@botcord/daemon 0.2.55 → 0.2.57

package/dist/daemon.js

@@ -18,6 +18,7 @@ import { composeBotCordUserTurn } from "./turn-text.js";
 import { UserAuthManager } from "./user-auth.js";
 import { PolicyResolver } from "./gateway/policy-resolver.js";
 import { scanMention } from "./mention-scan.js";
+import { createDiagnosticBundle, uploadDiagnosticBundle } from "./diagnostics.js";
 /**
  * Default hard cap for a single runtime turn. Long-running coding/research
  * tasks routinely exceed 10 minutes, so daemon-hosted agents get a larger
@@ -401,7 +402,30 @@ export async function startDaemon(opts) {
         const provisioner = createProvisioner({ gateway, policyResolver, onAgentInstalled });
         controlChannel = new ControlChannel({
             auth: userAuth,
-            handle: provisioner,
+            handle: async (frame) => {
+                if (frame.type === "collect_diagnostics") {
+                    logger.info("diagnostics: collect requested", { frameId: frame.id });
+                    const bundle = await createDiagnosticBundle();
+                    const upload = await uploadDiagnosticBundle({ auth: userAuth, bundle });
+                    logger.info("diagnostics: uploaded", {
+                        frameId: frame.id,
+                        bundleId: upload.bundleId,
+                        sizeBytes: upload.sizeBytes,
+                        localPath: bundle.path,
+                    });
+                    return {
+                        ok: true,
+                        result: {
+                            bundle_id: upload.bundleId,
+                            filename: upload.filename,
+                            size_bytes: upload.sizeBytes,
+                            expires_at: upload.expiresAt ?? null,
+                            local_path: bundle.path,
+                        },
+                    };
+                }
+                return provisioner(frame);
+            },
         });
         try {
             await controlChannel.start();

package/dist/diagnostics.d.ts

@@ -0,0 +1,30 @@
+import { type UserAuthManager } from "./user-auth.js";
+declare const DIAGNOSTICS_DIR: string;
+export interface CreateDiagnosticBundleOptions {
+    diagnosticsDir?: string;
+    logFile?: string;
+    configFile?: string;
+    snapshotFile?: string;
+    doctor?: {
+        text: string;
+        json: unknown;
+    };
+}
+export interface DiagnosticBundleResult {
+    path: string;
+    filename: string;
+    sizeBytes: number;
+    createdAt: string;
+}
+export interface DiagnosticUploadResult {
+    bundleId: string;
+    filename: string;
+    sizeBytes: number;
+    expiresAt?: string;
+}
+export declare function createDiagnosticBundle(opts?: CreateDiagnosticBundleOptions): Promise<DiagnosticBundleResult>;
+export declare function uploadDiagnosticBundle(opts: {
+    auth: UserAuthManager;
+    bundle: DiagnosticBundleResult;
+}): Promise<DiagnosticUploadResult>;
+export { DIAGNOSTICS_DIR };

