docs: changelog for MS Teams scopes (#1507) (thanks @Evizero)

The @microsoft/agents-hosting SDK's MsalTokenProvider automatically
appends `/.default` to all scope strings in its token acquisition
methods (acquireAccessTokenViaSecret, acquireAccessTokenViaFIC,
acquireAccessTokenViaWID, acquireTokenWithCertificate in
msalTokenProvider.ts). This is consistent SDK behavior, not a recent
change.

Our code was including `.default` in scope URLs, resulting in invalid
double suffixes like `https://graph.microsoft.com/.default/.default`.

This was confirmed to cause Graph API authentication errors. Removing
the `.default` suffix from our scope strings allows the SDK to append
it correctly, resolving the issue.

Before: we pass `.default` -> SDK appends -> double `.default` (broken)
After:  we pass base URL  -> SDK appends -> single `.default` (works)

.github/workflows/install-smoke.yml

@@ -29,5 +29,6 @@ jobs:
           CLAWDBOT_INSTALL_CLI_URL: https://clawd.bot/install-cli.sh
           CLAWDBOT_NO_ONBOARD: "1"
           CLAWDBOT_INSTALL_SMOKE_SKIP_CLI: "1"
+          CLAWDBOT_INSTALL_SMOKE_SKIP_NONROOT: ${{ github.event_name == 'pull_request' && '1' || '0' }}
           CLAWDBOT_INSTALL_SMOKE_PREVIOUS: "2026.1.11-4"
         run: pnpm test:install:smoke

AGENTS.md

@@ -22,6 +22,16 @@
 - README (GitHub): keep absolute docs URLs (`https://docs.clawd.bot/...`) so links work on GitHub.
 - Docs content must be generic: no personal device names/hostnames/paths; use placeholders like `user@gateway-host` and “gateway host”.
 
+## exe.dev VM ops (general)
+- Access: stable path is `ssh exe.dev` then `ssh vm-name` (assume SSH key already set).
+- SSH flaky: use exe.dev web terminal or Shelley (web agent); keep a tmux session for long ops.
+- Update: `sudo npm i -g clawdbot@latest` (global install needs root on `/usr/lib/node_modules`).
+- Config: use `clawdbot config set ...`; ensure `gateway.mode=local` is set.
+- Discord: store raw token only (no `DISCORD_BOT_TOKEN=` prefix).
+- Restart: stop old gateway and run:
+  `pkill -9 -f clawdbot-gateway || true; nohup clawdbot gateway run --bind loopback --port 18789 --force > /tmp/clawdbot-gateway.log 2>&1 &`
+- Verify: `clawdbot channels status --probe`, `ss -ltnp | rg 18789`, `tail -n 120 /tmp/clawdbot-gateway.log`.
+
 ## Build, Test, and Development Commands
 - Runtime baseline: Node **22+** (keep Node + Bun paths working).
 - Install deps: `pnpm install`
@@ -51,6 +61,7 @@
 - Framework: Vitest with V8 coverage thresholds (70% lines/branches/functions/statements).
 - Naming: match source names with `*.test.ts`; e2e in `*.e2e.test.ts`.
 - Run `pnpm test` (or `pnpm test:coverage`) before pushing when you touch logic.
+- Do not set test workers above 16; tried already.
 - Live tests (real keys): `CLAWDBOT_LIVE_TEST=1 pnpm test:live` (Clawdbot-only) or `LIVE=1 pnpm test:live` (includes provider live tests). Docker: `pnpm test:docker:live-models`, `pnpm test:docker:live-gateway`. Onboarding Docker E2E: `pnpm test:docker:onboard`.
 - Full kit + what’s covered: `docs/testing.md`.
 - Pure test additions/fixes generally do **not** need a changelog entry unless they alter user-facing behavior or the user asks for one.
@@ -118,6 +129,10 @@
 - **Multi-agent safety:** do **not** switch branches / check out a different branch unless explicitly requested.
 - **Multi-agent safety:** running multiple agents is OK as long as each agent has its own session.
 - **Multi-agent safety:** when you see unrecognized files, keep going; focus on your changes and commit only those.
+- Lint/format churn:
+  - If staged+unstaged diffs are formatting-only, auto-resolve without asking.
+  - If commit/push already requested, auto-stage and include formatting-only follow-ups in the same commit (or a tiny follow-up commit if needed), no extra confirmation.
+  - Only ask when changes are semantic (logic/data/behavior).
 - Lobster seam: use the shared CLI palette in `src/terminal/palette.ts` (no hardcoded colors); apply palette to onboarding/config prompts and other TTY UI output as needed.
 - **Multi-agent safety:** focus reports on your edits; avoid guard-rail disclaimers unless truly blocked; when multiple agents touch the same file, continue if safe; end with a brief “other files present” note only if relevant.
 - Bug investigations: read source code of relevant npm dependencies and all related local code before concluding; aim for high-confidence root cause.

CHANGELOG.md

@@ -2,28 +2,36 @@
 
 Docs: https://docs.clawd.bot
 
+## 2026.1.23
+
+### Changes
+- CLI: restart the gateway by default after `clawdbot update`; add `--no-restart` to skip it.
+- CLI: add live auth probes to `clawdbot models status` for per-profile verification.
+- Markdown: add per-channel table conversion (bullets for Signal/WhatsApp, code blocks elsewhere). (#1495) Thanks @odysseus0.
+
+### Fixes
+- Voice wake: auto-save wake words on blur/submit across iOS/Android and align limits with macOS.
+- Discord: limit autoThread mention bypass to bot-owned threads; keep ack reactions mention-gated. (#1511) Thanks @pvoo.
+- Gateway: accept null optional fields in exec approval requests. (#1511) Thanks @pvoo.
+- TUI: forward unknown slash commands (for example, `/context`) to the Gateway.
+- TUI: include Gateway slash commands in autocomplete and `/help`.
+- CLI: skip usage lines in `clawdbot models status` when provider usage is unavailable.
+- CLI: suppress diagnostic session/run noise during auth probes.
+- Linux: include env-configured user bin roots in systemd PATH and align PATH audits. (#1512) Thanks @robbyczgw-cla.
+- TUI: render Gateway slash-command replies as system output (for example, `/context`).
+- Media: preserve PNG alpha when possible; fall back to JPEG when still over size cap. (#1491) Thanks @robbyczgw-cla.
+- Agents: treat plugin-only tool allowlists as opt-ins; keep core tools enabled. (#1467)
+- Exec approvals: persist allowlist entry ids to keep macOS allowlist rows stable. (#1521) Thanks @ngutman.
+- MS Teams (plugin): remove `.default` suffix from Graph scopes to avoid double-appending. (#1507) Thanks @Evizero.
+
 ## 2026.1.22
 
 ### Changes
-- Highlight: Lobster optional plugin tool for typed workflows + approval gates. https://docs.clawd.bot/tools/lobster
 - Highlight: Compaction safeguard now uses adaptive chunking, progressive fallback, and UI status + retries. (#1466) Thanks @dlauer.
-- Lobster: allow workflow file args via `argsJson` in the plugin tool. https://docs.clawd.bot/tools/lobster
-- Agents: add identity avatar config support and Control UI avatar rendering. (#1329, #1424) Thanks @dlauer.
+- Providers: add Antigravity usage tracking to status output. (#1490) Thanks @patelhiren.
 - Slack: add chat-type reply threading overrides via `replyToModeByChatType`. (#1442) Thanks @stefangalescu.
-- Memory: prevent CLI hangs by deferring vector probes, adding sqlite-vec/embedding timeouts, and showing sync progress early.
 - BlueBubbles: add `asVoice` support for MP3/CAF voice memos in sendAttachment. (#1477, #1482) Thanks @Nicell.
-- Docs: add troubleshooting entry for gateway.mode blocking gateway start. https://docs.clawd.bot/gateway/troubleshooting
-- Docs: add /model allowlist troubleshooting note. (#1405)
-- Docs: add per-message Gmail search example for gog. (#1220) Thanks @mbelinky.
-- UI: show per-session assistant identity in the Control UI. (#1420) Thanks @robbyczgw-cla.
 - Onboarding: add hatch choice (TUI/Web/Later), token explainer, background dashboard seed on macOS, and showcase link.
-- Onboarding: remove the run setup-token auth option (paste setup-token or reuse CLI creds instead).
-- Signal: add typing indicators and DM read receipts via signal-cli.
-- MSTeams: add file uploads, adaptive cards, and attachment handling improvements. (#1410) Thanks @Evizero.
-- CLI: add `clawdbot update wizard` for interactive channel selection and restart prompts. https://docs.clawd.bot/cli/update
-
-### Breaking
-- **BREAKING:** Envelope and system event timestamps now default to host-local time (was UTC) so agents don’t have to constantly convert.
 
 ### Fixes
 - BlueBubbles: stop typing indicator on idle/no-reply. (#1439) Thanks @Nicell.
@@ -32,6 +40,7 @@ Docs: https://docs.clawd.bot
 - Control UI: resolve local avatar URLs with basePath across injection + identity RPC. (#1457) Thanks @dlauer.
 - Agents: sanitize assistant history text to strip tool-call markers. (#1456) Thanks @zerone0x.
 - Discord: clarify Message Content Intent onboarding hint. (#1487) Thanks @kyleok.
+- Gateway: stop the service before uninstalling and fail if it remains loaded.
 - Agents: surface concrete API error details instead of generic AI service errors.
 - Exec: fall back to non-PTY when PTY spawn fails (EBADF). (#1484)
 - Exec approvals: allow per-segment allowlists for chained shell commands on gateway + node hosts. (#1458) Thanks @czekaj.
@@ -48,9 +57,9 @@ Docs: https://docs.clawd.bot
 - Docs: fix gog auth services example to include docs scope. (#1454) Thanks @zerone0x.
 - Slack: reduce WebClient retries to avoid duplicate sends. (#1481)
 - Slack: read thread replies for message reads when threadId is provided (replies-only). (#1450) Thanks @rodrigouroz.
+- Discord: honor accountId across message actions and cron deliveries. (#1492) Thanks @svkozak.
 - macOS: prefer linked channels in gateway summary to avoid false “not linked” status.
 - macOS/tests: fix gateway summary lookup after guard unwrap; prevent browser opens during tests. (ECID-1483)
-- Providers: improve GitHub Copilot integration (enterprise support, base URL, and auth flow alignment).
 
 ## 2026.1.21-2
 
@@ -61,6 +70,8 @@ Docs: https://docs.clawd.bot
 ## 2026.1.21
 
 ### Changes
+- Highlight: Lobster optional plugin tool for typed workflows + approval gates. https://docs.clawd.bot/tools/lobster
+- Lobster: allow workflow file args via `argsJson` in the plugin tool. https://docs.clawd.bot/tools/lobster
 - Heartbeat: allow running heartbeats in an explicit session key. (#1256) Thanks @zknicker.
 - CLI: default exec approvals to the local host, add gateway/node targeting flags, and show target details in allowlist output.
 - CLI: exec approvals mutations render tables instead of raw JSON.
@@ -70,13 +81,24 @@ Docs: https://docs.clawd.bot
 - CLI: flatten node service commands under `clawdbot node` and remove `service node` docs.
 - CLI: move gateway service commands under `clawdbot gateway` and add `gateway probe` for reachability.
 - Sessions: add per-channel reset overrides via `session.resetByChannel`. (#1353) Thanks @cash-echo-bot.
+- Agents: add identity avatar config support and Control UI avatar rendering. (#1329, #1424) Thanks @dlauer.
+- UI: show per-session assistant identity in the Control UI. (#1420) Thanks @robbyczgw-cla.
+- CLI: add `clawdbot update wizard` for interactive channel selection and restart prompts. https://docs.clawd.bot/cli/update
+- Signal: add typing indicators and DM read receipts via signal-cli.
+- MSTeams: add file uploads, adaptive cards, and attachment handling improvements. (#1410) Thanks @Evizero.
+- Onboarding: remove the run setup-token auth option (paste setup-token or reuse CLI creds instead).
+- Docs: add troubleshooting entry for gateway.mode blocking gateway start. https://docs.clawd.bot/gateway/troubleshooting
+- Docs: add /model allowlist troubleshooting note. (#1405)
+- Docs: add per-message Gmail search example for gog. (#1220) Thanks @mbelinky.
 
 ### Breaking
 - **BREAKING:** Control UI now rejects insecure HTTP without device identity by default. Use HTTPS (Tailscale Serve) or set `gateway.controlUi.allowInsecureAuth: true` to allow token-only auth. https://docs.clawd.bot/web/control-ui#insecure-http
+- **BREAKING:** Envelope and system event timestamps now default to host-local time (was UTC) so agents don’t have to constantly convert.
 
 ### Fixes
 - Nodes/macOS: prompt on allowlist miss for node exec approvals, persist allowlist decisions, and flatten node invoke errors. (#1394) Thanks @ngutman.
 - Gateway: keep auto bind loopback-first and add explicit tailnet binding to avoid Tailscale taking over local UI. (#1380)
+- Memory: prevent CLI hangs by deferring vector probes, adding sqlite-vec/embedding timeouts, and showing sync progress early.
 - Agents: enforce 9-char alphanumeric tool call ids for Mistral providers. (#1372) Thanks @zerone0x.
 - Embedded runner: persist injected history images so attachments aren’t reloaded each turn. (#1374) Thanks @Nicell.
 - Nodes tool: include agent/node/gateway context in tool failure logs to speed approval debugging.

appcast.xml

@@ -2,6 +2,54 @@
 <rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
     <channel>
         <title>Clawdbot</title>
+        <item>
+            <title>2026.1.22</title>
+            <pubDate>Fri, 23 Jan 2026 08:58:14 +0000</pubDate>
+            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
+            <sparkle:version>7530</sparkle:version>
+            <sparkle:shortVersionString>2026.1.22</sparkle:shortVersionString>
+            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
+            <description><![CDATA[<h2>Clawdbot 2026.1.22</h2>
+<h3>Changes</h3>
+<ul>
+<li>Highlight: Compaction safeguard now uses adaptive chunking, progressive fallback, and UI status + retries. (#1466) Thanks @dlauer.</li>
+<li>Providers: add Antigravity usage tracking to status output. (#1490) Thanks @patelhiren.</li>
+<li>Slack: add chat-type reply threading overrides via <code>replyToModeByChatType</code>. (#1442) Thanks @stefangalescu.</li>
+<li>BlueBubbles: add <code>asVoice</code> support for MP3/CAF voice memos in sendAttachment. (#1477, #1482) Thanks @Nicell.</li>
+<li>Onboarding: add hatch choice (TUI/Web/Later), token explainer, background dashboard seed on macOS, and showcase link.</li>
+</ul>
+<h3>Fixes</h3>
+<ul>
+<li>BlueBubbles: stop typing indicator on idle/no-reply. (#1439) Thanks @Nicell.</li>
+<li>Message tool: keep path/filePath as-is for send; hydrate buffers only for sendAttachment. (#1444) Thanks @hopyky.</li>
+<li>Auto-reply: only report a model switch when session state is available. (#1465) Thanks @robbyczgw-cla.</li>
+<li>Control UI: resolve local avatar URLs with basePath across injection + identity RPC. (#1457) Thanks @dlauer.</li>
+<li>Agents: sanitize assistant history text to strip tool-call markers. (#1456) Thanks @zerone0x.</li>
+<li>Discord: clarify Message Content Intent onboarding hint. (#1487) Thanks @kyleok.</li>
+<li>Gateway: stop the service before uninstalling and fail if it remains loaded.</li>
+<li>Agents: surface concrete API error details instead of generic AI service errors.</li>
+<li>Exec: fall back to non-PTY when PTY spawn fails (EBADF). (#1484)</li>
+<li>Exec approvals: allow per-segment allowlists for chained shell commands on gateway + node hosts. (#1458) Thanks @czekaj.</li>
+<li>Agents: make OpenAI sessions image-sanitize-only; gate tool-id/repair sanitization by provider.</li>
+<li>Doctor: honor CLAWDBOT_GATEWAY_TOKEN for auth checks and security audit token reuse. (#1448) Thanks @azade-c.</li>
+<li>Agents: make tool summaries more readable and only show optional params when set.</li>
+<li>Agents: honor SOUL.md guidance even when the file is nested or path-qualified. (#1434) Thanks @neooriginal.</li>
+<li>Matrix (plugin): persist m.direct for resolved DMs and harden room fallback. (#1436, #1486) Thanks @sibbl.</li>
+<li>CLI: prefer <code>~</code> for home paths in output.</li>
+<li>Mattermost (plugin): enforce pairing/allowlist gating, keep @username targets, and clarify plugin-only docs. (#1428) Thanks @damoahdominic.</li>
+<li>Agents: centralize transcript sanitization in the runner; keep <final> tags and error turns intact.</li>
+<li>Auth: skip auth profiles in cooldown during initial selection and rotation. (#1316) Thanks @odrobnik.</li>
+<li>Agents/TUI: honor user-pinned auth profiles during cooldown and preserve search picker ranking. (#1432) Thanks @tobiasbischoff.</li>
+<li>Docs: fix gog auth services example to include docs scope. (#1454) Thanks @zerone0x.</li>
+<li>Slack: reduce WebClient retries to avoid duplicate sends. (#1481)</li>
+<li>Slack: read thread replies for message reads when threadId is provided (replies-only). (#1450) Thanks @rodrigouroz.</li>
+<li>macOS: prefer linked channels in gateway summary to avoid false “not linked” status.</li>
+<li>macOS/tests: fix gateway summary lookup after guard unwrap; prevent browser opens during tests. (ECID-1483)</li>
+</ul>
+<p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
+]]></description>
+            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.22/Clawdbot-2026.1.22.zip" length="22302446" type="application/octet-stream" sparkle:edSignature="w/EzfwGBCRRuCg5vz8enIfYujxOZJWRw9PaunQ7gIafKwnBJSTtxcnkvMVwQsnBwB6VN5Tu2MPij7PjDFFX+CA=="/>
+        </item>
         <item>
             <title>2026.1.21</title>
             <pubDate>Thu, 22 Jan 2026 12:22:35 +0000</pubDate>
@@ -266,21 +314,5 @@ Thanks @AlexMikhalev, @CoreyH, @John-Rood, @KrauseFx, @MaudeBot, @Nachx639, @Nic
 ]]></description>
             <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.21/Clawdbot-2026.1.21.zip" length="12208102" type="application/octet-stream" sparkle:edSignature="hU495Eii8O3qmmUnxYFhXyEGv+qan6KL+GpeuBhPIXf+7B5F/gBh5Oz9cHaqaAPoZ4/3Bo6xgvic0HTkbz6gDw=="/>
         </item>
-        <item>
-            <title>2026.1.16-2</title>
-            <pubDate>Sat, 17 Jan 2026 12:46:22 +0000</pubDate>
-            <link>https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml</link>
-            <sparkle:version>6273</sparkle:version>
-            <sparkle:shortVersionString>2026.1.16-2</sparkle:shortVersionString>
-            <sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
-            <description><![CDATA[<h2>Clawdbot 2026.1.16-2</h2>
-<h3>Changes</h3>
-<ul>
-<li>CLI: stamp build commit into dist metadata so banners show the commit in npm installs.</li>
-</ul>
-<p><a href="https://github.com/clawdbot/clawdbot/blob/main/CHANGELOG.md">View full changelog</a></p>
-]]></description>
-            <enclosure url="https://github.com/clawdbot/clawdbot/releases/download/v2026.1.16-2/Clawdbot-2026.1.16-2.zip" length="21399591" type="application/octet-stream" sparkle:edSignature="zelT+KzN32cXsihbFniPF5Heq0hkwFfL3Agrh/AaoKUkr7kJAFarkGSOZRTWZ9y+DvOluzn2wHHjVigRjMzrBA=="/>
-        </item>
     </channel>
 </rss>

apps/android/app/build.gradle.kts

@@ -21,8 +21,8 @@ android {
     applicationId = "com.clawdbot.android"
     minSdk = 31
     targetSdk = 36
-    versionCode = 202601210
-    versionName = "2026.1.21"
+    versionCode = 202601230
+    versionName = "2026.1.23"
   }
 
   buildTypes {

apps/android/app/src/main/java/com/clawdbot/android/WakeWords.kt

@@ -8,10 +8,14 @@ object WakeWords {
     return input.split(",").map { it.trim() }.filter { it.isNotEmpty() }
   }
 
