@analyticscli/growth-engineer 0.1.1-preview.0 → 0.1.1-preview.10

package/dist/runtime/openclaw-growth-wizard.mjs

@@ -11,6 +11,7 @@ import { buildOpenClawCronAddCommand, buildHermesCronCreateCommand, buildGrowthR
 import { loadOpenClawGrowthSecrets } from './openclaw-growth-env.mjs';
 const DEFAULT_CONFIG_PATH = 'data/openclaw-growth-engineer/config.json';
 const SELF_UPDATE_INTERVAL_MS = 24 * 60 * 60 * 1000;
+const SELF_UPDATE_SKILL_SLUG_CANDIDATES = ['growth-engineer', 'openclaw-growth-engineer'];
 const ENABLE_ISOLATED_SECRET_RUNNER_WIZARD = false;
 const DEFAULT_GROWTH_INTERVAL_MINUTES = 90;
 const DEFAULT_CONNECTOR_HEALTH_INTERVAL_MINUTES = 360;
@@ -83,7 +84,7 @@ const CONNECTOR_DEFINITIONS = [
         key: 'paddle',
         label: 'Paddle Billing metrics',
         summary: 'Read web checkout, revenue, MRR, refunds, chargebacks, and active subscriber metrics.',
-        needs: 'A Paddle API key with metrics.read permission for the live account.',
+        needs: 'A scoped Paddle API key for the live account with metrics.read permission.',
     },
     {
         key: 'seo',
@@ -855,6 +856,7 @@ function resolveRuntimeScriptPath(scriptName) {
     const candidates = [
         path.join(RUNTIME_DIR, scriptName),
         path.resolve('scripts', scriptName),
+        path.resolve('skills/growth-engineer/scripts', scriptName),
         path.resolve('skills/openclaw-growth-engineer/scripts', scriptName),
     ];
     return candidates.find((candidate) => existsSync(candidate)) || path.join(RUNTIME_DIR, scriptName);
@@ -904,7 +906,9 @@ function sourceCommandNeedsActiveConfig(sourceName, command) {
     const value = String(command || '').toLowerCase();
     return (normalized === 'sentry' ||
         normalized === 'glitchtip' ||
+        normalized === 'paddle' ||
         normalized === 'coolify' ||
+        value.includes('export-paddle-summary') ||
         value.includes('export-sentry-summary') ||
         value.includes('export-coolify-summary') ||
         value.includes('exporters coolify-summary'));
@@ -1090,7 +1094,7 @@ function withMissingRequiredAnalyticsConnector(selected) {
 }
 async function askConnectorSelectionWithHealth(rl, healthByConnector = {}, initialSelected = [], copy = {}) {
     if (!process.stdin.isTTY || !process.stdout.isTTY || !process.stdin.setRawMode) {
-        return await askConnectorSelectionByText(rl, healthByConnector, copy);
+        return await askConnectorSelectionByText(rl, healthByConnector, initialSelected, copy);
     }
     rl.pause();
     let completed = false;
@@ -1108,20 +1112,23 @@ async function askConnectorSelectionWithHealth(rl, healthByConnector = {}, initi
         }
     }
 }
-async function askConnectorSelectionByText(rl, healthByConnector = {}, copy = {}) {
+async function askConnectorSelectionByText(rl, healthByConnector = {}, initialSelected = [], copy = {}) {
     printConnectorIntro(copy);
     for (const group of connectorPickerGroups(healthByConnector)) {
         process.stdout.write(`${ANSI.bold}${group.title}${ANSI.reset}\n`);
         for (const connector of group.connectors) {
             const number = CONNECTOR_DEFINITIONS.findIndex((entry) => entry.key === connector.key) + 1;
             process.stdout.write(`  ${number}) ${connector.label}\n`);
-            writeWrapped(formatConnectorHealthText(connector.key, healthByConnector), '     ', ANSI.dim);
-            writeWrapped(connector.summary, '     ');
         }
         process.stdout.write('\n');
     }
+    const required = copy.mode === 'input' ? new Set() : getRequiredConnectorKeys();
+    const defaultSelection = orderConnectors([...new Set([...initialSelected, ...required])]);
+    const defaultAnswer = defaultSelection.length > 0
+        ? defaultSelection.map((key) => String(CONNECTOR_DEFINITIONS.findIndex((entry) => entry.key === key) + 1)).join(',')
+        : '';
     while (true) {
-        const answer = await ask(rl, 'Select connectors (comma-separated numbers/names, or all)', 'all');
+        const answer = await ask(rl, 'Select connectors (comma-separated numbers/names, or all)', defaultAnswer);
         const selected = parseConnectorAnswer(answer);
         if (selected.length > 0)
             return selected;
@@ -1445,14 +1452,19 @@ function normalizeConnectorProgressKey(key) {
         return accountConnector;
     return null;
 }
-async function withConnectorHealthLoading(taskFactory) {
+async function withConnectorHealthLoading(taskFactory, expectedConnectors = [...CONNECTOR_KEYS]) {
+    const expected = orderConnectors(expectedConnectors);
+    if (expected.length === 0) {
+        return await taskFactory(() => { });
+    }
     const frames = ['-', '\\', '|', '/'];
     const completed = new Set();
+    const expectedSet = new Set(expected);
     let index = 0;
     let current = 'starting';
     const render = () => {
-        const count = Math.min(completed.size, CONNECTOR_KEYS.length);
-        process.stdout.write(`\rChecking connector health ${count}/${CONNECTOR_KEYS.length} (${current}) ${frames[index]}`);
+        const count = Math.min(completed.size, expected.length);
+        process.stdout.write(`\rChecking connector health ${count}/${expected.length} (${current}) ${frames[index]}`);
     };
     const timer = setInterval(() => {
         index = (index + 1) % frames.length;
@@ -1462,14 +1474,14 @@ async function withConnectorHealthLoading(taskFactory) {
