@coclaw/openclaw-coclaw 0.18.0 → 0.19.2

package/index.js

@@ -14,6 +14,7 @@ import { AutoUpgradeScheduler } from './src/auto-upgrade/updater.js';
 import { getPackageInfo } from './src/auto-upgrade/updater-check.js';
 import { createFileHandler } from './src/file-manager/handler.js';
 import { abortAgentRun } from './src/agent-abort.js';
+import { decideCancelResponse } from './src/agent-cancel-heuristic.js';
 import { remoteLog } from './src/remote-log.js';
 
 import { getPluginVersion, __resetPluginVersion } from './src/plugin-version.js';
@@ -200,9 +201,27 @@ const plugin = {
 			},
 		});
 
+		// enroll 并发控制：同一时刻只允许一个活跃 enroll。
+		// 声明前置以便 doBind/doUnbind 入口可调用 cancelActiveEnroll；
+		// .finally 仍在 enroll 自身的回调里把 activeEnrollAbort 置 null。
+		let activeEnrollAbort = null;
+
+		function cancelActiveEnroll() {
+			if (activeEnrollAbort) {
+				logger.info?.('[coclaw] cancelling active enroll');
+				activeEnrollAbort.abort();
+				// 立即清 ref：避免后续 cancelActiveEnroll 对同一已 abort 的 controller 重复 log；
+				// 原 enroll 自己的 .finally 仍负责本身分支的兜底清理（按 ref 相等判断）
+				activeEnrollAbort = null;
+			}
+		}
+
 		// --- bind/unbind 共享逻辑（RPC handler + 斜杠命令共用） ---
 
 		async function doBind({ code, serverUrl }) {
+			// 显式 bind 必须取消进行中的 enroll：否则 enroll 后到的 token 走 partial-failure
+			// rollback 路径前可能仍写入旧 config，污染刚 bind 完的本地状态
+			cancelActiveEnroll();
 			await stopRealtimeBridge();
 			let result;
 			try {
@@ -223,6 +242,8 @@ const plugin = {
 		}
 
 		async function doUnbind({ serverUrl }) {
+			// unbind 同样取消进行中的 enroll，避免 server 解绑后 enroll token 又写回本地
+			cancelActiveEnroll();
 			const result = await unbindClaw({
 				serverUrl: serverUrl ?? api.pluginConfig?.serverUrl,
 			});
@@ -233,8 +254,13 @@ const plugin = {
 		api.registerGatewayMethod('coclaw.bind', async ({ params, respond }) => {
 			try {
 				const code = params?.code;
-				if (!code) {
-					respondInvalid(respond, 'code is required');
+				if (typeof code !== 'string' || code.length === 0) {
+					respondInvalid(respond, 'code must be a non-empty string');
+					return;
+				}
+				if (params?.serverUrl !== undefined
+					&& (typeof params.serverUrl !== 'string' || params.serverUrl.trim().length === 0)) {
+					respondInvalid(respond, 'serverUrl must be a non-empty string');
 					return;
 				}
 				const result = await doBind({
@@ -256,6 +282,11 @@ const plugin = {
 
 		api.registerGatewayMethod('coclaw.unbind', async ({ params, respond }) => {
 			try {
+				if (params?.serverUrl !== undefined
+					&& (typeof params.serverUrl !== 'string' || params.serverUrl.trim().length === 0)) {
+					respondInvalid(respond, 'serverUrl must be a non-empty string');
+					return;
+				}
 				const result = await doUnbind({ serverUrl: params?.serverUrl });
 				respond(true, { status: { clawId: result.clawId } });
 			}
@@ -264,15 +295,15 @@ const plugin = {
 			}
 		});
 
-		// enroll 并发控制：同一时刻只允许一个活跃 enroll
-		let activeEnrollAbort = null;
-
 		api.registerGatewayMethod('coclaw.enroll', async ({ params, respond }) => {
 			try {
-				// 取消前一个 enroll
-				if (activeEnrollAbort) {
-					activeEnrollAbort.abort();
+				if (params?.serverUrl !== undefined
+					&& (typeof params.serverUrl !== 'string' || params.serverUrl.trim().length === 0)) {
+					respondInvalid(respond, 'serverUrl must be a non-empty string');
+					return;
 				}
+				// 取消前一个 enroll（与 doBind/doUnbind 共享 helper）
+				cancelActiveEnroll();
 				const abortController = new AbortController();
 				activeEnrollAbort = abortController;
 
