@coclaw/openclaw-coclaw 0.26.1 → 0.26.3

package/index.js

@@ -11,8 +11,7 @@ import { createSessionManager } from './src/session-manager/manager.js';
 import { TopicManager } from './src/topic-manager/manager.js';
 import { ChatHistoryManager, classifyChatHistorySessionKey } from './src/chat-history-manager/manager.js';
 import { generateTitle } from './src/topic-manager/title-gen.js';
-import { AutoUpgradeScheduler } from './src/auto-upgrade/updater.js';
-import { getPackageInfo } from './src/auto-upgrade/updater-check.js';
+import { AutoUpgradeScheduler, getLoadedPluginVersion } from './src/auto-upgrade/updater.js';
 import { createFileHandler } from './src/file-manager/handler.js';
 import { abortAgentRun } from './src/agent-abort.js';
 import { decideCancelResponse } from './src/agent-cancel-heuristic.js';
@@ -208,10 +207,10 @@ const plugin = {
 		// 防"写配置触发重启"时的反复重启）。升级补了新模型靠这条让老用户重启后自动同步。
 		// config-mutation 字面量 specifier 必须出现在本入口源码里（loader 只扫入口识别 jiti alias）。
 		const portalSyncP = import('openclaw/plugin-sdk/config-mutation')
-			.then(({ mutateConfigFile }) => reconcilePortalModels({ getConfig: getClawConfig, mutateConfigFile }))
-			.then((r) => { if (r.changed) logger.info?.('[coclaw] minimax-portal model list synced from plugin catalog'); })
+			.then(({ mutateConfigFile }) => reconcilePortalModels({ getConfig: getClawConfig, mutateConfigFile, logger, remoteLog }))
 			.catch((err) => {
 				logger.warn?.(`[coclaw] minimax-portal model reconcile failed: ${String(err?.message ?? err)}`);
+				remoteLog(`providerAuth.portalReconcile.failed reason=${String(err?.message ?? err)}`);
 			});
 		__pluginInitDone = Promise.all([topicLoadP, chatHistoryLoadP, portalSyncP]);
 
@@ -742,10 +741,13 @@ const plugin = {
 			}
 		});
 
-		api.registerGatewayMethod('coclaw.upgradeHealth', async ({ respond }) => {
+		// 升级健康检查：返回模块加载时刻钉住的版本快照（即当前进程真正加载的代码），
+		// 禁止改回调用时读磁盘 package.json——重启命令失败被吞、旧 gateway 仍活着时
+		// 磁盘可能已是未加载的新版本，按磁盘回答会让 worker verify 假阳性通过并删掉
+		// 回滚备份。快照不可得时返回 { version: null }，verify 侧按"未达标"保守处理。
+		api.registerGatewayMethod('coclaw.upgradeHealth', ({ respond }) => {
 			try {
-				const { version } = await getPackageInfo();
-				respond(true, { version });
+				respond(true, { version: getLoadedPluginVersion() });
 			}
 			catch (err) {
 				respondError(respond, err);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coclaw/openclaw-coclaw",
-  "version": "0.26.1",
+  "version": "0.26.3",
   "type": "module",
   "license": "Apache-2.0",
   "description": "OpenClaw plugin for remote chat over WebRTC. Run `openclaw coclaw enroll` after install.",

package/src/auto-upgrade/state.js

@@ -6,6 +6,10 @@
  * 1. runtime.state.resolveStateDir()（gateway 进程内）
  * 2. OPENCLAW_STATE_DIR 环境变量（worker 子进程，由 spawner 传入）
  * 3. ~/.openclaw（兜底默认值）
+ *
+ * 锁策略：state 文件的 read-modify-write 统一走 stateMutex；纯读不加锁。
+ * 锁只能护住同进程内并发（gateway 与 worker 跨进程仍各写各的），但 worker /
+ * scheduler 各自内部是串行流，进程内互斥已足够。
  */
 import fs from 'node:fs/promises';
 import nodePath from 'node:path';
@@ -13,12 +17,18 @@ import os from 'node:os';
 
