@syengup/friday-channel-next 0.1.36 → 0.1.38

package/install.js

@@ -14,11 +14,7 @@ function realHome() {
     const h = execSync(`sh -c 'echo ~${sudoUser}'`, { encoding: "utf8" }).trim();
     if (h && !h.startsWith("~") && existsSync(h)) return h;
   } catch {}
-  for (const g of [
-    `/home/${sudoUser}`,
-    `/Users/${sudoUser}`,
-    `C:\\Users\\${sudoUser}`,
-  ]) {
+  for (const g of [`/home/${sudoUser}`, `/Users/${sudoUser}`, `C:\\Users\\${sudoUser}`]) {
     if (existsSync(g)) return g;
   }
   return current;
@@ -30,13 +26,23 @@ const OPENCLAW_CONFIG = join(USER_HOME, ".openclaw", "openclaw.json");
 const G = (s) => `\x1b[32m${s}\x1b[0m`;
 const Y = (s) => `\x1b[33m${s}\x1b[0m`;
 const R = (s) => `\x1b[31m${s}\x1b[0m`;
-function log(msg) { console.log(`  ${msg}`); }
-function warn(msg) { console.log(`  ${Y("!")} ${msg}`); }
-function err(msg) { console.error(`  ${R("X")} ${msg}`); }
+function log(msg) {
+  console.log(`  ${msg}`);
+}
+function warn(msg) {
+  console.log(`  ${Y("!")} ${msg}`);
+}
+function err(msg) {
+  console.error(`  ${R("X")} ${msg}`);
+}
 
 function has(cmd) {
-  try { execSync(`${cmd} --version`, { stdio: "ignore" }); return true; }
-  catch { return false; }
+  try {
+    execSync(`${cmd} --version`, { stdio: "ignore" });
+    return true;
+  } catch {
+    return false;
+  }
 }
 
 let openclawCmd = "openclaw";
@@ -79,7 +85,10 @@ if (!hasOpenclaw()) {
       let tooOld = false;
       for (let i = 0; i < 3; i++) {
         if (cur[i] > MIN_OPENCLAW[i]) break;
-        if (cur[i] < MIN_OPENCLAW[i]) { tooOld = true; break; }
+        if (cur[i] < MIN_OPENCLAW[i]) {
+          tooOld = true;
+          break;
+        }
       }
       if (tooOld) {
         err(`OpenClaw version ${m[0]} is too old.`);
@@ -100,7 +109,7 @@ log("Installing Friday Next channel plugin...");
 try {
   const out = execSync(
     `${openclawCmd} plugins install @syengup/friday-channel-next@latest --force`,
-    { encoding: "utf8", stdio: "pipe", timeout: 120000 }
+    { encoding: "utf8", stdio: "pipe", timeout: 120000 },
   );
   if (out.trim()) console.log(out.trim());
   log("Plugin registered with install record — auto-upgrade enabled.");
@@ -108,8 +117,12 @@ try {
   // Remove old manual install to avoid "duplicate plugin id" warning.
   const legacyDir = join(USER_HOME, ".openclaw", "extensions", "friday-channel-next");
   if (existsSync(legacyDir)) {
-    try { rmSync(legacyDir, { recursive: true, force: true }); log("Removed legacy manual install."); }
-    catch { /* non-critical */ }
+    try {
+      rmSync(legacyDir, { recursive: true, force: true });
+      log("Removed legacy manual install.");
+    } catch {
+      /* non-critical */
+    }
   }
 } catch (e) {
   const msg = (e.stderr || e.stdout || e.message || "").toString();
@@ -150,7 +163,10 @@ function setConfig(path, value) {
 }
 
 function ensureArrayContains(arr, item) {
-  if (!arr.includes(item)) { arr.push(item); configChanged = true; }
+  if (!arr.includes(item)) {
+    arr.push(item);
+    configChanged = true;
+  }
 }
 