package/dist/diagnostics.js

@@ -0,0 +1,286 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir, hostname, platform, release, arch } from "node:os";
+import path from "node:path";
+import { Buffer } from "node:buffer";
+import { deflateRawSync } from "node:zlib";
+import { AUTH_EXPIRED_FLAG_PATH, USER_AUTH_PATH, } from "./user-auth.js";
+import { CONFIG_FILE_PATH, PID_PATH, SNAPSHOT_PATH, loadConfig, } from "./config.js";
+import { LOG_FILE_PATH } from "./log.js";
+import { channelsFromDaemonConfig, defaultHttpFetcher, renderDoctor, runDoctor, } from "./doctor.js";
+import { detectRuntimes } from "./adapters/runtimes.js";
+const DIAGNOSTICS_DIR = path.join(homedir(), ".botcord", "diagnostics");
+const MAX_UPLOAD_BYTES = 50 * 1024 * 1024;
+const SECRET_PATTERNS = [
+    [/(Authorization:\s*Bearer\s+)[^\s"']+/gi, "$1[REDACTED]"],
+    [/("?(?:accessToken|access_token|refreshToken|refresh_token|token|privateKey|private_key|secret)"?\s*:\s*")[^"]+(")/gi, "$1[REDACTED]$2"],
+    [/(drt_)[A-Za-z0-9_-]+/g, "$1[REDACTED]"],
+    [/(dit_)[A-Za-z0-9_-]+/g, "$1[REDACTED]"],
+    [/([?&](?:token|access_token|refresh_token|install_token)=)[^&\s"']+/gi, "$1[REDACTED]"],
+];
+function redact(input) {
+    let out = input;
+    for (const [pattern, replacement] of SECRET_PATTERNS) {
+        out = out.replace(pattern, replacement);
+    }
+    return out;
+}
+function safeReadText(file) {
+    if (!existsSync(file))
+        return null;
+    try {
+        return redact(readFileSync(file, "utf8"));
+    }
+    catch (err) {
+        return `read failed: ${err instanceof Error ? err.message : String(err)}\n`;
+    }
+}
+function readUserAuthSummary() {
+    const raw = safeReadText(USER_AUTH_PATH);
+    if (!raw)
+        return null;
+    try {
+        const parsed = JSON.parse(raw);
+        return {
+            userId: typeof parsed.userId === "string" ? parsed.userId : null,
+            daemonInstanceId: typeof parsed.daemonInstanceId === "string" ? parsed.daemonInstanceId : null,
+            hubUrl: typeof parsed.hubUrl === "string" ? parsed.hubUrl : null,
+            expiresAt: typeof parsed.expiresAt === "number" ? parsed.expiresAt : null,
+            loggedInAt: typeof parsed.loggedInAt === "string" ? parsed.loggedInAt : null,
+            label: typeof parsed.label === "string" ? parsed.label : null,
+            authExpiredFlagPresent: existsSync(AUTH_EXPIRED_FLAG_PATH),
+        };
+    }
+    catch (err) {
+        return {
+            error: `user-auth summary failed: ${err instanceof Error ? err.message : String(err)}`,
+            authExpiredFlagPresent: existsSync(AUTH_EXPIRED_FLAG_PATH),
+        };
+    }
+}
+const fsFileReader = {
+    readFile(p) {
+        if (!existsSync(p))
+            return null;
+        try {
+            return readFileSync(p, "utf8");
+        }
+        catch {
+            return null;
+        }
+    },
+};
+async function buildDoctorEntries() {
+    const entries = detectRuntimes();
+    let channels = [];
+    let cfgForEndpoints = null;
+    try {
+        cfgForEndpoints = loadConfig();
+        channels = channelsFromDaemonConfig(cfgForEndpoints);
+    }
+    catch {
+        channels = [];
+    }
+    if (cfgForEndpoints?.openclawGateways && cfgForEndpoints.openclawGateways.length > 0) {
+        const { collectRuntimeSnapshotAsync } = await import("./provision.js");
+        const snap = await collectRuntimeSnapshotAsync({ cfg: cfgForEndpoints });
