindings.js")
+    >();
   return {
     ...actual,
     getThreadBindingManager: hoisted.getThreadBindingManagerMock,
@@ -29,8 +32,9 @@ vi.mock("../../discord/monitor/thread-bindings.js", async (importOriginal) => {
   };
 });
 
-vi.mock("../../telegram/thread-bindings.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../../telegram/thread-bindings.js")>();
+vi.mock("../../../extensions/telegram/src/thread-bindings.js", async (importOriginal) => {
+  const actual =
+    await importOriginal<typeof import("../../../extensions/telegram/src/thread-bindings.js")>();
   return {
     ...actual,
     setTelegramThreadBindingIdleTimeoutBySessionKey:
@@ -139,6 +143,21 @@ function createTelegramBinding(overrides?: Partial<SessionBindingRecord>): Sessi
   };
 }
 
+function expectIdleTimeoutSetReply(
+  mock: ReturnType<typeof vi.fn>,
+  text: string,
+  idleTimeoutMs: number,
+  idleTimeoutLabel: string,
+) {
+  expect(mock).toHaveBeenCalledWith({
+    targetSessionKey: "agent:main:subagent:child",
+    accountId: "default",
+    idleTimeoutMs,
+  });
+  expect(text).toContain(`Idle timeout set to ${idleTimeoutLabel}`);
+  expect(text).toContain("2026-02-20T02:00:00.000Z");
+}
+
 function createFakeThreadBindingManager(binding: FakeBinding | null) {
   return {
     getByThreadId: vi.fn((_threadId: string) => binding),
@@ -175,13 +194,12 @@ describe("/session idle and /session max-age", () => {
     const result = await handleSessionCommand(createDiscordCommandParams("/session idle 2h"), true);
     const text = result?.reply?.text ?? "";
 
-    expect(hoisted.setThreadBindingIdleTimeoutBySessionKeyMock).toHaveBeenCalledWith({
-      targetSessionKey: "agent:main:subagent:child",
-      accountId: "default",
-      idleTimeoutMs: 2 * 60 * 60 * 1000,
-    });
-    expect(text).toContain("Idle timeout set to 2h");
-    expect(text).toContain("2026-02-20T02:00:00.000Z");
+    expectIdleTimeoutSetReply(
+      hoisted.setThreadBindingIdleTimeoutBySessionKeyMock,
+      text,
+      2 * 60 * 60 * 1000,
+      "2h",
+    );
   });
 
   it("shows active idle timeout when no value is provided", async () => {
@@ -248,13 +266,12 @@ describe("/session idle and /session max-age", () => {
     );
     const text = result?.reply?.text ?? "";
 
-    expect(hoisted.setTelegramThreadBindingIdleTimeoutBySessionKeyMock).toHaveBeenCalledWith({
-      targetSessionKey: "agent:main:subagent:child",
-      accountId: "default",
-      idleTimeoutMs: 2 * 60 * 60 * 1000,
-    });
-    expect(text).toContain("Idle timeout set to 2h");
-    expect(text).toContain("2026-02-20T02:00:00.000Z");
+    expectIdleTimeoutSetReply(
+      hoisted.setTelegramThreadBindingIdleTimeoutBySessionKeyMock,
+      text,
+      2 * 60 * 60 * 1000,
+      "2h",
+    );
   });
 
   it("reports Telegram max-age expiry from the original bind time", async () => {
diff --git a/src/auto-reply/reply/commands-session.ts b/src/auto-reply/reply/commands-session.ts
index c4d0c88e432..b04d5112345 100644
--- a/src/auto-reply/reply/commands-session.ts
+++ b/src/auto-reply/reply/commands-session.ts
@@ -1,6 +1,3 @@
-import { resolveFastModeState } from "../../agents/fast-mode.js";
-import { parseDurationMs } from "../../cli/parse-duration.js";
-import { isRestartEnabled } from "../../config/commands.js";
 import {
   formatThreadBindingDurationLabel,
   getThreadBindingManager,
@@ -10,16 +7,19 @@ import {
   resolveThreadBindingMaxAgeMs,
   setThreadBindingIdleTimeoutBySessionKey,
   setThreadBindingMaxAgeBySessionKey,
-} from "../../discord/monitor/thread-bindings.js";
+} from "../../../extensions/discord/src/monitor/thread-bindings.js";
+import {
+  setTelegramThreadBindingIdleTimeoutBySessionKey,
+  setTelegramThreadBindingMaxAgeBySessionKey,
+} from "../../../extensions/telegram/src/thread-bindings.js";
+import { resolveFastModeState } from "../../agents/fast-mode.js";
+import { parseDurationMs } from "../../cli/parse-duration.js";
+import { isRestartEnabled } from "../../config/commands.js";
 import { logVerbose } from "../../globals.js";
 import { getSessionBindingService } from "../../infra/outbound/session-binding-service.js";
 import type { SessionBindingRecord } from "../../infra/outbound/session-binding-service.js";
 import { scheduleGatewaySigusr1Restart, triggerOpenClawRestart } from "../../infra/restart.js";
 import { loadCostUsageSummary, loadSessionCostSummary } from "../../infra/session-cost-usage.js";
-import {
-  setTelegramThreadBindingIdleTimeoutBySessionKey,
-  setTelegramThreadBindingMaxAgeBySessionKey,
-} from "../../telegram/thread-bindings.js";
 import { formatTokenCount, formatUsd } from "../../utils/usage-format.js";
 import { parseActivationCommand } from "../group-activation.js";
 import { parseSendPolicyCommand } from "../send-policy.js";
diff --git a/src/auto-reply/reply/commands-subagents.test-mocks.ts b/src/auto-reply/reply/commands-subagents.test-mocks.ts
index da70d449b6f..99c34fbf35c 100644
--- a/src/auto-reply/reply/commands-subagents.test-mocks.ts
+++ b/src/auto-reply/reply/commands-subagents.test-mocks.ts
@@ -10,7 +10,7 @@ export function installSubagentsCommandCoreMocks() {
   });
 
   // Prevent transitive import chain from reaching discord/monitor which needs https-proxy-agent.
-  vi.mock("../../discord/monitor/gateway-plugin.js", () => ({
+  vi.mock("../../../extensions/discord/src/monitor/gateway-plugin.js", () => ({
     createDiscordGatewayPlugin: () => ({}),
   }));
 }
diff --git a/src/auto-reply/reply/commands-subagents/shared.ts b/src/auto-reply/reply/commands-subagents/shared.ts
index bb923b52e46..1c7db7e13cd 100644
--- a/src/auto-reply/reply/commands-subagents/shared.ts
+++ b/src/auto-reply/reply/commands-subagents/shared.ts
@@ -1,3 +1,4 @@
+import { parseDiscordTarget } from "../../../../extensions/discord/src/targets.js";
 import { resolveStoredSubagentCapabilities } from "../../../agents/subagent-capabilities.js";
 import type { ResolvedSubagentController } from "../../../agents/subagent-control.js";
 import {
@@ -16,7 +17,6 @@ import type {
   loadSessionStore as loadSessionStoreFn,
   resolveStorePath as resolveStorePathFn,
 } from "../../../config/sessions.js";
-import { parseDiscordTarget } from "../../../discord/targets.js";
 import { callGateway } from "../../../gateway/call.js";
 import { formatTimeAgo } from "../../../infra/format-time/format-relative.ts";
 import { parseAgentSessionKey } from "../../../routing/session-key.js";
diff --git a/src/auto-reply/reply/commands-types.ts b/src/auto-reply/reply/commands-types.ts
index 4c6f67f094e..484474e94e2 100644
--- a/src/auto-reply/reply/commands-types.ts
+++ b/src/auto-reply/reply/commands-types.ts
@@ -1,11 +1,13 @@
+import type { BlockReplyChunking } from "../../agents/pi-embedded-block-chunker.js";
 import type { SkillCommandSpec } from "../../agents/skills.js";
 import type { ChannelId } from "../../channels/plugins/types.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import type { SessionEntry, SessionScope } from "../../config/sessions.js";
 import type { MsgContext } from "../templating.js";
 import type { ElevatedLevel, ReasoningLevel, ThinkLevel, VerboseLevel } from "../thinking.js";
-import type { ReplyPayload } from "../types.js";
+import type { GetReplyOptions, ReplyPayload } from "../types.js";
 import type { InlineDirectives } from "./directive-handling.js";
+import type { TypingController } from "./typing.js";
 
 export type CommandContext = {
   surface: string;
@@ -44,17 +46,21 @@ export type HandleCommandsParams = {
   storePath?: string;
   sessionScope?: SessionScope;
   workspaceDir: string;
+  opts?: GetReplyOptions;
   defaultGroupActivation: () => "always" | "mention";
   resolvedThinkLevel?: ThinkLevel;
   resolvedVerboseLevel: VerboseLevel;
   resolvedReasoningLevel: ReasoningLevel;
   resolvedElevatedLevel?: ElevatedLevel;
+  blockReplyChunking?: BlockReplyChunking;
+  resolvedBlockStreamingBreak?: "text_end" | "message_end";
   resolveDefaultThinkingLevel: () => Promise<ThinkLevel | undefined>;
   provider: string;
   model: string;
   contextTokens: number;
   isGroup: boolean;
   skillCommands?: SkillCommandSpec[];
+  typing?: TypingController;
 };
 
 export type CommandHandlerResult = {
diff --git a/src/auto-reply/reply/config-write-authorization.ts b/src/auto-reply/reply/config-write-authorization.ts
new file mode 100644
index 00000000000..a2c2142709f
--- /dev/null
+++ b/src/auto-reply/reply/config-write-authorization.ts
@@ -0,0 +1,33 @@
+import {
+  authorizeConfigWrite,
+  canBypassConfigWritePolicy,
+  formatConfigWriteDeniedMessage,
+} from "../../channels/plugins/config-writes.js";
+import type { ChannelId } from "../../channels/plugins/types.js";
+import type { OpenClawConfig } from "../../config/config.js";
+
+export function resolveConfigWriteDeniedText(params: {
+  cfg: OpenClawConfig;
+  channel?: string | null;
+  channelId: ChannelId | null;
+  accountId?: string;
+  gatewayClientScopes?: string[];
+  target: Parameters<typeof authorizeConfigWrite>[0]["target"];
+}): string | null {
+  const writeAuth = authorizeConfigWrite({
+    cfg: params.cfg,
+    origin: { channelId: params.channelId, accountId: params.accountId },
+    target: params.target,
+    allowBypass: canBypassConfigWritePolicy({
+      channel: params.channel ?? "",
+      gatewayClientScopes: params.gatewayClientScopes,
+    }),
+  });
+  if (writeAuth.allowed) {
+    return null;
+  }
+  return formatConfigWriteDeniedMessage({
+    result: writeAuth,
+    fallbackChannelId: params.channelId,
+  });
+}
diff --git a/src/auto-reply/reply/directive-handling.auth.test.ts b/src/auto-reply/reply/directive-handling.auth.test.ts
index 4faad0c3ee6..5e1248c8a61 100644
--- a/src/auto-reply/reply/directive-handling.auth.test.ts
+++ b/src/auto-reply/reply/directive-handling.auth.test.ts
@@ -4,6 +4,11 @@ import type { OpenClawConfig } from "../../config/config.js";
 
 let mockStore: AuthProfileStore;
 let mockOrder: string[];
+const githubCopilotTokenRefProfile: AuthProfileStore["profiles"][string] = {
+  type: "token",
+  provider: "github-copilot",
+  tokenRef: { source: "env", provider: "default", id: "GITHUB_TOKEN" },
+};
 
 vi.mock("../../agents/auth-health.js", () => ({
   formatRemainingShort: () => "1h",
@@ -39,6 +44,28 @@ vi.mock("../../agents/model-auth.js", () => ({
 
 const { resolveAuthLabel } = await import("./directive-handling.auth.js");
 
+async function resolveRefOnlyAuthLabel(params: {
+  provider: string;
+  profileId: string;
+  profile:
+    | (AuthProfileStore["profiles"][string] & { type: "api_key" })
+    | (AuthProfileStore["profiles"][string] & { type: "token" });
+  mode: "compact" | "verbose";
+}) {
+  mockStore.profiles = {
+    [params.profileId]: params.profile,
+  };
+  mockOrder = [params.profileId];
+
+  return resolveAuthLabel(
+    params.provider,
+    {} as OpenClawConfig,
+    "/tmp/models.json",
+    undefined,
+    params.mode,
+  );
+}
+
 describe("resolveAuthLabel ref-aware labels", () => {
   beforeEach(() => {
     mockStore = {
@@ -49,64 +76,38 @@ describe("resolveAuthLabel ref-aware labels", () => {
   });
 
   it("shows api-key (ref) for keyRef-only profiles in compact mode", async () => {
-    mockStore.profiles = {
-      "openai:default": {
+    const result = await resolveRefOnlyAuthLabel({
+      provider: "openai",
+      profileId: "openai:default",
+      profile: {
         type: "api_key",
         provider: "openai",
         keyRef: { source: "env", provider: "default", id: "OPENAI_API_KEY" },
       },
-    };
-    mockOrder = ["openai:default"];
-
-    const result = await resolveAuthLabel(
-      "openai",
-      {} as OpenClawConfig,
-      "/tmp/models.json",
-      undefined,
-      "compact",
-    );
+      mode: "compact",
+    });
 
     expect(result.label).toBe("openai:default api-key (ref)");
   });
 
   it("shows token (ref) for tokenRef-only profiles in compact mode", async () => {
-    mockStore.profiles = {
-      "github-copilot:default": {
-        type: "token",
-        provider: "github-copilot",
-        tokenRef: { source: "env", provider: "default", id: "GITHUB_TOKEN" },
-      },
-    };
-    mockOrder = ["github-copilot:default"];
-
-    const result = await resolveAuthLabel(
-      "github-copilot",
-      {} as OpenClawConfig,
-      "/tmp/models.json",
-      undefined,
-      "compact",
-    );
+    const result = await resolveRefOnlyAuthLabel({
+      provider: "github-copilot",
+      profileId: "github-copilot:default",
+      profile: githubCopilotTokenRefProfile,
+      mode: "compact",
+    });
 
     expect(result.label).toBe("github-copilot:default token (ref)");
   });
 
   it("uses token:ref instead of token:missing in verbose mode", async () => {
-    mockStore.profiles = {
-      "github-copilot:default": {
-        type: "token",
-        provider: "github-copilot",
-        tokenRef: { source: "env", provider: "default", id: "GITHUB_TOKEN" },
-      },
-    };
-    mockOrder = ["github-copilot:default"];
-
-    const result = await resolveAuthLabel(
-      "github-copilot",
-      {} as OpenClawConfig,
-      "/tmp/models.json",
-      undefined,
-      "verbose",
-    );
+    const result = await resolveRefOnlyAuthLabel({
+      provider: "github-copilot",
+      profileId: "github-copilot:default",
+      profile: githubCopilotTokenRefProfile,
+      mode: "verbose",
+    });
 
     expect(result.label).toContain("github-copilot:default=token:ref");
     expect(result.label).not.toContain("token:missing");
diff --git a/src/auto-reply/reply/directive-handling.auth.ts b/src/auto-reply/reply/directive-handling.auth.ts
index 26647d77c68..604e7473ae8 100644
--- a/src/auto-reply/reply/directive-handling.auth.ts
+++ b/src/auto-reply/reply/directive-handling.auth.ts
@@ -33,6 +33,22 @@ function resolveStoredCredentialLabel(params: {
   return "missing";
 }
 
+function formatExpirationLabel(
+  expires: unknown,
+  now: number,
+  formatUntil: (timestampMs: number) => string,
+  compactExpiredPrefix = " expired",
+) {
+  if (typeof expires !== "number" || !Number.isFinite(expires) || expires <= 0) {
+    return "";
+  }
+  return expires <= now ? compactExpiredPrefix : ` exp ${formatUntil(expires)}`;
+}
+
+function formatFlagsSuffix(flags: string[]) {
+  return flags.length > 0 ? ` (${flags.join(", ")})` : "";
+}
+
 export const resolveAuthLabel = async (
   provider: string,
   cfg: OpenClawConfig,
@@ -89,14 +105,7 @@ export const resolveAuthLabel = async (
           refValue: profile.tokenRef,
           mode,
         });
-        const exp =
-          typeof profile.expires === "number" &&
-          Number.isFinite(profile.expires) &&
-          profile.expires > 0
-            ? profile.expires <= now
-              ? " expired"
-              : ` exp ${formatUntil(profile.expires)}`
-            : "";
+        const exp = formatExpirationLabel(profile.expires, now, formatUntil);
         return {
           label: `${profileId} token ${tokenLabel}${exp}${more}`,
           source: "",
@@ -104,14 +113,7 @@ export const resolveAuthLabel = async (
       }
       const display = resolveAuthProfileDisplayLabel({ cfg, store, profileId });
       const label = display === profileId ? profileId : display;
-      const exp =
-        typeof profile.expires === "number" &&
-        Number.isFinite(profile.expires) &&
-        profile.expires > 0
-          ? profile.expires <= now
-            ? " expired"
-            : ` exp ${formatUntil(profile.expires)}`
-          : "";
+      const exp = formatExpirationLabel(profile.expires, now, formatUntil);
       return { label: `${label} oauth${exp}${more}`, source: "" };
     }
 
@@ -140,7 +142,7 @@ export const resolveAuthLabel = async (
           configProfile.mode !== profile.type &&
           !(configProfile.mode === "oauth" && profile.type === "token"))
       ) {
-        const suffix = flags.length > 0 ? ` (${flags.join(", ")})` : "";
+        const suffix = formatFlagsSuffix(flags);
         return `${profileId}=missing${suffix}`;
       }
       if (profile.type === "api_key") {
@@ -149,7 +151,7 @@ export const resolveAuthLabel = async (
           refValue: profile.keyRef,
           mode,
         });
-        const suffix = flags.length > 0 ? ` (${flags.join(", ")})` : "";
+        const suffix = formatFlagsSuffix(flags);
         return `${profileId}=${keyLabel}${suffix}`;
       }
       if (profile.type === "token") {
@@ -158,14 +160,11 @@ export const resolveAuthLabel = async (
           refValue: profile.tokenRef,
           mode,
         });
-        if (
-          typeof profile.expires === "number" &&
-          Number.isFinite(profile.expires) &&
-          profile.expires > 0
-        ) {
-          flags.push(profile.expires <= now ? "expired" : `exp ${formatUntil(profile.expires)}`);
+        const expirationFlag = formatExpirationLabel(profile.expires, now, formatUntil, "expired");
+        if (expirationFlag) {
+          flags.push(expirationFlag);
         }
-        const suffix = flags.length > 0 ? ` (${flags.join(", ")})` : "";
+        const suffix = formatFlagsSuffix(flags);
         return `${profileId}=token:${tokenLabel}${suffix}`;
       }
       const display = resolveAuthProfileDisplayLabel({
@@ -179,15 +178,12 @@ export const resolveAuthLabel = async (
           : display.startsWith(profileId)
             ? display.slice(profileId.length).trim()
             : `(${display})`;
-      if (
-        typeof profile.expires === "number" &&
-        Number.isFinite(profile.expires) &&
-        profile.expires > 0
-      ) {
-        flags.push(profile.expires <= now ? "expired" : `exp ${formatUntil(profile.expires)}`);
+      const expirationFlag = formatExpirationLabel(profile.expires, now, formatUntil, "expired");
+      if (expirationFlag) {
+        flags.push(expirationFlag);
       }
       const suffixLabel = suffix ? ` ${suffix}` : "";
-      const suffixFlags = flags.length > 0 ? ` (${flags.join(", ")})` : "";
+      const suffixFlags = formatFlagsSuffix(flags);
       return `${profileId}=OAuth${suffixLabel}${suffixFlags}`;
     });
     return {
diff --git a/src/auto-reply/reply/directive-handling.model.test.ts b/src/auto-reply/reply/directive-handling.model.test.ts
index 5d4a23f3efb..b815ecfc9b9 100644
--- a/src/auto-reply/reply/directive-handling.model.test.ts
+++ b/src/auto-reply/reply/directive-handling.model.test.ts
@@ -57,24 +57,28 @@ function resolveModelSelectionForCommand(params: {
   });
 }
 
+async function resolveModelInfoReply(
+  overrides: Partial<Parameters<typeof maybeHandleModelDirectiveInfo>[0]> = {},
+) {
+  return maybeHandleModelDirectiveInfo({
+    directives: parseInlineDirectives("/model"),
+    cfg: baseConfig(),
+    agentDir: "/tmp/agent",
+    activeAgentId: "main",
+    provider: "anthropic",
+    model: "claude-opus-4-5",
+    defaultProvider: "anthropic",
+    defaultModel: "claude-opus-4-5",
+    aliasIndex: baseAliasIndex(),
+    allowedModelCatalog: [],
+    resetModelOverride: false,
+    ...overrides,
+  });
+}
+
 describe("/model chat UX", () => {
   it("shows summary for /model with no args", async () => {
-    const directives = parseInlineDirectives("/model");
-    const cfg = { commands: { text: true } } as unknown as OpenClawConfig;
-
-    const reply = await maybeHandleModelDirectiveInfo({
-      directives,
-      cfg,
-      agentDir: "/tmp/agent",
-      activeAgentId: "main",
-      provider: "anthropic",
-      model: "claude-opus-4-5",
-      defaultProvider: "anthropic",
-      defaultModel: "claude-opus-4-5",
-      aliasIndex: baseAliasIndex(),
-      allowedModelCatalog: [],
-      resetModelOverride: false,
-    });
+    const reply = await resolveModelInfoReply();
 
     expect(reply?.text).toContain("Current:");
     expect(reply?.text).toContain("Browse: /models");
@@ -82,21 +86,11 @@ describe("/model chat UX", () => {
   });
 
   it("shows active runtime model when different from selected model", async () => {
-    const directives = parseInlineDirectives("/model");
-    const cfg = { commands: { text: true } } as unknown as OpenClawConfig;
-
-    const reply = await maybeHandleModelDirectiveInfo({
-      directives,
-      cfg,
-      agentDir: "/tmp/agent",
-      activeAgentId: "main",
+    const reply = await resolveModelInfoReply({
       provider: "fireworks",
       model: "fireworks/minimax-m2p5",
       defaultProvider: "fireworks",
       defaultModel: "fireworks/minimax-m2p5",
-      aliasIndex: baseAliasIndex(),
-      allowedModelCatalog: [],
-      resetModelOverride: false,
       sessionEntry: {
         modelProvider: "deepinfra",
         model: "moonshotai/Kimi-K2.5",
diff --git a/src/auto-reply/reply/directive-handling.model.ts b/src/auto-reply/reply/directive-handling.model.ts
index e05b7044edb..bb66d8b8d7f 100644
--- a/src/auto-reply/reply/directive-handling.model.ts
+++ b/src/auto-reply/reply/directive-handling.model.ts
@@ -1,3 +1,4 @@
+import { buildBrowseProvidersButton } from "../../../extensions/telegram/src/model-buttons.js";
 import { resolveAuthStorePathForDisplay } from "../../agents/auth-profiles.js";
 import {
   type ModelAliasIndex,
@@ -8,7 +9,6 @@ import {
 } from "../../agents/model-selection.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import type { SessionEntry } from "../../config/sessions.js";
-import { buildBrowseProvidersButton } from "../../telegram/model-buttons.js";
 import { shortenHomePath } from "../../utils.js";
 import { resolveSelectedAndActiveModel } from "../model-runtime.js";
 import type { ReplyPayload } from "../types.js";
diff --git a/src/auto-reply/reply/discord-parent-channel.ts b/src/auto-reply/reply/discord-parent-channel.ts
new file mode 100644
index 00000000000..877c4593ea7
--- /dev/null
+++ b/src/auto-reply/reply/discord-parent-channel.ts
@@ -0,0 +1,15 @@
+import { normalizeConversationText } from "../../acp/conversation-id.js";
+import { parseAgentSessionKey } from "../../routing/session-key.js";
+
+export function parseDiscordParentChannelFromSessionKey(raw: unknown): string | undefined {
+  const sessionKey = normalizeConversationText(raw);
+  if (!sessionKey) {
+    return undefined;
+  }
+  const scoped = parseAgentSessionKey(sessionKey)?.rest ?? sessionKey.toLowerCase();
+  const match = scoped.match(/(?:^|:)channel:([^:]+)$/);
+  if (!match?.[1]) {
+    return undefined;
+  }
+  return match[1];
+}
diff --git a/src/auto-reply/reply/dispatch-from-config.test.ts b/src/auto-reply/reply/dispatch-from-config.test.ts
index 87e77785bbb..666964eb865 100644
--- a/src/auto-reply/reply/dispatch-from-config.test.ts
+++ b/src/auto-reply/reply/dispatch-from-config.test.ts
@@ -41,6 +41,12 @@ const acpMocks = vi.hoisted(() => ({
 const sessionBindingMocks = vi.hoisted(() => ({
   listBySession: vi.fn<(targetSessionKey: string) => SessionBindingRecord[]>(() => []),
 }));
+const sessionStoreMocks = vi.hoisted(() => ({
+  currentEntry: undefined as Record<string, unknown> | undefined,
+  loadSessionStore: vi.fn(() => ({})),
+  resolveStorePath: vi.fn(() => "/tmp/mock-sessions.json"),
+  resolveSessionStoreEntry: vi.fn(() => ({ existing: sessionStoreMocks.currentEntry })),
+}));
 const ttsMocks = vi.hoisted(() => {
   const state = {
     synthesizeFinalAudio: false,
@@ -77,9 +83,16 @@ vi.mock("./route-reply.js", () => ({
   isRoutableChannel: (channel: string | undefined) =>
     Boolean(
       channel &&
-      ["telegram", "slack", "discord", "signal", "imessage", "whatsapp", "feishu"].includes(
-        channel,
-      ),
+      [
+        "telegram",
+        "slack",
+        "discord",
+        "signal",
+        "imessage",
+        "whatsapp",
+        "feishu",
+        "mattermost",
+      ].includes(channel),
     ),
   routeReply: mocks.routeReply,
 }));
@@ -100,6 +113,15 @@ vi.mock("../../logging/diagnostic.js", () => ({
   logMessageProcessed: diagnosticMocks.logMessageProcessed,
   logSessionStateChange: diagnosticMocks.logSessionStateChange,
 }));
+vi.mock("../../config/sessions.js", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("../../config/sessions.js")>();
+  return {
+    ...actual,
+    loadSessionStore: sessionStoreMocks.loadSessionStore,
+    resolveStorePath: sessionStoreMocks.resolveStorePath,
+    resolveSessionStoreEntry: sessionStoreMocks.resolveSessionStoreEntry,
+  };
+});
 
 vi.mock("../../plugins/hook-runner-global.js", () => ({
   getGlobalHookRunner: () => hookMocks.runner,
@@ -228,6 +250,10 @@ describe("dispatchReplyFromConfig", () => {
     acpMocks.requireAcpRuntimeBackend.mockReset();
     sessionBindingMocks.listBySession.mockReset();
     sessionBindingMocks.listBySession.mockReturnValue([]);
+    sessionStoreMocks.currentEntry = undefined;
+    sessionStoreMocks.loadSessionStore.mockClear();
+    sessionStoreMocks.resolveStorePath.mockClear();
+    sessionStoreMocks.resolveSessionStoreEntry.mockClear();
     ttsMocks.state.synthesizeFinalAudio = false;
     ttsMocks.maybeApplyTtsToPayload.mockClear();
     ttsMocks.normalizeTtsAutoMode.mockClear();
@@ -293,6 +319,88 @@ describe("dispatchReplyFromConfig", () => {
     );
   });
 
+  it("falls back to thread-scoped session key when current ctx has no MessageThreadId", async () => {
+    setNoAbort();
+    mocks.routeReply.mockClear();
+    sessionStoreMocks.currentEntry = {
+      deliveryContext: {
+        channel: "mattermost",
+        to: "channel:CHAN1",
+        accountId: "default",
+      },
+      origin: {
+        threadId: "stale-origin-root",
+      },
+      lastThreadId: "stale-origin-root",
+    };
+    const cfg = emptyConfig;
+    const dispatcher = createDispatcher();
+    const ctx = buildTestCtx({
+      Provider: "webchat",
+      Surface: "webchat",
+      SessionKey: "agent:main:mattermost:channel:CHAN1:thread:post-root",
+      AccountId: "default",
+      MessageThreadId: undefined,
+      OriginatingChannel: "mattermost",
+      OriginatingTo: "channel:CHAN1",
+      ExplicitDeliverRoute: true,
+    });
+
+    const replyResolver = async () => ({ text: "hi" }) satisfies ReplyPayload;
+    await dispatchReplyFromConfig({ ctx, cfg, dispatcher, replyResolver });
+
+    expect(mocks.routeReply).toHaveBeenCalledWith(
+      expect.objectContaining({
+        channel: "mattermost",
+        to: "channel:CHAN1",
+        threadId: "post-root",
+      }),
+    );
+  });
+
+  it("does not resurrect a cleared route thread from origin metadata", async () => {
+    setNoAbort();
+    mocks.routeReply.mockClear();
+    // Simulate the real store: lastThreadId and deliveryContext.threadId may be normalised from
+    // origin.threadId on read, but a non-thread session key must still route to channel root.
+    sessionStoreMocks.currentEntry = {
+      deliveryContext: {
+        channel: "mattermost",
+        to: "channel:CHAN1",
+        accountId: "default",
+        threadId: "stale-root",
+      },
+      lastThreadId: "stale-root",
+      origin: {
+        threadId: "stale-root",
+      },
+    };
+    const cfg = emptyConfig;
+    const dispatcher = createDispatcher();
+    const ctx = buildTestCtx({
+      Provider: "webchat",
+      Surface: "webchat",
+      SessionKey: "agent:main:mattermost:channel:CHAN1",
+      AccountId: "default",
+      MessageThreadId: undefined,
+      OriginatingChannel: "mattermost",
+      OriginatingTo: "channel:CHAN1",
+      ExplicitDeliverRoute: true,
+    });
+
+    const replyResolver = async () => ({ text: "hi" }) satisfies ReplyPayload;
+    await dispatchReplyFromConfig({ ctx, cfg, dispatcher, replyResolver });
+
+    const routeCall = mocks.routeReply.mock.calls[0]?.[0] as
+      | { channel?: string; to?: string; threadId?: string | number }
+      | undefined;
+    expect(routeCall).toMatchObject({
+      channel: "mattermost",
+      to: "channel:CHAN1",
+    });
+    expect(routeCall?.threadId).toBeUndefined();
+  });
+
   it("forces suppressTyping when routing to a different originating channel", async () => {
     setNoAbort();
     const cfg = emptyConfig;
diff --git a/src/auto-reply/reply/dispatch-from-config.ts b/src/auto-reply/reply/dispatch-from-config.ts
index 5b250b03362..5b679fa59e5 100644
--- a/src/auto-reply/reply/dispatch-from-config.ts
+++ b/src/auto-reply/reply/dispatch-from-config.ts
@@ -1,12 +1,13 @@
+import { shouldSuppressLocalDiscordExecApprovalPrompt } from "../../../extensions/discord/src/exec-approvals.js";
 import { resolveSessionAgentId } from "../../agents/agent-scope.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import {
   loadSessionStore,
+  parseSessionThreadInfo,
   resolveSessionStoreEntry,
   resolveStorePath,
   type SessionEntry,
 } from "../../config/sessions.js";
-import { shouldSuppressLocalDiscordExecApprovalPrompt } from "../../discord/exec-approvals.js";
 import { logVerbose } from "../../globals.js";
 import { fireAndForgetHook } from "../../hooks/fire-and-forget.js";
 import { createInternalHookEvent, triggerInternalHook } from "../../hooks/internal-hooks.js";
@@ -172,6 +173,12 @@ export async function dispatchReplyFromConfig(params: {
 
   const sessionStoreEntry = resolveSessionStoreLookup(ctx, cfg);
   const acpDispatchSessionKey = sessionStoreEntry.sessionKey ?? sessionKey;
+  // Restore route thread context only from the active turn or the thread-scoped session key.
+  // Do not read thread ids from the normalised session store here: `origin.threadId` can be
+  // folded back into lastThreadId/deliveryContext during store normalisation and resurrect a
+  // stale route after thread delivery was intentionally cleared.
+  const routeThreadId =
+    ctx.MessageThreadId ?? parseSessionThreadInfo(acpDispatchSessionKey).threadId;
   const inboundAudio = isInboundAudioContext(ctx);
   const sessionTtsAuto = normalizeTtsAutoMode(sessionStoreEntry.entry?.ttsAuto);
   const hookRunner = getGlobalHookRunner();
@@ -260,7 +267,7 @@ export async function dispatchReplyFromConfig(params: {
       to: originatingTo,
       sessionKey: ctx.SessionKey,
       accountId: ctx.AccountId,
-      threadId: ctx.MessageThreadId,
+      threadId: routeThreadId,
       cfg,
       abortSignal,
       mirror,
@@ -289,7 +296,7 @@ export async function dispatchReplyFromConfig(params: {
           to: originatingTo,
           sessionKey: ctx.SessionKey,
           accountId: ctx.AccountId,
-          threadId: ctx.MessageThreadId,
+          threadId: routeThreadId,
           cfg,
           isGroup,
           groupId,
@@ -519,7 +526,7 @@ export async function dispatchReplyFromConfig(params: {
           to: originatingTo,
           sessionKey: ctx.SessionKey,
           accountId: ctx.AccountId,
-          threadId: ctx.MessageThreadId,
+          threadId: routeThreadId,
           cfg,
           isGroup,
           groupId,
@@ -571,7 +578,7 @@ export async function dispatchReplyFromConfig(params: {
               to: originatingTo,
               sessionKey: ctx.SessionKey,
               accountId: ctx.AccountId,
-              threadId: ctx.MessageThreadId,
+              threadId: routeThreadId,
               cfg,
               isGroup,
               groupId,
diff --git a/src/auto-reply/reply/followup-runner.test.ts b/src/auto-reply/reply/followup-runner.test.ts
index a02ce0b2038..8d12e815685 100644
--- a/src/auto-reply/reply/followup-runner.test.ts
+++ b/src/auto-reply/reply/followup-runner.test.ts
@@ -4,7 +4,7 @@ import path from "node:path";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import { loadSessionStore, saveSessionStore, type SessionEntry } from "../../config/sessions.js";
 import type { FollowupRun } from "./queue.js";
-import { createMockTypingController } from "./test-helpers.js";
+import { createMockFollowupRun, createMockTypingController } from "./test-helpers.js";
 
 const runEmbeddedPiAgentMock = vi.fn();
 const routeReplyMock = vi.fn();
@@ -50,47 +50,12 @@ beforeEach(() => {
 });
 
 const baseQueuedRun = (messageProvider = "whatsapp"): FollowupRun =>
-  ({
-    prompt: "hello",
-    summaryLine: "hello",
-    enqueuedAt: Date.now(),
-    originatingTo: "channel:C1",
-    run: {
-      sessionId: "session",
-      sessionKey: "main",
-      messageProvider,
-      agentAccountId: "primary",
-      sessionFile: "/tmp/session.jsonl",
-      workspaceDir: "/tmp",
-      config: {},
-      skillsSnapshot: {},
-      provider: "anthropic",
-      model: "claude",
-      thinkLevel: "low",
-      verboseLevel: "off",
-      elevatedLevel: "off",
-      bashElevated: {
-        enabled: false,
-        allowed: false,
-        defaultLevel: "off",
-      },
-      timeoutMs: 1_000,
-      blockReplyBreak: "message_end",
-    },
-  }) as FollowupRun;
+  createMockFollowupRun({ run: { messageProvider } });
 
 function createQueuedRun(
   overrides: Partial<Omit<FollowupRun, "run">> & { run?: Partial<FollowupRun["run"]> } = {},
 ): FollowupRun {
-  const base = baseQueuedRun();
-  return {
-    ...base,
-    ...overrides,
-    run: {
-      ...base.run,
-      ...overrides.run,
-    },
-  };
+  return createMockFollowupRun(overrides);
 }
 
 function mockCompactionRun(params: {
diff --git a/src/auto-reply/reply/get-reply-inline-actions.skip-when-config-empty.test.ts b/src/auto-reply/reply/get-reply-inline-actions.skip-when-config-empty.test.ts
index 51351f05de8..36b5910ecae 100644
--- a/src/auto-reply/reply/get-reply-inline-actions.skip-when-config-empty.test.ts
+++ b/src/auto-reply/reply/get-reply-inline-actions.skip-when-config-empty.test.ts
@@ -84,6 +84,19 @@ const createHandleInlineActionsInput = (params: {
   };
 };
 
+async function expectInlineActionSkipped(params: {
+  ctx: ReturnType<typeof buildTestCtx>;
+  typing: TypingController;
+  cleanedBody: string;
+  command?: Partial<HandleInlineActionsInput["command"]>;
+  overrides?: Partial<Omit<HandleInlineActionsInput, "ctx" | "sessionCtx" | "typing" | "command">>;
+}) {
+  const result = await handleInlineActions(createHandleInlineActionsInput(params));
+  expect(result).toEqual({ kind: "reply", reply: undefined });
+  expect(params.typing.cleanup).toHaveBeenCalled();
+  expect(handleCommandsMock).not.toHaveBeenCalled();
+}
+
 describe("handleInlineActions", () => {
   beforeEach(() => {
     handleCommandsMock.mockReset();
@@ -97,18 +110,12 @@ describe("handleInlineActions", () => {
       To: "whatsapp:+123",
       Body: "hi",
     });
-    const result = await handleInlineActions(
-      createHandleInlineActionsInput({
-        ctx,
-        typing,
-        cleanedBody: "hi",
-        command: { to: "whatsapp:+123" },
-      }),
-    );
-
-    expect(result).toEqual({ kind: "reply", reply: undefined });
-    expect(typing.cleanup).toHaveBeenCalled();
-    expect(handleCommandsMock).not.toHaveBeenCalled();
+    await expectInlineActionSkipped({
+      ctx,
+      typing,
+      cleanedBody: "hi",
+      command: { to: "whatsapp:+123" },
+    });
   });
 
   it("forwards agentDir into handleCommands", async () => {
@@ -163,25 +170,19 @@ describe("handleInlineActions", () => {
       MessageSid: "41",
     });
 
-    const result = await handleInlineActions(
-      createHandleInlineActionsInput({
-        ctx,
-        typing,
-        cleanedBody: "old queued message",
-        command: {
-          rawBodyNormalized: "old queued message",
-          commandBodyNormalized: "old queued message",
-        },
-        overrides: {
-          sessionEntry,
-          sessionStore,
-        },
-      }),
-    );
-
-    expect(result).toEqual({ kind: "reply", reply: undefined });
-    expect(typing.cleanup).toHaveBeenCalled();
-    expect(handleCommandsMock).not.toHaveBeenCalled();
+    await expectInlineActionSkipped({
+      ctx,
+      typing,
+      cleanedBody: "old queued message",
+      command: {
+        rawBodyNormalized: "old queued message",
+        commandBodyNormalized: "old queued message",
+      },
+      overrides: {
+        sessionEntry,
+        sessionStore,
+      },
+    });
   });
 
   it("clears /stop cutoff when a newer message arrives", async () => {
diff --git a/src/auto-reply/reply/get-reply-inline-actions.ts b/src/auto-reply/reply/get-reply-inline-actions.ts
index c312e1144e4..b4f921672f8 100644
--- a/src/auto-reply/reply/get-reply-inline-actions.ts
+++ b/src/auto-reply/reply/get-reply-inline-actions.ts
@@ -1,5 +1,6 @@
 import { collectTextContentBlocks } from "../../agents/content-blocks.js";
 import { createOpenClawTools } from "../../agents/openclaw-tools.js";
+import type { BlockReplyChunking } from "../../agents/pi-embedded-block-chunker.js";
 import type { SkillCommandSpec } from "../../agents/skills.js";
 import { applyOwnerOnlyToolPolicy } from "../../agents/tool-policy.js";
 import { getChannelDock } from "../../channels/dock.js";
@@ -37,6 +38,7 @@ function getBuiltinSlashCommands(): Set<string> {
     return builtinSlashCommands;
   }
   builtinSlashCommands = listReservedChatSlashCommandNames([
+    "btw",
     "think",
     "verbose",
     "reasoning",
@@ -113,6 +115,8 @@ export async function handleInlineActions(params: {
   resolvedVerboseLevel: VerboseLevel | undefined;
   resolvedReasoningLevel: ReasoningLevel;
   resolvedElevatedLevel: ElevatedLevel;
+  blockReplyChunking?: BlockReplyChunking;
+  resolvedBlockStreamingBreak?: "text_end" | "message_end";
   resolveDefaultThinkingLevel: Awaited<
     ReturnType<typeof createModelSelectionState>
   >["resolveDefaultThinkingLevel"];
@@ -152,6 +156,8 @@ export async function handleInlineActions(params: {
     resolvedVerboseLevel,
     resolvedReasoningLevel,
     resolvedElevatedLevel,
+    blockReplyChunking,
+    resolvedBlockStreamingBreak,
     resolveDefaultThinkingLevel,
     provider,
     model,
@@ -357,17 +363,21 @@ export async function handleInlineActions(params: {
       storePath,
       sessionScope,
       workspaceDir,
+      opts,
       defaultGroupActivation: defaultActivation,
       resolvedThinkLevel,
       resolvedVerboseLevel: resolvedVerboseLevel ?? "off",
       resolvedReasoningLevel,
       resolvedElevatedLevel,
+      blockReplyChunking,
+      resolvedBlockStreamingBreak,
       resolveDefaultThinkingLevel,
       provider,
       model,
       contextTokens,
       isGroup,
       skillCommands,
+      typing,
     });
 
   if (inlineCommand) {
diff --git a/src/auto-reply/reply/get-reply.ts b/src/auto-reply/reply/get-reply.ts
index 81dd478a84a..9cee46cc2c9 100644
--- a/src/auto-reply/reply/get-reply.ts
+++ b/src/auto-reply/reply/get-reply.ts
@@ -332,6 +332,8 @@ export async function getReplyFromConfig(
     resolvedVerboseLevel,
     resolvedReasoningLevel,
     resolvedElevatedLevel,
+    blockReplyChunking,
+    resolvedBlockStreamingBreak,
     resolveDefaultThinkingLevel: modelState.resolveDefaultThinkingLevel,
     provider,
     model,
diff --git a/src/auto-reply/reply/post-compaction-context.test.ts b/src/auto-reply/reply/post-compaction-context.test.ts
index 02a4a27e6de..3af8bceab00 100644
--- a/src/auto-reply/reply/post-compaction-context.test.ts
+++ b/src/auto-reply/reply/post-compaction-context.test.ts
@@ -15,6 +15,28 @@ describe("readPostCompactionContext", () => {
     fs.rmSync(tmpDir, { recursive: true, force: true });
   });
 
+  async function expectLegacySectionFallback(
+    postCompactionSections: string[],
+    expectDefaultProse = false,
+  ) {
+    const content = `## Every Session\n\nDo startup things.\n\n## Safety\n\nBe safe.\n`;
+    fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content);
+    const cfg = {
+      agents: {
+        defaults: {
+          compaction: { postCompactionSections },
+        },
+      },
+    } as OpenClawConfig;
+    const result = await readPostCompactionContext(tmpDir, cfg);
+    expect(result).not.toBeNull();
+    expect(result).toContain("Do startup things");
+    expect(result).toContain("Be safe");
+    if (expectDefaultProse) {
+      expect(result).toContain("Run your Session Startup sequence");
+    }
+  }
+
   it("returns null when no AGENTS.md exists", async () => {
     const result = await readPostCompactionContext(tmpDir);
     expect(result).toBeNull();
@@ -339,36 +361,11 @@ Read WORKFLOW.md on startup.
       // Older AGENTS.md templates use "Every Session" / "Safety" instead of
       // "Session Startup" / "Red Lines". Explicitly setting the defaults should
       // still trigger the legacy fallback — same behavior as leaving the field unset.
-      const content = `## Every Session\n\nDo startup things.\n\n## Safety\n\nBe safe.\n`;
-      fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content);
-      const cfg = {
-        agents: {
-          defaults: {
-            compaction: { postCompactionSections: ["Session Startup", "Red Lines"] },
-          },
-        },
-      } as OpenClawConfig;
-      const result = await readPostCompactionContext(tmpDir, cfg);
-      expect(result).not.toBeNull();
-      expect(result).toContain("Do startup things");
-      expect(result).toContain("Be safe");
+      await expectLegacySectionFallback(["Session Startup", "Red Lines"]);
     });
 
     it("falls back to legacy sections when default sections are configured in a different order", async () => {
-      const content = `## Every Session\n\nDo startup things.\n\n## Safety\n\nBe safe.\n`;
-      fs.writeFileSync(path.join(tmpDir, "AGENTS.md"), content);
-      const cfg = {
-        agents: {
-          defaults: {
-            compaction: { postCompactionSections: ["Red Lines", "Session Startup"] },
-          },
-        },
-      } as OpenClawConfig;
-      const result = await readPostCompactionContext(tmpDir, cfg);
-      expect(result).not.toBeNull();
-      expect(result).toContain("Do startup things");
-      expect(result).toContain("Be safe");
-      expect(result).toContain("Run your Session Startup sequence");
+      await expectLegacySectionFallback(["Red Lines", "Session Startup"], true);
     });
 
     it("custom section names are matched case-insensitively", async () => {
diff --git a/src/auto-reply/reply/reply-elevated.test.ts b/src/auto-reply/reply/reply-elevated.test.ts
index 74fba60acf7..28259c34638 100644
--- a/src/auto-reply/reply/reply-elevated.test.ts
+++ b/src/auto-reply/reply/reply-elevated.test.ts
@@ -27,68 +27,65 @@ function buildContext(overrides?: Partial<MsgContext>): MsgContext {
   } as MsgContext;
 }
 
+function expectAllowFromDecision(params: {
+  allowFrom: string[];
+  ctx?: Partial<MsgContext>;
+  allowed: boolean;
+}) {
+  const result = resolveElevatedPermissions({
+    cfg: buildConfig(params.allowFrom),
+    agentId: "main",
+    provider: "whatsapp",
+    ctx: buildContext(params.ctx),
+  });
+
+  expect(result.enabled).toBe(true);
+  expect(result.allowed).toBe(params.allowed);
+  if (params.allowed) {
+    expect(result.failures).toHaveLength(0);
+    return;
+  }
+
+  expect(result.failures).toContainEqual({
+    gate: "allowFrom",
+    key: "tools.elevated.allowFrom.whatsapp",
+  });
+}
+
 describe("resolveElevatedPermissions", () => {
   it("authorizes when sender matches allowFrom", () => {
-    const result = resolveElevatedPermissions({
-      cfg: buildConfig(["+15550001111"]),
-      agentId: "main",
-      provider: "whatsapp",
-      ctx: buildContext(),
+    expectAllowFromDecision({
+      allowFrom: ["+15550001111"],
+      allowed: true,
     });
-
-    expect(result.enabled).toBe(true);
-    expect(result.allowed).toBe(true);
-    expect(result.failures).toHaveLength(0);
   });
 
   it("does not authorize when only recipient matches allowFrom", () => {
-    const result = resolveElevatedPermissions({
-      cfg: buildConfig(["+15559990000"]),
-      agentId: "main",
-      provider: "whatsapp",
-      ctx: buildContext(),
-    });
-
-    expect(result.enabled).toBe(true);
-    expect(result.allowed).toBe(false);
-    expect(result.failures).toContainEqual({
-      gate: "allowFrom",
-      key: "tools.elevated.allowFrom.whatsapp",
+    expectAllowFromDecision({
+      allowFrom: ["+15559990000"],
+      allowed: false,
     });
   });
 
   it("does not authorize untyped mutable sender fields", () => {
-    const result = resolveElevatedPermissions({
-      cfg: buildConfig(["owner-display-name"]),
-      agentId: "main",
-      provider: "whatsapp",
-      ctx: buildContext({
+    expectAllowFromDecision({
+      allowFrom: ["owner-display-name"],
+      allowed: false,
+      ctx: {
         SenderName: "owner-display-name",
         SenderUsername: "owner-display-name",
         SenderTag: "owner-display-name",
-      }),
-    });
-
-    expect(result.enabled).toBe(true);
-    expect(result.allowed).toBe(false);
-    expect(result.failures).toContainEqual({
-      gate: "allowFrom",
-      key: "tools.elevated.allowFrom.whatsapp",
+      },
     });
   });
 
   it("authorizes mutable sender fields only with explicit prefix", () => {
-    const result = resolveElevatedPermissions({
-      cfg: buildConfig(["username:owner_username"]),
-      agentId: "main",
-      provider: "whatsapp",
-      ctx: buildContext({
+    expectAllowFromDecision({
+      allowFrom: ["username:owner_username"],
+      allowed: true,
+      ctx: {
         SenderUsername: "owner_username",
-      }),
+      },
     });
-
-    expect(result.enabled).toBe(true);
-    expect(result.allowed).toBe(true);
-    expect(result.failures).toHaveLength(0);
   });
 });
diff --git a/src/auto-reply/reply/reply-payloads.ts b/src/auto-reply/reply/reply-payloads.ts
index 5a20d4ba950..63083941365 100644
--- a/src/auto-reply/reply/reply-payloads.ts
+++ b/src/auto-reply/reply/reply-payloads.ts
@@ -1,15 +1,28 @@
+import { parseTelegramTarget } from "../../../extensions/telegram/src/targets.js";
 import { isMessagingToolDuplicate } from "../../agents/pi-embedded-helpers.js";
 import type { MessagingToolSend } from "../../agents/pi-embedded-runner.js";
 import { normalizeChannelId } from "../../channels/plugins/index.js";
 import type { ReplyToMode } from "../../config/types.js";
 import { normalizeTargetForProvider } from "../../infra/outbound/target-normalization.js";
 import { normalizeOptionalAccountId } from "../../routing/account-id.js";
-import { parseTelegramTarget } from "../../telegram/targets.js";
 import type { OriginatingChannelType } from "../templating.js";
 import type { ReplyPayload } from "../types.js";
 import { extractReplyToTag } from "./reply-tags.js";
 import { createReplyToModeFilterForChannel } from "./reply-threading.js";
 
+export function formatBtwTextForExternalDelivery(payload: ReplyPayload): string | undefined {
+  const text = payload.text?.trim();
+  if (!text) {
+    return payload.text;
+  }
+  const question = payload.btw?.question?.trim();
+  if (!question) {
+    return payload.text;
+  }
+  const formatted = `BTW\nQuestion: ${question}\n\n${text}`;
+  return text === formatted || text.startsWith("BTW\nQuestion:") ? text : formatted;
+}
+
 function resolveReplyThreadingForPayload(params: {
   payload: ReplyPayload;
   implicitReplyToId?: string;
diff --git a/src/auto-reply/reply/route-reply.test.ts b/src/auto-reply/reply/route-reply.test.ts
index 5a0405da22b..776a2374fbc 100644
--- a/src/auto-reply/reply/route-reply.test.ts
+++ b/src/auto-reply/reply/route-reply.test.ts
@@ -1,4 +1,5 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { mattermostPlugin } from "../../../extensions/mattermost/src/channel.js";
 import { discordOutbound } from "../../channels/plugins/outbound/discord.js";
 import { imessageOutbound } from "../../channels/plugins/outbound/imessage.js";
 import { signalOutbound } from "../../channels/plugins/outbound/signal.js";
@@ -24,40 +25,52 @@ const mocks = vi.hoisted(() => ({
   sendMessageSlack: vi.fn(async () => ({ messageId: "m1", channelId: "c1" })),
   sendMessageTelegram: vi.fn(async () => ({ messageId: "m1", chatId: "c1" })),
   sendMessageWhatsApp: vi.fn(async () => ({ messageId: "m1", toJid: "jid" })),
+  sendMessageMattermost: vi.fn(async () => ({ messageId: "m1", channelId: "c1" })),
   deliverOutboundPayloads: vi.fn(),
 }));
 
-vi.mock("../../discord/send.js", () => ({
+vi.mock("../../../extensions/discord/src/send.js", () => ({
   sendMessageDiscord: mocks.sendMessageDiscord,
 }));
-vi.mock("../../imessage/send.js", () => ({
+vi.mock("../../../extensions/imessage/src/send.js", () => ({
   sendMessageIMessage: mocks.sendMessageIMessage,
 }));
-vi.mock("../../signal/send.js", () => ({
+vi.mock("../../../extensions/signal/src/send.js", () => ({
   sendMessageSignal: mocks.sendMessageSignal,
 }));
-vi.mock("../../slack/send.js", () => ({
+vi.mock("../../../extensions/slack/src/send.js", () => ({
   sendMessageSlack: mocks.sendMessageSlack,
 }));
-vi.mock("../../telegram/send.js", () => ({
+vi.mock("../../../extensions/telegram/src/send.js", () => ({
   sendMessageTelegram: mocks.sendMessageTelegram,
 }));
-vi.mock("../../web/outbound.js", () => ({
+vi.mock("../../../extensions/telegram/src/send.js", () => ({
+  sendMessageTelegram: mocks.sendMessageTelegram,
+}));
+vi.mock("../../../extensions/whatsapp/src/send.js", () => ({
   sendMessageWhatsApp: mocks.sendMessageWhatsApp,
   sendPollWhatsApp: mocks.sendMessageWhatsApp,
 }));
-vi.mock("../../infra/outbound/deliver.js", async () => {
-  const actual = await vi.importActual<typeof import("../../infra/outbound/deliver.js")>(
-    "../../infra/outbound/deliver.js",
+vi.mock("../../../extensions/discord/src/send.js", () => ({
+  sendMessageDiscord: mocks.sendMessageDiscord,
+  sendPollDiscord: mocks.sendMessageDiscord,
+  sendWebhookMessageDiscord: vi.fn(),
+}));
+vi.mock("../../../extensions/mattermost/src/mattermost/send.js", () => ({
+  sendMessageMattermost: mocks.sendMessageMattermost,
+}));
+vi.mock("../../infra/outbound/deliver-runtime.js", async () => {
+  const actual = await vi.importActual<typeof import("../../infra/outbound/deliver-runtime.js")>(
+    "../../infra/outbound/deliver-runtime.js",
   );
   return {
     ...actual,
     deliverOutboundPayloads: mocks.deliverOutboundPayloads,
   };
 });
-const actualDeliver = await vi.importActual<typeof import("../../infra/outbound/deliver.js")>(
-  "../../infra/outbound/deliver.js",
-);
+const actualDeliver = await vi.importActual<
+  typeof import("../../infra/outbound/deliver-runtime.js")
+>("../../infra/outbound/deliver-runtime.js");
 
 const { routeReply } = await import("./route-reply.js");
 
@@ -105,6 +118,23 @@ const createMSTeamsPlugin = (params: { outbound: ChannelOutboundAdapter }): Chan
   outbound: params.outbound,
 });
 
+async function expectSlackNoSend(
+  payload: Parameters<typeof routeReply>[0]["payload"],
+  overrides: Partial<Parameters<typeof routeReply>[0]> = {},
+) {
+  mocks.sendMessageSlack.mockClear();
+  const res = await routeReply({
+    payload,
+    channel: "slack",
+    to: "channel:C123",
+    cfg: {} as never,
+    ...overrides,
+  });
+  expect(res.ok).toBe(true);
+  expect(mocks.sendMessageSlack).not.toHaveBeenCalled();
+  return res;
+}
+
 describe("routeReply", () => {
   beforeEach(() => {
     setActivePluginRegistry(defaultRegistry);
@@ -132,39 +162,15 @@ describe("routeReply", () => {
   });
 
   it("no-ops on empty payload", async () => {
-    mocks.sendMessageSlack.mockClear();
-    const res = await routeReply({
-      payload: {},
-      channel: "slack",
-      to: "channel:C123",
-      cfg: {} as never,
-    });
-    expect(res.ok).toBe(true);
-    expect(mocks.sendMessageSlack).not.toHaveBeenCalled();
+    await expectSlackNoSend({});
   });
 
   it("suppresses reasoning payloads", async () => {
-    mocks.sendMessageSlack.mockClear();
-    const res = await routeReply({
-      payload: { text: "Reasoning:\n_step_", isReasoning: true },
-      channel: "slack",
-      to: "channel:C123",
-      cfg: {} as never,
-    });
-    expect(res.ok).toBe(true);
-    expect(mocks.sendMessageSlack).not.toHaveBeenCalled();
+    await expectSlackNoSend({ text: "Reasoning:\n_step_", isReasoning: true });
   });
 
   it("drops silent token payloads", async () => {
-    mocks.sendMessageSlack.mockClear();
-    const res = await routeReply({
-      payload: { text: SILENT_REPLY_TOKEN },
-      channel: "slack",
-      to: "channel:C123",
-      cfg: {} as never,
-    });
-    expect(res.ok).toBe(true);
-    expect(mocks.sendMessageSlack).not.toHaveBeenCalled();
+    await expectSlackNoSend({ text: SILENT_REPLY_TOKEN });
   });
 
   it("does not drop payloads that merely start with the silent token", async () => {
@@ -231,23 +237,14 @@ describe("routeReply", () => {
   });
 
   it("does not bypass the empty-reply guard for invalid Slack blocks", async () => {
-    mocks.sendMessageSlack.mockClear();
-    const res = await routeReply({
-      payload: {
-        text: " ",
-        channelData: {
-          slack: {
-            blocks: " ",
-          },
+    await expectSlackNoSend({
+      text: " ",
+      channelData: {
+        slack: {
+          blocks: " ",
         },
       },
-      channel: "slack",
-      to: "channel:C123",
-      cfg: {} as never,
     });
-
-    expect(res.ok).toBe(true);
-    expect(mocks.sendMessageSlack).not.toHaveBeenCalled();
   });
 
   it("does not derive responsePrefix from agent identity when routing", async () => {
@@ -305,6 +302,36 @@ describe("routeReply", () => {
     );
   });
 
+  it("formats BTW replies prominently on routed sends", async () => {
+    mocks.sendMessageSlack.mockClear();
+    await routeReply({
+      payload: { text: "323", btw: { question: "what is 17 * 19?" } },
+      channel: "slack",
+      to: "channel:C123",
+      cfg: {} as never,
+    });
+    expect(mocks.sendMessageSlack).toHaveBeenCalledWith(
+      "channel:C123",
+      "BTW\nQuestion: what is 17 * 19?\n\n323",
+      expect.any(Object),
+    );
+  });
+
+  it("formats BTW replies prominently on routed discord sends", async () => {
+    mocks.sendMessageDiscord.mockClear();
+    await routeReply({
+      payload: { text: "323", btw: { question: "what is 17 * 19?" } },
+      channel: "discord",
+      to: "channel:123456",
+      cfg: {} as never,
+    });
+    expect(mocks.sendMessageDiscord).toHaveBeenCalledWith(
+      "channel:123456",
+      "BTW\nQuestion: what is 17 * 19?\n\n323",
+      expect.any(Object),
+    );
+  });
+
   it("passes replyToId to Telegram sends", async () => {
     mocks.sendMessageTelegram.mockClear();
     await routeReply({
@@ -351,6 +378,33 @@ describe("routeReply", () => {
     );
   });
 
+  it("uses threadId as replyToId for Mattermost when replyToId is missing", async () => {
+    mocks.deliverOutboundPayloads.mockResolvedValue([]);
+    await routeReply({
+      payload: { text: "hi" },
+      channel: "mattermost",
+      to: "channel:CHAN1",
+      threadId: "post-root",
+      cfg: {
+        channels: {
+          mattermost: {
+            enabled: true,
+            botToken: "test-token",
+            baseUrl: "https://chat.example.com",
+          },
+        },
+      } as unknown as OpenClawConfig,
+    });
+    expect(mocks.deliverOutboundPayloads).toHaveBeenCalledWith(
+      expect.objectContaining({
+        channel: "mattermost",
+        to: "channel:CHAN1",
+        replyToId: "post-root",
+        threadId: "post-root",
+      }),
+    );
+  });
+
   it("sends multiple mediaUrls (caption only on first)", async () => {
     mocks.sendMessageSlack.mockClear();
     await routeReply({
@@ -517,4 +571,9 @@ const defaultRegistry = createTestRegistry([
     }),
     source: "test",
   },
+  {
+    pluginId: "mattermost",
+    plugin: mattermostPlugin,
+    source: "test",
+  },
 ]);
diff --git a/src/auto-reply/reply/route-reply.ts b/src/auto-reply/reply/route-reply.ts
index 8b3319698b2..8ef3ef563c5 100644
--- a/src/auto-reply/reply/route-reply.ts
+++ b/src/auto-reply/reply/route-reply.ts
@@ -7,18 +7,21 @@
  * across multiple providers.
  */
 
+import { parseSlackBlocksInput } from "../../../extensions/slack/src/blocks-input.js";
+import { isSlackInteractiveRepliesEnabled } from "../../../extensions/slack/src/interactive-replies.js";
 import { resolveSessionAgentId } from "../../agents/agent-scope.js";
 import { resolveEffectiveMessagesConfig } from "../../agents/identity.js";
 import { normalizeChannelId } from "../../channels/plugins/index.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import { buildOutboundSessionContext } from "../../infra/outbound/session-context.js";
-import { parseSlackBlocksInput } from "../../slack/blocks-input.js";
-import { isSlackInteractiveRepliesEnabled } from "../../slack/interactive-replies.js";
 import { INTERNAL_MESSAGE_CHANNEL, normalizeMessageChannel } from "../../utils/message-channel.js";
 import type { OriginatingChannelType } from "../templating.js";
 import type { ReplyPayload } from "../types.js";
 import { normalizeReplyPayload } from "./normalize-reply.js";
-import { shouldSuppressReasoningPayload } from "./reply-payloads.js";
+import {
+  formatBtwTextForExternalDelivery,
+  shouldSuppressReasoningPayload,
+} from "./reply-payloads.js";
 
 let deliverRuntimePromise: Promise<
   typeof import("../../infra/outbound/deliver-runtime.js")
@@ -102,24 +105,28 @@ export async function routeReply(params: RouteReplyParams): Promise<RouteReplyRe
   if (!normalized) {
     return { ok: true };
   }
+  const externalPayload: ReplyPayload = {
+    ...normalized,
+    text: formatBtwTextForExternalDelivery(normalized),
+  };
 
-  let text = normalized.text ?? "";
-  let mediaUrls = (normalized.mediaUrls?.filter(Boolean) ?? []).length
-    ? (normalized.mediaUrls?.filter(Boolean) as string[])
-    : normalized.mediaUrl
-      ? [normalized.mediaUrl]
+  let text = externalPayload.text ?? "";
+  let mediaUrls = (externalPayload.mediaUrls?.filter(Boolean) ?? []).length
+    ? (externalPayload.mediaUrls?.filter(Boolean) as string[])
+    : externalPayload.mediaUrl
+      ? [externalPayload.mediaUrl]
       : [];
-  const replyToId = normalized.replyToId;
+  const replyToId = externalPayload.replyToId;
   let hasSlackBlocks = false;
   if (
     channel === "slack" &&
-    normalized.channelData?.slack &&
-    typeof normalized.channelData.slack === "object" &&
-    !Array.isArray(normalized.channelData.slack)
+    externalPayload.channelData?.slack &&
+    typeof externalPayload.channelData.slack === "object" &&
+    !Array.isArray(externalPayload.channelData.slack)
   ) {
     try {
       hasSlackBlocks = Boolean(
-        parseSlackBlocksInput((normalized.channelData.slack as { blocks?: unknown }).blocks)
+        parseSlackBlocksInput((externalPayload.channelData.slack as { blocks?: unknown }).blocks)
           ?.length,
       );
     } catch {
@@ -149,7 +156,9 @@ export async function routeReply(params: RouteReplyParams): Promise<RouteReplyRe
 
   const resolvedReplyToId =
     replyToId ??
-    (channelId === "slack" && threadId != null && threadId !== "" ? String(threadId) : undefined);
+    ((channelId === "slack" || channelId === "mattermost") && threadId != null && threadId !== ""
+      ? String(threadId)
+      : undefined);
   const resolvedThreadId = channelId === "slack" ? null : (threadId ?? null);
 
   try {
@@ -166,7 +175,7 @@ export async function routeReply(params: RouteReplyParams): Promise<RouteReplyRe
       channel: channelId,
       to,
       accountId: accountId ?? undefined,
-      payloads: [normalized],
+      payloads: [externalPayload],
       replyToId: resolvedReplyToId ?? null,
       threadId: resolvedThreadId,
       session: outboundSession,
diff --git a/src/auto-reply/reply/session-updates.ts b/src/auto-reply/reply/session-updates.ts
index 96243e919bb..55b4d4eb15b 100644
--- a/src/auto-reply/reply/session-updates.ts
+++ b/src/auto-reply/reply/session-updates.ts
@@ -117,6 +117,27 @@ export async function drainFormattedSystemEvents(params: {
     .join("\n");
 }
 
+async function persistSessionEntryUpdate(params: {
+  sessionStore?: Record<string, SessionEntry>;
+  sessionKey?: string;
+  storePath?: string;
+  nextEntry: SessionEntry;
+}) {
+  if (!params.sessionStore || !params.sessionKey) {
+    return;
+  }
+  params.sessionStore[params.sessionKey] = {
+    ...params.sessionStore[params.sessionKey],
+    ...params.nextEntry,
+  };
+  if (!params.storePath) {
+    return;
+  }
+  await updateSessionStore(params.storePath, (store) => {
+    store[params.sessionKey!] = { ...store[params.sessionKey!], ...params.nextEntry };
+  });
+}
+
 export async function ensureSkillSnapshot(params: {
   sessionEntry?: SessionEntry;
   sessionStore?: Record<string, SessionEntry>;
@@ -185,12 +206,7 @@ export async function ensureSkillSnapshot(params: {
       systemSent: true,
       skillsSnapshot: skillSnapshot,
     };
-    sessionStore[sessionKey] = { ...sessionStore[sessionKey], ...nextEntry };
-    if (storePath) {
-      await updateSessionStore(storePath, (store) => {
-        store[sessionKey] = { ...store[sessionKey], ...nextEntry };
-      });
-    }
+    await persistSessionEntryUpdate({ sessionStore, sessionKey, storePath, nextEntry });
     systemSent = true;
   }
 
@@ -227,12 +243,7 @@ export async function ensureSkillSnapshot(params: {
       updatedAt: Date.now(),
       skillsSnapshot,
     };
-    sessionStore[sessionKey] = { ...sessionStore[sessionKey], ...nextEntry };
-    if (storePath) {
-      await updateSessionStore(storePath, (store) => {
-        store[sessionKey] = { ...store[sessionKey], ...nextEntry };
-      });
-    }
+    await persistSessionEntryUpdate({ sessionStore, sessionKey, storePath, nextEntry });
   }
 
   return { sessionEntry: nextEntry, skillsSnapshot, systemSent };
diff --git a/src/auto-reply/reply/session.ts b/src/auto-reply/reply/session.ts
index 85e6754025f..a2c0b1c7cf4 100644
--- a/src/auto-reply/reply/session.ts
+++ b/src/auto-reply/reply/session.ts
@@ -34,11 +34,12 @@ import { resolveConversationIdFromTargets } from "../../infra/outbound/conversat
 import { deliverSessionMaintenanceWarning } from "../../infra/session-maintenance-warning.js";
 import { createSubsystemLogger } from "../../logging/subsystem.js";
 import { getGlobalHookRunner } from "../../plugins/hook-runner-global.js";
-import { normalizeMainKey, parseAgentSessionKey } from "../../routing/session-key.js";
+import { normalizeMainKey } from "../../routing/session-key.js";
 import { normalizeSessionDeliveryFields } from "../../utils/delivery-context.js";
 import { resolveCommandAuthorization } from "../command-auth.js";
 import type { MsgContext, TemplateContext } from "../templating.js";
 import { resolveEffectiveResetTargetSessionKey } from "./acp-reset-target.js";
+import { parseDiscordParentChannelFromSessionKey } from "./discord-parent-channel.js";
 import { normalizeInboundTextNewlines } from "./inbound-text.js";
 import { stripMentions, stripStructuralPrefixes } from "./mentions.js";
 import {
@@ -70,19 +71,6 @@ export type SessionInitResult = {
   triggerBodyNormalized: string;
 };
 
-function parseDiscordParentChannelFromSessionKey(raw: unknown): string | undefined {
-  const sessionKey = normalizeConversationText(raw);
-  if (!sessionKey) {
-    return undefined;
-  }
-  const scoped = parseAgentSessionKey(sessionKey)?.rest ?? sessionKey.toLowerCase();
-  const match = scoped.match(/(?:^|:)channel:([^:]+)$/);
-  if (!match?.[1]) {
-    return undefined;
-  }
-  return match[1];
-}
-
 function resolveAcpResetBindingContext(ctx: MsgContext): {
   channel: string;
   accountId: string;
diff --git a/src/auto-reply/reply/slack-directives.ts b/src/auto-reply/reply/slack-directives.ts
index 79fa11eeb32..552be69335c 100644
--- a/src/auto-reply/reply/slack-directives.ts
+++ b/src/auto-reply/reply/slack-directives.ts
@@ -1,4 +1,5 @@
-import { parseSlackBlocksInput } from "../../slack/blocks-input.js";
+import { parseSlackBlocksInput } from "../../../extensions/slack/src/blocks-input.js";
+import { truncateSlackText } from "../../../extensions/slack/src/truncate.js";
 import type { ReplyPayload } from "../types.js";
 
 const SLACK_REPLY_BUTTON_ACTION_ID = "openclaw:reply_button";
@@ -21,17 +22,6 @@ type SlackChoice = {
   value: string;
 };
 
-function truncateSlackText(value: string, max: number): string {
-  const trimmed = value.trim();
-  if (trimmed.length <= max) {
-    return trimmed;
-  }
-  if (max <= 1) {
-    return trimmed.slice(0, max);
-  }
-  return `${trimmed.slice(0, max - 1)}…`;
-}
-
 function parseChoice(raw: string): SlackChoice | null {
   const trimmed = raw.trim();
   if (!trimmed) {
diff --git a/src/auto-reply/reply/stage-sandbox-media.ts b/src/auto-reply/reply/stage-sandbox-media.ts
index d364fa6a554..3d3dec1738f 100644
--- a/src/auto-reply/reply/stage-sandbox-media.ts
+++ b/src/auto-reply/reply/stage-sandbox-media.ts
@@ -7,7 +7,7 @@ import { ensureSandboxWorkspaceForSession } from "../../agents/sandbox.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import { logVerbose } from "../../globals.js";
 import { copyFileWithinRoot, SafeOpenError } from "../../infra/fs-safe.js";
-import { normalizeScpRemoteHost } from "../../infra/scp-host.js";
+import { normalizeScpRemoteHost, normalizeScpRemotePath } from "../../infra/scp-host.js";
 import { resolvePreferredOpenClawTmpDir } from "../../infra/tmp-openclaw-dir.js";
 import {
   isInboundPathAllowed,
@@ -293,6 +293,10 @@ async function scpFile(remoteHost: string, remotePath: string, localPath: string
   if (!safeRemoteHost) {
     throw new Error("invalid remote host for SCP");
   }
+  const safeRemotePath = normalizeScpRemotePath(remotePath);
+  if (!safeRemotePath) {
+    throw new Error("invalid remote path for SCP");
+  }
   return new Promise((resolve, reject) => {
     const child = spawn(
       "/usr/bin/scp",
@@ -302,7 +306,7 @@ async function scpFile(remoteHost: string, remotePath: string, localPath: string
         "-o",
         "StrictHostKeyChecking=yes",
         "--",
-        `${safeRemoteHost}:${remotePath}`,
+        `${safeRemoteHost}:${safeRemotePath}`,
         localPath,
       ],
       { stdio: ["ignore", "ignore", "pipe"] },
diff --git a/src/auto-reply/reply/telegram-context.ts b/src/auto-reply/reply/telegram-context.ts
index b1358d27a11..f209af031fb 100644
--- a/src/auto-reply/reply/telegram-context.ts
+++ b/src/auto-reply/reply/telegram-context.ts
@@ -1,4 +1,4 @@
-import { parseTelegramTarget } from "../../telegram/targets.js";
+import { parseTelegramTarget } from "../../../extensions/telegram/src/targets.js";
 
 type TelegramConversationParams = {
   ctx: {
diff --git a/src/auto-reply/reply/test-helpers.ts b/src/auto-reply/reply/test-helpers.ts
index 4c30ae6756a..fe1913e723d 100644
--- a/src/auto-reply/reply/test-helpers.ts
+++ b/src/auto-reply/reply/test-helpers.ts
@@ -1,4 +1,5 @@
 import { vi } from "vitest";
+import type { FollowupRun } from "./queue.js";
 import type { TypingController } from "./typing.js";
 
 export function createMockTypingController(
@@ -16,3 +17,49 @@ export function createMockTypingController(
     ...overrides,
   };
 }
+
+export function createMockFollowupRun(
+  overrides: Partial<Omit<FollowupRun, "run">> & { run?: Partial<FollowupRun["run"]> } = {},
+): FollowupRun {
+  const base: FollowupRun = {
+    prompt: "hello",
+    summaryLine: "hello",
+    enqueuedAt: Date.now(),
+    originatingTo: "channel:C1",
+    run: {
+      agentId: "agent",
+      agentDir: "/tmp/agent",
+      sessionId: "session",
+      sessionKey: "main",
+      messageProvider: "whatsapp",
+      agentAccountId: "primary",
+      sessionFile: "/tmp/session.jsonl",
+      workspaceDir: "/tmp",
+      config: {},
+      skillsSnapshot: {
+        prompt: "",
+        skills: [],
+      },
+      provider: "anthropic",
+      model: "claude",
+      thinkLevel: "low",
+      verboseLevel: "off",
+      elevatedLevel: "off",
+      bashElevated: {
+        enabled: false,
+        allowed: false,
+        defaultLevel: "off",
+      },
+      timeoutMs: 1_000,
+      blockReplyBreak: "message_end",
+    },
+  };
+  return {
+    ...base,
+    ...overrides,
+    run: {
+      ...base.run,
+      ...overrides.run,
+    },
+  };
+}
diff --git a/src/auto-reply/templating.ts b/src/auto-reply/templating.ts
index 8ca3c2389bc..c97584aeae3 100644
--- a/src/auto-reply/templating.ts
+++ b/src/auto-reply/templating.ts
@@ -1,10 +1,10 @@
+import type { StickerMetadata } from "../../extensions/telegram/src/bot/types.js";
 import type { ChannelId } from "../channels/plugins/types.js";
 import type {
   MediaUnderstandingDecision,
   MediaUnderstandingOutput,
 } from "../media-understanding/types.js";
 import type { InputProvenance } from "../sessions/input-provenance.js";
-import type { StickerMetadata } from "../telegram/bot/types.js";
 import type { InternalMessageChannel } from "../utils/message-channel.js";
 import type { CommandArgs } from "./commands-registry.types.js";
 
diff --git a/src/auto-reply/types.ts b/src/auto-reply/types.ts
index be32e3635e1..76f3e746a10 100644
--- a/src/auto-reply/types.ts
+++ b/src/auto-reply/types.ts
@@ -76,6 +76,9 @@ export type ReplyPayload = {
   text?: string;
   mediaUrl?: string;
   mediaUrls?: string[];
+  btw?: {
+    question: string;
+  };
   replyToId?: string;
   replyToTag?: boolean;
   /** True when [[reply_to_current]] was present but not yet mapped to a message id. */
diff --git a/src/browser/browser-utils.test.ts b/src/browser/browser-utils.test.ts
index ab6c13d55aa..398ac6179b0 100644
--- a/src/browser/browser-utils.test.ts
+++ b/src/browser/browser-utils.test.ts
@@ -267,9 +267,10 @@ describe("browser server-context listKnownProfileNames", () => {
     };
 
     expect(listKnownProfileNames(state).toSorted()).toEqual([
-      "chrome",
+      "chrome-relay",
       "openclaw",
       "stale-removed",
+      "user",
     ]);
   });
 });
diff --git a/src/browser/chrome-mcp.snapshot.ts b/src/browser/chrome-mcp.snapshot.ts
index e92709df6f2..f0a1413736a 100644
--- a/src/browser/chrome-mcp.snapshot.ts
+++ b/src/browser/chrome-mcp.snapshot.ts
@@ -4,6 +4,7 @@ import {
   type RoleRefMap,
   type RoleSnapshotOptions,
 } from "./pw-role-snapshot.js";
+import { CONTENT_ROLES, INTERACTIVE_ROLES, STRUCTURAL_ROLES } from "./snapshot-roles.js";
 
 export type ChromeMcpSnapshotNode = {
   id?: string;
@@ -14,60 +15,6 @@ export type ChromeMcpSnapshotNode = {
   children?: ChromeMcpSnapshotNode[];
 };
 
-const INTERACTIVE_ROLES = new Set([
-  "button",
-  "checkbox",
-  "combobox",
-  "link",
-  "listbox",
-  "menuitem",
-  "menuitemcheckbox",
-  "menuitemradio",
-  "option",
-  "radio",
-  "searchbox",
-  "slider",
-  "spinbutton",
-  "switch",
-  "tab",
-  "textbox",
-  "treeitem",
-]);
-
-const CONTENT_ROLES = new Set([
-  "article",
-  "cell",
-  "columnheader",
-  "gridcell",
-  "heading",
-  "listitem",
-  "main",
-  "navigation",
-  "region",
-  "rowheader",
-]);
-
-const STRUCTURAL_ROLES = new Set([
-  "application",
-  "directory",
-  "document",
-  "generic",
-  "group",
-  "ignored",
-  "list",
-  "menu",
-  "menubar",
-  "none",
-  "presentation",
-  "row",
-  "rowgroup",
-  "tablist",
-  "table",
-  "toolbar",
-  "tree",
-  "treegrid",
-]);
-
 function normalizeRole(node: ChromeMcpSnapshotNode): string {
   const role = typeof node.role === "string" ? node.role.trim().toLowerCase() : "";
   return role || "generic";
diff --git a/src/browser/chrome-mcp.test.ts b/src/browser/chrome-mcp.test.ts
index ec6f21339ed..a77149d7a72 100644
--- a/src/browser/chrome-mcp.test.ts
+++ b/src/browser/chrome-mcp.test.ts
@@ -129,4 +129,142 @@ describe("chrome MCP page parsing", () => {
 
     expect(result).toBe(123);
   });
+
+  it("surfaces MCP tool errors instead of JSON parse noise", async () => {
+    const factory: ChromeMcpSessionFactory = async () => {
+      const session = createFakeSession();
+      const callTool = vi.fn(async ({ name }: ToolCall) => {
+        if (name === "evaluate_script") {
+          return {
+            content: [
+              {
+                type: "text",
+                text: "Cannot read properties of null (reading 'value')",
+              },
+            ],
+            isError: true,
+          };
+        }
+        throw new Error(`unexpected tool ${name}`);
+      });
+      session.client.callTool = callTool as typeof session.client.callTool;
+      return session;
+    };
+    setChromeMcpSessionFactoryForTest(factory);
+
+    await expect(
+      evaluateChromeMcpScript({
+        profileName: "chrome-live",
+        targetId: "1",
+        fn: "() => document.getElementById('missing').value",
+      }),
+    ).rejects.toThrow(/Cannot read properties of null/);
+  });
+
+  it("reuses a single pending session for concurrent requests", async () => {
+    let factoryCalls = 0;
+    let releaseFactory!: () => void;
+    const factoryGate = new Promise<void>((resolve) => {
+      releaseFactory = resolve;
+    });
+
+    const factory: ChromeMcpSessionFactory = async () => {
+      factoryCalls += 1;
+      await factoryGate;
+      return createFakeSession();
+    };
+    setChromeMcpSessionFactoryForTest(factory);
+
+    const tabsPromise = listChromeMcpTabs("chrome-live");
+    const evalPromise = evaluateChromeMcpScript({
+      profileName: "chrome-live",
+      targetId: "1",
+      fn: "() => 123",
+    });
+
+    releaseFactory();
+    const [tabs, result] = await Promise.all([tabsPromise, evalPromise]);
+
+    expect(factoryCalls).toBe(1);
+    expect(tabs).toHaveLength(2);
+    expect(result).toBe(123);
+  });
+
+  it("preserves session after tool-level errors (isError)", async () => {
+    let factoryCalls = 0;
+    const factory: ChromeMcpSessionFactory = async () => {
+      factoryCalls += 1;
+      const session = createFakeSession();
+      const callTool = vi.fn(async ({ name }: ToolCall) => {
+        if (name === "evaluate_script") {
+          return {
+            content: [{ type: "text", text: "element not found" }],
+            isError: true,
+          };
+        }
+        if (name === "list_pages") {
+          return {
+            content: [{ type: "text", text: "## Pages\n1: https://example.com [selected]" }],
+          };
+        }
+        throw new Error(`unexpected tool ${name}`);
+      });
+      session.client.callTool = callTool as typeof session.client.callTool;
+      return session;
+    };
+    setChromeMcpSessionFactoryForTest(factory);
+
+    // First call: tool error (isError: true) — should NOT destroy session
+    await expect(
+      evaluateChromeMcpScript({ profileName: "chrome-live", targetId: "1", fn: "() => null" }),
+    ).rejects.toThrow(/element not found/);
+
+    // Second call: should reuse the same session (factory called only once)
+    const tabs = await listChromeMcpTabs("chrome-live");
+    expect(factoryCalls).toBe(1);
+    expect(tabs).toHaveLength(1);
+  });
+
+  it("destroys session on transport errors so next call reconnects", async () => {
+    let factoryCalls = 0;
+    const factory: ChromeMcpSessionFactory = async () => {
+      factoryCalls += 1;
+      const session = createFakeSession();
+      if (factoryCalls === 1) {
+        // First session: transport error (callTool throws)
+        const callTool = vi.fn(async () => {
+          throw new Error("connection reset");
+        });
+        session.client.callTool = callTool as typeof session.client.callTool;
+      }
+      return session;
+    };
+    setChromeMcpSessionFactoryForTest(factory);
+
+    // First call: transport error — should destroy session
+    await expect(listChromeMcpTabs("chrome-live")).rejects.toThrow(/connection reset/);
+
+    // Second call: should create a new session (factory called twice)
+    const tabs = await listChromeMcpTabs("chrome-live");
+    expect(factoryCalls).toBe(2);
+    expect(tabs).toHaveLength(2);
+  });
+
+  it("clears failed pending sessions so the next call can retry", async () => {
+    let factoryCalls = 0;
+    const factory: ChromeMcpSessionFactory = async () => {
+      factoryCalls += 1;
+      if (factoryCalls === 1) {
+        throw new Error("attach failed");
+      }
+      return createFakeSession();
+    };
+    setChromeMcpSessionFactoryForTest(factory);
+
+    await expect(listChromeMcpTabs("chrome-live")).rejects.toThrow(/attach failed/);
+
+    const tabs = await listChromeMcpTabs("chrome-live");
+    expect(factoryCalls).toBe(2);
+    expect(tabs).toHaveLength(2);
+  });
 });
diff --git a/src/browser/chrome-mcp.ts b/src/browser/chrome-mcp.ts
index ecd196547d3..25ae39b2293 100644
--- a/src/browser/chrome-mcp.ts
+++ b/src/browser/chrome-mcp.ts
@@ -39,6 +39,7 @@ const DEFAULT_CHROME_MCP_ARGS = [
 ];
 
 const sessions = new Map<string, ChromeMcpSession>();
+const pendingSessions = new Map<string, Promise<ChromeMcpSession>>();
 let sessionFactory: ChromeMcpSessionFactory | null = null;
 
 function asRecord(value: unknown): Record<string, unknown> | null {
@@ -144,6 +145,11 @@ function extractMessageText(result: ChromeMcpToolResult): string {
   return blocks.find((block) => block.trim()) ?? "";
 }
 
+function extractToolErrorMessage(result: ChromeMcpToolResult, name: string): string {
+  const message = extractMessageText(result).trim();
+  return message || `Chrome MCP tool "${name}" failed.`;
+}
+
 function extractJsonMessage(result: ChromeMcpToolResult): unknown {
   const candidates = [extractMessageText(result), ...extractTextContent(result)].filter((text) =>
     text.trim(),
@@ -207,8 +213,22 @@ async function getSession(profileName: string): Promise<ChromeMcpSession> {
     session = undefined;
   }
   if (!session) {
-    session = await (sessionFactory ?? createRealSession)(profileName);
-    sessions.set(profileName, session);
+    let pending = pendingSessions.get(profileName);
+    if (!pending) {
+      pending = (async () => {
+        const created = await (sessionFactory ?? createRealSession)(profileName);
+        sessions.set(profileName, created);
+        return created;
+      })();
+      pendingSessions.set(profileName, pending);
+    }
+    try {
+      session = await pending;
+    } finally {
+      if (pendingSessions.get(profileName) === pending) {
+        pendingSessions.delete(profileName);
+      }
+    }
   }
   try {
     await session.ready;
@@ -228,16 +248,24 @@ async function callTool(
   args: Record<string, unknown> = {},
 ): Promise<ChromeMcpToolResult> {
   const session = await getSession(profileName);
+  let result: ChromeMcpToolResult;
   try {
-    return (await session.client.callTool({
+    result = (await session.client.callTool({
       name,
       arguments: args,
     })) as ChromeMcpToolResult;
   } catch (err) {
+    // Transport/connection error — tear down session so it reconnects on next call
     sessions.delete(profileName);
     await session.client.close().catch(() => {});
     throw err;
   }
+  // Tool-level errors (element not found, script error, etc.) don't indicate a
+  // broken connection — don't tear down the session for these.
+  if (result.isError) {
+    throw new Error(extractToolErrorMessage(result, name));
+  }
+  return result;
 }
 
 async function withTempFile<T>(fn: (filePath: string) => Promise<T>): Promise<T> {
@@ -268,6 +296,7 @@ export function getChromeMcpPid(profileName: string): number | null {
 }
 
 export async function closeChromeMcpSession(profileName: string): Promise<boolean> {
+  pendingSessions.delete(profileName);
   const session = sessions.get(profileName);
   if (!session) {
     return false;
@@ -508,5 +537,6 @@ export function setChromeMcpSessionFactoryForTest(factory: ChromeMcpSessionFacto
 
 export async function resetChromeMcpSessionsForTest(): Promise<void> {
   sessionFactory = null;
+  pendingSessions.clear();
   await stopAllChromeMcpSessions();
 }
diff --git a/src/browser/client-fetch.loopback-auth.test.ts b/src/browser/client-fetch.loopback-auth.test.ts
index 7967d11c76e..bf982322027 100644
--- a/src/browser/client-fetch.loopback-auth.test.ts
+++ b/src/browser/client-fetch.loopback-auth.test.ts
@@ -50,6 +50,27 @@ function stubJsonFetchOk() {
   return fetchMock;
 }
 
+async function expectThrownBrowserFetchError(
+  request: () => Promise<unknown>,
+  params: {
+    contains: string[];
+    omits?: string[];
+  },
+) {
+  const thrown = await request().catch((err: unknown) => err);
+  expect(thrown).toBeInstanceOf(Error);
+  if (!(thrown instanceof Error)) {
+    throw new Error(`Expected Error, got ${String(thrown)}`);
+  }
+  for (const snippet of params.contains) {
+    expect(thrown.message).toContain(snippet);
+  }
+  for (const snippet of params.omits ?? []) {
+    expect(thrown.message).not.toContain(snippet);
+  }
+  return thrown;
+}
+
 describe("fetchBrowserJson loopback auth", () => {
   beforeEach(() => {
     vi.restoreAllMocks();
@@ -127,15 +148,10 @@ describe("fetchBrowserJson loopback auth", () => {
   it("preserves dispatcher error context while keeping no-retry hint", async () => {
     mocks.dispatch.mockRejectedValueOnce(new Error("Chrome CDP handshake timeout"));
 
-    const thrown = await fetchBrowserJson<{ ok: boolean }>("/tabs").catch((err: unknown) => err);
-
-    expect(thrown).toBeInstanceOf(Error);
-    if (!(thrown instanceof Error)) {
-      throw new Error(`Expected Error, got ${String(thrown)}`);
-    }
-    expect(thrown.message).toContain("Chrome CDP handshake timeout");
-    expect(thrown.message).toContain("Do NOT retry the browser tool");
-    expect(thrown.message).not.toContain("Can't reach the OpenClaw browser control service");
+    await expectThrownBrowserFetchError(() => fetchBrowserJson<{ ok: boolean }>("/tabs"), {
+      contains: ["Chrome CDP handshake timeout", "Do NOT retry the browser tool"],
+      omits: ["Can't reach the OpenClaw browser control service"],
+    });
   });
 
   it("surfaces 429 from HTTP URL as rate-limit error with no-retry hint", async () => {
@@ -147,17 +163,13 @@ describe("fetchBrowserJson loopback auth", () => {
       vi.fn(async () => response),
     );
 
-    const thrown = await fetchBrowserJson<{ ok: boolean }>("http://127.0.0.1:18888/").catch(
-      (err: unknown) => err,
+    await expectThrownBrowserFetchError(
+      () => fetchBrowserJson<{ ok: boolean }>("http://127.0.0.1:18888/"),
+      {
+        contains: ["Browser service rate limit reached", "Do NOT retry the browser tool"],
+        omits: ["max concurrent sessions exceeded"],
+      },
     );
-
-    expect(thrown).toBeInstanceOf(Error);
-    if (!(thrown instanceof Error)) {
-      throw new Error(`Expected Error, got ${String(thrown)}`);
-    }
-    expect(thrown.message).toContain("Browser service rate limit reached");
-    expect(thrown.message).toContain("Do NOT retry the browser tool");
-    expect(thrown.message).not.toContain("max concurrent sessions exceeded");
     expect(text).not.toHaveBeenCalled();
     expect(cancel).toHaveBeenCalledOnce();
   });
@@ -168,16 +180,12 @@ describe("fetchBrowserJson loopback auth", () => {
       vi.fn(async () => new Response("", { status: 429 })),
     );
 
-    const thrown = await fetchBrowserJson<{ ok: boolean }>("http://127.0.0.1:18888/").catch(
-      (err: unknown) => err,
+    await expectThrownBrowserFetchError(
+      () => fetchBrowserJson<{ ok: boolean }>("http://127.0.0.1:18888/"),
+      {
+        contains: ["rate limit reached", "Do NOT retry the browser tool"],
+      },
     );
-
-    expect(thrown).toBeInstanceOf(Error);
-    if (!(thrown instanceof Error)) {
-      throw new Error(`Expected Error, got ${String(thrown)}`);
-    }
-    expect(thrown.message).toContain("rate limit reached");
-    expect(thrown.message).toContain("Do NOT retry the browser tool");
   });
 
   it("keeps Browserbase-specific wording for Browserbase 429 responses", async () => {
@@ -186,17 +194,13 @@ describe("fetchBrowserJson loopback auth", () => {
       vi.fn(async () => new Response("max concurrent sessions exceeded", { status: 429 })),
     );
 
-    const thrown = await fetchBrowserJson<{ ok: boolean }>(
-      "https://connect.browserbase.com/session",
-    ).catch((err: unknown) => err);
-
-    expect(thrown).toBeInstanceOf(Error);
-    if (!(thrown instanceof Error)) {
-      throw new Error(`Expected Error, got ${String(thrown)}`);
-    }
-    expect(thrown.message).toContain("Browserbase rate limit reached");
-    expect(thrown.message).toContain("upgrade your plan");
-    expect(thrown.message).not.toContain("max concurrent sessions exceeded");
+    await expectThrownBrowserFetchError(
+      () => fetchBrowserJson<{ ok: boolean }>("https://connect.browserbase.com/session"),
+      {
+        contains: ["Browserbase rate limit reached", "upgrade your plan"],
+        omits: ["max concurrent sessions exceeded"],
+      },
+    );
   });
 
   it("non-429 errors still produce generic messages", async () => {
@@ -205,16 +209,13 @@ describe("fetchBrowserJson loopback auth", () => {
       vi.fn(async () => new Response("internal error", { status: 500 })),
     );
 
-    const thrown = await fetchBrowserJson<{ ok: boolean }>("http://127.0.0.1:18888/").catch(
-      (err: unknown) => err,
+    await expectThrownBrowserFetchError(
+      () => fetchBrowserJson<{ ok: boolean }>("http://127.0.0.1:18888/"),
+      {
+        contains: ["internal error"],
+        omits: ["rate limit"],
+      },
     );
-
-    expect(thrown).toBeInstanceOf(Error);
-    if (!(thrown instanceof Error)) {
-      throw new Error(`Expected Error, got ${String(thrown)}`);
-    }
-    expect(thrown.message).toContain("internal error");
-    expect(thrown.message).not.toContain("rate limit");
   });
 
   it("surfaces 429 from dispatcher path as rate-limit error", async () => {
@@ -223,15 +224,10 @@ describe("fetchBrowserJson loopback auth", () => {
       body: { error: "too many sessions" },
     });
 
-    const thrown = await fetchBrowserJson<{ ok: boolean }>("/tabs").catch((err: unknown) => err);
-
-    expect(thrown).toBeInstanceOf(Error);
-    if (!(thrown instanceof Error)) {
-      throw new Error(`Expected Error, got ${String(thrown)}`);
-    }
-    expect(thrown.message).toContain("Browser service rate limit reached");
-    expect(thrown.message).toContain("Do NOT retry the browser tool");
-    expect(thrown.message).not.toContain("too many sessions");
+    await expectThrownBrowserFetchError(() => fetchBrowserJson<{ ok: boolean }>("/tabs"), {
+      contains: ["Browser service rate limit reached", "Do NOT retry the browser tool"],
+      omits: ["too many sessions"],
+    });
   });
 
   it("keeps absolute URL failures wrapped as reachability errors", async () => {
@@ -242,15 +238,14 @@ describe("fetchBrowserJson loopback auth", () => {
       }),
     );
 
-    const thrown = await fetchBrowserJson<{ ok: boolean }>("http://example.com/").catch(
-      (err: unknown) => err,
+    await expectThrownBrowserFetchError(
+      () => fetchBrowserJson<{ ok: boolean }>("http://example.com/"),
+      {
+        contains: [
+          "Can't reach the OpenClaw browser control service",
+          "Do NOT retry the browser tool",
+        ],
+      },
     );
-
-    expect(thrown).toBeInstanceOf(Error);
-    if (!(thrown instanceof Error)) {
-      throw new Error(`Expected Error, got ${String(thrown)}`);
-    }
-    expect(thrown.message).toContain("Can't reach the OpenClaw browser control service");
-    expect(thrown.message).toContain("Do NOT retry the browser tool");
   });
 });
diff --git a/src/browser/client.ts b/src/browser/client.ts
index dc418cf3b4a..8e30762bfb1 100644
--- a/src/browser/client.ts
+++ b/src/browser/client.ts
@@ -1,15 +1,18 @@
 import { fetchBrowserJson } from "./client-fetch.js";
 
+export type BrowserTransport = "cdp" | "chrome-mcp";
+
 export type BrowserStatus = {
   enabled: boolean;
   profile?: string;
   driver?: "openclaw" | "extension" | "existing-session";
+  transport?: BrowserTransport;
   running: boolean;
   cdpReady?: boolean;
   cdpHttp?: boolean;
   pid: number | null;
-  cdpPort: number;
-  cdpUrl?: string;
+  cdpPort: number | null;
+  cdpUrl?: string | null;
   chosenBrowser: string | null;
   detectedBrowser?: string | null;
   detectedExecutablePath?: string | null;
@@ -24,8 +27,9 @@ export type BrowserStatus = {
 
 export type ProfileStatus = {
   name: string;
-  cdpPort: number;
-  cdpUrl: string;
+  transport?: BrowserTransport;
+  cdpPort: number | null;
+  cdpUrl: string | null;
   color: string;
   driver: "openclaw" | "extension" | "existing-session";
   running: boolean;
@@ -155,8 +159,9 @@ export async function browserResetProfile(
 export type BrowserCreateProfileResult = {
   ok: true;
   profile: string;
-  cdpPort: number;
-  cdpUrl: string;
+  transport?: BrowserTransport;
+  cdpPort: number | null;
+  cdpUrl: string | null;
   color: string;
   isRemote: boolean;
 };
diff --git a/src/browser/config.test.ts b/src/browser/config.test.ts
index d2643a6784b..5c16dd54dc6 100644
--- a/src/browser/config.test.ts
+++ b/src/browser/config.test.ts
@@ -1,6 +1,7 @@
 import { describe, expect, it } from "vitest";
 import { withEnv } from "../test-utils/env.js";
 import { resolveBrowserConfig, resolveProfile, shouldStartLocalBrowserServer } from "./config.js";
+import { getBrowserProfileCapabilities } from "./profile-capabilities.js";
 
 describe("browser config", () => {
   it("defaults to enabled with loopback defaults and lobster-orange color", () => {
@@ -21,10 +22,14 @@ describe("browser config", () => {
     expect(openclaw?.driver).toBe("openclaw");
     expect(openclaw?.cdpPort).toBe(18800);
     expect(openclaw?.cdpUrl).toBe("http://127.0.0.1:18800");
-    const chrome = resolveProfile(resolved, "chrome");
-    expect(chrome?.driver).toBe("extension");
-    expect(chrome?.cdpPort).toBe(18792);
-    expect(chrome?.cdpUrl).toBe("http://127.0.0.1:18792");
+    const user = resolveProfile(resolved, "user");
+    expect(user?.driver).toBe("existing-session");
+    expect(user?.cdpPort).toBe(0);
+    expect(user?.cdpUrl).toBe("");
+    const chromeRelay = resolveProfile(resolved, "chrome-relay");
+    expect(chromeRelay?.driver).toBe("extension");
+    expect(chromeRelay?.cdpPort).toBe(18792);
+    expect(chromeRelay?.cdpUrl).toBe("http://127.0.0.1:18792");
     expect(resolved.remoteCdpTimeoutMs).toBe(1500);
     expect(resolved.remoteCdpHandshakeTimeoutMs).toBe(3000);
   });
@@ -33,10 +38,10 @@ describe("browser config", () => {
     withEnv({ OPENCLAW_GATEWAY_PORT: "19001" }, () => {
       const resolved = resolveBrowserConfig(undefined);
       expect(resolved.controlPort).toBe(19003);
-      const chrome = resolveProfile(resolved, "chrome");
-      expect(chrome?.driver).toBe("extension");
-      expect(chrome?.cdpPort).toBe(19004);
-      expect(chrome?.cdpUrl).toBe("http://127.0.0.1:19004");
+      const chromeRelay = resolveProfile(resolved, "chrome-relay");
+      expect(chromeRelay?.driver).toBe("extension");
+      expect(chromeRelay?.cdpPort).toBe(19004);
+      expect(chromeRelay?.cdpUrl).toBe("http://127.0.0.1:19004");
 
       const openclaw = resolveProfile(resolved, "openclaw");
       expect(openclaw?.cdpPort).toBe(19012);
@@ -48,10 +53,10 @@ describe("browser config", () => {
     withEnv({ OPENCLAW_GATEWAY_PORT: undefined }, () => {
       const resolved = resolveBrowserConfig(undefined, { gateway: { port: 19011 } });
       expect(resolved.controlPort).toBe(19013);
-      const chrome = resolveProfile(resolved, "chrome");
-      expect(chrome?.driver).toBe("extension");
-      expect(chrome?.cdpPort).toBe(19014);
-      expect(chrome?.cdpUrl).toBe("http://127.0.0.1:19014");
+      const chromeRelay = resolveProfile(resolved, "chrome-relay");
+      expect(chromeRelay?.driver).toBe("extension");
+      expect(chromeRelay?.cdpPort).toBe(19014);
+      expect(chromeRelay?.cdpUrl).toBe("http://127.0.0.1:19014");
 
       const openclaw = resolveProfile(resolved, "openclaw");
       expect(openclaw?.cdpPort).toBe(19022);
@@ -204,13 +209,13 @@ describe("browser config", () => {
     );
   });
 
-  it("does not add the built-in chrome extension profile if the derived relay port is already used", () => {
+  it("does not add the built-in chrome-relay profile if the derived relay port is already used", () => {
     const resolved = resolveBrowserConfig({
       profiles: {
         openclaw: { cdpPort: 18792, color: "#FF4500" },
       },
     });
-    expect(resolveProfile(resolved, "chrome")).toBe(null);
+    expect(resolveProfile(resolved, "chrome-relay")).toBe(null);
     expect(resolved.defaultProfile).toBe("openclaw");
   });
 
@@ -278,6 +283,47 @@ describe("browser config", () => {
     expect(resolved.ssrfPolicy).toEqual({});
   });
 
+  it("resolves existing-session profiles without cdpPort or cdpUrl", () => {
+    const resolved = resolveBrowserConfig({
+      profiles: {
+        "chrome-live": {
+          driver: "existing-session",
+          attachOnly: true,
+          color: "#00AA00",
+        },
+      },
+    });
+    const profile = resolveProfile(resolved, "chrome-live");
+    expect(profile).not.toBeNull();
+    expect(profile?.driver).toBe("existing-session");
+    expect(profile?.attachOnly).toBe(true);
+    expect(profile?.cdpPort).toBe(0);
+    expect(profile?.cdpUrl).toBe("");
+    expect(profile?.cdpIsLoopback).toBe(true);
+    expect(profile?.color).toBe("#00AA00");
+  });
+
+  it("sets usesChromeMcp only for existing-session profiles", () => {
+    const resolved = resolveBrowserConfig({
+      profiles: {
+        "chrome-live": { driver: "existing-session", attachOnly: true, color: "#00AA00" },
+        work: { cdpPort: 18801, color: "#0066CC" },
+      },
+    });
+
+    const existingSession = resolveProfile(resolved, "chrome-live")!;
+    expect(getBrowserProfileCapabilities(existingSession).usesChromeMcp).toBe(true);
+
+    const managed = resolveProfile(resolved, "openclaw")!;
+    expect(getBrowserProfileCapabilities(managed).usesChromeMcp).toBe(false);
+
+    const extension = resolveProfile(resolved, "chrome-relay")!;
+    expect(getBrowserProfileCapabilities(extension).usesChromeMcp).toBe(false);
+
+    const work = resolveProfile(resolved, "work")!;
+    expect(getBrowserProfileCapabilities(work).usesChromeMcp).toBe(false);
+  });
+
   describe("default profile preference", () => {
     it("defaults to openclaw profile when defaultProfile is not configured", () => {
       const resolved = resolveBrowserConfig({
@@ -312,17 +358,17 @@ describe("browser config", () => {
     it("explicit defaultProfile config overrides defaults in headless mode", () => {
       const resolved = resolveBrowserConfig({
         headless: true,
-        defaultProfile: "chrome",
+        defaultProfile: "chrome-relay",
       });
-      expect(resolved.defaultProfile).toBe("chrome");
+      expect(resolved.defaultProfile).toBe("chrome-relay");
     });
 
     it("explicit defaultProfile config overrides defaults in noSandbox mode", () => {
       const resolved = resolveBrowserConfig({
         noSandbox: true,
-        defaultProfile: "chrome",
+        defaultProfile: "chrome-relay",
       });
-      expect(resolved.defaultProfile).toBe("chrome");
+      expect(resolved.defaultProfile).toBe("chrome-relay");
     });
 
     it("allows custom profile as default even in headless mode", () => {
diff --git a/src/browser/config.ts b/src/browser/config.ts
index 529ee791c40..8bcd51d0a68 100644
--- a/src/browser/config.ts
+++ b/src/browser/config.ts
@@ -180,17 +180,35 @@ function ensureDefaultProfile(
 }
 
 /**
- * Ensure a built-in "chrome" profile exists for the Chrome extension relay.
+ * Ensure a built-in "user" profile exists for Chrome's existing-session attach flow.
+ */
+function ensureDefaultUserBrowserProfile(
+  profiles: Record<string, BrowserProfileConfig>,
+): Record<string, BrowserProfileConfig> {
+  const result = { ...profiles };
+  if (result.user) {
+    return result;
+  }
+  result.user = {
+    driver: "existing-session",
+    attachOnly: true,
+    color: "#00AA00",
+  };
+  return result;
+}
+
+/**
+ * Ensure a built-in "chrome-relay" profile exists for the Chrome extension relay.
  *
  * Note: this is an OpenClaw browser profile (routing config), not a Chrome user profile.
  * It points at the local relay CDP endpoint (controlPort + 1).
  */
-function ensureDefaultChromeExtensionProfile(
+function ensureDefaultChromeRelayProfile(
   profiles: Record<string, BrowserProfileConfig>,
   controlPort: number,
 ): Record<string, BrowserProfileConfig> {
   const result = { ...profiles };
-  if (result.chrome) {
+  if (result["chrome-relay"]) {
     return result;
   }
   const relayPort = controlPort + 1;
@@ -202,7 +220,7 @@ function ensureDefaultChromeExtensionProfile(
   if (getUsedPorts(result).has(relayPort)) {
     return result;
   }
-  result.chrome = {
+  result["chrome-relay"] = {
     driver: "extension",
     cdpUrl: `http://127.0.0.1:${relayPort}`,
     color: "#00AA00",
@@ -268,13 +286,15 @@ export function resolveBrowserConfig(
   const legacyCdpPort = rawCdpUrl ? cdpInfo.port : undefined;
   const isWsUrl = cdpInfo.parsed.protocol === "ws:" || cdpInfo.parsed.protocol === "wss:";
   const legacyCdpUrl = rawCdpUrl && isWsUrl ? cdpInfo.normalized : undefined;
-  const profiles = ensureDefaultChromeExtensionProfile(
-    ensureDefaultProfile(
-      cfg?.profiles,
-      defaultColor,
-      legacyCdpPort,
-      cdpPortRangeStart,
-      legacyCdpUrl,
+  const profiles = ensureDefaultChromeRelayProfile(
+    ensureDefaultUserBrowserProfile(
+      ensureDefaultProfile(
+        cfg?.profiles,
+        defaultColor,
+        legacyCdpPort,
+        cdpPortRangeStart,
+        legacyCdpUrl,
+      ),
     ),
     controlPort,
   );
@@ -286,7 +306,7 @@ export function resolveBrowserConfig(
       ? DEFAULT_BROWSER_DEFAULT_PROFILE_NAME
       : profiles[DEFAULT_OPENCLAW_BROWSER_PROFILE_NAME]
         ? DEFAULT_OPENCLAW_BROWSER_PROFILE_NAME
-        : "chrome");
+        : "user");
 
   const extraArgs = Array.isArray(cfg?.extraArgs)
     ? cfg.extraArgs.filter((a): a is string => typeof a === "string" && a.trim().length > 0)
@@ -342,6 +362,20 @@ export function resolveProfile(
         ? "existing-session"
         : "openclaw";
 
+  if (driver === "existing-session") {
+    // existing-session uses Chrome MCP auto-connect; no CDP port/URL needed
+    return {
+      name: profileName,
+      cdpPort: 0,
+      cdpUrl: "",
+      cdpHost: "",
+      cdpIsLoopback: true,
+      color: profile.color,
+      driver,
+      attachOnly: true,
+    };
+  }
+
   if (rawProfileUrl) {
     const parsed = parseHttpUrl(rawProfileUrl, `browser.profiles.${profileName}.cdpUrl`);
     cdpHost = parsed.parsed.hostname;
@@ -361,7 +395,7 @@ export function resolveProfile(
     cdpIsLoopback: isLoopbackHost(cdpHost),
     color: profile.color,
     driver,
-    attachOnly: driver === "existing-session" ? true : (profile.attachOnly ?? resolved.attachOnly),
+    attachOnly: profile.attachOnly ?? resolved.attachOnly,
   };
 }
 
diff --git a/src/browser/profile-capabilities.ts b/src/browser/profile-capabilities.ts
index 2bcf4f8fe9e..b736a77d943 100644
--- a/src/browser/profile-capabilities.ts
+++ b/src/browser/profile-capabilities.ts
@@ -9,6 +9,8 @@ export type BrowserProfileMode =
 export type BrowserProfileCapabilities = {
   mode: BrowserProfileMode;
   isRemote: boolean;
+  /** Profile uses the Chrome DevTools MCP server (existing-session driver). */
+  usesChromeMcp: boolean;
   requiresRelay: boolean;
   requiresAttachedTab: boolean;
   usesPersistentPlaywright: boolean;
@@ -25,6 +27,7 @@ export function getBrowserProfileCapabilities(
     return {
       mode: "local-extension-relay",
       isRemote: false,
+      usesChromeMcp: false,
       requiresRelay: true,
       requiresAttachedTab: true,
       usesPersistentPlaywright: false,
@@ -39,6 +42,7 @@ export function getBrowserProfileCapabilities(
     return {
       mode: "local-existing-session",
       isRemote: false,
+      usesChromeMcp: true,
       requiresRelay: false,
       requiresAttachedTab: false,
       usesPersistentPlaywright: false,
@@ -53,6 +57,7 @@ export function getBrowserProfileCapabilities(
     return {
       mode: "remote-cdp",
       isRemote: true,
+      usesChromeMcp: false,
       requiresRelay: false,
       requiresAttachedTab: false,
       usesPersistentPlaywright: true,
@@ -66,6 +71,7 @@ export function getBrowserProfileCapabilities(
   return {
     mode: "local-managed",
     isRemote: false,
+    usesChromeMcp: false,
     requiresRelay: false,
     requiresAttachedTab: false,
     usesPersistentPlaywright: false,
diff --git a/src/browser/profiles-service.test.ts b/src/browser/profiles-service.test.ts
index f70e23ddb67..13bbdf27c49 100644
--- a/src/browser/profiles-service.test.ts
+++ b/src/browser/profiles-service.test.ts
@@ -178,10 +178,11 @@ describe("BrowserProfilesService", () => {
       driver: "existing-session",
     });
 
-    expect(result.cdpPort).toBe(18801);
+    expect(result.transport).toBe("chrome-mcp");
+    expect(result.cdpPort).toBeNull();
+    expect(result.cdpUrl).toBeNull();
     expect(result.isRemote).toBe(false);
     expect(state.resolved.profiles["chrome-live"]).toEqual({
-      cdpPort: 18801,
       driver: "existing-session",
       attachOnly: true,
       color: expect.any(String),
@@ -191,7 +192,6 @@ describe("BrowserProfilesService", () => {
         browser: expect.objectContaining({
           profiles: expect.objectContaining({
             "chrome-live": expect.objectContaining({
-              cdpPort: 18801,
               driver: "existing-session",
               attachOnly: true,
             }),
diff --git a/src/browser/profiles-service.ts b/src/browser/profiles-service.ts
index 25c0461f795..86321006e98 100644
--- a/src/browser/profiles-service.ts
+++ b/src/browser/profiles-service.ts
@@ -12,6 +12,7 @@ import {
   BrowserResourceExhaustedError,
   BrowserValidationError,
 } from "./errors.js";
+import { getBrowserProfileCapabilities } from "./profile-capabilities.js";
 import {
   allocateCdpPort,
   allocateColor,
@@ -32,8 +33,9 @@ export type CreateProfileParams = {
 export type CreateProfileResult = {
   ok: true;
   profile: string;
-  cdpPort: number;
-  cdpUrl: string;
+  transport: "cdp" | "chrome-mcp";
+  cdpPort: number | null;
+  cdpUrl: string | null;
   color: string;
   isRemote: boolean;
 };
@@ -141,18 +143,26 @@ export function createBrowserProfilesService(ctx: BrowserRouteContext) {
       if (driver === "extension") {
         throw new BrowserValidationError("driver=extension requires an explicit loopback cdpUrl");
       }
-      const usedPorts = getUsedPorts(resolvedProfiles);
-      const range = cdpPortRange(state.resolved);
-      const cdpPort = allocateCdpPort(usedPorts, range);
-      if (cdpPort === null) {
-        throw new BrowserResourceExhaustedError("no available CDP ports in range");
+      if (driver === "existing-session") {
+        // existing-session uses Chrome MCP auto-connect; no CDP port needed
+        profileConfig = {
+          driver,
+          attachOnly: true,
+          color: profileColor,
+        };
+      } else {
+        const usedPorts = getUsedPorts(resolvedProfiles);
+        const range = cdpPortRange(state.resolved);
+        const cdpPort = allocateCdpPort(usedPorts, range);
+        if (cdpPort === null) {
+          throw new BrowserResourceExhaustedError("no available CDP ports in range");
+        }
+        profileConfig = {
+          cdpPort,
+          ...(driver ? { driver } : {}),
+          color: profileColor,
+        };
       }
-      profileConfig = {
-        cdpPort,
-        ...(driver ? { driver } : {}),
-        ...(driver === "existing-session" ? { attachOnly: true } : {}),
-        color: profileColor,
-      };
     }
 
     const nextConfig: OpenClawConfig = {
@@ -173,12 +183,14 @@ export function createBrowserProfilesService(ctx: BrowserRouteContext) {
     if (!resolved) {
       throw new BrowserProfileNotFoundError(`profile "${name}" not found after creation`);
     }
+    const capabilities = getBrowserProfileCapabilities(resolved);
 
     return {
       ok: true,
       profile: name,
-      cdpPort: resolved.cdpPort,
-      cdpUrl: resolved.cdpUrl,
+      transport: capabilities.usesChromeMcp ? "chrome-mcp" : "cdp",
+      cdpPort: capabilities.usesChromeMcp ? null : resolved.cdpPort,
+      cdpUrl: capabilities.usesChromeMcp ? null : resolved.cdpUrl,
       color: resolved.color,
       isRemote: !resolved.cdpIsLoopback,
     };
diff --git a/src/browser/pw-role-snapshot.ts b/src/browser/pw-role-snapshot.ts
index 7a0b0ae70fe..312abcf872f 100644
--- a/src/browser/pw-role-snapshot.ts
+++ b/src/browser/pw-role-snapshot.ts
@@ -1,3 +1,5 @@
+import { CONTENT_ROLES, INTERACTIVE_ROLES, STRUCTURAL_ROLES } from "./snapshot-roles.js";
+
 export type RoleRef = {
   role: string;
   name?: string;
@@ -23,60 +25,6 @@ export type RoleSnapshotOptions = {
   compact?: boolean;
 };
 
-const INTERACTIVE_ROLES = new Set([
-  "button",
-  "link",
-  "textbox",
-  "checkbox",
-  "radio",
-  "combobox",
-  "listbox",
-  "menuitem",
-  "menuitemcheckbox",
-  "menuitemradio",
-  "option",
-  "searchbox",
-  "slider",
-  "spinbutton",
-  "switch",
-  "tab",
-  "treeitem",
-]);
-
-const CONTENT_ROLES = new Set([
-  "heading",
-  "cell",
-  "gridcell",
-  "columnheader",
-  "rowheader",
-  "listitem",
-  "article",
-  "region",
-  "main",
-  "navigation",
-]);
-
-const STRUCTURAL_ROLES = new Set([
-  "generic",
-  "group",
-  "list",
-  "table",
-  "row",
-  "rowgroup",
-  "grid",
-  "treegrid",
-  "menu",
-  "menubar",
-  "toolbar",
-  "tablist",
-  "tree",
-  "directory",
-  "document",
-  "application",
-  "presentation",
-  "none",
-]);
-
 export function getRoleSnapshotStats(snapshot: string, refs: RoleRefMap): RoleSnapshotStats {
   const interactive = Object.values(refs).filter((r) => INTERACTIVE_ROLES.has(r.role)).length;
   return {
diff --git a/src/browser/pw-tools-core.interactions.batch.test.ts b/src/browser/pw-tools-core.interactions.batch.test.ts
index fbd2de4cbc6..2801ebe8190 100644
--- a/src/browser/pw-tools-core.interactions.batch.test.ts
+++ b/src/browser/pw-tools-core.interactions.batch.test.ts
@@ -82,23 +82,4 @@ describe("batchViaPlaywright", () => {
       targetId: "tab-1",
     });
   });
-
-  it("propagates nested batch failures to the parent batch result", async () => {
-    const result = await batchViaPlaywright({
-      cdpUrl: "http://127.0.0.1:9222",
-      targetId: "tab-1",
-      actions: [
-        {
-          kind: "batch",
-          actions: [{ kind: "evaluate", fn: "() => 1" }],
-        },
-      ],
-    });
-
-    expect(result).toEqual({
-      results: [
-        { ok: false, error: "act:evaluate is disabled by config (browser.evaluateEnabled=false)" },
-      ],
-    });
-  });
 });
diff --git a/src/browser/pw-tools-core.interactions.ts b/src/browser/pw-tools-core.interactions.ts
index da0efa0c145..01abc5338f0 100644
--- a/src/browser/pw-tools-core.interactions.ts
+++ b/src/browser/pw-tools-core.interactions.ts
@@ -20,6 +20,7 @@ type TargetOpts = {
   cdpUrl: string;
   targetId?: string;
 };
+
 const MAX_CLICK_DELAY_MS = 5_000;
 const MAX_WAIT_TIME_MS = 30_000;
 const MAX_BATCH_ACTIONS = 100;
@@ -98,7 +99,7 @@ export async function clickViaPlaywright(opts: {
     const delayMs = resolveBoundedDelayMs(opts.delayMs, "click delayMs", MAX_CLICK_DELAY_MS);
     if (delayMs > 0) {
       await locator.hover({ timeout });
-      await new Promise((r) => setTimeout(r, delayMs));
+      await new Promise((resolve) => setTimeout(resolve, delayMs));
     }
     if (opts.doubleClick) {
       await locator.dblclick({
@@ -844,8 +845,7 @@ async function executeSingleAction(
       });
       break;
     case "batch":
-      // Nested batches: delegate recursively
-      const nestedResult = await batchViaPlaywright({
+      await batchViaPlaywright({
         cdpUrl,
         targetId: effectiveTargetId,
         actions: action.actions,
@@ -853,10 +853,6 @@ async function executeSingleAction(
         evaluateEnabled,
         depth: depth + 1,
       });
-      const nestedFailure = nestedResult.results.find((result) => !result.ok);
-      if (nestedFailure) {
-        throw new Error(nestedFailure.error ?? "Nested batch action failed");
-      }
       break;
     default:
       throw new Error(`Unsupported batch action kind: ${(action as { kind: string }).kind}`);
diff --git a/src/browser/pw-tools-core.responses.ts b/src/browser/pw-tools-core.responses.ts
index 5a6ddc1818c..4b153692a20 100644
--- a/src/browser/pw-tools-core.responses.ts
+++ b/src/browser/pw-tools-core.responses.ts
@@ -1,22 +1,7 @@
 import { formatCliCommand } from "../cli/command-format.js";
 import { ensurePageState, getPageForTargetId } from "./pw-session.js";
 import { normalizeTimeoutMs } from "./pw-tools-core.shared.js";
-
-function matchUrlPattern(pattern: string, url: string): boolean {
-  const p = pattern.trim();
-  if (!p) {
-    return false;
-  }
-  if (p === url) {
-    return true;
-  }
-  if (p.includes("*")) {
-    const escaped = p.replace(/[|\\{}()[\]^$+?.]/g, "\\$&");
-    const regex = new RegExp(`^${escaped.replace(/\*\*/g, ".*").replace(/\*/g, ".*")}$`);
-    return regex.test(url);
-  }
-  return url.includes(p);
-}
+import { matchBrowserUrlPattern } from "./url-pattern.js";
 
 export async function responseBodyViaPlaywright(opts: {
   cdpUrl: string;
@@ -65,7 +50,7 @@ export async function responseBodyViaPlaywright(opts: {
       }
       const r = resp as { url?: () => string };
       const u = r.url?.() || "";
-      if (!matchUrlPattern(pattern, u)) {
+      if (!matchBrowserUrlPattern(pattern, u)) {
         return;
       }
       done = true;
diff --git a/src/browser/pw-tools-core.waits-next-download-saves-it.test.ts b/src/browser/pw-tools-core.waits-next-download-saves-it.test.ts
index d976f7d7fb8..e5aa5bac2e0 100644
--- a/src/browser/pw-tools-core.waits-next-download-saves-it.test.ts
+++ b/src/browser/pw-tools-core.waits-next-download-saves-it.test.ts
@@ -291,6 +291,6 @@ describe("pw-tools-core", () => {
         targetId: "T1",
         ref: "   ",
       }),
-    ).rejects.toThrow(/ref is required/i);
+    ).rejects.toThrow(/ref or selector is required/i);
   });
 });
diff --git a/src/browser/routes/agent.act.download.ts b/src/browser/routes/agent.act.download.ts
index 9ed04469c26..cfdf1362797 100644
--- a/src/browser/routes/agent.act.download.ts
+++ b/src/browser/routes/agent.act.download.ts
@@ -1,3 +1,4 @@
+import { getBrowserProfileCapabilities } from "../profile-capabilities.js";
 import type { BrowserRouteContext } from "../server-context.js";
 import {
   readBody,
@@ -34,7 +35,7 @@ export function registerBrowserAgentActDownloadRoutes(
       ctx,
       targetId,
       run: async ({ profileCtx, cdpUrl, tab }) => {
-        if (profileCtx.profile.driver === "existing-session") {
+        if (getBrowserProfileCapabilities(profileCtx.profile).usesChromeMcp) {
           return jsonError(
             res,
             501,
@@ -88,7 +89,7 @@ export function registerBrowserAgentActDownloadRoutes(
       ctx,
       targetId,
       run: async ({ profileCtx, cdpUrl, tab }) => {
-        if (profileCtx.profile.driver === "existing-session") {
+        if (getBrowserProfileCapabilities(profileCtx.profile).usesChromeMcp) {
           return jsonError(
             res,
             501,
diff --git a/src/browser/routes/agent.act.hooks.ts b/src/browser/routes/agent.act.hooks.ts
index bb1f03b7a7c..a141a9cbe5a 100644
--- a/src/browser/routes/agent.act.hooks.ts
+++ b/src/browser/routes/agent.act.hooks.ts
@@ -1,4 +1,5 @@
 import { evaluateChromeMcpScript, uploadChromeMcpFile } from "../chrome-mcp.js";
+import { getBrowserProfileCapabilities } from "../profile-capabilities.js";
 import type { BrowserRouteContext } from "../server-context.js";
 import {
   readBody,
@@ -43,7 +44,7 @@ export function registerBrowserAgentActHookRoutes(
         }
         const resolvedPaths = uploadPathsResult.paths;
 
-        if (profileCtx.profile.driver === "existing-session") {
+        if (getBrowserProfileCapabilities(profileCtx.profile).usesChromeMcp) {
           if (element) {
             return jsonError(
               res,
@@ -123,7 +124,7 @@ export function registerBrowserAgentActHookRoutes(
       ctx,
       targetId,
       run: async ({ profileCtx, cdpUrl, tab }) => {
-        if (profileCtx.profile.driver === "existing-session") {
+        if (getBrowserProfileCapabilities(profileCtx.profile).usesChromeMcp) {
           if (timeoutMs) {
             return jsonError(
               res,
diff --git a/src/browser/routes/agent.act.ts b/src/browser/routes/agent.act.ts
index a8d3a09ce83..1b444d1b963 100644
--- a/src/browser/routes/agent.act.ts
+++ b/src/browser/routes/agent.act.ts
@@ -11,7 +11,9 @@ import {
 } from "../chrome-mcp.js";
 import type { BrowserActRequest, BrowserFormField } from "../client-actions-core.js";
 import { normalizeBrowserFormField } from "../form-fields.js";
+import { getBrowserProfileCapabilities } from "../profile-capabilities.js";
 import type { BrowserRouteContext } from "../server-context.js";
+import { matchBrowserUrlPattern } from "../url-pattern.js";
 import { registerBrowserAgentActDownloadRoutes } from "./agent.act.download.js";
 import { registerBrowserAgentActHookRoutes } from "./agent.act.hooks.js";
 import {
@@ -47,7 +49,6 @@ function buildExistingSessionWaitPredicate(params: {
   text?: string;
   textGone?: string;
   selector?: string;
-  url?: string;
   loadState?: "load" | "domcontentloaded" | "networkidle";
   fn?: string;
 }): string | null {
@@ -61,9 +62,6 @@ function buildExistingSessionWaitPredicate(params: {
   if (params.selector) {
     checks.push(`Boolean(document.querySelector(${JSON.stringify(params.selector)}))`);
   }
-  if (params.url) {
-    checks.push(`window.location.href === ${JSON.stringify(params.url)}`);
-  }
   if (params.loadState === "domcontentloaded") {
     checks.push(`document.readyState === "interactive" || document.readyState === "complete"`);
   } else if (params.loadState === "load") {
@@ -94,17 +92,30 @@ async function waitForExistingSessionCondition(params: {
     await sleep(params.timeMs);
   }
   const predicate = buildExistingSessionWaitPredicate(params);
-  if (!predicate) {
+  if (!predicate && !params.url) {
     return;
   }
   const timeoutMs = Math.max(250, params.timeoutMs ?? 10_000);
   const deadline = Date.now() + timeoutMs;
   while (Date.now() < deadline) {
-    const ready = await evaluateChromeMcpScript({
-      profileName: params.profileName,
-      targetId: params.targetId,
-      fn: `async () => ${predicate}`,
-    });
+    let ready = true;
+    if (predicate) {
+      ready = Boolean(
+        await evaluateChromeMcpScript({
+          profileName: params.profileName,
+          targetId: params.targetId,
+          fn: `async () => ${predicate}`,
+        }),
+      );
+    }
+    if (ready && params.url) {
+      const currentUrl = await evaluateChromeMcpScript({
+        profileName: params.profileName,
+        targetId: params.targetId,
+        fn: "() => window.location.href",
+      });
+      ready = typeof currentUrl === "string" && matchBrowserUrlPattern(params.url, currentUrl);
+    }
     if (ready) {
       return;
     }
@@ -467,7 +478,7 @@ export function registerBrowserAgentActRoutes(
       targetId,
       run: async ({ profileCtx, cdpUrl, tab }) => {
         const evaluateEnabled = ctx.state().resolved.evaluateEnabled;
-        const isExistingSession = profileCtx.profile.driver === "existing-session";
+        const isExistingSession = getBrowserProfileCapabilities(profileCtx.profile).usesChromeMcp;
         const profileName = profileCtx.profile.name;
 
         switch (kind) {
@@ -1100,7 +1111,7 @@ export function registerBrowserAgentActRoutes(
       ctx,
       targetId,
       run: async ({ profileCtx, cdpUrl, tab }) => {
-        if (profileCtx.profile.driver === "existing-session") {
+        if (getBrowserProfileCapabilities(profileCtx.profile).usesChromeMcp) {
           return jsonError(
             res,
             501,
@@ -1137,7 +1148,7 @@ export function registerBrowserAgentActRoutes(
       ctx,
       targetId,
       run: async ({ profileCtx, cdpUrl, tab }) => {
-        if (profileCtx.profile.driver === "existing-session") {
+        if (getBrowserProfileCapabilities(profileCtx.profile).usesChromeMcp) {
           await evaluateChromeMcpScript({
             profileName: profileCtx.profile.name,
             targetId: tab.targetId,
diff --git a/src/browser/routes/agent.existing-session.test.ts b/src/browser/routes/agent.existing-session.test.ts
index 077889d16f9..4f8211114ea 100644
--- a/src/browser/routes/agent.existing-session.test.ts
+++ b/src/browser/routes/agent.existing-session.test.ts
@@ -1,12 +1,8 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import { registerBrowserAgentActRoutes } from "./agent.act.js";
 import { registerBrowserAgentSnapshotRoutes } from "./agent.snapshot.js";
-import type {
-  BrowserRequest,
-  BrowserResponse,
-  BrowserRouteHandler,
-  BrowserRouteRegistrar,
-} from "./types.js";
+import { createBrowserRouteApp, createBrowserRouteResponse } from "./test-helpers.js";
+import type { BrowserRequest } from "./types.js";
 
 const routeState = vi.hoisted(() => ({
   profileCtx: {
@@ -26,7 +22,9 @@ const routeState = vi.hoisted(() => ({
 }));
 
 const chromeMcpMocks = vi.hoisted(() => ({
-  evaluateChromeMcpScript: vi.fn(async () => true),
+  evaluateChromeMcpScript: vi.fn(
+    async (_params: { profileName: string; targetId: string; fn: string }) => true,
+  ),
   navigateChromeMcpPage: vi.fn(async ({ url }: { url: string }) => ({ url })),
   takeChromeMcpScreenshot: vi.fn(async () => Buffer.from("png")),
   takeChromeMcpSnapshot: vi.fn(async () => ({
@@ -98,39 +96,34 @@ vi.mock("./agent.shared.js", () => ({
   }),
 }));
 
-function createApp() {
-  const getHandlers = new Map<string, BrowserRouteHandler>();
-  const postHandlers = new Map<string, BrowserRouteHandler>();
-  const deleteHandlers = new Map<string, BrowserRouteHandler>();
-  const app: BrowserRouteRegistrar = {
-    get: (path, handler) => void getHandlers.set(path, handler),
-    post: (path, handler) => void postHandlers.set(path, handler),
-    delete: (path, handler) => void deleteHandlers.set(path, handler),
-  };
-  return { app, getHandlers, postHandlers, deleteHandlers };
+function getSnapshotGetHandler() {
+  const { app, getHandlers } = createBrowserRouteApp();
+  registerBrowserAgentSnapshotRoutes(app, {
+    state: () => ({ resolved: { ssrfPolicy: undefined } }),
+  } as never);
+  const handler = getHandlers.get("/snapshot");
+  expect(handler).toBeTypeOf("function");
+  return handler;
 }
 
-function createResponse() {
-  let statusCode = 200;
-  let jsonBody: unknown;
-  const res: BrowserResponse = {
-    status(code) {
-      statusCode = code;
-      return res;
-    },
-    json(body) {
-      jsonBody = body;
-    },
-  };
-  return {
-    res,
-    get statusCode() {
-      return statusCode;
-    },
-    get body() {
-      return jsonBody;
-    },
-  };
+function getSnapshotPostHandler() {
+  const { app, postHandlers } = createBrowserRouteApp();
+  registerBrowserAgentSnapshotRoutes(app, {
+    state: () => ({ resolved: { ssrfPolicy: undefined } }),
+  } as never);
+  const handler = postHandlers.get("/screenshot");
+  expect(handler).toBeTypeOf("function");
+  return handler;
+}
+
+function getActPostHandler() {
+  const { app, postHandlers } = createBrowserRouteApp();
+  registerBrowserAgentActRoutes(app, {
+    state: () => ({ resolved: { evaluateEnabled: true } }),
+  } as never);
+  const handler = postHandlers.get("/act");
+  expect(handler).toBeTypeOf("function");
+  return handler;
 }
 
 describe("existing-session browser routes", () => {
@@ -146,14 +139,8 @@ describe("existing-session browser routes", () => {
   });
 
   it("allows labeled AI snapshots for existing-session profiles", async () => {
-    const { app, getHandlers } = createApp();
-    registerBrowserAgentSnapshotRoutes(app, {
-      state: () => ({ resolved: { ssrfPolicy: undefined } }),
-    } as never);
-    const handler = getHandlers.get("/snapshot");
-    expect(handler).toBeTypeOf("function");
-
-    const response = createResponse();
+    const handler = getSnapshotGetHandler();
+    const response = createBrowserRouteResponse();
     await handler?.({ params: {}, query: { format: "ai", labels: "1" } }, response.res);
 
     expect(response.statusCode).toBe(200);
@@ -171,15 +158,55 @@ describe("existing-session browser routes", () => {
     expect(chromeMcpMocks.takeChromeMcpScreenshot).toHaveBeenCalled();
   });
 
-  it("fails closed for existing-session networkidle waits", async () => {
-    const { app, postHandlers } = createApp();
-    registerBrowserAgentActRoutes(app, {
-      state: () => ({ resolved: { evaluateEnabled: true } }),
-    } as never);
-    const handler = postHandlers.get("/act");
-    expect(handler).toBeTypeOf("function");
+  it("allows ref screenshots for existing-session profiles", async () => {
+    const handler = getSnapshotPostHandler();
+    const response = createBrowserRouteResponse();
+    await handler?.(
+      {
+        params: {},
+        query: {},
+        body: { ref: "btn-1", type: "jpeg" },
+      },
+      response.res,
+    );
 
-    const response = createResponse();
+    expect(response.statusCode).toBe(200);
+    expect(response.body).toMatchObject({
+      ok: true,
+      path: "/tmp/fake.png",
+      targetId: "7",
+    });
+    expect(chromeMcpMocks.takeChromeMcpScreenshot).toHaveBeenCalledWith({
+      profileName: "chrome-live",
+      targetId: "7",
+      uid: "btn-1",
+      fullPage: false,
+      format: "jpeg",
+    });
+  });
+
+  it("rejects selector-based element screenshots for existing-session profiles", async () => {
+    const handler = getSnapshotPostHandler();
+    const response = createBrowserRouteResponse();
+    await handler?.(
+      {
+        params: {},
+        query: {},
+        body: { element: "#submit" },
+      },
+      response.res,
+    );
+
+    expect(response.statusCode).toBe(400);
+    expect(response.body).toMatchObject({
+      error: expect.stringContaining("element screenshots are not supported"),
+    });
+    expect(chromeMcpMocks.takeChromeMcpScreenshot).not.toHaveBeenCalled();
+  });
+
+  it("fails closed for existing-session networkidle waits", async () => {
+    const handler = getActPostHandler();
+    const response = createBrowserRouteResponse();
     await handler?.(
       {
         params: {},
@@ -195,4 +222,31 @@ describe("existing-session browser routes", () => {
     });
     expect(chromeMcpMocks.evaluateChromeMcpScript).not.toHaveBeenCalled();
   });
+
+  it("supports glob URL waits for existing-session profiles", async () => {
+    chromeMcpMocks.evaluateChromeMcpScript.mockReset();
+    chromeMcpMocks.evaluateChromeMcpScript.mockImplementation(
+      async ({ fn }: { fn: string }) =>
+        (fn === "() => window.location.href" ? "https://example.com/" : true) as never,
+    );
+
+    const handler = getActPostHandler();
+    const response = createBrowserRouteResponse();
+    await handler?.(
+      {
+        params: {},
+        query: {},
+        body: { kind: "wait", url: "**/example.com/" },
+      },
+      response.res,
+    );
+
+    expect(response.statusCode).toBe(200);
+    expect(response.body).toMatchObject({ ok: true, targetId: "7" });
+    expect(chromeMcpMocks.evaluateChromeMcpScript).toHaveBeenCalledWith({
+      profileName: "chrome-live",
+      targetId: "7",
+      fn: "() => window.location.href",
+    });
+  });
 });
diff --git a/src/browser/routes/agent.snapshot.plan.test.ts b/src/browser/routes/agent.snapshot.plan.test.ts
index 493fbcdfbad..71870aa1a6d 100644
--- a/src/browser/routes/agent.snapshot.plan.test.ts
+++ b/src/browser/routes/agent.snapshot.plan.test.ts
@@ -3,9 +3,9 @@ import { resolveBrowserConfig, resolveProfile } from "../config.js";
 import { resolveSnapshotPlan } from "./agent.snapshot.plan.js";
 
 describe("resolveSnapshotPlan", () => {
-  it("defaults chrome extension relay snapshots to aria when format is omitted", () => {
+  it("defaults chrome-relay snapshots to aria when format is omitted", () => {
     const resolved = resolveBrowserConfig({});
-    const profile = resolveProfile(resolved, "chrome");
+    const profile = resolveProfile(resolved, "chrome-relay");
     expect(profile).toBeTruthy();
 
     const plan = resolveSnapshotPlan({
diff --git a/src/browser/routes/agent.snapshot.ts b/src/browser/routes/agent.snapshot.ts
index 3d090de149c..80c11693a11 100644
--- a/src/browser/routes/agent.snapshot.ts
+++ b/src/browser/routes/agent.snapshot.ts
@@ -16,6 +16,7 @@ import {
   assertBrowserNavigationResultAllowed,
 } from "../navigation-guard.js";
 import { withBrowserNavigationPolicy } from "../navigation-guard.js";
+import { getBrowserProfileCapabilities } from "../profile-capabilities.js";
 import {
   DEFAULT_BROWSER_SCREENSHOT_MAX_BYTES,
   DEFAULT_BROWSER_SCREENSHOT_MAX_SIDE,
@@ -122,6 +123,27 @@ async function renderChromeMcpLabels(params: {
   return { labels, skipped };
 }
 
+async function saveNormalizedScreenshotResponse(params: {
+  res: BrowserResponse;
+  buffer: Buffer;
+  type: "png" | "jpeg";
+  targetId: string;
+  url: string;
+}) {
+  const normalized = await normalizeBrowserScreenshot(params.buffer, {
+    maxSide: DEFAULT_BROWSER_SCREENSHOT_MAX_SIDE,
+    maxBytes: DEFAULT_BROWSER_SCREENSHOT_MAX_BYTES,
+  });
+  await saveBrowserMediaResponse({
+    res: params.res,
+    buffer: normalized.buffer,
+    contentType: normalized.contentType ?? `image/${params.type}`,
+    maxBytes: DEFAULT_BROWSER_SCREENSHOT_MAX_BYTES,
+    targetId: params.targetId,
+    url: params.url,
+  });
+}
+
 async function saveBrowserMediaResponse(params: {
   res: BrowserResponse;
   buffer: Buffer;
@@ -204,7 +226,7 @@ export function registerBrowserAgentSnapshotRoutes(
       ctx,
       targetId,
       run: async ({ profileCtx, tab, cdpUrl }) => {
-        if (profileCtx.profile.driver === "existing-session") {
+        if (getBrowserProfileCapabilities(profileCtx.profile).usesChromeMcp) {
           const ssrfPolicyOpts = withBrowserNavigationPolicy(ctx.state().resolved.ssrfPolicy);
           await assertBrowserNavigationAllowed({ url, ...ssrfPolicyOpts });
           const result = await navigateChromeMcpPage({
@@ -242,7 +264,7 @@ export function registerBrowserAgentSnapshotRoutes(
     if (!profileCtx) {
       return;
     }
-    if (profileCtx.profile.driver === "existing-session") {
+    if (getBrowserProfileCapabilities(profileCtx.profile).usesChromeMcp) {
       return jsonError(
         res,
         501,
@@ -290,7 +312,7 @@ export function registerBrowserAgentSnapshotRoutes(
       ctx,
       targetId,
       run: async ({ profileCtx, tab, cdpUrl }) => {
-        if (profileCtx.profile.driver === "existing-session") {
+        if (getBrowserProfileCapabilities(profileCtx.profile).usesChromeMcp) {
           if (element) {
             return jsonError(
               res,
@@ -305,15 +327,10 @@ export function registerBrowserAgentSnapshotRoutes(
             fullPage,
             format: type,
           });
-          const normalized = await normalizeBrowserScreenshot(buffer, {
-            maxSide: DEFAULT_BROWSER_SCREENSHOT_MAX_SIDE,
-            maxBytes: DEFAULT_BROWSER_SCREENSHOT_MAX_BYTES,
-          });
-          await saveBrowserMediaResponse({
+          await saveNormalizedScreenshotResponse({
             res,
-            buffer: normalized.buffer,
-            contentType: normalized.contentType ?? `image/${type}`,
-            maxBytes: DEFAULT_BROWSER_SCREENSHOT_MAX_BYTES,
+            buffer,
+            type,
             targetId: tab.targetId,
             url: tab.url,
           });
@@ -350,15 +367,10 @@ export function registerBrowserAgentSnapshotRoutes(
           });
         }
 
-        const normalized = await normalizeBrowserScreenshot(buffer, {
-          maxSide: DEFAULT_BROWSER_SCREENSHOT_MAX_SIDE,
-          maxBytes: DEFAULT_BROWSER_SCREENSHOT_MAX_BYTES,
-        });
-        await saveBrowserMediaResponse({
+        await saveNormalizedScreenshotResponse({
           res,
-          buffer: normalized.buffer,
-          contentType: normalized.contentType ?? `image/${type}`,
-          maxBytes: DEFAULT_BROWSER_SCREENSHOT_MAX_BYTES,
+          buffer,
+          type,
           targetId: tab.targetId,
           url: tab.url,
         });
@@ -384,7 +396,7 @@ export function registerBrowserAgentSnapshotRoutes(
       if ((plan.labels || plan.mode === "efficient") && plan.format === "aria") {
         return jsonError(res, 400, "labels/mode=efficient require format=ai");
       }
-      if (profileCtx.profile.driver === "existing-session") {
+      if (getBrowserProfileCapabilities(profileCtx.profile).usesChromeMcp) {
         if (plan.selectorValue || plan.frameSelectorValue) {
           return jsonError(
             res,
diff --git a/src/browser/routes/basic.existing-session.test.ts b/src/browser/routes/basic.existing-session.test.ts
new file mode 100644
index 00000000000..34bcd9ee00b
--- /dev/null
+++ b/src/browser/routes/basic.existing-session.test.ts
@@ -0,0 +1,94 @@
+import { describe, expect, it, vi } from "vitest";
+import { BrowserProfileUnavailableError } from "../errors.js";
+import { registerBrowserBasicRoutes } from "./basic.js";
+import { createBrowserRouteApp, createBrowserRouteResponse } from "./test-helpers.js";
+
+vi.mock("../chrome-mcp.js", () => ({
+  getChromeMcpPid: vi.fn(() => 4321),
+}));
+
+describe("basic browser routes", () => {
+  it("maps existing-session status failures to JSON browser errors", async () => {
+    const { app, getHandlers } = createBrowserRouteApp();
+    registerBrowserBasicRoutes(app, {
+      state: () => ({
+        resolved: {
+          enabled: true,
+          headless: false,
+          noSandbox: false,
+          executablePath: undefined,
+        },
+        profiles: new Map(),
+      }),
+      forProfile: () =>
+        ({
+          profile: {
+            name: "chrome-live",
+            driver: "existing-session",
+            cdpPort: 0,
+            cdpUrl: "",
+            color: "#00AA00",
+            attachOnly: true,
+          },
+          isHttpReachable: async () => {
+            throw new BrowserProfileUnavailableError("attach failed");
+          },
+          isReachable: async () => true,
+        }) as never,
+    } as never);
+
+    const handler = getHandlers.get("/");
+    expect(handler).toBeTypeOf("function");
+
+    const response = createBrowserRouteResponse();
+    await handler?.({ params: {}, query: { profile: "chrome-live" } }, response.res);
+
+    expect(response.statusCode).toBe(409);
+    expect(response.body).toMatchObject({ error: "attach failed" });
+  });
+
+  it("reports Chrome MCP transport without fake CDP fields", async () => {
+    const { app, getHandlers } = createBrowserRouteApp();
+    registerBrowserBasicRoutes(app, {
+      state: () => ({
+        resolved: {
+          enabled: true,
+          headless: false,
+          noSandbox: false,
+          executablePath: undefined,
+        },
+        profiles: new Map(),
+      }),
+      forProfile: () =>
+        ({
+          profile: {
+            name: "chrome-live",
+            driver: "existing-session",
+            cdpPort: 0,
+            cdpUrl: "",
+            color: "#00AA00",
+            attachOnly: true,
+          },
+          isHttpReachable: async () => true,
+          isReachable: async () => true,
+        }) as never,
+    } as never);
+
+    const handler = getHandlers.get("/");
+    expect(handler).toBeTypeOf("function");
+
+    const response = createBrowserRouteResponse();
+    await handler?.({ params: {}, query: { profile: "chrome-live" } }, response.res);
+
+    expect(response.statusCode).toBe(200);
+    expect(response.body).toMatchObject({
+      profile: "chrome-live",
+      driver: "existing-session",
+      transport: "chrome-mcp",
+      running: true,
+      cdpPort: null,
+      cdpUrl: null,
+      pid: 4321,
+    });
+  });
+});
diff --git a/src/browser/routes/basic.ts b/src/browser/routes/basic.ts
index 9991744107d..f6123ac4cf0 100644
--- a/src/browser/routes/basic.ts
+++ b/src/browser/routes/basic.ts
@@ -1,12 +1,21 @@
 import { getChromeMcpPid } from "../chrome-mcp.js";
 import { resolveBrowserExecutableForPlatform } from "../chrome.executables.js";
 import { toBrowserErrorResponse } from "../errors.js";
+import { getBrowserProfileCapabilities } from "../profile-capabilities.js";
 import { createBrowserProfilesService } from "../profiles-service.js";
 import type { BrowserRouteContext, ProfileContext } from "../server-context.js";
 import { resolveProfileContext } from "./agent.shared.js";
 import type { BrowserRequest, BrowserResponse, BrowserRouteRegistrar } from "./types.js";
 import { getProfileContext, jsonError, toStringOrEmpty } from "./utils.js";
 
+function handleBrowserRouteError(res: BrowserResponse, err: unknown) {
+  const mapped = toBrowserErrorResponse(err);
+  if (mapped) {
+    return jsonError(res, mapped.status, mapped.message);
+  }
+  jsonError(res, 500, String(err));
+}
+
 async function withBasicProfileRoute(params: {
   req: BrowserRequest;
   res: BrowserResponse;
@@ -20,11 +29,21 @@ async function withBasicProfileRoute(params: {
   try {
     await params.run(profileCtx);
   } catch (err) {
-    const mapped = toBrowserErrorResponse(err);
-    if (mapped) {
-      return jsonError(params.res, mapped.status, mapped.message);
-    }
-    jsonError(params.res, 500, String(err));
+    return handleBrowserRouteError(params.res, err);
+  }
+}
+
+async function withProfilesServiceMutation(params: {
+  res: BrowserResponse;
+  ctx: BrowserRouteContext;
+  run: (service: ReturnType<typeof createBrowserProfilesService>) => Promise<unknown>;
+}) {
+  try {
+    const service = createBrowserProfilesService(params.ctx);
+    const result = await params.run(service);
+    params.res.json(result);
+  } catch (err) {
+    return handleBrowserRouteError(params.res, err);
   }
 }
 
@@ -54,50 +73,59 @@ export function registerBrowserBasicRoutes(app: BrowserRouteRegistrar, ctx: Brow
       return jsonError(res, profileCtx.status, profileCtx.error);
     }
 
-    const [cdpHttp, cdpReady] = await Promise.all([
-      profileCtx.isHttpReachable(300),
-      profileCtx.isReachable(600),
-    ]);
-
-    const profileState = current.profiles.get(profileCtx.profile.name);
-    let detectedBrowser: string | null = null;
-    let detectedExecutablePath: string | null = null;
-    let detectError: string | null = null;
-
     try {
-      const detected = resolveBrowserExecutableForPlatform(current.resolved, process.platform);
-      if (detected) {
-        detectedBrowser = detected.kind;
-        detectedExecutablePath = detected.path;
-      }
-    } catch (err) {
-      detectError = String(err);
-    }
+      const [cdpHttp, cdpReady] = await Promise.all([
+        profileCtx.isHttpReachable(300),
+        profileCtx.isReachable(600),
+      ]);
 
-    res.json({
-      enabled: current.resolved.enabled,
-      profile: profileCtx.profile.name,
-      driver: profileCtx.profile.driver,
-      running: cdpReady,
-      cdpReady,
-      cdpHttp,
-      pid:
-        profileCtx.profile.driver === "existing-session"
+      const profileState = current.profiles.get(profileCtx.profile.name);
+      const capabilities = getBrowserProfileCapabilities(profileCtx.profile);
+      let detectedBrowser: string | null = null;
+      let detectedExecutablePath: string | null = null;
+      let detectError: string | null = null;
+
+      try {
+        const detected = resolveBrowserExecutableForPlatform(current.resolved, process.platform);
+        if (detected) {
+          detectedBrowser = detected.kind;
+          detectedExecutablePath = detected.path;
+        }
+      } catch (err) {
+        detectError = String(err);
+      }
+
+      res.json({
+        enabled: current.resolved.enabled,
+        profile: profileCtx.profile.name,
+        driver: profileCtx.profile.driver,
+        transport: capabilities.usesChromeMcp ? "chrome-mcp" : "cdp",
+        running: cdpReady,
+        cdpReady,
+        cdpHttp,
+        pid: capabilities.usesChromeMcp
           ? getChromeMcpPid(profileCtx.profile.name)
           : (profileState?.running?.pid ?? null),
-      cdpPort: profileCtx.profile.cdpPort,
-      cdpUrl: profileCtx.profile.cdpUrl,
-      chosenBrowser: profileState?.running?.exe.kind ?? null,
-      detectedBrowser,
-      detectedExecutablePath,
-      detectError,
-      userDataDir: profileState?.running?.userDataDir ?? null,
-      color: profileCtx.profile.color,
-      headless: current.resolved.headless,
-      noSandbox: current.resolved.noSandbox,
-      executablePath: current.resolved.executablePath ?? null,
-      attachOnly: profileCtx.profile.attachOnly,
-    });
+        cdpPort: capabilities.usesChromeMcp ? null : profileCtx.profile.cdpPort,
+        cdpUrl: capabilities.usesChromeMcp ? null : profileCtx.profile.cdpUrl,
+        chosenBrowser: profileState?.running?.exe.kind ?? null,
+        detectedBrowser,
+        detectedExecutablePath,
+        detectError,
+        userDataDir: profileState?.running?.userDataDir ?? null,
+        color: profileCtx.profile.color,
+        headless: current.resolved.headless,
+        noSandbox: current.resolved.noSandbox,
+        executablePath: current.resolved.executablePath ?? null,
+        attachOnly: profileCtx.profile.attachOnly,
+      });
+    } catch (err) {
+      const mapped = toBrowserErrorResponse(err);
+      if (mapped) {
+        return jsonError(res, mapped.status, mapped.message);
+      }
+      jsonError(res, 500, String(err));
+    }
   });
 
   // Start browser (profile-aware)
@@ -158,27 +186,22 @@ export function registerBrowserBasicRoutes(app: BrowserRouteRegistrar, ctx: Brow
       return jsonError(res, 400, "name is required");
     }
 
-    try {
-      const service = createBrowserProfilesService(ctx);
-      const result = await service.createProfile({
-        name,
-        color: color || undefined,
-        cdpUrl: cdpUrl || undefined,
-        driver:
-          driver === "extension"
-            ? "extension"
-            : driver === "existing-session"
-              ? "existing-session"
-              : undefined,
-      });
-      res.json(result);
-    } catch (err) {
-      const mapped = toBrowserErrorResponse(err);
-      if (mapped) {
-        return jsonError(res, mapped.status, mapped.message);
-      }
-      jsonError(res, 500, String(err));
-    }
+    await withProfilesServiceMutation({
+      res,
+      ctx,
+      run: async (service) =>
+        await service.createProfile({
+          name,
+          color: color || undefined,
+          cdpUrl: cdpUrl || undefined,
+          driver:
+            driver === "extension"
+              ? "extension"
+              : driver === "existing-session"
+                ? "existing-session"
+                : undefined,
+        }),
+    });
   });
 
   // Delete a profile
@@ -188,16 +211,10 @@ export function registerBrowserBasicRoutes(app: BrowserRouteRegistrar, ctx: Brow
       return jsonError(res, 400, "profile name is required");
     }
 
-    try {
-      const service = createBrowserProfilesService(ctx);
-      const result = await service.deleteProfile(name);
-      res.json(result);
-    } catch (err) {
-      const mapped = toBrowserErrorResponse(err);
-      if (mapped) {
-        return jsonError(res, mapped.status, mapped.message);
-      }
-      jsonError(res, 500, String(err));
-    }
+    await withProfilesServiceMutation({
+      res,
+      ctx,
+      run: async (service) => await service.deleteProfile(name),
+    });
   });
 }
diff --git a/src/browser/routes/test-helpers.ts b/src/browser/routes/test-helpers.ts
new file mode 100644
index 00000000000..e6b046a9878
--- /dev/null
+++ b/src/browser/routes/test-helpers.ts
@@ -0,0 +1,36 @@
+import type { BrowserResponse, BrowserRouteHandler, BrowserRouteRegistrar } from "./types.js";
+
+export function createBrowserRouteApp() {
+  const getHandlers = new Map<string, BrowserRouteHandler>();
+  const postHandlers = new Map<string, BrowserRouteHandler>();
+  const deleteHandlers = new Map<string, BrowserRouteHandler>();
+  const app: BrowserRouteRegistrar = {
+    get: (path, handler) => void getHandlers.set(path, handler),
+    post: (path, handler) => void postHandlers.set(path, handler),
+    delete: (path, handler) => void deleteHandlers.set(path, handler),
+  };
+  return { app, getHandlers, postHandlers, deleteHandlers };
+}
+
+export function createBrowserRouteResponse() {
+  let statusCode = 200;
+  let jsonBody: unknown;
+  const res: BrowserResponse = {
+    status(code) {
+      statusCode = code;
+      return res;
+    },
+    json(body) {
+      jsonBody = body;
+    },
+  };
+  return {
+    res,
+    get statusCode() {
+      return statusCode;
+    },
+    get body() {
+      return jsonBody;
+    },
+  };
+}
diff --git a/src/browser/server-context.availability.ts b/src/browser/server-context.availability.ts
index d2d9944d964..3b991bbbdfe 100644
--- a/src/browser/server-context.availability.ts
+++ b/src/browser/server-context.availability.ts
@@ -65,8 +65,8 @@ export function createProfileAvailability({
     });
 
   const isReachable = async (timeoutMs?: number) => {
-    if (profile.driver === "existing-session") {
-      await ensureChromeMcpAvailable(profile.name);
+    if (capabilities.usesChromeMcp) {
+      // listChromeMcpTabs creates the session if needed — no separate ensureChromeMcpAvailable call required
       await listChromeMcpTabs(profile.name);
       return true;
     }
@@ -75,7 +75,7 @@ export function createProfileAvailability({
   };
 
   const isHttpReachable = async (timeoutMs?: number) => {
-    if (profile.driver === "existing-session") {
+    if (capabilities.usesChromeMcp) {
       return await isReachable(timeoutMs);
     }
     const { httpTimeoutMs } = resolveTimeouts(timeoutMs);
@@ -122,7 +122,7 @@ export function createProfileAvailability({
     if (previousProfile.driver === "extension") {
       await stopChromeExtensionRelayServer({ cdpUrl: previousProfile.cdpUrl }).catch(() => false);
     }
-    if (previousProfile.driver === "existing-session") {
+    if (getBrowserProfileCapabilities(previousProfile).usesChromeMcp) {
       await closeChromeMcpSession(previousProfile.name).catch(() => false);
     }
     await closePlaywrightBrowserConnectionForProfile(previousProfile.cdpUrl);
@@ -154,7 +154,7 @@ export function createProfileAvailability({
 
   const ensureBrowserAvailable = async (): Promise<void> => {
     await reconcileProfileRuntime();
-    if (profile.driver === "existing-session") {
+    if (capabilities.usesChromeMcp) {
       await ensureChromeMcpAvailable(profile.name);
       return;
     }
@@ -258,7 +258,7 @@ export function createProfileAvailability({
 
   const stopRunningBrowser = async (): Promise<{ stopped: boolean }> => {
     await reconcileProfileRuntime();
-    if (profile.driver === "existing-session") {
+    if (capabilities.usesChromeMcp) {
       const stopped = await closeChromeMcpSession(profile.name);
       return { stopped };
     }
diff --git a/src/browser/server-context.ensure-tab-available.prefers-last-target.test.ts b/src/browser/server-context.ensure-tab-available.prefers-last-target.test.ts
index 13c5f82e31d..d3760bd460d 100644
--- a/src/browser/server-context.ensure-tab-available.prefers-last-target.test.ts
+++ b/src/browser/server-context.ensure-tab-available.prefers-last-target.test.ts
@@ -25,9 +25,9 @@ function makeBrowserState(): BrowserServerState {
       headless: true,
       noSandbox: false,
       attachOnly: false,
-      defaultProfile: "chrome",
+      defaultProfile: "chrome-relay",
       profiles: {
-        chrome: {
+        "chrome-relay": {
           driver: "extension",
           cdpUrl: "http://127.0.0.1:18792",
           cdpPort: 18792,
@@ -92,10 +92,10 @@ describe("browser server-context ensureTabAvailable", () => {
       getState: () => state,
     });
 
-    const chrome = ctx.forProfile("chrome");
-    const first = await chrome.ensureTabAvailable();
+    const chromeRelay = ctx.forProfile("chrome-relay");
+    const first = await chromeRelay.ensureTabAvailable();
     expect(first.targetId).toBe("A");
-    const second = await chrome.ensureTabAvailable();
+    const second = await chromeRelay.ensureTabAvailable();
     expect(second.targetId).toBe("A");
   });
 
@@ -108,8 +108,8 @@ describe("browser server-context ensureTabAvailable", () => {
     const state = makeBrowserState();
 
     const ctx = createBrowserRouteContext({ getState: () => state });
-    const chrome = ctx.forProfile("chrome");
-    await expect(chrome.ensureTabAvailable("NOT_A_TAB")).rejects.toThrow(/tab not found/i);
+    const chromeRelay = ctx.forProfile("chrome-relay");
+    await expect(chromeRelay.ensureTabAvailable("NOT_A_TAB")).rejects.toThrow(/tab not found/i);
   });
 
   it("returns a descriptive message when no extension tabs are attached", async () => {
@@ -118,8 +118,8 @@ describe("browser server-context ensureTabAvailable", () => {
     const state = makeBrowserState();
 
     const ctx = createBrowserRouteContext({ getState: () => state });
-    const chrome = ctx.forProfile("chrome");
-    await expect(chrome.ensureTabAvailable()).rejects.toThrow(/no attached Chrome tabs/i);
+    const chromeRelay = ctx.forProfile("chrome-relay");
+    await expect(chromeRelay.ensureTabAvailable()).rejects.toThrow(/no attached Chrome tabs/i);
   });
 
   it("waits briefly for extension tabs to reappear when a previous target exists", async () => {
@@ -138,11 +138,11 @@ describe("browser server-context ensureTabAvailable", () => {
       const state = makeBrowserState();
 
       const ctx = createBrowserRouteContext({ getState: () => state });
-      const chrome = ctx.forProfile("chrome");
-      const first = await chrome.ensureTabAvailable();
+      const chromeRelay = ctx.forProfile("chrome-relay");
+      const first = await chromeRelay.ensureTabAvailable();
       expect(first.targetId).toBe("A");
 
-      const secondPromise = chrome.ensureTabAvailable();
+      const secondPromise = chromeRelay.ensureTabAvailable();
       await vi.advanceTimersByTimeAsync(250);
       const second = await secondPromise;
       expect(second.targetId).toBe("A");
@@ -163,10 +163,10 @@ describe("browser server-context ensureTabAvailable", () => {
       const state = makeBrowserState();
 
       const ctx = createBrowserRouteContext({ getState: () => state });
-      const chrome = ctx.forProfile("chrome");
-      await chrome.ensureTabAvailable();
+      const chromeRelay = ctx.forProfile("chrome-relay");
+      await chromeRelay.ensureTabAvailable();
 
-      const pending = expect(chrome.ensureTabAvailable()).rejects.toThrow(
+      const pending = expect(chromeRelay.ensureTabAvailable()).rejects.toThrow(
         /no attached Chrome tabs/i,
       );
       await vi.advanceTimersByTimeAsync(3_500);
diff --git a/src/browser/server-context.selection.ts b/src/browser/server-context.selection.ts
index 9e1fb728b2a..f0ce3e25e06 100644
--- a/src/browser/server-context.selection.ts
+++ b/src/browser/server-context.selection.ts
@@ -112,7 +112,7 @@ export function createProfileSelectionOps({
   const focusTab = async (targetId: string): Promise<void> => {
     const resolvedTargetId = await resolveTargetIdOrThrow(targetId);
 
-    if (profile.driver === "existing-session") {
+    if (capabilities.usesChromeMcp) {
       await focusChromeMcpTab(profile.name, resolvedTargetId);
       const profileState = getProfileState();
       profileState.lastTargetId = resolvedTargetId;
@@ -142,7 +142,7 @@ export function createProfileSelectionOps({
   const closeTab = async (targetId: string): Promise<void> => {
     const resolvedTargetId = await resolveTargetIdOrThrow(targetId);
 
-    if (profile.driver === "existing-session") {
+    if (capabilities.usesChromeMcp) {
       await closeChromeMcpTab(profile.name, resolvedTargetId);
       return;
     }
diff --git a/src/browser/server-context.tab-ops.ts b/src/browser/server-context.tab-ops.ts
index 067536fd017..66a134564c6 100644
--- a/src/browser/server-context.tab-ops.ts
+++ b/src/browser/server-context.tab-ops.ts
@@ -66,7 +66,7 @@ export function createProfileTabOps({
   const capabilities = getBrowserProfileCapabilities(profile);
 
   const listTabs = async (): Promise<BrowserTab[]> => {
-    if (profile.driver === "existing-session") {
+    if (capabilities.usesChromeMcp) {
       return await listChromeMcpTabs(profile.name);
     }
 
@@ -139,7 +139,7 @@ export function createProfileTabOps({
   const openTab = async (url: string): Promise<BrowserTab> => {
     const ssrfPolicyOpts = withBrowserNavigationPolicy(state().resolved.ssrfPolicy);
 
-    if (profile.driver === "existing-session") {
+    if (capabilities.usesChromeMcp) {
       await assertBrowserNavigationAllowed({ url, ...ssrfPolicyOpts });
       const page = await openChromeMcpTab(profile.name, url);
       const profileState = getProfileState();
diff --git a/src/browser/server-context.ts b/src/browser/server-context.ts
index 37e182f1e69..0ba29ad38cf 100644
--- a/src/browser/server-context.ts
+++ b/src/browser/server-context.ts
@@ -4,6 +4,7 @@ import type { ResolvedBrowserProfile } from "./config.js";
 import { resolveProfile } from "./config.js";
 import { BrowserProfileNotFoundError, toBrowserErrorResponse } from "./errors.js";
 import { InvalidBrowserNavigationUrlError } from "./navigation-guard.js";
+import { getBrowserProfileCapabilities } from "./profile-capabilities.js";
 import {
   refreshResolvedBrowserConfigFromDisk,
   resolveBrowserProfileWithHotReload,
@@ -159,12 +160,13 @@ export function createBrowserRouteContext(opts: ContextOptions): BrowserRouteCon
       if (!profile) {
         continue;
       }
+      const capabilities = getBrowserProfileCapabilities(profile);
 
       let tabCount = 0;
       let running = false;
       const profileCtx = createProfileContext(opts, profile);
 
-      if (profile.driver === "existing-session") {
+      if (capabilities.usesChromeMcp) {
         try {
           running = await profileCtx.isReachable(300);
           if (running) {
@@ -198,8 +200,9 @@ export function createBrowserRouteContext(opts: ContextOptions): BrowserRouteCon
 
       result.push({
         name,
-        cdpPort: profile.cdpPort,
-        cdpUrl: profile.cdpUrl,
+        transport: capabilities.usesChromeMcp ? "chrome-mcp" : "cdp",
+        cdpPort: capabilities.usesChromeMcp ? null : profile.cdpPort,
+        cdpUrl: capabilities.usesChromeMcp ? null : profile.cdpUrl,
         color: profile.color,
         driver: profile.driver,
         running,
diff --git a/src/browser/server-context.types.ts b/src/browser/server-context.types.ts
index 8f949b96da6..b8ad7aa329d 100644
--- a/src/browser/server-context.types.ts
+++ b/src/browser/server-context.types.ts
@@ -1,5 +1,6 @@
 import type { Server } from "node:http";
 import type { RunningChrome } from "./chrome.js";
+import type { BrowserTransport } from "./client.js";
 import type { BrowserTab } from "./client.js";
 import type { ResolvedBrowserConfig, ResolvedBrowserProfile } from "./config.js";
 
@@ -53,8 +54,9 @@ export type ProfileContext = {
 
 export type ProfileStatus = {
   name: string;
-  cdpPort: number;
-  cdpUrl: string;
+  transport: BrowserTransport;
+  cdpPort: number | null;
+  cdpUrl: string | null;
   color: string;
   driver: ResolvedBrowserProfile["driver"];
   running: boolean;
diff --git a/src/browser/server-lifecycle.test.ts b/src/browser/server-lifecycle.test.ts
index e2395f99f04..5ef331f1784 100644
--- a/src/browser/server-lifecycle.test.ts
+++ b/src/browser/server-lifecycle.test.ts
@@ -43,7 +43,7 @@ describe("ensureExtensionRelayForProfiles", () => {
 
   it("starts relay only for extension profiles", async () => {
     resolveProfileMock.mockImplementation((_resolved: unknown, name: string) => {
-      if (name === "chrome") {
+      if (name === "chrome-relay") {
         return { driver: "extension", cdpUrl: "http://127.0.0.1:18888" };
       }
       return { driver: "openclaw", cdpUrl: "http://127.0.0.1:18889" };
@@ -53,7 +53,7 @@ describe("ensureExtensionRelayForProfiles", () => {
     await ensureExtensionRelayForProfiles({
       resolved: {
         profiles: {
-          chrome: {},
+          "chrome-relay": {},
           openclaw: {},
         },
       } as never,
@@ -72,12 +72,12 @@ describe("ensureExtensionRelayForProfiles", () => {
     const onWarn = vi.fn();
 
     await ensureExtensionRelayForProfiles({
-      resolved: { profiles: { chrome: {} } } as never,
+      resolved: { profiles: { "chrome-relay": {} } } as never,
       onWarn,
     });
 
     expect(onWarn).toHaveBeenCalledWith(
-      'Chrome extension relay init failed for profile "chrome": Error: boom',
+      'Chrome extension relay init failed for profile "chrome-relay": Error: boom',
     );
   });
 });
@@ -91,10 +91,10 @@ describe("stopKnownBrowserProfiles", () => {
   });
 
   it("stops all known profiles and ignores per-profile failures", async () => {
-    listKnownProfileNamesMock.mockReturnValue(["openclaw", "chrome"]);
+    listKnownProfileNamesMock.mockReturnValue(["openclaw", "chrome-relay"]);
     const stopMap: Record<string, ReturnType<typeof vi.fn>> = {
       openclaw: vi.fn(async () => {}),
-      chrome: vi.fn(async () => {
+      "chrome-relay": vi.fn(async () => {
         throw new Error("profile stop failed");
       }),
     };
@@ -112,7 +112,7 @@ describe("stopKnownBrowserProfiles", () => {
     });
 
     expect(stopMap.openclaw).toHaveBeenCalledTimes(1);
-    expect(stopMap.chrome).toHaveBeenCalledTimes(1);
+    expect(stopMap["chrome-relay"]).toHaveBeenCalledTimes(1);
     expect(onWarn).not.toHaveBeenCalled();
   });
 
diff --git a/src/browser/server.agent-contract-snapshot-endpoints.test.ts b/src/browser/server.agent-contract-snapshot-endpoints.test.ts
index 7e300fe5aee..837a122becd 100644
--- a/src/browser/server.agent-contract-snapshot-endpoints.test.ts
+++ b/src/browser/server.agent-contract-snapshot-endpoints.test.ts
@@ -96,10 +96,14 @@ describe("browser control server", () => {
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({ kind: "click", selector: "button.save" }),
     });
-    expect(clickSelector.status).toBe(400);
-    expect(((await clickSelector.json()) as { error?: string }).error).toMatch(
-      /'selector' is not supported/i,
-    );
+    expect(clickSelector.status).toBe(200);
+    expect(((await clickSelector.json()) as { ok?: boolean }).ok).toBe(true);
+    expect(pwMocks.clickViaPlaywright).toHaveBeenNthCalledWith(2, {
+      cdpUrl: state.cdpBaseUrl,
+      targetId: "abcd1234",
+      selector: "button.save",
+      doubleClick: false,
+    });
 
     const type = await postJson<{ ok: boolean }>(`${base}/act`, {
       kind: "type",
diff --git a/src/browser/snapshot-roles.ts b/src/browser/snapshot-roles.ts
new file mode 100644
index 00000000000..8e5d873e557
--- /dev/null
+++ b/src/browser/snapshot-roles.ts
@@ -0,0 +1,63 @@
+/**
+ * Shared ARIA role classification sets used by both the Playwright and Chrome MCP
+ * snapshot paths. Keep these in sync — divergence causes the two drivers to produce
+ * different snapshot output for the same page.
+ */
+
+/** Roles that represent user-interactive elements and always get a ref. */
+export const INTERACTIVE_ROLES = new Set([
+  "button",
+  "checkbox",
+  "combobox",
+  "link",
+  "listbox",
+  "menuitem",
+  "menuitemcheckbox",
+  "menuitemradio",
+  "option",
+  "radio",
+  "searchbox",
+  "slider",
+  "spinbutton",
+  "switch",
+  "tab",
+  "textbox",
+  "treeitem",
+]);
+
+/** Roles that carry meaningful content and get a ref when named. */
+export const CONTENT_ROLES = new Set([
+  "article",
+  "cell",
+  "columnheader",
+  "gridcell",
+  "heading",
+  "listitem",
+  "main",
+  "navigation",
+  "region",
+  "rowheader",
+]);
+
+/** Structural/container roles — typically skipped in compact mode. */
+export const STRUCTURAL_ROLES = new Set([
+  "application",
+  "directory",
+  "document",
+  "generic",
+  "grid",
+  "group",
+  "ignored",
+  "list",
+  "menu",
+  "menubar",
+  "none",
+  "presentation",
+  "row",
+  "rowgroup",
+  "table",
+  "tablist",
+  "toolbar",
+  "tree",
+  "treegrid",
+]);
diff --git a/src/browser/url-pattern.test.ts b/src/browser/url-pattern.test.ts
new file mode 100644
index 00000000000..1cfdc06c36f
--- /dev/null
+++ b/src/browser/url-pattern.test.ts
@@ -0,0 +1,26 @@
+import { describe, expect, it } from "vitest";
+import { matchBrowserUrlPattern } from "./url-pattern.js";
+
+describe("browser url pattern matching", () => {
+  it("matches exact URLs", () => {
+    expect(matchBrowserUrlPattern("https://example.com/a", "https://example.com/a")).toBe(true);
+    expect(matchBrowserUrlPattern("https://example.com/a", "https://example.com/b")).toBe(false);
+  });
+
+  it("matches substring patterns without wildcards", () => {
+    expect(matchBrowserUrlPattern("example.com", "https://example.com/a")).toBe(true);
+    expect(matchBrowserUrlPattern("/dash", "https://example.com/app/dash")).toBe(true);
+    expect(matchBrowserUrlPattern("nope", "https://example.com/a")).toBe(false);
+  });
+
+  it("matches glob patterns", () => {
+    expect(matchBrowserUrlPattern("**/dash", "https://example.com/app/dash")).toBe(true);
+    expect(matchBrowserUrlPattern("https://example.com/*", "https://example.com/a")).toBe(true);
+    expect(matchBrowserUrlPattern("https://example.com/*", "https://other.com/a")).toBe(false);
+  });
+
+  it("rejects empty patterns", () => {
+    expect(matchBrowserUrlPattern("", "https://example.com")).toBe(false);
+    expect(matchBrowserUrlPattern("   ", "https://example.com")).toBe(false);
+  });
+});
diff --git a/src/browser/url-pattern.ts b/src/browser/url-pattern.ts
new file mode 100644
index 00000000000..2ff99657d26
--- /dev/null
+++ b/src/browser/url-pattern.ts
@@ -0,0 +1,15 @@
+export function matchBrowserUrlPattern(pattern: string, url: string): boolean {
+  const trimmedPattern = pattern.trim();
+  if (!trimmedPattern) {
+    return false;
+  }
+  if (trimmedPattern === url) {
+    return true;
+  }
+  if (trimmedPattern.includes("*")) {
+    const escaped = trimmedPattern.replace(/[|\\{}()[\]^$+?.]/g, "\\$&");
+    const regex = new RegExp(`^${escaped.replace(/\*\*/g, ".*").replace(/\*/g, ".*")}$`);
+    return regex.test(url);
+  }
+  return url.includes(trimmedPattern);
+}
diff --git a/src/canvas-host/server.test.ts b/src/canvas-host/server.test.ts
index 7b76f72e71c..05fdb47528e 100644
--- a/src/canvas-host/server.test.ts
+++ b/src/canvas-host/server.test.ts
@@ -22,6 +22,11 @@ const CANVAS_WS_OPEN_TIMEOUT_MS = 2_000;
 const CANVAS_RELOAD_TIMEOUT_MS = 4_000;
 const CANVAS_RELOAD_TEST_TIMEOUT_MS = 12_000;
 
