fix: harden OpenClaw 2026.5.2 RC readiness

[peg]

Why this is in the 1.0 RC

OpenClaw 2026.5.2 changes made the old Rampart assumptions around approval hardening and plugin/runtime detection too brittle. This PR moves the RC path to the native OpenClaw plugin model and makes install/doctor behavior match what actually ships in current OpenClaw.

What changed

• Native OpenClaw plugin readiness

  • Treats installed Rampart native plugin approvals as the healthy path instead of requiring legacy exec approval bundle patching.
  • Aligns plugins.entries.rampart.config.approvalTimeoutMs to Rampart's 120s approval timeout.
  • Resolves the active OpenClaw state/config path before inspecting or patching.

• Plugin metadata + gateway contract

  • Adds explicit activation.onCapabilities: ["hook"] metadata.
  • Adds package install floor via openclaw.install.minHostVersion.
  • Fixes rampart.status to use OpenClaw's current gateway respond(true, payload) RPC contract.

• Fresh install / upgrade reliability

  • Repairs stale OpenClaw plugin records before reinstalling Rampart.
  • Preserves OpenClaw native approval ownership (tools.exec.ask = "off") while Rampart evaluates policy behind it.
  • Adds a macOS/headless fallback: if rampart serve install does not become reachable, setup falls back to rampart serve --background.
  • Suppresses false plugin-version mismatch warnings for Go pseudo-version/dev branch builds.

• Regression coverage and docs

  • Adds tests for OpenClaw plugin metadata, gateway status contract, setup repair behavior, approval hardening diagnostics, and shell wrapper normalization.
  • Updates OpenClaw docs/support matrix/threat model/RC readiness notes to reflect the native-plugin model.

Validation

Local agent-01:

• go test ./... -count=1
• go vet ./...
• go build -o /tmp/rampart-rc ./cmd/rampart
• node internal/plugin/openclaw/smoke-test.mjs
• node internal/plugin/openclaw/approval-regression.mjs
• node internal/plugin/openclaw/degraded-mode-test.mjs
• /tmp/rampart-rc doctor --json against OpenClaw 2026.5.2 (8b2a6e5): 0 issues, 0 warnings

Mac test account (claptest@trevors-macbook-pro.tail7ff9d2.ts.net):

• Fresh install drill at commit 8cc8317:
  • OpenClaw 2026.5.2
  • clean Rampart state
  • rampart setup openclaw --force
  • rampart serve --background
  • OpenClaw gateway restart
  • rampart doctor --json: 0 issues, 0 warnings
• Upgrade drill at commit 8cc8317:
  • baseline v0.9.22 on OpenClaw 2026.5.2 reproduced the old approval warning
  • upgraded to this PR commit
  • rampart doctor --fix
  • OpenClaw gateway restart
  • rampart doctor --json: 0 issues, 0 warnings

GitHub CI:

• Ubuntu tests: passing
• macOS tests: passing
• Windows tests: passing
• GoReleaser snapshot/cross-platform build check: passing

Reviewer focus

Please look hardest at:

1. cmd/rampart/cli/setup_openclaw_plugin.go — install/repair flow and background serve fallback.
2. cmd/rampart/cli/doctor.go — native plugin vs legacy approval-hardening diagnostics.
3. internal/plugin/openclaw/index.js — rampart.status gateway method and approval/degraded behavior.
4. Threat-model/docs language — make sure the fail-open/native-plugin story is honest and not overclaiming.

Known limitations / not hidden

• The native plugin is now the preferred OpenClaw path; legacy dist patching remains compatibility fallback and is still inherently brittle against OpenClaw bundle changes.
• Degraded behavior is still tool-class dependent and governed by plugin failOpenTools settings.
• From SSH on the Mac, openclaw gateway call rampart.status previously hit an OpenClaw pairing/scope-upgrade prompt. That appears to be an OpenClaw local gateway scope/pairing behavior, not Rampart plugin load failure: openclaw plugins inspect rampart and rampart doctor --json were clean.