Merge branch 'openclaw:main' into qianfan

src/agents/identity.per-channel-prefix.test.ts

@@ -0,0 +1,300 @@
+import { describe, expect, it } from "vitest";
+import type { OpenClawConfig } from "../config/config.js";
+import { resolveResponsePrefix, resolveEffectiveMessagesConfig } from "./identity.js";
+
+const makeConfig = <T extends OpenClawConfig>(cfg: T) => cfg;
+
+describe("resolveResponsePrefix with per-channel override", () => {
+  // ─── Backward compatibility ─────────────────────────────────────────
+
+  describe("backward compatibility (no channel param)", () => {
+    it("returns undefined when no prefix configured anywhere", () => {
+      const cfg: OpenClawConfig = {};
+      expect(resolveResponsePrefix(cfg, "main")).toBeUndefined();
+    });
+
+    it("returns global prefix when set", () => {
+      const cfg: OpenClawConfig = { messages: { responsePrefix: "[Bot] " } };
+      expect(resolveResponsePrefix(cfg, "main")).toBe("[Bot] ");
+    });
+
+    it("resolves 'auto' to identity name at global level", () => {
+      const cfg: OpenClawConfig = {
+        agents: {
+          list: [{ id: "main", identity: { name: "TestBot" } }],
+        },
+        messages: { responsePrefix: "auto" },
+      };
+      expect(resolveResponsePrefix(cfg, "main")).toBe("[TestBot]");
+    });
+
+    it("returns empty string when global prefix is explicitly empty", () => {
+      const cfg: OpenClawConfig = { messages: { responsePrefix: "" } };
+      expect(resolveResponsePrefix(cfg, "main")).toBe("");
+    });
+  });
+
+  // ─── Channel-level prefix ──────────────────────────────────────────
+
+  describe("channel-level prefix", () => {
+    it("returns channel prefix when set, ignoring global", () => {
+      const cfg = makeConfig({
+        messages: { responsePrefix: "[Global] " },
+        channels: {
+          whatsapp: { responsePrefix: "[WA] " },
+        },
+      } satisfies OpenClawConfig);
+      expect(resolveResponsePrefix(cfg, "main", { channel: "whatsapp" })).toBe("[WA] ");
+    });
+
+    it("falls through to global when channel prefix is undefined", () => {
+      const cfg = makeConfig({
+        messages: { responsePrefix: "[Global] " },
+        channels: {
+          whatsapp: {},
+        },
+      } satisfies OpenClawConfig);
+      expect(resolveResponsePrefix(cfg, "main", { channel: "whatsapp" })).toBe("[Global] ");
+    });
+
+    it("channel empty string stops cascade (no global prefix applied)", () => {
+      const cfg = makeConfig({
+        messages: { responsePrefix: "[Global] " },
+        channels: {
+          telegram: { responsePrefix: "" },
+        },
+      } satisfies OpenClawConfig);
+      expect(resolveResponsePrefix(cfg, "main", { channel: "telegram" })).toBe("");
+    });
+
+    it("resolves 'auto' at channel level to identity name", () => {
+      const cfg = makeConfig({
+        agents: {
+          list: [{ id: "main", identity: { name: "MyBot" } }],
+        },
+        channels: {
+          whatsapp: { responsePrefix: "auto" },
+        },
+      } satisfies OpenClawConfig);
+      expect(resolveResponsePrefix(cfg, "main", { channel: "whatsapp" })).toBe("[MyBot]");
+    });
+
+    it("different channels get different prefixes", () => {
+      const cfg = makeConfig({
+        channels: {
+          whatsapp: { responsePrefix: "[WA Bot] " },
+          telegram: { responsePrefix: "" },
+          discord: { responsePrefix: "🤖 " },
+        },
+      } satisfies OpenClawConfig);
+      expect(resolveResponsePrefix(cfg, "main", { channel: "whatsapp" })).toBe("[WA Bot] ");
+      expect(resolveResponsePrefix(cfg, "main", { channel: "telegram" })).toBe("");
+      expect(resolveResponsePrefix(cfg, "main", { channel: "discord" })).toBe("🤖 ");
+    });
+
+    it("returns undefined when channel not in config", () => {
+      const cfg = makeConfig({
+        channels: {
+          whatsapp: { responsePrefix: "[WA] " },
+        },
+      } satisfies OpenClawConfig);
+      expect(resolveResponsePrefix(cfg, "main", { channel: "telegram" })).toBeUndefined();
+    });
+  });
+
+  // ─── Account-level prefix ─────────────────────────────────────────
+
+  describe("account-level prefix", () => {
+    it("returns account prefix when set, ignoring channel and global", () => {
+      const cfg = makeConfig({
+        messages: { responsePrefix: "[Global] " },
+        channels: {
+          whatsapp: {
+            responsePrefix: "[WA] ",
+            accounts: {
+              business: { responsePrefix: "[Biz] " },
+            },
+          },
+        },
+      } satisfies OpenClawConfig);
+      expect(
+        resolveResponsePrefix(cfg, "main", { channel: "whatsapp", accountId: "business" }),
+      ).toBe("[Biz] ");
+    });
+
+    it("falls through to channel prefix when account prefix is undefined", () => {
+      const cfg = makeConfig({
+        channels: {
+          whatsapp: {
+            responsePrefix: "[WA] ",
+            accounts: {
+              business: {},
+            },
+          },
+        },
+      } satisfies OpenClawConfig);
+      expect(
+        resolveResponsePrefix(cfg, "main", { channel: "whatsapp", accountId: "business" }),
+      ).toBe("[WA] ");
