@2en/clawly-plugins 1.26.0 → 1.26.1-beta.1

package/config-setup.ts

@@ -19,6 +19,7 @@ import fs from 'node:fs'
 import path from 'node:path'
 
 import type {PluginApi} from './index'
+import {autoSanitizeSession} from './gateway/session-sanitize'
 import {
   PROVIDER_NAME,
   patchModelGateway,
@@ -43,8 +44,39 @@ export interface ConfigPluginConfig {
   posthogHost?: string
 }
 
-function toPC(api: PluginApi): ConfigPluginConfig {
-  return (api.pluginConfig ?? {}) as ConfigPluginConfig
+function asObj(value: unknown): Record<string, unknown> {
+  return value !== null && typeof value === 'object' && !Array.isArray(value)
+    ? (value as Record<string, unknown>)
+    : {}
+}
+
+function readFilePluginConfig(config: Record<string, unknown>): ConfigPluginConfig {
+  const plugins = asObj(config.plugins)
+  const entries = asObj(plugins.entries)
+  const raw = asObj(entries['clawly-plugins'])
+  const fileConfig = raw?.config
+  return fileConfig && typeof fileConfig === 'object' && !Array.isArray(fileConfig)
+    ? (fileConfig as ConfigPluginConfig)
+    : {}
+}
+
+function mergeDefinedPluginConfig(
+  fileConfig: ConfigPluginConfig,
+  runtimeConfig: ConfigPluginConfig,
+): ConfigPluginConfig {
+  const merged = {...fileConfig}
+  for (const [key, value] of Object.entries(runtimeConfig)) {
+    if (value !== undefined) {
+      merged[key as keyof ConfigPluginConfig] = value
+    }
+  }
+  return merged
+}
+
+function toPC(api: PluginApi, config: Record<string, unknown>): ConfigPluginConfig {
+  const fileConfig = readFilePluginConfig(config)
+  const runtimeConfig = (api.pluginConfig ?? {}) as ConfigPluginConfig
+  return mergeDefinedPluginConfig(fileConfig, runtimeConfig)
 }
 
 const DEFAULT_MODEL = `${PROVIDER_NAME}/anthropic/claude-sonnet-4.6`
@@ -350,6 +382,58 @@ export function patchWebSearch(config: Record<string, unknown>, pc: ConfigPlugin
   return dirty
 }
 
+export function patchMemorySearch(
+  config: Record<string, unknown>,
+  pc: ConfigPluginConfig,
+): boolean {
+  if (!pc.modelGatewayBaseUrl || !pc.modelGatewayToken) return false
+
+  let dirty = false
+  const agents = (config.agents ?? {}) as Record<string, unknown>
+  const defaults = (agents.defaults ?? {}) as Record<string, unknown>
+  const ms = (defaults.memorySearch ?? {}) as Record<string, unknown>
+  const remote = (ms.remote ?? {}) as Record<string, unknown>
+  const batch = (remote.batch ?? {}) as Record<string, unknown>
+
+  // Provider: enforce (proxy mimics OpenAI API)
+  if (ms.provider !== 'openai') {
+    ms.provider = 'openai'
+    dirty = true
+  }
+
+  // Model: set-if-missing
+  if (ms.model === undefined) {
+    ms.model = 'text-embedding-3-small'
+    dirty = true
+  }
+
+  // Remote credentials: enforce
+  if (remote.baseUrl !== pc.modelGatewayBaseUrl) {
+    remote.baseUrl = pc.modelGatewayBaseUrl
+    dirty = true
+  }
+  if (remote.apiKey !== pc.modelGatewayToken) {
+    remote.apiKey = pc.modelGatewayToken
+    dirty = true
+  }
+
+  // Batch API not supported through proxy: enforce disabled
+  if (batch.enabled !== false) {
+    batch.enabled = false
+    dirty = true
+  }
+
+  if (dirty) {
+    remote.batch = batch
+    ms.remote = remote
+    defaults.memorySearch = ms
+    agents.defaults = defaults
+    config.agents = agents
+  }
+
+  return dirty
+}
+
 export function patchSession(config: Record<string, unknown>): boolean {
   let dirty = false
 
@@ -384,12 +468,6 @@ export function patchSession(config: Record<string, unknown>): boolean {
 const PLUGIN_ID = 'clawly-plugins'
 const NPM_PKG_NAME = '@2en/clawly-plugins'
 
-function asObj(value: unknown): Record<string, unknown> {
-  return value !== null && typeof value === 'object' && !Array.isArray(value)
-    ? (value as Record<string, unknown>)
-    : {}
-}
-
 /**
  * Self-healing: reconstruct missing `plugins.installs.clawly-plugins` record.
  * Older provisioned sprites had this record destroyed by a full-overwrite bug
@@ -469,7 +547,8 @@ function reconcileRuntimeConfig(
   dirty = patchSession(config) || dirty
   dirty = patchTts(config, pc) || dirty
   dirty = patchWebSearch(config, pc) || dirty
-  dirty = patchModelGateway(config, api) || dirty
+  dirty = patchMemorySearch(config, pc) || dirty
+  dirty = patchModelGateway(config, api, pc) || dirty
   return dirty
 }
 