 import { getRuntime } from '../runtime.js';
 import { atomicWriteFile } from '../utils/atomic-write.js';
+import { createMutex } from '../utils/mutex.js';
 
 const CHANNEL_ID = 'coclaw';
 const STATE_FILENAME = 'upgrade-state.json';
 const LOG_FILENAME = 'upgrade-log.jsonl';
 const LOG_MAX_LINES = 200;
 const LOG_KEEP_LINES = 100;
+// lastUpgrade.error 截断上限：远端上报行不宜过长；jsonl 保留完整 error
+const ERROR_MAX_CHARS = 500;
+
+const stateMutex = createMutex();
+const logMutex = createMutex();
 
 export function resolveStateDir() {
 	const rt = getRuntime();
@@ -38,11 +48,8 @@ export function getLogPath() {
 	return nodePath.join(resolveStateDir(), CHANNEL_ID, LOG_FILENAME);
 }
 
-/**
- * 读取 upgrade-state.json
- * @returns {Promise<{ skippedVersions?: string[], lastCheck?: string, lastUpgrade?: object }>}
- */
-export async function readState() {
+/** 不加锁的裸读，仅供本模块在 withLock 内复用（避免嵌套同把锁死锁） */
+async function readStateRaw() {
 	const filePath = getStatePath();
 	try {
 		const raw = await fs.readFile(filePath, 'utf8');
@@ -56,13 +63,26 @@ export async function readState() {
 	}
 }
 
+/** 不加锁的裸写，仅供本模块在 withLock 内复用 */
+async function writeStateRaw(state) {
+	const filePath = getStatePath();
+	await atomicWriteFile(filePath, `${JSON.stringify(state, null, 2)}\n`);
+}
+
+/**
+ * 读取 upgrade-state.json（纯读不加锁，最多读到略旧快照）
+ * @returns {Promise<{ skippedVersions?: string[], lastCheck?: string, lastUpgrade?: object, inflight?: object }>}
+ */
+export async function readState() {
+	return readStateRaw();
+}
+
 /**
  * 写入 upgrade-state.json（完整覆盖）
  * @param {object} state
  */
 export async function writeState(state) {
-	const filePath = getStatePath();
-	await atomicWriteFile(filePath, `${JSON.stringify(state, null, 2)}\n`);
+	await stateMutex.withLock(() => writeStateRaw(state));
 }
 
 /**
@@ -70,22 +90,31 @@ export async function writeState(state) {
  * @param {string} version
  */
 export async function addSkippedVersion(version) {
-	const state = await readState();
+	await stateMutex.withLock(async () => {
+		const state = await readStateRaw();
+		appendSkippedTo(state, version);
+		await writeStateRaw(state);
+	});
+}
+
+/** 在 state 对象上原地追加 skippedVersions（去重） */
+function appendSkippedTo(state, version) {
 	const skipped = Array.isArray(state.skippedVersions) ? state.skippedVersions : [];
 	if (!skipped.includes(version)) {
 		skipped.push(version);
 	}
 	state.skippedVersions = skipped;
-	await writeState(state);
 }
 
 /**
  * 更新 lastCheck 时间戳
  */
 export async function updateLastCheck() {
-	const state = await readState();
-	state.lastCheck = new Date().toISOString();
-	await writeState(state);
+	await stateMutex.withLock(async () => {
+		const state = await readStateRaw();
+		state.lastCheck = new Date().toISOString();
+		await writeStateRaw(state);
+	});
 }
 
