Fixes rough edges in the standalone install flow (install.sh -> openclaw onboard), found and verified by running the flow in a clean container and on a clean macOS Tahoe VM:
- Provider auth setup failures (e.g. the preselected "Anthropic Claude CLI" option on a host without a Claude CLI login) no longer kill the whole wizard. The interactive wizard notes the error and returns to the provider picker; explicit --auth-choice automation still fails fast.
- Onboarding config now persists before the channel/search/skills steps, so a crash or cancel during channel pairing no longer loses auth + gateway decisions.
- With model auth skipped, finalize no longer auto-sends the "Wake up, my friend!" message (which always failed with a provider auth error). The hatch seed is gated on usable model credentials and a "Model auth missing" note explains the next step.
- Search provider picker no longer labels non-key credentials (e.g. SearXNG base URL) as "API key required".
- install.sh no longer warns "PATH missing npm global bin dir" with manual fix steps after it already persisted the export line; it reports the PATH was updated and how to reload the current shell.
- Removed the dead interactive hooks onboarding step (setupInternalHooks); quickstart enables default hooks silently.
Verified live per fix in a clean Debian/Node 24 container and on a clean macOS 26.5 Parallels VM (wizard re-prompt, SearXNG label), plus wizard/onboard test suites and tsgo:core.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Tracks per-skill usage from the skill.used diagnostic event (trusted-only
delivery, file-scoped identity), sweeps workshop-created skills daily from
gateway maintenance (active -> stale 30d -> archived 90d, pinned bypass,
restore-only unarchive, files never touched), filters archived skills from
snapshots fail-open, reports workspace-scoped overlap candidates, and adds
openclaw skills curator CLI, additive gateway methods, and a warn-only
doctor finding. Zero new config keys; SQLite/Kysely state only.
* feat(skills): diagnose skill_workshop hidden by tool policy (#87570)
Workshop can be enabled and auto-capturing while tools.profile hides the
skill_workshop tool; every inspection surface looked healthy. plugins
inspect and openclaw doctor now name the excluding policy layer (global/
agent/provider profile, allowlist, denylist) and the exact alsoAllow
grant to add, via a shared resolveSkillWorkshopToolPolicyAvailability
helper that /learn's guard now reuses instead of composing policy
itself. Diagnosis only; no policy behavior change.
* ci: retrigger
Expose an opt-in Doctor lint finding for Linux Gateway hosts where a loaded user-level systemd gateway unit has systemd lingering disabled.\n\nValidation:\n- Targeted Doctor health contribution tests passed locally.\n- Exact-head hosted checks passed on 65ec5a0acf, including QA Smoke CI, Real behavior proof, security/CodeQL, check-shrinkwrap, and selected CI shards.\n- Crabbox Azure proof exercised a loaded user systemd gateway unit with Linger=no and observed the expected lint warning.\n\nCo-authored-by: giodl73-repo <166990625+giodl73-repo@users.noreply.github.com>
Keep the legacy WhatsApp crontab Doctor lint check opt-in by marking the existing core check default-disabled. Default `doctor --lint` no longer reads the user crontab for this narrow legacy diagnostic, while `--all` and `--only core/doctor/legacy-whatsapp-crontab` still run the detector.
Validation:
- focused Doctor contribution Vitest passed 70/70
- changed-file oxfmt and oxlint passed
- git diff --check passed
- pnpm build passed before the final rebase
- hosted exact-head CI/Testbox gates passed on 8964ccb239 after QA Smoke rerun
- PR body includes real lint-module proof for default skip and explicit selected warning behavior
Maintainer note: accepted ClawSweeper's default-output compatibility tradeoff for this legacy crontab probe; no public SDK/plugin/config contract changes.
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>
applyFinalEffectiveToolPolicy and collectAttemptExplicitToolAllowlistSources
took ~15 raw identity params each and silently re-resolved a second
capability profile when callers forgot to pass one — with divergent
session inputs (attempt allowlist sources resolved policy off the live
session key while tool construction used the sandbox policy key). The
profile param is now required, the fallback resolution stacks are
deleted, and the attempt threads its single resolved profile into tool
construction, the final bundled pass, and allowlist sources. Doctor and
gateway tools.effective callers resolve their config-scope profile
explicitly at the callsite. createOpenClawCodingTools keeps its optional
self-resolve as public plugin-SDK convenience.
Adds a default-disabled Doctor lint check for WhatsApp responsiveness pressure while keeping real cleanup in the existing doctor --fix path.
Verification:
- Focused WhatsApp responsiveness/contribution Vitest passed (71 tests).
- Changed-file oxfmt passed.
- Changed-file oxlint with core tsconfig passed.
- SDK surface report passed.
- SDK export sync passed.
- git diff --check passed.
- Selected source CLI proof passed earlier on this head: doctor --lint --json --only core/doctor/whatsapp-responsiveness exited 0, ran 1 check, and did not create <state>/identity/device.json.
- Exact-head hosted checks passed/skipped on 39f003931ff8cd93f945e75bf7a480cf2271c910; older cancelled proof/auto-response runs were superseded by passing current runs.
Maintainer notes:
- ClawSweeper platinum hermit / ready for maintainer review.
- Accepted the opt-in lint check id and warning copy on the PR.
- No public config/plugin/SDK/persisted data contract change; default doctor --lint remains unchanged.
Adds a default-disabled Doctor lint check for stale plugin-runtime symlinks while keeping real deletion in the existing legacy doctor --fix cleanup path.
Verification:
- Focused plugin-runtime-symlink/contribution Vitest passed (65 tests).
- Changed-file oxfmt passed.
- Changed-file oxlint with core tsconfig passed.
- SDK surface report passed.
- git diff --check passed.
- Exact-head hosted checks passed/skipped on 287d2230ee.
Maintainer notes:
- ClawSweeper platinum hermit / ready for maintainer look.
- Accepted the new opt-in lint check id and warning copy on the PR.
- Local prepare wrapper pnpm check still fails on the npm shrinkwrap guard, and the same failure reproduces on current origin/main; treated as baseline local gate noise, not PR-caused.
Expose default-disabled Doctor lint findings for legacy plugin dependency state.
The check maps the existing safe cleanup-target detection into structured lint output while keeping real cleanup in the legacy doctor --fix path. Default doctor --lint remains unchanged; explicit --only and --all can include the new warning.
Validation:
- GitHub checks green on head 53c11a6f82
- ClawSweeper: proof sufficient, platinum hermit, ready for maintainer look
- Local post-rebase proof: focused Doctor Vitest, changed-file oxlint, changed-file oxfmt --check, and git diff --check all passed
Maintainer note: WSL maintainer wrapper path is unavailable on this host with Wsl/Service/CreateInstance/0x80072745, so this uses the steerable head-pinned squash path allowed by the current maintainer workflow docs.
Expose `core/doctor/auth-profiles` as a default-disabled structured Doctor lint check.
This maps the existing auth-profile health diagnostics into structured findings while preserving legacy Doctor repair behavior. The check remains opt-in through `--only core/doctor/auth-profiles` or `--all`; default `doctor --lint` behavior is unchanged.
Validation:
- focused auth-profile/hints/contribution Vitest passed
- changed-file oxfmt and oxlint passed
- core tsgo passed
- git diff --check passed
- exact-head hosted CI/Testbox gates passed
Co-authored-by: giodl73-repo <235387111+giodl73-repo@users.noreply.github.com>