npm - @lawrenceliang-btc/atel-sdk - Versions diffs - 1.2.12 → 1.2.13 - Mend

@lawrenceliang-btc/atel-sdk 1.2.12 → 1.2.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +1 -1
package/bin/atel.mjs +768 -129
package/bin/notification-action-helpers.mjs +18 -1
package/bin/order-cancel-helpers.mjs +77 -0
package/package.json +2 -2
package/skill/atel-agent/SKILL.md +3 -3
package/skill/atel-agent/setup.sh +1 -1
package/skill/references/quickstart.md +1 -1

package/bin/atel.mjs CHANGED Viewed

@@ -67,6 +67,7 @@ import {
 } from '@lawrenceliang-btc/atel-sdk';
 import { TunnelManager, HeartbeatManager } from './tunnel-manager.mjs';
 import { buildAgentCallbackAction, getDirectExecutableActions, normalizeGatewayBind, shouldSkipAgentHook, shouldUseGatewaySession } from './notification-action-helpers.mjs';
+import { parseOrderCancelArgs, preflightOrderCancel } from './order-cancel-helpers.mjs';
 // ollama-manager removed — SDK does not run local models
 const initializeOllama = async () => {};
 const getOllamaStatus = async () => ({ running: false, models: [] });
@@ -74,9 +75,69 @@ import { parseAttachmentFlags, processAttachments } from './atel-attachment-help
 const ATEL_DIR = resolve(process.env.ATEL_DIR || '.atel');
 const IDENTITY_FILE = resolve(ATEL_DIR, 'identity.json');
-const ATEL_PLATFORM = process.env.ATEL_PLATFORM || process.env.ATEL_API || process.env.ATEL_REGISTRY || 'https://api.atelai.org';
-const REGISTRY_URL = process.env.ATEL_REGISTRY || ATEL_PLATFORM || 'https://api.atelai.org';
-const ATEL_RELAY = process.env.ATEL_RELAY || 'https://api.atelai.org';
+function readDefaultPlatformBase() {
+  const explicit = process.env.ATEL_PLATFORM || process.env.ATEL_API || process.env.ATEL_REGISTRY || '';
+  if (String(explicit).trim()) return String(explicit).trim().replace(/\/+$/, '');
+  try {
+    const networkFile = resolve(ATEL_DIR, 'network.json');
+    if (existsSync(networkFile)) {
+      const network = JSON.parse(readFileSync(networkFile, 'utf-8'));
+      const candidate = [network?.relayUrl, network?.platformUrl, network?.registryUrl].find((value) => typeof value === 'string' && value.trim());
+      if (candidate) return String(candidate).trim().replace(/\/+$/, '');
+    }
+  } catch {}
+  return 'https://api.atelai.org';
+}
+const DEFAULT_PLATFORM_BASE = readDefaultPlatformBase();
+const ATEL_PLATFORM = process.env.ATEL_PLATFORM || process.env.ATEL_API || process.env.ATEL_REGISTRY || DEFAULT_PLATFORM_BASE;
+const REGISTRY_URL = process.env.ATEL_REGISTRY || ATEL_PLATFORM || DEFAULT_PLATFORM_BASE;
+const ATEL_RELAY = process.env.ATEL_RELAY || DEFAULT_PLATFORM_BASE;
+function normalizeUrl(value = '') {
+  return String(value || '').trim().replace(/\/+$/, '');
+}
+function getEnvironmentProfile(url = '') {
+  const normalized = normalizeUrl(url);
+  if (!normalized) return { name: 'unknown', label: 'unknown', url: normalized };
+  try {
+    const parsed = new URL(normalized);
+    const host = String(parsed.hostname || '').toLowerCase();
+    if (host === 'api.atelai.org') return { name: 'production', label: 'production', url: normalized };
+    if (host === '127.0.0.1' || host === 'localhost') return { name: 'test', label: 'local-test', url: normalized };
+    if (host === '43.160.230.129' || host === '43.160.211.180') return { name: 'test', label: 'host-test', url: normalized };
