version: 1 process_version: 3 title: Maturity scorecard summary: Draft maturity scorecard model for OpenClaw subsystems, features, apps, and platforms. snapshot: date: '2026-05-26' source_ref: origin/main@41eef4a7965 profiles: - id: smoke-ci description: Deterministic PR and merge proof with mock model providers and the Crabline-backed channel driver; no live external service required. evidenceMode: slim channelDriver: crabline categoryIds: - agent-runtime-and-provider-execution.model-and-runtime-selection - agent-runtime-and-provider-execution.provider-auth - agent-runtime-and-provider-execution.streaming-and-progress - agent-runtime-and-provider-execution.tool-calls-and-response-handling - agent-runtime-and-provider-execution.tool-execution-controls - session-memory-and-context-engine.context-engine - session-memory-and-context-engine.cross-client-history-and-session-parity - session-memory-and-context-engine.core-prompts-and-context - session-memory-and-context-engine.session-routing - browser-automation-and-exec-sandbox-tools.tool-invocation-and-execution - security-auth-pairing-and-secrets.approval-policy-and-tool-safeguards - telemetry-diagnostics-and-observability.health-and-repair - telemetry-diagnostics-and-observability.diagnostic-collection - telemetry-diagnostics-and-observability.telemetry-export - gateway-runtime.gateway-rpc-apis-and-events - gateway-runtime.websocket-connection - channel-framework.channel-actions-commands-and-approvals - channel-framework.channel-setup - channel-framework.conversation-routing-and-delivery - channel-framework.outbound-delivery-and-reply-pipeline - channel-framework.group-thread-and-ambient-room-behavior - channel-framework.status-health-and-operator-controls - session-memory-and-context-engine.diagnostics-maintenance-and-recovery - automation-cron-hooks-tasks-polling.cron-jobs - plugin-sdk-and-bundled-plugin-architecture.installing-and-running-plugins - plugin-sdk-and-bundled-plugin-architecture.provider-and-tool-plugins - plugin-sdk-and-bundled-plugin-architecture.testing-plugins - media-understanding-and-media-generation.media-understanding - media-understanding-and-media-generation.media-generation - browser-control-ui-and-webchat.browser-ui - id: release description: Stable/LTS proof selector for live providers, live channels, package artifacts, upgrade paths, and platform proof where the claim depends on real upstreams or release artifacts. channelDriver: live categoryIds: - gateway-runtime.approvals-and-remote-execution - gateway-runtime.http-apis - gateway-runtime.hosted-web-surface - gateway-runtime.gateway-rpc-apis-and-events - gateway-runtime.device-auth-and-pairing - gateway-runtime.network-access-and-discovery - gateway-runtime.nodes-and-remote-capabilities - gateway-runtime.health-diagnostics-and-repair - gateway-runtime.protocol-compatibility - gateway-runtime.roles-and-permissions - gateway-runtime.gateway-lifecycle - gateway-runtime.security-controls - gateway-runtime.websocket-connection - cli-install-update-onboard-doctor.cli-setup - cli-install-update-onboard-doctor.onboarding-and-auth-setup - cli-install-update-onboard-doctor.plugin-and-channel-setup - cli-install-update-onboard-doctor.gateway-service-management - cli-install-update-onboard-doctor.cli-observability - cli-install-update-onboard-doctor.doctor - cli-install-update-onboard-doctor.updates-and-upgrades - plugin-sdk-and-bundled-plugin-architecture.authoring-and-packaging-plugins - plugin-sdk-and-bundled-plugin-architecture.bundled-plugins - plugin-sdk-and-bundled-plugin-architecture.canvas-plugin - plugin-sdk-and-bundled-plugin-architecture.installing-and-running-plugins - plugin-sdk-and-bundled-plugin-architecture.channel-plugins - plugin-sdk-and-bundled-plugin-architecture.provider-and-tool-plugins - plugin-sdk-and-bundled-plugin-architecture.plugin-approvals - plugin-sdk-and-bundled-plugin-architecture.publishing-plugins - plugin-sdk-and-bundled-plugin-architecture.testing-plugins - agent-runtime-and-provider-execution.agent-turn-execution - agent-runtime-and-provider-execution.external-runtimes-and-subagents - agent-runtime-and-provider-execution.hosted-provider-execution - agent-runtime-and-provider-execution.local-and-self-hosted-providers - agent-runtime-and-provider-execution.model-and-runtime-selection - agent-runtime-and-provider-execution.provider-auth - agent-runtime-and-provider-execution.streaming-and-progress - agent-runtime-and-provider-execution.tool-calls-and-response-handling - agent-runtime-and-provider-execution.tool-execution-controls - session-memory-and-context-engine.cli-session-and-transcript-management - session-memory-and-context-engine.token-management - session-memory-and-context-engine.context-engine - session-memory-and-context-engine.cross-client-history-and-session-parity - session-memory-and-context-engine.diagnostics-maintenance-and-recovery - session-memory-and-context-engine.core-prompts-and-context - session-memory-and-context-engine.memory - session-memory-and-context-engine.session-routing - session-memory-and-context-engine.transcript-persistence - channel-framework.channel-actions-commands-and-approvals - channel-framework.channel-setup - channel-framework.group-thread-and-ambient-room-behavior - channel-framework.inbound-access-and-identity-gates - channel-framework.media-attachments-and-rich-channel-data - channel-framework.outbound-delivery-and-reply-pipeline - channel-framework.conversation-routing-and-delivery - channel-framework.status-health-and-operator-controls - security-auth-pairing-and-secrets.approval-policy-and-tool-safeguards - security-auth-pairing-and-secrets.gateway-auth-and-remote-access - security-auth-pairing-and-secrets.channel-access-control - security-auth-pairing-and-secrets.device-and-node-pairing - security-auth-pairing-and-secrets.plugin-trust - security-auth-pairing-and-secrets.credential-and-secret-hygiene - telemetry-diagnostics-and-observability.health-and-repair - telemetry-diagnostics-and-observability.logging - telemetry-diagnostics-and-observability.diagnostic-collection - telemetry-diagnostics-and-observability.telemetry-export - telemetry-diagnostics-and-observability.session-diagnostics - automation-cron-hooks-tasks-polling.cron-jobs - automation-cron-hooks-tasks-polling.event-ingress - automation-cron-hooks-tasks-polling.automation-hooks - automation-cron-hooks-tasks-polling.background-tasks-and-flows - automation-cron-hooks-tasks-polling.heartbeat - automation-cron-hooks-tasks-polling.polling-controls - media-understanding-and-media-generation.media-understanding - media-understanding-and-media-generation.media-generation - browser-control-ui-and-webchat.browser-realtime-talk - browser-control-ui-and-webchat.browser-access-and-trust - browser-control-ui-and-webchat.configuration - browser-control-ui-and-webchat.browser-ui - browser-control-ui-and-webchat.webchat-conversations - browser-control-ui-and-webchat.operator-console - macos-gateway-host.cli-setup - macos-gateway-host.local-gateway-integration - macos-gateway-host.remote-gateway-mode - macos-gateway-host.gateway-service-lifecycle - macos-gateway-host.diagnostics-and-observability - macos-gateway-host.permissions-and-native-capabilities - macos-gateway-host.profiles-and-isolation - macos-companion-app.canvas - macos-companion-app.local-setup - macos-companion-app.status-and-settings - macos-companion-app.native-capabilities - macos-companion-app.remote-connections - macos-companion-app.voice-and-talk - macos-companion-app.webchat - macos-companion-app.remote-webchat - linux-gateway-host.host-setup-and-updates - linux-gateway-host.gateway-runtime-and-service-control - linux-gateway-host.remote-access-and-security - linux-gateway-host.diagnostics-and-repair - linux-gateway-host.deployment-targets - windows-via-wsl2.wsl-setup - windows-via-wsl2.cli - windows-via-wsl2.gateway-service-lifecycle - windows-via-wsl2.gateway-access-and-exposure - windows-via-wsl2.diagnostics-and-repair - windows-via-wsl2.browser-and-control-ui - native-windows-cli-and-gateway.cli - raspberry-pi-small-linux-devices.setup-and-compatibility - raspberry-pi-small-linux-devices.remote-access-and-auth - raspberry-pi-small-linux-devices.gateway-runtime - raspberry-pi-small-linux-devices.performance-and-diagnostics - docker-podman-hosting.container-setup - docker-podman-hosting.container-operations - docker-podman-hosting.image-release-and-validation - docker-podman-hosting.agent-sandbox-and-tooling - discord.channel-setup-and-operations - discord.access-and-identity - discord.conversation-routing-and-delivery - discord.media-and-rich-content - discord.native-controls-and-approvals - discord.realtime-voice-and-calls - telegram.channel-setup-and-operations - telegram.access-and-identity - telegram.conversation-routing-and-delivery - telegram.media-and-rich-content - telegram.native-controls-and-approvals - whatsapp.channel-setup-and-operations - whatsapp.access-and-identity - whatsapp.conversation-routing-and-delivery - whatsapp.media-and-rich-content - whatsapp.native-controls-and-approvals - slack.channel-setup-and-operations - slack.access-and-identity - slack.conversation-routing-and-delivery - slack.media-and-rich-content - slack.native-controls-and-approvals - imessage-bluebubbles.channel-setup-and-operations - imessage-bluebubbles.access-and-identity - imessage-bluebubbles.conversation-routing-and-delivery - imessage-bluebubbles.media-and-rich-content - imessage-bluebubbles.native-controls-and-approvals - openai-codex-provider-path.model-and-auth - openai-codex-provider-path.responses-and-tool-compatibility - openai-codex-provider-path.native-codex-harness - openai-codex-provider-path.image-and-multimodal-input - openai-codex-provider-path.voice-and-realtime-audio - anthropic-provider-path.provider-auth-and-recovery - anthropic-provider-path.model-and-runtime-selection - anthropic-provider-path.request-transport-and-turn-semantics - anthropic-provider-path.prompt-cache-and-context - anthropic-provider-path.media-inputs - google-provider-path.provider-setup-and-credentials - google-provider-path.model-routing-and-endpoints - google-provider-path.direct-gemini-runtime - google-provider-path.media-search-and-realtime - google-provider-path.prompt-caching - openrouter-provider-path.provider-setup-and-auth - openrouter-provider-path.chat-runtime-and-normalization - openrouter-provider-path.provider-recovery-and-diagnostics - openrouter-provider-path.media-generation-and-speech - web-search-tools.search-providers - web-search-tools.setup-and-diagnostics - web-search-tools.network-safety - web-search-tools.tool-availability-and-fetch - browser-automation-and-exec-sandbox-tools.browser-automation - browser-automation-and-exec-sandbox-tools.tool-invocation-and-execution - browser-automation-and-exec-sandbox-tools.sandbox-and-tool-policy - id: all description: Full taxonomy scorecard selector for generated maturity coverage evidence across every active category. Intended for explicit QA evidence workflow dispatches rather than the default release gate. channelDriver: live includeAllCategories: true levels: - id: planned code: M0 label: Planned meaning: Direction is known, but no supported user path exists. promotion_bar: Design issue, owner, and target surface exist. - id: experimental code: M1 label: Experimental meaning: Implemented behind caveats, flags, source builds, or maintainer-only flows. promotion_bar: Maintainer can run the scenario from current main. - id: alpha code: M2 label: Alpha meaning: Real users can try it, but breaking changes and incomplete UX are expected. promotion_bar: Documented setup, basic tests, known caveats, and at least one real-environment proof. - id: beta code: M3 label: Beta meaning: Public path exists and the main workflow is usable with bounded caveats. promotion_bar: Install/update docs, regression tests, support runbook, and successful scenario proof across the expected environment. - id: stable code: M4 label: Stable meaning: Recommended path for normal users. Failures are treated as regressions. promotion_bar: Release gate, doctor/troubleshooting path, broad docs, and repeated real-world proof. - id: clawesome code: M5 label: Clawesome meaning: Polished, delightful, well-instrumented, and competitive with the best comparable workflow. promotion_bar: Stable plus user scorecard pass across representative users. surfaces: - id: gateway-runtime name: Gateway runtime family: core level: stable level_code: M4 rationale: Core architecture, auth, pairing, protocol docs, daemon docs, and CLI runbooks are broad and current. completeness_instructions: references/completeness/gateway-runtime.md categories: - name: Approvals and Remote Execution id: approvals-and-remote-execution features: - name: Exec approvals coverageIds: [gateway.exec-approvals] description: Exec approval request, lookup, wait, resolve, and policy snapshot APIs. - name: Plugin approvals coverageIds: [gateway.plugin-approvals] description: Plugin approval request, wait, and resolution flows. - name: Node exec approvals coverageIds: [gateway.node-exec-approvals] description: Node-local exec approval policy relay through Gateway RPC. - name: Approved node execution coverageIds: [gateway.approved-node-execution] description: Canonical `systemRunPlan` binding for node-host execution. - name: Approval mutation safety coverageIds: [gateway.approval-mutation-safety] description: Rejection of mutated `command`, `cwd`, `agentId`, or `sessionKey` after approval preparation. - name: Delivery fallback behavior coverageIds: [gateway.delivery-fallback-behavior] description: Agent delivery fallback between strict deliverable routes and session-only execution. docs: - docs/gateway/protocol.md - docs/gateway/security/index.md search_anchors: - 'gateway runtime and websocket protocol gateway runtime websocket feature matrix: approval and execution safety' - 'gateway runtime websocket feature matrix: approval and execution safety' category_note: approval-and-execution-safety.md human_lts_override: true - name: HTTP APIs id: http-apis features: - name: OpenAI-compatible APIs coverageIds: [gateway.openai-compatible-apis] description: OpenAI-compatible HTTP APIs (`/v1/models`, `/v1/chat/completions`, `/v1/responses`, `/v1/embeddings`). - name: Tool invocation API coverageIds: [gateway.tool-invocation-api] description: HTTP tools invoke path. - name: Admin API access coverageIds: [gateway.admin-api-access] description: Optional admin HTTP RPC plugin route. - name: Hook ingress coverageIds: [gateway.hook-ingress] description: Hook hosting and HTTP ingress routes. docs: - docs/gateway/index.md - docs/gateway/openai-http-api.md - docs/gateway/openresponses-http-api.md - docs/gateway/tools-invoke-http-api.md - docs/automation/hooks.md - docs/web/index.md search_anchors: - gateway http api - openai compatible http api - tools invoke http api - admin http rpc - hook ingress category_note: http-apis.md human_lts_override: true - name: Hosted Web Surface id: hosted-web-surface features: - name: Control UI coverageIds: [gateway.control-ui-hosting] description: Control UI hosting on the Gateway server. - name: WebChat hosting coverageIds: [gateway.webchat-hosting] description: WebChat hosting. - name: Plugin web routes coverageIds: [gateway.plugin-web-routes] description: Canvas and other plugin HTTP surfaces served by the Gateway. - name: Canvas and A2UI routes coverageIds: [gateway.canvas-and-a2ui-routes] description: Canvas documents, A2UI transport, and browser-hosted plugin routes under the Gateway HTTP server. docs: - docs/gateway/index.md - docs/concepts/architecture.md - docs/web/control-ui.md - docs/web/webchat.md - docs/refactor/canvas.md search_anchors: - hosted web surface - control ui gateway - webchat gateway - plugin http route gateway - canvas a2ui gateway category_note: hosted-web-surface.md human_lts_override: true - name: Gateway RPC APIs and Events id: gateway-rpc-apis-and-events features: - name: Health APIs coverageIds: [gateway.health-apis] description: '`health` and `status` RPCs.' - name: Identity and presence APIs coverageIds: [gateway.identity-and-presence-apis] description: '`gateway.identity.get`, `system.info`, `system-presence`, `system-event`, and heartbeat RPCs.' - name: Model APIs coverageIds: [gateway.model-apis] description: '`models.list` RPCs.' - name: Usage and memory APIs coverageIds: [gateway.usage-and-memory-apis] description: Usage summaries and memory readiness RPCs. - name: Session APIs coverageIds: [agents.subagents, gateway.sessions-list, tools.session-status] description: '`sessions.*` RPCs.' - name: Chat APIs coverageIds: [gateway.chat-apis] description: '`chat.*` and `agent.wait` RPCs.' - name: Channel APIs coverageIds: [gateway.channel-apis] description: '`channels.status` and `channels.logout` RPCs.' - name: Web login and wake APIs coverageIds: [gateway.web-login-and-wake-apis] description: '`web.login.*`, `push.test`, and `voicewake.*` RPCs.' - name: Config and secrets APIs coverageIds: [gateway.config-and-secrets-apis] description: '`config.*` and `secrets.*` RPCs.' - name: Update and setup APIs coverageIds: [gateway.update-and-setup-apis] description: '`update.*` and `wizard.*` RPCs.' - name: Agent and artifact APIs coverageIds: [gateway.agent-and-artifact-apis] description: '`agents.*`, agent files, environments, and artifact RPCs.' - name: Task and automation APIs coverageIds: [gateway.task-and-automation-apis] description: '`wake`, `cron.*`, and `tasks.*` RPCs.' - name: Tool and skill APIs coverageIds: [gateway.tool-and-skill-apis] description: '`commands.list`, `tools.*`, and `skills.*` RPCs.' - name: Request and event envelopes coverageIds: [gateway.request-and-event-envelopes] description: Request, response, and event frame shapes. - name: Idempotent side effects coverageIds: [gateway.idempotent-side-effects] description: Idempotency requirements for side-effecting methods. - name: Method discovery coverageIds: [gateway.method-discovery] description: Method discovery via `hello-ok.features.methods`. - name: Event discovery coverageIds: [gateway.event-discovery] description: Event discovery via `hello-ok.features.events`. - name: Accepted-then-final results coverageIds: [gateway.accepted-then-final-results] description: Immediate accepted ack plus later final result. - name: Event ordering coverageIds: [gateway.event-ordering] description: Sequence handling and per-client monotonic event ordering. - name: State refresh after gaps coverageIds: [gateway.state-refresh-after-gaps] description: No-replay event model and explicit gap recovery via state refresh. docs: - docs/gateway/protocol.md - docs/gateway/index.md - docs/concepts/architecture.md search_anchors: - core rpc coverage - rpc framing - control-plane semantics - hello-ok.features.methods - hello-ok.features.events - event sequence - idempotencyKey category_note: core-rpc-coverage.md human_lts_override: true - name: Device Auth and Pairing id: device-auth-and-pairing features: - name: Shared-secret login coverageIds: [gateway.shared-secret-login] description: Shared-secret auth by token or password. - name: Trusted proxy auth coverageIds: [security.trusted-proxy-auth] description: Trusted-proxy and identity-bearing auth modes. - name: Private ingress mode coverageIds: [gateway.private-ingress-mode] description: 'Private-ingress `gateway.auth.mode: "none"` behavior and its limits.' - name: Device challenge signing coverageIds: [gateway.device-challenge-signing] description: Device identity signing against the challenge nonce. - name: Device tokens coverageIds: [gateway.device-tokens] description: Device token issuance, persistence, reconnect reuse, rotation, and revocation. - name: Setup-code bootstrap coverageIds: [gateway.setup-code-bootstrap] description: Bootstrap setup-code token flows and bounded operator token handoff. - name: Auth mismatch recovery coverageIds: [gateway.auth-mismatch-recovery] description: Recovery semantics for `AUTH_TOKEN_MISMATCH` and `AUTH_SCOPE_MISMATCH`. - name: Device auth migration coverageIds: [gateway.device-auth-migration] description: Device-auth migration errors and required v2/v3 signature behavior. - name: Client pairing coverageIds: [gateway.client-pairing] description: Device pairing requirements for new clients. - name: Node pairing coverageIds: [security.node-pairing] description: Node pairing flows, including pending requests, approvals, expiry, and trusted-CIDR or metadata-upgrade auto-approval boundaries. docs: - docs/gateway/protocol.md - docs/gateway/pairing.md - docs/gateway/security/index.md search_anchors: - gateway runtime and websocket protocol device identity, auth, and pairing - device identity, auth, and pairing category_note: device-identity-auth-and-pairing.md human_lts_override: true - name: Network Access and Discovery id: network-access-and-discovery features: - name: Loopback and LAN access coverageIds: [gateway.loopback-and-lan-access] description: Loopback and LAN-facing Gateway exposure. - name: Tailnet access coverageIds: [gateway.tailnet-access] description: Tailnet-facing Gateway exposure and MagicDNS/Tailscale routing. - name: SSH tunnels coverageIds: [gateway.ssh-tunnels] description: SSH tunneling as the fallback remote path. - name: Endpoint discovery coverageIds: [gateway.endpoint-discovery] description: Bonjour/DNS-SD discovery, wide-area DNS-SD, and advertised transport hints. - name: Saved endpoints coverageIds: [gateway.saved-endpoints] description: Saved remote Gateway endpoints and route preference order. - name: TLS pinning coverageIds: [gateway.tls-pinning] description: TLS enablement and optional certificate fingerprint pinning. docs: - docs/gateway/index.md - docs/gateway/discovery.md - docs/gateway/protocol.md search_anchors: - gateway runtime and websocket protocol network exposure and transport selection - network exposure and transport selection category_note: network-exposure-and-transport-selection.md human_lts_override: true - name: Nodes and Remote Capabilities id: nodes-and-remote-capabilities features: - name: Node presence coverageIds: [gateway.node-presence] description: Node presence in the same WS control plane as operator clients. - name: Node capabilities coverageIds: [gateway.node-capabilities] description: Node capability declaration at connect time. - name: Node inventory coverageIds: [gateway.node-inventory] description: '`node.list`, `node.describe`, and naming/state visibility.' - name: Node actions coverageIds: [gateway.node-actions] description: '`node.invoke` and `node.invoke.result`.' - name: Node events coverageIds: [gateway.node-events] description: '`node.event`, especially `node.presence.alive`.' - name: Pending work delivery coverageIds: [gateway.pending-work-delivery] description: Pending work APIs for connected and disconnected nodes. - name: Remote device capabilities coverageIds: [gateway.remote-device-capabilities] description: Relay of remote capability surfaces such as camera, canvas, screen, location, voice, and browser. - name: Remote host commands coverageIds: [gateway.remote-host-commands] description: Relay of remote host-command capability surfaces. docs: - docs/gateway/protocol.md - docs/concepts/architecture.md - docs/nodes/index.md search_anchors: - gateway runtime and websocket protocol node transport and capability relay - node transport and capability relay category_note: node-transport-and-capability-relay.md human_lts_override: false - name: Health, Diagnostics, and Repair id: health-diagnostics-and-repair features: - name: Health snapshots coverageIds: [telemetry.health-snapshots] description: '`health` and `status` snapshots.' - name: Channel readiness coverageIds: [gateway.channel-readiness] description: Channel readiness probing through the running Gateway. - name: Stability diagnostics coverageIds: [gateway.stability-diagnostics] description: Stability recorder output. - name: Payload diagnostics coverageIds: [gateway.payload-diagnostics] description: '`payload.large` diagnostics.' - name: Diagnostics exports coverageIds: [gateway.diagnostics-exports] description: Diagnostics export contents, privacy model, and CLI/chat triggers. - name: Doctor checks coverageIds: [telemetry.doctor-checks] description: Doctor checks for UI protocol freshness, service drift, auth/pairing drift, port collisions, sandbox/runtime best practices, and source-install issues. - name: Log tailing coverageIds: [gateway.log-tailing] description: Log tailing and operational signal visibility. docs: - docs/gateway/index.md - docs/gateway/diagnostics.md - docs/gateway/doctor.md search_anchors: - gateway runtime and websocket protocol observability, health, and repair - observability, health, and repair category_note: observability-health-and-repair.md human_lts_override: true - name: Protocol Compatibility id: protocol-compatibility features: - name: Published protocol schema coverageIds: [gateway.published-protocol-schema] description: TypeBox as the protocol source of truth. - name: Runtime request validation coverageIds: [gateway.runtime-request-validation] description: Runtime validators for protocol payloads. - name: JSON Schema export coverageIds: [gateway.json-schema-export] description: Generated JSON Schema for protocol payloads. - name: Swift client models coverageIds: [gateway.swift-client-models] description: Swift model generation. - name: Version negotiation coverageIds: [gateway.version-negotiation] description: Current protocol constants and supported protocol range behavior. - name: Client transport defaults coverageIds: [gateway.client-transport-defaults] description: Client defaults for request timeouts, reconnect backoff, and tick handling. - name: Backward-compatible evolution coverageIds: [gateway.backward-compatible-evolution] description: Additive evolution discipline for new methods, events, or payload fields. docs: - docs/gateway/protocol.md - docs/concepts/architecture.md - docs/concepts/typebox.md - docs/gateway/bridge-protocol.md search_anchors: - gateway runtime and websocket protocol protocol typing and compatibility - protocol typing and compatibility category_note: protocol-typing-and-compatibility.md human_lts_override: true - name: Roles and Permissions id: roles-and-permissions features: - name: Role negotiation coverageIds: [gateway.role-negotiation] description: '`operator` versus `node` role negotiation.' - name: Operator permissions coverageIds: [gateway.operator-permissions] description: Core operator scopes such as `operator.read`, `operator.write`, `operator.admin`, `operator.approvals`, `operator.pairing`, and `operator.talk.secrets`. - name: Approval-gated actions coverageIds: [gateway.approval-gated-actions] description: Extra approval-time scope requirements for pairing and dangerous node commands. - name: Untrusted node declarations coverageIds: [gateway.untrusted-node-declarations] description: Node-declared `caps`, `commands`, and `permissions` as claims rather than trusted truth. - name: Event scoping coverageIds: [gateway.event-scoping] description: Broadcast event scoping, including fail-closed behavior for unknown event families. docs: - docs/gateway/protocol.md - docs/gateway/security/index.md search_anchors: - 'gateway runtime and websocket protocol gateway runtime websocket feature matrix: roles, scopes, and operator policy' - 'gateway runtime websocket feature matrix: roles, scopes, and operator policy' category_note: roles-scopes-and-operator-policy.md human_lts_override: true - name: Gateway Lifecycle id: gateway-lifecycle features: - name: Foreground startup coverageIds: [gateway.foreground-startup] description: Local foreground startup via `openclaw gateway`. - name: Service installation coverageIds: [gateway.service-installation] description: Supervised lifecycle installation on macOS, Linux user/systemd, and native Windows task scheduling. - name: Restart and stop coverageIds: [config.restart-apply, plugins.capabilities, runtime.gateway-restart] description: Correct `restart` and `stop` behavior for supervised installs. - name: Service status coverageIds: [gateway.service-status] description: Status behavior for supervised installs. - name: Bind and port settings coverageIds: [gateway.bind-and-port-settings] description: Bind and port precedence across CLI flags, env vars, config, and persisted supervisor metadata. - name: Config reload coverageIds: [config.hot-apply, plugins.hot-reload, plugins.lifecycle, plugins.skills] description: 'Config reload modes: `off`, `hot`, `restart`, and `hybrid`.' - name: Multi-gateway isolation coverageIds: [gateway.multi-gateway-isolation] description: Multiple-gateway isolation on one host, including config/state/workspace separation. docs: - docs/gateway/index.md - docs/concepts/architecture.md search_anchors: - gateway runtime and websocket protocol runtime lifecycle and supervision - runtime lifecycle and supervision category_note: runtime-lifecycle-and-supervision.md human_lts_override: true - name: Security Controls id: security-controls features: - name: Non-loopback auth coverageIds: [gateway.non-loopback-auth] description: Auth-required non-loopback exposure. - name: Trusted proxy exceptions coverageIds: [gateway.trusted-proxy-exceptions] description: Trusted-proxy and control-plane device-auth exceptions. - name: Gateway and node trust boundaries coverageIds: [gateway.gateway-and-node-trust-boundaries] description: Gateway/node trust-domain definition. - name: Trusted CIDR auto-approval coverageIds: [gateway.trusted-cidr-auto-approval] description: Trusted-CIDR limits for node auto-approval. - name: Fail-closed protocol handling coverageIds: [gateway.fail-closed-protocol-handling] description: Fail-fast/fail-closed behavior for protocol violations and unknown event families. - name: Remote execution safeguards coverageIds: [gateway.remote-execution-safeguards] description: Security posture around remote node execution and browser-control relay. docs: - docs/gateway/security/index.md - docs/gateway/protocol.md - docs/gateway/discovery.md search_anchors: - gateway runtime and websocket protocol security and hardening posture - security and hardening posture category_note: security-and-hardening-posture.md human_lts_override: true - name: WebSocket Connection id: websocket-connection features: - name: WebSocket transport coverageIds: [gateway.websocket-transport] description: WebSocket transport with JSON text frames. - name: Connect challenge coverageIds: [gateway.connect-challenge] description: Mandatory pre-connect `connect.challenge`. - name: Connect request coverageIds: [gateway.connect-request] description: Mandatory first-frame `connect` request. - name: Protocol version negotiation coverageIds: [gateway.protocol-version-negotiation] description: Protocol range negotiation (`minProtocol`/`maxProtocol`). - name: hello-ok snapshot coverageIds: [gateway.hello-ok-snapshot] description: 'Required `hello-ok` payload structure: server identity, negotiated auth, feature discovery, snapshot, and policy limits.' - name: Startup retry coverageIds: [gateway.startup-retry] description: Retryable startup-sidecar `UNAVAILABLE` behavior during Gateway startup. - name: Session limits coverageIds: [gateway.session-limits] description: Post-handshake policy advertisement (`maxPayload`, `maxBufferedBytes`, `tickIntervalMs`). - name: Plugin surface URLs coverageIds: [gateway.plugin-surface-urls] description: Optional `pluginSurfaceUrls` issuance and refresh. docs: - docs/gateway/protocol.md - docs/concepts/architecture.md search_anchors: - gateway runtime and websocket protocol websocket handshake and session establishment - websocket handshake and session establishment category_note: websocket-handshake-and-session-establishment.md human_lts_override: true last_score_run: status: complete completed_at: '2026-05-31' by: codex source_ref: null process_version: 3 - id: cli-install-update-onboard-doctor name: CLI family: core level: stable level_code: M4 rationale: Normal setup and repair paths are documented across install, CLI, and gateway docs. Platform-specific Windows paths are tracked in the Windows via WSL2 and Native Windows rows. completeness_instructions: references/completeness/cli-install-update-onboard-doctor.md categories: - name: CLI Setup id: cli-setup features: - name: Installer scripts coverageIds: [cli.installer-scripts] description: Hosted installer scripts set up Node, install OpenClaw, and optionally start onboarding. - name: Local prefix install coverageIds: [cli.local-prefix-install] description: The local-prefix installer keeps Node and OpenClaw under a dedicated OpenClaw directory instead of relying on a system-wide runtime. - name: Package-manager installs coverageIds: [cli.package-manager-installs] description: npm, pnpm, and bun global installs are supported when the operator manages Node directly, including PATH wiring expectations. - name: Supported Node runtime coverageIds: [cli.supported-node-runtime] description: OpenClaw documents the supported Node versions and recommended runtime before normal CLI workflows continue. - name: Source checkout install coverageIds: [cli.source-checkout-install] description: Operators can run OpenClaw from a source checkout for development or recovery workflows, and update flows distinguish this path from package installs. - name: CLI entrypoint coverageIds: [cli.entrypoint] description: The packaged openclaw launcher, openclaw --help, openclaw --version, runtime preflight, and basic recovery expectations are documented. docs: - docs/install/index.md - docs/install/installer.md - docs/install/node.md - docs/install/updating.md search_anchors: - cli install, update, onboard, doctor cli installation and launch - cli installation and launch - cli install, update, onboard, doctor runtime prerequisites - runtime prerequisites category_note: package-install-and-cli-entrypoints.md human_lts_override: true - name: Onboarding and Auth Setup id: onboarding-and-auth-setup features: - name: Guided onboarding coverageIds: [cli.guided-onboarding] description: openclaw onboard walks through workspace, gateway, model auth, channels, skills, and health setup. - name: Targeted reconfiguration coverageIds: [cli.targeted-reconfiguration] description: openclaw configure lets operators revisit only the sections they want to change after the initial setup. - name: Auth choices coverageIds: [cli.auth-choices] description: Onboarding and configure support API-key, OAuth, and other provider-specific auth choices. - name: Gateway auth storage coverageIds: [cli.gateway-auth-storage] description: Gateway token and password setup are documented, including SecretRef-managed storage behavior. - name: Remote onboarding coverageIds: [cli.remote-onboarding] description: Remote-gateway onboarding documents what is configured locally versus what must already exist on the remote host. docs: - docs/cli/onboard.md - docs/cli/configure.md - docs/start/onboarding-overview.md search_anchors: - cli install, update, onboard, doctor onboarding and auth setup - onboarding and auth setup category_note: first-run-onboarding-and-auth-selection.md human_lts_override: true - name: Plugin and Channel Setup id: plugin-and-channel-setup features: - name: Channel picker coverageIds: [cli.channel-picker] description: Onboarding can guide the operator through choosing which channels to configure. - name: Plugin install sources coverageIds: [cli.plugin-install-sources] description: Plugin setup supports bundled, npm, ClawHub, marketplace, git, and local install sources. - name: Channel account setup coverageIds: [cli.channel-account-setup] description: Channel commands support interactive and flag-driven account configuration for supported chat transports. - name: Post-setup probes coverageIds: [cli.post-setup-probes] description: Operators can probe channel status and capabilities after setup to verify that the configured account works. - name: Remote gateway caveat coverageIds: [cli.remote-gateway-caveat] description: Remote onboarding documents that plugin installation does not happen locally when the gateway runs elsewhere. docs: - docs/cli/onboard.md - docs/cli/plugins.md - docs/cli/channels.md search_anchors: - cli install, update, onboard, doctor plugin and channel setup - plugin and channel setup category_note: plugin-and-channel-setup-during-onboarding.md human_lts_override: false - name: Gateway Service Management id: gateway-service-management features: - name: Foreground gateway runs coverageIds: [cli.foreground-gateway-runs] description: Operators can run the gateway directly from the CLI for local development or ad hoc recovery. - name: Service install and control coverageIds: [cli.service-install-and-control] description: The CLI documents install, status, start, stop, restart, and run flows for managed gateway services. - name: Service auth wiring coverageIds: [agents.create, channels.discord-config, config.crestodian-setup] description: Gateway service installation documents how auth tokens and other sensitive values are handled. - name: Drift and reinstall recovery coverageIds: [cli.drift-and-reinstall-recovery] description: Operators are given explicit guidance for repairing or reinstalling a broken managed gateway service. - name: Service health checks coverageIds: [cli.service-health-checks] description: Gateway service flows point operators at runtime health and troubleshooting checks after install or restart. docs: - docs/cli/gateway.md - docs/install/updating.md - docs/gateway/troubleshooting.md search_anchors: - cli install, update, onboard, doctor gateway service management - gateway service management category_note: gateway-service-install-and-lifecycle.md human_lts_override: true - name: CLI Observability id: cli-observability features: - name: Status snapshots coverageIds: [cli.status-snapshots] description: openclaw status and related flags summarize runtime state, config health, and update context. - name: Health snapshots coverageIds: [telemetry.health-snapshots] description: openclaw health gives a fast gateway health read and supports verbose or JSON output. - name: Remote log tailing coverageIds: [cli.remote-log-tailing] description: openclaw logs tails gateway logs over RPC, including follow mode and JSON output. - name: Diagnostics export coverageIds: [cli.diagnostics-export] description: Gateway diagnostics bundles can be exported locally for bug reports and support workflows. - name: Support-safe redaction coverageIds: [cli.support-safe-redaction] description: Diagnostics and status paths document privacy and redaction expectations before sharing results. docs: - docs/cli/status.md - docs/cli/health.md - docs/cli/logs.md - docs/gateway/diagnostics.md search_anchors: - cli install, update, onboard, doctor status health logs and diagnostics - status health logs and diagnostics category_note: status-health-logs-and-diagnostics-support-path.md human_lts_override: true - name: Doctor id: doctor features: - name: Interactive repair coverageIds: [cli.interactive-repair] description: openclaw doctor supports inspect, repair, non-interactive, and forceful repair postures. - name: Config migration coverageIds: [cli.config-migration] description: Doctor rewrites legacy or damaged config and state into supported current formats. - name: Auth and SecretRef checks coverageIds: [cli.auth-and-secretref-checks] description: Doctor audits auth shape, token generation, and supported SecretRef-backed config paths. - name: Plugin validation and repair coverageIds: [cli.plugin-validation-repair] description: Doctor surfaces plugin-config issues and extension schema drift that block normal runtime operation. - name: Lint and JSON findings coverageIds: [cli.lint-and-json-findings] description: openclaw doctor --lint --json provides stable machine-readable findings for automation. - name: Extra gateway discovery coverageIds: [cli.extra-gateway-discovery] description: Doctor can scan for unexpected gateway services and conflicting installs. - name: Supervisor drift repair coverageIds: [cli.supervisor-drift-repair] description: Doctor checks managed service definitions and can repair launchd, systemd, or Scheduled Task drift. - name: Port and startup diagnosis coverageIds: [cli.port-and-startup-diagnosis] description: Doctor points operators at port conflicts, restart failures, and recent gateway errors. - name: Runtime path checks coverageIds: [cli.runtime-path-checks] description: Doctor checks runtime-path best practices and common path misconfigurations. - name: Restart guidance coverageIds: [cli.restart-guidance] description: Doctor explains when a health issue needs a restart or a deeper service repair path. docs: - docs/cli/doctor.md - docs/gateway/doctor.md - docs/gateway/secrets.md - docs/gateway/troubleshooting.md search_anchors: - cli install, update, onboard, doctor doctor config and policy repair - doctor config and policy repair - cli install, update, onboard, doctor doctor platform and service repair - doctor platform and service repair category_note: doctor-config-auth-plugin-and-lint.md human_lts_override: true - name: Updates and Upgrades id: updates-and-upgrades features: - name: Update channels coverageIds: [cli.update-channels] description: openclaw update supports stable, beta, and dev channel selection. - name: Install-kind switching coverageIds: [cli.install-kind-switching] description: Update flows can switch between package installs and git/source installs when supported. - name: Managed gateway restart coverageIds: [cli.managed-gateway-restart] description: Update flows document when the managed gateway is stopped, restarted, or intentionally left alone. - name: Update status and RPC coverageIds: [cli.update-status-and-rpc] description: Operators can inspect update status and related gateway control-plane state. - name: Plugin convergence coverageIds: [cli.plugin-convergence] description: Core updates document how plugin versions and plugin repair warnings are handled afterward. docs: - docs/install/updating.md - docs/cli/update.md - docs/gateway/troubleshooting.md search_anchors: - cli install, update, onboard, doctor updates and upgrades - updates and upgrades category_note: update-channel-and-core-upgrade-flow.md human_lts_override: true last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: plugin-sdk-and-bundled-plugin-architecture name: Plugins family: core level: beta level_code: M3 rationale: Broad docs and strong internal runtime evidence exist across manifests, discovery, loading, provider/tool architecture, and approval boundaries. Keep the row at beta until public SDK API/subpaths and external distribution proof are stronger. completeness_instructions: references/completeness/plugin-sdk-and-bundled-plugin-architecture.md additional_validation: - name: Plugin SDK exports sync id: plugin-sdk-exports-sync command: pnpm plugin-sdk:check-exports purpose: Verify generated public SDK exports still match the checked-in entrypoint inventory. - name: Plugin SDK API baseline id: plugin-sdk-api-baseline command: pnpm plugin-sdk:api:check purpose: Detect public API drift in the packaged Plugin SDK surface. - name: Plugin SDK surface budget id: plugin-sdk-surface-budget command: pnpm plugin-sdk:surface:check purpose: Enforce public SDK surface-size budgets and deprecated-export limits. - name: Plugin boundary report id: plugin-boundary-report command: pnpm plugins:boundary-report:ci purpose: Fail on cross-owner reserved imports, unclassified reserved subpaths, and due compatibility debt. - name: Plugin npm release check id: plugin-npm-release-check command: pnpm release:plugins:npm:check purpose: Validate publishable plugin npm metadata and release readiness. - name: Plugin ClawHub release check id: plugin-clawhub-release-check command: pnpm release:plugins:clawhub:check purpose: Validate publishable plugin ClawHub metadata and release readiness. categories: - name: Authoring and Packaging plugins id: authoring-and-packaging-plugins features: - name: Root SDK entrypoint coverageIds: [plugins.root-sdk-entrypoint] description: Plugin authors use the supported root Plugin SDK entrypoint when the top-level contract is sufficient. - name: Focused SDK imports coverageIds: [plugins.focused-sdk-imports] description: Plugin authors use focused Plugin SDK subpaths instead of relying on one broad catch-all entrypoint. - name: Entrypoint discovery coverageIds: [plugins.entrypoint-discovery] description: Plugin authors discover the supported public entrypoints and their support status from the SDK docs and entrypoint catalog. - name: Migration shims coverageIds: [plugins.migration-shims] description: Deprecated or compatibility subpaths continue to resolve during author migrations. - name: Plugin manifest coverageIds: [plugins.manifest] description: '`openclaw.plugin.json` declares plugin identity, capabilities, and config schema.' - name: Package metadata coverageIds: [plugins.package-metadata] description: '`package.json` carries the required `openclaw` metadata for discovery and release flows.' - name: Runtime compatibility coverageIds: [plugins.runtime-compatibility] description: Plugin packages declare supported runtime and plugin API compatibility. - name: Validation feedback coverageIds: [plugins.validation-feedback] description: Manifest and package contract validation fails fast on malformed or inconsistent metadata. docs: - docs/plugins/building-plugins.md - docs/plugins/sdk-overview.md - docs/plugins/sdk-entrypoints.md - docs/plugins/sdk-subpaths.md - docs/plugins/manifest.md - docs/plugins/reference.md search_anchors: - plugin sdk entrypoints - plugin sdk subpaths - plugin manifest - package metadata - authoring plugins - packaging plugins category_note: public-sdk-api-and-subpaths.md human_lts_override: true - name: Bundled plugins id: bundled-plugins features: - name: Bundled plugin listing coverageIds: [plugins.bundled-plugin-listing] description: Operators and maintainers can inspect the bundled plugin set and its published metadata. - name: Bundled source overlays coverageIds: [plugins.bundled-source-overlays] description: Source overlays work for local development and repo-driven testing. - name: Packaged bundled plugins coverageIds: [plugins.packaged-bundled-plugins] description: Built distributions discover bundled plugins from packaged roots. - name: Generated plugin inventory coverageIds: [plugins.generated-plugin-inventory] description: Generated plugin inventory and reference docs describe what ships in core versus what installs separately. - name: Bundled channel IDs coverageIds: [plugins.bundled-channel-ids] description: Bundled channel ids are discovered and normalized from plugin metadata. docs: - docs/plugins/plugin-inventory.md - docs/cli/plugins.md - docs/plugins/architecture-internals.md search_anchors: - bundled plugins - plugin inventory - bundled plugin metadata category_note: bundled-plugin-discovery-and-inventory.md human_lts_override: true - name: Canvas plugin id: canvas-plugin features: - name: Hosted Canvas and A2UI surfaces coverageIds: [plugins.hosted-canvas-and-a2ui-surfaces] description: Canvas plugin registers authenticated Gateway HTTP and WebSocket routes for hosted Canvas documents and A2UI runtime surfaces. - name: Agent canvas tool coverageIds: [plugins.agent-canvas-tool] description: Canvas plugin registers the agent-facing `canvas` tool for present, hide, navigate, eval, snapshot, and A2UI control. - name: Node Canvas commands coverageIds: [plugins.node-canvas-commands] description: Canvas plugin owns node invoke policy for `canvas.present`, `canvas.navigate`, `canvas.eval`, `canvas.snapshot`, and `canvas.a2ui.*` commands. - name: Control UI embeds coverageIds: [plugins.control-ui-embeds] description: Assistant output can embed hosted Canvas document URLs in Control UI and WebChat sessions. - name: Canvas documents coverageIds: [plugins.canvas-documents] description: Canvas plugin materializes hosted document files and `/__openclaw__/canvas/documents/...` URLs. - name: A2UI transport and snapshots coverageIds: [plugins.a2ui-transport-and-snapshots] description: Canvas plugin groups A2UI push, reset, and JSONL transport with snapshot capture and node-rendered Canvas state. docs: - docs/plugins/reference/canvas.md - docs/refactor/canvas.md - docs/gateway/configuration-reference.md search_anchors: - Canvas plugin - hosted canvas documents - A2UI - canvas tool - canvas node commands category_note: canvas-plugin.md human_lts_override: false - name: Installing and running plugins id: installing-and-running-plugins features: - name: Plugin setup coverageIds: [plugins.setup-flows] description: Operators can run plugin setup flows without fully activating runtime behavior. - name: Runtime activation coverageIds: [config.hot-apply, gateway.performance, models.live-openai, plugins.before-prompt-build, plugins.before-tool-call, plugins.hot-reload, plugins.kitchen-sink, plugins.lifecycle, plugins.plugin-tools, plugins.runtime, plugins.skills, runtime.gateway-log-sentinel.plugin-hooks] description: Enabled plugins activate and register runtime behavior after manifest validation succeeds. - name: Enable and disable coverageIds: [config.hot-apply, plugins.hot-reload, plugins.lifecycle] description: Operators can enable or disable installed plugins without losing install state. - name: Safe load failures coverageIds: [plugins.contracts.tools, runtime.gateway-log-sentinel.plugin-contracts] description: Unsafe or unsupported plugin loads are blocked with diagnosable failures before runtime execution. - name: Dependency repair coverageIds: [plugins.dependency-repair] description: Runtime can detect and repair missing or stale plugin dependencies. - name: Install update and uninstall coverageIds: [plugins.hot-install, plugins.skills, runtime.gateway-restart, runtime.package-update, runtime.update-run] description: Install, update, and uninstall lifecycle behavior is defined and tested. docs: - docs/plugins/architecture.md - docs/plugins/architecture-internals.md - docs/cli/plugins.md search_anchors: - installing and running plugins - plugin setup - runtime activation - plugins doctor category_note: runtime-loading-and-lifecycle.md human_lts_override: true - name: Channel plugins id: channel-plugins features: - name: Inbound event handling coverageIds: [plugins.inbound-event-handling] description: Channel plugins register inbound hooks and normalize incoming events. - name: Outbound delivery coverageIds: [plugins.outbound-delivery] description: Outbound adapters translate model output into channel-specific payloads. - name: Ingress authorization coverageIds: [plugins.ingress-authorization] description: Channel ingress runtime enforces the shared inbound authorization boundary. - name: Destination resolution coverageIds: [plugins.destination-resolution] description: Target resolution maps users, threads, and conversations into channel destinations. - name: Native approval prompts coverageIds: [plugins.native-approval-prompts] description: Native channel actions can route approval prompts and responses through the approval system. docs: - docs/plugins/sdk-channel-plugins.md - docs/plugins/sdk-channel-inbound.md - docs/plugins/sdk-channel-outbound.md search_anchors: - channel plugins - sdk channel plugins - channel inbound - channel outbound category_note: channel-plugin-architecture.md human_lts_override: true - name: Provider and tool plugins id: provider-and-tool-plugins features: - name: Provider plugins coverageIds: [plugins.provider-plugins] description: Provider plugins register models and capabilities with the runtime. - name: Tool plugins coverageIds: [gateway.performance, models.live-openai, plugins.before-prompt-build, plugins.before-tool-call, plugins.kitchen-sink, plugins.lifecycle, plugins.mcp-tools, plugins.plugin-tools, runtime.gateway-log-sentinel.plugin-hooks, tools.invocation] description: Tool plugins register discoverable tools and static metadata without ambiguous runtime ownership. - name: Model catalogs coverageIds: [plugins.model-catalogs] description: Provider model catalogs are discoverable and merge cleanly into global listings. - name: Provider auth coverageIds: [plugins.provider-auth] description: Provider auth configuration and secret handling are supported. - name: Web search and fetch coverageIds: [plugins.web-search-and-fetch] description: Provider or tool plugins can expose web search and fetch capabilities. - name: Mixed plugins coverageIds: [config.hot-apply, config.restart-apply, plugins.capabilities, plugins.hot-install, plugins.runtime, plugins.skills, tools.invocation, tools.skill-invocation] description: Mixed provider and tool plugins are supported without ambiguous ownership. docs: - docs/plugins/sdk-provider-plugins.md - docs/plugins/tool-plugins.md - docs/plugins/adding-capabilities.md search_anchors: - provider and tool plugins - provider plugins - tool plugins - adding capabilities category_note: provider-tool-plugin-architecture.md human_lts_override: true - name: Plugin approvals id: plugin-approvals features: - name: Approval requests coverageIds: [plugins.approval-requests] description: Plugin-initiated actions can request and resolve approvals through the standard flow. - name: Native approval delivery coverageIds: [plugins.native-approval-delivery] description: Privileged plugin actions can route approvals through channel-native prompts and responses. - name: Same-chat fallbacks coverageIds: [plugins.same-chat-fallbacks] description: Approval delivery can fall back to same-chat authorization notices when native routing is unavailable. - name: Exec and plugin separation coverageIds: [plugins.exec-and-plugin-separation] description: Exec approvals remain distinct from plugin approval paths and native permission relays. - name: Approval replay protection coverageIds: [plugins.approval-replay-protection] description: Approval decisions remain scoped to the originating request, target, and device or node binding. - name: Security helpers coverageIds: [plugins.security-helpers] description: Security helper exports provide approved primitives without widening trust boundaries. docs: - docs/plugins/plugin-permission-requests.md - docs/tools/exec-approvals.md - docs/plugins/sdk-channel-plugins.md search_anchors: - plugin approvals - plugin permission requests - exec approvals category_note: approval-and-security-boundaries.md human_lts_override: true - name: Publishing plugins id: publishing-plugins features: - name: Install sources coverageIds: [plugins.install-sources] description: Supported plugin install sources are explicit and validated. - name: ClawHub publishing coverageIds: [plugins.clawhub-publishing] description: Plugin metadata and workflows support publishing to ClawHub. - name: npm publishing coverageIds: [plugins.npm-publishing] description: Plugin metadata and workflows support publishing to npm when applicable. - name: Compatibility signaling coverageIds: [plugins.compatibility-signaling] description: Compatibility registry data maps plugins to supported runtime versions or channels. - name: Update and rollback expectations coverageIds: [plugins.update-and-rollback-expectations] description: Plugin update semantics define what can be upgraded in place and what requires operator intervention. - name: Third-party publication rules coverageIds: [plugins.third-party-publication-rules] description: External package acceptance rules gate third-party plugin packaging and publication. docs: - docs/cli/plugins.md - docs/plugins/compatibility.md - docs/clawhub/publishing.md search_anchors: - publishing plugins - clawhub publishing - npm publishing - plugin compatibility category_note: distribution-release-and-compatibility.md human_lts_override: true - name: Testing plugins id: testing-plugins features: - name: Test fixtures coverageIds: [plugins.test-fixtures] description: Fixtures provide reusable plugin metadata and runtime test inputs. - name: Local test environment coverageIds: [plugins.local-test-environment] description: Plugin authors can set up the local test environment and scoped helper configuration for plugin testing. - name: Plugin runtime harness coverageIds: [plugins.contracts.tools, runtime.gateway-log-sentinel.plugin-contracts] description: Plugin test harnesses cover authoring and runtime integration paths. - name: Unit and integration scaffolds coverageIds: [plugins.unit-and-integration-scaffolds] description: Scoped test helpers and configuration support unit and integration testing for plugin surfaces. - name: Docker lifecycle suites coverageIds: [plugins.docker-lifecycle-suites] description: Docker-based end-to-end scripts validate packaged plugin lifecycle flows. - name: Smoke tests coverageIds: [gateway.performance, models.live-openai, plugins.kitchen-sink, plugins.lifecycle, plugins.plugin-tools] description: Local and packaged smoke tests catch broken installs before release. docs: - docs/plugins/sdk-testing.md - docs/plugins/sdk-setup.md - docs/plugins/codex-harness.md search_anchors: - testing plugins - sdk testing - plugin test fixtures - codex harness category_note: developer-testing-and-fixtures.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: agent-runtime-and-provider-execution name: Agent Runtime family: core level: beta level_code: M3 rationale: Main loop, models, provider routing, and tool streaming are first-class, but provider behavior shifts weekly and needs scenario proof per release. completeness_instructions: references/completeness/agent-runtime-and-provider-execution.md categories: - name: Agent Turn Execution id: agent-turn-execution features: - name: Turn startup and runtime choice coverageIds: [agents.create, agents.instructions, channels.discord-config, config.crestodian-setup, runtime.first-action, runtime.multi-turn-continuity, runtime.long-context] description: Starting an agent turn and choosing gateway versus embedded runtime execution. - name: Session and run coordination coverageIds: [agents.subagents, channels.dedup, channels.dm, channels.qa-channel, channels.reconnect, channels.streaming, channels.threads, commitments.heartbeat-target-none, commitments.scope, personal.channel-replies, runtime.codex-plugin.lifecycle, runtime.delivery, runtime.fallback-delivery, runtime.gateway-restart, runtime.restart-recovery, runtime.turn-ordering] description: Establishing session and run ids, queue locks, and related execution coordination. - name: Abort and terminal outcomes coverageIds: [channels.streaming, runtime.delivery, runtime.fallback-delivery, runtime.long-context, runtime.long-run-stability] description: Honoring aborts, timing provider/model work, and emitting terminal outcomes. docs: - docs/concepts/agent-loop.md - docs/cli/agent.md - docs/concepts/agent-runtimes.md search_anchors: - agent RPC shape and event stream - runAgentTurnWithFallback - agent.wait timeout and terminal outcomes category_note: agent-turn-orchestration-and-runtime-lifecycle.md human_lts_override: true - name: External Runtimes and Subagents id: external-runtimes-and-subagents features: - name: External harness selection coverageIds: [agents.openclaw-harness, workspace.planning] description: Choosing Codex app-server, ACP, and other external runtime harnesses. - name: CLI runtime aliases coverageIds: [runtime.cli-runtime-aliases] description: Runtime aliases and CLI-based execution paths such as Claude CLI and Gemini CLI. - name: Subagent turns coverageIds: [agents.subagents, agents.synthesis, channels.qa-channel, gateway.sessions-list, runtime.delivery, tools.sessions-spawn] description: Spawning, delivering, and announcing subagent work outside the default embedded path. - name: Runtime recovery coverageIds: [runtime.recovery] description: Cleanup, timeout, and liveness behavior for external runtimes and subagents. docs: - docs/concepts/agent-runtimes.md - docs/providers/anthropic.md - docs/providers/google.md - docs/tools/subagents.md search_anchors: - agent runtimes - subagent turns - CLI runtime aliases category_note: cli-harnesses-external-runtimes-and-subagents.md human_lts_override: false - name: Hosted Provider Execution id: hosted-provider-execution features: - name: Hosted provider turns coverageIds: [runtime.hosted-provider-turns] description: Running agent turns against hosted providers such as OpenAI, Anthropic, and Google. - name: Provider-specific model options coverageIds: [runtime.provider-specific-model-options] description: Provider-specific model parameters and runtime request settings exposed to users or operators. - name: Hosted tool use coverageIds: [runtime.hosted-tool-use] description: Tool use behavior when the active runtime is a hosted provider. - name: Reasoning and cache controls coverageIds: [runtime.reasoning-and-cache-controls] description: Provider-specific reasoning, thinking, and cache-related controls during hosted execution. - name: Hosted streaming and replies coverageIds: [runtime.hosted-streaming-and-replies] description: Operator-visible streaming and reply behavior while hosted adapters normalize payload differences. docs: - docs/providers/openai.md - docs/providers/anthropic.md - docs/providers/google.md - docs/concepts/models.md search_anchors: - hosted provider turns - provider-specific model options - streaming reply normalization category_note: hosted-provider-adapters-and-payload-compatibility.md human_lts_override: true - name: Local and Self-hosted Providers id: local-and-self-hosted-providers features: - name: Local provider profiles coverageIds: [runtime.local-provider-profiles] description: Local model profile configuration for Ollama and OpenAI-compatible local servers. - name: Tool-capability flags coverageIds: [runtime.tool-capability-flags] description: Local provider capability flags and behavior for tool use. - name: Timeouts and context windows coverageIds: [runtime.timeouts-and-context-windows] description: Local provider timeout and context-window configuration. - name: Local smoke checks coverageIds: [runtime.local-smoke-checks] description: Local image and model smoke checks visible to operators. - name: Local failure handling coverageIds: [runtime.local-failure-handling] description: Operator-facing failure handling for local and self-hosted providers. docs: - docs/providers/ollama.md - docs/concepts/models.md - docs/cli/agent.md search_anchors: - Ollama local provider profiles - OpenAI-compatible local servers - local smoke checks category_note: local-and-self-hosted-provider-execution.md human_lts_override: false - name: Model and Runtime Selection id: model-and-runtime-selection features: - name: Model reference selection coverageIds: [models.claude-cli, models.provider-capabilities] description: Selecting the model reference for an agent turn from user or configured defaults. - name: Provider and runtime overrides coverageIds: [models.switching, models.thinking, runtime.session-continuity, runtime.tool-continuity] description: Handling provider selection and runtime overrides for a turn. - name: Thinking and context settings coverageIds: [models.switching, models.thinking, runtime.reasoning-visibility, runtime.session-continuity] description: Resolving thinking and context settings as part of model selection. - name: Invalid route recovery coverageIds: [runtime.invalid-route-recovery] description: Preserving or clearing invalid route state when selections drift or fail. docs: - docs/concepts/models.md - docs/cli/models.md - docs/providers/openai.md - docs/concepts/agent-runtimes.md search_anchors: - model reference selection - runtime overrides - thinking and context settings category_note: model-selection-provider-routing-and-runtime-policy.md human_lts_override: true - name: Provider Auth id: provider-auth features: - name: Login and API-key setup coverageIds: [models.anthropic, models.provider-auth] description: Login, OAuth, and paste-key flows for provider access. - name: Auth profile selection coverageIds: [auth-profiles.provider-selection, runtime.codex-plugin.auth] description: Selecting and validating provider auth profiles. - name: Credential health checks coverageIds: [gateway.performance, models.live-openai, plugins.kitchen-sink, plugins.lifecycle, plugins.plugin-tools] description: Doctor, status, and related credential health checks and repair signals. - name: Auth failover coverageIds: [runtime.auth-failover] description: Same-provider and cross-profile auth fallback behavior. - name: Provider fallback recovery coverageIds: [memory.failure-handling, runtime.fallbacks] description: Provider and auth-profile fallback behavior when execution fails. - name: Rate-limit and capacity recovery coverageIds: [runtime.rate-limit-and-capacity-recovery] description: Recovery paths for quota, capacity, and rate-limit failures. - name: Missing-key and OAuth guidance coverageIds: [runtime.missing-key-and-oauth-guidance] description: Operator guidance for missing keys, expired OAuth state, and related auth failures. - name: Restart and stale-route recovery coverageIds: [runtime.restart-and-stale-route-recovery] description: Recovery from stale route state, restart requirements, and related provider drift. - name: Structured provider diagnostics coverageIds: [runtime.structured-provider-diagnostics] description: Structured provider errors and diagnostics delivered into logs or agent replies. - name: Subagent credential propagation coverageIds: [runtime.subagent-credential-propagation] description: Propagating provider credentials into subagent and delegated runtime flows. docs: - docs/concepts/models.md - docs/cli/agent.md - docs/cli/models.md - docs/providers/openai.md - docs/providers/anthropic.md - docs/providers/google.md - docs/tools/subagents.md search_anchors: - login and API-key setup - auth profile selection - provider fallback recovery category_note: provider-auth-profiles-and-credential-health.md human_lts_override: true - name: Streaming and Progress id: streaming-and-progress features: - name: Streaming replies coverageIds: [channels.streaming, runtime.delivery, runtime.fallback-delivery] description: Streaming block updates and partial assistant output before final delivery. - name: Progress visibility coverageIds: [models.thinking, personal.failure-recovery, personal.no-fake-progress, personal.task-followthrough, runtime.reasoning-visibility, tools.evidence] description: Progress preview events and item lifecycle updates surfaced during execution. docs: - docs/concepts/streaming.md - docs/concepts/agent-loop.md search_anchors: - streaming replies - progress visibility - event delivery category_note: streaming-progress-and-preview-visibility.md human_lts_override: false - name: Tool Calls and Response Handling id: tool-calls-and-response-handling features: - name: Tool-call handling coverageIds: [models.switching, personal.no-fake-progress, personal.task-followthrough, personal.tool-safety, runtime.approvals, runtime.codex-native-workspace.read, runtime.prompt-compatibility, runtime.tool-continuity, tools.apply-patch, tools.edit, tools.evidence, tools.followthrough, tools.fs.list, tools.fs.read, tools.fs.write, tools.grep, workspace.artifacts] description: Reliable tool-call behavior across providers, including malformed or provider-specific payload differences. - name: Usage and response reporting coverageIds: [agents.subagents, agents.synthesis] description: Response ids and usage accounting normalized into operator-visible runtime behavior. - name: Failure recovery coverageIds: [personal.failure-recovery, personal.no-fake-progress, runtime.empty-response-recovery, runtime.reasoning-only-recovery, runtime.retry-policy, tools.evidence] description: Failure-stream finalization and cleanup when provider output is malformed or incomplete. docs: - docs/concepts/agent-loop.md - docs/providers/ollama.md search_anchors: - tool-call handling - usage reporting - failure recovery category_note: streaming-tool-call-and-response-normalization.md human_lts_override: true - name: Tool Execution Controls id: tool-execution-controls features: - name: Tool availability rules coverageIds: [qa.artifact-safety, runtime.inventory, runtime.tool-policy, security.redaction] description: Which tools are available during a turn after policy resolution and provider-based suppression. - name: Sandboxed exec behavior coverageIds: [runtime.sandboxed-exec-behavior] description: Exec behavior, sandbox roots, and workspace constraints visible to operators. - name: Approval flow coverageIds: [personal.approval-denial, runtime.approvals, tools.followthrough] description: Operator approval gates for tool execution. - name: Elevated execution coverageIds: [runtime.elevated-execution] description: Elevated host execution rules and related controls. - name: Tool safety controls coverageIds: [personal.tool-safety, tools.safety] description: Before-tool-call hooks and related guardrails that shape operator-visible tool behavior. - name: Delegated tool access coverageIds: [runtime.delegated-tool-access] description: Inherited or narrowed tool policy for subagents and delegated execution. docs: - docs/gateway/sandbox-vs-tool-policy-vs-elevated.md - docs/concepts/agent-loop.md - docs/tools/subagents.md search_anchors: - tool availability rules - sandboxed exec behavior - approval flow category_note: tool-execution-approvals-and-sandbox-policy.md human_lts_override: true last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: session-memory-and-context-engine name: Session, memory, and context engine family: core level: beta level_code: M3 rationale: Strong docs and active implementation. Maturity depends on transcript durability, compaction quality, and cross-client parity. completeness_instructions: references/completeness/session-memory-and-context-engine.md categories: - name: CLI Session and Transcript Management id: cli-session-and-transcript-management features: - name: CLI Session coverageIds: [session.cli-session] description: Covers CLI Session across `openclaw sessions`, `openclaw transcripts`, cleanup, show/list/path behavior, TUI session history actions, and Gateway-backed session management commands. - name: Transcript Management coverageIds: [session.transcript-management] description: Covers Transcript Management across `openclaw sessions`, `openclaw transcripts`, cleanup, show/list/path behavior, TUI session history actions, and Gateway-backed session management commands. docs: - docs/concepts/session.md - docs/reference/session-management-compaction.md - docs/cli/sessions.md search_anchors: - CLI Session - Transcript Management - session, memory, and context engine cli session and transcript management - cli session and transcript management category_note: cli-session-and-transcript-management.md human_lts_override: true - name: Token Management id: token-management features: - name: Compaction coverageIds: [runtime.compaction, runtime.empty-response-recovery, runtime.reasoning-only-recovery, runtime.retry-policy] description: Covers Compaction across manual and automatic compaction, preemptive overflow checks, context-window estimation, session pruning, tool-result trimming, compaction providers, retry/timeout behavior, and compacted transcript checkpoints. - name: Pruning coverageIds: [session.pruning] description: Covers Pruning across manual and automatic compaction, preemptive overflow checks, context-window estimation, session pruning, tool-result trimming, compaction providers, retry/timeout behavior, and compacted transcript checkpoints. - name: Token Pressure coverageIds: [runtime.codex-app-server, runtime.multi-turn-continuity, runtime.gateway-log-sentinel.codex-progress, runtime.long-context, runtime.long-run-stability] description: Covers Token Pressure across manual and automatic compaction, preemptive overflow checks, context-window estimation, session pruning, tool-result trimming, compaction providers, retry/timeout behavior, and compacted transcript checkpoints. docs: - docs/concepts/compaction.md - docs/concepts/context.md - docs/reference/session-management-compaction.md search_anchors: - Compaction - Pruning - Token Pressure - session, memory, and context engine compaction, pruning, and token pressure - compaction, pruning, and token pressure category_note: compaction-pruning-and-token-pressure.md human_lts_override: true - name: Context Engine id: context-engine features: - name: Context Engine coverageIds: [docs.discovery, workspace.artifacts, workspace.long-running-task, workspace.repo-discovery] description: Covers Context Engine across context-engine selection, registry, host compatibility, legacy fallback, assemble/ingest/after-turn/compact lifecycle, runtime context projection, and the boundary between OpenClaw context assembly and native harness history. - name: Runtime Assembly coverageIds: [agents.openclaw-harness, models.codex-cli, workspace.planning] description: Covers Runtime Assembly across context-engine selection, registry, host compatibility, legacy fallback, assemble/ingest/after-turn/compact lifecycle, runtime context projection, and the boundary between OpenClaw context assembly and native harness history. - name: Goal continuance coverageIds: [goals.context-injection, goals.continuance] description: Active session goals remain visible in current-turn context and drive concrete followthrough across later turns and compaction. docs: - docs/concepts/context.md - docs/concepts/context-engine.md - docs/plan/codex-context-engine-harness.md - docs/tools/goal.md search_anchors: - Context Engine - Runtime Assembly - session, memory, and context engine context engine and runtime assembly - context engine and runtime assembly category_note: context-engine-and-runtime-assembly.md human_lts_override: true - name: Cross-client History and Session Parity id: cross-client-history-and-session-parity features: - name: Cross-client History coverageIds: [channels.threads, memory.thread-isolation] description: Covers Cross-client History across `chat.history`, `chat.send`, WebChat display projection, TUI session actions, Android chat/session selection, OpenAI-compatible history mapping, channel history windows, and history visibility across reset/restart. - name: Session Parity coverageIds: [models.switching, models.thinking, runtime.session-continuity] description: Covers Session Parity across `chat.history`, `chat.send`, WebChat display projection, TUI session actions, Android chat/session selection, OpenAI-compatible history mapping, channel history windows, and history visibility across reset/restart. docs: - docs/web/webchat.md - docs/platforms/android.md - docs/channels/channel-routing.md search_anchors: - Cross-client History - Session Parity - session, memory, and context engine cross-client history and session parity - cross-client history and session parity category_note: cross-client-history-and-session-parity.md human_lts_override: false - name: Diagnostics, Maintenance, and Recovery id: diagnostics-maintenance-and-recovery features: - name: Session diagnostic reports coverageIds: [session.diagnostic-reports] description: Covers stuck-session diagnostics, diagnostic bundles, stability snapshots, and operator visibility into transcript and session health. - name: Session maintenance warnings coverageIds: [session.maintenance-warnings] description: Covers restart maintenance warnings, delivery queues, memory/session cleanup signals, and operator-visible maintenance state. - name: Session and transcript recovery coverageIds: [config.restart-apply, memory.failure-handling, runtime.delivery, runtime.fallbacks, runtime.gateway-restart, runtime.package-update, runtime.restart-recovery, runtime.update-run] description: Covers restart recovery, orphaned subagent resume, transcript repair, and safe restoration of session state after failures. docs: - docs/gateway/diagnostics.md - docs/reference/session-management-compaction.md - docs/diagnostics/flags.md search_anchors: - stuck-session diagnostics - restart recovery - orphaned subagent resume - diagnostic bundles - transcript repair - session maintenance warnings category_note: diagnostics-maintenance-and-recovery.md human_lts_override: false - name: Core Prompts and Context id: core-prompts-and-context features: - name: Instruction Profile coverageIds: [agents.instructions, character.persona, runtime.first-action, workspace.artifacts] description: Covers Instruction Profile across `AGENTS.md`, `USER.md`, `IDENTITY.md`, `SOUL.md`, project context injection, bootstrap truncation, untrusted supplemental context, context visibility config, and runtime-context leakage prevention. - name: Context Visibility coverageIds: [docs.discovery, models.codex-cli, runtime.no-meta-leak, workspace.repo-discovery] description: Covers Context Visibility across `AGENTS.md`, `USER.md`, `IDENTITY.md`, `SOUL.md`, project context injection, bootstrap truncation, untrusted supplemental context, context visibility config, and runtime-context leakage prevention. docs: - docs/concepts/context.md - docs/reference/transcript-hygiene.md - docs/channels/discord.md search_anchors: - Instruction Profile - Context Visibility - session, memory, and context engine instruction profile and context visibility - instruction profile and context visibility category_note: instruction-profile-and-context-visibility.md human_lts_override: true - name: Memory id: memory features: - name: Memory Backend Storage coverageIds: [session.memory-backend-storage] description: Covers Memory Backend Storage across memory backend config, SQLite schema, vector acceleration, embedding provider selection, remote embedding fetch, QMD process/query parsing, session transcript indexing for search, extra paths, and backend security boundaries. - name: Embedding Search coverageIds: [channels.qa-channel, memory.active-recall, memory.ranking, memory.recall, personal.memory-recall] description: Covers Embedding Search across memory backend config, SQLite schema, vector acceleration, embedding provider selection, remote embedding fetch, QMD process/query parsing, session transcript indexing for search, extra paths, and backend security boundaries. - name: Memory Files coverageIds: [memory.dreaming, memory.promotion, qa.artifact-safety] description: Covers Memory Files across root memory files, active memory, memory search/get/store tool exposure, memory prompt sections, memory flush plans, session-memory hook behavior, and memory plugin capability registration visible to agents. - name: Memory search and store tools coverageIds: [channels.group-messages, channels.qa-channel, memory.active-recall, memory.ranking, memory.recall, memory.tools, personal.memory-recall, tools.memory.add, tools.memory.recall] description: Covers memory search/get/store tool exposure, memory prompt sections, memory flush plans, session-memory hook behavior, and memory plugin capability registration visible to agents. - name: Active Memory coverageIds: [channels.qa-channel, memory.active-recall, memory.recall, personal.memory-recall] description: Covers Active Memory across root memory files, active memory, memory search/get/store tool exposure, memory prompt sections, memory flush plans, session-memory hook behavior, and memory plugin capability registration visible to agents. docs: - docs/reference/memory-config.md - docs/concepts/memory-qmd.md - docs/concepts/memory.md - docs/channels/discord.md search_anchors: - Memory Backend Storage - Embedding Search - Memory Files - memory search - memory get - memory store - Active Memory - root memory files - active memory - memory backend storage and embedding search category_note: memory-files-tools-and-active-memory.md human_lts_override: false - name: Session Routing id: session-routing features: - name: Session Routing coverageIds: [memory.session-routing] description: Covers Session Routing across `sessionKey` construction, target resolution, conversation bindings, session labels, per-conversation isolation, thread binding, model selection continuity tied to sessions, and agent/workspace store targeting. - name: Conversation routing coverageIds: [channels.webchat, runtime.direct-reply-routing, tools.message] description: Covers Conversation Binding across `sessionKey` construction, target resolution, conversation bindings, session labels, per-conversation isolation, thread binding, model selection continuity tied to sessions, and agent/workspace store targeting. docs: - docs/concepts/session.md - docs/channels/channel-routing.md - docs/channels/discord.md search_anchors: - Session Routing - Conversation Binding - session, memory, and context engine session routing and conversation binding - session routing and conversation binding category_note: session-routing-and-conversation-binding.md human_lts_override: true - name: Transcript Persistence id: transcript-persistence features: - name: Transcript Persistence coverageIds: [session.transcript-persistence] description: Covers Transcript Persistence across JSONL session files, transcript append and redaction, session write locks, transcript rotation/archive behavior, disk budget cleanup, provider transcript stores, and restart/repair durability. - name: Durability coverageIds: [session.durability] description: Covers Durability across JSONL session files, transcript append and redaction, session write locks, transcript rotation/archive behavior, disk budget cleanup, provider transcript stores, and restart/repair durability. docs: - docs/reference/session-management-compaction.md - docs/reference/transcript-hygiene.md search_anchors: - Transcript Persistence - Durability - session, memory, and context engine transcript persistence and durability - transcript persistence and durability category_note: transcript-persistence-and-durability.md human_lts_override: true last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: channel-framework name: Channel framework family: core level: beta level_code: M3 rationale: Many channels share Gateway delivery and routing contracts, but channel behavior varies by upstream API and account-policy constraints. completeness_instructions: references/completeness/channel-framework.md categories: - name: Channel Actions Commands and Approvals id: channel-actions-commands-and-approvals features: - name: Channel-native commands coverageIds: [channels.native-commands] description: Channel-native commands and command authorization gates - name: Native command session target coverageIds: [channels.native-command-session-target] description: Native command session target resolution - name: Message actions coverageIds: [channels.message-actions] description: Message actions, action dispatch, and trusted requester checks - name: Message tool API discovery coverageIds: [channels.message-tool-api-discovery] description: Message tool API discovery for channel actions - name: Channel-native approval prompts coverageIds: [channels.native-approval-prompts] description: Channel-native approval prompts and plugin/exec approval routing docs: - docs/channels/groups.md - docs/channels/discord.md - docs/channels/googlechat.md - docs/channels/signal.md - docs/channels/matrix.md search_anchors: - channel-native commands - message actions - channel-native approval prompts category_note: channel-actions-commands-and-approvals.md human_lts_override: false - name: Channel Setup id: channel-setup features: - name: Supported channel catalog coverageIds: [channels.supported-channel-catalog] description: Supported channel catalog and docs index - name: Channel status taxonomy in channels list coverageIds: [channels.status-taxonomy-in-channels-list] description: Channel status taxonomy in channels list, channels status, and setup status output - name: Setup/onboarding flows coverageIds: [agents.create, channels.discord-config, config.crestodian-setup] description: Setup/onboarding flows, including first-run channel selection and channel account setup - name: Install-on-demand coverageIds: [channels.install-on-demand] description: Install-on-demand, downloadable, bundled, official external, local, npm, and ClawHub distinctions - name: Setup wizard metadata coverageIds: [channels.setup-wizard-metadata] description: Setup wizard metadata and setup-safe plugin entrypoints docs: - docs/channels/index.md - docs/channels/pairing.md - docs/channels/troubleshooting.md - docs/plugins/sdk-channel-plugins.md search_anchors: - channels list - channels setup - setup wizard metadata category_note: channel-setup.md human_lts_override: true - name: Group Thread and Ambient Room Behavior id: group-thread-and-ambient-room-behavior features: - name: Group/channel session isolation coverageIds: [channels.group-messages, channels.qa-channel, memory.tools] description: Group/channel session isolation and group history context - name: Mention-required coverageIds: [channels.group-visible-replies, channels.qa-channel, tools.message] description: Mention-required, always-on, and ambient room-event modes - name: Native threads coverageIds: [channels.dm, channels.qa-channel, channels.threads, memory.thread-isolation, personal.channel-replies] description: Native threads, topics, parent-child bindings, and thread spawn behavior - name: Broadcast groups coverageIds: [channels.broadcast-groups] description: Broadcast groups and multi-agent group routing - name: Bot-loop protection coverageIds: [channels.bot-loop-protection] description: Bot-loop protection for room behavior docs: - docs/channels/groups.md - docs/channels/group-messages.md - docs/channels/ambient-room-events.md - docs/channels/broadcast-groups.md - docs/channels/discord.md search_anchors: - mentionRequired - ambient room events - broadcast groups category_note: group-thread-and-ambient-room-behavior.md human_lts_override: false - name: Inbound Access and Identity Gates id: inbound-access-and-identity-gates features: - name: DM pairing coverageIds: [security.dm-pairing, channels.pairing-gate] description: DM pairing and allowFrom sender controls - name: Group/channel allowlists coverageIds: [channels.access-policy, channels.allowlist-hot-reload, channels.group-channel-allowlists] description: Group/channel allowlists and sender allowlists - name: Access group expansion coverageIds: [channels.access-group-expansion] description: Access group expansion and sender authorization helpers - name: Mention gating coverageIds: [channels.mention-gating] description: Mention gating, implicit mentions, command bypass, and bot-loop-aware admission - name: Sanitized inbound identity/route projections coverageIds: [channels.sanitized-inbound-identity-route-projections] description: Sanitized inbound identity/route projections for downstream dispatch docs: - docs/channels/access-groups.md - docs/channels/groups.md - docs/channels/discord.md - docs/channels/line.md search_anchors: - DM pairing - allowFrom - access groups category_note: inbound-access-and-identity-gates.md human_lts_override: true - name: Media Attachments and Rich Channel Data id: media-attachments-and-rich-channel-data features: - name: Inbound media normalization coverageIds: [channels.inbound-media-normalization] description: Inbound media normalization, attachment persistence, and history media context - name: Outbound direct text/media sends coverageIds: [channels.outbound-direct-text-media-sends] description: Outbound direct text/media sends and rich payload adapter support - name: Provider-specific channelData coverageIds: [channels.provider-specific-channeldata] description: Provider-specific channelData, quick replies, locations, polls, reactions, and voice-note handling - name: Media roots coverageIds: [channels.media-roots] description: Media roots and file-path safety for channel inbound storage docs: - docs/channels/line.md - docs/channels/signal.md - docs/channels/googlechat.md - docs/channels/matrix.md - docs/channels/discord.md search_anchors: - inbound media normalization - channelData - media roots category_note: media-attachments-and-rich-channel-data.md human_lts_override: false - name: Outbound Delivery and Reply Pipeline id: outbound-delivery-and-reply-pipeline features: - name: Automatic final reply delivery coverageIds: [agents.subagents, channels.dedup, channels.direct-visible-replies, channels.dm, channels.group-visible-replies, channels.qa-channel, channels.reconnect, channels.restart-resume, channels.streaming, channels.threads, commitments.heartbeat-target-none, commitments.scope, personal.channel-replies, runtime.delivery, runtime.fallback-delivery, runtime.gateway-restart, runtime.restart-recovery, tools.message] description: Automatic final reply delivery and strict message-tool-only visible delivery - name: Durable outbound send orchestration coverageIds: [channels.dedup, channels.reconnect, runtime.delivery] description: Durable outbound send orchestration, receipts, partial failures, and fallback paths - name: Reply pipeline transforms coverageIds: [channels.message-actions, channels.qa-channel] description: Reply pipeline transforms, typing callbacks, draft streaming, and status reactions - name: Provider outbound adapter bridge coverageIds: [channels.direct-visible-replies, channels.group-visible-replies, channels.qa-channel, channels.webchat, runtime.direct-reply-routing, tools.message, tools.message-tool] description: Provider outbound adapter bridge and message capabilities docs: - docs/channels/groups.md - docs/channels/ambient-room-events.md - docs/channels/discord.md - docs/channels/matrix.md - docs/gateway/config-channels.md search_anchors: - automatic final reply delivery - message tool delivery - typing callbacks category_note: outbound-delivery-and-reply-pipeline.md human_lts_override: true - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Inbound conversation routing coverageIds: [channels.dm, channels.qa-channel, channels.threads, personal.channel-replies] description: Inbound and command conversation resolution across sessions, threads, and provider-owned targets. - name: Session key construction coverageIds: [memory.session-key-construction] description: Session key construction and session metadata recording - name: Agent selection precedence coverageIds: [channels.agent-selection-precedence] description: Agent binding precedence and broadcast group dispatch - name: Runtime conversation routing coverageIds: [channels.runtime-conversation-routing] description: Runtime conversation bindings and ACP session binding routes - name: Thread/parent-child placement coverageIds: [channels.thread-parent-child-placement] description: Thread/parent-child placement and provider-owned target normalization - name: Plugin registry resolution coverageIds: [agents.subagents, channels.direct-visible-replies, channels.dm, channels.group-messages, channels.group-visible-replies, channels.message-actions, channels.qa-channel, channels.threads, media.image-generation, media.image-understanding, memory.recall, personal.channel-replies, personal.memory-recall, personal.reminders, runtime.delivery, scheduling.cron, scheduling.dedup, tools.message, ui.control] description: Plugin registry resolution and scoped channel runtime creation - name: Channel account startup coverageIds: [channels.account-startup] description: Channel account startup, shutdown, logout, abort, and manual-stop state - name: Whole-channel lifecycle controls coverageIds: [channels.whole-channel-lifecycle-controls] description: Whole-channel and per-account lifecycle fanout for start, stop, logout, restart, and runtime snapshots. - name: Config/secrets reload interactions coverageIds: [channels.config-secrets-reload-interactions] description: Config/secrets reload interactions with channel plugin reload targets - name: Auto-restart coverageIds: [channels.auto-restart] description: Auto-restart, backoff, crash-loop caps, and runtime snapshot reporting docs: - docs/channels/channel-routing.md - docs/channels/groups.md - docs/channels/discord.md - docs/channels/matrix.md - docs/channels/troubleshooting.md - docs/gateway/configuration-reference.md search_anchors: - channel routing - session key construction - agent binding precedence - channels.start - channels.stop - channel account startup - health restart category_note: conversation-routing-and-delivery.md human_lts_override: true - name: Status Health and Operator Controls id: status-health-and-operator-controls features: - name: channels.status coverageIds: [channels.status] description: channels.status, probes, account snapshots, and warnings - name: Channel health policy coverageIds: [channels.dedup, channels.reconnect, runtime.delivery] description: Channel health policy, health monitor restarts, stale socket detection, cooldowns, and restart caps - name: Operator CLI controls coverageIds: [channels.operator-cli-controls] description: Operator CLI controls for start, stop, logout, status, restart, and troubleshoot - name: Status read-model coverageIds: [channels.status-read-model] description: Status read-model and plugin status snapshots docs: - docs/gateway/health.md - docs/gateway/configuration-reference.md - docs/channels/troubleshooting.md - docs/channels/discord.md search_anchors: - channels status --probe - channel health policy - operator CLI controls category_note: status-health-and-operator-controls.md human_lts_override: true last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: security-auth-pairing-and-secrets name: Security, auth, pairing, and secrets family: core level: beta level_code: M3 rationale: Good docs and hardening surfaces exist. Promote after regular upgrade/security scenario runs prove no setup regressions. completeness_instructions: references/completeness/security-auth-pairing-and-secrets.md categories: - name: Approval Policy and Tool Safeguards id: approval-policy-and-tool-safeguards features: - name: Approval Policy coverageIds: [personal.approval-denial, personal.tool-safety, runtime.approvals, tools.followthrough, tools.safety] description: Covers Approval Policy across exec approval policy, host-local approval stores, allowlist and ask modes, dangerous tool safeguards, native/chat approval routing, plugin approval routing, approval decisions, approval binding, and operator-facing CLI management. - name: Dangerous Tool Safeguards coverageIds: [security.dangerous-tool-safeguards] description: Covers Dangerous Tool Safeguards across exec approval policy, host-local approval stores, allowlist and ask modes, dangerous tool safeguards, native/chat approval routing, plugin approval routing, approval decisions, approval binding, and operator-facing CLI management. docs: - docs/tools/exec-approvals.md - docs/cli/approvals.md - docs/plugins/plugin-permission-requests.md - docs/gateway/security/audit-checks.md search_anchors: - approval policy - dangerous tool safeguards - exec approvals category_note: approval-policy-and-dangerous-tool-safeguards.md human_lts_override: true - name: Gateway Auth and Remote Access id: gateway-auth-and-remote-access features: - name: Shared Gateway token/password auth coverageIds: [security.shared-gateway-token-password-auth] description: Token and password auth for Gateway HTTP and WebSocket clients, including runtime auth resolution, startup validation, shared-secret comparison, and operator guidance. - name: Gateway auth mode coverageIds: [security.gateway-auth-mode] description: Gateway auth mode selection, including private ingress behavior and operator warnings for unsafe exposure. - name: Trusted-proxy identity coverageIds: [security.trusted-proxy-identity] description: Trusted-proxy identity, gateway.trustedProxies, trustedProxy.userHeader, requiredHeaders, allowUsers, allowLoopback, reverse-proxy source validation, and scope behavior - name: Tailscale Serve/Funnel coverageIds: [raspberry-pi.tailscale-serve-funnel] description: Tailscale Serve/Funnel and reverse-proxy exposure rules, including Tailscale identity headers, tailscale whois, Funnel password requirements, and separation between Control UI/WS identity and HTTP API auth - name: Bind and origin restrictions coverageIds: [security.bind-and-origin-restrictions] description: loopback/LAN/tailnet/custom bind modes, non-loopback exposure checks, browser Origin checks, controlUi.allowedOrigins, Host-header fallback risk, and forwarded-header handling - name: WebSocket handshake auth coverageIds: [security.websocket-handshake-auth] description: WebSocket handshake auth, including challenge/connect ordering, nonce-bound device auth, shared auth, browser origin checks, pre-auth limits, unauthenticated socket timeout, and stale shared-auth rotation - name: Operator-facing docs coverageIds: [security.operator-facing-docs] description: Operator-facing docs and runbooks for security audit, remote access, exposure rollback, Tailscale, trusted proxy, credential rotation, and explicit credential probing - name: Browser Control UI coverageIds: [security.browser-control-ui] description: Covers Browser Control UI across Control UI/WebChat browser trust, device pairing for browser clients, allowed origins, Tailscale/trusted-proxy behavior for browser sessions, and related browser control ui and remote client trust behavior. - name: Remote Client Trust coverageIds: [security.remote-client-trust] description: Covers Remote Client Trust across Control UI/WebChat browser trust, device pairing for browser clients, allowed origins, Tailscale/trusted-proxy behavior for browser sessions, and related browser control ui and remote client trust behavior. docs: - docs/gateway/security/index.md - docs/gateway/security/exposure-runbook.md - docs/gateway/trusted-proxy-auth.md - docs/gateway/tailscale.md - docs/gateway/remote.md - docs/gateway/configuration-reference.md - docs/cli/gateway.md - docs/cli/doctor.md - docs/web/control-ui.md - docs/tools/browser-control.md - docs/gateway/security/audit-checks.md search_anchors: - gateway.auth.mode - trusted proxy auth - Tailscale Serve/Funnel - WebSocket handshake auth - Control UI auth - remote client trust - allowed origins category_note: gateway-auth-and-network-exposure.md human_lts_override: true - name: Channel Access Control id: channel-access-control features: - name: Channel Identity coverageIds: [security.channel-identity] description: 'Covers Channel Identity across who can talk to OpenClaw through message channels: DM pairing codes, pairing stores, `dmPolicy`, `allowFrom`, and related channel identity, allowlists, and sender pairing behavior.' - name: Allowlists coverageIds: [security.allowlists] description: 'Covers Allowlists across who can talk to OpenClaw through message channels: DM pairing codes, pairing stores, `dmPolicy`, `allowFrom`, and related channel identity, allowlists, and sender pairing behavior.' - name: Sender Pairing coverageIds: [security.sender-pairing] description: 'Covers Sender Pairing across who can talk to OpenClaw through message channels: DM pairing codes, pairing stores, `dmPolicy`, `allowFrom`, and related channel identity, allowlists, and sender pairing behavior.' docs: - docs/channels/pairing.md - docs/channels/telegram.md - docs/channels/access-groups.md - docs/gateway/security/audit-checks.md search_anchors: - DM pairing - allowFrom - sender allowlists category_note: channel-identity-allowlists-and-sender-pairing.md human_lts_override: true - name: Device and Node Pairing id: device-and-node-pairing features: - name: Setup codes coverageIds: [security.setup-codes] description: Setup codes and QR pairing UX for mobile/node onboarding through the device-pair plugin - name: Device identity creation coverageIds: [security.device-identity-creation] description: Device identity creation, storage, public-key-derived device IDs, challenge signing, and server verification - name: Device-token issuance coverageIds: [security.device-token-issuance] description: Device-token issuance, reconnect reuse, token mismatch recovery, token rotation, token revocation, and stale-token cleanup - name: Device pairing approvals for operator coverageIds: [security.device-pairing-approvals-for-operator] description: Device pairing approvals for operator and node roles, including pending requests, role/scope upgrades, and repair requests - name: Operator scopes that gate pairing coverageIds: [security.operator-scopes-that-gate-pairing] description: Operator scopes that gate pairing, device token management, node pairing, and higher-risk role/scope approvals - name: Local Control UI coverageIds: [security.local-control-ui] description: Local Control UI, WebChat, trusted-proxy, and backend auto-pairing or device-less exception behavior where it affects operator pairing - name: Auth migration coverageIds: [security.auth-migration] description: Auth migration and recovery errors for pre-challenge device signing, token drift, scope mismatch, and mixed gateway auth configuration - name: Operator-facing docs coverageIds: [security.operator-facing-docs] description: Operator-facing docs for devices, pairing, WebChat, Control UI, protocol auth, and troubleshooting - name: Node Pairing coverageIds: [security.node-pairing] description: Covers Node Pairing across node/device pairing for capability hosts, pending and approved node state, trusted-CIDR auto-approval, node-declared command/capability trust boundaries, and related node pairing, capability trust, and remote exec approvals behavior. - name: Capability Trust coverageIds: [security.capability-trust] description: Covers Capability Trust across node/device pairing for capability hosts, pending and approved node state, trusted-CIDR auto-approval, node-declared command/capability trust boundaries, and related node pairing, capability trust, and remote exec approvals behavior. - name: Remote Exec Approvals coverageIds: [security.remote-exec-approvals] description: Covers Remote Exec Approvals across node/device pairing for capability hosts, pending and approved node state, trusted-CIDR auto-approval, node-declared command/capability trust boundaries, and related node pairing, capability trust, and remote exec approvals behavior. docs: - docs/gateway/protocol.md - docs/cli/devices.md - docs/channels/pairing.md - docs/gateway/pairing.md - docs/gateway/operator-scopes.md - docs/web/control-ui.md - docs/web/webchat.md - docs/cli/approvals.md search_anchors: - setup codes - device challenge signing - operator scopes - node pairing - node-declared capabilities - remote exec approvals category_note: device-identity-and-operator-pairing.md human_lts_override: true - name: Plugin Trust id: plugin-trust features: - name: Plugin Installation Trust coverageIds: [security.plugin-installation-trust] description: Covers Plugin Installation Trust across plugin manifest trust, plugin install/update safety scans, plugin allowlists, manifest-owned auth/secret metadata, and related plugin installation trust and security boundaries behavior. - name: Security Boundaries coverageIds: [security.boundaries] description: Covers Security Boundaries across plugin manifest trust, plugin install/update safety scans, plugin allowlists, manifest-owned auth/secret metadata, and related plugin installation trust and security boundaries behavior. docs: - docs/plugins/manifest.md - docs/plugins/plugin-permission-requests.md - docs/plugins/manage-plugins.md - docs/gateway/security/audit-checks.md search_anchors: - plugin manifest trust - plugin install safety scans - plugin allowlists category_note: plugin-installation-trust-and-security-boundaries.md human_lts_override: false - name: Credential and Secret Hygiene id: credential-and-secret-hygiene features: - name: Provider Auth Profiles coverageIds: [security.provider-auth-profiles] description: 'Covers Provider Auth Profiles across provider credentials and auth health as a security/secrets surface: API keys, OAuth profiles, `auth-profiles.json`, auth order, and related provider auth profiles and api key health behavior.' - name: API Key Health coverageIds: [security.api-key-health] description: 'Covers API Key Health across provider credentials and auth health as a security/secrets surface: API keys, OAuth profiles, `auth-profiles.json`, auth order, and related provider auth profiles and api key health behavior.' - name: Secrets Storage coverageIds: [security.secrets-storage] description: Covers Secrets Storage across SecretRef contract and providers, runtime secret snapshots, gateway auth SecretRefs, auth-profile and generated model residues, and related secrets storage, redaction, and configuration hygiene behavior. - name: Redaction coverageIds: [memory.dreaming, memory.promotion, personal.diagnostics, personal.redaction, qa.artifact-safety, runtime.tool-policy, security.redaction] description: Covers Redaction across SecretRef contract and providers, runtime secret snapshots, gateway auth SecretRefs, auth-profile and generated model residues, and related secrets storage, redaction, and configuration hygiene behavior. - name: Configuration Hygiene coverageIds: [security.configuration-hygiene] description: Covers Configuration Hygiene across SecretRef contract and providers, runtime secret snapshots, gateway auth SecretRefs, auth-profile and generated model residues, and related secrets storage, redaction, and configuration hygiene behavior. docs: - docs/gateway/authentication.md - docs/cli/models.md - docs/providers/openai.md - docs/concepts/oauth.md - docs/gateway/secrets.md - docs/cli/secrets.md - docs/reference/secretref-credential-surface.md - docs/gateway/security/audit-checks.md search_anchors: - auth-profiles.json - provider API keys - OAuth profiles - SecretRef - runtime secret snapshots - redaction patterns category_note: secrets-storage-redaction-and-configuration-hygiene.md human_lts_override: true last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: telemetry-diagnostics-and-observability name: Observability family: core level: beta level_code: M3 rationale: OTel, Prometheus, logging, and diagnostics docs exist. Needs a public "what operators should look at first" maturity pass. completeness_instructions: references/completeness/telemetry-diagnostics-and-observability.md categories: - name: Health and Repair id: health-and-repair features: - name: Background health-monitor loop coverageIds: [telemetry.background-health-monitor-loop] description: Background health-monitor loop for configured channel accounts - name: Per-account enable/disable settings coverageIds: [telemetry.per-account-enable-disable-settings] description: Per-account enable/disable settings behavior, status, and operator-visible verification. - name: Startup grace coverageIds: [telemetry.startup-grace] description: Startup grace, connect grace, stale transport activity detection, busy/stuck handling, restart cooldowns, and max restarts per hour - name: Restart logging coverageIds: [telemetry.restart-logging] description: Restart logging and runtime snapshot evaluation - name: openclaw doctor coverageIds: [runtime.codex-plugin.auth, runtime.codex-plugin.lifecycle, runtime.doctor-repair] description: openclaw doctor, openclaw doctor --fix, --repair, --yes, --non-interactive, --deep, and --lint - name: Structured health checks coverageIds: [telemetry.structured-health-checks] description: Structured health checks, findings, repair results, check selection, JSON lint output, severity filtering, and exit behavior - name: Core doctor checks coverageIds: [telemetry.core-doctor-checks] description: Core doctor checks for gateway config, services, auth, state integrity, skills, plugins, sandbox, migrations, and provider route health - name: Plugin SDK doctor/health contracts coverageIds: [telemetry.plugin-sdk-doctor-health-contracts] description: Plugin SDK doctor/health contracts behavior, status, and operator-visible verification. - name: openclaw status coverageIds: [windows.openclaw-status] description: openclaw status, openclaw status --all, and openclaw status --deep - name: openclaw health coverageIds: [telemetry.openclaw-health] description: openclaw health, openclaw health --verbose, and openclaw health --json - name: Gateway RPC health coverageIds: [telemetry.gateway-rpc-health] description: Gateway RPC health and status - name: Cached health snapshots coverageIds: [gateway.performance, models.live-openai, plugins.kitchen-sink, plugins.lifecycle, plugins.plugin-tools] description: Cached health snapshots, live probe refresh, sensitive fields gated by operator admin scope, and event-loop health attachment docs: - docs/gateway/health.md - docs/channels/telegram.md - docs/cli/doctor.md - docs/gateway/doctor.md - docs/plugins/sdk-subpaths.md - docs/cli/health.md - docs/gateway/protocol.md search_anchors: - channel health monitor - restart cooldowns - stale transport activity - openclaw doctor --fix - structured health checks - repair results - openclaw health --json - gateway RPC health - cached health snapshots category_note: health-status-probes.md human_lts_override: true - name: Logging id: logging features: - name: Rolling Gateway JSONL file logs coverageIds: [telemetry.rolling-gateway-jsonl-file-logs] description: Rolling Gateway JSONL file logs and console output - name: openclaw logs coverageIds: [telemetry.openclaw-logs] description: openclaw logs, openclaw logs --follow, JSON/plain/color/timezone modes, and local fallback behavior - name: Gateway RPC logs.tail coverageIds: [telemetry.gateway-rpc-logs-tail] description: Gateway RPC logs.tail behavior, status, and operator-visible verification. - name: Redaction patterns and sinks coverageIds: [telemetry.redaction-patterns-and-sinks] description: console, file logs, OTLP log records, transcript text, Control UI tool-call events, support exports, and WS protocol logs - name: Trace correlation fields coverageIds: [telemetry.trace-correlation-fields] description: Trace correlation fields on log records and linked diagnostic events. docs: - docs/logging.md - docs/gateway/logging.md - docs/cli/logs.md search_anchors: - openclaw logs --follow - logs.tail - redaction patterns category_note: logging-log-tail-and-redaction.md human_lts_override: true - name: Diagnostic Collection id: diagnostic-collection features: - name: openclaw gateway diagnostics export coverageIds: [telemetry.openclaw-gateway-diagnostics-export] description: openclaw gateway diagnostics export and --json / --output / log-size options - name: openclaw gateway stability --bundle coverageIds: [telemetry.openclaw-gateway-stability-bundle] description: openclaw gateway stability --bundle latest --export - name: Chat /diagnostics coverageIds: [telemetry.chat-diagnostics] description: Chat /diagnostics and /codex diagnostics approval flows - name: Support zip composition coverageIds: [personal.diagnostics, personal.redaction, qa.artifact-safety] description: Support zip composition, safe relative paths, sanitized config/status/health/log/stability files, and privacy manifest - name: Bounded in-process stability recorder coverageIds: [telemetry.bounded-in-process-stability-recorder] description: Bounded in-process stability recorder and diagnostics.stability RPC - name: openclaw gateway stability coverageIds: [telemetry.openclaw-gateway-stability] description: openclaw gateway stability, stability filtering, persisted stability bundles, and export-from-bundle - name: Memory pressure events coverageIds: [telemetry.memory-pressure-events] description: Memory pressure events, event-loop liveness warnings, oversized payload events, queue/session summaries, and fatal/shutdown/restart snapshots - name: Critical memory pressure snapshot option coverageIds: [telemetry.critical-memory-pressure-snapshot-option] description: Critical memory pressure snapshot option with V8/cgroup/session-file evidence docs: - docs/gateway/diagnostics.md - docs/gateway/health.md - docs/plugins/codex-harness.md - docs/gateway/protocol.md search_anchors: - gateway diagnostics export - support bundle - privacy manifest - gateway stability - memory pressure events - critical memory pressure snapshot category_note: diagnostics-export-support-bundles.md human_lts_override: false - name: Telemetry Export id: telemetry-export features: - name: Diagnostic event types coverageIds: [telemetry.diagnostic-event-types] description: Diagnostic event types and trusted/internal/public subscription boundaries - name: Async dispatch coverageIds: [automation.async-dispatch] description: Async dispatch, queue saturation summaries, immutable event copies, private data handling, and diagnostics enablement - name: W3C trace context creation coverageIds: [telemetry.w3c-trace-context-creation] description: W3C trace context creation, active request scopes, child spans, and trusted traceparent formatting - name: Plugin SDK diagnostic runtime exports coverageIds: [telemetry.plugin-sdk-runtime-exports] description: Plugin SDK diagnostic runtime exports and hook context trace fields - name: Model-call diagnostic events coverageIds: [telemetry.model-call-diagnostic-events] description: Model-call, tool, exec, webhook, message, Talk, session, harness, and exporter diagnostic events. - name: diagnostics-otel plugin install coverageIds: [telemetry.diagnostics-otel-plugin-install] description: diagnostics-otel plugin install, enablement, config, env overrides, sampling, flush interval, and preloaded SDK mode - name: OTLP/HTTP traces coverageIds: [harness.qa-lab, telemetry.otel] description: OTLP/HTTP traces, metrics, and logs - name: Trusted trace context coverageIds: [telemetry.trusted-trace-context] description: Trusted trace context, W3C traceparent propagation to model calls, file-log correlation, content-capture controls, and redacted/bounded attributes - name: Model and runtime telemetry coverageIds: [docker.runtime-validation, harness.qa-lab, harness.tool-trace-visibility, personal.failure-recovery, personal.no-fake-progress, personal.task-followthrough, runtime.qa-bus, telemetry.otel, telemetry.prometheus, tools.evidence, tools.trace] description: Model, tool, message, session, queue, Talk, exec, webhook, context assembly, harness, and exporter-health signals - name: diagnostics-prometheus plugin install coverageIds: [telemetry.diagnostics-prometheus-plugin-install] description: diagnostics-prometheus plugin install and enablement - name: Gateway-authenticated GET /api/diagnostics/prometheus coverageIds: [telemetry.prometheus-authenticated-gateway-export] description: Gateway-authenticated GET /api/diagnostics/prometheus behavior, status, and operator-visible verification. - name: Prometheus text exposition coverageIds: [docker.runtime-validation, harness.qa-lab, telemetry.prometheus] description: Prometheus text exposition, counters, gauges, histograms, label policy, series cap, and overflow metric - name: Trusted diagnostic event subscription coverageIds: [telemetry.trusted-diagnostic-event-subscription] description: Trusted diagnostic event subscription and rendering of run, model, tool, message, Talk, queue, session, liveness, payload, memory, and exporter metrics docs: - docs/plugins/hooks.md - docs/gateway/opentelemetry.md - docs/logging.md - docs/plugins/sdk-subpaths.md - docs/plugins/reference/diagnostics-otel.md - docs/gateway/prometheus.md - docs/plugins/reference/diagnostics-prometheus.md search_anchors: - diagnostic events - W3C trace context - hook context trace fields - diagnostics-otel - OTLP/HTTP traces - traceparent - diagnostics-prometheus - /api/diagnostics/prometheus - Prometheus text exposition category_note: diagnostic-events-hooks-and-trace-context.md human_lts_override: false - name: Session Diagnostics id: session-diagnostics features: - name: session.state coverageIds: [telemetry.session-state] description: session.state, session.stuck, session.long_running, session.stalled, session.recovery.*, and session.turn.created diagnostic events - name: Diagnostic session activity snapshots coverageIds: [telemetry.diagnostic-session-activity-snapshots] description: Diagnostic session activity snapshots for embedded runs, model calls, and tool calls - name: Model usage coverageIds: [telemetry.model-usage] description: Model usage, token/cost, model-call byte/timing, run attempts, and usage logs - name: Export of session signals to stability coverageIds: [telemetry.export-of-session-signals-to-stability] description: Export of session signals to stability, OpenTelemetry, and Prometheus docs: - docs/gateway/opentelemetry.md - docs/gateway/prometheus.md - docs/gateway/diagnostics.md - docs/gateway/protocol.md search_anchors: - session.state - usage diagnostics - stability export category_note: session-run-and-usage-diagnostics.md human_lts_override: true last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: automation-cron-hooks-tasks-polling name: 'Automation: cron, hooks, tasks, polling' family: core level: beta level_code: M3 rationale: Documented and usable, but scenario proof should cover unattended delivery, retries, and failure visibility. completeness_instructions: references/completeness/automation-cron-hooks-tasks-polling.md categories: - name: Cron Jobs id: cron-jobs features: - name: Create/edit/remove jobs coverageIds: [automation.create-edit-remove-jobs] description: Covers Create/edit/remove jobs across cron job creation, listing, inspection, editing, and related cron job lifecycle behavior. - name: Schedule types coverageIds: [automation.schedule-types] description: Covers Schedule types across cron job creation, listing, inspection, editing, and related cron job lifecycle behavior. - name: Timezone and stagger coverageIds: [automation.timezone-and-stagger] description: Covers Timezone and stagger across cron job creation, listing, inspection, editing, and related cron job lifecycle behavior. - name: Cron RPCs coverageIds: [scheduling.cron-rpcs] description: Covers Cron RPCs across cron job creation, listing, inspection, editing, and related cron job lifecycle behavior. - name: Agent cron tool coverageIds: [channels.qa-channel, personal.reminders, scheduling.cron] description: Covers Agent cron tool across cron job creation, listing, inspection, editing, and related cron job lifecycle behavior. - name: Manual cron runs coverageIds: [scheduling.cron] description: Covers Manual cron runs across scheduler dispatch, timer arming, manual/due runs, isolated agent execution, and related cron runs and diagnostics behavior. - name: Isolated cron execution coverageIds: [scheduling.cron, scheduling.dedup] description: Covers Isolated cron execution across scheduler dispatch, timer arming, manual/due runs, isolated agent execution, and related cron runs and diagnostics behavior. - name: Model/provider preflight coverageIds: [automation.model-provider-preflight] description: Covers Model/provider preflight across scheduler dispatch, timer arming, manual/due runs, isolated agent execution, and related cron runs and diagnostics behavior. - name: Run history coverageIds: [channels.qa-channel, scheduling.cron, scheduling.dedup] description: Covers Run history across scheduler dispatch, timer arming, manual/due runs, isolated agent execution, and related cron runs and diagnostics behavior. - name: Timeout and denial diagnostics coverageIds: [automation.timeout-and-denial-diagnostics] description: Covers Timeout and denial diagnostics across scheduler dispatch, timer arming, manual/due runs, isolated agent execution, and related cron runs and diagnostics behavior. - name: Chat announce delivery coverageIds: [scheduling.chat-announce-delivery] description: Covers Chat announce delivery across cron output delivery modes, channel target resolution, direct delivery retries, transcript mirroring, and related cron delivery and failure alerts behavior. - name: Webhook delivery coverageIds: [automation.webhook-delivery] description: Covers Webhook delivery across cron output delivery modes, channel target resolution, direct delivery retries, transcript mirroring, and related cron delivery and failure alerts behavior. - name: Failure destinations coverageIds: [automation.failure-destinations] description: Covers Failure destinations across cron output delivery modes, channel target resolution, direct delivery retries, transcript mirroring, and related cron delivery and failure alerts behavior. - name: Skipped-run alerts coverageIds: [automation.skipped-run-alerts] description: Covers Skipped-run alerts across cron output delivery modes, channel target resolution, direct delivery retries, transcript mirroring, and related cron delivery and failure alerts behavior. - name: Delivery previews coverageIds: [automation.delivery-previews] description: Covers Delivery previews across cron output delivery modes, channel target resolution, direct delivery retries, transcript mirroring, and related cron delivery and failure alerts behavior. docs: - docs/automation/cron-jobs.md - docs/cli/cron.md - docs/gateway/protocol.md - docs/automation/tasks.md - docs/channels/discord.md search_anchors: - Create/edit/remove jobs - Schedule types - Timezone and stagger - Cron RPCs - Agent cron tool - openclaw cron - Manual cron runs - Isolated cron execution - Model/provider preflight - Run history - Timeout and denial diagnostics - Chat announce delivery - Webhook delivery - Failure destinations - Skipped-run alerts - Delivery previews - failure destination - announce category_note: cron-job-lifecycle.md human_lts_override: false - name: Event Ingress id: event-ingress features: - name: Telegram long polling coverageIds: [automation.telegram-long-polling] description: Covers Telegram long polling across channel-level long polling and webhook modes, especially Telegram and Zalo; polling liveness, leases, watchdog thresholds, and related channel polling and webhooks behavior. - name: Telegram webhook mode coverageIds: [automation.telegram-webhook-mode] description: Covers Telegram webhook mode across channel-level long polling and webhook modes, especially Telegram and Zalo; polling liveness, leases, watchdog thresholds, and related channel polling and webhooks behavior. - name: Zalo polling/webhook mode coverageIds: [automation.zalo-polling-webhook-mode] description: Covers Zalo polling/webhook mode across channel-level long polling and webhook modes, especially Telegram and Zalo; polling liveness, leases, watchdog thresholds, and related channel polling and webhooks behavior. - name: Polling stall diagnostics coverageIds: [automation.polling-stall-diagnostics] description: Covers Polling stall diagnostics across channel-level long polling and webhook modes, especially Telegram and Zalo; polling liveness, leases, watchdog thresholds, and related channel polling and webhooks behavior. - name: iMessage watch fallback coverageIds: [automation.imessage-watch-fallback] description: Covers iMessage watch fallback across channel-level long polling and webhook modes, especially Telegram and Zalo; polling liveness, leases, watchdog thresholds, and related channel polling and webhooks behavior. - name: Gmail setup wizard coverageIds: [automation.gmail-setup-wizard] description: Covers Gmail setup wizard across `openclaw webhooks gmail setup`, `hooks.gmail` config, `gog gmail watch start/serve`, watcher startup and renewal, and related gmail pub/sub watchers behavior. - name: Watcher start/serve coverageIds: [automation.watcher-start-serve] description: Covers Watcher start/serve across `openclaw webhooks gmail setup`, `hooks.gmail` config, `gog gmail watch start/serve`, watcher startup and renewal, and related gmail pub/sub watchers behavior. - name: Tailscale/public routing coverageIds: [automation.tailscale-public-routing] description: Covers Tailscale/public routing across `openclaw webhooks gmail setup`, `hooks.gmail` config, `gog gmail watch start/serve`, watcher startup and renewal, and related gmail pub/sub watchers behavior. - name: Push token validation coverageIds: [automation.push-token-validation] description: Covers Push token validation across `openclaw webhooks gmail setup`, `hooks.gmail` config, `gog gmail watch start/serve`, watcher startup and renewal, and related gmail pub/sub watchers behavior. - name: Gmail event routing coverageIds: [automation.gmail-event-routing] description: Covers Gmail event routing across `openclaw webhooks gmail setup`, `hooks.gmail` config, `gog gmail watch start/serve`, watcher startup and renewal, and related gmail pub/sub watchers behavior. - name: POST /hooks/wake coverageIds: [automation.post-hooks-wake] description: Covers POST /hooks/wake across `/hooks/wake`, `/hooks/agent`, mapped hooks under `/hooks/`, token extraction, and related http webhooks behavior. - name: POST /hooks/agent coverageIds: [automation.post-hooks-agent] description: Covers POST /hooks/agent across `/hooks/wake`, `/hooks/agent`, mapped hooks under `/hooks/`, token extraction, and related http webhooks behavior. - name: Mapped hooks coverageIds: [automation.mapped-hooks] description: Covers Mapped hooks across `/hooks/wake`, `/hooks/agent`, mapped hooks under `/hooks/`, token extraction, and related http webhooks behavior. - name: Hook auth policy coverageIds: [automation.hook-auth-policy] description: Covers Hook auth policy across `/hooks/wake`, `/hooks/agent`, mapped hooks under `/hooks/`, token extraction, and related http webhooks behavior. - name: Async dispatch coverageIds: [automation.async-dispatch] description: Covers Async dispatch across `/hooks/wake`, `/hooks/agent`, mapped hooks under `/hooks/`, token extraction, and related http webhooks behavior. docs: - docs/channels/telegram.md - docs/channels/zalo.md - docs/channels/troubleshooting.md - docs/channels/imessage-from-bluebubbles.md - docs/automation/cron-jobs.md#gmail-pubsub-integration - docs/automation/gmail-pubsub.md - docs/cli/webhooks.md - docs/automation/cron-jobs.md#webhooks - docs/automation/webhook.md search_anchors: - Telegram long polling - Telegram webhook mode - Zalo polling/webhook mode - Polling stall diagnostics - iMessage watch fallback - Gmail setup wizard - Watcher start/serve - Tailscale/public routing - Push token validation - Gmail event routing - POST /hooks/wake - POST /hooks/agent - Mapped hooks - Hook auth policy - Async dispatch category_note: channel-polling-webhooks.md human_lts_override: false - name: Automation Hooks id: automation-hooks features: - name: HOOK.md authoring coverageIds: [automation.hook-md-authoring] description: Covers HOOK.md authoring across `HOOK.md` metadata, handler loading, bundled/managed/workspace/plugin hook discovery, eligibility policy, and related internal hooks behavior. - name: Hook discovery coverageIds: [automation.hook-discovery] description: Covers Hook discovery across `HOOK.md` metadata, handler loading, bundled/managed/workspace/plugin hook discovery, eligibility policy, and related internal hooks behavior. - name: Hook CLI management coverageIds: [automation.hook-cli-management] description: Covers Hook CLI management across `HOOK.md` metadata, handler loading, bundled/managed/workspace/plugin hook discovery, eligibility policy, and related internal hooks behavior. - name: Hook packs coverageIds: [automation.hook-packs] description: Covers Hook packs across `HOOK.md` metadata, handler loading, bundled/managed/workspace/plugin hook discovery, eligibility policy, and related internal hooks behavior. - name: Lifecycle event dispatch coverageIds: [automation.lifecycle-event-dispatch] description: Covers Lifecycle event dispatch across `HOOK.md` metadata, handler loading, bundled/managed/workspace/plugin hook discovery, eligibility policy, and related internal hooks behavior. - name: api.on registration coverageIds: [automation.api-on-registration] description: Covers api.on registration across `api.on(...)` typed hooks, priority/timeout behavior, decision hooks such as `before_tool_call`, message and dispatch hooks, and related plugin hooks behavior. - name: Tool-call policy hooks coverageIds: [automation.tool-call-policy-hooks] description: Covers Tool-call policy hooks across `api.on(...)` typed hooks, priority/timeout behavior, decision hooks such as `before_tool_call`, message and dispatch hooks, and related plugin hooks behavior. - name: Message hooks coverageIds: [automation.message-hooks] description: Covers Message hooks across `api.on(...)` typed hooks, priority/timeout behavior, decision hooks such as `before_tool_call`, message and dispatch hooks, and related plugin hooks behavior. - name: Session/lifecycle hooks coverageIds: [automation.session-lifecycle-hooks] description: Covers Session/lifecycle hooks across `api.on(...)` typed hooks, priority/timeout behavior, decision hooks such as `before_tool_call`, message and dispatch hooks, and related plugin hooks behavior. - name: Plugin approval requests coverageIds: [automation.plugin-approval-requests] description: Covers Plugin approval requests across `api.on(...)` typed hooks, priority/timeout behavior, decision hooks such as `before_tool_call`, message and dispatch hooks, and related plugin hooks behavior. - name: cron_changed coverageIds: [automation.cron-changed] description: Covers cron_changed across `api.on(...)` typed hooks, priority/timeout behavior, decision hooks such as `before_tool_call`, message and dispatch hooks, and related plugin hooks behavior. docs: - docs/automation/hooks.md - docs/cli/hooks.md - docs/plugins/hooks.md - docs/plugins/plugin-permission-requests.md - docs/plugins/sdk-subpaths.md search_anchors: - HOOK.md authoring - Hook discovery - Hook CLI management - Hook packs - Lifecycle event dispatch - api.on registration - Tool-call policy hooks - Message hooks - Session/lifecycle hooks - Plugin approval requests - cron_changed category_note: internal-hooks.md human_lts_override: false - name: Background Tasks and Flows id: background-tasks-and-flows features: - name: Task list/show/cancel coverageIds: [automation.task-list-show-cancel] description: Covers Task list/show/cancel across task creation, status transitions, runtime types, owner/session access, and related background task ledger behavior. - name: Task notifications coverageIds: [automation.task-notifications] description: Covers Task notifications across task creation, status transitions, runtime types, owner/session access, and related background task ledger behavior. - name: Task audit and maintenance coverageIds: [automation.task-audit-and-maintenance] description: Covers Task audit and maintenance across task creation, status transitions, runtime types, owner/session access, and related background task ledger behavior. - name: Chat task board coverageIds: [automation.chat-task-board] description: Covers Chat task board across task creation, status transitions, runtime types, owner/session access, and related background task ledger behavior. - name: Task pressure status coverageIds: [automation.task-pressure-status] description: Covers Task pressure status across task creation, status transitions, runtime types, owner/session access, and related background task ledger behavior. - name: Managed flows coverageIds: [automation.managed-flows] description: Covers Managed flows across managed and mirrored flow modes, flow registry persistence, revision tracking, owner-scoped access, and related task flow behavior. - name: Mirrored flows coverageIds: [automation.mirrored-flows] description: Covers Mirrored flows across managed and mirrored flow modes, flow registry persistence, revision tracking, owner-scoped access, and related task flow behavior. - name: openclaw tasks flow coverageIds: [automation.openclaw-tasks-flow] description: Covers openclaw tasks flow across managed and mirrored flow modes, flow registry persistence, revision tracking, owner-scoped access, and related task flow behavior. - name: Flow audit and maintenance coverageIds: [automation.flow-audit-and-maintenance] description: Covers Flow audit and maintenance across managed and mirrored flow modes, flow registry persistence, revision tracking, owner-scoped access, and related task flow behavior. - name: Plugin managedFlows coverageIds: [automation.plugin-managedflows] description: Covers Plugin managedFlows across managed and mirrored flow modes, flow registry persistence, revision tracking, owner-scoped access, and related task flow behavior. docs: - docs/automation/tasks.md - docs/automation/index.md - docs/cli/tasks.md - docs/automation/taskflow.md - docs/plugins/sdk-runtime.md search_anchors: - Task list/show/cancel - Task notifications - Task audit and maintenance - Chat task board - Task pressure status - Managed flows - Mirrored flows - openclaw tasks flow - Flow audit and maintenance - Plugin managedFlows category_note: background-task-ledger.md human_lts_override: false - name: Heartbeat id: heartbeat features: - name: Heartbeat scheduling coverageIds: [automation.heartbeat-scheduling] description: Covers Heartbeat scheduling across periodic heartbeat runs, active-hours and variable schedule behavior, wake/cooldown handling, heartbeat prompts and due-only task mode, and related heartbeat and commitments behavior. - name: Active hours coverageIds: [automation.active-hours] description: Covers Active hours across periodic heartbeat runs, active-hours and variable schedule behavior, wake/cooldown handling, heartbeat prompts and due-only task mode, and related heartbeat and commitments behavior. - name: Wake and cooldown handling coverageIds: [automation.wake-and-cooldown-handling] description: Covers Wake and cooldown handling across periodic heartbeat runs, active-hours and variable schedule behavior, wake/cooldown handling, heartbeat prompts and due-only task mode, and related heartbeat and commitments behavior. - name: Due-only heartbeat tasks coverageIds: [automation.due-only-heartbeat-tasks] description: Covers Due-only heartbeat tasks across periodic heartbeat runs, active-hours and variable schedule behavior, wake/cooldown handling, heartbeat prompts and due-only task mode, and related heartbeat and commitments behavior. - name: Commitment check-ins coverageIds: [commitments.heartbeat-target-none, commitments.scope, runtime.delivery] description: Covers Commitment check-ins across periodic heartbeat runs, active-hours and variable schedule behavior, wake/cooldown handling, heartbeat prompts and due-only task mode, and related heartbeat and commitments behavior. docs: - docs/automation/index.md - docs/gateway/heartbeat.md - docs/concepts/commitments.md search_anchors: - Heartbeat scheduling - Active hours - Wake and cooldown handling - Due-only heartbeat tasks - Commitment check-ins - openclaw cron category_note: heartbeat-commitments.md human_lts_override: false - name: Polling Controls id: polling-controls features: - name: openclaw message poll coverageIds: [automation.openclaw-message-poll] description: Covers openclaw message poll across `openclaw message poll`, channel poll adapters, poll parameter normalization, Teams/Matrix/Telegram poll support, and related message polls and process polling behavior. - name: Telegram polls coverageIds: [automation.telegram-polls] description: Covers Telegram polls across `openclaw message poll`, channel poll adapters, poll parameter normalization, Teams/Matrix/Telegram poll support, and related message polls and process polling behavior. - name: Teams polls coverageIds: [automation.teams-polls] description: Covers Teams polls across `openclaw message poll`, channel poll adapters, poll parameter normalization, Teams/Matrix/Telegram poll support, and related message polls and process polling behavior. - name: Poll flags coverageIds: [automation.poll-flags] description: Covers Poll flags across `openclaw message poll`, channel poll adapters, poll parameter normalization, Teams/Matrix/Telegram poll support, and related message polls and process polling behavior. - name: Channel capability gates coverageIds: [automation.channel-capability-gates] description: Covers Channel capability gates across `openclaw message poll`, channel poll adapters, poll parameter normalization, Teams/Matrix/Telegram poll support, and related message polls and process polling behavior. - name: process poll coverageIds: [automation.process-poll] description: Covers process poll across `openclaw message poll`, channel poll adapters, poll parameter normalization, Teams/Matrix/Telegram poll support, and related message polls and process polling behavior. - name: process log coverageIds: [automation.process-log] description: Covers process log across `openclaw message poll`, channel poll adapters, poll parameter normalization, Teams/Matrix/Telegram poll support, and related message polls and process polling behavior. - name: Background process status coverageIds: [automation.background-process-status] description: Covers Background process status across `openclaw message poll`, channel poll adapters, poll parameter normalization, Teams/Matrix/Telegram poll support, and related message polls and process polling behavior. - name: No-progress loop detection coverageIds: [automation.no-progress-loop-detection] description: Covers No-progress loop detection across `openclaw message poll`, channel poll adapters, poll parameter normalization, Teams/Matrix/Telegram poll support, and related message polls and process polling behavior. - name: Process input controls coverageIds: [automation.process-input-controls] description: Covers Process input controls across `openclaw message poll`, channel poll adapters, poll parameter normalization, Teams/Matrix/Telegram poll support, and related message polls and process polling behavior. docs: - docs/automation/poll.md - docs/cli/message.md - docs/channels/telegram.md - docs/channels/msteams.md - docs/gateway/background-process.md search_anchors: - openclaw message poll - Telegram polls - Teams polls - Poll flags - Channel capability gates - process poll - process log - Background process status category_note: message-polls-process-polling.