@2en/clawly-plugins 1.26.0-beta.1 → 1.26.1-beta.0

package/config-setup.ts

@@ -1,20 +1,25 @@
 /**
- * On plugin init, patches openclaw.json to set all business config that was
- * previously written by provision's buildConfig().
+ * Reconciles runtime config owned by clawly-plugins after provision has already
+ * established the bootstrap baseline (plugin entry, pluginConfig inputs,
+ * workspace files, install metadata).
  *
- * Domain helpers read the pluginConfig, apply enforce or set-if-missing
- * semantics, and write once if anything changed.  This runs before
- * setupModelGateway so agents.defaults.model is available for the model
- * provider setup.
+ * This file intentionally owns two narrower responsibilities:
+ * - repair legacy state damaged by older provision flows
+ * - reconcile runtime-facing config derived from pluginConfig
  *
- * Backward compatibility: old sprites have pluginConfig with only 4 fields
- * (skill/model gateway credentials). Helpers check for the new fields and
- * skip gracefully when absent.
+ * It does not try to redefine provision's startup contract. Anything that must
+ * exist before the first gateway boot should remain provision-owned.
+ *
+ * Backward compatibility: old sprites may have only the original gateway
+ * credentials in pluginConfig. Helpers check for newer fields and skip
+ * gracefully when absent.
  */
 
+import fs from 'node:fs'
 import path from 'node:path'
 
 import type {PluginApi} from './index'
+import {autoSanitizeSession} from './gateway/session-sanitize'
 import {
   PROVIDER_NAME,
   patchModelGateway,
@@ -377,8 +382,100 @@ export function patchSession(config: Record<string, unknown>): boolean {
   return dirty
 }
 
+const PLUGIN_ID = 'clawly-plugins'
+const NPM_PKG_NAME = '@2en/clawly-plugins'
+
+function asObj(value: unknown): Record<string, unknown> {
+  return value !== null && typeof value === 'object' && !Array.isArray(value)
+    ? (value as Record<string, unknown>)
+    : {}
+}
+
+/**
+ * Self-healing: reconstruct missing `plugins.installs.clawly-plugins` record.
+ * Older provisioned sprites had this record destroyed by a full-overwrite bug
+ * in the provision write-plugins-config step.  Without this record,
+ * `openclaw plugins update` cannot function.
+ */
+export function patchInstallRecord(config: Record<string, unknown>, stateDir: string): boolean {
+  const plugins = asObj(config.plugins)
+  const installs = asObj(plugins.installs)
+
+  // Already has a valid install record — nothing to do
+  if (
+    installs[PLUGIN_ID] &&
+    typeof installs[PLUGIN_ID] === 'object' &&
+    (installs[PLUGIN_ID] as Record<string, unknown>).source &&
+    (installs[PLUGIN_ID] as Record<string, unknown>).spec
+  )
+    return false
+
+  // Read version from installed plugin's package.json
+  const installPath = path.join(stateDir, 'extensions', PLUGIN_ID)
+  const pkgPath = path.join(installPath, 'package.json')
+  let rawPkg: string
+  try {
+    rawPkg = fs.readFileSync(pkgPath, 'utf-8')
+  } catch {
+    // Plugin not installed on disk — skip
+    return false
+  }
+  let version: string | undefined
+  try {
+    const pkg = JSON.parse(rawPkg)
+    if (typeof pkg.version === 'string') version = pkg.version
+  } catch {
+    // package.json is malformed — proceed without version
+  }
+  let installedAt = new Date().toISOString()
+  try {
+    installedAt = fs.statSync(pkgPath).mtime.toISOString()
+  } catch {
+    // Fall back to repair time if file metadata is unavailable.
+  }
+
+  installs[PLUGIN_ID] = {
+    source: 'npm',
+    spec: version ? `${NPM_PKG_NAME}@${version}` : NPM_PKG_NAME,
+    installPath,
+    version,
+    installedAt,
+  }
+  plugins.installs = installs
+  config.plugins = plugins
+  return true
+}
+
+function repairLegacyProvisionState(
+  api: PluginApi,
+  config: Record<string, unknown>,
+  stateDir: string,
+) {
+  const installRecordPatched = patchInstallRecord(config, stateDir)
+  if (installRecordPatched) {
+    api.logger.warn('plugins.installs.clawly-plugins was missing — self-healed from disk.')
+  }
+  return installRecordPatched
+}
+
+function reconcileRuntimeConfig(
+  api: PluginApi,
+  config: Record<string, unknown>,
+  pc: ConfigPluginConfig,
+): boolean {
+  let dirty = false
+  dirty = patchAgent(config, pc) || dirty
+  dirty = patchGateway(config) || dirty
+  dirty = patchBrowser(config) || dirty
+  dirty = patchSession(config) || dirty
+  dirty = patchTts(config, pc) || dirty
+  dirty = patchWebSearch(config, pc) || dirty
+  dirty = patchModelGateway(config, api) || dirty
+  return dirty
+}
+
 // ---------------------------------------------------------------------------
-// Entry point — single read, patch all, single write
+// Entry point — single read, targeted reconcile, single write
 // ---------------------------------------------------------------------------
 
