@syengup/friday-channel-next 0.1.40 → 1.0.0

package/dist/index.js

@@ -6,12 +6,13 @@ import { getHostOpenClawConfigSnapshot } from "./src/host-config.js";
 import { registerFridayNextHttpRoutes } from "./src/http/server.js";
 import { getFridayNextRuntime } from "./src/runtime.js";
 import { sseEmitter } from "./src/sse/emitter.js";
-import { forwardAgentEventRaw, getLastRegisteredFridayDeviceId, resolveFridayDeviceIdForSessionKey, } from "./src/friday-session.js";
+import { forwardAgentEventRaw, getLastRegisteredFridayDeviceId, isCodexRun, resolveFridayDeviceIdForSessionKey, } from "./src/friday-session.js";
 import { setFridayAgentForwardRuntime } from "./src/agent-forward-runtime.js";
 import { setUpgradeRuntime } from "./src/upgrade-runtime.js";
 import { getOpenClawAgentRunContext } from "./src/agent-run-context-bridge.js";
 import { accumulateRunUsage } from "./src/agent/run-usage-accumulator.js";
 import { createFridayNextLogger } from "./src/logging.js";
+import { ensureCodexReasoningSummary } from "./src/codex-reasoning-config.js";
 const hookLogger = createFridayNextLogger("hook");
 export { fridayNextChannelPlugin } from "./src/channel.js";
 export { setFridayNextRuntime } from "./src/runtime.js";
@@ -50,6 +51,38 @@ function deviceIdFromToolContext(ctx) {
 function isFridaySessionKey(sk) {
     return /^friday-next-/i.test(sk) || /^agent:main:friday-next-/i.test(sk);
 }
+/** Shell/exec-style tools whose stdout the app renders as a `command_output` row (A3). */
+const COMMAND_TOOL_NAMES = new Set([
+    "exec",
+    "bash",
+    "shell",
+    "local_shell",
+    "command",
+    "process",
+    "run_terminal_cmd",
+]);
+function isCommandTool(toolName) {
+    return typeof toolName === "string" && COMMAND_TOOL_NAMES.has(toolName.trim().toLowerCase());
+}
+/** Best-effort flatten of an after-hook tool result into the stdout string the app expects. */
+function coerceCommandOutput(result) {
+    if (typeof result === "string")
+        return result;
+    if (result && typeof result === "object") {
+        const r = result;
+        for (const key of ["output", "stdout", "text"]) {
+            if (typeof r[key] === "string")
+                return r[key];
+        }
+        try {
+            return JSON.stringify(result);
+        }
+        catch {
+            return "";
+        }
+    }
+    return result == null ? "" : String(result);
+}
 function shouldForwardToolEventToFriday(ctx) {
     if (ctx.runId) {
         if (sseEmitter.getDeviceIdByRunId(ctx.runId))
@@ -113,6 +146,9 @@ export default defineChannelPluginEntry({
             return;
         }
         fridayNextToolHooksRegistered = true;
+        // Make Codex (ChatGPT/OAuth) models emit reasoning summary text so the app can stream
+        // "thinking". OpenClaw never sets this; we assert it on the plugin side. Best-effort.
+        ensureCodexReasoningSummary((msg) => hookLogger.info(msg));
         api.on("subagent_delivery_target", (event) => {
             if (!event.expectsCompletionMessage)
                 return;
@@ -189,6 +225,28 @@ export default defineChannelPluginEntry({
                     ts: Date.now(),
                 },
             });
+            // A3: the Codex app-server backend never puts exec stdout on the `command_output` stream
+            // (its tool result carries only exitCode/duration), so the app shows the command row with no
+            // output. The after-hook DOES carry the full stdout — synthesize a `command_output` end event
+            // keyed by toolCallId (== the forwarded `item kind:command` itemId) so the app attaches it.
+            // Codex-only: embedded runs already stream `command_output` on the bus.
+            if (isCodexRun(runId) && event.toolCallId && isCommandTool(event.toolName)) {
+                const output = coerceCommandOutput(event.result);
+                if (output) {
+                    forwardAgentEventRaw({
+                        runId,
+                        stream: "command_output",
+                        data: {
+                            itemId: event.toolCallId,
+                            phase: "end",
+                            output,
+                            status: event.error ? "failed" : "completed",
+                            durationMs: event.durationMs ?? null,
+                        },
+                        sessionKey: ctx.sessionKey,
+                    });
+                }
+            }
         });
     },
 });