@@ -333,6 +364,11 @@ const plugin = {
 
 		api.registerGatewayMethod('nativeui.sessions.get', ({ params, respond }) => {
 			try {
+				const sessionId = params?.sessionId;
+				if (typeof sessionId !== 'string' || sessionId.trim().length === 0) {
+					respondInvalid(respond, 'sessionId required');
+					return;
+				}
 				respond(true, manager.get(params ?? {}));
 			}
 			catch (err) {
@@ -463,12 +499,14 @@ const plugin = {
 					respondInvalid(respond, 'No valid change field provided (supported: title)');
 					return;
 				}
-				await topicManager.updateTitle({ topicId, title: changes.title });
-				const { topic } = topicManager.get({ topicId });
-				if (!topic) {
-					respondInvalid(respond, `Topic not found: ${topicId}`);
+				// 先检查 topic 是否存在：避免 updateTitle 内部 throw 后被 respondError 错报为 INTERNAL_ERROR
+				const existing = topicManager.get({ topicId })?.topic;
+				if (!existing) {
+					respond(false, undefined, { code: 'NOT_FOUND', message: `Topic not found: ${topicId}` });
 					return;
 				}
+				await topicManager.updateTitle({ topicId, title: changes.title });
+				const { topic } = topicManager.get({ topicId });
 				respond(true, { topic });
 			}
 			catch (err) {
@@ -550,6 +588,8 @@ const plugin = {
 		// 取消正在执行的 embedded agent run（通过 OpenClaw 全局 symbol 侧门）
 		// 侧门不存在 / sessionId 未注册 / handle.abort 抛异常时返回 { ok:false, reason } —— UI 静默降级
 		// UI 可能在 OpenClaw 注册 sessionId 前点 STOP（注册空窗期），此时返回 not-found；UI 会按 500ms 间隔重试。
+		// UI 自 v0.20 起额外透传 runDuration / abortDuration（墙钟差，毫秒）供启发判定：
+		// 侧门返 not-found 但双闸都达阈值时升格为 gone，告知 UI 主动收尾。旧 UI 不传时退化为透传 not-found。
 		api.registerGatewayMethod('coclaw.agent.abort', ({ params, respond }) => {
 			try {
 				const sessionId = params?.sessionId;
@@ -558,7 +598,10 @@ const plugin = {
 					respondInvalid(respond, 'sessionId is required');
 					return;
 				}
-				const result = abortAgentRun(sessionId);
+				const abortResult = abortAgentRun(sessionId);
+				const runDuration = typeof params?.runDuration === 'number' ? params.runDuration : undefined;
+				const abortDuration = typeof params?.abortDuration === 'number' ? params.abortDuration : undefined;
+				const result = decideCancelResponse(abortResult, { runDuration, abortDuration });
 				// not-found 是 UI 重试期常态（注册空窗），不打日志避免噪音；其余分支保留 info
 				if (result.reason !== 'not-found') {
 					logger.info?.(`[coclaw.agent.abort] result sessionId=${sessionId} ok=${result.ok}${result.reason ? ` reason=${result.reason}` : ''}${result.error ? ` error=${result.error}` : ''}`);
@@ -570,6 +613,10 @@ const plugin = {
 					// 侧门缺失或 handle shape 变化：OpenClaw 升级契约变更的早期信号
 					remoteLog(`abort.not-supported sid=${sessionId}`);
 				}
+				else if (result.reason === 'gone') {
+					// 启发升格：双闸均达阈值，把 not-found 升格为 gone，让 UI 主动 settleByCancel
+					remoteLog(`abort.gone sid=${sessionId} runDur=${runDuration} abortDur=${abortDuration}`);
+				}
 				respond(true, result);
 			}
 			catch (err) {
@@ -663,10 +710,8 @@ const plugin = {
 					}
 
 					if (action === 'enroll') {
-						// 并发控制：取消前一个 enroll（与 RPC 路径共享）
-						if (activeEnrollAbort) {
-							activeEnrollAbort.abort();
-						}
+						// 并发控制：取消前一个 enroll（与 RPC 路径共享 helper）
+						cancelActiveEnroll();
 						const abortController = new AbortController();
 						activeEnrollAbort = abortController;
 

package/openclaw.plugin.json

@@ -2,6 +2,9 @@
   "id": "openclaw-coclaw",
   "name": "CoClaw",
   "description": "OpenClaw CoClaw channel plugin for remote chat",
+  "activation": {
+    "onStartup": true
+  },
   "configSchema": {
     "type": "object",
     "additionalProperties": false,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coclaw/openclaw-coclaw",
-  "version": "0.18.0",
+  "version": "0.19.2",
   "type": "module",
   "license": "Apache-2.0",
   "description": "OpenClaw CoClaw channel plugin for remote chat",

package/src/agent-cancel-heuristic.js

@@ -0,0 +1,42 @@
+/**
+ * agent-cancel-heuristic：取消请求的启发式判定
+ *
+ * OpenClaw 侧门 abort 返回 not-found 时，单凭这个信号无法区分两种状态：
+ *   1. 注册空窗：UI 已发 send，但 OpenClaw 还没把 run 注册到 activeRuns
+ *      → UI 应继续 tick 重试，等注册完成
+ *   2. run 已实际结束/丢失但终态信号未送达 UI（compaction-retry 边界、
+ *      上游 lifecycle:end 漏发、网络丢包等）
+ *      → UI 应主动收尾，避免无限 tick
+ *
+ * 用 UI 透传的两个墙钟时长做"双闸"启发：
+ *   - runDuration ≥ 3min：从 onAccepted 到现在；正常 run 不会这么久仍在跑
+ *   - abortDuration ≥ 1min：从首次 STOP 到现在；正常 run 在 1min 内能响应取消
+ * 双闸都满足才升格为 'gone'，告知 UI 主动 settleByCancel + 提示用户。
+ *
+ * 阈值偏保守，宁可让 UI 多 tick 几次也不误升格。
+ *
+ * 兼容旧 UI：旧 UI 不传 runDuration/abortDuration，ctx 字段为 undefined，
+ * 双闸永远不命中，行为退化为原样透传 not-found（与无启发时一致）。
+ */
+
+export const RUN_DURATION_GONE_THRESHOLD_MS = 3 * 60 * 1000;
+export const ABORT_DURATION_GONE_THRESHOLD_MS = 60 * 1000;
+
+/**
+ * 根据侧门 abort 结果 + UI 上下文决定最终响应
+ * @param {object} abortResult - abortAgentRun 的返回值
+ * @param {object} [ctx] - { runDuration, abortDuration }（毫秒），旧 UI 不传时为 undefined
+ * @returns {object} 透传或升格后的响应（保持 abortResult 同形 shape）
+ */
+export function decideCancelResponse(abortResult, ctx) {
+	// ok 与非 not-found 原因（not-supported / abort-threw 等）原样透传
+	if (abortResult.ok) return abortResult;
+	if (abortResult.reason !== 'not-found') return abortResult;
+
+	const runDur = ctx?.runDuration;
+	const abortDur = ctx?.abortDuration;
+	const runHit = typeof runDur === 'number' && Number.isFinite(runDur) && runDur >= RUN_DURATION_GONE_THRESHOLD_MS;
+	const abortHit = typeof abortDur === 'number' && Number.isFinite(abortDur) && abortDur >= ABORT_DURATION_GONE_THRESHOLD_MS;
+	if (runHit && abortHit) return { ok: false, reason: 'gone' };
+	return abortResult;
+}

package/src/auto-upgrade/state.js

@@ -12,6 +12,7 @@ import nodePath from 'node:path';
 import os from 'node:os';
 
 import { getRuntime } from '../runtime.js';
+import { atomicWriteFile } from '../utils/atomic-write.js';
 
 const CHANNEL_ID = 'coclaw';
 const STATE_FILENAME = 'upgrade-state.json';
@@ -61,8 +62,7 @@ export async function readState() {
  */
 export async function writeState(state) {
 	const filePath = getStatePath();
-	await fs.mkdir(nodePath.dirname(filePath), { recursive: true });
-	await fs.writeFile(filePath, `${JSON.stringify(state, null, 2)}\n`, 'utf8');
+	await atomicWriteFile(filePath, `${JSON.stringify(state, null, 2)}\n`);
 }
 
