@2en/clawly-plugins 1.30.0-beta.3 → 1.30.0-beta.4

package/clawly-config-defaults.json5

@@ -12,6 +12,13 @@
         apiKey: "${CLAWLY_MODEL_GATEWAY_API_KEY}",
         api: "openai-completions",
         models: [
+          {
+            id: "auto",
+            name: "auto",
+            input: ["text", "image"],
+            contextWindow: 262144,
+            maxTokens: 65535,
+          },
           {
             id: "moonshotai/kimi-k2.5",
             name: "moonshotai/kimi-k2.5",
@@ -33,6 +40,13 @@
             contextWindow: 1048576,
             maxTokens: 65536,
           },
+          {
+            id: "google/gemini-3.1-pro-preview",
+            name: "google/gemini-3.1-pro-preview",
+            input: ["text", "image"],
+            contextWindow: 1048576,
+            maxTokens: 65536,
+          },
           {
             id: "anthropic/claude-sonnet-4.6",
             name: "anthropic/claude-sonnet-4.6",
@@ -89,12 +103,12 @@
     },
   },
 
-  // agents.defaults.models — which models the agent can use, display names,
-  // and per-model overrides. The whitelist only constrains the UI model picker
-  // and fallback lists.
+  // agents.defaults — model picker whitelist, display names, and tuning defaults.
+  // The whitelist constrains the UI model picker and fallback lists.
   agents: {
     defaults: {
       thinkingDefault: "off",
+      verboseDefault: "on",
       model: {
         primary: "clawly-model-gateway/anthropic/claude-sonnet-4.6",
       },
@@ -103,9 +117,11 @@
         fallbacks: [],
       },
       models: {
+        "clawly-model-gateway/auto": { alias: "Auto" },
         "clawly-model-gateway/moonshotai/kimi-k2.5": { alias: "Kimi K2.5" },
         "clawly-model-gateway/google/gemini-2.5-pro": { alias: "Gemini 2.5 Pro" },
         "clawly-model-gateway/google/gemini-3-pro-preview": { alias: "Gemini 3 Pro Preview" },
+        "clawly-model-gateway/google/gemini-3.1-pro-preview": { alias: "Gemini 3.1 Pro Preview" },
         "clawly-model-gateway/anthropic/claude-sonnet-4.6": { alias: "Claude Sonnet 4.6" },
         "clawly-model-gateway/anthropic/claude-opus-4.6": { alias: "Claude Opus 4.6" },
         "clawly-model-gateway/openai/gpt-5.4": { alias: "GPT-5.4" },
@@ -114,6 +130,94 @@
         "clawly-model-gateway/qwen/qwen3.5-plus-02-15": { alias: "Qwen 3.5 Plus" },
         "clawly-model-gateway/z-ai/glm-5": { alias: "GLM-5" },
       },
+      contextPruning: {
+        mode: "cache-ttl",
+      },
+      heartbeat: {
+        model: "clawly-model-gateway/moonshotai/kimi-k2.5",
+        lightContext: true,
+      },
+      memorySearch: {
+        provider: "openai",
+        model: "text-embedding-3-small",
+        remote: {
+          baseUrl: "${CLAWLY_MODEL_GATEWAY_BASE}/v1",
+          apiKey: "${CLAWLY_MODEL_GATEWAY_API_KEY}",
+          batch: { enabled: false },
+        },
+      },
+    },
+  },
+
+  // messages.tts — text-to-speech credentials + tuning defaults
+  messages: {
+    tts: {
+      auto: "tagged",
+      mode: "final",
+      provider: "elevenlabs",
+      summaryModel: "clawly-model-gateway/anthropic/claude-sonnet-4.6",
+      maxTextLength: 4000,
+      timeoutMs: 30000,
+      prefsPath: "~/.openclaw/settings/tts.json",
+      modelOverrides: { enabled: true },
+      elevenlabs: {
+        baseUrl: "${CLAWLY_MODEL_GATEWAY_BASE}/v1/elevenlabs",
+        apiKey: "${CLAWLY_MODEL_GATEWAY_API_KEY}",
+        voiceId: "DwwuoY7Uz8AP8zrY5TAo",
+        modelId: "eleven_multilingual_v2",
+        seed: 42,
+        applyTextNormalization: "auto",
+        languageCode: "en",
+        voiceSettings: {
+          stability: 0.5,
+          similarityBoost: 0.75,
+          style: 0.0,
+          useSpeakerBoost: true,
+          speed: 1.0,
+        },
+      },
+    },
+  },
+
+  // gateway.nodes — allowlist dangerous node commands so the AI agent can
+  // invoke them on connected Clawly nodes (browser, reminders, calendar, device).
+  gateway: {
+    nodes: {
+      allowCommands: [
+        // Browser commands (Mac nodes)
+        "browser.proxy",
+        "browser.navigate",
+        "browser.click",
+        "browser.type",
+        "browser.screenshot",
+        "browser.read",
+        "browser.tabs",
+        "browser.back",
+        "browser.scroll",
+        "browser.evaluate",
+        // Reminders + calendar (iOS nodes)
+        "reminders.add",
+        "calendar.add",
+        // Device permissions (iOS nodes)
+        "device.permissions",
+        "device.requestPermission",
+      ],
+    },
+  },
+
+  // tools.web.search — web search defaults
+  tools: {
+    web: {
+      search: {
+        provider: "perplexity",
+        perplexity: {
+          model: "perplexity/sonar-pro",
+          baseUrl: "${CLAWLY_MODEL_GATEWAY_BASE}/v1",
+          apiKey: "${CLAWLY_MODEL_GATEWAY_API_KEY}",
+        },
+        maxResults: 5,
+        timeoutSeconds: 30,
+      },
     },
   },
 }

