openclaw-scheduler 0.2.0 → 0.2.2

package/dispatch/watcher.mjs

@@ -31,6 +31,7 @@ import { readFileSync, writeFileSync, renameSync, statSync } from 'fs';
 import { dirname, join } from 'path';
 import { homedir } from 'os';
 import { fileURLToPath } from 'url';
+import { resolveCompletionDelivery } from './completion.mjs';
 import { sendMessage } from '../messages.js';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -53,6 +54,7 @@ const ACTIVITY_POLL_MS = 30_000;
  *  so PING_INTERVAL_MS must stay well below PING_STALE_MS (3 * 60_000). */
 const PING_INTERVAL_MS = 60_000; // 60 seconds
 
+
 function getGatewayToken() {
   if (process.env.OPENCLAW_GATEWAY_TOKEN) return process.env.OPENCLAW_GATEWAY_TOKEN;
   try {
@@ -656,6 +658,49 @@ function getJsonlMidTurnReason(sessionId, agentDir = 'main') {
   return null; // Last assistant entry appears to be a complete text reply -- safe to proceed
 }
 
+/**
+ * Read the last assistant entry's stop_reason from the session JSONL.
+ * Returns the stop_reason string (e.g. 'end_turn', 'tool_use') or null if unavailable.
+ *
+ * Uses readJsonlLastLines with n=10 to scan enough history to find the last
+ * assistant message even if several tool_result entries follow it.
+ *
+ * @param {string} sessionId - Internal session UUID
+ * @param {string} agentDir - Agent directory (default: 'main')
+ * @returns {string|null} stop_reason string or null
+ */
+function getSessionStopReason(sessionId, agentDir = 'main') {
+  const lastLines = readJsonlLastLines(sessionId, agentDir, 10);
+  if (!lastLines) return null;
+  // Walk backwards to find last role=assistant entry
+  for (let i = lastLines.length - 1; i >= 0; i--) {
+    const entry = lastLines[i];
+    if (entry?.role === 'assistant') {
+      return entry?.stop_reason ?? null;
+    }
+  }
+  return null;
+}
+
+/**
+ * Returns true if the session has cleanly finished with stop_reason=end_turn.
+ * Requires:
+ *   - stop_reason === 'end_turn' on the last assistant entry
+ *   - getJsonlMidTurnReason() returns null (no in-flight tool calls or pending results)
+ *
+ * Used for Path 2a early delivery: skip FLAT_WINDOW_MS wait when session is
+ * verifiably done via JSONL stop_reason signal.
+ *
+ * @param {string} sessionId - Internal session UUID
+ * @param {string} agentDir - Agent directory (default: 'main')
+ * @returns {boolean}
+ */
+function isSessionCleanlyFinished(sessionId, agentDir = 'main') {
+  if (getJsonlMidTurnReason(sessionId, agentDir) !== null) return false;
+  const stopReason = getSessionStopReason(sessionId, agentDir);
+  return stopReason === 'end_turn';
+}
+
 /**
  * Update labels.json to mark the watched label as done (best-effort, atomic write).
  * Called before exit to ensure labels.json is reconciled even if sync fails.
@@ -698,7 +743,7 @@ function markLabelError(label, errorSummary) {
  * If the verify command exits non-zero, the job is marked as error and
  * an alert is written to stdout (delivery target receives the failure notice).
  */
-function deliverResult(label, lastReply, fallbackSummary) {
+function deliverResult(label, lastReply, fallbackSummary, completionPayload = null) {
   // -- verify-cmd check -----------------------------------------------------
   // Run the stored verify-cmd (if any) before declaring the job done.
   // A non-zero exit flips the job to error state and sends an alert instead.
@@ -732,20 +777,21 @@ function deliverResult(label, lastReply, fallbackSummary) {
   }
 