 export function setupConfig(api: PluginApi): void {
@@ -393,23 +490,20 @@ export function setupConfig(api: PluginApi): void {
   const pc = toPC(api)
 
   let dirty = false
-  dirty = patchAgent(config, pc) || dirty
-  dirty = patchGateway(config) || dirty
-  dirty = patchBrowser(config) || dirty
-  dirty = patchSession(config) || dirty
-  dirty = patchTts(config, pc) || dirty
-  dirty = patchWebSearch(config, pc) || dirty
-  dirty = patchModelGateway(config, api) || dirty
+  dirty = repairLegacyProvisionState(api, config, stateDir) || dirty
+  dirty = reconcileRuntimeConfig(api, config, pc) || dirty
 
-  if (!dirty) {
+  if (dirty) {
+    try {
+      writeOpenclawConfig(configPath, config)
+      api.logger.info('Config setup: patched openclaw.json.')
+    } catch (err) {
+      api.logger.error(`Config setup failed: ${(err as Error).message}`)
+    }
+  } else {
     api.logger.info('Config setup: no changes needed.')
-    return
   }
 
-  try {
-    writeOpenclawConfig(configPath, config)
-    api.logger.info('Config setup: patched openclaw.json.')
-  } catch (err) {
-    api.logger.error(`Config setup failed: ${(err as Error).message}`)
-  }
+  // Best-effort: clear stale delivery fields from the main session on every restart
+  autoSanitizeSession(api)
 }

package/gateway/index.ts

@@ -3,6 +3,8 @@ import {registerAgentSend} from './agent'
 import {registerAnalytics} from './analytics'
 import {registerClawhub2gateway} from './clawhub2gateway'
 import {registerConfigRepair} from './config-repair'
+
+import {registerSessionSanitize} from './session-sanitize'
 import {registerCronDelivery} from './cron-delivery'
 import {registerCronTelemetry} from './cron-telemetry'
 import {initOtel, shutdownOtel} from './otel'
@@ -54,6 +56,7 @@ export function registerGateway(api: PluginApi) {
   registerCronTelemetry(api)
   registerAnalytics(api)
   registerConfigRepair(api)
+  registerSessionSanitize(api)
   registerPairing(api)
   registerVersion(api)
 }

package/gateway/notification.ts

@@ -17,6 +17,7 @@ import path from 'node:path'
 import {$} from 'zx'
 import type {PluginApi} from '../types'
 import {stripCliLogs} from '../lib/stripCliLogs'
+import {stripMarkdown} from '../lib/stripMarkdown'
 
 $.verbose = false
 
@@ -151,7 +152,12 @@ export async function sendPushNotification(
     return false
   }
 
-  const title = opts.title ?? (await resolveAgentTitle(opts.agentId))
+  const title = stripMarkdown(opts.title ?? (await resolveAgentTitle(opts.agentId)))
+  const body = stripMarkdown(opts.body)
+  if (!body) {
+    api.logger.warn('notification: body stripped to empty, skipping push')
+    return false
+  }
 
   try {
     const res = await fetch(EXPO_PUSH_URL, {
@@ -161,7 +167,7 @@ export async function sendPushNotification(
         to: token,
         sound: 'default',
         title,
-        body: opts.body,
+        body,
         data: opts.data,
         ...extras,
       }),
@@ -183,7 +189,7 @@ export async function sendPushNotification(
       return false
     }
 