+    });
+
+    it("falls through to global when both account and channel are undefined", () => {
+      const cfg = makeConfig({
+        messages: { responsePrefix: "[Global] " },
+        channels: {
+          whatsapp: {
+            accounts: {
+              business: {},
+            },
+          },
+        },
+      } satisfies OpenClawConfig);
+      expect(
+        resolveResponsePrefix(cfg, "main", { channel: "whatsapp", accountId: "business" }),
+      ).toBe("[Global] ");
+    });
+
+    it("account empty string stops cascade", () => {
+      const cfg = makeConfig({
+        messages: { responsePrefix: "[Global] " },
+        channels: {
+          whatsapp: {
+            responsePrefix: "[WA] ",
+            accounts: {
+              business: { responsePrefix: "" },
+            },
+          },
+        },
+      } satisfies OpenClawConfig);
+      expect(
+        resolveResponsePrefix(cfg, "main", { channel: "whatsapp", accountId: "business" }),
+      ).toBe("");
+    });
+
+    it("resolves 'auto' at account level to identity name", () => {
+      const cfg = makeConfig({
+        agents: {
+          list: [{ id: "main", identity: { name: "BizBot" } }],
+        },
+        channels: {
+          whatsapp: {
+            accounts: {
+              business: { responsePrefix: "auto" },
+            },
+          },
+        },
+      } satisfies OpenClawConfig);
+      expect(
+        resolveResponsePrefix(cfg, "main", { channel: "whatsapp", accountId: "business" }),
+      ).toBe("[BizBot]");
+    });
+
+    it("different accounts on same channel get different prefixes", () => {
+      const cfg = makeConfig({
+        channels: {
+          whatsapp: {
+            responsePrefix: "[WA] ",
+            accounts: {
+              business: { responsePrefix: "[Biz] " },
+              personal: { responsePrefix: "[Personal] " },
+            },
+          },
+        },
+      } satisfies OpenClawConfig);
+      expect(
+        resolveResponsePrefix(cfg, "main", { channel: "whatsapp", accountId: "business" }),
+      ).toBe("[Biz] ");
+      expect(
+        resolveResponsePrefix(cfg, "main", { channel: "whatsapp", accountId: "personal" }),
+      ).toBe("[Personal] ");
+    });
+
+    it("unknown accountId falls through to channel level", () => {
+      const cfg = makeConfig({
+        channels: {
+          whatsapp: {
+            responsePrefix: "[WA] ",
+            accounts: {
+              business: { responsePrefix: "[Biz] " },
+            },
+          },
+        },
+      } satisfies OpenClawConfig);
+      expect(
+        resolveResponsePrefix(cfg, "main", { channel: "whatsapp", accountId: "unknown" }),
+      ).toBe("[WA] ");
+    });
+  });
+
+  // ─── Full cascade ─────────────────────────────────────────────────
+
+  describe("full 4-level cascade", () => {
+    const fullCfg = makeConfig({
+      agents: {
+        list: [{ id: "main", identity: { name: "TestBot" } }],
+      },
+      messages: { responsePrefix: "[L4-Global] " },
+      channels: {
+        whatsapp: {
+          responsePrefix: "[L2-Channel] ",
+          accounts: {
+            business: { responsePrefix: "[L1-Account] " },
+            default: {},
+          },
+        },
+        telegram: {},
+      },
+    } satisfies OpenClawConfig);
+
+    it("L1: account prefix wins when all levels set", () => {
+      expect(
+        resolveResponsePrefix(fullCfg, "main", { channel: "whatsapp", accountId: "business" }),
+      ).toBe("[L1-Account] ");
+    });
+
+    it("L2: channel prefix when account undefined", () => {
+      expect(
+        resolveResponsePrefix(fullCfg, "main", { channel: "whatsapp", accountId: "default" }),
+      ).toBe("[L2-Channel] ");
+    });
+
+    it("L4: global prefix when channel has no prefix", () => {
+      expect(resolveResponsePrefix(fullCfg, "main", { channel: "telegram" })).toBe("[L4-Global] ");
+    });
+
+    it("undefined: no prefix at any level", () => {
+      const cfg = makeConfig({
+        channels: { telegram: {} },
+      } satisfies OpenClawConfig);
+      expect(resolveResponsePrefix(cfg, "main", { channel: "telegram" })).toBeUndefined();
+    });
+  });
+
+  // ─── resolveEffectiveMessagesConfig integration ────────────────────
+
+  describe("resolveEffectiveMessagesConfig with channel context", () => {
+    it("passes channel context through to responsePrefix resolution", () => {
+      const cfg = makeConfig({
+        messages: { responsePrefix: "[Global] " },
+        channels: {
+          whatsapp: { responsePrefix: "[WA] " },
+        },
+      } satisfies OpenClawConfig);
+      const result = resolveEffectiveMessagesConfig(cfg, "main", {
+        channel: "whatsapp",
+      });
+      expect(result.responsePrefix).toBe("[WA] ");
+    });
+
+    it("uses global when no channel context provided", () => {
+      const cfg = makeConfig({
+        messages: { responsePrefix: "[Global] " },
+        channels: {
+          whatsapp: { responsePrefix: "[WA] " },
+        },
+      } satisfies OpenClawConfig);
+      const result = resolveEffectiveMessagesConfig(cfg, "main");
+      expect(result.responsePrefix).toBe("[Global] ");
+    });
+  });
+});