 /**
@@ -119,7 +119,8 @@ async function trimLog(filePath) {
 		const lines = content.split('\n').filter(Boolean);
 		if (lines.length <= LOG_MAX_LINES) return;
 		const kept = lines.slice(-LOG_KEEP_LINES);
-		await fs.writeFile(filePath, `${kept.join('\n')}\n`, 'utf8');
+		// 整文件覆写走 atomic：truncate-then-write 中途崩溃会清空整个 log
+		await atomicWriteFile(filePath, `${kept.join('\n')}\n`);
 	}
 	catch {
 		// 截断失败不影响主流程

package/src/auto-upgrade/updater.js

@@ -6,6 +6,7 @@ import { spawnUpgradeWorker } from './updater-spawn.js';
 import { readState, resolveStateDir, writeState } from './state.js';
 import { getRuntime } from '../runtime.js';
 import { remoteLog } from '../remote-log.js';
+import { atomicWriteFile } from '../utils/atomic-write.js';
 
 // 首次检查延迟较长：失败时由 worker 触发 gateway restart，scheduler 重启后会重新计时；
 // 60 分钟基线（实际随机 60-120 分钟）能把"失败→重启→再次检查"的循环周期拉长，
@@ -102,11 +103,9 @@ export async function isUpgradeLocked(opts) {
  */
 export async function writeUpgradeLock(pid) {
 	const lockPath = getLockPath();
-	await fs.mkdir(nodePath.dirname(lockPath), { recursive: true });
-	await fs.writeFile(
+	await atomicWriteFile(
 		lockPath,
 		`${JSON.stringify({ pid, ts: new Date().toISOString() })}\n`,
-		'utf8',
 	);
 }
 

package/src/common/claw-binding.js

@@ -63,12 +63,25 @@ export async function bindClaw({ code, serverUrl }, deps = {}) {
 		throw new Error('invalid bind response');
 	}
 
-	await writeCfg({
-		serverUrl: baseUrl,
-		clawId: data.clawId,
-		token: data.token,
-		boundAt: new Date().toISOString(),
-	});
+	try {
+		await writeCfg({
+			serverUrl: baseUrl,
+			clawId: data.clawId,
+			token: data.token,
+			boundAt: new Date().toISOString(),
+		});
+	}
+	catch (writeErr) {
+		// 本地 writeCfg 失败 → 回滚 server 端，避免产生孤儿 claw（与 unbind 强制不容错的红线对称）
+		await unbindServer({ baseUrl, token: data.token }).catch(() => {
+			// 回滚失败不掩盖原因；用户根据原始 writeErr.message 排查，
+			// server 端孤儿可通过下次 enroll/bind 时 401/404/410 再清理
+		});
+		const wrapped = new Error(`bind succeeded on server but local write failed: ${writeErr.message}`);
+		wrapped.code = 'BIND_LOCAL_WRITE_FAILED';
+		wrapped.cause = writeErr;
+		throw wrapped;
+	}
 
 	return {
 		clawId: data.clawId,
@@ -105,7 +118,12 @@ export async function enrollClaw({ serverUrl }, deps = {}) {
 }
 
 export async function waitForClaimAndSave({ serverUrl, code, waitToken, signal }, deps = {}) {
-	const { waitClaimCode = waitClaimCodeOnServer, writeCfg = writeConfig, retryDelayMs = 2000 } = deps;
+	const {
+		waitClaimCode = waitClaimCodeOnServer,
+		writeCfg = writeConfig,
+		unbindServer = unbindWithServer,
+		retryDelayMs = 2000,
+	} = deps;
 	const baseUrl = resolveServerUrl(serverUrl);
 
 	// 循环长轮询，直到成功或超时
@@ -122,7 +140,12 @@ export async function waitForClaimAndSave({ serverUrl, code, waitToken, signal }
 			if (err?.response?.status === 404) {
 				throw new Error('claim code not found or expired');
 			}
-			// 其他所有错误（HTTP 408/500、网络超时、TimeoutError 等）延迟后重试，
+			// server 408 + CLAIM_TIMEOUT body 表示 claim 在 server 端已过期，与 404 同列终态；
+			// 没有 CLAIM_TIMEOUT body 的 408（极少见）保持瞬态错误重试
+			if (err?.response?.status === 408 && err.response?.data?.code === 'CLAIM_TIMEOUT') {
+				throw new Error('claim code expired');
+			}
+			// 其他所有错误（HTTP 500、网络超时、TimeoutError 等）延迟后重试，
 			// 确保后台等待不会因瞬时故障而终止
 			await new Promise((r) => setTimeout(r, retryDelayMs));
 			continue;
@@ -130,12 +153,28 @@ export async function waitForClaimAndSave({ serverUrl, code, waitToken, signal }
 
