* fix(slack): include bot root message in new thread sessions (#79338)
When a user replies in-thread to a bot's own message in a Slack DM,
the new thread session was constructed without the parent/root message
content. The agent only saw `reply_to_id` metadata and could not
resolve what was being replied to, leading to confident-but-wrong
actions on follow-up corrections.
The thread-context resolver was filtering out every message authored
by the current bot before formatting thread history, including the
bot's own root message. For thread-replies starting a fresh session,
that left the agent without the parent context it needed.
This change retains current-bot messages in the thread history when
starting a new thread session, formats them with role=assistant under
a "Bot (this assistant)" sender label, and adds
`channels.slack.thread.includeRootMessage` (default `true`) to opt out.
Bot messages still bypass allowlist visibility filtering since the
bot's own output is not third-party content.
Fixes#79338.
* fix(slack): wire includeRootMessage into runtime config schema (#79338)
The first commit added `channels.slack.thread.includeRootMessage` to
the TypeScript type and zod schema, but the runtime AJV-style schema
generated from `extensions/slack/src/config-ui-hints.ts` rejected the
new field with `must NOT have additional properties` at gateway boot.
Adds the matching UI hint entry for `thread.includeRootMessage` and
regenerates the bundled channel config metadata so the live gateway
accepts the new field.
* Narrow Slack thread root context handling
Remove the public includeRootMessage config and keep the Slack thread fix focused on including only the current bot's root message on the first turn of a new thread session.
Preserve filtering of arbitrary current-bot Slack history while ensuring #79338 has parent/root context.
* Fix Slack thread root CI checks
---------
Co-authored-by: Bek <bek.akhmedov@gmail.com>
Closes#78649. Adds opt-in inbound iMessage catchup that recovers messages landing in chat.db while the gateway is offline (crash, restart, mac sleep). Mirrors the design of the retired BlueBubbles catchup, adapted for the imsg JSON-RPC chats.list + messages.history fetch path.
- Schema: new channels.imessage.catchup block with enabled / maxAgeMinutes (1..720) / perRunLimit (1..500) / firstRunLookbackMinutes (1..720) / maxFailureRetries (1..1000). Disabled by default — opt-in.
- Cursor + replay loop (extensions/imessage/src/monitor/catchup.ts): per-account state under <openclawStateDir>/imessage/catchup/. Walks rows oldest-first, advances on success/give-up, holds at failed.rowid - 1 when a failure is below maxFailureRetries (cannot leapfrog held failures even when later rows in the same batch succeed). Watermark floor for parse-rejected rows.
- Bridge (extensions/imessage/src/monitor/catchup-bridge.ts): live chats.list + per-chat messages.history fetch adapter; dispatch adapter routes through the live handleMessageNow path so allowlists / group policy / dedupe / echo cache behave identically on replayed and live messages. Watermark clamped to last dispatched rowid when the cap truncates.
- Monitor wiring (extensions/imessage/src/monitor/monitor-provider.ts): catchup runs once between watch.subscribe and the live dispatch loop when enabled. Bypasses the inbound debouncer for serial per-row dispatch.
- Echo-cache TTL bumped 2 min → 12 h so own outbound rows from before a gap are not re-fed as inbound on replay.
- Generated bundled-channel-config-metadata.generated.ts so the runtime AJV schema accepts the new catchup block.
- Docs: new "Catching up after gateway downtime" section + BlueBubbles migration parity update.
Tests: 322/322 in extensions/imessage/, including 5 regression tests covering the cursor-leapfrog, parse-rejected stall, watermark vs held failure, and cap-truncation-cursor-floor edge cases that codex (gpt-5.4) and clawsweeper (gpt-5.5) found during review. Live-tested end-to-end against the running gateway: replayed=1 fetchedCount=1, agent reply observed, cursor persisted at the test row's exact rowid.
Co-authored-by: Omar Shahine <10343873+omarshahine@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Summary:
- The PR exports `ensureAbsoluteDirectory` through the fs-safe/SDK runtime facades and routes browser download ... through safe output directory/file helpers with focused tests, a changelog entry, and SDK API hash updates.
- Reproducibility: yes. at source level: current main creates browser download/output roots with raw recursive ... jection coverage for that path. I did not run a live browser runtime reproduction in this read-only review.
Automerge notes:
- PR branch already contained follow-up commit before automerge: fix(browser): use fs-safe output directory helper
- PR branch already contained follow-up commit before automerge: docs(changelog): mention browser fs-safe hardening
- PR branch already contained follow-up commit before automerge: fix(browser): harden download output writes
Validation:
- ClawSweeper review passed for head a9c9570f66.
- Required merge gates passed before the squash merge.
Prepared head SHA: a9c9570f66
Review: https://github.com/openclaw/openclaw/pull/78780#issuecomment-4394146682
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