+  fun parseIfChanged(input: String, current: List<String>): List<String>? {
+    val parsed = parseCommaSeparated(input)
+    return if (parsed == current) null else parsed
+  }
+
   fun sanitize(words: List<String>, defaults: List<String>): List<String> {
     val cleaned =
       words.map { it.trim() }.filter { it.isNotEmpty() }.take(maxWords).map { it.take(maxWordLength) }
     return cleaned.ifEmpty { defaults }
   }
 }
-

apps/android/app/src/main/java/com/clawdbot/android/ui/SettingsSheet.kt

@@ -28,6 +28,8 @@ import androidx.compose.foundation.layout.windowInsetsPadding
 import androidx.compose.foundation.lazy.LazyColumn
 import androidx.compose.foundation.lazy.items
 import androidx.compose.foundation.lazy.rememberLazyListState
+import androidx.compose.foundation.text.KeyboardActions
+import androidx.compose.foundation.text.KeyboardOptions
 import androidx.compose.material.icons.Icons
 import androidx.compose.material.icons.filled.ExpandLess
 import androidx.compose.material.icons.filled.ExpandMore
@@ -49,7 +51,10 @@ import androidx.compose.runtime.remember
 import androidx.compose.runtime.setValue
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.draw.alpha
+import androidx.compose.ui.focus.onFocusChanged
 import androidx.compose.ui.platform.LocalContext
+import androidx.compose.ui.platform.LocalFocusManager
+import androidx.compose.ui.text.input.ImeAction
 import androidx.compose.ui.text.style.TextAlign
 import androidx.compose.ui.unit.dp
 import androidx.core.content.ContextCompat
@@ -58,6 +63,7 @@ import com.clawdbot.android.LocationMode
 import com.clawdbot.android.MainViewModel
 import com.clawdbot.android.NodeForegroundService
 import com.clawdbot.android.VoiceWakeMode
+import com.clawdbot.android.WakeWords
 
 @Composable
 fun SettingsSheet(viewModel: MainViewModel) {
@@ -86,6 +92,8 @@ fun SettingsSheet(viewModel: MainViewModel) {
   val listState = rememberLazyListState()
   val (wakeWordsText, setWakeWordsText) = remember { mutableStateOf("") }
   val (advancedExpanded, setAdvancedExpanded) = remember { mutableStateOf(false) }
+  val focusManager = LocalFocusManager.current
+  var wakeWordsHadFocus by remember { mutableStateOf(false) }
   val deviceModel =
     remember {
       listOfNotNull(Build.MANUFACTURER, Build.MODEL)
@@ -104,6 +112,12 @@ fun SettingsSheet(viewModel: MainViewModel) {
     }
 
   LaunchedEffect(wakeWords) { setWakeWordsText(wakeWords.joinToString(", ")) }
+  val commitWakeWords = {
+    val parsed = WakeWords.parseIfChanged(wakeWordsText, wakeWords)
+    if (parsed != null) {
+      viewModel.setWakeWords(parsed)
+    }
+  }
 
   val permissionLauncher =
     rememberLauncherForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) { perms ->
@@ -481,25 +495,27 @@ fun SettingsSheet(viewModel: MainViewModel) {
         value = wakeWordsText,
         onValueChange = setWakeWordsText,
         label = { Text("Wake Words (comma-separated)") },
-        modifier = Modifier.fillMaxWidth(),
+        modifier =
+          Modifier.fillMaxWidth().onFocusChanged { focusState ->
+            if (focusState.isFocused) {
+              wakeWordsHadFocus = true
+            } else if (wakeWordsHadFocus) {
+              wakeWordsHadFocus = false
+              commitWakeWords()
+            }
+          },
         singleLine = true,
+        keyboardOptions = KeyboardOptions(imeAction = ImeAction.Done),
+        keyboardActions =
+          KeyboardActions(
+            onDone = {
+              commitWakeWords()
+              focusManager.clearFocus()
+            },
+          ),
       )
     }
-    item {
-      Row(horizontalArrangement = Arrangement.spacedBy(12.dp)) {
-        Button(
-          onClick = {
-            val parsed = com.clawdbot.android.WakeWords.parseCommaSeparated(wakeWordsText)
-            viewModel.setWakeWords(parsed)
-          },
-          enabled = isConnected,
-        ) {
-          Text("Save + Sync")
-        }
-
-        Button(onClick = viewModel::resetWakeWordsDefaults) { Text("Reset defaults") }
-      }
-    }
+    item { Button(onClick = viewModel::resetWakeWordsDefaults) { Text("Reset defaults") } }
     item {
       Text(
         if (isConnected) {

apps/android/app/src/test/java/com/clawdbot/android/WakeWordsTest.kt

@@ -1,6 +1,7 @@
 package com.clawdbot.android
 
 import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNull
 import org.junit.Test
 
 class WakeWordsTest {
@@ -32,5 +33,18 @@ class WakeWordsTest {
     assertEquals("w1", sanitized.first())
     assertEquals("w${WakeWords.maxWords}", sanitized.last())
   }
-}
 
+  @Test
+  fun parseIfChangedSkipsWhenUnchanged() {
+    val current = listOf("clawd", "claude")
+    val parsed = WakeWords.parseIfChanged(" clawd , claude ", current)
+    assertNull(parsed)
+  }
+
+  @Test
+  fun parseIfChangedReturnsUpdatedList() {
+    val current = listOf("clawd")
+    val parsed = WakeWords.parseIfChanged(" clawd , jarvis ", current)
+    assertEquals(listOf("clawd", "jarvis"), parsed)
+  }
+}

apps/ios/Sources/Info.plist

@@ -19,9 +19,9 @@
 	<key>CFBundlePackageType</key>
 	<string>APPL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2026.1.21</string>
+	<string>2026.1.23</string>
 	<key>CFBundleVersion</key>
-	<string>20260121</string>
+	<string>20260123</string>
 	<key>NSAppTransportSecurity</key>
 	<dict>
 		<key>NSAllowsArbitraryLoadsInWebContent</key>

apps/ios/Sources/Settings/VoiceWakeWordsSettingsView.swift

@@ -1,8 +1,10 @@
 import SwiftUI
+import Combine
 
 struct VoiceWakeWordsSettingsView: View {
     @Environment(NodeAppModel.self) private var appModel
     @State private var triggerWords: [String] = VoiceWakePreferences.loadTriggerWords()
+    @FocusState private var focusedTriggerIndex: Int?
     @State private var syncTask: Task<Void, Never>?
 
     var body: some View {
@@ -12,6 +14,10 @@ struct VoiceWakeWordsSettingsView: View {
                     TextField("Wake word", text: self.binding(for: index))
                         .textInputAutocapitalization(.never)
                         .autocorrectionDisabled()
+                        .focused(self.$focusedTriggerIndex, equals: index)
+                        .onSubmit {
+                            self.commitTriggerWords()
+                        }
                 }
                 .onDelete(perform: self.removeWords)
 
@@ -39,17 +45,18 @@ struct VoiceWakeWordsSettingsView: View {
         .onAppear {
             if self.triggerWords.isEmpty {
                 self.triggerWords = VoiceWakePreferences.defaultTriggerWords
+                self.commitTriggerWords()
             }
         }
-        .onChange(of: self.triggerWords) { _, newValue in
-            // Keep local voice wake responsive even if the gateway isn't connected yet.
-            VoiceWakePreferences.saveTriggerWords(newValue)
-
-            let snapshot = VoiceWakePreferences.sanitizeTriggerWords(newValue)
-            self.syncTask?.cancel()
-            self.syncTask = Task { [snapshot, weak appModel = self.appModel] in
-                try? await Task.sleep(nanoseconds: 650_000_000)
-                await appModel?.setGlobalWakeWords(snapshot)
+        .onChange(of: self.focusedTriggerIndex) { oldValue, newValue in
+            guard oldValue != nil, oldValue != newValue else { return }
+            self.commitTriggerWords()
+        }
+        .onReceive(NotificationCenter.default.publisher(for: UserDefaults.didChangeNotification)) { _ in
+            guard self.focusedTriggerIndex == nil else { return }
+            let updated = VoiceWakePreferences.loadTriggerWords()
+            if updated != self.triggerWords {
+                self.triggerWords = updated
             }
         }
     }
@@ -63,6 +70,7 @@ struct VoiceWakeWordsSettingsView: View {
         if self.triggerWords.isEmpty {
             self.triggerWords = VoiceWakePreferences.defaultTriggerWords
         }
+        self.commitTriggerWords()
     }
 
     private func binding(for index: Int) -> Binding<String> {
@@ -76,4 +84,15 @@ struct VoiceWakeWordsSettingsView: View {
                 self.triggerWords[index] = newValue
             })
     }
+
+    private func commitTriggerWords() {
+        VoiceWakePreferences.saveTriggerWords(self.triggerWords)
+
+        let snapshot = VoiceWakePreferences.sanitizeTriggerWords(self.triggerWords)
+        self.syncTask?.cancel()
+        self.syncTask = Task { [snapshot, weak appModel = self.appModel] in
+            try? await Task.sleep(nanoseconds: 650_000_000)
+            await appModel?.setGlobalWakeWords(snapshot)
+        }
+    }
 }

apps/ios/Sources/Voice/VoiceWakePreferences.swift

@@ -6,6 +6,8 @@ enum VoiceWakePreferences {
 
     // Keep defaults aligned with the mac app.
     static let defaultTriggerWords: [String] = ["clawd", "claude"]
+    static let maxWords = 32
+    static let maxWordLength = 64
 
     static func decodeGatewayTriggers(from payloadJSON: String) -> [String]? {
         guard let data = payloadJSON.data(using: .utf8) else { return nil }
@@ -30,6 +32,8 @@ enum VoiceWakePreferences {
         let cleaned = words
             .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
             .filter { !$0.isEmpty }
+            .prefix(Self.maxWords)
+            .map { String($0.prefix(Self.maxWordLength)) }
         return cleaned.isEmpty ? Self.defaultTriggerWords : cleaned
     }
 

apps/ios/Tests/Info.plist

@@ -17,8 +17,8 @@
 	<key>CFBundlePackageType</key>
 	<string>BNDL</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2026.1.21</string>
+	<string>2026.1.23</string>
 	<key>CFBundleVersion</key>
-	<string>20260121</string>
+	<string>20260123</string>
 </dict>
 </plist>

apps/ios/Tests/VoiceWakePreferencesTests.swift

@@ -11,6 +11,18 @@ import Testing
         #expect(VoiceWakePreferences.sanitizeTriggerWords(["", "  "]) == VoiceWakePreferences.defaultTriggerWords)
     }
 
+    @Test func sanitizeTriggerWordsLimitsWordLength() {
+        let long = String(repeating: "x", count: VoiceWakePreferences.maxWordLength + 5)
+        let cleaned = VoiceWakePreferences.sanitizeTriggerWords(["ok", long])
+        #expect(cleaned[1].count == VoiceWakePreferences.maxWordLength)
+    }
+
+    @Test func sanitizeTriggerWordsLimitsWordCount() {
+        let words = (1...VoiceWakePreferences.maxWords + 3).map { "w\($0)" }
+        let cleaned = VoiceWakePreferences.sanitizeTriggerWords(words)
+        #expect(cleaned.count == VoiceWakePreferences.maxWords)
+    }
+
     @Test func displayStringUsesSanitizedWords() {
         #expect(VoiceWakePreferences.displayString(for: ["", " "]) == "clawd, claude")
     }

apps/ios/project.yml

@@ -81,8 +81,8 @@ targets:
       properties:
         CFBundleDisplayName: Clawdbot
         CFBundleIconName: AppIcon
-        CFBundleShortVersionString: "2026.1.21"
-        CFBundleVersion: "20260121"
+        CFBundleShortVersionString: "2026.1.23"
+        CFBundleVersion: "20260123"
         UILaunchScreen: {}
         UIApplicationSceneManifest:
           UIApplicationSupportsMultipleScenes: false
@@ -130,5 +130,5 @@ targets:
       path: Tests/Info.plist
       properties:
         CFBundleDisplayName: ClawdbotTests
-        CFBundleShortVersionString: "2026.1.21"
-        CFBundleVersion: "20260121"
+        CFBundleShortVersionString: "2026.1.23"
+        CFBundleVersion: "20260123"

apps/macos/Sources/Clawdbot/Constants.swift

@@ -12,6 +12,8 @@ let voiceWakeTriggerChimeKey = "clawdbot.voiceWakeTriggerChime"
 let voiceWakeSendChimeKey = "clawdbot.voiceWakeSendChime"
 let showDockIconKey = "clawdbot.showDockIcon"
 let defaultVoiceWakeTriggers = ["clawd", "claude"]
+let voiceWakeMaxWords = 32
+let voiceWakeMaxWordLength = 64
 let voiceWakeMicKey = "clawdbot.voiceWakeMicID"
 let voiceWakeMicNameKey = "clawdbot.voiceWakeMicName"
 let voiceWakeLocaleKey = "clawdbot.voiceWakeLocaleID"

apps/macos/Sources/Clawdbot/ExecApprovals.swift

@@ -84,11 +84,52 @@ enum ExecApprovalDecision: String, Codable, Sendable {
     case deny
 }
 
-struct ExecAllowlistEntry: Codable, Hashable {
+struct ExecAllowlistEntry: Codable, Hashable, Identifiable {
+    var id: UUID
     var pattern: String
     var lastUsedAt: Double?
     var lastUsedCommand: String?
     var lastResolvedPath: String?
+
+    init(
+        id: UUID = UUID(),
+        pattern: String,
+        lastUsedAt: Double? = nil,
+        lastUsedCommand: String? = nil,
+        lastResolvedPath: String? = nil)
+    {
+        self.id = id
+        self.pattern = pattern
+        self.lastUsedAt = lastUsedAt
+        self.lastUsedCommand = lastUsedCommand
+        self.lastResolvedPath = lastResolvedPath
+    }
+
+    private enum CodingKeys: String, CodingKey {
+        case id
+        case pattern
+        case lastUsedAt
+        case lastUsedCommand
+        case lastResolvedPath
+    }
+
+    init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        self.id = try container.decodeIfPresent(UUID.self, forKey: .id) ?? UUID()
+        self.pattern = try container.decode(String.self, forKey: .pattern)
+        self.lastUsedAt = try container.decodeIfPresent(Double.self, forKey: .lastUsedAt)
+        self.lastUsedCommand = try container.decodeIfPresent(String.self, forKey: .lastUsedCommand)
+        self.lastResolvedPath = try container.decodeIfPresent(String.self, forKey: .lastResolvedPath)
+    }
+
+    func encode(to encoder: Encoder) throws {
+        var container = encoder.container(keyedBy: CodingKeys.self)
+        try container.encode(self.id, forKey: .id)
+        try container.encode(self.pattern, forKey: .pattern)
+        try container.encodeIfPresent(self.lastUsedAt, forKey: .lastUsedAt)
+        try container.encodeIfPresent(self.lastUsedCommand, forKey: .lastUsedCommand)
+        try container.encodeIfPresent(self.lastResolvedPath, forKey: .lastResolvedPath)
+    }
 }
 
 struct ExecApprovalsDefaults: Codable {
@@ -295,6 +336,7 @@ enum ExecApprovalsStore {
         let allowlist = ((wildcardEntry.allowlist ?? []) + (agentEntry.allowlist ?? []))
             .map { entry in
                 ExecAllowlistEntry(
+                    id: entry.id,
                     pattern: entry.pattern.trimmingCharacters(in: .whitespacesAndNewlines),
                     lastUsedAt: entry.lastUsedAt,
                     lastUsedCommand: entry.lastUsedCommand,
@@ -379,6 +421,7 @@ enum ExecApprovalsStore {
             let allowlist = (entry.allowlist ?? []).map { item -> ExecAllowlistEntry in
                 guard item.pattern == pattern else { return item }
                 return ExecAllowlistEntry(
+                    id: item.id,
                     pattern: item.pattern,
                     lastUsedAt: Date().timeIntervalSince1970 * 1000,
                     lastUsedCommand: command,
@@ -398,6 +441,7 @@ enum ExecApprovalsStore {
             let cleaned = allowlist
                 .map { item in
                     ExecAllowlistEntry(
+                        id: item.id,
                         pattern: item.pattern.trimmingCharacters(in: .whitespacesAndNewlines),
                         lastUsedAt: item.lastUsedAt,
                         lastUsedCommand: item.lastUsedCommand,

apps/macos/Sources/Clawdbot/Resources/Info.plist

@@ -15,9 +15,9 @@
     <key>CFBundlePackageType</key>
     <string>APPL</string>
     <key>CFBundleShortVersionString</key>
-    <string>2026.1.21</string>
+    <string>2026.1.23</string>
     <key>CFBundleVersion</key>
-    <string>202601210</string>
+    <string>202601230</string>
     <key>CFBundleIconFile</key>
     <string>Clawdbot</string>
     <key>CFBundleURLTypes</key>

apps/macos/Sources/Clawdbot/SystemRunSettingsView.swift

@@ -123,12 +123,12 @@ struct SystemRunSettingsView: View {
                         .foregroundStyle(.secondary)
                 } else {
                     VStack(alignment: .leading, spacing: 8) {
-                        ForEach(Array(self.model.entries.enumerated()), id: \.offset) { index, _ in
+                        ForEach(self.model.entries, id: \.id) { entry in
                             ExecAllowlistRow(
                                 entry: Binding(
-                                    get: { self.model.entries[index] },
-                                    set: { self.model.updateEntry($0, at: index) }),
-                                onRemove: { self.model.removeEntry(at: index) })
+                                    get: { self.model.entry(for: entry.id) ?? entry },
+                                    set: { self.model.updateEntry($0, id: entry.id) }),
+                                onRemove: { self.model.removeEntry(id: entry.id) })
                         }
                     }
                 }
@@ -373,20 +373,24 @@ final class ExecApprovalsSettingsModel {
         ExecApprovalsStore.updateAllowlist(agentId: self.selectedAgentId, allowlist: self.entries)
     }
 