+        const byId = new Map(snap.runtimes.map((r) => [r.id, r]));
+        for (const e of entries) {
+            const r = byId.get(e.id);
+            if (r?.endpoints)
+                e.endpoints = r.endpoints;
+        }
+    }
+    const input = await runDoctor(entries, channels, {
+        credentialsPath: (accountId) => path.join(homedir(), ".botcord", "credentials", `${accountId}.json`),
+        fileReader: fsFileReader,
+        fetcher: defaultHttpFetcher,
+        timeoutMs: 5_000,
+    });
+    return { text: renderDoctor(input), json: input };
+}
+function crc32(buf) {
+    let crc = 0xffffffff;
+    for (const b of buf) {
+        crc ^= b;
+        for (let i = 0; i < 8; i += 1) {
+            crc = (crc >>> 1) ^ (crc & 1 ? 0xedb88320 : 0);
+        }
+    }
+    return (crc ^ 0xffffffff) >>> 0;
+}
+function dosDateTime(date) {
+    const year = Math.max(1980, date.getFullYear());
+    return {
+        time: (date.getHours() << 11) | (date.getMinutes() << 5) | Math.floor(date.getSeconds() / 2),
+        date: ((year - 1980) << 9) | ((date.getMonth() + 1) << 5) | date.getDate(),
+    };
+}
+function u16(n) {
+    const b = Buffer.alloc(2);
+    b.writeUInt16LE(n & 0xffff, 0);
+    return b;
+}
+function u32(n) {
+    const b = Buffer.alloc(4);
+    b.writeUInt32LE(n >>> 0, 0);
+    return b;
+}
+function createZip(entries) {
+    const localParts = [];
+    const centralParts = [];
+    let offset = 0;
+    const now = new Date();
+    const dt = dosDateTime(now);
+    for (const entry of entries) {
+        const name = Buffer.from(entry.name.replace(/^\/+/, ""), "utf8");
+        const data = Buffer.isBuffer(entry.data)
+            ? entry.data
+            : Buffer.from(entry.data, "utf8");
+        const compressed = deflateRawSync(data, { level: 9 });
+        const crc = crc32(data);
+        const local = Buffer.concat([
+            u32(0x04034b50),
+            u16(20),
+            u16(0),
+            u16(8),
+            u16(dt.time),
+            u16(dt.date),
+            u32(crc),
+            u32(compressed.length),
+            u32(data.length),
+            u16(name.length),
+            u16(0),
+            name,
+            compressed,
+        ]);
+        localParts.push(local);
+        centralParts.push(Buffer.concat([
+            u32(0x02014b50),
+            u16(20),
+            u16(20),
+            u16(0),
+            u16(8),
+            u16(dt.time),
+            u16(dt.date),
+            u32(crc),
+            u32(compressed.length),
+            u32(data.length),
+            u16(name.length),
+            u16(0),
+            u16(0),
+            u16(0),
+            u16(0),
+            u32(0),
+            u32(offset),
+            name,
+        ]));
+        offset += local.length;
+    }
+    const central = Buffer.concat(centralParts);
+    const end = Buffer.concat([
+        u32(0x06054b50),
+        u16(0),
+        u16(0),
+        u16(entries.length),
+        u16(entries.length),
+        u32(central.length),
+        u32(offset),
+        u16(0),
+    ]);
+    return Buffer.concat([...localParts, central, end]);
+}
+export async function createDiagnosticBundle(opts = {}) {
+    const createdAt = new Date();
+    const stamp = createdAt.toISOString().replace(/[:.]/g, "-");
+    const filename = `botcord-daemon-diagnostics-${stamp}.zip`;
+    const diagnosticsDir = opts.diagnosticsDir ?? DIAGNOSTICS_DIR;
+    const logFile = opts.logFile ?? LOG_FILE_PATH;
