@lark-apaas/openclaw-scripts-diagnose-cli 0.1.1-alpha.9 → 0.1.1

package/dist/index.cjs

@@ -192,82 +192,14 @@ function fileExists(filePath) {
 	return node_fs.default.existsSync(filePath);
 }
 /** Execute a shell command, return stdout. Throws on failure. */
-function shell(cmd, timeoutMs = 1e4) {
+function shell(cmd, timeoutMs = 6e4) {
 	return (0, node_child_process.execSync)(cmd, {
 		encoding: "utf-8",
 		timeout: timeoutMs
 	}).trim();
 }
-/**
-* Run a long-lived command and kill it only when it goes idle (no stdout/stderr
-* for `idleMs`) or hits the total deadline `maxTotalMs`. Suited to commands like
-* `npm install` that may be slow but keep streaming progress — we don't want to
-* kill them just because they exceeded some fixed wall-clock budget, only when
-* they actually stall (e.g. blocked on a cache / lockfile held by another npm).
-*/
-function shellUntilIdle(cmd, opts = {}) {
-	const idleMs = opts.idleMs ?? 9e4;
-	const maxTotalMs = opts.maxTotalMs ?? 9e5;
-	return new Promise((resolve, reject) => {
-		const proc = (0, node_child_process.spawn)("bash", ["-c", cmd], { stdio: [
-			"ignore",
-			"pipe",
-			"pipe"
-		] });
-		const startedAt = Date.now();
-		let lastOutputAt = Date.now();
-		let killed = null;
-		const bump = () => {
-			lastOutputAt = Date.now();
-		};
-		proc.stdout.on("data", bump);
-		proc.stderr.on("data", bump);
-		const timer = setInterval(() => {
-			const now = Date.now();
-			if (now - lastOutputAt > idleMs) {
-				killed = `idle > ${idleMs}ms`;
-				proc.kill("SIGKILL");
-			} else if (now - startedAt > maxTotalMs) {
-				killed = `total > ${maxTotalMs}ms`;
-				proc.kill("SIGKILL");
-			}
-		}, 5e3);
-		proc.on("exit", (code, signal) => {
-			clearInterval(timer);
-			if (killed) return reject(/* @__PURE__ */ new Error(`shellUntilIdle killed (${killed}): ${cmd}`));
-			if (code === 0) return resolve();
-			reject(/* @__PURE__ */ new Error(`shellUntilIdle exit code=${code} signal=${signal}: ${cmd}`));
-		});
-		proc.on("error", (err) => {
-			clearInterval(timer);
-			reject(err);
-		});
-	});
-}
-/**
-* Retry a Promise-returning runner until it succeeds or the overall deadline
-* passes. Designed to pair with `shellUntilIdle` for npm-style operations that
-* may need several attempts if a concurrent npm is holding a lock.
-*/
-async function retryUntilDeadline(run, opts) {
-	const betweenAttemptsMs = opts.betweenAttemptsMs ?? 1e4;
-	const deadline = Date.now() + opts.maxTotalMs;
-	let lastErr;
-	let attempt = 0;
-	while (Date.now() < deadline) {
-		attempt++;
-		try {
-			return await run();
-		} catch (e) {
-			lastErr = e;
-			if (Date.now() + betweenAttemptsMs >= deadline) break;
-			await new Promise((r) => setTimeout(r, betweenAttemptsMs));
-		}
-	}
-	throw new Error(`retryUntilDeadline gave up after ${attempt} attempt(s): ${lastErr?.message ?? lastErr}`);
-}
 //#endregion
-//#region \0@oxc-project+runtime@0.121.0/helpers/decorate.js
+//#region \0@oxc-project+runtime@0.115.0/helpers/decorate.js
 function __decorate(decorators, target, key, desc) {
 	var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
 	if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -313,11 +245,15 @@ function findBackupFiles(configPath) {
 }
 /**
 * Among backup files, find the one with the highest numeric suffix.
-* `.bak` (no number) is treated as 0, `.bak1` as 1, `.bak2` as 2, etc.
+* Supports all three naming styles used by the current backup code and its
+* older variants:
+*   `.bak`      → n = 0  (legacy single-slot backup)
+*   `.bakN`     → n = N  (older style, dot-less)
+*   `.bak.N`    → n = N  (current style written by reset Step 1)
 */
 function findHighestBackup(backupFiles) {
 	if (backupFiles.length === 0) return null;
-	const bakRegex = /\.bak(\d*)$/;
+	const bakRegex = /\.bak\.?(\d*)$/;
 	let best = null;
 	for (const f of backupFiles) {
 		const match = bakRegex.exec(f);
@@ -754,7 +690,9 @@ let AllowedOriginsRule = class AllowedOriginsRule extends DiagnoseRule {
 	validate(ctx) {
 		const expected = getExpectedOrigins(ctx.vars);
 		if (expected.length === 0) return { pass: true };
-		const missing = findMissing(getCurrentOrigins(ctx.config), expected);
+		const current = getCurrentOrigins(ctx.config);
+		if (hasWildcard(current)) return { pass: true };
+		const missing = findMissing(current, expected);
 		if (missing.length === 0) return { pass: true };
 		return {
 			pass: false,
@@ -764,6 +702,7 @@ let AllowedOriginsRule = class AllowedOriginsRule extends DiagnoseRule {
 	repair(ctx) {
 		const expected = getExpectedOrigins(ctx.vars);
 		const current = getCurrentOrigins(ctx.config);
+		if (hasWildcard(current)) return;
 		const missing = findMissing(current, expected);
 		if (missing.length > 0) {
 			const seen = /* @__PURE__ */ new Set();
@@ -803,6 +742,10 @@ function findMissing(current, expected) {
 	const set = new Set(current);
 	return expected.filter((o) => !set.has(o));
 }
+/** Exact "*" entry means allow-all; pattern globs like "https://*.example.com" don't count. */
+function hasWildcard(origins) {
+	return origins.includes("*");
+}
 //#endregion
 //#region src/rules/jwt-token.ts
 let JwtTokenRule = class JwtTokenRule extends DiagnoseRule {
@@ -1053,45 +996,34 @@ function runRepair(input) {
 	}
 }
 //#endregion
-//#region src/backup.ts
-const BACKUP_PATH = "/home/gem/workspace/.force/openclaw/core-backup.json";
-function runBackup(input) {
+//#region src/paths.ts
+/**
+* Central directory for all ephemeral diagnose/reset artifacts: task status
+* files (`reset-<taskId>.json`) and human-readable step logs
+* (`reset-<taskId>.log`). Having everything under one dir makes debugging a
+* stuck reset much easier — `ls /tmp/openclaw-diagnose/` shows every recent
+* run, and each run's log is right next to its state.