-    func updateEntry(_ entry: ExecAllowlistEntry, at index: Int) {
+    func updateEntry(_ entry: ExecAllowlistEntry, id: UUID) {
         guard !self.isDefaultsScope else { return }
-        guard self.entries.indices.contains(index) else { return }
+        guard let index = self.entries.firstIndex(where: { $0.id == id }) else { return }
         self.entries[index] = entry
         ExecApprovalsStore.updateAllowlist(agentId: self.selectedAgentId, allowlist: self.entries)
     }
 
-    func removeEntry(at index: Int) {
+    func removeEntry(id: UUID) {
         guard !self.isDefaultsScope else { return }
-        guard self.entries.indices.contains(index) else { return }
+        guard let index = self.entries.firstIndex(where: { $0.id == id }) else { return }
         self.entries.remove(at: index)
         ExecApprovalsStore.updateAllowlist(agentId: self.selectedAgentId, allowlist: self.entries)
     }
 
+    func entry(for id: UUID) -> ExecAllowlistEntry? {
+        self.entries.first(where: { $0.id == id })
+    }
+
     func refreshSkillBins(force: Bool = false) async {
         guard self.autoAllowSkills else {
             self.skillBins = []

apps/macos/Sources/Clawdbot/VoiceWakeHelpers.swift

@@ -4,6 +4,8 @@ func sanitizeVoiceWakeTriggers(_ words: [String]) -> [String] {
     let cleaned = words
         .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
         .filter { !$0.isEmpty }
+        .prefix(voiceWakeMaxWords)
+        .map { String($0.prefix(voiceWakeMaxWordLength)) }
     return cleaned.isEmpty ? defaultVoiceWakeTriggers : cleaned
 }
 

apps/macos/Sources/Clawdbot/VoiceWakeSettings.swift

@@ -21,6 +21,7 @@ struct VoiceWakeSettings: View {
     @State private var micObserver = AudioInputDeviceObserver()
     @State private var micRefreshTask: Task<Void, Never>?
     @State private var availableLocales: [Locale] = []
+    @State private var triggerEntries: [TriggerEntry] = []
     private let fieldLabelWidth: CGFloat = 140
     private let controlWidth: CGFloat = 240
     private let isPreview = ProcessInfo.processInfo.isPreview
@@ -31,9 +32,9 @@ struct VoiceWakeSettings: View {
         var id: String { self.uid }
     }
 
-    private struct IndexedWord: Identifiable {
-        let id: Int
-        let value: String
+    private struct TriggerEntry: Identifiable {
+        let id: UUID
+        var value: String
     }
 
     private var voiceWakeBinding: Binding<Bool> {
@@ -105,6 +106,7 @@ struct VoiceWakeSettings: View {
         .onAppear {
             guard !self.isPreview else { return }
             self.startMicObserver()
+            self.loadTriggerEntries()
         }
         .onChange(of: self.state.voiceWakeMicID) { _, _ in
             guard !self.isPreview else { return }
@@ -122,8 +124,10 @@ struct VoiceWakeSettings: View {
                 self.micRefreshTask = nil
                 Task { await self.meter.stop() }
                 self.micObserver.stop()
+                self.syncTriggerEntriesToState()
             } else {
                 self.startMicObserver()
+                self.loadTriggerEntries()
             }
         }
         .onDisappear {
@@ -136,11 +140,16 @@ struct VoiceWakeSettings: View {
             self.micRefreshTask = nil
             self.micObserver.stop()
             Task { await self.meter.stop() }
+            self.syncTriggerEntriesToState()
         }
     }
 
-    private var indexedWords: [IndexedWord] {
-        self.state.swabbleTriggerWords.enumerated().map { IndexedWord(id: $0.offset, value: $0.element) }
+    private func loadTriggerEntries() {
+        self.triggerEntries = self.state.swabbleTriggerWords.map { TriggerEntry(id: UUID(), value: $0) }
+    }
+
+    private func syncTriggerEntriesToState() {
+        self.state.swabbleTriggerWords = self.triggerEntries.map(\.value)
     }
 
     private var triggerTable: some View {
@@ -154,29 +163,42 @@ struct VoiceWakeSettings: View {
                 } label: {
                     Label("Add word", systemImage: "plus")
                 }
-                .disabled(self.state.swabbleTriggerWords
-                    .contains(where: { $0.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty }))
+                .disabled(self.triggerEntries
+                    .contains(where: { $0.value.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty }))
 
-                Button("Reset defaults") { self.state.swabbleTriggerWords = defaultVoiceWakeTriggers }
+                Button("Reset defaults") {
+                    self.triggerEntries = defaultVoiceWakeTriggers.map { TriggerEntry(id: UUID(), value: $0) }
+                    self.syncTriggerEntriesToState()
+                }
             }
 
-            Table(self.indexedWords) {
-                TableColumn("Word") { row in
-                    TextField("Wake word", text: self.binding(for: row.id))
-                        .textFieldStyle(.roundedBorder)
-                }
-                TableColumn("") { row in
-                    Button {
-                        self.removeWord(at: row.id)
-                    } label: {
-                        Image(systemName: "trash")
+            VStack(spacing: 0) {
+                ForEach(self.$triggerEntries) { $entry in
+                    HStack(spacing: 8) {
+                        TextField("Wake word", text: $entry.value)
+                            .textFieldStyle(.roundedBorder)
+                            .onSubmit {
+                                self.syncTriggerEntriesToState()
+                            }
+
+                        Button {
+                            self.removeWord(id: entry.id)
+                        } label: {
+                            Image(systemName: "trash")
+                        }
+                        .buttonStyle(.borderless)
+                        .help("Remove trigger word")
+                        .frame(width: 24)
+                    }
+                    .padding(8)
+
+                    if entry.id != self.triggerEntries.last?.id {
+                        Divider()
                     }
-                    .buttonStyle(.borderless)
-                    .help("Remove trigger word")
                 }
-                .width(36)
             }
-            .frame(minHeight: 180)
+            .frame(maxWidth: .infinity, minHeight: 180, alignment: .topLeading)
+            .background(Color(nsColor: .textBackgroundColor))
             .clipShape(RoundedRectangle(cornerRadius: 6))
             .overlay(
                 RoundedRectangle(cornerRadius: 6)
@@ -211,24 +233,12 @@ struct VoiceWakeSettings: View {
     }
 
     private func addWord() {
-        self.state.swabbleTriggerWords.append("")
+        self.triggerEntries.append(TriggerEntry(id: UUID(), value: ""))
     }
 
-    private func removeWord(at index: Int) {
-        guard self.state.swabbleTriggerWords.indices.contains(index) else { return }
-        self.state.swabbleTriggerWords.remove(at: index)
-    }
-
-    private func binding(for index: Int) -> Binding<String> {
-        Binding(
-            get: {
-                guard self.state.swabbleTriggerWords.indices.contains(index) else { return "" }
-                return self.state.swabbleTriggerWords[index]
-            },
-            set: { newValue in
-                guard self.state.swabbleTriggerWords.indices.contains(index) else { return }
-                self.state.swabbleTriggerWords[index] = newValue
-            })
+    private func removeWord(id: UUID) {
+        self.triggerEntries.removeAll { $0.id == id }
+        self.syncTriggerEntriesToState()
     }
 
     private func toggleTest() {
@@ -638,13 +648,14 @@ extension VoiceWakeSettings {
         state.voicePushToTalkEnabled = true
         state.swabbleTriggerWords = ["Claude", "Hey"]
 
-        let view = VoiceWakeSettings(state: state, isActive: true)
+        var view = VoiceWakeSettings(state: state, isActive: true)
         view.availableMics = [AudioInputDevice(uid: "mic-1", name: "Built-in")]
         view.availableLocales = [Locale(identifier: "en_US")]
         view.meterLevel = 0.42
         view.meterError = "No input"
         view.testState = .detected("ok")
         view.isTesting = true
+        view.triggerEntries = [TriggerEntry(id: UUID(), value: "Claude")]
 
         _ = view.body
         _ = view.localePicker
@@ -654,8 +665,9 @@ extension VoiceWakeSettings {
         _ = view.chimeSection
 
         view.addWord()
-        _ = view.binding(for: 0).wrappedValue
-        view.removeWord(at: 0)
+        if let entryId = view.triggerEntries.first?.id {
+            view.removeWord(id: entryId)
+        }
     }
 }
 #endif

apps/macos/Tests/ClawdbotIPCTests/VoiceWakeHelpersTests.swift

@@ -12,6 +12,18 @@ struct VoiceWakeHelpersTests {
         #expect(cleaned == defaultVoiceWakeTriggers)
     }
 
+    @Test func sanitizeTriggersLimitsWordLength() {
+        let long = String(repeating: "x", count: voiceWakeMaxWordLength + 5)
+        let cleaned = sanitizeVoiceWakeTriggers(["ok", long])
+        #expect(cleaned[1].count == voiceWakeMaxWordLength)
+    }
+
+    @Test func sanitizeTriggersLimitsWordCount() {
+        let words = (1...voiceWakeMaxWords + 3).map { "w\($0)" }
+        let cleaned = sanitizeVoiceWakeTriggers(words)
+        #expect(cleaned.count == voiceWakeMaxWords)
+    }
+
     @Test func normalizeLocaleStripsCollation() {
         #expect(normalizeLocaleIdentifier("en_US@collation=phonebook") == "en_US")
     }

docs/cli/index.md

@@ -700,8 +700,15 @@ Options:
 - `--json`
 - `--plain`
 - `--check` (exit 1=expired/missing, 2=expiring)
+- `--probe` (live probe of configured auth profiles)
+- `--probe-provider <name>`
+- `--probe-profile <id>` (repeat or comma-separated)
+- `--probe-timeout <ms>`
+- `--probe-concurrency <n>`
+- `--probe-max-tokens <n>`
 
 Always includes the auth overview and OAuth expiry status for profiles in the auth store.
+`--probe` runs live requests (may consume tokens and trigger rate limits).
 
 ### `models set <model>`
 Set `agents.defaults.model.primary`.

docs/cli/models.md

@@ -25,12 +25,26 @@ clawdbot models scan
 `clawdbot models status` shows the resolved default/fallbacks plus an auth overview.
 When provider usage snapshots are available, the OAuth/token status section includes
 provider usage headers.
+Add `--probe` to run live auth probes against each configured provider profile.
+Probes are real requests (may consume tokens and trigger rate limits).
 
 Notes:
 - `models set <model-or-alias>` accepts `provider/model` or an alias.
 - Model refs are parsed by splitting on the **first** `/`. If the model ID includes `/` (OpenRouter-style), include the provider prefix (example: `openrouter/moonshotai/kimi-k2`).
 - If you omit the provider, Clawdbot treats the input as an alias or a model for the **default provider** (only works when there is no `/` in the model ID).
 
+### `models status`
+Options:
+- `--json`
+- `--plain`
+- `--check` (exit 1=expired/missing, 2=expiring)
+- `--probe` (live probe of configured auth profiles)
+- `--probe-provider <name>` (probe one provider)
+- `--probe-profile <id>` (repeat or comma-separated profile ids)
+- `--probe-timeout <ms>`
+- `--probe-concurrency <n>`
+- `--probe-max-tokens <n>`
+
 ## Aliases + fallbacks
 
 ```bash

docs/cli/update.md

@@ -1,5 +1,5 @@
 ---
-summary: "CLI reference for `clawdbot update` (safe-ish source update + optional gateway restart)"
+summary: "CLI reference for `clawdbot update` (safe-ish source update + gateway auto-restart)"
 read_when:
   - You want to update a source checkout safely
   - You need to understand `--update` shorthand behavior
@@ -20,14 +20,14 @@ clawdbot update wizard
 clawdbot update --channel beta
 clawdbot update --channel dev
 clawdbot update --tag beta
-clawdbot update --restart
+clawdbot update --no-restart
 clawdbot update --json
 clawdbot --update
 ```
 
 ## Options
 
-- `--restart`: restart the Gateway service after a successful update.
+- `--no-restart`: skip restarting the Gateway service after a successful update.
 - `--channel <stable|beta|dev>`: set the update channel (git + npm; persisted in config).
 - `--tag <dist-tag|version>`: override the npm dist-tag or version for this update only.
 - `--json`: print machine-readable `UpdateRunResult` JSON.
@@ -52,7 +52,8 @@ Options:
 ## `update wizard`
 
 Interactive flow to pick an update channel and confirm whether to restart the Gateway
-after updating. If you select `dev` without a git checkout, it offers to create one.
+after updating (default is to restart). If you select `dev` without a git checkout, it
+offers to create one.
 
 ## What it does
 

docs/concepts/markdown-formatting.md

@@ -25,6 +25,7 @@ stay consistent across channels.
 1. **Parse Markdown -> IR**
    - IR is plain text plus style spans (bold/italic/strike/code/spoiler) and link spans.
    - Offsets are UTF-16 code units so Signal style ranges align with its API.
+   - Tables are parsed only when a channel opts into table conversion.
 2. **Chunk IR (format-first)**
    - Chunking happens on the IR text before rendering.
    - Inline formatting does not split across chunks; spans are sliced per chunk.
@@ -59,7 +60,30 @@ IR (schematic):
 
 - Slack, Telegram, and Signal outbound adapters render from the IR.
 - Other channels (WhatsApp, iMessage, MS Teams, Discord) still use plain text or
-  their own formatting rules.
+  their own formatting rules, with Markdown table conversion applied before
+  chunking when enabled.
+
+## Table handling
+
+Markdown tables are not consistently supported across chat clients. Use
+`markdown.tables` to control conversion per channel (and per account).
+
+- `code`: render tables as code blocks (default for most channels).
+- `bullets`: convert each row into bullet points (default for Signal + WhatsApp).
+- `off`: disable table parsing and conversion; raw table text passes through.
+
+Config keys:
+
+```yaml
+channels:
+  discord:
+    markdown:
+      tables: code
+    accounts:
+      work:
+        markdown:
+          tables: off
+```
 
 ## Chunking rules
 

docs/help/troubleshooting.md

@@ -43,6 +43,14 @@ Almost always a Node/npm PATH issue. Start here:
 - [Gateway troubleshooting](/gateway/troubleshooting)
 - [Control UI](/web/control-ui#insecure-http)
 
+### `docs.clawd.bot` shows an SSL error (Comcast/Xfinity)
+
+Some Comcast/Xfinity connections block `docs.clawd.bot` via Xfinity Advanced Security.
+Disable Advanced Security or add `docs.clawd.bot` to the allowlist, then retry.
+
+- Xfinity Advanced Security help: https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security
+- Quick sanity checks: try a mobile hotspot or VPN to confirm it’s ISP-level filtering
+
 ### Service says running, but RPC probe fails
 
 - [Gateway troubleshooting](/gateway/troubleshooting)

docs/install/updating.md

@@ -7,7 +7,7 @@ read_when:
 
 # Updating
 
-Clawdbot is moving fast (pre “1.0”). Treat updates like shipping infra: update → run checks → restart → verify.
+Clawdbot is moving fast (pre “1.0”). Treat updates like shipping infra: update → run checks → restart (or use `clawdbot update`, which restarts) → verify.
 
 ## Recommended: re-run the website installer (upgrade in place)
 
@@ -81,7 +81,7 @@ Notes:
 For **source installs** (git checkout), prefer:
 
 ```bash
-clawdbot update --restart
+clawdbot update
 ```
 
 It runs a safe-ish update flow:
@@ -89,6 +89,7 @@ It runs a safe-ish update flow:
 - Switches to the selected channel (tag or branch).
 - Fetches + rebases against the configured upstream (dev channel).
 - Installs deps, builds, builds the Control UI, and runs `clawdbot doctor`.
+- Restarts the gateway by default (use `--no-restart` to skip).
 
