@a1hvdy/cc-openclaw 0.27.13 → 0.30.0

package/dist/src/channels/telegram-mirror/askuser.d.ts

@@ -33,6 +33,16 @@ interface ParsedQuestion {
     multiSelect: boolean;
     options: QOption[];
 }
+/**
+ * v0.28.0 — build a single inline button that, when tapped, resumes a Claude
+ * Code session. Reuses the proven askuser callback path: the payload is stashed
+ * in the shared (globalThis-anchored) CallbackMap and the callback_data is
+ * `ccmirror:<id>`, so taps route through the same before_dispatch interceptor.
+ */
+export declare function buildResumeButton(uuid: string, label: string): {
+    text: string;
+    callback_data: string;
+};
 /** Minimal subset of the registerInteractiveHandler ctx we use. */
 export interface InteractiveCtx {
     callback: {

package/dist/src/channels/telegram-mirror/askuser.js

@@ -27,6 +27,19 @@ import { probeInjectionEnqueued } from '../../lib/probes.js';
 /** Namespace prefix for callback_data so api.registerInteractiveHandler routes
  *  taps here. Matched at the first ':' by the gateway (must be [A-Za-z0-9._-]+). */
 export const ASKUSER_NS = 'ccmirror';
+function getResumeBridge() {
+    return globalThis[Symbol.for('cc-openclaw:resume-bridge')];
+}
+/**
+ * v0.28.0 — build a single inline button that, when tapped, resumes a Claude
+ * Code session. Reuses the proven askuser callback path: the payload is stashed
+ * in the shared (globalThis-anchored) CallbackMap and the callback_data is
+ * `ccmirror:<id>`, so taps route through the same before_dispatch interceptor.
+ */
+export function buildResumeButton(uuid, label) {
+    const id = _cb.create({ kind: 'resume', uuid });
+    return { text: label, callback_data: `${ASKUSER_NS}:${id}` };
+}
 // v0.26.5 — ALL askuser state is globalThis-anchored. captureAskUserQuestion is
 // reached via turn-bridge's module graph while handleTap is reached via the
 // inbound-handler graph; those can be SEPARATE module instances in the same
@@ -218,6 +231,37 @@ export async function handleTap(ctx, api) {
         await answerCb(ctx, 'This prompt expired.');
         return;
     }
+    // v0.28.0 — session-picker resume tap. Not tied to a question (no qid):
+    // resolve the chat from the tap ctx and fire the resume bridge immediately.
+    if (payload.kind === 'resume') {
+        await answerCb(ctx, 'Resuming…');
+        const conv = String(ctx.conversationId ?? (ctx.chatId ?? ''));
+        let chatPart = conv;
+        let threadId;
+        const ti = conv.indexOf(':topic:');
+        if (ti >= 0) {
+            chatPart = conv.slice(0, ti);
+            threadId = conv.slice(ti + ':topic:'.length);
+        }
+        if (!chatPart) {
+            process.stderr.write('[cc-openclaw/askuser] resume tap: no chat resolved\n');
+            return;
+        }
+        const bridge = getResumeBridge();
+        if (!bridge) {
+            await sendTg(chatPart, `Resume bridge unavailable — type <code>/cc resume ${escapeHtml(payload.uuid)}</code>`, threadId);
+            return;
+        }
+        try {
+            const text = bridge(chatPart, threadId, payload.uuid);
+            await sendTg(chatPart, escapeHtml(text), threadId);
+            process.stderr.write(`[cc-openclaw/askuser] resume fired uuid=${payload.uuid} chat=${chatPart}\n`);
+        }
+        catch (err) {
+            await sendTg(chatPart, `Resume failed: ${escapeHtml(err.message)}`, threadId);
+        }
+        return;
+    }
     const s = _questions.get(payload.qid);
     if (!s) {
         await answerCb(ctx, 'This prompt is no longer active.');

package/dist/src/channels/telegram-mirror/commands.d.ts

@@ -96,6 +96,18 @@ export interface ParsedSlash {
     args: string[];
 }
 export declare function parseSlash(text: string): ParsedSlash | undefined;
+/**
+ * v0.28.0 — `/sessions` is now a `claude -r`-style picker over the REAL Claude
+ * Code sessions. It mirrors `~/.claude/projects/**` (the store every `claude`
+ * subprocess — terminal or cco-spawned — writes to), so one list spans both
+ * surfaces. Each row shows the session's own ai-title (name) + last-prompt
+ * (description); tapping resumes it immediately via the globalThis resume
+ * bridge. Buttons use the proven `ccmirror:` callback path (buildResumeButton).
+ *
+ * The previous registry-backed keyboard (buildSessionsKeyboard / enrichRows)
+ * is retired here: its "switch" callbacks were never wired (M4 stub), and the
+ * slug registry only ever saw cco-Telegram sessions, not terminal ones.
+ */
 export declare function handleSessions(ctx: CommandContext): CommandResult;
 export declare function handleNew(ctx: CommandContext): CommandResult;
 export declare function handleStop(ctx: CommandContext): CommandResult;

package/dist/src/channels/telegram-mirror/commands.js

@@ -26,8 +26,12 @@
  *   • Plan attachment via sendDocument (M9).
  */
 import { register, unregister, list, getBySlug, } from '../../lib/session-registry.js';
-import { buildSessionsKeyboard, formatLastActivity, } from './sessions-keyboard.js';
+import { formatLastActivity, } from './sessions-keyboard.js';
 import { stubQuotaReader } from './quota-reader.js';
+import { scanClaudeCliSessions } from '../../lib/cc-cli-scan.js';
+import { buildResumeButton } from './askuser.js';
+import { escapeHtml } from '../../lib/html-render.js';
+import { basename } from 'node:path';
 export function parseSlash(text) {
     const trimmed = text.trim();
     if (!trimmed.startsWith('/'))
@@ -48,25 +52,59 @@ function enrichRows(entries, stateLookup) {
         lastUsedAt: e.lastUsedAt,
     }));
 }
+/**
+ * v0.28.0 — `/sessions` is now a `claude -r`-style picker over the REAL Claude
+ * Code sessions. It mirrors `~/.claude/projects/**` (the store every `claude`
+ * subprocess — terminal or cco-spawned — writes to), so one list spans both
+ * surfaces. Each row shows the session's own ai-title (name) + last-prompt
+ * (description); tapping resumes it immediately via the globalThis resume
+ * bridge. Buttons use the proven `ccmirror:` callback path (buildResumeButton).
+ *
+ * The previous registry-backed keyboard (buildSessionsKeyboard / enrichRows)
+ * is retired here: its "switch" callbacks were never wired (M4 stub), and the
+ * slug registry only ever saw cco-Telegram sessions, not terminal ones.
+ */
 export function handleSessions(ctx) {
-    const entries = list();
-    const stateLookup = ctx.stateLookup ?? (() => 'idle');
-    const rows = enrichRows(entries, stateLookup);
-    const kb = buildSessionsKeyboard({
-        rows,
-        callbackMap: ctx.callbackMap,
-        now: ctx.now,
+    const now = ctx.now ?? Date.now();
+    const all = scanClaudeCliSessions();
+    const shown = all.slice(0, 8);
+    if (shown.length === 0) {
+        return {
+            actions: [
+                {
+                    type: 'sendMessage',
+                    chat_id: ctx.chatId,
+                    text: 'No resumable Claude Code sessions in the last 7 days.',
+                },
+            ],
+        };
+    }
+    const trunc = (s, n) => (s.length > n ? `${s.slice(0, n - 1)}…` : s);
+    const bodyLines = ['🔵 <b>Resumable Claude Code sessions</b> — tap to resume:', ''];
+    const rows = [];
+    shown.forEach((s, i) => {
+        const n = i + 1;
+        const title = trunc(s.title || `session ${s.uuid.slice(0, 8)}`, 60);
+        const desc = trunc(s.desc || '', 70);
+        const rel = formatLastActivity(new Date(s.mtimeMs).toISOString(), now);
+        const where = s.cwd ? basename(s.cwd) : '';
+        const metaLine = [rel, where].filter(Boolean).join(' · ');
+        bodyLines.push(desc
+            ? `<b>${n}.</b> ${escapeHtml(title)} — <i>${escapeHtml(desc)}</i>  <code>${escapeHtml(metaLine)}</code>`
+            : `<b>${n}.</b> ${escapeHtml(title)}  <code>${escapeHtml(metaLine)}</code>`);
+        const btnLabel = `${n} · ${trunc(s.title || s.uuid.slice(0, 8), 28)} · ${rel}`;
+        rows.push([buildResumeButton(s.uuid, btnLabel)]);
     });
-    const header = entries.length === 0
-        ? 'No sessions registered yet. Tap ➕ New to create one.'
-        : `Sessions (${entries.length})${kb.pageCount > 1 ? ` · page ${kb.page + 1}/${kb.pageCount}` : ''}`;
+    if (all.length > shown.length) {
+        bodyLines.push('', `<i>+${all.length - shown.length} older — resume by id: /cc resume &lt;uuid&gt;</i>`);
+    }
     return {
         actions: [
             {
                 type: 'sendMessage',
                 chat_id: ctx.chatId,
-                text: header,
-                reply_markup: { inline_keyboard: kb.inline_keyboard },
+                text: bodyLines.join('\n'),
+                reply_markup: { inline_keyboard: rows },
             },
         ],
     };