+*/
+const DIAGNOSE_DIR = "/tmp/openclaw-diagnose";
+function resetResultFile(taskId) {
+	return `${DIAGNOSE_DIR}/reset-${taskId}.json`;
+}
+function resetLogFile(taskId) {
+	return `${DIAGNOSE_DIR}/reset-${taskId}.log`;
+}
+//#endregion
+//#region src/logger.ts
+function makeLogger(logFile) {
 	try {
-		const { configPath } = input;
+		const dir = node_path.default.dirname(logFile);
+		if (!node_fs.default.existsSync(dir)) node_fs.default.mkdirSync(dir, { recursive: true });
+	} catch {}
+	return (msg) => {
+		const line = `[${(/* @__PURE__ */ new Date()).toISOString()}] ${msg}\n`;
 		try {
-			const validateOutput = shell("openclaw config validate --json");
-			if (!JSON.parse(validateOutput).valid) return {
-				success: false,
-				error: "config validation failed"
-			};
-		} catch (e) {
-			return {
-				success: false,
-				error: "config validate command failed: " + e.message
-			};
-		}
-		if (!fileExists(configPath)) return {
-			success: false,
-			error: "config file not found: " + configPath
-		};
-		const config = loadJSON5().parse(readFile(configPath));
-		const backup = { _backup_meta: { created_at: (/* @__PURE__ */ new Date()).toISOString() } };
-		if (config.agents) backup.agents = config.agents;
-		if (config.bindings) backup.bindings = config.bindings;
-		const feishu = config.channels?.feishu;
-		if (feishu?.accounts) backup.channels = { feishu: { accounts: feishu.accounts } };
-		const backupDir = node_path.default.dirname(BACKUP_PATH);
-		if (!node_fs.default.existsSync(backupDir)) node_fs.default.mkdirSync(backupDir, { recursive: true });
-		const tmpPath = BACKUP_PATH + ".tmp";
-		node_fs.default.writeFileSync(tmpPath, JSON.stringify(backup, null, 2), "utf-8");
-		node_fs.default.renameSync(tmpPath, BACKUP_PATH);
-		return { success: true };
-	} catch (e) {
-		return {
-			success: false,
-			error: "backup failed: " + e.message
-		};
-	}
+			node_fs.default.appendFileSync(logFile, line);
+		} catch {}
+	};
 }
 //#endregion
 //#region src/reset-async.ts
@@ -1102,7 +1034,9 @@ function runBackup(input) {
 */
 function startAsyncReset(ctxBase64) {
 	const taskId = (0, node_crypto.randomUUID)();
-	const resultFile = `/tmp/openclaw-reset-${taskId}.json`;
+	const resultFile = resetResultFile(taskId);
+	const log = makeLogger(resetLogFile(taskId));
+	log(`=== startAsyncReset spawning worker for taskId=${taskId} ===`);
 	const initial = {
 		status: "running",
 		step: 0,
@@ -1126,6 +1060,7 @@ function startAsyncReset(ctxBase64) {
 		stdio: "ignore"
 	});
 	child.on("error", (err) => {
+		log(`FATAL worker failed to start: ${err.message}`);
 		const failResult = {
 			status: "failed",
 			step: 0,
@@ -1140,6 +1075,7 @@ function startAsyncReset(ctxBase64) {
 		node_fs.default.renameSync(errTmpPath, resultFile);
 	});
 	child.unref();
+	log(`spawned worker pid=${child.pid}`);
 	return { taskId };
 }
 //#endregion
@@ -1148,14 +1084,16 @@ const STEPS = [
 	"备份当前配置",
 	"生成默认配置",
 	"杀掉 openclaw 进程",
-	"重装 openclaw",
+	"等待沙箱初始化完成",
+	"确认 openclaw 版本",
 	"合并核心备份配置",
 	"复制启动脚本",
-	"重装内置插件",
+	"安装扩展",
 	"启动并验证"
 ];
 const TOTAL_STEPS = STEPS.length;
-const CORE_BACKUP_PATH = "/home/gem/workspace/.force/openclaw/core-backup.json";
+/** Pre-packed extensions archive on OSS. Update this URL when releasing a new version. */
+const EXTENSIONS_OSS_URL = "https://miaoda-template-online.oss-cn-beijing.aliyuncs.com/builtin/tool/pkg/openclaw-extensions-2026.4.9.tar.gz";
 /**
 * Directory holding the bundled openclaw template (openclaw.json + scripts/).