 If you installed via **npm/pnpm** (no git metadata), `clawdbot update` will try to update via your package manager. If it can’t detect the install, use “Update (global install)” instead.
 

docs/platforms/mac/release.md

@@ -11,7 +11,7 @@ This app now ships Sparkle auto-updates. Release builds must be Developer ID–s
 
 ## Prereqs
 - Developer ID Application cert installed (example: `Developer ID Application: <Developer Name> (<TEAMID>)`).
-- Sparkle private key path set in the environment as `SPARKLE_PRIVATE_KEY_FILE` (path to your Sparkle ed25519 private key; public key baked into Info.plist).
+- Sparkle private key path set in the environment as `SPARKLE_PRIVATE_KEY_FILE` (path to your Sparkle ed25519 private key; public key baked into Info.plist). If it is missing, check `~/.profile`.
 - Notary credentials (keychain profile or API key) for `xcrun notarytool` if you want Gatekeeper-safe DMG/zip distribution.
   - We use a Keychain profile named `clawdbot-notary`, created from App Store Connect API key env vars in your shell profile:
     - `APP_STORE_CONNECT_API_KEY_P8`, `APP_STORE_CONNECT_KEY_ID`, `APP_STORE_CONNECT_ISSUER_ID`
@@ -30,17 +30,17 @@ Notes:
 # From repo root; set release IDs so Sparkle feed is enabled.
 # APP_BUILD must be numeric + monotonic for Sparkle compare.
 BUNDLE_ID=com.clawdbot.mac \
-APP_VERSION=2026.1.21 \
+APP_VERSION=2026.1.23 \
 APP_BUILD="$(git rev-list --count HEAD)" \
 BUILD_CONFIG=release \
 SIGN_IDENTITY="Developer ID Application: <Developer Name> (<TEAMID>)" \
 scripts/package-mac-app.sh
 
 # Zip for distribution (includes resource forks for Sparkle delta support)
-ditto -c -k --sequesterRsrc --keepParent dist/Clawdbot.app dist/Clawdbot-2026.1.21.zip
+ditto -c -k --sequesterRsrc --keepParent dist/Clawdbot.app dist/Clawdbot-2026.1.23.zip
 
 # Optional: also build a styled DMG for humans (drag to /Applications)
-scripts/create-dmg.sh dist/Clawdbot.app dist/Clawdbot-2026.1.21.dmg
+scripts/create-dmg.sh dist/Clawdbot.app dist/Clawdbot-2026.1.23.dmg
 
 # Recommended: build + notarize/staple zip + DMG
 # First, create a keychain profile once:
@@ -48,26 +48,26 @@ scripts/create-dmg.sh dist/Clawdbot.app dist/Clawdbot-2026.1.21.dmg
 #     --apple-id "<apple-id>" --team-id "<team-id>" --password "<app-specific-password>"
 NOTARIZE=1 NOTARYTOOL_PROFILE=clawdbot-notary \
 BUNDLE_ID=com.clawdbot.mac \
-APP_VERSION=2026.1.21 \
+APP_VERSION=2026.1.23 \
 APP_BUILD="$(git rev-list --count HEAD)" \
 BUILD_CONFIG=release \
 SIGN_IDENTITY="Developer ID Application: <Developer Name> (<TEAMID>)" \
 scripts/package-mac-dist.sh
 
 # Optional: ship dSYM alongside the release
-ditto -c -k --keepParent apps/macos/.build/release/Clawdbot.app.dSYM dist/Clawdbot-2026.1.21.dSYM.zip
+ditto -c -k --keepParent apps/macos/.build/release/Clawdbot.app.dSYM dist/Clawdbot-2026.1.23.dSYM.zip
 ```
 
 ## Appcast entry
 Use the release note generator so Sparkle renders formatted HTML notes:
 ```bash
-SPARKLE_PRIVATE_KEY_FILE=/path/to/ed25519-private-key scripts/make_appcast.sh dist/Clawdbot-2026.1.21.zip https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml
+SPARKLE_PRIVATE_KEY_FILE=/path/to/ed25519-private-key scripts/make_appcast.sh dist/Clawdbot-2026.1.23.zip https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml
 ```
 Generates HTML release notes from `CHANGELOG.md` (via [`scripts/changelog-to-html.sh`](https://github.com/clawdbot/clawdbot/blob/main/scripts/changelog-to-html.sh)) and embeds them in the appcast entry.
 Commit the updated `appcast.xml` alongside the release assets (zip + dSYM) when publishing.
 
 ## Publish & verify
-- Upload `Clawdbot-2026.1.21.zip` (and `Clawdbot-2026.1.21.dSYM.zip`) to the GitHub release for tag `v2026.1.21`.
+- Upload `Clawdbot-2026.1.23.zip` (and `Clawdbot-2026.1.23.dSYM.zip`) to the GitHub release for tag `v2026.1.23`.
 - Ensure the raw appcast URL matches the baked feed: `https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml`.
 - Sanity checks:
   - `curl -I https://raw.githubusercontent.com/clawdbot/clawdbot/main/appcast.xml` returns 200.

docs/plugins/agent-tools.md

@@ -82,6 +82,8 @@ Enable optional tools in `agents.list[].tools.allow` (or global `tools.allow`):
 ```
 
 Other config knobs that affect tool availability:
+- Allowlists that only name plugin tools are treated as plugin opt-ins; core tools remain
+  enabled unless you also include core tools or groups in the allowlist.
 - `tools.profile` / `agents.list[].tools.profile` (base allowlist)
 - `tools.byProvider` / `agents.list[].tools.byProvider` (provider‑specific allow/deny)
 - `tools.sandbox.tools.*` (sandbox tool policy when sandboxed)

docs/providers/github-copilot.md

@@ -16,9 +16,9 @@ provider in two different ways.
 
 ### 1) Built-in GitHub Copilot provider (`github-copilot`)
 
-Use the native device-login flow to obtain a GitHub token and use it directly
-against the Copilot API. This is the **default** and simplest path because it
-does not require VS Code. Enterprise domains are supported.
+Use the native device-login flow to obtain a GitHub token, then exchange it for
+Copilot API tokens when Clawdbot runs. This is the **default** and simplest path
+because it does not require VS Code.
 
 ### 2) Copilot Proxy plugin (`copilot-proxy`)
 
@@ -39,8 +39,6 @@ clawdbot models auth login-github-copilot
 
 You'll be prompted to visit a URL and enter a one-time code. Keep the terminal
 open until it completes.
-If you're on GitHub Enterprise, the login will ask for your enterprise URL or
-domain (for example `company.ghe.com`).
 
 ### Optional flags
 
@@ -68,7 +66,5 @@ clawdbot models set github-copilot/gpt-4o
 - Requires an interactive TTY; run it directly in a terminal.
 - Copilot model availability depends on your plan; if a model is rejected, try
   another ID (for example `github-copilot/gpt-4.1`).
-- The login stores a GitHub token in the auth profile store and uses it directly
-  for Copilot API calls.
-- Base URL: `https://api.githubcopilot.com` (public) or `https://copilot-api.<domain>`
-  for GitHub Enterprise.
+- The login stores a GitHub token in the auth profile store and exchanges it for a
+  Copilot API token when Clawdbot runs.

docs/reference/RELEASING.md

@@ -13,7 +13,7 @@ Use `pnpm` (Node 22+) from the repo root. Keep the working tree clean before tag
 ## Operator trigger
 When the operator says “release”, immediately do this preflight (no extra questions unless blocked):
 - Read this doc and `docs/platforms/mac/release.md`.
-- Load env from `~/.profile` and confirm `SPARKLE_PRIVATE_KEY_FILE` + App Store Connect vars are set.
+- Load env from `~/.profile` and confirm `SPARKLE_PRIVATE_KEY_FILE` + App Store Connect vars are set (SPARKLE_PRIVATE_KEY_FILE should live in `~/.profile`).
 - Use Sparkle keys from `~/Library/CloudStorage/Dropbox/Backup/Sparkle` if needed.
 
 1) **Version & metadata**
@@ -39,8 +39,9 @@ When the operator says “release”, immediately do this preflight (no extra qu
 - [ ] `pnpm test` (or `pnpm test:coverage` if you need coverage output)
 - [ ] `pnpm run build` (last sanity check after tests)
 - [ ] `pnpm release:check` (verifies npm pack contents)
-- [ ] `pnpm test:install:smoke` (Docker install smoke test; required before release)
+- [ ] `CLAWDBOT_INSTALL_SMOKE_SKIP_NONROOT=1 pnpm test:install:smoke` (Docker install smoke test, fast path; required before release)
   - If the immediate previous npm release is known broken, set `CLAWDBOT_INSTALL_SMOKE_PREVIOUS=<last-good-version>` or `CLAWDBOT_INSTALL_SMOKE_SKIP_PREVIOUS=1` for the preinstall step.
+- [ ] (Optional) Full installer smoke (adds non-root + CLI coverage): `pnpm test:install:smoke`
 - [ ] (Optional) Installer E2E (Docker, runs `curl -fsSL https://clawd.bot/install.sh | bash`, onboards, then runs real tool calls):
   - `pnpm test:install:e2e:openai` (requires `OPENAI_API_KEY`)
   - `pnpm test:install:e2e:anthropic` (requires `ANTHROPIC_API_KEY`)