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: media-understanding-and-media-generation name: Media understanding and media generation family: core level: alpha level_code: M2 rationale: Broad capability surface exists, but provider variance, file limits, and node/app parity make this not stable yet. completeness_instructions: references/completeness/media-understanding-and-media-generation.md categories: - name: Media Intake and Access id: media-intake-and-access features: - name: Local and remote media references coverageIds: [media.local-and-remote-media-references] description: 'Covers Local and remote media references across Included: Local and remote media references, including plain paths, `file://`, HTTP(S), and related media file intake, storage, and secure access behavior.' - name: MIME and type detection coverageIds: [media.mime-and-type-detection] description: 'Covers MIME and type detection across Included: Local and remote media references, including plain paths, `file://`, HTTP(S), and related media file intake, storage, and secure access behavior.' - name: Size caps and bounded reads coverageIds: [media.size-caps-and-bounded-reads] description: 'Covers Size caps and bounded reads across Included: Local and remote media references, including plain paths, `file://`, HTTP(S), and related media file intake, storage, and secure access behavior.' - name: Safe remote fetch coverageIds: [media.safe-remote-fetch] description: 'Covers Safe remote fetch across Included: Local and remote media references, including plain paths, `file://`, HTTP(S), and related media file intake, storage, and secure access behavior.' - name: Local root policy coverageIds: [media.local-root-policy] description: 'Covers Local root policy across Included: Local and remote media references, including plain paths, `file://`, HTTP(S), and related media file intake, storage, and secure access behavior.' - name: Inbound media store coverageIds: [media.inbound-media-store] description: 'Covers Inbound media store across Included: Local and remote media references, including plain paths, `file://`, HTTP(S), and related media file intake, storage, and secure access behavior.' - name: PDF/document extraction dispatch coverageIds: [media.pdf-document-extraction-dispatch] description: 'Covers PDF/document extraction dispatch across Included: Local and remote media references, including plain paths, `file://`, HTTP(S), and related media file intake, storage, and secure access behavior.' - name: QR and media helper classification coverageIds: [media.qr-and-media-helper-classification] description: 'Covers QR and media helper classification across Included: Local and remote media references, including plain paths, `file://`, HTTP(S), and related media file intake, storage, and secure access behavior.' docs: - docs/tools/media-overview.md - docs/nodes/media-understanding.md - docs/gateway/security/secure-file-operations.md - docs/tools/pdf.md - docs/tools/image-generation.md - docs/cli/qr.md - docs/channels/line.md - docs/channels/whatsapp.md search_anchors: - Local and remote media references - MIME and type detection - Size caps and bounded reads - Safe remote fetch - Local root policy - Inbound media store - PDF/document extraction dispatch - QR and media helper classification category_note: media-file-intake-storage-and-secure-access.md human_lts_override: false - name: Channel Media Handling id: channel-media-handling features: - name: Inbound attachment staging coverageIds: [media.inbound-attachment-staging] description: Covers Inbound attachment staging across inbound attachment staging, sandbox rewrites, `MediaPath`/`MediaPaths`/`MediaUrls` templating, media notes, and related channel attachment staging and reply media delivery behavior. - name: Sandbox media rewrites coverageIds: [media.sandbox-media-rewrites] description: Covers Sandbox media rewrites across inbound attachment staging, sandbox rewrites, `MediaPath`/`MediaPaths`/`MediaUrls` templating, media notes, and related channel attachment staging and reply media delivery behavior. - name: Reply media templating coverageIds: [media.reply-media-templating] description: Covers Reply media templating across inbound attachment staging, sandbox rewrites, `MediaPath`/`MediaPaths`/`MediaUrls` templating, media notes, and related channel attachment staging and reply media delivery behavior. - name: Message-tool attachment delivery coverageIds: [media.message-tool-attachment-delivery] description: Covers Message-tool attachment delivery across inbound attachment staging, sandbox rewrites, `MediaPath`/`MediaPaths`/`MediaUrls` templating, media notes, and related channel attachment staging and reply media delivery behavior. - name: Duplicate delivery suppression coverageIds: [media.duplicate-delivery-suppression] description: Covers Duplicate delivery suppression across inbound attachment staging, sandbox rewrites, `MediaPath`/`MediaPaths`/`MediaUrls` templating, media notes, and related channel attachment staging and reply media delivery behavior. docs: - docs/nodes/images.md - docs/tools/media-overview.md - docs/channels/discord.md search_anchors: - Inbound attachment staging - Sandbox media rewrites - Reply media templating - Message-tool attachment delivery - Duplicate delivery suppression - Media understanding (audio) - Provider + CLI fallback - Mention detection in groups category_note: channel-attachment-staging-and-reply-media-delivery.md human_lts_override: false - name: Media Configuration id: media-configuration features: - name: Media capability configuration coverageIds: [media.capability-configuration] description: tools.media image/audio/video config, shared and per-capability media model entries, provider/CLI entry resolution, auth-backed capability selection, fallback ordering, scope rules, concurrency, active-model skip behavior, offloaded image routing, image generation tool factory availability, image generation task status/list/duplicate guard, and generated-media delivery into the reply pipeline docs: - docs/tools/media-overview.md - docs/tools/image-generation.md - docs/plugins/manifest.md - docs/plugins/codex-harness.md search_anchors: - media understanding and media generation media understanding orchestration and configuration - media understanding orchestration and configuration category_note: media-understanding-orchestration-and-configuration.md human_lts_override: false - name: Text-to-Speech Delivery id: text-to-speech-delivery features: - name: TTS coverageIds: [media.tts] description: Covers TTS across `tts` agent/tool and Gateway methods, `messages.tts`, provider registry, directives, and related tts and outbound voice audio delivery behavior. - name: Outbound Voice Audio Delivery coverageIds: [media.outbound-voice-audio-delivery] description: Covers Outbound Voice Audio Delivery across `tts` agent/tool and Gateway methods, `messages.tts`, provider registry, directives, and related tts and outbound voice audio delivery behavior. docs: - docs/tools/tts.md - docs/tools/media-overview.md - docs/channels/discord.md search_anchors: - TTS - Outbound Voice Audio Delivery - media understanding and media generation tts and outbound voice audio delivery - tts and outbound voice audio delivery category_note: tts-and-outbound-voice-audio-delivery.md human_lts_override: false - name: Media Understanding id: media-understanding features: - name: Audio attachment selection coverageIds: [media.audio-attachment-selection] description: Covers Audio attachment selection across batch audio/STT media understanding, local CLI fallbacks, provider transcription, voice-note preflight before mention gates, and related audio transcription and voice note understanding behavior. - name: Batch STT provider and CLI fallback coverageIds: [media.batch-stt-provider-and-cli-fallback] description: Covers Batch STT provider and CLI fallback across batch audio/STT media understanding, local CLI fallbacks, provider transcription, voice-note preflight before mention gates, and related audio transcription and voice note understanding behavior. - name: Voice-note mention preflight coverageIds: [media.voice-note-mention-preflight] description: Covers Voice-note mention preflight across batch audio/STT media understanding, local CLI fallbacks, provider transcription, voice-note preflight before mention gates, and related audio transcription and voice note understanding behavior. - name: Transcript insertion and echo coverageIds: [media.transcript-insertion-and-echo] description: Covers Transcript insertion and echo across batch audio/STT media understanding, local CLI fallbacks, provider transcription, voice-note preflight before mention gates, and related audio transcription and voice note understanding behavior. - name: Audio proxy and limit handling coverageIds: [media.audio-proxy-and-limit-handling] description: Covers Audio proxy and limit handling across batch audio/STT media understanding, local CLI fallbacks, provider transcription, voice-note preflight before mention gates, and related audio transcription and voice note understanding behavior. - name: Inbound image summarization coverageIds: [channels.qa-channel, media.image-understanding, ui.control] description: Covers Inbound image summarization across image summarization before reply routing, active-model vision skip behavior, text-only model offload through `MediaPaths`/`media://inbound`, image-model fallback resolution, and related image understanding and vision routing behavior. - name: Active vision model bypass coverageIds: [media.active-vision-model-bypass] description: Covers Active vision model bypass across image summarization before reply routing, active-model vision skip behavior, text-only model offload through `MediaPaths`/`media://inbound`, image-model fallback resolution, and related image understanding and vision routing behavior. - name: Text-only model media offload coverageIds: [media.text-only-model-media-offload] description: Covers Text-only model media offload across image summarization before reply routing, active-model vision skip behavior, text-only model offload through `MediaPaths`/`media://inbound`, image-model fallback resolution, and related image understanding and vision routing behavior. - name: Vision provider fallback coverageIds: [media.vision-provider-fallback] description: Covers Vision provider fallback across image summarization before reply routing, active-model vision skip behavior, text-only model offload through `MediaPaths`/`media://inbound`, image-model fallback resolution, and related image understanding and vision routing behavior. - name: Image and PDF input routing coverageIds: [media.image-and-pdf-input-routing] description: Covers Image and PDF input routing across image summarization before reply routing, active-model vision skip behavior, text-only model offload through `MediaPaths`/`media://inbound`, image-model fallback resolution, and related image understanding and vision routing behavior. - name: Video Understanding coverageIds: [media.video-understanding] description: Covers Video Understanding across video summarization before reply routing, provider/CLI video media entries, size and timeout controls, proxy support, video request construction, and direct video analysis paths. It does not score video generation. - name: Direct Video Analysis coverageIds: [media.direct-video-analysis] description: Covers Direct Video Analysis across video summarization before reply routing, provider/CLI video media entries, size and timeout controls, proxy support, video request construction, and direct video analysis paths. It does not score video generation. docs: - docs/nodes/audio.md - docs/nodes/media-understanding.md - docs/tools/media-overview.md - docs/channels/whatsapp.md - docs/nodes/images.md - docs/cli/infer.md - docs/tools/pdf.md search_anchors: - Audio attachment selection - Batch STT provider and CLI fallback - Voice-note mention preflight - Transcript insertion and echo - Audio proxy and limit handling - Media understanding (audio) - Provider + CLI fallback - Mention detection in groups - Inbound image summarization - Active vision model bypass - Text-only model media offload - Vision provider fallback - Image and PDF input routing - Video Understanding - Direct Video Analysis - media understanding and media generation video understanding and direct video analysis - video understanding and direct video analysis category_note: image-understanding-and-vision-routing.md human_lts_override: false - name: Media Generation id: media-generation features: - name: Image generation tool invocation coverageIds: [channels.qa-channel, media.image-generation, tools.image-generate, tools.native-image-generation] description: Covers Image generation tool invocation across `image_generate`, model selection, provider registration, provider capability listing, and related image generation tool and provider routing behavior. - name: Image generation provider routing coverageIds: [media.image-generation, tools.native-image-generation] description: Covers image generation provider and model routing across `image_generate`, provider registration, provider capability listing, and related image generation tool behavior. - name: Reference image editing coverageIds: [media.reference-image-editing] description: Covers Reference image editing across `image_generate`, model selection, provider registration, provider capability listing, and related image generation tool and provider routing behavior. - name: Generated image task lifecycle coverageIds: [media.generated-image-task-lifecycle] description: Covers Generated image task lifecycle across `image_generate`, model selection, provider registration, provider capability listing, and related image generation tool and provider routing behavior. - name: Generated image persistence and delivery coverageIds: [media.image-generation-delivery] description: Covers Generated image persistence and delivery across `image_generate`, model selection, provider registration, provider capability listing, and related image generation tool and provider routing behavior. - name: Music generation tool invocation coverageIds: [media.music-generation-tool-invocation] description: Covers Music generation tool invocation across `music_generate`, provider/model config, lyrics/instrumental/duration/format controls, image reference inputs where supported, and related music generation tool and provider routing behavior. - name: Music generation provider controls coverageIds: [media.music-generation-provider-controls] description: Covers music generation provider and model controls across `music_generate`, provider/model config, lyrics/instrumental/duration/format controls, image reference inputs where supported, and related music generation routing behavior. - name: Lyrics, instrumental, duration, and format controls coverageIds: [media.lyrics-instrumental-duration-and-format-controls] description: Covers Lyrics, instrumental, duration, and format controls across `music_generate`, provider/model config, lyrics/instrumental/duration/format controls, image reference inputs where supported, and related music generation tool and provider routing behavior. - name: Reference inputs where supported coverageIds: [media.reference-inputs-where-supported] description: Covers Reference inputs where supported across `music_generate`, provider/model config, lyrics/instrumental/duration/format controls, image reference inputs where supported, and related music generation tool and provider routing behavior. - name: Music task lifecycle and duplicate status coverageIds: [media.music-task-lifecycle-and-duplicate-status] description: Covers Music task lifecycle and duplicate status across `music_generate`, provider/model config, lyrics/instrumental/duration/format controls, image reference inputs where supported, and related music generation tool and provider routing behavior. - name: Generated audio persistence and delivery coverageIds: [tools.tts] description: Covers Generated audio persistence and delivery across `music_generate`, provider/model config, lyrics/instrumental/duration/format controls, image reference inputs where supported, and related music generation tool and provider routing behavior. - name: Video generation tool invocation coverageIds: [media.video-generation-tool-invocation] description: Covers Video generation tool invocation across `video_generate`, mode resolution, provider capabilities, reference image/video/audio inputs, and related video generation tool and provider routing behavior. - name: Mode and provider capability selection coverageIds: [media.mode-and-provider-capability-selection] description: Covers Mode and provider capability selection across `video_generate`, mode resolution, provider capabilities, reference image/video/audio inputs, and related video generation tool and provider routing behavior. - name: Reference image, video, and audio inputs coverageIds: [media.reference-image-video-and-audio-inputs] description: Covers Reference image, video, and audio inputs across `video_generate`, mode resolution, provider capabilities, reference image/video/audio inputs, and related video generation tool and provider routing behavior. - name: Provider option validation coverageIds: [media.provider-option-validation] description: Covers Provider option validation across `video_generate`, mode resolution, provider capabilities, reference image/video/audio inputs, and related video generation tool and provider routing behavior. - name: Video task lifecycle and status coverageIds: [media.video-task-lifecycle-and-status] description: Covers Video task lifecycle and status across `video_generate`, mode resolution, provider capabilities, reference image/video/audio inputs, and related video generation tool and provider routing behavior. - name: Generated video persistence and delivery coverageIds: [media.generated-video-persistence-and-delivery] description: Covers Generated video persistence and delivery across `video_generate`, mode resolution, provider capabilities, reference image/video/audio inputs, and related video generation tool and provider routing behavior. docs: - docs/tools/image-generation.md - docs/tools/media-overview.md - docs/tools/skills.md - docs/tools/music-generation.md - docs/tools/video-generation.md search_anchors: - Image generation tool invocation - Image generation provider routing - Reference image editing - Generated image task lifecycle - Generated image persistence and delivery - Media understanding (audio) - Provider + CLI fallback - Mention detection in groups - Music generation tool invocation - Music generation provider controls - Lyrics, instrumental, duration, and format controls - Reference inputs where supported - Music task lifecycle and duplicate status - Generated audio persistence and delivery - Video generation tool invocation - Mode and provider capability selection - Reference image, video, and audio inputs - Provider option validation - Video task lifecycle and status - Generated video persistence and delivery category_note: image-generation-tool-and-provider-routing.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: voice-and-realtime-talk name: Voice and realtime talk family: core level: alpha level_code: M2 rationale: Multiple implementations exist across Control UI, apps, and providers. Needs latency, failure-mode, and setup scorecards before beta. completeness_instructions: references/completeness/voice-and-realtime-talk.md categories: - name: Talk Providers id: talk-providers features: - name: OpenAI Realtime voice backend bridge coverageIds: [voice.openai-realtime-voice-backend-bridge] description: OpenAI Realtime voice backend bridge and browser WebRTC credential path - name: Google Gemini Live backend bridge coverageIds: [voice.google-gemini-live-backend-bridge] description: Google Gemini Live backend bridge and browser token/WebSocket path - name: Realtime voice provider SDK contracts coverageIds: [voice.realtime-voice-provider-sdk-contracts] description: Realtime voice provider SDK contracts, activation metadata, provider registry, and resolver - name: Provider diagnostics coverageIds: [models.diagnostics] description: Provider diagnostics, reconnect behavior, tool declarations, and bridge session lifecycle - name: Talk catalog coverageIds: [voice.talk-catalog] description: Talk catalog discovery for transport, brain, speech, realtime voice, and transcription providers. - name: Talk provider config coverageIds: [voice.talk-provider-config] description: Talk provider selection, provider-specific realtime settings, and secret exposure rules. - name: Shared native config parsing coverageIds: [voice.shared-native-config-parsing] description: Shared native config parsing for macOS, iOS, and Android docs: - docs/providers/openai.md - docs/providers/google.md - docs/plugins/sdk-provider-plugins.md - docs/nodes/talk.md - docs/web/control-ui.md search_anchors: - OpenAI Realtime - Google Gemini Live - realtime voice provider - talk.catalog - talk.config category_note: talk-configuration-catalog-and-provider-selection.md human_lts_override: false - name: Realtime Talk Sessions id: realtime-talk-sessions features: - name: Agent consult handoff coverageIds: [voice.agent-consult-handoff] description: Consult handoff behavior between active Talk sessions and agent runs. - name: Active Talk agent-run status coverageIds: [voice.active-talk-agent-run-status] description: Active Talk agent-run status, cancel, steer, and follow-up controls - name: Talkback runtime behavior coverageIds: [voice.talkback-runtime-behavior] description: Talkback runtime behavior and assistant speech coordination - name: Forced consult scheduling coverageIds: [voice.forced-consult-scheduling] description: Forced consult scheduling and control event propagation - name: Browser Talk start/stop UI coverageIds: [voice.browser-talk-start-stop-ui] description: Browser Talk start/stop UI and status display - name: Browser WebRTC sessions coverageIds: [voice.browser-webrtc-sessions] description: Browser WebRTC sessions for OpenAI Realtime and Google Live providers. - name: Browser relay mode coverageIds: [voice.browser-relay-mode] description: Browser relay mode for backend-only realtime providers. - name: Browser tool-call forwarding coverageIds: [voice.browser-tool-call-forwarding] description: Browser tool-call forwarding, transcript events, and audio playback - name: Realtime session controls coverageIds: [voice.realtime-session-controls] description: Realtime session create, audio append, turn cancellation, steering, tool-result submission, and close controls. - name: Gateway relay sessions coverageIds: [voice.gateway-relay-sessions] description: Gateway relay sessions for realtime voice and transcription flows. - name: Audio-frame limits coverageIds: [voice.audio-frame-limits] description: Audio-frame limits, session TTL, per-connection/global caps, transcript events, and relay cleanup docs: - docs/nodes/talk.md - docs/web/control-ui.md search_anchors: - Talk agent-run status - talkback - consult handoff - Browser Talk start/stop - OpenAI WebRTC - browser relay mode - talk.session.create - appendAudio - cancelTurn - submitToolResult category_note: gateway-relay-and-realtime-session-runtime.md human_lts_override: false - name: Speech and Transcription id: speech-and-transcription features: - name: Voice directives coverageIds: [voice.directives] description: Voice directives and directive stripping before TTS playback. - name: Talk speech playback coverageIds: [voice.talk-speech-playback] description: Gateway talk.speak and fallback TTS behavior. - name: Transcription relay sessions coverageIds: [voice.transcription-relay-sessions] description: Gateway transcription relay sessions, transcript events, and cleanup behavior. - name: Realtime transcription providers coverageIds: [models.realtime-transcription-providers] description: Realtime transcription provider selection, diagnostics, and provider-specific bridge behavior. - name: Native directive parsing coverageIds: [voice.native-directive-parsing] description: Native directive parsing and Talk speech locale behavior docs: - docs/nodes/talk.md - docs/providers/openai.md - docs/providers/google.md search_anchors: - talk.speak - voice directives - transcription relay sessions category_note: speech-transcription-directives-and-talk-speak.md human_lts_override: false - name: Native App Talk id: native-app-talk features: - name: macOS native Talk mode coverageIds: [voice.macos-native-talk-mode] description: macOS native Talk mode, speech recognition, TTS playback, and push-to-talk handoff - name: iOS Talk mode coverageIds: [voice.ios-talk-mode] description: iOS Talk mode, WebRTC sessions, realtime relay sessions, and wake preferences - name: Android Talk mode coverageIds: [voice.android-talk-mode] description: Android Talk mode, speech-recognizer mode, realtime relay, mic capture, and debug E2E receiver - name: Shared Talk config coverageIds: [voice.shared-talk-config] description: Shared Talk config and command parsing docs: - docs/nodes/talk.md - docs/platforms/mac/voicewake.md search_anchors: - macOS native Talk mode - iOS Talk mode - Android Talk mode category_note: native-app-talk-loops-ios-android-macos.md human_lts_override: false - name: Voice Wake and Routing id: voice-wake-and-routing features: - name: Wake-word settings coverageIds: [voice.wake-word-settings] description: Gateway-owned wake-word settings and routing preferences. - name: Wake routing coverageIds: [voice.wake-routing] description: Default, last-focused app, local app, and specific-node routing methods. - name: macOS Voice Wake runtime coverageIds: [voice.macos-voice-wake-runtime] description: macOS Voice Wake runtime, push-to-talk hotkey, overlay adoption, pause/resume behavior, and forwarding - name: Mobile wake preferences coverageIds: [voice.mobile-wake-preferences] description: iOS and Android wake preferences and command extraction. docs: - docs/nodes/voicewake.md - docs/platforms/mac/voicewake.md - docs/platforms/mac/voice-overlay.md search_anchors: - Voice Wake - push-to-talk - wake-word settings category_note: voice-wake-push-to-talk-and-routing.md human_lts_override: false - name: Talk Observability id: talk-observability features: - name: Talk event logging coverageIds: [voice.talk-event-logging] description: Talk event logging and diagnostics event mapping - name: Session-log health coverageIds: [voice.session-log-health] description: Session-log health, transcript records, bridge events, and echo/output suppression timing - name: Live smoke output coverageIds: [voice.live-smoke-output] description: Live smoke output and provider event inspection - name: Prometheus diagnostic counters coverageIds: [voice.prometheus-diagnostic-counters] description: Prometheus diagnostic counters for Talk events - name: Operator visibility into setup coverageIds: [voice.operator-visibility-into-setup] description: Operator visibility into setup, latency, and failure modes docs: - docs/web/control-ui.md - docs/platforms/mac/voice-overlay.md - docs/nodes/talk.md search_anchors: - Talk event logging - session-log health - latency visibility category_note: observability-diagnostics-session-health-and-latency.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: browser-control-ui-and-webchat name: Gateway Web App family: core level: beta level_code: M3 rationale: Web UI is documented with pairing, chat, PWA, Talk, push, and remote Gateway flows. Promote after cross-browser and mobile-PWA scorecards. completeness_instructions: references/completeness/browser-control-ui-and-webchat.md categories: - name: Browser Realtime Talk id: browser-realtime-talk features: - name: Browser Talk start/stop coverageIds: [ui.browser-talk-start-stop] description: Covers Browser Talk start/stop across browser Talk controls, Talk options, OpenAI browser WebRTC, Google Live/provider WebSocket, and related browser realtime talk behavior. - name: Provider session selection coverageIds: [ui.provider-session-selection] description: Covers Provider session selection across browser Talk controls, Talk options, OpenAI browser WebRTC, Google Live/provider WebSocket, and related browser realtime talk behavior. - name: Gateway relay audio coverageIds: [ui.gateway-relay-audio] description: Covers Gateway relay audio across browser Talk controls, Talk options, OpenAI browser WebRTC, Google Live/provider WebSocket, and related browser realtime talk behavior. - name: Tool-call consults coverageIds: [ui.tool-call-consults] description: Covers Tool-call consults across browser Talk controls, Talk options, OpenAI browser WebRTC, Google Live/provider WebSocket, and related browser realtime talk behavior. - name: Steer and cancel coverageIds: [ui.steer-and-cancel] description: Covers Steer and cancel across browser Talk controls, Talk options, OpenAI browser WebRTC, Google Live/provider WebSocket, and related browser realtime talk behavior. docs: - docs/web/control-ui.md - docs/gateway/protocol.md - docs/nodes/talk.md search_anchors: - Browser Talk start/stop - Provider session selection - Gateway relay audio - Tool-call consults - Steer and cancel - What it can do (today) - Chat behavior - PWA install and web push category_note: browser-realtime-talk-controls-and-voice-transports.md human_lts_override: false - name: Browser Access and Trust id: browser-access-and-trust features: - name: Device pairing coverageIds: [ui.device-pairing] description: Covers Device pairing across Control UI/WebChat Gateway connection setup, browser-origin checks, token/password auth, trusted-proxy and Tailscale Serve auth, and related gateway connection, auth, device pairing, and remote origins behavior. - name: Token/password auth coverageIds: [ui.token-password-auth] description: Covers Token/password auth across Control UI/WebChat Gateway connection setup, browser-origin checks, token/password auth, trusted-proxy and Tailscale Serve auth, and related gateway connection, auth, device pairing, and remote origins behavior. - name: Tailscale Serve auth coverageIds: [ui.tailscale-serve-auth] description: Covers Tailscale Serve auth across Control UI/WebChat Gateway connection setup, browser-origin checks, token/password auth, trusted-proxy and Tailscale Serve auth, and related gateway connection, auth, device pairing, and remote origins behavior. - name: Trusted proxy auth coverageIds: [security.trusted-proxy-auth] description: Covers Trusted proxy auth across Control UI/WebChat Gateway connection setup, browser-origin checks, token/password auth, trusted-proxy and Tailscale Serve auth, and related gateway connection, auth, device pairing, and remote origins behavior. - name: Allowed origins/gatewayUrl coverageIds: [ui.allowed-origins-gatewayurl] description: Covers Allowed origins/gatewayUrl across Control UI/WebChat Gateway connection setup, browser-origin checks, token/password auth, trusted-proxy and Tailscale Serve auth, and related gateway connection, auth, device pairing, and remote origins behavior. docs: - docs/web/control-ui.md - docs/web/dashboard.md - docs/gateway/tailscale.md - docs/gateway/remote.md search_anchors: - Device pairing - Token/password auth - Tailscale Serve auth - Trusted proxy auth - Allowed origins/gatewayUrl - What it can do (today) - Chat behavior - PWA install and web push category_note: gateway-connection-auth-device-pairing-and-origins.md human_lts_override: false - name: Configuration id: configuration features: - name: Config snapshots coverageIds: [ui.config-snapshots] description: Covers Config snapshots across `config.get`, `config.set`, `config.apply`, `config.patch`, and related config schema editing and safe writes behavior. - name: Schema form editing coverageIds: [ui.schema-form-editing] description: Covers Schema form editing across `config.get`, `config.set`, `config.apply`, `config.patch`, and related config schema editing and safe writes behavior. - name: Raw JSON editing coverageIds: [ui.raw-json-editing] description: Covers Raw JSON editing across `config.get`, `config.set`, `config.apply`, `config.patch`, and related config schema editing and safe writes behavior. - name: Base-hash guarded writes coverageIds: [ui.base-hash-guarded-writes] description: Covers Base-hash guarded writes across `config.get`, `config.set`, `config.apply`, `config.patch`, and related config schema editing and safe writes behavior. - name: Apply and restart coverageIds: [ui.apply-and-restart] description: Covers Apply and restart across `config.get`, `config.set`, `config.apply`, `config.patch`, and related config schema editing and safe writes behavior. docs: - docs/web/control-ui.md - docs/gateway/configuration.md search_anchors: - Config snapshots - Schema form editing - Raw JSON editing - Base-hash guarded writes - Apply and restart - What it can do (today) - Chat behavior - PWA install and web push category_note: config-schema-editing-and-safe-writes.md human_lts_override: false - name: Browser UI id: browser-ui features: - name: Gateway-hosted UI coverageIds: [channels.qa-channel, media.image-understanding, ui.control] description: Covers Gateway-hosted UI across serving the Control UI bundle from the Gateway, root and base-path routing, static asset MIME/cache behavior, public PWA assets, and related control ui shell and routing behavior. - name: Dashboard open/auth bootstrap coverageIds: [ui.dashboard-auth-bootstrap] description: Covers Dashboard open/auth bootstrap across serving the Control UI bundle from the Gateway, root and base-path routing, static asset MIME/cache behavior, public PWA assets, and related control ui shell and routing behavior. - name: Base-path routing coverageIds: [ui.base-path-routing] description: Covers Base-path routing across serving the Control UI bundle from the Gateway, root and base-path routing, static asset MIME/cache behavior, public PWA assets, and related control ui shell and routing behavior. - name: Static asset recovery coverageIds: [ui.static-asset-recovery] description: Covers Static asset recovery across serving the Control UI bundle from the Gateway, root and base-path routing, static asset MIME/cache behavior, public PWA assets, and related control ui shell and routing behavior. - name: Dev gatewayUrl target coverageIds: [ui.dev-gatewayurl-target] description: Covers Dev gatewayUrl target across serving the Control UI bundle from the Gateway, root and base-path routing, static asset MIME/cache behavior, public PWA assets, and related control ui shell and routing behavior. - name: PWA install metadata coverageIds: [ui.pwa-install-metadata] description: Covers PWA install metadata across browser PWA install metadata, production service-worker registration, push event handling, notification-click behavior, and related pwa install and web push notifications behavior. - name: Service worker updates coverageIds: [ui.service-worker-updates] description: Covers Service worker updates across browser PWA install metadata, production service-worker registration, push event handling, notification-click behavior, and related pwa install and web push notifications behavior. - name: VAPID keys coverageIds: [ui.vapid-keys] description: Covers VAPID keys across browser PWA install metadata, production service-worker registration, push event handling, notification-click behavior, and related pwa install and web push notifications behavior. - name: Subscribe/unsubscribe coverageIds: [ui.subscribe-unsubscribe] description: Covers Subscribe/unsubscribe across browser PWA install metadata, production service-worker registration, push event handling, notification-click behavior, and related pwa install and web push notifications behavior. - name: Test notifications coverageIds: [ui.test-notifications] description: Covers Test notifications across browser PWA install metadata, production service-worker registration, push event handling, notification-click behavior, and related pwa install and web push notifications behavior. docs: - docs/web/control-ui.md - docs/web/index.md - docs/web/dashboard.md - docs/gateway/protocol.md search_anchors: - Gateway-hosted UI - Dashboard open/auth bootstrap - Base-path routing - Static asset recovery - Dev gatewayUrl target - What it can do (today) - Chat behavior - PWA install and web push - PWA install metadata - Service worker updates - VAPID keys - Subscribe/unsubscribe - Test notifications category_note: control-ui-static-shell-routing-and-pwa.md human_lts_override: false - name: WebChat Conversations id: webchat-conversations features: - name: Send and abort coverageIds: [ui.send-and-abort] description: 'Covers Send and abort across browser chat composition and display UX after an authenticated Gateway connection exists: composer controls, slash commands, session and agent filtering, model/thinking overrides, and related chat composer and message rendering behavior.' - name: Session and agent picker coverageIds: [ui.session-and-agent-picker] description: 'Covers Session and agent picker across browser chat composition and display UX after an authenticated Gateway connection exists: composer controls, slash commands, session and agent filtering, model/thinking overrides, and related chat composer and message rendering behavior.' - name: Model/thinking controls coverageIds: [ui.model-thinking-controls] description: 'Covers Model/thinking controls across browser chat composition and display UX after an authenticated Gateway connection exists: composer controls, slash commands, session and agent filtering, model/thinking overrides, and related chat composer and message rendering behavior.' - name: Attachments coverageIds: [ui.attachments] description: 'Covers Attachments across browser chat composition and display UX after an authenticated Gateway connection exists: composer controls, slash commands, session and agent filtering, model/thinking overrides, and related chat composer and message rendering behavior.' - name: Markdown/tool/media rendering coverageIds: [ui.markdown-tool-media-rendering] description: 'Covers Markdown/tool/media rendering across browser chat composition and display UX after an authenticated Gateway connection exists: composer controls, slash commands, session and agent filtering, model/thinking overrides, and related chat composer and message rendering behavior.' - name: chat.history projection coverageIds: [ui.chat-history-projection] description: Covers chat.history projection across Gateway WebChat RPC/runtime contract, durable transcript projection, active run lifecycle, abort and partial retention, and related webchat runtime and session continuity behavior. - name: chat.send lifecycle coverageIds: [channels.qa-channel, channels.webchat, media.image-understanding, runtime.direct-reply-routing, tools.message, ui.control] description: Covers chat.send lifecycle across Gateway WebChat RPC/runtime contract, durable transcript projection, active run lifecycle, abort and partial retention, and related webchat runtime and session continuity behavior. - name: Abort/partial retention coverageIds: [ui.abort-partial-retention] description: Covers Abort/partial retention across Gateway WebChat RPC/runtime contract, durable transcript projection, active run lifecycle, abort and partial retention, and related webchat runtime and session continuity behavior. - name: Injected assistant notes coverageIds: [ui.injected-assistant-notes] description: Covers Injected assistant notes across Gateway WebChat RPC/runtime contract, durable transcript projection, active run lifecycle, abort and partial retention, and related webchat runtime and session continuity behavior. - name: Reconnect continuity coverageIds: [ui.reconnect-continuity] description: Covers Reconnect continuity across Gateway WebChat RPC/runtime contract, durable transcript projection, active run lifecycle, abort and partial retention, and related webchat runtime and session continuity behavior. - name: Hosted embeds coverageIds: [ui.hosted-embeds] description: Covers Hosted embeds across `[embed ...]` rendering policy, `gateway.controlUi.embedSandbox`, external embed URL gating, CSP and frame denial, and related hosted media and embed safety behavior. - name: External embed gating coverageIds: [ui.external-embed-gating] description: Covers External embed gating across `[embed ...]` rendering policy, `gateway.controlUi.embedSandbox`, external embed URL gating, CSP and frame denial, and related hosted media and embed safety behavior. - name: Assistant media tickets coverageIds: [ui.assistant-media-tickets] description: Covers Assistant media tickets across `[embed ...]` rendering policy, `gateway.controlUi.embedSandbox`, external embed URL gating, CSP and frame denial, and related hosted media and embed safety behavior. - name: Authenticated avatars coverageIds: [ui.authenticated-avatars] description: Covers Authenticated avatars across `[embed ...]` rendering policy, `gateway.controlUi.embedSandbox`, external embed URL gating, CSP and frame denial, and related hosted media and embed safety behavior. - name: CSP image policy coverageIds: [ui.csp-image-policy] description: Covers CSP image policy across `[embed ...]` rendering policy, `gateway.controlUi.embedSandbox`, external embed URL gating, CSP and frame denial, and related hosted media and embed safety behavior. docs: - docs/web/control-ui.md - docs/web/webchat.md - docs/start/getting-started.md - docs/channels/channel-routing.md - docs/gateway/security/secure-file-operations.md search_anchors: - Send and abort - Session and agent picker - Model/thinking controls - Attachments - Markdown/tool/media rendering - What it can do (today) - Chat behavior - PWA install and web push - chat.history projection - chat.send lifecycle - Abort/partial retention - Injected assistant notes - Reconnect continuity - Hosted embeds - External embed gating - Assistant media tickets - Authenticated avatars - CSP image policy category_note: chat-composer-session-model-controls-and-rendering.md human_lts_override: false - name: Operator Console id: operator-console features: - name: Health/status/models coverageIds: [ui.health-status-models] description: Covers Health/status/models across Debug, Logs, Update, Activity, and related diagnostics, logs, update, and activity behavior. - name: Live log tail coverageIds: [ui.live-log-tail] description: Covers Live log tail across Debug, Logs, Update, Activity, and related diagnostics, logs, update, and activity behavior. - name: Update run/status coverageIds: [runtime.gateway-restart, runtime.package-update, runtime.update-run] description: Covers Update run/status across Debug, Logs, Update, Activity, and related diagnostics, logs, update, and activity behavior. - name: Activity summaries coverageIds: [ui.activity-summaries] description: Covers Activity summaries across Debug, Logs, Update, Activity, and related diagnostics, logs, update, and activity behavior. - name: RPC timing telemetry coverageIds: [ui.rpc-timing-telemetry] description: Covers RPC timing telemetry across Debug, Logs, Update, Activity, and related diagnostics, logs, update, and activity behavior. - name: Channels/login coverageIds: [ui.channels-login] description: 'Covers Channels/login across non-config operator panels in the browser Control UI: channels and login, instances/presence, sessions, cron jobs, skills, nodes, exec approvals, agents, usage, dreams, and the dashboard navigation that surfaces them.' - name: Session manager and history coverageIds: [ui.session-manager-and-history] description: Covers browser Control UI session manager, session history, instance presence, approvals, diagnostics, and log tabs. - name: Cron coverageIds: [ui.cron] description: 'Covers Cron across non-config operator panels in the browser Control UI: channels and login, instances/presence, sessions, cron jobs, skills, nodes, exec approvals, agents, usage, dreams, and the dashboard navigation that surfaces them.' - name: Skills/nodes coverageIds: [ui.skills-nodes] description: 'Covers Skills/nodes across non-config operator panels in the browser Control UI: channels and login, instances/presence, sessions, cron jobs, skills, nodes, exec approvals, agents, usage, dreams, and the dashboard navigation that surfaces them.' - name: Exec approvals/agents coverageIds: [ui.exec-approvals-agents] description: 'Covers Exec approvals/agents across non-config operator panels in the browser Control UI: channels and login, instances/presence, sessions, cron jobs, skills, nodes, exec approvals, agents, usage, dreams, and the dashboard navigation that surfaces them.' docs: - docs/web/control-ui.md - docs/gateway/health.md - docs/gateway/protocol.md - docs/web/dashboard.md search_anchors: - Health/status/models - Live log tail - Update run/status - Activity summaries - RPC timing telemetry - What it can do (today) - Chat behavior - PWA install and web push - Channels/login - session manager - session history - Cron - Skills/nodes - Exec approvals/agents category_note: diagnostics-logs-update-and-activity.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: tui-and-terminal-ux name: TUI family: core level: alpha level_code: M2 rationale: Present in docs and source, but less visible as a primary user workflow. Needs explicit scenario definition. completeness_instructions: references/completeness/tui-and-terminal-ux.md categories: - name: Runtime Modes id: runtime-modes features: - name: Gateway TUI launch coverageIds: [tui.gateway-tui-launch] description: Covers Gateway TUI launch across `openclaw tui`, `openclaw chat`, `openclaw terminal`, local-vs-Gateway option validation, launch relaunching from setup/hatch paths, initial message and timeout flags, and launch docs. - name: Local chat launch coverageIds: [tui.local-chat-launch] description: Covers Local chat launch across `openclaw tui`, `openclaw chat`, `openclaw terminal`, local-vs-Gateway option validation, launch relaunching from setup/hatch paths, initial message and timeout flags, and launch docs. - name: Terminal alias launch coverageIds: [tui.terminal-alias-launch] description: Covers Terminal alias launch across `openclaw tui`, `openclaw chat`, `openclaw terminal`, local-vs-Gateway option validation, launch relaunching from setup/hatch paths, initial message and timeout flags, and launch docs. - name: Initial message launch coverageIds: [tui.initial-message-launch] description: Covers Initial message launch across `openclaw tui`, `openclaw chat`, `openclaw terminal`, local-vs-Gateway option validation, launch relaunching from setup/hatch paths, initial message and timeout flags, and launch docs. - name: Launch option validation coverageIds: [tui.launch-option-validation] description: Covers Launch option validation across `openclaw tui`, `openclaw chat`, `openclaw terminal`, local-vs-Gateway option validation, launch relaunching from setup/hatch paths, initial message and timeout flags, and launch docs. - name: Gateway connection coverageIds: [tui.gateway-connection] description: Covers Gateway connection across Gateway connection resolution, token/password/SecretRef auth for TUI, `--url` auth requirements, client mode/capability registration, and related gateway transport, auth, and history behavior. - name: Gateway authentication coverageIds: [tui.gateway-authentication] description: Covers Gateway authentication across Gateway connection resolution, token/password/SecretRef auth for TUI, `--url` auth requirements, client mode/capability registration, and related gateway transport, auth, and history behavior. - name: History load on attach coverageIds: [tui.history-load-on-attach] description: Covers History load on attach across Gateway connection resolution, token/password/SecretRef auth for TUI, `--url` auth requirements, client mode/capability registration, and related gateway transport, auth, and history behavior. - name: Reconnect visibility coverageIds: [tui.reconnect-visibility] description: Covers Reconnect visibility across Gateway connection resolution, token/password/SecretRef auth for TUI, `--url` auth requirements, client mode/capability registration, and related gateway transport, auth, and history behavior. - name: Gateway command RPCs coverageIds: [tui.gateway-command-rpcs] description: Covers Gateway command RPCs across Gateway connection resolution, token/password/SecretRef auth for TUI, `--url` auth requirements, client mode/capability registration, and related gateway transport, auth, and history behavior. - name: Embedded local chat coverageIds: [tui.embedded-local-chat] description: Covers Embedded local chat across embedded backend lifecycle, local model catalog loading, local `chat.send` event projection, queued local runs, local session history, local `/auth`, local config repair docs, and Gateway-free recovery scenarios. - name: Local auth flow coverageIds: [tui.local-auth-flow] description: Covers Local auth flow across embedded backend lifecycle, local model catalog loading, local `chat.send` event projection, queued local runs, local session history, local `/auth`, local config repair docs, and Gateway-free recovery scenarios. - name: Config repair loop coverageIds: [tui.config-repair-loop] description: Covers Config repair loop across embedded backend lifecycle, local model catalog loading, local `chat.send` event projection, queued local runs, local session history, local `/auth`, local config repair docs, and Gateway-free recovery scenarios. - name: Gateway-free recovery coverageIds: [tui.gateway-free-recovery] description: Covers Gateway-free recovery across embedded backend lifecycle, local model catalog loading, local `chat.send` event projection, queued local runs, local session history, local `/auth`, local config repair docs, and Gateway-free recovery scenarios. docs: - docs/cli/tui.md - docs/web/tui.md - docs/cli/index.md search_anchors: - Gateway TUI launch - Local chat launch - Terminal alias launch - Initial message launch - Launch option validation - keyboard shortcuts - gateway mode - local mode - Gateway connection - Gateway authentication - History load on attach - Reconnect visibility - Gateway command RPCs - Embedded local chat - Local auth flow - Config repair loop - Gateway-free recovery - pickers + overlays category_note: launch-modes-and-cli-entrypoints.md human_lts_override: false - name: Input and Commands id: input-and-commands features: - name: Message composition coverageIds: [tui.message-composition] description: Covers Message composition across editor, submit handler, input history, slash/local shell routing, busy-submit behavior, paste fallback, backspace dedupe, Ctrl/Esc shortcuts, AltGr handling, and documented keyboard shortcuts. - name: Input history coverageIds: [tui.input-history] description: Covers Input history across editor, submit handler, input history, slash/local shell routing, busy-submit behavior, paste fallback, backspace dedupe, Ctrl/Esc shortcuts, AltGr handling, and documented keyboard shortcuts. - name: Keyboard shortcuts coverageIds: [tui.keyboard-shortcuts] description: Covers Keyboard shortcuts across editor, submit handler, input history, slash/local shell routing, busy-submit behavior, paste fallback, backspace dedupe, Ctrl/Esc shortcuts, AltGr handling, and documented keyboard shortcuts. - name: Paste and busy-submit handling coverageIds: [tui.paste-and-busy-submit-handling] description: Covers Paste and busy-submit handling across editor, submit handler, input history, slash/local shell routing, busy-submit behavior, paste fallback, backspace dedupe, Ctrl/Esc shortcuts, AltGr handling, and documented keyboard shortcuts. - name: IME and AltGr handling coverageIds: [tui.ime-and-altgr-handling] description: Covers IME and AltGr handling across editor, submit handler, input history, slash/local shell routing, busy-submit behavior, paste fallback, backspace dedupe, Ctrl/Esc shortcuts, AltGr handling, and documented keyboard shortcuts. - name: Slash Commands coverageIds: [slack.slash-commands] description: Covers Slash Commands across slash command parsing, command forwarding, local-only commands, model/agent/session selectors, settings overlay, context mode picker, dynamic Gateway command list, session patch commands, and command docs. - name: Pickers coverageIds: [tui.pickers] description: Covers Pickers across slash command parsing, command forwarding, local-only commands, model/agent/session selectors, settings overlay, context mode picker, dynamic Gateway command list, session patch commands, and command docs. - name: Settings coverageIds: [tui.settings] description: Covers Settings across slash command parsing, command forwarding, local-only commands, model/agent/session selectors, settings overlay, context mode picker, dynamic Gateway command list, session patch commands, and command docs. docs: - docs/web/tui.md search_anchors: - Message composition - Input history - Keyboard shortcuts - Paste and busy-submit handling - IME and AltGr handling - gateway mode - local mode - Slash Commands - Pickers - Settings - tui and terminal ux slash commands, pickers, and settings - slash commands, pickers, and settings category_note: composer-keybindings-and-input-editing.md human_lts_override: false - name: Session Management id: session-management features: - name: Session Lifecycle coverageIds: [tui.session-lifecycle] description: Covers Session Lifecycle across session-key resolution, last selected session persistence, session picker policy, history loading, and related session lifecycle, history, and resume behavior. - name: History coverageIds: [tui.history] description: Covers History across session-key resolution, last selected session persistence, session picker policy, history loading, and related session lifecycle, history, and resume behavior. - name: Resume coverageIds: [tui.resume] description: Covers Resume across session-key resolution, last selected session persistence, session picker policy, history loading, and related session lifecycle, history, and resume behavior. docs: - docs/web/tui.md - docs/cli/sessions.md search_anchors: - Session Lifecycle - History - Resume - tui and terminal ux session lifecycle, history, and resume - session lifecycle, history, and resume category_note: session-lifecycle-history-and-resume.md human_lts_override: false - name: Local Shell Execution id: local-shell-execution features: - name: Bang-command routing coverageIds: [tui.bang-command-routing] description: Covers Bang-command routing across `!` routing, local exec approval prompt, Yes/No overlay, command execution, output capture and cap, exit/error rendering, environment marker, cwd handling, and docs that distinguish local host execution from Gateway execution. - name: Approval prompt coverageIds: [tui.approval-prompt] description: Covers Approval prompt across `!` routing, local exec approval prompt, Yes/No overlay, command execution, output capture and cap, exit/error rendering, environment marker, cwd handling, and docs that distinguish local host execution from Gateway execution. - name: Command output display coverageIds: [tui.command-output-display] description: Covers Command output display across `!` routing, local exec approval prompt, Yes/No overlay, command execution, output capture and cap, exit/error rendering, environment marker, cwd handling, and docs that distinguish local host execution from Gateway execution. - name: Execution environment marker coverageIds: [tui.execution-environment-marker] description: Covers Execution environment marker across `!` routing, local exec approval prompt, Yes/No overlay, command execution, output capture and cap, exit/error rendering, environment marker, cwd handling, and docs that distinguish local host execution from Gateway execution. docs: - docs/web/tui.md - docs/cli/tui.md search_anchors: - Bang-command routing - Approval prompt - Command output display - Execution environment marker - keyboard shortcuts - gateway mode - local mode - pickers + overlays category_note: local-shell-execution-and-approval-boundary.md human_lts_override: false - name: Rendering and Output Safety id: rendering-and-output-safety features: - name: Streaming Message Rendering coverageIds: [tui.streaming-message-rendering] description: Covers Streaming Message Rendering across chat log rendering, assistant stream assembly, final/error resolution, thinking visibility, and related streaming message rendering and tool cards behavior. - name: Tool Cards coverageIds: [tui.tool-cards] description: Covers Tool Cards across chat log rendering, assistant stream assembly, final/error resolution, thinking visibility, and related streaming message rendering and tool cards behavior. - name: Terminal Rendering Primitives coverageIds: [tui.terminal-rendering-primitives] description: 'Covers Terminal Rendering Primitives across shared terminal output helpers used by CLI/TUI surfaces: safe stream writing, text sanitization, ANSI/OSC handling, table wrapping, and related terminal rendering primitives and output safety behavior.' - name: Output Safety coverageIds: [tui.output-safety] description: 'Covers Output Safety across shared terminal output helpers used by CLI/TUI surfaces: safe stream writing, text sanitization, ANSI/OSC handling, table wrapping, and related terminal rendering primitives and output safety behavior.' docs: - docs/web/tui.md - docs/cli/qr.md - docs/cli/logs.md - docs/cli/completion.md search_anchors: - Streaming Message Rendering - Tool Cards - tui and terminal ux streaming message rendering and tool cards - streaming message rendering and tool cards - Terminal Rendering Primitives - Output Safety - tui and terminal ux terminal rendering primitives and output safety - terminal rendering primitives and output safety category_note: streaming-message-rendering-and-tool-cards.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: clawhub-and-external-plugin-distribution name: ClawHub family: core level: alpha level_code: M2 rationale: Public docs and ecosystem concept exist. Needs install, trust, update, rollback, and compatibility scorecards. completeness_instructions: references/completeness/clawhub-and-external-plugin-distribution.md categories: - name: Publishing id: publishing features: - name: ClawHub package publishing owner coverageIds: [clawhub.package-publishing-owner] description: ClawHub package publishing owner and scope rules - name: OpenClaw-owned package release validation for ClawHub coverageIds: [clawhub.openclaw-owned-package-release-validation-for-clawhub] description: OpenClaw-owned package release validation for ClawHub and npm - name: Version bump gates coverageIds: [clawhub.version-bump-gates] description: Version bump gates for changed publishable plugins - name: npm trusted publishing provenance coverageIds: [clawhub.npm-trusted-publishing-provenance] description: npm trusted publishing provenance metadata - name: External code plugin package contract required coverageIds: [clawhub.external-code-plugin-package-contract-required] description: External code plugin package contract required before publish - name: Skill package metadata coverageIds: [clawhub.skill-package-metadata] description: Publish-ready skill metadata, file limits, versions, and tags. - name: Skill publishing flow coverageIds: [clawhub.skill-publishing-flow] description: Owner-scoped ClawHub skill publishing, validation, release, and review. docs: - docs/clawhub/publishing.md - docs/clawhub/skill-format.md - docs/tools/creating-skills.md - docs/plugins/community.md search_anchors: - clawhub publishing release validation - clawhub and npm publishing release validation - SKILL.md format - Runtime metadata - Release Flow - Skill content category_note: clawhub-and-npm-publishing-release-validation.md human_lts_override: false - name: Catalog Discovery id: catalog-discovery features: - name: Plugin catalog search coverageIds: [clawhub.openclaw-plugins-search-as-the-clawhub] description: OpenClaw plugin search resolves ClawHub package lookup results. - name: Search result metadata coverageIds: [clawhub.search-result-metadata] description: Search results include package identity, channel, version, summary, compatibility, and source metadata. - name: Plugin and skill search separation coverageIds: [clawhub.distinction-between-plugin-search] description: Plugin search and skill search stay distinct even when both use ClawHub metadata. - name: Catalog lookup failure coverageIds: [clawhub.catalog-lookup-failure] description: Catalog lookup failure and empty-result behavior - name: Skill catalog search coverageIds: [clawhub.skill-catalog-search] description: Search, list, inspect, and install ClawHub-tracked skills from the CLI. docs: - docs/tools/plugin.md - docs/cli/plugins.md - docs/cli/skills.md - docs/tools/skills.md - docs/plugins/community.md search_anchors: - clawhub discovery, catalog metadata, and package lookup - openclaw skills - ClawHub install and sync category_note: clawhub-discovery-catalog-metadata-and-package-lookup.md human_lts_override: false - name: Compatibility and Trust id: compatibility-and-trust features: - name: openclaw.compat.pluginApi coverageIds: [clawhub.openclaw-compat-pluginapi] description: openclaw.compat.pluginApi, build metadata, and host/gateway minimums - name: ClawHub package compatibility validation coverageIds: [clawhub.package-compatibility-validation] description: Evidence scope for ClawHub package compatibility validation. - name: npm compatibility fallback to the newest coverageIds: [clawhub.npm-compatibility-fallback-to-the-newest] description: npm compatibility fallback to the newest compatible stable version - name: Official external plugin catalog behavior coverageIds: [clawhub.official-external-plugin-catalog-behavior] description: Official external plugin catalog behavior and bundled-to-external migration - name: Compatibility docs coverageIds: [clawhub.compatibility-docs] description: Compatibility docs and deprecation registry - name: Operator trust model for installing coverageIds: [clawhub.operator-trust-model-for-installing] description: Operator trust model for installing and enabling external code - name: ClawHub archive coverageIds: [clawhub.archive] description: ClawHub archive and ClawPack digest verification - name: npm integrity drift coverageIds: [clawhub.npm-integrity-drift] description: npm integrity drift and managed install checks - name: Built-in dangerous-code scanner coverageIds: [clawhub.built-in-dangerous-code-scanner] description: Built-in dangerous-code scanner and break-glass override semantics - name: ClawHub publishing review/hidden-release behavior as upstream coverageIds: [clawhub.publishing-review-hidden-release-behavior-as-upstream] description: ClawHub publishing review/hidden-release behavior as upstream trust signal - name: Skill archive safety coverageIds: [clawhub.skill-archive-safety] description: Uploaded skill archives are gated and reuse extraction protections. - name: Skill audit signals coverageIds: [clawhub.skill-audit-signals] description: ClawHub audit status, risk, findings, and trust metadata apply to skill packages. docs: - docs/tools/plugin.md - docs/cli/plugins.md - docs/plugins/compatibility.md - docs/plugins/plugin-inventory.md - docs/clawhub/publishing.md - docs/clawhub/security-audits.md - docs/tools/skills.md - docs/tools/skills-config.md search_anchors: - clawhub compatibility gates and official external catalog - compatibility gates and official external catalog - clawhub external plugin trust, integrity, and install approvals - external plugin trust, integrity, and install approvals - Treat third-party skills as untrusted code - skills.install.allowUploadedArchives - ClawHub security audits - Dynamic skills category_note: compatibility-gates-and-official-external-catalog.md human_lts_override: false - name: Plugin Lifecycle and Health id: plugin-lifecycle-and-health features: - name: Source prefixes coverageIds: [clawhub.source-prefixes] description: Source prefixes and shorthand resolution cover ClawHub, npm, local, archive, and marketplace plugin sources. - name: Bare package launch behavior coverageIds: [clawhub.bare-package-behavior-during-the-launch] description: Bare package behavior during the launch cutover - name: Explicit pinned versions coverageIds: [clawhub.explicit-pinned-versions] description: Explicit pinned versions, prerelease tags, and stable fallback behavior - name: Managed install records that preserve source coverageIds: [clawhub.managed-install-records-that-preserve-source] description: Managed install records that preserve source metadata for update/uninstall - name: Codex coverageIds: [clawhub.codex] description: Codex, Claude, and Cursor-compatible bundle detection - name: Local coverageIds: [clawhub.local] description: Local, archive, and marketplace install paths - name: Marketplace list coverageIds: [clawhub.marketplace-list] description: Marketplace list, shortcut, and install flows - name: Supported mapped features coverageIds: [clawhub.supported-mapped-features] description: Supported mapped features and detected-but-not-executed capabilities - name: Remote marketplace path safety coverageIds: [clawhub.remote-marketplace-path-safety] description: Remote marketplace path safety and archive download guards - name: Update by plugin id coverageIds: [clawhub.update-by-plugin-id] description: Update by plugin id, npm spec, ClawHub spec, beta channel, and marketplace - name: Reinstall vs update semantics coverageIds: [clawhub.reinstall-vs-update-semantics] description: Evidence scope for Reinstall vs update semantics. - name: Downgrade coverageIds: [clawhub.downgrade] description: Downgrade and pinned selectors - name: Uninstall config/index/policy/file cleanup coverageIds: [clawhub.uninstall-config-index-policy-file-cleanup] description: Evidence scope for Uninstall config/index/policy/file cleanup. - name: Gateway restart and reload requirements coverageIds: [clawhub.gateway-restart-reload-requirements-after] description: Gateway restart/reload requirements after install/update/uninstall - name: Per-plugin managed npm project coverageIds: [clawhub.per-plugin-managed-npm-project] description: Per-plugin managed npm project roots - name: npm-pack local release-candidate installs coverageIds: [clawhub.npm-pack-local-release-candidate-installs] description: npm-pack local release-candidate installs through npm semantics - name: Dependency ownership between plugin packages coverageIds: [clawhub.dependency-ownership-between-plugin-packages] description: Dependency ownership between plugin packages and OpenClaw - name: Peer dependency relinking coverageIds: [clawhub.peer-dependency-relinking] description: Peer dependency relinking for openclaw/plugin-sdk/* - name: Legacy dependency root cleanup coverageIds: [clawhub.legacy-dependency-root-cleanup] description: Legacy dependency root cleanup and doctor repair - name: Plugin inventory commands coverageIds: [clawhub.plugins-list] description: Plugin list, inspect, runtime inspect, and doctor commands expose operator inventory and diagnostics. - name: Local plugin index coverageIds: [clawhub.local-plugin-index] description: Local plugin index and persisted cold registry state - name: Troubleshooting stale config coverageIds: [clawhub.troubleshooting-stale-config] description: Troubleshooting covers stale config, blocked paths, dependencies, missing plugins, and repair guidance. - name: Runtime verification after Gateway coverageIds: [clawhub.runtime-verification-after-gateway] description: Runtime verification after Gateway restart - name: ClawHub skill installs coverageIds: [clawhub.skill-installs] description: Install and update ClawHub-tracked workspace or global skills. - name: Skill upload install path coverageIds: [clawhub.skill-upload-install-path] description: Trusted private archive upload and install through skills upload APIs. - name: Skill dependency installers coverageIds: [clawhub.skill-dependency-installers] description: Declared Brew, Node, Go, uv, or download installers for skill packages. docs: - docs/tools/plugin.md - docs/cli/plugins.md - docs/cli/skills.md - docs/tools/skills.md - docs/gateway/protocol.md - docs/plugins/bundles.md - docs/plugins/dependency-resolution.md search_anchors: - clawhub plugin source selection and install spec resolution - plugin source selection and install spec resolution - clawhub marketplace and compatible bundle import support - marketplace and compatible bundle import support - clawhub update, rollback, uninstall, and gateway reload lifecycle - update, rollback, uninstall, and gateway reload lifecycle - clawhub dependency resolution, managed install roots, and package metadata - dependency resolution, managed install roots, and package metadata - clawhub operator inventory, inspect, doctor, and troubleshooting - operator inventory, inspect, doctor, and troubleshooting - skills.upload.begin - skills.install - skills.update - Skill content category_note: plugin-lifecycle-and-health.