   // Update labels.json before exiting -- prevents stuck detector false positives
-  const summary = fallbackSummary || (lastReply ? lastReply.slice(0, 500) : null);
-  markLabelDone(label, summary);
+  const completion = resolveCompletionDelivery({
+    lastReply,
+    completion: completionPayload,
+    fallbackSummary,
+  });
+  markLabelDone(label, completion.summary);
 
-  if (lastReply) {
+  if (completion.deliveryText) {
     const maxLen = 3500;
-    const reply = lastReply.length > maxLen
-      ? lastReply.slice(0, maxLen) + '\n\n..[truncated]'
-      : lastReply;
+    const reply = completion.deliveryText.length > maxLen
+      ? completion.deliveryText.slice(0, maxLen) + '\n\n..[truncated]'
+      : completion.deliveryText;
     process.stdout.write(`🌶️ *dispatch* [${label}] completed:\n\n${reply}\n`);
   } else {
-    process.stdout.write(
-      `🌶️ *dispatch* [${label}] completed (no reply captured)\n` +
-      `Summary: ${fallbackSummary || 'none'}\n`
-    );
+    process.stderr.write(`[watcher] [${label}] completion delivery suppressed (no meaningful reply or summary)\n`);
   }
   process.exit(0);
 }
@@ -821,6 +867,7 @@ let recoverySessionKey = null;  // captured during polling for steer/kill
 
 // Module-level state accessible by SIGTERM handler
 let lastKnownReply = null;
+let lastKnownCompletion = null;
 
 // -- SIGTERM handler (scheduler kills watcher with SIGTERM before SIGKILL) --
 // Ensures labels.json is updated and a delivery attempt is made even when killed.
@@ -830,9 +877,10 @@ process.on('SIGTERM', () => {
   try {
     const result = dispatch('result', ['--label', label]);
     if (result?.lastReply) lastKnownReply = result.lastReply;
+    if (result?.completion) lastKnownCompletion = result.completion;
   } catch {}
   // deliverResult calls process.exit(0) internally
-  deliverResult(label, lastKnownReply, 'interrupted by watcher timeout');
+  deliverResult(label, lastKnownReply, 'interrupted by watcher timeout', lastKnownCompletion);
 });
 
 // -- Rolling deadline vars ------------------------------------
@@ -1007,7 +1055,7 @@ while (Date.now() < deadline) {
     // If the session DID produce a lastReply before being killed, deliver it normally.
     if (sessionEverFound && isGatewayRestartKill(status.summary)) {
       const gwCheckResult = dispatch('result', ['--label', label]);
-      if (!gwCheckResult?.lastReply) {
+      if (!gwCheckResult?.lastReply && !gwCheckResult?.completion?.deliveryText) {
         // No result captured -- session was killed before completing
         const retryCount = getGwRestartRetryCount(label);
         if (retryCount >= MAX_GW_RESTART_RETRIES) {
@@ -1046,7 +1094,7 @@ while (Date.now() < deadline) {
           process.exit(1);
         }
       }
-      // lastReply present -- session completed before/during kill; fall through to normal delivery
+      // lastReply or completion payload present -- session completed before/during kill; fall through to normal delivery
     }
 
     // Reset gw-restart retry count on successful completion
@@ -1082,7 +1130,23 @@ while (Date.now() < deadline) {
       }
     }
     const result = dispatch('result', ['--label', label]);
-    deliverResult(label, result?.lastReply, status.summary);
+    deliverResult(label, result?.lastReply, status.summary, result?.completion || status?.completion || null);
+  }
+
+  // -- Path 2a: stop_reason early delivery (clean end_turn) --
+  // If the last assistant message has stop_reason=end_turn and no tool calls
+  // are in flight, deliver immediately without waiting for FLAT_WINDOW_MS.
+  // This is the fast path for sessions that write stop_reason to JSONL.
+  if (status.sessionKey) {
+    const _e2a = getSessionStoreEntry(status.sessionKey);
+    const _sid2a = _e2a?.sessionId || null;
+    const _adir2a = (status.sessionKey.split(':')[1]) || 'main';
+    if (_sid2a && isSessionCleanlyFinished(_sid2a, _adir2a)) {
+      process.stderr.write(`[watcher] stop_reason=end_turn detected -- delivering early\n`);
+      const result = dispatch('result', ['--label', label]);
+      deliverResult(label, result?.lastReply, 'completed (stop_reason=end_turn)', result?.completion || null);
+      // deliverResult exits
+    }
   }
 
