Preserve enabled-by-default metadata for manifest command aliases so missing CLI command diagnostics can point users at the parent bundled plugin and the `openclaw plugins enable <plugin>` repair path.
Also carries the current-main deadcode allowlist entry for the command-analysis barrel that blocked CI.
Verified:
- pnpm test src/cli/run-main.test.ts src/plugins/manifest-command-aliases.test.ts
- pnpm deadcode:unused-files
- pnpm exec oxfmt --check --threads=1 scripts/deadcode-unused-files.allowlist.mjs CHANGELOG.md src/cli/run-main-policy.ts src/cli/run-main.test.ts src/plugins/manifest-command-aliases.ts src/plugins/manifest-command-aliases.test.ts
- git diff --check
- PR CI on 6076ff2d52 green, ignoring cancelled auto-response per landing matrix
Keep externalized bundled npm bridge updates on the normal plugin security scanner path instead of granting source-linked official trust without artifact provenance.
Thanks @Lucenx9.
Fixes the session-list plugin metadata hot path by reusing the active workspace-scoped plugin metadata snapshot for manifest model-id normalization and setup CLI backend fallback. Also keeps model-pricing collection on its provided manifest registry and fixes the CI-only hoisted test mock failure.
Validated with targeted plugin/gateway/model-selection tests, CI-shaped gateway startup shard, Testbox `pnpm check:changed`, and green PR CI.
Thanks @rolandrscheel.
Summary:
- The PR adds `sensitive` support to wizard text prompts, routes sensitive Clack prompts through `password()`, ... preserves existing gateway secrets through masked-preview confirms, and adds tests plus a changelog entry.
- Reproducibility: yes. Source inspection shows current main routes onboarding credential entry through visibl ... y provides a concrete Windows PowerShell `openclaw onboard --install-daemon` reproduction with screenshots.
Automerge notes:
- No ClawSweeper repair was needed after automerge opt-in.
Validation:
- ClawSweeper review passed for head a3db64c265.
- Required merge gates passed before the squash merge.
Prepared head SHA: a3db64c265
Review: https://github.com/openclaw/openclaw/pull/76693#issuecomment-4366253531
Co-authored-by: anurag-bg-neu <bheemappagnanamurt.a@northeastern.edu>
External context-engine plugins (e.g. lossless-claw) register via
api.registerContextEngine at load time but ship without
activation.onStartup in their manifest. The gateway startup planner
only considered memory plugins and explicit sidecar plugins, so a
selected non-legacy context engine was omitted from the startup load
plan and never loaded before agent turns resolved the active engine,
producing the "Context engine X is not registered; falling back to
default engine legacy" warning.
Fix: add resolveContextEngineSlotStartupPluginId mirroring the memory
slot pattern; pass contextEngineSlotStartupPluginId into
shouldConsiderForGatewayStartup so the selected context-engine plugin
is included in pluginIds regardless of its manifest activation shape.
Tests: added four regression cases covering include, exclude, legacy
bypass, and id normalization. 82 tests pass.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
`resolvePluginTools` returned an empty tool list when no pre-warmed
channel/active registry was found after startup — the on-demand fallback
removed by PR #76004 was only added back for memory and capability-provider
surfaces, leaving path-based (origin "config") plugin tool factories silent.
Fix: when `resolvePluginToolRegistry` returns null, trigger a standalone
registry load via `ensureStandaloneRuntimePluginRegistryLoaded`, then retry.
Adds regression test asserting tools are resolved without pre-warming.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Run npm install from the managed npm-root manifest so sequential @openclaw/* plugin installs preserve siblings on disk.
Fixes#76571.
Thanks @byungskers and @crpol.
Summary:
- The PR makes `tools.profile: "full"` resolve to a wildcard allowlist, teaches plugin optional-tool allowlist checks to honor `*`, and updates regression tests, docs, and the changelog for browser tool availability.
- Reproducibility: yes. source-level reproduction is high confidence: current main makes `full` resolve to no ... plugin allowlist helpers do not accept `*`. I did not run a live browser session in this read-only review.
Automerge notes:
- PR branch already contained follow-up commit before automerge: docs: update full profile description and add changelog for #76507
Validation:
- ClawSweeper review passed for head b5329de33c.
- Required merge gates passed before the squash merge.
Prepared head SHA: b5329de33c
Review: https://github.com/openclaw/openclaw/pull/76557#issuecomment-4365736091
Co-authored-by: Alex Knight <aknight@atlassian.com>
Summary:
- The PR adds a scoped standalone memory-slot plugin load for doctor/status memory resolution, updates memory-runtime regression tests, and adds a changelog fix entry.
- Reproducibility: yes. source-reproducible: current main's doctor/status path reads getMemoryRuntime after on ... registers that runtime only during plugin activation. I did not run a live macOS LaunchAgent reproduction.
Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(cli): load memory plugin for doctor/status when registry is cold
Validation:
- ClawSweeper review passed for head a6a1967316.
- Required merge gates passed before the squash merge.
Prepared head SHA: a6a1967316
Review: https://github.com/openclaw/openclaw/pull/76393#issuecomment-4365255585
Co-authored-by: Neerav Makwana <261249544+neeravmakwana@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Summary:
- The PR enables Slack draft preview streaming for flat DMs in all non-off modes, updates Slack streaming tests/docs/config metadata/changelog, and refreshes small guard baselines.
- Reproducibility: yes. source-reproducible on current main: the helper returns false for `mode: "partial"` in ... current test asserts that disabled path. I did not run tests because this review was explicitly read-only.
Automerge notes:
- Ran the ClawSweeper repair loop before final review.
- Included post-review commit in the final squash: fix(slack): enable preview streaming in flat DMs (replyToMode: off)
- Included post-review commit in the final squash: fix(clawsweeper): address review for automerge-openclaw-openclaw-5654…
Validation:
- ClawSweeper review passed for head 52e5d74ef9.
- Required merge gates passed before the squash merge.
Prepared head SHA: 52e5d74ef9
Review: https://github.com/openclaw/openclaw/pull/76330#issuecomment-4365017023
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
Co-authored-by: bob <637186+HangGlidersRule@users.noreply.github.com>
Summary:
- The PR skips eager context-window warmup for `openclaw message`, forwards Discord/Telegram execution-mode de ... reuses caller-owned manifest metadata during config materialization, and adds tests plus a changelog entry.
- Reproducibility: yes. Source inspection on current main shows `openclaw message` is still eligible for eager context-window warmup and the Discord/Telegram wrappers still drop the gateway execution-mode declarations.
Automerge notes:
- PR branch already contained follow-up commit before automerge: fix: type message action routing fallbacks
- PR branch already contained follow-up commit before automerge: docs: credit message latency fix contributor
Validation:
- ClawSweeper review passed for head 9606bb27d5.
- Required merge gates passed before the squash merge.
Prepared head SHA: 9606bb27d5
Review: https://github.com/openclaw/openclaw/pull/76312#issuecomment-4364958708
Co-authored-by: FullerStackDev <263060202+fuller-stack-dev@users.noreply.github.com>