package/dist/src/approval/friday-approval-capability.d.ts

@@ -0,0 +1,44 @@
+import type { ChannelApprovalCapability } from "openclaw/plugin-sdk/channel-contract";
+/** SSE payload the app receives for an approval lifecycle event. `op` is the phase. */
+export interface FridayApprovalPayload {
+    op: "request" | "resolved" | "expired";
+    approvalId: string;
+    kind: "exec" | "plugin";
+    title: string;
+    description?: string | null;
+    commandText?: string | null;
+    commandPreview?: string | null;
+    cwd?: string | null;
+    host?: string | null;
+    toolName?: string | null;
+    severity?: string | null;
+    metadata: {
+        label: string;
+        value: string;
+    }[];
+    actions: {
+        decision: string;
+        label: string;
+        style: string;
+    }[];
+    expiresAtMs?: number | null;
+    decision?: string | null;
+    resolvedBy?: string | null;
+    sessionKey?: string | null;
+    runId?: string | null;
+    deviceId: string;
+    ts: number;
+}
+/** Build the normalized app payload from a pending/resolved/expired approval view. */
+export declare function buildPayload(params: {
+    op: FridayApprovalPayload["op"];
+    view: Record<string, unknown>;
+    request: unknown;
+    deviceId: string;
+}): FridayApprovalPayload;
+/**
+ * friday-next approval capability. `native` declares delivery to the originating device's session;
+ * `nativeRuntime` builds the app payload and ferries it over SSE. No `delivery` suppressor → additive
+ * with ControlUI.
+ */
+export declare const fridayApprovalCapability: ChannelApprovalCapability;

