Add safe session actions and checkpoint controls

[bkudiess]

Summary

• Add confirmed Reset, Compact, Delete, Export transcript, and Checkpoints actions to the Sessions page.
• Centralize session action confirmation and fail-closed main-session protection in shared helpers used by both Sessions page and App/toast actions.
• Use gateway compaction checkpoint APIs for list, branch, and restore, with safe restore gating and clear unsupported-gateway messaging.

Validation

• git diff --check ✅
• ./build.ps1 ✅
• $env:OPENCLAW_REPO_ROOT='C:\Projects\copilot-worktrees\openclaw-windows-node\bkudiess-super-train'; dotnet test ./tests/OpenClaw.Shared.Tests/OpenClaw.Shared.Tests.csproj --nologo -v q ✅ — 2609 passed, 31 skipped, 2640 total
• $env:OPENCLAW_REPO_ROOT='C:\Projects\copilot-worktrees\openclaw-windows-node\bkudiess-super-train'; dotnet test ./tests/OpenClaw.Tray.Tests/OpenClaw.Tray.Tests.csproj --nologo -v q ✅ — 1284 passed
• Rubber-duck review with GPT-5.5 and Claude Opus 4.8 ✅; findings addressed before validation

Real behavior proof

• Launched the current branch locally with ./run-app-local.ps1 -NoBuild -AllowNonMain.
• Current-head UI screenshot provided by the developer shows the Sessions page action menu with Reset, Compact, Checkpoints, Export transcript, and Delete disabled for the main session.
• App/toast session actions now use the same shared fail-closed main-session identity policy as the Sessions page, including known main-key shapes and unknown identity blocking for Delete/Restore.
• Checkpoints branch/restore require a gateway that exposes compaction checkpoints; unsupported gateways surface a Not supported message. Destructive Restore was not live-executed during proof to avoid mutating the active session, and is covered by confirmation, main-session blocking, freshness checks, and unit tests.

Manual verification steps

1. Open the tray app and navigate to Sessions.
2. Open a session row's More actions menu.
3. Confirm Reset/Compact/Delete prompt before sending; Delete should be disabled/blocked for the main session.
4. Use Export transcript to save a .txt transcript.
5. Open Checkpoints; verify checkpoints list or a clear unsupported message.
6. When checkpoints exist, verify Branch from latest/top checkpoint and Restore latest use the checkpoint controls, with Restore hidden/blocked if the target is ambiguous or the session is main.

ClawSweeper follow-up

• Addressed P1 session-state safety finding by moving fail-closed main-session resolution into shared SessionActionPlanner and using it from both App/toast actions and Sessions page actions.
• Added focused shared tests for canonical main-key shapes, unknown identity blocking, session-list fallback, and checkpoint latest-selection.

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 27, 2026, 3:56 AM ET / 07:56 UTC.

Summary
The branch adds confirmed session reset/compact/delete actions, transcript export, and compaction checkpoint list/branch/restore controls with shared session action policy helpers and focused tests.

Reproducibility: not applicable. as a feature PR. Source inspection confirms current main lacks the new Sessions page Checkpoints and Export transcript actions, and the PR adds them.

Review metrics: 2 noteworthy metrics.

• Changed surface: 22 files, +1667/-43. The PR spans shared protocol interfaces, new shared helpers, WinUI session UI, localized resources, and shared/tray tests.
• New shared helpers: 3 added. Session action planning, checkpoint selection, and transcript formatting now carry reusable session-state policy across UI entry points.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🐚 platinum hermit
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P1] Attach redacted current-head proof for transcript export, checkpoint list or unsupported-gateway handling, and blocked main-session Delete/Restore controls.
• Include proof for the App/toast session action path or note a concrete blocker in the PR body.

Proof guidance:

• [P1] Needs stronger real behavior proof before merge: The PR body describes local UI proof, but no accessible current-head screenshot, recording, terminal output, linked artifact, copied live output, or redacted logs are inspectable; contributors should redact private details before posting proof and updating the PR body should trigger a fresh ClawSweeper review, or a maintainer can comment @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Mantis proof suggestion
A desktop visual proof would materially help verify the Sessions page export/checkpoint flows and blocked destructive main-session controls. A maintainer can ask Mantis to capture proof by posting this exact PR comment:

@openclaw-mantis visual task: verify Sessions page export, checkpoint list/unsupported handling, and main-session Delete/Restore blocking.

Risk before merge

• [P1] The PR adds UI controls that can delete or roll back session state, so maintainers should see current-head proof of the main-session blocking and checkpoint freshness behavior before merge.
• [P1] Transcript export, checkpoint list or unsupported-gateway handling, and App/toast session actions are described in the PR body but no inspectable current-head artifact is available for review.
• [P1] Destructive Restore was intentionally not live-executed during contributor proof, leaving source and tests as the only evidence for that path.

