#10441: webchat: switch file uploads to HTTP /uploads

## Summary Switch webchat file uploads from WS payloads to HTTP `/uploads`, then send uploaded file paths in `chat.send`. This avoids WS frame-size failures for common document attachments and keeps image attachments behavior intact. ## Changes - Added HTTP upload request resolving in UI gateway client. - Chat upload now uses `POST /uploads` with auth + `X-File-Name`. - `chat.send` now accepts uploaded file references and carries file metadata. - Added `/uploads` HTTP handler wiring on gateway server. - Kept `uploads.upload` RPC compatibility path. - Fixed async multi-file attachment race in chat view. - Included related auth/type/runtime wiring and usage/session fixes from this patch set. ## Validation ### Tests ✅ **Unit tests passing:** ```bash pnpm exec vitest run src/gateway/server-methods/usage.test.ts src/gateway/uploads/http-handler.test.ts # ✓ 8 tests passed pnpm --dir ui exec vitest run src/ui/views/chat.test.ts --config vitest.config.ts # ✓ 2 tests passed ✅ Code quality checks: pnpm build # ✓ Build successful pnpm oxlint --type-aware # ✓ 0 errors, 0 warnings pnpm oxfmt --check # ✓ All files formatted correctly ⚠️ Full test suite: 151 tests total, 149 passed, 2 failed - Failed tests: src/ui/navigation.test.ts (icon tests) - Not related to this PR - no navigation/icon files modified - Pre-existing test issue (expects emoji, receives icon name) Manual smoke testing ✅ HTTP upload returns ok + path ✅ chat.send with uploaded path starts successfully ✅ agent.wait returns status: ok ✅ Large document attachments (>1MB) upload without WS frame errors ✅ Image attachments continue to work as expected Testing notes - Tested with PDF, DOCX, and image files - Verified auth token handling in HTTP upload flow - Confirmed backward compatibility with existing uploads.upload RPC method - Validated multi-file upload race condition fix Checklist - Tested locally with OpenClaw instance - Run tests: pnpm build && pnpm oxlint --type-aware && pnpm oxfmt --check && pnpm test - PR focused on single feature (HTTP upload flow) - Clear description of what & why - All relevant tests passing (navigation test failures are pre-existing) Related Fixes issues with large file uploads failing due to WebSocket frame size limits. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> - Adds a new HTTP `POST /uploads` handler in the gateway to accept raw bytes uploads with Bearer auth, persisting files under the config uploads directory. - Updates the webchat UI gateway client to resolve an upload request URL/authorization and upload non-image attachments via HTTP instead of WebSocket payloads. - Extends `chat.send` to accept uploaded file references (`path`/`id`/`size`/`fileName`) while keeping image attachments as base64. - Introduces upload storage utilities/constants and keeps a WS `uploads.upload` RPC handler for compatibility. - Adds/adjusts related runtime wiring (broadcasting, tool-event recipients) and expands usage/session endpoints/types. <h3>Confidence Score: 3/5</h3> - This PR is mergeable after addressing a few behavior/contract issues in the new upload + attachment plumbing. - Core approach (HTTP uploads + sending file refs) is sound and tests cover the new endpoint, but there are a few concrete contract mismatches: `MediaUrl(s)` are set to local paths, attachment objects can be double-counted if they include both `content` and `path`, UI upload failures are largely silent, and the HTTP upload auth path may accept credentials more broadly than intended by passing the bearer value as both token and password. - src/gateway/server-methods/chat.ts, src/gateway/uploads/http-handler.ts, ui/src/ui/controllers/chat.ts <!-- greptile_other_comments_section --> _{(2/5) Greptile learns from your feedback when you react with thumbs up/down!} <!-- /greptile_comment -->