package/dist/src/channels/telegram-mirror/turn-bridge.d.ts

@@ -77,6 +77,16 @@ export declare function pushAssistantText(text: string): void;
  * thinking-visibility setting rather than leaking reasoning unconditionally.
  */
 export declare function pushThinking(text: string): void;
+/**
+ * #4 (dual-surface seam) — extract just the model's `★ Insight ─...─` block from
+ * the full answer text, for display as the finalized card's takeaway when the
+ * card no longer mirrors the whole answer (CC_OPENCLAW_CARD_ANSWER_MIRROR off,
+ * the default). Returns the block verbatim (renderTurn preserves ★ Insight
+ * inline), or '' when the answer carries no insight block → a clean
+ * status/tools/✓ Done card with no answer text. Matches the model's emitted
+ * shape: a `★ Insight` opener through the next box-drawing divider line.
+ */
+export declare function extractInsightForCard(fullText: string): string;
 /**
  * Finalize every active card at the END of a model turn. Flips each card's
  * turn to 'done' (so renderTurn shows "✓ Done"), repaints once, and removes

package/dist/src/channels/telegram-mirror/turn-bridge.js

@@ -259,6 +259,31 @@ export function pushThinking(text) {
         void repaint(chatId, /* force */ false);
     }
 }
+/**
+ * #4 (dual-surface seam) — extract just the model's `★ Insight ─...─` block from
+ * the full answer text, for display as the finalized card's takeaway when the
+ * card no longer mirrors the whole answer (CC_OPENCLAW_CARD_ANSWER_MIRROR off,
+ * the default). Returns the block verbatim (renderTurn preserves ★ Insight
+ * inline), or '' when the answer carries no insight block → a clean
+ * status/tools/✓ Done card with no answer text. Matches the model's emitted
+ * shape: a `★ Insight` opener through the next box-drawing divider line.
+ */
+export function extractInsightForCard(fullText) {
+    if (!fullText)
+        return '';
+    const start = fullText.indexOf('★ Insight');
+    if (start === -1)
+        return '';
+    const lines = fullText.slice(start).split('\n');
+    const out = [];
+    for (let i = 0; i < lines.length; i++) {
+        out.push(lines[i]);
+        // Closing divider: a line of ≥5 box-drawing / hyphen dashes after the opener.
+        if (i > 0 && /^[─-]{5,}\s*$/.test(lines[i].trim()))
+            break;
+    }
+    return out.join('\n').trim();
+}
 /**
  * Finalize every active card at the END of a model turn. Flips each card's
  * turn to 'done' (so renderTurn shows "✓ Done"), repaints once, and removes
@@ -284,21 +309,25 @@ export async function finalizeActiveCards(deliveredText) {
         card.sm.end(chatId);
         const turn = card.sm.getTurn(chatId);
         if (turn) {
-            // v0.26.4 dedup — drop the assistant text from the FINALIZED card. It
-            // streamed live during the turn (good), but the OpenClaw gateway also
-            // delivers the final reply as its own message; keeping it on the done
-            // card too made the answer appear twice (A1's duplicate-response bug).
-            // The plugin can't suppress the gateway reply (no suppressUserDelivery
-            // knob), so the card yields the final text and finalizes to a clean
-            // status/tools/✓ Done activity view. renderTurn itself is unchanged.
+            // #4 dual-surface seam — the FINALIZED card's answer text is whatever the
+            // caller hands in via `deliveredText`; this function no longer decides
+            // dedup policy, the openai-compat handlers do (they know the gateway's
+            // delivery state). The three cases the callers pass:
+            //
+            //   • happy path, default (CC_OPENCLAW_CARD_ANSWER_MIRROR off): the caller
+            //     passes ONLY the extracted ★ Insight block (extractInsightForCard).
+            //     The card finalizes to status/tools/✓ Done + the short takeaway; the
+            //     gateway's native draft message is the sole full-answer surface. No
+            //     double-stream, no "answer vanishes then reappears" seam.
+            //   • happy path, legacy (flag on): the caller passes '' — the old v0.26.4
+            //     dedup, where the full answer streamed live on the card then blanked
+            //     here so it wasn't duplicated by the gateway reply.
+            //   • disconnect (v0.27.6 Killer #2): the gateway socket died mid-turn and
+            //     delivers NOTHING separately, so the caller passes the FULL accumulated
+            //     text and the card KEEPS the whole report as the sole delivery channel.
             //
-            // v0.27.6 disconnect exception (Killer #2 report-drop) — when the gateway
-            // socket died mid-turn the gateway delivers NOTHING separately, so the
-            // dedup assumption breaks and wiping the text yields total silence
-            // ("✓ Done" then nothing). The caller passes the accumulated text in that
-            // case (deliveredText); the finalized card then KEEPS the full report as
-            // the sole delivery channel. On the happy path deliveredText is undefined
-            // → '' → behavior unchanged (gateway delivers, no duplicate).
+            // There is still no upstream suppressUserDelivery knob, so the card never
+            // tries to be the answer pane on the happy path. renderTurn is unchanged.
             turn.assistantText = deliveredText ?? '';
             try {
                 await editTg(chatId, card.messageId, renderTurn(turn, card.meta));

package/dist/src/command-router/cc-handler.d.ts

@@ -39,6 +39,7 @@ export interface CcCommand {
     prompt?: string;
     target?: string;
 }
+export type ResumeBridge = (chatId: string, threadId: string | undefined, uuid: string) => string;
 /**
  * Parse a raw input string into a CcCommand.
  * Returns null if the input is not a /cc or /cc+ command.