+function isLoopbackBindDenied(error: unknown) {
+  const code = (error as NodeJS.ErrnoException | undefined)?.code;
+  return code === "EPERM" || code === "EACCES";
+}
+
 // Tests: avoid chokidar polling/fsevents; trigger "all" events manually.
 vi.mock("chokidar", () => {
   const createWatcher = () => {
@@ -102,8 +107,15 @@ describe("canvas host", () => {
 
   it("creates a default index.html when missing", async () => {
     const dir = await createCaseDir();
-
-    const server = await startFixtureCanvasHost(dir);
+    let server: Awaited<ReturnType<typeof startFixtureCanvasHost>>;
+    try {
+      server = await startFixtureCanvasHost(dir);
+    } catch (error) {
+      if (isLoopbackBindDenied(error)) {
+        return;
+      }
+      throw error;
+    }
 
     try {
       const { res, html } = await fetchCanvasHtml(server.port);
@@ -119,8 +131,15 @@ describe("canvas host", () => {
   it("skips live reload injection when disabled", async () => {
     const dir = await createCaseDir();
     await fs.writeFile(path.join(dir, "index.html"), "<html><body>no-reload</body></html>", "utf8");
-
-    const server = await startFixtureCanvasHost(dir, { liveReload: false });
+    let server: Awaited<ReturnType<typeof startFixtureCanvasHost>>;
+    try {
+      server = await startFixtureCanvasHost(dir, { liveReload: false });
+    } catch (error) {
+      if (isLoopbackBindDenied(error)) {
+        return;
+      }
+      throw error;
+    }
 
     try {
       const { res, html } = await fetchCanvasHtml(server.port);
@@ -162,8 +181,27 @@ describe("canvas host", () => {
       }
       socket.destroy();
     });
-
-    await new Promise<void>((resolve) => server.listen(0, "127.0.0.1", resolve));
+    try {
+      await new Promise<void>((resolve, reject) => {
+        const onError = (error: Error) => {
+          server.off("listening", onListening);
+          reject(error);
+        };
+        const onListening = () => {
+          server.off("error", onError);
+          resolve();
+        };
+        server.once("error", onError);
+        server.once("listening", onListening);
+        server.listen(0, "127.0.0.1");
+      });
+    } catch (error) {
+      await handler.close();
+      if (isLoopbackBindDenied(error)) {
+        return;
+      }
+      throw error;
+    }
     const port = (server.address() as AddressInfo).port;
 
     try {
@@ -210,7 +248,15 @@ describe("canvas host", () => {
       await fs.writeFile(index, "<html><body>v1</body></html>", "utf8");
 
       const watcherStart = chokidarMockState.watchers.length;
-      const server = await startFixtureCanvasHost(dir);
+      let server: Awaited<ReturnType<typeof startFixtureCanvasHost>>;
+      try {
+        server = await startFixtureCanvasHost(dir);
+      } catch (error) {
+        if (isLoopbackBindDenied(error)) {
+          return;
+        }
+        throw error;
+      }
 
       try {
         const watcher = chokidarMockState.watchers[watcherStart];
@@ -267,6 +313,7 @@ describe("canvas host", () => {
     const linkPath = path.join(a2uiRoot, linkName);
     let createdBundle = false;
     let createdLink = false;
+    let server: Awaited<ReturnType<typeof startFixtureCanvasHost>> | undefined;
 
     try {
       await fs.stat(bundlePath);
@@ -278,9 +325,16 @@ describe("canvas host", () => {
     await fs.symlink(path.join(process.cwd(), "package.json"), linkPath);
     createdLink = true;
 
-    const server = await startFixtureCanvasHost(dir);
-
     try {
+      try {
+        server = await startFixtureCanvasHost(dir);
+      } catch (error) {
+        if (isLoopbackBindDenied(error)) {
+          return;
+        }
+        throw error;
+      }
+
       const res = await fetch(`http://127.0.0.1:${server.port}/__openclaw__/a2ui/`);
       const html = await res.text();
       expect(res.status).toBe(200);
@@ -302,7 +356,7 @@ describe("canvas host", () => {
       expect(symlinkRes.status).toBe(404);
       expect(await symlinkRes.text()).toBe("not found");
     } finally {
-      await server.close();
+      await server?.close();
       if (createdLink) {
         await fs.rm(linkPath, { force: true });
       }
diff --git a/src/channel-web.ts b/src/channel-web.ts
index bd0590412c7..99e36ef67bc 100644
--- a/src/channel-web.ts
+++ b/src/channel-web.ts
@@ -9,17 +9,17 @@ export {
   runWebHeartbeatOnce,
   type WebChannelStatus,
   type WebMonitorTuning,
-} from "./web/auto-reply.js";
+} from "../extensions/whatsapp/src/auto-reply.js";
 export {
   extractMediaPlaceholder,
   extractText,
   monitorWebInbox,
   type WebInboundMessage,
   type WebListenerCloseReason,
-} from "./web/inbound.js";
-export { loginWeb } from "./web/login.js";
-export { loadWebMedia, optimizeImageToJpeg } from "./web/media.js";
-export { sendMessageWhatsApp } from "./web/outbound.js";
+} from "../extensions/whatsapp/src/inbound.js";
+export { loginWeb } from "../extensions/whatsapp/src/login.js";
+export { loadWebMedia, optimizeImageToJpeg } from "../extensions/whatsapp/src/media.js";
+export { sendMessageWhatsApp } from "../extensions/whatsapp/src/send.js";
 export {
   createWaSocket,
   formatError,
@@ -30,4 +30,4 @@ export {
   WA_WEB_AUTH_DIR,
   waitForWaConnection,
   webAuthExists,
-} from "./web/session.js";
+} from "../extensions/whatsapp/src/session.js";
diff --git a/src/channels/allowlist-match.ts b/src/channels/allowlist-match.ts
index f32d5a2487c..8c105f1e51b 100644
--- a/src/channels/allowlist-match.ts
+++ b/src/channels/allowlist-match.ts
@@ -60,11 +60,24 @@ export function resolveAllowlistCandidates<TSource extends string>(params: {
   return { allowed: false };
 }
 
+export function resolveCompiledAllowlistMatch<TSource extends string>(params: {
+  compiledAllowlist: CompiledAllowlist;
+  candidates: Array<{ value?: string; source: TSource }>;
+}): AllowlistMatch<TSource> {
+  if (params.compiledAllowlist.set.size === 0) {
+    return { allowed: false };
+  }
+  if (params.compiledAllowlist.wildcard) {
+    return { allowed: true, matchKey: "*", matchSource: "wildcard" as TSource };
+  }
+  return resolveAllowlistCandidates(params);
+}
+
 export function resolveAllowlistMatchByCandidates<TSource extends string>(params: {
   allowList: ReadonlyArray<string>;
   candidates: Array<{ value?: string; source: TSource }>;
 }): AllowlistMatch<TSource> {
-  return resolveAllowlistCandidates({
+  return resolveCompiledAllowlistMatch({
     compiledAllowlist: compileAllowlist(params.allowList),
     candidates: params.candidates,
   });
diff --git a/src/channels/command-gating.test.ts b/src/channels/command-gating.test.ts
index 5ea0614e287..9b3f645e515 100644
--- a/src/channels/command-gating.test.ts
+++ b/src/channels/command-gating.test.ts
@@ -2,6 +2,7 @@ import { describe, expect, it } from "vitest";
 import {
   resolveCommandAuthorizedFromAuthorizers,
   resolveControlCommandGate,
+  resolveDualTextControlCommandGate,
 } from "./command-gating.js";
 
 describe("resolveCommandAuthorizedFromAuthorizers", () => {
@@ -94,4 +95,17 @@ describe("resolveControlCommandGate", () => {
     });
     expect(result.shouldBlock).toBe(false);
   });
+
+  it("supports the dual-authorizer text gate helper", () => {
+    const result = resolveDualTextControlCommandGate({
+      useAccessGroups: true,
+      primaryConfigured: true,
+      primaryAllowed: false,
+      secondaryConfigured: true,
+      secondaryAllowed: true,
+      hasControlCommand: true,
+    });
+    expect(result.commandAuthorized).toBe(true);
+    expect(result.shouldBlock).toBe(false);
+  });
 });
diff --git a/src/channels/command-gating.ts b/src/channels/command-gating.ts
index 1492d4760a4..068db8328be 100644
--- a/src/channels/command-gating.ts
+++ b/src/channels/command-gating.ts
@@ -43,3 +43,24 @@ export function resolveControlCommandGate(params: {
   const shouldBlock = params.allowTextCommands && params.hasControlCommand && !commandAuthorized;
   return { commandAuthorized, shouldBlock };
 }
+
+export function resolveDualTextControlCommandGate(params: {
+  useAccessGroups: boolean;
+  primaryConfigured: boolean;
+  primaryAllowed: boolean;
+  secondaryConfigured: boolean;
+  secondaryAllowed: boolean;
+  hasControlCommand: boolean;
+  modeWhenAccessGroupsOff?: CommandGatingModeWhenAccessGroupsOff;
+}): { commandAuthorized: boolean; shouldBlock: boolean } {
+  return resolveControlCommandGate({
+    useAccessGroups: params.useAccessGroups,
+    authorizers: [
+      { configured: params.primaryConfigured, allowed: params.primaryAllowed },
+      { configured: params.secondaryConfigured, allowed: params.secondaryAllowed },
+    ],
+    allowTextCommands: true,
+    hasControlCommand: params.hasControlCommand,
+    modeWhenAccessGroupsOff: params.modeWhenAccessGroupsOff,
+  });
+}
diff --git a/src/channels/dock.ts b/src/channels/dock.ts
index 52965790beb..e080d513c16 100644
--- a/src/channels/dock.ts
+++ b/src/channels/dock.ts
@@ -1,8 +1,13 @@
+import { inspectDiscordAccount } from "../../extensions/discord/src/account-inspect.js";
+import { resolveSignalAccount } from "../../extensions/signal/src/accounts.js";
+import { inspectSlackAccount } from "../../extensions/slack/src/account-inspect.js";
+import { resolveSlackReplyToMode } from "../../extensions/slack/src/accounts.js";
+import { buildSlackThreadingToolContext } from "../../extensions/slack/src/threading-tool-context.js";
+import { inspectTelegramAccount } from "../../extensions/telegram/src/account-inspect.js";
 import {
   resolveChannelGroupRequireMention,
   resolveChannelGroupToolsPolicy,
 } from "../config/group-policy.js";
-import { inspectDiscordAccount } from "../discord/account-inspect.js";
 import {
   formatAllowFromLowercase,
   formatNormalizedAllowFromEntries,
@@ -19,11 +24,6 @@ import {
 } from "../plugin-sdk/channel-config-helpers.js";
 import { requireActivePluginRegistry } from "../plugins/runtime.js";
 import { normalizeAccountId } from "../routing/session-key.js";
-import { resolveSignalAccount } from "../signal/accounts.js";
-import { inspectSlackAccount } from "../slack/account-inspect.js";
-import { resolveSlackReplyToMode } from "../slack/accounts.js";
-import { buildSlackThreadingToolContext } from "../slack/threading-tool-context.js";
-import { inspectTelegramAccount } from "../telegram/account-inspect.js";
 import { normalizeE164 } from "../utils.js";
 import {
   resolveDiscordGroupRequireMention,
diff --git a/src/channels/plugins/actions/actions.test.ts b/src/channels/plugins/actions/actions.test.ts
index a6e1e89fc2e..055d660524f 100644
--- a/src/channels/plugins/actions/actions.test.ts
+++ b/src/channels/plugins/actions/actions.test.ts
@@ -15,7 +15,7 @@ vi.mock("../../../agents/tools/telegram-actions.js", () => ({
   handleTelegramAction,
 }));
 
-vi.mock("../../../signal/send-reactions.js", () => ({
+vi.mock("../../../../extensions/signal/src/send-reactions.js", () => ({
   sendReactionSignal,
   removeReactionSignal,
 }));
diff --git a/src/channels/plugins/actions/discord.ts b/src/channels/plugins/actions/discord.ts
index 04293056607..6b8689effb3 100644
--- a/src/channels/plugins/actions/discord.ts
+++ b/src/channels/plugins/actions/discord.ts
@@ -1,134 +1,2 @@
-import type { DiscordActionConfig } from "../../../config/types.discord.js";
-import { createDiscordActionGate, listEnabledDiscordAccounts } from "../../../discord/accounts.js";
-import type { ChannelMessageActionAdapter, ChannelMessageActionName } from "../types.js";
-import { handleDiscordMessageAction } from "./discord/handle-action.js";
-import { createUnionActionGate, listTokenSourcedAccounts } from "./shared.js";
-
-export const discordMessageActions: ChannelMessageActionAdapter = {
-  listActions: ({ cfg }) => {
-    const accounts = listTokenSourcedAccounts(listEnabledDiscordAccounts(cfg));
-    if (accounts.length === 0) {
-      return [];
-    }
-    // Union of all accounts' action gates (any account enabling an action makes it available)
-    const gate = createUnionActionGate(accounts, (account) =>
-      createDiscordActionGate({
-        cfg,
-        accountId: account.accountId,
-      }),
-    );
-    const isEnabled = (key: keyof DiscordActionConfig, defaultValue = true) =>
-      gate(key, defaultValue);
-    const actions = new Set<ChannelMessageActionName>(["send"]);
-    if (isEnabled("polls")) {
-      actions.add("poll");
-    }
-    if (isEnabled("reactions")) {
-      actions.add("react");
-      actions.add("reactions");
-    }
-    if (isEnabled("messages")) {
-      actions.add("read");
-      actions.add("edit");
-      actions.add("delete");
-    }
-    if (isEnabled("pins")) {
-      actions.add("pin");
-      actions.add("unpin");
-      actions.add("list-pins");
-    }
-    if (isEnabled("permissions")) {
-      actions.add("permissions");
-    }
-    if (isEnabled("threads")) {
-      actions.add("thread-create");
-      actions.add("thread-list");
-      actions.add("thread-reply");
-    }
-    if (isEnabled("search")) {
-      actions.add("search");
-    }
-    if (isEnabled("stickers")) {
-      actions.add("sticker");
-    }
-    if (isEnabled("memberInfo")) {
-      actions.add("member-info");
-    }
-    if (isEnabled("roleInfo")) {
-      actions.add("role-info");
-    }
-    if (isEnabled("reactions")) {
-      actions.add("emoji-list");
-    }
-    if (isEnabled("emojiUploads")) {
-      actions.add("emoji-upload");
-    }
-    if (isEnabled("stickerUploads")) {
-      actions.add("sticker-upload");
-    }
-    if (isEnabled("roles", false)) {
-      actions.add("role-add");
-      actions.add("role-remove");
-    }
-    if (isEnabled("channelInfo")) {
-      actions.add("channel-info");
-      actions.add("channel-list");
-    }
-    if (isEnabled("channels")) {
-      actions.add("channel-create");
-      actions.add("channel-edit");
-      actions.add("channel-delete");
-      actions.add("channel-move");
-      actions.add("category-create");
-      actions.add("category-edit");
-      actions.add("category-delete");
-    }
-    if (isEnabled("voiceStatus")) {
-      actions.add("voice-status");
-    }
-    if (isEnabled("events")) {
-      actions.add("event-list");
-      actions.add("event-create");
-    }
-    if (isEnabled("moderation", false)) {
-      actions.add("timeout");
-      actions.add("kick");
-      actions.add("ban");
-    }
-    if (isEnabled("presence", false)) {
-      actions.add("set-presence");
-    }
-    return Array.from(actions);
-  },
-  extractToolSend: ({ args }) => {
-    const action = typeof args.action === "string" ? args.action.trim() : "";
-    if (action === "sendMessage") {
-      const to = typeof args.to === "string" ? args.to : undefined;
-      return to ? { to } : null;
-    }
-    if (action === "threadReply") {
-      const channelId = typeof args.channelId === "string" ? args.channelId.trim() : "";
-      return channelId ? { to: `channel:${channelId}` } : null;
-    }
-    return null;
-  },
-  handleAction: async ({
-    action,
-    params,
-    cfg,
-    accountId,
-    requesterSenderId,
-    toolContext,
-    mediaLocalRoots,
-  }) => {
-    return await handleDiscordMessageAction({
-      action,
-      params,
-      cfg,
-      accountId,
-      requesterSenderId,
-      toolContext,
-      mediaLocalRoots,
-    });
-  },
-};
+// Shim: re-exports from extension
+export * from "../../../../extensions/discord/src/channel-actions.js";
diff --git a/src/channels/plugins/actions/discord/handle-action.guild-admin.ts b/src/channels/plugins/actions/discord/handle-action.guild-admin.ts
index 18c3bfd01e3..3ba353b1f6e 100644
--- a/src/channels/plugins/actions/discord/handle-action.guild-admin.ts
+++ b/src/channels/plugins/actions/discord/handle-action.guild-admin.ts
@@ -1,451 +1 @@
-import type { AgentToolResult } from "@mariozechner/pi-agent-core";
-import {
-  parseAvailableTags,
-  readNumberParam,
-  readStringArrayParam,
-  readStringParam,
-} from "../../../../agents/tools/common.js";
-import {
-  isDiscordModerationAction,
-  readDiscordModerationCommand,
-} from "../../../../agents/tools/discord-actions-moderation-shared.js";
-import { handleDiscordAction } from "../../../../agents/tools/discord-actions.js";
-import type { ChannelMessageActionContext } from "../../types.js";
-
-type Ctx = Pick<
-  ChannelMessageActionContext,
-  "action" | "params" | "cfg" | "accountId" | "requesterSenderId"
->;
-
-export async function tryHandleDiscordMessageActionGuildAdmin(params: {
-  ctx: Ctx;
-  resolveChannelId: () => string;
-  readParentIdParam: (params: Record<string, unknown>) => string | null | undefined;
-}): Promise<AgentToolResult<unknown> | undefined> {
-  const { ctx, resolveChannelId, readParentIdParam } = params;
-  const { action, params: actionParams, cfg } = ctx;
-  const accountId = ctx.accountId ?? readStringParam(actionParams, "accountId");
-
-  if (action === "member-info") {
-    const userId = readStringParam(actionParams, "userId", { required: true });
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    return await handleDiscordAction(
-      { action: "memberInfo", accountId: accountId ?? undefined, guildId, userId },
-      cfg,
-    );
-  }
-
-  if (action === "role-info") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    return await handleDiscordAction(
-      { action: "roleInfo", accountId: accountId ?? undefined, guildId },
-      cfg,
-    );
-  }
-
-  if (action === "emoji-list") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    return await handleDiscordAction(
-      { action: "emojiList", accountId: accountId ?? undefined, guildId },
-      cfg,
-    );
-  }
-
-  if (action === "emoji-upload") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    const name = readStringParam(actionParams, "emojiName", { required: true });
-    const mediaUrl = readStringParam(actionParams, "media", {
-      required: true,
-      trim: false,
-    });
-    const roleIds = readStringArrayParam(actionParams, "roleIds");
-    return await handleDiscordAction(
-      {
-        action: "emojiUpload",
-        accountId: accountId ?? undefined,
-        guildId,
-        name,
-        mediaUrl,
-        roleIds,
-      },
-      cfg,
-    );
-  }
-
-  if (action === "sticker-upload") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    const name = readStringParam(actionParams, "stickerName", {
-      required: true,
-    });
-    const description = readStringParam(actionParams, "stickerDesc", {
-      required: true,
-    });
-    const tags = readStringParam(actionParams, "stickerTags", {
-      required: true,
-    });
-    const mediaUrl = readStringParam(actionParams, "media", {
-      required: true,
-      trim: false,
-    });
-    return await handleDiscordAction(
-      {
-        action: "stickerUpload",
-        accountId: accountId ?? undefined,
-        guildId,
-        name,
-        description,
-        tags,
-        mediaUrl,
-      },
-      cfg,
-    );
-  }
-
-  if (action === "role-add" || action === "role-remove") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    const userId = readStringParam(actionParams, "userId", { required: true });
-    const roleId = readStringParam(actionParams, "roleId", { required: true });
-    return await handleDiscordAction(
-      {
-        action: action === "role-add" ? "roleAdd" : "roleRemove",
-        accountId: accountId ?? undefined,
-        guildId,
-        userId,
-        roleId,
-      },
-      cfg,
-    );
-  }
-
-  if (action === "channel-info") {
-    const channelId = readStringParam(actionParams, "channelId", {
-      required: true,
-    });
-    return await handleDiscordAction(
-      { action: "channelInfo", accountId: accountId ?? undefined, channelId },
-      cfg,
-    );
-  }
-
-  if (action === "channel-list") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    return await handleDiscordAction(
-      { action: "channelList", accountId: accountId ?? undefined, guildId },
-      cfg,
-    );
-  }
-
-  if (action === "channel-create") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    const name = readStringParam(actionParams, "name", { required: true });
-    const type = readNumberParam(actionParams, "type", { integer: true });
-    const parentId = readParentIdParam(actionParams);
-    const topic = readStringParam(actionParams, "topic");
-    const position = readNumberParam(actionParams, "position", {
-      integer: true,
-    });
-    const nsfw = typeof actionParams.nsfw === "boolean" ? actionParams.nsfw : undefined;
-    return await handleDiscordAction(
-      {
-        action: "channelCreate",
-        accountId: accountId ?? undefined,
-        guildId,
-        name,
-        type: type ?? undefined,
-        parentId: parentId ?? undefined,
-        topic: topic ?? undefined,
-        position: position ?? undefined,
-        nsfw,
-      },
-      cfg,
-    );
-  }
-
-  if (action === "channel-edit") {
-    const channelId = readStringParam(actionParams, "channelId", {
-      required: true,
-    });
-    const name = readStringParam(actionParams, "name");
-    const topic = readStringParam(actionParams, "topic");
-    const position = readNumberParam(actionParams, "position", {
-      integer: true,
-    });
-    const parentId = readParentIdParam(actionParams);
-    const nsfw = typeof actionParams.nsfw === "boolean" ? actionParams.nsfw : undefined;
-    const rateLimitPerUser = readNumberParam(actionParams, "rateLimitPerUser", {
-      integer: true,
-    });
-    const archived = typeof actionParams.archived === "boolean" ? actionParams.archived : undefined;
-    const locked = typeof actionParams.locked === "boolean" ? actionParams.locked : undefined;
-    const autoArchiveDuration = readNumberParam(actionParams, "autoArchiveDuration", {
-      integer: true,
-    });
-    const availableTags = parseAvailableTags(actionParams.availableTags);
-    return await handleDiscordAction(
-      {
-        action: "channelEdit",
-        accountId: accountId ?? undefined,
-        channelId,
-        name: name ?? undefined,
-        topic: topic ?? undefined,
-        position: position ?? undefined,
-        parentId: parentId === undefined ? undefined : parentId,
-        nsfw,
-        rateLimitPerUser: rateLimitPerUser ?? undefined,
-        archived,
-        locked,
-        autoArchiveDuration: autoArchiveDuration ?? undefined,
-        availableTags,
-      },
-      cfg,
-    );
-  }
-
-  if (action === "channel-delete") {
-    const channelId = readStringParam(actionParams, "channelId", {
-      required: true,
-    });
-    return await handleDiscordAction(
-      { action: "channelDelete", accountId: accountId ?? undefined, channelId },
-      cfg,
-    );
-  }
-
-  if (action === "channel-move") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    const channelId = readStringParam(actionParams, "channelId", {
-      required: true,
-    });
-    const parentId = readParentIdParam(actionParams);
-    const position = readNumberParam(actionParams, "position", {
-      integer: true,
-    });
-    return await handleDiscordAction(
-      {
-        action: "channelMove",
-        accountId: accountId ?? undefined,
-        guildId,
-        channelId,
-        parentId: parentId === undefined ? undefined : parentId,
-        position: position ?? undefined,
-      },
-      cfg,
-    );
-  }
-
-  if (action === "category-create") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    const name = readStringParam(actionParams, "name", { required: true });
-    const position = readNumberParam(actionParams, "position", {
-      integer: true,
-    });
-    return await handleDiscordAction(
-      {
-        action: "categoryCreate",
-        accountId: accountId ?? undefined,
-        guildId,
-        name,
-        position: position ?? undefined,
-      },
-      cfg,
-    );
-  }
-
-  if (action === "category-edit") {
-    const categoryId = readStringParam(actionParams, "categoryId", {
-      required: true,
-    });
-    const name = readStringParam(actionParams, "name");
-    const position = readNumberParam(actionParams, "position", {
-      integer: true,
-    });
-    return await handleDiscordAction(
-      {
-        action: "categoryEdit",
-        accountId: accountId ?? undefined,
-        categoryId,
-        name: name ?? undefined,
-        position: position ?? undefined,
-      },
-      cfg,
-    );
-  }
-
-  if (action === "category-delete") {
-    const categoryId = readStringParam(actionParams, "categoryId", {
-      required: true,
-    });
-    return await handleDiscordAction(
-      { action: "categoryDelete", accountId: accountId ?? undefined, categoryId },
-      cfg,
-    );
-  }
-
-  if (action === "voice-status") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    const userId = readStringParam(actionParams, "userId", { required: true });
-    return await handleDiscordAction(
-      { action: "voiceStatus", accountId: accountId ?? undefined, guildId, userId },
-      cfg,
-    );
-  }
-
-  if (action === "event-list") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    return await handleDiscordAction(
-      { action: "eventList", accountId: accountId ?? undefined, guildId },
-      cfg,
-    );
-  }
-
-  if (action === "event-create") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    const name = readStringParam(actionParams, "eventName", { required: true });
-    const startTime = readStringParam(actionParams, "startTime", {
-      required: true,
-    });
-    const endTime = readStringParam(actionParams, "endTime");
-    const description = readStringParam(actionParams, "desc");
-    const channelId = readStringParam(actionParams, "channelId");
-    const location = readStringParam(actionParams, "location");
-    const entityType = readStringParam(actionParams, "eventType");
-    return await handleDiscordAction(
-      {
-        action: "eventCreate",
-        accountId: accountId ?? undefined,
-        guildId,
-        name,
-        startTime,
-        endTime,
-        description,
-        channelId,
-        location,
-        entityType,
-      },
-      cfg,
-    );
-  }
-
-  if (isDiscordModerationAction(action)) {
-    const moderation = readDiscordModerationCommand(action, {
-      ...actionParams,
-      durationMinutes: readNumberParam(actionParams, "durationMin", { integer: true }),
-      deleteMessageDays: readNumberParam(actionParams, "deleteDays", {
-        integer: true,
-      }),
-    });
-    const senderUserId = ctx.requesterSenderId?.trim() || undefined;
-    return await handleDiscordAction(
-      {
-        action: moderation.action,
-        accountId: accountId ?? undefined,
-        guildId: moderation.guildId,
-        userId: moderation.userId,
-        durationMinutes: moderation.durationMinutes,
-        until: moderation.until,
-        reason: moderation.reason,
-        deleteMessageDays: moderation.deleteMessageDays,
-        senderUserId,
-      },
-      cfg,
-    );
-  }
-
-  // Some actions are conceptually "admin", but still act on a resolved channel.
-  if (action === "thread-list") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    const channelId = readStringParam(actionParams, "channelId");
-    const includeArchived =
-      typeof actionParams.includeArchived === "boolean" ? actionParams.includeArchived : undefined;
-    const before = readStringParam(actionParams, "before");
-    const limit = readNumberParam(actionParams, "limit", { integer: true });
-    return await handleDiscordAction(
-      {
-        action: "threadList",
-        accountId: accountId ?? undefined,
-        guildId,
-        channelId,
-        includeArchived,
-        before,
-        limit,
-      },
-      cfg,
-    );
-  }
-
-  if (action === "thread-reply") {
-    const content = readStringParam(actionParams, "message", {
-      required: true,
-    });
-    const mediaUrl = readStringParam(actionParams, "media", { trim: false });
-    const replyTo = readStringParam(actionParams, "replyTo");
-
-    // `message.thread-reply` (tool) uses `threadId`, while the CLI historically used `to`/`channelId`.
-    // Prefer `threadId` when present to avoid accidentally replying in the parent channel.
-    const threadId = readStringParam(actionParams, "threadId");
-    const channelId = threadId ?? resolveChannelId();
-
-    return await handleDiscordAction(
-      {
-        action: "threadReply",
-        accountId: accountId ?? undefined,
-        channelId,
-        content,
-        mediaUrl: mediaUrl ?? undefined,
-        replyTo: replyTo ?? undefined,
-      },
-      cfg,
-    );
-  }
-
-  if (action === "search") {
-    const guildId = readStringParam(actionParams, "guildId", {
-      required: true,
-    });
-    const query = readStringParam(actionParams, "query", { required: true });
-    return await handleDiscordAction(
-      {
-        action: "searchMessages",
-        accountId: accountId ?? undefined,
-        guildId,
-        content: query,
-        channelId: readStringParam(actionParams, "channelId"),
-        channelIds: readStringArrayParam(actionParams, "channelIds"),
-        authorId: readStringParam(actionParams, "authorId"),
-        authorIds: readStringArrayParam(actionParams, "authorIds"),
-        limit: readNumberParam(actionParams, "limit", { integer: true }),
-      },
-      cfg,
-    );
-  }
-
-  return undefined;
-}
+export * from "../../../../../extensions/discord/src/actions/handle-action.guild-admin.js";
diff --git a/src/channels/plugins/actions/discord/handle-action.ts b/src/channels/plugins/actions/discord/handle-action.ts
index 5b11246210a..4bd957ec624 100644
--- a/src/channels/plugins/actions/discord/handle-action.ts
+++ b/src/channels/plugins/actions/discord/handle-action.ts
@@ -1,295 +1 @@
-import type { AgentToolResult } from "@mariozechner/pi-agent-core";
-import {
-  readNumberParam,
-  readStringArrayParam,
-  readStringParam,
-} from "../../../../agents/tools/common.js";
-import { readDiscordParentIdParam } from "../../../../agents/tools/discord-actions-shared.js";
-import { handleDiscordAction } from "../../../../agents/tools/discord-actions.js";
-import { resolveDiscordChannelId } from "../../../../discord/targets.js";
-import { readBooleanParam } from "../../../../plugin-sdk/boolean-param.js";
-import type { ChannelMessageActionContext } from "../../types.js";
-import { resolveReactionMessageId } from "../reaction-message-id.js";
-import { tryHandleDiscordMessageActionGuildAdmin } from "./handle-action.guild-admin.js";
-
-const providerId = "discord";
-
-export async function handleDiscordMessageAction(
-  ctx: Pick<
-    ChannelMessageActionContext,
-    | "action"
-    | "params"
-    | "cfg"
-    | "accountId"
-    | "requesterSenderId"
-    | "toolContext"
-    | "mediaLocalRoots"
-  >,
-): Promise<AgentToolResult<unknown>> {
-  const { action, params, cfg } = ctx;
-  const accountId = ctx.accountId ?? readStringParam(params, "accountId");
-  const actionOptions = {
-    mediaLocalRoots: ctx.mediaLocalRoots,
-  } as const;
-
-  const resolveChannelId = () =>
-    resolveDiscordChannelId(
-      readStringParam(params, "channelId") ?? readStringParam(params, "to", { required: true }),
-    );
-
-  if (action === "send") {
-    const to = readStringParam(params, "to", { required: true });
-    const asVoice = readBooleanParam(params, "asVoice") === true;
-    const rawComponents = params.components;
-    const hasComponents =
-      Boolean(rawComponents) &&
-      (typeof rawComponents === "function" || typeof rawComponents === "object");
-    const components = hasComponents ? rawComponents : undefined;
-    const content = readStringParam(params, "message", {
-      required: !asVoice && !hasComponents,
-      allowEmpty: true,
-    });
-    // Support media, path, and filePath for media URL
-    const mediaUrl =
-      readStringParam(params, "media", { trim: false }) ??
-      readStringParam(params, "path", { trim: false }) ??
-      readStringParam(params, "filePath", { trim: false });
-    const filename = readStringParam(params, "filename");
-    const replyTo = readStringParam(params, "replyTo");
-    const rawEmbeds = params.embeds;
-    const embeds = Array.isArray(rawEmbeds) ? rawEmbeds : undefined;
-    const silent = readBooleanParam(params, "silent") === true;
-    const sessionKey = readStringParam(params, "__sessionKey");
-    const agentId = readStringParam(params, "__agentId");
-    return await handleDiscordAction(
-      {
-        action: "sendMessage",
-        accountId: accountId ?? undefined,
-        to,
-        content,
-        mediaUrl: mediaUrl ?? undefined,
-        filename: filename ?? undefined,
-        replyTo: replyTo ?? undefined,
-        components,
-        embeds,
-        asVoice,
-        silent,
-        __sessionKey: sessionKey ?? undefined,
-        __agentId: agentId ?? undefined,
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  if (action === "poll") {
-    const to = readStringParam(params, "to", { required: true });
-    const question = readStringParam(params, "pollQuestion", {
-      required: true,
-    });
-    const answers = readStringArrayParam(params, "pollOption", { required: true });
-    const allowMultiselect = readBooleanParam(params, "pollMulti");
-    const durationHours = readNumberParam(params, "pollDurationHours", {
-      integer: true,
-      strict: true,
-    });
-    return await handleDiscordAction(
-      {
-        action: "poll",
-        accountId: accountId ?? undefined,
-        to,
-        question,
-        answers,
-        allowMultiselect,
-        durationHours: durationHours ?? undefined,
-        content: readStringParam(params, "message"),
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  if (action === "react") {
-    const messageIdRaw = resolveReactionMessageId({ args: params, toolContext: ctx.toolContext });
-    const messageId = messageIdRaw != null ? String(messageIdRaw).trim() : "";
-    if (!messageId) {
-      throw new Error(
-        "messageId required. Provide messageId explicitly or react to the current inbound message.",
-      );
-    }
-    const emoji = readStringParam(params, "emoji", { allowEmpty: true });
-    const remove = readBooleanParam(params, "remove");
-    return await handleDiscordAction(
-      {
-        action: "react",
-        accountId: accountId ?? undefined,
-        channelId: resolveChannelId(),
-        messageId,
-        emoji,
-        remove,
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  if (action === "reactions") {
-    const messageId = readStringParam(params, "messageId", { required: true });
-    const limit = readNumberParam(params, "limit", { integer: true });
-    return await handleDiscordAction(
-      {
-        action: "reactions",
-        accountId: accountId ?? undefined,
-        channelId: resolveChannelId(),
-        messageId,
-        limit,
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  if (action === "read") {
-    const limit = readNumberParam(params, "limit", { integer: true });
-    return await handleDiscordAction(
-      {
-        action: "readMessages",
-        accountId: accountId ?? undefined,
-        channelId: resolveChannelId(),
-        limit,
-        before: readStringParam(params, "before"),
-        after: readStringParam(params, "after"),
-        around: readStringParam(params, "around"),
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  if (action === "edit") {
-    const messageId = readStringParam(params, "messageId", { required: true });
-    const content = readStringParam(params, "message", { required: true });
-    return await handleDiscordAction(
-      {
-        action: "editMessage",
-        accountId: accountId ?? undefined,
-        channelId: resolveChannelId(),
-        messageId,
-        content,
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  if (action === "delete") {
-    const messageId = readStringParam(params, "messageId", { required: true });
-    return await handleDiscordAction(
-      {
-        action: "deleteMessage",
-        accountId: accountId ?? undefined,
-        channelId: resolveChannelId(),
-        messageId,
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  if (action === "pin" || action === "unpin" || action === "list-pins") {
-    const messageId =
-      action === "list-pins" ? undefined : readStringParam(params, "messageId", { required: true });
-    return await handleDiscordAction(
-      {
-        action: action === "pin" ? "pinMessage" : action === "unpin" ? "unpinMessage" : "listPins",
-        accountId: accountId ?? undefined,
-        channelId: resolveChannelId(),
-        messageId,
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  if (action === "permissions") {
-    return await handleDiscordAction(
-      {
-        action: "permissions",
-        accountId: accountId ?? undefined,
-        channelId: resolveChannelId(),
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  if (action === "thread-create") {
-    const name = readStringParam(params, "threadName", { required: true });
-    const messageId = readStringParam(params, "messageId");
-    const content = readStringParam(params, "message");
-    const autoArchiveMinutes = readNumberParam(params, "autoArchiveMin", {
-      integer: true,
-    });
-    const appliedTags = readStringArrayParam(params, "appliedTags");
-    return await handleDiscordAction(
-      {
-        action: "threadCreate",
-        accountId: accountId ?? undefined,
-        channelId: resolveChannelId(),
-        name,
-        messageId,
-        content,
-        autoArchiveMinutes,
-        appliedTags: appliedTags ?? undefined,
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  if (action === "sticker") {
-    const stickerIds =
-      readStringArrayParam(params, "stickerId", {
-        required: true,
-        label: "sticker-id",
-      }) ?? [];
-    return await handleDiscordAction(
-      {
-        action: "sticker",
-        accountId: accountId ?? undefined,
-        to: readStringParam(params, "to", { required: true }),
-        stickerIds,
-        content: readStringParam(params, "message"),
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  if (action === "set-presence") {
-    return await handleDiscordAction(
-      {
-        action: "setPresence",
-        accountId: accountId ?? undefined,
-        status: readStringParam(params, "status"),
-        activityType: readStringParam(params, "activityType"),
-        activityName: readStringParam(params, "activityName"),
-        activityUrl: readStringParam(params, "activityUrl"),
-        activityState: readStringParam(params, "activityState"),
-      },
-      cfg,
-      actionOptions,
-    );
-  }
-
-  const adminResult = await tryHandleDiscordMessageActionGuildAdmin({
-    ctx,
-    resolveChannelId,
-    readParentIdParam: readDiscordParentIdParam,
-  });
-  if (adminResult !== undefined) {
-    return adminResult;
-  }
-
-  throw new Error(`Action ${String(action)} is not supported for provider ${providerId}.`);
-}
+export * from "../../../../../extensions/discord/src/actions/handle-action.js";
diff --git a/src/channels/plugins/actions/signal.ts b/src/channels/plugins/actions/signal.ts
index c93421489fd..b75a20ae2ec 100644
--- a/src/channels/plugins/actions/signal.ts
+++ b/src/channels/plugins/actions/signal.ts
@@ -1,7 +1,13 @@
+import {
+  listEnabledSignalAccounts,
+  resolveSignalAccount,
+} from "../../../../extensions/signal/src/accounts.js";
+import { resolveSignalReactionLevel } from "../../../../extensions/signal/src/reaction-level.js";
+import {
+  sendReactionSignal,
+  removeReactionSignal,
+} from "../../../../extensions/signal/src/send-reactions.js";
 import { createActionGate, jsonResult, readStringParam } from "../../../agents/tools/common.js";
-import { listEnabledSignalAccounts, resolveSignalAccount } from "../../../signal/accounts.js";
-import { resolveSignalReactionLevel } from "../../../signal/reaction-level.js";
-import { sendReactionSignal, removeReactionSignal } from "../../../signal/send-reactions.js";
 import type { ChannelMessageActionAdapter, ChannelMessageActionName } from "../types.js";
 import { resolveReactionMessageId } from "./reaction-message-id.js";
 
diff --git a/src/channels/plugins/actions/telegram.ts b/src/channels/plugins/actions/telegram.ts
index 6e55349698b..57a690d2208 100644
--- a/src/channels/plugins/actions/telegram.ts
+++ b/src/channels/plugins/actions/telegram.ts
@@ -1,287 +1 @@
-import {
-  readNumberParam,
-  readStringArrayParam,
-  readStringOrNumberParam,
-  readStringParam,
-} from "../../../agents/tools/common.js";
-import { handleTelegramAction } from "../../../agents/tools/telegram-actions.js";
-import type { TelegramActionConfig } from "../../../config/types.telegram.js";
-import { readBooleanParam } from "../../../plugin-sdk/boolean-param.js";
-import { extractToolSend } from "../../../plugin-sdk/tool-send.js";
-import { resolveTelegramPollVisibility } from "../../../poll-params.js";
-import {
-  createTelegramActionGate,
-  listEnabledTelegramAccounts,
-  resolveTelegramPollActionGateState,
-} from "../../../telegram/accounts.js";
-import { isTelegramInlineButtonsEnabled } from "../../../telegram/inline-buttons.js";
-import type { ChannelMessageActionAdapter, ChannelMessageActionName } from "../types.js";
-import { resolveReactionMessageId } from "./reaction-message-id.js";
-import { createUnionActionGate, listTokenSourcedAccounts } from "./shared.js";
-
-const providerId = "telegram";
-
-function readTelegramSendParams(params: Record<string, unknown>) {
-  const to = readStringParam(params, "to", { required: true });
-  const mediaUrl = readStringParam(params, "media", { trim: false });
-  const message = readStringParam(params, "message", { required: !mediaUrl, allowEmpty: true });
-  const caption = readStringParam(params, "caption", { allowEmpty: true });
-  const content = message || caption || "";
-  const replyTo = readStringParam(params, "replyTo");
-  const threadId = readStringParam(params, "threadId");
-  const buttons = params.buttons;
-  const asVoice = readBooleanParam(params, "asVoice");
-  const silent = readBooleanParam(params, "silent");
-  const quoteText = readStringParam(params, "quoteText");
-  return {
-    to,
-    content,
-    mediaUrl: mediaUrl ?? undefined,
-    replyToMessageId: replyTo ?? undefined,
-    messageThreadId: threadId ?? undefined,
-    buttons,
-    asVoice,
-    silent,
-    quoteText: quoteText ?? undefined,
-  };
-}
-
-function readTelegramChatIdParam(params: Record<string, unknown>): string | number {
-  return (
-    readStringOrNumberParam(params, "chatId") ??
-    readStringOrNumberParam(params, "channelId") ??
-    readStringParam(params, "to", { required: true })
-  );
-}
-
-function readTelegramMessageIdParam(params: Record<string, unknown>): number {
-  const messageId = readNumberParam(params, "messageId", {
-    required: true,
-    integer: true,
-  });
-  if (typeof messageId !== "number") {
-    throw new Error("messageId is required.");
-  }
-  return messageId;
-}
-
-export const telegramMessageActions: ChannelMessageActionAdapter = {
-  listActions: ({ cfg }) => {
-    const accounts = listTokenSourcedAccounts(listEnabledTelegramAccounts(cfg));
-    if (accounts.length === 0) {
-      return [];
-    }
-    // Union of all accounts' action gates (any account enabling an action makes it available)
-    const gate = createUnionActionGate(accounts, (account) =>
-      createTelegramActionGate({
-        cfg,
-        accountId: account.accountId,
-      }),
-    );
-    const isEnabled = (key: keyof TelegramActionConfig, defaultValue = true) =>
-      gate(key, defaultValue);
-    const actions = new Set<ChannelMessageActionName>(["send"]);
-    const pollEnabledForAnyAccount = accounts.some((account) => {
-      const accountGate = createTelegramActionGate({
-        cfg,
-        accountId: account.accountId,
-      });
-      return resolveTelegramPollActionGateState(accountGate).enabled;
-    });
-    if (pollEnabledForAnyAccount) {
-      actions.add("poll");
-    }
-    if (isEnabled("reactions")) {
-      actions.add("react");
-    }
-    if (isEnabled("deleteMessage")) {
-      actions.add("delete");
-    }
-    if (isEnabled("editMessage")) {
-      actions.add("edit");
-    }
-    if (isEnabled("sticker", false)) {
-      actions.add("sticker");
-      actions.add("sticker-search");
-    }
-    if (isEnabled("createForumTopic")) {
-      actions.add("topic-create");
-    }
-    return Array.from(actions);
-  },
-  supportsButtons: ({ cfg }) => {
-    const accounts = listTokenSourcedAccounts(listEnabledTelegramAccounts(cfg));
-    if (accounts.length === 0) {
-      return false;
-    }
-    return accounts.some((account) =>
-      isTelegramInlineButtonsEnabled({ cfg, accountId: account.accountId }),
-    );
-  },
-  extractToolSend: ({ args }) => {
-    return extractToolSend(args, "sendMessage");
-  },
-  handleAction: async ({ action, params, cfg, accountId, mediaLocalRoots, toolContext }) => {
-    if (action === "send") {
-      const sendParams = readTelegramSendParams(params);
-      return await handleTelegramAction(
-        {
-          action: "sendMessage",
-          ...sendParams,
-          accountId: accountId ?? undefined,
-        },
-        cfg,
-        { mediaLocalRoots },
-      );
-    }
-
-    if (action === "react") {
-      const messageId = resolveReactionMessageId({ args: params, toolContext });
-      const emoji = readStringParam(params, "emoji", { allowEmpty: true });
-      const remove = readBooleanParam(params, "remove");
-      return await handleTelegramAction(
-        {
-          action: "react",
-          chatId: readTelegramChatIdParam(params),
-          messageId,
-          emoji,
-          remove,
-          accountId: accountId ?? undefined,
-        },
-        cfg,
-        { mediaLocalRoots },
-      );
-    }
-
-    if (action === "poll") {
-      const to = readStringParam(params, "to", { required: true });
-      const question = readStringParam(params, "pollQuestion", { required: true });
-      const answers = readStringArrayParam(params, "pollOption", { required: true });
-      const durationHours = readNumberParam(params, "pollDurationHours", {
-        integer: true,
-        strict: true,
-      });
-      const durationSeconds = readNumberParam(params, "pollDurationSeconds", {
-        integer: true,
-        strict: true,
-      });
-      const replyToMessageId = readNumberParam(params, "replyTo", { integer: true });
-      const messageThreadId = readNumberParam(params, "threadId", { integer: true });
-      const allowMultiselect = readBooleanParam(params, "pollMulti");
-      const pollAnonymous = readBooleanParam(params, "pollAnonymous");
-      const pollPublic = readBooleanParam(params, "pollPublic");
-      const isAnonymous = resolveTelegramPollVisibility({ pollAnonymous, pollPublic });
-      const silent = readBooleanParam(params, "silent");
-      return await handleTelegramAction(
-        {
-          action: "poll",
-          to,
-          question,
-          answers,
-          allowMultiselect,
-          durationHours: durationHours ?? undefined,
-          durationSeconds: durationSeconds ?? undefined,
-          replyToMessageId: replyToMessageId ?? undefined,
-          messageThreadId: messageThreadId ?? undefined,
-          isAnonymous,
-          silent,
-          accountId: accountId ?? undefined,
-        },
-        cfg,
-        { mediaLocalRoots },
-      );
-    }
-
-    if (action === "delete") {
-      const chatId = readTelegramChatIdParam(params);
-      const messageId = readTelegramMessageIdParam(params);
-      return await handleTelegramAction(
-        {
-          action: "deleteMessage",
-          chatId,
-          messageId,
-          accountId: accountId ?? undefined,
-        },
-        cfg,
-        { mediaLocalRoots },
-      );
-    }
-
-    if (action === "edit") {
-      const chatId = readTelegramChatIdParam(params);
-      const messageId = readTelegramMessageIdParam(params);
-      const message = readStringParam(params, "message", { required: true, allowEmpty: false });
-      const buttons = params.buttons;
-      return await handleTelegramAction(
-        {
-          action: "editMessage",
-          chatId,
-          messageId,
-          content: message,
-          buttons,
-          accountId: accountId ?? undefined,
-        },
-        cfg,
-        { mediaLocalRoots },
-      );
-    }
-
-    if (action === "sticker") {
-      const to =
-        readStringParam(params, "to") ?? readStringParam(params, "target", { required: true });
-      // Accept stickerId (array from shared schema) and use first element as fileId
-      const stickerIds = readStringArrayParam(params, "stickerId");
-      const fileId = stickerIds?.[0] ?? readStringParam(params, "fileId", { required: true });
-      const replyToMessageId = readNumberParam(params, "replyTo", { integer: true });
-      const messageThreadId = readNumberParam(params, "threadId", { integer: true });
-      return await handleTelegramAction(
-        {
-          action: "sendSticker",
-          to,
-          fileId,
-          replyToMessageId: replyToMessageId ?? undefined,
-          messageThreadId: messageThreadId ?? undefined,
-          accountId: accountId ?? undefined,
-        },
-        cfg,
-        { mediaLocalRoots },
-      );
-    }
-
-    if (action === "sticker-search") {
-      const query = readStringParam(params, "query", { required: true });
-      const limit = readNumberParam(params, "limit", { integer: true });
-      return await handleTelegramAction(
-        {
-          action: "searchSticker",
-          query,
-          limit: limit ?? undefined,
-          accountId: accountId ?? undefined,
-        },
-        cfg,
-        { mediaLocalRoots },
-      );
-    }
-
-    if (action === "topic-create") {
-      const chatId = readTelegramChatIdParam(params);
-      const name = readStringParam(params, "name", { required: true });
-      const iconColor = readNumberParam(params, "iconColor", { integer: true });
-      const iconCustomEmojiId = readStringParam(params, "iconCustomEmojiId");
-      return await handleTelegramAction(
-        {
-          action: "createForumTopic",
-          chatId,
-          name,
-          iconColor: iconColor ?? undefined,
-          iconCustomEmojiId: iconCustomEmojiId ?? undefined,
-          accountId: accountId ?? undefined,
-        },
-        cfg,
-        { mediaLocalRoots },
-      );
-    }
-
-    throw new Error(`Action ${action} is not supported for provider ${providerId}.`);
-  },
-};
+export * from "../../../../extensions/telegram/src/channel-actions.js";
diff --git a/src/channels/plugins/agent-tools/whatsapp-login.ts b/src/channels/plugins/agent-tools/whatsapp-login.ts
index bba63808410..741b40a6fc9 100644
--- a/src/channels/plugins/agent-tools/whatsapp-login.ts
+++ b/src/channels/plugins/agent-tools/whatsapp-login.ts
@@ -1,72 +1,2 @@
-import { Type } from "@sinclair/typebox";
-import type { ChannelAgentTool } from "../types.js";
-
-export function createWhatsAppLoginTool(): ChannelAgentTool {
-  return {
-    label: "WhatsApp Login",
-    name: "whatsapp_login",
-    ownerOnly: true,
-    description: "Generate a WhatsApp QR code for linking, or wait for the scan to complete.",
-    // NOTE: Using Type.Unsafe for action enum instead of Type.Union([Type.Literal(...)]
-    // because Claude API on Vertex AI rejects nested anyOf schemas as invalid JSON Schema.
-    parameters: Type.Object({
-      action: Type.Unsafe<"start" | "wait">({
-        type: "string",
-        enum: ["start", "wait"],
-      }),
-      timeoutMs: Type.Optional(Type.Number()),
-      force: Type.Optional(Type.Boolean()),
-    }),
-    execute: async (_toolCallId, args) => {
-      const { startWebLoginWithQr, waitForWebLogin } = await import("../../../web/login-qr.js");
-      const action = (args as { action?: string })?.action ?? "start";
-      if (action === "wait") {
-        const result = await waitForWebLogin({
-          timeoutMs:
-            typeof (args as { timeoutMs?: unknown }).timeoutMs === "number"
-              ? (args as { timeoutMs?: number }).timeoutMs
-              : undefined,
-        });
-        return {
-          content: [{ type: "text", text: result.message }],
-          details: { connected: result.connected },
-        };
-      }
-
-      const result = await startWebLoginWithQr({
-        timeoutMs:
-          typeof (args as { timeoutMs?: unknown }).timeoutMs === "number"
-            ? (args as { timeoutMs?: number }).timeoutMs
-            : undefined,
-        force:
-          typeof (args as { force?: unknown }).force === "boolean"
-            ? (args as { force?: boolean }).force
-            : false,
-      });
-
-      if (!result.qrDataUrl) {
-        return {
-          content: [
-            {
-              type: "text",
-              text: result.message,
-            },
-          ],
-          details: { qr: false },
-        };
-      }
-
-      const text = [
-        result.message,
-        "",
-        "Open WhatsApp → Linked Devices and scan:",
-        "",
-        `![whatsapp-qr](${result.qrDataUrl})`,
-      ].join("\n");
-      return {
-        content: [{ type: "text", text }],
-        details: { qr: true },
-      };
-    },
-  };
-}
+// Shim: re-exports from extensions/whatsapp/src/agent-tools-login.ts
+export * from "../../../../extensions/whatsapp/src/agent-tools-login.js";
diff --git a/src/channels/plugins/directory-config-helpers.test.ts b/src/channels/plugins/directory-config-helpers.test.ts
index c9ba1429791..15aa8f0d298 100644
--- a/src/channels/plugins/directory-config-helpers.test.ts
+++ b/src/channels/plugins/directory-config-helpers.test.ts
@@ -6,6 +6,13 @@ import {
   listDirectoryUserEntriesFromAllowFrom,
 } from "./directory-config-helpers.js";
 
+function expectUserDirectoryEntries(entries: unknown) {
+  expect(entries).toEqual([
+    { kind: "user", id: "alice" },
+    { kind: "user", id: "carla" },
+  ]);
+}
+
 describe("listDirectoryUserEntriesFromAllowFrom", () => {
   it("normalizes, deduplicates, filters, and limits user ids", () => {
     const entries = listDirectoryUserEntriesFromAllowFrom({
@@ -15,10 +22,7 @@ describe("listDirectoryUserEntriesFromAllowFrom", () => {
       limit: 2,
     });
 
-    expect(entries).toEqual([
-      { kind: "user", id: "alice" },
-      { kind: "user", id: "carla" },
-    ]);
+    expectUserDirectoryEntries(entries);
   });
 });
 
@@ -54,10 +58,7 @@ describe("listDirectoryUserEntriesFromAllowFromAndMapKeys", () => {
       limit: 2,
     });
 
-    expect(entries).toEqual([
-      { kind: "user", id: "alice" },
-      { kind: "user", id: "carla" },
-    ]);
+    expectUserDirectoryEntries(entries);
   });
 });
 
diff --git a/src/channels/plugins/directory-config-helpers.ts b/src/channels/plugins/directory-config-helpers.ts
index 72f589bc0a7..edfab553677 100644
--- a/src/channels/plugins/directory-config-helpers.ts
+++ b/src/channels/plugins/directory-config-helpers.ts
@@ -22,12 +22,12 @@ export function toDirectoryEntries(kind: "user" | "group", ids: string[]): Chann
   return ids.map((id) => ({ kind, id }) as const);
 }
 
-function collectDirectoryIdsFromEntries(params: {
-  entries?: readonly unknown[];
+function normalizeDirectoryIds(params: {
+  rawIds: readonly string[];
   normalizeId?: (entry: string) => string | null | undefined;
 }): string[] {
-  return (params.entries ?? [])
-    .map((entry) => String(entry).trim())
+  return params.rawIds
+    .map((entry) => entry.trim())
     .filter((entry) => Boolean(entry) && entry !== "*")
     .map((entry) => {
       const normalized = params.normalizeId ? params.normalizeId(entry) : entry;
@@ -36,18 +36,24 @@ function collectDirectoryIdsFromEntries(params: {
     .filter(Boolean);
 }
 
+function collectDirectoryIdsFromEntries(params: {
+  entries?: readonly unknown[];
+  normalizeId?: (entry: string) => string | null | undefined;
+}): string[] {
+  return normalizeDirectoryIds({
+    rawIds: (params.entries ?? []).map((entry) => String(entry)),
+    normalizeId: params.normalizeId,
+  });
+}
+
 function collectDirectoryIdsFromMapKeys(params: {
   groups?: Record<string, unknown>;
   normalizeId?: (entry: string) => string | null | undefined;
 }): string[] {
-  return Object.keys(params.groups ?? {})
-    .map((entry) => entry.trim())
-    .filter((entry) => Boolean(entry) && entry !== "*")
-    .map((entry) => {
-      const normalized = params.normalizeId ? params.normalizeId(entry) : entry;
-      return typeof normalized === "string" ? normalized.trim() : "";
-    })
-    .filter(Boolean);
+  return normalizeDirectoryIds({
+    rawIds: Object.keys(params.groups ?? {}),
+    normalizeId: params.normalizeId,
+  });
 }
 
 function dedupeDirectoryIds(ids: string[]): string[] {
diff --git a/src/channels/plugins/directory-config.ts b/src/channels/plugins/directory-config.ts
index e1270a9ceed..45fb8bcf46a 100644
--- a/src/channels/plugins/directory-config.ts
+++ b/src/channels/plugins/directory-config.ts
@@ -1,9 +1,9 @@
+import { inspectDiscordAccount } from "../../../extensions/discord/src/account-inspect.js";
+import { inspectSlackAccount } from "../../../extensions/slack/src/account-inspect.js";
+import { inspectTelegramAccount } from "../../../extensions/telegram/src/account-inspect.js";
+import { resolveWhatsAppAccount } from "../../../extensions/whatsapp/src/accounts.js";
 import type { OpenClawConfig } from "../../config/types.js";
-import { inspectDiscordAccount } from "../../discord/account-inspect.js";
 import { mapAllowFromEntries } from "../../plugin-sdk/channel-config-helpers.js";
-import { inspectSlackAccount } from "../../slack/account-inspect.js";
-import { inspectTelegramAccount } from "../../telegram/account-inspect.js";
-import { resolveWhatsAppAccount } from "../../web/accounts.js";
 import { isWhatsAppGroupJid, normalizeWhatsAppTarget } from "../../whatsapp/normalize.js";
 import { applyDirectoryQueryAndLimit, toDirectoryEntries } from "./directory-config-helpers.js";
 import { normalizeSlackMessagingTarget } from "./normalize/slack.js";
diff --git a/src/channels/plugins/group-mentions.ts b/src/channels/plugins/group-mentions.ts
index b7f475677c5..4dac8bbc7f2 100644
--- a/src/channels/plugins/group-mentions.ts
+++ b/src/channels/plugins/group-mentions.ts
@@ -1,3 +1,4 @@
+import { inspectSlackAccount } from "../../../extensions/slack/src/account-inspect.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import {
   resolveChannelGroupRequireMention,
@@ -11,7 +12,6 @@ import type {
 } from "../../config/types.tools.js";
 import { resolveExactLineGroupConfigKey } from "../../line/group-keys.js";
 import { normalizeAtHashSlug, normalizeHyphenSlug } from "../../shared/string-normalization.js";
-import { inspectSlackAccount } from "../../slack/account-inspect.js";
 import type { ChannelGroupContext } from "./types.js";
 
 type GroupMentionParams = ChannelGroupContext;
diff --git a/src/channels/plugins/helpers.test.ts b/src/channels/plugins/helpers.test.ts
index 2b85d7fea06..6b5f56c2ca3 100644
--- a/src/channels/plugins/helpers.test.ts
+++ b/src/channels/plugins/helpers.test.ts
@@ -1,6 +1,10 @@
 import { describe, expect, it } from "vitest";
 import type { OpenClawConfig } from "../../config/config.js";
-import { buildAccountScopedDmSecurityPolicy, formatPairingApproveHint } from "./helpers.js";
+import {
+  buildAccountScopedDmSecurityPolicy,
+  formatPairingApproveHint,
+  parseOptionalDelimitedEntries,
+} from "./helpers.js";
 
 function cfgWithChannel(channelKey: string, accounts?: Record<string, unknown>): OpenClawConfig {
   return {
@@ -93,3 +97,18 @@ describe("buildAccountScopedDmSecurityPolicy", () => {
     });
   });
 });
+
+describe("parseOptionalDelimitedEntries", () => {
+  it("returns undefined for empty input", () => {
+    expect(parseOptionalDelimitedEntries("  ")).toBeUndefined();
+  });
+
+  it("splits comma, newline, and semicolon separated entries", () => {
+    expect(parseOptionalDelimitedEntries("alpha, beta\ngamma; delta")).toEqual([
+      "alpha",
+      "beta",
+      "gamma",
+      "delta",
+    ]);
+  });
+});
diff --git a/src/channels/plugins/helpers.ts b/src/channels/plugins/helpers.ts
index 135547d6e9a..40b01beb4d8 100644
--- a/src/channels/plugins/helpers.ts
+++ b/src/channels/plugins/helpers.ts
@@ -20,6 +20,17 @@ export function formatPairingApproveHint(channelId: string): string {
   return `Approve via: ${listCmd} / ${approveCmd}`;
 }
 
+export function parseOptionalDelimitedEntries(value?: string): string[] | undefined {
+  if (!value?.trim()) {
+    return undefined;
+  }
+  const parsed = value
+    .split(/[\n,;]+/g)
+    .map((entry) => entry.trim())
+    .filter(Boolean);
+  return parsed.length > 0 ? parsed : undefined;
+}
+
 export function buildAccountScopedDmSecurityPolicy(params: {
   cfg: OpenClawConfig;
   channelKey: string;
diff --git a/src/channels/plugins/normalize/discord.ts b/src/channels/plugins/normalize/discord.ts
index 18855825004..e4fcc4e9c00 100644
--- a/src/channels/plugins/normalize/discord.ts
+++ b/src/channels/plugins/normalize/discord.ts
@@ -1,47 +1,2 @@
-import { parseDiscordTarget } from "../../../discord/targets.js";
-
-export function normalizeDiscordMessagingTarget(raw: string): string | undefined {
-  // Default bare IDs to channels so routing is stable across tool actions.
-  const target = parseDiscordTarget(raw, { defaultKind: "channel" });
-  return target?.normalized;
-}
-
-/**
- * Normalize a Discord outbound target for delivery. Bare numeric IDs are
- * prefixed with "channel:" to avoid the ambiguous-target error in
- * parseDiscordTarget. All other formats pass through unchanged.
- */
-export function normalizeDiscordOutboundTarget(
-  to?: string,
-): { ok: true; to: string } | { ok: false; error: Error } {
-  const trimmed = to?.trim();
-  if (!trimmed) {
-    return {
-      ok: false,
-      error: new Error(
-        'Discord recipient is required. Use "channel:<id>" for channels or "user:<id>" for DMs.',
-      ),
-    };
-  }
-  if (/^\d+$/.test(trimmed)) {
-    return { ok: true, to: `channel:${trimmed}` };
-  }
-  return { ok: true, to: trimmed };
-}
-
-export function looksLikeDiscordTargetId(raw: string): boolean {
-  const trimmed = raw.trim();
-  if (!trimmed) {
-    return false;
-  }
-  if (/^<@!?\d+>$/.test(trimmed)) {
-    return true;
-  }
-  if (/^(user|channel|discord):/i.test(trimmed)) {
-    return true;
-  }
-  if (/^\d{6,}$/.test(trimmed)) {
-    return true;
-  }
-  return false;
-}
+// Shim: re-exports from extension
+export * from "../../../../extensions/discord/src/normalize.js";
diff --git a/src/channels/plugins/normalize/imessage.ts b/src/channels/plugins/normalize/imessage.ts
index 94cb5833819..3b9ecbe1837 100644
--- a/src/channels/plugins/normalize/imessage.ts
+++ b/src/channels/plugins/normalize/imessage.ts
@@ -1,4 +1,4 @@
-import { normalizeIMessageHandle } from "../../../imessage/targets.js";
+import { normalizeIMessageHandle } from "../../../../extensions/imessage/src/targets.js";
 import { looksLikeHandleOrPhoneTarget, trimMessagingTarget } from "./shared.js";
 
 // Service prefixes that indicate explicit delivery method; must be preserved during normalization
diff --git a/src/channels/plugins/normalize/slack.ts b/src/channels/plugins/normalize/slack.ts
index 33dcfb7ee23..52d4c905342 100644
--- a/src/channels/plugins/normalize/slack.ts
+++ b/src/channels/plugins/normalize/slack.ts
@@ -1,4 +1,4 @@
-import { parseSlackTarget } from "../../../slack/targets.js";
+import { parseSlackTarget } from "../../../../extensions/slack/src/targets.js";
 
 export function normalizeSlackMessagingTarget(raw: string): string | undefined {
   const target = parseSlackTarget(raw, { defaultKind: "channel" });
diff --git a/src/channels/plugins/normalize/telegram.test.ts b/src/channels/plugins/normalize/telegram.test.ts
deleted file mode 100644
index 23e90288f0b..00000000000
--- a/src/channels/plugins/normalize/telegram.test.ts
+++ /dev/null
@@ -1,43 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { looksLikeTelegramTargetId, normalizeTelegramMessagingTarget } from "./telegram.js";
-
-describe("normalizeTelegramMessagingTarget", () => {
-  it("normalizes t.me links to prefixed usernames", () => {
-    expect(normalizeTelegramMessagingTarget("https://t.me/MyChannel")).toBe("telegram:@mychannel");
-  });
-
-  it("keeps unprefixed topic targets valid", () => {
-    expect(normalizeTelegramMessagingTarget("@MyChannel:topic:9")).toBe(
-      "telegram:@mychannel:topic:9",
-    );
-    expect(normalizeTelegramMessagingTarget("-1001234567890:topic:456")).toBe(
-      "telegram:-1001234567890:topic:456",
-    );
-  });
-
-  it("keeps legacy prefixed topic targets valid", () => {
-    expect(normalizeTelegramMessagingTarget("telegram:group:-1001234567890:topic:456")).toBe(
-      "telegram:group:-1001234567890:topic:456",
-    );
-    expect(normalizeTelegramMessagingTarget("tg:group:-1001234567890:topic:456")).toBe(
-      "telegram:group:-1001234567890:topic:456",
-    );
-  });
-});
-
-describe("looksLikeTelegramTargetId", () => {
-  it("recognizes unprefixed topic targets", () => {
-    expect(looksLikeTelegramTargetId("@mychannel:topic:9")).toBe(true);
-    expect(looksLikeTelegramTargetId("-1001234567890:topic:456")).toBe(true);
-  });
-
-  it("recognizes legacy prefixed topic targets", () => {
-    expect(looksLikeTelegramTargetId("telegram:group:-1001234567890:topic:456")).toBe(true);
-    expect(looksLikeTelegramTargetId("tg:group:-1001234567890:topic:456")).toBe(true);
-  });
-
-  it("still recognizes normalized lookup targets", () => {
-    expect(looksLikeTelegramTargetId("https://t.me/MyChannel")).toBe(true);
-    expect(looksLikeTelegramTargetId("@mychannel")).toBe(true);
-  });
-});
diff --git a/src/channels/plugins/normalize/telegram.ts b/src/channels/plugins/normalize/telegram.ts
index a21ad160d03..ab3971ff32b 100644
--- a/src/channels/plugins/normalize/telegram.ts
+++ b/src/channels/plugins/normalize/telegram.ts
@@ -1,44 +1 @@
-import { normalizeTelegramLookupTarget, parseTelegramTarget } from "../../../telegram/targets.js";
-
-const TELEGRAM_PREFIX_RE = /^(telegram|tg):/i;
-
-function normalizeTelegramTargetBody(raw: string): string | undefined {
-  const trimmed = raw.trim();
-  if (!trimmed) {
-    return undefined;
-  }
-
-  const prefixStripped = trimmed.replace(TELEGRAM_PREFIX_RE, "").trim();
-  if (!prefixStripped) {
-    return undefined;
-  }
-
-  const parsed = parseTelegramTarget(trimmed);
-  const normalizedChatId = normalizeTelegramLookupTarget(parsed.chatId);
-  if (!normalizedChatId) {
-    return undefined;
-  }
-
-  const keepLegacyGroupPrefix = /^group:/i.test(prefixStripped);
-  const hasTopicSuffix = /:topic:\d+$/i.test(prefixStripped);
-  const chatSegment = keepLegacyGroupPrefix ? `group:${normalizedChatId}` : normalizedChatId;
-  if (parsed.messageThreadId == null) {
-    return chatSegment;
-  }
-  const threadSuffix = hasTopicSuffix
-    ? `:topic:${parsed.messageThreadId}`
-    : `:${parsed.messageThreadId}`;
-  return `${chatSegment}${threadSuffix}`;
-}
-
-export function normalizeTelegramMessagingTarget(raw: string): string | undefined {
-  const normalizedBody = normalizeTelegramTargetBody(raw);
-  if (!normalizedBody) {
-    return undefined;
-  }
-  return `telegram:${normalizedBody}`.toLowerCase();
-}
-
-export function looksLikeTelegramTargetId(raw: string): boolean {
-  return normalizeTelegramTargetBody(raw) !== undefined;
-}
+export * from "../../../../extensions/telegram/src/normalize.js";
diff --git a/src/channels/plugins/normalize/whatsapp.ts b/src/channels/plugins/normalize/whatsapp.ts
index edff8bfe5e1..1e464489818 100644
--- a/src/channels/plugins/normalize/whatsapp.ts
+++ b/src/channels/plugins/normalize/whatsapp.ts
@@ -1,25 +1,2 @@
-import { normalizeWhatsAppTarget } from "../../../whatsapp/normalize.js";
-import { looksLikeHandleOrPhoneTarget, trimMessagingTarget } from "./shared.js";
-
-export function normalizeWhatsAppMessagingTarget(raw: string): string | undefined {
-  const trimmed = trimMessagingTarget(raw);
-  if (!trimmed) {
-    return undefined;
-  }
-  return normalizeWhatsAppTarget(trimmed) ?? undefined;
-}
-
-export function normalizeWhatsAppAllowFromEntries(allowFrom: Array<string | number>): string[] {
-  return allowFrom
-    .map((entry) => String(entry).trim())
-    .filter((entry): entry is string => Boolean(entry))
-    .map((entry) => (entry === "*" ? entry : normalizeWhatsAppTarget(entry)))
-    .filter((entry): entry is string => Boolean(entry));
-}
-
-export function looksLikeWhatsAppTargetId(raw: string): boolean {
-  return looksLikeHandleOrPhoneTarget({
-    raw,
-    prefixPattern: /^whatsapp:/i,
-  });
-}
+// Shim: re-exports from extensions/whatsapp/src/normalize.ts
+export * from "../../../../extensions/whatsapp/src/normalize.js";
diff --git a/src/channels/plugins/onboarding/discord.ts b/src/channels/plugins/onboarding/discord.ts
index d6a8c8df370..34fd42d3b98 100644
--- a/src/channels/plugins/onboarding/discord.ts
+++ b/src/channels/plugins/onboarding/discord.ts
@@ -1,316 +1,2 @@
-import type { OpenClawConfig } from "../../../config/config.js";
-import type { DiscordGuildEntry } from "../../../config/types.discord.js";
-import { hasConfiguredSecretInput } from "../../../config/types.secrets.js";
-import { inspectDiscordAccount } from "../../../discord/account-inspect.js";
-import {
-  listDiscordAccountIds,
-  resolveDefaultDiscordAccountId,
-  resolveDiscordAccount,
-} from "../../../discord/accounts.js";
-import { normalizeDiscordSlug } from "../../../discord/monitor/allow-list.js";
-import {
-  resolveDiscordChannelAllowlist,
-  type DiscordChannelResolution,
-} from "../../../discord/resolve-channels.js";
-import { resolveDiscordUserAllowlist } from "../../../discord/resolve-users.js";
-import { DEFAULT_ACCOUNT_ID } from "../../../routing/session-key.js";
-import { formatDocsLink } from "../../../terminal/links.js";
-import type { WizardPrompter } from "../../../wizard/prompts.js";
-import type { ChannelOnboardingAdapter, ChannelOnboardingDmPolicy } from "../onboarding-types.js";
-import { configureChannelAccessWithAllowlist } from "./channel-access-configure.js";
-import {
-  applySingleTokenPromptResult,
-  parseMentionOrPrefixedId,
-  noteChannelLookupFailure,
-  noteChannelLookupSummary,
-  patchChannelConfigForAccount,
-  promptLegacyChannelAllowFrom,
-  resolveAccountIdForConfigure,
-  resolveOnboardingAccountId,
-  runSingleChannelSecretStep,
-  setAccountGroupPolicyForChannel,
-  setLegacyChannelDmPolicyWithAllowFrom,
-  setOnboardingChannelEnabled,
-} from "./helpers.js";
-
-const channel = "discord" as const;
-
-async function noteDiscordTokenHelp(prompter: WizardPrompter): Promise<void> {
-  await prompter.note(
-    [
-      "1) Discord Developer Portal → Applications → New Application",
-      "2) Bot → Add Bot → Reset Token → copy token",
-      "3) OAuth2 → URL Generator → scope 'bot' → invite to your server",
-      "Tip: enable Message Content Intent if you need message text. (Bot → Privileged Gateway Intents → Message Content Intent)",
-      `Docs: ${formatDocsLink("/discord", "discord")}`,
-    ].join("\n"),
-    "Discord bot token",
-  );
-}
-
-function setDiscordGuildChannelAllowlist(
-  cfg: OpenClawConfig,
-  accountId: string,
-  entries: Array<{
-    guildKey: string;
-    channelKey?: string;
-  }>,
-): OpenClawConfig {
-  const baseGuilds =
-    accountId === DEFAULT_ACCOUNT_ID
-      ? (cfg.channels?.discord?.guilds ?? {})
-      : (cfg.channels?.discord?.accounts?.[accountId]?.guilds ?? {});
-  const guilds: Record<string, DiscordGuildEntry> = { ...baseGuilds };
-  for (const entry of entries) {
-    const guildKey = entry.guildKey || "*";
-    const existing = guilds[guildKey] ?? {};
-    if (entry.channelKey) {
-      const channels = { ...existing.channels };
-      channels[entry.channelKey] = { allow: true };
-      guilds[guildKey] = { ...existing, channels };
-    } else {
-      guilds[guildKey] = existing;
-    }
-  }
-  return patchChannelConfigForAccount({
-    cfg,
-    channel: "discord",
-    accountId,
-    patch: { guilds },
-  });
-}
-
-async function promptDiscordAllowFrom(params: {
-  cfg: OpenClawConfig;
-  prompter: WizardPrompter;
-  accountId?: string;
-}): Promise<OpenClawConfig> {
-  const accountId = resolveOnboardingAccountId({
-    accountId: params.accountId,
-    defaultAccountId: resolveDefaultDiscordAccountId(params.cfg),
-  });
-  const resolved = resolveDiscordAccount({ cfg: params.cfg, accountId });
-  const token = resolved.token;
-  const existing =
-    params.cfg.channels?.discord?.allowFrom ?? params.cfg.channels?.discord?.dm?.allowFrom ?? [];
-  const parseId = (value: string) =>
-    parseMentionOrPrefixedId({
-      value,
-      mentionPattern: /^<@!?(\d+)>$/,
-      prefixPattern: /^(user:|discord:)/i,
-      idPattern: /^\d+$/,
-    });
-
-  return promptLegacyChannelAllowFrom({
-    cfg: params.cfg,
-    channel: "discord",
-    prompter: params.prompter,
-    existing,
-    token,
-    noteTitle: "Discord allowlist",
-    noteLines: [
-      "Allowlist Discord DMs by username (we resolve to user ids).",
-      "Examples:",
-      "- 123456789012345678",
-      "- @alice",
-      "- alice#1234",
-      "Multiple entries: comma-separated.",
-      `Docs: ${formatDocsLink("/discord", "discord")}`,
-    ],
-    message: "Discord allowFrom (usernames or ids)",
-    placeholder: "@alice, 123456789012345678",
-    parseId,
-    invalidWithoutTokenNote: "Bot token missing; use numeric user ids (or mention form) only.",
-    resolveEntries: ({ token, entries }) =>
-      resolveDiscordUserAllowlist({
-        token,
-        entries,
-      }),
-  });
-}
-
-const dmPolicy: ChannelOnboardingDmPolicy = {
-  label: "Discord",
-  channel,
-  policyKey: "channels.discord.dmPolicy",
-  allowFromKey: "channels.discord.allowFrom",
-  getCurrent: (cfg) =>
-    cfg.channels?.discord?.dmPolicy ?? cfg.channels?.discord?.dm?.policy ?? "pairing",
-  setPolicy: (cfg, policy) =>
-    setLegacyChannelDmPolicyWithAllowFrom({
-      cfg,
-      channel: "discord",
-      dmPolicy: policy,
-    }),
-  promptAllowFrom: promptDiscordAllowFrom,
-};
-
-export const discordOnboardingAdapter: ChannelOnboardingAdapter = {
-  channel,
-  getStatus: async ({ cfg }) => {
-    const configured = listDiscordAccountIds(cfg).some((accountId) => {
-      const account = inspectDiscordAccount({ cfg, accountId });
-      return account.configured;
-    });
-    return {
-      channel,
-      configured,
-      statusLines: [`Discord: ${configured ? "configured" : "needs token"}`],
-      selectionHint: configured ? "configured" : "needs token",
-      quickstartScore: configured ? 2 : 1,
-    };
-  },
-  configure: async ({ cfg, prompter, options, accountOverrides, shouldPromptAccountIds }) => {
-    const defaultDiscordAccountId = resolveDefaultDiscordAccountId(cfg);
-    const discordAccountId = await resolveAccountIdForConfigure({
-      cfg,
-      prompter,
-      label: "Discord",
-      accountOverride: accountOverrides.discord,
-      shouldPromptAccountIds,
-      listAccountIds: listDiscordAccountIds,
-      defaultAccountId: defaultDiscordAccountId,
-    });
-
-    let next = cfg;
-    const resolvedAccount = resolveDiscordAccount({
-      cfg: next,
-      accountId: discordAccountId,
-    });
-    const allowEnv = discordAccountId === DEFAULT_ACCOUNT_ID;
-    const tokenStep = await runSingleChannelSecretStep({
-      cfg: next,
-      prompter,
-      providerHint: "discord",
-      credentialLabel: "Discord bot token",
-      secretInputMode: options?.secretInputMode,
-      accountConfigured: Boolean(resolvedAccount.token),
-      hasConfigToken: hasConfiguredSecretInput(resolvedAccount.config.token),
-      allowEnv,
-      envValue: process.env.DISCORD_BOT_TOKEN,
-      envPrompt: "DISCORD_BOT_TOKEN detected. Use env var?",
-      keepPrompt: "Discord token already configured. Keep it?",
-      inputPrompt: "Enter Discord bot token",
-      preferredEnvVar: allowEnv ? "DISCORD_BOT_TOKEN" : undefined,
-      onMissingConfigured: async () => await noteDiscordTokenHelp(prompter),
-      applyUseEnv: async (cfg) =>
-        applySingleTokenPromptResult({
-          cfg,
-          channel: "discord",
-          accountId: discordAccountId,
-          tokenPatchKey: "token",
-          tokenResult: { useEnv: true, token: null },
-        }),
-      applySet: async (cfg, value) =>
-        applySingleTokenPromptResult({
-          cfg,
-          channel: "discord",
-          accountId: discordAccountId,
-          tokenPatchKey: "token",
-          tokenResult: { useEnv: false, token: value },
-        }),
-    });
-    next = tokenStep.cfg;
-
-    const currentEntries = Object.entries(resolvedAccount.config.guilds ?? {}).flatMap(
-      ([guildKey, value]) => {
-        const channels = value?.channels ?? {};
-        const channelKeys = Object.keys(channels);
-        if (channelKeys.length === 0) {
-          const input = /^\d+$/.test(guildKey) ? `guild:${guildKey}` : guildKey;
-          return [input];
-        }
-        return channelKeys.map((channelKey) => `${guildKey}/${channelKey}`);
-      },
-    );
-    next = await configureChannelAccessWithAllowlist({
-      cfg: next,
-      prompter,
-      label: "Discord channels",
-      currentPolicy: resolvedAccount.config.groupPolicy ?? "allowlist",
-      currentEntries,
-      placeholder: "My Server/#general, guildId/channelId, #support",
-      updatePrompt: Boolean(resolvedAccount.config.guilds),
-      setPolicy: (cfg, policy) =>
-        setAccountGroupPolicyForChannel({
-          cfg,
-          channel: "discord",
-          accountId: discordAccountId,
-          groupPolicy: policy,
-        }),
-      resolveAllowlist: async ({ cfg, entries }) => {
-        const accountWithTokens = resolveDiscordAccount({
-          cfg,
-          accountId: discordAccountId,
-        });
-        let resolved: DiscordChannelResolution[] = entries.map((input) => ({
-          input,
-          resolved: false,
-        }));
-        const activeToken = accountWithTokens.token || tokenStep.resolvedValue || "";
-        if (activeToken && entries.length > 0) {
-          try {
-            resolved = await resolveDiscordChannelAllowlist({
-              token: activeToken,
-              entries,
-            });
-            const resolvedChannels = resolved.filter((entry) => entry.resolved && entry.channelId);
-            const resolvedGuilds = resolved.filter(
-              (entry) => entry.resolved && entry.guildId && !entry.channelId,
-            );
-            const unresolved = resolved
-              .filter((entry) => !entry.resolved)
-              .map((entry) => entry.input);
-            await noteChannelLookupSummary({
-              prompter,
-              label: "Discord channels",
-              resolvedSections: [
-                {
-                  title: "Resolved channels",
-                  values: resolvedChannels
-                    .map((entry) => entry.channelId)
-                    .filter((value): value is string => Boolean(value)),
-                },
-                {
-                  title: "Resolved guilds",
-                  values: resolvedGuilds
-                    .map((entry) => entry.guildId)
-                    .filter((value): value is string => Boolean(value)),
-                },
-              ],
-              unresolved,
-            });
-          } catch (err) {
-            await noteChannelLookupFailure({
-              prompter,
-              label: "Discord channels",
-              error: err,
-            });
-          }
-        }
-        return resolved;
-      },
-      applyAllowlist: ({ cfg, resolved }) => {
-        const allowlistEntries: Array<{ guildKey: string; channelKey?: string }> = [];
-        for (const entry of resolved) {
-          const guildKey =
-            entry.guildId ??
-            (entry.guildName ? normalizeDiscordSlug(entry.guildName) : undefined) ??
-            "*";
-          const channelKey =
-            entry.channelId ??
-            (entry.channelName ? normalizeDiscordSlug(entry.channelName) : undefined);
-          if (!channelKey && guildKey === "*") {
-            continue;
-          }
-          allowlistEntries.push({ guildKey, ...(channelKey ? { channelKey } : {}) });
-        }
-        return setDiscordGuildChannelAllowlist(cfg, discordAccountId, allowlistEntries);
-      },
-    });
-
-    return { cfg: next, accountId: discordAccountId };
-  },
-  dmPolicy,
-  disable: (cfg) => setOnboardingChannelEnabled(cfg, channel, false),
-};
+// Shim: re-exports from extension
+export * from "../../../../extensions/discord/src/onboarding.js";
diff --git a/src/channels/plugins/onboarding/imessage.ts b/src/channels/plugins/onboarding/imessage.ts
index 7e89047e971..b4941ebd82e 100644
--- a/src/channels/plugins/onboarding/imessage.ts
+++ b/src/channels/plugins/onboarding/imessage.ts
@@ -1,11 +1,11 @@
-import { detectBinary } from "../../../commands/onboard-helpers.js";
-import type { OpenClawConfig } from "../../../config/config.js";
 import {
   listIMessageAccountIds,
   resolveDefaultIMessageAccountId,
   resolveIMessageAccount,
-} from "../../../imessage/accounts.js";
-import { normalizeIMessageHandle } from "../../../imessage/targets.js";
+} from "../../../../extensions/imessage/src/accounts.js";
+import { normalizeIMessageHandle } from "../../../../extensions/imessage/src/targets.js";
+import { detectBinary } from "../../../commands/onboard-helpers.js";
+import type { OpenClawConfig } from "../../../config/config.js";
 import { formatDocsLink } from "../../../terminal/links.js";
 import type { WizardPrompter } from "../../../wizard/prompts.js";
 import type { ChannelOnboardingAdapter, ChannelOnboardingDmPolicy } from "../onboarding-types.js";
diff --git a/src/channels/plugins/onboarding/signal.ts b/src/channels/plugins/onboarding/signal.ts
index ce48be2aa7f..6609d4bbd76 100644
--- a/src/channels/plugins/onboarding/signal.ts
+++ b/src/channels/plugins/onboarding/signal.ts
@@ -1,12 +1,12 @@
-import { formatCliCommand } from "../../../cli/command-format.js";
-import { detectBinary } from "../../../commands/onboard-helpers.js";
-import { installSignalCli } from "../../../commands/signal-install.js";
-import type { OpenClawConfig } from "../../../config/config.js";
 import {
   listSignalAccountIds,
   resolveDefaultSignalAccountId,
   resolveSignalAccount,
-} from "../../../signal/accounts.js";
+} from "../../../../extensions/signal/src/accounts.js";
+import { formatCliCommand } from "../../../cli/command-format.js";
+import { detectBinary } from "../../../commands/onboard-helpers.js";
+import { installSignalCli } from "../../../commands/signal-install.js";
+import type { OpenClawConfig } from "../../../config/config.js";
 import { formatDocsLink } from "../../../terminal/links.js";
 import { normalizeE164 } from "../../../utils.js";
 import type { WizardPrompter } from "../../../wizard/prompts.js";
diff --git a/src/channels/plugins/onboarding/slack.ts b/src/channels/plugins/onboarding/slack.ts
index 0cceb859e4d..8b956edcd23 100644
--- a/src/channels/plugins/onboarding/slack.ts
+++ b/src/channels/plugins/onboarding/slack.ts
@@ -1,14 +1,14 @@
-import type { OpenClawConfig } from "../../../config/config.js";
-import { hasConfiguredSecretInput } from "../../../config/types.secrets.js";
-import { DEFAULT_ACCOUNT_ID } from "../../../routing/session-key.js";
-import { inspectSlackAccount } from "../../../slack/account-inspect.js";
+import { inspectSlackAccount } from "../../../../extensions/slack/src/account-inspect.js";
 import {
   listSlackAccountIds,
   resolveDefaultSlackAccountId,
   resolveSlackAccount,
-} from "../../../slack/accounts.js";
-import { resolveSlackChannelAllowlist } from "../../../slack/resolve-channels.js";
-import { resolveSlackUserAllowlist } from "../../../slack/resolve-users.js";
+} from "../../../../extensions/slack/src/accounts.js";
+import { resolveSlackChannelAllowlist } from "../../../../extensions/slack/src/resolve-channels.js";
+import { resolveSlackUserAllowlist } from "../../../../extensions/slack/src/resolve-users.js";
+import type { OpenClawConfig } from "../../../config/config.js";
+import { hasConfiguredSecretInput } from "../../../config/types.secrets.js";
+import { DEFAULT_ACCOUNT_ID } from "../../../routing/session-key.js";
 import { formatDocsLink } from "../../../terminal/links.js";
 import type { WizardPrompter } from "../../../wizard/prompts.js";
 import type { ChannelOnboardingAdapter, ChannelOnboardingDmPolicy } from "../onboarding-types.js";
diff --git a/src/channels/plugins/onboarding/telegram.test.ts b/src/channels/plugins/onboarding/telegram.test.ts
deleted file mode 100644
index 98661ec9966..00000000000
--- a/src/channels/plugins/onboarding/telegram.test.ts
+++ /dev/null
@@ -1,23 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { normalizeTelegramAllowFromInput, parseTelegramAllowFromId } from "./telegram.js";
-
-describe("normalizeTelegramAllowFromInput", () => {
-  it("strips telegram/tg prefixes and trims whitespace", () => {
-    expect(normalizeTelegramAllowFromInput(" telegram:123 ")).toBe("123");
-    expect(normalizeTelegramAllowFromInput("tg:@alice")).toBe("@alice");
-    expect(normalizeTelegramAllowFromInput("  @bob  ")).toBe("@bob");
-  });
-});
-
-describe("parseTelegramAllowFromId", () => {
-  it("accepts numeric ids with optional prefixes", () => {
-    expect(parseTelegramAllowFromId("12345")).toBe("12345");
-    expect(parseTelegramAllowFromId("telegram:98765")).toBe("98765");
-    expect(parseTelegramAllowFromId("tg:2468")).toBe("2468");
-  });
-
-  it("rejects non-numeric values", () => {
-    expect(parseTelegramAllowFromId("@alice")).toBeNull();
-    expect(parseTelegramAllowFromId("tg:alice")).toBeNull();
-  });
-});
diff --git a/src/channels/plugins/onboarding/telegram.ts b/src/channels/plugins/onboarding/telegram.ts
index 2c37c24bcee..772f7d1ce71 100644
--- a/src/channels/plugins/onboarding/telegram.ts
+++ b/src/channels/plugins/onboarding/telegram.ts
@@ -1,243 +1 @@
-import { formatCliCommand } from "../../../cli/command-format.js";
-import type { OpenClawConfig } from "../../../config/config.js";
-import { hasConfiguredSecretInput } from "../../../config/types.secrets.js";
-import { DEFAULT_ACCOUNT_ID } from "../../../routing/session-key.js";
-import { inspectTelegramAccount } from "../../../telegram/account-inspect.js";
-import {
-  listTelegramAccountIds,
-  resolveDefaultTelegramAccountId,
-  resolveTelegramAccount,
-} from "../../../telegram/accounts.js";
-import { formatDocsLink } from "../../../terminal/links.js";
-import type { WizardPrompter } from "../../../wizard/prompts.js";
-import { fetchTelegramChatId } from "../../telegram/api.js";
-import type { ChannelOnboardingAdapter, ChannelOnboardingDmPolicy } from "../onboarding-types.js";
-import {
-  applySingleTokenPromptResult,
-  patchChannelConfigForAccount,
-  promptResolvedAllowFrom,
-  resolveAccountIdForConfigure,
-  resolveOnboardingAccountId,
-  runSingleChannelSecretStep,
-  setChannelDmPolicyWithAllowFrom,
-  setOnboardingChannelEnabled,
-  splitOnboardingEntries,
-} from "./helpers.js";
-
-const channel = "telegram" as const;
-
-async function noteTelegramTokenHelp(prompter: WizardPrompter): Promise<void> {
-  await prompter.note(
-    [
-      "1) Open Telegram and chat with @BotFather",
-      "2) Run /newbot (or /mybots)",
-      "3) Copy the token (looks like 123456:ABC...)",
-      "Tip: you can also set TELEGRAM_BOT_TOKEN in your env.",
-      `Docs: ${formatDocsLink("/telegram")}`,
-      "Website: https://openclaw.ai",
-    ].join("\n"),
-    "Telegram bot token",
-  );
-}
-
-async function noteTelegramUserIdHelp(prompter: WizardPrompter): Promise<void> {
-  await prompter.note(
-    [
-      `1) DM your bot, then read from.id in \`${formatCliCommand("openclaw logs --follow")}\` (safest)`,
-      "2) Or call https://api.telegram.org/bot<bot_token>/getUpdates and read message.from.id",
-      "3) Third-party: DM @userinfobot or @getidsbot",
-      `Docs: ${formatDocsLink("/telegram")}`,
-      "Website: https://openclaw.ai",
-    ].join("\n"),
-    "Telegram user id",
-  );
-}
-
-export function normalizeTelegramAllowFromInput(raw: string): string {
-  return raw
-    .trim()
-    .replace(/^(telegram|tg):/i, "")
-    .trim();
-}
-
-export function parseTelegramAllowFromId(raw: string): string | null {
-  const stripped = normalizeTelegramAllowFromInput(raw);
-  return /^\d+$/.test(stripped) ? stripped : null;
-}
-
-async function promptTelegramAllowFrom(params: {
-  cfg: OpenClawConfig;
-  prompter: WizardPrompter;
-  accountId: string;
-  tokenOverride?: string;
-}): Promise<OpenClawConfig> {
-  const { cfg, prompter, accountId } = params;
-  const resolved = resolveTelegramAccount({ cfg, accountId });
-  const existingAllowFrom = resolved.config.allowFrom ?? [];
-  await noteTelegramUserIdHelp(prompter);
-
-  const token = params.tokenOverride?.trim() || resolved.token;
-  if (!token) {
-    await prompter.note("Telegram token missing; username lookup is unavailable.", "Telegram");
-  }
-  const unique = await promptResolvedAllowFrom({
-    prompter,
-    existing: existingAllowFrom,
-    token,
-    message: "Telegram allowFrom (numeric sender id; @username resolves to id)",
-    placeholder: "@username",
-    label: "Telegram allowlist",
-    parseInputs: splitOnboardingEntries,
-    parseId: parseTelegramAllowFromId,
-    invalidWithoutTokenNote:
-      "Telegram token missing; use numeric sender ids (usernames require a bot token).",
-    resolveEntries: async ({ token: tokenValue, entries }) => {
-      const results = await Promise.all(
-        entries.map(async (entry) => {
-          const numericId = parseTelegramAllowFromId(entry);
-          if (numericId) {
-            return { input: entry, resolved: true, id: numericId };
-          }
-          const stripped = normalizeTelegramAllowFromInput(entry);
-          if (!stripped) {
-            return { input: entry, resolved: false, id: null };
-          }
-          const username = stripped.startsWith("@") ? stripped : `@${stripped}`;
-          const id = await fetchTelegramChatId({ token: tokenValue, chatId: username });
-          return { input: entry, resolved: Boolean(id), id };
-        }),
-      );
-      return results;
-    },
-  });
-
-  return patchChannelConfigForAccount({
-    cfg,
-    channel: "telegram",
-    accountId,
-    patch: { dmPolicy: "allowlist", allowFrom: unique },
-  });
-}
-
-async function promptTelegramAllowFromForAccount(params: {
-  cfg: OpenClawConfig;
-  prompter: WizardPrompter;
-  accountId?: string;
-}): Promise<OpenClawConfig> {
-  const accountId = resolveOnboardingAccountId({
-    accountId: params.accountId,
-    defaultAccountId: resolveDefaultTelegramAccountId(params.cfg),
-  });
-  return promptTelegramAllowFrom({
-    cfg: params.cfg,
-    prompter: params.prompter,
-    accountId,
-  });
-}
-
-const dmPolicy: ChannelOnboardingDmPolicy = {
-  label: "Telegram",
-  channel,
-  policyKey: "channels.telegram.dmPolicy",
-  allowFromKey: "channels.telegram.allowFrom",
-  getCurrent: (cfg) => cfg.channels?.telegram?.dmPolicy ?? "pairing",
-  setPolicy: (cfg, policy) =>
-    setChannelDmPolicyWithAllowFrom({
-      cfg,
-      channel: "telegram",
-      dmPolicy: policy,
-    }),
-  promptAllowFrom: promptTelegramAllowFromForAccount,
-};
-
-export const telegramOnboardingAdapter: ChannelOnboardingAdapter = {
-  channel,
-  getStatus: async ({ cfg }) => {
-    const configured = listTelegramAccountIds(cfg).some((accountId) => {
-      const account = inspectTelegramAccount({ cfg, accountId });
-      return account.configured;
-    });
-    return {
-      channel,
-      configured,
-      statusLines: [`Telegram: ${configured ? "configured" : "needs token"}`],
-      selectionHint: configured ? "recommended · configured" : "recommended · newcomer-friendly",
-      quickstartScore: configured ? 1 : 10,
-    };
-  },
-  configure: async ({
-    cfg,
-    prompter,
-    options,
-    accountOverrides,
-    shouldPromptAccountIds,
-    forceAllowFrom,
-  }) => {
-    const defaultTelegramAccountId = resolveDefaultTelegramAccountId(cfg);
-    const telegramAccountId = await resolveAccountIdForConfigure({
-      cfg,
-      prompter,
-      label: "Telegram",
-      accountOverride: accountOverrides.telegram,
-      shouldPromptAccountIds,
-      listAccountIds: listTelegramAccountIds,
-      defaultAccountId: defaultTelegramAccountId,
-    });
-
-    let next = cfg;
-    const resolvedAccount = resolveTelegramAccount({
-      cfg: next,
-      accountId: telegramAccountId,
-    });
-    const hasConfiguredBotToken = hasConfiguredSecretInput(resolvedAccount.config.botToken);
-    const hasConfigToken =
-      hasConfiguredBotToken || Boolean(resolvedAccount.config.tokenFile?.trim());
-    const allowEnv = telegramAccountId === DEFAULT_ACCOUNT_ID;
-    const tokenStep = await runSingleChannelSecretStep({
-      cfg: next,
-      prompter,
-      providerHint: "telegram",
-      credentialLabel: "Telegram bot token",
-      secretInputMode: options?.secretInputMode,
-      accountConfigured: Boolean(resolvedAccount.token) || hasConfigToken,
-      hasConfigToken,
-      allowEnv,
-      envValue: process.env.TELEGRAM_BOT_TOKEN,
-      envPrompt: "TELEGRAM_BOT_TOKEN detected. Use env var?",
-      keepPrompt: "Telegram token already configured. Keep it?",
-      inputPrompt: "Enter Telegram bot token",
-      preferredEnvVar: allowEnv ? "TELEGRAM_BOT_TOKEN" : undefined,
-      onMissingConfigured: async () => await noteTelegramTokenHelp(prompter),
-      applyUseEnv: async (cfg) =>
-        applySingleTokenPromptResult({
-          cfg,
-          channel: "telegram",
-          accountId: telegramAccountId,
-          tokenPatchKey: "botToken",
-          tokenResult: { useEnv: true, token: null },
-        }),
-      applySet: async (cfg, value) =>
-        applySingleTokenPromptResult({
-          cfg,
-          channel: "telegram",
-          accountId: telegramAccountId,
-          tokenPatchKey: "botToken",
-          tokenResult: { useEnv: false, token: value },
-        }),
-    });
-    next = tokenStep.cfg;
-
-    if (forceAllowFrom) {
-      next = await promptTelegramAllowFrom({
-        cfg: next,
-        prompter,
-        accountId: telegramAccountId,
-        tokenOverride: tokenStep.resolvedValue,
-      });
-    }
-
-    return { cfg: next, accountId: telegramAccountId };
-  },
-  dmPolicy,
-  disable: (cfg) => setOnboardingChannelEnabled(cfg, channel, false),
-};
+export * from "../../../../extensions/telegram/src/onboarding.js";
diff --git a/src/channels/plugins/onboarding/whatsapp.ts b/src/channels/plugins/onboarding/whatsapp.ts
index 4b0d9ceda14..e2694f8d7c5 100644
--- a/src/channels/plugins/onboarding/whatsapp.ts
+++ b/src/channels/plugins/onboarding/whatsapp.ts
@@ -1,354 +1,2 @@
-import path from "node:path";
-import { loginWeb } from "../../../channel-web.js";
-import { formatCliCommand } from "../../../cli/command-format.js";
-import type { OpenClawConfig } from "../../../config/config.js";
-import { mergeWhatsAppConfig } from "../../../config/merge-config.js";
-import type { DmPolicy } from "../../../config/types.js";
-import { DEFAULT_ACCOUNT_ID } from "../../../routing/session-key.js";
-import type { RuntimeEnv } from "../../../runtime.js";
-import { formatDocsLink } from "../../../terminal/links.js";
-import { normalizeE164, pathExists } from "../../../utils.js";
-import {
-  listWhatsAppAccountIds,
-  resolveDefaultWhatsAppAccountId,
-  resolveWhatsAppAuthDir,
-} from "../../../web/accounts.js";
-import type { WizardPrompter } from "../../../wizard/prompts.js";
-import type { ChannelOnboardingAdapter } from "../onboarding-types.js";
-import {
-  normalizeAllowFromEntries,
-  resolveAccountIdForConfigure,
-  resolveOnboardingAccountId,
-  splitOnboardingEntries,
-} from "./helpers.js";
-
-const channel = "whatsapp" as const;
-
-function setWhatsAppDmPolicy(cfg: OpenClawConfig, dmPolicy: DmPolicy): OpenClawConfig {
-  return mergeWhatsAppConfig(cfg, { dmPolicy });
-}
-
-function setWhatsAppAllowFrom(cfg: OpenClawConfig, allowFrom?: string[]): OpenClawConfig {
-  return mergeWhatsAppConfig(cfg, { allowFrom }, { unsetOnUndefined: ["allowFrom"] });
-}
-
-function setWhatsAppSelfChatMode(cfg: OpenClawConfig, selfChatMode: boolean): OpenClawConfig {
-  return mergeWhatsAppConfig(cfg, { selfChatMode });
-}
-
-async function detectWhatsAppLinked(cfg: OpenClawConfig, accountId: string): Promise<boolean> {
-  const { authDir } = resolveWhatsAppAuthDir({ cfg, accountId });
-  const credsPath = path.join(authDir, "creds.json");
-  return await pathExists(credsPath);
-}
-
-async function promptWhatsAppOwnerAllowFrom(params: {
-  prompter: WizardPrompter;
-  existingAllowFrom: string[];
-}): Promise<{ normalized: string; allowFrom: string[] }> {
-  const { prompter, existingAllowFrom } = params;
-
-  await prompter.note(
-    "We need the sender/owner number so OpenClaw can allowlist you.",
-    "WhatsApp number",
-  );
-  const entry = await prompter.text({
-    message: "Your personal WhatsApp number (the phone you will message from)",
-    placeholder: "+15555550123",
-    initialValue: existingAllowFrom[0],
-    validate: (value) => {
-      const raw = String(value ?? "").trim();
-      if (!raw) {
-        return "Required";
-      }
-      const normalized = normalizeE164(raw);
-      if (!normalized) {
-        return `Invalid number: ${raw}`;
-      }
-      return undefined;
-    },
-  });
-
-  const normalized = normalizeE164(String(entry).trim());
-  if (!normalized) {
-    throw new Error("Invalid WhatsApp owner number (expected E.164 after validation).");
-  }
-  const allowFrom = normalizeAllowFromEntries(
-    [...existingAllowFrom.filter((item) => item !== "*"), normalized],
-    normalizeE164,
-  );
-  return { normalized, allowFrom };
-}
-
-async function applyWhatsAppOwnerAllowlist(params: {
-  cfg: OpenClawConfig;
-  prompter: WizardPrompter;
-  existingAllowFrom: string[];
-  title: string;
-  messageLines: string[];
-}): Promise<OpenClawConfig> {
-  const { normalized, allowFrom } = await promptWhatsAppOwnerAllowFrom({
-    prompter: params.prompter,
-    existingAllowFrom: params.existingAllowFrom,
-  });
-  let next = setWhatsAppSelfChatMode(params.cfg, true);
-  next = setWhatsAppDmPolicy(next, "allowlist");
-  next = setWhatsAppAllowFrom(next, allowFrom);
-  await params.prompter.note(
-    [...params.messageLines, `- allowFrom includes ${normalized}`].join("\n"),
-    params.title,
-  );
-  return next;
-}
-
-function parseWhatsAppAllowFromEntries(raw: string): { entries: string[]; invalidEntry?: string } {
-  const parts = splitOnboardingEntries(raw);
-  if (parts.length === 0) {
-    return { entries: [] };
-  }
-  const entries: string[] = [];
-  for (const part of parts) {
-    if (part === "*") {
-      entries.push("*");
-      continue;
-    }
-    const normalized = normalizeE164(part);
-    if (!normalized) {
-      return { entries: [], invalidEntry: part };
-    }
-    entries.push(normalized);
-  }
-  return { entries: normalizeAllowFromEntries(entries, normalizeE164) };
-}
-
-async function promptWhatsAppAllowFrom(
-  cfg: OpenClawConfig,
-  _runtime: RuntimeEnv,
-  prompter: WizardPrompter,
-  options?: { forceAllowlist?: boolean },
-): Promise<OpenClawConfig> {
-  const existingPolicy = cfg.channels?.whatsapp?.dmPolicy ?? "pairing";
-  const existingAllowFrom = cfg.channels?.whatsapp?.allowFrom ?? [];
-  const existingLabel = existingAllowFrom.length > 0 ? existingAllowFrom.join(", ") : "unset";
-
-  if (options?.forceAllowlist) {
-    return await applyWhatsAppOwnerAllowlist({
-      cfg,
-      prompter,
-      existingAllowFrom,
-      title: "WhatsApp allowlist",
-      messageLines: ["Allowlist mode enabled."],
-    });
-  }
-
-  await prompter.note(
-    [
-      "WhatsApp direct chats are gated by `channels.whatsapp.dmPolicy` + `channels.whatsapp.allowFrom`.",
-      "- pairing (default): unknown senders get a pairing code; owner approves",
-      "- allowlist: unknown senders are blocked",
-      '- open: public inbound DMs (requires allowFrom to include "*")',
-      "- disabled: ignore WhatsApp DMs",
-      "",
-      `Current: dmPolicy=${existingPolicy}, allowFrom=${existingLabel}`,
-      `Docs: ${formatDocsLink("/whatsapp", "whatsapp")}`,
-    ].join("\n"),
-    "WhatsApp DM access",
-  );
-
-  const phoneMode = await prompter.select({
-    message: "WhatsApp phone setup",
-    options: [
-      { value: "personal", label: "This is my personal phone number" },
-      { value: "separate", label: "Separate phone just for OpenClaw" },
-    ],
-  });
-
-  if (phoneMode === "personal") {
-    return await applyWhatsAppOwnerAllowlist({
-      cfg,
-      prompter,
-      existingAllowFrom,
-      title: "WhatsApp personal phone",
-      messageLines: [
-        "Personal phone mode enabled.",
-        "- dmPolicy set to allowlist (pairing skipped)",
-      ],
-    });
-  }
-
-  const policy = (await prompter.select({
-    message: "WhatsApp DM policy",
-    options: [
-      { value: "pairing", label: "Pairing (recommended)" },
-      { value: "allowlist", label: "Allowlist only (block unknown senders)" },
-      { value: "open", label: "Open (public inbound DMs)" },
-      { value: "disabled", label: "Disabled (ignore WhatsApp DMs)" },
-    ],
-  })) as DmPolicy;
-
-  let next = setWhatsAppSelfChatMode(cfg, false);
-  next = setWhatsAppDmPolicy(next, policy);
-  if (policy === "open") {
-    const allowFrom = normalizeAllowFromEntries(["*", ...existingAllowFrom], normalizeE164);
-    next = setWhatsAppAllowFrom(next, allowFrom.length > 0 ? allowFrom : ["*"]);
-    return next;
-  }
-  if (policy === "disabled") {
-    return next;
-  }
-
-  const allowOptions =
-    existingAllowFrom.length > 0
-      ? ([
-          { value: "keep", label: "Keep current allowFrom" },
-          {
-            value: "unset",
-            label: "Unset allowFrom (use pairing approvals only)",
-          },
-          { value: "list", label: "Set allowFrom to specific numbers" },
-        ] as const)
-      : ([
-          { value: "unset", label: "Unset allowFrom (default)" },
-          { value: "list", label: "Set allowFrom to specific numbers" },
-        ] as const);
-
-  const mode = await prompter.select({
-    message: "WhatsApp allowFrom (optional pre-allowlist)",
-    options: allowOptions.map((opt) => ({
-      value: opt.value,
-      label: opt.label,
-    })),
-  });
-
-  if (mode === "keep") {
-    // Keep allowFrom as-is.
-  } else if (mode === "unset") {
-    next = setWhatsAppAllowFrom(next, undefined);
-  } else {
-    const allowRaw = await prompter.text({
-      message: "Allowed sender numbers (comma-separated, E.164)",
-      placeholder: "+15555550123, +447700900123",
-      validate: (value) => {
-        const raw = String(value ?? "").trim();
-        if (!raw) {
-          return "Required";
-        }
-        const parsed = parseWhatsAppAllowFromEntries(raw);
-        if (parsed.entries.length === 0 && !parsed.invalidEntry) {
-          return "Required";
-        }
-        if (parsed.invalidEntry) {
-          return `Invalid number: ${parsed.invalidEntry}`;
-        }
-        return undefined;
-      },
-    });
-
-    const parsed = parseWhatsAppAllowFromEntries(String(allowRaw));
-    next = setWhatsAppAllowFrom(next, parsed.entries);
-  }
-
-  return next;
-}
-
-export const whatsappOnboardingAdapter: ChannelOnboardingAdapter = {
-  channel,
-  getStatus: async ({ cfg, accountOverrides }) => {
-    const defaultAccountId = resolveDefaultWhatsAppAccountId(cfg);
-    const accountId = resolveOnboardingAccountId({
-      accountId: accountOverrides.whatsapp,
-      defaultAccountId,
-    });
-    const linked = await detectWhatsAppLinked(cfg, accountId);
-    const accountLabel = accountId === DEFAULT_ACCOUNT_ID ? "default" : accountId;
-    return {
-      channel,
-      configured: linked,
-      statusLines: [`WhatsApp (${accountLabel}): ${linked ? "linked" : "not linked"}`],
-      selectionHint: linked ? "linked" : "not linked",
-      quickstartScore: linked ? 5 : 4,
-    };
-  },
-  configure: async ({
-    cfg,
-    runtime,
-    prompter,
-    options,
-    accountOverrides,
-    shouldPromptAccountIds,
-    forceAllowFrom,
-  }) => {
-    const accountId = await resolveAccountIdForConfigure({
-      cfg,
-      prompter,
-      label: "WhatsApp",
-      accountOverride: accountOverrides.whatsapp,
-      shouldPromptAccountIds: Boolean(shouldPromptAccountIds || options?.promptWhatsAppAccountId),
-      listAccountIds: listWhatsAppAccountIds,
-      defaultAccountId: resolveDefaultWhatsAppAccountId(cfg),
-    });
-
-    let next = cfg;
-    if (accountId !== DEFAULT_ACCOUNT_ID) {
-      next = {
-        ...next,
-        channels: {
-          ...next.channels,
-          whatsapp: {
-            ...next.channels?.whatsapp,
-            accounts: {
-              ...next.channels?.whatsapp?.accounts,
-              [accountId]: {
-                ...next.channels?.whatsapp?.accounts?.[accountId],
-                enabled: next.channels?.whatsapp?.accounts?.[accountId]?.enabled ?? true,
-              },
-            },
-          },
-        },
-      };
-    }
-
-    const linked = await detectWhatsAppLinked(next, accountId);
-    const { authDir } = resolveWhatsAppAuthDir({
-      cfg: next,
-      accountId,
-    });
-
-    if (!linked) {
-      await prompter.note(
-        [
-          "Scan the QR with WhatsApp on your phone.",
-          `Credentials are stored under ${authDir}/ for future runs.`,
-          `Docs: ${formatDocsLink("/whatsapp", "whatsapp")}`,
-        ].join("\n"),
-        "WhatsApp linking",
-      );
-    }
-    const wantsLink = await prompter.confirm({
-      message: linked ? "WhatsApp already linked. Re-link now?" : "Link WhatsApp now (QR)?",
-      initialValue: !linked,
-    });
-    if (wantsLink) {
-      try {
-        await loginWeb(false, undefined, runtime, accountId);
-      } catch (err) {
-        runtime.error(`WhatsApp login failed: ${String(err)}`);
-        await prompter.note(`Docs: ${formatDocsLink("/whatsapp", "whatsapp")}`, "WhatsApp help");
-      }
-    } else if (!linked) {
-      await prompter.note(
-        `Run \`${formatCliCommand("openclaw channels login")}\` later to link WhatsApp.`,
-        "WhatsApp",
-      );
-    }
-
-    next = await promptWhatsAppAllowFrom(next, runtime, prompter, {
-      forceAllowlist: forceAllowFrom,
-    });
-
-    return { cfg: next, accountId };
-  },
-  onAccountRecorded: (accountId, options) => {
-    options?.onWhatsAppAccountId?.(accountId);
-  },
-};
+// Shim: re-exports from extensions/whatsapp/src/onboarding.ts
+export * from "../../../../extensions/whatsapp/src/onboarding.js";
diff --git a/src/channels/plugins/outbound/discord.ts b/src/channels/plugins/outbound/discord.ts
index b88f3cc09ef..5b2126b8fcc 100644
--- a/src/channels/plugins/outbound/discord.ts
+++ b/src/channels/plugins/outbound/discord.ts
@@ -1,147 +1,2 @@
-import type { OpenClawConfig } from "../../../config/config.js";
-import {
-  getThreadBindingManager,
-  type ThreadBindingRecord,
-} from "../../../discord/monitor/thread-bindings.js";
-import {
-  sendMessageDiscord,
-  sendPollDiscord,
-  sendWebhookMessageDiscord,
-} from "../../../discord/send.js";
-import type { OutboundIdentity } from "../../../infra/outbound/identity.js";
-import { normalizeDiscordOutboundTarget } from "../normalize/discord.js";
-import type { ChannelOutboundAdapter } from "../types.js";
-import { sendTextMediaPayload } from "./direct-text-media.js";
-
-function resolveDiscordOutboundTarget(params: {
-  to: string;
-  threadId?: string | number | null;
-}): string {
-  if (params.threadId == null) {
-    return params.to;
-  }
-  const threadId = String(params.threadId).trim();
-  if (!threadId) {
-    return params.to;
-  }
-  return `channel:${threadId}`;
-}
-
-function resolveDiscordWebhookIdentity(params: {
-  identity?: OutboundIdentity;
-  binding: ThreadBindingRecord;
-}): { username?: string; avatarUrl?: string } {
-  const usernameRaw = params.identity?.name?.trim();
-  const fallbackUsername = params.binding.label?.trim() || params.binding.agentId;
-  const username = (usernameRaw || fallbackUsername || "").slice(0, 80) || undefined;
-  const avatarUrl = params.identity?.avatarUrl?.trim() || undefined;
-  return { username, avatarUrl };
-}
-
-async function maybeSendDiscordWebhookText(params: {
-  cfg?: OpenClawConfig;
-  text: string;
-  threadId?: string | number | null;
-  accountId?: string | null;
-  identity?: OutboundIdentity;
-  replyToId?: string | null;
-}): Promise<{ messageId: string; channelId: string } | null> {
-  if (params.threadId == null) {
-    return null;
-  }
-  const threadId = String(params.threadId).trim();
-  if (!threadId) {
-    return null;
-  }
-  const manager = getThreadBindingManager(params.accountId ?? undefined);
-  if (!manager) {
-    return null;
-  }
-  const binding = manager.getByThreadId(threadId);
-  if (!binding?.webhookId || !binding?.webhookToken) {
-    return null;
-  }
-  const persona = resolveDiscordWebhookIdentity({
-    identity: params.identity,
-    binding,
-  });
-  const result = await sendWebhookMessageDiscord(params.text, {
-    webhookId: binding.webhookId,
-    webhookToken: binding.webhookToken,
-    accountId: binding.accountId,
-    threadId: binding.threadId,
-    cfg: params.cfg,
-    replyTo: params.replyToId ?? undefined,
-    username: persona.username,
-    avatarUrl: persona.avatarUrl,
-  });
-  return result;
-}
-
-export const discordOutbound: ChannelOutboundAdapter = {
-  deliveryMode: "direct",
-  chunker: null,
-  textChunkLimit: 2000,
-  pollMaxOptions: 10,
-  resolveTarget: ({ to }) => normalizeDiscordOutboundTarget(to),
-  sendPayload: async (ctx) =>
-    await sendTextMediaPayload({ channel: "discord", ctx, adapter: discordOutbound }),
-  sendText: async ({ cfg, to, text, accountId, deps, replyToId, threadId, identity, silent }) => {
-    if (!silent) {
-      const webhookResult = await maybeSendDiscordWebhookText({
-        cfg,
-        text,
-        threadId,
-        accountId,
-        identity,
-        replyToId,
-      }).catch(() => null);
-      if (webhookResult) {
-        return { channel: "discord", ...webhookResult };
-      }
-    }
-    const send = deps?.sendDiscord ?? sendMessageDiscord;
-    const target = resolveDiscordOutboundTarget({ to, threadId });
-    const result = await send(target, text, {
-      verbose: false,
-      replyTo: replyToId ?? undefined,
-      accountId: accountId ?? undefined,
-      silent: silent ?? undefined,
-      cfg,
-    });
-    return { channel: "discord", ...result };
-  },
-  sendMedia: async ({
-    cfg,
-    to,
-    text,
-    mediaUrl,
-    mediaLocalRoots,
-    accountId,
-    deps,
-    replyToId,
-    threadId,
-    silent,
-  }) => {
-    const send = deps?.sendDiscord ?? sendMessageDiscord;
-    const target = resolveDiscordOutboundTarget({ to, threadId });
-    const result = await send(target, text, {
-      verbose: false,
-      mediaUrl,
-      mediaLocalRoots,
-      replyTo: replyToId ?? undefined,
-      accountId: accountId ?? undefined,
-      silent: silent ?? undefined,
-      cfg,
-    });
-    return { channel: "discord", ...result };
-  },
-  sendPoll: async ({ cfg, to, poll, accountId, threadId, silent }) => {
-    const target = resolveDiscordOutboundTarget({ to, threadId });
-    return await sendPollDiscord(target, poll, {
-      accountId: accountId ?? undefined,
-      silent: silent ?? undefined,
-      cfg,
-    });
-  },
-};
+// Shim: re-exports from extension
+export * from "../../../../extensions/discord/src/outbound-adapter.js";
diff --git a/src/channels/plugins/outbound/imessage.test.ts b/src/channels/plugins/outbound/imessage.test.ts
index 7ebcc853793..b42b5a954c8 100644
--- a/src/channels/plugins/outbound/imessage.test.ts
+++ b/src/channels/plugins/outbound/imessage.test.ts
@@ -22,7 +22,7 @@ describe("imessageOutbound", () => {
       text: "hello",
       accountId: "default",
       replyToId: "msg-123",
-      deps: { sendIMessage },
+      deps: { imessage: sendIMessage },
     });
 
     expect(sendIMessage).toHaveBeenCalledWith(
@@ -50,7 +50,7 @@ describe("imessageOutbound", () => {
       mediaLocalRoots: ["/tmp"],
       accountId: "acct-1",
       replyToId: "msg-456",
-      deps: { sendIMessage },
+      deps: { imessage: sendIMessage },
     });
 
     expect(sendIMessage).toHaveBeenCalledWith(
diff --git a/src/channels/plugins/outbound/imessage.ts b/src/channels/plugins/outbound/imessage.ts
index 20c92754d28..b916c1e37df 100644
--- a/src/channels/plugins/outbound/imessage.ts
+++ b/src/channels/plugins/outbound/imessage.ts
@@ -1,12 +1,17 @@
-import { sendMessageIMessage } from "../../../imessage/send.js";
-import type { OutboundSendDeps } from "../../../infra/outbound/deliver.js";
+import { sendMessageIMessage } from "../../../../extensions/imessage/src/send.js";
+import {
+  resolveOutboundSendDep,
+  type OutboundSendDeps,
+} from "../../../infra/outbound/send-deps.js";
 import {
   createScopedChannelMediaMaxBytesResolver,
   createDirectTextMediaOutbound,
 } from "./direct-text-media.js";
 
 function resolveIMessageSender(deps: OutboundSendDeps | undefined) {
-  return deps?.sendIMessage ?? sendMessageIMessage;
+  return (
+    resolveOutboundSendDep<typeof sendMessageIMessage>(deps, "imessage") ?? sendMessageIMessage
+  );
 }
 
 export const imessageOutbound = createDirectTextMediaOutbound({
diff --git a/src/channels/plugins/outbound/signal.test.ts b/src/channels/plugins/outbound/signal.test.ts
index 6d1d0bd0606..9848c558965 100644
--- a/src/channels/plugins/outbound/signal.test.ts
+++ b/src/channels/plugins/outbound/signal.test.ts
@@ -26,7 +26,7 @@ describe("signalOutbound", () => {
       to: "+15555550123",
       text: "hello",
       accountId: "work",
-      deps: { sendSignal },
+      deps: { signal: sendSignal },
     });
 
     expect(sendSignal).toHaveBeenCalledWith(
@@ -52,7 +52,7 @@ describe("signalOutbound", () => {
       mediaUrl: "https://example.com/file.jpg",
       mediaLocalRoots: ["/tmp/media"],
       accountId: "default",
-      deps: { sendSignal },
+      deps: { signal: sendSignal },
     });
 
     expect(sendSignal).toHaveBeenCalledWith(
diff --git a/src/channels/plugins/outbound/signal.ts b/src/channels/plugins/outbound/signal.ts
index 0ebf8e57670..028192a3f54 100644
--- a/src/channels/plugins/outbound/signal.ts
+++ b/src/channels/plugins/outbound/signal.ts
@@ -1,12 +1,15 @@
-import type { OutboundSendDeps } from "../../../infra/outbound/deliver.js";
-import { sendMessageSignal } from "../../../signal/send.js";
+import { sendMessageSignal } from "../../../../extensions/signal/src/send.js";
+import {
+  resolveOutboundSendDep,
+  type OutboundSendDeps,
+} from "../../../infra/outbound/send-deps.js";
 import {
   createScopedChannelMediaMaxBytesResolver,
   createDirectTextMediaOutbound,
 } from "./direct-text-media.js";
 
 function resolveSignalSender(deps: OutboundSendDeps | undefined) {
-  return deps?.sendSignal ?? sendMessageSignal;
+  return resolveOutboundSendDep<typeof sendMessageSignal>(deps, "signal") ?? sendMessageSignal;
 }
 
 export const signalOutbound = createDirectTextMediaOutbound({
diff --git a/src/channels/plugins/outbound/slack.test.ts b/src/channels/plugins/outbound/slack.test.ts
index 18635f0e4a2..9b5c1843ce2 100644
--- a/src/channels/plugins/outbound/slack.test.ts
+++ b/src/channels/plugins/outbound/slack.test.ts
@@ -1,7 +1,7 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import type { OpenClawConfig } from "../../../config/config.js";
 
-vi.mock("../../../slack/send.js", () => ({
+vi.mock("../../../../extensions/slack/src/send.js", () => ({
   sendMessageSlack: vi.fn().mockResolvedValue({ messageId: "1234.5678", channelId: "C123" }),
 }));
 
@@ -9,8 +9,8 @@ vi.mock("../../../plugins/hook-runner-global.js", () => ({
   getGlobalHookRunner: vi.fn(),
 }));
 
+import { sendMessageSlack } from "../../../../extensions/slack/src/send.js";
 import { getGlobalHookRunner } from "../../../plugins/hook-runner-global.js";
-import { sendMessageSlack } from "../../../slack/send.js";
 import { slackOutbound } from "./slack.js";
 
 type SlackSendTextCtx = {
diff --git a/src/channels/plugins/outbound/slack.ts b/src/channels/plugins/outbound/slack.ts
index 96ff7b1b0cb..923317c7d58 100644
--- a/src/channels/plugins/outbound/slack.ts
+++ b/src/channels/plugins/outbound/slack.ts
@@ -1,7 +1,8 @@
+import { parseSlackBlocksInput } from "../../../../extensions/slack/src/blocks-input.js";
+import { sendMessageSlack, type SlackSendIdentity } from "../../../../extensions/slack/src/send.js";
 import type { OutboundIdentity } from "../../../infra/outbound/identity.js";
+import { resolveOutboundSendDep } from "../../../infra/outbound/send-deps.js";
 import { getGlobalHookRunner } from "../../../plugins/hook-runner-global.js";
-import { parseSlackBlocksInput } from "../../../slack/blocks-input.js";
-import { sendMessageSlack, type SlackSendIdentity } from "../../../slack/send.js";
 import type { ChannelOutboundAdapter } from "../types.js";
 import { sendTextMediaPayload } from "./direct-text-media.js";
 
@@ -56,12 +57,13 @@ async function sendSlackOutboundMessage(params: {
   mediaLocalRoots?: readonly string[];
   blocks?: NonNullable<Parameters<typeof sendMessageSlack>[2]>["blocks"];
   accountId?: string | null;
-  deps?: { sendSlack?: typeof sendMessageSlack } | null;
+  deps?: { [channelId: string]: unknown } | null;
   replyToId?: string | null;
   threadId?: string | number | null;
   identity?: OutboundIdentity;
 }) {
-  const send = params.deps?.sendSlack ?? sendMessageSlack;
+  const send =
+    resolveOutboundSendDep<typeof sendMessageSlack>(params.deps, "slack") ?? sendMessageSlack;
   // Use threadId fallback so routed tool notifications stay in the Slack thread.
   const threadTs =
     params.replyToId ?? (params.threadId != null ? String(params.threadId) : undefined);
diff --git a/src/channels/plugins/outbound/telegram.test.ts b/src/channels/plugins/outbound/telegram.test.ts
deleted file mode 100644
index df81947fa5d..00000000000
--- a/src/channels/plugins/outbound/telegram.test.ts
+++ /dev/null
@@ -1,142 +0,0 @@
-import { describe, expect, it, vi } from "vitest";
-import type { ReplyPayload } from "../../../auto-reply/types.js";
-import { telegramOutbound } from "./telegram.js";
-
-describe("telegramOutbound", () => {
-  it("passes parsed reply/thread ids for sendText", async () => {
-    const sendTelegram = vi.fn().mockResolvedValue({ messageId: "tg-text-1", chatId: "123" });
-    const sendText = telegramOutbound.sendText;
-    expect(sendText).toBeDefined();
-
-    const result = await sendText!({
-      cfg: {},
-      to: "123",
-      text: "<b>hello</b>",
-      accountId: "work",
-      replyToId: "44",
-      threadId: "55",
-      deps: { sendTelegram },
-    });
-
-    expect(sendTelegram).toHaveBeenCalledWith(
-      "123",
-      "<b>hello</b>",
-      expect.objectContaining({
-        textMode: "html",
-        verbose: false,
-        accountId: "work",
-        replyToMessageId: 44,
-        messageThreadId: 55,
-      }),
-    );
-    expect(result).toEqual({ channel: "telegram", messageId: "tg-text-1", chatId: "123" });
-  });
-
-  it("parses scoped DM thread ids for sendText", async () => {
-    const sendTelegram = vi.fn().mockResolvedValue({ messageId: "tg-text-2", chatId: "12345" });
-    const sendText = telegramOutbound.sendText;
-    expect(sendText).toBeDefined();
-
-    await sendText!({
-      cfg: {},
-      to: "12345",
-      text: "<b>hello</b>",
-      accountId: "work",
-      threadId: "12345:99",
-      deps: { sendTelegram },
-    });
-
-    expect(sendTelegram).toHaveBeenCalledWith(
-      "12345",
-      "<b>hello</b>",
-      expect.objectContaining({
-        textMode: "html",
-        verbose: false,
-        accountId: "work",
-        messageThreadId: 99,
-      }),
-    );
-  });
-
-  it("passes media options for sendMedia", async () => {
-    const sendTelegram = vi.fn().mockResolvedValue({ messageId: "tg-media-1", chatId: "123" });
-    const sendMedia = telegramOutbound.sendMedia;
-    expect(sendMedia).toBeDefined();
-
-    const result = await sendMedia!({
-      cfg: {},
-      to: "123",
-      text: "caption",
-      mediaUrl: "https://example.com/a.jpg",
-      mediaLocalRoots: ["/tmp/media"],
-      accountId: "default",
-      deps: { sendTelegram },
-    });
-
-    expect(sendTelegram).toHaveBeenCalledWith(
-      "123",
-      "caption",
-      expect.objectContaining({
-        textMode: "html",
-        verbose: false,
-        mediaUrl: "https://example.com/a.jpg",
-        mediaLocalRoots: ["/tmp/media"],
-      }),
-    );
-    expect(result).toEqual({ channel: "telegram", messageId: "tg-media-1", chatId: "123" });
-  });
-
-  it("sends payload media list and applies buttons only to first message", async () => {
-    const sendTelegram = vi
-      .fn()
-      .mockResolvedValueOnce({ messageId: "tg-1", chatId: "123" })
-      .mockResolvedValueOnce({ messageId: "tg-2", chatId: "123" });
-    const sendPayload = telegramOutbound.sendPayload;
-    expect(sendPayload).toBeDefined();
-
-    const payload: ReplyPayload = {
-      text: "caption",
-      mediaUrls: ["https://example.com/1.jpg", "https://example.com/2.jpg"],
-      channelData: {
-        telegram: {
-          quoteText: "quoted",
-          buttons: [[{ text: "Approve", callback_data: "ok" }]],
-        },
-      },
-    };
-
-    const result = await sendPayload!({
-      cfg: {},
-      to: "123",
-      text: "",
-      payload,
-      mediaLocalRoots: ["/tmp/media"],
-      accountId: "default",
-      deps: { sendTelegram },
-    });
-
-    expect(sendTelegram).toHaveBeenCalledTimes(2);
-    expect(sendTelegram).toHaveBeenNthCalledWith(
-      1,
-      "123",
-      "caption",
-      expect.objectContaining({
-        mediaUrl: "https://example.com/1.jpg",
-        quoteText: "quoted",
-        buttons: [[{ text: "Approve", callback_data: "ok" }]],
-      }),
-    );
-    expect(sendTelegram).toHaveBeenNthCalledWith(
-      2,
-      "123",
-      "",
-      expect.objectContaining({
-        mediaUrl: "https://example.com/2.jpg",
-        quoteText: "quoted",
-      }),
-    );
-    const secondCallOpts = sendTelegram.mock.calls[1]?.[2] as Record<string, unknown>;
-    expect(secondCallOpts?.buttons).toBeUndefined();
-    expect(result).toEqual({ channel: "telegram", messageId: "tg-2", chatId: "123" });
-  });
-});
diff --git a/src/channels/plugins/outbound/telegram.ts b/src/channels/plugins/outbound/telegram.ts
index c96a44a7047..685ddb6ef31 100644
--- a/src/channels/plugins/outbound/telegram.ts
+++ b/src/channels/plugins/outbound/telegram.ts
@@ -1,157 +1 @@
-import type { ReplyPayload } from "../../../auto-reply/types.js";
-import type { OutboundSendDeps } from "../../../infra/outbound/deliver.js";
-import type { TelegramInlineButtons } from "../../../telegram/button-types.js";
-import { markdownToTelegramHtmlChunks } from "../../../telegram/format.js";
-import {
-  parseTelegramReplyToMessageId,
-  parseTelegramThreadId,
-} from "../../../telegram/outbound-params.js";
-import { sendMessageTelegram } from "../../../telegram/send.js";
-import type { ChannelOutboundAdapter } from "../types.js";
-import { resolvePayloadMediaUrls, sendPayloadMediaSequence } from "./direct-text-media.js";
-
-type TelegramSendFn = typeof sendMessageTelegram;
-type TelegramSendOpts = Parameters<TelegramSendFn>[2];
-
-function resolveTelegramSendContext(params: {
-  cfg: NonNullable<TelegramSendOpts>["cfg"];
-  deps?: OutboundSendDeps;
-  accountId?: string | null;
-  replyToId?: string | null;
-  threadId?: string | number | null;
-}): {
-  send: TelegramSendFn;
-  baseOpts: {
-    cfg: NonNullable<TelegramSendOpts>["cfg"];
-    verbose: false;
-    textMode: "html";
-    messageThreadId?: number;
-    replyToMessageId?: number;
-    accountId?: string;
-  };
-} {
-  const send = params.deps?.sendTelegram ?? sendMessageTelegram;
-  return {
-    send,
-    baseOpts: {
-      verbose: false,
-      textMode: "html",
-      cfg: params.cfg,
-      messageThreadId: parseTelegramThreadId(params.threadId),
-      replyToMessageId: parseTelegramReplyToMessageId(params.replyToId),
-      accountId: params.accountId ?? undefined,
-    },
-  };
-}
-
-export async function sendTelegramPayloadMessages(params: {
-  send: TelegramSendFn;
-  to: string;
-  payload: ReplyPayload;
-  baseOpts: Omit<NonNullable<TelegramSendOpts>, "buttons" | "mediaUrl" | "quoteText">;
-}): Promise<Awaited<ReturnType<TelegramSendFn>>> {
-  const telegramData = params.payload.channelData?.telegram as
-    | { buttons?: TelegramInlineButtons; quoteText?: string }
-    | undefined;
-  const quoteText =
-    typeof telegramData?.quoteText === "string" ? telegramData.quoteText : undefined;
-  const text = params.payload.text ?? "";
-  const mediaUrls = resolvePayloadMediaUrls(params.payload);
-  const payloadOpts = {
-    ...params.baseOpts,
-    quoteText,
-  };
-
-  if (mediaUrls.length === 0) {
-    return await params.send(params.to, text, {
-      ...payloadOpts,
-      buttons: telegramData?.buttons,
-    });
-  }
-
-  // Telegram allows reply_markup on media; attach buttons only to the first send.
-  const finalResult = await sendPayloadMediaSequence({
-    text,
-    mediaUrls,
-    send: async ({ text, mediaUrl, isFirst }) =>
-      await params.send(params.to, text, {
-        ...payloadOpts,
-        mediaUrl,
-        ...(isFirst ? { buttons: telegramData?.buttons } : {}),
-      }),
-  });
-  return finalResult ?? { messageId: "unknown", chatId: params.to };
-}
-
-export const telegramOutbound: ChannelOutboundAdapter = {
-  deliveryMode: "direct",
-  chunker: markdownToTelegramHtmlChunks,
-  chunkerMode: "markdown",
-  textChunkLimit: 4000,
-  sendText: async ({ cfg, to, text, accountId, deps, replyToId, threadId }) => {
-    const { send, baseOpts } = resolveTelegramSendContext({
-      cfg,
-      deps,
-      accountId,
-      replyToId,
-      threadId,
-    });
-    const result = await send(to, text, {
-      ...baseOpts,
-    });
-    return { channel: "telegram", ...result };
-  },
-  sendMedia: async ({
-    cfg,
-    to,
-    text,
-    mediaUrl,
-    mediaLocalRoots,
-    accountId,
-    deps,
-    replyToId,
-    threadId,
-  }) => {
-    const { send, baseOpts } = resolveTelegramSendContext({
-      cfg,
-      deps,
-      accountId,
-      replyToId,
-      threadId,
-    });
-    const result = await send(to, text, {
-      ...baseOpts,
-      mediaUrl,
-      mediaLocalRoots,
-    });
-    return { channel: "telegram", ...result };
-  },
-  sendPayload: async ({
-    cfg,
-    to,
-    payload,
-    mediaLocalRoots,
-    accountId,
-    deps,
-    replyToId,
-    threadId,
-  }) => {
-    const { send, baseOpts } = resolveTelegramSendContext({
-      cfg,
-      deps,
-      accountId,
-      replyToId,
-      threadId,
-    });
-    const result = await sendTelegramPayloadMessages({
-      send,
-      to,
-      payload,
-      baseOpts: {
-        ...baseOpts,
-        mediaLocalRoots,
-      },
-    });
-    return { channel: "telegram", ...result };
-  },
-};
+export * from "../../../../extensions/telegram/src/outbound-adapter.js";
diff --git a/src/channels/plugins/outbound/whatsapp.ts b/src/channels/plugins/outbound/whatsapp.ts
index 58004676e6e..112ff4ccf91 100644
--- a/src/channels/plugins/outbound/whatsapp.ts
+++ b/src/channels/plugins/outbound/whatsapp.ts
@@ -1,73 +1,2 @@
-import { chunkText } from "../../../auto-reply/chunk.js";
-import { shouldLogVerbose } from "../../../globals.js";
-import { sendPollWhatsApp } from "../../../web/outbound.js";
-import { resolveWhatsAppOutboundTarget } from "../../../whatsapp/resolve-outbound-target.js";
-import type { ChannelOutboundAdapter } from "../types.js";
-import { sendTextMediaPayload } from "./direct-text-media.js";
-
-function trimLeadingWhitespace(text: string | undefined): string {
-  return text?.trimStart() ?? "";
-}
-
-export const whatsappOutbound: ChannelOutboundAdapter = {
-  deliveryMode: "gateway",
-  chunker: chunkText,
-  chunkerMode: "text",
-  textChunkLimit: 4000,
-  pollMaxOptions: 12,
-  resolveTarget: ({ to, allowFrom, mode }) =>
-    resolveWhatsAppOutboundTarget({ to, allowFrom, mode }),
-  sendPayload: async (ctx) => {
-    const text = trimLeadingWhitespace(ctx.payload.text);
-    const hasMedia = Boolean(ctx.payload.mediaUrl) || (ctx.payload.mediaUrls?.length ?? 0) > 0;
-    if (!text && !hasMedia) {
-      return { channel: "whatsapp", messageId: "" };
-    }
-    return await sendTextMediaPayload({
-      channel: "whatsapp",
-      ctx: {
-        ...ctx,
-        payload: {
-          ...ctx.payload,
-          text,
-        },
-      },
-      adapter: whatsappOutbound,
-    });
-  },
-  sendText: async ({ cfg, to, text, accountId, deps, gifPlayback }) => {
-    const normalizedText = trimLeadingWhitespace(text);
-    if (!normalizedText) {
-      return { channel: "whatsapp", messageId: "" };
-    }
-    const send =
-      deps?.sendWhatsApp ?? (await import("../../../web/outbound.js")).sendMessageWhatsApp;
-    const result = await send(to, normalizedText, {
-      verbose: false,
-      cfg,
-      accountId: accountId ?? undefined,
-      gifPlayback,
-    });
-    return { channel: "whatsapp", ...result };
-  },
-  sendMedia: async ({ cfg, to, text, mediaUrl, mediaLocalRoots, accountId, deps, gifPlayback }) => {
-    const normalizedText = trimLeadingWhitespace(text);
-    const send =
-      deps?.sendWhatsApp ?? (await import("../../../web/outbound.js")).sendMessageWhatsApp;
-    const result = await send(to, normalizedText, {
-      verbose: false,
-      cfg,
-      mediaUrl,
-      mediaLocalRoots,
-      accountId: accountId ?? undefined,
-      gifPlayback,
-    });
-    return { channel: "whatsapp", ...result };
-  },
-  sendPoll: async ({ cfg, to, poll, accountId }) =>
-    await sendPollWhatsApp(to, poll, {
-      verbose: shouldLogVerbose(),
-      accountId: accountId ?? undefined,
-      cfg,
-    }),
-};
+// Shim: re-exports from extensions/whatsapp/src/outbound-adapter.ts
+export * from "../../../../extensions/whatsapp/src/outbound-adapter.js";
diff --git a/src/channels/plugins/plugins-channel.test.ts b/src/channels/plugins/plugins-channel.test.ts
index e6f0e800a03..37fea7e032d 100644
--- a/src/channels/plugins/plugins-channel.test.ts
+++ b/src/channels/plugins/plugins-channel.test.ts
@@ -87,7 +87,7 @@ describe("telegramOutbound.sendPayload", () => {
           },
         },
       },
-      deps: { sendTelegram },
+      deps: { telegram: sendTelegram },
     });
 
     expect(sendTelegram).toHaveBeenCalledTimes(1);
@@ -121,7 +121,7 @@ describe("telegramOutbound.sendPayload", () => {
           },
         },
       },
-      deps: { sendTelegram },
+      deps: { telegram: sendTelegram },
     });
 
     expect(sendTelegram).toHaveBeenCalledTimes(2);
diff --git a/src/channels/plugins/plugins-core.test.ts b/src/channels/plugins/plugins-core.test.ts
index 9ccbaac8946..8297a6b7519 100644
--- a/src/channels/plugins/plugins-core.test.ts
+++ b/src/channels/plugins/plugins-core.test.ts
@@ -2,16 +2,16 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { afterEach, beforeEach, describe, expect, expectTypeOf, it } from "vitest";
+import type { DiscordProbe } from "../../../extensions/discord/src/probe.js";
+import type { DiscordTokenResolution } from "../../../extensions/discord/src/token.js";
+import type { IMessageProbe } from "../../../extensions/imessage/src/probe.js";
+import type { SignalProbe } from "../../../extensions/signal/src/probe.js";
+import type { SlackProbe } from "../../../extensions/slack/src/probe.js";
+import type { TelegramProbe } from "../../../extensions/telegram/src/probe.js";
+import type { TelegramTokenResolution } from "../../../extensions/telegram/src/token.js";
 import type { OpenClawConfig } from "../../config/config.js";
-import type { DiscordProbe } from "../../discord/probe.js";
-import type { DiscordTokenResolution } from "../../discord/token.js";
-import type { IMessageProbe } from "../../imessage/probe.js";
 import type { LineProbeResult } from "../../line/types.js";
 import { setActivePluginRegistry } from "../../plugins/runtime.js";
-import type { SignalProbe } from "../../signal/probe.js";
-import type { SlackProbe } from "../../slack/probe.js";
-import type { TelegramProbe } from "../../telegram/probe.js";
-import type { TelegramTokenResolution } from "../../telegram/token.js";
 import {
   createChannelTestPluginBase,
   createMSTeamsTestPluginBase,
@@ -410,33 +410,43 @@ describe("resolveChannelConfigWrites", () => {
 });
 
 describe("authorizeConfigWrite", () => {
-  it("blocks when a target account disables writes", () => {
-    const cfg = makeSlackConfigWritesCfg("work");
+  function expectConfigWriteBlocked(params: {
+    disabledAccountId: string;
+    reason: "target-disabled" | "origin-disabled";
+    blockedScope: "target" | "origin";
+  }) {
     expect(
       authorizeConfigWrite({
-        cfg,
+        cfg: makeSlackConfigWritesCfg(params.disabledAccountId),
         origin: { channelId: "slack", accountId: "default" },
         target: resolveExplicitConfigWriteTarget({ channelId: "slack", accountId: "work" }),
       }),
     ).toEqual({
       allowed: false,
+      reason: params.reason,
+      blockedScope: {
+        kind: params.blockedScope,
+        scope: {
+          channelId: "slack",
+          accountId: params.blockedScope === "target" ? "work" : "default",
+        },
+      },
+    });
+  }
+
+  it("blocks when a target account disables writes", () => {
+    expectConfigWriteBlocked({
+      disabledAccountId: "work",
       reason: "target-disabled",
-      blockedScope: { kind: "target", scope: { channelId: "slack", accountId: "work" } },
+      blockedScope: "target",
     });
   });
 
   it("blocks when the origin account disables writes", () => {
-    const cfg = makeSlackConfigWritesCfg("default");
-    expect(
-      authorizeConfigWrite({
-        cfg,
-        origin: { channelId: "slack", accountId: "default" },
-        target: resolveExplicitConfigWriteTarget({ channelId: "slack", accountId: "work" }),
-      }),
-    ).toEqual({
-      allowed: false,
+    expectConfigWriteBlocked({
+      disabledAccountId: "default",
       reason: "origin-disabled",
-      blockedScope: { kind: "origin", scope: { channelId: "slack", accountId: "default" } },
+      blockedScope: "origin",
     });
   });
 
diff --git a/src/channels/plugins/slack.actions.ts b/src/channels/plugins/slack.actions.ts
index e30e57c9d05..1e9f907d498 100644
--- a/src/channels/plugins/slack.actions.ts
+++ b/src/channels/plugins/slack.actions.ts
@@ -1,7 +1,10 @@
+import {
+  extractSlackToolSend,
+  listSlackMessageActions,
+} from "../../../extensions/slack/src/message-actions.js";
+import { resolveSlackChannelId } from "../../../extensions/slack/src/targets.js";
 import { handleSlackAction, type SlackActionContext } from "../../agents/tools/slack-actions.js";
 import { handleSlackMessageAction } from "../../plugin-sdk/slack-message-actions.js";
-import { extractSlackToolSend, listSlackMessageActions } from "../../slack/message-actions.js";
-import { resolveSlackChannelId } from "../../slack/targets.js";
 import type { ChannelMessageActionAdapter } from "./types.js";
 
 export function createSlackActions(providerId: string): ChannelMessageActionAdapter {
diff --git a/src/channels/plugins/status-issues/discord.ts b/src/channels/plugins/status-issues/discord.ts
index f3e8765093f..f42578df1e9 100644
--- a/src/channels/plugins/status-issues/discord.ts
+++ b/src/channels/plugins/status-issues/discord.ts
@@ -1,166 +1,2 @@
-import type { ChannelAccountSnapshot, ChannelStatusIssue } from "../types.js";
-import {
-  appendMatchMetadata,
-  asString,
-  isRecord,
-  resolveEnabledConfiguredAccountId,
-} from "./shared.js";
-
-type DiscordIntentSummary = {
-  messageContent?: "enabled" | "limited" | "disabled";
-};
-
-type DiscordApplicationSummary = {
-  intents?: DiscordIntentSummary;
-};
-
-type DiscordAccountStatus = {
-  accountId?: unknown;
-  enabled?: unknown;
-  configured?: unknown;
-  application?: unknown;
-  audit?: unknown;
-};
-
-type DiscordPermissionsAuditSummary = {
-  unresolvedChannels?: number;
-  channels?: Array<{
-    channelId: string;
-    ok?: boolean;
-    missing?: string[];
-    error?: string | null;
-    matchKey?: string;
-    matchSource?: string;
-  }>;
-};
-
-function readDiscordAccountStatus(value: ChannelAccountSnapshot): DiscordAccountStatus | null {
-  if (!isRecord(value)) {
-    return null;
-  }
-  return {
-    accountId: value.accountId,
-    enabled: value.enabled,
-    configured: value.configured,
-    application: value.application,
-    audit: value.audit,
-  };
-}
-
-function readDiscordApplicationSummary(value: unknown): DiscordApplicationSummary {
-  if (!isRecord(value)) {
-    return {};
-  }
-  const intentsRaw = value.intents;
-  if (!isRecord(intentsRaw)) {
-    return {};
-  }
-  return {
-    intents: {
-      messageContent:
-        intentsRaw.messageContent === "enabled" ||
-        intentsRaw.messageContent === "limited" ||
-        intentsRaw.messageContent === "disabled"
-          ? intentsRaw.messageContent
-          : undefined,
-    },
-  };
-}
-
-function readDiscordPermissionsAuditSummary(value: unknown): DiscordPermissionsAuditSummary {
-  if (!isRecord(value)) {
-    return {};
-  }
-  const unresolvedChannels =
-    typeof value.unresolvedChannels === "number" && Number.isFinite(value.unresolvedChannels)
-      ? value.unresolvedChannels
-      : undefined;
-  const channelsRaw = value.channels;
-  const channels = Array.isArray(channelsRaw)
-    ? (channelsRaw
-        .map((entry) => {
-          if (!isRecord(entry)) {
-            return null;
-          }
-          const channelId = asString(entry.channelId);
-          if (!channelId) {
-            return null;
-          }
-          const ok = typeof entry.ok === "boolean" ? entry.ok : undefined;
-          const missing = Array.isArray(entry.missing)
-            ? entry.missing.map((v) => asString(v)).filter(Boolean)
-            : undefined;
-          const error = asString(entry.error) ?? null;
-          const matchKey = asString(entry.matchKey) ?? undefined;
-          const matchSource = asString(entry.matchSource) ?? undefined;
-          return {
-            channelId,
-            ok,
-            missing: missing?.length ? missing : undefined,
-            error,
-            matchKey,
-            matchSource,
-          };
-        })
-        .filter(Boolean) as DiscordPermissionsAuditSummary["channels"])
-    : undefined;
-  return { unresolvedChannels, channels };
-}
-
-export function collectDiscordStatusIssues(
-  accounts: ChannelAccountSnapshot[],
-): ChannelStatusIssue[] {
-  const issues: ChannelStatusIssue[] = [];
-  for (const entry of accounts) {
-    const account = readDiscordAccountStatus(entry);
-    if (!account) {
-      continue;
-    }
-    const accountId = resolveEnabledConfiguredAccountId(account);
-    if (!accountId) {
-      continue;
-    }
-
-    const app = readDiscordApplicationSummary(account.application);
-    const messageContent = app.intents?.messageContent;
-    if (messageContent === "disabled") {
-      issues.push({
-        channel: "discord",
-        accountId,
-        kind: "intent",
-        message: "Message Content Intent is disabled. Bot may not see normal channel messages.",
-        fix: "Enable Message Content Intent in Discord Dev Portal → Bot → Privileged Gateway Intents, or require mention-only operation.",
-      });
-    }
-
-    const audit = readDiscordPermissionsAuditSummary(account.audit);
-    if (audit.unresolvedChannels && audit.unresolvedChannels > 0) {
-      issues.push({
-        channel: "discord",
-        accountId,
-        kind: "config",
-        message: `Some configured guild channels are not numeric IDs (unresolvedChannels=${audit.unresolvedChannels}). Permission audit can only check numeric channel IDs.`,
-        fix: "Use numeric channel IDs as keys in channels.discord.guilds.*.channels (then rerun channels status --probe).",
-      });
-    }
-    for (const channel of audit.channels ?? []) {
-      if (channel.ok === true) {
-        continue;
-      }
-      const missing = channel.missing?.length ? ` missing ${channel.missing.join(", ")}` : "";
-      const error = channel.error ? `: ${channel.error}` : "";
-      const baseMessage = `Channel ${channel.channelId} permission check failed.${missing}${error}`;
-      issues.push({
-        channel: "discord",
-        accountId,
-        kind: "permissions",
-        message: appendMatchMetadata(baseMessage, {
-          matchKey: channel.matchKey,
-          matchSource: channel.matchSource,
-        }),
-        fix: "Ensure the bot role can view + send in this channel (and that channel overrides don't deny it).",
-      });
-    }
-  }
-  return issues;
-}
+// Shim: re-exports from extension
+export * from "../../../../extensions/discord/src/status-issues.js";
diff --git a/src/channels/plugins/status-issues/telegram.ts b/src/channels/plugins/status-issues/telegram.ts
index 97998eb4da4..26425a07ae4 100644
--- a/src/channels/plugins/status-issues/telegram.ts
+++ b/src/channels/plugins/status-issues/telegram.ts
@@ -1,145 +1 @@
-import type { ChannelAccountSnapshot, ChannelStatusIssue } from "../types.js";
-import {
-  appendMatchMetadata,
-  asString,
-  isRecord,
-  resolveEnabledConfiguredAccountId,
-} from "./shared.js";
-
-type TelegramAccountStatus = {
-  accountId?: unknown;
-  enabled?: unknown;
-  configured?: unknown;
-  allowUnmentionedGroups?: unknown;
-  audit?: unknown;
-};
-
-type TelegramGroupMembershipAuditSummary = {
-  unresolvedGroups?: number;
-  hasWildcardUnmentionedGroups?: boolean;
-  groups?: Array<{
-    chatId: string;
-    ok?: boolean;
-    status?: string | null;
-    error?: string | null;
-    matchKey?: string;
-    matchSource?: string;
-  }>;
-};
-
-function readTelegramAccountStatus(value: ChannelAccountSnapshot): TelegramAccountStatus | null {
-  if (!isRecord(value)) {
-    return null;
-  }
-  return {
-    accountId: value.accountId,
-    enabled: value.enabled,
-    configured: value.configured,
-    allowUnmentionedGroups: value.allowUnmentionedGroups,
-    audit: value.audit,
-  };
-}
-
-function readTelegramGroupMembershipAuditSummary(
-  value: unknown,
-): TelegramGroupMembershipAuditSummary {
-  if (!isRecord(value)) {
-    return {};
-  }
-  const unresolvedGroups =
-    typeof value.unresolvedGroups === "number" && Number.isFinite(value.unresolvedGroups)
-      ? value.unresolvedGroups
-      : undefined;
-  const hasWildcardUnmentionedGroups =
-    typeof value.hasWildcardUnmentionedGroups === "boolean"
-      ? value.hasWildcardUnmentionedGroups
-      : undefined;
-  const groupsRaw = value.groups;
-  const groups = Array.isArray(groupsRaw)
-    ? (groupsRaw
-        .map((entry) => {
-          if (!isRecord(entry)) {
-            return null;
-          }
-          const chatId = asString(entry.chatId);
-          if (!chatId) {
-            return null;
-          }
-          const ok = typeof entry.ok === "boolean" ? entry.ok : undefined;
-          const status = asString(entry.status) ?? null;
-          const error = asString(entry.error) ?? null;
-          const matchKey = asString(entry.matchKey) ?? undefined;
-          const matchSource = asString(entry.matchSource) ?? undefined;
-          return { chatId, ok, status, error, matchKey, matchSource };
-        })
-        .filter(Boolean) as TelegramGroupMembershipAuditSummary["groups"])
-    : undefined;
-  return { unresolvedGroups, hasWildcardUnmentionedGroups, groups };
-}
-
-export function collectTelegramStatusIssues(
-  accounts: ChannelAccountSnapshot[],
-): ChannelStatusIssue[] {
-  const issues: ChannelStatusIssue[] = [];
-  for (const entry of accounts) {
-    const account = readTelegramAccountStatus(entry);
-    if (!account) {
-      continue;
-    }
-    const accountId = resolveEnabledConfiguredAccountId(account);
-    if (!accountId) {
-      continue;
-    }
-
-    if (account.allowUnmentionedGroups === true) {
-      issues.push({
-        channel: "telegram",
-        accountId,
-        kind: "config",
-        message:
-          "Config allows unmentioned group messages (requireMention=false). Telegram Bot API privacy mode will block most group messages unless disabled.",
-        fix: "In BotFather run /setprivacy → Disable for this bot (then restart the gateway).",
-      });
-    }
-
-    const audit = readTelegramGroupMembershipAuditSummary(account.audit);
-    if (audit.hasWildcardUnmentionedGroups === true) {
-      issues.push({
-        channel: "telegram",
-        accountId,
-        kind: "config",
-        message:
-          'Telegram groups config uses "*" with requireMention=false; membership probing is not possible without explicit group IDs.',
-        fix: "Add explicit numeric group ids under channels.telegram.groups (or per-account groups) to enable probing.",
-      });
-    }
-    if (audit.unresolvedGroups && audit.unresolvedGroups > 0) {
-      issues.push({
-        channel: "telegram",
-        accountId,
-        kind: "config",
-        message: `Some configured Telegram groups are not numeric IDs (unresolvedGroups=${audit.unresolvedGroups}). Membership probe can only check numeric group IDs.`,
-        fix: "Use numeric chat IDs (e.g. -100...) as keys in channels.telegram.groups for requireMention=false groups.",
-      });
-    }
-    for (const group of audit.groups ?? []) {
-      if (group.ok === true) {
-        continue;
-      }
-      const status = group.status ? ` status=${group.status}` : "";
-      const err = group.error ? `: ${group.error}` : "";
-      const baseMessage = `Group ${group.chatId} not reachable by bot.${status}${err}`;
-      issues.push({
-        channel: "telegram",
-        accountId,
-        kind: "runtime",
-        message: appendMatchMetadata(baseMessage, {
-          matchKey: group.matchKey,
-          matchSource: group.matchSource,
-        }),
-        fix: "Invite the bot to the group, then DM the bot once (/start) and restart the gateway.",
-      });
-    }
-  }
-  return issues;
-}
+export * from "../../../../extensions/telegram/src/status-issues.js";
diff --git a/src/channels/plugins/status-issues/whatsapp.ts b/src/channels/plugins/status-issues/whatsapp.ts
index 4e1c7c7b0bf..45be4231ed2 100644
--- a/src/channels/plugins/status-issues/whatsapp.ts
+++ b/src/channels/plugins/status-issues/whatsapp.ts
@@ -1,66 +1,2 @@
-import { formatCliCommand } from "../../../cli/command-format.js";
-import type { ChannelAccountSnapshot, ChannelStatusIssue } from "../types.js";
-import { asString, collectIssuesForEnabledAccounts, isRecord } from "./shared.js";
-
-type WhatsAppAccountStatus = {
-  accountId?: unknown;
-  enabled?: unknown;
-  linked?: unknown;
-  connected?: unknown;
-  running?: unknown;
-  reconnectAttempts?: unknown;
-  lastError?: unknown;
-};
-
-function readWhatsAppAccountStatus(value: ChannelAccountSnapshot): WhatsAppAccountStatus | null {
-  if (!isRecord(value)) {
-    return null;
-  }
-  return {
-    accountId: value.accountId,
-    enabled: value.enabled,
-    linked: value.linked,
-    connected: value.connected,
-    running: value.running,
-    reconnectAttempts: value.reconnectAttempts,
-    lastError: value.lastError,
-  };
-}
-
-export function collectWhatsAppStatusIssues(
-  accounts: ChannelAccountSnapshot[],
-): ChannelStatusIssue[] {
-  return collectIssuesForEnabledAccounts({
-    accounts,
-    readAccount: readWhatsAppAccountStatus,
-    collectIssues: ({ account, accountId, issues }) => {
-      const linked = account.linked === true;
-      const running = account.running === true;
-      const connected = account.connected === true;
-      const reconnectAttempts =
-        typeof account.reconnectAttempts === "number" ? account.reconnectAttempts : null;
-      const lastError = asString(account.lastError);
-
-      if (!linked) {
-        issues.push({
-          channel: "whatsapp",
-          accountId,
-          kind: "auth",
-          message: "Not linked (no WhatsApp Web session).",
-          fix: `Run: ${formatCliCommand("openclaw channels login")} (scan QR on the gateway host).`,
-        });
-        return;
-      }
-
-      if (running && !connected) {
-        issues.push({
-          channel: "whatsapp",
-          accountId,
-          kind: "runtime",
-          message: `Linked but disconnected${reconnectAttempts != null ? ` (reconnectAttempts=${reconnectAttempts})` : ""}${lastError ? `: ${lastError}` : "."}`,
-          fix: `Run: ${formatCliCommand("openclaw doctor")} (or restart the gateway). If it persists, relink via channels login and check logs.`,
-        });
-      }
-    },
-  });
-}
+// Shim: re-exports from extensions/whatsapp/src/status-issues.ts
+export * from "../../../../extensions/whatsapp/src/status-issues.js";
diff --git a/src/channels/plugins/status.ts b/src/channels/plugins/status.ts
index cc7de671a3a..689c50c6710 100644
--- a/src/channels/plugins/status.ts
+++ b/src/channels/plugins/status.ts
@@ -41,6 +41,19 @@ async function buildSnapshotFromAccount<ResolvedAccount>(params: {
   };
 }
 
+function inspectChannelAccount<ResolvedAccount>(params: {
+  plugin: ChannelPlugin<ResolvedAccount>;
+  cfg: OpenClawConfig;
+  accountId: string;
+}): ResolvedAccount | null {
+  return (params.plugin.config.inspectAccount?.(params.cfg, params.accountId) ??
+    inspectReadOnlyChannelAccount({
+      channelId: params.plugin.id,
+      cfg: params.cfg,
+      accountId: params.accountId,
+    })) as ResolvedAccount | null;
+}
+
 export async function buildReadOnlySourceChannelAccountSnapshot<ResolvedAccount>(params: {
   plugin: ChannelPlugin<ResolvedAccount>;
   cfg: OpenClawConfig;
@@ -49,13 +62,7 @@ export async function buildReadOnlySourceChannelAccountSnapshot<ResolvedAccount>
   probe?: unknown;
   audit?: unknown;
 }): Promise<ChannelAccountSnapshot | null> {
-  const inspectedAccount =
-    params.plugin.config.inspectAccount?.(params.cfg, params.accountId) ??
-    inspectReadOnlyChannelAccount({
-      channelId: params.plugin.id,
-      cfg: params.cfg,
-      accountId: params.accountId,
-    });
+  const inspectedAccount = inspectChannelAccount(params);
   if (!inspectedAccount) {
     return null;
   }
@@ -73,15 +80,9 @@ export async function buildChannelAccountSnapshot<ResolvedAccount>(params: {
   probe?: unknown;
   audit?: unknown;
 }): Promise<ChannelAccountSnapshot> {
-  const inspectedAccount =
-    params.plugin.config.inspectAccount?.(params.cfg, params.accountId) ??
-    inspectReadOnlyChannelAccount({
-      channelId: params.plugin.id,
-      cfg: params.cfg,
-      accountId: params.accountId,
-    });
-  const account = (inspectedAccount ??
-    params.plugin.config.resolveAccount(params.cfg, params.accountId)) as ResolvedAccount;
+  const inspectedAccount = inspectChannelAccount(params);
+  const account =
+    inspectedAccount ?? params.plugin.config.resolveAccount(params.cfg, params.accountId);
   return await buildSnapshotFromAccount({
     ...params,
     account,
diff --git a/src/channels/plugins/types.adapters.ts b/src/channels/plugins/types.adapters.ts
index df84ee4d3d2..257985e133c 100644
--- a/src/channels/plugins/types.adapters.ts
+++ b/src/channels/plugins/types.adapters.ts
@@ -93,6 +93,8 @@ export type ChannelOutboundContext = {
   mediaUrl?: string;
   mediaLocalRoots?: readonly string[];
   gifPlayback?: boolean;
+  /** Send image as document to avoid Telegram compression. */
+  forceDocument?: boolean;
   replyToId?: string | null;
   threadId?: string | number | null;
   accountId?: string | null;
diff --git a/src/channels/plugins/whatsapp-shared.ts b/src/channels/plugins/whatsapp-shared.ts
index 368b58454fb..3a51e2263bd 100644
--- a/src/channels/plugins/whatsapp-shared.ts
+++ b/src/channels/plugins/whatsapp-shared.ts
@@ -1,4 +1,8 @@
+import { resolveOutboundSendDep } from "../../infra/outbound/send-deps.js";
+import type { PluginRuntimeChannel } from "../../plugins/runtime/types-channel.js";
 import { escapeRegExp } from "../../utils.js";
+import { resolveWhatsAppOutboundTarget } from "../../whatsapp/resolve-outbound-target.js";
+import type { ChannelOutboundAdapter } from "./types.js";
 
 export const WHATSAPP_GROUP_INTRO_HINT =
   "WhatsApp IDs: SenderId is the participant JID (group participant id).";
@@ -15,3 +19,91 @@ export function resolveWhatsAppMentionStripPatterns(ctx: { To?: string | null })
   const escaped = escapeRegExp(selfE164);
   return [escaped, `@${escaped}`];
 }
+
+type WhatsAppChunker = NonNullable<ChannelOutboundAdapter["chunker"]>;
+type WhatsAppSendMessage = PluginRuntimeChannel["whatsapp"]["sendMessageWhatsApp"];
+type WhatsAppSendPoll = PluginRuntimeChannel["whatsapp"]["sendPollWhatsApp"];
+
+type CreateWhatsAppOutboundBaseParams = {
+  chunker: WhatsAppChunker;
+  sendMessageWhatsApp: WhatsAppSendMessage;
+  sendPollWhatsApp: WhatsAppSendPoll;
+  shouldLogVerbose: () => boolean;
+  resolveTarget?: ChannelOutboundAdapter["resolveTarget"];
+  normalizeText?: (text: string | undefined) => string;
+  skipEmptyText?: boolean;
+};
+
+export function createWhatsAppOutboundBase({
+  chunker,
+  sendMessageWhatsApp,
+  sendPollWhatsApp,
+  shouldLogVerbose,
+  resolveTarget = ({ to, allowFrom, mode }) =>
+    resolveWhatsAppOutboundTarget({ to, allowFrom, mode }),
+  normalizeText = (text) => text ?? "",
+  skipEmptyText = false,
+}: CreateWhatsAppOutboundBaseParams): Pick<
+  ChannelOutboundAdapter,
+  | "deliveryMode"
+  | "chunker"
+  | "chunkerMode"
+  | "textChunkLimit"
+  | "pollMaxOptions"
+  | "resolveTarget"
+  | "sendText"
+  | "sendMedia"
+  | "sendPoll"
+> {
+  return {
+    deliveryMode: "gateway",
+    chunker,
+    chunkerMode: "text",
+    textChunkLimit: 4000,
+    pollMaxOptions: 12,
+    resolveTarget,
+    sendText: async ({ cfg, to, text, accountId, deps, gifPlayback }) => {
+      const normalizedText = normalizeText(text);
+      if (skipEmptyText && !normalizedText) {
+        return { channel: "whatsapp", messageId: "" };
+      }
+      const send =
+        resolveOutboundSendDep<WhatsAppSendMessage>(deps, "whatsapp") ?? sendMessageWhatsApp;
+      const result = await send(to, normalizedText, {
+        verbose: false,
+        cfg,
+        accountId: accountId ?? undefined,
+        gifPlayback,
+      });
+      return { channel: "whatsapp", ...result };
+    },
+    sendMedia: async ({
+      cfg,
+      to,
+      text,
+      mediaUrl,
+      mediaLocalRoots,
+      accountId,
+      deps,
+      gifPlayback,
+    }) => {
+      const send =
+        resolveOutboundSendDep<WhatsAppSendMessage>(deps, "whatsapp") ?? sendMessageWhatsApp;
+      const result = await send(to, normalizeText(text), {
+        verbose: false,
+        cfg,
+        mediaUrl,
+        mediaLocalRoots,
+        accountId: accountId ?? undefined,
+        gifPlayback,
+      });
+      return { channel: "whatsapp", ...result };
+    },
+    sendPoll: async ({ cfg, to, poll, accountId }) =>
+      await sendPollWhatsApp(to, poll, {
+        verbose: shouldLogVerbose(),
+        accountId: accountId ?? undefined,
+        cfg,
+      }),
+  };
+}
diff --git a/src/channels/read-only-account-inspect.ts b/src/channels/read-only-account-inspect.ts
index 535fe05c473..c8d99a3a42e 100644
--- a/src/channels/read-only-account-inspect.ts
+++ b/src/channels/read-only-account-inspect.ts
@@ -1,10 +1,16 @@
-import type { OpenClawConfig } from "../config/config.js";
-import { inspectDiscordAccount, type InspectedDiscordAccount } from "../discord/account-inspect.js";
-import { inspectSlackAccount, type InspectedSlackAccount } from "../slack/account-inspect.js";
+import {
+  inspectDiscordAccount,
+  type InspectedDiscordAccount,
+} from "../../extensions/discord/src/account-inspect.js";
+import {
+  inspectSlackAccount,
+  type InspectedSlackAccount,
+} from "../../extensions/slack/src/account-inspect.js";
 import {
   inspectTelegramAccount,
   type InspectedTelegramAccount,
-} from "../telegram/account-inspect.js";
+} from "../../extensions/telegram/src/account-inspect.js";
+import type { OpenClawConfig } from "../config/config.js";
 import type { ChannelId } from "./plugins/types.js";
 
 export type ReadOnlyInspectedAccount =
diff --git a/src/channels/reply-prefix.ts b/src/channels/reply-prefix.ts
index 59f0a29381d..247109fb59d 100644
--- a/src/channels/reply-prefix.ts
+++ b/src/channels/reply-prefix.ts
@@ -1,3 +1,4 @@
+import { isSlackInteractiveRepliesEnabled } from "../../extensions/slack/src/interactive-replies.js";
 import { resolveEffectiveMessagesConfig, resolveIdentityName } from "../agents/identity.js";
 import {
   extractShortModelName,
@@ -5,7 +6,6 @@ import {
 } from "../auto-reply/reply/response-prefix-template.js";
 import type { GetReplyOptions } from "../auto-reply/types.js";
 import type { OpenClawConfig } from "../config/config.js";
-import { isSlackInteractiveRepliesEnabled } from "../slack/interactive-replies.js";
 
 type ModelSelectionContext = Parameters<NonNullable<GetReplyOptions["onModelSelected"]>>[0];
 
diff --git a/src/cli/browser-cli-manage.test.ts b/src/cli/browser-cli-manage.test.ts
new file mode 100644
index 00000000000..e1d01132be3
--- /dev/null
+++ b/src/cli/browser-cli-manage.test.ts
@@ -0,0 +1,151 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { registerBrowserManageCommands } from "./browser-cli-manage.js";
+import { createBrowserProgram } from "./browser-cli-test-helpers.js";
+
+const mocks = vi.hoisted(() => {
+  const runtimeLog = vi.fn();
+  const runtimeError = vi.fn();
+  const runtimeExit = vi.fn();
+  return {
+    callBrowserRequest: vi.fn<
+      (
+        opts: unknown,
+        req: { path?: string },
+        runtimeOpts?: { timeoutMs?: number },
+      ) => Promise<Record<string, unknown>>
+    >(async () => ({})),
+    runtimeLog,
+    runtimeError,
+    runtimeExit,
+    runtime: {
+      log: runtimeLog,
+      error: runtimeError,
+      exit: runtimeExit,
+    },
+  };
+});
+
+vi.mock("./browser-cli-shared.js", () => ({
+  callBrowserRequest: mocks.callBrowserRequest,
+}));
+
+vi.mock("./cli-utils.js", () => ({
+  runCommandWithRuntime: async (
+    _runtime: unknown,
+    action: () => Promise<void>,
+    onError: (err: unknown) => void,
+  ) => await action().catch(onError),
+}));
+
+vi.mock("../runtime.js", () => ({
+  defaultRuntime: mocks.runtime,
+}));
+
+function createProgram() {
+  const { program, browser, parentOpts } = createBrowserProgram();
+  registerBrowserManageCommands(browser, parentOpts);
+  return program;
+}
+
+describe("browser manage output", () => {
+  beforeEach(() => {
+    mocks.callBrowserRequest.mockClear();
+    mocks.runtimeLog.mockClear();
+    mocks.runtimeError.mockClear();
+    mocks.runtimeExit.mockClear();
+  });
+
+  it("shows chrome-mcp transport for existing-session status without fake CDP fields", async () => {
+    mocks.callBrowserRequest.mockImplementation(async (_opts: unknown, req: { path?: string }) =>
+      req.path === "/"
+        ? {
+            enabled: true,
+            profile: "chrome-live",
+            driver: "existing-session",
+            transport: "chrome-mcp",
+            running: true,
+            cdpReady: true,
+            cdpHttp: true,
+            pid: 4321,
+            cdpPort: null,
+            cdpUrl: null,
+            chosenBrowser: null,
+            userDataDir: null,
+            color: "#00AA00",
+            headless: false,
+            noSandbox: false,
+            executablePath: null,
+            attachOnly: true,
+          }
+        : {},
+    );
+
+    const program = createProgram();
+    await program.parseAsync(["browser", "--browser-profile", "chrome-live", "status"], {
+      from: "user",
+    });
+
+    const output = mocks.runtimeLog.mock.calls.at(-1)?.[0] as string;
+    expect(output).toContain("transport: chrome-mcp");
+    expect(output).not.toContain("cdpPort:");
+    expect(output).not.toContain("cdpUrl:");
+  });
+
+  it("shows chrome-mcp transport in browser profiles output", async () => {
+    mocks.callBrowserRequest.mockImplementation(async (_opts: unknown, req: { path?: string }) =>
+      req.path === "/profiles"
+        ? {
+            profiles: [
+              {
+                name: "chrome-live",
+                driver: "existing-session",
+                transport: "chrome-mcp",
+                running: true,
+                tabCount: 2,
+                isDefault: false,
+                isRemote: false,
+                cdpPort: null,
+                cdpUrl: null,
+                color: "#00AA00",
+              },
+            ],
+          }
+        : {},
+    );
+
+    const program = createProgram();
+    await program.parseAsync(["browser", "profiles"], { from: "user" });
+
+    const output = mocks.runtimeLog.mock.calls.at(-1)?.[0] as string;
+    expect(output).toContain("chrome-live: running (2 tabs) [existing-session]");
+    expect(output).toContain("transport: chrome-mcp");
+    expect(output).not.toContain("port: 0");
+  });
+
+  it("shows chrome-mcp transport after creating an existing-session profile", async () => {
+    mocks.callBrowserRequest.mockImplementation(async (_opts: unknown, req: { path?: string }) =>
+      req.path === "/profiles/create"
+        ? {
+            ok: true,
+            profile: "chrome-live",
+            transport: "chrome-mcp",
+            cdpPort: null,
+            cdpUrl: null,
+            color: "#00AA00",
+            isRemote: false,
+          }
+        : {},
+    );
+
+    const program = createProgram();
+    await program.parseAsync(
+      ["browser", "create-profile", "--name", "chrome-live", "--driver", "existing-session"],
+      { from: "user" },
+    );
+
+    const output = mocks.runtimeLog.mock.calls.at(-1)?.[0] as string;
+    expect(output).toContain('Created profile "chrome-live"');
+    expect(output).toContain("transport: chrome-mcp");
+    expect(output).not.toContain("port: 0");
+  });
+});
diff --git a/src/cli/browser-cli-manage.ts b/src/cli/browser-cli-manage.ts
index 8fad97eaf38..5bac9b621bf 100644
--- a/src/cli/browser-cli-manage.ts
+++ b/src/cli/browser-cli-manage.ts
@@ -1,5 +1,6 @@
 import type { Command } from "commander";
 import type {
+  BrowserTransport,
   BrowserCreateProfileResult,
   BrowserDeleteProfileResult,
   BrowserResetProfileResult,
@@ -101,6 +102,29 @@ function logBrowserTabs(tabs: BrowserTab[], json?: boolean) {
   );
 }
 
