Merge d8fae6c4d7 into c4265a5f16

* fix: preserve Telegram chunk word boundaries

* fix: address Telegram chunking review feedback

* fix: preserve Telegram retry separators

* fix: preserve Telegram chunking boundaries (#47274)

.agent/workflows/update_clawdbot.md

@@ -1,8 +1,8 @@
 ---
-description: Update Clawdbot from upstream when branch has diverged (ahead/behind)
+description: Update OpenClaw from upstream when branch has diverged (ahead/behind)
 ---
 
-# Clawdbot Upstream Sync Workflow
+# OpenClaw Upstream Sync Workflow
 
 Use this workflow when your fork has diverged from upstream (e.g., "18 commits ahead, 29 commits behind").
 
@@ -132,16 +132,16 @@ pnpm mac:package
 
 ```bash
 # Kill running app
-pkill -x "Clawdbot" || true
+pkill -x "OpenClaw" || true
 
 # Move old version
-mv /Applications/Clawdbot.app /tmp/Clawdbot-backup.app
+mv /Applications/OpenClaw.app /tmp/OpenClaw-backup.app
 
 # Install new build
-cp -R dist/Clawdbot.app /Applications/
+cp -R dist/OpenClaw.app /Applications/
 
 # Launch
-open /Applications/Clawdbot.app
+open /Applications/OpenClaw.app
 ```
 
 ---
@@ -235,7 +235,7 @@ If upstream introduced new model configurations:
 # Check for OpenRouter API key requirements
 grep -r "openrouter\|OPENROUTER" src/ --include="*.ts" --include="*.js"
 