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: openclaw-app-sdk name: OpenClaw App SDK family: core level: alpha level_code: M2 rationale: OpenClaw App SDK is a distinct external app contract separate from Gateway runtime and Plugin SDK. Current scoring shows a real `@openclaw/sdk` path with gaps around public packaging, auto-discovery, approvals, helpers, and compatibility. completeness_instructions: references/completeness/openclaw-app-sdk.md categories: - name: Client API id: client-api features: - name: SDK entrypoints coverageIds: [app-sdk.sdk-entrypoints] description: Public package imports and helper objects for external apps. - name: Namespace layout coverageIds: [app-sdk.namespace-layout] description: High-level and low-level namespaces such as agents and sessions. - name: Package split coverageIds: [app-sdk.package-split] description: Core SDK, React helpers, and testing package boundaries. - name: App/plugin boundary coverageIds: [app-sdk.app-plugin-boundary] description: Clear distinction between external app integrations and in-process plugin authoring. docs: - docs/concepts/openclaw-sdk.md - docs/reference/openclaw-sdk-api-design.md search_anchors: - OpenClaw App SDK overview - What ships today - Namespace design - Package structure - App SDK vs Plugin SDK category_note: client-api.md human_lts_override: false - name: Gateway Access id: gateway-access features: - name: Gateway connect coverageIds: [app-sdk.gateway-connect] description: SDK construction for explicit Gateway connections. - name: URL and token config coverageIds: [app-sdk.url-and-token-config] description: URL, token, and auth inputs for external clients. - name: Auto gateway coverageIds: [app-sdk.auto-gateway] description: Automatic Gateway discovery behavior for supported environments. - name: Custom transport coverageIds: [app-sdk.custom-transport] description: Transport injection for non-default client environments. - name: Scopes and redaction coverageIds: [app-sdk.scopes-and-redaction] description: Token scopes, secret-forwarding defaults, and redaction boundaries. docs: - docs/concepts/openclaw-sdk.md - docs/reference/openclaw-sdk-api-design.md - docs/gateway/protocol.md - docs/gateway/security/index.md search_anchors: - Connect to a Gateway - explicit URL/token handling - custom transport injection - gateway auto - Security model - token scopes category_note: gateway-access.md human_lts_override: false - name: Agent Conversations id: agent-conversations features: - name: Agent handles coverageIds: [app-sdk.agent-handles] description: SDK-side agent object creation and lookup. - name: Agent runs coverageIds: [app-sdk.agent-runs] description: Agent execution path with streamed run events. - name: Run results coverageIds: [app-sdk.run-results] description: Run result envelope, wait semantics, timeout handling, and result normalization. - name: Session creation coverageIds: [app-sdk.session-creation] description: Reusable session handle creation. - name: Session send coverageIds: [app-sdk.session-send] description: Session transcript interaction from external apps. - name: Session controls coverageIds: [app-sdk.session-controls] description: Patch, abort, and compact operations. docs: - docs/concepts/openclaw-sdk.md - docs/reference/openclaw-sdk-api-design.md - docs/gateway/protocol.md search_anchors: - Run an agent - Agent.run - Run result contract - RunResult - Create and reuse sessions - sessions.create - Session.send category_note: agent-conversations.md human_lts_override: false - name: Events and Approvals id: events-and-approvals features: - name: Event stream coverageIds: [app-sdk.event-stream] description: SDK stream subscription for app-wide and per-run events. - name: Event envelope coverageIds: [app-sdk.event-envelope] description: Stable event envelope for external clients. - name: Replay cursors coverageIds: [app-sdk.replay-cursors] description: Replayable event families with stable cursors. - name: Approval callbacks coverageIds: [app-sdk.approval-callbacks] description: First-class approval handling for external apps. - name: Questions coverageIds: [app-sdk.questions] description: Question handling alongside approval flows. docs: - docs/concepts/openclaw-sdk.md - docs/reference/openclaw-sdk-api-design.md - docs/gateway/protocol.md search_anchors: - Stream events - OpenClawEvent - Event contract - replayable event families - stable cursors - Approvals and questions category_note: events-and-approvals.md human_lts_override: false - name: Resource Helpers id: resource-helpers features: - name: Models coverageIds: [app-sdk.models] description: Typed model discovery helpers. - name: ToolSpace coverageIds: [app-sdk.toolspace] description: Tool discovery and invocation abstraction for external apps. - name: Artifact resources coverageIds: [workspace.artifacts, workspace.builds] description: SDK helpers for workspace artifact summaries, generated build outputs, retention metadata, and downloads. - name: Tasks coverageIds: [app-sdk.tasks] description: SDK helpers around Gateway task APIs. - name: Environments coverageIds: [app-sdk.environments] description: Managed environment provider lifecycle and metadata. docs: - docs/concepts/openclaw-sdk.md - docs/reference/openclaw-sdk-api-design.md search_anchors: - Models, tools, artifacts, and approvals - ToolSpace model - Artifact model - tasks and environments - Managed environment provider category_note: resource-helpers.md human_lts_override: false - name: Compatibility id: compatibility features: - name: Generated client coverageIds: [app-sdk.generated-client] description: Client generation from Gateway schemas. - name: Ergonomic wrappers coverageIds: [app-sdk.ergonomic-wrappers] description: Handwritten wrappers layered on generated transport contracts. - name: Unsupported calls coverageIds: [app-sdk.unsupported-calls] description: Explicit errors for unsupported environment mutations and future per-run overrides. - name: Schema alignment coverageIds: [app-sdk.schema-alignment] description: SDK behavior stays aligned with Gateway schemas. - name: Public package contract coverageIds: [app-sdk.public-package-contract] description: Package publication and reusable-client expectations tracked explicitly. docs: - docs/reference/openclaw-sdk-api-design.md - docs/concepts/typebox.md - docs/gateway/protocol.md search_anchors: - Generated client strategy - Gateway schemas - handwritten ergonomic wrappers - Explicitly unsupported today - unsupported environment mutations - future per-run overrides category_note: compatibility.md human_lts_override: false last_score_run: status: complete completed_at: '2026-06-01' by: codex source_ref: openclaw@29dd7847fd process_version: 3 - id: macos-gateway-host name: macOS Gateway host family: platform-app level: stable level_code: M4 rationale: LaunchAgent service path, local/remote Gateway modes, CLI install, and app integration are documented. completeness_instructions: references/completeness/macos-gateway-host.md categories: - name: CLI Setup id: cli-setup features: - name: Hosted installer coverageIds: [macos.hosted-installer] description: Hosted installer and local-prefix install paths on macOS - name: Node 24 recommendation coverageIds: [macos.node-24-recommendation] description: Node 24 recommendation and Node 22.19+ compatibility floor - name: App-triggered CLI install coverageIds: [macos.app-triggered-cli-install] description: App-triggered CLI install and runtime discovery - name: Shell PATH and version-manager drift coverageIds: [macos.shell-path-and-version-manager-drift] description: Shell PATH, package-manager, and version-manager drift that affect the host Gateway. docs: - docs/platforms/macos.md - docs/platforms/mac/bundled-gateway.md - docs/install/installer.md - docs/install/node.md search_anchors: - macos gateway host macos cli install and runtime prerequisites - macos cli install and runtime prerequisites category_note: cli-install-runtime-prerequisites.md human_lts_override: false - name: Local Gateway Integration id: local-gateway-integration features: - name: App local/remote connection mode coverageIds: [macos.app-local-remote-connection-mode] description: App local/remote connection mode coordination - name: App-managed Gateway LaunchAgent install/restart/uninstall coverageIds: [macos.app-managed-gateway-launchagent-install-restart-uninstall] description: App-managed Gateway LaunchAgent install/restart/uninstall through the CLI - name: CLI install detection coverageIds: [macos.cli-install-detection] description: CLI install detection and app install prompt - name: Attach-to-existing local Gateway compatibility coverageIds: [macos.attach-to-existing-local-gateway-compatibility] description: Attach-to-existing local Gateway compatibility checks - name: Gateway endpoint coverageIds: [macos.gateway-endpoint] description: Gateway endpoint, credential, and control-channel resolution - name: gateway.mode=local configuration coverageIds: [macos.gateway-mode-local-configuration] description: gateway.mode=local configuration and defaulting during service install - name: Loopback bind coverageIds: [macos.loopback-bind] description: Loopback bind, explicit host/bind overrides, auth requirements, and port precedence - name: Local app endpoint resolution coverageIds: [macos.local-app-endpoint-resolution] description: Local app endpoint resolution, local control channel, and attach-to-existing Gateway behavior - name: Bonjour discovery coverageIds: [macos.bonjour-discovery] description: Bonjour discovery and local status/probe/health surfaces docs: - docs/platforms/macos.md - docs/platforms/mac/bundled-gateway.md - docs/platforms/mac/remote.md - docs/gateway/index.md - docs/cli/gateway.md - docs/gateway/bonjour.md search_anchors: - macos gateway host companion app gateway integration - companion app gateway integration - macos gateway host local gateway mode and host configuration - local gateway mode and host configuration category_note: local-gateway-mode-host-configuration.md human_lts_override: false - name: Remote Gateway Mode id: remote-gateway-mode features: - name: macOS app "Remote over SSH" coverageIds: [macos.app-remote-over-ssh] description: macOS app "Remote over SSH" and direct remote Gateway modes - name: SSH tunnel setup coverageIds: [macos.ssh-tunnel-setup] description: SSH tunnel setup, stable local forward ownership, and tunnel restart/backoff - name: Tailscale MagicDNS coverageIds: [macos.tailscale-magicdns] description: Tailscale MagicDNS, Serve, and Funnel guidance for remote access - name: Remote endpoint token/password/TLS fingerprint coverageIds: [macos.remote-endpoint-token-password-tls-fingerprint] description: Remote endpoint token/password/TLS fingerprint resolution - name: Local node host startup coverageIds: [macos.local-node-host-startup] description: Local node host startup and local Gateway suppression while the app is remote docs: - docs/platforms/mac/remote.md - docs/gateway/remote.md - docs/gateway/tailscale.md search_anchors: - macos gateway host remote gateway mode and transport - remote gateway mode and transport category_note: remote-gateway-mode-transport.md human_lts_override: false - name: Gateway Service Lifecycle id: gateway-service-lifecycle features: - name: Per-user Gateway LaunchAgent install coverageIds: [macos.per-user-gateway-launchagent-install] description: Per-user Gateway LaunchAgent install, stage, uninstall, start, stop, restart, and status - name: launchctl bootstrap coverageIds: [macos.launchctl-bootstrap] description: launchctl bootstrap, bootout, enable, disable, kickstart, runtime parsing, installed-but-unloaded repair, and --disable semantics - name: LaunchAgent labels coverageIds: [macos.launchagent-labels] description: LaunchAgent labels, profile labels, legacy cleanup, service metadata, plist generation, KeepAlive, RunAtLoad, logs, working directory, and temp directory handling - name: Gateway token/env handling coverageIds: [macos.gateway-token-env-handling] description: Gateway token/env handling, owner-only env files/wrappers, managed service env keys, and config audit/status output - name: App-managed LaunchAgent handoff coverageIds: [macos.app-managed-launchagent-handoff] description: macOS app integration that manages the Gateway LaunchAgent in local mode and avoids it in remote or attach-only modes. - name: openclaw update package/git handoff coverageIds: [macos.openclaw-update-package-git-handoff] description: openclaw update package/git handoff on macOS - name: Managed service refresh coverageIds: [macos.managed-service-refresh] description: Managed service refresh and LaunchAgent rebootstrap after updates - name: Stale updater launchd job detection coverageIds: [macos.stale-updater-launchd-job-detection] description: Stale updater launchd job detection and cleanup - name: openclaw uninstall coverageIds: [macos.openclaw-uninstall] description: openclaw uninstall, service uninstall, state cleanup, and manual launchd removal - name: Stranded service recovery coverageIds: [macos.stranded-service-recovery] description: Recovery after partially updated or stranded macOS Gateway services. docs: - docs/platforms/macos.md - docs/platforms/mac/bundled-gateway.md - docs/cli/gateway.md - docs/gateway/index.md - docs/cli/update.md - docs/install/updating.md - docs/install/uninstall.md - docs/gateway/troubleshooting.md search_anchors: - macos gateway host launchagent service lifecycle - launchagent service lifecycle - macos gateway host update, uninstall, and recovery - update, uninstall, and recovery category_note: launchagent-service-lifecycle.md human_lts_override: false - name: Diagnostics and Observability id: diagnostics-and-observability features: - name: LaunchAgent log paths coverageIds: [macos.launchagent-log-paths] description: LaunchAgent log paths and app diagnostic log paths - name: openclaw gateway status --deep coverageIds: [macos.openclaw-gateway-status-deep] description: openclaw gateway status --deep, gateway probe, doctor, health, and logs commands - name: Gateway silently stops responding coverageIds: [macos.gateway-silently-stops-responding] description: Gateway silently stops responding, ENETDOWN sleep/wake failure, port conflicts, invalid config, and memory pressure runbooks - name: Stale updater jobs coverageIds: [macos.stale-updater-jobs] description: Stale updater jobs, service config drift, and LaunchAgent environment diagnostics docs: - docs/platforms/mac/bundled-gateway.md - docs/platforms/macos.md - docs/cli/gateway.md - docs/gateway/doctor.md - docs/gateway/troubleshooting.md search_anchors: - macos gateway host diagnostics, logs, and operator observability - diagnostics, logs, and operator observability category_note: diagnostics-logs-operator-observability.md human_lts_override: false - name: Permissions and Native Capabilities id: permissions-and-native-capabilities features: - name: macOS TCC permission prompts/status coverageIds: [macos.tcc-permission-prompts-status] description: macOS TCC permission prompts/status for Accessibility, AppleScript, Screen Recording, Microphone, Speech Recognition, Camera, Location, Notifications, and Voice Wake - name: Native node capability exposure coverageIds: [macos.native-node-capability-exposure] description: Native node capability exposure for screen/canvas/browser/system operations - name: system.run policy coverageIds: [macos.system-run-policy] description: system.run policy and local/remote node execution expectations - name: Permission-driven support coverageIds: [macos.permission-driven-support] description: Permission-driven support and operator diagnostics docs: - docs/platforms/macos.md - docs/platforms/mac/remote.md search_anchors: - macos gateway host macos permissions and native node capabilities - macos permissions and native node capabilities category_note: macos-permissions-native-node-capabilities.md human_lts_override: false - name: Profiles and Isolation id: profiles-and-isolation features: - name: Profile-specific LaunchAgent labels coverageIds: [macos.profile-specific-launchagent-labels] description: Profile-specific LaunchAgent labels and plist paths - name: Profile-specific state/config/workspace roots coverageIds: [macos.profile-specific-state-config-workspace-roots] description: Profile-specific state, config, and workspace roots for isolated local Gateways. - name: Derived ports coverageIds: [macos.derived-ports] description: Derived ports and multi-Gateway conflict avoidance - name: Rescue bot setup coverageIds: [macos.rescue-bot-setup] description: Rescue bot setup and operator checks - name: Extra Gateway process detection coverageIds: [macos.extra-gateway-process-detection] description: Deep status detection for extra Gateway-like services and duplicate local processes. docs: - docs/gateway/multiple-gateways.md - docs/gateway/index.md - docs/cli/gateway.md search_anchors: - macos gateway host profiles and multi-gateway isolation - profiles and multi-gateway isolation category_note: profiles-multi-gateway-isolation.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: macos-companion-app name: macOS companion app family: platform-app level: beta level_code: M3 rationale: Rich menu bar app, permissions, node mode, Canvas, voice wake, WebChat, and remote mode exist. Still fast-moving enough to avoid Stable. completeness_instructions: references/completeness/macos-companion-app.md categories: - name: Canvas id: canvas features: - name: Canvas panel open/hide/navigate/eval/snapshot coverageIds: [macos.canvas-panel-open-hide-navigate-eval-snapshot] description: Canvas panel open/hide/navigate/eval/snapshot behavior, status, and operator-visible verification. - name: Local custom URL scheme coverageIds: [macos.local-custom-url-scheme] description: Local custom URL scheme and session-root file serving - name: A2UI host auto-navigation coverageIds: [macos.a2ui-host-auto-navigation] description: A2UI host auto-navigation, push/reset, and action bridge - name: Canvas enable/disable setting coverageIds: [macos.canvas-enable-disable-setting] description: Canvas enable/disable setting and node command behavior docs: - docs/platforms/mac/canvas.md - docs/platforms/macos.md - docs/web/webchat.md search_anchors: - macos companion app canvas and a2ui - canvas and a2ui category_note: canvas-a2ui.md human_lts_override: false - name: Local Setup id: local-setup features: - name: Local mode Gateway attach/start/stop coverageIds: [macos.local-mode-gateway-attach-start-stop] description: Local mode Gateway attach/start/stop behavior, status, and operator-visible verification. - name: LaunchAgent install/update/restart/uninstall coverageIds: [macos.launchagent-install-update-restart-uninstall] description: LaunchAgent install/update/restart/uninstall through app-managed CLI calls - name: Existing-listener detection coverageIds: [macos.existing-listener-detection] description: Existing-listener detection, port guarding, and launchd log path - name: Native first-run onboarding flow coverageIds: [macos.native-first-run-onboarding-flow] description: Native first-run onboarding flow and completion marker - name: CLI discovery coverageIds: [macos.cli-discovery] description: CLI discovery and "Install CLI" prompt/install path - name: Local workspace selection coverageIds: [macos.local-workspace-selection] description: Local workspace selection and Gateway wizard startup - name: Onboarding WebChat session separation coverageIds: [macos.onboarding-webchat-session-separation] description: Onboarding WebChat session separation behavior, status, and operator-visible verification. docs: - docs/platforms/mac/bundled-gateway.md - docs/platforms/macos.md - docs/platforms/mac/child-process.md - docs/platforms/mac/dev-setup.md search_anchors: - macos companion app local gateway and launchagent - local gateway and launchagent - macos companion app onboarding, cli install, and workspace setup - onboarding, cli install, and workspace setup category_note: onboarding-cli-workspace.md human_lts_override: false - name: Status and Settings id: status-and-settings features: - name: Menu-bar status coverageIds: [macos.menu-bar-status] description: Menu-bar status, action menu, status icon state, dock menu, dashboard/chat/canvas/talk shortcuts - name: Activity state ingestion coverageIds: [macos.activity-state-ingestion] description: Activity state ingestion and status row behavior - name: Settings navigation coverageIds: [macos.settings-navigation] description: Settings navigation and tabs - name: Health polling coverageIds: [macos.health-polling] description: Health polling, channel status, logs, debug actions, config/session/instance visibility - name: Channels settings coverageIds: [macos.channels-settings] description: Channels settings and QR/login/probe status surfaced through the app docs: - docs/platforms/mac/menu-bar.md - docs/platforms/mac/icon.md - docs/platforms/macos.md - docs/platforms/mac/health.md - docs/platforms/mac/logging.md - docs/platforms/mac/remote.md search_anchors: - macos companion app menu status and dashboard - menu status and dashboard - macos companion app settings, health, channels, and diagnostics - settings, health, channels, and diagnostics category_note: settings-health-diagnostics.md human_lts_override: false - name: Native Capabilities id: native-capabilities features: - name: Mac node session connection coverageIds: [macos.mac-node-session-connection] description: Mac node session connection, capability and command advertisement - name: system.run coverageIds: [macos.system-run] description: system.run, system.which, system.notify, exec approvals get/set - name: Exec approval policy coverageIds: [macos.exec-approval-policy] description: Exec approval policy, app exec host, local socket, and event emission - name: Permission requests coverageIds: [macos.permission-requests] description: Permission requests, status polling, settings UI, and node permission advertisement - name: TCC persistence coverageIds: [macos.tcc-persistence] description: TCC persistence, signing requirements, and safe app-owned permission guidance docs: - docs/platforms/macos.md - docs/platforms/mac/xpc.md - docs/platforms/mac/permissions.md - docs/platforms/mac/signing.md - docs/platforms/mac/peekaboo.md search_anchors: - macos companion app node mode, system.run, and exec host - node mode, system.run, and exec host - macos companion app permissions, privacy, and tcc - permissions, privacy, and tcc category_note: node-mode-system-run-exec-host.md human_lts_override: false - name: Remote Connections id: remote-connections features: - name: Remote connection mode selection coverageIds: [macos.remote-connection-mode-selection] description: Remote connection mode selection and configuration - name: SSH tunnel coverageIds: [macos.ssh-tunnel] description: SSH tunnel and direct ws/wss Gateway transport - name: Gateway discovery coverageIds: [gateway.discovery] description: Gateway discovery, TLS pin repair, and remote node-service startup docs: - docs/platforms/mac/remote.md - docs/platforms/macos.md - docs/gateway/remote.md search_anchors: - macos companion app remote mode, discovery, and tunnels - remote mode, discovery, and tunnels category_note: remote-mode-discovery-tunnels.md human_lts_override: false - name: Voice and Talk id: voice-and-talk features: - name: Voice Wake runtime coverageIds: [macos.voice-wake-runtime] description: Voice Wake runtime, trigger detection, permissions, overlay, chimes, and forwarding - name: Push-to-talk coverageIds: [macos.push-to-talk] description: Push-to-talk and Talk Mode capture/listen/think/speak lifecycle - name: Talk provider playback plan coverageIds: [macos.talk-provider-playback-plan] description: Talk provider playback plan and Gateway talk status docs: - docs/platforms/mac/voicewake.md - docs/platforms/mac/voice-overlay.md - docs/nodes/talk.md - docs/platforms/macos.md search_anchors: - macos companion app voice wake, push-to-talk, and talk mode - voice wake, push-to-talk, and talk mode category_note: voice-wake-talk.md human_lts_override: false - name: WebChat id: webchat features: - name: Native SwiftUI WebChat window coverageIds: [macos.native-swiftui-webchat-window] description: Native SwiftUI WebChat window and menu panel - name: Gateway chat transport coverageIds: [gateway.chat-transport] description: Gateway chat transport, session/model/thinking controls, event mapping, and health - name: Local and remote data-plane reuse coverageIds: [macos.local-and-remote-data-plane-reuse] description: Local and remote data-plane reuse across native WebChat sessions. docs: - docs/platforms/mac/webchat.md - docs/platforms/macos.md - docs/web/webchat.md search_anchors: - macos companion app webchat and session ui - webchat and session ui category_note: webchat-sessions.md human_lts_override: false - name: Remote WebChat id: remote-webchat features: - name: macOS WebChat transport coverageIds: [macos.webchat-transport] description: Covers macOS WebChat transport across native macOS WebChat, Gateway connection reuse, native chat transport mapping, window/panel presentation, and related remote webchat client bridges behavior. - name: SSH tunnel data plane coverageIds: [macos.ssh-tunnel-data-plane] description: Covers SSH tunnel data plane across native macOS WebChat, Gateway connection reuse, native chat transport mapping, window/panel presentation, and related remote webchat client bridges behavior. - name: Direct ws/wss remote mode coverageIds: [macos.direct-ws-wss-remote-mode] description: Covers Direct ws/wss remote mode across native macOS WebChat, Gateway connection reuse, native chat transport mapping, window/panel presentation, and related remote webchat client bridges behavior. - name: Session continuity coverageIds: [memory.session-continuity] description: Covers Session continuity across native macOS WebChat, Gateway connection reuse, native chat transport mapping, window/panel presentation, and related remote webchat client bridges behavior. - name: Remote troubleshooting coverageIds: [macos.remote-troubleshooting] description: Covers Remote troubleshooting across native macOS WebChat, Gateway connection reuse, native chat transport mapping, window/panel presentation, and related remote webchat client bridges behavior. docs: - docs/platforms/mac/webchat.md - docs/gateway/remote.md - docs/platforms/mac/remote.md search_anchors: - macOS WebChat transport - SSH tunnel data plane - Direct ws/wss remote mode - Session continuity - Remote troubleshooting - What it can do (today) - Chat behavior category_note: native-webchat-and-remote-client-bridges.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: linux-gateway-host name: Linux Gateway host family: platform-app level: stable level_code: M4 rationale: Node runtime is recommended, systemd user service is documented, and VPS/container guidance is broad. completeness_instructions: references/completeness/linux-gateway-host.md categories: - name: Host Setup and Updates id: host-setup-and-updates features: - name: Linux CLI install coverageIds: [linux.cli-install] description: Linux CLI installation paths and operator verification after install. - name: Node runtime prerequisites coverageIds: [linux.node-runtime-prerequisites] description: Node runtime version requirements and host prerequisite checks for Linux Gateway operation. - name: Package-manager policy coverageIds: [linux.package-manager-policy] description: Supported package-manager and platform policy for Linux install and update paths. - name: Update path coverageIds: [linux.update-path] description: Linux update workflow, package or git handoff, and post-update verification. docs: - docs/install/index.md - docs/install/updating.md - docs/platforms/linux.md - docs/platforms/index.md search_anchors: - Linux install - Node runtime prerequisites - package-manager policy - updating OpenClaw category_note: linux-cli-install-and-update-path.md human_lts_override: true - name: Gateway Runtime and Service Control id: gateway-runtime-and-service-control features: - name: Foreground Gateway Runtime coverageIds: [linux.foreground-gateway-runtime] description: Covers Foreground Gateway Runtime user-facing controls, state display, navigation, and rendering behavior for Foreground Gateway Runtime and Process Control. - name: Process Control coverageIds: [linux.process-control] description: Covers Process Control user-facing controls, state display, navigation, and rendering behavior for Foreground Gateway Runtime and Process Control. - name: Systemd User Service Lifecycle setup coverageIds: [linux.systemd-user-service-lifecycle-setup] description: Defines Systemd User Service Lifecycle setup setup, credential, configuration, and operator verification behavior for Systemd User Service Lifecycle. - name: Systemd User Service Lifecycle operation coverageIds: [linux.systemd-user-service-lifecycle-operation] description: Defines Systemd User Service Lifecycle operation setup, credential, configuration, and operator verification behavior for Systemd User Service Lifecycle. - name: Systemd User Service Lifecycle status coverageIds: [linux.systemd-user-service-lifecycle-status] description: Defines Systemd User Service Lifecycle status setup, credential, configuration, and operator verification behavior for Systemd User Service Lifecycle. - name: Systemd User Service Lifecycle recovery coverageIds: [linux.systemd-user-service-lifecycle-recovery] description: Defines Systemd User Service Lifecycle recovery setup, credential, configuration, and operator verification behavior for Systemd User Service Lifecycle. docs: - docs/gateway/index.md - docs/cli/gateway.md - docs/platforms/linux.md - docs/vps.md search_anchors: - Foreground Gateway Runtime - Process Control - linux gateway host foreground gateway runtime and process control - foreground gateway runtime and process control - Systemd User Service Lifecycle setup - Systemd User Service Lifecycle operation - Systemd User Service Lifecycle status - Systemd User Service Lifecycle recovery - linux gateway host systemd user service lifecycle - systemd user service lifecycle category_note: foreground-gateway-runtime-and-process-control.md human_lts_override: true - name: Remote Access and Security id: remote-access-and-security features: - name: Remote Network Exposure coverageIds: [linux.remote-network-exposure] description: Defines Remote Network Exposure authorization, trust, safety boundaries, and operator controls for Remote Network Exposure, Tls, and Tailscale. - name: TLS coverageIds: [linux.tls] description: Defines TLS authorization, trust, safety boundaries, and operator controls for Remote Network Exposure, Tls, and Tailscale. - name: Tailscale coverageIds: [linux.tailscale] description: Defines Tailscale authorization, trust, safety boundaries, and operator controls for Remote Network Exposure, Tls, and Tailscale. - name: Gateway exposure safeguards coverageIds: [linux.gateway-exposure-safeguards] description: Defines exposure checks, unsafe-network warnings, and operator controls for Linux Gateway security boundaries. - name: Gateway authentication modes coverageIds: [linux.gateway-authentication-modes] description: Defines token/password auth, shared-secret resolution, and operator verification for Linux Gateway authentication. - name: Secret Handling coverageIds: [linux.secret-handling] description: Defines Secret Handling setup, credential, configuration, and operator verification behavior for Security, Auth, and Secret Handling. docs: - docs/gateway/remote.md - docs/gateway/tailscale.md - docs/gateway/security/exposure-runbook.md - docs/gateway/authentication.md - docs/gateway/secrets.md search_anchors: - Remote Network Exposure - TLS - Tailscale - linux gateway host remote network exposure, tls, and tailscale - remote network exposure, tls, and tailscale - exposure-runbook - Gateway authentication - Secret Handling - linux gateway host security, auth, and secret handling - security, auth, and secret handling category_note: remote-network-exposure-tls-and-tailscale.md human_lts_override: true - name: Diagnostics and Repair id: diagnostics-and-repair features: - name: Gateway diagnostic reports coverageIds: [linux.gateway-diagnostic-reports] description: Covers Gateway status, diagnostic output, failure handling, and operator repair for diagnostics, logs, doctor, and repair workflows. - name: Gateway log tailing coverageIds: [linux.gateway-log-tailing] description: Covers log viewing, log tailing, local fallback behavior, and operator-visible Gateway log status. - name: Doctor checks coverageIds: [telemetry.doctor-checks] description: Covers `openclaw doctor` checks, Gateway health probes, and operator diagnostics for Linux Gateway deployments. - name: Operator repair guidance coverageIds: [linux.operator-repair-guidance] description: Covers failure handling, repair guidance, and recovery steps for Linux Gateway diagnostics and doctor findings. docs: - docs/cli/status.md - docs/cli/logs.md - docs/cli/doctor.md - docs/gateway/diagnostics.md - docs/gateway/index.md search_anchors: - openclaw status - gateway diagnostics - openclaw logs - openclaw doctor - repair guidance - linux gateway host diagnostics, logs, doctor, and repair - diagnostics, logs, doctor, and repair category_note: diagnostics-logs-doctor-and-repair.md human_lts_override: true - name: Deployment Targets id: deployment-targets features: - name: VPS coverageIds: [linux.vps] description: Defines VPS setup, credential, configuration, and operator verification behavior for Vps, Container, and Cloud Deployment Guidance. - name: Container coverageIds: [linux.container] description: Defines Container setup, credential, configuration, and operator verification behavior for Vps, Container, and Cloud Deployment Guidance. - name: Cloud Deployment Guidance coverageIds: [linux.cloud-deployment-guidance] description: Defines Cloud Deployment Guidance setup, credential, configuration, and operator verification behavior for Vps, Container, and Cloud Deployment Guidance. docs: - docs/vps.md - docs/install/docker.md - docs/install/hetzner.md - docs/install/digitalocean.md - docs/install/kubernetes.md - docs/install/podman.md search_anchors: - Vps - Container - Cloud Deployment Guidance - linux gateway host vps, container, and cloud deployment guidance - vps, container, and cloud deployment guidance category_note: vps-container-and-cloud-deployment-guidance.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: linux-companion-app name: Linux companion app family: platform-app level: planned level_code: M0 rationale: Docs say native Linux companion apps are planned; Gateway is the supported Linux path today. completeness_instructions: references/completeness/linux-companion-app.md categories: - name: App Distribution id: app-distribution features: - name: Native app package coverageIds: [linux.native-app-package] description: Native Linux companion-app package availability and installation path. - name: Distro package targets coverageIds: [linux.distro-package-targets] description: Distro package targets, desktop files, icons, autostart, and update metadata - name: Official release metadata coverageIds: [linux.official-release-metadata] description: Official release metadata for downstream consoles docs: - docs/platforms/linux.md - docs/platforms/index.md - docs/install/index.md search_anchors: - Native Linux companion apps are planned - Linux app - Gateway service install category_note: packaging-install-update-desktop-integration.md human_lts_override: false - name: Gateway Connectivity id: gateway-connectivity features: - name: Local Gateway attach and status coverageIds: [linux.local-gateway-attach-and-status] description: Local Gateway attach, start, and status behavior from a Linux app. - name: Gateway pairing and auth coverageIds: [linux.gateway-pairing-and-auth] description: Gateway auth and device pairing from a native Linux client. - name: Remote mode coverageIds: [linux.remote-mode] description: Remote mode through direct URL, SSH tunnel, or Tailscale - name: Local and remote resource boundaries coverageIds: [linux.local-and-remote-resource-boundaries] description: Local and remote resource boundaries for a Linux companion client. docs: - docs/platforms/linux.md - docs/gateway/index.md - docs/gateway/pairing.md - docs/gateway/remote.md search_anchors: - Linux app - Gateway service install - remote Gateway - pairing category_note: gateway-connection-pairing-local-remote.md human_lts_override: false - name: Chat and Sessions id: chat-and-sessions features: - name: Native Linux chat window coverageIds: [linux.native-linux-chat-window] description: Native Linux chat window behavior, status, and operator-visible verification. - name: Transcript coverageIds: [linux.transcript] description: Transcript, composer, session picker, model picker, send/abort/follow-up controls - name: Gateway chat transport coverageIds: [gateway.chat-transport] description: Gateway WebSocket chat transport from a Linux desktop client. docs: - docs/platforms/linux.md - docs/gateway/protocol.md - docs/web/webchat.md search_anchors: - WebChat - Gateway WebSocket - chat history category_note: native-chat-session-controls.md human_lts_override: false - name: Desktop Capabilities id: desktop-capabilities features: - name: Linux desktop permissions coverageIds: [linux.desktop-permissions] description: Linux desktop permissions for notifications, microphone, screen, camera, accessibility, portals, and desktop-environment APIs - name: Secret storage coverageIds: [linux.secret-storage] description: Secret storage for Gateway token, device identity, approval socket token, and app settings - name: Sandbox/package posture coverageIds: [linux.sandbox-package-posture] description: Sandbox/package posture for Flatpak/Snap/AppImage or system packages - name: Linux native node identity coverageIds: [linux.native-node-identity] description: Linux native node identity and capability advertisement - name: Host command execution coverageIds: [tools.host-command-execution] description: Host command execution through system.run and related desktop tools. - name: Desktop tools coverageIds: [linux.desktop-tools] description: Desktop tools such as screen, camera, notifications, Canvas, and local command execution - name: Linux native Talk coverageIds: [linux.native-talk] description: Linux native Talk, push-to-talk, voice wake, and transcription - name: Microphone capture coverageIds: [linux.microphone-capture] description: Microphone capture, screen/camera capture, desktop context sensing, and local media attachment flows - name: Native media permissions coverageIds: [linux.native-media-permissions] description: Native media permissions and foreground/background behavior docs: - docs/platforms/linux.md - docs/tools/exec-approvals.md - docs/gateway/secrets.md - docs/nodes/index.md - docs/tools/exec.md - docs/nodes/talk.md - docs/nodes/camera.md search_anchors: - Native Linux companion apps are planned - Linux app - Exec approvals - headless node host - system.run - Talk mode - microphone capture - camera category_note: desktop-permissions-secrets-sandbox.md human_lts_override: false - name: Status and Diagnostics id: status-and-diagnostics features: - name: Native Linux app readiness coverageIds: [linux.native-linux-app-readiness] description: Native Linux app readiness states - name: Gateway health/status display coverageIds: [linux.gateway-health-status-display] description: Gateway health/status display behavior, status, and operator-visible verification. - name: Log/transcript opening coverageIds: [linux.log-transcript-opening] description: Log/transcript opening and locality-aware resource handling - name: Doctor/repair affordances coverageIds: [linux.doctor-repair-affordances] description: Doctor/repair affordances and systemd lifecycle diagnostics - name: Linux tray/status item coverageIds: [linux.tray-status-item] description: Linux tray/status item behavior, status, and operator-visible verification. - name: Runtime status row coverageIds: [linux.runtime-status-row] description: Runtime status row and native notifications - name: Desktop-environment integration coverageIds: [linux.desktop-environment-integration] description: Desktop-environment integration for GNOME/KDE/Wayland/X11 tray behavior docs: - docs/platforms/linux.md - docs/start/openclaw.md - docs/gateway/doctor.md search_anchors: - Gateway service install - openclaw status - Control UI - Linux app - status - desktop notifications category_note: diagnostics-health-operator-repair.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: windows-via-wsl2 name: Windows via WSL2 family: platform-app level: beta level_code: M3 rationale: Recommended Windows path with systemd/user-service guidance and boot-chain docs. Promote after repeated install/update scorecards. completeness_instructions: references/completeness/windows-via-wsl2.md categories: - name: WSL Setup id: wsl-setup features: - name: WSL2 + Ubuntu installation coverageIds: [wsl2.ubuntu-installation] description: WSL2 and Ubuntu installation requirements. - name: Node runtime coverageIds: [wsl2.node-runtime] description: Node 24 and Node 22.19+ runtime requirements inside WSL2. - name: Linux install flow inside WSL2 coverageIds: [wsl2.linux-install-flow-inside-wsl2] description: Linux install and getting-started flow run inside WSL2. - name: WSL2 runtime boundary coverageIds: [wsl2.runtime-boundary] description: WSL2 runtime boundary and its distinction from native Windows installs. - name: WSL2 network-family requirements coverageIds: [wsl2.network-family-requirements] description: WSL2-specific network-family requirements that affect Gateway startup. - name: Source install and build inside WSL2 coverageIds: [wsl2.source-install-and-build-inside-wsl2] description: Source install and build workflow inside the WSL2 distribution. docs: - docs/platforms/windows.md - docs/start/getting-started.md search_anchors: - WSL2 (recommended) - Ubuntu - Node 24 - source install category_note: wsl2-install-and-runtime-prerequisites.md human_lts_override: true - name: CLI id: cli features: - name: WSL2 CLI entrypoints coverageIds: [wsl2.cli-entrypoints] description: openclaw CLI install, version, onboard, doctor, status, and update commands run inside the WSL2 Linux environment. - name: openclaw onboard coverageIds: [windows.openclaw-onboard] description: openclaw onboard and non-interactive onboarding run inside the WSL2 Linux environment. - name: openclaw doctor status and logs coverageIds: [wsl2.openclaw-doctor-status-and-logs] description: openclaw doctor, status, and logs provide WSL2-specific repair and diagnostic feedback. - name: openclaw update coverageIds: [wsl2.openclaw-update] description: openclaw update, channel switching, dry-run/status diagnostics - name: npm/pnpm/git package-root coverageIds: [wsl2.npm-pnpm-git-package-root] description: npm/pnpm/git package-root and install-mode switching - name: Managed systemd Gateway restart coverageIds: [wsl2.managed-systemd-gateway-restart] description: Managed systemd Gateway restart and update handoff - name: Service metadata refresh coverageIds: [wsl2.service-metadata-refresh] description: Service metadata refresh after WSL2 Gateway updates. - name: Package-manager caveats coverageIds: [wsl2.package-manager-caveats] description: Package-manager caveats seen from WSL2 source and package installs. docs: - docs/platforms/windows.md - docs/start/getting-started.md - docs/install/updating.md - docs/cli/onboard.md - docs/cli/doctor.md - docs/cli/status.md - docs/cli/logs.md search_anchors: - windows via wsl2 cli - WSL2 CLI entrypoints - openclaw onboard - openclaw doctor - openclaw status - openclaw logs - openclaw update - package manager category_note: wsl2-cli.md human_lts_override: true - name: Gateway Service Lifecycle id: gateway-service-lifecycle features: - name: Onboarded systemd install coverageIds: [wsl2.onboarded-systemd-install] description: openclaw onboard daemon installation inside WSL2. - name: Gateway service install coverageIds: [wsl2.gateway-service-install] description: openclaw gateway install behavior under WSL2 systemd. - name: systemd user unit rendering coverageIds: [wsl2.systemd-user-unit-rendering] description: systemd user unit rendering and lifecycle metadata. - name: WSL-aware systemd unavailable hints coverageIds: [wsl2.wsl-aware-systemd-unavailable-hints] description: Operator hints when systemd is unavailable in the WSL distribution. - name: Doctor service repair coverageIds: [wsl2.doctor-service-repair] description: Doctor repair behavior for WSL2 Gateway services. - name: WSL user-service linger coverageIds: [wsl2.wsl-user-service-linger] description: WSL user-service linger behavior, status, and operator-visible verification. - name: Systemd availability after Windows boot coverageIds: [wsl2.systemd-availability-after-windows-boot] description: Systemd availability after Windows boot and WSL distribution startup. - name: Windows startup task for WSL coverageIds: [wsl2.windows-startup-task-for-wsl] description: Windows startup task behavior for launching WSL before login. - name: Verification before Windows sign-in coverageIds: [wsl2.verification-before-windows-sign-in] description: Verification before Windows sign-in behavior, status, and operator-visible verification. - name: Clear expectations around PC power coverageIds: [wsl2.clear-expectations-around-pc-power] description: Clear expectations around PC power, sleep, Windows boot, WSL boot, and Gateway uptime docs: - docs/platforms/windows.md - docs/gateway/index.md - docs/gateway/doctor.md search_anchors: - Gateway service install (CLI) - systemd user service - WSL-aware systemd - Gateway auto-start before Windows login - WSL user-service linger - Windows startup scheduled task category_note: systemd-gateway-service-lifecycle.md human_lts_override: true - name: Gateway Access and Exposure id: gateway-access-and-exposure features: - name: Gateway token/password auth coverageIds: [wsl2.gateway-token-password-auth] description: Gateway token and password auth for clients running through WSL2. - name: Provider credentials coverageIds: [security.provider-credentials] description: Provider credential storage and lookup from inside the WSL2 environment. - name: Gateway auth SecretRefs coverageIds: [wsl2.gateway-auth-secretrefs] description: Gateway auth SecretRef handling for WSL2-hosted Gateway processes. - name: Remote URL credential precedence coverageIds: [wsl2.remote-url-credential-precedence] description: Remote URL credential precedence when WSL2 clients connect to local or remote Gateways. - name: WSL virtual network coverageIds: [wsl2.wsl-virtual-network] description: WSL virtual network behavior and host/guest addressing. - name: Windows portproxy setup coverageIds: [wsl2.windows-portproxy-setup] description: Windows netsh interface portproxy setup for exposing WSL services. - name: Windows Firewall rules coverageIds: [wsl2.windows-firewall-rules] description: Windows Firewall rules for WSL Gateway access. - name: Reachable Gateway URLs coverageIds: [wsl2.reachable-gateway-urls] description: Gateway URLs that must be reachable from Windows, WSL2, and LAN clients. - name: Loopback and LAN exposure coverageIds: [wsl2.loopback-and-lan-exposure] description: Loopback versus LAN listen behavior for WSL2 Gateway exposure. - name: WSL2 IPv4 networking coverageIds: [wsl2.ipv4-networking] description: WSL2-specific IPv4 network-family behavior. - name: Tailscale remote access coverageIds: [wsl2.tailscale-remote-access] description: Tailscale and remote access behavior where it intersects WSL2 networking. docs: - docs/gateway/authentication.md - docs/gateway/secrets.md - docs/gateway/remote.md - docs/gateway/security/exposure-runbook.md - docs/platforms/windows.md search_anchors: - Gateway authentication - SecretRef - Remote URL credential precedence - 'Advanced: expose WSL services over LAN (portproxy)' - portproxy - WSL2 IPv4 category_note: auth-secrets-and-exposure-posture.md human_lts_override: true - name: Diagnostics and Repair id: diagnostics-and-repair features: - name: openclaw doctor coverageIds: [runtime.codex-plugin.auth, runtime.codex-plugin.lifecycle, runtime.doctor-repair] description: openclaw doctor and repair/migration for WSL2 Gateway - name: openclaw status coverageIds: [windows.openclaw-status] description: openclaw status, status --all, and Gateway service/runtime summary - name: openclaw logs coverageIds: [telemetry.openclaw-logs] description: openclaw logs and Linux systemd journal fallback - name: SecretRef coverageIds: [wsl2.secretref] description: SecretRef and auth diagnostics visible from status/doctor - name: WSL/systemd unavailable hints coverageIds: [wsl2.wsl-systemd-unavailable-hints] description: WSL/systemd unavailable hints and linger checks - name: Operator repair guidance after WSL2 service coverageIds: [wsl2.operator-repair-guidance-after-wsl2-service] description: Operator repair guidance after WSL2 service, config, or Gateway failures docs: - docs/platforms/windows.md - docs/cli/status.md - docs/cli/logs.md - docs/cli/doctor.md - docs/gateway/doctor.md search_anchors: - windows via wsl2 diagnostics, doctor, logs, and repair - diagnostics, doctor, logs, and repair category_note: diagnostics-doctor-logs-and-repair.md human_lts_override: true - name: Browser and Control UI id: browser-and-control-ui features: - name: WSL2 Gateway with Windows browser coverageIds: [wsl2.gateway-with-windows-browser] description: WSL2 Gateway with Windows browser and Windows Chrome - name: Windows Control UI URL coverageIds: [wsl2.windows-control-ui-url] description: Windows Control UI URL and origin guidance - name: Raw remote CDP to Windows Chrome coverageIds: [wsl2.raw-remote-cdp-to-windows-chrome] description: Raw remote CDP access from WSL2 to a Windows Chrome instance. - name: Host-local Chrome MCP coverageIds: [wsl2.host-local-chrome-mcp] description: Host-local Chrome MCP and existing-session boundary - name: Browser profile cdpUrl coverageIds: [wsl2.browser-profile-cdpurl] description: Browser profile cdpUrl and attachOnly config - name: Layered diagnostics coverageIds: [wsl2.layered-diagnostics] description: Layered diagnostics for auth/origin/CDP failures docs: - docs/tools/browser-wsl2-windows-remote-cdp-troubleshooting.md - docs/tools/browser.md - docs/web/control-ui.md search_anchors: - Raw remote CDP from WSL2 to Windows - Windows Control UI URL - Host-local Chrome MCP category_note: split-host-browser-and-control-ui-interop.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: native-windows-cli-and-gateway name: Native Windows family: platform-app level: alpha level_code: M2 rationale: Core CLI/Gateway flows work, but docs still recommend WSL2 for the full experience and list native caveats. completeness_instructions: references/completeness/native-windows-cli-and-gateway.md categories: - name: CLI id: cli features: - name: PowerShell installer coverageIds: [windows.powershell-installer] description: Native Windows install.ps1 hosted installer path and flags. - name: Node and package-manager bootstrap coverageIds: [windows.node-and-package-manager-bootstrap] description: Node, Git, pnpm, npm, and PATH bootstrap for native Windows. - name: npm global install coverageIds: [windows.npm-global-install] description: npm global install, git checkout install, and generated openclaw.cmd. - name: Packaged CLI launcher coverageIds: [windows.packaged-cli-launcher] description: Packaged openclaw CLI launcher, version, and doctor entrypoints. - name: Windows command shims coverageIds: [windows.command-shims] description: Windows .cmd launcher, PATHEXT, and package-manager shim compatibility. - name: openclaw onboard coverageIds: [windows.openclaw-onboard] description: openclaw onboard and openclaw onboard --non-interactive on native Windows - name: Local Gateway config coverageIds: [windows.local-gateway-config] description: Local Gateway config, auth choice, gateway token/password SecretRef handling, and local endpoint defaults. - name: Daemon install flags coverageIds: [windows.daemon-install-flags] description: Daemon install flags for native Windows onboarding. - name: Native-vs-WSL setup boundary coverageIds: [windows.native-vs-wsl-setup-boundary] description: Setup boundary between native Windows Gateway and the recommended WSL2 path. docs: - docs/install/index.md - docs/install/installer.md - docs/platforms/windows.md - docs/start/getting-started.md - docs/cli/onboard.md search_anchors: - native windows cli setup - install.ps1 - PowerShell - openclaw.cmd - PATHEXT - openclaw onboard - Local Gateway config - daemon install category_note: native-powershell-install-and-cli-entrypoints.md human_lts_override: true - name: Gateway Management id: gateway-management features: - name: openclaw gateway coverageIds: [windows.openclaw-gateway] description: openclaw gateway, openclaw gateway run, openclaw gateway status, and foreground process behavior. - name: Foreground runtime health/readiness coverageIds: [windows.foreground-runtime-health-readiness] description: Foreground runtime health/readiness and local loopback Gateway targets - name: Windows-specific restart/signal coverageIds: [windows.specific-restart-signal] description: Windows-specific restart/signal and process-control behavior - name: Unmanaged foreground mode coverageIds: [windows.unmanaged-foreground-mode] description: Operator expectations when running without a managed Scheduled Task. - name: openclaw gateway install coverageIds: [windows.openclaw-gateway-install] description: openclaw gateway install, status, start, stop, restart, and managed startup behavior. - name: Gateway launcher files coverageIds: [windows.gateway-launcher-files] description: Generated gateway.cmd and hidden launcher files for managed startup. - name: Scheduled Task runtime status coverageIds: [windows.scheduled-task-runtime-status] description: Scheduled Task runtime status, task-user selection, listener/PID fallback, and task repair. - name: Startup-folder fallback coverageIds: [windows.startup-folder-fallback] description: Startup-folder fallback when Task Scheduler is unavailable. - name: openclaw status coverageIds: [windows.openclaw-status] description: openclaw status, openclaw gateway status, gateway status --deep, and Windows repair guidance. - name: Windows service inspection coverageIds: [windows.service-inspection] description: Windows service inspection, Task Scheduler runtime parsing, Startup-folder - name: Post-install diagnostics coverageIds: [windows.post-install-diagnostics] description: Expected diagnostics, status, and repair behavior after native Windows install. docs: - docs/platforms/windows.md - docs/gateway/index.md - docs/cli/gateway.md - docs/cli/doctor.md search_anchors: - openclaw gateway - Foreground runtime - Windows signal handling - openclaw gateway install - Scheduled Tasks - Startup-folder - openclaw status - openclaw doctor - Gateway diagnostics category_note: native-gateway-foreground-runtime-and-process-control.md human_lts_override: false - name: Networking id: networking features: - name: Native Windows host networking coverageIds: [windows.native-windows-host-networking] description: Native Windows host binding and Gateway exposure behavior. - name: netsh interface portproxy coverageIds: [windows.netsh-interface-portproxy] description: netsh interface portproxy, Windows Firewall rules, and WSL IP refresh - name: Gateway status and probe output coverageIds: [windows.gateway-status-and-probe-output] description: Gateway status and probe output that helps operators verify Windows networking. - name: Loopback, LAN, and WSL boundary coverageIds: [windows.loopback-lan-and-wsl-boundary] description: Boundaries between loopback, LAN, and WSL exposure modes. docs: - docs/platforms/windows.md - docs/gateway/index.md - docs/cli/gateway.md search_anchors: - portproxy - Gateway status - loopback - LAN category_note: windows-host-networking-portproxy-and-remote-access.md human_lts_override: false - name: Updates id: updates features: - name: openclaw update on native Windows package coverageIds: [windows.openclaw-update-on-native-windows-package] description: openclaw update on native Windows package installs - name: Managed Gateway stop/restart coverageIds: [windows.managed-gateway-stop-restart] description: Managed Gateway stop/restart and service metadata refresh during update - name: Detached update handoff coverageIds: [windows.detached-update-handoff] description: Detached update handoff from a running Gateway. - name: Windows package locks coverageIds: [windows.package-locks] description: Windows package locks, EBUSY/EPERM behavior, staged swaps, child-window docs: - docs/install/updating.md - docs/ci.md search_anchors: - openclaw update - package locks - restart handoff category_note: windows-update-restart-handoff-and-package-locks.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: native-windows-companion-app name: Native Windows companion app family: platform-app level: planned level_code: M0 rationale: Planned only. completeness_instructions: references/completeness/native-windows-companion-app.md categories: - name: Installation and Updates id: installation-and-updates features: - name: Official app download coverageIds: [windows.official-app-download] description: Official app download or installer path for the native Windows companion app. - name: MSI/MSIX/App Installer/winget-style packaging coverageIds: [windows.msi-msix-app-installer-winget-style-packaging] description: MSI/MSIX/App Installer/winget-style packaging, signing, update, rollback, uninstall, and desktop entries - name: Windows architecture handling for x64 coverageIds: [windows.architecture-handling-for-x64] description: Windows architecture handling for x64 and ARM64 - name: App release channel coverageIds: [windows.app-release-channel] description: App release channel, architecture handling, and update availability. docs: - docs/platforms/windows.md - docs/install/index.md search_anchors: - Native Windows companion apps are planned - Windows companion app - App Installer - winget category_note: packaging-install-update-desktop-integration.md human_lts_override: false - name: Gateway Connection id: gateway-connection features: - name: App-managed local Gateway attach/start coverageIds: [windows.app-managed-local-gateway-attach-start] description: App-managed local Gateway attach/start and status - name: Remote Gateway connection modes coverageIds: [windows.remote-gateway-connection-modes] description: Remote Gateway connection modes, token/TLS handling, and reconnect - name: Device/node pairing coverageIds: [windows.device-node-pairing] description: Device/node pairing, pending approval UX, and pairing recovery docs: - docs/platforms/windows.md - docs/gateway/index.md - docs/gateway/pairing.md - docs/gateway/remote.md search_anchors: - Windows companion app - local Gateway - remote Gateway - pairing category_note: gateway-connection-pairing-local-remote.md human_lts_override: false - name: Chat Sessions id: chat-sessions features: - name: Native Windows chat window coverageIds: [windows.native-windows-chat-window] description: Native Windows chat window, transcript, composer, session picker, model/thinking controls, abort/follow-up actions, reconnect handling, and tool rendering - name: Gateway chat transport coverageIds: [gateway.chat-transport] description: Gateway chat transport and session control from the native Windows app. docs: - docs/platforms/windows.md - docs/gateway/protocol.md search_anchors: - WebChat - Gateway WebSocket - Windows companion app category_note: native-chat-session-controls.md human_lts_override: false - name: Status and Repair id: status-and-repair features: - name: App health states coverageIds: [windows.app-health-states] description: App health states, Gateway/node readiness, diagnostic panels, log opening, update status, repair actions, and support bundle behavior - name: App-specific repair coverageIds: [windows.app-specific-repair] description: App-specific repair for pairing, permissions, service lifecycle, stale versions, and protocol mismatch - name: Windows system tray app coverageIds: [windows.system-tray-app] description: Windows system tray app, status icon, status menu, native notifications, and app launch/quit controls - name: Status indicators coverageIds: [windows.status-indicators] description: Status indicators for Gateway, node pairing, work activity, and updates - name: App-specific notification permission coverageIds: [windows.app-specific-notification-permission] description: App-specific notification permission and failure handling docs: - docs/platforms/windows.md - docs/gateway/doctor.md - docs/gateway/index.md search_anchors: - Windows companion app - Gateway status - doctor repair - system tray - native notifications category_note: diagnostics-health-operator-repair.md human_lts_override: false - name: Desktop Tools and Permissions id: desktop-tools-and-permissions features: - name: Windows node identity coverageIds: [windows.node-identity] description: Windows node identity and capability advertisement. - name: Host command execution coverageIds: [tools.host-command-execution] description: Host command execution through system.run and related desktop tools. - name: Desktop command policy coverageIds: [windows.desktop-command-policy] description: Desktop command allow/deny policy for native Windows tools. - name: App approval prompts coverageIds: [windows.app-approval-prompts] description: App UI prompts for approval-sensitive desktop commands. - name: Screen and media capture coverageIds: [windows.screen-and-media-capture] description: Screen snapshot, recording, and native media capture affordances. - name: Canvas host behavior coverageIds: [windows.canvas-host-behavior] description: Canvas and A2UI host behavior in a native Windows companion app. - name: Windows shell integrations coverageIds: [windows.shell-integrations] description: Windows shell and PowerToys-style desktop integrations. - name: App secrets coverageIds: [windows.app-secrets] description: App secrets, token persistence, secure local IPC, app signing identity, AppContainer or desktop permission posture - name: Windows ACL coverageIds: [windows.acl] description: Windows ACL and filesystem hygiene for app-owned state - name: Command approval coverageIds: [windows.command-approval] description: Command approval and dangerous capability gating as surfaced to users docs: - docs/platforms/windows.md - docs/nodes/index.md - docs/tools/exec.md - docs/tools/exec-approvals.md - docs/gateway/security/index.md search_anchors: - node host - system.run - Exec approvals - screen capture - Windows ACL - app secrets category_note: node-host-capabilities-exec-approvals.