+    const configFile = opts.configFile ?? CONFIG_FILE_PATH;
+    const snapshotFile = opts.snapshotFile ?? SNAPSHOT_PATH;
+    mkdirSync(diagnosticsDir, { recursive: true, mode: 0o700 });
+    const doctor = opts.doctor ?? await buildDoctorEntries();
+    const status = {
+        createdAt: createdAt.toISOString(),
+        host: hostname(),
+        platform: platform(),
+        release: release(),
+        arch: arch(),
+        node: process.version,
+        pidPath: PID_PATH,
+        pid: process.pid,
+        configPath: configFile,
+        snapshotPath: snapshotFile,
+        logPath: logFile,
+        diagnosticsDir,
+        userAuth: readUserAuthSummary(),
+    };
+    const entries = [
+        { name: "README.txt", data: "BotCord daemon diagnostics bundle. Sensitive tokens are redacted before packaging.\n" },
+        { name: "status.json", data: JSON.stringify(status, null, 2) + "\n" },
+        { name: "doctor.txt", data: doctor.text + "\n" },
+        { name: "doctor.json", data: JSON.stringify(doctor.json, null, 2) + "\n" },
+    ];
+    const log = safeReadText(logFile);
+    entries.push({
+        name: "daemon.log",
+        data: log ?? `no log file at ${logFile}\n`,
+    });
+    const config = safeReadText(configFile);
+    entries.push({
+        name: "config.json.redacted",
+        data: config ?? `no config file at ${configFile}\n`,
+    });
+    const snapshot = safeReadText(snapshotFile);
+    entries.push({
+        name: "snapshot.json",
+        data: snapshot ?? `no snapshot file at ${snapshotFile}\n`,
+    });
+    const zip = createZip(entries);
+    const out = path.join(diagnosticsDir, filename);
+    writeFileSync(out, zip, { mode: 0o600 });
+    return {
+        path: out,
+        filename,
+        sizeBytes: zip.length,
+        createdAt: createdAt.toISOString(),
+    };
+}
+export async function uploadDiagnosticBundle(opts) {
+    const record = opts.auth.current;
+    if (!record)
+        throw new Error("daemon not logged in");
+    const data = readFileSync(opts.bundle.path);
+    if (data.length > MAX_UPLOAD_BYTES) {
+        throw new Error(`diagnostic bundle is too large (${data.length} bytes, max ${MAX_UPLOAD_BYTES})`);
+    }
+    const token = await opts.auth.ensureAccessToken();
+    const url = `${record.hubUrl.replace(/\/+$/, "")}/daemon/diagnostics/upload`;
+    const resp = await fetch(url, {
+        method: "POST",
+        headers: {
+            Authorization: `Bearer ${token}`,
+            "Content-Type": "application/zip",
+            "X-BotCord-Filename": opts.bundle.filename,
+        },
+        body: data,
+    });
+    const json = await resp.json().catch(() => null);
+    if (!resp.ok) {
+        const detail = typeof json?.detail === "string"
+            ? json.detail
+            : typeof json?.error === "string"
+                ? json.error
+                : `HTTP ${resp.status}`;
+        throw new Error(`diagnostic upload failed: ${detail}`);
+    }
+    const bundleId = typeof json?.bundle_id === "string" ? json.bundle_id : null;
+    if (!bundleId)
+        throw new Error("diagnostic upload response missing bundle_id");
+    return {
+        bundleId,
+        filename: typeof json?.filename === "string" ? json.filename : opts.bundle.filename,
+        sizeBytes: typeof json?.size_bytes === "number" ? json.size_bytes : data.length,
+        ...(typeof json?.expires_at === "string" ? { expiresAt: json.expires_at } : {}),
+    };
+}
+export { DIAGNOSTICS_DIR };