+    return { name: 'custom', label: host || 'custom', url: normalized };
+  } catch {
+    return { name: 'custom', label: normalized, url: normalized };
+  }
+}
+function getCurrentEnvironmentSummary() {
+  const platform = getEnvironmentProfile(ATEL_PLATFORM);
+  const registry = getEnvironmentProfile(REGISTRY_URL);
+  const relay = getEnvironmentProfile(ATEL_RELAY);
+  const explicit = Boolean(String(process.env.ATEL_PLATFORM || process.env.ATEL_API || process.env.ATEL_REGISTRY || process.env.ATEL_RELAY || '').trim());
+  return {
+    profile: platform.name,
+    platform,
+    registry,
+    relay,
+    explicit,
+    atelDir: ATEL_DIR,
+  };
+}
+function ensureProductionAuthTarget() {
+  const env = getCurrentEnvironmentSummary();
+  if (env.platform.name === 'production') return env;
+  console.error(`Authorization blocked: current ATEL_DIR is targeting ${env.platform.label} (${env.platform.url || 'unknown'}), not production.`);
+  console.error(`ATEL_DIR: ${env.atelDir}`);
+  console.error('To authorize a code from https://atelai.org/login, run with explicit production endpoints:');
+  console.error('  ATEL_PLATFORM=https://api.atelai.org ATEL_REGISTRY=https://api.atelai.org ATEL_RELAY=https://api.atelai.org atel auth <code>');
+  process.exit(1);
+}
 const ATEL_NOTIFY_GATEWAY = process.env.ATEL_NOTIFY_GATEWAY || process.env.OPENCLAW_GATEWAY_URL || '';
 const ATEL_NOTIFY_TARGET = process.env.ATEL_NOTIFY_TARGET || '';
 const ATEL_NOTIFY_AUTO_BIND = /^(1|true|yes)$/i.test(String(process.env.ATEL_NOTIFY_AUTO_BIND || ''));
@@ -92,8 +153,13 @@ const PENDING_FILE = resolve(ATEL_DIR, 'pending-tasks.json');
 const RESULT_PUSH_QUEUE_FILE = resolve(ATEL_DIR, 'pending-result-pushes.json');
 const NOTIFY_TARGETS_FILE = resolve(ATEL_DIR, 'notify-targets.json');
 const NOTIFY_ROUTES_FILE = resolve(ATEL_DIR, 'notify-routes.json');
+const NOTIFY_CONSENTS_FILE = resolve(ATEL_DIR, 'notify-consents.json');
 const TELEGRAM_UPDATES_STATE_FILE = resolve(process.env.HOME || '/root', '.openclaw', 'deploy', 'sdk-telegram-updates.json');
 const TELEGRAM_BINDINGS_FILE = resolve(process.env.HOME || '/root', '.openclaw', 'deploy', 'sdk-telegram-bindings.json');
+const OPENCLAW_CONFIG_FILE = resolve(process.env.HOME || '/root', '.openclaw', 'openclaw.json');
+const OPENCLAW_TG_OFFSET_FILE = resolve(process.env.HOME || '/root', '.openclaw', 'telegram', 'update-offset-default.json');
+const OPENCLAW_GATEWAY_SYSTEMD_FILE = resolve(process.env.HOME || '/root', '.config', 'systemd', 'user', 'openclaw-gateway.service');
+const OPENCLAW_GATEWAY_SYSTEMD_OVERRIDE_FILE = resolve(process.env.HOME || '/root', '.config', 'systemd', 'user', 'openclaw-gateway.service.d', 'env.conf');
 const TRADE_TRACK_FILE = resolve(ATEL_DIR, 'tracked-orders.json');
 const P2P_STATUS_FILE = resolve(ATEL_DIR, 'p2p-task-status.jsonl');
 const PENDING_AGENT_CALLBACKS_FILE = resolve(ATEL_DIR, 'pending-agent-callbacks.json');
@@ -107,6 +173,47 @@ const DEFAULT_POLICY = { rateLimit: 60, maxPayloadBytes: 1048576, maxConcurrent:
 function ensureDir() { if (!existsSync(ATEL_DIR)) mkdirSync(ATEL_DIR, { recursive: true }); }
+function isPidAlive(pid) {
+  const n = Number(pid || 0);
+  if (!Number.isFinite(n) || n <= 0) return false;
+  try { process.kill(n, 0); return true; }
+  catch { return false; }
+}
+function getStartInstanceLockFile(port) {
+  return resolve(ATEL_DIR, `start-instance-${String(port || '3100')}.lock.json`);