package/dist/src/approval/friday-approval-capability.js

@@ -0,0 +1,174 @@
+// Friday Next exec/plugin approval capability.
+//
+// Lets the Friday app receive tool-execution approval REQUESTS (e.g. a Codex model wanting to run a
+// shell command that needs confirmation) and submit allow/deny DECISIONS — instead of those
+// approvals only reaching the gateway's built-in ControlUI.
+//
+// Model: unlike Slack (a separate approver list authorized per-account), friday-next uses a
+// device-owner model — the device that owns the originating session is the approver. HTTP requests
+// already carry the channel bearer token, so per-sender authorization happens at the route layer;
+// here we only resolve WHICH device a request belongs to (its session's device) and deliver the
+// prompt there over SSE. The decision round-trips via POST /friday-next/approvals/{id}.
+//
+// We intentionally do NOT set a `delivery.shouldSuppressForwardingFallback` adapter, so enabling
+// this stays additive: ControlUI keeps working as a fallback while the app surface is the primary.
+import { createChannelApprovalNativeRuntimeAdapter } from "openclaw/plugin-sdk/approval-handler-runtime";
+import { sseEmitter } from "../sse/emitter.js";
+import { resolveFridayDeviceIdForSessionKey } from "../friday-session.js";
+import { createFridayNextLogger } from "../logging.js";
+const logger = createFridayNextLogger("approval");
+/** Pull the originating sessionKey out of an exec/plugin approval request (`request.request.*`). */
+function sessionKeyOf(request) {
+    const inner = request?.request;
+    const sk = inner?.sessionKey;
+    return typeof sk === "string" && sk.trim() ? sk.trim() : undefined;
+}
+/** Resolve the friday device that owns this approval's session, if any. */
+function deviceForRequest(request) {
+    const sk = sessionKeyOf(request);
+    if (!sk)
+        return undefined;
+    const dev = resolveFridayDeviceIdForSessionKey(sk);
+    return dev ? dev.toUpperCase() : undefined;
+}
+/** Build the normalized app payload from a pending/resolved/expired approval view. */
+export function buildPayload(params) {
+    const { op, view, request, deviceId } = params;
+    const str = (v) => (typeof v === "string" ? v : null);
+    const num = (v) => (typeof v === "number" ? v : null);
+    const actionsRaw = Array.isArray(view.actions) ? view.actions : [];
+    const metaRaw = Array.isArray(view.metadata) ? view.metadata : [];
+    return {
+        op,
+        approvalId: str(view.approvalId) ?? "",
+        kind: view.approvalKind === "plugin" ? "plugin" : "exec",
+        title: str(view.title) ?? "",
+        description: str(view.description),
+        commandText: str(view.commandText),
+        commandPreview: str(view.commandPreview),
+        cwd: str(view.cwd),
+        host: str(view.host),
+        toolName: str(view.toolName),
+        severity: str(view.severity),
+        metadata: metaRaw.map((m) => ({ label: str(m.label) ?? "", value: str(m.value) ?? "" })),
+        actions: actionsRaw.map((a) => ({
+            decision: str(a.decision) ?? "",
+            label: str(a.label) ?? "",
+            style: str(a.style) ?? "secondary",
+        })),
+        expiresAtMs: num(view.expiresAtMs),
+        decision: str(view.decision),
+        resolvedBy: str(view.resolvedBy),
+        sessionKey: sessionKeyOf(request) ?? null,
+        runId: sseEmitter.getLastRunIdForDevice(deviceId),
+        deviceId,
+        ts: Date.now(),
+    };
+}
+function emitApproval(deviceId, payload) {
+    sseEmitter.broadcast({ type: "approval", data: { ...payload } }, deviceId, true);
+}
+const fridayApprovalNativeRuntime = createChannelApprovalNativeRuntimeAdapter({
+    eventKinds: ["exec", "plugin"],
+    availability: {
+        isConfigured: () => true,
+        shouldHandle: ({ request }) => deviceForRequest(request) !== undefined,
+    },
+    presentation: {
+        buildPendingPayload: ({ request, view }) => {
+            const deviceId = deviceForRequest(request) ?? "";
+            return buildPayload({
+                op: "request",
+                view: view,
+                request,
+                deviceId,
+            });
+        },
+        buildResolvedResult: ({ request, view }) => {
+            const deviceId = deviceForRequest(request) ?? "";
+            return {
+                kind: "update",
+                payload: buildPayload({
+                    op: "resolved",
+                    view: view,
+                    request,
+                    deviceId,
+                }),
+            };
+        },
+        buildExpiredResult: ({ request, view }) => {
+            const deviceId = deviceForRequest(request) ?? "";
+            return {
+                kind: "update",
+                payload: buildPayload({
+                    op: "expired",
+                    view: view,
+                    request,
+                    deviceId,
+                }),
+            };
+        },
+    },
+    transport: {
+        prepareTarget: ({ plannedTarget, request }) => {
+            const planned = typeof plannedTarget?.target?.to === "string" && plannedTarget.target.to.trim()
+                ? plannedTarget.target.to.trim().toUpperCase()
+                : undefined;
+            const deviceId = planned ?? deviceForRequest(request);
+            if (!deviceId)
+                return null;
+            return { dedupeKey: `friday-approval:${deviceId}`, target: { deviceId } };
+        },
+        deliverPending: ({ preparedTarget, pendingPayload }) => {
+            const deviceId = preparedTarget.deviceId;
+            logger.info(`deliver approval ${pendingPayload.approvalId} kind=${pendingPayload.kind} -> ${deviceId}`);
+            emitApproval(deviceId, { ...pendingPayload, deviceId });
+            return { deviceId, approvalId: pendingPayload.approvalId };
+        },
+        updateEntry: async ({ entry, payload }) => {
+            emitApproval(entry.deviceId, { ...payload, deviceId: entry.deviceId });
+        },
+        deleteEntry: async ({ entry, phase }) => {
+            emitApproval(entry.deviceId, {
+                op: phase === "resolved" ? "resolved" : "expired",
+                approvalId: entry.approvalId,
+                kind: "exec",
+                title: "",
+                metadata: [],
+                actions: [],
+                deviceId: entry.deviceId,
+                ts: Date.now(),
+            });
+        },
+    },
+    observe: {
+        onDeliveryError: ({ error }) => {
+            logger.warn(`approval delivery failed: ${String(error)}`);
+        },
+    },
+});
+/**
+ * friday-next approval capability. `native` declares delivery to the originating device's session;
+ * `nativeRuntime` builds the app payload and ferries it over SSE. No `delivery` suppressor → additive
+ * with ControlUI.
+ */
+export const fridayApprovalCapability = {
+    native: {
+        describeDeliveryCapabilities: ({ request }) => {
+            const enabled = deviceForRequest(request) !== undefined;
+            return {
+                enabled,
+                preferredSurface: "origin",
+                supportsOriginSurface: true,
+                supportsApproverDmSurface: false,
+            };
+        },
+        resolveOriginTarget: ({ request }) => {
+            const deviceId = deviceForRequest(request);
+            return deviceId ? { to: deviceId } : null;
+        },
+    },
+    // Cast widens the parameterized adapter to the field's `unknown`-typed shape (function-param
+    // contravariance). Same escape hatch Slack uses for its lazy runtime adapter.
+    nativeRuntime: fridayApprovalNativeRuntime,
+};

