…Agent

Native OpenClaw plugin that loads enabled sensors from
~/.world2agent/sensors.json in-process, queues each emitted signal per
sensor session, and dispatches it through api.runtime.agent.runEmbeddedAgent
so a fresh agent turn handles every signal. Verified end-to-end against a
local OpenClaw 2026.4.15 gateway with @world2agent/sensor-hackernews +
openrouter/moonshotai/kimi-k2.6.

Hard contracts enforced at register():
- agents.defaults.contextInjection must equal "continuation-skip"; missing
  setting causes plugin start to throw with the exact field path to fix.
  Same check fires up front in `openclaw world2agent sensor add` so the
  install path fails before mutating manifest state.
- api.runtime.agent.runEmbeddedAgent must be present; surfaces as an M0
  spike message rather than a silent no-op.
- register() stays synchronous; OpenClaw's plugin loader drops registers
  that return a Promise. Async startup work runs as fire-and-forget.

Other notable bits:
- Resolves provider/model from agents.defaults.model.primary because
  runEmbeddedAgent itself ignores the operator default and falls back to
  openai/gpt-5.4 when nothing is passed.
- Pins sessionId per sensor (`w2a-<sensorId>`, sanitised against
  SAFE_SESSION_ID_RE) so continuation turns reuse the same transcript;
  sessionKey carries the colon-namespaced lane for run serialisation.
- HttpDispatcher (POST /w2a/ingest, HMAC + X-Request-ID dedup) and the
  IsolatedRunner skeleton are wired so out-of-process sensors can come
  online without re-architecting the plugin.
- Skill-routing default is the dedicated W2A agent's
  agents.list[].skills allowlist; prompt-prefix `Use skill: <id>` is the
  M1 fallback when no allowlist is configured.

Tests: 9 vitest cases covering manifest read/write, dispatcher
serialisation + prompt-prefix fallback, HttpDispatcher HMAC/dedup,
contextInjection startup throw, and synchronous register.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>