fix: prevent signal group id lowercasing (breaks base64)

.github/labeler.yml

@@ -9,6 +9,12 @@
           - "src/discord/**"
           - "extensions/discord/**"
           - "docs/channels/discord.md"
+"channel: feishu":
+  - changed-files:
+      - any-glob-to-any-file:
+          - "src/feishu/**"
+          - "extensions/feishu/**"
+          - "docs/channels/feishu.md"
 "channel: googlechat":
   - changed-files:
       - any-glob-to-any-file:

.github/workflows/auto-response.yml

@@ -2,7 +2,7 @@ name: Auto response
 
 on:
   issues:
-    types: [labeled]
+    types: [opened, edited, labeled]
   pull_request_target:
     types: [labeled]
 
@@ -31,22 +31,49 @@ jobs:
                 label: "r: skill",
                 close: true,
                 message:
-                  "Thanks for the contribution! New skills should be published to Clawdhub for everyone to use. We’re keeping the core lean on skills, so I’m closing this out.",
+                  "Thanks for the contribution! New skills should be published to [Clawhub](https://clawhub.ai) for everyone to use. We’re keeping the core lean on skills, so I’m closing this out.",
               },
               {
                 label: "r: support",
                 close: true,
                 message:
-                  "Please use our support server https://molt.bot/discord and ask in #help or #users-helping-users to resolve this, or follow the stuck FAQ at https://docs.molt.bot/help/faq#im-stuck-whats-the-fastest-way-to-get-unstuck.",
+                  "Please use [our support server](https://discord.gg/clawd) and ask in #help or #users-helping-users to resolve this, or follow the stuck FAQ at https://docs.openclaw.ai/help/faq#im-stuck-whats-the-fastest-way-to-get-unstuck.",
               },
               {
                 label: "r: third-party-extension",
                 close: true,
                 message:
-                  "This would be better made as a third-party extension with our SDK that you maintain yourself. Docs: https://docs.molt.bot/plugin.",
+                  "This would be better made as a third-party extension with our SDK that you maintain yourself. Docs: https://docs.openclaw.ai/plugin.",
+              },
+              {
+                label: "r: moltbook",
+                close: true,
+                lock: true,
+                lockReason: "off-topic",
+                message:
+                  "OpenClaw is not affiliated with Moltbook, and issues related to Moltbook should not be submitted here.",
               },
             ];
 
+            const issue = context.payload.issue;
+            if (issue) {
+              const title = issue.title ?? "";
+              const body = issue.body ?? "";
+              const haystack = `${title}\n${body}`.toLowerCase();
+              const hasLabel = (issue.labels ?? []).some((label) =>
+                typeof label === "string" ? label === "r: moltbook" : label?.name === "r: moltbook",
+              );
+              if (haystack.includes("moltbook") && !hasLabel) {
+                await github.rest.issues.addLabels({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: issue.number,
+                  labels: ["r: moltbook"],
+                });
+                return;
+              }
+            }
+
             const labelName = context.payload.label?.name;
             if (!labelName) {
               return;
@@ -77,3 +104,12 @@ jobs:
                 state: "closed",
               });
             }
+
+            if (rule.lock) {
+              await github.rest.issues.lock({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: issueNumber,
+                lock_reason: rule.lockReason ?? "resolved",
+              });
+            }

.github/workflows/ci.yml

@@ -89,9 +89,6 @@ jobs:
           - runtime: bun
             task: test
             command: pnpm canvas:a2ui:bundle && bunx vitest run
-          - runtime: bun
-            task: build
-            command: bunx tsc -p tsconfig.json --noEmit false
     steps:
       - name: Checkout
         uses: actions/checkout@v4