 * Synced from git@code.byted.org:apaas/miaoda-openclaw-template.git via
@@ -1202,8 +1140,11 @@ function markFailed(resultFile, step, error, startedAt) {
 	});
 }
 /** Step 1: Backup current config as openclaw.json.bak.N */
-function backupCurrentConfig(configPath) {
-	if (!fileExists(configPath)) return;
+function backupCurrentConfig(configPath, log) {
+	if (!fileExists(configPath)) {
+		log("no existing config, skip backup");
+		return;
+	}
 	const dir = node_path.default.dirname(configPath);
 	let maxN = 0;
 	try {
@@ -1215,117 +1156,321 @@ function backupCurrentConfig(configPath) {
 			}
 		}
 	} catch {}
-	node_fs.default.copyFileSync(configPath, configPath + ".bak." + (maxN + 1));
+	const bakPath = configPath + ".bak." + (maxN + 1);
+	node_fs.default.copyFileSync(configPath, bakPath);
+	log(`backed up to ${bakPath}`);
 }
 /** Step 2: Replace $$__XXX__ placeholders and write default config. */
-function generateDefaultConfig(srcDir, configPath, templateVars) {
+function generateDefaultConfig(srcDir, configPath, templateVars, log) {
 	const srcConfigPath = node_path.default.join(srcDir, "openclaw.json");
 	if (!fileExists(srcConfigPath)) throw new Error("template openclaw.json not found at " + srcConfigPath);
 	let content = node_fs.default.readFileSync(srcConfigPath, "utf-8");
-	for (const [placeholder, value] of Object.entries(templateVars)) content = content.split(placeholder).join(value);
+	let replaced = 0;
+	for (const [placeholder, value] of Object.entries(templateVars)) {
+		const parts = content.split(placeholder);
+		if (parts.length > 1) replaced += parts.length - 1;
+		content = parts.join(value);
+	}
 	node_fs.default.writeFileSync(configPath, content, "utf-8");
+	log(`wrote ${configPath} (${replaced} placeholder(s) replaced, ${Object.keys(templateVars).length} provided)`);
 }
 /** Step 3: Kill all openclaw processes. */
-function killOpenclawProcesses() {
+function killOpenclawProcesses(log) {
 	try {
 		shell("pkill -f openclaw-gateway || true", 5e3);
 	} catch {}
 	shell("sleep 2", 5e3);
+	log("killed openclaw-gateway processes");
+}
+/**
+* Step 4: Wait for the sandbox's own init (init_sandbox.sh / concurrent npm
+* install) to finish before we start our own npm i -g. Two npm processes
+* sharing ~/.npm cache + competing for disk/network just makes everything
+* crawl; letting init finish first is the cleanest way to get exclusive
+* access. Polls every 10s up to `maxWaitMs`. If the deadline is hit we fall
+* through anyway — better to try than to fail the reset outright.
+*/
+function waitForInitNpm(maxWaitMs, log) {
+	const deadline = Date.now() + maxWaitMs;
+	const ownPid = String(process.pid);
+	let polls = 0;
+	while (Date.now() < deadline) {
+		polls++;
+		let running = 0;
+		try {
+			const out = shell(`pgrep -af "init_sandbox.sh|npm install|npm i " | grep -v -- "${ownPid}" | wc -l`, 1e4);
+			running = parseInt(out.trim(), 10) || 0;
+		} catch {
+			log(`poll ${polls}: no concurrent npm, proceeding`);
+			return;
+		}
+		if (running === 0) {
+			log(`poll ${polls}: no concurrent npm, proceeding`);
+			return;
+		}
+		log(`poll ${polls}: ${running} concurrent npm/init process(es) still running, waiting 10s`);
+		try {
+			shell("sleep 10", 12e3);
+		} catch {}
+	}
+	log(`deadline (${maxWaitMs}ms) hit after ${polls} poll(s), proceeding anyway`);
 }
 /**
-* Step 4: Reinstall openclaw to the version specified in template.
+* Step 5: Ensure openclaw binary is at the template's recommended version.
 *
-* `npm i -g` contends on ~/.npm cache/lock with any concurrent npm (e.g. the
-* sandbox's own init_sandbox.sh busy installing plugin deps). Using
-* `shellUntilIdle` lets slow-but-progressing installs run freely (we only kill
-* on genuine idleness), and `retryUntilDeadline` recovers when we *are* killed
-* because another npm was holding the lock — the next attempt is likely to
-* succeed once that npm completes.
+* Only checks/installs the binary — does NOT run `doctor --fix` any more.
+* Extensions are installed separately via OSS tar.gz (Step 8), which means
+* the openclaw-lark extension schema is already in place when openclaw
+* starts, avoiding the schema-priority mismatch that caused doctor to
+* reject valid config fields like threadSession / footer.