src/agents/identity.ts

@@ -53,7 +53,49 @@ export function resolveMessagePrefix(
   return resolveIdentityNamePrefix(cfg, agentId) ?? opts?.fallback ?? "[openclaw]";
 }
 
-export function resolveResponsePrefix(cfg: OpenClawConfig, agentId: string): string | undefined {
+/** Helper to extract a channel config value by dynamic key. */
+function getChannelConfig(
+  cfg: OpenClawConfig,
+  channel: string,
+): Record<string, unknown> | undefined {
+  const channels = cfg.channels as Record<string, unknown> | undefined;
+  const value = channels?.[channel];
+  return typeof value === "object" && value !== null
+    ? (value as Record<string, unknown>)
+    : undefined;
+}
+
+export function resolveResponsePrefix(
+  cfg: OpenClawConfig,
+  agentId: string,
+  opts?: { channel?: string; accountId?: string },
+): string | undefined {
+  // L1: Channel account level
+  if (opts?.channel && opts?.accountId) {
+    const channelCfg = getChannelConfig(cfg, opts.channel);
+    const accounts = channelCfg?.accounts as Record<string, Record<string, unknown>> | undefined;
+    const accountPrefix = accounts?.[opts.accountId]?.responsePrefix as string | undefined;
+    if (accountPrefix !== undefined) {
+      if (accountPrefix === "auto") {
+        return resolveIdentityNamePrefix(cfg, agentId);
+      }
+      return accountPrefix;
+    }
+  }
+
+  // L2: Channel level
+  if (opts?.channel) {
+    const channelCfg = getChannelConfig(cfg, opts.channel);
+    const channelPrefix = channelCfg?.responsePrefix as string | undefined;
+    if (channelPrefix !== undefined) {
+      if (channelPrefix === "auto") {
+        return resolveIdentityNamePrefix(cfg, agentId);
+      }
+      return channelPrefix;
+    }
+  }
+
+  // L4: Global level
   const configured = cfg.messages?.responsePrefix;
   if (configured !== undefined) {
     if (configured === "auto") {
@@ -67,14 +109,22 @@ export function resolveResponsePrefix(cfg: OpenClawConfig, agentId: string): str
 export function resolveEffectiveMessagesConfig(
   cfg: OpenClawConfig,
   agentId: string,
-  opts?: { hasAllowFrom?: boolean; fallbackMessagePrefix?: string },
+  opts?: {
+    hasAllowFrom?: boolean;
+    fallbackMessagePrefix?: string;
+    channel?: string;
+    accountId?: string;
+  },
 ): { messagePrefix: string; responsePrefix?: string } {
   return {
     messagePrefix: resolveMessagePrefix(cfg, agentId, {
       hasAllowFrom: opts?.hasAllowFrom,
       fallback: opts?.fallbackMessagePrefix,
     }),
-    responsePrefix: resolveResponsePrefix(cfg, agentId),
+    responsePrefix: resolveResponsePrefix(cfg, agentId, {
+      channel: opts?.channel,
+      accountId: opts?.accountId,
+    }),
   };
 }
 

src/agents/pi-embedded-runner/compact.ts

@@ -88,6 +88,8 @@ export type CompactEmbeddedPiSessionParams = {
   groupSpace?: string | null;
   /** Parent session key for subagent policy inheritance. */
   spawnedBy?: string | null;
+  /** Whether the sender is an owner (required for owner-only tools). */
+  senderIsOwner?: boolean;
   sessionFile: string;
   workspaceDir: string;
   agentDir?: string;
@@ -227,6 +229,7 @@ export async function compactEmbeddedPiSessionDirect(
       groupChannel: params.groupChannel,
       groupSpace: params.groupSpace,
       spawnedBy: params.spawnedBy,
+      senderIsOwner: params.senderIsOwner,
       agentDir,
       workspaceDir: effectiveWorkspace,
       config: params.config,

