Auto-merge upstream openclaw/openclaw

Author: friuns2

.agents/skills/openclaw-parallels-smoke/SKILL.md

@@ -46,7 +46,10 @@ Use this skill for Parallels guest workflows and smoke interpretation. Do not lo
 
 - Preferred entrypoint: `pnpm test:parallels:macos`
 - Default upgrade coverage on macOS should now include: fresh snapshot -> site installer pinned to the latest stable tag -> `openclaw update --channel dev` on the guest. Treat this as part of the default Tahoe regression plan, not an optional side quest.
+- `parallels-macos-smoke.sh --mode upgrade` should run that release-to-dev lane by default. Keep the older host-tgz upgrade path only when the caller explicitly passes `--target-package-spec`.
+- Because the default upgrade lane no longer needs a host tgz, skip `npm pack` + host HTTP server startup for `--mode upgrade` unless `--target-package-spec` is set. Keep the pack/server path for `fresh` and `both`.
 - If that release-to-dev lane fails with `reason=preflight-no-good-commit` and repeated `sh: pnpm: command not found` tails from `preflight build`, treat it as an updater regression first. The fix belongs in the git/dev updater bootstrap path, not in Parallels retry logic.
+- Until the public stable train includes that updater bootstrap fix, the macOS release-to-dev lane may seed a temporary guest-local `pnpm` shim immediately before `openclaw update --channel dev`. Keep that workaround scoped to the smoke harness and remove it once the latest stable no longer needs it.
 - Default to the snapshot closest to `macOS 26.3.1 latest`.
 - On Peter's Tahoe VM, `fresh-latest-march-2026` can hang in `prlctl snapshot-switch`; if restore times out there, rerun with `--snapshot-hint 'macOS 26.3.1 latest'` before blaming auth or the harness.
 - `parallels-macos-smoke.sh` now retries `snapshot-switch` once after force-stopping a stuck running/suspended guest. If Tahoe still times out after that recovery path, then treat it as a real Parallels/host issue and rerun manually.

.agents/skills/openclaw-qa-testing/SKILL.md

@@ -0,0 +1,86 @@
+---
+name: openclaw-qa-testing
+description: Run, watch, debug, and extend OpenClaw QA testing with qa-lab and qa-channel. Use when Codex needs to execute the repo-backed QA suite, inspect live QA artifacts, debug failing scenarios, add new QA scenarios, or explain the OpenClaw QA workflow. Prefer the live OpenAI lane with regular openai/gpt-5.4 in fast mode; do not use gpt-5.4-pro or gpt-5.4-mini unless the user explicitly overrides that policy.
+---
+
+# OpenClaw QA Testing
+
+Use this skill for `qa-lab` / `qa-channel` work. Repo-local QA only.
+
+## Read first
+
+- `docs/concepts/qa-e2e-automation.md`
+- `docs/help/testing.md`
+- `docs/channels/qa-channel.md`
+- `qa/QA_KICKOFF_TASK.md`
+- `qa/seed-scenarios.json`
+- `extensions/qa-lab/src/suite.ts`
+
+## Model policy
+
+- Live OpenAI lane: `openai/gpt-5.4`
+- Fast mode: on
+- Do not use:
+  - `openai/gpt-5.4-pro`
+  - `openai/gpt-5.4-mini`
+- Only change model policy if the user explicitly asks.
+
+## Default workflow
+
+1. Read the seed plan and current suite implementation.
+2. Decide lane:
+   - mock/dev: `mock-openai`
+   - real validation: `live-openai`
+3. For live OpenAI, use:
+
+```bash
+OPENCLAW_LIVE_OPENAI_KEY="${OPENAI_API_KEY}" \
+pnpm openclaw qa suite \
+  --provider-mode live-openai \
+  --model openai/gpt-5.4 \
+  --alt-model openai/gpt-5.4 \
+  --fast \
+  --output-dir .artifacts/qa-e2e/run-all-live-openai-<tag>
+```
+
+4. Watch outputs:
+   - summary: `.artifacts/qa-e2e/run-all-live-openai-<tag>/qa-suite-summary.json`
+   - report: `.artifacts/qa-e2e/run-all-live-openai-<tag>/qa-suite-report.md`
+5. If the user wants to watch the live UI, find the current `openclaw-qa` listen port and report `http://127.0.0.1:<port>`.
+6. If a scenario fails, fix the product or harness root cause, then rerun the full lane.
+
+## Repo facts
+
+- Seed scenarios live in `qa/`.
+- Main live runner: `extensions/qa-lab/src/suite.ts`
+- QA lab server: `extensions/qa-lab/src/lab-server.ts`
+- Child gateway harness: `extensions/qa-lab/src/gateway-child.ts`
+- Synthetic channel: `extensions/qa-channel/`
+
+## What “done” looks like
+
+- Full suite green for the requested lane.
+- User gets:
+  - watch URL if applicable
+  - pass/fail counts
+  - artifact paths
+  - concise note on what was fixed
+
+## Common failure patterns
+
+- Live timeout too short:
+  - widen live waits in `extensions/qa-lab/src/suite.ts`
+- Discovery cannot find repo files:
+  - point prompts at `repo/...` inside seeded workspace
+- Subagent proof too brittle:
+  - prefer stable final reply evidence over transient child-session listing
+- Harness “rebuild” delay:
+  - dirty tree can trigger a pre-run build; expect that before ports appear
+
+## When adding scenarios
+
+- Add scenario metadata to `qa/seed-scenarios.json`
+- Keep kickoff expectations in `qa/QA_KICKOFF_TASK.md` aligned
+- Add executable coverage in `extensions/qa-lab/src/suite.ts`
+- Prefer end-to-end assertions over mock-only checks
+- Save outputs under `.artifacts/qa-e2e/`