 */
-async function reinstallOpenclaw(srcDir) {
-	const version = loadJSON5().parse(node_fs.default.readFileSync(node_path.default.join(srcDir, "openclaw.json"), "utf-8")).meta?.lastTouchedVersion;
+function ensureOpenclawBinary(srcDir, configPath, log) {
+	const targetVersion = loadJSON5().parse(node_fs.default.readFileSync(node_path.default.join(srcDir, "openclaw.json"), "utf-8")).meta?.lastTouchedVersion;
+	log(`target openclaw version: ${targetVersion ?? "<unset>"}`);
+	if (targetVersion && isOpenclawAtVersion(targetVersion)) {
+		log("openclaw already at target version, nothing to do");
+		return;
+	}
+	if (isOpenclawInstalled()) {
+		const updateCmd = `openclaw update${targetVersion ? " --tag " + targetVersion : ""} --yes --no-restart`;
+		log(`openclaw installed but version mismatched, running: ${updateCmd}`);
+		const timeout = 12 * 6e4;
+		const t = Date.now();
+		const tmpConfig = configPath + ".update-tmp";
+		const hadConfig = node_fs.default.existsSync(configPath);
+		if (hadConfig) {
+			node_fs.default.renameSync(configPath, tmpConfig);
+			log("temporarily hid config to bypass config guard");
+		}
+		try {
+			shell(updateCmd, timeout);
+			log(`openclaw update done in ${Date.now() - t}ms`);
+		} catch (e) {
+			const elapsed = Date.now() - t;
+			if (elapsed >= timeout - 1e3) log(`openclaw update timed out after ${elapsed}ms (non-fatal, continuing)`);
+			else throw e;
+		} finally {
+			if (hadConfig && node_fs.default.existsSync(tmpConfig)) {
+				node_fs.default.renameSync(tmpConfig, configPath);
+				log("restored config after update");
+			}
+		}
+	} else {
+		log("openclaw binary not found, running full reinstall");
+		fullReinstall(targetVersion, log);
+	}
+}
+/** Check if openclaw command exists (regardless of version). */
+function isOpenclawInstalled() {
+	try {
+		shell("which openclaw 2>/dev/null", 5e3);
+		return true;
+	} catch {
+		return false;
+	}
+}
+/** Full uninstall + reinstall from npm (slow path, triggers postinstall). */
+function fullReinstall(targetVersion, log) {
 	try {
-		shell("npm uninstall -g openclaw 2>/dev/null || true", 3e4);
+		shell("npm uninstall -g openclaw 2>/dev/null || true", 6e4);
 	} catch {}
-	const installCmd = `npm i -g openclaw@${version || "latest"} --loglevel=http --prefer-offline`;
-	await retryUntilDeadline(() => shellUntilIdle(installCmd, {
-		idleMs: 9e4,
-		maxTotalMs: 6e5
-	}), {
-		maxTotalMs: 12e5,
-		betweenAttemptsMs: 1e4
-	});
-	shell("openclaw doctor --fix", 12e4);
+	try {
+		shell("rm -rf /home/gem/.npm-global/lib/node_modules/openclaw /home/gem/.npm-global/bin/openclaw 2>/dev/null || true", 1e4);
+		log("force-cleaned residual openclaw global dir");
+	} catch {}
+	const installCmd = `npm i -g openclaw@${targetVersion || "latest"}`;
+	log(`running: ${installCmd}`);
+	const t = Date.now();
+	shell(installCmd, 30 * 6e4);
+	log(`npm install done in ${Date.now() - t}ms`);
 }
-/** Step 5: Merge core-backup.json into config + ensure allowedOrigins. */
-function mergeCoreBackupAndOrigins(configPath, vars) {
+/** Return true if `openclaw --version` output contains `targetVersion`. */
+function isOpenclawAtVersion(targetVersion) {
+	try {
+		return shell("openclaw --version 2>&1 || true", 1e4).includes(targetVersion);
+	} catch {
+		return false;
+	}
+}
+/** Step 6: Merge coreBackup from resetData + ensure allowedOrigins. */
+function mergeCoreBackupAndOrigins(configPath, vars, resetData, log) {
 	const JSON5 = loadJSON5();
-	if (fileExists(CORE_BACKUP_PATH)) {
-		const backup = JSON.parse(node_fs.default.readFileSync(CORE_BACKUP_PATH, "utf-8"));
+	const backup = resetData.coreBackup;
+	if (backup) {
 		const config = JSON5.parse(node_fs.default.readFileSync(configPath, "utf-8"));
-		if (backup.agents) config.agents = backup.agents;
-		if (backup.bindings) config.bindings = backup.bindings;
-		const backupAccounts = backup.channels?.feishu;
-		if (backupAccounts?.accounts) {
+		const merged = [];
+		if (backup.agents && backup.agents.length > 0) {
+			if (!config.agents) config.agents = {};
+			const agents = config.agents;
+			if (!Array.isArray(agents.list)) agents.list = [];
+			const configDir = node_path.default.dirname(configPath);
+			for (const agent of backup.agents) {
+				const enriched = {
+					id: agent.id,
+					name: agent.id,
+					workspace: agent.workspace,
+					agentDir: configDir + "/agents/" + agent.id + "/agent"
+				};
+				agents.list.push(enriched);
+			}
+			merged.push(`agents(+${backup.agents.length})`);
+			const list = agents.list;
+			let mainIdx = list.findIndex((a) => a.id === "main");
+			if (mainIdx < 0) {
+				list.unshift({ id: "main" });
+				mainIdx = 0;
+			}
+			list[mainIdx].subagents = { allowAgents: ["*"] };
+			list[mainIdx].default = true;
+			merged.push("main-team-mode");