package/config-setup.ts

@@ -17,10 +17,9 @@
 
 import fs from 'node:fs'
 import path from 'node:path'
-
-import type {PluginApi} from './index'
+import JSON5 from 'json5'
 import {autoSanitizeSession} from './gateway/session-sanitize'
-import {resolveGatewayCredentials} from './resolve-gateway-credentials'
+import type {PluginApi} from './index'
 import {
   ENV_KEY_API_KEY,
   ENV_KEY_BASE,
@@ -30,16 +29,14 @@ import {
   stripPathname,
   writeOpenclawConfig,
 } from './model-gateway-setup'
+import {resolveGatewayCredentials} from './resolve-gateway-credentials'
+import type {OpenClawConfig} from './types/openclaw'
 
 export interface ConfigPluginConfig {
   instanceId?: string
   agentId?: string
   agentName?: string
   workspaceDir?: string
-  defaultModel?: string
-  defaultImageModel?: string
-  defaultHeartbeatModel?: string
-  elevenlabsApiKey?: string
   modelGatewayBaseUrl?: string
   modelGatewayToken?: string
   otelToken?: string
@@ -54,7 +51,7 @@ function asObj(value: unknown): Record<string, unknown> {
     : {}
 }
 
-function readFilePluginConfig(config: Record<string, unknown>): ConfigPluginConfig {
+function readFilePluginConfig(config: OpenClawConfig): ConfigPluginConfig {
   const plugins = asObj(config.plugins)
   const entries = asObj(plugins.entries)
   const raw = asObj(entries['clawly-plugins'])
@@ -77,25 +74,12 @@ function mergeDefinedPluginConfig(
   return merged
 }
 
-function toPCMerged(api: PluginApi, config: Record<string, unknown>): ConfigPluginConfig {
+function toPCMerged(api: PluginApi, config: OpenClawConfig): ConfigPluginConfig {
   const fileConfig = readFilePluginConfig(config)
   const runtimeConfig = (api.pluginConfig ?? {}) as ConfigPluginConfig
   return mergeDefinedPluginConfig(fileConfig, runtimeConfig)
 }
 
-const LEGACY_DEFAULT_MODEL = `${PROVIDER_NAME}/anthropic/claude-sonnet-4.6`
-const DEFAULT_ELEVENLABS_VOICE_ID = 'DwwuoY7Uz8AP8zrY5TAo'
-
-function toProviderModelId(model?: string): string {
-  const normalized = model?.trim() ?? ''
-  if (!normalized) return ''
-  return normalized.startsWith(`${PROVIDER_NAME}/`) ? normalized : `${PROVIDER_NAME}/${normalized}`
-}
-
-function resolveDefaultModel(pc: ConfigPluginConfig): string {
-  return toProviderModelId(pc.defaultModel) || LEGACY_DEFAULT_MODEL
-}
-
 // ---------------------------------------------------------------------------
 // Domain helpers — each returns true when config was mutated
 //
@@ -104,7 +88,7 @@ function resolveDefaultModel(pc: ConfigPluginConfig): string {
 // diagnostic UI stays in sync.
 // ---------------------------------------------------------------------------
 
-export function patchAgent(config: Record<string, unknown>, pc: ConfigPluginConfig): boolean {
+export function patchAgent(config: OpenClawConfig, pc: ConfigPluginConfig): boolean {
   if (!pc.agentId) return false
 
   let dirty = false
@@ -138,22 +122,6 @@ export function patchAgent(config: Record<string, unknown>, pc: ConfigPluginConf
     dirty = true
   }
 
-  // model: set-if-missing
-  if (!defaults.model) {
-    defaults.model = {primary: resolveDefaultModel(pc)}
-    dirty = true
-  }
-
-  // imageModel: set-if-missing
-  const defaultImageModel = toProviderModelId(pc.defaultImageModel)
-  if (defaultImageModel && !defaults.imageModel) {
-    defaults.imageModel = {
-      primary: defaultImageModel,
-      fallbacks: [],
-    }
-    dirty = true
-  }
-
   // sandbox.mode: enforce (only set the field we care about)
   const sandbox = (defaults.sandbox ?? {}) as Record<string, unknown>
   if (sandbox.mode !== 'off') {
@@ -162,12 +130,6 @@ export function patchAgent(config: Record<string, unknown>, pc: ConfigPluginConf
     dirty = true
   }
 
-  // verboseDefault: set-if-missing
-  if (defaults.verboseDefault === undefined) {
-    defaults.verboseDefault = 'on'
-    dirty = true
-  }
-
   if (dirty) {
     agents.defaults = defaults
     config.agents = agents
@@ -176,7 +138,7 @@ export function patchAgent(config: Record<string, unknown>, pc: ConfigPluginConf
   return dirty
 }
 
-export function patchGateway(config: Record<string, unknown>): boolean {
+export function patchGateway(config: OpenClawConfig): boolean {
   let dirty = false
   const gateway = (config.gateway ?? {}) as Record<string, unknown>
 
@@ -223,7 +185,7 @@ export function patchGateway(config: Record<string, unknown>): boolean {
   return dirty
 }
 
-export function patchBrowser(config: Record<string, unknown>): boolean {
+export function patchBrowser(config: OpenClawConfig): boolean {
   let dirty = false
 