package/dist/src/channel.js

@@ -9,6 +9,8 @@ import os from "node:os";
 import path from "node:path";
 import { createChatChannelPlugin } from "openclaw/plugin-sdk/core";
 import { waitUntilAbort } from "openclaw/plugin-sdk/channel-lifecycle";
+import { registerChannelRuntimeContext } from "openclaw/plugin-sdk/channel-runtime-context";
+import { CHANNEL_APPROVAL_NATIVE_RUNTIME_CONTEXT_CAPABILITY } from "openclaw/plugin-sdk/approval-handler-adapter-runtime";
 import { createFridayNextLogger } from "./logging.js";
 import { saveMediaBuffer } from "openclaw/plugin-sdk/media-store";
 import { sseEmitter } from "./sse/emitter.js";
@@ -19,6 +21,7 @@ import { resolveMediaMaxBytes } from "./agent/media-bridge.js";
 import { resolveFridayDeviceIdForOutbound, resolveHistorySessionKeyForFridayDevice, } from "./friday-session.js";
 import { getRunRoute } from "./run-metadata.js";
 import { getLastFridayInboundAt } from "./friday-inbound-stats.js";
+import { fridayApprovalCapability } from "./approval/friday-approval-capability.js";
 const logger = createFridayNextLogger("channel");
 const CHANNEL_ID = "friday-next";
 function pickFirstString(source, keys) {
@@ -97,6 +100,21 @@ const fridayLifecycle = {
  */
 const fridayGateway = {
     startAccount: async (ctx) => {
+        // Activate exec/plugin approval delivery to the app. The gateway's approval-handler bootstrap
+        // only wires up our `approvalCapability` once the channel registers an "approval.native" runtime
+        // context (the registration event is the gate — without it approvals silently skip friday-next
+        // and only reach ControlUI). friday-next's nativeRuntime needs no per-account state — it resolves
+        // the target device from each request's sessionKey via global singletons — so context is empty.
+        if (ctx.channelRuntime) {
+            registerChannelRuntimeContext({
+                channelRuntime: ctx.channelRuntime,
+                channelId: CHANNEL_ID,
+                accountId: ctx.accountId,
+                capability: CHANNEL_APPROVAL_NATIVE_RUNTIME_CONTEXT_CAPABILITY,
+                context: {},
+                abortSignal: ctx.abortSignal,
+            });
+        }
         await waitUntilAbort(ctx.abortSignal);
     },
 };
@@ -297,3 +315,7 @@ export const fridayNextChannelPlugin = createChatChannelPlugin({
         },
     },
 });
+// Attach exec/plugin approval delivery to the app. `createChatChannelPlugin` has no config slot for
+// it, so it's set on the returned plugin object; setting it auto-registers the native approval
+// handler via the gateway's approval bootstrap. Additive with ControlUI (no forwarding suppressor).
+fridayNextChannelPlugin.approvalCapability = fridayApprovalCapability;