+			const feishu = config.channels?.feishu;
+			if (feishu) {
+				if (!feishu.accounts) feishu.accounts = {};
+				const accounts = feishu.accounts;
+				const defaultAccount = {};
+				for (const key of [
+					"dmPolicy",
+					"allowFrom",
+					"groupPolicy",
+					"groupAllowFrom"
+				]) if (feishu[key] !== void 0) defaultAccount[key] = feishu[key];
+				if (Object.keys(defaultAccount).length > 0) {
+					accounts.default = defaultAccount;
+					merged.push("accounts.default");
+				}
+			}
+		}
+		if (backup.bindings && backup.bindings.length > 0) {
+			config.bindings = backup.bindings;
+			merged.push("bindings");
+		}
+		const backupAccounts = backup.channels?.feishu?.accounts;
+		if (backupAccounts && Object.keys(backupAccounts).length > 0) {
 			if (!config.channels) config.channels = {};
 			const ch = config.channels;
 			if (!ch.feishu) ch.feishu = {};
-			ch.feishu.accounts = backupAccounts.accounts;
+			const feishu = ch.feishu;
+			if (!feishu.accounts) feishu.accounts = {};
+			Object.assign(feishu.accounts, backupAccounts);
+			merged.push("channels.feishu.accounts");
 		}
 		node_fs.default.writeFileSync(configPath, JSON.stringify(config, null, 2), "utf-8");
-	}
+		log(`merged from coreBackup: [${merged.join(", ") || "nothing"}]`);
+	} else log("no coreBackup in resetData, skip multi-agent merge");
 	const expectedOrigins = Array.isArray(vars.expectedOrigins) ? vars.expectedOrigins : [];
-	if (expectedOrigins.length > 0) {
-		const config = JSON5.parse(node_fs.default.readFileSync(configPath, "utf-8"));
-		if (!config.gateway) config.gateway = {};
-		const gw = config.gateway;
-		if (!gw.controlUi) gw.controlUi = {};
-		const cui = gw.controlUi;
-		const current = Array.isArray(cui.allowedOrigins) ? cui.allowedOrigins.filter((o) => typeof o === "string") : [];
-		const seen = new Set(current);
-		const merged = [...current];
-		for (const o of expectedOrigins) if (!seen.has(o)) {
-			merged.push(o);
-			seen.add(o);
-		}
-		cui.allowedOrigins = merged;
-		node_fs.default.writeFileSync(configPath, JSON.stringify(config, null, 2), "utf-8");
+	if (expectedOrigins.length === 0) {
+		log("no expectedOrigins provided");
+		return;
+	}
+	const config = JSON5.parse(node_fs.default.readFileSync(configPath, "utf-8"));
+	if (!config.gateway) config.gateway = {};
+	const gw = config.gateway;
+	if (!gw.controlUi) gw.controlUi = {};
+	const cui = gw.controlUi;
+	const current = Array.isArray(cui.allowedOrigins) ? cui.allowedOrigins.filter((o) => typeof o === "string") : [];
+	if (current.includes("*")) {
+		log("allowedOrigins already contains \"*\", skip origin merge");
+		return;
+	}
+	const seen = new Set(current);
+	const added = [];
+	const mergedOrigins = [...current];
+	for (const o of expectedOrigins) if (!seen.has(o)) {
+		mergedOrigins.push(o);
+		seen.add(o);
+		added.push(o);
 	}
+	cui.allowedOrigins = mergedOrigins;
+	node_fs.default.writeFileSync(configPath, JSON.stringify(config, null, 2), "utf-8");
+	log(`allowedOrigins: added ${added.length} (${JSON.stringify(added)}), total now ${mergedOrigins.length}`);
 }
-/** Step 6: Copy startup scripts from template to agent dir. */
-function copyStartupScripts(srcDir, configDir) {
+/** Step 7: Copy startup scripts from template to agent dir. */
+function copyStartupScripts(srcDir, configDir, log) {
 	const srcScriptsDir = node_path.default.join(srcDir, "scripts");
 	const targetScriptsDir = node_path.default.join(configDir, "scripts");
-	if (!node_fs.default.existsSync(srcScriptsDir)) return;
+	if (!node_fs.default.existsSync(srcScriptsDir)) {
+		log(`no scripts/ in template, skip`);
+		return;
+	}
 	if (!node_fs.default.existsSync(targetScriptsDir)) node_fs.default.mkdirSync(targetScriptsDir, { recursive: true });
 	shell(`cp -r '${srcScriptsDir}'/* '${targetScriptsDir}/'`, 1e4);
+	log(`copied scripts/* -> ${targetScriptsDir}`);
 }
 /**
-* Step 7: Reinstall all plugins via openclaw CLI.
+* Step 8: Install extensions from OSS tar.gz or fall back to `openclaw plugins update`.
+*
+*   1. Derive the OSS URL from the openclaw version in the template config
+*   2. Download tar.gz → extract to a staging dir
+*   3. For each included extension, backup (mv) the user's existing copy
+*      to a temp dir — extensions NOT in the archive are left untouched
+*   4. Move the fresh extensions from staging to the target dir
+*
+* This bypasses npm entirely and avoids the schema-priority mismatch where
+* `openclaw doctor --fix` would validate config against the bundled feishu
+* plugin's strict schema before openclaw-lark is installed.
 *
-* Same contention story as Step 4 — under the hood this shells out to npm, so
-* we apply the same idle-timeout + retry strategy.
+* Falls back to `openclaw plugins update --all` if the OSS download fails.
