[GS-3221] Resolve merge conflicts for openclaw PR

.agents/skills/PR_WORKFLOW.md

@@ -3,10 +3,6 @@
 Please read this in full and do not skip sections.
 This is the single source of truth for the maintainer PR workflow.
 
-## Triage order
-
-Process PRs **oldest to newest**. Older PRs are more likely to have merge conflicts and stale dependencies; resolving them first keeps the queue healthy and avoids snowballing rebase pain.
-
 ## Working rule
 
 Skills execute workflow. Maintainers provide judgment.
@@ -110,7 +106,7 @@ Before any substantive review or prep work, **always rebase the PR branch onto c
 - During `prepare-pr`, use concise, action-oriented subjects **without** PR numbers or thanks; reserve `(#<PR>) thanks @<pr-author>` for the final merge/squash commit.
 - Group related changes; avoid bundling unrelated refactors.
 - Changelog workflow: keep the latest released version at the top (no `Unreleased`); after publishing, bump the version and start a new top section.
-- When working on a PR: add a changelog entry with the PR number and thank the contributor (mandatory in this workflow).
+- When working on a PR: add a changelog entry line with the PR number `(#<PR>)` and `thanks @<pr-author>` when author metadata is available (mandatory in this workflow).
 - When working on an issue: reference the issue in the changelog entry.
 - In this workflow, changelog is always required even for internal/test-only changes.
 

.agents/skills/merge-pr/SKILL.md

@@ -41,11 +41,12 @@ scripts/pr-merge <PR>
 scripts/pr-merge run <PR>
 ```
 
-3. Ensure output reports:
+3. Capture and report these values in a human-readable summary (not raw `key=value` lines):
 
-- `merge_sha=<sha>`
-- `merge_author_email=<email>`
-- `comment_url=<url>`
+- Merge commit SHA
+- Merge author email
+- Merge completion comment URL
+- PR URL
 
 ## Steps
 
@@ -97,3 +98,4 @@ Cleanup is handled by `run` after merge success.
 
 - End in `MERGED`, never `CLOSED`.
 - Cleanup only after confirmed merge.
+- In final chat output, use labeled lines or bullets; do not paste raw wrapper diagnostics unless debugging.

.agents/skills/prepare-pr/SKILL.md

@@ -74,6 +74,11 @@ jq -r '.changelog' .local/review.json
 jq -r '.docs' .local/review.json
 ```
 
+Changelog gate requirement:
+
+- `CHANGELOG.md` must include a newly added changelog entry line.
+- When PR author metadata is available, that same changelog entry line must include `(#<PR>) thanks @<pr-author>`.
+
 4. Commit scoped changes
 
 Use concise, action-oriented subject lines without PR numbers/thanks. The final merge/squash commit is the only place we include PR numbers and contributor thanks.

.env.example

@@ -37,6 +37,16 @@ OPENCLAW_GATEWAY_TOKEN=change-me-to-a-long-random-token
 # ANTHROPIC_API_KEY=sk-ant-...
 # GEMINI_API_KEY=...
 # OPENROUTER_API_KEY=sk-or-...
+# OPENCLAW_LIVE_OPENAI_KEY=sk-...
+# OPENCLAW_LIVE_ANTHROPIC_KEY=sk-ant-...
+# OPENCLAW_LIVE_GEMINI_KEY=...
+# OPENAI_API_KEY_1=...
+# ANTHROPIC_API_KEY_1=...
+# GEMINI_API_KEY_1=...
+# GOOGLE_API_KEY=...
+# OPENAI_API_KEYS=sk-1,sk-2
+# ANTHROPIC_API_KEYS=sk-ant-1,sk-ant-2
+# GEMINI_API_KEYS=key-1,key-2
 
 # Optional additional providers
 # ZAI_API_KEY=...

.github/actionlint.yaml

@@ -4,8 +4,11 @@
 self-hosted-runner:
   labels:
     # Blacksmith CI runners
-    - blacksmith-4vcpu-ubuntu-2404
-    - blacksmith-4vcpu-windows-2025
+    - blacksmith-8vcpu-ubuntu-2404
+    - blacksmith-8vcpu-windows-2025
+    - blacksmith-16vcpu-ubuntu-2404
+    - blacksmith-16vcpu-windows-2025
+    - blacksmith-16vcpu-ubuntu-2404-arm
 