src/agents/pi-embedded-runner/run.ts

@@ -324,6 +324,7 @@ export async function runEmbeddedPiAgent(
             groupChannel: params.groupChannel,
             groupSpace: params.groupSpace,
             spawnedBy: params.spawnedBy,
+            senderIsOwner: params.senderIsOwner,
             currentChannelId: params.currentChannelId,
             currentThreadTs: params.currentThreadTs,
             replyToMode: params.replyToMode,
@@ -391,6 +392,7 @@ export async function runEmbeddedPiAgent(
                   agentDir,
                   config: params.config,
                   skillsSnapshot: params.skillsSnapshot,
+                  senderIsOwner: params.senderIsOwner,
                   provider,
                   model: modelId,
                   thinkLevel,

src/agents/pi-embedded-runner/run/attempt.ts

@@ -225,6 +225,7 @@ export async function runEmbeddedAttempt(
           senderName: params.senderName,
           senderUsername: params.senderUsername,
           senderE164: params.senderE164,
+          senderIsOwner: params.senderIsOwner,
           sessionKey: params.sessionKey ?? params.sessionId,
           agentDir,
           workspaceDir: effectiveWorkspace,

src/agents/pi-embedded-runner/run/params.ts

@@ -39,6 +39,8 @@ export type RunEmbeddedPiAgentParams = {
   senderName?: string | null;
   senderUsername?: string | null;
   senderE164?: string | null;
+  /** Whether the sender is an owner (required for owner-only tools). */
+  senderIsOwner?: boolean;
   /** Current channel ID for auto-threading (Slack). */
   currentChannelId?: string;
   /** Current thread timestamp for auto-threading (Slack). */

src/agents/pi-embedded-runner/run/types.ts

@@ -31,6 +31,8 @@ export type EmbeddedRunAttemptParams = {
   senderName?: string | null;
   senderUsername?: string | null;
   senderE164?: string | null;
+  /** Whether the sender is an owner (required for owner-only tools). */
+  senderIsOwner?: boolean;
   currentChannelId?: string;
   currentThreadTs?: string;
   replyToMode?: "off" | "first" | "all";

src/agents/pi-embedded-subscribe.handlers.messages.ts

@@ -163,6 +163,7 @@ export function handleMessageUpdate(
           mediaUrls: hasMedia ? mediaUrls : undefined,
         },
       });
+      ctx.state.emittedAssistantUpdate = true;
       if (ctx.params.onPartialReply && ctx.state.shouldEmitPartialReplies) {
         void ctx.params.onPartialReply({
           text: cleanedText,
@@ -215,6 +216,44 @@ export function handleMessageEnd(
       ? extractAssistantThinking(assistantMessage) || extractThinkingFromTaggedText(rawText)
       : "";
   const formattedReasoning = rawThinking ? formatReasoningMessage(rawThinking) : "";
+  const trimmedText = text.trim();
+  const parsedText = trimmedText ? parseReplyDirectives(stripTrailingDirective(trimmedText)) : null;
+  let cleanedText = parsedText?.text ?? "";
+  let mediaUrls = parsedText?.mediaUrls;
+  let hasMedia = Boolean(mediaUrls && mediaUrls.length > 0);
+
+  if (!cleanedText && !hasMedia) {
+    const rawTrimmed = rawText.trim();
+    const rawStrippedFinal = rawTrimmed.replace(/<\s*\/?\s*final\s*>/gi, "").trim();
+    const rawCandidate = rawStrippedFinal || rawTrimmed;
+    if (rawCandidate) {
+      const parsedFallback = parseReplyDirectives(stripTrailingDirective(rawCandidate));
+      cleanedText = parsedFallback.text ?? rawCandidate;
+      mediaUrls = parsedFallback.mediaUrls;
+      hasMedia = Boolean(mediaUrls && mediaUrls.length > 0);
+    }
+  }
+
+  if (!ctx.state.emittedAssistantUpdate && (cleanedText || hasMedia)) {
+    emitAgentEvent({
+      runId: ctx.params.runId,
+      stream: "assistant",
+      data: {
+        text: cleanedText,
+        delta: cleanedText,
+        mediaUrls: hasMedia ? mediaUrls : undefined,
+      },
+    });
+    void ctx.params.onAgentEvent?.({
+      stream: "assistant",
+      data: {
+        text: cleanedText,
+        delta: cleanedText,
+        mediaUrls: hasMedia ? mediaUrls : undefined,
+      },
+    });
+    ctx.state.emittedAssistantUpdate = true;
+  }
 
   const addedDuringMessage = ctx.state.assistantTexts.length > ctx.state.assistantTextBaseline;
   const chunkerHasBuffered = ctx.blockChunker?.hasBuffered() ?? false;

src/agents/pi-embedded-subscribe.handlers.types.ts

@@ -39,6 +39,7 @@ export type EmbeddedPiSubscribeState = {
   partialBlockState: { thinking: boolean; final: boolean; inlineCode: InlineCodeState };
   lastStreamedAssistant?: string;
   lastStreamedAssistantCleaned?: string;
+  emittedAssistantUpdate: boolean;
   lastStreamedReasoning?: string;
   lastBlockReplyText?: string;
   assistantMessageIndex: number;

src/agents/pi-embedded-subscribe.subscribe-embedded-pi-session.filters-final-suppresses-output-without-start-tag.test.ts