 */
-async function reinstallPlugins() {
+function installExtensions(configDir, log) {
+	const ossUrl = EXTENSIONS_OSS_URL;
+	const targetExtDir = node_path.default.join(configDir, "extensions");
+	const tmpDir = node_path.default.join(configDir, `.ext-reset-tmp-${Date.now()}`);
+	const tarPath = node_path.default.join(tmpDir, "extensions.tar.gz");
+	node_fs.default.mkdirSync(tmpDir, { recursive: true });
 	try {
-		await retryUntilDeadline(() => shellUntilIdle("openclaw plugins update --all", {
-			idleMs: 12e4,
-			maxTotalMs: 6e5
-		}), {
-			maxTotalMs: 9e5,
-			betweenAttemptsMs: 1e4
-		});
-	} catch {}
+		log(`downloading extensions from ${ossUrl}`);
+		const dlStart = Date.now();
+		shell(`curl -fsSL '${ossUrl}' -o '${tarPath}'`, 5 * 6e4);
+		const size = node_fs.default.statSync(tarPath).size;
+		log(`download done in ${Date.now() - dlStart}ms (${(size / 1024 / 1024).toFixed(1)}MB)`);
+		shell(`tar -xzf '${tarPath}' -C '${tmpDir}'`, 6e4);
+		const stagedExtDir = node_path.default.join(tmpDir, "extensions");
+		if (!node_fs.default.existsSync(stagedExtDir)) throw new Error("tar.gz does not contain an extensions/ directory");
+		const extNames = node_fs.default.readdirSync(stagedExtDir).filter((name) => node_fs.default.statSync(node_path.default.join(stagedExtDir, name)).isDirectory());
+		log(`archive contains ${extNames.length} extension(s): ${extNames.join(", ")}`);
+		for (const name of extNames) {
+			const target = node_path.default.join(targetExtDir, name);
+			if (node_fs.default.existsSync(target)) node_fs.default.rmSync(target, {
+				recursive: true,
+				force: true
+			});
+			node_fs.default.renameSync(node_path.default.join(stagedExtDir, name), target);
+			log(`  ${name}: installed`);
+		}
+		const packinfo = node_path.default.join(stagedExtDir, ".packinfo.json");
+		if (node_fs.default.existsSync(packinfo)) {
+			node_fs.default.copyFileSync(packinfo, node_path.default.join(targetExtDir, ".packinfo.json"));
+			log(`packinfo: ${node_fs.default.readFileSync(packinfo, "utf-8").trim()}`);
+		}
+		log("extensions installed from OSS successfully");
+	} finally {
+		try {
+			node_fs.default.rmSync(tmpDir, {
+				recursive: true,
+				force: true
+			});
+		} catch {}
+	}
 }
-/** Step 8: Write secrets/provider key files and restart openclaw. */
-function writeSecretsAndRestart(vars, resetData, configDir) {
-	if (resetData.secretsContent && vars.secretsFilePath) writeFile(vars.secretsFilePath, resetData.secretsContent);
-	if (resetData.providerKeyContent && vars.providerFilePath) writeFile(vars.providerFilePath, resetData.providerKeyContent);
+/** Step 9: Write secrets/provider key files and restart openclaw. */
+function writeSecretsAndRestart(vars, resetData, configDir, log) {
+	if (resetData.secretsContent && vars.secretsFilePath) {
+		writeFile(vars.secretsFilePath, resetData.secretsContent);
+		log(`wrote secrets to ${vars.secretsFilePath}`);
+	}
+	if (resetData.providerKeyContent && vars.providerFilePath) {
+		writeFile(vars.providerFilePath, resetData.providerKeyContent);
+		log(`wrote provider key to ${vars.providerFilePath}`);
+	}
 	const restartScript = node_path.default.join(configDir, "scripts", "restart.sh");
-	if (fileExists(restartScript)) shell(`bash '${restartScript}'`, 3e4);
+	if (fileExists(restartScript)) {
+		const t = Date.now();
+		shell(`bash '${restartScript}'`, 3e4);
+		log(`restart.sh done in ${Date.now() - t}ms`);
+	} else log(`no restart.sh at ${restartScript}, skip`);
 }
 /**
-* Run the 8-step reset process. Called from the worker entry point.
+* Run the 9-step reset process. Called from the worker entry point.
 *
 * Each step is an independent function. The orchestrator handles progress
 * reporting, error handling, and process-level exception guards.
@@ -1334,49 +1479,66 @@ function writeSecretsAndRestart(vars, resetData, configDir) {
 * (see TEMPLATE_DIR) and synced from the miaoda-openclaw-template repo via
 * scripts/sync-template.sh, so no runtime download is required.