     try {
         const result = await taskFactory((event) => {
             const key = normalizeConnectorProgressKey(event?.key);
-            if (!key)
+            if (!key || !expectedSet.has(key))
                 return;
             current = connectorLabel(key);
             if (event?.phase === 'finish')
                 completed.add(key);
             render();
         });
-        CONNECTOR_KEYS.forEach((key) => completed.add(key));
+        expected.forEach((key) => completed.add(key));
         current = 'done';
         render();
         process.stdout.write('\n');
@@ -1525,12 +1537,14 @@ function connectorStatusLabel(key, healthByConnector = {}) {
     if (health.status === 'connected')
         return configured ? 'configured, healthy' : 'healthy via local tool auth';
     if (!configured)
-        return 'not configured';
+        return '';
     return `configured, ${connectorHealthLabel(health.status)}`;
 }
 function formatConnectorHealthText(key, healthByConnector = {}) {
     const health = getConnectorHealth(key, healthByConnector);
     const label = connectorStatusLabel(key, healthByConnector);
+    if (!label)
+        return '';
     const detail = health.detail ? ` - ${health.detail}` : '';
     return `Status: ${label}${detail}`;
 }
@@ -1589,11 +1603,133 @@ function connectorPickerDisplayItems(healthByConnector = {}) {
     return connectorPickerGroups(healthByConnector).flatMap((group) => group.connectors);
 }
 function connectorKeysNeedingAttention(healthByConnector = {}) {
-    return CONNECTOR_KEYS.filter((key) => ['blocked', 'partial', 'unknown', 'not_connected'].includes(String(getConnectorHealth(key, healthByConnector).status || '')));
+    return CONNECTOR_KEYS.filter((key) => {
+        const health = getConnectorHealth(key, healthByConnector);
+        const status = String(health.status || '');
+        if (!['blocked', 'partial', 'unknown', 'not_connected'].includes(status))
+            return false;
+        return isConnectorLocallyConfigured(key) || status !== 'not_connected';
+    });
+}
+function isConfiguredSource(config, sourceName) {
+    return Boolean(config?.sources?.[sourceName] && config.sources[sourceName].enabled !== false);
+}
+function configuredConnectorKeysFromConfig(config) {
+    const configured = new Set();
+    if (!config || typeof config !== 'object')
+        return [];
+    for (const key of ['analytics', 'revenuecat', 'paddle', 'seo', 'sentry', 'coolify']) {
+        if (isConfiguredSource(config, key))
+            configured.add(key);
+    }
+    if (isConfiguredGitHubRepo(config?.project?.githubRepo))
+        configured.add('github');
+    for (const source of Array.isArray(config?.sources?.extra) ? config.sources.extra : []) {
+        if (!source || source.enabled === false)
+            continue;
+        if (source.service === 'asc-cli') {
+            configured.add('asc');
+            continue;
+        }
+        const connector = normalizeConnectorProgressKey(source.key || source.service || source.type);
+        if (connector)
+            configured.add(connector);
+    }
+    return [...configured];
+}
+async function connectorKeysForHealthCheck(configPath) {
+    const configured = new Set();
+    CONNECTOR_KEYS.forEach((key) => {
+        if (isConnectorLocallyConfigured(key))
+            configured.add(key);
+    });
+    const config = await readJsonIfPresent(configPath).catch(() => null);
+    for (const key of configuredConnectorKeysFromConfig(config))
+        configured.add(key);
+    return orderConnectors([...configured]);
+}
+function connectorKeyFromRunnerHealthKey(key) {
+    const normalized = String(key || '').trim();
+    if (normalized === 'analyticscli')
+        return 'analytics';
+    if (normalized === 'appStoreConnect')
+        return 'asc';
+    const connector = normalizeConnectorProgressKey(normalized);
+    return connector || null;
+}
+function activeIncidentStatusLabel(status) {
+    const normalized = String(status || '').trim();
+    return normalized || 'blocked';
 }
-async function getConnectorPickerHealth(configPath, onProgress = () => { }) {
+async function readActiveConnectorIncidents(configPath) {
+    const statePath = deriveStatePathFromConfigPath(configPath);
+    const state = await readJsonIfPresent(statePath).catch(() => null);
+    const healthState = state?.connectorHealth;
+    if (!healthState ||
+        healthState.lastStatusOk !== false ||
+        !healthState.activeIncidentFingerprint) {
+        return {};
+    }
+    const alertJsonPath = healthState.lastAlertJsonPath
+        ? path.resolve(String(healthState.lastAlertJsonPath))
+        : path.resolve(path.dirname(statePath), 'runtime/connector-health/latest.json');
+    const alertJson = await readJsonIfPresent(alertJsonPath).catch(() => null);
+    const unhealthyConnectors = Array.isArray(alertJson?.unhealthyConnectors)
+        ? alertJson.unhealthyConnectors
+        : [];
+    const incidents = {};
+    for (const entry of unhealthyConnectors) {
+        const key = connectorKeyFromRunnerHealthKey(entry?.key);
+        if (!key)
+            continue;
+        incidents[key] = {
+            ...entry,
+            status: activeIncidentStatusLabel(entry?.status),
+            detail: String(entry?.detail || 'Runner still has an active connector-health incident').trim(),
+            activeRunnerIncident: true,
