Kilo-Org
diff --git a/‎.agents/skills/kiloclaw-openclaw-upgrade/SKILL.md‎
Lines changed: 76 additions & 0 deletions b/‎.agents/skills/kiloclaw-openclaw-upgrade/SKILL.md‎
Lines changed: 76 additions & 0 deletions
diff --git a/‎.agents/skills/kiloclaw-openclaw-upgrade/reference/validation-checklist.md‎
Lines changed: 131 additions & 0 deletions b/‎.agents/skills/kiloclaw-openclaw-upgrade/reference/validation-checklist.md‎
Lines changed: 131 additions & 0 deletions
diff --git a/‎apps/web/src/app/(app)/claw/components/changelog-data.ts‎
Lines changed: 6 additions & 0 deletions b/‎apps/web/src/app/(app)/claw/components/changelog-data.ts‎
Lines changed: 6 additions & 0 deletions
@@ -0,0 +1,76 @@
+---
+name: kiloclaw-openclaw-upgrade
+description: Upgrades the OpenClaw version packaged in KiloClaw images and validates safe live persisted-root replacement. Use when bumping OpenClaw, reviewing a KiloClaw OpenClaw upgrade PR, running packaged-image upgrade smoke tests, or investigating OpenClaw Dockerfile patches, plugin diagnostics, or compatibility changes.
+---
+
+# KiloClaw OpenClaw Upgrade
+
+Use this workflow for any packaged OpenClaw version change under `services/kiloclaw`.
+The smoke scripts are the executable source of truth; this skill governs release
+preparation, investigation, and review decisions around them.
+
+## First Reads
+
+Before editing or reviewing, read:
+
+- `AGENTS.md`
+- `services/kiloclaw/AGENTS.md`
+- `.specs/kiloclaw-controller.md`
+- `services/kiloclaw/DEVELOPMENT.md` controller smoke section
+- `reference/validation-checklist.md` in this skill
+
+## Upgrade Workflow
+
+1. Check `git status`, the PR branch/base, and existing PR review feedback. Do not
+   disturb a dirty main worktree; use an isolated worktree or clean branch checkout.
+2. Inspect `services/kiloclaw/Dockerfile`, bundled plugin `package.json` files,
+   `pnpm-workspace.yaml`, and `pnpm-lock.yaml` before changing the pin.
+3. Update the checked-in image pin and align bundled plugin compile-time/peer
+   dependencies. Update lockfile, package-policy configuration if required by a
+   deliberately validated release, runbook expectations, and user-facing changelog
+   when the release is part of the change.
+4. Build the candidate image. If a Dockerfile patch guard fails, inspect the new
+   OpenClaw package artifact or source rather than loosening the guard blindly.
+5. Run `bash services/kiloclaw/scripts/controller-openclaw-upgrade-smoke-test.sh`
+   from a clean committed bump branch. It compares refreshed `origin/main` by
+   default, or an intentionally justified `BASE_REF`, to committed `HEAD` and retains
+   `/root` between image phases.
+6. Run required final KiloClaw submission gates and review output, diagnostics, and
+   PR documentation before making the PR ready.
+
+## Required Upgrade Evidence
+
+Require successful checks for:
+
+- Installed OpenClaw before/after versions.
+- Candidate existing-config startup through the controller's `openclaw doctor` path.
+- `openclaw config validate --json` in each phase.
+- Controller/gateway readiness and proxied Control UI HTML.
+- Packaged Kilo Chat config, plugin load, diagnostics handling, and semantic live
+  webhook probe.
+- A real, non-sensitive agent turn through `kilocode/kilo-auto/free`.
+
+## Investigation Rules
+
+- Preserve the KiloCode model-discovery timeout mitigation unless OpenClaw exposes a
+  production-supported configuration or environment override used by its inner
+  KiloCode fetch. Do not confuse live-test outer catalog timeouts with production
+  provider discovery configuration.
+- Target Dockerfile bundle patches using provider-specific markers such as
+  `KILOCODE_MODELS_URL`; do not patch a generic minified constant across providers.
+- Treat newly surfaced `plugins inspect` or `doctor` diagnostics as findings. Do not
+  infer that a warning is harmless solely because the gateway becomes ready.
+- If the smoke allows a known cosmetic warning, surface it in output and fail any
+  changed or additional diagnostic until reviewed.
+
+## Security And Reporting
+
+- Never print or post Kilo API keys, organization credentials, gateway/proxy tokens,
+  raw provider responses, or credential-bearing container logs.
+- Keep live smoke containers bound to loopback and generate a random controller/proxy
+  token by default unless a deliberate override is required for a controlled run.
+- Send only generated non-sensitive nonce prompts through Auto Free.
+- In the PR, document the before/after versions, persisted-root live result, manual
+  verification, known diagnostics with their impact, and any Docker patch adaptation.
+- Keep live provider testing manual/opt-in unless credential and transient-free-model
+  constraints are deliberately addressed for gating.
@@ -0,0 +1,131 @@
+# OpenClaw Upgrade Validation Checklist
+
+Use this reference after reading the KiloClaw controller spec and current scripts.
+File names are stable workflow touchpoints; verify the actual branch diff instead of
+assuming every upgrade needs every file.
+
+## Typical Release Touchpoints
+
+| Path | Check |
+|---|---|
+| `services/kiloclaw/Dockerfile` | Pinned OpenClaw release and build-time compatibility patches |
+| `services/kiloclaw/plugins/kilo-chat/package.json` | OpenClaw peer/dev version alignment |
+| `services/kiloclaw/plugins/kiloclaw-morning-briefing/package.json` | OpenClaw peer/dev version alignment |
+| `pnpm-lock.yaml` | Resolved plugin compile/test dependency graph |
+| `pnpm-workspace.yaml` | Release-age or build-script policy needed for the reviewed pin |
+| `services/kiloclaw/e2e/docker-image-testing.md` | Expected image version in manual checks |
+| `apps/web/src/app/(app)/claw/components/changelog-data.ts` | User-visible release note when applicable |
+
+`services/kiloclaw/Dockerfile.local` installs a developer-provided tarball rather
+than the published production pin; do not update it solely for a release number.
