fix: revert OpenClaw pin to v2026.5.27 (restore SSO) + CIG model pref…

…ix strip

- Reverted OPENCLAW_VERSION v2026.6.8 → v2026.5.27 (SSO regression)
- CIG: strip provider prefix from model name (unconditional normalization)
- update.checkOnStart=false suppresses update banner on Docker containers

SOP-001: Grok Perfect (2 iter), Claude Opus 4.8 Pass, PII clean, 32/32 remotes.

fix: bump OpenClaw v2026.6.8, disable update banner, strip CIG model …

…prefix

- Dockerfile: OPENCLAW_VERSION v2026.5.27 → v2026.6.8
- openclaw-default.json: update.checkOnStart=false (containers can't self-update)
- cig-inference: strip provider prefix from model name before tier check
  Fixes 'assistant turn failed before producing content' on first chat load

SOP-001 pipeline: Stage 2 Grok (2 iterations → Perfect), Stage 4 Claude Opus 4.8 (Pass, 0 blocking), PII clean, 32/32 remotes synced.

feat(sso): session bridge for single sign-in (v2026.6.18.1803)

- POST /auth/handoff route in auth-proxy (HS256 JWT → session cookie)
- generate-handoff-token Supabase Edge Function (90s TTL, JTI, dedup)
- consume-handoff-token Supabase Edge Function (atomic single-use)
- handoff_tokens migration with unique partial index
- provision-buffer + deploy-agent pass HANDOFF_SIGNING_SECRET + CONSUME_HANDOFF_URL
- Grok 4.20: 3 iterations → Excellent (all blocking fixed)
- Claude Opus 4.6 cross-model audit: Excellent (timing-safe compare added)
- PII scan: clean
- Existing tests: no regressions

Tiered installer + Docker optimized + Signal troubleshooting

Features:
- Tiered installer with minimal/standard/full tiers
- Component libraries for modular installation
- Docker-optimized Dockerfile for containers
- Signal troubleshooting documentation

Dependencies verified:
- Node.js 24.x LTS (Krypton)
- signal-cli >=0.14.5
- Gemma 4 12B (standard) / 26B (full)
- GitHub CLI, Brave, ffmpeg, Whisper

Grok 4.20 audit: Excellent

v2026.6.11.1923 — login branding + auth-proxy subscription gate

Stable 2.0 — CIG URL fix, login page, buffer pool working. Tag before…

… Phase 1-3 upgrade cycle.

Release v2026.6.10.2035 — CIG URL path fix

Release v2026.6.8.0050 — CIG (Central Inference Gateway)

Server-side key management for InstallOpenClaw.xyz containers.
Removes shared Morpheus API key from user containers.
Grok 4.20 audit: APPROVED (92-94/100 across all components).

EverClaw v2026.5.28.1854 — OpenClaw pin v2026.5.22 → v2026.5.27

EverClaw v2026.5.24.0400 — OpenClaw pin v2026.5.12 → v2026.5.22