+function usesChromeMcpTransport(params: {
+  transport?: BrowserTransport;
+  driver?: "openclaw" | "extension" | "existing-session";
+}): boolean {
+  return params.transport === "chrome-mcp" || params.driver === "existing-session";
+}
+
+function formatBrowserConnectionSummary(params: {
+  transport?: BrowserTransport;
+  driver?: "openclaw" | "extension" | "existing-session";
+  isRemote?: boolean;
+  cdpPort?: number | null;
+  cdpUrl?: string | null;
+}): string {
+  if (usesChromeMcpTransport(params)) {
+    return "transport: chrome-mcp";
+  }
+  if (params.isRemote) {
+    return `cdpUrl: ${params.cdpUrl ?? "(unset)"}`;
+  }
+  return `port: ${params.cdpPort ?? "(unset)"}`;
+}
+
 export function registerBrowserManageCommands(
   browser: Command,
   parentOpts: (cmd: Command) => BrowserParentOpts,
@@ -122,8 +146,15 @@ export function registerBrowserManageCommands(
             `profile: ${status.profile ?? "openclaw"}`,
             `enabled: ${status.enabled}`,
             `running: ${status.running}`,
-            `cdpPort: ${status.cdpPort}`,
-            `cdpUrl: ${status.cdpUrl ?? `http://127.0.0.1:${status.cdpPort}`}`,
+            `transport: ${
+              usesChromeMcpTransport(status) ? "chrome-mcp" : (status.transport ?? "cdp")
+            }`,
+            ...(!usesChromeMcpTransport(status)
+              ? [
+                  `cdpPort: ${status.cdpPort ?? "(unset)"}`,
+                  `cdpUrl: ${status.cdpUrl ?? `http://127.0.0.1:${status.cdpPort}`}`,
+                ]
+              : []),
             `browser: ${status.chosenBrowser ?? "unknown"}`,
             `detectedBrowser: ${status.detectedBrowser ?? "unknown"}`,
             `detectedPath: ${detectedDisplay}`,
@@ -407,7 +438,7 @@ export function registerBrowserManageCommands(
               const status = p.running ? "running" : "stopped";
               const tabs = p.running ? ` (${p.tabCount} tabs)` : "";
               const def = p.isDefault ? " [default]" : "";
-              const loc = p.isRemote ? `cdpUrl: ${p.cdpUrl}` : `port: ${p.cdpPort}`;
+              const loc = formatBrowserConnectionSummary(p);
               const remote = p.isRemote ? " [remote]" : "";
               const driver = p.driver !== "openclaw" ? ` [${p.driver}]` : "";
               return `${p.name}: ${status}${tabs}${def}${remote}${driver}\n  ${loc}, color: ${p.color}`;
@@ -453,7 +484,7 @@ export function registerBrowserManageCommands(
           if (printJsonResult(parent, result)) {
             return;
           }
-          const loc = result.isRemote ? `  cdpUrl: ${result.cdpUrl}` : `  port: ${result.cdpPort}`;
+          const loc = `  ${formatBrowserConnectionSummary(result)}`;
           defaultRuntime.log(
             info(
               `🦞 Created profile "${result.profile}"\n${loc}\n  color: ${result.color}${
diff --git a/src/cli/cron-cli/register.cron-add.ts b/src/cli/cron-cli/register.cron-add.ts
index bd7d0ff1af5..e916c459863 100644
--- a/src/cli/cron-cli/register.cron-add.ts
+++ b/src/cli/cron-cli/register.cron-add.ts
@@ -194,8 +194,13 @@ export function registerCronAddCommand(cron: Command) {
           const inferredSessionTarget = payload.kind === "agentTurn" ? "isolated" : "main";
           const sessionTarget =
             sessionSource === "cli" ? sessionTargetRaw || "" : inferredSessionTarget;
-          if (sessionTarget !== "main" && sessionTarget !== "isolated") {
-            throw new Error("--session must be main or isolated");
+          const isCustomSessionTarget =
+            sessionTarget.toLowerCase().startsWith("session:") &&
+            sessionTarget.slice(8).trim().length > 0;
+          const isIsolatedLikeSessionTarget =
+            sessionTarget === "isolated" || sessionTarget === "current" || isCustomSessionTarget;
+          if (sessionTarget !== "main" && !isIsolatedLikeSessionTarget) {
+            throw new Error("--session must be main, isolated, current, or session:<id>");
           }
 
           if (opts.deleteAfterRun && opts.keepAfterRun) {
@@ -205,14 +210,14 @@ export function registerCronAddCommand(cron: Command) {
           if (sessionTarget === "main" && payload.kind !== "systemEvent") {
             throw new Error("Main jobs require --system-event (systemEvent).");
           }
-          if (sessionTarget === "isolated" && payload.kind !== "agentTurn") {
-            throw new Error("Isolated jobs require --message (agentTurn).");
+          if (isIsolatedLikeSessionTarget && payload.kind !== "agentTurn") {
+            throw new Error("Isolated/current/custom-session jobs require --message (agentTurn).");
           }
           if (
             (opts.announce || typeof opts.deliver === "boolean") &&
-            (sessionTarget !== "isolated" || payload.kind !== "agentTurn")
+            (!isIsolatedLikeSessionTarget || payload.kind !== "agentTurn")
           ) {
-            throw new Error("--announce/--no-deliver require --session isolated.");
+            throw new Error("--announce/--no-deliver require a non-main agentTurn session target.");
           }
 
           const accountId =
@@ -220,12 +225,12 @@ export function registerCronAddCommand(cron: Command) {
               ? opts.account.trim()
               : undefined;
 
-          if (accountId && (sessionTarget !== "isolated" || payload.kind !== "agentTurn")) {
-            throw new Error("--account requires an isolated agentTurn job with delivery.");
+          if (accountId && (!isIsolatedLikeSessionTarget || payload.kind !== "agentTurn")) {
+            throw new Error("--account requires a non-main agentTurn job with delivery.");
           }
 
           const deliveryMode =
-            sessionTarget === "isolated" && payload.kind === "agentTurn"
+            isIsolatedLikeSessionTarget && payload.kind === "agentTurn"
               ? hasAnnounce
                 ? "announce"
                 : hasNoDeliver
diff --git a/src/cli/cron-cli/shared.ts b/src/cli/cron-cli/shared.ts
index d3601b6ce40..3574a63ab27 100644
--- a/src/cli/cron-cli/shared.ts
+++ b/src/cli/cron-cli/shared.ts
@@ -247,9 +247,9 @@ export function printCronList(jobs: CronJob[], runtime = defaultRuntime) {
     })();
 
     const coloredTarget =
-      job.sessionTarget === "isolated"
-        ? colorize(rich, theme.accentBright, targetLabel)
-        : colorize(rich, theme.accent, targetLabel);
+      job.sessionTarget === "main"
+        ? colorize(rich, theme.accent, targetLabel)
+        : colorize(rich, theme.accentBright, targetLabel);
     const coloredAgent = job.agentId
       ? colorize(rich, theme.info, agentLabel)
       : colorize(rich, theme.muted, agentLabel);
diff --git a/src/cli/daemon-cli/install.test.ts b/src/cli/daemon-cli/install.test.ts
index 7401dc3b1a2..6d7b618a17a 100644
--- a/src/cli/daemon-cli/install.test.ts
+++ b/src/cli/daemon-cli/install.test.ts
@@ -84,8 +84,28 @@ vi.mock("../../commands/daemon-install-helpers.js", () => ({
 
 vi.mock("./shared.js", () => ({
   parsePort: parsePortMock,
+  createDaemonInstallActionContext: (jsonFlag: unknown) => {
+    const json = Boolean(jsonFlag);
+    return {
+      json,
+      stdout: process.stdout,
+      warnings: actionState.warnings,
+      emit: (payload: DaemonActionResponse) => {
+        actionState.emitted.push(payload);
+      },
+      fail: (message: string, hints?: string[]) => {
+        actionState.failed.push({ message, hints });
+      },
+    };
+  },
+  failIfNixDaemonInstallMode: (fail: (message: string, hints?: string[]) => void) => {
+    if (!resolveIsNixModeMock()) {
+      return false;
+    }
+    fail("Nix mode detected; service install is disabled.");
+    return true;
+  },
 }));
-
 vi.mock("../../commands/daemon-runtime.js", () => ({
   DEFAULT_GATEWAY_DAEMON_RUNTIME: "node",
   isGatewayDaemonRuntime: isGatewayDaemonRuntimeMock,
@@ -97,16 +117,6 @@ vi.mock("../../daemon/service.js", () => ({
 
 vi.mock("./response.js", () => ({
   buildDaemonServiceSnapshot: vi.fn(),
-  createDaemonActionContext: vi.fn(() => ({
-    stdout: process.stdout,
-    warnings: actionState.warnings,
-    emit: (payload: DaemonActionResponse) => {
-      actionState.emitted.push(payload);
-    },
-    fail: (message: string, hints?: string[]) => {
-      actionState.failed.push({ message, hints });
-    },
-  })),
   installDaemonServiceAndEmit: installDaemonServiceAndEmitMock,
 }));
 
@@ -126,6 +136,15 @@ function expectFirstInstallPlanCallOmitsToken() {
   expect(firstArg && "token" in firstArg).toBe(false);
 }
 
+function mockResolvedGatewayTokenSecretRef() {
+  resolveSecretInputRefMock.mockReturnValue({
+    ref: { source: "env", provider: "default", id: "OPENCLAW_GATEWAY_TOKEN" },
+  });
+  resolveSecretRefValuesMock.mockResolvedValue(
+    new Map([["env:default:OPENCLAW_GATEWAY_TOKEN", "resolved-from-secretref"]]),
+  );
+}
+
 const { runDaemonInstall } = await import("./install.js");
 const envSnapshot = captureFullEnv();
 
@@ -195,12 +214,7 @@ describe("runDaemonInstall", () => {
   });
 
   it("validates token SecretRef but does not serialize resolved token into service env", async () => {
-    resolveSecretInputRefMock.mockReturnValue({
-      ref: { source: "env", provider: "default", id: "OPENCLAW_GATEWAY_TOKEN" },
-    });
-    resolveSecretRefValuesMock.mockResolvedValue(
-      new Map([["env:default:OPENCLAW_GATEWAY_TOKEN", "resolved-from-secretref"]]),
-    );
+    mockResolvedGatewayTokenSecretRef();
 
     await runDaemonInstall({ json: true });
 
@@ -219,12 +233,7 @@ describe("runDaemonInstall", () => {
     loadConfigMock.mockReturnValue({
       gateway: { auth: { mode: "token", token: "${OPENCLAW_GATEWAY_TOKEN}" } },
     });
-    resolveSecretInputRefMock.mockReturnValue({
-      ref: { source: "env", provider: "default", id: "OPENCLAW_GATEWAY_TOKEN" },
-    });
-    resolveSecretRefValuesMock.mockResolvedValue(
-      new Map([["env:default:OPENCLAW_GATEWAY_TOKEN", "resolved-from-secretref"]]),
-    );
+    mockResolvedGatewayTokenSecretRef();
 
     await runDaemonInstall({ json: true });
 
diff --git a/src/cli/daemon-cli/install.ts b/src/cli/daemon-cli/install.ts
index 96a74bdc748..023ea5e520e 100644
--- a/src/cli/daemon-cli/install.ts
+++ b/src/cli/daemon-cli/install.ts
@@ -5,25 +5,21 @@ import {
 } from "../../commands/daemon-runtime.js";
 import { resolveGatewayInstallToken } from "../../commands/gateway-install-token.js";
 import { readBestEffortConfig, resolveGatewayPort } from "../../config/config.js";
-import { resolveIsNixMode } from "../../config/paths.js";
 import { resolveGatewayService } from "../../daemon/service.js";
 import { isNonFatalSystemdInstallProbeError } from "../../daemon/systemd.js";
 import { defaultRuntime } from "../../runtime.js";
 import { formatCliCommand } from "../command-format.js";
+import { buildDaemonServiceSnapshot, installDaemonServiceAndEmit } from "./response.js";
 import {
-  buildDaemonServiceSnapshot,
-  createDaemonActionContext,
-  installDaemonServiceAndEmit,
-} from "./response.js";
-import { parsePort } from "./shared.js";
+  createDaemonInstallActionContext,
+  failIfNixDaemonInstallMode,
+  parsePort,
+} from "./shared.js";
 import type { DaemonInstallOptions } from "./types.js";
 
 export async function runDaemonInstall(opts: DaemonInstallOptions) {
-  const json = Boolean(opts.json);
-  const { stdout, warnings, emit, fail } = createDaemonActionContext({ action: "install", json });
-
-  if (resolveIsNixMode(process.env)) {
-    fail("Nix mode detected; service install is disabled.");
+  const { json, stdout, warnings, emit, fail } = createDaemonInstallActionContext(opts.json);
+  if (failIfNixDaemonInstallMode(fail)) {
     return;
   }
 
diff --git a/src/cli/daemon-cli/lifecycle-core.config-guard.test.ts b/src/cli/daemon-cli/lifecycle-core.config-guard.test.ts
index 7b1526f87c6..59a2926e993 100644
--- a/src/cli/daemon-cli/lifecycle-core.config-guard.test.ts
+++ b/src/cli/daemon-cli/lifecycle-core.config-guard.test.ts
@@ -27,6 +27,28 @@ vi.mock("../../runtime.js", () => ({
   defaultRuntime,
 }));
 
+function setConfigSnapshot(params: {
+  exists: boolean;
+  valid: boolean;
+  issues?: Array<{ path: string; message: string }>;
+}) {
+  readConfigFileSnapshotMock.mockResolvedValue({
+    exists: params.exists,
+    valid: params.valid,
+    config: {},
+    issues: params.issues ?? [],
+  });
+}
+
+function createServiceRunArgs() {
+  return {
+    serviceNoun: "Gateway",
+    service,
+    renderStartHints: () => [],
+    opts: { json: true },
+  };
+}
+
 describe("runServiceRestart config pre-flight (#35862)", () => {
   let runServiceRestart: typeof import("./lifecycle-core.js").runServiceRestart;
 
@@ -37,12 +59,7 @@ describe("runServiceRestart config pre-flight (#35862)", () => {
   beforeEach(() => {
     resetLifecycleRuntimeLogs();
     readConfigFileSnapshotMock.mockReset();
-    readConfigFileSnapshotMock.mockResolvedValue({
-      exists: true,
-      valid: true,
-      config: {},
-      issues: [],
-    });
+    setConfigSnapshot({ exists: true, valid: true });
     loadConfig.mockReset();
     loadConfig.mockReturnValue({});
     resetLifecycleServiceMocks();
@@ -50,58 +67,30 @@ describe("runServiceRestart config pre-flight (#35862)", () => {
   });
 
   it("aborts restart when config is invalid", async () => {
-    readConfigFileSnapshotMock.mockResolvedValue({
+    setConfigSnapshot({
       exists: true,
       valid: false,
-      config: {},
       issues: [{ path: "agents.defaults.pdfModel", message: "Unrecognized key" }],
     });
 
-    await expect(
-      runServiceRestart({
-        serviceNoun: "Gateway",
-        service,
-        renderStartHints: () => [],
-        opts: { json: true },
-      }),
-    ).rejects.toThrow("__exit__:1");
+    await expect(runServiceRestart(createServiceRunArgs())).rejects.toThrow("__exit__:1");
 
     expect(service.restart).not.toHaveBeenCalled();
   });
 
   it("proceeds with restart when config is valid", async () => {
-    readConfigFileSnapshotMock.mockResolvedValue({
-      exists: true,
-      valid: true,
-      config: {},
-      issues: [],
-    });
+    setConfigSnapshot({ exists: true, valid: true });
 
-    const result = await runServiceRestart({
-      serviceNoun: "Gateway",
-      service,
-      renderStartHints: () => [],
-      opts: { json: true },
-    });
+    const result = await runServiceRestart(createServiceRunArgs());
 
     expect(result).toBe(true);
     expect(service.restart).toHaveBeenCalledTimes(1);
   });
 
   it("proceeds with restart when config file does not exist", async () => {
-    readConfigFileSnapshotMock.mockResolvedValue({
-      exists: false,
-      valid: true,
-      config: {},
-      issues: [],
-    });
+    setConfigSnapshot({ exists: false, valid: true });
 
-    const result = await runServiceRestart({
-      serviceNoun: "Gateway",
-      service,
-      renderStartHints: () => [],
-      opts: { json: true },
-    });
+    const result = await runServiceRestart(createServiceRunArgs());
 
     expect(result).toBe(true);
     expect(service.restart).toHaveBeenCalledTimes(1);
@@ -110,12 +99,7 @@ describe("runServiceRestart config pre-flight (#35862)", () => {
   it("proceeds with restart when snapshot read throws", async () => {
     readConfigFileSnapshotMock.mockRejectedValue(new Error("read failed"));
 
-    const result = await runServiceRestart({
-      serviceNoun: "Gateway",
-      service,
-      renderStartHints: () => [],
-      opts: { json: true },
-    });
+    const result = await runServiceRestart(createServiceRunArgs());
 
     expect(result).toBe(true);
     expect(service.restart).toHaveBeenCalledTimes(1);
@@ -132,49 +116,26 @@ describe("runServiceStart config pre-flight (#35862)", () => {
   beforeEach(() => {
     resetLifecycleRuntimeLogs();
     readConfigFileSnapshotMock.mockReset();
-    readConfigFileSnapshotMock.mockResolvedValue({
-      exists: true,
-      valid: true,
-      config: {},
-      issues: [],
-    });
+    setConfigSnapshot({ exists: true, valid: true });
     resetLifecycleServiceMocks();
   });
 
   it("aborts start when config is invalid", async () => {
-    readConfigFileSnapshotMock.mockResolvedValue({
+    setConfigSnapshot({
       exists: true,
       valid: false,
-      config: {},
       issues: [{ path: "agents.defaults.pdfModel", message: "Unrecognized key" }],
     });
 
-    await expect(
-      runServiceStart({
-        serviceNoun: "Gateway",
-        service,
-        renderStartHints: () => [],
-        opts: { json: true },
-      }),
-    ).rejects.toThrow("__exit__:1");
+    await expect(runServiceStart(createServiceRunArgs())).rejects.toThrow("__exit__:1");
 
     expect(service.restart).not.toHaveBeenCalled();
   });
 
   it("proceeds with start when config is valid", async () => {
-    readConfigFileSnapshotMock.mockResolvedValue({
-      exists: true,
-      valid: true,
-      config: {},
-      issues: [],
-    });
+    setConfigSnapshot({ exists: true, valid: true });
 
-    await runServiceStart({
-      serviceNoun: "Gateway",
-      service,
-      renderStartHints: () => [],
-      opts: { json: true },
-    });
+    await runServiceStart(createServiceRunArgs());
 
     expect(service.restart).toHaveBeenCalledTimes(1);
   });
diff --git a/src/cli/daemon-cli/lifecycle-core.test.ts b/src/cli/daemon-cli/lifecycle-core.test.ts
index 6e86ad0d23a..2f17269eb6c 100644
--- a/src/cli/daemon-cli/lifecycle-core.test.ts
+++ b/src/cli/daemon-cli/lifecycle-core.test.ts
@@ -29,6 +29,21 @@ let runServiceRestart: typeof import("./lifecycle-core.js").runServiceRestart;
 let runServiceStart: typeof import("./lifecycle-core.js").runServiceStart;
 let runServiceStop: typeof import("./lifecycle-core.js").runServiceStop;
 
+function readJsonLog<T extends object>() {
+  const jsonLine = runtimeLogs.find((line) => line.trim().startsWith("{"));
+  return JSON.parse(jsonLine ?? "{}") as T;
+}
+
+function createServiceRunArgs(checkTokenDrift?: boolean) {
+  return {
+    serviceNoun: "Gateway",
+    service,
+    renderStartHints: () => [],
+    opts: { json: true as const },
+    ...(checkTokenDrift ? { checkTokenDrift } : {}),
+  };
+}
+
 describe("runServiceRestart token drift", () => {
   beforeAll(async () => {
     ({ runServiceRestart, runServiceStart, runServiceStop } = await import("./lifecycle-core.js"));
@@ -53,17 +68,10 @@ describe("runServiceRestart token drift", () => {
   });
 
   it("emits drift warning when enabled", async () => {
-    await runServiceRestart({
-      serviceNoun: "Gateway",
-      service,
-      renderStartHints: () => [],
-      opts: { json: true },
-      checkTokenDrift: true,
-    });
+    await runServiceRestart(createServiceRunArgs(true));
 
     expect(loadConfig).toHaveBeenCalledTimes(1);
-    const jsonLine = runtimeLogs.find((line) => line.trim().startsWith("{"));
-    const payload = JSON.parse(jsonLine ?? "{}") as { warnings?: string[] };
+    const payload = readJsonLog<{ warnings?: string[] }>();
     expect(payload.warnings).toEqual(
       expect.arrayContaining([expect.stringContaining("gateway install --force")]),
     );
@@ -83,16 +91,9 @@ describe("runServiceRestart token drift", () => {
     });
     vi.stubEnv("OPENCLAW_GATEWAY_TOKEN", "env-token");
 
-    await runServiceRestart({
-      serviceNoun: "Gateway",
-      service,
-      renderStartHints: () => [],
-      opts: { json: true },
-      checkTokenDrift: true,
-    });
+    await runServiceRestart(createServiceRunArgs(true));
 
-    const jsonLine = runtimeLogs.find((line) => line.trim().startsWith("{"));
-    const payload = JSON.parse(jsonLine ?? "{}") as { warnings?: string[] };
+    const payload = readJsonLog<{ warnings?: string[] }>();
     expect(payload.warnings).toEqual(
       expect.arrayContaining([expect.stringContaining("gateway install --force")]),
     );
@@ -108,8 +109,7 @@ describe("runServiceRestart token drift", () => {
 
     expect(loadConfig).not.toHaveBeenCalled();
     expect(service.readCommand).not.toHaveBeenCalled();
-    const jsonLine = runtimeLogs.find((line) => line.trim().startsWith("{"));
-    const payload = JSON.parse(jsonLine ?? "{}") as { warnings?: string[] };
+    const payload = readJsonLog<{ warnings?: string[] }>();
     expect(payload.warnings).toBeUndefined();
   });
 
@@ -126,8 +126,7 @@ describe("runServiceRestart token drift", () => {
       }),
     });
 
-    const jsonLine = runtimeLogs.find((line) => line.trim().startsWith("{"));
-    const payload = JSON.parse(jsonLine ?? "{}") as { result?: string; message?: string };
+    const payload = readJsonLog<{ result?: string; message?: string }>();
     expect(payload.result).toBe("stopped");
     expect(payload.message).toContain("unmanaged process");
     expect(service.stop).not.toHaveBeenCalled();
@@ -152,8 +151,7 @@ describe("runServiceRestart token drift", () => {
     expect(postRestartCheck).toHaveBeenCalledTimes(1);
     expect(service.restart).not.toHaveBeenCalled();
     expect(service.readCommand).not.toHaveBeenCalled();
-    const jsonLine = runtimeLogs.find((line) => line.trim().startsWith("{"));
-    const payload = JSON.parse(jsonLine ?? "{}") as { result?: string; message?: string };
+    const payload = readJsonLog<{ result?: string; message?: string }>();
     expect(payload.result).toBe("restarted");
     expect(payload.message).toContain("unmanaged process");
   });
@@ -172,8 +170,7 @@ describe("runServiceRestart token drift", () => {
 
     expect(result).toBe(true);
     expect(postRestartCheck).not.toHaveBeenCalled();
-    const jsonLine = runtimeLogs.find((line) => line.trim().startsWith("{"));
-    const payload = JSON.parse(jsonLine ?? "{}") as { result?: string; message?: string };
+    const payload = readJsonLog<{ result?: string; message?: string }>();
     expect(payload.result).toBe("scheduled");
     expect(payload.message).toBe("restart scheduled, gateway will restart momentarily");
   });
@@ -189,8 +186,7 @@ describe("runServiceRestart token drift", () => {
     });
 
     expect(service.isLoaded).toHaveBeenCalledTimes(1);
-    const jsonLine = runtimeLogs.find((line) => line.trim().startsWith("{"));
-    const payload = JSON.parse(jsonLine ?? "{}") as { result?: string; message?: string };
+    const payload = readJsonLog<{ result?: string; message?: string }>();
     expect(payload.result).toBe("scheduled");
     expect(payload.message).toBe("restart scheduled, gateway will restart momentarily");
   });
diff --git a/src/cli/daemon-cli/lifecycle-core.ts b/src/cli/daemon-cli/lifecycle-core.ts
index a1ad4073584..8def6aeefe6 100644
--- a/src/cli/daemon-cli/lifecycle-core.ts
+++ b/src/cli/daemon-cli/lifecycle-core.ts
@@ -339,6 +339,22 @@ export async function runServiceRestart(params: {
   const { stdout, emit, fail } = createActionIO({ action: "restart", json });
   const warnings: string[] = [];
   let handledNotLoaded: NotLoadedActionResult | null = null;
+  const emitScheduledRestart = (
+    restartStatus: ReturnType<typeof describeGatewayServiceRestart>,
+    serviceLoaded: boolean,
+  ) => {
+    emit({
+      ok: true,
+      result: restartStatus.daemonActionResult,
+      message: restartStatus.message,
+      service: buildDaemonServiceSnapshot(params.service, serviceLoaded),
+      warnings: warnings.length ? warnings : undefined,
+    });
+    if (!json) {
+      defaultRuntime.log(restartStatus.message);
+    }
+    return true;
+  };
 
   const loaded = await resolveServiceLoadedOrFail({
     serviceNoun: params.serviceNoun,
@@ -423,34 +439,14 @@ export async function runServiceRestart(params: {
     }
     let restartStatus = describeGatewayServiceRestart(params.serviceNoun, restartResult);
     if (restartStatus.scheduled) {
-      emit({
-        ok: true,
-        result: restartStatus.daemonActionResult,
-        message: restartStatus.message,
-        service: buildDaemonServiceSnapshot(params.service, loaded),
-        warnings: warnings.length ? warnings : undefined,
-      });
-      if (!json) {
-        defaultRuntime.log(restartStatus.message);
-      }
-      return true;
+      return emitScheduledRestart(restartStatus, loaded);
     }
     if (params.postRestartCheck) {
       const postRestartResult = await params.postRestartCheck({ json, stdout, warnings, fail });
       if (postRestartResult) {
         restartStatus = describeGatewayServiceRestart(params.serviceNoun, postRestartResult);
         if (restartStatus.scheduled) {
-          emit({
-            ok: true,
-            result: restartStatus.daemonActionResult,
-            message: restartStatus.message,
-            service: buildDaemonServiceSnapshot(params.service, loaded),
-            warnings: warnings.length ? warnings : undefined,
-          });
-          if (!json) {
-            defaultRuntime.log(restartStatus.message);
-          }
-          return true;
+          return emitScheduledRestart(restartStatus, loaded);
         }
       }
     }
diff --git a/src/cli/daemon-cli/lifecycle.test.ts b/src/cli/daemon-cli/lifecycle.test.ts
index 7d03656f86b..f026f81399f 100644
--- a/src/cli/daemon-cli/lifecycle.test.ts
+++ b/src/cli/daemon-cli/lifecycle.test.ts
@@ -99,6 +99,29 @@ describe("runDaemonRestart health checks", () => {
   let runDaemonRestart: (opts?: { json?: boolean }) => Promise<boolean>;
   let runDaemonStop: (opts?: { json?: boolean }) => Promise<void>;
 
+  function mockUnmanagedRestart({
+    runPostRestartCheck = false,
+  }: {
+    runPostRestartCheck?: boolean;
+  } = {}) {
+    runServiceRestart.mockImplementation(
+      async (params: RestartParams & { onNotLoaded?: () => Promise<unknown> }) => {
+        await params.onNotLoaded?.();
+        if (runPostRestartCheck) {
+          await params.postRestartCheck?.({
+            json: Boolean(params.opts?.json),
+            stdout: process.stdout,
+            warnings: [],
+            fail: (message: string) => {
+              throw new Error(message);
+            },
+          });
+        }
+        return true;
+      },
+    );
+  }
+
   beforeAll(async () => {
     ({ runDaemonRestart, runDaemonStop } = await import("./lifecycle.js"));
   });
@@ -234,20 +257,7 @@ describe("runDaemonRestart health checks", () => {
 
   it("signals a single unmanaged gateway process on restart", async () => {
     findVerifiedGatewayListenerPidsOnPortSync.mockReturnValue([4200]);
-    runServiceRestart.mockImplementation(
-      async (params: RestartParams & { onNotLoaded?: () => Promise<unknown> }) => {
-        await params.onNotLoaded?.();
-        await params.postRestartCheck?.({
-          json: Boolean(params.opts?.json),
-          stdout: process.stdout,
-          warnings: [],
-          fail: (message: string) => {
-            throw new Error(message);
-          },
-        });
-        return true;
-      },
-    );
+    mockUnmanagedRestart({ runPostRestartCheck: true });
 
     await runDaemonRestart({ json: true });
 
@@ -262,12 +272,7 @@ describe("runDaemonRestart health checks", () => {
 
   it("fails unmanaged restart when multiple gateway listeners are present", async () => {
     findVerifiedGatewayListenerPidsOnPortSync.mockReturnValue([4200, 4300]);
-    runServiceRestart.mockImplementation(
-      async (params: RestartParams & { onNotLoaded?: () => Promise<unknown> }) => {
-        await params.onNotLoaded?.();
-        return true;
-      },
-    );
+    mockUnmanagedRestart();
 
     await expect(runDaemonRestart({ json: true })).rejects.toThrow(
       "multiple gateway processes are listening on port 18789",
@@ -281,12 +286,7 @@ describe("runDaemonRestart health checks", () => {
       configSnapshot: { commands: { restart: false } },
     });
     isRestartEnabled.mockReturnValue(false);
-    runServiceRestart.mockImplementation(
-      async (params: RestartParams & { onNotLoaded?: () => Promise<unknown> }) => {
-        await params.onNotLoaded?.();
-        return true;
-      },
-    );
+    mockUnmanagedRestart();
 
     await expect(runDaemonRestart({ json: true })).rejects.toThrow(
       "Gateway restart is disabled in the running gateway config",
diff --git a/src/cli/daemon-cli/register-service-commands.test.ts b/src/cli/daemon-cli/register-service-commands.test.ts
index e249b00c835..64a1e24589b 100644
--- a/src/cli/daemon-cli/register-service-commands.test.ts
+++ b/src/cli/daemon-cli/register-service-commands.test.ts
@@ -67,6 +67,17 @@ describe("addGatewayServiceCommands", () => {
         );
       },
     },
+    {
+      name: "forwards require-rpc for status",
+      argv: ["status", "--require-rpc"],
+      assert: () => {
+        expect(runDaemonStatus).toHaveBeenCalledWith(
+          expect.objectContaining({
+            requireRpc: true,
+          }),
+        );
+      },
+    },
   ])("$name", async ({ argv, assert }) => {
     const gateway = createGatewayParentLikeCommand();
     await gateway.parseAsync(argv, { from: "user" });
diff --git a/src/cli/daemon-cli/register-service-commands.ts b/src/cli/daemon-cli/register-service-commands.ts
index 5d4ce0a9c28..2690eb91d7f 100644
--- a/src/cli/daemon-cli/register-service-commands.ts
+++ b/src/cli/daemon-cli/register-service-commands.ts
@@ -44,12 +44,14 @@ export function addGatewayServiceCommands(parent: Command, opts?: { statusDescri
     .option("--password <password>", "Gateway password (password auth)")
     .option("--timeout <ms>", "Timeout in ms", "10000")
     .option("--no-probe", "Skip RPC probe")
+    .option("--require-rpc", "Exit non-zero when the RPC probe fails", false)
     .option("--deep", "Scan system-level services", false)
     .option("--json", "Output JSON", false)
     .action(async (cmdOpts, command) => {
       await runDaemonStatus({
         rpc: resolveRpcOptions(cmdOpts, command),
         probe: Boolean(cmdOpts.probe),
+        requireRpc: Boolean(cmdOpts.requireRpc),
         deep: Boolean(cmdOpts.deep),
         json: Boolean(cmdOpts.json),
       });
diff --git a/src/cli/daemon-cli/restart-health.test.ts b/src/cli/daemon-cli/restart-health.test.ts
index 1a26f1a80dc..c4b8eb3b07c 100644
--- a/src/cli/daemon-cli/restart-health.test.ts
+++ b/src/cli/daemon-cli/restart-health.test.ts
@@ -20,28 +20,45 @@ vi.mock("../../gateway/probe.js", () => ({
 
 const originalPlatform = process.platform;
 
+function makeGatewayService(
+  runtime: { status: "running"; pid: number } | { status: "stopped" },
+): GatewayService {
+  return {
+    readRuntime: vi.fn(async () => runtime),
+  } as unknown as GatewayService;
+}
+
+async function inspectGatewayRestartWithSnapshot(params: {
+  runtime: { status: "running"; pid: number } | { status: "stopped" };
+  portUsage: PortUsage;
+  includeUnknownListenersAsStale?: boolean;
+}) {
+  const service = makeGatewayService(params.runtime);
+  inspectPortUsage.mockResolvedValue(params.portUsage);
+  const { inspectGatewayRestart } = await import("./restart-health.js");
+  return inspectGatewayRestart({
+    service,
+    port: 18789,
+    ...(params.includeUnknownListenersAsStale === undefined
+      ? {}
+      : { includeUnknownListenersAsStale: params.includeUnknownListenersAsStale }),
+  });
+}
+
 async function inspectUnknownListenerFallback(params: {
   runtime: { status: "running"; pid: number } | { status: "stopped" };
   includeUnknownListenersAsStale: boolean;
 }) {
   Object.defineProperty(process, "platform", { value: "win32", configurable: true });
   classifyPortListener.mockReturnValue("unknown");
-
-  const service = {
-    readRuntime: vi.fn(async () => params.runtime),
-  } as unknown as GatewayService;
-
-  inspectPortUsage.mockResolvedValue({
-    port: 18789,
-    status: "busy",
-    listeners: [{ pid: 10920, command: "unknown" }],
-    hints: [],
-  });
-
-  const { inspectGatewayRestart } = await import("./restart-health.js");
-  return inspectGatewayRestart({
-    service,
-    port: 18789,
+  return inspectGatewayRestartWithSnapshot({
+    runtime: params.runtime,
+    portUsage: {
+      port: 18789,
+      status: "busy",
+      listeners: [{ pid: 10920, command: "unknown" }],
+      hints: [],
+    },
     includeUnknownListenersAsStale: params.includeUnknownListenersAsStale,
   });
 }
@@ -49,21 +66,17 @@ async function inspectUnknownListenerFallback(params: {
 async function inspectAmbiguousOwnershipWithProbe(
   probeResult: Awaited<ReturnType<typeof probeGateway>>,
 ) {
-  const service = {
-    readRuntime: vi.fn(async () => ({ status: "running", pid: 8000 })),
-  } as unknown as GatewayService;
-
-  inspectPortUsage.mockResolvedValue({
-    port: 18789,
-    status: "busy",
-    listeners: [{ commandLine: "" }],
-    hints: [],
-  });
   classifyPortListener.mockReturnValue("unknown");
   probeGateway.mockResolvedValue(probeResult);
-
-  const { inspectGatewayRestart } = await import("./restart-health.js");
-  return inspectGatewayRestart({ service, port: 18789 });
+  return inspectGatewayRestartWithSnapshot({
+    runtime: { status: "running", pid: 8000 },
+    portUsage: {
+      port: 18789,
+      status: "busy",
+      listeners: [{ commandLine: "" }],
+      hints: [],
+    },
+  });
 }
 
 describe("inspectGatewayRestart", () => {
@@ -89,39 +102,31 @@ describe("inspectGatewayRestart", () => {
   });
 
   it("treats a gateway listener child pid as healthy ownership", async () => {
-    const service = {
-      readRuntime: vi.fn(async () => ({ status: "running", pid: 7000 })),
-    } as unknown as GatewayService;
-
-    inspectPortUsage.mockResolvedValue({
-      port: 18789,
-      status: "busy",
-      listeners: [{ pid: 7001, ppid: 7000, commandLine: "openclaw-gateway" }],
-      hints: [],
+    const snapshot = await inspectGatewayRestartWithSnapshot({
+      runtime: { status: "running", pid: 7000 },
+      portUsage: {
+        port: 18789,
+        status: "busy",
+        listeners: [{ pid: 7001, ppid: 7000, commandLine: "openclaw-gateway" }],
+        hints: [],
+      },
     });
 
-    const { inspectGatewayRestart } = await import("./restart-health.js");
-    const snapshot = await inspectGatewayRestart({ service, port: 18789 });
-
     expect(snapshot.healthy).toBe(true);
     expect(snapshot.staleGatewayPids).toEqual([]);
   });
 
   it("marks non-owned gateway listener pids as stale while runtime is running", async () => {
-    const service = {
-      readRuntime: vi.fn(async () => ({ status: "running", pid: 8000 })),
-    } as unknown as GatewayService;
-
-    inspectPortUsage.mockResolvedValue({
-      port: 18789,
-      status: "busy",
-      listeners: [{ pid: 9000, ppid: 8999, commandLine: "openclaw-gateway" }],
-      hints: [],
+    const snapshot = await inspectGatewayRestartWithSnapshot({
+      runtime: { status: "running", pid: 8000 },
+      portUsage: {
+        port: 18789,
+        status: "busy",
+        listeners: [{ pid: 9000, ppid: 8999, commandLine: "openclaw-gateway" }],
+        hints: [],
+      },
     });
 
-    const { inspectGatewayRestart } = await import("./restart-health.js");
-    const snapshot = await inspectGatewayRestart({ service, port: 18789 });
-
     expect(snapshot.healthy).toBe(false);
     expect(snapshot.staleGatewayPids).toEqual([9000]);
   });
@@ -157,21 +162,14 @@ describe("inspectGatewayRestart", () => {
     Object.defineProperty(process, "platform", { value: "win32", configurable: true });
     classifyPortListener.mockReturnValue("ssh");
 
-    const service = {
-      readRuntime: vi.fn(async () => ({ status: "stopped" })),
-    } as unknown as GatewayService;
-
-    inspectPortUsage.mockResolvedValue({
-      port: 18789,
-      status: "busy",
-      listeners: [{ pid: 22001, command: "nginx.exe" }],
-      hints: [],
-    });
-
-    const { inspectGatewayRestart } = await import("./restart-health.js");
-    const snapshot = await inspectGatewayRestart({
-      service,
-      port: 18789,
+    const snapshot = await inspectGatewayRestartWithSnapshot({
+      runtime: { status: "stopped" },
+      portUsage: {
+        port: 18789,
+        status: "busy",
+        listeners: [{ pid: 22001, command: "nginx.exe" }],
+        hints: [],
+      },
       includeUnknownListenersAsStale: true,
     });
 
@@ -192,25 +190,21 @@ describe("inspectGatewayRestart", () => {
 
   it("treats a busy port as healthy when runtime status lags but the probe succeeds", async () => {
     Object.defineProperty(process, "platform", { value: "win32", configurable: true });
-
-    const service = {
-      readRuntime: vi.fn(async () => ({ status: "stopped" })),
-    } as unknown as GatewayService;
-
-    inspectPortUsage.mockResolvedValue({
-      port: 18789,
-      status: "busy",
-      listeners: [{ pid: 9100, commandLine: "openclaw-gateway" }],
-      hints: [],
-    });
     classifyPortListener.mockReturnValue("gateway");
     probeGateway.mockResolvedValue({
       ok: true,
       close: null,
     });
 
-    const { inspectGatewayRestart } = await import("./restart-health.js");
-    const snapshot = await inspectGatewayRestart({ service, port: 18789 });
+    const snapshot = await inspectGatewayRestartWithSnapshot({
+      runtime: { status: "stopped" },
+      portUsage: {
+        port: 18789,
+        status: "busy",
+        listeners: [{ pid: 9100, commandLine: "openclaw-gateway" }],
+        hints: [],
+      },
+    });
 
     expect(snapshot.healthy).toBe(true);
     expect(snapshot.staleGatewayPids).toEqual([]);
diff --git a/src/cli/daemon-cli/restart-health.ts b/src/cli/daemon-cli/restart-health.ts
index 9bfe3476ee6..43102cedee8 100644
--- a/src/cli/daemon-cli/restart-health.ts
+++ b/src/cli/daemon-cli/restart-health.ts
@@ -182,7 +182,7 @@ export async function inspectGatewayRestart(params: {
             return true;
           }
           if (runtimePid == null) {
-            return true;
+            return false;
           }
           return !listenerOwnedByRuntimePid({ listener, runtimePid });
         })
diff --git a/src/cli/daemon-cli/shared.ts b/src/cli/daemon-cli/shared.ts
index 525b04682b0..eb2760c2630 100644
--- a/src/cli/daemon-cli/shared.ts
+++ b/src/cli/daemon-cli/shared.ts
@@ -1,3 +1,4 @@
+import { resolveIsNixMode } from "../../config/paths.js";
 import {
   resolveGatewayLaunchAgentLabel,
   resolveGatewaySystemdServiceName,
@@ -12,10 +13,30 @@ import { getResolvedLoggerSettings } from "../../logging.js";
 import { colorize, isRich, theme } from "../../terminal/theme.js";
 import { formatCliCommand } from "../command-format.js";
 import { parsePort } from "../shared/parse-port.js";
+import { createDaemonActionContext } from "./response.js";
 
 export { formatRuntimeStatus };
 export { parsePort };
 
+export function createDaemonInstallActionContext(jsonFlag: unknown) {
+  const json = Boolean(jsonFlag);
+  return {
+    json,
+    ...createDaemonActionContext({ action: "install", json }),
+  };
+}
+
+export function failIfNixDaemonInstallMode(
+  fail: (message: string, hints?: string[]) => void,
+  env: NodeJS.ProcessEnv = process.env,
+): boolean {
+  if (!resolveIsNixMode(env)) {
+    return false;
+  }
+  fail("Nix mode detected; service install is disabled.");
+  return true;
+}
+
 export function createCliStatusTextStyles() {
   const rich = isRich();
   return {
diff --git a/src/cli/daemon-cli/status.gather.test.ts b/src/cli/daemon-cli/status.gather.test.ts
index b0c08715abe..27b53753eda 100644
--- a/src/cli/daemon-cli/status.gather.test.ts
+++ b/src/cli/daemon-cli/status.gather.test.ts
@@ -1,5 +1,6 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { captureEnv } from "../../test-utils/env.js";
+import type { GatewayRestartSnapshot } from "./restart-health.js";
 
 const callGatewayStatusProbe = vi.fn(async (_opts?: unknown) => ({ ok: true as const }));
 const loadGatewayTlsRuntime = vi.fn(async (_cfg?: unknown) => ({
@@ -18,6 +19,14 @@ const readLastGatewayErrorLine = vi.fn(async (_env?: NodeJS.ProcessEnv) => null)
 const auditGatewayServiceConfig = vi.fn(async (_opts?: unknown) => undefined);
 const serviceIsLoaded = vi.fn(async (_opts?: unknown) => true);
 const serviceReadRuntime = vi.fn(async (_env?: NodeJS.ProcessEnv) => ({ status: "running" }));
+const inspectGatewayRestart = vi.fn<(opts?: unknown) => Promise<GatewayRestartSnapshot>>(
+  async (_opts?: unknown) => ({
+    runtime: { status: "running", pid: 1234 },
+    portUsage: { port: 19001, status: "busy", listeners: [], hints: [] },
+    healthy: true,
+    staleGatewayPids: [],
+  }),
+);
 const serviceReadCommand = vi.fn<
   (env?: NodeJS.ProcessEnv) => Promise<{
     programArguments: string[];
@@ -117,6 +126,10 @@ vi.mock("./probe.js", () => ({
   probeGatewayStatus: (opts: unknown) => callGatewayStatusProbe(opts),
 }));
 
+vi.mock("./restart-health.js", () => ({
+  inspectGatewayRestart: (opts: unknown) => inspectGatewayRestart(opts),
+}));
+
 const { gatherDaemonStatus } = await import("./status.gather.js");
 
 describe("gatherDaemonStatus", () => {
@@ -139,6 +152,7 @@ describe("gatherDaemonStatus", () => {
     delete process.env.DAEMON_GATEWAY_PASSWORD;
     callGatewayStatusProbe.mockClear();
     loadGatewayTlsRuntime.mockClear();
+    inspectGatewayRestart.mockClear();
     daemonLoadedConfig = {
       gateway: {
         bind: "lan",
@@ -362,4 +376,34 @@ describe("gatherDaemonStatus", () => {
     expect(callGatewayStatusProbe).not.toHaveBeenCalled();
     expect(status.rpc).toBeUndefined();
   });
+
+  it("surfaces stale gateway listener pids from restart health inspection", async () => {
+    inspectGatewayRestart.mockResolvedValueOnce({
+      runtime: { status: "running", pid: 8000 },
+      portUsage: {
+        port: 19001,
+        status: "busy",
+        listeners: [{ pid: 9000, ppid: 8999, commandLine: "openclaw-gateway" }],
+        hints: [],
+      },
+      healthy: false,
+      staleGatewayPids: [9000],
+    });
+
+    const status = await gatherDaemonStatus({
+      rpc: {},
+      probe: true,
+      deep: false,
+    });
+
+    expect(inspectGatewayRestart).toHaveBeenCalledWith(
+      expect.objectContaining({
+        port: 19001,
+      }),
+    );
+    expect(status.health).toEqual({
+      healthy: false,
+      staleGatewayPids: [9000],
+    });
+  });
 });
diff --git a/src/cli/daemon-cli/status.gather.ts b/src/cli/daemon-cli/status.gather.ts
index ef15a377438..707a908b1f6 100644
--- a/src/cli/daemon-cli/status.gather.ts
+++ b/src/cli/daemon-cli/status.gather.ts
@@ -29,6 +29,7 @@ import {
 import { pickPrimaryTailnetIPv4 } from "../../infra/tailnet.js";
 import { loadGatewayTlsRuntime } from "../../infra/tls/gateway.js";
 import { probeGatewayStatus } from "./probe.js";
+import { inspectGatewayRestart } from "./restart-health.js";
 import { normalizeListenerAddress, parsePortFromArgs, pickProbeHostForBind } from "./shared.js";
 import type { GatewayRpcOpts } from "./types.js";
 
@@ -112,6 +113,10 @@ export type DaemonStatus = {
     error?: string;
     url?: string;
   };
+  health?: {
+    healthy: boolean;
+    staleGatewayPids: number[];
+  };
   extraServices: Array<{ label: string; detail: string; scope: string }>;
 };
 
@@ -331,6 +336,14 @@ export async function gatherDaemonStatus(
         configPath: daemonConfigSummary.path,
       })
     : undefined;
+  const health =
+    opts.probe && loaded
+      ? await inspectGatewayRestart({
+          service,
+          port: daemonPort,
+          env: serviceEnv,
+        }).catch(() => undefined)
+      : undefined;
 
   let lastError: string | undefined;
   if (loaded && runtime?.status === "running" && portStatus && portStatus.status !== "busy") {
@@ -357,6 +370,14 @@ export async function gatherDaemonStatus(
     ...(portCliStatus ? { portCli: portCliStatus } : {}),
     lastError,
     ...(rpc ? { rpc: { ...rpc, url: gateway.probeUrl } } : {}),
+    ...(health
+      ? {
+          health: {
+            healthy: health.healthy,
+            staleGatewayPids: health.staleGatewayPids,
+          },
+        }
+      : {}),
     extraServices,
   };
 }
diff --git a/src/cli/daemon-cli/status.print.test.ts b/src/cli/daemon-cli/status.print.test.ts
new file mode 100644
index 00000000000..e99fa84de37
--- /dev/null
+++ b/src/cli/daemon-cli/status.print.test.ts
@@ -0,0 +1,116 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+const runtime = vi.hoisted(() => ({
+  log: vi.fn<(line: string) => void>(),
+  error: vi.fn<(line: string) => void>(),
+}));
+
+vi.mock("../../runtime.js", () => ({
+  defaultRuntime: runtime,
+}));
+
+vi.mock("../../terminal/theme.js", () => ({
+  colorize: (_rich: boolean, _theme: unknown, text: string) => text,
+}));
+
+vi.mock("../../commands/onboard-helpers.js", () => ({
+  resolveControlUiLinks: () => ({ httpUrl: "http://127.0.0.1:18789" }),
+}));
+
+vi.mock("../../daemon/inspect.js", () => ({
+  renderGatewayServiceCleanupHints: () => [],
+}));
+
+vi.mock("../../daemon/launchd.js", () => ({
+  resolveGatewayLogPaths: () => ({
+    stdoutPath: "/tmp/gateway.out.log",
+    stderrPath: "/tmp/gateway.err.log",
+  }),
+}));
+
+vi.mock("../../daemon/systemd-hints.js", () => ({
+  isSystemdUnavailableDetail: () => false,
+  renderSystemdUnavailableHints: () => [],
+}));
+
+vi.mock("../../infra/wsl.js", () => ({
+  isWSLEnv: () => false,
+}));
+
+vi.mock("../../logging.js", () => ({
+  getResolvedLoggerSettings: () => ({ file: "/tmp/openclaw.log" }),
+}));
+
+vi.mock("./shared.js", () => ({
+  createCliStatusTextStyles: () => ({
+    rich: false,
+    label: (text: string) => text,
+    accent: (text: string) => text,
+    infoText: (text: string) => text,
+    okText: (text: string) => text,
+    warnText: (text: string) => text,
+    errorText: (text: string) => text,
+  }),
+  filterDaemonEnv: () => ({}),
+  formatRuntimeStatus: () => "running (pid 8000)",
+  resolveRuntimeStatusColor: () => "",
+  renderRuntimeHints: () => [],
+  safeDaemonEnv: () => [],
+}));
+
+vi.mock("./status.gather.js", () => ({
+  renderPortDiagnosticsForCli: () => [],
+  resolvePortListeningAddresses: () => ["127.0.0.1:18789"],
+}));
+
+const { printDaemonStatus } = await import("./status.print.js");
+
+describe("printDaemonStatus", () => {
+  beforeEach(() => {
+    runtime.log.mockReset();
+    runtime.error.mockReset();
+  });
+
+  it("prints stale gateway pid guidance when runtime does not own the listener", () => {
+    printDaemonStatus(
+      {
+        service: {
+          label: "LaunchAgent",
+          loaded: true,
+          loadedText: "loaded",
+          notLoadedText: "not loaded",
+          runtime: { status: "running", pid: 8000 },
+        },
+        gateway: {
+          bindMode: "loopback",
+          bindHost: "127.0.0.1",
+          port: 18789,
+          portSource: "env/config",
+          probeUrl: "ws://127.0.0.1:18789",
+        },
+        port: {
+          port: 18789,
+          status: "busy",
+          listeners: [{ pid: 9000, ppid: 8999, address: "127.0.0.1:18789" }],
+          hints: [],
+        },
+        rpc: {
+          ok: false,
+          error: "gateway closed (1006 abnormal closure (no close frame))",
+          url: "ws://127.0.0.1:18789",
+        },
+        health: {
+          healthy: false,
+          staleGatewayPids: [9000],
+        },
+        extraServices: [],
+      },
+      { json: false },
+    );
+
+    expect(runtime.error).toHaveBeenCalledWith(
+      expect.stringContaining("Gateway runtime PID does not own the listening port"),
+    );
+    expect(runtime.error).toHaveBeenCalledWith(expect.stringContaining("openclaw gateway restart"));
+  });
+});
diff --git a/src/cli/daemon-cli/status.print.ts b/src/cli/daemon-cli/status.print.ts
index ce9934f7ed4..91348d10d4a 100644
--- a/src/cli/daemon-cli/status.print.ts
+++ b/src/cli/daemon-cli/status.print.ts
@@ -194,6 +194,25 @@ export function printDaemonStatus(status: DaemonStatus, opts: { json: boolean })
     spacer();
   }
 
+  if (
+    status.health &&
+    status.health.staleGatewayPids.length > 0 &&
+    service.runtime?.status === "running" &&
+    typeof service.runtime.pid === "number"
+  ) {
+    defaultRuntime.error(
+      errorText(
+        `Gateway runtime PID does not own the listening port. Other gateway process(es) are listening: ${status.health.staleGatewayPids.join(", ")}`,
+      ),
+    );
+    defaultRuntime.error(
+      errorText(
+        `Fix: run ${formatCliCommand("openclaw gateway restart")} and re-check with ${formatCliCommand("openclaw gateway status --deep")}.`,
+      ),
+    );
+    spacer();
+  }
+
   const systemdUnavailable =
     process.platform === "linux" && isSystemdUnavailableDetail(service.runtime?.detail);
   if (systemdUnavailable) {
diff --git a/src/cli/daemon-cli/status.test.ts b/src/cli/daemon-cli/status.test.ts
new file mode 100644
index 00000000000..5cf0484120e
--- /dev/null
+++ b/src/cli/daemon-cli/status.test.ts
@@ -0,0 +1,92 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { createCliRuntimeCapture } from "../test-runtime-capture.js";
+import type { DaemonStatus } from "./status.gather.js";
+
+const gatherDaemonStatus = vi.fn(
+  async (_opts?: unknown): Promise<DaemonStatus> => ({
+    service: {
+      label: "LaunchAgent",
+      loaded: true,
+      loadedText: "loaded",
+      notLoadedText: "not loaded",
+    },
+    rpc: {
+      ok: true,
+      url: "ws://127.0.0.1:18789",
+    },
+    extraServices: [],
+  }),
+);
+const printDaemonStatus = vi.fn();
+
+const { runtimeErrors, defaultRuntime, resetRuntimeCapture } = createCliRuntimeCapture();
+
+vi.mock("../../runtime.js", () => ({
+  defaultRuntime,
+}));
+
+vi.mock("../../terminal/theme.js", () => ({
+  colorize: (_rich: boolean, _color: unknown, text: string) => text,
+  isRich: () => false,
+  theme: { error: "error" },
+}));
+
+vi.mock("./status.gather.js", () => ({
+  gatherDaemonStatus: (opts: unknown) => gatherDaemonStatus(opts),
+}));
+
+vi.mock("./status.print.js", () => ({
+  printDaemonStatus: (...args: unknown[]) => printDaemonStatus(...args),
+}));
+
+const { runDaemonStatus } = await import("./status.js");
+
+describe("runDaemonStatus", () => {
+  beforeEach(() => {
+    gatherDaemonStatus.mockClear();
+    printDaemonStatus.mockClear();
+    resetRuntimeCapture();
+  });
+
+  it("exits when require-rpc is set and the probe fails", async () => {
+    gatherDaemonStatus.mockResolvedValueOnce({
+      service: {
+        label: "LaunchAgent",
+        loaded: true,
+        loadedText: "loaded",
+        notLoadedText: "not loaded",
+      },
+      rpc: {
+        ok: false,
+        url: "ws://127.0.0.1:18789",
+        error: "gateway closed",
+      },
+      extraServices: [],
+    });
+
+    await expect(
+      runDaemonStatus({
+        rpc: {},
+        probe: true,
+        requireRpc: true,
+        json: false,
+      }),
+    ).rejects.toThrow("__exit__:1");
+
+    expect(printDaemonStatus).toHaveBeenCalledTimes(1);
+  });
+
+  it("rejects require-rpc when probing is disabled", async () => {
+    await expect(
+      runDaemonStatus({
+        rpc: {},
+        probe: false,
+        requireRpc: true,
+        json: false,
+      }),
+    ).rejects.toThrow("__exit__:1");
+
+    expect(gatherDaemonStatus).not.toHaveBeenCalled();
+    expect(runtimeErrors.join("\n")).toContain("--require-rpc cannot be used with --no-probe");
+  });
+});
diff --git a/src/cli/daemon-cli/status.ts b/src/cli/daemon-cli/status.ts
index 2af5a1977ec..44ae4b0a686 100644
--- a/src/cli/daemon-cli/status.ts
+++ b/src/cli/daemon-cli/status.ts
@@ -6,12 +6,20 @@ import type { DaemonStatusOptions } from "./types.js";
 
 export async function runDaemonStatus(opts: DaemonStatusOptions) {
   try {
+    if (opts.requireRpc && !opts.probe) {
+      defaultRuntime.error("Gateway status failed: --require-rpc cannot be used with --no-probe.");
+      defaultRuntime.exit(1);
+      return;
+    }
     const status = await gatherDaemonStatus({
       rpc: opts.rpc,
       probe: Boolean(opts.probe),
       deep: Boolean(opts.deep),
     });
     printDaemonStatus(status, { json: Boolean(opts.json) });
+    if (opts.requireRpc && !status.rpc?.ok) {
+      defaultRuntime.exit(1);
+    }
   } catch (err) {
     const rich = isRich();
     defaultRuntime.error(colorize(rich, theme.error, `Gateway status failed: ${String(err)}`));
diff --git a/src/cli/daemon-cli/types.ts b/src/cli/daemon-cli/types.ts
index 602d47e9fd1..08a6d407329 100644
--- a/src/cli/daemon-cli/types.ts
+++ b/src/cli/daemon-cli/types.ts
@@ -11,6 +11,7 @@ export type GatewayRpcOpts = {
 export type DaemonStatusOptions = {
   rpc: GatewayRpcOpts;
   probe: boolean;
+  requireRpc: boolean;
   json: boolean;
 } & FindExtraGatewayServicesOptions;
 
diff --git a/src/cli/deps-send-discord.runtime.ts b/src/cli/deps-send-discord.runtime.ts
deleted file mode 100644
index e451b4fccb6..00000000000
--- a/src/cli/deps-send-discord.runtime.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { sendMessageDiscord } from "../discord/send.js";
diff --git a/src/cli/deps-send-imessage.runtime.ts b/src/cli/deps-send-imessage.runtime.ts
deleted file mode 100644
index 502d0c116bd..00000000000
--- a/src/cli/deps-send-imessage.runtime.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { sendMessageIMessage } from "../imessage/send.js";
diff --git a/src/cli/deps-send-signal.runtime.ts b/src/cli/deps-send-signal.runtime.ts
deleted file mode 100644
index f19755b8cf0..00000000000
--- a/src/cli/deps-send-signal.runtime.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { sendMessageSignal } from "../signal/send.js";
diff --git a/src/cli/deps-send-slack.runtime.ts b/src/cli/deps-send-slack.runtime.ts
deleted file mode 100644
index 039ffb20645..00000000000
--- a/src/cli/deps-send-slack.runtime.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { sendMessageSlack } from "../slack/send.js";
diff --git a/src/cli/deps-send-telegram.runtime.ts b/src/cli/deps-send-telegram.runtime.ts
deleted file mode 100644
index 8a052a3cf75..00000000000
--- a/src/cli/deps-send-telegram.runtime.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { sendMessageTelegram } from "../telegram/send.js";
diff --git a/src/cli/deps-send-whatsapp.runtime.ts b/src/cli/deps-send-whatsapp.runtime.ts
deleted file mode 100644
index e0ae02b3882..00000000000
--- a/src/cli/deps-send-whatsapp.runtime.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { sendMessageWhatsApp } from "../channels/web/index.js";
diff --git a/src/cli/deps.test.ts b/src/cli/deps.test.ts
index 3cba4d63ad8..f345e1a24bb 100644
--- a/src/cli/deps.test.ts
+++ b/src/cli/deps.test.ts
@@ -24,27 +24,27 @@ vi.mock("../channels/web/index.js", () => {
   return { sendMessageWhatsApp: sendFns.whatsapp };
 });
 
-vi.mock("../telegram/send.js", () => {
+vi.mock("../../extensions/telegram/src/send.js", () => {
   moduleLoads.telegram();
   return { sendMessageTelegram: sendFns.telegram };
 });
 
-vi.mock("../discord/send.js", () => {
+vi.mock("../../extensions/discord/src/send.js", () => {
   moduleLoads.discord();
   return { sendMessageDiscord: sendFns.discord };
 });
 
-vi.mock("../slack/send.js", () => {
+vi.mock("../../extensions/slack/src/send.js", () => {
   moduleLoads.slack();
   return { sendMessageSlack: sendFns.slack };
 });
 
-vi.mock("../signal/send.js", () => {
+vi.mock("../../extensions/signal/src/send.js", () => {
   moduleLoads.signal();
   return { sendMessageSignal: sendFns.signal };
 });
 
-vi.mock("../imessage/send.js", () => {
+vi.mock("../../extensions/imessage/src/send.js", () => {
   moduleLoads.imessage();
   return { sendMessageIMessage: sendFns.imessage };
 });
@@ -74,9 +74,7 @@ describe("createDefaultDeps", () => {
     expect(moduleLoads.signal).not.toHaveBeenCalled();
     expect(moduleLoads.imessage).not.toHaveBeenCalled();
 
-    const sendTelegram = deps.sendMessageTelegram as unknown as (
-      ...args: unknown[]
-    ) => Promise<unknown>;
+    const sendTelegram = deps["telegram"] as (...args: unknown[]) => Promise<unknown>;
     await sendTelegram("chat", "hello", { verbose: false });
 
     expect(moduleLoads.telegram).toHaveBeenCalledTimes(1);
@@ -86,9 +84,7 @@ describe("createDefaultDeps", () => {
 
   it("reuses module cache after first dynamic import", async () => {
     const deps = createDefaultDeps();
-    const sendDiscord = deps.sendMessageDiscord as unknown as (
-      ...args: unknown[]
-    ) => Promise<unknown>;
+    const sendDiscord = deps["discord"] as (...args: unknown[]) => Promise<unknown>;
 
     await sendDiscord("channel", "first", { verbose: false });
     await sendDiscord("channel", "second", { verbose: false });
diff --git a/src/cli/deps.ts b/src/cli/deps.ts
index 478f3862146..c9ab341dd18 100644
--- a/src/cli/deps.ts
+++ b/src/cli/deps.ts
@@ -1,89 +1,68 @@
-import type { sendMessageWhatsApp } from "../channels/web/index.js";
-import type { sendMessageDiscord } from "../discord/send.js";
-import type { sendMessageIMessage } from "../imessage/send.js";
-import type { OutboundSendDeps } from "../infra/outbound/deliver.js";
-import type { sendMessageSignal } from "../signal/send.js";
-import type { sendMessageSlack } from "../slack/send.js";
-import type { sendMessageTelegram } from "../telegram/send.js";
+import type { OutboundSendDeps } from "../infra/outbound/send-deps.js";
 import { createOutboundSendDepsFromCliSource } from "./outbound-send-mapping.js";
 
-export type CliDeps = {
-  sendMessageWhatsApp: typeof sendMessageWhatsApp;
-  sendMessageTelegram: typeof sendMessageTelegram;
-  sendMessageDiscord: typeof sendMessageDiscord;
-  sendMessageSlack: typeof sendMessageSlack;
-  sendMessageSignal: typeof sendMessageSignal;
-  sendMessageIMessage: typeof sendMessageIMessage;
-};
+/**
+ * Lazy-loaded per-channel send functions, keyed by channel ID.
+ * Values are proxy functions that dynamically import the real module on first use.
+ */
+export type CliDeps = { [channelId: string]: unknown };
 
-let whatsappSenderRuntimePromise: Promise<typeof import("./deps-send-whatsapp.runtime.js")> | null =
-  null;
-let telegramSenderRuntimePromise: Promise<typeof import("./deps-send-telegram.runtime.js")> | null =
-  null;
-let discordSenderRuntimePromise: Promise<typeof import("./deps-send-discord.runtime.js")> | null =
-  null;
-let slackSenderRuntimePromise: Promise<typeof import("./deps-send-slack.runtime.js")> | null = null;
-let signalSenderRuntimePromise: Promise<typeof import("./deps-send-signal.runtime.js")> | null =
-  null;
-let imessageSenderRuntimePromise: Promise<typeof import("./deps-send-imessage.runtime.js")> | null =
-  null;
+// Per-channel module caches for lazy loading.
+const senderCache = new Map<string, Promise<Record<string, unknown>>>();
 
-function loadWhatsAppSenderRuntime() {
-  whatsappSenderRuntimePromise ??= import("./deps-send-whatsapp.runtime.js");
-  return whatsappSenderRuntimePromise;
-}
-
-function loadTelegramSenderRuntime() {
-  telegramSenderRuntimePromise ??= import("./deps-send-telegram.runtime.js");
-  return telegramSenderRuntimePromise;
-}
-
-function loadDiscordSenderRuntime() {
-  discordSenderRuntimePromise ??= import("./deps-send-discord.runtime.js");
-  return discordSenderRuntimePromise;
-}
-
-function loadSlackSenderRuntime() {
-  slackSenderRuntimePromise ??= import("./deps-send-slack.runtime.js");
-  return slackSenderRuntimePromise;
-}
-
-function loadSignalSenderRuntime() {
-  signalSenderRuntimePromise ??= import("./deps-send-signal.runtime.js");
-  return signalSenderRuntimePromise;
-}
-
-function loadIMessageSenderRuntime() {
-  imessageSenderRuntimePromise ??= import("./deps-send-imessage.runtime.js");
-  return imessageSenderRuntimePromise;
+/**
+ * Create a lazy-loading send function proxy for a channel.
+ * The channel's module is loaded on first call and cached for reuse.
+ */
+function createLazySender(
+  channelId: string,
+  loader: () => Promise<Record<string, unknown>>,
+  exportName: string,
+): (...args: unknown[]) => Promise<unknown> {
+  return async (...args: unknown[]) => {
+    let cached = senderCache.get(channelId);
+    if (!cached) {
+      cached = loader();
+      senderCache.set(channelId, cached);
+    }
+    const mod = await cached;
+    const fn = mod[exportName] as (...a: unknown[]) => Promise<unknown>;
+    return await fn(...args);
+  };
 }
 
 export function createDefaultDeps(): CliDeps {
   return {
-    sendMessageWhatsApp: async (...args) => {
-      const { sendMessageWhatsApp } = await loadWhatsAppSenderRuntime();
-      return await sendMessageWhatsApp(...args);
-    },
-    sendMessageTelegram: async (...args) => {
-      const { sendMessageTelegram } = await loadTelegramSenderRuntime();
-      return await sendMessageTelegram(...args);
-    },
-    sendMessageDiscord: async (...args) => {
-      const { sendMessageDiscord } = await loadDiscordSenderRuntime();
-      return await sendMessageDiscord(...args);
-    },
-    sendMessageSlack: async (...args) => {
-      const { sendMessageSlack } = await loadSlackSenderRuntime();
-      return await sendMessageSlack(...args);
-    },
-    sendMessageSignal: async (...args) => {
-      const { sendMessageSignal } = await loadSignalSenderRuntime();
-      return await sendMessageSignal(...args);
-    },
-    sendMessageIMessage: async (...args) => {
-      const { sendMessageIMessage } = await loadIMessageSenderRuntime();
-      return await sendMessageIMessage(...args);
-    },
+    whatsapp: createLazySender(
+      "whatsapp",
+      () => import("../channels/web/index.js") as Promise<Record<string, unknown>>,
+      "sendMessageWhatsApp",
+    ),
+    telegram: createLazySender(
+      "telegram",
+      () => import("../../extensions/telegram/src/send.js") as Promise<Record<string, unknown>>,
+      "sendMessageTelegram",
+    ),
+    discord: createLazySender(
+      "discord",
+      () => import("../../extensions/discord/src/send.js") as Promise<Record<string, unknown>>,
+      "sendMessageDiscord",
+    ),
+    slack: createLazySender(
+      "slack",
+      () => import("../../extensions/slack/src/send.js") as Promise<Record<string, unknown>>,
+      "sendMessageSlack",
+    ),
+    signal: createLazySender(
+      "signal",
+      () => import("../../extensions/signal/src/send.js") as Promise<Record<string, unknown>>,
+      "sendMessageSignal",
+    ),
+    imessage: createLazySender(
+      "imessage",
+      () => import("../../extensions/imessage/src/send.js") as Promise<Record<string, unknown>>,
+      "sendMessageIMessage",
+    ),
   };
 }
 
@@ -91,4 +70,4 @@ export function createOutboundSendDeps(deps: CliDeps): OutboundSendDeps {
   return createOutboundSendDepsFromCliSource(deps);
 }
 
-export { logWebSelfId } from "../web/auth-store.js";
+export { logWebSelfId } from "../../extensions/whatsapp/src/auth-store.js";
diff --git a/src/cli/gateway-cli/discover.ts b/src/cli/gateway-cli/discover.ts
index 8465cf449ca..51eac4feb76 100644
--- a/src/cli/gateway-cli/discover.ts
+++ b/src/cli/gateway-cli/discover.ts
@@ -1,5 +1,6 @@
 import type { GatewayBonjourBeacon } from "../../infra/bonjour-discovery.js";
 import { colorize, theme } from "../../terminal/theme.js";
+import { parseTimeoutMsWithFallback } from "../parse-timeout.js";
 
 export type GatewayDiscoverOpts = {
   timeout?: string;
@@ -7,26 +8,7 @@ export type GatewayDiscoverOpts = {
 };
 
 export function parseDiscoverTimeoutMs(raw: unknown, fallbackMs: number): number {
-  if (raw === undefined || raw === null) {
-    return fallbackMs;
-  }
-  const value =
-    typeof raw === "string"
-      ? raw.trim()
-      : typeof raw === "number" || typeof raw === "bigint"
-        ? String(raw)
-        : null;
-  if (value === null) {
-    throw new Error("invalid --timeout");
-  }
-  if (!value) {
-    return fallbackMs;
-  }
-  const parsed = Number.parseInt(value, 10);
-  if (!Number.isFinite(parsed) || parsed <= 0) {
-    throw new Error(`invalid --timeout: ${value}`);
-  }
-  return parsed;
+  return parseTimeoutMsWithFallback(raw, fallbackMs, { invalidType: "error" });
 }
 
 export function pickBeaconHost(beacon: GatewayBonjourBeacon): string | null {
diff --git a/src/cli/node-cli/daemon.ts b/src/cli/node-cli/daemon.ts
index b293c88c15c..f56b8af3fff 100644
--- a/src/cli/node-cli/daemon.ts
+++ b/src/cli/node-cli/daemon.ts
@@ -3,7 +3,6 @@ import {
   DEFAULT_NODE_DAEMON_RUNTIME,
   isNodeDaemonRuntime,
 } from "../../commands/node-daemon-runtime.js";
-import { resolveIsNixMode } from "../../config/paths.js";
 import {
   resolveNodeLaunchAgentLabel,
   resolveNodeSystemdServiceName,
@@ -25,13 +24,11 @@ import {
   runServiceStop,
   runServiceUninstall,
 } from "../daemon-cli/lifecycle-core.js";
-import {
-  buildDaemonServiceSnapshot,
-  createDaemonActionContext,
-  installDaemonServiceAndEmit,
-} from "../daemon-cli/response.js";
+import { buildDaemonServiceSnapshot, installDaemonServiceAndEmit } from "../daemon-cli/response.js";
 import {
   createCliStatusTextStyles,
+  createDaemonInstallActionContext,
+  failIfNixDaemonInstallMode,
   formatRuntimeStatus,
   parsePort,
   resolveRuntimeStatusColor,
@@ -89,11 +86,8 @@ function resolveNodeDefaults(
 }
 
 export async function runNodeDaemonInstall(opts: NodeDaemonInstallOptions) {
-  const json = Boolean(opts.json);
-  const { stdout, warnings, emit, fail } = createDaemonActionContext({ action: "install", json });
-
-  if (resolveIsNixMode(process.env)) {
-    fail("Nix mode detected; service install is disabled.");
+  const { json, stdout, warnings, emit, fail } = createDaemonInstallActionContext(opts.json);
+  if (failIfNixDaemonInstallMode(fail)) {
     return;
   }
 
diff --git a/src/cli/nodes-cli/register.camera.ts b/src/cli/nodes-cli/register.camera.ts
index 82cde2a35f3..9c813cecc5f 100644
--- a/src/cli/nodes-cli/register.camera.ts
+++ b/src/cli/nodes-cli/register.camera.ts
@@ -31,6 +31,12 @@ const parseFacing = (value: string): CameraFacing => {
   throw new Error(`invalid facing: ${value} (expected front|back)`);
 };
 
+function getGatewayInvokePayload(raw: unknown): unknown {
+  return typeof raw === "object" && raw !== null
+    ? (raw as { payload?: unknown }).payload
+    : undefined;
+}
+
 export function registerNodesCameraCommands(nodes: Command) {
   const camera = nodes.command("camera").description("Capture camera media from a paired node");
 
@@ -157,9 +163,7 @@ export function registerNodesCameraCommands(nodes: Command) {
             });
 
             const raw = await callGatewayCli("node.invoke", opts, invokeParams);
-            const res =
-              typeof raw === "object" && raw !== null ? (raw as { payload?: unknown }) : {};
-            const payload = parseCameraSnapPayload(res.payload);
+            const payload = parseCameraSnapPayload(getGatewayInvokePayload(raw));
             const filePath = cameraTempPath({
               kind: "snap",
               facing,
@@ -229,8 +233,7 @@ export function registerNodesCameraCommands(nodes: Command) {
           });
 
           const raw = await callGatewayCli("node.invoke", opts, invokeParams);
-          const res = typeof raw === "object" && raw !== null ? (raw as { payload?: unknown }) : {};
-          const payload = parseCameraClipPayload(res.payload);
+          const payload = parseCameraClipPayload(getGatewayInvokePayload(raw));
           const filePath = await writeCameraClipPayloadToFile({
             payload,
             facing,
diff --git a/src/cli/outbound-send-deps.ts b/src/cli/outbound-send-deps.ts
index 81d7211bf9f..6969ec0b0f0 100644
--- a/src/cli/outbound-send-deps.ts
+++ b/src/cli/outbound-send-deps.ts
@@ -4,7 +4,7 @@ import {
   type CliOutboundSendSource,
 } from "./outbound-send-mapping.js";
 
-export type CliDeps = Required<CliOutboundSendSource>;
+export type CliDeps = CliOutboundSendSource;
 
 export function createOutboundSendDeps(deps: CliDeps): OutboundSendDeps {
   return createOutboundSendDepsFromCliSource(deps);
diff --git a/src/cli/outbound-send-mapping.test.ts b/src/cli/outbound-send-mapping.test.ts
index 0b31e21b299..4d68d9ce249 100644
--- a/src/cli/outbound-send-mapping.test.ts
+++ b/src/cli/outbound-send-mapping.test.ts
@@ -1,29 +1,32 @@
 import { describe, expect, it, vi } from "vitest";
-import {
-  createOutboundSendDepsFromCliSource,
-  type CliOutboundSendSource,
-} from "./outbound-send-mapping.js";
+import { createOutboundSendDepsFromCliSource } from "./outbound-send-mapping.js";
 
 describe("createOutboundSendDepsFromCliSource", () => {
-  it("maps CLI send deps to outbound send deps", () => {
-    const deps: CliOutboundSendSource = {
-      sendMessageWhatsApp: vi.fn() as CliOutboundSendSource["sendMessageWhatsApp"],
-      sendMessageTelegram: vi.fn() as CliOutboundSendSource["sendMessageTelegram"],
-      sendMessageDiscord: vi.fn() as CliOutboundSendSource["sendMessageDiscord"],
-      sendMessageSlack: vi.fn() as CliOutboundSendSource["sendMessageSlack"],
-      sendMessageSignal: vi.fn() as CliOutboundSendSource["sendMessageSignal"],
-      sendMessageIMessage: vi.fn() as CliOutboundSendSource["sendMessageIMessage"],
+  it("adds legacy aliases for channel-keyed send deps", () => {
+    const deps = {
+      whatsapp: vi.fn(),
+      telegram: vi.fn(),
+      discord: vi.fn(),
+      slack: vi.fn(),
+      signal: vi.fn(),
+      imessage: vi.fn(),
     };
 
     const outbound = createOutboundSendDepsFromCliSource(deps);
 
     expect(outbound).toEqual({
-      sendWhatsApp: deps.sendMessageWhatsApp,
-      sendTelegram: deps.sendMessageTelegram,
-      sendDiscord: deps.sendMessageDiscord,
-      sendSlack: deps.sendMessageSlack,
-      sendSignal: deps.sendMessageSignal,
-      sendIMessage: deps.sendMessageIMessage,
+      whatsapp: deps.whatsapp,
+      telegram: deps.telegram,
+      discord: deps.discord,
+      slack: deps.slack,
+      signal: deps.signal,
+      imessage: deps.imessage,
+      sendWhatsApp: deps.whatsapp,
+      sendTelegram: deps.telegram,
+      sendDiscord: deps.discord,
+      sendSlack: deps.slack,
+      sendSignal: deps.signal,
+      sendIMessage: deps.imessage,
     });
   });
 });
diff --git a/src/cli/outbound-send-mapping.ts b/src/cli/outbound-send-mapping.ts
index cf220084e3b..9233d984f21 100644
--- a/src/cli/outbound-send-mapping.ts
+++ b/src/cli/outbound-send-mapping.ts
@@ -1,22 +1,49 @@
 import type { OutboundSendDeps } from "../infra/outbound/deliver.js";
 
-export type CliOutboundSendSource = {
-  sendMessageWhatsApp: OutboundSendDeps["sendWhatsApp"];
-  sendMessageTelegram: OutboundSendDeps["sendTelegram"];
-  sendMessageDiscord: OutboundSendDeps["sendDiscord"];
-  sendMessageSlack: OutboundSendDeps["sendSlack"];
-  sendMessageSignal: OutboundSendDeps["sendSignal"];
-  sendMessageIMessage: OutboundSendDeps["sendIMessage"];
-};
+/**
+ * CLI-internal send function sources, keyed by channel ID.
+ * Each value is a lazily-loaded send function for that channel.
+ */
+export type CliOutboundSendSource = { [channelId: string]: unknown };
 
-// Provider docking: extend this mapping when adding new outbound send deps.
+const LEGACY_SOURCE_TO_CHANNEL = {
+  sendMessageWhatsApp: "whatsapp",
+  sendMessageTelegram: "telegram",
+  sendMessageDiscord: "discord",
+  sendMessageSlack: "slack",
+  sendMessageSignal: "signal",
+  sendMessageIMessage: "imessage",
+} as const;
+
+const CHANNEL_TO_LEGACY_DEP_KEY = {
+  whatsapp: "sendWhatsApp",
+  telegram: "sendTelegram",
+  discord: "sendDiscord",
+  slack: "sendSlack",
+  signal: "sendSignal",
+  imessage: "sendIMessage",
+} as const;
+
+/**
+ * Pass CLI send sources through as-is — both CliOutboundSendSource and
+ * OutboundSendDeps are now channel-ID-keyed records.
+ */
 export function createOutboundSendDepsFromCliSource(deps: CliOutboundSendSource): OutboundSendDeps {
-  return {
-    sendWhatsApp: deps.sendMessageWhatsApp,
-    sendTelegram: deps.sendMessageTelegram,
-    sendDiscord: deps.sendMessageDiscord,
-    sendSlack: deps.sendMessageSlack,
-    sendSignal: deps.sendMessageSignal,
-    sendIMessage: deps.sendMessageIMessage,
-  };
+  const outbound: OutboundSendDeps = { ...deps };
+
+  for (const [legacySourceKey, channelId] of Object.entries(LEGACY_SOURCE_TO_CHANNEL)) {
+    const sourceValue = deps[legacySourceKey];
+    if (sourceValue !== undefined && outbound[channelId] === undefined) {
+      outbound[channelId] = sourceValue;
+    }
+  }
+
+  for (const [channelId, legacyDepKey] of Object.entries(CHANNEL_TO_LEGACY_DEP_KEY)) {
+    const sourceValue = outbound[channelId];
+    if (sourceValue !== undefined && outbound[legacyDepKey] === undefined) {
+      outbound[legacyDepKey] = sourceValue;
+    }
+  }
+
+  return outbound;
 }
diff --git a/src/cli/parse-timeout.test.ts b/src/cli/parse-timeout.test.ts
new file mode 100644
index 00000000000..9d05cf2d244
--- /dev/null
+++ b/src/cli/parse-timeout.test.ts
@@ -0,0 +1,43 @@
+import { describe, expect, it } from "vitest";
+import { parseTimeoutMs, parseTimeoutMsWithFallback } from "./parse-timeout.js";
+
+describe("parseTimeoutMs", () => {
+  it("parses positive string values", () => {
+    expect(parseTimeoutMs("1500")).toBe(1500);
+  });
+
+  it("returns undefined for empty or invalid values", () => {
+    expect(parseTimeoutMs(undefined)).toBeUndefined();
+    expect(parseTimeoutMs("")).toBeUndefined();
+    expect(parseTimeoutMs("nope")).toBeUndefined();
+  });
+});
+
+describe("parseTimeoutMsWithFallback", () => {
+  it("returns the fallback for missing or empty values", () => {
+    expect(parseTimeoutMsWithFallback(undefined, 3000)).toBe(3000);
+    expect(parseTimeoutMsWithFallback(null, 3000)).toBe(3000);
+    expect(parseTimeoutMsWithFallback("  ", 3000)).toBe(3000);
+  });
+
+  it("parses positive numbers and strings", () => {
+    expect(parseTimeoutMsWithFallback(2500, 3000)).toBe(2500);
+    expect(parseTimeoutMsWithFallback(2500n, 3000)).toBe(2500);
+    expect(parseTimeoutMsWithFallback("2500", 3000)).toBe(2500);
+  });
+
+  it("falls back on unsupported types by default", () => {
+    expect(parseTimeoutMsWithFallback({}, 3000)).toBe(3000);
+  });
+
+  it("throws on unsupported types when requested", () => {
+    expect(() => parseTimeoutMsWithFallback({}, 3000, { invalidType: "error" })).toThrow(
+      "invalid --timeout",
+    );
+  });
+
+  it("throws on non-positive parsed values", () => {
+    expect(() => parseTimeoutMsWithFallback("0", 3000)).toThrow("invalid --timeout: 0");
+    expect(() => parseTimeoutMsWithFallback("-1", 3000)).toThrow("invalid --timeout: -1");
+  });
+});
diff --git a/src/cli/parse-timeout.ts b/src/cli/parse-timeout.ts
index 090559add6e..139393c0176 100644
--- a/src/cli/parse-timeout.ts
+++ b/src/cli/parse-timeout.ts
@@ -16,3 +16,39 @@ export function parseTimeoutMs(raw: unknown): number | undefined {
   }
   return Number.isFinite(value) ? value : undefined;
 }
+
+export function parseTimeoutMsWithFallback(
+  raw: unknown,
+  fallbackMs: number,
+  options: {
+    invalidType?: "fallback" | "error";
+  } = {},
+): number {
+  if (raw === undefined || raw === null) {
+    return fallbackMs;
+  }
+
+  const value =
+    typeof raw === "string"
+      ? raw.trim()
+      : typeof raw === "number" || typeof raw === "bigint"
+        ? String(raw)
+        : null;
+
+  if (value === null) {
+    if (options.invalidType === "error") {
+      throw new Error("invalid --timeout");
+    }
+    return fallbackMs;
+  }
+
+  if (!value) {
+    return fallbackMs;
+  }
+
+  const parsed = Number.parseInt(value, 10);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    throw new Error(`invalid --timeout: ${value}`);
+  }
+  return parsed;
+}
diff --git a/src/cli/program/help.test.ts b/src/cli/program/help.test.ts
index 6acceb5cc41..07b6a8d8f90 100644
--- a/src/cli/program/help.test.ts
+++ b/src/cli/program/help.test.ts
@@ -90,6 +90,23 @@ describe("configureProgramHelp", () => {
     }
   }
 
+  function expectVersionExit(params: { expectedVersion: string }) {
+    const logSpy = vi.spyOn(console, "log").mockImplementation(() => {});
+    const exitSpy = vi.spyOn(process, "exit").mockImplementation(((code?: number) => {
+      throw new Error(`exit:${code ?? ""}`);
+    }) as typeof process.exit);
+
+    try {
+      const program = makeProgramWithCommands();
+      expect(() => configureProgramHelp(program, testProgramContext)).toThrow("exit:0");
+      expect(logSpy).toHaveBeenCalledWith(params.expectedVersion);
+      expect(exitSpy).toHaveBeenCalledWith(0);
+    } finally {
+      logSpy.mockRestore();
+      exitSpy.mockRestore();
+    }
+  }
+
   it("adds root help hint and marks commands with subcommands", () => {
     process.argv = ["node", "openclaw", "--help"];
     const program = makeProgramWithCommands();
@@ -115,35 +132,12 @@ describe("configureProgramHelp", () => {
 
   it("prints version and exits immediately when version flags are present", () => {
     process.argv = ["node", "openclaw", "--version"];
-    const logSpy = vi.spyOn(console, "log").mockImplementation(() => {});
-    const exitSpy = vi.spyOn(process, "exit").mockImplementation(((code?: number) => {
-      throw new Error(`exit:${code ?? ""}`);
-    }) as typeof process.exit);
-
-    const program = makeProgramWithCommands();
-    expect(() => configureProgramHelp(program, testProgramContext)).toThrow("exit:0");
-    expect(logSpy).toHaveBeenCalledWith("OpenClaw 9.9.9-test (abc1234)");
-    expect(exitSpy).toHaveBeenCalledWith(0);
-
-    logSpy.mockRestore();
-    exitSpy.mockRestore();
+    expectVersionExit({ expectedVersion: "OpenClaw 9.9.9-test (abc1234)" });
   });
 
   it("prints version and exits immediately without commit metadata", () => {
     process.argv = ["node", "openclaw", "--version"];
     resolveCommitHashMock.mockReturnValue(null);
-
-    const logSpy = vi.spyOn(console, "log").mockImplementation(() => {});
-    const exitSpy = vi.spyOn(process, "exit").mockImplementation(((code?: number) => {
-      throw new Error(`exit:${code ?? ""}`);
-    }) as typeof process.exit);
-
-    const program = makeProgramWithCommands();
-    expect(() => configureProgramHelp(program, testProgramContext)).toThrow("exit:0");
-    expect(logSpy).toHaveBeenCalledWith("OpenClaw 9.9.9-test");
-    expect(exitSpy).toHaveBeenCalledWith(0);
-
-    logSpy.mockRestore();
-    exitSpy.mockRestore();
+    expectVersionExit({ expectedVersion: "OpenClaw 9.9.9-test" });
   });
 });
diff --git a/src/cli/program/message/register.send.ts b/src/cli/program/message/register.send.ts
index 6c3d709f96d..f33bd2a24a8 100644
--- a/src/cli/program/message/register.send.ts
+++ b/src/cli/program/message/register.send.ts
@@ -24,6 +24,11 @@ export function registerMessageSendCommand(message: Command, helpers: MessageCli
         .option("--reply-to <id>", "Reply-to message id")
         .option("--thread-id <id>", "Thread id (Telegram forum thread)")
         .option("--gif-playback", "Treat video media as GIF playback (WhatsApp only).", false)
+        .option(
+          "--force-document",
+          "Send media as document to avoid Telegram compression (Telegram only). Applies to images and GIFs.",
+          false,
+        )
         .option(
           "--silent",
           "Send message silently without notification (Telegram + Discord)",
diff --git a/src/cli/qr-cli.test.ts b/src/cli/qr-cli.test.ts
index d77cd1406be..1bc8a645719 100644
--- a/src/cli/qr-cli.test.ts
+++ b/src/cli/qr-cli.test.ts
@@ -104,6 +104,12 @@ function createLocalGatewayPasswordRefAuth(secretId: string) {
   };
 }
 
+function createLocalGatewayEnvPasswordRefAuth(secretId: string) {
+  return {
+    password: { source: "env", provider: "default", id: secretId },
+  };
+}
+
 describe("registerQrCli", () => {
   function createProgram() {
     const program = new Command();
@@ -129,6 +135,18 @@ describe("registerQrCli", () => {
     };
   }
 
+  function expectLoggedSetupCode(url: string) {
+    const expected = encodePairingSetupCode({
+      url,
+      bootstrapToken: "bootstrap-123",
+    });
+    expect(runtime.log).toHaveBeenCalledWith(expected);
+  }
+
+  function expectLoggedLocalSetupCode() {
+    expectLoggedSetupCode("ws://gateway.local:18789");
+  }
+
   function mockTailscaleStatusLookup() {
     runCommandWithTimeout.mockResolvedValue({
       code: 0,
@@ -198,11 +216,7 @@ describe("registerQrCli", () => {
 
     await runQr(["--setup-code-only", "--token", "override-token"]);
 
-    const expected = encodePairingSetupCode({
-      url: "ws://gateway.local:18789",
-      bootstrapToken: "bootstrap-123",
-    });
-    expect(runtime.log).toHaveBeenCalledWith(expected);
+    expectLoggedLocalSetupCode();
   });
 
   it("skips local password SecretRef resolution when --token override is provided", async () => {
@@ -214,11 +228,7 @@ describe("registerQrCli", () => {
 
     await runQr(["--setup-code-only", "--token", "override-token"]);
 
-    const expected = encodePairingSetupCode({
-      url: "ws://gateway.local:18789",
-      bootstrapToken: "bootstrap-123",
-    });
-    expect(runtime.log).toHaveBeenCalledWith(expected);
+    expectLoggedLocalSetupCode();
   });
 
   it("resolves local gateway auth password SecretRefs before setup code generation", async () => {
@@ -231,11 +241,7 @@ describe("registerQrCli", () => {
 
     await runQr(["--setup-code-only"]);
 
-    const expected = encodePairingSetupCode({
-      url: "ws://gateway.local:18789",
-      bootstrapToken: "bootstrap-123",
-    });
-    expect(runtime.log).toHaveBeenCalledWith(expected);
+    expectLoggedLocalSetupCode();
     expect(resolveCommandSecretRefsViaGateway).not.toHaveBeenCalled();
   });
 
@@ -249,11 +255,7 @@ describe("registerQrCli", () => {
 
     await runQr(["--setup-code-only"]);
 
-    const expected = encodePairingSetupCode({
-      url: "ws://gateway.local:18789",
-      bootstrapToken: "bootstrap-123",
-    });
-    expect(runtime.log).toHaveBeenCalledWith(expected);
+    expectLoggedLocalSetupCode();
     expect(resolveCommandSecretRefsViaGateway).not.toHaveBeenCalled();
   });
 
@@ -262,17 +264,13 @@ describe("registerQrCli", () => {
       createLocalGatewayConfigWithAuth({
         mode: "token",
         token: "token-123",
-        password: { source: "env", provider: "default", id: "MISSING_LOCAL_GATEWAY_PASSWORD" },
+        ...createLocalGatewayEnvPasswordRefAuth("MISSING_LOCAL_GATEWAY_PASSWORD"),
       }),
     );
 
     await runQr(["--setup-code-only"]);
 
-    const expected = encodePairingSetupCode({
-      url: "ws://gateway.local:18789",
-      bootstrapToken: "bootstrap-123",
-    });
-    expect(runtime.log).toHaveBeenCalledWith(expected);
+    expectLoggedLocalSetupCode();
     expect(resolveCommandSecretRefsViaGateway).not.toHaveBeenCalled();
   });
 
@@ -280,17 +278,13 @@ describe("registerQrCli", () => {
     vi.stubEnv("QR_INFERRED_GATEWAY_PASSWORD", "inferred-password");
     loadConfig.mockReturnValue(
       createLocalGatewayConfigWithAuth({
-        password: { source: "env", provider: "default", id: "QR_INFERRED_GATEWAY_PASSWORD" },
+        ...createLocalGatewayEnvPasswordRefAuth("QR_INFERRED_GATEWAY_PASSWORD"),
       }),
     );
 
     await runQr(["--setup-code-only"]);
 
-    const expected = encodePairingSetupCode({
-      url: "ws://gateway.local:18789",
-      bootstrapToken: "bootstrap-123",
-    });
-    expect(runtime.log).toHaveBeenCalledWith(expected);
+    expectLoggedLocalSetupCode();
     expect(resolveCommandSecretRefsViaGateway).not.toHaveBeenCalled();
   });
 
diff --git a/src/commands/agent.acp.test.ts b/src/commands/agent.acp.test.ts
index ab8c9da8a6e..4ad423dcf18 100644
--- a/src/commands/agent.acp.test.ts
+++ b/src/commands/agent.acp.test.ts
@@ -171,6 +171,61 @@ function subscribeAssistantEvents() {
   return { assistantEvents, stop };
 }
 
+async function runAcpTurnWithAssistantEvents(chunks: string[]) {
+  const { assistantEvents, stop } = subscribeAssistantEvents();
+  const runTurn = createRunTurnFromTextDeltas(chunks);
+
+  mockAcpManager({
+    runTurn: (params: unknown) => runTurn(params),
+  });
+
+  try {
+    await agentCommand({ message: "ping", sessionKey: "agent:codex:acp:test" }, runtime);
+  } finally {
+    stop();
+  }
+
+  const logLines = vi.mocked(runtime.log).mock.calls.map(([first]) => String(first));
+  return { assistantEvents, logLines };
+}
+
+async function runAcpTurnWithTextDeltas(params: { message?: string; chunks: string[] }) {
+  const runTurn = createRunTurnFromTextDeltas(params.chunks);
+  mockAcpManager({
+    runTurn: (input: unknown) => runTurn(input),
+  });
+  await agentCommand(
+    {
+      message: params.message ?? "ping",
+      sessionKey: "agent:codex:acp:test",
+    },
+    runtime,
+  );
+  return { runTurn };
+}
+
+function expectPersistedAcpTranscript(params: {
+  storePath: string;
+  userContent: string;
+  assistantText: string;
+}) {
+  const persistedStore = JSON.parse(fs.readFileSync(params.storePath, "utf-8")) as Record<
+    string,
+    { sessionFile?: string }
+  >;
+  const sessionFile = persistedStore["agent:codex:acp:test"]?.sessionFile;
+  const messages = readSessionMessages("acp-session-1", params.storePath, sessionFile);
+  expect(messages).toHaveLength(2);
+  expect(messages[0]).toMatchObject({
+    role: "user",
+    content: params.userContent,
+  });
+  expect(messages[1]).toMatchObject({
+    role: "assistant",
+    content: [{ type: "text", text: params.assistantText }],
+  });
+}
+
 async function runAcpSessionWithPolicyOverrides(params: {
   acpOverrides: Partial<NonNullable<OpenClawConfig["acp"]>>;
   resolveSession?: Parameters<typeof mockAcpManager>[0]["resolveSession"];
@@ -209,13 +264,7 @@ describe("agentCommand ACP runtime routing", () => {
 
   it("routes ACP sessions through AcpSessionManager instead of embedded agent", async () => {
     await withAcpSessionEnv(async () => {
-      const runTurn = createRunTurnFromTextDeltas(["ACP_", "OK"]);
-
-      mockAcpManager({
-        runTurn: (params: unknown) => runTurn(params),
-      });
-
-      await agentCommand({ message: "ping", sessionKey: "agent:codex:acp:test" }, runtime);
+      const { runTurn } = await runAcpTurnWithTextDeltas({ chunks: ["ACP_", "OK"] });
 
       expect(runTurn).toHaveBeenCalledWith(
         expect.objectContaining({
@@ -234,64 +283,32 @@ describe("agentCommand ACP runtime routing", () => {
 
   it("persists ACP child session history to the transcript store", async () => {
     await withAcpSessionEnvInfo(async ({ storePath }) => {
-      const runTurn = createRunTurnFromTextDeltas(["ACP_", "OK"]);
-
-      mockAcpManager({
-        runTurn: (params: unknown) => runTurn(params),
-      });
-
-      await agentCommand({ message: "ping", sessionKey: "agent:codex:acp:test" }, runtime);
-
-      const persistedStore = JSON.parse(fs.readFileSync(storePath, "utf-8")) as Record<
-        string,
-        { sessionFile?: string }
-      >;
-      const sessionFile = persistedStore["agent:codex:acp:test"]?.sessionFile;
-      const messages = readSessionMessages("acp-session-1", storePath, sessionFile);
-      expect(messages).toHaveLength(2);
-      expect(messages[0]).toMatchObject({
-        role: "user",
-        content: "ping",
-      });
-      expect(messages[1]).toMatchObject({
-        role: "assistant",
-        content: [{ type: "text", text: "ACP_OK" }],
+      await runAcpTurnWithTextDeltas({ chunks: ["ACP_", "OK"] });
+      expectPersistedAcpTranscript({
+        storePath,
+        userContent: "ping",
+        assistantText: "ACP_OK",
       });
     });
   });
 
   it("preserves exact ACP transcript text without trimming whitespace", async () => {
     await withAcpSessionEnvInfo(async ({ storePath }) => {
-      const runTurn = createRunTurnFromTextDeltas(["  ACP_OK\n"]);
-
-      mockAcpManager({
-        runTurn: (params: unknown) => runTurn(params),
+      await runAcpTurnWithTextDeltas({
+        message: "  ping\n",
+        chunks: ["  ACP_OK\n"],
       });
-
-      await agentCommand({ message: "  ping\n", sessionKey: "agent:codex:acp:test" }, runtime);
-
-      const persistedStore = JSON.parse(fs.readFileSync(storePath, "utf-8")) as Record<
-        string,
-        { sessionFile?: string }
-      >;
-      const sessionFile = persistedStore["agent:codex:acp:test"]?.sessionFile;
-      const messages = readSessionMessages("acp-session-1", storePath, sessionFile);
-      expect(messages).toHaveLength(2);
-      expect(messages[0]).toMatchObject({
-        role: "user",
-        content: "  ping\n",
-      });
-      expect(messages[1]).toMatchObject({
-        role: "assistant",
-        content: [{ type: "text", text: "  ACP_OK\n" }],
+      expectPersistedAcpTranscript({
+        storePath,
+        userContent: "  ping\n",
+        assistantText: "  ACP_OK\n",
       });
     });
   });
 
   it("suppresses ACP NO_REPLY lead fragments before emitting assistant text", async () => {
     await withAcpSessionEnv(async () => {
-      const { assistantEvents, stop } = subscribeAssistantEvents();
-      const runTurn = createRunTurnFromTextDeltas([
+      const { assistantEvents, logLines } = await runAcpTurnWithAssistantEvents([
         "NO",
         "NO_",
         "NO_RE",
@@ -299,19 +316,7 @@ describe("agentCommand ACP runtime routing", () => {
         "Actual answer",
       ]);
 
-      mockAcpManager({
-        runTurn: (params: unknown) => runTurn(params),
-      });
-
-      try {
-        await agentCommand({ message: "ping", sessionKey: "agent:codex:acp:test" }, runtime);
-      } finally {
-        stop();
-      }
-
       expect(assistantEvents).toEqual([{ text: "Actual answer", delta: "Actual answer" }]);
-
-      const logLines = vi.mocked(runtime.log).mock.calls.map(([first]) => String(first));
       expect(logLines.some((line) => line.includes("NO_REPLY"))).toBe(false);
       expect(logLines.some((line) => line.includes("Actual answer"))).toBe(true);
     });
@@ -319,31 +324,13 @@ describe("agentCommand ACP runtime routing", () => {
 
   it("keeps silent-only ACP turns out of assistant output", async () => {
     await withAcpSessionEnv(async () => {
-      const assistantEvents: string[] = [];
-      const stop = onAgentEvent((evt) => {
-        if (evt.stream !== "assistant") {
-          return;
-        }
-        if (typeof evt.data?.text === "string") {
-          assistantEvents.push(evt.data.text);
-        }
-      });
-
-      const runTurn = createRunTurnFromTextDeltas(["NO", "NO_", "NO_RE", "NO_REPLY"]);
-
-      mockAcpManager({
-        runTurn: (params: unknown) => runTurn(params),
-      });
-
-      try {
-        await agentCommand({ message: "ping", sessionKey: "agent:codex:acp:test" }, runtime);
-      } finally {
-        stop();
-      }
-
-      expect(assistantEvents).toEqual([]);
-
-      const logLines = vi.mocked(runtime.log).mock.calls.map(([first]) => String(first));
+      const { assistantEvents, logLines } = await runAcpTurnWithAssistantEvents([
+        "NO",
+        "NO_",
+        "NO_RE",
+        "NO_REPLY",
+      ]);
+      expect(assistantEvents.map((event) => event.text).filter(Boolean)).toEqual([]);
       expect(logLines.some((line) => line.includes("NO_REPLY"))).toBe(false);
       expect(logLines.some((line) => line.includes("No reply from agent."))).toBe(true);
     });
@@ -351,18 +338,12 @@ describe("agentCommand ACP runtime routing", () => {
 
   it("preserves repeated identical ACP delta chunks", async () => {
     await withAcpSessionEnv(async () => {
-      const { assistantEvents, stop } = subscribeAssistantEvents();
-      const runTurn = createRunTurnFromTextDeltas(["b", "o", "o", "k"]);
-
-      mockAcpManager({
-        runTurn: (params: unknown) => runTurn(params),
-      });
-
-      try {
-        await agentCommand({ message: "ping", sessionKey: "agent:codex:acp:test" }, runtime);
-      } finally {
-        stop();
-      }
+      const { assistantEvents, logLines } = await runAcpTurnWithAssistantEvents([
+        "b",
+        "o",
+        "o",
+        "k",
+      ]);
 
       expect(assistantEvents).toEqual([
         { text: "b", delta: "b" },
@@ -370,30 +351,15 @@ describe("agentCommand ACP runtime routing", () => {
         { text: "boo", delta: "o" },
         { text: "book", delta: "k" },
       ]);
-
-      const logLines = vi.mocked(runtime.log).mock.calls.map(([first]) => String(first));
       expect(logLines.some((line) => line.includes("book"))).toBe(true);
     });
   });
 
   it("re-emits buffered NO prefix when ACP text becomes visible content", async () => {
     await withAcpSessionEnv(async () => {
-      const { assistantEvents, stop } = subscribeAssistantEvents();
-      const runTurn = createRunTurnFromTextDeltas(["NO", "W"]);
-
-      mockAcpManager({
-        runTurn: (params: unknown) => runTurn(params),
-      });
-
-      try {
-        await agentCommand({ message: "ping", sessionKey: "agent:codex:acp:test" }, runtime);
-      } finally {
-        stop();
-      }
+      const { assistantEvents, logLines } = await runAcpTurnWithAssistantEvents(["NO", "W"]);
 
       expect(assistantEvents).toEqual([{ text: "NOW", delta: "NOW" }]);
-
-      const logLines = vi.mocked(runtime.log).mock.calls.map(([first]) => String(first));
       expect(logLines.some((line) => line.includes("NOW"))).toBe(true);
     });
   });
diff --git a/src/commands/agent.test.ts b/src/commands/agent.test.ts
index baa58df2ef1..5b4fc2c9040 100644
--- a/src/commands/agent.test.ts
+++ b/src/commands/agent.test.ts
@@ -218,16 +218,7 @@ async function expectDefaultThinkLevel(params: {
 function createTelegramOutboundPlugin() {
   const sendWithTelegram = async (
     ctx: {
-      deps?: {
-        sendTelegram?: (
-          to: string,
-          text: string,
-          opts: Record<string, unknown>,
-        ) => Promise<{
-          messageId: string;
-          chatId: string;
-        }>;
-      };
+      deps?: { [channelId: string]: unknown };
       to: string;
       text: string;
       accountId?: string | null;
@@ -235,7 +226,13 @@ function createTelegramOutboundPlugin() {
     },
     mediaUrl?: string,
   ) => {
-    const sendTelegram = ctx.deps?.sendTelegram;
+    const sendTelegram = ctx.deps?.["telegram"] as
+      | ((
+          to: string,
+          text: string,
+          opts: Record<string, unknown>,
+        ) => Promise<{ messageId: string; chatId: string }>)
+      | undefined;
     if (!sendTelegram) {
       throw new Error("sendTelegram dependency missing");
     }
diff --git a/src/commands/auth-choice.apply.api-providers.ts b/src/commands/auth-choice.apply.api-providers.ts
index 1ecb2cde3c0..f58a7312f74 100644
--- a/src/commands/auth-choice.apply.api-providers.ts
+++ b/src/commands/auth-choice.apply.api-providers.ts
@@ -245,9 +245,15 @@ export async function applyAuthChoiceApiProviders(
         setZaiApiKey(apiKey, params.agentDir, { secretInputMode: mode }),
     });
 
-    // zai-api-key: auto-detect endpoint + choose a working default model.
     let modelIdOverride: string | undefined;
-    if (!endpoint) {
+    if (endpoint) {
+      const detected = await detectZaiEndpoint({ apiKey, endpoint });
+      if (detected) {
+        modelIdOverride = detected.modelId;
+        await params.prompter.note(detected.note, "Z.AI endpoint");
+      }
+    } else {
+      // zai-api-key: auto-detect endpoint + choose a working default model.
       const detected = await detectZaiEndpoint({ apiKey });
       if (detected) {
         endpoint = detected.endpoint;
diff --git a/src/commands/auth-choice.test.ts b/src/commands/auth-choice.test.ts
index f77df4a07e4..d5a59e48d46 100644
--- a/src/commands/auth-choice.test.ts
+++ b/src/commands/auth-choice.test.ts
@@ -285,7 +285,7 @@ describe("applyAuthChoice", () => {
       expectedBaseUrl: string;
       expectedModel?: string;
       shouldPromptForEndpoint: boolean;
-      shouldAssertDetectCall?: boolean;
+      expectedDetectCall?: { apiKey: string; endpoint?: "coding-global" | "coding-cn" };
     }> = [
       {
         authChoice: "zai-api-key",
@@ -298,8 +298,16 @@ describe("applyAuthChoice", () => {
       {
         authChoice: "zai-coding-global",
         token: "zai-test-key",
+        detectResult: {
+          endpoint: "coding-global",
+          modelId: "glm-4.7",
+          baseUrl: ZAI_CODING_GLOBAL_BASE_URL,
+          note: "Detected coding-global endpoint with GLM-4.7 fallback",
+        },
         expectedBaseUrl: ZAI_CODING_GLOBAL_BASE_URL,
+        expectedModel: "zai/glm-4.7",
         shouldPromptForEndpoint: false,
+        expectedDetectCall: { apiKey: "zai-test-key", endpoint: "coding-global" },
       },
       {
         authChoice: "zai-api-key",
@@ -313,7 +321,7 @@ describe("applyAuthChoice", () => {
         expectedBaseUrl: ZAI_CODING_GLOBAL_BASE_URL,
         expectedModel: "zai/glm-4.5",
         shouldPromptForEndpoint: false,
-        shouldAssertDetectCall: true,
+        expectedDetectCall: { apiKey: "zai-detected-key" },
       },
     ];
     for (const scenario of scenarios) {
@@ -344,8 +352,8 @@ describe("applyAuthChoice", () => {
         setDefaultModel: true,
       });
 
-      if (scenario.shouldAssertDetectCall) {
-        expect(detectZaiEndpoint).toHaveBeenCalledWith({ apiKey: scenario.token });
+      if (scenario.expectedDetectCall) {
+        expect(detectZaiEndpoint).toHaveBeenCalledWith(scenario.expectedDetectCall);
       }
       if (scenario.shouldPromptForEndpoint) {
         expect(select).toHaveBeenCalledWith(
diff --git a/src/commands/channels.config-only-status-output.test.ts b/src/commands/channels.config-only-status-output.test.ts
index 89ff1cc2614..7019c84bb3a 100644
--- a/src/commands/channels.config-only-status-output.test.ts
+++ b/src/commands/channels.config-only-status-output.test.ts
@@ -5,24 +5,60 @@ import { makeDirectPlugin } from "../test-utils/channel-plugin-test-fixtures.js"
 import { createTestRegistry } from "../test-utils/channel-plugins.js";
 import { formatConfigChannelsStatusLines } from "./channels/status.js";
 
+function registerSingleTestPlugin(pluginId: string, plugin: ChannelPlugin) {
+  setActivePluginRegistry(
+    createTestRegistry([
+      {
+        pluginId,
+        source: "test",
+        plugin,
+      },
+    ]),
+  );
+}
+
+async function formatLocalStatusSummary(
+  cfg: unknown,
+  options?: {
+    sourceConfig?: unknown;
+  },
+) {
+  const lines = await formatConfigChannelsStatusLines(
+    cfg as never,
+    { mode: "local" },
+    options?.sourceConfig ? { sourceConfig: options.sourceConfig as never } : undefined,
+  );
+  return lines.join("\n");
+}
+
+function unresolvedTokenAccount() {
+  return {
+    name: "Primary",
+    enabled: true,
+    configured: true,
+    token: "",
+    tokenSource: "config",
+    tokenStatus: "configured_unavailable",
+  } as const;
+}
+
+function tokenOnlyPluginConfig() {
+  return {
+    listAccountIds: () => ["primary"],
+    defaultAccountId: () => "primary",
+    isConfigured: () => true,
+    isEnabled: () => true,
+  } as const;
+}
+
 function makeUnavailableTokenPlugin(): ChannelPlugin {
   return makeDirectPlugin({
     id: "token-only",
     label: "TokenOnly",
     docsPath: "/channels/token-only",
     config: {
-      listAccountIds: () => ["primary"],
-      defaultAccountId: () => "primary",
-      resolveAccount: () => ({
-        name: "Primary",
-        enabled: true,
-        configured: true,
-        token: "",
-        tokenSource: "config",
-        tokenStatus: "configured_unavailable",
-      }),
-      isConfigured: () => true,
-      isEnabled: () => true,
+      ...tokenOnlyPluginConfig(),
+      resolveAccount: () => unresolvedTokenAccount(),
     },
   });
 }
@@ -33,8 +69,7 @@ function makeResolvedTokenPlugin(): ChannelPlugin {
     label: "TokenOnly",
     docsPath: "/channels/token-only",
     config: {
-      listAccountIds: () => ["primary"],
-      defaultAccountId: () => "primary",
+      ...tokenOnlyPluginConfig(),
       inspectAccount: (cfg) =>
         (cfg as { secretResolved?: boolean }).secretResolved
           ? {
@@ -46,25 +81,8 @@ function makeResolvedTokenPlugin(): ChannelPlugin {
               tokenSource: "config",
               tokenStatus: "available",
             }
-          : {
-              accountId: "primary",
-              name: "Primary",
-              enabled: true,
-              configured: true,
-              token: "",
-              tokenSource: "config",
-              tokenStatus: "configured_unavailable",
-            },
-      resolveAccount: () => ({
-        name: "Primary",
-        enabled: true,
-        configured: true,
-        token: "",
-        tokenSource: "config",
-        tokenStatus: "configured_unavailable",
-      }),
-      isConfigured: () => true,
-      isEnabled: () => true,
+          : { accountId: "primary", ...unresolvedTokenAccount() },
+      resolveAccount: () => unresolvedTokenAccount(),
     },
   });
 }
@@ -156,92 +174,42 @@ describe("config-only channels status output", () => {
   });
 
   it("shows configured-but-unavailable credentials distinctly from not configured", async () => {
-    setActivePluginRegistry(
-      createTestRegistry([
-        {
-          pluginId: "token-only",
-          source: "test",
-          plugin: makeUnavailableTokenPlugin(),
-        },
-      ]),
-    );
+    registerSingleTestPlugin("token-only", makeUnavailableTokenPlugin());
 
-    const lines = await formatConfigChannelsStatusLines({ channels: {} } as never, {
-      mode: "local",
-    });
-
-    const joined = lines.join("\n");
+    const joined = await formatLocalStatusSummary({ channels: {} });
     expect(joined).toContain("TokenOnly");
     expect(joined).toContain("configured, secret unavailable in this command path");
     expect(joined).toContain("token:config (unavailable)");
   });
 
   it("prefers resolved config snapshots when command-local secret resolution succeeds", async () => {
-    setActivePluginRegistry(
-      createTestRegistry([
-        {
-          pluginId: "token-only",
-          source: "test",
-          plugin: makeResolvedTokenPlugin(),
-        },
-      ]),
-    );
+    registerSingleTestPlugin("token-only", makeResolvedTokenPlugin());
 
-    const lines = await formatConfigChannelsStatusLines(
-      { secretResolved: true, channels: {} } as never,
+    const joined = await formatLocalStatusSummary(
+      { secretResolved: true, channels: {} },
       {
-        mode: "local",
-      },
-      {
-        sourceConfig: { channels: {} } as never,
+        sourceConfig: { channels: {} },
       },
     );
-
-    const joined = lines.join("\n");
     expectResolvedTokenStatusSummary(joined, { includeUnavailableTokenLine: false });
   });
 
   it("does not resolve raw source config for extension channels without inspectAccount", async () => {
-    setActivePluginRegistry(
-      createTestRegistry([
-        {
-          pluginId: "token-only",
-          source: "test",
-          plugin: makeResolvedTokenPluginWithoutInspectAccount(),
-        },
-      ]),
-    );
+    registerSingleTestPlugin("token-only", makeResolvedTokenPluginWithoutInspectAccount());
 
-    const lines = await formatConfigChannelsStatusLines(
-      { secretResolved: true, channels: {} } as never,
+    const joined = await formatLocalStatusSummary(
+      { secretResolved: true, channels: {} },
       {
-        mode: "local",
-      },
-      {
-        sourceConfig: { channels: {} } as never,
+        sourceConfig: { channels: {} },
       },
     );
-
-    const joined = lines.join("\n");
     expectResolvedTokenStatusSummary(joined);
   });
 
   it("renders Slack HTTP signing-secret availability in config-only status", async () => {
-    setActivePluginRegistry(
-      createTestRegistry([
-        {
-          pluginId: "slack",
-          source: "test",
-          plugin: makeUnavailableHttpSlackPlugin(),
-        },
-      ]),
-    );
+    registerSingleTestPlugin("slack", makeUnavailableHttpSlackPlugin());
 
-    const lines = await formatConfigChannelsStatusLines({ channels: {} } as never, {
-      mode: "local",
-    });
-
-    const joined = lines.join("\n");
+    const joined = await formatLocalStatusSummary({ channels: {} });
     expect(joined).toContain("Slack");
     expect(joined).toContain("configured, secret unavailable in this command path");
     expect(joined).toContain("mode:http");
diff --git a/src/commands/channels.mock-harness.ts b/src/commands/channels.mock-harness.ts
index a71ae75d44d..d1f412b0399 100644
--- a/src/commands/channels.mock-harness.ts
+++ b/src/commands/channels.mock-harness.ts
@@ -24,8 +24,9 @@ vi.mock("../config/config.js", async (importOriginal) => {
   };
 });
 
-vi.mock("../telegram/update-offset-store.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../telegram/update-offset-store.js")>();
+vi.mock("../../extensions/telegram/src/update-offset-store.js", async (importOriginal) => {
+  const actual =
+    await importOriginal<typeof import("../../extensions/telegram/src/update-offset-store.js")>();
   return {
     ...actual,
     deleteTelegramUpdateOffset: offsetMocks.deleteTelegramUpdateOffset,
diff --git a/src/commands/channels/add.ts b/src/commands/channels/add.ts
index 882e7f16ca5..3cc2f305870 100644
--- a/src/commands/channels/add.ts
+++ b/src/commands/channels/add.ts
@@ -1,13 +1,14 @@
+import { resolveTelegramAccount } from "../../../extensions/telegram/src/accounts.js";
+import { deleteTelegramUpdateOffset } from "../../../extensions/telegram/src/update-offset-store.js";
 import { resolveAgentWorkspaceDir, resolveDefaultAgentId } from "../../agents/agent-scope.js";
 import { listChannelPluginCatalogEntries } from "../../channels/plugins/catalog.js";
+import { parseOptionalDelimitedEntries } from "../../channels/plugins/helpers.js";
 import { getChannelPlugin, normalizeChannelId } from "../../channels/plugins/index.js";
 import { moveSingleAccountChannelSectionToDefaultAccount } from "../../channels/plugins/setup-helpers.js";
 import type { ChannelId, ChannelSetupInput } from "../../channels/plugins/types.js";
 import { writeConfigFile, type OpenClawConfig } from "../../config/config.js";
 import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../routing/session-key.js";
 import { defaultRuntime, type RuntimeEnv } from "../../runtime.js";
-import { resolveTelegramAccount } from "../../telegram/accounts.js";
-import { deleteTelegramUpdateOffset } from "../../telegram/update-offset-store.js";
 import { createClackPrompter } from "../../wizard/clack-prompter.js";
 import { applyAgentBindings, describeBinding } from "../agents.bindings.js";
 import { buildAgentSummaries } from "../agents.config.js";
@@ -28,17 +29,6 @@ export type ChannelsAddOptions = {
   dmAllowlist?: string;
 } & Omit<ChannelSetupInput, "groupChannels" | "dmAllowlist" | "initialSyncLimit">;
 
-function parseList(value: string | undefined): string[] | undefined {
-  if (!value?.trim()) {
-    return undefined;
-  }
-  const parsed = value
-    .split(/[\n,;]+/g)
-    .map((entry) => entry.trim())
-    .filter(Boolean);
-  return parsed.length > 0 ? parsed : undefined;
-}
-
 function resolveCatalogChannelEntry(raw: string, cfg: OpenClawConfig | null) {
   const trimmed = raw.trim().toLowerCase();
   if (!trimmed) {
@@ -225,8 +215,8 @@ export async function channelsAddCommand(
       : typeof opts.initialSyncLimit === "string" && opts.initialSyncLimit.trim()
         ? Number.parseInt(opts.initialSyncLimit, 10)
         : undefined;
-  const groupChannels = parseList(opts.groupChannels);
-  const dmAllowlist = parseList(opts.dmAllowlist);
+  const groupChannels = parseOptionalDelimitedEntries(opts.groupChannels);
+  const dmAllowlist = parseOptionalDelimitedEntries(opts.dmAllowlist);
 
   const input: ChannelSetupInput = {
     name: opts.name,
diff --git a/src/commands/channels/capabilities.test.ts b/src/commands/channels/capabilities.test.ts
index b85cd750a91..5e838cc4ec8 100644
--- a/src/commands/channels/capabilities.test.ts
+++ b/src/commands/channels/capabilities.test.ts
@@ -1,9 +1,9 @@
 process.env.NO_COLOR = "1";
 
 import { beforeEach, describe, expect, it, vi } from "vitest";
+import { fetchSlackScopes } from "../../../extensions/slack/src/scopes.js";
 import { getChannelPlugin, listChannelPlugins } from "../../channels/plugins/index.js";
 import type { ChannelPlugin } from "../../channels/plugins/types.js";
-import { fetchSlackScopes } from "../../slack/scopes.js";
 import { channelsCapabilitiesCommand } from "./capabilities.js";
 
 const logs: string[] = [];
@@ -21,7 +21,7 @@ vi.mock("../../channels/plugins/index.js", () => ({
   getChannelPlugin: vi.fn(),
 }));
 
-vi.mock("../../slack/scopes.js", () => ({
+vi.mock("../../../extensions/slack/src/scopes.js", () => ({
   fetchSlackScopes: vi.fn(),
 }));
 
diff --git a/src/commands/channels/capabilities.ts b/src/commands/channels/capabilities.ts
index 37c682448aa..30f64da43d9 100644
--- a/src/commands/channels/capabilities.ts
+++ b/src/commands/channels/capabilities.ts
@@ -1,12 +1,12 @@
+import { fetchChannelPermissionsDiscord } from "../../../extensions/discord/src/send.js";
+import { parseDiscordTarget } from "../../../extensions/discord/src/targets.js";
+import { fetchSlackScopes, type SlackScopesResult } from "../../../extensions/slack/src/scopes.js";
 import { resolveChannelDefaultAccountId } from "../../channels/plugins/helpers.js";
 import { getChannelPlugin, listChannelPlugins } from "../../channels/plugins/index.js";
 import type { ChannelCapabilities, ChannelPlugin } from "../../channels/plugins/types.js";
 import type { OpenClawConfig } from "../../config/config.js";
-import { fetchChannelPermissionsDiscord } from "../../discord/send.js";
-import { parseDiscordTarget } from "../../discord/targets.js";
 import { danger } from "../../globals.js";
 import { defaultRuntime, type RuntimeEnv } from "../../runtime.js";
-import { fetchSlackScopes, type SlackScopesResult } from "../../slack/scopes.js";
 import { theme } from "../../terminal/theme.js";
 import { formatChannelAccountLabel, requireValidConfig } from "./shared.js";
 
diff --git a/src/commands/channels/remove.ts b/src/commands/channels/remove.ts
index 5766a4250fd..58354170135 100644
--- a/src/commands/channels/remove.ts
+++ b/src/commands/channels/remove.ts
@@ -1,3 +1,4 @@
+import { deleteTelegramUpdateOffset } from "../../../extensions/telegram/src/update-offset-store.js";
 import { resolveChannelDefaultAccountId } from "../../channels/plugins/helpers.js";
 import {
   getChannelPlugin,
@@ -7,7 +8,6 @@ import {
 import { type OpenClawConfig, writeConfigFile } from "../../config/config.js";
 import { DEFAULT_ACCOUNT_ID, normalizeAccountId } from "../../routing/session-key.js";
 import { defaultRuntime, type RuntimeEnv } from "../../runtime.js";
-import { deleteTelegramUpdateOffset } from "../../telegram/update-offset-store.js";
 import { createClackPrompter } from "../../wizard/clack-prompter.js";
 import { type ChatChannel, channelLabel, requireValidConfig, shouldUseWizard } from "./shared.js";
 
diff --git a/src/commands/doctor-config-flow.ts b/src/commands/doctor-config-flow.ts
index 71cd6926417..f616bfaba55 100644
--- a/src/commands/doctor-config-flow.ts
+++ b/src/commands/doctor-config-flow.ts
@@ -1,11 +1,16 @@
 import fs from "node:fs/promises";
 import path from "node:path";
-import { normalizeChatChannelId } from "../channels/registry.js";
+import { inspectTelegramAccount } from "../../extensions/telegram/src/account-inspect.js";
+import {
+  listTelegramAccountIds,
+  resolveTelegramAccount,
+} from "../../extensions/telegram/src/accounts.js";
 import {
   isNumericTelegramUserId,
   normalizeTelegramAllowFromEntry,
-} from "../channels/telegram/allow-from.js";
-import { fetchTelegramChatId } from "../channels/telegram/api.js";
+} from "../../extensions/telegram/src/allow-from.js";
+import { fetchTelegramChatId } from "../../extensions/telegram/src/api-fetch.js";
+import { normalizeChatChannelId } from "../channels/registry.js";
 import { formatCliCommand } from "../cli/command-format.js";
 import { resolveCommandSecretRefsViaGateway } from "../cli/command-secret-gateway.js";
 import { getChannelsCommandSecretTargetIds } from "../cli/command-secret-targets.js";
@@ -46,8 +51,6 @@ import {
   isSlackMutableAllowEntry,
   isZalouserMutableGroupEntry,
 } from "../security/mutable-allowlist-detectors.js";
-import { inspectTelegramAccount } from "../telegram/account-inspect.js";
-import { listTelegramAccountIds, resolveTelegramAccount } from "../telegram/accounts.js";
 import { note } from "../terminal/note.js";
 import { resolveHomeDir } from "../utils.js";
 import {
diff --git a/src/commands/doctor.e2e-harness.ts b/src/commands/doctor.e2e-harness.ts
index b15bdfa6234..b75e3bbc5d4 100644
--- a/src/commands/doctor.e2e-harness.ts
+++ b/src/commands/doctor.e2e-harness.ts
@@ -258,7 +258,7 @@ vi.mock("../pairing/pairing-store.js", () => ({
   upsertChannelPairingRequest: vi.fn().mockResolvedValue({ code: "000000", created: false }),
 }));
 
-vi.mock("../telegram/token.js", () => ({
+vi.mock("../../extensions/telegram/src/token.js", () => ({
   resolveTelegramToken: vi.fn(() => ({ token: "", source: "none" })),
 }));
 
diff --git a/src/commands/gateway-status.test.ts b/src/commands/gateway-status.test.ts
index 64d515c0b4d..452bcb3691b 100644
--- a/src/commands/gateway-status.test.ts
+++ b/src/commands/gateway-status.test.ts
@@ -1,4 +1,5 @@
 import { describe, expect, it, vi } from "vitest";
+import type { GatewayProbeResult } from "../gateway/probe.js";
 import type { RuntimeEnv } from "../runtime.js";
 import { withEnvAsync } from "../test-utils/env.js";
 
@@ -33,7 +34,7 @@ const startSshPortForward = vi.fn(async (_opts?: unknown) => ({
   stderr: [],
   stop: sshStop,
 }));
-const probeGateway = vi.fn(async (opts: { url: string }) => {
+const probeGateway = vi.fn(async (opts: { url: string }): Promise<GatewayProbeResult> => {
   const { url } = opts;
   if (url.includes("127.0.0.1")) {
     return {
@@ -52,7 +53,16 @@ const probeGateway = vi.fn(async (opts: { url: string }) => {
         },
         sessions: { count: 0 },
       },
-      presence: [{ mode: "gateway", reason: "self", host: "local", ip: "127.0.0.1" }],
+      presence: [
+        {
+          mode: "gateway",
+          reason: "self",
+          host: "local",
+          ip: "127.0.0.1",
+          text: "Gateway: local (127.0.0.1) · app test · mode gateway · reason self",
+          ts: Date.now(),
+        },
+      ],
       configSnapshot: {
         path: "/tmp/cfg.json",
         exists: true,
@@ -81,7 +91,16 @@ const probeGateway = vi.fn(async (opts: { url: string }) => {
       },
       sessions: { count: 2 },
     },
-    presence: [{ mode: "gateway", reason: "self", host: "remote", ip: "100.64.0.2" }],
+    presence: [
+      {
+        mode: "gateway",
+        reason: "self",
+        host: "remote",
+        ip: "100.64.0.2",
+        text: "Gateway: remote (100.64.0.2) · app test · mode gateway · reason self",
+        ts: Date.now(),
+      },
+    ],
     configSnapshot: {
       path: "/tmp/remote.json",
       exists: true,
@@ -201,6 +220,54 @@ describe("gateway-status command", () => {
     expect(targets[0]?.summary).toBeTruthy();
   });
 
+  it("treats missing-scope RPC probe failures as degraded but reachable", async () => {
+    const { runtime, runtimeLogs, runtimeErrors } = createRuntimeCapture();
+    readBestEffortConfig.mockResolvedValueOnce({
+      gateway: {
+        mode: "local",
+        auth: { mode: "token", token: "ltok" },
+      },
+    } as never);
+    probeGateway.mockResolvedValueOnce({
+      ok: false,
+      url: "ws://127.0.0.1:18789",
+      connectLatencyMs: 51,
+      error: "missing scope: operator.read",
+      close: null,
+      health: null,
+      status: null,
+      presence: null,
+      configSnapshot: null,
+    });
+
+    await runGatewayStatus(runtime, { timeout: "1000", json: true });
+
+    expect(runtimeErrors).toHaveLength(0);
+    const parsed = JSON.parse(runtimeLogs.join("\n")) as {
+      ok?: boolean;
+      degraded?: boolean;
+      warnings?: Array<{ code?: string; targetIds?: string[] }>;
+      targets?: Array<{
+        connect?: {
+          ok?: boolean;
+          rpcOk?: boolean;
+          scopeLimited?: boolean;
+        };
+      }>;
+    };
+    expect(parsed.ok).toBe(true);
+    expect(parsed.degraded).toBe(true);
+    expect(parsed.targets?.[0]?.connect).toMatchObject({
+      ok: true,
+      rpcOk: false,
+      scopeLimited: true,
+    });
+    const scopeLimitedWarning = parsed.warnings?.find(
+      (warning) => warning.code === "probe_scope_limited",
+    );
+    expect(scopeLimitedWarning?.targetIds).toContain("localLoopback");
+  });
+
   it("surfaces unresolved SecretRef auth diagnostics in warnings", async () => {
     const { runtime, runtimeLogs, runtimeErrors } = createRuntimeCapture();
     await withEnvAsync({ MISSING_GATEWAY_TOKEN: undefined }, async () => {
@@ -361,7 +428,16 @@ describe("gateway-status command", () => {
         },
         sessions: { count: 1 },
       },
-      presence: [{ mode: "gateway", reason: "self", host: "remote", ip: "100.64.0.2" }],
+      presence: [
+        {
+          mode: "gateway",
+          reason: "self",
+          host: "remote",
+          ip: "100.64.0.2",
+          text: "Gateway: remote (100.64.0.2) · app test · mode gateway · reason self",
+          ts: Date.now(),
+        },
+      ],
       configSnapshot: {
         path: "/tmp/secretref-config.json",
         exists: true,
diff --git a/src/commands/gateway-status.ts b/src/commands/gateway-status.ts
index 4ac54eca0c4..be0b9abf69a 100644
--- a/src/commands/gateway-status.ts
+++ b/src/commands/gateway-status.ts
@@ -10,6 +10,8 @@ import { colorize, isRich, theme } from "../terminal/theme.js";
 import {
   buildNetworkHints,
   extractConfigSummary,
+  isProbeReachable,
+  isScopeLimitedProbeFailure,
   type GatewayStatusTarget,
   parseTimeoutMs,
   pickGatewaySelfPresence,
@@ -193,8 +195,10 @@ export async function gatewayStatusCommand(
     },
   );
 
-  const reachable = probed.filter((p) => p.probe.ok);
+  const reachable = probed.filter((p) => isProbeReachable(p.probe));
   const ok = reachable.length > 0;
+  const degradedScopeLimited = probed.filter((p) => isScopeLimitedProbeFailure(p.probe));
+  const degraded = degradedScopeLimited.length > 0;
   const multipleGateways = reachable.length > 1;
   const primary =
     reachable.find((p) => p.target.kind === "explicit") ??
@@ -236,12 +240,21 @@ export async function gatewayStatusCommand(
       });
     }
   }
+  for (const result of degradedScopeLimited) {
+    warnings.push({
+      code: "probe_scope_limited",
+      message:
+        "Probe diagnostics are limited by gateway scopes (missing operator.read). Connection succeeded, but status details may be incomplete. Hint: pair device identity or use credentials with operator.read.",
+      targetIds: [result.target.id],
+    });
+  }
 
   if (opts.json) {
     runtime.log(
       JSON.stringify(
         {
           ok,
+          degraded,
           ts: Date.now(),
           durationMs: Date.now() - startedAt,
           timeoutMs: overallTimeoutMs,
@@ -274,7 +287,9 @@ export async function gatewayStatusCommand(
             active: p.target.active,
             tunnel: p.target.tunnel ?? null,
             connect: {
-              ok: p.probe.ok,
+              ok: isProbeReachable(p.probe),
+              rpcOk: p.probe.ok,
+              scopeLimited: isScopeLimitedProbeFailure(p.probe),
               latencyMs: p.probe.connectLatencyMs,
               error: p.probe.error,
               close: p.probe.close,
diff --git a/src/commands/gateway-status/helpers.test.ts b/src/commands/gateway-status/helpers.test.ts
index c726db00829..e0c1ecee763 100644
--- a/src/commands/gateway-status/helpers.test.ts
+++ b/src/commands/gateway-status/helpers.test.ts
@@ -1,6 +1,12 @@
 import { describe, expect, it } from "vitest";
 import { withEnvAsync } from "../../test-utils/env.js";
-import { extractConfigSummary, resolveAuthForTarget } from "./helpers.js";
+import {
+  extractConfigSummary,
+  isProbeReachable,
+  isScopeLimitedProbeFailure,
+  renderProbeSummaryLine,
+  resolveAuthForTarget,
+} from "./helpers.js";
 
 describe("extractConfigSummary", () => {
   it("marks SecretRef-backed gateway auth credentials as configured", () => {
@@ -67,6 +73,37 @@ describe("extractConfigSummary", () => {
 });
 
 describe("resolveAuthForTarget", () => {
+  function createConfigRemoteTarget() {
+    return {
+      id: "configRemote",
+      kind: "configRemote" as const,
+      url: "wss://remote.example:18789",
+      active: true,
+    };
+  }
+
+  function createRemoteGatewayTargetConfig(params?: { mode?: "none" | "password" | "token" }) {
+    return {
+      secrets: {
+        providers: {
+          default: { source: "env" as const },
+        },
+      },
+      gateway: {
+        ...(params?.mode
+          ? {
+              auth: {
+                mode: params.mode,
+              },
+            }
+          : {}),
+        remote: {
+          token: { source: "env" as const, provider: "default", id: "REMOTE_GATEWAY_TOKEN" },
+        },
+      },
+    };
+  }
+
   it("resolves local auth token SecretRef before probing local targets", async () => {
     await withEnvAsync(
       {
@@ -109,24 +146,8 @@ describe("resolveAuthForTarget", () => {
       },
       async () => {
         const auth = await resolveAuthForTarget(
-          {
-            secrets: {
-              providers: {
-                default: { source: "env" },
-              },
-            },
-            gateway: {
-              remote: {
-                token: { source: "env", provider: "default", id: "REMOTE_GATEWAY_TOKEN" },
-              },
-            },
-          },
-          {
-            id: "configRemote",
-            kind: "configRemote",
-            url: "wss://remote.example:18789",
-            active: true,
-          },
+          createRemoteGatewayTargetConfig(),
+          createConfigRemoteTarget(),
           {},
         );
 
@@ -142,27 +163,8 @@ describe("resolveAuthForTarget", () => {
       },
       async () => {
         const auth = await resolveAuthForTarget(
-          {
-            secrets: {
-              providers: {
-                default: { source: "env" },
-              },
-            },
-            gateway: {
-              auth: {
-                mode: "none",
-              },
-              remote: {
-                token: { source: "env", provider: "default", id: "REMOTE_GATEWAY_TOKEN" },
-              },
-            },
-          },
-          {
-            id: "configRemote",
-            kind: "configRemote",
-            url: "wss://remote.example:18789",
-            active: true,
-          },
+          createRemoteGatewayTargetConfig({ mode: "none" }),
+          createConfigRemoteTarget(),
           {},
         );
 
@@ -233,3 +235,41 @@ describe("resolveAuthForTarget", () => {
     );
   });
 });
+
+describe("probe reachability classification", () => {
+  it("treats missing-scope RPC failures as scope-limited and reachable", () => {
+    const probe = {
+      ok: false,
+      url: "ws://127.0.0.1:18789",
+      connectLatencyMs: 51,
+      error: "missing scope: operator.read",
+      close: null,
+      health: null,
+      status: null,
+      presence: null,
+      configSnapshot: null,
+    };
+
+    expect(isScopeLimitedProbeFailure(probe)).toBe(true);
+    expect(isProbeReachable(probe)).toBe(true);
+    expect(renderProbeSummaryLine(probe, false)).toContain("RPC: limited");
+  });
+
+  it("keeps non-scope RPC failures as unreachable", () => {
+    const probe = {
+      ok: false,
+      url: "ws://127.0.0.1:18789",
+      connectLatencyMs: 43,
+      error: "unknown method: status",
+      close: null,
+      health: null,
+      status: null,
+      presence: null,
+      configSnapshot: null,
+    };
+
+    expect(isScopeLimitedProbeFailure(probe)).toBe(false);
+    expect(isProbeReachable(probe)).toBe(false);
+    expect(renderProbeSummaryLine(probe, false)).toContain("RPC: failed");
+  });
+});
diff --git a/src/commands/gateway-status/helpers.ts b/src/commands/gateway-status/helpers.ts
index 24519e6e8be..5f1a5e2f5ee 100644
--- a/src/commands/gateway-status/helpers.ts
+++ b/src/commands/gateway-status/helpers.ts
@@ -1,3 +1,4 @@
+import { parseTimeoutMsWithFallback } from "../../cli/parse-timeout.js";
 import { resolveGatewayPort } from "../../config/config.js";
 import type { OpenClawConfig, ConfigFileSnapshot } from "../../config/types.js";
 import { hasConfiguredSecretInput } from "../../config/types.secrets.js";
@@ -8,6 +9,8 @@ import { pickPrimaryTailnetIPv4 } from "../../infra/tailnet.js";
 import { colorize, theme } from "../../terminal/theme.js";
 import { pickGatewaySelfPresence } from "../gateway-presence.js";
 
+const MISSING_SCOPE_PATTERN = /\bmissing scope:\s*[a-z0-9._-]+/i;
+
 type TargetKind = "explicit" | "configRemote" | "localLoopback" | "sshTunnel";
 
 export type GatewayStatusTarget = {
@@ -64,20 +67,7 @@ function parseIntOrNull(value: unknown): number | null {
 }
 
 export function parseTimeoutMs(raw: unknown, fallbackMs: number): number {
-  const value =
-    typeof raw === "string"
-      ? raw.trim()
-      : typeof raw === "number" || typeof raw === "bigint"
-        ? String(raw)
-        : "";
-  if (!value) {
-    return fallbackMs;
-  }
-  const parsed = Number.parseInt(value, 10);
-  if (!Number.isFinite(parsed) || parsed <= 0) {
-    throw new Error(`invalid --timeout: ${value}`);
-  }
-  return parsed;
+  return parseTimeoutMsWithFallback(raw, fallbackMs);
 }
 
 function normalizeWsUrl(value: string): string | null {
@@ -336,6 +326,17 @@ export function renderTargetHeader(target: GatewayStatusTarget, rich: boolean) {
   return `${colorize(rich, theme.heading, kindLabel)} ${colorize(rich, theme.muted, target.url)}`;
 }
 
+export function isScopeLimitedProbeFailure(probe: GatewayProbeResult): boolean {
+  if (probe.ok || probe.connectLatencyMs == null) {
+    return false;
+  }
+  return MISSING_SCOPE_PATTERN.test(probe.error ?? "");
+}
+
+export function isProbeReachable(probe: GatewayProbeResult): boolean {
+  return probe.ok || isScopeLimitedProbeFailure(probe);
+}
+
 export function renderProbeSummaryLine(probe: GatewayProbeResult, rich: boolean) {
   if (probe.ok) {
     const latency =
@@ -347,7 +348,10 @@ export function renderProbeSummaryLine(probe: GatewayProbeResult, rich: boolean)
   if (probe.connectLatencyMs != null) {
     const latency =
       typeof probe.connectLatencyMs === "number" ? `${probe.connectLatencyMs}ms` : "unknown";
-    return `${colorize(rich, theme.success, "Connect: ok")} (${latency}) · ${colorize(rich, theme.error, "RPC: failed")}${detail}`;
+    const rpcStatus = isScopeLimitedProbeFailure(probe)
+      ? colorize(rich, theme.warn, "RPC: limited")
+      : colorize(rich, theme.error, "RPC: failed");
+    return `${colorize(rich, theme.success, "Connect: ok")} (${latency}) · ${rpcStatus}${detail}`;
   }
 
   return `${colorize(rich, theme.error, "Connect: failed")}${detail}`;
diff --git a/src/commands/health.command.coverage.test.ts b/src/commands/health.command.coverage.test.ts
index bc2739d99ec..419aef54447 100644
--- a/src/commands/health.command.coverage.test.ts
+++ b/src/commands/health.command.coverage.test.ts
@@ -19,7 +19,7 @@ vi.mock("../gateway/call.js", () => ({
   callGateway: (...args: unknown[]) => callGatewayMock(...args),
 }));
 
-vi.mock("../web/auth-store.js", () => ({
+vi.mock("../../extensions/whatsapp/src/auth-store.js", () => ({
   webAuthExists: vi.fn(async () => true),
   getWebAuthAgeMs: vi.fn(() => 0),
   logWebSelfId: (...args: unknown[]) => logWebSelfIdMock(...args),
diff --git a/src/commands/health.snapshot.test.ts b/src/commands/health.snapshot.test.ts
index 8b1231b670d..47d6a10f623 100644
--- a/src/commands/health.snapshot.test.ts
+++ b/src/commands/health.snapshot.test.ts
@@ -27,7 +27,7 @@ vi.mock("../config/sessions.js", () => ({
   updateLastRoute: vi.fn().mockResolvedValue(undefined),
 }));
 
-vi.mock("../web/auth-store.js", () => ({
+vi.mock("../../extensions/whatsapp/src/auth-store.js", () => ({
   webAuthExists: vi.fn(async () => true),
   getWebAuthAgeMs: vi.fn(() => 1234),
   readWebSelfId: vi.fn(() => ({ e164: null, jid: null })),
diff --git a/src/commands/message.test.ts b/src/commands/message.test.ts
index 5178b09f895..adbe4ae7850 100644
--- a/src/commands/message.test.ts
+++ b/src/commands/message.test.ts
@@ -34,7 +34,7 @@ vi.mock("../gateway/call.js", () => ({
 }));
 
 const webAuthExists = vi.fn(async () => false);
-vi.mock("../web/session.js", () => ({
+vi.mock("../../extensions/whatsapp/src/session.js", () => ({
   webAuthExists,
 }));
 
diff --git a/src/commands/models/auth.test.ts b/src/commands/models/auth.test.ts
index e59e7fd021e..bf8195b5284 100644
--- a/src/commands/models/auth.test.ts
+++ b/src/commands/models/auth.test.ts
@@ -21,6 +21,16 @@ const mocks = vi.hoisted(() => ({
   updateConfig: vi.fn(),
   logConfigUpdated: vi.fn(),
   openUrl: vi.fn(),
+  loadAuthProfileStoreForRuntime: vi.fn(),
+  listProfilesForProvider: vi.fn(),
+  clearAuthProfileCooldown: vi.fn(),
+}));
+
+vi.mock("../../agents/auth-profiles.js", () => ({
+  loadAuthProfileStoreForRuntime: mocks.loadAuthProfileStoreForRuntime,
+  listProfilesForProvider: mocks.listProfilesForProvider,
+  clearAuthProfileCooldown: mocks.clearAuthProfileCooldown,
+  upsertAuthProfile: mocks.upsertAuthProfile,
 }));
 
 vi.mock("@clack/prompts", () => ({
@@ -41,10 +51,6 @@ vi.mock("../../agents/workspace.js", () => ({
   resolveDefaultAgentWorkspaceDir: mocks.resolveDefaultAgentWorkspaceDir,
 }));
 
-vi.mock("../../agents/auth-profiles.js", () => ({
-  upsertAuthProfile: mocks.upsertAuthProfile,
-}));
-
 vi.mock("../../plugins/providers.js", () => ({
   resolvePluginProviders: mocks.resolvePluginProviders,
 }));
@@ -155,6 +161,9 @@ describe("modelsAuthLoginCommand", () => {
     });
     mocks.writeOAuthCredentials.mockResolvedValue("openai-codex:user@example.com");
     mocks.resolvePluginProviders.mockReturnValue([]);
+    mocks.loadAuthProfileStoreForRuntime.mockReturnValue({ profiles: {}, usageStats: {} });
+    mocks.listProfilesForProvider.mockReturnValue([]);
+    mocks.clearAuthProfileCooldown.mockResolvedValue(undefined);
   });
 
   afterEach(() => {
@@ -198,6 +207,60 @@ describe("modelsAuthLoginCommand", () => {
     expect(runtime.log).toHaveBeenCalledWith("Default model set to openai-codex/gpt-5.4");
   });
 
+  it("clears stale auth lockouts before attempting openai-codex login", async () => {
+    const runtime = createRuntime();
+    const fakeStore = {
+      profiles: {
+        "openai-codex:user@example.com": {
+          type: "oauth",
+          provider: "openai-codex",
+        },
+      },
+      usageStats: {
+        "openai-codex:user@example.com": {
+          disabledUntil: Date.now() + 3_600_000,
+          disabledReason: "auth_permanent",
+          errorCount: 3,
+        },
+      },
+    };
+    mocks.loadAuthProfileStoreForRuntime.mockReturnValue(fakeStore);
+    mocks.listProfilesForProvider.mockReturnValue(["openai-codex:user@example.com"]);
+
+    await modelsAuthLoginCommand({ provider: "openai-codex" }, runtime);
+
+    expect(mocks.clearAuthProfileCooldown).toHaveBeenCalledWith({
+      store: fakeStore,
+      profileId: "openai-codex:user@example.com",
+      agentDir: "/tmp/openclaw/agents/main",
+    });
+    // Verify clearing happens before login attempt
+    const clearOrder = mocks.clearAuthProfileCooldown.mock.invocationCallOrder[0];
+    const loginOrder = mocks.loginOpenAICodexOAuth.mock.invocationCallOrder[0];
+    expect(clearOrder).toBeLessThan(loginOrder);
+  });
+
+  it("survives lockout clearing failure without blocking login", async () => {
+    const runtime = createRuntime();
+    mocks.loadAuthProfileStoreForRuntime.mockImplementation(() => {
+      throw new Error("corrupt auth-profiles.json");
+    });
+
+    await modelsAuthLoginCommand({ provider: "openai-codex" }, runtime);
+
+    expect(mocks.loginOpenAICodexOAuth).toHaveBeenCalledOnce();
+  });
+
+  it("loads lockout state from the agent-scoped store", async () => {
+    const runtime = createRuntime();
+    mocks.loadAuthProfileStoreForRuntime.mockReturnValue({ profiles: {}, usageStats: {} });
+    mocks.listProfilesForProvider.mockReturnValue([]);
+
+    await modelsAuthLoginCommand({ provider: "openai-codex" }, runtime);
+
+    expect(mocks.loadAuthProfileStoreForRuntime).toHaveBeenCalledWith("/tmp/openclaw/agents/main");
+  });
+
   it("keeps existing plugin error behavior for non built-in providers", async () => {
     const runtime = createRuntime();
 
diff --git a/src/commands/models/auth.ts b/src/commands/models/auth.ts
index 56946d590a7..c9b54b2f753 100644
--- a/src/commands/models/auth.ts
+++ b/src/commands/models/auth.ts
@@ -10,7 +10,12 @@ import {
   resolveAgentWorkspaceDir,
   resolveDefaultAgentId,
 } from "../../agents/agent-scope.js";
-import { upsertAuthProfile } from "../../agents/auth-profiles.js";
+import {
+  clearAuthProfileCooldown,
+  listProfilesForProvider,
+  loadAuthProfileStoreForRuntime,
+  upsertAuthProfile,
+} from "../../agents/auth-profiles.js";
 import type { AuthProfileCredential } from "../../agents/auth-profiles/types.js";
 import { normalizeProviderId } from "../../agents/model-selection.js";
 import { resolveDefaultAgentWorkspaceDir } from "../../agents/workspace.js";
@@ -265,6 +270,24 @@ type LoginOptions = {
   setDefault?: boolean;
 };
 
+/**
+ * Clear stale cooldown/disabled state for all profiles matching a provider.
+ * When a user explicitly runs `models auth login`, they intend to fix auth —
+ * stale `auth_permanent` / `billing` lockouts should not persist across
+ * a deliberate re-authentication attempt.
+ */
+async function clearStaleProfileLockouts(provider: string, agentDir: string): Promise<void> {
+  try {
+    const store = loadAuthProfileStoreForRuntime(agentDir);
+    const profileIds = listProfilesForProvider(store, provider);
+    for (const profileId of profileIds) {
+      await clearAuthProfileCooldown({ store, profileId, agentDir });
+    }
+  } catch {
+    // Best-effort housekeeping — never block re-authentication.
+  }
+}
+
 export function resolveRequestedLoginProviderOrThrow(
   providers: ProviderPlugin[],
   rawProvider?: string,
@@ -356,6 +379,7 @@ export async function modelsAuthLoginCommand(opts: LoginOptions, runtime: Runtim
   const prompter = createClackPrompter();
 
   if (requestedProviderId === "openai-codex") {
+    await clearStaleProfileLockouts("openai-codex", agentDir);
     await runBuiltInOpenAICodexLogin({
       opts,
       runtime,
@@ -390,6 +414,8 @@ export async function modelsAuthLoginCommand(opts: LoginOptions, runtime: Runtim
     throw new Error("Unknown provider. Use --provider <id> to pick a provider plugin.");
   }
 
+  await clearStaleProfileLockouts(selectedProvider.id, agentDir);
+
   const chosenMethod =
     pickAuthMethod(selectedProvider, opts.method) ??
     (selectedProvider.auth.length === 1
diff --git a/src/commands/models/list.configured.ts b/src/commands/models/list.configured.ts
index fed70a4fe47..d83dd9d7f1b 100644
--- a/src/commands/models/list.configured.ts
+++ b/src/commands/models/list.configured.ts
@@ -39,6 +39,17 @@ export function resolveConfiguredEntries(cfg: OpenClawConfig) {
     tagsByKey.get(key)?.add(tag);
   };
 
+  const addResolvedModelRef = (raw: string, tag: string) => {
+    const resolved = resolveModelRefFromString({
+      raw,
+      defaultProvider: DEFAULT_PROVIDER,
+      aliasIndex,
+    });
+    if (resolved) {
+      addEntry(resolved.ref, tag);
+    }
+  };
+
   addEntry(resolvedDefault, "default");
 
   const modelFallbacks = resolveAgentModelFallbackValues(cfg.agents?.defaults?.model);
@@ -46,38 +57,15 @@ export function resolveConfiguredEntries(cfg: OpenClawConfig) {
   const imagePrimary = resolveAgentModelPrimaryValue(cfg.agents?.defaults?.imageModel) ?? "";
 
   modelFallbacks.forEach((raw, idx) => {
-    const resolved = resolveModelRefFromString({
-      raw: String(raw ?? ""),
-      defaultProvider: DEFAULT_PROVIDER,
-      aliasIndex,
-    });
-    if (!resolved) {
-      return;
-    }
-    addEntry(resolved.ref, `fallback#${idx + 1}`);
+    addResolvedModelRef(String(raw ?? ""), `fallback#${idx + 1}`);
   });
 
   if (imagePrimary) {
-    const resolved = resolveModelRefFromString({
-      raw: imagePrimary,
-      defaultProvider: DEFAULT_PROVIDER,
-      aliasIndex,
-    });
-    if (resolved) {
-      addEntry(resolved.ref, "image");
-    }
+    addResolvedModelRef(imagePrimary, "image");
   }
 
   imageFallbacks.forEach((raw, idx) => {
-    const resolved = resolveModelRefFromString({
-      raw: String(raw ?? ""),
-      defaultProvider: DEFAULT_PROVIDER,
-      aliasIndex,
-    });
-    if (!resolved) {
-      return;
-    }
-    addEntry(resolved.ref, `img-fallback#${idx + 1}`);
+    addResolvedModelRef(String(raw ?? ""), `img-fallback#${idx + 1}`);
   });
 
   for (const key of Object.keys(cfg.agents?.defaults?.models ?? {})) {
diff --git a/src/commands/models/list.list-command.forward-compat.test.ts b/src/commands/models/list.list-command.forward-compat.test.ts
index b17e8c07b8f..f0cc594ab35 100644
--- a/src/commands/models/list.list-command.forward-compat.test.ts
+++ b/src/commands/models/list.list-command.forward-compat.test.ts
@@ -96,6 +96,23 @@ function lastPrintedRows<T>() {
   return (mocks.printModelTable.mock.calls.at(-1)?.[0] ?? []) as T[];
 }
 
+function mockDiscoveredCodex53Registry() {
+  mocks.resolveConfiguredEntries.mockReturnValueOnce({ entries: [] });
+  mocks.loadModelRegistry.mockResolvedValueOnce({
+    models: [{ ...OPENAI_CODEX_53_MODEL }],
+    availableKeys: new Set(["openai-codex/gpt-5.3-codex"]),
+    registry: {
+      getAll: () => [{ ...OPENAI_CODEX_53_MODEL }],
+    },
+  });
+}
+
+async function runAllOpenAiCodexCommand() {
+  const runtime = createRuntime();
+  await modelsListCommand({ all: true, provider: "openai-codex", json: true }, runtime as never);
+  expect(mocks.printModelTable).toHaveBeenCalled();
+}
+
 vi.mock("../../config/config.js", () => ({
   loadConfig: mocks.loadConfig,
   getRuntimeConfigSnapshot: vi.fn().mockReturnValue(null),
@@ -261,14 +278,7 @@ describe("modelsListCommand forward-compat", () => {
 
   describe("--all catalog supplementation", () => {
     it("includes synthetic codex gpt-5.4 in --all output when catalog supports it", async () => {
-      mocks.resolveConfiguredEntries.mockReturnValueOnce({ entries: [] });
-      mocks.loadModelRegistry.mockResolvedValueOnce({
-        models: [{ ...OPENAI_CODEX_53_MODEL }],
-        availableKeys: new Set(["openai-codex/gpt-5.3-codex"]),
-        registry: {
-          getAll: () => [{ ...OPENAI_CODEX_53_MODEL }],
-        },
-      });
+      mockDiscoveredCodex53Registry();
       mocks.loadModelCatalog.mockResolvedValueOnce([
         {
           provider: "openai-codex",
@@ -304,14 +314,7 @@ describe("modelsListCommand forward-compat", () => {
           return undefined;
         },
       );
-      const runtime = createRuntime();
-
-      await modelsListCommand(
-        { all: true, provider: "openai-codex", json: true },
-        runtime as never,
-      );
-
-      expect(mocks.printModelTable).toHaveBeenCalled();
+      await runAllOpenAiCodexCommand();
       expect(lastPrintedRows<{ key: string; available: boolean }>()).toEqual([
         expect.objectContaining({
           key: "openai-codex/gpt-5.3-codex",
@@ -324,23 +327,9 @@ describe("modelsListCommand forward-compat", () => {
     });
 
     it("keeps discovered rows in --all output when catalog lookup is empty", async () => {
-      mocks.resolveConfiguredEntries.mockReturnValueOnce({ entries: [] });
-      mocks.loadModelRegistry.mockResolvedValueOnce({
-        models: [{ ...OPENAI_CODEX_53_MODEL }],
-        availableKeys: new Set(["openai-codex/gpt-5.3-codex"]),
-        registry: {
-          getAll: () => [{ ...OPENAI_CODEX_53_MODEL }],
-        },
-      });
+      mockDiscoveredCodex53Registry();
       mocks.loadModelCatalog.mockResolvedValueOnce([]);
-      const runtime = createRuntime();
-
-      await modelsListCommand(
-        { all: true, provider: "openai-codex", json: true },
-        runtime as never,
-      );
-
-      expect(mocks.printModelTable).toHaveBeenCalled();
+      await runAllOpenAiCodexCommand();
       expect(lastPrintedRows<{ key: string }>()).toEqual([
         expect.objectContaining({
           key: "openai-codex/gpt-5.3-codex",
diff --git a/src/commands/models/list.probe.ts b/src/commands/models/list.probe.ts
index 5311b004ce2..7b75d1be726 100644
--- a/src/commands/models/list.probe.ts
+++ b/src/commands/models/list.probe.ts
@@ -431,12 +431,24 @@ async function probeTarget(params: {
       error: "No model available for probe",
     };
   }
+  const model = target.model;
 
   const sessionId = `probe-${target.provider}-${crypto.randomUUID()}`;
   const sessionFile = resolveSessionTranscriptPath(sessionId, agentId);
   await fs.mkdir(sessionDir, { recursive: true });
 
   const start = Date.now();
+  const buildResult = (status: AuthProbeResult["status"], error?: string): AuthProbeResult => ({
+    provider: target.provider,
+    model: `${model.provider}/${model.model}`,
+    profileId: target.profileId,
+    label: target.label,
+    source: target.source,
+    mode: target.mode,
+    status,
+    ...(error ? { error } : {}),
+    latencyMs: Date.now() - start,
+  });
   try {
     await runEmbeddedPiAgent({
       sessionId,
@@ -458,29 +470,13 @@ async function probeTarget(params: {
       verboseLevel: "off",
       streamParams: { maxTokens },
     });
-    return {
-      provider: target.provider,
-      model: `${target.model.provider}/${target.model.model}`,
-      profileId: target.profileId,
-      label: target.label,
-      source: target.source,
-      mode: target.mode,
-      status: "ok",
-      latencyMs: Date.now() - start,
-    };
+    return buildResult("ok");
   } catch (err) {
     const described = describeFailoverError(err);
-    return {
-      provider: target.provider,
-      model: `${target.model.provider}/${target.model.model}`,
-      profileId: target.profileId,
-      label: target.label,
-      source: target.source,
-      mode: target.mode,
-      status: mapFailoverReasonToProbeStatus(described.reason),
-      error: redactSecrets(described.message),
-      latencyMs: Date.now() - start,
-    };
+    return buildResult(
+      mapFailoverReasonToProbeStatus(described.reason),
+      redactSecrets(described.message),
+    );
   }
 }
 
diff --git a/src/commands/models/load-config.test.ts b/src/commands/models/load-config.test.ts
index b8969fd4681..2d35c012a49 100644
--- a/src/commands/models/load-config.test.ts
+++ b/src/commands/models/load-config.test.ts
@@ -25,6 +25,27 @@ vi.mock("../../cli/command-secret-targets.js", () => ({
 import { loadModelsConfig, loadModelsConfigWithSource } from "./load-config.js";
 
 describe("models load-config", () => {
+  const runtimeConfig = {
+    models: { providers: { openai: { apiKey: "sk-runtime" } } }, // pragma: allowlist secret
+  };
+  const resolvedConfig = {
+    models: { providers: { openai: { apiKey: "sk-resolved" } } }, // pragma: allowlist secret
+  };
+  const targetIds = new Set(["models.providers.*.apiKey"]);
+
+  function mockResolvedConfigFlow(params: { sourceConfig: unknown; diagnostics: string[] }) {
+    mocks.loadConfig.mockReturnValue(runtimeConfig);
+    mocks.readConfigFileSnapshotForWrite.mockResolvedValue({
+      snapshot: { valid: true, resolved: params.sourceConfig },
+      writeOptions: {},
+    });
+    mocks.getModelsCommandSecretTargetIds.mockReturnValue(targetIds);
+    mocks.resolveCommandSecretRefsViaGateway.mockResolvedValue({
+      resolvedConfig,
+      diagnostics: params.diagnostics,
+    });
+  }
+
   beforeEach(() => {
     vi.clearAllMocks();
   });
@@ -39,25 +60,9 @@ describe("models load-config", () => {
         },
       },
     };
-    const runtimeConfig = {
-      models: { providers: { openai: { apiKey: "sk-runtime" } } }, // pragma: allowlist secret
-    };
-    const resolvedConfig = {
-      models: { providers: { openai: { apiKey: "sk-resolved" } } }, // pragma: allowlist secret
-    };
-    const targetIds = new Set(["models.providers.*.apiKey"]);
     const runtime = { log: vi.fn(), error: vi.fn(), exit: vi.fn() };
 
-    mocks.loadConfig.mockReturnValue(runtimeConfig);
-    mocks.readConfigFileSnapshotForWrite.mockResolvedValue({
-      snapshot: { valid: true, resolved: sourceConfig },
-      writeOptions: {},
-    });
-    mocks.getModelsCommandSecretTargetIds.mockReturnValue(targetIds);
-    mocks.resolveCommandSecretRefsViaGateway.mockResolvedValue({
-      resolvedConfig,
-      diagnostics: ["diag-one", "diag-two"],
-    });
+    mockResolvedConfigFlow({ sourceConfig, diagnostics: ["diag-one", "diag-two"] });
 
     const result = await loadModelsConfigWithSource({ commandName: "models list", runtime });
 
@@ -78,24 +83,7 @@ describe("models load-config", () => {
 
   it("loadModelsConfig returns resolved config while preserving runtime snapshot behavior", async () => {
     const sourceConfig = { models: { providers: {} } };
-    const runtimeConfig = {
-      models: { providers: { openai: { apiKey: "sk-runtime" } } }, // pragma: allowlist secret
-    };
-    const resolvedConfig = {
-      models: { providers: { openai: { apiKey: "sk-resolved" } } }, // pragma: allowlist secret
-    };
-    const targetIds = new Set(["models.providers.*.apiKey"]);
-
-    mocks.loadConfig.mockReturnValue(runtimeConfig);
-    mocks.readConfigFileSnapshotForWrite.mockResolvedValue({
-      snapshot: { valid: true, resolved: sourceConfig },
-      writeOptions: {},
-    });
-    mocks.getModelsCommandSecretTargetIds.mockReturnValue(targetIds);
-    mocks.resolveCommandSecretRefsViaGateway.mockResolvedValue({
-      resolvedConfig,
-      diagnostics: [],
-    });
+    mockResolvedConfigFlow({ sourceConfig, diagnostics: [] });
 
     await expect(loadModelsConfig({ commandName: "models list" })).resolves.toBe(resolvedConfig);
     expect(mocks.setRuntimeConfigSnapshot).toHaveBeenCalledWith(resolvedConfig, sourceConfig);
diff --git a/src/commands/onboard-non-interactive.gateway.test.ts b/src/commands/onboard-non-interactive.gateway.test.ts
index 5396b20b9d6..83a81f340b3 100644
--- a/src/commands/onboard-non-interactive.gateway.test.ts
+++ b/src/commands/onboard-non-interactive.gateway.test.ts
@@ -5,6 +5,7 @@ import type { RuntimeEnv } from "../runtime.js";
 import { makeTempWorkspace } from "../test-helpers/workspace.js";
 import { captureEnv } from "../test-utils/env.js";
 import { createThrowingRuntime, readJsonFile } from "./onboard-non-interactive.test-helpers.js";
+import type { installGatewayDaemonNonInteractive } from "./onboard-non-interactive/local/daemon-install.js";
 
 const gatewayClientCalls: Array<{
   url?: string;
@@ -14,7 +15,10 @@ const gatewayClientCalls: Array<{
   onClose?: (code: number, reason: string) => void;
 }> = [];
 const ensureWorkspaceAndSessionsMock = vi.fn(async (..._args: unknown[]) => {});
-const installGatewayDaemonNonInteractiveMock = vi.hoisted(() => vi.fn(async () => {}));
+type InstallGatewayDaemonResult = Awaited<ReturnType<typeof installGatewayDaemonNonInteractive>>;
+const installGatewayDaemonNonInteractiveMock = vi.hoisted(() =>
+  vi.fn(async (): Promise<InstallGatewayDaemonResult> => ({ installed: true })),
+);
 const gatewayServiceMock = vi.hoisted(() => ({
   label: "LaunchAgent",
   loadedText: "loaded",
@@ -401,6 +405,84 @@ describe("onboard (non-interactive): gateway and remote auth", () => {
     });
   }, 60_000);
 
+  it("emits a daemon-install failure when Linux user systemd is unavailable", async () => {
+    await withStateDir("state-local-daemon-install-json-fail-", async (stateDir) => {
+      installGatewayDaemonNonInteractiveMock.mockResolvedValueOnce({
+        installed: false,
+        skippedReason: "systemd-user-unavailable",
+      });
+
+      let capturedError = "";
+      const runtimeWithCapture: RuntimeEnv = {
+        log: () => {},
+        error: (...args: unknown[]) => {
+          const firstArg = args[0];
+          capturedError =
+            typeof firstArg === "string"
+              ? firstArg
+              : firstArg instanceof Error
+                ? firstArg.message
+                : (JSON.stringify(firstArg) ?? "");
+          throw new Error(capturedError);
+        },
+        exit: (_code: number) => {
+          throw new Error("exit should not be reached after runtime.error");
+        },
+      };
+
+      const originalPlatform = process.platform;
+      Object.defineProperty(process, "platform", {
+        configurable: true,
+        value: "linux",
+      });
+
+      try {
+        await expect(
+          runNonInteractiveOnboarding(
+            {
+              nonInteractive: true,
+              mode: "local",
+              workspace: path.join(stateDir, "openclaw"),
+              authChoice: "skip",
+              skipSkills: true,
+              skipHealth: false,
+              installDaemon: true,
+              gatewayBind: "loopback",
+              json: true,
+            },
+            runtimeWithCapture,
+          ),
+        ).rejects.toThrow(/"phase": "daemon-install"/);
+      } finally {
+        Object.defineProperty(process, "platform", {
+          configurable: true,
+          value: originalPlatform,
+        });
+      }
+
+      const parsed = JSON.parse(capturedError) as {
+        ok: boolean;
+        phase: string;
+        daemonInstall?: {
+          requested?: boolean;
+          installed?: boolean;
+          skippedReason?: string;
+        };
+        hints?: string[];
+      };
+      expect(parsed.ok).toBe(false);
+      expect(parsed.phase).toBe("daemon-install");
+      expect(parsed.daemonInstall).toEqual({
+        requested: true,
+        installed: false,
+        skippedReason: "systemd-user-unavailable",
+      });
+      expect(parsed.hints).toContain(
+        "Fix: rerun without `--install-daemon` for one-shot setup, or enable a working user-systemd session and retry.",
+      );
+    });
+  }, 60_000);
+
   it("emits structured JSON diagnostics when daemon health fails", async () => {
     await withStateDir("state-local-daemon-health-json-fail-", async (stateDir) => {
       waitForGatewayReachableMock = vi.fn(async () => ({
diff --git a/src/commands/onboard-non-interactive.provider-auth.test.ts b/src/commands/onboard-non-interactive.provider-auth.test.ts
index d1eb0a7749f..5ee3077d1c5 100644
--- a/src/commands/onboard-non-interactive.provider-auth.test.ts
+++ b/src/commands/onboard-non-interactive.provider-auth.test.ts
@@ -1,7 +1,7 @@
 import fs from "node:fs/promises";
 import path from "node:path";
 import { setTimeout as delay } from "node:timers/promises";
-import { beforeAll, describe, expect, it, vi } from "vitest";
+import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 import { makeTempWorkspace } from "../test-helpers/workspace.js";
 import { withEnvAsync } from "../test-utils/env.js";
 import { MINIMAX_API_BASE_URL, MINIMAX_CN_API_BASE_URL } from "./onboard-auth.js";
@@ -18,6 +18,8 @@ type OnboardEnv = {
 };
 
 const ensureWorkspaceAndSessionsMock = vi.hoisted(() => vi.fn(async (..._args: unknown[]) => {}));
+type DetectZaiEndpoint = typeof import("./zai-endpoint-detect.js").detectZaiEndpoint;
+const detectZaiEndpoint = vi.hoisted(() => vi.fn<DetectZaiEndpoint>(async () => null));
 
 vi.mock("./onboard-helpers.js", async (importOriginal) => {
   const actual = await importOriginal<typeof import("./onboard-helpers.js")>();
@@ -27,6 +29,10 @@ vi.mock("./onboard-helpers.js", async (importOriginal) => {
   };
 });
 
+vi.mock("./zai-endpoint-detect.js", () => ({
+  detectZaiEndpoint,
+}));
+
 const { runNonInteractiveOnboarding } = await import("./onboard-non-interactive.js");
 
 const NON_INTERACTIVE_DEFAULT_OPTIONS = {
@@ -180,6 +186,11 @@ describe("onboard (non-interactive): provider auth", () => {
     ({ ensureAuthProfileStore, upsertAuthProfile } = await import("../agents/auth-profiles.js"));
   });
 
+  beforeEach(() => {
+    detectZaiEndpoint.mockReset();
+    detectZaiEndpoint.mockResolvedValue(null);
+  });
+
   it("stores MiniMax API key and uses global baseUrl by default", async () => {
     await withOnboardEnv("openclaw-onboard-minimax-", async (env) => {
       const cfg = await runOnboardingAndReadConfig(env, {
@@ -220,6 +231,12 @@ describe("onboard (non-interactive): provider auth", () => {
 
   it("stores Z.AI API key and uses global baseUrl by default", async () => {
     await withOnboardEnv("openclaw-onboard-zai-", async (env) => {
+      detectZaiEndpoint.mockResolvedValueOnce({
+        endpoint: "global",
+        baseUrl: "https://api.z.ai/api/paas/v4",
+        modelId: "glm-5",
+        note: "Verified GLM-5 on global endpoint.",
+      });
       const cfg = await runOnboardingAndReadConfig(env, {
         authChoice: "zai-api-key",
         zaiApiKey: "zai-test-key", // pragma: allowlist secret
@@ -235,6 +252,12 @@ describe("onboard (non-interactive): provider auth", () => {
 
   it("supports Z.AI CN coding endpoint auth choice", async () => {
     await withOnboardEnv("openclaw-onboard-zai-cn-", async (env) => {
+      detectZaiEndpoint.mockResolvedValueOnce({
+        endpoint: "coding-cn",
+        baseUrl: "https://open.bigmodel.cn/api/coding/paas/v4",
+        modelId: "glm-4.7",
+        note: "Coding Plan CN endpoint verified, but this key/plan does not expose GLM-5 there. Defaulting to GLM-4.7.",
+      });
       const cfg = await runOnboardingAndReadConfig(env, {
         authChoice: "zai-coding-cn",
         zaiApiKey: "zai-test-key", // pragma: allowlist secret
@@ -243,6 +266,25 @@ describe("onboard (non-interactive): provider auth", () => {
       expect(cfg.models?.providers?.zai?.baseUrl).toBe(
         "https://open.bigmodel.cn/api/coding/paas/v4",
       );
+      expect(cfg.agents?.defaults?.model?.primary).toBe("zai/glm-4.7");
+    });
+  });
+
+  it("supports Z.AI Coding Plan global endpoint with GLM-5 when available", async () => {
+    await withOnboardEnv("openclaw-onboard-zai-coding-global-", async (env) => {
+      detectZaiEndpoint.mockResolvedValueOnce({
+        endpoint: "coding-global",
+        baseUrl: "https://api.z.ai/api/coding/paas/v4",
+        modelId: "glm-5",
+        note: "Verified GLM-5 on coding-global endpoint.",
+      });
+      const cfg = await runOnboardingAndReadConfig(env, {
+        authChoice: "zai-coding-global",
+        zaiApiKey: "zai-test-key", // pragma: allowlist secret
+      });
+
+      expect(cfg.models?.providers?.zai?.baseUrl).toBe("https://api.z.ai/api/coding/paas/v4");
+      expect(cfg.agents?.defaults?.model?.primary).toBe("zai/glm-5");
     });
   });
 
diff --git a/src/commands/onboard-non-interactive/local.ts b/src/commands/onboard-non-interactive/local.ts
index e573c385166..5e26bf50d24 100644
--- a/src/commands/onboard-non-interactive/local.ts
+++ b/src/commands/onboard-non-interactive/local.ts
@@ -16,6 +16,7 @@ import type { OnboardOptions } from "../onboard-types.js";
 import { inferAuthChoiceFromFlags } from "./local/auth-choice-inference.js";
 import { applyNonInteractiveGatewayConfig } from "./local/gateway-config.js";
 import {
+  type GatewayHealthFailureDiagnostics,
   logNonInteractiveOnboardingFailure,
   logNonInteractiveOnboardingJson,
 } from "./local/output.js";
@@ -26,36 +27,9 @@ const INSTALL_DAEMON_HEALTH_DEADLINE_MS = 45_000;
 const ATTACH_EXISTING_GATEWAY_HEALTH_DEADLINE_MS = 15_000;
 
 async function collectGatewayHealthFailureDiagnostics(): Promise<
-  | {
-      service?: {
-        label: string;
-        loaded: boolean;
-        loadedText: string;
-        runtimeStatus?: string;
-        state?: string;
-        pid?: number;
-        lastExitStatus?: number;
-        lastExitReason?: string;
-      };
-      lastGatewayError?: string;
-      inspectError?: string;
-    }
-  | undefined
+  GatewayHealthFailureDiagnostics | undefined
 > {
-  const diagnostics: {
-    service?: {
-      label: string;
-      loaded: boolean;
-      loadedText: string;
-      runtimeStatus?: string;
-      state?: string;
-      pid?: number;
-      lastExitStatus?: number;
-      lastExitReason?: string;
-    };
-    lastGatewayError?: string;
-    inspectError?: string;
-  } = {};
+  const diagnostics: GatewayHealthFailureDiagnostics = {};
 
   try {
     const { resolveGatewayService } = await import("../../daemon/service.js");
@@ -159,17 +133,62 @@ export async function runNonInteractiveOnboardingLocal(params: {
     skipBootstrap: Boolean(nextConfig.agents?.defaults?.skipBootstrap),
   });
 