 /**
@@ -93,21 +122,107 @@ export async function updateLastCheck() {
  * @param {{ from: string, to: string, result: string }} info
  */
 export async function updateLastUpgrade(info) {
-	const state = await readState();
-	state.lastUpgrade = { ...info, ts: new Date().toISOString() };
-	await writeState(state);
+	await stateMutex.withLock(async () => {
+		const state = await readStateRaw();
+		state.lastUpgrade = { ...info, ts: new Date().toISOString() };
+		await writeStateRaw(state);
+	});
+}
+
+/**
+ * 读取 inflight 标记（纯读不加锁）
+ * @returns {Promise<object|null>}
+ */
+export async function readInflight() {
+	const state = await readStateRaw();
+	/* c8 ignore next -- ?? fallback */
+	return state.inflight ?? null;
+}
+
+/**
+ * 写入 inflight 标记（worker 进 update 前调用；整体覆盖并附加 ts）。
+ * worker 若没活到终态记账（典型：被自己触发的网关重启杀死），scheduler
+ * 下轮据此对账补记终态。
+ * @param {{ from: string, to: string, verifyTarget: string, pluginDir: string, phase: string }} info
+ */
+export async function writeInflight(info) {
+	await stateMutex.withLock(async () => {
+		const state = await readStateRaw();
+		state.inflight = { ...info, ts: new Date().toISOString() };
+		await writeStateRaw(state);
+	});
+}
+
+/**
+ * 合并更新 inflight 字段（phase 推进 / verifyTarget 修正）。
+ * inflight 不存在时 no-op——终态已清账后，迟到的更新不应复活账目。
+ * @param {object} patch
+ */
+export async function updateInflight(patch) {
+	await stateMutex.withLock(async () => {
+		const state = await readStateRaw();
+		if (!state.inflight) return;
+		state.inflight = { ...state.inflight, ...patch };
+		await writeStateRaw(state);
+	});
+}
+
+/** lastUpgrade.error 截断：保尾部（子命令真因通常在输出尾部） */
+function truncateErrorTail(text) {
+	const s = String(text);
+	return s.length > ERROR_MAX_CHARS ? s.slice(-ERROR_MAX_CHARS) : s;
+}
+
+/**
+ * 原子记录升级终态：同一把锁内一次读改写完成
+ * "写 lastUpgrade + 清 inflight + 可选 addSkippedVersion"。
+ * 终态写失败时 inflight 保留 → scheduler 下轮对账可见，不丢账。
+ * upgrade-log.jsonl 追加放锁后 best-effort——终态已落盘，日志失败不回滚账目。
+ *
+ * @param {object} params
+ * @param {string} params.from
+ * @param {string} params.to
+ * @param {string} params.result - ok / noop-skip / rollback / rollback-failed / interrupted
+ * @param {string} [params.error] - lastUpgrade 内截断保存，jsonl 保留完整
+ * @param {string} [params.phase] - 中断时刻所处阶段（interrupted 账目用）
+ * @param {string} [params.skipVersion] - 需加入 skippedVersions 的版本（可缺）
+ */
+export async function recordUpgradeTerminal({ from, to, result, error, phase, skipVersion }) {
+	await stateMutex.withLock(async () => {
+		const state = await readStateRaw();
+		if (skipVersion) {
+			appendSkippedTo(state, skipVersion);
+		}
+		const last = { from, to, result };
+		if (error) last.error = truncateErrorTail(error);
+		if (phase) last.phase = phase;
+		state.lastUpgrade = { ...last, ts: new Date().toISOString() };
+		delete state.inflight;
+		await writeStateRaw(state);
+	});
+	try {
+		const entry = { from, to, result };
+		if (error) entry.error = error;
+		if (phase) entry.phase = phase;
+		await appendLog(entry);
+	}
+	catch {
+		// best-effort：jsonl 只是诊断日志，追加失败不影响终态
+	}
 }
 
 /**
  * 追加升级日志
- * @param {{ from: string, to: string, result: string, error?: string }} entry
+ * @param {{ from: string, to: string, result?: string, error?: string, phase?: string, event?: string }} entry
  */
 export async function appendLog(entry) {
-	const filePath = getLogPath();
-	await fs.mkdir(nodePath.dirname(filePath), { recursive: true });
-	const line = JSON.stringify({ ts: new Date().toISOString(), ...entry });
-	await fs.appendFile(filePath, `${line}\n`, 'utf8');
-	await trimLog(filePath);
+	await logMutex.withLock(async () => {
+		const filePath = getLogPath();
+		await fs.mkdir(nodePath.dirname(filePath), { recursive: true });
+		const line = JSON.stringify({ ts: new Date().toISOString(), ...entry });
+		await fs.appendFile(filePath, `${line}\n`, 'utf8');
+		await trimLog(filePath);
+	});
 }
 