   // browser: enforce individual fields only
@@ -250,7 +212,7 @@ export function patchBrowser(config: Record<string, unknown>): boolean {
     dirty = true
   }
 
-  // owner: grant mobile/mac app owner permissions (required for cron tool etc.)
+  // ownerAllowFrom: append-if-missing (can't use $include — arrays concatenate)
   const ownerAllowFrom = Array.isArray(commands.ownerAllowFrom)
     ? (commands.ownerAllowFrom as string[])
     : []
@@ -270,264 +232,10 @@ export function patchBrowser(config: Record<string, unknown>): boolean {
   return dirty
 }
 
-export function patchTts(config: Record<string, unknown>, pc: ConfigPluginConfig): boolean {
-  let dirty = false
-  const messages = (config.messages ?? {}) as Record<string, unknown>
-  const tts = (messages.tts ?? {}) as Record<string, unknown>
-  const elevenlabs = (tts.elevenlabs ?? {}) as Record<string, unknown>
-
-  // Credentials: enforce (only when credentials are available)
-  const useProxy = !!(pc.modelGatewayBaseUrl && pc.modelGatewayToken)
-  const hasDirectKey = !!pc.elevenlabsApiKey
-  if (useProxy || hasDirectKey) {
-    const targetApiKey = useProxy ? pc.modelGatewayToken! : pc.elevenlabsApiKey!
-    const targetBaseUrl = useProxy
-      ? `${pc.modelGatewayBaseUrl}/elevenlabs`
-      : 'https://api.elevenlabs.io'
-
-    if (elevenlabs.apiKey !== targetApiKey) {
-      elevenlabs.apiKey = targetApiKey
-      dirty = true
-    }
-    if (elevenlabs.baseUrl !== targetBaseUrl) {
-      elevenlabs.baseUrl = targetBaseUrl
-      dirty = true
-    }
-  }
-
-  // voiceId: set-if-missing (never overwrite user selection)
-  // Use falsy check — old plugin versions (< beta.3) enforced voiceId = ''
-  // which is not undefined but is still an empty/invalid value.
-  // null is also treated as missing here.
-  if (!elevenlabs.voiceId) {
-    elevenlabs.voiceId = DEFAULT_ELEVENLABS_VOICE_ID
-    dirty = true
-  }
-
-  // Tuning: set-if-missing
-  if (tts.auto === undefined) {
-    tts.auto = 'tagged'
-    dirty = true
-  }
-  if (tts.mode === undefined) {
-    tts.mode = 'final'
-    dirty = true
-  }
-  if (tts.provider === undefined) {
-    tts.provider = 'elevenlabs'
-    dirty = true
-  }
-  if (tts.summaryModel === undefined) {
-    tts.summaryModel = resolveDefaultModel(pc)
-    dirty = true
-  }
-  if (tts.modelOverrides === undefined) {
-    tts.modelOverrides = {enabled: true}
-    dirty = true
-  }
-  if (tts.maxTextLength === undefined) {
-    tts.maxTextLength = 4000
-    dirty = true
-  }
-  if (tts.timeoutMs === undefined) {
-    tts.timeoutMs = 30000
-    dirty = true
-  }
-  if (tts.prefsPath === undefined) {
-    tts.prefsPath = '~/.openclaw/settings/tts.json'
-    dirty = true
-  }
-
-  // elevenlabs tuning: set-if-missing
-  if (elevenlabs.modelId === undefined) {
-    elevenlabs.modelId = 'eleven_multilingual_v2'
-    dirty = true
-  }
-  if (elevenlabs.seed === undefined) {
-    elevenlabs.seed = 42
-    dirty = true
-  }
-  if (elevenlabs.applyTextNormalization === undefined) {
-    elevenlabs.applyTextNormalization = 'auto'
-    dirty = true
-  }
-  if (elevenlabs.languageCode === undefined) {
-    elevenlabs.languageCode = 'en'
-    dirty = true
-  }
-  if (elevenlabs.voiceSettings === undefined) {
-    elevenlabs.voiceSettings = {
-      stability: 0.5,
-      similarityBoost: 0.75,
-      style: 0.0,
-      useSpeakerBoost: true,
-      speed: 1.0,
-    }
-    dirty = true
-  }
-
-  if (dirty) {
-    tts.elevenlabs = elevenlabs
-    messages.tts = tts
-    config.messages = messages
-  }
-
-  return dirty
-}
-
-export function patchWebSearch(config: Record<string, unknown>, pc: ConfigPluginConfig): boolean {
-  if (!pc.modelGatewayBaseUrl || !pc.modelGatewayToken) return false
-
-  let dirty = false
-  const tools = (config.tools ?? {}) as Record<string, unknown>
-  const web = (tools.web ?? {}) as Record<string, unknown>
-  const search = (web.search ?? {}) as Record<string, unknown>
-  const perplexity = (search.perplexity ?? {}) as Record<string, unknown>
-
-  // Provider: enforce
-  if (search.provider !== 'perplexity') {
-    search.provider = 'perplexity'
-    dirty = true