package/dist/gateway/gateway.d.ts

@@ -117,4 +117,10 @@ export declare class Gateway {
      * No-op on unknown id.
      */
     removeChannel(id: string, reason?: string): Promise<void>;
+    /**
+     * Inject a daemon-internal inbound message into the normal dispatcher.
+     * Control-plane wakeups use this path so scheduled turns share the same
+     * routing, queueing, transcript, and runtime behavior as channel messages.
+     */
+    injectInbound(message: GatewayInboundMessage): Promise<void>;
 }

package/dist/gateway/gateway.js

@@ -166,4 +166,12 @@ export class Gateway {
         if (idx >= 0)
             this.config.channels.splice(idx, 1);
     }
+    /**
+     * Inject a daemon-internal inbound message into the normal dispatcher.
+     * Control-plane wakeups use this path so scheduled turns share the same
+     * routing, queueing, transcript, and runtime behavior as channel messages.
+     */
+    async injectInbound(message) {
+        await this.dispatcher.handle({ message });
+    }
 }

package/dist/gateway/runtimes/claude-code.js

@@ -18,6 +18,79 @@ function isValidClaudeSessionId(sessionId) {
 function invalidClaudeSessionIdError() {
     return "claude-code: invalid sessionId (expected non-control text not starting with '-')";
 }
+const CLAUDE_FOREIGN_FLAGS_WITH_VALUE = new Set([
+    "--color",
+    "--config",
+    "--disable",
+    "--enable",
+    "--image",
+    "--local-provider",
+    "--output-last-message",
+    "--output-schema",
+    "--profile",
+    "--sandbox",
+    "-i",
+    "-o",
+    "-p",
+    "-s",
+]);
+const CLAUDE_FOREIGN_BOOLEAN_FLAGS = new Set([
+    "--all",
+    "--dangerously-bypass-approvals-and-sandbox",
+    "--ephemeral",
+    "--full-auto",
+    "--ignore-rules",
+    "--ignore-user-config",
+    "--json",
+    "--last",
+    "--oss",
+    "--print",
+    "--skip-git-repo-check",
+]);
+function extraFlagName(arg) {
+    if (!arg.startsWith("-"))
+        return arg;
+    const eq = arg.indexOf("=");
+    return eq === -1 ? arg : arg.slice(0, eq);
+}
+function nextExtraValue(args, index) {
+    const next = args[index + 1];
+    if (typeof next !== "string")
+        return undefined;
+    if (!next.startsWith("-"))
+        return next;
+    return /^-\d/.test(next) ? next : undefined;
+}
+function sanitizeClaudeExtraArgs(extraArgs) {
+    if (!extraArgs?.length)
+        return [];
+    const out = [];
+    for (let i = 0; i < extraArgs.length; i += 1) {
+        const arg = extraArgs[i];
+        const name = extraFlagName(arg);
+        if (arg === "-c") {
+            const value = nextExtraValue(extraArgs, i);
+            if (value !== undefined)
+                i += 1;
+            continue;
+        }
+        if (name === "--config" || name === "--sandbox") {
+            if (!arg.includes("=") && nextExtraValue(extraArgs, i) !== undefined)
+                i += 1;
+            continue;
+        }
+        if (CLAUDE_FOREIGN_FLAGS_WITH_VALUE.has(name)) {
+            if (!arg.includes("=") && nextExtraValue(extraArgs, i) !== undefined)
+                i += 1;
+            continue;
+        }
+        if (CLAUDE_FOREIGN_BOOLEAN_FLAGS.has(name)) {
+            continue;
+        }
+        out.push(arg);
+    }
+    return out;
+}
 /** Resolve the Claude Code CLI path on PATH or the macOS desktop bundle fallback. */
 export function resolveClaudeCommand(deps = {}) {
     const onPath = resolveCommandOnPath("claude", deps);
@@ -75,11 +148,12 @@ export class ClaudeCodeAdapter extends NdjsonStreamAdapter {
         return this.resolvedBinary;
     }
     buildArgs(opts) {
+        const extraArgs = sanitizeClaudeExtraArgs(opts.extraArgs);
         const args = ["-p", opts.text, "--output-format", "stream-json", "--verbose"];
         // Headless `-p` mode does not load project `.claude/` by default, so
         // per-agent skills seeded at `<workspace>/.claude/skills/` are invisible
         // unless we opt in. `extraArgs` wins so operators can still override.
-        if (!opts.extraArgs?.some((a) => a.startsWith("--setting-sources"))) {
+        if (!extraArgs.some((a) => a.startsWith("--setting-sources"))) {
             args.push("--setting-sources", "project");
         }
         if (opts.sessionId) {
@@ -93,17 +167,17 @@ export class ClaudeCodeAdapter extends NdjsonStreamAdapter {
         // MCP) because there is no prompt relay back to the user yet. Default to
         // bypassPermissions for every trust tier; operators who need a stricter
         // posture can still override with route/defaultRoute extraArgs.
-        if (!opts.extraArgs?.some((a) => a.startsWith("--permission-mode"))) {
+        if (!extraArgs.some((a) => a.startsWith("--permission-mode"))) {
             args.push("--permission-mode", "bypassPermissions");
         }
         // Claude Code's `--append-system-prompt` is applied per invocation and NOT
         // persisted in the resumed session transcript — ideal for memory / digest
         // content that should re-evaluate every turn.
-        if (opts.systemContext && !opts.extraArgs?.includes("--append-system-prompt")) {
+        if (opts.systemContext && !extraArgs.includes("--append-system-prompt")) {
             args.push("--append-system-prompt", opts.systemContext);
         }
-        if (opts.extraArgs?.length)
-            args.push(...opts.extraArgs);
+        if (extraArgs.length)
+            args.push(...extraArgs);
         return args;
     }
     handleEvent(raw, ctx) {