 /**

package/src/auto-upgrade/updater-check.js

@@ -54,6 +54,51 @@ export async function getLatestVersion(pkgName, opts) {
 	});
 }
 
+// inspect 走独立 CLI 子进程，对齐 npm view / worker runCmd 先例的 execFile 选项
+const INSPECT_TIMEOUT_MS = 30_000;
+
+/**
+ * 经官方 CLI 读取本插件的权威安装记录（`openclaw plugins inspect <id> --json`）。
+ *
+ * 账本文件直读已废弃（上游 ≥2026.6.1 迁 SQLite，旧 JSON 停更）；inspect 是
+ * 三代稳定的官方契约，输出 JSON 顶层 `install` 字段即原始 install record。
+ * gateway 的 L1 来源门禁与 worker 的 L2 结局核对共用本函数。
+ *
+ * 归一化返回、永不抛：
+ * - `{ ok: true, install }`：inspect 成功；无 install 记录（如 load.paths 装置）时 install 为 null
+ * - `{ ok: false, reason }`：CLI 退出非 0 / 输出非 JSON
+ *
+ * @param {string} pluginId
+ * @param {object} [opts]
+ * @param {Function} [opts.execFileFn] - 可注入的 execFile（测试用）
+ * @returns {Promise<{ ok: true, install: object|null } | { ok: false, reason: string }>}
+ */
+export async function inspectPluginInstall(pluginId, opts) {
+	/* c8 ignore next -- ?./?? fallback */
+	const doExecFile = opts?.execFileFn ?? nodeExecFile;
+	return new Promise((resolve) => {
+		doExecFile('openclaw', ['plugins', 'inspect', pluginId, '--json'], {
+			timeout: INSPECT_TIMEOUT_MS,
+			shell: process.platform === 'win32',
+		}, (err, stdout) => {
+			if (err) {
+				resolve({ ok: false, reason: `inspect failed: ${err.message}` });
+				return;
+			}
+			let payload;
+			try {
+				payload = JSON.parse(String(stdout));
+			}
+			catch {
+				resolve({ ok: false, reason: 'inspect output is not valid JSON' });
+				return;
+			}
+			const install = payload?.install && typeof payload.install === 'object' ? payload.install : null;
+			resolve({ ok: true, install });
+		});
+	});
+}
+
 /**
  * 简易 semver 比较：a > b 返回 true
  * @param {string} a
@@ -77,12 +122,25 @@ export function isNewerVersion(a, b) {
 	return false;
 }
 
+/**
+ * 判断版本是否含 prerelease 段。
+ * semver 语义：build metadata（`+` 之后）不算 prerelease——必须先剥掉再看 `-`，
+ * 否则 `1.0.0+exp-sha.5` 这类纯 build 后缀会被误判（裸 indexOf('-') 的坑）。
+ * 核心段 X.Y.Z 不含 `-`，剥掉 build 后出现 `-` 即为 prerelease。
+ * @param {string} version
+ * @returns {boolean}
+ */
+export function isPrereleaseVersion(version) {
+	const core = String(version).split('+')[0];
+	return core.includes('-');
+}
+
 /**
  * 检查是否有可用更新
  * @param {object} [opts]
  * @param {Function} [opts.execFileFn] - 可注入的 execFile（测试用）
  * @param {string} [opts.pluginDir] - 插件目录
- * @returns {Promise<{ available: boolean, currentVersion: string, latestVersion?: string, pkgName: string }>}
+ * @returns {Promise<{ available: boolean, currentVersion: string, latestVersion?: string, pkgName: string, skipped?: boolean, prerelease?: boolean }>}
  */
 export async function checkForUpdate(opts) {
 	const { name: pkgName, version: currentVersion } = await getPackageInfo(opts?.pluginDir);
@@ -94,6 +152,13 @@ export async function checkForUpdate(opts) {
 		return { available: false, currentVersion, pkgName };
 	}
 