@@ -486,21 +565,23 @@ export function setupConfig(api: PluginApi): void {
 
   const configPath = path.join(stateDir, 'openclaw.json')
   const config = readOpenclawConfig(configPath)
-  const pc = toPC(api)
+  const pc = toPC(api, config)
 
   let dirty = false
   dirty = repairLegacyProvisionState(api, config, stateDir) || dirty
   dirty = reconcileRuntimeConfig(api, config, pc) || dirty
 
-  if (!dirty) {
+  if (dirty) {
+    try {
+      writeOpenclawConfig(configPath, config)
+      api.logger.info('Config setup: patched openclaw.json.')
+    } catch (err) {
+      api.logger.error(`Config setup failed: ${(err as Error).message}`)
+    }
+  } else {
     api.logger.info('Config setup: no changes needed.')
-    return
   }
 
-  try {
-    writeOpenclawConfig(configPath, config)
-    api.logger.info('Config setup: patched openclaw.json.')
-  } catch (err) {
-    api.logger.error(`Config setup failed: ${(err as Error).message}`)
-  }
+  // Best-effort: clear stale delivery fields from the main session on every restart
+  autoSanitizeSession(api)
 }

package/gateway/config-timezone.ts

@@ -0,0 +1,56 @@
+/**
+ * Timezone sync RPC: writes agents.defaults.userTimezone to openclaw.json
+ * without triggering a gateway restart.
+ *
+ * Methods:
+ * - clawly.config.setTimezone({ timezone }) → { changed, timezone }
+ */
+
+import path from 'node:path'
+
+import type {PluginApi} from '../types'
+import {readOpenclawConfig, writeOpenclawConfig} from '../model-gateway-setup'
+
+export function registerConfigTimezone(api: PluginApi) {
+  api.registerGatewayMethod('clawly.config.setTimezone', async ({params, respond}) => {
+    const timezone = typeof params.timezone === 'string' ? params.timezone : ''
+    if (!timezone) {
+      respond(true, {changed: false, timezone: '', error: 'Missing timezone param'})
+      return
+    }
+
+    const stateDir = api.runtime.state.resolveStateDir()
+    if (!stateDir) {
+      respond(true, {changed: false, timezone, error: 'Cannot resolve state dir'})
+      return
+    }
+
+    const configPath = path.join(stateDir, 'openclaw.json')
+    const config = readOpenclawConfig(configPath)
+
+    const agents = (config.agents ?? {}) as Record<string, unknown>
+    const defaults = (agents.defaults ?? {}) as Record<string, unknown>
+    const current = defaults.userTimezone
+
+    if (current === timezone) {
+      respond(true, {changed: false, timezone})
+      return
+    }
+
+    defaults.userTimezone = timezone
+    agents.defaults = defaults
+    config.agents = agents
+
+    try {
+      writeOpenclawConfig(configPath, config)
+      api.logger.info(`config-timezone: set userTimezone to ${timezone}`)
+      respond(true, {changed: true, timezone})
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err)
+      api.logger.error(`config-timezone: write failed — ${msg}`)
+      respond(true, {changed: false, timezone, error: `Write failed: ${msg}`})
+    }
+  })
+
+  api.logger.info('config-timezone: registered clawly.config.setTimezone')
+}

package/gateway/index.ts

@@ -3,6 +3,9 @@ import {registerAgentSend} from './agent'
 import {registerAnalytics} from './analytics'
 import {registerClawhub2gateway} from './clawhub2gateway'
 import {registerConfigRepair} from './config-repair'
+import {registerConfigTimezone} from './config-timezone'
+
+import {registerSessionSanitize} from './session-sanitize'
 import {registerCronDelivery} from './cron-delivery'
 import {registerCronTelemetry} from './cron-telemetry'
 import {initOtel, shutdownOtel} from './otel'
@@ -54,6 +57,8 @@ export function registerGateway(api: PluginApi) {
   registerCronTelemetry(api)
   registerAnalytics(api)
   registerConfigRepair(api)
+  registerConfigTimezone(api)
+  registerSessionSanitize(api)
   registerPairing(api)
   registerVersion(api)
 }

package/gateway/notification.ts

@@ -17,6 +17,7 @@ import path from 'node:path'
 import {$} from 'zx'
 import type {PluginApi} from '../types'
 import {stripCliLogs} from '../lib/stripCliLogs'
+import {stripMarkdown} from '../lib/stripMarkdown'
 
 $.verbose = false
 
@@ -151,7 +152,12 @@ export async function sendPushNotification(
     return false
   }
 