   // -- Path 2: status says 'running' but session may be idle -
@@ -1094,8 +1158,8 @@ while (Date.now() < deadline) {
   const ageMs = status.liveness?.ageMs;
   if (ageMs != null && ageMs >= IDLE_RESULT_CHECK_MS) {
     const result = dispatch('result', ['--label', label]);
-    if (result?.lastReply) {
-      deliverResult(label, result.lastReply, null);
+    if (result?.lastReply || result?.completion?.deliveryText) {
+      deliverResult(label, result?.lastReply || null, null, result?.completion || null);
     }
   }
 
@@ -1106,16 +1170,15 @@ while (Date.now() < deadline) {
 // Timed out -- try one last result check
 const finalResult = dispatch('result', ['--label', label]);
 const finalStatus = dispatch('status', ['--label', label]);
-if (finalResult?.lastReply) {
+if (finalStatus?.status === 'done') {
   const rc = getRetryCount(label);
   if (rc > 0) setRetryCount(label, 0);
-  deliverResult(label, finalResult.lastReply, finalStatus?.summary || null);
-}
-// If status is explicitly done, exit cleanly even without lastReply
-if (finalStatus?.status === 'done') {
-  markDoneSync(finalStatus?.summary || 'completed');
-  process.stdout.write(`✅ dispatch [${label}] completed (status=done, no lastReply captured)\n`);
-  process.exit(0);
+  deliverResult(
+    label,
+    finalResult?.lastReply || null,
+    finalStatus?.summary || null,
+    finalResult?.completion || finalStatus?.completion || null,
+  );
 }
 // If status is interrupted (auto-resolved as incomplete), exit non-zero
 if (finalStatus?.status === 'interrupted') {
@@ -1174,9 +1237,9 @@ if (sessionInternalId) {
 // If the session already completed (gateway pruned it -> null tokens), exit cleanly.
 if (statusAtDeadline?.status === 'done' || baselineTokens === null) {
   const r = dispatch('result', ['--label', label]);
-  if (r?.lastReply) {
+  if (r?.lastReply || r?.completion?.deliveryText) {
     // deliverResult calls process.exit(0) internally
-    deliverResult(label, r.lastReply, statusAtDeadline?.summary || null);
+    deliverResult(label, r?.lastReply || null, statusAtDeadline?.summary || null, r?.completion || null);
   }
   // Status is explicitly done -- exit cleanly, no timeout noise
   if (statusAtDeadline?.status === 'done') {
@@ -1211,12 +1274,12 @@ while (Date.now() - flatSince < FLAT_WINDOW_MS) {
   if (st?.status === 'done') {
     const r = dispatch('result', ['--label', label]);
     // deliverResult calls process.exit(0) internally
-    deliverResult(label, r?.lastReply, st.summary);
+    deliverResult(label, r?.lastReply || null, st.summary, r?.completion || st?.completion || null);
   }
   const r2 = dispatch('result', ['--label', label]);
-  if (r2?.lastReply) {
+  if (r2?.lastReply || r2?.completion?.deliveryText) {
     // deliverResult calls process.exit(0) internally
-    deliverResult(label, r2.lastReply, null);
+    deliverResult(label, r2?.lastReply || null, null, r2?.completion || null);
   }
 