+            activeIncidentFingerprint: healthState.activeIncidentFingerprint,
+            lastCheckedAt: healthState.lastCheckedAt || null,
+        };
+    }
+    return incidents;
+}
+function mergeActiveConnectorIncidents(healthByConnector, activeIncidents) {
+    if (!activeIncidents || Object.keys(activeIncidents).length === 0) {
+        return healthByConnector;
+    }
+    return Object.fromEntries(CONNECTOR_KEYS.map((key) => {
+        const liveHealth = getConnectorHealth(key, healthByConnector);
+        const incident = activeIncidents[key];
+        if (!incident)
+            return [key, liveHealth];
+        if (liveHealth.status === 'connected') {
+            return [
+                key,
+                {
+                    ...liveHealth,
+                    status: 'partial',
+                    detail: `Live wizard check passed, but the runner still has an active ${incident.status} incident; run the connector health job once to record recovery.`,
+                    activeRunnerIncident: true,
+                    activeIncidentFingerprint: incident.activeIncidentFingerprint,
+                    lastCheckedAt: incident.lastCheckedAt,
+                },
+            ];
+        }
+        return [
+            key,
+            {
+                ...liveHealth,
+                ...incident,
+                status: incident.status || liveHealth.status || 'blocked',
+                detail: incident.detail || liveHealth.detail,
+            },
+        ];
+    }));
+}
+async function getConnectorPickerHealth(configPath, onProgress = () => { }, onlyConnectors = []) {
+    const activeIncidents = await readActiveConnectorIncidents(configPath);
     if (!(await fileExists(configPath))) {
-        return Object.fromEntries(CONNECTOR_KEYS.map((key) => [
+        const fallbackHealth = Object.fromEntries(CONNECTOR_KEYS.map((key) => [
             key,
             {
                 status: isConnectorLocallyConfigured(key) ? 'unknown' : 'not_connected',
@@ -1602,8 +1738,14 @@ async function getConnectorPickerHealth(configPath, onProgress = () => { }) {
                     : '',
             },
         ]));
+        return mergeActiveConnectorIncidents(fallbackHealth, activeIncidents);
     }
-    const result = await runCommandCaptureWithProgress(`${nodeRuntimeScriptCommand('openclaw-growth-status.mjs')} --config ${quote(configPath)} --json --progress-json`, onProgress);
+    if (onlyConnectors.length === 0) {
+        const fallbackHealth = Object.fromEntries(CONNECTOR_KEYS.map((key) => [key, getConnectorHealth(key, {})]));
+        return mergeActiveConnectorIncidents(fallbackHealth, activeIncidents);
+    }
+    const onlyArg = ` --only-connectors ${quote(orderConnectors(onlyConnectors).join(','))}`;
+    const result = await runCommandCaptureWithProgress(`${nodeRuntimeScriptCommand('openclaw-growth-status.mjs')} --config ${quote(configPath)} --json --progress-json${onlyArg}`, onProgress);
     const payload = parseJsonFromStdout(result.stdout);
     const connectors = payload?.connectors && typeof payload.connectors === 'object' ? payload.connectors : {};
     const healthByConnector = {
@@ -1616,7 +1758,8 @@ async function getConnectorPickerHealth(configPath, onProgress = () => { }) {
         coolify: connectors.coolify,
         asc: connectors.appStoreConnect,
     };
-    return Object.fromEntries(CONNECTOR_KEYS.map((key) => [key, getConnectorHealth(key, healthByConnector)]));
+    const liveHealth = Object.fromEntries(CONNECTOR_KEYS.map((key) => [key, getConnectorHealth(key, healthByConnector)]));
+    return mergeActiveConnectorIncidents(liveHealth, activeIncidents);
 }
 function renderConnectorPicker(cursorIndex, selected, required, healthByConnector = {}, warning = '', copy = {}) {
     process.stdout.write('\x1b[2J\x1b[H');
@@ -1637,11 +1780,9 @@ function renderConnectorPicker(cursorIndex, selected, required, healthByConnecto
             const label = `${connector.label}${suffix}`;
             const title = active ? `${ANSI.bold}${label}${ANSI.reset}` : label;
             process.stdout.write(`${pointer} ${box} ${title}\n`);
-            writeWrapped(connector.summary, '    ');
-            writeWrapped(formatConnectorHealthText(connector.key, healthByConnector), '    ', ANSI.dim);
-            process.stdout.write('\n');
             index += 1;
         }
+        process.stdout.write('\n');
     }
     if (warning) {
         process.stdout.write(`${ANSI.bold}${warning}${ANSI.reset}\n\n`);
@@ -1657,9 +1798,7 @@ async function askConnectorSelectionByKeys(healthByConnector = {}, initialSelect
     let cursorIndex = 0;
     const required = copy.mode === 'input' ? new Set() : getRequiredConnectorKeys();
     const initial = new Set(initialSelected);
-    const selected = new Set(CONNECTOR_KEYS.filter((key) => required.has(key) ||
-        initial.has(key) ||
-        (copy.mode !== 'input' && !isConnectorLocallyConfigured(key))));
+    const selected = new Set(CONNECTOR_KEYS.filter((key) => required.has(key) || initial.has(key)));
     let warning = '';
     return await new Promise((resolve, reject) => {
         const displayItems = () => connectorPickerDisplayItems(healthByConnector);
@@ -2020,7 +2159,7 @@ function summarizeFailureFix(connector, blockers) {
         return 'Paste a RevenueCat v2 secret API key with read-only project permissions, then rerun setup.';
     }