+  const daemonRuntimeRaw = opts.daemonRuntime ?? DEFAULT_GATEWAY_DAEMON_RUNTIME;
+  let daemonInstallStatus:
+    | {
+        requested: boolean;
+        installed: boolean;
+        skippedReason?: "systemd-user-unavailable";
+      }
+    | undefined;
   if (opts.installDaemon) {
     const { installGatewayDaemonNonInteractive } = await import("./local/daemon-install.js");
-    await installGatewayDaemonNonInteractive({
+    const daemonInstall = await installGatewayDaemonNonInteractive({
       nextConfig,
       opts,
       runtime,
       port: gatewayResult.port,
     });
+    daemonInstallStatus = daemonInstall.installed
+      ? {
+          requested: true,
+          installed: true,
+        }
+      : {
+          requested: true,
+          installed: false,
+          skippedReason: daemonInstall.skippedReason,
+        };
+    if (!daemonInstall.installed && !opts.skipHealth) {
+      logNonInteractiveOnboardingFailure({
+        opts,
+        runtime,
+        mode,
+        phase: "daemon-install",
+        message:
+          daemonInstall.skippedReason === "systemd-user-unavailable"
+            ? "Gateway service install is unavailable because systemd user services are not reachable in this Linux session."
+            : "Gateway service install did not complete successfully.",
+        installDaemon: true,
+        daemonInstall: {
+          requested: true,
+          installed: false,
+          skippedReason: daemonInstall.skippedReason,
+        },
+        daemonRuntime: daemonRuntimeRaw,
+        hints:
+          daemonInstall.skippedReason === "systemd-user-unavailable"
+            ? [
+                "Fix: rerun without `--install-daemon` for one-shot setup, or enable a working user-systemd session and retry.",
+                "If your auth profile uses env-backed refs, keep those env vars set in the shell that runs `openclaw gateway run` or `openclaw agent --local`.",
+              ]
+            : [`Run \`${formatCliCommand("openclaw gateway status --deep")}\` for more detail.`],
+      });
+      runtime.exit(1);
+      return;
+    }
   }
 
-  const daemonRuntimeRaw = opts.daemonRuntime ?? DEFAULT_GATEWAY_DAEMON_RUNTIME;
   if (!opts.skipHealth) {
     const { healthCommand } = await import("../health.js");
     const links = resolveControlUiLinks({
@@ -201,6 +220,7 @@ export async function runNonInteractiveOnboardingLocal(params: {
           httpUrl: links.httpUrl,
         },
         installDaemon: Boolean(opts.installDaemon),
+        daemonInstall: daemonInstallStatus,
         daemonRuntime: opts.installDaemon ? daemonRuntimeRaw : undefined,
         diagnostics,
         hints: !opts.installDaemon
@@ -232,6 +252,7 @@ export async function runNonInteractiveOnboardingLocal(params: {
       tailscaleMode: gatewayResult.tailscaleMode,
     },
     installDaemon: Boolean(opts.installDaemon),
+    daemonInstall: daemonInstallStatus,
     daemonRuntime: opts.installDaemon ? daemonRuntimeRaw : undefined,
     skipSkills: Boolean(opts.skipSkills),
     skipHealth: Boolean(opts.skipHealth),
diff --git a/src/commands/onboard-non-interactive/local/auth-choice.ts b/src/commands/onboard-non-interactive/local/auth-choice.ts
index d435771d720..500e19ee574 100644
--- a/src/commands/onboard-non-interactive/local/auth-choice.ts
+++ b/src/commands/onboard-non-interactive/local/auth-choice.ts
@@ -291,6 +291,13 @@ export async function applyNonInteractiveAuthChoice(params: {
       endpoint = "global";
     } else if (authChoice === "zai-cn") {
       endpoint = "cn";
+    }
+
+    if (endpoint) {
+      const detected = await detectZaiEndpoint({ apiKey: resolved.key, endpoint });
+      if (detected) {
+        modelIdOverride = detected.modelId;
+      }
     } else {
       const detected = await detectZaiEndpoint({ apiKey: resolved.key });
       if (detected) {
diff --git a/src/commands/onboard-non-interactive/local/daemon-install.test.ts b/src/commands/onboard-non-interactive/local/daemon-install.test.ts
index c3e87a1d48d..d45cf4cafad 100644
--- a/src/commands/onboard-non-interactive/local/daemon-install.test.ts
+++ b/src/commands/onboard-non-interactive/local/daemon-install.test.ts
@@ -6,6 +6,7 @@ const gatewayInstallErrorHint = vi.hoisted(() => vi.fn(() => "hint"));
 const resolveGatewayInstallToken = vi.hoisted(() => vi.fn());
 const serviceInstall = vi.hoisted(() => vi.fn(async () => {}));
 const ensureSystemdUserLingerNonInteractive = vi.hoisted(() => vi.fn(async () => {}));
+const isSystemdUserServiceAvailable = vi.hoisted(() => vi.fn(async () => true));
 
 vi.mock("../../daemon-install-helpers.js", () => ({
   buildGatewayInstallPlan,
@@ -23,7 +24,7 @@ vi.mock("../../../daemon/service.js", () => ({
 }));
 
 vi.mock("../../../daemon/systemd.js", () => ({
-  isSystemdUserServiceAvailable: vi.fn(async () => true),
+  isSystemdUserServiceAvailable,
 }));
 
 vi.mock("../../daemon-runtime.js", () => ({
@@ -40,6 +41,7 @@ const { installGatewayDaemonNonInteractive } = await import("./daemon-install.js
 describe("installGatewayDaemonNonInteractive", () => {
   beforeEach(() => {
     vi.clearAllMocks();
+    isSystemdUserServiceAvailable.mockResolvedValue(true);
     resolveGatewayInstallToken.mockResolvedValue({
       token: undefined,
       tokenRefConfigured: true,
@@ -100,4 +102,39 @@ describe("installGatewayDaemonNonInteractive", () => {
     expect(buildGatewayInstallPlan).not.toHaveBeenCalled();
     expect(serviceInstall).not.toHaveBeenCalled();
   });
+
+  it("returns a skipped result when Linux user systemd is unavailable", async () => {
+    const runtime = { log: vi.fn(), error: vi.fn(), exit: vi.fn() };
+    const originalPlatform = process.platform;
+
+    isSystemdUserServiceAvailable.mockResolvedValue(false);
+    Object.defineProperty(process, "platform", {
+      configurable: true,
+      value: "linux",
+    });
+
+    try {
+      const result = await installGatewayDaemonNonInteractive({
+        nextConfig: {} as OpenClawConfig,
+        opts: { installDaemon: true },
+        runtime,
+        port: 18789,
+      });
+
+      expect(result).toEqual({
+        installed: false,
+        skippedReason: "systemd-user-unavailable",
+      });
+      expect(runtime.log).toHaveBeenCalledWith(
+        expect.stringContaining("Systemd user services are unavailable"),
+      );
+      expect(buildGatewayInstallPlan).not.toHaveBeenCalled();
+      expect(serviceInstall).not.toHaveBeenCalled();
+    } finally {
+      Object.defineProperty(process, "platform", {
+        configurable: true,
+        value: originalPlatform,
+      });
+    }
+  });
 });
diff --git a/src/commands/onboard-non-interactive/local/daemon-install.ts b/src/commands/onboard-non-interactive/local/daemon-install.ts
index d3b759227d6..6236b410f75 100644
--- a/src/commands/onboard-non-interactive/local/daemon-install.ts
+++ b/src/commands/onboard-non-interactive/local/daemon-install.ts
@@ -13,24 +13,34 @@ export async function installGatewayDaemonNonInteractive(params: {
   opts: OnboardOptions;
   runtime: RuntimeEnv;
   port: number;
-}) {
+}): Promise<
+  | {
+      installed: true;
+    }
+  | {
+      installed: false;
+      skippedReason?: "systemd-user-unavailable";
+    }
+> {
   const { opts, runtime, port } = params;
   if (!opts.installDaemon) {
-    return;
+    return { installed: false };
   }
 
   const daemonRuntimeRaw = opts.daemonRuntime ?? DEFAULT_GATEWAY_DAEMON_RUNTIME;
   const systemdAvailable =
     process.platform === "linux" ? await isSystemdUserServiceAvailable() : true;
   if (process.platform === "linux" && !systemdAvailable) {
-    runtime.log("Systemd user services are unavailable; skipping service install.");
-    return;
+    runtime.log(
+      "Systemd user services are unavailable; skipping service install. Use a direct shell run (`openclaw gateway run`) or rerun without --install-daemon on this session.",
+    );
+    return { installed: false, skippedReason: "systemd-user-unavailable" };
   }
 
   if (!isGatewayDaemonRuntime(daemonRuntimeRaw)) {
     runtime.error("Invalid --daemon-runtime (use node or bun)");
     runtime.exit(1);
-    return;
+    return { installed: false };
   }
 
   const service = resolveGatewayService();
@@ -50,7 +60,7 @@ export async function installGatewayDaemonNonInteractive(params: {
       ].join(" "),
     );
     runtime.exit(1);
-    return;
+    return { installed: false };
   }
   const { programArguments, workingDirectory, environment } = await buildGatewayInstallPlan({
     env: process.env,
@@ -70,7 +80,8 @@ export async function installGatewayDaemonNonInteractive(params: {
   } catch (err) {
     runtime.error(`Gateway service install failed: ${String(err)}`);
     runtime.log(gatewayInstallErrorHint());
-    return;
+    return { installed: false };
   }
   await ensureSystemdUserLingerNonInteractive({ runtime });
+  return { installed: true };
 }
diff --git a/src/commands/onboard-non-interactive/local/output.ts b/src/commands/onboard-non-interactive/local/output.ts
index 100956ae979..a91df06aee6 100644
--- a/src/commands/onboard-non-interactive/local/output.ts
+++ b/src/commands/onboard-non-interactive/local/output.ts
@@ -1,7 +1,7 @@
 import type { RuntimeEnv } from "../../../runtime.js";
 import type { OnboardOptions } from "../../onboard-types.js";
 
-type GatewayHealthFailureDiagnostics = {
+export type GatewayHealthFailureDiagnostics = {
   service?: {
     label: string;
     loaded: boolean;
@@ -29,6 +29,11 @@ export function logNonInteractiveOnboardingJson(params: {
     tailscaleMode: string;
   };
   installDaemon?: boolean;
+  daemonInstall?: {
+    requested: boolean;
+    installed: boolean;
+    skippedReason?: string;
+  };
   daemonRuntime?: string;
   skipSkills?: boolean;
   skipHealth?: boolean;
@@ -45,6 +50,7 @@ export function logNonInteractiveOnboardingJson(params: {
         authChoice: params.authChoice,
         gateway: params.gateway,
         installDaemon: Boolean(params.installDaemon),
+        daemonInstall: params.daemonInstall,
         daemonRuntime: params.daemonRuntime,
         skipSkills: Boolean(params.skipSkills),
         skipHealth: Boolean(params.skipHealth),
@@ -91,6 +97,11 @@ export function logNonInteractiveOnboardingFailure(params: {
     httpUrl?: string;
   };
   installDaemon?: boolean;
+  daemonInstall?: {
+    requested: boolean;
+    installed: boolean;
+    skippedReason?: string;
+  };
   daemonRuntime?: string;
   diagnostics?: GatewayHealthFailureDiagnostics;
 }) {
@@ -108,6 +119,7 @@ export function logNonInteractiveOnboardingFailure(params: {
           detail: params.detail,
           gateway: params.gateway,
           installDaemon: Boolean(params.installDaemon),
+          daemonInstall: params.daemonInstall,
           daemonRuntime: params.daemonRuntime,
           diagnostics: params.diagnostics,
           hints: hints.length > 0 ? hints : undefined,
diff --git a/src/commands/onboard.test.ts b/src/commands/onboard.test.ts
index 1233222bf54..5d1dc20634d 100644
--- a/src/commands/onboard.test.ts
+++ b/src/commands/onboard.test.ts
@@ -60,6 +60,26 @@ describe("onboardCommand", () => {
     expect(mocks.runNonInteractiveOnboarding).not.toHaveBeenCalled();
   });
 
+  it("logs ASCII-safe Windows guidance before onboarding", async () => {
+    const runtime = makeRuntime();
+    const platformSpy = vi.spyOn(process, "platform", "get").mockReturnValue("win32");
+
+    try {
+      await onboardCommand({}, runtime);
+
+      expect(runtime.log).toHaveBeenCalledWith(
+        [
+          "Windows detected - OpenClaw runs great on WSL2!",
+          "Native Windows might be trickier.",
+          "Quick setup: wsl --install (one command, one reboot)",
+          "Guide: https://docs.openclaw.ai/windows",
+        ].join("\n"),
+      );
+    } finally {
+      platformSpy.mockRestore();
+    }
+  });
+
   it("defaults --reset to config+creds+sessions scope", async () => {
     const runtime = makeRuntime();
 
diff --git a/src/commands/onboard.ts b/src/commands/onboard.ts
index 9c55bddf1d6..6762998f815 100644
--- a/src/commands/onboard.ts
+++ b/src/commands/onboard.ts
@@ -77,7 +77,7 @@ export async function onboardCommand(opts: OnboardOptions, runtime: RuntimeEnv =
   if (process.platform === "win32") {
     runtime.log(
       [
-        "Windows detected — OpenClaw runs great on WSL2!",
+        "Windows detected - OpenClaw runs great on WSL2!",
         "Native Windows might be trickier.",
         "Quick setup: wsl --install (one command, one reboot)",
         "Guide: https://docs.openclaw.ai/windows",
diff --git a/src/commands/self-hosted-provider-setup.ts b/src/commands/self-hosted-provider-setup.ts
index 6a50820ce91..c067d797f15 100644
--- a/src/commands/self-hosted-provider-setup.ts
+++ b/src/commands/self-hosted-provider-setup.ts
@@ -2,6 +2,8 @@ import { upsertAuthProfileWithLock } from "../agents/auth-profiles.js";
 import type { ApiKeyCredential, AuthProfileCredential } from "../agents/auth-profiles/types.js";
 import type { OpenClawConfig } from "../config/config.js";
 import type {
+  ProviderDiscoveryContext,
+  ProviderAuthResult,
   ProviderAuthMethodNonInteractiveContext,
   ProviderNonInteractiveApiKeyResult,
 } from "../plugins/types.js";
@@ -85,7 +87,7 @@ function buildOpenAICompatibleSelfHostedProviderConfig(params: {
   };
 }
 
-export async function promptAndConfigureOpenAICompatibleSelfHostedProvider(params: {
+type OpenAICompatibleSelfHostedProviderSetupParams = {
   cfg: OpenClawConfig;
   prompter: WizardPrompter;
   providerId: string;
@@ -97,13 +99,34 @@ export async function promptAndConfigureOpenAICompatibleSelfHostedProvider(param
   reasoning?: boolean;
   contextWindow?: number;
   maxTokens?: number;
-}): Promise<{
+};
+
+type OpenAICompatibleSelfHostedProviderPromptResult = {
   config: OpenClawConfig;
   credential: AuthProfileCredential;
   modelId: string;
   modelRef: string;
   profileId: string;
-}> {
+};
+
+function buildSelfHostedProviderAuthResult(
+  result: OpenAICompatibleSelfHostedProviderPromptResult,
+): ProviderAuthResult {
+  return {
+    profiles: [
+      {
+        profileId: result.profileId,
+        credential: result.credential,
+      },
+    ],
+    configPatch: result.config,
+    defaultModel: result.modelRef,
+  };
+}
+
+export async function promptAndConfigureOpenAICompatibleSelfHostedProvider(
+  params: OpenAICompatibleSelfHostedProviderSetupParams,
+): Promise<OpenAICompatibleSelfHostedProviderPromptResult> {
   const baseUrlRaw = await params.prompter.text({
     message: `${params.providerLabel} base URL`,
     initialValue: params.defaultBaseUrl,
@@ -152,6 +175,35 @@ export async function promptAndConfigureOpenAICompatibleSelfHostedProvider(param
   };
 }
 
+export async function promptAndConfigureOpenAICompatibleSelfHostedProviderAuth(
+  params: OpenAICompatibleSelfHostedProviderSetupParams,
+): Promise<ProviderAuthResult> {
+  const result = await promptAndConfigureOpenAICompatibleSelfHostedProvider(params);
+  return buildSelfHostedProviderAuthResult(result);
+}
+
+export async function discoverOpenAICompatibleSelfHostedProvider<
+  T extends Record<string, unknown>,
+>(params: {
+  ctx: ProviderDiscoveryContext;
+  providerId: string;
+  buildProvider: (params: { apiKey?: string }) => Promise<T>;
+}): Promise<{ provider: T & { apiKey: string } } | null> {
+  if (params.ctx.config.models?.providers?.[params.providerId]) {
+    return null;
+  }
+  const { apiKey, discoveryApiKey } = params.ctx.resolveProviderApiKey(params.providerId);
+  if (!apiKey) {
+    return null;
+  }
+  return {
+    provider: {
+      ...(await params.buildProvider({ apiKey: discoveryApiKey })),
+      apiKey,
+    },
+  };
+}
+
 function buildMissingNonInteractiveModelIdMessage(params: {
   authChoice: string;
   providerLabel: string;
diff --git a/src/commands/status-all/channels.mattermost-token-summary.test.ts b/src/commands/status-all/channels.mattermost-token-summary.test.ts
index a797d028d9f..a012a3a3647 100644
--- a/src/commands/status-all/channels.mattermost-token-summary.test.ts
+++ b/src/commands/status-all/channels.mattermost-token-summary.test.ts
@@ -37,139 +37,94 @@ function makeMattermostPlugin(): ChannelPlugin {
   };
 }
 
-function makeSlackPlugin(params?: { botToken?: string; appToken?: string }): ChannelPlugin {
-  return {
-    id: "slack",
-    meta: {
-      id: "slack",
-      label: "Slack",
-      selectionLabel: "Slack",
-      docsPath: "/channels/slack",
-      blurb: "test",
-    },
-    capabilities: { chatTypes: ["direct"] },
-    config: {
-      listAccountIds: () => ["primary"],
-      defaultAccountId: () => "primary",
-      inspectAccount: () => ({
-        name: "Primary",
-        enabled: true,
-        botToken: params?.botToken ?? "bot-token",
-        appToken: params?.appToken ?? "app-token",
-      }),
-      resolveAccount: () => ({
-        name: "Primary",
-        enabled: true,
-        botToken: params?.botToken ?? "bot-token",
-        appToken: params?.appToken ?? "app-token",
-      }),
-      isConfigured: () => true,
-      isEnabled: () => true,
-    },
-    actions: {
-      listActions: () => ["send"],
-    },
-  };
-}
+type TestTable = Awaited<ReturnType<typeof buildChannelsTable>>;
 
-function makeUnavailableSlackPlugin(): ChannelPlugin {
-  return {
-    id: "slack",
-    meta: {
-      id: "slack",
-      label: "Slack",
-      selectionLabel: "Slack",
-      docsPath: "/channels/slack",
-      blurb: "test",
-    },
-    capabilities: { chatTypes: ["direct"] },
-    config: {
-      listAccountIds: () => ["primary"],
-      defaultAccountId: () => "primary",
-      inspectAccount: () => ({
-        name: "Primary",
-        enabled: true,
-        configured: true,
-        botToken: "",
-        appToken: "",
-        botTokenSource: "config",
-        appTokenSource: "config",
-        botTokenStatus: "configured_unavailable",
-        appTokenStatus: "configured_unavailable",
-      }),
-      resolveAccount: () => ({
-        name: "Primary",
-        enabled: true,
-        configured: true,
-        botToken: "",
-        appToken: "",
-        botTokenSource: "config",
-        appTokenSource: "config",
-        botTokenStatus: "configured_unavailable",
-        appTokenStatus: "configured_unavailable",
-      }),
-      isConfigured: () => true,
-      isEnabled: () => true,
-    },
-    actions: {
-      listActions: () => ["send"],
-    },
-  };
-}
-
-function makeSourceAwareUnavailablePlugin(): ChannelPlugin {
+function makeSlackDirectPlugin(config: ChannelPlugin["config"]): ChannelPlugin {
   return makeDirectPlugin({
     id: "slack",
     label: "Slack",
     docsPath: "/channels/slack",
-    config: {
-      listAccountIds: () => ["primary"],
-      defaultAccountId: () => "primary",
-      inspectAccount: (cfg) =>
-        (cfg as { marker?: string }).marker === "source"
-          ? {
-              name: "Primary",
-              enabled: true,
-              configured: true,
-              botToken: "",
-              appToken: "",
-              botTokenSource: "config",
-              appTokenSource: "config",
-              botTokenStatus: "configured_unavailable",
-              appTokenStatus: "configured_unavailable",
-            }
-          : {
-              name: "Primary",
-              enabled: true,
-              configured: false,
-              botToken: "",
-              appToken: "",
-              botTokenSource: "none",
-              appTokenSource: "none",
-            },
-      resolveAccount: () => ({
-        name: "Primary",
-        enabled: true,
-        botToken: "",
-        appToken: "",
-      }),
-      isConfigured: (account) => Boolean((account as { configured?: boolean }).configured),
-      isEnabled: () => true,
-    },
+    config,
+  });
+}
+
+function createSlackTokenAccount(params?: { botToken?: string; appToken?: string }) {
+  return {
+    name: "Primary",
+    enabled: true,
+    botToken: params?.botToken ?? "bot-token",
+    appToken: params?.appToken ?? "app-token",
+  };
+}
+
+function createUnavailableSlackTokenAccount() {
+  return {
+    name: "Primary",
+    enabled: true,
+    configured: true,
+    botToken: "",
+    appToken: "",
+    botTokenSource: "config",
+    appTokenSource: "config",
+    botTokenStatus: "configured_unavailable",
+    appTokenStatus: "configured_unavailable",
+  };
+}
+
+function makeSlackPlugin(params?: { botToken?: string; appToken?: string }): ChannelPlugin {
+  return makeSlackDirectPlugin({
+    listAccountIds: () => ["primary"],
+    defaultAccountId: () => "primary",
+    inspectAccount: () => createSlackTokenAccount(params),
+    resolveAccount: () => createSlackTokenAccount(params),
+    isConfigured: () => true,
+    isEnabled: () => true,
+  });
+}
+
+function makeUnavailableSlackPlugin(): ChannelPlugin {
+  return makeSlackDirectPlugin({
+    listAccountIds: () => ["primary"],
+    defaultAccountId: () => "primary",
+    inspectAccount: () => createUnavailableSlackTokenAccount(),
+    resolveAccount: () => createUnavailableSlackTokenAccount(),
+    isConfigured: () => true,
+    isEnabled: () => true,
+  });
+}
+
+function makeSourceAwareUnavailablePlugin(): ChannelPlugin {
+  return makeSlackDirectPlugin({
+    listAccountIds: () => ["primary"],
+    defaultAccountId: () => "primary",
+    inspectAccount: (cfg) =>
+      (cfg as { marker?: string }).marker === "source"
+        ? createUnavailableSlackTokenAccount()
+        : {
+            name: "Primary",
+            enabled: true,
+            configured: false,
+            botToken: "",
+            appToken: "",
+            botTokenSource: "none",
+            appTokenSource: "none",
+          },
+    resolveAccount: () => ({
+      name: "Primary",
+      enabled: true,
+      botToken: "",
+      appToken: "",
+    }),
+    isConfigured: (account) => Boolean((account as { configured?: boolean }).configured),
+    isEnabled: () => true,
   });
 }
 
 function makeSourceUnavailableResolvedAvailablePlugin(): ChannelPlugin {
-  return {
+  return makeDirectPlugin({
     id: "discord",
-    meta: {
-      id: "discord",
-      label: "Discord",
-      selectionLabel: "Discord",
-      docsPath: "/channels/discord",
-      blurb: "test",
-    },
-    capabilities: { chatTypes: ["direct"] },
+    label: "Discord",
+    docsPath: "/channels/discord",
     config: {
       listAccountIds: () => ["primary"],
       defaultAccountId: () => "primary",
@@ -199,10 +154,7 @@ function makeSourceUnavailableResolvedAvailablePlugin(): ChannelPlugin {
       isConfigured: (account) => Boolean((account as { configured?: boolean }).configured),
       isEnabled: () => true,
     },
-    actions: {
-      listActions: () => ["send"],
-    },
-  };
+  });
 }
 
 function makeHttpSlackUnavailablePlugin(): ChannelPlugin {
@@ -263,64 +215,76 @@ function makeTokenPlugin(): ChannelPlugin {
   });
 }
 
+async function buildTestTable(
+  plugins: ChannelPlugin[],
+  params?: { cfg?: Record<string, unknown>; sourceConfig?: Record<string, unknown> },
+) {
+  vi.mocked(listChannelPlugins).mockReturnValue(plugins);
+  return await buildChannelsTable((params?.cfg ?? { channels: {} }) as never, {
+    showSecrets: false,
+    sourceConfig: params?.sourceConfig as never,
+  });
+}
+
+function expectTableRow(
+  table: TestTable,
+  params: { id: string; state: string; detailContains?: string; detailEquals?: string },
+) {
+  const row = table.rows.find((entry) => entry.id === params.id);
+  expect(row).toBeDefined();
+  expect(row?.state).toBe(params.state);
+  if (params.detailContains) {
+    expect(row?.detail).toContain(params.detailContains);
+  }
+  if (params.detailEquals) {
+    expect(row?.detail).toBe(params.detailEquals);
+  }
+  return row;
+}
+
+function expectTableDetailRows(
+  table: TestTable,
+  title: string,
+  rows: Array<Record<string, string>>,
+) {
+  const detail = table.details.find((entry) => entry.title === title);
+  expect(detail).toBeDefined();
+  expect(detail?.rows).toEqual(rows);
+}
+
 describe("buildChannelsTable - mattermost token summary", () => {
   it("does not require appToken for mattermost accounts", async () => {
-    vi.mocked(listChannelPlugins).mockReturnValue([makeMattermostPlugin()]);
-
-    const table = await buildChannelsTable({ channels: {} } as never, {
-      showSecrets: false,
-    });
-
-    const mattermostRow = table.rows.find((row) => row.id === "mattermost");
-    expect(mattermostRow).toBeDefined();
-    expect(mattermostRow?.state).toBe("ok");
+    const table = await buildTestTable([makeMattermostPlugin()]);
+    const mattermostRow = expectTableRow(table, { id: "mattermost", state: "ok" });
     expect(mattermostRow?.detail).not.toContain("need bot+app");
   });
 
   it("keeps bot+app requirement when both fields exist", async () => {
-    vi.mocked(listChannelPlugins).mockReturnValue([
-      makeSlackPlugin({ botToken: "bot-token", appToken: "" }),
-    ]);
-
-    const table = await buildChannelsTable({ channels: {} } as never, {
-      showSecrets: false,
-    });
-
-    const slackRow = table.rows.find((row) => row.id === "slack");
-    expect(slackRow).toBeDefined();
-    expect(slackRow?.state).toBe("warn");
-    expect(slackRow?.detail).toContain("need bot+app");
+    const table = await buildTestTable([makeSlackPlugin({ botToken: "bot-token", appToken: "" })]);
+    expectTableRow(table, { id: "slack", state: "warn", detailContains: "need bot+app" });
   });
 
   it("reports configured-but-unavailable Slack credentials as warn", async () => {
-    vi.mocked(listChannelPlugins).mockReturnValue([makeUnavailableSlackPlugin()]);
-
-    const table = await buildChannelsTable({ channels: {} } as never, {
-      showSecrets: false,
+    const table = await buildTestTable([makeUnavailableSlackPlugin()]);
+    expectTableRow(table, {
+      id: "slack",
+      state: "warn",
+      detailContains: "unavailable in this command path",
     });
-
-    const slackRow = table.rows.find((row) => row.id === "slack");
-    expect(slackRow).toBeDefined();
-    expect(slackRow?.state).toBe("warn");
-    expect(slackRow?.detail).toContain("unavailable in this command path");
   });
 
   it("preserves unavailable credential state from the source config snapshot", async () => {
-    vi.mocked(listChannelPlugins).mockReturnValue([makeSourceAwareUnavailablePlugin()]);
-
-    const table = await buildChannelsTable({ marker: "resolved", channels: {} } as never, {
-      showSecrets: false,
-      sourceConfig: { marker: "source", channels: {} } as never,
+    const table = await buildTestTable([makeSourceAwareUnavailablePlugin()], {
+      cfg: { marker: "resolved", channels: {} },
+      sourceConfig: { marker: "source", channels: {} },
     });
 
-    const slackRow = table.rows.find((row) => row.id === "slack");
-    expect(slackRow).toBeDefined();
-    expect(slackRow?.state).toBe("warn");
-    expect(slackRow?.detail).toContain("unavailable in this command path");
-
-    const slackDetails = table.details.find((detail) => detail.title === "Slack accounts");
-    expect(slackDetails).toBeDefined();
-    expect(slackDetails?.rows).toEqual([
+    expectTableRow(table, {
+      id: "slack",
+      state: "warn",
+      detailContains: "unavailable in this command path",
+    });
+    expectTableDetailRows(table, "Slack accounts", [
       {
         Account: "primary (Primary)",
         Notes: "bot:config · app:config · secret unavailable in this command path",
@@ -330,21 +294,13 @@ describe("buildChannelsTable - mattermost token summary", () => {
   });
 
   it("treats status-only available credentials as resolved", async () => {
-    vi.mocked(listChannelPlugins).mockReturnValue([makeSourceUnavailableResolvedAvailablePlugin()]);
-
-    const table = await buildChannelsTable({ marker: "resolved", channels: {} } as never, {
-      showSecrets: false,
-      sourceConfig: { marker: "source", channels: {} } as never,
+    const table = await buildTestTable([makeSourceUnavailableResolvedAvailablePlugin()], {
+      cfg: { marker: "resolved", channels: {} },
+      sourceConfig: { marker: "source", channels: {} },
     });
 
-    const discordRow = table.rows.find((row) => row.id === "discord");
-    expect(discordRow).toBeDefined();
-    expect(discordRow?.state).toBe("ok");
-    expect(discordRow?.detail).toBe("configured");
-
-    const discordDetails = table.details.find((detail) => detail.title === "Discord accounts");
-    expect(discordDetails).toBeDefined();
-    expect(discordDetails?.rows).toEqual([
+    expectTableRow(table, { id: "discord", state: "ok", detailEquals: "configured" });
+    expectTableDetailRows(table, "Discord accounts", [
       {
         Account: "primary (Primary)",
         Notes: "token:config",
@@ -354,20 +310,13 @@ describe("buildChannelsTable - mattermost token summary", () => {
   });
 
   it("treats Slack HTTP signing-secret availability as required config", async () => {
-    vi.mocked(listChannelPlugins).mockReturnValue([makeHttpSlackUnavailablePlugin()]);
-
-    const table = await buildChannelsTable({ channels: {} } as never, {
-      showSecrets: false,
+    const table = await buildTestTable([makeHttpSlackUnavailablePlugin()]);
+    expectTableRow(table, {
+      id: "slack",
+      state: "warn",
+      detailContains: "configured http credentials unavailable",
     });
-
-    const slackRow = table.rows.find((row) => row.id === "slack");
-    expect(slackRow).toBeDefined();
-    expect(slackRow?.state).toBe("warn");
-    expect(slackRow?.detail).toContain("configured http credentials unavailable");
-
-    const slackDetails = table.details.find((detail) => detail.title === "Slack accounts");
-    expect(slackDetails).toBeDefined();
-    expect(slackDetails?.rows).toEqual([
+    expectTableDetailRows(table, "Slack accounts", [
       {
         Account: "primary (Primary)",
         Notes: "bot:config · signing:config · secret unavailable in this command path",
@@ -377,15 +326,7 @@ describe("buildChannelsTable - mattermost token summary", () => {
   });
 
   it("still reports single-token channels as ok", async () => {
-    vi.mocked(listChannelPlugins).mockReturnValue([makeTokenPlugin()]);
-
-    const table = await buildChannelsTable({ channels: {} } as never, {
-      showSecrets: false,
-    });
-
-    const tokenRow = table.rows.find((row) => row.id === "token-only");
-    expect(tokenRow).toBeDefined();
-    expect(tokenRow?.state).toBe("ok");
-    expect(tokenRow?.detail).toContain("token");
+    const table = await buildTestTable([makeTokenPlugin()]);
+    expectTableRow(table, { id: "token-only", state: "ok", detailContains: "token" });
   });
 });
diff --git a/src/commands/status.test.ts b/src/commands/status.test.ts
index 66f3f7bf07f..e307ffa3694 100644
--- a/src/commands/status.test.ts
+++ b/src/commands/status.test.ts
@@ -286,7 +286,7 @@ vi.mock("../channels/plugins/index.js", () => ({
       },
     ] as unknown,
 }));
-vi.mock("../web/session.js", () => ({
+vi.mock("../../extensions/whatsapp/src/session.js", () => ({
   webAuthExists: mocks.webAuthExists,
   getWebAuthAgeMs: mocks.getWebAuthAgeMs,
   readWebSelfId: mocks.readWebSelfId,
diff --git a/src/commands/zai-endpoint-detect.test.ts b/src/commands/zai-endpoint-detect.test.ts
index 292ee7ac761..fea72b573ba 100644
--- a/src/commands/zai-endpoint-detect.test.ts
+++ b/src/commands/zai-endpoint-detect.test.ts
@@ -1,11 +1,14 @@
 import { describe, expect, it } from "vitest";
 import { detectZaiEndpoint } from "./zai-endpoint-detect.js";
 
-function makeFetch(map: Record<string, { status: number; body?: unknown }>) {
-  return (async (url: string) => {
-    const entry = map[url];
+type FetchResponse = { status: number; body?: unknown };
+
+function makeFetch(map: Record<string, FetchResponse>) {
+  return (async (url: string, init?: RequestInit) => {
+    const rawBody = typeof init?.body === "string" ? JSON.parse(init.body) : null;
+    const entry = map[`${url}::${rawBody?.model ?? ""}`] ?? map[url];
     if (!entry) {
-      throw new Error(`unexpected url: ${url}`);
+      throw new Error(`unexpected url: ${url} model=${String(rawBody?.model ?? "")}`);
     }
     const json = entry.body ?? {};
     return new Response(JSON.stringify(json), {
@@ -18,39 +21,71 @@ function makeFetch(map: Record<string, { status: number; body?: unknown }>) {
 describe("detectZaiEndpoint", () => {
   it("resolves preferred/fallback endpoints and null when probes fail", async () => {
     const scenarios: Array<{
+      endpoint?: "global" | "cn" | "coding-global" | "coding-cn";
       responses: Record<string, { status: number; body?: unknown }>;
       expected: { endpoint: string; modelId: string } | null;
     }> = [
       {
         responses: {
-          "https://api.z.ai/api/paas/v4/chat/completions": { status: 200 },
+          "https://api.z.ai/api/paas/v4/chat/completions::glm-5": { status: 200 },
         },
         expected: { endpoint: "global", modelId: "glm-5" },
       },
       {
         responses: {
-          "https://api.z.ai/api/paas/v4/chat/completions": {
+          "https://api.z.ai/api/paas/v4/chat/completions::glm-5": {
             status: 404,
             body: { error: { message: "not found" } },
           },
-          "https://open.bigmodel.cn/api/paas/v4/chat/completions": { status: 200 },
+          "https://open.bigmodel.cn/api/paas/v4/chat/completions::glm-5": { status: 200 },
         },
         expected: { endpoint: "cn", modelId: "glm-5" },
       },
       {
         responses: {
-          "https://api.z.ai/api/paas/v4/chat/completions": { status: 404 },
-          "https://open.bigmodel.cn/api/paas/v4/chat/completions": { status: 404 },
-          "https://api.z.ai/api/coding/paas/v4/chat/completions": { status: 200 },
+          "https://api.z.ai/api/paas/v4/chat/completions::glm-5": { status: 404 },
+          "https://open.bigmodel.cn/api/paas/v4/chat/completions::glm-5": { status: 404 },
+          "https://api.z.ai/api/coding/paas/v4/chat/completions::glm-5": { status: 200 },
+        },
+        expected: { endpoint: "coding-global", modelId: "glm-5" },
+      },
+      {
+        endpoint: "coding-global",
+        responses: {
+          "https://api.z.ai/api/coding/paas/v4/chat/completions::glm-5": {
+            status: 404,
+            body: { error: { message: "glm-5 unavailable" } },
+          },
+          "https://api.z.ai/api/coding/paas/v4/chat/completions::glm-4.7": { status: 200 },
         },
         expected: { endpoint: "coding-global", modelId: "glm-4.7" },
       },
       {
+        endpoint: "coding-cn",
         responses: {
-          "https://api.z.ai/api/paas/v4/chat/completions": { status: 401 },
-          "https://open.bigmodel.cn/api/paas/v4/chat/completions": { status: 401 },
-          "https://api.z.ai/api/coding/paas/v4/chat/completions": { status: 401 },
-          "https://open.bigmodel.cn/api/coding/paas/v4/chat/completions": { status: 401 },
+          "https://open.bigmodel.cn/api/coding/paas/v4/chat/completions::glm-5": { status: 200 },
+        },
+        expected: { endpoint: "coding-cn", modelId: "glm-5" },
+      },
+      {
+        endpoint: "coding-cn",
+        responses: {
+          "https://open.bigmodel.cn/api/coding/paas/v4/chat/completions::glm-5": {
+            status: 404,
+            body: { error: { message: "glm-5 unavailable" } },
+          },
+          "https://open.bigmodel.cn/api/coding/paas/v4/chat/completions::glm-4.7": { status: 200 },
+        },
+        expected: { endpoint: "coding-cn", modelId: "glm-4.7" },
+      },
+      {
+        responses: {
+          "https://api.z.ai/api/paas/v4/chat/completions::glm-5": { status: 401 },
+          "https://open.bigmodel.cn/api/paas/v4/chat/completions::glm-5": { status: 401 },
+          "https://api.z.ai/api/coding/paas/v4/chat/completions::glm-5": { status: 401 },
+          "https://api.z.ai/api/coding/paas/v4/chat/completions::glm-4.7": { status: 401 },
+          "https://open.bigmodel.cn/api/coding/paas/v4/chat/completions::glm-5": { status: 401 },
+          "https://open.bigmodel.cn/api/coding/paas/v4/chat/completions::glm-4.7": { status: 401 },
         },
         expected: null,
       },
@@ -59,6 +94,7 @@ describe("detectZaiEndpoint", () => {
     for (const scenario of scenarios) {
       const detected = await detectZaiEndpoint({
         apiKey: "sk-test", // pragma: allowlist secret
+        ...(scenario.endpoint ? { endpoint: scenario.endpoint } : {}),
         fetchFn: makeFetch(scenario.responses),
       });
 
diff --git a/src/commands/zai-endpoint-detect.ts b/src/commands/zai-endpoint-detect.ts
index 6f53c6c58cc..b0799088559 100644
--- a/src/commands/zai-endpoint-detect.ts
+++ b/src/commands/zai-endpoint-detect.ts
@@ -88,6 +88,7 @@ async function probeZaiChatCompletions(params: {
 
 export async function detectZaiEndpoint(params: {
   apiKey: string;
+  endpoint?: ZaiEndpointId;
   timeoutMs?: number;
   fetchFn?: typeof fetch;
 }): Promise<ZaiDetectedEndpoint | null> {
@@ -97,50 +98,80 @@ export async function detectZaiEndpoint(params: {
   }
 
   const timeoutMs = params.timeoutMs ?? 5_000;
-
-  // Prefer GLM-5 on the general API endpoints.
-  const glm5: Array<{ endpoint: ZaiEndpointId; baseUrl: string }> = [
-    { endpoint: "global", baseUrl: ZAI_GLOBAL_BASE_URL },
-    { endpoint: "cn", baseUrl: ZAI_CN_BASE_URL },
-  ];
-  for (const candidate of glm5) {
-    const result = await probeZaiChatCompletions({
-      baseUrl: candidate.baseUrl,
-      apiKey: params.apiKey,
-      modelId: "glm-5",
-      timeoutMs,
-      fetchFn: params.fetchFn,
-    });
-    if (result.ok) {
-      return {
-        endpoint: candidate.endpoint,
-        baseUrl: candidate.baseUrl,
+  const probeCandidates = (() => {
+    const general = [
+      {
+        endpoint: "global" as const,
+        baseUrl: ZAI_GLOBAL_BASE_URL,
         modelId: "glm-5",
-        note: `Verified GLM-5 on ${candidate.endpoint} endpoint.`,
-      };
-    }
-  }
+        note: "Verified GLM-5 on global endpoint.",
+      },
+      {
+        endpoint: "cn" as const,
+        baseUrl: ZAI_CN_BASE_URL,
+        modelId: "glm-5",
+        note: "Verified GLM-5 on cn endpoint.",
+      },
+    ];
+    const codingGlm5 = [
+      {
+        endpoint: "coding-global" as const,
+        baseUrl: ZAI_CODING_GLOBAL_BASE_URL,
+        modelId: "glm-5",
+        note: "Verified GLM-5 on coding-global endpoint.",
+      },
+      {
+        endpoint: "coding-cn" as const,
+        baseUrl: ZAI_CODING_CN_BASE_URL,
+        modelId: "glm-5",
+        note: "Verified GLM-5 on coding-cn endpoint.",
+      },
+    ];
+    const codingFallback = [
+      {
+        endpoint: "coding-global" as const,
+        baseUrl: ZAI_CODING_GLOBAL_BASE_URL,
+        modelId: "glm-4.7",
+        note: "Coding Plan endpoint verified, but this key/plan does not expose GLM-5 there. Defaulting to GLM-4.7.",
+      },
+      {
+        endpoint: "coding-cn" as const,
+        baseUrl: ZAI_CODING_CN_BASE_URL,
+        modelId: "glm-4.7",
+        note: "Coding Plan CN endpoint verified, but this key/plan does not expose GLM-5 there. Defaulting to GLM-4.7.",
+      },
+    ];
 
-  // Fallback: Coding Plan endpoint (GLM-5 not available there).
-  const coding: Array<{ endpoint: ZaiEndpointId; baseUrl: string }> = [
-    { endpoint: "coding-global", baseUrl: ZAI_CODING_GLOBAL_BASE_URL },
-    { endpoint: "coding-cn", baseUrl: ZAI_CODING_CN_BASE_URL },
-  ];
-  for (const candidate of coding) {
+    switch (params.endpoint) {
+      case "global":
+        return general.filter((candidate) => candidate.endpoint === "global");
+      case "cn":
+        return general.filter((candidate) => candidate.endpoint === "cn");
+      case "coding-global":
+        return [
+          ...codingGlm5.filter((candidate) => candidate.endpoint === "coding-global"),
+          ...codingFallback.filter((candidate) => candidate.endpoint === "coding-global"),
+        ];
+      case "coding-cn":
+        return [
+          ...codingGlm5.filter((candidate) => candidate.endpoint === "coding-cn"),
+          ...codingFallback.filter((candidate) => candidate.endpoint === "coding-cn"),
+        ];
+      default:
+        return [...general, ...codingGlm5, ...codingFallback];
+    }
+  })();
+
+  for (const candidate of probeCandidates) {
     const result = await probeZaiChatCompletions({
       baseUrl: candidate.baseUrl,
       apiKey: params.apiKey,
-      modelId: "glm-4.7",
+      modelId: candidate.modelId,
       timeoutMs,
       fetchFn: params.fetchFn,
     });
     if (result.ok) {
-      return {
-        endpoint: candidate.endpoint,
-        baseUrl: candidate.baseUrl,
-        modelId: "glm-4.7",
-        note: "Coding Plan endpoint detected; GLM-5 is not available there. Defaulting to GLM-4.7.",
-      };
+      return candidate;
     }
   }
 
diff --git a/src/config/config.nix-integration-u3-u5-u9.test.ts b/src/config/config.nix-integration-u3-u5-u9.test.ts
index 5e843607ddb..70ff90e5138 100644
--- a/src/config/config.nix-integration-u3-u5-u9.test.ts
+++ b/src/config/config.nix-integration-u3-u5-u9.test.ts
@@ -111,9 +111,12 @@ describe("Nix integration (U3, U5, U9)", () => {
     });
 
     it("CONFIG_PATH uses STATE_DIR when only state dir is overridden", () => {
-      expect(resolveConfigPathCandidate(envWith({ OPENCLAW_STATE_DIR: "/custom/state" }))).toBe(
-        path.join(path.resolve("/custom/state"), "openclaw.json"),
-      );
+      expect(
+        resolveConfigPathCandidate(
+          envWith({ OPENCLAW_STATE_DIR: "/custom/state", OPENCLAW_TEST_FAST: "1" }),
+          () => path.join(path.sep, "tmp", "openclaw-config-home"),
+        ),
+      ).toBe(path.join(path.resolve("/custom/state"), "openclaw.json"));
     });
   });
 
diff --git a/src/config/config.plugin-validation.test.ts b/src/config/config.plugin-validation.test.ts
index d7e6ae46aca..51d38b1a9af 100644
--- a/src/config/config.plugin-validation.test.ts
+++ b/src/config/config.plugin-validation.test.ts
@@ -44,7 +44,6 @@ async function writePluginFixture(params: {
 }
 
 describe("config plugin validation", () => {
-  const previousUmask = process.umask(0o022);
   let fixtureRoot = "";
   let suiteHome = "";
   let badPluginDir = "";
@@ -136,7 +135,6 @@ describe("config plugin validation", () => {
   afterAll(async () => {
     await fs.rm(fixtureRoot, { recursive: true, force: true });
     clearPluginManifestRegistryCache();
-    process.umask(previousUmask);
   });
 
   it("reports missing plugin refs across load paths, entries, and allowlist surfaces", async () => {
diff --git a/src/config/config.pruning-defaults.test.ts b/src/config/config.pruning-defaults.test.ts
index f2f66ce6bac..92d46f4ab75 100644
--- a/src/config/config.pruning-defaults.test.ts
+++ b/src/config/config.pruning-defaults.test.ts
@@ -15,6 +15,22 @@ async function writeConfigForTest(home: string, config: unknown): Promise<void>
   );
 }
 
+async function loadConfigForHome(config: unknown) {
+  return await withTempHome(async (home) => {
+    await writeConfigForTest(home, config);
+    return loadConfig();
+  });
+}
+
+function expectAnthropicPruningDefaults(
+  cfg: ReturnType<typeof loadConfig>,
+  heartbeatEvery = "30m",
+) {
+  expect(cfg.agents?.defaults?.contextPruning?.mode).toBe("cache-ttl");
+  expect(cfg.agents?.defaults?.contextPruning?.ttl).toBe("1h");
+  expect(cfg.agents?.defaults?.heartbeat?.every).toBe(heartbeatEvery);
+}
+
 describe("config pruning defaults", () => {
   it("does not enable contextPruning by default", async () => {
     await withEnvAsync({ ANTHROPIC_API_KEY: "", ANTHROPIC_OAUTH_TOKEN: "" }, async () => {
@@ -29,105 +45,103 @@ describe("config pruning defaults", () => {
   });
 
   it("enables cache-ttl pruning + 1h heartbeat for Anthropic OAuth", async () => {
-    await withTempHome(async (home) => {
-      await writeConfigForTest(home, {
-        auth: {
-          profiles: {
-            "anthropic:me": { provider: "anthropic", mode: "oauth", email: "me@example.com" },
-          },
+    const cfg = await loadConfigForHome({
+      auth: {
+        profiles: {
+          "anthropic:me": { provider: "anthropic", mode: "oauth", email: "me@example.com" },
         },
-        agents: { defaults: {} },
-      });
-
-      const cfg = loadConfig();
-
-      expect(cfg.agents?.defaults?.contextPruning?.mode).toBe("cache-ttl");
-      expect(cfg.agents?.defaults?.contextPruning?.ttl).toBe("1h");
-      expect(cfg.agents?.defaults?.heartbeat?.every).toBe("1h");
+      },
+      agents: { defaults: {} },
     });
+
+    expectAnthropicPruningDefaults(cfg, "1h");
   });
 
   it("enables cache-ttl pruning + 1h cache TTL for Anthropic API keys", async () => {
-    await withTempHome(async (home) => {
-      await writeConfigForTest(home, {
-        auth: {
-          profiles: {
-            "anthropic:api": { provider: "anthropic", mode: "api_key" },
-          },
+    const cfg = await loadConfigForHome({
+      auth: {
+        profiles: {
+          "anthropic:api": { provider: "anthropic", mode: "api_key" },
         },
-        agents: {
-          defaults: {
-            model: { primary: "anthropic/claude-opus-4-5" },
-          },
+      },
+      agents: {
+        defaults: {
+          model: { primary: "anthropic/claude-opus-4-5" },
         },
-      });
-
-      const cfg = loadConfig();
-
-      expect(cfg.agents?.defaults?.contextPruning?.mode).toBe("cache-ttl");
-      expect(cfg.agents?.defaults?.contextPruning?.ttl).toBe("1h");
-      expect(cfg.agents?.defaults?.heartbeat?.every).toBe("30m");
-      expect(
-        cfg.agents?.defaults?.models?.["anthropic/claude-opus-4-5"]?.params?.cacheRetention,
-      ).toBe("short");
+      },
     });
+
+    expectAnthropicPruningDefaults(cfg);
+    expect(
+      cfg.agents?.defaults?.models?.["anthropic/claude-opus-4-5"]?.params?.cacheRetention,
+    ).toBe("short");
+  });
+
+  it("adds cacheRetention defaults for dated Anthropic primary model refs", async () => {
+    const cfg = await loadConfigForHome({
+      auth: {
+        profiles: {
+          "anthropic:api": { provider: "anthropic", mode: "api_key" },
+        },
+      },
+      agents: {
+        defaults: {
+          model: { primary: "anthropic/claude-sonnet-4-20250514" },
+        },
+      },
+    });
+
+    expectAnthropicPruningDefaults(cfg);
+    expect(
+      cfg.agents?.defaults?.models?.["anthropic/claude-sonnet-4-20250514"]?.params?.cacheRetention,
+    ).toBe("short");
   });
 
   it("adds default cacheRetention for Anthropic Claude models on Bedrock", async () => {
-    await withTempHome(async (home) => {
-      await writeConfigForTest(home, {
-        auth: {
-          profiles: {
-            "anthropic:api": { provider: "anthropic", mode: "api_key" },
-          },
+    const cfg = await loadConfigForHome({
+      auth: {
+        profiles: {
+          "anthropic:api": { provider: "anthropic", mode: "api_key" },
         },
-        agents: {
-          defaults: {
-            model: { primary: "amazon-bedrock/us.anthropic.claude-opus-4-6-v1" },
-          },
+      },
+      agents: {
+        defaults: {
+          model: { primary: "amazon-bedrock/us.anthropic.claude-opus-4-6-v1" },
         },
-      });
-
-      const cfg = loadConfig();
-
-      expect(
-        cfg.agents?.defaults?.models?.["amazon-bedrock/us.anthropic.claude-opus-4-6-v1"]?.params
-          ?.cacheRetention,
-      ).toBe("short");
+      },
     });
+
+    expect(
+      cfg.agents?.defaults?.models?.["amazon-bedrock/us.anthropic.claude-opus-4-6-v1"]?.params
+        ?.cacheRetention,
+    ).toBe("short");
   });
 
   it("does not add default cacheRetention for non-Anthropic Bedrock models", async () => {
-    await withTempHome(async (home) => {
-      await writeConfigForTest(home, {
-        auth: {
-          profiles: {
-            "anthropic:api": { provider: "anthropic", mode: "api_key" },
-          },
+    const cfg = await loadConfigForHome({
+      auth: {
+        profiles: {
+          "anthropic:api": { provider: "anthropic", mode: "api_key" },
         },
-        agents: {
-          defaults: {
-            model: { primary: "amazon-bedrock/amazon.nova-micro-v1:0" },
-          },
+      },
+      agents: {
+        defaults: {
+          model: { primary: "amazon-bedrock/amazon.nova-micro-v1:0" },
         },
-      });
-
-      const cfg = loadConfig();
-
-      expect(
-        cfg.agents?.defaults?.models?.["amazon-bedrock/amazon.nova-micro-v1:0"]?.params
-          ?.cacheRetention,
-      ).toBeUndefined();
+      },
     });
+
+    expect(
+      cfg.agents?.defaults?.models?.["amazon-bedrock/amazon.nova-micro-v1:0"]?.params
+        ?.cacheRetention,
+    ).toBeUndefined();
   });
 
   it("does not override explicit contextPruning mode", async () => {
-    await withTempHome(async (home) => {
-      await writeConfigForTest(home, { agents: { defaults: { contextPruning: { mode: "off" } } } });
-
-      const cfg = loadConfig();
-
-      expect(cfg.agents?.defaults?.contextPruning?.mode).toBe("off");
+    const cfg = await loadConfigForHome({
+      agents: { defaults: { contextPruning: { mode: "off" } } },
     });
+
+    expect(cfg.agents?.defaults?.contextPruning?.mode).toBe("off");
   });
 });
diff --git a/src/config/plugin-auto-enable.test.ts b/src/config/plugin-auto-enable.test.ts
index c44a600a23f..1de11be4a1e 100644
--- a/src/config/plugin-auto-enable.test.ts
+++ b/src/config/plugin-auto-enable.test.ts
@@ -1,7 +1,7 @@
 import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
-import { afterAll, afterEach, describe, expect, it } from "vitest";
+import { afterEach, describe, expect, it } from "vitest";
 import { clearPluginDiscoveryCache } from "../plugins/discovery.js";
 import {
   clearPluginManifestRegistryCache,
@@ -11,7 +11,6 @@ import { validateConfigObject } from "./config.js";
 import { applyPluginAutoEnable } from "./plugin-auto-enable.js";
 
 const tempDirs: string[] = [];
-const previousUmask = process.umask(0o022);
 
 function chmodSafeDir(dir: string) {
   if (process.platform === "win32") {
@@ -126,10 +125,6 @@ afterEach(() => {
   }
 });
 
-afterAll(() => {
-  process.umask(previousUmask);
-});
-
 describe("applyPluginAutoEnable", () => {
   it("auto-enables built-in channels and appends to existing allowlist", () => {
     const result = applyWithSlackConfig({ plugins: { allow: ["telegram"] } });
diff --git a/src/config/plugin-auto-enable.ts b/src/config/plugin-auto-enable.ts
index 5c365fb5cc8..4e0cae1209f 100644
--- a/src/config/plugin-auto-enable.ts
+++ b/src/config/plugin-auto-enable.ts
@@ -1,3 +1,4 @@
+import { hasAnyWhatsAppAuth } from "../../extensions/whatsapp/src/accounts.js";
 import { normalizeProviderId } from "../agents/model-selection.js";
 import {
   getChannelPluginCatalogEntry,
@@ -13,7 +14,6 @@ import {
   type PluginManifestRegistry,
 } from "../plugins/manifest-registry.js";
 import { isRecord } from "../utils.js";
-import { hasAnyWhatsAppAuth } from "../web/accounts.js";
 import type { OpenClawConfig } from "./config.js";
 import { ensurePluginAllowlisted } from "./plugins-allowlist.js";
 
diff --git a/src/config/schema.help.ts b/src/config/schema.help.ts
index 215a17d77d8..555ee02b8eb 100644
--- a/src/config/schema.help.ts
+++ b/src/config/schema.help.ts
@@ -1,7 +1,7 @@
 import {
   DISCORD_DEFAULT_INBOUND_WORKER_TIMEOUT_MS,
   DISCORD_DEFAULT_LISTENER_TIMEOUT_MS,
-} from "../discord/monitor/timeouts.js";
+} from "../../extensions/discord/src/monitor/timeouts.js";
 import { MEDIA_AUDIO_FIELD_HELP } from "./media-audio-field-metadata.js";
 import { IRC_FIELD_HELP } from "./schema.irc.js";
 import { describeTalkSilenceTimeoutDefaults } from "./talk-defaults.js";
diff --git a/src/config/sessions/explicit-session-key-normalization.ts b/src/config/sessions/explicit-session-key-normalization.ts
index 71a74bb5db3..984b70487a3 100644
--- a/src/config/sessions/explicit-session-key-normalization.ts
+++ b/src/config/sessions/explicit-session-key-normalization.ts
@@ -1,5 +1,5 @@
+import { normalizeExplicitDiscordSessionKey } from "../../../extensions/discord/src/session-key-normalization.js";
 import type { MsgContext } from "../../auto-reply/templating.js";
-import { normalizeExplicitDiscordSessionKey } from "../../discord/session-key-normalization.js";
 
 type ExplicitSessionKeyNormalizer = (sessionKey: string, ctx: MsgContext) => string;
 type ExplicitSessionKeyNormalizerEntry = {
diff --git a/src/config/sessions/targets.test.ts b/src/config/sessions/targets.test.ts
index 720cc3e892e..43674233a3a 100644
--- a/src/config/sessions/targets.test.ts
+++ b/src/config/sessions/targets.test.ts
@@ -40,6 +40,14 @@ function createCustomRootCfg(customRoot: string, defaultAgentId = "ops"): OpenCl
   };
 }
 
+async function resolveTargetsForCustomRoot(home: string, agentIds: string[]) {
+  const customRoot = path.join(home, "custom-state");
+  const storePaths = await createAgentSessionStores(customRoot, agentIds);
+  const cfg = createCustomRootCfg(customRoot);
+  const targets = await resolveAllAgentSessionStoreTargets(cfg, { env: process.env });
+  return { storePaths, targets };
+}
+
 function expectTargetsToContainStores(
   targets: Array<{ agentId: string; storePath: string }>,
   stores: Record<string, string>,
@@ -152,11 +160,7 @@ describe("resolveAllAgentSessionStoreTargets", () => {
 
   it("discovers retired agent stores under a configured custom session root", async () => {
     await withTempHome(async (home) => {
-      const customRoot = path.join(home, "custom-state");
-      const storePaths = await createAgentSessionStores(customRoot, ["ops", "retired"]);
-      const cfg = createCustomRootCfg(customRoot);
-
-      const targets = await resolveAllAgentSessionStoreTargets(cfg, { env: process.env });
+      const { storePaths, targets } = await resolveTargetsForCustomRoot(home, ["ops", "retired"]);
 
       expectTargetsToContainStores(targets, storePaths);
       expect(targets.filter((target) => target.storePath === storePaths.ops)).toHaveLength(1);
@@ -165,11 +169,10 @@ describe("resolveAllAgentSessionStoreTargets", () => {
 
   it("keeps the actual on-disk store path for discovered retired agents", async () => {
     await withTempHome(async (home) => {
-      const customRoot = path.join(home, "custom-state");
-      const storePaths = await createAgentSessionStores(customRoot, ["ops", "Retired Agent"]);
-      const cfg = createCustomRootCfg(customRoot);
-
-      const targets = await resolveAllAgentSessionStoreTargets(cfg, { env: process.env });
+      const { storePaths, targets } = await resolveTargetsForCustomRoot(home, [
+        "ops",
+        "Retired Agent",
+      ]);
 
       expect(targets).toEqual(
         expect.arrayContaining([
diff --git a/src/config/types.discord.ts b/src/config/types.discord.ts
index 2d005dd7d7a..e25f7c5f592 100644
--- a/src/config/types.discord.ts
+++ b/src/config/types.discord.ts
@@ -1,4 +1,4 @@
-import type { DiscordPluralKitConfig } from "../discord/pluralkit.js";
+import type { DiscordPluralKitConfig } from "../../extensions/discord/src/pluralkit.js";
 import type {
   BlockStreamingChunkConfig,
   BlockStreamingCoalesceConfig,
diff --git a/src/config/zod-schema.ts b/src/config/zod-schema.ts
index 741b4bcc0c9..8c78d049d0e 100644
--- a/src/config/zod-schema.ts
+++ b/src/config/zod-schema.ts
@@ -371,9 +371,12 @@ export const OpenClawSchema = z
                 color: HexColorSchema,
               })
               .strict()
-              .refine((value) => value.cdpPort || value.cdpUrl, {
-                message: "Profile must set cdpPort or cdpUrl",
-              }),
+              .refine(
+                (value) => value.driver === "existing-session" || value.cdpPort || value.cdpUrl,
+                {
+                  message: "Profile must set cdpPort or cdpUrl",
+                },
+              ),
           )
           .optional(),
         extraArgs: z.array(z.string()).optional(),
diff --git a/src/cron/isolated-agent.delivers-response-has-heartbeat-ok-but-includes.test.ts b/src/cron/isolated-agent.delivers-response-has-heartbeat-ok-but-includes.test.ts
index 023c1e9eedc..5678b75e4f7 100644
--- a/src/cron/isolated-agent.delivers-response-has-heartbeat-ok-but-includes.test.ts
+++ b/src/cron/isolated-agent.delivers-response-has-heartbeat-ok-but-includes.test.ts
@@ -138,11 +138,10 @@ describe("runCronIsolatedAgentTurn", () => {
     });
   });
 
-  it("handles media heartbeat delivery and last-target text delivery", async () => {
+  it("delivers media payloads even when heartbeat text is suppressed", async () => {
     await withTempHome(async (home) => {
       const { storePath, deps } = await createTelegramDeliveryFixture(home);
 
-      // Media should still be delivered even if text is just HEARTBEAT_OK.
       mockEmbeddedAgentPayloads([
         { text: "HEARTBEAT_OK", mediaUrl: "https://example.com/img.png" },
       ]);
@@ -156,9 +155,15 @@ describe("runCronIsolatedAgentTurn", () => {
       expect(mediaRes.status).toBe("ok");
       expect(deps.sendMessageTelegram).toHaveBeenCalled();
       expect(runSubagentAnnounceFlow).not.toHaveBeenCalled();
+    });
+  });
+
+  it("keeps non-empty heartbeat text when last-target ack suppression is disabled", async () => {
+    await withTempHome(async (home) => {
+      const { storePath, deps } = await createTelegramDeliveryFixture(home);
 
       vi.mocked(runSubagentAnnounceFlow).mockClear();
-      vi.mocked(deps.sendMessageTelegram).mockClear();
+      vi.mocked(deps.sendMessageTelegram as (...args: unknown[]) => unknown).mockClear();
       mockEmbeddedAgentPayloads([{ text: "HEARTBEAT_OK 🦞" }]);
 
       const cfg = makeCfg(home, storePath);
@@ -194,8 +199,25 @@ describe("runCronIsolatedAgentTurn", () => {
         "HEARTBEAT_OK 🦞",
         expect.objectContaining({ accountId: undefined }),
       );
+    });
+  });
 
-      vi.mocked(deps.sendMessageTelegram).mockClear();
+  it("deletes the direct cron session after last-target text delivery", async () => {
+    await withTempHome(async (home) => {
+      const { storePath, deps } = await createTelegramDeliveryFixture(home);
+
+      mockEmbeddedAgentPayloads([{ text: "HEARTBEAT_OK 🦞" }]);
+
+      const cfg = makeCfg(home, storePath);
+      cfg.agents = {
+        ...cfg.agents,
+        defaults: {
+          ...cfg.agents?.defaults,
+          heartbeat: { ackMaxChars: 0 },
+        },
+      };
+
+      vi.mocked(deps.sendMessageTelegram as (...args: unknown[]) => unknown).mockClear();
       vi.mocked(runSubagentAnnounceFlow).mockClear();
       vi.mocked(callGateway).mockClear();
 
diff --git a/src/cron/isolated-agent.skips-delivery-without-whatsapp-recipient-besteffortdeliver-true.test.ts b/src/cron/isolated-agent.skips-delivery-without-whatsapp-recipient-besteffortdeliver-true.test.ts
index 2cdb6ee0048..5abbb453f35 100644
--- a/src/cron/isolated-agent.skips-delivery-without-whatsapp-recipient-besteffortdeliver-true.test.ts
+++ b/src/cron/isolated-agent.skips-delivery-without-whatsapp-recipient-besteffortdeliver-true.test.ts
@@ -84,18 +84,13 @@ async function expectStructuredTelegramFailure(params: {
         },
       });
 
-      expect(res.status).toBe(params.expectedStatus);
-      if (params.expectedStatus === "ok") {
-        expect(res.delivered).toBe(false);
-      }
-      if (params.expectDeliveryAttempted !== undefined) {
-        expect(res.deliveryAttempted).toBe(params.expectDeliveryAttempted);
-      }
-      if (params.expectedErrorFragment) {
-        expect(res.error).toContain(params.expectedErrorFragment);
-      }
-      expect(runSubagentAnnounceFlow).not.toHaveBeenCalled();
-      expect(deps.sendMessageTelegram).toHaveBeenCalledTimes(1);
+      expectFailedTelegramDeliveryResult({
+        res,
+        deps,
+        expectedStatus: params.expectedStatus,
+        expectedErrorFragment: params.expectedErrorFragment,
+        expectDeliveryAttempted: params.expectDeliveryAttempted,
+      });
     },
     {
       deps: {
@@ -105,6 +100,29 @@ async function expectStructuredTelegramFailure(params: {
   );
 }
 
+function expectFailedTelegramDeliveryResult(params: {
+  res: Awaited<ReturnType<typeof runCronIsolatedAgentTurn>>;
+  deps: CliDeps;
+  expectedStatus: "ok" | "error";
+  expectedErrorFragment?: string;
+  expectDeliveryAttempted?: boolean;
+}) {
+  expect(params.res.status).toBe(params.expectedStatus);
+  if (params.expectedStatus === "ok") {
+    expect(params.res.delivered).toBe(false);
+  } else {
+    expect(params.res.delivered).toBeUndefined();
+  }
+  if (params.expectDeliveryAttempted !== undefined) {
+    expect(params.res.deliveryAttempted).toBe(params.expectDeliveryAttempted);
+  }
+  if (params.expectedErrorFragment) {
+    expect(params.res.error).toContain(params.expectedErrorFragment);
+  }
+  expect(runSubagentAnnounceFlow).not.toHaveBeenCalled();
+  expect(params.deps.sendMessageTelegram).toHaveBeenCalledTimes(1);
+}
+
 async function runTelegramDeliveryResult(bestEffort: boolean) {
   let outcome:
     | {
@@ -112,19 +130,7 @@ async function runTelegramDeliveryResult(bestEffort: boolean) {
         deps: CliDeps;
       }
     | undefined;
-  await withTelegramAnnounceFixture(async ({ home, storePath, deps }) => {
-    mockAgentPayloads([{ text: "hello from cron" }]);
-    const res = await runTelegramAnnounceTurn({
-      home,
-      storePath,
-      deps,
-      delivery: {
-        mode: "announce",
-        channel: "telegram",
-        to: "123",
-        bestEffort,
-      },
-    });
+  await withTelegramTextDelivery({ bestEffort }, async ({ res, deps }) => {
     outcome = { res, deps };
   });
   if (!outcome) {
@@ -143,6 +149,57 @@ function expectSuccessfulTelegramTextDelivery(params: {
   expect(runSubagentAnnounceFlow).not.toHaveBeenCalled();
 }
 
+async function withTelegramTextDelivery(
+  params: { bestEffort: boolean },
+  run: (params: {
+    home: string;
+    storePath: string;
+    deps: CliDeps;
+    res: Awaited<ReturnType<typeof runCronIsolatedAgentTurn>>;
+  }) => Promise<void>,
+  fixtureParams?: Parameters<typeof withTelegramAnnounceFixture>[1],
+) {
+  await withTelegramAnnounceFixture(async ({ home, storePath, deps }) => {
+    mockAgentPayloads([{ text: "hello from cron" }]);
+    const res = await runTelegramAnnounceTurn({
+      home,
+      storePath,
+      deps,
+      delivery: {
+        mode: "announce",
+        channel: "telegram",
+        to: "123",
+        bestEffort: params.bestEffort,
+      },
+    });
+    await run({ home, storePath, deps, res });
+  }, fixtureParams);
+}
+
+async function expectTelegramTextDeliveryFailure(params: {
+  bestEffort: boolean;
+  expectedStatus: "ok" | "error";
+  expectedErrorFragment?: string;
+}) {
+  await withTelegramTextDelivery(
+    { bestEffort: params.bestEffort },
+    async ({ deps, res }) => {
+      expectFailedTelegramDeliveryResult({
+        res,
+        deps,
+        expectedStatus: params.expectedStatus,
+        expectedErrorFragment: params.expectedErrorFragment,
+        expectDeliveryAttempted: true,
+      });
+    },
+    {
+      deps: {
+        sendMessageTelegram: vi.fn().mockRejectedValue(new Error("boom")),
+      },
+    },
+  );
+}
+
 async function runSignalDeliveryResult(bestEffort: boolean) {
   let outcome:
     | {
@@ -358,34 +415,10 @@ describe("runCronIsolatedAgentTurn", () => {
   });
 
   it("reports not-delivered when text direct delivery fails and best-effort is enabled", async () => {
-    await withTelegramAnnounceFixture(
-      async ({ home, storePath, deps }) => {
-        mockAgentPayloads([{ text: "hello from cron" }]);
-
-        const res = await runTelegramAnnounceTurn({
-          home,
-          storePath,
-          deps,
-          delivery: {
-            mode: "announce",
-            channel: "telegram",
-            to: "123",
-            bestEffort: true,
-          },
-        });
-
-        expect(res.status).toBe("ok");
-        expect(res.delivered).toBe(false);
-        expect(res.deliveryAttempted).toBe(true);
-        expect(runSubagentAnnounceFlow).not.toHaveBeenCalled();
-        expect(deps.sendMessageTelegram).toHaveBeenCalledTimes(1);
-      },
-      {
-        deps: {
-          sendMessageTelegram: vi.fn().mockRejectedValue(new Error("boom")),
-        },
-      },
-    );
+    await expectTelegramTextDeliveryFailure({
+      bestEffort: true,
+      expectedStatus: "ok",
+    });
   });
 
   it("delivers text directly when best-effort is disabled", async () => {
@@ -398,57 +431,20 @@ describe("runCronIsolatedAgentTurn", () => {
   });
 
   it("returns error when text direct delivery fails and best-effort is disabled", async () => {
-    await withTelegramAnnounceFixture(
-      async ({ home, storePath, deps }) => {
-        mockAgentPayloads([{ text: "hello from cron" }]);
-
-        const res = await runTelegramAnnounceTurn({
-          home,
-          storePath,
-          deps,
-          delivery: {
-            mode: "announce",
-            channel: "telegram",
-            to: "123",
-            bestEffort: false,
-          },
-        });
-
-        expect(res.status).toBe("error");
-        expect(res.delivered).toBeUndefined();
-        expect(res.deliveryAttempted).toBe(true);
-        expect(res.error).toContain("boom");
-        expect(runSubagentAnnounceFlow).not.toHaveBeenCalled();
-        expect(deps.sendMessageTelegram).toHaveBeenCalledTimes(1);
-      },
-      {
-        deps: {
-          sendMessageTelegram: vi.fn().mockRejectedValue(new Error("boom")),
-        },
-      },
-    );
+    await expectTelegramTextDeliveryFailure({
+      bestEffort: false,
+      expectedStatus: "error",
+      expectedErrorFragment: "boom",
+    });
   });
 
   it("retries transient text direct delivery failures before succeeding", async () => {
     const previousFastMode = process.env.OPENCLAW_TEST_FAST;
     process.env.OPENCLAW_TEST_FAST = "1";
     try {
-      await withTelegramAnnounceFixture(
-        async ({ home, storePath, deps }) => {
-          mockAgentPayloads([{ text: "hello from cron" }]);
-
-          const res = await runTelegramAnnounceTurn({
-            home,
-            storePath,
-            deps,
-            delivery: {
-              mode: "announce",
-              channel: "telegram",
-              to: "123",
-              bestEffort: false,
-            },
-          });
-
+      await withTelegramTextDelivery(
+        { bestEffort: false },
+        async ({ deps, res }) => {
           expectSuccessfulTelegramTextDelivery({ res, deps });
           expect(deps.sendMessageTelegram).toHaveBeenCalledTimes(2);
           expect(deps.sendMessageTelegram).toHaveBeenLastCalledWith(
diff --git a/src/cron/isolated-agent/delivery-target.test.ts b/src/cron/isolated-agent/delivery-target.test.ts
index df7d29d419f..9914043b2ff 100644
--- a/src/cron/isolated-agent/delivery-target.test.ts
+++ b/src/cron/isolated-agent/delivery-target.test.ts
@@ -21,15 +21,15 @@ vi.mock("../../pairing/pairing-store.js", () => ({
   readChannelAllowFromStoreSync: vi.fn(() => []),
 }));
 
-vi.mock("../../web/accounts.js", () => ({
+vi.mock("../../../extensions/whatsapp/src/accounts.js", () => ({
   resolveWhatsAppAccount: vi.fn(() => ({ allowFrom: [] })),
 }));
 
+import { resolveWhatsAppAccount } from "../../../extensions/whatsapp/src/accounts.js";
 import { loadSessionStore } from "../../config/sessions.js";
 import { resolveMessageChannelSelection } from "../../infra/outbound/channel-selection.js";
 import { maybeResolveIdLikeTarget } from "../../infra/outbound/target-resolver.js";
 import { readChannelAllowFromStoreSync } from "../../pairing/pairing-store.js";
-import { resolveWhatsAppAccount } from "../../web/accounts.js";
 import { resolveDeliveryTarget } from "./delivery-target.js";
 
 function makeCfg(overrides?: Partial<OpenClawConfig>): OpenClawConfig {
diff --git a/src/cron/isolated-agent/delivery-target.ts b/src/cron/isolated-agent/delivery-target.ts
index 33bd80d4118..4a70352e233 100644
--- a/src/cron/isolated-agent/delivery-target.ts
+++ b/src/cron/isolated-agent/delivery-target.ts
@@ -1,3 +1,4 @@
+import { resolveWhatsAppAccount } from "../../../extensions/whatsapp/src/accounts.js";
 import type { ChannelId } from "../../channels/plugins/types.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import {
@@ -15,7 +16,6 @@ import {
 import { readChannelAllowFromStoreSync } from "../../pairing/pairing-store.js";
 import { buildChannelAccountBindings } from "../../routing/bindings.js";
 import { normalizeAccountId, normalizeAgentId } from "../../routing/session-key.js";
-import { resolveWhatsAppAccount } from "../../web/accounts.js";
 import { normalizeWhatsAppTarget } from "../../whatsapp/normalize.js";
 
 export type DeliveryTargetResolution =
diff --git a/src/cron/normalize.test.ts b/src/cron/normalize.test.ts
index 6f34c85ebed..969faa6bb6f 100644
--- a/src/cron/normalize.test.ts
+++ b/src/cron/normalize.test.ts
@@ -414,6 +414,42 @@ describe("normalizeCronJobCreate", () => {
     expect(delivery.mode).toBeUndefined();
     expect(delivery.to).toBe("123");
   });
+
+  it("resolves current sessionTarget to a persistent session when context is available", () => {
+    const normalized = normalizeCronJobCreate(
+      {
+        name: "current-session",
+        schedule: { kind: "cron", expr: "* * * * *" },
+        sessionTarget: "current",
+        payload: { kind: "agentTurn", message: "hello" },
+      },
+      { sessionContext: { sessionKey: "agent:main:discord:group:ops" } },
+    ) as unknown as Record<string, unknown>;
+
+    expect(normalized.sessionTarget).toBe("session:agent:main:discord:group:ops");
+  });
+
+  it("falls back current sessionTarget to isolated without context", () => {
+    const normalized = normalizeCronJobCreate({
+      name: "current-without-context",
+      schedule: { kind: "cron", expr: "* * * * *" },
+      sessionTarget: "current",
+      payload: { kind: "agentTurn", message: "hello" },
+    }) as unknown as Record<string, unknown>;
+
+    expect(normalized.sessionTarget).toBe("isolated");
+  });
+
+  it("preserves custom session ids with a session: prefix", () => {
+    const normalized = normalizeCronJobCreate({
+      name: "custom-session",
+      schedule: { kind: "cron", expr: "* * * * *" },
+      sessionTarget: "session:MySessionID",
+      payload: { kind: "agentTurn", message: "hello" },
+    }) as unknown as Record<string, unknown>;
+
+    expect(normalized.sessionTarget).toBe("session:MySessionID");
+  });
 });
 
 describe("normalizeCronJobPatch", () => {
diff --git a/src/cron/normalize.ts b/src/cron/normalize.ts
index 5a6c66ff356..b1afdfaaa12 100644
--- a/src/cron/normalize.ts
+++ b/src/cron/normalize.ts
@@ -11,6 +11,8 @@ type UnknownRecord = Record<string, unknown>;
 
 type NormalizeOptions = {
   applyDefaults?: boolean;
+  /** Session context for resolving "current" sessionTarget or auto-binding when not specified */
+  sessionContext?: { sessionKey?: string };
 };
 
 const DEFAULT_OPTIONS: NormalizeOptions = {
@@ -218,9 +220,17 @@ function normalizeSessionTarget(raw: unknown) {
   if (typeof raw !== "string") {
     return undefined;
   }
-  const trimmed = raw.trim().toLowerCase();
-  if (trimmed === "main" || trimmed === "isolated") {
-    return trimmed;
+  const trimmed = raw.trim();
+  const lower = trimmed.toLowerCase();
+  if (lower === "main" || lower === "isolated" || lower === "current") {
+    return lower;
+  }
+  // Support custom session IDs with "session:" prefix
+  if (lower.startsWith("session:")) {
+    const sessionId = trimmed.slice(8).trim();
+    if (sessionId) {
+      return `session:${sessionId}`;
+    }
   }
   return undefined;
 }
@@ -431,10 +441,37 @@ export function normalizeCronJobInput(
     }
     if (!next.sessionTarget && isRecord(next.payload)) {
       const kind = typeof next.payload.kind === "string" ? next.payload.kind : "";
+      // Keep default behavior unchanged for backward compatibility:
+      // - systemEvent defaults to "main"
+      // - agentTurn defaults to "isolated" (NOT "current", to avoid token accumulation)
+      // Users must explicitly specify "current" or "session:xxx" for custom session binding
       if (kind === "systemEvent") {
         next.sessionTarget = "main";
+      } else if (kind === "agentTurn") {
+        next.sessionTarget = "isolated";
       }
-      if (kind === "agentTurn") {
+    }
+
+    // Resolve "current" sessionTarget to the actual sessionKey from context
+    if (next.sessionTarget === "current") {
+      if (options.sessionContext?.sessionKey) {
+        const sessionKey = options.sessionContext.sessionKey.trim();
+        if (sessionKey) {
+          // Store as session:customId format for persistence
+          next.sessionTarget = `session:${sessionKey}`;
+        }
+      }
+      // If "current" wasn't resolved, fall back to "isolated" behavior
+      // This handles CLI/headless usage where no session context exists
+      if (next.sessionTarget === "current") {
+        next.sessionTarget = "isolated";
+      }
+    }
+    if (next.sessionTarget === "current") {
+      const sessionKey = options.sessionContext?.sessionKey?.trim();
+      if (sessionKey) {
+        next.sessionTarget = `session:${sessionKey}`;
+      } else {
         next.sessionTarget = "isolated";
       }
     }
@@ -462,8 +499,12 @@ export function normalizeCronJobInput(
     const payload = isRecord(next.payload) ? next.payload : null;
     const payloadKind = payload && typeof payload.kind === "string" ? payload.kind : "";
     const sessionTarget = typeof next.sessionTarget === "string" ? next.sessionTarget : "";
+    // Support "isolated", custom session IDs (session:xxx), and resolved "current" as isolated-like targets
     const isIsolatedAgentTurn =
-      sessionTarget === "isolated" || (sessionTarget === "" && payloadKind === "agentTurn");
+      sessionTarget === "isolated" ||
+      sessionTarget === "current" ||
+      sessionTarget.startsWith("session:") ||
+      (sessionTarget === "" && payloadKind === "agentTurn");
     const hasDelivery = "delivery" in next && next.delivery !== undefined;
     const normalizedLegacy = normalizeLegacyDeliveryInput({
       delivery: isRecord(next.delivery) ? next.delivery : null,
@@ -487,7 +528,7 @@ export function normalizeCronJobInput(
 
 export function normalizeCronJobCreate(
   raw: unknown,
-  options?: NormalizeOptions,
+  options?: Omit<NormalizeOptions, "applyDefaults">,
 ): CronJobCreate | null {
   return normalizeCronJobInput(raw, {
     applyDefaults: true,
diff --git a/src/cron/service.jobs.test.ts b/src/cron/service.jobs.test.ts
index 053ea8764de..c514f7528ba 100644
--- a/src/cron/service.jobs.test.ts
+++ b/src/cron/service.jobs.test.ts
@@ -103,6 +103,29 @@ describe("applyJobPatch", () => {
     });
   });
 
+  it("maps legacy payload delivery updates for custom session targets", () => {
+    const job = createIsolatedAgentTurnJob(
+      "job-custom-session",
+      {
+        mode: "announce",
+        channel: "telegram",
+        to: "123",
+      },
+      { sessionTarget: "session:project-alpha" },
+    );
+
+    applyJobPatch(job, {
+      payload: { kind: "agentTurn", to: "555" },
+    });
+
+    expect(job.delivery).toEqual({
+      mode: "announce",
+      channel: "telegram",
+      to: "555",
+      bestEffort: undefined,
+    });
+  });
+
   it("treats legacy payload targets as announce requests", () => {
     const job = createIsolatedAgentTurnJob("job-3", {
       mode: "none",
diff --git a/src/cron/service.runs-one-shot-main-job-disables-it.test.ts b/src/cron/service.runs-one-shot-main-job-disables-it.test.ts
index 555750bd738..75ffb262d4d 100644
--- a/src/cron/service.runs-one-shot-main-job-disables-it.test.ts
+++ b/src/cron/service.runs-one-shot-main-job-disables-it.test.ts
@@ -759,7 +759,7 @@ describe("CronService", () => {
         wakeMode: "next-heartbeat",
         payload: { kind: "systemEvent", text: "nope" },
       }),
-    ).rejects.toThrow(/isolated cron jobs require/);
+    ).rejects.toThrow(/isolated.*cron jobs require/);
 
     cron.stop();
     await store.cleanup();
diff --git a/src/cron/service.store-migration.test.ts b/src/cron/service.store-migration.test.ts
index 52c9f571b08..216154fa503 100644
--- a/src/cron/service.store-migration.test.ts
+++ b/src/cron/service.store-migration.test.ts
@@ -72,6 +72,39 @@ function createLegacyIsolatedAgentTurnJob(
 }
 
 describe("CronService store migrations", () => {
+  it("treats stored current session targets as isolated-like for default delivery migration", async () => {
+    const { store, cron } = await startCronWithStoredJobs([
+      createLegacyIsolatedAgentTurnJob({
+        id: "stored-current-job",
+        name: "stored current",
+        sessionTarget: "current",
+      }),
+    ]);
+
+    const job = await listJobById(cron, "stored-current-job");
+    expect(job).toBeDefined();
+    expect(job?.sessionTarget).toBe("isolated");
+    expect(job?.delivery).toEqual({ mode: "announce" });
+
+    await stopCronAndCleanup(cron, store);
+  });
+
+  it("preserves stored custom session targets", async () => {
+    const { store, cron } = await startCronWithStoredJobs([
+      createLegacyIsolatedAgentTurnJob({
+        id: "custom-session-job",
+        name: "custom session",
+        sessionTarget: "session:ProjectAlpha",
+      }),
+    ]);
+
+    const job = await listJobById(cron, "custom-session-job");
+    expect(job?.sessionTarget).toBe("session:ProjectAlpha");
+    expect(job?.delivery).toEqual({ mode: "announce" });
+
+    await stopCronAndCleanup(cron, store);
+  });
+
   it("migrates legacy top-level agentTurn fields and initializes missing state", async () => {
     const { store, cron } = await startCronWithStoredJobs([
       createLegacyIsolatedAgentTurnJob({
diff --git a/src/cron/service.store.migration.test.ts b/src/cron/service.store.migration.test.ts
index 8daa0b39e9a..973efca67a6 100644
--- a/src/cron/service.store.migration.test.ts
+++ b/src/cron/service.store.migration.test.ts
@@ -133,6 +133,24 @@ describe("cron store migration", () => {
     expect(schedule.at).toBe(new Date(atMs).toISOString());
   });
 
+  it("preserves stored custom session targets", async () => {
+    const migrated = await migrateLegacyJob(
+      makeLegacyJob({
+        id: "job-custom-session",
+        name: "Custom session",
+        schedule: { kind: "cron", expr: "0 23 * * *", tz: "UTC" },
+        sessionTarget: "session:ProjectAlpha",
+        payload: {
+          kind: "agentTurn",
+          message: "hello",
+        },
+      }),
+    );
+
+    expect(migrated.sessionTarget).toBe("session:ProjectAlpha");
+    expect(migrated.delivery).toEqual({ mode: "announce" });
+  });
+
   it("adds anchorMs to legacy every schedules", async () => {
     const createdAtMs = 1_700_000_000_000;
     const migrated = await migrateLegacyJob(
diff --git a/src/cron/service/jobs.ts b/src/cron/service/jobs.ts
index 5579e5430f0..542ba81053d 100644
--- a/src/cron/service/jobs.ts
+++ b/src/cron/service/jobs.ts
@@ -132,11 +132,15 @@ function resolveEveryAnchorMs(params: {
 }
 
 export function assertSupportedJobSpec(job: Pick<CronJob, "sessionTarget" | "payload">) {
+  const isIsolatedLike =
+    job.sessionTarget === "isolated" ||
+    job.sessionTarget === "current" ||
+    job.sessionTarget.startsWith("session:");
   if (job.sessionTarget === "main" && job.payload.kind !== "systemEvent") {
     throw new Error('main cron jobs require payload.kind="systemEvent"');
   }
-  if (job.sessionTarget === "isolated" && job.payload.kind !== "agentTurn") {
-    throw new Error('isolated cron jobs require payload.kind="agentTurn"');
+  if (isIsolatedLike && job.payload.kind !== "agentTurn") {
+    throw new Error('isolated/current/session cron jobs require payload.kind="agentTurn"');
   }
 }
 
@@ -181,6 +185,7 @@ function assertDeliverySupport(job: Pick<CronJob, "sessionTarget" | "delivery">)
   if (!job.delivery || job.delivery.mode === "none") {
     return;
   }
+  // Webhook delivery is allowed for any session target
   if (job.delivery.mode === "webhook") {
     const target = normalizeHttpWebhookUrl(job.delivery.to);
     if (!target) {
@@ -189,7 +194,11 @@ function assertDeliverySupport(job: Pick<CronJob, "sessionTarget" | "delivery">)
     job.delivery.to = target;
     return;
   }
-  if (job.sessionTarget !== "isolated") {
+  const isIsolatedLike =
+    job.sessionTarget === "isolated" ||
+    job.sessionTarget === "current" ||
+    job.sessionTarget.startsWith("session:");
+  if (!isIsolatedLike) {
     throw new Error('cron channel delivery config is only supported for sessionTarget="isolated"');
   }
   if (job.delivery.channel === "telegram") {
@@ -606,11 +615,11 @@ export function applyJobPatch(
   if (!patch.delivery && patch.payload?.kind === "agentTurn") {
     // Back-compat: legacy clients still update delivery via payload fields.
     const legacyDeliveryPatch = buildLegacyDeliveryPatch(patch.payload);
-    if (
-      legacyDeliveryPatch &&
-      job.sessionTarget === "isolated" &&
-      job.payload.kind === "agentTurn"
-    ) {
+    const isIsolatedLike =
+      job.sessionTarget === "isolated" ||
+      job.sessionTarget === "current" ||
+      job.sessionTarget.startsWith("session:");
+    if (legacyDeliveryPatch && isIsolatedLike && job.payload.kind === "agentTurn") {
       job.delivery = mergeCronDelivery(job.delivery, legacyDeliveryPatch);
     }
   }
diff --git a/src/cron/store-migration.ts b/src/cron/store-migration.ts
index 1e9dcb1b136..0a460174bd2 100644
--- a/src/cron/store-migration.ts
+++ b/src/cron/store-migration.ts
@@ -451,11 +451,25 @@ export function normalizeStoredCronJobs(
 
     const payloadKind =
       payloadRecord && typeof payloadRecord.kind === "string" ? payloadRecord.kind : "";
-    const normalizedSessionTarget =
-      typeof raw.sessionTarget === "string" ? raw.sessionTarget.trim().toLowerCase() : "";
-    if (normalizedSessionTarget === "main" || normalizedSessionTarget === "isolated") {
-      if (raw.sessionTarget !== normalizedSessionTarget) {
-        raw.sessionTarget = normalizedSessionTarget;
+    const rawSessionTarget = typeof raw.sessionTarget === "string" ? raw.sessionTarget.trim() : "";
+    const loweredSessionTarget = rawSessionTarget.toLowerCase();
+    if (loweredSessionTarget === "main" || loweredSessionTarget === "isolated") {
+      if (raw.sessionTarget !== loweredSessionTarget) {
+        raw.sessionTarget = loweredSessionTarget;
+        mutated = true;
+      }
+    } else if (loweredSessionTarget.startsWith("session:")) {
+      const customSessionId = rawSessionTarget.slice(8).trim();
+      if (customSessionId) {
+        const normalizedSessionTarget = `session:${customSessionId}`;
+        if (raw.sessionTarget !== normalizedSessionTarget) {
+          raw.sessionTarget = normalizedSessionTarget;
+          mutated = true;
+        }
+      }
+    } else if (loweredSessionTarget === "current") {
+      if (raw.sessionTarget !== "isolated") {
+        raw.sessionTarget = "isolated";
         mutated = true;
       }
     } else {
@@ -469,7 +483,10 @@ export function normalizeStoredCronJobs(
     const sessionTarget =
       typeof raw.sessionTarget === "string" ? raw.sessionTarget.trim().toLowerCase() : "";
     const isIsolatedAgentTurn =
-      sessionTarget === "isolated" || (sessionTarget === "" && payloadKind === "agentTurn");
+      sessionTarget === "isolated" ||
+      sessionTarget === "current" ||
+      sessionTarget.startsWith("session:") ||
+      (sessionTarget === "" && payloadKind === "agentTurn");
     const hasDelivery = delivery && typeof delivery === "object" && !Array.isArray(delivery);
     const normalizedLegacy = normalizeLegacyDeliveryInput({
       delivery: hasDelivery ? (delivery as Record<string, unknown>) : null,
diff --git a/src/cron/types.ts b/src/cron/types.ts
index 2a93bc30311..02078d15424 100644
--- a/src/cron/types.ts
+++ b/src/cron/types.ts
@@ -13,7 +13,7 @@ export type CronSchedule =
       staggerMs?: number;
     };
 
-export type CronSessionTarget = "main" | "isolated";
+export type CronSessionTarget = "main" | "isolated" | "current" | `session:${string}`;
 export type CronWakeMode = "next-heartbeat" | "now";
 
 export type CronMessageChannel = ChannelId | "last";
diff --git a/src/daemon/inspect.ts b/src/daemon/inspect.ts
index 29ac8094ceb..c3025ae8b8a 100644
--- a/src/daemon/inspect.ts
+++ b/src/daemon/inspect.ts
@@ -7,6 +7,7 @@ import {
   resolveGatewaySystemdServiceName,
   resolveGatewayWindowsTaskName,
 } from "./constants.js";
+import { resolveHomeDir } from "./paths.js";
 import { execSchtasks } from "./schtasks-exec.js";
 
 export type ExtraGatewayService = {
@@ -49,14 +50,6 @@ export function renderGatewayServiceCleanupHints(
   }
 }
 
-function resolveHomeDir(env: Record<string, string | undefined>): string {
-  const home = env.HOME?.trim() || env.USERPROFILE?.trim();
-  if (!home) {
-    throw new Error("Missing HOME");
-  }
-  return home;
-}
-
 type Marker = (typeof EXTRA_MARKERS)[number];
 
 function detectMarker(content: string): Marker | null {
diff --git a/src/daemon/launchd.test.ts b/src/daemon/launchd.test.ts
index 4c624cfeec1..341f071de91 100644
--- a/src/daemon/launchd.test.ts
+++ b/src/daemon/launchd.test.ts
@@ -29,6 +29,9 @@ const launchdRestartHandoffState = vi.hoisted(() => ({
   isCurrentProcessLaunchdServiceLabel: vi.fn<(label: string) => boolean>(() => false),
   scheduleDetachedLaunchdRestartHandoff: vi.fn((_params: unknown) => ({ ok: true, pid: 7331 })),
 }));
+const cleanStaleGatewayProcessesSync = vi.hoisted(() =>
+  vi.fn<(port?: number) => number[]>(() => []),
+);
 const defaultProgramArguments = ["node", "-e", "process.exit(0)"];
 
 function expectLaunchctlEnableBootstrapOrder(env: Record<string, string | undefined>) {
@@ -89,6 +92,10 @@ vi.mock("./launchd-restart-handoff.js", () => ({
     launchdRestartHandoffState.scheduleDetachedLaunchdRestartHandoff(params),
 }));
 
+vi.mock("../infra/restart-stale-pids.js", () => ({
+  cleanStaleGatewayProcessesSync: (port?: number) => cleanStaleGatewayProcessesSync(port),
+}));
+
 vi.mock("node:fs/promises", async (importOriginal) => {
   const actual = await importOriginal<typeof import("node:fs/promises")>();
   const wrapped = {
@@ -151,6 +158,8 @@ beforeEach(() => {
   state.dirModes.clear();
   state.files.clear();
   state.fileModes.clear();
+  cleanStaleGatewayProcessesSync.mockReset();
+  cleanStaleGatewayProcessesSync.mockReturnValue([]);
   launchdRestartHandoffState.isCurrentProcessLaunchdServiceLabel.mockReset();
   launchdRestartHandoffState.isCurrentProcessLaunchdServiceLabel.mockReturnValue(false);
   launchdRestartHandoffState.scheduleDetachedLaunchdRestartHandoff.mockReset();
@@ -328,7 +337,10 @@ describe("launchd install", () => {
   });
 
   it("restarts LaunchAgent with kickstart and no bootout", async () => {
-    const env = createDefaultLaunchdEnv();
+    const env = {
+      ...createDefaultLaunchdEnv(),
+      OPENCLAW_GATEWAY_PORT: "18789",
+    };
     const result = await restartLaunchAgent({
       env,
       stdout: new PassThrough(),
@@ -338,11 +350,38 @@ describe("launchd install", () => {
     const label = "ai.openclaw.gateway";
     const serviceId = `${domain}/${label}`;
     expect(result).toEqual({ outcome: "completed" });
+    expect(cleanStaleGatewayProcessesSync).toHaveBeenCalledWith(18789);
     expect(state.launchctlCalls).toContainEqual(["kickstart", "-k", serviceId]);
     expect(state.launchctlCalls.some((call) => call[0] === "bootout")).toBe(false);
     expect(state.launchctlCalls.some((call) => call[0] === "bootstrap")).toBe(false);
   });
 
+  it("uses the configured gateway port for stale cleanup", async () => {
+    const env = {
+      ...createDefaultLaunchdEnv(),
+      OPENCLAW_GATEWAY_PORT: "19001",
+    };
+
+    await restartLaunchAgent({
+      env,
+      stdout: new PassThrough(),
+    });
+
+    expect(cleanStaleGatewayProcessesSync).toHaveBeenCalledWith(19001);
+  });
+
+  it("skips stale cleanup when no explicit launch agent port can be resolved", async () => {
+    const env = createDefaultLaunchdEnv();
+    state.files.clear();
+
+    await restartLaunchAgent({
+      env,
+      stdout: new PassThrough(),
+    });
+
+    expect(cleanStaleGatewayProcessesSync).not.toHaveBeenCalled();
+  });
+
   it("falls back to bootstrap when kickstart cannot find the service", async () => {
     const env = createDefaultLaunchdEnv();
     state.kickstartError = "Could not find service";
diff --git a/src/daemon/launchd.ts b/src/daemon/launchd.ts
index 0e6d8610931..6c190ccd213 100644
--- a/src/daemon/launchd.ts
+++ b/src/daemon/launchd.ts
@@ -1,6 +1,7 @@
 import fs from "node:fs/promises";
 import path from "node:path";
 import { parseStrictInteger, parseStrictPositiveInteger } from "../infra/parse-finite-number.js";
+import { cleanStaleGatewayProcessesSync } from "../infra/restart-stale-pids.js";
 import {
   GATEWAY_LAUNCH_AGENT_LABEL,
   resolveGatewayServiceDescription,
@@ -113,6 +114,44 @@ async function execLaunchctl(
   return await execFileUtf8(file, fileArgs, isWindows ? { windowsHide: true } : {});
 }
 
+function parseGatewayPortFromProgramArguments(
+  programArguments: string[] | undefined,
+): number | null {
+  if (!Array.isArray(programArguments) || programArguments.length === 0) {
+    return null;
+  }
+  for (let index = 0; index < programArguments.length; index += 1) {
+    const current = programArguments[index]?.trim();
+    if (!current) {
+      continue;
+    }
+    if (current === "--port") {
+      const next = parseStrictPositiveInteger(programArguments[index + 1] ?? "");
+      if (next !== undefined) {
+        return next;
+      }
+      continue;
+    }
+    if (current.startsWith("--port=")) {
+      const value = parseStrictPositiveInteger(current.slice("--port=".length));
+      if (value !== undefined) {
+        return value;
+      }
+    }
+  }
+  return null;
+}
+
+async function resolveLaunchAgentGatewayPort(env: GatewayServiceEnv): Promise<number | null> {
+  const command = await readLaunchAgentProgramArguments(env).catch(() => null);
+  const fromArgs = parseGatewayPortFromProgramArguments(command?.programArguments);
+  if (fromArgs !== null) {
+    return fromArgs;
+  }
+  const fromEnv = parseStrictPositiveInteger(env.OPENCLAW_GATEWAY_PORT ?? "");
+  return fromEnv ?? null;
+}
+
 function resolveGuiDomain(): string {
   if (typeof process.getuid !== "function") {
     return "gui/501";
@@ -120,6 +159,58 @@ function resolveGuiDomain(): string {
   return `gui/${process.getuid()}`;
 }
 
+function throwBootstrapGuiSessionError(params: {
+  detail: string;
+  domain: string;
+  actionHint: string;
+}) {
+  throw new Error(
+    [
+      `launchctl bootstrap failed: ${params.detail}`,
+      `LaunchAgent ${params.actionHint} requires a logged-in macOS GUI session for this user (${params.domain}).`,
+      "This usually means you are running from SSH/headless context or as the wrong user (including sudo).",
+      `Fix: sign in to the macOS desktop as the target user and rerun \`${params.actionHint}\`.`,
+      "Headless deployments should use a dedicated logged-in user session or a custom LaunchDaemon (not shipped): https://docs.openclaw.ai/gateway",
+    ].join("\n"),
+  );
+}
+
+function writeLaunchAgentActionLine(
+  stdout: NodeJS.WritableStream,
+  label: string,
+  value: string,
+): void {
+  try {
+    stdout.write(`${formatLine(label, value)}\n`);
+  } catch (err: unknown) {
+    if ((err as NodeJS.ErrnoException)?.code !== "EPIPE") {
+      throw err;
+    }
+  }
+}
+
+async function bootstrapLaunchAgentOrThrow(params: {
+  domain: string;
+  serviceTarget: string;
+  plistPath: string;
+  actionHint: string;
+}) {
+  await execLaunchctl(["enable", params.serviceTarget]);
+  const boot = await execLaunchctl(["bootstrap", params.domain, params.plistPath]);
+  if (boot.code === 0) {
+    return;
+  }
+  const detail = (boot.stderr || boot.stdout).trim();
+  if (isUnsupportedGuiDomain(detail)) {
+    throwBootstrapGuiSessionError({
+      detail,
+      domain: params.domain,
+      actionHint: params.actionHint,
+    });
+  }
+  throw new Error(`launchctl bootstrap failed: ${detail}`);
+}
+
 async function ensureSecureDirectory(targetPath: string): Promise<void> {
   await fs.mkdir(targetPath, { recursive: true, mode: LAUNCH_AGENT_DIR_MODE });
   try {
@@ -414,23 +505,12 @@ export async function installLaunchAgent({
   await execLaunchctl(["bootout", domain, plistPath]);
   await execLaunchctl(["unload", plistPath]);
   // launchd can persist "disabled" state even after bootout + plist removal; clear it before bootstrap.
-  await execLaunchctl(["enable", `${domain}/${label}`]);
-  const boot = await execLaunchctl(["bootstrap", domain, plistPath]);
-  if (boot.code !== 0) {
-    const detail = (boot.stderr || boot.stdout).trim();
-    if (isUnsupportedGuiDomain(detail)) {
-      throw new Error(
-        [
-          `launchctl bootstrap failed: ${detail}`,
-          `LaunchAgent install requires a logged-in macOS GUI session for this user (${domain}).`,
-          "This usually means you are running from SSH/headless context or as the wrong user (including sudo).",
-          "Fix: sign in to the macOS desktop as the target user and rerun `openclaw gateway install --force`.",
-          "Headless deployments should use a dedicated logged-in user session or a custom LaunchDaemon (not shipped): https://docs.openclaw.ai/gateway",
-        ].join("\n"),
-      );
-    }
-    throw new Error(`launchctl bootstrap failed: ${detail}`);
-  }
+  await bootstrapLaunchAgentOrThrow({
+    domain,
+    serviceTarget: `${domain}/${label}`,
+    plistPath,
+    actionHint: "openclaw gateway install --force",
+  });
   // `bootstrap` already loads RunAtLoad agents. Avoid `kickstart -k` here:
   // on slow macOS guests it SIGTERMs the freshly booted gateway and pushes the
   // real listener startup past onboarding's health deadline.
@@ -469,25 +549,18 @@ export async function restartLaunchAgent({
     if (!handoff.ok) {
       throw new Error(`launchd restart handoff failed: ${handoff.detail ?? "unknown error"}`);
     }
-    try {
-      stdout.write(`${formatLine("Scheduled LaunchAgent restart", serviceTarget)}\n`);
-    } catch (err: unknown) {
-      if ((err as NodeJS.ErrnoException)?.code !== "EPIPE") {
-        throw err;
-      }
-    }
+    writeLaunchAgentActionLine(stdout, "Scheduled LaunchAgent restart", serviceTarget);
     return { outcome: "scheduled" };
   }
 
+  const cleanupPort = await resolveLaunchAgentGatewayPort(serviceEnv);
+  if (cleanupPort !== null) {
+    cleanStaleGatewayProcessesSync(cleanupPort);
+  }
+
   const start = await execLaunchctl(["kickstart", "-k", serviceTarget]);
   if (start.code === 0) {
-    try {
-      stdout.write(`${formatLine("Restarted LaunchAgent", serviceTarget)}\n`);
-    } catch (err: unknown) {
-      if ((err as NodeJS.ErrnoException)?.code !== "EPIPE") {
-        throw err;
-      }
-    }
+    writeLaunchAgentActionLine(stdout, "Restarted LaunchAgent", serviceTarget);
     return { outcome: "completed" };
   }
 
@@ -496,34 +569,17 @@ export async function restartLaunchAgent({
   }
 
   // If the service was previously booted out, re-register the plist and retry.
-  await execLaunchctl(["enable", serviceTarget]);
-  const boot = await execLaunchctl(["bootstrap", domain, plistPath]);
-  if (boot.code !== 0) {
-    const detail = (boot.stderr || boot.stdout).trim();
-    if (isUnsupportedGuiDomain(detail)) {
-      throw new Error(
-        [
-          `launchctl bootstrap failed: ${detail}`,
-          `LaunchAgent restart requires a logged-in macOS GUI session for this user (${domain}).`,
-          "This usually means you are running from SSH/headless context or as the wrong user (including sudo).",
-          "Fix: sign in to the macOS desktop as the target user and rerun `openclaw gateway restart`.",
-          "Headless deployments should use a dedicated logged-in user session or a custom LaunchDaemon (not shipped): https://docs.openclaw.ai/gateway",
-        ].join("\n"),
-      );
-    }
-    throw new Error(`launchctl bootstrap failed: ${detail}`);
-  }
+  await bootstrapLaunchAgentOrThrow({
+    domain,
+    serviceTarget,
+    plistPath,
+    actionHint: "openclaw gateway restart",
+  });
 
   const retry = await execLaunchctl(["kickstart", "-k", serviceTarget]);
   if (retry.code !== 0) {
     throw new Error(`launchctl kickstart failed: ${retry.stderr || retry.stdout}`.trim());
   }
-  try {
-    stdout.write(`${formatLine("Restarted LaunchAgent", serviceTarget)}\n`);
-  } catch (err: unknown) {
-    if ((err as NodeJS.ErrnoException)?.code !== "EPIPE") {
-      throw err;
-    }
-  }
+  writeLaunchAgentActionLine(stdout, "Restarted LaunchAgent", serviceTarget);
   return { outcome: "completed" };
 }
diff --git a/src/daemon/schtasks.startup-fallback.test.ts b/src/daemon/schtasks.startup-fallback.test.ts
index 4fdadd2f110..55e678052f3 100644
--- a/src/daemon/schtasks.startup-fallback.test.ts
+++ b/src/daemon/schtasks.startup-fallback.test.ts
@@ -10,6 +10,7 @@ import {
   resetSchtasksBaseMocks,
   schtasksResponses,
   withWindowsEnv,
+  writeGatewayScript,
 } from "./test-helpers/schtasks-fixtures.js";
 const childUnref = vi.hoisted(() => vi.fn());
 const spawn = vi.hoisted(() => vi.fn(() => ({ unref: childUnref })));
@@ -43,20 +44,6 @@ function resolveStartupEntryPath(env: Record<string, string>) {
   );
 }
 
-async function writeGatewayScript(env: Record<string, string>, port = 18789) {
-  const scriptPath = resolveTaskScriptPath(env);
-  await fs.mkdir(path.dirname(scriptPath), { recursive: true });
-  await fs.writeFile(
-    scriptPath,
-    [
-      "@echo off",
-      `set "OPENCLAW_GATEWAY_PORT=${port}"`,
-      `"C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\steipete\\AppData\\Roaming\\npm\\node_modules\\openclaw\\dist\\index.js" gateway --port ${port}`,
-      "",
-    ].join("\r\n"),
-    "utf8",
-  );
-}
 async function writeStartupFallbackEntry(env: Record<string, string>) {
   const startupEntryPath = resolveStartupEntryPath(env);
   await fs.mkdir(path.dirname(startupEntryPath), { recursive: true });
@@ -72,6 +59,14 @@ function expectStartupFallbackSpawn(env: Record<string, string>) {
   );
 }
 
+function expectGatewayTermination(pid: number) {
+  if (process.platform === "win32") {
+    expect(killProcessTree).not.toHaveBeenCalled();
+    return;
+  }
+  expect(killProcessTree).toHaveBeenCalledWith(pid, { graceMs: 300 });
+}
+
 function addStartupFallbackMissingResponses(
   extraResponses: Array<{ code: number; stdout: string; stderr: string }> = [],
 ) {
@@ -192,7 +187,7 @@ describe("Windows startup fallback", () => {
       await expect(restartScheduledTask({ env, stdout })).resolves.toEqual({
         outcome: "completed",
       });
-      expect(killProcessTree).toHaveBeenCalledWith(5151, { graceMs: 300 });
+      expectGatewayTermination(5151);
       expectStartupFallbackSpawn(env);
     });
   });
@@ -227,7 +222,7 @@ describe("Windows startup fallback", () => {
       delete envWithoutPort.OPENCLAW_GATEWAY_PORT;
       await stopScheduledTask({ env: envWithoutPort, stdout });
 
-      expect(killProcessTree).toHaveBeenCalledWith(5151, { graceMs: 300 });
+      expectGatewayTermination(5151);
     });
   });
 });
diff --git a/src/daemon/schtasks.stop.test.ts b/src/daemon/schtasks.stop.test.ts
index 320170706b6..04e5f1fced1 100644
--- a/src/daemon/schtasks.stop.test.ts
+++ b/src/daemon/schtasks.stop.test.ts
@@ -1,5 +1,3 @@
-import fs from "node:fs/promises";
-import path from "node:path";
 import { PassThrough } from "node:stream";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import "./test-helpers/schtasks-base-mocks.js";
@@ -10,6 +8,7 @@ import {
   schtasksCalls,
   schtasksResponses,
   withWindowsEnv,
+  writeGatewayScript,
 } from "./test-helpers/schtasks-fixtures.js";
 const findVerifiedGatewayListenerPidsOnPortSync = vi.hoisted(() =>
   vi.fn<(port: number) => number[]>(() => []),
@@ -20,34 +19,69 @@ vi.mock("../infra/gateway-processes.js", () => ({
     findVerifiedGatewayListenerPidsOnPortSync(port),
 }));
 
-const { restartScheduledTask, resolveTaskScriptPath, stopScheduledTask } =
-  await import("./schtasks.js");
+const { restartScheduledTask, stopScheduledTask } = await import("./schtasks.js");
+const GATEWAY_PORT = 18789;
+const SUCCESS_RESPONSE = { code: 0, stdout: "", stderr: "" } as const;
 
-async function writeGatewayScript(env: Record<string, string>, port = 18789) {
-  const scriptPath = resolveTaskScriptPath(env);
-  await fs.mkdir(path.dirname(scriptPath), { recursive: true });
-  await fs.writeFile(
-    scriptPath,
-    [
-      "@echo off",
-      `set "OPENCLAW_GATEWAY_PORT=${port}"`,
-      `"C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\steipete\\AppData\\Roaming\\npm\\node_modules\\openclaw\\dist\\index.js" gateway --port ${port}`,
-      "",
-    ].join("\r\n"),
-    "utf8",
-  );
+function pushSuccessfulSchtasksResponses(count: number) {
+  for (let i = 0; i < count; i += 1) {
+    schtasksResponses.push({ ...SUCCESS_RESPONSE });
+  }
+}
+
+function freePortUsage() {
+  return {
+    port: GATEWAY_PORT,
+    status: "free" as const,
+    listeners: [],
+    hints: [],
+  };
+}
+
+function busyPortUsage(
+  pid: number,
+  options: {
+    command?: string;
+    commandLine?: string;
+  } = {},
+) {
+  return {
+    port: GATEWAY_PORT,
+    status: "busy" as const,
+    listeners: [
+      {
+        pid,
+        command: options.command ?? "node.exe",
+        ...(options.commandLine ? { commandLine: options.commandLine } : {}),
+      },
+    ],
+    hints: [],
+  };
+}
+
+function expectGatewayTermination(pid: number) {
+  if (process.platform === "win32") {
+    expect(killProcessTree).not.toHaveBeenCalled();
+    return;
+  }
+  expect(killProcessTree).toHaveBeenCalledWith(pid, { graceMs: 300 });
+}
+
+async function withPreparedGatewayTask(
+  run: (context: { env: Record<string, string>; stdout: PassThrough }) => Promise<void>,
+) {
+  await withWindowsEnv("openclaw-win-stop-", async ({ env }) => {
+    await writeGatewayScript(env, GATEWAY_PORT);
+    const stdout = new PassThrough();
+    await run({ env, stdout });
+  });
 }
 
 beforeEach(() => {
   resetSchtasksBaseMocks();
   findVerifiedGatewayListenerPidsOnPortSync.mockReset();
   findVerifiedGatewayListenerPidsOnPortSync.mockReturnValue([]);
-  inspectPortUsage.mockResolvedValue({
-    port: 18789,
-    status: "free",
-    listeners: [],
-    hints: [],
-  });
+  inspectPortUsage.mockResolvedValue(freePortUsage());
 });
 
 afterEach(() => {
@@ -56,152 +90,79 @@ afterEach(() => {
 
 describe("Scheduled Task stop/restart cleanup", () => {
   it("kills lingering verified gateway listeners after schtasks stop", async () => {
-    await withWindowsEnv("openclaw-win-stop-", async ({ env }) => {
-      await writeGatewayScript(env);
-      schtasksResponses.push(
-        { code: 0, stdout: "", stderr: "" },
-        { code: 0, stdout: "", stderr: "" },
-        { code: 0, stdout: "", stderr: "" },
-      );
+    await withPreparedGatewayTask(async ({ env, stdout }) => {
+      pushSuccessfulSchtasksResponses(3);
       findVerifiedGatewayListenerPidsOnPortSync.mockReturnValue([4242]);
       inspectPortUsage
-        .mockResolvedValueOnce({
-          port: 18789,
-          status: "busy",
-          listeners: [{ pid: 4242, command: "node.exe" }],
-          hints: [],
-        })
-        .mockResolvedValueOnce({
-          port: 18789,
-          status: "free",
-          listeners: [],
-          hints: [],
-        });
+        .mockResolvedValueOnce(busyPortUsage(4242))
+        .mockResolvedValueOnce(freePortUsage());
 
-      const stdout = new PassThrough();
       await stopScheduledTask({ env, stdout });
 
-      expect(findVerifiedGatewayListenerPidsOnPortSync).toHaveBeenCalledWith(18789);
-      expect(killProcessTree).toHaveBeenCalledWith(4242, { graceMs: 300 });
+      expect(findVerifiedGatewayListenerPidsOnPortSync).toHaveBeenCalledWith(GATEWAY_PORT);
+      expectGatewayTermination(4242);
       expect(inspectPortUsage).toHaveBeenCalledTimes(2);
     });
   });
 
   it("force-kills remaining busy port listeners when the first stop pass does not free the port", async () => {
-    await withWindowsEnv("openclaw-win-stop-", async ({ env }) => {
-      await writeGatewayScript(env);
-      schtasksResponses.push(
-        { code: 0, stdout: "", stderr: "" },
-        { code: 0, stdout: "", stderr: "" },
-        { code: 0, stdout: "", stderr: "" },
-      );
+    await withPreparedGatewayTask(async ({ env, stdout }) => {
+      pushSuccessfulSchtasksResponses(3);
       findVerifiedGatewayListenerPidsOnPortSync.mockReturnValue([4242]);
-      inspectPortUsage.mockResolvedValueOnce({
-        port: 18789,
-        status: "busy",
-        listeners: [{ pid: 4242, command: "node.exe" }],
-        hints: [],
-      });
+      inspectPortUsage.mockResolvedValueOnce(busyPortUsage(4242));
       for (let i = 0; i < 20; i += 1) {
-        inspectPortUsage.mockResolvedValueOnce({
-          port: 18789,
-          status: "busy",
-          listeners: [{ pid: 4242, command: "node.exe" }],
-          hints: [],
-        });
+        inspectPortUsage.mockResolvedValueOnce(busyPortUsage(4242));
       }
       inspectPortUsage
-        .mockResolvedValueOnce({
-          port: 18789,
-          status: "busy",
-          listeners: [{ pid: 5252, command: "node.exe" }],
-          hints: [],
-        })
-        .mockResolvedValueOnce({
-          port: 18789,
-          status: "free",
-          listeners: [],
-          hints: [],
-        });
+        .mockResolvedValueOnce(busyPortUsage(5252))
+        .mockResolvedValueOnce(freePortUsage());
 
-      const stdout = new PassThrough();
       await stopScheduledTask({ env, stdout });
 
-      expect(killProcessTree).toHaveBeenNthCalledWith(1, 4242, { graceMs: 300 });
-      expect(killProcessTree).toHaveBeenNthCalledWith(2, expect.any(Number), { graceMs: 300 });
+      if (process.platform !== "win32") {
+        expect(killProcessTree).toHaveBeenNthCalledWith(1, 4242, { graceMs: 300 });
+        expect(killProcessTree).toHaveBeenNthCalledWith(2, expect.any(Number), { graceMs: 300 });
+      } else {
+        expect(killProcessTree).not.toHaveBeenCalled();
+      }
       expect(inspectPortUsage.mock.calls.length).toBeGreaterThanOrEqual(22);
     });
   });
 
   it("falls back to inspected gateway listeners when sync verification misses on Windows", async () => {
-    await withWindowsEnv("openclaw-win-stop-", async ({ env }) => {
-      await writeGatewayScript(env);
-      schtasksResponses.push(
-        { code: 0, stdout: "", stderr: "" },
-        { code: 0, stdout: "", stderr: "" },
-        { code: 0, stdout: "", stderr: "" },
-      );
+    await withPreparedGatewayTask(async ({ env, stdout }) => {
+      pushSuccessfulSchtasksResponses(3);
       findVerifiedGatewayListenerPidsOnPortSync.mockReturnValue([]);
       inspectPortUsage
-        .mockResolvedValueOnce({
-          port: 18789,
-          status: "busy",
-          listeners: [
-            {
-              pid: 6262,
-              command: "node.exe",
-              commandLine:
-                '"C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\steipete\\AppData\\Roaming\\npm\\node_modules\\openclaw\\dist\\index.js" gateway --port 18789',
-            },
-          ],
-          hints: [],
-        })
-        .mockResolvedValueOnce({
-          port: 18789,
-          status: "free",
-          listeners: [],
-          hints: [],
-        });
+        .mockResolvedValueOnce(
+          busyPortUsage(6262, {
+            commandLine:
+              '"C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\steipete\\AppData\\Roaming\\npm\\node_modules\\openclaw\\dist\\index.js" gateway --port 18789',
+          }),
+        )
+        .mockResolvedValueOnce(freePortUsage());
 
-      const stdout = new PassThrough();
       await stopScheduledTask({ env, stdout });
 
-      expect(killProcessTree).toHaveBeenCalledWith(6262, { graceMs: 300 });
+      expectGatewayTermination(6262);
       expect(inspectPortUsage).toHaveBeenCalledTimes(2);
     });
   });
 
   it("kills lingering verified gateway listeners and waits for port release before restart", async () => {
-    await withWindowsEnv("openclaw-win-stop-", async ({ env }) => {
-      await writeGatewayScript(env);
-      schtasksResponses.push(
-        { code: 0, stdout: "", stderr: "" },
-        { code: 0, stdout: "", stderr: "" },
-        { code: 0, stdout: "", stderr: "" },
-        { code: 0, stdout: "", stderr: "" },
-      );
+    await withPreparedGatewayTask(async ({ env, stdout }) => {
+      pushSuccessfulSchtasksResponses(4);
       findVerifiedGatewayListenerPidsOnPortSync.mockReturnValue([5151]);
       inspectPortUsage
-        .mockResolvedValueOnce({
-          port: 18789,
-          status: "busy",
-          listeners: [{ pid: 5151, command: "node.exe" }],
-          hints: [],
-        })
-        .mockResolvedValueOnce({
-          port: 18789,
-          status: "free",
-          listeners: [],
-          hints: [],
-        });
+        .mockResolvedValueOnce(busyPortUsage(5151))
+        .mockResolvedValueOnce(freePortUsage());
 
-      const stdout = new PassThrough();
       await expect(restartScheduledTask({ env, stdout })).resolves.toEqual({
         outcome: "completed",
       });
 
-      expect(findVerifiedGatewayListenerPidsOnPortSync).toHaveBeenCalledWith(18789);
-      expect(killProcessTree).toHaveBeenCalledWith(5151, { graceMs: 300 });
+      expect(findVerifiedGatewayListenerPidsOnPortSync).toHaveBeenCalledWith(GATEWAY_PORT);
+      expectGatewayTermination(5151);
       expect(inspectPortUsage).toHaveBeenCalledTimes(2);
       expect(schtasksCalls.at(-1)).toEqual(["/Run", "/TN", "OpenClaw Gateway"]);
     });
diff --git a/src/daemon/service-audit.test.ts b/src/daemon/service-audit.test.ts
index ffdd0fa526d..f7e87b6a518 100644
--- a/src/daemon/service-audit.test.ts
+++ b/src/daemon/service-audit.test.ts
@@ -6,6 +6,53 @@ import {
 } from "./service-audit.js";
 import { buildMinimalServicePath } from "./service-env.js";
 
+function hasIssue(
+  audit: Awaited<ReturnType<typeof auditGatewayServiceConfig>>,
+  code: (typeof SERVICE_AUDIT_CODES)[keyof typeof SERVICE_AUDIT_CODES],
+) {
+  return audit.issues.some((issue) => issue.code === code);
+}
+
+function createGatewayAudit({
+  expectedGatewayToken,
+  path = "/usr/local/bin:/usr/bin:/bin",
+  serviceToken,
+  environmentValueSources,
+}: {
+  expectedGatewayToken?: string;
+  path?: string;
+  serviceToken?: string;
+  environmentValueSources?: Record<string, "file" | "inline">;
+} = {}) {
+  return auditGatewayServiceConfig({
+    env: { HOME: "/tmp" },
+    platform: "linux",
+    expectedGatewayToken,
+    command: {
+      programArguments: ["/usr/bin/node", "gateway"],
+      environment: {
+        PATH: path,
+        ...(serviceToken ? { OPENCLAW_GATEWAY_TOKEN: serviceToken } : {}),
+      },
+      ...(environmentValueSources ? { environmentValueSources } : {}),
+    },
+  });
+}
+
+function expectTokenAudit(
+  audit: Awaited<ReturnType<typeof auditGatewayServiceConfig>>,
+  {
+    embedded,
+    mismatch,
+  }: {
+    embedded: boolean;
+    mismatch: boolean;
+  },
+) {
+  expect(hasIssue(audit, SERVICE_AUDIT_CODES.gatewayTokenEmbedded)).toBe(embedded);
+  expect(hasIssue(audit, SERVICE_AUDIT_CODES.gatewayTokenMismatch)).toBe(mismatch);
+}
+
 describe("auditGatewayServiceConfig", () => {
   it("flags bun runtime", async () => {
     const audit = await auditGatewayServiceConfig({
@@ -66,89 +113,37 @@ describe("auditGatewayServiceConfig", () => {
   });
 
   it("flags gateway token mismatch when service token is stale", async () => {
-    const audit = await auditGatewayServiceConfig({
-      env: { HOME: "/tmp" },
-      platform: "linux",
+    const audit = await createGatewayAudit({
       expectedGatewayToken: "new-token",
-      command: {
-        programArguments: ["/usr/bin/node", "gateway"],
-        environment: {
-          PATH: "/usr/local/bin:/usr/bin:/bin",
-          OPENCLAW_GATEWAY_TOKEN: "old-token",
-        },
-      },
+      serviceToken: "old-token",
     });
-    expect(
-      audit.issues.some((issue) => issue.code === SERVICE_AUDIT_CODES.gatewayTokenEmbedded),
-    ).toBe(true);
-    expect(
-      audit.issues.some((issue) => issue.code === SERVICE_AUDIT_CODES.gatewayTokenMismatch),
-    ).toBe(true);
+    expectTokenAudit(audit, { embedded: true, mismatch: true });
   });
 
   it("flags embedded service token even when it matches config token", async () => {
-    const audit = await auditGatewayServiceConfig({
-      env: { HOME: "/tmp" },
-      platform: "linux",
+    const audit = await createGatewayAudit({
       expectedGatewayToken: "new-token",
-      command: {
-        programArguments: ["/usr/bin/node", "gateway"],
-        environment: {
-          PATH: "/usr/local/bin:/usr/bin:/bin",
-          OPENCLAW_GATEWAY_TOKEN: "new-token",
-        },
-      },
+      serviceToken: "new-token",
     });
-    expect(
-      audit.issues.some((issue) => issue.code === SERVICE_AUDIT_CODES.gatewayTokenEmbedded),
-    ).toBe(true);
-    expect(
-      audit.issues.some((issue) => issue.code === SERVICE_AUDIT_CODES.gatewayTokenMismatch),
-    ).toBe(false);
+    expectTokenAudit(audit, { embedded: true, mismatch: false });
   });
 
   it("does not flag token issues when service token is not embedded", async () => {
-    const audit = await auditGatewayServiceConfig({
-      env: { HOME: "/tmp" },
-      platform: "linux",
+    const audit = await createGatewayAudit({
       expectedGatewayToken: "new-token",
-      command: {
-        programArguments: ["/usr/bin/node", "gateway"],
-        environment: {
-          PATH: "/usr/local/bin:/usr/bin:/bin",
-        },
-      },
     });
-    expect(
-      audit.issues.some((issue) => issue.code === SERVICE_AUDIT_CODES.gatewayTokenEmbedded),
-    ).toBe(false);
-    expect(
-      audit.issues.some((issue) => issue.code === SERVICE_AUDIT_CODES.gatewayTokenMismatch),
-    ).toBe(false);
+    expectTokenAudit(audit, { embedded: false, mismatch: false });
   });
 
   it("does not treat EnvironmentFile-backed tokens as embedded", async () => {
-    const audit = await auditGatewayServiceConfig({
-      env: { HOME: "/tmp" },
-      platform: "linux",
+    const audit = await createGatewayAudit({
       expectedGatewayToken: "new-token",
-      command: {
-        programArguments: ["/usr/bin/node", "gateway"],
-        environment: {
-          PATH: "/usr/local/bin:/usr/bin:/bin",
-          OPENCLAW_GATEWAY_TOKEN: "old-token",
-        },
-        environmentValueSources: {
-          OPENCLAW_GATEWAY_TOKEN: "file",
-        },
+      serviceToken: "old-token",
+      environmentValueSources: {
+        OPENCLAW_GATEWAY_TOKEN: "file",
       },
     });
-    expect(
-      audit.issues.some((issue) => issue.code === SERVICE_AUDIT_CODES.gatewayTokenEmbedded),
-    ).toBe(false);
-    expect(
-      audit.issues.some((issue) => issue.code === SERVICE_AUDIT_CODES.gatewayTokenMismatch),
-    ).toBe(false);
+    expectTokenAudit(audit, { embedded: false, mismatch: false });
   });
 });
 
diff --git a/src/daemon/systemd.test.ts b/src/daemon/systemd.test.ts
index 1d72adaaf43..0041107264a 100644
--- a/src/daemon/systemd.test.ts
+++ b/src/daemon/systemd.test.ts
@@ -25,6 +25,10 @@ type ExecFileError = Error & {
   code?: string | number;
 };
 
+const TEST_SERVICE_HOME = "/home/test";
+const TEST_MANAGED_HOME = "/tmp/openclaw-test-home";
+const GATEWAY_SERVICE = "openclaw-gateway.service";
+
 const createExecFileError = (
   message: string,
   options: { stderr?: string; code?: string | number } = {},
@@ -58,6 +62,48 @@ function pathLikeToString(pathname: unknown): string {
   return "";
 }
 
+function assertUserSystemctlArgs(args: string[], ...command: string[]) {
+  expect(args).toEqual(["--user", ...command]);
+}
+
+function assertMachineUserSystemctlArgs(args: string[], user: string, ...command: string[]) {
+  expect(args).toEqual(["--machine", `${user}@`, "--user", ...command]);
+}
+
+async function readManagedServiceEnabled(env: NodeJS.ProcessEnv = { HOME: TEST_MANAGED_HOME }) {
+  const { isSystemdServiceEnabled } = await import("./systemd.js");
+  vi.spyOn(fs, "access").mockResolvedValue(undefined);
+  return isSystemdServiceEnabled({ env });
+}
+
+function mockReadGatewayServiceFile(
+  unitLines: string[],
+  extraFiles: Record<string, string | Error> = {},
+) {
+  return vi.spyOn(fs, "readFile").mockImplementation(async (pathname) => {
+    const pathValue = pathLikeToString(pathname);
+    if (pathValue.endsWith(`/${GATEWAY_SERVICE}`)) {
+      return unitLines.join("\n");
+    }
+    const extraFile = extraFiles[pathValue];
+    if (typeof extraFile === "string") {
+      return extraFile;
+    }
+    if (extraFile instanceof Error) {
+      throw extraFile;
+    }
+    throw new Error(`unexpected readFile path: ${pathValue}`);
+  });
+}
+
+async function expectExecStartWithoutEnvironment(envFileLine: string) {
+  mockReadGatewayServiceFile(["[Service]", "ExecStart=/usr/bin/openclaw gateway run", envFileLine]);
+
+  const command = await readSystemdServiceExecStart({ HOME: TEST_SERVICE_HOME });
+  expect(command?.programArguments).toEqual(["/usr/bin/openclaw", "gateway", "run"]);
+  expect(command?.environment).toBeUndefined();
+}
+
 const assertRestartSuccess = async (env: NodeJS.ProcessEnv) => {
   const { write, stdout } = createWritableStreamMock();
   await restartSystemdService({ stdout, env });
@@ -118,24 +164,18 @@ describe("systemd availability", () => {
 });
 
 describe("isSystemdServiceEnabled", () => {
-  const mockManagedUnitPresent = () => {
-    vi.spyOn(fs, "access").mockResolvedValue(undefined);
-  };
-
   beforeEach(() => {
     vi.restoreAllMocks();
     execFileMock.mockReset();
   });
 
   it("returns false when systemctl is not present", async () => {
-    const { isSystemdServiceEnabled } = await import("./systemd.js");
-    mockManagedUnitPresent();
     execFileMock.mockImplementation((_cmd, _args, _opts, cb) => {
       const err = new Error("spawn systemctl EACCES") as Error & { code?: string };
       err.code = "EACCES";
       cb(err, "", "");
     });
-    const result = await isSystemdServiceEnabled({ env: { HOME: "/tmp/openclaw-test-home" } });
+    const result = await readManagedServiceEnabled();
     expect(result).toBe(false);
   });
 
@@ -152,55 +192,45 @@ describe("isSystemdServiceEnabled", () => {
   });
 
   it("calls systemctl is-enabled when systemctl is present", async () => {
-    const { isSystemdServiceEnabled } = await import("./systemd.js");
-    mockManagedUnitPresent();
     execFileMock.mockImplementationOnce((_cmd, args, _opts, cb) => {
-      expect(args).toEqual(["--user", "is-enabled", "openclaw-gateway.service"]);
+      assertUserSystemctlArgs(args, "is-enabled", GATEWAY_SERVICE);
       cb(null, "enabled", "");
     });
-    const result = await isSystemdServiceEnabled({ env: { HOME: "/tmp/openclaw-test-home" } });
+    const result = await readManagedServiceEnabled();
     expect(result).toBe(true);
   });
 
   it("returns false when systemctl reports disabled", async () => {
-    const { isSystemdServiceEnabled } = await import("./systemd.js");
-    mockManagedUnitPresent();
     execFileMock.mockImplementationOnce((_cmd, _args, _opts, cb) => {
       const err = new Error("disabled") as Error & { code?: number };
       err.code = 1;
       cb(err, "disabled", "");
     });
-    const result = await isSystemdServiceEnabled({ env: { HOME: "/tmp/openclaw-test-home" } });
+    const result = await readManagedServiceEnabled();
     expect(result).toBe(false);
   });
 
   it("returns false for the WSL2 Ubuntu 24.04 wrapper-only is-enabled failure", async () => {
-    const { isSystemdServiceEnabled } = await import("./systemd.js");
-    mockManagedUnitPresent();
     execFileMock.mockImplementationOnce((_cmd, args, _opts, cb) => {
-      expect(args).toEqual(["--user", "is-enabled", "openclaw-gateway.service"]);
+      assertUserSystemctlArgs(args, "is-enabled", GATEWAY_SERVICE);
       const err = new Error(
-        "Command failed: systemctl --user is-enabled openclaw-gateway.service",
+        `Command failed: systemctl --user is-enabled ${GATEWAY_SERVICE}`,
       ) as Error & { code?: number };
       err.code = 1;
       cb(err, "", "");
     });
 
-    await expect(
-      isSystemdServiceEnabled({ env: { HOME: "/tmp/openclaw-test-home" } }),
-    ).rejects.toThrow(
-      "systemctl is-enabled unavailable: Command failed: systemctl --user is-enabled openclaw-gateway.service",
+    await expect(readManagedServiceEnabled()).rejects.toThrow(
+      `systemctl is-enabled unavailable: Command failed: systemctl --user is-enabled ${GATEWAY_SERVICE}`,
     );
   });
 
   it("returns false when is-enabled cannot connect to the user bus without machine fallback", async () => {
-    const { isSystemdServiceEnabled } = await import("./systemd.js");
-    mockManagedUnitPresent();
     vi.spyOn(os, "userInfo").mockImplementationOnce(() => {
       throw new Error("no user info");
     });
     execFileMock.mockImplementationOnce((_cmd, args, _opts, cb) => {
-      expect(args).toEqual(["--user", "is-enabled", "openclaw-gateway.service"]);
+      assertUserSystemctlArgs(args, "is-enabled", GATEWAY_SERVICE);
       cb(
         createExecFileError("Failed to connect to bus", { stderr: "Failed to connect to bus" }),
         "",
@@ -209,18 +239,14 @@ describe("isSystemdServiceEnabled", () => {
     });
 
     await expect(
-      isSystemdServiceEnabled({
-        env: { HOME: "/tmp/openclaw-test-home", USER: "", LOGNAME: "" },
-      }),
+      readManagedServiceEnabled({ HOME: TEST_MANAGED_HOME, USER: "", LOGNAME: "" }),
     ).rejects.toThrow("systemctl is-enabled unavailable: Failed to connect to bus");
   });
 
   it("returns false when both direct and machine-scope is-enabled checks report bus unavailability", async () => {
-    const { isSystemdServiceEnabled } = await import("./systemd.js");
-    mockManagedUnitPresent();
     execFileMock
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
-        expect(args).toEqual(["--user", "is-enabled", "openclaw-gateway.service"]);
+        assertUserSystemctlArgs(args, "is-enabled", GATEWAY_SERVICE);
         cb(
           createExecFileError("Failed to connect to bus", { stderr: "Failed to connect to bus" }),
           "",
@@ -228,13 +254,7 @@ describe("isSystemdServiceEnabled", () => {
         );
       })
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
-        expect(args).toEqual([
-          "--machine",
-          "debian@",
-          "--user",
-          "is-enabled",
-          "openclaw-gateway.service",
-        ]);
+        assertMachineUserSystemctlArgs(args, "debian", "is-enabled", GATEWAY_SERVICE);
         cb(
           createExecFileError("Failed to connect to user scope bus via local transport", {
             stderr:
@@ -246,32 +266,28 @@ describe("isSystemdServiceEnabled", () => {
       });
 
     await expect(
-      isSystemdServiceEnabled({
-        env: { HOME: "/tmp/openclaw-test-home", USER: "debian" },
-      }),
+      readManagedServiceEnabled({ HOME: TEST_MANAGED_HOME, USER: "debian" }),
     ).rejects.toThrow("systemctl is-enabled unavailable: Failed to connect to user scope bus");
   });
 
   it("throws when generic wrapper errors report infrastructure failures", async () => {
-    const { isSystemdServiceEnabled } = await import("./systemd.js");
-    mockManagedUnitPresent();
     execFileMock.mockImplementationOnce((_cmd, args, _opts, cb) => {
-      expect(args).toEqual(["--user", "is-enabled", "openclaw-gateway.service"]);
+      assertUserSystemctlArgs(args, "is-enabled", GATEWAY_SERVICE);
       const err = new Error(
-        "Command failed: systemctl --user is-enabled openclaw-gateway.service",
+        `Command failed: systemctl --user is-enabled ${GATEWAY_SERVICE}`,
       ) as Error & { code?: number };
       err.code = 1;
       cb(err, "", "read-only file system");
     });
 
-    await expect(
-      isSystemdServiceEnabled({ env: { HOME: "/tmp/openclaw-test-home" } }),
-    ).rejects.toThrow("systemctl is-enabled unavailable: read-only file system");
+    await expect(readManagedServiceEnabled()).rejects.toThrow(
+      "systemctl is-enabled unavailable: read-only file system",
+    );
   });
 
   it("throws when systemctl is-enabled fails for non-state errors", async () => {
     const { isSystemdServiceEnabled } = await import("./systemd.js");
-    mockManagedUnitPresent();
+    vi.spyOn(fs, "access").mockResolvedValue(undefined);
     execFileMock
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
         expect(args).toEqual(["--user", "is-enabled", "openclaw-gateway.service"]);
@@ -294,7 +310,7 @@ describe("isSystemdServiceEnabled", () => {
 
   it("returns false when systemctl is-enabled exits with code 4 (not-found)", async () => {
     const { isSystemdServiceEnabled } = await import("./systemd.js");
-    mockManagedUnitPresent();
+    vi.spyOn(fs, "access").mockResolvedValue(undefined);
     execFileMock.mockImplementationOnce((_cmd, _args, _opts, cb) => {
       // On Ubuntu 24.04, `systemctl --user is-enabled <unit>` exits with
       // code 4 and prints "not-found" to stdout when the unit doesn't exist.
@@ -463,82 +479,38 @@ describe("readSystemdServiceExecStart", () => {
   });
 
   it("loads OPENCLAW_GATEWAY_TOKEN from EnvironmentFile", async () => {
-    const readFileSpy = vi.spyOn(fs, "readFile").mockImplementation(async (pathname) => {
-      const pathValue = pathLikeToString(pathname);
-      if (pathValue.endsWith("/openclaw-gateway.service")) {
-        return [
-          "[Service]",
-          "ExecStart=/usr/bin/openclaw gateway run",
-          "EnvironmentFile=%h/.openclaw/.env",
-        ].join("\n");
-      }
-      if (pathValue === "/home/test/.openclaw/.env") {
-        return "OPENCLAW_GATEWAY_TOKEN=env-file-token\n";
-      }
-      throw new Error(`unexpected readFile path: ${pathValue}`);
-    });
+    const readFileSpy = mockReadGatewayServiceFile(
+      ["[Service]", "ExecStart=/usr/bin/openclaw gateway run", "EnvironmentFile=%h/.openclaw/.env"],
+      { [`${TEST_SERVICE_HOME}/.openclaw/.env`]: "OPENCLAW_GATEWAY_TOKEN=env-file-token\n" },
+    );
 
-    const command = await readSystemdServiceExecStart({ HOME: "/home/test" });
+    const command = await readSystemdServiceExecStart({ HOME: TEST_SERVICE_HOME });
     expect(command?.environment?.OPENCLAW_GATEWAY_TOKEN).toBe("env-file-token");
     expect(readFileSpy).toHaveBeenCalledTimes(2);
   });
 
   it("lets EnvironmentFile override inline Environment values", async () => {
-    vi.spyOn(fs, "readFile").mockImplementation(async (pathname) => {
-      const pathValue = pathLikeToString(pathname);
-      if (pathValue.endsWith("/openclaw-gateway.service")) {
-        return [
-          "[Service]",
-          "ExecStart=/usr/bin/openclaw gateway run",
-          "EnvironmentFile=%h/.openclaw/.env",
-          'Environment="OPENCLAW_GATEWAY_TOKEN=inline-token"',
-        ].join("\n");
-      }
-      if (pathValue === "/home/test/.openclaw/.env") {
-        return "OPENCLAW_GATEWAY_TOKEN=env-file-token\n";
-      }
-      throw new Error(`unexpected readFile path: ${pathValue}`);
-    });
+    mockReadGatewayServiceFile(
+      [
+        "[Service]",
+        "ExecStart=/usr/bin/openclaw gateway run",
+        "EnvironmentFile=%h/.openclaw/.env",
+        'Environment="OPENCLAW_GATEWAY_TOKEN=inline-token"',
+      ],
+      { [`${TEST_SERVICE_HOME}/.openclaw/.env`]: "OPENCLAW_GATEWAY_TOKEN=env-file-token\n" },
+    );
 
-    const command = await readSystemdServiceExecStart({ HOME: "/home/test" });
+    const command = await readSystemdServiceExecStart({ HOME: TEST_SERVICE_HOME });
     expect(command?.environment?.OPENCLAW_GATEWAY_TOKEN).toBe("env-file-token");
     expect(command?.environmentValueSources?.OPENCLAW_GATEWAY_TOKEN).toBe("file");
   });
 
   it("ignores missing optional EnvironmentFile entries", async () => {
-    vi.spyOn(fs, "readFile").mockImplementation(async (pathname) => {
-      const pathValue = pathLikeToString(pathname);
-      if (pathValue.endsWith("/openclaw-gateway.service")) {
-        return [
-          "[Service]",
-          "ExecStart=/usr/bin/openclaw gateway run",
-          "EnvironmentFile=-%h/.openclaw/missing.env",
-        ].join("\n");
-      }
-      throw new Error(`missing: ${pathValue}`);
-    });
-
-    const command = await readSystemdServiceExecStart({ HOME: "/home/test" });
-    expect(command?.programArguments).toEqual(["/usr/bin/openclaw", "gateway", "run"]);
-    expect(command?.environment).toBeUndefined();
+    await expectExecStartWithoutEnvironment("EnvironmentFile=-%h/.openclaw/missing.env");
   });
 
   it("keeps parsing when non-optional EnvironmentFile entries are missing", async () => {
-    vi.spyOn(fs, "readFile").mockImplementation(async (pathname) => {
-      const pathValue = pathLikeToString(pathname);
-      if (pathValue.endsWith("/openclaw-gateway.service")) {
-        return [
-          "[Service]",
-          "ExecStart=/usr/bin/openclaw gateway run",
-          "EnvironmentFile=%h/.openclaw/missing.env",
-        ].join("\n");
-      }
-      throw new Error(`missing: ${pathValue}`);
-    });
-
-    const command = await readSystemdServiceExecStart({ HOME: "/home/test" });
-    expect(command?.programArguments).toEqual(["/usr/bin/openclaw", "gateway", "run"]);
-    expect(command?.environment).toBeUndefined();
+    await expectExecStartWithoutEnvironment("EnvironmentFile=%h/.openclaw/missing.env");
   });
 
   it("supports multiple EnvironmentFile entries and quoted paths", async () => {
@@ -631,7 +603,7 @@ describe("readSystemdServiceExecStart", () => {
 
 describe("systemd service control", () => {
   const assertMachineRestartArgs = (args: string[]) => {
-    expect(args).toEqual(["--machine", "debian@", "--user", "restart", "openclaw-gateway.service"]);
+    assertMachineUserSystemctlArgs(args, "debian", "restart", GATEWAY_SERVICE);
   };
 
   beforeEach(() => {
@@ -642,7 +614,7 @@ describe("systemd service control", () => {
     execFileMock
       .mockImplementationOnce((_cmd, _args, _opts, cb) => cb(null, "", ""))
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
-        expect(args).toEqual(["--user", "stop", "openclaw-gateway.service"]);
+        assertUserSystemctlArgs(args, "stop", GATEWAY_SERVICE);
         cb(null, "", "");
       });
     const write = vi.fn();
@@ -664,7 +636,7 @@ describe("systemd service control", () => {
         ),
       )
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
-        expect(args).toEqual(["--user", "stop", "openclaw-gateway.service"]);
+        assertUserSystemctlArgs(args, "stop", GATEWAY_SERVICE);
         cb(null, "", "");
       });
 
@@ -678,7 +650,7 @@ describe("systemd service control", () => {
     execFileMock
       .mockImplementationOnce((_cmd, _args, _opts, cb) => cb(null, "", ""))
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
-        expect(args).toEqual(["--user", "restart", "openclaw-gateway-work.service"]);
+        assertUserSystemctlArgs(args, "restart", "openclaw-gateway-work.service");
         cb(null, "", "");
       });
     await assertRestartSuccess({ OPENCLAW_PROFILE: "work" });
@@ -724,7 +696,7 @@ describe("systemd service control", () => {
   it("targets the sudo caller's user scope when SUDO_USER is set", async () => {
     execFileMock
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
-        expect(args).toEqual(["--machine", "debian@", "--user", "status"]);
+        assertMachineUserSystemctlArgs(args, "debian", "status");
         cb(null, "", "");
       })
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
@@ -737,11 +709,11 @@ describe("systemd service control", () => {
   it("keeps direct --user scope when SUDO_USER is root", async () => {
     execFileMock
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
-        expect(args).toEqual(["--user", "status"]);
+        assertUserSystemctlArgs(args, "status");
         cb(null, "", "");
       })
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
-        expect(args).toEqual(["--user", "restart", "openclaw-gateway.service"]);
+        assertUserSystemctlArgs(args, "restart", GATEWAY_SERVICE);
         cb(null, "", "");
       });
     await assertRestartSuccess({ SUDO_USER: "root", USER: "root" });
@@ -750,7 +722,7 @@ describe("systemd service control", () => {
   it("falls back to machine user scope for restart when user bus env is missing", async () => {
     execFileMock
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
-        expect(args).toEqual(["--user", "status"]);
+        assertUserSystemctlArgs(args, "status");
         const err = createExecFileError("Failed to connect to user scope bus", {
           stderr:
             "Failed to connect to user scope bus via local transport: $DBUS_SESSION_BUS_ADDRESS and $XDG_RUNTIME_DIR not defined",
@@ -758,11 +730,11 @@ describe("systemd service control", () => {
         cb(err, "", "");
       })
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
-        expect(args).toEqual(["--machine", "debian@", "--user", "status"]);
+        assertMachineUserSystemctlArgs(args, "debian", "status");
         cb(null, "", "");
       })
       .mockImplementationOnce((_cmd, args, _opts, cb) => {
-        expect(args).toEqual(["--user", "restart", "openclaw-gateway.service"]);
+        assertUserSystemctlArgs(args, "restart", GATEWAY_SERVICE);
         const err = createExecFileError("Failed to connect to user scope bus", {
           stderr: "Failed to connect to user scope bus",
         });
diff --git a/src/daemon/test-helpers/schtasks-fixtures.ts b/src/daemon/test-helpers/schtasks-fixtures.ts
index 4762b7543eb..9755acefae7 100644
--- a/src/daemon/test-helpers/schtasks-fixtures.ts
+++ b/src/daemon/test-helpers/schtasks-fixtures.ts
@@ -5,6 +5,7 @@ import { vi } from "vitest";
 import type { PortUsage } from "../../infra/ports-types.js";
 import type { killProcessTree as killProcessTreeImpl } from "../../process/kill-tree.js";
 import type { MockFn } from "../../test-utils/vitest-mock-fn.js";
+import { resolveTaskScriptPath } from "../schtasks.js";
 
 export const schtasksResponses: Array<{ code: number; stdout: string; stderr: string }> = [];
 export const schtasksCalls: string[][] = [];
@@ -36,3 +37,21 @@ export function resetSchtasksBaseMocks() {
   inspectPortUsage.mockReset();
   killProcessTree.mockReset();
 }
+
+export async function writeGatewayScript(
+  env: Record<string, string>,
+  port = Number(env.OPENCLAW_GATEWAY_PORT || "18789"),
+) {
+  const scriptPath = resolveTaskScriptPath(env);
+  await fs.mkdir(path.dirname(scriptPath), { recursive: true });
+  await fs.writeFile(
+    scriptPath,
+    [
+      "@echo off",
+      `set "OPENCLAW_GATEWAY_PORT=${port}"`,
+      `"C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\steipete\\AppData\\Roaming\\npm\\node_modules\\openclaw\\dist\\index.js" gateway --port ${port}`,
+      "",
+    ].join("\r\n"),
+    "utf8",
+  );
+}
diff --git a/src/discord/monitor/threading.auto-thread.test.ts b/src/discord/monitor/threading.auto-thread.test.ts
deleted file mode 100644
index 2affabcae44..00000000000
--- a/src/discord/monitor/threading.auto-thread.test.ts
+++ /dev/null
@@ -1,162 +0,0 @@
-import { ChannelType } from "@buape/carbon";
-import { describe, it, expect, vi, beforeEach } from "vitest";
-import { maybeCreateDiscordAutoThread } from "./threading.js";
-
-describe("maybeCreateDiscordAutoThread", () => {
-  const postMock = vi.fn();
-  const getMock = vi.fn();
-  const mockClient = {
-    rest: { post: postMock, get: getMock },
-  } as unknown as Parameters<typeof maybeCreateDiscordAutoThread>[0]["client"];
-  const mockMessage = {
-    id: "msg1",
-    timestamp: "123",
-  } as unknown as Parameters<typeof maybeCreateDiscordAutoThread>[0]["message"];
-
-  it("skips auto-thread if channelType is GuildForum", async () => {
-    const result = await maybeCreateDiscordAutoThread({
-      client: mockClient,
-      message: mockMessage,
-      messageChannelId: "forum1",
-      isGuildMessage: true,
-      channelConfig: { allowed: true, autoThread: true },
-      channelType: ChannelType.GuildForum,
-      baseText: "test",
-      combinedBody: "test",
-    });
-    expect(result).toBeUndefined();
-    expect(postMock).not.toHaveBeenCalled();
-  });
-
-  it("skips auto-thread if channelType is GuildMedia", async () => {
-    const result = await maybeCreateDiscordAutoThread({
-      client: mockClient,
-      message: mockMessage,
-      messageChannelId: "media1",
-      isGuildMessage: true,
-      channelConfig: { allowed: true, autoThread: true },
-      channelType: ChannelType.GuildMedia,
-      baseText: "test",
-      combinedBody: "test",
-    });
-    expect(result).toBeUndefined();
-    expect(postMock).not.toHaveBeenCalled();
-  });
-
-  it("skips auto-thread if channelType is GuildVoice", async () => {
-    const result = await maybeCreateDiscordAutoThread({
-      client: mockClient,
-      message: mockMessage,
-      messageChannelId: "voice1",
-      isGuildMessage: true,
-      channelConfig: { allowed: true, autoThread: true },
-      channelType: ChannelType.GuildVoice,
-      baseText: "test",
-      combinedBody: "test",
-    });
-    expect(result).toBeUndefined();
-    expect(postMock).not.toHaveBeenCalled();
-  });
-
-  it("skips auto-thread if channelType is GuildStageVoice", async () => {
-    const result = await maybeCreateDiscordAutoThread({
-      client: mockClient,
-      message: mockMessage,
-      messageChannelId: "stage1",
-      isGuildMessage: true,
-      channelConfig: { allowed: true, autoThread: true },
-      channelType: ChannelType.GuildStageVoice,
-      baseText: "test",
-      combinedBody: "test",
-    });
-    expect(result).toBeUndefined();
-    expect(postMock).not.toHaveBeenCalled();
-  });
-
-  it("creates auto-thread if channelType is GuildText", async () => {
-    postMock.mockResolvedValueOnce({ id: "thread1" });
-    const result = await maybeCreateDiscordAutoThread({
-      client: mockClient,
-      message: mockMessage,
-      messageChannelId: "text1",
-      isGuildMessage: true,
-      channelConfig: { allowed: true, autoThread: true },
-      channelType: ChannelType.GuildText,
-      baseText: "test",
-      combinedBody: "test",
-    });
-    expect(result).toBe("thread1");
-    expect(postMock).toHaveBeenCalled();
-  });
-});
-
-describe("maybeCreateDiscordAutoThread autoArchiveDuration", () => {
-  const postMock = vi.fn();
-  const getMock = vi.fn();
-  const mockClient = {
-    rest: { post: postMock, get: getMock },
-  } as unknown as Parameters<typeof maybeCreateDiscordAutoThread>[0]["client"];
-  const mockMessage = {
-    id: "msg1",
-    timestamp: "123",
-  } as unknown as Parameters<typeof maybeCreateDiscordAutoThread>[0]["message"];
-
-  beforeEach(() => {
-    postMock.mockReset();
-    getMock.mockReset();
-  });
-
-  it("uses configured autoArchiveDuration", async () => {
-    postMock.mockResolvedValueOnce({ id: "thread1" });
-    await maybeCreateDiscordAutoThread({
-      client: mockClient,
-      message: mockMessage,
-      messageChannelId: "text1",
-      isGuildMessage: true,
-      channelConfig: { allowed: true, autoThread: true, autoArchiveDuration: "10080" },
-      channelType: ChannelType.GuildText,
-      baseText: "test",
-      combinedBody: "test",
-    });
-    expect(postMock).toHaveBeenCalledWith(
-      expect.any(String),
-      expect.objectContaining({ body: expect.objectContaining({ auto_archive_duration: 10080 }) }),
-    );
-  });
-
-  it("accepts numeric autoArchiveDuration", async () => {
-    postMock.mockResolvedValueOnce({ id: "thread1" });
-    await maybeCreateDiscordAutoThread({
-      client: mockClient,
-      message: mockMessage,
-      messageChannelId: "text1",
-      isGuildMessage: true,
-      channelConfig: { allowed: true, autoThread: true, autoArchiveDuration: 4320 },
-      channelType: ChannelType.GuildText,
-      baseText: "test",
-      combinedBody: "test",
-    });
-    expect(postMock).toHaveBeenCalledWith(
-      expect.any(String),
-      expect.objectContaining({ body: expect.objectContaining({ auto_archive_duration: 4320 }) }),
-    );
-  });
-
-  it("defaults to 60 when autoArchiveDuration not set", async () => {
-    postMock.mockResolvedValueOnce({ id: "thread1" });
-    await maybeCreateDiscordAutoThread({
-      client: mockClient,
-      message: mockMessage,
-      messageChannelId: "text1",
-      isGuildMessage: true,
-      channelConfig: { allowed: true, autoThread: true },
-      channelType: ChannelType.GuildText,
-      baseText: "test",
-      combinedBody: "test",
-    });
-    expect(postMock).toHaveBeenCalledWith(
-      expect.any(String),
-      expect.objectContaining({ body: expect.objectContaining({ auto_archive_duration: 60 }) }),
-    );
-  });
-});
diff --git a/src/discord/monitor/threading.starter.test.ts b/src/discord/monitor/threading.starter.test.ts
deleted file mode 100644
index 07268d7fae9..00000000000
--- a/src/discord/monitor/threading.starter.test.ts
+++ /dev/null
@@ -1,55 +0,0 @@
-import { ChannelType, type Client } from "@buape/carbon";
-import { beforeEach, describe, expect, it, vi } from "vitest";
-import {
-  __resetDiscordThreadStarterCacheForTest,
-  resolveDiscordThreadStarter,
-} from "./threading.js";
-
-describe("resolveDiscordThreadStarter", () => {
-  beforeEach(() => {
-    __resetDiscordThreadStarterCacheForTest();
-  });
-
-  it("falls back to joined embed title and description when content is empty", async () => {
-    const get = vi.fn().mockResolvedValue({
-      content: "   ",
-      embeds: [{ title: "Alert", description: "Details" }],
-      author: { username: "Alice", discriminator: "0" },
-      timestamp: "2026-02-24T12:00:00.000Z",
-    });
-    const client = { rest: { get } } as unknown as Client;
-
-    const result = await resolveDiscordThreadStarter({
-      channel: { id: "thread-1" },
-      client,
-      parentId: "parent-1",
-      parentType: ChannelType.GuildText,
-      resolveTimestampMs: () => 123,
-    });
-
-    expect(result).toEqual({
-      text: "Alert\nDetails",
-      author: "Alice",
-      timestamp: 123,
-    });
-  });
-
-  it("prefers starter content over embed fallback text", async () => {
-    const get = vi.fn().mockResolvedValue({
-      content: "starter content",
-      embeds: [{ title: "Alert", description: "Details" }],
-      author: { username: "Alice", discriminator: "0" },
-    });
-    const client = { rest: { get } } as unknown as Client;
-
-    const result = await resolveDiscordThreadStarter({
-      channel: { id: "thread-1" },
-      client,
-      parentId: "parent-1",
-      parentType: ChannelType.GuildText,
-      resolveTimestampMs: () => undefined,
-    });
-
-    expect(result?.text).toBe("starter content");
-  });
-});
diff --git a/src/gateway/call.test.ts b/src/gateway/call.test.ts
index e4d8d28f562..7fd9b7c84cb 100644
--- a/src/gateway/call.test.ts
+++ b/src/gateway/call.test.ts
@@ -18,6 +18,11 @@ let lastClientOptions: {
   onHelloOk?: (hello: { features?: { methods?: string[] } }) => void | Promise<void>;
   onClose?: (code: number, reason: string) => void;
 } | null = null;
+let lastRequestOptions: {
+  method?: string;
+  params?: unknown;
+  opts?: { expectFinal?: boolean; timeoutMs?: number | null };
+} | null = null;
 type StartMode = "hello" | "close" | "silent";
 let startMode: StartMode = "hello";
 let closeCode = 1006;
@@ -45,7 +50,12 @@ vi.mock("./client.js", () => ({
     }) {
       lastClientOptions = opts;
     }
-    async request() {
+    async request(
+      method: string,
+      params: unknown,
+      opts?: { expectFinal?: boolean; timeoutMs?: number | null },
+    ) {
+      lastRequestOptions = { method, params, opts };
       return { ok: true };
     }
     start() {
@@ -72,6 +82,7 @@ function resetGatewayCallMocks() {
   pickPrimaryTailnetIPv4.mockClear();
   pickPrimaryLanIPv4.mockClear();
   lastClientOptions = null;
+  lastRequestOptions = null;
   startMode = "hello";
   closeCode = 1006;
   closeReason = "";
@@ -574,6 +585,25 @@ describe("callGateway error details", () => {
     expect(errMessage).toContain("gateway closed (1006");
   });
 
+  it("forwards caller timeout to client requests", async () => {
+    setLocalLoopbackGatewayConfig();
+
+    await callGateway({ method: "health", timeoutMs: 45_000 });
+
+    expect(lastRequestOptions?.method).toBe("health");
+    expect(lastRequestOptions?.opts?.timeoutMs).toBe(45_000);
+  });
+
+  it("does not inject wrapper timeout defaults into expectFinal requests", async () => {
+    setLocalLoopbackGatewayConfig();
+
+    await callGateway({ method: "health", expectFinal: true });
+
+    expect(lastRequestOptions?.method).toBe("health");
+    expect(lastRequestOptions?.opts?.expectFinal).toBe(true);
+    expect(lastRequestOptions?.opts?.timeoutMs).toBeUndefined();
+  });
+
   it("fails fast when remote mode is missing remote url", async () => {
     loadConfig.mockReturnValue({
       gateway: { mode: "remote", bind: "loopback", remote: {} },
diff --git a/src/gateway/call.ts b/src/gateway/call.ts
index 8e8f449fc59..f163a45ef06 100644
--- a/src/gateway/call.ts
+++ b/src/gateway/call.ts
@@ -848,6 +848,7 @@ async function executeGatewayRequestWithScopes<T>(params: {
           });
           const result = await client.request<T>(opts.method, opts.params, {
             expectFinal: opts.expectFinal,
+            timeoutMs: opts.timeoutMs,
           });
           ignoreClose = true;
           stop(undefined, result);
diff --git a/src/gateway/channel-health-monitor.test.ts b/src/gateway/channel-health-monitor.test.ts
index 6f7c8104874..32052af5745 100644
--- a/src/gateway/channel-health-monitor.test.ts
+++ b/src/gateway/channel-health-monitor.test.ts
@@ -106,6 +106,24 @@ function createSlackSnapshotManager(
   );
 }
 
+function createBusyDisconnectedManager(lastRunActivityAt: number): ChannelManager {
+  const now = Date.now();
+  return createSnapshotManager({
+    discord: {
+      default: {
+        running: true,
+        connected: false,
+        enabled: true,
+        configured: true,
+        lastStartAt: now - 300_000,
+        activeRuns: 1,
+        busy: true,
+        lastRunActivityAt,
+      },
+    },
+  });
+}
+
 async function expectRestartedChannel(
   manager: ChannelManager,
   channel: ChannelId,
@@ -250,39 +268,13 @@ describe("channel-health-monitor", () => {
 
   it("restarts busy channels when run activity is stale", async () => {
     const now = Date.now();
-    const manager = createSnapshotManager({
-      discord: {
-        default: {
-          running: true,
-          connected: false,
-          enabled: true,
-          configured: true,
-          lastStartAt: now - 300_000,
-          activeRuns: 1,
-          busy: true,
-          lastRunActivityAt: now - 26 * 60_000,
-        },
-      },
-    });
+    const manager = createBusyDisconnectedManager(now - 26 * 60_000);
     await expectRestartedChannel(manager, "discord");
   });
 
   it("restarts disconnected channels when busy flags are inherited from a prior lifecycle", async () => {
     const now = Date.now();
-    const manager = createSnapshotManager({
-      discord: {
-        default: {
-          running: true,
-          connected: false,
-          enabled: true,
-          configured: true,
-          lastStartAt: now - 300_000,
-          activeRuns: 1,
-          busy: true,
-          lastRunActivityAt: now - 301_000,
-        },
-      },
-    });
+    const manager = createBusyDisconnectedManager(now - 301_000);
     await expectRestartedChannel(manager, "discord");
   });
 
diff --git a/src/gateway/channel-health-policy.test.ts b/src/gateway/channel-health-policy.test.ts
index 0a2c34604fa..359190cd8c6 100644
--- a/src/gateway/channel-health-policy.test.ts
+++ b/src/gateway/channel-health-policy.test.ts
@@ -1,6 +1,19 @@
 import { describe, expect, it } from "vitest";
 import { evaluateChannelHealth, resolveChannelRestartReason } from "./channel-health-policy.js";
 
+function evaluateDiscordHealth(
+  account: Record<string, unknown>,
+  now = 100_000,
+  channelId = "discord",
+) {
+  return evaluateChannelHealth(account, {
+    channelId,
+    now,
+    channelConnectGraceMs: 10_000,
+    staleEventThresholdMs: 30_000,
+  });
+}
+
 describe("evaluateChannelHealth", () => {
   it("treats disabled accounts as healthy unmanaged", () => {
     const evaluation = evaluateChannelHealth(
@@ -144,48 +157,32 @@ describe("evaluateChannelHealth", () => {
   });
 
   it("skips stale-socket detection for channels in webhook mode", () => {
-    const evaluation = evaluateChannelHealth(
-      {
-        running: true,
-        connected: true,
-        enabled: true,
-        configured: true,
-        lastStartAt: 0,
-        lastEventAt: 0,
-        mode: "webhook",
-      },
-      {
-        channelId: "discord",
-        now: 100_000,
-        channelConnectGraceMs: 10_000,
-        staleEventThresholdMs: 30_000,
-      },
-    );
+    const evaluation = evaluateDiscordHealth({
+      running: true,
+      connected: true,
+      enabled: true,
+      configured: true,
+      lastStartAt: 0,
+      lastEventAt: 0,
+      mode: "webhook",
+    });
     expect(evaluation).toEqual({ healthy: true, reason: "healthy" });
   });
 
   it("does not flag stale sockets for channels without event tracking", () => {
-    const evaluation = evaluateChannelHealth(
-      {
-        running: true,
-        connected: true,
-        enabled: true,
-        configured: true,
-        lastStartAt: 0,
-        lastEventAt: null,
-      },
-      {
-        channelId: "discord",
-        now: 100_000,
-        channelConnectGraceMs: 10_000,
-        staleEventThresholdMs: 30_000,
-      },
-    );
+    const evaluation = evaluateDiscordHealth({
+      running: true,
+      connected: true,
+      enabled: true,
+      configured: true,
+      lastStartAt: 0,
+      lastEventAt: null,
+    });
     expect(evaluation).toEqual({ healthy: true, reason: "healthy" });
   });
 
   it("does not flag stale sockets without an active connected socket", () => {
-    const evaluation = evaluateChannelHealth(
+    const evaluation = evaluateDiscordHealth(
       {
         running: true,
         enabled: true,
@@ -193,18 +190,14 @@ describe("evaluateChannelHealth", () => {
         lastStartAt: 0,
         lastEventAt: 0,
       },
-      {
-        channelId: "slack",
-        now: 75_000,
-        channelConnectGraceMs: 10_000,
-        staleEventThresholdMs: 30_000,
-      },
+      75_000,
+      "slack",
     );
     expect(evaluation).toEqual({ healthy: true, reason: "healthy" });
   });
 
   it("ignores inherited event timestamps from a previous lifecycle", () => {
-    const evaluation = evaluateChannelHealth(
+    const evaluation = evaluateDiscordHealth(
       {
         running: true,
         connected: true,
@@ -213,12 +206,8 @@ describe("evaluateChannelHealth", () => {
         lastStartAt: 50_000,
         lastEventAt: 10_000,
       },
-      {
-        channelId: "slack",
-        now: 75_000,
-        channelConnectGraceMs: 10_000,
-        staleEventThresholdMs: 30_000,
-      },
+      75_000,
+      "slack",
     );
     expect(evaluation).toEqual({ healthy: true, reason: "healthy" });
   });
diff --git a/src/gateway/client-callsites.guard.test.ts b/src/gateway/client-callsites.guard.test.ts
index 9563a0ea75a..c32b5e21c45 100644
--- a/src/gateway/client-callsites.guard.test.ts
+++ b/src/gateway/client-callsites.guard.test.ts
@@ -6,7 +6,7 @@ const GATEWAY_CLIENT_CONSTRUCTOR_PATTERN = /new\s+GatewayClient\s*\(/;
 
 const ALLOWED_GATEWAY_CLIENT_CALLSITES = new Set([
   "src/acp/server.ts",
-  "src/discord/monitor/exec-approvals.ts",
+  "extensions/discord/src/monitor/exec-approvals.ts",
   "src/gateway/call.ts",
   "src/gateway/probe.ts",
   "src/node-host/runner.ts",
diff --git a/src/gateway/client.test.ts b/src/gateway/client.test.ts
index d9bcc55b722..d3fdc89c86a 100644
--- a/src/gateway/client.test.ts
+++ b/src/gateway/client.test.ts
@@ -23,6 +23,8 @@ class MockWebSocket {
   private closeHandlers: WsEventHandlers["close"][] = [];
   private errorHandlers: WsEventHandlers["error"][] = [];
   readonly sent: string[] = [];
+  closeCalls = 0;
+  terminateCalls = 0;
 
   constructor(_url: string, _options?: unknown) {
     wsInstances.push(this);
@@ -52,9 +54,14 @@ class MockWebSocket {
   }
 
   close(code?: number, reason?: string): void {
+    this.closeCalls += 1;
     this.emitClose(code ?? 1000, reason ?? "");
   }
 
+  terminate(): void {
+    this.terminateCalls += 1;
+  }
+
   send(data: string): void {
     this.sent.push(data);
   }
@@ -297,6 +304,29 @@ describe("GatewayClient close handling", () => {
     client.stop();
   });
 
+  it("force-terminates a lingering socket after stop", async () => {
+    vi.useFakeTimers();
+    try {
+      const client = new GatewayClient({
+        url: "ws://127.0.0.1:18789",
+      });
+
+      client.start();
+      const ws = getLatestWs();
+
+      client.stop();
+
+      expect(ws.closeCalls).toBe(1);
+      expect(ws.terminateCalls).toBe(0);
+
+      await vi.advanceTimersByTimeAsync(250);
+
+      expect(ws.terminateCalls).toBe(1);
+    } finally {
+      vi.useRealTimers();
+    }
+  });
+
   it("does not clear persisted device auth when explicit shared token is provided", () => {
     const onClose = vi.fn();
     const identity: DeviceIdentity = {
diff --git a/src/gateway/client.ts b/src/gateway/client.ts
index f2c7a184dd8..0e30cef34e8 100644
--- a/src/gateway/client.ts
+++ b/src/gateway/client.ts
@@ -44,6 +44,7 @@ type Pending = {
   resolve: (value: unknown) => void;
   reject: (err: unknown) => void;
   expectFinal: boolean;
+  timeout: NodeJS.Timeout | null;
 };
 
 type GatewayClientErrorShape = {
@@ -78,6 +79,7 @@ export type GatewayClientOptions = {
   url?: string; // ws://127.0.0.1:18789
   connectDelayMs?: number;
   tickWatchMinIntervalMs?: number;
+  requestTimeoutMs?: number;
   token?: string;
   bootstrapToken?: string;
   deviceToken?: string;
@@ -117,6 +119,8 @@ export function describeGatewayCloseCode(code: number): string | undefined {
   return GATEWAY_CLOSE_CODE_HINTS[code];
 }
 
+const FORCE_STOP_TERMINATE_GRACE_MS = 250;
+
 export class GatewayClient {
   private ws: WebSocket | null = null;
   private opts: GatewayClientOptions;
@@ -134,6 +138,7 @@ export class GatewayClient {
   private lastTick: number | null = null;
   private tickIntervalMs = 30_000;
   private tickTimer: NodeJS.Timeout | null = null;
+  private readonly requestTimeoutMs: number;
 
   constructor(opts: GatewayClientOptions) {
     this.opts = {
@@ -143,6 +148,10 @@ export class GatewayClient {
           ? undefined
           : (opts.deviceIdentity ?? loadOrCreateDeviceIdentity()),
     };
+    this.requestTimeoutMs =
+      typeof opts.requestTimeoutMs === "number" && Number.isFinite(opts.requestTimeoutMs)
+        ? Math.max(1, Math.min(Math.floor(opts.requestTimeoutMs), 2_147_483_647))
+        : 30_000;
   }
 
   start() {
@@ -273,8 +282,17 @@ export class GatewayClient {
       clearInterval(this.tickTimer);
       this.tickTimer = null;
     }
-    this.ws?.close();
+    const ws = this.ws;
     this.ws = null;
+    if (ws) {
+      ws.close();
+      const forceTerminateTimer = setTimeout(() => {
+        try {
+          ws.terminate();
+        } catch {}
+      }, FORCE_STOP_TERMINATE_GRACE_MS);
+      forceTerminateTimer.unref?.();
+    }
     this.flushPendingErrors(new Error("gateway client stopped"));
   }
 
@@ -575,6 +593,9 @@ export class GatewayClient {
           return;
         }
         this.pending.delete(parsed.id);
+        if (pending.timeout) {
+          clearTimeout(pending.timeout);
+        }
         if (parsed.ok) {
           pending.resolve(parsed.payload);
         } else {
@@ -627,6 +648,9 @@ export class GatewayClient {
 
   private flushPendingErrors(err: Error) {
     for (const [, p] of this.pending) {
+      if (p.timeout) {
+        clearTimeout(p.timeout);
+      }
       p.reject(err);
     }
     this.pending.clear();
@@ -686,7 +710,7 @@ export class GatewayClient {
   async request<T = Record<string, unknown>>(
     method: string,
     params?: unknown,
-    opts?: { expectFinal?: boolean },
+    opts?: { expectFinal?: boolean; timeoutMs?: number | null },
   ): Promise<T> {
     if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
       throw new Error("gateway not connected");
@@ -699,11 +723,27 @@ export class GatewayClient {
       );
     }
     const expectFinal = opts?.expectFinal === true;
+    const timeoutMs =
+      opts?.timeoutMs === null
+        ? null
+        : typeof opts?.timeoutMs === "number" && Number.isFinite(opts.timeoutMs)
+          ? Math.max(1, Math.min(Math.floor(opts.timeoutMs), 2_147_483_647))
+          : expectFinal
+            ? null
+            : this.requestTimeoutMs;
     const p = new Promise<T>((resolve, reject) => {
+      const timeout =
+        timeoutMs === null
+          ? null
+          : setTimeout(() => {
+              this.pending.delete(id);
+              reject(new Error(`gateway request timeout for ${method}`));
+            }, timeoutMs);
       this.pending.set(id, {
         resolve: (value) => resolve(value as T),
         reject,
         expectFinal,
+        timeout,
       });
     });
     this.ws.send(JSON.stringify(frame));
diff --git a/src/gateway/client.watchdog.test.ts b/src/gateway/client.watchdog.test.ts
index f723c3fdcb5..603c36a229b 100644
--- a/src/gateway/client.watchdog.test.ts
+++ b/src/gateway/client.watchdog.test.ts
@@ -1,7 +1,7 @@
 import { createServer as createHttpsServer } from "node:https";
 import { createServer } from "node:net";
-import { afterEach, describe, expect, test } from "vitest";
-import { WebSocketServer } from "ws";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { WebSocket, WebSocketServer } from "ws";
 import { rawDataToString } from "../infra/ws.js";
 import { GatewayClient } from "./client.js";
 
@@ -85,6 +85,160 @@ describe("GatewayClient", () => {
     }
   }, 4000);
 
+  test("times out unresolved requests and clears pending state", async () => {
+    vi.useFakeTimers();
+    try {
+      const client = new GatewayClient({
+        requestTimeoutMs: 25,
+      });
+      const send = vi.fn();
+      (
+        client as unknown as {
+          ws: WebSocket | { readyState: number; send: () => void; close: () => void };
+        }
+      ).ws = {
+        readyState: WebSocket.OPEN,
+        send,
+        close: vi.fn(),
+      };
+
+      const requestPromise = client.request("status");
+      const requestExpectation = expect(requestPromise).rejects.toThrow(
+        "gateway request timeout for status",
+      );
+      expect(send).toHaveBeenCalledTimes(1);
+      expect((client as unknown as { pending: Map<string, unknown> }).pending.size).toBe(1);
+
+      await vi.advanceTimersByTimeAsync(25);
+
+      await requestExpectation;
+      expect((client as unknown as { pending: Map<string, unknown> }).pending.size).toBe(0);
+    } finally {
+      vi.useRealTimers();
+    }
+  });
+
+  test("does not auto-timeout expectFinal requests", async () => {
+    vi.useFakeTimers();
+    try {
+      const client = new GatewayClient({
+        requestTimeoutMs: 25,
+      });
+      const send = vi.fn();
+      (
+        client as unknown as {
+          ws: WebSocket | { readyState: number; send: () => void; close: () => void };
+        }
+      ).ws = {
+        readyState: WebSocket.OPEN,
+        send,
+        close: vi.fn(),
+      };
+
+      let settled = false;
+      const requestPromise = client.request("chat.send", undefined, { expectFinal: true });
+      void requestPromise.then(
+        () => {
+          settled = true;
+        },
+        () => {
+          settled = true;
+        },
+      );
+      expect(send).toHaveBeenCalledTimes(1);
+
+      await vi.advanceTimersByTimeAsync(25);
+
+      expect(settled).toBe(false);
+      expect((client as unknown as { pending: Map<string, unknown> }).pending.size).toBe(1);
+
+      client.stop();
+      await expect(requestPromise).rejects.toThrow("gateway client stopped");
+    } finally {
+      vi.useRealTimers();
+    }
+  });
+
+  test("clamps oversized explicit request timeouts before scheduling", async () => {
+    vi.useFakeTimers();
+    try {
+      const client = new GatewayClient({
+        requestTimeoutMs: 25,
+      });
+      const send = vi.fn();
+      (
+        client as unknown as {
+          ws: WebSocket | { readyState: number; send: () => void; close: () => void };
+        }
+      ).ws = {
+        readyState: WebSocket.OPEN,
+        send,
+        close: vi.fn(),
+      };
+
+      let settled = false;
+      const requestPromise = client.request("status", undefined, { timeoutMs: 2_592_010_000 });
+      void requestPromise.then(
+        () => {
+          settled = true;
+        },
+        () => {
+          settled = true;
+        },
+      );
+
+      await vi.advanceTimersByTimeAsync(1);
+
+      expect(settled).toBe(false);
+      expect((client as unknown as { pending: Map<string, unknown> }).pending.size).toBe(1);
+
+      client.stop();
+      await expect(requestPromise).rejects.toThrow("gateway client stopped");
+    } finally {
+      vi.useRealTimers();
+    }
+  });
+
+  test("clamps oversized default request timeouts before scheduling", async () => {
+    vi.useFakeTimers();
+    try {
+      const client = new GatewayClient({
+        requestTimeoutMs: 2_592_010_000,
+      });
+      const send = vi.fn();
+      (
+        client as unknown as {
+          ws: WebSocket | { readyState: number; send: () => void; close: () => void };
+        }
+      ).ws = {
+        readyState: WebSocket.OPEN,
+        send,
+        close: vi.fn(),
+      };
+
+      let settled = false;
+      const requestPromise = client.request("status");
+      void requestPromise.then(
+        () => {
+          settled = true;
+        },
+        () => {
+          settled = true;
+        },
+      );
+
+      await vi.advanceTimersByTimeAsync(1);
+
+      expect(settled).toBe(false);
+      expect((client as unknown as { pending: Map<string, unknown> }).pending.size).toBe(1);
+
+      client.stop();
+      await expect(requestPromise).rejects.toThrow("gateway client stopped");
+    } finally {
+      vi.useRealTimers();
+    }
+  });
+
   test("rejects mismatched tls fingerprint", async () => {
     const key = [
       "-----BEGIN PRIVATE KEY-----", // pragma: allowlist secret
diff --git a/src/gateway/connection-auth.test.ts b/src/gateway/connection-auth.test.ts
index 036b9ff82dc..32ed16b045d 100644
--- a/src/gateway/connection-auth.test.ts
+++ b/src/gateway/connection-auth.test.ts
@@ -20,6 +20,64 @@ function cfg(input: Partial<OpenClawConfig>): OpenClawConfig {
   return input as OpenClawConfig;
 }
 
+function createRemoteModeConfig() {
+  return {
+    gateway: {
+      mode: "remote" as const,
+      auth: {
+        token: "local-token",
+        password: "local-password", // pragma: allowlist secret
+      },
+      remote: {
+        url: "wss://remote.example",
+        token: "remote-token",
+        password: "remote-password", // pragma: allowlist secret
+      },
+    },
+  };
+}
+
+function createUnresolvedLocalAuthConfig(params: {
+  mode: "token" | "password";
+  id: string;
+  remoteFallback: string;
+}) {
+  return cfg({
+    gateway: {
+      mode: "local",
+      auth: {
+        mode: params.mode,
+        [params.mode]: { source: "env", provider: "default", id: params.id },
+      },
+      remote: {
+        [params.mode]: params.remoteFallback,
+      },
+    },
+    secrets: {
+      providers: {
+        default: { source: "env" },
+      },
+    },
+  });
+}
+
+async function expectFailClosedOnUnresolvedLocalAuth(config: OpenClawConfig, path: string) {
+  await expect(
+    resolveGatewayConnectionAuth({
+      config,
+      env: {} as NodeJS.ProcessEnv,
+      includeLegacyEnv: false,
+    }),
+  ).rejects.toThrow(path);
+  expect(() =>
+    resolveGatewayConnectionAuthFromConfig({
+      cfg: config,
+      env: {} as NodeJS.ProcessEnv,
+      includeLegacyEnv: false,
+    }),
+  ).toThrow(path);
+}
+
 const DEFAULT_ENV = {
   OPENCLAW_GATEWAY_TOKEN: "env-token",
   OPENCLAW_GATEWAY_PASSWORD: "env-password", // pragma: allowlist secret
@@ -93,20 +151,7 @@ describe("resolveGatewayConnectionAuth", () => {
     },
     {
       name: "remote mode defaults to remote-first token and env-first password",
-      cfg: cfg({
-        gateway: {
-          mode: "remote",
-          auth: {
-            token: "local-token",
-            password: "local-password", // pragma: allowlist secret
-          },
-          remote: {
-            url: "wss://remote.example",
-            token: "remote-token",
-            password: "remote-password", // pragma: allowlist secret
-          },
-        },
-      }),
+      cfg: cfg(createRemoteModeConfig()),
       env: DEFAULT_ENV,
       expected: {
         token: "remote-token",
@@ -115,20 +160,7 @@ describe("resolveGatewayConnectionAuth", () => {
     },
     {
       name: "remote mode supports env-first token with remote-first password",
-      cfg: cfg({
-        gateway: {
-          mode: "remote",
-          auth: {
-            token: "local-token",
-            password: "local-password", // pragma: allowlist secret
-          },
-          remote: {
-            url: "wss://remote.example",
-            token: "remote-token",
-            password: "remote-password", // pragma: allowlist secret
-          },
-        },
-      }),
+      cfg: cfg(createRemoteModeConfig()),
       env: DEFAULT_ENV,
       options: {
         remoteTokenPrecedence: "env-first",
@@ -418,72 +450,24 @@ describe("resolveGatewayConnectionAuth", () => {
   });
 
   it("fails closed when local token SecretRef is unresolved and remote token fallback exists", async () => {
-    const config = cfg({
-      gateway: {
-        mode: "local",
-        auth: {
-          mode: "token",
-          token: { source: "env", provider: "default", id: "MISSING_LOCAL_TOKEN" },
-        },
-        remote: {
-          token: "remote-token",
-        },
-      },
-      secrets: {
-        providers: {
-          default: { source: "env" },
-        },
-      },
-    });
-
-    await expect(
-      resolveGatewayConnectionAuth({
-        config,
-        env: {} as NodeJS.ProcessEnv,
-        includeLegacyEnv: false,
+    await expectFailClosedOnUnresolvedLocalAuth(
+      createUnresolvedLocalAuthConfig({
+        mode: "token",
+        id: "MISSING_LOCAL_TOKEN",
+        remoteFallback: "remote-token",
       }),
-    ).rejects.toThrow("gateway.auth.token");
-    expect(() =>
-      resolveGatewayConnectionAuthFromConfig({
-        cfg: config,
-        env: {} as NodeJS.ProcessEnv,
-        includeLegacyEnv: false,
-      }),
-    ).toThrow("gateway.auth.token");
+      "gateway.auth.token",
+    );
   });
 
   it("fails closed when local password SecretRef is unresolved and remote password fallback exists", async () => {
-    const config = cfg({
-      gateway: {
-        mode: "local",
-        auth: {
-          mode: "password",
-          password: { source: "env", provider: "default", id: "MISSING_LOCAL_PASSWORD" },
-        },
-        remote: {
-          password: "remote-password", // pragma: allowlist secret
-        },
-      },
-      secrets: {
-        providers: {
-          default: { source: "env" },
-        },
-      },
-    });
-
-    await expect(
-      resolveGatewayConnectionAuth({
-        config,
-        env: {} as NodeJS.ProcessEnv,
-        includeLegacyEnv: false,
+    await expectFailClosedOnUnresolvedLocalAuth(
+      createUnresolvedLocalAuthConfig({
+        mode: "password",
+        id: "MISSING_LOCAL_PASSWORD",
+        remoteFallback: "remote-password", // pragma: allowlist secret
       }),
-    ).rejects.toThrow("gateway.auth.password");
-    expect(() =>
-      resolveGatewayConnectionAuthFromConfig({
-        cfg: config,
-        env: {} as NodeJS.ProcessEnv,
-        includeLegacyEnv: false,
-      }),
-    ).toThrow("gateway.auth.password");
+      "gateway.auth.password",
+    );
   });
 });
diff --git a/src/gateway/connection-auth.ts b/src/gateway/connection-auth.ts
index 11c40395af6..4f8f957528f 100644
--- a/src/gateway/connection-auth.ts
+++ b/src/gateway/connection-auth.ts
@@ -25,30 +25,10 @@ export type GatewayConnectionAuthOptions = {
   remotePasswordFallback?: GatewayRemoteCredentialFallback;
 };
 
-export async function resolveGatewayConnectionAuth(
-  params: GatewayConnectionAuthOptions,
-): Promise<{ token?: string; password?: string }> {
-  return await resolveGatewayCredentialsWithSecretInputs({
-    config: params.config,
-    env: params.env,
-    explicitAuth: params.explicitAuth,
-    urlOverride: params.urlOverride,
-    urlOverrideSource: params.urlOverrideSource,
-    modeOverride: params.modeOverride,
-    includeLegacyEnv: params.includeLegacyEnv,
-    localTokenPrecedence: params.localTokenPrecedence,
-    localPasswordPrecedence: params.localPasswordPrecedence,
-    remoteTokenPrecedence: params.remoteTokenPrecedence,
-    remotePasswordPrecedence: params.remotePasswordPrecedence,
-    remoteTokenFallback: params.remoteTokenFallback,
-    remotePasswordFallback: params.remotePasswordFallback,
-  });
-}
-
-export function resolveGatewayConnectionAuthFromConfig(
+function toGatewayCredentialOptions(
   params: Omit<GatewayConnectionAuthOptions, "config"> & { cfg: OpenClawConfig },
-): { token?: string; password?: string } {
-  return resolveGatewayCredentialsFromConfig({
+) {
+  return {
     cfg: params.cfg,
     env: params.env,
     explicitAuth: params.explicitAuth,
@@ -62,5 +42,20 @@ export function resolveGatewayConnectionAuthFromConfig(
     remotePasswordPrecedence: params.remotePasswordPrecedence,
     remoteTokenFallback: params.remoteTokenFallback,
     remotePasswordFallback: params.remotePasswordFallback,
+  };
+}
+
+export async function resolveGatewayConnectionAuth(
+  params: GatewayConnectionAuthOptions,
+): Promise<{ token?: string; password?: string }> {
+  return await resolveGatewayCredentialsWithSecretInputs({
+    config: params.config,
+    ...toGatewayCredentialOptions({ ...params, cfg: params.config }),
   });
 }
+
+export function resolveGatewayConnectionAuthFromConfig(
+  params: Omit<GatewayConnectionAuthOptions, "config"> & { cfg: OpenClawConfig },
+): { token?: string; password?: string } {
+  return resolveGatewayCredentialsFromConfig(toGatewayCredentialOptions(params));
+}
diff --git a/src/gateway/protocol/connect-error-details.ts b/src/gateway/protocol/connect-error-details.ts
index 472bb057304..aa1a30d8866 100644
--- a/src/gateway/protocol/connect-error-details.ts
+++ b/src/gateway/protocol/connect-error-details.ts
@@ -14,6 +14,7 @@ export const ConnectErrorDetailCodes = {
   AUTH_TAILSCALE_PROXY_MISSING: "AUTH_TAILSCALE_PROXY_MISSING",
   AUTH_TAILSCALE_WHOIS_FAILED: "AUTH_TAILSCALE_WHOIS_FAILED",
   AUTH_TAILSCALE_IDENTITY_MISMATCH: "AUTH_TAILSCALE_IDENTITY_MISMATCH",
+  CONTROL_UI_ORIGIN_NOT_ALLOWED: "CONTROL_UI_ORIGIN_NOT_ALLOWED",
   CONTROL_UI_DEVICE_IDENTITY_REQUIRED: "CONTROL_UI_DEVICE_IDENTITY_REQUIRED",
   DEVICE_IDENTITY_REQUIRED: "DEVICE_IDENTITY_REQUIRED",
   DEVICE_AUTH_INVALID: "DEVICE_AUTH_INVALID",
diff --git a/src/gateway/protocol/cron-validators.test.ts b/src/gateway/protocol/cron-validators.test.ts
index 33df9d478e9..1de9db206b9 100644
--- a/src/gateway/protocol/cron-validators.test.ts
+++ b/src/gateway/protocol/cron-validators.test.ts
@@ -21,6 +21,29 @@ describe("cron protocol validators", () => {
     expect(validateCronAddParams(minimalAddParams)).toBe(true);
   });
 
+  it("accepts current and custom session targets", () => {
+    expect(
+      validateCronAddParams({
+        ...minimalAddParams,
+        sessionTarget: "current",
+        payload: { kind: "agentTurn", message: "tick" },
+      }),
+    ).toBe(true);
+    expect(
+      validateCronAddParams({
+        ...minimalAddParams,
+        sessionTarget: "session:project-alpha",
+        payload: { kind: "agentTurn", message: "tick" },
+      }),
+    ).toBe(true);
+    expect(
+      validateCronUpdateParams({
+        id: "job-1",
+        patch: { sessionTarget: "session:project-alpha" },
+      }),
+    ).toBe(true);
+  });
+
   it("rejects add params when required scheduling fields are missing", () => {
     const { wakeMode: _wakeMode, ...withoutWakeMode } = minimalAddParams;
     expect(validateCronAddParams(withoutWakeMode)).toBe(false);
diff --git a/src/gateway/protocol/schema/cron.ts b/src/gateway/protocol/schema/cron.ts
index 3cba5a65781..f61d3e42711 100644
--- a/src/gateway/protocol/schema/cron.ts
+++ b/src/gateway/protocol/schema/cron.ts
@@ -21,7 +21,12 @@ function cronAgentTurnPayloadSchema(params: { message: TSchema }) {
   );
 }
 
-const CronSessionTargetSchema = Type.Union([Type.Literal("main"), Type.Literal("isolated")]);
+const CronSessionTargetSchema = Type.Union([
+  Type.Literal("main"),
+  Type.Literal("isolated"),
+  Type.Literal("current"),
+  Type.String({ pattern: "^session:.+" }),
+]);
 const CronWakeModeSchema = Type.Union([Type.Literal("next-heartbeat"), Type.Literal("now")]);
 const CronRunStatusSchema = Type.Union([
   Type.Literal("ok"),
diff --git a/src/gateway/server-chat.ts b/src/gateway/server-chat.ts
index b1a065684f8..21e252abcc7 100644
--- a/src/gateway/server-chat.ts
+++ b/src/gateway/server-chat.ts
@@ -390,12 +390,7 @@ export function createAgentEventHandler({
     nodeSendToSession(sessionKey, "chat", payload);
   };
 
-  const flushBufferedChatDeltaIfNeeded = (
-    sessionKey: string,
-    clientRunId: string,
-    sourceRunId: string,
-    seq: number,
-  ) => {
+  const resolveBufferedChatTextState = (clientRunId: string, sourceRunId: string) => {
     const bufferedText = stripInlineDirectiveTagsForDisplay(
       chatRunState.buffers.get(clientRunId) ?? "",
     ).text.trim();
@@ -407,6 +402,16 @@ export function createAgentEventHandler({
     const text = normalizedHeartbeatText.text.trim();
     const shouldSuppressSilent =
       normalizedHeartbeatText.suppress || isSilentReplyText(text, SILENT_REPLY_TOKEN);
+    return { text, shouldSuppressSilent };
+  };
+
+  const flushBufferedChatDeltaIfNeeded = (
+    sessionKey: string,
+    clientRunId: string,
+    sourceRunId: string,
+    seq: number,
+  ) => {
+    const { text, shouldSuppressSilent } = resolveBufferedChatTextState(clientRunId, sourceRunId);
     const shouldSuppressSilentLeadFragment = isSilentReplyLeadFragment(text);
     const shouldSuppressHeartbeatStreaming = shouldHideHeartbeatChatOutput(
       clientRunId,
@@ -453,17 +458,7 @@ export function createAgentEventHandler({
     error?: unknown,
     stopReason?: string,
   ) => {
-    const bufferedText = stripInlineDirectiveTagsForDisplay(
-      chatRunState.buffers.get(clientRunId) ?? "",
-    ).text.trim();
-    const normalizedHeartbeatText = normalizeHeartbeatChatFinalText({
-      runId: clientRunId,
-      sourceRunId,
-      text: bufferedText,
-    });
-    const text = normalizedHeartbeatText.text.trim();
-    const shouldSuppressSilent =
-      normalizedHeartbeatText.suppress || isSilentReplyText(text, SILENT_REPLY_TOKEN);
+    const { text, shouldSuppressSilent } = resolveBufferedChatTextState(clientRunId, sourceRunId);
     // Flush any throttled delta so streaming clients receive the complete text
     // before the final event. The 150 ms throttle in emitChatDelta may have
     // suppressed the most recent chunk, leaving the client with stale text.
diff --git a/src/gateway/server-cron.test.ts b/src/gateway/server-cron.test.ts
index 2608560e20f..d7a6b375d10 100644
--- a/src/gateway/server-cron.test.ts
+++ b/src/gateway/server-cron.test.ts
@@ -5,10 +5,19 @@ import type { CliDeps } from "../cli/deps.js";
 import type { OpenClawConfig } from "../config/config.js";
 import { SsrFBlockedError } from "../infra/net/ssrf.js";
 
-const enqueueSystemEventMock = vi.fn();
-const requestHeartbeatNowMock = vi.fn();
-const loadConfigMock = vi.fn();
-const fetchWithSsrFGuardMock = vi.fn();
+const {
+  enqueueSystemEventMock,
+  requestHeartbeatNowMock,
+  loadConfigMock,
+  fetchWithSsrFGuardMock,
+  runCronIsolatedAgentTurnMock,
+} = vi.hoisted(() => ({
+  enqueueSystemEventMock: vi.fn(),
+  requestHeartbeatNowMock: vi.fn(),
+  loadConfigMock: vi.fn(),
+  fetchWithSsrFGuardMock: vi.fn(),
+  runCronIsolatedAgentTurnMock: vi.fn(async () => ({ status: "ok" as const, summary: "ok" })),
+}));
 
 function enqueueSystemEvent(...args: unknown[]) {
   return enqueueSystemEventMock(...args);
@@ -35,7 +44,11 @@ vi.mock("../config/config.js", async () => {
 });
 
 vi.mock("../infra/net/fetch-guard.js", () => ({
-  fetchWithSsrFGuard: (...args: unknown[]) => fetchWithSsrFGuardMock(...args),
+  fetchWithSsrFGuard: fetchWithSsrFGuardMock,
+}));
+
+vi.mock("../cron/isolated-agent.js", () => ({
+  runCronIsolatedAgentTurn: runCronIsolatedAgentTurnMock,
 }));
 
 import { buildGatewayCronService } from "./server-cron.js";
@@ -58,6 +71,7 @@ describe("buildGatewayCronService", () => {
     requestHeartbeatNowMock.mockClear();
     loadConfigMock.mockClear();
     fetchWithSsrFGuardMock.mockClear();
+    runCronIsolatedAgentTurnMock.mockClear();
   });
 
   it("routes main-target jobs to the scoped session for enqueue + wake", async () => {
@@ -142,4 +156,44 @@ describe("buildGatewayCronService", () => {
       state.cron.stop();
     }
   });
+
+  it("passes custom session targets through to isolated cron runs", async () => {
+    const tmpDir = path.join(os.tmpdir(), `server-cron-custom-session-${Date.now()}`);
+    const cfg = {
+      session: {
+        mainKey: "main",
+      },
+      cron: {
+        store: path.join(tmpDir, "cron.json"),
+      },
+    } as OpenClawConfig;
+    loadConfigMock.mockReturnValue(cfg);
+
+    const state = buildGatewayCronService({
+      cfg,
+      deps: {} as CliDeps,
+      broadcast: () => {},
+    });
+    try {
+      const job = await state.cron.add({
+        name: "custom-session",
+        enabled: true,
+        schedule: { kind: "at", at: new Date(1).toISOString() },
+        sessionTarget: "session:project-alpha-monitor",
+        wakeMode: "next-heartbeat",
+        payload: { kind: "agentTurn", message: "hello" },
+      });
+
+      await state.cron.run(job.id, "force");
+
+      expect(runCronIsolatedAgentTurnMock).toHaveBeenCalledWith(
+        expect.objectContaining({
+          job: expect.objectContaining({ id: job.id }),
+          sessionKey: "project-alpha-monitor",
+        }),
+      );
+    } finally {
+      state.cron.stop();
+    }
+  });
 });
diff --git a/src/gateway/server-cron.ts b/src/gateway/server-cron.ts
index 1f1cd1f5359..8a288866721 100644
--- a/src/gateway/server-cron.ts
+++ b/src/gateway/server-cron.ts
@@ -284,6 +284,13 @@ export function buildGatewayCronService(params: {
     },
     runIsolatedAgentJob: async ({ job, message, abortSignal }) => {
       const { agentId, cfg: runtimeConfig } = resolveCronAgent(job.agentId);
+      let sessionKey = `cron:${job.id}`;
+      if (job.sessionTarget.startsWith("session:")) {
+        const customSessionId = job.sessionTarget.slice(8).trim();
+        if (customSessionId) {
+          sessionKey = customSessionId;
+        }
+      }
       return await runCronIsolatedAgentTurn({
         cfg: runtimeConfig,
         deps: params.deps,
@@ -291,7 +298,7 @@ export function buildGatewayCronService(params: {
         message,
         abortSignal,
         agentId,
-        sessionKey: `cron:${job.id}`,
+        sessionKey,
         lane: "cron",
       });
     },
diff --git a/src/gateway/server-http.ts b/src/gateway/server-http.ts
index 4a6fc780d4d..75af96dd545 100644
--- a/src/gateway/server-http.ts
+++ b/src/gateway/server-http.ts
@@ -8,13 +8,13 @@ import {
 import { createServer as createHttpsServer } from "node:https";
 import type { TlsOptions } from "node:tls";
 import type { WebSocketServer } from "ws";
+import { handleSlackHttpRequest } from "../../extensions/slack/src/http/index.js";
 import { resolveAgentAvatar } from "../agents/identity-avatar.js";
 import { CANVAS_WS_PATH, handleA2uiHttpRequest } from "../canvas-host/a2ui.js";
 import type { CanvasHostHandler } from "../canvas-host/server.js";
 import { loadConfig } from "../config/config.js";
 import type { createSubsystemLogger } from "../logging/subsystem.js";
 import { safeEqualSecret } from "../security/secret-equal.js";
-import { handleSlackHttpRequest } from "../slack/http/index.js";
 import {
   AUTH_RATE_LIMIT_SCOPE_HOOK_AUTH,
   createAuthRateLimiter,
diff --git a/src/gateway/server-methods/chat.abort-authorization.test.ts b/src/gateway/server-methods/chat.abort-authorization.test.ts
index ed8a92e48a0..52955904c87 100644
--- a/src/gateway/server-methods/chat.abort-authorization.test.ts
+++ b/src/gateway/server-methods/chat.abort-authorization.test.ts
@@ -30,16 +30,20 @@ async function invokeSingleRunAbort({
   });
 }
 
+function createSingleAbortContext() {
+  return createChatAbortContext({
+    chatAbortControllers: new Map([
+      [
+        "run-1",
+        createActiveRun("main", { owner: { connId: "conn-owner", deviceId: "dev-owner" } }),
+      ],
+    ]),
+  });
+}
+
 describe("chat.abort authorization", () => {
   it("rejects explicit run aborts from other clients", async () => {
-    const context = createChatAbortContext({
-      chatAbortControllers: new Map([
-        [
-          "run-1",
-          createActiveRun("main", { owner: { connId: "conn-owner", deviceId: "dev-owner" } }),
-        ],
-      ]),
-    });
+    const context = createSingleAbortContext();
 
     const respond = await invokeSingleRunAbort({
       context,
@@ -104,14 +108,7 @@ describe("chat.abort authorization", () => {
   });
 
   it("allows operator.admin clients to bypass owner checks", async () => {
-    const context = createChatAbortContext({
-      chatAbortControllers: new Map([
-        [
-          "run-1",
-          createActiveRun("main", { owner: { connId: "conn-owner", deviceId: "dev-owner" } }),
-        ],
-      ]),
-    });
+    const context = createSingleAbortContext();
 
     const respond = await invokeSingleRunAbort({
       context,
diff --git a/src/gateway/server-methods/chat.ts b/src/gateway/server-methods/chat.ts
index 909d933ae81..3fbda0de042 100644
--- a/src/gateway/server-methods/chat.ts
+++ b/src/gateway/server-methods/chat.ts
@@ -8,6 +8,7 @@ import { dispatchInboundMessage } from "../../auto-reply/dispatch.js";
 import { createReplyDispatcher } from "../../auto-reply/reply/reply-dispatcher.js";
 import type { MsgContext } from "../../auto-reply/templating.js";
 import { isSilentReplyText, SILENT_REPLY_TOKEN } from "../../auto-reply/tokens.js";
+import type { ReplyPayload } from "../../auto-reply/types.js";
 import { createReplyPrefixOptions } from "../../channels/reply-prefix.js";
 import { resolveSessionFilePath } from "../../config/sessions.js";
 import { jsonUtf8Bytes } from "../../infra/json-utf8-bytes.js";
@@ -130,6 +131,16 @@ type ChatSendOriginatingRoute = {
   explicitDeliverRoute: boolean;
 };
 
+type SideResultPayload = {
+  kind: "btw";
+  runId: string;
+  sessionKey: string;
+  question: string;
+  text: string;
+  isError?: boolean;
+  ts: number;
+};
+
 function resolveChatSendOriginatingRoute(params: {
   client?: { mode?: string | null; id?: string | null } | null;
   deliver?: boolean;
@@ -900,6 +911,33 @@ function broadcastChatFinal(params: {
   params.context.agentRunSeq.delete(params.runId);
 }
 
+function isBtwReplyPayload(payload: ReplyPayload | undefined): payload is ReplyPayload & {
+  btw: { question: string };
+  text: string;
+} {
+  return (
+    typeof payload?.btw?.question === "string" &&
+    payload.btw.question.trim().length > 0 &&
+    typeof payload.text === "string" &&
+    payload.text.trim().length > 0
+  );
+}
+
+function broadcastSideResult(params: {
+  context: Pick<GatewayRequestContext, "broadcast" | "nodeSendToSession" | "agentRunSeq">;
+  payload: SideResultPayload;
+}) {
+  const seq = nextChatSeq({ agentRunSeq: params.context.agentRunSeq }, params.payload.runId);
+  params.context.broadcast("chat.side_result", {
+    ...params.payload,
+    seq,
+  });
+  params.context.nodeSendToSession(params.payload.sessionKey, "chat.side_result", {
+    ...params.payload,
+    seq,
+  });
+}
+
 function broadcastChatError(params: {
   context: Pick<GatewayRequestContext, "broadcast" | "nodeSendToSession" | "agentRunSeq">;
   runId: string;
@@ -1284,21 +1322,17 @@ export const chatHandlers: GatewayRequestHandlers = {
         agentId,
         channel: INTERNAL_MESSAGE_CHANNEL,
       });
-      const finalReplyParts: string[] = [];
+      const deliveredReplies: Array<{ payload: ReplyPayload; kind: "block" | "final" }> = [];
       const dispatcher = createReplyDispatcher({
         ...prefixOptions,
         onError: (err) => {
           context.logGateway.warn(`webchat dispatch failed: ${formatForLog(err)}`);
         },
         deliver: async (payload, info) => {
-          if (info.kind !== "final") {
+          if (info.kind !== "block" && info.kind !== "final") {
             return;
           }
-          const text = payload.text?.trim() ?? "";
-          if (!text) {
-            return;
-          }
-          finalReplyParts.push(text);
+          deliveredReplies.push({ payload, kind: info.kind });
         },
       });
 
@@ -1335,48 +1369,78 @@ export const chatHandlers: GatewayRequestHandlers = {
       })
         .then(() => {
           if (!agentRunStarted) {
-            const combinedReply = finalReplyParts
-              .map((part) => part.trim())
+            const btwReplies = deliveredReplies
+              .map((entry) => entry.payload)
+              .filter(isBtwReplyPayload);
+            const btwText = btwReplies
+              .map((payload) => payload.text.trim())
               .filter(Boolean)
               .join("\n\n")
               .trim();
-            let message: Record<string, unknown> | undefined;
-            if (combinedReply) {
-              const { storePath: latestStorePath, entry: latestEntry } =
-                loadSessionEntry(sessionKey);
-              const sessionId = latestEntry?.sessionId ?? entry?.sessionId ?? clientRunId;
-              const appended = appendAssistantTranscriptMessage({
-                message: combinedReply,
-                sessionId,
-                storePath: latestStorePath,
-                sessionFile: latestEntry?.sessionFile,
-                agentId,
-                createIfMissing: true,
+            if (btwReplies.length > 0 && btwText) {
+              broadcastSideResult({
+                context,
+                payload: {
+                  kind: "btw",
+                  runId: clientRunId,
+                  sessionKey: rawSessionKey,
+                  question: btwReplies[0].btw.question.trim(),
+                  text: btwText,
+                  isError: btwReplies.some((payload) => payload.isError),
+                  ts: Date.now(),
+                },
               });
-              if (appended.ok) {
-                message = appended.message;
-              } else {
-                context.logGateway.warn(
-                  `webchat transcript append failed: ${appended.error ?? "unknown error"}`,
-                );
-                const now = Date.now();
-                message = {
-                  role: "assistant",
-                  content: [{ type: "text", text: combinedReply }],
-                  timestamp: now,
-                  // Keep this compatible with Pi stopReason enums even though this message isn't
-                  // persisted to the transcript due to the append failure.
-                  stopReason: "stop",
-                  usage: { input: 0, output: 0, totalTokens: 0 },
-                };
+              broadcastChatFinal({
+                context,
+                runId: clientRunId,
+                sessionKey: rawSessionKey,
+              });
+            } else {
+              const combinedReply = deliveredReplies
+                .filter((entry) => entry.kind === "final")
+                .map((entry) => entry.payload)
+                .map((part) => part.text?.trim() ?? "")
+                .filter(Boolean)
+                .join("\n\n")
+                .trim();
+              let message: Record<string, unknown> | undefined;
+              if (combinedReply) {
+                const { storePath: latestStorePath, entry: latestEntry } =
+                  loadSessionEntry(sessionKey);
+                const sessionId = latestEntry?.sessionId ?? entry?.sessionId ?? clientRunId;
+                const appended = appendAssistantTranscriptMessage({
+                  message: combinedReply,
+                  sessionId,
+                  storePath: latestStorePath,
+                  sessionFile: latestEntry?.sessionFile,
+                  agentId,
+                  createIfMissing: true,
+                });
+                if (appended.ok) {
+                  message = appended.message;
+                } else {
+                  context.logGateway.warn(
+                    `webchat transcript append failed: ${appended.error ?? "unknown error"}`,
+                  );
+                  const now = Date.now();
+                  message = {
+                    role: "assistant",
+                    content: [{ type: "text", text: combinedReply }],
+                    timestamp: now,
+                    // Keep this compatible with Pi stopReason enums even though this message isn't
+                    // persisted to the transcript due to the append failure.
+                    stopReason: "stop",
+                    usage: { input: 0, output: 0, totalTokens: 0 },
+                  };
+                }
               }
+              broadcastChatFinal({
+                context,
+                runId: clientRunId,
+                sessionKey: rawSessionKey,
+                message,
+              });
             }
-            broadcastChatFinal({
-              context,
-              runId: clientRunId,
-              sessionKey: rawSessionKey,
-              message,
-            });
           }
           setGatewayDedupeEntry({
             dedupe: context.dedupe,
@@ -1471,7 +1535,7 @@ export const chatHandlers: GatewayRequestHandlers = {
       storePath,
       sessionFile: entry?.sessionFile,
       agentId: resolveSessionAgentId({ sessionKey: rawSessionKey, config: cfg }),
-      createIfMissing: false,
+      createIfMissing: true,
     });
     if (!appended.ok || !appended.messageId || !appended.message) {
       respond(
diff --git a/src/gateway/server-methods/cron.ts b/src/gateway/server-methods/cron.ts
index 830d12c9509..7eccb895534 100644
--- a/src/gateway/server-methods/cron.ts
+++ b/src/gateway/server-methods/cron.ts
@@ -89,7 +89,14 @@ export const cronHandlers: GatewayRequestHandlers = {
     respond(true, status, undefined);
   },
   "cron.add": async ({ params, respond, context }) => {
-    const normalized = normalizeCronJobCreate(params) ?? params;
+    const sessionKey =
+      typeof (params as { sessionKey?: unknown } | null)?.sessionKey === "string"
+        ? (params as { sessionKey: string }).sessionKey
+        : undefined;
+    const normalized =
+      normalizeCronJobCreate(params, {
+        sessionContext: { sessionKey },
+      }) ?? params;
     if (!validateCronAddParams(normalized)) {
       respond(
         false,
diff --git a/src/gateway/server-methods/nodes.invoke-wake.test.ts b/src/gateway/server-methods/nodes.invoke-wake.test.ts
index 58596d582f8..fc01f718bbb 100644
--- a/src/gateway/server-methods/nodes.invoke-wake.test.ts
+++ b/src/gateway/server-methods/nodes.invoke-wake.test.ts
@@ -52,6 +52,24 @@ type RespondCall = [
   }?,
 ];
 
+function expectNodeNotConnected(respond: ReturnType<typeof vi.fn>) {
+  const call = respond.mock.calls[0] as RespondCall | undefined;
+  expect(call?.[0]).toBe(false);
+  expect(call?.[2]?.message).toBe("node not connected");
+}
+
+async function invokeDisconnectedNode(nodeId: string, idempotencyKey: string) {
+  const nodeRegistry = {
+    get: vi.fn(() => undefined),
+    invoke: vi.fn().mockResolvedValue({ ok: true }),
+  };
+
+  return await invokeNode({
+    nodeRegistry,
+    requestParams: { nodeId, idempotencyKey },
+  });
+}
+
 type TestNodeSession = {
   nodeId: string;
   commands: string[];
@@ -357,20 +375,9 @@ describe("node.invoke APNs wake path", () => {
       reason: "BadDeviceToken",
     });
     mocks.shouldClearStoredApnsRegistration.mockReturnValue(true);
+    const respond = await invokeDisconnectedNode("ios-node-stale", "idem-stale");
 
-    const nodeRegistry = {
-      get: vi.fn(() => undefined),
-      invoke: vi.fn().mockResolvedValue({ ok: true }),
-    };
-
-    const respond = await invokeNode({
-      nodeRegistry,
-      requestParams: { nodeId: "ios-node-stale", idempotencyKey: "idem-stale" },
-    });
-
-    const call = respond.mock.calls[0] as RespondCall | undefined;
-    expect(call?.[0]).toBe(false);
-    expect(call?.[2]?.message).toBe("node not connected");
+    expectNodeNotConnected(respond);
     expect(mocks.clearApnsRegistrationIfCurrent).toHaveBeenCalledWith({
       nodeId: "ios-node-stale",
       registration,
@@ -385,20 +392,9 @@ describe("node.invoke APNs wake path", () => {
       reason: "Unregistered",
     });
     mocks.shouldClearStoredApnsRegistration.mockReturnValue(false);
+    const respond = await invokeDisconnectedNode("ios-node-relay", "idem-relay");
 
-    const nodeRegistry = {
-      get: vi.fn(() => undefined),
-      invoke: vi.fn().mockResolvedValue({ ok: true }),
-    };
-
-    const respond = await invokeNode({
-      nodeRegistry,
-      requestParams: { nodeId: "ios-node-relay", idempotencyKey: "idem-relay" },
-    });
-
-    const call = respond.mock.calls[0] as RespondCall | undefined;
-    expect(call?.[0]).toBe(false);
-    expect(call?.[2]?.message).toBe("node not connected");
+    expectNodeNotConnected(respond);
     expect(mocks.resolveApnsRelayConfigFromEnv).toHaveBeenCalledWith(process.env, {
       push: {
         apns: {
diff --git a/src/gateway/server.auth.browser-hardening.test.ts b/src/gateway/server.auth.browser-hardening.test.ts
index b28f60ad8c6..0c0ca0deabd 100644
--- a/src/gateway/server.auth.browser-hardening.test.ts
+++ b/src/gateway/server.auth.browser-hardening.test.ts
@@ -3,6 +3,7 @@ import os from "node:os";
 import path from "node:path";
 import { describe, expect, test } from "vitest";
 import { WebSocket } from "ws";
+import { ConnectErrorDetailCodes } from "../gateway/protocol/connect-error-details.js";
 import {
   loadOrCreateDeviceIdentity,
   publicKeyRawBase64UrlFromPem,
@@ -123,6 +124,9 @@ describe("gateway auth browser hardening", () => {
       });
       expect(res.ok).toBe(false);
       expect(res.error?.message ?? "").toContain("origin not allowed");
+      expect((res.error?.details as { code?: string } | undefined)?.code).toBe(
+        ConnectErrorDetailCodes.CONTROL_UI_ORIGIN_NOT_ALLOWED,
+      );
     });
   });
 
@@ -188,6 +192,9 @@ describe("gateway auth browser hardening", () => {
             expect((res.payload as { type?: string } | undefined)?.type).toBe("hello-ok");
           } else {
             expect(res.error?.message ?? "").toContain(expectedMessage ?? "");
+            expect((res.error?.details as { code?: string } | undefined)?.code).toBe(
+              ConnectErrorDetailCodes.CONTROL_UI_ORIGIN_NOT_ALLOWED,
+            );
           }
         } finally {
           ws.close();
@@ -207,6 +214,9 @@ describe("gateway auth browser hardening", () => {
         });
         expect(res.ok).toBe(false);
         expect(res.error?.message ?? "").toContain("origin not allowed");
+        expect((res.error?.details as { code?: string } | undefined)?.code).toBe(
+          ConnectErrorDetailCodes.CONTROL_UI_ORIGIN_NOT_ALLOWED,
+        );
       } finally {
         ws.close();
       }
diff --git a/src/gateway/server.auth.compat-baseline.test.ts b/src/gateway/server.auth.compat-baseline.test.ts
index a606feab909..27fc4abc72d 100644
--- a/src/gateway/server.auth.compat-baseline.test.ts
+++ b/src/gateway/server.auth.compat-baseline.test.ts
@@ -1,5 +1,8 @@
+import os from "node:os";
+import path from "node:path";
 import { afterAll, beforeAll, describe, expect, test } from "vitest";
 import {
+  BACKEND_GATEWAY_CLIENT,
   connectReq,
   CONTROL_UI_CLIENT,
   ConnectErrorDetailCodes,
@@ -144,6 +147,50 @@ describe("gateway auth compatibility baseline", () => {
         ws.close();
       }
     });
+
+    test("keeps local backend device-token reconnects out of pairing", async () => {
+      const identityPath = path.join(
+        os.tmpdir(),
+        `openclaw-backend-device-${process.pid}-${port}.json`,
+      );
+      const { loadOrCreateDeviceIdentity, publicKeyRawBase64UrlFromPem } =
+        await import("../infra/device-identity.js");
+      const { approveDevicePairing, requestDevicePairing, rotateDeviceToken } =
+        await import("../infra/device-pairing.js");
+
+      const identity = loadOrCreateDeviceIdentity(identityPath);
+      const pending = await requestDevicePairing({
+        deviceId: identity.deviceId,
+        publicKey: publicKeyRawBase64UrlFromPem(identity.publicKeyPem),
+        clientId: BACKEND_GATEWAY_CLIENT.id,
+        clientMode: BACKEND_GATEWAY_CLIENT.mode,
+        role: "operator",
+        scopes: ["operator.admin"],
+      });
+      await approveDevicePairing(pending.request.requestId);
+
+      const rotated = await rotateDeviceToken({
+        deviceId: identity.deviceId,
+        role: "operator",
+        scopes: ["operator.admin"],
+      });
+      expect(rotated?.token).toBeTruthy();
+
+      const ws = await openWs(port);
+      try {
+        const res = await connectReq(ws, {
+          skipDefaultAuth: true,
+          client: { ...BACKEND_GATEWAY_CLIENT },
+          deviceIdentityPath: identityPath,
+          deviceToken: String(rotated?.token ?? ""),
+          scopes: ["operator.admin"],
+        });
+        expect(res.ok).toBe(true);
+        expect((res.payload as { type?: string } | undefined)?.type).toBe("hello-ok");
+      } finally {
+        ws.close();
+      }
+    });
   });
 
   describe("password mode", () => {
diff --git a/src/gateway/server.chat.gateway-server-chat-b.test.ts b/src/gateway/server.chat.gateway-server-chat-b.test.ts
index ca1e2c09402..c0945ccf288 100644
--- a/src/gateway/server.chat.gateway-server-chat-b.test.ts
+++ b/src/gateway/server.chat.gateway-server-chat-b.test.ts
@@ -83,15 +83,29 @@ async function fetchHistoryMessages(
   return historyRes.payload?.messages ?? [];
 }
 
+async function prepareMainHistoryHarness(params: {
+  ws: Awaited<ReturnType<typeof startServerWithClient>>["ws"];
+  createSessionDir: () => Promise<string>;
+  historyMaxBytes?: number;
+}) {
+  if (params.historyMaxBytes !== undefined) {
+    __setMaxChatHistoryMessagesBytesForTest(params.historyMaxBytes);
+  }
+  await connectOk(params.ws);
+  const sessionDir = await params.createSessionDir();
+  await writeMainSessionStore();
+  return sessionDir;
+}
+
 describe("gateway server chat", () => {
   test("smoke: caps history payload and preserves routing metadata", async () => {
     await withGatewayChatHarness(async ({ ws, createSessionDir }) => {
       const historyMaxBytes = 64 * 1024;
-      __setMaxChatHistoryMessagesBytesForTest(historyMaxBytes);
-      await connectOk(ws);
-
-      const sessionDir = await createSessionDir();
-      await writeMainSessionStore();
+      const sessionDir = await prepareMainHistoryHarness({
+        ws,
+        createSessionDir,
+        historyMaxBytes,
+      });
 
       const bigText = "x".repeat(2_000);
       const historyLines: string[] = [];
@@ -180,11 +194,11 @@ describe("gateway server chat", () => {
   test("chat.history hard-caps single oversized nested payloads", async () => {
     await withGatewayChatHarness(async ({ ws, createSessionDir }) => {
       const historyMaxBytes = 64 * 1024;
-      __setMaxChatHistoryMessagesBytesForTest(historyMaxBytes);
-      await connectOk(ws);
-
-      const sessionDir = await createSessionDir();
-      await writeMainSessionStore();
+      const sessionDir = await prepareMainHistoryHarness({
+        ws,
+        createSessionDir,
+        historyMaxBytes,
+      });
 
       const hugeNestedText = "n".repeat(120_000);
       const oversizedLine = JSON.stringify({
@@ -219,11 +233,11 @@ describe("gateway server chat", () => {
   test("chat.history keeps recent small messages when latest message is oversized", async () => {
     await withGatewayChatHarness(async ({ ws, createSessionDir }) => {
       const historyMaxBytes = 64 * 1024;
-      __setMaxChatHistoryMessagesBytesForTest(historyMaxBytes);
-      await connectOk(ws);
-
-      const sessionDir = await createSessionDir();
-      await writeMainSessionStore();
+      const sessionDir = await prepareMainHistoryHarness({
+        ws,
+        createSessionDir,
+        historyMaxBytes,
+      });
 
       const baseText = "s".repeat(1_200);
       const lines: string[] = [];
diff --git a/src/gateway/server.chat.gateway-server-chat.test.ts b/src/gateway/server.chat.gateway-server-chat.test.ts
index 76c51cd6d78..77b6784b146 100644
--- a/src/gateway/server.chat.gateway-server-chat.test.ts
+++ b/src/gateway/server.chat.gateway-server-chat.test.ts
@@ -141,6 +141,36 @@ describe("gateway server chat", () => {
     expect(res.payload?.startedAt).toBe(startedAt);
   };
 
+  const sendChatAndExpectStarted = async (runId: string, message = "/context list") => {
+    const res = await rpcReq(ws, "chat.send", {
+      sessionKey: "main",
+      message,
+      idempotencyKey: runId,
+    });
+    expect(res.ok).toBe(true);
+    expect(res.payload?.status).toBe("started");
+    return res;
+  };
+
+  const waitForAgentRunOk = async (runId: string, timeoutMs = 1_000) => {
+    const res = await rpcReq(ws, "agent.wait", {
+      runId,
+      timeoutMs,
+    });
+    expect(res.ok).toBe(true);
+    expect(res.payload?.status).toBe("ok");
+    return res;
+  };
+
+  const abortChatRun = async (runId: string) => {
+    const res = await rpcReq(ws, "chat.abort", {
+      sessionKey: "main",
+      runId,
+    });
+    expect(res.ok).toBe(true);
+    return res;
+  };
+
   const mockBlockedChatReply = () => {
     let releaseBlockedReply: (() => void) | undefined;
     const blockedReply = new Promise<void>((resolve) => {
@@ -467,6 +497,103 @@ describe("gateway server chat", () => {
     });
   });
 
+  test("routes /btw replies through side-result events without transcript injection", async () => {
+    await withMainSessionStore(async () => {
+      const replyMock = vi.mocked(getReplyFromConfig);
+      replyMock.mockResolvedValueOnce({
+        text: "323",
+        btw: { question: "what is 17 * 19?" },
+      });
+      const sideResultPromise = onceMessage(
+        ws,
+        (o) =>
+          o.type === "event" &&
+          o.event === "chat.side_result" &&
+          o.payload?.kind === "btw" &&
+          o.payload?.runId === "idem-btw-1",
+        8000,
+      );
+      const finalPromise = onceMessage(
+        ws,
+        (o) =>
+          o.type === "event" &&
+          o.event === "chat" &&
+          o.payload?.state === "final" &&
+          o.payload?.runId === "idem-btw-1",
+        8000,
+      );
+
+      const res = await rpcReq(ws, "chat.send", {
+        sessionKey: "main",
+        message: "/btw what is 17 * 19?",
+        idempotencyKey: "idem-btw-1",
+      });
+
+      expect(res.ok).toBe(true);
+      const sideResult = await sideResultPromise;
+      const finalEvent = await finalPromise;
+      expect(sideResult.payload).toMatchObject({
+        kind: "btw",
+        runId: "idem-btw-1",
+        sessionKey: "main",
+        question: "what is 17 * 19?",
+        text: "323",
+      });
+      expect(finalEvent.payload).toMatchObject({
+        runId: "idem-btw-1",
+        sessionKey: "main",
+        state: "final",
+      });
+
+      const historyRes = await rpcReq<{ messages?: unknown[] }>(ws, "chat.history", {
+        sessionKey: "main",
+      });
+      expect(historyRes.ok).toBe(true);
+      expect(historyRes.payload?.messages ?? []).toEqual([]);
+    });
+  });
+
+  test("routes block-streamed /btw replies through side-result events", async () => {
+    await withMainSessionStore(async () => {
+      const replyMock = vi.mocked(getReplyFromConfig);
+      replyMock.mockImplementationOnce(async (_ctx, opts) => {
+        await opts?.onBlockReply?.({
+          text: "first chunk",
+          btw: { question: "what changed?" },
+        });
+        await opts?.onBlockReply?.({
+          text: "second chunk",
+          btw: { question: "what changed?" },
+        });
+        return undefined;
+      });
+      const sideResultPromise = onceMessage(
+        ws,
+        (o) =>
+          o.type === "event" &&
+          o.event === "chat.side_result" &&
+          o.payload?.kind === "btw" &&
+          o.payload?.runId === "idem-btw-block-1",
+        8000,
+      );
+
+      const res = await rpcReq(ws, "chat.send", {
+        sessionKey: "main",
+        message: "/btw what changed?",
+        idempotencyKey: "idem-btw-block-1",
+      });
+
+      expect(res.ok).toBe(true);
+      const sideResult = await sideResultPromise;
+      expect(sideResult.payload).toMatchObject({
+        kind: "btw",
+        runId: "idem-btw-block-1",
+        question: "what changed?",
+        text: "first chunk\n\nsecond chunk",
+      });
+    });
+  });
+
   test("chat.history hides assistant NO_REPLY-only entries and keeps mixed-content assistant entries", async () => {
     const historyMessages = await loadChatHistoryWithMessages(buildNoReplyHistoryFixture(true));
     const roleAndText = historyMessages
@@ -497,37 +624,11 @@ describe("gateway server chat", () => {
   });
 
   test("agent.wait resolves chat.send runs that finish without lifecycle events", async () => {
-    const dir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-gw-"));
-    try {
-      testState.sessionStorePath = path.join(dir, "sessions.json");
-      await writeSessionStore({
-        entries: {
-          main: {
-            sessionId: "sess-main",
-            updatedAt: Date.now(),
-          },
-        },
-      });
-
+    await withMainSessionStore(async () => {
       const runId = "idem-wait-chat-1";
-      const sendRes = await rpcReq(ws, "chat.send", {
-        sessionKey: "main",
-        message: "/context list",
-        idempotencyKey: runId,
-      });
-      expect(sendRes.ok).toBe(true);
-      expect(sendRes.payload?.status).toBe("started");
-
-      const waitRes = await rpcReq(ws, "agent.wait", {
-        runId,
-        timeoutMs: 1_000,
-      });
-      expect(waitRes.ok).toBe(true);
-      expect(waitRes.payload?.status).toBe("ok");
-    } finally {
-      testState.sessionStorePath = undefined;
-      await fs.rm(dir, { recursive: true, force: true });
-    }
+      await sendChatAndExpectStarted(runId);
+      await waitForAgentRunOk(runId);
+    });
   });
 
   test("agent.wait ignores stale chat dedupe when an agent run with the same runId is in flight", async () => {
@@ -554,20 +655,8 @@ describe("gateway server chat", () => {
       });
 
       const runId = "idem-wait-chat-vs-agent";
-      const sendRes = await rpcReq(ws, "chat.send", {
-        sessionKey: "main",
-        message: "/context list",
-        idempotencyKey: runId,
-      });
-      expect(sendRes.ok).toBe(true);
-      expect(sendRes.payload?.status).toBe("started");
-
-      const chatWaitRes = await rpcReq(ws, "agent.wait", {
-        runId,
-        timeoutMs: 1_000,
-      });
-      expect(chatWaitRes.ok).toBe(true);
-      expect(chatWaitRes.payload?.status).toBe("ok");
+      await sendChatAndExpectStarted(runId);
+      await waitForAgentRunOk(runId);
 
       const agentRes = await rpcReq(ws, "agent", {
         sessionKey: "main",
@@ -584,12 +673,7 @@ describe("gateway server chat", () => {
       expectAgentWaitTimeout(waitWhileAgentInFlight);
 
       resolveAgentRun?.();
-      const waitAfterAgentCompletion = await rpcReq(ws, "agent.wait", {
-        runId,
-        timeoutMs: 1_000,
-      });
-      expect(waitAfterAgentCompletion.ok).toBe(true);
-      expect(waitAfterAgentCompletion.payload?.status).toBe("ok");
+      await waitForAgentRunOk(runId);
     } finally {
       resolveAgentRun?.();
       testState.sessionStorePath = undefined;
@@ -618,13 +702,7 @@ describe("gateway server chat", () => {
       const releaseBlockedReply = mockBlockedChatReply();
 
       try {
-        const chatRes = await rpcReq(ws, "chat.send", {
-          sessionKey: "main",
-          message: "hold chat run open",
-          idempotencyKey: runId,
-        });
-        expect(chatRes.ok).toBe(true);
-        expect(chatRes.payload?.status).toBe("started");
+        await sendChatAndExpectStarted(runId, "hold chat run open");
 
         const waitWhileChatActive = await rpcReq(ws, "agent.wait", {
           runId,
@@ -632,11 +710,7 @@ describe("gateway server chat", () => {
         });
         expectAgentWaitTimeout(waitWhileChatActive);
 
-        const abortRes = await rpcReq(ws, "chat.abort", {
-          sessionKey: "main",
-          runId,
-        });
-        expect(abortRes.ok).toBe(true);
+        await abortChatRun(runId);
       } finally {
         releaseBlockedReply();
       }
@@ -649,13 +723,7 @@ describe("gateway server chat", () => {
       const releaseBlockedReply = mockBlockedChatReply();
 
       try {
-        const chatRes = await rpcReq(ws, "chat.send", {
-          sessionKey: "main",
-          message: "hold chat run open",
-          idempotencyKey: runId,
-        });
-        expect(chatRes.ok).toBe(true);
-        expect(chatRes.payload?.status).toBe("started");
+        await sendChatAndExpectStarted(runId, "hold chat run open");
 
         const waitP = rpcReq(ws, "agent.wait", {
           runId,
@@ -678,11 +746,7 @@ describe("gateway server chat", () => {
         expect(waitRes.ok).toBe(true);
         expect(waitRes.payload?.status).toBe("ok");
 
-        const abortRes = await rpcReq(ws, "chat.abort", {
-          sessionKey: "main",
-          runId,
-        });
-        expect(abortRes.ok).toBe(true);
+        await abortChatRun(runId);
       } finally {
         releaseBlockedReply();
       }
diff --git a/src/gateway/server.cron.test.ts b/src/gateway/server.cron.test.ts
index 2590f63c23d..efdbecba004 100644
--- a/src/gateway/server.cron.test.ts
+++ b/src/gateway/server.cron.test.ts
@@ -179,6 +179,13 @@ async function addWebhookCronJob(params: {
   return expectCronJobIdFromResponse(response);
 }
 
+async function writeCronConfig(config: unknown) {
+  const configPath = process.env.OPENCLAW_CONFIG_PATH;
+  expect(typeof configPath).toBe("string");
+  await fs.mkdir(path.dirname(configPath as string), { recursive: true });
+  await fs.writeFile(configPath as string, JSON.stringify(config, null, 2), "utf-8");
+}
+
 async function runCronJobForce(ws: WebSocket, id: string) {
   const response = await rpcReq(ws, "cron.run", { id, mode: "force" }, 20_000);
   expect(response.ok).toBe(true);
@@ -186,6 +193,15 @@ async function runCronJobForce(ws: WebSocket, id: string) {
   return response;
 }
 
+async function runCronJobAndWaitForFinished(ws: WebSocket, jobId: string) {
+  const finished = waitForCronEvent(
+    ws,
+    (payload) => payload?.jobId === jobId && payload?.action === "finished",
+  );
+  await runCronJobForce(ws, jobId);
+  await finished;
+}
+
 function getWebhookCall(index: number) {
   const [args] = fetchWithSsrFGuardMock.mock.calls[index] as unknown as [
     {
@@ -720,23 +736,12 @@ describe("gateway server cron", () => {
       jobs: [legacyNotifyJob],
     });
 
-    const configPath = process.env.OPENCLAW_CONFIG_PATH;
-    expect(typeof configPath).toBe("string");
-    await fs.mkdir(path.dirname(configPath as string), { recursive: true });
-    await fs.writeFile(
-      configPath as string,
-      JSON.stringify(
-        {
-          cron: {
-            webhook: "https://legacy.example.invalid/cron-finished",
-            webhookToken: "cron-webhook-token",
-          },
-        },
-        null,
-        2,
-      ),
-      "utf-8",
-    );
+    await writeCronConfig({
+      cron: {
+        webhook: "https://legacy.example.invalid/cron-finished",
+        webhookToken: "cron-webhook-token",
+      },
+    });
 
     fetchWithSsrFGuardMock.mockClear();
 
@@ -760,12 +765,7 @@ describe("gateway server cron", () => {
         name: "webhook enabled",
         delivery: { mode: "webhook", to: "https://example.invalid/cron-finished" },
       });
-      const notifyFinished = waitForCronEvent(
-        ws,
-        (payload) => payload?.jobId === notifyJobId && payload?.action === "finished",
-      );
-      await runCronJobForce(ws, notifyJobId);
-      await notifyFinished;
+      await runCronJobAndWaitForFinished(ws, notifyJobId);
       const notifyCall = getWebhookCall(0);
       expect(notifyCall.url).toBe("https://example.invalid/cron-finished");
       expect(notifyCall.init.method).toBe("POST");
@@ -899,24 +899,13 @@ describe("gateway server cron", () => {
       cronEnabled: false,
     });
 
-    const configPath = process.env.OPENCLAW_CONFIG_PATH;
-    expect(typeof configPath).toBe("string");
-    await fs.mkdir(path.dirname(configPath as string), { recursive: true });
-    await fs.writeFile(
-      configPath as string,
-      JSON.stringify(
-        {
-          cron: {
-            webhookToken: {
-              opaque: true,
-            },
-          },
+    await writeCronConfig({
+      cron: {
+        webhookToken: {
+          opaque: true,
         },
-        null,
-        2,
-      ),
-      "utf-8",
-    );
+      },
+    });
 
     fetchWithSsrFGuardMock.mockClear();
 
@@ -929,12 +918,7 @@ describe("gateway server cron", () => {
         name: "webhook secretinput object",
         delivery: { mode: "webhook", to: "https://example.invalid/cron-finished" },
       });
-      const notifyFinished = waitForCronEvent(
-        ws,
-        (payload) => payload?.jobId === notifyJobId && payload?.action === "finished",
-      );
-      await runCronJobForce(ws, notifyJobId);
-      await notifyFinished;
+      await runCronJobAndWaitForFinished(ws, notifyJobId);
       const [notifyArgs] = fetchWithSsrFGuardMock.mock.calls[0] as unknown as [
         {
           url?: string;
diff --git a/src/gateway/server.hooks.test.ts b/src/gateway/server.hooks.test.ts
index 612e7db865b..943565a9b50 100644
--- a/src/gateway/server.hooks.test.ts
+++ b/src/gateway/server.hooks.test.ts
@@ -62,6 +62,42 @@ function mockIsolatedRunOkOnce(): void {
   });
 }
 
+function mockIsolatedRunOk(): void {
+  cronIsolatedRun.mockClear();
+  cronIsolatedRun.mockResolvedValue({
+    status: "ok",
+    summary: "done",
+  });
+}
+
+async function postAgentHookWithIdempotency(
+  port: number,
+  idempotencyKey: string,
+  headers?: Record<string, string>,
+) {
+  const response = await postHook(
+    port,
+    "/hooks/agent",
+    { message: "Do it", name: "Email" },
+    { headers: { "Idempotency-Key": idempotencyKey, ...headers } },
+  );
+  expect(response.status).toBe(200);
+  return response;
+}
+
+async function expectFirstHookDelivery(
+  port: number,
+  idempotencyKey: string,
+  headers?: Record<string, string>,
+) {
+  const first = await postAgentHookWithIdempotency(port, idempotencyKey, headers);
+  const firstBody = (await first.json()) as { runId?: string };
+  expect(firstBody.runId).toBeTruthy();
+  await waitForSystemEvent();
+  drainSystemEvents(resolveMainKey());
+  return firstBody;
+}
+
 describe("gateway server hooks", () => {
   test("handles auth, wake, and agent flows", async () => {
     testState.hooksConfig = { enabled: true, token: HOOK_TOKEN };
@@ -288,29 +324,11 @@ describe("gateway server hooks", () => {
   test("dedupes repeated /hooks/agent deliveries by idempotency key", async () => {
     testState.hooksConfig = { enabled: true, token: HOOK_TOKEN };
     await withGatewayServer(async ({ port }) => {
-      cronIsolatedRun.mockClear();
-      cronIsolatedRun.mockResolvedValue({ status: "ok", summary: "done" });
-
-      const first = await postHook(
-        port,
-        "/hooks/agent",
-        { message: "Do it", name: "Email" },
-        { headers: { "Idempotency-Key": "hook-idem-1" } },
-      );
-      expect(first.status).toBe(200);
-      const firstBody = (await first.json()) as { runId?: string };
-      expect(firstBody.runId).toBeTruthy();
-      await waitForSystemEvent();
+      mockIsolatedRunOk();
+      const firstBody = await expectFirstHookDelivery(port, "hook-idem-1");
       expect(cronIsolatedRun).toHaveBeenCalledTimes(1);
-      drainSystemEvents(resolveMainKey());
 
-      const second = await postHook(
-        port,
-        "/hooks/agent",
-        { message: "Do it", name: "Email" },
-        { headers: { "Idempotency-Key": "hook-idem-1" } },
-      );
-      expect(second.status).toBe(200);
+      const second = await postAgentHookWithIdempotency(port, "hook-idem-1");
       const secondBody = (await second.json()) as { runId?: string };
       expect(secondBody.runId).toBe(firstBody.runId);
       expect(cronIsolatedRun).toHaveBeenCalledTimes(1);
@@ -329,37 +347,13 @@ describe("gateway server hooks", () => {
     );
 
     await withGatewayServer(async ({ port }) => {
-      cronIsolatedRun.mockClear();
-      cronIsolatedRun.mockResolvedValue({ status: "ok", summary: "done" });
-
-      const first = await postHook(
-        port,
-        "/hooks/agent",
-        { message: "Do it", name: "Email" },
-        {
-          headers: {
-            "Idempotency-Key": "hook-idem-forwarded",
-            "X-Forwarded-For": "198.51.100.10",
-          },
-        },
-      );
-      expect(first.status).toBe(200);
-      const firstBody = (await first.json()) as { runId?: string };
-      await waitForSystemEvent();
-      drainSystemEvents(resolveMainKey());
-
-      const second = await postHook(
-        port,
-        "/hooks/agent",
-        { message: "Do it", name: "Email" },
-        {
-          headers: {
-            "Idempotency-Key": "hook-idem-forwarded",
-            "X-Forwarded-For": "203.0.113.25",
-          },
-        },
-      );
-      expect(second.status).toBe(200);
+      mockIsolatedRunOk();
+      const firstBody = await expectFirstHookDelivery(port, "hook-idem-forwarded", {
+        "X-Forwarded-For": "198.51.100.10",
+      });
+      const second = await postAgentHookWithIdempotency(port, "hook-idem-forwarded", {
+        "X-Forwarded-For": "203.0.113.25",
+      });
       const secondBody = (await second.json()) as { runId?: string };
       expect(secondBody.runId).toBe(firstBody.runId);
       expect(cronIsolatedRun).toHaveBeenCalledTimes(1);
@@ -371,26 +365,9 @@ describe("gateway server hooks", () => {
     const oversizedKey = "x".repeat(257);
 
     await withGatewayServer(async ({ port }) => {
-      cronIsolatedRun.mockClear();
-      cronIsolatedRun.mockResolvedValue({ status: "ok", summary: "done" });
-
-      const first = await postHook(
-        port,
-        "/hooks/agent",
-        { message: "Do it", name: "Email" },
-        { headers: { "Idempotency-Key": oversizedKey } },
-      );
-      expect(first.status).toBe(200);
-      await waitForSystemEvent();
-      drainSystemEvents(resolveMainKey());
-
-      const second = await postHook(
-        port,
-        "/hooks/agent",
-        { message: "Do it", name: "Email" },
-        { headers: { "Idempotency-Key": oversizedKey } },
-      );
-      expect(second.status).toBe(200);
+      mockIsolatedRunOk();
+      await expectFirstHookDelivery(port, oversizedKey);
+      await postAgentHookWithIdempotency(port, oversizedKey);
       await waitForSystemEvent();
 
       expect(cronIsolatedRun).toHaveBeenCalledTimes(2);
@@ -403,19 +380,8 @@ describe("gateway server hooks", () => {
     nowSpy.mockReturnValue(1_000_000);
 
     await withGatewayServer(async ({ port }) => {
-      cronIsolatedRun.mockClear();
-      cronIsolatedRun.mockResolvedValue({ status: "ok", summary: "done" });
-
-      const first = await postHook(
-        port,
-        "/hooks/agent",
-        { message: "Do it", name: "Email" },
-        { headers: { "Idempotency-Key": "fixed-window-idem" } },
-      );
-      expect(first.status).toBe(200);
-      const firstBody = (await first.json()) as { runId?: string };
-      await waitForSystemEvent();
-      drainSystemEvents(resolveMainKey());
+      mockIsolatedRunOk();
+      const firstBody = await expectFirstHookDelivery(port, "fixed-window-idem");
 
       nowSpy.mockReturnValue(1_000_000 + DEDUPE_TTL_MS - 1);
       const second = await postHook(
diff --git a/src/gateway/server.models-voicewake-misc.test.ts b/src/gateway/server.models-voicewake-misc.test.ts
index 6b95ff62d25..ef461ce4a7a 100644
--- a/src/gateway/server.models-voicewake-misc.test.ts
+++ b/src/gateway/server.models-voicewake-misc.test.ts
@@ -51,18 +51,21 @@ beforeAll(async () => {
 const whatsappOutbound: ChannelOutboundAdapter = {
   deliveryMode: "direct",
   sendText: async ({ deps, to, text }) => {
-    if (!deps?.sendWhatsApp) {
-      throw new Error("Missing sendWhatsApp dep");
-    }
-    return { channel: "whatsapp", ...(await deps.sendWhatsApp(to, text, { verbose: false })) };
-  },
-  sendMedia: async ({ deps, to, text, mediaUrl }) => {
-    if (!deps?.sendWhatsApp) {
+    if (!deps?.["whatsapp"]) {
       throw new Error("Missing sendWhatsApp dep");
     }
     return {
       channel: "whatsapp",
-      ...(await deps.sendWhatsApp(to, text, { verbose: false, mediaUrl })),
+      ...(await (deps["whatsapp"] as Function)(to, text, { verbose: false })),
+    };
+  },
+  sendMedia: async ({ deps, to, text, mediaUrl }) => {
+    if (!deps?.["whatsapp"]) {
+      throw new Error("Missing sendWhatsApp dep");
+    }
+    return {
+      channel: "whatsapp",
+      ...(await (deps["whatsapp"] as Function)(to, text, { verbose: false, mediaUrl })),
     };
   },
 };
diff --git a/src/gateway/server.plugin-http-auth.test.ts b/src/gateway/server.plugin-http-auth.test.ts
index 6eb9399e23a..029719b01cc 100644
--- a/src/gateway/server.plugin-http-auth.test.ts
+++ b/src/gateway/server.plugin-http-auth.test.ts
@@ -32,6 +32,37 @@ function respondJsonRoute(res: ServerResponse, route: string): true {
   return true;
 }
 
+function createHealthzPluginHandler() {
+  return vi.fn(async (req: IncomingMessage, res: ServerResponse) => {
+    const pathname = new URL(req.url ?? "/", "http://localhost").pathname;
+    if (pathname !== "/healthz") {
+      return false;
+    }
+    return respondJsonRoute(res, "plugin-health");
+  });
+}
+
+async function expectHealthzPluginShadow(params: {
+  server: Parameters<typeof sendRequest>[0];
+  handlePluginRequest: ReturnType<typeof createHealthzPluginHandler>;
+}) {
+  const response = await sendRequest(params.server, { path: "/healthz" });
+  expect(response.res.statusCode).toBe(200);
+  expect(response.getBody()).toBe(JSON.stringify({ ok: true, route: "plugin-health" }));
+  expect(params.handlePluginRequest).toHaveBeenCalledTimes(1);
+}
+
+function createMattermostCallbackConfig(callbackPath: string) {
+  return {
+    gateway: { trustedProxies: [] },
+    channels: {
+      mattermost: {
+        commands: { callbackPath },
+      },
+    },
+  };
+}
+
 function createRootMountedControlUiOverrides(handlePluginRequest: PluginRequestHandler) {
   return {
     controlUiEnabled: true,
@@ -121,26 +152,14 @@ describe("gateway plugin HTTP auth boundary", () => {
   });
 
   test("does not shadow plugin routes mounted on probe paths", async () => {
-    const handlePluginRequest = vi.fn(async (req: IncomingMessage, res: ServerResponse) => {
-      const pathname = new URL(req.url ?? "/", "http://localhost").pathname;
-      if (pathname === "/healthz") {
-        res.statusCode = 200;
-        res.setHeader("Content-Type", "application/json; charset=utf-8");
-        res.end(JSON.stringify({ ok: true, route: "plugin-health" }));
-        return true;
-      }
-      return false;
-    });
+    const handlePluginRequest = createHealthzPluginHandler();
 
     await withGatewayServer({
       prefix: "openclaw-plugin-http-probes-shadow-test-",
       resolvedAuth: AUTH_NONE,
       overrides: { handlePluginRequest },
       run: async (server) => {
-        const response = await sendRequest(server, { path: "/healthz" });
-        expect(response.res.statusCode).toBe(200);
-        expect(response.getBody()).toBe(JSON.stringify({ ok: true, route: "plugin-health" }));
-        expect(handlePluginRequest).toHaveBeenCalledTimes(1);
+        await expectHealthzPluginShadow({ server, handlePluginRequest });
       },
     });
   });
@@ -238,14 +257,7 @@ describe("gateway plugin HTTP auth boundary", () => {
     });
 
     await withTempConfig({
-      cfg: {
-        gateway: { trustedProxies: [] },
-        channels: {
-          mattermost: {
-            commands: { callbackPath: "/api/channels/mattermost/command" },
-          },
-        },
-      },
+      cfg: createMattermostCallbackConfig("/api/channels/mattermost/command"),
       prefix: "openclaw-plugin-http-auth-mm-callback-",
       run: async () => {
         const server = createTestGatewayServer({
@@ -281,14 +293,7 @@ describe("gateway plugin HTTP auth boundary", () => {
     });
 
     await withTempConfig({
-      cfg: {
-        gateway: { trustedProxies: [] },
-        channels: {
-          mattermost: {
-            commands: { callbackPath: "/api/channels/nostr/default/profile" },
-          },
-        },
-      },
+      cfg: createMattermostCallbackConfig("/api/channels/nostr/default/profile"),
       prefix: "openclaw-plugin-http-auth-mm-misconfig-",
       run: async () => {
         const server = createTestGatewayServer({
@@ -512,26 +517,13 @@ describe("gateway plugin HTTP auth boundary", () => {
   });
 
   test("root-mounted control ui still lets plugins claim probe paths first", async () => {
-    const handlePluginRequest = vi.fn(async (req: IncomingMessage, res: ServerResponse) => {
-      const pathname = new URL(req.url ?? "/", "http://localhost").pathname;
-      if (pathname !== "/healthz") {
-        return false;
-      }
-      res.statusCode = 200;
-      res.setHeader("Content-Type", "application/json; charset=utf-8");
-      res.end(JSON.stringify({ ok: true, route: "plugin-health" }));
-      return true;
-    });
+    const handlePluginRequest = createHealthzPluginHandler();
 
     await withRootMountedControlUiServer({
       prefix: "openclaw-plugin-http-control-ui-probe-shadow-test-",
       handlePluginRequest,
       run: async (server) => {
-        const response = await sendRequest(server, { path: "/healthz" });
-
-        expect(response.res.statusCode).toBe(200);
-        expect(response.getBody()).toBe(JSON.stringify({ ok: true, route: "plugin-health" }));
-        expect(handlePluginRequest).toHaveBeenCalledTimes(1);
+        await expectHealthzPluginShadow({ server, handlePluginRequest });
       },
     });
   });
diff --git a/src/gateway/server.reload.test.ts b/src/gateway/server.reload.test.ts
index d62a3e90968..da749fc6501 100644
--- a/src/gateway/server.reload.test.ts
+++ b/src/gateway/server.reload.test.ts
@@ -218,80 +218,52 @@ describe("gateway hot reload", () => {
   });
 
   async function writeEnvRefConfig() {
+    await writeConfigFile({
+      models: {
+        providers: {
+          openai: {
+            baseUrl: "https://api.openai.com/v1",
+            apiKey: { source: "env", provider: "default", id: "OPENAI_API_KEY" },
+            models: [],
+          },
+        },
+      },
+    });
+  }
+
+  async function writeConfigFile(config: unknown) {
     const configPath = process.env.OPENCLAW_CONFIG_PATH;
     if (!configPath) {
       throw new Error("OPENCLAW_CONFIG_PATH is not set");
     }
-    await fs.writeFile(
-      configPath,
-      `${JSON.stringify(
-        {
-          models: {
-            providers: {
-              openai: {
-                baseUrl: "https://api.openai.com/v1",
-                apiKey: { source: "env", provider: "default", id: "OPENAI_API_KEY" },
-                models: [],
-              },
-            },
-          },
-        },
-        null,
-        2,
-      )}\n`,
-      "utf8",
-    );
+    await fs.writeFile(configPath, `${JSON.stringify(config, null, 2)}\n`, "utf8");
   }
 
   async function writeTalkApiKeyEnvRefConfig(refId = "TALK_API_KEY_REF") {
-    const configPath = process.env.OPENCLAW_CONFIG_PATH;
-    if (!configPath) {
-      throw new Error("OPENCLAW_CONFIG_PATH is not set");
-    }
-    await fs.writeFile(
-      configPath,
-      `${JSON.stringify(
-        {
-          talk: {
-            apiKey: { source: "env", provider: "default", id: refId },
-          },
-        },
-        null,
-        2,
-      )}\n`,
-      "utf8",
-    );
+    await writeConfigFile({
+      talk: {
+        apiKey: { source: "env", provider: "default", id: refId },
+      },
+    });
   }
 
   async function writeGatewayTraversalExecRefConfig() {
-    const configPath = process.env.OPENCLAW_CONFIG_PATH;
-    if (!configPath) {
-      throw new Error("OPENCLAW_CONFIG_PATH is not set");
-    }
-    await fs.writeFile(
-      configPath,
-      `${JSON.stringify(
-        {
-          gateway: {
-            auth: {
-              mode: "token",
-              token: { source: "exec", provider: "vault", id: "a/../b" },
-            },
-          },
-          secrets: {
-            providers: {
-              vault: {
-                source: "exec",
-                command: process.execPath,
-              },
-            },
+    await writeConfigFile({
+      gateway: {
+        auth: {
+          mode: "token",
+          token: { source: "exec", provider: "vault", id: "a/../b" },
+        },
+      },
+      secrets: {
+        providers: {
+          vault: {
+            source: "exec",
+            command: process.execPath,
           },
         },
-        null,
-        2,
-      )}\n`,
-      "utf8",
-    );
+      },
+    });
   }
 
   async function writeGatewayTokenExecRefConfig(params: {
@@ -299,36 +271,24 @@ describe("gateway hot reload", () => {
     modePath: string;
     tokenValue: string;
   }) {
-    const configPath = process.env.OPENCLAW_CONFIG_PATH;
-    if (!configPath) {
-      throw new Error("OPENCLAW_CONFIG_PATH is not set");
-    }
-    await fs.writeFile(
-      configPath,
-      `${JSON.stringify(
-        {
-          gateway: {
-            auth: {
-              mode: "token",
-              token: { source: "exec", provider: "vault", id: "gateway/token" },
-            },
-          },
-          secrets: {
-            providers: {
-              vault: {
-                source: "exec",
-                command: process.execPath,
-                allowSymlinkCommand: true,
-                args: [params.resolverScriptPath, params.modePath, params.tokenValue],
-              },
-            },
+    await writeConfigFile({
+      gateway: {
+        auth: {
+          mode: "token",
+          token: { source: "exec", provider: "vault", id: "gateway/token" },
+        },
+      },
+      secrets: {
+        providers: {
+          vault: {
+            source: "exec",
+            command: process.execPath,
+            allowSymlinkCommand: true,
+            args: [params.resolverScriptPath, params.modePath, params.tokenValue],
           },
         },
-        null,
-        2,
-      )}\n`,
-      "utf8",
-    );
+      },
+    });
   }
 
   async function writeDisabledSurfaceRefConfig() {
@@ -461,6 +421,32 @@ describe("gateway hot reload", () => {
     await fs.rm(authStorePath, { force: true });
   }
 
+  async function expectOneShotSecretReloadEvents(params: {
+    applyReload: () => Promise<unknown> | undefined;
+    sessionKey: string;
+    expectedError: RegExp | string;
+  }) {
+    await expect(params.applyReload()).rejects.toThrow(params.expectedError);
+    const degradedEvents = drainSystemEvents(params.sessionKey);
+    expect(degradedEvents.some((event) => event.includes("[SECRETS_RELOADER_DEGRADED]"))).toBe(
+      true,
+    );
+
+    await expect(params.applyReload()).rejects.toThrow(params.expectedError);
+    expect(drainSystemEvents(params.sessionKey)).toEqual([]);
+  }
+
+  async function expectSecretReloadRecovered(params: {
+    applyReload: () => Promise<unknown> | undefined;
+    sessionKey: string;
+  }) {
+    await expect(params.applyReload()).resolves.toBeUndefined();
+    const recoveredEvents = drainSystemEvents(params.sessionKey);
+    expect(recoveredEvents.some((event) => event.includes("[SECRETS_RELOADER_RECOVERED]"))).toBe(
+      true,
+    );
+  }
+
   it("applies hot reload actions and emits restart signal", async () => {
     await withGatewayServer(async () => {
       const onHotReload = hoisted.getOnHotReload();
@@ -512,14 +498,16 @@ describe("gateway hot reload", () => {
       );
 
       expect(hoisted.stopGmailWatcher).toHaveBeenCalled();
-      expect(hoisted.startGmailWatcher).toHaveBeenCalledWith(nextConfig);
+      expect(hoisted.startGmailWatcher).toHaveBeenCalledWith(expect.objectContaining(nextConfig));
 
       expect(hoisted.browserStop).toHaveBeenCalledTimes(1);
       expect(hoisted.startBrowserControlServerIfEnabled).toHaveBeenCalledTimes(2);
 
       expect(hoisted.startHeartbeatRunner).toHaveBeenCalledTimes(1);
       expect(hoisted.heartbeatUpdateConfig).toHaveBeenCalledTimes(1);
-      expect(hoisted.heartbeatUpdateConfig).toHaveBeenCalledWith(nextConfig);
+      expect(hoisted.heartbeatUpdateConfig).toHaveBeenCalledWith(
+        expect.objectContaining(nextConfig),
+      );
 
       expect(hoisted.cronInstances.length).toBe(2);
       expect(hoisted.cronInstances[0].stop).toHaveBeenCalledTimes(1);
@@ -649,25 +637,17 @@ describe("gateway hot reload", () => {
       };
 
       delete process.env.OPENAI_API_KEY;
-      await expect(onHotReload?.(plan, nextConfig)).rejects.toThrow(
-        'Environment variable "OPENAI_API_KEY" is missing or empty.',
-      );
-      const degradedEvents = drainSystemEvents(sessionKey);
-      expect(degradedEvents.some((event) => event.includes("[SECRETS_RELOADER_DEGRADED]"))).toBe(
-        true,
-      );
-
-      await expect(onHotReload?.(plan, nextConfig)).rejects.toThrow(
-        'Environment variable "OPENAI_API_KEY" is missing or empty.',
-      );
-      expect(drainSystemEvents(sessionKey)).toEqual([]);
+      await expectOneShotSecretReloadEvents({
+        applyReload: () => onHotReload?.(plan, nextConfig),
+        sessionKey,
+        expectedError: 'Environment variable "OPENAI_API_KEY" is missing or empty.',
+      });
 
       process.env.OPENAI_API_KEY = "sk-recovered"; // pragma: allowlist secret
-      await expect(onHotReload?.(plan, nextConfig)).resolves.toBeUndefined();
-      const recoveredEvents = drainSystemEvents(sessionKey);
-      expect(recoveredEvents.some((event) => event.includes("[SECRETS_RELOADER_RECOVERED]"))).toBe(
-        true,
-      );
+      await expectSecretReloadRecovered({
+        applyReload: () => onHotReload?.(plan, nextConfig),
+        sessionKey,
+      });
     });
   });
 
@@ -707,25 +687,17 @@ describe("gateway hot reload", () => {
       };
 
       delete process.env.GEMINI_API_KEY;
-      await expect(onHotReload?.(plan, nextConfig)).rejects.toThrow(
-        "[WEB_SEARCH_KEY_UNRESOLVED_NO_FALLBACK]",
-      );
-      const degradedEvents = drainSystemEvents(sessionKey);
-      expect(degradedEvents.some((event) => event.includes("[SECRETS_RELOADER_DEGRADED]"))).toBe(
-        true,
-      );
-
-      await expect(onHotReload?.(plan, nextConfig)).rejects.toThrow(
-        "[WEB_SEARCH_KEY_UNRESOLVED_NO_FALLBACK]",
-      );
-      expect(drainSystemEvents(sessionKey)).toEqual([]);
+      await expectOneShotSecretReloadEvents({
+        applyReload: () => onHotReload?.(plan, nextConfig),
+        sessionKey,
+        expectedError: "[WEB_SEARCH_KEY_UNRESOLVED_NO_FALLBACK]",
+      });
 
       process.env.GEMINI_API_KEY = "gemini-recovered-key"; // pragma: allowlist secret
-      await expect(onHotReload?.(plan, nextConfig)).resolves.toBeUndefined();
-      const recoveredEvents = drainSystemEvents(sessionKey);
-      expect(recoveredEvents.some((event) => event.includes("[SECRETS_RELOADER_RECOVERED]"))).toBe(
-        true,
-      );
+      await expectSecretReloadRecovered({
+        applyReload: () => onHotReload?.(plan, nextConfig),
+        sessionKey,
+      });
     });
   });
 
diff --git a/src/gateway/server.sessions.gateway-server-sessions-a.test.ts b/src/gateway/server.sessions.gateway-server-sessions-a.test.ts
index 034020a61fe..fdce44e33f4 100644
--- a/src/gateway/server.sessions.gateway-server-sessions-a.test.ts
+++ b/src/gateway/server.sessions.gateway-server-sessions-a.test.ts
@@ -102,8 +102,11 @@ vi.mock("../plugins/hook-runner-global.js", async (importOriginal) => {
   };
 });
 
-vi.mock("../discord/monitor/thread-bindings.js", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("../discord/monitor/thread-bindings.js")>();
+vi.mock("../../extensions/discord/src/monitor/thread-bindings.js", async (importOriginal) => {
+  const actual =
+    await importOriginal<
+      typeof import("../../extensions/discord/src/monitor/thread-bindings.js")
+    >();
   return {
     ...actual,
     unbindThreadBindingsBySessionKey: (params: unknown) =>
diff --git a/src/gateway/server/plugins-http.test.ts b/src/gateway/server/plugins-http.test.ts
index e5062686246..1a4866d7d23 100644
--- a/src/gateway/server/plugins-http.test.ts
+++ b/src/gateway/server/plugins-http.test.ts
@@ -111,6 +111,23 @@ function createSecurePluginRouteHandler(params: {
   });
 }
 
+async function invokeSecureGatewayRoute(params: { gatewayAuthSatisfied: boolean }) {
+  const exactPluginHandler = vi.fn(async () => false);
+  const prefixGatewayHandler = vi.fn(async () => true);
+  const handler = createSecurePluginRouteHandler({
+    exactPluginHandler,
+    prefixGatewayHandler,
+  });
+  const { res } = makeMockHttpResponse();
+  const handled = await handler(
+    { url: "/plugin/secure/report" } as IncomingMessage,
+    res,
+    undefined,
+    { gatewayAuthSatisfied: params.gatewayAuthSatisfied },
+  );
+  return { handled, exactPluginHandler, prefixGatewayHandler };
+}
+
 describe("createGatewayPluginRequestHandler", () => {
   it("caps unauthenticated plugin routes to non-admin subagent scopes", async () => {
     loadOpenClawPlugins.mockReset();
@@ -232,44 +249,18 @@ describe("createGatewayPluginRequestHandler", () => {
   });
 
   it("fails closed when a matched gateway route reaches dispatch without auth", async () => {
-    const exactPluginHandler = vi.fn(async () => false);
-    const prefixGatewayHandler = vi.fn(async () => true);
-    const handler = createSecurePluginRouteHandler({
-      exactPluginHandler,
-      prefixGatewayHandler,
+    const { handled, exactPluginHandler, prefixGatewayHandler } = await invokeSecureGatewayRoute({
+      gatewayAuthSatisfied: false,
     });
-
-    const { res } = makeMockHttpResponse();
-    const handled = await handler(
-      { url: "/plugin/secure/report" } as IncomingMessage,
-      res,
-      undefined,
-      {
-        gatewayAuthSatisfied: false,
-      },
-    );
     expect(handled).toBe(false);
     expect(exactPluginHandler).not.toHaveBeenCalled();
     expect(prefixGatewayHandler).not.toHaveBeenCalled();
   });
 
   it("allows gateway route fallthrough only after gateway auth succeeds", async () => {
-    const exactPluginHandler = vi.fn(async () => false);
-    const prefixGatewayHandler = vi.fn(async () => true);
-    const handler = createSecurePluginRouteHandler({
-      exactPluginHandler,
-      prefixGatewayHandler,
+    const { handled, exactPluginHandler, prefixGatewayHandler } = await invokeSecureGatewayRoute({
+      gatewayAuthSatisfied: true,
     });
-
-    const { res } = makeMockHttpResponse();
-    const handled = await handler(
-      { url: "/plugin/secure/report" } as IncomingMessage,
-      res,
-      undefined,
-      {
-        gatewayAuthSatisfied: true,
-      },
-    );
     expect(handled).toBe(true);
     expect(exactPluginHandler).toHaveBeenCalledTimes(1);
     expect(prefixGatewayHandler).toHaveBeenCalledTimes(1);
diff --git a/src/gateway/server/ws-connection/connect-policy.test.ts b/src/gateway/server/ws-connection/connect-policy.test.ts
index 88813663a85..670f73637ac 100644
--- a/src/gateway/server/ws-connection/connect-policy.test.ts
+++ b/src/gateway/server/ws-connection/connect-policy.test.ts
@@ -169,9 +169,47 @@ describe("ws connect policy", () => {
         isLocalClient: false,
       }).kind,
     ).toBe("allow");
+
+    const bypass = resolveControlUiAuthPolicy({
+      isControlUi: true,
+      controlUiConfig: { dangerouslyDisableDeviceAuth: true },
+      deviceRaw: null,
+    });
+    expect(
+      evaluateMissingDeviceIdentity({
+        hasDeviceIdentity: false,
+        role: "operator",
+        isControlUi: true,
+        controlUiAuthPolicy: bypass,
+        trustedProxyAuthOk: false,
+        sharedAuthOk: false,
+        authOk: false,
+        hasSharedAuth: false,
+        isLocalClient: false,
+      }).kind,
+    ).toBe("allow");
+
+    // Regression: dangerouslyDisableDeviceAuth bypass must NOT extend to node-role
+    // sessions — the break-glass flag is scoped to operator Control UI only.
+    // A device-less node-role connection must still be rejected even when the flag
+    // is set, to prevent the flag from being abused to admit unauthorized node
+    // registrations.
+    expect(
+      evaluateMissingDeviceIdentity({
+        hasDeviceIdentity: false,
+        role: "node",
+        isControlUi: true,
+        controlUiAuthPolicy: bypass,
+        trustedProxyAuthOk: false,
+        sharedAuthOk: false,
+        authOk: false,
+        hasSharedAuth: false,
+        isLocalClient: false,
+      }).kind,
+    ).toBe("reject-device-required");
   });
 
-  test("pairing bypass requires control-ui bypass + shared auth (or trusted-proxy auth)", () => {
+  test("dangerouslyDisableDeviceAuth skips pairing for operator control-ui only", () => {
     const bypass = resolveControlUiAuthPolicy({
       isControlUi: true,
       controlUiConfig: { dangerouslyDisableDeviceAuth: true },
@@ -182,10 +220,10 @@ describe("ws connect policy", () => {
       controlUiConfig: undefined,
       deviceRaw: null,
     });
-    expect(shouldSkipControlUiPairing(bypass, true, false)).toBe(true);
-    expect(shouldSkipControlUiPairing(bypass, false, false)).toBe(false);
-    expect(shouldSkipControlUiPairing(strict, true, false)).toBe(false);
-    expect(shouldSkipControlUiPairing(strict, false, true)).toBe(true);
+    expect(shouldSkipControlUiPairing(bypass, "operator", false)).toBe(true);
+    expect(shouldSkipControlUiPairing(bypass, "node", false)).toBe(false);
+    expect(shouldSkipControlUiPairing(strict, "operator", false)).toBe(false);
+    expect(shouldSkipControlUiPairing(strict, "operator", true)).toBe(true);
   });
 
   test("trusted-proxy control-ui bypass only applies to operator + trusted-proxy auth", () => {
diff --git a/src/gateway/server/ws-connection/connect-policy.ts b/src/gateway/server/ws-connection/connect-policy.ts
index f2467aedc98..c5c4c1d0a07 100644
--- a/src/gateway/server/ws-connection/connect-policy.ts
+++ b/src/gateway/server/ws-connection/connect-policy.ts
@@ -34,13 +34,16 @@ export function resolveControlUiAuthPolicy(params: {
 
 export function shouldSkipControlUiPairing(
   policy: ControlUiAuthPolicy,
-  sharedAuthOk: boolean,
+  role: GatewayRole,
   trustedProxyAuthOk = false,
 ): boolean {
   if (trustedProxyAuthOk) {
     return true;
   }
-  return policy.allowBypass && sharedAuthOk;
+  // dangerouslyDisableDeviceAuth is the break-glass path for Control UI
+  // operators. Keep pairing aligned with the missing-device bypass, including
+  // open-auth deployments where there is no shared token/password to prove.
+  return role === "operator" && policy.allowBypass;
 }
 
 export function isTrustedProxyControlUiOperatorAuth(params: {
@@ -82,6 +85,14 @@ export function evaluateMissingDeviceIdentity(params: {
   if (params.isControlUi && params.trustedProxyAuthOk) {
     return { kind: "allow" };
   }
+  if (params.isControlUi && params.controlUiAuthPolicy.allowBypass && params.role === "operator") {
+    // dangerouslyDisableDeviceAuth: true — operator has explicitly opted out of
+    // device-identity enforcement for this Control UI.  Allow for operator-role
+    // sessions only; node-role sessions must still satisfy device identity so
+    // that the break-glass flag cannot be abused to admit device-less node
+    // registrations (see #45405 review).
+    return { kind: "allow" };
+  }
   if (params.isControlUi && !params.controlUiAuthPolicy.allowBypass) {
     // Allow localhost Control UI connections when allowInsecureAuth is configured.
     // Localhost has no network interception risk, and browser SubtleCrypto
diff --git a/src/gateway/server/ws-connection/handshake-auth-helpers.test.ts b/src/gateway/server/ws-connection/handshake-auth-helpers.test.ts
index 8b7b7e521fd..cc064e35631 100644
--- a/src/gateway/server/ws-connection/handshake-auth-helpers.test.ts
+++ b/src/gateway/server/ws-connection/handshake-auth-helpers.test.ts
@@ -89,7 +89,7 @@ describe("handshake auth helpers", () => {
     ).toBe(false);
   });
 
-  it("skips backend self-pairing only for local shared-secret backend clients", () => {
+  it("skips backend self-pairing for local trusted backend clients", () => {
     const connectParams = {
       client: {
         id: GATEWAY_CLIENT_IDS.GATEWAY_CLIENT,
@@ -106,6 +106,15 @@ describe("handshake auth helpers", () => {
         authMethod: "token",
       }),
     ).toBe(true);
+    expect(
+      shouldSkipBackendSelfPairing({
+        connectParams,
+        isLocalClient: true,
+        hasBrowserOriginHeader: false,
+        sharedAuthOk: false,
+        authMethod: "device-token",
+      }),
+    ).toBe(true);
     expect(
       shouldSkipBackendSelfPairing({
         connectParams,
diff --git a/src/gateway/server/ws-connection/handshake-auth-helpers.ts b/src/gateway/server/ws-connection/handshake-auth-helpers.ts
index 8529cf55082..20dba4ca2a0 100644
--- a/src/gateway/server/ws-connection/handshake-auth-helpers.ts
+++ b/src/gateway/server/ws-connection/handshake-auth-helpers.ts
@@ -74,11 +74,14 @@ export function shouldSkipBackendSelfPairing(params: {
     return false;
   }
   const usesSharedSecretAuth = params.authMethod === "token" || params.authMethod === "password";
+  const usesDeviceTokenAuth = params.authMethod === "device-token";
+  // `authMethod === "device-token"` only reaches this helper after the caller
+  // has already accepted auth (`authOk === true`), so a separate
+  // `deviceTokenAuthOk` flag would be redundant here.
   return (
     params.isLocalClient &&
     !params.hasBrowserOriginHeader &&
-    params.sharedAuthOk &&
-    usesSharedSecretAuth
+    ((params.sharedAuthOk && usesSharedSecretAuth) || usesDeviceTokenAuth)
   );
 }
 
diff --git a/src/gateway/server/ws-connection/message-handler.ts b/src/gateway/server/ws-connection/message-handler.ts
index e226ebfc911..49f70915992 100644
--- a/src/gateway/server/ws-connection/message-handler.ts
+++ b/src/gateway/server/ws-connection/message-handler.ts
@@ -421,7 +421,12 @@ export function attachGatewayWsMessageHandler(params: {
               host: requestHost ?? "n/a",
               reason: originCheck.reason,
             });
-            sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, errorMessage);
+            sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, errorMessage, {
+              details: {
+                code: ConnectErrorDetailCodes.CONTROL_UI_ORIGIN_NOT_ALLOWED,
+                reason: originCheck.reason,
+              },
+            });
             close(1008, truncateCloseReason(errorMessage));
             return;
           }
@@ -669,14 +674,18 @@ export function attachGatewayWsMessageHandler(params: {
           authOk,
           authMethod,
         });
+        // auth.mode=none disables all authentication — device pairing is an
+        // auth mechanism and must also be skipped when the operator opted out.
         const skipPairing =
+          resolvedAuth.mode === "none" ||
           shouldSkipBackendSelfPairing({
             connectParams,
             isLocalClient,
             hasBrowserOriginHeader,
             sharedAuthOk,
             authMethod,
-          }) || shouldSkipControlUiPairing(controlUiAuthPolicy, sharedAuthOk, trustedProxyAuthOk);
+          }) ||
+          shouldSkipControlUiPairing(controlUiAuthPolicy, role, trustedProxyAuthOk);
         if (device && devicePublicKey && !skipPairing) {
           const formatAuditList = (items: string[] | undefined): string => {
             if (!items || items.length === 0) {
diff --git a/src/gateway/session-reset-service.ts b/src/gateway/session-reset-service.ts
index b0a5b0a54f0..b07bf0095dd 100644
--- a/src/gateway/session-reset-service.ts
+++ b/src/gateway/session-reset-service.ts
@@ -1,4 +1,5 @@
 import { randomUUID } from "node:crypto";
+import { unbindThreadBindingsBySessionKey } from "../../extensions/discord/src/monitor/thread-bindings.js";
 import { getAcpSessionManager } from "../acp/control-plane/manager.js";
 import { resolveDefaultAgentId } from "../agents/agent-scope.js";
 import { clearBootstrapSnapshot } from "../agents/bootstrap-cache.js";
@@ -12,7 +13,6 @@ import {
   type SessionEntry,
   updateSessionStore,
 } from "../config/sessions.js";
-import { unbindThreadBindingsBySessionKey } from "../discord/monitor/thread-bindings.js";
 import { logVerbose } from "../globals.js";
 import { createInternalHookEvent, triggerInternalHook } from "../hooks/internal-hooks.js";
 import { getGlobalHookRunner } from "../plugins/hook-runner-global.js";
diff --git a/src/gateway/startup-auth.test.ts b/src/gateway/startup-auth.test.ts
index bfd1912f28c..67dd4e00524 100644
--- a/src/gateway/startup-auth.test.ts
+++ b/src/gateway/startup-auth.test.ts
@@ -75,6 +75,22 @@ describe("ensureGatewayStartupAuth", () => {
     expect(mocks.writeConfigFile).not.toHaveBeenCalled();
   }
 
+  function createMissingGatewayTokenSecretRefConfig(): OpenClawConfig {
+    return {
+      gateway: {
+        auth: {
+          mode: "token",
+          token: { source: "env", provider: "default", id: "MISSING_GW_TOKEN" },
+        },
+      },
+      secrets: {
+        providers: {
+          default: { source: "env" },
+        },
+      },
+    };
+  }
+
   it("generates and persists a token when startup auth is missing", async () => {
     const result = await ensureGatewayStartupAuth({
       cfg: {},
@@ -94,25 +110,18 @@ describe("ensureGatewayStartupAuth", () => {
   });
 
   it("does not generate when token already exists", async () => {
-    const cfg: OpenClawConfig = {
-      gateway: {
-        auth: {
-          mode: "token",
-          token: "configured-token",
+    await expectResolvedToken({
+      cfg: {
+        gateway: {
+          auth: {
+            mode: "token",
+            token: "configured-token",
+          },
         },
       },
-    };
-    const result = await ensureGatewayStartupAuth({
-      cfg,
       env: {} as NodeJS.ProcessEnv,
-      persist: true,
+      expectedToken: "configured-token",
     });
-
-    expect(result.generatedToken).toBeUndefined();
-    expect(result.persistedGeneratedToken).toBe(false);
-    expect(result.auth.mode).toBe("token");
-    expect(result.auth.token).toBe("configured-token");
-    expect(mocks.writeConfigFile).not.toHaveBeenCalled();
   });
 
   it("does not generate in password mode", async () => {
@@ -206,19 +215,7 @@ describe("ensureGatewayStartupAuth", () => {
 
   it("uses OPENCLAW_GATEWAY_TOKEN without resolving configured token SecretRef", async () => {
     await expectResolvedToken({
-      cfg: {
-        gateway: {
-          auth: {
-            mode: "token",
-            token: { source: "env", provider: "default", id: "MISSING_GW_TOKEN" },
-          },
-        },
-        secrets: {
-          providers: {
-            default: { source: "env" },
-          },
-        },
-      },
+      cfg: createMissingGatewayTokenSecretRefConfig(),
       env: {
         OPENCLAW_GATEWAY_TOKEN: "token-from-env",
       } as NodeJS.ProcessEnv,
@@ -229,19 +226,7 @@ describe("ensureGatewayStartupAuth", () => {
   it("fails when gateway.auth.token SecretRef is active and unresolved", async () => {
     await expect(
       ensureGatewayStartupAuth({
-        cfg: {
-          gateway: {
-            auth: {
-              mode: "token",
-              token: { source: "env", provider: "default", id: "MISSING_GW_TOKEN" },
-            },
-          },
-          secrets: {
-            providers: {
-              default: { source: "env" },
-            },
-          },
-        },
+        cfg: createMissingGatewayTokenSecretRefConfig(),
         env: {} as NodeJS.ProcessEnv,
         persist: true,
       }),
diff --git a/src/gateway/test-helpers.mocks.ts b/src/gateway/test-helpers.mocks.ts
index 43811da1492..c8032527294 100644
--- a/src/gateway/test-helpers.mocks.ts
+++ b/src/gateway/test-helpers.mocks.ts
@@ -563,7 +563,7 @@ vi.mock("../commands/health.js", () => ({
 vi.mock("../commands/status.js", () => ({
   getStatusSummary: vi.fn().mockResolvedValue({ ok: true }),
 }));
-vi.mock("../web/outbound.js", () => ({
+vi.mock("../../extensions/whatsapp/src/send.js", () => ({
   sendMessageWhatsApp: (...args: unknown[]) =>
     (hoisted.sendWhatsAppMock as (...args: unknown[]) => unknown)(...args),
   sendPollWhatsApp: (...args: unknown[]) =>
diff --git a/src/infra/archive-helpers.test.ts b/src/infra/archive-helpers.test.ts
new file mode 100644
index 00000000000..178a1989733
--- /dev/null
+++ b/src/infra/archive-helpers.test.ts
@@ -0,0 +1,125 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { afterEach, describe, expect, it, vi } from "vitest";
+import { createTrackedTempDirs } from "../test-utils/tracked-temp-dirs.js";
+import {
+  createTarEntryPreflightChecker,
+  fileExists,
+  readJsonFile,
+  resolveArchiveKind,
+  resolvePackedRootDir,
+  withTimeout,
+} from "./archive.js";
+
+const tempDirs = createTrackedTempDirs();
+const createTempDir = () => tempDirs.make("openclaw-archive-helper-test-");
+
+afterEach(async () => {
+  vi.useRealTimers();
+  await tempDirs.cleanup();
+});
+
+describe("archive helpers", () => {
+  it.each([
+    { input: "/tmp/file.zip", expected: "zip" },
+    { input: "/tmp/file.TAR.GZ", expected: "tar" },
+    { input: "/tmp/file.tgz", expected: "tar" },
+    { input: "/tmp/file.tar", expected: "tar" },
+    { input: "/tmp/file.txt", expected: null },
+  ])("detects archive kind for $input", ({ input, expected }) => {
+    expect(resolveArchiveKind(input)).toBe(expected);
+  });
+
+  it("resolves packed roots from package dir or single extracted root dir", async () => {
+    const directDir = await createTempDir();
+    const fallbackDir = await createTempDir();
+    await fs.mkdir(path.join(directDir, "package"), { recursive: true });
+    await fs.mkdir(path.join(fallbackDir, "bundle-root"), { recursive: true });
+
+    await expect(resolvePackedRootDir(directDir)).resolves.toBe(path.join(directDir, "package"));
+    await expect(resolvePackedRootDir(fallbackDir)).resolves.toBe(
+      path.join(fallbackDir, "bundle-root"),
+    );
+  });
+
+  it("rejects unexpected packed root layouts", async () => {
+    const multipleDir = await createTempDir();
+    const emptyDir = await createTempDir();
+    await fs.mkdir(path.join(multipleDir, "a"), { recursive: true });
+    await fs.mkdir(path.join(multipleDir, "b"), { recursive: true });
+    await fs.writeFile(path.join(emptyDir, "note.txt"), "hi", "utf8");
+
+    await expect(resolvePackedRootDir(multipleDir)).rejects.toThrow(/unexpected archive layout/i);
+    await expect(resolvePackedRootDir(emptyDir)).rejects.toThrow(/unexpected archive layout/i);
+  });
+
+  it("returns work results and propagates errors before timeout", async () => {
+    await expect(withTimeout(Promise.resolve("ok"), 100, "extract zip")).resolves.toBe("ok");
+    await expect(
+      withTimeout(Promise.reject(new Error("boom")), 100, "extract zip"),
+    ).rejects.toThrow("boom");
+  });
+
+  it("rejects when archive work exceeds the timeout", async () => {
+    vi.useFakeTimers();
+    const late = new Promise<string>((resolve) => setTimeout(() => resolve("ok"), 50));
+    const result = withTimeout(late, 1, "extract tar");
+    const pending = expect(result).rejects.toThrow("extract tar timed out after 1ms");
+    await vi.advanceTimersByTimeAsync(1);
+    await pending;
+  });
+
+  it("preflights tar entries for blocked link types, path escapes, and size budgets", () => {
+    const checker = createTarEntryPreflightChecker({
+      rootDir: "/tmp/dest",
+      limits: {
+        maxEntries: 1,
+        maxEntryBytes: 8,
+        maxExtractedBytes: 12,
+      },
+    });
+
+    expect(() => checker({ path: "package/link", type: "SymbolicLink", size: 0 })).toThrow(
+      "tar entry is a link: package/link",
+    );
+    expect(() => checker({ path: "../escape.txt", type: "File", size: 1 })).toThrow(
+      /escapes destination|absolute/i,
+    );
+
+    checker({ path: "package/ok.txt", type: "File", size: 8 });
+    expect(() => checker({ path: "package/second.txt", type: "File", size: 1 })).toThrow(
+      "archive entry count exceeds limit",
+    );
+  });
+
+  it("treats stripped-away tar entries as no-ops and enforces extracted byte budgets", () => {
+    const checker = createTarEntryPreflightChecker({
+      rootDir: "/tmp/dest",
+      stripComponents: 1,
+      limits: {
+        maxEntries: 4,
+        maxEntryBytes: 16,
+        maxExtractedBytes: 10,
+      },
+    });
+
+    expect(() => checker({ path: "package", type: "Directory", size: 0 })).not.toThrow();
+    checker({ path: "package/a.txt", type: "File", size: 6 });
+    expect(() => checker({ path: "package/b.txt", type: "File", size: 6 })).toThrow(
+      "archive extracted size exceeds limit",
+    );
+  });
+
+  it("reads JSON files and reports file existence", async () => {
+    const dir = await createTempDir();
+    const jsonPath = path.join(dir, "data.json");
+    const badPath = path.join(dir, "bad.json");
+    await fs.writeFile(jsonPath, '{"ok":true}', "utf8");
+    await fs.writeFile(badPath, "{not json", "utf8");
+
+    await expect(readJsonFile<{ ok: boolean }>(jsonPath)).resolves.toEqual({ ok: true });
+    await expect(readJsonFile(badPath)).rejects.toThrow();
+    await expect(fileExists(jsonPath)).resolves.toBe(true);
+    await expect(fileExists(path.join(dir, "missing.json"))).resolves.toBe(false);
+  });
+});
diff --git a/src/infra/archive-staging.test.ts b/src/infra/archive-staging.test.ts
new file mode 100644
index 00000000000..8d15a501ed5
--- /dev/null
+++ b/src/infra/archive-staging.test.ts
@@ -0,0 +1,181 @@
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { describe, expect, it } from "vitest";
+import {
+  ArchiveSecurityError,
+  createArchiveSymlinkTraversalError,
+  mergeExtractedTreeIntoDestination,
+  prepareArchiveDestinationDir,
+  prepareArchiveOutputPath,
+  withStagedArchiveDestination,
+} from "./archive-staging.js";
+
+const directorySymlinkType = process.platform === "win32" ? "junction" : undefined;
+
+async function withTempDir(prefix: string, run: (dir: string) => Promise<void>) {
+  const dir = await fs.mkdtemp(path.join(os.tmpdir(), prefix));
+  try {
+    await run(dir);
+  } finally {
+    await fs.rm(dir, { recursive: true, force: true });
+  }
+}
+
+describe("archive-staging helpers", () => {
+  it("accepts real destination directories and returns their real path", async () => {
+    await withTempDir("openclaw-archive-staging-", async (rootDir) => {
+      const destDir = path.join(rootDir, "dest");
+      await fs.mkdir(destDir, { recursive: true });
+
+      await expect(prepareArchiveDestinationDir(destDir)).resolves.toBe(await fs.realpath(destDir));
+    });
+  });
+
+  it.runIf(process.platform !== "win32")(
+    "rejects symlink and non-directory archive destinations",
+    async () => {
+      await withTempDir("openclaw-archive-staging-", async (rootDir) => {
+        const realDestDir = path.join(rootDir, "real-dest");
+        const symlinkDestDir = path.join(rootDir, "dest-link");
+        const fileDest = path.join(rootDir, "dest.txt");
+        await fs.mkdir(realDestDir, { recursive: true });
+        await fs.symlink(realDestDir, symlinkDestDir, directorySymlinkType);
+        await fs.writeFile(fileDest, "nope", "utf8");
+
+        await expect(prepareArchiveDestinationDir(symlinkDestDir)).rejects.toMatchObject({
+          code: "destination-symlink",
+        } satisfies Partial<ArchiveSecurityError>);
+        await expect(prepareArchiveDestinationDir(fileDest)).rejects.toMatchObject({
+          code: "destination-not-directory",
+        } satisfies Partial<ArchiveSecurityError>);
+      });
+    },
+  );
+
+  it("creates in-destination parent directories for file outputs", async () => {
+    await withTempDir("openclaw-archive-staging-", async (rootDir) => {
+      const destDir = path.join(rootDir, "dest");
+      await fs.mkdir(destDir, { recursive: true });
+      const destinationRealDir = await prepareArchiveDestinationDir(destDir);
+      const outPath = path.join(destDir, "nested", "payload.txt");
+
+      await expect(
+        prepareArchiveOutputPath({
+          destinationDir: destDir,
+          destinationRealDir,
+          relPath: "nested/payload.txt",
+          outPath,
+          originalPath: "nested/payload.txt",
+          isDirectory: false,
+        }),
+      ).resolves.toBeUndefined();
+
+      await expect(fs.stat(path.dirname(outPath))).resolves.toMatchObject({
+        isDirectory: expect.any(Function),
+      });
+    });
+  });
+
+  it.runIf(process.platform !== "win32")(
+    "rejects output paths that traverse a destination symlink",
+    async () => {
+      await withTempDir("openclaw-archive-staging-", async (rootDir) => {
+        const destDir = path.join(rootDir, "dest");
+        const outsideDir = path.join(rootDir, "outside");
+        const linkDir = path.join(destDir, "escape");
+        await fs.mkdir(destDir, { recursive: true });
+        await fs.mkdir(outsideDir, { recursive: true });
+        await fs.symlink(outsideDir, linkDir, directorySymlinkType);
+        const destinationRealDir = await prepareArchiveDestinationDir(destDir);
+
+        await expect(
+          prepareArchiveOutputPath({
+            destinationDir: destDir,
+            destinationRealDir,
+            relPath: "escape/payload.txt",
+            outPath: path.join(linkDir, "payload.txt"),
+            originalPath: "escape/payload.txt",
+            isDirectory: false,
+          }),
+        ).rejects.toMatchObject({
+          code: "destination-symlink-traversal",
+        } satisfies Partial<ArchiveSecurityError>);
+      });
+    },
+  );
+
+  it("cleans up staged archive directories after success and failure", async () => {
+    await withTempDir("openclaw-archive-staging-", async (rootDir) => {
+      const destDir = path.join(rootDir, "dest");
+      await fs.mkdir(destDir, { recursive: true });
+      const destinationRealDir = await prepareArchiveDestinationDir(destDir);
+      let successStage = "";
+
+      await withStagedArchiveDestination({
+        destinationRealDir,
+        run: async (stagingDir) => {
+          successStage = stagingDir;
+          await fs.writeFile(path.join(stagingDir, "payload.txt"), "ok", "utf8");
+        },
+      });
+      await expect(fs.stat(successStage)).rejects.toMatchObject({ code: "ENOENT" });
+
+      let failureStage = "";
+      await expect(
+        withStagedArchiveDestination({
+          destinationRealDir,
+          run: async (stagingDir) => {
+            failureStage = stagingDir;
+            throw new Error("boom");
+          },
+        }),
+      ).rejects.toThrow("boom");
+      await expect(fs.stat(failureStage)).rejects.toMatchObject({ code: "ENOENT" });
+    });
+  });
+
+  it.runIf(process.platform !== "win32")(
+    "merges staged trees and rejects symlink entries from the source",
+    async () => {
+      await withTempDir("openclaw-archive-staging-", async (rootDir) => {
+        const sourceDir = path.join(rootDir, "source");
+        const sourceNestedDir = path.join(sourceDir, "nested");
+        const destDir = path.join(rootDir, "dest");
+        const outsideDir = path.join(rootDir, "outside");
+        await fs.mkdir(sourceNestedDir, { recursive: true });
+        await fs.mkdir(destDir, { recursive: true });
+        await fs.mkdir(outsideDir, { recursive: true });
+        await fs.writeFile(path.join(sourceNestedDir, "payload.txt"), "hi", "utf8");
+
+        const destinationRealDir = await prepareArchiveDestinationDir(destDir);
+        await mergeExtractedTreeIntoDestination({
+          sourceDir,
+          destinationDir: destDir,
+          destinationRealDir,
+        });
+        await expect(
+          fs.readFile(path.join(destDir, "nested", "payload.txt"), "utf8"),
+        ).resolves.toBe("hi");
+
+        await fs.symlink(outsideDir, path.join(sourceDir, "escape"), directorySymlinkType);
+        await expect(
+          mergeExtractedTreeIntoDestination({
+            sourceDir,
+            destinationDir: destDir,
+            destinationRealDir,
+          }),
+        ).rejects.toMatchObject({
+          code: "destination-symlink-traversal",
+        } satisfies Partial<ArchiveSecurityError>);
+      });
+    },
+  );
+
+  it("builds a typed archive symlink traversal error", () => {
+    const error = createArchiveSymlinkTraversalError("nested/payload.txt");
+    expect(error).toBeInstanceOf(ArchiveSecurityError);
+    expect(error.code).toBe("destination-symlink-traversal");
+    expect(error.message).toContain("nested/payload.txt");
+  });
+});
diff --git a/src/infra/archive.test.ts b/src/infra/archive.test.ts
index 14c546e7674..d77b1e0bdb4 100644
--- a/src/infra/archive.test.ts
+++ b/src/infra/archive.test.ts
@@ -6,7 +6,7 @@ import * as tar from "tar";
 import { afterAll, beforeAll, describe, expect, it, vi } from "vitest";
 import { withRealpathSymlinkRebindRace } from "../test-utils/symlink-rebind-race.js";
 import type { ArchiveSecurityError } from "./archive.js";
-import { extractArchive, resolveArchiveKind, resolvePackedRootDir } from "./archive.js";
+import { extractArchive, resolvePackedRootDir } from "./archive.js";
 
 let fixtureRoot = "";
 let fixtureCount = 0;
@@ -82,19 +82,6 @@ afterAll(async () => {
 });
 
 describe("archive utils", () => {
-  it("detects archive kinds", () => {
-    const cases = [
-      { input: "/tmp/file.zip", expected: "zip" },
-      { input: "/tmp/file.tgz", expected: "tar" },
-      { input: "/tmp/file.tar.gz", expected: "tar" },
-      { input: "/tmp/file.tar", expected: "tar" },
-      { input: "/tmp/file.txt", expected: null },
-    ] as const;
-    for (const testCase of cases) {
-      expect(resolveArchiveKind(testCase.input), testCase.input).toBe(testCase.expected);
-    }
-  });
-
   it.each([{ ext: "zip" as const }, { ext: "tar" as const }])(
     "extracts $ext archives",
     async ({ ext }) => {
@@ -329,14 +316,6 @@ describe("archive utils", () => {
     },
   );
 
-  it("fails resolvePackedRootDir when extract dir has multiple root dirs", async () => {
-    const workDir = await makeTempDir("packed-root");
-    const extractDir = path.join(workDir, "extract");
-    await fs.mkdir(path.join(extractDir, "a"), { recursive: true });
-    await fs.mkdir(path.join(extractDir, "b"), { recursive: true });
-    await expect(resolvePackedRootDir(extractDir)).rejects.toThrow(/unexpected archive layout/i);
-  });
-
   it("rejects tar entries with absolute extraction paths", async () => {
     await withArchiveCase("tar", async ({ workDir, archivePath, extractDir }) => {
       const inputDir = path.join(workDir, "input");
diff --git a/src/infra/backoff.test.ts b/src/infra/backoff.test.ts
index 9181d832402..34108b815c8 100644
--- a/src/infra/backoff.test.ts
+++ b/src/infra/backoff.test.ts
@@ -33,4 +33,14 @@ describe("backoff helpers", () => {
     await expect(sleepWithAbort(0, AbortSignal.abort())).resolves.toBeUndefined();
     await expect(sleepWithAbort(-5)).resolves.toBeUndefined();
   });
+
+  it("wraps aborted sleeps with a stable aborted error", async () => {
+    const controller = new AbortController();
+    controller.abort();
+
+    await expect(sleepWithAbort(5, controller.signal)).rejects.toMatchObject({
+      message: "aborted",
+      cause: expect.anything(),
+    });
+  });
 });
diff --git a/src/infra/bonjour-ciao.test.ts b/src/infra/bonjour-ciao.test.ts
index 120c46d8dce..d3acc4a2c73 100644
--- a/src/infra/bonjour-ciao.test.ts
+++ b/src/infra/bonjour-ciao.test.ts
@@ -18,6 +18,17 @@ describe("bonjour-ciao", () => {
     );
   });
 
+  it("ignores lower-case string cancellation reasons too", () => {
+    logDebugMock.mockReset();
+
+    expect(ignoreCiaoCancellationRejection("ciao announcement cancelled during cleanup")).toBe(
+      true,
+    );
+    expect(logDebugMock).toHaveBeenCalledWith(
+      expect.stringContaining("ignoring unhandled ciao rejection"),
+    );
+  });
+
   it("keeps unrelated rejections visible", () => {
     logDebugMock.mockReset();
 
diff --git a/src/infra/bonjour-errors.test.ts b/src/infra/bonjour-errors.test.ts
index 688335856c4..2d25ddefae9 100644
--- a/src/infra/bonjour-errors.test.ts
+++ b/src/infra/bonjour-errors.test.ts
@@ -8,6 +8,20 @@ describe("formatBonjourError", () => {
     expect(formatBonjourError(err)).toBe("AbortError: timed out");
   });
 
+  it("avoids duplicating named errors with blank messages", () => {
+    const err = new Error("");
+    err.name = "AbortError";
+    expect(formatBonjourError(err)).toBe("AbortError");
+  });
+
+  it("treats whitespace-only messages as blank", () => {
+    const named = new Error("   ");
+    named.name = "AbortError";
+    expect(formatBonjourError(named)).toBe("AbortError");
+
+    expect(formatBonjourError(new Error("   "))).toBe("Error");
+  });
+
   it("falls back to plain error strings and non-error values", () => {
     expect(formatBonjourError(new Error(""))).toBe("Error");
     expect(formatBonjourError("boom")).toBe("boom");
diff --git a/src/infra/bonjour-errors.ts b/src/infra/bonjour-errors.ts
index 7af8e3f3fe1..1703f2696bf 100644
--- a/src/infra/bonjour-errors.ts
+++ b/src/infra/bonjour-errors.ts
@@ -1,7 +1,11 @@
 export function formatBonjourError(err: unknown): string {
   if (err instanceof Error) {
-    const msg = err.message || String(err);
-    return err.name && err.name !== "Error" ? `${err.name}: ${msg}` : msg;
+    const trimmedMessage = err.message.trim();
+    const msg = trimmedMessage || err.name || String(err).trim();
+    if (err.name && err.name !== "Error") {
+      return msg === err.name ? err.name : `${err.name}: ${msg}`;
+    }
+    return msg;
   }
   return String(err);
 }
diff --git a/src/infra/brew.test.ts b/src/infra/brew.test.ts
index 92317ef6019..ea601603f13 100644
--- a/src/infra/brew.test.ts
+++ b/src/infra/brew.test.ts
@@ -88,6 +88,35 @@ describe("brew helpers", () => {
     });
   });
 
+  it("ignores blank HOMEBREW_BREW_FILE and HOMEBREW_PREFIX values", async () => {
+    await withBrewRoot(async (tmp) => {
+      const homebrewBin = path.join(tmp, ".linuxbrew", "bin");
+      const brewPath = path.join(homebrewBin, "brew");
+      await writeExecutable(brewPath);
+
+      const env: NodeJS.ProcessEnv = {
+        HOMEBREW_BREW_FILE: "   ",
+        HOMEBREW_PREFIX: "\t",
+      };
+
+      expect(resolveBrewExecutable({ homeDir: tmp, env })).toBe(brewPath);
+
+      const dirs = resolveBrewPathDirs({ homeDir: tmp, env });
+      expect(dirs).not.toContain(path.join("", "bin"));
+      expect(dirs).not.toContain(path.join("", "sbin"));
+    });
+  });
+
+  it("always includes the standard macOS brew dirs after linuxbrew candidates", () => {
+    const env: NodeJS.ProcessEnv = {
+      HOMEBREW_BREW_FILE: "   ",
+      HOMEBREW_PREFIX: "   ",
+    };
+    const dirs = resolveBrewPathDirs({ homeDir: "/home/test", env });
+
+    expect(dirs.slice(-2)).toEqual(["/opt/homebrew/bin", "/usr/local/bin"]);
+  });
+
   it("includes Linuxbrew bin/sbin in path candidates", () => {
     const env: NodeJS.ProcessEnv = { HOMEBREW_PREFIX: "/custom/prefix" };
     const dirs = resolveBrewPathDirs({ homeDir: "/home/test", env });
diff --git a/src/infra/channel-activity.test.ts b/src/infra/channel-activity.test.ts
index 17791056f5b..afa17b6fd37 100644
--- a/src/infra/channel-activity.test.ts
+++ b/src/infra/channel-activity.test.ts
@@ -60,6 +60,30 @@ describe("channel activity", () => {
     });
   });
 
+  it("keeps activity isolated per account on the same channel", () => {
+    recordChannelActivity({
+      channel: "telegram",
+      accountId: "team-a",
+      direction: "inbound",
+      at: 10,
+    });
+    recordChannelActivity({
+      channel: "telegram",
+      accountId: "team-b",
+      direction: "outbound",
+      at: 20,
+    });
+
+    expect(getChannelActivity({ channel: "telegram", accountId: "team-a" })).toEqual({
+      inboundAt: 10,
+      outboundAt: null,
+    });
+    expect(getChannelActivity({ channel: "telegram", accountId: " team-b " })).toEqual({
+      inboundAt: null,
+      outboundAt: 20,
+    });
+  });
+
   it("reset clears previously recorded activity", () => {
     recordChannelActivity({ channel: "line", direction: "outbound", at: 7 });
     resetChannelActivityForTest();
diff --git a/src/infra/channel-summary.test.ts b/src/infra/channel-summary.test.ts
index 1a16bdc53b6..c0fc17ba255 100644
--- a/src/infra/channel-summary.test.ts
+++ b/src/infra/channel-summary.test.ts
@@ -66,6 +66,147 @@ function makeSlackHttpSummaryPlugin(): ChannelPlugin {
   };
 }
 
+function makeTelegramSummaryPlugin(params: {
+  enabled: boolean;
+  configured: boolean;
+  linked?: boolean;
+  authAgeMs?: number;
+  allowFrom?: string[];
+}): ChannelPlugin {
+  return {
+    id: "telegram",
+    meta: {
+      id: "telegram",
+      label: "Telegram",
+      selectionLabel: "Telegram",
+      docsPath: "/channels/telegram",
+      blurb: "test",
+    },
+    capabilities: { chatTypes: ["direct"] },
+    config: {
+      listAccountIds: () => ["primary"],
+      defaultAccountId: () => "primary",
+      inspectAccount: () => ({
+        accountId: "primary",
+        name: "Main Bot",
+        enabled: params.enabled,
+        configured: params.configured,
+        linked: params.linked,
+        allowFrom: params.allowFrom ?? [],
+        dmPolicy: "mutuals",
+        tokenSource: "env",
+      }),
+      resolveAccount: () => ({
+        accountId: "primary",
+        name: "Main Bot",
+        enabled: params.enabled,
+        configured: params.configured,
+        linked: params.linked,
+        allowFrom: params.allowFrom ?? [],
+        dmPolicy: "mutuals",
+        tokenSource: "env",
+      }),
+      isConfigured: (account) => Boolean((account as { configured?: boolean }).configured),
+      isEnabled: (account) => Boolean((account as { enabled?: boolean }).enabled),
+      formatAllowFrom: () => ["alice", "bob", "carol"],
+    },
+    status: {
+      buildChannelSummary: async () => ({
+        linked: params.linked,
+        configured: params.configured,
+        authAgeMs: params.authAgeMs,
+        self: { e164: "+15551234567" },
+      }),
+    },
+    actions: {
+      listActions: () => ["send"],
+    },
+  };
+}
+
+function makeSignalSummaryPlugin(params: { enabled: boolean; configured: boolean }): ChannelPlugin {
+  return {
+    id: "signal",
+    meta: {
+      id: "signal",
+      label: "Signal",
+      selectionLabel: "Signal",
+      docsPath: "/channels/signal",
+      blurb: "test",
+    },
+    capabilities: { chatTypes: ["direct"] },
+    config: {
+      listAccountIds: () => ["desktop"],
+      defaultAccountId: () => "desktop",
+      inspectAccount: () => ({
+        accountId: "desktop",
+        name: "Desktop",
+        enabled: params.enabled,
+        configured: params.configured,
+        appTokenSource: "env",
+        baseUrl: "https://signal.example.test",
+        port: 31337,
+        cliPath: "/usr/local/bin/signal-cli",
+        dbPath: "/tmp/signal.db",
+      }),
+      resolveAccount: () => ({
+        accountId: "desktop",
+        name: "Desktop",
+        enabled: params.enabled,
+        configured: params.configured,
+        appTokenSource: "env",
+        baseUrl: "https://signal.example.test",
+        port: 31337,
+        cliPath: "/usr/local/bin/signal-cli",
+        dbPath: "/tmp/signal.db",
+      }),
+      isConfigured: (account) => Boolean((account as { configured?: boolean }).configured),
+      isEnabled: (account) => Boolean((account as { enabled?: boolean }).enabled),
+    },
+    actions: {
+      listActions: () => ["send"],
+    },
+  };
+}
+
+function makeFallbackSummaryPlugin(params: {
+  configured: boolean;
+  enabled: boolean;
+  accountIds?: string[];
+  defaultAccountId?: string;
+}): ChannelPlugin {
+  return {
+    id: "fallback-plugin",
+    meta: {
+      id: "fallback-plugin",
+      label: "Fallback",
+      selectionLabel: "Fallback",
+      docsPath: "/channels/fallback",
+      blurb: "test",
+    },
+    capabilities: { chatTypes: ["direct"] },
+    config: {
+      listAccountIds: () => params.accountIds ?? [],
+      defaultAccountId: () => params.defaultAccountId ?? "default",
+      inspectAccount: (_cfg, accountId) => ({
+        accountId,
+        enabled: params.enabled,
+        configured: params.configured,
+      }),
+      resolveAccount: (_cfg, accountId) => ({
+        accountId,
+        enabled: params.enabled,
+        configured: params.configured,
+      }),
+      isConfigured: (account) => Boolean((account as { configured?: boolean }).configured),
+      isEnabled: (account) => Boolean((account as { enabled?: boolean }).enabled),
+    },
+    actions: {
+      listActions: () => ["send"],
+    },
+  };
+}
+
 describe("buildChannelSummary", () => {
   it("preserves Slack HTTP signing-secret unavailable state from source config", async () => {
     vi.mocked(listChannelPlugins).mockReturnValue([makeSlackHttpSummaryPlugin()]);
@@ -81,4 +222,106 @@ describe("buildChannelSummary", () => {
       "  - primary (Primary) (bot:config, signing:config, secret unavailable in this command path)",
     );
   });
+
+  it("shows disabled status without configured account detail lines", async () => {
+    vi.mocked(listChannelPlugins).mockReturnValue([
+      makeTelegramSummaryPlugin({ enabled: false, configured: false }),
+    ]);
+
+    const lines = await buildChannelSummary({ channels: {} } as never, {
+      colorize: false,
+      includeAllowFrom: true,
+    });
+
+    expect(lines).toEqual(["Telegram: disabled +15551234567"]);
+  });
+
+  it("includes linked summary metadata and truncates allow-from details", async () => {
+    vi.mocked(listChannelPlugins).mockReturnValue([
+      makeTelegramSummaryPlugin({
+        enabled: true,
+        configured: true,
+        linked: true,
+        authAgeMs: 300_000,
+        allowFrom: ["alice", "bob", "carol"],
+      }),
+    ]);
+
+    const lines = await buildChannelSummary({ channels: {} } as never, {
+      colorize: false,
+      includeAllowFrom: true,
+    });
+
+    expect(lines).toContain("Telegram: linked +15551234567 auth 5m ago");
+    expect(lines).toContain("  - primary (Main Bot) (dm:mutuals, token:env, allow:alice,bob)");
+  });
+
+  it("shows not-linked status when linked metadata is explicitly false", async () => {
+    vi.mocked(listChannelPlugins).mockReturnValue([
+      makeTelegramSummaryPlugin({
+        enabled: true,
+        configured: true,
+        linked: false,
+      }),
+    ]);
+
+    const lines = await buildChannelSummary({ channels: {} } as never, {
+      colorize: false,
+      includeAllowFrom: false,
+    });
+
+    expect(lines).toContain("Telegram: not linked +15551234567");
+    expect(lines).toContain("  - primary (Main Bot) (dm:mutuals, token:env)");
+  });
+
+  it("renders non-slack account detail fields for configured accounts", async () => {
+    vi.mocked(listChannelPlugins).mockReturnValue([
+      makeSignalSummaryPlugin({ enabled: false, configured: true }),
+    ]);
+
+    const lines = await buildChannelSummary({ channels: {} } as never, {
+      colorize: false,
+      includeAllowFrom: false,
+    });
+
+    expect(lines).toEqual([
+      "Signal: disabled",
+      "  - desktop (Desktop) (disabled, app:env, https://signal.example.test, port:31337, cli:/usr/local/bin/signal-cli, db:/tmp/signal.db)",
+    ]);
+  });
+
+  it("uses the channel label and default account id when no accounts exist", async () => {
+    vi.mocked(listChannelPlugins).mockReturnValue([
+      makeFallbackSummaryPlugin({
+        enabled: true,
+        configured: true,
+        accountIds: [],
+        defaultAccountId: "fallback-account",
+      }),
+    ]);
+
+    const lines = await buildChannelSummary({ channels: {} } as never, {
+      colorize: false,
+      includeAllowFrom: false,
+    });
+
+    expect(lines).toEqual(["Fallback: configured", "  - fallback-account"]);
+  });
+
+  it("shows not-configured status when enabled accounts exist without configured ones", async () => {
+    vi.mocked(listChannelPlugins).mockReturnValue([
+      makeFallbackSummaryPlugin({
+        enabled: true,
+        configured: false,
+        accountIds: ["fallback-account"],
+      }),
+    ]);
+
+    const lines = await buildChannelSummary({ channels: {} } as never, {
+      colorize: false,
+      includeAllowFrom: false,
+    });
+
+    expect(lines).toEqual(["Fallback: not configured"]);
+  });
 });
diff --git a/src/infra/dedupe.ts b/src/infra/dedupe.ts
index 2103d74c19c..0e609836542 100644
--- a/src/infra/dedupe.ts
+++ b/src/infra/dedupe.ts
@@ -3,6 +3,7 @@ import { pruneMapToMaxSize } from "./map-size.js";
 export type DedupeCache = {
   check: (key: string | undefined | null, now?: number) => boolean;
   peek: (key: string | undefined | null, now?: number) => boolean;
+  delete: (key: string | undefined | null) => void;
   clear: () => void;
   size: () => number;
 };
@@ -71,6 +72,12 @@ export function createDedupeCache(options: DedupeCacheOptions): DedupeCache {
       }
       return hasUnexpired(key, now, false);
     },
+    delete: (key) => {
+      if (!key) {
+        return;
+      }
+      cache.delete(key);
+    },
     clear: () => {
       cache.clear();
     },
diff --git a/src/infra/detect-package-manager.test.ts b/src/infra/detect-package-manager.test.ts
index 57e06cf1a67..791b5894cda 100644
--- a/src/infra/detect-package-manager.test.ts
+++ b/src/infra/detect-package-manager.test.ts
@@ -19,9 +19,13 @@ describe("detectPackageManager", () => {
 
   it("falls back to lockfiles when package.json is missing or unsupported", async () => {
     const bunRoot = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-detect-pm-"));
-    await fs.writeFile(path.join(bunRoot, "bun.lockb"), "", "utf8");
+    await fs.writeFile(path.join(bunRoot, "bun.lock"), "", "utf8");
     await expect(detectPackageManager(bunRoot)).resolves.toBe("bun");
 
+    const legacyBunRoot = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-detect-pm-"));
+    await fs.writeFile(path.join(legacyBunRoot, "bun.lockb"), "", "utf8");
+    await expect(detectPackageManager(legacyBunRoot)).resolves.toBe("bun");
+
     const npmRoot = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-detect-pm-"));
     await fs.writeFile(
       path.join(npmRoot, "package.json"),
diff --git a/src/infra/detect-package-manager.ts b/src/infra/detect-package-manager.ts
index f1f96180c87..5f3c9cbc7d6 100644
--- a/src/infra/detect-package-manager.ts
+++ b/src/infra/detect-package-manager.ts
@@ -19,7 +19,7 @@ export async function detectPackageManager(root: string): Promise<DetectedPackag
   if (files.includes("pnpm-lock.yaml")) {
     return "pnpm";
   }
-  if (files.includes("bun.lockb")) {
+  if (files.includes("bun.lock") || files.includes("bun.lockb")) {
     return "bun";
   }
   if (files.includes("package-lock.json")) {
diff --git a/src/infra/device-bootstrap.test.ts b/src/infra/device-bootstrap.test.ts
index a8206f30b02..45fef0a8d84 100644
--- a/src/infra/device-bootstrap.test.ts
+++ b/src/infra/device-bootstrap.test.ts
@@ -1,130 +1,204 @@
-import { mkdtemp, readFile, rm } from "node:fs/promises";
-import { tmpdir } from "node:os";
-import { join } from "node:path";
+import fs from "node:fs/promises";
+import path from "node:path";
 import { afterEach, describe, expect, it, vi } from "vitest";
+import { createTrackedTempDirs } from "../test-utils/tracked-temp-dirs.js";
 import {
   DEVICE_BOOTSTRAP_TOKEN_TTL_MS,
   issueDeviceBootstrapToken,
   verifyDeviceBootstrapToken,
 } from "./device-bootstrap.js";
 
-const tempRoots: string[] = [];
+const tempDirs = createTrackedTempDirs();
+const createTempDir = () => tempDirs.make("openclaw-device-bootstrap-test-");
 
-async function createBaseDir(): Promise<string> {
-  const baseDir = await mkdtemp(join(tmpdir(), "openclaw-device-bootstrap-"));
-  tempRoots.push(baseDir);
-  return baseDir;
+function resolveBootstrapPath(baseDir: string): string {
+  return path.join(baseDir, "devices", "bootstrap.json");
 }
 
 afterEach(async () => {
   vi.useRealTimers();
-  await Promise.all(
-    tempRoots.splice(0).map(async (root) => await rm(root, { recursive: true, force: true })),
-  );
+  await tempDirs.cleanup();
 });
 
 describe("device bootstrap tokens", () => {
-  it("accepts the first successful verification", async () => {
-    const baseDir = await createBaseDir();
-    const issued = await issueDeviceBootstrapToken({ baseDir });
-
-    await expect(
-      verifyDeviceBootstrapToken({
-        token: issued.token,
-        deviceId: "device-1",
-        publicKey: "pub-1",
-        role: "node",
-        scopes: ["node.invoke"],
-        baseDir,
-      }),
-    ).resolves.toEqual({ ok: true });
-  });
-
-  it("rejects replay after the first successful verification", async () => {
-    const baseDir = await createBaseDir();
-    const issued = await issueDeviceBootstrapToken({ baseDir });
-
-    await expect(
-      verifyDeviceBootstrapToken({
-        token: issued.token,
-        deviceId: "device-1",
-        publicKey: "pub-1",
-        role: "node",
-        scopes: ["node.invoke"],
-        baseDir,
-      }),
-    ).resolves.toEqual({ ok: true });
-
-    await expect(
-      verifyDeviceBootstrapToken({
-        token: issued.token,
-        deviceId: "device-1",
-        publicKey: "pub-1",
-        role: "operator",
-        scopes: ["operator.read"],
-        baseDir,
-      }),
-    ).resolves.toEqual({ ok: false, reason: "bootstrap_token_invalid" });
-  });
-
-  it("rejects reuse from a different device after consumption", async () => {
-    const baseDir = await createBaseDir();
-    const issued = await issueDeviceBootstrapToken({ baseDir });
-
-    await verifyDeviceBootstrapToken({
-      token: issued.token,
-      deviceId: "device-1",
-      publicKey: "pub-1",
-      role: "node",
-      scopes: ["node.invoke"],
-      baseDir,
-    });
-
-    await expect(
-      verifyDeviceBootstrapToken({
-        token: issued.token,
-        deviceId: "device-2",
-        publicKey: "pub-2",
-        role: "node",
-        scopes: ["node.invoke"],
-        baseDir,
-      }),
-    ).resolves.toEqual({ ok: false, reason: "bootstrap_token_invalid" });
-  });
-
-  it("expires bootstrap tokens after the ttl window", async () => {
+  it("issues bootstrap tokens and persists them with an expiry", async () => {
     vi.useFakeTimers();
-    vi.setSystemTime(new Date("2026-03-12T10:00:00Z"));
-    const baseDir = await createBaseDir();
+    vi.setSystemTime(new Date("2026-03-14T12:00:00Z"));
+
+    const baseDir = await createTempDir();
     const issued = await issueDeviceBootstrapToken({ baseDir });
 
-    vi.setSystemTime(new Date(Date.now() + DEVICE_BOOTSTRAP_TOKEN_TTL_MS + 1));
+    expect(issued.token).toMatch(/^[A-Za-z0-9_-]+$/);
+    expect(issued.expiresAtMs).toBe(Date.now() + DEVICE_BOOTSTRAP_TOKEN_TTL_MS);
+
+    const raw = await fs.readFile(resolveBootstrapPath(baseDir), "utf8");
+    const parsed = JSON.parse(raw) as Record<
+      string,
+      { token: string; ts: number; issuedAtMs: number }
+    >;
+    expect(parsed[issued.token]).toMatchObject({
+      token: issued.token,
+      ts: Date.now(),
+      issuedAtMs: Date.now(),
+    });
+  });
+
+  it("verifies valid bootstrap tokens once and deletes them after success", async () => {
+    const baseDir = await createTempDir();
+    const issued = await issueDeviceBootstrapToken({ baseDir });
 
     await expect(
       verifyDeviceBootstrapToken({
         token: issued.token,
-        deviceId: "device-1",
-        publicKey: "pub-1",
-        role: "node",
-        scopes: ["node.invoke"],
+        deviceId: "device-123",
+        publicKey: "public-key-123",
+        role: "operator.admin",
+        scopes: ["operator.admin"],
+        baseDir,
+      }),
+    ).resolves.toEqual({ ok: true });
+
+    await expect(
+      verifyDeviceBootstrapToken({
+        token: issued.token,
+        deviceId: "device-123",
+        publicKey: "public-key-123",
+        role: "operator.admin",
+        scopes: ["operator.admin"],
+        baseDir,
+      }),
+    ).resolves.toEqual({ ok: false, reason: "bootstrap_token_invalid" });
+
+    await expect(fs.readFile(resolveBootstrapPath(baseDir), "utf8")).resolves.toBe("{}");
+  });
+
+  it("keeps the token when required verification fields are blank", async () => {
+    const baseDir = await createTempDir();
+    const issued = await issueDeviceBootstrapToken({ baseDir });
+
+    await expect(
+      verifyDeviceBootstrapToken({
+        token: issued.token,
+        deviceId: "device-123",
+        publicKey: "public-key-123",
+        role: "   ",
+        scopes: ["operator.admin"],
+        baseDir,
+      }),
+    ).resolves.toEqual({ ok: false, reason: "bootstrap_token_invalid" });
+
+    const raw = await fs.readFile(resolveBootstrapPath(baseDir), "utf8");
+    expect(raw).toContain(issued.token);
+  });
+
+  it("accepts trimmed bootstrap tokens and still consumes them once", async () => {
+    const baseDir = await createTempDir();
+    const issued = await issueDeviceBootstrapToken({ baseDir });
+
+    await expect(
+      verifyDeviceBootstrapToken({
+        token: `  ${issued.token}  `,
+        deviceId: "device-123",
+        publicKey: "public-key-123",
+        role: "operator.admin",
+        scopes: ["operator.admin"],
+        baseDir,
+      }),
+    ).resolves.toEqual({ ok: true });
+
+    await expect(fs.readFile(resolveBootstrapPath(baseDir), "utf8")).resolves.toBe("{}");
+  });
+
+  it("rejects blank or unknown tokens", async () => {
+    const baseDir = await createTempDir();
+    await issueDeviceBootstrapToken({ baseDir });
+
+    await expect(
+      verifyDeviceBootstrapToken({
+        token: "   ",
+        deviceId: "device-123",
+        publicKey: "public-key-123",
+        role: "operator.admin",
+        scopes: ["operator.admin"],
+        baseDir,
+      }),
+    ).resolves.toEqual({ ok: false, reason: "bootstrap_token_invalid" });
+
+    await expect(
+      verifyDeviceBootstrapToken({
+        token: "missing-token",
+        deviceId: "device-123",
+        publicKey: "public-key-123",
+        role: "operator.admin",
+        scopes: ["operator.admin"],
         baseDir,
       }),
     ).resolves.toEqual({ ok: false, reason: "bootstrap_token_invalid" });
   });
 
-  it("persists only token state that verification actually consumes", async () => {
-    const baseDir = await createBaseDir();
-    const issued = await issueDeviceBootstrapToken({ baseDir });
-    const raw = await readFile(join(baseDir, "devices", "bootstrap.json"), "utf8");
-    const state = JSON.parse(raw) as Record<string, Record<string, unknown>>;
-    const record = state[issued.token];
+  it("repairs malformed persisted state when issuing a new token", async () => {
+    vi.useFakeTimers();
+    vi.setSystemTime(new Date("2026-03-14T12:00:00Z"));
 
-    expect(record).toMatchObject({
-      token: issued.token,
-    });
-    expect(record).not.toHaveProperty("channel");
-    expect(record).not.toHaveProperty("senderId");
-    expect(record).not.toHaveProperty("accountId");
-    expect(record).not.toHaveProperty("threadId");
+    const baseDir = await createTempDir();
+    const bootstrapPath = resolveBootstrapPath(baseDir);
+    await fs.mkdir(path.dirname(bootstrapPath), { recursive: true });
+    await fs.writeFile(bootstrapPath, "[1,2,3]\n", "utf8");
+
+    const issued = await issueDeviceBootstrapToken({ baseDir });
+    const raw = await fs.readFile(bootstrapPath, "utf8");
+    const parsed = JSON.parse(raw) as Record<string, { token: string }>;
+
+    expect(Object.keys(parsed)).toEqual([issued.token]);
+    expect(parsed[issued.token]?.token).toBe(issued.token);
+  });
+
+  it("accepts legacy records that only stored issuedAtMs and prunes expired tokens", async () => {
+    vi.useFakeTimers();
+    const baseDir = await createTempDir();
+    const bootstrapPath = resolveBootstrapPath(baseDir);
+    await fs.mkdir(path.dirname(bootstrapPath), { recursive: true });
+
+    vi.setSystemTime(new Date("2026-03-14T12:00:00Z"));
+    await fs.writeFile(
+      bootstrapPath,
+      `${JSON.stringify(
+        {
+          legacyToken: {
+            token: "legacyToken",
+            issuedAtMs: Date.now(),
+          },
+          expiredToken: {
+            token: "expiredToken",
+            issuedAtMs: Date.now() - DEVICE_BOOTSTRAP_TOKEN_TTL_MS - 1,
+          },
+        },
+        null,
+        2,
+      )}\n`,
+      "utf8",
+    );
+
+    await expect(
+      verifyDeviceBootstrapToken({
+        token: "legacyToken",
+        deviceId: "device-123",
+        publicKey: "public-key-123",
+        role: "operator.admin",
+        scopes: ["operator.admin"],
+        baseDir,
+      }),
+    ).resolves.toEqual({ ok: true });
+
+    await expect(
+      verifyDeviceBootstrapToken({
+        token: "expiredToken",
+        deviceId: "device-123",
+        publicKey: "public-key-123",
+        role: "operator.admin",
+        scopes: ["operator.admin"],
+        baseDir,
+      }),
+    ).resolves.toEqual({ ok: false, reason: "bootstrap_token_invalid" });
   });
 });
diff --git a/src/infra/device-bootstrap.ts b/src/infra/device-bootstrap.ts
index 50a4e53ffd2..d4d2d6ed526 100644
--- a/src/infra/device-bootstrap.ts
+++ b/src/infra/device-bootstrap.ts
@@ -31,11 +31,25 @@ function resolveBootstrapPath(baseDir?: string): string {
 
 async function loadState(baseDir?: string): Promise<DeviceBootstrapStateFile> {
   const bootstrapPath = resolveBootstrapPath(baseDir);
-  const state = (await readJsonFile<DeviceBootstrapStateFile>(bootstrapPath)) ?? {};
-  for (const entry of Object.values(state)) {
-    if (typeof entry.ts !== "number") {
-      entry.ts = entry.issuedAtMs;
+  const rawState = (await readJsonFile<DeviceBootstrapStateFile>(bootstrapPath)) ?? {};
+  const state: DeviceBootstrapStateFile = {};
+  if (!rawState || typeof rawState !== "object" || Array.isArray(rawState)) {
+    return state;
+  }
+  for (const [tokenKey, entry] of Object.entries(rawState)) {
+    if (!entry || typeof entry !== "object" || Array.isArray(entry)) {
+      continue;
     }
+    const record = entry as Partial<DeviceBootstrapTokenRecord>;
+    const token =
+      typeof record.token === "string" && record.token.trim().length > 0 ? record.token : tokenKey;
+    const issuedAtMs = typeof record.issuedAtMs === "number" ? record.issuedAtMs : 0;
+    state[tokenKey] = {
+      ...record,
+      token,
+      issuedAtMs,
+      ts: typeof record.ts === "number" ? record.ts : issuedAtMs,
+    };
   }
   pruneExpiredPending(state, Date.now(), DEVICE_BOOTSTRAP_TOKEN_TTL_MS);
   return state;
diff --git a/src/infra/device-identity.test.ts b/src/infra/device-identity.test.ts
new file mode 100644
index 00000000000..adcf77ab5e9
--- /dev/null
+++ b/src/infra/device-identity.test.ts
@@ -0,0 +1,61 @@
+import path from "node:path";
+import { describe, expect, it } from "vitest";
+import { withTempDir } from "../test-utils/temp-dir.js";
+import {
+  deriveDeviceIdFromPublicKey,
+  loadOrCreateDeviceIdentity,
+  normalizeDevicePublicKeyBase64Url,
+  publicKeyRawBase64UrlFromPem,
+  signDevicePayload,
+  verifyDeviceSignature,
+} from "./device-identity.js";
+
+async function withIdentity(
+  run: (identity: ReturnType<typeof loadOrCreateDeviceIdentity>) => void,
+) {
+  await withTempDir("openclaw-device-identity-", async (dir) => {
+    const identity = loadOrCreateDeviceIdentity(path.join(dir, "device.json"));
+    run(identity);
+  });
+}
+
+describe("device identity crypto helpers", () => {
+  it("derives the same canonical raw key and device id from pem and encoded public keys", async () => {
+    await withIdentity((identity) => {
+      const publicKeyRaw = publicKeyRawBase64UrlFromPem(identity.publicKeyPem);
+      const paddedBase64 = `${publicKeyRaw.replaceAll("-", "+").replaceAll("_", "/")}==`;
+
+      expect(normalizeDevicePublicKeyBase64Url(identity.publicKeyPem)).toBe(publicKeyRaw);
+      expect(normalizeDevicePublicKeyBase64Url(paddedBase64)).toBe(publicKeyRaw);
+      expect(deriveDeviceIdFromPublicKey(identity.publicKeyPem)).toBe(identity.deviceId);
+      expect(deriveDeviceIdFromPublicKey(publicKeyRaw)).toBe(identity.deviceId);
+    });
+  });
+
+  it("signs payloads that verify against pem and raw public key forms", async () => {
+    await withIdentity((identity) => {
+      const payload = JSON.stringify({
+        action: "system.run",
+        ts: 1234,
+      });
+      const signature = signDevicePayload(identity.privateKeyPem, payload);
+      const publicKeyRaw = publicKeyRawBase64UrlFromPem(identity.publicKeyPem);
+
+      expect(verifyDeviceSignature(identity.publicKeyPem, payload, signature)).toBe(true);
+      expect(verifyDeviceSignature(publicKeyRaw, payload, signature)).toBe(true);
+      expect(verifyDeviceSignature(publicKeyRaw, `${payload}!`, signature)).toBe(false);
+    });
+  });
+
+  it("fails closed for invalid public keys and signatures", async () => {
+    await withIdentity((identity) => {
+      const payload = "hello";
+      const signature = signDevicePayload(identity.privateKeyPem, payload);
+
+      expect(normalizeDevicePublicKeyBase64Url("-----BEGIN PUBLIC KEY-----broken")).toBeNull();
+      expect(deriveDeviceIdFromPublicKey("%%%")).toBeNull();
+      expect(verifyDeviceSignature("%%%invalid%%%", payload, signature)).toBe(false);
+      expect(verifyDeviceSignature(identity.publicKeyPem, payload, "%%%invalid%%%")).toBe(false);
+    });
+  });
+});
diff --git a/src/infra/device-identity.ts b/src/infra/device-identity.ts
index 1fa1659c659..f541e3b4093 100644
--- a/src/infra/device-identity.ts
+++ b/src/infra/device-identity.ts
@@ -134,6 +134,9 @@ export function normalizeDevicePublicKeyBase64Url(publicKey: string): string | n
       return base64UrlEncode(derivePublicKeyRaw(publicKey));
     }
     const raw = base64UrlDecode(publicKey);
+    if (raw.length === 0) {
+      return null;
+    }
     return base64UrlEncode(raw);
   } catch {
     return null;
@@ -145,6 +148,9 @@ export function deriveDeviceIdFromPublicKey(publicKey: string): string | null {
     const raw = publicKey.includes("BEGIN")
       ? derivePublicKeyRaw(publicKey)
       : base64UrlDecode(publicKey);
+    if (raw.length === 0) {
+      return null;
+    }
     return crypto.createHash("sha256").update(raw).digest("hex");
   } catch {
     return null;
diff --git a/src/infra/dotenv.test.ts b/src/infra/dotenv.test.ts
index 0b77866a23b..326041a7584 100644
--- a/src/infra/dotenv.test.ts
+++ b/src/infra/dotenv.test.ts
@@ -1,7 +1,7 @@
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
-import { describe, expect, it } from "vitest";
+import { describe, expect, it, vi } from "vitest";
 import { loadDotEnv } from "./dotenv.js";
 
 async function writeEnvFile(filePath: string, contents: string) {
@@ -11,11 +11,10 @@ async function writeEnvFile(filePath: string, contents: string) {
 
 async function withIsolatedEnvAndCwd(run: () => Promise<void>) {
   const prevEnv = { ...process.env };
-  const prevCwd = process.cwd();
   try {
     await run();
   } finally {
-    process.chdir(prevCwd);
+    vi.restoreAllMocks();
     for (const key of Object.keys(process.env)) {
       if (!(key in prevEnv)) {
         delete process.env[key];
@@ -54,7 +53,7 @@ describe("loadDotEnv", () => {
         await writeEnvFile(path.join(stateDir, ".env"), "FOO=from-global\nBAR=1\n");
         await writeEnvFile(path.join(cwdDir, ".env"), "FOO=from-cwd\n");
 
-        process.chdir(cwdDir);
+        vi.spyOn(process, "cwd").mockReturnValue(cwdDir);
         delete process.env.FOO;
         delete process.env.BAR;
 
@@ -74,7 +73,7 @@ describe("loadDotEnv", () => {
         await writeEnvFile(path.join(stateDir, ".env"), "FOO=from-global\n");
         await writeEnvFile(path.join(cwdDir, ".env"), "FOO=from-cwd\n");
 
-        process.chdir(cwdDir);
+        vi.spyOn(process, "cwd").mockReturnValue(cwdDir);
 
         loadDotEnv({ quiet: true });
 
@@ -87,7 +86,7 @@ describe("loadDotEnv", () => {
     await withIsolatedEnvAndCwd(async () => {
       await withDotEnvFixture(async ({ cwdDir, stateDir }) => {
         await writeEnvFile(path.join(stateDir, ".env"), "FOO=from-global\n");
-        process.chdir(cwdDir);
+        vi.spyOn(process, "cwd").mockReturnValue(cwdDir);
         delete process.env.FOO;
 
         loadDotEnv({ quiet: true });
diff --git a/src/infra/exec-allowlist-pattern.test.ts b/src/infra/exec-allowlist-pattern.test.ts
index f7834a4c9fc..50e241f912d 100644
--- a/src/infra/exec-allowlist-pattern.test.ts
+++ b/src/infra/exec-allowlist-pattern.test.ts
@@ -1,3 +1,4 @@
+import path from "node:path";
 import { describe, expect, it } from "vitest";
 import { matchesExecAllowlistPattern } from "./exec-allowlist-pattern.js";
 
@@ -28,9 +29,11 @@ describe("matchesExecAllowlistPattern", () => {
     const prevHome = process.env.HOME;
     process.env.OPENCLAW_HOME = "/srv/openclaw-home";
     process.env.HOME = "/home/other";
+    const openClawHome = path.join(path.resolve("/srv/openclaw-home"), "bin", "tool");
+    const fallbackHome = path.join(path.resolve("/home/other"), "bin", "tool");
     try {
-      expect(matchesExecAllowlistPattern("~/bin/tool", "/srv/openclaw-home/bin/tool")).toBe(true);
-      expect(matchesExecAllowlistPattern("~/bin/tool", "/home/other/bin/tool")).toBe(false);
+      expect(matchesExecAllowlistPattern("~/bin/tool", openClawHome)).toBe(true);
+      expect(matchesExecAllowlistPattern("~/bin/tool", fallbackHome)).toBe(false);
     } finally {
       if (prevOpenClawHome === undefined) {
         delete process.env.OPENCLAW_HOME;
diff --git a/src/infra/exec-approval-forwarder.ts b/src/infra/exec-approval-forwarder.ts
index 7a1672e3e76..de3a54a4c77 100644
--- a/src/infra/exec-approval-forwarder.ts
+++ b/src/infra/exec-approval-forwarder.ts
@@ -1,3 +1,5 @@
+import { buildTelegramExecApprovalButtons } from "../../extensions/telegram/src/approval-buttons.js";
+import { sendTypingTelegram } from "../../extensions/telegram/src/send.js";
 import type { ReplyPayload } from "../auto-reply/types.js";
 import type { OpenClawConfig } from "../config/config.js";
 import { loadConfig } from "../config/config.js";
@@ -8,8 +10,6 @@ import type {
 import { createSubsystemLogger } from "../logging/subsystem.js";
 import { normalizeAccountId, parseAgentSessionKey } from "../routing/session-key.js";
 import { compileSafeRegex, testRegexWithBoundedInput } from "../security/safe-regex.js";
-import { buildTelegramExecApprovalButtons } from "../telegram/approval-buttons.js";
-import { sendTypingTelegram } from "../telegram/send.js";
 import {
   isDeliverableMessageChannel,
   normalizeMessageChannel,
diff --git a/src/infra/exec-approval-surface.test.ts b/src/infra/exec-approval-surface.test.ts
index b263330104a..17f6789967c 100644
--- a/src/infra/exec-approval-surface.test.ts
+++ b/src/infra/exec-approval-surface.test.ts
@@ -11,20 +11,20 @@ vi.mock("../config/config.js", () => ({
   loadConfig: (...args: unknown[]) => loadConfigMock(...args),
 }));
 
-vi.mock("../discord/accounts.js", () => ({
+vi.mock("../../extensions/discord/src/accounts.js", () => ({
   listEnabledDiscordAccounts: (...args: unknown[]) => listEnabledDiscordAccountsMock(...args),
 }));
 
-vi.mock("../discord/exec-approvals.js", () => ({
+vi.mock("../../extensions/discord/src/exec-approvals.js", () => ({
   isDiscordExecApprovalClientEnabled: (...args: unknown[]) =>
     isDiscordExecApprovalClientEnabledMock(...args),
 }));
 
-vi.mock("../telegram/accounts.js", () => ({
+vi.mock("../../extensions/telegram/src/accounts.js", () => ({
   listEnabledTelegramAccounts: (...args: unknown[]) => listEnabledTelegramAccountsMock(...args),
 }));
 
-vi.mock("../telegram/exec-approvals.js", () => ({
+vi.mock("../../extensions/telegram/src/exec-approvals.js", () => ({
   isTelegramExecApprovalClientEnabled: (...args: unknown[]) =>
     isTelegramExecApprovalClientEnabledMock(...args),
 }));
diff --git a/src/infra/exec-approval-surface.ts b/src/infra/exec-approval-surface.ts
index b20e31850b8..8cf43c79a3e 100644
--- a/src/infra/exec-approval-surface.ts
+++ b/src/infra/exec-approval-surface.ts
@@ -1,8 +1,8 @@
+import { listEnabledDiscordAccounts } from "../../extensions/discord/src/accounts.js";
+import { isDiscordExecApprovalClientEnabled } from "../../extensions/discord/src/exec-approvals.js";
+import { listEnabledTelegramAccounts } from "../../extensions/telegram/src/accounts.js";
+import { isTelegramExecApprovalClientEnabled } from "../../extensions/telegram/src/exec-approvals.js";
 import { loadConfig, type OpenClawConfig } from "../config/config.js";
-import { listEnabledDiscordAccounts } from "../discord/accounts.js";
-import { isDiscordExecApprovalClientEnabled } from "../discord/exec-approvals.js";
-import { listEnabledTelegramAccounts } from "../telegram/accounts.js";
-import { isTelegramExecApprovalClientEnabled } from "../telegram/exec-approvals.js";
 import { INTERNAL_MESSAGE_CHANNEL, normalizeMessageChannel } from "../utils/message-channel.js";
 
 export type ExecApprovalInitiatingSurfaceState =
diff --git a/src/infra/exec-approvals-store.test.ts b/src/infra/exec-approvals-store.test.ts
index d30b3263129..4dc6ab71c7e 100644
--- a/src/infra/exec-approvals-store.test.ts
+++ b/src/infra/exec-approvals-store.test.ts
@@ -112,7 +112,7 @@ describe("exec approvals store helpers", () => {
     expect(missing.exists).toBe(false);
     expect(missing.raw).toBeNull();
     expect(missing.file).toEqual(normalizeExecApprovals({ version: 1, agents: {} }));
-    expect(missing.path).toBe(approvalsFilePath(dir));
+    expect(path.normalize(missing.path)).toBe(path.normalize(approvalsFilePath(dir)));
 
     fs.mkdirSync(path.dirname(approvalsFilePath(dir)), { recursive: true });
     fs.writeFileSync(approvalsFilePath(dir), "{invalid", "utf8");
diff --git a/src/infra/exec-command-resolution.test.ts b/src/infra/exec-command-resolution.test.ts
index 4621383a547..4bdff0947a9 100644
--- a/src/infra/exec-command-resolution.test.ts
+++ b/src/infra/exec-command-resolution.test.ts
@@ -80,12 +80,13 @@ describe("exec-command-resolution", () => {
         setup: () => {
           const dir = makeTempDir();
           const cwd = path.join(dir, "project");
-          const script = path.join(cwd, "scripts", "run.sh");
+          const scriptName = process.platform === "win32" ? "run.cmd" : "run.sh";
+          const script = path.join(cwd, "scripts", scriptName);
           fs.mkdirSync(path.dirname(script), { recursive: true });
           fs.writeFileSync(script, "");
           fs.chmodSync(script, 0o755);
           return {
-            command: "./scripts/run.sh --flag",
+            command: `./scripts/${scriptName} --flag`,
             cwd,
             envPath: undefined as NodeJS.ProcessEnv | undefined,
             expectedPath: script,
@@ -98,12 +99,13 @@ describe("exec-command-resolution", () => {
         setup: () => {
           const dir = makeTempDir();
           const cwd = path.join(dir, "project");
-          const script = path.join(cwd, "bin", "tool");
+          const scriptName = process.platform === "win32" ? "tool.cmd" : "tool";
+          const script = path.join(cwd, "bin", scriptName);
           fs.mkdirSync(path.dirname(script), { recursive: true });
           fs.writeFileSync(script, "");
           fs.chmodSync(script, 0o755);
           return {
-            command: '"./bin/tool" --version',
+            command: `"./bin/${scriptName}" --version`,
             cwd,
             envPath: undefined as NodeJS.ProcessEnv | undefined,
             expectedPath: script,
diff --git a/src/infra/exec-safe-bin-policy.test.ts b/src/infra/exec-safe-bin-policy.test.ts
index 285b1465e53..b723d2301f3 100644
--- a/src/infra/exec-safe-bin-policy.test.ts
+++ b/src/infra/exec-safe-bin-policy.test.ts
@@ -53,6 +53,12 @@ describe("exec safe bin policy sort", () => {
     expect(validateSafeBinArgv(["--ke=1,1"], sortProfile)).toBe(true);
   });
 
+  it("rejects missing or path-like values for allowed flags", () => {
+    expect(validateSafeBinArgv(["--key"], sortProfile)).toBe(false);
+    expect(validateSafeBinArgv(["--key", "./fields.txt"], sortProfile)).toBe(false);
+    expect(validateSafeBinArgv(["-S", "C:\\temp\\buffer"], sortProfile)).toBe(false);
+  });
+
   it("blocks sort --compress-program in safe-bin mode", () => {
     expect(validateSafeBinArgv(["--compress-program=sh"], sortProfile)).toBe(false);
     expect(validateSafeBinArgv(["--compress-program", "sh"], sortProfile)).toBe(false);
@@ -78,6 +84,19 @@ describe("exec safe bin policy wc", () => {
   });
 });
 
+describe("exec safe bin policy token hygiene", () => {
+  it("rejects path-like and glob positional tokens after the terminator", () => {
+    const grepProfile = SAFE_BIN_PROFILES.grep;
+    expect(validateSafeBinArgv(["-e", "needle", "--", "../secret.txt"], grepProfile)).toBe(false);
+    expect(validateSafeBinArgv(["-e", "needle", "--", "*.txt"], grepProfile)).toBe(false);
+  });
+
+  it("keeps stdin marker after the terminator non-positional", () => {
+    const grepProfile = SAFE_BIN_PROFILES.grep;
+    expect(validateSafeBinArgv(["-e", "needle", "--", "-"], grepProfile)).toBe(true);
+  });
+});
+
 describe("exec safe bin policy long-option metadata", () => {
   it("precomputes long-option prefix mappings for compiled profiles", () => {
     const sortProfile = SAFE_BIN_PROFILES.sort;
diff --git a/src/infra/exec-safe-bin-runtime-policy.test.ts b/src/infra/exec-safe-bin-runtime-policy.test.ts
index af5510be5f2..8bc40b2d35a 100644
--- a/src/infra/exec-safe-bin-runtime-policy.test.ts
+++ b/src/infra/exec-safe-bin-runtime-policy.test.ts
@@ -13,8 +13,10 @@ describe("exec safe-bin runtime policy", () => {
   const interpreterCases: Array<{ bin: string; expected: boolean }> = [
     { bin: "python3", expected: true },
     { bin: "python3.12", expected: true },
+    { bin: " C:\\Tools\\Python3.EXE ", expected: true },
     { bin: "node", expected: true },
     { bin: "node20", expected: true },
+    { bin: "/usr/local/bin/node20", expected: true },
     { bin: "ruby3.2", expected: true },
     { bin: "bash", expected: true },
     { bin: "busybox", expected: true },
@@ -30,10 +32,9 @@ describe("exec safe-bin runtime policy", () => {
   }
 
   it("lists interpreter-like bins from a mixed set", () => {
-    expect(listInterpreterLikeSafeBins(["jq", "python3", "myfilter", "node"])).toEqual([
-      "node",
-      "python3",
-    ]);
+    expect(
+      listInterpreterLikeSafeBins(["jq", " C:\\Tools\\Python3.EXE ", "myfilter", "/usr/bin/node"]),
+    ).toEqual(["node", "python3"]);
   });
 
   it("merges and normalizes safe-bin profile fixtures", () => {
@@ -76,6 +77,19 @@ describe("exec safe-bin runtime policy", () => {
     expect(policy.unprofiledInterpreterSafeBins).toEqual(["python3"]);
   });
 
+  it("prefers local safe bins over global ones when both are configured", () => {
+    const policy = resolveExecSafeBinRuntimePolicy({
+      global: {
+        safeBins: ["python3", "jq"],
+      },
+      local: {
+        safeBins: ["sort"],
+      },
+    });
+
+    expect([...policy.safeBins]).toEqual(["sort"]);
+  });
+
   it("merges explicit safe-bin trusted dirs from global and local config", () => {
     const customDir = path.join(path.sep, "custom", "bin");
     const agentDir = path.join(path.sep, "agent", "bin");
diff --git a/src/infra/exec-safe-bin-runtime-policy.ts b/src/infra/exec-safe-bin-runtime-policy.ts
index 955d130de11..203f9d0761f 100644
--- a/src/infra/exec-safe-bin-runtime-policy.ts
+++ b/src/infra/exec-safe-bin-runtime-policy.ts
@@ -65,7 +65,8 @@ function normalizeSafeBinName(raw: string): string {
     return "";
   }
   const tail = trimmed.split(/[\\/]/).at(-1);
-  return tail ?? trimmed;
+  const normalized = tail ?? trimmed;
+  return normalized.replace(/\.(?:exe|cmd|bat|com)$/i, "");
 }
 
 export function isInterpreterLikeSafeBin(raw: string): boolean {
diff --git a/src/infra/executable-path.test.ts b/src/infra/executable-path.test.ts
index 31437cafe49..8c7412fb385 100644
--- a/src/infra/executable-path.test.ts
+++ b/src/infra/executable-path.test.ts
@@ -66,8 +66,12 @@ describe("executable path helpers", () => {
     await fs.chmod(pathTool, 0o755);
 
     expect(resolveExecutablePath(absoluteTool)).toBe(absoluteTool);
-    expect(resolveExecutablePath("~/home-tool", { env: { HOME: homeDir } })).toBe(homeTool);
-    expect(resolveExecutablePath("runner", { env: { Path: binDir } })).toBe(pathTool);
+    expect(
+      path.normalize(resolveExecutablePath("~/home-tool", { env: { HOME: homeDir } }) ?? ""),
+    ).toBe(path.normalize(homeTool));
+    expect(path.normalize(resolveExecutablePath("runner", { env: { Path: binDir } }) ?? "")).toBe(
+      path.normalize(pathTool),
+    );
     expect(resolveExecutablePath("~/missing-tool", { env: { HOME: homeDir } })).toBeUndefined();
   });
 });
diff --git a/src/infra/executable-path.ts b/src/infra/executable-path.ts
index bf648c7cb6a..a1d596cccf8 100644
--- a/src/infra/executable-path.ts
+++ b/src/infra/executable-path.ts
@@ -12,15 +12,33 @@ function resolveWindowsExecutableExtensions(
   if (path.extname(executable).length > 0) {
     return [""];
   }
-  return (
-    env?.PATHEXT ??
-    env?.Pathext ??
-    process.env.PATHEXT ??
-    process.env.Pathext ??
-    ".EXE;.CMD;.BAT;.COM"
-  )
-    .split(";")
-    .map((ext) => ext.toLowerCase());
+  return [
+    "",
+    ...(
+      env?.PATHEXT ??
+      env?.Pathext ??
+      process.env.PATHEXT ??
+      process.env.Pathext ??
+      ".EXE;.CMD;.BAT;.COM"
+    )
+      .split(";")
+      .map((ext) => ext.toLowerCase()),
+  ];
+}
+
+function resolveWindowsExecutableExtSet(env: NodeJS.ProcessEnv | undefined): Set<string> {
+  return new Set(
+    (
+      env?.PATHEXT ??
+      env?.Pathext ??
+      process.env.PATHEXT ??
+      process.env.Pathext ??
+      ".EXE;.CMD;.BAT;.COM"
+    )
+      .split(";")
+      .map((ext) => ext.toLowerCase())
+      .filter(Boolean),
+  );
 }
 
 export function isExecutableFile(filePath: string): boolean {
@@ -29,9 +47,14 @@ export function isExecutableFile(filePath: string): boolean {
     if (!stat.isFile()) {
       return false;
     }
-    if (process.platform !== "win32") {
-      fs.accessSync(filePath, fs.constants.X_OK);
+    if (process.platform === "win32") {
+      const ext = path.extname(filePath).toLowerCase();
+      if (!ext) {
+        return true;
+      }
+      return resolveWindowsExecutableExtSet(undefined).has(ext);
     }
+    fs.accessSync(filePath, fs.constants.X_OK);
     return true;
   } catch {
     return false;
diff --git a/src/infra/fetch.test.ts b/src/infra/fetch.test.ts
index fb01f27de12..deef81f551f 100644
--- a/src/infra/fetch.test.ts
+++ b/src/infra/fetch.test.ts
@@ -60,6 +60,42 @@ describe("wrapFetchWithAbortSignal", () => {
     expect((seenInit as (RequestInit & { duplex?: string }) | undefined)?.duplex).toBe("half");
   });
 
+  it("adds duplex when the input Request already carries the body", async () => {
+    let seenInit: RequestInit | undefined;
+    const fetchImpl = withFetchPreconnect(
+      vi.fn(async (_input: RequestInfo | URL, init?: RequestInit) => {
+        seenInit = init;
+        return {} as Response;
+      }),
+    );
+
+    const wrapped = wrapFetchWithAbortSignal(fetchImpl);
+
+    await wrapped(new Request("https://example.com", { method: "POST", body: "hi" }));
+
+    expect((seenInit as (RequestInit & { duplex?: string }) | undefined)?.duplex).toBe("half");
+  });
+
+  it("preserves an existing duplex init field", async () => {
+    let seenInit: RequestInit | undefined;
+    const fetchImpl = withFetchPreconnect(
+      vi.fn(async (_input: RequestInfo | URL, init?: RequestInit) => {
+        seenInit = init;
+        return {} as Response;
+      }),
+    );
+
+    const wrapped = wrapFetchWithAbortSignal(fetchImpl);
+
+    await wrapped("https://example.com", {
+      method: "POST",
+      body: "hi",
+      duplex: "half",
+    } as RequestInit & { duplex: "half" });
+
+    expect(seenInit).toMatchObject({ duplex: "half" });
+  });
+
   it("converts foreign abort signals to native controllers", async () => {
     let seenSignal: AbortSignal | undefined;
     const fetchImpl = withFetchPreconnect(
@@ -167,6 +203,68 @@ describe("wrapFetchWithAbortSignal", () => {
     expect(removeEventListener).not.toHaveBeenCalled();
   });
 