   // Token growth?
@@ -1305,12 +1368,12 @@ if (sessionInternalId) {
       if (stExt?.status === 'done') {
         const rExt = dispatch('result', ['--label', label]);
         // deliverResult calls process.exit(0) internally
-        deliverResult(label, rExt?.lastReply, stExt.summary);
+        deliverResult(label, rExt?.lastReply || null, stExt.summary, rExt?.completion || stExt?.completion || null);
       }
       const rExt2 = dispatch('result', ['--label', label]);
-      if (rExt2?.lastReply) {
+      if (rExt2?.lastReply || rExt2?.completion?.deliveryText) {
         // deliverResult calls process.exit(0) internally
-        deliverResult(label, rExt2.lastReply, null);
+        deliverResult(label, rExt2?.lastReply || null, null, rExt2?.completion || null);
       }
 
       // JSONL mtime check during extended wait
@@ -1362,12 +1425,12 @@ for (const round of steerRounds) {
   if (st2?.status === 'done') {
     const r3 = dispatch('result', ['--label', label]);
     // deliverResult calls process.exit(0) internally
-    deliverResult(label, r3?.lastReply, st2.summary);
+    deliverResult(label, r3?.lastReply || null, st2.summary, r3?.completion || st2?.completion || null);
   }
   const r3 = dispatch('result', ['--label', label]);
-  if (r3?.lastReply) {
+  if (r3?.lastReply || r3?.completion?.deliveryText) {
     // deliverResult calls process.exit(0) internally
-    deliverResult(label, r3.lastReply, null);
+    deliverResult(label, r3?.lastReply || null, null, r3?.completion || null);
   }
 
   if (!round.msg && steerSessionKey) {
@@ -1380,8 +1443,8 @@ for (const round of steerRounds) {
       if (st3?.status === 'done') {
         // Check if a result was captured before marking as error
         const r4 = dispatch('result', ['--label', label]);
-        if (r4?.lastReply) {
-          deliverResult(label, r4.lastReply, st3.summary); // deliverResult calls process.exit(0)
+        if (r4?.lastReply || r4?.completion?.deliveryText) {
+          deliverResult(label, r4?.lastReply || null, st3.summary, r4?.completion || st3?.completion || null); // deliverResult calls process.exit(0)
         }
         markLabelError(label, 'timed out -- killed after steer attempts (no result captured)');
         process.stdout.write(`⏱ dispatch [${label}] killed after steer attempts -- no result captured\n`);

package/dispatcher-delivery.js

@@ -6,7 +6,7 @@ export function createDeliveryHelpers({ log, resolveDeliveryAlias }) {
     return resolveDeliveryAlias(target);
   }
 
-  async function handleDelivery(job, content) {
+  async function handleDelivery(job, content, opts = {}) {
     if (!['announce', 'announce-always'].includes(job.delivery_mode)) return;
     if (!job.delivery_channel && !job.delivery_to) return;
 
@@ -24,7 +24,7 @@ export function createDeliveryHelpers({ log, resolveDeliveryAlias }) {
 
     try {
       const subject = (job.name || '').slice(0, 100);
-      sendMessage({
+      const msg = {
         from_agent: 'scheduler',
         to_agent:   'main',
         kind:       'result',
@@ -32,8 +32,15 @@ export function createDeliveryHelpers({ log, resolveDeliveryAlias }) {
         body:       content,
         channel,
         delivery_to: target,
-      });
-      log('info', `Enqueued: ${job.name}`, { channel, to: target });
+      };
+      // Pass image attachment paths so the message consumer can deliver them
+      // as photo/file attachments instead of plain text. Scripts signal this
+      // by writing [IMAGE:/path/to/file] markers to stdout.
+      if (opts.imageAttachments?.length > 0) {
+        msg.attachments = opts.imageAttachments;
+      }
+      sendMessage(msg);
+      log('info', `Enqueued: ${job.name}`, { channel, to: target, attachments: opts.imageAttachments?.length || 0 });
     } catch (err) {
       log('error', `Delivery enqueue failed: ${job.name}: ${err.message}`);
     }

package/dispatcher-strategies.js

@@ -203,15 +203,19 @@ export async function finalizeDispatch(job, ctx, result, deps) {
     const shouldAnnounce = ['announce', 'announce-always'].includes(job.delivery_mode)
       && deliveryContent?.trim();
 