-    api.logger.info(`notification: push sent — "${opts.body}"`)
+    api.logger.info(`notification: push sent — "${body}"`)
     return true
   } catch (err) {
     api.logger.error(

package/gateway/offline-push.test.ts

@@ -374,6 +374,16 @@ describe('shouldSkipPushForMessage', () => {
     expect(shouldSkipPushForMessage(' NO_REPLY ')).toBe('silent reply')
   })
 
+  test('skips trailing NO_REPLY with reasoning text (newline-collapsed)', () => {
+    // getLastAssistantText collapses "\n" → " ", so these arrive as single-line
+    expect(
+      shouldSkipPushForMessage('User is online — stopping here, no action needed. NO_REPLY'),
+    ).toBe('silent reply')
+    expect(shouldSkipPushForMessage('no match in last 24 hours → silent response. NO_REPLY')).toBe(
+      'silent reply',
+    )
+  })
+
   test('skips heartbeat ack when HEARTBEAT_OK is the only content', () => {
     expect(shouldSkipPushForMessage('HEARTBEAT_OK')).toBe('heartbeat ack')
     expect(shouldSkipPushForMessage('HEARTBEAT_OK.')).toBe('heartbeat ack')

package/gateway/offline-push.ts

@@ -136,8 +136,13 @@ export function shouldSkipPushForMessage(text: string): string | null {
   // Agent replied with empty content — mobile hides as "emptyAssistant"
   if (trimmed === '') return 'empty assistant'
 
-  // Agent sentinel "nothing to say" — mobile hides as "silentReply"
-  if (trimmed === 'NO_REPLY') return 'silent reply'
+  // Agent sentinel "nothing to say" — mobile hides as "silentReply".
+  // Mobile uses (?:^|\n) anchor on raw text; here text is already newline-collapsed
+  // by getLastAssistantText, so we match NO_REPLY at string end without line anchor.
+  // Known limitation: a message ending with literal "NO_REPLY" as inline text (e.g.
+  // "The sentinel is called NO_REPLY") would suppress the push. Acceptable trade-off
+  // — the scenario is extremely unlikely and the cost is a missed push, not hidden UI.
+  if (/NO_REPLY[\p{P}\s]*$/u.test(text)) return 'silent reply'
 
   // Heartbeat acknowledgment (HEARTBEAT_OK as ending sentinel) — only skip if no substantial content before it
   if (/HEARTBEAT_OK[\p{P}\s]*$/u.test(text)) {

package/gateway/plugins.ts

@@ -127,6 +127,22 @@ async function withPluginBackup<T>(
   }
 }
 
+interface UpdateParams {
+  pluginId: string
+  npmPkgName: string
+  strategy: 'force' | 'update' | 'install'
+  targetVersion?: string
+  restart?: boolean
+  /**
+   * Skip update if installed version already matches target. Default `true`.
+   *
+   * Applies to all strategies including `force`. `force` means "use the
+   * hardened install flow" (clear plugin config → reinstall), not "always
+   * reinstall regardless of version". Set `false` to bypass (testing only).
+   */
+  skipIfCurrent?: boolean
+}
+
 export function registerPlugins(api: PluginApi) {
   // ── clawly.plugins.version ──────────────────────────────────────
 
@@ -194,13 +210,15 @@ export function registerPlugins(api: PluginApi) {
 
   // ── clawly.plugins.update ──────────────────────────────────────
 
-  api.registerGatewayMethod('clawly.plugins.update', async ({params, respond}) => {
+  api.registerGatewayMethod('clawly.plugins.update', async (args) => {
+    const {params, respond} = args as {params: Partial<UpdateParams>; respond: typeof args.respond}
     const pluginId = typeof params.pluginId === 'string' ? params.pluginId.trim() : ''
     const npmPkgName = typeof params.npmPkgName === 'string' ? params.npmPkgName.trim() : ''
     const strategy = typeof params.strategy === 'string' ? params.strategy.trim() : ''
     const targetVersion =
       typeof params.targetVersion === 'string' ? params.targetVersion.trim() : undefined
     const restart = params.restart === true
+    const skipIfCurrent = params.skipIfCurrent !== false
 
     if (!pluginId || !npmPkgName || !strategy) {
       respond(false, undefined, {
@@ -220,11 +238,41 @@ export function registerPlugins(api: PluginApi) {
 
     const installTarget = targetVersion ? `${npmPkgName}@${targetVersion}` : npmPkgName
 
+    // ── Skip if already at target version ──────────────────────
+    const stateDir = api.runtime.state.resolveStateDir()
+    const installedVersion = stateDir ? readExtensionVersion(stateDir, pluginId) : null
+
+    if (skipIfCurrent && installedVersion) {
+      let resolvedTarget: string | null = null
+
+      if (targetVersion) {
+        // Explicit target — compare directly
+        resolvedTarget = targetVersion
+      } else {
+        // No target — resolve latest from npm
+        const npm = await fetchNpmView(npmPkgName)
+        if (npm?.version) resolvedTarget = npm.version
+      }
+
+      if (resolvedTarget && installedVersion === resolvedTarget) {
+        api.logger.info(
+          `plugins: ${pluginId} already at version ${installedVersion}, skipping ${strategy}`,
+        )
+        captureEvent('plugin.updated', {
+          plugin_id: pluginId,
+          strategy,
+          success: true,
+          skipped: true,
+        })
+        respond(true, {ok: true, strategy, skipped: true})
+        return
+      }
+    }
+
     try {
       let output = ''
 
       if (strategy === 'force') {
-        const stateDir = api.runtime.state.resolveStateDir()
         if (!stateDir) throw new Error('cannot resolve openclaw state dir')
 
         const configPath = path.join(stateDir, 'openclaw.json')