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: android-app name: Android app family: platform-app level: stable level_code: M4 rationale: Official Google Play distribution exists, source build/run docs are maintained, and the Android app is documented as a normal companion node for users. completeness_instructions: references/completeness/android-app.md categories: - name: Media Capture id: media-capture features: - name: Camera and media capture coverageIds: [android.camera-and-media-capture] description: Camera listing, capture, photo, screen, and media capture behavior. docs: - docs/platforms/android.md - docs/nodes/camera.md search_anchors: - camera.list - camera.capture - screen capture category_note: camera-media-capture.md human_lts_override: false - name: Mobile Chat id: mobile-chat features: - name: Chat tab coverageIds: [android.chat-tab] description: Chat tab, session list/filtering, composer, image attachments, message parsing/rendering, model/provider status adjacent to chat, and Gateway chat RPC integration docs: - docs/platforms/android.md search_anchors: - Chat tab - chat.history - mobile UI category_note: chat-sessions-ui.md human_lts_override: false - name: Connection Setup id: connection-setup features: - name: Gateway discovery coverageIds: [gateway.discovery] description: Gateway discovery, setup-code and manual endpoint parsing, WS/WSS connection setup, TLS trust decisions, device identity, stored device tokens, node/operator auth, and connection error handling docs: - docs/platforms/android.md - docs/gateway/bonjour.md - docs/gateway/pairing.md search_anchors: - Setup Code - Manual - Bonjour category_note: gateway-pairing-security.md human_lts_override: false - name: Distribution id: distribution features: - name: Public Google Play install path coverageIds: [android.public-google-play-install-path] description: Public Google Play install path and source build/run entrypoints - name: Manual install path coverageIds: [android.manual-install-path] description: Manual install path and Google Play distribution behavior. - name: Release smoke and startup performance coverageIds: [android.release-smoke-and-startup-performance] description: Release smoke and startup performance checks for Android app distribution. docs: - docs/platforms/android.md search_anchors: - Google Play - Manual - Startup macrobenchmark category_note: install-release-distribution.md human_lts_override: false - name: Settings id: settings features: - name: Settings sheet coverageIds: [android.settings-sheet] description: Settings sheet and settings detail screens, permission request UX, notification forwarding controls, Nodes & Devices status, provider/model diagnostics, secure preferences, and copyable Gateway diagnostic report docs: - docs/platforms/android.md search_anchors: - Settings sheet - Notification forwarding - diagnostics category_note: settings-permissions-diagnostics.md human_lts_override: false - name: Voice id: voice features: - name: Voice tab coverageIds: [android.voice-tab] description: Voice tab, manual mic capture, Talk Mode listen/think/speak loop, Gateway Talk config, talk.speak, realtime relay mode, voice capture service type, and voice e2e receiver/script docs: - docs/platforms/android.md - docs/nodes/talk.md search_anchors: - Talk Mode - Voice tab - wake category_note: voice-talk-wake.md human_lts_override: false - name: Device Runtime id: device-runtime features: - name: Background reconnect and presence coverageIds: [android.background-reconnect-and-presence] description: Foreground-service presence, reconnect, and node presence behavior. - name: Device command availability coverageIds: [android.device-command-availability] description: Android device command availability and capability advertisement. docs: - docs/platforms/android.md - docs/nodes/troubleshooting.md - docs/gateway/protocol.md search_anchors: - foreground service - node.presence.alive - background reconnect - Additional Android command families - node capabilities - command handling category_note: node-device-capabilities.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: ios-app name: iOS app family: platform-app level: stable level_code: M4 rationale: Official App Store distribution exists, relay-backed push is documented, and the iOS app is documented as a normal companion node for users. completeness_instructions: references/completeness/ios-app.md categories: - name: Media and Sharing id: media-and-sharing features: - name: Camera list/snap/clip coverageIds: [ios.camera-list-snap-clip] description: Camera list/snap/clip, photo-library latest image payloads, screen recording as media, Share Extension draft/send flow, attachment extraction, gateway relay settings for share, and mobile media payload limits docs: - docs/platforms/ios.md - docs/nodes/camera.md search_anchors: - camera list - photo library - Share Extension category_note: camera-media-photos-and-share-extension.md human_lts_override: false - name: Canvas and Screen id: canvas-and-screen features: - name: Canvas present/hide/navigate/eval/snapshot coverageIds: [ios.canvas-present-hide-navigate-eval-snapshot] description: Canvas present/hide/navigate/eval/snapshot, A2UI reset/push/pushJSONL, WKWebView scaffold loading, trusted A2UI action bridge, screen recording, foreground command gates, and Gateway Canvas host URL handling docs: - docs/platforms/ios.md - docs/plugins/reference/canvas.md search_anchors: - Canvas - A2UI - WKWebView category_note: canvas-screen-and-a2ui.md human_lts_override: false - name: Chat and Sessions id: chat-and-sessions features: - name: Chat sessions and operator controls coverageIds: [ios.chat-sessions-and-operator-controls] description: Operator session transport, Chat tab, chat composer/history/streaming/tool display, command-center, permissions, and session controls. docs: - docs/platforms/ios.md - docs/web/webchat.md - docs/gateway/protocol.md search_anchors: - Chat tab - chat composer - command-center - session picker category_note: chat-operator-ui-and-session-controls.md human_lts_override: false - name: Gateway Setup and Diagnostics id: gateway-setup-and-diagnostics features: - name: Bonjour/local coverageIds: [ios.bonjour-local] description: Bonjour/local and wide-area gateway discovery - name: Manual host/port coverageIds: [ios.manual-host-port] description: Manual host/port and QR/setup-code onboarding - name: Gateway connect configuration persistence coverageIds: [ios.gateway-connect-configuration-persistence] description: Gateway connect configuration persistence behavior, status, and operator-visible verification. - name: TLS fingerprint trust prompt coverageIds: [ios.tls-fingerprint-trust-prompt] description: TLS fingerprint trust prompt and pinning behavior - name: Pairing approval coverageIds: [ios.pairing-approval] description: Pairing approval, device auth/keychain storage, and node+operator session auth - name: Pairing/auth diagnostics for users coverageIds: [ios.pairing-auth-diagnostics-for-users] description: Pairing/auth diagnostics for users and operators - name: Settings tab coverageIds: [ios.settings-tab] description: Settings tab, Gateway settings, manual networking helpers, QR/setup-code intake, permission toggles and requests, discovery logs, Gateway problem details, diagnostics issue list, notification authorization state, and visible recovery actions docs: - docs/platforms/ios.md - docs/channels/pairing.md search_anchors: - Quick start (pair + connect) - Discovery paths - Node device pairing - Bonjour / DNS-SD discovery - TLS fingerprint trust - Settings tab - permission toggles - diagnostics category_note: settings-permissions-and-diagnostics.md human_lts_override: false - name: Distribution id: distribution features: - name: App distribution coverageIds: [ios.internal-preview-status] description: App Store distribution, source/Xcode manual deploy, local signing, XcodeGen project generation, Fastlane App Store archive/upload, versioning/changelog/metadata, release artifacts, and official-vs-local build flags docs: - docs/platforms/ios.md search_anchors: - App Store - Xcode manual deploy - signing category_note: install-signing-and-testflight-distribution.md human_lts_override: false - name: Device Commands id: device-commands features: - name: Location modes coverageIds: [ios.location-modes] description: Location modes, current location, significant-location events, motion activity and pedometer, contacts, calendar, reminders, permission request bridges, and personal-context command payloads - name: Device command handling coverageIds: [ios.device-command-handling] description: iOS device command handling, foreground/background gating, command specifications, and capability visibility. docs: - docs/platforms/ios.md - docs/gateway/protocol.md search_anchors: - location - motion activity - calendar - contacts - reminders - node.invoke - device commands - foreground/background command gating category_note: node-capability-routing-and-device-commands.md human_lts_override: false - name: Notifications and Background id: notifications-and-background features: - name: APNs registration and relay delivery coverageIds: [ios.apns-registration-and-relay-delivery] description: Direct and relay-backed APNs registration, push relay trust, stored relay handles, background alive windows, and Live Activity updates. docs: - docs/platforms/ios.md - docs/gateway/configuration.md search_anchors: - APNs registration - push relay - Live Activity - background alive category_note: relay-push-background-and-live-activity.md human_lts_override: false - name: Voice id: voice features: - name: Voice wake coverageIds: [ios.voice-wake] description: Voice wake, trigger-word sync, Talk Mode, push-to-talk commands, realtime Gateway relay, Speech and microphone permissions, audio session coordination, background suspension, and voice settings docs: - docs/platforms/ios.md - docs/nodes/talk.md search_anchors: - Voice wake - Talk Mode - push-to-talk category_note: voice-talk-mode-and-wake.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: watchos-companion-surfaces name: watchOS companion surfaces family: platform-app level: experimental level_code: M1 rationale: Source has Watch app/extension surfaces; public docs do not yet present this as a user feature. completeness_instructions: references/completeness/watchos-companion-surfaces.md categories: - name: Delivery and Recovery id: delivery-and-recovery features: - name: APNs relay/direct registration as it affects coverageIds: [watchos.apns-relay-direct-registration-as-it-affects] description: APNs relay/direct registration as it affects watch approval wake/recovery - name: Silent push coverageIds: [watchos.silent-push] description: Silent push, background refresh, and significant-location wake paths - name: Pending approval recovery IDs coverageIds: [watchos.pending-approval-recovery-ids] description: Pending approval recovery IDs, snapshot refresh, and resolved/stale cleanup - name: Gateway-side iOS exec approval coverageIds: [watchos.gateway-side-ios-exec-approval] description: Gateway-side iOS exec approval APNs targeting - name: iPhone-side WatchConnectivity transport coverageIds: [watchos.iphone-side-watchconnectivity-transport] description: iPhone-side WatchConnectivity transport and status snapshot - name: Watch-side receiver activation coverageIds: [watchos.watch-side-receiver-activation] description: Watch-side receiver activation and inbound payload handling - name: Delivery fallback among reachable messages coverageIds: [watchos.delivery-fallback-among-reachable-messages] description: Delivery fallback among reachable messages, queued user info, and application context snapshots docs: - docs/platforms/ios.md search_anchors: - watchos companion surfaces apns background recovery and stale approval cleanup - apns background recovery and stale approval cleanup - watchos companion surfaces watchconnectivity session status and delivery - watchconnectivity session status and delivery category_note: apns-background-recovery-and-stale-approval-cleanup.md human_lts_override: false - name: Exec Approvals id: exec-approvals features: - name: Watch exec approval prompt coverageIds: [watchos.watch-exec-approval-prompt] description: Watch exec approval prompt, snapshot, resolve, resolved, and expired payloads - name: Watch approval list/detail UI coverageIds: [watchos.watch-approval-list-detail-ui] description: Watch approval list/detail UI and decision buttons - name: iPhone-side prompt caching coverageIds: [watchos.iphone-side-prompt-caching] description: iPhone-side prompt caching, watch prompt publishing, snapshot handling, and resolution docs: - docs/tools/exec-approvals.md - docs/platforms/ios.md search_anchors: - watchos companion surfaces exec approval review, decisions, and snapshots - exec approval review, decisions, and snapshots category_note: exec-approval-review-decisions-and-snapshots.md human_lts_override: false - name: Distribution and Support id: distribution-and-support features: - name: Watch app coverageIds: [watchos.watch-app] description: Watch app and WatchKit extension targets - name: Signing/profile variables coverageIds: [watchos.signing-profile-variables] description: Signing/profile variables, bundle identifiers, icon assets, and iOS App Store release flow - name: Public/support status coverageIds: [watchos.public-support-status] description: Public/support status for the watch companion as distributed through the iOS app - name: Changelog coverageIds: [watchos.changelog] description: Changelog and repo-history evidence for watchOS companion maturity - name: Release metadata coverageIds: [watchos.release-metadata] description: Release metadata and App Store preparation evidence - name: Historical bug/regression themes relevant to scoring coverageIds: [watchos.historical-bug-regression-themes-relevant-to-scoring] description: Historical bug/regression themes relevant to scoring current source quality docs: - docs/platforms/ios.md search_anchors: - watchos companion surfaces packaging, signing, and distribution boundary - packaging, signing, and distribution boundary - watchos companion surfaces source history and release evidence - source history and release evidence category_note: packaging-signing-and-distribution-boundary.md human_lts_override: false - name: Notifications and Replies id: notifications-and-replies features: - name: watch.status coverageIds: [watchos.watch-status] description: watch.status and watch.notify command contracts - name: Payload normalization coverageIds: [watchos.payload-normalization] description: Payload normalization for title/body, prompt/session metadata, priority, risk, and action buttons - name: Mirrored iOS notification fallback when watch coverageIds: [watchos.mirrored-ios-notification-fallback-when-watch] description: Mirrored iOS notification fallback when watch delivery is queued - name: Watch action buttons from generic prompt coverageIds: [watchos.watch-action-buttons-from-generic-prompt] description: Watch action buttons from generic prompt notifications - name: Watch-to-iPhone reply payloads coverageIds: [watchos.watch-to-iphone-reply-payloads] description: Watch-to-iPhone reply payloads behavior, status, and operator-visible verification. - name: iPhone-side dedupe coverageIds: [watchos.iphone-side-dedupe] description: iPhone-side dedupe, offline queueing, and agent request forwarding - name: Mirrored iOS notification action coverageIds: [watchos.mirrored-ios-notification-action] description: Mirrored iOS notification action fallback docs: - docs/platforms/ios.md search_anchors: - watchos companion surfaces watch notify command, payloads, and prompt defaults - watch notify command, payloads, and prompt defaults - watchos companion surfaces quick reply actions and agent handoff - quick reply actions and agent handoff category_note: watch-notify-command-payloads-and-prompt-defaults.md human_lts_override: false - name: Watch App UI id: watch-app-ui features: - name: Watch app entry point coverageIds: [watchos.watch-app-entry-point] description: Watch app entry point and SwiftUI navigation - name: Generic inbox coverageIds: [watchos.generic-inbox] description: Generic inbox, prompt actions, exec approval loading/list/detail views - name: Persistent watch inbox state coverageIds: [watchos.persistent-watch-inbox-state] description: Persistent watch inbox state and duplicate-delivery suppression docs: - docs/platforms/ios.md search_anchors: - watchos companion surfaces watch inbox ui and persistent state - watch inbox ui and persistent state category_note: watch-inbox-ui-and-persistent-state.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: raspberry-pi-small-linux-devices name: Raspberry Pi and small Linux devices family: platform-app level: beta level_code: M3 rationale: Platform docs exist and Gateway path is Linux-based. Needs hardware-specific release smoke proof to move higher. completeness_instructions: references/completeness/raspberry-pi-small-linux-devices.md categories: - name: Setup and Compatibility id: setup-and-compatibility features: - name: Hardware and 64-bit OS requirements coverageIds: [raspberry-pi.hardware-and-64-bit-os-requirements] description: Defines Hardware and 64-bit OS requirements setup, credential, configuration, and operator verification behavior for ARM Linux Setup and Prerequisites. - name: Node runtime setup coverageIds: [raspberry-pi.node-runtime-setup] description: Defines Node runtime setup setup, credential, configuration, and operator verification behavior for ARM Linux Setup and Prerequisites. - name: OpenClaw install and onboarding coverageIds: [raspberry-pi.openclaw-install-and-onboarding] description: Defines OpenClaw install and onboarding setup, credential, configuration, and operator verification behavior for ARM Linux Setup and Prerequisites. - name: First-run verification coverageIds: [raspberry-pi.first-run-verification] description: Defines First-run verification setup, credential, configuration, and operator verification behavior for ARM Linux Setup and Prerequisites. - name: Supported Pi model selection coverageIds: [raspberry-pi.supported-pi-model-selection] description: Defines Supported Pi model selection setup, credential, configuration, and operator verification behavior for Hardware Support Boundary. - name: 64-bit ARM boundary coverageIds: [raspberry-pi.64-bit-arm-boundary] description: Defines 64-bit ARM boundary setup, credential, configuration, and operator verification behavior for Hardware Support Boundary. - name: Unsupported device guidance coverageIds: [raspberry-pi.unsupported-device-guidance] description: Defines Unsupported device guidance setup, credential, configuration, and operator verification behavior for Hardware Support Boundary. - name: Slow-device caveats coverageIds: [raspberry-pi.slow-device-caveats] description: Defines Slow-device caveats setup, credential, configuration, and operator verification behavior for Hardware Support Boundary. - name: npm/pnpm/Bun install modes coverageIds: [raspberry-pi.npm-pnpm-bun-install-modes] description: Defines npm/pnpm/Bun install modes setup, credential, configuration, and operator verification behavior for Package Manager and ARM Binary Compatibility. - name: Installer architecture detection coverageIds: [raspberry-pi.installer-architecture-detection] description: Defines Installer architecture detection setup, credential, configuration, and operator verification behavior for Package Manager and ARM Binary Compatibility. - name: Optional ARM binary checks coverageIds: [raspberry-pi.optional-arm-binary-checks] description: Defines Optional ARM binary checks setup, credential, configuration, and operator verification behavior for Package Manager and ARM Binary Compatibility. - name: Fallback/build guidance coverageIds: [raspberry-pi.fallback-build-guidance] description: Defines Fallback/build guidance setup, credential, configuration, and operator verification behavior for Package Manager and ARM Binary Compatibility. docs: - docs/install/raspberry-pi.md - docs/install/index.md - docs/help/faq-first-run.md - docs/help/faq.md - docs/platforms/linux.md - docs/install/installer.md search_anchors: - Hardware and 64-bit OS requirements - Node runtime setup - OpenClaw install and onboarding - First-run verification - Hardware compatibility - Install Node.js 24 - API keys are recommended over OAuth - Access the Control UI - Supported Pi model selection - 64-bit ARM boundary - Unsupported device guidance - Slow-device caveats - npm/pnpm/Bun install modes - Installer architecture detection - Optional ARM binary checks - Fallback/build guidance category_note: arm-linux-install-and-runtime-prerequisites.md human_lts_override: false - name: Remote Access and Auth id: remote-access-and-auth features: - name: Headless API-key auth coverageIds: [raspberry-pi.headless-api-key-auth] description: Defines Headless API-key auth context assembly, persistence, token-pressure handling, and recovery behavior for Gateway Auth, Device Pairing, and Secrets. - name: Gateway shared-secret auth coverageIds: [raspberry-pi.gateway-shared-secret-auth] description: Defines Gateway shared-secret auth context assembly, persistence, token-pressure handling, and recovery behavior for Gateway Auth, Device Pairing, and Secrets. - name: Device pairing approvals coverageIds: [raspberry-pi.device-pairing-approvals] description: Defines Device pairing approvals context assembly, persistence, token-pressure handling, and recovery behavior for Gateway Auth, Device Pairing, and Secrets. - name: SecretRef handling coverageIds: [raspberry-pi.secretref-handling] description: Defines SecretRef handling context assembly, persistence, token-pressure handling, and recovery behavior for Gateway Auth, Device Pairing, and Secrets. - name: Token drift recovery coverageIds: [raspberry-pi.token-drift-recovery] description: Defines Token drift recovery context assembly, persistence, token-pressure handling, and recovery behavior for Gateway Auth, Device Pairing, and Secrets. - name: SSH tunnel dashboard access coverageIds: [raspberry-pi.ssh-tunnel-dashboard-access] description: Defines SSH tunnel dashboard access setup, credential, configuration, and operator verification behavior for Remote Access and Control UI. - name: Tailscale Serve/Funnel coverageIds: [raspberry-pi.tailscale-serve-funnel] description: Defines Tailscale Serve/Funnel setup, credential, configuration, and operator verification behavior for Remote Access and Control UI. - name: Loopback/non-loopback exposure controls coverageIds: [raspberry-pi.loopback-non-loopback-exposure-controls] description: Defines Loopback/non-loopback exposure controls setup, credential, configuration, and operator verification behavior for Remote Access and Control UI. - name: Authenticated Control UI access coverageIds: [raspberry-pi.authenticated-control-ui-access] description: Defines Authenticated Control UI access setup, credential, configuration, and operator verification behavior for Remote Access and Control UI. docs: - docs/install/raspberry-pi.md - docs/gateway/authentication.md - docs/gateway/secrets.md - docs/gateway/pairing.md - docs/cli/devices.md - docs/gateway/remote.md - docs/gateway/tailscale.md search_anchors: - Headless API-key auth - Gateway shared-secret auth - Device pairing approvals - SecretRef handling - Token drift recovery - Hardware compatibility - Install Node.js 24 - API keys are recommended over OAuth - SSH tunnel dashboard access - Tailscale Serve/Funnel - Loopback/non-loopback exposure controls - Authenticated Control UI access - Access the Control UI category_note: remote-access-tailscale-ssh-and-control-ui.md human_lts_override: false - name: Gateway Runtime id: gateway-runtime features: - name: Always-on Gateway process coverageIds: [raspberry-pi.always-on-gateway-process] description: Defines Always-on Gateway process setup, credential, configuration, and operator verification behavior for Headless Gateway and Model Setup. - name: Cloud model configuration coverageIds: [raspberry-pi.cloud-model-configuration] description: Defines Cloud model configuration setup, credential, configuration, and operator verification behavior for Headless Gateway and Model Setup. - name: Channel startup coverageIds: [raspberry-pi.channel-startup] description: Defines Channel startup setup, credential, configuration, and operator verification behavior for Headless Gateway and Model Setup. - name: Gateway health/status coverageIds: [raspberry-pi.gateway-health-status] description: Defines Gateway health/status setup, credential, configuration, and operator verification behavior for Headless Gateway and Model Setup. - name: User service install coverageIds: [raspberry-pi.user-service-install] description: Defines User service install setup, credential, configuration, and operator verification behavior for systemd Service and Boot Persistence. - name: linger/boot persistence coverageIds: [raspberry-pi.linger-boot-persistence] description: Defines linger/boot persistence setup, credential, configuration, and operator verification behavior for systemd Service and Boot Persistence. - name: Service drop-ins coverageIds: [raspberry-pi.service-drop-ins] description: Defines Service drop-ins setup, credential, configuration, and operator verification behavior for systemd Service and Boot Persistence. - name: Restart tuning coverageIds: [raspberry-pi.restart-tuning] description: Defines Restart tuning setup, credential, configuration, and operator verification behavior for systemd Service and Boot Persistence. - name: Status/log inspection coverageIds: [raspberry-pi.status-log-inspection] description: Defines Status/log inspection setup, credential, configuration, and operator verification behavior for systemd Service and Boot Persistence. - name: Backup/restore coverageIds: [raspberry-pi.backup-restore] description: Defines Backup/restore setup, credential, configuration, and operator verification behavior for systemd Service and Boot Persistence. docs: - docs/gateway/index.md - docs/cli/gateway.md - docs/install/raspberry-pi.md - docs/platforms/linux.md - docs/vps.md search_anchors: - Always-on Gateway process - Cloud model configuration - Channel startup - Gateway health/status - Hardware compatibility - Install Node.js 24 - API keys are recommended over OAuth - Access the Control UI - User service install - linger/boot persistence - Service drop-ins - Restart tuning - Status/log inspection - Backup/restore category_note: headless-gateway-runtime-and-model-routing.md human_lts_override: false - name: Performance and Diagnostics id: performance-and-diagnostics features: - name: Swap and low-RAM tuning coverageIds: [raspberry-pi.swap-and-low-ram-tuning] description: Defines Swap and low-RAM tuning setup, credential, configuration, and operator verification behavior for Resource Tuning and Diagnostics. - name: USB SSD guidance coverageIds: [raspberry-pi.usb-ssd-guidance] description: Defines USB SSD guidance setup, credential, configuration, and operator verification behavior for Resource Tuning and Diagnostics. - name: Compile cache/no-respawn settings coverageIds: [raspberry-pi.compile-cache-no-respawn-settings] description: Defines Compile cache/no-respawn settings setup, credential, configuration, and operator verification behavior for Resource Tuning and Diagnostics. - name: OOM/performance troubleshooting coverageIds: [raspberry-pi.oom-performance-troubleshooting] description: Defines OOM/performance troubleshooting setup, credential, configuration, and operator verification behavior for Resource Tuning and Diagnostics. - name: Diagnostics bundles coverageIds: [raspberry-pi.diagnostics-bundles] description: Defines Diagnostics bundles setup, credential, configuration, and operator verification behavior for Resource Tuning and Diagnostics. docs: - docs/install/raspberry-pi.md - docs/platforms/linux.md - docs/gateway/health.md - docs/gateway/diagnostics.md search_anchors: - Swap and low-RAM tuning - USB SSD guidance - Compile cache/no-respawn settings - OOM/performance troubleshooting - Diagnostics bundles - Hardware compatibility - Install Node.js 24 - API keys are recommended over OAuth category_note: resource-tuning-diagnostics-and-low-memory-behavior.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: docker-podman-hosting name: Docker and Podman hosting family: platform-app level: beta level_code: M3 rationale: Install docs exist and are common deployment paths. Promote after recurring release smoke captures upgrade and volume behavior. completeness_instructions: references/completeness/docker-podman-hosting.md categories: - name: Container Setup id: container-setup features: - name: Local Image Setup Script coverageIds: [docker.local-image-setup-script] description: Covers Local Image Setup Script across `./scripts/docker/setup.sh` local-image and GHCR-image setup. Docker Compose gateway and sidecar CLI shape. First-run onboarding, token handling, bind/origin defaults, and post-start channel setup commands. Docker-only first-run notes, and related docker install, compose, and first-run setup behavior. - name: Docker Compose gateway coverageIds: [docker.compose-gateway] description: Docker Compose gateway and sidecar CLI shape - name: First-run onboarding coverageIds: [docker.first-run-onboarding] description: First-run onboarding, token handling, bind/origin defaults, and post-start channel setup commands - name: Docker-only first-run notes coverageIds: [docker.only-first-run-notes] description: Docker-only first-run notes, excluding Podman rootless setup and general Gateway protocol internals - name: Podman setup scripts and Quadlet template coverageIds: [docker.setup-scripts-and-quadlet-template] description: Podman setup docs, scripts/podman/setup.sh, scripts/run-openclaw-podman.sh, and scripts/podman/openclaw.container.in - name: Rootless Podman image setup coverageIds: [docker.rootless-podman-image-setup] description: Rootless Podman image setup, launch, setup/onboarding, host CLI routing, Quadlet autostart, and owner/permission checks docs: - docs/install/docker.md - docs/install/podman.md search_anchors: - docker / podman hosting docker install, compose, and first-run setup - docker install, compose, and first-run setup - docker / podman hosting podman rootless, quadlet, and host cli - podman rootless, quadlet, and host cli category_note: docker-install-compose-and-first-run-setup.md human_lts_override: false - name: Container Operations id: container-operations features: - name: Host CLI routing into running Docker/Podman coverageIds: [docker.host-cli-routing-into-running-docker-podman] description: Host CLI routing into running Docker/Podman containers - name: Container Targeting coverageIds: [docker.container-targeting] description: Covers Container Targeting across Host CLI routing into running Docker/Podman containers. `--container` and `OPENCLAW_CONTAINER` behavior, env handling, ambiguous runtime detection, loopback proxy guard, and related host cli container targeting and update lifecycle behavior. - name: Container update/rebuild/restart guidance for Docker coverageIds: [docker.container-update-rebuild-restart-guidance-for-docker] description: Container update/rebuild/restart guidance for Docker and Podman hosts - name: Docker Compose mounts and secrets coverageIds: [docker.compose] description: Docker Compose and Podman config/workspace/auth-profile secret mounts - name: Gateway token generation coverageIds: [docker.gateway-token-generation] description: Gateway token generation, reuse, .env persistence, and Control UI allowed origins - name: Ownership coverageIds: [docker.ownership] description: Ownership, permissions, SELinux mount behavior, and state survival across container replacement - name: Docker Compose network access coverageIds: [docker.compose-network-access] description: Docker Compose and Podman port publishing, bind mode, host local provider access, Bonjour, Tailscale, and Control UI origins - name: Container health endpoints coverageIds: [docker.container-health-endpoints] description: Container health endpoints, Dockerfile/Compose healthchecks, openclaw health, logs, and metrics/OTel docs - name: Provider/VPS Docker hosting docs coverageIds: [docker.provider-vps-docker-hosting-docs] description: Provider/VPS Docker hosting docs and operational runbooks - name: Docker VM persistence/update guidance coverageIds: [docker.vm-persistence-update-guidance] description: Docker VM persistence/update guidance, Hetzner/Hostinger/DigitalOcean adjacency, Kubernetes/container warnings, and secure exposure - name: Operator-facing update coverageIds: [docker.operator-facing-update] description: Operator-facing update, backup, persistence, low-memory, and troubleshooting guidance docs: - docs/install/podman.md - docs/install/docker-vm-runtime.md - docs/install/docker.md - docs/install/hetzner.md - docs/install/hostinger.md search_anchors: - docker / podman hosting host cli container targeting and update lifecycle - host cli container targeting and update lifecycle - docker / podman hosting runtime configuration, state persistence, volumes, and secrets - runtime configuration, state persistence, volumes, and secrets - docker / podman hosting networking, control ui, health, and observability - networking, control ui, health, and observability - docker / podman hosting provider-hosted vps and operator runbooks - provider-hosted vps and operator runbooks category_note: runtime-configuration-state-volumes-and-secrets.md human_lts_override: false - name: Image Release and Validation id: image-release-and-validation features: - name: Root Dockerfile build stages coverageIds: [docker.root-dockerfile-build-stages] description: Root Dockerfile build stages, runtime image contents, optional browser and Docker CLI build args - name: Docker release workflow coverageIds: [docker.release-workflow] description: Docker release workflow for GHCR publishing, multi-arch tags, manifests, and attestation verification - name: Docker E2E package artifact generation coverageIds: [docker.package-artifact-generation] description: Docker E2E package artifact generation and shared build helpers - name: Docker E2E plan/scheduler scripts coverageIds: [docker.runtime-validation, harness.qa-lab, telemetry.prometheus] description: Docker E2E plan/scheduler scripts, lane metadata, targeted grouping, package artifact generation, and GitHub hydration action - name: Release-path install coverageIds: [docker.release-path-install] description: Release-path install, update, upgrade survivor, live-provider, plugin, Open WebUI, and cleanup scenario planning docs: - docs/install/docker.md - docs/install/docker-vm-runtime.md - docs/reference/full-release-validation.md search_anchors: - docker / podman hosting image build, release packaging, and attestations - image build, release packaging, and attestations - docker / podman hosting docker e2e release smoke and scheduler - docker e2e release smoke and scheduler category_note: image-build-release-packaging-and-attestations.md human_lts_override: false - name: Agent Sandbox and Tooling id: agent-sandbox-and-tooling features: - name: Docker gateway setup coverageIds: [docker.gateway-setup] description: Docker gateway setup with OPENCLAW_SANDBOX, Docker CLI build arg, socket mount, sandbox config writes, and rollback behavior - name: Docker-backed agent sandbox support coverageIds: [docker.backed-agent-sandbox-support] description: Docker-backed agent sandbox docs, source behavior, and tests that affect container-hosted Gateway operators. - name: Container image dependency baking coverageIds: [docker.container-image-dependency-baking] description: Container image dependency baking for skills/plugins/tools docs: - docs/install/docker.md - docs/install/docker-vm-runtime.md search_anchors: - docker / podman hosting containerized agents, sandbox, and tooling support - containerized agents, sandbox, and tooling support category_note: containerized-agents-sandbox-and-tooling-support.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: kubernetes-hosting name: Kubernetes hosting family: platform-app level: alpha level_code: M2 rationale: Kubernetes hosting is a distinct Kustomize-based cluster deployment path. Current scoring shows a real minimal deployment path with gaps around Kubernetes-specific CI, ingress/TLS/NetworkPolicy packaging, backup/restore, and production exposure hardening. completeness_instructions: references/completeness/kubernetes-hosting.md categories: - name: Deployment Setup id: deployment-setup features: - name: Kustomize packaging coverageIds: [kubernetes.kustomize-packaging] description: Kustomize-first deployment posture and Helm non-goal. - name: Cluster prerequisites coverageIds: [kubernetes.cluster-prerequisites] description: Cluster access, kubectl context, and provider-key prerequisites. - name: Quick deploy coverageIds: [kubernetes.quick-deploy] description: One-command cluster deployment path. - name: Manifest apply coverageIds: [kubernetes.manifest-apply] description: Step-by-step secret creation and manifest apply workflow. - name: Kind validation coverageIds: [kubernetes.kind-validation] description: Local Kind cluster test workflow. docs: - docs/install/kubernetes.md - docs/install/index.md search_anchors: - Why not Helm - What you need - Quick start - Local testing with Kind - Step by step - Deploy - File structure category_note: deployment-setup.md human_lts_override: false - name: Configuration and Secrets id: configuration-and-secrets features: - name: Agent instructions coverageIds: [kubernetes.agent-instructions] description: ConfigMap-based agent instruction injection. - name: Gateway config coverageIds: [kubernetes.gateway-config] description: ConfigMap-based Gateway configuration. - name: Provider secrets coverageIds: [kubernetes.provider-secrets] description: Kubernetes Secret-backed provider-key setup. - name: Secret rotation coverageIds: [kubernetes.secret-rotation] description: Provider-key patching and redeploy expectations. - name: Image and namespace coverageIds: [kubernetes.image-and-namespace] description: Custom image pinning and namespace override. docs: - docs/install/kubernetes.md - docs/gateway/secrets.md - docs/help/environment.md search_anchors: - Customization - Agent instructions - Gateway config - Add providers - Custom namespace - Custom image category_note: configuration-and-secrets.md human_lts_override: false - name: Access and Exposure id: access-and-exposure features: - name: Port-forward access coverageIds: [kubernetes.port-forward-access] description: kubectl port-forward path for local Gateway access. - name: Service endpoint coverageIds: [kubernetes.service-endpoint] description: Kubernetes Service access model for the Gateway. - name: Ingress exposure coverageIds: [kubernetes.ingress-exposure] description: Ingress and load-balancer exposure beyond port-forward. - name: Auth and TLS coverageIds: [kubernetes.auth-and-tls] description: Required authentication, TLS, and origin controls for exposed deployments. - name: Localhost posture coverageIds: [kubernetes.localhost-posture] description: Cluster-local runtime assumptions and localhost access boundaries. docs: - docs/install/kubernetes.md - docs/gateway/authentication.md - docs/gateway/remote.md - docs/gateway/security/exposure-runbook.md search_anchors: - Access the gateway - Port-forward access path - Expose beyond port-forward - Ingress and load-balancer exposure model - auth, TLS, and origins - localhost access posture category_note: access-and-exposure.md human_lts_override: false - name: Cluster Lifecycle id: cluster-lifecycle features: - name: Resource layout coverageIds: [kubernetes.resource-layout] description: Namespace, Deployment, Service, PVC, ConfigMap, and Secret inventory. - name: State persistence coverageIds: [kubernetes.state-persistence] description: PVC-backed state expectations and cleanup implications. - name: Redeploy coverageIds: [kubernetes.redeploy] description: Re-apply manifests and restart pod workflow. - name: Teardown coverageIds: [kubernetes.teardown] description: Namespace deletion and PVC cleanup path. - name: Security context coverageIds: [kubernetes.security-context] description: Pod security, namespace scope, and runtime isolation notes. docs: - docs/install/kubernetes.md - docs/gateway/index.md search_anchors: - What gets deployed - Namespace, deployment, service, PVC, ConfigMap, and Secret layout - Re-deploy - Teardown - Architecture notes - Related category_note: cluster-lifecycle.md human_lts_override: false last_score_run: status: complete completed_at: '2026-06-01' by: codex source_ref: openclaw@29dd7847fd process_version: 3 - id: nix-install-path name: Nix install path family: platform-app level: experimental level_code: M1 rationale: Optional install flow. Needs clearer support promise before alpha/beta promotion. completeness_instructions: references/completeness/nix-install-path.md categories: - name: Install Handoff id: install-handoff features: - name: Nix install overview coverageIds: [nix.install-overview] description: Covers Nix install overview across public Nix install page, install index discoverability, docs navigation, and the handoff to the first-party `nix-openclaw` Home Manager module. It excludes the actual external `openclaw/nix-openclaw` repository implementation, and related public nix docs and nix-openclaw handoff behavior. - name: nix-openclaw source-of-truth coverageIds: [nix.openclaw-source-of-truth] description: Covers nix-openclaw source-of-truth across public Nix install page, install index discoverability, docs navigation, and the handoff to the first-party `nix-openclaw` Home Manager module. It excludes the actual external `openclaw/nix-openclaw` repository implementation, and related public nix docs and nix-openclaw handoff behavior. - name: Install discoverability coverageIds: [nix.install-discoverability] description: Covers Install discoverability across public Nix install page, install index discoverability, docs navigation, and the handoff to the first-party `nix-openclaw` Home Manager module. It excludes the actual external `openclaw/nix-openclaw` repository implementation, and related public nix docs and nix-openclaw handoff behavior. - name: Verification handoff coverageIds: [nix.verification-handoff] description: Covers Verification handoff across public Nix install page, install index discoverability, docs navigation, and the handoff to the first-party `nix-openclaw` Home Manager module. It excludes the actual external `openclaw/nix-openclaw` repository implementation, and related public nix docs and nix-openclaw handoff behavior. docs: - docs/install/nix.md - docs/install/index.md - docs/start/docs-directory.md search_anchors: - Nix install overview - nix-openclaw source-of-truth - Install discoverability - Verification handoff category_note: public-nix-docs-handoff.md human_lts_override: false - name: Plugin Lifecycle id: plugin-lifecycle features: - name: Lifecycle command refusal coverageIds: [nix.lifecycle-command-refusal] description: Covers Lifecycle command refusal across plugin install/update/uninstall/enable/disable behavior in Nix mode, `/nix/store` hardlink handling, manifest registry safety, and user-facing guidance for declarative plugin selection. - name: Declarative plugin selection coverageIds: [nix.declarative-plugin-selection] description: Covers Declarative plugin selection across plugin install/update/uninstall/enable/disable behavior in Nix mode, `/nix/store` hardlink handling, manifest registry safety, and user-facing guidance for declarative plugin selection. - name: Nix-store plugin loading coverageIds: [nix.store-plugin-loading] description: Covers Nix-store plugin loading across plugin install/update/uninstall/enable/disable behavior in Nix mode, `/nix/store` hardlink handling, manifest registry safety, and user-facing guidance for declarative plugin selection. - name: Hardlink safety coverageIds: [nix.hardlink-safety] description: Covers Hardlink safety across plugin install/update/uninstall/enable/disable behavior in Nix mode, `/nix/store` hardlink handling, manifest registry safety, and user-facing guidance for declarative plugin selection. docs: - docs/plugins/manage-plugins.md - docs/tools/plugin.md - docs/install/nix.md search_anchors: - Lifecycle command refusal - Declarative plugin selection - Nix-store plugin loading - Hardlink safety category_note: plugin-lifecycle-nix-store-loading.md human_lts_override: false - name: Activation and App UX id: activation-and-app-ux features: - name: Environment activation coverageIds: [nix.environment-activation] description: Covers Environment activation across Nix mode activation, environment-variable detection, macOS default detection, and the operator docs that explain how Nix mode is enabled. - name: macOS defaults activation coverageIds: [nix.macos-defaults-activation] description: Covers macOS defaults activation across Nix mode activation, environment-variable detection, macOS default detection, and the operator docs that explain how Nix mode is enabled. - name: Runtime Nix-mode detection coverageIds: [nix.runtime-nix-mode-detection] description: Covers Runtime Nix-mode detection across Nix mode activation, environment-variable detection, macOS default detection, and the operator docs that explain how Nix mode is enabled. - name: Stable Nix defaults coverageIds: [nix.stable-nix-defaults] description: Covers Stable Nix defaults across macOS app's `openclaw.nixMode` default handling, config read-only UX, settings banner, onboarding behavior, and local config write prevention. - name: Managed-by-Nix banner coverageIds: [nix.managed-by-nix-banner] description: Covers Managed-by-Nix banner across macOS app's `openclaw.nixMode` default handling, config read-only UX, settings banner, onboarding behavior, and local config write prevention. - name: Read-only config controls coverageIds: [nix.read-only-config-controls] description: Covers Read-only config controls across macOS app's `openclaw.nixMode` default handling, config read-only UX, settings banner, onboarding behavior, and local config write prevention. - name: Onboarding skip coverageIds: [nix.onboarding-skip] description: Covers Onboarding skip across macOS app's `openclaw.nixMode` default handling, config read-only UX, settings banner, onboarding behavior, and local config write prevention. docs: - docs/install/nix.md search_anchors: - Environment activation - macOS defaults activation - Runtime Nix-mode detection - Stable Nix defaults - Managed-by-Nix banner - Read-only config controls - Onboarding skip category_note: nix-mode-activation-runtime-detection.md human_lts_override: false - name: Config and State id: config-and-state features: - name: Immutable config guard coverageIds: [nix.immutable-config-guard] description: Covers Immutable config guard across `OPENCLAW_NIX_MODE_CONFIG_IMMUTABLE` guard, source-edit guidance, config writer integration, and the agent-first Nix source instruction. - name: Config writer refusal coverageIds: [nix.config-writer-refusal] description: Covers Config writer refusal across `OPENCLAW_NIX_MODE_CONFIG_IMMUTABLE` guard, source-edit guidance, config writer integration, and the agent-first Nix source instruction. - name: Agent-first Nix edits coverageIds: [nix.agent-first-nix-edits] description: Covers Agent-first Nix edits across `OPENCLAW_NIX_MODE_CONFIG_IMMUTABLE` guard, source-edit guidance, config writer integration, and the agent-first Nix source instruction. - name: Explicit config path coverageIds: [nix.explicit-config-path] description: Covers Explicit config path across config/state path environment variables, immutable store expectations, path resolution, state integrity checks around `/nix/store`, and runtime guidance that state should stay writable. - name: Writable state directory coverageIds: [nix.writable-state-directory] description: Covers Writable state directory across config/state path environment variables, immutable store expectations, path resolution, state integrity checks around `/nix/store`, and runtime guidance that state should stay writable. - name: Immutable-store config support coverageIds: [nix.immutable-store-config-support] description: Covers Immutable-store config support across config/state path environment variables, immutable store expectations, path resolution, state integrity checks around `/nix/store`, and runtime guidance that state should stay writable. - name: State integrity checks coverageIds: [nix.state-integrity-checks] description: Covers State integrity checks across config/state path environment variables, immutable store expectations, path resolution, state integrity checks around `/nix/store`, and runtime guidance that state should stay writable. docs: - docs/install/nix.md - docs/cli/setup.md - docs/help/environment.md search_anchors: - Immutable config guard - Config writer refusal - Agent-first Nix edits - Explicit config path - Writable state directory - Immutable-store config support - State integrity checks category_note: state-config-path-immutable-store.md human_lts_override: false - name: Service Runtime and Guards id: service-runtime-and-guards features: - name: Nix profile PATH discovery coverageIds: [nix.profile-path-discovery] description: Covers Nix profile PATH discovery across `NIX_PROFILES` handling, `~/.nix-profile/bin` fallback, launchd/systemd service PATH generation, and adjacent safe binary resolution rules. - name: Profile precedence coverageIds: [nix.profile-precedence] description: Covers Profile precedence across `NIX_PROFILES` handling, `~/.nix-profile/bin` fallback, launchd/systemd service PATH generation, and adjacent safe binary resolution rules. - name: Service PATH fallback coverageIds: [nix.service-path-fallback] description: Covers Service PATH fallback across `NIX_PROFILES` handling, `~/.nix-profile/bin` fallback, launchd/systemd service PATH generation, and adjacent safe binary resolution rules. - name: Trusted binary boundaries coverageIds: [nix.trusted-binary-boundaries] description: Covers Trusted binary boundaries across `NIX_PROFILES` handling, `~/.nix-profile/bin` fallback, launchd/systemd service PATH generation, and adjacent safe binary resolution rules. - name: Setup write refusal coverageIds: [nix.setup-write-refusal] description: Covers Setup write refusal across `openclaw setup`, `openclaw doctor` repair/token modes, `openclaw update`/startup auto-update behavior, and daemon service install/uninstall behavior under Nix mode. - name: Doctor repair refusal coverageIds: [nix.doctor-repair-refusal] description: Covers Doctor repair refusal across `openclaw setup`, `openclaw doctor` repair/token modes, `openclaw update`/startup auto-update behavior, and daemon service install/uninstall behavior under Nix mode. - name: Update handoff coverageIds: [nix.update-handoff] description: Covers Update handoff across `openclaw setup`, `openclaw doctor` repair/token modes, `openclaw update`/startup auto-update behavior, and daemon service install/uninstall behavior under Nix mode. - name: Service lifecycle handoff coverageIds: [nix.service-lifecycle-handoff] description: Covers Service lifecycle handoff across `openclaw setup`, `openclaw doctor` repair/token modes, `openclaw update`/startup auto-update behavior, and daemon service install/uninstall behavior under Nix mode. docs: - docs/install/nix.md - docs/cli/setup.md - docs/cli/doctor.md - docs/cli/update.md search_anchors: - Nix profile PATH discovery - Profile precedence - Service PATH fallback - Trusted binary boundaries - Setup write refusal - Doctor repair refusal - Update handoff - Service lifecycle handoff category_note: gateway-service-path-nix-profile-discovery.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: discord name: Discord family: channel level: stable level_code: M4 rationale: Deep docs and broad feature coverage. Voice/delegation paths should stay separately scored as beta/alpha. completeness_instructions: references/completeness/discord.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: Application and bot setup coverageIds: [discord.application-and-bot-setup] description: Covers Application and bot setup across Discord application/bot creation guidance, bot token and `applicationId` configuration, env and SecretRef token resolution, setup wizard/account inspection, and related bot setup and account configuration behavior. - name: Token and application ID configuration coverageIds: [discord.token-and-application-id-configuration] description: Covers Token and application ID configuration across Discord application/bot creation guidance, bot token and `applicationId` configuration, env and SecretRef token resolution, setup wizard/account inspection, and related bot setup and account configuration behavior. - name: Setup wizard and account inspection coverageIds: [discord.setup-wizard-and-account-inspection] description: Covers Setup wizard and account inspection across Discord application/bot creation guidance, bot token and `applicationId` configuration, env and SecretRef token resolution, setup wizard/account inspection, and related bot setup and account configuration behavior. - name: Status, doctor, and intent checks coverageIds: [discord.status-doctor-and-intent-checks] description: Covers Status, doctor, and intent checks across Discord application/bot creation guidance, bot token and `applicationId` configuration, env and SecretRef token resolution, setup wizard/account inspection, and related bot setup and account configuration behavior. - name: Multi-account bot configuration coverageIds: [discord.multi-account-bot-configuration] description: Covers Multi-account bot configuration across Discord application/bot creation guidance, bot token and `applicationId` configuration, env and SecretRef token resolution, setup wizard/account inspection, and related bot setup and account configuration behavior. - name: Account monitor startup coverageIds: [discord.account-monitor-startup] description: Covers Account monitor startup across Discord gateway monitor startup path, runtime provider lifecycle, WebSocket gateway client, reconnect/heartbeat handling, and related gateway monitor and runtime lifecycle behavior. - name: Gateway WebSocket lifecycle coverageIds: [discord.gateway-websocket-lifecycle] description: Covers Gateway WebSocket lifecycle across Discord gateway monitor startup path, runtime provider lifecycle, WebSocket gateway client, reconnect/heartbeat handling, and related gateway monitor and runtime lifecycle behavior. - name: Reconnect and heartbeat handling coverageIds: [discord.reconnect-and-heartbeat-handling] description: Covers Reconnect and heartbeat handling across Discord gateway monitor startup path, runtime provider lifecycle, WebSocket gateway client, reconnect/heartbeat handling, and related gateway monitor and runtime lifecycle behavior. - name: Rate limits and gateway metadata coverageIds: [discord.rate-limits-and-gateway-metadata] description: Covers Rate limits and gateway metadata across Discord gateway monitor startup path, runtime provider lifecycle, WebSocket gateway client, reconnect/heartbeat handling, and related gateway monitor and runtime lifecycle behavior. - name: Status, probe, and health-monitor recovery coverageIds: [discord.status-probe-and-health-monitor-recovery] description: Covers Status, probe, and health-monitor recovery across Discord gateway monitor startup path, runtime provider lifecycle, WebSocket gateway client, reconnect/heartbeat handling, and related gateway monitor and runtime lifecycle behavior. docs: - docs/channels/discord.md - docs/plugins/reference/discord.md - docs/install/fly.md - docs/tools/slash-commands.md - docs/gateway/health.md - docs/cli/channels.md - docs/gateway/config-channels.md search_anchors: - Application and bot setup - Token and application ID configuration - Setup wizard and account inspection - Status, doctor, and intent checks - Multi-account bot configuration - Account monitor startup - Gateway WebSocket lifecycle - Reconnect and heartbeat handling - Rate limits and gateway metadata - Status, probe, and health-monitor recovery category_note: bot-setup-and-account-configuration.md human_lts_override: true - name: Access and Identity id: access-and-identity features: - name: DM policy modes coverageIds: [discord.dm-policy-modes] description: 'Covers DM policy modes across Discord direct-message `dmPolicy` modes: `pairing`, `allowlist`, `open`, and `disabled`. Canonical and legacy `allowFrom` resolution across top-level Discord config, and related dm pairing and sender authorization behavior.' - name: Allowlist inheritance coverageIds: [discord.allowlist-inheritance] description: 'Covers Allowlist inheritance across Discord direct-message `dmPolicy` modes: `pairing`, `allowlist`, `open`, and `disabled`. Canonical and legacy `allowFrom` resolution across top-level Discord config, and related dm pairing and sender authorization behavior.' - name: Pairing-code approval coverageIds: [security.pairing-code-approval] description: 'Covers Pairing-code approval across Discord direct-message `dmPolicy` modes: `pairing`, `allowlist`, `open`, and `disabled`. Canonical and legacy `allowFrom` resolution across top-level Discord config, and related dm pairing and sender authorization behavior.' - name: Sender authorization coverageIds: [security.sender-authorization] description: 'Covers Sender authorization across Discord direct-message `dmPolicy` modes: `pairing`, `allowlist`, `open`, and `disabled`. Canonical and legacy `allowFrom` resolution across top-level Discord config, and related dm pairing and sender authorization behavior.' - name: Access-group authorization coverageIds: [discord.access-group-authorization] description: 'Covers Access-group authorization across Discord direct-message `dmPolicy` modes: `pairing`, `allowlist`, `open`, and `disabled`. Canonical and legacy `allowFrom` resolution across top-level Discord config, and related dm pairing and sender authorization behavior.' - name: Group DM authorization coverageIds: [discord.group-dm-authorization] description: 'Covers Group DM authorization across Discord direct-message `dmPolicy` modes: `pairing`, `allowlist`, `open`, and `disabled`. Canonical and legacy `allowFrom` resolution across top-level Discord config, and related dm pairing and sender authorization behavior.' docs: - docs/channels/discord.md - docs/channels/pairing.md - docs/channels/access-groups.md - docs/channels/groups.md search_anchors: - DM policy modes - Allowlist inheritance - Pairing-code approval - Sender authorization - Access-group authorization - Group DM authorization category_note: dm-pairing-and-sender-authorization.md human_lts_override: true - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Guild and channel admission coverageIds: [discord.guild-and-channel-admission] description: Covers Guild and channel admission across Guild allowlist and `groupPolicy` admission for Discord guild channels and threads. `requireMention`, bot-loop prevention, command/mention bypasses, and unmentioned room-event history. Channel, and related guild channel routing and session isolation behavior. - name: Mention gating coverageIds: [channels.mention-gating] description: Covers Mention gating across Guild allowlist and `groupPolicy` admission for Discord guild channels and threads. `requireMention`, bot-loop prevention, command/mention bypasses, and unmentioned room-event history. Channel, and related guild channel routing and session isolation behavior. - name: Session key isolation coverageIds: [discord.session-key-isolation] description: Covers Session key isolation across Guild allowlist and `groupPolicy` admission for Discord guild channels and threads. `requireMention`, bot-loop prevention, command/mention bypasses, and unmentioned room-event history. Channel, and related guild channel routing and session isolation behavior. - name: Configured and runtime routing coverageIds: [discord.configured-and-runtime-routing] description: Covers Configured and runtime bindings across Guild allowlist and `groupPolicy` admission for Discord guild channels and threads. `requireMention`, bot-loop prevention, command/mention bypasses, and unmentioned room-event history. Channel, and related guild channel routing and session isolation behavior. - name: Inbound context visibility coverageIds: [discord.inbound-context-visibility] description: Covers Inbound context visibility across Guild allowlist and `groupPolicy` admission for Discord guild channels and threads. `requireMention`, bot-loop prevention, command/mention bypasses, and unmentioned room-event history. Channel, and related guild channel routing and session isolation behavior. - name: Forum and media-channel thread posts coverageIds: [discord.forum-and-media-channel-thread-posts] description: 'Covers Forum and media-channel thread posts across Discord forum/media channel posts created as threads from parent channel targets. CLI and message-tool thread actions: `thread-create`, `thread-list`, and `thread-reply`. Discord target parsing for `channel:`, user targets, and related threads, forums, and delegated-agent bindings behavior.' - name: Thread actions coverageIds: [discord.thread-actions] description: 'Covers Thread actions across Discord forum/media channel posts created as threads from parent channel targets. CLI and message-tool thread actions: `thread-create`, `thread-list`, and `thread-reply`. Discord target parsing for `channel:`, user targets, and related threads, forums, and delegated-agent bindings behavior.' - name: Target parsing coverageIds: [discord.target-parsing] description: 'Covers Target parsing across Discord forum/media channel posts created as threads from parent channel targets. CLI and message-tool thread actions: `thread-create`, `thread-list`, and `thread-reply`. Discord target parsing for `channel:`, user targets, and related threads, forums, and delegated-agent bindings behavior.' - name: Thread context resolution coverageIds: [discord.thread-context-resolution] description: 'Covers Thread context resolution across Discord forum/media channel posts created as threads from parent channel targets. CLI and message-tool thread actions: `thread-create`, `thread-list`, and `thread-reply`. Discord target parsing for `channel:`, user targets, and related threads, forums, and delegated-agent bindings behavior.' - name: Thread-bound session routing coverageIds: [discord.thread-bound-session-routing] description: 'Covers Thread-bound session routing across Discord forum/media channel posts created as threads from parent channel targets. CLI and message-tool thread actions: `thread-create`, `thread-list`, and `thread-reply`. Discord target parsing for `channel:`, user targets, and related threads, forums, and delegated-agent bindings behavior.' - name: ACP agent routing coverageIds: [discord.acp-agent-routing] description: 'Covers ACP bindings across Discord forum/media channel posts created as threads from parent channel targets. CLI and message-tool thread actions: `thread-create`, `thread-list`, and `thread-reply`. Discord target parsing for `channel:`, user targets, and related threads, forums, and delegated-agent bindings behavior.' - name: Routing lifecycle coverageIds: [discord.routing-lifecycle] description: 'Covers Binding lifecycle across Discord forum/media channel posts created as threads from parent channel targets. CLI and message-tool thread actions: `thread-create`, `thread-list`, and `thread-reply`. Discord target parsing for `channel:`, user targets, and related threads, forums, and delegated-agent bindings behavior.' docs: - docs/channels/discord.md - docs/channels/channel-routing.md - docs/channels/groups.md - docs/channels/access-groups.md - docs/tools/acp-agents.md - docs/tools/subagents.md search_anchors: - Guild and channel admission - Mention gating - Session key isolation - Configured and runtime bindings - Inbound context visibility - Forum and media-channel thread posts - Thread actions - Target parsing - Thread context resolution - Thread-bound session routing - ACP bindings - Binding lifecycle category_note: guild-channel-routing-and-session-isolation.md human_lts_override: true - name: Media and Rich Content id: media-and-rich-content features: - name: Media and Rich Content coverageIds: [channels.media-rich-content] description: Evidence scope for Media and Rich Content. docs: - docs/channels/discord.md search_anchors: - discord media and rich content - media and rich content category_note: media-attachments-and-voice-message-handling.md human_lts_override: true - name: Native Controls and Approvals id: native-controls-and-approvals features: - name: Native slash command registration coverageIds: [discord.native-slash-command-registration] description: Native slash command registration and reconciliation for Discord application commands - name: Native slash command execution coverageIds: [discord.native-slash-command-execution] description: Native slash command execution, autocomplete, authz, and interaction dispatch - name: Model Picker Commands coverageIds: [discord.model-picker-commands] description: Covers Model Picker Commands across Native slash command registration and reconciliation for Discord application commands. Native slash command execution, autocomplete, authz, and interaction dispatch. `/model` and `/models` picker flows, and related native slash commands, components, and interactive callbacks behavior. - name: Components v2 messages coverageIds: [discord.components-v2-messages] description: Components v2 messages, buttons, string/user/role/mentionable/channel selects, modal triggers, and modal submits - name: Callback TTL coverageIds: [discord.callback-ttl] description: Callback TTL, reusable versus single-use callbacks, persistent callback registry entries, allowedUsers, guild/DM/group authz, and plugin interactive callback dispatch docs: - docs/channels/discord.md - docs/tools/slash-commands.md search_anchors: - discord native slash commands, components, and interactive callbacks - native slash commands, components, and interactive callbacks category_note: native-slash-commands-components-and-interactive-callbacks.md human_lts_override: false - name: Realtime Voice and Calls id: realtime-voice-and-calls features: - name: Voice Channel Lifecycle coverageIds: [discord.voice-channel-lifecycle] description: Covers Voice Channel Lifecycle across Includes Discord voice channel sessions controlled by `/vc join`, `/vc status`, and `/vc leave`; config-driven `autoJoin`; `followUsers`; voice/stage channel allowlists; connect/reconnect and DAVE handling; `stt-tts`, `agent-proxy`, and related realtime voice channels behavior. - name: Auto-join and follow-users coverageIds: [discord.auto-join-and-follow-users] description: Covers Auto-join and follow-users across Includes Discord voice channel sessions controlled by `/vc join`, `/vc status`, and `/vc leave`; config-driven `autoJoin`; `followUsers`; voice/stage channel allowlists; connect/reconnect and DAVE handling; `stt-tts`, `agent-proxy`, and related realtime voice channels behavior. - name: Realtime voice modes coverageIds: [discord.realtime-voice-modes] description: Covers Realtime voice modes across Includes Discord voice channel sessions controlled by `/vc join`, `/vc status`, and `/vc leave`; config-driven `autoJoin`; `followUsers`; voice/stage channel allowlists; connect/reconnect and DAVE handling; `stt-tts`, `agent-proxy`, and related realtime voice channels behavior. - name: Wake, barge-in, and echo handling coverageIds: [discord.wake-barge-in-and-echo-handling] description: Covers Wake, barge-in, and echo handling across Includes Discord voice channel sessions controlled by `/vc join`, `/vc status`, and `/vc leave`; config-driven `autoJoin`; `followUsers`; voice/stage channel allowlists; connect/reconnect and DAVE handling; `stt-tts`, `agent-proxy`, and related realtime voice channels behavior. - name: Voice codec and DAVE recovery coverageIds: [discord.voice-codec-and-dave-recovery] description: Covers Voice codec and DAVE recovery across Includes Discord voice channel sessions controlled by `/vc join`, `/vc status`, and `/vc leave`; config-driven `autoJoin`; `followUsers`; voice/stage channel allowlists; connect/reconnect and DAVE handling; `stt-tts`, `agent-proxy`, and related realtime voice channels behavior. docs: - docs/channels/discord.md - docs/providers/openai.md - docs/providers/elevenlabs.md - docs/concepts/qa-e2e-automation.md - docs/gateway/config-channels.md search_anchors: - /vc lifecycle - Auto-join and follow-users - Realtime voice modes - Wake, barge-in, and echo handling - Voice codec and DAVE recovery category_note: realtime-discord-voice-channels.