     if (connector === 'paddle') {
-        return 'Paste a Paddle API key with metrics.read permission for the live account, then rerun setup.';
+        return 'Paste a live Paddle API key from Developer Tools > Authentication v2 with metrics.read permission, then rerun setup.';
     }
     if (connector === 'seo') {
         return 'Configure Search Console read access. Leave GSC_SITE_URL empty to scan all verified properties in the account, or set it only when you intentionally want one property.';
@@ -2099,12 +2238,20 @@ function payloadHasConnectorFailures(payload, connector) {
     const blockers = Array.isArray(payload?.blockers) ? payload.blockers : [];
     return blockers.some((blocker) => !isDeferredGitHubFailure(blocker) && connectorForBlocker(blocker) === connector);
 }
+function payloadOtherConnectorFailures(payload, connector) {
+    const blockers = Array.isArray(payload?.blockers) ? payload.blockers : [];
+    return blockers.filter((blocker) => {
+        if (isDeferredGitHubFailure(blocker))
+            return false;
+        const blockerConnector = connectorForBlocker(blocker);
+        return blockerConnector !== connector && blockerConnector !== 'setup';
+    });
+}
 async function askListSelection(rl, label, entries, options = {}) {
     const includeManual = Boolean(options.includeManual);
     const includeDefer = Boolean(options.includeDefer);
     entries.forEach((entry, index) => {
-        const description = entry.description ? ` - ${entry.description}` : '';
-        process.stdout.write(`  ${index + 1}) ${entry.label}${description}\n`);
+        process.stdout.write(`  ${index + 1}) ${entry.label}\n`);
     });
     const manualIndex = includeManual ? entries.length + 1 : null;
     const deferIndex = includeDefer ? entries.length + (includeManual ? 2 : 1) : null;
@@ -2154,6 +2301,8 @@ function printSetupSuccess(payload) {
 }
 function connectorFromCheckName(name) {
     const value = String(name || '');
+    if (value.includes('asc') || value.includes('ASC_') || /App Store Connect|app-store-connect|app_store_connect|Analytics Report Request/i.test(value))
+        return 'asc';
     if (value.includes('analytics') || value.includes('ANALYTICSCLI'))
         return 'analytics';
     if (value.includes('github') || value.includes('GITHUB'))
@@ -2168,8 +2317,6 @@ function connectorFromCheckName(name) {
         return 'sentry';
     if (value.includes('coolify') || value.includes('COOLIFY'))
         return 'coolify';
-    if (value.includes('asc') || value.includes('ASC_'))
-        return 'asc';
     for (const key of ACCOUNT_SIGNAL_CONNECTOR_KEYS) {
         const definition = getAccountSignalConnectorDefinition(key);
         const envMatch = definition?.credentials.some((credential) => value.includes(credential.env));
@@ -2388,10 +2535,13 @@ async function saveSecretsImmediately(secrets) {
     process.stdout.write(`Saved local secrets to ${secretsFile} with chmod 600.\n`);
     return true;
 }
-async function runImmediateConnectorHealthCheck({ rl, configPath, connector, secrets, sentryAccounts = [], }) {
+async function runImmediateConnectorHealthCheck({ rl, configPath, connector, secrets, sentryAccounts = [], paddleAccounts = [], }) {
     if (connector === 'sentry' && sentryAccounts.length > 0) {
         await upsertSentryAccountsConfig(configPath, sentryAccounts);
     }
+    if (connector === 'paddle' && paddleAccounts.length > 0) {
+        await upsertPaddleAccountsConfig(configPath, paddleAccounts);
+    }
     await saveSecretsImmediately(secrets);
     const env = {
         ...process.env,
@@ -2409,6 +2559,17 @@ async function runImmediateConnectorHealthCheck({ rl, configPath, connector, sec
         const retry = await askYesNo(rl, `Re-enter ${connectorLabel(connector)} configuration now?`, true);
         return { ok: false, retry, result, payload };
     }
+    const otherConnectorBlockers = payloadOtherConnectorFailures(payload, connector);
+    if (otherConnectorBlockers.length > 0) {
+        process.stdout.write(`\n${connectorLabel(connector)} immediate health check passed, but another configured connector needs attention.\n`);
+        printConciseSetupBlockers({
+            ...payload,
+            blockers: otherConnectorBlockers,
+        }, command, {
+            hideRerunWhenClean: true,
+        });
+        return { ok: false, retry: false, result, payload };
+    }
     process.stdout.write(`\n${connectorLabel(connector)} immediate health check passed or is only waiting on optional/deferred context.\n`);
     return { ok: true, retry: false, result, payload };
 }
@@ -3059,6 +3220,71 @@ async function verifySentryAccountsConfig(configPath, expectedAccounts) {
     }
     return { ok: true, detail: `${realAccounts.length} active Sentry-compatible account(s) configured` };
 }
+async function upsertPaddleAccountsConfig(configPath, accounts) {
+    if (!accounts.length || !(await fileExists(configPath)))
+        return false;
+    const config = await readJsonFile(configPath);
+    const existingAccounts = Array.isArray(config?.sources?.paddle?.accounts)
+        ? config.sources.paddle.accounts
+        : [];
+    const merged = new Map();
+    for (const account of existingAccounts) {
+        const id = String(account?.id || account?.key || account?.label || '').trim();
+        if (id)
+            merged.set(id, account);
+    }
+    for (const account of accounts) {