+
+## Narrow Checks Before Live Validation
+
+Run repository-required formatting before committing. Prefer targeted checks while
+iterating, then allow push hooks or the relevant release process to run broader gates.
+
+```bash
+pnpm install --lockfile-only
+pnpm install --frozen-lockfile
+pnpm format
+bash -n services/kiloclaw/scripts/controller-smoke-helpers.sh
+bash -n services/kiloclaw/scripts/controller-live-provider-smoke-test.sh
+bash -n services/kiloclaw/scripts/controller-openclaw-upgrade-smoke-test.sh
+git diff --check
+bun run script/check-md-table-padding.ts
+pnpm --filter @kiloclaw/kilo-chat test
+pnpm --filter @kiloclaw/kiloclaw-morning-briefing test
+pnpm --filter @kiloclaw/kiloclaw-morning-briefing typecheck
+```
+
+If pnpm rejects a just-reviewed OpenClaw release because of repository supply-chain
+policy, do not bypass installation ad hoc. Determine whether an explicit narrow policy
+entry is justified by the pinned image build and successful live upgrade evidence.
+
+Before submitting a KiloClaw change, run the required final gates from
+`services/kiloclaw/AGENTS.md`:
+
+```bash
+# Before tests, confirm Postgres is active or start it with pnpm test:db.
+docker compose -f dev/docker-compose.yml ps postgres
+pnpm typecheck
+pnpm test
+pnpm lint
+```
+
+If a required final gate cannot be run, state that explicitly in the PR and handoff;
+do not describe narrow checks as full submission validation.
+
+## Official Upgrade Smoke
+
+Run only from a clean committed bump branch; the wrapper builds detached source
+worktrees so ignored local files do not enter either candidate image.
+
+```bash
+bash services/kiloclaw/scripts/controller-openclaw-upgrade-smoke-test.sh
+```
+
+Expected behaviors:
+
+- It refreshes `origin/main` by default; use `BASE_REF` only when the intended
+  upgrade baseline differs and document that reason in the PR.
+- It rejects an identical before/after OpenClaw pin by default.
+- It builds one baseline and one candidate image from checked-in Dockerfiles.
+- It starts the baseline on an empty temporary `/root`, then starts the candidate
+  against the same `/root`.
+- The candidate therefore exercises existing-config startup and `openclaw doctor`.
+
+## Pass Criteria
+
+A release candidate is not validated until output proves all of the following:
+
+| Assertion | Why it matters |
+|---|---|
+| `OpenClaw version` for each phase | Images contain the intended packages |
+| `OpenClaw config validate` | Resulting config is accepted explicitly |
+| Gateway status and Control UI proxy | Controller and gateway boot correctly |
+| Configured live smoke model | KiloCode model selection survived boot/upgrade |
+| Kilo Chat plugin load | Packaged extension loads successfully |
+| Kilo Chat diagnostics | New warnings/errors cannot remain invisible |
+| Kilo Chat webhook semantic rejection | Live handler route is registered without side effects |
+| Live Auto Free agent turn | Real Kilo Gateway compatibility and execution work |
+
+## Docker Patch Investigation
+
+OpenClaw bundles may change between releases. If an image build fails around a
+minified bundle patch:
+
+1. Obtain or inspect the intended OpenClaw package without exposing credentials.
+2. Locate provider-specific markers and the exact behavior being patched.
+3. Confirm whether the patch is still necessary or whether upstream added a stable
+   production config/env setting.
+4. Change the assertion to target the intended provider/behavior, not whichever
+   generic text happens to match first.
+5. Rebuild and rerun the persisted-root live smoke.
+
+The KiloCode model discovery workaround patches KiloCode's own fetch timeout. An
+environment variable that only wraps live-test provider catalog execution does not
+replace that production fetch-level control.
+
+## Diagnostics Policy
+
+Inspect plugin diagnostics through `openclaw plugins inspect kilo-chat --json`.
+Current smoke behavior may explicitly surface an acknowledged cosmetic warning, such
+as missing optional `channelConfigs` metadata, while verifying runtime routing
+separately. Do not expand the allowance without review:
+
+- Fail on any unexpected warning or error.
+- Include the exact accepted diagnostic and impact assessment in the PR.
+- Prefer fixing actionable metadata rather than retaining a permanent allowance.
+
+## Safe PR Evidence
+
+A PR verification summary may include image tags, version checks, named assertions,
+pass/fail totals, and known diagnostic text. While reviewing or modifying live smoke,
+keep its controller port loopback-only and its default controller/proxy token randomly
+generated. A PR summary must not include:
+
+- API key or organization credential values.
+- Controller/proxy or gateway tokens.
+- Raw provider response bodies or failure logs from live credential runs.
+- Sensitive prompts; use only generated nonce prompts in live smoke tests.
@@ -10,6 +10,12 @@ export type ChangelogEntry = {
 
 // Newest entries first. Developers add new entries to the top of this array.
 export const CHANGELOG_ENTRIES: ChangelogEntry[] = [
+  {
+    date: '2026-05-28',
+    description: 'Updated OpenClaw to 2026.5.22.',
+    category: 'feature',
+    deployHint: 'redeploy_suggested',
+  },
   {
     date: '2026-05-27',
     description: