Summary:
- The branch moves configured-channel plugin registry loading for `openclaw message` into `runCommandWithRuntime`, adds regression coverage for preload failure exit handling, and adds a changelog fix entry for #76168.
- Reproducibility: yes. for the exit-path bug: current main calls plugin registry preload before `runCommandWi ... the high-CPU child process in this read-only review, but the missing exit boundary is source-reproducible.
Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.
Validation:
- ClawSweeper review passed for head 95b67ea9ba.
- Required merge gates passed before the squash merge.
Prepared head SHA: 95b67ea9ba
Review: https://github.com/openclaw/openclaw/pull/76846#issuecomment-4366747104
Co-authored-by: Peter Steinberger <steipete@gmail.com>
Preserve enabled-by-default metadata for manifest command aliases so missing CLI command diagnostics can point users at the parent bundled plugin and the `openclaw plugins enable <plugin>` repair path.
Also carries the current-main deadcode allowlist entry for the command-analysis barrel that blocked CI.
Verified:
- pnpm test src/cli/run-main.test.ts src/plugins/manifest-command-aliases.test.ts
- pnpm deadcode:unused-files
- pnpm exec oxfmt --check --threads=1 scripts/deadcode-unused-files.allowlist.mjs CHANGELOG.md src/cli/run-main-policy.ts src/cli/run-main.test.ts src/plugins/manifest-command-aliases.ts src/plugins/manifest-command-aliases.test.ts
- git diff --check
- PR CI on 6076ff2d52 green, ignoring cancelled auto-response per landing matrix
Removing deny coupling between write and apply_patch in
makeToolPolicyMatcher. Previously deny: ["write"] would also block
apply_patch, contradicting the documented allow coupling (apply_patch
inherits write allow). Allow inheritance is preserved; deny must be
stated explicitly.
Adds regression tests verifying:
- deny: ["write"] leaves apply_patch accessible
- deny: ["apply_patch"] still denies directly
- allow: ["write"] still grants apply_patch
- deny: ["write", "apply_patch"] still denies when both explicit
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fixes#76792.
- Trust a checked-ready gateway memory probe when CLI-local memory runtime resolution is unavailable.
- Keep the no-active-plugin warning for skipped, unavailable, or not-ready gateway probes.
- Add regression coverage for ready, skipped, and not-ready probe cases.
Thanks @som-686.
Keep externalized bundled npm bridge updates on the normal plugin security scanner path instead of granting source-linked official trust without artifact provenance.
Thanks @Lucenx9.
* feat(clawhub): surface rate-limit headers and sign-in hint on 429s
* feat(clawhub): handle no-headers 429s and add changelog entry
* fix(clawhub): simplify 429 message to reset hint only
When a newer inbound message arrives while an older dispatch is still
processing, buffered final answers from the old dispatch could be
delivered into the new message's thread.
Add `bufferedGeneration` to `BufferedFinalAnswer` to track which
abort fence generation buffered the answer. `takeBufferedFinalAnswer`
now rejects buffered answers whose generation doesn't match the
current dispatch's generation, preventing stale content delivery.
Fixes#76642
Keep Mantis Discord comparison worktrees outside the uploaded artifact tree and copy each lane's QA output into the report directory before comparing summaries.