+    const deliveryOpts = result.imageAttachments?.length > 0
+      ? { imageAttachments: result.imageAttachments }
+      : {};
+
     if (shouldAnnounce) {
       if (result.deliveryOverride) {
-        await handleDelivery(job, result.deliveryOverride);
+        await handleDelivery(job, result.deliveryOverride, deliveryOpts);
       } else if (result.status === 'error') {
         const willRetry = (job.max_retries ?? 0) > 0 && (ctx.run.retry_count || 0) < job.max_retries;
         const retryLabel = willRetry ? 'will retry' : 'no retries configured';
-        await handleDelivery(job, `\u26a0\ufe0f Job soft-failed (${retryLabel}): ${job.name}\n\n${deliveryContent}`);
+        await handleDelivery(job, `\u26a0\ufe0f Job soft-failed (${retryLabel}): ${job.name}\n\n${deliveryContent}`, deliveryOpts);
       } else {
-        await handleDelivery(job, deliveryContent);
+        await handleDelivery(job, deliveryContent, deliveryOpts);
       }
     }
   }
@@ -1008,6 +1012,9 @@ export async function executeShell(job, ctx, deps) {
   result.summary = shellResult.summary;
   result.errorMessage = shellResult.errorMessage;
   result.content = shellResult.deliveryText;
+  if (shellResult.imageAttachments?.length > 0) {
+    result.imageAttachments = shellResult.imageAttachments;
+  }
   result.runFinishFields = {
     context_summary: shellResult.contextSummary,
     shell_exit_code: shellResult.exitCode,
@@ -1076,7 +1083,10 @@ export async function executeAgent(job, ctx, deps) {
   // the warm session. This avoids full agent bootstrap on every dispatch --
   // memory search, plugin init, and context loading only happen on the first
   // run. Later runs get a pre-warmed session with context already loaded.
-  const sessionKey = job.preferred_session_key || `scheduler:${job.id}`;
+  const requestedSessionKey = job.preferred_session_key || `scheduler:${job.id}`;
+  const sessionKey = requestedSessionKey.startsWith('agent:')
+    ? requestedSessionKey
+    : `agent:${job.agent_id || 'main'}:${requestedSessionKey}`;
   updateRunSession(ctx.run.id, sessionKey, null);
 
   // Mark agent as busy
@@ -1112,6 +1122,37 @@ export async function executeAgent(job, ctx, deps) {
     }
   }
 
+  // Always sync the live auth store to the agent's auth-profiles.json BEFORE
+  // every agent turn. This ensures sessions that reuse a stable key (scheduler:<jobId>)
+  // always have fresh credentials -- token refreshes, order changes, and new
+  // profiles are picked up automatically without requiring an explicit auth_profile
+  // on every job.
+  const { syncAuthStoreToSession: syncAuth } = deps;
+  if (typeof syncAuth === 'function') {
+    const syncResult = syncAuth(job.agent_id || 'main');
+    if (syncResult.ok) {
+      log('debug', `Synced live auth store to agent '${job.agent_id || 'main'}'`, { jobId: job.id });
+    } else {
+      log('warn', `Failed to sync auth store: ${syncResult.error}`, { jobId: job.id });
+    }
+  }
+
+  // Apply auth profile to session store BEFORE the agent turn.
+  // The x-openclaw-auth-profile HTTP header is not read by the gateway (dead header).
+  // Writing authProfileOverride directly to sessions.json is the effective mechanism
+  // for auth profile propagation to isolated/embedded sessions.
+  if (resolvedAuthProfile && resolvedAuthProfile !== 'inherit') {
+    const { applyAuthProfileToSessionStore: applyAuthProfile } = deps;
+    if (typeof applyAuthProfile === 'function') {
+      const applyResult = applyAuthProfile(sessionKey, resolvedAuthProfile, job.agent_id || 'main');
+      if (applyResult.ok) {
+        log('debug', `Applied auth profile '${resolvedAuthProfile}' to session store for ${sessionKey}`, { jobId: job.id });
+      } else {
+        log('warn', `Failed to apply auth profile to session store: ${applyResult.error}`, { jobId: job.id, sessionKey });
+      }
+    }
+  }
+
   const turnResult = await runAgentTurnWithActivityTimeout({
     message: prompt,
     agentId: job.agent_id || 'main',