package/dist/gateway/runtimes/codex.js

@@ -8,6 +8,69 @@ import { firstExistingPath, readCommandVersion, resolveCommandOnPath, } from "./
 const CODEX_DESKTOP_BUNDLE_PATH = "/Applications/Codex.app/Contents/Resources/codex";
 /** Codex UUIDv7 / v4 session ids are 36-char dashed hex; reject anything else to keep argv safe. */
 const CODEX_SESSION_ID_RE = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$/;
+const CODEX_FOREIGN_EXTRA_FLAGS_WITH_VALUE = new Set([
+    "--append-system-prompt",
+    "--permission-mode",
+]);
+const CODEX_SANDBOX_MODES = new Set(["read-only", "workspace-write", "danger-full-access"]);
+function extraFlagName(arg) {
+    if (!arg.startsWith("-"))
+        return arg;
+    const eq = arg.indexOf("=");
+    return eq === -1 ? arg : arg.slice(0, eq);
+}
+function nextExtraValue(args, index) {
+    const next = args[index + 1];
+    if (typeof next !== "string")
+        return undefined;
+    if (!next.startsWith("-"))
+        return next;
+    return /^-\d/.test(next) ? next : undefined;
+}
+function sanitizeCodexExtraArgs(extraArgs) {
+    if (!extraArgs?.length)
+        return [];
+    const out = [];
+    for (let i = 0; i < extraArgs.length; i += 1) {
+        const arg = extraArgs[i];
+        const name = extraFlagName(arg);
+        if (CODEX_FOREIGN_EXTRA_FLAGS_WITH_VALUE.has(name)) {
+            if (!arg.includes("=") && nextExtraValue(extraArgs, i) !== undefined)
+                i += 1;
+            continue;
+        }
+        if (name === "-s" || name === "--sandbox") {
+            const value = arg.includes("=") ? arg.slice(arg.indexOf("=") + 1) : nextExtraValue(extraArgs, i);
+            if (!arg.includes("=") && value !== undefined)
+                i += 1;
+            if (value && CODEX_SANDBOX_MODES.has(value)) {
+                out.push("-c", `sandbox_mode="${value}"`);
+            }
+            continue;
+        }
+        if (arg === "--full-auto") {
+            out.push("--dangerously-bypass-approvals-and-sandbox");
+            continue;
+        }
+        out.push(arg);
+    }
+    return out;
+}
+function hasCodexSandboxOverride(args) {
+    for (let i = 0; i < args.length; i += 1) {
+        const arg = args[i];
+        if (arg === "--dangerously-bypass-approvals-and-sandbox" ||
+            arg.startsWith("-c sandbox_mode=") ||
+            arg.startsWith("-csandbox_mode=") ||
+            arg.startsWith("--config=sandbox_mode=")) {
+            return true;
+        }
+        if ((arg === "-c" || arg === "--config") && args[i + 1]?.startsWith("sandbox_mode=")) {
+            return true;
+        }
+    }
+    return false;
+}
 /** Resolve the Codex CLI executable via PATH or macOS desktop bundle. */
 export function resolveCodexCommand(deps = {}) {
     const onPath = resolveCommandOnPath("codex", deps);
@@ -156,6 +219,7 @@ export class CodexAdapter extends NdjsonStreamAdapter {
      */
     buildArgs(opts) {
         const tail = [];
+        const extraArgs = sanitizeCodexExtraArgs(opts.extraArgs);
         // Sandbox / approval policy. Expressed as `-c` overrides because
         // `codex exec resume` rejects `-s` / `--full-auto`. `-c` works on both
         // the fresh `exec` and `exec resume` paths.
@@ -165,18 +229,13 @@ export class CodexAdapter extends NdjsonStreamAdapter {
         // relay back to the user yet. Default to bypassing both approvals and the
         // sandbox for every trust tier; operators who need a stricter posture can
         // still override with route/defaultRoute extraArgs.
-        const hasSandboxOverride = opts.extraArgs?.some((a) => a === "-s" ||
-            a.startsWith("--sandbox") ||
-            a === "--full-auto" ||
-            a === "--dangerously-bypass-approvals-and-sandbox" ||
-            a.startsWith("-c sandbox_mode=") ||
-            a.startsWith("-csandbox_mode=")) ?? false;
+        const hasSandboxOverride = hasCodexSandboxOverride(extraArgs);
         if (!hasSandboxOverride) {
             tail.push("-c", 'sandbox_mode="danger-full-access"', "-c", 'approval_policy="never"');
         }
         tail.push("--skip-git-repo-check", "--json");
-        if (opts.extraArgs?.length)
-            tail.push(...opts.extraArgs);
+        if (extraArgs.length)
+            tail.push(...extraArgs);
         // `--` separates flags from positionals so a prompt starting with `-`
         // can never be parsed as an option. `systemContext` is NOT prepended to
         // the prompt any more — it lives in `<CODEX_HOME>/AGENTS.md` written by