@@ -62,6 +62,39 @@ describe("subscribeEmbeddedPiSession", () => {
 
     expect(onPartialReply).not.toHaveBeenCalled();
   });
+  it("emits agent events on message_end even without <final> tags", () => {
+    let handler: ((evt: unknown) => void) | undefined;
+    const session: StubSession = {
+      subscribe: (fn) => {
+        handler = fn;
+        return () => {};
+      },
+    };
+
+    const onAgentEvent = vi.fn();
+
+    subscribeEmbeddedPiSession({
+      session: session as unknown as Parameters<typeof subscribeEmbeddedPiSession>[0]["session"],
+      runId: "run",
+      enforceFinalTag: true,
+      onAgentEvent,
+    });
+
+    const assistantMessage = {
+      role: "assistant",
+      content: [{ type: "text", text: "Hello world" }],
+    } as AssistantMessage;
+
+    handler?.({ type: "message_start", message: assistantMessage });
+    handler?.({ type: "message_end", message: assistantMessage });
+
+    const payloads = onAgentEvent.mock.calls
+      .map((call) => call[0]?.data as Record<string, unknown> | undefined)
+      .filter((value): value is Record<string, unknown> => Boolean(value));
+    expect(payloads).toHaveLength(1);
+    expect(payloads[0]?.text).toBe("Hello world");
+    expect(payloads[0]?.delta).toBe("Hello world");
+  });
   it("does not require <final> when enforcement is off", () => {
     let handler: ((evt: unknown) => void) | undefined;
     const session: StubSession = {

src/agents/pi-embedded-subscribe.subscribe-embedded-pi-session.subscribeembeddedpisession.test.ts

@@ -185,6 +185,71 @@ describe("subscribeEmbeddedPiSession", () => {
     expect(payloads[1]?.delta).toBe(" world");
   });
 
+  it("emits agent events on message_end for non-streaming assistant text", () => {
+    let handler: ((evt: unknown) => void) | undefined;
+    const session: StubSession = {
+      subscribe: (fn) => {
+        handler = fn;
+        return () => {};
+      },
+    };
+
+    const onAgentEvent = vi.fn();
+
+    subscribeEmbeddedPiSession({
+      session: session as unknown as Parameters<typeof subscribeEmbeddedPiSession>[0]["session"],
+      runId: "run",
+      onAgentEvent,
+    });
+
+    const assistantMessage = {
+      role: "assistant",
+      content: [{ type: "text", text: "Hello world" }],
+    } as AssistantMessage;
+
+    handler?.({ type: "message_start", message: assistantMessage });
+    handler?.({ type: "message_end", message: assistantMessage });
+
+    const payloads = onAgentEvent.mock.calls
+      .map((call) => call[0]?.data as Record<string, unknown> | undefined)
+      .filter((value): value is Record<string, unknown> => Boolean(value));
+    expect(payloads).toHaveLength(1);
+    expect(payloads[0]?.text).toBe("Hello world");
+    expect(payloads[0]?.delta).toBe("Hello world");
+  });
+
+  it("does not emit duplicate agent events when message_end repeats", () => {
+    let handler: ((evt: unknown) => void) | undefined;
+    const session: StubSession = {
+      subscribe: (fn) => {
+        handler = fn;
+        return () => {};
+      },
+    };
+
+    const onAgentEvent = vi.fn();
+
+    subscribeEmbeddedPiSession({
+      session: session as unknown as Parameters<typeof subscribeEmbeddedPiSession>[0]["session"],
+      runId: "run",
+      onAgentEvent,
+    });
+
+    const assistantMessage = {
+      role: "assistant",
+      content: [{ type: "text", text: "Hello world" }],
+    } as AssistantMessage;
+
+    handler?.({ type: "message_start", message: assistantMessage });
+    handler?.({ type: "message_end", message: assistantMessage });
+    handler?.({ type: "message_end", message: assistantMessage });
+
+    const payloads = onAgentEvent.mock.calls
+      .map((call) => call[0]?.data as Record<string, unknown> | undefined)
+      .filter((value): value is Record<string, unknown> => Boolean(value));
+    expect(payloads).toHaveLength(1);
+  });
+
   it("skips agent events when cleaned text rewinds mid-stream", () => {
     let handler: ((evt: unknown) => void) | undefined;
     const session: StubSession = {