package/gateway/session-sanitize.ts

@@ -0,0 +1,263 @@
+/**
+ * Session sanitize RPC: detects and clears stale delivery-context fields
+ * from the main webchat session that were left by cross-channel delivery.
+ *
+ * Methods:
+ * - clawly.session.sanitize({ dryRun?, sessionKey? }) → { ok/repaired, issues?, detail }
+ */
+
+import fs from 'node:fs'
+import path from 'node:path'
+
+import type {PluginApi} from '../types'
+
+const DEFAULT_AGENT_ID = 'clawly'
+
+function mainSessionKey(api: PluginApi): string {
+  const agentId =
+    (api.pluginConfig as Record<string, unknown> | undefined)?.agentId ?? DEFAULT_AGENT_ID
+  return `agent:${agentId}:main`
+}
+
+/** Fields on SessionEntry that should be absent (or "webchat") for a webchat-only session. */
+const STALE_CHANNEL_VALUES = new Set([
+  'telegram',
+  'discord',
+  'slack',
+  'signal',
+  'whatsapp',
+  'imessage',
+  'line',
+  'matrix',
+  'msteams',
+  'zalo',
+])
+
+interface SessionsStore {
+  sessions: Record<string, Record<string, unknown>>
+}
+
+/** Returns the parsed store, or null if the file doesn't exist, or throws on read/parse errors. */
+function readSessionsStore(storePath: string): SessionsStore | null {
+  let raw: string
+  try {
+    raw = fs.readFileSync(storePath, 'utf-8')
+    const parsed = JSON.parse(raw)
+    if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
+      throw new Error('not a JSON object')
+    return parsed
+  } catch (err: unknown) {
+    if ((err as NodeJS.ErrnoException).code === 'ENOENT') return null
+    throw err
+  }
+}
+
+function writeSessionsStore(storePath: string, store: SessionsStore): void {
+  const tmpPath = storePath + '.tmp'
+  fs.writeFileSync(tmpPath, JSON.stringify(store, null, 2) + '\n')
+  fs.renameSync(tmpPath, storePath)
+}
+
+/**
+ * Check a session entry for stale delivery fields that point to a non-webchat channel.
+ * Returns a list of issue descriptions, or empty array if clean.
+ */
+function detectIssues(entry: Record<string, unknown>): string[] {
+  const issues: string[] = []
+
+  // deliveryContext.channel
+  const dc = entry.deliveryContext as Record<string, unknown> | undefined
+  if (dc?.channel && typeof dc.channel === 'string' && STALE_CHANNEL_VALUES.has(dc.channel)) {
+    issues.push(`deliveryContext.channel = "${dc.channel}"`)
+  }
+
+  // lastChannel
+  if (typeof entry.lastChannel === 'string' && STALE_CHANNEL_VALUES.has(entry.lastChannel)) {
+    issues.push(`lastChannel = "${entry.lastChannel}"`)
+  }
+
+  // lastTo, lastAccountId, lastThreadId — should be absent for webchat
+  // Values may contain PII (phone numbers, platform user IDs) — omit from logs/UI
+  if (entry.lastTo != null) issues.push('lastTo')
+  if (entry.lastAccountId != null) issues.push('lastAccountId')
+  if (entry.lastThreadId != null) issues.push('lastThreadId')
+
+  // origin.provider / origin.surface
+  const origin = entry.origin as Record<string, unknown> | undefined
+  if (
+    origin?.provider &&
+    typeof origin.provider === 'string' &&
+    STALE_CHANNEL_VALUES.has(origin.provider)
+  ) {
+    issues.push(`origin.provider = "${origin.provider}"`)
+  }
+  if (
+    origin?.surface &&
+    typeof origin.surface === 'string' &&
+    STALE_CHANNEL_VALUES.has(origin.surface)
+  ) {
+    issues.push(`origin.surface = "${origin.surface}"`)
+  }
+
+  return issues
+}
+
+/** Clear stale delivery fields from a session entry (mutates in place). */
+function repairEntry(entry: Record<string, unknown>): void {
+  // Only delete channel-guarded fields when they match a stale channel value
+  const dc = entry.deliveryContext as Record<string, unknown> | undefined
+  if (dc && typeof dc.channel === 'string' && STALE_CHANNEL_VALUES.has(dc.channel)) {
+    delete dc.channel
+    if (Object.keys(dc).length === 0) delete entry.deliveryContext
+  }
+  if (typeof entry.lastChannel === 'string' && STALE_CHANNEL_VALUES.has(entry.lastChannel))
+    delete entry.lastChannel
+  // lastTo/lastAccountId/lastThreadId are stale for webchat when present
+  if (entry.lastTo != null) delete entry.lastTo
+  if (entry.lastAccountId != null) delete entry.lastAccountId
+  if (entry.lastThreadId != null) delete entry.lastThreadId
+
+  const origin = entry.origin as Record<string, unknown> | undefined
+  if (origin) {
+    if (typeof origin.provider === 'string' && STALE_CHANNEL_VALUES.has(origin.provider))
+      delete origin.provider
+    if (typeof origin.surface === 'string' && STALE_CHANNEL_VALUES.has(origin.surface))
+      delete origin.surface
+    if (Object.keys(origin).length === 0) delete entry.origin
+  }
+}
+