-# Update clawdbot.json with fallback chains
+# Update openclaw.json with fallback chains
 # Add model fallback configurations as needed
 ```
 

.github/CODEOWNERS

@@ -1,6 +1,51 @@
 # Protect the ownership rules themselves.
 /.github/CODEOWNERS @steipete
 
+# WARNING: GitHub CODEOWNERS uses last-match-wins semantics.
+# If you add overlapping rules below the secops block, include @openclaw/secops
+# on those entries too or you can silently remove required secops review.
+# Security-sensitive code, config, and docs require secops review.
+/SECURITY.md @openclaw/secops
+/.github/dependabot.yml @openclaw/secops
+/.github/codeql/ @openclaw/secops
+/.github/workflows/codeql.yml @openclaw/secops
+/src/security/ @openclaw/secops
+/src/secrets/ @openclaw/secops
+/src/config/*secret*.ts @openclaw/secops
+/src/config/**/*secret*.ts @openclaw/secops
+/src/gateway/*auth*.ts @openclaw/secops
+/src/gateway/**/*auth*.ts @openclaw/secops
+/src/gateway/*secret*.ts @openclaw/secops
+/src/gateway/**/*secret*.ts @openclaw/secops
+/src/gateway/security-path*.ts @openclaw/secops
+/src/gateway/resolve-configured-secret-input-string*.ts @openclaw/secops
+/src/gateway/protocol/**/*secret*.ts @openclaw/secops
+/src/gateway/server-methods/secrets*.ts @openclaw/secops
+/src/agents/*auth*.ts @openclaw/secops
+/src/agents/**/*auth*.ts @openclaw/secops
+/src/agents/auth-profiles*.ts @openclaw/secops
+/src/agents/auth-health*.ts @openclaw/secops
+/src/agents/auth-profiles/ @openclaw/secops
+/src/agents/sandbox.ts @openclaw/secops
+/src/agents/sandbox-*.ts @openclaw/secops
+/src/agents/sandbox/ @openclaw/secops
+/src/infra/secret-file*.ts @openclaw/secops
+/src/cron/stagger.ts @openclaw/secops
+/src/cron/service/jobs.ts @openclaw/secops
+/docs/security/ @openclaw/secops
+/docs/gateway/authentication.md @openclaw/secops
+/docs/gateway/sandbox-vs-tool-policy-vs-elevated.md @openclaw/secops
+/docs/gateway/sandboxing.md @openclaw/secops
+/docs/gateway/secrets-plan-contract.md @openclaw/secops
+/docs/gateway/secrets.md @openclaw/secops
+/docs/gateway/security/ @openclaw/secops
+/docs/cli/approvals.md @openclaw/secops
+/docs/cli/sandbox.md @openclaw/secops
+/docs/cli/security.md @openclaw/secops
+/docs/cli/secrets.md @openclaw/secops
+/docs/reference/secretref-credential-surface.md @openclaw/secops
+/docs/reference/secretref-user-supplied-credentials-matrix.json @openclaw/secops
+
 # Release workflow and its supporting release-path checks.
 /.github/workflows/openclaw-npm-release.yml @openclaw/openclaw-release-managers
 /docs/reference/RELEASING.md @openclaw/openclaw-release-managers

.github/workflows/ci.yml

@@ -159,6 +159,9 @@ jobs:
           - runtime: node
             task: extensions
             command: pnpm test:extensions
+          - runtime: node
+            task: channels
+            command: pnpm test:channels
           - runtime: node
             task: protocol
             command: pnpm protocol:check

.github/workflows/docker-release.yml

@@ -59,7 +59,9 @@ jobs:
     environment: docker-release
     steps:
       - name: Approve Docker backfill
-        run: echo "Approved Docker backfill for ${{ inputs.tag }}"
+        env:
+          RELEASE_TAG: ${{ inputs.tag }}
+        run: echo "Approved Docker backfill for $RELEASE_TAG"
 
   # KEEP THIS WORKFLOW ON GITHUB-HOSTED RUNNERS.
   # DO NOT MOVE IT BACK TO BLACKSMITH WITHOUT RE-VALIDATING TAG BUILDS AND BACKFILLS.

.github/workflows/openclaw-npm-release.yml

@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
     inputs:
       tag:
-        description: Release tag to publish (for example v2026.3.14 or v2026.3.14-beta.1)
+        description: Release tag to publish (for example v2026.3.14, v2026.3.14-beta.1, or fallback v2026.3.14-1)
         required: true
         type: string
 
@@ -47,9 +47,18 @@ jobs:
           set -euo pipefail
           RELEASE_SHA=$(git rev-parse HEAD)
           PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          if [[ "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*-[1-9][0-9]*$ ]]; then
+            TAG_KIND="fallback correction"
+          else
+            TAG_KIND="standard"
+          fi
           echo "Release plan for ${RELEASE_TAG}:"
           echo "Resolved release SHA: ${RELEASE_SHA}"
           echo "Resolved package version: ${PACKAGE_VERSION}"
+          echo "Resolved tag kind: ${TAG_KIND}"
+          if [[ "${TAG_KIND}" == "fallback correction" ]]; then
+            echo "Correction tag note: npm version remains ${PACKAGE_VERSION}"
+          fi
           echo "Would run: git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main"
           echo "Would run with env: RELEASE_SHA=${RELEASE_SHA} RELEASE_TAG=${RELEASE_TAG} RELEASE_MAIN_REF=origin/main pnpm release:openclaw:npm:check"
           echo "Would run: npm view openclaw@${PACKAGE_VERSION} version"
@@ -71,16 +80,31 @@ jobs:
           pnpm release:openclaw:npm:check
 
       - name: Ensure version is not already published
+        env:
+          RELEASE_TAG: ${{ github.ref_name }}
         run: |
           set -euxo pipefail
           PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          IS_CORRECTION_TAG=0
+          if [[ "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*-[1-9][0-9]*$ ]]; then
+            IS_CORRECTION_TAG=1
+          fi
 
           if npm view "openclaw@${PACKAGE_VERSION}" version >/dev/null 2>&1; then
+            if [[ "${IS_CORRECTION_TAG}" == "1" ]]; then
+              echo "openclaw@${PACKAGE_VERSION} is already published on npm."
+              echo "Correction tag ${RELEASE_TAG} is allowed as a fallback release tag, so preview will continue without treating this as an error."
+              exit 0
+            fi
             echo "openclaw@${PACKAGE_VERSION} is already published on npm."
             exit 1
           fi
 
+          if [[ "${IS_CORRECTION_TAG}" == "1" ]]; then
+            echo "Previewing fallback correction tag ${RELEASE_TAG} for npm version openclaw@${PACKAGE_VERSION}"
+          else
             echo "Previewing openclaw@${PACKAGE_VERSION}"
+          fi
 
       - name: Check
         run: |
@@ -114,7 +138,7 @@ jobs:
           RELEASE_TAG: ${{ inputs.tag }}
         run: |
           set -euo pipefail
-          if [[ ! "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*(-beta\.[1-9][0-9]*)?$ ]]; then
+          if [[ ! "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*((-beta\.[1-9][0-9]*)|(-[1-9][0-9]*))?$ ]]; then
             echo "Invalid release tag format: ${RELEASE_TAG}"
             exit 1
           fi

.github/workflows/workflow-sanity.yml

@@ -4,6 +4,7 @@ on:
   pull_request:
   push:
     branches: [main]
+  workflow_dispatch:
 
 concurrency:
   group: workflow-sanity-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
@@ -14,6 +15,7 @@ env:
 
 jobs:
   no-tabs:
+    if: github.event_name != 'workflow_dispatch'
     runs-on: blacksmith-16vcpu-ubuntu-2404
     steps:
       - name: Checkout
@@ -45,6 +47,7 @@ jobs:
           PY
 
   actionlint:
+    if: github.event_name != 'workflow_dispatch'
     runs-on: blacksmith-16vcpu-ubuntu-2404
     steps:
       - name: Checkout
@@ -68,3 +71,19 @@ jobs:
 
       - name: Disallow direct inputs interpolation in composite run blocks
         run: python3 scripts/check-composite-action-input-interpolation.py
+
+  config-docs-drift:
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: blacksmith-16vcpu-ubuntu-2404
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup Node environment
+        uses: ./.github/actions/setup-node-env
+        with:
+          install-bun: "false"
+          use-sticky-disk: "false"
+
+      - name: Check config docs drift statefile
+        run: pnpm config:docs:check

.secrets.baseline

@@ -12314,14 +12314,14 @@
         "filename": "src/config/schema.help.ts",
         "hashed_secret": "9f4cda226d3868676ac7f86f59e4190eb94bd208",
         "is_verified": false,
-        "line_number": 653
+        "line_number": 657
       },
       {
         "type": "Secret Keyword",
         "filename": "src/config/schema.help.ts",
         "hashed_secret": "01822c8bbf6a8b136944b14182cb885100ec2eae",
         "is_verified": false,
-        "line_number": 686
+        "line_number": 690
       }
     ],
     "src/config/schema.irc.ts": [
@@ -12360,14 +12360,14 @@
         "filename": "src/config/schema.labels.ts",
         "hashed_secret": "e73c9fcad85cd4eecc74181ec4bdb31064d68439",
         "is_verified": false,
-        "line_number": 217
+        "line_number": 219
       },
       {
         "type": "Secret Keyword",
         "filename": "src/config/schema.labels.ts",
         "hashed_secret": "2eda7cd978f39eebec3bf03e4410a40e14167fff",
         "is_verified": false,
-        "line_number": 326
+        "line_number": 328
       }
     ],
     "src/config/slack-http-config.test.ts": [

AGENTS.md

@@ -9,6 +9,7 @@
 - PR review conversations: if a bot leaves review conversations on your PR, address them and resolve those conversations yourself once fixed. Leave a conversation unresolved only when reviewer or maintainer judgment is still needed; do not leave bot-conversation cleanup to maintainers.
 - GitHub searching footgun: don't limit yourself to the first 500 issues or PRs when wanting to search all. Unless you're supposed to look at the most recent, keep going until you've reached the last page in the search
 - Security advisory analysis: before triage/severity decisions, read `SECURITY.md` to align with OpenClaw's trust model and design boundaries.
+- Do not edit files covered by security-focused `CODEOWNERS` rules unless a listed owner explicitly asked for the change or is already reviewing it with you. Treat those paths as restricted surfaces, not drive-by cleanup.
 
 ## Auto-close labels (issues and PRs)
 

CHANGELOG.md

@@ -6,18 +6,45 @@ Docs: https://docs.openclaw.ai
 
 ### Changes
 
+- Android/mobile: add a system-aware dark theme across onboarding and post-onboarding screens so the app follows the device theme through setup, chat, and voice flows. (#46249) Thanks @sibbl.
 - Commands/btw: add `/btw` side questions for quick tool-less answers about the current session without changing future session context, with dismissible in-session TUI answers and explicit BTW replies on external channels. (#45444) Thanks @ngutman.
+- Gateway/health monitor: add configurable stale-event thresholds and restart limits, plus per-channel and per-account `healthMonitor.enabled` overrides, while keeping the existing global disable path on `gateway.channelHealthCheckMinutes=0`. (#42107) Thanks @rstar327.
+- Feishu/cards: add identity-aware structured card headers and note footers for Feishu replies and direct sends, while keeping that presentation wired through the shared outbound identity path. (#29938) Thanks @nszhsl.
+- Feishu/streaming: add `onReasoningStream` and `onReasoningEnd` support to streaming cards, so `/reasoning stream` renders thinking tokens as markdown blockquotes in the same card — matching the Telegram channel's reasoning lane behavior.
 - Refactor/channels: remove the legacy channel shim directories and point channel-specific imports directly at the extension-owned implementations. (#45967) thanks @scoootscooob.
+- Android/nodes: add `callLog.search` plus shared Call Log permission wiring so Android nodes can search recent call history through the gateway. (#44073) Thanks @lxk7280.
 
 ### Fixes
 
-- Z.AI/onboarding: detect a working default model even for explicit `zai-coding-*` endpoint choices, so Coding Plan setup can keep the selected endpoint while defaulting to `glm-5` when available or `glm-4.7` as fallback. (#45969)
 - Control UI/chat sessions: show human-readable labels in the grouped session dropdown again, keep unique scoped fallbacks when metadata is missing, and disambiguate duplicate labels only when needed. (#45130) thanks @luzhidong.
+- Slack/interactive replies: preserve `channelData.slack.blocks` through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. Thanks @vincentkoc.
+- Feishu/topic threads: fetch full thread context, including prior bot replies, when starting a topic-thread session so follow-up turns in Feishu topics keep the right conversation state. Thanks @Coobiw.
 - Configure/startup: move outbound send-deps resolution into a lightweight helper so `openclaw configure` no longer stalls after the banner while eagerly loading channel plugins. (#46301) thanks @scoootscooob.
+- Control UI/dashboard: preserve structured gateway shutdown reasons across restart disconnects so config-triggered restarts no longer fall back to `disconnected (1006): no reason`. (#46532) Thanks @vincentkoc.
+- Android/chat: theme the thinking dropdown and TLS trust dialogs explicitly so popup surfaces match the active app theme instead of falling back to mismatched Material defaults.
+- Z.AI/onboarding: detect a working default model even for explicit `zai-coding-*` endpoint choices, so Coding Plan setup can keep the selected endpoint while defaulting to `glm-5` when available or `glm-4.7` as fallback. (#45969)
+- Models/OpenRouter runtime capabilities: fetch uncatalogued OpenRouter model metadata on first use so newly added vision models keep image input instead of silently degrading to text-only, with top-level capability field fallbacks for `/api/v1/models`. (#45824) Thanks @DJjjjhao.
+- Z.AI/onboarding: add `glm-5-turbo` to the default Z.AI provider catalog so onboarding-generated configs expose the new model alongside the existing GLM defaults. (#46670) Thanks @tomsun28.
+- Zalo Personal/group gating: stop reapplying `dmPolicy.allowFrom` as a sender gate for already-allowlisted groups when `groupAllowFrom` is unset, so any member of an allowed group can trigger replies while DMs stay restricted. (#40146)
+- Plugins/install precedence: keep bundled plugins ahead of auto-discovered globals by default, but let an explicitly installed plugin record win its own duplicate-id tie so installed channel plugins load from `~/.openclaw/extensions` after `openclaw plugins install`.
+- macOS/canvas actions: keep unattended local agent actions on trusted in-app canvas surfaces only, and stop exposing the deep-link fallback key to arbitrary page scripts. Thanks @vincentkoc.
+- Agents/compaction: extend the enclosing run deadline once while compaction is actively in flight, and abort the underlying SDK compaction on timeout/cancel so large-session compactions stop freezing mid-run. (#46889) Thanks @asyncjason.
+- Models/openai-completions: default non-native OpenAI-compatible providers to omit tool-definition `strict` fields unless users explicitly opt back in, so tool calling keeps working on providers that reject that option. (#45497) Thanks @sahancava.
+- WhatsApp/reconnect: restore the append recency filter in the extension inbox monitor and handle protobuf `Long` timestamps correctly, so fresh post-reconnect append messages are processed while stale history sync stays suppressed. (#42588) thanks @MonkeyLeeT.
+- WhatsApp/login: wait for pending creds writes before reopening after Baileys `515` pairing restarts in both QR login and `channels login` flows, and keep the restart coverage pinned to the real wrapped error shape plus per-account creds queues. (#27910) Thanks @asyncjason.
+- Agents/openai-compatible tool calls: deduplicate repeated tool call ids across live assistant messages and replayed history so OpenAI-compatible backends no longer reject duplicate `tool_call_id` values with HTTP 400. (#40996) Thanks @xaeon2026.
 
 ### Fixes
 
 - Slack/interactive replies: preserve `channelData.slack.blocks` through live DM delivery and preview-finalized edits so Block Kit button and select directives render instead of falling back to raw text. Thanks @vincentkoc.
+- Zalo/plugin runtime: export `resolveClientIp` from `openclaw/plugin-sdk/zalo` so installed builds no longer crash on startup when the webhook monitor loads from the packaged extension instead of the monorepo source tree. (#46549) Thanks @No898.
+- CI/channel test routing: move the built-in channel suites into `test:channels` and keep them out of `test:extensions`, so extension CI no longer fails after the channel migration while targeted test routing still sends Slack, Signal, and iMessage suites to the right lane. (#46066) Thanks @scoootscooob.
+- Browser/profiles: drop the auto-created `chrome-relay` browser profile; users who need the Chrome extension relay must now create their own profile via `openclaw browser create-profile`. (#45777) Thanks @odysseus0.
+- Docs/Mintlify: fix MDX marker syntax on Perplexity, Model Providers, Moonshot, and exec approvals pages so local docs preview no longer breaks rendering or leaves stale pages unpublished. (#46695) Thanks @velvet-shark.
+- Email/webhook wrapping: sanitize sender and subject metadata before external-content wrapping so metadata fields cannot break the wrapper structure. Thanks @vincentkoc.
+- Node/startup: remove leftover debug `console.log("node host PATH: ...")` that printed the resolved PATH on every `openclaw node run` invocation. (#46411)
+- Telegram/message send: forward `--force-document` through the `sendPayload` path as well as `sendMedia`, so Telegram payload sends with `channelData` keep uploading images as documents instead of silently falling back to compressed photo sends. (#47119) Thanks @thepagent.
+- Telegram/message chunking: preserve spaces, paragraph separators, and word boundaries when HTML overflow rechunking splits formatted replies. (#47274)
 
 ## 2026.3.13
 
@@ -91,6 +118,10 @@ Docs: https://docs.openclaw.ai
 - Telegram/media errors: redact Telegram file URLs before building media fetch errors so failed inbound downloads do not leak bot tokens into logs. Thanks @space08.
 - Agents/failover: normalize abort-wrapped `429 RESOURCE_EXHAUSTED` provider failures before abort short-circuiting so wrapped Google/Vertex rate limits continue across configured fallback models, including the embedded runner prompt-error path. (#39820) Thanks @lupuletic.
 - Mattermost/thread routing: non-inbound reply paths (TUI/WebUI turns, tool-call callbacks, subagent responses) now correctly route to the originating Mattermost thread when `replyToMode: "all"` is active; also prevents stale `origin.threadId` metadata from resurrecting cleared thread routes. (#44283) thanks @teconomix
+- Gateway/websocket pairing bypass for disabled auth: skip device-pairing enforcement when `gateway.auth.mode=none` so Control UI connections behind reverse proxies no longer get stuck on `pairing required` (code 1008) despite auth being explicitly disabled. (#42931)
+- Auth/login lockout recovery: clear stale `auth_permanent` and `billing` disabled state for all profiles matching the target provider when `openclaw models auth login` is invoked, so users locked out by expired or revoked OAuth tokens can recover by re-authenticating instead of waiting for the cooldown timer to expire. (#43057)
+- Auto-reply/context-engine compaction: persist the exact embedded-run metadata compaction count for main and followup runner session accounting, so metadata-only auto-compactions no longer undercount multi-compaction runs. (#42629) thanks @uf-hy.
+- Auth/Codex CLI reuse: sync reused Codex CLI credentials into the supported `openai-codex:default` OAuth profile instead of reviving the deprecated `openai-codex:codex-cli` slot, so doctor cleanup no longer loops. (#45353) thanks @Gugu-sugar.
 
 ## 2026.3.12
 
@@ -323,6 +354,7 @@ Docs: https://docs.openclaw.ai
 - Agents/failover: classify HTTP 422 malformed-request responses as `format` and recognize OpenRouter "requires more credits" billing errors so provider fallback triggers instead of surfacing raw errors. (#43823) thanks @jnMetaCode.
 - Memory/QMD Windows: fail closed when `qmd.cmd` or `mcporter.cmd` wrappers cannot be resolved to a direct entrypoint, so memory search no longer falls back to shell execution on Windows.
 - macOS/remote gateway: stop PortGuardian from killing Docker Desktop and other external listeners on the gateway port in remote mode, so containerized and tunneled gateway setups no longer lose their port-forward owner on app startup. (#6755) Thanks @teslamint.
+- Feishu/streaming recovery: clear stale `streamingStartPromise` when card creation fails (HTTP 400) so subsequent messages can retry streaming instead of silently dropping all future replies. Fixes #43322.
 
 ## 2026.3.8
 

CONTRIBUTING.md

@@ -76,6 +76,9 @@ Welcome to the lobster tank! 🦞
 - **Tengji (George) Zhang** - Chinese model APIs, cloud, pi
   - GitHub: [@odysseus0](https://github.com/odysseus0) · X: [@odysseus0z](https://x.com/odysseus0z)
 
+- **Andrew (Bubbles) Demczuk** - Agents/Gateway/TTS/VTT
+  - GitHub: [@ademczuk](https://github.com/ademczuk) · X: [@ademczuk](https://x.com/ademczuk)
+
 ## How to Contribute
 
 1. **Bugs & small fixes** → Open a PR!
@@ -93,6 +96,7 @@ Welcome to the lobster tank! 🦞
 - Reply to or resolve bot review conversations you addressed before asking for review again
 - **Include screenshots** — one showing the problem/before, one showing the fix/after (for UI or visual changes)
 - Use American English spelling and grammar in code, comments, docs, and UI strings
+- Do not edit files covered by `CODEOWNERS` security ownership unless a listed owner explicitly asked for the change or is already reviewing it with you. Treat those paths as restricted review surfaces, not opportunistic cleanup targets.
 
 ## Review Conversations Are Author-Owned
 

Dockerfile

@@ -134,7 +134,7 @@ RUN --mount=type=cache,id=openclaw-bookworm-apt-cache,target=/var/cache/apt,shar
     apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get upgrade -y --no-install-recommends && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
-      procps hostname curl git openssl
+      procps hostname curl git lsof openssl
 
 RUN chown node:node /app
 

README.md

@@ -2,8 +2,8 @@
 
 <p align="center">
     <picture>
-        <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/openclaw/openclaw/main/docs/assets/openclaw-logo-text-dark.png">
-        <img src="https://raw.githubusercontent.com/openclaw/openclaw/main/docs/assets/openclaw-logo-text.png" alt="OpenClaw" width="500">
+        <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/openclaw/openclaw/main/docs/assets/openclaw-logo-text-dark.svg">
+        <img src="https://raw.githubusercontent.com/openclaw/openclaw/main/docs/assets/openclaw-logo-text.svg" alt="OpenClaw" width="500">
     </picture>
 </p>
 

apps/android/app/src/main/AndroidManifest.xml

@@ -19,6 +19,7 @@
         android:maxSdkVersion="32" />
     <uses-permission android:name="android.permission.READ_CONTACTS" />
     <uses-permission android:name="android.permission.WRITE_CONTACTS" />
+    <uses-permission android:name="android.permission.READ_CALL_LOG" />
     <uses-permission android:name="android.permission.READ_CALENDAR" />
     <uses-permission android:name="android.permission.WRITE_CALENDAR" />
     <uses-permission android:name="android.permission.ACTIVITY_RECOGNITION" />

apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt

@@ -110,6 +110,10 @@ class NodeRuntime(context: Context) {
     appContext = appContext,
   )
 
+  private val callLogHandler: CallLogHandler = CallLogHandler(
+    appContext = appContext,
+  )
+
   private val motionHandler: MotionHandler = MotionHandler(
     appContext = appContext,
   )
@@ -151,6 +155,7 @@ class NodeRuntime(context: Context) {
     smsHandler = smsHandlerImpl,
     a2uiHandler = a2uiHandler,
     debugHandler = debugHandler,
+    callLogHandler = callLogHandler,
     isForeground = { _isForeground.value },
     cameraEnabled = { cameraEnabled.value },
     locationEnabled = { locationMode.value != LocationMode.Off },

apps/android/app/src/main/java/ai/openclaw/app/node/CallLogHandler.kt

@@ -0,0 +1,247 @@
+package ai.openclaw.app.node
+
+import android.Manifest
+import android.content.Context
+import android.provider.CallLog
+import androidx.core.content.ContextCompat
+import ai.openclaw.app.gateway.GatewaySession
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.JsonArray
+import kotlinx.serialization.json.JsonObject
+import kotlinx.serialization.json.JsonPrimitive
+import kotlinx.serialization.json.buildJsonObject
+import kotlinx.serialization.json.buildJsonArray
+import kotlinx.serialization.json.put
+
+private const val DEFAULT_CALL_LOG_LIMIT = 25
+
+internal data class CallLogRecord(
+  val number: String?,
+  val cachedName: String?,
+  val date: Long,
+  val duration: Long,
+  val type: Int,
+)
+
+internal data class CallLogSearchRequest(
+  val limit: Int, // Number of records to return
+  val offset: Int, // Offset value
+  val cachedName: String?, // Search by contact name
+  val number: String?, // Search by phone number
+  val date: Long?, // Search by time (timestamp, deprecated, use dateStart/dateEnd)
+  val dateStart: Long?, // Query start time (timestamp)
+  val dateEnd: Long?, // Query end time (timestamp)
+  val duration: Long?, // Search by duration (seconds)
+  val type: Int?, // Search by call log type
+)
+
+internal interface CallLogDataSource {
+  fun hasReadPermission(context: Context): Boolean
+
+  fun search(context: Context, request: CallLogSearchRequest): List<CallLogRecord>
+}
+
+private object SystemCallLogDataSource : CallLogDataSource {
+  override fun hasReadPermission(context: Context): Boolean {
+    return ContextCompat.checkSelfPermission(
+      context,
+      Manifest.permission.READ_CALL_LOG
+    ) == android.content.pm.PackageManager.PERMISSION_GRANTED
+  }
+
+  override fun search(context: Context, request: CallLogSearchRequest): List<CallLogRecord> {
+    val resolver = context.contentResolver
+    val projection = arrayOf(
+      CallLog.Calls.NUMBER,
+      CallLog.Calls.CACHED_NAME,
+      CallLog.Calls.DATE,
+      CallLog.Calls.DURATION,
+      CallLog.Calls.TYPE,
+    )
+
+    // Build selection and selectionArgs for filtering
+    val selections = mutableListOf<String>()
+    val selectionArgs = mutableListOf<String>()
+
+    request.cachedName?.let {
+      selections.add("${CallLog.Calls.CACHED_NAME} LIKE ?")
+      selectionArgs.add("%$it%")
+    }
+
+    request.number?.let {
+      selections.add("${CallLog.Calls.NUMBER} LIKE ?")
+      selectionArgs.add("%$it%")
+    }
+
+    // Support time range query
+    if (request.dateStart != null && request.dateEnd != null) {
+      selections.add("${CallLog.Calls.DATE} >= ? AND ${CallLog.Calls.DATE} <= ?")
+      selectionArgs.add(request.dateStart.toString())
+      selectionArgs.add(request.dateEnd.toString())
+    } else if (request.dateStart != null) {
+      selections.add("${CallLog.Calls.DATE} >= ?")
+      selectionArgs.add(request.dateStart.toString())
+    } else if (request.dateEnd != null) {
+      selections.add("${CallLog.Calls.DATE} <= ?")
+      selectionArgs.add(request.dateEnd.toString())
+    } else if (request.date != null) {
+      // Compatible with the old date parameter (exact match)
+      selections.add("${CallLog.Calls.DATE} = ?")
+      selectionArgs.add(request.date.toString())
+    }
+
+    request.duration?.let {
+      selections.add("${CallLog.Calls.DURATION} = ?")
+      selectionArgs.add(it.toString())
+    }
+
+    request.type?.let {
+      selections.add("${CallLog.Calls.TYPE} = ?")
+      selectionArgs.add(it.toString())
+    }
+
+    val selection = if (selections.isNotEmpty()) selections.joinToString(" AND ") else null
+    val selectionArgsArray = if (selectionArgs.isNotEmpty()) selectionArgs.toTypedArray() else null
+
+    val sortOrder = "${CallLog.Calls.DATE} DESC"
+
+    resolver.query(
+      CallLog.Calls.CONTENT_URI,
+      projection,
+      selection,
+      selectionArgsArray,
+      sortOrder,
+    ).use { cursor ->
+      if (cursor == null) return emptyList()
+
+      val numberIndex = cursor.getColumnIndex(CallLog.Calls.NUMBER)
+      val cachedNameIndex = cursor.getColumnIndex(CallLog.Calls.CACHED_NAME)
+      val dateIndex = cursor.getColumnIndex(CallLog.Calls.DATE)
+      val durationIndex = cursor.getColumnIndex(CallLog.Calls.DURATION)
+      val typeIndex = cursor.getColumnIndex(CallLog.Calls.TYPE)
+
+      // Skip offset rows
+      if (request.offset > 0 && cursor.moveToPosition(request.offset - 1)) {
+        // Successfully moved to offset position
+      }
+
+      val out = mutableListOf<CallLogRecord>()
+      var count = 0
+      while (cursor.moveToNext() && count < request.limit) {
+        out += CallLogRecord(
+          number = cursor.getString(numberIndex),
+          cachedName = cursor.getString(cachedNameIndex),
+          date = cursor.getLong(dateIndex),
+          duration = cursor.getLong(durationIndex),
+          type = cursor.getInt(typeIndex),
+        )
+        count++
+      }
+      return out
+    }
+  }
+}
+
+class CallLogHandler private constructor(
+  private val appContext: Context,
+  private val dataSource: CallLogDataSource,
+) {
+  constructor(appContext: Context) : this(appContext = appContext, dataSource = SystemCallLogDataSource)
+
+  fun handleCallLogSearch(paramsJson: String?): GatewaySession.InvokeResult {
+    if (!dataSource.hasReadPermission(appContext)) {
+      return GatewaySession.InvokeResult.error(
+        code = "CALL_LOG_PERMISSION_REQUIRED",
+        message = "CALL_LOG_PERMISSION_REQUIRED: grant Call Log permission",
+      )
+    }
+
+    val request = parseSearchRequest(paramsJson)
+      ?: return GatewaySession.InvokeResult.error(
+        code = "INVALID_REQUEST",
+        message = "INVALID_REQUEST: expected JSON object",
+      )
+
+    return try {
+      val callLogs = dataSource.search(appContext, request)
+      GatewaySession.InvokeResult.ok(
+        buildJsonObject {
+          put(
+            "callLogs",
+            buildJsonArray {
+              callLogs.forEach { add(callLogJson(it)) }
+            },
+          )
+        }.toString(),
+      )
+    } catch (err: Throwable) {
+      GatewaySession.InvokeResult.error(
+        code = "CALL_LOG_UNAVAILABLE",
+        message = "CALL_LOG_UNAVAILABLE: ${err.message ?: "call log query failed"}",
+      )
+    }
+  }
+
+  private fun parseSearchRequest(paramsJson: String?): CallLogSearchRequest? {
+    if (paramsJson.isNullOrBlank()) {
+      return CallLogSearchRequest(
+        limit = DEFAULT_CALL_LOG_LIMIT,
+        offset = 0,
+        cachedName = null,
+        number = null,
+        date = null,
+        dateStart = null,
+        dateEnd = null,
+        duration = null,
+        type = null,
+      )
+    }
+
+    val params = try {
+      Json.parseToJsonElement(paramsJson).asObjectOrNull()
+    } catch (_: Throwable) {
+      null
+    } ?: return null
+
+    val limit = ((params["limit"] as? JsonPrimitive)?.content?.toIntOrNull() ?: DEFAULT_CALL_LOG_LIMIT)
+      .coerceIn(1, 200)
+    val offset = ((params["offset"] as? JsonPrimitive)?.content?.toIntOrNull() ?: 0)
+      .coerceAtLeast(0)
+    val cachedName = (params["cachedName"] as? JsonPrimitive)?.content?.takeIf { it.isNotBlank() }
+    val number = (params["number"] as? JsonPrimitive)?.content?.takeIf { it.isNotBlank() }
+    val date = (params["date"] as? JsonPrimitive)?.content?.toLongOrNull()
+    val dateStart = (params["dateStart"] as? JsonPrimitive)?.content?.toLongOrNull()
+    val dateEnd = (params["dateEnd"] as? JsonPrimitive)?.content?.toLongOrNull()
+    val duration = (params["duration"] as? JsonPrimitive)?.content?.toLongOrNull()
+    val type = (params["type"] as? JsonPrimitive)?.content?.toIntOrNull()
+
+    return CallLogSearchRequest(
+      limit = limit,
+      offset = offset,
+      cachedName = cachedName,
+      number = number,
+      date = date,
+      dateStart = dateStart,
+      dateEnd = dateEnd,
+      duration = duration,
+      type = type,
+    )
+  }
+
+  private fun callLogJson(callLog: CallLogRecord): JsonObject {
+    return buildJsonObject {
+      put("number", JsonPrimitive(callLog.number))
+      put("cachedName", JsonPrimitive(callLog.cachedName))
+      put("date", JsonPrimitive(callLog.date))
+      put("duration", JsonPrimitive(callLog.duration))
+      put("type", JsonPrimitive(callLog.type))
+    }
+  }
+
+  companion object {
+    internal fun forTesting(
+      appContext: Context,
+      dataSource: CallLogDataSource,
+    ): CallLogHandler = CallLogHandler(appContext = appContext, dataSource = dataSource)
+  }
+}

apps/android/app/src/main/java/ai/openclaw/app/node/DeviceHandler.kt

@@ -212,6 +212,13 @@ class DeviceHandler(
               promptableWhenDenied = true,
             ),
           )
+          put(
+            "callLog",
+            permissionStateJson(
+              granted = hasPermission(Manifest.permission.READ_CALL_LOG),
+              promptableWhenDenied = true,
+            ),
+          )
           put(
             "motion",
             permissionStateJson(

apps/android/app/src/main/java/ai/openclaw/app/node/InvokeCommandRegistry.kt

@@ -5,6 +5,7 @@ import ai.openclaw.app.protocol.OpenClawCanvasA2UICommand
 import ai.openclaw.app.protocol.OpenClawCanvasCommand
 import ai.openclaw.app.protocol.OpenClawCameraCommand
 import ai.openclaw.app.protocol.OpenClawCapability
+import ai.openclaw.app.protocol.OpenClawCallLogCommand
 import ai.openclaw.app.protocol.OpenClawContactsCommand
 import ai.openclaw.app.protocol.OpenClawDeviceCommand
 import ai.openclaw.app.protocol.OpenClawLocationCommand
@@ -84,6 +85,7 @@ object InvokeCommandRegistry {
         name = OpenClawCapability.Motion.rawValue,
         availability = NodeCapabilityAvailability.MotionAvailable,
       ),
+      NodeCapabilitySpec(name = OpenClawCapability.CallLog.rawValue),
     )
 
   val all: List<InvokeCommandSpec> =
@@ -187,6 +189,9 @@ object InvokeCommandRegistry {
         name = OpenClawSmsCommand.Send.rawValue,
         availability = InvokeCommandAvailability.SmsAvailable,
       ),
+      InvokeCommandSpec(
+        name = OpenClawCallLogCommand.Search.rawValue,
+      ),
       InvokeCommandSpec(
         name = "debug.logs",
         availability = InvokeCommandAvailability.DebugBuild,

apps/android/app/src/main/java/ai/openclaw/app/node/InvokeDispatcher.kt

@@ -5,6 +5,7 @@ import ai.openclaw.app.protocol.OpenClawCalendarCommand
 import ai.openclaw.app.protocol.OpenClawCanvasA2UICommand
 import ai.openclaw.app.protocol.OpenClawCanvasCommand
 import ai.openclaw.app.protocol.OpenClawCameraCommand
+import ai.openclaw.app.protocol.OpenClawCallLogCommand
 import ai.openclaw.app.protocol.OpenClawContactsCommand
 import ai.openclaw.app.protocol.OpenClawDeviceCommand
 import ai.openclaw.app.protocol.OpenClawLocationCommand
@@ -27,6 +28,7 @@ class InvokeDispatcher(
   private val smsHandler: SmsHandler,
   private val a2uiHandler: A2UIHandler,
   private val debugHandler: DebugHandler,
+  private val callLogHandler: CallLogHandler,
   private val isForeground: () -> Boolean,
   private val cameraEnabled: () -> Boolean,
   private val locationEnabled: () -> Boolean,
@@ -161,6 +163,9 @@ class InvokeDispatcher(
       // SMS command
       OpenClawSmsCommand.Send.rawValue -> smsHandler.handleSmsSend(paramsJson)
 
+      // CallLog command
+      OpenClawCallLogCommand.Search.rawValue -> callLogHandler.handleCallLogSearch(paramsJson)
+
       // Debug commands
       "debug.ed25519" -> debugHandler.handleEd25519()
       "debug.logs" -> debugHandler.handleLogs()

apps/android/app/src/main/java/ai/openclaw/app/protocol/OpenClawProtocolConstants.kt

@@ -13,6 +13,7 @@ enum class OpenClawCapability(val rawValue: String) {
   Contacts("contacts"),
   Calendar("calendar"),
   Motion("motion"),
+  CallLog("callLog"),
 }
 
 enum class OpenClawCanvasCommand(val rawValue: String) {
@@ -137,3 +138,12 @@ enum class OpenClawMotionCommand(val rawValue: String) {
     const val NamespacePrefix: String = "motion."
   }
 }
+
+enum class OpenClawCallLogCommand(val rawValue: String) {
+  Search("callLog.search"),
+  ;
+
+  companion object {
+    const val NamespacePrefix: String = "callLog."
+  }
+}

apps/android/app/src/main/java/ai/openclaw/app/ui/ConnectTabScreen.kt

@@ -51,6 +51,7 @@ import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.text.input.KeyboardType
 import androidx.compose.ui.unit.dp
 import ai.openclaw.app.MainViewModel
+import ai.openclaw.app.ui.mobileCardSurface
 
 private enum class ConnectInputMode {
   SetupCode,
@@ -91,20 +92,28 @@ fun ConnectTabScreen(viewModel: MainViewModel) {
     val prompt = pendingTrust!!
     AlertDialog(
       onDismissRequest = { viewModel.declineGatewayTrustPrompt() },
-      title = { Text("Trust this gateway?") },
+      containerColor = mobileCardSurface,
+      title = { Text("Trust this gateway?", style = mobileHeadline, color = mobileText) },
       text = {
         Text(
           "First-time TLS connection.\n\nVerify this SHA-256 fingerprint before trusting:\n${prompt.fingerprintSha256}",
           style = mobileCallout,
+          color = mobileText,
         )
       },
       confirmButton = {
-        TextButton(onClick = { viewModel.acceptGatewayTrustPrompt() }) {
+        TextButton(
+          onClick = { viewModel.acceptGatewayTrustPrompt() },
+          colors = ButtonDefaults.textButtonColors(contentColor = mobileAccent),
+        ) {
           Text("Trust and continue")
         }
       },
       dismissButton = {
-        TextButton(onClick = { viewModel.declineGatewayTrustPrompt() }) {
+        TextButton(
+          onClick = { viewModel.declineGatewayTrustPrompt() },
+          colors = ButtonDefaults.textButtonColors(contentColor = mobileTextSecondary),
+        ) {
           Text("Cancel")
         }
       },
@@ -144,7 +153,7 @@ fun ConnectTabScreen(viewModel: MainViewModel) {
     Surface(
       modifier = Modifier.fillMaxWidth(),
       shape = RoundedCornerShape(14.dp),
-      color = Color.White,
+      color = mobileCardSurface,
       border = BorderStroke(1.dp, mobileBorder),
     ) {
       Column {
@@ -205,7 +214,7 @@ fun ConnectTabScreen(viewModel: MainViewModel) {
         shape = RoundedCornerShape(14.dp),
         colors =
           ButtonDefaults.buttonColors(
-            containerColor = Color.White,
+            containerColor = mobileCardSurface,
             contentColor = mobileDanger,
           ),
         border = BorderStroke(1.dp, mobileDanger.copy(alpha = 0.4f)),
@@ -298,7 +307,7 @@ fun ConnectTabScreen(viewModel: MainViewModel) {
       Surface(
         modifier = Modifier.fillMaxWidth(),
         shape = RoundedCornerShape(14.dp),
-        color = Color.White,
+        color = mobileCardSurface,
         border = BorderStroke(1.dp, mobileBorder),
       ) {
         Column(
@@ -480,7 +489,7 @@ private fun MethodChip(label: String, active: Boolean, onClick: () -> Unit) {
         containerColor = if (active) mobileAccent else mobileSurface,
         contentColor = if (active) Color.White else mobileText,
       ),
-    border = BorderStroke(1.dp, if (active) Color(0xFF184DAF) else mobileBorderStrong),
+    border = BorderStroke(1.dp, if (active) mobileAccentBorderStrong else mobileBorderStrong),
   ) {
     Text(label, style = mobileCaption1.copy(fontWeight = FontWeight.Bold))
   }
@@ -509,10 +518,10 @@ private fun CommandBlock(command: String) {
     modifier = Modifier.fillMaxWidth(),
     shape = RoundedCornerShape(12.dp),
     color = mobileCodeBg,
-    border = BorderStroke(1.dp, Color(0xFF2B2E35)),
+    border = BorderStroke(1.dp, mobileCodeBorder),
   ) {
     Row(modifier = Modifier.fillMaxWidth(), verticalAlignment = Alignment.CenterVertically) {
-      Box(modifier = Modifier.width(3.dp).height(42.dp).background(Color(0xFF3FC97A)))
+      Box(modifier = Modifier.width(3.dp).height(42.dp).background(mobileCodeAccent))
       Text(
         text = command,
         modifier = Modifier.padding(horizontal = 12.dp, vertical = 10.dp),

apps/android/app/src/main/java/ai/openclaw/app/ui/MobileUiTokens.kt

@@ -1,5 +1,7 @@
 package ai.openclaw.app.ui
 
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.staticCompositionLocalOf
 import androidx.compose.ui.graphics.Brush
 import androidx.compose.ui.graphics.Color
 import androidx.compose.ui.text.TextStyle
@@ -9,32 +11,147 @@ import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.unit.sp
 import ai.openclaw.app.R
 
-internal val mobileBackgroundGradient =
-  Brush.verticalGradient(
-    listOf(
-      Color(0xFFFFFFFF),
-      Color(0xFFF7F8FA),
-      Color(0xFFEFF1F5),
-    ),
+// ---------------------------------------------------------------------------
+// MobileColors – semantic color tokens with light + dark variants
+// ---------------------------------------------------------------------------
+
+internal data class MobileColors(
+  val surface: Color,
+  val surfaceStrong: Color,
+  val cardSurface: Color,
+  val border: Color,
+  val borderStrong: Color,
+  val text: Color,
+  val textSecondary: Color,
+  val textTertiary: Color,
+  val accent: Color,
+  val accentSoft: Color,
+  val accentBorderStrong: Color,
+  val success: Color,
+  val successSoft: Color,
+  val warning: Color,
+  val warningSoft: Color,
+  val danger: Color,
+  val dangerSoft: Color,
+  val codeBg: Color,
+  val codeText: Color,
+  val codeBorder: Color,
+  val codeAccent: Color,
+  val chipBorderConnected: Color,
+  val chipBorderConnecting: Color,
+  val chipBorderWarning: Color,
+  val chipBorderError: Color,
 )
 
-internal val mobileSurface = Color(0xFFF6F7FA)
-internal val mobileSurfaceStrong = Color(0xFFECEEF3)
-internal val mobileBorder = Color(0xFFE5E7EC)
-internal val mobileBorderStrong = Color(0xFFD6DAE2)
-internal val mobileText = Color(0xFF17181C)
-internal val mobileTextSecondary = Color(0xFF5D6472)
-internal val mobileTextTertiary = Color(0xFF99A0AE)
-internal val mobileAccent = Color(0xFF1D5DD8)
-internal val mobileAccentSoft = Color(0xFFECF3FF)
-internal val mobileSuccess = Color(0xFF2F8C5A)
-internal val mobileSuccessSoft = Color(0xFFEEF9F3)
-internal val mobileWarning = Color(0xFFC8841A)
-internal val mobileWarningSoft = Color(0xFFFFF8EC)
-internal val mobileDanger = Color(0xFFD04B4B)
-internal val mobileDangerSoft = Color(0xFFFFF2F2)
-internal val mobileCodeBg = Color(0xFF15171B)
-internal val mobileCodeText = Color(0xFFE8EAEE)
+internal fun lightMobileColors() =
+  MobileColors(
+    surface = Color(0xFFF6F7FA),
+    surfaceStrong = Color(0xFFECEEF3),
+    cardSurface = Color(0xFFFFFFFF),
+    border = Color(0xFFE5E7EC),
+    borderStrong = Color(0xFFD6DAE2),
+    text = Color(0xFF17181C),
+    textSecondary = Color(0xFF5D6472),
+    textTertiary = Color(0xFF99A0AE),
+    accent = Color(0xFF1D5DD8),
+    accentSoft = Color(0xFFECF3FF),
+    accentBorderStrong = Color(0xFF184DAF),
+    success = Color(0xFF2F8C5A),
+    successSoft = Color(0xFFEEF9F3),
+    warning = Color(0xFFC8841A),
+    warningSoft = Color(0xFFFFF8EC),
+    danger = Color(0xFFD04B4B),
+    dangerSoft = Color(0xFFFFF2F2),
+    codeBg = Color(0xFF15171B),
+    codeText = Color(0xFFE8EAEE),
+    codeBorder = Color(0xFF2B2E35),
+    codeAccent = Color(0xFF3FC97A),
+    chipBorderConnected = Color(0xFFCFEBD8),
+    chipBorderConnecting = Color(0xFFD5E2FA),
+    chipBorderWarning = Color(0xFFEED8B8),
+    chipBorderError = Color(0xFFF3C8C8),
+  )
+
+internal fun darkMobileColors() =
+  MobileColors(
+    surface = Color(0xFF1A1C20),
+    surfaceStrong = Color(0xFF24262B),
+    cardSurface = Color(0xFF1E2024),
+    border = Color(0xFF2E3038),
+    borderStrong = Color(0xFF3A3D46),
+    text = Color(0xFFE4E5EA),
+    textSecondary = Color(0xFFA0A6B4),
+    textTertiary = Color(0xFF6B7280),
+    accent = Color(0xFF6EA8FF),
+    accentSoft = Color(0xFF1A2A44),
+    accentBorderStrong = Color(0xFF5B93E8),
+    success = Color(0xFF5FBB85),
+    successSoft = Color(0xFF152E22),
+    warning = Color(0xFFE8A844),
+    warningSoft = Color(0xFF2E2212),
+    danger = Color(0xFFE87070),
+    dangerSoft = Color(0xFF2E1616),
+    codeBg = Color(0xFF111317),
+    codeText = Color(0xFFE8EAEE),
+    codeBorder = Color(0xFF2B2E35),
+    codeAccent = Color(0xFF3FC97A),
+    chipBorderConnected = Color(0xFF1E4A30),
+    chipBorderConnecting = Color(0xFF1E3358),
+    chipBorderWarning = Color(0xFF3E3018),
+    chipBorderError = Color(0xFF3E1E1E),
+  )
+
+internal val LocalMobileColors = staticCompositionLocalOf { lightMobileColors() }
+
+internal object MobileColorsAccessor {
+  val current: MobileColors
+    @Composable get() = LocalMobileColors.current
+}
+
+// ---------------------------------------------------------------------------
+// Backward-compatible top-level accessors (composable getters)
+// ---------------------------------------------------------------------------
+// These allow existing call sites to keep using `mobileSurface`, `mobileText`, etc.
+// without converting every file at once. Each resolves to the themed value.
+
+internal val mobileSurface: Color @Composable get() = LocalMobileColors.current.surface
+internal val mobileSurfaceStrong: Color @Composable get() = LocalMobileColors.current.surfaceStrong
+internal val mobileCardSurface: Color @Composable get() = LocalMobileColors.current.cardSurface
+internal val mobileBorder: Color @Composable get() = LocalMobileColors.current.border
+internal val mobileBorderStrong: Color @Composable get() = LocalMobileColors.current.borderStrong
+internal val mobileText: Color @Composable get() = LocalMobileColors.current.text
+internal val mobileTextSecondary: Color @Composable get() = LocalMobileColors.current.textSecondary
+internal val mobileTextTertiary: Color @Composable get() = LocalMobileColors.current.textTertiary
+internal val mobileAccent: Color @Composable get() = LocalMobileColors.current.accent
+internal val mobileAccentSoft: Color @Composable get() = LocalMobileColors.current.accentSoft
+internal val mobileAccentBorderStrong: Color @Composable get() = LocalMobileColors.current.accentBorderStrong
+internal val mobileSuccess: Color @Composable get() = LocalMobileColors.current.success
+internal val mobileSuccessSoft: Color @Composable get() = LocalMobileColors.current.successSoft
+internal val mobileWarning: Color @Composable get() = LocalMobileColors.current.warning
+internal val mobileWarningSoft: Color @Composable get() = LocalMobileColors.current.warningSoft
+internal val mobileDanger: Color @Composable get() = LocalMobileColors.current.danger
+internal val mobileDangerSoft: Color @Composable get() = LocalMobileColors.current.dangerSoft
+internal val mobileCodeBg: Color @Composable get() = LocalMobileColors.current.codeBg
+internal val mobileCodeText: Color @Composable get() = LocalMobileColors.current.codeText
+internal val mobileCodeBorder: Color @Composable get() = LocalMobileColors.current.codeBorder
+internal val mobileCodeAccent: Color @Composable get() = LocalMobileColors.current.codeAccent
+
+// Background gradient – light fades white→gray, dark fades near-black→dark-gray
+internal val mobileBackgroundGradient: Brush
+  @Composable get() {
+    val colors = LocalMobileColors.current
+    return Brush.verticalGradient(
+      listOf(
+        colors.surface,
+        colors.surfaceStrong,
+        colors.surfaceStrong,
+      ),
+    )
+  }
+
+// ---------------------------------------------------------------------------
+// Typography tokens (theme-independent)
+// ---------------------------------------------------------------------------
 
 internal val mobileFontFamily =
   FontFamily(
@@ -44,6 +161,15 @@ internal val mobileFontFamily =
     Font(resId = R.font.manrope_700_bold, weight = FontWeight.Bold),
   )
 
+internal val mobileDisplay =
+  TextStyle(
+    fontFamily = mobileFontFamily,
+    fontWeight = FontWeight.Bold,
+    fontSize = 34.sp,
+    lineHeight = 40.sp,
+    letterSpacing = (-0.8).sp,
+  )
+
 internal val mobileTitle1 =
   TextStyle(
     fontFamily = mobileFontFamily,

apps/android/app/src/main/java/ai/openclaw/app/ui/OnboardingFlow.kt

@@ -81,7 +81,6 @@ import androidx.compose.ui.Modifier
 import androidx.compose.ui.graphics.Brush
 import androidx.compose.ui.graphics.Color
 import androidx.compose.ui.text.TextStyle
-import androidx.compose.ui.text.font.Font
 import androidx.compose.ui.text.font.FontFamily
 import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.text.input.KeyboardType
@@ -94,7 +93,6 @@ import androidx.lifecycle.LifecycleEventObserver
 import androidx.lifecycle.compose.LocalLifecycleOwner
 import ai.openclaw.app.LocationMode
 import ai.openclaw.app.MainViewModel
-import ai.openclaw.app.R
 import ai.openclaw.app.node.DeviceNotificationListenerService
 import com.google.mlkit.vision.barcode.common.Barcode
 import com.google.mlkit.vision.codescanner.GmsBarcodeScannerOptions
@@ -123,101 +121,87 @@ private enum class PermissionToggle {
   Calendar,
   Motion,
   Sms,
+  CallLog,
 }
 
 private enum class SpecialAccessToggle {
   NotificationListener,
 }
 
-private val onboardingBackgroundGradient =
-  listOf(
-    Color(0xFFFFFFFF),
-    Color(0xFFF7F8FA),
-    Color(0xFFEFF1F5),
-  )
-private val onboardingSurface = Color(0xFFF6F7FA)
-private val onboardingBorder = Color(0xFFE5E7EC)
-private val onboardingBorderStrong = Color(0xFFD6DAE2)
-private val onboardingText = Color(0xFF17181C)
-private val onboardingTextSecondary = Color(0xFF4D5563)
-private val onboardingTextTertiary = Color(0xFF8A92A2)
-private val onboardingAccent = Color(0xFF1D5DD8)
-private val onboardingAccentSoft = Color(0xFFECF3FF)
-private val onboardingSuccess = Color(0xFF2F8C5A)
-private val onboardingWarning = Color(0xFFC8841A)
-private val onboardingCommandBg = Color(0xFF15171B)
-private val onboardingCommandBorder = Color(0xFF2B2E35)
-private val onboardingCommandAccent = Color(0xFF3FC97A)
-private val onboardingCommandText = Color(0xFFE8EAEE)
+private val onboardingBackgroundGradient: Brush
+  @Composable get() = mobileBackgroundGradient
 
-private val onboardingFontFamily =
-  FontFamily(
-    Font(resId = R.font.manrope_400_regular, weight = FontWeight.Normal),
-    Font(resId = R.font.manrope_500_medium, weight = FontWeight.Medium),
-    Font(resId = R.font.manrope_600_semibold, weight = FontWeight.SemiBold),
-    Font(resId = R.font.manrope_700_bold, weight = FontWeight.Bold),
-  )
+private val onboardingSurface: Color
+  @Composable get() = mobileCardSurface
 
-private val onboardingDisplayStyle =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.Bold,
-    fontSize = 34.sp,
-    lineHeight = 40.sp,
-    letterSpacing = (-0.8).sp,
-  )
+private val onboardingBorder: Color
+  @Composable get() = mobileBorder
 
-private val onboardingTitle1Style =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.SemiBold,
-    fontSize = 24.sp,
-    lineHeight = 30.sp,
-    letterSpacing = (-0.5).sp,
-  )
+private val onboardingBorderStrong: Color
+  @Composable get() = mobileBorderStrong
 
-private val onboardingHeadlineStyle =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.SemiBold,
-    fontSize = 16.sp,
-    lineHeight = 22.sp,
-    letterSpacing = (-0.1).sp,
-  )
+private val onboardingText: Color
+  @Composable get() = mobileText
 
-private val onboardingBodyStyle =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.Medium,
-    fontSize = 15.sp,
-    lineHeight = 22.sp,
-  )
+private val onboardingTextSecondary: Color
+  @Composable get() = mobileTextSecondary
 
-private val onboardingCalloutStyle =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.Medium,
-    fontSize = 14.sp,
-    lineHeight = 20.sp,
-  )
+private val onboardingTextTertiary: Color
+  @Composable get() = mobileTextTertiary
 
-private val onboardingCaption1Style =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.Medium,
-    fontSize = 12.sp,
-    lineHeight = 16.sp,
-    letterSpacing = 0.2.sp,
-  )
+private val onboardingAccent: Color
+  @Composable get() = mobileAccent
 
-private val onboardingCaption2Style =
-  TextStyle(
-    fontFamily = onboardingFontFamily,
-    fontWeight = FontWeight.Medium,
-    fontSize = 11.sp,
-    lineHeight = 14.sp,
-    letterSpacing = 0.4.sp,
-  )
+private val onboardingAccentSoft: Color
+  @Composable get() = mobileAccentSoft
+
+private val onboardingAccentBorderStrong: Color
+  @Composable get() = mobileAccentBorderStrong
+
+private val onboardingSuccess: Color
+  @Composable get() = mobileSuccess
+
+private val onboardingSuccessSoft: Color
+  @Composable get() = mobileSuccessSoft
+
+private val onboardingWarning: Color
+  @Composable get() = mobileWarning
+
+private val onboardingWarningSoft: Color
+  @Composable get() = mobileWarningSoft
+
+private val onboardingCommandBg: Color
+  @Composable get() = mobileCodeBg
+
+private val onboardingCommandBorder: Color
+  @Composable get() = mobileCodeBorder
+
+private val onboardingCommandAccent: Color
+  @Composable get() = mobileCodeAccent
+
+private val onboardingCommandText: Color
+  @Composable get() = mobileCodeText
+
+private val onboardingDisplayStyle: TextStyle
+  get() = mobileDisplay
+
+private val onboardingTitle1Style: TextStyle
+  get() = mobileTitle1
+
+private val onboardingHeadlineStyle: TextStyle
+  get() = mobileHeadline
+
+private val onboardingBodyStyle: TextStyle
+  get() = mobileBody
+
+private val onboardingCalloutStyle: TextStyle
+  get() = mobileCallout
+
+private val onboardingCaption1Style: TextStyle
+  get() = mobileCaption1
+
+private val onboardingCaption2Style: TextStyle
+  get() = mobileCaption2
 
 @Composable
 fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
@@ -305,6 +289,10 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
     rememberSaveable {
       mutableStateOf(smsAvailable && isPermissionGranted(context, Manifest.permission.SEND_SMS))
     }
+  var enableCallLog by
+    rememberSaveable {
+      mutableStateOf(isPermissionGranted(context, Manifest.permission.READ_CALL_LOG))
+    }
 
   var pendingPermissionToggle by remember { mutableStateOf<PermissionToggle?>(null) }
   var pendingSpecialAccessToggle by remember { mutableStateOf<SpecialAccessToggle?>(null) }
@@ -321,6 +309,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
       PermissionToggle.Calendar -> enableCalendar = enabled
       PermissionToggle.Motion -> enableMotion = enabled && motionAvailable
       PermissionToggle.Sms -> enableSms = enabled && smsAvailable
+      PermissionToggle.CallLog -> enableCallLog = enabled
     }
   }
 
@@ -348,6 +337,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
           isPermissionGranted(context, Manifest.permission.ACTIVITY_RECOGNITION)
       PermissionToggle.Sms ->
         !smsAvailable || isPermissionGranted(context, Manifest.permission.SEND_SMS)
+      PermissionToggle.CallLog -> isPermissionGranted(context, Manifest.permission.READ_CALL_LOG)
     }
 
   fun setSpecialAccessToggleEnabled(toggle: SpecialAccessToggle, enabled: Boolean) {
@@ -369,6 +359,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
       enableCalendar,
       enableMotion,
       enableSms,
+      enableCallLog,
       smsAvailable,
       motionAvailable,
     ) {
@@ -384,6 +375,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
       if (enableCalendar) enabled += "Calendar"
       if (enableMotion && motionAvailable) enabled += "Motion"
       if (smsAvailable && enableSms) enabled += "SMS"
+      if (enableCallLog) enabled += "Call Log"
       if (enabled.isEmpty()) "None selected" else enabled.joinToString(", ")
     }
 
@@ -472,19 +464,28 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
     val prompt = pendingTrust!!
     AlertDialog(
       onDismissRequest = { viewModel.declineGatewayTrustPrompt() },
-      title = { Text("Trust this gateway?") },
+      containerColor = onboardingSurface,
+      title = { Text("Trust this gateway?", style = onboardingHeadlineStyle, color = onboardingText) },
       text = {
         Text(
           "First-time TLS connection.\n\nVerify this SHA-256 fingerprint before trusting:\n${prompt.fingerprintSha256}",
+          style = onboardingCalloutStyle,
+          color = onboardingText,
         )
       },
       confirmButton = {
-        TextButton(onClick = { viewModel.acceptGatewayTrustPrompt() }) {
+        TextButton(
+          onClick = { viewModel.acceptGatewayTrustPrompt() },
+          colors = ButtonDefaults.textButtonColors(contentColor = onboardingAccent),
+        ) {
           Text("Trust and continue")
         }
       },
       dismissButton = {
-        TextButton(onClick = { viewModel.declineGatewayTrustPrompt() }) {
+        TextButton(
+          onClick = { viewModel.declineGatewayTrustPrompt() },
+          colors = ButtonDefaults.textButtonColors(contentColor = onboardingTextSecondary),
+        ) {
           Text("Cancel")
         }
       },
@@ -495,7 +496,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
     modifier =
       modifier
         .fillMaxSize()
-        .background(Brush.verticalGradient(onboardingBackgroundGradient)),
+        .background(onboardingBackgroundGradient),
   ) {
     Column(
       modifier =
@@ -603,6 +604,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
               motionPermissionRequired = motionPermissionRequired,
               enableSms = enableSms,
               smsAvailable = smsAvailable,
+              enableCallLog = enableCallLog,
               context = context,
               onDiscoveryChange = { checked ->
                 requestPermissionToggle(
@@ -700,6 +702,13 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
                   )
                 }
               },
+              onCallLogChange = { checked ->
+                requestPermissionToggle(
+                  PermissionToggle.CallLog,
+                  checked,
+                  listOf(Manifest.permission.READ_CALL_LOG),
+                )
+              },
             )
           OnboardingStep.FinalCheck ->
             FinalStep(
@@ -755,13 +764,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
               onClick = { step = OnboardingStep.Gateway },
               modifier = Modifier.weight(1f).height(52.dp),
               shape = RoundedCornerShape(14.dp),
-              colors =
-                ButtonDefaults.buttonColors(
-                  containerColor = onboardingAccent,
-                  contentColor = Color.White,
-                  disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
-                  disabledContentColor = Color.White,
-                ),
+              colors = onboardingPrimaryButtonColors(),
             ) {
               Text("Next", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
             }
@@ -807,13 +810,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
               },
               modifier = Modifier.weight(1f).height(52.dp),
               shape = RoundedCornerShape(14.dp),
-              colors =
-                ButtonDefaults.buttonColors(
-                  containerColor = onboardingAccent,
-                  contentColor = Color.White,
-                  disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
-                  disabledContentColor = Color.White,
-                ),
+              colors = onboardingPrimaryButtonColors(),
             ) {
               Text("Next", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
             }
@@ -827,13 +824,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
               },
               modifier = Modifier.weight(1f).height(52.dp),
               shape = RoundedCornerShape(14.dp),
-              colors =
-                ButtonDefaults.buttonColors(
-                  containerColor = onboardingAccent,
-                  contentColor = Color.White,
-                  disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
-                  disabledContentColor = Color.White,
-                ),
+              colors = onboardingPrimaryButtonColors(),
             ) {
               Text("Next", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
             }
@@ -844,13 +835,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
                 onClick = { viewModel.setOnboardingCompleted(true) },
                 modifier = Modifier.weight(1f).height(52.dp),
                 shape = RoundedCornerShape(14.dp),
-                colors =
-                  ButtonDefaults.buttonColors(
-                    containerColor = onboardingAccent,
-                    contentColor = Color.White,
-                    disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
-                    disabledContentColor = Color.White,
-                  ),
+                colors = onboardingPrimaryButtonColors(),
               ) {
                 Text("Finish", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
               }
@@ -883,13 +868,7 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
                 },
                 modifier = Modifier.weight(1f).height(52.dp),
                 shape = RoundedCornerShape(14.dp),
-                colors =
-                  ButtonDefaults.buttonColors(
-                    containerColor = onboardingAccent,
-                    contentColor = Color.White,
-                    disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
-                    disabledContentColor = Color.White,
-                  ),
+                colors = onboardingPrimaryButtonColors(),
               ) {
                 Text("Connect", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
               }
@@ -901,6 +880,36 @@ fun OnboardingFlow(viewModel: MainViewModel, modifier: Modifier = Modifier) {
   }
 }
 
+@Composable
+private fun onboardingPrimaryButtonColors() =
+  ButtonDefaults.buttonColors(
+    containerColor = onboardingAccent,
+    contentColor = Color.White,
+    disabledContainerColor = onboardingAccent.copy(alpha = 0.45f),
+    disabledContentColor = Color.White.copy(alpha = 0.9f),
+  )
+
+@Composable
+private fun onboardingTextFieldColors() =
+  OutlinedTextFieldDefaults.colors(
+    focusedContainerColor = onboardingSurface,
+    unfocusedContainerColor = onboardingSurface,
+    focusedBorderColor = onboardingAccent,
+    unfocusedBorderColor = onboardingBorder,
+    focusedTextColor = onboardingText,
+    unfocusedTextColor = onboardingText,
+    cursorColor = onboardingAccent,
+  )
+
+@Composable
+private fun onboardingSwitchColors() =
+  SwitchDefaults.colors(
+    checkedTrackColor = onboardingAccent,
+    uncheckedTrackColor = onboardingBorderStrong,
+    checkedThumbColor = Color.White,
+    uncheckedThumbColor = Color.White,
+  )
+
 @Composable
 private fun StepRail(current: OnboardingStep) {
   val steps = OnboardingStep.entries
@@ -1005,11 +1014,7 @@ private fun GatewayStep(
       onClick = onScanQrClick,
       modifier = Modifier.fillMaxWidth().height(48.dp),
       shape = RoundedCornerShape(12.dp),
-      colors =
-        ButtonDefaults.buttonColors(
-          containerColor = onboardingAccent,
-          contentColor = Color.White,
-        ),
+      colors = onboardingPrimaryButtonColors(),
     ) {
       Text("Scan QR code", style = onboardingHeadlineStyle.copy(fontWeight = FontWeight.Bold))
     }
@@ -1059,15 +1064,7 @@ private fun GatewayStep(
             textStyle = onboardingBodyStyle.copy(fontFamily = FontFamily.Monospace, color = onboardingText),
             shape = RoundedCornerShape(14.dp),
             colors =
-              OutlinedTextFieldDefaults.colors(
-                focusedContainerColor = onboardingSurface,
-                unfocusedContainerColor = onboardingSurface,
-                focusedBorderColor = onboardingAccent,
-                unfocusedBorderColor = onboardingBorder,
-                focusedTextColor = onboardingText,
-                unfocusedTextColor = onboardingText,
-                cursorColor = onboardingAccent,
-              ),
+              onboardingTextFieldColors(),
           )
           if (!resolvedEndpoint.isNullOrBlank()) {
             ResolvedEndpoint(endpoint = resolvedEndpoint)
@@ -1097,15 +1094,7 @@ private fun GatewayStep(
             textStyle = onboardingBodyStyle.copy(color = onboardingText),
             shape = RoundedCornerShape(14.dp),
             colors =
-              OutlinedTextFieldDefaults.colors(
-                focusedContainerColor = onboardingSurface,
-                unfocusedContainerColor = onboardingSurface,
-                focusedBorderColor = onboardingAccent,
-                unfocusedBorderColor = onboardingBorder,
-                focusedTextColor = onboardingText,
-                unfocusedTextColor = onboardingText,
-                cursorColor = onboardingAccent,
-              ),
+              onboardingTextFieldColors(),
           )
 
           Text("PORT", style = onboardingCaption1Style.copy(letterSpacing = 0.9.sp), color = onboardingTextSecondary)
@@ -1119,15 +1108,7 @@ private fun GatewayStep(
             textStyle = onboardingBodyStyle.copy(fontFamily = FontFamily.Monospace, color = onboardingText),
             shape = RoundedCornerShape(14.dp),
             colors =
-              OutlinedTextFieldDefaults.colors(
-                focusedContainerColor = onboardingSurface,
-                unfocusedContainerColor = onboardingSurface,
-                focusedBorderColor = onboardingAccent,
-                unfocusedBorderColor = onboardingBorder,
-                focusedTextColor = onboardingText,
-                unfocusedTextColor = onboardingText,
-                cursorColor = onboardingAccent,
-              ),
+              onboardingTextFieldColors(),
           )
 
           Row(
@@ -1143,12 +1124,7 @@ private fun GatewayStep(
               checked = manualTls,
               onCheckedChange = onManualTlsChange,
               colors =
-                SwitchDefaults.colors(
-                  checkedTrackColor = onboardingAccent,
-                  uncheckedTrackColor = onboardingBorderStrong,
-                  checkedThumbColor = Color.White,
-                  uncheckedThumbColor = Color.White,
-                ),
+                onboardingSwitchColors(),
             )
           }
 
@@ -1163,15 +1139,7 @@ private fun GatewayStep(
             textStyle = onboardingBodyStyle.copy(color = onboardingText),
             shape = RoundedCornerShape(14.dp),
             colors =
-              OutlinedTextFieldDefaults.colors(
-                focusedContainerColor = onboardingSurface,
-                unfocusedContainerColor = onboardingSurface,
-                focusedBorderColor = onboardingAccent,
-                unfocusedBorderColor = onboardingBorder,
-                focusedTextColor = onboardingText,
-                unfocusedTextColor = onboardingText,
-                cursorColor = onboardingAccent,
-              ),
+              onboardingTextFieldColors(),
           )
 
           Text("PASSWORD (OPTIONAL)", style = onboardingCaption1Style.copy(letterSpacing = 0.9.sp), color = onboardingTextSecondary)
@@ -1185,15 +1153,7 @@ private fun GatewayStep(
             textStyle = onboardingBodyStyle.copy(color = onboardingText),
             shape = RoundedCornerShape(14.dp),
             colors =
-              OutlinedTextFieldDefaults.colors(
-                focusedContainerColor = onboardingSurface,
-                unfocusedContainerColor = onboardingSurface,
-                focusedBorderColor = onboardingAccent,
-                unfocusedBorderColor = onboardingBorder,
-                focusedTextColor = onboardingText,
-                unfocusedTextColor = onboardingText,
-                cursorColor = onboardingAccent,
-              ),
+              onboardingTextFieldColors(),
           )
 
           if (!manualResolvedEndpoint.isNullOrBlank()) {
@@ -1261,7 +1221,7 @@ private fun GatewayModeChip(
         containerColor = if (active) onboardingAccent else onboardingSurface,
         contentColor = if (active) Color.White else onboardingText,
       ),
-    border = androidx.compose.foundation.BorderStroke(1.dp, if (active) Color(0xFF184DAF) else onboardingBorderStrong),
+    border = androidx.compose.foundation.BorderStroke(1.dp, if (active) onboardingAccentBorderStrong else onboardingBorderStrong),
   ) {
     Text(
       text = label,
@@ -1339,6 +1299,7 @@ private fun PermissionsStep(
   motionPermissionRequired: Boolean,
   enableSms: Boolean,
   smsAvailable: Boolean,
+  enableCallLog: Boolean,
   context: Context,
   onDiscoveryChange: (Boolean) -> Unit,
   onLocationChange: (Boolean) -> Unit,
@@ -1351,6 +1312,7 @@ private fun PermissionsStep(
   onCalendarChange: (Boolean) -> Unit,
   onMotionChange: (Boolean) -> Unit,
   onSmsChange: (Boolean) -> Unit,
+  onCallLogChange: (Boolean) -> Unit,
 ) {
   val discoveryPermission = if (Build.VERSION.SDK_INT >= 33) Manifest.permission.NEARBY_WIFI_DEVICES else Manifest.permission.ACCESS_FINE_LOCATION
   val locationGranted =
@@ -1481,6 +1443,15 @@ private fun PermissionsStep(
         onCheckedChange = onSmsChange,
       )
     }
+    InlineDivider()
+    PermissionToggleRow(
+      title = "Call Log",
+      subtitle = "callLog.search",
+      checked = enableCallLog,
+      granted = isPermissionGranted(context, Manifest.permission.READ_CALL_LOG),
+      onCheckedChange = onCallLogChange,
+    )
+    Text("All settings can be changed later in Settings.", style = onboardingCalloutStyle, color = onboardingTextSecondary)
   }
 }
 
@@ -1524,13 +1495,7 @@ private fun PermissionToggleRow(
       checked = checked,
       onCheckedChange = onCheckedChange,
       enabled = enabled,
-      colors =
-        SwitchDefaults.colors(
-          checkedTrackColor = onboardingAccent,
-          uncheckedTrackColor = onboardingBorderStrong,
-          checkedThumbColor = Color.White,
-          uncheckedThumbColor = Color.White,
-        ),
+      colors = onboardingSwitchColors(),
     )
   }
 }
@@ -1605,7 +1570,7 @@ private fun FinalStep(
       Surface(
         modifier = Modifier.fillMaxWidth(),
         shape = RoundedCornerShape(14.dp),
-        color = Color(0xFFEEF9F3),
+        color = onboardingSuccessSoft,
         border = androidx.compose.foundation.BorderStroke(1.dp, onboardingSuccess.copy(alpha = 0.2f)),
       ) {
         Row(
@@ -1641,7 +1606,7 @@ private fun FinalStep(
       Surface(
         modifier = Modifier.fillMaxWidth(),
         shape = RoundedCornerShape(14.dp),
-        color = Color(0xFFFFF8EC),
+        color = onboardingWarningSoft,
         border = androidx.compose.foundation.BorderStroke(1.dp, onboardingWarning.copy(alpha = 0.2f)),
       ) {
         Column(

apps/android/app/src/main/java/ai/openclaw/app/ui/OpenClawTheme.kt

@@ -5,6 +5,7 @@ import androidx.compose.material3.MaterialTheme
 import androidx.compose.material3.dynamicDarkColorScheme
 import androidx.compose.material3.dynamicLightColorScheme
 import androidx.compose.runtime.Composable
+import androidx.compose.runtime.CompositionLocalProvider
 import androidx.compose.ui.graphics.Color
 import androidx.compose.ui.platform.LocalContext
 
@@ -13,9 +14,12 @@ fun OpenClawTheme(content: @Composable () -> Unit) {
   val context = LocalContext.current
   val isDark = isSystemInDarkTheme()
   val colorScheme = if (isDark) dynamicDarkColorScheme(context) else dynamicLightColorScheme(context)
+  val mobileColors = if (isDark) darkMobileColors() else lightMobileColors()
 
+  CompositionLocalProvider(LocalMobileColors provides mobileColors) {
     MaterialTheme(colorScheme = colorScheme, content = content)
   }
+}
 
 @Composable
 fun overlayContainerColor(): Color {

apps/android/app/src/main/java/ai/openclaw/app/ui/PostOnboardingTabs.kt

@@ -159,28 +159,28 @@ private fun TopStatusBar(
           mobileSuccessSoft,
           mobileSuccess,
           mobileSuccess,
-          Color(0xFFCFEBD8),
+          LocalMobileColors.current.chipBorderConnected,
         )
       StatusVisual.Connecting ->
         listOf(
           mobileAccentSoft,
           mobileAccent,
           mobileAccent,
-          Color(0xFFD5E2FA),
+          LocalMobileColors.current.chipBorderConnecting,
         )
       StatusVisual.Warning ->
         listOf(
           mobileWarningSoft,
           mobileWarning,
           mobileWarning,
-          Color(0xFFEED8B8),
+          LocalMobileColors.current.chipBorderWarning,
         )
       StatusVisual.Error ->
         listOf(
           mobileDangerSoft,
           mobileDanger,
           mobileDanger,
-          Color(0xFFF3C8C8),
+          LocalMobileColors.current.chipBorderError,
         )
       StatusVisual.Offline ->
         listOf(
@@ -249,7 +249,7 @@ private fun BottomTabBar(
   ) {
     Surface(
       modifier = Modifier.fillMaxWidth(),
-      color = Color.White.copy(alpha = 0.97f),
+      color = mobileCardSurface.copy(alpha = 0.97f),
       shape = RoundedCornerShape(topStart = 24.dp, topEnd = 24.dp),
       border = BorderStroke(1.dp, mobileBorder),
       shadowElevation = 6.dp,
@@ -270,7 +270,7 @@ private fun BottomTabBar(
             modifier = Modifier.weight(1f).heightIn(min = 58.dp),
             shape = RoundedCornerShape(16.dp),
             color = if (active) mobileAccentSoft else Color.Transparent,
-            border = if (active) BorderStroke(1.dp, Color(0xFFD5E2FA)) else null,
+            border = if (active) BorderStroke(1.dp, LocalMobileColors.current.chipBorderConnecting) else null,
             shadowElevation = 0.dp,
           ) {
             Column(

apps/android/app/src/main/java/ai/openclaw/app/ui/SettingsSheet.kt

@@ -218,6 +218,18 @@ fun SettingsSheet(viewModel: MainViewModel) {
       calendarPermissionGranted = readOk && writeOk
     }
 
+  var callLogPermissionGranted by
+    remember {
+      mutableStateOf(
+        ContextCompat.checkSelfPermission(context, Manifest.permission.READ_CALL_LOG) ==
+          PackageManager.PERMISSION_GRANTED,
+      )
+    }
+  val callLogPermissionLauncher =
+    rememberLauncherForActivityResult(ActivityResultContracts.RequestPermission()) { granted ->
+      callLogPermissionGranted = granted
+    }
+
   var motionPermissionGranted by
     remember {
       mutableStateOf(
@@ -266,6 +278,9 @@ fun SettingsSheet(viewModel: MainViewModel) {
               PackageManager.PERMISSION_GRANTED &&
               ContextCompat.checkSelfPermission(context, Manifest.permission.WRITE_CALENDAR) ==
               PackageManager.PERMISSION_GRANTED
+          callLogPermissionGranted =
+            ContextCompat.checkSelfPermission(context, Manifest.permission.READ_CALL_LOG) ==
+              PackageManager.PERMISSION_GRANTED
           motionPermissionGranted =
             !motionPermissionRequired ||
               ContextCompat.checkSelfPermission(context, Manifest.permission.ACTIVITY_RECOGNITION) ==
@@ -601,6 +616,31 @@ fun SettingsSheet(viewModel: MainViewModel) {
               }
             },
           )
+          HorizontalDivider(color = mobileBorder)
+          ListItem(
+            modifier = Modifier.fillMaxWidth(),
+            colors = listItemColors,
+            headlineContent = { Text("Call Log", style = mobileHeadline) },
+            supportingContent = { Text("Search recent call history.", style = mobileCallout) },
+            trailingContent = {
+              Button(
+                onClick = {
+                  if (callLogPermissionGranted) {
+                    openAppSettings(context)
+                  } else {
+                    callLogPermissionLauncher.launch(Manifest.permission.READ_CALL_LOG)
+                  }
+                },
+                colors = settingsPrimaryButtonColors(),
+                shape = RoundedCornerShape(14.dp),
+              ) {
+                Text(
+                  if (callLogPermissionGranted) "Manage" else "Grant",
+                  style = mobileCallout.copy(fontWeight = FontWeight.Bold),
+                )
+              }
+            },
+          )
           if (motionAvailable) {
             HorizontalDivider(color = mobileBorder)
             ListItem(
@@ -736,11 +776,12 @@ private fun settingsTextFieldColors() =
     cursorColor = mobileAccent,
   )
 
+@Composable
 private fun Modifier.settingsRowModifier() =
   this
     .fillMaxWidth()
     .border(width = 1.dp, color = mobileBorder, shape = RoundedCornerShape(14.dp))
-    .background(Color.White, RoundedCornerShape(14.dp))
+    .background(mobileCardSurface, RoundedCornerShape(14.dp))
 
 @Composable
 private fun settingsPrimaryButtonColors() =

apps/android/app/src/main/java/ai/openclaw/app/ui/VoiceTabScreen.kt

@@ -363,7 +363,7 @@ private fun VoiceTurnBubble(entry: VoiceConversationEntry) {
     Surface(
       modifier = Modifier.fillMaxWidth(0.90f),
       shape = RoundedCornerShape(12.dp),
-      color = if (isUser) mobileAccentSoft else Color.White,
+      color = if (isUser) mobileAccentSoft else mobileCardSurface,
       border = BorderStroke(1.dp, if (isUser) mobileAccent else mobileBorderStrong),
     ) {
       Column(
@@ -391,7 +391,7 @@ private fun VoiceThinkingBubble() {
     Surface(
       modifier = Modifier.fillMaxWidth(0.68f),
       shape = RoundedCornerShape(12.dp),
-      color = Color.White,
+      color = mobileCardSurface,
       border = BorderStroke(1.dp, mobileBorderStrong),
     ) {
       Row(

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatComposer.kt

@@ -46,11 +46,13 @@ import androidx.compose.ui.text.style.TextOverflow
 import androidx.compose.ui.unit.dp
 import androidx.compose.ui.unit.sp
 import ai.openclaw.app.ui.mobileAccent
+import ai.openclaw.app.ui.mobileAccentBorderStrong
 import ai.openclaw.app.ui.mobileAccentSoft
 import ai.openclaw.app.ui.mobileBorder
 import ai.openclaw.app.ui.mobileBorderStrong
 import ai.openclaw.app.ui.mobileCallout
 import ai.openclaw.app.ui.mobileCaption1
+import ai.openclaw.app.ui.mobileCardSurface
 import ai.openclaw.app.ui.mobileHeadline
 import ai.openclaw.app.ui.mobileSurface
 import ai.openclaw.app.ui.mobileText
@@ -110,7 +112,7 @@ fun ChatComposer(
         Surface(
           onClick = { showThinkingMenu = true },
           shape = RoundedCornerShape(14.dp),
-          color = Color.White,
+          color = mobileCardSurface,
           border = BorderStroke(1.dp, mobileBorderStrong),
         ) {
           Row(
@@ -126,7 +128,15 @@ fun ChatComposer(
           }
         }
 
-        DropdownMenu(expanded = showThinkingMenu, onDismissRequest = { showThinkingMenu = false }) {
+        DropdownMenu(
+          expanded = showThinkingMenu,
+          onDismissRequest = { showThinkingMenu = false },
+          shape = RoundedCornerShape(16.dp),
+          containerColor = mobileCardSurface,
+          tonalElevation = 0.dp,
+          shadowElevation = 8.dp,
+          border = BorderStroke(1.dp, mobileBorder),
+        ) {
           ThinkingMenuItem("off", thinkingLevel, onSetThinkingLevel) { showThinkingMenu = false }
           ThinkingMenuItem("low", thinkingLevel, onSetThinkingLevel) { showThinkingMenu = false }
           ThinkingMenuItem("medium", thinkingLevel, onSetThinkingLevel) { showThinkingMenu = false }
@@ -177,7 +187,7 @@ fun ChatComposer(
             disabledContainerColor = mobileBorderStrong,
             disabledContentColor = mobileTextTertiary,
           ),
-        border = BorderStroke(1.dp, if (canSend) Color(0xFF154CAD) else mobileBorderStrong),
+        border = BorderStroke(1.dp, if (canSend) mobileAccentBorderStrong else mobileBorderStrong),
       ) {
         if (sendBusy) {
           CircularProgressIndicator(modifier = Modifier.size(16.dp), strokeWidth = 2.dp, color = Color.White)
@@ -211,9 +221,9 @@ private fun SecondaryActionButton(
     shape = RoundedCornerShape(14.dp),
     colors =
       ButtonDefaults.buttonColors(
-        containerColor = Color.White,
+        containerColor = mobileCardSurface,
         contentColor = mobileTextSecondary,
-        disabledContainerColor = Color.White,
+        disabledContainerColor = mobileCardSurface,
         disabledContentColor = mobileTextTertiary,
       ),
     border = BorderStroke(1.dp, mobileBorderStrong),
@@ -303,7 +313,7 @@ private fun AttachmentChip(fileName: String, onRemove: () -> Unit) {
       Surface(
         onClick = onRemove,
         shape = RoundedCornerShape(999.dp),
-        color = Color.White,
+        color = mobileCardSurface,
         border = BorderStroke(1.dp, mobileBorderStrong),
       ) {
         Text(

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMarkdown.kt

@@ -94,7 +94,7 @@ private val markdownParser: Parser by lazy {
 @Composable
 fun ChatMarkdown(text: String, textColor: Color) {
   val document = remember(text) { markdownParser.parse(text) as Document }
-  val inlineStyles = InlineStyles(inlineCodeBg = mobileCodeBg, inlineCodeColor = mobileCodeText)
+  val inlineStyles = InlineStyles(inlineCodeBg = mobileCodeBg, inlineCodeColor = mobileCodeText, linkColor = mobileAccent, baseCallout = mobileCallout)
 
   Column(verticalArrangement = Arrangement.spacedBy(10.dp)) {
     RenderMarkdownBlocks(
@@ -124,7 +124,7 @@ private fun RenderMarkdownBlocks(
         val headingText = remember(current) { buildInlineMarkdown(current.firstChild, inlineStyles) }
         Text(
           text = headingText,
-          style = headingStyle(current.level),
+          style = headingStyle(current.level, inlineStyles.baseCallout),
           color = textColor,
         )
       }
@@ -231,7 +231,7 @@ private fun RenderParagraph(
 
   Text(
     text = annotated,
-    style = mobileCallout,
+    style = inlineStyles.baseCallout,
     color = textColor,
   )
 }
@@ -315,7 +315,7 @@ private fun RenderListItem(
   ) {
     Text(
       text = marker,
-      style = mobileCallout.copy(fontWeight = FontWeight.SemiBold),
+      style = inlineStyles.baseCallout.copy(fontWeight = FontWeight.SemiBold),
       color = textColor,
       modifier = Modifier.width(24.dp),
     )
@@ -360,7 +360,7 @@ private fun RenderTableBlock(
           val cell = row.cells.getOrNull(index) ?: AnnotatedString("")
           Text(
             text = cell,
-            style = if (row.isHeader) mobileCaption1.copy(fontWeight = FontWeight.SemiBold) else mobileCallout,
+            style = if (row.isHeader) mobileCaption1.copy(fontWeight = FontWeight.SemiBold) else inlineStyles.baseCallout,
             color = textColor,
             modifier = Modifier
               .border(1.dp, mobileTextSecondary.copy(alpha = 0.22f))
@@ -417,6 +417,7 @@ private fun buildInlineMarkdown(start: Node?, inlineStyles: InlineStyles): Annot
       node = start,
       inlineCodeBg = inlineStyles.inlineCodeBg,
       inlineCodeColor = inlineStyles.inlineCodeColor,
+      linkColor = inlineStyles.linkColor,
     )
   }
 }
@@ -425,6 +426,7 @@ private fun AnnotatedString.Builder.appendInlineNode(
   node: Node?,
   inlineCodeBg: Color,
   inlineCodeColor: Color,
+  linkColor: Color,
 ) {
   var current = node
   while (current != null) {
@@ -445,27 +447,27 @@ private fun AnnotatedString.Builder.appendInlineNode(
       }
       is Emphasis -> {
         withStyle(SpanStyle(fontStyle = FontStyle.Italic)) {
-          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor)
+          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor, linkColor = linkColor)
         }
       }
       is StrongEmphasis -> {
         withStyle(SpanStyle(fontWeight = FontWeight.SemiBold)) {
-          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor)
+          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor, linkColor = linkColor)
         }
       }
       is Strikethrough -> {
         withStyle(SpanStyle(textDecoration = TextDecoration.LineThrough)) {
-          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor)
+          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor, linkColor = linkColor)
         }
       }
       is Link -> {
         withStyle(
           SpanStyle(
-            color = mobileAccent,
+            color = linkColor,
             textDecoration = TextDecoration.Underline,
           ),
         ) {
-          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor)
+          appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor, linkColor = linkColor)
         }
       }
       is MarkdownImage -> {
@@ -482,7 +484,7 @@ private fun AnnotatedString.Builder.appendInlineNode(
         }
       }
       else -> {
-        appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor)
+        appendInlineNode(current.firstChild, inlineCodeBg = inlineCodeBg, inlineCodeColor = inlineCodeColor, linkColor = linkColor)
       }
     }
     current = current.next
@@ -519,19 +521,21 @@ private fun parseDataImageDestination(destination: String?): ParsedDataImage? {
   return ParsedDataImage(mimeType = "image/$subtype", base64 = base64)
 }
 
-private fun headingStyle(level: Int): TextStyle {
+private fun headingStyle(level: Int, baseCallout: TextStyle): TextStyle {
   return when (level.coerceIn(1, 6)) {
-    1 -> mobileCallout.copy(fontSize = 22.sp, lineHeight = 28.sp, fontWeight = FontWeight.Bold)
-    2 -> mobileCallout.copy(fontSize = 20.sp, lineHeight = 26.sp, fontWeight = FontWeight.Bold)
-    3 -> mobileCallout.copy(fontSize = 18.sp, lineHeight = 24.sp, fontWeight = FontWeight.SemiBold)
-    4 -> mobileCallout.copy(fontSize = 16.sp, lineHeight = 22.sp, fontWeight = FontWeight.SemiBold)
-    else -> mobileCallout.copy(fontWeight = FontWeight.SemiBold)
+    1 -> baseCallout.copy(fontSize = 22.sp, lineHeight = 28.sp, fontWeight = FontWeight.Bold)
+    2 -> baseCallout.copy(fontSize = 20.sp, lineHeight = 26.sp, fontWeight = FontWeight.Bold)
+    3 -> baseCallout.copy(fontSize = 18.sp, lineHeight = 24.sp, fontWeight = FontWeight.SemiBold)
+    4 -> baseCallout.copy(fontSize = 16.sp, lineHeight = 22.sp, fontWeight = FontWeight.SemiBold)
+    else -> baseCallout.copy(fontWeight = FontWeight.SemiBold)
   }
 }
 
 private data class InlineStyles(
   val inlineCodeBg: Color,
   val inlineCodeColor: Color,
+  val linkColor: Color,
+  val baseCallout: TextStyle,
 )
 
 private data class TableRenderRow(

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMessageListCard.kt

@@ -19,6 +19,7 @@ import ai.openclaw.app.chat.ChatMessage
 import ai.openclaw.app.chat.ChatPendingToolCall
 import ai.openclaw.app.ui.mobileBorder
 import ai.openclaw.app.ui.mobileCallout
+import ai.openclaw.app.ui.mobileCardSurface
 import ai.openclaw.app.ui.mobileHeadline
 import ai.openclaw.app.ui.mobileText
 import ai.openclaw.app.ui.mobileTextSecondary
@@ -85,7 +86,7 @@ private fun EmptyChatHint(modifier: Modifier = Modifier, healthOk: Boolean) {
   Surface(
     modifier = modifier.fillMaxWidth(),
     shape = RoundedCornerShape(14.dp),
-    color = androidx.compose.ui.graphics.Color.White.copy(alpha = 0.9f),
+    color = mobileCardSurface.copy(alpha = 0.9f),
     border = androidx.compose.foundation.BorderStroke(1.dp, mobileBorder),
   ) {
     androidx.compose.foundation.layout.Column(

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatMessageViews.kt

@@ -36,7 +36,9 @@ import ai.openclaw.app.ui.mobileBorderStrong
 import ai.openclaw.app.ui.mobileCallout
 import ai.openclaw.app.ui.mobileCaption1
 import ai.openclaw.app.ui.mobileCaption2
+import ai.openclaw.app.ui.mobileCardSurface
 import ai.openclaw.app.ui.mobileCodeBg
+import ai.openclaw.app.ui.mobileCodeBorder
 import ai.openclaw.app.ui.mobileCodeText
 import ai.openclaw.app.ui.mobileHeadline
 import ai.openclaw.app.ui.mobileText
@@ -194,6 +196,7 @@ fun ChatStreamingAssistantBubble(text: String) {
   }
 }
 
+@Composable
 private fun bubbleStyle(role: String): ChatBubbleStyle {
   return when (role) {
     "user" ->
@@ -215,7 +218,7 @@ private fun bubbleStyle(role: String): ChatBubbleStyle {
     else ->
       ChatBubbleStyle(
         alignEnd = false,
-        containerColor = Color.White,
+        containerColor = mobileCardSurface,
         borderColor = mobileBorderStrong,
         roleColor = mobileTextSecondary,
       )
@@ -239,7 +242,7 @@ private fun ChatBase64Image(base64: String, mimeType: String?) {
     Surface(
       shape = RoundedCornerShape(10.dp),
       border = BorderStroke(1.dp, mobileBorder),
-      color = Color.White,
+      color = mobileCardSurface,
       modifier = Modifier.fillMaxWidth(),
     ) {
       Image(
@@ -277,7 +280,7 @@ fun ChatCodeBlock(code: String, language: String?) {
   Surface(
     shape = RoundedCornerShape(8.dp),
     color = mobileCodeBg,
-    border = BorderStroke(1.dp, Color(0xFF2B2E35)),
+    border = BorderStroke(1.dp, mobileCodeBorder),
     modifier = Modifier.fillMaxWidth(),
   ) {
     Column(modifier = Modifier.padding(horizontal = 10.dp, vertical = 8.dp), verticalArrangement = Arrangement.spacedBy(4.dp)) {

apps/android/app/src/main/java/ai/openclaw/app/ui/chat/ChatSheetContent.kt

@@ -36,12 +36,15 @@ import ai.openclaw.app.MainViewModel
 import ai.openclaw.app.chat.ChatSessionEntry
 import ai.openclaw.app.chat.OutgoingAttachment
 import ai.openclaw.app.ui.mobileAccent
+import ai.openclaw.app.ui.mobileAccentBorderStrong
 import ai.openclaw.app.ui.mobileBorder
 import ai.openclaw.app.ui.mobileBorderStrong
 import ai.openclaw.app.ui.mobileCallout
+import ai.openclaw.app.ui.mobileCardSurface
 import ai.openclaw.app.ui.mobileCaption1
 import ai.openclaw.app.ui.mobileCaption2
 import ai.openclaw.app.ui.mobileDanger
+import ai.openclaw.app.ui.mobileDangerSoft
 import ai.openclaw.app.ui.mobileText
 import ai.openclaw.app.ui.mobileTextSecondary
 import java.io.ByteArrayOutputStream
@@ -168,8 +171,8 @@ private fun ChatThreadSelector(
       Surface(
         onClick = { onSelectSession(entry.key) },
         shape = RoundedCornerShape(14.dp),
-        color = if (active) mobileAccent else Color.White,
-        border = BorderStroke(1.dp, if (active) Color(0xFF154CAD) else mobileBorderStrong),
+        color = if (active) mobileAccent else mobileCardSurface,
+        border = BorderStroke(1.dp, if (active) mobileAccentBorderStrong else mobileBorderStrong),
         tonalElevation = 0.dp,
         shadowElevation = 0.dp,
       ) {
@@ -190,7 +193,7 @@ private fun ChatThreadSelector(
 private fun ChatErrorRail(errorText: String) {
   Surface(
     modifier = Modifier.fillMaxWidth(),
-    color = androidx.compose.ui.graphics.Color.White,
+    color = mobileDangerSoft,
     shape = RoundedCornerShape(12.dp),
     border = androidx.compose.foundation.BorderStroke(1.dp, mobileDanger),
   ) {

apps/android/app/src/main/res/values-night/themes.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <style name="Theme.OpenClawNode" parent="Theme.Material3.DayNight.NoActionBar">
+        <item name="android:statusBarColor">@android:color/transparent</item>
+        <item name="android:navigationBarColor">@android:color/transparent</item>
+        <item name="android:windowLightStatusBar">false</item>
+    </style>
+</resources>

apps/android/app/src/test/java/ai/openclaw/app/node/CallLogHandlerTest.kt

@@ -0,0 +1,193 @@
+package ai.openclaw.app.node
+
+import android.content.Context
+import kotlinx.serialization.json.Json
+import kotlinx.serialization.json.jsonArray
+import kotlinx.serialization.json.jsonObject
+import kotlinx.serialization.json.jsonPrimitive
+import org.junit.Assert.assertEquals
+import org.junit.Assert.assertFalse
+import org.junit.Assert.assertTrue
+import org.junit.Test
+
+class CallLogHandlerTest : NodeHandlerRobolectricTest() {
+  @Test
+  fun handleCallLogSearch_requiresPermission() {
+    val handler = CallLogHandler.forTesting(appContext(), FakeCallLogDataSource(canRead = false))
+
+    val result = handler.handleCallLogSearch(null)
+
+    assertFalse(result.ok)
+    assertEquals("CALL_LOG_PERMISSION_REQUIRED", result.error?.code)
+  }
+
+  @Test
+  fun handleCallLogSearch_rejectsInvalidJson() {
+    val handler = CallLogHandler.forTesting(appContext(), FakeCallLogDataSource(canRead = true))
+
+    val result = handler.handleCallLogSearch("invalid json")
+
+    assertFalse(result.ok)
+    assertEquals("INVALID_REQUEST", result.error?.code)
+  }
+
+  @Test
+  fun handleCallLogSearch_returnsCallLogs() {
+    val callLog =
+      CallLogRecord(
+        number = "+123456",
+        cachedName = "lixuankai",
+        date = 1709280000000L,
+        duration = 60L,
+        type = 1,
+      )
+    val handler =
+      CallLogHandler.forTesting(
+        appContext(),
+        FakeCallLogDataSource(canRead = true, searchResults = listOf(callLog)),
+      )
+
+    val result = handler.handleCallLogSearch("""{"limit":1}""")
+
+    assertTrue(result.ok)
+    val payload = Json.parseToJsonElement(result.payloadJson ?: error("missing payload")).jsonObject
+    val callLogs = payload.getValue("callLogs").jsonArray
+    assertEquals(1, callLogs.size)
+    assertEquals("+123456", callLogs.first().jsonObject.getValue("number").jsonPrimitive.content)
+    assertEquals("lixuankai", callLogs.first().jsonObject.getValue("cachedName").jsonPrimitive.content)
+    assertEquals(1709280000000L, callLogs.first().jsonObject.getValue("date").jsonPrimitive.content.toLong())
+    assertEquals(60L, callLogs.first().jsonObject.getValue("duration").jsonPrimitive.content.toLong())
+    assertEquals(1, callLogs.first().jsonObject.getValue("type").jsonPrimitive.content.toInt())
+  }
+
+  @Test
+  fun handleCallLogSearch_withFilters() {
+    val callLog =
+      CallLogRecord(
+        number = "+123456",
+        cachedName = "lixuankai",
+        date = 1709280000000L,
+        duration = 120L,
+        type = 2,
+      )
+    val handler =
+      CallLogHandler.forTesting(
+        appContext(),
+        FakeCallLogDataSource(canRead = true, searchResults = listOf(callLog)),
+      )
+
+    val result = handler.handleCallLogSearch(
+        """{"number":"123456","cachedName":"lixuankai","dateStart":1709270000000,"dateEnd":1709290000000,"duration":120,"type":2}"""
+    )
+
+    assertTrue(result.ok)
+    val payload = Json.parseToJsonElement(result.payloadJson ?: error("missing payload")).jsonObject
+    val callLogs = payload.getValue("callLogs").jsonArray
+    assertEquals(1, callLogs.size)
+    assertEquals("lixuankai", callLogs.first().jsonObject.getValue("cachedName").jsonPrimitive.content)
+  }
+
+  @Test
+  fun handleCallLogSearch_withPagination() {
+    val callLogs =
+      listOf(
+        CallLogRecord(
+          number = "+123456",
+          cachedName = "lixuankai",
+          date = 1709280000000L,
+          duration = 60L,
+          type = 1,
+        ),
+        CallLogRecord(
+          number = "+654321",
+          cachedName = "lixuankai2",
+          date = 1709280001000L,
+          duration = 120L,
+          type = 2,
+        ),
+      )
+    val handler =
+      CallLogHandler.forTesting(
+        appContext(),
+        FakeCallLogDataSource(canRead = true, searchResults = callLogs),
+      )
+
+    val result = handler.handleCallLogSearch("""{"limit":1,"offset":1}""")
+
+    assertTrue(result.ok)
+    val payload = Json.parseToJsonElement(result.payloadJson ?: error("missing payload")).jsonObject
+    val callLogsResult = payload.getValue("callLogs").jsonArray
+    assertEquals(1, callLogsResult.size)
+    assertEquals("lixuankai2", callLogsResult.first().jsonObject.getValue("cachedName").jsonPrimitive.content)
+  }
+
+  @Test
+  fun handleCallLogSearch_withDefaultParams() {
+    val callLog =
+      CallLogRecord(
+        number = "+123456",
+        cachedName = "lixuankai",
+        date = 1709280000000L,
+        duration = 60L,
+        type = 1,
+      )
+    val handler =
+      CallLogHandler.forTesting(
+        appContext(),
+        FakeCallLogDataSource(canRead = true, searchResults = listOf(callLog)),
+      )
+
+    val result = handler.handleCallLogSearch(null)
+
+    assertTrue(result.ok)
+    val payload = Json.parseToJsonElement(result.payloadJson ?: error("missing payload")).jsonObject
+    val callLogs = payload.getValue("callLogs").jsonArray
+    assertEquals(1, callLogs.size)
+    assertEquals("+123456", callLogs.first().jsonObject.getValue("number").jsonPrimitive.content)
+  }
+
+  @Test
+  fun handleCallLogSearch_withNullFields() {
+    val callLog =
+      CallLogRecord(
+        number = null,
+        cachedName = null,
+        date = 1709280000000L,
+        duration = 60L,
+        type = 1,
+      )
+    val handler =
+      CallLogHandler.forTesting(
+        appContext(),
+        FakeCallLogDataSource(canRead = true, searchResults = listOf(callLog)),
+      )
+
+    val result = handler.handleCallLogSearch("""{"limit":1}""")
+
+    assertTrue(result.ok)
+    val payload = Json.parseToJsonElement(result.payloadJson ?: error("missing payload")).jsonObject
+    val callLogs = payload.getValue("callLogs").jsonArray
+    assertEquals(1, callLogs.size)
+    // Verify null values are properly serialized
+    val callLogObj = callLogs.first().jsonObject
+    assertTrue(callLogObj.containsKey("number"))
+    assertTrue(callLogObj.containsKey("cachedName"))
+  }
+}
+
+private class FakeCallLogDataSource(
+  private val canRead: Boolean,
+  private val searchResults: List<CallLogRecord> = emptyList(),
+) : CallLogDataSource {
+  override fun hasReadPermission(context: Context): Boolean = canRead
+
+  override fun search(context: Context, request: CallLogSearchRequest): List<CallLogRecord> {
+    val startIndex = request.offset.coerceAtLeast(0)
+    val endIndex = (startIndex + request.limit).coerceAtMost(searchResults.size)
+    return if (startIndex < searchResults.size) {
+      searchResults.subList(startIndex, endIndex)
+    } else {
+      emptyList()
+    }
+  }
+}

apps/android/app/src/test/java/ai/openclaw/app/node/DeviceHandlerTest.kt

@@ -93,6 +93,7 @@ class DeviceHandlerTest {
         "photos",
         "contacts",
         "calendar",
+        "callLog",
         "motion",
       )
     for (key in expected) {

apps/android/app/src/test/java/ai/openclaw/app/node/InvokeCommandRegistryTest.kt

@@ -2,6 +2,7 @@ package ai.openclaw.app.node
 
 import ai.openclaw.app.protocol.OpenClawCalendarCommand
 import ai.openclaw.app.protocol.OpenClawCameraCommand
+import ai.openclaw.app.protocol.OpenClawCallLogCommand
 import ai.openclaw.app.protocol.OpenClawCapability
 import ai.openclaw.app.protocol.OpenClawContactsCommand
 import ai.openclaw.app.protocol.OpenClawDeviceCommand
@@ -25,6 +26,7 @@ class InvokeCommandRegistryTest {
       OpenClawCapability.Photos.rawValue,
       OpenClawCapability.Contacts.rawValue,
       OpenClawCapability.Calendar.rawValue,
+      OpenClawCapability.CallLog.rawValue,
     )
 
   private val optionalCapabilities =
@@ -50,6 +52,7 @@ class InvokeCommandRegistryTest {
       OpenClawContactsCommand.Add.rawValue,
       OpenClawCalendarCommand.Events.rawValue,
       OpenClawCalendarCommand.Add.rawValue,
+      OpenClawCallLogCommand.Search.rawValue,
     )
 
   private val optionalCommands =

apps/android/app/src/test/java/ai/openclaw/app/protocol/OpenClawProtocolConstantsTest.kt

@@ -34,6 +34,7 @@ class OpenClawProtocolConstantsTest {
     assertEquals("contacts", OpenClawCapability.Contacts.rawValue)
     assertEquals("calendar", OpenClawCapability.Calendar.rawValue)
     assertEquals("motion", OpenClawCapability.Motion.rawValue)
+    assertEquals("callLog", OpenClawCapability.CallLog.rawValue)
   }
 
   @Test
@@ -84,4 +85,9 @@ class OpenClawProtocolConstantsTest {
     assertEquals("motion.activity", OpenClawMotionCommand.Activity.rawValue)
     assertEquals("motion.pedometer", OpenClawMotionCommand.Pedometer.rawValue)
   }
+
+  @Test
+  fun callLogCommandsUseStableStrings() {
+    assertEquals("callLog.search", OpenClawCallLogCommand.Search.rawValue)
+  }
 }

apps/macos/Sources/OpenClaw/CanvasA2UIActionMessageHandler.swift

@@ -18,13 +18,10 @@ final class CanvasA2UIActionMessageHandler: NSObject, WKScriptMessageHandler {
     func userContentController(_: WKUserContentController, didReceive message: WKScriptMessage) {
         guard Self.allMessageNames.contains(message.name) else { return }
 
-        // Only accept actions from local Canvas content (not arbitrary web pages).
+        // Only accept actions from the in-app canvas scheme. Local-network HTTP
+        // pages are regular web content and must not get direct agent dispatch.
         guard let webView = message.webView, let url = webView.url else { return }
-        if let scheme = url.scheme, CanvasScheme.allSchemes.contains(scheme) {
-            // ok
-        } else if Self.isLocalNetworkCanvasURL(url) {
-            // ok
-        } else {
+        guard let scheme = url.scheme, CanvasScheme.allSchemes.contains(scheme) else {
             return
         }
 
@@ -107,10 +104,5 @@ final class CanvasA2UIActionMessageHandler: NSObject, WKScriptMessageHandler {
             }
         }
     }
-
-    static func isLocalNetworkCanvasURL(_ url: URL) -> Bool {
-        LocalNetworkURLSupport.isLocalNetworkHTTPURL(url)
-    }
-
     // Formatting helpers live in OpenClawKit (`OpenClawCanvasA2UIAction`).
 }

apps/macos/Sources/OpenClaw/CanvasWindowController.swift

@@ -50,21 +50,24 @@ final class CanvasWindowController: NSWindowController, WKNavigationDelegate, NS
 
         // Bridge A2UI "a2uiaction" DOM events back into the native agent loop.
         //
-        // Prefer WKScriptMessageHandler when WebKit exposes it, otherwise fall back to an unattended deep link
-        // (includes the app-generated key so it won't prompt).
+        // Keep the bridge on the trusted in-app canvas scheme only, and do not
+        // expose unattended deep-link credentials to page JavaScript.
         canvasWindowLogger.debug("CanvasWindowController init building A2UI bridge script")
-        let deepLinkKey = DeepLinkHandler.currentCanvasKey()
         let injectedSessionKey = sessionKey.trimmingCharacters(in: .whitespacesAndNewlines).nonEmpty ?? "main"
+        let allowedSchemesJSON = (
+            try? String(
+                data: JSONSerialization.data(withJSONObject: CanvasScheme.allSchemes),
+                encoding: .utf8)
+        ) ?? "[]"
         let bridgeScript = """
         (() => {
           try {
-            const allowedSchemes = \(String(describing: CanvasScheme.allSchemes));
+            const allowedSchemes = \(allowedSchemesJSON);
             const protocol = location.protocol.replace(':', '');
             if (!allowedSchemes.includes(protocol)) return;
             if (globalThis.__openclawA2UIBridgeInstalled) return;
             globalThis.__openclawA2UIBridgeInstalled = true;
 
-            const deepLinkKey = \(Self.jsStringLiteral(deepLinkKey));
             const sessionKey = \(Self.jsStringLiteral(injectedSessionKey));
             const machineName = \(Self.jsStringLiteral(InstanceIdentity.displayName));
             const instanceId = \(Self.jsStringLiteral(InstanceIdentity.instanceId));
@@ -104,24 +107,8 @@ final class CanvasWindowController: NSWindowController, WKNavigationDelegate, NS
                   return;
                 }
 
-                const ctx = userAction.context ? (' ctx=' + JSON.stringify(userAction.context)) : '';
-                const message =
-                  'CANVAS_A2UI action=' + userAction.name +
-                  ' session=' + sessionKey +
-                  ' surface=' + userAction.surfaceId +
-                  ' component=' + (userAction.sourceComponentId || '-') +
-                  ' host=' + machineName.replace(/\\s+/g, '_') +
-                  ' instance=' + instanceId +
-                  ctx +
-                  ' default=update_canvas';
-                const params = new URLSearchParams();
-                params.set('message', message);
-                params.set('sessionKey', sessionKey);
-                params.set('thinking', 'low');
-                params.set('deliver', 'false');
-                params.set('channel', 'last');
-                params.set('key', deepLinkKey);
-                location.href = 'openclaw://agent?' + params.toString();
+                // Without the native handler, fail closed instead of exposing an
+                // unattended deep-link credential to page JavaScript.
               } catch {}
             }, true);
           } catch {}

docs/.generated/README.md

@@ -0,0 +1,8 @@
+# Generated Docs Artifacts
+
+These baseline artifacts are generated from the repo-owned OpenClaw config schema and bundled channel/plugin metadata.
+
+- Do not edit `config-baseline.json` by hand.
+- Do not edit `config-baseline.jsonl` by hand.
+- Regenerate it with `pnpm config:docs:gen`.
+- Validate it in CI or locally with `pnpm config:docs:check`.

docs/concepts/model-providers.md

@@ -186,20 +186,15 @@ Moonshot uses OpenAI-compatible endpoints, so configure it as a custom provider:
 
 Kimi K2 model IDs:
 
-<!-- markdownlint-disable MD037 -->
-
-{/_ moonshot-kimi-k2-model-refs:start _/ && null}
-
-<!-- markdownlint-enable MD037 -->
+[//]: # "moonshot-kimi-k2-model-refs:start"
 
 - `moonshot/kimi-k2.5`
 - `moonshot/kimi-k2-0905-preview`
 - `moonshot/kimi-k2-turbo-preview`
 - `moonshot/kimi-k2-thinking`
 - `moonshot/kimi-k2-thinking-turbo`
-  <!-- markdownlint-disable MD037 -->
-  {/_ moonshot-kimi-k2-model-refs:end _/ && null}
-  <!-- markdownlint-enable MD037 -->
+
+[//]: # "moonshot-kimi-k2-model-refs:end"
 
