@analyticscli/growth-engineer 0.1.0-preview.14 → 0.1.0-preview.18

package/dist/runtime/openclaw-growth-wizard.mjs

@@ -7,17 +7,51 @@ import { createInterface } from 'node:readline/promises';
 import { emitKeypressEvents } from 'node:readline';
 import { createPrivateKey } from 'node:crypto';
 import { fileURLToPath } from 'node:url';
-import { buildGrowthRunnerCommand, buildOpenClawGrowthSystemEvent, deriveSchedulerProofPathFromStatePath, deriveStatePathFromConfigPath, buildExtraSourceConfig, getAutomationConfig, getDefaultSourceCommand, } from './openclaw-growth-shared.mjs';
+import { buildOpenClawCronAddCommand, buildHermesCronCreateCommand, buildGrowthRunnerCommand, deriveSchedulerProofPathFromStatePath, deriveStatePathFromConfigPath, buildExtraSourceConfig, getAutomationConfig, getDefaultSourceCommand, getDefaultSourcePath, inspectHermesCronInstall, inspectOpenClawCronInstall, } from './openclaw-growth-shared.mjs';
 import { loadOpenClawGrowthSecrets } from './openclaw-growth-env.mjs';
 const DEFAULT_CONFIG_PATH = 'data/openclaw-growth-engineer/config.json';
 const SELF_UPDATE_INTERVAL_MS = 24 * 60 * 60 * 1000;
 const ENABLE_ISOLATED_SECRET_RUNNER_WIZARD = false;
-const DEFAULT_GROWTH_INTERVAL_MINUTES = 1440;
+const DEFAULT_GROWTH_INTERVAL_MINUTES = 90;
 const DEFAULT_CONNECTOR_HEALTH_INTERVAL_MINUTES = 360;
 const DEFAULT_SCHEDULER_PROOF_PATH = 'data/openclaw-growth-engineer/runtime/scheduler-proof.jsonl';
 const GROWTH_ENGINEER_PACKAGE_SPEC = process.env.OPENCLAW_GROWTH_ENGINEER_PACKAGE || '@analyticscli/growth-engineer@preview';
 const RUNTIME_DIR = path.dirname(fileURLToPath(import.meta.url));
-const CONNECTOR_KEYS = ['analytics', 'github', 'revenuecat', 'sentry', 'asc'];
+const ACCOUNT_SIGNAL_CONNECTOR_KEYS = [
+    'stripe',
+    'lemonsqueezy',
+    'adapty',
+    'superwall',
+    'google-play',
+    'datadog',
+    'bugsnag',
+    'intercom',
+    'zendesk',
+    'apple-search-ads',
+    'google-ads',
+    'meta-ads',
+    'tiktok-ads',
+    'vercel',
+    'cloudflare',
+    'resend',
+    'customerio',
+    'mailchimp',
+    'appfollow',
+    'apptweak',
+    'linear',
+    'postiz',
+];
+const CONNECTOR_KEYS = [
+    'analytics',
+    'github',
+    'revenuecat',
+    'paddle',
+    'seo',
+    'sentry',
+    'coolify',
+    'asc',
+    ...ACCOUNT_SIGNAL_CONNECTOR_KEYS,
+];
 class WizardAbortError extends Error {
     exitCode;
     constructor(message, exitCode = 130) {
@@ -45,69 +79,640 @@ const CONNECTOR_DEFINITIONS = [
         summary: 'Read subscription, product, entitlement, and revenue context.',
         needs: 'A RevenueCat v2 secret API key with read-only project permissions.',
     },
+    {
+        key: 'paddle',
+        label: 'Paddle Billing metrics',
+        summary: 'Read web checkout, revenue, MRR, refunds, chargebacks, and active subscriber metrics.',
+        needs: 'A Paddle API key with metrics.read permission for the live account.',
+    },
+    {
+        key: 'seo',
+        label: 'SEO / GSC / DataForSEO',
+        summary: 'Read organic search demand, GSC clicks/impressions/CTR/position, and optional capped DataForSEO keyword ideas.',
+        needs: 'A GSC property plus an access token/service-account credential. DataForSEO credentials are optional and paid.',
+    },
     {
         key: 'sentry',
         label: 'Sentry-compatible crash monitoring',
         summary: 'Read unresolved crashes, regressions, affected users, releases, and production stability signals.',
         needs: 'A Sentry or GlitchTip-compatible auth token plus the org slug. Project scope is inferred later from app context or config.',
     },
+    {
+        key: 'coolify',
+        label: 'Coolify deployment monitoring',
+        summary: 'Read applications, deployments, servers, resources, and production health-check gaps.',
+        needs: 'A Coolify API token with read-only permissions from Keys & Tokens / API tokens.',
+    },
     {
         key: 'asc',
         label: 'ASC / App Store Connect CLI',
         summary: 'Read App Store analytics, reviews/ratings, builds/TestFlight/release context, subscriptions, purchases, and crash totals.',
         needs: 'ASC_KEY_ID, ASC_ISSUER_ID, and the AuthKey_XXXX.p8 content or path.',
     },
+    {
+        key: 'stripe',
+        label: 'Stripe billing and checkout',
+        summary: 'Read web payments, subscriptions, trials, invoices, refunds, disputes, coupons, and checkout conversion context.',
+        needs: 'An account-level Stripe restricted key or secret key with read access to customers, subscriptions, invoices, balance, charges, disputes, prices, products, coupons, and checkout sessions.',
+    },
+    {
+        key: 'lemonsqueezy',
+        label: 'Lemon Squeezy sales and licensing',
+        summary: 'Read stores, products, variants, orders, subscriptions, discounts, license keys, and churn/revenue context.',
+        needs: 'A live-mode Lemon Squeezy API key from account settings.',
+    },
+    {
+        key: 'adapty',
+        label: 'Adapty subscriptions and paywalls',
+        summary: 'Read mobile subscription, paywall, product, profile, attribution, and revenue signals across Adapty apps.',
+        needs: 'An Adapty server-side API key from dashboard app settings. App/project scope is left unpinned.',
+    },
+    {
+        key: 'superwall',
+        label: 'Superwall paywall experiments',
+        summary: 'Read paywalls, products, placements/campaigns, experiments, subscription outcomes, and conversion evidence.',
+        needs: 'A Superwall organization API key with read scopes.',
+    },
+    {
+        key: 'google-play',
+        label: 'Google Play Console',
+        summary: 'Read Android store, release, review, subscription, in-app purchase, and order signals across accessible apps.',
+        needs: 'A Play Console service account JSON credential with account-level read/reporting access.',
+    },
+    {
+        key: 'datadog',
+        label: 'Datadog observability',
+        summary: 'Read RUM, logs, errors, APM, monitors, incidents, deployment, and reliability signals.',
+        needs: 'Datadog API and application keys plus the Datadog site.',
+    },
+    {
+        key: 'bugsnag',
+        label: 'Bugsnag crash monitoring',
+        summary: 'Read error, release, session, stability, and affected-user signals across visible projects.',
+        needs: 'A Bugsnag data-access auth token with read access.',
+    },
+    {
+        key: 'intercom',
+        label: 'Intercom support and feedback',
+        summary: 'Read conversations, tickets, contacts, companies, support themes, and onboarding friction signals.',
+        needs: 'An Intercom private app access token for the workspace.',
+    },
+    {
+        key: 'zendesk',
+        label: 'Zendesk support and feedback',
+        summary: 'Read support tickets, tags, CSAT, customer friction, cancellation themes, and help-center signals.',
+        needs: 'Zendesk subdomain, agent/admin email, and API token or OAuth token.',
+    },
+    {
+        key: 'apple-search-ads',
+        label: 'Apple Search Ads (experimental)',
+        summary: 'Read iOS paid search campaigns, spend, installs, taps, CPT/CPA, keywords, and campaign quality signals.',
+        needs: 'Apple Ads OAuth client credentials or a current access/refresh token with account-level reporting access.',
+        experimental: true,
+    },
+    {
+        key: 'google-ads',
+        label: 'Google Ads (experimental)',
+        summary: 'Read paid search/app campaign spend, clicks, conversions, CAC, ROAS, and landing-page/ad-group signals.',
+        needs: 'Google Ads developer token plus OAuth client/refresh token credentials with account-wide read access.',
+        experimental: true,
+    },
+    {
+        key: 'meta-ads',
+        label: 'Meta Ads (experimental)',
+        summary: 'Read Facebook/Instagram campaign, ad set, creative, spend, conversion, CAC, and ROAS signals.',
+        needs: 'A Meta access token with Marketing API read permissions for the ad accounts you want analyzed.',
+        experimental: true,
+    },
+    {
+        key: 'tiktok-ads',
+        label: 'TikTok Ads (experimental)',
+        summary: 'Read TikTok campaign, ad group, creative, spend, conversion, CAC, and ROAS signals.',
+        needs: 'TikTok Business API app credentials and access token with advertiser reporting access.',
+        experimental: true,
+    },
+    {
+        key: 'vercel',
+        label: 'Vercel deployments (experimental)',
+        summary: 'Read projects, deployments, build failures, domains, environment health, and frontend reliability signals.',
+        needs: 'A Vercel access token with read access across the team/account.',
+        experimental: true,
+    },
+    {
+        key: 'cloudflare',
+        label: 'Cloudflare traffic and edge (experimental)',
+        summary: 'Read zones/accounts, traffic, cache, Workers/Pages, WAF/security, DNS, and edge reliability signals.',
+        needs: 'A Cloudflare API token with account/zone read scopes for analytics, Workers/Pages, DNS, and security events as needed.',
+        experimental: true,
+    },
+    {
+        key: 'resend',
+        label: 'Resend lifecycle email (experimental)',
+        summary: 'Read domains, broadcasts, transactional email volume, bounces, complaints, and deliverability signals.',
+        needs: 'A Resend API key with account-wide read access where available.',
+        experimental: true,
+    },
+    {
+        key: 'customerio',
+        label: 'Customer.io lifecycle messaging (experimental)',
+        summary: 'Read campaigns, broadcasts, journeys, segments, deliveries, conversions, and lifecycle engagement signals.',
+        needs: 'Customer.io App API credentials for the workspace.',
+        experimental: true,
+    },
+    {
+        key: 'mailchimp',
+        label: 'Mailchimp lifecycle email (experimental)',
+        summary: 'Read audiences, campaigns, automations, ecommerce, unsubscribes, bounces, and lifecycle performance signals.',
+        needs: 'A Mailchimp Marketing API key for the account.',
+        experimental: true,
+    },
+    {
+        key: 'appfollow',
+        label: 'AppFollow reviews and ASO (experimental)',
+        summary: 'Read app reviews, ratings, semantic review themes, ASO positions, and competitor/app collection signals.',
+        needs: 'An AppFollow API token from the API Dashboard with account/app collection read access.',
+        experimental: true,
+    },
+    {
+        key: 'apptweak',
+        label: 'AppTweak ASO intelligence (experimental)',
+        summary: 'Read keyword rankings, ASO metadata, competitor movement, category ranks, and store visibility signals.',
+        needs: 'An AppTweak API token from an account with API access.',
+        experimental: true,
+    },
+    {
+        key: 'linear',
+        label: 'Linear planning context (experimental)',
+        summary: 'Read teams, projects, issues, cycles, labels, roadmap context, and delivery bottleneck signals.',
+        needs: 'A Linear personal API key or OAuth access token with read access across the workspace.',
+        experimental: true,
+    },
+    {
+        key: 'postiz',
+        label: 'Postiz social publishing (experimental)',
+        summary: 'Read social integrations, scheduled/published posts, platform analytics, posting cadence, and content distribution signals.',
+        needs: 'A Postiz Public API key from Settings -> Developers -> Public API. Self-hosted installs can also set a custom API base URL.',
+        experimental: true,
+    },
 ];
+const ACCOUNT_SIGNAL_CONNECTOR_DEFINITIONS = [
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'stripe'),
+        key: 'stripe',
+        service: 'stripe',
+        docsUrl: 'https://docs.stripe.com/keys',
+        sourceKind: 'revenue',
+        signalHint: 'Stripe account summary with payments, subscriptions, trials, invoices, refunds, disputes, coupons, checkout sessions, product/price changes, and churn/revenue deltas. Do not pin a single product or price unless the agent explicitly narrows a later run.',
+        steps: [
+            'Open Stripe Dashboard -> Developers -> API keys.',
+            'Create a restricted key for OpenClaw/Growth Engineer, or use a standard secret key only when restricted keys are not practical.',
+            'Prefer live-mode read permissions for Customers, Subscriptions, Invoices, Charges, Balance, Disputes, Prices, Products, Coupons, Promotion Codes, and Checkout Sessions.',
+            'Do not select a single product, price, or connected account in the wizard. Account-wide access lets the agent discover the relevant products later.',
+            'Copy the key once and paste it into this local terminal.',
+        ],
+        credentials: [{ env: 'STRIPE_API_KEY', prompt: 'Paste STRIPE_API_KEY into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'lemonsqueezy'),
+        key: 'lemonsqueezy',
+        service: 'lemonsqueezy',
+        docsUrl: 'https://docs.lemonsqueezy.com/guides/developer-guide/getting-started',
+        sourceKind: 'revenue',
+        signalHint: 'Lemon Squeezy account summary with stores, products, variants, orders, subscriptions, discounts, license keys, refunds, and revenue/churn movement. Keep store/product filtering out of setup so the agent can inspect all accessible stores.',
+        steps: [
+            'Open Lemon Squeezy Dashboard -> Settings -> API.',
+            'Create a new API key in live mode for production revenue evidence.',
+            'Keep the key private and store it only in this local wizard.',
+            'Do not enter a store ID or product ID here; the agent should discover accessible stores from the account.',
+            'Copy the key and paste it below.',
+        ],
+        credentials: [{ env: 'LEMON_SQUEEZY_API_KEY', prompt: 'Paste LEMON_SQUEEZY_API_KEY into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'adapty'),
+        key: 'adapty',
+        service: 'adapty',
+        docsUrl: 'https://adapty.io/docs/api-adapty',
+        sourceKind: 'revenue',
+        signalHint: 'Adapty summary with apps, paywalls, placements, products, profiles, access levels, subscriptions, attribution, conversion, renewals, cancellations, and revenue signals. Leave app scope unpinned.',
+        steps: [
+            'Open Adapty Dashboard.',
+            'Go to App Settings -> General -> API keys.',
+            'Copy the server-side API key for read access.',
+            'Do not paste an app ID, product ID, or paywall ID here; the agent can discover visible apps/paywalls later.',
+            'Paste the API key into this local terminal.',
+        ],
+        credentials: [{ env: 'ADAPTY_API_KEY', prompt: 'Paste ADAPTY_API_KEY into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'superwall'),
+        key: 'superwall',
+        service: 'superwall',
+        docsUrl: 'https://api.superwall.com/docs',
+        sourceKind: 'revenue',
+        signalHint: 'Superwall organization summary with paywalls, placements, campaigns, products, experiments, subscription outcomes, conversion movement, and pricing/package signals. Keep project/paywall scope discoverable.',
+        steps: [
+            'Open Superwall dashboard.',
+            'Create or copy an organization API key with read scopes.',
+            'Use organization-wide access so OpenClaw/Hermes can inspect all relevant paywalls and experiments.',
+            'Do not enter a paywall, campaign, placement, or product ID in setup.',
+            'Paste the organization API key below.',
+        ],
+        credentials: [{ env: 'SUPERWALL_API_KEY', prompt: 'Paste SUPERWALL_API_KEY into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'google-play'),
+        key: 'google-play',
+        service: 'google-play',
+        docsUrl: 'https://developer.android.com/google/play/developer-api',
+        sourceKind: 'store',
+        signalHint: 'Google Play account summary with accessible apps, releases, reviews, ratings, Android vitals, subscriptions, in-app products, orders, cancellation reasons, and store/acquisition signals. Do not pin package names during setup.',
+        steps: [
+            'Open Play Console -> Setup -> API access.',