package/dist/index.js

@@ -15,6 +15,7 @@ import { renderStatus } from "./status-render.js";
 import { appendNextParam } from "./url-utils.js";
 import { channelsFromDaemonConfig, defaultHttpFetcher, renderDoctor, runDoctor, } from "./doctor.js";
 import { clearWorkingMemory, readWorkingMemory, resolveMemoryDir, updateWorkingMemory, DEFAULT_SECTION, } from "./working-memory.js";
+import { createDiagnosticBundle } from "./diagnostics.js";
 import { resolveStartAuthAction } from "./start-auth.js";
 import { discoverLocalOpenclawGateways, mergeOpenclawGateways, openclawDiscoveryConfigEnabled, } from "./openclaw-discovery.js";
 const ADAPTER_LIST = listAdapterIds().join("|");
@@ -81,7 +82,9 @@ Commands:
   route list
   route remove --room <rm_xxx>|--prefix <rm_xxx>
   config                                  Print resolved config
-  doctor [--json]                         Scan local runtimes (${ADAPTER_LIST})
+  doctor [--json] [--bundle]              Scan local runtimes (${ADAPTER_LIST});
+                                          --bundle also writes a zip under
+                                          ~/.botcord/diagnostics/
   memory get [--agent <ag_xxx>] [--json]  Show current working memory
   memory set [--agent <ag_xxx>] --goal <text>
                                           Pin/update the agent's work goal
@@ -105,6 +108,7 @@ const BOOLEAN_FLAGS = new Set([
     "f",
     "follow",
     "json",
+    "bundle",
     "help",
     "h",
     "mentioned",
@@ -1211,6 +1215,17 @@ const fsFileReader = {
     },
 };
 async function cmdDoctor(args) {
+    if (args.flags.bundle === true) {
+        const bundle = await createDiagnosticBundle();
+        if (args.flags.json === true) {
+            console.log(JSON.stringify({ bundle }, null, 2));
+            return;
+        }
+        console.log(`diagnostic bundle written: ${bundle.path}`);
+        console.log(`size: ${bundle.sizeBytes} bytes`);
+        console.log("Send this zip file to the BotCord developer/support contact.");
+        return;
+    }
     const entries = detectRuntimes();
     // Doctor should not hard-fail when no config exists yet; channel probes
     // simply produce an empty list in that case.