.agents/skills/openclaw-qa-testing/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "QA Test OpenClaw"
+  short_description: "Run and debug qa-lab and qa-channel scenarios"
+  default_prompt: "Use $openclaw-qa-testing to run or extend the OpenClaw QA suite with qa-lab and qa-channel, using regular openai/gpt-5.4 in fast mode for live OpenAI runs."

CHANGELOG.md

@@ -34,10 +34,15 @@ Docs: https://docs.openclaw.ai
 - Agents/cache: stabilize cache-relevant system prompt fingerprints by normalizing equivalent structured prompt whitespace, line endings, hook-added system context, and runtime capability ordering so semantically unchanged prompts reuse KV/cache more reliably. Thanks @vincentkoc.
 - Agents/tool prompts: remove the duplicate in-band tool inventory from agent system prompts so tool-calling models rely on the structured tool definitions as the single source of truth, improving prompt stability and reducing stale tool guidance.
 - Tools/video generation: add bundled xAI (`grok-imagine-video`) and Alibaba Model Studio Wan video providers, plus live-test/default model wiring for both.
+- Tools/video generation: add a bundled Runway video provider (`runway/gen4.5`) with native async task polling, local image/video reference support via data URIs, provider docs, and live-test wiring.
+- Agents/video generation: register `video_generate` runs in the task ledger with task/run ids and lifecycle updates so long-running generations can be tracked more reliably.
+- Agents/video generation: make session-backed `video_generate` runs detach into background tasks, wake the same agent session on completion, and have the agent post the finished video back into the original channel as a follow-up reply.
+- Agents/video generation: add active-task prompt hints plus a hard duplicate guard so session-backed `video_generate` returns task status for in-flight jobs instead of spawning the same video request twice, and expose `action=status` for explicit lookup.
 - Providers/CLI: remove bundled CLI text-provider backends and the `agents.defaults.cliBackends` surface, while keeping ACP harness sessions and Gemini media understanding on the native bundled providers.
 - Matrix/exec approvals: clarify unavailable-approval replies so Matrix no longer claims chat approvals are unsupported when native exec approvals are merely unconfigured. (#61424) Thanks @gumadeiras.
 - Docs/IRC: replace public IRC hostname examples with `irc.example.com` and recommend private servers for bot coordination while listing common public networks for intentional use.
 - Memory/dreaming: write dreaming trail content to top-level `DREAMS.md` instead of daily memory notes, update `/dreaming` help text to point there, and keep `DREAMS.md` available for explicit reads without pulling it into default recall. Thanks @davemorin.
+- Plugins/Lobster: run bundled Lobster workflows in process instead of spawning the external CLI, reducing transport overhead and unblocking native runtime integration. (#61523) Thanks @mbelinky.
 