package/dist/src/codex-reasoning-config.d.ts

@@ -0,0 +1,11 @@
+/**
+ * True if a top-level `model_reasoning_summary` key already exists. TOML scoping matters: a key is
+ * only top-level (and thus honored by Codex) if it appears before the first `[section]` header, so
+ * we stop scanning at the first table header.
+ */
+export declare function hasTopLevelSummaryKey(content: string): boolean;
+/**
+ * Best-effort: ensure every agent's Codex config requests a reasoning summary. Never throws —
+ * activation must not fail because of a config write. `log` receives a one-line summary per change.
+ */
+export declare function ensureCodexReasoningSummary(log: (msg: string) => void): void;

package/dist/src/codex-reasoning-config.js

@@ -0,0 +1,83 @@
+// Ensures the Codex app-server backend emits reasoning *summary* text so Friday can stream it.
+//
+// Background: OpenAI models authenticated via ChatGPT/OAuth run through OpenClaw's Codex
+// app-server backend. That backend sends `reasoning_effort` per turn but never requests a
+// reasoning summary, and OpenClaw exposes no `openclaw.json` lever for it. Without a summary the
+// model's reasoning stays encrypted (`encrypted_content`) and no reasoning text reaches the
+// channel — so the Friday app shows no streaming "thinking" for Codex models.
+//
+// The only switch that makes Codex return summary text is the Codex CLI's own
+// `model_reasoning_summary` key in `~/.openclaw/agents/<id>/agent/codex-home/config.toml`.
+// We keep the fix on the plugin side by asserting that key on activation (idempotently, for every
+// agent that has a codex-home), so it survives OpenClaw rewrites of that file across restarts.
+import { existsSync, mkdirSync, readFileSync, readdirSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+const CONFIG_KEY = "model_reasoning_summary";
+// "detailed" is the value verified end-to-end (reasoning streamed to the app). Codex also accepts
+// "auto"/"concise"; tune here if the summaries feel too verbose.
+const SUMMARY_VALUE = "detailed";
+function resolveOpenClawHome() {
+    const env = process.env.OPENCLAW_HOME?.trim();
+    return env && env.length > 0 ? env : join(homedir(), ".openclaw");
+}
+/**
+ * True if a top-level `model_reasoning_summary` key already exists. TOML scoping matters: a key is
+ * only top-level (and thus honored by Codex) if it appears before the first `[section]` header, so
+ * we stop scanning at the first table header.
+ */
+export function hasTopLevelSummaryKey(content) {
+    for (const raw of content.split(/\r?\n/)) {
+        const line = raw.trim();
+        if (line.startsWith("["))
+            break;
+        if (new RegExp(`^${CONFIG_KEY}\\s*=`).test(line))
+            return true;
+    }
+    return false;
+}
+function ensureKeyInCodexHome(codexHome) {
+    const configPath = join(codexHome, "config.toml");
+    const header = `${CONFIG_KEY} = "${SUMMARY_VALUE}"\n`;
+    if (!existsSync(configPath)) {
+        writeFileSync(configPath, header, "utf8");
+        return "added";
+    }
+    const content = readFileSync(configPath, "utf8");
+    if (hasTopLevelSummaryKey(content))
+        return "present";
+    // Prepend so the key stays top-level even if the file starts with a `[section]` table.
+    writeFileSync(configPath, `${header}\n${content}`, "utf8");
+    return "added";
+}
+/**
+ * Best-effort: ensure every agent's Codex config requests a reasoning summary. Never throws —
+ * activation must not fail because of a config write. `log` receives a one-line summary per change.
+ */
+export function ensureCodexReasoningSummary(log) {
+    try {
+        const agentsDir = join(resolveOpenClawHome(), "agents");
+        if (!existsSync(agentsDir))
+            return;
+        for (const agentId of readdirSync(agentsDir)) {
+            const codexHome = join(agentsDir, agentId, "agent", "codex-home");
+            // Only touch agents Codex has actually initialized (codex-home exists). New agents are
+            // picked up on the next activation/restart.
+            if (!existsSync(codexHome))
+                continue;
+            try {
+                mkdirSync(codexHome, { recursive: true });
+                const result = ensureKeyInCodexHome(codexHome);
+                if (result === "added") {
+                    log(`codex reasoning summary enabled (agent=${agentId})`);
+                }
+            }
+            catch (err) {
+                log(`codex reasoning summary write failed (agent=${agentId}): ${String(err)}`);
+            }
+        }
+    }
+    catch (err) {
+        log(`codex reasoning summary ensure failed: ${String(err)}`);
+    }
+}