-  }
-
-  // Perplexity credentials: enforce (nested under search.perplexity)
-  if (perplexity.apiKey !== pc.modelGatewayToken) {
-    perplexity.apiKey = pc.modelGatewayToken
-    dirty = true
-  }
-  if (perplexity.baseUrl !== pc.modelGatewayBaseUrl) {
-    perplexity.baseUrl = pc.modelGatewayBaseUrl
-    dirty = true
-  }
-
-  // Perplexity model: set-if-missing
-  if (perplexity.model === undefined) {
-    perplexity.model = 'perplexity/sonar-pro'
-    dirty = true
-  }
-
-  // Tuning: set-if-missing
-  if (search.maxResults === undefined) {
-    search.maxResults = 5
-    dirty = true
-  }
-  if (search.timeoutSeconds === undefined) {
-    search.timeoutSeconds = 30
-    dirty = true
-  }
-
-  if (dirty) {
-    search.perplexity = perplexity
-    web.search = search
-    tools.web = web
-    config.tools = tools
-  }
-
-  return dirty
-}
-
-export function patchMemorySearch(
-  config: Record<string, unknown>,
-  pc: ConfigPluginConfig,
-): boolean {
-  if (!pc.modelGatewayBaseUrl || !pc.modelGatewayToken) return false
-
-  let dirty = false
-  const agents = (config.agents ?? {}) as Record<string, unknown>
-  const defaults = (agents.defaults ?? {}) as Record<string, unknown>
-  const ms = (defaults.memorySearch ?? {}) as Record<string, unknown>
-  const remote = (ms.remote ?? {}) as Record<string, unknown>
-  const batch = (remote.batch ?? {}) as Record<string, unknown>
-
-  // Provider: enforce (proxy mimics OpenAI API)
-  if (ms.provider !== 'openai') {
-    ms.provider = 'openai'
-    dirty = true
-  }
-
-  // Model: set-if-missing
-  if (ms.model === undefined) {
-    ms.model = 'text-embedding-3-small'
-    dirty = true
-  }
-
-  // Remote credentials: enforce
-  if (remote.baseUrl !== pc.modelGatewayBaseUrl) {
-    remote.baseUrl = pc.modelGatewayBaseUrl
-    dirty = true
-  }
-  if (remote.apiKey !== pc.modelGatewayToken) {
-    remote.apiKey = pc.modelGatewayToken
-    dirty = true
-  }
-
-  // Batch API not supported through proxy: enforce disabled
-  if (batch.enabled !== false) {
-    batch.enabled = false
-    dirty = true
-  }
-
-  if (dirty) {
-    remote.batch = batch
-    ms.remote = remote
-    defaults.memorySearch = ms
-    agents.defaults = defaults
-    config.agents = agents
-  }
-
-  return dirty
-}
-
-export function patchContextPruning(config: Record<string, unknown>): boolean {
-  const agents = (config.agents ?? {}) as Record<string, unknown>
-  const defaults = (agents.defaults ?? {}) as Record<string, unknown>
-  const cp = (defaults.contextPruning ?? {}) as Record<string, unknown>
-
-  // mode: set-if-missing — enable cache-ttl by default for cost savings,
-  // but don't override if an operator has explicitly configured it.
-  if (cp.mode === undefined) {
-    cp.mode = 'cache-ttl'
-    defaults.contextPruning = cp
-    agents.defaults = defaults
-    config.agents = agents
-    return true
-  }
-
-  return false
-}
-
-const DEFAULT_HEARTBEAT_MODEL = `${PROVIDER_NAME}/moonshotai/kimi-k2.5`
-
-function resolveDefaultHeartbeatModel(pc: ConfigPluginConfig): string {
-  return toProviderModelId(pc.defaultHeartbeatModel) || DEFAULT_HEARTBEAT_MODEL
-}
-
-export function patchHeartbeat(config: Record<string, unknown>, pc: ConfigPluginConfig): boolean {
-  let dirty = false
-  const agents = (config.agents ?? {}) as Record<string, unknown>
-  const defaults = (agents.defaults ?? {}) as Record<string, unknown>
-  const heartbeat = (defaults.heartbeat ?? {}) as Record<string, unknown>
-
-  // model: set-if-missing
-  if (!heartbeat.model) {
-    heartbeat.model = resolveDefaultHeartbeatModel(pc)
-    dirty = true
-  }
-
-  // lightContext: set-if-missing
-  if (heartbeat.lightContext === undefined) {
-    heartbeat.lightContext = true
-    dirty = true
-  }
-
-  if (dirty) {
-    defaults.heartbeat = heartbeat
-    agents.defaults = defaults
-    config.agents = agents
-  }
-
-  return dirty
-}
+// patchTts — migrated to clawly-config-defaults.json5
+// patchWebSearch — migrated to clawly-config-defaults.json5
+// patchMemorySearch — migrated to clawly-config-defaults.json5
+// patchHeartbeat — migrated to clawly-config-defaults.json5
 