+	// prerelease 闸：上游 plugins update 对裸 spec 一律拒装 prerelease，放行会进
+	// "spawn → 拒装 → 回滚 → 重启" 的每周期循环。此处一票否决：不 spawn、
+	// 不写 skip / lastUpgrade（latest 回到正式版本后自然恢复，无持久状态）
+	if (isPrereleaseVersion(latestVersion)) {
+		return { available: false, currentVersion, latestVersion, pkgName, prerelease: true };
+	}
+
 	// 检查是否在 skippedVersions 中（曾升级失败并回滚的版本）
 	const state = await readState();
 	const skipped = Array.isArray(state.skippedVersions) ? state.skippedVersions : [];

package/src/auto-upgrade/updater-spawn.js

@@ -1,8 +1,10 @@
-import { spawn as nodeSpawn } from 'node:child_process';
+import { spawn as nodeSpawn, execFile as nodeExecFile } from 'node:child_process';
 import nodePath from 'node:path';
 import { resolveStateDir } from './state.js';
 
 const WORKER_FILENAME = 'worker.js';
+// 探针毫秒级完成；短超时防 systemd-run 异常挂起拖住 __check
+const PROBE_TIMEOUT_MS = 3_000;
 
 /**
  * 获取 worker.js 的路径
@@ -12,6 +14,49 @@ export function getWorkerPath() {
 	return nodePath.join(import.meta.dirname, WORKER_FILENAME);
 }
 
+/**
+ * 是否值得尝试 systemd scope 脱逃。
+ * gateway 跑在 systemd service 形态（KillMode=control-group）时，worker 虽
+ * detached 仍在同一 cgroup，自己触发的 `gateway restart` 会把整组杀掉——
+ * 重启后的验证/回滚/记账全部不可达。仅 linux 且疑似 systemd 环境（unit 注入
+ * 的环境变量在场）才探针，其它形态零改动。
+ * @param {string} platform
+ * @param {NodeJS.ProcessEnv} env
+ * @returns {boolean}
+ */
+export function shouldAttemptScopeEscape(platform, env) {
+	return platform === 'linux' && Boolean(env.OPENCLAW_SYSTEMD_UNIT || env.INVOCATION_ID);
+}
+
+/**
+ * 探针：试跑 `systemd-run [--user] --scope --quiet --collect -- /bin/true`，
+ * 先 --user 变体（user service 推荐形态），失败再试无 --user（system service）。
+ * @param {object} [opts]
+ * @param {Function} [opts.execFileFn] - 可注入的 execFile（测试用）
+ * @returns {Promise<string[]|null>} 可用变体的附加参数（['--user'] 或 []）；都不可用返回 null
+ */
+export async function probeSystemdScopeArgs(opts) {
+	/* c8 ignore next -- ?./?? fallback */
+	const doExecFile = opts?.execFileFn ?? nodeExecFile;
+	const tryVariant = (variant) => new Promise((resolve) => {
+		try {
+			doExecFile(
+				'systemd-run',
+				[...variant, '--scope', '--quiet', '--collect', '--', '/bin/true'],
+				{ timeout: PROBE_TIMEOUT_MS },
+				(err) => resolve(!err),
+			);
+		}
+		catch {
+			// 注入实现同步抛错（如 systemd-run 不存在的极端实现）按失败处理
+			resolve(false);
+		}
+	});
+	if (await tryVariant(['--user'])) return ['--user'];
+	if (await tryVariant([])) return [];
+	return null;
+}
+
 /**
  * 以 detached 进程方式启动 upgrade worker
  *
@@ -19,37 +64,78 @@ export function getWorkerPath() {
  * detached + unref 确保 gateway 进程不会等待 worker。
  * 通过 -- 命名参数传递业务数据，worker 使用 util.parseArgs 解析。
  *
+ * systemd 环境下探针通过则包成 `systemd-run [--user] --scope --quiet --collect
+ * -- <node> worker.js ...`：scope 是 service 的兄弟 cgroup，KillMode=control-group
+ * 清场打不到；--scope 自挪 cgroup 后 exec、不产生 wrapper 进程，child.pid 即
+ * worker 真 pid → 锁机制零改动。探针失败 → 现行裸 spawn（降级=现状），由调用方
+ * 据 escapeFailed 发去重信号。真 worker 永远只 spawn 一次，没有失败重拉。
+ *
  * @param {object} params
  * @param {string} params.pluginDir - 插件安装目录
  * @param {string} params.fromVersion - 当前版本
  * @param {string} params.toVersion - 目标版本
+ * @param {string} [params.baselineVersion] - 升级前权威安装记录的版本（L2 结局核对基线；可缺）
  * @param {string} params.pluginId - 插件 ID
  * @param {string} params.pkgName - npm 包名
  * @param {object} [params.opts]
  * @param {Function} [params.opts.spawnFn] - 可注入的 spawn（测试用）
+ * @param {Function} [params.opts.execFileFn] - 可注入的 execFile（探针，测试用）
+ * @param {string} [params.opts.platform] - 平台覆盖（测试用）
+ * @param {NodeJS.ProcessEnv} [params.opts.scopeEnv] - 探针启用判定的 env 覆盖（测试用）
  * @param {object} [params.logger] - 需提供 .info() 方法（如 pino/gateway logger）
- * @returns {{ child: object }}
+ * @returns {Promise<{ child: object, escapeFailed: boolean }>} escapeFailed：疑似 systemd
+ *   环境但两个探针变体都失败（降级裸 spawn），调用方据此发信号
  */
-export function spawnUpgradeWorker({ pluginDir, fromVersion, toVersion, pluginId, pkgName, opts, logger }) {
+export async function spawnUpgradeWorker({ pluginDir, fromVersion, toVersion, baselineVersion, pluginId, pkgName, opts, logger }) {
 	/* c8 ignore next -- ?./?? fallback */
 	const doSpawn = opts?.spawnFn ?? nodeSpawn;
+	/* c8 ignore next -- ?./?? fallback */
+	const platform = opts?.platform ?? process.platform;
+	/* c8 ignore next -- ?./?? fallback */
+	const scopeEnv = opts?.scopeEnv ?? process.env;
 	const workerPath = getWorkerPath();
 