-  const title = opts.title ?? (await resolveAgentTitle(opts.agentId))
+  const title = stripMarkdown(opts.title ?? (await resolveAgentTitle(opts.agentId)))
+  const body = stripMarkdown(opts.body)
+  if (!body) {
+    api.logger.warn('notification: body stripped to empty, skipping push')
+    return false
+  }
 
   try {
     const res = await fetch(EXPO_PUSH_URL, {
@@ -161,7 +167,7 @@ export async function sendPushNotification(
         to: token,
         sound: 'default',
         title,
-        body: opts.body,
+        body,
         data: opts.data,
         ...extras,
       }),
@@ -183,7 +189,7 @@ export async function sendPushNotification(
       return false
     }
 
-    api.logger.info(`notification: push sent — "${opts.body}"`)
+    api.logger.info(`notification: push sent — "${body}"`)
     return true
   } catch (err) {
     api.logger.error(

package/gateway/offline-push.test.ts

@@ -374,6 +374,16 @@ describe('shouldSkipPushForMessage', () => {
     expect(shouldSkipPushForMessage(' NO_REPLY ')).toBe('silent reply')
   })
 
+  test('skips trailing NO_REPLY with reasoning text (newline-collapsed)', () => {
+    // getLastAssistantText collapses "\n" → " ", so these arrive as single-line
+    expect(
+      shouldSkipPushForMessage('User is online — stopping here, no action needed. NO_REPLY'),
+    ).toBe('silent reply')
+    expect(shouldSkipPushForMessage('no match in last 24 hours → silent response. NO_REPLY')).toBe(
+      'silent reply',
+    )
+  })
+
   test('skips heartbeat ack when HEARTBEAT_OK is the only content', () => {
     expect(shouldSkipPushForMessage('HEARTBEAT_OK')).toBe('heartbeat ack')
     expect(shouldSkipPushForMessage('HEARTBEAT_OK.')).toBe('heartbeat ack')

package/gateway/offline-push.ts

@@ -136,8 +136,13 @@ export function shouldSkipPushForMessage(text: string): string | null {
   // Agent replied with empty content — mobile hides as "emptyAssistant"
   if (trimmed === '') return 'empty assistant'
 
-  // Agent sentinel "nothing to say" — mobile hides as "silentReply"
-  if (trimmed === 'NO_REPLY') return 'silent reply'
+  // Agent sentinel "nothing to say" — mobile hides as "silentReply".
+  // Mobile uses (?:^|\n) anchor on raw text; here text is already newline-collapsed
+  // by getLastAssistantText, so we match NO_REPLY at string end without line anchor.
+  // Known limitation: a message ending with literal "NO_REPLY" as inline text (e.g.
+  // "The sentinel is called NO_REPLY") would suppress the push. Acceptable trade-off
+  // — the scenario is extremely unlikely and the cost is a missed push, not hidden UI.
+  if (/NO_REPLY[\p{P}\s]*$/u.test(text)) return 'silent reply'
 
   // Heartbeat acknowledgment (HEARTBEAT_OK as ending sentinel) — only skip if no substantial content before it
   if (/HEARTBEAT_OK[\p{P}\s]*$/u.test(text)) {

package/gateway/plugins.ts

@@ -127,6 +127,22 @@ async function withPluginBackup<T>(
   }
 }
 
+interface UpdateParams {
+  pluginId: string
+  npmPkgName: string
+  strategy: 'force' | 'update' | 'install'
+  targetVersion?: string
+  restart?: boolean
+  /**
+   * Skip update if installed version already matches target. Default `true`.
+   *
+   * Applies to all strategies including `force`. `force` means "use the
+   * hardened install flow" (clear plugin config → reinstall), not "always
+   * reinstall regardless of version". Set `false` to bypass (testing only).
+   */
+  skipIfCurrent?: boolean
+}
+
 export function registerPlugins(api: PluginApi) {
   // ── clawly.plugins.version ──────────────────────────────────────
 
@@ -194,13 +210,15 @@ export function registerPlugins(api: PluginApi) {
 
   // ── clawly.plugins.update ──────────────────────────────────────
 
-  api.registerGatewayMethod('clawly.plugins.update', async ({params, respond}) => {
+  api.registerGatewayMethod('clawly.plugins.update', async (args) => {
+    const {params, respond} = args as {params: Partial<UpdateParams>; respond: typeof args.respond}
     const pluginId = typeof params.pluginId === 'string' ? params.pluginId.trim() : ''
     const npmPkgName = typeof params.npmPkgName === 'string' ? params.npmPkgName.trim() : ''
     const strategy = typeof params.strategy === 'string' ? params.strategy.trim() : ''
     const targetVersion =
       typeof params.targetVersion === 'string' ? params.targetVersion.trim() : undefined
     const restart = params.restart === true
+    const skipIfCurrent = params.skipIfCurrent !== false
 
     if (!pluginId || !npmPkgName || !strategy) {
       respond(false, undefined, {
@@ -220,11 +238,41 @@ export function registerPlugins(api: PluginApi) {
 
     const installTarget = targetVersion ? `${npmPkgName}@${targetVersion}` : npmPkgName
 