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: telegram name: Telegram family: channel level: beta level_code: M3 rationale: Core channel is mature enough for regular use, but high-variance UX and media edge cases need recurring scenario proof. completeness_instructions: references/completeness/telegram.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: BotFather token creation coverageIds: [telegram.botfather-token-creation] description: BotFather token creation and first gateway start - name: TELEGRAM_BOT_TOKEN coverageIds: [telegram.bot-token] description: TELEGRAM_BOT_TOKEN, botToken, tokenFile, and account-scoped token - name: Setup wizard credential capture coverageIds: [telegram.setup-wizard-credential-capture] description: Setup wizard credential capture, allowlist prompts, and DM policy defaults - name: Startup getMe coverageIds: [telegram.startup-getme] description: Startup getMe, bot-info cache, account throttling, and multi-account default - name: Doctor/status surfacing coverageIds: [telegram.doctor-status-surfacing] description: Doctor/status surfacing for invalid tokens, missing defaults, and read-only - name: Named account configuration coverageIds: [telegram.named-account-configuration] description: Named account configuration, default account selection, account-local group - name: CLI/message-tool targets coverageIds: [telegram.cli-message-tool-targets] description: numeric chat IDs, usernames, forum-topic - name: Directory adapters coverageIds: [telegram.directory-adapters] description: Directory adapters and configured peers/groups for user-facing target lists - name: Channel status coverageIds: [telegram.channel-status] description: Channel status, channels status --probe, token source summaries, liveness - name: Account-scoped outbound coverageIds: [telegram.account-scoped-outbound] description: Account-scoped outbound, poll, media, and approval target resolution docs: - docs/channels/telegram.md - docs/gateway/config-channels.md - docs/cli/channels.md search_anchors: - telegram bot setup and account configuration - bot setup and account configuration - telegram multi account cli targets and status - multi account cli targets and status category_note: bot-setup-and-account-configuration.md human_lts_override: true - name: Access and Identity id: access-and-identity features: - name: dmPolicy modes coverageIds: [telegram.dmpolicy-modes] description: pairing, allowlist, open, and disabled - name: Pairing-code approval coverageIds: [security.pairing-code-approval] description: Pairing-code approval, first-owner bootstrap, and commands.ownerAllowFrom - name: Numeric Telegram user ID normalization with telegram coverageIds: [telegram.numeric-telegram-user-id-normalization-with-telegram] description: 'and tg: prefixes' - name: allowFrom coverageIds: [telegram.allowfrom] description: allowFrom, groupAllowFrom, access groups, and DM-versus-group boundaries - name: Unauthorized DM coverageIds: [telegram.unauthorized-dm] description: Unauthorized DM, group, command, callback, and reaction handling - name: Group allowlists coverageIds: [security.group-allowlists] description: Group allowlists, groupPolicy, groupAllowFrom, and mention gating - name: Supergroup negative chat IDs coverageIds: [telegram.supergroup-negative-chat-ids] description: Supergroup negative chat IDs and group/topic config inheritance - name: Forum topic session keys coverageIds: [telegram.forum-topic-session-keys] description: Forum topic session keys, message_thread_id, General topic behavior, and topic routing. - name: ACP topic routing coverageIds: [telegram.acp-topic-routing] description: ACP topic binding and /acp spawn --thread - name: Session key construction coverageIds: [memory.session-key-construction] description: Session key construction, conversation route matching, and reply target docs: - docs/channels/telegram.md - docs/channels/pairing.md - docs/channels/access-groups.md - docs/channels/groups.md - docs/concepts/multi-agent.md search_anchors: - telegram dm pairing and sender authorization - dm pairing and sender authorization - telegram group forum topic and session routing - group forum topic and session routing category_note: dm-pairing-and-sender-authorization.md human_lts_override: true - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Conversation Routing and Delivery coverageIds: [channels.conversation-routing-delivery] description: Evidence scope for Conversation Routing and Delivery. docs: - docs/channels/telegram.md - docs/channels/groups.md - docs/concepts/multi-agent.md search_anchors: - telegram conversation routing and delivery - conversation routing and delivery category_note: group-forum-topic-and-session-routing.md human_lts_override: true - name: Media and Rich Content id: media-and-rich-content features: - name: Media and Rich Content coverageIds: [channels.media-rich-content] description: Evidence scope for Media and Rich Content. docs: - docs/channels/telegram.md - docs/channels/location.md search_anchors: - telegram media and rich content - media and rich content category_note: media-location-polls-and-rich-inputs.md human_lts_override: true - name: Native Controls and Approvals id: native-controls-and-approvals features: - name: Inline keyboard rendering coverageIds: [telegram.inline-keyboard-rendering] description: Inline keyboard rendering, callback query handling, Mini App URL buttons, and approval callbacks. - name: Exec approvals in DMs coverageIds: [telegram.exec-approvals-in-dms] description: Exec approvals in DMs, channels, topics, or both; approver resolution; plugin - name: Message actions coverageIds: [channels.message-actions] description: send, poll, react, delete, edit, sticker, and sticker search actions. - name: Action capability discovery coverageIds: [telegram.action-capability-discovery] description: Action capability discovery, gating config, account-scoped action gates, and requester trust checks. - name: Native setMyCommands startup sync coverageIds: [telegram.native-setmycommands-startup-sync] description: Native setMyCommands startup sync, custom commands, native aliases, plugin - name: Command name/description normalization coverageIds: [telegram.command-name-description-normalization] description: Command name/description normalization, menu budget trimming, duplicate - name: Built-in commands coverageIds: [telegram.built-in-commands] description: Built-in commands such as /help, /commands, /whoami, /status, and related command UI. - name: Command authorization in DMs coverageIds: [telegram.command-authorization-in-dms] description: Command authorization in DMs, groups, and commands addressed to other bots - name: Model buttons coverageIds: [telegram.model-buttons] description: Model buttons and command UI helpers docs: - docs/channels/telegram.md - docs/tools/exec-approvals.md - docs/tools/reactions.md search_anchors: - telegram inline buttons approvals and actions - inline buttons approvals and actions - telegram native commands and command ui - native commands and command ui category_note: inline-buttons-approvals-and-actions.md human_lts_override: true last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: whatsapp name: WhatsApp family: channel level: beta level_code: M3 rationale: Core path is important and documented; upstream Baileys/session volatility keeps it below Stable. completeness_instructions: references/completeness/whatsapp.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: Official @openclaw/whatsapp plugin metadata coverageIds: [whatsapp.official-openclaw-whatsapp-plugin-metadata] description: Official @openclaw/whatsapp plugin metadata, package entrypoints, and setup discovery. - name: openclaw plugin install whatsapp coverageIds: [whatsapp.openclaw-plugin-install-whatsapp] description: openclaw plugin install whatsapp and config-first setup guidance - name: Channel config schema coverageIds: [whatsapp.channel-config-schema] description: Channel config schema, plugin hooks, setup finalization, default account, and secret handling. - name: Baileys socket lifecycle coverageIds: [whatsapp.baileys-socket-lifecycle] description: Baileys socket lifecycle, connection controller state, reconnect decisions, and repair status. - name: Operator troubleshooting coverageIds: [whatsapp.operator-troubleshooting] description: Operator troubleshooting for reconnect loops, stale sockets, Bun/Node runtime docs: - docs/channels/whatsapp.md - docs/gateway/config-channels.md - docs/plugins/reference/whatsapp.md - docs/concepts/qa-e2e-automation.md - docs/gateway/doctor.md search_anchors: - whatsapp operator install and configuration - operator install and configuration - whatsapp runtime health reconnect and doctor - runtime health reconnect and doctor category_note: operator-install-and-configuration.md human_lts_override: false - name: Access and Identity id: access-and-identity features: - name: QR login coverageIds: [whatsapp.qr-login] description: QR login and agent login QR flows - name: Baileys multi-file auth persistence coverageIds: [whatsapp.baileys-multi-file-auth-persistence] description: Baileys multi-file auth persistence, queued credential writes, backup restore, and login recovery. - name: DM pairing challenge coverageIds: [whatsapp.dm-pairing-challenge] description: DM pairing challenge and allow-store persistence where it intersects WhatsApp - name: Multi-account/default-account resolution coverageIds: [whatsapp.multi-account-default-account-resolution] description: Multi-account/default-account resolution and Baileys 515/401 recovery - name: Direct-message dmPolicy coverageIds: [whatsapp.direct-message-dmpolicy] description: Direct-message dmPolicy, allowFrom, pairing challenge, pairing-store - name: Sender identity extraction coverageIds: [whatsapp.sender-identity-extraction] description: Sender identity extraction, read receipts, self-chat safeguards, and contact matching. - name: Privacy controls for plugin hooks coverageIds: [whatsapp.privacy-controls-for-plugin-hooks] description: Privacy controls for plugin hooks and untrusted context docs: - docs/channels/whatsapp.md - docs/gateway/config-channels.md - docs/concepts/qa-e2e-automation.md - docs/channels/pairing.md search_anchors: - whatsapp pairing login and session auth - pairing login and session auth - whatsapp inbound dm access and privacy - inbound dm access and privacy category_note: pairing-login-and-session-auth.md human_lts_override: false - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Group allowlists coverageIds: [security.group-allowlists] description: Group allowlists, groupPolicy, exact group JIDs, requireMention, owner - name: Group session keys coverageIds: [whatsapp.group-session-keys] description: Group session keys, broadcast fanout, outbound mentions, and group prompt - name: Outbound text sends coverageIds: [whatsapp.outbound-text-sends] description: Outbound text sends, message-tool delivery, explicit DM/group/newsletter - name: Provider-accepted receipts coverageIds: [whatsapp.provider-accepted-receipts] description: Provider-accepted receipts and durable delivery identifiers docs: - docs/channels/whatsapp.md - docs/channels/group-messages.md search_anchors: - whatsapp group routing and activation - group routing and activation - whatsapp outbound delivery and targeting - outbound delivery and targeting category_note: group-routing-and-activation.md human_lts_override: false - name: Media and Rich Content id: media-and-rich-content features: - name: Inbound media download coverageIds: [whatsapp.inbound-media-download] description: Inbound media download and placeholder construction, quoted media extraction, and file handoff. - name: Outbound image coverageIds: [whatsapp.outbound-image] description: Outbound image, audio, video, document, and voice-note payload construction. docs: - docs/channels/whatsapp.md search_anchors: - whatsapp media attachments and voice - media attachments and voice category_note: media-attachments-and-voice.md human_lts_override: false - name: Native Controls and Approvals id: native-controls-and-approvals features: - name: Native exec coverageIds: [whatsapp.native-exec] description: Native exec and plugin approval delivery through WhatsApp - name: Approver target resolution coverageIds: [whatsapp.approver-target-resolution] description: Approver target resolution, DM/group target eligibility, route suppression, and approval delivery. docs: - docs/channels/whatsapp.md search_anchors: - whatsapp native approvals and reactions - native approvals and reactions category_note: native-approvals-and-reactions.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: slack name: Slack family: channel level: beta level_code: M3 rationale: First-class channel docs and routing surface. Needs workspace install/admin scenario scorecards. completeness_instructions: references/completeness/slack.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: App Install coverageIds: [slack.app-install] description: Covers App Install across installing `@openclaw/slack`, creating the Slack app, choosing recommended/minimal manifests, bot/app/user/signing-secret credential handling, and related app install, auth, manifest, and scopes behavior. - name: Slack app credentials coverageIds: [slack.app-credentials] description: Covers bot/app/user tokens, signing-secret handling, and Slack credential setup for app authentication. - name: Manifest coverageIds: [slack.manifest] description: Covers Manifest across installing `@openclaw/slack`, creating the Slack app, choosing recommended/minimal manifests, bot/app/user/signing-secret credential handling, and related app install, auth, manifest, and scopes behavior. - name: Scopes coverageIds: [slack.scopes] description: Covers Scopes across installing `@openclaw/slack`, creating the Slack app, choosing recommended/minimal manifests, bot/app/user/signing-secret credential handling, and related app install, auth, manifest, and scopes behavior. - name: Channel status diagnostics coverageIds: [slack.channel-status-diagnostics] description: Covers `openclaw channels status --probe`, account snapshots, token source/status fields, capability and scope diagnostics, and Slack repair guidance. - name: Slack account status coverageIds: [slack.account-status] description: Covers account snapshots, token source/status fields, capability summaries, and Slack status output. - name: Operator Repair coverageIds: [codex.operator-repair] description: Covers Operator Repair across `openclaw channels status --probe`, account snapshots, token source/status fields, capability and scope diagnostics, and related diagnostics, status, and operator repair behavior. - name: Socket coverageIds: [slack.socket] description: Covers Socket across Socket Mode startup/reconnect/backoff, HTTP Request URL registration and signing-secret verification, transport mode selection, multi-account lifecycle, status/liveness, and runtime startup/skip behavior. - name: HTTP transport coverageIds: [slack.http-transport] description: Covers HTTP Request URL registration, signing-secret verification, transport mode selection, multi-account lifecycle, status/liveness, and Slack HTTP runtime startup/skip behavior. - name: Runtime Lifecycle coverageIds: [slack.runtime-lifecycle] description: Covers Runtime Lifecycle across Socket Mode startup/reconnect/backoff, HTTP Request URL registration and signing-secret verification, transport mode selection, multi-account lifecycle, status/liveness, and runtime startup/skip behavior. docs: - docs/channels/slack.md - docs/plugins/reference/slack.md - docs/gateway/secrets.md - docs/concepts/qa-e2e-automation.md - docs/channels/troubleshooting.md search_anchors: - App Install - bot token - signing secret - Manifest - Scopes - recommended manifest - minimal manifest - openclaw channels status --probe - capability and scope diagnostics - account snapshots - Operator Repair - slack diagnostics, status, and operator repair - diagnostics, status, and operator repair - Socket - HTTP Request URL - Runtime Lifecycle - slack socket/http transport and runtime lifecycle - socket/http transport and runtime lifecycle category_note: app-install-auth-manifest-and-scopes.md human_lts_override: true - name: Access and Identity id: access-and-identity features: - name: Access and Identity coverageIds: [channels.access-and-identity] description: Evidence scope for Access and Identity. docs: - docs/channels/slack.md - docs/channels/pairing.md search_anchors: - slack access and identity - access and identity category_note: dm-pairing-and-sender-authorization.md human_lts_override: true - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Channel allowlists coverageIds: [slack.channel-allowlists] description: Covers channel allowlists, `groupPolicy`, channel/user gates, mention gates, and subteam mention behavior. - name: Thread routing coverageIds: [slack.thread-routing] description: Covers Slack thread routing, thread-aware reply targeting, and session binding for channel threads. - name: Session Isolation coverageIds: [slack.session-isolation] description: Covers Session Isolation across channel allowlists, `groupPolicy`, channel/user gates, mention and subteam mention behavior, and related channel/thread routing and session isolation behavior. - name: DM Pairing coverageIds: [security.dm-pairing] description: Covers DM Pairing across Slack DM routing, `dmPolicy`, `allowFrom`, pairing approvals, group DMs/MPIMs, account-level allowlist inheritance, command authorization in DMs, and sender identity normalization. - name: Sender Authorization coverageIds: [security.sender-authorization] description: Covers Sender Authorization across Slack DM routing, `dmPolicy`, `allowFrom`, pairing approvals, group DMs/MPIMs, account-level allowlist inheritance, command authorization in DMs, and sender identity normalization. docs: - docs/channels/slack.md - docs/channels/bot-loop-protection.md - docs/channels/pairing.md search_anchors: - channel allowlists - Thread routing - Session Isolation - groupPolicy - subteam mention - DM Pairing - Sender Authorization - slack dm pairing and sender authorization - dm pairing and sender authorization category_note: channel-thread-routing-and-session-isolation.md human_lts_override: true - name: Media and Rich Content id: media-and-rich-content features: - name: Media and Rich Content coverageIds: [channels.media-rich-content] description: Evidence scope for Media and Rich Content. docs: - docs/channels/slack.md - docs/concepts/qa-e2e-automation.md search_anchors: - slack media and rich content - media and rich content category_note: media-attachments-files-and-vision.md human_lts_override: true - name: Native Controls and Approvals id: native-controls-and-approvals features: - name: Slash Commands coverageIds: [slack.slash-commands] description: Covers Slash Commands across configured slash command mode, native slash commands, command registration expectations, session keys, and related slash commands and native command routing behavior. - name: Native Command Routing coverageIds: [slack.native-command-routing] description: Covers Native Command Routing across configured slash command mode, native slash commands, command registration expectations, session keys, and related slash commands and native command routing behavior. - name: Interactive Replies coverageIds: [slack.interactive-replies] description: Covers Interactive Replies across App Home publish/open behavior, Slack assistant thread started/context-changed events, block actions, modal submissions, and related interactive replies, app home, and assistant events behavior. - name: App Home coverageIds: [slack.app-home] description: Covers App Home across App Home publish/open behavior, Slack assistant thread started/context-changed events, block actions, modal submissions, and related interactive replies, app home, and assistant events behavior. - name: Assistant Events coverageIds: [slack.assistant-events] description: Covers Assistant Events across App Home publish/open behavior, Slack assistant thread started/context-changed events, block actions, modal submissions, and related interactive replies, app home, and assistant events behavior. - name: Native Approvals coverageIds: [security.native-approvals] description: Covers Native Approvals across Slack native exec and plugin approvals, Block Kit approval prompts, approval auth, approval routing, and related native approvals, actions, and security-sensitive ops behavior. - name: Actions coverageIds: [slack.actions] description: Covers Actions across Slack native exec and plugin approvals, Block Kit approval prompts, approval auth, approval routing, and related native approvals, actions, and security-sensitive ops behavior. - name: Security-sensitive Ops coverageIds: [slack.security-sensitive-ops] description: Covers Security-sensitive Ops across Slack native exec and plugin approvals, Block Kit approval prompts, approval auth, approval routing, and related native approvals, actions, and security-sensitive ops behavior. docs: - docs/channels/slack.md - docs/tools/slash-commands.md - docs/tools/exec-approvals.md search_anchors: - Slash Commands - Native Command Routing - slack slash commands and native command routing - slash commands and native command routing - Interactive Replies - App Home - Assistant Events - slack interactive replies, app home, and assistant events - interactive replies, app home, and assistant events - Native Approvals - Actions - Security-sensitive Ops - slack native approvals, actions, and security-sensitive ops - native approvals, actions, and security-sensitive ops category_note: slash-commands-and-native-command-routing.md human_lts_override: true last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: imessage-bluebubbles name: iMessage and BlueBubbles family: channel level: beta level_code: M3 rationale: Supported iMessage runs through imsg on a signed-in macOS Messages host; legacy BlueBubbles configs require migration. Keep macOS permissions, SSH wrapper, SIP/private API, and migration caveats visible. completeness_instructions: references/completeness/imessage-bluebubbles.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: Translate legacy config coverageIds: [imessage.translate-legacy-config] description: Covers Translate legacy config across removal announcement, migration guide, config reference, old `channels.bluebubbles` key translation, group registry footgun, session caveats, attachment/action parity notes, and operator cutover checklist. - name: Cut over safely coverageIds: [imessage.cut-over-safely] description: Covers Cut over safely across removal announcement, migration guide, config reference, old `channels.bluebubbles` key translation, group registry footgun, session caveats, attachment/action parity notes, and operator cutover checklist. - name: Handle migration caveats coverageIds: [imessage.handle-migration-caveats] description: Covers Handle migration caveats across removal announcement, migration guide, config reference, old `channels.bluebubbles` key translation, group registry footgun, session caveats, attachment/action parity notes, and operator cutover checklist. - name: Run local imsg coverageIds: [imessage.run-local-imsg] description: Covers Run local imsg across local and remote `imsg rpc`, `cliPath`, `dbPath`, `remoteHost`, and related imsg transport, host requirements, and permissions behavior. - name: Run through SSH wrapper coverageIds: [imessage.run-through-ssh-wrapper] description: Covers Run through SSH wrapper across local and remote `imsg rpc`, `cliPath`, `dbPath`, `remoteHost`, and related imsg transport, host requirements, and permissions behavior. - name: Grant macOS permissions coverageIds: [imessage.grant-macos-permissions] description: Covers Grant macOS permissions across local and remote `imsg rpc`, `cliPath`, `dbPath`, `remoteHost`, and related imsg transport, host requirements, and permissions behavior. - name: Probe runtime health coverageIds: [imessage.probe-runtime-health] description: Covers Probe runtime health across local and remote `imsg rpc`, `cliPath`, `dbPath`, `remoteHost`, and related imsg transport, host requirements, and permissions behavior. - name: Account setup prompts coverageIds: [imessage.account-setup-prompts] description: Covers setup prompts, policy writes, account merging, default account selection, and account configuration behavior for iMessage/BlueBubbles. - name: Account status checks coverageIds: [imessage.account-status-checks] description: Covers account status output, setup state, account merging, and default account selection for iMessage/BlueBubbles. - name: Doctor repair checks coverageIds: [imessage.doctor-repair-checks] description: Covers doctor checks, setup repair prompts, and policy verification for iMessage/BlueBubbles account configuration. - name: Account Config coverageIds: [imessage.account-config] description: Covers Account Config across setup prompts, policy writes, account merging, default account selection, and related setup, status, doctor, and account config behavior. docs: - docs/announcements/bluebubbles-imessage.md - docs/channels/imessage-from-bluebubbles.md - docs/gateway/config-channels.md - docs/channels/imessage.md search_anchors: - Translate legacy config - Cut over safely - Handle migration caveats - Run local imsg - Run through SSH wrapper - Grant macOS permissions - Probe runtime health - setup prompts - policy writes - account status - doctor checks - Account Config - imessage / bluebubbles setup, status, doctor, and account config - setup, status, doctor, and account config category_note: setup-status-doctor-and-account-config.md human_lts_override: false - name: Access and Identity id: access-and-identity features: - name: Authorize direct senders coverageIds: [imessage.authorize-direct-senders] description: Covers Authorize direct senders across `dmPolicy`, `allowFrom`, pairing, sender identity normalization, and related dm pairing, access, and session routing behavior. - name: Route direct conversations coverageIds: [imessage.route-direct-conversations] description: Covers Route direct conversations across `dmPolicy`, `allowFrom`, pairing, sender identity normalization, and related dm pairing, access, and session routing behavior. - name: Bind ACP sessions coverageIds: [imessage.bind-acp-sessions] description: Covers Bind ACP sessions across `dmPolicy`, `allowFrom`, pairing, sender identity normalization, and related dm pairing, access, and session routing behavior. - name: Group Policy coverageIds: [imessage.group-policy] description: Covers Group Policy across `groupPolicy`, `groupAllowFrom`, `groups`, wildcard registry entries, `requireMention`, mention patterns, per-group tools, per-group system prompts, group sessions, and warnings for allowlist misconfiguration. - name: Mentions coverageIds: [imessage.mentions] description: Covers Mentions across `groupPolicy`, `groupAllowFrom`, `groups`, wildcard registry entries, `requireMention`, mention patterns, per-group tools, per-group system prompts, group sessions, and warnings for allowlist misconfiguration. - name: System Prompts coverageIds: [imessage.system-prompts] description: Covers System Prompts across `groupPolicy`, `groupAllowFrom`, `groups`, wildcard registry entries, `requireMention`, mention patterns, per-group tools, per-group system prompts, group sessions, and warnings for allowlist misconfiguration. docs: - docs/channels/imessage.md - docs/channels/imessage-from-bluebubbles.md - docs/gateway/config-channels.md search_anchors: - Authorize direct senders - Route direct conversations - Bind ACP sessions - Group Policy - Mentions - System Prompts - imessage / bluebubbles group policy, mentions, and system prompts - group policy, mentions, and system prompts category_note: dm-pairing-access-and-session-routing.md human_lts_override: false - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Watch live messages coverageIds: [imessage.watch-live-messages] description: Covers Watch live messages across inbound `watch.subscribe`, notification parsing, echo and self-chat guards, sent-message cache, same-sender DM coalescing, DM history, reaction event routing, catchup cursor/replay, and live cursor advancement. - name: Coalesce split-send DMs coverageIds: [imessage.coalesce-split-send-dms] description: Covers Coalesce split-send DMs across inbound `watch.subscribe`, notification parsing, echo and self-chat guards, sent-message cache, same-sender DM coalescing, DM history, reaction event routing, catchup cursor/replay, and live cursor advancement. - name: Replay missed messages coverageIds: [imessage.replay-missed-messages] description: Covers Replay missed messages across inbound `watch.subscribe`, notification parsing, echo and self-chat guards, sent-message cache, same-sender DM coalescing, DM history, reaction event routing, catchup cursor/replay, and live cursor advancement. - name: Seed conversation history coverageIds: [imessage.seed-conversation-history] description: Covers Seed conversation history across inbound `watch.subscribe`, notification parsing, echo and self-chat guards, sent-message cache, same-sender DM coalescing, DM history, reaction event routing, catchup cursor/replay, and live cursor advancement. docs: - docs/channels/imessage.md search_anchors: - Watch live messages - Coalesce split-send DMs - Replay missed messages - Seed conversation history category_note: inbound-monitoring-coalescing-catchup-and-history.md human_lts_override: false - name: Media and Rich Content id: media-and-rich-content features: - name: Media coverageIds: [imessage.media] description: Covers Media across `includeAttachments`, attachment root allowlists, remote attachment roots, `remoteHost` SCP fetches, HEIC conversion, size caps, outbound media sends, `send-attachment`, text chunking, and media receipts. - name: Attachments coverageIds: [ui.attachments] description: Covers Attachments across `includeAttachments`, attachment root allowlists, remote attachment roots, `remoteHost` SCP fetches, HEIC conversion, size caps, outbound media sends, `send-attachment`, text chunking, and media receipts. - name: Remote Fetch coverageIds: [imessage.remote-fetch] description: Covers Remote Fetch across `includeAttachments`, attachment root allowlists, remote attachment roots, `remoteHost` SCP fetches, HEIC conversion, size caps, outbound media sends, `send-attachment`, text chunking, and media receipts. - name: Chunking coverageIds: [imessage.chunking] description: Covers Chunking across `includeAttachments`, attachment root allowlists, remote attachment roots, `remoteHost` SCP fetches, HEIC conversion, size caps, outbound media sends, `send-attachment`, text chunking, and media receipts. - name: Native Actions coverageIds: [imessage.native-actions] description: Covers Native Actions across private API probing, action availability, action config gates, tapback mapping, edit/unsend/reply/effects/group management, `send-rich --file`, message-tool visibility/target grammar, and action dispatch errors. - name: Private API coverageIds: [imessage.private-api] description: Covers Private API across private API probing, action availability, action config gates, tapback mapping, edit/unsend/reply/effects/group management, `send-rich --file`, message-tool visibility/target grammar, and action dispatch errors. - name: Message Tool coverageIds: [imessage.message-tool] description: Covers Message Tool across private API probing, action availability, action config gates, tapback mapping, edit/unsend/reply/effects/group management, `send-rich --file`, message-tool visibility/target grammar, and action dispatch errors. docs: - docs/channels/imessage.md - docs/channels/imessage-from-bluebubbles.md - docs/gateway/config-channels.md search_anchors: - Media - Attachments - Remote Fetch - Chunking - imessage / bluebubbles media, attachments, remote fetch, and chunking - media, attachments, remote fetch, and chunking - Native Actions - Private API - Message Tool - imessage / bluebubbles native actions, private api, and message tool - native actions, private api, and message tool category_note: media-attachments-remote-fetch-and-chunking.md human_lts_override: false - name: Native Controls and Approvals id: native-controls-and-approvals features: - name: Native Approvals coverageIds: [security.native-approvals] description: Covers Native Approvals across native approval delivery, exec/plugin approval routing, reaction-based approval decisions, `/approve` authorization changes, and related native approvals, reactions, and operator control behavior. - name: Reactions coverageIds: [imessage.reactions] description: Covers Reactions across native approval delivery, exec/plugin approval routing, reaction-based approval decisions, `/approve` authorization changes, and related native approvals, reactions, and operator control behavior. - name: Operator Control coverageIds: [imessage.operator-control] description: Covers Operator Control across native approval delivery, exec/plugin approval routing, reaction-based approval decisions, `/approve` authorization changes, and related native approvals, reactions, and operator control behavior. docs: - docs/channels/imessage.md search_anchors: - Native Approvals - Reactions - Operator Control - imessage / bluebubbles native approvals, reactions, and operator control - native approvals, reactions, and operator control category_note: native-approvals-reactions-and-operator-control.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: signal name: Signal family: channel level: alpha level_code: M2 rationale: Supported channel docs exist; needs stronger install and reconnect proof. completeness_instructions: references/completeness/signal.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: QR link setup coverageIds: [signal.qr-link-setup] description: Defines QR link setup setup, credential, configuration, and operator verification behavior for Setup, Install, and Account Provisioning. - name: SMS registration coverageIds: [signal.sms-registration] description: Defines SMS registration setup, credential, configuration, and operator verification behavior for Setup, Install, and Account Provisioning. - name: Installer and binary setup coverageIds: [signal.installer-and-binary-setup] description: Defines Installer and binary setup setup, credential, configuration, and operator verification behavior for Setup, Install, and Account Provisioning. - name: Container account provisioning coverageIds: [signal.container-account-provisioning] description: Defines Container account provisioning setup, credential, configuration, and operator verification behavior for Setup, Install, and Account Provisioning. - name: Status probes coverageIds: [signal.status-probes] description: Defines Status probes setup, credential, configuration, and operator verification behavior for Diagnostics, Config Status, and Operator Guardrails. - name: Setup diagnostics coverageIds: [signal.setup-diagnostics] description: Defines Setup diagnostics setup, credential, configuration, and operator verification behavior for Diagnostics, Config Status, and Operator Guardrails. - name: Account safety guardrails coverageIds: [signal.account-safety-guardrails] description: Defines Account safety guardrails setup, credential, configuration, and operator verification behavior for Diagnostics, Config Status, and Operator Guardrails. docs: - docs/channels/signal.md - docs/plugins/reference/signal.md search_anchors: - QR link setup - SMS registration - Installer and binary setup - Container account provisioning - dmPolicy - allowFrom - groupPolicy - requireMention - Status probes - Setup diagnostics - Account safety guardrails - historyLimit category_note: setup-install-account-provisioning.md human_lts_override: false - name: Access and Identity id: access-and-identity features: - name: DM pairing coverageIds: [security.dm-pairing] description: Defines DM pairing setup, credential, configuration, and operator verification behavior for DM Pairing and Access Control. - name: DM allowlists coverageIds: [signal.dm-allowlists] description: Defines DM allowlists setup, credential, configuration, and operator verification behavior for DM Pairing and Access Control. - name: Sender identity normalization coverageIds: [signal.sender-identity-normalization] description: Defines Sender identity normalization setup, credential, configuration, and operator verification behavior for DM Pairing and Access Control. - name: Group allowlists coverageIds: [security.group-allowlists] description: Defines Group allowlists authorization, trust, safety boundaries, and operator controls for Group Routing, Mentions, and Pending History. - name: Mention gates coverageIds: [matrix.mention-gates] description: Defines Mention gates authorization, trust, safety boundaries, and operator controls for Group Routing, Mentions, and Pending History. - name: Pending group history coverageIds: [signal.pending-group-history] description: Defines Pending group history authorization, trust, safety boundaries, and operator controls for Group Routing, Mentions, and Pending History. docs: - docs/channels/signal.md search_anchors: - DM pairing - DM allowlists - Sender identity normalization - dmPolicy - allowFrom - groupPolicy - requireMention - historyLimit - Group allowlists - Mention gates - Pending group history category_note: dm-pairing-access-control.md human_lts_override: false - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Conversation Routing and Delivery coverageIds: [channels.conversation-routing-delivery] description: Evidence scope for Conversation Routing and Delivery. docs: - docs/channels/signal.md search_anchors: - signal conversation routing and delivery - conversation routing and delivery category_note: group-routing-mention-history.md human_lts_override: false - name: Media and Rich Content id: media-and-rich-content features: - name: Text delivery targets coverageIds: [signal.text-delivery-targets] description: Covers Text delivery targets routing, session binding, history, and conversation context for Outbound Delivery, Media, Receipts, and Typing. - name: Media delivery and limits coverageIds: [signal.media-delivery-and-limits] description: Covers Media delivery and limits routing, session binding, history, and conversation context for Outbound Delivery, Media, Receipts, and Typing. - name: Typing and read receipts coverageIds: [signal.typing-and-read-receipts] description: Covers Typing and read receipts routing, session binding, history, and conversation context for Outbound Delivery, Media, Receipts, and Typing. - name: Styled/chunked output coverageIds: [signal.styled-chunked-output] description: Covers Styled/chunked output routing, session binding, history, and conversation context for Outbound Delivery, Media, Receipts, and Typing. - name: Reaction action discovery coverageIds: [signal.reaction-action-discovery] description: Covers Reaction action discovery routing, session binding, history, and conversation context for Reactions Message Tool. - name: Add/remove reactions coverageIds: [signal.add-remove-reactions] description: Covers Add/remove reactions routing, session binding, history, and conversation context for Reactions Message Tool. - name: Group reaction targeting coverageIds: [signal.group-reaction-targeting] description: Covers Group reaction targeting routing, session binding, history, and conversation context for Reactions Message Tool. docs: - docs/channels/signal.md search_anchors: - Text delivery targets - Media delivery and limits - Typing and read receipts - Styled/chunked output - dmPolicy - allowFrom - groupPolicy - requireMention - Reaction action discovery - Add/remove reactions - Group reaction targeting - historyLimit category_note: outbound-delivery-media-receipts.md human_lts_override: false - name: Native Controls and Approvals id: native-controls-and-approvals features: - name: Native approval routing coverageIds: [signal.native-approval-routing] description: Defines Native approval routing authorization, trust, safety boundaries, and operator controls for Approval Routing and Reaction Resolution. - name: Reaction approval responses coverageIds: [signal.reaction-approval-responses] description: Defines Reaction approval responses authorization, trust, safety boundaries, and operator controls for Approval Routing and Reaction Resolution. - name: Approver targeting coverageIds: [signal.approver-targeting] description: Defines Approver targeting authorization, trust, safety boundaries, and operator controls for Approval Routing and Reaction Resolution. docs: - docs/channels/signal.md search_anchors: - Native approval routing - Reaction approval responses - Approver targeting - dmPolicy - allowFrom - groupPolicy - requireMention - historyLimit category_note: approval-routing-reaction-resolution.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: google-chat name: Google Chat family: channel level: alpha level_code: M2 rationale: Documented channel, but enterprise/admin setup raises maturity risk. completeness_instructions: references/completeness/google-chat.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: Google Cloud project setup coverageIds: [google-chat.google-cloud-project-setup] description: Covers Google Cloud project setup across Google Chat plugin installation, Google Cloud project and Chat API setup, service account JSON/file/env credential selection, `audienceType`, and related setup auth and workspace app behavior. - name: Chat app configuration coverageIds: [google-chat.chat-app-configuration] description: Covers Chat app configuration across Google Chat plugin installation, Google Cloud project and Chat API setup, service account JSON/file/env credential selection, `audienceType`, and related setup auth and workspace app behavior. - name: Service account setup coverageIds: [google-chat.service-account-setup] description: Covers Service account setup across Google Chat plugin installation, Google Cloud project and Chat API setup, service account JSON/file/env credential selection, `audienceType`, and related setup auth and workspace app behavior. - name: Webhook audience and path coverageIds: [google-chat.webhook-audience-and-path] description: Covers Webhook audience and path across Google Chat plugin installation, Google Cloud project and Chat API setup, service account JSON/file/env credential selection, `audienceType`, and related setup auth and workspace app behavior. - name: Workspace visibility and app status coverageIds: [google-chat.workspace-visibility-and-app-status] description: Covers Workspace visibility and app status across Google Chat plugin installation, Google Cloud project and Chat API setup, service account JSON/file/env credential selection, `audienceType`, and related setup auth and workspace app behavior. - name: Guided channel setup coverageIds: [google-chat.guided-channel-setup] description: Covers Guided channel setup across Google Chat plugin installation, Google Cloud project and Chat API setup, service account JSON/file/env credential selection, `audienceType`, and related setup auth and workspace app behavior. - name: Account resolution coverageIds: [google-chat.account-resolution] description: Covers Account resolution across `accounts`, `defaultAccount`, top-level and account credential inheritance, service account SecretRefs, and related multi account secrets status and diagnostics behavior. - name: Service account SecretRefs coverageIds: [google-chat.service-account-secretrefs] description: Covers Service account SecretRefs across `accounts`, `defaultAccount`, top-level and account credential inheritance, service account SecretRefs, and related multi account secrets status and diagnostics behavior. - name: Env file and inline credentials coverageIds: [google-chat.env-file-and-inline-credentials] description: Covers Env file and inline credentials across `accounts`, `defaultAccount`, top-level and account credential inheritance, service account SecretRefs, and related multi account secrets status and diagnostics behavior. - name: Channel status and probes coverageIds: [google-chat.channel-status-and-probes] description: Covers Channel status and probes across `accounts`, `defaultAccount`, top-level and account credential inheritance, service account SecretRefs, and related multi account secrets status and diagnostics behavior. - name: Directory and mutable-id diagnostics coverageIds: [google-chat.directory-and-mutable-id-diagnostics] description: Covers Directory and mutable-id diagnostics across `accounts`, `defaultAccount`, top-level and account credential inheritance, service account SecretRefs, and related multi account secrets status and diagnostics behavior. - name: NPM and ClawHub install coverageIds: [google-chat.npm-and-clawhub-install] description: Covers NPM and ClawHub install across npm/ClawHub plugin metadata, docs navigation, plugin references, official external plugin catalog, and related plugin distribution operator ui and docs behavior. - name: Plugin docs and catalog routing coverageIds: [google-chat.plugin-docs-and-catalog-routing] description: Covers Plugin docs and catalog routing across npm/ClawHub plugin metadata, docs navigation, plugin references, official external plugin catalog, and related plugin distribution operator ui and docs behavior. - name: Channel aliases and labels coverageIds: [google-chat.channel-aliases-and-labels] description: Covers Channel aliases and labels across npm/ClawHub plugin metadata, docs navigation, plugin references, official external plugin catalog, and related plugin distribution operator ui and docs behavior. - name: Operator status UI coverageIds: [google-chat.operator-status-ui] description: Covers Operator status UI across npm/ClawHub plugin metadata, docs navigation, plugin references, official external plugin catalog, and related plugin distribution operator ui and docs behavior. - name: Install/update metadata coverageIds: [google-chat.install-update-metadata] description: Covers Install/update metadata across npm/ClawHub plugin metadata, docs navigation, plugin references, official external plugin catalog, and related plugin distribution operator ui and docs behavior. docs: - docs/channels/googlechat.md - docs/plugins/reference/googlechat.md - docs/gateway/config-channels.md - docs/start/wizard-cli-reference.md - docs/gateway/secrets.md - docs/reference/secretref-credential-surface.md - docs/gateway/health.md - docs/plugins/plugin-inventory.md - docs/channels/index.md - docs/docs.json search_anchors: - Google Cloud project setup - Chat app configuration - Service account setup - Webhook audience and path - Workspace visibility and app status - Guided channel setup - DM pairing - dm.policy - Account resolution - Service account SecretRefs - Env file and inline credentials - Channel status and probes - Directory and mutable-id diagnostics - allowFrom - NPM and ClawHub install - Plugin docs and catalog routing - Channel aliases and labels - Operator status UI - Install/update metadata category_note: setup-auth-and-workspace-app.md human_lts_override: false - name: Access and Identity id: access-and-identity features: - name: DM pairing approval coverageIds: [google-chat.dm-pairing-approval] description: Covers DM pairing approval across Google Chat DMs, `dm.policy`, `dm.allowFrom`, pairing challenges, and related dm pairing and sender authorization behavior. - name: Sender allowlists coverageIds: [google-chat.sender-allowlists] description: Covers Sender allowlists across Google Chat DMs, `dm.policy`, `dm.allowFrom`, pairing challenges, and related dm pairing and sender authorization behavior. - name: Google Chat identity matching coverageIds: [google-chat.identity-matching] description: Covers Google Chat identity matching across Google Chat DMs, `dm.policy`, `dm.allowFrom`, pairing challenges, and related dm pairing and sender authorization behavior. - name: Direct session routing coverageIds: [google-chat.direct-session-routing] description: Covers Direct session routing across Google Chat DMs, `dm.policy`, `dm.allowFrom`, pairing challenges, and related dm pairing and sender authorization behavior. - name: Pairing diagnostics coverageIds: [google-chat.pairing-diagnostics] description: Covers Pairing diagnostics across Google Chat DMs, `dm.policy`, `dm.allowFrom`, pairing challenges, and related dm pairing and sender authorization behavior. - name: Space allowlists coverageIds: [google-chat.space-allowlists] description: Covers Space allowlists across Google Chat spaces and group messages, `groupPolicy`, `groups`, wildcard groups, and related space routing mentions and session isolation behavior. - name: Mention gating coverageIds: [channels.mention-gating] description: Covers Mention gating across Google Chat spaces and group messages, `groupPolicy`, `groups`, wildcard groups, and related space routing mentions and session isolation behavior. - name: Sender access groups coverageIds: [google-chat.sender-access-groups] description: Covers Sender access groups across Google Chat spaces and group messages, `groupPolicy`, `groups`, wildcard groups, and related space routing mentions and session isolation behavior. - name: Group session isolation coverageIds: [google-chat.group-session-isolation] description: Covers Group session isolation across Google Chat spaces and group messages, `groupPolicy`, `groups`, wildcard groups, and related space routing mentions and session isolation behavior. - name: Bot-loop protection coverageIds: [channels.bot-loop-protection] description: Covers Bot-loop protection across Google Chat spaces and group messages, `groupPolicy`, `groups`, wildcard groups, and related space routing mentions and session isolation behavior. - name: Space diagnostics coverageIds: [google-chat.space-diagnostics] description: Covers Space diagnostics across Google Chat spaces and group messages, `groupPolicy`, `groups`, wildcard groups, and related space routing mentions and session isolation behavior. docs: - docs/channels/googlechat.md - docs/channels/pairing.md - docs/channels/access-groups.md - docs/gateway/config-channels.md - docs/channels/bot-loop-protection.md - docs/channels/channel-routing.md search_anchors: - DM pairing approval - Sender allowlists - Google Chat identity matching - Direct session routing - Pairing diagnostics - DM pairing - dm.policy - allowFrom - Space allowlists - Mention gating - Sender access groups - Group session isolation - Bot-loop protection - Space diagnostics category_note: dm-pairing-and-sender-authorization.md human_lts_override: false - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Conversation Routing and Delivery coverageIds: [channels.conversation-routing-delivery] description: Evidence scope for Conversation Routing and Delivery. docs: - docs/channels/googlechat.md - docs/channels/bot-loop-protection.md - docs/channels/access-groups.md - docs/channels/channel-routing.md search_anchors: - google chat conversation routing and delivery - conversation routing and delivery category_note: space-routing-mentions-and-session-isolation.md human_lts_override: false - name: Media and Rich Content id: media-and-rich-content features: - name: Media and Rich Content coverageIds: [channels.media-rich-content] description: Evidence scope for Media and Rich Content. docs: - docs/channels/googlechat.md - docs/cli/message.md - docs/nodes/media-understanding.md - docs/reference/secretref-credential-surface.md search_anchors: - google chat media and rich content - media and rich content category_note: media-attachments-and-file-transfer.md human_lts_override: false - name: Native Controls and Approvals id: native-controls-and-approvals features: - name: Inbound attachments coverageIds: [google-chat.inbound-attachments] description: Covers Inbound attachments across inbound Google Chat attachment download, media store handoff, outbound media reply delivery, `upload-file`, and related media attachments and file transfer behavior. - name: Outbound media replies coverageIds: [google-chat.outbound-media-replies] description: Covers Outbound media replies across inbound Google Chat attachment download, media store handoff, outbound media reply delivery, `upload-file`, and related media attachments and file transfer behavior. - name: Message upload action coverageIds: [google-chat.message-upload-action] description: Covers Message upload action across inbound Google Chat attachment download, media store handoff, outbound media reply delivery, `upload-file`, and related media attachments and file transfer behavior. - name: Media source and size controls coverageIds: [google-chat.media-source-and-size-controls] description: Covers Media source and size controls across inbound Google Chat attachment download, media store handoff, outbound media reply delivery, `upload-file`, and related media attachments and file transfer behavior. - name: Media receipts and thread placement coverageIds: [google-chat.media-receipts-and-thread-placement] description: Covers Media receipts and thread placement across inbound Google Chat attachment download, media store handoff, outbound media reply delivery, `upload-file`, and related media attachments and file transfer behavior. - name: Text send action coverageIds: [google-chat.text-send-action] description: Covers Text send action across Google Chat message tool action discovery, `send`, `upload-file`, `react`, and related message actions reactions and approval auth behavior. - name: Upload-file action coverageIds: [google-chat.upload-file-action] description: Covers Upload-file action across Google Chat message tool action discovery, `send`, `upload-file`, `react`, and related message actions reactions and approval auth behavior. - name: Reaction actions coverageIds: [google-chat.reaction-actions] description: Covers Reaction actions across Google Chat message tool action discovery, `send`, `upload-file`, `react`, and related message actions reactions and approval auth behavior. - name: Action capability gates coverageIds: [google-chat.action-capability-gates] description: Covers Action capability gates across Google Chat message tool action discovery, `send`, `upload-file`, `react`, and related message actions reactions and approval auth behavior. - name: Approval sender matching coverageIds: [google-chat.approval-sender-matching] description: Covers Approval sender matching across Google Chat message tool action discovery, `send`, `upload-file`, `react`, and related message actions reactions and approval auth behavior. - name: Thread-aware replies coverageIds: [google-chat.thread-aware-replies] description: Covers Thread-aware replies across inbound thread resource propagation, `replyToMode`, Google Chat `messageReplyOption=REPLY_MESSAGE_FALLBACK_TO_NEW_THREAD`, text chunking, and related threaded replies streaming and typing lifecycle behavior. - name: Streaming and chunked replies coverageIds: [google-chat.streaming-and-chunked-replies] description: Covers Streaming and chunked replies across inbound thread resource propagation, `replyToMode`, Google Chat `messageReplyOption=REPLY_MESSAGE_FALLBACK_TO_NEW_THREAD`, text chunking, and related threaded replies streaming and typing lifecycle behavior. - name: Typing placeholder lifecycle coverageIds: [google-chat.typing-placeholder-lifecycle] description: Covers Typing placeholder lifecycle across inbound thread resource propagation, `replyToMode`, Google Chat `messageReplyOption=REPLY_MESSAGE_FALLBACK_TO_NEW_THREAD`, text chunking, and related threaded replies streaming and typing lifecycle behavior. - name: Message-tool current-source replies coverageIds: [google-chat.message-tool-current-source-replies] description: Covers Message-tool current-source replies across inbound thread resource propagation, `replyToMode`, Google Chat `messageReplyOption=REPLY_MESSAGE_FALLBACK_TO_NEW_THREAD`, text chunking, and related threaded replies streaming and typing lifecycle behavior. - name: NO_REPLY cleanup coverageIds: [google-chat.no-reply-cleanup] description: Covers NO_REPLY cleanup across inbound thread resource propagation, `replyToMode`, Google Chat `messageReplyOption=REPLY_MESSAGE_FALLBACK_TO_NEW_THREAD`, text chunking, and related threaded replies streaming and typing lifecycle behavior. - name: Markdown/text rendering coverageIds: [google-chat.markdown-text-rendering] description: Covers Markdown/text rendering across inbound thread resource propagation, `replyToMode`, Google Chat `messageReplyOption=REPLY_MESSAGE_FALLBACK_TO_NEW_THREAD`, text chunking, and related threaded replies streaming and typing lifecycle behavior. docs: - docs/channels/googlechat.md - docs/cli/message.md - docs/nodes/media-understanding.md - docs/reference/secretref-credential-surface.md - docs/tools/reactions.md - docs/tools/slash-commands.md - docs/gateway/config-agents.md - docs/concepts/message-lifecycle-refactor.md search_anchors: - Inbound attachments - Outbound media replies - Message upload action - Media source and size controls - Media receipts and thread placement - DM pairing - dm.policy - allowFrom - Text send action - Upload-file action - Reaction actions - Action capability gates - Approval sender matching - Thread-aware replies - Streaming and chunked replies - Typing placeholder lifecycle - Message-tool current-source replies - NO_REPLY cleanup - Markdown/text rendering category_note: message-actions-reactions-and-approval-auth.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: matrix name: Matrix family: channel level: alpha level_code: M2 rationale: Supported via bundled plugin. Needs bridge, auth, and room lifecycle scorecards. completeness_instructions: references/completeness/matrix.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: Matrix plugin identity coverageIds: [matrix.plugin-identity] description: Matrix plugin identity, install metadata, runtime/setup entries, and account configuration. - name: Setup wizard coverageIds: [matrix.setup-wizard] description: Setup wizard, setup adapter, validation, post-write bootstrap, and account setup. - name: Account discovery coverageIds: [matrix.account-discovery] description: Account discovery, default account rules, env-backed accounts, and stored account metadata. - name: Matrix doctor warnings coverageIds: [matrix.doctor-warnings] description: Matrix doctor warnings, config normalization, and stale plugin config cleanup. - name: Matrix probe/status coverageIds: [matrix.probe-status] description: Matrix probe/status, live directory lookup, CLI diagnostics, and QA runtime status. docs: - docs/channels/matrix.md - docs/channels/matrix-migration.md search_anchors: - matrix setup, config, and account selection - setup, config, and account selection - matrix diagnostics, doctor, and operational repair - diagnostics, doctor, and operational repair category_note: setup-config-and-account-selection.md human_lts_override: false - name: Access and Identity id: access-and-identity features: - name: DM policy coverageIds: [matrix.dm-policy] description: DM policy, pairing, allowFrom, groupAllowFrom, room allowlists, and live access checks. - name: Direct-room classification coverageIds: [matrix.direct-room-classification] description: Direct-room classification and repair-adjacent routing decisions - name: Inbound route selection across sender-bound DMs coverageIds: [matrix.inbound-route-selection-across-sender-bound-dms] description: Inbound route selection across sender-bound DMs, room bindings, and account-scoped routes. - name: Mention gates coverageIds: [matrix.mention-gates] description: Mention gates, slash command access checks, bot-loop suppression, and context admission. - name: Matrix thread reply routing coverageIds: [matrix.thread-reply-routing] description: Matrix thread reply routing, thread root/context extraction, and thread-aware session placement. - name: Persisted Matrix thread routing managers coverageIds: [matrix.persisted-matrix-thread-routing-managers] description: Persisted Matrix thread binding managers, child session binding, and activity tracking. - name: ACP/subagent spawn hooks coverageIds: [matrix.acp-subagent-spawn-hooks] description: ACP/subagent spawn hooks and Matrix delivery targets for child sessions docs: - docs/channels/matrix.md - docs/channels/groups.md - docs/channels/bot-loop-protection.md search_anchors: - matrix dm room routing and access policy - dm room routing and access policy - matrix threads, acp, and subagent bindings - threads, acp, and subagent bindings category_note: dm-room-routing-and-access-policy.md human_lts_override: false - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Conversation Routing and Delivery coverageIds: [channels.conversation-routing-delivery] description: Evidence scope for Conversation Routing and Delivery. docs: - docs/channels/matrix.md search_anchors: - matrix conversation routing and delivery - conversation routing and delivery category_note: threads-acp-and-subagent-bindings.md human_lts_override: false - name: Media and Rich Content id: media-and-rich-content features: - name: Media and Rich Content coverageIds: [channels.media-rich-content] description: Evidence scope for Media and Rich Content. docs: - docs/channels/matrix.md search_anchors: - matrix media and rich content - media and rich content category_note: outbound-messages-media-and-streaming.md human_lts_override: false - name: Native Controls and Approvals id: native-controls-and-approvals features: - name: Channel action discovery coverageIds: [matrix.channel-action-discovery] description: Channel action discovery, account-scoped action gates, and tool schemas - name: Message send/read/edit/delete coverageIds: [matrix.message-send-read-edit-delete] description: Message send/read/edit/delete, poll voting, reaction add/remove/list, pins, and related room tools. - name: Profile media loading coverageIds: [matrix.profile-media-loading] description: Profile media loading from URL or local path. - name: Outbound Matrix text coverageIds: [matrix.outbound-matrix-text] description: Outbound Matrix text, media, encrypted media, poll, typing, read receipt, and delivery behavior. - name: Message presentation metadata coverageIds: [matrix.message-presentation-metadata] description: Message presentation metadata, Matrix mention metadata, and chunked delivery behavior. - name: Inbound media failure handling coverageIds: [matrix.inbound-media-failure-handling] description: Inbound media download failure handling when it affects outbound replies. docs: - docs/channels/matrix.md search_anchors: - matrix actions, profile, polls, reactions, and room tools - actions, profile, polls, reactions, and room tools - matrix outbound messages, media, and streaming - outbound messages, media, and streaming category_note: actions-profile-polls-reactions-and-room-tools.md human_lts_override: false - name: Encryption and Verification id: encryption-and-verification features: - name: Encryption setup coverageIds: [matrix.encryption-setup] description: Encryption setup, crypto availability, recovery-key storage, and secret storage. - name: Encrypted media upload/download coverageIds: [matrix.encrypted-media-upload-download] description: Encrypted media upload/download and startup verification notices - name: Legacy state coverageIds: [matrix.legacy-state] description: Legacy state and crypto migration, migration snapshots, and gateway startup repair. docs: - docs/channels/matrix.md - docs/channels/matrix-migration.md search_anchors: - matrix e2ee, verification, backup, and migration - e2ee, verification, backup, and migration category_note: e2ee-verification-backup-and-migration.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: microsoft-teams name: Microsoft Teams family: channel level: alpha level_code: M2 rationale: Enterprise auth/admin flows need explicit scenario proof. completeness_instructions: references/completeness/microsoft-teams.