 ```json5
 {

docs/docs.json

@@ -1242,7 +1242,6 @@
                 "group": "Security",
                 "pages": [
                   "security/formal-verification",
-                  "security/README",
                   "security/THREAT-MODEL-ATLAS",
                   "security/CONTRIBUTING-THREAT-MODEL"
                 ]
@@ -1598,7 +1597,6 @@
                   "zh-CN/tools/apply-patch",
                   "zh-CN/brave-search",
                   "zh-CN/perplexity",
-                  "zh-CN/tools/diffs",
                   "zh-CN/tools/elevated",
                   "zh-CN/tools/exec",
                   "zh-CN/tools/exec-approvals",

docs/gateway/configuration-reference.md

@@ -975,6 +975,7 @@ Periodic heartbeat runs.
         model: "openai/gpt-5.2-mini",
         includeReasoning: false,
         lightContext: false, // default: false; true keeps only HEARTBEAT.md from workspace bootstrap files
+        isolatedSession: false, // default: false; true runs each heartbeat in a fresh session (no conversation history)
         session: "main",
         to: "+15555550123",
         directPolicy: "allow", // allow (default) | block
@@ -992,6 +993,7 @@ Periodic heartbeat runs.
 - `suppressToolErrorWarnings`: when true, suppresses tool error warning payloads during heartbeat runs.
 - `directPolicy`: direct/DM delivery policy. `allow` (default) permits direct-target delivery. `block` suppresses direct-target delivery and emits `reason=dm-blocked`.
 - `lightContext`: when true, heartbeat runs use lightweight bootstrap context and keep only `HEARTBEAT.md` from workspace bootstrap files.
+- `isolatedSession`: when true, each heartbeat runs in a fresh session with no prior conversation history. Same isolation pattern as cron `sessionTarget: "isolated"`. Reduces per-heartbeat token cost from ~100K to ~2-5K tokens.
 - Per-agent: set `agents.list[].heartbeat`. When any agent defines `heartbeat`, **only those agents** run heartbeats.
 - Heartbeats run full agent turns — shorter intervals burn more tokens.
 

docs/gateway/heartbeat.md

@@ -22,7 +22,8 @@ Troubleshooting: [/automation/troubleshooting](/automation/troubleshooting)
 3. Decide where heartbeat messages should go (`target: "none"` is the default; set `target: "last"` to route to the last contact).
 4. Optional: enable heartbeat reasoning delivery for transparency.
 5. Optional: use lightweight bootstrap context if heartbeat runs only need `HEARTBEAT.md`.
-6. Optional: restrict heartbeats to active hours (local time).
+6. Optional: enable isolated sessions to avoid sending full conversation history each heartbeat.
+7. Optional: restrict heartbeats to active hours (local time).
 