+    // ── Skip if already at target version ──────────────────────
+    const stateDir = api.runtime.state.resolveStateDir()
+    const installedVersion = stateDir ? readExtensionVersion(stateDir, pluginId) : null
+
+    if (skipIfCurrent && installedVersion) {
+      let resolvedTarget: string | null = null
+
+      if (targetVersion) {
+        // Explicit target — compare directly
+        resolvedTarget = targetVersion
+      } else {
+        // No target — resolve latest from npm
+        const npm = await fetchNpmView(npmPkgName)
+        if (npm?.version) resolvedTarget = npm.version
+      }
+
+      if (resolvedTarget && installedVersion === resolvedTarget) {
+        api.logger.info(
+          `plugins: ${pluginId} already at version ${installedVersion}, skipping ${strategy}`,
+        )
+        captureEvent('plugin.updated', {
+          plugin_id: pluginId,
+          strategy,
+          success: true,
+          skipped: true,
+        })
+        respond(true, {ok: true, strategy, skipped: true})
+        return
+      }
+    }
+
     try {
       let output = ''
 
       if (strategy === 'force') {
-        const stateDir = api.runtime.state.resolveStateDir()
         if (!stateDir) throw new Error('cannot resolve openclaw state dir')
 
         const configPath = path.join(stateDir, 'openclaw.json')