src/agents/pi-embedded-subscribe.ts

@@ -49,6 +49,7 @@ export function subscribeEmbeddedPiSession(params: SubscribeEmbeddedPiSessionPar
     partialBlockState: { thinking: false, final: false, inlineCode: createInlineCodeState() },
     lastStreamedAssistant: undefined,
     lastStreamedAssistantCleaned: undefined,
+    emittedAssistantUpdate: false,
     lastStreamedReasoning: undefined,
     lastBlockReplyText: undefined,
     assistantMessageIndex: 0,
@@ -95,6 +96,7 @@ export function subscribeEmbeddedPiSession(params: SubscribeEmbeddedPiSessionPar
     state.partialBlockState.inlineCode = createInlineCodeState();
     state.lastStreamedAssistant = undefined;
     state.lastStreamedAssistantCleaned = undefined;
+    state.emittedAssistantUpdate = false;
     state.lastBlockReplyText = undefined;
     state.lastStreamedReasoning = undefined;
     state.lastReasoningSent = undefined;

src/agents/pi-tools.ts

@@ -44,6 +44,7 @@ import {
 } from "./pi-tools.read.js";
 import { cleanToolSchemaForGemini, normalizeToolParameters } from "./pi-tools.schema.js";
 import {
+  applyOwnerOnlyToolPolicy,
   buildPluginToolGroups,
   collectExplicitAllowlist,
   expandPolicyWithPluginGroups,
@@ -161,6 +162,8 @@ export function createOpenClawCodingTools(options?: {
   requireExplicitMessageTarget?: boolean;
   /** If true, omit the message tool from the tool list. */
   disableMessageTool?: boolean;
+  /** Whether the sender is an owner (required for owner-only tools). */
+  senderIsOwner?: boolean;
 }): AnyAgentTool[] {
   const execToolName = "exec";
   const sandbox = options?.sandbox?.enabled ? options.sandbox : undefined;
@@ -357,14 +360,17 @@ export function createOpenClawCodingTools(options?: {
       requesterAgentIdOverride: agentId,
     }),
   ];
+  // Security: treat unknown/undefined as unauthorized (opt-in, not opt-out)
+  const senderIsOwner = options?.senderIsOwner === true;
+  const toolsByAuthorization = applyOwnerOnlyToolPolicy(tools, senderIsOwner);
   const coreToolNames = new Set(
-    tools
+    toolsByAuthorization
       .filter((tool) => !getPluginToolMeta(tool))
       .map((tool) => normalizeToolName(tool.name))
       .filter(Boolean),
   );
   const pluginGroups = buildPluginToolGroups({
-    tools,
+    tools: toolsByAuthorization,
     toolMeta: (tool) => getPluginToolMeta(tool),
   });
   const resolvePolicy = (policy: typeof profilePolicy, label: string) => {
@@ -401,8 +407,8 @@ export function createOpenClawCodingTools(options?: {
   const subagentPolicyExpanded = expandPolicyWithPluginGroups(subagentPolicy, pluginGroups);
 
   const toolsFiltered = profilePolicyExpanded
-    ? filterToolsByPolicy(tools, profilePolicyExpanded)
-    : tools;
+    ? filterToolsByPolicy(toolsByAuthorization, profilePolicyExpanded)
+    : toolsByAuthorization;
   const providerProfileFiltered = providerProfileExpanded
     ? filterToolsByPolicy(toolsFiltered, providerProfileExpanded)
     : toolsFiltered;

src/agents/pi-tools.whatsapp-login-gating.test.ts

@@ -0,0 +1,35 @@
+import { describe, expect, it, vi } from "vitest";
+import "./test-helpers/fast-coding-tools.js";
+import { createOpenClawCodingTools } from "./pi-tools.js";
+
+vi.mock("./channel-tools.js", () => {
+  const stubTool = (name: string) => ({
+    name,
+    description: `${name} stub`,
+    parameters: { type: "object", properties: {} },
+    execute: vi.fn(),
+  });
+  return {
+    listChannelAgentTools: () => [stubTool("whatsapp_login")],
+  };
+});
+
+describe("whatsapp_login tool gating", () => {
+  it("removes whatsapp_login for unauthorized senders", () => {
+    const tools = createOpenClawCodingTools({ senderIsOwner: false });
+    const toolNames = tools.map((tool) => tool.name);
+    expect(toolNames).not.toContain("whatsapp_login");
+  });
+
+  it("keeps whatsapp_login for authorized senders", () => {
+    const tools = createOpenClawCodingTools({ senderIsOwner: true });
+    const toolNames = tools.map((tool) => tool.name);
+    expect(toolNames).toContain("whatsapp_login");
+  });
+
+  it("defaults to removing whatsapp_login when owner status is unknown", () => {
+    const tools = createOpenClawCodingTools();
+    const toolNames = tools.map((tool) => tool.name);
+    expect(toolNames).not.toContain("whatsapp_login");
+  });
+});