 */
-async function runReset(input, taskId, resultFile) {
+function runReset(input, taskId, resultFile) {
 	const startedAt = (/* @__PURE__ */ new Date()).toISOString();
 	const { configPath, vars, resetData } = input;
 	const configDir = node_path.default.dirname(configPath);
 	const srcDir = TEMPLATE_DIR;
 	let currentStep = 0;
+	let stepStartedAt = Date.now();
+	const log = makeLogger(resetLogFile(taskId));
+	log(`=== reset started, taskId=${taskId}, pid=${process.pid} ===`);
+	log(`configPath=${configPath}, configDir=${configDir}, templateDir=${srcDir}`);
 	if (!node_fs.default.existsSync(node_path.default.join(srcDir, "openclaw.json"))) {
-		markFailed(resultFile, 0, `bundled template not found at ${srcDir}`, startedAt);
+		const err = `bundled template not found at ${srcDir}`;
+		log(`ERROR: ${err}`);
+		markFailed(resultFile, 0, err, startedAt);
 		process.exit(1);
 	}
 	process.on("uncaughtException", (err) => {
+		log(`FATAL uncaughtException: ${err.message}\n${err.stack ?? ""}`);
 		markFailed(resultFile, currentStep, `uncaught exception: ${err.message}`, startedAt);
 		process.exit(1);
 	});
 	process.on("unhandledRejection", (reason) => {
+		log(`FATAL unhandledRejection: ${String(reason)}`);
 		markFailed(resultFile, currentStep, `unhandled rejection: ${reason}`, startedAt);
 		process.exit(1);
 	});
-	/** Advance to the next step, updating the progress file. */
+	/** Advance to the next step, updating the progress file and logging a boundary. */
 	const step = (n) => {
+		if (currentStep > 0) log(`step ${currentStep} "${STEPS[currentStep - 1]}" done in ${Date.now() - stepStartedAt}ms`);
 		currentStep = n;
+		stepStartedAt = Date.now();
+		log(`--- step ${n}/${TOTAL_STEPS}: ${STEPS[n - 1]} ---`);
 		updateProgress(resultFile, n, startedAt);
 	};
 	try {
 		step(1);
-		backupCurrentConfig(configPath);
+		backupCurrentConfig(configPath, log);
 		step(2);
-		generateDefaultConfig(srcDir, configPath, resetData.templateVars);
+		generateDefaultConfig(srcDir, configPath, resetData.templateVars, log);
 		step(3);
-		killOpenclawProcesses();
+		killOpenclawProcesses(log);
 		step(4);
-		await reinstallOpenclaw(srcDir);
+		waitForInitNpm(10 * 6e4, log);
 		step(5);
-		mergeCoreBackupAndOrigins(configPath, vars);
+		ensureOpenclawBinary(srcDir, configPath, log);
 		step(6);
-		copyStartupScripts(srcDir, configDir);
+		mergeCoreBackupAndOrigins(configPath, vars, resetData, log);
 		step(7);
-		await reinstallPlugins();
+		copyStartupScripts(srcDir, configDir, log);
 		step(8);
-		writeSecretsAndRestart(vars, resetData, configDir);
+		installExtensions(configDir, log);
+		step(9);
+		writeSecretsAndRestart(vars, resetData, configDir, log);
+		log(`step 9 "${STEPS[8]}" done in ${Date.now() - stepStartedAt}ms`);
+		log("=== reset completed successfully ===");
 		markDone(resultFile, startedAt);
 	} catch (e) {
-		markFailed(resultFile, currentStep, e.message, startedAt);
+		const err = e.message;
+		log(`ERROR in step ${currentStep} "${STEPS[currentStep - 1] ?? "init"}" after ${Date.now() - stepStartedAt}ms: ${err}\n${e.stack ?? ""}`);
+		markFailed(resultFile, currentStep, err, startedAt);
 		process.exit(1);
 	}
 }
@@ -1388,7 +1550,7 @@ async function runReset(input, taskId, resultFile) {
 * Returns immediately on terminal states (done/failed).
 */
 function getResetTask(taskId) {
-	const resultFile = `/tmp/openclaw-reset-${taskId}.json`;
+	const resultFile = resetResultFile(taskId);
 	const deadline = Date.now() + 3e4;
 	while (Date.now() < deadline) {
 		if (!node_fs.default.existsSync(resultFile)) {
@@ -1435,16 +1597,6 @@ switch (mode) {
 		else console.log(JSON.stringify(runRepair(input)));
 		break;
 	}
-	case "backup": {
-		const ctx = args.find((a) => a.startsWith("--ctx="))?.slice(6);
-		if (!ctx) {
-			console.error("Error: --ctx=<base64> is required");
-			node_process.default.exit(1);
-		}
-		const input = JSON.parse(Buffer.from(ctx, "base64").toString("utf-8"));
-		console.log(JSON.stringify(runBackup(input)));
-		break;
-	}
 	case "reset":
 		if (args.includes("--async")) {
 			const ctx = args.find((a) => a.startsWith("--ctx="))?.slice(6);
@@ -1460,11 +1612,8 @@ switch (mode) {
 				console.error("Error: --ctx=<base64> and --task-id=<id> are required for worker");
 				node_process.default.exit(1);
 			}
-			const resultFile = `/tmp/openclaw-reset-${taskId}.json`;
-			runReset(JSON.parse(Buffer.from(ctx, "base64").toString("utf-8")), taskId, resultFile).catch((e) => {
-				console.error("runReset failed:", e);
-				node_process.default.exit(1);
-			});
+			const resultFile = resetResultFile(taskId);
+			runReset(JSON.parse(Buffer.from(ctx, "base64").toString("utf-8")), taskId, resultFile);
 		} else {
 			console.error("Usage: reset --async --ctx=<base64> | reset --worker --task-id=<id> --ctx=<base64>");
 			node_process.default.exit(1);
@@ -1480,7 +1629,7 @@ switch (mode) {
 		break;
 	}
 	default:
-		console.error("Usage: mclaw-diagnose <check|repair|backup|reset|get_reset_task> [options]");