package/dist/src/command-router/cc-handler.js

@@ -38,6 +38,13 @@ const activeSessions = new Map();
 function _deps() {
     return { sessionManager: sessionManager, activeSessions, logger };
 }
+const RESUME_BRIDGE_KEY = Symbol.for('cc-openclaw:resume-bridge');
+globalThis[RESUME_BRIDGE_KEY] = ((chatId, threadId, uuid) => {
+    if (!sessionManager) {
+        return 'Claude Code handler not ready — try again in a few seconds.';
+    }
+    return handleResume(_deps(), chatId, threadId, uuid).text;
+});
 // ── parseCcCommand — pure exported parser ─────────────────────────────────
 /**
  * Parse a raw input string into a CcCommand.

package/dist/src/command-router/resume-policy.js

@@ -13,7 +13,38 @@
  */
 import { DEFAULT_CWD, sessionMapKey, saveSession, loadSession, loadSessionById, scanAllSessions, IDLE_TIMEOUT_MS, ACK_TIMEOUT_MS, scheduleIdle, _postTurnContextCheck, } from './launch-policy.js';
 import { sendDirectReply } from './turn-formatter.js';
+import { findCliSession, isFullClaudeUuid } from '../lib/cc-cli-scan.js';
 const PLUGIN_TAG = '[cc-openclaw/resume-policy]';
+/**
+ * Synthesize a SessionMeta for a Claude Code CLI session that cc-openclaw never
+ * created itself (a terminal `claude` session, or one started before this build).
+ * The transcript lives in `~/.claude/projects/<cwd>/<uuid>.jsonl`; we only need
+ * its uuid (the resumeSessionId) and the cwd it ran in. chatId is bound to the
+ * CURRENT chat so the resumed session belongs to whoever tapped/typed — this is
+ * the cross-surface bridge: start in the terminal, continue from Telegram.
+ */
+function synthCliMeta(uuid, chatId, threadId) {
+    const hit = findCliSession(uuid);
+    const short = uuid.replace(/-/g, '').slice(0, 8);
+    return {
+        id: short,
+        slug: `cli-${short}`,
+        sessionName: `cc-cli-${short}`,
+        chatId,
+        threadId,
+        senderId: '',
+        state: 'idle',
+        instruction: hit?.title || 'resumed CLI session',
+        turns: 0,
+        startedAt: new Date().toISOString(),
+        completedAt: null,
+        lastContinuedAt: null,
+        claudeSessionId: uuid.toLowerCase(),
+        cwd: hit?.cwd || DEFAULT_CWD,
+        output: null,
+        error: null,
+    };
+}
 // ── Continuation Handler ──────────────────────────────────────────────────
 export function handleContinuation(deps, prompt, chatId, threadId) {
     const { sessionManager, activeSessions, logger } = deps;
@@ -102,6 +133,11 @@ export function handleResume(deps, chatId, threadId, targetSlug) {
         if (!meta) {
             meta = loadSession(targetSlug);
         }
+        // Mirrored Claude Code CLI session — not in cco's own store, but resumable
+        // straight from its transcript via `claude --resume <uuid>`.
+        if (!meta && isFullClaudeUuid(targetSlug)) {
+            meta = synthCliMeta(targetSlug, chatId, threadId);
+        }
         if (!meta) {
             return { handled: true, text: `Session "${targetSlug}" not found.` };
         }

package/dist/src/lib/cache-parity-decide.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Content-addressed cache-parity decision (v0.30.0).
+ *
+ * Problem (diagnosed 2026-05-23 from the live sysprompt-cost telemetry):
+ * cc-openclaw's cache-parity registry is keyed by sessionKey. The cache HIT
+ * path strips the role:system messages so the Claude CLI subprocess reuses its
+ * already-cached `--append-system-prompt` block; a MISS inlines the full ~7K
+ * system prompt into the user message (uncached). On the live box, 70% of all
+ * cache misses were `session_unknown` — the FIRST turn of a session, where the
+ * registry has no entry yet. Telegram conversations are short (median 1 turn /
+ * session, 23 of 35 single-turn), so cold-start dominated: the hit rate stalled
+ * at ~75% vs the terminal CLI's ~95%. The dynamic-envelope churn we originally
+ * set out to fix was only ~7.5% of turns.
+ *
+ * Key observation: every Savvy session shares the *identical* system prefix
+ * (same SOUL/USER/AGENTS/TOOLS/MEMORY + harness ⇒ same sysHash). So a brand-new
+ * session whose sysHash was already seen for some *other* session is a
+ * known-good prefix — its `--append-system-prompt` will be injected at
+ * startSession from the registry entry the route patch writes this same turn,
+ * so it is SAFE to strip the redundant inline and ride the cached path on
+ * turn 1 instead of re-billing the full prompt.
+ *
+ * Safety: the "warm-hash hit" only applies when the session is NEW (not yet in
+ * the SessionManager) — that guarantees startSession runs and appends the
+ * prompt. An EXISTING session missing its registry entry (e.g. registry wiped
+ * mid-life) keeps the legacy inline path so the model never loses its system
+ * prompt. A `hash_mismatch` (entry exists, different hash = genuine mid-session
+ * churn) also stays on the inline path: the CLI's append still holds the OLD
+ * prompt, so the new one must be delivered in-band.
+ *
+ * Pure + side-effect-free so the decision is unit-testable independent of the
+ * EmbeddedServer route closure (matches the codebase's pure-helper pattern:
+ * isPersistedSessionFresh, shouldWriteThroughResumeId).
+ */
+export type CacheParityAction = 'hit' | 'warm-hash-hit' | 'miss';
+export interface CacheParityDecisionInput {
+    /** Registry entry for THIS sessionKey, if any. */
+    entry: {
+        hash: string;
+    } | undefined;
+    /** sha1 of the (stripped) system content for this turn. */
+    sysHash: string;
+    /** True if sysHash has been seen for ANY session this process (known-good prefix). */
+    knownHash: boolean;
+    /**
+     * True if the SessionManager has no live session for this key yet. A new
+     * session guarantees startSession runs and injects appendSystemPrompt from
+     * the registry, which is what makes stripping the inline safe.
+     */
+    sessionIsNew: boolean;
+}
+/**
+ * Decide how the route patch should treat the system prompt this turn.
+ *
+ *  - 'hit'           → registry entry matches this session: strip role:system,
+ *                      ride the already-cached append.
+ *  - 'warm-hash-hit' → new session + known-good prefix: write the registry
+ *                      entry (so startSession appends it), strip role:system,
+ *                      ride the cached path. Closes the cold-start gap.
+ *  - 'miss'          → inline the system prompt into the user message (the safe
+ *                      legacy path): first-ever prefix, genuine churn, or an
+ *                      existing session that lost its registry entry.
+ */
+export declare function decideCacheParityAction(input: CacheParityDecisionInput): CacheParityAction;