+            'Link or create a Google Cloud project and service account if needed.',
+            'Grant read/reporting permissions that cover the apps you want analyzed, including financial/order data only when revenue analysis is desired.',
+            'Save the service-account JSON on this host or paste the JSON into a secret env outside chat.',
+            'Do not enter a package name in this wizard; accessible apps are discovered from the account.',
+        ],
+        credentials: [
+            {
+                env: 'GOOGLE_PLAY_SERVICE_ACCOUNT_JSON',
+                prompt: 'Paste GOOGLE_PLAY_SERVICE_ACCOUNT_JSON path or JSON content into this local terminal',
+            },
+        ],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'datadog'),
+        key: 'datadog',
+        service: 'datadog',
+        docsUrl: 'https://docs.datadoghq.com/account_management/api-app-keys/',
+        sourceKind: 'crash',
+        signalHint: 'Datadog account summary with RUM, logs, errors, APM, monitors, incidents, deploy markers, performance regressions, and affected-user reliability signals. Do not pin services during setup.',
+        steps: [
+            'Open Datadog -> Organization Settings -> API Keys and Application Keys.',
+            'Create an API key and an application key with read scopes for RUM/logs/APM/monitors/incidents as needed.',
+            'Choose the Datadog site for your account, for example datadoghq.com or datadoghq.eu.',
+            'Do not enter service names, env names, or monitor IDs here; the agent can discover them later.',
+            'Paste the keys below.',
+        ],
+        credentials: [
+            { env: 'DATADOG_API_KEY', prompt: 'Paste DATADOG_API_KEY into this local terminal' },
+            { env: 'DATADOG_APP_KEY', prompt: 'Paste DATADOG_APP_KEY into this local terminal' },
+            { env: 'DATADOG_SITE', prompt: 'Datadog site', optional: true, defaultValue: process.env.DATADOG_SITE || 'datadoghq.com' },
+        ],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'bugsnag'),
+        key: 'bugsnag',
+        service: 'bugsnag',
+        docsUrl: 'https://docs.bugsnag.com/api/',
+        sourceKind: 'crash',
+        signalHint: 'Bugsnag account summary with organizations, projects, errors, releases, stability score, sessions, affected users, and crash/regression signals. Project scope stays discoverable.',
+        steps: [
+            'Open Bugsnag settings and create or copy a data-access auth token.',
+            'Grant read access for organizations/projects you want analyzed.',
+            'Do not enter a project ID in this wizard.',
+            'Paste the token below.',
+        ],
+        credentials: [{ env: 'BUGSNAG_AUTH_TOKEN', prompt: 'Paste BUGSNAG_AUTH_TOKEN into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'intercom'),
+        key: 'intercom',
+        service: 'intercom',
+        docsUrl: 'https://developers.intercom.com/building-apps/docs/authentication',
+        sourceKind: 'feedback',
+        signalHint: 'Intercom workspace summary with conversations, tickets, contacts, companies, tags, support themes, onboarding friction, cancellation language, and customer feedback loops.',
+        steps: [
+            'Open Intercom Developer Hub and create or open a private app for your own workspace.',
+            'Go to Configure -> Authentication.',
+            'Copy the access token for that workspace.',
+            'Do not enter workspace-specific filters, tags, or inbox IDs here; the agent can discover relevant support surfaces later.',
+            'Paste the token below.',
+        ],
+        credentials: [{ env: 'INTERCOM_ACCESS_TOKEN', prompt: 'Paste INTERCOM_ACCESS_TOKEN into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'zendesk'),
+        key: 'zendesk',
+        service: 'zendesk',
+        docsUrl: 'https://developer.zendesk.com/api-reference/introduction/security-and-auth/',
+        sourceKind: 'feedback',
+        signalHint: 'Zendesk account summary with tickets, tags, views, CSAT, help-center signals, support themes, cancellation/friction language, and customer feedback loops.',
+        steps: [
+            'Open Zendesk Admin Center -> Apps and integrations -> APIs -> Zendesk API.',
+            'Create or copy an API token, or use an OAuth token if that is your workspace standard.',
+            'Use the account subdomain and an agent/admin email that can read support data.',
+            'Do not enter view IDs, brand IDs, product IDs, or ticket tags in setup.',
+            'Paste the account credentials below.',
+        ],
+        credentials: [
+            { env: 'ZENDESK_SUBDOMAIN', prompt: 'Zendesk subdomain, for example mycompany', defaultValue: process.env.ZENDESK_SUBDOMAIN || '' },
+            { env: 'ZENDESK_EMAIL', prompt: 'Zendesk agent/admin email', defaultValue: process.env.ZENDESK_EMAIL || '' },
+            { env: 'ZENDESK_API_TOKEN', prompt: 'Paste ZENDESK_API_TOKEN into this local terminal' },
+        ],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'apple-search-ads'),
+        key: 'apple-search-ads',
+        service: 'apple-search-ads',
+        docsUrl: 'https://developer.apple.com/documentation/apple_ads/implementing-oauth-for-the-apple-search-ads-api',
+        sourceKind: 'acquisition',
+        signalHint: 'Experimental Apple Search Ads account summary with organizations, campaigns, ad groups, keywords, spend, taps, installs, CPT/CPA, ROAS, and iOS paid-search acquisition quality. Keep campaign/app IDs out of setup so the agent can discover accessible accounts later.',
+        steps: [
+            'Open Apple Search Ads / Apple Ads API access for the account.',
+            'Create OAuth credentials or copy an existing refresh/access token from your server-side integration.',
+            'Use account-level reporting access for every organization you want analyzed.',
+            'Do not enter campaign IDs, ad group IDs, keyword IDs, or app IDs here.',
+            'Paste the account credentials below.',
+        ],
+        credentials: [
+            { env: 'APPLE_SEARCH_ADS_CLIENT_ID', prompt: 'Paste APPLE_SEARCH_ADS_CLIENT_ID, or leave empty if using a token only', optional: true },
+            { env: 'APPLE_SEARCH_ADS_CLIENT_SECRET', prompt: 'Paste APPLE_SEARCH_ADS_CLIENT_SECRET, or leave empty if using a token only', optional: true },
+            { env: 'APPLE_SEARCH_ADS_REFRESH_TOKEN', prompt: 'Paste APPLE_SEARCH_ADS_REFRESH_TOKEN or current access token into this local terminal' },
+        ],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'google-ads'),
+        key: 'google-ads',
+        service: 'google-ads',
+        docsUrl: 'https://developers.google.com/google-ads/api/docs/oauth/overview',
+        sourceKind: 'acquisition',
+        signalHint: 'Experimental Google Ads account summary with accessible customer accounts, campaigns, ad groups, keywords, spend, clicks, conversions, ROAS, CAC, search terms, and app/web acquisition quality. Keep customer IDs and campaign IDs discoverable.',
+        steps: [
+            'Open Google Ads API Center and Google Cloud OAuth credentials for the account.',
+            'Create or copy a developer token plus OAuth client credentials and refresh token.',
+            'Use a manager/account credential that can read every customer account you want analyzed.',
+            'Do not enter customer IDs, campaign IDs, ad group IDs, or conversion action IDs in setup.',
+            'Paste the account-wide credentials below.',
+        ],
+        credentials: [
+            { env: 'GOOGLE_ADS_DEVELOPER_TOKEN', prompt: 'Paste GOOGLE_ADS_DEVELOPER_TOKEN into this local terminal' },
+            { env: 'GOOGLE_ADS_CLIENT_ID', prompt: 'Paste GOOGLE_ADS_CLIENT_ID into this local terminal' },
+            { env: 'GOOGLE_ADS_CLIENT_SECRET', prompt: 'Paste GOOGLE_ADS_CLIENT_SECRET into this local terminal' },
+            { env: 'GOOGLE_ADS_REFRESH_TOKEN', prompt: 'Paste GOOGLE_ADS_REFRESH_TOKEN into this local terminal' },
+            { env: 'GOOGLE_ADS_LOGIN_CUSTOMER_ID', prompt: 'Optional manager login customer ID (empty = discover accessible accounts)', optional: true },
+        ],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'meta-ads'),
+        key: 'meta-ads',
+        service: 'meta-ads',
+        docsUrl: 'https://developers.facebook.com/docs/marketing-apis/',
+        sourceKind: 'acquisition',
+        signalHint: 'Experimental Meta Ads account summary with accessible ad accounts, campaigns, ad sets, creatives, spend, impressions, clicks, conversion values, CAC, ROAS, and paid social acquisition quality. Keep ad account IDs and campaign IDs discoverable.',
+        steps: [
+            'Open Meta for Developers / Business Manager for the app or system user that owns Marketing API access.',
+            'Create or copy a long-lived access token with ads_read and related read permissions approved for your business.',
+            'Use business/account-level access for all ad accounts you want analyzed.',
+            'Do not enter ad account IDs, campaign IDs, pixel IDs, or page IDs here.',
+            'Paste the access token below.',
+        ],
+        credentials: [{ env: 'META_ADS_ACCESS_TOKEN', prompt: 'Paste META_ADS_ACCESS_TOKEN into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'tiktok-ads'),
+        key: 'tiktok-ads',
+        service: 'tiktok-ads',
+        docsUrl: 'https://business-api.tiktok.com/portal/docs',
+        sourceKind: 'acquisition',
+        signalHint: 'Experimental TikTok Ads account summary with advertisers, campaigns, ad groups, creatives, spend, impressions, clicks, conversions, CAC, ROAS, and paid social acquisition quality. Keep advertiser/campaign IDs out of setup.',
+        steps: [
+            'Open TikTok Business API / Marketing API portal.',
+            'Create or copy app credentials and an access token with advertiser reporting permissions.',
+            'Use a credential that can list the advertisers you want analyzed.',
+            'Do not enter advertiser IDs, campaign IDs, ad group IDs, or creative IDs in setup.',
+            'Paste the credentials below.',
+        ],
+        credentials: [
+            { env: 'TIKTOK_ADS_ACCESS_TOKEN', prompt: 'Paste TIKTOK_ADS_ACCESS_TOKEN into this local terminal' },
+            { env: 'TIKTOK_ADS_APP_ID', prompt: 'Paste TIKTOK_ADS_APP_ID, or leave empty if token-only', optional: true },
+            { env: 'TIKTOK_ADS_SECRET', prompt: 'Paste TIKTOK_ADS_SECRET, or leave empty if token-only', optional: true },
+        ],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'vercel'),
+        key: 'vercel',
+        service: 'vercel',
+        docsUrl: 'https://vercel.com/docs/rest-api/reference/welcome',
+        sourceKind: 'infrastructure',
+        signalHint: 'Experimental Vercel account summary with projects, deployments, failed builds, domains, edge/runtime errors, environment health, web vitals where available, and release reliability. Keep project IDs/team IDs discoverable.',
+        steps: [
+            'Open Vercel Account Settings -> Tokens.',
+            'Create an access token with read access for the team/account you want analyzed.',
+            'Use team/account-level access so the agent can discover projects and deployments.',
+            'Do not enter project IDs, deployment IDs, domain names, or team IDs in setup.',
+            'Paste the token below.',
+        ],
+        credentials: [{ env: 'VERCEL_ACCESS_TOKEN', prompt: 'Paste VERCEL_ACCESS_TOKEN into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'cloudflare'),
+        key: 'cloudflare',
+        service: 'cloudflare',
+        docsUrl: 'https://developers.cloudflare.com/fundamentals/api/get-started/create-token/',
+        sourceKind: 'infrastructure',
+        signalHint: 'Experimental Cloudflare account summary with accounts, zones, Workers, Pages, DNS, traffic, cache, WAF/security events, outages, and edge reliability. Keep account/zone IDs discoverable.',
+        steps: [
+            'Open Cloudflare dashboard -> My Profile -> API Tokens.',
+            'Create a custom token with read scopes for accounts/zones, analytics, Workers/Pages, DNS, and security events as needed.',
+            'Prefer account-level read access for every zone/app the agent may analyze.',
+            'Do not enter account IDs, zone IDs, Worker names, or domain names here.',
+            'Paste the API token below.',
+        ],
+        credentials: [{ env: 'CLOUDFLARE_API_TOKEN', prompt: 'Paste CLOUDFLARE_API_TOKEN into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'resend'),
+        key: 'resend',
+        service: 'resend',
+        docsUrl: 'https://resend.com/docs/dashboard/api-keys/introduction',
+        sourceKind: 'lifecycle',
+        signalHint: 'Experimental Resend account summary with domains, broadcasts, transactional volume, bounces, complaints, delivery health, and lifecycle/email deliverability signals. Keep domain filters discoverable.',
+        steps: [
+            'Open Resend Dashboard -> API Keys.',
+            'Create an API key with the narrowest account-wide access available for reporting.',
+            'Use account-level access so the agent can inspect all relevant domains and sending streams.',
+            'Do not enter domain IDs, broadcast IDs, or audience/list IDs in setup.',
+            'Paste the key below.',
+        ],
+        credentials: [{ env: 'RESEND_API_KEY', prompt: 'Paste RESEND_API_KEY into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'customerio'),
+        key: 'customerio',
+        service: 'customerio',
+        docsUrl: 'https://docs.customer.io/accounts-and-workspaces/managing-credentials/',
+        sourceKind: 'lifecycle',
+        signalHint: 'Experimental Customer.io account summary with campaigns, broadcasts, journeys, segments, deliveries, conversions, unsubscribes, and lifecycle engagement quality. Keep workspace object IDs discoverable.',
+        steps: [
+            'Open Customer.io -> Settings -> Workspace Settings -> API and Webhook Credentials.',
+            'Create or copy App API credentials for the workspace.',
+            'Use workspace-level credentials so the agent can inspect campaigns, broadcasts, journeys, and segments.',
+            'Do not enter campaign IDs, segment IDs, newsletter IDs, or workspace-specific filters here.',
+            'Paste the credentials below.',
+        ],
+        credentials: [
+            { env: 'CUSTOMERIO_APP_API_KEY', prompt: 'Paste CUSTOMERIO_APP_API_KEY into this local terminal' },
+            { env: 'CUSTOMERIO_SITE_ID', prompt: 'Paste CUSTOMERIO_SITE_ID, or leave empty when App API key is enough', optional: true },
+        ],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'mailchimp'),
+        key: 'mailchimp',
+        service: 'mailchimp',
+        docsUrl: 'https://mailchimp.com/developer/marketing/guides/quick-start/',
+        sourceKind: 'lifecycle',
+        signalHint: 'Experimental Mailchimp account summary with audiences, campaigns, automations, ecommerce, unsubscribes, bounces, clicks, opens, and lifecycle/email performance. Keep audience and campaign IDs discoverable.',
+        steps: [
+            'Open Mailchimp -> Account & billing -> Extras -> API keys.',
+            'Create or copy a Marketing API key for the account.',
+            'Use account-level access so the agent can inspect all relevant audiences and campaigns.',
+            'Do not enter audience IDs, campaign IDs, list IDs, or store IDs in setup.',
+            'Paste the API key below.',
+        ],
+        credentials: [{ env: 'MAILCHIMP_API_KEY', prompt: 'Paste MAILCHIMP_API_KEY into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'appfollow'),
+        key: 'appfollow',
+        service: 'appfollow',
+        docsUrl: 'https://support.appfollow.io/hc/en-us/articles/4403679243409-API-Access-Methods',
+        sourceKind: 'aso',
+        signalHint: 'Experimental AppFollow account summary with app collections, reviews, ratings, semantic themes, ASO/rank signals, competitor context, and store feedback quality. Keep collection/app IDs discoverable.',
+        steps: [