+}
+function acquireStartInstanceLock(port) {
+  ensureDir();
+  const file = getStartInstanceLockFile(port);
+  let existing = null;
+  if (existsSync(file)) {
+    try { existing = JSON.parse(readFileSync(file, 'utf-8')); } catch {}
+  }
+  if (existing?.pid && existing.pid !== process.pid && isPidAlive(existing.pid)) {
+    return { ok: false, file, existing };
+  }
+  const payload = {
+    pid: process.pid,
+    port: Number(port || 0),
+    did: (() => { try { return requireIdentity().did; } catch { return ''; } })(),
+    startedAt: new Date().toISOString(),
+  };
+  writeFileSync(file, JSON.stringify(payload, null, 2));
+  return { ok: true, file, existing };
+}
+function releaseStartInstanceLock(port) {
+  const file = getStartInstanceLockFile(port);
+  if (!existsSync(file)) return false;
+  try {
+    const current = JSON.parse(readFileSync(file, 'utf-8'));
+    if (Number(current?.pid || 0) !== process.pid) return false;
+  } catch {}
+  try { unlinkSync(file); return true; } catch { return false; }
+}
 function ensureOrderWorkspace(orderId, context = {}) {
   ensureDir();
   const safeOrderId = String(orderId || 'unknown').replace(/[^a-zA-Z0-9._-]/g, '_');
@@ -212,6 +319,18 @@ function summarizeAgentOutput(text, maxChars = 300) {
   return trimmed.substring(0, maxChars);
 }
+function isKnownInvalidLocalAgentStdout(text) {
+  const value = String(text || '').trim();
+  if (!value) return false;
+  const lowered = value.toLowerCase();
+  return lowered.includes('401 该令牌已过期')
+    || lowered.includes('token expired')
+    || lowered.includes('plugin register() called')
+    || lowered.includes('plugin registration complete')
+    || lowered.includes('session file locked')
+    || lowered.includes('session locked');
+}
 // ═══════════════════════════════════════════════════════════════════
 // Notification Target System — auto-discover gateway, manage targets
 // ═══════════════════════════════════════════════════════════════════
@@ -226,6 +345,86 @@ function saveNotifyTargets(data) {
   writeFileSync(NOTIFY_TARGETS_FILE, JSON.stringify(data, null, 2));
 }
+function markNotifyTargetUsed(targets, deliveredTarget, usedAt) {
+  const list = Array.isArray(targets?.targets) ? targets.targets : [];
+  const id = String(deliveredTarget?.id || '').trim();
+  const channel = String(deliveredTarget?.channel || '').trim();
+  const targetValue = String(deliveredTarget?.target || '').trim();
+  for (const item of list) {
+    if (!item || typeof item !== 'object') continue;
+    if (id && String(item.id || '').trim() === id) {
+      item.lastUsedAt = usedAt;
+      return true;
+    }
+    if (channel && targetValue && String(item.channel || '').trim() === channel && String(item.target || '').trim() === targetValue) {
+      item.lastUsedAt = usedAt;
+      return true;
+    }
+  }
+  return false;
+}
+function loadNotifyConsents() {
+  try { return JSON.parse(readFileSync(NOTIFY_CONSENTS_FILE, 'utf-8')); }
+  catch { return { version: 1, consents: [] }; }
+}
+function saveNotifyConsents(data) {
+  ensureDir();
+  writeFileSync(NOTIFY_CONSENTS_FILE, JSON.stringify(data, null, 2));
+}
+function extractTelegramBotId(botToken = '') {
+  const token = String(botToken || '').trim();
+  return token ? (token.split(':', 1)[0] || '') : '';
+}
+function upsertNotifyConsent({ did, channel, target, botToken, source = 'notify_bind', status = 'active' }) {