package/dist/src/lib/cache-parity-decide.js

@@ -0,0 +1,54 @@
+/**
+ * Content-addressed cache-parity decision (v0.30.0).
+ *
+ * Problem (diagnosed 2026-05-23 from the live sysprompt-cost telemetry):
+ * cc-openclaw's cache-parity registry is keyed by sessionKey. The cache HIT
+ * path strips the role:system messages so the Claude CLI subprocess reuses its
+ * already-cached `--append-system-prompt` block; a MISS inlines the full ~7K
+ * system prompt into the user message (uncached). On the live box, 70% of all
+ * cache misses were `session_unknown` — the FIRST turn of a session, where the
+ * registry has no entry yet. Telegram conversations are short (median 1 turn /
+ * session, 23 of 35 single-turn), so cold-start dominated: the hit rate stalled
+ * at ~75% vs the terminal CLI's ~95%. The dynamic-envelope churn we originally
+ * set out to fix was only ~7.5% of turns.
+ *
+ * Key observation: every Savvy session shares the *identical* system prefix
+ * (same SOUL/USER/AGENTS/TOOLS/MEMORY + harness ⇒ same sysHash). So a brand-new
+ * session whose sysHash was already seen for some *other* session is a
+ * known-good prefix — its `--append-system-prompt` will be injected at
+ * startSession from the registry entry the route patch writes this same turn,
+ * so it is SAFE to strip the redundant inline and ride the cached path on
+ * turn 1 instead of re-billing the full prompt.
+ *
+ * Safety: the "warm-hash hit" only applies when the session is NEW (not yet in
+ * the SessionManager) — that guarantees startSession runs and appends the
+ * prompt. An EXISTING session missing its registry entry (e.g. registry wiped
+ * mid-life) keeps the legacy inline path so the model never loses its system
+ * prompt. A `hash_mismatch` (entry exists, different hash = genuine mid-session
+ * churn) also stays on the inline path: the CLI's append still holds the OLD
+ * prompt, so the new one must be delivered in-band.
+ *
+ * Pure + side-effect-free so the decision is unit-testable independent of the
+ * EmbeddedServer route closure (matches the codebase's pure-helper pattern:
+ * isPersistedSessionFresh, shouldWriteThroughResumeId).
+ */
+/**
+ * Decide how the route patch should treat the system prompt this turn.
+ *
+ *  - 'hit'           → registry entry matches this session: strip role:system,
+ *                      ride the already-cached append.
+ *  - 'warm-hash-hit' → new session + known-good prefix: write the registry
+ *                      entry (so startSession appends it), strip role:system,
+ *                      ride the cached path. Closes the cold-start gap.
+ *  - 'miss'          → inline the system prompt into the user message (the safe
+ *                      legacy path): first-ever prefix, genuine churn, or an
+ *                      existing session that lost its registry entry.
+ */
+export function decideCacheParityAction(input) {
+    const { entry, sysHash, knownHash, sessionIsNew } = input;
+    if (entry && entry.hash === sysHash)
+        return 'hit';
+    if (!entry && knownHash && sessionIsNew)
+        return 'warm-hash-hit';
+    return 'miss';
+}

package/dist/src/lib/cc-cli-scan.d.ts

@@ -0,0 +1,52 @@
+/**
+ * src/lib/cc-cli-scan.ts — v0.28.0.
+ *
+ * Mirror (read-only) the actual Claude Code CLI sessions so they can be listed
+ * and resumed from Telegram, exactly like `claude -r` / `claude --resume`.
+ *
+ * Why "mirror, not migrate": cc-openclaw IS a `claude` subprocess wrapper, and
+ * both the terminal CLI and every cco-spawned session write their transcript to
+ * the SAME store — `~/.claude/projects/<encoded-cwd>/<sessionId>.jsonl`. So
+ * `claude --resume <uuid>` already resumes any session in that tree regardless
+ * of who created it. The filesystem is the sync layer; copying into a parallel
+ * registry would only create drift. We read this tree at list-time, never write.
+ *
+ * Each jsonl already carries the metadata a picker needs:
+ *   { "type":"ai-title",    "aiTitle":"…",    "sessionId":"<uuid>" }  ← name
+ *   { "type":"last-prompt", "lastPrompt":"…", "sessionId":"<uuid>" }  ← description
+ *   { "type":"user", "cwd":"/home/a1xai", … }                        ← resume cwd
+ * The filename (minus .jsonl) is the resumable sessionId (uuid).
+ *
+ * No fabrication: a session with no parseable title falls back to its first
+ * user message, then to the short uuid — never an invented label.
+ */
+export interface CliSession {
+    /** jsonl filename (minus .jsonl) === Claude session id. Pass to --resume. */
+    uuid: string;
+    /** ai-title if present, else first user message, else ''. */
+    title: string;
+    /** last-prompt if present, else first user message, else ''. */
+    desc: string;
+    /** cwd recorded in the transcript — required to resume the right session. */
+    cwd: string;
+    /** File mtime in ms — proxy for last activity. */
+    mtimeMs: number;
+}
+export interface ScanOpts {
+    /** Only sessions touched within this many ms (default 7 days). 0 = no limit. */
+    maxAgeMs?: number;
+    /** Only sessions whose recorded cwd matches exactly. */
+    cwdFilter?: string;
+    /** Cap the number of results (after sort-by-recency). */
+    limit?: number;
+}
+/**
+ * Scan `~/.claude/projects` for resumable Claude Code sessions, newest first.
+ * Best-effort and side-effect-free: any unreadable dir/file is skipped, never
+ * thrown. Returns [] when the store is absent.
+ */
+export declare function scanClaudeCliSessions(opts?: ScanOpts): CliSession[];
+/** Look up a single CLI session by full uuid (case-insensitive). */
+export declare function findCliSession(uuid: string): CliSession | undefined;
+/** True if the string is a full Claude session uuid (not the 8-hex cco short id). */
+export declare function isFullClaudeUuid(s: string): boolean;