+  it("passes through foreign signal-like objects without addEventListener", async () => {
+    let seenSignal: AbortSignal | undefined;
+    const fetchImpl = withFetchPreconnect(
+      vi.fn(async (_input: RequestInfo | URL, init?: RequestInit) => {
+        seenSignal = init?.signal as AbortSignal | undefined;
+        return {} as Response;
+      }),
+    );
+    const wrapped = wrapFetchWithAbortSignal(fetchImpl);
+
+    const fakeSignal = {
+      aborted: false,
+      removeEventListener: vi.fn(),
+    } as unknown as AbortSignal;
+
+    await wrapped("https://example.com", { signal: fakeSignal });
+
+    expect(seenSignal).toBe(fakeSignal);
+  });
+
+  it("passes through native AbortSignal instances unchanged", async () => {
+    let seenSignal: AbortSignal | undefined;
+    const fetchImpl = withFetchPreconnect(
+      vi.fn(async (_input: RequestInfo | URL, init?: RequestInit) => {
+        seenSignal = init?.signal as AbortSignal | undefined;
+        return {} as Response;
+      }),
+    );
+    const wrapped = wrapFetchWithAbortSignal(fetchImpl);
+    const controller = new AbortController();
+
+    await wrapped("https://example.com", { signal: controller.signal });
+
+    expect(seenSignal).toBe(controller.signal);
+  });
+
+  it("passes through foreign signals unchanged when AbortController is unavailable", async () => {
+    let seenSignal: AbortSignal | undefined;
+    const fetchImpl = withFetchPreconnect(
+      vi.fn(async (_input: RequestInfo | URL, init?: RequestInit) => {
+        seenSignal = init?.signal as AbortSignal | undefined;
+        return {} as Response;
+      }),
+    );
+    const wrapped = wrapFetchWithAbortSignal(fetchImpl);
+    const fakeSignal = {
+      aborted: false,
+      addEventListener: vi.fn(),
+      removeEventListener: vi.fn(),
+    } as unknown as AbortSignal;
+    const previousAbortController = globalThis.AbortController;
+    vi.stubGlobal("AbortController", undefined);
+
+    try {
+      await wrapped("https://example.com", { signal: fakeSignal });
+    } finally {
+      vi.stubGlobal("AbortController", previousAbortController);
+    }
+
+    expect(seenSignal).toBe(fakeSignal);
+  });
+
   it("returns the same function when called with an already wrapped fetch", () => {
     const fetchImpl = withFetchPreconnect(vi.fn(async () => ({ ok: true }) as Response));
     const wrapped = wrapFetchWithAbortSignal(fetchImpl);
@@ -193,4 +291,25 @@ describe("wrapFetchWithAbortSignal", () => {
     expect(preconnectSpy).toHaveBeenCalledOnce();
     expect(seenThis).toBe(fetchImpl);
   });
+
+  it("exposes a no-op preconnect when the source fetch has none", () => {
+    const fetchImpl = vi.fn(async () => ({ ok: true }) as Response) as typeof fetch;
+    const wrapped = wrapFetchWithAbortSignal(fetchImpl) as typeof fetch & {
+      preconnect: (url: string, init?: { credentials?: RequestCredentials }) => unknown;
+    };
+
+    expect(() => wrapped.preconnect("https://example.com")).not.toThrow();
+  });
+});
+
+describe("resolveFetch", () => {
+  it("returns undefined when neither an explicit nor global fetch exists", () => {
+    const previousFetch = globalThis.fetch;
+    vi.stubGlobal("fetch", undefined);
+    try {
+      expect(resolveFetch(undefined)).toBeUndefined();
+    } finally {
+      vi.stubGlobal("fetch", previousFetch);
+    }
+  });
 });
diff --git a/src/infra/format-time/format-duration.ts b/src/infra/format-time/format-duration.ts
index 4f486c38094..be706686f0e 100644
--- a/src/infra/format-time/format-duration.ts
+++ b/src/infra/format-time/format-duration.ts
@@ -32,7 +32,7 @@ export function formatDurationPrecise(
     return "unknown";
   }
   if (ms < 1000) {
-    return `${ms}ms`;
+    return `${Math.max(0, Math.round(ms))}ms`;
   }
   return formatDurationSeconds(ms, {
     decimals: options.decimals ?? 2,
diff --git a/src/infra/format-time/format-time.test.ts b/src/infra/format-time/format-time.test.ts
index f3fddff7f6d..b30c2a43135 100644
--- a/src/infra/format-time/format-time.test.ts
+++ b/src/infra/format-time/format-time.test.ts
@@ -90,6 +90,12 @@ describe("format-duration", () => {
       expect(formatDurationPrecise(999)).toBe("999ms");
     });
 
+    it("clamps negative and fractional sub-second values to non-negative milliseconds", () => {
+      expect(formatDurationPrecise(-1)).toBe("0ms");
+      expect(formatDurationPrecise(-500)).toBe("0ms");
+      expect(formatDurationPrecise(999.6)).toBe("1000ms");
+    });
+
     it("shows decimal seconds for >=1s", () => {
       expect(formatDurationPrecise(1000)).toBe("1s");
       expect(formatDurationPrecise(1500)).toBe("1.5s");
diff --git a/src/infra/gateway-process-argv.test.ts b/src/infra/gateway-process-argv.test.ts
index f3570316860..81e6da2210a 100644
--- a/src/infra/gateway-process-argv.test.ts
+++ b/src/infra/gateway-process-argv.test.ts
@@ -10,6 +10,11 @@ describe("parseProcCmdline", () => {
       "18789",
     ]);
   });
+
+  it("keeps non-delimited single arguments and drops whitespace-only entries", () => {
+    expect(parseProcCmdline(" gateway ")).toEqual(["gateway"]);
+    expect(parseProcCmdline(" \0\t\0 ")).toEqual([]);
+  });
 });
 
 describe("isGatewayArgv", () => {
@@ -20,6 +25,8 @@ describe("isGatewayArgv", () => {
   it("matches known entrypoints across slash and case variants", () => {
     expect(isGatewayArgv(["NODE", "C:\\OpenClaw\\DIST\\ENTRY.JS", "gateway"])).toBe(true);
     expect(isGatewayArgv(["bun", "/srv/openclaw/scripts/run-node.mjs", "gateway"])).toBe(true);
+    expect(isGatewayArgv(["node", "/srv/openclaw/openclaw.mjs", "gateway"])).toBe(true);
+    expect(isGatewayArgv(["tsx", "/srv/openclaw/src/index.ts", "gateway"])).toBe(true);
   });
 
   it("matches the openclaw executable but gates the gateway binary behind the opt-in flag", () => {
@@ -30,5 +37,15 @@ describe("isGatewayArgv", () => {
         allowGatewayBinary: true,
       }),
     ).toBe(true);
+    expect(
+      isGatewayArgv(["C:\\bin\\openclaw-gateway.EXE", "gateway"], {
+        allowGatewayBinary: true,
+      }),
+    ).toBe(true);
+  });
+
+  it("rejects unknown gateway argv even when the token is present", () => {
+    expect(isGatewayArgv(["node", "/srv/openclaw/custom.js", "gateway"])).toBe(false);
+    expect(isGatewayArgv(["python", "gateway", "script.py"])).toBe(false);
   });
 });
diff --git a/src/infra/git-commit.test.ts b/src/infra/git-commit.test.ts
index c0ddb136e85..cffd27162b0 100644
--- a/src/infra/git-commit.test.ts
+++ b/src/infra/git-commit.test.ts
@@ -42,7 +42,6 @@ describe("git commit resolution", () => {
   const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "../..");
 
   beforeEach(async () => {
-    process.chdir(repoRoot);
     vi.restoreAllMocks();
     vi.doUnmock("node:fs");
     vi.doUnmock("node:module");
@@ -52,7 +51,6 @@ describe("git commit resolution", () => {
   });
 
   afterEach(async () => {
-    process.chdir(repoRoot);
     vi.restoreAllMocks();
     vi.doUnmock("node:fs");
     vi.doUnmock("node:module");
@@ -87,9 +85,9 @@ describe("git commit resolution", () => {
       .trim()
       .slice(0, 7);
 
-    process.chdir(otherRepo);
     const { resolveCommitHash } = await import("./git-commit.js");
     const entryModuleUrl = pathToFileURL(path.join(repoRoot, "src", "entry.ts")).href;
+    vi.spyOn(process, "cwd").mockReturnValue(otherRepo);
 
     expect(resolveCommitHash({ moduleUrl: entryModuleUrl })).toBe(repoHead);
     expect(resolveCommitHash({ moduleUrl: entryModuleUrl })).not.toBe(otherHead);
diff --git a/src/infra/hardlink-guards.test.ts b/src/infra/hardlink-guards.test.ts
index e96d826c1d8..1a8f7205bcb 100644
--- a/src/infra/hardlink-guards.test.ts
+++ b/src/infra/hardlink-guards.test.ts
@@ -50,6 +50,7 @@ describe("assertNoHardlinkedFinalPath", () => {
       await fs.writeFile(source, "hello", "utf8");
       await fs.link(source, linked);
       const homedirSpy = vi.spyOn(os, "homedir").mockReturnValue(root);
+      const expectedLinkedPath = path.join("~", "linked.txt");
 
       try {
         await expect(
@@ -58,7 +59,9 @@ describe("assertNoHardlinkedFinalPath", () => {
             root,
             boundaryLabel: "workspace",
           }),
-        ).rejects.toThrow("Hardlinked path is not allowed under workspace (~): ~/linked.txt");
+        ).rejects.toThrow(
+          `Hardlinked path is not allowed under workspace (~): ${expectedLinkedPath}`,
+        );
       } finally {
         homedirSpy.mockRestore();
       }
diff --git a/src/infra/heartbeat-runner.ghost-reminder.test.ts b/src/infra/heartbeat-runner.ghost-reminder.test.ts
index 648acf1813c..f215b8313d1 100644
--- a/src/infra/heartbeat-runner.ghost-reminder.test.ts
+++ b/src/infra/heartbeat-runner.ghost-reminder.test.ts
@@ -118,7 +118,7 @@ describe("Ghost reminder bug (issue #13317)", () => {
           agentId: "main",
           reason: params.reason,
           deps: {
-            sendTelegram,
+            telegram: sendTelegram,
           },
         });
         const calledCtx = (getReplySpy.mock.calls[0]?.[0] ?? null) as {
diff --git a/src/infra/heartbeat-runner.respects-ackmaxchars-heartbeat-acks.test.ts b/src/infra/heartbeat-runner.respects-ackmaxchars-heartbeat-acks.test.ts
index d0f4fd19bd7..fcc3f7556ae 100644
--- a/src/infra/heartbeat-runner.respects-ackmaxchars-heartbeat-acks.test.ts
+++ b/src/infra/heartbeat-runner.respects-ackmaxchars-heartbeat-acks.test.ts
@@ -48,9 +48,7 @@ describe("runHeartbeatOnce ack handling", () => {
     } = {},
   ) {
     return {
-      ...(params.sendWhatsApp
-        ? { sendWhatsApp: params.sendWhatsApp as unknown as HeartbeatDeps["sendWhatsApp"] }
-        : {}),
+      ...(params.sendWhatsApp ? { whatsapp: params.sendWhatsApp as unknown } : {}),
       getQueueSize: params.getQueueSize ?? (() => 0),
       nowMs: params.nowMs ?? (() => 0),
       webAuthExists: params.webAuthExists ?? (async () => true),
@@ -66,9 +64,7 @@ describe("runHeartbeatOnce ack handling", () => {
     } = {},
   ) {
     return {
-      ...(params.sendTelegram
-        ? { sendTelegram: params.sendTelegram as unknown as HeartbeatDeps["sendTelegram"] }
-        : {}),
+      ...(params.sendTelegram ? { telegram: params.sendTelegram as unknown } : {}),
       getQueueSize: params.getQueueSize ?? (() => 0),
       nowMs: params.nowMs ?? (() => 0),
     } satisfies HeartbeatDeps;
diff --git a/src/infra/heartbeat-runner.returns-default-unset.test.ts b/src/infra/heartbeat-runner.returns-default-unset.test.ts
index 2ac6a8be0f3..dc28784870a 100644
--- a/src/infra/heartbeat-runner.returns-default-unset.test.ts
+++ b/src/infra/heartbeat-runner.returns-default-unset.test.ts
@@ -59,20 +59,20 @@ beforeAll(async () => {
     outbound: {
       deliveryMode: "direct",
       sendText: async ({ to, text, deps, accountId }) => {
-        if (!deps?.sendTelegram) {
+        if (!deps?.["telegram"]) {
           throw new Error("sendTelegram missing");
         }
-        const res = await deps.sendTelegram(to, text, {
+        const res = await (deps["telegram"] as Function)(to, text, {
           verbose: false,
           accountId: accountId ?? undefined,
         });
         return { channel: "telegram", messageId: res.messageId, chatId: res.chatId };
       },
       sendMedia: async ({ to, text, mediaUrl, deps, accountId }) => {
-        if (!deps?.sendTelegram) {
+        if (!deps?.["telegram"]) {
           throw new Error("sendTelegram missing");
         }
-        const res = await deps.sendTelegram(to, text, {
+        const res = await (deps["telegram"] as Function)(to, text, {
           verbose: false,
           accountId: accountId ?? undefined,
           mediaUrl,
@@ -468,10 +468,14 @@ describe("resolveHeartbeatSenderContext", () => {
 
 describe("runHeartbeatOnce", () => {
   const createHeartbeatDeps = (
-    sendWhatsApp: NonNullable<HeartbeatDeps["sendWhatsApp"]>,
+    sendWhatsApp: (
+      to: string,
+      text: string,
+      opts?: unknown,
+    ) => Promise<{ messageId: string; toJid: string }>,
     nowMs = 0,
   ): HeartbeatDeps => ({
-    sendWhatsApp,
+    whatsapp: sendWhatsApp,
     getQueueSize: () => 0,
     nowMs: () => nowMs,
     webAuthExists: async () => true,
@@ -547,10 +551,18 @@ describe("runHeartbeatOnce", () => {
       );
 
       replySpy.mockResolvedValue([{ text: "Let me check..." }, { text: "Final alert" }]);
-      const sendWhatsApp = vi.fn<NonNullable<HeartbeatDeps["sendWhatsApp"]>>().mockResolvedValue({
-        messageId: "m1",
-        toJid: "jid",
-      });
+      const sendWhatsApp = vi
+        .fn<
+          (
+            to: string,
+            text: string,
+            opts?: unknown,
+          ) => Promise<{ messageId: string; toJid: string }>
+        >()
+        .mockResolvedValue({
+          messageId: "m1",
+          toJid: "jid",
+        });
 
       await runHeartbeatOnce({
         cfg,
@@ -604,10 +616,18 @@ describe("runHeartbeatOnce", () => {
         }),
       );
       replySpy.mockResolvedValue([{ text: "Final alert" }]);
-      const sendWhatsApp = vi.fn<NonNullable<HeartbeatDeps["sendWhatsApp"]>>().mockResolvedValue({
-        messageId: "m1",
-        toJid: "jid",
-      });
+      const sendWhatsApp = vi
+        .fn<
+          (
+            to: string,
+            text: string,
+            opts?: unknown,
+          ) => Promise<{ messageId: string; toJid: string }>
+        >()
+        .mockResolvedValue({
+          messageId: "m1",
+          toJid: "jid",
+        });
       await runHeartbeatOnce({
         cfg,
         agentId: "ops",
@@ -682,10 +702,18 @@ describe("runHeartbeatOnce", () => {
       );
 
       replySpy.mockResolvedValue([{ text: "Final alert" }]);
-      const sendWhatsApp = vi.fn<NonNullable<HeartbeatDeps["sendWhatsApp"]>>().mockResolvedValue({
-        messageId: "m1",
-        toJid: "jid",
-      });
+      const sendWhatsApp = vi
+        .fn<
+          (
+            to: string,
+            text: string,
+            opts?: unknown,
+          ) => Promise<{ messageId: string; toJid: string }>
+        >()
+        .mockResolvedValue({
+          messageId: "m1",
+          toJid: "jid",
+        });
       const result = await runHeartbeatOnce({
         cfg,
         agentId,
@@ -799,7 +827,13 @@ describe("runHeartbeatOnce", () => {
         replySpy.mockClear();
         replySpy.mockResolvedValue([{ text: testCase.message }]);
         const sendWhatsApp = vi
-          .fn<NonNullable<HeartbeatDeps["sendWhatsApp"]>>()
+          .fn<
+            (
+              to: string,
+              text: string,
+              opts?: unknown,
+            ) => Promise<{ messageId: string; toJid: string }>
+          >()
           .mockResolvedValue({ messageId: "m1", toJid: "jid" });
 
         await runHeartbeatOnce({
@@ -863,7 +897,13 @@ describe("runHeartbeatOnce", () => {
 
       replySpy.mockResolvedValue([{ text: "Final alert" }]);
       const sendWhatsApp = vi
-        .fn<NonNullable<HeartbeatDeps["sendWhatsApp"]>>()
+        .fn<
+          (
+            to: string,
+            text: string,
+            opts?: unknown,
+          ) => Promise<{ messageId: string; toJid: string }>
+        >()
         .mockResolvedValue({ messageId: "m1", toJid: "jid" });
 
       await runHeartbeatOnce({
@@ -935,7 +975,13 @@ describe("runHeartbeatOnce", () => {
         replySpy.mockClear();
         replySpy.mockResolvedValue(testCase.replies);
         const sendWhatsApp = vi
-          .fn<NonNullable<HeartbeatDeps["sendWhatsApp"]>>()
+          .fn<
+            (
+              to: string,
+              text: string,
+              opts?: unknown,
+            ) => Promise<{ messageId: string; toJid: string }>
+          >()
           .mockResolvedValue({ messageId: "m1", toJid: "jid" });
 
         await runHeartbeatOnce({
@@ -990,10 +1036,18 @@ describe("runHeartbeatOnce", () => {
       );
 
       replySpy.mockResolvedValue({ text: "Hello from heartbeat" });
-      const sendWhatsApp = vi.fn<NonNullable<HeartbeatDeps["sendWhatsApp"]>>().mockResolvedValue({
-        messageId: "m1",
-        toJid: "jid",
-      });
+      const sendWhatsApp = vi
+        .fn<
+          (
+            to: string,
+            text: string,
+            opts?: unknown,
+          ) => Promise<{ messageId: string; toJid: string }>
+        >()
+        .mockResolvedValue({
+          messageId: "m1",
+          toJid: "jid",
+        });
 
       await runHeartbeatOnce({
         cfg,
@@ -1073,7 +1127,9 @@ describe("runHeartbeatOnce", () => {
     const replySpy = vi.spyOn(replyModule, "getReplyFromConfig");
     replySpy.mockResolvedValue({ text: params.replyText ?? "Checked logs and PRs" });
     const sendWhatsApp = vi
-      .fn<NonNullable<HeartbeatDeps["sendWhatsApp"]>>()
+      .fn<
+        (to: string, text: string, opts?: unknown) => Promise<{ messageId: string; toJid: string }>
+      >()
       .mockResolvedValue({ messageId: "m1", toJid: "jid" });
     const res = await runHeartbeatOnce({
       cfg,
@@ -1239,7 +1295,9 @@ describe("runHeartbeatOnce", () => {
     const replySpy = vi.spyOn(replyModule, "getReplyFromConfig");
     replySpy.mockResolvedValue({ text: "Handled internally" });
     const sendWhatsApp = vi
-      .fn<NonNullable<HeartbeatDeps["sendWhatsApp"]>>()
+      .fn<
+        (to: string, text: string, opts?: unknown) => Promise<{ messageId: string; toJid: string }>
+      >()
       .mockResolvedValue({ messageId: "m1", toJid: "jid" });
 
     try {
@@ -1292,7 +1350,9 @@ describe("runHeartbeatOnce", () => {
     const replySpy = vi.spyOn(replyModule, "getReplyFromConfig");
     replySpy.mockResolvedValue({ text: "Handled internally" });
     const sendWhatsApp = vi
-      .fn<NonNullable<HeartbeatDeps["sendWhatsApp"]>>()
+      .fn<
+        (to: string, text: string, opts?: unknown) => Promise<{ messageId: string; toJid: string }>
+      >()
       .mockResolvedValue({ messageId: "m1", toJid: "jid" });
 
     try {
diff --git a/src/infra/heartbeat-runner.scheduler.test.ts b/src/infra/heartbeat-runner.scheduler.test.ts
index 4a184650128..10313dc33ad 100644
--- a/src/infra/heartbeat-runner.scheduler.test.ts
+++ b/src/infra/heartbeat-runner.scheduler.test.ts
@@ -4,15 +4,62 @@ import { startHeartbeatRunner } from "./heartbeat-runner.js";
 import { requestHeartbeatNow, resetHeartbeatWakeStateForTests } from "./heartbeat-wake.js";
 
 describe("startHeartbeatRunner", () => {
-  function startDefaultRunner(runOnce: Parameters<typeof startHeartbeatRunner>[0]["runOnce"]) {
+  type RunOnce = Parameters<typeof startHeartbeatRunner>[0]["runOnce"];
+
+  function useFakeHeartbeatTime() {
+    vi.useFakeTimers();
+    vi.setSystemTime(new Date(0));
+  }
+
+  function startDefaultRunner(runOnce: RunOnce) {
     return startHeartbeatRunner({
-      cfg: {
-        agents: { defaults: { heartbeat: { every: "30m" } } },
-      } as OpenClawConfig,
+      cfg: heartbeatConfig(),
       runOnce,
     });
   }
 
+  function heartbeatConfig(
+    list?: NonNullable<NonNullable<OpenClawConfig["agents"]>["list"]>,
+  ): OpenClawConfig {
+    return {
+      agents: {
+        defaults: { heartbeat: { every: "30m" } },
+        ...(list ? { list } : {}),
+      },
+    } as OpenClawConfig;
+  }
+
+  function createRequestsInFlightRunSpy(skipCount: number) {
+    let callCount = 0;
+    return vi.fn().mockImplementation(async () => {
+      callCount++;
+      if (callCount <= skipCount) {
+        return { status: "skipped", reason: "requests-in-flight" } as const;
+      }
+      return { status: "ran", durationMs: 1 } as const;
+    });
+  }
+
+  async function expectWakeDispatch(params: {
+    cfg: OpenClawConfig;
+    runSpy: RunOnce;
+    wake: { reason: string; agentId?: string; sessionKey?: string; coalesceMs: number };
+    expectedCall: Record<string, unknown>;
+  }) {
+    const runner = startHeartbeatRunner({
+      cfg: params.cfg,
+      runOnce: params.runSpy,
+    });
+
+    requestHeartbeatNow(params.wake);
+    await vi.advanceTimersByTimeAsync(1);
+
+    expect(params.runSpy).toHaveBeenCalledTimes(1);
+    expect(params.runSpy).toHaveBeenCalledWith(expect.objectContaining(params.expectedCall));
+
+    return runner;
+  }
+
   afterEach(() => {
     resetHeartbeatWakeStateForTests();
     vi.useRealTimers();
@@ -20,8 +67,7 @@ describe("startHeartbeatRunner", () => {
   });
 
   it("updates scheduling when config changes without restart", async () => {
-    vi.useFakeTimers();
-    vi.setSystemTime(new Date(0));
+    useFakeHeartbeatTime();
 
     const runSpy = vi.fn().mockResolvedValue({ status: "ran", durationMs: 1 });
 
@@ -62,8 +108,7 @@ describe("startHeartbeatRunner", () => {
   });
 
   it("continues scheduling after runOnce throws an unhandled error", async () => {
-    vi.useFakeTimers();
-    vi.setSystemTime(new Date(0));
+    useFakeHeartbeatTime();
 
     let callCount = 0;
     const runSpy = vi.fn().mockImplementation(async () => {
@@ -89,8 +134,7 @@ describe("startHeartbeatRunner", () => {
   });
 
   it("cleanup is idempotent and does not clear a newer runner's handler", async () => {
-    vi.useFakeTimers();
-    vi.setSystemTime(new Date(0));
+    useFakeHeartbeatTime();
 
     const runSpy1 = vi.fn().mockResolvedValue({ status: "ran", durationMs: 1 });
     const runSpy2 = vi.fn().mockResolvedValue({ status: "ran", durationMs: 1 });
@@ -120,8 +164,7 @@ describe("startHeartbeatRunner", () => {
   });
 
   it("run() returns skipped when runner is stopped", async () => {
-    vi.useFakeTimers();
-    vi.setSystemTime(new Date(0));
+    useFakeHeartbeatTime();
 
     const runSpy = vi.fn().mockResolvedValue({ status: "ran", durationMs: 1 });
 
@@ -135,22 +178,12 @@ describe("startHeartbeatRunner", () => {
   });
 
   it("reschedules timer when runOnce returns requests-in-flight", async () => {
-    vi.useFakeTimers();
-    vi.setSystemTime(new Date(0));
+    useFakeHeartbeatTime();
 
-    let callCount = 0;
-    const runSpy = vi.fn().mockImplementation(async () => {
-      callCount++;
-      if (callCount === 1) {
-        return { status: "skipped", reason: "requests-in-flight" };
-      }
-      return { status: "ran", durationMs: 1 };
-    });
+    const runSpy = createRequestsInFlightRunSpy(1);
 
     const runner = startHeartbeatRunner({
-      cfg: {
-        agents: { defaults: { heartbeat: { every: "30m" } } },
-      } as OpenClawConfig,
+      cfg: heartbeatConfig(),
       runOnce: runSpy,
     });
 
@@ -167,24 +200,14 @@ describe("startHeartbeatRunner", () => {
   });
 
   it("does not push nextDueMs forward on repeated requests-in-flight skips", async () => {
-    vi.useFakeTimers();
-    vi.setSystemTime(new Date(0));
+    useFakeHeartbeatTime();
 
     // Simulate a long-running heartbeat: the first 5 calls return
     // requests-in-flight (retries from the wake layer), then the 6th succeeds.
-    let callCount = 0;
-    const runSpy = vi.fn().mockImplementation(async () => {
-      callCount++;
-      if (callCount <= 5) {
-        return { status: "skipped", reason: "requests-in-flight" };
-      }
-      return { status: "ran", durationMs: 1 };
-    });
+    const runSpy = createRequestsInFlightRunSpy(5);
 
     const runner = startHeartbeatRunner({
-      cfg: {
-        agents: { defaults: { heartbeat: { every: "30m" } } },
-      } as OpenClawConfig,
+      cfg: heartbeatConfig(),
       runOnce: runSpy,
     });
 
@@ -208,76 +231,54 @@ describe("startHeartbeatRunner", () => {
   });
 
   it("routes targeted wake requests to the requested agent/session", async () => {
-    vi.useFakeTimers();
-    vi.setSystemTime(new Date(0));
-
+    useFakeHeartbeatTime();
     const runSpy = vi.fn().mockResolvedValue({ status: "ran", durationMs: 1 });
-    const runner = startHeartbeatRunner({
+    const runner = await expectWakeDispatch({
       cfg: {
-        agents: {
-          defaults: { heartbeat: { every: "30m" } },
-          list: [
-            { id: "main", heartbeat: { every: "30m" } },
-            { id: "ops", heartbeat: { every: "15m" } },
-          ],
-        },
+        ...heartbeatConfig([
+          { id: "main", heartbeat: { every: "30m" } },
+          { id: "ops", heartbeat: { every: "15m" } },
+        ]),
       } as OpenClawConfig,
-      runOnce: runSpy,
-    });
-
-    requestHeartbeatNow({
-      reason: "cron:job-123",
-      agentId: "ops",
-      sessionKey: "agent:ops:discord:channel:alerts",
-      coalesceMs: 0,
-    });
-    await vi.advanceTimersByTimeAsync(1);
-
-    expect(runSpy).toHaveBeenCalledTimes(1);
-    expect(runSpy).toHaveBeenCalledWith(
-      expect.objectContaining({
+      runSpy,
+      wake: {
+        reason: "cron:job-123",
+        agentId: "ops",
+        sessionKey: "agent:ops:discord:channel:alerts",
+        coalesceMs: 0,
+      },
+      expectedCall: {
         agentId: "ops",
         reason: "cron:job-123",
         sessionKey: "agent:ops:discord:channel:alerts",
-      }),
-    );
+      },
+    });
 
     runner.stop();
   });
 
   it("does not fan out to unrelated agents for session-scoped exec wakes", async () => {
-    vi.useFakeTimers();
-    vi.setSystemTime(new Date(0));
-
+    useFakeHeartbeatTime();
     const runSpy = vi.fn().mockResolvedValue({ status: "ran", durationMs: 1 });
-    const runner = startHeartbeatRunner({
+    const runner = await expectWakeDispatch({
       cfg: {
-        agents: {
-          defaults: { heartbeat: { every: "30m" } },
-          list: [
-            { id: "main", heartbeat: { every: "30m" } },
-            { id: "finance", heartbeat: { every: "30m" } },
-          ],
-        },
+        ...heartbeatConfig([
+          { id: "main", heartbeat: { every: "30m" } },
+          { id: "finance", heartbeat: { every: "30m" } },
+        ]),
       } as OpenClawConfig,
-      runOnce: runSpy,
-    });
-
-    requestHeartbeatNow({
-      reason: "exec-event",
-      sessionKey: "agent:main:main",
-      coalesceMs: 0,
-    });
-    await vi.advanceTimersByTimeAsync(1);
-
-    expect(runSpy).toHaveBeenCalledTimes(1);
-    expect(runSpy).toHaveBeenCalledWith(
-      expect.objectContaining({
+      runSpy,
+      wake: {
+        reason: "exec-event",
+        sessionKey: "agent:main:main",
+        coalesceMs: 0,
+      },
+      expectedCall: {
         agentId: "main",
         reason: "exec-event",
         sessionKey: "agent:main:main",
-      }),
-    );
+      },
+    });
     expect(runSpy.mock.calls.some((call) => call[0]?.agentId === "finance")).toBe(false);
 
     runner.stop();
diff --git a/src/infra/heartbeat-runner.sender-prefers-delivery-target.test.ts b/src/infra/heartbeat-runner.sender-prefers-delivery-target.test.ts
index 71a190c844b..352dbd1c84c 100644
--- a/src/infra/heartbeat-runner.sender-prefers-delivery-target.test.ts
+++ b/src/infra/heartbeat-runner.sender-prefers-delivery-target.test.ts
@@ -47,7 +47,7 @@ describe("runHeartbeatOnce", () => {
         await runHeartbeatOnce({
           cfg,
           deps: {
-            sendSlack,
+            slack: sendSlack,
             getQueueSize: () => 0,
             nowMs: () => 0,
           },
diff --git a/src/infra/home-dir.test.ts b/src/infra/home-dir.test.ts
index 3096dd1b0b4..9faeda1dee5 100644
--- a/src/infra/home-dir.test.ts
+++ b/src/infra/home-dir.test.ts
@@ -1,6 +1,11 @@
 import path from "node:path";
 import { describe, expect, it } from "vitest";
-import { expandHomePrefix, resolveEffectiveHomeDir, resolveRequiredHomeDir } from "./home-dir.js";
+import {
+  expandHomePrefix,
+  resolveEffectiveHomeDir,
+  resolveHomeRelativePath,
+  resolveRequiredHomeDir,
+} from "./home-dir.js";
 
 describe("resolveEffectiveHomeDir", () => {
   it.each([
@@ -104,7 +109,7 @@ describe("expandHomePrefix", () => {
       name: "expands exact ~ using explicit home",
       input: "~",
       opts: { home: " /srv/openclaw-home " },
-      expected: path.resolve("/srv/openclaw-home"),
+      expected: "/srv/openclaw-home",
     },
     {
       name: "expands ~\\\\ using resolved env home",
@@ -123,3 +128,33 @@ describe("expandHomePrefix", () => {
     expect(expandHomePrefix(input, opts)).toBe(expected);
   });
 });
+
+describe("resolveHomeRelativePath", () => {
+  it("returns blank input unchanged", () => {
+    expect(resolveHomeRelativePath("   ")).toBe("");
+  });
+
+  it("resolves trimmed relative and absolute paths", () => {
+    expect(resolveHomeRelativePath(" ./tmp/file.txt ")).toBe(path.resolve("./tmp/file.txt"));
+    expect(resolveHomeRelativePath(" /tmp/file.txt ")).toBe(path.resolve("/tmp/file.txt"));
+  });
+
+  it("expands tilde paths using the resolved home directory", () => {
+    expect(
+      resolveHomeRelativePath("~/docs", {
+        env: { OPENCLAW_HOME: "/srv/openclaw-home" } as NodeJS.ProcessEnv,
+      }),
+    ).toBe(path.resolve("/srv/openclaw-home/docs"));
+  });
+
+  it("falls back to cwd when tilde paths have no home source", () => {
+    expect(
+      resolveHomeRelativePath("~", {
+        env: {} as NodeJS.ProcessEnv,
+        homedir: () => {
+          throw new Error("no home");
+        },
+      }),
+    ).toBe(path.resolve(process.cwd()));
+  });
+});
diff --git a/src/infra/install-safe-path.test.ts b/src/infra/install-safe-path.test.ts
index 61ac64a2126..7cd9498e5d1 100644
--- a/src/infra/install-safe-path.test.ts
+++ b/src/infra/install-safe-path.test.ts
@@ -35,6 +35,12 @@ describe("safePathSegmentHashed", () => {
     expect(safePathSegmentHashed("demo-skill")).toBe("demo-skill");
   });
 
+  it("falls back to a hashed skill name for empty or dot-like segments", () => {
+    expect(safePathSegmentHashed("   ")).toMatch(/^skill-[a-f0-9]{10}$/);
+    expect(safePathSegmentHashed(".")).toMatch(/^skill-[a-f0-9]{10}$/);
+    expect(safePathSegmentHashed("..")).toMatch(/^skill-[a-f0-9]{10}$/);
+  });
+
   it("normalizes separators and adds hash suffix", () => {
     const result = safePathSegmentHashed("../../demo/skill");
     expect(result.includes("/")).toBe(false);
@@ -96,6 +102,57 @@ describe("assertCanonicalPathWithinBase", () => {
     }
   });
 
+  it("accepts missing candidate paths when their parent stays in base", async () => {
+    const baseDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-install-safe-"));
+    try {
+      const candidate = path.join(baseDir, "tools", "plugin");
+      await fs.mkdir(path.dirname(candidate), { recursive: true });
+      await expect(
+        assertCanonicalPathWithinBase({
+          baseDir,
+          candidatePath: candidate,
+          boundaryLabel: "install directory",
+        }),
+      ).resolves.toBeUndefined();
+    } finally {
+      await fs.rm(baseDir, { recursive: true, force: true });
+    }
+  });
+
+  it("rejects non-directory base paths", async () => {
+    const baseDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-install-safe-"));
+    const baseFile = path.join(baseDir, "not-a-dir");
+    await fs.writeFile(baseFile, "nope", "utf-8");
+    try {
+      await expect(
+        assertCanonicalPathWithinBase({
+          baseDir: baseFile,
+          candidatePath: path.join(baseFile, "child"),
+          boundaryLabel: "install directory",
+        }),
+      ).rejects.toThrow(/base directory must be a real directory/i);
+    } finally {
+      await fs.rm(baseDir, { recursive: true, force: true });
+    }
+  });
+
+  it("rejects non-directory candidate paths inside the base", async () => {
+    const baseDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-install-safe-"));
+    const candidate = path.join(baseDir, "file.txt");
+    await fs.writeFile(candidate, "nope", "utf-8");
+    try {
+      await expect(
+        assertCanonicalPathWithinBase({
+          baseDir,
+          candidatePath: candidate,
+          boundaryLabel: "install directory",
+        }),
+      ).rejects.toThrow(/must stay within install directory/i);
+    } finally {
+      await fs.rm(baseDir, { recursive: true, force: true });
+    }
+  });
+
   it.runIf(process.platform !== "win32")(
     "rejects symlinked candidate directories that escape the base",
     async () => {
@@ -117,4 +174,23 @@ describe("assertCanonicalPathWithinBase", () => {
       }
     },
   );
+
+  it.runIf(process.platform !== "win32")("rejects symlinked base directories", async () => {
+    const parentDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-install-safe-"));
+    const realBaseDir = path.join(parentDir, "real-base");
+    const symlinkBaseDir = path.join(parentDir, "base-link");
+    await fs.mkdir(realBaseDir, { recursive: true });
+    await fs.symlink(realBaseDir, symlinkBaseDir);
+    try {
+      await expect(
+        assertCanonicalPathWithinBase({
+          baseDir: symlinkBaseDir,
+          candidatePath: path.join(symlinkBaseDir, "tool"),
+          boundaryLabel: "install directory",
+        }),
+      ).rejects.toThrow(/base directory must be a real directory/i);
+    } finally {
+      await fs.rm(parentDir, { recursive: true, force: true });
+    }
+  });
 });
diff --git a/src/infra/is-main.test.ts b/src/infra/is-main.test.ts
index b2f6197ad24..5fcf3f12076 100644
--- a/src/infra/is-main.test.ts
+++ b/src/infra/is-main.test.ts
@@ -24,6 +24,17 @@ describe("isMainModule", () => {
     ).toBe(true);
   });
 
+  it("resolves relative pm_exec_path values against cwd", () => {
+    expect(
+      isMainModule({
+        currentFile: "/repo/dist/index.js",
+        argv: ["node", "/pm2/lib/ProcessContainerFork.js"],
+        cwd: "/repo",
+        env: { pm_exec_path: "./dist/index.js", pm_id: "0" },
+      }),
+    ).toBe(true);
+  });
+
   it("returns true for configured wrapper-to-entry pairs", () => {
     expect(
       isMainModule({
@@ -77,4 +88,15 @@ describe("isMainModule", () => {
       }),
     ).toBe(true);
   });
+
+  it("returns false when no entrypoint candidate exists", () => {
+    expect(
+      isMainModule({
+        currentFile: "/repo/dist/index.js",
+        argv: ["node"],
+        cwd: "/repo",
+        env: {},
+      }),
+    ).toBe(false);
+  });
 });
diff --git a/src/infra/json-file.test.ts b/src/infra/json-file.test.ts
index 95def5fa54a..4b204fb21bc 100644
--- a/src/infra/json-file.test.ts
+++ b/src/infra/json-file.test.ts
@@ -15,6 +15,15 @@ describe("json-file helpers", () => {
     });
   });
 
+  it("returns undefined when the target path is a directory", async () => {
+    await withTempDir({ prefix: "openclaw-json-file-" }, async (root) => {
+      const pathname = path.join(root, "config-dir");
+      fs.mkdirSync(pathname);
+
+      expect(loadJsonFile(pathname)).toBeUndefined();
+    });
+  });
+
   it("creates parent dirs, writes a trailing newline, and loads the saved object", async () => {
     await withTempDir({ prefix: "openclaw-json-file-" }, async (root) => {
       const pathname = path.join(root, "nested", "config.json");
@@ -26,8 +35,23 @@ describe("json-file helpers", () => {
 
       const fileMode = fs.statSync(pathname).mode & 0o777;
       const dirMode = fs.statSync(path.dirname(pathname)).mode & 0o777;
-      expect(fileMode).toBe(0o600);
-      expect(dirMode).toBe(0o700);
+      if (process.platform === "win32") {
+        expect(fileMode & 0o111).toBe(0);
+      } else {
+        expect(fileMode).toBe(0o600);
+        expect(dirMode).toBe(0o700);
+      }
+    });
+  });
+
+  it("overwrites existing JSON files with the latest payload", async () => {
+    await withTempDir({ prefix: "openclaw-json-file-" }, async (root) => {
+      const pathname = path.join(root, "config.json");
+      fs.writeFileSync(pathname, '{"enabled":false}\n', "utf8");
+
+      saveJsonFile(pathname, { enabled: true, count: 2 });
+
+      expect(loadJsonFile(pathname)).toEqual({ enabled: true, count: 2 });
     });
   });
 });
diff --git a/src/infra/json-files.test.ts b/src/infra/json-files.test.ts
index d2d0fa600f5..309fd59ae8b 100644
--- a/src/infra/json-files.test.ts
+++ b/src/infra/json-files.test.ts
@@ -65,4 +65,24 @@ describe("json file helpers", () => {
     await expect(second).resolves.toBe("ok");
     expect(events).toEqual(["first:start", "first:end", "second:start", "second:end"]);
   });
+
+  it("releases the async lock after synchronous throws", async () => {
+    const withLock = createAsyncLock();
+    const events: string[] = [];
+
+    const first = withLock(async () => {
+      events.push("first:start");
+      throw new Error("sync boom");
+    });
+
+    const second = withLock(async () => {
+      events.push("second:start");
+      events.push("second:end");
+      return "ok";
+    });
+
+    await expect(first).rejects.toThrow("sync boom");
+    await expect(second).resolves.toBe("ok");
+    expect(events).toEqual(["first:start", "second:start", "second:end"]);
+  });
 });
diff --git a/src/infra/machine-name.test.ts b/src/infra/machine-name.test.ts
index f36efd6ceee..f95355a92e0 100644
--- a/src/infra/machine-name.test.ts
+++ b/src/infra/machine-name.test.ts
@@ -34,12 +34,12 @@ afterEach(() => {
 });
 
 describe("getMachineDisplayName", () => {
-  it("uses the hostname fallback in test mode and trims .local", async () => {
-    const hostnameSpy = vi.spyOn(os, "hostname").mockReturnValue("  clawbox.local  ");
+  it("uses the hostname fallback in test mode and strips a trimmed .local suffix", async () => {
+    const hostnameSpy = vi.spyOn(os, "hostname").mockReturnValue("  clawbox.LOCAL  ");
     const machineName = await importMachineName("test-fallback");
 
-    await expect(machineName.getMachineDisplayName()).resolves.toBe("clawbox.local");
-    await expect(machineName.getMachineDisplayName()).resolves.toBe("clawbox.local");
+    await expect(machineName.getMachineDisplayName()).resolves.toBe("clawbox");
+    await expect(machineName.getMachineDisplayName()).resolves.toBe("clawbox");
     expect(hostnameSpy).toHaveBeenCalledTimes(1);
     expect(execFileMock).not.toHaveBeenCalled();
   });
diff --git a/src/infra/machine-name.ts b/src/infra/machine-name.ts
index 4d31be7f234..51b4a66e8bd 100644
--- a/src/infra/machine-name.ts
+++ b/src/infra/machine-name.ts
@@ -20,12 +20,8 @@ async function tryScutil(key: "ComputerName" | "LocalHostName") {
 }
 
 function fallbackHostName() {
-  return (
-    os
-      .hostname()
-      .replace(/\.local$/i, "")
-      .trim() || "openclaw"
-  );
+  const trimmed = os.hostname().trim();
+  return trimmed.replace(/\.local$/i, "") || "openclaw";
 }
 
 export async function getMachineDisplayName(): Promise<string> {
diff --git a/src/infra/net/hostname.test.ts b/src/infra/net/hostname.test.ts
index 90e4c939e91..ca7c597f8bb 100644
--- a/src/infra/net/hostname.test.ts
+++ b/src/infra/net/hostname.test.ts
@@ -4,10 +4,12 @@ import { normalizeHostname } from "./hostname.js";
 describe("normalizeHostname", () => {
   it("trims, lowercases, and strips a trailing dot", () => {
     expect(normalizeHostname(" Example.COM. ")).toBe("example.com");
+    expect(normalizeHostname("   ")).toBe("");
   });
 
   it("unwraps bracketed ipv6 hosts after normalization", () => {
     expect(normalizeHostname(" [FD7A:115C:A1E0::1] ")).toBe("fd7a:115c:a1e0::1");
+    expect(normalizeHostname(" [FD7A:115C:A1E0::1]. ")).toBe("fd7a:115c:a1e0::1");
   });
 
   it("leaves non-fully-bracketed values otherwise unchanged", () => {
diff --git a/src/infra/net/proxy-fetch.test.ts b/src/infra/net/proxy-fetch.test.ts
index 0f9e43a3173..8f9c17fa499 100644
--- a/src/infra/net/proxy-fetch.test.ts
+++ b/src/infra/net/proxy-fetch.test.ts
@@ -51,7 +51,12 @@ vi.mock("undici", () => ({
   fetch: undiciFetch,
 }));
 
-import { makeProxyFetch, resolveProxyFetchFromEnv } from "./proxy-fetch.js";
+import {
+  getProxyUrlFromFetch,
+  makeProxyFetch,
+  PROXY_FETCH_PROXY_URL,
+  resolveProxyFetchFromEnv,
+} from "./proxy-fetch.js";
 
 function clearProxyEnv(): void {
   for (const key of PROXY_ENV_KEYS) {
@@ -86,6 +91,42 @@ describe("makeProxyFetch", () => {
       expect.objectContaining({ dispatcher: getLastAgent() }),
     );
   });
+
+  it("reuses the same ProxyAgent across calls", async () => {
+    undiciFetch.mockResolvedValue({ ok: true });
+
+    const proxyFetch = makeProxyFetch("http://proxy.test:8080");
+
+    await proxyFetch("https://api.example.com/one");
+    const firstDispatcher = undiciFetch.mock.calls[0]?.[1]?.dispatcher;
+    await proxyFetch("https://api.example.com/two");
+    const secondDispatcher = undiciFetch.mock.calls[1]?.[1]?.dispatcher;
+
+    expect(proxyAgentSpy).toHaveBeenCalledOnce();
+    expect(secondDispatcher).toBe(firstDispatcher);
+  });
+});
+
+describe("getProxyUrlFromFetch", () => {
+  it("returns the trimmed proxy url from proxy fetch wrappers", () => {
+    expect(getProxyUrlFromFetch(makeProxyFetch("  http://proxy.test:8080  "))).toBe(
+      "http://proxy.test:8080",
+    );
+  });
+
+  it("returns undefined for plain fetch functions or blank metadata", () => {
+    const plainFetch = vi.fn() as unknown as typeof fetch;
+    const blankMetadataFetch = vi.fn() as unknown as typeof fetch;
+    Object.defineProperty(blankMetadataFetch, PROXY_FETCH_PROXY_URL, {
+      value: "   ",
+      enumerable: false,
+      configurable: true,
+      writable: true,
+    });
+
+    expect(getProxyUrlFromFetch(plainFetch)).toBeUndefined();
+    expect(getProxyUrlFromFetch(blankMetadataFetch)).toBeUndefined();
+  });
 });
 
 describe("resolveProxyFetchFromEnv", () => {
diff --git a/src/infra/net/ssrf.test.ts b/src/infra/net/ssrf.test.ts
index 637bd5c2e9e..b939cbd8ba8 100644
--- a/src/infra/net/ssrf.test.ts
+++ b/src/infra/net/ssrf.test.ts
@@ -1,6 +1,5 @@
 import { describe, expect, it } from "vitest";
 import { blockedIpv6MulticastLiterals } from "../../shared/net/ip-test-fixtures.js";
-import { normalizeFingerprint } from "../tls/fingerprint.js";
 import { isBlockedHostnameOrIp, isPrivateIpAddress } from "./ssrf.js";
 
 const privateIpCases = [
@@ -102,14 +101,6 @@ describe("ssrf ip classification", () => {
   });
 });
 
-describe("normalizeFingerprint", () => {
-  it("strips sha256 prefixes and separators", () => {
-    expect(normalizeFingerprint("sha256:AA:BB:cc")).toBe("aabbcc");
-    expect(normalizeFingerprint("SHA-256 11-22-33")).toBe("112233");
-    expect(normalizeFingerprint("aa:bb:cc")).toBe("aabbcc");
-  });
-});
-
 describe("isBlockedHostnameOrIp", () => {
   it.each([
     "localhost.localdomain",
diff --git a/src/infra/node-shell.test.ts b/src/infra/node-shell.test.ts
index 8a0dc72bde1..c0fbc2c476f 100644
--- a/src/infra/node-shell.test.ts
+++ b/src/infra/node-shell.test.ts
@@ -31,5 +31,6 @@ describe("buildNodeShellCommand", () => {
     expect(buildNodeShellCommand("echo hi", "linux")).toEqual(["/bin/sh", "-lc", "echo hi"]);
     expect(buildNodeShellCommand("echo hi")).toEqual(["/bin/sh", "-lc", "echo hi"]);
     expect(buildNodeShellCommand("echo hi", null)).toEqual(["/bin/sh", "-lc", "echo hi"]);
+    expect(buildNodeShellCommand("echo hi", "   ")).toEqual(["/bin/sh", "-lc", "echo hi"]);
   });
 });
diff --git a/src/infra/openclaw-exec-env.test.ts b/src/infra/openclaw-exec-env.test.ts
index 488fa1dd5ef..0951757876c 100644
--- a/src/infra/openclaw-exec-env.test.ts
+++ b/src/infra/openclaw-exec-env.test.ts
@@ -27,4 +27,20 @@ describe("ensureOpenClawExecMarkerOnProcess", () => {
     expect(ensureOpenClawExecMarkerOnProcess(env)).toBe(env);
     expect(env[OPENCLAW_CLI_ENV_VAR]).toBe(OPENCLAW_CLI_ENV_VALUE);
   });
+
+  it("defaults to mutating process.env when no env object is provided", () => {
+    const previous = process.env[OPENCLAW_CLI_ENV_VAR];
+    delete process.env[OPENCLAW_CLI_ENV_VAR];
+
+    try {
+      expect(ensureOpenClawExecMarkerOnProcess()).toBe(process.env);
+      expect(process.env[OPENCLAW_CLI_ENV_VAR]).toBe(OPENCLAW_CLI_ENV_VALUE);
+    } finally {
+      if (previous === undefined) {
+        delete process.env[OPENCLAW_CLI_ENV_VAR];
+      } else {
+        process.env[OPENCLAW_CLI_ENV_VAR] = previous;
+      }
+    }
+  });
 });
diff --git a/src/infra/outbound/cfg-threading.guard.test.ts b/src/infra/outbound/cfg-threading.guard.test.ts
index ff4d0533c1b..3fdbb68e10b 100644
--- a/src/infra/outbound/cfg-threading.guard.test.ts
+++ b/src/infra/outbound/cfg-threading.guard.test.ts
@@ -62,9 +62,9 @@ function listExtensionFiles(): {
 function listHighRiskRuntimeCfgFiles(): string[] {
   return [
     "src/agents/tools/telegram-actions.ts",
-    "src/discord/monitor/reply-delivery.ts",
-    "src/discord/monitor/thread-bindings.discord-api.ts",
-    "src/discord/monitor/thread-bindings.manager.ts",
+    "extensions/discord/src/monitor/reply-delivery.ts",
+    "extensions/discord/src/monitor/thread-bindings.discord-api.ts",
+    "extensions/discord/src/monitor/thread-bindings.manager.ts",
   ];
 }
 
diff --git a/src/infra/outbound/channel-adapters.test.ts b/src/infra/outbound/channel-adapters.test.ts
index ee2b5fe6dc8..d8a01aadb2b 100644
--- a/src/infra/outbound/channel-adapters.test.ts
+++ b/src/infra/outbound/channel-adapters.test.ts
@@ -1,6 +1,6 @@
 import { Separator, TextDisplay } from "@buape/carbon";
 import { describe, expect, it } from "vitest";
-import { DiscordUiContainer } from "../../discord/ui.js";
+import { DiscordUiContainer } from "../../../extensions/discord/src/ui.js";
 import { getChannelMessageAdapter } from "./channel-adapters.js";
 
 describe("getChannelMessageAdapter", () => {
diff --git a/src/infra/outbound/channel-adapters.ts b/src/infra/outbound/channel-adapters.ts
index ba6a1b59444..da62e2932bb 100644
--- a/src/infra/outbound/channel-adapters.ts
+++ b/src/infra/outbound/channel-adapters.ts
@@ -1,7 +1,7 @@
 import { Separator, TextDisplay, type TopLevelComponents } from "@buape/carbon";
+import { DiscordUiContainer } from "../../../extensions/discord/src/ui.js";
 import type { ChannelId } from "../../channels/plugins/types.js";
 import type { OpenClawConfig } from "../../config/config.js";
-import { DiscordUiContainer } from "../../discord/ui.js";
 
 export type CrossContextComponentsBuilder = (message: string) => TopLevelComponents[];
 
diff --git a/src/infra/outbound/deliver.lifecycle.test.ts b/src/infra/outbound/deliver.lifecycle.test.ts
index 00d696162d8..22fa829812e 100644
--- a/src/infra/outbound/deliver.lifecycle.test.ts
+++ b/src/infra/outbound/deliver.lifecycle.test.ts
@@ -1,94 +1,29 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { signalOutbound } from "../../channels/plugins/outbound/signal.js";
-import { telegramOutbound } from "../../channels/plugins/outbound/telegram.js";
-import { whatsappOutbound } from "../../channels/plugins/outbound/whatsapp.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import { setActivePluginRegistry } from "../../plugins/runtime.js";
 import { createOutboundTestPlugin, createTestRegistry } from "../../test-utils/channel-plugins.js";
-import { createIMessageTestPlugin } from "../../test-utils/imessage-test-plugin.js";
-import { createInternalHookEventPayload } from "../../test-utils/internal-hook-event-payload.js";
-
-const mocks = vi.hoisted(() => ({
-  appendAssistantMessageToSessionTranscript: vi.fn(async () => ({ ok: true, sessionFile: "x" })),
-}));
-const hookMocks = vi.hoisted(() => ({
-  runner: {
-    hasHooks: vi.fn(() => false),
-    runMessageSent: vi.fn(async () => {}),
-  },
-}));
-const internalHookMocks = vi.hoisted(() => ({
-  createInternalHookEvent: vi.fn(),
-  triggerInternalHook: vi.fn(async () => {}),
-}));
-const queueMocks = vi.hoisted(() => ({
-  enqueueDelivery: vi.fn(async () => "mock-queue-id"),
-  ackDelivery: vi.fn(async () => {}),
-  failDelivery: vi.fn(async () => {}),
-}));
-const logMocks = vi.hoisted(() => ({
-  warn: vi.fn(),
-}));
-
-vi.mock("../../config/sessions.js", async () => {
-  const actual = await vi.importActual<typeof import("../../config/sessions.js")>(
-    "../../config/sessions.js",
-  );
-  return {
-    ...actual,
-    appendAssistantMessageToSessionTranscript: mocks.appendAssistantMessageToSessionTranscript,
-  };
-});
-vi.mock("../../plugins/hook-runner-global.js", () => ({
-  getGlobalHookRunner: () => hookMocks.runner,
-}));
-vi.mock("../../hooks/internal-hooks.js", () => ({
-  createInternalHookEvent: internalHookMocks.createInternalHookEvent,
-  triggerInternalHook: internalHookMocks.triggerInternalHook,
-}));
-vi.mock("./delivery-queue.js", () => ({
-  enqueueDelivery: queueMocks.enqueueDelivery,
-  ackDelivery: queueMocks.ackDelivery,
-  failDelivery: queueMocks.failDelivery,
-}));
-vi.mock("../../logging/subsystem.js", () => ({
-  createSubsystemLogger: () => {
-    const makeLogger = () => ({
-      warn: logMocks.warn,
-      info: vi.fn(),
-      error: vi.fn(),
-      debug: vi.fn(),
-      child: vi.fn(() => makeLogger()),
-    });
-    return makeLogger();
-  },
-}));
+import {
+  clearDeliverTestRegistry,
+  hookMocks,
+  internalHookMocks,
+  logMocks,
+  mocks,
+  queueMocks,
+  resetDeliverTestState,
+  resetDeliverTestMocks,
+  runChunkedWhatsAppDelivery as runChunkedWhatsAppDeliveryHelper,
+  whatsappChunkConfig,
+} from "./deliver.test-helpers.js";
 
 const { deliverOutboundPayloads } = await import("./deliver.js");
 
-const whatsappChunkConfig: OpenClawConfig = {
-  channels: { whatsapp: { textChunkLimit: 4000 } },
-};
-
 async function runChunkedWhatsAppDelivery(params?: {
   mirror?: Parameters<typeof deliverOutboundPayloads>[0]["mirror"];
 }) {
-  const sendWhatsApp = vi
-    .fn()
-    .mockResolvedValueOnce({ messageId: "w1", toJid: "jid" })
-    .mockResolvedValueOnce({ messageId: "w2", toJid: "jid" });
-  const cfg: OpenClawConfig = {
-    channels: { whatsapp: { textChunkLimit: 2 } },
-  };
-  const results = await deliverOutboundPayloads({
-    cfg,
-    channel: "whatsapp",
-    to: "+1555",
-    payloads: [{ text: "abcd" }],
-    deps: { sendWhatsApp },
+  return await runChunkedWhatsAppDeliveryHelper({
+    deliverOutboundPayloads,
     ...(params?.mirror ? { mirror: params.mirror } : {}),
   });
-  return { sendWhatsApp, results };
 }
 
 async function deliverSingleWhatsAppForHookTest(params?: { sessionKey?: string }) {
@@ -141,26 +76,12 @@ function expectSuccessfulWhatsAppInternalHookPayload(
 
 describe("deliverOutboundPayloads lifecycle", () => {
   beforeEach(() => {
-    setActivePluginRegistry(defaultRegistry);
-    hookMocks.runner.hasHooks.mockClear();
-    hookMocks.runner.hasHooks.mockReturnValue(false);
-    hookMocks.runner.runMessageSent.mockClear();
-    hookMocks.runner.runMessageSent.mockResolvedValue(undefined);
-    internalHookMocks.createInternalHookEvent.mockClear();
-    internalHookMocks.createInternalHookEvent.mockImplementation(createInternalHookEventPayload);
-    internalHookMocks.triggerInternalHook.mockClear();
-    queueMocks.enqueueDelivery.mockClear();
-    queueMocks.enqueueDelivery.mockResolvedValue("mock-queue-id");
-    queueMocks.ackDelivery.mockClear();
-    queueMocks.ackDelivery.mockResolvedValue(undefined);
-    queueMocks.failDelivery.mockClear();
-    queueMocks.failDelivery.mockResolvedValue(undefined);
-    logMocks.warn.mockClear();
-    mocks.appendAssistantMessageToSessionTranscript.mockClear();
+    resetDeliverTestState();
+    resetDeliverTestMocks({ includeSessionMocks: true });
   });
 
   afterEach(() => {
-    setActivePluginRegistry(emptyRegistry);
+    clearDeliverTestRegistry();
   });
 
   it("continues on errors when bestEffort is enabled", async () => {
@@ -389,27 +310,3 @@ describe("deliverOutboundPayloads lifecycle", () => {
     );
   });
 });
-
-const emptyRegistry = createTestRegistry([]);
-const defaultRegistry = createTestRegistry([
-  {
-    pluginId: "telegram",
-    plugin: createOutboundTestPlugin({ id: "telegram", outbound: telegramOutbound }),
-    source: "test",
-  },
-  {
-    pluginId: "signal",
-    plugin: createOutboundTestPlugin({ id: "signal", outbound: signalOutbound }),
-    source: "test",
-  },
-  {
-    pluginId: "whatsapp",
-    plugin: createOutboundTestPlugin({ id: "whatsapp", outbound: whatsappOutbound }),
-    source: "test",
-  },
-  {
-    pluginId: "imessage",
-    plugin: createIMessageTestPlugin(),
-    source: "test",
-  },
-]);
diff --git a/src/infra/outbound/deliver.test-helpers.ts b/src/infra/outbound/deliver.test-helpers.ts
new file mode 100644
index 00000000000..bc70c456dc5
--- /dev/null
+++ b/src/infra/outbound/deliver.test-helpers.ts
@@ -0,0 +1,240 @@
+import { vi } from "vitest";
+import { signalOutbound } from "../../channels/plugins/outbound/signal.js";
+import { telegramOutbound } from "../../channels/plugins/outbound/telegram.js";
+import { whatsappOutbound } from "../../channels/plugins/outbound/whatsapp.js";
+import type { OpenClawConfig } from "../../config/config.js";
+import { setActivePluginRegistry } from "../../plugins/runtime.js";
+import { createOutboundTestPlugin, createTestRegistry } from "../../test-utils/channel-plugins.js";
+import { createIMessageTestPlugin } from "../../test-utils/imessage-test-plugin.js";
+import { createInternalHookEventPayload } from "../../test-utils/internal-hook-event-payload.js";
+import type { DeliverOutboundPayloadsParams, OutboundDeliveryResult } from "./deliver.js";
+
+type DeliverMockState = {
+  sessions: {
+    appendAssistantMessageToSessionTranscript: (...args: unknown[]) => Promise<{
+      ok: boolean;
+      sessionFile: string;
+    }>;
+  };
+  hooks: {
+    runner: {
+      hasHooks: (...args: unknown[]) => boolean;
+      runMessageSent: (...args: unknown[]) => Promise<void>;
+    };
+  };
+  internalHooks: {
+    createInternalHookEvent: typeof createInternalHookEventPayload;
+    triggerInternalHook: (...args: unknown[]) => Promise<void>;
+  };
+  queue: {
+    enqueueDelivery: (...args: unknown[]) => Promise<string>;
+    ackDelivery: (...args: unknown[]) => Promise<void>;
+    failDelivery: (...args: unknown[]) => Promise<void>;
+  };
+  log: {
+    warn: (...args: unknown[]) => void;
+  };
+};
+
+export const deliverMocks: DeliverMockState = {
+  sessions: {
+    appendAssistantMessageToSessionTranscript: async () => ({ ok: true, sessionFile: "x" }),
+  },
+  hooks: {
+    runner: {
+      hasHooks: () => false,
+      runMessageSent: async () => {},
+    },
+  },
+  internalHooks: {
+    createInternalHookEvent: createInternalHookEventPayload,
+    triggerInternalHook: async () => {},
+  },
+  queue: {
+    enqueueDelivery: async () => "mock-queue-id",
+    ackDelivery: async () => {},
+    failDelivery: async () => {},
+  },
+  log: {
+    warn: () => {},
+  },
+};
+
+const _mocks = vi.hoisted(() => ({
+  appendAssistantMessageToSessionTranscript: vi.fn(async () =>
+    deliverMocks.sessions.appendAssistantMessageToSessionTranscript(),
+  ),
+}));
+const _hookMocks = vi.hoisted(() => ({
+  runner: {
+    hasHooks: vi.fn(() => deliverMocks.hooks.runner.hasHooks()),
+    runMessageSent: vi.fn(
+      async (...args: unknown[]) => await deliverMocks.hooks.runner.runMessageSent(...args),
+    ),
+  },
+}));
+const _internalHookMocks = vi.hoisted(() => ({
+  createInternalHookEvent: vi.fn((...args: Parameters<typeof createInternalHookEventPayload>) =>
+    deliverMocks.internalHooks.createInternalHookEvent(...args),
+  ),
+  triggerInternalHook: vi.fn(
+    async (...args: unknown[]) => await deliverMocks.internalHooks.triggerInternalHook(...args),
+  ),
+}));
+const _queueMocks = vi.hoisted(() => ({
+  enqueueDelivery: vi.fn(
+    async (...args: unknown[]) => await deliverMocks.queue.enqueueDelivery(...args),
+  ),
+  ackDelivery: vi.fn(async (...args: unknown[]) => await deliverMocks.queue.ackDelivery(...args)),
+  failDelivery: vi.fn(async (...args: unknown[]) => await deliverMocks.queue.failDelivery(...args)),
+}));
+const _logMocks = vi.hoisted(() => ({
+  warn: vi.fn((...args: unknown[]) => deliverMocks.log.warn(...args)),
+}));
+
+export const mocks = _mocks;
+export const hookMocks = _hookMocks;
+export const internalHookMocks = _internalHookMocks;
+export const queueMocks = _queueMocks;
+export const logMocks = _logMocks;
+
+vi.mock("../../config/sessions.js", async () => {
+  const actual = await vi.importActual<typeof import("../../config/sessions.js")>(
+    "../../config/sessions.js",
+  );
+  return {
+    ...actual,
+    appendAssistantMessageToSessionTranscript: _mocks.appendAssistantMessageToSessionTranscript,
+  };
+});
+vi.mock("../../config/sessions/transcript.js", async () => {
+  const actual = await vi.importActual<typeof import("../../config/sessions/transcript.js")>(
+    "../../config/sessions/transcript.js",
+  );
+  return {
+    ...actual,
+    appendAssistantMessageToSessionTranscript: _mocks.appendAssistantMessageToSessionTranscript,
+  };
+});
+vi.mock("../../plugins/hook-runner-global.js", () => ({
+  getGlobalHookRunner: () => _hookMocks.runner,
+}));
+vi.mock("../../hooks/internal-hooks.js", () => ({
+  createInternalHookEvent: _internalHookMocks.createInternalHookEvent,
+  triggerInternalHook: _internalHookMocks.triggerInternalHook,
+}));
+vi.mock("./delivery-queue.js", () => ({
+  enqueueDelivery: _queueMocks.enqueueDelivery,
+  ackDelivery: _queueMocks.ackDelivery,
+  failDelivery: _queueMocks.failDelivery,
+}));
+vi.mock("../../logging/subsystem.js", () => ({
+  createSubsystemLogger: () => {
+    const makeLogger = () => ({
+      warn: _logMocks.warn,
+      info: vi.fn(),
+      error: vi.fn(),
+      debug: vi.fn(),
+      child: vi.fn(() => makeLogger()),
+    });
+    return makeLogger();
+  },
+}));
+
+export const whatsappChunkConfig: OpenClawConfig = {
+  channels: { whatsapp: { textChunkLimit: 4000 } },
+};
+
+export const defaultRegistry = createTestRegistry([
+  {
+    pluginId: "signal",
+    source: "test",
+    plugin: createOutboundTestPlugin({
+      id: "signal",
+      outbound: signalOutbound,
+    }),
+  },
+  {
+    pluginId: "telegram",
+    source: "test",
+    plugin: createOutboundTestPlugin({
+      id: "telegram",
+      outbound: telegramOutbound,
+    }),
+  },
+  {
+    pluginId: "whatsapp",
+    source: "test",
+    plugin: createOutboundTestPlugin({
+      id: "whatsapp",
+      outbound: whatsappOutbound,
+    }),
+  },
+  {
+    pluginId: "imessage",
+    source: "test",
+    plugin: createIMessageTestPlugin(),
+  },
+]);
+
+export const emptyRegistry = createTestRegistry([]);
+
+export function resetDeliverTestState() {
+  setActivePluginRegistry(defaultRegistry);
+  deliverMocks.hooks.runner.hasHooks = () => false;
+  deliverMocks.hooks.runner.runMessageSent = async () => {};
+  deliverMocks.internalHooks.createInternalHookEvent = createInternalHookEventPayload;
+  deliverMocks.internalHooks.triggerInternalHook = async () => {};
+  deliverMocks.queue.enqueueDelivery = async () => "mock-queue-id";
+  deliverMocks.queue.ackDelivery = async () => {};
+  deliverMocks.queue.failDelivery = async () => {};
+  deliverMocks.log.warn = () => {};
+  deliverMocks.sessions.appendAssistantMessageToSessionTranscript = async () => ({
+    ok: true,
+    sessionFile: "x",
+  });
+}
+
+export function clearDeliverTestRegistry() {
+  setActivePluginRegistry(emptyRegistry);
+}
+
+export function resetDeliverTestMocks(params?: { includeSessionMocks?: boolean }) {
+  hookMocks.runner.hasHooks.mockClear();
+  hookMocks.runner.runMessageSent.mockClear();
+  internalHookMocks.createInternalHookEvent.mockClear();
+  internalHookMocks.triggerInternalHook.mockClear();
+  queueMocks.enqueueDelivery.mockClear();
+  queueMocks.ackDelivery.mockClear();
+  queueMocks.failDelivery.mockClear();
+  logMocks.warn.mockClear();
+  if (params?.includeSessionMocks) {
+    mocks.appendAssistantMessageToSessionTranscript.mockClear();
+  }
+}
+
+export async function runChunkedWhatsAppDelivery(params: {
+  deliverOutboundPayloads: (
+    params: DeliverOutboundPayloadsParams,
+  ) => Promise<OutboundDeliveryResult[]>;
+  mirror?: DeliverOutboundPayloadsParams["mirror"];
+}) {
+  const sendWhatsApp = vi
+    .fn<
+      (to: string, text: string, opts?: unknown) => Promise<{ messageId: string; toJid: string }>
+    >()
+    .mockResolvedValueOnce({ messageId: "w1", toJid: "jid" })
+    .mockResolvedValueOnce({ messageId: "w2", toJid: "jid" });
+  const cfg: OpenClawConfig = {
+    channels: { whatsapp: { textChunkLimit: 2 } },
+  };
+  const results = await params.deliverOutboundPayloads({
+    cfg,
+    channel: "whatsapp",
+    to: "+1555",
+    payloads: [{ text: "abcd" }],
+    deps: { sendWhatsApp },
+    ...(params.mirror ? { mirror: params.mirror } : {}),
+  });
+  return { sendWhatsApp, results };
+}
diff --git a/src/infra/outbound/deliver.test.ts b/src/infra/outbound/deliver.test.ts
index 223b984382b..cb86483b4b5 100644
--- a/src/infra/outbound/deliver.test.ts
+++ b/src/infra/outbound/deliver.test.ts
@@ -1,12 +1,12 @@
 import path from "node:path";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { markdownToSignalTextChunks } from "../../../extensions/signal/src/format.js";
 import { signalOutbound } from "../../channels/plugins/outbound/signal.js";
 import { telegramOutbound } from "../../channels/plugins/outbound/telegram.js";
 import { whatsappOutbound } from "../../channels/plugins/outbound/whatsapp.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import { STATE_DIR } from "../../config/paths.js";
 import { setActivePluginRegistry } from "../../plugins/runtime.js";
-import { markdownToSignalTextChunks } from "../../signal/format.js";
 import { createOutboundTestPlugin, createTestRegistry } from "../../test-utils/channel-plugins.js";
 import { withEnvAsync } from "../../test-utils/env.js";
 import { createIMessageTestPlugin } from "../../test-utils/imessage-test-plugin.js";
@@ -44,6 +44,15 @@ vi.mock("../../config/sessions.js", async () => {
     appendAssistantMessageToSessionTranscript: mocks.appendAssistantMessageToSessionTranscript,
   };
 });
+vi.mock("../../config/sessions/transcript.js", async () => {
+  const actual = await vi.importActual<typeof import("../../config/sessions/transcript.js")>(
+    "../../config/sessions/transcript.js",
+  );
+  return {
+    ...actual,
+    appendAssistantMessageToSessionTranscript: mocks.appendAssistantMessageToSessionTranscript,
+  };
+});
 vi.mock("../../plugins/hook-runner-global.js", () => ({
   getGlobalHookRunner: () => hookMocks.runner,
 }));
@@ -87,7 +96,7 @@ async function deliverWhatsAppPayload(params: {
   sendWhatsApp: NonNullable<
     NonNullable<Parameters<typeof deliverOutboundPayloads>[0]["deps"]>["sendWhatsApp"]
   >;
-  payload: { text: string; mediaUrl?: string };
+  payload: DeliverOutboundPayload;
   cfg?: OpenClawConfig;
 }) {
   return deliverOutboundPayloads({
@@ -117,9 +126,79 @@ async function deliverTelegramPayload(params: {
   });
 }
 
+async function runChunkedWhatsAppDelivery(params?: {
+  mirror?: Parameters<typeof deliverOutboundPayloads>[0]["mirror"];
+}) {
+  const sendWhatsApp = vi
+    .fn()
+    .mockResolvedValueOnce({ messageId: "w1", toJid: "jid" })
+    .mockResolvedValueOnce({ messageId: "w2", toJid: "jid" });
+  const cfg: OpenClawConfig = {
+    channels: { whatsapp: { textChunkLimit: 2 } },
+  };
+  const results = await deliverOutboundPayloads({
+    cfg,
+    channel: "whatsapp",
+    to: "+1555",
+    payloads: [{ text: "abcd" }],
+    deps: { sendWhatsApp },
+    ...(params?.mirror ? { mirror: params.mirror } : {}),
+  });
+  return { sendWhatsApp, results };
+}
+
+async function deliverSingleWhatsAppForHookTest(params?: { sessionKey?: string }) {
+  const sendWhatsApp = vi.fn().mockResolvedValue({ messageId: "w1", toJid: "jid" });
+  await deliverOutboundPayloads({
+    cfg: whatsappChunkConfig,
+    channel: "whatsapp",
+    to: "+1555",
+    payloads: [{ text: "hello" }],
+    deps: { sendWhatsApp },
+    ...(params?.sessionKey ? { session: { key: params.sessionKey } } : {}),
+  });
+}
+
+async function runBestEffortPartialFailureDelivery() {
+  const sendWhatsApp = vi
+    .fn()
+    .mockRejectedValueOnce(new Error("fail"))
+    .mockResolvedValueOnce({ messageId: "w2", toJid: "jid" });
+  const onError = vi.fn();
+  const cfg: OpenClawConfig = {};
+  const results = await deliverOutboundPayloads({
+    cfg,
+    channel: "whatsapp",
+    to: "+1555",
+    payloads: [{ text: "a" }, { text: "b" }],
+    deps: { sendWhatsApp },
+    bestEffort: true,
+    onError,
+  });
+  return { sendWhatsApp, onError, results };
+}
+
+function expectSuccessfulWhatsAppInternalHookPayload(
+  expected: Partial<{
+    content: string;
+    messageId: string;
+    isGroup: boolean;
+    groupId: string;
+  }>,
+) {
+  return expect.objectContaining({
+    to: "+1555",
+    success: true,
+    channelId: "whatsapp",
+    conversationId: "+1555",
+    ...expected,
+  });
+}
+
 describe("deliverOutboundPayloads", () => {
   beforeEach(() => {
     setActivePluginRegistry(defaultRegistry);
+    mocks.appendAssistantMessageToSessionTranscript.mockClear();
     hookMocks.runner.hasHooks.mockClear();
     hookMocks.runner.hasHooks.mockReturnValue(false);
     hookMocks.runner.runMessageSent.mockClear();
@@ -219,6 +298,24 @@ describe("deliverOutboundPayloads", () => {
     );
   });
 
+  it("formats BTW replies prominently for telegram delivery", async () => {
+    const sendTelegram = vi.fn().mockResolvedValue({ messageId: "m1", chatId: "c1" });
+
+    await deliverTelegramPayload({
+      sendTelegram,
+      cfg: {
+        channels: { telegram: { botToken: "tok-1", textChunkLimit: 100 } },
+      },
+      payload: { text: "323", btw: { question: "what is 17 * 19?" } },
+    });
+
+    expect(sendTelegram).toHaveBeenCalledWith(
+      "123",
+      "BTW\nQuestion: what is 17 * 19?\n\n323",
+      expect.objectContaining({ verbose: false, textMode: "html" }),
+    );
+  });
+
   it("preserves HTML text for telegram sendPayload channelData path", async () => {
     const sendTelegram = vi.fn().mockResolvedValue({ messageId: "m1", chatId: "c1" });
 
@@ -460,20 +557,7 @@ describe("deliverOutboundPayloads", () => {
   });
 
   it("chunks WhatsApp text and returns all results", async () => {
-    const sendWhatsApp = vi
-      .fn()
-      .mockResolvedValueOnce({ messageId: "w1", toJid: "jid" })
-      .mockResolvedValueOnce({ messageId: "w2", toJid: "jid" });
-    const cfg: OpenClawConfig = {
-      channels: { whatsapp: { textChunkLimit: 2 } },
-    };
-    const results = await deliverOutboundPayloads({
-      cfg,
-      channel: "whatsapp",
-      to: "+1555",
-      payloads: [{ text: "abcd" }],
-      deps: { sendWhatsApp },
-    });
+    const { sendWhatsApp, results } = await runChunkedWhatsAppDelivery();
 
     expect(sendWhatsApp).toHaveBeenCalledTimes(2);
     expect(results.map((r) => r.messageId)).toEqual(["w1", "w2"]);
@@ -669,6 +753,226 @@ describe("deliverOutboundPayloads", () => {
     ]);
   });
 
+  it("formats BTW replies prominently for whatsapp delivery", async () => {
+    const sendWhatsApp = vi.fn().mockResolvedValue({ messageId: "w1", toJid: "jid" });
+
+    await deliverWhatsAppPayload({
+      sendWhatsApp,
+      payload: { text: "323", btw: { question: "what is 17 * 19?" } },
+    });
+
+    expect(sendWhatsApp).toHaveBeenCalledWith(
+      "+1555",
+      "BTW\nQuestion: what is 17 * 19?\n\n323",
+      expect.any(Object),
+    );
+  });
+
+  it("continues on errors when bestEffort is enabled", async () => {
+    const { sendWhatsApp, onError, results } = await runBestEffortPartialFailureDelivery();
+
+    expect(sendWhatsApp).toHaveBeenCalledTimes(2);
+    expect(onError).toHaveBeenCalledTimes(1);
+    expect(results).toEqual([{ channel: "whatsapp", messageId: "w2", toJid: "jid" }]);
+  });
+
+  it("emits internal message:sent hook with success=true for chunked payload delivery", async () => {
+    const { sendWhatsApp } = await runChunkedWhatsAppDelivery({
+      mirror: {
+        sessionKey: "agent:main:main",
+        isGroup: true,
+        groupId: "whatsapp:group:123",
+      },
+    });
+    expect(sendWhatsApp).toHaveBeenCalledTimes(2);
+
+    expect(internalHookMocks.createInternalHookEvent).toHaveBeenCalledTimes(1);
+    expect(internalHookMocks.createInternalHookEvent).toHaveBeenCalledWith(
+      "message",
+      "sent",
+      "agent:main:main",
+      expectSuccessfulWhatsAppInternalHookPayload({
+        content: "abcd",
+        messageId: "w2",
+        isGroup: true,
+        groupId: "whatsapp:group:123",
+      }),
+    );
+    expect(internalHookMocks.triggerInternalHook).toHaveBeenCalledTimes(1);
+  });
+
+  it("does not emit internal message:sent hook when neither mirror nor sessionKey is provided", async () => {
+    await deliverSingleWhatsAppForHookTest();
+
+    expect(internalHookMocks.createInternalHookEvent).not.toHaveBeenCalled();
+    expect(internalHookMocks.triggerInternalHook).not.toHaveBeenCalled();
+  });
+
+  it("emits internal message:sent hook when sessionKey is provided without mirror", async () => {
+    await deliverSingleWhatsAppForHookTest({ sessionKey: "agent:main:main" });
+
+    expect(internalHookMocks.createInternalHookEvent).toHaveBeenCalledTimes(1);
+    expect(internalHookMocks.createInternalHookEvent).toHaveBeenCalledWith(
+      "message",
+      "sent",
+      "agent:main:main",
+      expectSuccessfulWhatsAppInternalHookPayload({ content: "hello", messageId: "w1" }),
+    );
+    expect(internalHookMocks.triggerInternalHook).toHaveBeenCalledTimes(1);
+  });
+
+  it("warns when session.agentId is set without a session key", async () => {
+    const sendWhatsApp = vi.fn().mockResolvedValue({ messageId: "w1", toJid: "jid" });
+    hookMocks.runner.hasHooks.mockReturnValue(true);
+
+    await deliverOutboundPayloads({
+      cfg: whatsappChunkConfig,
+      channel: "whatsapp",
+      to: "+1555",
+      payloads: [{ text: "hello" }],
+      deps: { sendWhatsApp },
+      session: { agentId: "agent-main" },
+    });
+
+    expect(logMocks.warn).toHaveBeenCalledWith(
+      "deliverOutboundPayloads: session.agentId present without session key; internal message:sent hook will be skipped",
+      expect.objectContaining({ channel: "whatsapp", to: "+1555", agentId: "agent-main" }),
+    );
+  });
+
+  it("calls failDelivery instead of ackDelivery on bestEffort partial failure", async () => {
+    const { onError } = await runBestEffortPartialFailureDelivery();
+
+    // onError was called for the first payload's failure.
+    expect(onError).toHaveBeenCalledTimes(1);
+
+    // Queue entry should NOT be acked — failDelivery should be called instead.
+    expect(queueMocks.ackDelivery).not.toHaveBeenCalled();
+    expect(queueMocks.failDelivery).toHaveBeenCalledWith(
+      "mock-queue-id",
+      "partial delivery failure (bestEffort)",
+    );
+  });
+
+  it("acks the queue entry when delivery is aborted", async () => {
+    const sendWhatsApp = vi.fn().mockResolvedValue({ messageId: "w1", toJid: "jid" });
+    const abortController = new AbortController();
+    abortController.abort();
+    const cfg: OpenClawConfig = {};
+
+    await expect(
+      deliverOutboundPayloads({
+        cfg,
+        channel: "whatsapp",
+        to: "+1555",
+        payloads: [{ text: "a" }],
+        deps: { sendWhatsApp },
+        abortSignal: abortController.signal,
+      }),
+    ).rejects.toThrow("Operation aborted");
+
+    expect(queueMocks.ackDelivery).toHaveBeenCalledWith("mock-queue-id");
+    expect(queueMocks.failDelivery).not.toHaveBeenCalled();
+    expect(sendWhatsApp).not.toHaveBeenCalled();
+  });
+
+  it("passes normalized payload to onError", async () => {
+    const sendWhatsApp = vi.fn().mockRejectedValue(new Error("boom"));
+    const onError = vi.fn();
+    const cfg: OpenClawConfig = {};
+
+    await deliverOutboundPayloads({
+      cfg,
+      channel: "whatsapp",
+      to: "+1555",
+      payloads: [{ text: "hi", mediaUrl: "https://x.test/a.jpg" }],
+      deps: { sendWhatsApp },
+      bestEffort: true,
+      onError,
+    });
+
+    expect(onError).toHaveBeenCalledTimes(1);
+    expect(onError).toHaveBeenCalledWith(
+      expect.any(Error),
+      expect.objectContaining({ text: "hi", mediaUrls: ["https://x.test/a.jpg"] }),
+    );
+  });
+
+  it("mirrors delivered output when mirror options are provided", async () => {
+    const sendTelegram = vi.fn().mockResolvedValue({ messageId: "m1", chatId: "c1" });
+    mocks.appendAssistantMessageToSessionTranscript.mockClear();
+
+    await deliverOutboundPayloads({
+      cfg: telegramChunkConfig,
+      channel: "telegram",
+      to: "123",
+      payloads: [{ text: "caption", mediaUrl: "https://example.com/files/report.pdf?sig=1" }],
+      deps: { sendTelegram },
+      mirror: {
+        sessionKey: "agent:main:main",
+        text: "caption",
+        mediaUrls: ["https://example.com/files/report.pdf?sig=1"],
+        idempotencyKey: "idem-deliver-1",
+      },
+    });
+
+    expect(mocks.appendAssistantMessageToSessionTranscript).toHaveBeenCalledWith(
+      expect.objectContaining({
+        text: "report.pdf",
+        idempotencyKey: "idem-deliver-1",
+      }),
+    );
+  });
+
+  it("emits message_sent success for text-only deliveries", async () => {
+    hookMocks.runner.hasHooks.mockReturnValue(true);
+    const sendWhatsApp = vi.fn().mockResolvedValue({ messageId: "w1", toJid: "jid" });
+
+    await deliverOutboundPayloads({
+      cfg: {},
+      channel: "whatsapp",
+      to: "+1555",
+      payloads: [{ text: "hello" }],
+      deps: { sendWhatsApp },
+    });
+
+    expect(hookMocks.runner.runMessageSent).toHaveBeenCalledWith(
+      expect.objectContaining({ to: "+1555", content: "hello", success: true }),
+      expect.objectContaining({ channelId: "whatsapp" }),
+    );
+  });
+
+  it("emits message_sent success for sendPayload deliveries", async () => {
+    hookMocks.runner.hasHooks.mockReturnValue(true);
+    const sendPayload = vi.fn().mockResolvedValue({ channel: "matrix", messageId: "mx-1" });
+    const sendText = vi.fn();
+    const sendMedia = vi.fn();
+    setActivePluginRegistry(
+      createTestRegistry([
+        {
+          pluginId: "matrix",
+          source: "test",
+          plugin: createOutboundTestPlugin({
+            id: "matrix",
+            outbound: { deliveryMode: "direct", sendPayload, sendText, sendMedia },
+          }),
+        },
+      ]),
+    );
+
+    await deliverOutboundPayloads({
+      cfg: {},
+      channel: "matrix",
+      to: "!room:1",
+      payloads: [{ text: "payload text", channelData: { mode: "custom" } }],
+    });
+
+    expect(hookMocks.runner.runMessageSent).toHaveBeenCalledWith(
+      expect.objectContaining({ to: "!room:1", content: "payload text", success: true }),
+      expect.objectContaining({ channelId: "matrix" }),
+    );
+  });
+
   it("preserves channelData-only payloads with empty text for non-WhatsApp sendPayload channels", async () => {
     const sendPayload = vi.fn().mockResolvedValue({ channel: "line", messageId: "ln-1" });
     const sendText = vi.fn();
@@ -829,6 +1133,31 @@ describe("deliverOutboundPayloads", () => {
       expect.objectContaining({ channelId: "matrix" }),
     );
   });
+
+  it("emits message_sent failure when delivery errors", async () => {
+    hookMocks.runner.hasHooks.mockReturnValue(true);
+    const sendWhatsApp = vi.fn().mockRejectedValue(new Error("downstream failed"));
+
+    await expect(
+      deliverOutboundPayloads({
+        cfg: {},
+        channel: "whatsapp",
+        to: "+1555",
+        payloads: [{ text: "hi" }],
+        deps: { sendWhatsApp },
+      }),
+    ).rejects.toThrow("downstream failed");
+
+    expect(hookMocks.runner.runMessageSent).toHaveBeenCalledWith(
+      expect.objectContaining({
+        to: "+1555",
+        content: "hi",
+        success: false,
+        error: "downstream failed",
+      }),
+      expect.objectContaining({ channelId: "whatsapp" }),
+    );
+  });
 });
 
 const emptyRegistry = createTestRegistry([]);
diff --git a/src/infra/outbound/deliver.ts b/src/infra/outbound/deliver.ts
index 79bbbc17179..7932cae2968 100644
--- a/src/infra/outbound/deliver.ts
+++ b/src/infra/outbound/deliver.ts
@@ -1,3 +1,8 @@
+import {
+  markdownToSignalTextChunks,
+  type SignalTextStyleRange,
+} from "../../../extensions/signal/src/format.js";
+import { sendMessageSignal } from "../../../extensions/signal/src/send.js";
 import {
   chunkByParagraph,
   chunkMarkdownTextWithMode,
@@ -17,7 +22,6 @@ import {
   appendAssistantMessageToSessionTranscript,
   resolveMirroredTranscriptText,
 } from "../../config/sessions.js";
-import type { sendMessageDiscord } from "../../discord/send.js";
 import { fireAndForgetHook } from "../../hooks/fire-and-forget.js";
 import { createInternalHookEvent, triggerInternalHook } from "../../hooks/internal-hooks.js";
 import {
@@ -26,15 +30,9 @@ import {
   toPluginMessageContext,
   toPluginMessageSentEvent,
 } from "../../hooks/message-hook-mappers.js";
-import type { sendMessageIMessage } from "../../imessage/send.js";
 import { createSubsystemLogger } from "../../logging/subsystem.js";
 import { getAgentScopedMediaLocalRoots } from "../../media/local-roots.js";
 import { getGlobalHookRunner } from "../../plugins/hook-runner-global.js";
-import { markdownToSignalTextChunks, type SignalTextStyleRange } from "../../signal/format.js";
-import { sendMessageSignal } from "../../signal/send.js";
-import type { sendMessageSlack } from "../../slack/send.js";
-import type { sendMessageTelegram } from "../../telegram/send.js";
-import type { sendMessageWhatsApp } from "../../web/outbound.js";
 import { throwIfAborted } from "./abort.js";
 import { ackDelivery, enqueueDelivery, failDelivery } from "./delivery-queue.js";
 import type { OutboundIdentity } from "./identity.js";
@@ -42,42 +40,17 @@ import type { DeliveryMirror } from "./mirror.js";
 import type { NormalizedOutboundPayload } from "./payloads.js";
 import { normalizeReplyPayloadsForDelivery } from "./payloads.js";
 import { isPlainTextSurface, sanitizeForPlainText } from "./sanitize-text.js";
+import { resolveOutboundSendDep, type OutboundSendDeps } from "./send-deps.js";
 import type { OutboundSessionContext } from "./session-context.js";
 import type { OutboundChannel } from "./targets.js";
 
 export type { NormalizedOutboundPayload } from "./payloads.js";
 export { normalizeOutboundPayloads } from "./payloads.js";
+export { resolveOutboundSendDep, type OutboundSendDeps } from "./send-deps.js";
 
 const log = createSubsystemLogger("outbound/deliver");
 const TELEGRAM_TEXT_LIMIT = 4096;
 
-type SendMatrixMessage = (
-  to: string,
-  text: string,
-  opts?: {
-    cfg?: OpenClawConfig;
-    mediaUrl?: string;
-    replyToId?: string;
-    threadId?: string;
-    timeoutMs?: number;
-  },
-) => Promise<{ messageId: string; roomId: string }>;
-
-export type OutboundSendDeps = {
-  sendWhatsApp?: typeof sendMessageWhatsApp;
-  sendTelegram?: typeof sendMessageTelegram;
-  sendDiscord?: typeof sendMessageDiscord;
-  sendSlack?: typeof sendMessageSlack;
-  sendSignal?: typeof sendMessageSignal;
-  sendIMessage?: typeof sendMessageIMessage;
-  sendMatrix?: SendMatrixMessage;
-  sendMSTeams?: (
-    to: string,
-    text: string,
-    opts?: { mediaUrl?: string; mediaLocalRoots?: readonly string[] },
-  ) => Promise<{ messageId: string; conversationId: string }>;
-};
-
 export type OutboundDeliveryResult = {
   channel: Exclude<OutboundChannel, "none">;
   messageId: string;
@@ -133,6 +106,7 @@ type ChannelHandlerParams = {
   identity?: OutboundIdentity;
   deps?: OutboundSendDeps;
   gifPlayback?: boolean;
+  forceDocument?: boolean;
   silent?: boolean;
   mediaLocalRoots?: readonly string[];
 };
@@ -213,6 +187,7 @@ function createChannelOutboundContextBase(
     threadId: params.threadId,
     identity: params.identity,
     gifPlayback: params.gifPlayback,
+    forceDocument: params.forceDocument,
     deps: params.deps,
     silent: params.silent,
     mediaLocalRoots: params.mediaLocalRoots,
@@ -232,6 +207,7 @@ type DeliverOutboundPayloadsCoreParams = {
   identity?: OutboundIdentity;
   deps?: OutboundSendDeps;
   gifPlayback?: boolean;
+  forceDocument?: boolean;
   abortSignal?: AbortSignal;
   bestEffort?: boolean;
   onError?: (err: unknown, payload: NormalizedOutboundPayload) => void;
@@ -242,7 +218,7 @@ type DeliverOutboundPayloadsCoreParams = {
   silent?: boolean;
 };
 
-type DeliverOutboundPayloadsParams = DeliverOutboundPayloadsCoreParams & {
+export type DeliverOutboundPayloadsParams = DeliverOutboundPayloadsCoreParams & {
   /** @internal Skip write-ahead queue (used by crash-recovery to avoid re-enqueueing). */
   skipQueue?: boolean;
 };
@@ -476,6 +452,7 @@ export async function deliverOutboundPayloads(
         replyToId: params.replyToId,
         bestEffort: params.bestEffort,
         gifPlayback: params.gifPlayback,
+        forceDocument: params.forceDocument,
         silent: params.silent,
         mirror: params.mirror,
       }).catch(() => null); // Best-effort — don't block delivery if queue write fails.
@@ -527,7 +504,8 @@ async function deliverOutboundPayloadsCore(
   const accountId = params.accountId;
   const deps = params.deps;
   const abortSignal = params.abortSignal;
-  const sendSignal = params.deps?.sendSignal ?? sendMessageSignal;
+  const sendSignal =
+    resolveOutboundSendDep<typeof sendMessageSignal>(params.deps, "signal") ?? sendMessageSignal;
   const mediaLocalRoots = getAgentScopedMediaLocalRoots(
     cfg,
     params.session?.agentId ?? params.mirror?.agentId,
@@ -543,6 +521,7 @@ async function deliverOutboundPayloadsCore(
     threadId: params.threadId,
     identity: params.identity,
     gifPlayback: params.gifPlayback,
+    forceDocument: params.forceDocument,
     silent: params.silent,
     mediaLocalRoots,
   });
diff --git a/src/infra/outbound/delivery-queue.ts b/src/infra/outbound/delivery-queue.ts
index 97c37f911e4..e0d7abcb9ee 100644
--- a/src/infra/outbound/delivery-queue.ts
+++ b/src/infra/outbound/delivery-queue.ts
@@ -33,6 +33,7 @@ type QueuedDeliveryPayload = {
   replyToId?: string | null;
   bestEffort?: boolean;
   gifPlayback?: boolean;
+  forceDocument?: boolean;
   silent?: boolean;
   mirror?: OutboundMirror;
 };
@@ -117,6 +118,7 @@ export async function enqueueDelivery(
     replyToId: params.replyToId,
     bestEffort: params.bestEffort,
     gifPlayback: params.gifPlayback,
+    forceDocument: params.forceDocument,
     silent: params.silent,
     mirror: params.mirror,
     retryCount: 0,
@@ -379,6 +381,7 @@ export async function recoverPendingDeliveries(opts: {
         replyToId: entry.replyToId,
         bestEffort: entry.bestEffort,
         gifPlayback: entry.gifPlayback,
+        forceDocument: entry.forceDocument,
         silent: entry.silent,
         mirror: entry.mirror,
         skipQueue: true, // Prevent re-enqueueing during recovery
diff --git a/src/infra/outbound/identity.test.ts b/src/infra/outbound/identity.test.ts
index ea1c3623fbc..6b1afc69221 100644
--- a/src/infra/outbound/identity.test.ts
+++ b/src/infra/outbound/identity.test.ts
@@ -66,4 +66,20 @@ describe("resolveAgentOutboundIdentity", () => {
 
     expect(resolveAgentOutboundIdentity({} as never, "main")).toBeUndefined();
   });
+
+  it("drops blank remote avatar urls while keeping other identity fields", () => {
+    resolveAgentIdentityMock.mockReturnValueOnce({
+      name: "  Agent Smith  ",
+      emoji: "  🕶️  ",
+    });
+    resolveAgentAvatarMock.mockReturnValueOnce({
+      kind: "remote",
+      url: "   ",
+    });
+
+    expect(resolveAgentOutboundIdentity({} as never, "main")).toEqual({
+      name: "Agent Smith",
+      emoji: "🕶️",
+    });
+  });
 });
diff --git a/src/infra/outbound/message-action-params.ts b/src/infra/outbound/message-action-params.ts
index 037a7806f16..ea527a74bd6 100644
--- a/src/infra/outbound/message-action-params.ts
+++ b/src/infra/outbound/message-action-params.ts
@@ -1,5 +1,8 @@
 import path from "node:path";
 import { fileURLToPath } from "node:url";
+import { parseSlackTarget } from "../../../extensions/slack/src/targets.js";
+import { parseTelegramTarget } from "../../../extensions/telegram/src/targets.js";
+import { loadWebMedia } from "../../../extensions/whatsapp/src/media.js";
 import { assertMediaNotDataUrl, resolveSandboxedMediaSource } from "../../agents/sandbox-paths.js";
 import { readStringParam } from "../../agents/tools/common.js";
 import type {
@@ -11,9 +14,6 @@ import type { OpenClawConfig } from "../../config/config.js";
 import { createRootScopedReadFile } from "../../infra/fs-safe.js";
 import { extensionForMime } from "../../media/mime.js";
 import { readBooleanParam as readBooleanParamShared } from "../../plugin-sdk/boolean-param.js";
-import { parseSlackTarget } from "../../slack/targets.js";
-import { parseTelegramTarget } from "../../telegram/targets.js";
-import { loadWebMedia } from "../../web/media.js";
 
 export const readBooleanParam = readBooleanParamShared;
 
diff --git a/src/infra/outbound/message-action-runner.media.test.ts b/src/infra/outbound/message-action-runner.media.test.ts
index 287f8e3c677..1715ea090f2 100644
--- a/src/infra/outbound/message-action-runner.media.test.ts
+++ b/src/infra/outbound/message-action-runner.media.test.ts
@@ -3,17 +3,19 @@ import os from "node:os";
 import path from "node:path";
 import { afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 import { slackPlugin } from "../../../extensions/slack/src/channel.js";
+import { loadWebMedia } from "../../../extensions/whatsapp/src/media.js";
 import { jsonResult } from "../../agents/tools/common.js";
 import type { ChannelPlugin } from "../../channels/plugins/types.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import { setActivePluginRegistry } from "../../plugins/runtime.js";
 import { createTestRegistry } from "../../test-utils/channel-plugins.js";
-import { loadWebMedia } from "../../web/media.js";
 import { resolvePreferredOpenClawTmpDir } from "../tmp-openclaw-dir.js";
 import { runMessageAction } from "./message-action-runner.js";
 
-vi.mock("../../web/media.js", async () => {
-  const actual = await vi.importActual<typeof import("../../web/media.js")>("../../web/media.js");
+vi.mock("../../../extensions/whatsapp/src/media.js", async () => {
+  const actual = await vi.importActual<typeof import("../../../extensions/whatsapp/src/media.js")>(
+    "../../../extensions/whatsapp/src/media.js",
+  );
   return {
     ...actual,
     loadWebMedia: vi.fn(actual.loadWebMedia),
@@ -154,8 +156,9 @@ describe("runMessageAction media behavior", () => {
     });
 
     async function restoreRealMediaLoader() {
-      const actual =
-        await vi.importActual<typeof import("../../web/media.js")>("../../web/media.js");
+      const actual = await vi.importActual<
+        typeof import("../../../extensions/whatsapp/src/media.js")
+      >("../../../extensions/whatsapp/src/media.js");
       vi.mocked(loadWebMedia).mockImplementation(actual.loadWebMedia);
     }
 
diff --git a/src/infra/outbound/message-action-runner.poll.test.ts b/src/infra/outbound/message-action-runner.poll.test.ts
index 43c7489c6fd..895e47605ce 100644
--- a/src/infra/outbound/message-action-runner.poll.test.ts
+++ b/src/infra/outbound/message-action-runner.poll.test.ts
@@ -1,9 +1,10 @@
-import { afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
-import { slackPlugin } from "../../../extensions/slack/src/channel.js";
-import { telegramPlugin } from "../../../extensions/telegram/src/channel.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import { setActivePluginRegistry } from "../../plugins/runtime.js";
-import { createTestRegistry } from "../../test-utils/channel-plugins.js";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  installMessageActionRunnerTestRegistry,
+  resetMessageActionRunnerTestRegistry,
+  slackConfig,
+  telegramConfig,
+} from "./message-action-runner.test-helpers.js";
 
 const mocks = vi.hoisted(() => ({
   executePollAction: vi.fn(),
@@ -21,25 +22,8 @@ vi.mock("./outbound-send-service.js", async () => {
 
 import { runMessageAction } from "./message-action-runner.js";
 
-const slackConfig = {
-  channels: {
-    slack: {
-      botToken: "xoxb-test",
-      appToken: "xapp-test",
-    },
-  },
-} as OpenClawConfig;
-
-const telegramConfig = {
-  channels: {
-    telegram: {
-      botToken: "telegram-test",
-    },
-  },
-} as OpenClawConfig;
-
 async function runPollAction(params: {
-  cfg: OpenClawConfig;
+  cfg: typeof slackConfig;
   actionParams: Record<string, unknown>;
   toolContext?: Record<string, unknown>;
 }) {
@@ -59,36 +43,9 @@ async function runPollAction(params: {
       }
     | undefined;
 }
-
-let createPluginRuntime: typeof import("../../plugins/runtime/index.js").createPluginRuntime;
-let setSlackRuntime: typeof import("../../../extensions/slack/src/runtime.js").setSlackRuntime;
-let setTelegramRuntime: typeof import("../../../extensions/telegram/src/runtime.js").setTelegramRuntime;
-
 describe("runMessageAction poll handling", () => {
-  beforeAll(async () => {
-    ({ createPluginRuntime } = await import("../../plugins/runtime/index.js"));
-    ({ setSlackRuntime } = await import("../../../extensions/slack/src/runtime.js"));
-    ({ setTelegramRuntime } = await import("../../../extensions/telegram/src/runtime.js"));
-  });
-
   beforeEach(() => {
-    const runtime = createPluginRuntime();
-    setSlackRuntime(runtime);
-    setTelegramRuntime(runtime);
-    setActivePluginRegistry(
-      createTestRegistry([
-        {
-          pluginId: "slack",
-          source: "test",
-          plugin: slackPlugin,
-        },
-        {
-          pluginId: "telegram",
-          source: "test",
-          plugin: telegramPlugin,
-        },
-      ]),
-    );
+    installMessageActionRunnerTestRegistry();
     mocks.executePollAction.mockResolvedValue({
       handledBy: "core",
       payload: { ok: true },
@@ -97,7 +54,7 @@ describe("runMessageAction poll handling", () => {
   });
 
   afterEach(() => {
-    setActivePluginRegistry(createTestRegistry([]));
+    resetMessageActionRunnerTestRegistry();
     mocks.executePollAction.mockReset();
   });
 
diff --git a/src/infra/outbound/message-action-runner.test-helpers.ts b/src/infra/outbound/message-action-runner.test-helpers.ts
new file mode 100644
index 00000000000..8ca1ea6a822
--- /dev/null
+++ b/src/infra/outbound/message-action-runner.test-helpers.ts
@@ -0,0 +1,49 @@
+import { slackPlugin } from "../../../extensions/slack/src/channel.js";
+import { setSlackRuntime } from "../../../extensions/slack/src/runtime.js";
+import { telegramPlugin } from "../../../extensions/telegram/src/channel.js";
+import { setTelegramRuntime } from "../../../extensions/telegram/src/runtime.js";
+import type { OpenClawConfig } from "../../config/config.js";
+import { setActivePluginRegistry } from "../../plugins/runtime.js";
+import { createPluginRuntime } from "../../plugins/runtime/index.js";
+import { createTestRegistry } from "../../test-utils/channel-plugins.js";
+
+export const slackConfig = {
+  channels: {
+    slack: {
+      botToken: "xoxb-test",
+      appToken: "xapp-test",
+    },
+  },
+} as OpenClawConfig;
+
+export const telegramConfig = {
+  channels: {
+    telegram: {
+      botToken: "telegram-test",
+    },
+  },
+} as OpenClawConfig;
+
+export function installMessageActionRunnerTestRegistry() {
+  const runtime = createPluginRuntime();
+  setSlackRuntime(runtime);
+  setTelegramRuntime(runtime);
+  setActivePluginRegistry(
+    createTestRegistry([
+      {
+        pluginId: "slack",
+        source: "test",
+        plugin: slackPlugin,
+      },
+      {
+        pluginId: "telegram",
+        source: "test",
+        plugin: telegramPlugin,
+      },
+    ]),
+  );
+}
+
+export function resetMessageActionRunnerTestRegistry() {
+  setActivePluginRegistry(createTestRegistry([]));
+}
diff --git a/src/infra/outbound/message-action-runner.threading.test.ts b/src/infra/outbound/message-action-runner.threading.test.ts
index b668aea14b5..42d898b145a 100644
--- a/src/infra/outbound/message-action-runner.threading.test.ts
+++ b/src/infra/outbound/message-action-runner.threading.test.ts
@@ -1,9 +1,10 @@
-import { afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
-import { slackPlugin } from "../../../extensions/slack/src/channel.js";
-import { telegramPlugin } from "../../../extensions/telegram/src/channel.js";
-import type { OpenClawConfig } from "../../config/config.js";
-import { setActivePluginRegistry } from "../../plugins/runtime.js";
-import { createTestRegistry } from "../../test-utils/channel-plugins.js";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import {
+  installMessageActionRunnerTestRegistry,
+  resetMessageActionRunnerTestRegistry,
+  slackConfig,
+  telegramConfig,
+} from "./message-action-runner.test-helpers.js";
 
 const mocks = vi.hoisted(() => ({
   executeSendAction: vi.fn(),
@@ -32,25 +33,8 @@ vi.mock("../../config/sessions.js", async () => {
 
 import { runMessageAction } from "./message-action-runner.js";
 
-const slackConfig = {
-  channels: {
-    slack: {
-      botToken: "xoxb-test",
-      appToken: "xapp-test",
-    },
-  },
-} as OpenClawConfig;
-
-const telegramConfig = {
-  channels: {
-    telegram: {
-      botToken: "telegram-test",
-    },
-  },
-} as OpenClawConfig;
-
 async function runThreadingAction(params: {
-  cfg: OpenClawConfig;
+  cfg: typeof slackConfig;
   actionParams: Record<string, unknown>;
   toolContext?: Record<string, unknown>;
 }) {
@@ -80,39 +64,13 @@ const defaultTelegramToolContext = {
   currentThreadTs: "42",
 } as const;
 
-let createPluginRuntime: typeof import("../../plugins/runtime/index.js").createPluginRuntime;
-let setSlackRuntime: typeof import("../../../extensions/slack/src/runtime.js").setSlackRuntime;
-let setTelegramRuntime: typeof import("../../../extensions/telegram/src/runtime.js").setTelegramRuntime;
-
 describe("runMessageAction threading auto-injection", () => {
-  beforeAll(async () => {
-    ({ createPluginRuntime } = await import("../../plugins/runtime/index.js"));
-    ({ setSlackRuntime } = await import("../../../extensions/slack/src/runtime.js"));
-    ({ setTelegramRuntime } = await import("../../../extensions/telegram/src/runtime.js"));
-  });
-
   beforeEach(() => {
-    const runtime = createPluginRuntime();
-    setSlackRuntime(runtime);
-    setTelegramRuntime(runtime);
-    setActivePluginRegistry(
-      createTestRegistry([
-        {
-          pluginId: "slack",
-          source: "test",
-          plugin: slackPlugin,
-        },
-        {
-          pluginId: "telegram",
-          source: "test",
-          plugin: telegramPlugin,
-        },
-      ]),
-    );
+    installMessageActionRunnerTestRegistry();
   });
 
   afterEach(() => {
-    setActivePluginRegistry(createTestRegistry([]));
+    resetMessageActionRunnerTestRegistry();
     mocks.executeSendAction.mockClear();
     mocks.recordSessionMetaFromInbound.mockClear();
   });
diff --git a/src/infra/outbound/message-action-runner.ts b/src/infra/outbound/message-action-runner.ts
index c703cd34d24..0b6ad1ba16e 100644
--- a/src/infra/outbound/message-action-runner.ts
+++ b/src/infra/outbound/message-action-runner.ts
@@ -478,6 +478,7 @@ async function handleSendAction(ctx: ResolvedActionContext): Promise<MessageActi
   }
   params.message = message;
   const gifPlayback = readBooleanParam(params, "gifPlayback") ?? false;
+  const forceDocument = readBooleanParam(params, "forceDocument") ?? false;
   const bestEffort = readBooleanParam(params, "bestEffort");
   const silent = readBooleanParam(params, "silent");
 
@@ -547,6 +548,7 @@ async function handleSendAction(ctx: ResolvedActionContext): Promise<MessageActi
     mediaUrl: mediaUrl || undefined,
     mediaUrls: mergedMediaUrls.length ? mergedMediaUrls : undefined,
     gifPlayback,
+    forceDocument,
     bestEffort: bestEffort ?? undefined,
     replyToId: replyToId ?? undefined,
     threadId: resolvedThreadId ?? undefined,
diff --git a/src/infra/outbound/message.channels.test.ts b/src/infra/outbound/message.channels.test.ts
index 257d2ec94d6..6d89ac5ab91 100644
--- a/src/infra/outbound/message.channels.test.ts
+++ b/src/infra/outbound/message.channels.test.ts
@@ -304,7 +304,9 @@ const emptyRegistry = createTestRegistry([]);
 const createMSTeamsOutbound = (opts?: { includePoll?: boolean }): ChannelOutboundAdapter => ({
   deliveryMode: "direct",
   sendText: async ({ deps, to, text }) => {
-    const send = deps?.sendMSTeams;
+    const send = deps?.sendMSTeams as
+      | ((to: string, text: string, opts?: unknown) => Promise<{ messageId: string }>)
+      | undefined;
     if (!send) {
       throw new Error("sendMSTeams missing");
     }
@@ -312,7 +314,9 @@ const createMSTeamsOutbound = (opts?: { includePoll?: boolean }): ChannelOutboun
     return { channel: "msteams", ...result };
   },
   sendMedia: async ({ deps, to, text, mediaUrl }) => {
-    const send = deps?.sendMSTeams;
+    const send = deps?.sendMSTeams as
+      | ((to: string, text: string, opts?: unknown) => Promise<{ messageId: string }>)
+      | undefined;
     if (!send) {
       throw new Error("sendMSTeams missing");
     }
diff --git a/src/infra/outbound/message.ts b/src/infra/outbound/message.ts
index 8bfd6b104b5..d6e27b8a65f 100644
--- a/src/infra/outbound/message.ts
+++ b/src/infra/outbound/message.ts
@@ -39,6 +39,7 @@ type MessageSendParams = {
   mediaUrl?: string;
   mediaUrls?: string[];
   gifPlayback?: boolean;
+  forceDocument?: boolean;
   accountId?: string;
   replyToId?: string;
   threadId?: string | number;
@@ -100,6 +101,32 @@ export type MessagePollResult = {
   dryRun?: boolean;
 };
 
+function buildMessagePollResult(params: {
+  channel: string;
+  to: string;
+  normalized: {
+    question: string;
+    options: string[];
+    maxSelections: number;
+    durationSeconds?: number | null;
+    durationHours?: number | null;
+  };
+  result?: MessagePollResult["result"];
+  dryRun?: boolean;
+}): MessagePollResult {
+  return {
+    channel: params.channel,
+    to: params.to,
+    question: params.normalized.question,
+    options: params.normalized.options,
+    maxSelections: params.normalized.maxSelections,
+    durationSeconds: params.normalized.durationSeconds ?? null,
+    durationHours: params.normalized.durationHours ?? null,
+    via: "gateway",
+    ...(params.dryRun ? { dryRun: true } : { result: params.result }),
+  };
+}
+
 async function resolveRequiredChannel(params: {
   cfg: OpenClawConfig;
   channel?: string;
@@ -219,6 +246,7 @@ export async function sendMessage(params: MessageSendParams): Promise<MessageSen
       replyToId: params.replyToId,
       threadId: params.threadId,
       gifPlayback: params.gifPlayback,
+      forceDocument: params.forceDocument,
       deps: params.deps,
       bestEffort: params.bestEffort,
       abortSignal: params.abortSignal,
@@ -291,17 +319,12 @@ export async function sendPoll(params: MessagePollParams): Promise<MessagePollRe
     : normalizePollInput(pollInput);
 
   if (params.dryRun) {
-    return {
+    return buildMessagePollResult({
       channel,
       to: params.to,
-      question: normalized.question,
-      options: normalized.options,
-      maxSelections: normalized.maxSelections,
-      durationSeconds: normalized.durationSeconds ?? null,
-      durationHours: normalized.durationHours ?? null,
-      via: "gateway",
+      normalized,
       dryRun: true,
-    };
+    });
   }
 
   const result = await callMessageGateway<{
@@ -329,15 +352,10 @@ export async function sendPoll(params: MessagePollParams): Promise<MessagePollRe
     },
   });
 
-  return {
+  return buildMessagePollResult({
     channel,
     to: params.to,
-    question: normalized.question,
-    options: normalized.options,
-    maxSelections: normalized.maxSelections,
-    durationSeconds: normalized.durationSeconds ?? null,
-    durationHours: normalized.durationHours ?? null,
-    via: "gateway",
+    normalized,
     result,
-  };
+  });
 }
diff --git a/src/infra/outbound/outbound-send-service.test.ts b/src/infra/outbound/outbound-send-service.test.ts
index ac144265753..d4a481a8693 100644
--- a/src/infra/outbound/outbound-send-service.test.ts
+++ b/src/infra/outbound/outbound-send-service.test.ts
@@ -47,6 +47,47 @@ describe("executeSendAction", () => {
     };
   }
 
+  function expectMirrorWrite(
+    expected: Partial<{
+      agentId: string;
+      sessionKey: string;
+      text: string;
+      idempotencyKey: string;
+      mediaUrls: string[];
+    }>,
+  ) {
+    expect(mocks.appendAssistantMessageToSessionTranscript).toHaveBeenCalledWith(
+      expect.objectContaining(expected),
+    );
+  }
+
+  async function executePluginMirroredSend(params: {
+    mirror?: Partial<{
+      sessionKey: string;
+      agentId?: string;
+      idempotencyKey?: string;
+    }>;
+    mediaUrls?: string[];
+  }) {
+    mocks.dispatchChannelMessageAction.mockResolvedValue(pluginActionResult("msg-plugin"));
+
+    await executeSendAction({
+      ctx: {
+        cfg: {},
+        channel: "discord",
+        params: { to: "channel:123", message: "hello" },
+        dryRun: false,
+        mirror: {
+          sessionKey: "agent:main:discord:channel:123",
+          ...params.mirror,
+        },
+      },
+      to: "channel:123",
+      message: "hello",
+      mediaUrls: params.mediaUrls,
+    });
+  }
+
   beforeEach(() => {
     mocks.dispatchChannelMessageAction.mockClear();
     mocks.sendMessage.mockClear();
@@ -131,59 +172,33 @@ describe("executeSendAction", () => {
   });
 
   it("passes mirror idempotency keys through plugin-handled sends", async () => {
-    mocks.dispatchChannelMessageAction.mockResolvedValue(pluginActionResult("msg-plugin"));
-
-    await executeSendAction({
-      ctx: {
-        cfg: {},
-        channel: "discord",
-        params: { to: "channel:123", message: "hello" },
-        dryRun: false,
-        mirror: {
-          sessionKey: "agent:main:discord:channel:123",
-          idempotencyKey: "idem-plugin-send-1",
-        },
+    await executePluginMirroredSend({
+      mirror: {
+        idempotencyKey: "idem-plugin-send-1",
       },
-      to: "channel:123",
-      message: "hello",
     });
 
-    expect(mocks.appendAssistantMessageToSessionTranscript).toHaveBeenCalledWith(
-      expect.objectContaining({
-        sessionKey: "agent:main:discord:channel:123",
-        text: "hello",
-        idempotencyKey: "idem-plugin-send-1",
-      }),
-    );
+    expectMirrorWrite({
+      sessionKey: "agent:main:discord:channel:123",
+      text: "hello",
+      idempotencyKey: "idem-plugin-send-1",
+    });
   });
 
   it("falls back to message and media params for plugin-handled mirror writes", async () => {
-    mocks.dispatchChannelMessageAction.mockResolvedValue(pluginActionResult("msg-plugin"));
-
-    await executeSendAction({
-      ctx: {
-        cfg: {},
-        channel: "discord",
-        params: { to: "channel:123", message: "hello" },
-        dryRun: false,
-        mirror: {
-          sessionKey: "agent:main:discord:channel:123",
-          agentId: "agent-9",
-        },
+    await executePluginMirroredSend({
+      mirror: {
+        agentId: "agent-9",
       },
-      to: "channel:123",
-      message: "hello",
       mediaUrls: ["https://example.com/a.png", "https://example.com/b.png"],
     });
 
-    expect(mocks.appendAssistantMessageToSessionTranscript).toHaveBeenCalledWith(
-      expect.objectContaining({
-        agentId: "agent-9",
-        sessionKey: "agent:main:discord:channel:123",
-        text: "hello",
-        mediaUrls: ["https://example.com/a.png", "https://example.com/b.png"],
-      }),
-    );
+    expectMirrorWrite({
+      agentId: "agent-9",
+      sessionKey: "agent:main:discord:channel:123",
+      text: "hello",
+      mediaUrls: ["https://example.com/a.png", "https://example.com/b.png"],
+    });
   });
 
   it("skips plugin dispatch during dry-run sends and forwards gateway + silent to sendMessage", async () => {
diff --git a/src/infra/outbound/outbound-send-service.ts b/src/infra/outbound/outbound-send-service.ts
index a6b27a40b4c..c583a1ace91 100644
--- a/src/infra/outbound/outbound-send-service.ts
+++ b/src/infra/outbound/outbound-send-service.ts
@@ -84,6 +84,7 @@ export async function executeSendAction(params: {
   mediaUrl?: string;
   mediaUrls?: string[];
   gifPlayback?: boolean;
+  forceDocument?: boolean;
   bestEffort?: boolean;
   replyToId?: string;
   threadId?: string | number;
@@ -132,6 +133,7 @@ export async function executeSendAction(params: {
     replyToId: params.replyToId,
     threadId: params.threadId,
     gifPlayback: params.gifPlayback,
+    forceDocument: params.forceDocument,
     dryRun: params.ctx.dryRun,
     bestEffort: params.bestEffort ?? undefined,
     deps: params.ctx.deps,
diff --git a/src/infra/outbound/outbound-session.ts b/src/infra/outbound/outbound-session.ts
index d4a8a3466c6..9316f1ba5fc 100644
--- a/src/infra/outbound/outbound-session.ts
+++ b/src/infra/outbound/outbound-session.ts
@@ -1,27 +1,33 @@
+import {
+  parseDiscordTarget,
+  type DiscordTargetKind,
+} from "../../../extensions/discord/src/targets.js";
+import {
+  parseIMessageTarget,
+  normalizeIMessageHandle,
+} from "../../../extensions/imessage/src/targets.js";
+import {
+  looksLikeUuid,
+  resolveSignalPeerId,
+  resolveSignalRecipient,
+  resolveSignalSender,
+} from "../../../extensions/signal/src/identity.js";
+import { resolveSlackAccount } from "../../../extensions/slack/src/accounts.js";
+import { createSlackWebClient } from "../../../extensions/slack/src/client.js";
+import { normalizeAllowListLower } from "../../../extensions/slack/src/monitor/allow-list.js";
+import { parseSlackTarget } from "../../../extensions/slack/src/targets.js";
+import { buildTelegramGroupPeerId } from "../../../extensions/telegram/src/bot/helpers.js";
+import { resolveTelegramTargetChatType } from "../../../extensions/telegram/src/inline-buttons.js";
+import { parseTelegramThreadId } from "../../../extensions/telegram/src/outbound-params.js";
+import { parseTelegramTarget } from "../../../extensions/telegram/src/targets.js";
 import type { MsgContext } from "../../auto-reply/templating.js";
 import type { ChatType } from "../../channels/chat-type.js";
 import { getChannelPlugin } from "../../channels/plugins/index.js";
 import type { ChannelId } from "../../channels/plugins/types.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import { recordSessionMetaFromInbound, resolveStorePath } from "../../config/sessions.js";
-import { parseDiscordTarget, type DiscordTargetKind } from "../../discord/targets.js";
-import { parseIMessageTarget, normalizeIMessageHandle } from "../../imessage/targets.js";
 import { buildAgentSessionKey, type RoutePeer } from "../../routing/resolve-route.js";
 import { resolveThreadSessionKeys } from "../../routing/session-key.js";
-import {
-  looksLikeUuid,
-  resolveSignalPeerId,
-  resolveSignalRecipient,
-  resolveSignalSender,
-} from "../../signal/identity.js";
-import { resolveSlackAccount } from "../../slack/accounts.js";
-import { createSlackWebClient } from "../../slack/client.js";
-import { normalizeAllowListLower } from "../../slack/monitor/allow-list.js";
-import { parseSlackTarget } from "../../slack/targets.js";
-import { buildTelegramGroupPeerId } from "../../telegram/bot/helpers.js";
-import { resolveTelegramTargetChatType } from "../../telegram/inline-buttons.js";
-import { parseTelegramThreadId } from "../../telegram/outbound-params.js";
-import { parseTelegramTarget } from "../../telegram/targets.js";
 import { isWhatsAppGroupJid, normalizeWhatsAppTarget } from "../../whatsapp/normalize.js";
 import type { ResolvedMessagingTarget } from "./target-resolver.js";
 
@@ -532,6 +538,21 @@ function resolveMatrixSession(
   };
 }
 
+function buildSimpleBaseSession(params: {
+  route: ResolveOutboundSessionRouteParams;
+  channel: string;
+  peer: RoutePeer;
+}) {
+  const baseSessionKey = buildBaseSessionKey({
+    cfg: params.route.cfg,
+    agentId: params.route.agentId,
+    channel: params.channel,
+    accountId: params.route.accountId,
+    peer: params.peer,
+  });
+  return { baseSessionKey, peer: params.peer };
+}
+
 function resolveMSTeamsSession(
   params: ResolveOutboundSessionRouteParams,
 ): OutboundSessionRoute | null {
@@ -596,13 +617,10 @@ function resolveMattermostSession(
   if (!rawId) {
     return null;
   }
-  const peer: RoutePeer = { kind: isUser ? "direct" : "channel", id: rawId };
-  const baseSessionKey = buildBaseSessionKey({
-    cfg: params.cfg,
-    agentId: params.agentId,
+  const { baseSessionKey, peer } = buildSimpleBaseSession({
+    route: params,
     channel: "mattermost",
-    accountId: params.accountId,
-    peer,
+    peer: { kind: isUser ? "direct" : "channel", id: rawId },
   });
   const threadId = normalizeThreadId(params.replyToId ?? params.threadId);
   const threadKeys = resolveThreadSessionKeys({
diff --git a/src/infra/outbound/outbound.test.ts b/src/infra/outbound/outbound.test.ts
index c20632099bd..9e58d5c6c05 100644
--- a/src/infra/outbound/outbound.test.ts
+++ b/src/infra/outbound/outbound.test.ts
@@ -1,3 +1,1309 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
+import type { ReplyPayload } from "../../auto-reply/types.js";
+import type { OpenClawConfig } from "../../config/config.js";
+import { typedCases } from "../../test-utils/typed-cases.js";
+import {
+  ackDelivery,
+  computeBackoffMs,
+  type DeliverFn,
+  enqueueDelivery,
+  failDelivery,
+  isEntryEligibleForRecoveryRetry,
+  isPermanentDeliveryError,
+  loadPendingDeliveries,
+  MAX_RETRIES,
+  moveToFailed,
+  recoverPendingDeliveries,
+} from "./delivery-queue.js";
+import { DirectoryCache } from "./directory-cache.js";
+import { buildOutboundResultEnvelope } from "./envelope.js";
+import type { OutboundDeliveryJson } from "./format.js";
+import {
+  buildOutboundDeliveryJson,
+  formatGatewaySummary,
+  formatOutboundDeliverySummary,
+} from "./format.js";
+import {
+  applyCrossContextDecoration,
+  buildCrossContextDecoration,
+  enforceCrossContextPolicy,
+} from "./outbound-policy.js";
+import { resolveOutboundSessionRoute } from "./outbound-session.js";
+import {
+  formatOutboundPayloadLog,
+  normalizeOutboundPayloads,
+  normalizeOutboundPayloadsForJson,
+} from "./payloads.js";
 import { runResolveOutboundTargetCoreTests } from "./targets.shared-test.js";
 
+describe("delivery-queue", () => {
+  let tmpDir: string;
+  let fixtureRoot = "";
+  let fixtureCount = 0;
+
+  beforeAll(() => {
+    fixtureRoot = fs.mkdtempSync(path.join(os.tmpdir(), "openclaw-dq-suite-"));
+  });
+
+  beforeEach(() => {
+    tmpDir = path.join(fixtureRoot, `case-${fixtureCount++}`);
+    fs.mkdirSync(tmpDir, { recursive: true });
+  });
+
+  afterAll(() => {
+    if (!fixtureRoot) {
+      return;
+    }
+    fs.rmSync(fixtureRoot, { recursive: true, force: true });
+    fixtureRoot = "";
+  });
+
+  describe("enqueue + ack lifecycle", () => {
+    it("creates and removes a queue entry", async () => {
+      const id = await enqueueDelivery(
+        {
+          channel: "whatsapp",
+          to: "+1555",
+          payloads: [{ text: "hello" }],
+          bestEffort: true,
+          gifPlayback: true,
+          silent: true,
+          mirror: {
+            sessionKey: "agent:main:main",
+            text: "hello",
+            mediaUrls: ["https://example.com/file.png"],
+          },
+        },
+        tmpDir,
+      );
+
+      // Entry file exists after enqueue.
+      const queueDir = path.join(tmpDir, "delivery-queue");
+      const files = fs.readdirSync(queueDir).filter((f) => f.endsWith(".json"));
+      expect(files).toHaveLength(1);
+      expect(files[0]).toBe(`${id}.json`);
+
+      // Entry contents are correct.
+      const entry = JSON.parse(fs.readFileSync(path.join(queueDir, files[0]), "utf-8"));
+      expect(entry).toMatchObject({
+        id,
+        channel: "whatsapp",
+        to: "+1555",
+        bestEffort: true,
+        gifPlayback: true,
+        silent: true,
+        mirror: {
+          sessionKey: "agent:main:main",
+          text: "hello",
+          mediaUrls: ["https://example.com/file.png"],
+        },
+        retryCount: 0,
+      });
+      expect(entry.payloads).toEqual([{ text: "hello" }]);
+
+      // Ack removes the file.
+      await ackDelivery(id, tmpDir);
+      const remaining = fs.readdirSync(queueDir).filter((f) => f.endsWith(".json"));
+      expect(remaining).toHaveLength(0);
+    });
+
+    it("ack is idempotent (no error on missing file)", async () => {
+      await expect(ackDelivery("nonexistent-id", tmpDir)).resolves.toBeUndefined();
+    });
+
+    it("ack cleans up leftover .delivered marker when .json is already gone", async () => {
+      const id = await enqueueDelivery(
+        { channel: "whatsapp", to: "+1", payloads: [{ text: "stale-marker" }] },
+        tmpDir,
+      );
+      const queueDir = path.join(tmpDir, "delivery-queue");
+
+      fs.renameSync(path.join(queueDir, `${id}.json`), path.join(queueDir, `${id}.delivered`));
+      await expect(ackDelivery(id, tmpDir)).resolves.toBeUndefined();
+
+      expect(fs.existsSync(path.join(queueDir, `${id}.delivered`))).toBe(false);
+    });
+
+    it("ack removes .delivered marker so recovery does not replay", async () => {
+      const id = await enqueueDelivery(
+        { channel: "whatsapp", to: "+1", payloads: [{ text: "ack-test" }] },
+        tmpDir,
+      );
+      const queueDir = path.join(tmpDir, "delivery-queue");
+
+      await ackDelivery(id, tmpDir);
+
+      // Neither .json nor .delivered should remain.
+      expect(fs.existsSync(path.join(queueDir, `${id}.json`))).toBe(false);
+      expect(fs.existsSync(path.join(queueDir, `${id}.delivered`))).toBe(false);
+    });
+
+    it("loadPendingDeliveries cleans up stale .delivered markers without replaying", async () => {
+      const id = await enqueueDelivery(
+        { channel: "telegram", to: "99", payloads: [{ text: "stale" }] },
+        tmpDir,
+      );
+      const queueDir = path.join(tmpDir, "delivery-queue");
+
+      // Simulate crash between ack phase 1 (rename) and phase 2 (unlink):
+      // rename .json → .delivered, then pretend the process died.
+      fs.renameSync(path.join(queueDir, `${id}.json`), path.join(queueDir, `${id}.delivered`));
+
+      const entries = await loadPendingDeliveries(tmpDir);
+
+      // The .delivered entry must NOT appear as pending.
+      expect(entries).toHaveLength(0);
+      // And the marker file should have been cleaned up.
+      expect(fs.existsSync(path.join(queueDir, `${id}.delivered`))).toBe(false);
+    });
+  });
+
+  describe("failDelivery", () => {
+    it("increments retryCount, records attempt time, and sets lastError", async () => {
+      const id = await enqueueDelivery(
+        {
+          channel: "telegram",
+          to: "123",
+          payloads: [{ text: "test" }],
+        },
+        tmpDir,
+      );
+
+      await failDelivery(id, "connection refused", tmpDir);
+
+      const queueDir = path.join(tmpDir, "delivery-queue");
+      const entry = JSON.parse(fs.readFileSync(path.join(queueDir, `${id}.json`), "utf-8"));
+      expect(entry.retryCount).toBe(1);
+      expect(typeof entry.lastAttemptAt).toBe("number");
+      expect(entry.lastAttemptAt).toBeGreaterThan(0);
+      expect(entry.lastError).toBe("connection refused");
+    });
+  });
+
+  describe("moveToFailed", () => {
+    it("moves entry to failed/ subdirectory", async () => {
+      const id = await enqueueDelivery(
+        {
+          channel: "slack",
+          to: "#general",
+          payloads: [{ text: "hi" }],
+        },
+        tmpDir,
+      );
+
+      await moveToFailed(id, tmpDir);
+
+      const queueDir = path.join(tmpDir, "delivery-queue");
+      const failedDir = path.join(queueDir, "failed");
+      expect(fs.existsSync(path.join(queueDir, `${id}.json`))).toBe(false);
+      expect(fs.existsSync(path.join(failedDir, `${id}.json`))).toBe(true);
+    });
+  });
+
+  describe("isPermanentDeliveryError", () => {
+    it.each([
+      "No conversation reference found for user:abc",
+      "Telegram send failed: chat not found (chat_id=user:123)",
+      "user not found",
+      "Bot was blocked by the user",
+      "Forbidden: bot was kicked from the group chat",
+      "chat_id is empty",
+      "Outbound not configured for channel: msteams",
+    ])("returns true for permanent error: %s", (msg) => {
+      expect(isPermanentDeliveryError(msg)).toBe(true);
+    });
+
+    it.each([
+      "network down",
+      "ETIMEDOUT",
+      "socket hang up",
+      "rate limited",
+      "500 Internal Server Error",
+    ])("returns false for transient error: %s", (msg) => {
+      expect(isPermanentDeliveryError(msg)).toBe(false);
+    });
+  });
+
+  describe("loadPendingDeliveries", () => {
+    it("returns empty array when queue directory does not exist", async () => {
+      const nonexistent = path.join(tmpDir, "no-such-dir");
+      const entries = await loadPendingDeliveries(nonexistent);
+      expect(entries).toEqual([]);
+    });
+
+    it("loads multiple entries", async () => {
+      await enqueueDelivery({ channel: "whatsapp", to: "+1", payloads: [{ text: "a" }] }, tmpDir);
+      await enqueueDelivery({ channel: "telegram", to: "2", payloads: [{ text: "b" }] }, tmpDir);
+
+      const entries = await loadPendingDeliveries(tmpDir);
+      expect(entries).toHaveLength(2);
+    });
+
+    it("backfills lastAttemptAt for legacy retry entries during load", async () => {
+      const id = await enqueueDelivery(
+        { channel: "whatsapp", to: "+1", payloads: [{ text: "legacy" }] },
+        tmpDir,
+      );
+      const filePath = path.join(tmpDir, "delivery-queue", `${id}.json`);
+      const legacyEntry = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+      legacyEntry.retryCount = 2;
+      delete legacyEntry.lastAttemptAt;
+      fs.writeFileSync(filePath, JSON.stringify(legacyEntry), "utf-8");
+
+      const entries = await loadPendingDeliveries(tmpDir);
+      expect(entries).toHaveLength(1);
+      expect(entries[0]?.lastAttemptAt).toBe(entries[0]?.enqueuedAt);
+
+      const persisted = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+      expect(persisted.lastAttemptAt).toBe(persisted.enqueuedAt);
+    });
+  });
+
+  describe("computeBackoffMs", () => {
+    it("returns scheduled backoff values and clamps at max retry", () => {
+      const cases = [
+        { retryCount: 0, expected: 0 },
+        { retryCount: 1, expected: 5_000 },
+        { retryCount: 2, expected: 25_000 },
+        { retryCount: 3, expected: 120_000 },
+        { retryCount: 4, expected: 600_000 },
+        // Beyond defined schedule -- clamps to last value.
+        { retryCount: 5, expected: 600_000 },
+      ] as const;
+
+      for (const testCase of cases) {
+        expect(computeBackoffMs(testCase.retryCount), String(testCase.retryCount)).toBe(
+          testCase.expected,
+        );
+      }
+    });
+  });
+
+  describe("isEntryEligibleForRecoveryRetry", () => {
+    it("allows first replay after crash for retryCount=0 without lastAttemptAt", () => {
+      const now = Date.now();
+      const result = isEntryEligibleForRecoveryRetry(
+        {
+          id: "entry-1",
+          channel: "whatsapp",
+          to: "+1",
+          payloads: [{ text: "a" }],
+          enqueuedAt: now,
+          retryCount: 0,
+        },
+        now,
+      );
+      expect(result).toEqual({ eligible: true });
+    });
+
+    it("defers retry entries until backoff window elapses", () => {
+      const now = Date.now();
+      const result = isEntryEligibleForRecoveryRetry(
+        {
+          id: "entry-2",
+          channel: "whatsapp",
+          to: "+1",
+          payloads: [{ text: "a" }],
+          enqueuedAt: now - 30_000,
+          retryCount: 3,
+          lastAttemptAt: now,
+        },
+        now,
+      );
+      expect(result.eligible).toBe(false);
+      if (result.eligible) {
+        throw new Error("Expected ineligible retry entry");
+      }
+      expect(result.remainingBackoffMs).toBeGreaterThan(0);
+    });
+  });
+
+  describe("recoverPendingDeliveries", () => {
+    const baseCfg = {};
+    const createLog = () => ({ info: vi.fn(), warn: vi.fn(), error: vi.fn() });
+    const enqueueCrashRecoveryEntries = async () => {
+      await enqueueDelivery({ channel: "whatsapp", to: "+1", payloads: [{ text: "a" }] }, tmpDir);
+      await enqueueDelivery({ channel: "telegram", to: "2", payloads: [{ text: "b" }] }, tmpDir);
+    };
+    const setEntryState = (
+      id: string,
+      state: { retryCount: number; lastAttemptAt?: number; enqueuedAt?: number },
+    ) => {
+      const filePath = path.join(tmpDir, "delivery-queue", `${id}.json`);
+      const entry = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+      entry.retryCount = state.retryCount;
+      if (state.lastAttemptAt === undefined) {
+        delete entry.lastAttemptAt;
+      } else {
+        entry.lastAttemptAt = state.lastAttemptAt;
+      }
+      if (state.enqueuedAt !== undefined) {
+        entry.enqueuedAt = state.enqueuedAt;
+      }
+      fs.writeFileSync(filePath, JSON.stringify(entry), "utf-8");
+    };
+    const runRecovery = async ({
+      deliver,
+      log = createLog(),
+      maxRecoveryMs,
+    }: {
+      deliver: ReturnType<typeof vi.fn>;
+      log?: ReturnType<typeof createLog>;
+      maxRecoveryMs?: number;
+    }) => {
+      const result = await recoverPendingDeliveries({
+        deliver: deliver as DeliverFn,
+        log,
+        cfg: baseCfg,
+        stateDir: tmpDir,
+        ...(maxRecoveryMs === undefined ? {} : { maxRecoveryMs }),
+      });
+      return { result, log };
+    };
+
+    it("recovers entries from a simulated crash", async () => {
+      // Manually create queue entries as if gateway crashed before delivery.
+      await enqueueCrashRecoveryEntries();
+      const deliver = vi.fn().mockResolvedValue([]);
+      const { result } = await runRecovery({ deliver });
+
+      expect(deliver).toHaveBeenCalledTimes(2);
+      expect(result.recovered).toBe(2);
+      expect(result.failed).toBe(0);
+      expect(result.skippedMaxRetries).toBe(0);
+      expect(result.deferredBackoff).toBe(0);
+
+      // Queue should be empty after recovery.
+      const remaining = await loadPendingDeliveries(tmpDir);
+      expect(remaining).toHaveLength(0);
+    });
+
+    it("moves entries that exceeded max retries to failed/", async () => {
+      // Create an entry and manually set retryCount to MAX_RETRIES.
+      const id = await enqueueDelivery(
+        { channel: "whatsapp", to: "+1", payloads: [{ text: "a" }] },
+        tmpDir,
+      );
+      setEntryState(id, { retryCount: MAX_RETRIES });
+
+      const deliver = vi.fn();
+      const { result } = await runRecovery({ deliver });
+
+      expect(deliver).not.toHaveBeenCalled();
+      expect(result.skippedMaxRetries).toBe(1);
+      expect(result.deferredBackoff).toBe(0);
+
+      // Entry should be in failed/ directory.
+      const failedDir = path.join(tmpDir, "delivery-queue", "failed");
+      expect(fs.existsSync(path.join(failedDir, `${id}.json`))).toBe(true);
+    });
+
+    it("increments retryCount on failed recovery attempt", async () => {
+      await enqueueDelivery({ channel: "slack", to: "#ch", payloads: [{ text: "x" }] }, tmpDir);
+
+      const deliver = vi.fn().mockRejectedValue(new Error("network down"));
+      const { result } = await runRecovery({ deliver });
+
+      expect(result.failed).toBe(1);
+      expect(result.recovered).toBe(0);
+
+      // Entry should still be in queue with incremented retryCount.
+      const entries = await loadPendingDeliveries(tmpDir);
+      expect(entries).toHaveLength(1);
+      expect(entries[0].retryCount).toBe(1);
+      expect(entries[0].lastError).toBe("network down");
+    });
+
+    it("moves entries to failed/ immediately on permanent delivery errors", async () => {
+      const id = await enqueueDelivery(
+        { channel: "msteams", to: "user:abc", payloads: [{ text: "hi" }] },
+        tmpDir,
+      );
+      const deliver = vi
+        .fn()
+        .mockRejectedValue(new Error("No conversation reference found for user:abc"));
+      const log = createLog();
+      const { result } = await runRecovery({ deliver, log });
+
+      expect(result.failed).toBe(1);
+      expect(result.recovered).toBe(0);
+      const remaining = await loadPendingDeliveries(tmpDir);
+      expect(remaining).toHaveLength(0);
+      const failedDir = path.join(tmpDir, "delivery-queue", "failed");
+      expect(fs.existsSync(path.join(failedDir, `${id}.json`))).toBe(true);
+      expect(log.warn).toHaveBeenCalledWith(expect.stringContaining("permanent error"));
+    });
+
+    it("passes skipQueue: true to prevent re-enqueueing during recovery", async () => {
+      await enqueueDelivery({ channel: "whatsapp", to: "+1", payloads: [{ text: "a" }] }, tmpDir);
+
+      const deliver = vi.fn().mockResolvedValue([]);
+      await runRecovery({ deliver });
+
+      expect(deliver).toHaveBeenCalledWith(expect.objectContaining({ skipQueue: true }));
+    });
+
+    it("replays stored delivery options during recovery", async () => {
+      await enqueueDelivery(
+        {
+          channel: "whatsapp",
+          to: "+1",
+          payloads: [{ text: "a" }],
+          bestEffort: true,
+          gifPlayback: true,
+          silent: true,
+          mirror: {
+            sessionKey: "agent:main:main",
+            text: "a",
+            mediaUrls: ["https://example.com/a.png"],
+          },
+        },
+        tmpDir,
+      );
+
+      const deliver = vi.fn().mockResolvedValue([]);
+      await runRecovery({ deliver });
+
+      expect(deliver).toHaveBeenCalledWith(
+        expect.objectContaining({
+          bestEffort: true,
+          gifPlayback: true,
+          silent: true,
+          mirror: {
+            sessionKey: "agent:main:main",
+            text: "a",
+            mediaUrls: ["https://example.com/a.png"],
+          },
+        }),
+      );
+    });
+
+    it("respects maxRecoveryMs time budget", async () => {
+      await enqueueCrashRecoveryEntries();
+      await enqueueDelivery({ channel: "slack", to: "#c", payloads: [{ text: "c" }] }, tmpDir);
+
+      const deliver = vi.fn().mockResolvedValue([]);
+      const { result, log } = await runRecovery({
+        deliver,
+        maxRecoveryMs: 0, // Immediate timeout -- no entries should be processed.
+      });
+
+      expect(deliver).not.toHaveBeenCalled();
+      expect(result.recovered).toBe(0);
+      expect(result.failed).toBe(0);
+      expect(result.skippedMaxRetries).toBe(0);
+      expect(result.deferredBackoff).toBe(0);
+
+      // All entries should still be in the queue.
+      const remaining = await loadPendingDeliveries(tmpDir);
+      expect(remaining).toHaveLength(3);
+
+      // Should have logged a warning about deferred entries.
+      expect(log.warn).toHaveBeenCalledWith(expect.stringContaining("deferred to next restart"));
+    });
+
+    it("defers entries until backoff becomes eligible", async () => {
+      const id = await enqueueDelivery(
+        { channel: "whatsapp", to: "+1", payloads: [{ text: "a" }] },
+        tmpDir,
+      );
+      setEntryState(id, { retryCount: 3, lastAttemptAt: Date.now() });
+
+      const deliver = vi.fn().mockResolvedValue([]);
+      const { result, log } = await runRecovery({
+        deliver,
+        maxRecoveryMs: 60_000,
+      });
+
+      expect(deliver).not.toHaveBeenCalled();
+      expect(result).toEqual({
+        recovered: 0,
+        failed: 0,
+        skippedMaxRetries: 0,
+        deferredBackoff: 1,
+      });
+
+      const remaining = await loadPendingDeliveries(tmpDir);
+      expect(remaining).toHaveLength(1);
+
+      expect(log.info).toHaveBeenCalledWith(expect.stringContaining("not ready for retry yet"));
+    });
+
+    it("continues past high-backoff entries and recovers ready entries behind them", async () => {
+      const now = Date.now();
+      const blockedId = await enqueueDelivery(
+        { channel: "whatsapp", to: "+1", payloads: [{ text: "blocked" }] },
+        tmpDir,
+      );
+      const readyId = await enqueueDelivery(
+        { channel: "telegram", to: "2", payloads: [{ text: "ready" }] },
+        tmpDir,
+      );
+
+      setEntryState(blockedId, { retryCount: 3, lastAttemptAt: now, enqueuedAt: now - 30_000 });
+      setEntryState(readyId, { retryCount: 0, enqueuedAt: now - 10_000 });
+
+      const deliver = vi.fn().mockResolvedValue([]);
+      const { result } = await runRecovery({ deliver, maxRecoveryMs: 60_000 });
+
+      expect(result).toEqual({
+        recovered: 1,
+        failed: 0,
+        skippedMaxRetries: 0,
+        deferredBackoff: 1,
+      });
+      expect(deliver).toHaveBeenCalledTimes(1);
+      expect(deliver).toHaveBeenCalledWith(
+        expect.objectContaining({ channel: "telegram", to: "2", skipQueue: true }),
+      );
+
+      const remaining = await loadPendingDeliveries(tmpDir);
+      expect(remaining).toHaveLength(1);
+      expect(remaining[0]?.id).toBe(blockedId);
+    });
+
+    it("recovers deferred entries on a later restart once backoff elapsed", async () => {
+      vi.useFakeTimers();
+      const start = new Date("2026-01-01T00:00:00.000Z");
+      vi.setSystemTime(start);
+
+      const id = await enqueueDelivery(
+        { channel: "whatsapp", to: "+1", payloads: [{ text: "later" }] },
+        tmpDir,
+      );
+      setEntryState(id, { retryCount: 3, lastAttemptAt: start.getTime() });
+
+      const firstDeliver = vi.fn().mockResolvedValue([]);
+      const firstRun = await runRecovery({ deliver: firstDeliver, maxRecoveryMs: 60_000 });
+      expect(firstRun.result).toEqual({
+        recovered: 0,
+        failed: 0,
+        skippedMaxRetries: 0,
+        deferredBackoff: 1,
+      });
+      expect(firstDeliver).not.toHaveBeenCalled();
+
+      vi.setSystemTime(new Date(start.getTime() + 600_000 + 1));
+      const secondDeliver = vi.fn().mockResolvedValue([]);
+      const secondRun = await runRecovery({ deliver: secondDeliver, maxRecoveryMs: 60_000 });
+      expect(secondRun.result).toEqual({
+        recovered: 1,
+        failed: 0,
+        skippedMaxRetries: 0,
+        deferredBackoff: 0,
+      });
+      expect(secondDeliver).toHaveBeenCalledTimes(1);
+
+      const remaining = await loadPendingDeliveries(tmpDir);
+      expect(remaining).toHaveLength(0);
+
+      vi.useRealTimers();
+    });
+
+    it("returns zeros when queue is empty", async () => {
+      const deliver = vi.fn();
+      const { result } = await runRecovery({ deliver });
+
+      expect(result).toEqual({
+        recovered: 0,
+        failed: 0,
+        skippedMaxRetries: 0,
+        deferredBackoff: 0,
+      });
+      expect(deliver).not.toHaveBeenCalled();
+    });
+  });
+});
+
+describe("DirectoryCache", () => {
+  const cfg = {} as OpenClawConfig;
+
+  afterEach(() => {
+    vi.useRealTimers();
+  });
+
+  it("expires entries after ttl", () => {
+    vi.useFakeTimers();
+    vi.setSystemTime(new Date("2026-01-01T00:00:00.000Z"));
+    const cache = new DirectoryCache<string>(1000, 10);
+
+    cache.set("a", "value-a", cfg);
+    expect(cache.get("a", cfg)).toBe("value-a");
+
+    vi.setSystemTime(new Date("2026-01-01T00:00:02.000Z"));
+    expect(cache.get("a", cfg)).toBeUndefined();
+  });
+
+  it("evicts least-recent entries when capacity is exceeded", () => {
+    const cases = [
+      {
+        actions: [
+          ["set", "a", "value-a"],
+          ["set", "b", "value-b"],
+          ["set", "c", "value-c"],
+        ] as const,
+        expected: { a: undefined, b: "value-b", c: "value-c" },
+      },
+      {
+        actions: [
+          ["set", "a", "value-a"],
+          ["set", "b", "value-b"],
+          ["set", "a", "value-a2"],
+          ["set", "c", "value-c"],
+        ] as const,
+        expected: { a: "value-a2", b: undefined, c: "value-c" },
+      },
+    ];
+
+    for (const testCase of cases) {
+      const cache = new DirectoryCache<string>(60_000, 2);
+      for (const action of testCase.actions) {
+        cache.set(action[1], action[2], cfg);
+      }
+      expect(cache.get("a", cfg)).toBe(testCase.expected.a);
+      expect(cache.get("b", cfg)).toBe(testCase.expected.b);
+      expect(cache.get("c", cfg)).toBe(testCase.expected.c);
+    }
+  });
+});
+
+describe("buildOutboundResultEnvelope", () => {
+  it("formats envelope variants", () => {
+    const whatsappDelivery: OutboundDeliveryJson = {
+      channel: "whatsapp",
+      via: "gateway",
+      to: "+1",
+      messageId: "m1",
+      mediaUrl: null,
+    };
+    const telegramDelivery: OutboundDeliveryJson = {
+      channel: "telegram",
+      via: "direct",
+      to: "123",
+      messageId: "m2",
+      mediaUrl: null,
+      chatId: "c1",
+    };
+    const discordDelivery: OutboundDeliveryJson = {
+      channel: "discord",
+      via: "gateway",
+      to: "channel:C1",
+      messageId: "m3",
+      mediaUrl: null,
+      channelId: "C1",
+    };
+    const cases = typedCases<{
+      name: string;
+      input: Parameters<typeof buildOutboundResultEnvelope>[0];
+      expected: unknown;
+    }>([
+      {
+        name: "flatten delivery by default",
+        input: { delivery: whatsappDelivery },
+        expected: whatsappDelivery,
+      },
+      {
+        name: "keep payloads + meta",
+        input: {
+          payloads: [{ text: "hi", mediaUrl: null, mediaUrls: undefined }],
+          meta: { foo: "bar" },
+        },
+        expected: {
+          payloads: [{ text: "hi", mediaUrl: null, mediaUrls: undefined }],
+          meta: { foo: "bar" },
+        },
+      },
+      {
+        name: "include delivery when payloads exist",
+        input: { payloads: [], delivery: telegramDelivery, meta: { ok: true } },
+        expected: {
+          payloads: [],
+          meta: { ok: true },
+          delivery: telegramDelivery,
+        },
+      },
+      {
+        name: "keep wrapped delivery when flatten disabled",
+        input: { delivery: discordDelivery, flattenDelivery: false },
+        expected: { delivery: discordDelivery },
+      },
+    ]);
+    for (const testCase of cases) {
+      expect(buildOutboundResultEnvelope(testCase.input), testCase.name).toEqual(testCase.expected);
+    }
+  });
+});
+
+describe("formatOutboundDeliverySummary", () => {
+  it("formats fallback and channel-specific detail variants", () => {
+    const cases = [
+      {
+        name: "fallback telegram",
+        channel: "telegram" as const,
+        result: undefined,
+        expected: "✅ Sent via Telegram. Message ID: unknown",
+      },
+      {
+        name: "fallback imessage",
+        channel: "imessage" as const,
+        result: undefined,
+        expected: "✅ Sent via iMessage. Message ID: unknown",
+      },
+      {
+        name: "telegram with chat detail",
+        channel: "telegram" as const,
+        result: {
+          channel: "telegram" as const,
+          messageId: "m1",
+          chatId: "c1",
+        },
+        expected: "✅ Sent via Telegram. Message ID: m1 (chat c1)",
+      },
+      {
+        name: "discord with channel detail",
+        channel: "discord" as const,
+        result: {
+          channel: "discord" as const,
+          messageId: "d1",
+          channelId: "chan",
+        },
+        expected: "✅ Sent via Discord. Message ID: d1 (channel chan)",
+      },
+    ];
+
+    for (const testCase of cases) {
+      expect(formatOutboundDeliverySummary(testCase.channel, testCase.result), testCase.name).toBe(
+        testCase.expected,
+      );
+    }
+  });
+});
+
+describe("buildOutboundDeliveryJson", () => {
+  it("builds direct delivery payloads across provider-specific fields", () => {
+    const cases = [
+      {
+        name: "telegram direct payload",
+        input: {
+          channel: "telegram" as const,
+          to: "123",
+          result: { channel: "telegram" as const, messageId: "m1", chatId: "c1" },
+          mediaUrl: "https://example.com/a.png",
+        },
+        expected: {
+          channel: "telegram",
+          via: "direct",
+          to: "123",
+          messageId: "m1",
+          mediaUrl: "https://example.com/a.png",
+          chatId: "c1",
+        },
+      },
+      {
+        name: "whatsapp metadata",
+        input: {
+          channel: "whatsapp" as const,
+          to: "+1",
+          result: { channel: "whatsapp" as const, messageId: "w1", toJid: "jid" },
+        },
+        expected: {
+          channel: "whatsapp",
+          via: "direct",
+          to: "+1",
+          messageId: "w1",
+          mediaUrl: null,
+          toJid: "jid",
+        },
+      },
+      {
+        name: "signal timestamp",
+        input: {
+          channel: "signal" as const,
+          to: "+1",
+          result: { channel: "signal" as const, messageId: "s1", timestamp: 123 },
+        },
+        expected: {
+          channel: "signal",
+          via: "direct",
+          to: "+1",
+          messageId: "s1",
+          mediaUrl: null,
+          timestamp: 123,
+        },
+      },
+    ];
+
+    for (const testCase of cases) {
+      expect(buildOutboundDeliveryJson(testCase.input), testCase.name).toEqual(testCase.expected);
+    }
+  });
+});
+
+describe("formatGatewaySummary", () => {
+  it("formats default and custom gateway action summaries", () => {
+    const cases = [
+      {
+        name: "default send action",
+        input: { channel: "whatsapp", messageId: "m1" },
+        expected: "✅ Sent via gateway (whatsapp). Message ID: m1",
+      },
+      {
+        name: "custom action",
+        input: { action: "Poll sent", channel: "discord", messageId: "p1" },
+        expected: "✅ Poll sent via gateway (discord). Message ID: p1",
+      },
+    ];
+
+    for (const testCase of cases) {
+      expect(formatGatewaySummary(testCase.input), testCase.name).toBe(testCase.expected);
+    }
+  });
+});
+
+const slackConfig = {
+  channels: {
+    slack: {
+      botToken: "xoxb-test",
+      appToken: "xapp-test",
+    },
+  },
+} as OpenClawConfig;
+
+const discordConfig = {
+  channels: {
+    discord: {},
+  },
+} as OpenClawConfig;
+
+describe("outbound policy", () => {
+  it("allows cross-provider sends when enabled", () => {
+    const cfg = {
+      ...slackConfig,
+      tools: {
+        message: { crossContext: { allowAcrossProviders: true } },
+      },
+    } as OpenClawConfig;
+
+    expect(() =>
+      enforceCrossContextPolicy({
+        cfg,
+        channel: "telegram",
+        action: "send",
+        args: { to: "telegram:@ops" },
+        toolContext: { currentChannelId: "C12345678", currentChannelProvider: "slack" },
+      }),
+    ).not.toThrow();
+  });
+
+  it("uses components when available and preferred", async () => {
+    const decoration = await buildCrossContextDecoration({
+      cfg: discordConfig,
+      channel: "discord",
+      target: "123",
+      toolContext: { currentChannelId: "C12345678", currentChannelProvider: "discord" },
+    });
+
+    expect(decoration).not.toBeNull();
+    const applied = applyCrossContextDecoration({
+      message: "hello",
+      decoration: decoration!,
+      preferComponents: true,
+    });
+
+    expect(applied.usedComponents).toBe(true);
+    expect(applied.componentsBuilder).toBeDefined();
+    expect(applied.componentsBuilder?.("hello").length).toBeGreaterThan(0);
+    expect(applied.message).toBe("hello");
+  });
+});
+
+describe("resolveOutboundSessionRoute", () => {
+  const baseConfig = {} as OpenClawConfig;
+
+  it("resolves provider-specific session routes", async () => {
+    const perChannelPeerCfg = { session: { dmScope: "per-channel-peer" } } as OpenClawConfig;
+    const identityLinksCfg = {
+      session: {
+        dmScope: "per-peer",
+        identityLinks: {
+          alice: ["discord:123"],
+        },
+      },
+    } as OpenClawConfig;
+    const slackMpimCfg = {
+      channels: {
+        slack: {
+          dm: {
+            groupChannels: ["G123"],
+          },
+        },
+      },
+    } as OpenClawConfig;
+    const cases: Array<{
+      name: string;
+      cfg: OpenClawConfig;
+      channel: string;
+      target: string;
+      replyToId?: string;
+      threadId?: string;
+      expected: {
+        sessionKey: string;
+        from?: string;
+        to?: string;
+        threadId?: string | number;
+        chatType?: "direct" | "group";
+      };
+    }> = [
+      {
+        name: "Slack thread",
+        cfg: baseConfig,
+        channel: "slack",
+        target: "channel:C123",
+        replyToId: "456",
+        expected: {
+          sessionKey: "agent:main:slack:channel:c123:thread:456",
+          from: "slack:channel:C123",
+          to: "channel:C123",
+          threadId: "456",
+        },
+      },
+      {
+        name: "Telegram topic group",
+        cfg: baseConfig,
+        channel: "telegram",
+        target: "-100123456:topic:42",
+        expected: {
+          sessionKey: "agent:main:telegram:group:-100123456:topic:42",
+          from: "telegram:group:-100123456:topic:42",
+          to: "telegram:-100123456",
+          threadId: 42,
+        },
+      },
+      {
+        name: "Telegram DM with topic",
+        cfg: perChannelPeerCfg,
+        channel: "telegram",
+        target: "123456789:topic:99",
+        expected: {
+          sessionKey: "agent:main:telegram:direct:123456789:thread:99",
+          from: "telegram:123456789:topic:99",
+          to: "telegram:123456789",
+          threadId: 99,
+          chatType: "direct",
+        },
+      },
+      {
+        name: "Telegram unresolved username DM",
+        cfg: perChannelPeerCfg,
+        channel: "telegram",
+        target: "@alice",
+        expected: {
+          sessionKey: "agent:main:telegram:direct:@alice",
+          chatType: "direct",
+        },
+      },
+      {
+        name: "Telegram DM scoped threadId fallback",
+        cfg: perChannelPeerCfg,
+        channel: "telegram",
+        target: "12345",
+        threadId: "12345:99",
+        expected: {
+          sessionKey: "agent:main:telegram:direct:12345:thread:99",
+          from: "telegram:12345:topic:99",
+          to: "telegram:12345",
+          threadId: 99,
+          chatType: "direct",
+        },
+      },
+      {
+        name: "identity-links per-peer",
+        cfg: identityLinksCfg,
+        channel: "discord",
+        target: "user:123",
+        expected: {
+          sessionKey: "agent:main:direct:alice",
+        },
+      },
+      {
+        name: "BlueBubbles chat_* prefix stripping",
+        cfg: baseConfig,
+        channel: "bluebubbles",
+        target: "chat_guid:ABC123",
+        expected: {
+          sessionKey: "agent:main:bluebubbles:group:abc123",
+          from: "group:ABC123",
+        },
+      },
+      {
+        name: "Zalo Personal DM target",
+        cfg: perChannelPeerCfg,
+        channel: "zalouser",
+        target: "123456",
+        expected: {
+          sessionKey: "agent:main:zalouser:direct:123456",
+          chatType: "direct",
+        },
+      },
+      {
+        name: "Slack mpim allowlist -> group key",
+        cfg: slackMpimCfg,
+        channel: "slack",
+        target: "channel:G123",
+        expected: {
+          sessionKey: "agent:main:slack:group:g123",
+          from: "slack:group:G123",
+        },
+      },
+      {
+        name: "Feishu explicit group prefix keeps group routing",
+        cfg: baseConfig,
+        channel: "feishu",
+        target: "group:oc_group_chat",
+        expected: {
+          sessionKey: "agent:main:feishu:group:oc_group_chat",
+          from: "feishu:group:oc_group_chat",
+          to: "oc_group_chat",
+          chatType: "group",
+        },
+      },
+      {
+        name: "Feishu explicit dm prefix keeps direct routing",
+        cfg: perChannelPeerCfg,
+        channel: "feishu",
+        target: "dm:oc_dm_chat",
+        expected: {
+          sessionKey: "agent:main:feishu:direct:oc_dm_chat",
+          from: "feishu:oc_dm_chat",
+          to: "oc_dm_chat",
+          chatType: "direct",
+        },
+      },
+      {
+        name: "Feishu bare oc_ target defaults to direct routing",
+        cfg: perChannelPeerCfg,
+        channel: "feishu",
+        target: "oc_ambiguous_chat",
+        expected: {
+          sessionKey: "agent:main:feishu:direct:oc_ambiguous_chat",
+          from: "feishu:oc_ambiguous_chat",
+          to: "oc_ambiguous_chat",
+          chatType: "direct",
+        },
+      },
+    ];
+
+    for (const testCase of cases) {
+      const route = await resolveOutboundSessionRoute({
+        cfg: testCase.cfg,
+        channel: testCase.channel,
+        agentId: "main",
+        target: testCase.target,
+        replyToId: testCase.replyToId,
+        threadId: testCase.threadId,
+      });
+      expect(route?.sessionKey, testCase.name).toBe(testCase.expected.sessionKey);
+      if (testCase.expected.from !== undefined) {
+        expect(route?.from, testCase.name).toBe(testCase.expected.from);
+      }
+      if (testCase.expected.to !== undefined) {
+        expect(route?.to, testCase.name).toBe(testCase.expected.to);
+      }
+      if (testCase.expected.threadId !== undefined) {
+        expect(route?.threadId, testCase.name).toBe(testCase.expected.threadId);
+      }
+      if (testCase.expected.chatType !== undefined) {
+        expect(route?.chatType, testCase.name).toBe(testCase.expected.chatType);
+      }
+    }
+  });
+
+  it("uses resolved Discord user targets to route bare numeric ids as DMs", async () => {
+    const route = await resolveOutboundSessionRoute({
+      cfg: { session: { dmScope: "per-channel-peer" } } as OpenClawConfig,
+      channel: "discord",
+      agentId: "main",
+      target: "123",
+      resolvedTarget: {
+        to: "user:123",
+        kind: "user",
+        source: "directory",
+      },
+    });
+
+    expect(route).toMatchObject({
+      sessionKey: "agent:main:discord:direct:123",
+      from: "discord:123",
+      to: "user:123",
+      chatType: "direct",
+    });
+  });
+
+  it("uses resolved Mattermost user targets to route bare ids as DMs", async () => {
+    const userId = "dthcxgoxhifn3pwh65cut3ud3w";
+    const route = await resolveOutboundSessionRoute({
+      cfg: { session: { dmScope: "per-channel-peer" } } as OpenClawConfig,
+      channel: "mattermost",
+      agentId: "main",
+      target: userId,
+      resolvedTarget: {
+        to: `user:${userId}`,
+        kind: "user",
+        source: "directory",
+      },
+    });
+
+    expect(route).toMatchObject({
+      sessionKey: `agent:main:mattermost:direct:${userId}`,
+      from: `mattermost:${userId}`,
+      to: `user:${userId}`,
+      chatType: "direct",
+    });
+  });
+
+  it("rejects bare numeric Discord targets when the caller has no kind hint", async () => {
+    await expect(
+      resolveOutboundSessionRoute({
+        cfg: { session: { dmScope: "per-channel-peer" } } as OpenClawConfig,
+        channel: "discord",
+        agentId: "main",
+        target: "123",
+      }),
+    ).rejects.toThrow(/Ambiguous Discord recipient/);
+  });
+});
+
+describe("normalizeOutboundPayloadsForJson", () => {
+  it("normalizes payloads for JSON output", () => {
+    const cases = typedCases<{
+      input: Parameters<typeof normalizeOutboundPayloadsForJson>[0];
+      expected: ReturnType<typeof normalizeOutboundPayloadsForJson>;
+    }>([
+      {
+        input: [
+          { text: "hi" },
+          { text: "photo", mediaUrl: "https://x.test/a.jpg" },
+          { text: "multi", mediaUrls: ["https://x.test/1.png"] },
+        ],
+        expected: [
+          { text: "hi", mediaUrl: null, mediaUrls: undefined, channelData: undefined },
+          {
+            text: "photo",
+            mediaUrl: "https://x.test/a.jpg",
+            mediaUrls: ["https://x.test/a.jpg"],
+            channelData: undefined,
+          },
+          {
+            text: "multi",
+            mediaUrl: null,
+            mediaUrls: ["https://x.test/1.png"],
+            channelData: undefined,
+          },
+        ],
+      },
+      {
+        input: [
+          {
+            text: "MEDIA:https://x.test/a.png\nMEDIA:https://x.test/b.png",
+          },
+        ],
+        expected: [
+          {
+            text: "",
+            mediaUrl: null,
+            mediaUrls: ["https://x.test/a.png", "https://x.test/b.png"],
+            channelData: undefined,
+          },
+        ],
+      },
+    ]);
+
+    for (const testCase of cases) {
+      const input: ReplyPayload[] = testCase.input.map((payload) =>
+        "mediaUrls" in payload
+          ? ({
+              ...payload,
+              mediaUrls: payload.mediaUrls ? [...payload.mediaUrls] : undefined,
+            } as ReplyPayload)
+          : ({ ...payload } as ReplyPayload),
+      );
+      expect(normalizeOutboundPayloadsForJson(input)).toEqual(testCase.expected);
+    }
+  });
+
+  it("suppresses reasoning payloads", () => {
+    const normalized = normalizeOutboundPayloadsForJson([
+      { text: "Reasoning:\n_step_", isReasoning: true },
+      { text: "final answer" },
+    ]);
+    expect(normalized).toEqual([{ text: "final answer", mediaUrl: null, mediaUrls: undefined }]);
+  });
+});
+
+describe("normalizeOutboundPayloads", () => {
+  it("keeps channelData-only payloads", () => {
+    const channelData = { line: { flexMessage: { altText: "Card", contents: {} } } };
+    const normalized = normalizeOutboundPayloads([{ channelData }]);
+    expect(normalized).toEqual([{ text: "", mediaUrls: [], channelData }]);
+  });
+
+  it("suppresses reasoning payloads", () => {
+    const normalized = normalizeOutboundPayloads([
+      { text: "Reasoning:\n_step_", isReasoning: true },
+      { text: "final answer" },
+    ]);
+    expect(normalized).toEqual([{ text: "final answer", mediaUrls: [] }]);
+  });
+
+  it("formats BTW replies prominently for external delivery", () => {
+    const normalized = normalizeOutboundPayloads([
+      {
+        text: "323",
+        btw: { question: "what is 17 * 19?" },
+      },
+    ]);
+    expect(normalized).toEqual([{ text: "BTW\nQuestion: what is 17 * 19?\n\n323", mediaUrls: [] }]);
+  });
+});
+
+describe("formatOutboundPayloadLog", () => {
+  it("formats text+media and media-only logs", () => {
+    const cases = typedCases<{
+      name: string;
+      input: Parameters<typeof formatOutboundPayloadLog>[0];
+      expected: string;
+    }>([
+      {
+        name: "text with media lines",
+        input: {
+          text: "hello  ",
+          mediaUrls: ["https://x.test/a.png", "https://x.test/b.png"],
+        },
+        expected: "hello\nMEDIA:https://x.test/a.png\nMEDIA:https://x.test/b.png",
+      },
+      {
+        name: "media only",
+        input: {
+          text: "",
+          mediaUrls: ["https://x.test/a.png"],
+        },
+        expected: "MEDIA:https://x.test/a.png",
+      },
+    ]);
+
+    for (const testCase of cases) {
+      expect(
+        formatOutboundPayloadLog({
+          ...testCase.input,
+          mediaUrls: [...testCase.input.mediaUrls],
+        }),
+        testCase.name,
+      ).toBe(testCase.expected);
+    }
+  });
+});
+
 runResolveOutboundTargetCoreTests();
diff --git a/src/infra/outbound/payloads.ts b/src/infra/outbound/payloads.ts
index 9dae6a6c1e6..754d3434445 100644
--- a/src/infra/outbound/payloads.ts
+++ b/src/infra/outbound/payloads.ts
@@ -1,5 +1,6 @@
 import { parseReplyDirectives } from "../../auto-reply/reply/reply-directives.js";
 import {
+  formatBtwTextForExternalDelivery,
   isRenderablePayload,
   shouldSuppressReasoningPayload,
 } from "../../auto-reply/reply/reply-payloads.js";
@@ -59,7 +60,11 @@ export function normalizeReplyPayloadsForDelivery(
     const resolvedMediaUrl = hasMultipleMedia ? undefined : explicitMediaUrl;
     const next: ReplyPayload = {
       ...payload,
-      text: parsed.text ?? "",
+      text:
+        formatBtwTextForExternalDelivery({
+          ...payload,
+          text: parsed.text ?? "",
+        }) ?? "",
       mediaUrls: mergedMedia.length ? mergedMedia : undefined,
       mediaUrl: resolvedMediaUrl,
       replyToId: payload.replyToId ?? parsed.replyToId,
diff --git a/src/infra/outbound/send-deps.ts b/src/infra/outbound/send-deps.ts
new file mode 100644
index 00000000000..be2a5d43cb2
--- /dev/null
+++ b/src/infra/outbound/send-deps.ts
@@ -0,0 +1,41 @@
+type LegacyOutboundSendDeps = {
+  sendWhatsApp?: unknown;
+  sendTelegram?: unknown;
+  sendDiscord?: unknown;
+  sendSlack?: unknown;
+  sendSignal?: unknown;
+  sendIMessage?: unknown;
+  sendMatrix?: unknown;
+  sendMSTeams?: unknown;
+};
+
+/**
+ * Dynamic bag of per-channel send functions, keyed by channel ID.
+ * Each outbound adapter resolves its own function from this record and
+ * falls back to a direct import when the key is absent.
+ */
+export type OutboundSendDeps = LegacyOutboundSendDeps & { [channelId: string]: unknown };
+
+const LEGACY_SEND_DEP_KEYS = {
+  whatsapp: "sendWhatsApp",
+  telegram: "sendTelegram",
+  discord: "sendDiscord",
+  slack: "sendSlack",
+  signal: "sendSignal",
+  imessage: "sendIMessage",
+  matrix: "sendMatrix",
+  msteams: "sendMSTeams",
+} as const satisfies Record<string, keyof LegacyOutboundSendDeps>;
+
+export function resolveOutboundSendDep<T>(
+  deps: OutboundSendDeps | null | undefined,
+  channelId: keyof typeof LEGACY_SEND_DEP_KEYS,
+): T | undefined {
+  const dynamic = deps?.[channelId];
+  if (dynamic !== undefined) {
+    return dynamic as T;
+  }
+  const legacyKey = LEGACY_SEND_DEP_KEYS[channelId];
+  const legacy = deps?.[legacyKey];
+  return legacy as T | undefined;
+}
diff --git a/src/infra/outbound/session-binding-service.test.ts b/src/infra/outbound/session-binding-service.test.ts
index 04a75d6e867..84fe5708802 100644
--- a/src/infra/outbound/session-binding-service.test.ts
+++ b/src/infra/outbound/session-binding-service.test.ts
@@ -198,4 +198,24 @@ describe("session binding service", () => {
       placements: [],
     });
   });
+
+  it("rejects duplicate adapter registration for the same channel account", () => {
+    registerSessionBindingAdapter({
+      channel: "discord",
+      accountId: "default",
+      bind: async (input) => createRecord(input),
+      listBySession: () => [],
+      resolveByConversation: () => null,
+    });
+
+    expect(() =>
+      registerSessionBindingAdapter({
+        channel: "Discord",
+        accountId: "DEFAULT",
+        bind: async (input) => createRecord(input),
+        listBySession: () => [],
+        resolveByConversation: () => null,
+      }),
+    ).toThrow("Session binding adapter already registered for discord:default");
+  });
 });
diff --git a/src/infra/outbound/session-binding-service.ts b/src/infra/outbound/session-binding-service.ts
index ffbf04758e6..c155d3792b8 100644
--- a/src/infra/outbound/session-binding-service.ts
+++ b/src/infra/outbound/session-binding-service.ts
@@ -148,15 +148,22 @@ function resolveAdapterCapabilities(
 const ADAPTERS_BY_CHANNEL_ACCOUNT = new Map<string, SessionBindingAdapter>();
 
 export function registerSessionBindingAdapter(adapter: SessionBindingAdapter): void {
-  const key = toAdapterKey({
-    channel: adapter.channel,
-    accountId: adapter.accountId,
-  });
-  ADAPTERS_BY_CHANNEL_ACCOUNT.set(key, {
+  const normalizedAdapter = {
     ...adapter,
     channel: adapter.channel.trim().toLowerCase(),
     accountId: normalizeAccountId(adapter.accountId),
+  };
+  const key = toAdapterKey({
+    channel: normalizedAdapter.channel,
+    accountId: normalizedAdapter.accountId,
   });
+  const existing = ADAPTERS_BY_CHANNEL_ACCOUNT.get(key);
+  if (existing && existing !== adapter) {
+    throw new Error(
+      `Session binding adapter already registered for ${normalizedAdapter.channel}:${normalizedAdapter.accountId}`,
+    );
+  }
+  ADAPTERS_BY_CHANNEL_ACCOUNT.set(key, normalizedAdapter);
 }
 
 export function unregisterSessionBindingAdapter(params: {
diff --git a/src/infra/outbound/session-context.test.ts b/src/infra/outbound/session-context.test.ts
index c24ede1f3e8..a62c47fb998 100644
--- a/src/infra/outbound/session-context.test.ts
+++ b/src/infra/outbound/session-context.test.ts
@@ -20,6 +20,19 @@ describe("buildOutboundSessionContext", () => {
     expect(resolveSessionAgentIdMock).not.toHaveBeenCalled();
   });
 
+  it("returns only the explicit trimmed agent id when no session key is present", () => {
+    expect(
+      buildOutboundSessionContext({
+        cfg: {} as never,
+        sessionKey: "  ",
+        agentId: "  explicit-agent  ",
+      }),
+    ).toEqual({
+      agentId: "explicit-agent",
+    });
+    expect(resolveSessionAgentIdMock).not.toHaveBeenCalled();
+  });
+
   it("derives the agent id from the trimmed session key when no explicit agent is given", () => {
     resolveSessionAgentIdMock.mockReturnValueOnce("derived-agent");
 
diff --git a/src/infra/outbound/target-errors.test.ts b/src/infra/outbound/target-errors.test.ts
index fb43f5279bf..ad2288ba27c 100644
--- a/src/infra/outbound/target-errors.test.ts
+++ b/src/infra/outbound/target-errors.test.ts
@@ -19,6 +19,16 @@ describe("target error helpers", () => {
     );
   });
 
+  it("treats blank hints the same as no hint", () => {
+    expect(missingTargetMessage("Slack", "   ")).toBe("Delivering to Slack requires target");
+    expect(ambiguousTargetMessage("Discord", "general", "   ")).toBe(
+      'Ambiguous target "general" for Discord. Provide a unique name or an explicit id.',
+    );
+    expect(unknownTargetMessage("Discord", "general", "   ")).toBe(
+      'Unknown target "general" for Discord.',
+    );
+  });
+
   it("formats ambiguous and unknown target messages with labeled hints", () => {
     expect(ambiguousTargetMessage("Discord", "general")).toBe(
       'Ambiguous target "general" for Discord. Provide a unique name or an explicit id.',
@@ -36,4 +46,13 @@ describe("target error helpers", () => {
       'Unknown target "general" for Discord.',
     );
   });
+
+  it("trims non-blank hints before formatting them", () => {
+    expect(missingTargetMessage("Slack", "  Use channel:C123  ")).toBe(
+      "Delivering to Slack requires target Use channel:C123",
+    );
+    expect(unknownTargetMessage("Discord", "general", "  Use channel:123  ")).toBe(
+      'Unknown target "general" for Discord. Hint: Use channel:123',
+    );
+  });
 });
diff --git a/src/infra/outbound/target-errors.ts b/src/infra/outbound/target-errors.ts
index 0bf589817ac..eedaf66631b 100644
--- a/src/infra/outbound/target-errors.ts
+++ b/src/infra/outbound/target-errors.ts
@@ -23,8 +23,9 @@ export function unknownTargetError(provider: string, raw: string, hint?: string)
 }
 
 function formatTargetHint(hint?: string, withLabel = false): string {
-  if (!hint) {
+  const normalized = hint?.trim();
+  if (!normalized) {
     return "";
   }
-  return withLabel ? ` Hint: ${hint}` : ` ${hint}`;
+  return withLabel ? ` Hint: ${normalized}` : ` ${normalized}`;
 }
diff --git a/src/infra/outbound/targets.test.ts b/src/infra/outbound/targets.test.ts
index b9c795f532e..4da860d083f 100644
--- a/src/infra/outbound/targets.test.ts
+++ b/src/infra/outbound/targets.test.ts
@@ -1,6 +1,7 @@
 import { describe, expect, it } from "vitest";
 import { telegramOutbound } from "../../channels/plugins/outbound/telegram.js";
 import type { OpenClawConfig } from "../../config/config.js";
+import type { SessionEntry } from "../../config/sessions/types.js";
 import { setActivePluginRegistry } from "../../plugins/runtime.js";
 import { createOutboundTestPlugin, createTestRegistry } from "../../test-utils/channel-plugins.js";
 import {
@@ -326,10 +327,7 @@ describe("resolveSessionDeliveryTarget", () => {
     expect(resolved.to).toBe("63448508");
   });
 
-  const resolveHeartbeatTarget = (
-    entry: Parameters<typeof resolveHeartbeatDeliveryTarget>[0]["entry"],
-    directPolicy?: "allow" | "block",
-  ) =>
+  const resolveHeartbeatTarget = (entry: SessionEntry, directPolicy?: "allow" | "block") =>
     resolveHeartbeatDeliveryTarget({
       cfg: {},
       entry,
@@ -341,7 +339,7 @@ describe("resolveSessionDeliveryTarget", () => {
 
   const expectHeartbeatTarget = (params: {
     name: string;
-    entry: Parameters<typeof resolveHeartbeatDeliveryTarget>[0]["entry"];
+    entry: SessionEntry;
     directPolicy?: "allow" | "block";
     expectedChannel: string;
     expectedTo?: string;
diff --git a/src/infra/outbound/targets.ts b/src/infra/outbound/targets.ts
index 52e98a3089d..9859176abbf 100644
--- a/src/infra/outbound/targets.ts
+++ b/src/infra/outbound/targets.ts
@@ -1,14 +1,17 @@
+import { parseDiscordTarget } from "../../../extensions/discord/src/targets.js";
+import { parseSlackTarget } from "../../../extensions/slack/src/targets.js";
+import {
+  parseTelegramTarget,
+  resolveTelegramTargetChatType,
+} from "../../../extensions/telegram/src/targets.js";
 import { normalizeChatType, type ChatType } from "../../channels/chat-type.js";
 import type { ChannelOutboundTargetMode } from "../../channels/plugins/types.js";
 import { formatCliCommand } from "../../cli/command-format.js";
 import type { OpenClawConfig } from "../../config/config.js";
 import type { SessionEntry } from "../../config/sessions.js";
 import type { AgentDefaultsConfig } from "../../config/types.agent-defaults.js";
-import { parseDiscordTarget } from "../../discord/targets.js";
 import { mapAllowFromEntries } from "../../plugin-sdk/channel-config-helpers.js";
 import { normalizeAccountId } from "../../routing/session-key.js";
-import { parseSlackTarget } from "../../slack/targets.js";
-import { parseTelegramTarget, resolveTelegramTargetChatType } from "../../telegram/targets.js";
 import { deliveryContextFromSession } from "../../utils/delivery-context.js";
 import type {
   DeliverableMessageChannel,
diff --git a/src/infra/package-json.test.ts b/src/infra/package-json.test.ts
index 664fcaa4f14..19793929636 100644
--- a/src/infra/package-json.test.ts
+++ b/src/infra/package-json.test.ts
@@ -9,7 +9,7 @@ describe("package-json helpers", () => {
     await withTempDir({ prefix: "openclaw-package-json-" }, async (root) => {
       await fs.writeFile(
         path.join(root, "package.json"),
-        JSON.stringify({ version: "1.2.3", name: "  @openclaw/demo  " }),
+        JSON.stringify({ version: " 1.2.3 ", name: "  @openclaw/demo  " }),
         "utf8",
       );
 
@@ -34,6 +34,13 @@ describe("package-json helpers", () => {
       );
       await expect(readPackageVersion(root)).resolves.toBeNull();
       await expect(readPackageName(root)).resolves.toBeNull();
+
+      await fs.writeFile(
+        path.join(root, "package.json"),
+        JSON.stringify({ version: "   ", name: "@openclaw/demo" }),
+        "utf8",
+      );
+      await expect(readPackageVersion(root)).resolves.toBeNull();
     });
   });
 });
diff --git a/src/infra/package-json.ts b/src/infra/package-json.ts
index f0007a3c04d..8da5108938a 100644
--- a/src/infra/package-json.ts
+++ b/src/infra/package-json.ts
@@ -5,7 +5,8 @@ export async function readPackageVersion(root: string): Promise<string | null> {
   try {
     const raw = await fs.readFile(path.join(root, "package.json"), "utf-8");
     const parsed = JSON.parse(raw) as { version?: string };
-    return typeof parsed?.version === "string" ? parsed.version : null;
+    const version = parsed?.version?.trim();
+    return version ? version : null;
   } catch {
     return null;
   }
diff --git a/src/infra/package-tag.test.ts b/src/infra/package-tag.test.ts
index 794acf63093..0401db6b156 100644
--- a/src/infra/package-tag.test.ts
+++ b/src/infra/package-tag.test.ts
@@ -12,10 +12,17 @@ describe("normalizePackageTagInput", () => {
   it("strips known package-name prefixes before returning the tag", () => {
     expect(normalizePackageTagInput("openclaw@beta", packageNames)).toBe("beta");
     expect(normalizePackageTagInput("@openclaw/plugin@2026.2.24", packageNames)).toBe("2026.2.24");
+    expect(normalizePackageTagInput("openclaw@   ", packageNames)).toBeNull();
+  });
+
+  it("treats exact known package names as an empty tag", () => {
+    expect(normalizePackageTagInput("openclaw", packageNames)).toBeNull();
+    expect(normalizePackageTagInput(" @openclaw/plugin ", packageNames)).toBeNull();
   });
 
   it("returns trimmed raw values when no package prefix matches", () => {
     expect(normalizePackageTagInput(" latest ", packageNames)).toBe("latest");
     expect(normalizePackageTagInput("@other/plugin@beta", packageNames)).toBe("@other/plugin@beta");
+    expect(normalizePackageTagInput("openclawer@beta", packageNames)).toBe("openclawer@beta");
   });
 });
diff --git a/src/infra/package-tag.ts b/src/infra/package-tag.ts
index 105afeb769c..db10d372c46 100644
--- a/src/infra/package-tag.ts
+++ b/src/infra/package-tag.ts
@@ -8,9 +8,13 @@ export function normalizePackageTagInput(
   }
 
   for (const packageName of packageNames) {
+    if (trimmed === packageName) {
+      return null;
+    }
     const prefix = `${packageName}@`;
     if (trimmed.startsWith(prefix)) {
-      return trimmed.slice(prefix.length);
+      const tag = trimmed.slice(prefix.length).trim();
+      return tag ? tag : null;
     }
   }
 
diff --git a/src/infra/pairing-files.test.ts b/src/infra/pairing-files.test.ts
index 8f891036956..ad3ac504fac 100644
--- a/src/infra/pairing-files.test.ts
+++ b/src/infra/pairing-files.test.ts
@@ -1,3 +1,4 @@
+import path from "node:path";
 import { describe, expect, it, vi } from "vitest";
 import {
   pruneExpiredPending,
@@ -8,9 +9,9 @@ import {
 describe("pairing file helpers", () => {
   it("resolves pairing file paths from explicit base dirs", () => {
     expect(resolvePairingPaths("/tmp/openclaw-state", "devices")).toEqual({
-      dir: "/tmp/openclaw-state/devices",
-      pendingPath: "/tmp/openclaw-state/devices/pending.json",
-      pairedPath: "/tmp/openclaw-state/devices/paired.json",
+      dir: path.join("/tmp/openclaw-state", "devices"),
+      pendingPath: path.join("/tmp/openclaw-state", "devices", "pending.json"),
+      pairedPath: path.join("/tmp/openclaw-state", "devices", "paired.json"),
     });
   });
 
diff --git a/src/infra/pairing-token.test.ts b/src/infra/pairing-token.test.ts
index 2d6a5964396..1ef0c8e20d7 100644
--- a/src/infra/pairing-token.test.ts
+++ b/src/infra/pairing-token.test.ts
@@ -27,4 +27,9 @@ describe("verifyPairingToken", () => {
     expect(verifyPairingToken("secret-token", "secret-token")).toBe(true);
     expect(verifyPairingToken("secret-token", "secret-tokEn")).toBe(false);
   });
+
+  it("rejects blank tokens even when both sides match", () => {
+    expect(verifyPairingToken("", "")).toBe(false);
+    expect(verifyPairingToken("   ", "   ")).toBe(false);
+  });
 });
diff --git a/src/infra/pairing-token.ts b/src/infra/pairing-token.ts
index 96960da53b8..7fe0dc2e688 100644
--- a/src/infra/pairing-token.ts
+++ b/src/infra/pairing-token.ts
@@ -8,5 +8,8 @@ export function generatePairingToken(): string {
 }
 
 export function verifyPairingToken(provided: string, expected: string): boolean {
+  if (provided.trim().length === 0 || expected.trim().length === 0) {
+    return false;
+  }
   return safeEqualSecret(provided, expected);
 }
diff --git a/src/infra/path-guards.test.ts b/src/infra/path-guards.test.ts
index 28bf3d7c3b8..335d86f639e 100644
--- a/src/infra/path-guards.test.ts
+++ b/src/infra/path-guards.test.ts
@@ -1,4 +1,4 @@
-import { describe, expect, it } from "vitest";
+import { afterEach, describe, expect, it } from "vitest";
 import {
   hasNodeErrorCode,
   isNodeError,
@@ -8,6 +8,21 @@ import {
   normalizeWindowsPathForComparison,
 } from "./path-guards.js";
 
+const originalPlatformDescriptor = Object.getOwnPropertyDescriptor(process, "platform");
+
+function setPlatform(platform: NodeJS.Platform): void {
+  Object.defineProperty(process, "platform", {
+    value: platform,
+    configurable: true,
+  });
+}
+
+afterEach(() => {
+  if (originalPlatformDescriptor) {
+    Object.defineProperty(process, "platform", originalPlatformDescriptor);
+  }
+});
+
 describe("normalizeWindowsPathForComparison", () => {
   it("normalizes extended-length and UNC windows paths", () => {
     expect(normalizeWindowsPathForComparison("\\\\?\\C:\\Users\\Peter/Repo")).toBe(
@@ -16,6 +31,9 @@ describe("normalizeWindowsPathForComparison", () => {
     expect(normalizeWindowsPathForComparison("\\\\?\\UNC\\Server\\Share\\Folder")).toBe(
       "\\\\server\\share\\folder",
     );
+    expect(normalizeWindowsPathForComparison("\\\\?\\unc\\Server\\Share\\Folder")).toBe(
+      "\\\\server\\share\\folder",
+    );
   });
 });
 
@@ -33,11 +51,13 @@ describe("node path error helpers", () => {
     expect(isNotFoundPathError({ code: "ENOENT" })).toBe(true);
     expect(isNotFoundPathError({ code: "ENOTDIR" })).toBe(true);
     expect(isNotFoundPathError({ code: "EACCES" })).toBe(false);
+    expect(isNotFoundPathError({ code: 404 })).toBe(false);
 
     expect(isSymlinkOpenError({ code: "ELOOP" })).toBe(true);
     expect(isSymlinkOpenError({ code: "EINVAL" })).toBe(true);
     expect(isSymlinkOpenError({ code: "ENOTSUP" })).toBe(true);
     expect(isSymlinkOpenError({ code: "ENOENT" })).toBe(false);
+    expect(isSymlinkOpenError({ code: null })).toBe(false);
   });
 });
 
@@ -47,4 +67,19 @@ describe("isPathInside", () => {
     expect(isPathInside("/workspace/root", "/workspace/root/nested/file.txt")).toBe(true);
     expect(isPathInside("/workspace/root", "/workspace/root/../escape.txt")).toBe(false);
   });
+
+  it("uses win32 path semantics for windows containment checks", () => {
+    setPlatform("win32");
+
+    expect(isPathInside(String.raw`C:\workspace\root`, String.raw`C:\workspace\root`)).toBe(true);
+    expect(
+      isPathInside(String.raw`C:\workspace\root`, String.raw`C:\workspace\root\Nested\File.txt`),
+    ).toBe(true);
+    expect(
+      isPathInside(String.raw`C:\workspace\root`, String.raw`C:\workspace\root\..\escape.txt`),
+    ).toBe(false);
+    expect(
+      isPathInside(String.raw`C:\workspace\root`, String.raw`D:\workspace\root\file.txt`),
+    ).toBe(false);
+  });
 });
diff --git a/src/infra/path-guards.ts b/src/infra/path-guards.ts
index a2f88a1532c..379801152e8 100644
--- a/src/infra/path-guards.ts
+++ b/src/infra/path-guards.ts
@@ -33,16 +33,15 @@ export function isSymlinkOpenError(value: unknown): boolean {
 }
 
 export function isPathInside(root: string, target: string): boolean {
-  const resolvedRoot = path.resolve(root);
-  const resolvedTarget = path.resolve(target);
-
   if (process.platform === "win32") {
-    const rootForCompare = normalizeWindowsPathForComparison(resolvedRoot);
-    const targetForCompare = normalizeWindowsPathForComparison(resolvedTarget);
+    const rootForCompare = normalizeWindowsPathForComparison(path.win32.resolve(root));
+    const targetForCompare = normalizeWindowsPathForComparison(path.win32.resolve(target));
     const relative = path.win32.relative(rootForCompare, targetForCompare);
     return relative === "" || (!relative.startsWith("..") && !path.win32.isAbsolute(relative));
   }
 
+  const resolvedRoot = path.resolve(root);
+  const resolvedTarget = path.resolve(target);
   const relative = path.relative(resolvedRoot, resolvedTarget);
   return relative === "" || (!relative.startsWith("..") && !path.isAbsolute(relative));
 }
diff --git a/src/infra/path-prepend.test.ts b/src/infra/path-prepend.test.ts
index 7f4211a0137..a0ad172e326 100644
--- a/src/infra/path-prepend.test.ts
+++ b/src/infra/path-prepend.test.ts
@@ -11,6 +11,7 @@ describe("path prepend helpers", () => {
   it("finds the actual PATH key while preserving original casing", () => {
     expect(findPathKey({ PATH: "/usr/bin" })).toBe("PATH");
     expect(findPathKey({ Path: "/usr/bin" })).toBe("Path");
+    expect(findPathKey({ path: "/usr/bin" })).toBe("path");
     expect(findPathKey({ PaTh: "/usr/bin" })).toBe("PaTh");
     expect(findPathKey({ HOME: "/tmp" })).toBe("PATH");
   });
@@ -60,6 +61,10 @@ describe("path prepend helpers", () => {
     applyPathPrepend(envWithoutPath, ["/custom/bin"], { requireExisting: true });
     expect(envWithoutPath).toEqual({ HOME: "/tmp/home" });
 
+    const envWithBlankPath = { path: "" };
+    applyPathPrepend(envWithBlankPath, ["/custom/bin"], { requireExisting: true });
+    expect(envWithBlankPath).toEqual({ path: "" });
+
     const envWithPath = { PATH: "/usr/bin" };
     applyPathPrepend(envWithPath, [], { requireExisting: true });
     applyPathPrepend(envWithPath, undefined, { requireExisting: true });
diff --git a/src/infra/prototype-keys.test.ts b/src/infra/prototype-keys.test.ts
index f2bd8287226..98014b71450 100644
--- a/src/infra/prototype-keys.test.ts
+++ b/src/infra/prototype-keys.test.ts
@@ -7,7 +7,7 @@ describe("isBlockedObjectKey", () => {
       expect(isBlockedObjectKey(key)).toBe(true);
     }
 
-    for (const key of ["toString", "value", "constructorName"]) {
+    for (const key of ["toString", "value", "constructorName", "__proto__x", "Prototype"]) {
       expect(isBlockedObjectKey(key)).toBe(false);
     }
   });
diff --git a/src/infra/provider-usage.load.test.ts b/src/infra/provider-usage.load.test.ts
new file mode 100644
index 00000000000..1a91b87a56b
--- /dev/null
+++ b/src/infra/provider-usage.load.test.ts
@@ -0,0 +1,136 @@
+import { describe, expect, it, vi } from "vitest";
+import { createProviderUsageFetch, makeResponse } from "../test-utils/provider-usage-fetch.js";
+import { loadProviderUsageSummary } from "./provider-usage.load.js";
+import { ignoredErrors } from "./provider-usage.shared.js";
+
+const usageNow = Date.UTC(2026, 0, 7, 0, 0, 0);
+
+type ProviderAuth = NonNullable<
+  NonNullable<Parameters<typeof loadProviderUsageSummary>[0]>["auth"]
+>[number];
+
+async function loadUsageWithAuth(
+  auth: ProviderAuth[],
+  mockFetch: ReturnType<typeof createProviderUsageFetch>,
+) {
+  return await loadProviderUsageSummary({
+    now: usageNow,
+    auth,
+    fetch: mockFetch as unknown as typeof fetch,
+  });
+}
+
+describe("provider-usage.load", () => {
+  it("loads snapshots for copilot gemini codex and xiaomi", async () => {
+    const mockFetch = createProviderUsageFetch(async (url) => {
+      if (url.includes("api.github.com/copilot_internal/user")) {
+        return makeResponse(200, {
+          quota_snapshots: { chat: { percent_remaining: 80 } },
+          copilot_plan: "Copilot Pro",
+        });
+      }
+      if (url.includes("cloudcode-pa.googleapis.com/v1internal:fetchAvailableModels")) {
+        return makeResponse(200, {
+          models: {
+            "gemini-2.5-pro": {
+              quotaInfo: { remainingFraction: 0.4, resetTime: "2026-01-08T01:00:00Z" },
+            },
+          },
+        });
+      }
+      if (url.includes("cloudcode-pa.googleapis.com/v1internal:retrieveUserQuota")) {
+        return makeResponse(200, {
+          buckets: [{ modelId: "gemini-2.5-pro", remainingFraction: 0.6 }],
+        });
+      }
+      if (url.includes("chatgpt.com/backend-api/wham/usage")) {
+        return makeResponse(200, {
+          rate_limit: { primary_window: { used_percent: 12, limit_window_seconds: 10800 } },
+          plan_type: "Plus",
+        });
+      }
+      return makeResponse(404, "not found");
+    });
+
+    const summary = await loadUsageWithAuth(
+      [
+        { provider: "github-copilot", token: "copilot-token" },
+        { provider: "google-gemini-cli", token: "gemini-token" },
+        { provider: "openai-codex", token: "codex-token", accountId: "acc-1" },
+        { provider: "xiaomi", token: "xiaomi-token" },
+      ],
+      mockFetch,
+    );
+
+    expect(summary.providers.map((provider) => provider.provider)).toEqual([
+      "github-copilot",
+      "google-gemini-cli",
+      "openai-codex",
+      "xiaomi",
+    ]);
+    expect(
+      summary.providers.find((provider) => provider.provider === "github-copilot")?.windows,
+    ).toEqual([{ label: "Chat", usedPercent: 20 }]);
+    expect(
+      summary.providers.find((provider) => provider.provider === "google-gemini-cli")?.windows[0]
+        ?.label,
+    ).toBe("Pro");
+    expect(
+      summary.providers.find((provider) => provider.provider === "openai-codex")?.windows[0]?.label,
+    ).toBe("3h");
+    expect(summary.providers.find((provider) => provider.provider === "xiaomi")?.windows).toEqual(
+      [],
+    );
+  });
+
+  it("returns empty provider list when auth resolves to none", async () => {
+    const mockFetch = createProviderUsageFetch(async () => makeResponse(404, "not found"));
+    const summary = await loadUsageWithAuth([], mockFetch);
+    expect(summary).toEqual({ updatedAt: usageNow, providers: [] });
+  });
+
+  it("returns unsupported provider snapshots for unknown provider ids", async () => {
+    const mockFetch = createProviderUsageFetch(async () => makeResponse(404, "not found"));
+    const summary = await loadUsageWithAuth(
+      [{ provider: "unsupported-provider", token: "token-u" }] as unknown as ProviderAuth[],
+      mockFetch,
+    );
+    expect(summary.providers).toHaveLength(1);
+    expect(summary.providers[0]?.error).toBe("Unsupported provider");
+  });
+
+  it("filters errors that are marked as ignored", async () => {
+    const mockFetch = createProviderUsageFetch(async (url) => {
+      if (url.includes("api.anthropic.com/api/oauth/usage")) {
+        return makeResponse(500, "boom");
+      }
+      return makeResponse(404, "not found");
+    });
+    ignoredErrors.add("HTTP 500");
+    try {
+      const summary = await loadUsageWithAuth(
+        [{ provider: "anthropic", token: "token-a" }],
+        mockFetch,
+      );
+      expect(summary.providers).toEqual([]);
+    } finally {
+      ignoredErrors.delete("HTTP 500");
+    }
+  });
+
+  it("throws when fetch is unavailable", async () => {
+    const previousFetch = globalThis.fetch;
+    vi.stubGlobal("fetch", undefined);
+    try {
+      await expect(
+        loadProviderUsageSummary({
+          now: usageNow,
+          auth: [{ provider: "xiaomi", token: "token-x" }],
+          fetch: undefined,
+        }),
+      ).rejects.toThrow("fetch is not available");
+    } finally {
+      vi.stubGlobal("fetch", previousFetch);
+    }
+  });
+});
diff --git a/src/infra/provider-usage.test.ts b/src/infra/provider-usage.test.ts
index d8f94d04646..2e45a2ee9dc 100644
--- a/src/infra/provider-usage.test.ts
+++ b/src/infra/provider-usage.test.ts
@@ -1,6 +1,6 @@
 import fs from "node:fs";
 import path from "node:path";
-import { describe, expect, it, vi } from "vitest";
+import { describe, expect, it } from "vitest";
 import { withTempHome } from "../../test/helpers/temp-home.js";
 import { ensureAuthProfileStore, listProfilesForProvider } from "../agents/auth-profiles.js";
 import { withEnvAsync } from "../test-utils/env.js";
@@ -11,7 +11,6 @@ import {
   loadProviderUsageSummary,
   type UsageSummary,
 } from "./provider-usage.js";
-import { ignoredErrors } from "./provider-usage.shared.js";
 
 const minimaxRemainsEndpoint = "api.minimaxi.com/v1/api/openplatform/coding_plan/remains";
 const usageNow = Date.UTC(2026, 0, 7, 0, 0, 0);
@@ -354,117 +353,4 @@ describe("provider usage loading", () => {
       expect(claude?.windows.some((w) => w.label === "Week")).toBe(true);
     });
   });
-
-  it("loads snapshots for copilot gemini codex and xiaomi", async () => {
-    const mockFetch = createProviderUsageFetch(async (url) => {
-      if (url.includes("api.github.com/copilot_internal/user")) {
-        return makeResponse(200, {
-          quota_snapshots: { chat: { percent_remaining: 80 } },
-          copilot_plan: "Copilot Pro",
-        });
-      }
-      if (url.includes("cloudcode-pa.googleapis.com/v1internal:fetchAvailableModels")) {
-        return makeResponse(200, {
-          models: {
-            "gemini-2.5-pro": {
-              quotaInfo: { remainingFraction: 0.4, resetTime: "2026-01-08T01:00:00Z" },
-            },
-          },
-        });
-      }
-      if (url.includes("cloudcode-pa.googleapis.com/v1internal:retrieveUserQuota")) {
-        return makeResponse(200, {
-          buckets: [{ modelId: "gemini-2.5-pro", remainingFraction: 0.6 }],
-        });
-      }
-      if (url.includes("chatgpt.com/backend-api/wham/usage")) {
-        return makeResponse(200, {
-          rate_limit: { primary_window: { used_percent: 12, limit_window_seconds: 10800 } },
-          plan_type: "Plus",
-        });
-      }
-      return makeResponse(404, "not found");
-    });
-
-    const summary = await loadUsageWithAuth(
-      [
-        { provider: "github-copilot", token: "copilot-token" },
-        { provider: "google-gemini-cli", token: "gemini-token" },
-        { provider: "openai-codex", token: "codex-token", accountId: "acc-1" },
-        { provider: "xiaomi", token: "xiaomi-token" },
-      ],
-      mockFetch,
-    );
-
-    expect(summary.providers.map((provider) => provider.provider)).toEqual([
-      "github-copilot",
-      "google-gemini-cli",
-      "openai-codex",
-      "xiaomi",
-    ]);
-    expect(
-      summary.providers.find((provider) => provider.provider === "github-copilot")?.windows,
-    ).toEqual([{ label: "Chat", usedPercent: 20 }]);
-    expect(
-      summary.providers.find((provider) => provider.provider === "google-gemini-cli")?.windows[0]
-        ?.label,
-    ).toBe("Pro");
-    expect(
-      summary.providers.find((provider) => provider.provider === "openai-codex")?.windows[0]?.label,
-    ).toBe("3h");
-    expect(summary.providers.find((provider) => provider.provider === "xiaomi")?.windows).toEqual(
-      [],
-    );
-  });
-
-  it("returns empty provider list when auth resolves to none", async () => {
-    const mockFetch = createProviderUsageFetch(async () => makeResponse(404, "not found"));
-    const summary = await loadUsageWithAuth([], mockFetch);
-    expect(summary).toEqual({ updatedAt: usageNow, providers: [] });
-  });
-
-  it("returns unsupported provider snapshots for unknown provider ids", async () => {
-    const mockFetch = createProviderUsageFetch(async () => makeResponse(404, "not found"));
-    const summary = await loadUsageWithAuth(
-      [{ provider: "unsupported-provider", token: "token-u" }] as unknown as ProviderAuth[],
-      mockFetch,
-    );
-    expect(summary.providers).toHaveLength(1);
-    expect(summary.providers[0]?.error).toBe("Unsupported provider");
-  });
-
-  it("filters errors that are marked as ignored", async () => {
-    const mockFetch = createProviderUsageFetch(async (url) => {
-      if (url.includes("api.anthropic.com/api/oauth/usage")) {
-        return makeResponse(500, "boom");
-      }
-      return makeResponse(404, "not found");
-    });
-    ignoredErrors.add("HTTP 500");
-    try {
-      const summary = await loadUsageWithAuth(
-        [{ provider: "anthropic", token: "token-a" }],
-        mockFetch,
-      );
-      expect(summary.providers).toEqual([]);
-    } finally {
-      ignoredErrors.delete("HTTP 500");
-    }
-  });
-
-  it("throws when fetch is unavailable", async () => {
-    const previousFetch = globalThis.fetch;
-    vi.stubGlobal("fetch", undefined);
-    try {
-      await expect(
-        loadProviderUsageSummary({
-          now: usageNow,
-          auth: [{ provider: "xiaomi", token: "token-x" }],
-          fetch: undefined,
-        }),
-      ).rejects.toThrow("fetch is not available");
-    } finally {
-      vi.stubGlobal("fetch", previousFetch);
-    }
-  });
 });
diff --git a/src/infra/push-apns.auth.test.ts b/src/infra/push-apns.auth.test.ts
new file mode 100644
index 00000000000..2dd832b4b28
--- /dev/null
+++ b/src/infra/push-apns.auth.test.ts
@@ -0,0 +1,182 @@
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { afterEach, describe, expect, it } from "vitest";
+import {
+  normalizeApnsEnvironment,
+  resolveApnsAuthConfigFromEnv,
+  shouldClearStoredApnsRegistration,
+  shouldInvalidateApnsRegistration,
+} from "./push-apns.js";
+
+const tempDirs: string[] = [];
+
+async function makeTempDir(): Promise<string> {
+  const dir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-push-apns-auth-test-"));
+  tempDirs.push(dir);
+  return dir;
+}
+
+afterEach(async () => {
+  while (tempDirs.length > 0) {
+    const dir = tempDirs.pop();
+    if (dir) {
+      await fs.rm(dir, { recursive: true, force: true });
+    }
+  }
+});
+
+describe("push APNs auth and helper coverage", () => {
+  it("normalizes APNs environment values", () => {
+    expect(normalizeApnsEnvironment("sandbox")).toBe("sandbox");
+    expect(normalizeApnsEnvironment(" PRODUCTION ")).toBe("production");
+    expect(normalizeApnsEnvironment("staging")).toBeNull();
+    expect(normalizeApnsEnvironment(null)).toBeNull();
+  });
+
+  it("prefers inline APNs private key values and unescapes newlines", async () => {
+    const resolved = await resolveApnsAuthConfigFromEnv({
+      OPENCLAW_APNS_TEAM_ID: "TEAM123",
+      OPENCLAW_APNS_KEY_ID: "KEY123",
+      OPENCLAW_APNS_PRIVATE_KEY_P8:
+        "-----BEGIN PRIVATE KEY-----\\nline-a\\nline-b\\n-----END PRIVATE KEY-----", // pragma: allowlist secret
+      OPENCLAW_APNS_PRIVATE_KEY: "ignored",
+    } as NodeJS.ProcessEnv);
+
+    expect(resolved).toMatchObject({
+      ok: true,
+      value: {
+        teamId: "TEAM123",
+        keyId: "KEY123",
+      },
+    });
+    if (resolved.ok) {
+      expect(resolved.value.privateKey).toContain("\nline-a\n");
+      expect(resolved.value.privateKey).not.toBe("ignored");
+    }
+  });
+
+  it("falls back to OPENCLAW_APNS_PRIVATE_KEY when OPENCLAW_APNS_PRIVATE_KEY_P8 is blank", async () => {
+    const resolved = await resolveApnsAuthConfigFromEnv({
+      OPENCLAW_APNS_TEAM_ID: "TEAM123",
+      OPENCLAW_APNS_KEY_ID: "KEY123",
+      OPENCLAW_APNS_PRIVATE_KEY_P8: "   ",
+      OPENCLAW_APNS_PRIVATE_KEY:
+        "-----BEGIN PRIVATE KEY-----\\nline-c\\nline-d\\n-----END PRIVATE KEY-----", // pragma: allowlist secret
+    } as NodeJS.ProcessEnv);
+
+    expect(resolved).toMatchObject({
+      ok: true,
+      value: {
+        teamId: "TEAM123",
+        keyId: "KEY123",
+        privateKey: "-----BEGIN PRIVATE KEY-----\nline-c\nline-d\n-----END PRIVATE KEY-----",
+      },
+    });
+  });
+
+  it("reads APNs private keys from OPENCLAW_APNS_PRIVATE_KEY_PATH", async () => {
+    const dir = await makeTempDir();
+    const keyPath = path.join(dir, "apns-key.p8");
+    await fs.writeFile(
+      keyPath,
+      "-----BEGIN PRIVATE KEY-----\\nline-e\\nline-f\\n-----END PRIVATE KEY-----\n",
+      "utf8",
+    );
+
+    const resolved = await resolveApnsAuthConfigFromEnv({
+      OPENCLAW_APNS_TEAM_ID: "TEAM123",
+      OPENCLAW_APNS_KEY_ID: "KEY123",
+      OPENCLAW_APNS_PRIVATE_KEY_PATH: keyPath,
+    } as NodeJS.ProcessEnv);
+
+    expect(resolved).toMatchObject({
+      ok: true,
+      value: {
+        teamId: "TEAM123",
+        keyId: "KEY123",
+        privateKey: "-----BEGIN PRIVATE KEY-----\nline-e\nline-f\n-----END PRIVATE KEY-----",
+      },
+    });
+  });
+
+  it("reports missing auth fields and path read failures", async () => {
+    const dir = await makeTempDir();
+    const missingPath = path.join(dir, "missing-key.p8");
+
+    await expect(resolveApnsAuthConfigFromEnv({} as NodeJS.ProcessEnv)).resolves.toEqual({
+      ok: false,
+      error: "APNs auth missing: set OPENCLAW_APNS_TEAM_ID and OPENCLAW_APNS_KEY_ID",
+    });
+
+    const missingKey = await resolveApnsAuthConfigFromEnv({
+      OPENCLAW_APNS_TEAM_ID: "TEAM123",
+      OPENCLAW_APNS_KEY_ID: "KEY123",
+      OPENCLAW_APNS_PRIVATE_KEY_PATH: missingPath,
+    } as NodeJS.ProcessEnv);
+
+    expect(missingKey.ok).toBe(false);
+    if (!missingKey.ok) {
+      expect(missingKey.error).toContain(
+        `failed reading OPENCLAW_APNS_PRIVATE_KEY_PATH (${missingPath})`,
+      );
+    }
+  });
+
+  it("invalidates only real bad-token APNs failures", () => {
+    expect(shouldInvalidateApnsRegistration({ status: 410, reason: "Unregistered" })).toBe(true);
+    expect(shouldInvalidateApnsRegistration({ status: 400, reason: " BadDeviceToken " })).toBe(
+      true,
+    );
+    expect(shouldInvalidateApnsRegistration({ status: 400, reason: "BadTopic" })).toBe(false);
+    expect(shouldInvalidateApnsRegistration({ status: 429, reason: "BadDeviceToken" })).toBe(false);
+  });
+
+  it("clears only direct registrations without an environment override mismatch", () => {
+    expect(
+      shouldClearStoredApnsRegistration({
+        registration: {
+          nodeId: "ios-node-direct",
+          transport: "direct",
+          token: "ABCD1234ABCD1234ABCD1234ABCD1234",
+          topic: "ai.openclaw.ios",
+          environment: "sandbox",
+          updatedAtMs: 1,
+        },
+        result: { status: 400, reason: "BadDeviceToken" },
+      }),
+    ).toBe(true);
+
+    expect(
+      shouldClearStoredApnsRegistration({
+        registration: {
+          nodeId: "ios-node-relay",
+          transport: "relay",
+          relayHandle: "relay-handle-123",
+          sendGrant: "send-grant-123",
+          installationId: "install-123",
+          topic: "ai.openclaw.ios",
+          environment: "production",
+          distribution: "official",
+          updatedAtMs: 1,
+        },
+        result: { status: 410, reason: "Unregistered" },
+      }),
+    ).toBe(false);
+
+    expect(
+      shouldClearStoredApnsRegistration({
+        registration: {
+          nodeId: "ios-node-direct",
+          transport: "direct",
+          token: "ABCD1234ABCD1234ABCD1234ABCD1234",
+          topic: "ai.openclaw.ios",
+          environment: "sandbox",
+          updatedAtMs: 1,
+        },
+        result: { status: 400, reason: "BadDeviceToken" },
+        overrideEnvironment: "production",
+      }),
+    ).toBe(false);
+  });
+});
diff --git a/src/infra/push-apns.relay.test.ts b/src/infra/push-apns.relay.test.ts
new file mode 100644
index 00000000000..4e8e8054311
--- /dev/null
+++ b/src/infra/push-apns.relay.test.ts
@@ -0,0 +1,284 @@
+import { generateKeyPairSync } from "node:crypto";
+import { afterEach, describe, expect, it, vi } from "vitest";
+import {
+  deriveDeviceIdFromPublicKey,
+  publicKeyRawBase64UrlFromPem,
+  verifyDeviceSignature,
+} from "./device-identity.js";
+import { resolveApnsRelayConfigFromEnv, sendApnsRelayPush } from "./push-apns.relay.js";
+
+const relayGatewayIdentity = (() => {
+  const { publicKey, privateKey } = generateKeyPairSync("ed25519");
+  const publicKeyPem = publicKey.export({ format: "pem", type: "spki" }).toString();
+  const publicKeyRaw = publicKeyRawBase64UrlFromPem(publicKeyPem);
+  const deviceId = deriveDeviceIdFromPublicKey(publicKeyRaw);
+  if (!deviceId) {
+    throw new Error("failed to derive test gateway device id");
+  }
+  return {
+    deviceId,
+    publicKey: publicKeyRaw,
+    privateKeyPem: privateKey.export({ format: "pem", type: "pkcs8" }).toString(),
+  };
+})();
+
+afterEach(() => {
+  vi.restoreAllMocks();
+  vi.unstubAllGlobals();
+});
+
+describe("push-apns.relay", () => {
+  describe("resolveApnsRelayConfigFromEnv", () => {
+    it("returns a missing-config error when no relay base URL is configured", () => {
+      expect(resolveApnsRelayConfigFromEnv({} as NodeJS.ProcessEnv)).toEqual({
+        ok: false,
+        error:
+          "APNs relay config missing: set gateway.push.apns.relay.baseUrl or OPENCLAW_APNS_RELAY_BASE_URL",
+      });
+    });
+
+    it("lets env overrides win and clamps tiny timeout values", () => {
+      const resolved = resolveApnsRelayConfigFromEnv(
+        {
+          OPENCLAW_APNS_RELAY_BASE_URL: " https://relay-override.example.com/base/ ",
+          OPENCLAW_APNS_RELAY_TIMEOUT_MS: "999",
+        } as NodeJS.ProcessEnv,
+        {
+          push: {
+            apns: {
+              relay: {
+                baseUrl: "https://relay.example.com",
+                timeoutMs: 2500,
+              },
+            },
+          },
+        },
+      );
+
+      expect(resolved).toMatchObject({
+        ok: true,
+        value: {
+          baseUrl: "https://relay-override.example.com/base",
+          timeoutMs: 1000,
+        },
+      });
+    });
+
+    it("allows loopback http URLs for alternate truthy env values", () => {
+      const resolved = resolveApnsRelayConfigFromEnv({
+        OPENCLAW_APNS_RELAY_BASE_URL: "http://[::1]:8787",
+        OPENCLAW_APNS_RELAY_ALLOW_HTTP: "yes",
+        OPENCLAW_APNS_RELAY_TIMEOUT_MS: "nope",
+      } as NodeJS.ProcessEnv);
+
+      expect(resolved).toMatchObject({
+        ok: true,
+        value: {
+          baseUrl: "http://[::1]:8787",
+          timeoutMs: 10_000,
+        },
+      });
+    });
+
+    it.each([
+      {
+        name: "unsupported protocol",
+        env: { OPENCLAW_APNS_RELAY_BASE_URL: "ftp://relay.example.com" },
+        expected: "unsupported protocol",
+      },
+      {
+        name: "http non-loopback host",
+        env: {
+          OPENCLAW_APNS_RELAY_BASE_URL: "http://relay.example.com",
+          OPENCLAW_APNS_RELAY_ALLOW_HTTP: "true",
+        },
+        expected: "loopback hosts",
+      },
+      {
+        name: "query string",
+        env: { OPENCLAW_APNS_RELAY_BASE_URL: "https://relay.example.com/path?debug=1" },
+        expected: "query and fragment are not allowed",
+      },
+      {
+        name: "userinfo",
+        env: { OPENCLAW_APNS_RELAY_BASE_URL: "https://user:pass@relay.example.com/path" },
+        expected: "userinfo is not allowed",
+      },
+    ])("rejects invalid relay URL: $name", ({ env, expected }) => {
+      const resolved = resolveApnsRelayConfigFromEnv(env as NodeJS.ProcessEnv);
+      expect(resolved.ok).toBe(false);
+      if (!resolved.ok) {
+        expect(resolved.error).toContain(expected);
+      }
+    });
+  });
+
+  describe("sendApnsRelayPush", () => {
+    it("signs relay payloads and forwards the request through the injected sender", async () => {
+      vi.spyOn(Date, "now").mockReturnValue(123_456_789);
+      const sender = vi.fn().mockResolvedValue({
+        ok: true,
+        status: 200,
+        apnsId: "relay-apns-id",
+        environment: "production",
+        tokenSuffix: "abcd1234",
+      });
+
+      const result = await sendApnsRelayPush({
+        relayConfig: {
+          baseUrl: "https://relay.example.com",
+          timeoutMs: 1000,
+        },
+        sendGrant: "send-grant-123",
+        relayHandle: "relay-handle-123",
+        payload: { aps: { alert: { title: "Wake", body: "Ping" } } },
+        pushType: "alert",
+        priority: "10",
+        gatewayIdentity: relayGatewayIdentity,
+        requestSender: sender,
+      });
+
+      expect(sender).toHaveBeenCalledTimes(1);
+      const sent = sender.mock.calls[0]?.[0];
+      expect(sent).toMatchObject({
+        relayConfig: {
+          baseUrl: "https://relay.example.com",
+          timeoutMs: 1000,
+        },
+        sendGrant: "send-grant-123",
+        relayHandle: "relay-handle-123",
+        gatewayDeviceId: relayGatewayIdentity.deviceId,
+        signedAtMs: 123_456_789,
+        pushType: "alert",
+        priority: "10",
+        payload: { aps: { alert: { title: "Wake", body: "Ping" } } },
+      });
+      expect(sent?.bodyJson).toBe(
+        JSON.stringify({
+          relayHandle: "relay-handle-123",
+          pushType: "alert",
+          priority: 10,
+          payload: { aps: { alert: { title: "Wake", body: "Ping" } } },
+        }),
+      );
+      expect(
+        verifyDeviceSignature(
+          relayGatewayIdentity.publicKey,
+          [
+            "openclaw-relay-send-v1",
+            sent?.gatewayDeviceId,
+            String(sent?.signedAtMs),
+            sent?.bodyJson,
+          ].join("\n"),
+          sent?.signature ?? "",
+        ),
+      ).toBe(true);
+      expect(result).toMatchObject({
+        ok: true,
+        status: 200,
+        apnsId: "relay-apns-id",
+        environment: "production",
+        tokenSuffix: "abcd1234",
+      });
+    });
+
+    it("does not follow relay redirects", async () => {
+      const fetchMock = vi.fn().mockResolvedValue({
+        ok: false,
+        status: 302,
+        json: vi.fn().mockRejectedValue(new Error("no body")),
+      });
+      vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch);
+
+      const result = await sendApnsRelayPush({
+        relayConfig: {
+          baseUrl: "https://relay.example.com",
+          timeoutMs: 1000,
+        },
+        sendGrant: "send-grant-123",
+        relayHandle: "relay-handle-123",
+        payload: { aps: { "content-available": 1 } },
+        pushType: "background",
+        priority: "5",
+        gatewayIdentity: relayGatewayIdentity,
+      });
+
+      expect(fetchMock).toHaveBeenCalledTimes(1);
+      expect(fetchMock.mock.calls[0]?.[1]).toMatchObject({ redirect: "manual" });
+      expect(result).toMatchObject({
+        ok: false,
+        status: 302,
+        reason: "RelayRedirectNotAllowed",
+        environment: "production",
+      });
+    });
+
+    it("falls back to fetch status when the relay body is not JSON", async () => {
+      const fetchMock = vi.fn().mockResolvedValue({
+        ok: true,
+        status: 202,
+        json: vi.fn().mockRejectedValue(new Error("bad json")),
+      });
+      vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch);
+
+      await expect(
+        sendApnsRelayPush({
+          relayConfig: {
+            baseUrl: "https://relay.example.com",
+            timeoutMs: 1000,
+          },
+          sendGrant: "send-grant-123",
+          relayHandle: "relay-handle-123",
+          payload: { aps: { "content-available": 1 } },
+          pushType: "background",
+          priority: "5",
+          gatewayIdentity: relayGatewayIdentity,
+        }),
+      ).resolves.toEqual({
+        ok: true,
+        status: 202,
+        apnsId: undefined,
+        reason: undefined,
+        environment: "production",
+        tokenSuffix: undefined,
+      });
+    });
+
+    it("normalizes relay JSON response fields", async () => {
+      const fetchMock = vi.fn().mockResolvedValue({
+        ok: true,
+        status: 202,
+        json: vi.fn().mockResolvedValue({
+          ok: false,
+          status: 410,
+          apnsId: " relay-apns-id ",
+          reason: " Unregistered ",
+          tokenSuffix: " abcd1234 ",
+        }),
+      });
+      vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch);
+
+      await expect(
+        sendApnsRelayPush({
+          relayConfig: {
+            baseUrl: "https://relay.example.com",
+            timeoutMs: 1000,
+          },
+          sendGrant: "send-grant-123",
+          relayHandle: "relay-handle-123",
+          payload: { aps: { "content-available": 1 } },
+          pushType: "background",
+          priority: "5",
+          gatewayIdentity: relayGatewayIdentity,
+        }),
+      ).resolves.toEqual({
+        ok: false,
+        status: 410,
+        apnsId: "relay-apns-id",
+        reason: "Unregistered",
+        environment: "production",
+        tokenSuffix: "abcd1234",
+      });
+    });
+  });
+});
diff --git a/src/infra/push-apns.store.test.ts b/src/infra/push-apns.store.test.ts
new file mode 100644
index 00000000000..210a9f791c6
--- /dev/null
+++ b/src/infra/push-apns.store.test.ts
@@ -0,0 +1,308 @@
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+import { afterEach, describe, expect, it, vi } from "vitest";
+import {
+  clearApnsRegistration,
+  clearApnsRegistrationIfCurrent,
+  loadApnsRegistration,
+  registerApnsRegistration,
+  registerApnsToken,
+} from "./push-apns.js";
+
+const tempDirs: string[] = [];
+
+async function makeTempDir(): Promise<string> {
+  const dir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-push-apns-store-test-"));
+  tempDirs.push(dir);
+  return dir;
+}
+
+afterEach(async () => {
+  while (tempDirs.length > 0) {
+    const dir = tempDirs.pop();
+    if (dir) {
+      await fs.rm(dir, { recursive: true, force: true });
+    }
+  }
+});
+
+describe("push APNs registration store", () => {
+  it("stores and reloads direct APNs registrations", async () => {
+    const baseDir = await makeTempDir();
+    const saved = await registerApnsToken({
+      nodeId: "ios-node-1",
+      token: "ABCD1234ABCD1234ABCD1234ABCD1234",
+      topic: "ai.openclaw.ios",
+      environment: "sandbox",
+      baseDir,
+    });
+
+    const loaded = await loadApnsRegistration("ios-node-1", baseDir);
+    expect(loaded).toMatchObject({
+      nodeId: "ios-node-1",
+      transport: "direct",
+      topic: "ai.openclaw.ios",
+      environment: "sandbox",
+      updatedAtMs: saved.updatedAtMs,
+    });
+    expect(loaded && loaded.transport === "direct" ? loaded.token : null).toBe(
+      "abcd1234abcd1234abcd1234abcd1234",
+    );
+  });
+
+  it("stores relay-backed registrations without a raw token", async () => {
+    const baseDir = await makeTempDir();
+    const saved = await registerApnsRegistration({
+      nodeId: "ios-node-relay",
+      transport: "relay",
+      relayHandle: "relay-handle-123",
+      sendGrant: "send-grant-123",
+      installationId: "install-123",
+      topic: "ai.openclaw.ios",
+      environment: "production",
+      distribution: "official",
+      tokenDebugSuffix: " abcd-1234 ",
+      baseDir,
+    });
+
+    const loaded = await loadApnsRegistration("ios-node-relay", baseDir);
+    expect(saved.transport).toBe("relay");
+    expect(loaded).toMatchObject({
+      nodeId: "ios-node-relay",
+      transport: "relay",
+      relayHandle: "relay-handle-123",
+      sendGrant: "send-grant-123",
+      installationId: "install-123",
+      topic: "ai.openclaw.ios",
+      environment: "production",
+      distribution: "official",
+      tokenDebugSuffix: "abcd1234",
+    });
+    expect(loaded && "token" in loaded).toBe(false);
+  });
+
+  it("normalizes legacy direct records from disk and ignores invalid entries", async () => {
+    const baseDir = await makeTempDir();
+    const statePath = path.join(baseDir, "push", "apns-registrations.json");
+    await fs.mkdir(path.dirname(statePath), { recursive: true });
+    await fs.writeFile(
+      statePath,
+      `${JSON.stringify(
+        {
+          registrationsByNodeId: {
+            " ios-node-legacy ": {
+              nodeId: " ios-node-legacy ",
+              token: "<ABCD1234ABCD1234ABCD1234ABCD1234>",
+              topic: " ai.openclaw.ios ",
+              environment: " PRODUCTION ",
+              updatedAtMs: 3,
+            },
+            "   ": {
+              nodeId: " ios-node-fallback ",
+              token: "<ABCD1234ABCD1234ABCD1234ABCD1234>",
+              topic: " ai.openclaw.ios ",
+              updatedAtMs: 2,
+            },
+            "ios-node-bad-relay": {
+              transport: "relay",
+              nodeId: "ios-node-bad-relay",
+              relayHandle: "relay-handle-123",
+              sendGrant: "send-grant-123",
+              installationId: "install-123",
+              topic: "ai.openclaw.ios",
+              environment: "production",
+              distribution: "beta",
+              updatedAtMs: 1,
+            },
+          },
+        },
+        null,
+        2,
+      )}\n`,
+      "utf8",
+    );
+
+    await expect(loadApnsRegistration("ios-node-legacy", baseDir)).resolves.toMatchObject({
+      nodeId: "ios-node-legacy",
+      transport: "direct",
+      token: "abcd1234abcd1234abcd1234abcd1234",
+      topic: "ai.openclaw.ios",
+      environment: "production",
+      updatedAtMs: 3,
+    });
+    await expect(loadApnsRegistration("ios-node-fallback", baseDir)).resolves.toMatchObject({
+      nodeId: "ios-node-fallback",
+      transport: "direct",
+      topic: "ai.openclaw.ios",
+      environment: "sandbox",
+      updatedAtMs: 2,
+    });
+    await expect(loadApnsRegistration("ios-node-bad-relay", baseDir)).resolves.toBeNull();
+  });
+
+  it("falls back cleanly for malformed or missing registration state", async () => {
+    const baseDir = await makeTempDir();
+    const statePath = path.join(baseDir, "push", "apns-registrations.json");
+    await fs.mkdir(path.dirname(statePath), { recursive: true });
+    await fs.writeFile(statePath, "[]", "utf8");
+
+    await expect(loadApnsRegistration("ios-node-missing", baseDir)).resolves.toBeNull();
+    await expect(loadApnsRegistration("   ", baseDir)).resolves.toBeNull();
+    await expect(clearApnsRegistration("   ", baseDir)).resolves.toBe(false);
+    await expect(clearApnsRegistration("ios-node-missing", baseDir)).resolves.toBe(false);
+  });
+
+  it("rejects invalid direct and relay registration inputs", async () => {
+    const baseDir = await makeTempDir();
+    const oversized = "x".repeat(257);
+
+    await expect(
+      registerApnsToken({
+        nodeId: "ios-node-1",
+        token: "not-a-token",
+        topic: "ai.openclaw.ios",
+        baseDir,
+      }),
+    ).rejects.toThrow("invalid APNs token");
+    await expect(
+      registerApnsToken({
+        nodeId: "n".repeat(257),
+        token: "ABCD1234ABCD1234ABCD1234ABCD1234",
+        topic: "ai.openclaw.ios",
+        baseDir,
+      }),
+    ).rejects.toThrow("nodeId required");
+    await expect(
+      registerApnsToken({
+        nodeId: "ios-node-1",
+        token: "A".repeat(513),
+        topic: "ai.openclaw.ios",
+        baseDir,
+      }),
+    ).rejects.toThrow("invalid APNs token");
+    await expect(
+      registerApnsToken({
+        nodeId: "ios-node-1",
+        token: "ABCD1234ABCD1234ABCD1234ABCD1234",
+        topic: "a".repeat(256),
+        baseDir,
+      }),
+    ).rejects.toThrow("topic required");
+    await expect(
+      registerApnsRegistration({
+        nodeId: "ios-node-relay",
+        transport: "relay",
+        relayHandle: "relay-handle-123",
+        sendGrant: "send-grant-123",
+        installationId: "install-123",
+        topic: "ai.openclaw.ios",
+        environment: "staging",
+        distribution: "official",
+        baseDir,
+      }),
+    ).rejects.toThrow("relay registrations must use production environment");
+    await expect(
+      registerApnsRegistration({
+        nodeId: "ios-node-relay",
+        transport: "relay",
+        relayHandle: "relay-handle-123",
+        sendGrant: "send-grant-123",
+        installationId: "install-123",
+        topic: "ai.openclaw.ios",
+        environment: "production",
+        distribution: "beta",
+        baseDir,
+      }),
+    ).rejects.toThrow("relay registrations must use official distribution");
+    await expect(
+      registerApnsRegistration({
+        nodeId: "ios-node-relay",
+        transport: "relay",
+        relayHandle: oversized,
+        sendGrant: "send-grant-123",
+        installationId: "install-123",
+        topic: "ai.openclaw.ios",
+        environment: "production",
+        distribution: "official",
+        baseDir,
+      }),
+    ).rejects.toThrow("relayHandle too long");
+    await expect(
+      registerApnsRegistration({
+        nodeId: "ios-node-relay",
+        transport: "relay",
+        relayHandle: "relay-handle-123",
+        sendGrant: "send-grant-123",
+        installationId: oversized,
+        topic: "ai.openclaw.ios",
+        environment: "production",
+        distribution: "official",
+        baseDir,
+      }),
+    ).rejects.toThrow("installationId too long");
+    await expect(
+      registerApnsRegistration({
+        nodeId: "ios-node-relay",
+        transport: "relay",
+        relayHandle: "relay-handle-123",
+        sendGrant: "x".repeat(1025),
+        installationId: "install-123",
+        topic: "ai.openclaw.ios",
+        environment: "production",
+        distribution: "official",
+        baseDir,
+      }),
+    ).rejects.toThrow("sendGrant too long");
+  });
+
+  it("persists with a trailing newline and clears registrations", async () => {
+    const baseDir = await makeTempDir();
+    await registerApnsToken({
+      nodeId: "ios-node-1",
+      token: "ABCD1234ABCD1234ABCD1234ABCD1234",
+      topic: "ai.openclaw.ios",
+      baseDir,
+    });
+
+    const statePath = path.join(baseDir, "push", "apns-registrations.json");
+    await expect(fs.readFile(statePath, "utf8")).resolves.toMatch(/\n$/);
+    await expect(clearApnsRegistration("ios-node-1", baseDir)).resolves.toBe(true);
+    await expect(loadApnsRegistration("ios-node-1", baseDir)).resolves.toBeNull();
+  });
+
+  it("only clears a registration when the stored entry still matches", async () => {
+    vi.useFakeTimers();
+    try {
+      const baseDir = await makeTempDir();
+      vi.setSystemTime(new Date("2026-03-11T00:00:00Z"));
+      const stale = await registerApnsToken({
+        nodeId: "ios-node-1",
+        token: "ABCD1234ABCD1234ABCD1234ABCD1234",
+        topic: "ai.openclaw.ios",
+        environment: "sandbox",
+        baseDir,
+      });
+
+      vi.setSystemTime(new Date("2026-03-11T00:00:01Z"));
+      const fresh = await registerApnsToken({
+        nodeId: "ios-node-1",
+        token: "ABCD1234ABCD1234ABCD1234ABCD1234",
+        topic: "ai.openclaw.ios",
+        environment: "sandbox",
+        baseDir,
+      });
+
+      await expect(
+        clearApnsRegistrationIfCurrent({
+          nodeId: "ios-node-1",
+          registration: stale,
+          baseDir,
+        }),
+      ).resolves.toBe(false);
+      await expect(loadApnsRegistration("ios-node-1", baseDir)).resolves.toEqual(fresh);
+    } finally {
+      vi.useRealTimers();
+    }
+  });
+});
diff --git a/src/infra/push-apns.test.ts b/src/infra/push-apns.test.ts
index a2c616e81b4..c649e2514ba 100644
--- a/src/infra/push-apns.test.ts
+++ b/src/infra/push-apns.test.ts
@@ -1,53 +1,10 @@
 import { generateKeyPairSync } from "node:crypto";
-import fs from "node:fs/promises";
-import os from "node:os";
-import path from "node:path";
 import { afterEach, describe, expect, it, vi } from "vitest";
-import {
-  deriveDeviceIdFromPublicKey,
-  publicKeyRawBase64UrlFromPem,
-  verifyDeviceSignature,
-} from "./device-identity.js";
-import {
-  clearApnsRegistration,
-  clearApnsRegistrationIfCurrent,
-  loadApnsRegistration,
-  normalizeApnsEnvironment,
-  registerApnsRegistration,
-  registerApnsToken,
-  resolveApnsAuthConfigFromEnv,
-  resolveApnsRelayConfigFromEnv,
-  sendApnsAlert,
-  sendApnsBackgroundWake,
-  shouldClearStoredApnsRegistration,
-  shouldInvalidateApnsRegistration,
-} from "./push-apns.js";
-import { sendApnsRelayPush } from "./push-apns.relay.js";
+import { sendApnsAlert, sendApnsBackgroundWake } from "./push-apns.js";
 
-const tempDirs: string[] = [];
 const testAuthPrivateKey = generateKeyPairSync("ec", { namedCurve: "prime256v1" })
   .privateKey.export({ format: "pem", type: "pkcs8" })
   .toString();
-const relayGatewayIdentity = (() => {
-  const { publicKey, privateKey } = generateKeyPairSync("ed25519");
-  const publicKeyPem = publicKey.export({ format: "pem", type: "spki" }).toString();
-  const publicKeyRaw = publicKeyRawBase64UrlFromPem(publicKeyPem);
-  const deviceId = deriveDeviceIdFromPublicKey(publicKeyRaw);
-  if (!deviceId) {
-    throw new Error("failed to derive test gateway device id");
-  }
-  return {
-    deviceId,
-    publicKey: publicKeyRaw,
-    privateKeyPem: privateKey.export({ format: "pem", type: "pkcs8" }).toString(),
-  };
-})();
-
-async function makeTempDir(): Promise<string> {
-  const dir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-push-apns-test-"));
-  tempDirs.push(dir);
-  return dir;
-}
 
 function createDirectApnsSendFixture(params: {
   nodeId: string;
@@ -72,400 +29,46 @@ function createDirectApnsSendFixture(params: {
   };
 }
 
+function createRelayApnsSendFixture(params: {
+  nodeId: string;
+  relayHandle?: string;
+  tokenDebugSuffix?: string;
+  sendResult: {
+    ok: boolean;
+    status: number;
+    environment: "production";
+    apnsId?: string;
+    reason?: string;
+    tokenSuffix?: string;
+  };
+}) {
+  return {
+    send: vi.fn().mockResolvedValue(params.sendResult),
+    registration: {
+      nodeId: params.nodeId,
+      transport: "relay" as const,
+      relayHandle: params.relayHandle ?? "relay-handle-12345678",
+      sendGrant: "send-grant-123",
+      installationId: "install-123",
+      topic: "ai.openclaw.ios",
+      environment: "production" as const,
+      distribution: "official" as const,
+      updatedAtMs: 1,
+      tokenDebugSuffix: params.tokenDebugSuffix,
+    },
+    relayConfig: {
+      baseUrl: "https://relay.openclaw.test",
+      timeoutMs: 2_500,
+    },
+    gatewayIdentity: {
+      deviceId: "gateway-device-1",
+      privateKeyPem: testAuthPrivateKey,
+    },
+  };
+}
+
 afterEach(async () => {
   vi.unstubAllGlobals();
-  while (tempDirs.length > 0) {
-    const dir = tempDirs.pop();
-    if (dir) {
-      await fs.rm(dir, { recursive: true, force: true });
-    }
-  }
-});
-
-describe("push APNs registration store", () => {
-  it("stores and reloads node APNs registration", async () => {
-    const baseDir = await makeTempDir();
-    const saved = await registerApnsToken({
-      nodeId: "ios-node-1",
-      token: "ABCD1234ABCD1234ABCD1234ABCD1234",
-      topic: "ai.openclaw.ios",
-      environment: "sandbox",
-      baseDir,
-    });
-
-    const loaded = await loadApnsRegistration("ios-node-1", baseDir);
-    expect(loaded).not.toBeNull();
-    expect(loaded?.nodeId).toBe("ios-node-1");
-    expect(loaded?.transport).toBe("direct");
-    expect(loaded && loaded.transport === "direct" ? loaded.token : null).toBe(
-      "abcd1234abcd1234abcd1234abcd1234",
-    );
-    expect(loaded?.topic).toBe("ai.openclaw.ios");
-    expect(loaded?.environment).toBe("sandbox");
-    expect(loaded?.updatedAtMs).toBe(saved.updatedAtMs);
-  });
-
-  it("stores and reloads relay-backed APNs registrations without a raw token", async () => {
-    const baseDir = await makeTempDir();
-    const saved = await registerApnsRegistration({
-      nodeId: "ios-node-relay",
-      transport: "relay",
-      relayHandle: "relay-handle-123",
-      sendGrant: "send-grant-123",
-      installationId: "install-123",
-      topic: "ai.openclaw.ios",
-      environment: "production",
-      distribution: "official",
-      tokenDebugSuffix: "abcd1234",
-      baseDir,
-    });
-
-    const loaded = await loadApnsRegistration("ios-node-relay", baseDir);
-    expect(saved.transport).toBe("relay");
-    expect(loaded).toMatchObject({
-      nodeId: "ios-node-relay",
-      transport: "relay",
-      relayHandle: "relay-handle-123",
-      sendGrant: "send-grant-123",
-      installationId: "install-123",
-      topic: "ai.openclaw.ios",
-      environment: "production",
-      distribution: "official",
-      tokenDebugSuffix: "abcd1234",
-    });
-    expect(loaded && "token" in loaded).toBe(false);
-  });
-
-  it("rejects invalid APNs tokens", async () => {
-    const baseDir = await makeTempDir();
-    await expect(
-      registerApnsToken({
-        nodeId: "ios-node-1",
-        token: "not-a-token",
-        topic: "ai.openclaw.ios",
-        baseDir,
-      }),
-    ).rejects.toThrow("invalid APNs token");
-  });
-
-  it("rejects oversized direct APNs registration fields", async () => {
-    const baseDir = await makeTempDir();
-    await expect(
-      registerApnsToken({
-        nodeId: "n".repeat(257),
-        token: "ABCD1234ABCD1234ABCD1234ABCD1234",
-        topic: "ai.openclaw.ios",
-        baseDir,
-      }),
-    ).rejects.toThrow("nodeId required");
-    await expect(
-      registerApnsToken({
-        nodeId: "ios-node-1",
-        token: "A".repeat(513),
-        topic: "ai.openclaw.ios",
-        baseDir,
-      }),
-    ).rejects.toThrow("invalid APNs token");
-    await expect(
-      registerApnsToken({
-        nodeId: "ios-node-1",
-        token: "ABCD1234ABCD1234ABCD1234ABCD1234",
-        topic: "a".repeat(256),
-        baseDir,
-      }),
-    ).rejects.toThrow("topic required");
-  });
-
-  it("rejects relay registrations that do not use production/official values", async () => {
-    const baseDir = await makeTempDir();
-    await expect(
-      registerApnsRegistration({
-        nodeId: "ios-node-relay",
-        transport: "relay",
-        relayHandle: "relay-handle-123",
-        sendGrant: "send-grant-123",
-        installationId: "install-123",
-        topic: "ai.openclaw.ios",
-        environment: "staging",
-        distribution: "official",
-        baseDir,
-      }),
-    ).rejects.toThrow("relay registrations must use production environment");
-    await expect(
-      registerApnsRegistration({
-        nodeId: "ios-node-relay",
-        transport: "relay",
-        relayHandle: "relay-handle-123",
-        sendGrant: "send-grant-123",
-        installationId: "install-123",
-        topic: "ai.openclaw.ios",
-        environment: "production",
-        distribution: "beta",
-        baseDir,
-      }),
-    ).rejects.toThrow("relay registrations must use official distribution");
-  });
-
-  it("rejects oversized relay registration identifiers", async () => {
-    const baseDir = await makeTempDir();
-    const oversized = "x".repeat(257);
-    await expect(
-      registerApnsRegistration({
-        nodeId: "ios-node-relay",
-        transport: "relay",
-        relayHandle: oversized,
-        sendGrant: "send-grant-123",
-        installationId: "install-123",
-        topic: "ai.openclaw.ios",
-        environment: "production",
-        distribution: "official",
-        baseDir,
-      }),
-    ).rejects.toThrow("relayHandle too long");
-    await expect(
-      registerApnsRegistration({
-        nodeId: "ios-node-relay",
-        transport: "relay",
-        relayHandle: "relay-handle-123",
-        sendGrant: "send-grant-123",
-        installationId: oversized,
-        topic: "ai.openclaw.ios",
-        environment: "production",
-        distribution: "official",
-        baseDir,
-      }),
-    ).rejects.toThrow("installationId too long");
-    await expect(
-      registerApnsRegistration({
-        nodeId: "ios-node-relay",
-        transport: "relay",
-        relayHandle: "relay-handle-123",
-        sendGrant: "x".repeat(1025),
-        installationId: "install-123",
-        topic: "ai.openclaw.ios",
-        environment: "production",
-        distribution: "official",
-        baseDir,
-      }),
-    ).rejects.toThrow("sendGrant too long");
-  });
-
-  it("clears registrations", async () => {
-    const baseDir = await makeTempDir();
-    await registerApnsToken({
-      nodeId: "ios-node-1",
-      token: "ABCD1234ABCD1234ABCD1234ABCD1234",
-      topic: "ai.openclaw.ios",
-      baseDir,
-    });
-
-    await expect(clearApnsRegistration("ios-node-1", baseDir)).resolves.toBe(true);
-    await expect(loadApnsRegistration("ios-node-1", baseDir)).resolves.toBeNull();
-  });
-
-  it("only clears a registration when the stored entry still matches", async () => {
-    vi.useFakeTimers();
-    try {
-      const baseDir = await makeTempDir();
-      vi.setSystemTime(new Date("2026-03-11T00:00:00Z"));
-      const stale = await registerApnsToken({
-        nodeId: "ios-node-1",
-        token: "ABCD1234ABCD1234ABCD1234ABCD1234",
-        topic: "ai.openclaw.ios",
-        environment: "sandbox",
-        baseDir,
-      });
-
-      vi.setSystemTime(new Date("2026-03-11T00:00:01Z"));
-      const fresh = await registerApnsToken({
-        nodeId: "ios-node-1",
-        token: "ABCD1234ABCD1234ABCD1234ABCD1234",
-        topic: "ai.openclaw.ios",
-        environment: "sandbox",
-        baseDir,
-      });
-
-      await expect(
-        clearApnsRegistrationIfCurrent({
-          nodeId: "ios-node-1",
-          registration: stale,
-          baseDir,
-        }),
-      ).resolves.toBe(false);
-      await expect(loadApnsRegistration("ios-node-1", baseDir)).resolves.toEqual(fresh);
-    } finally {
-      vi.useRealTimers();
-    }
-  });
-});
-
-describe("push APNs env config", () => {
-  it("normalizes APNs environment values", () => {
-    expect(normalizeApnsEnvironment("sandbox")).toBe("sandbox");
-    expect(normalizeApnsEnvironment("PRODUCTION")).toBe("production");
-    expect(normalizeApnsEnvironment("staging")).toBeNull();
-  });
-
-  it("resolves inline private key and unescapes newlines", async () => {
-    const env = {
-      OPENCLAW_APNS_TEAM_ID: "TEAM123",
-      OPENCLAW_APNS_KEY_ID: "KEY123",
-      OPENCLAW_APNS_PRIVATE_KEY_P8:
-        "-----BEGIN PRIVATE KEY-----\\nline-a\\nline-b\\n-----END PRIVATE KEY-----", // pragma: allowlist secret
-    } as NodeJS.ProcessEnv;
-    const resolved = await resolveApnsAuthConfigFromEnv(env);
-    expect(resolved.ok).toBe(true);
-    if (!resolved.ok) {
-      return;
-    }
-    expect(resolved.value.privateKey).toContain("\nline-a\n");
-    expect(resolved.value.teamId).toBe("TEAM123");
-    expect(resolved.value.keyId).toBe("KEY123");
-  });
-
-  it("returns an error when required APNs auth vars are missing", async () => {
-    const resolved = await resolveApnsAuthConfigFromEnv({} as NodeJS.ProcessEnv);
-    expect(resolved.ok).toBe(false);
-    if (resolved.ok) {
-      return;
-    }
-    expect(resolved.error).toContain("OPENCLAW_APNS_TEAM_ID");
-  });
-
-  it("resolves APNs relay config from env", () => {
-    const resolved = resolveApnsRelayConfigFromEnv({
-      OPENCLAW_APNS_RELAY_BASE_URL: "https://relay.example.com",
-      OPENCLAW_APNS_RELAY_TIMEOUT_MS: "2500",
-    } as NodeJS.ProcessEnv);
-    expect(resolved).toMatchObject({
-      ok: true,
-      value: {
-        baseUrl: "https://relay.example.com",
-        timeoutMs: 2500,
-      },
-    });
-  });
-
-  it("resolves APNs relay config from gateway config", () => {
-    const resolved = resolveApnsRelayConfigFromEnv({} as NodeJS.ProcessEnv, {
-      push: {
-        apns: {
-          relay: {
-            baseUrl: "https://relay.example.com/base/",
-            timeoutMs: 2500,
-          },
-        },
-      },
-    });
-    expect(resolved).toMatchObject({
-      ok: true,
-      value: {
-        baseUrl: "https://relay.example.com/base",
-        timeoutMs: 2500,
-      },
-    });
-  });
-
-  it("lets relay env overrides win over gateway config", () => {
-    const resolved = resolveApnsRelayConfigFromEnv(
-      {
-        OPENCLAW_APNS_RELAY_BASE_URL: "https://relay-override.example.com",
-        OPENCLAW_APNS_RELAY_TIMEOUT_MS: "3000",
-      } as NodeJS.ProcessEnv,
-      {
-        push: {
-          apns: {
-            relay: {
-              baseUrl: "https://relay.example.com",
-              timeoutMs: 2500,
-            },
-          },
-        },
-      },
-    );
-    expect(resolved).toMatchObject({
-      ok: true,
-      value: {
-        baseUrl: "https://relay-override.example.com",
-        timeoutMs: 3000,
-      },
-    });
-  });
-
-  it("rejects insecure APNs relay http URLs by default", () => {
-    const resolved = resolveApnsRelayConfigFromEnv({
-      OPENCLAW_APNS_RELAY_BASE_URL: "http://relay.example.com",
-    } as NodeJS.ProcessEnv);
-    expect(resolved).toMatchObject({
-      ok: false,
-    });
-    if (resolved.ok) {
-      return;
-    }
-    expect(resolved.error).toContain("OPENCLAW_APNS_RELAY_ALLOW_HTTP=true");
-  });
-
-  it("allows APNs relay http URLs only when explicitly enabled", () => {
-    const resolved = resolveApnsRelayConfigFromEnv({
-      OPENCLAW_APNS_RELAY_BASE_URL: "http://127.0.0.1:8787",
-      OPENCLAW_APNS_RELAY_ALLOW_HTTP: "true",
-    } as NodeJS.ProcessEnv);
-    expect(resolved).toMatchObject({
-      ok: true,
-      value: {
-        baseUrl: "http://127.0.0.1:8787",
-        timeoutMs: 10_000,
-      },
-    });
-  });
-
-  it("rejects http relay URLs for non-loopback hosts even when explicitly enabled", () => {
-    const resolved = resolveApnsRelayConfigFromEnv({
-      OPENCLAW_APNS_RELAY_BASE_URL: "http://relay.example.com",
-      OPENCLAW_APNS_RELAY_ALLOW_HTTP: "true",
-    } as NodeJS.ProcessEnv);
-    expect(resolved).toMatchObject({
-      ok: false,
-    });
-    if (resolved.ok) {
-      return;
-    }
-    expect(resolved.error).toContain("loopback hosts");
-  });
-
-  it("rejects APNs relay URLs with query, fragment, or userinfo components", () => {
-    const withQuery = resolveApnsRelayConfigFromEnv({
-      OPENCLAW_APNS_RELAY_BASE_URL: "https://relay.example.com/path?debug=1",
-    } as NodeJS.ProcessEnv);
-    expect(withQuery.ok).toBe(false);
-    if (!withQuery.ok) {
-      expect(withQuery.error).toContain("query and fragment are not allowed");
-    }
-
-    const withUserinfo = resolveApnsRelayConfigFromEnv({
-      OPENCLAW_APNS_RELAY_BASE_URL: "https://user:pass@relay.example.com/path",
-    } as NodeJS.ProcessEnv);
-    expect(withUserinfo.ok).toBe(false);
-    if (!withUserinfo.ok) {
-      expect(withUserinfo.error).toContain("userinfo is not allowed");
-    }
-  });
-
-  it("reports the config key name for invalid gateway relay URLs", () => {
-    const resolved = resolveApnsRelayConfigFromEnv({} as NodeJS.ProcessEnv, {
-      push: {
-        apns: {
-          relay: {
-            baseUrl: "https://relay.example.com/path?debug=1",
-          },
-        },
-      },
-    });
-    expect(resolved.ok).toBe(false);
-    if (!resolved.ok) {
-      expect(resolved.error).toContain("gateway.push.apns.relay.baseUrl");
-    }
-  });
 });
 
 describe("push APNs send semantics", () => {
@@ -550,6 +153,63 @@ describe("push APNs send semantics", () => {
     expect(result.transport).toBe("direct");
   });
 
+  it("parses direct send failures and clamps sub-second timeouts", async () => {
+    const { send, registration, auth } = createDirectApnsSendFixture({
+      nodeId: "ios-node-direct-fail",
+      environment: "sandbox",
+      sendResult: {
+        status: 400,
+        apnsId: "apns-direct-fail-id",
+        body: '{"reason":" BadDeviceToken "}',
+      },
+    });
+
+    const result = await sendApnsAlert({
+      registration,
+      nodeId: "ios-node-direct-fail",
+      title: "Wake",
+      body: "Ping",
+      auth,
+      requestSender: send,
+      timeoutMs: 50,
+    });
+
+    expect(send.mock.calls[0]?.[0]?.timeoutMs).toBe(1000);
+    expect(result).toMatchObject({
+      ok: false,
+      status: 400,
+      apnsId: "apns-direct-fail-id",
+      reason: "BadDeviceToken",
+      tokenSuffix: "abcd1234",
+      transport: "direct",
+    });
+  });
+
+  it("fails closed before sending when direct registrations carry invalid topics", async () => {
+    const { send, registration, auth } = createDirectApnsSendFixture({
+      nodeId: "ios-node-invalid-topic",
+      environment: "sandbox",
+      sendResult: {
+        status: 200,
+        apnsId: "unused",
+        body: "",
+      },
+    });
+
+    await expect(
+      sendApnsAlert({
+        registration: { ...registration, topic: "   " },
+        nodeId: "ios-node-invalid-topic",
+        title: "Wake",
+        body: "Ping",
+        auth,
+        requestSender: send,
+      }),
+    ).rejects.toThrow("topic required");
+
+    expect(send).not.toHaveBeenCalled();
+  });
+
   it("defaults background wake reason when not provided", async () => {
     const { send, registration, auth } = createDirectApnsSendFixture({
       nodeId: "ios-node-wake-default-reason",
@@ -578,43 +238,35 @@ describe("push APNs send semantics", () => {
     });
   });
 
-  it("routes relay-backed alert pushes through the relay sender", async () => {
-    const send = vi.fn().mockResolvedValue({
-      ok: true,
-      status: 200,
-      apnsId: "relay-apns-id",
-      environment: "production",
-      tokenSuffix: "abcd1234",
+  it("sends relay alert pushes and falls back to the stored token debug suffix", async () => {
+    const { send, registration, relayConfig, gatewayIdentity } = createRelayApnsSendFixture({
+      nodeId: "ios-node-relay-alert",
+      tokenDebugSuffix: "deadbeef",
+      sendResult: {
+        ok: true,
+        status: 202,
+        apnsId: "relay-alert-id",
+        environment: "production",
+      },
     });
 
     const result = await sendApnsAlert({
-      relayConfig: {
-        baseUrl: "https://relay.example.com",
-        timeoutMs: 1000,
-      },
-      registration: {
-        nodeId: "ios-node-relay",
-        transport: "relay",
-        relayHandle: "relay-handle-123",
-        sendGrant: "send-grant-123",
-        installationId: "install-123",
-        topic: "ai.openclaw.ios",
-        environment: "production",
-        distribution: "official",
-        updatedAtMs: 1,
-        tokenDebugSuffix: "abcd1234",
-      },
-      nodeId: "ios-node-relay",
+      registration,
+      nodeId: "ios-node-relay-alert",
       title: "Wake",
       body: "Ping",
-      relayGatewayIdentity: relayGatewayIdentity,
+      relayConfig,
+      relayGatewayIdentity: gatewayIdentity,
       relayRequestSender: send,
     });
 
     expect(send).toHaveBeenCalledTimes(1);
-    expect(send.mock.calls[0]?.[0]).toMatchObject({
-      relayHandle: "relay-handle-123",
-      gatewayDeviceId: relayGatewayIdentity.deviceId,
+    const sent = send.mock.calls[0]?.[0];
+    expect(sent).toMatchObject({
+      relayConfig,
+      sendGrant: "send-grant-123",
+      relayHandle: "relay-handle-12345678",
+      gatewayDeviceId: "gateway-device-1",
       pushType: "alert",
       priority: "10",
       payload: {
@@ -624,111 +276,63 @@ describe("push APNs send semantics", () => {
         },
       },
     });
-    const sent = send.mock.calls[0]?.[0];
-    expect(typeof sent?.signature).toBe("string");
-    expect(typeof sent?.signedAtMs).toBe("number");
-    const signedPayload = [
-      "openclaw-relay-send-v1",
-      sent?.gatewayDeviceId,
-      String(sent?.signedAtMs),
-      sent?.bodyJson,
-    ].join("\n");
-    expect(
-      verifyDeviceSignature(relayGatewayIdentity.publicKey, signedPayload, sent?.signature),
-    ).toBe(true);
+    expect(sent?.signature).toEqual(expect.any(String));
     expect(result).toMatchObject({
       ok: true,
-      status: 200,
-      transport: "relay",
+      status: 202,
+      apnsId: "relay-alert-id",
+      tokenSuffix: "deadbeef",
       environment: "production",
-      tokenSuffix: "abcd1234",
+      transport: "relay",
     });
   });
 
-  it("does not follow relay redirects", async () => {
-    const fetchMock = vi.fn().mockResolvedValue({
-      ok: false,
-      status: 302,
-      json: vi.fn().mockRejectedValue(new Error("no body")),
-    });
-    vi.stubGlobal("fetch", fetchMock as unknown as typeof fetch);
-
-    const result = await sendApnsRelayPush({
-      relayConfig: {
-        baseUrl: "https://relay.example.com",
-        timeoutMs: 1000,
+  it("sends relay background pushes and falls back to the relay handle suffix", async () => {
+    const { send, registration, relayConfig, gatewayIdentity } = createRelayApnsSendFixture({
+      nodeId: "ios-node-relay-wake",
+      tokenDebugSuffix: undefined,
+      sendResult: {
+        ok: false,
+        status: 429,
+        reason: "TooManyRequests",
+        environment: "production",
       },
+    });
+
+    const result = await sendApnsBackgroundWake({
+      registration,
+      nodeId: "ios-node-relay-wake",
+      wakeReason: "queue.retry",
+      relayConfig,
+      relayGatewayIdentity: gatewayIdentity,
+      relayRequestSender: send,
+    });
+
+    expect(send).toHaveBeenCalledTimes(1);
+    const sent = send.mock.calls[0]?.[0];
+    expect(sent).toMatchObject({
+      relayConfig,
       sendGrant: "send-grant-123",
-      relayHandle: "relay-handle-123",
-      payload: { aps: { "content-available": 1 } },
+      relayHandle: "relay-handle-12345678",
+      gatewayDeviceId: "gateway-device-1",
       pushType: "background",
       priority: "5",
-      gatewayIdentity: relayGatewayIdentity,
+      payload: {
+        aps: { "content-available": 1 },
+        openclaw: {
+          kind: "node.wake",
+          reason: "queue.retry",
+          nodeId: "ios-node-relay-wake",
+        },
+      },
     });
-
-    expect(fetchMock).toHaveBeenCalledTimes(1);
-    expect(fetchMock.mock.calls[0]?.[1]).toMatchObject({ redirect: "manual" });
     expect(result).toMatchObject({
       ok: false,
-      status: 302,
-      reason: "RelayRedirectNotAllowed",
+      status: 429,
+      reason: "TooManyRequests",
+      tokenSuffix: "12345678",
       environment: "production",
+      transport: "relay",
     });
   });
-
-  it("flags invalid device responses for registration invalidation", () => {
-    expect(shouldInvalidateApnsRegistration({ status: 400, reason: "BadDeviceToken" })).toBe(true);
-    expect(shouldInvalidateApnsRegistration({ status: 410, reason: "Unregistered" })).toBe(true);
-    expect(shouldInvalidateApnsRegistration({ status: 429, reason: "TooManyRequests" })).toBe(
-      false,
-    );
-  });
-
-  it("only clears stored registrations for direct APNs failures without an override mismatch", () => {
-    expect(
-      shouldClearStoredApnsRegistration({
-        registration: {
-          nodeId: "ios-node-direct",
-          transport: "direct",
-          token: "ABCD1234ABCD1234ABCD1234ABCD1234",
-          topic: "ai.openclaw.ios",
-          environment: "sandbox",
-          updatedAtMs: 1,
-        },
-        result: { status: 400, reason: "BadDeviceToken" },
-      }),
-    ).toBe(true);
-
-    expect(
-      shouldClearStoredApnsRegistration({
-        registration: {
-          nodeId: "ios-node-relay",
-          transport: "relay",
-          relayHandle: "relay-handle-123",
-          sendGrant: "send-grant-123",
-          installationId: "install-123",
-          topic: "ai.openclaw.ios",
-          environment: "production",
-          distribution: "official",
-          updatedAtMs: 1,
-        },
-        result: { status: 410, reason: "Unregistered" },
-      }),
-    ).toBe(false);
-
-    expect(
-      shouldClearStoredApnsRegistration({
-        registration: {
-          nodeId: "ios-node-direct",
-          transport: "direct",
-          token: "ABCD1234ABCD1234ABCD1234ABCD1234",
-          topic: "ai.openclaw.ios",
-          environment: "sandbox",
-          updatedAtMs: 1,
-        },
-        result: { status: 400, reason: "BadDeviceToken" },
-        overrideEnvironment: "production",
-      }),
-    ).toBe(false);
-  });
 });
diff --git a/src/infra/run-node.test.ts b/src/infra/run-node.test.ts
index 1007b2c6141..0b8cf1090bc 100644
--- a/src/infra/run-node.test.ts
+++ b/src/infra/run-node.test.ts
@@ -137,8 +137,8 @@ describe("run-node script", () => {
 
   it("returns the build exit code when the compiler step fails", async () => {
     await withTempDir(async (tmp) => {
-      const spawn = (cmd: string) => {
-        if (cmd === "pnpm") {
+      const spawn = (cmd: string, args: string[] = []) => {
+        if (cmd === "pnpm" || (cmd === "cmd.exe" && args.includes("pnpm"))) {
           return createExitedProcess(23);
         }
         return createExitedProcess(0);
diff --git a/src/infra/runtime-status.test.ts b/src/infra/runtime-status.test.ts
index fc79afe5bee..132cffae072 100644
--- a/src/infra/runtime-status.test.ts
+++ b/src/infra/runtime-status.test.ts
@@ -4,6 +4,7 @@ import { formatRuntimeStatusWithDetails } from "./runtime-status.js";
 describe("formatRuntimeStatusWithDetails", () => {
   it("falls back to unknown when status is missing", () => {
     expect(formatRuntimeStatusWithDetails({})).toBe("unknown");
+    expect(formatRuntimeStatusWithDetails({ status: "   " })).toBe("unknown");
   });
 
   it("includes pid, distinct state, and non-empty details", () => {
@@ -17,6 +18,16 @@ describe("formatRuntimeStatusWithDetails", () => {
     ).toBe("running (pid 1234, state sleeping, healthy, port 18789)");
   });
 
+  it("trims distinct state and detail text before formatting", () => {
+    expect(
+      formatRuntimeStatusWithDetails({
+        status: "running",
+        state: " sleeping ",
+        details: [" healthy ", "  port 18789  "],
+      }),
+    ).toBe("running (state sleeping, healthy, port 18789)");
+  });
+
   it("omits duplicate state text and falsy pid values", () => {
     expect(
       formatRuntimeStatusWithDetails({
@@ -26,5 +37,22 @@ describe("formatRuntimeStatusWithDetails", () => {
         details: [],
       }),
     ).toBe("running");
+    expect(
+      formatRuntimeStatusWithDetails({
+        status: " RUNNING ",
+        state: "running",
+        details: [],
+      }),
+    ).toBe("RUNNING");
+  });
+
+  it("drops whitespace-only state and detail entries", () => {
+    expect(
+      formatRuntimeStatusWithDetails({
+        status: "running",
+        state: "   ",
+        details: ["", "   "],
+      }),
+    ).toBe("running");
   });
 });
diff --git a/src/infra/runtime-status.ts b/src/infra/runtime-status.ts
index 110a81084ff..e826c5cd32e 100644
--- a/src/infra/runtime-status.ts
+++ b/src/infra/runtime-status.ts
@@ -11,17 +11,19 @@ export function formatRuntimeStatusWithDetails({
   state,
   details = [],
 }: RuntimeStatusFormatInput): string {
-  const runtimeStatus = status ?? "unknown";
+  const runtimeStatus = status?.trim() || "unknown";
   const fullDetails: string[] = [];
   if (pid) {
     fullDetails.push(`pid ${pid}`);
   }
-  if (state && state.toLowerCase() !== runtimeStatus) {
-    fullDetails.push(`state ${state}`);
+  const normalizedState = state?.trim();
+  if (normalizedState && normalizedState.toLowerCase() !== runtimeStatus.toLowerCase()) {
+    fullDetails.push(`state ${normalizedState}`);
   }
   for (const detail of details) {
-    if (detail) {
-      fullDetails.push(detail);
+    const normalizedDetail = detail.trim();
+    if (normalizedDetail) {
+      fullDetails.push(normalizedDetail);
     }
   }
   return fullDetails.length > 0 ? `${runtimeStatus} (${fullDetails.join(", ")})` : runtimeStatus;
diff --git a/src/infra/scp-host.test.ts b/src/infra/scp-host.test.ts
index 78498b997ce..ab8517b5f69 100644
--- a/src/infra/scp-host.test.ts
+++ b/src/infra/scp-host.test.ts
@@ -1,5 +1,10 @@
 import { describe, expect, it } from "vitest";
-import { isSafeScpRemoteHost, normalizeScpRemoteHost } from "./scp-host.js";
+import {
+  isSafeScpRemoteHost,
+  isSafeScpRemotePath,
+  normalizeScpRemoteHost,
+  normalizeScpRemotePath,
+} from "./scp-host.js";
 
 describe("scp remote host", () => {
   it.each([
@@ -33,3 +38,40 @@ describe("scp remote host", () => {
     expect(isSafeScpRemoteHost(value)).toBe(false);
   });
 });
+
+describe("scp remote path", () => {
+  it.each([
+    {
+      value: "/Users/demo/Library/Messages/Attachments/ab/cd/photo.jpg",
+      expected: "/Users/demo/Library/Messages/Attachments/ab/cd/photo.jpg",
+    },
+    {
+      value: " /Users/demo/Library/Messages/Attachments/ab/cd/IMG 1234 (1).jpg ",
+      expected: "/Users/demo/Library/Messages/Attachments/ab/cd/IMG 1234 (1).jpg",
+    },
+  ])("normalizes safe paths for %j", ({ value, expected }) => {
+    expect(normalizeScpRemotePath(value)).toBe(expected);
+    expect(isSafeScpRemotePath(value)).toBe(true);
+  });
+
+  it.each([
+    null,
+    undefined,
+    "",
+    "   ",
+    "relative/path.jpg",
+    "/Users/demo/Library/Messages/Attachments/ab/cd/bad$path.jpg",
+    "/Users/demo/Library/Messages/Attachments/ab/cd/bad`path`.jpg",
+    "/Users/demo/Library/Messages/Attachments/ab/cd/bad;path.jpg",
+    "/Users/demo/Library/Messages/Attachments/ab/cd/bad|path.jpg",
+    "/Users/demo/Library/Messages/Attachments/ab/cd/bad&path.jpg",
+    "/Users/demo/Library/Messages/Attachments/ab/cd/bad<path.jpg",
+    "/Users/demo/Library/Messages/Attachments/ab/cd/bad>path.jpg",
+    '/Users/demo/Library/Messages/Attachments/ab/cd/bad"path.jpg',
+    "/Users/demo/Library/Messages/Attachments/ab/cd/bad'path.jpg",
+    "/Users/demo/Library/Messages/Attachments/ab/cd/bad\\path.jpg",
+  ])("rejects unsafe path tokens: %j", (value) => {
+    expect(normalizeScpRemotePath(value)).toBeUndefined();
+    expect(isSafeScpRemotePath(value)).toBe(false);
+  });
+});
diff --git a/src/infra/scp-host.ts b/src/infra/scp-host.ts
index fb81171af4a..8b09163c202 100644
--- a/src/infra/scp-host.ts
+++ b/src/infra/scp-host.ts
@@ -1,6 +1,7 @@
 const SSH_TOKEN = /^[A-Za-z0-9._-]+$/;
 const BRACKETED_IPV6 = /^\[[0-9A-Fa-f:.%]+\]$/;
 const WHITESPACE = /\s/;
+const SCP_REMOTE_PATH_UNSAFE_CHARS = new Set(["\\", "'", '"', "`", "$", ";", "|", "&", "<", ">"]);
 
 function hasControlOrWhitespace(value: string): boolean {
   for (const char of value) {
@@ -60,3 +61,26 @@ export function normalizeScpRemoteHost(value: string | null | undefined): string
 export function isSafeScpRemoteHost(value: string | null | undefined): boolean {
   return normalizeScpRemoteHost(value) !== undefined;
 }
+
+export function normalizeScpRemotePath(value: string | null | undefined): string | undefined {
+  if (typeof value !== "string") {
+    return undefined;
+  }
+  const trimmed = value.trim();
+  if (!trimmed || !trimmed.startsWith("/")) {
+    return undefined;
+  }
+
+  for (const char of trimmed) {
+    const code = char.charCodeAt(0);
+    if (code <= 0x1f || code === 0x7f || SCP_REMOTE_PATH_UNSAFE_CHARS.has(char)) {
+      return undefined;
+    }
+  }
+
+  return trimmed;
+}
+
+export function isSafeScpRemotePath(value: string | null | undefined): boolean {
+  return normalizeScpRemotePath(value) !== undefined;
+}
diff --git a/src/infra/stable-node-path.ts b/src/infra/stable-node-path.ts
index 116b040eefa..9d4730f5cd7 100644
--- a/src/infra/stable-node-path.ts
+++ b/src/infra/stable-node-path.ts
@@ -1,4 +1,5 @@
 import fs from "node:fs/promises";
+import path from "node:path";
 
 /**
  * Homebrew Cellar paths (e.g. /opt/homebrew/Cellar/node/25.7.0/bin/node)
@@ -8,15 +9,18 @@ import fs from "node:fs/promises";
  *   - Versioned formula "node@22":  <prefix>/opt/node@22/bin/node  (keg-only)
  */
 export async function resolveStableNodePath(nodePath: string): Promise<string> {
-  const cellarMatch = nodePath.match(/^(.+?)\/Cellar\/([^/]+)\/[^/]+\/bin\/node$/);
+  const cellarMatch = nodePath.match(
+    /^(.+?)[\\/]Cellar[\\/]([^\\/]+)[\\/][^\\/]+[\\/]bin[\\/]node$/,
+  );
   if (!cellarMatch) {
     return nodePath;
   }
   const prefix = cellarMatch[1]; // e.g. /opt/homebrew
   const formula = cellarMatch[2]; // e.g. "node" or "node@22"
+  const pathModule = nodePath.includes("\\") ? path.win32 : path.posix;
 
   // Try the Homebrew opt symlink first — works for both default and versioned formulas.
-  const optPath = `${prefix}/opt/${formula}/bin/node`;
+  const optPath = pathModule.join(prefix, "opt", formula, "bin", "node");
   try {
     await fs.access(optPath);
     return optPath;
@@ -26,7 +30,7 @@ export async function resolveStableNodePath(nodePath: string): Promise<string> {
 
   // For the default "node" formula, also try the direct bin symlink.
   if (formula === "node") {
-    const binPath = `${prefix}/bin/node`;
+    const binPath = pathModule.join(prefix, "bin", "node");
     try {
       await fs.access(binPath);
       return binPath;
diff --git a/src/infra/state-migrations.test.ts b/src/infra/state-migrations.test.ts
new file mode 100644
index 00000000000..f8437f85529
--- /dev/null
+++ b/src/infra/state-migrations.test.ts
@@ -0,0 +1,201 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { afterEach, describe, expect, it } from "vitest";
+import type { OpenClawConfig } from "../config/config.js";
+import { resolveChannelAllowFromPath } from "../pairing/pairing-store.js";
+import { createTrackedTempDirs } from "../test-utils/tracked-temp-dirs.js";
+import { detectLegacyStateMigrations, runLegacyStateMigrations } from "./state-migrations.js";
+
+const tempDirs = createTrackedTempDirs();
+const createTempDir = () => tempDirs.make("openclaw-state-migrations-test-");
+
+function createConfig(): OpenClawConfig {
+  return {
+    agents: {
+      list: [{ id: "worker-1", default: true }],
+    },
+    session: {
+      mainKey: "desk",
+    },
+    channels: {
+      telegram: {
+        accounts: {
+          beta: {},
+          alpha: {},
+        },
+      },
+    },
+  } as OpenClawConfig;
+}
+
+function createEnv(stateDir: string): NodeJS.ProcessEnv {
+  return {
+    ...process.env,
+    OPENCLAW_STATE_DIR: stateDir,
+  };
+}
+
+afterEach(async () => {
+  await tempDirs.cleanup();
+});
+
+describe("state migrations", () => {
+  it("detects legacy sessions, agent files, whatsapp auth, and telegram allowFrom copies", async () => {
+    const root = await createTempDir();
+    const stateDir = path.join(root, ".openclaw");
+    const env = createEnv(stateDir);
+    const cfg = createConfig();
+
+    await fs.mkdir(path.join(stateDir, "sessions"), { recursive: true });
+    await fs.mkdir(path.join(stateDir, "agents", "worker-1", "sessions"), { recursive: true });
+    await fs.mkdir(path.join(stateDir, "agent"), { recursive: true });
+    await fs.mkdir(path.join(stateDir, "credentials"), { recursive: true });
+
+    await fs.writeFile(
+      path.join(stateDir, "sessions", "sessions.json"),
+      `${JSON.stringify({ legacyDirect: { sessionId: "legacy-direct", updatedAt: 10 } }, null, 2)}\n`,
+      "utf8",
+    );
+    await fs.writeFile(path.join(stateDir, "sessions", "trace.jsonl"), "{}\n", "utf8");
+    await fs.writeFile(
+      path.join(stateDir, "agents", "worker-1", "sessions", "sessions.json"),
+      `${JSON.stringify({ "group:123@g.us": { sessionId: "group-session", updatedAt: 5 } }, null, 2)}\n`,
+      "utf8",
+    );
+    await fs.writeFile(path.join(stateDir, "agent", "settings.json"), '{"ok":true}\n', "utf8");
+    await fs.writeFile(path.join(stateDir, "credentials", "creds.json"), '{"auth":true}\n', "utf8");
+    await fs.writeFile(
+      path.join(stateDir, "credentials", "oauth.json"),
+      '{"oauth":true}\n',
+      "utf8",
+    );
+    await fs.writeFile(resolveChannelAllowFromPath("telegram", env), '["123","456"]\n', "utf8");
+
+    const detected = await detectLegacyStateMigrations({
+      cfg,
+      env,
+      homedir: () => root,
+    });
+
+    expect(detected.targetAgentId).toBe("worker-1");
+    expect(detected.targetMainKey).toBe("desk");
+    expect(detected.sessions.hasLegacy).toBe(true);
+    expect(detected.sessions.legacyKeys).toEqual(["group:123@g.us"]);
+    expect(detected.agentDir.hasLegacy).toBe(true);
+    expect(detected.whatsappAuth.hasLegacy).toBe(true);
+    expect(detected.pairingAllowFrom.hasLegacyTelegram).toBe(true);
+    expect(detected.pairingAllowFrom.copyPlans.map((plan) => plan.targetPath)).toEqual([
+      resolveChannelAllowFromPath("telegram", env, "alpha"),
+      resolveChannelAllowFromPath("telegram", env, "beta"),
+    ]);
+    expect(detected.preview).toEqual([
+      `- Sessions: ${path.join(stateDir, "sessions")} → ${path.join(stateDir, "agents", "worker-1", "sessions")}`,
+      `- Sessions: canonicalize legacy keys in ${path.join(stateDir, "agents", "worker-1", "sessions", "sessions.json")}`,
+      `- Agent dir: ${path.join(stateDir, "agent")} → ${path.join(stateDir, "agents", "worker-1", "agent")}`,
+      `- WhatsApp auth: ${path.join(stateDir, "credentials")} → ${path.join(stateDir, "credentials", "whatsapp", "default")} (keep oauth.json)`,
+      `- Telegram pairing allowFrom: ${resolveChannelAllowFromPath("telegram", env)} → ${resolveChannelAllowFromPath("telegram", env, "alpha")}`,
+      `- Telegram pairing allowFrom: ${resolveChannelAllowFromPath("telegram", env)} → ${resolveChannelAllowFromPath("telegram", env, "beta")}`,
+    ]);
+  });
+
+  it("runs legacy state migrations and canonicalizes the merged session store", async () => {
+    const root = await createTempDir();
+    const stateDir = path.join(root, ".openclaw");
+    const env = createEnv(stateDir);
+    const cfg = createConfig();
+
+    await fs.mkdir(path.join(stateDir, "sessions"), { recursive: true });
+    await fs.mkdir(path.join(stateDir, "agents", "worker-1", "sessions"), { recursive: true });
+    await fs.mkdir(path.join(stateDir, "agent"), { recursive: true });
+    await fs.mkdir(path.join(stateDir, "credentials"), { recursive: true });
+
+    await fs.writeFile(
+      path.join(stateDir, "sessions", "sessions.json"),
+      `${JSON.stringify({ legacyDirect: { sessionId: "legacy-direct", updatedAt: 10 } }, null, 2)}\n`,
+      "utf8",
+    );
+    await fs.writeFile(path.join(stateDir, "sessions", "trace.jsonl"), "{}\n", "utf8");
+    await fs.writeFile(
+      path.join(stateDir, "agents", "worker-1", "sessions", "sessions.json"),
+      `${JSON.stringify({ "group:123@g.us": { sessionId: "group-session", updatedAt: 5 } }, null, 2)}\n`,
+      "utf8",
+    );
+    await fs.writeFile(path.join(stateDir, "agent", "settings.json"), '{"ok":true}\n', "utf8");
+    await fs.writeFile(path.join(stateDir, "credentials", "creds.json"), '{"auth":true}\n', "utf8");
+    await fs.writeFile(
+      path.join(stateDir, "credentials", "pre-key-1.json"),
+      '{"preKey":true}\n',
+      "utf8",
+    );
+    await fs.writeFile(
+      path.join(stateDir, "credentials", "oauth.json"),
+      '{"oauth":true}\n',
+      "utf8",
+    );
+    await fs.writeFile(resolveChannelAllowFromPath("telegram", env), '["123","456"]\n', "utf8");
+
+    const detected = await detectLegacyStateMigrations({
+      cfg,
+      env,
+      homedir: () => root,
+    });
+    const result = await runLegacyStateMigrations({
+      detected,
+      now: () => 1234,
+    });
+
+    expect(result.warnings).toEqual([]);
+    expect(result.changes).toEqual([
+      `Migrated latest direct-chat session → agent:worker-1:desk`,
+      `Merged sessions store → ${path.join(stateDir, "agents", "worker-1", "sessions", "sessions.json")}`,
+      "Canonicalized 1 legacy session key(s)",
+      "Moved trace.jsonl → agents/worker-1/sessions",
+      "Moved agent file settings.json → agents/worker-1/agent",
+      "Moved WhatsApp auth creds.json → whatsapp/default",
+      "Moved WhatsApp auth pre-key-1.json → whatsapp/default",
+      `Copied Telegram pairing allowFrom → ${resolveChannelAllowFromPath("telegram", env, "alpha")}`,
+      `Copied Telegram pairing allowFrom → ${resolveChannelAllowFromPath("telegram", env, "beta")}`,
+    ]);
+
+    const mergedStore = JSON.parse(
+      await fs.readFile(
+        path.join(stateDir, "agents", "worker-1", "sessions", "sessions.json"),
+        "utf8",
+      ),
+    ) as Record<string, { sessionId: string }>;
+    expect(mergedStore["agent:worker-1:desk"]?.sessionId).toBe("legacy-direct");
+    expect(mergedStore["agent:worker-1:whatsapp:group:123@g.us"]?.sessionId).toBe("group-session");
+
+    await expect(
+      fs.readFile(path.join(stateDir, "agents", "worker-1", "sessions", "trace.jsonl"), "utf8"),
+    ).resolves.toBe("{}\n");
+    await expect(fs.stat(path.join(stateDir, "sessions", "sessions.json"))).rejects.toMatchObject({
+      code: "ENOENT",
+    });
+    await expect(fs.stat(path.join(stateDir, "sessions", "trace.jsonl"))).rejects.toMatchObject({
+      code: "ENOENT",
+    });
+
+    await expect(
+      fs.readFile(path.join(stateDir, "agents", "worker-1", "agent", "settings.json"), "utf8"),
+    ).resolves.toContain('"ok":true');
+    await expect(
+      fs.readFile(path.join(stateDir, "credentials", "whatsapp", "default", "creds.json"), "utf8"),
+    ).resolves.toContain('"auth":true');
+    await expect(
+      fs.readFile(
+        path.join(stateDir, "credentials", "whatsapp", "default", "pre-key-1.json"),
+        "utf8",
+      ),
+    ).resolves.toContain('"preKey":true');
+    await expect(
+      fs.readFile(path.join(stateDir, "credentials", "oauth.json"), "utf8"),
+    ).resolves.toContain('"oauth":true');
+    await expect(
+      fs.readFile(resolveChannelAllowFromPath("telegram", env, "alpha"), "utf8"),
+    ).resolves.toBe('["123","456"]\n');
+    await expect(
+      fs.readFile(resolveChannelAllowFromPath("telegram", env, "beta"), "utf8"),
+    ).resolves.toBe('["123","456"]\n');
+  });
+});
diff --git a/src/infra/state-migrations.ts b/src/infra/state-migrations.ts
index 2aa50037e0c..96f3071bd57 100644
--- a/src/infra/state-migrations.ts
+++ b/src/infra/state-migrations.ts
@@ -1,6 +1,7 @@
 import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
+import { listTelegramAccountIds } from "../../extensions/telegram/src/accounts.js";
 import { resolveDefaultAgentId } from "../agents/agent-scope.js";
 import type { OpenClawConfig } from "../config/config.js";
 import {
@@ -21,7 +22,6 @@ import {
   DEFAULT_MAIN_KEY,
   normalizeAgentId,
 } from "../routing/session-key.js";
-import { listTelegramAccountIds } from "../telegram/accounts.js";
 import { isWithinDir } from "./path-safety.js";
 import {
   ensureDir,
diff --git a/src/infra/system-run-command.test.ts b/src/infra/system-run-command.test.ts
index ea3ec9ffdf5..57244672c9b 100644
--- a/src/infra/system-run-command.test.ts
+++ b/src/infra/system-run-command.test.ts
@@ -96,6 +96,18 @@ describe("system run command helpers", () => {
     expect(res.commandText).toBe("echo hi");
   });
 
+  test("validateSystemRunCommandConsistency trims rawCommand before comparison", () => {
+    const res = validateSystemRunCommandConsistency({
+      argv: ["echo", "hi"],
+      rawCommand: "  echo hi  ",
+    });
+    expect(res.ok).toBe(true);
+    if (!res.ok) {
+      throw new Error("unreachable");
+    }
+    expect(res.commandText).toBe("echo hi");
+  });
+
   test("validateSystemRunCommandConsistency rejects mismatched rawCommand vs direct argv", () => {
     expectRawCommandMismatch({
       argv: ["uname", "-a"],
@@ -182,6 +194,55 @@ describe("system run command helpers", () => {
     expect(res.details?.code).toBe("MISSING_COMMAND");
   });
 
+  test("resolveSystemRunCommand treats non-array command values as missing", () => {
+    const res = resolveSystemRunCommand({
+      command: "echo hi",
+      rawCommand: "echo hi",
+    });
+    expect(res.ok).toBe(false);
+    if (res.ok) {
+      throw new Error("unreachable");
+    }
+    expect(res.details?.code).toBe("MISSING_COMMAND");
+  });
+
+  test("resolveSystemRunCommand returns an empty success payload when no command is provided", () => {
+    const res = resolveSystemRunCommand({});
+    expect(res.ok).toBe(true);
+    if (!res.ok) {
+      throw new Error("unreachable");
+    }
+    expect(res.argv).toEqual([]);
+    expect(res.commandText).toBe("");
+    expect(res.shellPayload).toBeNull();
+    expect(res.previewText).toBeNull();
+  });
+
+  test("resolveSystemRunCommand stringifies non-string argv tokens", () => {
+    const res = resolveSystemRunCommand({
+      command: ["echo", 123, false, null],
+    });
+    expect(res.ok).toBe(true);
+    if (!res.ok) {
+      throw new Error("unreachable");
+    }
+    expect(res.argv).toEqual(["echo", "123", "false", "null"]);
+    expect(res.commandText).toBe("echo 123 false null");
+  });
+
+  test("resolveSystemRunCommandRequest trims legacy rawCommand shell payloads", () => {
+    const res = resolveSystemRunCommandRequest({
+      command: ["/bin/sh", "-lc", "echo hi"],
+      rawCommand: "  echo hi  ",
+    });
+    expect(res.ok).toBe(true);
+    if (!res.ok) {
+      throw new Error("unreachable");
+    }
+    expect(res.previewText).toBe("echo hi");
+    expect(res.commandText).toBe('/bin/sh -lc "echo hi"');
+  });
+
   test("resolveSystemRunCommandRequest accepts legacy shell payloads but returns canonical command text", () => {
     const res = resolveSystemRunCommandRequest({
       command: ["cmd.exe", "/d", "/s", "/c", "echo", "SAFE&&whoami"],
diff --git a/src/infra/tls/fingerprint.test.ts b/src/infra/tls/fingerprint.test.ts
new file mode 100644
index 00000000000..658eaecd78e
--- /dev/null
+++ b/src/infra/tls/fingerprint.test.ts
@@ -0,0 +1,20 @@
+import { describe, expect, it } from "vitest";
+import { normalizeFingerprint } from "./fingerprint.js";
+
+describe("normalizeFingerprint", () => {
+  it("strips sha256 prefixes and common separators", () => {
+    expect(normalizeFingerprint("sha256:AA:BB:cc")).toBe("aabbcc");
+    expect(normalizeFingerprint("SHA-256 11-22-33")).toBe("112233");
+    expect(normalizeFingerprint("aa:bb:cc")).toBe("aabbcc");
+  });
+
+  it("handles blank, non-hex, and mixed punctuation input", () => {
+    expect(normalizeFingerprint("   ")).toBe("");
+    expect(normalizeFingerprint("sha256:zz-!!")).toBe("");
+    expect(normalizeFingerprint("  sha256 : AB cd / 12  ")).toBe("abcd12");
+  });
+
+  it("only strips the sha256 prefix at the start of the value", () => {
+    expect(normalizeFingerprint("prefix sha256:AA:BB")).toBe("efa256aabb");
+  });
+});
diff --git a/src/infra/tls/gateway.test.ts b/src/infra/tls/gateway.test.ts
new file mode 100644
index 00000000000..c55bb09201f
--- /dev/null
+++ b/src/infra/tls/gateway.test.ts
@@ -0,0 +1,156 @@
+import { X509Certificate } from "node:crypto";
+import { writeFile } from "node:fs/promises";
+import path from "node:path";
+import { afterEach, describe, expect, it } from "vitest";
+import { createTrackedTempDirs } from "../../test-utils/tracked-temp-dirs.js";
+import { normalizeFingerprint } from "./fingerprint.js";
+import { loadGatewayTlsRuntime } from "./gateway.js";
+
+const tempDirs = createTrackedTempDirs();
+const createTempDir = () => tempDirs.make("openclaw-gateway-tls-test-");
+
+const KEY_PEM = [
+  "-----BEGIN PRIVATE KEY-----", // pragma: allowlist secret
+  "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDrur5CWp4psMMb",
+  "DTPY1aN46HPDxRchGgh8XedNkrlc4z1KFiyLUsXpVIhuyoXq1fflpTDz7++pGEDJ",
+  "Q5pEdChn3fuWgi7gC+pvd5VQ1eAX/7qVE72fhx14NxhaiZU3hCzXjG2SflTEEExk",
+  "UkQTm0rdHSjgLVMhTM3Pqm6Kzfdgtm9ZyXwlAsorE/pvgbUxG3Q4xKNBGzbirZ+1",
+  "EzPDwsjf3fitNtakZJkymu6Kg5lsUihQVXOP0U7f989FmevoTMvJmkvJzsoTRd7s",
+  "XNSOjzOwJr8da8C4HkXi21md1yEccyW0iSh7tWvDrpWDAgW6RMuMHC0tW4bkpDGr",
+  "FpbQOgzVAgMBAAECggEAIMhwf8Ve9CDVTWyNXpU9fgnj2aDOCeg3MGaVzaO/XCPt",
+  "KOHDEaAyDnRXYgMP0zwtFNafo3klnSBWmDbq3CTEXseQHtsdfkKh+J0KmrqXxval",
+  "YeikKSyvBEIzRJoYMqeS3eo1bddcXgT/Pr9zIL/qzivpPJ4JDttBzyTeaTbiNaR9",
+  "KphGNueo+MTQMLreMqw5VAyJ44gy7Z/2TMiMEc/d95wfubcOSsrIfpOKnMvWd/rl",
+  "vxIS33s95L7CjREkixskj5Yo5Wpt3Yf5b0Zi70YiEsCfAZUDrPW7YzMlylzmhMzm",
+  "MARZKfN1Tmo74SGpxUrBury+iPwf1sYcRnsHR+zO8QKBgQD6ISQHRzPboZ3J/60+",
+  "fRLETtrBa9WkvaH9c+woF7l47D4DIlvlv9D3N1KGkUmhMnp2jNKLIlalBNDxBdB+",
+  "iwZP1kikGz4629Ch3/KF/VYscLTlAQNPE42jOo7Hj7VrdQx9zQrK9ZBLteXmSvOh",
+  "bB3aXwXPF3HoTMt9gQ9thhXZJQKBgQDxQxUnQSw43dRlqYOHzPUEwnJkGkuW/qxn",
+  "aRc8eopP5zUaebiDFmqhY36x2Wd+HnXrzufy2o4jkXkWTau8Ns+OLhnIG3PIU9L/",
+  "LYzJMckGb75QYiK1YKMUUSQzlNCS8+TFVCTAvG2u2zCCk7oTIe8aT516BQNjWDjK",
+  "gWo2f87N8QKBgHoVANO4kfwJxszXyMPuIeHEpwquyijNEap2EPaEldcKXz4CYB4j",
+  "4Cc5TkM12F0gGRuRohWcnfOPBTgOYXPSATOoX+4RCe+KaCsJ9gIl4xBvtirrsqS+",
+  "42ue4h9O6fpXt9AS6sii0FnTnzEmtgC8l1mE9X3dcJA0I0HPYytOvY0tAoGAAYJj",
+  "7Xzw4+IvY/ttgTn9BmyY/ptTgbxSI8t6g7xYhStzH5lHWDqZrCzNLBuqFBXosvL2",
+  "bISFgx9z3Hnb6y+EmOUc8C2LyeMMXOBSEygmk827KRGUGgJiwsvHKDN0Ipc4BSwD",
+  "ltkW7pMceJSoA1qg/k8lMxA49zQkFtA8c97U0mECgYEAk2DDN78sRQI8RpSECJWy",
+  "l1O1ikVUAYVeh5HdZkpt++ddfpo695Op9OeD2Eq27Y5EVj8Xl58GFxNk0egLUnYq",
+  "YzSbjcNkR2SbVvuLaV1zlQKm6M5rfvhj4//YrzrrPUQda7Q4eR0as/3q91uzAO2O",
+  "++pfnSCVCyp/TxSkhEDEawU=",
+  "-----END PRIVATE KEY-----",
+].join("\n");
+
+const CERT_PEM = `-----BEGIN CERTIFICATE-----
+MIIDCTCCAfGgAwIBAgIUel0Lv05cjrViyI/H3tABBJxM7NgwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI2MDEyMDEyMjEzMloXDTI2MDEy
+MTEyMjEzMlowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA67q+QlqeKbDDGw0z2NWjeOhzw8UXIRoIfF3nTZK5XOM9
+ShYsi1LF6VSIbsqF6tX35aUw8+/vqRhAyUOaRHQoZ937loIu4Avqb3eVUNXgF/+6
+lRO9n4cdeDcYWomVN4Qs14xtkn5UxBBMZFJEE5tK3R0o4C1TIUzNz6puis33YLZv
+Wcl8JQLKKxP6b4G1MRt0OMSjQRs24q2ftRMzw8LI3934rTbWpGSZMpruioOZbFIo
+UFVzj9FO3/fPRZnr6EzLyZpLyc7KE0Xe7FzUjo8zsCa/HWvAuB5F4ttZndchHHMl
+tIkoe7Vrw66VgwIFukTLjBwtLVuG5KQxqxaW0DoM1QIDAQABo1MwUTAdBgNVHQ4E
+FgQUwNdNkEQtd0n/aofzN7/EeYPPPbIwHwYDVR0jBBgwFoAUwNdNkEQtd0n/aofz
+N7/EeYPPPbIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAnOnw
+o8Az/bL0A6bGHTYra3L9ArIIljMajT6KDHxylR4LhliuVNAznnhP3UkcZbUdjqjp
+MNOM0lej2pNioondtQdXUskZtqWy6+dLbTm1RYQh1lbCCZQ26o7o/oENzjPksLAb
+jRM47DYxRweTyRWQ5t9wvg/xL0Yi1tWq4u4FCNZlBMgdwAEnXNwVWTzRR9RHwy20
+lmUzM8uQ/p42bk4EvPEV4PI1h5G0khQ6x9CtkadCTDs/ZqoUaJMwZBIDSrdJJSLw
+4Vh8Lqzia1CFB4um9J4S1Gm/VZMBjjeGGBJk7VSYn4ZmhPlbPM+6z39lpQGEG0x4
+r1USnb+wUdA7Zoj/mQ==
+-----END CERTIFICATE-----`;
+
+afterEach(async () => {
+  await tempDirs.cleanup();
+});
+
+describe("loadGatewayTlsRuntime", () => {
+  it("disables tls when config is absent or disabled", async () => {
+    await expect(loadGatewayTlsRuntime(undefined)).resolves.toEqual({
+      enabled: false,
+      required: false,
+    });
+    await expect(loadGatewayTlsRuntime({ enabled: false })).resolves.toEqual({
+      enabled: false,
+      required: false,
+    });
+  });
+
+  it("loads existing cert, key, and optional ca files", async () => {
+    const dir = await createTempDir();
+    const certPath = path.join(dir, "gateway-cert.pem");
+    const keyPath = path.join(dir, "gateway-key.pem");
+    const caPath = path.join(dir, "gateway-ca.pem");
+    await writeFile(certPath, CERT_PEM, "utf8");
+    await writeFile(keyPath, KEY_PEM, "utf8");
+    await writeFile(caPath, CERT_PEM, "utf8");
+
+    const result = await loadGatewayTlsRuntime({
+      enabled: true,
+      certPath,
+      keyPath,
+      caPath,
+      autoGenerate: false,
+    });
+
+    expect(result).toMatchObject({
+      enabled: true,
+      required: true,
+      certPath,
+      keyPath,
+      caPath,
+      fingerprintSha256: normalizeFingerprint(new X509Certificate(CERT_PEM).fingerprint256 ?? ""),
+      tlsOptions: {
+        cert: CERT_PEM,
+        key: KEY_PEM,
+        ca: CERT_PEM,
+        minVersion: "TLSv1.3",
+      },
+    });
+    expect(result.error).toBeUndefined();
+  });
+
+  it("fails closed when cert/key are missing and auto generation is disabled", async () => {
+    const dir = await createTempDir();
+    const certPath = path.join(dir, "missing-cert.pem");
+    const keyPath = path.join(dir, "missing-key.pem");
+
+    await expect(
+      loadGatewayTlsRuntime({
+        enabled: true,
+        certPath,
+        keyPath,
+        autoGenerate: false,
+      }),
+    ).resolves.toMatchObject({
+      enabled: false,
+      required: true,
+      certPath,
+      keyPath,
+      error: "gateway tls: cert/key missing",
+    });
+  });
+
+  it("reports load failures for invalid pem files", async () => {
+    const dir = await createTempDir();
+    const certPath = path.join(dir, "gateway-cert.pem");
+    const keyPath = path.join(dir, "gateway-key.pem");
+    await writeFile(certPath, "not a certificate\n", "utf8");
+    await writeFile(keyPath, KEY_PEM, "utf8");
+
+    const result = await loadGatewayTlsRuntime({
+      enabled: true,
+      certPath,
+      keyPath,
+      autoGenerate: false,
+    });
+
+    expect(result).toMatchObject({
+      enabled: false,
+      required: true,
+      certPath,
+      keyPath,
+    });
+    expect(result.error).toContain("gateway tls: failed to load cert");
+  });
+});
diff --git a/src/infra/tmp-openclaw-dir.test.ts b/src/infra/tmp-openclaw-dir.test.ts
index 72b67c95858..a07dd1df50c 100644
--- a/src/infra/tmp-openclaw-dir.test.ts
+++ b/src/infra/tmp-openclaw-dir.test.ts
@@ -185,6 +185,21 @@ describe("resolvePreferredOpenClawTmpDir", () => {
     expect(tmpdir).toHaveBeenCalled();
   });
 
+  it("falls back when /tmp/openclaw exists but is not writable", () => {
+    const accessSync = vi.fn((target: string) => {
+      if (target === POSIX_OPENCLAW_TMP_DIR) {
+        throw new Error("not writable");
+      }
+    });
+    const { resolved, tmpdir } = resolveWithMocks({
+      accessSync,
+      lstatSync: vi.fn(() => secureDirStat()),
+    });
+
+    expect(resolved).toBe(fallbackTmp());
+    expect(tmpdir).toHaveBeenCalled();
+  });
+
   it("falls back when /tmp/openclaw is a symlink", () => {
     expectFallsBackToOsTmpDir({ lstatSync: symlinkTmpDirLstat() });
   });
@@ -218,6 +233,43 @@ describe("resolvePreferredOpenClawTmpDir", () => {
     expect(tmpdir).not.toHaveBeenCalled();
   });
 
+  it("repairs /tmp/openclaw after create when the initial mode stays too broad", () => {
+    let preferredMode = 0o40775;
+    let chmodCalls = 0;
+    const lstatSync = vi
+      .fn<NonNullable<TmpDirOptions["lstatSync"]>>()
+      .mockImplementationOnce(() => {
+        throw nodeErrorWithCode("ENOENT");
+      })
+      .mockImplementation(() =>
+        makeDirStat({
+          mode: preferredMode,
+        }),
+      );
+    const chmodSync = vi.fn((target: string, mode: number) => {
+      chmodCalls += 1;
+      if (target === POSIX_OPENCLAW_TMP_DIR && mode === 0o700 && chmodCalls > 1) {
+        preferredMode = 0o40700;
+      }
+    });
+    const warn = vi.fn();
+
+    const { resolved, mkdirSync, tmpdir } = resolveWithMocks({
+      lstatSync,
+      chmodSync,
+      warn,
+    });
+
+    expect(resolved).toBe(POSIX_OPENCLAW_TMP_DIR);
+    expect(mkdirSync).toHaveBeenCalledWith(POSIX_OPENCLAW_TMP_DIR, {
+      recursive: true,
+      mode: 0o700,
+    });
+    expect(chmodSync).toHaveBeenCalledWith(POSIX_OPENCLAW_TMP_DIR, 0o700);
+    expect(warn).toHaveBeenCalledWith(expect.stringContaining("tightened permissions on temp dir"));
+    expect(tmpdir).not.toHaveBeenCalled();
+  });
+
   it("throws when fallback path is a symlink", () => {
     const lstatSync = symlinkTmpDirLstat();
     const fallbackLstatSync = vi.fn(() => makeDirStat({ isSymbolicLink: true, mode: 0o120777 }));
diff --git a/src/infra/transport-ready.test.ts b/src/infra/transport-ready.test.ts
index 318224cc78f..a4703ba512c 100644
--- a/src/infra/transport-ready.test.ts
+++ b/src/infra/transport-ready.test.ts
@@ -1,14 +1,33 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { waitForTransportReady } from "./transport-ready.js";
 
+let injectedSleepError: Error | null = null;
+
 // Perf: `sleepWithAbort` uses `node:timers/promises` which isn't controlled by fake timers.
 // Route sleeps through global `setTimeout` so tests can advance time deterministically.
 vi.mock("./backoff.js", () => ({
-  sleepWithAbort: async (ms: number) => {
+  sleepWithAbort: async (ms: number, signal?: AbortSignal) => {
+    if (injectedSleepError) {
+      throw injectedSleepError;
+    }
+    if (signal?.aborted) {
+      throw new Error("aborted");
+    }
     if (ms <= 0) {
       return;
     }
-    await new Promise<void>((resolve) => setTimeout(resolve, ms));
+    await new Promise<void>((resolve, reject) => {
+      const timer = setTimeout(() => {
+        signal?.removeEventListener("abort", onAbort);
+        resolve();
+      }, ms);
+      const onAbort = () => {
+        clearTimeout(timer);
+        signal?.removeEventListener("abort", onAbort);
+        reject(new Error("aborted"));
+      };
+      signal?.addEventListener("abort", onAbort, { once: true });
+    });
   },
 }));
 
@@ -23,6 +42,7 @@ describe("waitForTransportReady", () => {
 
   afterEach(() => {
     vi.useRealTimers();
+    injectedSleepError = null;
   });
 
   it("returns when the check succeeds and logs after the delay", async () => {
@@ -81,4 +101,69 @@ describe("waitForTransportReady", () => {
     });
     expect(runtime.error).not.toHaveBeenCalled();
   });
+
+  it("stops polling when aborted during the sleep interval", async () => {
+    const runtime = createRuntime();
+    const controller = new AbortController();
+    let attempts = 0;
+
+    const waitPromise = waitForTransportReady({
+      label: "test transport",
+      timeoutMs: 500,
+      pollIntervalMs: 50,
+      runtime,
+      abortSignal: controller.signal,
+      check: async () => {
+        attempts += 1;
+        setTimeout(() => controller.abort(), 10);
+        return { ok: false, error: "still down" };
+      },
+    });
+
+    await vi.advanceTimersByTimeAsync(100);
+    await waitPromise;
+
+    expect(attempts).toBe(1);
+    expect(runtime.error).not.toHaveBeenCalled();
+  });
+
+  it("logs repeated unknown-error retries and the final timeout message", async () => {
+    const runtime = createRuntime();
+    const waitPromise = waitForTransportReady({
+      label: "test transport",
+      timeoutMs: 120,
+      logAfterMs: 0,
+      logIntervalMs: 50,
+      pollIntervalMs: 50,
+      runtime,
+      check: async () => ({ ok: false, error: null }),
+    });
+
+    const asserted = expect(waitPromise).rejects.toThrow(
+      "test transport not ready (unknown error)",
+    );
+    await vi.advanceTimersByTimeAsync(200);
+    await asserted;
+
+    expect(runtime.error).toHaveBeenCalledTimes(2);
+    expect(runtime.error.mock.calls.at(0)?.[0]).toContain("unknown error");
+    expect(runtime.error.mock.calls.at(-1)?.[0]).toContain("not ready after 120ms");
+  });
+
+  it("rethrows non-abort sleep failures", async () => {
+    const runtime = createRuntime();
+    injectedSleepError = new Error("sleep exploded");
+
+    await expect(
+      waitForTransportReady({
+        label: "test transport",
+        timeoutMs: 500,
+        pollIntervalMs: 50,
+        runtime,
+        check: async () => ({ ok: false, error: "still down" }),
+      }),
+    ).rejects.toThrow("sleep exploded");
+
+    expect(runtime.error).not.toHaveBeenCalled();
+  });
 });
diff --git a/src/infra/update-channels.test.ts b/src/infra/update-channels.test.ts
index 2738cc0ddad..02c15a506c1 100644
--- a/src/infra/update-channels.test.ts
+++ b/src/infra/update-channels.test.ts
@@ -180,6 +180,20 @@ describe("resolveUpdateChannelDisplay", () => {
     });
   });
 
+  it("prefers git tag precedence over branch metadata in the derived label", () => {
+    expect(
+      resolveUpdateChannelDisplay({
+        installKind: "git",
+        gitTag: "v2026.2.24-beta.1",
+        gitBranch: "feature/test",
+      }),
+    ).toEqual({
+      channel: "beta",
+      source: "git-tag",
+      label: "beta (v2026.2.24-beta.1)",
+    });
+  });
+
   it("does not synthesize git metadata when both tag and branch are missing", () => {
     expect(
       resolveUpdateChannelDisplay({
diff --git a/src/infra/update-global.test.ts b/src/infra/update-global.test.ts
index b95727febbf..54cda49a407 100644
--- a/src/infra/update-global.test.ts
+++ b/src/infra/update-global.test.ts
@@ -56,7 +56,7 @@ describe("update global helpers", () => {
       path.join(".bun", "install", "global", "node_modules"),
     );
     await expect(resolveGlobalPackageRoot("npm", runCommand, 1000)).resolves.toBe(
-      "/tmp/npm-root/openclaw",
+      path.join("/tmp/npm-root", "openclaw"),
     );
   });
 
diff --git a/src/infra/warning-filter.test.ts b/src/infra/warning-filter.test.ts
index 1eb3b1372b5..7ce9854aa9a 100644
--- a/src/infra/warning-filter.test.ts
+++ b/src/infra/warning-filter.test.ts
@@ -105,15 +105,36 @@ describe("warning filter", () => {
           code: "DEP0040",
         }),
       );
+      emitWarning(new Error("SQLite is an experimental feature and might change at any time"), {
+        type: "ExperimentalWarning",
+      });
       await flushWarnings();
       expect(seenWarnings.find((warning) => warning.code === "DEP0060")).toBeUndefined();
       expect(seenWarnings.find((warning) => warning.code === "DEP0040")).toBeUndefined();
+      expect(
+        seenWarnings.find((warning) =>
+          warning.message.includes("SQLite is an experimental feature"),
+        ),
+      ).toBeUndefined();
 
       emitWarning("Visible warning", { type: "Warning", code: "OPENCLAW_TEST_WARNING" });
+      emitWarning(
+        Object.assign(new Error("The punycode module is deprecated."), {
+          name: "DeprecationWarning",
+          code: "DEP0040",
+        }),
+        { type: "Warning", code: "OPENCLAW_VISIBLE_OVERRIDE" },
+      );
       await flushWarnings();
       expect(
         seenWarnings.find((warning) => warning.code === "OPENCLAW_TEST_WARNING"),
       ).toBeDefined();
+      expect(
+        seenWarnings.find(
+          (warning) =>
+            warning.code === "DEP0040" && warning.message === "The punycode module is deprecated.",
+        ),
+      ).toBeDefined();
     } finally {
       process.off("warning", onWarning);
     }
diff --git a/src/infra/wsl.test.ts b/src/infra/wsl.test.ts
index 63b7b9544b0..d026cf4bbb1 100644
--- a/src/infra/wsl.test.ts
+++ b/src/infra/wsl.test.ts
@@ -59,6 +59,13 @@ describe("wsl detection", () => {
     expect(readFileSyncMock).toHaveBeenCalledWith("/proc/version", "utf8");
   });
 
+  it("returns false when sync detection cannot read /proc/version", () => {
+    readFileSyncMock.mockImplementationOnce(() => {
+      throw new Error("ENOENT");
+    });
+    expect(isWSLSync()).toBe(false);
+  });
+
   it.each(["Linux version 6.6.0-1-microsoft-standard-WSL2", "Linux version 6.6.0-1-wsl2"])(
     "detects WSL2 sync from kernel version: %s",
     (kernelVersion) => {
@@ -68,6 +75,12 @@ describe("wsl detection", () => {
     },
   );
 
+  it("returns false for WSL2 sync when WSL is detected but no WSL2 markers exist", () => {
+    readFileSyncMock.mockReturnValueOnce("Linux version 4.4.0-19041-Microsoft");
+    readFileSyncMock.mockReturnValueOnce("Linux version 4.4.0-19041-Microsoft");
+    expect(isWSL2Sync()).toBe(false);
+  });
+
   it("returns false for sync detection on non-linux platforms", () => {
     setPlatform("darwin");
     expect(isWSLSync()).toBe(false);
@@ -88,6 +101,13 @@ describe("wsl detection", () => {
     expect(readFileMock).toHaveBeenCalledTimes(2);
   });
 
+  it("short-circuits async detection from WSL env vars without reading osrelease", async () => {
+    process.env.WSL_DISTRO_NAME = "Ubuntu";
+
+    await expect(isWSL()).resolves.toBe(true);
+    expect(readFileMock).not.toHaveBeenCalled();
+  });
+
   it("returns false when async WSL detection cannot read osrelease", async () => {
     readFileMock.mockRejectedValueOnce(new Error("ENOENT"));
     await expect(isWSL()).resolves.toBe(false);
diff --git a/src/line/bot-handlers.test.ts b/src/line/bot-handlers.test.ts
index 7b3638f072b..21d54c41f0d 100644
--- a/src/line/bot-handlers.test.ts
+++ b/src/line/bot-handlers.test.ts
@@ -1,5 +1,6 @@
 import type { MessageEvent, PostbackEvent } from "@line/bot-sdk";
 import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
+import type { LineAccountConfig } from "./types.js";
 
 // Avoid pulling in globals/pairing/media dependencies; this suite only asserts
 // allowlist/groupPolicy gating and message-context wiring.
@@ -79,7 +80,7 @@ function createReplayMessageEvent(params: {
 }) {
   return {
     type: "message",
-    message: { id: params.messageId, type: "text", text: "hello" },
+    message: { id: params.messageId, type: "text", text: "hello", quoteToken: "quote-token" },
     replyToken: "reply-token",
     timestamp: Date.now(),
     source: { type: "group", groupId: params.groupId, userId: params.userId },
@@ -111,8 +112,8 @@ function createTestMessageEvent(params: {
 
 function createLineWebhookTestContext(params: {
   processMessage: LineWebhookContext["processMessage"];
-  groupPolicy?: "open";
-  dmPolicy?: "open";
+  groupPolicy?: LineAccountConfig["groupPolicy"];
+  dmPolicy?: LineAccountConfig["dmPolicy"];
   requireMention?: boolean;
   groupHistories?: Map<string, import("../auto-reply/reply/history.js").HistoryEntry[]>;
   replayCache?: ReturnType<typeof createLineWebhookReplayCache>;
@@ -156,6 +157,44 @@ function createOpenGroupReplayContext(
   });
 }
 
+async function expectGroupMessageBlocked(params: {
+  processMessage: LineWebhookContext["processMessage"];
+  event: MessageEvent;
+  context: Parameters<typeof handleLineWebhookEvents>[1];
+}) {
+  await handleLineWebhookEvents([params.event], params.context);
+  expect(params.processMessage).not.toHaveBeenCalled();
+  expect(buildLineMessageContextMock).not.toHaveBeenCalled();
+}
+
+async function expectRequireMentionGroupMessageProcessed(event: MessageEvent) {
+  const processMessage = vi.fn();
+  await handleLineWebhookEvents(
+    [event],
+    createLineWebhookTestContext({
+      processMessage,
+      groupPolicy: "open",
+      requireMention: true,
+    }),
+  );
+  expect(buildLineMessageContextMock).toHaveBeenCalledTimes(1);
+  expect(processMessage).toHaveBeenCalledTimes(1);
+}
+
+async function startInflightReplayDuplicate(params: {
+  event: MessageEvent;
+  processMessage: LineWebhookContext["processMessage"];
+}) {
+  const context = createOpenGroupReplayContext(
+    params.processMessage,
+    createLineWebhookReplayCache(),
+  );
+  const firstRun = handleLineWebhookEvents([params.event], context);
+  await Promise.resolve();
+  const secondRun = handleLineWebhookEvents([params.event], context);
+  return { firstRun, secondRun };
+}
+
 vi.mock("../pairing/pairing-store.js", () => ({
   readChannelAllowFromStore: readAllowFromStoreMock,
   upsertChannelPairingRequest: upsertPairingRequestMock,
@@ -207,34 +246,18 @@ describe("handleLineWebhookEvents", () => {
 
   it("blocks group messages when allowlist is empty", async () => {
     const processMessage = vi.fn();
-    const event = {
-      type: "message",
-      message: { id: "m2", type: "text", text: "hi" },
-      replyToken: "reply-token",
-      timestamp: Date.now(),
-      source: { type: "group", groupId: "group-1", userId: "user-2" },
-      mode: "active",
-      webhookEventId: "evt-2",
-      deliveryContext: { isRedelivery: false },
-    } as MessageEvent;
-
-    await handleLineWebhookEvents([event], {
-      cfg: { channels: { line: { groupPolicy: "allowlist" } } },
-      account: {
-        accountId: "default",
-        enabled: true,
-        channelAccessToken: "token",
-        channelSecret: "secret",
-        tokenSource: "config",
-        config: { groupPolicy: "allowlist" },
-      },
-      runtime: createRuntime(),
-      mediaMaxBytes: 1,
+    await expectGroupMessageBlocked({
       processMessage,
+      event: createTestMessageEvent({
+        message: { id: "m2", type: "text", text: "hi", quoteToken: "quote-token" },
+        source: { type: "group", groupId: "group-1", userId: "user-2" },
+        webhookEventId: "evt-2",
+      }),
+      context: createLineWebhookTestContext({
+        processMessage,
+        groupPolicy: "allowlist",
+      }),
     });
-
-    expect(processMessage).not.toHaveBeenCalled();
-    expect(buildLineMessageContextMock).not.toHaveBeenCalled();
   });
 
   it("allows group messages when sender is in groupAllowFrom", async () => {
@@ -348,39 +371,33 @@ describe("handleLineWebhookEvents", () => {
   it("does not authorize group messages from DM pairing-store entries when group allowlist is empty", async () => {
     readAllowFromStoreMock.mockResolvedValueOnce(["user-5"]);
     const processMessage = vi.fn();
-    const event = {
-      type: "message",
-      message: { id: "m5b", type: "text", text: "hi" },
-      replyToken: "reply-token",
-      timestamp: Date.now(),
-      source: { type: "group", groupId: "group-1", userId: "user-5" },
-      mode: "active",
-      webhookEventId: "evt-5b",
-      deliveryContext: { isRedelivery: false },
-    } as MessageEvent;
-
-    await handleLineWebhookEvents([event], {
-      cfg: { channels: { line: { groupPolicy: "allowlist" } } },
-      account: {
-        accountId: "default",
-        enabled: true,
-        channelAccessToken: "token",
-        channelSecret: "secret",
-        tokenSource: "config",
-        config: {
-          dmPolicy: "pairing",
-          allowFrom: [],
-          groupPolicy: "allowlist",
-          groupAllowFrom: [],
-        },
-      },
-      runtime: createRuntime(),
-      mediaMaxBytes: 1,
+    await expectGroupMessageBlocked({
       processMessage,
+      event: createTestMessageEvent({
+        message: { id: "m5b", type: "text", text: "hi", quoteToken: "quote-token" },
+        source: { type: "group", groupId: "group-1", userId: "user-5" },
+        webhookEventId: "evt-5b",
+      }),
+      context: {
+        cfg: { channels: { line: { groupPolicy: "allowlist" } } },
+        account: {
+          accountId: "default",
+          enabled: true,
+          channelAccessToken: "token",
+          channelSecret: "secret",
+          tokenSource: "config",
+          config: {
+            dmPolicy: "pairing",
+            allowFrom: [],
+            groupPolicy: "allowlist",
+            groupAllowFrom: [],
+          },
+        },
+        runtime: createRuntime(),
+        mediaMaxBytes: 1,
+        processMessage,
+      },
     });
-
-    expect(processMessage).not.toHaveBeenCalled();
-    expect(buildLineMessageContextMock).not.toHaveBeenCalled();
   });
 
   it("blocks group messages when wildcard group config disables groups", async () => {
@@ -534,11 +551,7 @@ describe("handleLineWebhookEvents", () => {
       webhookEventId: "evt-inflight-1",
       isRedelivery: true,
     });
-    const context = createOpenGroupReplayContext(processMessage, createLineWebhookReplayCache());
-
-    const firstRun = handleLineWebhookEvents([event], context);
-    await Promise.resolve();
-    const secondRun = handleLineWebhookEvents([event], context);
+    const { firstRun, secondRun } = await startInflightReplayDuplicate({ event, processMessage });
     resolveFirst?.();
     await Promise.all([firstRun, secondRun]);
 
@@ -561,11 +574,7 @@ describe("handleLineWebhookEvents", () => {
       webhookEventId: "evt-inflight-fail-1",
       isRedelivery: true,
     });
-    const context = createOpenGroupReplayContext(processMessage, createLineWebhookReplayCache());
-
-    const firstRun = handleLineWebhookEvents([event], context);
-    await Promise.resolve();
-    const secondRun = handleLineWebhookEvents([event], context);
+    const { firstRun, secondRun } = await startInflightReplayDuplicate({ event, processMessage });
     rejectFirst?.(new Error("transient inflight failure"));
 
     await expect(firstRun).rejects.toThrow("transient inflight failure");
@@ -778,7 +787,6 @@ describe("handleLineWebhookEvents", () => {
   });
 
   it("processes group messages with @all mention when requireMention is set", async () => {
-    const processMessage = vi.fn();
     const event = createTestMessageEvent({
       message: {
         id: "m-mention-3",
@@ -792,17 +800,7 @@ describe("handleLineWebhookEvents", () => {
       webhookEventId: "evt-mention-3",
     });
 
-    await handleLineWebhookEvents(
-      [event],
-      createLineWebhookTestContext({
-        processMessage,
-        groupPolicy: "open",
-        requireMention: true,
-      }),
-    );
-
-    expect(buildLineMessageContextMock).toHaveBeenCalledTimes(1);
-    expect(processMessage).toHaveBeenCalledTimes(1);
+    await expectRequireMentionGroupMessageProcessed(event);
   });
 
   it("does not apply requireMention gating to DM messages", async () => {
@@ -827,7 +825,6 @@ describe("handleLineWebhookEvents", () => {
   });
 
   it("allows non-text group messages through when requireMention is set (cannot detect mention)", async () => {
-    const processMessage = vi.fn();
     // Image message -- LINE only carries mention metadata on text messages.
     const event = createTestMessageEvent({
       message: {
@@ -840,17 +837,7 @@ describe("handleLineWebhookEvents", () => {
       webhookEventId: "evt-mention-img",
     });
 
-    await handleLineWebhookEvents(
-      [event],
-      createLineWebhookTestContext({
-        processMessage,
-        groupPolicy: "open",
-        requireMention: true,
-      }),
-    );
-
-    expect(buildLineMessageContextMock).toHaveBeenCalledTimes(1);
-    expect(processMessage).toHaveBeenCalledTimes(1);
+    await expectRequireMentionGroupMessageProcessed(event);
   });
 
   it("does not bypass mention gating when non-bot mention is present with control command", async () => {
diff --git a/src/media/fetch.telegram-network.test.ts b/src/media/fetch.telegram-network.test.ts
index cb4cb1ab5b1..d7a4d8e217d 100644
--- a/src/media/fetch.telegram-network.test.ts
+++ b/src/media/fetch.telegram-network.test.ts
@@ -1,5 +1,8 @@
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { resolveTelegramTransport } from "../telegram/fetch.js";
+import {
+  resolveTelegramTransport,
+  shouldRetryTelegramIpv4Fallback,
+} from "../../extensions/telegram/src/fetch.js";
 import { fetchRemoteMedia } from "./fetch.js";
 
 const undiciMocks = vi.hoisted(() => {
@@ -26,6 +29,12 @@ vi.mock("undici", () => ({
 describe("fetchRemoteMedia telegram network policy", () => {
   type LookupFn = NonNullable<Parameters<typeof fetchRemoteMedia>[0]["lookupFn"]>;
 
+  function createTelegramFetchFailedError(code: string): Error {
+    return Object.assign(new TypeError("fetch failed"), {
+      cause: { code },
+    });
+  }
+
   afterEach(() => {
     undiciMocks.fetch.mockReset();
     undiciMocks.agentCtor.mockClear();
@@ -84,7 +93,7 @@ describe("fetchRemoteMedia telegram network policy", () => {
   });
 
   it("keeps explicit proxy routing for file downloads", async () => {
-    const { makeProxyFetch } = await import("../telegram/proxy.js");
+    const { makeProxyFetch } = await import("../../extensions/telegram/src/proxy.js");
     const lookupFn = vi.fn(async () => [
       { address: "149.154.167.220", family: 4 },
     ]) as unknown as LookupFn;
@@ -127,4 +136,116 @@ describe("fetchRemoteMedia telegram network policy", () => {
     expect(init?.dispatcher?.options?.uri).toBe("http://127.0.0.1:7890");
     expect(undiciMocks.proxyAgentCtor).toHaveBeenCalled();
   });
+
+  it("retries Telegram file downloads with IPv4 fallback when the first fetch fails", async () => {
+    const lookupFn = vi.fn(async () => [
+      { address: "149.154.167.220", family: 4 },
+      { address: "2001:67c:4e8:f004::9", family: 6 },
+    ]) as unknown as LookupFn;
+    undiciMocks.fetch
+      .mockRejectedValueOnce(createTelegramFetchFailedError("EHOSTUNREACH"))
+      .mockResolvedValueOnce(
+        new Response(new Uint8Array([0xff, 0xd8, 0xff, 0x00]), {
+          status: 200,
+          headers: { "content-type": "image/jpeg" },
+        }),
+      );
+
+    const telegramTransport = resolveTelegramTransport(undefined, {
+      network: {
+        autoSelectFamily: true,
+        dnsResultOrder: "ipv4first",
+      },
+    });
+
+    await fetchRemoteMedia({
+      url: "https://api.telegram.org/file/bottok/photos/2.jpg",
+      fetchImpl: telegramTransport.sourceFetch,
+      dispatcherPolicy: telegramTransport.pinnedDispatcherPolicy,
+      fallbackDispatcherPolicy: telegramTransport.fallbackPinnedDispatcherPolicy,
+      shouldRetryFetchError: shouldRetryTelegramIpv4Fallback,
+      lookupFn,
+      maxBytes: 1024,
+      ssrfPolicy: {
+        allowedHostnames: ["api.telegram.org"],
+        allowRfc2544BenchmarkRange: true,
+      },
+    });
+
+    const firstInit = undiciMocks.fetch.mock.calls[0]?.[1] as
+      | (RequestInit & {
+          dispatcher?: {
+            options?: {
+              connect?: Record<string, unknown>;
+            };
+          };
+        })
+      | undefined;
+    const secondInit = undiciMocks.fetch.mock.calls[1]?.[1] as
+      | (RequestInit & {
+          dispatcher?: {
+            options?: {
+              connect?: Record<string, unknown>;
+            };
+          };
+        })
+      | undefined;
+
+    expect(undiciMocks.fetch).toHaveBeenCalledTimes(2);
+    expect(firstInit?.dispatcher?.options?.connect).toEqual(
+      expect.objectContaining({
+        autoSelectFamily: true,
+        autoSelectFamilyAttemptTimeout: 300,
+        lookup: expect.any(Function),
+      }),
+    );
+    expect(secondInit?.dispatcher?.options?.connect).toEqual(
+      expect.objectContaining({
+        family: 4,
+        autoSelectFamily: false,
+        lookup: expect.any(Function),
+      }),
+    );
+  });
+
+  it("preserves both primary and fallback errors when Telegram media retry fails twice", async () => {
+    const lookupFn = vi.fn(async () => [
+      { address: "149.154.167.220", family: 4 },
+      { address: "2001:67c:4e8:f004::9", family: 6 },
+    ]) as unknown as LookupFn;
+    const primaryError = createTelegramFetchFailedError("EHOSTUNREACH");
+    const fallbackError = createTelegramFetchFailedError("ETIMEDOUT");
+    undiciMocks.fetch.mockRejectedValueOnce(primaryError).mockRejectedValueOnce(fallbackError);
+
+    const telegramTransport = resolveTelegramTransport(undefined, {
+      network: {
+        autoSelectFamily: true,
+        dnsResultOrder: "ipv4first",
+      },
+    });
+
+    await expect(
+      fetchRemoteMedia({
+        url: "https://api.telegram.org/file/bottok/photos/3.jpg",
+        fetchImpl: telegramTransport.sourceFetch,
+        dispatcherPolicy: telegramTransport.pinnedDispatcherPolicy,
+        fallbackDispatcherPolicy: telegramTransport.fallbackPinnedDispatcherPolicy,
+        shouldRetryFetchError: shouldRetryTelegramIpv4Fallback,
+        lookupFn,
+        maxBytes: 1024,
+        ssrfPolicy: {
+          allowedHostnames: ["api.telegram.org"],
+          allowRfc2544BenchmarkRange: true,
+        },
+      }),
+    ).rejects.toMatchObject({
+      name: "MediaFetchError",
+      code: "fetch_failed",
+      cause: expect.objectContaining({
+        name: "Error",
+        cause: fallbackError,
+        primaryError,
+      }),
+    });
+  });
 });
diff --git a/src/media/fetch.test.ts b/src/media/fetch.test.ts
index 00966e26a34..4498ca4b550 100644
--- a/src/media/fetch.test.ts
+++ b/src/media/fetch.test.ts
@@ -25,13 +25,21 @@ function makeStallingFetch(firstChunk: Uint8Array) {
   });
 }
 
+function makeLookupFn() {
+  return vi.fn(async () => [{ address: "149.154.167.220", family: 4 }]) as unknown as NonNullable<
+    Parameters<typeof fetchRemoteMedia>[0]["lookupFn"]
+  >;
+}
+
 describe("fetchRemoteMedia", () => {
-  type LookupFn = NonNullable<Parameters<typeof fetchRemoteMedia>[0]["lookupFn"]>;
+  const telegramToken = "123456789:ABCDEFGHIJKLMNOPQRSTUVWXYZabcd";
+  const redactedTelegramToken = `${telegramToken.slice(0, 6)}…${telegramToken.slice(-4)}`;
+  const telegramFileUrl = `https://api.telegram.org/file/bot${telegramToken}/photos/1.jpg`;
 
   it("rejects when content-length exceeds maxBytes", async () => {
     const lookupFn = vi.fn(async () => [
       { address: "93.184.216.34", family: 4 },
-    ]) as unknown as LookupFn;
+    ]) as unknown as NonNullable<Parameters<typeof fetchRemoteMedia>[0]["lookupFn"]>;
     const fetchImpl = async () =>
       new Response(makeStream([new Uint8Array([1, 2, 3, 4, 5])]), {
         status: 200,
@@ -51,7 +59,7 @@ describe("fetchRemoteMedia", () => {
   it("rejects when streamed payload exceeds maxBytes", async () => {
     const lookupFn = vi.fn(async () => [
       { address: "93.184.216.34", family: 4 },
-    ]) as unknown as LookupFn;
+    ]) as unknown as NonNullable<Parameters<typeof fetchRemoteMedia>[0]["lookupFn"]>;
     const fetchImpl = async () =>
       new Response(makeStream([new Uint8Array([1, 2, 3]), new Uint8Array([4, 5, 6])]), {
         status: 200,
@@ -70,7 +78,7 @@ describe("fetchRemoteMedia", () => {
   it("aborts stalled body reads when idle timeout expires", async () => {
     const lookupFn = vi.fn(async () => [
       { address: "93.184.216.34", family: 4 },
-    ]) as unknown as LookupFn;
+    ]) as unknown as NonNullable<Parameters<typeof fetchRemoteMedia>[0]["lookupFn"]>;
     const fetchImpl = makeStallingFetch(new Uint8Array([1, 2]));
 
     await expect(
@@ -87,6 +95,48 @@ describe("fetchRemoteMedia", () => {
     });
   }, 5_000);
 
+  it("redacts Telegram bot tokens from fetch failure messages", async () => {
+    const fetchImpl = vi.fn(async () => {
+      throw new Error(`dial failed for ${telegramFileUrl}`);
+    });
+
+    const error = await fetchRemoteMedia({
+      url: telegramFileUrl,
+      fetchImpl,
+      lookupFn: makeLookupFn(),
+      maxBytes: 1024,
+      ssrfPolicy: {
+        allowedHostnames: ["api.telegram.org"],
+        allowRfc2544BenchmarkRange: true,
+      },
+    }).catch((err: unknown) => err as Error);
+
+    expect(error).toBeInstanceOf(Error);
+    const errorText = error instanceof Error ? String(error) : "";
+    expect(errorText).not.toContain(telegramToken);
+    expect(errorText).toContain(`bot${redactedTelegramToken}`);
+  });
+
+  it("redacts Telegram bot tokens from HTTP error messages", async () => {
+    const fetchImpl = vi.fn(async () => new Response("unauthorized", { status: 401 }));
+
+    const error = await fetchRemoteMedia({
+      url: telegramFileUrl,
+      fetchImpl,
+      lookupFn: makeLookupFn(),
+      maxBytes: 1024,
+      ssrfPolicy: {
+        allowedHostnames: ["api.telegram.org"],
+        allowRfc2544BenchmarkRange: true,
+      },
+    }).catch((err: unknown) => err as Error);
+
+    expect(error).toBeInstanceOf(Error);
+    const errorText = error instanceof Error ? String(error) : "";
+    expect(errorText).not.toContain(telegramToken);
+    expect(errorText).toContain(`bot${redactedTelegramToken}`);
+  });
+
   it("blocks private IP literals before fetching", async () => {
     const fetchImpl = vi.fn();
     await expect(
diff --git a/src/media/fetch.ts b/src/media/fetch.ts
index 40cd8b2414f..020ac8040bd 100644
--- a/src/media/fetch.ts
+++ b/src/media/fetch.ts
@@ -1,6 +1,8 @@
 import path from "node:path";
+import { formatErrorMessage } from "../infra/errors.js";
 import { fetchWithSsrFGuard, withStrictGuardedFetchMode } from "../infra/net/fetch-guard.js";
 import type { LookupFn, PinnedDispatcherPolicy, SsrFPolicy } from "../infra/net/ssrf.js";
+import { redactSensitiveText } from "../logging/redact.js";
 import { detectMime, extensionForMime } from "./mime.js";
 import { readResponseWithLimit } from "./read-response-with-limit.js";
 
@@ -15,8 +17,8 @@ export type MediaFetchErrorCode = "max_bytes" | "http_error" | "fetch_failed";
 export class MediaFetchError extends Error {
   readonly code: MediaFetchErrorCode;
 
-  constructor(code: MediaFetchErrorCode, message: string) {
-    super(message);
+  constructor(code: MediaFetchErrorCode, message: string, options?: { cause?: unknown }) {
+    super(message, options);
     this.code = code;
     this.name = "MediaFetchError";
   }
@@ -36,6 +38,8 @@ type FetchMediaOptions = {
   ssrfPolicy?: SsrFPolicy;
   lookupFn?: LookupFn;
   dispatcherPolicy?: PinnedDispatcherPolicy;
+  fallbackDispatcherPolicy?: PinnedDispatcherPolicy;
+  shouldRetryFetchError?: (error: unknown) => boolean;
 };
 
 function stripQuotes(value: string): string {
@@ -82,6 +86,10 @@ async function readErrorBodySnippet(res: Response, maxChars = 200): Promise<stri
   }
 }
 
+function redactMediaUrl(url: string): string {
+  return redactSensitiveText(url);
+}
+
 export async function fetchRemoteMedia(options: FetchMediaOptions): Promise<FetchMediaResult> {
   const {
     url,
@@ -94,13 +102,16 @@ export async function fetchRemoteMedia(options: FetchMediaOptions): Promise<Fetc
     ssrfPolicy,
     lookupFn,
     dispatcherPolicy,
+    fallbackDispatcherPolicy,
+    shouldRetryFetchError,
   } = options;
+  const sourceUrl = redactMediaUrl(url);
 
   let res: Response;
   let finalUrl = url;
   let release: (() => Promise<void>) | null = null;
-  try {
-    const result = await fetchWithSsrFGuard(
+  const runGuardedFetch = async (policy?: PinnedDispatcherPolicy) =>
+    await fetchWithSsrFGuard(
       withStrictGuardedFetchMode({
         url,
         fetchImpl,
@@ -108,20 +119,50 @@ export async function fetchRemoteMedia(options: FetchMediaOptions): Promise<Fetc
         maxRedirects,
         policy: ssrfPolicy,
         lookupFn,
-        dispatcherPolicy,
+        dispatcherPolicy: policy,
       }),
     );
+  try {
+    let result;
+    try {
+      result = await runGuardedFetch(dispatcherPolicy);
+    } catch (err) {
+      if (
+        fallbackDispatcherPolicy &&
+        typeof shouldRetryFetchError === "function" &&
+        shouldRetryFetchError(err)
+      ) {
+        try {
+          result = await runGuardedFetch(fallbackDispatcherPolicy);
+        } catch (fallbackErr) {
+          const combined = new Error(
+            `Primary fetch failed and fallback fetch also failed for ${sourceUrl}`,
+            { cause: fallbackErr },
+          );
+          (combined as Error & { primaryError?: unknown }).primaryError = err;
+          throw combined;
+        }
+      } else {
+        throw err;
+      }
+    }
     res = result.response;
     finalUrl = result.finalUrl;
     release = result.release;
   } catch (err) {
-    throw new MediaFetchError("fetch_failed", `Failed to fetch media from ${url}: ${String(err)}`);
+    throw new MediaFetchError(
+      "fetch_failed",
+      `Failed to fetch media from ${sourceUrl}: ${formatErrorMessage(err)}`,
+      {
+        cause: err,
+      },
+    );
   }
 
   try {
     if (!res.ok) {
       const statusText = res.statusText ? ` ${res.statusText}` : "";
-      const redirected = finalUrl !== url ? ` (redirected to ${finalUrl})` : "";
+      const redirected = finalUrl !== url ? ` (redirected to ${redactMediaUrl(finalUrl)})` : "";
       let detail = `HTTP ${res.status}${statusText}`;
       if (!res.body) {
         detail = `HTTP ${res.status}${statusText}; empty response body`;
@@ -133,7 +174,7 @@ export async function fetchRemoteMedia(options: FetchMediaOptions): Promise<Fetc
       }
       throw new MediaFetchError(
         "http_error",
-        `Failed to fetch media from ${url}${redirected}: ${detail}`,
+        `Failed to fetch media from ${sourceUrl}${redirected}: ${redactSensitiveText(detail)}`,
       );
     }
 
@@ -143,7 +184,7 @@ export async function fetchRemoteMedia(options: FetchMediaOptions): Promise<Fetc
       if (Number.isFinite(length) && length > maxBytes) {
         throw new MediaFetchError(
           "max_bytes",
-          `Failed to fetch media from ${url}: content length ${length} exceeds maxBytes ${maxBytes}`,
+          `Failed to fetch media from ${sourceUrl}: content length ${length} exceeds maxBytes ${maxBytes}`,
         );
       }
     }
@@ -155,7 +196,7 @@ export async function fetchRemoteMedia(options: FetchMediaOptions): Promise<Fetc
             onOverflow: ({ maxBytes, res }) =>
               new MediaFetchError(
                 "max_bytes",
-                `Failed to fetch media from ${res.url || url}: payload exceeds maxBytes ${maxBytes}`,
+                `Failed to fetch media from ${redactMediaUrl(res.url || url)}: payload exceeds maxBytes ${maxBytes}`,
               ),
             chunkTimeoutMs: readIdleTimeoutMs,
           })
@@ -166,7 +207,8 @@ export async function fetchRemoteMedia(options: FetchMediaOptions): Promise<Fetc
       }
       throw new MediaFetchError(
         "fetch_failed",
-        `Failed to fetch media from ${res.url || url}: ${String(err)}`,
+        `Failed to fetch media from ${redactMediaUrl(res.url || url)}: ${formatErrorMessage(err)}`,
+        { cause: err },
       );
     }
     let fileNameFromUrl: string | undefined;
diff --git a/src/media/load-options.ts b/src/media/load-options.ts
index 69400e98ffb..da4545ae10e 100644
--- a/src/media/load-options.ts
+++ b/src/media/load-options.ts
@@ -1,11 +1,13 @@
 export type OutboundMediaLoadParams = {
   maxBytes?: number;
   mediaLocalRoots?: readonly string[];
+  optimizeImages?: boolean;
 };
 
 export type OutboundMediaLoadOptions = {
   maxBytes?: number;
   localRoots?: readonly string[];
+  optimizeImages?: boolean;
 };
 
 export function resolveOutboundMediaLocalRoots(
@@ -21,5 +23,6 @@ export function buildOutboundMediaLoadOptions(
   return {
     ...(params.maxBytes !== undefined ? { maxBytes: params.maxBytes } : {}),
     ...(localRoots ? { localRoots } : {}),
+    ...(params.optimizeImages !== undefined ? { optimizeImages: params.optimizeImages } : {}),
   };
 }
diff --git a/src/media/outbound-attachment.ts b/src/media/outbound-attachment.ts
index 155d234457b..374f0696b96 100644
--- a/src/media/outbound-attachment.ts
+++ b/src/media/outbound-attachment.ts
@@ -1,4 +1,4 @@
-import { loadWebMedia } from "../web/media.js";
+import { loadWebMedia } from "../../extensions/whatsapp/src/media.js";
 import { buildOutboundMediaLoadOptions } from "./load-options.js";
 import { saveMediaBuffer } from "./store.js";
 
diff --git a/src/memory/batch-voyage.test.ts b/src/memory/batch-voyage.test.ts
index e3ca43a3419..1b0a6c05248 100644
--- a/src/memory/batch-voyage.test.ts
+++ b/src/memory/batch-voyage.test.ts
@@ -2,6 +2,7 @@ import { ReadableStream } from "node:stream/web";
 import { afterEach, beforeAll, describe, expect, it, vi } from "vitest";
 import type { VoyageBatchOutputLine, VoyageBatchRequest } from "./batch-voyage.js";
 import type { VoyageEmbeddingClient } from "./embeddings-voyage.js";
+import { mockPublicPinnedHostname } from "./test-helpers/ssrf.js";
 
 // Mock internal.js if needed, but runWithConcurrency is simple enough to keep real.
 // We DO need to mock retryAsync to avoid actual delays/retries logic complicating tests
@@ -35,6 +36,7 @@ describe("runVoyageEmbeddingBatches", () => {
   it("successfully submits batch, waits, and streams results", async () => {
     const fetchMock = vi.fn();
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
 
     // Sequence of fetch calls:
     // 1. Upload file
@@ -130,6 +132,7 @@ describe("runVoyageEmbeddingBatches", () => {
   it("handles empty lines and stream chunks correctly", async () => {
     const fetchMock = vi.fn();
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
 
     // 1. Upload
     fetchMock.mockResolvedValueOnce({ ok: true, json: async () => ({ id: "f1" }) });
diff --git a/src/memory/embeddings-gemini.test.ts b/src/memory/embeddings-gemini.test.ts
index 8d05a43d042..09e84d9902b 100644
--- a/src/memory/embeddings-gemini.test.ts
+++ b/src/memory/embeddings-gemini.test.ts
@@ -9,6 +9,7 @@ import {
   isGeminiEmbedding2Model,
   resolveGeminiOutputDimensionality,
 } from "./embeddings-gemini.js";
+import { mockPublicPinnedHostname } from "./test-helpers/ssrf.js";
 
 vi.mock("../agents/model-auth.js", async () => {
   const { createModelAuthMockModule } = await import("../test-utils/model-auth-mock.js");
@@ -67,6 +68,7 @@ async function createProviderWithFetch(
   options: Partial<Parameters<typeof createGeminiEmbeddingProvider>[0]> & { model: string },
 ) {
   vi.stubGlobal("fetch", fetchMock);
+  mockPublicPinnedHostname();
   mockResolvedProviderKey();
   const { provider } = await createGeminiEmbeddingProvider({
     config: {} as never,
@@ -449,6 +451,7 @@ describe("gemini model normalization", () => {
   it("handles models/ prefix for v2 model", async () => {
     const fetchMock = createGeminiFetchMock();
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
     mockResolvedProviderKey();
 
     const { provider } = await createGeminiEmbeddingProvider({
@@ -467,6 +470,7 @@ describe("gemini model normalization", () => {
   it("handles gemini/ prefix for v2 model", async () => {
     const fetchMock = createGeminiFetchMock();
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
     mockResolvedProviderKey();
 
     const { provider } = await createGeminiEmbeddingProvider({
@@ -485,6 +489,7 @@ describe("gemini model normalization", () => {
   it("handles google/ prefix for v2 model", async () => {
     const fetchMock = createGeminiFetchMock();
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
     mockResolvedProviderKey();
 
     const { provider } = await createGeminiEmbeddingProvider({
diff --git a/src/memory/embeddings-voyage.test.ts b/src/memory/embeddings-voyage.test.ts
index 28314017a6f..ccc164bd064 100644
--- a/src/memory/embeddings-voyage.test.ts
+++ b/src/memory/embeddings-voyage.test.ts
@@ -33,6 +33,7 @@ async function createDefaultVoyageProvider(
   fetchMock: ReturnType<typeof createFetchMock>,
 ) {
   vi.stubGlobal("fetch", fetchMock);
+  mockPublicPinnedHostname();
   mockVoyageApiKey();
   return createVoyageEmbeddingProvider({
     config: {} as never,
diff --git a/src/memory/embeddings.test.ts b/src/memory/embeddings.test.ts
index 6f489ecc0c1..f15624ee1cb 100644
--- a/src/memory/embeddings.test.ts
+++ b/src/memory/embeddings.test.ts
@@ -179,6 +179,7 @@ describe("embedding provider remote overrides", () => {
   it("builds Gemini embeddings requests with api key header", async () => {
     const fetchMock = createGeminiFetchMock();
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
     mockResolvedProviderKey("provider-key");
 
     const cfg = {
@@ -230,6 +231,7 @@ describe("embedding provider remote overrides", () => {
   it("uses GEMINI_API_KEY env indirection for Gemini remote apiKey", async () => {
     const fetchMock = createGeminiFetchMock();
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
     vi.stubEnv("GEMINI_API_KEY", "env-gemini-key");
 
     const result = await createEmbeddingProvider({
@@ -253,6 +255,7 @@ describe("embedding provider remote overrides", () => {
   it("builds Mistral embeddings requests with bearer auth", async () => {
     const fetchMock = createFetchMock();
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
     mockResolvedProviderKey("provider-key");
 
     const cfg = {
@@ -303,6 +306,7 @@ describe("embedding provider auto selection", () => {
   it("uses gemini when openai is missing", async () => {
     const fetchMock = createGeminiFetchMock();
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
     vi.mocked(authModule.resolveApiKeyForProvider).mockImplementation(async ({ provider }) => {
       if (provider === "openai") {
         throw new Error('No API key found for provider "openai".');
@@ -329,6 +333,7 @@ describe("embedding provider auto selection", () => {
       json: async () => ({ data: [{ embedding: [1, 2, 3] }] }),
     }));
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
     vi.mocked(authModule.resolveApiKeyForProvider).mockImplementation(async ({ provider }) => {
       if (provider === "openai") {
         return { apiKey: "openai-key", source: "env: OPENAI_API_KEY", mode: "api-key" };
@@ -357,6 +362,7 @@ describe("embedding provider auto selection", () => {
   it("uses mistral when openai/gemini/voyage are missing", async () => {
     const fetchMock = createFetchMock();
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
     vi.mocked(authModule.resolveApiKeyForProvider).mockImplementation(async ({ provider }) => {
       if (provider === "mistral") {
         return { apiKey: "mistral-key", source: "env: MISTRAL_API_KEY", mode: "api-key" }; // pragma: allowlist secret
diff --git a/src/memory/manager.batch.test.ts b/src/memory/manager.batch.test.ts
index dd08b03107e..453f1a6c815 100644
--- a/src/memory/manager.batch.test.ts
+++ b/src/memory/manager.batch.test.ts
@@ -6,6 +6,7 @@ import { useFastShortTimeouts } from "../../test/helpers/fast-short-timeouts.js"
 import type { OpenClawConfig } from "../config/config.js";
 import { getMemorySearchManager, type MemoryIndexManager } from "./index.js";
 import { createOpenAIEmbeddingProviderMock } from "./test-embeddings-mock.js";
+import { mockPublicPinnedHostname } from "./test-helpers/ssrf.js";
 import "./test-runtime-mocks.js";
 
 const embedBatch = vi.fn(async (_texts: string[]) => [] as number[][]);
@@ -174,6 +175,7 @@ describe("memory indexing with OpenAI batches", () => {
     const { fetchMock } = createOpenAIBatchFetchMock();
 
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
 
     try {
       if (!manager) {
@@ -216,6 +218,7 @@ describe("memory indexing with OpenAI batches", () => {
     });
 
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
 
     try {
       if (!manager) {
@@ -255,6 +258,7 @@ describe("memory indexing with OpenAI batches", () => {
     });
 
     vi.stubGlobal("fetch", fetchMock);
+    mockPublicPinnedHostname();
 
     try {
       if (!manager) {
diff --git a/src/node-host/invoke-browser.test.ts b/src/node-host/invoke-browser.test.ts
index ca9232823c1..4dc5b520d43 100644
--- a/src/node-host/invoke-browser.test.ts
+++ b/src/node-host/invoke-browser.test.ts
@@ -22,7 +22,7 @@ const configMocks = vi.hoisted(() => ({
 const browserConfigMocks = vi.hoisted(() => ({
   resolveBrowserConfig: vi.fn(() => ({
     enabled: true,
-    defaultProfile: "chrome",
+    defaultProfile: "openclaw",
   })),
 }));
 
@@ -45,7 +45,7 @@ describe("runBrowserProxyCommand", () => {
     });
     browserConfigMocks.resolveBrowserConfig.mockReturnValue({
       enabled: true,
-      defaultProfile: "chrome",
+      defaultProfile: "openclaw",
     });
     controlServiceMocks.startBrowserControlServiceFromConfig.mockResolvedValue(true);
   });
@@ -70,12 +70,42 @@ describe("runBrowserProxyCommand", () => {
         JSON.stringify({
           method: "GET",
           path: "/snapshot",
-          profile: "chrome",
+          profile: "chrome-relay",
           timeoutMs: 5,
         }),
       ),
     ).rejects.toThrow(
-      /browser proxy timed out for GET \/snapshot after 5ms; ws-backed browser action; profile=chrome; status\(running=true, cdpHttp=true, cdpReady=false, cdpUrl=http:\/\/127\.0\.0\.1:18792\)/,
+      /browser proxy timed out for GET \/snapshot after 5ms; ws-backed browser action; profile=chrome-relay; status\(running=true, cdpHttp=true, cdpReady=false, cdpUrl=http:\/\/127\.0\.0\.1:18792\)/,
+    );
+  });
+
+  it("includes chrome-mcp transport in timeout diagnostics when no CDP URL exists", async () => {
+    dispatcherMocks.dispatch
+      .mockImplementationOnce(async () => {
+        await new Promise(() => {});
+      })
+      .mockResolvedValueOnce({
+        status: 200,
+        body: {
+          running: true,
+          transport: "chrome-mcp",
+          cdpHttp: true,
+          cdpReady: false,
+          cdpUrl: null,
+        },
+      });
+
+    await expect(
+      runBrowserProxyCommand(
+        JSON.stringify({
+          method: "GET",
+          path: "/snapshot",
+          profile: "user",
+          timeoutMs: 5,
+        }),
+      ),
+    ).rejects.toThrow(
+      /browser proxy timed out for GET \/snapshot after 5ms; ws-backed browser action; profile=user; status\(running=true, cdpHttp=true, cdpReady=false, transport=chrome-mcp\)/,
     );
   });
 