+  const ownerDid = String(did || '').trim();
+  const normalizedChannel = String(channel || '').trim();
+  const normalizedTarget = String(target || '').trim();
+  if (!ownerDid || !normalizedChannel || !normalizedTarget) return false;
+  const data = loadNotifyConsents();
+  if (!Array.isArray(data.consents)) data.consents = [];
+  const now = new Date().toISOString();
+  const botId = normalizedChannel === 'telegram' ? extractTelegramBotId(botToken) : '';
+  const existing = data.consents.find((item) => item && item.did === ownerDid && item.channel === normalizedChannel && item.target === normalizedTarget);
+  if (existing) {
+    existing.status = status;
+    existing.updatedAt = now;
+    existing.revokedAt = status === 'revoked' ? (existing.revokedAt || now) : null;
+    if (status !== 'revoked') existing.consentedAt = existing.consentedAt || now;
+    existing.source = source || existing.source || 'notify_bind';
+    if (botId) existing.botId = botId;
+  } else {
+    data.consents.push({
+      did: ownerDid,
+      channel: normalizedChannel,
+      target: normalizedTarget,
+      botId: botId || undefined,
+      source,
+      status,
+      consentedAt: status === 'revoked' ? null : now,
+      revokedAt: status === 'revoked' ? now : null,
+      updatedAt: now,
+    });
+  }
+  saveNotifyConsents(data);
+  return true;
+}
+function revokeNotifyConsent({ did, channel, target, reason = 'notify_remove' }) {
+  return upsertNotifyConsent({ did, channel, target, source: reason, status: 'revoked' });
+}
+function listNotifyConsentsForDid(did) {
+  const ownerDid = String(did || '').trim();
+  if (!ownerDid) return [];
+  const data = loadNotifyConsents();
+  const items = Array.isArray(data.consents) ? data.consents : [];
+  return items.filter((item) => item && item.did === ownerDid);
+}
 function loadNotifyRoutes() {
   try { return JSON.parse(readFileSync(NOTIFY_ROUTES_FILE, 'utf-8')); }
   catch { return { version: 1, defaultTelegram: null, orderBindings: {} }; }
@@ -289,24 +488,26 @@ function resolveNotifyTargets(orderId = '') {
   const primary = getPrimaryTelegramTarget();
   const preferred = (orderId && routes.orderBindings && routes.orderBindings[orderId]) || routes.defaultTelegram || (primary ? { chatId: String(primary.target), botToken: primary.botToken, updatedAt: primary.lastUsedAt || primary.createdAt || new Date().toISOString() } : null);
   if (!preferred?.chatId) return { targets, enabled };
-  let hasTelegram = false;
+  const bindingTarget = resolveNotifyBindTarget(preferred.chatId, preferred.botToken || discoverTelegramBot() || '');
+  let hasBoundTarget = false;
   enabled = enabled.map((target) => {
-    if (target.channel !== 'telegram') return target;
-    hasTelegram = true;
+    if (target.channel !== bindingTarget.channel) return target;
+    if (String(target.target) !== String(preferred.chatId)) return target;
+    hasBoundTarget = true;
     return {
       ...target,
       target: String(preferred.chatId),
-      botToken: preferred.botToken || target.botToken,
+      botToken: bindingTarget.channel === 'telegram' ? (preferred.botToken || target.botToken) : undefined,
       routeSource: orderId && routes.orderBindings && routes.orderBindings[orderId] ? 'order' : 'default',
     };
   });
-  if (!hasTelegram) {
+  if (!hasBoundTarget) {