src/agents/sandbox-paths.ts

@@ -1,8 +1,11 @@
 import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { fileURLToPath } from "node:url";
 
 const UNICODE_SPACES = /[\u00A0\u2000-\u200A\u202F\u205F\u3000]/g;
+const HTTP_URL_RE = /^https?:\/\//i;
+const DATA_URL_RE = /^data:/i;
 
 function normalizeUnicodeSpaces(str: string): string {
   return str.replace(UNICODE_SPACES, " ");
@@ -49,6 +52,40 @@ export async function assertSandboxPath(params: { filePath: string; cwd: string;
   return resolved;
 }
 
+export function assertMediaNotDataUrl(media: string): void {
+  const raw = media.trim();
+  if (DATA_URL_RE.test(raw)) {
+    throw new Error("data: URLs are not supported for media. Use buffer instead.");
+  }
+}
+
+export async function resolveSandboxedMediaSource(params: {
+  media: string;
+  sandboxRoot: string;
+}): Promise<string> {
+  const raw = params.media.trim();
+  if (!raw) {
+    return raw;
+  }
+  if (HTTP_URL_RE.test(raw)) {
+    return raw;
+  }
+  let candidate = raw;
+  if (/^file:\/\//i.test(candidate)) {
+    try {
+      candidate = fileURLToPath(candidate);
+    } catch {
+      throw new Error(`Invalid file:// URL for sandboxed media: ${raw}`);
+    }
+  }
+  const resolved = await assertSandboxPath({
+    filePath: candidate,
+    cwd: params.sandboxRoot,
+    root: params.sandboxRoot,
+  });
+  return resolved.resolved;
+}
+
 async function assertNoSymlink(relative: string, root: string) {
   if (!relative) {
     return;

src/agents/tool-policy.ts

@@ -1,3 +1,5 @@
+import type { AnyAgentTool } from "./tools/common.js";
+
 export type ToolProfileId = "minimal" | "coding" | "messaging" | "full";
 
 type ToolProfilePolicy = {
@@ -56,6 +58,8 @@ export const TOOL_GROUPS: Record<string, string[]> = {
   ],
 };
 
+const OWNER_ONLY_TOOL_NAMES = new Set<string>(["whatsapp_login"]);
+
 const TOOL_PROFILES: Record<ToolProfileId, ToolProfilePolicy> = {
   minimal: {
     allow: ["session_status"],
@@ -80,6 +84,31 @@ export function normalizeToolName(name: string) {
   return TOOL_NAME_ALIASES[normalized] ?? normalized;
 }
 
+export function isOwnerOnlyToolName(name: string) {
+  return OWNER_ONLY_TOOL_NAMES.has(normalizeToolName(name));
+}
+
+export function applyOwnerOnlyToolPolicy(tools: AnyAgentTool[], senderIsOwner: boolean) {
+  const withGuard = tools.map((tool) => {
+    if (!isOwnerOnlyToolName(tool.name)) {
+      return tool;
+    }
+    if (senderIsOwner || !tool.execute) {
+      return tool;
+    }
+    return {
+      ...tool,
+      execute: async () => {
+        throw new Error("Tool restricted to owner senders.");
+      },
+    };
+  });
+  if (senderIsOwner) {
+    return withGuard;
+  }
+  return withGuard.filter((tool) => !isOwnerOnlyToolName(tool.name));
+}
+
 export function normalizeToolList(list?: string[]) {
   if (!list) {
     return [];

src/agents/tools/message-tool.test.ts

@@ -1,6 +1,3 @@
-import fs from "node:fs/promises";
-import os from "node:os";
-import path from "node:path";
 import { describe, expect, it, vi } from "vitest";
 import type { ChannelPlugin } from "../../channels/plugins/types.js";
 import type { MessageActionRunResult } from "../../infra/outbound/message-action-runner.js";
@@ -165,50 +162,8 @@ describe("message tool description", () => {
   });
 });
 