 // TODO: Re-enable patchToolPolicy once rollback-safe (deny is sticky — rolling back
 // the plugin leaves web_search permanently denied). Tracked in ENG-1493.
@@ -552,7 +260,7 @@ export function patchHeartbeat(config: Record<string, unknown>, pc: ConfigPlugin
 // }
 
 export function patchEnvVars(
-  config: import('./types/openclaw').OpenClawConfig,
+  config: OpenClawConfig,
   pc: ConfigPluginConfig,
   api: PluginApi,
 ): boolean {
@@ -589,7 +297,7 @@ export function patchEnvVars(
   return dirty
 }
 
-export function patchSession(config: Record<string, unknown>): boolean {
+export function patchSession(config: OpenClawConfig): boolean {
   let dirty = false
 
   // Remove deprecated session.mainKey (OpenClaw v2026.1.5 hardcoded it to "main")
@@ -638,7 +346,7 @@ const INCLUDE_PATH = './extensions/clawly-plugins/clawly-config-defaults.json5'
  * Ensures our defaults file is listed in the config's `$include` array.
  * Returns true if `$include` was modified.
  */
-export function ensureInclude(config: Record<string, unknown>): boolean {
+export function ensureInclude(config: OpenClawConfig & Record<string, unknown>): boolean {
   const existing = config.$include
   let includes: string[]
 
@@ -685,7 +393,7 @@ const NPM_PKG_NAME = '@2en/clawly-plugins'
  * in the provision write-plugins-config step.  Without this record,
  * `openclaw plugins update` cannot function.
  */
-export function patchInstallRecord(config: Record<string, unknown>, stateDir: string): boolean {
+export function patchInstallRecord(config: OpenClawConfig, stateDir: string): boolean {
   const plugins = asObj(config.plugins)
   const installs = asObj(plugins.installs)
 
@@ -734,11 +442,7 @@ export function patchInstallRecord(config: Record<string, unknown>, stateDir: st
   return true
 }
 
-function repairLegacyProvisionState(
-  api: PluginApi,
-  config: Record<string, unknown>,
-  stateDir: string,
-) {
+function repairLegacyProvisionState(api: PluginApi, config: OpenClawConfig, stateDir: string) {
   const installRecordPatched = patchInstallRecord(config, stateDir)
   if (installRecordPatched) {
     api.logger.warn('plugins.installs.clawly-plugins was missing — self-healed from disk.')
@@ -746,10 +450,102 @@ function repairLegacyProvisionState(
   return installRecordPatched
 }
 
+/**
+ * Remove fields from config that are identical to the included defaults.
+ * Since `$include` deep-merges with main config winning, residual values
+ * from old JS set-if-missing code "shadow" the json5 defaults and prevent
+ * future default updates from taking effect.
+ *
+ * Only prunes leaf values that exactly match.
+ * Returns true if any field was deleted.
+ */
+function stableStringify(v: unknown): string {
+  if (v !== null && typeof v === 'object' && !Array.isArray(v)) {
+    const obj = v as Record<string, unknown>
+    return `{${Object.keys(obj)
+      .sort()
+      .map((k) => `${JSON.stringify(k)}:${stableStringify(obj[k])}`)
+      .join(',')}}`
+  }
+  return JSON.stringify(v)
+}
+
+export function pruneIncludedDefaults(
+  config: Record<string, unknown>,
+  defaults: Record<string, unknown>,
+): boolean {
+  let pruned = false
+
+  function walk(defaultsNode: Record<string, unknown>, configNode: Record<string, unknown>): void {
+    for (const key of Object.keys(defaultsNode)) {
+      const defaultVal = defaultsNode[key]
+      const configVal = configNode[key]
+      if (configVal === undefined) continue
+
+      // Both are plain objects → recurse
+      if (
+        defaultVal !== null &&
+        typeof defaultVal === 'object' &&
+        !Array.isArray(defaultVal) &&
+        configVal !== null &&
+        typeof configVal === 'object' &&
+        !Array.isArray(configVal)
+      ) {
+        walk(defaultVal as Record<string, unknown>, configVal as Record<string, unknown>)
+        // Clean up empty parent objects left behind after pruning
+        if (Object.keys(configVal as Record<string, unknown>).length === 0) {
+          delete configNode[key]
+          pruned = true
+        }
+        continue
+      }
+
+      // Both are non-empty arrays → remove config elements that exist in defaults
+      if (Array.isArray(defaultVal) && defaultVal.length > 0 && Array.isArray(configVal)) {
+        const defaultSet = new Set(defaultVal.map((v) => stableStringify(v)))
+        const filtered = configVal.filter((v) => !defaultSet.has(stableStringify(v)))
+        if (filtered.length !== configVal.length) {
+          if (filtered.length === 0) {
+            delete configNode[key]
+          } else {
+            configNode[key] = filtered
+          }
+          pruned = true
+        }
+        continue
+      }
+
+      // Leaf comparison: use stableStringify for key-order-insensitive deep equality
+      if (stableStringify(configVal) === stableStringify(defaultVal)) {
+        delete configNode[key]
+        pruned = true
+      }
+    }
+  }
+
+  walk(defaults, config)
+  return pruned
+}
+
+/**
+ * Load and parse clawly-config-defaults.json5 from the plugin install directory.
+ * Uses the bundled `json5` package (declared in package.json).
+ */
+function loadIncludedDefaults(stateDir: string): Record<string, unknown> | null {
+  const defaultsPath = path.join(stateDir, INCLUDE_PATH)
+  try {
+    const raw = fs.readFileSync(defaultsPath, 'utf-8')
+    return JSON5.parse(raw) as Record<string, unknown>
+  } catch {
+    return null
+  }
+}
+
 function reconcileRuntimeConfig(
   api: PluginApi,
-  config: Record<string, unknown>,
+  config: OpenClawConfig,
   pc: ConfigPluginConfig,
+  stateDir: string,
 ): boolean {
   // Ensure gateway credentials are available to all patchers.
   // After a force-update, runtime pluginConfig may be empty and on-disk
@@ -764,17 +560,20 @@ function reconcileRuntimeConfig(
   }
 
   let dirty = false
-  dirty = patchEnvVars(config as import('./types/openclaw').OpenClawConfig, pc, api) || dirty
+  dirty = patchEnvVars(config, pc, api) || dirty
   dirty = patchAgent(config, pc) || dirty
-  dirty = patchContextPruning(config) || dirty
-  dirty = patchHeartbeat(config, pc) || dirty
   dirty = patchGateway(config) || dirty
   dirty = patchBrowser(config) || dirty
   dirty = patchSession(config) || dirty
-  dirty = patchTts(config, pc) || dirty
-  dirty = patchWebSearch(config, pc) || dirty
-  dirty = patchMemorySearch(config, pc) || dirty
-  dirty = patchModelGateway(config as import('./types/openclaw').OpenClawConfig, api) || dirty
+  dirty = patchModelGateway(config, api) || dirty
+
+  const defaults = loadIncludedDefaults(stateDir)
+  if (defaults) {
+    dirty = pruneIncludedDefaults(config, defaults) || dirty
+  } else {
+    api.logger.warn('Config setup: failed to load included defaults, skipping dedup.')
+  }
+
   return dirty
 }
 