 Example config:
 
@@ -35,6 +36,7 @@ Example config:
         target: "last", // explicit delivery to last contact (default is "none")
         directPolicy: "allow", // default: allow direct/DM targets; set "block" to suppress
         lightContext: true, // optional: only inject HEARTBEAT.md from bootstrap files
+        isolatedSession: true, // optional: fresh session each run (no conversation history)
         // activeHours: { start: "08:00", end: "24:00" },
         // includeReasoning: true, // optional: send separate `Reasoning:` message too
       },
@@ -91,6 +93,7 @@ and logged; a message that is only `HEARTBEAT_OK` is dropped.
         model: "anthropic/claude-opus-4-6",
         includeReasoning: false, // default: false (deliver separate Reasoning: message when available)
         lightContext: false, // default: false; true keeps only HEARTBEAT.md from workspace bootstrap files
+        isolatedSession: false, // default: false; true runs each heartbeat in a fresh session (no conversation history)
         target: "last", // default: none | options: last | none | <channel id> (core or plugin, e.g. "bluebubbles")
         to: "+15551234567", // optional channel-specific override
         accountId: "ops-bot", // optional multi-account channel id
@@ -212,6 +215,7 @@ Use `accountId` to target a specific account on multi-account channels like Tele
 - `model`: optional model override for heartbeat runs (`provider/model`).
 - `includeReasoning`: when enabled, also deliver the separate `Reasoning:` message when available (same shape as `/reasoning on`).
 - `lightContext`: when true, heartbeat runs use lightweight bootstrap context and keep only `HEARTBEAT.md` from workspace bootstrap files.
+- `isolatedSession`: when true, each heartbeat runs in a fresh session with no prior conversation history. Uses the same isolation pattern as cron `sessionTarget: "isolated"`. Dramatically reduces per-heartbeat token cost. Combine with `lightContext: true` for maximum savings. Delivery routing still uses the main session context.
 - `session`: optional session key for heartbeat runs.
   - `main` (default): agent main session.
   - Explicit session key (copy from `openclaw sessions --json` or the [sessions CLI](/cli/sessions)).
@@ -380,6 +384,10 @@ off in group chats.
 
 ## Cost awareness
 
-Heartbeats run full agent turns. Shorter intervals burn more tokens. Keep
-`HEARTBEAT.md` small and consider a cheaper `model` or `target: "none"` if you
-only want internal state updates.
+Heartbeats run full agent turns. Shorter intervals burn more tokens. To reduce cost:
+
+- Use `isolatedSession: true` to avoid sending full conversation history (~100K tokens down to ~2-5K per run).
+- Use `lightContext: true` to limit bootstrap files to just `HEARTBEAT.md`.
+- Set a cheaper `model` (e.g. `ollama/llama3.2:1b`).
+- Keep `HEARTBEAT.md` small.
+- Use `target: "none"` if you only want internal state updates.

docs/gateway/troubleshooting.md

@@ -289,7 +289,7 @@ Look for:
 
 - Valid browser executable path.
 - CDP profile reachability.
-- Extension relay tab attachment for `profile="chrome-relay"`.
+- Extension relay tab attachment (if an extension relay profile is configured).
 
 Common signatures:
 

docs/nodes/index.md

@@ -285,6 +285,7 @@ Available families:
 - `photos.latest`
 - `contacts.search`, `contacts.add`
 - `calendar.events`, `calendar.add`
+- `callLog.search`
 - `motion.activity`, `motion.pedometer`
 
 Example invokes:

docs/perplexity.md

@@ -16,7 +16,7 @@ If you use `OPENROUTER_API_KEY`, an `sk-or-...` key in `tools.web.search.perplex
 
 ## Getting a Perplexity API key
 
-1. Create a Perplexity account at <https://www.perplexity.ai/settings/api>
+1. Create a Perplexity account at [perplexity.ai/settings/api](https://www.perplexity.ai/settings/api)
 2. Generate an API key in the dashboard
 3. Store the key in config or set `PERPLEXITY_API_KEY` in the Gateway environment.
 

docs/platforms/android.md

@@ -163,4 +163,5 @@ See [Camera node](/nodes/camera) for parameters and CLI helpers.
   - `photos.latest`
   - `contacts.search`, `contacts.add`
   - `calendar.events`, `calendar.add`
+  - `callLog.search`
   - `motion.activity`, `motion.pedometer`

docs/providers/moonshot.md

@@ -15,20 +15,15 @@ Kimi Coding with `kimi-coding/k2p5`.
 
 Current Kimi K2 model IDs:
 
-<!-- markdownlint-disable MD037 -->
-
-{/_ moonshot-kimi-k2-ids:start _/ && null}
-
-<!-- markdownlint-enable MD037 -->
+[//]: # "moonshot-kimi-k2-ids:start"
 
 - `kimi-k2.5`
 - `kimi-k2-0905-preview`
 - `kimi-k2-turbo-preview`
 - `kimi-k2-thinking`
 - `kimi-k2-thinking-turbo`
-  <!-- markdownlint-disable MD037 -->
-  {/_ moonshot-kimi-k2-ids:end _/ && null}
-  <!-- markdownlint-enable MD037 -->
+
+[//]: # "moonshot-kimi-k2-ids:end"
 
 ```bash
 openclaw onboard --auth-choice moonshot-api-key

docs/reference/RELEASING.md

@@ -29,6 +29,10 @@ Current OpenClaw releases use date-based versioning.
 - Beta prerelease version: `YYYY.M.D-beta.N`
   - Git tag: `vYYYY.M.D-beta.N`
   - Examples from repo history: `v2026.2.15-beta.1`, `v2026.3.8-beta.1`
+- Fallback correction tag: `vYYYY.M.D-N`
+  - Use only as a last-resort recovery tag when a published immutable release burned the original stable tag and you cannot reuse it.
+  - The npm package version stays `YYYY.M.D`; the `-N` suffix is only for the git tag and GitHub release.
+  - Prefer betas for normal pre-release iteration, then cut a clean stable tag once ready.
 - Use the same version string everywhere, minus the leading `v` where Git tags are not used:
   - `package.json`: `2026.3.8`
   - Git tag: `v2026.3.8`
@@ -38,12 +42,12 @@ Current OpenClaw releases use date-based versioning.
   - `latest` = stable
   - `beta` = prerelease/testing
 - Dev is the moving head of `main`, not a normal git-tagged release.
-- The tag-triggered preview run enforces the current stable/beta tag formats and rejects versions whose CalVer date is more than 2 UTC calendar days away from the release date.
+- The tag-triggered preview run accepts stable, beta, and fallback correction tags, and rejects versions whose CalVer date is more than 2 UTC calendar days away from the release date.
 
 Historical note:
 
 - Older tags such as `v2026.1.11-1`, `v2026.2.6-3`, and `v2.0.0-beta2` exist in repo history.
-- Treat those as legacy tag patterns. New releases should use `vYYYY.M.D` for stable and `vYYYY.M.D-beta.N` for beta.
+- Treat correction tags as a fallback-only escape hatch. New releases should still use `vYYYY.M.D` for stable and `vYYYY.M.D-beta.N` for beta.
 
 1. **Version & metadata**
 
@@ -72,6 +76,7 @@ Historical note:
 - [ ] `pnpm check`
 - [ ] `pnpm test` (or `pnpm test:coverage` if you need coverage output)
 - [ ] `pnpm release:check` (verifies npm pack contents)
+- [ ] If `pnpm config:docs:check` fails as part of release validation and the config-surface change is intentional, run `pnpm config:docs:gen`, review `docs/.generated/config-baseline.json` and `docs/.generated/config-baseline.jsonl`, commit the updated baselines, then rerun `pnpm release:check`.
 - [ ] `OPENCLAW_INSTALL_SMOKE_SKIP_NONROOT=1 pnpm test:install:smoke` (Docker install smoke test, fast path; required before release)
   - If the immediate previous npm release is known broken, set `OPENCLAW_INSTALL_SMOKE_PREVIOUS=<last-good-version>` or `OPENCLAW_INSTALL_SMOKE_SKIP_PREVIOUS=1` for the preinstall step.
 - [ ] (Optional) Full installer smoke (adds non-root + CLI coverage): `pnpm test:install:smoke`
@@ -99,7 +104,9 @@ Historical note:
 - [ ] Run `OpenClaw NPM Release` manually with the same tag to publish after `npm-release` environment approval.
   - Stable tags publish to npm `latest`.
   - Beta tags publish to npm `beta`.
-  - Both the preview run and the manual publish run reject tags that do not match `package.json`, are not on `main`, or whose CalVer date is more than 2 UTC calendar days away from the release date.
+  - Fallback correction tags like `v2026.3.13-1` map to npm version `2026.3.13`.
+  - Both the preview run and the manual publish run reject tags that do not map back to `package.json`, are not on `main`, or whose CalVer date is more than 2 UTC calendar days away from the release date.
+  - If `openclaw@YYYY.M.D` is already published, a fallback correction tag is still useful for GitHub release and Docker recovery, but npm publish will not republish that version.
 - [ ] Verify the registry: `npm view openclaw version`, `npm view openclaw dist-tags`, and `npx -y openclaw@X.Y.Z --version` (or `--help`).
 
 ### Troubleshooting (notes from 2.0.0-beta2 release)
@@ -109,8 +116,9 @@ Historical note:
   - `NPM_CONFIG_AUTH_TYPE=legacy npm dist-tag add openclaw@X.Y.Z latest`
 - **`npx` verification fails with `ECOMPROMISED: Lock compromised`**: retry with a fresh cache:
   - `NPM_CONFIG_CACHE=/tmp/npm-cache-$(date +%s) npx -y openclaw@X.Y.Z --version`
-- **Tag needs repointing after a late fix**: force-update and push the tag, then ensure the GitHub release assets still match:
-  - `git tag -f vX.Y.Z && git push -f origin vX.Y.Z`
+- **Tag needs recovery after a late fix**: if the original stable tag is tied to an immutable GitHub release, mint a fallback correction tag like `vX.Y.Z-1` instead of trying to force-update `vX.Y.Z`.
+  - Keep the npm package version at `X.Y.Z`; the correction suffix is for the git tag and GitHub release only.
+  - Use this only as a last resort. For normal iteration, prefer beta tags and then cut a clean stable release.
 
 7. **GitHub release + appcast**
 

docs/security/README.md

@@ -1,17 +0,0 @@
-# OpenClaw Security & Trust
-
-**Live:** [trust.openclaw.ai](https://trust.openclaw.ai)
-
-## Documents
-
-- [Threat Model](/security/THREAT-MODEL-ATLAS) - MITRE ATLAS-based threat model for the OpenClaw ecosystem
-- [Contributing to the Threat Model](/security/CONTRIBUTING-THREAT-MODEL) - How to add threats, mitigations, and attack chains
-
-## Reporting Vulnerabilities
-
-See the [Trust page](https://trust.openclaw.ai) for full reporting instructions covering all repos.
-
-## Contact
-
-- **Jamieson O'Reilly** ([@theonejvo](https://twitter.com/theonejvo)) - Security & Trust
-- Discord: #security channel

docs/tools/browser-linux-troubleshooting.md

@@ -25,7 +25,7 @@ Note, selecting 'chromium-browser' instead of 'chromium'
 chromium-browser is already the newest version (2:1snap1-0ubuntu2).
 ```
 
-This is NOT a real browser — it's just a wrapper.
+This is NOT a real browser - it's just a wrapper.
 
 ### Solution 1: Install Google Chrome (Recommended)
 
@@ -123,7 +123,7 @@ curl -s http://127.0.0.1:18791/tabs
 
 ### Problem: "Chrome extension relay is running, but no tab is connected"
 
-You’re using the `chrome-relay` profile (extension relay). It expects the OpenClaw
+You're using an extension relay profile. It expects the OpenClaw
 browser extension to be attached to a live tab.
 
 Fix options:

docs/tools/chrome-extension.md

@@ -62,19 +62,14 @@ After upgrading OpenClaw:
 
 ## Use it (set gateway token once)
 
-OpenClaw ships with a built-in browser profile named `chrome-relay` that targets the extension relay on the default port.
+To use the extension relay, create a browser profile for it:
 
 Before first attach, open extension Options and set:
 
 - `Port` (default `18792`)
 - `Gateway token` (must match `gateway.auth.token` / `OPENCLAW_GATEWAY_TOKEN`)
 
-Use it:
-
-- CLI: `openclaw browser --browser-profile chrome-relay tabs`
-- Agent tool: `browser` with `profile="chrome-relay"`
-
-If you want a different name or a different relay port, create your own profile:
+Then create a profile:
 
 ```bash
 openclaw browser create-profile \
@@ -84,6 +79,11 @@ openclaw browser create-profile \
   --color "#00AA00"
 ```
 
+Use it:
+
+- CLI: `openclaw browser --browser-profile my-chrome tabs`
+- Agent tool: `browser` with `profile="my-chrome"`
+
 ### Custom Gateway ports
 
 If you're using a custom gateway port, the extension relay port is automatically derived:

docs/tools/exec-approvals.md

@@ -160,13 +160,14 @@ Long options are validated fail-closed in safe-bin mode: unknown flags and ambig
 abbreviations are rejected.
 Denied flags by safe-bin profile:
 
-<!-- SAFE_BIN_DENIED_FLAGS:START -->
+[//]: # "SAFE_BIN_DENIED_FLAGS:START"
 
 - `grep`: `--dereference-recursive`, `--directories`, `--exclude-from`, `--file`, `--recursive`, `-R`, `-d`, `-f`, `-r`
 - `jq`: `--argfile`, `--from-file`, `--library-path`, `--rawfile`, `--slurpfile`, `-L`, `-f`
 - `sort`: `--compress-program`, `--files0-from`, `--output`, `--random-source`, `--temporary-directory`, `-T`, `-o`
 - `wc`: `--files0-from`
-<!-- SAFE_BIN_DENIED_FLAGS:END -->
+
+[//]: # "SAFE_BIN_DENIED_FLAGS:END"
 
 Safe bins also force argv tokens to be treated as **literal text** at execution time (no globbing
 and no `$VARS` expansion) for stdin-only segments, so patterns like `*` or `$HOME/...` cannot be

docs/zh-CN/channels/feishu.md

@@ -149,7 +149,11 @@ Lark（国际版）请使用 https://open.larksuite.com/app，并在配置中设
 在 **事件订阅** 页面：
 
 1. 选择 **使用长连接接收事件**（WebSocket 模式）
-2. 添加事件：`im.message.receive_v1`（接收消息）
+2. 添加事件：
+   - `im.message.receive_v1`
+   - `im.message.reaction.created_v1`
+   - `im.message.reaction.deleted_v1`
+   - `application.bot.menu_v6`
 
 ⚠️ **注意**：如果网关未启动或渠道未添加，长连接设置将保存失败。
 
@@ -435,7 +439,7 @@ openclaw pairing list feishu
 | `/reset`  | 重置对话会话   |
 | `/model`  | 查看/切换模型  |
 
-> 注意：飞书目前不支持原生命令菜单，命令需要以文本形式发送。
+飞书机器人菜单建议直接在飞书开放平台的机器人能力页面配置。OpenClaw 当前支持接收 `application.bot.menu_v6` 事件，并把点击事件转换成普通文本命令（例如 `/menu <eventKey>`）继续走现有消息路由，但不通过渠道配置自动创建或同步菜单。
 
 ## 网关管理命令
 
@@ -526,7 +530,11 @@ openclaw pairing list feishu
   channels: {
     feishu: {
       streaming: true, // 启用流式卡片输出（默认 true）
-      blockStreaming: true, // 启用块级流式（默认 true）
+      blockStreamingCoalesce: {
+        enabled: true,
+        minDelayMs: 50,
+        maxDelayMs: 250,
+      },
     },
   },
 }
@@ -534,6 +542,40 @@ openclaw pairing list feishu
 
 如需禁用流式输出（等待完整回复后一次性发送），可设置 `streaming: false`。
 
+### 交互式卡片
+
+OpenClaw 默认会在需要时发送 Markdown 卡片；如果你需要完整的 Feishu 原生交互式卡片，也可以显式发送原始 `card` payload。
+
+- 默认路径：文本自动渲染或 Markdown 卡片
+- 显式卡片：通过消息动作的 `card` 参数发送原始交互卡片
+- 更新卡片：同一消息支持后续 patch/update
+
+卡片按钮回调当前走文本回退路径：
+
+- 若 `action.value.text` 存在，则作为入站文本继续处理
+- 若 `action.value.command` 存在，则作为命令文本继续处理
+- 其他对象值会序列化为 JSON 文本
+
+这样可以保持与现有消息/命令路由兼容，而不要求下游先理解 Feishu 专有的交互 payload。
+
+### 表情反应
+
+飞书渠道现已完整支持表情反应生命周期：
+
+- 接收 `reaction created`
+- 接收 `reaction deleted`
+- 主动添加反应
+- 主动删除自身反应
+- 查询消息上的反应列表
+
+是否把入站反应转成内部消息，可通过 `reactionNotifications` 控制：
+
+| 值    | 行为                         |
+| ----- | ---------------------------- |
+| `off` | 不生成反应通知               |
+| `own` | 仅当反应发生在机器人消息上时 |
+| `all` | 所有可验证的反应都生成通知   |
+
 ### 消息引用
 
 在群聊中，机器人的回复可以引用用户发送的原始消息，让对话上下文更加清晰。
@@ -653,14 +695,19 @@ openclaw pairing list feishu
 | `channels.feishu.accounts.<id>.domain`            | 单账号 API 域名覆盖               | `feishu`         |
 | `channels.feishu.dmPolicy`                        | 私聊策略                          | `pairing`        |
 | `channels.feishu.allowFrom`                       | 私聊白名单（open_id 列表）        | -                |
-| `channels.feishu.groupPolicy`                     | 群组策略                          | `open`           |
+| `channels.feishu.groupPolicy`                     | 群组策略                          | `allowlist`      |
 | `channels.feishu.groupAllowFrom`                  | 群组白名单                        | -                |
 | `channels.feishu.groups.<chat_id>.requireMention` | 是否需要 @提及                    | `true`           |
 | `channels.feishu.groups.<chat_id>.enabled`        | 是否启用该群组                    | `true`           |
+| `channels.feishu.replyInThread`                   | 群聊回复是否进入飞书话题线程      | `disabled`       |
+| `channels.feishu.groupSessionScope`               | 群聊会话隔离粒度                  | `group`          |
 | `channels.feishu.textChunkLimit`                  | 消息分块大小                      | `2000`           |
 | `channels.feishu.mediaMaxMb`                      | 媒体大小限制                      | `30`             |
 | `channels.feishu.streaming`                       | 启用流式卡片输出                  | `true`           |
-| `channels.feishu.blockStreaming`                  | 启用块级流式                      | `true`           |
+| `channels.feishu.blockStreamingCoalesce.enabled`  | 启用块级流式合并                  | `true`           |
+| `channels.feishu.typingIndicator`                 | 发送“正在输入”状态                | `true`           |
+| `channels.feishu.resolveSenderNames`              | 拉取发送者名称                    | `true`           |
+| `channels.feishu.reactionNotifications`           | 入站反应通知策略                  | `own`            |
 
 ---
 

extensions/bluebubbles/src/types.ts

@@ -57,6 +57,10 @@ export type BlueBubblesAccountConfig = {
   allowPrivateNetwork?: boolean;
   /** Per-group configuration keyed by chat GUID or identifier. */
   groups?: Record<string, BlueBubblesGroupConfig>;
+  /** Channel health monitor overrides for this channel/account. */
+  healthMonitor?: {
+    enabled?: boolean;
+  };
 };
 
 export type BlueBubblesActionConfig = {

extensions/feishu/src/bot.test.ts

@@ -15,9 +15,12 @@ const {
   mockCreateFeishuReplyDispatcher,
   mockSendMessageFeishu,
   mockGetMessageFeishu,
+  mockListFeishuThreadMessages,
   mockDownloadMessageResourceFeishu,
   mockCreateFeishuClient,
   mockResolveAgentRoute,
+  mockReadSessionUpdatedAt,
+  mockResolveStorePath,
 } = vi.hoisted(() => ({
   mockCreateFeishuReplyDispatcher: vi.fn(() => ({
     dispatcher: vi.fn(),
@@ -26,6 +29,7 @@ const {
   })),
   mockSendMessageFeishu: vi.fn().mockResolvedValue({ messageId: "pairing-msg", chatId: "oc-dm" }),
   mockGetMessageFeishu: vi.fn().mockResolvedValue(null),
+  mockListFeishuThreadMessages: vi.fn().mockResolvedValue([]),
   mockDownloadMessageResourceFeishu: vi.fn().mockResolvedValue({
     buffer: Buffer.from("video"),
     contentType: "video/mp4",
@@ -40,6 +44,8 @@ const {
     mainSessionKey: "agent:main:main",
     matchedBy: "default",
   })),
+  mockReadSessionUpdatedAt: vi.fn(),
+  mockResolveStorePath: vi.fn(() => "/tmp/feishu-sessions.json"),
 }));
 
 vi.mock("./reply-dispatcher.js", () => ({
@@ -49,6 +55,7 @@ vi.mock("./reply-dispatcher.js", () => ({
 vi.mock("./send.js", () => ({
   sendMessageFeishu: mockSendMessageFeishu,
   getMessageFeishu: mockGetMessageFeishu,
+  listFeishuThreadMessages: mockListFeishuThreadMessages,
 }));
 
 vi.mock("./media.js", () => ({
@@ -70,11 +77,13 @@ function createRuntimeEnv(): RuntimeEnv {
 }
 
 async function dispatchMessage(params: { cfg: ClawdbotConfig; event: FeishuMessageEvent }) {
+  const runtime = createRuntimeEnv();
   await handleFeishuMessage({
     cfg: params.cfg,
     event: params.event,
-    runtime: createRuntimeEnv(),
+    runtime,
   });
+  return runtime;
 }
 
 describe("buildFeishuAgentBody", () => {
@@ -140,6 +149,10 @@ describe("handleFeishuMessage command authorization", () => {
   beforeEach(() => {
     vi.clearAllMocks();
     mockShouldComputeCommandAuthorized.mockReset().mockReturnValue(true);
+    mockGetMessageFeishu.mockReset().mockResolvedValue(null);
+    mockListFeishuThreadMessages.mockReset().mockResolvedValue([]);
+    mockReadSessionUpdatedAt.mockReturnValue(undefined);
+    mockResolveStorePath.mockReturnValue("/tmp/feishu-sessions.json");
     mockResolveAgentRoute.mockReturnValue({
       agentId: "main",
       channel: "feishu",
@@ -166,6 +179,12 @@ describe("handleFeishuMessage command authorization", () => {
             resolveAgentRoute:
               mockResolveAgentRoute as unknown as PluginRuntime["channel"]["routing"]["resolveAgentRoute"],
           },
+          session: {
+            readSessionUpdatedAt:
+              mockReadSessionUpdatedAt as unknown as PluginRuntime["channel"]["session"]["readSessionUpdatedAt"],
+            resolveStorePath:
+              mockResolveStorePath as unknown as PluginRuntime["channel"]["session"]["resolveStorePath"],
+          },
           reply: {
             resolveEnvelopeFormatOptions: vi.fn(
               () => ({}),
@@ -1709,6 +1728,193 @@ describe("handleFeishuMessage command authorization", () => {
     );
   });
 
+  it("bootstraps topic thread context only for a new thread session", async () => {
+    mockShouldComputeCommandAuthorized.mockReturnValue(false);
+    mockGetMessageFeishu.mockResolvedValue({
+      messageId: "om_topic_root",
+      chatId: "oc-group",
+      content: "root starter",
+      contentType: "text",
+      threadId: "omt_topic_1",
+    });
+    mockListFeishuThreadMessages.mockResolvedValue([
+      {
+        messageId: "om_bot_reply",
+        senderId: "app_1",
+        senderType: "app",
+        content: "assistant reply",
+        contentType: "text",
+        createTime: 1710000000000,
+      },
+      {
+        messageId: "om_follow_up",
+        senderId: "ou-topic-user",
+        senderType: "user",
+        content: "follow-up question",
+        contentType: "text",
+        createTime: 1710000001000,
+      },
+    ]);
+
+    const cfg: ClawdbotConfig = {
+      channels: {
+        feishu: {
+          groups: {
+            "oc-group": {
+              requireMention: false,
+              groupSessionScope: "group_topic",
+            },
+          },
+        },
+      },
+    } as ClawdbotConfig;
+
+    const event: FeishuMessageEvent = {
+      sender: { sender_id: { open_id: "ou-topic-user" } },
+      message: {
+        message_id: "om_topic_followup_existing_session",
+        root_id: "om_topic_root",
+        chat_id: "oc-group",
+        chat_type: "group",
+        message_type: "text",
+        content: JSON.stringify({ text: "current turn" }),
+      },
+    };
+
+    await dispatchMessage({ cfg, event });
+
+    expect(mockReadSessionUpdatedAt).toHaveBeenCalledWith({
+      storePath: "/tmp/feishu-sessions.json",
+      sessionKey: "agent:main:feishu:dm:ou-attacker",
+    });
+    expect(mockListFeishuThreadMessages).toHaveBeenCalledWith(
+      expect.objectContaining({
+        rootMessageId: "om_topic_root",
+      }),
+    );
+    expect(mockFinalizeInboundContext).toHaveBeenCalledWith(
+      expect.objectContaining({
+        ThreadStarterBody: "root starter",
+        ThreadHistoryBody: "assistant reply\n\nfollow-up question",
+        ThreadLabel: "Feishu thread in oc-group",
+        MessageThreadId: "om_topic_root",
+      }),
+    );
+  });
+
+  it("skips topic thread bootstrap when the thread session already exists", async () => {
+    mockShouldComputeCommandAuthorized.mockReturnValue(false);
+    mockReadSessionUpdatedAt.mockReturnValue(1710000000000);
+
+    const cfg: ClawdbotConfig = {
+      channels: {
+        feishu: {
+          groups: {
+            "oc-group": {
+              requireMention: false,
+              groupSessionScope: "group_topic",
+            },
+          },
+        },
+      },
+    } as ClawdbotConfig;
+
+    const event: FeishuMessageEvent = {
+      sender: { sender_id: { open_id: "ou-topic-user" } },
+      message: {
+        message_id: "om_topic_followup",
+        root_id: "om_topic_root",
+        chat_id: "oc-group",
+        chat_type: "group",
+        message_type: "text",
+        content: JSON.stringify({ text: "current turn" }),
+      },
+    };
+
+    await dispatchMessage({ cfg, event });
+
+    expect(mockGetMessageFeishu).not.toHaveBeenCalled();
+    expect(mockListFeishuThreadMessages).not.toHaveBeenCalled();
+    expect(mockFinalizeInboundContext).toHaveBeenCalledWith(
+      expect.objectContaining({
+        ThreadStarterBody: undefined,
+        ThreadHistoryBody: undefined,
+        ThreadLabel: "Feishu thread in oc-group",
+        MessageThreadId: "om_topic_root",
+      }),
+    );
+  });
+
+  it("keeps sender-scoped thread history when the inbound event and thread history use different sender ids", async () => {
+    mockShouldComputeCommandAuthorized.mockReturnValue(false);
+    mockGetMessageFeishu.mockResolvedValue({
+      messageId: "om_topic_root",
+      chatId: "oc-group",
+      content: "root starter",
+      contentType: "text",
+      threadId: "omt_topic_1",
+    });
+    mockListFeishuThreadMessages.mockResolvedValue([
+      {
+        messageId: "om_bot_reply",
+        senderId: "app_1",
+        senderType: "app",
+        content: "assistant reply",
+        contentType: "text",
+        createTime: 1710000000000,
+      },
+      {
+        messageId: "om_follow_up",
+        senderId: "user_topic_1",
+        senderType: "user",
+        content: "follow-up question",
+        contentType: "text",
+        createTime: 1710000001000,
+      },
+    ]);
+
+    const cfg: ClawdbotConfig = {
+      channels: {
+        feishu: {
+          groups: {
+            "oc-group": {
+              requireMention: false,
+              groupSessionScope: "group_topic_sender",
+            },
+          },
+        },
+      },
+    } as ClawdbotConfig;
+
+    const event: FeishuMessageEvent = {
+      sender: {
+        sender_id: {
+          open_id: "ou-topic-user",
+          user_id: "user_topic_1",
+        },
+      },
+      message: {
+        message_id: "om_topic_followup_mixed_ids",
+        root_id: "om_topic_root",
+        chat_id: "oc-group",
+        chat_type: "group",
+        message_type: "text",
+        content: JSON.stringify({ text: "current turn" }),
+      },
+    };
+
+    await dispatchMessage({ cfg, event });
+
+    expect(mockFinalizeInboundContext).toHaveBeenCalledWith(
+      expect.objectContaining({
+        ThreadStarterBody: "root starter",
+        ThreadHistoryBody: "assistant reply\n\nfollow-up question",
+        ThreadLabel: "Feishu thread in oc-group",
+        MessageThreadId: "om_topic_root",
+      }),
+    );
+  });
+
   it("does not dispatch twice for the same image message_id (concurrent dedupe)", async () => {
     mockShouldComputeCommandAuthorized.mockReturnValue(false);
 

extensions/feishu/src/bot.ts

@@ -9,6 +9,7 @@ import {
   issuePairingChallenge,
   normalizeAgentId,
   recordPendingHistoryEntryIfEnabled,
+  resolveAgentOutboundIdentity,
   resolveOpenProviderRuntimeGroupPolicy,
   resolveDefaultGroupPolicy,
   warnMissingProviderGroupPolicyFallbackOnce,
@@ -29,7 +30,7 @@ import {
 import { parsePostContent } from "./post.js";
 import { createFeishuReplyDispatcher } from "./reply-dispatcher.js";
 import { getFeishuRuntime } from "./runtime.js";
-import { getMessageFeishu, sendMessageFeishu } from "./send.js";
+import { getMessageFeishu, listFeishuThreadMessages, sendMessageFeishu } from "./send.js";
 import type { FeishuMessageContext, FeishuMediaInfo, ResolvedFeishuAccount } from "./types.js";
 import type { DynamicAgentCreationConfig } from "./types.js";
 
@@ -1239,16 +1240,17 @@ export async function handleFeishuMessage(params: {
     const mediaPayload = buildAgentMediaPayload(mediaList);
 
     // Fetch quoted/replied message content if parentId exists
+    let quotedMessageInfo: Awaited<ReturnType<typeof getMessageFeishu>> = null;
     let quotedContent: string | undefined;
     if (ctx.parentId) {
       try {
-        const quotedMsg = await getMessageFeishu({
+        quotedMessageInfo = await getMessageFeishu({
           cfg,
           messageId: ctx.parentId,
           accountId: account.accountId,
         });
-        if (quotedMsg) {
-          quotedContent = quotedMsg.content;
+        if (quotedMessageInfo) {
+          quotedContent = quotedMessageInfo.content;
           log(
             `feishu[${account.accountId}]: fetched quoted message: ${quotedContent?.slice(0, 100)}`,
           );
@@ -1258,6 +1260,11 @@ export async function handleFeishuMessage(params: {
       }
     }
 
+    const isTopicSessionForThread =
+      isGroup &&
+      (groupSession?.groupSessionScope === "group_topic" ||
+        groupSession?.groupSessionScope === "group_topic_sender");
+
     const envelopeOptions = core.channel.reply.resolveEnvelopeFormatOptions(cfg);
     const messageBody = buildFeishuAgentBody({
       ctx,
@@ -1309,13 +1316,150 @@ export async function handleFeishuMessage(params: {
           }))
         : undefined;
 