package/dispatcher.js

@@ -53,6 +53,8 @@ import { upsertAgent, setAgentStatus } from './agents.js';
 import {
   runAgentTurnWithActivityTimeout, sendSystemEvent, getAllSubAgentSessions, listSessions,
   deliverMessage, checkGatewayHealth, waitForGateway, resolveDeliveryAlias,
+  applyAuthProfileToSessionStore,
+  syncAuthStoreToSession,
 } from './gateway.js';
 import { normalizeShellResult } from './shell-result.js';
 import {
@@ -307,6 +309,8 @@ function buildDispatchDeps() {
     updateContextSummary, releaseIdempotencyKey,
     matchesSentinel, detectTransientError,
     listSessions,
+    applyAuthProfileToSessionStore,
+    syncAuthStoreToSession,
     // Finalize
     updateIdempotencyResultHash,
     shouldRetry, scheduleRetry,
@@ -378,11 +382,22 @@ function buildJobPrompt(job, run) {
     );
   }
 
-  // Include any pending messages for this agent
+  // Include any pending messages for this agent.
+  // getInbox() without includeDelivered already filters to status='pending' only,
+  // but we add an explicit guard here to log and skip any message that slipped
+  // through with status='delivered' or 'read' -- re-displaying such messages
+  // would cause duplicate notifications when the inbox-consumer later picks them up.
   const inbox = getInbox(job.agent_id || 'main', { limit: 5 });
-  if (inbox.length > 0) {
+  const injectableMessages = inbox.filter(msg => {
+    if (msg.status && msg.status !== 'pending') {
+      log('warn', `buildJobPrompt: skipping non-pending message ${msg.id} (status=${msg.status}) for agent ${job.agent_id || 'main'}`);
+      return false;
+    }
+    return true;
+  });
+  if (injectableMessages.length > 0) {
     parts.push('\n--- Pending Messages ---');
-    for (const msg of inbox) {
+    for (const msg of injectableMessages) {
       const kindLabel = msg.kind && !['text', 'result', 'status', 'system', 'spawn'].includes(msg.kind)
         ? `[${msg.kind}]${msg.owner ? ` (owner: ${msg.owner})` : ''} `
         : '';
@@ -402,7 +417,7 @@ function buildJobPrompt(job, run) {
 
   // Collect context metadata
   const contextMeta = {
-    messages_injected: inbox.length,
+    messages_injected: injectableMessages.length,
     scope: job.payload_scope || 'own',
     job_class: job.job_class || 'standard',
     delivery_guarantee: job.delivery_guarantee || 'at-most-once',