 # Ignore patterns for known issues
 paths:
@@ -15,3 +18,5 @@ paths:
       - "shellcheck reported issue.+"
       # Ignore intentional if: false for disabled jobs
       - 'constant expression "false" in condition'
+      # actionlint's built-in runner label allowlist lags Blacksmith additions.
+      - 'label "blacksmith-16vcpu-[^"]+" is unknown\.'

.github/actions/setup-node-env/action.yml

@@ -37,7 +37,7 @@ runs:
         exit 1
 
     - name: Setup Node.js
-      uses: actions/setup-node@v4
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
       with:
         node-version: ${{ inputs.node-version }}
         check-latest: true
@@ -52,7 +52,7 @@ runs:
       if: inputs.install-bun == 'true'
       uses: oven-sh/setup-bun@v2
       with:
-        bun-version: latest
+        bun-version: "1.3.9+cf6cdbbba"
 
     - name: Runtime versions
       shell: bash
@@ -70,14 +70,29 @@ runs:
       shell: bash
       env:
         CI: "true"
+        FROZEN_LOCKFILE: ${{ inputs.frozen-lockfile }}
       run: |
+        set -euo pipefail
         export PATH="$NODE_BIN:$PATH"
         which node
         node -v
         pnpm -v
-        LOCKFILE_FLAG=""
-        if [ "${{ inputs.frozen-lockfile }}" = "true" ]; then
-          LOCKFILE_FLAG="--frozen-lockfile"
+        case "$FROZEN_LOCKFILE" in
+          true) LOCKFILE_FLAG="--frozen-lockfile" ;;
+          false) LOCKFILE_FLAG="" ;;
+          *)
+            echo "::error::Invalid frozen-lockfile input: '$FROZEN_LOCKFILE' (expected true or false)"
+            exit 2
+            ;;
+        esac
+
+        install_args=(
+          install
+          --ignore-scripts=false
+          --config.engine-strict=false
+          --config.enable-pre-post-scripts=true
+        )
+        if [ -n "$LOCKFILE_FLAG" ]; then
+          install_args+=("$LOCKFILE_FLAG")
         fi
-        pnpm install $LOCKFILE_FLAG --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true || \
-        pnpm install $LOCKFILE_FLAG --ignore-scripts=false --config.engine-strict=false --config.enable-pre-post-scripts=true
+        pnpm "${install_args[@]}" || pnpm "${install_args[@]}"

.github/actions/setup-pnpm-store-cache/action.yml

@@ -14,11 +14,17 @@ runs:
   steps:
     - name: Setup pnpm (corepack retry)
       shell: bash
+      env:
+        PNPM_VERSION: ${{ inputs.pnpm-version }}
       run: |
         set -euo pipefail
+        if [[ ! "$PNPM_VERSION" =~ ^[0-9]+(\.[0-9]+){1,2}([.-][0-9A-Za-z.-]+)?$ ]]; then
+          echo "::error::Invalid pnpm-version input: '$PNPM_VERSION'"
+          exit 2
+        fi
         corepack enable
         for attempt in 1 2 3; do
-          if corepack prepare "pnpm@${{ inputs.pnpm-version }}" --activate; then
+          if corepack prepare "pnpm@$PNPM_VERSION" --activate; then
             pnpm -v
             exit 0
           fi

.github/workflows/auto-response.yml

@@ -13,7 +13,7 @@ jobs:
     permissions:
       issues: write
       pull-requests: write
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-16vcpu-ubuntu-2404
     steps:
       - uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
         id: app-token
@@ -48,7 +48,7 @@ jobs:
                 label: "r: third-party-extension",
                 close: true,
                 message:
-                  "This would be better made as a third-party extension with our SDK that you maintain yourself. Docs: https://docs.openclaw.ai/plugin.",
+                  "Please make this as a third-party plugin that you maintain yourself in your own repo. Docs: https://docs.openclaw.ai/plugin. Feel free to open a PR after to add it to our community plugins page: https://docs.openclaw.ai/plugins/community",
               },
               {
                 label: "r: moltbook",