.github/workflows/formal-conformance.yml

@@ -0,0 +1,134 @@
+name: Formal models (informational conformance)
+
+on:
+  pull_request:
+
+jobs:
+  formal_conformance:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout openclaw (PR)
+        uses: actions/checkout@v4
+        with:
+          path: openclaw
+
+      - name: Checkout formal models
+        uses: actions/checkout@v4
+        with:
+          repository: vignesh07/clawdbot-formal-models
+          ref: main
+          path: clawdbot-formal-models
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+
+      - name: Regenerate extracted constants from openclaw
+        run: |
+          set -euo pipefail
+          cd clawdbot-formal-models
+          export OPENCLAW_REPO_DIR="${GITHUB_WORKSPACE}/openclaw"
+          node scripts/extract-tool-groups.mjs
+          node scripts/check-tool-group-alias.mjs
+
+      # Drift is about extracted artifacts only; compute it before model checking
+      # to avoid any incidental file touches affecting the result.
+      - name: Compute drift (generated/*)
+        id: drift
+        run: |
+          set -euo pipefail
+          cd clawdbot-formal-models
+
+          if git diff --quiet -- generated; then
+            echo "drift=false" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          echo "drift=true" >> "$GITHUB_OUTPUT"
+          git diff -- generated > "${GITHUB_WORKSPACE}/formal-models-drift.diff"
+
+      - name: Model check (green suite)
+        run: |
+          set -euo pipefail
+          cd clawdbot-formal-models
+          make \
+            precedence groups elevated nodes-policy \
+            attacker approvals approvals-token nodes-pipeline \
+            gateway-exposure gateway-exposure-v2 gateway-exposure-v2-protected \
+            gateway-auth-conformance gateway-auth-tailscale gateway-auth-proxy \
+            pairing pairing-cap pairing-idempotency pairing-refresh pairing-refresh-race \
+            ingress-gating ingress-idempotency ingress-dedupe-fallback ingress-trace ingress-trace2 \
+            routing-isolation routing-precedence routing-identitylinks routing-identity-transitive routing-identity-symmetry routing-identity-channel-override \
+            routing-thread-parent discord-pluralkit \
+            ingress-retry session-key-stability session-explosion-bound config-normalization \
+            queue-drain delivery-route-stability delivery-pipeline retry-termination retry-eventual-success \
+            no-cross-stream multi-event-eventual-emission \
+            dedupe-collision-fallback crash-restart-dedupe two-worker-dedupe openclaw-session-key-conformance \
+            routing-thread-parent-channel-override routing-trirule gateway-auth-proxy-header-spoof \
+            group-alias-check
+
+      - name: Model check (negative suite, expected violations)
+        continue-on-error: true
+        run: |
+          set -euo pipefail
+          cd clawdbot-formal-models
+          make -k \
+            precedence-negative groups-negative elevated-negative nodes-policy-negative \
+            attacker-negative attacker-nodes-negative attacker-nodes-allowlist-negative attacker-nodes-allowlist-negative \
+            approvals-negative approvals-token-negative nodes-pipeline-negative \
+            gateway-exposure-negative gateway-exposure-v2-negative gateway-exposure-v2-protected-negative \
+            gateway-exposure-v2-unsafe-custom gateway-exposure-v2-unsafe-tailnet gateway-exposure-v2-unsafe-auto \
+            gateway-auth-conformance-negative gateway-auth-tailscale-negative gateway-auth-proxy-negative \
+            pairing-negative pairing-cap-negative pairing-idempotency-negative pairing-refresh-negative pairing-refresh-race-negative \
+            ingress-gating-negative ingress-idempotency-negative ingress-dedupe-fallback-negative ingress-trace-negative ingress-trace2-negative \
+            routing-isolation-negative routing-precedence-negative routing-identitylinks-negative routing-identity-transitive-negative routing-identity-symmetry-negative routing-identity-channel-override-negative \
+            routing-thread-parent-negative discord-pluralkit-negative \
+            ingress-retry-negative session-key-stability-negative config-normalization-negative \
+            queue-drain delivery-route-stability-negative delivery-pipeline-negative retry-termination-negative retry-eventual-success-negative \
+            no-cross-stream-negative multi-event-eventual-emission-negative \
+            dedupe-collision-fallback-negative crash-restart-dedupe-negative two-worker-dedupe-negative openclaw-session-key-conformance-negative \
+            routing-thread-parent-channel-override-negative routing-trirule-negative gateway-auth-proxy-header-spoof-negative
+
+      - name: Upload drift diff artifact
+        if: steps.drift.outputs.drift == 'true'
+        uses: actions/upload-artifact@v4
+        with:
+          name: formal-models-conformance-drift
+          path: formal-models-drift.diff
+
+      - name: Comment on PR (informational)
+        if: steps.drift.outputs.drift == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const body = [
+              '⚠️ **Formal models conformance drift detected**',
+              '',
+              'The formal models extracted constants (`generated/*`) do not match this openclaw PR.',
+              '',
+              'This check is **informational** (not blocking merges yet).',
+              'See the `formal-models-conformance-drift` artifact for the diff.',
+              '',
+              'If this change is intentional, follow up by updating the formal models repo or regenerating the extracted artifacts there.',
+            ].join('\n');
+
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.pull_request.number,
+              body,
+            });
+
+      - name: Summary
+        run: |
+          if [ "${{ steps.drift.outputs.drift }}" = "true" ]; then
+            echo "Formal conformance drift detected (informational)."
+          else
+            echo "Formal conformance: no drift."
+          fi

.github/workflows/labeler.yml

@@ -3,6 +3,8 @@ name: Labeler
 on:
   pull_request_target:
     types: [opened, synchronize, reopened]
+  issues:
+    types: [opened]
 
 permissions: {}
 
@@ -23,3 +25,56 @@ jobs:
           configuration-path: .github/labeler.yml
           repo-token: ${{ steps.app-token.outputs.token }}
           sync-labels: true
+      - name: Apply maintainer label for org members
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const association = context.payload.pull_request?.author_association;
+            if (!association) {
+              return;
+            }
+            if (![
+              "MEMBER",
+              "OWNER",
+            ].includes(association)) {
+              return;
+            }
+
+            await github.rest.issues.addLabels({
+              ...context.repo,
+              issue_number: context.payload.pull_request.number,
+              labels: ["maintainer"],
+            });
+
+  label-issues:
+    permissions:
+      issues: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
+        id: app-token
+        with:
+          app-id: "2729701"
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+      - name: Apply maintainer label for org members
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const association = context.payload.issue?.author_association;
+            if (!association) {
+              return;
+            }
+            if (![
+              "MEMBER",
+              "OWNER",
+            ].includes(association)) {
+              return;
+            }
+
+            await github.rest.issues.addLabels({
+              ...context.repo,
+              issue_number: context.payload.issue.number,
+              labels: ["maintainer"],
+            });