+export function registerSessionSanitize(api: PluginApi) {
+  // Capture agentId + defaultKey once at registration time so the handler
+  // stays consistent with the sessionKey guard even if pluginConfig mutates.
+  const agentId =
+    ((api.pluginConfig as Record<string, unknown> | undefined)?.agentId as string | undefined) ??
+    DEFAULT_AGENT_ID
+  const defaultKey = `agent:${agentId}:main`
+
+  api.registerGatewayMethod('clawly.session.sanitize', async ({params, respond}) => {
+    const dryRun = params.dryRun === true
+    const sessionKey = typeof params.sessionKey === 'string' ? params.sessionKey : defaultKey
+
+    // Only sanitize the main webchat session — non-main sessions (e.g. telegram/discord)
+    // legitimately use lastTo/lastAccountId/lastThreadId for routing.
+    if (sessionKey !== defaultKey) {
+      respond(true, {
+        ok: true,
+        ...(dryRun ? {} : {repaired: false}),
+        detail: `Skipped — sanitize only applies to "${defaultKey}"`,
+      })
+      return
+    }
+
+    const stateDir = api.runtime.state.resolveStateDir()
+    if (!stateDir) {
+      respond(true, {
+        ok: false,
+        ...(dryRun ? {} : {repaired: false}),
+        detail: 'Cannot resolve state dir',
+      })
+      return
+    }
+
+    const storePath = path.join(stateDir, 'agents', agentId, 'sessions', 'sessions.json')
+    let store: SessionsStore | null
+    try {
+      store = readSessionsStore(storePath)
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err)
+      respond(true, {
+        // dryRun: treat corrupt as "can't check, assume clean" — avoids
+        // showing a misleading Fix button for an unfixable environment error.
+        ...(dryRun ? {ok: true} : {ok: false, repaired: false}),
+        detail: `Sessions store unreadable or malformed: ${msg}`,
+      })
+      return
+    }
+    if (!store) {
+      respond(true, {
+        ok: true,
+        ...(dryRun ? {} : {repaired: false}),
+        detail: 'Sessions store not found — nothing to sanitize',
+      })
+      return
+    }
+
+    const entry = store.sessions?.[sessionKey] as Record<string, unknown> | undefined
+    if (!entry) {
+      respond(true, {
+        ok: true,
+        ...(dryRun ? {} : {repaired: false}),
+        detail: `Session "${sessionKey}" not found — nothing to sanitize`,
+      })
+      return
+    }
+
+    const issues = detectIssues(entry)
+    if (issues.length === 0) {
+      respond(true, {
+        ok: true,
+        ...(dryRun ? {} : {repaired: false}),
+        detail: 'Session delivery context is clean',
+      })
+      return
+    }
+
+    if (dryRun) {
+      respond(true, {ok: false, issues, detail: `Stale fields: ${issues.join(', ')}`})
+      return
+    }
+
+    repairEntry(entry)
+
+    try {
+      writeSessionsStore(storePath, store)
+      api.logger.info(`session.sanitize: cleared stale delivery fields — ${issues.join(', ')}`)
+      respond(true, {ok: true, repaired: true, issues, detail: `Cleared: ${issues.join(', ')}`})
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err)
+      api.logger.error(`session.sanitize: write failed — ${msg}`)
+      respond(true, {ok: false, repaired: false, detail: `Write failed: ${msg}`})
+    }
+  })
+
+  api.logger.info('session-sanitize: registered clawly.session.sanitize')
+}
+
+/**
+ * Standalone auto-sanitize — reads, checks, writes. Called from setupConfig on startup.
+ * Best-effort: logs warnings on failure, never throws.
+ */
+export function autoSanitizeSession(api: PluginApi): void {
+  const stateDir = api.runtime.state.resolveStateDir()
+  if (!stateDir) return
+
+  const agentId =
+    (api.pluginConfig as Record<string, unknown> | undefined)?.agentId ?? DEFAULT_AGENT_ID
+  const storePath = path.join(stateDir, 'agents', String(agentId), 'sessions', 'sessions.json')
+  let store: SessionsStore | null
+  try {
+    store = readSessionsStore(storePath)
+  } catch (err) {
+    api.logger.warn(
+      `session-sanitize (auto): cannot read sessions store — ${(err as Error).message}`,
+    )
+    return
+  }
+  if (!store) return
+
+  const sessionKey = mainSessionKey(api)
+  const entry = store.sessions?.[sessionKey] as Record<string, unknown> | undefined
+  if (!entry) return
+
+  const issues = detectIssues(entry)
+  if (issues.length === 0) return
+
+  repairEntry(entry)
+  try {
+    writeSessionsStore(storePath, store)
+    api.logger.info(`session-sanitize (auto): cleared stale fields — ${issues.join(', ')}`)
+  } catch (err) {
+    api.logger.warn(`session-sanitize (auto): write failed — ${(err as Error).message}`)
+  }
+}