 		// 已认领
 		if (data?.clawId && data?.token) {
-			await writeCfg({
-				serverUrl: baseUrl,
-				clawId: data.clawId,
-				token: data.token,
-				boundAt: new Date().toISOString(),
-			});
+			// long-poll 期间 abort 到达 → 此时 server 已发 token，与 D bug D-3 #4 同模式：
+			// 不能落盘旧 token（会污染新 enroll/bind 的本地状态），同时回滚 server 端避免孤儿
+			if (signal?.aborted) {
+				await unbindServer({ baseUrl, token: data.token }).catch(() => {});
+				throw new Error('enroll cancelled');
+			}
+			try {
+				await writeCfg({
+					serverUrl: baseUrl,
+					clawId: data.clawId,
+					token: data.token,
+					boundAt: new Date().toISOString(),
+				});
+			}
+			catch (writeErr) {
+				// 与 bindClaw 对称：本地写失败 → 回滚 server 端，避免孤儿 claw
+				await unbindServer({ baseUrl, token: data.token }).catch(() => {});
+				const wrapped = new Error(`enroll succeeded on server but local write failed: ${writeErr.message}`);
+				wrapped.code = 'BIND_LOCAL_WRITE_FAILED';
+				wrapped.cause = writeErr;
+				throw wrapped;
+			}
 			return { clawId: data.clawId };
 		}
 

package/src/device-identity.js

@@ -4,6 +4,7 @@ import os from 'node:os';
 import nodePath from 'node:path';
 
 import { getRuntime } from './runtime.js';
+import { atomicWriteFileSync } from './utils/atomic-write.js';
 
 const CHANNEL_ID = 'coclaw';
 const IDENTITY_FILENAME = 'device-identity.json';
@@ -107,9 +108,7 @@ export function loadOrCreateDeviceIdentity(filePath) {
 				const derivedId = fingerprintPublicKey(parsed.publicKeyPem);
 				if (derivedId && derivedId !== parsed.deviceId) {
 					const updated = { ...parsed, deviceId: derivedId };
-					fs.writeFileSync(fp, `${JSON.stringify(updated, null, 2)}\n`, { mode: 0o600 });
-					/* c8 ignore next -- best-effort chmod */
-					try { fs.chmodSync(fp, 0o600); } catch { /* best-effort */ }
+					atomicWriteFileSync(fp, `${JSON.stringify(updated, null, 2)}\n`, { mode: 0o600 });
 					return { deviceId: derivedId, publicKeyPem: parsed.publicKeyPem, privateKeyPem: parsed.privateKeyPem };
 				}
 				return { deviceId: parsed.deviceId, publicKeyPem: parsed.publicKeyPem, privateKeyPem: parsed.privateKeyPem };
@@ -123,7 +122,6 @@ export function loadOrCreateDeviceIdentity(filePath) {
 	}
 
 	const identity = generateIdentity();
-	fs.mkdirSync(nodePath.dirname(fp), { recursive: true });
 	const stored = {
 		version: 1,
 		deviceId: identity.deviceId,
@@ -131,9 +129,7 @@ export function loadOrCreateDeviceIdentity(filePath) {
 		privateKeyPem: identity.privateKeyPem,
 		createdAtMs: Date.now(),
 	};
-	fs.writeFileSync(fp, `${JSON.stringify(stored, null, 2)}\n`, { mode: 0o600 });
-	/* c8 ignore next -- best-effort chmod */
-	try { fs.chmodSync(fp, 0o600); } catch { /* best-effort */ }
+	atomicWriteFileSync(fp, `${JSON.stringify(stored, null, 2)}\n`, { mode: 0o600 });
 	return identity;
 }
 

package/src/file-manager/handler.js

@@ -216,7 +216,7 @@ export function createFileHandler({ resolveWorkspace, logger, deps = {} }) {
 			throw e;
 		}
 		if (stat.isDirectory()) {
-			if (params?.force) {
+			if (params?.force === true) {
 				await _rm(resolved, { recursive: true, force: true });
 			} else {
 				try {