Maintainer options:

1. Require inspectable current-head proof (recommended)
   Ask for a redacted screenshot, recording, terminal output, copied live output, linked artifact, or logs showing transcript export plus checkpoint list or unsupported-gateway behavior and main-session Delete/Restore blocking on the current head.
2. Accept source-and-test safety
   Maintainers may intentionally accept the source-level planner gates, freshness checks, and reported test validation without live proof, but that owns the session-state runtime risk.
3. Narrow destructive controls
   If proof cannot be supplied, pause Delete/Restore or checkpoint restore controls and land only the safer session actions in a narrower follow-up.

Next step before merge

• [P1] This needs contributor-supplied real behavior proof and maintainer acceptance of the session-state UX before merge; automation cannot supply the missing proof.

Security
Cleared: No concrete supply-chain, dependency, credential, workflow, permission, or third-party code execution concern was found in the diff.

Review details

Best possible solution:

Land after a maintainer accepts the session-state UX and the PR includes redacted current-head proof for export, checkpoint list or unsupported handling, and blocked destructive main-session actions.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a feature PR. Source inspection confirms current main lacks the new Sessions page Checkpoints and Export transcript actions, and the PR adds them.

Is this the best way to solve the issue?

Mostly yes: centralizing destructive session policy in shared helpers is the maintainable direction. It is not the best landing shape until maintainers have inspectable current-head proof for the session-state UX.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against d6b1a72f6d23.

Label changes

Label justifications:

• P2: This is a bounded user-facing session management improvement with limited blast radius but real session-state safety implications.
• merge-risk: 🚨 session-state: The PR adds delete and checkpoint restore controls that can remove or roll back session state if identity or checkpoint selection behavior is wrong.
• rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The PR body describes local UI proof, but no accessible current-head screenshot, recording, terminal output, linked artifact, copied live output, or redacted logs are inspectable; contributors should redact private details before posting proof and updating the PR body should trigger a fresh ClawSweeper review, or a maintainer can comment @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

What I checked:

• Repository policy read: AGENTS.md was read fully; its tray UX validation and proof guidance affected this review, but no build or tests were run because this cleanup review is read-only. (AGENTS.md:1, d6b1a72f6d23)
• Current main lacks the requested UI actions: Current main's Sessions menu exposes Reset, Compact, and Delete only; Checkpoints and Export transcript are not already implemented on main. (src/OpenClaw.Tray.WinUI/Pages/SessionsPage.xaml:186, d6b1a72f6d23)
• PR adds visible session actions: The PR adds Checkpoints and Export transcript menu entries and keeps Delete gated by CanDelete. (src/OpenClaw.Tray.WinUI/Pages/SessionsPage.xaml:206, 8ab347674b4c)
• Shared session safety policy: SessionActionPlanner blocks Delete and Restore for main-session identity, and blocks Delete/Restore when main-session identity is unknown. (src/OpenClaw.Shared/Sessions/SessionActionPlanner.cs:73, 8ab347674b4c)
• Restore freshness guard: Before restore, the PR re-lists checkpoints and refuses to restore if the confirmed checkpoint is no longer the unambiguous latest checkpoint. (src/OpenClaw.Tray.WinUI/Pages/SessionsPage.xaml.cs:683, 8ab347674b4c)
• Proof is not inspectable: The PR body claims a current-head screenshot and local run, but gh output shows no accessible screenshot, recording, logs, terminal output, or linked artifact in the body or comments; the proof screenshot label was also removed after the earlier review. (8ab347674b4c)

Likely related people:

• bkudiess: Authored the current-main gateway protocol foundation that introduced the typed compaction checkpoint APIs used by this PR, and also opened this PR. (role: gateway protocol foundation and recent session-adjacent contributor; confidence: high; commits: 2cae69ba6ca4; files: src/OpenClaw.Shared/OpenClawGatewayClient.Protocol.cs, src/OpenClaw.Shared/IOperatorGatewayClient.cs)
• QQSHI13: Authored the current-main change threading session keys through notifications, toast activation, and chat navigation in the App/Sessions routing area this PR extends. (role: recent session and toast routing contributor; confidence: medium; commits: 6283fb174ead; files: src/OpenClaw.Tray.WinUI/App.xaml.cs, src/OpenClaw.Tray.WinUI/Pages/SessionsPage.xaml.cs)
• shanselman: Authored the latest PR-head hardening commits for localization, ID-less checkpoint handling, and checkpoint action safety after the earlier ClawSweeper review. (role: current PR hardening committer; confidence: medium; commits: 95c012198928, 12716bad6783, 08367655a7cf; files: src/OpenClaw.Tray.WinUI/Pages/SessionsPage.xaml, src/OpenClaw.Tray.WinUI/Pages/SessionsPage.xaml.cs, src/OpenClaw.Shared/OpenClawGatewayClient.Protocol.cs)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[bkudiess]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.