package/gateway/session-sanitize.ts

@@ -0,0 +1,263 @@
+/**
+ * Session sanitize RPC: detects and clears stale delivery-context fields
+ * from the main webchat session that were left by cross-channel delivery.
+ *
+ * Methods:
+ * - clawly.session.sanitize({ dryRun?, sessionKey? }) → { ok/repaired, issues?, detail }
+ */
+
+import fs from 'node:fs'
+import path from 'node:path'
+
+import type {PluginApi} from '../types'
+
+const DEFAULT_AGENT_ID = 'clawly'
+
+function mainSessionKey(api: PluginApi): string {
+  const agentId =
+    (api.pluginConfig as Record<string, unknown> | undefined)?.agentId ?? DEFAULT_AGENT_ID
+  return `agent:${agentId}:main`
+}
+
+/** Fields on SessionEntry that should be absent (or "webchat") for a webchat-only session. */
+const STALE_CHANNEL_VALUES = new Set([
+  'telegram',
+  'discord',
+  'slack',
+  'signal',
+  'whatsapp',
+  'imessage',
+  'line',
+  'matrix',
+  'msteams',
+  'zalo',
+])
+
+interface SessionsStore {
+  sessions: Record<string, Record<string, unknown>>
+}
+
+/** Returns the parsed store, or null if the file doesn't exist, or throws on read/parse errors. */
+function readSessionsStore(storePath: string): SessionsStore | null {
+  let raw: string
+  try {
+    raw = fs.readFileSync(storePath, 'utf-8')
+    const parsed = JSON.parse(raw)
+    if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed))
+      throw new Error('not a JSON object')
+    return parsed
+  } catch (err: unknown) {
+    if ((err as NodeJS.ErrnoException).code === 'ENOENT') return null
+    throw err
+  }
+}
+
+function writeSessionsStore(storePath: string, store: SessionsStore): void {
+  const tmpPath = storePath + '.tmp'
+  fs.writeFileSync(tmpPath, JSON.stringify(store, null, 2) + '\n')
+  fs.renameSync(tmpPath, storePath)
+}
+
+/**
+ * Check a session entry for stale delivery fields that point to a non-webchat channel.
+ * Returns a list of issue descriptions, or empty array if clean.
+ */
+function detectIssues(entry: Record<string, unknown>): string[] {
+  const issues: string[] = []
+
+  // deliveryContext.channel
+  const dc = entry.deliveryContext as Record<string, unknown> | undefined
+  if (dc?.channel && typeof dc.channel === 'string' && STALE_CHANNEL_VALUES.has(dc.channel)) {
+    issues.push(`deliveryContext.channel = "${dc.channel}"`)
+  }
+
+  // lastChannel
+  if (typeof entry.lastChannel === 'string' && STALE_CHANNEL_VALUES.has(entry.lastChannel)) {
+    issues.push(`lastChannel = "${entry.lastChannel}"`)
+  }
+
+  // lastTo, lastAccountId, lastThreadId — should be absent for webchat
+  // Values may contain PII (phone numbers, platform user IDs) — omit from logs/UI
+  if (entry.lastTo != null) issues.push('lastTo')
+  if (entry.lastAccountId != null) issues.push('lastAccountId')
+  if (entry.lastThreadId != null) issues.push('lastThreadId')
+
+  // origin.provider / origin.surface
+  const origin = entry.origin as Record<string, unknown> | undefined
+  if (
+    origin?.provider &&
+    typeof origin.provider === 'string' &&
+    STALE_CHANNEL_VALUES.has(origin.provider)
+  ) {
+    issues.push(`origin.provider = "${origin.provider}"`)
+  }
+  if (
+    origin?.surface &&
+    typeof origin.surface === 'string' &&
+    STALE_CHANNEL_VALUES.has(origin.surface)
+  ) {
+    issues.push(`origin.surface = "${origin.surface}"`)
+  }
+
+  return issues
+}
+
+/** Clear stale delivery fields from a session entry (mutates in place). */
+function repairEntry(entry: Record<string, unknown>): void {
+  // Only delete channel-guarded fields when they match a stale channel value
+  const dc = entry.deliveryContext as Record<string, unknown> | undefined
+  if (dc && typeof dc.channel === 'string' && STALE_CHANNEL_VALUES.has(dc.channel)) {
+    delete dc.channel
+    if (Object.keys(dc).length === 0) delete entry.deliveryContext
+  }
+  if (typeof entry.lastChannel === 'string' && STALE_CHANNEL_VALUES.has(entry.lastChannel))
+    delete entry.lastChannel
+  // lastTo/lastAccountId/lastThreadId are stale for webchat when present
+  if (entry.lastTo != null) delete entry.lastTo
+  if (entry.lastAccountId != null) delete entry.lastAccountId
+  if (entry.lastThreadId != null) delete entry.lastThreadId
+
+  const origin = entry.origin as Record<string, unknown> | undefined
+  if (origin) {
+    if (typeof origin.provider === 'string' && STALE_CHANNEL_VALUES.has(origin.provider))
+      delete origin.provider
+    if (typeof origin.surface === 'string' && STALE_CHANNEL_VALUES.has(origin.surface))
+      delete origin.surface
+    if (Object.keys(origin).length === 0) delete entry.origin
+  }
+}
+