+        merged.set(account.id, {
+            ...(merged.get(account.id) || {}),
+            ...account,
+        });
+    }
+    const tokenEnv = accounts[0]?.tokenEnv || config?.sources?.paddle?.tokenEnv || config?.secrets?.paddleTokenEnv || 'PADDLE_API_KEY';
+    config.sources = {
+        ...(config.sources || {}),
+        paddle: {
+            ...(config.sources?.paddle || {}),
+            enabled: true,
+            mode: 'command',
+            command: normalizeWizardSourceCommand('paddle', config.sources?.paddle || {}, configPath),
+            environment: config.sources?.paddle?.environment || 'live',
+            tokenEnv,
+            accounts: [...merged.values()],
+        },
+    };
+    config.secrets = {
+        ...(config.secrets || {}),
+        paddleTokenEnv: tokenEnv,
+        paddleTokenRef: { source: 'env', provider: 'default', id: tokenEnv },
+    };
+    await writeJsonFile(configPath, config);
+    return true;
+}
+async function verifyPaddleAccountsConfig(configPath, expectedAccounts) {
+    if (!(await fileExists(configPath))) {
+        return { ok: false, detail: `${configPath} does not exist` };
+    }
+    const config = await readJsonFile(configPath);
+    const source = config?.sources?.paddle;
+    if (!source || source.enabled !== true) {
+        return { ok: false, detail: 'sources.paddle.enabled is not true' };
+    }
+    if (source.mode !== 'command') {
+        return { ok: false, detail: 'sources.paddle.mode is not command' };
+    }
+    const configuredAccounts = Array.isArray(source.accounts) ? source.accounts : [];
+    if (configuredAccounts.length === 0) {
+        return { ok: false, detail: 'sources.paddle.accounts contains no account' };
+    }
+    const configuredIds = new Set(configuredAccounts.map((account) => String(account?.id || account?.key || '').trim()).filter(Boolean));
+    const missingIds = expectedAccounts
+        .map((account) => String(account?.id || '').trim())
+        .filter((id) => id && !configuredIds.has(id));
+    if (missingIds.length > 0) {
+        return { ok: false, detail: `sources.paddle.accounts is missing configured account id(s): ${missingIds.join(', ')}` };
+    }
+    return { ok: true, detail: `${configuredAccounts.length} Paddle account(s) configured` };
+}
 async function upsertCoolifyConfig(configPath, { baseUrl, tokenEnv = 'COOLIFY_API_TOKEN' }) {
     if (!(await fileExists(configPath)))
         return false;
@@ -3356,21 +3582,57 @@ async function guideRevenueCatConnector(rl, secrets) {
     if (apiKey)
         secrets.REVENUECAT_API_KEY = apiKey;
 }
+function paddleAccountIdFromLabel(label, index) {
+    const normalized = String(label || '')
+        .trim()
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '_')
+        .replace(/^_+|_+$/g, '');
+    return normalized || `paddle_${index + 1}`;
+}
+function paddleTokenEnvForAccount(index, label) {
+    if (index === 0)
+        return 'PADDLE_API_KEY';
+    const suffix = paddleAccountIdFromLabel(label, index).toUpperCase().replace(/[^A-Z0-9]+/g, '_');
+    const base = suffix && suffix !== `PADDLE_${index + 1}` ? `PADDLE_API_KEY_${suffix}` : `PADDLE_API_KEY_${index + 1}`;
+    return base.replace(/_+/g, '_');
+}
 async function guidePaddleConnector(rl, secrets) {
     printSection('Paddle Billing metrics', [
         'Use this when OpenClaw should read web checkout, revenue, MRR, refunds, chargebacks, and active subscriber metrics.',
     ]);
-    process.stdout.write('\nCreate or update a Paddle API key here:\n  https://vendors.paddle.com/authentication\n\n');
+    process.stdout.write('\nCreate or update a scoped Paddle API key here:\n  https://vendors.paddle.com/authentication-v2\n\n');
     printBullets([
         'Open Paddle > Developer Tools > Authentication.',
-        'Create a new API key for the live account when you want production revenue evidence.',
-        'Grant `metrics.read`. Keep write permissions off unless another workflow explicitly needs them.',
+        'Use the API keys tab and create a new live API key.',
+        'Minimum: grant `metrics.read` so account-level revenue, MRR, refunds, chargebacks, subscribers, and checkout conversion work.',
+        'Recommended for better Growth Engineer analysis: grant all available read-only permissions (`*.read`), including products, prices, discounts, customers, transactions, subscriptions, adjustments, reports, and notifications.',
+        'Do not grant any write permissions (`*.write`) unless another workflow explicitly needs them.',
         'Do not select or hard-code a single product in the wizard; the Growth Engineer should keep account-level metrics context.',
         'Paste the key here so it is stored only in the local chmod 600 secrets file.',
     ]);
-    const apiKey = await maybePromptSecret(rl, 'Paste PADDLE_API_KEY into this local terminal', 'PADDLE_API_KEY');
-    if (apiKey)
-        secrets.PADDLE_API_KEY = apiKey;
+    const accounts = [];
+    let index = 0;
+    while (true) {
+        const label = await ask(rl, index === 0 ? 'Paddle account label' : 'Next Paddle account label (empty = done)', index === 0 ? 'Paddle' : '');
+        if (!label.trim())
+            break;
+        const tokenEnv = paddleTokenEnvForAccount(index, label);
+        const apiKey = await maybePromptSecret(rl, `Paste ${tokenEnv} into this local terminal`, tokenEnv);
+        if (apiKey)