package/dist/src/friday-session.d.ts

@@ -1,5 +1,9 @@
 /** Vitest-only: clears per-run reasoning text cache used for incremental `delta` rewriting. */
 export declare function resetThinkingStreamAccumStateForTest(): void;
+/** True once a `codex_app_server.*` frame has been seen for this run. */
+export declare function isCodexRun(runId: string): boolean;
+/** Vitest-only */
+export declare function resetCodexRunTrackingForTest(): void;
 /** Vitest-only */
 export declare function resetOpenClawRunDeviceMappingForTest(): void;
 /** Parse deviceId from a Friday Next channel sessionKey (friday-{deviceId} or legacy agent:main:friday-*). */

package/dist/src/friday-session.js

@@ -20,6 +20,24 @@ function commonPrefixLength(a, b) {
 export function resetThinkingStreamAccumStateForTest() {
     lastThinkingTextByRun.clear();
 }
+/**
+ * Runs backed by the OpenClaw Codex app-server backend (model api `openai-chatgpt-responses`).
+ * They emit their activity under a `codex_app_server.*` stream namespace and — unlike the embedded
+ * runner — do NOT put reasoning text on the agent-event bus (`stream: "thinking"`); that text only
+ * arrives via the dispatch `onReasoningStream` callback. Likewise exec stdout never reaches the
+ * `command_output` stream. We mark a run as Codex the first time we see any `codex_app_server.*`
+ * frame so the message handler / tool hooks know to synthesize the missing `thinking` /
+ * `command_output` events for it (and ONLY for it — embedded runs already get both via the bus).
+ */
+const codexRunIds = new Set();
+/** True once a `codex_app_server.*` frame has been seen for this run. */
+export function isCodexRun(runId) {
+    return codexRunIds.has(runId);
+}
+/** Vitest-only */
+export function resetCodexRunTrackingForTest() {
+    codexRunIds.clear();
+}
 /**
  * OpenClaw `runId` → device UUID (uppercase).
  * When `lifecycle.end` / `error` is emitted, the gateway may call `clearAgentRunContext` before this extension's
@@ -298,6 +316,11 @@ export function forwardAgentEventRaw(evt) {
         sk = latestHistorySessionKeyForDeviceId(deviceIdRaw) ?? `friday-next-${deviceIdRaw}`;
     }
     openClawRunIdToDeviceId.set(evt.runId, deviceIdRaw.toUpperCase());
+    // Flag Codex app-server runs so the message handler / tool hooks synthesize the `thinking` /
+    // `command_output` events that this backend never emits on the bus (see `isCodexRun`).
+    if (typeof evt.stream === "string" && evt.stream.startsWith("codex_app_server")) {
+        codexRunIds.add(evt.runId);
+    }
     // Register sessionKey → runId so we can resolve parentRunId
     if (sk && evt.stream === "lifecycle" && evt.data.phase === "start") {
         registerSessionKeyForRun(sk, evt.runId);
@@ -432,6 +455,7 @@ export function forwardAgentEventRaw(evt) {
         }
         if (phase === "end" || phase === "error") {
             lastThinkingTextByRun.delete(evt.runId);
+            codexRunIds.delete(evt.runId);
         }
     }
     const lifecyclePhase = evt.stream === "lifecycle" && typeof evt.data.phase === "string" ? evt.data.phase : "";