package/lib/stripMarkdown.test.ts

@@ -0,0 +1,156 @@
+import {describe, expect, test} from 'bun:test'
+import {stripMarkdown} from './stripMarkdown'
+
+describe('stripMarkdown', () => {
+  test('strips bold (**text**)', () => {
+    expect(stripMarkdown('Hello **world**!')).toBe('Hello world!')
+  })
+
+  test('strips italic (*text*)', () => {
+    expect(stripMarkdown('Hello *world*!')).toBe('Hello world!')
+  })
+
+  test('strips bold+italic (***text***)', () => {
+    expect(stripMarkdown('Hello ***world***!')).toBe('Hello world!')
+  })
+
+  test('strips strikethrough (~~text~~)', () => {
+    expect(stripMarkdown('Hello ~~world~~!')).toBe('Hello world!')
+  })
+
+  test('strips inline code (`text`)', () => {
+    expect(stripMarkdown('Run `npm install` to start')).toBe('Run npm install to start')
+  })
+
+  test('strips code block fences, keeps content', () => {
+    expect(stripMarkdown('Before ```const x = 1``` after')).toBe('Before const x = 1 after')
+  })
+
+  test('strips multiline code block fences with language tag', () => {
+    expect(stripMarkdown('Before\n```js\nconst x = 1\n```\nafter')).toBe(
+      'Before\nconst x = 1\n\nafter',
+    )
+  })
+
+  test('strips multiline code block fences without language tag', () => {
+    expect(stripMarkdown('Before\n```\nconst x = 1\n```\nafter')).toBe(
+      'Before\nconst x = 1\n\nafter',
+    )
+  })
+
+  test('strips links [text](url) → text', () => {
+    expect(stripMarkdown('Visit [our site](https://example.com) now')).toBe('Visit our site now')
+  })
+
+  test('strips links with parenthesized URLs', () => {
+    expect(
+      stripMarkdown('See [Function](https://en.wikipedia.org/wiki/Function_(mathematics)) here'),
+    ).toBe('See Function here')
+  })
+
+  test('strips images ![alt](url) → alt', () => {
+    expect(stripMarkdown('See ![photo](https://example.com/img.png) here')).toBe('See photo here')
+  })
+
+  test('strips heading markers', () => {
+    expect(stripMarkdown('# Hello')).toBe('Hello')
+    expect(stripMarkdown('## Subheading')).toBe('Subheading')
+    expect(stripMarkdown('### Deep heading')).toBe('Deep heading')
+  })
+
+  test('strips heading markers in multiline text', () => {
+    expect(stripMarkdown('Line one\n## Heading')).toBe('Line one\nHeading')
+  })
+
+  test('strips blockquote markers', () => {
+    expect(stripMarkdown('> This is a quote')).toBe('This is a quote')
+  })
+
+  test('strips nested blockquotes', () => {
+    expect(stripMarkdown('> > Nested content')).toBe('Nested content')
+    expect(stripMarkdown('> > > Deep nested')).toBe('Deep nested')
+  })
+
+  test('strips blockquotes without space', () => {
+    expect(stripMarkdown('>text')).toBe('text')
+  })
+
+  test('strips blockquoted headings and lists', () => {
+    expect(stripMarkdown('> ## Heading')).toBe('Heading')
+    expect(stripMarkdown('> - Item')).toBe('Item')
+    expect(stripMarkdown('> 1. First')).toBe('First')
+  })
+
+  test('strips unordered list markers', () => {
+    expect(stripMarkdown('- Item one')).toBe('Item one')
+    expect(stripMarkdown('* Item two')).toBe('Item two')
+    expect(stripMarkdown('+ Item three')).toBe('Item three')
+  })
+
+  test('strips ordered list markers', () => {
+    expect(stripMarkdown('1. First item')).toBe('First item')
+    expect(stripMarkdown('2. Second item')).toBe('Second item')
+    expect(stripMarkdown('10. Tenth item')).toBe('Tenth item')
+  })
+
+  test('strips horizontal rules', () => {
+    expect(stripMarkdown('Before\n---\nAfter')).toBe('Before\n\nAfter')
+    expect(stripMarkdown('Before\n***\nAfter')).toBe('Before\n\nAfter')
+    expect(stripMarkdown('Before\n___\nAfter')).toBe('Before\n\nAfter')
+  })
+
+  test('handles multiple markdown features combined', () => {
+    expect(stripMarkdown('**Hey!** Check [this](https://x.com) out — `code` here')).toBe(
+      'Hey! Check this out — code here',
+    )
+  })
+
+  test('leaves plain text unchanged', () => {
+    expect(stripMarkdown('Just a normal message')).toBe('Just a normal message')
+  })
+
+  test('handles empty string', () => {
+    expect(stripMarkdown('')).toBe('')
+  })
+
+  test('collapses extra spaces from stripping', () => {
+    expect(stripMarkdown('Hello  **world**  !')).toBe('Hello world !')
+  })
+
+  test('preserves snake_case identifiers', () => {
+    expect(stripMarkdown('Use some_variable_name in your code')).toBe(
+      'Use some_variable_name in your code',
+    )
+  })
+
+  test('preserves underscores in technical text', () => {
+    expect(stripMarkdown('Set __proto__ and __name__ carefully')).toBe(
+      'Set __proto__ and __name__ carefully',
+    )
+  })
+
+  test('handles multiline LLM-style output', () => {
+    const input = '**Summary:**\n1. First point\n2. Second point\n> Note: be careful'
+    expect(stripMarkdown(input)).toBe('Summary:\nFirst point\nSecond point\nNote: be careful')
+  })
+
+  test('does not match bold across line boundaries', () => {
+    const input = '* Item one\n* Item two'
+    expect(stripMarkdown(input)).toBe('Item one\nItem two')
+  })
+
+  test('strips * list marker with inline emphasis', () => {
+    expect(stripMarkdown('* Use *caution* here')).toBe('Use caution here')
+  })
+
+  test('preserves asterisks in math/technical expressions', () => {
+    expect(stripMarkdown('Calculate 2*3*4 for the result')).toBe('Calculate 2*3*4 for the result')
+    expect(stripMarkdown('Calculate 2 * 3 * 4 for the result')).toBe(
+      'Calculate 2 * 3 * 4 for the result',
+    )
+  })
+
+  test('preserves content from code-only input', () => {
+    expect(stripMarkdown('```const x = 1```')).toBe('const x = 1')
+  })
+})