+            secrets[tokenEnv] = apiKey;
+        accounts.push({
+            id: paddleAccountIdFromLabel(label, index),
+            label: label.trim(),
+            tokenEnv,
+            environment: 'live',
+        });
+        index += 1;
+        const addAnother = await askYesNo(rl, 'Add another Paddle account?', false);
+        if (!addAnother)
+            break;
+    }
+    return accounts;
 }
 async function guideSeoConnector(rl, secrets) {
     printSection('SEO / Google Search Console / DataForSEO', [
@@ -3402,10 +3664,15 @@ async function guideSeoConnector(rl, secrets) {
             secrets.DATAFORSEO_PASSWORD = password;
     }
 }
-function buildAccountSignalExtraSourceConfig(key, existing = {}) {
+function buildAccountSignalExtraSourceConfig(key, existing = {}, accounts = []) {
     const definition = getAccountSignalConnectorDefinition(key);
     if (!definition)
         return existing;
+    const accountConfig = accounts.length > 0
+        ? {
+            accounts: mergeConnectorAccounts(existing.accounts, accounts),
+        }
+        : {};
     return {
         ...buildExtraSourceConfig(definition.service, {
             key: definition.key,
@@ -3429,9 +3696,28 @@ function buildAccountSignalExtraSourceConfig(key, existing = {}) {
         signalKind: definition.sourceKind,
         experimental: Boolean(definition.experimental),
         hint: existing.hint || definition.signalHint,
+        ...accountConfig,
     };
 }
-async function upsertAccountSignalConnectorConfig(configPath, key) {
+function mergeConnectorAccounts(existingAccounts, nextAccounts) {
+    const merged = new Map();
+    for (const account of Array.isArray(existingAccounts) ? existingAccounts : []) {
+        const id = String(account?.id || account?.key || account?.label || '').trim();
+        if (id)
+            merged.set(id, account);
+    }
+    for (const account of nextAccounts) {
+        const id = String(account?.id || account?.key || account?.label || '').trim();
+        if (!id)
+            continue;
+        merged.set(id, {
+            ...(merged.get(id) || {}),
+            ...account,
+        });
+    }
+    return [...merged.values()];
+}
+async function upsertAccountSignalConnectorConfig(configPath, key, accounts = []) {
     const definition = getAccountSignalConnectorDefinition(key);
     if (!definition)
         return false;
@@ -3440,7 +3726,7 @@ async function upsertAccountSignalConnectorConfig(configPath, key) {
     const extra = Array.isArray(sources.extra) ? sources.extra : [];
     const nextExtra = extra.filter((source) => String(source?.key || source?.service || '') !== definition.key);
     const existing = extra.find((source) => String(source?.key || source?.service || '') === definition.key) || {};
-    nextExtra.push(buildAccountSignalExtraSourceConfig(key, existing));
+    nextExtra.push(buildAccountSignalExtraSourceConfig(key, existing, accounts));
     config.sources = {
         ...sources,
         extra: nextExtra,
@@ -3448,28 +3734,58 @@ async function upsertAccountSignalConnectorConfig(configPath, key) {
     await writeJsonFile(configPath, config);
     return true;
 }
+function accountSignalTokenEnvForAccount(baseEnv, key, index, label) {
+    if (index === 0)
+        return baseEnv;
+    const suffix = toConfigId(label || key, `${key}_${index + 1}`).toUpperCase().replace(/[^A-Z0-9]+/g, '_');
+    return `${baseEnv}_${suffix}`.replace(/_+/g, '_');
+}
 async function guideAccountSignalConnector(rl, secrets, key) {
     const definition = getAccountSignalConnectorDefinition(key);
     if (!definition)
-        return;
+        return [];
     printSection(definition.label, [
         definition.summary,
         'Setup is account-wide. Do not paste project IDs, app IDs, product IDs, package names, paywall IDs, service names, or tags here.',
     ]);
     process.stdout.write(`Docs: ${definition.docsUrl}\n\n`);
     printBullets(definition.steps);
-    for (const credential of definition.credentials) {
-        const defaultValue = credential.defaultValue ?? process.env[credential.env] ?? '';
-        const value = credential.optional
-            ? await maybePromptSecret(rl, credential.prompt, credential.env)
-            : await maybePromptSecret(rl, credential.prompt, credential.env);
-        const finalValue = value || defaultValue;
-        if (finalValue)
-            secrets[credential.env] = finalValue;
-        else if (!credential.optional) {
-            process.stdout.write(`${credential.env} was not saved. ${definition.label} setup remains pending; rerun this wizard when ready.\n`);
+    const accounts = [];
+    let index = 0;
+    while (true) {
+        const label = await ask(rl, index === 0 ? `${definition.label} account label` : `Next ${definition.label} account label (empty = done)`, index === 0 ? definition.label.replace(/\s+\(experimental\)$/i, '') : '');
+        if (!label.trim())
+            break;
+        const credentialEnvs = {};
+        for (const credential of definition.credentials) {
+            const envName = accountSignalTokenEnvForAccount(credential.env, key, index, label);
+            const defaultValue = index === 0 ? credential.defaultValue ?? process.env[credential.env] ?? '' : '';
+            const prompt = envName === credential.env ? credential.prompt : `${credential.prompt.replace(credential.env, envName)}`;
+            const value = credential.optional