     enabled = [{
-      id: `tg_${preferred.chatId}`,
-      channel: 'telegram',
+      id: bindingTarget.id,
+      channel: bindingTarget.channel,
       target: String(preferred.chatId),
-      botToken: preferred.botToken || discoverTelegramBot() || undefined,
-      label: orderId ? `order:${orderId}` : 'owner',
+      botToken: bindingTarget.channel === 'telegram' ? (preferred.botToken || discoverTelegramBot() || undefined) : undefined,
+      label: orderId ? 'order:' + orderId : 'owner',
       enabled: true,
       createdAt: preferred.updatedAt || new Date().toISOString(),
       lastUsedAt: null,
@@ -351,45 +552,308 @@ function autoBindNotifications() {
   if (!chatId) return;
   const botToken = routes.defaultTelegram?.botToken || discoverTelegramBot();
-  const id = `tg_${chatId}`;
+  const bindingTarget = resolveNotifyBindTarget(chatId, botToken || '');
   targets.targets.push({
-    id, channel: 'telegram', target: chatId,
-    botToken: botToken || undefined,
+    id: bindingTarget.id,
+    channel: bindingTarget.channel,
+    target: String(chatId),
+    botToken: bindingTarget.channel === 'telegram' ? (botToken || undefined) : undefined,
     label: 'owner', enabled: true,
     createdAt: new Date().toISOString(), lastUsedAt: null,
   });
   saveNotifyTargets(targets);
   rememberTelegramRoute(chatId, botToken || undefined);
-  console.log(`🔔 Auto-bound TG notifications to chat ${chatId}`);
+  try { upsertNotifyConsent({ did: requireIdentity().did, channel: 'telegram', target: String(chatId), botToken, source: 'auto_bind', status: 'active' }); } catch {}
+  console.log(`🔔 Auto-bound ${bindingTarget.channel} notifications to chat ${chatId}`);
 }
 // Auto-discover OpenClaw gateway: read token + find port
+function loadOpenClawGatewayRuntimeHints() {
+  const hints = { ports: [], binds: [], urls: [] };
+  const addPort = (value) => {
+    const port = Number.parseInt(String(value || '').trim(), 10);
+    if (Number.isFinite(port) && port > 0 && !hints.ports.includes(port)) hints.ports.push(port);
+  };
+  const addBind = (value) => {
+    const bind = normalizeGatewayBind(String(value || '').trim() || '127.0.0.1');
+    if (bind && !hints.binds.includes(bind)) hints.binds.push(bind);
+  };
+  const addUrl = (value) => {
+    const url = String(value || '').trim();
+    if (url && !hints.urls.includes(url)) hints.urls.push(url);
+  };
+  const parseRuntimeText = (content) => {
+    if (!content) return;
+    for (const match of content.matchAll(/(?:--port|OPENCLAW_GATEWAY_PORT=)(\d+)/g)) addPort(match[1]);
+    for (const match of content.matchAll(/(?:--host|--bind)\s+([^\s"']+)/g)) addBind(match[1]);
+    for (const match of content.matchAll(/OPENCLAW_GATEWAY_URL=([^\s"']+)/g)) addUrl(match[1]);
+  };
+  addPort(process.env.OPENCLAW_GATEWAY_PORT);
+  addBind(process.env.OPENCLAW_GATEWAY_BIND || process.env.OPENCLAW_GATEWAY_HOST);
+  addUrl(process.env.OPENCLAW_GATEWAY_URL || process.env.ATEL_NOTIFY_GATEWAY);
+  for (const candidate of [OPENCLAW_GATEWAY_SYSTEMD_FILE, OPENCLAW_GATEWAY_SYSTEMD_OVERRIDE_FILE]) {
+    try {
+      if (existsSync(candidate)) parseRuntimeText(readFileSync(candidate, 'utf-8'));
+    } catch {}
+  }
+  return hints;
+}
 function discoverGateway() {
-  // 1. Env override
-  if (process.env.ATEL_NOTIFY_GATEWAY || process.env.OPENCLAW_GATEWAY_URL) {