 ### Fixes
 
@@ -52,6 +57,7 @@ Docs: https://docs.openclaw.ai
 - Discord/reply tags: strip leaked `[[reply_to_current]]` control tags from preview text and honor explicit reply-tag threading during final delivery, so Discord replies stay attached to the triggering message instead of printing reply metadata into chat.
 - Discord/replies: replace the unshipped `replyToOnlyWhenBatched` flag with `replyToMode: "batched"` so native reply references only attach on debounced multi-message turns while explicit reply tags still work.
 - Discord/image generation: include the real generated `MEDIA:` paths in tool output, avoid duplicate plain-output media requeueing, and persist volatile workspace-generated media into durable outbound media before final reply delivery so generated image replies stop pointing at missing local files.
+- Tools/image generation: ignore unsupported provider geometry overrides such as OpenAI `aspectRatio` hints, report the dropped overrides in tool output, and keep compatible provider fallbacks working instead of failing early.
 - Slack: route live DM replies back to the concrete inbound DM channel while keeping persisted routing metadata user-scoped, so normal assistant replies stop disappearing when pairing and system messages still arrive. (#59030) Thanks @afurm.
 - WhatsApp: restore `channels.whatsapp.blockStreaming` and reset watchdog timeouts after reconnect so quiet chats stop falling into reconnect loops. (#60007, #60069) Thanks @MonkeyLeeT and @mcaxtr.
 - Android/Talk Mode: cancel in-flight `talk.speak` playback when speech is explicitly stopped, and restore spoken replies on both node-scoped and gateway-backed sessions by keeping reply routing and embedded transport overrides aligned with the current playback path. (#60306, #61164, #61214)
@@ -108,12 +114,14 @@ Docs: https://docs.openclaw.ai
 - Exec approvals: remove heuristic command-obfuscation gating from host exec so gateway and node runs rely on explicit policy, allowlist, and strict inline-eval rules only.
 - Agents/tool results: cap live tool-result persistence and overflow-recovery truncation at 40k characters so oversized tool output stays bounded without discarding recent context entirely.
 - Discord/video replies: split text-plus-video deliveries into a text reply followed by a media-only send, and let live provider auth checks honor manifest-declared API key env vars like `MODELSTUDIO_API_KEY`.
+- Providers/fal video: switch long-running fal video generation to the queue-backed submit/status/result flow, and accept `FAL_API_KEY` as a compatibility alias for the canonical `FAL_KEY`.
 - Config/All Settings: keep the raw config view intact when sensitive fields are blank instead of corrupting or dropping the rendered snapshot. (#28214) Thanks @solodmd.
 - Plugin SDK/facades: back-fill bundled plugin facade sentinels before plugin-id tracking re-enters config loading, so CLI/provider startup no longer crashes with `shouldNormalizeGoogleProviderConfig is not a function` or other empty-facade reads during bundled plugin re-entry. Thanks @adam91holt.
 - Plugins/facades: back-fill facade sentinels before tracked-plugin resolution re-enters config loading, so facade exports stay defined during circular provider normalization. (#61180) Thanks @adam91holt.