package/dist/src/http/handlers/approvals.d.ts

@@ -0,0 +1,9 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+/**
+ * POST /friday-next/approvals/{approvalId}
+ * Body: { decision: "allow-once" | "allow-always" | "deny", deviceId?: string }
+ *
+ * Submits the app user's decision for a pending exec/plugin approval back to the gateway. The bearer
+ * token gates auth (the device owner is the approver); the gateway then resumes / aborts the run.
+ */
+export declare function handleApprovalDecision(req: IncomingMessage, res: ServerResponse, approvalId: string): Promise<boolean>;

package/dist/src/http/handlers/approvals.js

@@ -0,0 +1,54 @@
+import { resolveApprovalOverGateway } from "openclaw/plugin-sdk/approval-gateway-runtime";
+import { readJsonBody } from "../middleware/body.js";
+import { extractBearerToken } from "../middleware/auth.js";
+import { getHostOpenClawConfigSnapshot } from "../../host-config.js";
+import { getFridayNextRuntime } from "../../runtime.js";
+import { createFridayNextLogger } from "../../logging.js";
+const VALID_DECISIONS = new Set(["allow-once", "allow-always", "deny"]);
+/**
+ * POST /friday-next/approvals/{approvalId}
+ * Body: { decision: "allow-once" | "allow-always" | "deny", deviceId?: string }
+ *
+ * Submits the app user's decision for a pending exec/plugin approval back to the gateway. The bearer
+ * token gates auth (the device owner is the approver); the gateway then resumes / aborts the run.
+ */
+export async function handleApprovalDecision(req, res, approvalId) {
+    const log = createFridayNextLogger("approvals");
+    const json = (status, body) => {
+        res.statusCode = status;
+        res.setHeader("Content-Type", "application/json");
+        res.end(JSON.stringify(body));
+        return true;
+    };
+    if (req.method !== "POST")
+        return json(405, { error: "Method Not Allowed" });
+    if (!extractBearerToken(req))
+        return json(401, { error: "Unauthorized: bearer token mismatch" });
+    if (!approvalId.trim())
+        return json(400, { error: "Missing approvalId" });
+    const body = await readJsonBody(req);
+    if (!body)
+        return json(400, { error: "Invalid JSON body" });
+    const decision = typeof body.decision === "string" ? body.decision.trim() : "";
+    if (!VALID_DECISIONS.has(decision)) {
+        return json(400, { error: "decision must be allow-once | allow-always | deny" });
+    }
+    const deviceId = typeof body.deviceId === "string" ? body.deviceId.trim().toUpperCase() : "";
+    const cfg = getHostOpenClawConfigSnapshot(getFridayNextRuntime().config);
+    try {
+        await resolveApprovalOverGateway({
+            cfg: cfg,
+            approvalId: approvalId.trim(),
+            decision: decision,
+            senderId: deviceId || null,
+            allowPluginFallback: true,
+            clientDisplayName: deviceId ? `Friday Next (${deviceId})` : "Friday Next",
+        });
+    }
+    catch (err) {
+        log.error(`resolveApprovalOverGateway failed: ${err instanceof Error ? err.message : String(err)}`);
+        return json(502, { error: "Approval resolution failed", detail: String(err) });
+    }
+    log.info(`approval ${approvalId} resolved decision=${decision} device=${deviceId || "(none)"}`);
+    return json(200, { ok: true, approvalId: approvalId.trim(), decision });
+}