-describe("message tool sandbox path validation", () => {
-  it("rejects filePath that escapes sandbox root", async () => {
-    const sandboxDir = await fs.mkdtemp(path.join(os.tmpdir(), "msg-sandbox-"));
-    try {
-      const tool = createMessageTool({
-        config: {} as never,
-        sandboxRoot: sandboxDir,
-      });
-
-      await expect(
-        tool.execute("1", {
-          action: "send",
-          target: "telegram:123",
-          filePath: "/etc/passwd",
-          message: "",
-        }),
-      ).rejects.toThrow(/sandbox/i);
-    } finally {
-      await fs.rm(sandboxDir, { recursive: true, force: true });
-    }
-  });
-
-  it("rejects path param with traversal sequence", async () => {
-    const sandboxDir = await fs.mkdtemp(path.join(os.tmpdir(), "msg-sandbox-"));
-    try {
-      const tool = createMessageTool({
-        config: {} as never,
-        sandboxRoot: sandboxDir,
-      });
-
-      await expect(
-        tool.execute("1", {
-          action: "send",
-          target: "telegram:123",
-          path: "../../../etc/shadow",
-          message: "",
-        }),
-      ).rejects.toThrow(/sandbox/i);
-    } finally {
-      await fs.rm(sandboxDir, { recursive: true, force: true });
-    }
-  });
-
-  it("allows filePath inside sandbox root", async () => {
+describe("message tool sandbox passthrough", () => {
+  it("forwards sandboxRoot to runMessageAction", async () => {
     mocks.runMessageAction.mockClear();
     mocks.runMessageAction.mockResolvedValue({
       kind: "send",
@@ -220,27 +175,22 @@ describe("message tool sandbox path validation", () => {
       dryRun: true,
     } satisfies MessageActionRunResult);
 
-    const sandboxDir = await fs.mkdtemp(path.join(os.tmpdir(), "msg-sandbox-"));
-    try {
-      const tool = createMessageTool({
-        config: {} as never,
-        sandboxRoot: sandboxDir,
-      });
+    const tool = createMessageTool({
+      config: {} as never,
+      sandboxRoot: "/tmp/sandbox",
+    });
 
-      await tool.execute("1", {
-        action: "send",
-        target: "telegram:123",
-        filePath: "./data/file.txt",
-        message: "",
-      });
+    await tool.execute("1", {
+      action: "send",
+      target: "telegram:123",
+      message: "",
+    });
 
-      expect(mocks.runMessageAction).toHaveBeenCalledTimes(1);
-    } finally {
-      await fs.rm(sandboxDir, { recursive: true, force: true });
-    }
+    const call = mocks.runMessageAction.mock.calls[0]?.[0];
+    expect(call?.sandboxRoot).toBe("/tmp/sandbox");
   });
 
-  it("skips validation when no sandboxRoot is set", async () => {
+  it("omits sandboxRoot when not configured", async () => {
     mocks.runMessageAction.mockClear();
     mocks.runMessageAction.mockResolvedValue({
       kind: "send",
@@ -259,11 +209,10 @@ describe("message tool sandbox path validation", () => {
     await tool.execute("1", {
       action: "send",
       target: "telegram:123",
-      filePath: "/etc/passwd",
       message: "",
     });
 
-    // Without sandboxRoot the validation is skipped — unsandboxed sessions work normally.
-    expect(mocks.runMessageAction).toHaveBeenCalledTimes(1);
+    const call = mocks.runMessageAction.mock.calls[0]?.[0];
+    expect(call?.sandboxRoot).toBeUndefined();
   });
 });

src/agents/tools/message-tool.ts

@@ -19,7 +19,6 @@ import { normalizeAccountId } from "../../routing/session-key.js";
 import { normalizeMessageChannel } from "../../utils/message-channel.js";
 import { resolveSessionAgentId } from "../agent-scope.js";
 import { listChannelSupportedActions } from "../channel-tools.js";
-import { assertSandboxPath } from "../sandbox-paths.js";
 import { channelTargetSchema, channelTargetsSchema, stringEnum } from "../schema/typebox.js";
 import { jsonResult, readNumberParam, readStringParam } from "./common.js";
 
@@ -57,7 +56,11 @@ function buildSendSchema(options: { includeButtons: boolean; includeCards: boole
     effect: Type.Optional(
       Type.String({ description: "Alias for effectId (e.g., invisible-ink, balloons)." }),
     ),
-    media: Type.Optional(Type.String()),
+    media: Type.Optional(
+      Type.String({
+        description: "Media URL or local path. data: URLs are not supported here, use buffer.",
+      }),
+    ),
     filename: Type.Optional(Type.String()),
     buffer: Type.Optional(
       Type.String({
@@ -422,17 +425,6 @@ export function createMessageTool(options?: MessageToolOptions): AnyAgentTool {
         }
       }
 
-      // Validate file paths against sandbox root to prevent host file access.
-      const sandboxRoot = options?.sandboxRoot;
-      if (sandboxRoot) {
-        for (const key of ["filePath", "path"] as const) {
-          const raw = readStringParam(params, key, { trim: false });
-          if (raw) {
-            await assertSandboxPath({ filePath: raw, cwd: sandboxRoot, root: sandboxRoot });
-          }
-        }
-      }
-
       const accountId = readStringParam(params, "accountId") ?? agentAccountId;
       if (accountId) {
         params.accountId = accountId;
@@ -475,6 +467,7 @@ export function createMessageTool(options?: MessageToolOptions): AnyAgentTool {
         agentId: options?.agentSessionKey
           ? resolveSessionAgentId({ sessionKey: options.agentSessionKey, config: cfg })
           : undefined,
+        sandboxRoot: options?.sandboxRoot,
         abortSignal: signal,
       });