 // Plugins
@@ -161,30 +177,58 @@ ensureArrayContains(config.plugins.allow, "canvas");
 
 if (!config.plugins.entries) config.plugins.entries = {};
 for (const id of ["friday-next", "canvas"]) {
-  if (!config.plugins.entries[id]) { config.plugins.entries[id] = { enabled: true }; configChanged = true; }
-  else if (!config.plugins.entries[id].enabled) { config.plugins.entries[id].enabled = true; configChanged = true; }
+  if (!config.plugins.entries[id]) {
+    config.plugins.entries[id] = { enabled: true };
+    configChanged = true;
+  } else if (!config.plugins.entries[id].enabled) {
+    config.plugins.entries[id].enabled = true;
+    configChanged = true;
+  }
 }
 
 // llm_output hook requires allowConversationAccess for non-bundled plugins.
-if (!config.plugins.entries["friday-next"].hooks) { config.plugins.entries["friday-next"].hooks = {}; configChanged = true; }
-if (!config.plugins.entries["friday-next"].hooks.allowConversationAccess) { config.plugins.entries["friday-next"].hooks.allowConversationAccess = true; configChanged = true; }
+if (!config.plugins.entries["friday-next"].hooks) {
+  config.plugins.entries["friday-next"].hooks = {};
+  configChanged = true;
+}
+if (!config.plugins.entries["friday-next"].hooks.allowConversationAccess) {
+  config.plugins.entries["friday-next"].hooks.allowConversationAccess = true;
+  configChanged = true;
+}
 
 // Channel
 if (!config.channels) config.channels = {};
-if (!config.channels["friday-next"]) { config.channels["friday-next"] = { enabled: true, transport: "http+sse" }; configChanged = true; }
-else {
-  if (!config.channels["friday-next"].enabled) { config.channels["friday-next"].enabled = true; configChanged = true; }
-  if (!config.channels["friday-next"].transport) { config.channels["friday-next"].transport = "http+sse"; configChanged = true; }
+if (!config.channels["friday-next"]) {
+  config.channels["friday-next"] = { enabled: true, transport: "http+sse" };
+  configChanged = true;
+} else {
+  if (!config.channels["friday-next"].enabled) {
+    config.channels["friday-next"].enabled = true;
+    configChanged = true;
+  }
+  if (!config.channels["friday-next"].transport) {
+    config.channels["friday-next"].transport = "http+sse";
+    configChanged = true;
+  }
 }
 
 // Gateway bind + nodes
 if (!config.gateway) config.gateway = {};
-if (config.gateway.bind !== "lan") { config.gateway.bind = "lan"; configChanged = true; }
+if (config.gateway.bind !== "lan") {
+  config.gateway.bind = "lan";
+  configChanged = true;
+}
 if (!config.gateway.nodes) config.gateway.nodes = {};
 if (!Array.isArray(config.gateway.nodes.allowCommands)) config.gateway.nodes.allowCommands = [];
 for (const cmd of [
-  "canvas.navigate", "canvas.present", "canvas.hide", "canvas.eval",
-  "canvas.snapshot", "canvas.a2ui.push", "canvas.a2ui.reset", "canvas.a2ui.pushJSONL",
+  "canvas.navigate",
+  "canvas.present",
+  "canvas.hide",
+  "canvas.eval",
+  "canvas.snapshot",
+  "canvas.a2ui.push",
+  "canvas.a2ui.reset",
+  "canvas.a2ui.pushJSONL",
 ]) {
   ensureArrayContains(config.gateway.nodes.allowCommands, cmd);
 }
@@ -193,7 +237,11 @@ for (const cmd of [
 if (!config.agents) config.agents = {};
 if (!Array.isArray(config.agents.list)) config.agents.list = [];
 let mainAgent = config.agents.list.find((a) => a.id === "main");
-if (!mainAgent) { mainAgent = { id: "main" }; config.agents.list.push(mainAgent); configChanged = true; }
+if (!mainAgent) {
+  mainAgent = { id: "main" };
+  config.agents.list.push(mainAgent);
+  configChanged = true;
+}
 if (!mainAgent.tools) mainAgent.tools = {};
 if (!Array.isArray(mainAgent.tools.alsoAllow)) mainAgent.tools.alsoAllow = [];
 for (const tool of ["canvas", "nodes"]) {
@@ -202,7 +250,10 @@ for (const tool of ["canvas", "nodes"]) {
 if (Array.isArray(mainAgent.tools.deny)) {
   for (const tool of ["canvas", "nodes"]) {
     const idx = mainAgent.tools.deny.indexOf(tool);
-    if (idx !== -1) { mainAgent.tools.deny.splice(idx, 1); configChanged = true; }
+    if (idx !== -1) {
+      mainAgent.tools.deny.splice(idx, 1);
+      configChanged = true;
+    }
   }
 }
 