docs/start/faq.md

@@ -324,6 +324,7 @@ brew install <formula>
 ```
 
 If you run Clawdbot via systemd, ensure the service PATH includes `/home/linuxbrew/.linuxbrew/bin` (or your brew prefix) so `brew`-installed tools resolve in non‑login shells.
+Recent builds also prepend common user bin dirs on Linux systemd services (for example `~/.local/bin`, `~/.npm-global/bin`, `~/.local/share/pnpm`, `~/.bun/bin`) and honor `PNPM_HOME`, `NPM_CONFIG_PREFIX`, `BUN_INSTALL`, `VOLTA_HOME`, `ASDF_DATA_DIR`, `NVM_DIR`, and `FNM_DIR` when set.
 
 ### Can I switch between npm and git installs later?
 

docs/tools/exec-approvals.md

@@ -54,6 +54,7 @@ Example schema:
       "autoAllowSkills": true,
       "allowlist": [
         {
+          "id": "B0C8C0B3-2C2D-4F8A-9A3C-5A4B3C2D1E0F",
           "pattern": "~/Projects/**/bin/rg",
           "lastUsedAt": 1737150000000,
           "lastUsedCommand": "rg -n TODO",
@@ -96,6 +97,7 @@ Examples:
 - `/opt/homebrew/bin/rg`
 
 Each allowlist entry tracks:
+- **id** stable UUID used for UI identity (optional)
 - **last used** timestamp
 - **last used command**
 - **last resolved path**

docs/tools/lobster.md

@@ -121,6 +121,10 @@ Lobster is an **optional** plugin tool (not enabled by default). Allow it per ag
 
 You can also allow it globally with `tools.allow` if every agent should see it.
 
+Note: allowlists are opt-in for optional plugins. If your allowlist only names
+plugin tools (like `lobster`), Clawdbot keeps core tools enabled. To restrict core
+tools, include the core tools or groups you want in the allowlist too.
+
 ## Example: Email triage
 
 Without Lobster:

docs/tui.md

@@ -88,6 +88,8 @@ Session lifecycle:
 - `/settings`
 - `/exit`
 
+Other Gateway slash commands (for example, `/context`) are forwarded to the Gateway and shown as system output. See [Slash commands](/tools/slash-commands).
+
 ## Local shell commands
 - Prefix a line with `!` to run a local shell command on the TUI host.
 - The TUI prompts once per session to allow local execution; declining keeps `!` disabled for the session.

extensions/bluebubbles/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/bluebubbles",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot BlueBubbles channel plugin",
   "clawdbot": {

extensions/bluebubbles/src/config-schema.ts

@@ -1,3 +1,4 @@
+import { MarkdownConfigSchema } from "clawdbot/plugin-sdk";
 import { z } from "zod";
 
 const allowFromEntry = z.union([z.string(), z.number()]);
@@ -25,6 +26,7 @@ const bluebubblesGroupConfigSchema = z.object({
 const bluebubblesAccountSchema = z.object({
   name: z.string().optional(),
   enabled: z.boolean().optional(),
+  markdown: MarkdownConfigSchema,
   serverUrl: z.string().optional(),
   password: z.string().optional(),
   webhookPath: z.string().optional(),

extensions/bluebubbles/src/monitor.test.ts

@@ -2,6 +2,7 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 import type { IncomingMessage, ServerResponse } from "node:http";
 import { EventEmitter } from "node:events";
 
+import { removeAckReactionAfterReply, shouldAckReaction } from "clawdbot/plugin-sdk";
 import type { ClawdbotConfig, PluginRuntime } from "clawdbot/plugin-sdk";
 import {
   handleBlueBubblesWebhookRequest,
@@ -99,6 +100,8 @@ function createMockRuntime(): PluginRuntime {
         chunkText: vi.fn() as unknown as PluginRuntime["channel"]["text"]["chunkText"],
         resolveTextChunkLimit: vi.fn(() => 4000) as unknown as PluginRuntime["channel"]["text"]["resolveTextChunkLimit"],
         hasControlCommand: mockHasControlCommand as unknown as PluginRuntime["channel"]["text"]["hasControlCommand"],
+        resolveMarkdownTableMode: vi.fn(() => "code") as unknown as PluginRuntime["channel"]["text"]["resolveMarkdownTableMode"],
+        convertMarkdownTables: vi.fn((text: string) => text) as unknown as PluginRuntime["channel"]["text"]["convertMarkdownTables"],
       },
       reply: {
         dispatchReplyWithBufferedBlockDispatcher: mockDispatchReplyWithBufferedBlockDispatcher as unknown as PluginRuntime["channel"]["reply"]["dispatchReplyWithBufferedBlockDispatcher"],
@@ -126,6 +129,7 @@ function createMockRuntime(): PluginRuntime {
       session: {
         resolveStorePath: mockResolveStorePath as unknown as PluginRuntime["channel"]["session"]["resolveStorePath"],
         readSessionUpdatedAt: mockReadSessionUpdatedAt as unknown as PluginRuntime["channel"]["session"]["readSessionUpdatedAt"],
+        recordInboundSession: vi.fn() as unknown as PluginRuntime["channel"]["session"]["recordInboundSession"],
         recordSessionMetaFromInbound: vi.fn() as unknown as PluginRuntime["channel"]["session"]["recordSessionMetaFromInbound"],
         updateLastRoute: vi.fn() as unknown as PluginRuntime["channel"]["session"]["updateLastRoute"],
       },
@@ -133,6 +137,10 @@ function createMockRuntime(): PluginRuntime {
         buildMentionRegexes: mockBuildMentionRegexes as unknown as PluginRuntime["channel"]["mentions"]["buildMentionRegexes"],
         matchesMentionPatterns: mockMatchesMentionPatterns as unknown as PluginRuntime["channel"]["mentions"]["matchesMentionPatterns"],
       },
+      reactions: {
+        shouldAckReaction,
+        removeAckReactionAfterReply,
+      },
       groups: {
         resolveGroupPolicy: mockResolveGroupPolicy as unknown as PluginRuntime["channel"]["groups"]["resolveGroupPolicy"],
         resolveRequireMention: mockResolveRequireMention as unknown as PluginRuntime["channel"]["groups"]["resolveRequireMention"],
@@ -220,6 +228,12 @@ function createMockResponse(): ServerResponse & { body: string; statusCode: numb
   return res;
 }
 
+const flushAsync = async () => {
+  for (let i = 0; i < 2; i += 1) {
+    await new Promise<void>((resolve) => setImmediate(resolve));
+  }
+};
+
 describe("BlueBubbles webhook monitor", () => {
   let unregister: () => void;
 
@@ -506,7 +520,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(resolveChatGuidForTarget).toHaveBeenCalledWith(
         expect.objectContaining({
@@ -554,7 +568,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(resolveChatGuidForTarget).not.toHaveBeenCalled();
       expect(sendMessageBlueBubbles).toHaveBeenCalledWith(
@@ -601,7 +615,7 @@ describe("BlueBubbles webhook monitor", () => {
       await handleBlueBubblesWebhookRequest(req, res);
 
       // Wait for async processing
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(res.statusCode).toBe(200);
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
@@ -640,7 +654,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(res.statusCode).toBe(200);
       expect(mockDispatchReplyWithBufferedBlockDispatcher).not.toHaveBeenCalled();
@@ -681,7 +695,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockUpsertPairingRequest).toHaveBeenCalled();
       expect(mockDispatchReplyWithBufferedBlockDispatcher).not.toHaveBeenCalled();
@@ -724,7 +738,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockUpsertPairingRequest).toHaveBeenCalled();
       // Should not send pairing reply since created=false
@@ -765,7 +779,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
     });
@@ -802,7 +816,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).not.toHaveBeenCalled();
     });
@@ -842,7 +856,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
     });
@@ -880,7 +894,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).not.toHaveBeenCalled();
     });
@@ -919,7 +933,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).not.toHaveBeenCalled();
     });
@@ -958,7 +972,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
     });
@@ -999,7 +1013,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
       const callArgs = mockDispatchReplyWithBufferedBlockDispatcher.mock.calls[0][0];
@@ -1040,7 +1054,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).not.toHaveBeenCalled();
     });
@@ -1078,7 +1092,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
     });
@@ -1121,7 +1135,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
       const callArgs = mockDispatchReplyWithBufferedBlockDispatcher.mock.calls[0][0];
@@ -1167,7 +1181,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
       const callArgs = mockDispatchReplyWithBufferedBlockDispatcher.mock.calls[0][0];
@@ -1213,7 +1227,7 @@ describe("BlueBubbles webhook monitor", () => {
       const originalRes = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(originalReq, originalRes);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       // Only assert the reply message behavior below.
       mockDispatchReplyWithBufferedBlockDispatcher.mockClear();
@@ -1237,7 +1251,7 @@ describe("BlueBubbles webhook monitor", () => {
       const replyRes = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(replyReq, replyRes);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
       const callArgs = mockDispatchReplyWithBufferedBlockDispatcher.mock.calls[0][0];
@@ -1283,7 +1297,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
       const callArgs = mockDispatchReplyWithBufferedBlockDispatcher.mock.calls[0][0];
@@ -1331,7 +1345,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(sendBlueBubblesReaction).toHaveBeenCalledWith(
         expect.objectContaining({
@@ -1384,7 +1398,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       // Should process even without mention because it's an authorized control command
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
@@ -1427,7 +1441,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).not.toHaveBeenCalled();
     });
@@ -1470,7 +1484,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(markBlueBubblesChatRead).toHaveBeenCalled();
     });
@@ -1511,7 +1525,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(markBlueBubblesChatRead).not.toHaveBeenCalled();
     });
@@ -1554,7 +1568,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       // Should call typing start when reply flow triggers it.
       expect(sendBlueBubblesTyping).toHaveBeenCalledWith(
@@ -1604,7 +1618,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(sendBlueBubblesTyping).toHaveBeenCalledWith(
         expect.any(String),
@@ -1649,7 +1663,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(sendBlueBubblesTyping).toHaveBeenCalledWith(
         expect.any(String),
@@ -1697,7 +1711,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       // Outbound message ID uses short ID "2" (inbound msg-1 is "1", outbound msg-123 is "2")
       expect(mockEnqueueSystemEvent).toHaveBeenCalledWith(
@@ -1742,7 +1756,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockEnqueueSystemEvent).toHaveBeenCalledWith(
         expect.stringContaining("reaction added"),
@@ -1782,7 +1796,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockEnqueueSystemEvent).toHaveBeenCalledWith(
         expect.stringContaining("reaction removed"),
@@ -1822,7 +1836,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockEnqueueSystemEvent).not.toHaveBeenCalled();
     });
@@ -1860,7 +1874,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockEnqueueSystemEvent).toHaveBeenCalledWith(
         expect.stringContaining("👍"),
@@ -1901,7 +1915,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).toHaveBeenCalled();
       const callArgs = mockDispatchReplyWithBufferedBlockDispatcher.mock.calls[0][0];
@@ -1941,7 +1955,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       // The short ID "1" should resolve back to the full UUID
       expect(resolveBlueBubblesMessageId("1")).toBe("msg-uuid-12345");
@@ -1993,7 +2007,7 @@ describe("BlueBubbles webhook monitor", () => {
       const res = createMockResponse();
 
       await handleBlueBubblesWebhookRequest(req, res);
-      await new Promise((resolve) => setTimeout(resolve, 50));
+      await flushAsync();
 
       expect(mockDispatchReplyWithBufferedBlockDispatcher).not.toHaveBeenCalled();
     });

extensions/bluebubbles/src/monitor.ts

@@ -1,7 +1,13 @@
 import type { IncomingMessage, ServerResponse } from "node:http";
 
 import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
-import { resolveAckReaction } from "clawdbot/plugin-sdk";
+import {
+  logAckFailure,
+  logInboundDrop,
+  logTypingFailure,
+  resolveAckReaction,
+  resolveControlCommandGate,
+} from "clawdbot/plugin-sdk";
 import { markBlueBubblesChatRead, sendBlueBubblesTyping } from "./chat.js";
 import { resolveChatGuidForTarget, sendMessageBlueBubbles } from "./send.js";
 import { downloadBlueBubblesAttachment } from "./attachments.js";
@@ -1346,23 +1352,25 @@ async function processMessage(
         })
       : false;
   const dmAuthorized = dmPolicy === "open" || ownerAllowedForCommands;
-  const commandAuthorized = isGroup
-    ? core.channel.commands.resolveCommandAuthorizedFromAuthorizers({
-        useAccessGroups,
-        authorizers: [
-          { configured: effectiveAllowFrom.length > 0, allowed: ownerAllowedForCommands },
-          { configured: effectiveGroupAllowFrom.length > 0, allowed: groupAllowedForCommands },
-        ],
-      })
-    : dmAuthorized;
+  const commandGate = resolveControlCommandGate({
+    useAccessGroups,
+    authorizers: [
+      { configured: effectiveAllowFrom.length > 0, allowed: ownerAllowedForCommands },
+      { configured: effectiveGroupAllowFrom.length > 0, allowed: groupAllowedForCommands },
+    ],
+    allowTextCommands: true,
+    hasControlCommand: hasControlCmd,
+  });
+  const commandAuthorized = isGroup ? commandGate.commandAuthorized : dmAuthorized;
 
   // Block control commands from unauthorized senders in groups
-  if (isGroup && hasControlCmd && !commandAuthorized) {
-    logVerbose(
-      core,
-      runtime,
-      `bluebubbles: drop control command from unauthorized sender ${message.senderId}`,
-    );
+  if (isGroup && commandGate.shouldBlock) {
+    logInboundDrop({
+      log: (msg) => logVerbose(core, runtime, msg),
+      channel: "bluebubbles",
+      reason: "control command (unauthorized)",
+      target: message.senderId,
+    });
     return;
   }
 
@@ -1521,19 +1529,20 @@ async function processMessage(
     core,
     runtime,
   });
-  const shouldAckReaction = () => {
-    if (!ackReactionValue) return false;
-    if (ackReactionScope === "all") return true;
-    if (ackReactionScope === "direct") return !isGroup;
-    if (ackReactionScope === "group-all") return isGroup;
-    if (ackReactionScope === "group-mentions") {
-      if (!isGroup) return false;
-      if (!requireMention) return false;
-      if (!canDetectMention) return false;
-      return effectiveWasMentioned;
-    }
-    return false;
-  };
+  const shouldAckReaction = () =>
+    Boolean(
+      ackReactionValue &&
+        core.channel.reactions.shouldAckReaction({
+          scope: ackReactionScope,
+          isDirect: !isGroup,
+          isGroup,
+          isMentionableGroup: isGroup,
+          requireMention: Boolean(requireMention),
+          canDetectMention,
+          effectiveWasMentioned,
+          shouldBypassMention,
+        }),
+    );
   const ackMessageId = message.messageId?.trim() || "";
   const ackReactionPromise =
     shouldAckReaction() && ackMessageId && chatGuidForActions && ackReactionValue
@@ -1662,9 +1671,15 @@ async function processMessage(
               ? [payload.mediaUrl]
               : [];
           if (mediaList.length > 0) {
+            const tableMode = core.channel.text.resolveMarkdownTableMode({
+              cfg: config,
+              channel: "bluebubbles",
+              accountId: account.accountId,
+            });
+            const text = core.channel.text.convertMarkdownTables(payload.text ?? "", tableMode);
             let first = true;
             for (const mediaUrl of mediaList) {
-              const caption = first ? payload.text : undefined;
+              const caption = first ? text : undefined;
               first = false;
               const result = await sendBlueBubblesMedia({
                 cfg: config,
@@ -1686,8 +1701,14 @@ async function processMessage(
             account.config.textChunkLimit && account.config.textChunkLimit > 0
               ? account.config.textChunkLimit
               : DEFAULT_TEXT_LIMIT;
-          const chunks = core.channel.text.chunkMarkdownText(payload.text ?? "", textLimit);
-          if (!chunks.length && payload.text) chunks.push(payload.text);
+          const tableMode = core.channel.text.resolveMarkdownTableMode({
+            cfg: config,
+            channel: "bluebubbles",
+            accountId: account.accountId,
+          });
+          const text = core.channel.text.convertMarkdownTables(payload.text ?? "", tableMode);
+          const chunks = core.channel.text.chunkMarkdownText(text, textLimit);
+          if (!chunks.length && text) chunks.push(text);
           if (!chunks.length) return;
           for (const chunk of chunks) {
             const result = await sendMessageBlueBubbles(outboundTarget, chunk, {
@@ -1737,29 +1758,27 @@ async function processMessage(
       },
     });
   } finally {
-    if (
-      removeAckAfterReply &&
-      sentMessage &&
-      ackReactionPromise &&
-      ackReactionValue &&
-      chatGuidForActions &&
-      ackMessageId
-    ) {
-      void ackReactionPromise.then((didAck) => {
-        if (!didAck) return;
-        sendBlueBubblesReaction({
-          chatGuid: chatGuidForActions,
-          messageGuid: ackMessageId,
-          emoji: ackReactionValue,
-          remove: true,
-          opts: { cfg: config, accountId: account.accountId },
-        }).catch((err) => {
-          logVerbose(
-            core,
-            runtime,
-            `ack reaction removal failed chatGuid=${chatGuidForActions} msg=${ackMessageId}: ${String(err)}`,
-          );
-        });
+    if (sentMessage && chatGuidForActions && ackMessageId) {
+      core.channel.reactions.removeAckReactionAfterReply({
+        removeAfterReply: removeAckAfterReply,
+        ackReactionPromise,
+        ackReactionValue: ackReactionValue ?? null,
+        remove: () =>
+          sendBlueBubblesReaction({
+            chatGuid: chatGuidForActions,
+            messageGuid: ackMessageId,
+            emoji: ackReactionValue ?? "",
+            remove: true,
+            opts: { cfg: config, accountId: account.accountId },
+          }),
+        onError: (err) => {
+          logAckFailure({
+            log: (msg) => logVerbose(core, runtime, msg),
+            channel: "bluebubbles",
+            target: `${chatGuidForActions}/${ackMessageId}`,
+            error: err,
+          });
+        },
       });
     }
     if (chatGuidForActions && baseUrl && password && !sentMessage) {
@@ -1768,7 +1787,13 @@ async function processMessage(
         cfg: config,
         accountId: account.accountId,
       }).catch((err) => {
-        logVerbose(core, runtime, `typing stop (no reply) failed: ${String(err)}`);
+        logTypingFailure({
+          log: (msg) => logVerbose(core, runtime, msg),
+          channel: "bluebubbles",
+          action: "stop",
+          target: chatGuidForActions,
+          error: err,
+        });
       });
     }
   }

extensions/copilot-proxy/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/copilot-proxy",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Copilot Proxy provider plugin",
   "clawdbot": {

extensions/diagnostics-otel/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/diagnostics-otel",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot diagnostics OpenTelemetry exporter",
   "clawdbot": {

extensions/discord/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/discord",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Discord channel plugin",
   "clawdbot": {

extensions/google-antigravity-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/google-antigravity-auth",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Google Antigravity OAuth provider plugin",
   "clawdbot": {

extensions/google-gemini-cli-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/google-gemini-cli-auth",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Gemini CLI OAuth provider plugin",
   "clawdbot": {

extensions/imessage/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/imessage",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot iMessage channel plugin",
   "clawdbot": {

extensions/lobster/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/lobster",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Lobster workflow tool plugin (typed pipelines + resumable approvals)",
   "clawdbot": {

extensions/matrix/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2026.1.23
+
+### Changes
+- Version alignment with core Clawdbot release numbers.
+
 ## 2026.1.22
 
 ### Changes

extensions/matrix/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/matrix",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Matrix channel plugin",
   "clawdbot": {

extensions/matrix/src/config-schema.ts

@@ -1,3 +1,4 @@
+import { MarkdownConfigSchema } from "clawdbot/plugin-sdk";
 import { z } from "zod";
 
 const allowFromEntry = z.union([z.string(), z.number()]);
@@ -35,6 +36,7 @@ const matrixRoomSchema = z
 export const MatrixConfigSchema = z.object({
   name: z.string().optional(),
   enabled: z.boolean().optional(),
+  markdown: MarkdownConfigSchema,
   homeserver: z.string().optional(),