-    const url = process.env.ATEL_NOTIFY_GATEWAY || process.env.OPENCLAW_GATEWAY_URL;
-    let token = '';
-    try { token = JSON.parse(readFileSync(join(process.env.HOME || '', '.openclaw/openclaw.json'), 'utf-8')).gateway?.auth?.token || ''; } catch {}
-    return { url, token };
-  }
-  // 2. Read from ~/.openclaw/openclaw.json
+  const candidateUrls = [];
+  const seen = new Set();
+  const addCandidate = (url, source) => {
+    const normalized = String(url || '').trim();
+    if (!normalized || seen.has(normalized)) return;
+    seen.add(normalized);
+    candidateUrls.push({ url: normalized, source });
+  };
+  const addPortCandidates = (port, bind, source) => {
+    const parsedPort = Number.parseInt(String(port || '').trim(), 10);
+    if (!Number.isFinite(parsedPort) || parsedPort <= 0) return;
+    const hosts = new Set([
+      normalizeGatewayBind(bind || '127.0.0.1'),
+      '127.0.0.1',
+      'localhost',
+    ]);
+    for (const host of hosts) addCandidate(`http://${host}:${parsedPort}`, source);
+  };
+  let token = '';
+  let cfg = null;
   try {
-    const cfg = JSON.parse(readFileSync(join(process.env.HOME || '', '.openclaw/openclaw.json'), 'utf-8'));
-    const token = cfg.gateway?.auth?.token || '';
-    const port = cfg.gateway?.port || 18789;
-    const bind = normalizeGatewayBind(cfg.gateway?.bind || '127.0.0.1');
-    return { url: `http://${bind}:${port}`, token };
-  } catch { return null; }
+    cfg = JSON.parse(readFileSync(OPENCLAW_CONFIG_FILE, 'utf-8'));
+    token = String(cfg?.gateway?.auth?.token || '').trim();
+  } catch {}
+  const explicitUrl = process.env.ATEL_NOTIFY_GATEWAY || process.env.OPENCLAW_GATEWAY_URL;
+  if (explicitUrl) addCandidate(explicitUrl, 'env_url');
+  const hints = loadOpenClawGatewayRuntimeHints();
+  for (const url of hints.urls) addCandidate(url, 'runtime_url');
+  for (const port of hints.ports) addPortCandidates(port, hints.binds[0], 'runtime_port');
+  if (cfg?.gateway?.port) addPortCandidates(cfg.gateway.port, cfg.gateway?.bind || '127.0.0.1', 'config');
+  const fallbackPort = Number.parseInt(String(process.env.OPENCLAW_GATEWAY_PORT || '').trim(), 10);
+  if (Number.isFinite(fallbackPort) && fallbackPort > 0) addPortCandidates(fallbackPort, process.env.OPENCLAW_GATEWAY_BIND || process.env.OPENCLAW_GATEWAY_HOST || '127.0.0.1', 'env_port');
+  if (candidateUrls.length === 0) addPortCandidates(18789, '127.0.0.1', 'default');
+  if (!token && candidateUrls.length === 0) return null;
+  return { url: candidateUrls[0]?.url || '', token, candidates: candidateUrls };
+}
+async function invokeGatewayTelegramMessage(target, message, timeoutMs = 5000) {
+  const gw = discoverGateway();
+  const candidates = Array.isArray(gw?.candidates) && gw.candidates.length > 0 ? gw.candidates : (gw?.url ? [{ url: gw.url, source: 'legacy' }] : []);
+  let last = { ok: false, reason: 'missing_gateway', error: 'missing_gateway', status: 0, url: '' };
+  if (gw?.token && candidates.length > 0) {
+    for (const candidate of candidates) {
+      try {
+        const resp = await fetch(`${candidate.url}/tools/invoke`, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${gw.token}` },
+          body: JSON.stringify({ tool: 'message', args: { action: 'send', channel: 'telegram', message, target } }),
+          signal: AbortSignal.timeout(timeoutMs),
+        });