@@ -224,7 +275,11 @@ log("Restarting OpenClaw gateway... (this can take 20-30s)");
 try {
   // A full gateway restart commonly takes 20s+ on a fresh boot; give it plenty of room
   // so we don't kill it mid-restart and report a false failure.
-  const out = execSync(`${openclawCmd} gateway restart`, { encoding: "utf8", stdio: "pipe", timeout: 90000 });
+  const out = execSync(`${openclawCmd} gateway restart`, {
+    encoding: "utf8",
+    stdio: "pipe",
+    timeout: 90000,
+  });
   if (out.trim()) console.log(out.trim());
 } catch (e) {
   if (e.stdout?.trim()) console.log(e.stdout.trim());
@@ -250,15 +305,18 @@ function getLanIp() {
   return "127.0.0.1";
 }
 
-try { config = JSON.parse(readFileSync(OPENCLAW_CONFIG, "utf8")); } catch { config = {}; }
+try {
+  config = JSON.parse(readFileSync(OPENCLAW_CONFIG, "utf8"));
+} catch {
+  config = {};
+}
 
 const gatewayPort = config.gateway?.port || 18789;
 const gatewayToken = config.gateway?.auth?.token || "(not set)";
 const bindMode = config.gateway?.bind || "localhost";
 
-const gatewayUrl = bindMode === "lan"
-  ? `http://${getLanIp()}:${gatewayPort}`
-  : `http://127.0.0.1:${gatewayPort}`;
+const gatewayUrl =
+  bindMode === "lan" ? `http://${getLanIp()}:${gatewayPort}` : `http://127.0.0.1:${gatewayPort}`;
 