+export function registerSessionSanitize(api: PluginApi) {
+  // Capture agentId + defaultKey once at registration time so the handler
+  // stays consistent with the sessionKey guard even if pluginConfig mutates.
+  const agentId =
+    ((api.pluginConfig as Record<string, unknown> | undefined)?.agentId as string | undefined) ??
+    DEFAULT_AGENT_ID
+  const defaultKey = `agent:${agentId}:main`
+
+  api.registerGatewayMethod('clawly.session.sanitize', async ({params, respond}) => {
+    const dryRun = params.dryRun === true
+    const sessionKey = typeof params.sessionKey === 'string' ? params.sessionKey : defaultKey
+
+    // Only sanitize the main webchat session — non-main sessions (e.g. telegram/discord)
+    // legitimately use lastTo/lastAccountId/lastThreadId for routing.
+    if (sessionKey !== defaultKey) {
+      respond(true, {
+        ok: true,
+        ...(dryRun ? {} : {repaired: false}),
+        detail: `Skipped — sanitize only applies to "${defaultKey}"`,
+      })
+      return
+    }
+
+    const stateDir = api.runtime.state.resolveStateDir()
+    if (!stateDir) {
+      respond(true, {
+        ok: false,
+        ...(dryRun ? {} : {repaired: false}),
+        detail: 'Cannot resolve state dir',
+      })
+      return
+    }
+
+    const storePath = path.join(stateDir, 'agents', agentId, 'sessions', 'sessions.json')
+    let store: SessionsStore | null
+    try {
+      store = readSessionsStore(storePath)
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err)
+      respond(true, {
+        // dryRun: treat corrupt as "can't check, assume clean" — avoids
+        // showing a misleading Fix button for an unfixable environment error.
+        ...(dryRun ? {ok: true} : {ok: false, repaired: false}),
+        detail: `Sessions store unreadable or malformed: ${msg}`,
+      })
+      return
+    }
+    if (!store) {
+      respond(true, {
+        ok: true,
+        ...(dryRun ? {} : {repaired: false}),
+        detail: 'Sessions store not found — nothing to sanitize',
+      })
+      return
+    }
+
+    const entry = store.sessions?.[sessionKey] as Record<string, unknown> | undefined
+    if (!entry) {
+      respond(true, {
+        ok: true,
+        ...(dryRun ? {} : {repaired: false}),
+        detail: `Session "${sessionKey}" not found — nothing to sanitize`,
+      })
+      return
+    }
+
+    const issues = detectIssues(entry)
+    if (issues.length === 0) {
+      respond(true, {
+        ok: true,
+        ...(dryRun ? {} : {repaired: false}),
+        detail: 'Session delivery context is clean',
+      })
+      return
+    }
+
+    if (dryRun) {
+      respond(true, {ok: false, issues, detail: `Stale fields: ${issues.join(', ')}`})
+      return
+    }
+
+    repairEntry(entry)
+
+    try {
+      writeSessionsStore(storePath, store)
+      api.logger.info(`session.sanitize: cleared stale delivery fields — ${issues.join(', ')}`)
+      respond(true, {ok: true, repaired: true, issues, detail: `Cleared: ${issues.join(', ')}`})
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err)
+      api.logger.error(`session.sanitize: write failed — ${msg}`)
+      respond(true, {ok: false, repaired: false, detail: `Write failed: ${msg}`})
+    }
+  })
+
+  api.logger.info('session-sanitize: registered clawly.session.sanitize')
+}
+
+/**
+ * Standalone auto-sanitize — reads, checks, writes. Called from setupConfig on startup.
+ * Best-effort: logs warnings on failure, never throws.
+ */
+export function autoSanitizeSession(api: PluginApi): void {
+  const stateDir = api.runtime.state.resolveStateDir()
+  if (!stateDir) return
+
+  const agentId =
+    (api.pluginConfig as Record<string, unknown> | undefined)?.agentId ?? DEFAULT_AGENT_ID
+  const storePath = path.join(stateDir, 'agents', String(agentId), 'sessions', 'sessions.json')
+  let store: SessionsStore | null
+  try {
+    store = readSessionsStore(storePath)
+  } catch (err) {
+    api.logger.warn(
+      `session-sanitize (auto): cannot read sessions store — ${(err as Error).message}`,
+    )
+    return
+  }
+  if (!store) return
+
+  const sessionKey = mainSessionKey(api)
+  const entry = store.sessions?.[sessionKey] as Record<string, unknown> | undefined
+  if (!entry) return
+
+  const issues = detectIssues(entry)
+  if (issues.length === 0) return
+
+  repairEntry(entry)
+  try {
+    writeSessionsStore(storePath, store)
+    api.logger.info(`session-sanitize (auto): cleared stale fields — ${issues.join(', ')}`)
+  } catch (err) {
+    api.logger.warn(`session-sanitize (auto): write failed — ${(err as Error).message}`)
+  }
+}