+    const threadContextBySessionKey = new Map<
+      string,
+      {
+        threadStarterBody?: string;
+        threadHistoryBody?: string;
+        threadLabel?: string;
+      }
+    >();
+    let rootMessageInfo: Awaited<ReturnType<typeof getMessageFeishu>> | undefined;
+    let rootMessageFetched = false;
+    const getRootMessageInfo = async () => {
+      if (!ctx.rootId) {
+        return null;
+      }
+      if (!rootMessageFetched) {
+        rootMessageFetched = true;
+        if (ctx.rootId === ctx.parentId && quotedMessageInfo) {
+          rootMessageInfo = quotedMessageInfo;
+        } else {
+          try {
+            rootMessageInfo = await getMessageFeishu({
+              cfg,
+              messageId: ctx.rootId,
+              accountId: account.accountId,
+            });
+          } catch (err) {
+            log(`feishu[${account.accountId}]: failed to fetch root message: ${String(err)}`);
+            rootMessageInfo = null;
+          }
+        }
+      }
+      return rootMessageInfo ?? null;
+    };
+    const resolveThreadContextForAgent = async (agentId: string, agentSessionKey: string) => {
+      const cached = threadContextBySessionKey.get(agentSessionKey);
+      if (cached) {
+        return cached;
+      }
+
+      const threadContext: {
+        threadStarterBody?: string;
+        threadHistoryBody?: string;
+        threadLabel?: string;
+      } = {
+        threadLabel:
+          (ctx.rootId || ctx.threadId) && isTopicSessionForThread
+            ? `Feishu thread in ${ctx.chatId}`
+            : undefined,
+      };
+
+      if (!(ctx.rootId || ctx.threadId) || !isTopicSessionForThread) {
+        threadContextBySessionKey.set(agentSessionKey, threadContext);
+        return threadContext;
+      }
+
+      const storePath = core.channel.session.resolveStorePath(cfg.session?.store, { agentId });
+      const previousThreadSessionTimestamp = core.channel.session.readSessionUpdatedAt({
+        storePath,
+        sessionKey: agentSessionKey,
+      });
+      if (previousThreadSessionTimestamp) {
+        log(
+          `feishu[${account.accountId}]: skipping thread bootstrap for existing session ${agentSessionKey}`,
+        );
+        threadContextBySessionKey.set(agentSessionKey, threadContext);
+        return threadContext;
+      }
+
+      const rootMsg = await getRootMessageInfo();
+      let feishuThreadId = ctx.threadId ?? rootMsg?.threadId;
+      if (feishuThreadId) {
+        log(`feishu[${account.accountId}]: resolved thread ID: ${feishuThreadId}`);
+      }
+      if (!feishuThreadId) {
+        log(
+          `feishu[${account.accountId}]: no threadId found for root message ${ctx.rootId ?? "none"}, skipping thread history`,
+        );
+        threadContextBySessionKey.set(agentSessionKey, threadContext);
+        return threadContext;
+      }
+
+      try {
+        const threadMessages = await listFeishuThreadMessages({
+          cfg,
+          threadId: feishuThreadId,
+          currentMessageId: ctx.messageId,
+          rootMessageId: ctx.rootId,
+          limit: 20,
+          accountId: account.accountId,
+        });
+        const senderScoped = groupSession?.groupSessionScope === "group_topic_sender";
+        const senderIds = new Set(
+          [ctx.senderOpenId, senderUserId]
+            .map((id) => id?.trim())
+            .filter((id): id is string => id !== undefined && id.length > 0),
+        );
+        const relevantMessages =
+          (senderScoped
+            ? threadMessages.filter(
+                (msg) =>
+                  msg.senderType === "app" ||
+                  (msg.senderId !== undefined && senderIds.has(msg.senderId.trim())),
+              )
+            : threadMessages) ?? [];
+
+        const threadStarterBody = rootMsg?.content ?? relevantMessages[0]?.content;
+        const includeStarterInHistory = Boolean(rootMsg?.content || ctx.rootId);
+        const historyMessages = includeStarterInHistory
+          ? relevantMessages
+          : relevantMessages.slice(1);
+        const historyParts = historyMessages.map((msg) => {
+          const role = msg.senderType === "app" ? "assistant" : "user";
+          return core.channel.reply.formatAgentEnvelope({
+            channel: "Feishu",
+            from: `${msg.senderId ?? "Unknown"} (${role})`,
+            timestamp: msg.createTime,
+            body: msg.content,
+            envelope: envelopeOptions,
+          });
+        });
+
+        threadContext.threadStarterBody = threadStarterBody;
+        threadContext.threadHistoryBody =
+          historyParts.length > 0 ? historyParts.join("\n\n") : undefined;
+        log(
+          `feishu[${account.accountId}]: populated thread bootstrap with starter=${threadStarterBody ? "yes" : "no"} history=${historyMessages.length}`,
+        );
+      } catch (err) {
+        log(`feishu[${account.accountId}]: failed to fetch thread history: ${String(err)}`);
+      }
+
+      threadContextBySessionKey.set(agentSessionKey, threadContext);
+      return threadContext;
+    };
+
     // --- Shared context builder for dispatch ---
-    const buildCtxPayloadForAgent = (
+    const buildCtxPayloadForAgent = async (
+      agentId: string,
       agentSessionKey: string,
       agentAccountId: string,
       wasMentioned: boolean,
-    ) =>
-      core.channel.reply.finalizeInboundContext({
+    ) => {
+      const threadContext = await resolveThreadContextForAgent(agentId, agentSessionKey);
+      return core.channel.reply.finalizeInboundContext({
         Body: combinedBody,
         BodyForAgent: messageBody,
         InboundHistory: inboundHistory,
@@ -1335,6 +1479,12 @@ export async function handleFeishuMessage(params: {
         Surface: "feishu" as const,
         MessageSid: ctx.messageId,
         ReplyToBody: quotedContent ?? undefined,
+        ThreadStarterBody: threadContext.threadStarterBody,
+        ThreadHistoryBody: threadContext.threadHistoryBody,
+        ThreadLabel: threadContext.threadLabel,
+        // Only use rootId (om_* message anchor) — threadId (omt_*) is a container
+        // ID and would produce invalid reply targets downstream.
+        MessageThreadId: ctx.rootId && isTopicSessionForThread ? ctx.rootId : undefined,
         Timestamp: Date.now(),
         WasMentioned: wasMentioned,
         CommandAuthorized: commandAuthorized,
@@ -1343,6 +1493,7 @@ export async function handleFeishuMessage(params: {
         GroupSystemPrompt: isGroup ? groupConfig?.systemPrompt?.trim() || undefined : undefined,
         ...mediaPayload,
       });
+    };
 
     // Parse message create_time (Feishu uses millisecond epoch string).
     const messageCreateTimeMs = event.message.create_time
@@ -1402,7 +1553,8 @@ export async function handleFeishuMessage(params: {
         }
 
         const agentSessionKey = buildBroadcastSessionKey(route.sessionKey, route.agentId, agentId);
-        const agentCtx = buildCtxPayloadForAgent(
+        const agentCtx = await buildCtxPayloadForAgent(
+          agentId,
           agentSessionKey,
           route.accountId,
           ctx.mentionedBot && agentId === activeAgentId,
@@ -1410,6 +1562,7 @@ export async function handleFeishuMessage(params: {
 
         if (agentId === activeAgentId) {
           // Active agent: real Feishu dispatcher (responds on Feishu)
+          const identity = resolveAgentOutboundIdentity(cfg, agentId);
           const { dispatcher, replyOptions, markDispatchIdle } = createFeishuReplyDispatcher({
             cfg,
             agentId,
@@ -1422,6 +1575,7 @@ export async function handleFeishuMessage(params: {
             threadReply,
             mentionTargets: ctx.mentionTargets,
             accountId: account.accountId,
+            identity,
             messageCreateTimeMs,
           });
 
@@ -1502,12 +1656,14 @@ export async function handleFeishuMessage(params: {
       );
     } else {
       // --- Single-agent dispatch (existing behavior) ---
-      const ctxPayload = buildCtxPayloadForAgent(
+      const ctxPayload = await buildCtxPayloadForAgent(
+        route.agentId,
         route.sessionKey,
         route.accountId,
         ctx.mentionedBot,
       );
 
+      const identity = resolveAgentOutboundIdentity(cfg, route.agentId);
       const { dispatcher, replyOptions, markDispatchIdle } = createFeishuReplyDispatcher({
         cfg,
         agentId: route.agentId,
@@ -1520,6 +1676,7 @@ export async function handleFeishuMessage(params: {
         threadReply,
         mentionTargets: ctx.mentionTargets,
         accountId: account.accountId,
+        identity,
         messageCreateTimeMs,
       });
 

extensions/feishu/src/card-action.ts

@@ -20,6 +20,20 @@ export type FeishuCardActionEvent = {
   };
 };
 
+function buildCardActionTextFallback(event: FeishuCardActionEvent): string {
+  const actionValue = event.action.value;
+  if (typeof actionValue === "object" && actionValue !== null) {
+    if ("text" in actionValue && typeof actionValue.text === "string") {
+      return actionValue.text;
+    }
+    if ("command" in actionValue && typeof actionValue.command === "string") {
+      return actionValue.command;
+    }
+    return JSON.stringify(actionValue);
+  }
+  return String(actionValue);
+}
+
 export async function handleFeishuCardAction(params: {
   cfg: ClawdbotConfig;
   event: FeishuCardActionEvent;
@@ -30,21 +44,7 @@ export async function handleFeishuCardAction(params: {
   const { cfg, event, runtime, accountId } = params;
   const account = resolveFeishuAccount({ cfg, accountId });
   const log = runtime?.log ?? console.log;
-
-  // Extract action value
-  const actionValue = event.action.value;
-  let content = "";
-  if (typeof actionValue === "object" && actionValue !== null) {
-    if ("text" in actionValue && typeof actionValue.text === "string") {
-      content = actionValue.text;
-    } else if ("command" in actionValue && typeof actionValue.command === "string") {
-      content = actionValue.command;
-    } else {
-      content = JSON.stringify(actionValue);
-    }
-  } else {
-    content = String(actionValue);
-  }
+  const content = buildCardActionTextFallback(event);
 
   // Construct a synthetic message event
   const messageEvent: FeishuMessageEvent = {

extensions/feishu/src/channel.test.ts

@@ -2,11 +2,18 @@ import type { OpenClawConfig } from "openclaw/plugin-sdk/feishu";
 import { describe, expect, it, vi } from "vitest";
 
 const probeFeishuMock = vi.hoisted(() => vi.fn());
+const listReactionsFeishuMock = vi.hoisted(() => vi.fn());
 
 vi.mock("./probe.js", () => ({
   probeFeishu: probeFeishuMock,
 }));
 
+vi.mock("./reactions.js", () => ({
+  addReactionFeishu: vi.fn(),
+  listReactionsFeishu: listReactionsFeishuMock,
+  removeReactionFeishu: vi.fn(),
+}));
+
 import { feishuPlugin } from "./channel.js";
 
 describe("feishuPlugin.status.probeAccount", () => {
@@ -46,3 +53,114 @@ describe("feishuPlugin.status.probeAccount", () => {
     expect(result).toMatchObject({ ok: true, appId: "cli_main" });
   });
 });
+
+describe("feishuPlugin actions", () => {
+  const cfg = {
+    channels: {
+      feishu: {
+        enabled: true,
+        appId: "cli_main",
+        appSecret: "secret_main",
+        actions: {
+          reactions: true,
+        },
+      },
+    },
+  } as OpenClawConfig;
+
+  it("does not advertise reactions when disabled via actions config", () => {
+    const disabledCfg = {
+      channels: {
+        feishu: {
+          enabled: true,
+          appId: "cli_main",
+          appSecret: "secret_main",
+          actions: {
+            reactions: false,
+          },
+        },
+      },
+    } as OpenClawConfig;
+
+    expect(feishuPlugin.actions?.listActions?.({ cfg: disabledCfg })).toEqual([]);
+  });
+
+  it("advertises reactions when any enabled configured account allows them", () => {
+    const cfg = {
+      channels: {
+        feishu: {
+          enabled: true,
+          defaultAccount: "main",
+          actions: {
+            reactions: false,
+          },
+          accounts: {
+            main: {
+              appId: "cli_main",
+              appSecret: "secret_main",
+              enabled: true,
+              actions: {
+                reactions: false,
+              },
+            },
+            secondary: {
+              appId: "cli_secondary",
+              appSecret: "secret_secondary",
+              enabled: true,
+              actions: {
+                reactions: true,
+              },
+            },
+          },
+        },
+      },
+    } as OpenClawConfig;
+
+    expect(feishuPlugin.actions?.listActions?.({ cfg })).toEqual(["react", "reactions"]);
+  });
+
+  it("requires clearAll=true before removing all bot reactions", async () => {
+    await expect(
+      feishuPlugin.actions?.handleAction?.({
+        action: "react",
+        params: { messageId: "om_msg1" },
+        cfg,
+        accountId: undefined,
+      } as never),
+    ).rejects.toThrow(
+      "Emoji is required to add a Feishu reaction. Set clearAll=true to remove all bot reactions.",
+    );
+  });
+
+  it("throws for unsupported Feishu send actions without card payload", async () => {
+    await expect(
+      feishuPlugin.actions?.handleAction?.({
+        action: "send",
+        params: { to: "chat:oc_group_1", message: "hello" },
+        cfg,
+        accountId: undefined,
+      } as never),
+    ).rejects.toThrow('Unsupported Feishu action: "send"');
+  });
+
+  it("allows explicit clearAll=true when removing all bot reactions", async () => {
+    listReactionsFeishuMock.mockResolvedValueOnce([
+      { reactionId: "r1", operatorType: "app" },
+      { reactionId: "r2", operatorType: "app" },
+    ]);
+
+    const result = await feishuPlugin.actions?.handleAction?.({
+      action: "react",
+      params: { messageId: "om_msg1", clearAll: true },
+      cfg,
+      accountId: undefined,
+    } as never);
+
+    expect(listReactionsFeishuMock).toHaveBeenCalledWith({
+      cfg,
+      messageId: "om_msg1",
+      accountId: undefined,
+    });
+    expect(result?.details).toMatchObject({ ok: true, removed: 2 });
+  });
+});

extensions/feishu/src/channel.ts

@@ -5,18 +5,23 @@ import {
 } from "openclaw/plugin-sdk/compat";
 import type { ChannelMeta, ChannelPlugin, ClawdbotConfig } from "openclaw/plugin-sdk/feishu";
 import {
+  buildChannelConfigSchema,
   buildProbeChannelStatusSummary,
+  createActionGate,
   buildRuntimeAccountStatusSnapshot,
   createDefaultChannelRuntimeState,
   DEFAULT_ACCOUNT_ID,
   PAIRING_APPROVED_MESSAGE,
 } from "openclaw/plugin-sdk/feishu";
+import type { ChannelMessageActionName } from "openclaw/plugin-sdk/feishu";
 import {
   resolveFeishuAccount,
   resolveFeishuCredentials,
   listFeishuAccountIds,
+  listEnabledFeishuAccounts,
   resolveDefaultFeishuAccountId,
 } from "./accounts.js";
+import { FeishuConfigSchema } from "./config-schema.js";
 import {
   listFeishuDirectoryPeers,
   listFeishuDirectoryGroups,
@@ -27,7 +32,8 @@ import { feishuOnboardingAdapter } from "./onboarding.js";
 import { feishuOutbound } from "./outbound.js";
 import { resolveFeishuGroupToolPolicy } from "./policy.js";
 import { probeFeishu } from "./probe.js";
-import { sendMessageFeishu } from "./send.js";
+import { addReactionFeishu, listReactionsFeishu, removeReactionFeishu } from "./reactions.js";
+import { sendCardFeishu, sendMessageFeishu } from "./send.js";
 import { normalizeFeishuTarget, looksLikeFeishuId, formatFeishuTarget } from "./targets.js";
 import type { ResolvedFeishuAccount, FeishuConfig } from "./types.js";
 
@@ -42,22 +48,6 @@ const meta: ChannelMeta = {
   order: 70,
 };
 
-const secretInputJsonSchema = {
-  oneOf: [
-    { type: "string" },
-    {
-      type: "object",
-      additionalProperties: false,
-      required: ["source", "provider", "id"],
-      properties: {
-        source: { type: "string", enum: ["env", "file", "exec"] },
-        provider: { type: "string", minLength: 1 },
-        id: { type: "string", minLength: 1 },
-      },
-    },
-  ],
-} as const;
-
 function setFeishuNamedAccountEnabled(
   cfg: ClawdbotConfig,
   accountId: string,
@@ -82,6 +72,32 @@ function setFeishuNamedAccountEnabled(
   };
 }
 
+function isFeishuReactionsActionEnabled(params: {
+  cfg: ClawdbotConfig;
+  account: ResolvedFeishuAccount;
+}): boolean {
+  if (!params.account.enabled || !params.account.configured) {
+    return false;
+  }
+  const gate = createActionGate(
+    (params.account.config.actions ??
+      (params.cfg.channels?.feishu as { actions?: unknown } | undefined)?.actions) as Record<
+      string,
+      boolean | undefined
+    >,
+  );
+  return gate("reactions");
+}
+
+function areAnyFeishuReactionActionsEnabled(cfg: ClawdbotConfig): boolean {
+  for (const account of listEnabledFeishuAccounts(cfg)) {
+    if (isFeishuReactionsActionEnabled({ cfg, account })) {
+      return true;
+    }
+  }
+  return false;
+}
+
 export const feishuPlugin: ChannelPlugin<ResolvedFeishuAccount> = {
   id: "feishu",
   meta: {
@@ -120,69 +136,7 @@ export const feishuPlugin: ChannelPlugin<ResolvedFeishuAccount> = {
     stripPatterns: () => ['<at user_id="[^"]*">[^<]*</at>'],
   },
   reload: { configPrefixes: ["channels.feishu"] },
-  configSchema: {
-    schema: {
-      type: "object",
-      additionalProperties: false,
-      properties: {
-        enabled: { type: "boolean" },
-        defaultAccount: { type: "string" },
-        appId: { type: "string" },
-        appSecret: secretInputJsonSchema,
-        encryptKey: secretInputJsonSchema,
-        verificationToken: secretInputJsonSchema,
-        domain: {
-          oneOf: [
-            { type: "string", enum: ["feishu", "lark"] },
-            { type: "string", format: "uri", pattern: "^https://" },
-          ],
-        },
-        connectionMode: { type: "string", enum: ["websocket", "webhook"] },
-        webhookPath: { type: "string" },
-        webhookHost: { type: "string" },
-        webhookPort: { type: "integer", minimum: 1 },
-        dmPolicy: { type: "string", enum: ["open", "pairing", "allowlist"] },
-        allowFrom: { type: "array", items: { oneOf: [{ type: "string" }, { type: "number" }] } },
-        groupPolicy: { type: "string", enum: ["open", "allowlist", "disabled"] },
-        groupAllowFrom: {
-          type: "array",
-          items: { oneOf: [{ type: "string" }, { type: "number" }] },
-        },
-        requireMention: { type: "boolean" },
-        groupSessionScope: {
-          type: "string",
-          enum: ["group", "group_sender", "group_topic", "group_topic_sender"],
-        },
-        topicSessionMode: { type: "string", enum: ["disabled", "enabled"] },
-        replyInThread: { type: "string", enum: ["disabled", "enabled"] },
-        historyLimit: { type: "integer", minimum: 0 },
-        dmHistoryLimit: { type: "integer", minimum: 0 },
-        textChunkLimit: { type: "integer", minimum: 1 },
-        chunkMode: { type: "string", enum: ["length", "newline"] },
-        mediaMaxMb: { type: "number", minimum: 0 },
-        renderMode: { type: "string", enum: ["auto", "raw", "card"] },
-        accounts: {
-          type: "object",
-          additionalProperties: {
-            type: "object",
-            properties: {
-              enabled: { type: "boolean" },
-              name: { type: "string" },
-              appId: { type: "string" },
-              appSecret: secretInputJsonSchema,
-              encryptKey: secretInputJsonSchema,
-              verificationToken: secretInputJsonSchema,
-              domain: { type: "string", enum: ["feishu", "lark"] },
-              connectionMode: { type: "string", enum: ["websocket", "webhook"] },
-              webhookHost: { type: "string" },
-              webhookPath: { type: "string" },
-              webhookPort: { type: "integer", minimum: 1 },
-            },
-          },
-        },
-      },
-    },
-  },
+  configSchema: buildChannelConfigSchema(FeishuConfigSchema),
   config: {
     listAccountIds: (cfg) => listFeishuAccountIds(cfg),
     resolveAccount: (cfg, accountId) => resolveFeishuAccount({ cfg, accountId }),
@@ -255,6 +209,172 @@ export const feishuPlugin: ChannelPlugin<ResolvedFeishuAccount> = {
     },
     formatAllowFrom: ({ allowFrom }) => formatAllowFromLowercase({ allowFrom }),
   },
+  actions: {
+    listActions: ({ cfg }) => {
+      if (listEnabledFeishuAccounts(cfg).length === 0) {
+        return [];
+      }
+      const actions = new Set<ChannelMessageActionName>();
+      if (areAnyFeishuReactionActionsEnabled(cfg)) {
+        actions.add("react");
+        actions.add("reactions");
+      }
+      return Array.from(actions);
+    },
+    supportsCards: ({ cfg }) => {
+      return (
+        cfg.channels?.feishu?.enabled !== false &&
+        Boolean(resolveFeishuCredentials(cfg.channels?.feishu as FeishuConfig | undefined))
+      );
+    },
+    handleAction: async (ctx) => {
+      const account = resolveFeishuAccount({ cfg: ctx.cfg, accountId: ctx.accountId ?? undefined });
+      if (
+        (ctx.action === "react" || ctx.action === "reactions") &&
+        !isFeishuReactionsActionEnabled({ cfg: ctx.cfg, account })
+      ) {
+        throw new Error("Feishu reactions are disabled via actions.reactions.");
+      }
+      if (ctx.action === "send" && ctx.params.card) {
+        const card = ctx.params.card as Record<string, unknown>;
+        const to =
+          typeof ctx.params.to === "string"
+            ? ctx.params.to.trim()
+            : typeof ctx.params.target === "string"
+              ? ctx.params.target.trim()
+              : "";
+        if (!to) {
+          return {
+            isError: true,
+            content: [{ type: "text" as const, text: "Feishu card send requires a target (to)." }],
+            details: { error: "Feishu card send requires a target (to)." },
+          };
+        }
+        const replyToMessageId =
+          typeof ctx.params.replyTo === "string"
+            ? ctx.params.replyTo.trim() || undefined
+            : undefined;
+        const result = await sendCardFeishu({
+          cfg: ctx.cfg,
+          to,
+          card,
+          accountId: ctx.accountId ?? undefined,
+          replyToMessageId,
+        });
+        return {
+          content: [
+            {
+              type: "text" as const,
+              text: JSON.stringify({ ok: true, channel: "feishu", ...result }),
+            },
+          ],
+          details: { ok: true, channel: "feishu", ...result },
+        };
+      }
+
+      if (ctx.action === "react") {
+        const messageId =
+          (typeof ctx.params.messageId === "string" && ctx.params.messageId.trim()) ||
+          (typeof ctx.params.message_id === "string" && ctx.params.message_id.trim()) ||
+          undefined;
+        if (!messageId) {
+          throw new Error("Feishu reaction requires messageId.");
+        }
+        const emoji = typeof ctx.params.emoji === "string" ? ctx.params.emoji.trim() : "";
+        const remove = ctx.params.remove === true;
+        const clearAll = ctx.params.clearAll === true;
+        if (remove) {
+          if (!emoji) {
+            throw new Error("Emoji is required to remove a Feishu reaction.");
+          }
+          const matches = await listReactionsFeishu({
+            cfg: ctx.cfg,
+            messageId,
+            emojiType: emoji,
+            accountId: ctx.accountId ?? undefined,
+          });
+          const ownReaction = matches.find((entry) => entry.operatorType === "app");
+          if (!ownReaction) {
+            return {
+              content: [
+                { type: "text" as const, text: JSON.stringify({ ok: true, removed: null }) },
+              ],
+              details: { ok: true, removed: null },
+            };
+          }
+          await removeReactionFeishu({
+            cfg: ctx.cfg,
+            messageId,
+            reactionId: ownReaction.reactionId,
+            accountId: ctx.accountId ?? undefined,
+          });
+          return {
+            content: [
+              { type: "text" as const, text: JSON.stringify({ ok: true, removed: emoji }) },
+            ],
+            details: { ok: true, removed: emoji },
+          };
+        }
+        if (!emoji) {
+          if (!clearAll) {
+            throw new Error(
+              "Emoji is required to add a Feishu reaction. Set clearAll=true to remove all bot reactions.",
+            );
+          }
+          const reactions = await listReactionsFeishu({
+            cfg: ctx.cfg,
+            messageId,
+            accountId: ctx.accountId ?? undefined,
+          });
+          let removed = 0;
+          for (const reaction of reactions.filter((entry) => entry.operatorType === "app")) {
+            await removeReactionFeishu({
+              cfg: ctx.cfg,
+              messageId,
+              reactionId: reaction.reactionId,
+              accountId: ctx.accountId ?? undefined,
+            });
+            removed += 1;
+          }
+          return {
+            content: [{ type: "text" as const, text: JSON.stringify({ ok: true, removed }) }],
+            details: { ok: true, removed },
+          };
+        }
+        await addReactionFeishu({
+          cfg: ctx.cfg,
+          messageId,
+          emojiType: emoji,
+          accountId: ctx.accountId ?? undefined,
+        });
+        return {
+          content: [{ type: "text" as const, text: JSON.stringify({ ok: true, added: emoji }) }],
+          details: { ok: true, added: emoji },
+        };
+      }
+
+      if (ctx.action === "reactions") {
+        const messageId =
+          (typeof ctx.params.messageId === "string" && ctx.params.messageId.trim()) ||
+          (typeof ctx.params.message_id === "string" && ctx.params.message_id.trim()) ||
+          undefined;
+        if (!messageId) {
+          throw new Error("Feishu reactions lookup requires messageId.");
+        }
+        const reactions = await listReactionsFeishu({
+          cfg: ctx.cfg,
+          messageId,
+          accountId: ctx.accountId ?? undefined,
+        });
+        return {
+          content: [{ type: "text" as const, text: JSON.stringify({ ok: true, reactions }) }],
+          details: { ok: true, reactions },
+        };
+      }
+
+      throw new Error(`Unsupported Feishu action: "${String(ctx.action)}"`);
+    },
+  },
   security: {
     collectWarnings: ({ cfg, accountId }) => {
       const account = resolveFeishuAccount({ cfg, accountId });

extensions/feishu/src/config-schema.test.ts

@@ -217,6 +217,26 @@ describe("FeishuConfigSchema optimization flags", () => {
   });
 });
 
+describe("FeishuConfigSchema actions", () => {
+  it("accepts top-level reactions action gate", () => {
+    const result = FeishuConfigSchema.parse({
+      actions: { reactions: false },
+    });
+    expect(result.actions?.reactions).toBe(false);
+  });
+
+  it("accepts account-level reactions action gate", () => {
+    const result = FeishuConfigSchema.parse({
+      accounts: {
+        main: {
+          actions: { reactions: false },
+        },
+      },
+    });
+    expect(result.accounts?.main?.actions?.reactions).toBe(false);
+  });
+});
+
 describe("FeishuConfigSchema defaultAccount", () => {
   it("accepts defaultAccount when it matches an account key", () => {
     const result = FeishuConfigSchema.safeParse({

extensions/feishu/src/config-schema.ts

@@ -3,6 +3,13 @@ import { z } from "zod";
 export { z };
 import { buildSecretInputSchema, hasConfiguredSecretInput } from "./secret-input.js";
 
+const ChannelActionsSchema = z
+  .object({
+    reactions: z.boolean().optional(),
+  })
+  .strict()
+  .optional();
+
 const DmPolicySchema = z.enum(["open", "pairing", "allowlist"]);
 const GroupPolicySchema = z.union([
   z.enum(["open", "allowlist", "disabled"]),
@@ -170,6 +177,7 @@ const FeishuSharedConfigShape = {
   renderMode: RenderModeSchema,
   streaming: StreamingModeSchema,
   tools: FeishuToolsConfigSchema,
+  actions: ChannelActionsSchema,
   replyInThread: ReplyInThreadSchema,
   reactionNotifications: ReactionNotificationModeSchema,
   typingIndicator: z.boolean().optional(),

extensions/feishu/src/monitor.account.ts

@@ -38,6 +38,10 @@ export type FeishuReactionCreatedEvent = {
   action_time?: string;
 };
 
+export type FeishuReactionDeletedEvent = FeishuReactionCreatedEvent & {
+  reaction_id?: string;
+};
+
 type ResolveReactionSyntheticEventParams = {
   cfg: ClawdbotConfig;
   accountId: string;
@@ -47,6 +51,7 @@ type ResolveReactionSyntheticEventParams = {
   verificationTimeoutMs?: number;
   logger?: (message: string) => void;
   uuid?: () => string;
+  action?: "created" | "deleted";
 };
 
 export async function resolveReactionSyntheticEvent(
@@ -61,6 +66,7 @@ export async function resolveReactionSyntheticEvent(
     verificationTimeoutMs = FEISHU_REACTION_VERIFY_TIMEOUT_MS,
     logger,
     uuid = () => crypto.randomUUID(),
+    action = "created",
   } = params;
 
   const emoji = event.reaction_type?.emoji_type;
@@ -129,7 +135,10 @@ export async function resolveReactionSyntheticEvent(
       chat_type: syntheticChatType,
       message_type: "text",
       content: JSON.stringify({
-        text: `[reacted with ${emoji} to message ${messageId}]`,
+        text:
+          action === "deleted"
+            ? `[removed reaction ${emoji} from message ${messageId}]`
+            : `[reacted with ${emoji} to message ${messageId}]`,
       }),
     },
   };
@@ -253,6 +262,19 @@ function registerEventHandlers(
   const log = runtime?.log ?? console.log;
   const error = runtime?.error ?? console.error;
   const enqueue = createChatQueue();
+  const runFeishuHandler = async (params: { task: () => Promise<void>; errorMessage: string }) => {
+    if (fireAndForget) {
+      void params.task().catch((err) => {
+        error(`${params.errorMessage}: ${String(err)}`);
+      });
+      return;
+    }
+    try {
+      await params.task();
+    } catch (err) {
+      error(`${params.errorMessage}: ${String(err)}`);
+    }
+  };
   const dispatchFeishuMessage = async (event: FeishuMessageEvent) => {
     const chatId = event.message.chat_id?.trim() || "unknown";
     const task = () =>
@@ -428,7 +450,9 @@ function registerEventHandlers(
       }
     },
     "im.message.reaction.created_v1": async (data) => {
-      const processReaction = async () => {
+      await runFeishuHandler({
+        errorMessage: `feishu[${accountId}]: error handling reaction event`,
+        task: async () => {
           const event = data as FeishuReactionCreatedEvent;
           const myBotId = botOpenIds.get(accountId);
           const syntheticEvent = await resolveReactionSyntheticEvent({
@@ -450,31 +474,94 @@ function registerEventHandlers(
             chatHistories,
             accountId,
           });
+          await promise;
+        },
+      });
+    },
+    "im.message.reaction.deleted_v1": async (data) => {
+      await runFeishuHandler({
+        errorMessage: `feishu[${accountId}]: error handling reaction removal event`,
+        task: async () => {
+          const event = data as FeishuReactionDeletedEvent;
+          const myBotId = botOpenIds.get(accountId);
+          const syntheticEvent = await resolveReactionSyntheticEvent({
+            cfg,
+            accountId,
+            event,
+            botOpenId: myBotId,
+            logger: log,
+            action: "deleted",
+          });
+          if (!syntheticEvent) {
+            return;
+          }
+          const promise = handleFeishuMessage({
+            cfg,
+            event: syntheticEvent,
+            botOpenId: myBotId,
+            botName: botNames.get(accountId),
+            runtime,
+            chatHistories,
+            accountId,
+          });
+          await promise;
+        },
+      });
+    },
+    "application.bot.menu_v6": async (data) => {
+      try {
+        const event = data as {
+          event_key?: string;
+          timestamp?: number;
+          operator?: {
+            operator_name?: string;
+            operator_id?: { open_id?: string; user_id?: string; union_id?: string };
+          };
+        };
+        const operatorOpenId = event.operator?.operator_id?.open_id?.trim();
+        const eventKey = event.event_key?.trim();
+        if (!operatorOpenId || !eventKey) {
+          return;
+        }
+        const syntheticEvent: FeishuMessageEvent = {
+          sender: {
+            sender_id: {
+              open_id: operatorOpenId,
+              user_id: event.operator?.operator_id?.user_id,
+              union_id: event.operator?.operator_id?.union_id,
+            },
+            sender_type: "user",
+          },
+          message: {
+            message_id: `bot-menu:${eventKey}:${event.timestamp ?? Date.now()}`,
+            chat_id: `p2p:${operatorOpenId}`,
+            chat_type: "p2p",
+            message_type: "text",
+            content: JSON.stringify({
+              text: `/menu ${eventKey}`,
+            }),
+          },
+        };
+        const promise = handleFeishuMessage({
+          cfg,
+          event: syntheticEvent,
+          botOpenId: botOpenIds.get(accountId),
+          botName: botNames.get(accountId),
+          runtime,
+          chatHistories,
+          accountId,
+        });
         if (fireAndForget) {
           promise.catch((err) => {
-            error(`feishu[${accountId}]: error handling reaction: ${String(err)}`);
+            error(`feishu[${accountId}]: error handling bot menu event: ${String(err)}`);
           });
           return;
         }
         await promise;
-      };
-
-      if (fireAndForget) {
-        void processReaction().catch((err) => {
-          error(`feishu[${accountId}]: error handling reaction event: ${String(err)}`);
-        });
-        return;
-      }
-
-      try {
-        await processReaction();
       } catch (err) {
-        error(`feishu[${accountId}]: error handling reaction event: ${String(err)}`);
+        error(`feishu[${accountId}]: error handling bot menu event: ${String(err)}`);
       }
     },
-    "im.message.reaction.deleted_v1": async () => {
-      // Ignore reaction removals
-    },
     "card.action.trigger": async (data: unknown) => {
       try {
         const event = data as unknown as FeishuCardActionEvent;

extensions/feishu/src/monitor.reaction.lifecycle.test.ts

@@ -0,0 +1,67 @@
+import type { ClawdbotConfig } from "openclaw/plugin-sdk/feishu";
+import { describe, expect, it } from "vitest";
+import {
+  resolveReactionSyntheticEvent,
+  type FeishuReactionCreatedEvent,
+} from "./monitor.account.js";
+
+const cfg = {} as ClawdbotConfig;
+
+function makeReactionEvent(
+  overrides: Partial<FeishuReactionCreatedEvent> = {},
+): FeishuReactionCreatedEvent {
+  return {
+    message_id: "om_msg1",
+    reaction_type: { emoji_type: "THUMBSUP" },
+    operator_type: "user",
+    user_id: { open_id: "ou_user1" },
+    ...overrides,
+  };
+}
+
+describe("Feishu reaction lifecycle", () => {
+  it("builds a created synthetic interaction payload", async () => {
+    const result = await resolveReactionSyntheticEvent({
+      cfg,
+      accountId: "default",
+      event: makeReactionEvent(),
+      botOpenId: "ou_bot",
+      fetchMessage: async () => ({
+        messageId: "om_msg1",
+        chatId: "oc_group_1",
+        chatType: "group",
+        senderOpenId: "ou_bot",
+        senderType: "app",
+        content: "hello",
+        contentType: "text",
+      }),
+      uuid: () => "fixed-uuid",
+    });
+
+    expect(result?.message.content).toBe('{"text":"[reacted with THUMBSUP to message om_msg1]"}');
+  });
+
+  it("builds a deleted synthetic interaction payload", async () => {
+    const result = await resolveReactionSyntheticEvent({
+      cfg,
+      accountId: "default",
+      event: makeReactionEvent(),
+      botOpenId: "ou_bot",
+      fetchMessage: async () => ({
+        messageId: "om_msg1",
+        chatId: "oc_group_1",
+        chatType: "group",
+        senderOpenId: "ou_bot",
+        senderType: "app",
+        content: "hello",
+        contentType: "text",
+      }),
+      uuid: () => "fixed-uuid",
+      action: "deleted",
+    });
+
+    expect(result?.message.content).toBe(
+      '{"text":"[removed reaction THUMBSUP from message om_msg1]"}',
+    );
+  });
+});

extensions/feishu/src/outbound.test.ts

@@ -6,6 +6,7 @@ import { beforeEach, describe, expect, it, vi } from "vitest";
 const sendMediaFeishuMock = vi.hoisted(() => vi.fn());
 const sendMessageFeishuMock = vi.hoisted(() => vi.fn());
 const sendMarkdownCardFeishuMock = vi.hoisted(() => vi.fn());
+const sendStructuredCardFeishuMock = vi.hoisted(() => vi.fn());
 
 vi.mock("./media.js", () => ({
   sendMediaFeishu: sendMediaFeishuMock,
@@ -14,6 +15,7 @@ vi.mock("./media.js", () => ({
 vi.mock("./send.js", () => ({
   sendMessageFeishu: sendMessageFeishuMock,
   sendMarkdownCardFeishu: sendMarkdownCardFeishuMock,
+  sendStructuredCardFeishu: sendStructuredCardFeishuMock,
 }));
 
 vi.mock("./runtime.js", () => ({
@@ -33,6 +35,7 @@ function resetOutboundMocks() {
   vi.clearAllMocks();
   sendMessageFeishuMock.mockResolvedValue({ messageId: "text_msg" });
   sendMarkdownCardFeishuMock.mockResolvedValue({ messageId: "card_msg" });
+  sendStructuredCardFeishuMock.mockResolvedValue({ messageId: "card_msg" });
   sendMediaFeishuMock.mockResolvedValue({ messageId: "media_msg" });
 }
 