package/gateway.js

@@ -1,6 +1,6 @@
 // Gateway API client -- independent dispatch via chat completions + system events
 import { execFileSync } from 'child_process';
-import { readFileSync } from 'fs';
+import { readFileSync, writeFileSync, existsSync, copyFileSync, mkdirSync } from 'fs';
 import { homedir } from 'os';
 import { join } from 'path';
 import { getDb } from './db.js';
@@ -471,3 +471,119 @@ export async function waitForGateway(timeoutMs = 30000, intervalMs = 2000) {
   }
   return false;
 }
+
+/**
+ * Write authProfileOverride directly to the gateway's sessions.json store.
+ *
+ * The gateway reads sessions.json on each agent turn (with mtime-based cache
+ * invalidation), so writing here before dispatch ensures the embedded runner
+ * picks up the correct auth profile.
+ *
+ * The x-openclaw-auth-profile HTTP header sent by runAgentTurnWithActivityTimeout
+ * is NOT read by the gateway (dead header). This direct store write is the
+ * effective mechanism for auth profile propagation to isolated sessions.
+ *
+ * @param {string} sessionKey - Session key as used in the HTTP request (e.g. 'scheduler:<jobId>')
+ * @param {string} authProfile - Auth profile ID (e.g. 'anthropic:gmail')
+ * @param {string} [agentId='main'] - Agent ID for store path resolution
+ * @returns {{ ok: boolean, error?: string }}
+ */
+export function applyAuthProfileToSessionStore(sessionKey, authProfile, agentId = 'main') {
+  if (!sessionKey || !authProfile) {
+    return { ok: false, error: 'sessionKey and authProfile are required' };
+  }
+
+  // The gateway may persist session state under either the canonical agent-scoped
+  // key or the flat transport key, depending on which path created the session.
+  // Keep both aliases in sync so isolated scheduler jobs cannot miss the override.
+  const canonicalMatch = sessionKey.match(/^agent:[^:]+:(.+)$/);
+  const canonicalKey = sessionKey.startsWith('agent:')
+    ? sessionKey
+    : `agent:${agentId}:${sessionKey}`;
+  const flatSessionKey = canonicalMatch?.[1] || sessionKey;
+  const keyAliases = Array.from(new Set([canonicalKey, flatSessionKey]));
+  const sessionsPath = join(HOME_DIR, '.openclaw', 'agents', agentId, 'sessions', 'sessions.json');
+
+  try {
+    if (!existsSync(sessionsPath)) {
+      return { ok: false, error: `sessions.json not found at ${sessionsPath}` };
+    }
+
+    const raw = readFileSync(sessionsPath, 'utf-8');
+    const store = JSON.parse(raw);
+
+    const now = Date.now();
+    let changed = false;
+
+    for (const key of keyAliases) {
+      const entry = store[key];
+      if (!entry) {
+        // Session doesn't exist yet -- create a minimal entry.
+        // The gateway will populate the rest on the first agent turn.
+        store[key] = {
+          updatedAt: now,
+          authProfileOverride: authProfile,
+          authProfileOverrideSource: 'user',
+        };
+        changed = true;
+        continue;
+      }
+
+      if (entry.authProfileOverride !== authProfile || entry.authProfileOverrideSource !== 'user') {
+        // Update existing entry
+        entry.authProfileOverride = authProfile;
+        entry.authProfileOverrideSource = 'user';
+        entry.updatedAt = now;
+        // Clear compaction count so the override sticks across compactions
+        delete entry.authProfileOverrideCompactionCount;
+        changed = true;
+      }
+    }
+
+    if (!changed) {
+      return { ok: true };
+    }
+
+    writeFileSync(sessionsPath, JSON.stringify(store), 'utf-8');
+    return { ok: true };
+  } catch (err) {
+    return { ok: false, error: `Failed to update sessions.json: ${err.message}` };
+  }
+}
+
+/**
+ * Sync the live auth-profiles.json from ~/.openclaw/credentials/ to the agent's
+ * auth store at ~/.openclaw/agents/<agentId>/agent/auth-profiles.json.
+ *
+ * This ensures scheduler sessions always use fresh credentials (tokens, order,
+ * default profile) even when no explicit auth_profile is set on the job.
+ * Without this, sessions created from a stable session key inherit a stale
+ * copy of the auth store that was snapshotted when the session was first created.
+ *
+ * This is a fast file-copy operation (~1ms) and is safe to call before every
+ * agent turn.
+ *
+ * @param {string} [agentId='main'] - Agent ID for store path resolution
+ * @returns {{ ok: boolean, error?: string }}
+ */
+export function syncAuthStoreToSession(agentId = 'main') {
+  const livePath = join(HOME_DIR, '.openclaw', 'credentials', 'auth-profiles.json');
+  const agentStorePath = join(HOME_DIR, '.openclaw', 'agents', agentId, 'agent', 'auth-profiles.json');
+
+  try {
+    if (!existsSync(livePath)) {
+      return { ok: false, error: `Live auth store not found at ${livePath}` };
+    }
+
+    // Ensure the agent directory exists
+    const agentDir = join(HOME_DIR, '.openclaw', 'agents', agentId, 'agent');
+    if (!existsSync(agentDir)) {
+      mkdirSync(agentDir, { recursive: true });
+    }
+
+    copyFileSync(livePath, agentStorePath);
+    return { ok: true };
+  } catch (err) {
+    return { ok: false, error: `Failed to sync auth store: ${err.message}` };
+  }
+}