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: Teams CLI app creation coverageIds: [microsoft-teams.teams-cli-app-creation] description: Covers Microsoft Teams channel installation through `teams app create`, bot registration, manifest creation, credential generation, and setup verification. - name: Bot registration and manifest upload coverageIds: [microsoft-teams.bot-registration-and-manifest-upload] description: Covers Entra ID application registration, Azure Bot setup, Teams app manifest/RSC permissions, and Teams app package upload. - name: Credential configuration coverageIds: [microsoft-teams.credential-configuration] description: Covers CLIENT_ID, CLIENT_SECRET, TENANT_ID, `MSTEAMS_*` environment variables, and OpenClaw `channels.msteams` credential configuration. - name: Teams app install verification coverageIds: [microsoft-teams.teams-app-install-verification] description: Covers Teams install links, app installation in Teams, and `teams app doctor` verification after setup. - name: Setup status coverageIds: [microsoft-teams.setup-status] description: Covers Setup status across setup wizard status, credential prompts, env credential detection, setup docs, and related diagnostics and repair behavior. - name: Probe and scope reporting coverageIds: [microsoft-teams.probe-and-scope-reporting] description: Covers Probe and scope reporting across setup wizard status, credential prompts, env credential detection, setup docs, and related diagnostics and repair behavior. - name: Teams app doctor coverageIds: [microsoft-teams.teams-app-doctor] description: Covers Teams app doctor across setup wizard status, credential prompts, env credential detection, setup docs, and related diagnostics and repair behavior. - name: Webhook and health diagnostics coverageIds: [microsoft-teams.webhook-and-health-diagnostics] description: Covers Webhook and health diagnostics across setup wizard status, credential prompts, env credential detection, setup docs, and related diagnostics and repair behavior. - name: Operator repair paths coverageIds: [microsoft-teams.operator-repair-paths] description: Covers Operator repair paths across setup wizard status, credential prompts, env credential detection, setup docs, and related diagnostics and repair behavior. docs: - docs/channels/msteams.md - docs/plugins/reference/msteams.md - docs/gateway/config-channels.md - docs/gateway/health.md search_anchors: - Quick setup - teams app create - app registration - bot registration - Teams app manifest - RSC permissions - credential generation - Configure OpenClaw - MSTEAMS_APP_ID - channels.msteams - Install the app in Teams - teams app doctor - Setup status - Probe and scope reporting - Teams app doctor - Webhook and health diagnostics - Operator repair paths category_note: setup-app-registration-credentials-admin-install.md human_lts_override: false - name: Access and Identity id: access-and-identity features: - name: DM pairing coverageIds: [security.dm-pairing] description: Covers DM pairing across DM pairing, `dmPolicy`, `allowFrom`, AAD ID matching, and related dm pairing and sender access behavior. - name: Stable sender identity coverageIds: [microsoft-teams.stable-sender-identity] description: Covers Stable sender identity across DM pairing, `dmPolicy`, `allowFrom`, AAD ID matching, and related dm pairing and sender access behavior. - name: Allowlists and access groups coverageIds: [microsoft-teams.allowlists-and-access-groups] description: Covers Allowlists and access groups across DM pairing, `dmPolicy`, `allowFrom`, AAD ID matching, and related dm pairing and sender access behavior. - name: Invoke and command authorization coverageIds: [microsoft-teams.invoke-and-command-authorization] description: Covers Invoke and command authorization across DM pairing, `dmPolicy`, `allowFrom`, AAD ID matching, and related dm pairing and sender access behavior. - name: Teams-originated config writes coverageIds: [microsoft-teams.teams-originated-config-writes] description: Covers Teams-originated config writes across DM pairing, `dmPolicy`, `allowFrom`, AAD ID matching, and related dm pairing and sender access behavior. - name: Bot Framework SSO invokes coverageIds: [microsoft-teams.bot-framework-sso-invokes] description: Covers Bot Framework SSO invoke handling and OAuth token exchange for Microsoft Teams users. - name: Delegated token storage coverageIds: [microsoft-teams.delegated-token-storage] description: Covers delegated token storage, token refresh, and recovery for Microsoft Teams user auth. - name: Graph directory lookup coverageIds: [microsoft-teams.graph-directory-lookup] description: Covers Graph app token resolution and directory lookup behavior for Teams routing and user metadata. - name: Member profile lookup coverageIds: [microsoft-teams.member-profile-lookup] description: Covers member info lookup and user metadata retrieval for Microsoft Teams conversations. docs: - docs/channels/msteams.md - docs/channels/pairing.md - docs/channels/access-groups.md search_anchors: - DM pairing - Stable sender identity - Allowlists and access groups - Invoke and command authorization - Teams-originated config writes - Bot Framework SSO invokes - OAuth token exchange - delegated token storage - Graph app token resolution - member info category_note: dm-pairing-sender-authorization-config-writes.md human_lts_override: false - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Team and channel allowlists coverageIds: [microsoft-teams.team-and-channel-allowlists] description: Covers Teams/channel allowlists, stable conversation IDs, `channels.msteams.teams`, wildcard routing, and team/channel name resolution. - name: Deterministic channel replies coverageIds: [microsoft-teams.deterministic-channel-replies] description: Covers deterministic reply routing back to the Teams channel where a message arrived and wildcard routing safeguards. - name: Mention-gated group access coverageIds: [microsoft-teams.mention-gated-group-access] description: Covers `groupPolicy`, `groupAllowFrom`, `requireMention`, and mention-gated group or channel replies. - name: Session routing coverageIds: [memory.session-routing] description: Covers deterministic reply routing, session keys, channel bindings, and conversation isolation for Microsoft Teams rooms and channels. - name: Reply and thread context coverageIds: [microsoft-teams.reply-and-thread-context] description: Covers reply context, quoted source messages, thread-aware routing, and room context for Teams conversations. docs: - docs/channels/msteams.md - docs/channels/groups.md - docs/channels/channel-routing.md search_anchors: - Teams + channel allowlist - deterministic routing - replies always go back to the channel - mention-gated - Session key shapes - groupPolicy - groupAllowFrom - requireMention - channel routing - Reply context category_note: team-channel-routing-mention-gates-sessions-thread-context.md human_lts_override: false - name: Media and Rich Content id: media-and-rich-content features: - name: Inbound attachments coverageIds: [google-chat.inbound-attachments] description: Covers Inbound attachments across inbound attachments, inline images, `msteams://media` placeholders, Graph hosted content, and related media and file sharing behavior. - name: Graph-hosted media coverageIds: [microsoft-teams.graph-hosted-media] description: Covers Graph-hosted media across inbound attachments, inline images, `msteams://media` placeholders, Graph hosted content, and related media and file sharing behavior. - name: File consent coverageIds: [microsoft-teams.file-consent] description: Covers File consent across inbound attachments, inline images, `msteams://media` placeholders, Graph hosted content, and related media and file sharing behavior. - name: SharePoint and OneDrive sharing coverageIds: [microsoft-teams.sharepoint-and-onedrive-sharing] description: Covers SharePoint and OneDrive sharing across inbound attachments, inline images, `msteams://media` placeholders, Graph hosted content, and related media and file sharing behavior. - name: Media fetch safety coverageIds: [microsoft-teams.media-fetch-safety] description: Covers Media fetch safety across inbound attachments, inline images, `msteams://media` placeholders, Graph hosted content, and related media and file sharing behavior. docs: - docs/channels/msteams.md search_anchors: - Inbound attachments - Graph-hosted media - File consent - SharePoint and OneDrive sharing - Media fetch safety category_note: media-attachments-file-consent-graph-file-flows.md human_lts_override: false - name: Native Controls and Approvals id: native-controls-and-approvals features: - name: Message action discovery coverageIds: [microsoft-teams.message-action-discovery] description: Covers Message action discovery across message-tool discovery, upload-file, poll, read/search, and related actions and approvals behavior. - name: Polls and reactions coverageIds: [microsoft-teams.polls-and-reactions] description: Covers Polls and reactions across message-tool discovery, upload-file, poll, read/search, and related actions and approvals behavior. - name: Read, edit, delete, and pin coverageIds: [microsoft-teams.read-edit-delete-and-pin] description: Covers Read, edit, delete, and pin across message-tool discovery, upload-file, poll, read/search, and related actions and approvals behavior. - name: Native approval cards coverageIds: [microsoft-teams.native-approval-cards] description: Covers Native approval cards across message-tool discovery, upload-file, poll, read/search, and related actions and approvals behavior. - name: Feedback and group actions coverageIds: [microsoft-teams.feedback-and-group-actions] description: Covers Feedback and group actions across message-tool discovery, upload-file, poll, read/search, and related actions and approvals behavior. docs: - docs/channels/msteams.md - docs/tools/exec-approvals-advanced.md search_anchors: - Message action discovery - Polls and reactions - Read, edit, delete, and pin - Native approval cards - Feedback and group actions category_note: actions-reactions-polls-approvals-group-management.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: mattermost-line-irc-nextcloud-talk-nostr-twitch-tlon-synology-chat name: Mattermost, LINE, IRC, Nextcloud Talk, Nostr, Twitch, Tlon, Synology Chat family: channel level: alpha level_code: M2 rationale: Supported surfaces exist, but maturity likely varies by upstream and maintainer coverage. Score individually later. completeness_instructions: references/completeness/mattermost-line-irc-nextcloud-talk-nostr-twitch-tlon-synology-chat.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: Channel Setup and Operations coverageIds: [channels.setup-operations] description: Evidence scope for Channel Setup and Operations. docs: [] search_anchors: - mattermost, line, irc, nextcloud talk, nostr, twitch, tlon, synology chat channel setup and operations - channel setup and operations category_note: channel-setup-and-operations.md human_lts_override: false - name: Access and Identity id: access-and-identity features: - name: Access and Identity coverageIds: [channels.access-and-identity] description: Evidence scope for Access and Identity. docs: [] search_anchors: - mattermost, line, irc, nextcloud talk, nostr, twitch, tlon, synology chat access and identity - access and identity category_note: access-and-identity.md human_lts_override: false - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Conversation Routing and Delivery coverageIds: [channels.conversation-routing-delivery] description: Evidence scope for Conversation Routing and Delivery. docs: [] search_anchors: - mattermost, line, irc, nextcloud talk, nostr, twitch, tlon, synology chat conversation routing and delivery - conversation routing and delivery category_note: conversation-routing-and-delivery.md human_lts_override: false - name: Media and Rich Content id: media-and-rich-content features: - name: Media and Rich Content coverageIds: [channels.media-rich-content] description: Evidence scope for Media and Rich Content. docs: [] search_anchors: - mattermost, line, irc, nextcloud talk, nostr, twitch, tlon, synology chat media and rich content - media and rich content category_note: media-and-rich-content.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: feishu-qq-bot-wechat-yuanbao-zalo-zalo-personal-regional-channels name: Feishu, QQ Bot, WeChat, Yuanbao, Zalo, Zalo Personal, regional channels family: channel level: alpha level_code: M2 rationale: Important regional coverage, but public support level should be calibrated per account type, upstream approval, and maintainer proof. completeness_instructions: references/completeness/feishu-qq-bot-wechat-yuanbao-zalo-zalo-personal-regional-channels.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: Docs channel index coverageIds: [regional-channels.docs-channel-index] description: Docs channel index, plugin reference pages, redirects, and pairing support list for regional channels - name: Official external channel catalog entries coverageIds: [regional-channels.official-external-channel-catalog-entries] description: Official external channel catalog entries for WeCom, Yuanbao, Weixin, and adjacent external channels - name: Core channel-plugin catalog coverageIds: [regional-channels.core-channel-plugin-catalog] description: Core channel-plugin catalog, alias normalization, install-plan resolution, trusted-source flags, repair hints, and status/list output - name: Channel setup wizard coverageIds: [regional-channels.channel-setup-wizard] description: Channel setup wizard and i18n blurbs for regional channels - name: Missing-plugin coverageIds: [regional-channels.missing-plugin] description: Missing-plugin, stale-plugin, raw package-manager upgrade, and doctor/repair paths - name: Cross-channel ingress/access/refactor concerns coverageIds: [regional-channels.cross-channel-ingress-access-refactor-concerns] description: Cross-channel ingress/access/refactor concerns for regional plugins docs: - docs/channels/index.md - docs/channels/pairing.md - docs/plugins/reference/feishu.md - docs/plugins/architecture-internals.md search_anchors: - 'feishu, qq bot, wechat, yuanbao, zalo, zalo personal, regional channels feishu, qq bot, wechat, yuanbao, zalo, zalo personal, regional channels feature matrix: shared regional channel catalog, install, and status' - 'feishu, qq bot, wechat, yuanbao, zalo, zalo personal, regional channels feature matrix: shared regional channel catalog, install, and status' category_note: shared-regional-channel-catalog-install-status.md human_lts_override: false - name: Access and Identity id: access-and-identity features: - name: Access and Identity coverageIds: [channels.access-and-identity] description: Evidence scope for Access and Identity. docs: [] search_anchors: - feishu, qq bot, wechat, yuanbao, zalo, zalo personal, regional channels access and identity - access and identity category_note: access-and-identity.md human_lts_override: false - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Conversation Routing and Delivery coverageIds: [channels.conversation-routing-delivery] description: Evidence scope for Conversation Routing and Delivery. docs: [] search_anchors: - feishu, qq bot, wechat, yuanbao, zalo, zalo personal, regional channels conversation routing and delivery - conversation routing and delivery category_note: conversation-routing-and-delivery.md human_lts_override: false - name: Media and Rich Content id: media-and-rich-content features: - name: Media and Rich Content coverageIds: [channels.media-rich-content] description: Evidence scope for Media and Rich Content. docs: [] search_anchors: - feishu, qq bot, wechat, yuanbao, zalo, zalo personal, regional channels media and rich content - media and rich content category_note: media-and-rich-content.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: voice-call-channel name: Voice Call channel family: channel level: experimental level_code: M1 rationale: Optional/plugin path with complex realtime behavior. Needs scenario scorecard before public beta. completeness_instructions: references/completeness/voice-call-channel.md categories: - name: Channel Setup and Operations id: channel-setup-and-operations features: - name: Voice call CLI, RPC, and agent tool coverageIds: [voice-call.cli-rpc-agent-tool] description: CLI, Gateway RPC, and agent tool - name: Voice call setup smoke coverageIds: [voice-call.setup-smoke] description: Setup, Configuration, and Smoke docs: - docs/cli/voicecall.md - docs/plugins/voice-call.md - docs/gateway/protocol.md search_anchors: - voice call CLI, RPC, and agent tool - voice call setup smoke category_note: setup-configuration-and-smoke.md human_lts_override: false - name: Access and Identity id: access-and-identity features: - name: Voice call webhook security coverageIds: [voice-call.webhook-security] description: Webhook Exposure and Security docs: - docs/plugins/voice-call.md - docs/cli/voicecall.md search_anchors: - voice call webhook security category_note: webhook-exposure-and-security.md human_lts_override: false - name: Conversation Routing and Delivery id: conversation-routing-and-delivery features: - name: Voice call inbound routing coverageIds: [voice-call.inbound-routing] description: Inbound Routing, Sessions, and Lifecycle docs: - docs/plugins/voice-call.md search_anchors: - voice call inbound routing, sessions, and lifecycle category_note: inbound-routing-sessions-and-lifecycle.md human_lts_override: false - name: Media and Rich Content id: media-and-rich-content features: - name: Voice call provider transports coverageIds: [voice-call.provider-transports] description: Provider Transports and Call Control - name: Voice call telephony audio coverageIds: [voice-call.telephony-audio] description: Telephony TTS, playback, DTMF, and audio docs: - docs/plugins/voice-call.md - docs/plugins/plugin-inventory.md search_anchors: - voice call provider transports and call control - voice call telephony TTS, playback, DTMF, and audio category_note: provider-transports-and-call-control.md human_lts_override: false - name: Realtime Voice and Calls id: realtime-voice-and-calls features: - name: Voice call realtime consult coverageIds: [voice-call.realtime-consult] description: Realtime Voice and Agent Consult - name: Voice call streaming transcription coverageIds: [voice-call.streaming-transcription] description: Streaming Transcription and Auto-response docs: - docs/plugins/voice-call.md search_anchors: - voice call realtime voice and agent consult - voice call streaming transcription and auto-response category_note: realtime-voice-and-agent-consult.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: openai-codex-provider-path name: OpenAI and Codex provider path family: provider-tool level: beta level_code: M3 rationale: Deep docs, OAuth/subscription path, realtime voice, image, and compatibility behavior. Provider churn keeps this from Stable without release-scorecard proof. completeness_instructions: references/completeness/openai-codex-provider-path.md categories: - name: Model and Auth id: model-and-auth features: - name: Canonical OpenAI Model Routing coverageIds: [models.openai, tools.web-search] description: 'Covers Canonical OpenAI Model Routing across user/operator-facing model route contract: canonical `openai/gpt-*` refs, legacy `openai-codex/*` model refs, model catalog rows, context limits, and related canonical openai model routing and catalog behavior.' - name: Catalog coverageIds: [codex.catalog] description: 'Covers Catalog across user/operator-facing model route contract: canonical `openai/gpt-*` refs, legacy `openai-codex/*` model refs, model catalog rows, context limits, and related canonical openai model routing and catalog behavior.' - name: Codex OAuth Profiles coverageIds: [auth-profiles.provider-selection, runtime.codex-plugin.auth, runtime.doctor-repair] description: Covers Codex OAuth Profiles across `openai-codex` auth profiles, profile ordering, profile metadata repair, token refresh, account-id propagation, usage/cooldown handling, and auth selection for Codex-backed OpenAI agent turns. - name: Subscription Usage coverageIds: [codex.subscription-usage] description: Covers Subscription Usage across `openai-codex` auth profiles, profile ordering, profile metadata repair, token refresh, account-id propagation, usage/cooldown handling, and auth selection for Codex-backed OpenAI agent turns. - name: Doctor Diagnostics coverageIds: [runtime.codex-plugin.version] description: 'Covers Doctor Diagnostics across operator-facing repair and diagnosis for OpenAI/Codex provider path problems: stale route migration, persisted session pins, runtime pins, auth-profile sidecars, profile metadata, status/probe output, and recovery commands.' - name: Operator Repair coverageIds: [codex.operator-repair] description: 'Covers Operator Repair across operator-facing repair and diagnosis for OpenAI/Codex provider path problems: stale route migration, persisted session pins, runtime pins, auth-profile sidecars, profile metadata, status/probe output, and recovery commands.' docs: - docs/providers/openai.md - docs/plugins/codex-harness.md - docs/concepts/models.md - docs/concepts/oauth.md - docs/plugins/codex-harness-reference.md - docs/automation/auth-monitoring.md search_anchors: - Canonical OpenAI Model Routing - Catalog - openai / codex provider path canonical openai model routing and catalog - canonical openai model routing and catalog - Codex OAuth Profiles - Subscription Usage - openai / codex provider path codex oauth profiles and subscription usage - codex oauth profiles and subscription usage - Doctor Diagnostics - Operator Repair - openai / codex provider path doctor diagnostics and operator repair - doctor diagnostics and operator repair category_note: canonical-openai-model-routing-and-catalog.md human_lts_override: true - name: Responses and Tool Compatibility id: responses-and-tool-compatibility features: - name: Codex Responses Transport coverageIds: [codex.responses-transport] description: Covers Codex Responses Transport across low-level provider request/streaming path for `openai-codex-responses` and the shared OpenAI Responses conversion code used by direct OpenAI and Codex-auth compatibility routes. - name: Payload Compatibility coverageIds: [runtime.prompt-compatibility, tools.fs.read] description: Covers Payload Compatibility across low-level provider request/streaming path for `openai-codex-responses` and the shared OpenAI Responses conversion code used by direct OpenAI and Codex-auth compatibility routes. - name: Tool Context coverageIds: [runtime.codex-native-workspace.read, tools.fs.read] description: Covers Tool Context across provider-facing tools, context injection, media inputs, native-vs-client tool ownership, OpenAI Responses compatibility, and how OpenAI/Codex models receive OpenClaw runtime context. - name: Capability Compatibility coverageIds: [codex.capability-compatibility] description: Covers Capability Compatibility across provider-facing tools, context injection, media inputs, native-vs-client tool ownership, OpenAI Responses compatibility, and how OpenAI/Codex models receive OpenClaw runtime context. docs: - docs/providers/openai.md - docs/gateway/openresponses-http-api.md - docs/gateway/openai-http-api.md - docs/plugins/codex-native-plugins.md search_anchors: - Codex Responses Transport - Payload Compatibility - openai / codex provider path codex responses transport and payload compatibility - codex responses transport and payload compatibility - Tool Context - Capability Compatibility - openai / codex provider path tool context and capability compatibility - tool context and capability compatibility category_note: codex-responses-transport-and-payload-compatibility.md human_lts_override: true - name: Native Codex Harness id: native-codex-harness features: - name: Native Codex App-server Harness coverageIds: [models.codex-cli, runtime.codex-app-server, runtime.gateway-log-sentinel.codex-progress, runtime.long-context, runtime.no-meta-leak, workspace.planning] description: Covers Native Codex App-server Harness across native Codex app-server runtime path used by OpenAI agent turns when the Codex harness owns thread identity, native model loop, compaction, native tools, and native app-server controls. - name: Thread Lifecycle coverageIds: [runtime.codex-app-server, runtime.codex-plugin.lifecycle, runtime.doctor-repair, runtime.gateway-log-sentinel.codex-progress, runtime.long-context, runtime.turn-ordering] description: Covers Thread Lifecycle across native Codex app-server runtime path used by OpenAI agent turns when the Codex harness owns thread identity, native model loop, compaction, native tools, and native app-server controls. docs: - docs/plugins/codex-harness.md - docs/plugins/codex-harness-runtime.md - docs/plugins/codex-harness-reference.md - docs/plugins/codex-native-plugins.md search_anchors: - Native Codex App-server Harness - Thread Lifecycle - openai / codex provider path native codex app-server harness and thread lifecycle - native codex app-server harness and thread lifecycle category_note: native-codex-app-server-harness-and-thread-lifecycle.md human_lts_override: true - name: Image and Multimodal Input id: image-and-multimodal-input features: - name: Image Generation Editing coverageIds: [codex.image-generation-editing] description: Covers Image Generation Editing across OpenAI image generation and editing, Codex OAuth image backend, transparent-background routing, Azure/private OpenAI image endpoints, and related image generation editing and multimodal input behavior. - name: Multimodal Input coverageIds: [codex.multimodal-input] description: Covers Multimodal Input across OpenAI image generation and editing, Codex OAuth image backend, transparent-background routing, Azure/private OpenAI image endpoints, and related image generation editing and multimodal input behavior. docs: - docs/providers/openai.md - docs/tools/image-generation.md - docs/nodes/images.md search_anchors: - Image Generation Editing - Multimodal Input - openai / codex provider path image generation editing and multimodal input - image generation editing and multimodal input category_note: image-generation-editing-and-multimodal-input.md human_lts_override: false - name: Voice and Realtime Audio id: voice-and-realtime-audio features: - name: Realtime Voice Transcription coverageIds: [codex.realtime-voice-transcription] description: Covers Realtime Voice Transcription across OpenAI text-to-speech, batch speech-to-text, Realtime transcription, Realtime voice, browser Talk/WebRTC, backend WebSocket bridges, OAuth-backed client secret minting, Azure Realtime deployments, and voice-control behavior. - name: Speech coverageIds: [codex.speech] description: Covers Speech across OpenAI text-to-speech, batch speech-to-text, Realtime transcription, Realtime voice, browser Talk/WebRTC, backend WebSocket bridges, OAuth-backed client secret minting, Azure Realtime deployments, and voice-control behavior. docs: - docs/providers/openai.md - docs/channels/discord.md - docs/plugins/voice-call.md search_anchors: - Realtime Voice Transcription - Speech - openai / codex provider path realtime voice transcription and speech - realtime voice transcription and speech category_note: realtime-voice-transcription-and-speech.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: anthropic-provider-path name: Anthropic provider path family: provider-tool level: beta level_code: M3 rationale: First-class model provider. Needs recurring auth/catalog/tool-call scenario proof. completeness_instructions: references/completeness/anthropic-provider-path.md categories: - name: Provider Auth and Recovery id: provider-auth-and-recovery features: - name: API-key onboarding coverageIds: [gateway.api-key-onboarding] description: 'Covers API-key onboarding across Anthropic credential surface before a model request is made: onboarding choices, API-key storage, Claude CLI credential migration, setup-token validation, and related credential setup and health behavior.' - name: Claude CLI credential reuse coverageIds: [anthropic.claude-cli-credential-reuse] description: 'Covers Claude CLI credential reuse across Anthropic credential surface before a model request is made: onboarding choices, API-key storage, Claude CLI credential migration, setup-token validation, and related credential setup and health behavior.' - name: Setup-token auth coverageIds: [anthropic.setup-token-auth] description: 'Covers Setup-token auth across Anthropic credential surface before a model request is made: onboarding choices, API-key storage, Claude CLI credential migration, setup-token validation, and related credential setup and health behavior.' - name: Auth profile health coverageIds: [anthropic.auth-profile-health] description: 'Covers Auth profile health across Anthropic credential surface before a model request is made: onboarding choices, API-key storage, Claude CLI credential migration, setup-token validation, and related credential setup and health behavior.' - name: Model status coverageIds: [anthropic.model-status] description: 'Covers Model status across operator diagnostics and recovery for Anthropic provider failures: status output, usage windows, auth profile source reporting, cooldown and disabled profile reporting, and related diagnostics and recovery behavior.' - name: Usage windows coverageIds: [anthropic.usage-windows] description: 'Covers Usage windows across operator diagnostics and recovery for Anthropic provider failures: status output, usage windows, auth profile source reporting, cooldown and disabled profile reporting, and related diagnostics and recovery behavior.' - name: Cooldown/profile reporting coverageIds: [anthropic.cooldown-profile-reporting] description: 'Covers Cooldown/profile reporting across operator diagnostics and recovery for Anthropic provider failures: status output, usage windows, auth profile source reporting, cooldown and disabled profile reporting, and related diagnostics and recovery behavior.' - name: Long-context recovery coverageIds: [anthropic.long-context-recovery] description: 'Covers Long-context recovery across operator diagnostics and recovery for Anthropic provider failures: status output, usage windows, auth profile source reporting, cooldown and disabled profile reporting, and related diagnostics and recovery behavior.' - name: Fallback guidance coverageIds: [anthropic.fallback-guidance] description: 'Covers Fallback guidance across operator diagnostics and recovery for Anthropic provider failures: status output, usage windows, auth profile source reporting, cooldown and disabled profile reporting, and related diagnostics and recovery behavior.' docs: - docs/providers/anthropic.md - docs/gateway/doctor.md - docs/gateway/configuration-examples.md - docs/gateway/troubleshooting.md - docs/reference/prompt-caching.md search_anchors: - API-key onboarding - Claude CLI credential reuse - Setup-token auth - Auth profile health - Model status - Usage windows - Cooldown/profile reporting - Long-context recovery - Fallback guidance category_note: auth-onboarding-and-credential-profile-health.md human_lts_override: false - name: Model and Runtime Selection id: model-and-runtime-selection features: - name: Bundled Claude catalog coverageIds: [anthropic.bundled-claude-catalog] description: 'Covers Bundled Claude catalog across Anthropic model catalog and policy layer: bundled model rows, model aliases, current and future Claude model id normalization, runtime-provider selection, and related model catalog and policy behavior.' - name: Canonical anthropic refs coverageIds: [models.anthropic, models.provider-auth] description: 'Covers Canonical anthropic refs across Anthropic model catalog and policy layer: bundled model rows, model aliases, current and future Claude model id normalization, runtime-provider selection, and related model catalog and policy behavior.' - name: Claude CLI compatibility coverageIds: [models.claude-cli, models.provider-capabilities] description: 'Covers Claude CLI compatibility across Anthropic model catalog and policy layer: bundled model rows, model aliases, current and future Claude model id normalization, runtime-provider selection, and related model catalog and policy behavior.' - name: Model picker availability coverageIds: [models.picker-availability] description: 'Covers Model picker availability across Anthropic model catalog and policy layer: bundled model rows, model aliases, current and future Claude model id normalization, runtime-provider selection, and related model catalog and policy behavior.' - name: Capability metadata coverageIds: [anthropic.capability-metadata] description: 'Covers Capability metadata across Anthropic model catalog and policy layer: bundled model rows, model aliases, current and future Claude model id normalization, runtime-provider selection, and related model catalog and policy behavior.' - name: Runtime selection coverageIds: [anthropic.runtime-selection] description: 'Covers Runtime selection across OpenClaw''s host-local Claude CLI path after auth is available: the `claude-cli` backend, its command/args/env defaults, MCP tool bridge, native tool mode, and related claude cli backend behavior.' - name: Session continuity coverageIds: [memory.session-continuity] description: 'Covers Session continuity across OpenClaw''s host-local Claude CLI path after auth is available: the `claude-cli` backend, its command/args/env defaults, MCP tool bridge, native tool mode, and related claude cli backend behavior.' - name: MCP/tool bridge coverageIds: [anthropic.mcp-tool-bridge] description: 'Covers MCP/tool bridge across OpenClaw''s host-local Claude CLI path after auth is available: the `claude-cli` backend, its command/args/env defaults, MCP tool bridge, native tool mode, and related claude cli backend behavior.' - name: Permission-mode mapping coverageIds: [anthropic.permission-mode-mapping] description: 'Covers Permission-mode mapping across OpenClaw''s host-local Claude CLI path after auth is available: the `claude-cli` backend, its command/args/env defaults, MCP tool bridge, native tool mode, and related claude cli backend behavior.' - name: Fallback prelude coverageIds: [anthropic.fallback-prelude] description: 'Covers Fallback prelude across OpenClaw''s host-local Claude CLI path after auth is available: the `claude-cli` backend, its command/args/env defaults, MCP tool bridge, native tool mode, and related claude cli backend behavior.' docs: - docs/providers/anthropic.md - docs/gateway/config-agents.md - docs/concepts/models.md - docs/gateway/cli-backends.md search_anchors: - Bundled Claude catalog - Canonical anthropic refs - Claude CLI compatibility - Model picker availability - Capability metadata - Runtime selection - Session continuity - MCP/tool bridge - Permission-mode mapping - Fallback prelude category_note: model-catalog-aliases-and-runtime-policy.md human_lts_override: false - name: Request Transport and Turn Semantics id: request-transport-and-turn-semantics features: - name: API-key/OAuth transport coverageIds: [anthropic.api-key-oauth-transport] description: 'Covers API-key/OAuth transport across direct Anthropic `api: "anthropic-messages"` request and stream behavior: API-key and OAuth transport setup, Anthropic beta headers, model-id normalization for direct hosts, payload construction, and related direct anthropic api behavior.' - name: Messages payloads coverageIds: [anthropic.messages-payloads] description: 'Covers Messages payloads across direct Anthropic `api: "anthropic-messages"` request and stream behavior: API-key and OAuth transport setup, Anthropic beta headers, model-id normalization for direct hosts, payload construction, and related direct anthropic api behavior.' - name: Streaming decode coverageIds: [anthropic.streaming-decode] description: 'Covers Streaming decode across direct Anthropic `api: "anthropic-messages"` request and stream behavior: API-key and OAuth transport setup, Anthropic beta headers, model-id normalization for direct hosts, payload construction, and related direct anthropic api behavior.' - name: Usage and stop reasons coverageIds: [anthropic.usage-and-stop-reasons] description: 'Covers Usage and stop reasons across direct Anthropic `api: "anthropic-messages"` request and stream behavior: API-key and OAuth transport setup, Anthropic beta headers, model-id normalization for direct hosts, payload construction, and related direct anthropic api behavior.' - name: Abort/error handling coverageIds: [anthropic.abort-error-handling] description: 'Covers Abort/error handling across direct Anthropic `api: "anthropic-messages"` request and stream behavior: API-key and OAuth transport setup, Anthropic beta headers, model-id normalization for direct hosts, payload construction, and related direct anthropic api behavior.' - name: Tool-use blocks coverageIds: [anthropic.tool-use-blocks] description: 'Covers Tool-use blocks across Anthropic-specific turn semantics inside agent runs: tool declarations, tool-use block conversion, tool-result conversion, tool-call id normalization, and related tools and thinking behavior.' - name: Tool-result replay coverageIds: [anthropic.tool-result-replay] description: 'Covers Tool-result replay across Anthropic-specific turn semantics inside agent runs: tool declarations, tool-use block conversion, tool-result conversion, tool-call id normalization, and related tools and thinking behavior.' - name: Partial JSON recovery coverageIds: [anthropic.partial-json-recovery] description: 'Covers Partial JSON recovery across Anthropic-specific turn semantics inside agent runs: tool declarations, tool-use block conversion, tool-result conversion, tool-call id normalization, and related tools and thinking behavior.' - name: Native thinking coverageIds: [anthropic.native-thinking] description: 'Covers Native thinking across Anthropic-specific turn semantics inside agent runs: tool declarations, tool-use block conversion, tool-result conversion, tool-call id normalization, and related tools and thinking behavior.' - name: Signed/redacted thinking replay coverageIds: [anthropic.signed-redacted-thinking-replay] description: 'Covers Signed/redacted thinking replay across Anthropic-specific turn semantics inside agent runs: tool declarations, tool-use block conversion, tool-result conversion, tool-call id normalization, and related tools and thinking behavior.' docs: - docs/providers/anthropic.md - docs/reference/prompt-caching.md - docs/gateway/troubleshooting.md - docs/gateway/cli-backends.md - docs/concepts/model-providers.md search_anchors: - API-key/OAuth transport - Messages payloads - Streaming decode - Usage and stop reasons - Abort/error handling - Tool-use blocks - Tool-result replay - Partial JSON recovery - Native thinking - Signed/redacted thinking replay category_note: direct-anthropic-messages-transport-and-streaming.md human_lts_override: false - name: Prompt Cache and Context id: prompt-cache-and-context features: - name: Cache retention coverageIds: [anthropic.cache-retention] description: 'Covers Cache retention across Anthropic-specific request knobs outside the core content stream: prompt cache retention, cache-control markers, system-prompt cache boundary, 1M context sizing, and related prompt cache and context behavior.' - name: System-prompt cache boundary coverageIds: [anthropic.system-prompt-cache-boundary] description: 'Covers System-prompt cache boundary across Anthropic-specific request knobs outside the core content stream: prompt cache retention, cache-control markers, system-prompt cache boundary, 1M context sizing, and related prompt cache and context behavior.' - name: 1M context coverageIds: [anthropic.1m-context] description: 'Covers 1M context across Anthropic-specific request knobs outside the core content stream: prompt cache retention, cache-control markers, system-prompt cache boundary, 1M context sizing, and related prompt cache and context behavior.' - name: Fast mode/service tier coverageIds: [anthropic.fast-mode-service-tier] description: 'Covers Fast mode/service tier across Anthropic-specific request knobs outside the core content stream: prompt cache retention, cache-control markers, system-prompt cache boundary, 1M context sizing, and related prompt cache and context behavior.' - name: Cache diagnostics coverageIds: [anthropic.cache-diagnostics] description: 'Covers Cache diagnostics across Anthropic-specific request knobs outside the core content stream: prompt cache retention, cache-control markers, system-prompt cache boundary, 1M context sizing, and related prompt cache and context behavior.' docs: - docs/providers/anthropic.md - docs/reference/prompt-caching.md - docs/gateway/troubleshooting.md - docs/gateway/heartbeat.md search_anchors: - Cache retention - System-prompt cache boundary - 1M context - Fast mode/service tier - Cache diagnostics category_note: prompt-caching-context-windows-and-request-knobs.md human_lts_override: false - name: Media Inputs id: media-inputs features: - name: Image input coverageIds: [anthropic.image-input] description: 'Covers Image input across Anthropic media understanding as part of the provider path: image input support, PDF native document input metadata, default media model selection, auto-priority, and related media inputs behavior.' - name: PDF document input coverageIds: [anthropic.pdf-document-input] description: 'Covers PDF document input across Anthropic media understanding as part of the provider path: image input support, PDF native document input metadata, default media model selection, auto-priority, and related media inputs behavior.' - name: Media model fallback coverageIds: [anthropic.media-model-fallback] description: 'Covers Media model fallback across Anthropic media understanding as part of the provider path: image input support, PDF native document input metadata, default media model selection, auto-priority, and related media inputs behavior.' - name: Image tool results coverageIds: [anthropic.image-tool-results] description: 'Covers Image tool results across Anthropic media understanding as part of the provider path: image input support, PDF native document input metadata, default media model selection, auto-priority, and related media inputs behavior.' docs: - docs/providers/anthropic.md - docs/gateway/config-agents.md search_anchors: - Image input - PDF document input - Media model fallback - Image tool results category_note: media-understanding-and-document-inputs.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: google-provider-path name: Google provider path family: provider-tool level: beta level_code: M3 rationale: First-class provider with model and realtime surfaces. Needs separate Live/Talk scoring. completeness_instructions: references/completeness/google-provider-path.md categories: - name: Provider Setup and Credentials id: provider-setup-and-credentials features: - name: API key onboarding coverageIds: [gateway.api-key-onboarding] description: Covers API key onboarding across direct `GEMINI_API_KEY` and `GOOGLE_API_KEY` auth, setup provider metadata, setup auth choices, provider config fields, and related provider auth and setup behavior. - name: Auth choice metadata coverageIds: [google.auth-choice-metadata] description: Covers Auth choice metadata across direct `GEMINI_API_KEY` and `GOOGLE_API_KEY` auth, setup provider metadata, setup auth choices, provider config fields, and related provider auth and setup behavior. - name: Gemini CLI OAuth setup coverageIds: [google.gemini-cli-oauth-setup] description: Covers Gemini CLI OAuth setup across direct `GEMINI_API_KEY` and `GOOGLE_API_KEY` auth, setup provider metadata, setup auth choices, provider config fields, and related provider auth and setup behavior. - name: Vertex ADC setup coverageIds: [google.vertex-adc-setup] description: Covers Vertex ADC setup across direct `GEMINI_API_KEY` and `GOOGLE_API_KEY` auth, setup provider metadata, setup auth choices, provider config fields, and related provider auth and setup behavior. - name: Daemon and fallback credentials coverageIds: [google.daemon-and-fallback-credentials] description: Covers Daemon and fallback credentials across direct `GEMINI_API_KEY` and `GOOGLE_API_KEY` auth, setup provider metadata, setup auth choices, provider config fields, and related provider auth and setup behavior. - name: CLI runtime selection coverageIds: [google.cli-runtime-selection] description: 'Covers CLI runtime selection across `google-gemini-cli` provider, canonical `google/*` model refs using `agentRuntime.id: "google-gemini-cli"`, legacy `google-gemini-cli/*` refs, Gemini CLI command invocation, and related gemini cli oauth behavior.' - name: OAuth login and refresh coverageIds: [google.oauth-login-and-refresh] description: 'Covers OAuth login and refresh across `google-gemini-cli` provider, canonical `google/*` model refs using `agentRuntime.id: "google-gemini-cli"`, legacy `google-gemini-cli/*` refs, Gemini CLI command invocation, and related gemini cli oauth behavior.' - name: Canonical Google model refs coverageIds: [google.canonical-google-model-refs] description: 'Covers Canonical Google model refs across `google-gemini-cli` provider, canonical `google/*` model refs using `agentRuntime.id: "google-gemini-cli"`, legacy `google-gemini-cli/*` refs, Gemini CLI command invocation, and related gemini cli oauth behavior.' - name: CLI usage normalization coverageIds: [google.cli-usage-normalization] description: 'Covers CLI usage normalization across `google-gemini-cli` provider, canonical `google/*` model refs using `agentRuntime.id: "google-gemini-cli"`, legacy `google-gemini-cli/*` refs, Gemini CLI command invocation, and related gemini cli oauth behavior.' - name: OAuth diagnostics coverageIds: [google.oauth-diagnostics] description: 'Covers OAuth diagnostics across `google-gemini-cli` provider, canonical `google/*` model refs using `agentRuntime.id: "google-gemini-cli"`, legacy `google-gemini-cli/*` refs, Gemini CLI command invocation, and related gemini cli oauth behavior.' docs: - docs/providers/google.md - docs/concepts/model-providers.md search_anchors: - API key onboarding - Auth choice metadata - Gemini CLI OAuth setup - Vertex ADC setup - Daemon and fallback credentials - CLI runtime selection - OAuth login and refresh - Canonical Google model refs - CLI usage normalization - OAuth diagnostics category_note: provider-auth-credentials-and-operator-setup.md human_lts_override: false - name: Model Routing and Endpoints id: model-routing-and-endpoints features: - name: Catalog rows and aliases coverageIds: [google.catalog-rows-and-aliases] description: Covers Catalog rows and aliases across model catalog rows, model ID normalization, dynamic model resolution, provider hooks, and related model catalog and routing behavior. - name: Dynamic model resolution coverageIds: [google.dynamic-model-resolution] description: Covers Dynamic model resolution across model catalog rows, model ID normalization, dynamic model resolution, provider hooks, and related model catalog and routing behavior. - name: Provider routing coverageIds: [google.provider-routing] description: Covers Provider routing across model catalog rows, model ID normalization, dynamic model resolution, provider hooks, and related model catalog and routing behavior. - name: Google-native config normalization coverageIds: [google.native-config-normalization] description: Covers Google-native config normalization across model catalog rows, model ID normalization, dynamic model resolution, provider hooks, and related model catalog and routing behavior. - name: Model picker availability coverageIds: [models.picker-availability] description: Covers Model picker availability across model catalog rows, model ID normalization, dynamic model resolution, provider hooks, and related model catalog and routing behavior. - name: Vertex provider selection coverageIds: [google.vertex-provider-selection] description: Covers Vertex provider selection across `google-vertex`, Vertex ADC/service-account auth, project/location endpoint construction, custom Google-compatible base URL handling, and related vertex ai and custom endpoints behavior. - name: ADC/service-account auth coverageIds: [google.adc-service-account-auth] description: Covers ADC/service-account auth across `google-vertex`, Vertex ADC/service-account auth, project/location endpoint construction, custom Google-compatible base URL handling, and related vertex ai and custom endpoints behavior. - name: Project/location endpoints coverageIds: [google.project-location-endpoints] description: Covers Project/location endpoints across `google-vertex`, Vertex ADC/service-account auth, project/location endpoint construction, custom Google-compatible base URL handling, and related vertex ai and custom endpoints behavior. - name: Custom base URL policy coverageIds: [google.custom-base-url-policy] description: Covers Custom base URL policy across `google-vertex`, Vertex ADC/service-account auth, project/location endpoint construction, custom Google-compatible base URL handling, and related vertex ai and custom endpoints behavior. - name: Compatibility boundaries coverageIds: [google.compatibility-boundaries] description: Covers Compatibility boundaries across `google-vertex`, Vertex ADC/service-account auth, project/location endpoint construction, custom Google-compatible base URL handling, and related vertex ai and custom endpoints behavior. docs: - docs/providers/google.md - docs/concepts/model-providers.md - docs/plugins/reference/google.md - docs/tools/gemini-search.md search_anchors: - Catalog rows and aliases - Dynamic model resolution - Provider routing - Google-native config normalization - Model picker availability - Vertex provider selection - ADC/service-account auth - Project/location endpoints - Custom base URL policy - Compatibility boundaries category_note: model-catalog-provider-routing-and-config-normalization.md human_lts_override: false - name: Direct Gemini Runtime id: direct-gemini-runtime features: - name: Direct Gemini chat coverageIds: [google.direct-gemini-chat] description: 'Covers Direct Gemini chat across direct `google-generative-ai` Gemini transport and shared Google message/stream conversion: request URL construction, request config, text/image/audio/video/tool payload conversion, function response handling, and related direct gemini api behavior.' - name: Multimodal inputs coverageIds: [google.multimodal-inputs] description: 'Covers Multimodal inputs across direct `google-generative-ai` Gemini transport and shared Google message/stream conversion: request URL construction, request config, text/image/audio/video/tool payload conversion, function response handling, and related direct gemini api behavior.' - name: Tool-call streaming coverageIds: [google.tool-call-streaming] description: 'Covers Tool-call streaming across direct `google-generative-ai` Gemini transport and shared Google message/stream conversion: request URL construction, request config, text/image/audio/video/tool payload conversion, function response handling, and related direct gemini api behavior.' - name: Usage and stop reasons coverageIds: [anthropic.usage-and-stop-reasons] description: 'Covers Usage and stop reasons across direct `google-generative-ai` Gemini transport and shared Google message/stream conversion: request URL construction, request config, text/image/audio/video/tool payload conversion, function response handling, and related direct gemini api behavior.' - name: Direct Gemini transport payloads coverageIds: [google.direct-gemini-transport-payloads] description: 'Covers direct `google-generative-ai` Gemini transport and shared Google message/stream conversion: request URL construction, request config, text/image/audio/video/tool payload conversion, function response handling, and related direct Gemini API behavior.' - name: Thinking-level mapping coverageIds: [google.thinking-level-mapping] description: Covers Thinking-level mapping across Gemini thinking-level mapping, adaptive thinking request shape, `thoughtSignature` capture/replay/sanitization, Google replay policy, and related thinking and turn recovery behavior. - name: Thought-signature replay policy coverageIds: [google.thought-signature-replay] description: Covers Gemini thinking-level mapping, adaptive thinking request shape, `thoughtSignature` capture/replay/sanitization, Google replay policy, and related thinking and turn recovery behavior. - name: Tool turn ordering coverageIds: [google.tool-turn-ordering] description: Covers Tool turn ordering across Gemini thinking-level mapping, adaptive thinking request shape, `thoughtSignature` capture/replay/sanitization, Google replay policy, and related thinking and turn recovery behavior. - name: Incomplete-turn recovery coverageIds: [google.incomplete-turn-recovery] description: Covers Incomplete-turn recovery across Gemini thinking-level mapping, adaptive thinking request shape, `thoughtSignature` capture/replay/sanitization, Google replay policy, and related thinking and turn recovery behavior. docs: - docs/providers/google.md - docs/concepts/model-providers.md - docs/help/faq-models.md - docs/help/testing-live.md search_anchors: - Direct Gemini chat - Multimodal inputs - Tool-call streaming - Usage and stop reasons - Direct Gemini transport payloads - Thinking-level mapping - Thought-signature replay policy - Tool turn ordering - Incomplete-turn recovery category_note: direct-gemini-api-transport-streaming-and-multimodal-payloads.md human_lts_override: false - name: Media, Search, and Realtime id: media-search-and-realtime features: - name: Bundled plugin distribution coverageIds: [google.bundled-plugin-distribution] description: Covers Bundled plugin distribution across bundled `@openclaw/google-plugin` package, plugin manifest distribution, auto-enable metadata, capability-provider registration, and related google plugin adapters behavior. - name: Provider auto-enable metadata coverageIds: [google.provider-auto-enable-metadata] description: Covers Provider auto-enable metadata across bundled `@openclaw/google-plugin` package, plugin manifest distribution, auto-enable metadata, capability-provider registration, and related google plugin adapters behavior. - name: Image and media adapters coverageIds: [google.image-and-media-adapters] description: Covers Image and media adapters across bundled `@openclaw/google-plugin` package, plugin manifest distribution, auto-enable metadata, capability-provider registration, and related google plugin adapters behavior. - name: Speech and realtime adapters coverageIds: [google.speech-and-realtime-adapters] description: Covers Speech and realtime adapters across bundled `@openclaw/google-plugin` package, plugin manifest distribution, auto-enable metadata, capability-provider registration, and related google plugin adapters behavior. - name: Search and generation tools coverageIds: [google.search-and-generation-tools] description: Covers Search and generation tools across bundled `@openclaw/google-plugin` package, plugin manifest distribution, auto-enable metadata, capability-provider registration, and related google plugin adapters behavior. - name: Realtime voice sessions coverageIds: [google.realtime-voice-sessions] description: Covers Realtime voice sessions across Gemini Live realtime voice provider behavior, Talk relay integration, constrained browser websocket tokens, audio queueing, and related gemini live talk behavior. - name: Constrained browser tokens coverageIds: [google.constrained-browser-tokens] description: Covers Constrained browser tokens across Gemini Live realtime voice provider behavior, Talk relay integration, constrained browser websocket tokens, audio queueing, and related gemini live talk behavior. - name: Audio and transcript events coverageIds: [google.audio-and-transcript-events] description: Covers Audio and transcript events across Gemini Live realtime voice provider behavior, Talk relay integration, constrained browser websocket tokens, audio queueing, and related gemini live talk behavior. - name: Live tool calls coverageIds: [google.live-tool-calls] description: Covers Live tool calls across Gemini Live realtime voice provider behavior, Talk relay integration, constrained browser websocket tokens, audio queueing, and related gemini live talk behavior. - name: Session reconnects coverageIds: [google.session-reconnects] description: Covers Session reconnects across Gemini Live realtime voice provider behavior, Talk relay integration, constrained browser websocket tokens, audio queueing, and related gemini live talk behavior. docs: - docs/plugins/reference/google.md - docs/providers/google.md search_anchors: - Bundled plugin distribution - Provider auto-enable metadata - Image and media adapters - Speech and realtime adapters - Search and generation tools - Realtime voice sessions - Constrained browser tokens - Audio and transcript events - Live tool calls - Session reconnects category_note: plugin-distribution-and-cross-surface-capability-adapters.md human_lts_override: false - name: Prompt Caching id: prompt-caching features: - name: Cache retention config coverageIds: [google.cache-retention-config] description: Covers Cache retention config across direct `google-generative-ai` Gemini prompt cache eligibility, `cacheRetention`, managed `cachedContents` create/reuse/refresh, manual `cachedContent` config, and related prompt caching behavior. - name: Managed cachedContents coverageIds: [google.managed-cachedcontents] description: Covers Managed cachedContents across direct `google-generative-ai` Gemini prompt cache eligibility, `cacheRetention`, managed `cachedContents` create/reuse/refresh, manual `cachedContent` config, and related prompt caching behavior. - name: Manual cachedContent handles coverageIds: [google.manual-cachedcontent-handles] description: Covers Manual cachedContent handles across direct `google-generative-ai` Gemini prompt cache eligibility, `cacheRetention`, managed `cachedContents` create/reuse/refresh, manual `cachedContent` config, and related prompt caching behavior. - name: Cache usage accounting coverageIds: [google.cache-usage-accounting] description: Covers Cache usage accounting across direct `google-generative-ai` Gemini prompt cache eligibility, `cacheRetention`, managed `cachedContents` create/reuse/refresh, manual `cachedContent` config, and related prompt caching behavior. - name: Cache diagnostics and live proof coverageIds: [google.cache-diagnostics-and-live-proof] description: Covers Cache diagnostics and live proof across direct `google-generative-ai` Gemini prompt cache eligibility, `cacheRetention`, managed `cachedContents` create/reuse/refresh, manual `cachedContent` config, and related prompt caching behavior. docs: - docs/reference/prompt-caching.md - docs/providers/google.md - docs/concepts/model-providers.md - docs/reference/token-use.md search_anchors: - Cache retention config - Managed cachedContents - Manual cachedContent handles - Cache usage accounting - Cache diagnostics and live proof category_note: prompt-cache-cache-retention-and-usage-accounting.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: openrouter-provider-path name: OpenRouter provider path family: provider-tool level: beta level_code: M3 rationale: Unified provider path is documented and valuable, but model-specific behavior varies. completeness_instructions: references/completeness/openrouter-provider-path.md categories: - name: Provider Setup and Auth id: provider-setup-and-auth features: - name: First-run setup coverageIds: [openrouter.first-run-setup] description: 'Covers First-run setup across user-facing setup and provider registration: the `/providers/openrouter` docs, plugin manifest, provider registration hook, default model registration, and related operator setup and model selection behavior.' - name: Default model selection coverageIds: [openrouter.default-model-selection] description: 'Covers Default model selection across user-facing setup and provider registration: the `/providers/openrouter` docs, plugin manifest, provider registration hook, default model registration, and related operator setup and model selection behavior.' - name: Provider plugin registration coverageIds: [openrouter.provider-plugin-registration] description: 'Covers Provider plugin registration across user-facing setup and provider registration: the `/providers/openrouter` docs, plugin manifest, provider registration hook, default model registration, and related operator setup and model selection behavior.' - name: Model-ref examples coverageIds: [openrouter.model-ref-examples] description: 'Covers Model-ref examples across user-facing setup and provider registration: the `/providers/openrouter` docs, plugin manifest, provider registration hook, default model registration, and related operator setup and model selection behavior.' - name: OPENROUTER_API_KEY coverageIds: [openrouter.api-key] description: Covers OPENROUTER_API_KEY across `OPENROUTER_API_KEY` discovery, onboarding/auth-choice storage, `auth-profiles.json`, status/probe visibility, and related credentials and auth profiles behavior. - name: Auth profiles and auth order coverageIds: [openrouter.auth-profiles-and-auth-order] description: Covers Auth profiles and auth order across `OPENROUTER_API_KEY` discovery, onboarding/auth-choice storage, `auth-profiles.json`, status/probe visibility, and related credentials and auth profiles behavior. - name: Status/probe and removal coverageIds: [openrouter.status-probe-and-removal] description: Covers Status/probe and removal across `OPENROUTER_API_KEY` discovery, onboarding/auth-choice storage, `auth-profiles.json`, status/probe visibility, and related credentials and auth profiles behavior. - name: Provider-entry SecretRef/API-key resolution coverageIds: [openrouter.provider-entry-secretref-api-key-resolution] description: Covers Provider-entry SecretRef/API-key resolution across `OPENROUTER_API_KEY` discovery, onboarding/auth-choice storage, `auth-profiles.json`, status/probe visibility, and related credentials and auth profiles behavior. - name: Gateway env inheritance coverageIds: [openrouter.gateway-env-inheritance] description: Covers Gateway env inheritance across `OPENROUTER_API_KEY` discovery, onboarding/auth-choice storage, `auth-profiles.json`, status/probe visibility, and related credentials and auth profiles behavior. - name: Static catalog rows coverageIds: [openrouter.static-catalog-rows] description: Covers Static catalog rows across static catalog rows, dynamic model capability discovery, model-id normalization, `openrouter//` references, and related model catalog and dynamic discovery behavior. - name: Dynamic /models discovery coverageIds: [openrouter.dynamic-models-discovery] description: Covers Dynamic /models discovery across static catalog rows, dynamic model capability discovery, model-id normalization, `openrouter//` references, and related model catalog and dynamic discovery behavior. - name: openrouter/auto and nested refs coverageIds: [openrouter.auto-and-nested-refs] description: Covers openrouter/auto and nested refs across static catalog rows, dynamic model capability discovery, model-id normalization, `openrouter//` references, and related model catalog and dynamic discovery behavior. - name: Free-model scan/probe coverageIds: [openrouter.free-model-scan-probe] description: Covers Free-model scan/probe across static catalog rows, dynamic model capability discovery, model-id normalization, `openrouter//` references, and related model catalog and dynamic discovery behavior. - name: Model list/picker cache coverageIds: [openrouter.model-list-picker-cache] description: Covers Model list/picker cache across static catalog rows, dynamic model capability discovery, model-id normalization, `openrouter//` references, and related model catalog and dynamic discovery behavior. docs: - docs/providers/openrouter.md - docs/concepts/model-providers.md - docs/cli/configure.md - docs/gateway/authentication.md - docs/help/environment.md - docs/cli/models.md - docs/concepts/models.md search_anchors: - First-run setup - Default model selection - Provider plugin registration - Model-ref examples - OPENROUTER_API_KEY - Auth profiles and auth order - Status/probe and removal - Provider-entry SecretRef/API-key resolution - Gateway env inheritance - Static catalog rows - Dynamic /models discovery - openrouter/auto and nested refs - Free-model scan/probe - Model list/picker cache category_note: operator-setup-and-provider-registration.md human_lts_override: false - name: Chat Runtime and Normalization id: chat-runtime-and-normalization features: - name: Chat completions route coverageIds: [openrouter.chat-completions-route] description: Covers Chat completions route across OpenRouter chat completions transport, `models.providers.openrouter.params.provider` routing, per-model routing overrides, OpenRouter proxy reasoning payloads, and related chat routing and reasoning behavior. - name: Provider routing params coverageIds: [openrouter.provider-routing-params] description: Covers Provider routing params across OpenRouter chat completions transport, `models.providers.openrouter.params.provider` routing, per-model routing overrides, OpenRouter proxy reasoning payloads, and related chat routing and reasoning behavior. - name: Per-model route overrides coverageIds: [openrouter.per-model-route-overrides] description: Covers Per-model route overrides across OpenRouter chat completions transport, `models.providers.openrouter.params.provider` routing, per-model routing overrides, OpenRouter proxy reasoning payloads, and related chat routing and reasoning behavior. - name: Reasoning payload policy coverageIds: [openrouter.reasoning-payload-policy] description: Covers Reasoning payload policy across OpenRouter chat completions transport, `models.providers.openrouter.params.provider` routing, per-model routing overrides, OpenRouter proxy reasoning payloads, and related chat routing and reasoning behavior. - name: Anthropic/Gemini/DeepSeek variants coverageIds: [openrouter.anthropic-gemini-deepseek-variants] description: Covers Anthropic/Gemini/DeepSeek variants across OpenRouter chat completions transport, `models.providers.openrouter.params.provider` routing, per-model routing overrides, OpenRouter proxy reasoning payloads, and related chat routing and reasoning behavior. - name: Streamed content parsing coverageIds: [openrouter.streamed-content-parsing] description: Covers Streamed content parsing across streamed response parsing, visible output extraction from OpenRouter `reasoning_details`, tool-call delta preservation, Mistral strict9 replay policy, and related streaming and tool-call replay behavior. - name: reasoning_details visible output coverageIds: [openrouter.reasoning-details-visible-output] description: Covers reasoning_details visible output across streamed response parsing, visible output extraction from OpenRouter `reasoning_details`, tool-call delta preservation, Mistral strict9 replay policy, and related streaming and tool-call replay behavior. - name: Tool-call delta preservation coverageIds: [openrouter.tool-call-delta-preservation] description: Covers Tool-call delta preservation across streamed response parsing, visible output extraction from OpenRouter `reasoning_details`, tool-call delta preservation, Mistral strict9 replay policy, and related streaming and tool-call replay behavior. - name: Family-specific replay policy coverageIds: [openrouter.family-specific-replay-policy] description: Covers Family-specific replay policy across streamed response parsing, visible output extraction from OpenRouter `reasoning_details`, tool-call delta preservation, Mistral strict9 replay policy, and related streaming and tool-call replay behavior. - name: Response-model and usage normalization coverageIds: [openrouter.response-model-and-usage-normalization] description: Covers Response-model and usage normalization across streamed response parsing, visible output extraction from OpenRouter `reasoning_details`, tool-call delta preservation, Mistral strict9 replay policy, and related streaming and tool-call replay behavior. - name: Attribution headers coverageIds: [openrouter.attribution-headers] description: Covers Attribution headers across OpenRouter app attribution, response cache headers, TTL and clear behavior, Anthropic cache-control markers, prompt-cache retention, cache-read/cache-write usage mapping, verified-route gating, and custom proxy exclusions. - name: Response-cache headers/TTL/clear coverageIds: [openrouter.response-cache-headers-ttl-clear] description: Covers Response-cache headers/TTL/clear across OpenRouter app attribution, response cache headers, TTL and clear behavior, Anthropic cache-control markers, prompt-cache retention, cache-read/cache-write usage mapping, verified-route gating, and custom proxy exclusions. - name: Anthropic cache-control markers coverageIds: [openrouter.anthropic-cache-control-markers] description: Covers Anthropic cache-control markers across OpenRouter app attribution, response cache headers, TTL and clear behavior, Anthropic cache-control markers, prompt-cache retention, cache-read/cache-write usage mapping, verified-route gating, and custom proxy exclusions. - name: Cache usage mapping coverageIds: [openrouter.cache-usage-mapping] description: Covers Cache usage mapping across OpenRouter app attribution, response cache headers, TTL and clear behavior, Anthropic cache-control markers, prompt-cache retention, cache-read/cache-write usage mapping, verified-route gating, and custom proxy exclusions. - name: Custom proxy exclusions coverageIds: [openrouter.custom-proxy-exclusions] description: Covers Custom proxy exclusions across OpenRouter app attribution, response cache headers, TTL and clear behavior, Anthropic cache-control markers, prompt-cache retention, cache-read/cache-write usage mapping, verified-route gating, and custom proxy exclusions. docs: - docs/providers/openrouter.md - docs/concepts/model-providers.md - docs/reference/prompt-caching.md search_anchors: - Chat completions route - Provider routing params - Per-model route overrides - Reasoning payload policy - Anthropic/Gemini/DeepSeek variants - Streamed content parsing - reasoning_details visible output - Tool-call delta preservation - Family-specific replay policy - Response-model and usage normalization - Attribution headers - Response-cache headers/TTL/clear - Anthropic cache-control markers - Cache usage mapping - Custom proxy exclusions category_note: chat-completions-transport-routing-and-reasoning.md human_lts_override: false - name: Provider Recovery and Diagnostics id: provider-recovery-and-diagnostics features: - name: Timeout/retry classification coverageIds: [openrouter.timeout-retry-classification] description: Covers Timeout/retry classification across OpenRouter timeout and retry classification, provider-specific generic errors, auth/billing/key-limit classification, context overflow parsing, and related failover and diagnostics behavior. - name: Auth/billing/key-limit classification coverageIds: [openrouter.auth-billing-key-limit-classification] description: Covers Auth/billing/key-limit classification across OpenRouter timeout and retry classification, provider-specific generic errors, auth/billing/key-limit classification, context overflow parsing, and related failover and diagnostics behavior. - name: Context overflow coverageIds: [openrouter.context-overflow] description: Covers Context overflow across OpenRouter timeout and retry classification, provider-specific generic errors, auth/billing/key-limit classification, context overflow parsing, and related failover and diagnostics behavior. - name: Model fallback notices coverageIds: [openrouter.model-fallback-notices] description: Covers Model fallback notices across OpenRouter timeout and retry classification, provider-specific generic errors, auth/billing/key-limit classification, context overflow parsing, and related failover and diagnostics behavior. - name: Guarded fetch/pricing warnings coverageIds: [openrouter.guarded-fetch-pricing-warnings] description: Covers Guarded fetch/pricing warnings across OpenRouter timeout and retry classification, provider-specific generic errors, auth/billing/key-limit classification, context overflow parsing, and related failover and diagnostics behavior. docs: - docs/concepts/model-failover.md - docs/providers/openrouter.md - docs/cli/models.md search_anchors: - Timeout/retry classification - Auth/billing/key-limit classification - Context overflow - Model fallback notices - Guarded fetch/pricing warnings category_note: failover-errors-overflow-and-diagnostics.md human_lts_override: false - name: Media Generation and Speech id: media-generation-and-speech features: - name: image_generate OpenRouter route coverageIds: [openrouter.image-generate-openrouter-route] description: Covers image_generate OpenRouter route across OpenRouter image, video, music, TTS, and related image, video, music, and speech behavior. - name: video_generate async jobs/polling/download coverageIds: [openrouter.video-generate-async-jobs-polling-download] description: Covers video_generate async jobs/polling/download across OpenRouter image, video, music, TTS, and related image, video, music, and speech behavior. - name: music_generate audio route coverageIds: [openrouter.music-generate-audio-route] description: Covers music_generate audio route across OpenRouter image, video, music, TTS, and related image, video, music, and speech behavior. - name: Text-to-speech coverageIds: [openrouter.text-to-speech] description: Covers Text-to-speech across OpenRouter image, video, music, TTS, and related image, video, music, and speech behavior. - name: Speech-to-text transcription coverageIds: [openrouter.speech-to-text-transcription] description: Covers Speech-to-text transcription across OpenRouter image, video, music, TTS, and related image, video, music, and speech behavior. - name: Inbound media understanding coverageIds: [openrouter.inbound-media-understanding] description: Covers Inbound media understanding across OpenRouter image, video, music, TTS, and related image, video, music, and speech behavior. - name: Generated artifact delivery coverageIds: [openrouter.generated-artifact-delivery] description: Covers Generated artifact delivery across OpenRouter image, video, music, TTS, and related image, video, music, and speech behavior. docs: - docs/providers/openrouter.md - docs/tools/image-generation.md - docs/tools/music-generation.md - docs/tools/media-overview.md - docs/tools/video-generation.md - docs/tools/tts.md search_anchors: - image_generate OpenRouter route - video_generate async jobs/polling/download - music_generate audio route - Text-to-speech - Speech-to-text transcription - Inbound media understanding - Generated artifact delivery category_note: media-generation-speech-and-media-understanding.