feat(skills): add global/agent policy scope for issue #543

[srxly888-creator]

Summary

This PR completes the remaining ClawX-side scope for #543 after cron agent binding landed.

Included in this PR

1. Skill policy model and host routes

• Added persisted skill policy in settings:
  • skillPolicy.globalEnabled
  • skillPolicy.agentOverrides[agentId]
  • skillPolicyInitialized
• Added host API routes:
  • GET /api/skills/policy
  • PUT /api/skills/policy/global
  • PUT /api/skills/policy/agents/:agentId
• Added effective-skill computation helper and legacy migration bootstrap from old enabledSkills/disabledSkills fields.

2. Skills UI scope controls

• Added scope switch on Skills page:
  • Global
  • Agent (with agent selector)
• Added effective/override badges per skill when in Agent scope.
• Scope-aware toggles and batch operations:
  • Global scope updates runtime (skills.update) + policy baseline.
  • Agent scope updates policy overrides only.
• Added runtime warning in Agent scope to clarify that enforcement depends on OpenClaw runtime support.

3. i18n + docs

• Added new i18n keys for en/zh/ja skills scope UX.
• Updated README (README.md, README.zh-CN.md, README.ja-JP.md) with scope capability notes.

4. Tests

• Added tests/unit/skill-policy.test.ts for:
  • legacy migration behavior,
  • effective-skill computation,
  • override normalization and cleanup.

5. Cleanup

• Removed tracked macOS ._* metadata noise files in repo paths touched by this work.

Why

This keeps ClawX aligned with #543 by providing:

• explicit policy data model,
• policy editing UX (Global + Agent),
• visible effective state.

Runtime semantic guarantees are tracked upstream in OpenClaw:

• Runtime contract for cron agentId + delivery(channel/to) semantics openclaw/openclaw#48750
• Runtime support for global skills + agent override (effective skill resolution) openclaw/openclaw#48752

Validation

• pnpm run typecheck ✅
• pnpm run lint ✅ (existing unrelated warning in electron/api/routes/providers.ts)
• pnpm test -- tests/unit/skill-policy.test.ts tests/unit/skills-errors.test.ts ✅

Notes

• This PR intentionally keeps runtime-dependent behavior explicit in UI (warning) instead of silently assuming upstream support.

[srxly888-creator]

Follow-up for #543 tracking:

I re-verified the current branch (codex/evaluate-binding-codex-skills-to) after the latest updates.

Validation run:

• pnpm run typecheck ✅
• pnpm test -- tests/unit/skill-policy.test.ts tests/unit/skills-errors.test.ts ✅
• full pnpm test suite also passes in this environment (44 files / 233 tests)

No new review comments are currently pending on this PR thread.

If maintainers want stricter runtime parity checks, I can add an explicit UI warning snapshot/assert around "policy persisted but runtime may not enforce yet".

[vcfgv]

Thanks for the implementation work on #543 and for the detailed write-up.

Could you share a quick demo of the new behavior, ideally a GIF (or short video), covering:

• Skills page scope switch (Global / Agent)
• Agent-specific override behavior in the UI
• Cron “Run as Agent” flow (create/edit)

Also, please include functional validation results (test steps + outcomes), for example:

• Global enabled + agent disabled
• Global disabled + agent enabled
• Cron job create/edit with agentId
• Backward-compatibility/migration behavior for existing users

A visual walkthrough plus verification notes would make review much easier.

[ashione]

Thanks for the implementation work on #543 and for the detailed write-up.

Could you share a quick demo of the new behavior, ideally a GIF (or short video), covering:

• Skills page scope switch (Global / Agent)
• Agent-specific override behavior in the UI
• Cron “Run as Agent” flow (create/edit)

Also, please include functional validation results (test steps + outcomes), for example:

• Global enabled + agent disabled
• Global disabled + agent enabled
• Cron job create/edit with agentId
• Backward-compatibility/migration behavior for existing users

A visual walkthrough plus verification notes would make review much easier.

wooo, it looks like an amazing function that's tooooo complicated to make all of users understanding how to use..