package/jobs.js

@@ -305,17 +305,46 @@ export function validateJobSpec(opts, currentJob = null, mode = 'create') {
   assertEnum('overlap_policy', merged.overlap_policy || 'skip', VALID_OVERLAP_POLICIES);
   assertEnum('delivery_mode', merged.delivery_mode || 'announce', VALID_DELIVERY_MODES);
 
+  // INSERT-only: enforce delivery_to for all non-exempt jobs.
+  // Exempt from this requirement:
+  //   - job_type='watchdog' (internal health monitor jobs)
+  //   - name starts with 'watchdog:' (watchdog jobs by naming convention)
+  //   - session_target='main' (injects into the main session, no chat routing needed)
+  //   - delivery_mode='none' (explicitly opted out of delivery)
+  if (mode === 'create') {
+    const _target = merged.session_target || 'isolated';
+    const _dmode = merged.delivery_mode || 'announce';
+    const _type = merged.job_type || 'standard';
+    const _name = String(merged.name || '');
+    const _isExempt =
+      _type === 'watchdog' ||
+      _name.startsWith('watchdog:') ||
+      _target === 'main' ||
+      _dmode === 'none';
+    if (!_isExempt && (!merged.delivery_to || String(merged.delivery_to).trim() === '')) {
+      throw new Error(
+        'delivery_to is required on job insert. Set it to the origin chat_id ' +
+        '(e.g. -1001234567890 for a group chat, or 987654321 for a personal DM).'
+      );
+    }
+  }
+
   // Enforce: delivery_to is required when delivery_mode is explicitly set to
   // 'announce' or 'announce-always'. Validates on create (when delivery_mode is
   // explicitly provided) and on update (when delivery_mode is being changed or
   // the merged record would end up in announce mode without a delivery_to).
+  // Exempt: watchdog jobs, session_target='main' (no external chat routing needed).
   {
     const modeExplicitlySet = 'delivery_mode' in normalized;
     const deliveryToExplicitlySet = 'delivery_to' in normalized;
     const effectiveMode = merged.delivery_mode || 'announce';
     const isAnnounceMode = ['announce', 'announce-always'].includes(effectiveMode);
+    const _announceExempt =
+      (merged.job_type || 'standard') === 'watchdog' ||
+      String(merged.name || '').startsWith('watchdog:') ||
+      (merged.session_target || 'isolated') === 'main';
 
-    if (isAnnounceMode && (mode === 'create' || modeExplicitlySet || deliveryToExplicitlySet)) {
+    if (isAnnounceMode && !_announceExempt && (mode === 'create' || modeExplicitlySet || deliveryToExplicitlySet)) {
       // Re-evaluate: if mode is being set to announce OR delivery_to is being
       // cleared on an announce-mode job, check the merged delivery_to is present.
       if (!merged.delivery_to || (typeof merged.delivery_to === 'string' && merged.delivery_to.trim() === '')) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-scheduler",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "SQLite-backed job scheduler and workflow engine for OpenClaw agents",
   "type": "module",
   "main": "./index.js",
@@ -70,6 +70,7 @@
     "migrate.js",
     "migrate-consolidate.js",
     "paths.js",
+    "provider-registry.js",
     "prompt-context.js",
     "retrieval.js",
     "runs.js",