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: local-model-providers-ollama-vllm-sglang-lm-studio name: 'Local model providers: Ollama, vLLM, SGLang, LM Studio' family: provider-tool level: alpha level_code: M2 rationale: Useful and documented, but environment variance is high. completeness_instructions: references/completeness/local-model-providers-ollama-vllm-sglang-lm-studio.md categories: - name: Provider Setup, Lifecycle, and Diagnostics id: provider-setup-lifecycle-and-diagnostics features: - name: Provider Selection coverageIds: [local-models.provider-selection] description: Covers Provider Selection across provider choice, `openclaw onboard`, model-picker contributions, non-interactive setup, and related provider selection and onboarding behavior. - name: Onboarding coverageIds: [local-models.onboarding] description: Covers Onboarding across provider choice, `openclaw onboard`, model-picker contributions, non-interactive setup, and related provider selection and onboarding behavior. - name: localService configuration coverageIds: [local-models.localservice-configuration] description: Covers localService configuration across `localService` config contract, process startup, readiness probes, lease/release behavior during provider requests, and related local service lifecycle and readiness behavior. - name: Process startup and readiness coverageIds: [local-models.process-startup-and-readiness] description: Covers Process startup and readiness across `localService` config contract, process startup, readiness probes, lease/release behavior during provider requests, and related local service lifecycle and readiness behavior. - name: Request leases and idle shutdown coverageIds: [local-models.request-leases-and-idle-shutdown] description: Covers Request leases and idle shutdown across `localService` config contract, process startup, readiness probes, lease/release behavior during provider requests, and related local service lifecycle and readiness behavior. - name: Health checks and restart coverageIds: [local-models.health-checks-and-restart] description: Covers Health checks and restart across `localService` config contract, process startup, readiness probes, lease/release behavior during provider requests, and related local service lifecycle and readiness behavior. - name: Provider recipes coverageIds: [local-models.provider-recipes] description: Covers Provider recipes across `localService` config contract, process startup, readiness probes, lease/release behavior during provider requests, and related local service lifecycle and readiness behavior. - name: Local provider status coverageIds: [local-models.local-provider-status] description: Covers Local provider status across user-facing diagnostic commands, provider HTTP error normalization, model-not-found classification, direct local backend probes, and related diagnostics and troubleshooting behavior. - name: Backend reachability probes coverageIds: [local-models.backend-reachability-probes] description: Covers Backend reachability probes across user-facing diagnostic commands, provider HTTP error normalization, model-not-found classification, direct local backend probes, and related diagnostics and troubleshooting behavior. - name: Model availability errors coverageIds: [local-models.model-availability-errors] description: Covers Model availability errors across user-facing diagnostic commands, provider HTTP error normalization, model-not-found classification, direct local backend probes, and related diagnostics and troubleshooting behavior. - name: Memory readiness diagnostics coverageIds: [local-models.memory-readiness-diagnostics] description: Covers Memory readiness diagnostics across user-facing diagnostic commands, provider HTTP error normalization, model-not-found classification, direct local backend probes, and related diagnostics and troubleshooting behavior. - name: Provider troubleshooting docs coverageIds: [local-models.provider-troubleshooting-docs] description: Covers Provider troubleshooting docs across user-facing diagnostic commands, provider HTTP error normalization, model-not-found classification, direct local backend probes, and related diagnostics and troubleshooting behavior. docs: - docs/gateway/local-models.md - docs/providers/lmstudio.md - docs/providers/ollama.md - docs/providers/vllm.md - docs/gateway/local-model-services.md - docs/gateway/config-agents.md - docs/gateway/troubleshooting.md - docs/gateway/doctor.md search_anchors: - Provider Selection - Onboarding - 'local model providers: ollama, vllm, sglang, lm studio provider selection and onboarding' - provider selection and onboarding - localService configuration - Process startup and readiness - Request leases and idle shutdown - Health checks and restart - Provider recipes - Local provider status - Backend reachability probes - Model availability errors - Memory readiness diagnostics - Provider troubleshooting docs category_note: provider-selection-and-onboarding.md human_lts_override: false - name: Native Provider Plugins id: native-provider-plugins features: - name: Ollama setup and model pulling coverageIds: [local-models.ollama-setup-and-model-pulling] description: Covers Ollama setup and model pulling across native Ollama chat/model discovery, cloud+local/local-only setup, local auth markers, model pulling, and related ollama native provider behavior. - name: Model discovery coverageIds: [local-models.model-discovery] description: Covers Model discovery across native Ollama chat/model discovery, cloud+local/local-only setup, local auth markers, model pulling, and related ollama native provider behavior. - name: Streaming and vision coverageIds: [local-models.streaming-and-vision] description: Covers Streaming and vision across native Ollama chat/model discovery, cloud+local/local-only setup, local auth markers, model pulling, and related ollama native provider behavior. - name: Ollama embeddings coverageIds: [local-models.ollama-embeddings] description: Covers Ollama embeddings across native Ollama chat/model discovery, cloud+local/local-only setup, local auth markers, model pulling, and related ollama native provider behavior. - name: Web-search support coverageIds: [local-models.web-search-support] description: Covers Web-search support across native Ollama chat/model discovery, cloud+local/local-only setup, local auth markers, model pulling, and related ollama native provider behavior. - name: LM Studio setup coverageIds: [local-models.lm-studio-setup] description: Covers LM Studio setup across LM Studio provider plugin, `/providers/lmstudio` docs, model discovery from LM Studio APIs, auth behavior for local and authenticated instances, preload/JIT behavior, OpenAI-compatible streaming, and LM Studio memory embeddings. - name: Model discovery and auth coverageIds: [local-models.model-discovery-and-auth] description: Covers Model discovery and auth across LM Studio provider plugin, `/providers/lmstudio` docs, model discovery from LM Studio APIs, auth behavior for local and authenticated instances, preload/JIT behavior, OpenAI-compatible streaming, and LM Studio memory embeddings. - name: Model preload and JIT loading coverageIds: [local-models.model-preload-and-jit-loading] description: Covers Model preload and JIT loading across LM Studio provider plugin, `/providers/lmstudio` docs, model discovery from LM Studio APIs, auth behavior for local and authenticated instances, preload/JIT behavior, OpenAI-compatible streaming, and LM Studio memory embeddings. - name: Streaming compatibility coverageIds: [local-models.streaming-compatibility] description: Covers Streaming compatibility across LM Studio provider plugin, `/providers/lmstudio` docs, model discovery from LM Studio APIs, auth behavior for local and authenticated instances, preload/JIT behavior, OpenAI-compatible streaming, and LM Studio memory embeddings. - name: LM Studio embeddings coverageIds: [local-models.lm-studio-embeddings] description: Covers LM Studio embeddings across LM Studio provider plugin, `/providers/lmstudio` docs, model discovery from LM Studio APIs, auth behavior for local and authenticated instances, preload/JIT behavior, OpenAI-compatible streaming, and LM Studio memory embeddings. docs: - docs/providers/ollama.md - docs/providers/lmstudio.md search_anchors: - Ollama setup and model pulling - Model discovery - Streaming and vision - Ollama embeddings - Web-search support - LM Studio setup - Model discovery and auth - Model preload and JIT loading - Streaming compatibility - LM Studio embeddings category_note: ollama-native-provider.md human_lts_override: false - name: OpenAI-Compatible Runtime Compatibility id: openai-compatible-runtime-compatibility features: - name: Bundled provider setup coverageIds: [local-models.bundled-provider-setup] description: Covers Bundled provider setup across bundled `vllm` and `sglang` provider plugins, docs, default env/base URL behavior, `/v1/models` discovery, and related vllm and sglang openai-compatible providers behavior. - name: Model Discovery Endpoint coverageIds: [local-models.model-discovery-endpoint] description: Covers Model Discovery Endpoint across bundled `vllm` and `sglang` provider plugins, docs, default env/base URL behavior, `/v1/models` discovery, and related vllm and sglang openai-compatible providers behavior. - name: Non-interactive configuration coverageIds: [local-models.non-interactive-configuration] description: Covers Non-interactive configuration across bundled `vllm` and `sglang` provider plugins, docs, default env/base URL behavior, `/v1/models` discovery, and related vllm and sglang openai-compatible providers behavior. - name: vLLM thinking controls coverageIds: [local-models.vllm-thinking-controls] description: Covers vLLM thinking controls across bundled `vllm` and `sglang` provider plugins, docs, default env/base URL behavior, `/v1/models` discovery, and related vllm and sglang openai-compatible providers behavior. - name: OpenAI-compatible chat and tool semantics coverageIds: [local-models.openai-compatible-chat-and-tool-semantics] description: Covers OpenAI-compatible chat and tool semantics across bundled `vllm` and `sglang` provider plugins, docs, default env/base URL behavior, `/v1/models` discovery, and related vllm and sglang openai-compatible providers behavior. - name: SGLang compatibility guidance coverageIds: [local-models.sglang-compatibility-guidance] description: Covers SGLang compatibility guidance across bundled `vllm` and `sglang` provider plugins, docs, default env/base URL behavior, `/v1/models` discovery, and related vllm and sglang openai-compatible providers behavior. - name: Request Stream Compatibility coverageIds: [local-models.request-stream-compatibility] description: Covers Request Stream Compatibility across chat and Responses-style request shaping, streaming normalization, tool-call compatibility, local-model reasoning controls, and related request stream compatibility and tool calling behavior. - name: Tool Calling coverageIds: [local-models.tool-calling] description: Covers Tool Calling across chat and Responses-style request shaping, streaming normalization, tool-call compatibility, local-model reasoning controls, and related request stream compatibility and tool calling behavior. docs: - docs/providers/vllm.md - docs/providers/sglang.md - docs/gateway/local-models.md - docs/providers/lmstudio.md search_anchors: - Bundled provider setup - /v1/models discovery - Non-interactive configuration - vLLM thinking controls - OpenAI-compatible chat and tool semantics - SGLang compatibility guidance - Request Stream Compatibility - Tool Calling - 'local model providers: ollama, vllm, sglang, lm studio request stream compatibility and tool calling' - request stream compatibility and tool calling category_note: request-stream-compatibility-and-tool-calling.md human_lts_override: false - name: Local Memory and Embeddings id: local-memory-and-embeddings features: - name: Embedding provider selection coverageIds: [local-models.embedding-provider-selection] description: Covers Embedding provider selection across local embedding provider registration for Ollama and LM Studio, memory host embedding behavior, memory search readiness, local `memoryFlush` model overrides, and related local embeddings and memory behavior. - name: Memory search readiness coverageIds: [local-models.memory-search-readiness] description: Covers Memory search readiness across local embedding provider registration for Ollama and LM Studio, memory host embedding behavior, memory search readiness, local `memoryFlush` model overrides, and related local embeddings and memory behavior. - name: memoryFlush model override coverageIds: [local-models.memoryflush-model-override] description: Covers memoryFlush model override across local embedding provider registration for Ollama and LM Studio, memory host embedding behavior, memory search readiness, local `memoryFlush` model overrides, and related local embeddings and memory behavior. - name: Fallback lexical search coverageIds: [local-models.fallback-lexical-search] description: Covers Fallback lexical search across local embedding provider registration for Ollama and LM Studio, memory host embedding behavior, memory search readiness, local `memoryFlush` model overrides, and related local embeddings and memory behavior. - name: Provider mismatch guidance coverageIds: [local-models.provider-mismatch-guidance] description: Covers Provider mismatch guidance across local embedding provider registration for Ollama and LM Studio, memory host embedding behavior, memory search readiness, local `memoryFlush` model overrides, and related local embeddings and memory behavior. docs: - docs/concepts/memory.md - docs/gateway/doctor.md search_anchors: - Embedding provider selection - Memory search readiness - memoryFlush model override - Fallback lexical search - Provider mismatch guidance category_note: local-embeddings-and-memory-provider-usage.md human_lts_override: false - name: Network Safety and Prompt Controls id: network-safety-and-prompt-controls features: - name: Safety Network coverageIds: [local-models.safety-network] description: Covers Safety Network across private-network and exact-origin trust for local provider base URLs, SSRF protections for self-hosted setup, special-token sanitization, local-model lean prompt behavior, and related safety network and prompt pressure controls behavior. - name: Prompt Pressure Controls coverageIds: [local-models.prompt-pressure-controls] description: Covers Prompt Pressure Controls across private-network and exact-origin trust for local provider base URLs, SSRF protections for self-hosted setup, special-token sanitization, local-model lean prompt behavior, and related safety network and prompt pressure controls behavior. docs: - docs/gateway/security/index.md - docs/gateway/config-tools.md - docs/gateway/local-models.md search_anchors: - Safety Network - Prompt Pressure Controls - 'local model providers: ollama, vllm, sglang, lm studio safety network and prompt pressure controls' - safety network and prompt pressure controls category_note: safety-network-and-prompt-pressure-controls.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: long-tail-hosted-providers name: Long-tail hosted providers family: provider-tool level: alpha level_code: M2 rationale: Many docs/reference pages exist; score should be generated from provider metadata plus live smoke coverage. completeness_instructions: references/completeness/long-tail-hosted-providers.md categories: - name: Hosted LLM Providers id: hosted-llm-providers features: - name: Bedrock setup coverageIds: [hosted-providers.bedrock-setup] description: Covers Bedrock setup across Amazon Bedrock, Bedrock Mantle, Cloudflare AI Gateway, Vercel AI Gateway, and related cloud and gateway providers behavior. - name: Gateway/proxy routing coverageIds: [hosted-providers.gateway-proxy-routing] description: Covers Gateway/proxy routing across Amazon Bedrock, Bedrock Mantle, Cloudflare AI Gateway, Vercel AI Gateway, and related cloud and gateway providers behavior. - name: Copilot/OpenCode hosted access coverageIds: [hosted-providers.copilot-opencode-hosted-access] description: Covers Copilot/OpenCode hosted access across Amazon Bedrock, Bedrock Mantle, Cloudflare AI Gateway, Vercel AI Gateway, and related cloud and gateway providers behavior. - name: Proxy capability diagnostics coverageIds: [hosted-providers.proxy-capability-diagnostics] description: Covers Proxy capability diagnostics across Amazon Bedrock, Bedrock Mantle, Cloudflare AI Gateway, Vercel AI Gateway, and related cloud and gateway providers behavior. - name: Hosted text completion coverageIds: [hosted-providers.hosted-text-completion] description: 'Covers Hosted text completion across hosted text providers that mostly use OpenAI-compatible routes or close variants: DeepSeek, Groq, Mistral, Together, and related openai-compatible hosted text providers behavior.' - name: Tool-call and streaming compatibility coverageIds: [hosted-providers.tool-call-and-streaming-compatibility] description: 'Covers Tool-call and streaming compatibility across hosted text providers that mostly use OpenAI-compatible routes or close variants: DeepSeek, Groq, Mistral, Together, and related openai-compatible hosted text providers behavior.' - name: Model catalog resolution coverageIds: [hosted-providers.model-catalog-resolution] description: 'Covers Model catalog resolution across hosted text providers that mostly use OpenAI-compatible routes or close variants: DeepSeek, Groq, Mistral, Together, and related openai-compatible hosted text providers behavior.' - name: Provider-specific request shaping coverageIds: [hosted-providers.provider-specific-request-shaping] description: 'Covers Provider-specific request shaping across hosted text providers that mostly use OpenAI-compatible routes or close variants: DeepSeek, Groq, Mistral, Together, and related openai-compatible hosted text providers behavior.' - name: Regional provider setup coverageIds: [hosted-providers.regional-provider-setup] description: Covers Regional provider setup across Qwen, Alibaba, Tencent, Qianfan, and related regional hosted llm providers behavior. - name: Region and plan routing coverageIds: [hosted-providers.region-and-plan-routing] description: Covers Region and plan routing across Qwen, Alibaba, Tencent, Qianfan, and related regional hosted llm providers behavior. - name: Regional live smoke coverageIds: [hosted-providers.regional-live-smoke] description: Covers Regional live smoke across Qwen, Alibaba, Tencent, Qianfan, and related regional hosted llm providers behavior. - name: Account prerequisite diagnostics coverageIds: [hosted-providers.account-prerequisite-diagnostics] description: Covers Account prerequisite diagnostics across Qwen, Alibaba, Tencent, Qianfan, and related regional hosted llm providers behavior. docs: - docs/providers/index.md - docs/concepts/model-providers.md - docs/help/testing-live.md - docs/cli/onboard.md search_anchors: - Bedrock setup - Gateway/proxy routing - Copilot/OpenCode hosted access - Proxy capability diagnostics - Hosted text completion - Tool-call and streaming compatibility - Model catalog resolution - Provider-specific request shaping - Regional provider setup - Region and plan routing - Regional live smoke - Account prerequisite diagnostics category_note: openai-compatible-hosted-text-adapters.md human_lts_override: false - name: Hosted Media Providers id: hosted-media-providers features: - name: Image generation providers coverageIds: [hosted-providers.image-generation-providers] description: Covers Image generation providers across hosted image, video, and music generation provider paths, including DeepInfra, and related hosted media generation providers behavior. - name: Video generation providers coverageIds: [hosted-providers.video-generation-providers] description: Covers Video generation providers across hosted image, video, and music generation provider paths, including DeepInfra, and related hosted media generation providers behavior. - name: Music generation providers coverageIds: [hosted-providers.music-generation-providers] description: Covers Music generation providers across hosted image, video, and music generation provider paths, including DeepInfra, and related hosted media generation providers behavior. - name: Media mode coverage coverageIds: [hosted-providers.media-mode-coverage] description: Covers Media mode coverage across hosted image, video, and music generation provider paths, including DeepInfra, and related hosted media generation providers behavior. - name: Text-to-speech providers coverageIds: [hosted-providers.text-to-speech-providers] description: Covers Text-to-speech providers across text-to-speech, speech-to-text, realtime transcription, telephony audio, and related hosted speech, transcription, and audio providers behavior. - name: Speech-to-text providers coverageIds: [hosted-providers.speech-to-text-providers] description: Covers Speech-to-text providers across text-to-speech, speech-to-text, realtime transcription, telephony audio, and related hosted speech, transcription, and audio providers behavior. - name: Realtime transcription providers coverageIds: [models.realtime-transcription-providers] description: Covers Realtime transcription providers across text-to-speech, speech-to-text, realtime transcription, telephony audio, and related hosted speech, transcription, and audio providers behavior. - name: Audio format diagnostics coverageIds: [hosted-providers.audio-format-diagnostics] description: Covers Audio format diagnostics across text-to-speech, speech-to-text, realtime transcription, telephony audio, and related hosted speech, transcription, and audio providers behavior. docs: - docs/plugins/manifest.md - docs/help/testing-live.md - docs/providers/index.md search_anchors: - Image generation providers - Video generation providers - Music generation providers - Media mode coverage - Text-to-speech providers - Speech-to-text providers - Realtime transcription providers - Audio format diagnostics category_note: hosted-media-generation-providers.md human_lts_override: false - name: Provider Operations id: provider-operations features: - name: Provider directory coverageIds: [hosted-providers.provider-directory] description: Covers Provider directory across public provider directory, provider docs links, model provider overview tables, manifest provider metadata, and related provider catalog and discovery behavior. - name: Provider install catalog coverageIds: [hosted-providers.provider-install-catalog] description: Covers Provider install catalog across public provider directory, provider docs links, model provider overview tables, manifest provider metadata, and related provider catalog and discovery behavior. - name: Model catalog metadata coverageIds: [hosted-providers.model-catalog-metadata] description: Covers Model catalog metadata across public provider directory, provider docs links, model provider overview tables, manifest provider metadata, and related provider catalog and discovery behavior. - name: Catalog parity checks coverageIds: [hosted-providers.catalog-parity-checks] description: Covers Catalog parity checks across public provider directory, provider docs links, model provider overview tables, manifest provider metadata, and related provider catalog and discovery behavior. - name: Provider setup descriptors coverageIds: [hosted-providers.provider-setup-descriptors] description: Covers Provider setup descriptors across provider setup descriptors, provider auth choices, auth env-var metadata, auth aliases, and related setup and credential health behavior. - name: Auth profiles and aliases coverageIds: [hosted-providers.auth-profiles-and-aliases] description: Covers Auth profiles and aliases across provider setup descriptors, provider auth choices, auth env-var metadata, auth aliases, and related setup and credential health behavior. - name: Credential health probes coverageIds: [hosted-providers.credential-health-probes] description: Covers Credential health probes across provider setup descriptors, provider auth choices, auth env-var metadata, auth aliases, and related setup and credential health behavior. - name: Key rotation and recovery coverageIds: [hosted-providers.key-rotation-and-recovery] description: Covers Key rotation and recovery across provider setup descriptors, provider auth choices, auth env-var metadata, auth aliases, and related setup and credential health behavior. - name: Direct provider smoke coverageIds: [hosted-providers.direct-provider-smoke] description: Covers Direct provider smoke across direct live provider/model smoke, Gateway live profile smoke, `models status --probe`, auth/status buckets, and related provider diagnostics and fallback repair behavior. - name: Gateway live smoke coverageIds: [hosted-providers.gateway-live-smoke] description: Covers Gateway live smoke across direct live provider/model smoke, Gateway live profile smoke, `models status --probe`, auth/status buckets, and related provider diagnostics and fallback repair behavior. - name: Models status probes coverageIds: [hosted-providers.models-status-probes] description: Covers Models status probes across direct live provider/model smoke, Gateway live profile smoke, `models status --probe`, auth/status buckets, and related provider diagnostics and fallback repair behavior. - name: Fallback trace and repair coverageIds: [hosted-providers.fallback-trace-and-repair] description: Covers Fallback trace and repair across direct live provider/model smoke, Gateway live profile smoke, `models status --probe`, auth/status buckets, and related provider diagnostics and fallback repair behavior. docs: - docs/providers/index.md - docs/concepts/model-providers.md - docs/plugins/manifest.md - docs/help/testing-live.md - docs/cli/models.md search_anchors: - Provider directory - Provider install catalog - Model catalog metadata - Catalog parity checks - Provider setup descriptors - Auth profiles and aliases - Credential health probes - Key rotation and recovery - Direct provider smoke - Gateway live smoke - Models status probes - Fallback trace and repair category_note: setup-auth-profiles-and-credential-health.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: web-search-tools name: Web search tools family: provider-tool level: beta level_code: M3 rationale: Multiple providers and docs exist. Needs quota/error/SSRF proof per provider family. completeness_instructions: references/completeness/web-search-tools.md categories: - name: Search Providers id: search-providers features: - name: API-backed providers coverageIds: [tools.tavily-search] description: Covers API-backed providers provider routing, request shaping, streaming, and response normalization for Structured Search Providers. - name: Keyless and self-hosted providers coverageIds: [web-search.keyless-and-self-hosted-providers] description: Covers Keyless and self-hosted providers provider routing, request shaping, streaming, and response normalization for Structured Search Providers. - name: Provider comparison and auto-detection coverageIds: [web-search.provider-comparison-and-auto-detection] description: Covers Provider comparison and auto-detection provider routing, request shaping, streaming, and response normalization for Structured Search Providers. - name: Provider-specific filters and extraction coverageIds: [web-search.provider-specific-filters-and-extraction] description: Covers Provider-specific filters and extraction provider routing, request shaping, streaming, and response normalization for Structured Search Providers. - name: Result normalization coverageIds: [web-search.result-normalization] description: Covers Result normalization provider routing, request shaping, streaming, and response normalization for Structured Search Providers. - name: OpenAI native web_search coverageIds: [web-search.openai-native-web-search] description: Covers OpenAI native web_search routing, session binding, history, and conversation context for Provider-Native Grounded Search. - name: Codex native web_search coverageIds: [web-search.codex-native-web-search] description: Covers Codex native web_search routing, session binding, history, and conversation context for Provider-Native Grounded Search. - name: Gemini grounding coverageIds: [web-search.gemini-grounding] description: Covers Gemini grounding routing, session binding, history, and conversation context for Provider-Native Grounded Search. - name: Grok web grounding coverageIds: [web-search.grok-web-grounding] description: Covers Grok web grounding routing, session binding, history, and conversation context for Provider-Native Grounded Search. - name: Kimi web search coverageIds: [web-search.kimi-web-search] description: Covers Kimi web search routing, session binding, history, and conversation context for Provider-Native Grounded Search. - name: Provider-native citations coverageIds: [web-search.provider-native-citations] description: Covers Provider-native citations routing, session binding, history, and conversation context for Provider-Native Grounded Search. - name: Model and filter routing coverageIds: [web-search.model-and-filter-routing] description: Covers Model and filter routing routing, session binding, history, and conversation context for Provider-Native Grounded Search. - name: webSearchProviders coverageIds: [web-search.websearchproviders] description: Defines webSearchProviders setup, credential, configuration, and operator verification behavior for Web Provider Plugin Contracts. - name: registerWebSearchProvider coverageIds: [web-search.registerwebsearchprovider] description: Defines registerWebSearchProvider setup, credential, configuration, and operator verification behavior for Web Provider Plugin Contracts. - name: webFetchProviders coverageIds: [web-search.webfetchproviders] description: Defines webFetchProviders setup, credential, configuration, and operator verification behavior for Web Provider Plugin Contracts. - name: registerWebFetchProvider coverageIds: [web-search.registerwebfetchprovider] description: Defines registerWebFetchProvider setup, credential, configuration, and operator verification behavior for Web Provider Plugin Contracts. - name: public-artifact loading coverageIds: [web-search.public-artifact-loading] description: Defines public-artifact loading setup, credential, configuration, and operator verification behavior for Web Provider Plugin Contracts. - name: runtime resolution coverageIds: [web-search.runtime-resolution] description: Defines runtime resolution setup, credential, configuration, and operator verification behavior for Web Provider Plugin Contracts. - name: contract tests coverageIds: [web-search.contract-tests] description: Defines contract tests setup, credential, configuration, and operator verification behavior for Web Provider Plugin Contracts. docs: - docs/tools/web.md - docs/tools/brave-search.md - docs/tools/tavily.md - docs/tools/exa-search.md - docs/tools/firecrawl.md - docs/tools/perplexity-search.md - docs/tools/duckduckgo-search.md - docs/tools/searxng-search.md - docs/tools/gemini-search.md - docs/tools/grok-search.md - docs/tools/kimi-search.md - docs/tools/minimax-search.md - docs/tools/ollama-search.md - docs/plugins/sdk-subpaths.md - docs/plugins/sdk-overview.md - docs/plugins/manifest.md search_anchors: - API-backed providers - Keyless and self-hosted providers - Provider comparison and auto-detection - Provider-specific filters and extraction - Result normalization - OpenAI native web_search - Codex native web_search - Gemini grounding - Grok web grounding - Kimi web search - Provider-native citations - Model and filter routing - webSearchProviders - registerWebSearchProvider - webFetchProviders - registerWebFetchProvider - public-artifact loading - runtime resolution - contract tests category_note: bundled-structured-search-providers.md human_lts_override: false - name: Setup and Diagnostics id: setup-and-diagnostics features: - name: Provider credentials coverageIds: [security.provider-credentials] description: Defines Provider credentials setup, credential, configuration, and operator verification behavior for Setup and Credential Repair. - name: Default provider selection coverageIds: [web-search.default-provider-selection] description: Defines Default provider selection setup, credential, configuration, and operator verification behavior for Setup and Credential Repair. - name: Credential repair coverageIds: [web-search.credential-repair] description: Defines Credential repair setup, credential, configuration, and operator verification behavior for Setup and Credential Repair. - name: Status checks coverageIds: [web-search.status-checks] description: Defines Status checks setup, credential, configuration, and operator verification behavior for Setup and Credential Repair. - name: Quota errors coverageIds: [web-search.quota-errors] description: Covers Quota errors status, diagnostics, failure handling, and operator repair for Provider Reliability and Diagnostics. - name: Cache controls coverageIds: [web-search.cache-controls] description: Covers Cache controls status, diagnostics, failure handling, and operator repair for Provider Reliability and Diagnostics. - name: Provider diagnostics coverageIds: [models.diagnostics] description: Covers Provider diagnostics status, diagnostics, failure handling, and operator repair for Provider Reliability and Diagnostics. - name: Retry and fallback coverageIds: [web-search.retry-and-fallback] description: Covers Retry and fallback status, diagnostics, failure handling, and operator repair for Provider Reliability and Diagnostics. - name: Operator repair coverageIds: [codex.operator-repair] description: Covers Operator repair status, diagnostics, failure handling, and operator repair for Provider Reliability and Diagnostics. docs: - docs/tools/web.md - docs/tools/web-fetch.md - docs/help/faq.md - docs/reference/api-usage-costs.md - docs/tools/brave-search.md - docs/tools/perplexity-search.md - docs/tools/tavily.md - docs/tools/firecrawl.md search_anchors: - Provider credentials - Default provider selection - Credential repair - Status checks - Quota errors - Cache controls - Provider diagnostics - Retry and fallback - Operator repair category_note: operator-setup-provider-selection-and-credential-repair.md human_lts_override: false - name: Network Safety id: network-safety features: - name: Network Safety coverageIds: [web-search.network-safety] description: Defines Network Safety authorization, trust, safety boundaries, and operator controls for Network Safety, Ssrf, Redirects, and Untrusted Content. - name: SSRF coverageIds: [browser-tools.ssrf] description: Defines SSRF authorization, trust, safety boundaries, and operator controls for Network Safety, Ssrf, Redirects, and Untrusted Content. - name: Redirects coverageIds: [web-search.redirects] description: Defines Redirects authorization, trust, safety boundaries, and operator controls for Network Safety, Ssrf, Redirects, and Untrusted Content. - name: Untrusted Content coverageIds: [web-search.untrusted-content] description: Defines Untrusted Content authorization, trust, safety boundaries, and operator controls for Network Safety, Ssrf, Redirects, and Untrusted Content. docs: - docs/tools/web.md - docs/tools/web-fetch.md - docs/tools/firecrawl.md - docs/tools/searxng-search.md search_anchors: - Network Safety - SSRF - Redirects - Untrusted Content - web search tools network safety, ssrf, redirects, and untrusted content - network safety, ssrf, redirects, and untrusted content category_note: network-safety-ssrf-redirects-and-untrusted-content.md human_lts_override: false - name: Tool Availability and Fetch id: tool-availability-and-fetch features: - name: web_search exposure coverageIds: [models.openai, tools.web-search] description: Defines web_search exposure setup, credential, configuration, and operator verification behavior for Tool Availability and Policy. - name: web_fetch exposure coverageIds: [tools.web-fetch] description: Defines web_fetch exposure setup, credential, configuration, and operator verification behavior for Tool Availability and Policy. - name: x_search exposure coverageIds: [web-search.x-search-exposure] description: Defines x_search exposure setup, credential, configuration, and operator verification behavior for Tool Availability and Policy. - name: group:web policy coverageIds: [web-search.group-web-policy] description: Defines group:web policy setup, credential, configuration, and operator verification behavior for Tool Availability and Policy. - name: disabled-state diagnostics coverageIds: [web-search.disabled-state-diagnostics] description: Defines disabled-state diagnostics setup, credential, configuration, and operator verification behavior for Tool Availability and Policy. - name: provider/model gating coverageIds: [web-search.provider-model-gating] description: Defines provider/model gating setup, credential, configuration, and operator verification behavior for Tool Availability and Policy. - name: URL fetch coverageIds: [web-search.url-fetch] description: Covers URL fetch tool invocation, host execution, sandbox policy, and artifact handling for Web Fetch and Content Extraction. - name: HTML extraction coverageIds: [tools.tavily-extract] description: Covers HTML extraction tool invocation, host execution, sandbox policy, and artifact handling for Web Fetch and Content Extraction. - name: PDF/text extraction coverageIds: [web-search.pdf-text-extraction] description: Covers PDF/text extraction tool invocation, host execution, sandbox policy, and artifact handling for Web Fetch and Content Extraction. - name: Safe truncation coverageIds: [web-search.safe-truncation] description: Covers Safe truncation tool invocation, host execution, sandbox policy, and artifact handling for Web Fetch and Content Extraction. - name: Content citation handoff coverageIds: [web-search.content-citation-handoff] description: Covers Content citation handoff tool invocation, host execution, sandbox policy, and artifact handling for Web Fetch and Content Extraction. docs: - docs/gateway/config-tools.md - docs/tools/web-fetch.md - docs/tools/web.md - docs/help/faq.md search_anchors: - web_search exposure - web_fetch exposure - x_search exposure - group:web policy - disabled-state diagnostics - provider/model gating - URL fetch - HTML extraction - PDF/text extraction - Safe truncation - Content citation handoff category_note: tool-exposure-policy-and-runtime-tool-wiring.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: browser-automation-and-exec-sandbox-tools name: Browser automation, exec, and sandbox tools family: provider-tool level: beta level_code: M3 rationale: Core tools are documented, but host security and permission UX should stay under active scorecard review. completeness_instructions: references/completeness/browser-automation-and-exec-sandbox-tools.md categories: - name: Browser Automation id: browser-automation features: - name: Browser Actions coverageIds: [browser-tools.browser-actions] description: Covers Browser Actions across browser tool action schemas, navigate/act/snapshot/screenshot operations, AI/role/ARIA snapshot formats, action ref storage, and related browser actions, snapshots, and artifacts behavior. - name: Snapshots coverageIds: [browser-tools.snapshots] description: Covers Snapshots across browser tool action schemas, navigate/act/snapshot/screenshot operations, AI/role/ARIA snapshot formats, action ref storage, and related browser actions, snapshots, and artifacts behavior. - name: Artifacts coverageIds: [workspace.artifacts] description: Covers Artifacts across browser tool action schemas, navigate/act/snapshot/screenshot operations, AI/role/ARIA snapshot formats, action ref storage, and related browser actions, snapshots, and artifacts behavior. - name: Browser Plugin Service coverageIds: [browser-tools.browser-plugin-service] description: Covers Browser Plugin Service across bundled browser plugin activation, browser CLI registration, `browser.request` Gateway routing, control-service startup, and related browser plugin service and profiles behavior. - name: Profiles coverageIds: [browser-tools.profiles] description: Covers Profiles across bundled browser plugin activation, browser CLI registration, `browser.request` Gateway routing, control-service startup, and related browser plugin service and profiles behavior. - name: Browser Security coverageIds: [browser-tools.browser-security] description: Covers Browser Security across browser-control auth, navigation URL validation, delayed navigation guards, strict private-network SSRF policy, and related browser security, ssrf, and remote control behavior. - name: SSRF coverageIds: [browser-tools.ssrf] description: Covers SSRF across browser-control auth, navigation URL validation, delayed navigation guards, strict private-network SSRF policy, and related browser security, ssrf, and remote control behavior. - name: Remote Control coverageIds: [browser-tools.remote-control] description: Covers Remote Control across browser-control auth, navigation URL validation, delayed navigation guards, strict private-network SSRF policy, and related browser security, ssrf, and remote control behavior. docs: - docs/tools/browser-control.md - docs/help/testing.md - docs/tools/browser.md - docs/gateway/security/index.md - docs/gateway/security/audit-checks.md search_anchors: - Browser Actions - Snapshots - Artifacts - browser automation and exec/sandbox tools browser actions, snapshots, and artifacts - browser actions, snapshots, and artifacts - Browser Plugin Service - Profiles - browser automation and exec/sandbox tools browser plugin service and profiles - browser plugin service and profiles - Browser Security - SSRF - Remote Control - browser automation and exec/sandbox tools browser security, ssrf, and remote control - browser security, ssrf, and remote control category_note: browser-actions-snapshots-and-artifacts.md human_lts_override: false - name: Tool Invocation and Execution id: tool-invocation-and-execution features: - name: Exec Routing coverageIds: [tools.bash, tools.exec] description: Covers Exec Routing across `exec` foreground and background execution, `yieldMs`, timeouts, PTY, and related exec routing and process lifecycle behavior. - name: Process Lifecycle coverageIds: [workspace.long-running-task] description: Covers Process Lifecycle across `exec` foreground and background execution, `yieldMs`, timeouts, PTY, and related exec routing and process lifecycle behavior. - name: Direct Tool Invoke API coverageIds: [plugins.mcp-tools, tools.invocation] description: Covers Direct Tool Invoke API across HTTP `POST /tools/invoke`, Gateway RPC `tools.invoke`, request body and auth semantics, shared-secret operator scope restoration, and related direct tool invoke api and node system.run behavior. - name: Node System.run coverageIds: [browser-tools.node-system-run] description: Covers Node System.run across HTTP `POST /tools/invoke`, Gateway RPC `tools.invoke`, request body and auth semantics, shared-secret operator scope restoration, and related direct tool invoke api and node system.run behavior. - name: Host Exec Approvals coverageIds: [browser-tools.host-exec-approvals] description: Covers Host Exec Approvals across exec approval policy, local approvals state, approval request registration and waiting, allow-once consumption, and related host exec approvals and elevated mode behavior. - name: Elevated Mode coverageIds: [browser-tools.elevated-mode] description: Covers Elevated Mode across exec approval policy, local approvals state, approval request registration and waiting, allow-once consumption, and related host exec approvals and elevated mode behavior. docs: - docs/tools/exec.md - docs/gateway/background-process.md - docs/gateway/tools-invoke-http-api.md - docs/gateway/operator-scopes.md - docs/gateway/protocol.md - docs/tools/exec-approvals.md - docs/tools/exec-approvals-advanced.md - docs/tools/elevated.md search_anchors: - Exec Routing - Process Lifecycle - browser automation and exec/sandbox tools exec routing and process lifecycle - exec routing and process lifecycle - Direct Tool Invoke API - Node System.run - browser automation and exec/sandbox tools direct tool invoke api and node system.run - direct tool invoke api and node system.run - Host Exec Approvals - Elevated Mode - browser automation and exec/sandbox tools host exec approvals and elevated mode - host exec approvals and elevated mode category_note: exec-routing-and-process-lifecycle.md human_lts_override: true - name: Sandbox and Tool Policy id: sandbox-and-tool-policy features: - name: Sandbox Backends coverageIds: [browser-tools.sandbox-backends] description: Covers Sandbox Backends across sandbox modes, scopes, workspace roots, workspaceAccess, and related sandbox backends and workspace isolation behavior. - name: Workspace Isolation coverageIds: [browser-tools.workspace-isolation] description: Covers Workspace Isolation across sandbox modes, scopes, workspace roots, workspaceAccess, and related sandbox backends and workspace isolation behavior. - name: Sandboxed Browser coverageIds: [browser-tools.sandboxed-browser] description: Covers Sandboxed Browser across sandbox browser config, Docker browser container creation, CDP relay authentication, noVNC password/token flow, and related sandboxed browser and codex dynamic tools behavior. - name: Codex Dynamic Tools coverageIds: [browser-tools.codex-dynamic-tools] description: Covers Codex Dynamic Tools across sandbox browser config, Docker browser container creation, CDP relay authentication, noVNC password/token flow, and related sandboxed browser and codex dynamic tools behavior. - name: Tool Policy coverageIds: [browser-tools.tool-policy] description: Covers Tool Policy across tool profiles, tool groups, allow/deny policy, provider policy, and related tool policy and sandbox tool gates behavior. - name: Sandbox Tool Gates coverageIds: [browser-tools.sandbox-tool-gates] description: Covers Sandbox Tool Gates across tool profiles, tool groups, allow/deny policy, provider policy, and related tool policy and sandbox tool gates behavior. docs: - docs/gateway/sandboxing.md - docs/gateway/sandbox-vs-tool-policy-vs-elevated.md - docs/tools/multi-agent-sandbox-tools.md - docs/plugins/codex-harness-reference.md - docs/gateway/config-tools.md search_anchors: - Sandbox Backends - Workspace Isolation - browser automation and exec/sandbox tools sandbox backends and workspace isolation - sandbox backends and workspace isolation - Sandboxed Browser - Codex Dynamic Tools - browser automation and exec/sandbox tools sandboxed browser and codex dynamic tools - sandboxed browser and codex dynamic tools - Tool Policy - Sandbox Tool Gates - browser automation and exec/sandbox tools tool policy and sandbox tool gates - tool policy and sandbox tool gates category_note: sandbox-backends-and-workspace-isolation.md human_lts_override: true last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3 - id: image-video-music-generation-tools name: Image, video, and music generation tools family: provider-tool level: alpha level_code: M2 rationale: Capability exists across providers, but quality, latency, and parameter compatibility vary too much for beta without per-provider proof. completeness_instructions: references/completeness/image-video-music-generation-tools.md categories: - name: Media Routing and Discovery id: media-routing-and-discovery features: - name: default media model config coverageIds: [media-tools.default-media-model-config] description: Covers default media model config across `imageGenerationModel`, `videoGenerationModel`, `musicGenerationModel`, provider/model refs, and related model routing and tool discovery behavior. - name: per-call model refs and fallbacks coverageIds: [media-tools.per-call-model-refs-and-fallbacks] description: Covers per-call model refs and fallbacks across `imageGenerationModel`, `videoGenerationModel`, `musicGenerationModel`, provider/model refs, and related model routing and tool discovery behavior. - name: auth-backed tool discovery coverageIds: [media-tools.auth-backed-tool-discovery] description: Covers auth-backed tool discovery across `imageGenerationModel`, `videoGenerationModel`, `musicGenerationModel`, provider/model refs, and related model routing and tool discovery behavior. - name: action=list provider inspection coverageIds: [media-tools.action-list-provider-inspection] description: Covers action=list provider inspection across `imageGenerationModel`, `videoGenerationModel`, `musicGenerationModel`, provider/model refs, and related model routing and tool discovery behavior. docs: - docs/gateway/config-agents.md - docs/tools/image-generation.md - docs/tools/video-generation.md - docs/tools/music-generation.md search_anchors: - default media model config - per-call model refs and fallbacks - auth-backed tool discovery - action=list provider inspection category_note: configuration-model-refs-and-provider-discovery.md human_lts_override: false - name: Task Lifecycle and Delivery id: task-lifecycle-and-delivery features: - name: background task creation coverageIds: [media-tools.background-task-creation] description: Covers background task creation across `image_generate`, `video_generate`, and `music_generate` tool exposure, background task scheduling, and related async task lifecycle behavior. - name: task status/list/show/cancel coverageIds: [media-tools.task-status-list-show-cancel] description: Covers task status/list/show/cancel across `image_generate`, `video_generate`, and `music_generate` tool exposure, background task scheduling, and related async task lifecycle behavior. - name: duplicate guards coverageIds: [media-tools.duplicate-guards] description: Covers duplicate guards across `image_generate`, `video_generate`, and `music_generate` tool exposure, background task scheduling, and related async task lifecycle behavior. - name: progress keepalive coverageIds: [media-tools.progress-keepalive] description: Covers progress keepalive across `image_generate`, `video_generate`, and `music_generate` tool exposure, background task scheduling, and related async task lifecycle behavior. - name: completion/failure wake coverageIds: [media-tools.completion-failure-wake] description: Covers completion/failure wake across `image_generate`, `video_generate`, and `music_generate` tool exposure, background task scheduling, and related async task lifecycle behavior. - name: no-session inline fallback coverageIds: [media-tools.no-session-inline-fallback] description: Covers no-session inline fallback across `image_generate`, `video_generate`, and `music_generate` tool exposure, background task scheduling, and related async task lifecycle behavior. - name: local media persistence coverageIds: [media-tools.local-media-persistence] description: Covers local media persistence across generated image/audio/video artifact objects, MIME and filename inference, local media paths, hosted media URLs, and related generated media delivery behavior. - name: MIME/filename inference coverageIds: [media-tools.mime-filename-inference] description: Covers MIME/filename inference across generated image/audio/video artifact objects, MIME and filename inference, local media paths, hosted media URLs, and related generated media delivery behavior. - name: Hosted URL fallback coverageIds: [media-tools.hosted-url-fallback] description: Covers hosted URL fallback across generated image/audio/video artifact objects, MIME and filename inference, local media paths, hosted media URLs, and related generated media delivery behavior. - name: message-tool handoff coverageIds: [media-tools.message-tool-handoff] description: Covers message-tool handoff across generated image/audio/video artifact objects, MIME and filename inference, local media paths, hosted media URLs, and related generated media delivery behavior. - name: idempotent missing-media fallback coverageIds: [media-tools.idempotent-missing-media-fallback] description: Covers idempotent missing-media fallback across generated image/audio/video artifact objects, MIME and filename inference, local media paths, hosted media URLs, and related generated media delivery behavior. - name: channel attachment proof coverageIds: [media-tools.channel-attachment-proof] description: Covers channel attachment proof across generated image/audio/video artifact objects, MIME and filename inference, local media paths, hosted media URLs, and related generated media delivery behavior. docs: - docs/tools/media-overview.md - docs/tools/image-generation.md - docs/tools/video-generation.md - docs/tools/music-generation.md search_anchors: - background task creation - task status/list/show/cancel - duplicate guards - progress keepalive - completion/failure wake - no-session inline fallback - local media persistence - MIME/filename inference - Hosted URL fallback - message-tool handoff - idempotent missing-media fallback - channel attachment proof category_note: session-backed-tool-invocation-and-task-lifecycle.md human_lts_override: false - name: Image Generation id: image-generation features: - name: text-to-image coverageIds: [media-tools.text-to-image] description: 'Covers text-to-image across image generation and editing runtime behavior after a provider candidate has been selected: request normalization, timeout handling, reference-image inputs, image response parsing, and related image generation and editing behavior.' - name: reference-image editing coverageIds: [media.reference-image-editing] description: 'Covers reference-image editing across image generation and editing runtime behavior after a provider candidate has been selected: request normalization, timeout handling, reference-image inputs, image response parsing, and related image generation and editing behavior.' - name: output hints coverageIds: [media-tools.output-hints] description: 'Covers output hints across image generation and editing runtime behavior after a provider candidate has been selected: request normalization, timeout handling, reference-image inputs, image response parsing, and related image generation and editing behavior.' - name: action=status coverageIds: [media-tools.action-status] description: 'Covers action=status across image generation and editing runtime behavior after a provider candidate has been selected: request normalization, timeout handling, reference-image inputs, image response parsing, and related image generation and editing behavior.' - name: provider attempt metadata coverageIds: [media-tools.provider-attempt-metadata] description: 'Covers provider attempt metadata across image generation and editing runtime behavior after a provider candidate has been selected: request normalization, timeout handling, reference-image inputs, image response parsing, and related image generation and editing behavior.' - name: OpenAI/Codex OAuth coverageIds: [media-tools.openai-codex-oauth] description: Covers OpenAI/Codex OAuth across provider registrations and auth paths for image generation and editing, including OpenAI/Codex OAuth, OpenRouter, xAI, and related image providers and auth behavior. - name: API-key OpenAI coverageIds: [media-tools.api-key-openai] description: Covers API-key OpenAI across provider registrations and auth paths for image generation and editing, including OpenAI/Codex OAuth, OpenRouter, xAI, and related image providers and auth behavior. - name: OpenRouter/xAI/fal/LiteLLM/DeepInfra/Google/MiniMax/ComfyUI auth coverageIds: [media-tools.openrouter-xai-fal-litellm-deepinfra-google-minimax-comfyui-auth] description: Covers OpenRouter/xAI/fal/LiteLLM/DeepInfra/Google/MiniMax/ComfyUI auth across provider registrations and auth paths for image generation and editing, including OpenAI/Codex OAuth, OpenRouter, xAI, and related image providers and auth behavior. - name: provider error diagnostics coverageIds: [media-tools.provider-error-diagnostics] description: Covers provider error diagnostics across provider registrations and auth paths for image generation and editing, including OpenAI/Codex OAuth, OpenRouter, xAI, and related image providers and auth behavior. docs: - docs/tools/image-generation.md - docs/cli/infer.md - docs/tools/media-overview.md search_anchors: - text-to-image - reference-image editing - output hints - action=status - provider attempt metadata - OpenAI/Codex OAuth - API-key OpenAI - OpenRouter/xAI/fal/LiteLLM/DeepInfra/Google/MiniMax/ComfyUI auth - provider error diagnostics category_note: image-generation-and-editing-runtime.md human_lts_override: false - name: Video Generation id: video-generation features: - name: text-to-video coverageIds: [media-tools.text-to-video] description: 'Covers text-to-video across video generation request normalization before provider execution: `generate`, `imageToVideo`, and `videoToVideo` modes, reference media typing and roles, and related video generation modes behavior.' - name: image-to-video coverageIds: [media-tools.image-to-video] description: 'Covers image-to-video across video generation request normalization before provider execution: `generate`, `imageToVideo`, and `videoToVideo` modes, reference media typing and roles, and related video generation modes behavior.' - name: video-to-video coverageIds: [media-tools.video-to-video] description: 'Covers video-to-video across video generation request normalization before provider execution: `generate`, `imageToVideo`, and `videoToVideo` modes, reference media typing and roles, and related video generation modes behavior.' - name: reference role validation coverageIds: [media-tools.reference-role-validation] description: 'Covers reference role validation across video generation request normalization before provider execution: `generate`, `imageToVideo`, and `videoToVideo` modes, reference media typing and roles, and related video generation modes behavior.' - name: audio refs coverageIds: [media-tools.audio-refs] description: 'Covers audio refs across video generation request normalization before provider execution: `generate`, `imageToVideo`, and `videoToVideo` modes, reference media typing and roles, and related video generation modes behavior.' - name: typed providerOptions coverageIds: [media-tools.typed-provideroptions] description: 'Covers typed providerOptions across video generation request normalization before provider execution: `generate`, `imageToVideo`, and `videoToVideo` modes, reference media typing and roles, and related video generation modes behavior.' - name: queue-backed jobs coverageIds: [media-tools.queue-backed-jobs] description: 'Covers queue-backed jobs across provider integration and async polling for video generation after request normalization: OpenAI Sora, OpenRouter, fal, Runway, and related video providers and polling behavior.' - name: polling/timeout handling coverageIds: [media-tools.polling-timeout-handling] description: 'Covers polling/timeout handling across provider integration and async polling for video generation after request normalization: OpenAI Sora, OpenRouter, fal, Runway, and related video providers and polling behavior.' - name: Hosted URL download coverageIds: [media-tools.hosted-url-download] description: 'Covers hosted URL download across provider integration and async polling for video generation after request normalization: OpenAI Sora, OpenRouter, fal, Runway, and related video providers and polling behavior.' - name: provider skip explanations coverageIds: [media-tools.provider-skip-explanations] description: 'Covers provider skip explanations across provider integration and async polling for video generation after request normalization: OpenAI Sora, OpenRouter, fal, Runway, and related video providers and polling behavior.' - name: returned asset metadata coverageIds: [media-tools.returned-asset-metadata] description: 'Covers returned asset metadata across provider integration and async polling for video generation after request normalization: OpenAI Sora, OpenRouter, fal, Runway, and related video providers and polling behavior.' docs: - docs/tools/video-generation.md - docs/providers/runway.md - docs/providers/pixverse.md - docs/providers/fal.md - docs/providers/openrouter.md search_anchors: - text-to-video - image-to-video - video-to-video - reference role validation - audio refs - typed providerOptions - queue-backed jobs - polling/timeout handling - Hosted URL download - provider skip explanations - returned asset metadata category_note: video-generation-modes-and-request-normalization.md human_lts_override: false - name: Music Generation id: music-generation features: - name: prompt and lyrics input coverageIds: [media-tools.prompt-and-lyrics-input] description: Covers prompt and lyrics input across `music_generate`, prompt and lyrics inputs, instrumental mode, duration, and related music generation behavior. - name: instrumental mode coverageIds: [media-tools.instrumental-mode] description: Covers instrumental mode across `music_generate`, prompt and lyrics inputs, instrumental mode, duration, and related music generation behavior. - name: duration/format controls coverageIds: [media-tools.duration-format-controls] description: Covers duration/format controls across `music_generate`, prompt and lyrics inputs, instrumental mode, duration, and related music generation behavior. - name: image-reference edit lanes coverageIds: [media-tools.image-reference-edit-lanes] description: Covers image-reference edit lanes across `music_generate`, prompt and lyrics inputs, instrumental mode, duration, and related music generation behavior. - name: generated audio outputs coverageIds: [media-tools.generated-audio-outputs] description: Covers generated audio outputs across `music_generate`, prompt and lyrics inputs, instrumental mode, duration, and related music generation behavior. - name: provider fallback coverageIds: [media-tools.provider-fallback] description: Covers provider fallback across `music_generate`, prompt and lyrics inputs, instrumental mode, duration, and related music generation behavior. docs: - docs/tools/music-generation.md search_anchors: - prompt and lyrics input - instrumental mode - duration/format controls - image-reference edit lanes - generated audio outputs - provider fallback category_note: music-generation-tools-and-providers.md human_lts_override: false last_score_run: status: complete completed_at: '2026-05-30' by: codex source_ref: null process_version: 3