@@ -90,7 +120,7 @@ describe("runBrowserProxyCommand", () => {
         JSON.stringify({
           method: "POST",
           path: "/act",
-          profile: "chrome",
+          profile: "chrome-relay",
           timeoutMs: 50,
         }),
       ),
diff --git a/src/node-host/invoke-browser.ts b/src/node-host/invoke-browser.ts
index 8587dff72c3..fc16ccd5298 100644
--- a/src/node-host/invoke-browser.ts
+++ b/src/node-host/invoke-browser.ts
@@ -164,6 +164,7 @@ async function readBrowserProxyStatus(params: {
     const body = response.body as Record<string, unknown>;
     return {
       running: body.running,
+      transport: body.transport,
       cdpHttp: body.cdpHttp,
       cdpReady: body.cdpReady,
       cdpUrl: body.cdpUrl,
@@ -194,6 +195,9 @@ function formatBrowserProxyTimeoutMessage(params: {
       `cdpHttp=${String(params.status.cdpHttp)}`,
       `cdpReady=${String(params.status.cdpReady)}`,
     ];
+    if (typeof params.status.transport === "string" && params.status.transport.trim()) {
+      statusParts.push(`transport=${params.status.transport}`);
+    }
     if (typeof params.status.cdpUrl === "string" && params.status.cdpUrl.trim()) {
       statusParts.push(`cdpUrl=${params.status.cdpUrl}`);
     }
diff --git a/src/node-host/invoke-system-run-plan.test.ts b/src/node-host/invoke-system-run-plan.test.ts
index 29cec3074aa..372e66f6521 100644
--- a/src/node-host/invoke-system-run-plan.test.ts
+++ b/src/node-host/invoke-system-run-plan.test.ts
@@ -41,6 +41,7 @@ type RuntimeFixture = {
   expectedArgvIndex: number;
   binName?: string;
   binNames?: string[];
+  skipOnWin32?: boolean;
 };
 
 type UnsafeRuntimeInvocationCase = {
@@ -508,6 +509,7 @@ describe("hardenApprovedExecutionPaths", () => {
       scriptName: "run.ts",
       initialBody: 'console.log("SAFE");\n',
       expectedArgvIndex: 3,
+      skipOnWin32: true,
     },
     {
       name: "pnpm exec double-dash tsx file",
@@ -557,6 +559,9 @@ describe("hardenApprovedExecutionPaths", () => {
 
   for (const runtimeCase of mutableOperandCases) {
     it(`captures mutable ${runtimeCase.name} operands in approval plans`, () => {
+      if (runtimeCase.skipOnWin32 && process.platform === "win32") {
+        return;
+      }
       const binNames =
         runtimeCase.binNames ??
         (runtimeCase.binName ? [runtimeCase.binName] : ["bunx", "pnpm", "npm", "npx", "tsx"]);
diff --git a/src/node-host/invoke-system-run.test.ts b/src/node-host/invoke-system-run.test.ts
index d183f9087c3..045897a5fc4 100644
--- a/src/node-host/invoke-system-run.test.ts
+++ b/src/node-host/invoke-system-run.test.ts
@@ -746,6 +746,14 @@ describe("handleSystemRunInvoke mac app exec host routing", () => {
         security: "full",
         ask: "off",
       });
+      if (process.platform === "win32") {
+        expect(runCommand).not.toHaveBeenCalled();
+        expectInvokeErrorMessage(sendInvokeResult, {
+          message: "SYSTEM_RUN_DENIED: approval requires a stable executable path",
+          exact: true,
+        });
+        return;
+      }
       expectCommandPinnedToCanonicalPath({
         runCommand,
         expected: fs.realpathSync(script),
@@ -779,6 +787,13 @@ describe("handleSystemRunInvoke mac app exec host routing", () => {
             ask: "off",
           });
           expect(runCommand).not.toHaveBeenCalled();
+          if (process.platform === "win32") {
+            expectInvokeErrorMessage(sendInvokeResult, {
+              message: "SYSTEM_RUN_DENIED: approval requires a stable executable path",
+              exact: true,
+            });
+            return;
+          }
           expectInvokeErrorMessage(sendInvokeResult, {
             message: "SYSTEM_RUN_DENIED: approval cwd changed before execution",
             exact: true,
diff --git a/src/node-host/runner.ts b/src/node-host/runner.ts
index 0378d9406ba..097d8ef9ec0 100644
--- a/src/node-host/runner.ts
+++ b/src/node-host/runner.ts
@@ -174,8 +174,6 @@ export async function runNodeHost(opts: NodeHostRunOptions): Promise<void> {
   const scheme = gateway.tls ? "wss" : "ws";
   const url = `${scheme}://${host}:${port}`;
   const pathEnv = ensureNodePathEnv();
-  // eslint-disable-next-line no-console
-  console.log(`node host PATH: ${pathEnv}`);
 
   const client = new GatewayClient({
     url,
diff --git a/src/pairing/setup-code.test.ts b/src/pairing/setup-code.test.ts
index 6a68858280c..e72a9399623 100644
--- a/src/pairing/setup-code.test.ts
+++ b/src/pairing/setup-code.test.ts
@@ -10,6 +10,25 @@ vi.mock("../infra/device-bootstrap.js", () => ({
 }));
 
 describe("pairing setup code", () => {
+  type ResolvedSetup = Awaited<ReturnType<typeof resolvePairingSetupFromConfig>>;
+  const defaultEnvSecretProviderConfig = {
+    secrets: {
+      providers: {
+        default: { source: "env" },
+      },
+    },
+  } as const;
+  const gatewayPasswordSecretRef: SecretInput = {
+    source: "env",
+    provider: "default",
+    id: "GW_PASSWORD",
+  };
+  const missingGatewayTokenSecretRef: SecretInput = {
+    source: "env",
+    provider: "default",
+    id: "MISSING_GW_TOKEN",
+  };
+
   function createTailnetDnsRunner() {
     return vi.fn(async () => ({
       code: 0,
@@ -18,6 +37,36 @@ describe("pairing setup code", () => {
     }));
   }
 
+  function expectResolvedSetupOk(
+    resolved: ResolvedSetup,
+    params: {
+      authLabel: string;
+      url?: string;
+      urlSource?: string;
+    },
+  ) {
+    expect(resolved.ok).toBe(true);
+    if (!resolved.ok) {
+      throw new Error("expected setup resolution to succeed");
+    }
+    expect(resolved.authLabel).toBe(params.authLabel);
+    expect(resolved.payload.bootstrapToken).toBe("bootstrap-123");
+    if (params.url) {
+      expect(resolved.payload.url).toBe(params.url);
+    }
+    if (params.urlSource) {
+      expect(resolved.urlSource).toBe(params.urlSource);
+    }
+  }
+
+  function expectResolvedSetupError(resolved: ResolvedSetup, snippet: string) {
+    expect(resolved.ok).toBe(false);
+    if (resolved.ok) {
+      throw new Error("expected setup resolution to fail");
+    }
+    expect(resolved.error).toContain(snippet);
+  }
+
   beforeEach(() => {
     vi.stubEnv("OPENCLAW_GATEWAY_TOKEN", "");
     vi.stubEnv("CLAWDBOT_GATEWAY_TOKEN", "");
@@ -69,14 +118,10 @@ describe("pairing setup code", () => {
           customBindHost: "gateway.local",
           auth: {
             mode: "password",
-            password: { source: "env", provider: "default", id: "GW_PASSWORD" },
-          },
-        },
-        secrets: {
-          providers: {
-            default: { source: "env" },
+            password: gatewayPasswordSecretRef,
           },
         },
+        ...defaultEnvSecretProviderConfig,
       },
       {
         env: {
@@ -85,12 +130,7 @@ describe("pairing setup code", () => {
       },
     );
 
-    expect(resolved.ok).toBe(true);
-    if (!resolved.ok) {
-      throw new Error("expected setup resolution to succeed");
-    }
-    expect(resolved.payload.bootstrapToken).toBe("bootstrap-123");
-    expect(resolved.authLabel).toBe("password");
+    expectResolvedSetupOk(resolved, { authLabel: "password" });
   });
 
   it("uses OPENCLAW_GATEWAY_PASSWORD without resolving configured password SecretRef", async () => {
@@ -104,11 +144,7 @@ describe("pairing setup code", () => {
             password: { source: "env", provider: "default", id: "MISSING_GW_PASSWORD" },
           },
         },
-        secrets: {
-          providers: {
-            default: { source: "env" },
-          },
-        },
+        ...defaultEnvSecretProviderConfig,
       },
       {
         env: {
@@ -117,12 +153,7 @@ describe("pairing setup code", () => {
       },
     );
 
-    expect(resolved.ok).toBe(true);
-    if (!resolved.ok) {
-      throw new Error("expected setup resolution to succeed");
-    }
-    expect(resolved.payload.bootstrapToken).toBe("bootstrap-123");
-    expect(resolved.authLabel).toBe("password");
+    expectResolvedSetupOk(resolved, { authLabel: "password" });
   });
 
   it("does not resolve gateway.auth.password SecretRef in token mode", async () => {
@@ -137,23 +168,14 @@ describe("pairing setup code", () => {
             password: { source: "env", provider: "missing", id: "GW_PASSWORD" },
           },
         },
-        secrets: {
-          providers: {
-            default: { source: "env" },
-          },
-        },
+        ...defaultEnvSecretProviderConfig,
       },
       {
         env: {},
       },
     );
 
-    expect(resolved.ok).toBe(true);
-    if (!resolved.ok) {
-      throw new Error("expected setup resolution to succeed");
-    }
-    expect(resolved.authLabel).toBe("token");
-    expect(resolved.payload.bootstrapToken).toBe("bootstrap-123");
+    expectResolvedSetupOk(resolved, { authLabel: "token" });
   });
 
   it("resolves gateway.auth.token SecretRef for pairing payload", async () => {
@@ -167,11 +189,7 @@ describe("pairing setup code", () => {
             token: { source: "env", provider: "default", id: "GW_TOKEN" },
           },
         },
-        secrets: {
-          providers: {
-            default: { source: "env" },
-          },
-        },
+        ...defaultEnvSecretProviderConfig,
       },
       {
         env: {
@@ -180,12 +198,7 @@ describe("pairing setup code", () => {
       },
     );
 
-    expect(resolved.ok).toBe(true);
-    if (!resolved.ok) {
-      throw new Error("expected setup resolution to succeed");
-    }
-    expect(resolved.authLabel).toBe("token");
-    expect(resolved.payload.bootstrapToken).toBe("bootstrap-123");
+    expectResolvedSetupOk(resolved, { authLabel: "token" });
   });
 
   it("errors when gateway.auth.token SecretRef is unresolved in token mode", async () => {
@@ -197,14 +210,10 @@ describe("pairing setup code", () => {
             customBindHost: "gateway.local",
             auth: {
               mode: "token",
-              token: { source: "env", provider: "default", id: "MISSING_GW_TOKEN" },
-            },
-          },
-          secrets: {
-            providers: {
-              default: { source: "env" },
+              token: missingGatewayTokenSecretRef,
             },
           },
+          ...defaultEnvSecretProviderConfig,
         },
         {
           env: {},
@@ -221,11 +230,7 @@ describe("pairing setup code", () => {
           customBindHost: "gateway.local",
           auth: { token },
         },
-        secrets: {
-          providers: {
-            default: { source: "env" },
-          },
-        },
+        ...defaultEnvSecretProviderConfig,
       },
       {
         env: {
@@ -242,23 +247,13 @@ describe("pairing setup code", () => {
       id: "MISSING_GW_TOKEN",
     });
 
-    expect(resolved.ok).toBe(true);
-    if (!resolved.ok) {
-      throw new Error("expected setup resolution to succeed");
-    }
-    expect(resolved.authLabel).toBe("password");
-    expect(resolved.payload.bootstrapToken).toBe("bootstrap-123");
+    expectResolvedSetupOk(resolved, { authLabel: "password" });
   });
 
   it("does not treat env-template token as plaintext in inferred mode", async () => {
     const resolved = await resolveInferredModeWithPasswordEnv("${MISSING_GW_TOKEN}");
 
-    expect(resolved.ok).toBe(true);
-    if (!resolved.ok) {
-      throw new Error("expected setup resolution to succeed");
-    }
-    expect(resolved.authLabel).toBe("password");
-    expect(resolved.payload.bootstrapToken).toBe("bootstrap-123");
+    expectResolvedSetupOk(resolved, { authLabel: "password" });
   });
 
   it("requires explicit auth mode when token and password are both configured", async () => {
@@ -270,14 +265,10 @@ describe("pairing setup code", () => {
             customBindHost: "gateway.local",
             auth: {
               token: { source: "env", provider: "default", id: "GW_TOKEN" },
-              password: { source: "env", provider: "default", id: "GW_PASSWORD" },
-            },
-          },
-          secrets: {
-            providers: {
-              default: { source: "env" },
+              password: gatewayPasswordSecretRef,
             },
           },
+          ...defaultEnvSecretProviderConfig,
         },
         {
           env: {
@@ -297,15 +288,11 @@ describe("pairing setup code", () => {
             bind: "custom",
             customBindHost: "gateway.local",
             auth: {
-              token: { source: "env", provider: "default", id: "MISSING_GW_TOKEN" },
-              password: { source: "env", provider: "default", id: "GW_PASSWORD" },
-            },
-          },
-          secrets: {
-            providers: {
-              default: { source: "env" },
+              token: missingGatewayTokenSecretRef,
+              password: gatewayPasswordSecretRef,
             },
           },
+          ...defaultEnvSecretProviderConfig,
         },
         {
           env: {
@@ -332,11 +319,7 @@ describe("pairing setup code", () => {
       },
     );
 
-    expect(resolved.ok).toBe(true);
-    if (!resolved.ok) {
-      throw new Error("expected setup resolution to succeed");
-    }
-    expect(resolved.payload.bootstrapToken).toBe("bootstrap-123");
+    expectResolvedSetupOk(resolved, { authLabel: "token" });
   });
 
   it("errors when gateway is loopback only", async () => {
@@ -347,11 +330,7 @@ describe("pairing setup code", () => {
       },
     });
 
-    expect(resolved.ok).toBe(false);
-    if (resolved.ok) {
-      throw new Error("expected setup resolution to fail");
-    }
-    expect(resolved.error).toContain("only bound to loopback");
+    expectResolvedSetupError(resolved, "only bound to loopback");
   });
 
   it("uses tailscale serve DNS when available", async () => {
diff --git a/src/plugin-sdk/bluebubbles.ts b/src/plugin-sdk/bluebubbles.ts
index 7b01eec368b..02619206fce 100644
--- a/src/plugin-sdk/bluebubbles.ts
+++ b/src/plugin-sdk/bluebubbles.ts
@@ -68,13 +68,13 @@ export {
 export { buildSecretInputSchema } from "./secret-input-schema.js";
 export { ToolPolicySchema } from "../config/zod-schema.agent-runtime.js";
 export { MarkdownConfigSchema } from "../config/zod-schema.core.js";
-export type { ParsedChatTarget } from "../imessage/target-parsing-helpers.js";
+export type { ParsedChatTarget } from "../../extensions/imessage/src/target-parsing-helpers.js";
 export {
   parseChatAllowTargetPrefixes,
   parseChatTargetPrefixesOrThrow,
   resolveServicePrefixedAllowTarget,
   resolveServicePrefixedTarget,
-} from "../imessage/target-parsing-helpers.js";
+} from "../../extensions/imessage/src/target-parsing-helpers.js";
 export { stripMarkdown } from "../line/markdown-to-line.js";
 export { parseFiniteNumber } from "../infra/parse-finite-number.js";
 export { emptyPluginConfigSchema } from "../plugins/config-schema.js";
diff --git a/src/plugin-sdk/channel-config-helpers.ts b/src/plugin-sdk/channel-config-helpers.ts
index a0e9f25f3d8..ccd5de7a31a 100644
--- a/src/plugin-sdk/channel-config-helpers.ts
+++ b/src/plugin-sdk/channel-config-helpers.ts
@@ -1,3 +1,5 @@
+import { resolveIMessageAccount } from "../../extensions/imessage/src/accounts.js";
+import { resolveWhatsAppAccount } from "../../extensions/whatsapp/src/accounts.js";
 import {
   deleteAccountFromConfigSection,
   setAccountEnabledInConfigSection,
@@ -6,10 +8,8 @@ import { buildAccountScopedDmSecurityPolicy } from "../channels/plugins/helpers.
 import { normalizeWhatsAppAllowFromEntries } from "../channels/plugins/normalize/whatsapp.js";
 import type { ChannelConfigAdapter } from "../channels/plugins/types.adapters.js";
 import type { OpenClawConfig } from "../config/config.js";
-import { resolveIMessageAccount } from "../imessage/accounts.js";
 import { normalizeAccountId } from "../routing/session-key.js";
 import { normalizeStringEntries } from "../shared/string-normalization.js";
-import { resolveWhatsAppAccount } from "../web/accounts.js";
 
 export function mapAllowFromEntries(
   allowFrom: Array<string | number> | null | undefined,
diff --git a/src/plugin-sdk/core.ts b/src/plugin-sdk/core.ts
index 2a14be3b3ce..671071ebc6f 100644
--- a/src/plugin-sdk/core.ts
+++ b/src/plugin-sdk/core.ts
@@ -17,7 +17,9 @@ export { buildOauthProviderAuthResult } from "./provider-auth-result.js";
 export {
   applyProviderDefaultModel,
   configureOpenAICompatibleSelfHostedProviderNonInteractive,
+  discoverOpenAICompatibleSelfHostedProvider,
   promptAndConfigureOpenAICompatibleSelfHostedProvider,
+  promptAndConfigureOpenAICompatibleSelfHostedProviderAuth,
   SELF_HOSTED_DEFAULT_CONTEXT_WINDOW,
   SELF_HOSTED_DEFAULT_COST,
   SELF_HOSTED_DEFAULT_MAX_TOKENS,
diff --git a/src/plugin-sdk/discord-send.ts b/src/plugin-sdk/discord-send.ts
index 537ec5d7662..d3cdaf38a22 100644
--- a/src/plugin-sdk/discord-send.ts
+++ b/src/plugin-sdk/discord-send.ts
@@ -1,4 +1,4 @@
-import type { DiscordSendResult } from "../discord/send.types.js";
+import type { DiscordSendResult } from "../../extensions/discord/src/send.types.js";
 
 type DiscordSendOptionInput = {
   replyToId?: string | null;
diff --git a/src/plugin-sdk/discord.ts b/src/plugin-sdk/discord.ts
index 458bebabdc5..5b4897f46e9 100644
--- a/src/plugin-sdk/discord.ts
+++ b/src/plugin-sdk/discord.ts
@@ -1,15 +1,15 @@
 export type { ChannelMessageActionAdapter } from "../channels/plugins/types.js";
 export type { OpenClawConfig } from "../config/config.js";
-export type { InspectedDiscordAccount } from "../discord/account-inspect.js";
-export type { ResolvedDiscordAccount } from "../discord/accounts.js";
+export type { InspectedDiscordAccount } from "../../extensions/discord/src/account-inspect.js";
+export type { ResolvedDiscordAccount } from "../../extensions/discord/src/accounts.js";
 export * from "./channel-plugin-common.js";
 
 export {
   listDiscordAccountIds,
   resolveDefaultDiscordAccountId,
   resolveDiscordAccount,
-} from "../discord/accounts.js";
-export { inspectDiscordAccount } from "../discord/account-inspect.js";
+} from "../../extensions/discord/src/accounts.js";
+export { inspectDiscordAccount } from "../../extensions/discord/src/account-inspect.js";
 export {
   projectCredentialSnapshotFields,
   resolveConfiguredFromCredentialStatuses,
@@ -23,7 +23,7 @@ export {
   normalizeDiscordMessagingTarget,
   normalizeDiscordOutboundTarget,
 } from "../channels/plugins/normalize/discord.js";
-export { collectDiscordAuditChannelIds } from "../discord/audit.js";
+export { collectDiscordAuditChannelIds } from "../../extensions/discord/src/audit.js";
 export { collectDiscordStatusIssues } from "../channels/plugins/status-issues/discord.js";
 
 export {
@@ -41,7 +41,7 @@ export {
   autoBindSpawnedDiscordSubagent,
   listThreadBindingsBySessionKey,
   unbindThreadBindingsBySessionKey,
-} from "../discord/monitor/thread-bindings.js";
+} from "../../extensions/discord/src/monitor/thread-bindings.js";
 
 export {
   buildComputedAccountStatusSnapshot,
diff --git a/src/plugin-sdk/imessage.ts b/src/plugin-sdk/imessage.ts
index dd181fee26c..4c3160e95cb 100644
--- a/src/plugin-sdk/imessage.ts
+++ b/src/plugin-sdk/imessage.ts
@@ -1,10 +1,10 @@
-export type { ResolvedIMessageAccount } from "../imessage/accounts.js";
+export type { ResolvedIMessageAccount } from "../../extensions/imessage/src/accounts.js";
 export * from "./channel-plugin-common.js";
 export {
   listIMessageAccountIds,
   resolveDefaultIMessageAccountId,
   resolveIMessageAccount,
-} from "../imessage/accounts.js";
+} from "../../extensions/imessage/src/accounts.js";
 export {
   formatTrimmedAllowFromEntries,
   resolveIMessageConfigAllowFrom,
diff --git a/src/plugin-sdk/index.ts b/src/plugin-sdk/index.ts
index e734b79ec3f..eaae5d08968 100644
--- a/src/plugin-sdk/index.ts
+++ b/src/plugin-sdk/index.ts
@@ -65,12 +65,12 @@ export type {
   ThreadBindingManager,
   ThreadBindingRecord,
   ThreadBindingTargetKind,
-} from "../discord/monitor/thread-bindings.js";
+} from "../../extensions/discord/src/monitor/thread-bindings.js";
 export {
   autoBindSpawnedDiscordSubagent,
   listThreadBindingsBySessionKey,
   unbindThreadBindingsBySessionKey,
-} from "../discord/monitor/thread-bindings.js";
+} from "../../extensions/discord/src/monitor/thread-bindings.js";
 export type {
   AcpRuntimeCapabilities,
   AcpRuntimeControl,
@@ -651,10 +651,10 @@ export {
   resolveDefaultDiscordAccountId,
   resolveDiscordAccount,
   type ResolvedDiscordAccount,
-} from "../discord/accounts.js";
-export { inspectDiscordAccount } from "../discord/account-inspect.js";
-export type { InspectedDiscordAccount } from "../discord/account-inspect.js";
-export { collectDiscordAuditChannelIds } from "../discord/audit.js";
+} from "../../extensions/discord/src/accounts.js";
+export { inspectDiscordAccount } from "../../extensions/discord/src/account-inspect.js";
+export type { InspectedDiscordAccount } from "../../extensions/discord/src/account-inspect.js";
+export { collectDiscordAuditChannelIds } from "../../extensions/discord/src/audit.js";
 export { discordOnboardingAdapter } from "../channels/plugins/onboarding/discord.js";
 export {
   looksLikeDiscordTargetId,
@@ -669,7 +669,7 @@ export {
   resolveDefaultIMessageAccountId,
   resolveIMessageAccount,
   type ResolvedIMessageAccount,
-} from "../imessage/accounts.js";
+} from "../../extensions/imessage/src/accounts.js";
 export { imessageOnboardingAdapter } from "../channels/plugins/onboarding/imessage.js";
 export {
   looksLikeIMessageTargetId,
@@ -683,11 +683,11 @@ export {
   resolveServicePrefixedAllowTarget,
   resolveServicePrefixedOrChatAllowTarget,
   resolveServicePrefixedTarget,
-} from "../imessage/target-parsing-helpers.js";
+} from "../../extensions/imessage/src/target-parsing-helpers.js";
 export type {
   ChatSenderAllowParams,
   ParsedChatTarget,
-} from "../imessage/target-parsing-helpers.js";
+} from "../../extensions/imessage/src/target-parsing-helpers.js";
 
 // Channel: Slack
 export {
@@ -697,16 +697,19 @@ export {
   resolveSlackAccount,
   resolveSlackReplyToMode,
   type ResolvedSlackAccount,
-} from "../slack/accounts.js";
-export { inspectSlackAccount } from "../slack/account-inspect.js";
-export type { InspectedSlackAccount } from "../slack/account-inspect.js";
-export { extractSlackToolSend, listSlackMessageActions } from "../slack/message-actions.js";
+} from "../../extensions/slack/src/accounts.js";
+export { inspectSlackAccount } from "../../extensions/slack/src/account-inspect.js";
+export type { InspectedSlackAccount } from "../../extensions/slack/src/account-inspect.js";
+export {
+  extractSlackToolSend,
+  listSlackMessageActions,
+} from "../../extensions/slack/src/message-actions.js";
 export { slackOnboardingAdapter } from "../channels/plugins/onboarding/slack.js";
 export {
   looksLikeSlackTargetId,
   normalizeSlackMessagingTarget,
 } from "../channels/plugins/normalize/slack.js";
-export { buildSlackThreadingToolContext } from "../slack/threading-tool-context.js";
+export { buildSlackThreadingToolContext } from "../../extensions/slack/src/threading-tool-context.js";
 
 // Channel: Telegram
 export {
@@ -714,9 +717,9 @@ export {
   resolveDefaultTelegramAccountId,
   resolveTelegramAccount,
   type ResolvedTelegramAccount,
-} from "../telegram/accounts.js";
-export { inspectTelegramAccount } from "../telegram/account-inspect.js";
-export type { InspectedTelegramAccount } from "../telegram/account-inspect.js";
+} from "../../extensions/telegram/src/accounts.js";
+export { inspectTelegramAccount } from "../../extensions/telegram/src/account-inspect.js";
+export type { InspectedTelegramAccount } from "../../extensions/telegram/src/account-inspect.js";
 export { telegramOnboardingAdapter } from "../channels/plugins/onboarding/telegram.js";
 export {
   looksLikeTelegramTargetId,
@@ -726,8 +729,8 @@ export { collectTelegramStatusIssues } from "../channels/plugins/status-issues/t
 export {
   parseTelegramReplyToMessageId,
   parseTelegramThreadId,
-} from "../telegram/outbound-params.js";
-export { type TelegramProbe } from "../telegram/probe.js";
+} from "../../extensions/telegram/src/outbound-params.js";
+export { type TelegramProbe } from "../../extensions/telegram/src/probe.js";
 
 // Channel: Signal
 export {
@@ -735,34 +738,16 @@ export {
   resolveDefaultSignalAccountId,
   resolveSignalAccount,
   type ResolvedSignalAccount,
-} from "../signal/accounts.js";
+} from "../../extensions/signal/src/accounts.js";
 export { signalOnboardingAdapter } from "../channels/plugins/onboarding/signal.js";
 export {
   looksLikeSignalTargetId,
   normalizeSignalMessagingTarget,
 } from "../channels/plugins/normalize/signal.js";
 
-// Channel: WhatsApp
-export {
-  listWhatsAppAccountIds,
-  resolveDefaultWhatsAppAccountId,
-  resolveWhatsAppAccount,
-  type ResolvedWhatsAppAccount,
-} from "../web/accounts.js";
+// Channel: WhatsApp — WhatsApp-specific exports moved to extensions/whatsapp/src/
 export { isWhatsAppGroupJid, normalizeWhatsAppTarget } from "../whatsapp/normalize.js";
 export { resolveWhatsAppOutboundTarget } from "../whatsapp/resolve-outbound-target.js";
-export { whatsappOnboardingAdapter } from "../channels/plugins/onboarding/whatsapp.js";
-export { resolveWhatsAppHeartbeatRecipients } from "../channels/plugins/whatsapp-heartbeat.js";
-export {
-  looksLikeWhatsAppTargetId,
-  normalizeWhatsAppAllowFromEntries,
-  normalizeWhatsAppMessagingTarget,
-} from "../channels/plugins/normalize/whatsapp.js";
-export {
-  resolveWhatsAppGroupIntroHint,
-  resolveWhatsAppMentionStripPatterns,
-} from "../channels/plugins/whatsapp-shared.js";
-export { collectWhatsAppStatusIssues } from "../channels/plugins/status-issues/whatsapp.js";
 
 // Channel: BlueBubbles
 export { collectBlueBubblesStatusIssues } from "../channels/plugins/status-issues/bluebubbles.js";
@@ -798,7 +783,7 @@ export {
 export type { ProcessedLineMessage } from "../line/markdown-to-line.js";
 
 // Media utilities
-export { loadWebMedia, type WebMediaResult } from "../web/media.js";
+export { loadWebMedia, type WebMediaResult } from "../../extensions/whatsapp/src/media.js";
 
 // Context engine
 export type {
diff --git a/src/plugin-sdk/irc.ts b/src/plugin-sdk/irc.ts
index 7b2e6d07c8a..2ef8602421f 100644
--- a/src/plugin-sdk/irc.ts
+++ b/src/plugin-sdk/irc.ts
@@ -9,7 +9,10 @@ export {
 } from "../channels/plugins/config-helpers.js";
 export { createAccountListHelpers } from "../channels/plugins/account-helpers.js";
 export { buildChannelConfigSchema } from "../channels/plugins/config-schema.js";
-export { formatPairingApproveHint } from "../channels/plugins/helpers.js";
+export {
+  formatPairingApproveHint,
+  parseOptionalDelimitedEntries,
+} from "../channels/plugins/helpers.js";
 export type {
   ChannelOnboardingAdapter,
   ChannelOnboardingDmPolicy,
diff --git a/src/plugin-sdk/matrix.ts b/src/plugin-sdk/matrix.ts
index 577a690a4cb..ba4cad93a92 100644
--- a/src/plugin-sdk/matrix.ts
+++ b/src/plugin-sdk/matrix.ts
@@ -11,6 +11,7 @@ export {
 export type { ReplyPayload } from "../auto-reply/types.js";
 export {
   compileAllowlist,
+  resolveCompiledAllowlistMatch,
   resolveAllowlistCandidates,
   resolveAllowlistMatchByCandidates,
 } from "../channels/allowlist-match.js";
diff --git a/src/plugin-sdk/msteams.ts b/src/plugin-sdk/msteams.ts
index 90d5ee1b1ac..b73aec7c779 100644
--- a/src/plugin-sdk/msteams.ts
+++ b/src/plugin-sdk/msteams.ts
@@ -12,7 +12,10 @@ export {
 export { isSilentReplyText, SILENT_REPLY_TOKEN } from "../auto-reply/tokens.js";
 export type { ReplyPayload } from "../auto-reply/types.js";
 export { mergeAllowlist, summarizeMapping } from "../channels/allowlists/resolve-utils.js";
-export { resolveControlCommandGate } from "../channels/command-gating.js";
+export {
+  resolveControlCommandGate,
+  resolveDualTextControlCommandGate,
+} from "../channels/command-gating.js";
 export { logInboundDrop, logTypingFailure } from "../channels/logging.js";
 export { resolveMentionGating } from "../channels/mention-gating.js";
 export type { AllowlistMatch } from "../channels/plugins/allowlist-match.js";
@@ -98,7 +101,7 @@ export {
 } from "./group-access.js";
 export { formatDocsLink } from "../terminal/links.js";
 export { sleep } from "../utils.js";
-export { loadWebMedia } from "../web/media.js";
+export { loadWebMedia } from "../../extensions/whatsapp/src/media.js";
 export type { WizardPrompter } from "../wizard/prompts.js";
 export { keepHttpServerTaskAlive } from "./channel-lifecycle.js";
 export { withFileLock } from "./file-lock.js";
diff --git a/src/plugin-sdk/outbound-media.test.ts b/src/plugin-sdk/outbound-media.test.ts
index bb1ef547973..bc56f2e6ea4 100644
--- a/src/plugin-sdk/outbound-media.test.ts
+++ b/src/plugin-sdk/outbound-media.test.ts
@@ -3,7 +3,7 @@ import { loadOutboundMediaFromUrl } from "./outbound-media.js";
 
 const loadWebMediaMock = vi.hoisted(() => vi.fn());
 
-vi.mock("../web/media.js", () => ({
+vi.mock("../../extensions/whatsapp/src/media.js", () => ({
   loadWebMedia: loadWebMediaMock,
 }));
 
diff --git a/src/plugin-sdk/outbound-media.ts b/src/plugin-sdk/outbound-media.ts
index 49e8b92f681..b1e89b17866 100644
--- a/src/plugin-sdk/outbound-media.ts
+++ b/src/plugin-sdk/outbound-media.ts
@@ -1,4 +1,4 @@
-import { loadWebMedia } from "../web/media.js";
+import { loadWebMedia } from "../../extensions/whatsapp/src/media.js";
 
 export type OutboundMediaLoadOptions = {
   maxBytes?: number;
diff --git a/src/plugin-sdk/signal.ts b/src/plugin-sdk/signal.ts
index 32f291913a5..d8be4ddc9e4 100644
--- a/src/plugin-sdk/signal.ts
+++ b/src/plugin-sdk/signal.ts
@@ -1,11 +1,11 @@
 export type { ChannelMessageActionAdapter } from "../channels/plugins/types.js";
-export type { ResolvedSignalAccount } from "../signal/accounts.js";
+export type { ResolvedSignalAccount } from "../../extensions/signal/src/accounts.js";
 export * from "./channel-plugin-common.js";
 export {
   listSignalAccountIds,
   resolveDefaultSignalAccountId,
   resolveSignalAccount,
-} from "../signal/accounts.js";
+} from "../../extensions/signal/src/accounts.js";
 export {
   looksLikeSignalTargetId,
   normalizeSignalMessagingTarget,
diff --git a/src/plugin-sdk/slack-message-actions.ts b/src/plugin-sdk/slack-message-actions.ts
index d9e0fa333a5..5470be86df1 100644
--- a/src/plugin-sdk/slack-message-actions.ts
+++ b/src/plugin-sdk/slack-message-actions.ts
@@ -1,7 +1,7 @@
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
+import { parseSlackBlocksInput } from "../../extensions/slack/src/blocks-input.js";
 import { readNumberParam, readStringParam } from "../agents/tools/common.js";
 import type { ChannelMessageActionContext } from "../channels/plugins/types.js";
-import { parseSlackBlocksInput } from "../slack/blocks-input.js";
 
 type SlackActionInvoke = (
   action: Record<string, unknown>,
diff --git a/src/plugin-sdk/slack.ts b/src/plugin-sdk/slack.ts
index c3aabde6fe2..740a0fabef0 100644
--- a/src/plugin-sdk/slack.ts
+++ b/src/plugin-sdk/slack.ts
@@ -1,15 +1,15 @@
 export type { OpenClawConfig } from "../config/config.js";
-export type { InspectedSlackAccount } from "../slack/account-inspect.js";
-export type { ResolvedSlackAccount } from "../slack/accounts.js";
+export type { InspectedSlackAccount } from "../../extensions/slack/src/account-inspect.js";
+export type { ResolvedSlackAccount } from "../../extensions/slack/src/accounts.js";
 export * from "./channel-plugin-common.js";
 export {
   listSlackAccountIds,
   resolveDefaultSlackAccountId,
   resolveSlackAccount,
   resolveSlackReplyToMode,
-} from "../slack/accounts.js";
-export { isSlackInteractiveRepliesEnabled } from "../slack/interactive-replies.js";
-export { inspectSlackAccount } from "../slack/account-inspect.js";
+} from "../../extensions/slack/src/accounts.js";
+export { isSlackInteractiveRepliesEnabled } from "../../extensions/slack/src/interactive-replies.js";
+export { inspectSlackAccount } from "../../extensions/slack/src/account-inspect.js";
 export {
   projectCredentialSnapshotFields,
   resolveConfiguredFromCredentialStatuses,
@@ -23,8 +23,11 @@ export {
   looksLikeSlackTargetId,
   normalizeSlackMessagingTarget,
 } from "../channels/plugins/normalize/slack.js";
-export { extractSlackToolSend, listSlackMessageActions } from "../slack/message-actions.js";
-export { buildSlackThreadingToolContext } from "../slack/threading-tool-context.js";
+export {
+  extractSlackToolSend,
+  listSlackMessageActions,
+} from "../../extensions/slack/src/message-actions.js";
+export { buildSlackThreadingToolContext } from "../../extensions/slack/src/threading-tool-context.js";
 export { buildComputedAccountStatusSnapshot } from "./status-helpers.js";
 
 export {
diff --git a/src/plugin-sdk/subpaths.test.ts b/src/plugin-sdk/subpaths.test.ts
index ccdcd1eeb5e..ce66f789857 100644
--- a/src/plugin-sdk/subpaths.test.ts
+++ b/src/plugin-sdk/subpaths.test.ts
@@ -84,8 +84,9 @@ describe("plugin-sdk subpath exports", () => {
   });
 
   it("exports WhatsApp helpers", () => {
-    expect(typeof whatsappSdk.resolveWhatsAppAccount).toBe("function");
-    expect(typeof whatsappSdk.whatsappOnboardingAdapter).toBe("object");
+    // WhatsApp-specific functions (resolveWhatsAppAccount, whatsappOnboardingAdapter) moved to extensions/whatsapp/src/
+    expect(typeof whatsappSdk.WhatsAppConfigSchema).toBe("object");
+    expect(typeof whatsappSdk.resolveWhatsAppOutboundTarget).toBe("function");
   });
 
   it("exports LINE helpers", () => {
diff --git a/src/plugin-sdk/telegram.ts b/src/plugin-sdk/telegram.ts
index cdbfc317208..d816ca4125d 100644
--- a/src/plugin-sdk/telegram.ts
+++ b/src/plugin-sdk/telegram.ts
@@ -7,9 +7,9 @@ export type { ChannelPlugin } from "../channels/plugins/types.plugin.js";
 export type { OpenClawConfig } from "../config/config.js";
 export type { PluginRuntime } from "../plugins/runtime/types.js";
 export type { OpenClawPluginApi } from "../plugins/types.js";
-export type { InspectedTelegramAccount } from "../telegram/account-inspect.js";
-export type { ResolvedTelegramAccount } from "../telegram/accounts.js";
-export type { TelegramProbe } from "../telegram/probe.js";
+export type { InspectedTelegramAccount } from "../../extensions/telegram/src/account-inspect.js";
+export type { ResolvedTelegramAccount } from "../../extensions/telegram/src/accounts.js";
+export type { TelegramProbe } from "../../extensions/telegram/src/probe.js";
 
 export { emptyPluginConfigSchema } from "../plugins/config-schema.js";
 
@@ -34,8 +34,8 @@ export {
   listTelegramAccountIds,
   resolveDefaultTelegramAccountId,
   resolveTelegramAccount,
-} from "../telegram/accounts.js";
-export { inspectTelegramAccount } from "../telegram/account-inspect.js";
+} from "../../extensions/telegram/src/accounts.js";
+export { inspectTelegramAccount } from "../../extensions/telegram/src/account-inspect.js";
 export {
   projectCredentialSnapshotFields,
   resolveConfiguredFromCredentialStatuses,
@@ -51,7 +51,7 @@ export {
 export {
   parseTelegramReplyToMessageId,
   parseTelegramThreadId,
-} from "../telegram/outbound-params.js";
+} from "../../extensions/telegram/src/outbound-params.js";
 export { collectTelegramStatusIssues } from "../channels/plugins/status-issues/telegram.js";
 export { sendTelegramPayloadMessages } from "../channels/plugins/outbound/telegram.js";
 
diff --git a/src/plugin-sdk/whatsapp.ts b/src/plugin-sdk/whatsapp.ts
index 20869bbdce8..0227322f868 100644
--- a/src/plugin-sdk/whatsapp.ts
+++ b/src/plugin-sdk/whatsapp.ts
@@ -1,7 +1,6 @@
 export type { ChannelMessageActionName } from "../channels/plugins/types.js";
 export type { ChannelPlugin } from "../channels/plugins/types.plugin.js";
 export type { OpenClawConfig } from "../config/config.js";
-export type { ResolvedWhatsAppAccount } from "../web/accounts.js";
 export type { PluginRuntime } from "../plugins/runtime/types.js";
 export type { OpenClawPluginApi } from "../plugins/types.js";
 
@@ -17,11 +16,6 @@ export { buildChannelConfigSchema } from "../channels/plugins/config-schema.js";
 export { formatPairingApproveHint } from "../channels/plugins/helpers.js";
 
 export { getChatChannelMeta } from "../channels/registry.js";
-export {
-  listWhatsAppAccountIds,
-  resolveDefaultWhatsAppAccountId,
-  resolveWhatsAppAccount,
-} from "../web/accounts.js";
 export {
   formatWhatsAppConfigAllowFromEntries,
   resolveWhatsAppConfigAllowFrom,
@@ -31,10 +25,6 @@ export {
   listWhatsAppDirectoryGroupsFromConfig,
   listWhatsAppDirectoryPeersFromConfig,
 } from "../channels/plugins/directory-config.js";
-export {
-  looksLikeWhatsAppTargetId,
-  normalizeWhatsAppMessagingTarget,
-} from "../channels/plugins/normalize/whatsapp.js";
 export { resolveWhatsAppOutboundTarget } from "../whatsapp/resolve-outbound-target.js";
 
 export {
@@ -46,12 +36,11 @@ export {
   resolveWhatsAppGroupToolPolicy,
 } from "../channels/plugins/group-mentions.js";
 export {
+  createWhatsAppOutboundBase,
   resolveWhatsAppGroupIntroHint,
   resolveWhatsAppMentionStripPatterns,
 } from "../channels/plugins/whatsapp-shared.js";
 export { resolveWhatsAppHeartbeatRecipients } from "../channels/plugins/whatsapp-heartbeat.js";
-export { whatsappOnboardingAdapter } from "../channels/plugins/onboarding/whatsapp.js";
-export { collectWhatsAppStatusIssues } from "../channels/plugins/status-issues/whatsapp.js";
 export { WhatsAppConfigSchema } from "../config/zod-schema.providers-whatsapp.js";
 
 export { createActionGate, readStringParam } from "../agents/tools/common.js";
diff --git a/src/plugins/commands.ts b/src/plugins/commands.ts
index f0ec39539c8..00e4b3b34ae 100644
--- a/src/plugins/commands.ts
+++ b/src/plugins/commands.ts
@@ -37,6 +37,7 @@ const RESERVED_COMMANDS = new Set([
   "status",
   "whoami",
   "context",
+  "btw",
   // Session management
   "stop",
   "restart",
diff --git a/src/plugins/discovery.test.ts b/src/plugins/discovery.test.ts
index 3b10146d28f..1069c223b1e 100644
--- a/src/plugins/discovery.test.ts
+++ b/src/plugins/discovery.test.ts
@@ -1,6 +1,6 @@
 import fs from "node:fs";
 import path from "node:path";
-import { afterAll, afterEach, describe, expect, it } from "vitest";
+import { afterEach, describe, expect, it } from "vitest";
 import { clearPluginDiscoveryCache, discoverOpenClawPlugins } from "./discovery.js";
 import {
   cleanupTrackedTempDirs,
@@ -9,7 +9,6 @@ import {
 } from "./test-helpers/fs-fixtures.js";
 
 const tempDirs: string[] = [];
-const previousUmask = process.umask(0o022);
 
 function makeTempDir() {
   return makeTrackedTempDir("openclaw-plugins", tempDirs);
@@ -59,10 +58,6 @@ afterEach(() => {
   cleanupTrackedTempDirs(tempDirs);
 });
 
-afterAll(() => {
-  process.umask(previousUmask);
-});
-
 describe("discoverOpenClawPlugins", () => {
   it("discovers global and workspace extensions", async () => {
     const stateDir = makeTempDir();
diff --git a/src/plugins/loader.test.ts b/src/plugins/loader.test.ts
index 20d3fb22287..6be4992821c 100644
--- a/src/plugins/loader.test.ts
+++ b/src/plugins/loader.test.ts
@@ -34,7 +34,6 @@ const {
   loadOpenClawPlugins,
   resetGlobalHookRunner,
 } = await importFreshPluginTestModules();
-const previousUmask = process.umask(0o022);
 
 type TempPlugin = { dir: string; file: string; id: string };
 
@@ -300,7 +299,6 @@ afterAll(() => {
   } catch {
     // ignore cleanup failures
   } finally {
-    process.umask(previousUmask);
     cachedBundledTelegramDir = "";
     cachedBundledMemoryDir = "";
   }
@@ -825,6 +823,37 @@ describe("loadOpenClawPlugins", () => {
     expect(registry.diagnostics.some((d) => d.level === "error")).toBe(true);
   });
 
+  it("fails when plugin export id mismatches manifest id", () => {
+    useNoBundledPlugins();
+    const plugin = writePlugin({
+      id: "manifest-id",
+      filename: "manifest-id.cjs",
+      body: `module.exports = { id: "export-id", register() {} };`,
+    });
+
+    const registry = loadRegistryFromSinglePlugin({
+      plugin,
+      pluginConfig: {
+        allow: ["manifest-id"],
+      },
+    });
+
+    const loaded = registry.plugins.find((entry) => entry.id === "manifest-id");
+    expect(loaded?.status).toBe("error");
+    expect(loaded?.error).toBe(
+      'plugin id mismatch (config uses "manifest-id", export uses "export-id")',
+    );
+    expect(
+      registry.diagnostics.some(
+        (entry) =>
+          entry.level === "error" &&
+          entry.pluginId === "manifest-id" &&
+          entry.message ===
+            'plugin id mismatch (config uses "manifest-id", export uses "export-id")',
+      ),
+    ).toBe(true);
+  });
+
   it("registers channel plugins", () => {
     useNoBundledPlugins();
     const plugin = writePlugin({
@@ -863,6 +892,69 @@ describe("loadOpenClawPlugins", () => {
     expect(channel).toBeDefined();
   });
 
+  it("rejects duplicate channel ids during plugin registration", () => {
+    useNoBundledPlugins();
+    const plugin = writePlugin({
+      id: "channel-dup",
+      filename: "channel-dup.cjs",
+      body: `module.exports = { id: "channel-dup", register(api) {
+  api.registerChannel({
+    plugin: {
+      id: "demo",
+      meta: {
+        id: "demo",
+        label: "Demo Override",
+        selectionLabel: "Demo Override",
+        docsPath: "/channels/demo-override",
+        blurb: "override"
+      },
+      capabilities: { chatTypes: ["direct"] },
+      config: {
+        listAccountIds: () => [],
+        resolveAccount: () => ({ accountId: "default" })
+      },
+      outbound: { deliveryMode: "direct" }
+    }
+  });
+  api.registerChannel({
+    plugin: {
+      id: "demo",
+      meta: {
+        id: "demo",
+        label: "Demo Duplicate",
+        selectionLabel: "Demo Duplicate",
+        docsPath: "/channels/demo-duplicate",
+        blurb: "duplicate"
+      },
+      capabilities: { chatTypes: ["direct"] },
+      config: {
+        listAccountIds: () => [],
+        resolveAccount: () => ({ accountId: "default" })
+      },
+      outbound: { deliveryMode: "direct" }
+    }
+  });
+} };`,
+    });
+
+    const registry = loadRegistryFromSinglePlugin({
+      plugin,
+      pluginConfig: {
+        allow: ["channel-dup"],
+      },
+    });
+
+    expect(registry.channels.filter((entry) => entry.plugin.id === "demo")).toHaveLength(1);
+    expect(
+      registry.diagnostics.some(
+        (entry) =>
+          entry.level === "error" &&
+          entry.pluginId === "channel-dup" &&
+          entry.message === "channel already registered: demo (channel-dup)",
+      ),
+    ).toBe(true);
+  });
+
   it("registers http routes with auth and match options", () => {
     useNoBundledPlugins();
     const plugin = writePlugin({
diff --git a/src/plugins/loader.ts b/src/plugins/loader.ts
index 75882a5105b..18c0b4bfee2 100644
--- a/src/plugins/loader.ts
+++ b/src/plugins/loader.ts
@@ -779,12 +779,10 @@ export function loadOpenClawPlugins(options: PluginLoadOptions = {}): PluginRegi
     const register = resolved.register;
 
     if (definition?.id && definition.id !== record.id) {
-      registry.diagnostics.push({
-        level: "warn",
-        pluginId: record.id,
-        source: record.source,
-        message: `plugin id mismatch (config uses "${record.id}", export uses "${definition.id}")`,
-      });
+      pushPluginLoadError(
+        `plugin id mismatch (config uses "${record.id}", export uses "${definition.id}")`,
+      );
+      continue;
     }
 
     record.name = definition?.name ?? record.name;
diff --git a/src/plugins/manifest-registry.test.ts b/src/plugins/manifest-registry.test.ts
index a948344cba8..3675dd56f5c 100644
--- a/src/plugins/manifest-registry.test.ts
+++ b/src/plugins/manifest-registry.test.ts
@@ -1,6 +1,6 @@
 import fs from "node:fs";
 import path from "node:path";
-import { afterAll, afterEach, describe, expect, it } from "vitest";
+import { afterEach, describe, expect, it } from "vitest";
 import type { PluginCandidate } from "./discovery.js";
 import {
   clearPluginManifestRegistryCache,
@@ -9,7 +9,6 @@ import {
 import { cleanupTrackedTempDirs, makeTrackedTempDir } from "./test-helpers/fs-fixtures.js";
 
 const tempDirs: string[] = [];
-const previousUmask = process.umask(0o022);
 
 function chmodSafeDir(dir: string) {
   if (process.platform === "win32") {
@@ -132,10 +131,6 @@ afterEach(() => {
   cleanupTrackedTempDirs(tempDirs);
 });
 
-afterAll(() => {
-  process.umask(previousUmask);
-});
-
 describe("loadPluginManifestRegistry", () => {
   it("emits duplicate warning for truly distinct plugins with same id", () => {
     const dirA = makeTempDir();
diff --git a/src/plugins/registry.ts b/src/plugins/registry.ts
index d45ff136a14..ca987dc8e79 100644
--- a/src/plugins/registry.ts
+++ b/src/plugins/registry.ts
@@ -419,6 +419,16 @@ export function createPluginRegistry(registryParams: PluginRegistryParams) {
       });
       return;
     }
+    const existing = registry.channels.find((entry) => entry.plugin.id === id);
+    if (existing) {
+      pushDiagnostic({
+        level: "error",
+        pluginId: record.id,
+        source: record.source,
+        message: `channel already registered: ${id} (${existing.pluginId})`,
+      });
+      return;
+    }
     record.channelIds.push(id);
     registry.channels.push({
       pluginId: record.id,
diff --git a/src/plugins/runtime/runtime-channel.ts b/src/plugins/runtime/runtime-channel.ts
index 13c87d70805..53a8f0ca936 100644
--- a/src/plugins/runtime/runtime-channel.ts
+++ b/src/plugins/runtime/runtime-channel.ts
@@ -1,3 +1,36 @@
+import { auditDiscordChannelPermissions } from "../../../extensions/discord/src/audit.js";
+import {
+  listDiscordDirectoryGroupsLive,
+  listDiscordDirectoryPeersLive,
+} from "../../../extensions/discord/src/directory-live.js";
+import { monitorDiscordProvider } from "../../../extensions/discord/src/monitor.js";
+import { probeDiscord } from "../../../extensions/discord/src/probe.js";
+import { resolveDiscordChannelAllowlist } from "../../../extensions/discord/src/resolve-channels.js";
+import { resolveDiscordUserAllowlist } from "../../../extensions/discord/src/resolve-users.js";
+import { sendMessageDiscord, sendPollDiscord } from "../../../extensions/discord/src/send.js";
+import { monitorIMessageProvider } from "../../../extensions/imessage/src/monitor.js";
+import { probeIMessage } from "../../../extensions/imessage/src/probe.js";
+import { sendMessageIMessage } from "../../../extensions/imessage/src/send.js";
+import { monitorSignalProvider } from "../../../extensions/signal/src/index.js";
+import { probeSignal } from "../../../extensions/signal/src/probe.js";
+import { sendMessageSignal } from "../../../extensions/signal/src/send.js";
+import {
+  listSlackDirectoryGroupsLive,
+  listSlackDirectoryPeersLive,
+} from "../../../extensions/slack/src/directory-live.js";
+import { monitorSlackProvider } from "../../../extensions/slack/src/index.js";
+import { probeSlack } from "../../../extensions/slack/src/probe.js";
+import { resolveSlackChannelAllowlist } from "../../../extensions/slack/src/resolve-channels.js";
+import { resolveSlackUserAllowlist } from "../../../extensions/slack/src/resolve-users.js";
+import { sendMessageSlack } from "../../../extensions/slack/src/send.js";
+import {
+  auditTelegramGroupMembership,
+  collectTelegramUnmentionedGroupIds,
+} from "../../../extensions/telegram/src/audit.js";
+import { monitorTelegramProvider } from "../../../extensions/telegram/src/monitor.js";
+import { probeTelegram } from "../../../extensions/telegram/src/probe.js";
+import { sendMessageTelegram, sendPollTelegram } from "../../../extensions/telegram/src/send.js";
+import { resolveTelegramToken } from "../../../extensions/telegram/src/token.js";
 import { resolveEffectiveMessagesConfig, resolveHumanDelayConfig } from "../../agents/identity.js";
 import { handleSlackAction } from "../../agents/tools/slack-actions.js";
 import {
@@ -51,19 +84,6 @@ import {
   resolveStorePath,
   updateLastRoute,
 } from "../../config/sessions.js";
-import { auditDiscordChannelPermissions } from "../../discord/audit.js";
-import {
-  listDiscordDirectoryGroupsLive,
-  listDiscordDirectoryPeersLive,
-} from "../../discord/directory-live.js";
-import { monitorDiscordProvider } from "../../discord/monitor.js";
-import { probeDiscord } from "../../discord/probe.js";
-import { resolveDiscordChannelAllowlist } from "../../discord/resolve-channels.js";
-import { resolveDiscordUserAllowlist } from "../../discord/resolve-users.js";
-import { sendMessageDiscord, sendPollDiscord } from "../../discord/send.js";
-import { monitorIMessageProvider } from "../../imessage/monitor.js";
-import { probeIMessage } from "../../imessage/probe.js";
-import { sendMessageIMessage } from "../../imessage/send.js";
 import { getChannelActivity, recordChannelActivity } from "../../infra/channel-activity.js";
 import {
   listLineAccountIds,
@@ -93,26 +113,6 @@ import {
   upsertChannelPairingRequest,
 } from "../../pairing/pairing-store.js";
 import { buildAgentSessionKey, resolveAgentRoute } from "../../routing/resolve-route.js";
-import { monitorSignalProvider } from "../../signal/index.js";
-import { probeSignal } from "../../signal/probe.js";
-import { sendMessageSignal } from "../../signal/send.js";
-import {
-  listSlackDirectoryGroupsLive,
-  listSlackDirectoryPeersLive,
-} from "../../slack/directory-live.js";
-import { monitorSlackProvider } from "../../slack/index.js";
-import { probeSlack } from "../../slack/probe.js";
-import { resolveSlackChannelAllowlist } from "../../slack/resolve-channels.js";
-import { resolveSlackUserAllowlist } from "../../slack/resolve-users.js";
-import { sendMessageSlack } from "../../slack/send.js";
-import {
-  auditTelegramGroupMembership,
-  collectTelegramUnmentionedGroupIds,
-} from "../../telegram/audit.js";
-import { monitorTelegramProvider } from "../../telegram/monitor.js";
-import { probeTelegram } from "../../telegram/probe.js";
-import { sendMessageTelegram, sendPollTelegram } from "../../telegram/send.js";
-import { resolveTelegramToken } from "../../telegram/token.js";
 import { createRuntimeWhatsApp } from "./runtime-whatsapp.js";
 import type { PluginRuntime } from "./types.js";
 
diff --git a/src/plugins/runtime/runtime-media.ts b/src/plugins/runtime/runtime-media.ts
index b52822e142b..90b28eea31e 100644
--- a/src/plugins/runtime/runtime-media.ts
+++ b/src/plugins/runtime/runtime-media.ts
@@ -1,8 +1,8 @@
+import { loadWebMedia } from "../../../extensions/whatsapp/src/media.js";
 import { isVoiceCompatibleAudio } from "../../media/audio.js";
 import { mediaKindFromMime } from "../../media/constants.js";
 import { getImageMetadata, resizeToJpeg } from "../../media/image-ops.js";
 import { detectMime } from "../../media/mime.js";
-import { loadWebMedia } from "../../web/media.js";
 import type { PluginRuntime } from "./types.js";
 
 export function createRuntimeMedia(): PluginRuntime["media"] {
diff --git a/src/plugins/runtime/runtime-whatsapp-login.runtime.ts b/src/plugins/runtime/runtime-whatsapp-login.runtime.ts
index eb38f5eda69..584b9d8d524 100644
--- a/src/plugins/runtime/runtime-whatsapp-login.runtime.ts
+++ b/src/plugins/runtime/runtime-whatsapp-login.runtime.ts
@@ -1 +1 @@
-export { loginWeb } from "../../web/login.js";
+export { loginWeb } from "../../../extensions/whatsapp/src/login.js";
diff --git a/src/plugins/runtime/runtime-whatsapp-outbound.runtime.ts b/src/plugins/runtime/runtime-whatsapp-outbound.runtime.ts
index e6be144c081..fca645e90b0 100644
--- a/src/plugins/runtime/runtime-whatsapp-outbound.runtime.ts
+++ b/src/plugins/runtime/runtime-whatsapp-outbound.runtime.ts
@@ -1 +1 @@
-export { sendMessageWhatsApp, sendPollWhatsApp } from "../../web/outbound.js";
+export { sendMessageWhatsApp, sendPollWhatsApp } from "../../../extensions/whatsapp/src/send.js";
diff --git a/src/plugins/runtime/runtime-whatsapp.ts b/src/plugins/runtime/runtime-whatsapp.ts
index cf7daa6daa9..20d36a936f0 100644
--- a/src/plugins/runtime/runtime-whatsapp.ts
+++ b/src/plugins/runtime/runtime-whatsapp.ts
@@ -1,12 +1,12 @@
-import { createWhatsAppLoginTool } from "../../channels/plugins/agent-tools/whatsapp-login.js";
-import { getActiveWebListener } from "../../web/active-listener.js";
+import { getActiveWebListener } from "../../../extensions/whatsapp/src/active-listener.js";
 import {
   getWebAuthAgeMs,
   logoutWeb,
   logWebSelfId,
   readWebSelfId,
   webAuthExists,
-} from "../../web/auth-store.js";
+} from "../../../extensions/whatsapp/src/auth-store.js";
+import { createWhatsAppLoginTool } from "../../channels/plugins/agent-tools/whatsapp-login.js";
 import type { PluginRuntime } from "./types.js";
 
 const sendMessageWhatsAppLazy: PluginRuntime["channel"]["whatsapp"]["sendMessageWhatsApp"] = async (
@@ -55,7 +55,9 @@ const handleWhatsAppActionLazy: PluginRuntime["channel"]["whatsapp"]["handleWhat
     return handleWhatsAppAction(...args);
   };
 
-let webLoginQrPromise: Promise<typeof import("../../web/login-qr.js")> | null = null;
+let webLoginQrPromise: Promise<
+  typeof import("../../../extensions/whatsapp/src/login-qr.js")
+> | null = null;
 let webChannelPromise: Promise<typeof import("../../channels/web/index.js")> | null = null;
 let webOutboundPromise: Promise<typeof import("./runtime-whatsapp-outbound.runtime.js")> | null =
   null;
@@ -75,7 +77,7 @@ function loadWebLogin() {
 }
 
 function loadWebLoginQr() {
-  webLoginQrPromise ??= import("../../web/login-qr.js");
+  webLoginQrPromise ??= import("../../../extensions/whatsapp/src/login-qr.js");
   return webLoginQrPromise;
 }
 
diff --git a/src/plugins/runtime/types-channel.ts b/src/plugins/runtime/types-channel.ts
index 0d1da0e24fd..bf2f2387d46 100644
--- a/src/plugins/runtime/types-channel.ts
+++ b/src/plugins/runtime/types-channel.ts
@@ -88,59 +88,59 @@ export type PluginRuntimeChannel = {
   };
   discord: {
     messageActions: typeof import("../../channels/plugins/actions/discord.js").discordMessageActions;
-    auditChannelPermissions: typeof import("../../discord/audit.js").auditDiscordChannelPermissions;
-    listDirectoryGroupsLive: typeof import("../../discord/directory-live.js").listDiscordDirectoryGroupsLive;
-    listDirectoryPeersLive: typeof import("../../discord/directory-live.js").listDiscordDirectoryPeersLive;
-    probeDiscord: typeof import("../../discord/probe.js").probeDiscord;
-    resolveChannelAllowlist: typeof import("../../discord/resolve-channels.js").resolveDiscordChannelAllowlist;
-    resolveUserAllowlist: typeof import("../../discord/resolve-users.js").resolveDiscordUserAllowlist;
-    sendMessageDiscord: typeof import("../../discord/send.js").sendMessageDiscord;
-    sendPollDiscord: typeof import("../../discord/send.js").sendPollDiscord;
-    monitorDiscordProvider: typeof import("../../discord/monitor.js").monitorDiscordProvider;
+    auditChannelPermissions: typeof import("../../../extensions/discord/src/audit.js").auditDiscordChannelPermissions;
+    listDirectoryGroupsLive: typeof import("../../../extensions/discord/src/directory-live.js").listDiscordDirectoryGroupsLive;
+    listDirectoryPeersLive: typeof import("../../../extensions/discord/src/directory-live.js").listDiscordDirectoryPeersLive;
+    probeDiscord: typeof import("../../../extensions/discord/src/probe.js").probeDiscord;
+    resolveChannelAllowlist: typeof import("../../../extensions/discord/src/resolve-channels.js").resolveDiscordChannelAllowlist;
+    resolveUserAllowlist: typeof import("../../../extensions/discord/src/resolve-users.js").resolveDiscordUserAllowlist;
+    sendMessageDiscord: typeof import("../../../extensions/discord/src/send.js").sendMessageDiscord;
+    sendPollDiscord: typeof import("../../../extensions/discord/src/send.js").sendPollDiscord;
+    monitorDiscordProvider: typeof import("../../../extensions/discord/src/monitor.js").monitorDiscordProvider;
   };
   slack: {
-    listDirectoryGroupsLive: typeof import("../../slack/directory-live.js").listSlackDirectoryGroupsLive;
-    listDirectoryPeersLive: typeof import("../../slack/directory-live.js").listSlackDirectoryPeersLive;
-    probeSlack: typeof import("../../slack/probe.js").probeSlack;
-    resolveChannelAllowlist: typeof import("../../slack/resolve-channels.js").resolveSlackChannelAllowlist;
-    resolveUserAllowlist: typeof import("../../slack/resolve-users.js").resolveSlackUserAllowlist;
-    sendMessageSlack: typeof import("../../slack/send.js").sendMessageSlack;
-    monitorSlackProvider: typeof import("../../slack/index.js").monitorSlackProvider;
+    listDirectoryGroupsLive: typeof import("../../../extensions/slack/src/directory-live.js").listSlackDirectoryGroupsLive;
+    listDirectoryPeersLive: typeof import("../../../extensions/slack/src/directory-live.js").listSlackDirectoryPeersLive;
+    probeSlack: typeof import("../../../extensions/slack/src/probe.js").probeSlack;
+    resolveChannelAllowlist: typeof import("../../../extensions/slack/src/resolve-channels.js").resolveSlackChannelAllowlist;
+    resolveUserAllowlist: typeof import("../../../extensions/slack/src/resolve-users.js").resolveSlackUserAllowlist;
+    sendMessageSlack: typeof import("../../../extensions/slack/src/send.js").sendMessageSlack;
+    monitorSlackProvider: typeof import("../../../extensions/slack/src/index.js").monitorSlackProvider;
     handleSlackAction: typeof import("../../agents/tools/slack-actions.js").handleSlackAction;
   };
   telegram: {
-    auditGroupMembership: typeof import("../../telegram/audit.js").auditTelegramGroupMembership;
-    collectUnmentionedGroupIds: typeof import("../../telegram/audit.js").collectTelegramUnmentionedGroupIds;
-    probeTelegram: typeof import("../../telegram/probe.js").probeTelegram;
-    resolveTelegramToken: typeof import("../../telegram/token.js").resolveTelegramToken;
-    sendMessageTelegram: typeof import("../../telegram/send.js").sendMessageTelegram;
-    sendPollTelegram: typeof import("../../telegram/send.js").sendPollTelegram;
-    monitorTelegramProvider: typeof import("../../telegram/monitor.js").monitorTelegramProvider;
+    auditGroupMembership: typeof import("../../../extensions/telegram/src/audit.js").auditTelegramGroupMembership;
+    collectUnmentionedGroupIds: typeof import("../../../extensions/telegram/src/audit.js").collectTelegramUnmentionedGroupIds;
+    probeTelegram: typeof import("../../../extensions/telegram/src/probe.js").probeTelegram;
+    resolveTelegramToken: typeof import("../../../extensions/telegram/src/token.js").resolveTelegramToken;
+    sendMessageTelegram: typeof import("../../../extensions/telegram/src/send.js").sendMessageTelegram;
+    sendPollTelegram: typeof import("../../../extensions/telegram/src/send.js").sendPollTelegram;
+    monitorTelegramProvider: typeof import("../../../extensions/telegram/src/monitor.js").monitorTelegramProvider;
     messageActions: typeof import("../../channels/plugins/actions/telegram.js").telegramMessageActions;
   };
   signal: {
-    probeSignal: typeof import("../../signal/probe.js").probeSignal;
-    sendMessageSignal: typeof import("../../signal/send.js").sendMessageSignal;
-    monitorSignalProvider: typeof import("../../signal/index.js").monitorSignalProvider;
+    probeSignal: typeof import("../../../extensions/signal/src/probe.js").probeSignal;
+    sendMessageSignal: typeof import("../../../extensions/signal/src/send.js").sendMessageSignal;
+    monitorSignalProvider: typeof import("../../../extensions/signal/src/index.js").monitorSignalProvider;
     messageActions: typeof import("../../channels/plugins/actions/signal.js").signalMessageActions;
   };
   imessage: {
-    monitorIMessageProvider: typeof import("../../imessage/monitor.js").monitorIMessageProvider;
-    probeIMessage: typeof import("../../imessage/probe.js").probeIMessage;
-    sendMessageIMessage: typeof import("../../imessage/send.js").sendMessageIMessage;
+    monitorIMessageProvider: typeof import("../../../extensions/imessage/src/monitor.js").monitorIMessageProvider;
+    probeIMessage: typeof import("../../../extensions/imessage/src/probe.js").probeIMessage;
+    sendMessageIMessage: typeof import("../../../extensions/imessage/src/send.js").sendMessageIMessage;
   };
   whatsapp: {
-    getActiveWebListener: typeof import("../../web/active-listener.js").getActiveWebListener;
-    getWebAuthAgeMs: typeof import("../../web/auth-store.js").getWebAuthAgeMs;
-    logoutWeb: typeof import("../../web/auth-store.js").logoutWeb;
-    logWebSelfId: typeof import("../../web/auth-store.js").logWebSelfId;
-    readWebSelfId: typeof import("../../web/auth-store.js").readWebSelfId;
-    webAuthExists: typeof import("../../web/auth-store.js").webAuthExists;
-    sendMessageWhatsApp: typeof import("../../web/outbound.js").sendMessageWhatsApp;
-    sendPollWhatsApp: typeof import("../../web/outbound.js").sendPollWhatsApp;
-    loginWeb: typeof import("../../web/login.js").loginWeb;
-    startWebLoginWithQr: typeof import("../../web/login-qr.js").startWebLoginWithQr;
-    waitForWebLogin: typeof import("../../web/login-qr.js").waitForWebLogin;
+    getActiveWebListener: typeof import("../../../extensions/whatsapp/src/active-listener.js").getActiveWebListener;
+    getWebAuthAgeMs: typeof import("../../../extensions/whatsapp/src/auth-store.js").getWebAuthAgeMs;
+    logoutWeb: typeof import("../../../extensions/whatsapp/src/auth-store.js").logoutWeb;
+    logWebSelfId: typeof import("../../../extensions/whatsapp/src/auth-store.js").logWebSelfId;
+    readWebSelfId: typeof import("../../../extensions/whatsapp/src/auth-store.js").readWebSelfId;
+    webAuthExists: typeof import("../../../extensions/whatsapp/src/auth-store.js").webAuthExists;
+    sendMessageWhatsApp: typeof import("../../../extensions/whatsapp/src/send.js").sendMessageWhatsApp;
+    sendPollWhatsApp: typeof import("../../../extensions/whatsapp/src/send.js").sendPollWhatsApp;
+    loginWeb: typeof import("../../../extensions/whatsapp/src/login.js").loginWeb;
+    startWebLoginWithQr: typeof import("../../../extensions/whatsapp/src/login-qr.js").startWebLoginWithQr;
+    waitForWebLogin: typeof import("../../../extensions/whatsapp/src/login-qr.js").waitForWebLogin;
     monitorWebChannel: typeof import("../../channels/web/index.js").monitorWebChannel;
     handleWhatsAppAction: typeof import("../../agents/tools/whatsapp-actions.js").handleWhatsAppAction;
     createLoginTool: typeof import("../../channels/plugins/agent-tools/whatsapp-login.js").createWhatsAppLoginTool;
diff --git a/src/plugins/runtime/types-core.ts b/src/plugins/runtime/types-core.ts
index bfbb747c9c4..c25c3afa86b 100644
--- a/src/plugins/runtime/types-core.ts
+++ b/src/plugins/runtime/types-core.ts
@@ -20,7 +20,7 @@ export type PluginRuntimeCore = {
     formatNativeDependencyHint: typeof import("./native-deps.js").formatNativeDependencyHint;
   };
   media: {
-    loadWebMedia: typeof import("../../web/media.js").loadWebMedia;
+    loadWebMedia: typeof import("../../../extensions/whatsapp/src/media.js").loadWebMedia;
     detectMime: typeof import("../../media/mime.js").detectMime;
     mediaKindFromMime: typeof import("../../media/constants.js").mediaKindFromMime;
     isVoiceCompatibleAudio: typeof import("../../media/audio.js").isVoiceCompatibleAudio;
diff --git a/src/plugins/test-helpers/fs-fixtures.ts b/src/plugins/test-helpers/fs-fixtures.ts
index ec6b88fa4e4..4c65d0662fd 100644
--- a/src/plugins/test-helpers/fs-fixtures.ts
+++ b/src/plugins/test-helpers/fs-fixtures.ts
@@ -1,4 +1,3 @@
-import { randomUUID } from "node:crypto";
 import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
@@ -16,8 +15,8 @@ export function mkdirSafeDir(dir: string) {
 }
 
 export function makeTrackedTempDir(prefix: string, trackedDirs: string[]) {
-  const dir = path.join(os.tmpdir(), `${prefix}-${randomUUID()}`);
-  mkdirSafeDir(dir);
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), String(prefix) + "-"));
+  chmodSafeDir(dir);
   trackedDirs.push(dir);
   return dir;
 }
diff --git a/src/security/audit-channel.ts b/src/security/audit-channel.ts
index a46db8646a4..ca0e69722e3 100644
--- a/src/security/audit-channel.ts
+++ b/src/security/audit-channel.ts
@@ -1,3 +1,7 @@
+import {
+  isNumericTelegramUserId,
+  normalizeTelegramAllowFromEntry,
+} from "../../extensions/telegram/src/allow-from.js";
 import {
   hasConfiguredUnavailableCredentialStatus,
   hasResolvedCredentialValue,
@@ -6,10 +10,6 @@ import { resolveChannelDefaultAccountId } from "../channels/plugins/helpers.js";
 import type { listChannelPlugins } from "../channels/plugins/index.js";
 import type { ChannelId } from "../channels/plugins/types.js";
 import { inspectReadOnlyChannelAccount } from "../channels/read-only-account-inspect.js";
-import {
-  isNumericTelegramUserId,
-  normalizeTelegramAllowFromEntry,
-} from "../channels/telegram/allow-from.js";
 import { formatCliCommand } from "../cli/command-format.js";
 import { resolveNativeCommandsEnabled, resolveNativeSkillsEnabled } from "../config/commands.js";
 import type { OpenClawConfig } from "../config/config.js";
diff --git a/src/security/dm-policy-channel-smoke.test.ts b/src/security/dm-policy-channel-smoke.test.ts
index 7a57317d628..189f169648c 100644
--- a/src/security/dm-policy-channel-smoke.test.ts
+++ b/src/security/dm-policy-channel-smoke.test.ts
@@ -1,7 +1,7 @@
 import { describe, expect, it } from "vitest";
 import { isAllowedBlueBubblesSender } from "../../extensions/bluebubbles/src/targets.js";
 import { isMattermostSenderAllowed } from "../../extensions/mattermost/src/mattermost/monitor-auth.js";
-import { isSignalSenderAllowed, type SignalSender } from "../signal/identity.js";
+import { isSignalSenderAllowed, type SignalSender } from "../../extensions/signal/src/identity.js";
 import { DM_GROUP_ACCESS_REASON, resolveDmGroupAccessWithLists } from "./dm-policy-shared.js";
 
 type ChannelSmokeCase = {
diff --git a/src/shared/config-eval.test.ts b/src/shared/config-eval.test.ts
index 7891c17142c..199c22a3462 100644
--- a/src/shared/config-eval.test.ts
+++ b/src/shared/config-eval.test.ts
@@ -86,6 +86,7 @@ describe("config-eval helpers", () => {
   });
 
   it("caches binary lookups until PATH changes", () => {
+    setPlatform("linux");
     process.env.PATH = ["/missing/bin", "/found/bin"].join(path.delimiter);
     const accessSpy = vi.spyOn(fs, "accessSync").mockImplementation((candidate) => {
       if (String(candidate) === path.join("/found/bin", "tool")) {
@@ -110,10 +111,14 @@ describe("config-eval helpers", () => {
 
   it("checks PATHEXT candidates on Windows", () => {
     setPlatform("win32");
-    process.env.PATH = "/tools";
+    const toolsDir = path.join(path.sep, "tools");
+    process.env.PATH = toolsDir;
     process.env.PATHEXT = ".EXE;.CMD";
+    const plainCandidate = path.join(toolsDir, "tool");
+    const exeCandidate = path.join(toolsDir, "tool.EXE");
+    const cmdCandidate = path.join(toolsDir, "tool.CMD");
     const accessSpy = vi.spyOn(fs, "accessSync").mockImplementation((candidate) => {
-      if (String(candidate) === "/tools/tool.CMD") {
+      if (String(candidate) === cmdCandidate) {
         return undefined;
       }
       throw new Error("missing");
@@ -121,9 +126,9 @@ describe("config-eval helpers", () => {
 
     expect(hasBinary("tool")).toBe(true);
     expect(accessSpy.mock.calls.map(([candidate]) => String(candidate))).toEqual([
-      "/tools/tool",
-      "/tools/tool.EXE",
-      "/tools/tool.CMD",
+      plainCandidate,
+      exeCandidate,
+      cmdCandidate,
     ]);
   });
 });
diff --git a/src/shared/net/ip.ts b/src/shared/net/ip.ts
index c386c687898..57c8cccd697 100644
--- a/src/shared/net/ip.ts
+++ b/src/shared/net/ip.ts
@@ -128,12 +128,16 @@ function normalizeIpv4MappedAddress(address: ParsedIpAddress): ParsedIpAddress {
   return address.toIPv4Address();
 }
 
-export function parseCanonicalIpAddress(raw: string | undefined): ParsedIpAddress | undefined {
+function normalizeIpParseInput(raw: string | undefined): string | undefined {
   const trimmed = raw?.trim();
   if (!trimmed) {
     return undefined;
   }
-  const normalized = stripIpv6Brackets(trimmed);
+  return stripIpv6Brackets(trimmed);
+}
+
+export function parseCanonicalIpAddress(raw: string | undefined): ParsedIpAddress | undefined {
+  const normalized = normalizeIpParseInput(raw);
   if (!normalized) {
     return undefined;
   }
@@ -150,11 +154,7 @@ export function parseCanonicalIpAddress(raw: string | undefined): ParsedIpAddres
 }
 
 export function parseLooseIpAddress(raw: string | undefined): ParsedIpAddress | undefined {
-  const trimmed = raw?.trim();
-  if (!trimmed) {
-    return undefined;
-  }
-  const normalized = stripIpv6Brackets(trimmed);
+  const normalized = normalizeIpParseInput(raw);
   if (!normalized) {
     return undefined;
   }
diff --git a/src/shared/node-list-parse.test.ts b/src/shared/node-list-parse.test.ts
index 9437e31118a..29bc910fcc9 100644
--- a/src/shared/node-list-parse.test.ts
+++ b/src/shared/node-list-parse.test.ts
@@ -23,4 +23,26 @@ describe("shared/node-list-parse", () => {
     expect(parsePairingList(undefined)).toEqual({ pending: [], paired: [] });
     expect(parsePairingList(["not-an-object"])).toEqual({ pending: [], paired: [] });
   });
+
+  it("preserves valid pairing arrays when the sibling field is malformed", () => {
+    expect(
+      parsePairingList({
+        pending: [{ requestId: "r1", nodeId: "n1", ts: 1 }],
+        paired: "x",
+      }),
+    ).toEqual({
+      pending: [{ requestId: "r1", nodeId: "n1", ts: 1 }],
+      paired: [],
+    });
+
+    expect(
+      parsePairingList({
+        pending: 1,
+        paired: [{ nodeId: "n1" }],
+      }),
+    ).toEqual({
+      pending: [],
+      paired: [{ nodeId: "n1" }],
+    });
+  });
 });
diff --git a/src/slack/monitor/slash-dispatch.runtime.ts b/src/slack/monitor/slash-dispatch.runtime.ts
deleted file mode 100644
index 4c4832cff3b..00000000000
--- a/src/slack/monitor/slash-dispatch.runtime.ts
+++ /dev/null
@@ -1,9 +0,0 @@
-export { resolveChunkMode } from "../../auto-reply/chunk.js";
-export { finalizeInboundContext } from "../../auto-reply/reply/inbound-context.js";
-export { dispatchReplyWithDispatcher } from "../../auto-reply/reply/provider-dispatcher.js";
-export { resolveConversationLabel } from "../../channels/conversation-label.js";
-export { createReplyPrefixOptions } from "../../channels/reply-prefix.js";
-export { recordInboundSessionMetaSafe } from "../../channels/session-meta.js";
-export { resolveMarkdownTableMode } from "../../config/markdown-tables.js";
-export { resolveAgentRoute } from "../../routing/resolve-route.js";
-export { deliverSlackSlashReplies } from "./replies.js";
diff --git a/src/slack/monitor/slash-skill-commands.runtime.ts b/src/slack/monitor/slash-skill-commands.runtime.ts
deleted file mode 100644
index 4d49d66190b..00000000000
--- a/src/slack/monitor/slash-skill-commands.runtime.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { listSkillCommandsForAgents } from "../../auto-reply/skill-commands.js";
diff --git a/src/telegram/proxy.ts b/src/telegram/proxy.ts
deleted file mode 100644
index 3ac2bb10159..00000000000
--- a/src/telegram/proxy.ts
+++ /dev/null
@@ -1 +0,0 @@
-export { getProxyUrlFromFetch, makeProxyFetch } from "../infra/net/proxy-fetch.js";
diff --git a/src/terminal/note.ts b/src/terminal/note.ts
index 5b5ccb4a9ce..086e99e9435 100644
--- a/src/terminal/note.ts
+++ b/src/terminal/note.ts
@@ -54,6 +54,21 @@ function isCopySensitiveToken(word: string): boolean {
   return word.includes("_") && FILE_LIKE_RE.test(word);
 }
 
+function pushWrappedWordSegments(params: {
+  word: string;
+  available: number;
+  firstPrefix: string;
+  continuationPrefix: string;
+  lines: string[];
+}) {
+  const parts = splitLongWord(params.word, params.available);
+  const first = parts.shift() ?? "";
+  params.lines.push(params.firstPrefix + first);
+  for (const part of parts) {
+    params.lines.push(params.continuationPrefix + part);
+  }
+}
+
 function wrapLine(line: string, maxWidth: number): string[] {
   if (line.trim().length === 0) {
     return [line];
@@ -80,14 +95,15 @@ function wrapLine(line: string, maxWidth: number): string[] {
           current = word;
           continue;
         }
-        const parts = splitLongWord(word, available);
-        const first = parts.shift() ?? "";
-        lines.push(prefix + first);
+        pushWrappedWordSegments({
+          word,
+          available,
+          firstPrefix: prefix,
+          continuationPrefix: nextPrefix,
+          lines,
+        });
         prefix = nextPrefix;
         available = nextWidth;
-        for (const part of parts) {
-          lines.push(prefix + part);
-        }
         continue;
       }
       current = word;
@@ -109,12 +125,13 @@ function wrapLine(line: string, maxWidth: number): string[] {
         current = word;
         continue;
       }
-      const parts = splitLongWord(word, available);
-      const first = parts.shift() ?? "";
-      lines.push(prefix + first);
-      for (const part of parts) {
-        lines.push(prefix + part);
-      }
+      pushWrappedWordSegments({
+        word,
+        available,
+        firstPrefix: prefix,
+        continuationPrefix: prefix,
+        lines,
+      });
       current = "";
       continue;
     }
diff --git a/src/test-helpers/whatsapp-outbound.ts b/src/test-helpers/whatsapp-outbound.ts
new file mode 100644
index 00000000000..71433107fba
--- /dev/null
+++ b/src/test-helpers/whatsapp-outbound.ts
@@ -0,0 +1,33 @@
+import { expect, type MockInstance } from "vitest";
+import type { OpenClawConfig } from "../config/config.js";
+
+export function createWhatsAppPollFixture() {
+  const cfg = { marker: "resolved-cfg" } as OpenClawConfig;
+  const poll = {
+    question: "Lunch?",
+    options: ["Pizza", "Sushi"],
+    maxSelections: 1,
+  };
+  return {
+    cfg,
+    poll,
+    to: "+1555",
+    accountId: "work",
+  };
+}
+
+export function expectWhatsAppPollSent(
+  sendPollWhatsApp: MockInstance,
+  params: {
+    cfg: OpenClawConfig;
+    poll: { question: string; options: string[]; maxSelections: number };
+    to?: string;
+    accountId?: string;
+  },
+) {
+  expect(sendPollWhatsApp).toHaveBeenCalledWith(params.to ?? "+1555", params.poll, {
+    verbose: false,
+    accountId: params.accountId ?? "work",
+    cfg: params.cfg,
+  });
+}
diff --git a/src/test-utils/imessage-test-plugin.ts b/src/test-utils/imessage-test-plugin.ts
index 5a072141644..962a1f7c33e 100644
--- a/src/test-utils/imessage-test-plugin.ts
+++ b/src/test-utils/imessage-test-plugin.ts
@@ -1,6 +1,6 @@
+import { normalizeIMessageHandle } from "../../extensions/imessage/src/targets.js";
 import { imessageOutbound } from "../channels/plugins/outbound/imessage.js";
 import type { ChannelOutboundAdapter, ChannelPlugin } from "../channels/plugins/types.js";
-import { normalizeIMessageHandle } from "../imessage/targets.js";
 import { collectStatusIssuesFromLastError } from "../plugin-sdk/status-helpers.js";
 
 export const createIMessageTestPlugin = (params?: {
diff --git a/src/test-utils/runtime-source-guardrail-scan.ts b/src/test-utils/runtime-source-guardrail-scan.ts
index f5ef1b2100b..1e41fce3d3f 100644
--- a/src/test-utils/runtime-source-guardrail-scan.ts
+++ b/src/test-utils/runtime-source-guardrail-scan.ts
@@ -50,7 +50,13 @@ async function readRuntimeSourceFiles(
       if (!absolutePath) {
         continue;
       }
-      const source = await fs.readFile(absolutePath, "utf8");
+      let source: string;
+      try {
+        source = await fs.readFile(absolutePath, "utf8");
+      } catch {
+        // File tracked by git but deleted on disk (e.g. pending deletion).
+        continue;
+      }
       output[index] = {
         relativePath: path.relative(repoRoot, absolutePath),
         source,
diff --git a/src/tts/tts.ts b/src/tts/tts.ts
index 5cd306f13a9..403efc10543 100644
--- a/src/tts/tts.ts
+++ b/src/tts/tts.ts
@@ -559,6 +559,35 @@ function buildTtsFailureResult(errors: string[]): { success: false; error: strin
   };
 }
 
+function resolveTtsRequestSetup(params: {
+  text: string;
+  cfg: OpenClawConfig;
+  prefsPath?: string;
+  providerOverride?: TtsProvider;
+}):
+  | {
+      config: ResolvedTtsConfig;
+      providers: TtsProvider[];
+    }
+  | {
+      error: string;
+    } {
+  const config = resolveTtsConfig(params.cfg);
+  const prefsPath = params.prefsPath ?? resolveTtsPrefsPath(config);
+  if (params.text.length > config.maxTextLength) {
+    return {
+      error: `Text too long (${params.text.length} chars, max ${config.maxTextLength})`,
+    };
+  }
+
+  const userProvider = getTtsProvider(config, prefsPath);
+  const provider = params.providerOverride ?? userProvider;
+  return {
+    config,
+    providers: resolveTtsProviderOrder(provider),
+  };
+}
+
 export async function textToSpeech(params: {
   text: string;
   cfg: OpenClawConfig;
@@ -566,22 +595,19 @@ export async function textToSpeech(params: {
   channel?: string;
   overrides?: TtsDirectiveOverrides;
 }): Promise<TtsResult> {
-  const config = resolveTtsConfig(params.cfg);
-  const prefsPath = params.prefsPath ?? resolveTtsPrefsPath(config);
-  const channelId = resolveChannelId(params.channel);
-  const output = resolveOutputFormat(channelId);
-
-  if (params.text.length > config.maxTextLength) {
-    return {
-      success: false,
-      error: `Text too long (${params.text.length} chars, max ${config.maxTextLength})`,
-    };
+  const setup = resolveTtsRequestSetup({
+    text: params.text,
+    cfg: params.cfg,
+    prefsPath: params.prefsPath,
+    providerOverride: params.overrides?.provider,
+  });
+  if ("error" in setup) {
+    return { success: false, error: setup.error };
   }
 
-  const userProvider = getTtsProvider(config, prefsPath);
-  const overrideProvider = params.overrides?.provider;
-  const provider = overrideProvider ?? userProvider;
-  const providers = resolveTtsProviderOrder(provider);
+  const { config, providers } = setup;
+  const channelId = resolveChannelId(params.channel);
+  const output = resolveOutputFormat(channelId);
 
   const errors: string[] = [];
 
@@ -734,18 +760,16 @@ export async function textToSpeechTelephony(params: {
   cfg: OpenClawConfig;
   prefsPath?: string;
 }): Promise<TtsTelephonyResult> {
-  const config = resolveTtsConfig(params.cfg);
-  const prefsPath = params.prefsPath ?? resolveTtsPrefsPath(config);
-
-  if (params.text.length > config.maxTextLength) {
-    return {
-      success: false,
-      error: `Text too long (${params.text.length} chars, max ${config.maxTextLength})`,
-    };
+  const setup = resolveTtsRequestSetup({
+    text: params.text,
+    cfg: params.cfg,
+    prefsPath: params.prefsPath,
+  });
+  if ("error" in setup) {
+    return { success: false, error: setup.error };
   }
 
-  const userProvider = getTtsProvider(config, prefsPath);
-  const providers = resolveTtsProviderOrder(userProvider);
+  const { config, providers } = setup;
 
   const errors: string[] = [];
 
diff --git a/src/tui/components/btw-inline-message.test.ts b/src/tui/components/btw-inline-message.test.ts
new file mode 100644
index 00000000000..8cd323708c2
--- /dev/null
+++ b/src/tui/components/btw-inline-message.test.ts
@@ -0,0 +1,16 @@
+import { describe, expect, it } from "vitest";
+import { BtwInlineMessage } from "./btw-inline-message.js";
+
+describe("btw inline message", () => {
+  it("renders the BTW question, answer, and dismiss hint inline", () => {
+    const message = new BtwInlineMessage({
+      question: "what is 17 * 19?",
+      text: "323",
+    });
+
+    const rendered = message.render(80).join("\n");
+    expect(rendered).toContain("BTW: what is 17 * 19?");
+    expect(rendered).toContain("323");
+    expect(rendered).toContain("Press Enter or Esc to dismiss");
+  });
+});
diff --git a/src/tui/components/btw-inline-message.ts b/src/tui/components/btw-inline-message.ts
new file mode 100644
index 00000000000..7aa813a457e
--- /dev/null
+++ b/src/tui/components/btw-inline-message.ts
@@ -0,0 +1,28 @@
+import { Container, Spacer, Text } from "@mariozechner/pi-tui";
+import { theme } from "../theme/theme.js";
+import { AssistantMessageComponent } from "./assistant-message.js";
+
+type BtwInlineMessageParams = {
+  question: string;
+  text: string;
+  isError?: boolean;
+};
+
+export class BtwInlineMessage extends Container {
+  constructor(params: BtwInlineMessageParams) {
+    super();
+    this.setResult(params);
+  }
+
+  setResult(params: BtwInlineMessageParams) {
+    this.clear();
+    this.addChild(new Spacer(1));
+    this.addChild(new Text(theme.header(`BTW: ${params.question}`), 1, 0));
+    if (params.isError) {
+      this.addChild(new Text(theme.error(params.text), 1, 0));
+    } else {
+      this.addChild(new AssistantMessageComponent(params.text));
+    }
+    this.addChild(new Text(theme.dim("Press Enter or Esc to dismiss"), 1, 0));
+  }
+}
diff --git a/src/tui/components/chat-log.test.ts b/src/tui/components/chat-log.test.ts
index b81740a2e8c..700a2abb9d2 100644
--- a/src/tui/components/chat-log.test.ts
+++ b/src/tui/components/chat-log.test.ts
@@ -52,4 +52,25 @@ describe("ChatLog", () => {
 
     expect(chatLog.children.length).toBe(20);
   });
+
+  it("renders BTW inline and removes it when dismissed", () => {
+    const chatLog = new ChatLog(40);
+
+    chatLog.addSystem("session agent:main:main");
+    chatLog.showBtw({
+      question: "what is 17 * 19?",
+      text: "323",
+    });
+
+    let rendered = chatLog.render(120).join("\n");
+    expect(rendered).toContain("BTW: what is 17 * 19?");
+    expect(rendered).toContain("323");
+    expect(chatLog.hasVisibleBtw()).toBe(true);
+
+    chatLog.dismissBtw();
+
+    rendered = chatLog.render(120).join("\n");
+    expect(rendered).not.toContain("BTW: what is 17 * 19?");
+    expect(chatLog.hasVisibleBtw()).toBe(false);
+  });
 });
diff --git a/src/tui/components/chat-log.ts b/src/tui/components/chat-log.ts
index 76ac7d93654..c46e6065b9b 100644
--- a/src/tui/components/chat-log.ts
+++ b/src/tui/components/chat-log.ts
@@ -2,6 +2,7 @@ import type { Component } from "@mariozechner/pi-tui";
 import { Container, Spacer, Text } from "@mariozechner/pi-tui";
 import { theme } from "../theme/theme.js";
 import { AssistantMessageComponent } from "./assistant-message.js";
+import { BtwInlineMessage } from "./btw-inline-message.js";
 import { ToolExecutionComponent } from "./tool-execution.js";
 import { UserMessageComponent } from "./user-message.js";
 
@@ -9,6 +10,7 @@ export class ChatLog extends Container {
   private readonly maxComponents: number;
   private toolById = new Map<string, ToolExecutionComponent>();
   private streamingRuns = new Map<string, AssistantMessageComponent>();
+  private btwMessage: BtwInlineMessage | null = null;
   private toolsExpanded = false;
 
   constructor(maxComponents = 180) {
@@ -27,6 +29,9 @@ export class ChatLog extends Container {
         this.streamingRuns.delete(runId);
       }
     }
+    if (this.btwMessage === component) {
+      this.btwMessage = null;
+    }
   }
 
   private pruneOverflow() {
@@ -49,6 +54,7 @@ export class ChatLog extends Container {
     this.clear();
     this.toolById.clear();
     this.streamingRuns.clear();
+    this.btwMessage = null;
   }
 
   addSystem(text: string) {
@@ -108,6 +114,33 @@ export class ChatLog extends Container {
     this.streamingRuns.delete(effectiveRunId);
   }
 
+  showBtw(params: { question: string; text: string; isError?: boolean }) {
+    if (this.btwMessage) {
+      this.btwMessage.setResult(params);
+      if (this.children[this.children.length - 1] !== this.btwMessage) {
+        this.removeChild(this.btwMessage);
+        this.append(this.btwMessage);
+      }
+      return this.btwMessage;
+    }
+    const component = new BtwInlineMessage(params);
+    this.btwMessage = component;
+    this.append(component);
+    return component;
+  }
+
+  dismissBtw() {
+    if (!this.btwMessage) {
+      return;
+    }
+    this.removeChild(this.btwMessage);
+    this.btwMessage = null;
+  }
+
+  hasVisibleBtw() {
+    return this.btwMessage !== null;
+  }
+
   startTool(toolCallId: string, toolName: string, args: unknown) {
     const existing = this.toolById.get(toolCallId);
     if (existing) {
diff --git a/src/tui/tui-command-handlers.test.ts b/src/tui/tui-command-handlers.test.ts
index 4e4bfe3c36f..026b63350be 100644
--- a/src/tui/tui-command-handlers.test.ts
+++ b/src/tui/tui-command-handlers.test.ts
@@ -12,6 +12,7 @@ function createHarness(params?: {
   loadHistory?: LoadHistoryMock;
   setActivityStatus?: SetActivityStatusMock;
   isConnected?: boolean;
+  activeChatRunId?: string | null;
 }) {
   const sendChat = params?.sendChat ?? vi.fn().mockResolvedValue({ runId: "r1" });
   const resetSession = params?.resetSession ?? vi.fn().mockResolvedValue({ ok: true });
@@ -19,21 +20,24 @@ function createHarness(params?: {
   const addUser = vi.fn();
   const addSystem = vi.fn();
   const requestRender = vi.fn();
+  const noteLocalRunId = vi.fn();
+  const noteLocalBtwRunId = vi.fn();
   const loadHistory =
     params?.loadHistory ?? (vi.fn().mockResolvedValue(undefined) as LoadHistoryMock);
   const setActivityStatus = params?.setActivityStatus ?? (vi.fn() as SetActivityStatusMock);
+  const state = {
+    currentSessionKey: "agent:main:main",
+    activeChatRunId: params?.activeChatRunId ?? null,
+    isConnected: params?.isConnected ?? true,
+    sessionInfo: {},
+  };
 
   const { handleCommand } = createCommandHandlers({
     client: { sendChat, resetSession } as never,
     chatLog: { addUser, addSystem } as never,
     tui: { requestRender } as never,
     opts: {},
-    state: {
-      currentSessionKey: "agent:main:main",
-      activeChatRunId: null,
-      isConnected: params?.isConnected ?? true,
-      sessionInfo: {},
-    } as never,
+    state: state as never,
     deliverDefault: false,
     openOverlay: vi.fn(),
     closeOverlay: vi.fn(),
@@ -45,8 +49,10 @@ function createHarness(params?: {
     setActivityStatus,
     formatSessionKey: vi.fn(),
     applySessionInfoFromPatch: vi.fn(),
-    noteLocalRunId: vi.fn(),
+    noteLocalRunId,
+    noteLocalBtwRunId,
     forgetLocalRunId: vi.fn(),
+    forgetLocalBtwRunId: vi.fn(),
     requestExit: vi.fn(),
   });
 
@@ -60,6 +66,9 @@ function createHarness(params?: {
     requestRender,
     loadHistory,
     setActivityStatus,
+    noteLocalRunId,
+    noteLocalBtwRunId,
+    state,
   };
 }
 
@@ -108,6 +117,29 @@ describe("tui command handlers", () => {
     expect(requestRender).toHaveBeenCalled();
   });
 
+  it("sends /btw without hijacking the active main run", async () => {
+    const setActivityStatus = vi.fn();
+    const { handleCommand, sendChat, addUser, noteLocalRunId, noteLocalBtwRunId, state } =
+      createHarness({
+        activeChatRunId: "run-main",
+        setActivityStatus,
+      });
+
+    await handleCommand("/btw what changed?");
+
+    expect(addUser).not.toHaveBeenCalled();
+    expect(noteLocalRunId).not.toHaveBeenCalled();
+    expect(noteLocalBtwRunId).toHaveBeenCalledTimes(1);
+    expect(state.activeChatRunId).toBe("run-main");
+    expect(setActivityStatus).not.toHaveBeenCalledWith("sending");
+    expect(setActivityStatus).not.toHaveBeenCalledWith("waiting");
+    expect(sendChat).toHaveBeenCalledWith(
+      expect.objectContaining({
+        message: "/btw what changed?",
+      }),
+    );
+  });
+
   it("creates unique session for /new and resets shared session for /reset", async () => {
     const loadHistory = vi.fn().mockResolvedValue(undefined);
     const setSessionMock = vi.fn().mockResolvedValue(undefined) as SetSessionMock;
diff --git a/src/tui/tui-command-handlers.ts b/src/tui/tui-command-handlers.ts
index dd5113a17af..f3fc095c101 100644
--- a/src/tui/tui-command-handlers.ts
+++ b/src/tui/tui-command-handlers.ts
@@ -43,10 +43,16 @@ type CommandHandlerContext = {
   formatSessionKey: (key: string) => string;
   applySessionInfoFromPatch: (result: SessionsPatchResult) => void;
   noteLocalRunId: (runId: string) => void;
+  noteLocalBtwRunId?: (runId: string) => void;
   forgetLocalRunId?: (runId: string) => void;
+  forgetLocalBtwRunId?: (runId: string) => void;
   requestExit: () => void;
 };
 
+function isBtwCommand(text: string): boolean {
+  return /^\/btw(?::|\s|$)/i.test(text.trim());
+}
+
 export function createCommandHandlers(context: CommandHandlerContext) {
   const {
     client,
@@ -66,7 +72,9 @@ export function createCommandHandlers(context: CommandHandlerContext) {
     formatSessionKey,
     applySessionInfoFromPatch,
     noteLocalRunId,
+    noteLocalBtwRunId,
     forgetLocalRunId,
+    forgetLocalBtwRunId,
     requestExit,
   } = context;
 
@@ -501,13 +509,17 @@ export function createCommandHandlers(context: CommandHandlerContext) {
       tui.requestRender();
       return;
     }
+    const isBtw = isBtwCommand(text);
+    const runId = randomUUID();
     try {
-      chatLog.addUser(text);
-      tui.requestRender();
-      const runId = randomUUID();
-      noteLocalRunId(runId);
-      state.activeChatRunId = runId;
-      setActivityStatus("sending");
+      if (!isBtw) {
+        chatLog.addUser(text);
+        noteLocalRunId(runId);
+        state.activeChatRunId = runId;
+        setActivityStatus("sending");
+      } else {
+        noteLocalBtwRunId?.(runId);
+      }
       tui.requestRender();
       await client.sendChat({
         sessionKey: state.currentSessionKey,
@@ -517,15 +529,24 @@ export function createCommandHandlers(context: CommandHandlerContext) {
         timeoutMs: opts.timeoutMs,
         runId,
       });
-      setActivityStatus("waiting");
-      tui.requestRender();
+      if (!isBtw) {
+        setActivityStatus("waiting");
+        tui.requestRender();
+      }
     } catch (err) {
-      if (state.activeChatRunId) {
+      if (isBtw) {
+        forgetLocalBtwRunId?.(runId);
+      }
+      if (!isBtw && state.activeChatRunId) {
         forgetLocalRunId?.(state.activeChatRunId);
       }
-      state.activeChatRunId = null;
-      chatLog.addSystem(`send failed: ${String(err)}`);
-      setActivityStatus("error");
+      if (!isBtw) {
+        state.activeChatRunId = null;
+      }
+      chatLog.addSystem(`${isBtw ? "btw failed" : "send failed"}: ${String(err)}`);
+      if (!isBtw) {
+        setActivityStatus("error");
+      }
       tui.requestRender();
     }
   };
diff --git a/src/tui/tui-event-handlers.test.ts b/src/tui/tui-event-handlers.test.ts
index 7b08ddceaf5..2073afe308d 100644
--- a/src/tui/tui-event-handlers.test.ts
+++ b/src/tui/tui-event-handlers.test.ts
@@ -1,6 +1,6 @@
 import { describe, expect, it, vi } from "vitest";
 import { createEventHandlers } from "./tui-event-handlers.js";
-import type { AgentEvent, ChatEvent, TuiStateAccess } from "./tui-types.js";
+import type { AgentEvent, BtwEvent, ChatEvent, TuiStateAccess } from "./tui-types.js";
 
 type MockFn = ReturnType<typeof vi.fn>;
 type HandlerChatLog = {
@@ -11,6 +11,10 @@ type HandlerChatLog = {
   finalizeAssistant: (...args: unknown[]) => void;
   dropAssistant: (...args: unknown[]) => void;
 };
+type HandlerBtwPresenter = {
+  showResult: (...args: unknown[]) => void;
+  clear: (...args: unknown[]) => void;
+};
 type HandlerTui = { requestRender: (...args: unknown[]) => void };
 type MockChatLog = {
   startTool: MockFn;
@@ -20,6 +24,10 @@ type MockChatLog = {
   finalizeAssistant: MockFn;
   dropAssistant: MockFn;
 };
+type MockBtwPresenter = {
+  showResult: MockFn;
+  clear: MockFn;
+};
 type MockTui = { requestRender: MockFn };
 
 function createMockChatLog(): MockChatLog & HandlerChatLog {
@@ -33,6 +41,13 @@ function createMockChatLog(): MockChatLog & HandlerChatLog {
   } as unknown as MockChatLog & HandlerChatLog;
 }
 
+function createMockBtwPresenter(): MockBtwPresenter & HandlerBtwPresenter {
+  return {
+    showResult: vi.fn(),
+    clear: vi.fn(),
+  } as unknown as MockBtwPresenter & HandlerBtwPresenter;
+}
+
 describe("tui-event-handlers: handleAgentEvent", () => {
   const makeState = (overrides?: Partial<TuiStateAccess>): TuiStateAccess => ({
     agentDefaultId: "main",
@@ -59,50 +74,69 @@ describe("tui-event-handlers: handleAgentEvent", () => {
 
   const makeContext = (state: TuiStateAccess) => {
     const chatLog = createMockChatLog();
+    const btw = createMockBtwPresenter();
     const tui = { requestRender: vi.fn() } as unknown as MockTui & HandlerTui;
     const setActivityStatus = vi.fn();
     const loadHistory = vi.fn();
     const localRunIds = new Set<string>();
+    const localBtwRunIds = new Set<string>();
     const noteLocalRunId = (runId: string) => {
       localRunIds.add(runId);
     };
     const forgetLocalRunId = localRunIds.delete.bind(localRunIds);
     const isLocalRunId = localRunIds.has.bind(localRunIds);
     const clearLocalRunIds = localRunIds.clear.bind(localRunIds);
+    const noteLocalBtwRunId = (runId: string) => {
+      localBtwRunIds.add(runId);
+    };
+    const forgetLocalBtwRunId = localBtwRunIds.delete.bind(localBtwRunIds);
+    const isLocalBtwRunId = localBtwRunIds.has.bind(localBtwRunIds);
+    const clearLocalBtwRunIds = localBtwRunIds.clear.bind(localBtwRunIds);
 
     return {
       chatLog,
+      btw,
       tui,
       state,
       setActivityStatus,
       loadHistory,
       noteLocalRunId,
+      noteLocalBtwRunId,
       forgetLocalRunId,
       isLocalRunId,
       clearLocalRunIds,
+      forgetLocalBtwRunId,
+      isLocalBtwRunId,
+      clearLocalBtwRunIds,
     };
   };
 
   const createHandlersHarness = (params?: {
     state?: Partial<TuiStateAccess>;
     chatLog?: HandlerChatLog;
+    btw?: HandlerBtwPresenter;
   }) => {
     const state = makeState(params?.state);
     const context = makeContext(state);
     const chatLog = (params?.chatLog ?? context.chatLog) as MockChatLog & HandlerChatLog;
     const handlers = createEventHandlers({
       chatLog,
+      btw: (params?.btw ?? context.btw) as MockBtwPresenter & HandlerBtwPresenter,
       tui: context.tui,
       state,
       setActivityStatus: context.setActivityStatus,
       loadHistory: context.loadHistory,
       isLocalRunId: context.isLocalRunId,
       forgetLocalRunId: context.forgetLocalRunId,
+      isLocalBtwRunId: context.isLocalBtwRunId,
+      forgetLocalBtwRunId: context.forgetLocalBtwRunId,
+      clearLocalBtwRunIds: context.clearLocalBtwRunIds,
     });
     return {
       ...context,
       state,
       chatLog,
+      btw: (params?.btw ?? context.btw) as MockBtwPresenter & HandlerBtwPresenter,
       ...handlers,
     };
   };
@@ -212,6 +246,62 @@ describe("tui-event-handlers: handleAgentEvent", () => {
     expect(chatLog.updateAssistant).toHaveBeenCalledWith("hello", "run-alias");
   });
 
+  it("renders BTW results separately without disturbing the active run", () => {
+    const { state, btw, setActivityStatus, loadHistory, tui, handleBtwEvent } =
+      createHandlersHarness({
+        state: { activeChatRunId: "run-main" },
+      });
+
+    const evt: BtwEvent = {
+      kind: "btw",
+      runId: "run-btw",
+      sessionKey: state.currentSessionKey,
+      question: "what changed?",
+      text: "nothing important",
+    };
+
+    handleBtwEvent(evt);
+
+    expect(state.activeChatRunId).toBe("run-main");
+    expect(btw.showResult).toHaveBeenCalledWith({
+      question: "what changed?",
+      text: "nothing important",
+      isError: undefined,
+    });
+    expect(setActivityStatus).not.toHaveBeenCalled();
+    expect(loadHistory).not.toHaveBeenCalled();
+    expect(tui.requestRender).toHaveBeenCalledTimes(1);
+  });
+
+  it("keeps a local BTW result visible when its empty final chat event arrives", () => {
+    const { state, btw, loadHistory, noteLocalBtwRunId, handleBtwEvent, handleChatEvent } =
+      createHandlersHarness({
+        state: { activeChatRunId: null },
+      });
+
+    noteLocalBtwRunId("run-btw");
+    handleBtwEvent({
+      kind: "btw",
+      runId: "run-btw",
+      sessionKey: state.currentSessionKey,
+      question: "what changed?",
+      text: "nothing important",
+    } satisfies BtwEvent);
+
+    handleChatEvent({
+      runId: "run-btw",
+      sessionKey: state.currentSessionKey,
+      state: "final",
+    } satisfies ChatEvent);
+
+    expect(loadHistory).not.toHaveBeenCalled();
+    expect(btw.showResult).toHaveBeenCalledWith({
+      question: "what changed?",
+      text: "nothing important",
+      isError: undefined,
+    });
+  });
+
   it("does not cross-match canonical session keys from different agents", () => {
     const { chatLog, handleChatEvent } = createHandlersHarness({
       state: {
diff --git a/src/tui/tui-event-handlers.ts b/src/tui/tui-event-handlers.ts
index 54e4654ee96..6fda2d85163 100644
--- a/src/tui/tui-event-handlers.ts
+++ b/src/tui/tui-event-handlers.ts
@@ -1,7 +1,7 @@
 import { parseAgentSessionKey } from "../sessions/session-key-utils.js";
 import { asString, extractTextFromMessage, isCommandMessage } from "./tui-formatters.js";
 import { TuiStreamAssembler } from "./tui-stream-assembler.js";
-import type { AgentEvent, ChatEvent, TuiStateAccess } from "./tui-types.js";
+import type { AgentEvent, BtwEvent, ChatEvent, TuiStateAccess } from "./tui-types.js";
 
 type EventHandlerChatLog = {
   startTool: (toolCallId: string, toolName: string, args: unknown) => void;
@@ -20,8 +20,14 @@ type EventHandlerTui = {
   requestRender: () => void;
 };
 
+type EventHandlerBtwPresenter = {
+  showResult: (params: { question: string; text: string; isError?: boolean }) => void;
+  clear: () => void;
+};
+
 type EventHandlerContext = {
   chatLog: EventHandlerChatLog;
+  btw: EventHandlerBtwPresenter;
   tui: EventHandlerTui;
   state: TuiStateAccess;
   setActivityStatus: (text: string) => void;
@@ -30,11 +36,15 @@ type EventHandlerContext = {
   isLocalRunId?: (runId: string) => boolean;
   forgetLocalRunId?: (runId: string) => void;
   clearLocalRunIds?: () => void;
+  isLocalBtwRunId?: (runId: string) => boolean;
+  forgetLocalBtwRunId?: (runId: string) => void;
+  clearLocalBtwRunIds?: () => void;
 };
 
 export function createEventHandlers(context: EventHandlerContext) {
   const {
     chatLog,
+    btw,
     tui,
     state,
     setActivityStatus,
@@ -43,6 +53,9 @@ export function createEventHandlers(context: EventHandlerContext) {
     isLocalRunId,
     forgetLocalRunId,
     clearLocalRunIds,
+    isLocalBtwRunId,
+    forgetLocalBtwRunId,
+    clearLocalBtwRunIds,
   } = context;
   const finalizedRuns = new Map<string, number>();
   const sessionRuns = new Map<string, number>();
@@ -81,6 +94,8 @@ export function createEventHandlers(context: EventHandlerContext) {
     sessionRuns.clear();
     streamAssembler = new TuiStreamAssembler();
     clearLocalRunIds?.();
+    clearLocalBtwRunIds?.();
+    btw.clear();
   };
 
   const noteSessionRun = (runId: string) => {
@@ -194,7 +209,7 @@ export function createEventHandlers(context: EventHandlerContext) {
       }
     }
     noteSessionRun(evt.runId);
-    if (!state.activeChatRunId) {
+    if (!state.activeChatRunId && !isLocalBtwRunId?.(evt.runId)) {
       state.activeChatRunId = evt.runId;
     }
     if (evt.state === "delta") {
@@ -206,7 +221,14 @@ export function createEventHandlers(context: EventHandlerContext) {
       setActivityStatus("streaming");
     }
     if (evt.state === "final") {
+      const isLocalBtwRun = isLocalBtwRunId?.(evt.runId) ?? false;
       const wasActiveRun = state.activeChatRunId === evt.runId;
+      if (!evt.message && isLocalBtwRun) {
+        forgetLocalBtwRunId?.(evt.runId);
+        noteFinalizedRun(evt.runId);
+        tui.requestRender();
+        return;
+      }
       if (!evt.message) {
         maybeRefreshHistoryForRun(evt.runId, {
           allowLocalWithoutDisplayableFinal: true,
@@ -254,12 +276,14 @@ export function createEventHandlers(context: EventHandlerContext) {
       });
     }
     if (evt.state === "aborted") {
+      forgetLocalBtwRunId?.(evt.runId);
       const wasActiveRun = state.activeChatRunId === evt.runId;
       chatLog.addSystem("run aborted");
       terminateRun({ runId: evt.runId, wasActiveRun, status: "aborted" });
       maybeRefreshHistoryForRun(evt.runId);
     }
     if (evt.state === "error") {
+      forgetLocalBtwRunId?.(evt.runId);
       const wasActiveRun = state.activeChatRunId === evt.runId;
       chatLog.addSystem(`run error: ${evt.errorMessage ?? "unknown"}`);
       terminateRun({ runId: evt.runId, wasActiveRun, status: "error" });
@@ -335,5 +359,30 @@ export function createEventHandlers(context: EventHandlerContext) {
     }
   };
 
-  return { handleChatEvent, handleAgentEvent };
+  const handleBtwEvent = (payload: unknown) => {
+    if (!payload || typeof payload !== "object") {
+      return;
+    }
+    const evt = payload as BtwEvent;
+    syncSessionKey();
+    if (!isSameSessionKey(evt.sessionKey, state.currentSessionKey)) {
+      return;
+    }
+    if (evt.kind !== "btw") {
+      return;
+    }
+    const question = evt.question.trim();
+    const text = evt.text.trim();
+    if (!question || !text) {
+      return;
+    }
+    btw.showResult({
+      question,
+      text,
+      isError: evt.isError,
+    });
+    tui.requestRender();
+  };
+
+  return { handleChatEvent, handleAgentEvent, handleBtwEvent };
 }
diff --git a/src/tui/tui-session-actions.test.ts b/src/tui/tui-session-actions.test.ts
index 5e4a427c4a9..67f5e4d8798 100644
--- a/src/tui/tui-session-actions.test.ts
+++ b/src/tui/tui-session-actions.test.ts
@@ -4,6 +4,11 @@ import { createSessionActions } from "./tui-session-actions.js";
 import type { TuiStateAccess } from "./tui-types.js";
 
 describe("tui session actions", () => {
+  const createBtwPresenter = () => ({
+    clear: vi.fn(),
+    showResult: vi.fn(),
+  });
+
   it("queues session refreshes and applies the latest result", async () => {
     let resolveFirst: ((value: unknown) => void) | undefined;
     let resolveSecond: ((value: unknown) => void) | undefined;
@@ -52,6 +57,7 @@ describe("tui session actions", () => {
     const { refreshSessionInfo } = createSessionActions({
       client: { listSessions } as unknown as GatewayChatClient,
       chatLog: { addSystem: vi.fn() } as unknown as import("./components/chat-log.js").ChatLog,
+      btw: createBtwPresenter(),
       tui: { requestRender } as unknown as import("@mariozechner/pi-tui").TUI,
       opts: {},
       state,
@@ -157,6 +163,7 @@ describe("tui session actions", () => {
     const { applySessionInfoFromPatch, refreshSessionInfo } = createSessionActions({
       client: { listSessions } as unknown as GatewayChatClient,
       chatLog: { addSystem: vi.fn() } as unknown as import("./components/chat-log.js").ChatLog,
+      btw: createBtwPresenter(),
       tui: { requestRender: vi.fn() } as unknown as import("@mariozechner/pi-tui").TUI,
       opts: {},
       state,
@@ -211,6 +218,7 @@ describe("tui session actions", () => {
       sessionId: "session-2",
       messages: [],
     });
+    const btw = createBtwPresenter();
 
     const state: TuiStateAccess = {
       agentDefaultId: "main",
@@ -247,6 +255,7 @@ describe("tui session actions", () => {
         addSystem: vi.fn(),
         clearAll: vi.fn(),
       } as unknown as import("./components/chat-log.js").ChatLog,
+      btw,
       tui: { requestRender: vi.fn() } as unknown as import("@mariozechner/pi-tui").TUI,
       opts: {},
       state,
@@ -270,5 +279,6 @@ describe("tui session actions", () => {
     expect(state.sessionInfo.model).toBe("session-model");
     expect(state.sessionInfo.modelProvider).toBe("openai");
     expect(state.sessionInfo.updatedAt).toBe(50);
+    expect(btw.clear).toHaveBeenCalled();
   });
 });
diff --git a/src/tui/tui-session-actions.ts b/src/tui/tui-session-actions.ts
index 406b584599f..99f2b8ab2ee 100644
--- a/src/tui/tui-session-actions.ts
+++ b/src/tui/tui-session-actions.ts
@@ -10,9 +10,14 @@ import type { GatewayAgentsList, GatewayChatClient } from "./gateway-chat.js";
 import { asString, extractTextFromMessage, isCommandMessage } from "./tui-formatters.js";
 import type { SessionInfo, TuiOptions, TuiStateAccess } from "./tui-types.js";
 
+type SessionActionBtwPresenter = {
+  clear: () => void;
+};
+
 type SessionActionContext = {
   client: GatewayChatClient;
   chatLog: ChatLog;
+  btw: SessionActionBtwPresenter;
   tui: TUI;
   opts: TuiOptions;
   state: TuiStateAccess;
@@ -42,6 +47,7 @@ export function createSessionActions(context: SessionActionContext) {
   const {
     client,
     chatLog,
+    btw,
     tui,
     opts,
     state,
@@ -298,6 +304,7 @@ export function createSessionActions(context: SessionActionContext) {
       state.sessionInfo.verboseLevel = record.verboseLevel ?? state.sessionInfo.verboseLevel;
       const showTools = (state.sessionInfo.verboseLevel ?? "off") !== "off";
       chatLog.clearAll();
+      btw.clear();
       chatLog.addSystem(`session ${state.currentSessionKey}`);
       for (const entry of record.messages ?? []) {
         if (!entry || typeof entry !== "object") {
@@ -367,6 +374,7 @@ export function createSessionActions(context: SessionActionContext) {
     state.sessionInfo.updatedAt = null;
     state.historyLoaded = false;
     clearLocalRunIds?.();
+    btw.clear();
     updateHeader();
     updateFooter();
     await loadHistory();
diff --git a/src/tui/tui-types.ts b/src/tui/tui-types.ts
index 0f780b0a6bb..eeda9693ebf 100644
--- a/src/tui/tui-types.ts
+++ b/src/tui/tui-types.ts
@@ -18,6 +18,17 @@ export type ChatEvent = {
   errorMessage?: string;
 };
 
+export type BtwEvent = {
+  kind: "btw";
+  runId?: string;
+  sessionKey?: string;
+  question: string;
+  text: string;
+  isError?: boolean;
+  seq?: number;
+  ts?: number;
+};
+
 export type AgentEvent = {
   runId: string;
   stream: string;
diff --git a/src/tui/tui.ts b/src/tui/tui.ts
index e1eae539f50..b9c67e76a29 100644
--- a/src/tui/tui.ts
+++ b/src/tui/tui.ts
@@ -344,6 +344,7 @@ export async function runTui(opts: TuiOptions) {
   let showThinking = false;
   let pairingHintShown = false;
   const localRunIds = new Set<string>();
+  const localBtwRunIds = new Set<string>();
 
   const deliverDefault = opts.deliver ?? false;
   const autoMessage = opts.message?.trim();
@@ -498,6 +499,29 @@ export async function runTui(opts: TuiOptions) {
     localRunIds.clear();
   };
 
+  const noteLocalBtwRunId = (runId: string) => {
+    if (!runId) {
+      return;
+    }
+    localBtwRunIds.add(runId);
+    if (localBtwRunIds.size > 200) {
+      const [first] = localBtwRunIds;
+      if (first) {
+        localBtwRunIds.delete(first);
+      }
+    }
+  };
+
+  const forgetLocalBtwRunId = (runId: string) => {
+    localBtwRunIds.delete(runId);
+  };
+
+  const isLocalBtwRunId = (runId: string) => localBtwRunIds.has(runId);
+
+  const clearLocalBtwRunIds = () => {
+    localBtwRunIds.clear();
+  };
+
   const client = await GatewayChatClient.connect({
     url: opts.url,
     token: opts.token,
@@ -771,6 +795,14 @@ export async function runTui(opts: TuiOptions) {
   };
 
   const { openOverlay, closeOverlay } = createOverlayHandlers(tui, editor);
+  const btw = {
+    showResult: (params: { question: string; text: string; isError?: boolean }) => {
+      chatLog.showBtw(params);
+    },
+    clear: () => {
+      chatLog.dismissBtw();
+    },
+  };
 
   const initialSessionAgentId = (() => {
     if (!initialSessionInput) {
@@ -783,6 +815,7 @@ export async function runTui(opts: TuiOptions) {
   const sessionActions = createSessionActions({
     client,
     chatLog,
+    btw,
     tui,
     opts,
     state,
@@ -805,8 +838,9 @@ export async function runTui(opts: TuiOptions) {
     abortActive,
   } = sessionActions;
 
-  const { handleChatEvent, handleAgentEvent } = createEventHandlers({
+  const { handleChatEvent, handleAgentEvent, handleBtwEvent } = createEventHandlers({
     chatLog,
+    btw,
     tui,
     state,
     setActivityStatus,
@@ -815,6 +849,9 @@ export async function runTui(opts: TuiOptions) {
     isLocalRunId,
     forgetLocalRunId,
     clearLocalRunIds,
+    isLocalBtwRunId,
+    forgetLocalBtwRunId,
+    clearLocalBtwRunIds,
   });
 
   const requestExit = () => {
@@ -846,7 +883,9 @@ export async function runTui(opts: TuiOptions) {
       setActivityStatus,
       formatSessionKey,
       noteLocalRunId,
+      noteLocalBtwRunId,
       forgetLocalRunId,
+      forgetLocalBtwRunId,
       requestExit,
     });
 
@@ -869,6 +908,11 @@ export async function runTui(opts: TuiOptions) {
   });
 
   editor.onEscape = () => {
+    if (chatLog.hasVisibleBtw()) {
+      chatLog.dismissBtw();
+      tui.requestRender();
+      return;
+    }
     void abortActive();
   };
   const handleCtrlC = () => {
@@ -918,10 +962,28 @@ export async function runTui(opts: TuiOptions) {
     void loadHistory();
   };
 
+  tui.addInputListener((data) => {
+    if (!chatLog.hasVisibleBtw()) {
+      return undefined;
+    }
+    if (editor.getText().length > 0) {
+      return undefined;
+    }
+    if (matchesKey(data, "enter")) {
+      chatLog.dismissBtw();
+      tui.requestRender();
+      return { consume: true };
+    }
+    return undefined;
+  });
+
   client.onEvent = (evt) => {
     if (evt.event === "chat") {
       handleChatEvent(evt.payload);
     }
+    if (evt.event === "chat.side_result") {
+      handleBtwEvent(evt.payload);
+    }
     if (evt.event === "agent") {
       handleAgentEvent(evt.payload);
     }
diff --git a/src/utils.test.ts b/src/utils.test.ts
index d958e0a26ec..8880f41f6b1 100644
--- a/src/utils.test.ts
+++ b/src/utils.test.ts
@@ -206,11 +206,13 @@ describe("resolveJidToE164", () => {
 
 describe("resolveUserPath", () => {
   it("expands ~ to home dir", () => {
-    expect(resolveUserPath("~")).toBe(path.resolve(os.homedir()));
+    expect(resolveUserPath("~", {}, () => "/Users/thoffman")).toBe(path.resolve("/Users/thoffman"));
   });
 
   it("expands ~/ to home dir", () => {
-    expect(resolveUserPath("~/openclaw")).toBe(path.resolve(os.homedir(), "openclaw"));
+    expect(resolveUserPath("~/openclaw", {}, () => "/Users/thoffman")).toBe(
+      path.resolve("/Users/thoffman", "openclaw"),
+    );
   });
 
   it("resolves relative paths", () => {
diff --git a/test/openclaw-npm-release-check.test.ts b/test/openclaw-npm-release-check.test.ts
index 66cf7d9b5cf..6ce0d35cfdb 100644
--- a/test/openclaw-npm-release-check.test.ts
+++ b/test/openclaw-npm-release-check.test.ts
@@ -2,6 +2,7 @@ import { describe, expect, it } from "vitest";
 import {
   collectReleasePackageMetadataErrors,
   collectReleaseTagErrors,
+  parseReleaseTagVersion,
   parseReleaseVersion,
   utcCalendarDayDistance,
 } from "../scripts/openclaw-npm-release-check.ts";
@@ -37,6 +38,22 @@ describe("parseReleaseVersion", () => {
   });
 });
 
+describe("parseReleaseTagVersion", () => {
+  it("accepts fallback correction tags for stable releases", () => {
+    expect(parseReleaseTagVersion("2026.3.10-2")).toMatchObject({
+      version: "2026.3.10-2",
+      packageVersion: "2026.3.10",
+      channel: "stable",
+      correctionNumber: 2,
+    });
+  });
+
+  it("rejects beta correction tags and malformed correction tags", () => {
+    expect(parseReleaseTagVersion("2026.3.10-beta.1-1")).toBeNull();
+    expect(parseReleaseTagVersion("2026.3.10-0")).toBeNull();
+  });
+});
+
 describe("utcCalendarDayDistance", () => {
   it("compares UTC calendar days rather than wall-clock hours", () => {
     const left = new Date("2026-03-09T23:59:59Z");
@@ -66,14 +83,24 @@ describe("collectReleaseTagErrors", () => {
     ).toContainEqual(expect.stringContaining("must be within 2 days"));
   });
 
-  it("rejects tags that do not match the current release format", () => {
+  it("accepts fallback correction tags for stable package versions", () => {
     expect(
       collectReleaseTagErrors({
         packageVersion: "2026.3.10",
         releaseTag: "v2026.3.10-1",
         now: new Date("2026-03-10T00:00:00Z"),
       }),
-    ).toContainEqual(expect.stringContaining("must match vYYYY.M.D or vYYYY.M.D-beta.N"));
+    ).toEqual([]);
+  });
+
+  it("rejects beta package versions paired with fallback correction tags", () => {
+    expect(
+      collectReleaseTagErrors({
+        packageVersion: "2026.3.10-beta.1",
+        releaseTag: "v2026.3.10-1",
+        now: new Date("2026-03-10T00:00:00Z"),
+      }),
+    ).toContainEqual(expect.stringContaining("does not match package.json version"));
   });
 });
 
diff --git a/test/setup.ts b/test/setup.ts
index 659956cc2c8..f0e1bdc4549 100644
--- a/test/setup.ts
+++ b/test/setup.ts
@@ -48,22 +48,7 @@ const [
 installProcessWarningFilter();
 
 const pickSendFn = (id: ChannelId, deps?: OutboundSendDeps) => {
-  switch (id) {
-    case "discord":
-      return deps?.sendDiscord;
-    case "slack":
-      return deps?.sendSlack;
-    case "telegram":
-      return deps?.sendTelegram;
-    case "whatsapp":
-      return deps?.sendWhatsApp;
-    case "signal":
-      return deps?.sendSignal;
-    case "imessage":
-      return deps?.sendIMessage;
-    default:
-      return undefined;
-  }
+  return deps?.[id] as ((...args: unknown[]) => Promise<unknown>) | undefined;
 };
 
 const createStubOutbound = (
@@ -75,7 +60,9 @@ const createStubOutbound = (
     const send = pickSendFn(id, deps);
     if (send) {
       // oxlint-disable-next-line typescript/no-explicit-any
-      const result = await send(to, text, { verbose: false } as any);
+      const result = (await send(to, text, { verbose: false } as any)) as {
+        messageId: string;
+      };
       return { channel: id, ...result };
     }
     return { channel: id, messageId: "test" };
@@ -84,7 +71,9 @@ const createStubOutbound = (
     const send = pickSendFn(id, deps);
     if (send) {
       // oxlint-disable-next-line typescript/no-explicit-any
-      const result = await send(to, text, { verbose: false, mediaUrl } as any);
+      const result = (await send(to, text, { verbose: false, mediaUrl } as any)) as {
+        messageId: string;
+      };
       return { channel: id, ...result };
     }
     return { channel: id, messageId: "test" };
diff --git a/tsconfig.plugin-sdk.dts.json b/tsconfig.plugin-sdk.dts.json
index 7e2b76d745e..f938dcc8262 100644
--- a/tsconfig.plugin-sdk.dts.json
+++ b/tsconfig.plugin-sdk.dts.json
@@ -5,9 +5,9 @@
     "declarationMap": false,
     "emitDeclarationOnly": true,
     "noEmit": false,
-    "noEmitOnError": true,
+    "noEmitOnError": false,
     "outDir": "dist/plugin-sdk",
-    "rootDir": "src",
+    "rootDir": ".",
     "tsBuildInfoFile": "dist/plugin-sdk/.tsbuildinfo"
   },
   "include": [
diff --git a/tsdown.config.ts b/tsdown.config.ts
index 38cd0b7e0c8..6a2caa0cbda 100644
--- a/tsdown.config.ts
+++ b/tsdown.config.ts
@@ -111,8 +111,8 @@ export default defineConfig([
       "channels/plugins/actions/discord": "src/channels/plugins/actions/discord.ts",
       "channels/plugins/actions/signal": "src/channels/plugins/actions/signal.ts",
       "channels/plugins/actions/telegram": "src/channels/plugins/actions/telegram.ts",
-      "telegram/audit": "src/telegram/audit.ts",
-      "telegram/token": "src/telegram/token.ts",
+      "telegram/audit": "extensions/telegram/src/audit.ts",
+      "telegram/token": "extensions/telegram/src/token.ts",
       "line/accounts": "src/line/accounts.ts",
       "line/send": "src/line/send.ts",
       "line/template-messages": "src/line/template-messages.ts",
diff --git a/ui/src/styles/chat/layout.css b/ui/src/styles/chat/layout.css
index f0e0154329d..8b92c051fc1 100644
--- a/ui/src/styles/chat/layout.css
+++ b/ui/src/styles/chat/layout.css
@@ -146,6 +146,37 @@
   flex-shrink: 0;
 }
 
+/* Context usage warning pill */
+.context-notice {
+  align-self: center;
+  display: inline-flex;
+  align-items: center;
+  gap: 8px;
+  padding: 7px 14px;
+  margin: 0 auto 8px;
+  border-radius: 999px;
+  border: 1px solid color-mix(in srgb, var(--ctx-color, #d97706) 35%, transparent);
+  background: var(--ctx-bg, rgba(217, 119, 6, 0.12));
+  color: var(--ctx-color, #d97706);
+  font-size: 13px;
+  line-height: 1.2;
+  white-space: nowrap;
+  user-select: none;
+  animation: fade-in 0.2s var(--ease-out);
+}
+
+.context-notice__icon {
+  width: 16px;
+  height: 16px;
+  flex-shrink: 0;
+  stroke: currentColor;
+}
+
+.context-notice__detail {
+  color: color-mix(in srgb, currentColor 72%, var(--muted));
+  font-variant-numeric: tabular-nums;
+}
+
 /* Chat compose - sticky at bottom */
 .chat-compose {
   position: sticky;
diff --git a/ui/src/styles/components.css b/ui/src/styles/components.css
index b2806f3208f..e1373744be3 100644
--- a/ui/src/styles/components.css
+++ b/ui/src/styles/components.css
@@ -1302,6 +1302,14 @@
   background: var(--bg);
 }
 
+.markdown-plain-text-fallback {
+  display: block;
+  white-space: pre-wrap;
+  overflow-wrap: anywhere;
+  word-break: break-word;
+  font: inherit;
+}
+
 /* ===========================================
    Lists
    =========================================== */
diff --git a/ui/src/ui/app-gateway.node.test.ts b/ui/src/ui/app-gateway.node.test.ts
index c8ea860b72e..471a719c603 100644
--- a/ui/src/ui/app-gateway.node.test.ts
+++ b/ui/src/ui/app-gateway.node.test.ts
@@ -3,6 +3,8 @@ import { GATEWAY_EVENT_UPDATE_AVAILABLE } from "../../../src/gateway/events.js";
 import { ConnectErrorDetailCodes } from "../../../src/gateway/protocol/connect-error-details.js";
 import { connectGateway, resolveControlUiClientVersion } from "./app-gateway.ts";
 
+const loadChatHistoryMock = vi.hoisted(() => vi.fn(async () => undefined));
+
 type GatewayClientMock = {
   start: ReturnType<typeof vi.fn>;
   stop: ReturnType<typeof vi.fn>;
@@ -70,6 +72,14 @@ vi.mock("./gateway.ts", () => {
   return { GatewayBrowserClient, resolveGatewayErrorDetailCode };
 });
 
+vi.mock("./controllers/chat.ts", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("./controllers/chat.ts")>();
+  return {
+    ...actual,
+    loadChatHistory: loadChatHistoryMock,
+  };
+});
+
 function createHost() {
   return {
     settings: {
@@ -106,7 +116,15 @@ function createHost() {
     assistantAgentId: null,
     serverVersion: null,
     sessionKey: "main",
+    chatMessages: [],
+    chatToolMessages: [],
+    chatStreamSegments: [],
+    chatStream: null,
+    chatStreamStartedAt: null,
     chatRunId: null,
+    toolStreamById: new Map(),
+    toolStreamOrder: [],
+    toolStreamSyncTimer: null,
     refreshSessionsAfterChat: new Set<string>(),
     execApprovalQueue: [],
     execApprovalError: null,
@@ -117,6 +135,7 @@ function createHost() {
 describe("connectGateway", () => {
   beforeEach(() => {
     gatewayClientInstances.length = 0;
+    loadChatHistoryMock.mockClear();
   });
 
   it("ignores stale client onGap callbacks after reconnect", () => {
@@ -252,6 +271,48 @@ describe("connectGateway", () => {
     expect(host.lastError).toContain("too many failed authentication attempts");
   });
 
+  it("maps generic fetch failures to actionable device identity guidance", () => {
+    const host = createHost();
+
+    connectGateway(host);
+    const client = gatewayClientInstances[0];
+    expect(client).toBeDefined();
+
+    client.emitClose({
+      code: 4008,
+      reason: "connect failed",
+      error: {
+        code: "INVALID_REQUEST",
+        message: "Fetch failed",
+        details: { code: ConnectErrorDetailCodes.CONTROL_UI_DEVICE_IDENTITY_REQUIRED },
+      },
+    });
+
+    expect(host.lastErrorCode).toBe(ConnectErrorDetailCodes.CONTROL_UI_DEVICE_IDENTITY_REQUIRED);
+    expect(host.lastError).toContain("device identity required");
+  });
+
+  it("maps generic fetch failures to actionable origin guidance", () => {
+    const host = createHost();
+
+    connectGateway(host);
+    const client = gatewayClientInstances[0];
+    expect(client).toBeDefined();
+
+    client.emitClose({
+      code: 4008,
+      reason: "connect failed",
+      error: {
+        code: "INVALID_REQUEST",
+        message: "Fetch failed",
+        details: { code: ConnectErrorDetailCodes.CONTROL_UI_ORIGIN_NOT_ALLOWED },
+      },
+    });
+
+    expect(host.lastErrorCode).toBe(ConnectErrorDetailCodes.CONTROL_UI_ORIGIN_NOT_ALLOWED);
+    expect(host.lastError).toContain("origin not allowed");
+  });
+
   it("preserves specific close errors even when auth detail codes are present", () => {
     const host = createHost();
 
@@ -294,6 +355,73 @@ describe("connectGateway", () => {
     expect(host.lastError).toContain("gateway token mismatch");
     expect(host.lastErrorCode).toBe("AUTH_TOKEN_MISMATCH");
   });
+
+  it("does not reload chat history for each live tool result event", () => {
+    const host = createHost();
+
+    connectGateway(host);
+    const client = gatewayClientInstances[0];
+    expect(client).toBeDefined();
+
+    client.emitEvent({
+      event: "agent",
+      payload: {
+        runId: "engine-run-1",
+        seq: 1,
+        stream: "tool",
+        ts: 1,
+        sessionKey: "main",
+        data: {
+          toolCallId: "tool-1",
+          name: "fetch",
+          phase: "result",
+          result: { text: "ok" },
+        },
+      },
+    });
+
+    expect(loadChatHistoryMock).not.toHaveBeenCalled();
+  });
+
+  it("reloads chat history once after the final chat event when tool output was used", () => {
+    const host = createHost();
+
+    connectGateway(host);
+    const client = gatewayClientInstances[0];
+    expect(client).toBeDefined();
+
+    client.emitEvent({
+      event: "agent",
+      payload: {
+        runId: "engine-run-1",
+        seq: 1,
+        stream: "tool",
+        ts: 1,
+        sessionKey: "main",
+        data: {
+          toolCallId: "tool-1",
+          name: "fetch",
+          phase: "result",
+          result: { text: "ok" },
+        },
+      },
+    });
+
+    client.emitEvent({
+      event: "chat",
+      payload: {
+        runId: "engine-run-1",
+        sessionKey: "main",
+        state: "final",
+        message: {
+          role: "assistant",
+          content: [{ type: "text", text: "Done" }],
+        },
+      },
+    });
+
+    expect(loadChatHistoryMock).toHaveBeenCalledTimes(1);
+  });
 });
 
 describe("resolveControlUiClientVersion", () => {
diff --git a/ui/src/ui/app-gateway.ts b/ui/src/ui/app-gateway.ts
index ee761fe85e0..bcd8a866e4e 100644
--- a/ui/src/ui/app-gateway.ts
+++ b/ui/src/ui/app-gateway.ts
@@ -2,7 +2,6 @@ import {
   GATEWAY_EVENT_UPDATE_AVAILABLE,
   type GatewayUpdateAvailableEventPayload,
 } from "../../../src/gateway/events.js";
-import { ConnectErrorDetailCodes } from "../../../src/gateway/protocol/connect-error-details.js";
 import { CHAT_SESSIONS_ACTIVE_MINUTES, flushChatQueueForEvent } from "./app-chat.ts";
 import type { EventLogEntry } from "./app-events.ts";
 import {
@@ -14,6 +13,7 @@ import {
 import { handleAgentEvent, resetToolStream, type AgentEventPayload } from "./app-tool-stream.ts";
 import type { OpenClawApp } from "./app.ts";
 import { shouldReloadHistoryForFinalEvent } from "./chat-event-reload.ts";
+import { formatConnectError } from "./connect-error.ts";
 import { loadAgents } from "./controllers/agents.ts";
 import { loadAssistantIdentity } from "./controllers/assistant-identity.ts";
 import { loadChatHistory } from "./controllers/chat.ts";
@@ -49,20 +49,6 @@ function isGenericBrowserFetchFailure(message: string): boolean {
   return /^(?:typeerror:\s*)?(?:fetch failed|failed to fetch)$/i.test(message.trim());
 }
 
-function formatAuthCloseErrorMessage(code: string | null, fallback: string): string {
-  const resolvedCode = code ?? "";
-  if (resolvedCode === ConnectErrorDetailCodes.AUTH_TOKEN_MISMATCH) {
-    return "unauthorized: gateway token mismatch (open dashboard URL with current token)";
-  }
-  if (resolvedCode === ConnectErrorDetailCodes.AUTH_RATE_LIMITED) {
-    return "unauthorized: too many failed authentication attempts (retry later)";
-  }
-  if (resolvedCode === ConnectErrorDetailCodes.AUTH_UNAUTHORIZED) {
-    return "unauthorized: authentication failed";
-  }
-  return fallback;
-}
-
 type GatewayHost = {
   settings: UiSettings;
   password: string;
@@ -240,7 +226,11 @@ export function connectGateway(host: GatewayHost) {
         if (error?.message) {
           host.lastError =
             host.lastErrorCode && isGenericBrowserFetchFailure(error.message)
-              ? formatAuthCloseErrorMessage(host.lastErrorCode, error.message)
+              ? formatConnectError({
+                  message: error.message,
+                  details: error.details,
+                  code: error.code,
+                } as Parameters<typeof formatConnectError>[0])
               : error.message;
           return;
         }
@@ -339,17 +329,6 @@ function handleGatewayEventUnsafe(host: GatewayHost, evt: GatewayEventFrame) {
       host as unknown as Parameters<typeof handleAgentEvent>[0],
       evt.payload as AgentEventPayload | undefined,
     );
-    // Reload history after each tool result so the persisted text + tool
-    // output replaces any truncated streaming fragments.
-    const agentPayload = evt.payload as AgentEventPayload | undefined;
-    const toolData = agentPayload?.data;
-    if (
-      agentPayload?.stream === "tool" &&
-      typeof toolData?.phase === "string" &&
-      toolData.phase === "result"
-    ) {
-      void loadChatHistory(host as unknown as OpenClawApp);
-    }
     return;
   }
 
diff --git a/ui/src/ui/app-render.helpers.ts b/ui/src/ui/app-render.helpers.ts
index eaf94616032..a7ecb15c370 100644
--- a/ui/src/ui/app-render.helpers.ts
+++ b/ui/src/ui/app-render.helpers.ts
@@ -575,6 +575,7 @@ export function isCronSessionKey(key: string): boolean {
 type SessionOptionEntry = {
   key: string;
   label: string;
+  scopeLabel: string;
   title: string;
 };
 
@@ -625,10 +626,12 @@ export function resolveSessionOptionGroups(
           resolveAgentGroupLabel(state, parsed.agentId),
         )
       : ensureGroup("other", "Other Sessions");
+    const scopeLabel = parsed?.rest?.trim() || key;
     const label = resolveSessionScopedOptionLabel(key, row, parsed?.rest);
     group.options.push({
       key,
       label,
+      scopeLabel,
       title: key,
     });
   };
@@ -643,6 +646,19 @@ export function resolveSessionOptionGroups(
     addOption(row.key);
   }
   addOption(sessionKey);
+
+  for (const group of groups.values()) {
+    const counts = new Map<string, number>();
+    for (const option of group.options) {
+      counts.set(option.label, (counts.get(option.label) ?? 0) + 1);
+    }
+    for (const option of group.options) {
+      if ((counts.get(option.label) ?? 0) > 1 && option.scopeLabel !== option.label) {
+        option.label = `${option.label} · ${option.scopeLabel}`;
+      }
+    }
+  }
+
   return Array.from(groups.values());
 }
 
@@ -673,18 +689,14 @@ function resolveSessionScopedOptionLabel(
   if (!row) {
     return base;
   }
-  const displayName =
-    typeof row.displayName === "string" && row.displayName.trim().length > 0
-      ? row.displayName.trim()
-      : null;
-  const label = typeof row.label === "string" ? row.label.trim() : "";
-  const showDisplayName = Boolean(
-    displayName && displayName !== key && displayName !== label && displayName !== base,
-  );
-  if (!showDisplayName) {
-    return base;
+
+  const label = row.label?.trim() || "";
+  const displayName = row.displayName?.trim() || "";
+  if ((label && label !== key) || (displayName && displayName !== key)) {
+    return resolveSessionDisplayName(key, row);
   }
-  return `${base} · ${displayName}`;
+
+  return base;
 }
 
 type ThemeOption = { id: ThemeName; label: string; icon: string };
diff --git a/ui/src/ui/connect-error.ts b/ui/src/ui/connect-error.ts
new file mode 100644
index 00000000000..0dffd77cf91
--- /dev/null
+++ b/ui/src/ui/connect-error.ts
@@ -0,0 +1,58 @@
+import { ConnectErrorDetailCodes } from "../../../src/gateway/protocol/connect-error-details.js";
+import { resolveGatewayErrorDetailCode } from "./gateway.ts";
+
+type ErrorWithMessageAndDetails = {
+  message?: unknown;
+  details?: unknown;
+};
+
+function normalizeErrorMessage(message: unknown): string {
+  if (typeof message === "string") {
+    return message;
+  }
+  if (message instanceof Error && typeof message.message === "string") {
+    return message.message;
+  }
+  return "unknown error";
+}
+
+function formatErrorFromMessageAndDetails(error: ErrorWithMessageAndDetails): string {
+  const message = normalizeErrorMessage(error.message);
+  const detailCode = resolveGatewayErrorDetailCode(error);
+
+  switch (detailCode) {
+    case ConnectErrorDetailCodes.AUTH_TOKEN_MISMATCH:
+      return "gateway token mismatch";
+    case ConnectErrorDetailCodes.AUTH_UNAUTHORIZED:
+      return "gateway auth failed";
+    case ConnectErrorDetailCodes.AUTH_RATE_LIMITED:
+      return "too many failed authentication attempts";
+    case ConnectErrorDetailCodes.PAIRING_REQUIRED:
+      return "gateway pairing required";
+    case ConnectErrorDetailCodes.CONTROL_UI_DEVICE_IDENTITY_REQUIRED:
+      return "device identity required (use HTTPS/localhost or allow insecure auth explicitly)";
+    case ConnectErrorDetailCodes.CONTROL_UI_ORIGIN_NOT_ALLOWED:
+      return "origin not allowed (open the Control UI from the gateway host or allow it in gateway.controlUi.allowedOrigins)";
+    case ConnectErrorDetailCodes.AUTH_TOKEN_MISSING:
+      return "gateway token missing";
+    default:
+      break;
+  }
+
+  const normalized = message.trim().toLowerCase();
+  if (
+    normalized === "fetch failed" ||
+    normalized === "failed to fetch" ||
+    normalized === "connect failed"
+  ) {
+    return "gateway connect failed";
+  }
+  return message;
+}
+
+export function formatConnectError(error: unknown): string {
+  if (error && typeof error === "object") {
+    return formatErrorFromMessageAndDetails(error as ErrorWithMessageAndDetails);
+  }
+  return normalizeErrorMessage(error);
+}
diff --git a/ui/src/ui/controllers/chat.test.ts b/ui/src/ui/controllers/chat.test.ts
index 65b998dc8c4..ba102fe0919 100644
--- a/ui/src/ui/controllers/chat.test.ts
+++ b/ui/src/ui/controllers/chat.test.ts
@@ -1,5 +1,13 @@
 import { describe, expect, it, vi } from "vitest";
-import { handleChatEvent, loadChatHistory, type ChatEventPayload, type ChatState } from "./chat.ts";
+import { GatewayRequestError } from "../gateway.ts";
+import {
+  abortChatRun,
+  handleChatEvent,
+  loadChatHistory,
+  sendChatMessage,
+  type ChatEventPayload,
+  type ChatState,
+} from "./chat.ts";
 
 function createState(overrides: Partial<ChatState> = {}): ChatState {
   return {
@@ -536,6 +544,63 @@ describe("loadChatHistory", () => {
   });
 });
 
+describe("sendChatMessage", () => {
+  it("formats structured non-auth connect failures for chat send", async () => {
+    const request = vi.fn().mockRejectedValue(
+      new GatewayRequestError({
+        code: "INVALID_REQUEST",
+        message: "Fetch failed",
+        details: { code: "CONTROL_UI_ORIGIN_NOT_ALLOWED" },
+      }),
+    );
+    const state = createState({
+      connected: true,
+      client: { request } as unknown as ChatState["client"],
+    });
+
+    const result = await sendChatMessage(state, "hello");
+
+    expect(result).toBeNull();
+    expect(state.lastError).toContain("origin not allowed");
+    expect(state.chatMessages.at(-1)).toMatchObject({
+      role: "assistant",
+      content: [
+        {
+          type: "text",
+          text: expect.stringContaining("origin not allowed"),
+        },
+      ],
+    });
+  });
+});
+
+describe("abortChatRun", () => {
+  it("formats structured non-auth connect failures for chat abort", async () => {
+    // Abort now shares the same structured connect-error formatter as send.
+    const request = vi.fn().mockRejectedValue(
+      new GatewayRequestError({
+        code: "INVALID_REQUEST",
+        message: "Fetch failed",
+        details: { code: "CONTROL_UI_DEVICE_IDENTITY_REQUIRED" },
+      }),
+    );
+    const state = createState({
+      connected: true,
+      chatRunId: "run-1",
+      client: { request } as unknown as ChatState["client"],
+    });
+
+    const result = await abortChatRun(state);
+
+    expect(result).toBe(false);
+    expect(request).toHaveBeenCalledWith("chat.abort", {
+      sessionKey: "main",
+      runId: "run-1",
+    });
+    expect(state.lastError).toContain("device identity required");
+  });
+});
+
 describe("loadChatHistory", () => {
   it("filters assistant NO_REPLY messages and keeps user NO_REPLY messages", async () => {
     const request = vi.fn().mockResolvedValue({
diff --git a/ui/src/ui/controllers/chat.ts b/ui/src/ui/controllers/chat.ts
index e7773a67f56..f2fccf57f92 100644
--- a/ui/src/ui/controllers/chat.ts
+++ b/ui/src/ui/controllers/chat.ts
@@ -1,5 +1,6 @@
 import { resetToolStream } from "../app-tool-stream.ts";
 import { extractText } from "../chat/message-extract.ts";
+import { formatConnectError } from "../connect-error.ts";
 import type { GatewayBrowserClient } from "../gateway.ts";
 import type { ChatAttachment } from "../ui-types.ts";
 import { generateUUID } from "../uuid.ts";
@@ -223,7 +224,7 @@ export async function sendChatMessage(
     });
     return runId;
   } catch (err) {
-    const error = String(err);
+    const error = formatConnectError(err);
     state.chatRunId = null;
     state.chatStream = null;
     state.chatStreamStartedAt = null;
@@ -254,7 +255,7 @@ export async function abortChatRun(state: ChatState): Promise<boolean> {
     );
     return true;
   } catch (err) {
-    state.lastError = String(err);
+    state.lastError = formatConnectError(err);
     return false;
   }
 }
diff --git a/ui/src/ui/controllers/cron.ts b/ui/src/ui/controllers/cron.ts
index c81d69c57ea..c6073a8e626 100644
--- a/ui/src/ui/controllers/cron.ts
+++ b/ui/src/ui/controllers/cron.ts
@@ -84,7 +84,7 @@ export type CronModelSuggestionsState = {
 export function supportsAnnounceDelivery(
   form: Pick<CronFormState, "sessionTarget" | "payloadKind">,
 ) {
-  return form.sessionTarget === "isolated" && form.payloadKind === "agentTurn";
+  return form.sessionTarget !== "main" && form.payloadKind === "agentTurn";
 }
 
 export function normalizeCronFormState(form: CronFormState): CronFormState {
diff --git a/ui/src/ui/markdown.test.ts b/ui/src/ui/markdown.test.ts
index 90bce3b65f5..8c2f37cbea4 100644
--- a/ui/src/ui/markdown.test.ts
+++ b/ui/src/ui/markdown.test.ts
@@ -105,6 +105,47 @@ describe("toSanitizedMarkdownHtml", () => {
     expect(html).toContain("link");
   });
 
+  it("keeps oversized plain-text replies readable instead of forcing code-block chrome", () => {
+    const input =
+      Array.from(
+        { length: 320 },
+        (_, i) => `Paragraph ${i + 1}: ${"Long plain-text reply. ".repeat(8)}`,
+      ).join("\n\n") + "\n";
+
+    const html = toSanitizedMarkdownHtml(input);
+
+    expect(html).not.toContain('<pre class="code-block">');
+    expect(html).toContain('class="markdown-plain-text-fallback"');
+    expect(html).toContain("Paragraph 1:");
+    expect(html).toContain("Paragraph 320:");
+  });
+
+  it("preserves indentation in oversized plain-text replies", () => {
+    const input = `${"Header line\n".repeat(5000)}\n    indented log line\n        deeper indent`;
+    const html = toSanitizedMarkdownHtml(input);
+
+    expect(html).toContain('class="markdown-plain-text-fallback"');
+    expect(html).toContain("    indented log line");
+    expect(html).toContain("        deeper indent");
+  });
+
+  it("exercises the cached oversized fallback branch", () => {
+    const input =
+      Array.from(
+        { length: 240 },
+        (_, i) => `Paragraph ${i + 1}: ${"Cacheable long reply. ".repeat(8)}`,
+      ).join("\n\n") + "\n";
+
+    expect(input.length).toBeGreaterThan(40_000);
+    expect(input.length).toBeLessThan(50_000);
+
+    const first = toSanitizedMarkdownHtml(input);
+    const second = toSanitizedMarkdownHtml(input);
+
+    expect(first).toContain('class="markdown-plain-text-fallback"');
+    expect(second).toBe(first);
+  });
+
   it("falls back to escaped plain text if marked.parse throws (#36213)", () => {
     const parseSpy = vi.spyOn(marked, "parse").mockImplementation(() => {
       throw new Error("forced parse failure");
diff --git a/ui/src/ui/markdown.ts b/ui/src/ui/markdown.ts
index 3030376fcd5..2b324037713 100644
--- a/ui/src/ui/markdown.ts
+++ b/ui/src/ui/markdown.ts
@@ -124,8 +124,10 @@ export function toSanitizedMarkdownHtml(markdown: string): string {
     ? `\n\n… truncated (${truncated.total} chars, showing first ${truncated.text.length}).`
     : "";
   if (truncated.text.length > MARKDOWN_PARSE_LIMIT) {
-    const escaped = escapeHtml(`${truncated.text}${suffix}`);
-    const html = `<pre class="code-block">${escaped}</pre>`;
+    // Large plain-text replies should stay readable without inheriting the
+    // capped code-block chrome, while still preserving whitespace for logs
+    // and other structured text that commonly trips the parse guard.
+    const html = renderEscapedPlainTextHtml(`${truncated.text}${suffix}`);
     const sanitized = DOMPurify.sanitize(html, sanitizeOptions);
     if (input.length <= MARKDOWN_CACHE_MAX_CHARS) {
       setCachedMarkdown(input, sanitized);
@@ -218,3 +220,7 @@ function escapeHtml(value: string): string {
     .replace(/"/g, "&quot;")
     .replace(/'/g, "&#39;");
 }
+
+function renderEscapedPlainTextHtml(value: string): string {
+  return `<div class="markdown-plain-text-fallback">${escapeHtml(value.replace(/\r\n?/g, "\n"))}</div>`;
+}
diff --git a/ui/src/ui/types.ts b/ui/src/ui/types.ts
index 17ff4293afa..d9764a024e6 100644
--- a/ui/src/ui/types.ts
+++ b/ui/src/ui/types.ts
@@ -427,7 +427,7 @@ export type CronSchedule =
   | { kind: "every"; everyMs: number; anchorMs?: number }
   | { kind: "cron"; expr: string; tz?: string; staggerMs?: number };
 
-export type CronSessionTarget = "main" | "isolated";
+export type CronSessionTarget = "main" | "isolated" | "current" | `session:${string}`;
 export type CronWakeMode = "next-heartbeat" | "now";
 
 export type CronPayload =
diff --git a/ui/src/ui/ui-types.ts b/ui/src/ui/ui-types.ts
index c01e2cf0f7d..2cd1709d841 100644
--- a/ui/src/ui/ui-types.ts
+++ b/ui/src/ui/ui-types.ts
@@ -33,7 +33,7 @@ export type CronFormState = {
   scheduleExact: boolean;
   staggerAmount: string;
   staggerUnit: "seconds" | "minutes";
-  sessionTarget: "main" | "isolated";
+  sessionTarget: "main" | "isolated" | "current" | `session:${string}`;
   wakeMode: "next-heartbeat" | "now";
   payloadKind: "systemEvent" | "agentTurn";
   payloadText: string;
diff --git a/ui/src/ui/views/chat.browser.test.ts b/ui/src/ui/views/chat.browser.test.ts
new file mode 100644
index 00000000000..be2b5ab277e
--- /dev/null
+++ b/ui/src/ui/views/chat.browser.test.ts
@@ -0,0 +1,82 @@
+import { render } from "lit";
+import { afterEach, describe, expect, it } from "vitest";
+import "../../styles.css";
+import { renderChat, type ChatProps } from "./chat.ts";
+
+function createProps(overrides: Partial<ChatProps> = {}): ChatProps {
+  return {
+    sessionKey: "main",
+    onSessionKeyChange: () => undefined,
+    thinkingLevel: null,
+    showThinking: false,
+    loading: false,
+    sending: false,
+    canAbort: false,
+    compactionStatus: null,
+    fallbackStatus: null,
+    messages: [],
+    toolMessages: [],
+    streamSegments: [],
+    stream: null,
+    streamStartedAt: null,
+    assistantAvatarUrl: null,
+    draft: "",
+    queue: [],
+    connected: true,
+    canSend: true,
+    disabledReason: null,
+    error: null,
+    sessions: {
+      ts: 0,
+      path: "",
+      count: 1,
+      defaults: { model: "gpt-5", contextTokens: null },
+      sessions: [
+        {
+          key: "main",
+          kind: "direct",
+          updatedAt: null,
+          inputTokens: 3_800,
+          contextTokens: 4_000,
+        },
+      ],
+    },
+    focusMode: false,
+    assistantName: "OpenClaw",
+    assistantAvatar: null,
+    onRefresh: () => undefined,
+    onToggleFocusMode: () => undefined,
+    onDraftChange: () => undefined,
+    onSend: () => undefined,
+    onQueueRemove: () => undefined,
+    onNewSession: () => undefined,
+    agentsList: null,
+    currentAgentId: "",
+    onAgentChange: () => undefined,
+    ...overrides,
+  };
+}
+
+describe("chat context notice", () => {
+  afterEach(() => {
+    document.body.innerHTML = "";
+  });
+
+  it("keeps the warning icon badge-sized", async () => {
+    const container = document.createElement("div");
+    document.body.append(container);
+    render(renderChat(createProps()), container);
+    await new Promise<void>((resolve) => requestAnimationFrame(() => resolve()));
+
+    const icon = container.querySelector<SVGElement>(".context-notice__icon");
+    expect(icon).not.toBeNull();
+    if (!icon) {
+      return;
+    }
+
+    const iconStyle = getComputedStyle(icon);
+    expect(iconStyle.width).toBe("16px");
+    expect(iconStyle.height).toBe("16px");
+    expect(icon.getBoundingClientRect().width).toBeLessThan(24);
+  });
+});
diff --git a/ui/src/ui/views/chat.test.ts b/ui/src/ui/views/chat.test.ts
index b21936e0bb8..22c141c3919 100644
--- a/ui/src/ui/views/chat.test.ts
+++ b/ui/src/ui/views/chat.test.ts
@@ -647,4 +647,124 @@ describe("chat view", () => {
     expect(rerendered?.value).toBe("gpt-5-mini");
     vi.unstubAllGlobals();
   });
+
+  it("prefers the session label over displayName in the grouped chat session selector", () => {
+    const { state } = createChatHeaderState({ omitSessionFromList: true });
+    state.sessionKey = "agent:main:subagent:4f2146de-887b-4176-9abe-91140082959b";
+    state.settings.sessionKey = state.sessionKey;
+    state.sessionsResult = {
+      ts: 0,
+      path: "",
+      count: 1,
+      defaults: { model: "gpt-5", contextTokens: null },
+      sessions: [
+        {
+          key: state.sessionKey,
+          kind: "direct",
+          updatedAt: null,
+          label: "cron-config-check",
+          displayName: "webchat:g-agent-main-subagent-4f2146de-887b-4176-9abe-91140082959b",
+        },
+      ],
+    };
+    const container = document.createElement("div");
+    render(renderChatSessionSelect(state), container);
+
+    const [sessionSelect] = Array.from(container.querySelectorAll<HTMLSelectElement>("select"));
+    const labels = Array.from(sessionSelect?.querySelectorAll("option") ?? []).map((option) =>
+      option.textContent?.trim(),
+    );
+
+    expect(labels).toContain("Subagent: cron-config-check");
+    expect(labels).not.toContain(state.sessionKey);
+    expect(labels).not.toContain(
+      "subagent:4f2146de-887b-4176-9abe-91140082959b · webchat:g-agent-main-subagent-4f2146de-887b-4176-9abe-91140082959b",
+    );
+  });
+
+  it("keeps a unique scoped fallback when the current grouped session is missing from sessions.list", () => {
+    const { state } = createChatHeaderState({ omitSessionFromList: true });
+    state.sessionKey = "agent:main:subagent:4f2146de-887b-4176-9abe-91140082959b";
+    state.settings.sessionKey = state.sessionKey;
+    const container = document.createElement("div");
+    render(renderChatSessionSelect(state), container);
+
+    const [sessionSelect] = Array.from(container.querySelectorAll<HTMLSelectElement>("select"));
+    const labels = Array.from(sessionSelect?.querySelectorAll("option") ?? []).map((option) =>
+      option.textContent?.trim(),
+    );
+
+    expect(labels).toContain("subagent:4f2146de-887b-4176-9abe-91140082959b");
+    expect(labels).not.toContain("Subagent:");
+  });
+
+  it("keeps a unique scoped fallback when a grouped session row has no label or displayName", () => {
+    const { state } = createChatHeaderState({ omitSessionFromList: true });
+    state.sessionKey = "agent:main:subagent:4f2146de-887b-4176-9abe-91140082959b";
+    state.settings.sessionKey = state.sessionKey;
+    state.sessionsResult = {
+      ts: 0,
+      path: "",
+      count: 1,
+      defaults: { model: "gpt-5", contextTokens: null },
+      sessions: [
+        {
+          key: state.sessionKey,
+          kind: "direct",
+          updatedAt: null,
+        },
+      ],
+    };
+    const container = document.createElement("div");
+    render(renderChatSessionSelect(state), container);
+
+    const [sessionSelect] = Array.from(container.querySelectorAll<HTMLSelectElement>("select"));
+    const labels = Array.from(sessionSelect?.querySelectorAll("option") ?? []).map((option) =>
+      option.textContent?.trim(),
+    );
+
+    expect(labels).toContain("subagent:4f2146de-887b-4176-9abe-91140082959b");
+    expect(labels).not.toContain("Subagent:");
+  });
+
+  it("disambiguates duplicate grouped labels with the scoped key suffix", () => {
+    const { state } = createChatHeaderState({ omitSessionFromList: true });
+    state.sessionKey = "agent:main:subagent:4f2146de-887b-4176-9abe-91140082959b";
+    state.settings.sessionKey = state.sessionKey;
+    state.sessionsResult = {
+      ts: 0,
+      path: "",
+      count: 2,
+      defaults: { model: "gpt-5", contextTokens: null },
+      sessions: [
+        {
+          key: "agent:main:subagent:4f2146de-887b-4176-9abe-91140082959b",
+          kind: "direct",
+          updatedAt: null,
+          label: "cron-config-check",
+        },
+        {
+          key: "agent:main:subagent:6fb8b84b-c31f-410f-b7df-1553c82e43c9",
+          kind: "direct",
+          updatedAt: null,
+          label: "cron-config-check",
+        },
+      ],
+    };
+    const container = document.createElement("div");
+    render(renderChatSessionSelect(state), container);
+
+    const [sessionSelect] = Array.from(container.querySelectorAll<HTMLSelectElement>("select"));
+    const labels = Array.from(sessionSelect?.querySelectorAll("option") ?? []).map((option) =>
+      option.textContent?.trim(),
+    );
+
+    expect(labels).toContain(
+      "Subagent: cron-config-check · subagent:4f2146de-887b-4176-9abe-91140082959b",
+    );
+    expect(labels).toContain(
+      "Subagent: cron-config-check · subagent:6fb8b84b-c31f-410f-b7df-1553c82e43c9",
+    );
+    expect(labels).not.toContain("Subagent: cron-config-check");
+  });
 });
diff --git a/ui/src/ui/views/cron.ts b/ui/src/ui/views/cron.ts
index 836b72dbbcc..1509637b46f 100644
--- a/ui/src/ui/views/cron.ts
+++ b/ui/src/ui/views/cron.ts
@@ -374,7 +374,7 @@ export function renderCron(props: CronProps) {
   const statusSummary = summarizeSelection(selectedStatusLabels, t("cron.runs.allStatuses"));
   const deliverySummary = summarizeSelection(selectedDeliveryLabels, t("cron.runs.allDelivery"));
   const supportsAnnounce =
-    props.form.sessionTarget === "isolated" && props.form.payloadKind === "agentTurn";
+    props.form.sessionTarget !== "main" && props.form.payloadKind === "agentTurn";
   const selectedDeliveryMode =
     props.form.deliveryMode === "announce" && !supportsAnnounce ? "none" : props.form.deliveryMode;
   const blockingFields = collectBlockingFields(props.fieldErrors, props.form, selectedDeliveryMode);
diff --git a/ui/src/ui/views/overview-hints.ts b/ui/src/ui/views/overview-hints.ts
index fa661016464..d4599818c48 100644
--- a/ui/src/ui/views/overview-hints.ts
+++ b/ui/src/ui/views/overview-hints.ts
@@ -26,6 +26,8 @@ const INSECURE_CONTEXT_CODES = new Set<string>([
   ConnectErrorDetailCodes.DEVICE_IDENTITY_REQUIRED,
 ]);
 
+type AuthHintKind = "required" | "failed";
+
 /** Whether the overview should show device-pairing guidance for this error. */
 export function shouldShowPairingHint(
   connected: boolean,
@@ -41,30 +43,34 @@ export function shouldShowPairingHint(
   return lastError.toLowerCase().includes("pairing required");
 }
 
-export function shouldShowAuthHint(
-  connected: boolean,
-  lastError: string | null,
-  lastErrorCode?: string | null,
-): boolean {
-  if (connected || !lastError) {
-    return false;
+/**
+ * Return the overview auth hint to show, if any.
+ *
+ * Keep fallback string matching narrow so generic "connect failed" close reasons
+ * do not get misclassified as token/password problems.
+ */
+export function resolveAuthHintKind(params: {
+  connected: boolean;
+  lastError: string | null;
+  lastErrorCode?: string | null;
+  hasToken: boolean;
+  hasPassword: boolean;
+}): AuthHintKind | null {
+  if (params.connected || !params.lastError) {
+    return null;
   }
-  if (lastErrorCode) {
-    return AUTH_FAILURE_CODES.has(lastErrorCode);
+  if (params.lastErrorCode) {
+    if (!AUTH_FAILURE_CODES.has(params.lastErrorCode)) {
+      return null;
+    }
+    return AUTH_REQUIRED_CODES.has(params.lastErrorCode) ? "required" : "failed";
   }
-  const lower = lastError.toLowerCase();
-  return lower.includes("unauthorized") || lower.includes("connect failed");
-}
 
-export function shouldShowAuthRequiredHint(
-  hasToken: boolean,
-  hasPassword: boolean,
-  lastErrorCode?: string | null,
-): boolean {
-  if (lastErrorCode) {
-    return AUTH_REQUIRED_CODES.has(lastErrorCode);
+  const lower = params.lastError.toLowerCase();
+  if (!lower.includes("unauthorized")) {
+    return null;
   }
-  return !hasToken && !hasPassword;
+  return !params.hasToken && !params.hasPassword ? "required" : "failed";
 }
 
 export function shouldShowInsecureContextHint(
diff --git a/ui/src/ui/views/overview.node.test.ts b/ui/src/ui/views/overview.node.test.ts
index 3fa65b93391..313c2edf850 100644
--- a/ui/src/ui/views/overview.node.test.ts
+++ b/ui/src/ui/views/overview.node.test.ts
@@ -1,6 +1,6 @@
 import { describe, expect, it } from "vitest";
 import { ConnectErrorDetailCodes } from "../../../../src/gateway/protocol/connect-error-details.js";
-import { shouldShowPairingHint } from "./overview-hints.ts";
+import { resolveAuthHintKind, shouldShowPairingHint } from "./overview-hints.ts";
 
 describe("shouldShowPairingHint", () => {
   it("returns true for 'pairing required' close reason", () => {
@@ -37,3 +37,53 @@ describe("shouldShowPairingHint", () => {
     ).toBe(true);
   });
 });
+
+describe("resolveAuthHintKind", () => {
+  it("returns required for structured auth-required codes", () => {
+    expect(
+      resolveAuthHintKind({
+        connected: false,
+        lastError: "disconnected (4008): connect failed",
+        lastErrorCode: ConnectErrorDetailCodes.AUTH_TOKEN_MISSING,
+        hasToken: false,
+        hasPassword: false,
+      }),
+    ).toBe("required");
+  });
+
+  it("returns failed for structured auth mismatch codes", () => {
+    expect(
+      resolveAuthHintKind({
+        connected: false,
+        lastError: "disconnected (4008): connect failed",
+        lastErrorCode: ConnectErrorDetailCodes.AUTH_TOKEN_MISMATCH,
+        hasToken: true,
+        hasPassword: false,
+      }),
+    ).toBe("failed");
+  });
+
+  it("does not treat generic connect failures as auth failures", () => {
+    expect(
+      resolveAuthHintKind({
+        connected: false,
+        lastError: "disconnected (4008): connect failed",
+        lastErrorCode: ConnectErrorDetailCodes.CONTROL_UI_DEVICE_IDENTITY_REQUIRED,
+        hasToken: true,
+        hasPassword: false,
+      }),
+    ).toBeNull();
+  });
+
+  it("falls back to unauthorized string matching without structured codes", () => {
+    expect(
+      resolveAuthHintKind({
+        connected: false,
+        lastError: "disconnected (4008): unauthorized",
+        lastErrorCode: null,
+        hasToken: true,
+        hasPassword: false,
+      }),
+    ).toBe("failed");
+  });
+});
diff --git a/ui/src/ui/views/overview.ts b/ui/src/ui/views/overview.ts
index ed8ef6fb740..d24aa92ce9d 100644
--- a/ui/src/ui/views/overview.ts
+++ b/ui/src/ui/views/overview.ts
@@ -18,8 +18,7 @@ import { renderOverviewAttention } from "./overview-attention.ts";
 import { renderOverviewCards } from "./overview-cards.ts";
 import { renderOverviewEventLog } from "./overview-event-log.ts";
 import {
-  shouldShowAuthHint,
-  shouldShowAuthRequiredHint,
+  resolveAuthHintKind,
   shouldShowInsecureContextHint,
   shouldShowPairingHint,
 } from "./overview-hints.ts";
@@ -103,15 +102,17 @@ export function renderOverview(props: OverviewProps) {
   })();
 
   const authHint = (() => {
-    if (props.connected || !props.lastError) {
+    const authHintKind = resolveAuthHintKind({
+      connected: props.connected,
+      lastError: props.lastError,
+      lastErrorCode: props.lastErrorCode,
+      hasToken: Boolean(props.settings.token.trim()),
+      hasPassword: Boolean(props.password.trim()),
+    });
+    if (authHintKind == null) {
       return null;
     }
-    if (!shouldShowAuthHint(props.connected, props.lastError, props.lastErrorCode)) {
-      return null;
-    }
-    const hasToken = Boolean(props.settings.token.trim());
-    const hasPassword = Boolean(props.password.trim());
-    if (shouldShowAuthRequiredHint(hasToken, hasPassword, props.lastErrorCode)) {
+    if (authHintKind === "required") {
       return html`
         <div class="muted" style="margin-top: 8px">
           ${t("overview.auth.required")}
diff --git a/vitest.channel-paths.mjs b/vitest.channel-paths.mjs
new file mode 100644
index 00000000000..06b0e9ea733
--- /dev/null
+++ b/vitest.channel-paths.mjs
@@ -0,0 +1,14 @@
+export const channelTestRoots = [
+  "extensions/telegram",
+  "extensions/discord",
+  "extensions/whatsapp",
+  "extensions/slack",
+  "extensions/signal",
+  "extensions/imessage",
+  "src/browser",
+  "src/line",
+];
+
+export const channelTestPrefixes = channelTestRoots.map((root) => `${root}/`);
+export const channelTestInclude = channelTestRoots.map((root) => `${root}/**/*.test.ts`);
+export const channelTestExclude = channelTestRoots.map((root) => `${root}/**`);
diff --git a/vitest.channels.config.ts b/vitest.channels.config.ts
index 0b32080b1d5..7526c945d79 100644
--- a/vitest.channels.config.ts
+++ b/vitest.channels.config.ts
@@ -1,20 +1,6 @@
-import { defineConfig } from "vitest/config";
-import baseConfig from "./vitest.config.ts";
+import { channelTestInclude } from "./vitest.channel-paths.mjs";
+import { createScopedVitestConfig } from "./vitest.scoped-config.ts";
 
-const base = baseConfig as unknown as Record<string, unknown>;
-const baseTest = (baseConfig as { test?: { exclude?: string[] } }).test ?? {};
-
-export default defineConfig({
-  ...base,
-  test: {
-    ...baseTest,
-    include: [
-      "src/telegram/**/*.test.ts",
-      "src/discord/**/*.test.ts",
-      "src/web/**/*.test.ts",
-      "src/browser/**/*.test.ts",
-      "src/line/**/*.test.ts",
-    ],
-    exclude: [...(baseTest.exclude ?? []), "src/gateway/**", "extensions/**"],
-  },
+export default createScopedVitestConfig(channelTestInclude, {
+  exclude: ["src/gateway/**"],
 });
diff --git a/vitest.config.ts b/vitest.config.ts
index 2c14f06a1c6..5e0a192d5a3 100644
--- a/vitest.config.ts
+++ b/vitest.config.ts
@@ -183,16 +183,8 @@ export default defineConfig({
         "src/tui/**",
         "src/wizard/**",
         // Channel surfaces are largely integration-tested (or manually validated).
-        "src/discord/**",
-        "src/imessage/**",
-        "src/signal/**",
-        "src/slack/**",
         "src/browser/**",
         "src/channels/web/**",
-        "src/telegram/index.ts",
-        "src/telegram/proxy.ts",
-        "src/telegram/webhook-set.ts",
-        "src/telegram/**",
         "src/webchat/**",
         "src/gateway/server.ts",
         "src/gateway/client.ts",
diff --git a/vitest.extensions.config.ts b/vitest.extensions.config.ts
index 9a2df2faa2c..72556e435a7 100644
--- a/vitest.extensions.config.ts
+++ b/vitest.extensions.config.ts
@@ -1,3 +1,9 @@
+import { channelTestExclude } from "./vitest.channel-paths.mjs";
 import { createScopedVitestConfig } from "./vitest.scoped-config.ts";
 
-export default createScopedVitestConfig(["extensions/**/*.test.ts"]);
+export default createScopedVitestConfig(["extensions/**/*.test.ts"], {
+  // Channel implementations live under extensions/ but are tested by
+  // vitest.channels.config.ts (pnpm test:channels) which provides
+  // the heavier mock scaffolding they need.
+  exclude: channelTestExclude.filter((pattern) => pattern.startsWith("extensions/")),
+});
diff --git a/vitest.scoped-config.ts b/vitest.scoped-config.ts
index d3fe9f7c50d..8384b07f64f 100644
--- a/vitest.scoped-config.ts
+++ b/vitest.scoped-config.ts
@@ -1,10 +1,10 @@
 import { defineConfig } from "vitest/config";
 import baseConfig from "./vitest.config.ts";
 
-export function createScopedVitestConfig(include: string[]) {
+export function createScopedVitestConfig(include: string[], options?: { exclude?: string[] }) {
   const base = baseConfig as unknown as Record<string, unknown>;
   const baseTest = (baseConfig as { test?: { exclude?: string[] } }).test ?? {};
-  const exclude = baseTest.exclude ?? [];
+  const exclude = [...(baseTest.exclude ?? []), ...(options?.exclude ?? [])];
 
   return defineConfig({
     ...base,
diff --git a/vitest.unit.config.ts b/vitest.unit.config.ts
index 8116da0592b..4d4fd934fe1 100644
--- a/vitest.unit.config.ts
+++ b/vitest.unit.config.ts
@@ -17,9 +17,6 @@ export default defineConfig({
       ...exclude,
       "src/gateway/**",
       "extensions/**",
-      "src/telegram/**",
-      "src/discord/**",
-      "src/web/**",
       "src/browser/**",
       "src/line/**",
       "src/agents/**",