+		console.error("Usage: mclaw-diagnose <check|repair|reset|get_reset_task> [options]");
 		node_process.default.exit(1);
 }
 //#endregion

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lark-apaas/openclaw-scripts-diagnose-cli",
-  "version": "0.1.1-alpha.9",
+  "version": "0.1.1",
   "description": "CLI for OpenClaw config diagnose and repair with JSON5 support",
   "main": "dist/index.cjs",
   "bin": {

package/template/openclaw.json

@@ -1,7 +1,7 @@
 {
   "meta": {
     "lastTouchedVersion": "2026.4.9",
-    "lastTouchedAt": "2026-04-11T09:30:21.703Z"
+    "lastTouchedAt": "2026-04-13T03:14:33.386Z"
   },
   "wizard": {
     "lastRunAt": "2026-03-30T14:54:56.160Z",
@@ -448,14 +448,27 @@
   "plugins": {
     "allow": [
       "openclaw-lark",
-      "openclaw-extension-miaoda",
       "openclaw-extension-miaoda-coding",
-      "browser"
+      "browser",
+      "openclaw-mem0-plugin",
+      "openclaw-extension-miaoda"
     ],
     "entries": {
       "feishu": {
         "enabled": false
       },
+      "openclaw-lark": {
+        "enabled": true
+      },
+      "openclaw-extension-miaoda-coding": {
+        "enabled": true
+      },
+      "browser": {
+        "enabled": true
+      },
+      "openclaw-mem0-plugin": {
+        "enabled": false
+      },
       "openclaw-extension-miaoda": {
         "enabled": true,
         "config": {
@@ -466,15 +479,6 @@
             ]
           }
         }
-      },
-      "openclaw-lark": {
-        "enabled": true
-      },
-      "openclaw-extension-miaoda-coding": {
-        "enabled": true
-      },
-      "browser": {
-        "enabled": true
       }
     },
     "installs": {
@@ -491,31 +495,44 @@
         "resolvedAt": "2026-04-03T06:27:44.706Z",
         "installedAt": "2026-04-03T06:28:10.547Z"
       },
-      "openclaw-extension-miaoda": {
-        "source": "npm",
-        "installPath": "./extensions/openclaw-extension-miaoda",
-        "version": "1.0.9",
-        "installedAt": "2026-04-11T09:27:06.639Z",
-        "spec": "@lark-apaas/openclaw-extension-miaoda@1.0.9",
-        "resolvedVersion": "1.0.9",
-        "resolvedName": "@lark-apaas/openclaw-extension-miaoda",
-        "resolvedSpec": "@lark-apaas/openclaw-extension-miaoda@1.0.9",
-        "resolvedAt": "2026-04-11T09:27:06.639Z",
-        "integrity": "sha512-McNeuPAUDLrMhT3yZuwk9A7pI262r2CK1N1KNQP6VuzymkDUjx2sTcJPCEBB3bFkdXd0yUU983/OhJiaJo+JWg==",
-        "shasum": "a3c75886e40b63f39a33a2660932f8afdae6a514"
-      },
       "openclaw-extension-miaoda-coding": {
         "source": "npm",
         "spec": "@lark-apaas/openclaw-extension-miaoda-coding",
         "installPath": "./extensions/openclaw-extension-miaoda-coding",
-        "version": "1.0.8",
+        "version": "1.0.11",
         "resolvedName": "@lark-apaas/openclaw-extension-miaoda-coding",
-        "resolvedVersion": "1.0.8",
-        "resolvedSpec": "@lark-apaas/openclaw-extension-miaoda-coding@1.0.8",
-        "integrity": "sha512-uxlLtgH2CTwz56UTaZD+n/x1p2a3Q01o3Og7oLUJCm6izWHXFEI1SQhNnCPggrfSam49KFir8xB64tY4T9dt2Q==",
-        "shasum": "058eadf5bc71ae87f79b5096b9d96f4afb89a9db",
-        "resolvedAt": "2026-04-09T11:33:36.208Z",
-        "installedAt": "2026-04-09T11:33:37.171Z"
+        "resolvedVersion": "1.0.11",
+        "resolvedSpec": "@lark-apaas/openclaw-extension-miaoda-coding@1.0.11",
+        "integrity": "sha512-B2i3n367cR37UVJrDCTZSBljxUYzDZ4gWf3dw79XBdaZcq0G88XnkgyFmJoZijQd/HQP13xNBlfcLk4Lz2c6Bg==",
+        "shasum": "a6bf5efcec70bbd139ee7a75ea183e4f9751fd39",
+        "resolvedAt": "2026-04-13T14:40:18.926Z",
+        "installedAt": "2026-04-13T14:40:18.926Z"
+      },
+      "openclaw-mem0-plugin": {
+        "source": "npm",
+        "spec": "@shareclz/openclaw-mem0-plugin@1.1.2",
+        "installPath": "./extensions/openclaw-mem0-plugin",
+        "installedAt": "2026-04-13T03:13:10.564Z",
+        "version": "1.1.2",
+        "resolvedVersion": "1.1.2",
+        "resolvedName": "@shareclz/openclaw-mem0-plugin",
+        "resolvedSpec": "@shareclz/openclaw-mem0-plugin@1.1.2",
+        "resolvedAt": "2026-04-13T03:13:10.564Z",
+        "integrity": "sha512-j6m8oN6ykVc3a1/Bw0o7LmXmNApiGk6wxafrT0zW9m4UiqZe8LM4Y2LzvGEAnKwFdkUIkaSzpl/8Qp7MPy/zcQ==",
+        "shasum": "b1bdaa44917ce9535ba1acddb145ea0ed5d26bae"
+      },
+      "openclaw-extension-miaoda": {
+        "source": "npm",
+        "installPath": "./extensions/openclaw-extension-miaoda",
+        "version": "1.0.10",
+        "installedAt": "2026-04-14T12:21:23.090Z",
+        "spec": "@lark-apaas/openclaw-extension-miaoda@1.0.10",
+        "resolvedVersion": "1.0.10",
+        "resolvedName": "@lark-apaas/openclaw-extension-miaoda",
+        "resolvedSpec": "@lark-apaas/openclaw-extension-miaoda@1.0.10",
+        "resolvedAt": "2026-04-14T12:21:23.090Z",
+        "integrity": "sha512-aWXIBdzcjUQAdthiUjLhgGp8G0TMVB3wpAzR3wjscDRX7XAo1zhpmcWkBM0JNdrle1i3e5eB4hxVcLfn1yooNw==",
+        "shasum": "5ef5f6ef972d90b43091c79e8a1038a3052cc1f5"
       }
     }
   }