 - Discord/image generation: include the real generated `MEDIA:` paths in tool output and avoid duplicate plain-output media requeueing so Discord image replies stop pointing at missing local files.
 - Slack: route live DM replies back to the concrete inbound DM channel while keeping persisted routing metadata user-scoped, so normal assistant replies stop disappearing when pairing and system messages still arrive. (#59030) Thanks @afurm.
 - Discord/reply tags: strip leaked `[[reply_to_current]]` control tags from preview text and honor explicit reply-tag threading during final delivery, so Discord replies stay attached to the triggering message instead of printing reply metadata into chat.
+- CLI/update: block `openclaw update --channel dev` with a clearer explainer when the git checkout has edited local files, instead of failing later once commit-switching work starts.
 - Telegram: fix current-model checks in the model picker, HTML-format non-default `/model` confirmations, explicit topic replies, persisted reaction ownership across restarts, caption-media placeholder and `file_id` preservation on download failure, and upgraded-install inbound image reads. (#60384, #60042, #59634, #59207, #59948, #59971) Thanks @sfuminya, @GitZhangChi, @dashhuang, @samzong, @v1p0r, and @neeravmakwana.
 - Telegram: restore DM voice-note preflight transcription so direct-message audio stops arriving as raw `<media:audio>` placeholders. (#61008) Thanks @manueltarouca.
 - Telegram/reasoning: only create a Telegram reasoning preview lane when the session is explicitly `reasoning:stream`, so hidden `<think>` traces from streamed replies stop surfacing as chat previews on normal sessions. Thanks @vincentkoc.
@@ -158,6 +166,7 @@ Docs: https://docs.openclaw.ai
 - Plugins/OpenAI: tune the OpenAI prompt overlay for live-chat cadence so GPT replies stay shorter, more human, and less wall-of-text by default.
 - Providers/compat: stop forcing OpenAI-only defaults on proxy and custom OpenAI-compatible routes, preserve native vendor-specific reasoning/tool/streaming behavior across Anthropic-compatible, Moonshot, Mistral, ModelStudio, OpenRouter, xAI, and Z.ai endpoints, and route GitHub Copilot Claude models through Anthropic Messages instead of OpenAI Responses.
 - Providers/GitHub Copilot: send IDE identity headers on runtime model requests and GitHub token exchange so IDE-authenticated Copilot runs stop failing with missing `Editor-Version`. (#60641) Thanks @VACInc and @vincentkoc.
+- Discord/native commands: authorize slash commands and autocomplete in explicitly allowlisted guild channels when `commands.allowFrom` is unset, while still keeping `commands.allowFrom` authoritative when it is configured and denying non-allowlisted channels.
 - Providers/OpenRouter failover: classify `403 “Key limit exceeded”` spending-limit responses as billing so model fallback continues instead of stopping on generic auth. (#59892) Thanks @rockcent.
 - Providers/Anthropic: keep `claude-cli/*` auth on live Claude CLI credentials at runtime, avoid persisting stale bearer-token profiles, and suppress macOS Keychain prompts during non-interactive Claude CLI setup. (#61234) Thanks @darkamenosa.
 - Providers/Anthropic: when Claude CLI auth becomes the default, write a real `claude-cli` auth profile so local and gateway agent runs can use Claude CLI immediately without missing-API-key failures. Thanks @vincentkoc.