@@ -132,7 +135,7 @@ describe("feishuOutbound.sendText local-image auto-convert", () => {
       accountId: "main",
     });
 
-    expect(sendMarkdownCardFeishuMock).toHaveBeenCalledWith(
+    expect(sendStructuredCardFeishuMock).toHaveBeenCalledWith(
       expect.objectContaining({
         to: "chat_1",
         text: "| a | b |\n| - | - |",
@@ -207,7 +210,7 @@ describe("feishuOutbound.sendText replyToId forwarding", () => {
     );
   });
 
-  it("forwards replyToId to sendMarkdownCardFeishu when renderMode=card", async () => {
+  it("forwards replyToId to sendStructuredCardFeishu when renderMode=card", async () => {
     await sendText({
       cfg: {
         channels: {
@@ -222,7 +225,7 @@ describe("feishuOutbound.sendText replyToId forwarding", () => {
       accountId: "main",
     });
 
-    expect(sendMarkdownCardFeishuMock).toHaveBeenCalledWith(
+    expect(sendStructuredCardFeishuMock).toHaveBeenCalledWith(
       expect.objectContaining({
         replyToMessageId: "om_reply_target",
       }),

extensions/feishu/src/outbound.ts

@@ -4,7 +4,7 @@ import type { ChannelOutboundAdapter } from "openclaw/plugin-sdk/feishu";
 import { resolveFeishuAccount } from "./accounts.js";
 import { sendMediaFeishu } from "./media.js";
 import { getFeishuRuntime } from "./runtime.js";
-import { sendMarkdownCardFeishu, sendMessageFeishu } from "./send.js";
+import { sendMarkdownCardFeishu, sendMessageFeishu, sendStructuredCardFeishu } from "./send.js";
 
 function normalizePossibleLocalImagePath(text: string | undefined): string | null {
   const raw = text?.trim();
@@ -81,7 +81,16 @@ export const feishuOutbound: ChannelOutboundAdapter = {
   chunker: (text, limit) => getFeishuRuntime().channel.text.chunkMarkdownText(text, limit),
   chunkerMode: "markdown",
   textChunkLimit: 4000,
-  sendText: async ({ cfg, to, text, accountId, replyToId, threadId, mediaLocalRoots }) => {
+  sendText: async ({
+    cfg,
+    to,
+    text,
+    accountId,
+    replyToId,
+    threadId,
+    mediaLocalRoots,
+    identity,
+  }) => {
     const replyToMessageId = resolveReplyToMessageId({ replyToId, threadId });
     // Scheme A compatibility shim:
     // when upstream accidentally returns a local image path as plain text,
@@ -104,6 +113,29 @@ export const feishuOutbound: ChannelOutboundAdapter = {
       }
     }
 
+    const account = resolveFeishuAccount({ cfg, accountId: accountId ?? undefined });
+    const renderMode = account.config?.renderMode ?? "auto";
+    const useCard = renderMode === "card" || (renderMode === "auto" && shouldUseCard(text));
+    if (useCard) {
+      const header = identity
+        ? {
+            title: identity.emoji
+              ? `${identity.emoji} ${identity.name ?? ""}`.trim()
+              : (identity.name ?? ""),
+            template: "blue" as const,
+          }
+        : undefined;
+      const result = await sendStructuredCardFeishu({
+        cfg,
+        to,
+        text,
+        replyToMessageId,
+        replyInThread: threadId != null && !replyToId,
+        accountId: accountId ?? undefined,
+        header: header?.title ? header : undefined,
+      });
+      return { channel: "feishu", ...result };
+    }
     const result = await sendOutboundText({
       cfg,
       to,

extensions/feishu/src/reply-dispatcher.test.ts

@@ -4,6 +4,7 @@ const resolveFeishuAccountMock = vi.hoisted(() => vi.fn());
 const getFeishuRuntimeMock = vi.hoisted(() => vi.fn());
 const sendMessageFeishuMock = vi.hoisted(() => vi.fn());
 const sendMarkdownCardFeishuMock = vi.hoisted(() => vi.fn());
+const sendStructuredCardFeishuMock = vi.hoisted(() => vi.fn());
 const sendMediaFeishuMock = vi.hoisted(() => vi.fn());
 const createFeishuClientMock = vi.hoisted(() => vi.fn());
 const resolveReceiveIdTypeMock = vi.hoisted(() => vi.fn());
@@ -17,6 +18,7 @@ vi.mock("./runtime.js", () => ({ getFeishuRuntime: getFeishuRuntimeMock }));
 vi.mock("./send.js", () => ({
   sendMessageFeishu: sendMessageFeishuMock,
   sendMarkdownCardFeishu: sendMarkdownCardFeishuMock,
+  sendStructuredCardFeishu: sendStructuredCardFeishuMock,
 }));
 vi.mock("./media.js", () => ({ sendMediaFeishu: sendMediaFeishuMock }));
 vi.mock("./client.js", () => ({ createFeishuClient: createFeishuClientMock }));
@@ -56,6 +58,7 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
     vi.clearAllMocks();
     streamingInstances.length = 0;
     sendMediaFeishuMock.mockResolvedValue(undefined);
+    sendStructuredCardFeishuMock.mockResolvedValue(undefined);
 
     resolveFeishuAccountMock.mockReturnValue({
       accountId: "main",
@@ -255,11 +258,17 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
 
     expect(streamingInstances).toHaveLength(1);
     expect(streamingInstances[0].start).toHaveBeenCalledTimes(1);
-    expect(streamingInstances[0].start).toHaveBeenCalledWith("oc_chat", "chat_id", {
+    expect(streamingInstances[0].start).toHaveBeenCalledWith(
+      "oc_chat",
+      "chat_id",
+      expect.objectContaining({
         replyToMessageId: undefined,
         replyInThread: undefined,
         rootId: "om_root_topic",
-    });
+        header: { title: "agent", template: "blue" },
+        note: "Agent: agent",
+      }),
+    );
     expect(streamingInstances[0].close).toHaveBeenCalledTimes(1);
     expect(sendMessageFeishuMock).not.toHaveBeenCalled();
     expect(sendMarkdownCardFeishuMock).not.toHaveBeenCalled();
@@ -275,7 +284,9 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
     expect(streamingInstances).toHaveLength(1);
     expect(streamingInstances[0].start).toHaveBeenCalledTimes(1);
     expect(streamingInstances[0].close).toHaveBeenCalledTimes(1);
-    expect(streamingInstances[0].close).toHaveBeenCalledWith("```md\npartial answer\n```");
+    expect(streamingInstances[0].close).toHaveBeenCalledWith("```md\npartial answer\n```", {
+      note: "Agent: agent",
+    });
   });
 
   it("delivers distinct final payloads after streaming close", async () => {
@@ -287,9 +298,16 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
 
     expect(streamingInstances).toHaveLength(2);
     expect(streamingInstances[0].close).toHaveBeenCalledTimes(1);
-    expect(streamingInstances[0].close).toHaveBeenCalledWith("```md\n完整回复第一段\n```");
+    expect(streamingInstances[0].close).toHaveBeenCalledWith("```md\n完整回复第一段\n```", {
+      note: "Agent: agent",
+    });
     expect(streamingInstances[1].close).toHaveBeenCalledTimes(1);
-    expect(streamingInstances[1].close).toHaveBeenCalledWith("```md\n完整回复第一段 + 第二段\n```");
+    expect(streamingInstances[1].close).toHaveBeenCalledWith(
+      "```md\n完整回复第一段 + 第二段\n```",
+      {
+        note: "Agent: agent",
+      },
+    );
     expect(sendMessageFeishuMock).not.toHaveBeenCalled();
     expect(sendMarkdownCardFeishuMock).not.toHaveBeenCalled();
   });
@@ -303,7 +321,9 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
 
     expect(streamingInstances).toHaveLength(1);
     expect(streamingInstances[0].close).toHaveBeenCalledTimes(1);
-    expect(streamingInstances[0].close).toHaveBeenCalledWith("```md\n同一条回复\n```");
+    expect(streamingInstances[0].close).toHaveBeenCalledWith("```md\n同一条回复\n```", {
+      note: "Agent: agent",
+    });
     expect(sendMessageFeishuMock).not.toHaveBeenCalled();
     expect(sendMarkdownCardFeishuMock).not.toHaveBeenCalled();
   });
@@ -367,7 +387,9 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
 
     expect(streamingInstances).toHaveLength(1);
     expect(streamingInstances[0].close).toHaveBeenCalledTimes(1);
-    expect(streamingInstances[0].close).toHaveBeenCalledWith("hellolo world");
+    expect(streamingInstances[0].close).toHaveBeenCalledWith("hellolo world", {
+      note: "Agent: agent",
+    });
   });
 
   it("sends media-only payloads as attachments", async () => {
@@ -436,7 +458,7 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
     );
   });
 
-  it("passes replyInThread to sendMarkdownCardFeishu for card text", async () => {
+  it("passes replyInThread to sendStructuredCardFeishu for card text", async () => {
     resolveFeishuAccountMock.mockReturnValue({
       accountId: "main",
       appId: "app_id",
@@ -454,7 +476,7 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
     });
     await options.deliver({ text: "card text" }, { kind: "final" });
 
-    expect(sendMarkdownCardFeishuMock).toHaveBeenCalledWith(
+    expect(sendStructuredCardFeishuMock).toHaveBeenCalledWith(
       expect.objectContaining({
         replyToMessageId: "om_msg",
         replyInThread: true,
@@ -462,6 +484,126 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
     );
   });
 
+  it("streams reasoning content as blockquote before answer", async () => {
+    const { result, options } = createDispatcherHarness({
+      runtime: createRuntimeLogger(),
+    });
+
+    await options.onReplyStart?.();
+    // Core agent sends pre-formatted text from formatReasoningMessage
+    result.replyOptions.onReasoningStream?.({ text: "Reasoning:\n_thinking step 1_" });
+    result.replyOptions.onReasoningStream?.({
+      text: "Reasoning:\n_thinking step 1_\n_step 2_",
+    });
+    result.replyOptions.onPartialReply?.({ text: "answer part" });
+    result.replyOptions.onReasoningEnd?.();
+    await options.deliver({ text: "answer part final" }, { kind: "final" });
+
+    expect(streamingInstances).toHaveLength(1);
+    const updateCalls = streamingInstances[0].update.mock.calls.map((c: unknown[]) => c[0]);
+    const reasoningUpdate = updateCalls.find((c: string) => c.includes("Thinking"));
+    expect(reasoningUpdate).toContain("> 💭 **Thinking**");
+    // formatReasoningPrefix strips "Reasoning:" prefix and italic markers
+    expect(reasoningUpdate).toContain("> thinking step");
+    expect(reasoningUpdate).not.toContain("Reasoning:");
+    expect(reasoningUpdate).not.toMatch(/> _.*_/);
+
+    const combinedUpdate = updateCalls.find(
+      (c: string) => c.includes("Thinking") && c.includes("---"),
+    );
+    expect(combinedUpdate).toBeDefined();
+
+    expect(streamingInstances[0].close).toHaveBeenCalledTimes(1);
+    const closeArg = streamingInstances[0].close.mock.calls[0][0] as string;
+    expect(closeArg).toContain("> 💭 **Thinking**");
+    expect(closeArg).toContain("---");
+    expect(closeArg).toContain("answer part final");
+  });
+
+  it("provides onReasoningStream and onReasoningEnd when streaming is enabled", () => {
+    const { result } = createDispatcherHarness({
+      runtime: createRuntimeLogger(),
+    });
+
+    expect(result.replyOptions.onReasoningStream).toBeTypeOf("function");
+    expect(result.replyOptions.onReasoningEnd).toBeTypeOf("function");
+  });
+
+  it("omits reasoning callbacks when streaming is disabled", () => {
+    resolveFeishuAccountMock.mockReturnValue({
+      accountId: "main",
+      appId: "app_id",
+      appSecret: "app_secret",
+      domain: "feishu",
+      config: {
+        renderMode: "auto",
+        streaming: false,
+      },
+    });
+
+    const { result } = createDispatcherHarness({
+      runtime: createRuntimeLogger(),
+    });
+
+    expect(result.replyOptions.onReasoningStream).toBeUndefined();
+    expect(result.replyOptions.onReasoningEnd).toBeUndefined();
+  });
+
+  it("renders reasoning-only card when no answer text arrives", async () => {
+    const { result, options } = createDispatcherHarness({
+      runtime: createRuntimeLogger(),
+    });
+
+    await options.onReplyStart?.();
+    result.replyOptions.onReasoningStream?.({ text: "Reasoning:\n_deep thought_" });
+    result.replyOptions.onReasoningEnd?.();
+    await options.onIdle?.();
+
+    expect(streamingInstances).toHaveLength(1);
+    expect(streamingInstances[0].close).toHaveBeenCalledTimes(1);
+    const closeArg = streamingInstances[0].close.mock.calls[0][0] as string;
+    expect(closeArg).toContain("> 💭 **Thinking**");
+    expect(closeArg).toContain("> deep thought");
+    expect(closeArg).not.toContain("Reasoning:");
+    expect(closeArg).not.toContain("---");
+  });
+
+  it("ignores empty reasoning payloads", async () => {
+    const { result, options } = createDispatcherHarness({
+      runtime: createRuntimeLogger(),
+    });
+
+    await options.onReplyStart?.();
+    result.replyOptions.onReasoningStream?.({ text: "" });
+    result.replyOptions.onPartialReply?.({ text: "```ts\ncode\n```" });
+    await options.deliver({ text: "```ts\ncode\n```" }, { kind: "final" });
+
+    expect(streamingInstances).toHaveLength(1);
+    const closeArg = streamingInstances[0].close.mock.calls[0][0] as string;
+    expect(closeArg).not.toContain("Thinking");
+    expect(closeArg).toBe("```ts\ncode\n```");
+  });
+
+  it("deduplicates final text by raw answer payload, not combined card text", async () => {
+    const { result, options } = createDispatcherHarness({
+      runtime: createRuntimeLogger(),
+    });
+
+    await options.onReplyStart?.();
+    result.replyOptions.onReasoningStream?.({ text: "Reasoning:\n_thought_" });
+    result.replyOptions.onReasoningEnd?.();
+    await options.deliver({ text: "```ts\nfinal answer\n```" }, { kind: "final" });
+
+    expect(streamingInstances).toHaveLength(1);
+    expect(streamingInstances[0].close).toHaveBeenCalledTimes(1);
+
+    // Deliver the same raw answer text again — should be deduped
+    await options.deliver({ text: "```ts\nfinal answer\n```" }, { kind: "final" });
+
+    // No second streaming session since the raw answer text matches
+    expect(streamingInstances).toHaveLength(1);
+  });
+
   it("passes replyToMessageId and replyInThread to streaming.start()", async () => {
     const { options } = createDispatcherHarness({
       runtime: createRuntimeLogger(),
@@ -471,10 +613,16 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
     await options.deliver({ text: "```ts\nconst x = 1\n```" }, { kind: "final" });
 
     expect(streamingInstances).toHaveLength(1);
-    expect(streamingInstances[0].start).toHaveBeenCalledWith("oc_chat", "chat_id", {
+    expect(streamingInstances[0].start).toHaveBeenCalledWith(
+      "oc_chat",
+      "chat_id",
+      expect.objectContaining({
         replyToMessageId: "om_msg",
         replyInThread: true,
-    });
+        header: { title: "agent", template: "blue" },
+        note: "Agent: agent",
+      }),
+    );
   });
 
   it("disables streaming for thread replies and keeps reply metadata", async () => {
@@ -488,7 +636,7 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
     await options.deliver({ text: "```ts\nconst x = 1\n```" }, { kind: "final" });
 
     expect(streamingInstances).toHaveLength(0);
-    expect(sendMarkdownCardFeishuMock).toHaveBeenCalledWith(
+    expect(sendStructuredCardFeishuMock).toHaveBeenCalledWith(
       expect.objectContaining({
         replyToMessageId: "om_msg",
         replyInThread: true,
@@ -510,4 +658,50 @@ describe("createFeishuReplyDispatcher streaming behavior", () => {
       }),
     );
   });
+
+  it("recovers streaming after start() throws (HTTP 400)", async () => {
+    const errorMock = vi.fn();
+    let shouldFailStart = true;
+
+    // Intercept streaming instance creation to make first start() reject
+    const origPush = streamingInstances.push;
+    streamingInstances.push = function (this: any[], ...args: any[]) {
+      if (shouldFailStart) {
+        args[0].start = vi
+          .fn()
+          .mockRejectedValue(new Error("Create card request failed with HTTP 400"));
+        shouldFailStart = false;
+      }
+      return origPush.apply(this, args);
+    } as any;
+
+    try {
+      createFeishuReplyDispatcher({
+        cfg: {} as never,
+        agentId: "agent",
+        runtime: { log: vi.fn(), error: errorMock } as never,
+        chatId: "oc_chat",
+      });
+
+      const options = createReplyDispatcherWithTypingMock.mock.calls[0]?.[0];
+
+      // First deliver with markdown triggers startStreaming - which will fail
+      await options.deliver({ text: "```ts\nconst x = 1\n```" }, { kind: "block" });
+
+      // Wait for the async error to propagate
+      await vi.waitFor(() => {
+        expect(errorMock).toHaveBeenCalledWith(expect.stringContaining("streaming start failed"));
+      });
+
+      // Second deliver should create a NEW streaming session (not stuck)
+      await options.deliver({ text: "```ts\nconst y = 2\n```" }, { kind: "final" });
+
+      // Two instances created: first failed, second succeeded and closed
+      expect(streamingInstances).toHaveLength(2);
+      expect(streamingInstances[1].start).toHaveBeenCalled();
+      expect(streamingInstances[1].close).toHaveBeenCalled();
+    } finally {
+      streamingInstances.push = origPush;
+    }
+  });
 });

extensions/feishu/src/reply-dispatcher.ts

@@ -3,6 +3,7 @@ import {
   createTypingCallbacks,
   logTypingFailure,
   type ClawdbotConfig,
+  type OutboundIdentity,
   type ReplyPayload,
   type RuntimeEnv,
 } from "openclaw/plugin-sdk/feishu";
@@ -12,7 +13,12 @@ import { sendMediaFeishu } from "./media.js";
 import type { MentionTarget } from "./mention.js";
 import { buildMentionedCardContent } from "./mention.js";
 import { getFeishuRuntime } from "./runtime.js";
-import { sendMarkdownCardFeishu, sendMessageFeishu } from "./send.js";
+import {
+  sendMarkdownCardFeishu,
+  sendMessageFeishu,
+  sendStructuredCardFeishu,
+  type CardHeaderConfig,
+} from "./send.js";
 import { FeishuStreamingSession, mergeStreamingText } from "./streaming-card.js";
 import { resolveReceiveIdType } from "./targets.js";
 import { addTypingIndicator, removeTypingIndicator, type TypingIndicatorState } from "./typing.js";
@@ -36,6 +42,36 @@ function normalizeEpochMs(timestamp: number | undefined): number | undefined {
   return timestamp < MS_EPOCH_MIN ? timestamp * 1000 : timestamp;
 }
 
+/** Build a card header from agent identity config. */
+function resolveCardHeader(
+  agentId: string,
+  identity: OutboundIdentity | undefined,
+): CardHeaderConfig {
+  const name = identity?.name?.trim() || agentId;
+  const emoji = identity?.emoji?.trim();
+  return {
+    title: emoji ? `${emoji} ${name}` : name,
+    template: identity?.theme ?? "blue",
+  };
+}
+
+/** Build a card note footer from agent identity and model context. */
+function resolveCardNote(
+  agentId: string,
+  identity: OutboundIdentity | undefined,
+  prefixCtx: { model?: string; provider?: string },
+): string {
+  const name = identity?.name?.trim() || agentId;
+  const parts: string[] = [`Agent: ${name}`];
+  if (prefixCtx.model) {
+    parts.push(`Model: ${prefixCtx.model}`);
+  }
+  if (prefixCtx.provider) {
+    parts.push(`Provider: ${prefixCtx.provider}`);
+  }
+  return parts.join(" | ");
+}
+
 export type CreateFeishuReplyDispatcherParams = {
   cfg: ClawdbotConfig;
   agentId: string;
@@ -50,6 +86,7 @@ export type CreateFeishuReplyDispatcherParams = {
   rootId?: string;
   mentionTargets?: MentionTarget[];
   accountId?: string;
+  identity?: OutboundIdentity;
   /** Epoch ms when the inbound message was created. Used to suppress typing
    *  indicators on old/replayed messages after context compaction (#30418). */
   messageCreateTimeMs?: number;
@@ -68,6 +105,7 @@ export function createFeishuReplyDispatcher(params: CreateFeishuReplyDispatcherP
     rootId,
     mentionTargets,
     accountId,
+    identity,
   } = params;
   const sendReplyToMessageId = skipReplyToInMessages ? undefined : replyToMessageId;
   const threadReplyMode = threadReply === true;
@@ -143,11 +181,39 @@ export function createFeishuReplyDispatcher(params: CreateFeishuReplyDispatcherP
   let streaming: FeishuStreamingSession | null = null;
   let streamText = "";
   let lastPartial = "";
+  let reasoningText = "";
   const deliveredFinalTexts = new Set<string>();
   let partialUpdateQueue: Promise<void> = Promise.resolve();
   let streamingStartPromise: Promise<void> | null = null;
   type StreamTextUpdateMode = "snapshot" | "delta";
 
+  const formatReasoningPrefix = (thinking: string): string => {
+    if (!thinking) return "";
+    const withoutLabel = thinking.replace(/^Reasoning:\n/, "");
+    const plain = withoutLabel.replace(/^_(.*)_$/gm, "$1");
+    const lines = plain.split("\n").map((line) => `> ${line}`);
+    return `> 💭 **Thinking**\n${lines.join("\n")}`;
+  };
+
+  const buildCombinedStreamText = (thinking: string, answer: string): string => {
+    const parts: string[] = [];
+    if (thinking) parts.push(formatReasoningPrefix(thinking));
+    if (thinking && answer) parts.push("\n\n---\n\n");
+    if (answer) parts.push(answer);
+    return parts.join("");
+  };
+
+  const flushStreamingCardUpdate = (combined: string) => {
+    partialUpdateQueue = partialUpdateQueue.then(async () => {
+      if (streamingStartPromise) {
+        await streamingStartPromise;
+      }
+      if (streaming?.isActive()) {
+        await streaming.update(combined);
+      }
+    });
+  };
+
   const queueStreamingUpdate = (
     nextText: string,
     options?: {
@@ -167,14 +233,13 @@ export function createFeishuReplyDispatcher(params: CreateFeishuReplyDispatcherP
     const mode = options?.mode ?? "snapshot";
     streamText =
       mode === "delta" ? `${streamText}${nextText}` : mergeStreamingText(streamText, nextText);
-    partialUpdateQueue = partialUpdateQueue.then(async () => {
-      if (streamingStartPromise) {
-        await streamingStartPromise;
-      }
-      if (streaming?.isActive()) {
-        await streaming.update(streamText);
-      }
-    });
+    flushStreamingCardUpdate(buildCombinedStreamText(reasoningText, streamText));
+  };
+
+  const queueReasoningUpdate = (nextThinking: string) => {
+    if (!nextThinking) return;
+    reasoningText = nextThinking;
+    flushStreamingCardUpdate(buildCombinedStreamText(reasoningText, streamText));
   };
 
   const startStreaming = () => {
@@ -194,14 +259,19 @@ export function createFeishuReplyDispatcher(params: CreateFeishuReplyDispatcherP
         params.runtime.log?.(`feishu[${account.accountId}] ${message}`),
       );
       try {
+        const cardHeader = resolveCardHeader(agentId, identity);
+        const cardNote = resolveCardNote(agentId, identity, prefixContext.prefixContext);
         await streaming.start(chatId, resolveReceiveIdType(chatId), {
           replyToMessageId,
           replyInThread: effectiveReplyInThread,
           rootId,
+          header: cardHeader,
+          note: cardNote,
         });
       } catch (error) {
         params.runtime.error?.(`feishu: streaming start failed: ${String(error)}`);
         streaming = null;
+        streamingStartPromise = null; // allow retry on next deliver
       }
     })();
   };
@@ -212,16 +282,18 @@ export function createFeishuReplyDispatcher(params: CreateFeishuReplyDispatcherP
     }
     await partialUpdateQueue;
     if (streaming?.isActive()) {
-      let text = streamText;
+      let text = buildCombinedStreamText(reasoningText, streamText);
       if (mentionTargets?.length) {
         text = buildMentionedCardContent(mentionTargets, text);
       }
-      await streaming.close(text);
+      const finalNote = resolveCardNote(agentId, identity, prefixContext.prefixContext);
+      await streaming.close(text, { note: finalNote });
     }
     streaming = null;
     streamingStartPromise = null;
     streamText = "";
     lastPartial = "";
+    reasoningText = "";
   };
 
   const sendChunkedTextReply = async (params: {
@@ -291,6 +363,7 @@ export function createFeishuReplyDispatcher(params: CreateFeishuReplyDispatcherP
 
         if (shouldDeliverText) {
           const useCard = renderMode === "card" || (renderMode === "auto" && shouldUseCard(text));
+          let first = true;
 
           if (info?.kind === "block") {
             // Drop internal block chunks unless we can safely consume them as
@@ -339,7 +412,29 @@ export function createFeishuReplyDispatcher(params: CreateFeishuReplyDispatcherP
           }
 
           if (useCard) {
-            await sendChunkedTextReply({ text, useCard: true, infoKind: info?.kind });
+            const cardHeader = resolveCardHeader(agentId, identity);
+            const cardNote = resolveCardNote(agentId, identity, prefixContext.prefixContext);
+            for (const chunk of core.channel.text.chunkTextWithMode(
+              text,
+              textChunkLimit,
+              chunkMode,
+            )) {
+              await sendStructuredCardFeishu({
+                cfg,
+                to: chatId,
+                text: chunk,
+                replyToMessageId: sendReplyToMessageId,
+                replyInThread: effectiveReplyInThread,
+                mentions: first ? mentionTargets : undefined,
+                accountId,
+                header: cardHeader,
+                note: cardNote,
+              });
+              first = false;
+            }
+            if (info?.kind === "final") {
+              deliveredFinalTexts.add(text);
+            }
           } else {
             await sendChunkedTextReply({ text, useCard: false, infoKind: info?.kind });
           }
@@ -391,6 +486,16 @@ export function createFeishuReplyDispatcher(params: CreateFeishuReplyDispatcherP
             });
           }
         : undefined,
+      onReasoningStream: streamingEnabled
+        ? (payload: ReplyPayload) => {
+            if (!payload.text) {
+              return;
+            }
+            startStreaming();
+            queueReasoningUpdate(payload.text);
+          }
+        : undefined,
+      onReasoningEnd: streamingEnabled ? () => {} : undefined,
     },
     markDispatchIdle,
   };

extensions/feishu/src/send.test.ts

@@ -1,9 +1,16 @@
 import type { ClawdbotConfig } from "openclaw/plugin-sdk/feishu";
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { getMessageFeishu } from "./send.js";
+import {
+  buildStructuredCard,
+  getMessageFeishu,
+  listFeishuThreadMessages,
+  resolveFeishuCardTemplate,
+} from "./send.js";
 
-const { mockClientGet, mockCreateFeishuClient, mockResolveFeishuAccount } = vi.hoisted(() => ({
+const { mockClientGet, mockClientList, mockCreateFeishuClient, mockResolveFeishuAccount } =
+  vi.hoisted(() => ({
     mockClientGet: vi.fn(),
+    mockClientList: vi.fn(),
     mockCreateFeishuClient: vi.fn(),
     mockResolveFeishuAccount: vi.fn(),
   }));
@@ -27,6 +34,7 @@ describe("getMessageFeishu", () => {
       im: {
         message: {
           get: mockClientGet,
+          list: mockClientList,
         },
       },
     });
@@ -165,4 +173,98 @@ describe("getMessageFeishu", () => {
       }),
     );
   });
+
+  it("reuses the same content parsing for thread history messages", async () => {
+    mockClientList.mockResolvedValueOnce({
+      code: 0,
+      data: {
+        items: [
+          {
+            message_id: "om_root",
+            msg_type: "text",
+            body: {
+              content: JSON.stringify({ text: "root starter" }),
+            },
+          },
+          {
+            message_id: "om_card",
+            msg_type: "interactive",
+            body: {
+              content: JSON.stringify({
+                body: {
+                  elements: [{ tag: "markdown", content: "hello from card 2.0" }],
+                },
+              }),
+            },
+            sender: {
+              id: "app_1",
+              sender_type: "app",
+            },
+            create_time: "1710000000000",
+          },
+          {
+            message_id: "om_file",
+            msg_type: "file",
+            body: {
+              content: JSON.stringify({ file_key: "file_v3_123" }),
+            },
+            sender: {
+              id: "ou_1",
+              sender_type: "user",
+            },
+            create_time: "1710000001000",
+          },
+        ],
+      },
+    });
+
+    const result = await listFeishuThreadMessages({
+      cfg: {} as ClawdbotConfig,
+      threadId: "omt_1",
+      rootMessageId: "om_root",
+    });
+
+    expect(result).toEqual([
+      expect.objectContaining({
+        messageId: "om_file",
+        contentType: "file",
+        content: "[file message]",
+      }),
+      expect.objectContaining({
+        messageId: "om_card",
+        contentType: "interactive",
+        content: "hello from card 2.0",
+      }),
+    ]);
+  });
+});
+
+describe("resolveFeishuCardTemplate", () => {
+  it("accepts supported Feishu templates", () => {
+    expect(resolveFeishuCardTemplate(" purple ")).toBe("purple");
+  });
+
+  it("drops unsupported free-form identity themes", () => {
+    expect(resolveFeishuCardTemplate("space lobster")).toBeUndefined();
+  });
+});
+
+describe("buildStructuredCard", () => {
+  it("falls back to blue when the header template is unsupported", () => {
+    const card = buildStructuredCard("hello", {
+      header: {
+        title: "Agent",
+        template: "space lobster",
+      },
+    });
+
+    expect(card).toEqual(
+      expect.objectContaining({
+        header: {
+          title: { tag: "plain_text", content: "Agent" },
+          template: "blue",
+        },
+      }),
+    );
+  });
 });

extensions/feishu/src/send.ts

@@ -10,6 +10,21 @@ import { resolveFeishuSendTarget } from "./send-target.js";
 import type { FeishuChatType, FeishuMessageInfo, FeishuSendResult } from "./types.js";
 
 const WITHDRAWN_REPLY_ERROR_CODES = new Set([230011, 231003]);
+const FEISHU_CARD_TEMPLATES = new Set([
+  "blue",
+  "green",
+  "red",
+  "orange",
+  "purple",
+  "indigo",
+  "wathet",
+  "turquoise",
+  "yellow",
+  "grey",
+  "carmine",
+  "violet",
+  "lime",
+]);
 
 function shouldFallbackFromReplyTarget(response: { code?: number; msg?: string }): boolean {
   if (response.code !== undefined && WITHDRAWN_REPLY_ERROR_CODES.has(response.code)) {
@@ -65,6 +80,7 @@ type FeishuMessageGetItem = {
   message_id?: string;
   chat_id?: string;
   chat_type?: FeishuChatType;
+  thread_id?: string;
   msg_type?: string;
   body?: { content?: string };
   sender?: FeishuMessageSender;
@@ -151,13 +167,19 @@ function parseInteractiveCardContent(parsed: unknown): string {
     return "[Interactive Card]";
   }
 
-  const candidate = parsed as { elements?: unknown };
-  if (!Array.isArray(candidate.elements)) {
+  // Support both schema 1.0 (top-level `elements`) and 2.0 (`body.elements`).
+  const candidate = parsed as { elements?: unknown; body?: { elements?: unknown } };
+  const elements = Array.isArray(candidate.elements)
+    ? candidate.elements
+    : Array.isArray(candidate.body?.elements)
+      ? candidate.body!.elements
+      : null;
+  if (!elements) {
     return "[Interactive Card]";
   }
 
   const texts: string[] = [];
-  for (const element of candidate.elements) {
+  for (const element of elements) {
     if (!element || typeof element !== "object") {
       continue;
     }
@@ -177,7 +199,7 @@ function parseInteractiveCardContent(parsed: unknown): string {
   return texts.join("\n").trim() || "[Interactive Card]";
 }
 
-function parseQuotedMessageContent(rawContent: string, msgType: string): string {
+function parseFeishuMessageContent(rawContent: string, msgType: string): string {
   if (!rawContent) {
     return "";
   }
@@ -218,6 +240,30 @@ function parseQuotedMessageContent(rawContent: string, msgType: string): string
   return `[${msgType || "unknown"} message]`;
 }
 
+function parseFeishuMessageItem(
+  item: FeishuMessageGetItem,
+  fallbackMessageId?: string,
+): FeishuMessageInfo {
+  const msgType = item.msg_type ?? "text";
+  const rawContent = item.body?.content ?? "";
+
+  return {
+    messageId: item.message_id ?? fallbackMessageId ?? "",
+    chatId: item.chat_id ?? "",
+    chatType:
+      item.chat_type === "group" || item.chat_type === "private" || item.chat_type === "p2p"
+        ? item.chat_type
+        : undefined,
+    senderId: item.sender?.id,
+    senderOpenId: item.sender?.id_type === "open_id" ? item.sender?.id : undefined,
+    senderType: item.sender?.sender_type,
+    content: parseFeishuMessageContent(rawContent, msgType),
+    contentType: msgType,
+    createTime: item.create_time ? parseInt(String(item.create_time), 10) : undefined,
+    threadId: item.thread_id || undefined,
+  };
+}
+
 /**
  * Get a message by its ID.
  * Useful for fetching quoted/replied message content.
@@ -255,29 +301,98 @@ export async function getMessageFeishu(params: {
       return null;
     }
 
-    const msgType = item.msg_type ?? "text";
-    const rawContent = item.body?.content ?? "";
-    const content = parseQuotedMessageContent(rawContent, msgType);
-
-    return {
-      messageId: item.message_id ?? messageId,
-      chatId: item.chat_id ?? "",
-      chatType:
-        item.chat_type === "group" || item.chat_type === "private" || item.chat_type === "p2p"
-          ? item.chat_type
-          : undefined,
-      senderId: item.sender?.id,
-      senderOpenId: item.sender?.id_type === "open_id" ? item.sender?.id : undefined,
-      senderType: item.sender?.sender_type,
-      content,
-      contentType: msgType,
-      createTime: item.create_time ? parseInt(String(item.create_time), 10) : undefined,
-    };
+    return parseFeishuMessageItem(item, messageId);
   } catch {
     return null;
   }
 }
 
+export type FeishuThreadMessageInfo = {
+  messageId: string;
+  senderId?: string;
+  senderType?: string;
+  content: string;
+  contentType: string;
+  createTime?: number;
+};
+
+/**
+ * List messages in a Feishu thread (topic).
+ * Uses container_id_type=thread to directly query thread messages,
+ * which includes both the root message and all replies (including bot replies).
+ */
+export async function listFeishuThreadMessages(params: {
+  cfg: ClawdbotConfig;
+  threadId: string;
+  currentMessageId?: string;
+  /** Exclude the root message (already provided separately as ThreadStarterBody). */
+  rootMessageId?: string;
+  limit?: number;
+  accountId?: string;
+}): Promise<FeishuThreadMessageInfo[]> {
+  const { cfg, threadId, currentMessageId, rootMessageId, limit = 20, accountId } = params;
+  const account = resolveFeishuAccount({ cfg, accountId });
+  if (!account.configured) {
+    throw new Error(`Feishu account "${account.accountId}" not configured`);
+  }
+
+  const client = createFeishuClient(account);
+
+  const response = (await client.im.message.list({
+    params: {
+      container_id_type: "thread",
+      container_id: threadId,
+      // Fetch newest messages first so long threads keep the most recent turns.
+      // Results are reversed below to restore chronological order.
+      sort_type: "ByCreateTimeDesc",
+      page_size: Math.min(limit + 1, 50),
+    },
+  })) as {
+    code?: number;
+    msg?: string;
+    data?: {
+      items?: Array<
+        {
+          message_id?: string;
+          root_id?: string;
+          parent_id?: string;
+        } & FeishuMessageGetItem
+      >;
+    };
+  };
+
+  if (response.code !== 0) {
+    throw new Error(
+      `Feishu thread list failed: code=${response.code} msg=${response.msg ?? "unknown"}`,
+    );
+  }
+
+  const items = response.data?.items ?? [];
+  const results: FeishuThreadMessageInfo[] = [];
+
+  for (const item of items) {
+    if (currentMessageId && item.message_id === currentMessageId) continue;
+    if (rootMessageId && item.message_id === rootMessageId) continue;
+
+    const parsed = parseFeishuMessageItem(item);
+
+    results.push({
+      messageId: parsed.messageId,
+      senderId: parsed.senderId,
+      senderType: parsed.senderType,
+      content: parsed.content,
+      contentType: parsed.contentType,
+      createTime: parsed.createTime,
+    });
+
+    if (results.length >= limit) break;
+  }
+
+  // Restore chronological order (oldest first) since we fetched newest-first.
+  results.reverse();
+  return results;
+}
+
 export type SendFeishuMessageParams = {
   cfg: ClawdbotConfig;
   to: string;
@@ -418,6 +533,77 @@ export function buildMarkdownCard(text: string): Record<string, unknown> {
   };
 }
 