package/lib/stripMarkdown.test.ts

@@ -0,0 +1,156 @@
+import {describe, expect, test} from 'bun:test'
+import {stripMarkdown} from './stripMarkdown'
+
+describe('stripMarkdown', () => {
+  test('strips bold (**text**)', () => {
+    expect(stripMarkdown('Hello **world**!')).toBe('Hello world!')
+  })
+
+  test('strips italic (*text*)', () => {
+    expect(stripMarkdown('Hello *world*!')).toBe('Hello world!')
+  })
+
+  test('strips bold+italic (***text***)', () => {
+    expect(stripMarkdown('Hello ***world***!')).toBe('Hello world!')
+  })
+
+  test('strips strikethrough (~~text~~)', () => {
+    expect(stripMarkdown('Hello ~~world~~!')).toBe('Hello world!')
+  })
+
+  test('strips inline code (`text`)', () => {
+    expect(stripMarkdown('Run `npm install` to start')).toBe('Run npm install to start')
+  })
+
+  test('strips code block fences, keeps content', () => {
+    expect(stripMarkdown('Before ```const x = 1``` after')).toBe('Before const x = 1 after')
+  })
+
+  test('strips multiline code block fences with language tag', () => {
+    expect(stripMarkdown('Before\n```js\nconst x = 1\n```\nafter')).toBe(
+      'Before\nconst x = 1\n\nafter',
+    )
+  })
+
+  test('strips multiline code block fences without language tag', () => {
+    expect(stripMarkdown('Before\n```\nconst x = 1\n```\nafter')).toBe(
+      'Before\nconst x = 1\n\nafter',
+    )
+  })
+
+  test('strips links [text](url) → text', () => {
+    expect(stripMarkdown('Visit [our site](https://example.com) now')).toBe('Visit our site now')
+  })
+
+  test('strips links with parenthesized URLs', () => {
+    expect(
+      stripMarkdown('See [Function](https://en.wikipedia.org/wiki/Function_(mathematics)) here'),
+    ).toBe('See Function here')
+  })
+
+  test('strips images ![alt](url) → alt', () => {
+    expect(stripMarkdown('See ![photo](https://example.com/img.png) here')).toBe('See photo here')
+  })
+
+  test('strips heading markers', () => {
+    expect(stripMarkdown('# Hello')).toBe('Hello')
+    expect(stripMarkdown('## Subheading')).toBe('Subheading')
+    expect(stripMarkdown('### Deep heading')).toBe('Deep heading')
+  })
+
+  test('strips heading markers in multiline text', () => {
+    expect(stripMarkdown('Line one\n## Heading')).toBe('Line one\nHeading')
+  })
+
+  test('strips blockquote markers', () => {
+    expect(stripMarkdown('> This is a quote')).toBe('This is a quote')
+  })
+
+  test('strips nested blockquotes', () => {
+    expect(stripMarkdown('> > Nested content')).toBe('Nested content')
+    expect(stripMarkdown('> > > Deep nested')).toBe('Deep nested')
+  })
+
+  test('strips blockquotes without space', () => {
+    expect(stripMarkdown('>text')).toBe('text')
+  })
+
+  test('strips blockquoted headings and lists', () => {
+    expect(stripMarkdown('> ## Heading')).toBe('Heading')
+    expect(stripMarkdown('> - Item')).toBe('Item')
+    expect(stripMarkdown('> 1. First')).toBe('First')
+  })
+
+  test('strips unordered list markers', () => {
+    expect(stripMarkdown('- Item one')).toBe('Item one')
+    expect(stripMarkdown('* Item two')).toBe('Item two')
+    expect(stripMarkdown('+ Item three')).toBe('Item three')
+  })
+
+  test('strips ordered list markers', () => {
+    expect(stripMarkdown('1. First item')).toBe('First item')
+    expect(stripMarkdown('2. Second item')).toBe('Second item')
+    expect(stripMarkdown('10. Tenth item')).toBe('Tenth item')
+  })
+
+  test('strips horizontal rules', () => {
+    expect(stripMarkdown('Before\n---\nAfter')).toBe('Before\n\nAfter')
+    expect(stripMarkdown('Before\n***\nAfter')).toBe('Before\n\nAfter')
+    expect(stripMarkdown('Before\n___\nAfter')).toBe('Before\n\nAfter')
+  })
+
+  test('handles multiple markdown features combined', () => {
+    expect(stripMarkdown('**Hey!** Check [this](https://x.com) out — `code` here')).toBe(
+      'Hey! Check this out — code here',
+    )
+  })
+
+  test('leaves plain text unchanged', () => {
+    expect(stripMarkdown('Just a normal message')).toBe('Just a normal message')
+  })
+
+  test('handles empty string', () => {
+    expect(stripMarkdown('')).toBe('')
+  })
+
+  test('collapses extra spaces from stripping', () => {
+    expect(stripMarkdown('Hello  **world**  !')).toBe('Hello world !')
+  })
+
+  test('preserves snake_case identifiers', () => {
+    expect(stripMarkdown('Use some_variable_name in your code')).toBe(
+      'Use some_variable_name in your code',
+    )
+  })
+
+  test('preserves underscores in technical text', () => {
+    expect(stripMarkdown('Set __proto__ and __name__ carefully')).toBe(
+      'Set __proto__ and __name__ carefully',
+    )
+  })
+
+  test('handles multiline LLM-style output', () => {
+    const input = '**Summary:**\n1. First point\n2. Second point\n> Note: be careful'
+    expect(stripMarkdown(input)).toBe('Summary:\nFirst point\nSecond point\nNote: be careful')
+  })
+
+  test('does not match bold across line boundaries', () => {
+    const input = '* Item one\n* Item two'
+    expect(stripMarkdown(input)).toBe('Item one\nItem two')
+  })
+
+  test('strips * list marker with inline emphasis', () => {
+    expect(stripMarkdown('* Use *caution* here')).toBe('Use caution here')
+  })
+
+  test('preserves asterisks in math/technical expressions', () => {
+    expect(stripMarkdown('Calculate 2*3*4 for the result')).toBe('Calculate 2*3*4 for the result')
+    expect(stripMarkdown('Calculate 2 * 3 * 4 for the result')).toBe(
+      'Calculate 2 * 3 * 4 for the result',
+    )
+  })
+
+  test('preserves content from code-only input', () => {
+    expect(stripMarkdown('```const x = 1```')).toBe('const x = 1')
+  })
+})