 // Always verify against loopback: the gateway binds 0.0.0.0 so it's reachable here,
 // and this avoids false negatives from LAN/NAT routing of the advertised IP.
@@ -272,19 +330,38 @@ async function verifyGateway(url, token, retries = 30) {
     try {
       const res = await new Promise((resolve, reject) => {
         const req = http.request(
-          { hostname, port, path: "/friday-next/status", method: "GET",
-            headers: { authorization: `Bearer ${token}` }, timeout: 5000 },
-          (res) => { let body = ""; res.on("data", (c) => body += c); res.on("end", () => resolve({ status: res.statusCode, body })); },
+          {
+            hostname,
+            port,
+            path: "/friday-next/status",
+            method: "GET",
+            headers: { authorization: `Bearer ${token}` },
+            timeout: 5000,
+          },
+          (res) => {
+            let body = "";
+            res.on("data", (c) => (body += c));
+            res.on("end", () => resolve({ status: res.statusCode, body }));
+          },
         );
         req.on("error", reject);
-        req.on("timeout", () => { req.destroy(); reject(new Error("timeout")); });
+        req.on("timeout", () => {
+          req.destroy();
+          reject(new Error("timeout"));
+        });
         req.end();
       });
       if (res.status === 200) {
         try {
           const data = JSON.parse(res.body);
           if (data.ok) {
-            log("Gateway verified OK (friday-next " + data.version + ", " + data.connections + " connections).");
+            log(
+              "Gateway verified OK (friday-next " +
+                data.version +
+                ", " +
+                data.connections +
+                " connections).",
+            );
             return true;
           }
           warn("Plugin responded but ok=false — " + JSON.stringify(data));
@@ -294,8 +371,14 @@ async function verifyGateway(url, token, retries = 30) {
           continue;
         }
       }
-      if (res.status === 401) { warn("Auth token mismatch — check gateway.auth.token."); return false; }
-      if (res.status === 404) { warn("Route not found — plugin may not be loaded."); return false; }
+      if (res.status === 401) {
+        warn("Auth token mismatch — check gateway.auth.token.");
+        return false;
+      }
+      if (res.status === 404) {
+        warn("Route not found — plugin may not be loaded.");
+        return false;
+      }
       if (i < retries) warn(`Gateway responded ${res.status}, retrying (${i}/${retries})...`);
     } catch {
       if (i < retries) warn(`Gateway not reachable, retrying (${i}/${retries})...`);
@@ -404,14 +487,19 @@ async function detectPublicIp() {
       const ipStr = await new Promise((resolve, reject) => {
         const req = http.get(url, { timeout: 3000 }, (res) => {
           let body = "";
-          res.on("data", (c) => body += c);
+          res.on("data", (c) => (body += c));
           res.on("end", () => resolve(body.trim()));
         });
         req.on("error", reject);
-        req.on("timeout", () => { req.destroy(); reject(new Error("timeout")); });
+        req.on("timeout", () => {
+          req.destroy();
+          reject(new Error("timeout"));
+        });
       });
       if (/^\d{1,3}(\.\d{1,3}){3}$/.test(ipStr)) return ipStr;
-    } catch { /* try next */ }
+    } catch {
+      /* try next */
+    }
   }
   return null;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@syengup/friday-channel-next",
-  "version": "0.1.36",
+  "version": "0.1.38",
   "description": "OpenClaw Friday Next Apple channel plugin",
   "license": "MIT",
   "type": "module",
@@ -14,6 +14,10 @@
   ],
   "scripts": {
     "build": "tsc -p tsconfig.json",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
+    "format": "prettier --write .",
+    "format:check": "prettier --check .",
     "prepublishOnly": "pnpm build && rm -rf dist/attachments",
     "test": "npm run test:unit && npm run test:e2e",
     "test:unit": "vitest run",
@@ -58,12 +62,17 @@
     "qrcode-terminal": "^0.12.0"
   },
   "devDependencies": {
+    "@eslint/js": "^10.0.1",
     "@types/node": "^25.6.0",
     "chalk": "^5.6.2",
+    "eslint": "^10.5.0",
+    "eslint-config-prettier": "^10.1.8",
     "jiti": "^2.6.1",
     "json5": "^2.2.3",
+    "prettier": "^3.8.4",
     "tslog": "^4.10.2",
     "typescript": "^6.0.3",
+    "typescript-eslint": "^8.61.1",
     "vitest": "^4.1.5",
     "zod": "^4.3.6"
   }

package/src/agent/abort-run.ts

@@ -12,9 +12,8 @@ export async function abortRunForSessionKey(sessionKey: string): Promise<AbortRu
   const key = sessionKey.trim();
   if (!key) return { aborted: false, drained: false };
   try {
-    const { resolveActiveEmbeddedRunSessionId, abortAndDrainAgentHarnessRun } = await import(
-      "openclaw/plugin-sdk/agent-harness"
-    );
+    const { resolveActiveEmbeddedRunSessionId, abortAndDrainAgentHarnessRun } =
+      await import("openclaw/plugin-sdk/agent-harness");
     const sessionId = resolveActiveEmbeddedRunSessionId(key);
     if (!sessionId) return { aborted: false, drained: false };
     const result = await abortAndDrainAgentHarnessRun({ sessionId, sessionKey: key });

package/src/agent/dispatch-bridge.ts

@@ -1,4 +1,5 @@
-type DispatchFn = (args: unknown) => Promise<unknown> | unknown;
+// Returns a value or a thenable; `unknown` covers both (callers `await` the result).
+type DispatchFn = (args: unknown) => unknown;
 
 let overrideDispatch: DispatchFn | null = null;
 