+/** Header configuration for structured Feishu cards. */
+export type CardHeaderConfig = {
+  /** Header title text, e.g. "💻 Coder" */
+  title: string;
+  /** Feishu header color template (blue, green, red, orange, purple, grey, etc.). Defaults to "blue". */
+  template?: string;
+};
+
+export function resolveFeishuCardTemplate(template?: string): string | undefined {
+  const normalized = template?.trim().toLowerCase();
+  if (!normalized || !FEISHU_CARD_TEMPLATES.has(normalized)) {
+    return undefined;
+  }
+  return normalized;
+}
+
+/**
+ * Build a Feishu interactive card with optional header and note footer.
+ * When header/note are omitted, behaves identically to buildMarkdownCard.
+ */
+export function buildStructuredCard(
+  text: string,
+  options?: {
+    header?: CardHeaderConfig;
+    note?: string;
+  },
+): Record<string, unknown> {
+  const elements: Record<string, unknown>[] = [{ tag: "markdown", content: text }];
+  if (options?.note) {
+    elements.push({ tag: "hr" });
+    elements.push({ tag: "markdown", content: `<font color='grey'>${options.note}</font>` });
+  }
+  const card: Record<string, unknown> = {
+    schema: "2.0",
+    config: { wide_screen_mode: true },
+    body: { elements },
+  };
+  if (options?.header) {
+    card.header = {
+      title: { tag: "plain_text", content: options.header.title },
+      template: resolveFeishuCardTemplate(options.header.template) ?? "blue",
+    };
+  }
+  return card;
+}
+
+/**
+ * Send a message as a structured card with optional header and note.
+ */
+export async function sendStructuredCardFeishu(params: {
+  cfg: ClawdbotConfig;
+  to: string;
+  text: string;
+  replyToMessageId?: string;
+  /** When true, reply creates a Feishu topic thread instead of an inline reply */
+  replyInThread?: boolean;
+  mentions?: MentionTarget[];
+  accountId?: string;
+  header?: CardHeaderConfig;
+  note?: string;
+}): Promise<FeishuSendResult> {
+  const { cfg, to, text, replyToMessageId, replyInThread, mentions, accountId, header, note } =
+    params;
+  let cardText = text;
+  if (mentions && mentions.length > 0) {
+    cardText = buildMentionedCardContent(mentions, text);
+  }
+  const card = buildStructuredCard(cardText, { header, note });
+  return sendCardFeishu({ cfg, to, card, replyToMessageId, replyInThread, accountId });
+}
+
 /**
  * Send a message as a markdown card (interactive message).
  * This renders markdown properly in Feishu (code blocks, tables, bold/italic, etc.)

extensions/feishu/src/streaming-card.ts

@@ -4,10 +4,25 @@
 
 import type { Client } from "@larksuiteoapi/node-sdk";
 import { fetchWithSsrFGuard } from "openclaw/plugin-sdk/feishu";
+import { resolveFeishuCardTemplate, type CardHeaderConfig } from "./send.js";
 import type { FeishuDomain } from "./types.js";
 
 type Credentials = { appId: string; appSecret: string; domain?: FeishuDomain };
-type CardState = { cardId: string; messageId: string; sequence: number; currentText: string };
+type CardState = {
+  cardId: string;
+  messageId: string;
+  sequence: number;
+  currentText: string;
+  hasNote: boolean;
+};
+
+/** Options for customising the initial streaming card appearance. */
+export type StreamingCardOptions = {
+  /** Optional header with title and color template. */
+  header?: CardHeaderConfig;
+  /** Optional grey note footer text. */
+  note?: string;
+};
 
 /** Optional header for streaming cards (title bar with color template) */
 export type StreamingCardHeader = {
@@ -152,6 +167,7 @@ export class FeishuStreamingSession {
   private log?: (msg: string) => void;
   private lastUpdateTime = 0;
   private pendingText: string | null = null;
+  private flushTimer: ReturnType<typeof setTimeout> | null = null;
   private updateThrottleMs = 100; // Throttle updates to max 10/sec
 
   constructor(client: Client, creds: Credentials, log?: (msg: string) => void) {
@@ -163,13 +179,24 @@ export class FeishuStreamingSession {
   async start(
     receiveId: string,
     receiveIdType: "open_id" | "user_id" | "union_id" | "email" | "chat_id" = "chat_id",
-    options?: StreamingStartOptions,
+    options?: StreamingCardOptions & StreamingStartOptions,
   ): Promise<void> {
     if (this.state) {
       return;
     }
 
     const apiBase = resolveApiBase(this.creds.domain);
+    const elements: Record<string, unknown>[] = [
+      { tag: "markdown", content: "⏳ Thinking...", element_id: "content" },
+    ];
+    if (options?.note) {
+      elements.push({ tag: "hr" });
+      elements.push({
+        tag: "markdown",
+        content: `<font color='grey'>${options.note}</font>`,
+        element_id: "note",
+      });
+    }
     const cardJson: Record<string, unknown> = {
       schema: "2.0",
       config: {
@@ -177,14 +204,12 @@ export class FeishuStreamingSession {
         summary: { content: "[Generating...]" },
         streaming_config: { print_frequency_ms: { default: 50 }, print_step: { default: 1 } },
       },
-      body: {
-        elements: [{ tag: "markdown", content: "⏳ Thinking...", element_id: "content" }],
-      },
+      body: { elements },
     };
     if (options?.header) {
       cardJson.header = {
         title: { tag: "plain_text", content: options.header.title },
-        template: options.header.template ?? "blue",
+        template: resolveFeishuCardTemplate(options.header.template) ?? "blue",
       };
     }
 
@@ -257,7 +282,13 @@ export class FeishuStreamingSession {
       throw new Error(`Send card failed: ${sendRes.msg}`);
     }
 
-    this.state = { cardId, messageId: sendRes.data.message_id, sequence: 1, currentText: "" };
+    this.state = {
+      cardId,
+      messageId: sendRes.data.message_id,
+      sequence: 1,
+      currentText: "",
+      hasNote: !!options?.note,
+    };
     this.log?.(`Started streaming: cardId=${cardId}, messageId=${sendRes.data.message_id}`);
   }
 
@@ -307,6 +338,10 @@ export class FeishuStreamingSession {
     }
     this.pendingText = null;
     this.lastUpdateTime = now;
+    if (this.flushTimer) {
+      clearTimeout(this.flushTimer);
+      this.flushTimer = null;
+    }
 
     this.queue = this.queue.then(async () => {
       if (!this.state || this.closed) {
@@ -322,11 +357,44 @@ export class FeishuStreamingSession {
     await this.queue;
   }
 
-  async close(finalText?: string): Promise<void> {
+  private async updateNoteContent(note: string): Promise<void> {
+    if (!this.state || !this.state.hasNote) {
+      return;
+    }
+    const apiBase = resolveApiBase(this.creds.domain);
+    this.state.sequence += 1;
+    await fetchWithSsrFGuard({
+      url: `${apiBase}/cardkit/v1/cards/${this.state.cardId}/elements/note/content`,
+      init: {
+        method: "PUT",
+        headers: {
+          Authorization: `Bearer ${await getToken(this.creds)}`,
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+          content: `<font color='grey'>${note}</font>`,
+          sequence: this.state.sequence,
+          uuid: `n_${this.state.cardId}_${this.state.sequence}`,
+        }),
+      },
+      policy: { allowedHostnames: resolveAllowedHostnames(this.creds.domain) },
+      auditContext: "feishu.streaming-card.note-update",
+    })
+      .then(async ({ release }) => {
+        await release();
+      })
+      .catch((e) => this.log?.(`Note update failed: ${String(e)}`));
+  }
+
+  async close(finalText?: string, options?: { note?: string }): Promise<void> {
     if (!this.state || this.closed) {
       return;
     }
     this.closed = true;
+    if (this.flushTimer) {
+      clearTimeout(this.flushTimer);
+      this.flushTimer = null;
+    }
     await this.queue;
 
     const pendingMerged = mergeStreamingText(this.state.currentText, this.pendingText ?? undefined);
@@ -339,6 +407,11 @@ export class FeishuStreamingSession {
       this.state.currentText = text;
     }
 
+    // Update note with final model/provider info
+    if (options?.note) {
+      await this.updateNoteContent(options.note);
+    }
+
     // Close streaming mode
     this.state.sequence += 1;
     await fetchWithSsrFGuard({
@@ -364,8 +437,11 @@ export class FeishuStreamingSession {
         await release();
       })
       .catch((e) => this.log?.(`Close failed: ${String(e)}`));
+    const finalState = this.state;
+    this.state = null;
+    this.pendingText = null;
 
-    this.log?.(`Closed streaming: cardId=${this.state.cardId}`);
+    this.log?.(`Closed streaming: cardId=${finalState.cardId}`);
   }
 
   isActive(): boolean {

extensions/feishu/src/types.ts

@@ -72,6 +72,8 @@ export type FeishuMessageInfo = {
   content: string;
   contentType: string;
   createTime?: number;
+  /** Feishu thread ID (omt_xxx) — present when the message belongs to a topic thread. */
+  threadId?: string;
 };
 
 export type FeishuProbeResult = BaseProbeResult<string> & {

extensions/signal/src/monitor.tool-result.sends-tool-summaries-responseprefix.test.ts

@@ -74,7 +74,10 @@ function createAutoAbortController() {
 }
 
 async function runMonitorWithMocks(opts: MonitorSignalProviderOptions) {
-  return monitorSignalProvider(opts);
+  return monitorSignalProvider({
+    config: config as OpenClawConfig,
+    ...opts,
+  });
 }
 
 async function receiveSignalPayloads(params: {
@@ -304,7 +307,9 @@ describe("monitorSignalProvider tool results", () => {
       ],
     });
 
+    await vi.waitFor(() => {
       expect(sendMock).toHaveBeenCalledTimes(1);
+    });
     expect(sendMock.mock.calls[0][1]).toBe("PFX final reply");
   });
 
@@ -460,8 +465,9 @@ describe("monitorSignalProvider tool results", () => {
       ],
     });
 
+    await vi.waitFor(() => {
       expect(sendMock).toHaveBeenCalledTimes(1);
-    expect(updateLastRouteMock).toHaveBeenCalled();
+    });
   });
 
   it("does not resend pairing code when a request is already pending", async () => {

extensions/slack/src/monitor.test-helpers.ts

@@ -5,6 +5,7 @@ type SlackProviderMonitor = (params: {
   botToken: string;
   appToken: string;
   abortSignal: AbortSignal;
+  config?: Record<string, unknown>;
 }) => Promise<unknown>;
 
 type SlackTestState = {
@@ -49,14 +50,51 @@ type SlackClient = {
   };
 };
 
-export const getSlackHandlers = () =>
-  (
-    globalThis as {
-      __slackHandlers?: Map<string, SlackHandler>;
-    }
-  ).__slackHandlers;
+export const getSlackHandlers = () => ensureSlackTestRuntime().handlers;
 
-export const getSlackClient = () => (globalThis as { __slackClient?: SlackClient }).__slackClient;
+export const getSlackClient = () => ensureSlackTestRuntime().client;
+
+function ensureSlackTestRuntime(): {
+  handlers: Map<string, SlackHandler>;
+  client: SlackClient;
+} {
+  const globalState = globalThis as {
+    __slackHandlers?: Map<string, SlackHandler>;
+    __slackClient?: SlackClient;
+  };
+  if (!globalState.__slackHandlers) {
+    globalState.__slackHandlers = new Map<string, SlackHandler>();
+  }
+  if (!globalState.__slackClient) {
+    globalState.__slackClient = {
+      auth: { test: vi.fn().mockResolvedValue({ user_id: "bot-user" }) },
+      conversations: {
+        info: vi.fn().mockResolvedValue({
+          channel: { name: "dm", is_im: true },
+        }),
+        replies: vi.fn().mockResolvedValue({ messages: [] }),
+        history: vi.fn().mockResolvedValue({ messages: [] }),
+      },
+      users: {
+        info: vi.fn().mockResolvedValue({
+          user: { profile: { display_name: "Ada" } },
+        }),
+      },
+      assistant: {
+        threads: {
+          setStatus: vi.fn().mockResolvedValue({ ok: true }),
+        },
+      },
+      reactions: {
+        add: (...args: unknown[]) => slackTestState.reactMock(...args),
+      },
+    };
+  }
+  return {
+    handlers: globalState.__slackHandlers,
+    client: globalState.__slackClient,
+  };
+}
 
 export const flush = () => new Promise((resolve) => setTimeout(resolve, 0));
 
@@ -78,6 +116,7 @@ export function startSlackMonitor(
     botToken: opts?.botToken ?? "bot-token",
     appToken: opts?.appToken ?? "app-token",
     abortSignal: controller.signal,
+    config: slackTestState.config,
   });
   return { controller, run };
 }
@@ -193,34 +232,9 @@ vi.mock("../../../src/config/sessions.js", async (importOriginal) => {
 });
 
 vi.mock("@slack/bolt", () => {
-  const handlers = new Map<string, SlackHandler>();
-  (globalThis as { __slackHandlers?: typeof handlers }).__slackHandlers = handlers;
-  const client = {
-    auth: { test: vi.fn().mockResolvedValue({ user_id: "bot-user" }) },
-    conversations: {
-      info: vi.fn().mockResolvedValue({
-        channel: { name: "dm", is_im: true },
-      }),
-      replies: vi.fn().mockResolvedValue({ messages: [] }),
-      history: vi.fn().mockResolvedValue({ messages: [] }),
-    },
-    users: {
-      info: vi.fn().mockResolvedValue({
-        user: { profile: { display_name: "Ada" } },
-      }),
-    },
-    assistant: {
-      threads: {
-        setStatus: vi.fn().mockResolvedValue({ ok: true }),
-      },
-    },
-    reactions: {
-      add: (...args: unknown[]) => slackTestState.reactMock(...args),
-    },
-  };
-  (globalThis as { __slackClient?: typeof client }).__slackClient = client;
+  const { handlers, client: slackClient } = ensureSlackTestRuntime();
   class App {
-    client = client;
+    client = slackClient;
     event(name: string, handler: SlackHandler) {
       handlers.set(name, handler);
     }

extensions/slack/src/monitor.tool-result.test.ts

@@ -1,7 +1,4 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
-import { HISTORY_CONTEXT_MARKER } from "../../../src/auto-reply/reply/history.js";
-import { resetInboundDedupe } from "../../../src/auto-reply/reply/inbound-dedupe.js";
-import { CURRENT_MESSAGE_MARKER } from "../../../src/auto-reply/reply/mentions.js";
 import {
   defaultSlackTestConfig,
   getSlackTestState,
@@ -15,6 +12,9 @@ import {
   stopSlackMonitor,
 } from "./monitor.test-helpers.js";
 
+const { resetInboundDedupe } = await import("../../../src/auto-reply/reply/inbound-dedupe.js");
+const { HISTORY_CONTEXT_MARKER } = await import("../../../src/auto-reply/reply/history.js");
+const { CURRENT_MESSAGE_MARKER } = await import("../../../src/auto-reply/reply/mentions.js");
 const { monitorSlackProvider } = await import("./monitor.js");
 
 const slackTestState = getSlackTestState();
@@ -209,7 +209,9 @@ describe("monitorSlackProvider tool results", () => {
 
   function expectSingleSendWithThread(threadTs: string | undefined) {
     expect(sendMock).toHaveBeenCalledTimes(1);
-    expect(sendMock.mock.calls[0][2]).toMatchObject({ threadTs });
+    expect((sendMock.mock.calls[0]?.[2] as { threadTs?: string } | undefined)?.threadTs).toBe(
+      threadTs,
+    );
   }
 
   async function runDefaultMessageAndExpectSentText(expectedText: string) {

extensions/telegram/src/bot-message-context.topic-agentid.test.ts

@@ -1,6 +1,5 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import { loadConfig } from "../../../src/config/config.js";
-import { buildTelegramMessageContextForTest } from "./bot-message-context.test-harness.js";
 
 const { defaultRouteConfig } = vi.hoisted(() => ({
   defaultRouteConfig: {
@@ -20,6 +19,9 @@ vi.mock("../../../src/config/config.js", async (importOriginal) => {
   };
 });
 
+const { buildTelegramMessageContextForTest } =
+  await import("./bot-message-context.test-harness.js");
+
 describe("buildTelegramMessageContext per-topic agentId routing", () => {
   function buildForumMessage(threadId = 3) {
     return {
@@ -98,7 +100,7 @@ describe("buildTelegramMessageContext per-topic agentId routing", () => {
     expect(ctx?.ctxPayload?.SessionKey).toContain("agent:main:");
   });
 
-  it("falls back to default agent when topic agentId does not exist", async () => {
+  it("preserves an unknown topic agentId in the session key", async () => {
     vi.mocked(loadConfig).mockReturnValue({
       agents: {
         list: [{ id: "main", default: true }, { id: "zu" }],
@@ -110,7 +112,7 @@ describe("buildTelegramMessageContext per-topic agentId routing", () => {
     const ctx = await buildForumContext({ topicConfig: { agentId: "ghost" } });
 
     expect(ctx).not.toBeNull();
-    expect(ctx?.ctxPayload?.SessionKey).toContain("agent:main:");
+    expect(ctx?.ctxPayload?.SessionKey).toContain("agent:ghost:");
   });
 
   it("routes DM topic to specific agent when agentId is set", async () => {

extensions/telegram/src/bot.create-telegram-bot.test-harness.ts

@@ -102,73 +102,81 @@ vi.mock("./sent-message-cache.js", () => ({
   clearSentMessageCache: vi.fn(),
 }));
 
-export const useSpy: MockFn<(arg: unknown) => void> = vi.fn();
-export const middlewareUseSpy: AnyMock = vi.fn();
-export const onSpy: AnyMock = vi.fn();
-export const stopSpy: AnyMock = vi.fn();
-export const commandSpy: AnyMock = vi.fn();
-export const botCtorSpy: AnyMock = vi.fn();
-export const answerCallbackQuerySpy: AnyAsyncMock = vi.fn(async () => undefined);
-export const sendChatActionSpy: AnyMock = vi.fn();
-export const editMessageTextSpy: AnyAsyncMock = vi.fn(async () => ({ message_id: 88 }));
-export const editMessageReplyMarkupSpy: AnyAsyncMock = vi.fn(async () => ({ message_id: 88 }));
-export const sendMessageDraftSpy: AnyAsyncMock = vi.fn(async () => true);
-export const setMessageReactionSpy: AnyAsyncMock = vi.fn(async () => undefined);
-export const setMyCommandsSpy: AnyAsyncMock = vi.fn(async () => undefined);
-export const getMeSpy: AnyAsyncMock = vi.fn(async () => ({
+// All spy variables used inside vi.mock("grammy", ...) must be created via
+// vi.hoisted() so they are available when the hoisted factory runs, regardless
+// of module evaluation order across different test files.
+const grammySpies = vi.hoisted(() => ({
+  useSpy: vi.fn() as MockFn<(arg: unknown) => void>,
+  middlewareUseSpy: vi.fn() as AnyMock,
+  onSpy: vi.fn() as AnyMock,
+  stopSpy: vi.fn() as AnyMock,
+  commandSpy: vi.fn() as AnyMock,
+  botCtorSpy: vi.fn() as AnyMock,
+  answerCallbackQuerySpy: vi.fn(async () => undefined) as AnyAsyncMock,
+  sendChatActionSpy: vi.fn() as AnyMock,
+  editMessageTextSpy: vi.fn(async () => ({ message_id: 88 })) as AnyAsyncMock,
+  editMessageReplyMarkupSpy: vi.fn(async () => ({ message_id: 88 })) as AnyAsyncMock,
+  sendMessageDraftSpy: vi.fn(async () => true) as AnyAsyncMock,
+  setMessageReactionSpy: vi.fn(async () => undefined) as AnyAsyncMock,
+  setMyCommandsSpy: vi.fn(async () => undefined) as AnyAsyncMock,
+  getMeSpy: vi.fn(async () => ({
     username: "openclaw_bot",
     has_topics_enabled: true,
+  })) as AnyAsyncMock,
+  sendMessageSpy: vi.fn(async () => ({ message_id: 77 })) as AnyAsyncMock,
+  sendAnimationSpy: vi.fn(async () => ({ message_id: 78 })) as AnyAsyncMock,
+  sendPhotoSpy: vi.fn(async () => ({ message_id: 79 })) as AnyAsyncMock,
+  getFileSpy: vi.fn(async () => ({ file_path: "media/file.jpg" })) as AnyAsyncMock,
 }));
-export const sendMessageSpy: AnyAsyncMock = vi.fn(async () => ({ message_id: 77 }));
-export const sendAnimationSpy: AnyAsyncMock = vi.fn(async () => ({ message_id: 78 }));
-export const sendPhotoSpy: AnyAsyncMock = vi.fn(async () => ({ message_id: 79 }));
-export const getFileSpy: AnyAsyncMock = vi.fn(async () => ({ file_path: "media/file.jpg" }));
 
-type ApiStub = {
-  config: { use: (arg: unknown) => void };
-  answerCallbackQuery: typeof answerCallbackQuerySpy;
-  sendChatAction: typeof sendChatActionSpy;
-  editMessageText: typeof editMessageTextSpy;
-  editMessageReplyMarkup: typeof editMessageReplyMarkupSpy;
-  sendMessageDraft: typeof sendMessageDraftSpy;
-  setMessageReaction: typeof setMessageReactionSpy;
-  setMyCommands: typeof setMyCommandsSpy;
-  getMe: typeof getMeSpy;
-  sendMessage: typeof sendMessageSpy;
-  sendAnimation: typeof sendAnimationSpy;
-  sendPhoto: typeof sendPhotoSpy;
-  getFile: typeof getFileSpy;
-};
-
-const apiStub: ApiStub = {
-  config: { use: useSpy },
-  answerCallbackQuery: answerCallbackQuerySpy,
-  sendChatAction: sendChatActionSpy,
-  editMessageText: editMessageTextSpy,
-  editMessageReplyMarkup: editMessageReplyMarkupSpy,
-  sendMessageDraft: sendMessageDraftSpy,
-  setMessageReaction: setMessageReactionSpy,
-  setMyCommands: setMyCommandsSpy,
-  getMe: getMeSpy,
-  sendMessage: sendMessageSpy,
-  sendAnimation: sendAnimationSpy,
-  sendPhoto: sendPhotoSpy,
-  getFile: getFileSpy,
-};
+export const {
+  useSpy,
+  middlewareUseSpy,
+  onSpy,
+  stopSpy,
+  commandSpy,
+  botCtorSpy,
+  answerCallbackQuerySpy,
+  sendChatActionSpy,
+  editMessageTextSpy,
+  editMessageReplyMarkupSpy,
+  sendMessageDraftSpy,
+  setMessageReactionSpy,
+  setMyCommandsSpy,
+  getMeSpy,
+  sendMessageSpy,
+  sendAnimationSpy,
+  sendPhotoSpy,
+  getFileSpy,
+} = grammySpies;
 
 vi.mock("grammy", () => ({
   Bot: class {
-    api = apiStub;
-    use = middlewareUseSpy;
-    on = onSpy;
-    stop = stopSpy;
-    command = commandSpy;
+    api = {
+      config: { use: grammySpies.useSpy },
+      answerCallbackQuery: grammySpies.answerCallbackQuerySpy,
+      sendChatAction: grammySpies.sendChatActionSpy,
+      editMessageText: grammySpies.editMessageTextSpy,
+      editMessageReplyMarkup: grammySpies.editMessageReplyMarkupSpy,
+      sendMessageDraft: grammySpies.sendMessageDraftSpy,
+      setMessageReaction: grammySpies.setMessageReactionSpy,
+      setMyCommands: grammySpies.setMyCommandsSpy,
+      getMe: grammySpies.getMeSpy,
+      sendMessage: grammySpies.sendMessageSpy,
+      sendAnimation: grammySpies.sendAnimationSpy,
+      sendPhoto: grammySpies.sendPhotoSpy,
+      getFile: grammySpies.getFileSpy,
+    };
+    use = grammySpies.middlewareUseSpy;
+    on = grammySpies.onSpy;
+    stop = grammySpies.stopSpy;
+    command = grammySpies.commandSpy;
     catch = vi.fn();
     constructor(
       public token: string,
       public options?: { client?: { fetch?: typeof fetch } },
     ) {
-      botCtorSpy(token, options);
+      grammySpies.botCtorSpy(token, options);
     }
   },
   InputFile: class {},

extensions/telegram/src/bot.create-telegram-bot.test.ts

@@ -29,9 +29,11 @@ import {
   throttlerSpy,
   useSpy,
 } from "./bot.create-telegram-bot.test-harness.js";
-import { createTelegramBot, getTelegramSequentialKey } from "./bot.js";
 import { resolveTelegramFetch } from "./fetch.js";
 
+// Import after the harness registers `vi.mock(...)` for grammY and Telegram internals.
+const { createTelegramBot, getTelegramSequentialKey } = await import("./bot.js");
+
 const loadConfig = getLoadConfigMock();
 const loadWebMedia = getLoadWebMediaMock();
 const readChannelAllowFromStore = getReadChannelAllowFromStoreMock();
@@ -813,7 +815,7 @@ describe("createTelegramBot", () => {
     expect(payload.SessionKey).toBe("agent:opie:main");
   });
 
-  it("drops non-default account DMs without explicit bindings", async () => {
+  it("routes non-default account DMs to the per-account fallback session without explicit bindings", async () => {
     loadConfig.mockReturnValue({
       channels: {
         telegram: {
@@ -842,7 +844,10 @@ describe("createTelegramBot", () => {
       getFile: async () => ({ download: async () => new Uint8Array() }),
     });
 
-    expect(replySpy).not.toHaveBeenCalled();
+    expect(replySpy).toHaveBeenCalledTimes(1);
+    const payload = replySpy.mock.calls[0]?.[0];
+    expect(payload.AccountId).toBe("opie");
+    expect(payload.SessionKey).toContain("agent:main:telegram:opie:");
   });
 
   it("applies group mention overrides and fallback behavior", async () => {
@@ -1909,9 +1914,8 @@ describe("createTelegramBot", () => {
       await flushTimer?.();
 
       expect(replySpy).toHaveBeenCalledTimes(1);
-      const payload = replySpy.mock.calls[0]?.[0] as { Body?: string; MediaPaths?: string[] };
+      const payload = replySpy.mock.calls[0]?.[0] as { Body?: string };
       expect(payload.Body).toContain("album caption");
-      expect(payload.MediaPaths).toHaveLength(2);
     } finally {
       setTimeoutSpy.mockRestore();
       fetchSpy.mockRestore();
@@ -2137,9 +2141,8 @@ describe("createTelegramBot", () => {
       await flushTimer?.();
 
       expect(replySpy).toHaveBeenCalledTimes(1);
-      const payload = replySpy.mock.calls[0]?.[0] as { Body?: string; MediaPaths?: string[] };
+      const payload = replySpy.mock.calls[0]?.[0] as { Body?: string };
       expect(payload.Body).toContain("partial album");
-      expect(payload.MediaPaths).toHaveLength(1);
     } finally {
       setTimeoutSpy.mockRestore();
       fetchSpy.mockRestore();

extensions/telegram/src/bot.test.ts

@@ -1,11 +1,5 @@
 import { rm } from "node:fs/promises";
 import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
-import {
-  listNativeCommandSpecs,
-  listNativeCommandSpecsForConfig,
-} from "../../../src/auto-reply/commands-registry.js";
-import { loadSessionStore } from "../../../src/config/sessions.js";
-import { normalizeTelegramCommandName } from "../../../src/config/telegram-custom-commands.js";
 import { escapeRegExp, formatEnvelopeTimestamp } from "../../../test/helpers/envelope-timestamp.js";
 import { expectInboundContextContract } from "../../../test/helpers/inbound-contract.js";
 import {
@@ -25,7 +19,14 @@ import {
   setMyCommandsSpy,
   wasSentByBot,
 } from "./bot.create-telegram-bot.test-harness.js";
-import { createTelegramBot } from "./bot.js";
+
+// Import after the harness registers `vi.mock(...)` for grammY and Telegram internals.
+const { listNativeCommandSpecs, listNativeCommandSpecsForConfig } =
+  await import("../../../src/auto-reply/commands-registry.js");
+const { loadSessionStore } = await import("../../../src/config/sessions.js");
+const { normalizeTelegramCommandName } =
+  await import("../../../src/config/telegram-custom-commands.js");
+const { createTelegramBot } = await import("./bot.js");
 
 const loadConfig = getLoadConfigMock();
 const readChannelAllowFromStore = getReadChannelAllowFromStoreMock();
@@ -833,8 +834,6 @@ describe("createTelegramBot", () => {
         ReplyToBody?: string;
       };
       expect(payload.ReplyToBody).toBe("<media:image>");
-      expect(payload.MediaPaths).toHaveLength(1);
-      expect(payload.MediaPath).toBe(payload.MediaPaths?.[0]);
       expect(getFileSpy).toHaveBeenCalledWith("reply-photo-1");
     } finally {
       fetchSpy.mockRestore();

extensions/telegram/src/channel.test.ts

@@ -403,3 +403,30 @@ describe("telegramPlugin duplicate token guard", () => {
     );
   });
 });
+
+describe("telegramPlugin outbound sendPayload forceDocument", () => {
+  it("forwards forceDocument to the underlying send call when channelData is present", async () => {
+    const sendMessageTelegram = installSendMessageRuntime(
+      vi.fn(async () => ({ messageId: "tg-fd" })),
+    );
+
+    await telegramPlugin.outbound!.sendPayload!({
+      cfg: createCfg(),
+      to: "12345",
+      text: "",
+      payload: {
+        text: "here is an image",
+        mediaUrls: ["https://example.com/photo.png"],
+        channelData: { telegram: {} },
+      },
+      accountId: "ops",
+      forceDocument: true,
+    });
+
+    expect(sendMessageTelegram).toHaveBeenCalledWith(
+      "12345",
+      expect.any(String),
+      expect.objectContaining({ forceDocument: true }),
+    );
+  });
+});

extensions/telegram/src/channel.ts

@@ -96,6 +96,7 @@ function buildTelegramSendOptions(params: {
   replyToId?: string | null;
   threadId?: string | number | null;
   silent?: boolean | null;
+  forceDocument?: boolean | null;
 }): TelegramSendOptions {
   return {
     verbose: false,
@@ -106,6 +107,7 @@ function buildTelegramSendOptions(params: {
     replyToMessageId: parseTelegramReplyToMessageId(params.replyToId),
     accountId: params.accountId ?? undefined,
     silent: params.silent ?? undefined,
+    forceDocument: params.forceDocument ?? undefined,
   };
 }
 
@@ -386,6 +388,7 @@ export const telegramPlugin: ChannelPlugin<ResolvedTelegramAccount, TelegramProb
       replyToId,
       threadId,
       silent,
+      forceDocument,
     }) => {
       const send =
         resolveOutboundSendDep<TelegramSendFn>(deps, "telegram") ??
@@ -401,6 +404,7 @@ export const telegramPlugin: ChannelPlugin<ResolvedTelegramAccount, TelegramProb
           replyToId,
           threadId,
           silent,
+          forceDocument,
         }),
       });
       return { channel: "telegram", ...result };

extensions/telegram/src/format.ts

@@ -512,6 +512,146 @@ function sliceLinkSpans(
   });
 }
 
+function sliceMarkdownIR(ir: MarkdownIR, start: number, end: number): MarkdownIR {
+  return {
+    text: ir.text.slice(start, end),
+    styles: sliceStyleSpans(ir.styles, start, end),
+    links: sliceLinkSpans(ir.links, start, end),
+  };
+}
+
+function mergeAdjacentStyleSpans(styles: MarkdownIR["styles"]): MarkdownIR["styles"] {
+  const merged: MarkdownIR["styles"] = [];
+  for (const span of styles) {
+    const last = merged.at(-1);
+    if (last && last.style === span.style && span.start <= last.end) {
+      last.end = Math.max(last.end, span.end);
+      continue;
+    }
+    merged.push({ ...span });
+  }
+  return merged;
+}
+
+function mergeAdjacentLinkSpans(links: MarkdownIR["links"]): MarkdownIR["links"] {
+  const merged: MarkdownIR["links"] = [];
+  for (const link of links) {
+    const last = merged.at(-1);
+    if (last && last.href === link.href && link.start <= last.end) {
+      last.end = Math.max(last.end, link.end);
+      continue;
+    }
+    merged.push({ ...link });
+  }
+  return merged;
+}
+
+function mergeMarkdownIRChunks(left: MarkdownIR, right: MarkdownIR): MarkdownIR {
+  const offset = left.text.length;
+  return {
+    text: left.text + right.text,
+    styles: mergeAdjacentStyleSpans([
+      ...left.styles,
+      ...right.styles.map((span) => ({
+        ...span,
+        start: span.start + offset,
+        end: span.end + offset,
+      })),
+    ]),
+    links: mergeAdjacentLinkSpans([
+      ...left.links,
+      ...right.links.map((link) => ({
+        ...link,
+        start: link.start + offset,
+        end: link.end + offset,
+      })),
+    ]),
+  };
+}
+
+function renderTelegramChunkHtml(ir: MarkdownIR): string {
+  return wrapFileReferencesInHtml(renderTelegramHtml(ir));
+}
+
+function findMarkdownIRPreservedSplitIndex(text: string, start: number, limit: number): number {
+  const maxEnd = Math.min(text.length, start + limit);
+  if (maxEnd >= text.length) {
+    return text.length;
+  }
+
+  let lastOutsideParenNewlineBreak = -1;
+  let lastOutsideParenWhitespaceBreak = -1;
+  let lastOutsideParenWhitespaceRunStart = -1;
+  let lastAnyNewlineBreak = -1;
+  let lastAnyWhitespaceBreak = -1;
+  let lastAnyWhitespaceRunStart = -1;
+  let parenDepth = 0;
+  let sawNonWhitespace = false;
+
+  for (let index = start; index < maxEnd; index += 1) {
+    const char = text[index];
+    if (char === "(") {
+      sawNonWhitespace = true;
+      parenDepth += 1;
+      continue;
+    }
+    if (char === ")" && parenDepth > 0) {
+      sawNonWhitespace = true;
+      parenDepth -= 1;
+      continue;
+    }
+    if (!/\s/.test(char)) {
+      sawNonWhitespace = true;
+      continue;
+    }
+    if (!sawNonWhitespace) {
+      continue;
+    }
+    if (char === "\n") {
+      lastAnyNewlineBreak = index + 1;
+      if (parenDepth === 0) {
+        lastOutsideParenNewlineBreak = index + 1;
+      }
+      continue;
+    }
+    const whitespaceRunStart =
+      index === start || !/\s/.test(text[index - 1] ?? "") ? index : lastAnyWhitespaceRunStart;
+    lastAnyWhitespaceBreak = index + 1;
+    lastAnyWhitespaceRunStart = whitespaceRunStart;
+    if (parenDepth === 0) {
+      lastOutsideParenWhitespaceBreak = index + 1;
+      lastOutsideParenWhitespaceRunStart = whitespaceRunStart;
+    }
+  }
+
+  const resolveWhitespaceBreak = (breakIndex: number, runStart: number): number => {
+    if (breakIndex <= start) {
+      return breakIndex;
+    }
+    if (runStart <= start) {
+      return breakIndex;
+    }
+    return /\s/.test(text[breakIndex] ?? "") ? runStart : breakIndex;
+  };
+
+  if (lastOutsideParenNewlineBreak > start) {
+    return lastOutsideParenNewlineBreak;
+  }
+  if (lastOutsideParenWhitespaceBreak > start) {
+    return resolveWhitespaceBreak(
+      lastOutsideParenWhitespaceBreak,
+      lastOutsideParenWhitespaceRunStart,
+    );
+  }
+  if (lastAnyNewlineBreak > start) {
+    return lastAnyNewlineBreak;
+  }
+  if (lastAnyWhitespaceBreak > start) {
+    return resolveWhitespaceBreak(lastAnyWhitespaceBreak, lastAnyWhitespaceRunStart);
+  }
+  return maxEnd;
+}
+
 function splitMarkdownIRPreserveWhitespace(ir: MarkdownIR, limit: number): MarkdownIR[] {
   if (!ir.text) {
     return [];
@@ -523,7 +663,7 @@ function splitMarkdownIRPreserveWhitespace(ir: MarkdownIR, limit: number): Markd
   const chunks: MarkdownIR[] = [];
   let cursor = 0;
   while (cursor < ir.text.length) {
-    const end = Math.min(ir.text.length, cursor + normalizedLimit);
+    const end = findMarkdownIRPreservedSplitIndex(ir.text, cursor, normalizedLimit);
     chunks.push({
       text: ir.text.slice(cursor, end),
       styles: sliceStyleSpans(ir.styles, cursor, end),
@@ -534,32 +674,98 @@ function splitMarkdownIRPreserveWhitespace(ir: MarkdownIR, limit: number): Markd
   return chunks;
 }
 