   userId: z.string().optional(),
   accessToken: z.string().optional(),

extensions/matrix/src/matrix/monitor/handler.ts

@@ -1,7 +1,12 @@
 import type { LocationMessageEventContent, MatrixClient } from "matrix-bot-sdk";
 
 import {
+  createReplyPrefixContext,
+  createTypingCallbacks,
   formatAllowlistMatchMeta,
+  logInboundDrop,
+  logTypingFailure,
+  resolveControlCommandGate,
   type RuntimeEnv,
 } from "clawdbot/plugin-sdk";
 import type { CoreConfig, ReplyToMode } from "../../types.js";
@@ -376,21 +381,25 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam
               userName: senderName,
             })
           : false;
-      const commandAuthorized = core.channel.commands.resolveCommandAuthorizedFromAuthorizers({
+      const hasControlCommandInMessage = core.channel.text.hasControlCommand(bodyText, cfg);
+      const commandGate = resolveControlCommandGate({
         useAccessGroups,
         authorizers: [
           { configured: effectiveAllowFrom.length > 0, allowed: senderAllowedForCommands },
           { configured: roomUsers.length > 0, allowed: senderAllowedForRoomUsers },
           { configured: groupAllowConfigured, allowed: senderAllowedForGroup },
         ],
+        allowTextCommands,
+        hasControlCommand: hasControlCommandInMessage,
       });
-      if (
-        isRoom &&
-        allowTextCommands &&
-        core.channel.text.hasControlCommand(bodyText, cfg) &&
-        !commandAuthorized
-      ) {
-        logVerboseMessage(`matrix: drop control command from unauthorized sender ${senderId}`);
+      const commandAuthorized = commandGate.commandAuthorized;
+      if (isRoom && commandGate.shouldBlock) {
+        logInboundDrop({
+          log: logVerboseMessage,
+          channel: "matrix",
+          reason: "control command (unauthorized)",
+          target: senderId,
+        });
         return;
       }
       const shouldRequireMention = isRoom
@@ -409,7 +418,8 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam
         !wasMentioned &&
         !hasExplicitMention &&
         commandAuthorized &&
-        core.channel.text.hasControlCommand(bodyText);
+        hasControlCommandInMessage;
+      const canDetectMention = mentionRegexes.length > 0 || hasExplicitMention;
       if (isRoom && shouldRequireMention && !wasMentioned && !shouldBypassMention) {
         logger.info({ roomId, reason: "no-mention" }, "skipping room message");
         return;
@@ -486,47 +496,45 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam
         OriginatingTo: `room:${roomId}`,
       });
 
-      void core.channel.session
-        .recordSessionMetaFromInbound({
-          storePath,
-          sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
-          ctx: ctxPayload,
-        })
-        .catch((err) => {
+      await core.channel.session.recordInboundSession({
+        storePath,
+        sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
+        ctx: ctxPayload,
+        updateLastRoute: isDirectMessage
+          ? {
+              sessionKey: route.mainSessionKey,
+              channel: "matrix",
+              to: `room:${roomId}`,
+              accountId: route.accountId,
+            }
+          : undefined,
+        onRecordError: (err) => {
           logger.warn(
             { error: String(err), storePath, sessionKey: ctxPayload.SessionKey ?? route.sessionKey },
             "failed updating session meta",
           );
-        });
-
-      if (isDirectMessage) {
-        await core.channel.session.updateLastRoute({
-          storePath,
-          sessionKey: route.mainSessionKey,
-          channel: "matrix",
-          to: `room:${roomId}`,
-          accountId: route.accountId,
-          ctx: ctxPayload,
-        });
-      }
+        },
+      });
 
       const preview = bodyText.slice(0, 200).replace(/\n/g, "\\n");
       logVerboseMessage(`matrix inbound: room=${roomId} from=${senderId} preview="${preview}"`);
 
       const ackReaction = (cfg.messages?.ackReaction ?? "").trim();
       const ackScope = cfg.messages?.ackReactionScope ?? "group-mentions";
-      const shouldAckReaction = () => {
-        if (!ackReaction) return false;
-        if (ackScope === "all") return true;
-        if (ackScope === "direct") return isDirectMessage;
-        if (ackScope === "group-all") return isRoom;
-        if (ackScope === "group-mentions") {
-          if (!isRoom) return false;
-          if (!shouldRequireMention) return false;
-          return wasMentioned || shouldBypassMention;
-        }
-        return false;
-      };
+      const shouldAckReaction = () =>
+        Boolean(
+          ackReaction &&
+            core.channel.reactions.shouldAckReaction({
+              scope: ackScope,
+              isDirect: isDirectMessage,
+              isGroup: isRoom,
+              isMentionableGroup: isRoom,
+              requireMention: Boolean(shouldRequireMention),
+              canDetectMention,
+              effectiveWasMentioned: wasMentioned || shouldBypassMention,
+              shouldBypassMention,
+            }),
+        );
       if (shouldAckReaction() && messageId) {
         reactMatrixMessage(roomId, messageId, ackReaction, client).catch((err) => {
           logVerboseMessage(`matrix react failed for room ${roomId}: ${String(err)}`);
@@ -548,10 +556,38 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam
       }
 
       let didSendReply = false;
+      const tableMode = core.channel.text.resolveMarkdownTableMode({
+        cfg,
+        channel: "matrix",
+        accountId: route.accountId,
+      });
+      const prefixContext = createReplyPrefixContext({ cfg, agentId: route.agentId });
+      const typingCallbacks = createTypingCallbacks({
+        start: () => sendTypingMatrix(roomId, true, undefined, client),
+        stop: () => sendTypingMatrix(roomId, false, undefined, client),
+        onStartError: (err) => {
+          logTypingFailure({
+            log: logVerboseMessage,
+            channel: "matrix",
+            action: "start",
+            target: roomId,
+            error: err,
+          });
+        },
+        onStopError: (err) => {
+          logTypingFailure({
+            log: logVerboseMessage,
+            channel: "matrix",
+            action: "stop",
+            target: roomId,
+            error: err,
+          });
+        },
+      });
       const { dispatcher, replyOptions, markDispatchIdle } =
         core.channel.reply.createReplyDispatcherWithTyping({
-          responsePrefix: core.channel.reply.resolveEffectiveMessagesConfig(cfg, route.agentId)
-            .responsePrefix,
+          responsePrefix: prefixContext.responsePrefix,
+          responsePrefixContextProvider: prefixContext.responsePrefixContextProvider,
           humanDelay: core.channel.reply.resolveHumanDelayConfig(cfg, route.agentId),
           deliver: async (payload) => {
             await deliverMatrixReplies({
@@ -562,16 +598,16 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam
               textLimit,
               replyToMode,
               threadId: threadTarget,
+              accountId: route.accountId,
+              tableMode,
             });
             didSendReply = true;
           },
           onError: (err, info) => {
             runtime.error?.(`matrix ${info.kind} reply failed: ${String(err)}`);
           },
-          onReplyStart: () =>
-            sendTypingMatrix(roomId, true, undefined, client).catch(() => {}),
-          onIdle: () =>
-            sendTypingMatrix(roomId, false, undefined, client).catch(() => {}),
+          onReplyStart: typingCallbacks.onReplyStart,
+          onIdle: typingCallbacks.onIdle,
         });
 
       const { queuedFinal, counts } = await core.channel.reply.dispatchReplyFromConfig({
@@ -581,6 +617,7 @@ export function createMatrixRoomMessageHandler(params: MatrixMonitorHandlerParam
         replyOptions: {
           ...replyOptions,
           skillFilter: roomConfig?.skills,
+          onModelSelected: prefixContext.onModelSelected,
         },
       });
       markDispatchIdle();

extensions/matrix/src/matrix/monitor/replies.ts

@@ -1,6 +1,6 @@
 import type { MatrixClient } from "matrix-bot-sdk";
 
-import type { ReplyPayload, RuntimeEnv } from "clawdbot/plugin-sdk";
+import type { MarkdownTableMode, ReplyPayload, RuntimeEnv } from "clawdbot/plugin-sdk";
 import { sendMessageMatrix } from "../send.js";
 import { getMatrixRuntime } from "../../runtime.js";
 
@@ -12,8 +12,17 @@ export async function deliverMatrixReplies(params: {
   textLimit: number;
   replyToMode: "off" | "first" | "all";
   threadId?: string;
+  accountId?: string;
+  tableMode?: MarkdownTableMode;
 }): Promise<void> {
   const core = getMatrixRuntime();
+  const tableMode =
+    params.tableMode ??
+    core.channel.text.resolveMarkdownTableMode({
+      cfg: core.config.loadConfig(),
+      channel: "matrix",
+      accountId: params.accountId,
+    });
   const logVerbose = (message: string) => {
     if (core.logging.shouldLogVerbose()) {
       params.runtime.log?.(message);
@@ -33,6 +42,8 @@ export async function deliverMatrixReplies(params: {
     }
     const replyToIdRaw = reply.replyToId?.trim();
     const replyToId = params.threadId || params.replyToMode === "off" ? undefined : replyToIdRaw;
+    const rawText = reply.text ?? "";
+    const text = core.channel.text.convertMarkdownTables(rawText, tableMode);
     const mediaList = reply.mediaUrls?.length
       ? reply.mediaUrls
       : reply.mediaUrl
@@ -43,13 +54,14 @@ export async function deliverMatrixReplies(params: {
       Boolean(id) && (params.replyToMode === "all" || !hasReplied);
 
     if (mediaList.length === 0) {
-      for (const chunk of core.channel.text.chunkMarkdownText(reply.text ?? "", chunkLimit)) {
+      for (const chunk of core.channel.text.chunkMarkdownText(text, chunkLimit)) {
         const trimmed = chunk.trim();
         if (!trimmed) continue;
         await sendMessageMatrix(params.roomId, trimmed, {
           client: params.client,
           replyToId: shouldIncludeReply(replyToId) ? replyToId : undefined,
           threadId: params.threadId,
+          accountId: params.accountId,
         });
         if (shouldIncludeReply(replyToId)) {
           hasReplied = true;
@@ -60,13 +72,14 @@ export async function deliverMatrixReplies(params: {
 
     let first = true;
     for (const mediaUrl of mediaList) {
-      const caption = first ? (reply.text ?? "") : "";
+      const caption = first ? text : "";
       await sendMessageMatrix(params.roomId, caption, {
         client: params.client,
         mediaUrl,
         replyToId: shouldIncludeReply(replyToId) ? replyToId : undefined,
         threadId: params.threadId,
         audioAsVoice: reply.audioAsVoice,
+        accountId: params.accountId,
       });
       if (shouldIncludeReply(replyToId)) {
         hasReplied = true;

extensions/matrix/src/matrix/send.test.ts

@@ -43,6 +43,8 @@ const runtimeStub = {
     text: {
       resolveTextChunkLimit: () => 4000,
       chunkMarkdownText: (text: string) => (text ? [text] : []),
+      resolveMarkdownTableMode: () => "code",
+      convertMarkdownTables: (text: string) => text,
     },
   },
 } as unknown as PluginRuntime;

extensions/matrix/src/matrix/send.ts

@@ -50,9 +50,18 @@ export async function sendMessageMatrix(
   try {
     const roomId = await resolveMatrixRoomId(client, to);
     const cfg = getCore().config.loadConfig();
+    const tableMode = getCore().channel.text.resolveMarkdownTableMode({
+      cfg,
+      channel: "matrix",
+      accountId: opts.accountId,
+    });
+    const convertedMessage = getCore().channel.text.convertMarkdownTables(
+      trimmedMessage,
+      tableMode,
+    );
     const textLimit = getCore().channel.text.resolveTextChunkLimit(cfg, "matrix");
     const chunkLimit = Math.min(textLimit, MATRIX_TEXT_LIMIT);
-    const chunks = getCore().channel.text.chunkMarkdownText(trimmedMessage, chunkLimit);
+    const chunks = getCore().channel.text.chunkMarkdownText(convertedMessage, chunkLimit);
     const threadId = normalizeThreadId(opts.threadId);
     const relation = threadId
       ? buildThreadRelation(threadId, opts.replyToId)

extensions/matrix/src/matrix/send/types.ts

@@ -87,6 +87,7 @@ export type MatrixSendResult = {
 export type MatrixSendOpts = {
   client?: import("matrix-bot-sdk").MatrixClient;
   mediaUrl?: string;
+  accountId?: string;
   replyToId?: string;
   threadId?: string | number | null;
   timeoutMs?: number;

extensions/mattermost/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/mattermost",
-  "version": "2026.1.20-2",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Mattermost channel plugin",
   "clawdbot": {

extensions/mattermost/src/config-schema.ts

@@ -4,6 +4,7 @@ import {
   BlockStreamingCoalesceSchema,
   DmPolicySchema,
   GroupPolicySchema,
+  MarkdownConfigSchema,
   requireOpenAllowFrom,
 } from "clawdbot/plugin-sdk";
 
@@ -11,6 +12,7 @@ const MattermostAccountSchemaBase = z
   .object({
     name: z.string().optional(),
     capabilities: z.array(z.string()).optional(),
+    markdown: MarkdownConfigSchema,
     enabled: z.boolean().optional(),
     configWrites: z.boolean().optional(),
     botToken: z.string().optional(),

extensions/mattermost/src/mattermost/monitor.ts

@@ -7,10 +7,15 @@ import type {
   RuntimeEnv,
 } from "clawdbot/plugin-sdk";
 import {
+  createReplyPrefixContext,
+  createTypingCallbacks,
+  logInboundDrop,
+  logTypingFailure,
   buildPendingHistoryContextFromMap,
-  clearHistoryEntries,
+  clearHistoryEntriesIfEnabled,
   DEFAULT_GROUP_HISTORY_LIMIT,
-  recordPendingHistoryEntry,
+  recordPendingHistoryEntryIfEnabled,
+  resolveControlCommandGate,
   resolveChannelMediaMaxBytes,
   type HistoryEntry,
 } from "clawdbot/plugin-sdk";
@@ -30,12 +35,9 @@ import {
 } from "./client.js";
 import {
   createDedupeCache,
-  extractShortModelName,
   formatInboundFromLabel,
   rawDataToString,
-  resolveIdentityName,
   resolveThreadSessionKeys,
-  type ResponsePrefixContext,
 } from "./monitor-helpers.js";
 import { sendMessageMattermost } from "./send.js";
 
@@ -307,11 +309,7 @@ export async function monitorMattermostProvider(opts: MonitorMattermostOpts = {}
   };
 
   const sendTypingIndicator = async (channelId: string, parentId?: string) => {
-    try {
-      await sendMattermostTyping(client, { channelId, parentId });
-    } catch (err) {
-      logger.debug?.(`mattermost typing cue failed for channel ${channelId}: ${String(err)}`);
-    }
+    await sendMattermostTyping(client, { channelId, parentId });
   };
 
   const resolveChannelInfo = async (channelId: string): Promise<MattermostChannel | null> => {
@@ -403,7 +401,8 @@ export async function monitorMattermostProvider(opts: MonitorMattermostOpts = {}
       cfg,
       surface: "mattermost",
     });
-    const isControlCommand = allowTextCommands && core.channel.text.hasControlCommand(rawText, cfg);
+    const hasControlCommand = core.channel.text.hasControlCommand(rawText, cfg);
+    const isControlCommand = allowTextCommands && hasControlCommand;
     const useAccessGroups = cfg.commands?.useAccessGroups !== false;
     const senderAllowedForCommands = isSenderAllowed({
       senderId,
@@ -415,19 +414,20 @@ export async function monitorMattermostProvider(opts: MonitorMattermostOpts = {}
       senderName,
       allowFrom: effectiveGroupAllowFrom,
     });
+    const commandGate = resolveControlCommandGate({
+      useAccessGroups,
+      authorizers: [
+        { configured: effectiveAllowFrom.length > 0, allowed: senderAllowedForCommands },
+        {
+          configured: effectiveGroupAllowFrom.length > 0,
+          allowed: groupAllowedForCommands,
+        },
+      ],
+      allowTextCommands,
+      hasControlCommand,
+    });
     const commandAuthorized =
-      kind === "dm"
-        ? dmPolicy === "open" || senderAllowedForCommands
-        : core.channel.commands.resolveCommandAuthorizedFromAuthorizers({
-            useAccessGroups,
-            authorizers: [
-              { configured: effectiveAllowFrom.length > 0, allowed: senderAllowedForCommands },
-              {
-                configured: effectiveGroupAllowFrom.length > 0,
-                allowed: groupAllowedForCommands,
-              },
-            ],
-          });
+      kind === "dm" ? dmPolicy === "open" || senderAllowedForCommands : commandGate.commandAuthorized;
 
     if (kind === "dm") {
       if (dmPolicy === "disabled") {
@@ -488,10 +488,13 @@ export async function monitorMattermostProvider(opts: MonitorMattermostOpts = {}
       }
     }
 
-    if (kind !== "dm" && isControlCommand && !commandAuthorized) {
-      logVerboseMessage(
-        `mattermost: drop control command from unauthorized sender ${senderId}`,
-      );
+    if (kind !== "dm" && commandGate.shouldBlock) {
+      logInboundDrop({
+        log: logVerboseMessage,
+        channel: "mattermost",
+        reason: "control command (unauthorized)",
+        target: senderId,
+      });
       return;
     }
 
@@ -534,19 +537,19 @@ export async function monitorMattermostProvider(opts: MonitorMattermostOpts = {}
         : "");
     const pendingSender = senderName;
     const recordPendingHistory = () => {
-      if (!historyKey || historyLimit <= 0) return;
       const trimmed = pendingBody.trim();
-      if (!trimmed) return;
-      recordPendingHistoryEntry({
+      recordPendingHistoryEntryIfEnabled({
         historyMap: channelHistories,
-        historyKey,
         limit: historyLimit,
-        entry: {
-          sender: pendingSender,
-          body: trimmed,
-          timestamp: typeof post.create_at === "number" ? post.create_at : undefined,
-          messageId: post.id ?? undefined,
-        },
+        historyKey: historyKey ?? "",
+        entry: historyKey && trimmed
+          ? {
+              sender: pendingSender,
+              body: trimmed,
+              timestamp: typeof post.create_at === "number" ? post.create_at : undefined,
+              messageId: post.id ?? undefined,
+            }
+          : null,
       });
     };
 
@@ -623,7 +626,7 @@ export async function monitorMattermostProvider(opts: MonitorMattermostOpts = {}
       sender: { name: senderName, id: senderId },
     });
     let combinedBody = body;
-    if (historyKey && historyLimit > 0) {
+    if (historyKey) {
       combinedBody = buildPendingHistoryContextFromMap({
         historyMap: channelHistories,
         historyKey,
@@ -707,20 +710,33 @@ export async function monitorMattermostProvider(opts: MonitorMattermostOpts = {}
     const textLimit = core.channel.text.resolveTextChunkLimit(cfg, "mattermost", account.accountId, {
       fallbackLimit: account.textChunkLimit ?? 4000,
     });
+    const tableMode = core.channel.text.resolveMarkdownTableMode({
+      cfg,
+      channel: "mattermost",
+      accountId: account.accountId,
+    });
 
-    let prefixContext: ResponsePrefixContext = {
-      identityName: resolveIdentityName(cfg, route.agentId),
-    };
+    const prefixContext = createReplyPrefixContext({ cfg, agentId: route.agentId });
 
+    const typingCallbacks = createTypingCallbacks({
+      start: () => sendTypingIndicator(channelId, threadRootId),
+      onStartError: (err) => {
+        logTypingFailure({
+          log: (message) => logger.debug?.(message),
+          channel: "mattermost",
+          target: channelId,
+          error: err,
+        });
+      },
+    });
     const { dispatcher, replyOptions, markDispatchIdle } =
       core.channel.reply.createReplyDispatcherWithTyping({
-        responsePrefix: core.channel.reply.resolveEffectiveMessagesConfig(cfg, route.agentId)
-          .responsePrefix,
-        responsePrefixContextProvider: () => prefixContext,
+        responsePrefix: prefixContext.responsePrefix,
+        responsePrefixContextProvider: prefixContext.responsePrefixContextProvider,
         humanDelay: core.channel.reply.resolveHumanDelayConfig(cfg, route.agentId),
         deliver: async (payload: ReplyPayload) => {
           const mediaUrls = payload.mediaUrls ?? (payload.mediaUrl ? [payload.mediaUrl] : []);
-          const text = payload.text ?? "";
+          const text = core.channel.text.convertMarkdownTables(payload.text ?? "", tableMode);
           if (mediaUrls.length === 0) {
             const chunks = core.channel.text.chunkMarkdownText(text, textLimit);
             for (const chunk of chunks.length > 0 ? chunks : [text]) {
@@ -747,7 +763,7 @@ export async function monitorMattermostProvider(opts: MonitorMattermostOpts = {}
         onError: (err, info) => {
           runtime.error?.(`mattermost ${info.kind} reply failed: ${String(err)}`);
         },
-        onReplyStart: () => sendTypingIndicator(channelId, threadRootId),
+        onReplyStart: typingCallbacks.onReplyStart,
       });
 
     await core.channel.reply.dispatchReplyFromConfig({
@@ -758,17 +774,12 @@ export async function monitorMattermostProvider(opts: MonitorMattermostOpts = {}
         ...replyOptions,
         disableBlockStreaming:
           typeof account.blockStreaming === "boolean" ? !account.blockStreaming : undefined,
-        onModelSelected: (ctx) => {
-          prefixContext.provider = ctx.provider;
-          prefixContext.model = extractShortModelName(ctx.model);
-          prefixContext.modelFull = `${ctx.provider}/${ctx.model}`;
-          prefixContext.thinkingLevel = ctx.thinkLevel ?? "off";
-        },
+        onModelSelected: prefixContext.onModelSelected,
       },
     });
     markDispatchIdle();
-    if (historyKey && historyLimit > 0) {
-      clearHistoryEntries({ historyMap: channelHistories, historyKey });
+    if (historyKey) {
+      clearHistoryEntriesIfEnabled({ historyMap: channelHistories, historyKey, limit: historyLimit });
     }
   };
 

extensions/mattermost/src/mattermost/send.ts

@@ -181,6 +181,15 @@ export async function sendMessageMattermost(
     }
   }
 
+  if (message) {
+    const tableMode = core.channel.text.resolveMarkdownTableMode({
+      cfg,
+      channel: "mattermost",
+      accountId: account.accountId,
+    });
+    message = core.channel.text.convertMarkdownTables(message, tableMode);
+  }
+
   if (!message && (!fileIds || fileIds.length === 0)) {
     if (uploadError) {
       throw new Error(`Mattermost media upload failed: ${uploadError.message}`);
@@ -205,4 +214,4 @@ export async function sendMessageMattermost(
     messageId: post.id ?? "unknown",
     channelId,
   };
-}
+}

extensions/memory-core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/memory-core",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot core memory search plugin",
   "clawdbot": {

extensions/memory-lancedb/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/memory-lancedb",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot LanceDB-backed long-term memory plugin with auto-recall/capture",
   "dependencies": {

extensions/msteams/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2026.1.23
+
+### Changes
+- Version alignment with core Clawdbot release numbers.
+
 ## 2026.1.22
 
 ### Changes

extensions/msteams/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/msteams",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Microsoft Teams channel plugin",
   "clawdbot": {

extensions/msteams/src/attachments/download.ts

@@ -68,10 +68,10 @@ function scopeCandidatesForUrl(url: string): string[] {
       host.endsWith("1drv.ms") ||
       host.includes("sharepoint");
     return looksLikeGraph
-      ? ["https://graph.microsoft.com/.default", "https://api.botframework.com/.default"]
-      : ["https://api.botframework.com/.default", "https://graph.microsoft.com/.default"];
+      ? ["https://graph.microsoft.com", "https://api.botframework.com"]
+      : ["https://api.botframework.com", "https://graph.microsoft.com"];
   } catch {
-    return ["https://api.botframework.com/.default", "https://graph.microsoft.com/.default"];
+    return ["https://api.botframework.com", "https://graph.microsoft.com"];
   }
 }
 

extensions/msteams/src/attachments/graph.ts

@@ -198,7 +198,7 @@ export async function downloadMSTeamsGraphMedia(params: {
   const messageUrl = params.messageUrl;
   let accessToken: string;
   try {
-    accessToken = await params.tokenProvider.getAccessToken("https://graph.microsoft.com/.default");
+    accessToken = await params.tokenProvider.getAccessToken("https://graph.microsoft.com");
   } catch {
     return { media: [], messageUrl, tokenError: true };
   }

extensions/msteams/src/directory-live.ts

@@ -64,7 +64,7 @@ async function resolveGraphToken(cfg: unknown): Promise<string> {
   if (!creds) throw new Error("MS Teams credentials missing");
   const { sdk, authConfig } = await loadMSTeamsSdkWithAuth(creds);
   const tokenProvider = new sdk.MsalTokenProvider(authConfig);
-  const token = await tokenProvider.getAccessToken("https://graph.microsoft.com/.default");
+  const token = await tokenProvider.getAccessToken("https://graph.microsoft.com");
   const accessToken = readAccessToken(token);
   if (!accessToken) throw new Error("MS Teams graph token unavailable");
   return accessToken;

extensions/msteams/src/graph-upload.ts

@@ -13,7 +13,7 @@ import type { MSTeamsAccessTokenProvider } from "./attachments/types.js";
 
 const GRAPH_ROOT = "https://graph.microsoft.com/v1.0";
 const GRAPH_BETA = "https://graph.microsoft.com/beta";
-const GRAPH_SCOPE = "https://graph.microsoft.com/.default";
+const GRAPH_SCOPE = "https://graph.microsoft.com";
 
 export interface OneDriveUploadResult {
   id: string;

extensions/msteams/src/messenger.test.ts

@@ -21,6 +21,8 @@ const runtimeStub = {
         }
         return chunks;
       },
+      resolveMarkdownTableMode: () => "code",
+      convertMarkdownTables: (text: string) => text,
     },
   },
 } as unknown as PluginRuntime;
@@ -34,6 +36,7 @@ describe("msteams messenger", () => {
     it("filters silent replies", () => {
       const messages = renderReplyPayloadsToMessages([{ text: SILENT_REPLY_TOKEN }], {
         textChunkLimit: 4000,
+        tableMode: "code",
       });
       expect(messages).toEqual([]);
     });
@@ -41,7 +44,7 @@ describe("msteams messenger", () => {
     it("filters silent reply prefixes", () => {
       const messages = renderReplyPayloadsToMessages(
         [{ text: `${SILENT_REPLY_TOKEN} -- ignored` }],
-        { textChunkLimit: 4000 },
+        { textChunkLimit: 4000, tableMode: "code" },
       );
       expect(messages).toEqual([]);
     });
@@ -49,7 +52,7 @@ describe("msteams messenger", () => {
     it("splits media into separate messages by default", () => {
       const messages = renderReplyPayloadsToMessages(
         [{ text: "hi", mediaUrl: "https://example.com/a.png" }],
-        { textChunkLimit: 4000 },
+        { textChunkLimit: 4000, tableMode: "code" },
       );
       expect(messages).toEqual([{ text: "hi" }, { mediaUrl: "https://example.com/a.png" }]);
     });
@@ -57,7 +60,7 @@ describe("msteams messenger", () => {
     it("supports inline media mode", () => {
       const messages = renderReplyPayloadsToMessages(
         [{ text: "hi", mediaUrl: "https://example.com/a.png" }],
-        { textChunkLimit: 4000, mediaMode: "inline" },
+        { textChunkLimit: 4000, mediaMode: "inline", tableMode: "code" },
       );
       expect(messages).toEqual([{ text: "hi", mediaUrl: "https://example.com/a.png" }]);
     });
@@ -66,6 +69,7 @@ describe("msteams messenger", () => {
       const long = "hello ".repeat(200);
       const messages = renderReplyPayloadsToMessages([{ text: long }], {
         textChunkLimit: 50,
+        tableMode: "code",
       });
       expect(messages.length).toBeGreaterThan(1);
     });

extensions/msteams/src/messenger.ts

@@ -1,6 +1,7 @@
 import {
   isSilentReplyText,
   loadWebMedia,
+  type MarkdownTableMode,
   type MSTeamsReplyStyle,
   type ReplyPayload,
   SILENT_REPLY_TOKEN,
@@ -61,6 +62,7 @@ export type MSTeamsReplyRenderOptions = {
   textChunkLimit: number;
   chunkText?: boolean;
   mediaMode?: "split" | "inline";
+  tableMode?: MarkdownTableMode;
 };
 
 /**
@@ -196,10 +198,19 @@ export function renderReplyPayloadsToMessages(
   const chunkLimit = Math.min(options.textChunkLimit, 4000);
   const chunkText = options.chunkText !== false;
   const mediaMode = options.mediaMode ?? "split";
+  const tableMode =
+    options.tableMode ??
+    getMSTeamsRuntime().channel.text.resolveMarkdownTableMode({
+      cfg: getMSTeamsRuntime().config.loadConfig(),
+      channel: "msteams",
+    });
 
   for (const payload of replies) {
     const mediaList = payload.mediaUrls ?? (payload.mediaUrl ? [payload.mediaUrl] : []);
-    const text = payload.text ?? "";
+    const text = getMSTeamsRuntime().channel.text.convertMarkdownTables(
+      payload.text ?? "",
+      tableMode,
+    );
 
     if (!text && mediaList.length === 0) continue;
 

extensions/msteams/src/monitor-handler/message-handler.ts

@@ -1,8 +1,10 @@
 import {
   buildPendingHistoryContextFromMap,
-  clearHistoryEntries,
+  clearHistoryEntriesIfEnabled,
   DEFAULT_GROUP_HISTORY_LIMIT,
-  recordPendingHistoryEntry,
+  logInboundDrop,
+  recordPendingHistoryEntryIfEnabled,
+  resolveControlCommandGate,
   resolveMentionGating,
   formatAllowlistMatchMeta,
   type HistoryEntry,
@@ -251,15 +253,24 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) {
       senderId,
       senderName,
     });
-    const commandAuthorized = core.channel.commands.resolveCommandAuthorizedFromAuthorizers({
+    const hasControlCommandInMessage = core.channel.text.hasControlCommand(text, cfg);
+    const commandGate = resolveControlCommandGate({
       useAccessGroups,
       authorizers: [
         { configured: effectiveDmAllowFrom.length > 0, allowed: ownerAllowedForCommands },
         { configured: effectiveGroupAllowFrom.length > 0, allowed: groupAllowedForCommands },
       ],
+      allowTextCommands: true,
+      hasControlCommand: hasControlCommandInMessage,
     });
-    if (core.channel.text.hasControlCommand(text, cfg) && !commandAuthorized) {
-      logVerboseMessage(`msteams: drop control command from unauthorized sender ${senderId}`);
+    const commandAuthorized = commandGate.commandAuthorized;
+    if (commandGate.shouldBlock) {
+      logInboundDrop({
+        log: logVerboseMessage,
+        channel: "msteams",
+        reason: "control command (unauthorized)",
+        target: senderId,
+      });
       return;
     }
 
@@ -371,19 +382,17 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) {
           requireMention,
           mentioned,
         });
-        if (historyLimit > 0) {
-          recordPendingHistoryEntry({
-            historyMap: conversationHistories,
-            historyKey: conversationId,
-            limit: historyLimit,
-            entry: {
-              sender: senderName,
-              body: rawBody,
-              timestamp: timestamp?.getTime(),
-              messageId: activity.id ?? undefined,
-            },
-          });
-        }
+        recordPendingHistoryEntryIfEnabled({
+          historyMap: conversationHistories,
+          historyKey: conversationId,
+          limit: historyLimit,
+          entry: {
+            sender: senderName,
+            body: rawBody,
+            timestamp: timestamp?.getTime(),
+            messageId: activity.id ?? undefined,
+          },
+        });
         return;
       }
     }
@@ -426,7 +435,7 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) {
     let combinedBody = body;
     const isRoomish = !isDirectMessage;
     const historyKey = isRoomish ? conversationId : undefined;
-    if (isRoomish && historyKey && historyLimit > 0) {
+    if (isRoomish && historyKey) {
       combinedBody = buildPendingHistoryContextFromMap({
         historyMap: conversationHistories,
         historyKey,
@@ -467,12 +476,13 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) {
 	      ...mediaPayload,
 	    });
 
-	    void core.channel.session.recordSessionMetaFromInbound({
-	      storePath,
+    await core.channel.session.recordInboundSession({
+      storePath,
       sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
       ctx: ctxPayload,
-    }).catch((err) => {
-      logVerboseMessage(`msteams: failed updating session meta: ${String(err)}`);
+      onRecordError: (err) => {
+        logVerboseMessage(`msteams: failed updating session meta: ${String(err)}`);
+      },
     });
 
     logVerboseMessage(`msteams inbound: from=${ctxPayload.From} preview="${preview}"`);
@@ -512,10 +522,11 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) {
 
       const didSendReply = counts.final + counts.tool + counts.block > 0;
       if (!queuedFinal) {
-        if (isRoomish && historyKey && historyLimit > 0) {
-          clearHistoryEntries({
+        if (isRoomish && historyKey) {
+          clearHistoryEntriesIfEnabled({
             historyMap: conversationHistories,
             historyKey,
+            limit: historyLimit,
           });
         }
         return;
@@ -524,8 +535,12 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) {
       logVerboseMessage(
         `msteams: delivered ${finalCount} reply${finalCount === 1 ? "" : "ies"} to ${teamsTo}`,
       );
-      if (isRoomish && historyKey && historyLimit > 0) {
-        clearHistoryEntries({ historyMap: conversationHistories, historyKey });
+      if (isRoomish && historyKey) {
+        clearHistoryEntriesIfEnabled({
+          historyMap: conversationHistories,
+          historyKey,
+          limit: historyLimit,
+        });
       }
     } catch (err) {
       log.error("dispatch failed", { error: String(err) });

extensions/msteams/src/reply-dispatcher.ts

@@ -1,4 +1,7 @@
 import {
+  createReplyPrefixContext,
+  createTypingCallbacks,
+  logTypingFailure,
   resolveChannelMediaMaxBytes,
   type ClawdbotConfig,
   type MSTeamsReplyStyle,
@@ -39,24 +42,39 @@ export function createMSTeamsReplyDispatcher(params: {
 }) {
   const core = getMSTeamsRuntime();
   const sendTypingIndicator = async () => {
-    try {
-      await params.context.sendActivities([{ type: "typing" }]);
-    } catch {
-      // Typing indicator is best-effort.
-    }
+    await params.context.sendActivities([{ type: "typing" }]);
   };
+  const typingCallbacks = createTypingCallbacks({
+    start: sendTypingIndicator,
+    onStartError: (err) => {
+      logTypingFailure({
+        log: (message) => params.log.debug(message),
+        channel: "msteams",
+        action: "start",
+        error: err,
+      });
+    },
+  });
+  const prefixContext = createReplyPrefixContext({
+    cfg: params.cfg,
+    agentId: params.agentId,
+  });
 
-  return core.channel.reply.createReplyDispatcherWithTyping({
-    responsePrefix: core.channel.reply.resolveEffectiveMessagesConfig(
-      params.cfg,
-      params.agentId,
-    ).responsePrefix,
-    humanDelay: core.channel.reply.resolveHumanDelayConfig(params.cfg, params.agentId),
-    deliver: async (payload) => {
+  const { dispatcher, replyOptions, markDispatchIdle } =
+    core.channel.reply.createReplyDispatcherWithTyping({
+      responsePrefix: prefixContext.responsePrefix,
+      responsePrefixContextProvider: prefixContext.responsePrefixContextProvider,
+      humanDelay: core.channel.reply.resolveHumanDelayConfig(params.cfg, params.agentId),
+      deliver: async (payload) => {
+        const tableMode = core.channel.text.resolveMarkdownTableMode({
+          cfg: params.cfg,
+          channel: "msteams",
+      });
       const messages = renderReplyPayloadsToMessages([payload], {
         textChunkLimit: params.textLimit,
         chunkText: true,
         mediaMode: "split",
+        tableMode,
       });
       const mediaMaxBytes = resolveChannelMediaMaxBytes({
         cfg: params.cfg,
@@ -82,21 +100,27 @@ export function createMSTeamsReplyDispatcher(params: {
         mediaMaxBytes,
       });
       if (ids.length > 0) params.onSentMessageIds?.(ids);
-    },
-    onError: (err, info) => {
-      const errMsg = formatUnknownError(err);
-      const classification = classifyMSTeamsSendError(err);
-      const hint = formatMSTeamsSendErrorHint(classification);
-      params.runtime.error?.(
-        `msteams ${info.kind} reply failed: ${errMsg}${hint ? ` (${hint})` : ""}`,
-      );
-      params.log.error("reply failed", {
-        kind: info.kind,
-        error: errMsg,
-        classification,
-        hint,
-      });
-    },
-    onReplyStart: sendTypingIndicator,
-  });
+      },
+      onError: (err, info) => {
+        const errMsg = formatUnknownError(err);
+        const classification = classifyMSTeamsSendError(err);
+        const hint = formatMSTeamsSendErrorHint(classification);
+        params.runtime.error?.(
+          `msteams ${info.kind} reply failed: ${errMsg}${hint ? ` (${hint})` : ""}`,
+        );
+        params.log.error("reply failed", {
+          kind: info.kind,
+          error: errMsg,
+          classification,
+          hint,
+        });
+      },
+      onReplyStart: typingCallbacks.onReplyStart,
+    });
+
+  return {
+    dispatcher,
+    replyOptions: { ...replyOptions, onModelSelected: prefixContext.onModelSelected },
+    markDispatchIdle,
+  };
 }

extensions/msteams/src/resolve-allowlist.ts

@@ -143,7 +143,7 @@ async function resolveGraphToken(cfg: unknown): Promise<string> {
   if (!creds) throw new Error("MS Teams credentials missing");
   const { sdk, authConfig } = await loadMSTeamsSdkWithAuth(creds);
   const tokenProvider = new sdk.MsalTokenProvider(authConfig);
-  const token = await tokenProvider.getAccessToken("https://graph.microsoft.com/.default");
+  const token = await tokenProvider.getAccessToken("https://graph.microsoft.com");
   const accessToken = readAccessToken(token);
   if (!accessToken) throw new Error("MS Teams graph token unavailable");
   return accessToken;

extensions/msteams/src/send.ts

@@ -16,6 +16,7 @@ import {
 import { extractFilename, extractMessageId } from "./media-helpers.js";
 import { buildConversationReference, sendMSTeamsMessages } from "./messenger.js";
 import { buildMSTeamsPollCard } from "./polls.js";
+import { getMSTeamsRuntime } from "./runtime.js";
 import { resolveMSTeamsSendContext, type MSTeamsProactiveContext } from "./send-context.js";
 
 export type SendMSTeamsMessageParams = {
@@ -93,13 +94,21 @@ export async function sendMessageMSTeams(
   params: SendMSTeamsMessageParams,
 ): Promise<SendMSTeamsMessageResult> {
   const { cfg, to, text, mediaUrl } = params;
+  const tableMode = getMSTeamsRuntime().channel.text.resolveMarkdownTableMode({
+    cfg,
+    channel: "msteams",
+  });
+  const messageText = getMSTeamsRuntime().channel.text.convertMarkdownTables(
+    text ?? "",
+    tableMode,
+  );
   const ctx = await resolveMSTeamsSendContext({ cfg, to });
   const { adapter, appId, conversationId, ref, log, conversationType, tokenProvider, sharePointSiteId } = ctx;
 
   log.debug("sending proactive message", {
     conversationId,
     conversationType,
-    textLength: text.length,
+    textLength: messageText.length,
     hasMedia: Boolean(mediaUrl),
   });
 
@@ -134,7 +143,7 @@ export async function sendMessageMSTeams(
       const { activity, uploadId } = prepareFileConsentActivity({
         media: { buffer: media.buffer, filename: fileName, contentType: media.contentType },
         conversationId,
-        description: text || undefined,
+        description: messageText || undefined,
       });
 
       log.debug("sending file consent card", { uploadId, fileName, size: media.buffer.length });
@@ -172,14 +181,14 @@ export async function sendMessageMSTeams(
       const base64 = media.buffer.toString("base64");
       const finalMediaUrl = `data:${media.contentType};base64,${base64}`;
 
-      return sendTextWithMedia(ctx, text, finalMediaUrl);
+      return sendTextWithMedia(ctx, messageText, finalMediaUrl);
     }
 
     if (isImage && !sharePointSiteId) {
       // Group chat/channel without SharePoint: send image inline (avoids OneDrive failures)
       const base64 = media.buffer.toString("base64");
       const finalMediaUrl = `data:${media.contentType};base64,${base64}`;
-      return sendTextWithMedia(ctx, text, finalMediaUrl);
+      return sendTextWithMedia(ctx, messageText, finalMediaUrl);
     }
 
     // Group chat or channel: upload to SharePoint (if siteId configured) or OneDrive
@@ -223,7 +232,7 @@ export async function sendMessageMSTeams(
         const fileCardAttachment = buildTeamsFileInfoCard(driveItem);
         const activity = {
           type: "message",
-          text: text || undefined,
+          text: messageText || undefined,
           attachments: [fileCardAttachment],
         };
 
@@ -264,7 +273,7 @@ export async function sendMessageMSTeams(
       const fileLink = `📎 [${uploaded.name}](${uploaded.shareUrl})`;
       const activity = {
         type: "message",
-        text: text ? `${text}\n\n${fileLink}` : fileLink,
+        text: messageText ? `${messageText}\n\n${fileLink}` : fileLink,
       };
 
       const baseRef = buildConversationReference(ref);
@@ -290,7 +299,7 @@ export async function sendMessageMSTeams(
   }
 
   // No media: send text only
-  return sendTextWithMedia(ctx, text, undefined);
+  return sendTextWithMedia(ctx, messageText, undefined);
 }
 
 /**

extensions/nextcloud-talk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/nextcloud-talk",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Nextcloud Talk channel plugin",
   "clawdbot": {

extensions/nextcloud-talk/src/config-schema.ts

@@ -3,6 +3,7 @@ import {
   DmConfigSchema,
   DmPolicySchema,
   GroupPolicySchema,
+  MarkdownConfigSchema,
   requireOpenAllowFrom,
 } from "clawdbot/plugin-sdk";
 import { z } from "zod";
@@ -21,6 +22,7 @@ export const NextcloudTalkAccountSchemaBase = z
   .object({
     name: z.string().optional(),
     enabled: z.boolean().optional(),
+    markdown: MarkdownConfigSchema,
     baseUrl: z.string().optional(),
     botSecret: z.string().optional(),
     botSecretFile: z.string().optional(),

extensions/nextcloud-talk/src/inbound.ts

@@ -1,4 +1,9 @@
-import type { ClawdbotConfig, RuntimeEnv } from "clawdbot/plugin-sdk";
+import {
+  logInboundDrop,
+  resolveControlCommandGate,
+  type ClawdbotConfig,
+  type RuntimeEnv,
+} from "clawdbot/plugin-sdk";
 
 import type { ResolvedNextcloudTalkAccount } from "./accounts.js";
 import {
@@ -118,7 +123,11 @@ export async function handleNextcloudTalkInbound(params: {
     senderId,
     senderName,
   }).allowed;
-  const commandAuthorized = core.channel.commands.resolveCommandAuthorizedFromAuthorizers({
+  const hasControlCommand = core.channel.text.hasControlCommand(
+    rawBody,
+    config as ClawdbotConfig,
+  );
+  const commandGate = resolveControlCommandGate({
     useAccessGroups,
     authorizers: [
       {
@@ -127,7 +136,10 @@ export async function handleNextcloudTalkInbound(params: {
         allowed: senderAllowedForCommands,
       },
     ],
+    allowTextCommands,
+    hasControlCommand,
   });
+  const commandAuthorized = commandGate.commandAuthorized;
 
   if (isGroup) {
     const groupAllow = resolveNextcloudTalkGroupAllow({
@@ -188,15 +200,13 @@ export async function handleNextcloudTalkInbound(params: {
     }
   }
 
-  if (
-    isGroup &&
-    allowTextCommands &&
-    core.channel.text.hasControlCommand(rawBody, config as ClawdbotConfig) &&
-    commandAuthorized !== true
-  ) {
-    runtime.log?.(
-      `nextcloud-talk: drop control command from unauthorized sender ${senderId}`,
-    );
+  if (isGroup && commandGate.shouldBlock) {
+    logInboundDrop({
+      log: (message) => runtime.log?.(message),
+      channel: CHANNEL_ID,
+      reason: "control command (unauthorized)",
+      target: senderId,
+    });
     return;
   }
 
@@ -212,10 +222,6 @@ export async function handleNextcloudTalkInbound(params: {
         wildcardConfig: roomMatch.wildcardConfig,
       })
     : false;
-  const hasControlCommand = core.channel.text.hasControlCommand(
-    rawBody,
-    config as ClawdbotConfig,
-  );
   const mentionGate = resolveNextcloudTalkMentionGate({
     isGroup,
     requireMention: shouldRequireMention,
@@ -287,15 +293,14 @@ export async function handleNextcloudTalkInbound(params: {
     CommandAuthorized: commandAuthorized,
   });
 
-  void core.channel.session
-    .recordSessionMetaFromInbound({
-      storePath,
-      sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
-      ctx: ctxPayload,
-    })
-    .catch((err) => {
+  await core.channel.session.recordInboundSession({
+    storePath,
+    sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
+    ctx: ctxPayload,
+    onRecordError: (err) => {
       runtime.error?.(`nextcloud-talk: failed updating session meta: ${String(err)}`);
-    });
+    },
+  });
 
   await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({
     ctx: ctxPayload,

extensions/nextcloud-talk/src/send.ts

@@ -71,8 +71,18 @@ export async function sendMessageNextcloudTalk(
     throw new Error("Message must be non-empty for Nextcloud Talk sends");
   }
 
+  const tableMode = getNextcloudTalkRuntime().channel.text.resolveMarkdownTableMode({
+    cfg,
+    channel: "nextcloud-talk",
+    accountId: account.accountId,
+  });
+  const message = getNextcloudTalkRuntime().channel.text.convertMarkdownTables(
+    text.trim(),
+    tableMode,
+  );
+
   const body: Record<string, unknown> = {
-    message: text.trim(),
+    message,
   };
   if (opts.replyTo) {
     body.replyTo = opts.replyTo;

extensions/nostr/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2026.1.23
+
+### Changes
+- Version alignment with core Clawdbot release numbers.
+
 ## 2026.1.22
 
 ### Changes

extensions/nostr/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/nostr",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Nostr channel plugin for NIP-04 encrypted DMs",
   "clawdbot": {

extensions/nostr/src/channel.ts

@@ -133,13 +133,20 @@ export const nostrPlugin: ChannelPlugin<ResolvedNostrAccount> = {
     deliveryMode: "direct",
     textChunkLimit: 4000,
     sendText: async ({ to, text, accountId }) => {
+      const core = getNostrRuntime();
       const aid = accountId ?? DEFAULT_ACCOUNT_ID;
       const bus = activeBuses.get(aid);
       if (!bus) {
         throw new Error(`Nostr bus not running for account ${aid}`);
       }
+      const tableMode = core.channel.text.resolveMarkdownTableMode({
+        cfg: core.config.loadConfig(),
+        channel: "nostr",
+        accountId: aid,
+      });
+      const message = core.channel.text.convertMarkdownTables(text ?? "", tableMode);
       const normalizedTo = normalizePubkey(to);
-      await bus.sendDm(normalizedTo, text);
+      await bus.sendDm(normalizedTo, message);
       return { channel: "nostr", to: normalizedTo };
     },
   },

extensions/nostr/src/config-schema.ts

@@ -1,5 +1,5 @@
+import { MarkdownConfigSchema, buildChannelConfigSchema } from "clawdbot/plugin-sdk";
 import { z } from "zod";
-import { buildChannelConfigSchema } from "clawdbot/plugin-sdk";
 
 const allowFromEntry = z.union([z.string(), z.number()]);
 
@@ -63,6 +63,9 @@ export const NostrConfigSchema = z.object({
   /** Whether this channel is enabled */
   enabled: z.boolean().optional(),
 
+  /** Markdown formatting overrides (tables). */
+  markdown: MarkdownConfigSchema,
+
   /** Private key in hex or nsec bech32 format */
   privateKey: z.string().optional(),
 

extensions/open-prose/package.json

@@ -4,6 +4,8 @@
   "type": "module",
   "description": "OpenProse VM skill pack plugin (slash command + telemetry).",
   "clawdbot": {
-    "extensions": ["./index.ts"]
+    "extensions": [
+      "./index.ts"
+    ]
   }
 }

extensions/signal/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/signal",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Signal channel plugin",
   "clawdbot": {

extensions/slack/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/slack",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Slack channel plugin",
   "clawdbot": {

extensions/telegram/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/telegram",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Telegram channel plugin",
   "clawdbot": {

extensions/voice-call/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2026.1.23
+
+### Changes
+- Version alignment with core Clawdbot release numbers.
+
 ## 2026.1.22
 
 ### Changes

extensions/voice-call/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/voice-call",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot voice-call plugin",
   "dependencies": {

extensions/whatsapp/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/whatsapp",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot WhatsApp channel plugin",
   "clawdbot": {

extensions/zalo/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2026.1.23
+
+### Changes
+- Version alignment with core Clawdbot release numbers.
+
 ## 2026.1.22
 
 ### Changes

extensions/zalo/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/zalo",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Zalo channel plugin",
   "clawdbot": {

extensions/zalo/src/config-schema.ts

@@ -1,3 +1,4 @@
+import { MarkdownConfigSchema } from "clawdbot/plugin-sdk";
 import { z } from "zod";
 
 const allowFromEntry = z.union([z.string(), z.number()]);
@@ -5,6 +6,7 @@ const allowFromEntry = z.union([z.string(), z.number()]);
 const zaloAccountSchema = z.object({
   name: z.string().optional(),
   enabled: z.boolean().optional(),
+  markdown: MarkdownConfigSchema,
   botToken: z.string().optional(),
   tokenFile: z.string().optional(),
   webhookUrl: z.string().optional(),

extensions/zalo/src/monitor.ts

@@ -1,6 +1,6 @@
 import type { IncomingMessage, ServerResponse } from "node:http";
 
-import type { ClawdbotConfig } from "clawdbot/plugin-sdk";
+import type { ClawdbotConfig, MarkdownTableMode } from "clawdbot/plugin-sdk";
 
 import type { ResolvedZaloAccount } from "./accounts.js";
 import {
@@ -570,12 +570,19 @@ async function processMessageWithPipeline(params: {
     OriginatingTo: `zalo:${chatId}`,
   });
 
-  void core.channel.session.recordSessionMetaFromInbound({
+  await core.channel.session.recordInboundSession({
     storePath,
     sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
     ctx: ctxPayload,
-  }).catch((err) => {
-    runtime.error?.(`zalo: failed updating session meta: ${String(err)}`);
+    onRecordError: (err) => {
+      runtime.error?.(`zalo: failed updating session meta: ${String(err)}`);
+    },
+  });
+
+  const tableMode = core.channel.text.resolveMarkdownTableMode({
+    cfg: config,
+    channel: "zalo",
+    accountId: account.accountId,
   });
 
   await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({
@@ -591,6 +598,7 @@ async function processMessageWithPipeline(params: {
           core,
           statusSink,
           fetcher,
+          tableMode,
         });
       },
       onError: (err, info) => {
@@ -608,8 +616,11 @@ async function deliverZaloReply(params: {
   core: ZaloCoreRuntime;
   statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void;
   fetcher?: ZaloFetch;
+  tableMode?: MarkdownTableMode;
 }): Promise<void> {
   const { payload, token, chatId, runtime, core, statusSink, fetcher } = params;
+  const tableMode = params.tableMode ?? "code";
+  const text = core.channel.text.convertMarkdownTables(payload.text ?? "", tableMode);
 
   const mediaList = payload.mediaUrls?.length
     ? payload.mediaUrls
@@ -620,7 +631,7 @@ async function deliverZaloReply(params: {
   if (mediaList.length > 0) {
     let first = true;
     for (const mediaUrl of mediaList) {
-      const caption = first ? payload.text : undefined;
+      const caption = first ? text : undefined;
       first = false;
       try {
         await sendPhoto(token, { chat_id: chatId, photo: mediaUrl, caption }, fetcher);
@@ -632,8 +643,8 @@ async function deliverZaloReply(params: {
     return;
   }
 
-  if (payload.text) {
-    const chunks = core.channel.text.chunkMarkdownText(payload.text, ZALO_TEXT_LIMIT);
+  if (text) {
+    const chunks = core.channel.text.chunkMarkdownText(text, ZALO_TEXT_LIMIT);
     for (const chunk of chunks) {
       try {
         await sendMessage(token, { chat_id: chatId, text: chunk }, fetcher);

extensions/zalouser/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2026.1.23
+
+### Changes
+- Version alignment with core Clawdbot release numbers.
+
 ## 2026.1.22
 
 ### Changes

extensions/zalouser/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawdbot/zalouser",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "type": "module",
   "description": "Clawdbot Zalo Personal Account plugin via zca-cli",
   "dependencies": {

extensions/zalouser/src/config-schema.ts

@@ -1,3 +1,4 @@
+import { MarkdownConfigSchema } from "clawdbot/plugin-sdk";
 import { z } from "zod";
 
 const allowFromEntry = z.union([z.string(), z.number()]);
@@ -10,6 +11,7 @@ const groupConfigSchema = z.object({
 const zalouserAccountSchema = z.object({
   name: z.string().optional(),
   enabled: z.boolean().optional(),
+  markdown: MarkdownConfigSchema,
   profile: z.string().optional(),
   dmPolicy: z.enum(["pairing", "allowlist", "open", "disabled"]).optional(),
   allowFrom: z.array(allowFromEntry).optional(),

extensions/zalouser/src/monitor.ts

@@ -1,6 +1,6 @@
 import type { ChildProcess } from "node:child_process";
 
-import type { ClawdbotConfig, RuntimeEnv } from "clawdbot/plugin-sdk";
+import type { ClawdbotConfig, MarkdownTableMode, RuntimeEnv } from "clawdbot/plugin-sdk";
 import { mergeAllowlist, summarizeMapping } from "clawdbot/plugin-sdk";
 import { sendMessageZalouser } from "./send.js";
 import type {
@@ -311,12 +311,13 @@ async function processMessage(
     OriginatingTo: `zalouser:${chatId}`,
   });
 
-  void core.channel.session.recordSessionMetaFromInbound({
+  await core.channel.session.recordInboundSession({
     storePath,
     sessionKey: ctxPayload.SessionKey ?? route.sessionKey,
     ctx: ctxPayload,
-  }).catch((err) => {
-    runtime.error?.(`zalouser: failed updating session meta: ${String(err)}`);
+    onRecordError: (err) => {
+      runtime.error?.(`zalouser: failed updating session meta: ${String(err)}`);
+    },
   });
 
   await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({
@@ -332,6 +333,11 @@ async function processMessage(
           runtime,
           core,
           statusSink,
+          tableMode: core.channel.text.resolveMarkdownTableMode({
+            cfg: config,
+            channel: "zalouser",
+            accountId: account.accountId,
+          }),
         });
       },
       onError: (err, info) => {
@@ -351,8 +357,11 @@ async function deliverZalouserReply(params: {
   runtime: RuntimeEnv;
   core: ZalouserCoreRuntime;
   statusSink?: (patch: { lastInboundAt?: number; lastOutboundAt?: number }) => void;
+  tableMode?: MarkdownTableMode;
 }): Promise<void> {
   const { payload, profile, chatId, isGroup, runtime, core, statusSink } = params;
+  const tableMode = params.tableMode ?? "code";
+  const text = core.channel.text.convertMarkdownTables(payload.text ?? "", tableMode);
 
   const mediaList = payload.mediaUrls?.length
     ? payload.mediaUrls
@@ -363,7 +372,7 @@ async function deliverZalouserReply(params: {
   if (mediaList.length > 0) {
     let first = true;
     for (const mediaUrl of mediaList) {
-      const caption = first ? payload.text : undefined;
+      const caption = first ? text : undefined;
       first = false;
       try {
         logVerbose(core, runtime, `Sending media to ${chatId}`);
@@ -380,8 +389,8 @@ async function deliverZalouserReply(params: {
     return;
   }
 
-  if (payload.text) {
-    const chunks = core.channel.text.chunkMarkdownText(payload.text, ZALOUSER_TEXT_LIMIT);
+  if (text) {
+    const chunks = core.channel.text.chunkMarkdownText(text, ZALOUSER_TEXT_LIMIT);
     logVerbose(core, runtime, `Sending ${chunks.length} text chunk(s) to ${chatId}`);
     for (const chunk of chunks) {
       try {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawdbot",
-  "version": "2026.1.22",
+  "version": "2026.1.23",
   "description": "WhatsApp gateway CLI (Baileys web) with Pi RPC agent",
   "type": "module",
   "main": "dist/index.js",
@@ -111,7 +111,7 @@
     "format:swift": "swiftformat --lint --config .swiftformat apps/macos/Sources apps/ios/Sources apps/shared/ClawdbotKit/Sources",
     "format:all": "pnpm format && pnpm format:swift",
     "format:fix": "oxfmt --write src test",
-    "test": "vitest run",
+    "test": "node scripts/test-parallel.mjs",
     "test:watch": "vitest",
     "test:ui": "pnpm --dir ui test",
     "test:force": "node --import tsx scripts/test-force.ts",

scripts/docker/install-sh-nonroot/run.sh

@@ -19,7 +19,12 @@ echo "==> Verify git installed"
 command -v git >/dev/null
 
 echo "==> Verify clawdbot installed"
-LATEST_VERSION="$(npm view clawdbot version)"
+EXPECTED_VERSION="${CLAWDBOT_INSTALL_EXPECT_VERSION:-}"
+if [[ -n "$EXPECTED_VERSION" ]]; then
+  LATEST_VERSION="$EXPECTED_VERSION"
+else
+  LATEST_VERSION="$(npm view clawdbot version)"
+fi
 CMD_PATH="$(command -v clawdbot || true)"
 if [[ -z "$CMD_PATH" && -x "$HOME/.npm-global/bin/clawdbot" ]]; then
   CMD_PATH="$HOME/.npm-global/bin/clawdbot"

scripts/docker/install-sh-smoke/run.sh

@@ -6,21 +6,36 @@ SMOKE_PREVIOUS_VERSION="${CLAWDBOT_INSTALL_SMOKE_PREVIOUS:-}"
 SKIP_PREVIOUS="${CLAWDBOT_INSTALL_SMOKE_SKIP_PREVIOUS:-0}"
 
 echo "==> Resolve npm versions"
-LATEST_VERSION="$(npm view clawdbot version)"
 if [[ -n "$SMOKE_PREVIOUS_VERSION" ]]; then
+  LATEST_VERSION="$(npm view clawdbot version)"
   PREVIOUS_VERSION="$SMOKE_PREVIOUS_VERSION"
 else
-  PREVIOUS_VERSION="$(node - <<'NODE'
-const { execSync } = require("node:child_process");
-
-const versions = JSON.parse(execSync("npm view clawdbot versions --json", { encoding: "utf8" }));
-if (!Array.isArray(versions) || versions.length === 0) {
+  VERSIONS_JSON="$(npm view clawdbot versions --json)"
+  versions_line="$(node - <<'NODE'
+const raw = process.env.VERSIONS_JSON || "[]";
+let versions;
+try {
+  versions = JSON.parse(raw);
+} catch {
+  versions = raw ? [raw] : [];
+}
+if (!Array.isArray(versions)) {
+  versions = [versions];
+}
+if (versions.length === 0) {
   process.exit(1);
 }
-const previous = versions.length >= 2 ? versions[versions.length - 2] : versions[0];
-process.stdout.write(previous);
+const latest = versions[versions.length - 1];
+const previous = versions.length >= 2 ? versions[versions.length - 2] : latest;
+process.stdout.write(`${latest} ${previous}`);
 NODE
 )"
+  LATEST_VERSION="${versions_line%% *}"
+  PREVIOUS_VERSION="${versions_line#* }"
+fi
+
+if [[ -n "${CLAWDBOT_INSTALL_LATEST_OUT:-}" ]]; then
+  printf "%s" "$LATEST_VERSION" > "$CLAWDBOT_INSTALL_LATEST_OUT"
 fi
 
 echo "latest=$LATEST_VERSION previous=$PREVIOUS_VERSION"

scripts/test-install-sh-docker.sh

@@ -6,6 +6,9 @@ SMOKE_IMAGE="${CLAWDBOT_INSTALL_SMOKE_IMAGE:-clawdbot-install-smoke:local}"
 NONROOT_IMAGE="${CLAWDBOT_INSTALL_NONROOT_IMAGE:-clawdbot-install-nonroot:local}"
 INSTALL_URL="${CLAWDBOT_INSTALL_URL:-https://clawd.bot/install.sh}"
 CLI_INSTALL_URL="${CLAWDBOT_INSTALL_CLI_URL:-https://clawd.bot/install-cli.sh}"
+SKIP_NONROOT="${CLAWDBOT_INSTALL_SMOKE_SKIP_NONROOT:-0}"
+LATEST_DIR="$(mktemp -d)"
+LATEST_FILE="${LATEST_DIR}/latest"
 
 echo "==> Build smoke image (upgrade, root): $SMOKE_IMAGE"
 docker build \
@@ -15,31 +18,48 @@ docker build \
 
 echo "==> Run installer smoke test (root): $INSTALL_URL"
 docker run --rm -t \
+  -v "${LATEST_DIR}:/out" \
   -e CLAWDBOT_INSTALL_URL="$INSTALL_URL" \
+  -e CLAWDBOT_INSTALL_LATEST_OUT="/out/latest" \
   -e CLAWDBOT_INSTALL_SMOKE_PREVIOUS="${CLAWDBOT_INSTALL_SMOKE_PREVIOUS:-}" \
   -e CLAWDBOT_INSTALL_SMOKE_SKIP_PREVIOUS="${CLAWDBOT_INSTALL_SMOKE_SKIP_PREVIOUS:-0}" \
   -e CLAWDBOT_NO_ONBOARD=1 \
   -e DEBIAN_FRONTEND=noninteractive \
   "$SMOKE_IMAGE"
 
-echo "==> Build non-root image: $NONROOT_IMAGE"
-docker build \
-  -t "$NONROOT_IMAGE" \
-  -f "$ROOT_DIR/scripts/docker/install-sh-nonroot/Dockerfile" \
-  "$ROOT_DIR/scripts/docker/install-sh-nonroot"
+LATEST_VERSION=""
+if [[ -f "$LATEST_FILE" ]]; then
+  LATEST_VERSION="$(cat "$LATEST_FILE")"
+fi
 
-echo "==> Run installer non-root test: $INSTALL_URL"
-docker run --rm -t \
-  -e CLAWDBOT_INSTALL_URL="$INSTALL_URL" \
-  -e CLAWDBOT_NO_ONBOARD=1 \
-  -e DEBIAN_FRONTEND=noninteractive \
-  "$NONROOT_IMAGE"
+if [[ "$SKIP_NONROOT" == "1" ]]; then
+  echo "==> Skip non-root installer smoke (CLAWDBOT_INSTALL_SMOKE_SKIP_NONROOT=1)"
+else
+  echo "==> Build non-root image: $NONROOT_IMAGE"
+  docker build \
+    -t "$NONROOT_IMAGE" \
+    -f "$ROOT_DIR/scripts/docker/install-sh-nonroot/Dockerfile" \
+    "$ROOT_DIR/scripts/docker/install-sh-nonroot"
+
+  echo "==> Run installer non-root test: $INSTALL_URL"
+  docker run --rm -t \
+    -e CLAWDBOT_INSTALL_URL="$INSTALL_URL" \
+    -e CLAWDBOT_INSTALL_EXPECT_VERSION="$LATEST_VERSION" \
+    -e CLAWDBOT_NO_ONBOARD=1 \
+    -e DEBIAN_FRONTEND=noninteractive \
+    "$NONROOT_IMAGE"
+fi
 
 if [[ "${CLAWDBOT_INSTALL_SMOKE_SKIP_CLI:-0}" == "1" ]]; then
   echo "==> Skip CLI installer smoke (CLAWDBOT_INSTALL_SMOKE_SKIP_CLI=1)"
   exit 0
 fi
 
+if [[ "$SKIP_NONROOT" == "1" ]]; then
+  echo "==> Skip CLI installer smoke (non-root image skipped)"
+  exit 0
+fi
+
 echo "==> Run CLI installer non-root test (same image)"
 docker run --rm -t \
   --entrypoint /bin/bash \

scripts/test-parallel.mjs

@@ -0,0 +1,70 @@
+import { spawn } from "node:child_process";
+import os from "node:os";
+
+const pnpm = process.platform === "win32" ? "pnpm.cmd" : "pnpm";
+
+const runs = [
+  {
+    name: "unit",
+    args: ["vitest", "run", "--config", "vitest.unit.config.ts"],
+  },
+  {
+    name: "extensions",
+    args: ["vitest", "run", "--config", "vitest.extensions.config.ts"],
+  },
+  {
+    name: "gateway",
+    args: ["vitest", "run", "--config", "vitest.gateway.config.ts"],
+  },
+];
+
+const parallelRuns = runs.filter((entry) => entry.name !== "gateway");
+const serialRuns = runs.filter((entry) => entry.name === "gateway");
+
+const children = new Set();
+const isCI = process.env.CI === "true" || process.env.GITHUB_ACTIONS === "true";
+const overrideWorkers = Number.parseInt(process.env.CLAWDBOT_TEST_WORKERS ?? "", 10);
+const resolvedOverride = Number.isFinite(overrideWorkers) && overrideWorkers > 0 ? overrideWorkers : null;
+const localWorkers = Math.max(4, Math.min(16, os.cpus().length));
+const perRunWorkers = Math.max(1, Math.floor(localWorkers / parallelRuns.length));
+const maxWorkers = isCI ? null : resolvedOverride ?? perRunWorkers;
+
+const run = (entry) =>
+  new Promise((resolve) => {
+    const args = maxWorkers ? [...entry.args, "--maxWorkers", String(maxWorkers)] : entry.args;
+    const child = spawn(pnpm, args, {
+      stdio: "inherit",
+      env: { ...process.env, VITEST_GROUP: entry.name },
+      shell: process.platform === "win32",
+    });
+    children.add(child);
+    child.on("exit", (code, signal) => {
+      children.delete(child);
+      resolve(code ?? (signal ? 1 : 0));
+    });
+  });
+
+const shutdown = (signal) => {
+  for (const child of children) {
+    child.kill(signal);
+  }
+};
+
+process.on("SIGINT", () => shutdown("SIGINT"));
+process.on("SIGTERM", () => shutdown("SIGTERM"));
+
+const parallelCodes = await Promise.all(parallelRuns.map(run));
+const failedParallel = parallelCodes.find((code) => code !== 0);
+if (failedParallel !== undefined) {
+  process.exit(failedParallel);
+}
+
+for (const entry of serialRuns) {
+  // eslint-disable-next-line no-await-in-loop
+  const code = await run(entry);
+  if (code !== 0) {
+    process.exit(code);
+  }
+}
+
+process.exit(0);