Merge heartbeat, contract governance, and audit fixes

Author: Telli

src/OpenClaw.Agent/AgentRuntime.cs

@@ -88,7 +88,8 @@ public AgentRuntime(
         long sessionTokenBudget = 0,
         MemoryRecallConfig? recall = null,
         IToolSandbox? toolSandbox = null,
-        GatewayConfig? gatewayConfig = null)
+        GatewayConfig? gatewayConfig = null,
+        ToolUsageTracker? toolUsageTracker = null)
     {
         _chatClient = chatClient;
         _tools = tools;
@@ -129,7 +130,8 @@ public AgentRuntime(
             metrics,
             logger,
             config: gatewayConfig,
-            toolSandbox: toolSandbox);
+            toolSandbox: toolSandbox,
+            toolUsageTracker: toolUsageTracker);
         _cachedToolDeclarations = _toolExecutor.ToolDeclarations;
         _sessionTokenBudget = sessionTokenBudget;
         _recall = recall;

src/OpenClaw.Agent/ContractScopeHook.cs

@@ -0,0 +1,152 @@
+using System.Text.Json;
+using Microsoft.Extensions.Logging;
+using OpenClaw.Core.Abstractions;
+using OpenClaw.Core.Models;
+using OpenClaw.Agent.Tools;
+
+namespace OpenClaw.Agent;
+
+/// <summary>
+/// Enforces contract-scoped tool restrictions at tool-call time.
+/// Checks path-scoped capabilities and tool call count limits.
+/// </summary>
+public sealed class ContractScopeHook : IToolHookWithContext
+{
+    private readonly Func<string, ContractPolicy?> _contractResolver;
+    private readonly Func<string, int> _toolCallCounter;
+    private readonly ILogger _logger;
+
+    public string Name => "ContractScope";
+
+    /// <param name="contractResolver">Resolves a session ID to its contract policy (or null).</param>
+    /// <param name="toolCallCounter">Returns the current tool call count for a session ID.</param>
+    /// <param name="logger">Logger instance.</param>
+    public ContractScopeHook(
+        Func<string, ContractPolicy?> contractResolver,
+        Func<string, int> toolCallCounter,
+        ILogger logger)
+    {
+        _contractResolver = contractResolver;
+        _toolCallCounter = toolCallCounter;
+        _logger = logger;
+    }
+
+    public ValueTask<bool> BeforeExecuteAsync(string toolName, string arguments, CancellationToken ct)
+        => ValueTask.FromResult(true); // No-op for non-context path; context variant handles enforcement.
+
+    public ValueTask<bool> BeforeExecuteAsync(ToolHookContext context, CancellationToken ct)
+    {
+        var policy = _contractResolver(context.SessionId);
+        if (policy is null)
+            return ValueTask.FromResult(true);
+
+        // Check MaxToolCalls
+        if (policy.MaxToolCalls > 0)
+        {
+            var count = _toolCallCounter(context.SessionId);
+            if (count >= policy.MaxToolCalls)
+            {
+                _logger.LogInformation(
+                    "ContractScope: denied tool {Tool} for session {Session} — MaxToolCalls ({Max}) reached",
+                    context.ToolName, context.SessionId, policy.MaxToolCalls);
+                return ValueTask.FromResult(false);
+            }
+        }
+
+        // Check scoped capabilities (path restrictions)
+        var scope = FindScope(policy, context.ToolName);
+        if (scope is not null && scope.AllowedPaths.Length > 0)
+        {
+            if (TryExtractPathArgument(context.ToolName, context.ArgumentsJson, out var path) &&
+                !string.IsNullOrWhiteSpace(path))
+            {
+                if (!IsPathAllowed(path!, scope.AllowedPaths))
+                {
+                    _logger.LogInformation(
+                        "ContractScope: denied tool {Tool} path {Path} for session {Session} — outside scoped paths",
+                        context.ToolName, path, context.SessionId);
+                    return ValueTask.FromResult(false);
+                }
+            }
+        }
+
+        return ValueTask.FromResult(true);
+    }
+
+    public ValueTask AfterExecuteAsync(string toolName, string arguments, string result, TimeSpan duration, bool failed, CancellationToken ct)
+        => ValueTask.CompletedTask;
+
+    public ValueTask AfterExecuteAsync(ToolHookContext context, string result, TimeSpan duration, bool failed, CancellationToken ct)
+        => ValueTask.CompletedTask;
+
+    private static ScopedCapability? FindScope(ContractPolicy policy, string toolName)
+    {
+        foreach (var scope in policy.ScopedCapabilities)
+        {
+            if (string.Equals(scope.ToolName, toolName, StringComparison.Ordinal))
+                return scope;
+        }
+        return null;
+    }
+
+    private static bool IsPathAllowed(string path, string[] allowedPaths)
+    {
+        var expanded = ExpandTilde(path);
+        var full = ToolPathPolicy.ResolveRealPath(expanded);
+
+        var comparison = OperatingSystem.IsWindows()
+            ? StringComparison.OrdinalIgnoreCase
+            : StringComparison.Ordinal;
+
+        foreach (var allowed in allowedPaths)
+        {
+            var allowedExpanded = ExpandTilde(allowed.Trim());
+            var allowedFull = Path.GetFullPath(allowedExpanded);
+
+            if (string.Equals(full, allowedFull, comparison))
+                return true;
+
+            var root = allowedFull.EndsWith(Path.DirectorySeparatorChar)
+                ? allowedFull
+                : allowedFull + Path.DirectorySeparatorChar;
+
+            if (full.StartsWith(root, comparison))
+                return true;
+        }
+
+        return false;
+    }
+
+    private static bool TryExtractPathArgument(string toolName, string arguments, out string? path)
+    {
+        path = null;
+        var prop = toolName switch
+        {
+            "git" => "cwd",
+            _ => "path"
+        };
+
+        try
+        {
+            using var doc = JsonDocument.Parse(arguments);
+            if (doc.RootElement.TryGetProperty(prop, out var p) && p.ValueKind == JsonValueKind.String)
+            {
+                path = p.GetString();
+                return !string.IsNullOrWhiteSpace(path);
+            }
+        }
+        catch { }
+
+        return false;
+    }
+
+    private static string ExpandTilde(string path)
+    {
+        if (path.StartsWith("~/", StringComparison.Ordinal) || path == "~")
+        {
+            var home = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
+            return path.Length == 1 ? home : Path.Combine(home, path[2..]);
+        }
+        return path;
+    }
+}

src/OpenClaw.Agent/IAgentRuntimeFactory.cs

@@ -27,6 +27,7 @@ public sealed class AgentRuntimeFactoryContext
     public required bool RequireToolApproval { get; init; }
     public required IReadOnlyList<string> ApprovalRequiredTools { get; init; }
     public IToolSandbox? ToolSandbox { get; init; }
+    public ToolUsageTracker? ToolUsageTracker { get; init; }
 }
 
 public interface IAgentRuntimeFactory

src/OpenClaw.Agent/NativeAgentRuntimeFactory.cs

@@ -9,7 +9,8 @@ public sealed class NativeAgentRuntimeFactory : IAgentRuntimeFactory
     private AgentRuntime CreateRuntime(
         Microsoft.Extensions.AI.IChatClient chatClient,
         IReadOnlyList<OpenClaw.Core.Abstractions.ITool> tools,
-        AgentRuntimeFactoryContext context)
+        AgentRuntimeFactoryContext context,
+        OpenClaw.Core.Observability.ToolUsageTracker? toolUsageTracker = null)
         => new(
             chatClient,
             tools,
@@ -35,11 +36,13 @@ private AgentRuntime CreateRuntime(
             sessionTokenBudget: context.Config.SessionTokenBudget,
             recall: context.Config.Memory.Recall,
             toolSandbox: context.ToolSandbox,
-            gatewayConfig: context.Config);
+            gatewayConfig: context.Config,
+            toolUsageTracker: toolUsageTracker);
 
     public IAgentRuntime Create(AgentRuntimeFactoryContext context)
     {
-        IAgentRuntime agentRuntime = CreateRuntime(context.ChatClient, context.Tools, context);
+        var toolUsageTracker = context.ToolUsageTracker;
+        IAgentRuntime agentRuntime = CreateRuntime(context.ChatClient, context.Tools, context, toolUsageTracker);
 
         if (!context.Config.Delegation.Enabled || context.Config.Delegation.Profiles.Count == 0)
             return agentRuntime;
@@ -55,6 +58,6 @@ public IAgentRuntime Create(AgentRuntimeFactoryContext context)
             logger: context.Logger,
             recall: context.Config.Memory.Recall);
 
-        return CreateRuntime(context.ChatClient, [.. context.Tools, delegateTool], context);
+        return CreateRuntime(context.ChatClient, [.. context.Tools, delegateTool], context, toolUsageTracker);
     }
 }

src/OpenClaw.Agent/OpenClawToolExecutor.cs

@@ -30,6 +30,7 @@ public sealed class OpenClawToolExecutor
     private readonly ILogger? _logger;
     private readonly GatewayConfig _config;
     private readonly IToolSandbox? _toolSandbox;
+    private readonly ToolUsageTracker? _toolUsageTracker;
 
     public OpenClawToolExecutor(
         IReadOnlyList<ITool> tools,
@@ -40,7 +41,8 @@ public OpenClawToolExecutor(
         RuntimeMetrics? metrics = null,
         ILogger? logger = null,
         GatewayConfig? config = null,
-        IToolSandbox? toolSandbox = null)
+        IToolSandbox? toolSandbox = null,
+        ToolUsageTracker? toolUsageTracker = null)
     {
         _toolsByName = tools.ToDictionary(t => t.Name, StringComparer.Ordinal);
         _toolDeclarations = tools.Select(CreateDeclaration).Cast<AITool>().ToArray();
@@ -63,6 +65,7 @@ public OpenClawToolExecutor(
             }
         };
         _toolSandbox = toolSandbox;
+        _toolUsageTracker = toolUsageTracker;
     }
 
     public IList<AITool> ToolDeclarations => _toolDeclarations;
@@ -213,6 +216,7 @@ public async Task<ToolExecutionResult> ExecuteAsync(
 