+                ? await maybePromptSecret(rl, prompt, envName)
+                : await maybePromptSecret(rl, prompt, envName);
+            const finalValue = value || defaultValue;
+            credentialEnvs[credential.env] = envName;
+            if (finalValue)
+                secrets[envName] = finalValue;
+            else if (!credential.optional) {
+                process.stdout.write(`${envName} was not saved. ${definition.label} setup remains pending for ${label}; rerun this wizard when ready.\n`);
+            }
         }
+        accounts.push({
+            id: toConfigId(label, `${key}_${index + 1}`),
+            label: label.trim(),
+            credentialEnvs,
+            tokenEnv: credentialEnvs[definition.credentials[0]?.env] || definition.credentials[0]?.env || null,
+            accountWide: true,
+            projectScope: 'discover_from_account',
+        });
+        index += 1;
+        const addAnother = await askYesNo(rl, `Add another ${definition.label} account?`, false);
+        if (!addAnother)
+            break;
     }
+    return accounts;
 }
 async function guideSentryConnector(rl, secrets) {
     printSection('Sentry / GlitchTip', [
@@ -3694,6 +4010,23 @@ async function filesHaveSameContent(leftPath, rightPath) {
         return false;
     }
 }
+function getSelfUpdateSkillCandidates(workspaceRoot) {
+    const explicit = String(process.env.OPENCLAW_GROWTH_SKILL_SLUG || '').trim();
+    const uniqueSlugs = [...new Set([explicit, ...SELF_UPDATE_SKILL_SLUG_CANDIDATES].filter(Boolean))];
+    return uniqueSlugs.map((slug) => {
+        const skillRoot = path.join(workspaceRoot, 'skills', slug);
+        return {
+            slug,
+            skillRoot,
+            originPath: path.join(skillRoot, '.clawhub/origin.json'),
+            wizardPath: path.join(skillRoot, 'scripts/openclaw-growth-wizard.mjs'),
+            bootstrapPath: path.join(skillRoot, 'scripts/bootstrap-openclaw-workspace.sh'),
+        };
+    });
+}
+function resolveInstalledSelfUpdateSkill(workspaceRoot) {
+    return getSelfUpdateSkillCandidates(workspaceRoot).find((candidate) => existsSync(candidate.originPath)) || null;
+}
 async function maybeSelfUpdateFromClawHub(args) {
     if (args.noSelfUpdate)
         return false;
@@ -3704,26 +4037,27 @@ async function maybeSelfUpdateFromClawHub(args) {
     if (isFalseyEnv(process.env.OPENCLAW_GROWTH_SELF_UPDATE))
         return false;
     const workspaceRoot = process.cwd();
-    const skillOriginPath = path.join(workspaceRoot, 'skills/openclaw-growth-engineer/.clawhub/origin.json');
-    if (!(await fileExists(skillOriginPath)))
+    const installedSkill = resolveInstalledSelfUpdateSkill(workspaceRoot);
+    if (!installedSkill)
         return false;
     if (!(await commandExists('npx')))
         return false;
-    const force = String(process.env.OPENCLAW_GROWTH_SELF_UPDATE || '').trim().toLowerCase() === 'always';
+    const force = args.connectorWizard || String(process.env.OPENCLAW_GROWTH_SELF_UPDATE || '').trim().toLowerCase() === 'always';
     if (!(await shouldRunSelfUpdate(workspaceRoot, force)))
         return false;
-    const beforeOrigin = await readJsonIfPresent(skillOriginPath).catch(() => null);
+    const beforeOrigin = await readJsonIfPresent(installedSkill.originPath).catch(() => null);
     const beforeVersion = String(beforeOrigin?.installedVersion || '');
-    process.stdout.write('Checking for OpenClaw Growth Engineer skill updates...\n');
-    const updateResult = await runCommandCaptureWithTimeout('npx -y clawhub --no-input --dir skills update openclaw-growth-engineer --force', { timeoutMs: 120_000 });
-    const afterOrigin = await readJsonIfPresent(skillOriginPath).catch(() => null);
+    process.stdout.write(`Checking for Growth Engineer skill updates (${installedSkill.slug})...\n`);
+    const updateResult = await runCommandCaptureWithTimeout(`npx -y clawhub --no-input --dir skills update ${quote(installedSkill.slug)} --force`, { timeoutMs: 120_000 });
+    const afterOrigin = await readJsonIfPresent(installedSkill.originPath).catch(() => null);
     const afterVersion = String(afterOrigin?.installedVersion || beforeVersion || '');
     const workspaceWizardPath = path.resolve(process.argv[1] || 'scripts/openclaw-growth-wizard.mjs');
-    const skillWizardPath = path.join(workspaceRoot, 'skills/openclaw-growth-engineer/scripts/openclaw-growth-wizard.mjs');
-    const runtimeOutdated = !(await filesHaveSameContent(workspaceWizardPath, skillWizardPath));
+    const runtimeOutdated = !(await filesHaveSameContent(workspaceWizardPath, installedSkill.wizardPath));
     await writeSelfUpdateState(workspaceRoot, {
         lastCheckedAt: new Date().toISOString(),
         ok: updateResult.ok,
+        skillSlug: installedSkill.slug,
+        skillRoot: installedSkill.skillRoot,
         previousVersion: beforeVersion || null,
         installedVersion: afterVersion || null,
     }).catch(() => { });
@@ -3741,7 +4075,7 @@ async function maybeSelfUpdateFromClawHub(args) {
     else {
         process.stdout.write('Refreshing workspace runtime from the installed OpenClaw Growth Engineer skill...\n');
     }
-    const bootstrapResult = await runCommandCaptureWithTimeout('bash skills/openclaw-growth-engineer/scripts/bootstrap-openclaw-workspace.sh', { timeoutMs: 60_000 });
