feat(messaging): add serializable applier boundary

[sandl99]

Summary

Adds the serializable messaging applier boundary for phase 1 of the manifest-based messaging redesign. The applier consumes SandboxMessagingPlan directly, applies generic OpenShell credential/config/policy work, and adds compiler support for manifest-declared reachability hooks without moving production conflict detection.

Related Issue

Fixes #3996
Part of #3896

Changes

• Add src/lib/messaging/applier/ with env transport, serialization checks, OpenShell credential provider application, policy application, agent config rendering, and hook-returned build-file application.
• Add Telegram reachability-check hook metadata plus fake reachability hook implementation for phase-1 tests.
• Run reachability hooks during manifest compilation after enrollment input availability is known while keeping raw secrets out of returned plans.
• Make WeChat post-install account seeding visible through hook-returned build files and apply those outputs to OpenClaw account files and openclaw.json.
• Filter hook/build-step planning by agent so OpenClaw-only WeChat work does not appear in Hermes plans.
• Add focused tests for applier behavior, reachability hooks, hook-returned file writes, serialization, and secret hygiene.

Type of Change

• Code change (feature, bug fix, or refactor)
• Code change with doc updates
• Doc only (prose changes, no code sample modifications)
• Doc only (includes code sample changes)

Verification

• npx prek run --all-files passes
• npm test passes
• Tests added or updated for new or changed behavior
• No secrets, API keys, or credentials committed
• Docs updated for user-facing behavior changes
• make docs builds without warnings (doc changes only)
• Doc pages follow the style guide (doc changes only)
• New doc pages include SPDX header and frontmatter (new pages only)

Targeted checks run:

• npm test -- --project cli src/lib/messaging
• npm run typecheck:cli
• npm run lint -- src/lib/messaging
• npm run source-shape:check
• git diff --check

Full pre-commit CLI tests were not marked as passing because an unrelated host debug-output assertion failed in test/cli.test.ts:1434.

---

Signed-off-by: San Dang sdang@nvidia.com

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 733d1b9d-6921-40ca-8046-d8121e8ff2c9

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch u/sdang/messaging-legacy-projection-applier-3996

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

E2E Advisor Recommendation

Required E2E: messaging-providers-e2e, channels-stop-start-e2e, channels-add-remove-e2e
Optional E2E: messaging-compatible-endpoint-e2e, network-policy-e2e, hermes-slack-e2e

Dispatch hint: messaging-providers-e2e,channels-stop-start-e2e,channels-add-remove-e2e

Workflow run

Full advisor summary

E2E Recommendation Advisor

Base: origin/u/sdang/messaging-workflow-planner-3995
Head: HEAD
Confidence: high

Required E2E

• messaging-providers-e2e (high): Required because the PR changes the messaging credential/provider placeholder chain, Telegram and WeChat manifests/hooks, OpenClaw config rendering, and policy presets. This job validates provider creation/attachment, placeholder isolation, config patching, network reachability, and WeChat/WhatsApp messaging provider behavior with fake tokens.
• channels-stop-start-e2e (high): Required because workflow planner/compiler changes affect active/configured/disabled channel lifecycle semantics and agent-specific hooks/build steps. This job exercises stop/start/remove lifecycle across OpenClaw and Hermes for telegram, discord, wechat, slack, and whatsapp.
• channels-add-remove-e2e (high): Required because planRemove/planAddChannel behavior and messaging policy/provider side effects changed. This job specifically validates Telegram channel add/remove, provider detachment, policy preset application/removal, and rebuild behavior with token env still present.

Optional E2E

• messaging-compatible-endpoint-e2e (medium): Useful additional confidence for the Telegram OpenClaw real-user path because the PR changes Telegram manifest hooks/render planning and config application; this job validates Telegram config alongside inference.local routing through a hermetic compatible endpoint.
• network-policy-e2e (medium): Optional broader coverage for policy application boundaries. Messaging-specific policy preset application is covered by required messaging/channel jobs, but this can catch regressions in OpenShell policy behavior adjacent to applyPolicyAtOpenShell.
• hermes-slack-e2e (medium): Optional Hermes confidence for the generic render-template and credential placeholder changes, especially env-line rendering and provider placeholder substitution in Hermes.

New E2E recommendations

• messaging setup applier (high): The new MessagingSetupApplier serializes plans through env and applies credentials, policy, hook build-file outputs, and agent config through real OpenShell commands, but no existing E2E appears to target this plan-handoff/applier path directly as a first-class workflow.
  • Suggested test: Add an E2E that compiles a Telegram+WeChat SandboxMessagingPlan, writes it via NEMOCLAW_MESSAGING_PLAN_B64, applies credentials/policy/config through a real OpenShell sandbox, and asserts provider args, openclaw.json fragments, plugin install/load paths, and no secret leakage.
• telegram reachability hook (medium): Telegram now has a reachability-check hook that can abort enrollment, but existing Telegram E2Es mostly use fake tokens and some explicitly skip Telegram reachability. A regression in hook invocation/failure handling may not be caught.
  • Suggested test: Add a hermetic Telegram getMe reachability E2E using a local Telegram API stub that verifies successful reachability continues onboarding and failed reachability aborts without leaking the bot token.
• WeChat OpenClaw plugin seeding (medium): WeChat fake post-agent-install output now installs/enables openclaw-weixin and writes account files. Existing provider coverage may not assert the new plugin installs/load-path fields end-to-end.
  • Suggested test: Extend or add a WeChat E2E assertion that after non-interactive OpenClaw onboarding, openclaw.json includes plugins.installs/openclaw-weixin, plugins.load.paths, enabled plugin entry, and the per-account config files with placeholders only.

Dispatch hint

• Workflow: nightly-e2e.yaml
• jobs input: messaging-providers-e2e,channels-stop-start-e2e,channels-add-remove-e2e

[github-actions]

E2E Scenario Advisor Recommendation

Required scenario E2E: None
Optional scenario E2E: None

Workflow run

Full scenario advisor summary

E2E Scenario Advisor

Base: origin/u/sdang/messaging-workflow-planner-3995
Head: HEAD
Confidence: high

Required scenario E2E

• None. No scenario workflow, scenario metadata, scenario runtime, or validation-suite files changed.

Optional scenario E2E

• None.

Relevant changed files

• None.

[github-actions]

PR Review Advisor

Findings: 0 needs attention, 1 worth checking, 0 nice ideas
Top item: PR review advisor unavailable

Review findings

🛠️ Needs attention

• None.

🔎 Worth checking

• PR review advisor unavailable: The automated advisor could not complete: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt
  • Recommendation: Re-run the PR Review Advisor or perform a manual review.
  • Evidence: Could not parse JSON from PR review advisor output; see /home/runner/work/NemoClaw/NemoClaw/artifacts/pr-review-advisor/pr-review-advisor-raw-output.txt

🌱 Nice ideas

• None.

Workflow run details

This is an automated advisory review. A human maintainer must make the final merge decision.

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.