         _metrics?.IncrementToolCalls();
         turnCtx.RecordToolCall(sw.Elapsed, toolFailed, toolTimedOut);
+        _toolUsageTracker?.RecordToolCall(tool.Name, sw.Elapsed, toolFailed, toolTimedOut);
         _logger?.LogDebug("[{CorrelationId}] Tool {Tool} completed in {Duration}ms ok={Ok}",
             turnCtx.CorrelationId,
             tool.Name,

src/OpenClaw.Channels/TelegramChannel.cs

@@ -6,6 +6,7 @@
 using OpenClaw.Core.Abstractions;
 using OpenClaw.Core.Http;
 using OpenClaw.Core.Models;
+using OpenClaw.Core.Security;
 
 namespace OpenClaw.Channels;
 
@@ -26,9 +27,7 @@ public TelegramChannel(TelegramChannelConfig config, ILogger<TelegramChannel> lo
         _logger = logger;
         _http = HttpClientFactory.Create();
 
-        var tokenSource = config.BotTokenRef.StartsWith("env:") 
-            ? Environment.GetEnvironmentVariable(config.BotTokenRef[4..]) 
-            : config.BotToken;
+        var tokenSource = SecretResolver.Resolve(config.BotTokenRef) ?? config.BotToken;
 
         _botToken = tokenSource ?? throw new InvalidOperationException("Telegram bot token not configured or missing from environment.");
     }

src/OpenClaw.Channels/WebSocketChannel.cs

@@ -280,6 +280,15 @@ public async ValueTask DisposeAsync()
             {
                 // ignore
             }
+
+            try
+            {
+                kvp.Value.SendLock.Dispose();
+            }
+            catch
+            {
+                // ignore
+            }
         }
 
         _connections.Clear();
@@ -319,13 +328,15 @@ private bool TryAddConnection(string clientId, WebSocket ws, IPAddress? remoteIp
         {
             _connectionsPerIp.AddOrUpdate(state.IpKey, 0, (_, c) => Math.Max(0, c - 1));
             Interlocked.Decrement(ref _connectionCount);
+            state.SendLock.Dispose();
             return false;
         }
 
         if (!_connections.TryAdd(clientId, state))
         {
             _connectionsPerIp.AddOrUpdate(state.IpKey, 0, (_, c) => Math.Max(0, c - 1));
             Interlocked.Decrement(ref _connectionCount);
+            state.SendLock.Dispose();
             return false;
         }
 
@@ -338,6 +349,7 @@ private void RemoveConnection(string clientId, ConnectionState state)
             Interlocked.Decrement(ref _connectionCount);
         _connectionsPerIp.AddOrUpdate(state.IpKey, 0, (_, c) => Math.Max(0, c - 1));
         try { state.Socket.Dispose(); } catch { /* ignore */ }
+        try { state.SendLock.Dispose(); } catch { /* ignore */ }
     }
 
     private async Task<string?> ReceiveFullTextMessageAsync(WebSocket ws, CancellationToken ct)

src/OpenClaw.Cli/OpenClawHttpClient.cs

@@ -20,5 +20,17 @@ public async Task<string> StreamChatCompletionAsync(
         CancellationToken cancellationToken)
         => await _inner.StreamChatCompletionAsync(request, onText, cancellationToken);
 
+    public Task<HeartbeatPreviewResponse> GetHeartbeatAsync(CancellationToken cancellationToken)
+        => _inner.GetHeartbeatAsync(cancellationToken);
+
+    public Task<HeartbeatPreviewResponse> PreviewHeartbeatAsync(HeartbeatConfigDto request, CancellationToken cancellationToken)
+        => _inner.PreviewHeartbeatAsync(request, cancellationToken);
+
+    public Task<HeartbeatPreviewResponse> SaveHeartbeatAsync(HeartbeatConfigDto request, CancellationToken cancellationToken)
+        => _inner.SaveHeartbeatAsync(request, cancellationToken);
+
+    public Task<HeartbeatStatusResponse> GetHeartbeatStatusAsync(CancellationToken cancellationToken)
+        => _inner.GetHeartbeatStatusAsync(cancellationToken);
+
     public void Dispose() => _inner.Dispose();
 }