+            'Open AppFollow -> Integrations -> API Dashboard.',
+            'Create or copy the API token from an Owner/Admin account.',
+            'Use account-level access for every app collection you want analyzed.',
+            'Do not enter app IDs, collection IDs, country codes, or store IDs in setup.',
+            'Paste the API token below.',
+        ],
+        credentials: [{ env: 'APPFOLLOW_API_TOKEN', prompt: 'Paste APPFOLLOW_API_TOKEN into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'apptweak'),
+        key: 'apptweak',
+        service: 'apptweak',
+        docsUrl: 'https://help.apptweak.com/en/articles/4901806-learn-more-about-apptweak-takeout-api',
+        sourceKind: 'aso',
+        signalHint: 'Experimental AppTweak account summary with keyword rankings, category ranks, metadata, ASO visibility, competitors, and store-market opportunity signals. Keep app IDs and markets discoverable.',
+        steps: [
+            'Open AppTweak account/API settings or API documentation area.',
+            'Create or copy an API token from an account with API access.',
+            'Use account-level API access for every app/market you want analyzed.',
+            'Do not enter app IDs, competitor IDs, country codes, keyword IDs, or store IDs here.',
+            'Paste the API token below.',
+        ],
+        credentials: [{ env: 'APPTWEAK_API_TOKEN', prompt: 'Paste APPTWEAK_API_TOKEN into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'linear'),
+        key: 'linear',
+        service: 'linear',
+        docsUrl: 'https://linear.app/developers',
+        sourceKind: 'planning',
+        signalHint: 'Experimental Linear workspace summary with teams, projects, cycles, issues, labels, stale work, roadmap commitments, delivery bottlenecks, and product execution context. Keep team/project IDs discoverable.',
+        steps: [
+            'Open Linear -> Settings -> API.',
+            'Create a personal API key or use an OAuth token with read access.',
+            'Use workspace-level read access so the agent can inspect all relevant teams/projects.',
+            'Do not enter team IDs, project IDs, issue IDs, labels, or cycle IDs in setup.',
+            'Paste the token below.',
+        ],
+        credentials: [{ env: 'LINEAR_API_KEY', prompt: 'Paste LINEAR_API_KEY or LINEAR_ACCESS_TOKEN into this local terminal' }],
+    },
+    {
+        ...CONNECTOR_DEFINITIONS.find((connector) => connector.key === 'postiz'),
+        key: 'postiz',
+        service: 'postiz',
+        docsUrl: 'https://docs.postiz.com/public-api',
+        sourceKind: 'acquisition',
+        signalHint: 'Experimental Postiz account summary with connected social integrations, scheduled/published posts, platform analytics, content cadence, failed/pending posts, and organic distribution signals. Keep integration IDs and channel filters discoverable.',
+        steps: [
+            'Open Postiz -> Settings -> Developers -> Public API.',
+            'Create or copy a Public API key. OAuth2 tokens are also usable for app-user flows.',
+            'For Postiz Cloud, keep the default API base URL. For self-hosted Postiz, use your backend public URL ending in /public/v1.',
+            'Do not enter integration IDs, channel IDs, platform names, post IDs, or tag filters in setup.',
+            'Paste the API credentials below.',
+        ],
+        credentials: [
+            { env: 'POSTIZ_API_KEY', prompt: 'Paste POSTIZ_API_KEY into this local terminal' },
+            {
+                env: 'POSTIZ_API_BASE_URL',
+                prompt: 'Postiz API base URL',
+                optional: true,
+                defaultValue: process.env.POSTIZ_API_BASE_URL || 'https://api.postiz.com/public/v1',
+            },
+        ],
+    },
+];
+const ACCOUNT_SIGNAL_CONNECTORS = new Map(ACCOUNT_SIGNAL_CONNECTOR_DEFINITIONS.map((definition) => [definition.key, definition]));
+function getAccountSignalConnectorDefinition(key) {
+    return ACCOUNT_SIGNAL_CONNECTORS.get(key) || null;
+}
+function isAccountSignalConnector(key) {
+    return ACCOUNT_SIGNAL_CONNECTORS.has(key);
+}
 const DEFAULT_CADENCE_PLAN = [
+    {
+        key: 'healthcheck',
+        title: '90-minute production error healthcheck',
+        intervalMinutes: 90,
+        criticalOnly: true,
+        focusAreas: ['crash', 'deployment', 'availability'],
+        sourcePriorities: ['sentry', 'glitchtip', 'coolify', 'asc_cli'],
+        objective: 'Check Sentry/GlitchTip and Coolify for production errors, failed deploys, unhealthy resources, and availability blockers across every configured app.',
+        instructions: 'For Sentry/GlitchTip app errors, compare the issue release or app version with ASC production versions first. Ignore errors that only affect TestFlight, debug, staging, unreleased, or non-production app versions. Keep the social output short and action-oriented.',
+    },
     {
         key: 'daily',
-        title: 'Daily Sentry and production guardrail',
+        title: 'Daily behavioral anomaly guardrail',
         intervalDays: 1,
         criticalOnly: true,
-        focusAreas: ['sentry_errors', 'crash', 'onboarding', 'conversion', 'paywall', 'purchase'],
-        sourcePriorities: ['sentry', 'glitchtip', 'analytics', 'revenuecat', 'asc_cli', 'feedback', 'github'],
-        objective: 'Analyze every configured project for critical production blockers: Sentry/GlitchTip errors, crashes, onboarding or purchase drop-offs, zero-conversion days, missing buyers, very low users, and other silent business anomalies.',
-        instructions: 'Compare against recent baselines across connected sources and code changes. If the finding is critical, produce the exact fix or next debugging step and prefer a GitHub issue or draft PR when GitHub write access is configured; otherwise hand off via OpenClaw chat. Avoid generic growth ideas.',
+        focusAreas: ['analytics_anomaly', 'onboarding', 'conversion', 'paywall', 'purchase', 'retention', 'revenue'],
+        sourcePriorities: ['analytics', 'revenuecat', 'paddle', 'asc_cli', 'feedback', 'github', 'sentry', 'glitchtip', 'coolify'],
+        objective: 'Detect non-Sentry product and payment anomalies that affect real users: broken login or account flows inferred from behavior, onboarding or purchase drop-offs, zero-conversion days, missing buyers, very low active users, retention cliffs, and revenue anomalies.',
+        instructions: 'Compare AnalyticsCLI, RevenueCat, Paddle, ASC, feedback, memory/state, and recent code changes against recent baselines. Use Sentry/GlitchTip/Coolify only as corroborating context; do not repeat pure crash or deployment alerts that belong to the 90-minute healthcheck.',
     },
     {
         key: 'weekly',
         title: 'Weekly executive product and growth summary',
         intervalDays: 7,
         criticalOnly: false,
-        focusAreas: ['conversion', 'paywall', 'onboarding', 'marketing', 'retention', 'stability'],
-        sourcePriorities: ['analytics', 'revenuecat', 'asc_cli', 'feedback', 'sentry', 'github'],
-        objective: 'Create an executive summary across all configured projects, connectors, recent releases, code changes, revenue, activation, retention, reviews, and production stability.',
-        instructions: 'Pick one to three high-confidence improvements with evidence, expected KPI movement, likely code/store surfaces, owner-ready next steps, and a verification plan. Create GitHub issues or draft PR proposals only when the evidence is specific enough.',
+        focusAreas: ['conversion', 'paywall', 'onboarding', 'marketing', 'retention', 'stability', 'seo'],
+        sourcePriorities: ['analytics', 'revenuecat', 'paddle', 'seo', 'asc_cli', 'feedback', 'sentry', 'coolify', 'github'],
+        objective: 'Create a deep app-by-app executive summary across all configured projects, connectors, recent releases, code changes, traffic, SEO/acquisition, revenue, activation, conversion, retention, reviews, and production stability.',
+        instructions: 'Be detailed. Group findings per app, explain why each recommendation should improve app usage, revenue, conversion, retention, or traffic, include expected KPI movement, likely code/store surfaces, owner-ready next steps, and verification plans. Generate charts when they clarify the evidence.',
     },
     {
         key: 'monthly',
         title: 'Monthly deep product, business, and code review',
         intervalDays: 30,
         criticalOnly: false,
-        focusAreas: ['conversion', 'paywall', 'retention', 'marketing', 'onboarding', 'codebase'],
-        sourcePriorities: ['analytics', 'revenuecat', 'asc_cli', 'feedback', 'sentry', 'github'],
-        objective: 'Compare all configured projects month-over-month: MRR, trial conversion, churn, acquisition quality, store conversion, retention, review themes, feature usage, crash totals, and codebase changes.',
-        instructions: 'Decide what should be built, changed, deleted, or instrumented next. Tie conclusions to connector data plus codebase evidence and explain why each recommendation should move revenue, activation, retention, stability, or acquisition quality.',
+        focusAreas: ['conversion', 'paywall', 'retention', 'marketing', 'onboarding', 'codebase', 'seo'],
+        sourcePriorities: ['analytics', 'revenuecat', 'paddle', 'seo', 'asc_cli', 'feedback', 'sentry', 'coolify', 'github'],
+        objective: 'Compare all configured projects month-over-month: MRR, trial conversion, churn, Paddle revenue/subscriber movement, SEO demand/clicks, acquisition quality, store conversion, retention, review themes, feature usage, crash totals, and codebase changes.',
+        instructions: 'Be very detailed and app-grouped. Decide what should be built, changed, deleted, priced differently, marketed differently, or instrumented next. Tie conclusions to connector data plus codebase evidence and explain why each recommendation should move revenue, conversion, retention, traffic, or acquisition quality. Generate charts when useful.',
     },
     {
         key: 'quarterly',
-        title: 'Quarterly positioning, pricing, and roadmap review',
+        title: '3-month positioning, pricing, and roadmap review',
         intervalDays: 91,
         criticalOnly: false,
         focusAreas: ['marketing', 'paywall', 'retention', 'conversion', 'onboarding'],
-        sourcePriorities: ['analytics', 'revenuecat', 'asc_cli', 'feedback', 'github', 'sentry'],
-        objective: 'Revisit positioning, pricing/packaging, onboarding architecture, roadmap assumptions, tracking quality, codebase constraints, and major funnel bets across every configured project.',
-        instructions: 'Find structural constraints and durable opportunities. Tie recommendations to cohort behavior, monetization, reviews, channel quality, and shipped changes.',
+        sourcePriorities: ['analytics', 'revenuecat', 'paddle', 'seo', 'asc_cli', 'feedback', 'github', 'sentry'],
+        objective: 'Revisit positioning, pricing/packaging, onboarding architecture, roadmap assumptions, tracking quality, codebase constraints, and major funnel bets across every configured app.',
+        instructions: 'Find structural constraints and durable opportunities, not small UI tweaks. Group the analysis by app and tie recommendations to cohort behavior, monetization, SEO demand, reviews, channel quality, and shipped changes. Include concrete roadmap, pricing, conversion, and traffic recommendations.',
     },
     {
         key: 'six_months',
         title: 'Six-month instrumentation and growth-system audit',
         intervalDays: 182,
         criticalOnly: false,
-        focusAreas: ['retention', 'conversion', 'paywall', 'marketing', 'general'],
-        sourcePriorities: ['analytics', 'revenuecat', 'asc_cli', 'feedback', 'sentry'],
-        objective: 'Audit connector coverage, SDK instrumentation, event taxonomy, data reliability, memory, growth loops, and whether product/code strategy still matches the best users across configured projects.',
-        instructions: 'Prioritize measurement fixes and system changes that make future analysis more trustworthy. Identify stale events, missing attribution, weak identity, and misleading dashboards.',
+        focusAreas: ['retention', 'conversion', 'paywall', 'marketing', 'general', 'seo'],
+        sourcePriorities: ['analytics', 'revenuecat', 'paddle', 'seo', 'asc_cli', 'feedback', 'sentry'],
+        objective: 'Audit connector coverage, SDK instrumentation, event taxonomy, data reliability, memory, growth loops, and whether product/code strategy still matches the best users across configured apps.',
+        instructions: 'Group by app. Prioritize measurement fixes and system changes that make future analysis more trustworthy, then identify the highest-leverage app/revenue/conversion/SEO/traffic improvements. Identify stale events, missing attribution, weak identity, broken feedback loops, and misleading dashboards.',
     },
     {
         key: 'yearly',
@@ -115,7 +720,7 @@ const DEFAULT_CADENCE_PLAN = [
         intervalDays: 365,
         criticalOnly: false,
         focusAreas: ['marketing', 'retention', 'paywall', 'conversion', 'general'],
-        sourcePriorities: ['analytics', 'revenuecat', 'asc_cli', 'feedback', 'sentry'],
+        sourcePriorities: ['analytics', 'revenuecat', 'paddle', 'seo', 'asc_cli', 'feedback', 'sentry'],
         objective: 'Reset strategy from evidence across every configured project: market/channel fit, monetization model, retention ceiling, product scope, and whether to double down, reposition, rebuild, or sunset major surfaces/features.',
         instructions: 'Use the full year of memory, releases, revenue, acquisition, reviews, code changes, and cohort behavior. Produce strategic experiments and stop-doing decisions.',
     },
@@ -159,13 +764,27 @@ function isTruthyEnv(value) {
 function isFalseyEnv(value) {
     return ['0', 'false', 'no', 'n', 'off'].includes(String(value || '').trim().toLowerCase());
 }
+function resolveDefaultConfigPath() {
+    const explicit = String(process.env.OPENCLAW_GROWTH_CONFIG_PATH || '').trim();
+    if (explicit)
+        return explicit;
+    const homeConfigPath = process.env.HOME ? path.join(process.env.HOME, 'data/openclaw-growth-engineer/config.json') : '';
+    const homeStatePath = process.env.HOME ? path.join(process.env.HOME, 'data/openclaw-growth-engineer/state.json') : '';
+    if (homeConfigPath && existsSync(homeConfigPath) && existsSync(homeStatePath))
+        return homeConfigPath;
+    if (!existsSync(DEFAULT_CONFIG_PATH) && homeConfigPath && existsSync(homeConfigPath))
+        return homeConfigPath;
+    return DEFAULT_CONFIG_PATH;
+}
 function parseArgs(argv) {
+    const defaultConfigPath = resolveDefaultConfigPath();
     const args = {
-        config: DEFAULT_CONFIG_PATH,
+        config: defaultConfigPath,
         connectorWizard: false,
         connectors: '',
         noSelfUpdate: false,
-        out: DEFAULT_CONFIG_PATH,
+        out: defaultConfigPath,
+        sandboxSmoke: false,
     };
     for (let i = 0; i < argv.length; i += 1) {
         const token = argv[i];
@@ -193,6 +812,10 @@ function parseArgs(argv) {
         else if (token === '--no-self-update') {
             args.noSelfUpdate = true;
         }
+        else if (token === '--sandbox-smoke') {
+            args.sandboxSmoke = true;
+            args.noSelfUpdate = true;
+        }
         else if (token === '--help' || token === '-h') {
             printHelpAndExit(0);
         }
@@ -210,10 +833,14 @@ function printHelpAndExit(exitCode, reason = null) {
 OpenClaw Growth Setup Wizard
 
 Usage:
-  node scripts/openclaw-growth-wizard.mjs [--out <config-path>]
-  node scripts/openclaw-growth-wizard.mjs --connectors [analytics,github,revenuecat,sentry,asc] [--config <config-path>]
+  npx -y @analyticscli/growth-engineer@preview wizard [--out <config-path>]
+  npx -y @analyticscli/growth-engineer@preview wizard --connectors [${CONNECTOR_KEYS.join(',')}]
+
+Compatibility note:
+  Existing cron/heartbeat runners may still execute generated runtime scripts, but user-facing setup and connector repair should use the npx command above.