package/dist/src/lib/cc-cli-scan.js

@@ -0,0 +1,217 @@
+/**
+ * src/lib/cc-cli-scan.ts — v0.28.0.
+ *
+ * Mirror (read-only) the actual Claude Code CLI sessions so they can be listed
+ * and resumed from Telegram, exactly like `claude -r` / `claude --resume`.
+ *
+ * Why "mirror, not migrate": cc-openclaw IS a `claude` subprocess wrapper, and
+ * both the terminal CLI and every cco-spawned session write their transcript to
+ * the SAME store — `~/.claude/projects/<encoded-cwd>/<sessionId>.jsonl`. So
+ * `claude --resume <uuid>` already resumes any session in that tree regardless
+ * of who created it. The filesystem is the sync layer; copying into a parallel
+ * registry would only create drift. We read this tree at list-time, never write.
+ *
+ * Each jsonl already carries the metadata a picker needs:
+ *   { "type":"ai-title",    "aiTitle":"…",    "sessionId":"<uuid>" }  ← name
+ *   { "type":"last-prompt", "lastPrompt":"…", "sessionId":"<uuid>" }  ← description
+ *   { "type":"user", "cwd":"/home/a1xai", … }                        ← resume cwd
+ * The filename (minus .jsonl) is the resumable sessionId (uuid).
+ *
+ * No fabrication: a session with no parseable title falls back to its first
+ * user message, then to the short uuid — never an invented label.
+ */
+import { readdirSync, statSync, readFileSync, existsSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+/**
+ * Resolved at call time (not import) so tests can point the scan at a fixture
+ * tree via CC_OPENCLAW_CLAUDE_PROJECTS_DIR without re-importing the module.
+ */
+function claudeProjectsDir() {
+    return process.env.CC_OPENCLAW_CLAUDE_PROJECTS_DIR || join(homedir(), '.claude', 'projects');
+}
+/** 7-day window — matches cc-openclaw's session disk TTL. */
+const DEFAULT_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1000;
+/** Skip deep-parsing transcripts larger than this (memory safety on the live box). */
+const MAX_PARSE_BYTES = 8 * 1024 * 1024;
+const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+/** Pull the plain text out of a Claude transcript user-message content field. */
+function userText(d) {
+    const msg = d.message;
+    const c = msg?.content;
+    if (typeof c === 'string')
+        return c;
+    if (Array.isArray(c)) {
+        return c
+            .map((b) => (b && typeof b.text === 'string' ? b.text : ''))
+            .join(' ')
+            .trim();
+    }
+    return '';
+}
+/**
+ * cc-openclaw runs `claude` headless, so its sessions get no ai-title / last-prompt
+ * (those are interactive-CLI features). For those, the only signal is the user
+ * messages — but OpenClaw wraps each turn in a metadata envelope. The real prompts
+ * live as "#<id> <date> <sender>: <text>" context lines plus a trailing bare
+ * message. Pull the first (opening topic) and last (current focus) real prompts;
+ * for a non-enveloped message (terminal session), the text itself is the prompt.
+ */
+/** True if a candidate line is envelope/JSON noise rather than a real prompt. */
+function looksJunk(s) {
+    return (!s ||
+        /untrusted|metadata|inbound_meta|system-reminder/i.test(s) ||
+        /^[{}[\]"]/.test(s) || // JSON punctuation
+        /^"?[\w-]+"?\s*:/.test(s) // "key": value line
+    );
+}
+function parseEnvelope(raw) {
+    if (!raw)
+        return { first: '', last: '' };
+    const isEnvelope = /Conversation (info|context) \(untrusted/.test(raw) || raw.startsWith('<system');
+    if (!isEnvelope) {
+        const oneLine = raw.replace(/\s+/g, ' ').trim();
+        return { first: oneLine, last: oneLine };
+    }
+    const ctxLines = [...raw.matchAll(/^#\d+\s+.+?:\s+(.+)$/gm)]
+        .map((m) => m[1].trim())
+        .filter((l) => l && !looksJunk(l));
+    const afterFence = raw.split('```').pop() ?? '';
+    const trailing = afterFence
+        .split('\n')
+        .map((s) => s.trim())
+        .filter((l) => l && !/^#\d+/.test(l) && !l.startsWith('<') && !looksJunk(l))
+        .pop();
+    const first = ctxLines[0] || trailing || '';
+    const last = trailing || ctxLines[ctxLines.length - 1] || '';
+    return { first, last };
+}
+/**
+ * Extract title/desc/cwd from a single transcript. Cheap string pre-filter
+ * before JSON.parse keeps this fast even on large files. ai-title/last-prompt
+ * win when present (interactive sessions); otherwise we derive a name from the
+ * enveloped user prompts (headless cco sessions). cwd is taken from the first
+ * entry that records it.
+ */
+function extractMeta(filePath, sizeBytes) {
+    let title = '';
+    let desc = '';
+    let cwd = '';
+    let firstUser = '';
+    let lastUser = '';
+    if (sizeBytes > MAX_PARSE_BYTES)
+        return { title, desc, cwd };
+    let content;
+    try {
+        content = readFileSync(filePath, 'utf8');
+    }
+    catch {
+        return { title, desc, cwd };
+    }
+    for (const line of content.split('\n')) {
+        if (!line)
+            continue;
+        const hasTitle = line.includes('"ai-title"');
+        const hasPrompt = line.includes('"last-prompt"');
+        const needCwd = !cwd && line.includes('"cwd"');
+        const isUser = line.includes('"type":"user"');
+        if (!hasTitle && !hasPrompt && !needCwd && !isUser)
+            continue;
+        let d;
+        try {
+            d = JSON.parse(line);
+        }
+        catch {
+            continue;
+        }
+        if (d.type === 'ai-title' && typeof d.aiTitle === 'string')
+            title = d.aiTitle;
+        else if (d.type === 'last-prompt' && typeof d.lastPrompt === 'string')
+            desc = d.lastPrompt;
+        if (!cwd && typeof d.cwd === 'string')
+            cwd = d.cwd;
+        if (d.type === 'user') {
+            const txt = userText(d);
+            if (txt) {
+                if (!firstUser)
+                    firstUser = txt;
+                lastUser = txt;
+            }
+        }
+    }
+    const clean = (s) => s.replace(/\s+/g, ' ').trim();
+    const envFirst = parseEnvelope(firstUser);
+    const envLast = parseEnvelope(lastUser);
+    const finalTitle = clean(title || envFirst.first);
+    let finalDesc = clean(desc || envLast.last);
+    // Drop a description that's just noise or a duplicate of the title — the
+    // picker then shows the name alone rather than a redundant/garbage second line.
+    if (!finalDesc || looksJunk(finalDesc) || finalDesc === finalTitle)
+        finalDesc = '';
+    return { title: finalTitle, desc: finalDesc, cwd };
+}
+/**
+ * Scan `~/.claude/projects` for resumable Claude Code sessions, newest first.
+ * Best-effort and side-effect-free: any unreadable dir/file is skipped, never
+ * thrown. Returns [] when the store is absent.
+ */
+export function scanClaudeCliSessions(opts = {}) {
+    const maxAgeMs = opts.maxAgeMs ?? DEFAULT_MAX_AGE_MS;
+    const now = Date.now();
+    const results = [];
+    const baseDir = claudeProjectsDir();
+    if (!existsSync(baseDir))
+        return results;
+    let projectDirs;
+    try {
+        projectDirs = readdirSync(baseDir);
+    }
+    catch {
+        return results;
+    }
+    for (const proj of projectDirs) {
+        const projPath = join(baseDir, proj);
+        let files;
+        try {
+            if (!statSync(projPath).isDirectory())
+                continue;
+            files = readdirSync(projPath).filter((f) => f.endsWith('.jsonl'));
+        }
+        catch {
+            continue;
+        }
+        for (const file of files) {
+            const uuid = file.slice(0, -'.jsonl'.length);
+            if (!UUID_RE.test(uuid))
+                continue;
+            const fp = join(projPath, file);
+            let mtimeMs;
+            let sizeBytes;
+            try {
+                const st = statSync(fp);
+                mtimeMs = st.mtimeMs;
+                sizeBytes = st.size;
+            }
+            catch {
+                continue;
+            }
+            if (maxAgeMs > 0 && now - mtimeMs > maxAgeMs)
+                continue;
+            const meta = extractMeta(fp, sizeBytes);
+            if (opts.cwdFilter && meta.cwd !== opts.cwdFilter)
+                continue;
+            results.push({ uuid, mtimeMs, ...meta });
+        }
+    }
+    results.sort((a, b) => b.mtimeMs - a.mtimeMs);
+    return typeof opts.limit === 'number' ? results.slice(0, opts.limit) : results;
+}
+/** Look up a single CLI session by full uuid (case-insensitive). */
+export function findCliSession(uuid) {
+    const target = uuid.toLowerCase();
+    return scanClaudeCliSessions({ maxAgeMs: 0 }).find((s) => s.uuid.toLowerCase() === target);
+}
+/** True if the string is a full Claude session uuid (not the 8-hex cco short id). */
+export function isFullClaudeUuid(s) {
+    return UUID_RE.test(s);
+}