docs/automation/tasks.md

@@ -77,9 +77,14 @@ openclaw tasks flow cancel <lookup>
 | Subagent orchestration | `subagent`   | Spawning a subagent via `sessions_spawn`               | `done_only`           |
 | Cron jobs (all types)  | `cron`       | Every cron execution (main-session and isolated)       | `silent`              |
 | CLI operations         | `cli`        | `openclaw agent` commands that run through the gateway | `silent`              |
+| Agent media jobs       | `cli`        | Session-backed `video_generate` runs                   | `silent`              |
 
 Main-session cron tasks use `silent` notify policy by default — they create records for tracking but do not generate notifications. Isolated cron tasks also default to `silent` but are more visible because they run in their own session.
 
+Session-backed `video_generate` runs also use `silent` notify policy. They still create task records, but completion is handed back to the original agent session as an internal wake so the agent can write the follow-up message and attach the finished video itself.
+
+While a session-backed `video_generate` task is still active, the tool also acts as a guardrail: repeated `video_generate` calls in that same session return the active task status instead of starting a second concurrent generation. Use `action: "status"` when you want an explicit progress/status lookup from the agent side.
+
 **What does not create tasks:**
 
 - Heartbeat turns — main-session; see [Heartbeat](/gateway/heartbeat)

docs/cli/memory.md

@@ -34,6 +34,8 @@ openclaw memory status --deep --index
 openclaw memory status --deep --index --verbose
 openclaw memory status --agent main
 openclaw memory index --agent main --verbose
+openclaw memory promote-explain "router vlan"
+openclaw memory rem-harness --json
 ```
 
 ## Options
@@ -90,6 +92,33 @@ Full options:
 - `--include-promoted`: include already promoted candidates in output.
 - `--json`: print JSON output.
 
+`memory promote-explain`:
+
+Explain why a specific candidate would or would not promote, with a full score breakdown.
+
+```bash
+openclaw memory promote-explain "<selector>"
+```
+
+- `<selector>`: candidate key, path fragment, or snippet fragment to match.
+- `--agent <id>`: scope to a single agent (default: the default agent).
+- `--include-promoted`: include already promoted candidates.
+- `--json`: print JSON output.
+
+`memory rem-harness`:
+
+Preview REM reflections, candidate truths, and deep promotion output without writing anything. Useful for staging and debugging the REM phase before it runs for real.
+
+```bash
+openclaw memory rem-harness [--json] [--agent <id>] [--include-promoted]
+```
+
+- `--agent <id>`: scope to a single agent (default: the default agent).
+- `--include-promoted`: include already promoted deep candidates.
+- `--json`: print JSON output.
+
+See [Dreaming](/concepts/dreaming) for the full phase model and how REM fits in.
+
 ## Dreaming (experimental)
 
 Dreaming is the background memory consolidation system with three cooperative

docs/concepts/dreaming.md

@@ -225,6 +225,20 @@ openclaw memory status --deep
 
 See [memory CLI](/cli/memory) for the full flag reference.
 
+### Preview and explain tools
+
+Two additional subcommands help you inspect promotion and REM behavior without writing anything:
+
+```bash
+# Explain why a candidate would or would not promote
+openclaw memory promote-explain "meeting notes"
+
+# Preview REM reflections, candidate truths, and deep promotions
+openclaw memory rem-harness --json
+```
+
+See [memory CLI](/cli/memory) for full options.
+
 ## How it works
 
 ### Light phase pipeline

docs/concepts/model-providers.md

@@ -198,6 +198,8 @@ Current bundled examples:
   media-understanding and video-generation provider registrations for its
   multimodal surfaces; Qwen video generation uses the Standard DashScope video
   endpoints with bundled Wan models such as `wan2.6-t2v` and `wan2.7-r2v`
+- `runway`: plugin-owned video-generation provider registration for native
+  Runway task-based models such as `gen4.5`
 - `minimax`: plugin-owned catalogs, bundled video-generation provider
   registration for Hailuo video models, bundled image-generation provider
   registration for `image-01`, hybrid Anthropic/OpenAI replay-policy

docs/docs.json

@@ -1233,6 +1233,7 @@
               {
                 "group": "Providers",
                 "pages": [
+                  "providers/alibaba",
                   "providers/anthropic",
                   "providers/bedrock",
                   "providers/bedrock-mantle",
@@ -1241,6 +1242,7 @@
                   "providers/cloudflare-ai-gateway",
                   "providers/deepgram",
                   "providers/deepseek",
+                  "providers/fal",
                   "providers/github-copilot",
                   "providers/glm",
                   "providers/google",
@@ -1260,6 +1262,7 @@
                   "providers/perplexity-provider",
                   "providers/qianfan",
                   "providers/qwen",
+                  "providers/runway",
                   "providers/sglang",
                   "providers/stepfun",
                   "providers/synthetic",