.github/workflows/ci.yml

@@ -6,14 +6,14 @@ on:
   pull_request:
 
 concurrency:
-  group: ci-${{ github.event.pull_request.number || github.sha }}
-  cancel-in-progress: true
+  group: ci-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
   # Detect docs-only changes to skip heavy jobs (test, build, Windows, macOS, Android).
   # Lint and format always run. Fail-safe: if detection fails, run everything.
   docs-scope:
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-16vcpu-ubuntu-2404
     outputs:
       docs_only: ${{ steps.check.outputs.docs_only }}
       docs_changed: ${{ steps.check.outputs.docs_changed }}
@@ -33,7 +33,7 @@ jobs:
   changed-scope:
     needs: [docs-scope]
     if: needs.docs-scope.outputs.docs_only != 'true'
-    runs-on: ubuntu-latest
+    runs-on: blacksmith-16vcpu-ubuntu-2404
     outputs:
       run_node: ${{ steps.scope.outputs.run_node }}
       run_macos: ${{ steps.scope.outputs.run_macos }}
@@ -127,7 +127,7 @@ jobs:
   build-artifacts:
     needs: [docs-scope, changed-scope, check]
     if: needs.docs-scope.outputs.docs_only != 'true' && (github.event_name == 'push' || needs.changed-scope.outputs.run_node == 'true')
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-16vcpu-ubuntu-2404
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -153,7 +153,7 @@ jobs:
   release-check:
     needs: [docs-scope, build-artifacts]
     if: github.event_name == 'push' && needs.docs-scope.outputs.docs_only != 'true'
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-16vcpu-ubuntu-2404
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -177,7 +177,7 @@ jobs:
   checks:
     needs: [docs-scope, changed-scope, check]
     if: needs.docs-scope.outputs.docs_only != 'true' && (github.event_name == 'push' || needs.changed-scope.outputs.run_node == 'true')
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-16vcpu-ubuntu-2404
     strategy:
       fail-fast: false
       matrix:
@@ -192,29 +192,46 @@ jobs:
             task: test
             command: pnpm canvas:a2ui:bundle && bunx vitest run --config vitest.unit.config.ts
     steps:
+      - name: Skip bun lane on push
+        if: github.event_name == 'push' && matrix.runtime == 'bun'
+        run: echo "Skipping bun test lane on push events."
+
       - name: Checkout
+        if: github.event_name != 'push' || matrix.runtime != 'bun'
         uses: actions/checkout@v4
         with:
           submodules: false
 
       - name: Setup Node environment
+        if: matrix.runtime != 'bun' || github.event_name != 'push'
         uses: ./.github/actions/setup-node-env
+        with:
+          install-bun: "${{ matrix.runtime == 'bun' }}"
 
       - name: Configure vitest JSON reports
-        if: matrix.task == 'test' && matrix.runtime == 'node'
+        if: (github.event_name != 'push' || matrix.runtime != 'bun') && matrix.task == 'test' && matrix.runtime == 'node'
         run: echo "OPENCLAW_VITEST_REPORT_DIR=$RUNNER_TEMP/vitest-reports" >> "$GITHUB_ENV"
 
+      - name: Configure Node test resources
+        if: (github.event_name != 'push' || matrix.runtime != 'bun') && matrix.task == 'test' && matrix.runtime == 'node'
+        run: |
+          # `pnpm test` runs `scripts/test-parallel.mjs`, which spawns multiple Node processes.
+          # Default heap limits have been too low on Linux CI (V8 OOM near 4GB).
+          echo "OPENCLAW_TEST_WORKERS=2" >> "$GITHUB_ENV"
+          echo "OPENCLAW_TEST_MAX_OLD_SPACE_SIZE_MB=6144" >> "$GITHUB_ENV"
+
       - name: Run ${{ matrix.task }} (${{ matrix.runtime }})
+        if: matrix.runtime != 'bun' || github.event_name != 'push'
         run: ${{ matrix.command }}
 