+    const bootstrapResult = await runCommandCaptureWithTimeout(`bash ${quote(installedSkill.bootstrapPath)}`, { timeoutMs: 60_000 });
     if (!bootstrapResult.ok) {
         process.stdout.write(`${ANSI.dim}Workspace runtime refresh failed; continuing with current process.${ANSI.reset}\n`);
         return false;
@@ -3760,6 +4094,7 @@ async function runConnectorSetupSteps({ rl, args, selected, healthByConnector, a
     process.stdout.write('\n');
     const secrets = {};
     let sentryAccounts = [];
+    let paddleAccounts = [];
     let coolifyConfig = null;
     if (selected.includes('analytics')) {
         let forceFreshAnalyticsToken = shouldForceFreshAnalyticsToken(healthByConnector);
@@ -3808,12 +4143,13 @@ async function runConnectorSetupSteps({ rl, args, selected, healthByConnector, a
     if (selected.includes('paddle')) {
         while (true) {
             clearTerminal();
-            await guidePaddleConnector(rl, secrets);
+            paddleAccounts = await guidePaddleConnector(rl, secrets);
             const check = await runImmediateConnectorHealthCheck({
                 rl,
                 configPath: args.config,
                 connector: 'paddle',
                 secrets,
+                paddleAccounts,
             });
             if (!check.retry)
                 break;
@@ -3882,8 +4218,8 @@ async function runConnectorSetupSteps({ rl, args, selected, healthByConnector, a
     for (const connector of selected.filter(isAccountSignalConnector)) {
         while (true) {
             clearTerminal();
-            await guideAccountSignalConnector(rl, secrets, connector);
-            await upsertAccountSignalConnectorConfig(args.config, connector);
+            const accountSignalAccounts = await guideAccountSignalConnector(rl, secrets, connector);
+            await upsertAccountSignalConnectorConfig(args.config, connector, accountSignalAccounts);
             const check = await runImmediateConnectorHealthCheck({
                 rl,
                 configPath: args.config,
@@ -3910,6 +4246,12 @@ async function runConnectorSetupSteps({ rl, args, selected, healthByConnector, a
             process.stdout.write(`Configured ${sentryAccounts.length} Sentry-compatible account(s) in ${args.config}.\n`);
         }
     }
+    if (paddleAccounts.length > 0 && await upsertPaddleAccountsConfig(args.config, paddleAccounts)) {
+        const readiness = await verifyPaddleAccountsConfig(args.config, paddleAccounts);
+        if (readiness.ok) {
+            process.stdout.write(`Configured ${paddleAccounts.length} Paddle account(s) in ${args.config}.\n`);
+        }
+    }
     if (coolifyConfig?.baseUrl && await upsertCoolifyConfig(args.config, coolifyConfig)) {
         process.stdout.write(`Configured Coolify monitoring for ${coolifyConfig.baseUrl} in ${args.config}.\n`);
     }
@@ -3934,6 +4276,19 @@ async function runConnectorSetupSteps({ rl, args, selected, healthByConnector, a
             });
         }
     }
+    if (paddleAccounts.length > 0 && await upsertPaddleAccountsConfig(args.config, paddleAccounts)) {
+        const readiness = await verifyPaddleAccountsConfig(args.config, paddleAccounts);
+        if (readiness.ok) {
+            process.stdout.write(`Paddle account config is up to date in ${args.config}.\n`);
+        }
+        else {
+            postSetupBlockers.push({
+                check: 'connection:paddle',
+                detail: readiness.detail,
+                remediation: 'Rerun Paddle setup so the active config persists sources.paddle.enabled=true and sources.paddle.accounts[].',
+            });
+        }
+    }
     if (coolifyConfig?.baseUrl && await upsertCoolifyConfig(args.config, coolifyConfig)) {
         process.stdout.write(`Coolify config is up to date in ${args.config}.\n`);
     }
@@ -3976,7 +4331,8 @@ async function runConnectorSetupWizard(args) {
         clearTerminal();
         printConnectorIntro();
         await migrateRuntimeSourceCommandsFile(args.config);
-        const healthByConnector = await withConnectorHealthLoading((onProgress) => getConnectorPickerHealth(args.config, onProgress));
+        const healthCheckConnectors = await connectorKeysForHealthCheck(args.config);
+        const healthByConnector = await withConnectorHealthLoading((onProgress) => getConnectorPickerHealth(args.config, onProgress, healthCheckConnectors), healthCheckConnectors);
         const existingFixes = connectorKeysNeedingAttention(healthByConnector);
         const requestedConnectors = args.connectors ? parseConnectorList(args.connectors) : [];
         const chosenConnectors = requestedConnectors.length > 0
@@ -4900,7 +5256,8 @@ async function askInputSourceConfig(rl, config, configPath) {
     config = migrateRuntimeSourceCommands(config, configPath);
     await ensureDirForFile(configPath);
     await writeJsonFile(configPath, config);
-    const healthByConnector = await withConnectorHealthLoading((onProgress) => getConnectorPickerHealth(configPath, onProgress));
+    const healthCheckConnectors = await connectorKeysForHealthCheck(configPath);
+    const healthByConnector = await withConnectorHealthLoading((onProgress) => getConnectorPickerHealth(configPath, onProgress, healthCheckConnectors), healthCheckConnectors);
     const selected = await askConnectorSelectionWithHealth(rl, healthByConnector, getInputChannelInitialSelection(config), {
         introTitle: 'Input channels',
         introDetail: null,