 
 Options:
+  --config <file>    Override auto-discovered config path
   --no-self-update   Skip the ClawHub skill update check for this run
 `);
     process.exit(exitCode);
@@ -246,9 +873,18 @@ function getWizardDefaultSourceCommand(sourceName) {
     if (normalized === 'revenuecat' || normalized === 'revenue-cat') {
         return nodeRuntimeScriptCommand('export-revenuecat-summary.mjs');
     }
+    if (normalized === 'paddle') {
+        return nodeRuntimeScriptCommand('export-paddle-summary.mjs');
+    }
+    if (['seo', 'gsc', 'google-search-console', 'search-console', 'dataforseo'].includes(normalized)) {
+        return nodeRuntimeScriptCommand('export-seo-summary.mjs');
+    }
     if (normalized === 'sentry' || normalized === 'glitchtip') {
         return nodeRuntimeScriptCommand('export-sentry-summary.mjs');
     }
+    if (normalized === 'coolify') {
+        return growthEngineerPackageCommand('exporters coolify-summary');
+    }
     if (normalized === 'feedback') {
         return getDefaultSourceCommand('feedback');
     }
@@ -261,22 +897,43 @@ function replaceLegacyRuntimeScriptCommand(command) {
     const trimmed = String(command || '').trim();
     if (!trimmed)
         return trimmed;
-    return trimmed.replace(/^node\s+scripts\/(export-analytics-summary\.mjs|export-revenuecat-summary\.mjs|export-sentry-summary\.mjs|export-asc-summary\.mjs|openclaw-growth-start\.mjs|openclaw-growth-status\.mjs|openclaw-growth-runner\.mjs|openclaw-growth-preflight\.mjs)(?=\s|$)/, (_match, scriptName) => nodeRuntimeScriptCommand(scriptName));
+    return trimmed.replace(/^node\s+scripts\/(export-analytics-summary\.mjs|export-revenuecat-summary\.mjs|export-paddle-summary\.mjs|export-seo-summary\.mjs|export-sentry-summary\.mjs|export-coolify-summary\.mjs|export-asc-summary\.mjs|openclaw-growth-start\.mjs|openclaw-growth-status\.mjs|openclaw-growth-runner\.mjs|openclaw-growth-preflight\.mjs)(?=\s|$)/, (_match, scriptName) => nodeRuntimeScriptCommand(scriptName));
 }
-function normalizeWizardSourceCommand(sourceName, source) {
+function sourceCommandNeedsActiveConfig(sourceName, command) {
+    const normalized = String(sourceName || '').trim().toLowerCase();
+    const value = String(command || '').toLowerCase();
+    return (normalized === 'sentry' ||
+        normalized === 'glitchtip' ||
+        normalized === 'coolify' ||
+        value.includes('export-sentry-summary') ||
+        value.includes('export-coolify-summary') ||
+        value.includes('exporters coolify-summary'));
+}
+function withWizardConfigArg(sourceName, command, configPath) {
+    const trimmed = String(command || '').trim();
+    if (!trimmed || !configPath || !sourceCommandNeedsActiveConfig(sourceName, trimmed))
+        return trimmed;
+    return trimmed
+        .replace(/(^|\s)--config=(?:"[^"]*"|'[^']*'|\S+)/, `$1--config ${quote(configPath)}`)
+        .replace(/(^|\s)--config\s+(?:"[^"]*"|'[^']*'|\S+)/, `$1--config ${quote(configPath)}`)
+        .replace(new RegExp(`^(?!.*(?:^|\\s)--config(?:=|\\s|$))(.+)$`), `$1 --config ${quote(configPath)}`)
+        .trim();
+}
+function normalizeWizardSourceCommand(sourceName, source, configPath = null) {
     const current = replaceLegacyRuntimeScriptCommand(source?.command || '');
-    return current || getWizardDefaultSourceCommand(sourceName);
+    const command = current || getWizardDefaultSourceCommand(sourceName);
+    return withWizardConfigArg(sourceName, command, configPath);
 }
-function migrateRuntimeSourceCommands(config) {
+function migrateRuntimeSourceCommands(config, configPath = null) {
     if (!config || typeof config !== 'object')
         return config;
     const sources = config.sources && typeof config.sources === 'object' ? config.sources : {};
     const nextSources = { ...sources };
-    for (const sourceName of ['analytics', 'revenuecat', 'sentry']) {
+    for (const sourceName of ['analytics', 'revenuecat', 'paddle', 'seo', 'sentry', 'coolify']) {
         if (nextSources[sourceName]?.mode === 'command') {
             nextSources[sourceName] = {
                 ...nextSources[sourceName],
-                command: normalizeWizardSourceCommand(sourceName, nextSources[sourceName]),
+                command: normalizeWizardSourceCommand(sourceName, nextSources[sourceName], configPath),
             };
         }
     }
@@ -290,7 +947,7 @@ function migrateRuntimeSourceCommands(config) {
                 : service;
             return {
                 ...source,
-                command: normalizeWizardSourceCommand(sourceName, source),
+                command: normalizeWizardSourceCommand(sourceName, source, configPath),
             };
         });
     }
@@ -303,7 +960,7 @@ async function migrateRuntimeSourceCommandsFile(configPath) {
     const existing = await readJsonIfPresent(configPath).catch(() => null);
     if (!existing || typeof existing !== 'object')
         return null;
-    const migrated = migrateRuntimeSourceCommands(existing);
+    const migrated = migrateRuntimeSourceCommands(existing, configPath);
     if (JSON.stringify(existing.sources || {}) !== JSON.stringify(migrated.sources || {})) {
         await writeJsonFile(configPath, migrated);
     }
@@ -321,10 +978,60 @@ function normalizeConnectorKey(value) {
         return 'github';
     if (['revenuecat', 'revenue-cat', 'rc', 'revenuecat-mcp'].includes(normalized))
         return 'revenuecat';
+    if (['paddle', 'paddle-billing', 'billing-metrics', 'web-revenue'].includes(normalized))
+        return 'paddle';
+    if (['seo', 'gsc', 'google-search-console', 'search-console', 'dataforseo', 'organic-search'].includes(normalized))
+        return 'seo';
     if (['sentry', 'sentry-api', 'sentry-mcp', 'crashes', 'errors', 'crash-reporting'].includes(normalized))
         return 'sentry';
+    if (['coolify', 'coolify-api', 'deployment', 'deployments', 'hosting', 'infra', 'infrastructure'].includes(normalized))
+        return 'coolify';
     if (['asc', 'asc-cli', 'app-store-connect', 'appstoreconnect', 'app-store'].includes(normalized))
         return 'asc';
+    if (['stripe', 'stripe-billing', 'stripe-payments'].includes(normalized))
+        return 'stripe';
+    if (['lemonsqueezy', 'lemon-squeezy', 'lemon', 'ls'].includes(normalized))
+        return 'lemonsqueezy';
+    if (['adapty', 'adapty-paywalls', 'adapty-subscriptions'].includes(normalized))
+        return 'adapty';
+    if (['superwall', 'superwall-paywalls'].includes(normalized))
+        return 'superwall';
+    if (['google-play', 'google-play-console', 'play-console', 'play-store', 'android-store'].includes(normalized))
+        return 'google-play';
+    if (['datadog', 'datadog-rum', 'datadog-apm', 'datadog-logs'].includes(normalized))
+        return 'datadog';
+    if (['bugsnag', 'bugsnag-crashes'].includes(normalized))
+        return 'bugsnag';
+    if (['intercom', 'intercom-support'].includes(normalized))
+        return 'intercom';
+    if (['zendesk', 'zendesk-support'].includes(normalized))
+        return 'zendesk';
+    if (['apple-search-ads', 'apple-ads', 'asa', 'search-ads'].includes(normalized))
+        return 'apple-search-ads';
+    if (['google-ads', 'adwords'].includes(normalized))
+        return 'google-ads';
+    if (['meta-ads', 'facebook-ads', 'instagram-ads', 'fb-ads'].includes(normalized))
+        return 'meta-ads';
+    if (['tiktok-ads', 'tiktok-business', 'tiktok-business-api'].includes(normalized))
+        return 'tiktok-ads';
+    if (['vercel', 'vercel-deployments', 'vercel-hosting'].includes(normalized))
+        return 'vercel';
+    if (['cloudflare', 'cf', 'cloudflare-workers', 'cloudflare-pages'].includes(normalized))
+        return 'cloudflare';
+    if (['resend', 'resend-email'].includes(normalized))
+        return 'resend';
+    if (['customerio', 'customer-io', 'customer.io', 'cio'].includes(normalized))
+        return 'customerio';
+    if (['mailchimp', 'mailchimp-marketing'].includes(normalized))
+        return 'mailchimp';
+    if (['appfollow', 'app-follow'].includes(normalized))
+        return 'appfollow';
+    if (['apptweak', 'app-tweak'].includes(normalized))
+        return 'apptweak';
+    if (['linear', 'linear-issues', 'linear-planning'].includes(normalized))
+        return 'linear';
+    if (['postiz', 'postiz-api', 'social-publishing', 'social-scheduler'].includes(normalized))
+        return 'postiz';
     return null;
 }
 function parseConnectorList(value) {
@@ -350,13 +1057,27 @@ function isConnectorLocallyConfigured(key) {
         return Boolean(process.env.GITHUB_TOKEN?.trim());
     if (key === 'revenuecat')
         return Boolean(process.env.REVENUECAT_API_KEY?.trim());
+    if (key === 'paddle')
+        return Boolean(process.env.PADDLE_API_KEY?.trim());
+    if (key === 'seo') {
+        return Boolean(process.env.GOOGLE_SEARCH_CONSOLE_ACCESS_TOKEN?.trim() ||
+            process.env.GSC_ACCESS_TOKEN?.trim() ||
+            process.env.GOOGLE_APPLICATION_CREDENTIALS?.trim() ||
+            process.env.GSC_SERVICE_ACCOUNT_JSON?.trim());
+    }
     if (key === 'sentry')
         return Boolean(process.env.SENTRY_AUTH_TOKEN?.trim());
+    if (key === 'coolify')
+        return Boolean(process.env.COOLIFY_API_TOKEN?.trim() && process.env.COOLIFY_BASE_URL?.trim());
     if (key === 'asc') {
         return Boolean(process.env.ASC_KEY_ID?.trim() &&
             process.env.ASC_ISSUER_ID?.trim() &&
             (process.env.ASC_PRIVATE_KEY_PATH?.trim() || process.env.ASC_PRIVATE_KEY?.trim()));
     }
+    const accountConnector = getAccountSignalConnectorDefinition(key);
+    if (accountConnector) {
+        return accountConnector.credentials.some((credential) => Boolean(process.env[credential.env]?.trim()));
+    }
     return false;
 }
 function getRequiredConnectorKeys() {
@@ -709,10 +1430,19 @@ function normalizeConnectorProgressKey(key) {
         return 'github';
     if (normalized === 'revenuecat')
         return 'revenuecat';
+    if (normalized === 'paddle')
+        return 'paddle';
+    if (normalized === 'seo' || normalized === 'gsc' || normalized === 'google-search-console')
+        return 'seo';
     if (normalized === 'sentry')
         return 'sentry';
+    if (normalized === 'coolify')
+        return 'coolify';
     if (normalized === 'asc' || normalized === 'appstoreconnect' || normalized === 'app-store-connect')
         return 'asc';
+    const accountConnector = normalizeConnectorKey(normalized);
+    if (accountConnector && accountConnector !== 'all')
+        return accountConnector;
     return null;
 }
 async function withConnectorHealthLoading(taskFactory) {
@@ -880,7 +1610,10 @@ async function getConnectorPickerHealth(configPath, onProgress = () => { }) {
         analytics: connectors.analyticscli,
         github: connectors.github,
         revenuecat: connectors.revenuecat,
+        paddle: connectors.paddle,
+        seo: connectors.seo,
         sentry: connectors.sentry,
+        coolify: connectors.coolify,
         asc: connectors.appStoreConnect,
     };
     return Object.fromEntries(CONNECTOR_KEYS.map((key) => [key, getConnectorHealth(key, healthByConnector)]));
@@ -1286,9 +2019,22 @@ function summarizeFailureFix(connector, blockers) {
     if (connector === 'revenuecat') {
         return 'Paste a RevenueCat v2 secret API key with read-only project permissions, then rerun setup.';
     }
+    if (connector === 'paddle') {
+        return 'Paste a Paddle API key with metrics.read permission for the live account, then rerun setup.';
+    }
+    if (connector === 'seo') {
+        return 'Configure Search Console read access. Leave GSC_SITE_URL empty to scan all verified properties in the account, or set it only when you intentionally want one property.';
+    }
+    if (connector === 'coolify') {
+        return 'Paste a Coolify base URL and read-only API token from Keys & Tokens / API tokens, then rerun setup.';
+    }
     if (connector === 'asc') {
         return 'Rerun ASC setup and verify ASC credentials, key role access, and `asc apps list --output json`.';
     }
+    if (isAccountSignalConnector(connector)) {
+        const definition = getAccountSignalConnectorDefinition(connector);
+        return `Paste ${definition?.credentials.map((credential) => credential.env).join(' / ') || connector} in the connector wizard. Keep setup account-wide; do not add project, app, product, paywall, or service IDs unless a later run explicitly narrows scope.`;
+    }
     return blockers.find((blocker) => blocker.remediation)?.remediation || 'Fix the failing configuration and rerun setup.';
 }
 function connectorForBlocker(blocker) {
@@ -1414,10 +2160,22 @@ function connectorFromCheckName(name) {
         return 'github';
     if (value.includes('revenuecat') || value.includes('REVENUECAT'))
         return 'revenuecat';
+    if (value.includes('paddle') || value.includes('PADDLE'))
+        return 'paddle';
+    if (value.includes('seo') || value.includes('GSC') || value.includes('GOOGLE_SEARCH_CONSOLE'))
+        return 'seo';
     if (value.includes('sentry') || value.includes('SENTRY') || value.includes('GLITCHTIP'))
         return 'sentry';
+    if (value.includes('coolify') || value.includes('COOLIFY'))
+        return 'coolify';
     if (value.includes('asc') || value.includes('ASC_'))
         return 'asc';
+    for (const key of ACCOUNT_SIGNAL_CONNECTOR_KEYS) {
+        const definition = getAccountSignalConnectorDefinition(key);
+        const envMatch = definition?.credentials.some((credential) => value.includes(credential.env));
+        if (value.includes(key) || value.includes(key.toUpperCase()) || envMatch)
+            return key;
+    }
     return null;
 }
 function connectorTitle(key) {
@@ -1557,9 +2315,29 @@ function buildSetupTestProgressPlan(selected) {
     if (selectedSet.has('revenuecat')) {
         items.push({ key: 'revenuecat', label: 'RevenueCat', detail: 'waiting for API key auth + project read', status: 'pending' });
     }
+    if (selectedSet.has('paddle')) {
+        items.push({ key: 'paddle', label: 'Paddle', detail: 'waiting for metrics API auth + revenue read', status: 'pending' });
+    }
+    if (selectedSet.has('seo')) {
+        items.push({ key: 'seo', label: 'SEO / GSC', detail: 'waiting for Search Console auth or CSV/DataForSEO config', status: 'pending' });
+    }
+    if (selectedSet.has('coolify')) {
+        items.push({ key: 'coolify', label: 'Coolify', detail: 'waiting for API key auth + deployment/resource read', status: 'pending' });
+    }
     if (selectedSet.has('github')) {
         items.push({ key: 'github', label: 'GitHub', detail: 'waiting for repo/token access check', status: 'pending' });
     }
+    for (const key of ACCOUNT_SIGNAL_CONNECTOR_KEYS) {
+        if (!selectedSet.has(key))
+            continue;
+        const definition = getAccountSignalConnectorDefinition(key);
+        items.push({
+            key,
+            label: definition?.label || key,
+            detail: 'waiting for account-wide credential presence and source wiring',
+            status: 'pending',
+        });
+    }
     items.push({
         key: 'finalize',
         label: 'Finalizing result',
@@ -2218,6 +2996,8 @@ async function upsertSentryAccountsConfig(configPath, accounts) {
         : [];
     const merged = new Map();
     for (const account of existingAccounts) {
+        if (isPlaceholderSentryAccount(account))
+            continue;
         const id = String(account?.id || account?.key || account?.label || '').trim();
         if (id)
             merged.set(id, account);
@@ -2234,13 +3014,75 @@ async function upsertSentryAccountsConfig(configPath, accounts) {
             ...(config.sources?.sentry || {}),
             enabled: true,
             mode: 'command',
-            command: getWizardDefaultSourceCommand('sentry'),
+            command: normalizeWizardSourceCommand('sentry', config.sources?.sentry || {}, configPath),
             accounts: [...merged.values()],
         },
     };
     await writeJsonFile(configPath, config);
     return true;
 }
+function isPlaceholderSentryAccount(account) {
+    const baseUrl = String(account?.baseUrl || account?.base_url || account?.url || '').trim().toLowerCase();
+    const org = String(account?.org || account?.organization || '').trim().toLowerCase();