package/lib/stripMarkdown.ts

@@ -0,0 +1,48 @@
+/**
+ * Strip common Markdown formatting from text to produce plain-text
+ * suitable for push notification bodies.
+ *
+ * Handles: bold, italic, strikethrough, inline code, code blocks,
+ * links, images, headings, blockquotes, list markers, and horizontal rules.
+ */
+export function stripMarkdown(text: string): string {
+  return (
+    text
+      // Code blocks — strip fences (and optional language tag), keep content
+      .replace(/```(?:\w*\n)?([\s\S]*?)```/g, '$1')
+      // Images ![alt](url) → alt  (supports one level of balanced parens in URL)
+      .replace(/!\[([^\]]*)\]\([^()]*(?:\([^()]*\))*[^()]*\)/g, '$1')
+      // Links [text](url) → text  (supports one level of balanced parens in URL)
+      .replace(/\[([^\]]*)\]\([^()]*(?:\([^()]*\))*[^()]*\)/g, '$1')
+      // ── Line-start structural markers (before inline formatting) ──
+      // Must run before bold/italic so that `* *text*` strips the list
+      // marker first, leaving `*text*` for the emphasis regex.
+      // Blockquote markers first — so `> ## Heading` and `> - Item` are
+      // unquoted before heading/list regexes run. Handles nested (`> > text`)
+      // and no-space (`>text`) variants in a single pass.
+      .replace(/(^|\n)(>\s*)+/g, '$1')
+      // Heading markers (# at start of line)
+      .replace(/(^|\n)#{1,6}\s+/g, '$1')
+      // Ordered list markers (1. 2. etc at start of line)
+      .replace(/(^|\n)\d+\.\s+/g, '$1')
+      // Unordered list markers (- * +) at start of line
+      .replace(/(^|\n)[*+-]\s+/g, '$1')
+      // ── Inline formatting ──
+      // Bold/italic with * only (**text**, *text*, ***text***)
+      // Intentionally skips _underscore_ variants to avoid corrupting
+      // snake_case identifiers and __dunder__ names common in LLM output.
+      // Uses CommonMark-style flanking rules: opening * must be followed by
+      // non-whitespace, closing * must be preceded by non-whitespace. This
+      // rejects spaced math like `2 * 3 * 4` while matching `*italic*`.
+      .replace(/(?<!\w)\*{1,3}(?!\s)([^*\n]+?)(?<!\s)\*{1,3}(?!\w)/g, '$1')
+      // Strikethrough ~~text~~
+      .replace(/~~([^~]+?)~~/g, '$1')
+      // Inline code `text`
+      .replace(/`([^`]+?)`/g, '$1')
+      // Horizontal rules (--- *** ___) on their own line
+      .replace(/(^|\n)([-*_]){3,}(\n|$)/g, '$1$3')
+      // Collapse multiple spaces and normalize whitespace
+      .replace(/ {2,}/g, ' ')
+      .trim()
+  )
+}

package/model-gateway-setup.ts

@@ -13,6 +13,10 @@ import path from 'node:path'
 import type {PluginApi} from './index'
 
 export const PROVIDER_NAME = 'clawly-model-gateway'
+type ModelGatewayConfigInputs = {
+  modelGatewayBaseUrl?: string
+  modelGatewayToken?: string
+}
 
 /** Additional models available through the model gateway (beyond env-configured defaults). */
 export const EXTRA_GATEWAY_MODELS: Array<{
@@ -83,7 +87,17 @@ export function writeOpenclawConfig(configPath: string, config: Record<string, u
   fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n')
 }
 
-export function patchModelGateway(config: Record<string, unknown>, api: PluginApi): boolean {
+export function patchModelGateway(
+  config: Record<string, unknown>,
+  api: PluginApi,
+  inputs?: ModelGatewayConfigInputs,
+): boolean {
+  const cfg =
+    inputs ??
+    (api.pluginConfig as Record<string, unknown> | undefined as
+      | ModelGatewayConfigInputs
+      | undefined)
+
   // If provider already exists, check if extra models or aliases need updating.
   // This runs before the credentials check because provisioned sprites have
   // credentials in openclaw.json directly, not in pluginConfig.
@@ -116,7 +130,6 @@ export function patchModelGateway(config: Record<string, unknown>, api: PluginAp
 
     // Backfill pluginConfig from existing provider credentials (legacy sprites
     // provisioned before plugin config was written during configure phase).
-    const cfg = api.pluginConfig as Record<string, unknown> | undefined
     if (
       existingProvider.baseUrl &&
       existingProvider.apiKey &&
@@ -149,7 +162,6 @@ export function patchModelGateway(config: Record<string, unknown>, api: PluginAp
   }
 
   // No existing provider — need pluginConfig credentials to create one
-  const cfg = api.pluginConfig as Record<string, unknown> | undefined
   const baseUrl =
     typeof cfg?.modelGatewayBaseUrl === 'string' ? cfg.modelGatewayBaseUrl.replace(/\/$/, '') : ''
   const token = typeof cfg?.modelGatewayToken === 'string' ? cfg.modelGatewayToken : ''
@@ -212,7 +224,13 @@ export function patchModelGateway(config: Record<string, unknown>, api: PluginAp
   return true
 }
 
-/** Standalone wrapper — reads config, patches, writes. Used by tests. */
+/**
+ * Standalone wrapper — reads config, patches, writes. Used by tests.
+ *
+ * This helper intentionally does not apply the file-backed pluginConfig fallback
+ * from setupConfig(); production startup should go through the full runtime
+ * reconcile path there.
+ */
 export function setupModelGateway(api: PluginApi): void {
   const stateDir = api.runtime.state.resolveStateDir()
   if (!stateDir) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@2en/clawly-plugins",
-  "version": "1.26.0",
+  "version": "1.26.1-beta.1",
   "module": "index.ts",
   "type": "module",
   "repository": {