package/src/agent/media-bridge.ts

@@ -11,7 +11,8 @@ import crypto from "node:crypto";
  */
 export async function resolveMediaMaxBytes(mimeType: string): Promise<number | undefined> {
   try {
-    const { maxBytesForKind, mediaKindFromMime } = await import("openclaw/plugin-sdk/media-runtime");
+    const { maxBytesForKind, mediaKindFromMime } =
+      await import("openclaw/plugin-sdk/media-runtime");
     return maxBytesForKind(mediaKindFromMime(mimeType) ?? "document");
   } catch {
     return undefined;
@@ -31,7 +32,13 @@ export async function saveInboundMediaBuffer(
     // Pass the original filename (5th arg) so core's media-store preserves the
     // name+extension instead of saving a bare uuid. Otherwise the agent receives
     // `[media attached: file://.../inbound/<uuid>]` with no file-format signal.
-    const saved = await sdk.saveMediaBuffer(buffer, mimeType, "inbound", maxBytes, originalFilename);
+    const saved = await sdk.saveMediaBuffer(
+      buffer,
+      mimeType,
+      "inbound",
+      maxBytes,
+      originalFilename,
+    );
     if (saved?.id && saved?.path) return { id: saved.id, path: saved.path };
   } catch {
     // fallback for tests or stripped runtime

package/src/agent/node-pairing-bridge.ts

@@ -1,7 +1,19 @@
 import { existsSync, readdirSync, realpathSync } from "node:fs";
 import { delimiter, dirname, join } from "node:path";
 
-let cache: { listNodePairing: Function; approveNodePairing: Function } | null = null;
+// Results come from the untyped OpenClaw dist module, so the resolved shapes are
+// `any` at this host boundary — callers read dynamic fields (.pending, .status, …).
+type ListNodePairingFn = () => Promise<any>;
+type ApproveNodePairingFn = (
+  requestId: string,
+  options: { callerScopes?: unknown },
+) => Promise<any>;
+type NodePairingModule = {
+  listNodePairing: ListNodePairingFn;
+  approveNodePairing: ApproveNodePairingFn;
+};
+
+let cache: NodePairingModule | null = null;
 
 function resolveOpenClawDistFromPath(): string | null {
   // Walk PATH looking for the openclaw binary, then resolve its real
@@ -16,7 +28,9 @@ function resolveOpenClawDistFromPath(): string | null {
       const dist = join(dirname(real), "dist");
       readdirSync(dist);
       return dist;
-    } catch {}
+    } catch {
+      // Not a real dist dir — keep walking PATH.
+    }
   }
   return null;
 }
@@ -43,15 +57,17 @@ function resolveOpenClawDist(): string {
   ].filter((v): v is string => typeof v === "string" && v.length > 0);
 
   for (const root of candidates) {
-    try { readdirSync(root); return root; } catch {}
+    try {
+      readdirSync(root);
+      return root;
+    } catch {
+      // Candidate dir doesn't exist — try the next one.
+    }
   }
   throw new Error("OpenClaw dist directory not found. Set OPENCLAW_DIST env var.");
 }
 
-export async function loadNodePairingModule(): Promise<{
-  listNodePairing: Function;
-  approveNodePairing: Function;
-}> {
+export async function loadNodePairingModule(): Promise<NodePairingModule> {
   if (cache) return cache;
   const dist = resolveOpenClawDist();
   const file = readdirSync(dist).find(
@@ -63,12 +79,13 @@ export async function loadNodePairingModule(): Promise<{
   // bundled module uses `export { listNodePairing as r, … }`.  Resolve the
   // correct functions by Function.name, which preserves the original name.
   const mod = await import(join(dist, file));
-  let listNodePairing: Function | undefined;
-  let approveNodePairing: Function | undefined;
+  let listNodePairing: ListNodePairingFn | undefined;
+  let approveNodePairing: ApproveNodePairingFn | undefined;
   for (const value of Object.values(mod)) {
     if (typeof value === "function") {
-      if (value.name === "listNodePairing") listNodePairing = value;
-      else if (value.name === "approveNodePairing") approveNodePairing = value;
+      if (value.name === "listNodePairing") listNodePairing = value as ListNodePairingFn;
+      else if (value.name === "approveNodePairing")
+        approveNodePairing = value as ApproveNodePairingFn;
     }
   }
   if (!listNodePairing || !approveNodePairing) {
@@ -79,9 +96,6 @@ export async function loadNodePairingModule(): Promise<{
 }
 