@@ -789,6 +588,15 @@ export function setupConfig(api: PluginApi): void {
     return
   }
 
+  // OpenClaw exposes three config layers:
+  //   parsed   — raw JSON from openclaw.json (no $include, no env expansion)
+  //   resolved — parsed + $include deep-merge + ${ENV} interpolation
+  //   runtime  — resolved + SecretRef resolution, cached in-memory snapshot
+  //
+  // We need parsed: patchers mutate raw fields and write back via
+  // writeConfigFile, which diffs against the runtime snapshot and projects
+  // changes onto the source file. Using resolved/runtime would inline
+  // $include defaults into openclaw.json, defeating the json5 migration.
   const configPath = path.join(stateDir, 'openclaw.json')
   const config = readOpenclawConfig(configPath)
   const pc = toPCMerged(api, config)
@@ -797,12 +605,20 @@ export function setupConfig(api: PluginApi): void {
   dirty = ensureInclude(config) || dirty
   hardenIncludePermissions(stateDir, api)
   dirty = repairLegacyProvisionState(api, config, stateDir) || dirty
-  dirty = reconcileRuntimeConfig(api, config, pc) || dirty
+  dirty = reconcileRuntimeConfig(api, config, pc, stateDir) || dirty
 
   if (dirty) {
     try {
       writeOpenclawConfig(configPath, config)
       api.logger.info('Config setup: patched openclaw.json.')
+      // Refresh the gateway's in-memory runtime config snapshot.
+      // The sync write above updates the file on disk, but the gateway
+      // caches config via runtimeConfigSnapshot (set during startup by
+      // the secrets system). Without this refresh, loadConfig() keeps
+      // returning the stale pre-patch config until the next restart.
+      void api.runtime.config.writeConfigFile(config).catch((err) => {
+        api.logger.warn(`Config setup: runtime snapshot refresh failed: ${(err as Error).message}`)
+      })
     } catch (err) {
       api.logger.error(`Config setup failed: ${(err as Error).message}`)
     }

package/gateway/index.ts

@@ -3,7 +3,6 @@ import {registerAgentSend} from './agent'
 import {registerCalendarNative} from './calendar-native'
 import {registerAnalytics} from './analytics'
 import {registerAudit} from './audit'
-import {registerNodeDangerousAllowlist} from './node-dangerous-allowlist'
 import {registerClawhub2gateway} from './clawhub2gateway'
 import {registerConfigRepair} from './config-repair'
 import {registerConfigTimezone} from './config-timezone'
@@ -64,6 +63,5 @@ export function registerGateway(api: PluginApi) {
   registerPairing(api)
   registerVersion(api)
   registerAudit(api)
-  registerNodeDangerousAllowlist(api)
   registerCalendarNative(api)
 }

package/gateway/offline-push.test.ts

@@ -73,6 +73,11 @@ function createMockApi(): {
   return {api, logs, handlers}
 }
 
+/** Event with a simple assistant message — needed since the skip-on-no-text guard. */
+const eventWithReply = {
+  messages: [{role: 'assistant', content: 'Hello from the assistant'}],
+}
+
 // ── Tests ────────────────────────────────────────────────────────
 
 beforeEach(() => {
@@ -89,7 +94,7 @@ describe('offline-push', () => {
     registerOfflinePush(api)
 
     const handler = handlers.get('agent_end')!
-    await handler({}, {sessionKey: 'agent:clawly:main'})
+    await handler(eventWithReply, {sessionKey: 'agent:clawly:main'})
 
     expect(logs).toContainEqual({
       level: 'info',
@@ -117,8 +122,8 @@ describe('offline-push', () => {
 
     const handler = handlers.get('agent_end')!
 
-    await handler({}, {sessionKey: 'agent:clawly:main'})
-    await handler({}, {sessionKey: 'agent:clawly:main'})
+    await handler(eventWithReply, {sessionKey: 'agent:clawly:main'})
+    await handler(eventWithReply, {sessionKey: 'agent:clawly:main'})
 
     expect(logs.filter((l) => l.msg.includes('notified'))).toHaveLength(2)
   })
@@ -129,11 +134,11 @@ describe('offline-push', () => {
 
     const handler = handlers.get('agent_end')!
 