.oxfmtrc.jsonc

@@ -1,5 +1,8 @@
 {
   "$schema": "./node_modules/oxfmt/configuration_schema.json",
+  "experimentalSortImports": {
+    "newlinesBetween": false,
+  },
   "experimentalSortPackageJson": {
     "sortScripts": true,
   },

.oxlintrc.json

@@ -14,8 +14,8 @@
     "oxc/no-accumulating-spread": "off",
     "oxc/no-async-endpoint-handlers": "off",
     "oxc/no-map-spread": "off",
+    "typescript/no-explicit-any": "error",
     "typescript/no-extraneous-class": "off",
-    "typescript/no-unnecessary-template-expression": "off",
     "typescript/no-unsafe-type-assertion": "off",
     "unicorn/consistent-function-scoping": "off",
     "unicorn/require-post-message-target-origin": "off"
@@ -30,7 +30,6 @@
     "skills/",
     "src/canvas-host/a2ui/a2ui.bundle.js",
     "Swabble/",
-    "vendor/",
-    "ui/"
+    "vendor/"
   ]
 }

.pi/prompts/landpr.md

@@ -0,0 +1,70 @@
+---
+description: Land a PR (merge with proper workflow)
+---
+
+Input
+
+- PR: $1 <number|url>
+  - If missing: use the most recent PR mentioned in the conversation.
+  - If ambiguous: ask.
+
+Do (end-to-end)
+Goal: PR must end in GitHub state = MERGED (never CLOSED). Use `gh pr merge` with `--rebase` or `--squash`.
+
+1. Repo clean: `git status`.
+2. Identify PR meta (author + head branch):
+
+   ```sh
+   gh pr view <PR> --json number,title,author,headRefName,baseRefName,headRepository --jq '{number,title,author:.author.login,head:.headRefName,base:.baseRefName,headRepo:.headRepository.nameWithOwner}'
+   contrib=$(gh pr view <PR> --json author --jq .author.login)
+   head=$(gh pr view <PR> --json headRefName --jq .headRefName)
+   head_repo_url=$(gh pr view <PR> --json headRepository --jq .headRepository.url)
+   ```
+
+3. Fast-forward base:
+   - `git checkout main`
+   - `git pull --ff-only`
+4. Create temp base branch from main:
+   - `git checkout -b temp/landpr-<ts-or-pr>`
+5. Check out PR branch locally:
+   - `gh pr checkout <PR>`
+6. Rebase PR branch onto temp base:
+   - `git rebase temp/landpr-<ts-or-pr>`
+   - Fix conflicts; keep history tidy.
+7. Fix + tests + changelog:
+   - Implement fixes + add/adjust tests
+   - Update `CHANGELOG.md` and mention `#<PR>` + `@$contrib`
+8. Decide merge strategy:
+   - Rebase if we want to preserve commit history
+   - Squash if we want a single clean commit
+   - If unclear, ask
+9. Full gate (BEFORE commit):
+   - `pnpm lint && pnpm build && pnpm test`
+10. Commit via committer (include # + contributor in commit message):
+    - `committer "fix: <summary> (#<PR>) (thanks @$contrib)" CHANGELOG.md <changed files>`
+    - `land_sha=$(git rev-parse HEAD)`
+11. Push updated PR branch (rebase => usually needs force):
+
+    ```sh
+    git remote add prhead "$head_repo_url.git" 2>/dev/null || git remote set-url prhead "$head_repo_url.git"
+    git push --force-with-lease prhead HEAD:$head
+    ```
+
+12. Merge PR (must show MERGED on GitHub):
+    - Rebase: `gh pr merge <PR> --rebase`
+    - Squash: `gh pr merge <PR> --squash`
+    - Never `gh pr close` (closing is wrong)
+13. Sync main:
+    - `git checkout main`
+    - `git pull --ff-only`
+14. Comment on PR with what we did + SHAs + thanks:
+
+    ```sh
+    merge_sha=$(gh pr view <PR> --json mergeCommit --jq '.mergeCommit.oid')
+    gh pr comment <PR> --body "Landed via temp rebase onto main.\n\n- Gate: pnpm lint && pnpm build && pnpm test\n- Land commit: $land_sha\n- Merge commit: $merge_sha\n\nThanks @$contrib!"
+    ```
+
+15. Verify PR state == MERGED:
+    - `gh pr view <PR> --json state --jq .state`
+16. Delete temp branch:
+    - `git branch -D temp/landpr-<ts-or-pr>`