 /** Vitest-only: inject mock pairing functions. */
-export function __setMockNodePairingForTests(mock: {
-  listNodePairing: Function;
-  approveNodePairing: Function;
-}): void {
+export function __setMockNodePairingForTests(mock: NodePairingModule): void {
   cache = mock;
 }

package/src/agent/operator-scope.test.ts

@@ -0,0 +1,66 @@
+import { describe, it, expect, vi } from "vitest";
+
+// The helper imports the live scope getter from core; the pure function under test
+// never calls it, but the module-level import must resolve. Mock it so the unit test
+// does not depend on the OpenClaw dist runtime.
+const getScope = vi.fn();
+vi.mock("openclaw/plugin-sdk/plugin-runtime", () => ({
+  getPluginRuntimeGatewayRequestScope: () => getScope(),
+}));
+
+import { elevateScopeForSubagentSpawn, ensureSubagentSpawnScope } from "./operator-scope.js";
+
+function makeScope(scopes: string[]) {
+  return { client: { connect: { role: "operator", scopes } } };
+}
+
+describe("elevateScopeForSubagentSpawn", () => {
+  it("adds operator.write + operator.read to an empty plugin-route scope", () => {
+    // friday-next routes register with auth:"plugin", which core gives EMPTY operator
+    // scopes. Subagent spawn re-enters the gateway `agent` method (requires
+    // operator.write) and fails with "missing scope: operator.write" without this.
+    const scope = makeScope([]);
+    const added = elevateScopeForSubagentSpawn(scope);
+    expect(scope.client.connect.scopes).toContain("operator.write");
+    expect(scope.client.connect.scopes).toContain("operator.read");
+    expect(added).toEqual(["operator.write", "operator.read"]);
+  });
+
+  it("is idempotent — does not duplicate already-present scopes", () => {
+    const scope = makeScope(["operator.write"]);
+    const added = elevateScopeForSubagentSpawn(scope);
+    expect(added).toEqual(["operator.read"]);
+    expect(scope.client.connect.scopes.filter((s) => s === "operator.write")).toHaveLength(1);
+  });
+
+  it("preserves unrelated existing scopes", () => {
+    const scope = makeScope(["operator.admin"]);
+    elevateScopeForSubagentSpawn(scope);
+    expect(scope.client.connect.scopes).toContain("operator.admin");
+    expect(scope.client.connect.scopes).toContain("operator.write");
+  });
+
+  it("returns [] and never throws when no scope/client is present", () => {
+    expect(elevateScopeForSubagentSpawn(undefined)).toEqual([]);
+    expect(elevateScopeForSubagentSpawn(null)).toEqual([]);
+    expect(elevateScopeForSubagentSpawn({})).toEqual([]);
+    expect(elevateScopeForSubagentSpawn({ client: { connect: {} } })).toEqual([]);
+  });
+});
+
+describe("ensureSubagentSpawnScope", () => {
+  it("elevates the live scope returned by the SDK getter", () => {
+    const scope = makeScope([]);
+    getScope.mockReturnValue(scope);
+    const added = ensureSubagentSpawnScope();
+    expect(added).toEqual(["operator.write", "operator.read"]);
+    expect(scope.client.connect.scopes).toContain("operator.write");
+  });
+
+  it("swallows errors from the getter and returns []", () => {
+    getScope.mockImplementation(() => {
+      throw new Error("no scope");
+    });
+    expect(ensureSubagentSpawnScope()).toEqual([]);
+  });
+});