+    const projects = Array.isArray(account?.projects)
+        ? account.projects.map((project) => String(project || '').trim().toLowerCase())
+        : [];
+    return (org === 'owner-org' ||
+        baseUrl.includes('example.com') ||
+        projects.includes('ios-app') ||
+        projects.includes('backend-api') ||
+        projects.includes('web-app'));
+}
+async function verifySentryAccountsConfig(configPath, expectedAccounts) {
+    if (!(await fileExists(configPath))) {
+        return { ok: false, detail: `${configPath} does not exist` };
+    }
+    const config = await readJsonFile(configPath);
+    const source = config?.sources?.sentry;
+    if (!source || source.enabled !== true) {
+        return { ok: false, detail: 'sources.sentry.enabled is not true' };
+    }
+    if (source.mode !== 'command') {
+        return { ok: false, detail: 'sources.sentry.mode is not command' };
+    }
+    const configuredAccounts = Array.isArray(source.accounts) ? source.accounts : [];
+    const realAccounts = configuredAccounts.filter((account) => !isPlaceholderSentryAccount(account));
+    if (realAccounts.length === 0) {
+        return { ok: false, detail: 'sources.sentry.accounts contains no non-placeholder account' };
+    }
+    const configuredIds = new Set(realAccounts.map((account) => String(account?.id || account?.key || '').trim()).filter(Boolean));
+    const missingIds = expectedAccounts
+        .map((account) => String(account?.id || '').trim())
+        .filter((id) => id && !configuredIds.has(id));
+    if (missingIds.length > 0) {
+        return { ok: false, detail: `sources.sentry.accounts is missing configured account id(s): ${missingIds.join(', ')}` };
+    }
+    return { ok: true, detail: `${realAccounts.length} active Sentry-compatible account(s) configured` };
+}
+async function upsertCoolifyConfig(configPath, { baseUrl, tokenEnv = 'COOLIFY_API_TOKEN' }) {
+    if (!(await fileExists(configPath)))
+        return false;
+    const coolifyCommand = `${getWizardDefaultSourceCommand('coolify')} --config ${quote(configPath)}`;
+    const config = await readJsonFile(configPath);
+    config.sources = {
+        ...(config.sources || {}),
+        coolify: {
+            ...(config.sources?.coolify || {}),
+            enabled: true,
+            mode: 'command',
+            command: coolifyCommand,
+            baseUrl,
+            tokenEnv,
+        },
+    };
+    config.secrets = {
+        ...(config.secrets || {}),
+        coolifyTokenEnv: tokenEnv,
+        coolifyTokenRef: { source: 'env', provider: 'default', id: tokenEnv },
+    };
+    await writeJsonFile(configPath, config);
+    return true;
+}
 const ASC_PRIVATE_KEY_BEGIN = '-----BEGIN PRIVATE KEY-----';
 const ASC_PRIVATE_KEY_END = '-----END PRIVATE KEY-----';
 const BRACKETED_PASTE_START = new RegExp(`${String.fromCharCode(27)}\\[200~`, 'g');
@@ -2514,6 +3356,121 @@ async function guideRevenueCatConnector(rl, secrets) {
     if (apiKey)
         secrets.REVENUECAT_API_KEY = apiKey;
 }
+async function guidePaddleConnector(rl, secrets) {
+    printSection('Paddle Billing metrics', [
+        'Use this when OpenClaw should read web checkout, revenue, MRR, refunds, chargebacks, and active subscriber metrics.',
+    ]);
+    process.stdout.write('\nCreate or update a Paddle API key here:\n  https://vendors.paddle.com/authentication\n\n');
+    printBullets([
+        'Open Paddle > Developer Tools > Authentication.',
+        'Create a new API key for the live account when you want production revenue evidence.',
+        'Grant `metrics.read`. Keep write permissions off unless another workflow explicitly needs them.',
+        'Do not select or hard-code a single product in the wizard; the Growth Engineer should keep account-level metrics context.',
+        'Paste the key here so it is stored only in the local chmod 600 secrets file.',
+    ]);
+    const apiKey = await maybePromptSecret(rl, 'Paste PADDLE_API_KEY into this local terminal', 'PADDLE_API_KEY');
+    if (apiKey)
+        secrets.PADDLE_API_KEY = apiKey;
+}
+async function guideSeoConnector(rl, secrets) {
+    printSection('SEO / Google Search Console / DataForSEO', [
+        'Use this when OpenClaw should read organic search demand, GSC clicks/impressions/CTR/position, and optional paid keyword ideas.',
+    ]);
+    process.stdout.write('\nGoogle Search Console:\n  https://search.google.com/search-console\nGoogle Cloud service accounts:\n  https://console.cloud.google.com/iam-admin/serviceaccounts\nDataForSEO API dashboard:\n  https://app.dataforseo.com/api-dashboard\n\n');
+    printBullets([
+        'Preferred: give the token/service account access to all Search Console properties you want analyzed.',
+        'Leave the property URL empty to let the exporter list and query all verified GSC properties in the account.',
+        'Enter a property URL only when you intentionally want to restrict analysis to one site.',
+        'For OAuth token mode, paste a read-only Search Console token with `webmasters.readonly` scope.',
+        'For service-account mode, add the service account email as a restricted/full user in Search Console, then set GOOGLE_APPLICATION_CREDENTIALS or GSC_SERVICE_ACCOUNT_JSON outside this wizard.',
+        'DataForSEO is optional and paid. The exporter refuses paid calls unless the source command includes --confirm-paid and a small --max-paid-requests cap.',
+        'CSV-only mode is also supported with --gsc-csv or --csv in sources.seo.command.',
+    ]);
+    const siteUrl = await ask(rl, 'Optional GSC property URL (empty = all verified properties)', process.env.GSC_SITE_URL || '');
+    if (siteUrl.trim())
+        secrets.GSC_SITE_URL = siteUrl.trim();
+    const gscToken = await maybePromptSecret(rl, 'Paste GOOGLE_SEARCH_CONSOLE_ACCESS_TOKEN, or leave empty for service-account/all-sites/CSV mode', 'GOOGLE_SEARCH_CONSOLE_ACCESS_TOKEN');
+    if (gscToken)
+        secrets.GOOGLE_SEARCH_CONSOLE_ACCESS_TOKEN = gscToken;
+    const useDataForSeo = await askYesNo(rl, 'Also store DataForSEO credentials for optional paid keyword research?', false);
+    if (useDataForSeo) {
+        const login = await maybePromptSecret(rl, 'Paste DATAFORSEO_LOGIN into this local terminal', 'DATAFORSEO_LOGIN');
+        const password = await maybePromptSecret(rl, 'Paste DATAFORSEO_PASSWORD into this local terminal', 'DATAFORSEO_PASSWORD');
+        if (login)
+            secrets.DATAFORSEO_LOGIN = login;
+        if (password)
+            secrets.DATAFORSEO_PASSWORD = password;
+    }
+}
+function buildAccountSignalExtraSourceConfig(key, existing = {}) {
+    const definition = getAccountSignalConnectorDefinition(key);
+    if (!definition)
+        return existing;
+    return {
+        ...buildExtraSourceConfig(definition.service, {
+            key: definition.key,
+            label: definition.label,
+            enabled: true,
+            mode: 'file',
+            secretEnv: definition.credentials[0]?.env || null,
+            hint: definition.signalHint,
+        }),
+        ...existing,
+        key: definition.key,
+        label: definition.label,
+        service: definition.service,
+        enabled: true,
+        mode: existing.mode || 'file',
+        path: existing.path || getDefaultSourcePath(definition.key),
+        secretEnv: existing.secretEnv || definition.credentials[0]?.env || null,
+        accountWide: true,
+        projectScope: 'discover_from_account',
+        docsUrl: definition.docsUrl,
+        signalKind: definition.sourceKind,
+        experimental: Boolean(definition.experimental),
+        hint: existing.hint || definition.signalHint,
+    };
+}
+async function upsertAccountSignalConnectorConfig(configPath, key) {
+    const definition = getAccountSignalConnectorDefinition(key);
+    if (!definition)
+        return false;
+    const config = await loadEditableConfig(configPath);
+    const sources = config.sources && typeof config.sources === 'object' ? config.sources : {};
+    const extra = Array.isArray(sources.extra) ? sources.extra : [];
+    const nextExtra = extra.filter((source) => String(source?.key || source?.service || '') !== definition.key);
+    const existing = extra.find((source) => String(source?.key || source?.service || '') === definition.key) || {};
+    nextExtra.push(buildAccountSignalExtraSourceConfig(key, existing));
+    config.sources = {
+        ...sources,
+        extra: nextExtra,
+    };
+    await writeJsonFile(configPath, config);
+    return true;
+}
+async function guideAccountSignalConnector(rl, secrets, key) {
+    const definition = getAccountSignalConnectorDefinition(key);
+    if (!definition)
+        return;
+    printSection(definition.label, [
+        definition.summary,
+        'Setup is account-wide. Do not paste project IDs, app IDs, product IDs, package names, paywall IDs, service names, or tags here.',
+    ]);
+    process.stdout.write(`Docs: ${definition.docsUrl}\n\n`);
+    printBullets(definition.steps);
+    for (const credential of definition.credentials) {
+        const defaultValue = credential.defaultValue ?? process.env[credential.env] ?? '';
+        const value = credential.optional
+            ? await maybePromptSecret(rl, credential.prompt, credential.env)
+            : await maybePromptSecret(rl, credential.prompt, credential.env);
+        const finalValue = value || defaultValue;
+        if (finalValue)
+            secrets[credential.env] = finalValue;
+        else if (!credential.optional) {
+            process.stdout.write(`${credential.env} was not saved. ${definition.label} setup remains pending; rerun this wizard when ready.\n`);
+        }
+    }
+}
 async function guideSentryConnector(rl, secrets) {
     printSection('Sentry / GlitchTip', [
         'Paste token, org, and base URL. Projects are discovered automatically.',
@@ -2618,6 +3575,34 @@ async function guideSentryConnector(rl, secrets) {
     }
     return accounts;
 }
+function normalizeCoolifyBaseUrl(value) {
+    const raw = String(value || '').trim().replace(/\/+$/, '');
+    if (!raw)
+        return '';
+    return /^https?:\/\//i.test(raw) ? raw : `https://${raw}`;
+}
+async function guideCoolifyConnector(rl, secrets) {
+    printSection('Coolify deployment monitoring', [
+        'Use this when OpenClaw should read deployment, resource, server, and health-check signals from Coolify.',
+        'The token should be read-only. Do not use "*" or sensitive-token permissions for normal monitoring.',
+    ]);
+    const baseUrl = normalizeCoolifyBaseUrl(await ask(rl, 'Coolify base URL', process.env.COOLIFY_BASE_URL || 'https://coolify.wotaso.com'));
+    const tokenUrl = baseUrl ? `${baseUrl}/security/api-tokens` : 'https://<your-coolify-host>/security/api-tokens';
+    process.stdout.write(`\nToken page: ${tokenUrl}\n\n`);
+    printBullets([
+        'Open the Coolify dashboard.',
+        'In the sidebar, go to "Keys & Tokens".',
+        'Open "API tokens".',
+        'Create a new API key/token with read-only permissions.',
+        'Copy the token once and paste it into this local terminal.',
+    ]);
+    const token = await maybePromptSecret(rl, 'Paste COOLIFY_API_TOKEN into this local terminal', 'COOLIFY_API_TOKEN');
+    if (baseUrl)
+        secrets.COOLIFY_BASE_URL = baseUrl;
+    if (token)
+        secrets.COOLIFY_API_TOKEN = token;
+    return { baseUrl, tokenEnv: 'COOLIFY_API_TOKEN' };
+}
 async function guideAscConnector(rl, secrets) {
     printSection('App Store Connect CLI', [
         'Use this mainly for App Store analytics batch reports, plus builds, TestFlight, reviews, ratings, and store context.',
@@ -2626,11 +3611,18 @@ async function guideAscConnector(rl, secrets) {
     process.stdout.write('Create an App Store Connect API key here:\n  https://appstoreconnect.apple.com/access/integrations/api\n\n');
     process.stdout.write('Roles to choose for this key:\n');
     printBullets([
-        'Required: Sales, for App Analytics, Sales and Trends, downloads, revenue, and conversion context.',
+        'Required for first setup: Admin, because Apple only allows Admin keys to create the initial Analytics Report Request.',
+        'Required for steady-state report downloads after the request exists: Sales and Reports, Finance, or Admin.',
         'Recommended: Customer Support, for App Store ratings and review text.',
         'Recommended: Developer, for builds, TestFlight, and delivery status.',
         'Optional: App Manager, only if OpenClaw should also read or manage app metadata, pricing, or release settings.',
-        'Avoid: Admin unless a one-off App Store Connect permission requires it.',
+        'Least privilege option: run setup once with Admin, then rotate Growth Engineer to a Sales and Reports key for ongoing analytics downloads.',
+    ]);
+    process.stdout.write('\nWhy Admin is requested during setup:\n');
+    printBullets([
+        'Growth Engineer automatically creates an ongoing App Analytics report request when none exists.',
+        'Without that request, Apple will not generate Impressions, Product Page Views, App Units, Conversion Rate, and related report instances.',
+        'A non-Admin key can read existing reports, but creation fails with a forbidden response.',
     ]);
     process.stdout.write('\nAfter creating the key, copy these values into this wizard:\n');
     printBullets([
@@ -2638,6 +3630,7 @@ async function guideAscConnector(rl, secrets) {
         'Key ID from the API key row or from the downloaded file name: AuthKey_<KEY_ID>.p8.',
         'Download the .p8 file, open it, then paste the full file content into this terminal.',
         'If the .p8 is already on this host, leave the content prompt empty and paste the file path instead.',
+        'Vendor Number from App Store Connect Sales and Trends > Reports, needed for Sales and Trends/App Units reports.',
     ]);
     const keyId = await ask(rl, 'ASC_KEY_ID (leave empty to skip)', process.env.ASC_KEY_ID || '');
     const issuerId = await ask(rl, 'ASC_ISSUER_ID (leave empty to skip)', process.env.ASC_ISSUER_ID || '');
@@ -2659,6 +3652,9 @@ async function guideAscConnector(rl, secrets) {
         if (privateKeyPath.trim())
             secrets.ASC_PRIVATE_KEY_PATH = privateKeyPath.trim();
     }
+    const vendorNumber = await ask(rl, 'ASC_VENDOR_NUMBER for Sales and Trends/App Units (leave empty to skip)', process.env.ASC_VENDOR_NUMBER || process.env.ASC_ANALYTICS_VENDOR_NUMBER || '');
+    if (vendorNumber.trim())
+        secrets.ASC_VENDOR_NUMBER = vendorNumber.trim();
 }
 async function shouldRunSelfUpdate(workspaceRoot, force) {
     if (force)
@@ -2764,6 +3760,7 @@ async function runConnectorSetupSteps({ rl, args, selected, healthByConnector, a
     process.stdout.write('\n');
     const secrets = {};
     let sentryAccounts = [];
+    let coolifyConfig = null;
     if (selected.includes('analytics')) {
         let forceFreshAnalyticsToken = shouldForceFreshAnalyticsToken(healthByConnector);
         while (true) {
@@ -2808,6 +3805,34 @@ async function runConnectorSetupSteps({ rl, args, selected, healthByConnector, a
                 break;
         }
     }
+    if (selected.includes('paddle')) {
+        while (true) {
+            clearTerminal();
+            await guidePaddleConnector(rl, secrets);
+            const check = await runImmediateConnectorHealthCheck({
+                rl,
+                configPath: args.config,
+                connector: 'paddle',
+                secrets,
+            });
+            if (!check.retry)
+                break;
+        }
+    }
+    if (selected.includes('seo')) {
+        while (true) {
+            clearTerminal();
+            await guideSeoConnector(rl, secrets);
+            const check = await runImmediateConnectorHealthCheck({
+                rl,
+                configPath: args.config,
+                connector: 'seo',
+                secrets,
+            });
+            if (!check.retry)
+                break;
+        }
+    }
     if (selected.includes('sentry')) {
         while (true) {
             clearTerminal();
@@ -2823,6 +3848,23 @@ async function runConnectorSetupSteps({ rl, args, selected, healthByConnector, a
                 break;
         }
     }
+    if (selected.includes('coolify')) {
+        while (true) {