-    await handler({}, {sessionKey: 'agent:clawly:main'})
+    await handler(eventWithReply, {sessionKey: 'agent:clawly:main'})
     expect(lastPushExtras).toEqual({badge: 1})
     expect(mockBadgeCount).toBe(1)
 
-    await handler({}, {sessionKey: 'agent:clawly:main'})
+    await handler(eventWithReply, {sessionKey: 'agent:clawly:main'})
     expect(lastPushExtras).toEqual({badge: 2})
     expect(mockBadgeCount).toBe(2)
   })
@@ -143,7 +148,7 @@ describe('offline-push', () => {
     const {api, handlers} = createMockApi()
     registerOfflinePush(api)
 
-    await handlers.get('agent_end')!({}, {sessionKey: 'agent:clawly:main'})
+    await handlers.get('agent_end')!(eventWithReply, {sessionKey: 'agent:clawly:main'})
 
     expect(lastPushExtras).toEqual({badge: 1})
     expect(mockBadgeCount).toBe(0) // incremented then decremented
@@ -153,7 +158,7 @@ describe('offline-push', () => {
     const {api, logs, handlers} = createMockApi()
     registerOfflinePush(api)
 
-    await handlers.get('agent_end')!({}, {sessionKey: 'agent:clawly:telegram:12345'})
+    await handlers.get('agent_end')!(eventWithReply, {sessionKey: 'agent:clawly:telegram:12345'})
 
     expect(logs).toContainEqual({
       level: 'info',
@@ -166,7 +171,9 @@ describe('offline-push', () => {
     const {api, logs, handlers} = createMockApi()
     registerOfflinePush(api)
 
-    await handlers.get('agent_end')!({}, {sessionKey: 'agent:clawly:cron:weather-check:run:abc123'})
+    await handlers.get('agent_end')!(eventWithReply, {
+      sessionKey: 'agent:clawly:cron:weather-check:run:abc123',
+    })
 
     expect(logs).toContainEqual({
       level: 'info',
@@ -180,7 +187,7 @@ describe('offline-push', () => {
     registerOfflinePush(api)
 
     const handler = handlers.get('agent_end')!
-    await handler({})
+    await handler(eventWithReply)
 
     expect(logs).toContainEqual({
       level: 'info',
@@ -192,7 +199,10 @@ describe('offline-push', () => {
     const {api, handlers} = createMockApi()
     registerOfflinePush(api)
 
-    await handlers.get('agent_end')!({}, {sessionKey: 'agent:clawly:main', agentId: 'luna'})
+    await handlers.get('agent_end')!(eventWithReply, {
+      sessionKey: 'agent:clawly:main',
+      agentId: 'luna',
+    })
 
     expect(lastPushOpts?.agentId).toBe('luna')
   })
@@ -201,8 +211,9 @@ describe('offline-push', () => {
     const {api, handlers} = createMockApi()
     registerOfflinePush(api)
 
-    await handlers.get('agent_end')!({}, {sessionKey: 'agent:clawly:main'})
+    await handlers.get('agent_end')!(eventWithReply, {sessionKey: 'agent:clawly:main'})
 
+    expect(lastPushOpts).not.toBeNull()
     expect(lastPushOpts?.title).toBeUndefined()
   })
 
@@ -223,17 +234,21 @@ describe('offline-push', () => {
     expect(lastPushOpts?.body).toBe('Hi there! How can I help you today?')
   })
 
-  test('body falls back when no messages', async () => {
-    const {api, handlers} = createMockApi()
+  test('skips push when no messages (no extractable text)', async () => {
+    const {api, logs, handlers} = createMockApi()
     registerOfflinePush(api)
 
     await handlers.get('agent_end')!({}, {sessionKey: 'agent:clawly:main'})
 
-    expect(lastPushOpts?.body).toBe('Your response is ready')
+    expect(lastPushOpts).toBeNull()
+    expect(logs).toContainEqual({
+      level: 'warn',
+      msg: expect.stringContaining('skipped (no extractable assistant text)'),
+    })
   })
 
-  test('body falls back when messages has no assistant role', async () => {
-    const {api, handlers} = createMockApi()
+  test('skips push when messages has no assistant role', async () => {
+    const {api, logs, handlers} = createMockApi()
     registerOfflinePush(api)
 
     await handlers.get('agent_end')!(
@@ -241,7 +256,11 @@ describe('offline-push', () => {
       {sessionKey: 'agent:clawly:main'},
     )
 
-    expect(lastPushOpts?.body).toBe('Your response is ready')
+    expect(lastPushOpts).toBeNull()
+    expect(logs).toContainEqual({
+      level: 'warn',
+      msg: expect.stringContaining('skipped (no extractable assistant text)'),
+    })
   })
 
   test('body strips [[type:value]] placeholders', async () => {
@@ -580,15 +599,15 @@ describe('offline-push with filtered messages', () => {
     })
   })
 
-  test('sends push when event has no messages (safe default)', async () => {
+  test('skips push when event has no messages (no extractable text)', async () => {
     const {api, logs, handlers} = createMockApi()
     registerOfflinePush(api)
 
     await handlers.get('agent_end')!({}, {sessionKey: 'agent:clawly:main'})
 
     expect(logs).toContainEqual({
-      level: 'info',
-      msg: expect.stringContaining('notified (session=agent:clawly:main)'),
+      level: 'warn',
+      msg: expect.stringContaining('skipped (no extractable assistant text)'),
     })
   })
 })

package/gateway/offline-push.ts

@@ -226,6 +226,7 @@ export function registerOfflinePush(api: PluginApi) {
 
       // Extract full assistant text for filtering and preview.
       const fullText = getLastAssistantText(event.messages)
+      const triggerText = getTriggeringUserText(event.messages)
 
       // Skip if the message would be filtered by the mobile UI.
       if (fullText != null) {
@@ -270,6 +271,33 @@ export function registerOfflinePush(api: PluginApi) {
         return
       }
 