package/dist/src/http/handlers/messages.js

@@ -17,7 +17,7 @@ import { resolveAgentDefaults, setSessionSettings, splitModelRef, toSessionStore
 import { sseEmitter } from "../../sse/emitter.js";
 import { extractBearerToken } from "../middleware/auth.js";
 import { readJsonBody } from "../middleware/body.js";
-import { registerFridaySessionDeviceMapping } from "../../friday-session.js";
+import { forwardAgentEventRaw, isCodexRun, registerFridaySessionDeviceMapping, } from "../../friday-session.js";
 import { touchFridayInbound } from "../../friday-inbound-stats.js";
 import { fridayAttachmentLookupKey, fridayFilesPublicUrl, readFile, rememberInboundMediaName, resolveMediaAttachment, resolveMediaUrl, } from "./files.js";
 import { runFridayDispatch } from "../../agent/dispatch-bridge.js";
@@ -467,6 +467,12 @@ export async function handleMessages(req, res) {
                     runId,
                     suppressTyping: true,
                     disableBlockStreaming: true,
+                    // A1: feed the chosen thinking level into the run as a one-shot override so the model
+                    // request asks for a reasoning summary. The session-stored `thinkingLevel` alone is NOT
+                    // honored by the reply dispatch; `thinkingLevelOverride` has top priority in OpenClaw's
+                    // resolution chain (get-reply-directives). Required for Codex (openai-chatgpt-responses)
+                    // to emit any reasoning at all.
+                    ...(thinkingLevel ? { thinkingLevelOverride: thinkingLevel } : {}),
                     onModelSelected: (sel) => {
                         const name = typeof sel.model === "string" ? sel.model.trim() : "";
                         if (name) {
@@ -481,6 +487,18 @@ export async function handleMessages(req, res) {
                             : undefined;
                         const text = typeof rawText === "string" ? rawText : "";
                         log("REASONING_STREAM", normalizedDeviceId, runId, `textLen=${text.length}`);
+                        // A2: the embedded runner already emits `stream: "thinking"` on the agent-event bus, so
+                        // forwarding here would double it. The Codex app-server backend does NOT — reasoning text
+                        // only arrives via this callback (cumulative snapshot). Forward it as a thinking event
+                        // (reusing forwardAgentEventRaw's cumulative→delta rewrite) ONLY for Codex runs.
+                        if (text && isCodexRun(runId)) {
+                            forwardAgentEventRaw({
+                                runId,
+                                stream: "thinking",
+                                data: { text },
+                                sessionKey: baseSessionKey,
+                            });
+                        }
                     },
                     onReasoningEnd: async () => {
                         log("REASONING_STREAM_END", normalizedDeviceId, runId);

package/dist/src/http/server.js

@@ -11,6 +11,7 @@ import { handleFilesDownload } from "./handlers/files-download.js";
 import { handleCancel } from "./handlers/cancel.js";
 import { handleDeviceApprove } from "./handlers/device-approve.js";
 import { handleNodesApprove } from "./handlers/nodes-approve.js";
+import { handleApprovalDecision } from "./handlers/approvals.js";
 import { handleSessionsSettings } from "./handlers/sessions-settings.js";
 import { handleModelsList } from "./handlers/models-list.js";
 import { handleAgentsList } from "./handlers/agents-list.js";
@@ -65,6 +66,11 @@ async function handleFridayNextRoute(req, res) {
     if (req.method === "POST" && pathname === "/friday-next/nodes-approve") {
         return await handleNodesApprove(req, res);
     }
+    // Route: POST /friday-next/approvals/{approvalId} (submit exec/plugin approval decision)
+    if (req.method === "POST" && pathname.startsWith("/friday-next/approvals/")) {
+        const approvalId = decodeURIComponent(pathname.slice("/friday-next/approvals/".length));
+        return await handleApprovalDecision(req, res, approvalId);
+    }
     if ((req.method === "PUT" || req.method === "GET") &&
         pathname === "/friday-next/sessions/settings") {
         return await handleSessionsSettings(req, res);

package/dist/src/http 2/middleware/auth.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Bearer token authentication middleware for Friday HTTP routes.
+ *
+ * Validates that the bearer token matches the gateway's configured auth token.
+ * This ensures plugin HTTP endpoints use the same token as gateway WS connections.
+ */
+import type { IncomingMessage } from "node:http";
+/**
+ * Extract and validate bearer token from Authorization header.
+ * Returns the token only if it matches the gateway's configured auth token.
+ * Returns null if token is missing, malformed, or doesn't match.
+ */
+export declare function extractBearerToken(req: IncomingMessage): string | null;