+            clearTerminal();
+            coolifyConfig = await guideCoolifyConnector(rl, secrets);
+            if (coolifyConfig?.baseUrl) {
+                await upsertCoolifyConfig(args.config, coolifyConfig);
+            }
+            const check = await runImmediateConnectorHealthCheck({
+                rl,
+                configPath: args.config,
+                connector: 'coolify',
+                secrets,
+            });
+            if (!check.retry)
+                break;
+        }
+    }
     if (selected.includes('asc')) {
         while (true) {
             clearTerminal();
@@ -2837,6 +3879,21 @@ async function runConnectorSetupSteps({ rl, args, selected, healthByConnector, a
                 break;
         }
     }
+    for (const connector of selected.filter(isAccountSignalConnector)) {
+        while (true) {
+            clearTerminal();
+            await guideAccountSignalConnector(rl, secrets, connector);
+            await upsertAccountSignalConnectorConfig(args.config, connector);
+            const check = await runImmediateConnectorHealthCheck({
+                rl,
+                configPath: args.config,
+                connector,
+                secrets,
+            });
+            if (!check.retry)
+                break;
+        }
+    }
     const secretsFile = resolveSecretsFile();
     const wroteSecrets = Object.keys(secrets).length > 0;
     clearTerminal();
@@ -2848,17 +3905,47 @@ async function runConnectorSetupSteps({ rl, args, selected, healthByConnector, a
         process.stdout.write('\nNo new secrets were written.\n');
     }
     if (sentryAccounts.length > 0 && await upsertSentryAccountsConfig(args.config, sentryAccounts)) {
-        process.stdout.write(`Configured ${sentryAccounts.length} Sentry-compatible account(s) in ${args.config}.\n`);
+        const readiness = await verifySentryAccountsConfig(args.config, sentryAccounts);
+        if (readiness.ok) {
+            process.stdout.write(`Configured ${sentryAccounts.length} Sentry-compatible account(s) in ${args.config}.\n`);
+        }
+    }
+    if (coolifyConfig?.baseUrl && await upsertCoolifyConfig(args.config, coolifyConfig)) {
+        process.stdout.write(`Configured Coolify monitoring for ${coolifyConfig.baseUrl} in ${args.config}.\n`);
     }
     const env = {
         ...process.env,
         ...secrets,
     };
-    const command = `${nodeRuntimeScriptCommand('openclaw-growth-start.mjs')} --config ${quote(args.config)} --setup-only --connectors ${quote(selected.join(','))}`;
+    const command = `${nodeRuntimeScriptCommand('openclaw-growth-start.mjs')} --config ${quote(args.config)} --setup-only --connectors ${quote(selected.join(','))} --only-connectors ${quote(selected.join(','))}`;
     let setupResult = await runSetupCommandWithProgress(command, env, selected, 'Testing connector setup...');
     let setupPayload = parseJsonFromStdout(setupResult.stdout);
+    const postSetupBlockers = [];
     if (sentryAccounts.length > 0 && await upsertSentryAccountsConfig(args.config, sentryAccounts)) {
-        process.stdout.write(`Sentry-compatible account config is up to date in ${args.config}.\n`);
+        const readiness = await verifySentryAccountsConfig(args.config, sentryAccounts);
+        if (readiness.ok) {
+            process.stdout.write(`Sentry-compatible account config is up to date in ${args.config}.\n`);
+        }
+        else {
+            postSetupBlockers.push({
+                check: 'connection:sentry',
+                detail: readiness.detail,
+                remediation: 'Rerun Sentry/GlitchTip setup so the active config persists sources.sentry.enabled=true and sources.sentry.accounts[].',
+            });
+        }
+    }
+    if (coolifyConfig?.baseUrl && await upsertCoolifyConfig(args.config, coolifyConfig)) {
+        process.stdout.write(`Coolify config is up to date in ${args.config}.\n`);
+    }
+    if (postSetupBlockers.length > 0) {
+        setupPayload = {
+            ...(setupPayload || {}),
+            ok: false,
+            blockers: [...(Array.isArray(setupPayload?.blockers) ? setupPayload.blockers : []), ...postSetupBlockers],
+        };
+        printSetupFailure({ result: { ...setupResult, ok: false, code: setupResult.code ?? 1 }, payload: setupPayload, command });
+        process.exitCode = 1;
+        return false;
     }
     if (setupResult.ok && setupPayload?.ok !== false) {
         printSetupSuccess(setupPayload);
@@ -2893,11 +3980,13 @@ async function runConnectorSetupWizard(args) {
         const existingFixes = connectorKeysNeedingAttention(healthByConnector);
         const requestedConnectors = args.connectors ? parseConnectorList(args.connectors) : [];
         const chosenConnectors = requestedConnectors.length > 0
-            ? orderConnectors([...new Set([...requestedConnectors, ...existingFixes])])
+            ? orderConnectors(requestedConnectors)
             : await askConnectorSelectionWithHealth(rl, healthByConnector, existingFixes);
-        const selected = withMissingRequiredAnalyticsConnector(chosenConnectors);
+        const selected = requestedConnectors.length > 0
+            ? orderConnectors(chosenConnectors)
+            : withMissingRequiredAnalyticsConnector(chosenConnectors);
         if (selected.length === 0) {
-            throw new Error('No supported connectors selected. Use analytics, github, revenuecat, sentry, asc, or all.');
+            throw new Error(`No supported connectors selected. Use ${CONNECTOR_KEYS.join(', ')}, or all.`);
         }
         await runConnectorSetupSteps({ rl, args, selected, healthByConnector });
     }
@@ -2959,7 +4048,7 @@ function printCadencePlan(cadences) {
     process.stdout.write('\nDefault growth cadence:\n');
     printAsciiTable(['Cadence', 'Every', 'Mode', 'Primary focus', 'What it decides'], cadences.map((cadence) => [
         cadence.key,
-        `${cadence.intervalDays}d`,
+        cadence.intervalMinutes ? `${cadence.intervalMinutes}m` : `${cadence.intervalDays}d`,
         cadence.criticalOnly ? 'critical only' : 'full review',
         Array.isArray(cadence.focusAreas) ? cadence.focusAreas.slice(0, 4).join(', ') : '',
         cadence.objective,
@@ -2990,6 +4079,30 @@ async function askToolUsage(rl) {
         ],
     });
 }
+async function askSchedulePreset(rl) {
+    return await askMenuChoice(rl, {
+        title: 'Schedule preset',
+        subtitle: 'Use Up/Down to move, Enter to continue, or press 1-3.',
+        defaultValue: 'recommended',
+        options: [
+            {
+                value: 'recommended',
+                label: 'Recommended',
+                detail: 'OpenClaw/Hermes wake every 30m; Sentry/GlitchTip/Coolify healthcheck runs every 90m; daily and larger reviews stay on cadence.',
+            },
+            {
+                value: 'quiet',
+                label: 'Quiet',
+                detail: 'OpenClaw/Hermes wake hourly; healthcheck runs every 6h; deep reviews unchanged.',
+            },
+            {
+                value: 'manual',
+                label: 'Manual',
+                detail: 'Enter runner, connector-health, cron, and cadence intervals yourself.',
+            },
+        ],
+    });
+}
 async function askCadencePlan(rl, existingCadences = []) {
     const existingByKey = new Map((Array.isArray(existingCadences) ? existingCadences : [])
         .filter((cadence) => cadence?.key)
@@ -3007,7 +4120,7 @@ async function askCadencePlan(rl, existingCadences = []) {
         options: cadences.map((cadence) => ({
             value: cadence.key,
             label: cadence.title,
-            detail: `${cadence.intervalDays}d, ${cadence.criticalOnly ? 'critical only' : 'full review'} - ${cadence.objective}`,
+            detail: `${cadence.intervalMinutes ? `${cadence.intervalMinutes}m` : `${cadence.intervalDays}d`}, ${cadence.criticalOnly ? 'critical only' : 'full review'} - ${cadence.objective}`,
         })),
     });
     const selected = new Set(selectedCadences);
@@ -3021,6 +4134,17 @@ async function askCadencePlan(rl, existingCadences = []) {
         if (cadence.enabled === false)
             continue;
         process.stdout.write(`\n${cadence.title}\n`);
+        const intervalDefault = cadence.intervalMinutes ? `${cadence.intervalMinutes}m` : `${cadence.intervalDays || 1}d`;
+        const intervalRaw = await ask(rl, `${cadence.key} interval (for example 90m, 1d, 7d)`, intervalDefault);
+        const intervalMatch = String(intervalRaw || intervalDefault).trim().match(/^(\d+)\s*([md])$/i);
+        if (intervalMatch?.[2]?.toLowerCase() === 'm') {
+            cadence.intervalMinutes = Number.parseInt(intervalMatch[1], 10) || cadence.intervalMinutes || 90;
+            delete cadence.intervalDays;
+        }
+        else if (intervalMatch?.[2]?.toLowerCase() === 'd') {
+            cadence.intervalDays = Number.parseInt(intervalMatch[1], 10) || cadence.intervalDays || 1;
+            delete cadence.intervalMinutes;
+        }
         cadence.objective = await ask(rl, `${cadence.key} objective`, cadence.objective);
         cadence.instructions = await ask(rl, `${cadence.key} instructions`, cadence.instructions);
         const focusAreas = await ask(rl, `${cadence.key} focus areas (comma-separated)`, cadence.focusAreas.join(','));
@@ -3065,7 +4189,7 @@ function printWizardHeader() {
     process.stdout.write('OpenClaw Growth Engineer - Setup Wizard\n');
     process.stdout.write('This wizard can configure connector secrets. Normal config is written to config JSON; API keys stay in the local chmod 600 secrets file.\n\n');
 }
-async function buildDefaultWizardConfig() {
+async function buildDefaultWizardConfig(configPath = null) {
     return {
         version: 7,
         generatedAt: new Date().toISOString(),
@@ -3088,10 +4212,36 @@ async function buildDefaultWizardConfig() {
                 mode: 'command',
                 command: getWizardDefaultSourceCommand('revenuecat'),
             },
+            paddle: {
+                enabled: true,
+                mode: 'command',
+                command: getWizardDefaultSourceCommand('paddle'),
+                environment: 'live',
+            },
+            seo: {
+                enabled: true,
+                mode: 'command',
+                command: getWizardDefaultSourceCommand('seo'),
+                siteUrl: process.env.GSC_SITE_URL || '',
+                paidProvider: {
+                    dataforseo: {
+                        enabled: false,
+                        confirmPaid: false,
+                        maxPaidRequests: 1,
+                    },
+                },
+            },
             sentry: {
                 enabled: true,
                 mode: 'command',
-                command: getWizardDefaultSourceCommand('sentry'),
+                command: normalizeWizardSourceCommand('sentry', {}, configPath),
+            },
+            coolify: {
+                enabled: true,
+                mode: 'command',
+                command: normalizeWizardSourceCommand('coolify', {}, configPath),
+                baseUrl: process.env.COOLIFY_BASE_URL || 'https://coolify.wotaso.com',
+                tokenEnv: 'COOLIFY_API_TOKEN',
             },
             feedback: {
                 enabled: true,
@@ -3117,7 +4267,8 @@ async function buildDefaultWizardConfig() {
             autoCreateWhenGitHubWriteAccess: true,
             disableAutoCreateGitHubArtifacts: false,
             mode: 'issue',
-            outputDestinations: ['openclaw_chat', 'github_issue', 'github_pull_request'],
+            outputDestinations: ['openclaw_chat', 'github_issue'],
+            productionErrorMode: 'issue',
             usageMode: 'production_autopilot',
             draftPullRequests: true,
             proposalBranchPrefix: 'openclaw/proposals',
@@ -3191,6 +4342,12 @@ async function buildDefaultWizardConfig() {
                 schedule: '*/30 * * * *',
                 timezone: process.env.TZ || 'UTC',
                 name: 'OpenClaw Growth Engineer scheduler',
+                delivery: {
+                    enabled: true,
+                    mode: 'announce',
+                    channel: 'last',
+                    to: '',
+                },
             },
         },
         secrets: {
@@ -3200,12 +4357,22 @@ async function buildDefaultWizardConfig() {
             analyticsTokenRef: { source: 'env', provider: 'default', id: 'ANALYTICSCLI_ACCESS_TOKEN' },
             revenuecatTokenEnv: 'REVENUECAT_API_KEY',
             revenuecatTokenRef: { source: 'env', provider: 'default', id: 'REVENUECAT_API_KEY' },
+            paddleTokenEnv: 'PADDLE_API_KEY',
+            paddleTokenRef: { source: 'env', provider: 'default', id: 'PADDLE_API_KEY' },
+            gscTokenEnv: 'GOOGLE_SEARCH_CONSOLE_ACCESS_TOKEN',
+            gscTokenRef: { source: 'env', provider: 'default', id: 'GOOGLE_SEARCH_CONSOLE_ACCESS_TOKEN' },
+            dataforseoLoginEnv: 'DATAFORSEO_LOGIN',
+            dataforseoLoginRef: { source: 'env', provider: 'default', id: 'DATAFORSEO_LOGIN' },
+            dataforseoPasswordEnv: 'DATAFORSEO_PASSWORD',
+            dataforseoPasswordRef: { source: 'env', provider: 'default', id: 'DATAFORSEO_PASSWORD' },
             sentryTokenEnv: 'SENTRY_AUTH_TOKEN',
             sentryTokenRef: { source: 'env', provider: 'default', id: 'SENTRY_AUTH_TOKEN' },
+            coolifyTokenEnv: 'COOLIFY_API_TOKEN',
+            coolifyTokenRef: { source: 'env', provider: 'default', id: 'COOLIFY_API_TOKEN' },
         },
     };
 }
-function buildRecommendedSourceConfig() {
+function buildRecommendedSourceConfig(configPath = null) {
     return {
         analytics: {
             enabled: true,
@@ -3217,10 +4384,36 @@ function buildRecommendedSourceConfig() {
             mode: 'command',
             command: getWizardDefaultSourceCommand('revenuecat'),
         },
+        paddle: {
+            enabled: true,
+            mode: 'command',
+            command: getWizardDefaultSourceCommand('paddle'),
+            environment: 'live',
+        },
+        seo: {
+            enabled: true,
+            mode: 'command',
+            command: getWizardDefaultSourceCommand('seo'),
+            siteUrl: process.env.GSC_SITE_URL || '',
+            paidProvider: {
+                dataforseo: {
+                    enabled: false,
+                    confirmPaid: false,
+                    maxPaidRequests: 1,
+                },
+            },
+        },
         sentry: {
             enabled: true,
             mode: 'command',
-            command: getWizardDefaultSourceCommand('sentry'),
+            command: normalizeWizardSourceCommand('sentry', {}, configPath),
+        },
+        coolify: {
+            enabled: true,
+            mode: 'command',
+            command: normalizeWizardSourceCommand('coolify', {}, configPath),
+            baseUrl: process.env.COOLIFY_BASE_URL || 'https://coolify.wotaso.com',
+            tokenEnv: 'COOLIFY_API_TOKEN',
         },
         feedback: {
             enabled: true,
@@ -3245,25 +4438,46 @@ function getInputChannelInitialSelection(config) {
         selected.add('analytics');
     if (sources.revenuecat?.enabled === true || isConnectorLocallyConfigured('revenuecat'))
         selected.add('revenuecat');
+    if (sources.paddle?.enabled === true || isConnectorLocallyConfigured('paddle'))
+        selected.add('paddle');
+    if (sources.seo?.enabled === true || isConnectorLocallyConfigured('seo'))
+        selected.add('seo');
     if (!hasExplicitSources || sources.sentry?.enabled !== false)
         selected.add('sentry');
+    if (sources.coolify?.enabled === true || isConnectorLocallyConfigured('coolify'))
+        selected.add('coolify');
     if (extraSources.some((source) => ['asc', 'asc-cli', 'app-store-connect', 'app_store_connect'].includes(String(source?.service || source?.key || '').toLowerCase()) &&
         source?.enabled !== false) ||
         isConnectorLocallyConfigured('asc')) {
         selected.add('asc');
     }
+    for (const key of ACCOUNT_SIGNAL_CONNECTOR_KEYS) {
+        if (extraSources.some((source) => String(source?.key || source?.service || '').toLowerCase() === key && source?.enabled !== false) ||
+            isConnectorLocallyConfigured(key)) {
+            selected.add(key);
+        }
+    }