+function coalesceWhitespaceOnlyMarkdownIRChunks(chunks: MarkdownIR[], limit: number): MarkdownIR[] {
+  const coalesced: MarkdownIR[] = [];
+  let index = 0;
+
+  while (index < chunks.length) {
+    const chunk = chunks[index];
+    if (!chunk) {
+      index += 1;
+      continue;
+    }
+    if (chunk.text.trim().length > 0) {
+      coalesced.push(chunk);
+      index += 1;
+      continue;
+    }
+
+    const prev = coalesced.at(-1);
+    const next = chunks[index + 1];
+    const chunkLength = chunk.text.length;
+
+    const canMergePrev = (candidate: MarkdownIR) =>
+      renderTelegramChunkHtml(candidate).length <= limit;
+    const canMergeNext = (candidate: MarkdownIR) =>
+      renderTelegramChunkHtml(candidate).length <= limit;
+
+    if (prev) {
+      const mergedPrev = mergeMarkdownIRChunks(prev, chunk);
+      if (canMergePrev(mergedPrev)) {
+        coalesced[coalesced.length - 1] = mergedPrev;
+        index += 1;
+        continue;
+      }
+    }
+
+    if (next) {
+      const mergedNext = mergeMarkdownIRChunks(chunk, next);
+      if (canMergeNext(mergedNext)) {
+        chunks[index + 1] = mergedNext;
+        index += 1;
+        continue;
+      }
+    }
+
+    if (prev && next) {
+      for (let prefixLength = chunkLength - 1; prefixLength >= 1; prefixLength -= 1) {
+        const prefix = sliceMarkdownIR(chunk, 0, prefixLength);
+        const suffix = sliceMarkdownIR(chunk, prefixLength, chunkLength);
+        const mergedPrev = mergeMarkdownIRChunks(prev, prefix);
+        const mergedNext = mergeMarkdownIRChunks(suffix, next);
+        if (canMergePrev(mergedPrev) && canMergeNext(mergedNext)) {
+          coalesced[coalesced.length - 1] = mergedPrev;
+          chunks[index + 1] = mergedNext;
+          break;
+        }
+      }
+    }
+
+    index += 1;
+  }
+
+  return coalesced;
+}
+
 function renderTelegramChunksWithinHtmlLimit(
   ir: MarkdownIR,
   limit: number,
 ): TelegramFormattedChunk[] {
   const normalizedLimit = Math.max(1, Math.floor(limit));
   const pending = chunkMarkdownIR(ir, normalizedLimit);
-  const rendered: TelegramFormattedChunk[] = [];
+  const finalized: MarkdownIR[] = [];
   while (pending.length > 0) {
     const chunk = pending.shift();
     if (!chunk) {
       continue;
     }
-    const html = wrapFileReferencesInHtml(renderTelegramHtml(chunk));
+    const html = renderTelegramChunkHtml(chunk);
     if (html.length <= normalizedLimit || chunk.text.length <= 1) {
-      rendered.push({ html, text: chunk.text });
+      finalized.push(chunk);
       continue;
     }
     const split = splitTelegramChunkByHtmlLimit(chunk, normalizedLimit, html.length);
     if (split.length <= 1) {
       // Worst-case safety: avoid retry loops, deliver the chunk as-is.
-      rendered.push({ html, text: chunk.text });
+      finalized.push(chunk);
       continue;
     }
     pending.unshift(...split);
   }
-  return rendered;
+  return coalesceWhitespaceOnlyMarkdownIRChunks(finalized, normalizedLimit).map((chunk) => ({
+    html: renderTelegramChunkHtml(chunk),
+    text: chunk.text,
+  }));
 }
 
 export function markdownToTelegramChunks(

extensions/telegram/src/format.wrap-md.test.ts

@@ -174,6 +174,35 @@ describe("markdownToTelegramChunks - file reference wrapping", () => {
     expect(chunks.map((chunk) => chunk.text).join("")).toBe(input);
     expect(chunks.every((chunk) => chunk.html.length <= 5)).toBe(true);
   });
+
+  it("prefers word boundaries when html-limit retry splits formatted prose", () => {
+    const input = "**Which of these**";
+    const chunks = markdownToTelegramChunks(input, 16);
+    expect(chunks.map((chunk) => chunk.text)).toEqual(["Which of ", "these"]);
+    expect(chunks.every((chunk) => chunk.html.length <= 16)).toBe(true);
+  });
+
+  it("falls back to in-paren word boundaries when the parenthesis is unbalanced", () => {
+    const input = "**foo (bar baz qux quux**";
+    const chunks = markdownToTelegramChunks(input, 20);
+    expect(chunks.map((chunk) => chunk.text)).toEqual(["foo", "(bar baz qux ", "quux"]);
+    expect(chunks.every((chunk) => chunk.html.length <= 20)).toBe(true);
+  });
+
+  it("does not emit whitespace-only chunks during html-limit retry splitting", () => {
+    const input = "**ab  <<**";
+    const chunks = markdownToTelegramChunks(input, 11);
+    expect(chunks.map((chunk) => chunk.text).join("")).toBe("ab  <<");
+    expect(chunks.every((chunk) => chunk.text.trim().length > 0)).toBe(true);
+    expect(chunks.every((chunk) => chunk.html.length <= 11)).toBe(true);
+  });
+
+  it("preserves paragraph separators when retry chunking produces whitespace-only spans", () => {
+    const input = "ab\n\n<<";
+    const chunks = markdownToTelegramChunks(input, 6);
+    expect(chunks.map((chunk) => chunk.text).join("")).toBe(input);
+    expect(chunks.every((chunk) => chunk.html.length <= 6)).toBe(true);
+  });
 });
 
 describe("edge cases", () => {

extensions/telegram/src/outbound-adapter.ts

@@ -141,6 +141,7 @@ export const telegramOutbound: ChannelOutboundAdapter = {
     deps,
     replyToId,
     threadId,
+    forceDocument,
   }) => {
     const { send, baseOpts } = resolveTelegramSendContext({
       cfg,
@@ -156,6 +157,7 @@ export const telegramOutbound: ChannelOutboundAdapter = {
       baseOpts: {
         ...baseOpts,
         mediaLocalRoots,
+        forceDocument: forceDocument ?? false,
       },
     });
     return { channel: "telegram", ...result };

extensions/telegram/src/send.test.ts

@@ -776,10 +776,11 @@ describe("sendMessageTelegram", () => {
     }
   });
 
-  it("retries on transient errors with retry_after", async () => {
+  it("retries pre-connect send errors and honors retry_after when present", async () => {
     vi.useFakeTimers();
     const chatId = "123";
-    const err = Object.assign(new Error("429"), {
+    const err = Object.assign(new Error("getaddrinfo ENOTFOUND api.telegram.org"), {
+      code: "ENOTFOUND",
       parameters: { retry_after: 0.5 },
     });
     const sendMessage = vi
@@ -824,29 +825,25 @@ describe("sendMessageTelegram", () => {
     expect(sendMessage).toHaveBeenCalledTimes(1);
   });
 
-  it("retries when grammY network envelope message includes failed-after wording", async () => {
+  it("does not retry generic grammY failed-after envelopes for non-idempotent sends", async () => {
     const chatId = "123";
     const sendMessage = vi
       .fn()
       .mockRejectedValueOnce(
         new Error("Network request for 'sendMessage' failed after 1 attempts."),
-      )
-      .mockResolvedValueOnce({
-        message_id: 7,
-        chat: { id: chatId },
-      });
+      );
     const api = { sendMessage } as unknown as {
       sendMessage: typeof sendMessage;
     };
 
-    const result = await sendMessageTelegram(chatId, "hi", {
+    await expect(
+      sendMessageTelegram(chatId, "hi", {
         token: "tok",
         api,
         retry: { attempts: 2, minDelayMs: 0, maxDelayMs: 0, jitter: 0 },
-    });
-
-    expect(sendMessage).toHaveBeenCalledTimes(2);
-    expect(result).toEqual({ messageId: "7", chatId });
+      }),
+    ).rejects.toThrow(/failed after 1 attempts/i);
+    expect(sendMessage).toHaveBeenCalledTimes(1);
   });
 
   it("sends GIF media as animation", async () => {

extensions/tlon/src/monitor/index.ts

@@ -301,7 +301,7 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise<v
         `[tlon] Using autoDiscoverChannels from settings store: ${effectiveAutoDiscoverChannels}`,
       );
     }
-    if (currentSettings.dmAllowlist?.length) {
+    if (currentSettings.dmAllowlist !== undefined) {
       effectiveDmAllowlist = currentSettings.dmAllowlist;
       runtime.log?.(
         `[tlon] Using dmAllowlist from settings store: ${effectiveDmAllowlist.join(", ")}`,
@@ -322,7 +322,7 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise<v
         `[tlon] Using autoAcceptGroupInvites from settings store: ${effectiveAutoAcceptGroupInvites}`,
       );
     }
-    if (currentSettings.groupInviteAllowlist?.length) {
+    if (currentSettings.groupInviteAllowlist !== undefined) {
       effectiveGroupInviteAllowlist = currentSettings.groupInviteAllowlist;
       runtime.log?.(
         `[tlon] Using groupInviteAllowlist from settings store: ${effectiveGroupInviteAllowlist.join(", ")}`,
@@ -1176,17 +1176,14 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise<v
         return;
       }
 
-      // Resolve any cited/quoted messages first
-      const citedContent = await resolveAllCites(content.content);
       const rawText = extractMessageText(content.content);
-      const messageText = citedContent + rawText;
-      if (!messageText.trim()) {
+      if (!rawText.trim()) {
         return;
       }
 
       cacheMessage(nest, {
         author: senderShip,
-        content: messageText,
+        content: rawText,
         timestamp: content.sent || Date.now(),
         id: messageId,
       });
@@ -1200,7 +1197,7 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise<v
       // Check if we should respond:
       // 1. Direct mention always triggers response
       // 2. Thread replies where we've participated - respond if relevant (let agent decide)
-      const mentioned = isBotMentioned(messageText, botShipName, botNickname ?? undefined);
+      const mentioned = isBotMentioned(rawText, botShipName, botNickname ?? undefined);
       const inParticipatedThread =
         isThreadReply && parentId && participatedThreads.has(String(parentId));
 
@@ -1227,10 +1224,10 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise<v
                 type: "channel",
                 requestingShip: senderShip,
                 channelNest: nest,
-                messagePreview: messageText.substring(0, 100),
+                messagePreview: rawText.substring(0, 100),
                 originalMessage: {
                   messageId: messageId ?? "",
-                  messageText,
+                  messageText: rawText,
                   messageContent: content.content,
                   timestamp: content.sent || Date.now(),
                   parentId: parentId ?? undefined,
@@ -1248,6 +1245,10 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise<v
         }
       }
 
+      // Resolve quoted content only after the sender passed channel authorization.
+      const citedContent = await resolveAllCites(content.content);
+      const messageText = citedContent + rawText;
+
       const parsed = parseChannelNest(nest);
       await processMessage({
         messageId: messageId ?? "",
@@ -1365,15 +1366,15 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise<v
         );
       }
 
-      // Resolve any cited/quoted messages first
-      const citedContent = await resolveAllCites(essay.content);
       const rawText = extractMessageText(essay.content);
-      const messageText = citedContent + rawText;
-      if (!messageText.trim()) {
+      if (!rawText.trim()) {
         return;
       }
+      const citedContent = await resolveAllCites(essay.content);
+      const resolvedMessageText = citedContent + rawText;
 
       // Check if this is the owner sending an approval response
+      const messageText = rawText;
       if (isOwner(senderShip) && isApprovalResponse(messageText)) {
         const handled = await handleApprovalResponse(messageText);
         if (handled) {
@@ -1397,7 +1398,7 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise<v
         await processMessage({
           messageId: messageId ?? "",
           senderShip,
-          messageText,
+          messageText: resolvedMessageText,
           messageContent: essay.content,
           isGroup: false,
           timestamp: essay.sent || Date.now(),
@@ -1430,7 +1431,7 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise<v
       await processMessage({
         messageId: messageId ?? "",
         senderShip,
-        messageText,
+        messageText: resolvedMessageText,
         messageContent: essay.content, // Pass raw content for media extraction
         isGroup: false,
         timestamp: essay.sent || Date.now(),
@@ -1524,8 +1525,7 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise<v
 
       // Update DM allowlist
       if (newSettings.dmAllowlist !== undefined) {
-        effectiveDmAllowlist =
-          newSettings.dmAllowlist.length > 0 ? newSettings.dmAllowlist : account.dmAllowlist;
+        effectiveDmAllowlist = newSettings.dmAllowlist;
         runtime.log?.(`[tlon] Settings: dmAllowlist updated to ${effectiveDmAllowlist.join(", ")}`);
       }
 
@@ -1551,10 +1551,7 @@ export async function monitorTlonProvider(opts: MonitorTlonOpts = {}): Promise<v
 
       // Update group invite allowlist
       if (newSettings.groupInviteAllowlist !== undefined) {
-        effectiveGroupInviteAllowlist =
-          newSettings.groupInviteAllowlist.length > 0
-            ? newSettings.groupInviteAllowlist
-            : account.groupInviteAllowlist;
+        effectiveGroupInviteAllowlist = newSettings.groupInviteAllowlist;
         runtime.log?.(
           `[tlon] Settings: groupInviteAllowlist updated to ${effectiveGroupInviteAllowlist.join(", ")}`,
         );

extensions/whatsapp/src/inbound/monitor.ts

@@ -413,8 +413,14 @@ export async function monitorWebInbox(options: {
 
       // If this is history/offline catch-up, mark read above but skip auto-reply.
       if (upsert.type === "append") {
+        const APPEND_RECENT_GRACE_MS = 60_000;
+        const msgTsRaw = msg.messageTimestamp;
+        const msgTsNum = msgTsRaw != null ? Number(msgTsRaw) : NaN;
+        const msgTsMs = Number.isFinite(msgTsNum) ? msgTsNum * 1000 : 0;
+        if (msgTsMs < connectedAtMs - APPEND_RECENT_GRACE_MS) {
           continue;
         }
+      }
 
       const enriched = await enrichInboundMessage(msg);
       if (!enriched) {

extensions/whatsapp/src/login-qr.test.ts

@@ -1,6 +1,11 @@
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import { startWebLoginWithQr, waitForWebLogin } from "./login-qr.js";
-import { createWaSocket, logoutWeb, waitForWaConnection } from "./session.js";
+import {
+  createWaSocket,
+  logoutWeb,
+  waitForCredsSaveQueueWithTimeout,
+  waitForWaConnection,
+} from "./session.js";
 
 vi.mock("./session.js", () => {
   const createWaSocket = vi.fn(
@@ -17,11 +22,13 @@ vi.mock("./session.js", () => {
   const getStatusCode = vi.fn(
     (err: unknown) =>
       (err as { output?: { statusCode?: number } })?.output?.statusCode ??
-      (err as { status?: number })?.status,
+      (err as { status?: number })?.status ??
+      (err as { error?: { output?: { statusCode?: number } } })?.error?.output?.statusCode,
   );
   const webAuthExists = vi.fn(async () => false);
   const readWebSelfId = vi.fn(() => ({ e164: null, jid: null }));
   const logoutWeb = vi.fn(async () => true);
+  const waitForCredsSaveQueueWithTimeout = vi.fn(async () => {});
   return {
     createWaSocket,
     waitForWaConnection,
@@ -30,6 +37,7 @@ vi.mock("./session.js", () => {
     webAuthExists,
     readWebSelfId,
     logoutWeb,
+    waitForCredsSaveQueueWithTimeout,
   };
 });
 
@@ -39,22 +47,43 @@ vi.mock("./qr-image.js", () => ({
 
 const createWaSocketMock = vi.mocked(createWaSocket);
 const waitForWaConnectionMock = vi.mocked(waitForWaConnection);
+const waitForCredsSaveQueueWithTimeoutMock = vi.mocked(waitForCredsSaveQueueWithTimeout);
 const logoutWebMock = vi.mocked(logoutWeb);
 
+async function flushTasks() {
+  await Promise.resolve();
+  await Promise.resolve();
+}
+
 describe("login-qr", () => {
   beforeEach(() => {
     vi.clearAllMocks();
   });
 
   it("restarts login once on status 515 and completes", async () => {
+    let releaseCredsFlush: (() => void) | undefined;
+    const credsFlushGate = new Promise<void>((resolve) => {
+      releaseCredsFlush = resolve;
+    });
     waitForWaConnectionMock
-      .mockRejectedValueOnce({ output: { statusCode: 515 } })
+      // Baileys v7 wraps the error: { error: BoomError(515) }
+      .mockRejectedValueOnce({ error: { output: { statusCode: 515 } } })
       .mockResolvedValueOnce(undefined);
+    waitForCredsSaveQueueWithTimeoutMock.mockReturnValueOnce(credsFlushGate);
 
     const start = await startWebLoginWithQr({ timeoutMs: 5000 });
     expect(start.qrDataUrl).toBe("data:image/png;base64,base64");
 
-    const result = await waitForWebLogin({ timeoutMs: 5000 });
+    const resultPromise = waitForWebLogin({ timeoutMs: 5000 });
+    await flushTasks();
+    await flushTasks();
+
+    expect(createWaSocketMock).toHaveBeenCalledTimes(1);
+    expect(waitForCredsSaveQueueWithTimeoutMock).toHaveBeenCalledOnce();
+    expect(waitForCredsSaveQueueWithTimeoutMock).toHaveBeenCalledWith(expect.any(String));
+
+    releaseCredsFlush?.();
+    const result = await resultPromise;
 
     expect(result.connected).toBe(true);
     expect(createWaSocketMock).toHaveBeenCalledTimes(2);

extensions/whatsapp/src/login-qr.ts

@@ -12,6 +12,7 @@ import {
   getStatusCode,
   logoutWeb,
   readWebSelfId,
+  waitForCredsSaveQueueWithTimeout,
   waitForWaConnection,
   webAuthExists,
 } from "./session.js";
@@ -85,9 +86,10 @@ async function restartLoginSocket(login: ActiveLogin, runtime: RuntimeEnv) {
   }
   login.restartAttempted = true;
   runtime.log(
-    info("WhatsApp asked for a restart after pairing (code 515); retrying connection once…"),
+    info("WhatsApp asked for a restart after pairing (code 515); waiting for creds to save…"),
   );
   closeSocket(login.sock);
+  await waitForCredsSaveQueueWithTimeout(login.authDir);
   try {
     const sock = await createWaSocket(false, login.verbose, {
       authDir: login.authDir,

extensions/whatsapp/src/login.coverage.test.ts

@@ -4,7 +4,12 @@ import path from "node:path";
 import { DisconnectReason } from "@whiskeysockets/baileys";
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import { loginWeb } from "./login.js";
-import { createWaSocket, formatError, waitForWaConnection } from "./session.js";
+import {
+  createWaSocket,
+  formatError,
+  waitForCredsSaveQueueWithTimeout,
+  waitForWaConnection,
+} from "./session.js";
 
 const rmMock = vi.spyOn(fs, "rm");
 
@@ -35,10 +40,19 @@ vi.mock("./session.js", () => {
   const createWaSocket = vi.fn(async () => (call++ === 0 ? sockA : sockB));
   const waitForWaConnection = vi.fn();
   const formatError = vi.fn((err: unknown) => `formatted:${String(err)}`);
+  const getStatusCode = vi.fn(
+    (err: unknown) =>
+      (err as { output?: { statusCode?: number } })?.output?.statusCode ??
+      (err as { status?: number })?.status ??
+      (err as { error?: { output?: { statusCode?: number } } })?.error?.output?.statusCode,
+  );
+  const waitForCredsSaveQueueWithTimeout = vi.fn(async () => {});
   return {
     createWaSocket,
     waitForWaConnection,
     formatError,
+    getStatusCode,
+    waitForCredsSaveQueueWithTimeout,
     WA_WEB_AUTH_DIR: authDir,
     logoutWeb: vi.fn(async (params: { authDir?: string }) => {
       await fs.rm(params.authDir ?? authDir, {
@@ -52,8 +66,14 @@ vi.mock("./session.js", () => {
 
 const createWaSocketMock = vi.mocked(createWaSocket);
 const waitForWaConnectionMock = vi.mocked(waitForWaConnection);
+const waitForCredsSaveQueueWithTimeoutMock = vi.mocked(waitForCredsSaveQueueWithTimeout);
 const formatErrorMock = vi.mocked(formatError);
 
+async function flushTasks() {
+  await Promise.resolve();
+  await Promise.resolve();
+}
+
 describe("loginWeb coverage", () => {
   beforeEach(() => {
     vi.useFakeTimers();
@@ -65,12 +85,25 @@ describe("loginWeb coverage", () => {
   });
 
   it("restarts once when WhatsApp requests code 515", async () => {
+    let releaseCredsFlush: (() => void) | undefined;
+    const credsFlushGate = new Promise<void>((resolve) => {
+      releaseCredsFlush = resolve;
+    });
     waitForWaConnectionMock
-      .mockRejectedValueOnce({ output: { statusCode: 515 } })
+      .mockRejectedValueOnce({ error: { output: { statusCode: 515 } } })
       .mockResolvedValueOnce(undefined);
+    waitForCredsSaveQueueWithTimeoutMock.mockReturnValueOnce(credsFlushGate);
 
     const runtime = { log: vi.fn(), error: vi.fn() } as never;
-    await loginWeb(false, waitForWaConnectionMock as never, runtime);
+    const pendingLogin = loginWeb(false, waitForWaConnectionMock as never, runtime);
+    await flushTasks();
+
+    expect(createWaSocketMock).toHaveBeenCalledTimes(1);
+    expect(waitForCredsSaveQueueWithTimeoutMock).toHaveBeenCalledOnce();
+    expect(waitForCredsSaveQueueWithTimeoutMock).toHaveBeenCalledWith(authDir);
+
+    releaseCredsFlush?.();
+    await pendingLogin;
 
     expect(createWaSocketMock).toHaveBeenCalledTimes(2);
     const firstSock = await createWaSocketMock.mock.results[0]?.value;

extensions/whatsapp/src/login.ts

@@ -5,7 +5,14 @@ import { danger, info, success } from "../../../src/globals.js";
 import { logInfo } from "../../../src/logger.js";
 import { defaultRuntime, type RuntimeEnv } from "../../../src/runtime.js";
 import { resolveWhatsAppAccount } from "./accounts.js";
-import { createWaSocket, formatError, logoutWeb, waitForWaConnection } from "./session.js";
+import {
+  createWaSocket,
+  formatError,
+  getStatusCode,
+  logoutWeb,
+  waitForCredsSaveQueueWithTimeout,
+  waitForWaConnection,
+} from "./session.js";
 
 export async function loginWeb(
   verbose: boolean,
@@ -24,20 +31,17 @@ export async function loginWeb(
     await wait(sock);
     console.log(success("✅ Linked! Credentials saved for future sends."));
   } catch (err) {
-    const code =
-      (err as { error?: { output?: { statusCode?: number } } })?.error?.output?.statusCode ??
-      (err as { output?: { statusCode?: number } })?.output?.statusCode;
+    const code = getStatusCode(err);
     if (code === 515) {
       console.log(
-        info(
-          "WhatsApp asked for a restart after pairing (code 515); creds are saved. Restarting connection once…",
-        ),
+        info("WhatsApp asked for a restart after pairing (code 515); waiting for creds to save…"),
       );
       try {
         sock.ws?.close();
       } catch {
         // ignore
       }
+      await waitForCredsSaveQueueWithTimeout(account.authDir);
       const retry = await createWaSocket(false, verbose, {
         authDir: account.authDir,
       });

extensions/whatsapp/src/monitor-inbox.append-upsert.test.ts

@@ -0,0 +1,149 @@
+import "./monitor-inbox.test-harness.js";
+import { describe, expect, it, vi } from "vitest";
+import { monitorWebInbox } from "./inbound.js";
+import {
+  DEFAULT_ACCOUNT_ID,
+  getAuthDir,
+  getSock,
+  installWebMonitorInboxUnitTestHooks,
+} from "./monitor-inbox.test-harness.js";
+
+describe("append upsert handling (#20952)", () => {
+  installWebMonitorInboxUnitTestHooks();
+  type InboxOnMessage = NonNullable<Parameters<typeof monitorWebInbox>[0]["onMessage"]>;
+
+  async function tick() {
+    await new Promise((resolve) => setImmediate(resolve));
+  }
+
+  async function startInboxMonitor(onMessage: InboxOnMessage) {
+    const listener = await monitorWebInbox({
+      verbose: false,
+      onMessage,
+      accountId: DEFAULT_ACCOUNT_ID,
+      authDir: getAuthDir(),
+    });
+    return { listener, sock: getSock() };
+  }
+
+  it("processes recent append messages (within 60s of connect)", async () => {
+    const onMessage = vi.fn(async () => {});
+    const { listener, sock } = await startInboxMonitor(onMessage);
+
+    // Timestamp ~5 seconds ago — recent, should be processed.
+    const recentTs = Math.floor(Date.now() / 1000) - 5;
+    sock.ev.emit("messages.upsert", {
+      type: "append",
+      messages: [
+        {
+          key: { id: "recent-1", fromMe: false, remoteJid: "120363@g.us" },
+          message: { conversation: "hello from group" },
+          messageTimestamp: recentTs,
+          pushName: "Tester",
+        },
+      ],
+    });
+    await tick();
+
+    expect(onMessage).toHaveBeenCalledTimes(1);
+
+    await listener.close();
+  });
+
+  it("skips stale append messages (older than 60s before connect)", async () => {
+    const onMessage = vi.fn(async () => {});
+    const { listener, sock } = await startInboxMonitor(onMessage);
+
+    // Timestamp 5 minutes ago — stale history sync, should be skipped.
+    const staleTs = Math.floor(Date.now() / 1000) - 300;
+    sock.ev.emit("messages.upsert", {
+      type: "append",
+      messages: [
+        {
+          key: { id: "stale-1", fromMe: false, remoteJid: "120363@g.us" },
+          message: { conversation: "old history sync" },
+          messageTimestamp: staleTs,
+          pushName: "OldTester",
+        },
+      ],
+    });
+    await tick();
+
+    expect(onMessage).not.toHaveBeenCalled();
+
+    await listener.close();
+  });
+
+  it("skips append messages with NaN/non-finite timestamps", async () => {
+    const onMessage = vi.fn(async () => {});
+    const { listener, sock } = await startInboxMonitor(onMessage);
+
+    // NaN timestamp should be treated as 0 (stale) and skipped.
+    sock.ev.emit("messages.upsert", {
+      type: "append",
+      messages: [
+        {
+          key: { id: "nan-1", fromMe: false, remoteJid: "120363@g.us" },
+          message: { conversation: "bad timestamp" },
+          messageTimestamp: NaN,
+          pushName: "BadTs",
+        },
+      ],
+    });
+    await tick();
+
+    expect(onMessage).not.toHaveBeenCalled();
+
+    await listener.close();
+  });
+
+  it("handles Long-like protobuf timestamps correctly", async () => {
+    const onMessage = vi.fn(async () => {});
+    const { listener, sock } = await startInboxMonitor(onMessage);
+
+    // Baileys can deliver messageTimestamp as a Long object (from protobufjs).
+    // Number(longObj) calls valueOf() and returns the numeric value.
+    const recentTs = Math.floor(Date.now() / 1000) - 5;
+    const longLike = { low: recentTs, high: 0, unsigned: true, valueOf: () => recentTs };
+    sock.ev.emit("messages.upsert", {
+      type: "append",
+      messages: [
+        {
+          key: { id: "long-1", fromMe: false, remoteJid: "120363@g.us" },
+          message: { conversation: "long timestamp" },
+          messageTimestamp: longLike,
+          pushName: "LongTs",
+        },
+      ],
+    });
+    await tick();
+
+    expect(onMessage).toHaveBeenCalledTimes(1);
+
+    await listener.close();
+  });
+
+  it("always processes notify messages regardless of timestamp", async () => {
+    const onMessage = vi.fn(async () => {});
+    const { listener, sock } = await startInboxMonitor(onMessage);
+
+    // Very old timestamp but type=notify — should always be processed.
+    const oldTs = Math.floor(Date.now() / 1000) - 86400;
+    sock.ev.emit("messages.upsert", {
+      type: "notify",
+      messages: [
+        {
+          key: { id: "notify-1", fromMe: false, remoteJid: "999@s.whatsapp.net" },
+          message: { conversation: "normal message" },
+          messageTimestamp: oldTs,
+          pushName: "User",
+        },
+      ],
+    });
+    await tick();
+
+    expect(onMessage).toHaveBeenCalledTimes(1);
+
+    await listener.close();
+  });
+});

extensions/whatsapp/src/session.test.ts

@@ -204,6 +204,62 @@ describe("web session", () => {
     expect(inFlight).toBe(0);
   });
 
+  it("lets different authDir queues flush independently", async () => {
+    let inFlightA = 0;
+    let inFlightB = 0;
+    let releaseA: (() => void) | null = null;
+    let releaseB: (() => void) | null = null;
+    const gateA = new Promise<void>((resolve) => {
+      releaseA = resolve;
+    });
+    const gateB = new Promise<void>((resolve) => {
+      releaseB = resolve;
+    });
+
+    const saveCredsA = vi.fn(async () => {
+      inFlightA += 1;
+      await gateA;
+      inFlightA -= 1;
+    });
+    const saveCredsB = vi.fn(async () => {
+      inFlightB += 1;
+      await gateB;
+      inFlightB -= 1;
+    });
+    useMultiFileAuthStateMock
+      .mockResolvedValueOnce({
+        state: { creds: {} as never, keys: {} as never },
+        saveCreds: saveCredsA,
+      })
+      .mockResolvedValueOnce({
+        state: { creds: {} as never, keys: {} as never },
+        saveCreds: saveCredsB,
+      });
+
+    await createWaSocket(false, false, { authDir: "/tmp/wa-a" });
+    const sockA = getLastSocket();
+    await createWaSocket(false, false, { authDir: "/tmp/wa-b" });
+    const sockB = getLastSocket();
+
+    sockA.ev.emit("creds.update", {});
+    sockB.ev.emit("creds.update", {});
+
+    await flushCredsUpdate();
+
+    expect(saveCredsA).toHaveBeenCalledTimes(1);
+    expect(saveCredsB).toHaveBeenCalledTimes(1);
+    expect(inFlightA).toBe(1);
+    expect(inFlightB).toBe(1);
+
+    (releaseA as (() => void) | null)?.();
+    (releaseB as (() => void) | null)?.();
+    await flushCredsUpdate();
+    await flushCredsUpdate();
+
+    expect(inFlightA).toBe(0);
+    expect(inFlightB).toBe(0);
+  });
+
   it("rotates creds backup when creds.json is valid JSON", async () => {
     const creds = mockCredsJsonSpies("{}");
     const backupSuffix = path.join(

extensions/whatsapp/src/session.ts

@@ -31,17 +31,24 @@ export {
   webAuthExists,
 } from "./auth-store.js";
 
-let credsSaveQueue: Promise<void> = Promise.resolve();
+// Per-authDir queues so multi-account creds saves don't block each other.
+const credsSaveQueues = new Map<string, Promise<void>>();
+const CREDS_SAVE_FLUSH_TIMEOUT_MS = 15_000;
 function enqueueSaveCreds(
   authDir: string,
   saveCreds: () => Promise<void> | void,
   logger: ReturnType<typeof getChildLogger>,
 ): void {
-  credsSaveQueue = credsSaveQueue
+  const prev = credsSaveQueues.get(authDir) ?? Promise.resolve();
+  const next = prev
     .then(() => safeSaveCreds(authDir, saveCreds, logger))
     .catch((err) => {
       logger.warn({ error: String(err) }, "WhatsApp creds save queue error");
+    })
+    .finally(() => {
+      if (credsSaveQueues.get(authDir) === next) credsSaveQueues.delete(authDir);
     });
+  credsSaveQueues.set(authDir, next);
 }
 
 async function safeSaveCreds(
@@ -186,10 +193,37 @@ export async function waitForWaConnection(sock: ReturnType<typeof makeWASocket>)
 export function getStatusCode(err: unknown) {
   return (
     (err as { output?: { statusCode?: number } })?.output?.statusCode ??
-    (err as { status?: number })?.status
+    (err as { status?: number })?.status ??
+    (err as { error?: { output?: { statusCode?: number } } })?.error?.output?.statusCode
   );
 }
 
+/** Await pending credential saves — scoped to one authDir, or all if omitted. */
+export function waitForCredsSaveQueue(authDir?: string): Promise<void> {
+  if (authDir) {
+    return credsSaveQueues.get(authDir) ?? Promise.resolve();
+  }
+  return Promise.all(credsSaveQueues.values()).then(() => {});
+}
+
+/** Await pending credential saves, but don't hang forever on stalled I/O. */
+export async function waitForCredsSaveQueueWithTimeout(
+  authDir: string,
+  timeoutMs = CREDS_SAVE_FLUSH_TIMEOUT_MS,
+): Promise<void> {
+  let flushTimeout: ReturnType<typeof setTimeout> | undefined;
+  await Promise.race([
+    waitForCredsSaveQueue(authDir),
+    new Promise<void>((resolve) => {
+      flushTimeout = setTimeout(resolve, timeoutMs);
+    }),
+  ]).finally(() => {
+    if (flushTimeout) {
+      clearTimeout(flushTimeout);
+    }
+  });
+}
+
 function safeStringify(value: unknown, limit = 800): string {
   try {
     const seen = new WeakSet();

extensions/zalo/src/monitor.webhook.ts

@@ -15,8 +15,8 @@ import {
   withResolvedWebhookRequestPipeline,
   WEBHOOK_ANOMALY_COUNTER_DEFAULTS,
   WEBHOOK_RATE_LIMIT_DEFAULTS,
+  resolveClientIp,
 } from "openclaw/plugin-sdk/zalo";
-import { resolveClientIp } from "../../../src/gateway/net.js";
 import type { ResolvedZaloAccount } from "./accounts.js";
 import type { ZaloFetch, ZaloUpdate } from "./api.js";
 import type { ZaloRuntimeEnv } from "./monitor.js";

extensions/zalouser/src/monitor.group-gating.test.ts

@@ -477,7 +477,37 @@ describe("zalouser monitor group mention gating", () => {
     });
   });
 
-  it("blocks group messages when sender is not in groupAllowFrom/allowFrom", async () => {
+  it("allows allowlisted group replies without inheriting the DM allowlist", async () => {
+    const { dispatchReplyWithBufferedBlockDispatcher } = installRuntime({
+      commandAuthorized: false,
+      replyPayload: { text: "ok" },
+    });
+    await __testing.processMessage({
+      message: createGroupMessage({
+        content: "ping @bot",
+        hasAnyMention: true,
+        wasExplicitlyMentioned: true,
+        senderId: "456",
+      }),
+      account: {
+        ...createAccount(),
+        config: {
+          ...createAccount().config,
+          groupPolicy: "allowlist",
+          allowFrom: ["123"],
+          groups: {
+            "group:g-1": { allow: true, requireMention: true },
+          },
+        },
+      },
+      config: createConfig(),
+      runtime: createRuntimeEnv(),
+    });
+
+    expect(dispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalledTimes(1);
+  });
+
+  it("blocks group messages when sender is not in groupAllowFrom", async () => {
     const { dispatchReplyWithBufferedBlockDispatcher } = installRuntime({
       commandAuthorized: false,
     });
@@ -493,6 +523,7 @@ describe("zalouser monitor group mention gating", () => {
           ...createAccount().config,
           groupPolicy: "allowlist",
           allowFrom: ["999"],
+          groupAllowFrom: ["999"],
         },
       },
       config: createConfig(),