+      // Defensive: if we can't extract assistant text, sending a generic
+      // "Your response is ready" is never useful — the message likely wasn't
+      // persisted to the transcript either, so the user opens the app to nothing.
+      // Log the messages structure for debugging, then bail.
+      if (fullText == null || fullText === '') {
+        const msgCount = Array.isArray(event.messages) ? event.messages.length : 'n/a'
+        const lastRoles = Array.isArray(event.messages)
+          ? event.messages
+              .slice(-5)
+              .map(
+                (m: any) =>
+                  `${m?.role ?? '?'}(${typeof m?.content === 'string' ? 'str' : Array.isArray(m?.content) ? `parts:${m.content.length}` : typeof m?.content})`,
+              )
+              .join(', ')
+          : 'n/a'
+        api.logger.warn(
+          `offline-push: skipped (no extractable assistant text) msgCount=${msgCount} lastRoles=[${lastRoles}] triggerText=${triggerText ? `"${triggerText.slice(0, 80)}"` : 'null'}`,
+        )
+        if (isCron) markCronPushSkipped(sessionKey!, 'no extractable text', false)
+        captureEvent('push.skipped', {
+          reason: 'no_extractable_text',
+          is_cron: isCron,
+          ...(sessionKey ? {session_key: sessionKey} : {}),
+        })
+        return
+      }
+
       // Only send push for the main clawly mobile session and cron sessions —
       // skip channel sessions (telegram, slack, discord, etc.) which have their own delivery.
       if (sessionKey !== undefined && sessionKey !== 'agent:clawly:main' && !isCron) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@2en/clawly-plugins",
-  "version": "1.30.0-beta.3",
+  "version": "1.30.0-beta.4",
   "module": "index.ts",
   "type": "module",
   "repository": {
@@ -14,6 +14,7 @@
     "@opentelemetry/resources": "^1.30.0",
     "@opentelemetry/sdk-logs": "^0.57.0",
     "file-type": "^21.3.0",
+    "json5": "^2.2.3",
     "mime": "^4.1.0",
     "posthog-node": "^5.28.0",
     "zx": "npm:zx@8.8.5-lite"

package/types.ts

@@ -22,7 +22,7 @@ export type PluginRuntimeCore = {
   version: string
   config: {
     loadConfig: (...args: unknown[]) => unknown
-    writeConfigFile: (...args: unknown[]) => unknown
+    writeConfigFile: (config: OpenClawConfig) => Promise<unknown>
   }
   system: {
     enqueueSystemEvent: (...args: unknown[]) => void

package/gateway/node-dangerous-allowlist.ts

@@ -1,84 +0,0 @@
-/**
- * Ensures all dangerous node commands are in gateway.nodes.allowCommands
- * so the AI agent can invoke them on connected Clawly nodes.
- *
- * Dangerous commands are defined by OpenClaw's node-command-policy and
- * must be explicitly allowlisted. Safe commands work without allowlisting.
- *
- * Runs on gateway_start. Writes directly to openclaw.json via
- * writeOpenclawConfig (no restart triggered — gateway.* changes are
- * classified as "none" by the config watcher).
- */
-import path from 'node:path'
-
-import type {PluginApi} from '../types'
-import {readOpenclawConfig, writeOpenclawConfig} from '../model-gateway-setup'
-
-const DANGEROUS_COMMANDS = [
-  // Browser commands (Mac nodes)
-  'browser.proxy',
-  'browser.navigate',
-  'browser.click',
-  'browser.type',
-  'browser.screenshot',
-  'browser.read',
-  'browser.tabs',
-  'browser.back',
-  'browser.scroll',
-  'browser.evaluate',
-  // Reminders + calendar (iOS nodes)
-  'reminders.add',
-  'calendar.add',
-  // Device permissions (iOS nodes) — not in OpenClaw's iOS defaults
-  'device.permissions',
-  'device.requestPermission',
-]
-
-export function registerNodeDangerousAllowlist(api: PluginApi) {
-  api.on('gateway_start', async () => {
-    let stateDir: string
-    try {
-      stateDir = api.runtime.state.resolveStateDir()
-    } catch {
-      api.logger.warn('node-dangerous-allowlist: cannot resolve state dir, skipping')
-      return
-    }
-
-    const configPath = path.join(stateDir, 'openclaw.json')
-    let config: Record<string, unknown>
-    try {
-      config = readOpenclawConfig(configPath)
-    } catch {
-      api.logger.warn('node-dangerous-allowlist: failed to read config, skipping')
-      return
-    }
-
-    const gateway = (config.gateway as Record<string, unknown>) ?? {}
-    const nodes = (gateway.nodes as Record<string, unknown>) ?? {}
-    const existing: string[] = Array.isArray(nodes.allowCommands)
-      ? (nodes.allowCommands as string[])
-      : []
-
-    const existingSet = new Set(existing)
-    const toAdd = DANGEROUS_COMMANDS.filter((cmd) => !existingSet.has(cmd))
-
-    if (toAdd.length === 0) {
-      api.logger.info('node-dangerous-allowlist: all commands already allowlisted')
-      return
-    }
-
-    nodes.allowCommands = [...existing, ...toAdd]
-    gateway.nodes = nodes
-    config.gateway = gateway
-
-    try {
-      writeOpenclawConfig(configPath, config)
-    } catch {
-      api.logger.warn('node-dangerous-allowlist: failed to write config')
-      return
-    }
-    api.logger.info(
-      `node-dangerous-allowlist: added ${toAdd.length} commands to allowlist: ${toAdd.join(', ')}`,
-    )
-  })
-}