package/dist/src/lib/config.d.ts

@@ -61,6 +61,27 @@ export declare function getPerfAsyncCompactEnabled(): boolean;
 export declare function getPerfReadBatchEnabled(): boolean;
 /** M12 — direct claude-code SDK in-process. Default OFF (HIGH RISK, hard-gated). */
 export declare function getPerfDirectSdkEnabled(): boolean;
+/**
+ * #4 (dual-surface seam / gap#2) — whether the live card mirrors the model's
+ * FULL answer text. Default OFF.
+ *
+ * The OpenClaw gateway already live-streams the answer to Telegram via its own
+ * native draft message. Mirroring the same text onto the card too produced
+ * (a) double live-streaming of the identical answer and (b) the finalize-blank
+ * "answer streams → vanishes → reappears below" seam, because the card had to
+ * wipe its copy on finalize to avoid a literal duplicate (no upstream
+ * suppressUserDelivery knob exists).
+ *
+ * With this OFF (default) the card is a pure ACTIVITY pane (status line · tools ·
+ * thinking · todos · ✓ Done · ★ Insight takeaway) and the gateway draft is the
+ * sole ANSWER pane — the Claude Code CLI split. The card still shows the short
+ * ★ Insight block on finalize (extracted from the accumulated text), so the
+ * signature "✓ Done + takeaway" card is preserved without the full-answer dup.
+ *
+ * Set CC_OPENCLAW_CARD_ANSWER_MIRROR=1 to restore the old in-card full-answer
+ * streaming (with the finalize-blank dedup) for comparison.
+ */
+export declare function getCardAnswerMirrorEnabled(): boolean;
 export declare function getMaxConcurrentSessions(): number;
 export declare function getSessionTtlMinutes(): number;
 export declare function ensureUxBridgeAllSessionsDefault(): {

package/dist/src/lib/config.js

@@ -175,6 +175,29 @@ export function getPerfDirectSdkEnabled() {
         return cfg.config.perfDirectSdkEnabled;
     return process.env.CC_OPENCLAW_PERF_DIRECT_SDK === '1';
 }
+/**
+ * #4 (dual-surface seam / gap#2) — whether the live card mirrors the model's
+ * FULL answer text. Default OFF.
+ *
+ * The OpenClaw gateway already live-streams the answer to Telegram via its own
+ * native draft message. Mirroring the same text onto the card too produced
+ * (a) double live-streaming of the identical answer and (b) the finalize-blank
+ * "answer streams → vanishes → reappears below" seam, because the card had to
+ * wipe its copy on finalize to avoid a literal duplicate (no upstream
+ * suppressUserDelivery knob exists).
+ *
+ * With this OFF (default) the card is a pure ACTIVITY pane (status line · tools ·
+ * thinking · todos · ✓ Done · ★ Insight takeaway) and the gateway draft is the
+ * sole ANSWER pane — the Claude Code CLI split. The card still shows the short
+ * ★ Insight block on finalize (extracted from the accumulated text), so the
+ * signature "✓ Done + takeaway" card is preserved without the full-answer dup.
+ *
+ * Set CC_OPENCLAW_CARD_ANSWER_MIRROR=1 to restore the old in-card full-answer
+ * streaming (with the finalize-blank dedup) for comparison.
+ */
+export function getCardAnswerMirrorEnabled() {
+    return process.env.CC_OPENCLAW_CARD_ANSWER_MIRROR === '1';
+}
 // ── SessionManager bootstrap caps (cwd-patch eager-init) ─────────────────
 // Defaults preserved from cwd-patch.ts:844-845.
 export function getMaxConcurrentSessions() {

package/dist/src/lib/index.d.ts

@@ -0,0 +1,7 @@
+export * from './register-guard.js';
+export { registerOnce } from './register-guard.js';
+export { stripSysprompt, isStripEnabled, type StripOptions, type StripResult } from './sysprompt-strip.js';
+export { isCacheParityEnabled, hashPrompt, recordAttachment, readRegistry, REGISTRY_PATH, type RegistryEntry, } from './cache-parity.js';
+export { selectEngine, isCcOpenclawEnabled, captureSessionRoute, ACTIVE_FLAG_ENV, ROUTE_FLAG_ENV, type Engine, type SessionRoute, } from './config-service.js';
+export { isTestMode, TEST_MODE_ENV, _setTestModeForTests } from './test-mode.js';
+export { getAggressiveStripEnabled, getCacheParityEnabled, getLogLevel, isLogLevelDebug, } from './config.js';

package/dist/src/lib/index.js

@@ -0,0 +1,10 @@
+export * from './register-guard.js';
+export { registerOnce } from './register-guard.js';
+export { stripSysprompt, isStripEnabled } from './sysprompt-strip.js';
+export { isCacheParityEnabled, hashPrompt, recordAttachment, readRegistry, REGISTRY_PATH, } from './cache-parity.js';
+// Engine routing — originally `./route-flag.js`; collapsed into
+// `./config-service.js` at Cluster A step 8. Same API, same semantics,
+// single source of truth.
+export { selectEngine, isCcOpenclawEnabled, captureSessionRoute, ACTIVE_FLAG_ENV, ROUTE_FLAG_ENV, } from './config-service.js';
+export { isTestMode, TEST_MODE_ENV, _setTestModeForTests } from './test-mode.js';
+export { getAggressiveStripEnabled, getCacheParityEnabled, getLogLevel, isLogLevelDebug, } from './config.js';

package/dist/src/observability/perf-telemetry.d.ts

@@ -27,7 +27,7 @@
  * break the single `jq` pipeline. The `event` field makes filtering trivial.
  */
 type PerfEventName = 'cache_check' | 'first_byte' | 'turn_end';
-type CacheCheckCause = 'hit' | 'registry_empty' | 'hash_mismatch' | 'session_unknown' | 'disabled';
+type CacheCheckCause = 'hit' | 'warm_hash' | 'registry_empty' | 'hash_mismatch' | 'session_unknown' | 'disabled';
 interface PerfEventBase {
     event: PerfEventName;
     sessionKey?: string;