package/src/agent/operator-scope.ts

@@ -0,0 +1,63 @@
+// Operator-scope elevation for friday-next agent dispatch.
+//
+// Why this exists: friday-next registers all its routes with auth:"plugin" (it does
+// its own device-token auth, not the gateway operator token). Core's
+// createPluginRouteRuntimeScope gives auth!="gateway" routes an EMPTY operator-scope
+// set. When an agent dispatched from such a route spawns a subagent, the spawn
+// re-enters the in-process gateway `agent` method, which requires `operator.write`
+// (core-descriptors: { name:"agent", scope:"operator.write" }). With an empty ambient
+// scope the spawn fails with `{"error":"missing scope: operator.write"}`.
+//
+// The subagent spawn reads getPluginRuntimeGatewayRequestScope() at spawn time and
+// uses that scope's client for authorization. Because AsyncLocalStorage returns the
+// SAME store object reference, mutating its client.connect.scopes once — before we
+// kick off the dispatch, while still inside the route's ALS context — propagates the
+// elevated scopes to every later reader, including the subagent spawn.
+//
+// Subagent lifecycle admin methods (sessions.patch/delete) are unaffected: core pins
+// those to ADMIN_SCOPE via a synthetic client, so only the `agent` method depends on
+// this ambient operator.write. See memory: subagent-spawn-missing-operator-write.
+import { getPluginRuntimeGatewayRequestScope } from "openclaw/plugin-sdk/plugin-runtime";
+
+/** Operator scopes the friday-next dispatch needs so agents can spawn subagents. */
+const REQUIRED_OPERATOR_SCOPES = ["operator.write", "operator.read"] as const;
+
+type ScopeLike =
+  | {
+      client?: { connect?: { scopes?: unknown } };
+    }
+  | null
+  | undefined;
+
+/**
+ * Adds the required operator scopes to a gateway-request-scope's
+ * `client.connect.scopes` array in place. Pure and idempotent.
+ * Returns the scopes that were actually added (empty if none / no array present).
+ */
+export function elevateScopeForSubagentSpawn(scope: ScopeLike): string[] {
+  const connect = scope?.client?.connect;
+  if (!connect || !Array.isArray(connect.scopes)) {
+    return [];
+  }
+  const scopes = connect.scopes as string[];
+  const added: string[] = [];
+  for (const scopeName of REQUIRED_OPERATOR_SCOPES) {
+    if (!scopes.includes(scopeName)) {
+      scopes.push(scopeName);
+      added.push(scopeName);
+    }
+  }
+  return added;
+}
+
+/**
+ * Fetches the live plugin gateway-request-scope and elevates it so the dispatched
+ * agent can spawn subagents. Never throws — returns the scopes added (or []).
+ */
+export function ensureSubagentSpawnScope(): string[] {
+  try {
+    return elevateScopeForSubagentSpawn(getPluginRuntimeGatewayRequestScope());
+  } catch {
+    return [];
+  }
+}

package/src/agent/run-usage-accumulator.ts

@@ -39,8 +39,10 @@ export function accumulateRunUsage(
   const entry = ensure(runId);
   if (typeof usage.input === "number" && usage.input > 0) entry.input += usage.input;
   if (typeof usage.output === "number" && usage.output > 0) entry.output += usage.output;
-  if (typeof usage.cacheRead === "number" && usage.cacheRead > 0) entry.cacheRead += usage.cacheRead;
-  if (typeof usage.cacheWrite === "number" && usage.cacheWrite > 0) entry.cacheWrite += usage.cacheWrite;
+  if (typeof usage.cacheRead === "number" && usage.cacheRead > 0)
+    entry.cacheRead += usage.cacheRead;
+  if (typeof usage.cacheWrite === "number" && usage.cacheWrite > 0)
+    entry.cacheWrite += usage.cacheWrite;
   if (typeof usage.total === "number" && usage.total > 0) entry.total += usage.total;
   if (model && model.trim()) entry.model = model.trim();
   if (provider && provider.trim()) entry.provider = provider.trim();

package/src/agent/subagent-registry.ts

@@ -39,10 +39,6 @@ export function registerSessionKeyForRun(sessionKey: string, runId: string): voi
   sessionKeyToRunId.set(sessionKey, runId);
 }
 
-function resolveRunIdForSessionKey(sessionKey: string): string | undefined {
-  return sessionKeyToRunId.get(sessionKey);
-}
-
 /**
  * Parse OpenClaw announce compound runId:
  *   announce:v<version>:<sessionKey>:<bareRunId>

package/src/agent-run-context-bridge.ts

@@ -26,7 +26,9 @@ function getAgentEventState(): AgentEventStateLike | undefined {
   return { runContextById };
 }
 
-export function getOpenClawAgentRunContext(runId: string): OpenClawAgentRunContextBridge | undefined {
+export function getOpenClawAgentRunContext(
+  runId: string,
+): OpenClawAgentRunContextBridge | undefined {
   if (!runId) return undefined;
   return getAgentEventState()?.runContextById.get(runId);
 }