     selected.add('github');
     if (selected.size === 0)
         return orderConnectors([...CONNECTOR_KEYS]);
     return orderConnectors([...selected]);
 }
-function buildSourceConfigFromInputChannels(selectedConnectors, existingSources = {}) {
+function buildSourceConfigFromInputChannels(selectedConnectors, existingSources = {}, configPath = null) {
     const selected = new Set(selectedConnectors);
-    const recommended = buildRecommendedSourceConfig();
-    const migratedSources = migrateRuntimeSourceCommands({ sources: existingSources }).sources || {};
+    const recommended = buildRecommendedSourceConfig(configPath);
+    const migratedSources = migrateRuntimeSourceCommands({ sources: existingSources }, configPath).sources || {};
     const existingExtra = Array.isArray(migratedSources.extra) ? migratedSources.extra : [];
     const ascSource = existingExtra.find((source) => ['asc', 'asc-cli', 'app-store-connect', 'app_store_connect'].includes(String(source?.service || source?.key || '').toLowerCase()));
-    const nonAscExtra = existingExtra.filter((source) => source !== ascSource);
+    const managedAccountKeys = new Set(ACCOUNT_SIGNAL_CONNECTOR_KEYS);
+    const accountSourceByKey = new Map(existingExtra
+        .filter((source) => managedAccountKeys.has(String(source?.key || source?.service || '').toLowerCase()))
+        .map((source) => [String(source?.key || source?.service || '').toLowerCase(), source]));
+    const nonAscExtra = existingExtra.filter((source) => {
+        if (source === ascSource)
+            return false;
+        return !managedAccountKeys.has(String(source?.key || source?.service || '').toLowerCase());
+    });
+    const accountExtra = ACCOUNT_SIGNAL_CONNECTOR_KEYS.map((key) => buildAccountSignalExtraSourceConfig(key, accountSourceByKey.get(key) || { enabled: selected.has(key) })).map((source) => ({ ...source, enabled: selected.has(source.key) }));
     return {
         ...recommended,
         ...migratedSources,
@@ -3273,7 +4487,7 @@ function buildSourceConfigFromInputChannels(selectedConnectors, existingSources
             command: normalizeWizardSourceCommand('analytics', {
                 ...recommended.analytics,
                 ...(migratedSources.analytics || {}),
-            }),
+            }, configPath),
             enabled: selected.has('analytics'),
         },
         revenuecat: {
@@ -3282,18 +4496,45 @@ function buildSourceConfigFromInputChannels(selectedConnectors, existingSources
             command: normalizeWizardSourceCommand('revenuecat', {
                 ...recommended.revenuecat,
                 ...(migratedSources.revenuecat || {}),
-            }),
+            }, configPath),
             enabled: selected.has('revenuecat'),
         },
+        paddle: {
+            ...recommended.paddle,
+            ...(migratedSources.paddle || {}),
+            command: normalizeWizardSourceCommand('paddle', {
+                ...recommended.paddle,
+                ...(migratedSources.paddle || {}),
+            }, configPath),
+            enabled: selected.has('paddle'),
+        },
+        seo: {
+            ...recommended.seo,
+            ...(migratedSources.seo || {}),
+            command: normalizeWizardSourceCommand('seo', {
+                ...recommended.seo,
+                ...(migratedSources.seo || {}),
+            }, configPath),
+            enabled: selected.has('seo'),
+        },
         sentry: {
             ...recommended.sentry,
             ...(migratedSources.sentry || {}),
             command: normalizeWizardSourceCommand('sentry', {
                 ...recommended.sentry,
                 ...(migratedSources.sentry || {}),
-            }),
+            }, configPath),
             enabled: selected.has('sentry'),
         },
+        coolify: {
+            ...recommended.coolify,
+            ...(migratedSources.coolify || {}),
+            command: normalizeWizardSourceCommand('coolify', {
+                ...recommended.coolify,
+                ...(migratedSources.coolify || {}),
+            }, configPath),
+            enabled: selected.has('coolify'),
+        },
         feedback: {
             ...recommended.feedback,
             ...(migratedSources.feedback || {}),
@@ -3301,6 +4542,7 @@ function buildSourceConfigFromInputChannels(selectedConnectors, existingSources
         },
         extra: [
             ...nonAscExtra,
+            ...accountExtra,
             {
                 ...buildExtraSourceConfig('asc-cli', {
                     enabled: selected.has('asc'),
@@ -3315,7 +4557,7 @@ function buildSourceConfigFromInputChannels(selectedConnectors, existingSources
                         command: getWizardDefaultSourceCommand('asc'),
                     }),
                     ...(ascSource || {}),
-                }),
+                }, configPath),
                 enabled: selected.has('asc'),
             },
         ],
@@ -3324,8 +4566,8 @@ function buildSourceConfigFromInputChannels(selectedConnectors, existingSources
 async function loadEditableConfig(configPath) {
     const existing = await readJsonIfPresent(configPath).catch(() => null);
     if (existing && typeof existing === 'object')
-        return migrateRuntimeSourceCommands(existing);
-    return await buildDefaultWizardConfig();
+        return migrateRuntimeSourceCommands(existing, configPath);
+    return await buildDefaultWizardConfig(configPath);
 }
 function mergeNotificationChannels(baseChannels, extraChannels) {
     const channels = [];
@@ -3412,9 +4654,33 @@ async function askOutputConfig(rl, config) {
     });
     const wantsIssue = outputChoices.includes('issue');
     const wantsPullRequest = outputChoices.includes('pull_request');
-    const summaryOnly = !wantsIssue && !wantsPullRequest;
-    const mode = wantsPullRequest ? 'pull_request' : 'issue';
-    const autoCreate = wantsIssue || wantsPullRequest;
+    const productionErrorMode = await askMenuChoice(rl, {
+        title: 'Production error handling',
+        subtitle: 'What should happen when the 90-minute healthcheck confirms a production Sentry/GlitchTip/Coolify issue?',
+        defaultValue: config?.actions?.productionErrorMode || (wantsPullRequest ? 'pull_request' : wantsIssue ? 'issue' : 'alert'),
+        options: [
+            {
+                value: 'alert',
+                label: 'Alert only',
+                detail: 'Send the short alert/handoff; do not auto-create GitHub artifacts for production errors.',
+            },
+            {
+                value: 'issue',
+                label: 'GitHub issue',
+                detail: 'Create a GitHub issue with the production evidence and suggested investigation when access allows it.',
+            },
+            {
+                value: 'pull_request',
+                label: 'Draft PR',
+                detail: 'Create a draft PR proposal for implementation-ready production fixes when access allows it.',
+            },
+        ],
+    });
+    const effectiveWantsIssue = wantsIssue || productionErrorMode === 'issue';
+    const effectiveWantsPullRequest = wantsPullRequest || productionErrorMode === 'pull_request';
+    const summaryOnly = !effectiveWantsIssue && !effectiveWantsPullRequest;
+    const mode = effectiveWantsPullRequest ? 'pull_request' : 'issue';
+    const autoCreate = effectiveWantsIssue || effectiveWantsPullRequest;
     if (!summaryOnly) {
         process.stdout.write('GitHub repo scope is not pinned by the wizard; OpenClaw/Hermes will infer it from OPENCLAW_GITHUB_REPO, the local git remote, or runtime context when creating issues/PRs.\n');
     }
@@ -3433,11 +4699,12 @@ async function askOutputConfig(rl, config) {
         mode,
         outputDestinations: [
             'openclaw_chat',
-            ...(wantsIssue ? ['github_issue'] : []),
-            ...(wantsPullRequest ? ['github_pull_request'] : []),
+            ...(effectiveWantsIssue ? ['github_issue'] : []),
+            ...(effectiveWantsPullRequest ? ['github_pull_request'] : []),
         ],
-        autoCreateIssues: wantsIssue,
-        autoCreatePullRequests: wantsPullRequest,
+        productionErrorMode,
+        autoCreateIssues: effectiveWantsIssue,
+        autoCreatePullRequests: effectiveWantsPullRequest,
         autoCreateWhenGitHubWriteAccess: config.actions?.autoCreateWhenGitHubWriteAccess !== false,
         disableAutoCreateGitHubArtifacts: config.actions?.disableAutoCreateGitHubArtifacts === true,
         draftPullRequests: true,
@@ -3456,8 +4723,8 @@ async function askOutputConfig(rl, config) {
             enabled: !summaryOnly,
             mode,
             modes: [
-                ...(wantsIssue ? ['issue'] : []),
-                ...(wantsPullRequest ? ['pull_request'] : []),
+                ...(effectiveWantsIssue ? ['issue'] : []),
+                ...(effectiveWantsPullRequest ? ['pull_request'] : []),
             ],
             autoCreate,
             draftPullRequests: true,
@@ -3553,21 +4820,37 @@ async function askIntervalConfig(rl, config) {
     printSection('Schedule and analysis depth', [
         'The runner wakes up often, but larger reviews only run on their daily/weekly/monthly cadence.',
         'Connector health checks are separate and default to every 6 hours.',
-        'On OpenClaw VPS installs, OpenClaw Gateway cron should wake the agent; heartbeat stays as a fallback checklist.',
+        'On OpenClaw or Hermes VPS installs, the agent scheduler should wake Growth Engineer; heartbeat stays as a fallback checklist.',
     ]);
     const currentSchedule = config?.schedule || {};
     const currentAutomation = getAutomationConfig(config);
     const usageMode = await askToolUsage(rl);
-    const intervalMinutes = Number.parseInt(await ask(rl, 'Growth runner wake-up interval in minutes', String(currentSchedule.intervalMinutes || DEFAULT_GROWTH_INTERVAL_MINUTES)), 10) || DEFAULT_GROWTH_INTERVAL_MINUTES;
-    const connectorHealthCheckIntervalMinutes = Number.parseInt(await ask(rl, 'Connector health check interval in minutes', String(currentSchedule.connectorHealthCheckIntervalMinutes || DEFAULT_CONNECTOR_HEALTH_INTERVAL_MINUTES)), 10) || DEFAULT_CONNECTOR_HEALTH_INTERVAL_MINUTES;
+    const schedulePreset = await askSchedulePreset(rl);
+    const recommendedRunnerInterval = schedulePreset === 'quiet' ? 360 : 90;
+    const recommendedConnectorHealthInterval = schedulePreset === 'quiet' ? 360 : DEFAULT_CONNECTOR_HEALTH_INTERVAL_MINUTES;
+    const recommendedOpenClawCronSchedule = schedulePreset === 'quiet' ? '0 * * * *' : '*/30 * * * *';
+    const intervalMinutes = schedulePreset === 'manual'
+        ? Number.parseInt(await ask(rl, 'Growth runner fallback loop interval in minutes', String(currentSchedule.intervalMinutes || recommendedRunnerInterval)), 10) || recommendedRunnerInterval
+        : recommendedRunnerInterval;
+    const connectorHealthCheckIntervalMinutes = schedulePreset === 'manual'
+        ? Number.parseInt(await ask(rl, 'Connector credentials health check interval in minutes', String(currentSchedule.connectorHealthCheckIntervalMinutes || recommendedConnectorHealthInterval)), 10) || recommendedConnectorHealthInterval
+        : recommendedConnectorHealthInterval;
     const cadences = await askCadencePlan(rl, currentSchedule.cadences);
     const enableOpenClawCron = await askYesNo(rl, 'Install an OpenClaw Gateway cron job to wake Growth Engineer on this VPS?', currentAutomation.openclawCron.enabled !== false);
     const openclawCronSchedule = enableOpenClawCron
-        ? await ask(rl, 'OpenClaw cron expression for scheduler wakeups', currentAutomation.openclawCron.schedule || '*/30 * * * *')
+        ? schedulePreset === 'manual'
+            ? await ask(rl, 'OpenClaw cron expression for scheduler wakeups', currentAutomation.openclawCron.schedule || recommendedOpenClawCronSchedule)
+            : recommendedOpenClawCronSchedule
         : currentAutomation.openclawCron.schedule;
     const openclawCronTimezone = enableOpenClawCron
         ? await ask(rl, 'OpenClaw cron timezone', currentAutomation.openclawCron.timezone || process.env.TZ || 'UTC')
         : currentAutomation.openclawCron.timezone;
+    const enableHermesCron = await askYesNo(rl, 'Install a Hermes cron job when Hermes is available on this host?', currentAutomation.hermesCron.enabled !== false);
+    const hermesCronSchedule = enableHermesCron
+        ? schedulePreset === 'manual'
+            ? await ask(rl, 'Hermes cron expression for scheduler wakeups', currentAutomation.hermesCron.schedule || openclawCronSchedule || recommendedOpenClawCronSchedule)
+            : openclawCronSchedule || recommendedOpenClawCronSchedule
+        : currentAutomation.hermesCron.schedule;
     config.schedule = {
         ...currentSchedule,
         intervalMinutes,
@@ -3589,6 +4872,21 @@ async function askIntervalConfig(rl, config) {
             schedule: openclawCronSchedule || '*/30 * * * *',
             timezone: openclawCronTimezone || 'UTC',
             name: currentAutomation.openclawCron.name || 'OpenClaw Growth Engineer scheduler',
+            delivery: {
+                ...(currentAutomation.openclawCron.delivery || {}),
+                enabled: currentAutomation.openclawCron.delivery?.enabled !== false,
+                mode: currentAutomation.openclawCron.delivery?.mode || 'announce',
+                channel: currentAutomation.openclawCron.delivery?.channel || 'last',
+                to: currentAutomation.openclawCron.delivery?.to || '',
+            },
+        },
+        hermesCron: {
+            ...(currentAutomation.hermesCron || {}),
+            enabled: enableHermesCron,
+            schedule: hermesCronSchedule || '*/30 * * * *',
+            name: currentAutomation.hermesCron.name || 'Hermes Growth Engineer scheduler',
+            skill: currentAutomation.hermesCron.skill || 'growth-engineer',
+            deliver: currentAutomation.hermesCron.deliver || 'local',
         },
     };
     return config;
@@ -3599,7 +4897,7 @@ async function askOutputsAndIntervalsConfig(rl, config) {
     return await askGitHubArtifactDetails(rl, withOutput);
 }
 async function askInputSourceConfig(rl, config, configPath) {
-    config = migrateRuntimeSourceCommands(config);
+    config = migrateRuntimeSourceCommands(config, configPath);
     await ensureDirForFile(configPath);
     await writeJsonFile(configPath, config);
     const healthByConnector = await withConnectorHealthLoading((onProgress) => getConnectorPickerHealth(configPath, onProgress));
@@ -3610,7 +4908,7 @@ async function askInputSourceConfig(rl, config, configPath) {
         helpText: 'Use Up/Down to move, Space to toggle channels, A to toggle all channels, Enter to continue.',
         mode: 'input',
     });
-    config.sources = buildSourceConfigFromInputChannels(selected, config.sources || {});
+    config.sources = buildSourceConfigFromInputChannels(selected, config.sources || {}, configPath);
     return { config, selected, healthByConnector };
 }
 async function writeOpenClawJobManifest(configPath, config) {
@@ -3634,7 +4932,7 @@ async function writeOpenClawJobManifest(configPath, config) {
             openClawCanEditOutputDelivery: true,
             openClawCanEditConnectors: true,
             openClawCanEditConnectorSecrets: false,
-            connectorChanges: 'OpenClaw may read and modify non-secret connector config such as enabled flags, source commands, project/app mappings, and source priorities. Use `node scripts/openclaw-growth-wizard.mjs --connectors` for API keys or other connector secrets; never write secret values into config files, manifests, issues, PRs, or chat output.',
+            connectorChanges: 'OpenClaw may read and modify non-secret connector config such as enabled flags, source commands, project/app mappings, and source priorities. Use `npx -y @analyticscli/growth-engineer@preview wizard --connectors` for API keys or other connector secrets; never write secret values into config files, manifests, issues, PRs, or chat output.',
             secretAccessMode: config?.security?.connectorSecrets?.mode || 'local-user-file',
             secretPolicy: config?.security?.connectorSecrets?.mode === 'isolated-runner'
                 ? 'OpenClaw must use the allowlisted sudo wrapper commands and must not read the persisted secret file.'