package/dist/src/openai-compat/non-streaming-handler.js

@@ -23,11 +23,11 @@
 import { reportStatus, getToolDescription } from './status-reporter.js';
 import { parseToolCallsFromText } from './tool-calls-parser.js';
 import { formatCompletionResponse } from './response-formatter.js';
-import { getSurfaceThinkingEnabled, getTtsAutoMode } from '../lib/config.js';
+import { getSurfaceThinkingEnabled, getTtsAutoMode, getCardAnswerMirrorEnabled } from '../lib/config.js';
 import { emit as emitTrajectory, emitTurnTrace } from '../lib/trajectory.js';
 import { formatError, ERROR_CODES } from '../lib/error-formatter.js';
 import { applyVoiceRecovery, _logVoiceDebug, detectVoiceIntent, hasTtsMarkers } from './voice-recovery.js';
-import { pushToolUse as mirrorPushToolUse, pushToolResult as mirrorPushToolResult, pushAssistantText as mirrorPushAssistantText, finalizeActiveCards as mirrorFinalizeActiveCards, failActiveCards as mirrorFailActiveCards, classifyFailure, setCardMeta as mirrorSetCardMeta, readQuotaMeta as mirrorReadQuotaMeta, } from '../channels/telegram-mirror/turn-bridge.js';
+import { pushToolUse as mirrorPushToolUse, pushToolResult as mirrorPushToolResult, pushAssistantText as mirrorPushAssistantText, finalizeActiveCards as mirrorFinalizeActiveCards, extractInsightForCard as mirrorExtractInsightForCard, failActiveCards as mirrorFailActiveCards, classifyFailure, setCardMeta as mirrorSetCardMeta, readQuotaMeta as mirrorReadQuotaMeta, } from '../channels/telegram-mirror/turn-bridge.js';
 import { cardStateDebug as mirrorCardStateDebug } from '../channels/telegram-mirror/card-state.js';
 /** Coerce a userMessage (string | UserMessageBlock[]) to a flat string
  *  for voice-intent detection. Tool-result blocks aren't user prompts. */
@@ -72,6 +72,9 @@ slashCommand) {
         clientDisconnected = true;
     });
     let deliveredText = '';
+    // #4 dual-surface seam — default OFF: card is the activity pane, the gateway
+    // reply is the answer pane (see streaming-handler / config.ts for rationale).
+    const mirrorAnswerToCard = getCardAnswerMirrorEnabled();
     try {
         reportStatus('thinking', 'Processing request...');
         // v0.7.1: accumulate thinking-block content when surfaceThinking is on.
@@ -170,12 +173,14 @@ slashCommand) {
                 emitTrajectory('tool_use', { name: '_voice_recovery', inputKeys: [recovery.via] }, sessionName);
             }
         }
-        // v0.26.0 — push the final assistant text into the Telegram mirror
-        // card. reply_dispatch in inbound-handler will fire shortly after and
-        // re-render the card with state='done', picking up this text inline.
-        mirrorPushAssistantText(outputText);
-        // v0.27.6 — remember the text the card is showing so the finally block can
-        // re-apply it if the socket died (see clientDisconnected note above).
+        // v0.26.0 — push the final assistant text into the Telegram mirror card.
+        // #4 dual-surface seam — only when the legacy flag is on; by default the
+        // gateway reply is the answer pane and the card shows only the ★ Insight
+        // takeaway at finalize (see the finally block).
+        if (mirrorAnswerToCard)
+            mirrorPushAssistantText(outputText);
+        // v0.27.6 — remember the FULL text so the finally block can re-apply it as
+        // the sole channel if the socket died (see clientDisconnected note above).
         deliveredText = outputText;
         // Parse tool_calls from response text when caller provided tools
         let traceToolCount = 0;
@@ -270,10 +275,16 @@ slashCommand) {
         // v0.26.1 — finalize the Telegram mirror card at the true end of the model
         // turn (see handleStreaming counterpart). Best-effort.
         try {
-            // v0.27.6 — report-drop fix (Killer #2): keep the report on the card when
-            // the socket died (mirror of the streaming handler). Happy path passes
-            // undefined → card wiped → gateway delivers (no duplicate).
-            await mirrorFinalizeActiveCards(clientDisconnected ? deliveredText : undefined);
+            // v0.27.6 — report-drop fix (Killer #2): keep the FULL report on the card
+            // when the socket died (mirror of the streaming handler).
+            // #4 dual-surface seam — happy path: ★ Insight takeaway (default) or ''
+            // (legacy in-card answer streamed live, blank-on-finalize dedup).
+            const finalizeText = clientDisconnected
+                ? deliveredText
+                : mirrorAnswerToCard
+                    ? ''
+                    : mirrorExtractInsightForCard(deliveredText);
+            await mirrorFinalizeActiveCards(finalizeText);
         }
         catch {
             /* finalize is cosmetic; never propagate */

package/dist/src/openai-compat/streaming-handler.js

@@ -41,9 +41,9 @@ import { formatCompletionChunk } from './response-formatter.js';
 import { isToolStreamMode } from './mode-flags.js';
 import { emit as emitTrajectory, emitTurnTrace } from '../lib/trajectory.js';
 import { formatError, ERROR_CODES } from '../lib/error-formatter.js';
-import { getSurfaceThinkingEnabled, getTtsAutoMode } from '../lib/config.js';
+import { getSurfaceThinkingEnabled, getTtsAutoMode, getCardAnswerMirrorEnabled } from '../lib/config.js';
 import { applyVoiceRecovery, detectVoiceIntent, hasTtsMarkers, _logVoiceDebug } from './voice-recovery.js';
-import { pushToolUse as mirrorPushToolUse, pushToolResult as mirrorPushToolResult, pushAssistantText as mirrorPushAssistantText, pushThinking as mirrorPushThinking, finalizeActiveCards as mirrorFinalizeActiveCards, failActiveCards as mirrorFailActiveCards, classifyFailure, setCardMeta as mirrorSetCardMeta, readQuotaMeta as mirrorReadQuotaMeta, } from '../channels/telegram-mirror/turn-bridge.js';
+import { pushToolUse as mirrorPushToolUse, pushToolResult as mirrorPushToolResult, pushAssistantText as mirrorPushAssistantText, pushThinking as mirrorPushThinking, finalizeActiveCards as mirrorFinalizeActiveCards, extractInsightForCard as mirrorExtractInsightForCard, failActiveCards as mirrorFailActiveCards, classifyFailure, setCardMeta as mirrorSetCardMeta, readQuotaMeta as mirrorReadQuotaMeta, } from '../channels/telegram-mirror/turn-bridge.js';
 import { cardStateDebug as mirrorCardStateDebug } from '../channels/telegram-mirror/card-state.js';
 import { writePerfEvent } from '../observability/perf-telemetry.js';
 /** Coerce a userMessage (string | UserMessageBlock[]) to a flat string
@@ -84,6 +84,9 @@ onFinalText) {
     // runs permissionMode 'bypassPermissions' (openai-compat.ts) so we assert it.
     // Quota is read once here (real status-tee snapshot or omitted).
     mirrorSetCardMeta({ model, bypassPermissions: true, ...mirrorReadQuotaMeta() });
+    // #4 dual-surface seam — hoist once per turn (read off the hot delta loop).
+    // Default OFF: card is the activity pane, gateway draft is the answer pane.
+    const mirrorAnswerToCard = getCardAnswerMirrorEnabled();
     res.writeHead(200, {
         'Content-Type': 'text/event-stream',
         'Cache-Control': 'no-cache',
@@ -236,9 +239,13 @@ onFinalText) {
                         markFirstByte();
                     }
                     accumulatedText += chunk;
-                    // v0.26.0 — feed the active Telegram mirror card with the cumulative
-                    // assistant text. Debounced inside the bridge to ~1 edit/sec.
-                    mirrorPushAssistantText(accumulatedText);
+                    // #4 dual-surface seam — only mirror the cumulative answer onto the
+                    // card when the legacy flag is on. By default the card is NOT the
+                    // answer pane (the gateway's native draft message already live-streams
+                    // the same SSE content below), so mirroring here would double-stream
+                    // and force the finalize-blank that made the answer vanish/reappear.
+                    if (mirrorAnswerToCard)
+                        mirrorPushAssistantText(accumulatedText);
                     writeSSE(JSON.stringify(formatCompletionChunk(completionId, model, { content: chunk }, null)));
                 }
                 else {
@@ -629,10 +636,19 @@ onFinalText) {
         try {
             // v0.27.6 — report-drop fix (Killer #2): when the gateway socket died
             // mid-turn (clientDisconnected), the gateway delivers nothing separately,
-            // so pass the accumulated text and the finalized card KEEPS it as the
-            // sole delivery channel. Happy path (connected) passes undefined → card
-            // wiped → gateway delivers the reply (no duplicate).
-            await mirrorFinalizeActiveCards(clientDisconnected ? accumulatedText : undefined);
+            // so pass the FULL accumulated text and the finalized card KEEPS it as the
+            // sole delivery channel.
+            //
+            // #4 dual-surface seam — happy path (connected): the gateway draft is the
+            // answer pane, so the card shows only the short ★ Insight takeaway
+            // (default) or '' when the legacy in-card answer streamed live (flag on,
+            // old v0.26.4 blank-on-finalize dedup).
+            const finalizeText = clientDisconnected
+                ? accumulatedText
+                : mirrorAnswerToCard
+                    ? ''
+                    : mirrorExtractInsightForCard(accumulatedText);
+            await mirrorFinalizeActiveCards(finalizeText);
         }
         catch {
             /* finalize is cosmetic; never propagate */