package/lib/stripMarkdown.ts

@@ -0,0 +1,48 @@
+/**
+ * Strip common Markdown formatting from text to produce plain-text
+ * suitable for push notification bodies.
+ *
+ * Handles: bold, italic, strikethrough, inline code, code blocks,
+ * links, images, headings, blockquotes, list markers, and horizontal rules.
+ */
+export function stripMarkdown(text: string): string {
+  return (
+    text
+      // Code blocks — strip fences (and optional language tag), keep content
+      .replace(/```(?:\w*\n)?([\s\S]*?)```/g, '$1')
+      // Images ![alt](url) → alt  (supports one level of balanced parens in URL)
+      .replace(/!\[([^\]]*)\]\([^()]*(?:\([^()]*\))*[^()]*\)/g, '$1')
+      // Links [text](url) → text  (supports one level of balanced parens in URL)
+      .replace(/\[([^\]]*)\]\([^()]*(?:\([^()]*\))*[^()]*\)/g, '$1')
+      // ── Line-start structural markers (before inline formatting) ──
+      // Must run before bold/italic so that `* *text*` strips the list
+      // marker first, leaving `*text*` for the emphasis regex.
+      // Blockquote markers first — so `> ## Heading` and `> - Item` are
+      // unquoted before heading/list regexes run. Handles nested (`> > text`)
+      // and no-space (`>text`) variants in a single pass.
+      .replace(/(^|\n)(>\s*)+/g, '$1')
+      // Heading markers (# at start of line)
+      .replace(/(^|\n)#{1,6}\s+/g, '$1')
+      // Ordered list markers (1. 2. etc at start of line)
+      .replace(/(^|\n)\d+\.\s+/g, '$1')
+      // Unordered list markers (- * +) at start of line
+      .replace(/(^|\n)[*+-]\s+/g, '$1')
+      // ── Inline formatting ──
+      // Bold/italic with * only (**text**, *text*, ***text***)
+      // Intentionally skips _underscore_ variants to avoid corrupting
+      // snake_case identifiers and __dunder__ names common in LLM output.
+      // Uses CommonMark-style flanking rules: opening * must be followed by
+      // non-whitespace, closing * must be preceded by non-whitespace. This
+      // rejects spaced math like `2 * 3 * 4` while matching `*italic*`.
+      .replace(/(?<!\w)\*{1,3}(?!\s)([^*\n]+?)(?<!\s)\*{1,3}(?!\w)/g, '$1')
+      // Strikethrough ~~text~~
+      .replace(/~~([^~]+?)~~/g, '$1')
+      // Inline code `text`
+      .replace(/`([^`]+?)`/g, '$1')
+      // Horizontal rules (--- *** ___) on their own line
+      .replace(/(^|\n)([-*_]){3,}(\n|$)/g, '$1$3')
+      // Collapse multiple spaces and normalize whitespace
+      .replace(/ {2,}/g, ' ')
+      .trim()
+  )
+}

package/model-gateway-setup.ts

@@ -1,12 +1,10 @@
 /**
- * On plugin init, patches openclaw.json to add the `clawly-model-gateway`
- * model provider entry.  Credentials come from pluginConfig; the model list
- * is derived from `agents.defaults.model`
- * already present in the config.
+ * Reconciles the `clawly-model-gateway` provider in openclaw.json from
+ * pluginConfig inputs and the current runtime-facing agent defaults.
  *
- * This runs synchronously during plugin registration (before gateway_start).
- * OpenClaw loads the config file once at startup, so writing before the
- * gateway fully starts ensures the provider is active on first boot.
+ * This is a runtime reconcile path, not a provision/bootstrap contract.
+ * The first-boot correctness of gateway startup should not rely on this file
+ * write winning a race against OpenClaw's internal startup snapshot timing.
  */
 
 import fs from 'node:fs'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@2en/clawly-plugins",
-  "version": "1.26.0-beta.1",
+  "version": "1.26.1-beta.0",
   "module": "index.ts",
   "type": "module",
   "repository": {