@@ -3643,12 +4941,14 @@ async function writeOpenClawJobManifest(configPath, config) {
         scheduler: {
             recommended: 'openclaw-cron',
             openclawCron: automation.openclawCron,
+            hermesCron: automation.hermesCron,
             statePath,
             proofPath,
             verifyCommands: [
                 'openclaw cron list',
                 'openclaw tasks list',
                 'openclaw tasks audit',
+                'hermes cron list',
                 `tail -n 20 ${proofPath}`,
                 `jq '.connectorHealth, .cadences, .lastRunAt, .skippedReason' ${statePath}`,
             ],
@@ -3674,25 +4974,6 @@ async function writeOpenClawJobManifest(configPath, config) {
     await writeJsonFile(manifestPath, manifest);
     return manifestPath;
 }
-function buildOpenClawCronAddCommand(configPath, config) {
-    const automation = getAutomationConfig(config).openclawCron;
-    const displayConfigPath = path.relative(process.cwd(), configPath) || configPath;
-    const eventText = buildOpenClawGrowthSystemEvent(displayConfigPath, config);
-    return [
-        'openclaw cron add',
-        '--name',
-        quote(automation.name),
-        '--cron',
-        quote(automation.schedule),
-        '--tz',
-        quote(automation.timezone),
-        '--session',
-        automation.mode === 'isolated' ? 'isolated' : 'main',
-        automation.mode === 'isolated' ? '--message' : '--system-event',
-        quote(eventText),
-        automation.mode === 'isolated' ? '--announce' : '--wake now',
-    ].join(' ');
-}
 async function ensureOpenClawCronFromWizard(configPath, config) {
     const automation = getAutomationConfig(config).openclawCron;
     const displayConfigPath = path.relative(process.cwd(), configPath) || configPath;
@@ -3708,7 +4989,7 @@ async function ensureOpenClawCronFromWizard(configPath, config) {
             proofPath,
         };
     }
-    const addCommand = buildOpenClawCronAddCommand(configPath, config);
+    const addCommand = buildOpenClawCronAddCommand(displayConfigPath, config);
     if (!(await commandExists('openclaw'))) {
         return {
             ok: true,
@@ -3720,26 +5001,108 @@ async function ensureOpenClawCronFromWizard(configPath, config) {
             proofPath,
         };
     }
-    const list = await runCommandCapture('openclaw cron list');
-    if (list.ok && list.stdout.includes(automation.name)) {
+    const inspection = await inspectOpenClawCronInstall({
+        configPath: displayConfigPath,
+        config,
+        runCommand: runCommandCapture,
+        readFile: fs.readFile,
+    });
+    if (inspection.exists && inspection.verified) {
         return {
             ok: true,
             installed: true,
-            status: 'already_configured',
-            detail: `OpenClaw cron job already exists: ${automation.name}`,
+            status: 'already_configured_verified',
+            detail: `OpenClaw cron job already exists and matches the Growth Engineer runner contract: ${automation.name}`,
+            source: inspection.source,
             statePath,
             proofPath,
         };
     }
     const add = await runCommandCapture(addCommand);
+    const existingDetail = inspection.exists
+        ? `Existing OpenClaw cron job "${automation.name}" was not verifiably wired to the current runner contract (${inspection.reason} via ${inspection.source}). `
+        : '';
     return {
         ok: add.ok,
         installed: add.ok,
-        status: add.ok ? 'configured' : 'failed',
-        detail: add.ok ? `Configured OpenClaw cron job: ${automation.name}` : add.stderr || add.stdout || `exit ${add.code}`,
+        status: add.ok ? (inspection.exists ? 'reconfigured' : 'configured') : inspection.exists ? 'needs_repair' : 'failed',
+        detail: add.ok
+            ? `${existingDetail}Configured OpenClaw cron job: ${automation.name}`
+            : `${existingDetail}${add.stderr || add.stdout || `exit ${add.code}`}`,
         command: addCommand,
+        remediation: inspection.exists && !add.ok
+            ? `Remove the stale OpenClaw cron job named "${automation.name}" with your installed OpenClaw CLI, then rerun: ${addCommand}`
+            : undefined,
+        statePath,
+        proofPath,
+    };
+}
+async function ensureHermesCronFromWizard(configPath, config) {
+    const automation = getAutomationConfig(config).hermesCron;
+    const displayConfigPath = path.relative(process.cwd(), configPath) || configPath;
+    const statePath = deriveStatePathFromConfigPath(displayConfigPath);
+    const proofPath = path.resolve(deriveSchedulerProofPathFromStatePath(statePath));
+    const workdir = path.resolve(automation.workdir || process.cwd());
+    if (automation.enabled === false) {
+        return {
+            ok: true,
+            installed: false,
+            status: 'disabled',
+            detail: 'Hermes cron disabled by user choice.',
+            statePath,
+            proofPath,
+        };
+    }
+    const createCommand = buildHermesCronCreateCommand(displayConfigPath, config, { workdir });
+    if (!(await commandExists('hermes'))) {
+        return {
+            ok: true,
+            installed: false,
+            status: 'hermes_cli_missing',
+            detail: 'hermes CLI was not found on PATH. Run the shown command on the host where Hermes Gateway is installed.',
+            command: createCommand,
+            statePath,
+            proofPath,
+            workdir,
+        };
+    }
+    const inspection = await inspectHermesCronInstall({
+        configPath: displayConfigPath,
+        config,
+        runCommand: runCommandCapture,
+        readFile: fs.readFile,
+        workdir,
+    });
+    if (inspection.exists && inspection.verified) {
+        return {
+            ok: true,
+            installed: true,
+            status: 'already_configured_verified',
+            detail: `Hermes cron job already exists and matches the Growth Engineer runner contract: ${automation.name}`,
+            source: inspection.source,
+            statePath,
+            proofPath,
+            workdir,
+        };
+    }
+    const create = await runCommandCapture(createCommand);
+    const existingDetail = inspection.exists
+        ? `Existing Hermes cron job "${automation.name}" was not verifiably wired to the current runner contract (${inspection.reason} via ${inspection.source}). `
+        : '';
+    return {
+        ok: create.ok,
+        installed: create.ok,
+        status: create.ok ? (inspection.exists ? 'reconfigured' : 'configured') : inspection.exists ? 'needs_repair' : 'failed',
+        detail: create.ok
+            ? `${existingDetail}Configured Hermes cron job: ${automation.name}`
+            : `${existingDetail}${create.stderr || create.stdout || `exit ${create.code}`}`,
+        command: createCommand,
+        remediation: inspection.exists && !create.ok
+            ? `Remove the stale Hermes cron job named "${automation.name}" with your installed Hermes CLI, then rerun: ${createCommand}`
+            : undefined,
         statePath,
         proofPath,
+        workdir,
     };
 }
 function printOpenClawCronResult(result) {
@@ -3748,6 +5111,10 @@ function printOpenClawCronResult(result) {
         process.stdout.write('\nRun this on the VPS where OpenClaw Gateway is installed:\n');
         process.stdout.write(`${result.command}\n`);
     }
+    if (result.remediation) {
+        process.stdout.write('\nOpenClaw cron repair:\n');
+        process.stdout.write(`${result.remediation}\n`);
+    }
     process.stdout.write('\nVPS verification commands:\n');
     process.stdout.write('  openclaw cron list\n');
     process.stdout.write('  openclaw tasks list\n');
@@ -3755,10 +5122,33 @@ function printOpenClawCronResult(result) {
     process.stdout.write(`  tail -n 20 ${result.proofPath || path.resolve(DEFAULT_SCHEDULER_PROOF_PATH)}\n`);
     process.stdout.write(`  jq '.connectorHealth, .cadences, .lastRunAt, .skippedReason' ${result.statePath || 'data/openclaw-growth-engineer/state.json'}\n`);
 }
+function printHermesCronResult(result) {
+    process.stdout.write(`Hermes cron: ${result.status} - ${result.detail}\n`);
+    if (result.command && result.status === 'hermes_cli_missing') {
+        process.stdout.write('\nRun this on the host where Hermes Gateway is installed:\n');
+        process.stdout.write(`${result.command}\n`);
+    }
+    if (result.remediation) {
+        process.stdout.write('\nHermes cron repair:\n');
+        process.stdout.write(`${result.remediation}\n`);
+    }
+    process.stdout.write('\nHermes verification commands:\n');
+    process.stdout.write('  hermes cron list\n');
+    process.stdout.write('  hermes gateway status\n');
+    process.stdout.write(`  tail -n 20 ${result.proofPath || path.resolve(DEFAULT_SCHEDULER_PROOF_PATH)}\n`);
+    process.stdout.write(`  jq '.connectorHealth, .cadences, .lastRunAt, .skippedReason' ${result.statePath || 'data/openclaw-growth-engineer/state.json'}\n`);
+}
 async function main() {
     await loadOpenClawGrowthSecrets();
     const args = parseArgs(process.argv.slice(2));
     await maybeSelfUpdateFromClawHub(args);
+    if (args.sandboxSmoke) {
+        const configPath = path.resolve(args.out);
+        const config = await loadEditableConfig(configPath);
+        await writeJsonFile(configPath, config);
+        process.stdout.write(`${JSON.stringify({ ok: true, configPath, sources: config.sources || {} })}\n`);
+        return;
+    }
     if (args.connectorWizard) {
         await runConnectorSetupWizard(args);
         return;
@@ -3782,9 +5172,11 @@ async function main() {
             await writeJsonFile(configPath, config);
             const manifestPath = await writeOpenClawJobManifest(configPath, config);
             const cronResult = await ensureOpenClawCronFromWizard(configPath, config);
+            const hermesCronResult = await ensureHermesCronFromWizard(configPath, config);
             process.stdout.write(`\nSaved schedule config: ${configPath}\n`);
             process.stdout.write(`Saved OpenClaw job manifest: ${manifestPath}\n`);
             printOpenClawCronResult(cronResult);
+            printHermesCronResult(hermesCronResult);
             printSecretRunnerKitInstructions(secretAccess.kit);
             process.stdout.write('OpenClaw can run and update growth jobs plus non-secret connector config from the manifest; connector API keys stay behind the connector wizard.\n');
             return;
@@ -3795,9 +5187,11 @@ async function main() {
             await writeJsonFile(configPath, config);
             const manifestPath = await writeOpenClawJobManifest(configPath, config);
             const cronResult = await ensureOpenClawCronFromWizard(configPath, config);
+            const hermesCronResult = await ensureHermesCronFromWizard(configPath, config);
             process.stdout.write(`\nSaved output and interval config: ${configPath}\n`);
             process.stdout.write(`Saved OpenClaw job manifest: ${manifestPath}\n`);
             printOpenClawCronResult(cronResult);
+            printHermesCronResult(hermesCronResult);
             printSecretRunnerKitInstructions(secretAccess.kit);
             process.stdout.write('Daily checks prioritize Sentry and production anomalies; larger cadences analyze all configured projects and connectors.\n');
             return;
@@ -3830,9 +5224,11 @@ async function main() {
         await fs.writeFile(configPath, JSON.stringify(config, null, 2), 'utf8');
         const manifestPath = await writeOpenClawJobManifest(configPath, config);
         const cronResult = await ensureOpenClawCronFromWizard(configPath, config);
+        const hermesCronResult = await ensureHermesCronFromWizard(configPath, config);
         process.stdout.write(`\nSaved config: ${configPath}\n`);
         process.stdout.write(`Saved OpenClaw job manifest: ${manifestPath}\n`);
         printOpenClawCronResult(cronResult);
+        printHermesCronResult(hermesCronResult);
         printSecretRunnerKitInstructions(secretAccess.kit);
         process.stdout.write('\nNext steps:\n');
         process.stdout.write(`1) Set secrets in OpenClaw secret store (env var names in config.secrets)\n`);