package/dist/src/session-bootstrap/cwd-patch.js

@@ -37,6 +37,7 @@ import { defaultRegisterGuard } from '../lib/register-guard.js';
 import { isTestMode } from '../lib/test-mode.js';
 import { writePerfEvent } from '../observability/perf-telemetry.js';
 import { collapseSkillList } from '../lib/perf/skill-list-collapse.js';
+import { decideCacheParityAction } from '../lib/cache-parity-decide.js';
 import { isCacheParityTrackB, isTokenTelemetryEnabled, isSyspromptDumpEnabled, getMaxConcurrentSessions, getSessionTtlMinutes, ensureUxBridgeAllSessionsDefault, } from '../lib/config.js';
 import { VENDOR_FILES } from '../lib/vendor-paths.js';
 import { OpenClawConfigSchema, findMainAgent, getAgentPrimaryModel, getDefaultsPrimaryModel, isClaudeRoutedModel, } from '../types/upstream.js';
@@ -99,6 +100,7 @@ const METRICS = {
     systemPromptInlined: 0,
     uxMetaSeeded: 0,
     cacheParityHits: 0,
+    cacheParityWarmHashHits: 0,
     cacheParityMisses: 0,
     cacheParityRegistryWrites: 0,
     cacheParityAppendInjections: 0,
@@ -143,6 +145,24 @@ function _setSystemInlineCache(key, val) {
     }
     _systemInlineCache.set(key, val);
 }
+// ── Known sysprompt-hash set (v0.30.0 — content-addressed cache parity) ──────
+// Cross-session record of every sysHash written to the cache-parity registry
+// this process. Lets a brand-new session recognise the shared Savvy system
+// prefix and ride the cached append path on turn 1 instead of inlining the full
+// ~7K prompt — the dominant cold-start miss (see lib/cache-parity-decide.ts).
+// Bounded FIFO: distinct prefixes are few (one per build), 64 is ample headroom.
+const _knownSysHashes = new Set();
+const KNOWN_SYS_HASH_MAX = 64;
+function _rememberSysHash(hash) {
+    if (_knownSysHashes.has(hash))
+        return;
+    if (_knownSysHashes.size >= KNOWN_SYS_HASH_MAX) {
+        const oldest = _knownSysHashes.values().next().value;
+        if (oldest !== undefined)
+            _knownSysHashes.delete(oldest);
+    }
+    _knownSysHashes.add(hash);
+}
 // ── Tool dump hash guard (v0.6.0 — per-session-key cache + fast-skip) ──
 // Pre-v0.6.0: a single global `_lastToolDumpHash` thrashed when multiple
 // sessions had different tool sets. JSON.stringify + SHA1 ran on EVERY
@@ -655,11 +675,30 @@ function applyRoutePatch(EmbeddedServer) {
                         try {
                             const reg = _readCacheParityRegistry();
                             const entry = reg[sessionKey];
-                            if (entry && entry.hash === sysHash) {
+                            // sessionIsNew: no live session in the manager ⇒ startSession will
+                            // run on this request and inject appendSystemPrompt from the
+                            // registry entry we write below. That guarantee is what makes the
+                            // warm-hash strip safe (see lib/cache-parity-decide.ts). Default
+                            // to false on any access failure — conservative: an unproven
+                            // append guarantee falls back to the safe inline path.
+                            let sessionIsNew = false;
+                            try {
+                                const mgr = this.manager;
+                                sessionIsNew = !(mgr?.sessions?.has?.('openai-' + sessionKey) ?? false);
+                            }
+                            catch { /* keep sessionIsNew=false (inline fallback) */ }
+                            const action = decideCacheParityAction({
+                                entry: entry ? { hash: entry.hash } : undefined,
+                                sysHash,
+                                knownHash: _knownSysHashes.has(sysHash),
+                                sessionIsNew,
+                            });
+                            if (action === 'hit') {
                                 body.messages = messages.filter(m => m?.role !== 'system');
                                 METRICS.cacheParityHits++;
                                 METRICS.systemPromptInlined++;
                                 cacheParityHandled = true;
+                                _rememberSysHash(sysHash);
                                 writePerfEvent({
                                     event: 'cache_check',
                                     sessionKey,
@@ -668,8 +707,29 @@ function applyRoutePatch(EmbeddedServer) {
                                     sysHash,
                                 });
                             }
+                            else if (action === 'warm-hash-hit') {
+                                // Cold-start win: new session + known-good Savvy prefix. Write
+                                // the entry so startSession appends it, strip the redundant
+                                // inline, ride the cached path on turn 1.
+                                _writeCacheParityEntry(sessionKey, sysHash, sysContent);
+                                body.messages = messages.filter(m => m?.role !== 'system');
+                                METRICS.cacheParityWarmHashHits++;
+                                METRICS.cacheParityRegistryWrites++;
+                                METRICS.systemPromptInlined++;
+                                cacheParityHandled = true;
+                                _rememberSysHash(sysHash);
+                                logger.info(`${TAG} cache-parity warm-hash hit: session=${sessionKey} hash=${sysHash} sysLen=${sysContent.length} (cold-start dedup; startSession will append)`);
+                                writePerfEvent({
+                                    event: 'cache_check',
+                                    sessionKey,
+                                    outcome: 'hit',
+                                    cause: 'warm_hash',
+                                    sysHash,
+                                });
+                            }
                             else {
                                 _writeCacheParityEntry(sessionKey, sysHash, sysContent);
+                                _rememberSysHash(sysHash);
                                 METRICS.cacheParityMisses++;
                                 METRICS.cacheParityRegistryWrites++;
                                 logger.info(`${TAG} cache-parity miss: session=${sessionKey} oldHash=${entry?.hash || 'none'} newHash=${sysHash} sysLen=${sysContent.length} (registry updated; next session start will append)`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@a1hvdy/cc-openclaw",
-  "version": "0.27.13",
+  "version": "0.30.0",
   "description": "A1xAI's Anthropic CLI bridge plugin for OpenClaw",
   "author": "@a1cy",
   "license": "MIT",