       - name: Summarize slowest tests
-        if: matrix.task == 'test' && matrix.runtime == 'node'
+        if: (github.event_name != 'push' || matrix.runtime != 'bun') && matrix.task == 'test' && matrix.runtime == 'node'
         run: |
           node scripts/vitest-slowest.mjs --dir "$OPENCLAW_VITEST_REPORT_DIR" --top 50 --out "$RUNNER_TEMP/vitest-slowest.md" > /dev/null
           echo "Slowest test summary written to $RUNNER_TEMP/vitest-slowest.md"
 
       - name: Upload vitest reports
-        if: matrix.task == 'test' && matrix.runtime == 'node'
+        if: (github.event_name != 'push' || matrix.runtime != 'bun') && matrix.task == 'test' && matrix.runtime == 'node'
         uses: actions/upload-artifact@v4
         with:
           name: vitest-reports-${{ runner.os }}-${{ matrix.runtime }}
@@ -227,7 +244,7 @@ jobs:
     name: "check"
     needs: [docs-scope]
     if: needs.docs-scope.outputs.docs_only != 'true'
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-16vcpu-ubuntu-2404
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -236,6 +253,8 @@ jobs:
 
       - name: Setup Node environment
         uses: ./.github/actions/setup-node-env
+        with:
+          install-bun: "false"
 
       - name: Check types and lint and oxfmt
         run: pnpm check
@@ -244,7 +263,7 @@ jobs:
   check-docs:
     needs: [docs-scope]
     if: needs.docs-scope.outputs.docs_changed == 'true'
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-16vcpu-ubuntu-2404
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -253,12 +272,14 @@ jobs:
 
       - name: Setup Node environment
         uses: ./.github/actions/setup-node-env
+        with:
+          install-bun: "false"
 
       - name: Check docs
         run: pnpm check:docs
 
   secrets:
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-16vcpu-ubuntu-2404
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -285,10 +306,10 @@ jobs:
   checks-windows:
     needs: [docs-scope, changed-scope, build-artifacts, check]
     if: needs.docs-scope.outputs.docs_only != 'true' && (github.event_name == 'push' || needs.changed-scope.outputs.run_node == 'true')
-    runs-on: blacksmith-4vcpu-windows-2025
+    runs-on: blacksmith-16vcpu-windows-2025
     env:
       NODE_OPTIONS: --max-old-space-size=4096
-      # Keep total concurrency predictable on the 4 vCPU runner:
+      # Keep total concurrency predictable on the 16 vCPU runner:
       # `scripts/test-parallel.mjs` runs some vitest suites in parallel processes.
       OPENCLAW_TEST_WORKERS: 2
     defaults:
@@ -347,7 +368,7 @@ jobs:
           test -s dist/plugin-sdk/index.js
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: 22.x
           check-latest: true
@@ -358,16 +379,10 @@ jobs:
           pnpm-version: "10.23.0"
           cache-key-suffix: "node22"
 
-      - name: Setup Bun
-        uses: oven-sh/setup-bun@v2
-        with:
-          bun-version: latest
-
       - name: Runtime versions
         run: |
           node -v
           npm -v
-          bun -v
           pnpm -v
 
       - name: Capture node path
@@ -645,7 +660,7 @@ jobs:
   android:
     needs: [docs-scope, changed-scope, check]
     if: needs.docs-scope.outputs.docs_only != 'true' && (github.event_name == 'push' || needs.changed-scope.outputs.run_android == 'true')
-    runs-on: blacksmith-4vcpu-ubuntu-2404
+    runs-on: blacksmith-16vcpu-ubuntu-2404
     strategy:
       fail-fast: false
       matrix:
@@ -664,7 +679,8 @@ jobs:
         uses: actions/setup-java@v4
         with:
           distribution: temurin
-          java-version: 21
+          # setup-android's sdkmanager currently crashes on JDK 21 in CI.
+          java-version: 17
 
       - name: Setup Android SDK
         uses: android-actions/setup-android@v3