 	logger?.info?.(`[spawner] Spawning upgrade worker: ${fromVersion} → ${toVersion}`);
 
+	let scopeArgs = null;
+	let escapeFailed = false;
+	if (shouldAttemptScopeEscape(platform, scopeEnv)) {
+		scopeArgs = await probeSystemdScopeArgs(opts);
+		if (scopeArgs) {
+			logger?.info?.(`[spawner] systemd scope escape enabled (${scopeArgs.includes('--user') ? 'user' : 'system'} variant)`);
+		}
+		else {
+			escapeFailed = true;
+			logger?.warn?.('[spawner] systemd scope probe failed, falling back to bare spawn (worker may die on gateway restart)');
+		}
+	}
+
 	// 将 state dir 传递给 worker，确保 worker 写入正确的路径
 	const stateDir = resolveStateDir();
 	const env = { ...process.env };
 	if (stateDir) env.OPENCLAW_STATE_DIR = stateDir;
 
-	const child = doSpawn(process.execPath, [
+	const args = [
 		workerPath,
 		'--pluginDir', pluginDir,
 		'--fromVersion', fromVersion,
 		'--toVersion', toVersion,
 		'--pluginId', pluginId,
 		'--pkgName', pkgName,
-	], {
+	];
+	// 基线缺失时不传 flag，worker 按"基线不可得"退化处理
+	if (baselineVersion) {
+		args.push('--baselineVersion', baselineVersion);
+	}
+
+	let spawnCmd = process.execPath;
+	let spawnArgs = args;
+	if (scopeArgs) {
+		spawnCmd = 'systemd-run';
+		spawnArgs = [...scopeArgs, '--scope', '--quiet', '--collect', '--', process.execPath, ...args];
+	}
+
+	const child = doSpawn(spawnCmd, spawnArgs, {
 		detached: true,
 		stdio: 'ignore',
 		env,
@@ -63,6 +149,5 @@ export function spawnUpgradeWorker({ pluginDir, fromVersion, toVersion, pluginId
 	child.unref();
 
 	logger?.info?.(`[spawner] Worker spawned (pid: ${child.pid})`);
-	return { child };
+	return { child, escapeFailed };
 }
-