+        if (resp.ok) return { ok: true, status: resp.status, url: candidate.url, source: candidate.source };
+        let detail = `http_${resp.status}`;
+        try {
+          const payload = await resp.json();
+          detail = payload?.error?.message || payload?.message || detail;
+        } catch {}
+        last = { ok: false, reason: 'http_error', error: detail, status: resp.status, url: candidate.url, source: candidate.source };
+      } catch (e) {
+        last = { ok: false, reason: 'fetch_failed', error: e.message || 'fetch_failed', status: 0, url: candidate.url, source: candidate.source };
+      }
+    }
+  }
+  const oc = loadOpenClawConfig();
+  const botToken = String(oc?.channels?.telegram?.botToken || '').trim();
+  if (botToken) {
+    try {
+      const data = await sendTelegramBotRequest(botToken, 'sendMessage', { chat_id: target, text: message }, timeoutMs);
+      if (data?.ok !== false) {
+        return { ok: true, status: 200, url: 'telegram://openclaw-bot', source: 'openclaw_bot_fallback' };
+      }
+      last = { ok: false, reason: 'telegram_http_error', error: data?.description || 'http_200', status: 200, url: 'telegram://openclaw-bot', source: 'openclaw_bot_fallback' };
+    } catch (e) {
+      last = { ok: false, reason: 'telegram_fetch_failed', error: e.message || 'fetch_failed', status: 0, url: 'telegram://openclaw-bot', source: 'openclaw_bot_fallback' };
+    }
+  }
+  return last;
+}
+async function sendTelegramBotRequest(botToken, method, payload, timeoutMs = 5000) {
+  const url = `https://api.telegram.org/bot${botToken}/${method}`;
+  const options = {
+    method: 'POST',
+    signal: AbortSignal.timeout(timeoutMs),
+  };
+  if (payload instanceof FormData) {
+    options.body = payload;
+  } else {
+    options.headers = { 'Content-Type': 'application/json' };
+    options.body = JSON.stringify(payload);
+  }
+  const resp = await fetch(url, options);
+  const data = await resp.json().catch(() => null);
+  if (!resp.ok || data?.ok === false) {
+    throw new Error(data?.description || `http_${resp.status}`);
+  }
+  return data;
+}
+function decodeDataUrl(dataUrl = '') {
+  const match = String(dataUrl || '').match(/^data:([^;]+);base64,(.+)$/);
+  if (!match) return null;
+  const [, mimeType, base64] = match;
+  try {
+    return { mimeType, buffer: Buffer.from(base64, 'base64') };
+  } catch {
+    return null;
+  }
+}
+function buildMediaCaption(message = '', payload = {}, index = 0) {
+  const base = String(message || '').trim();
+  const sender = String(payload.peerDid || '').trim();
+  const extra = index === 0 && sender ? `来自: ${sender}` : '';
+  return [base, extra].filter(Boolean).join('\n').slice(0, 900);
+}
+async function fetchTelegramUploadSource(item, defaultName, defaultMimeType, timeoutMs = 5000) {
+  if (item?.kind === 'inline' && item?.data) {
+    const decoded = decodeDataUrl(item.data);
+    if (decoded?.buffer) {
+      return {
+        name: item.name || defaultName,
+        mimeType: decoded.mimeType || item.mimeType || defaultMimeType,
+        buffer: decoded.buffer,
+      };
+    }
+  }
+  const mediaUrl = String(item?.downloadUrl || item?.url || '').trim();
+  if (!mediaUrl) throw new Error('missing_media_url');
+  const resp = await fetch(mediaUrl, { signal: AbortSignal.timeout(timeoutMs) });
+  if (!resp.ok) throw new Error(`attachment_fetch_http_${resp.status}`);
+  const arrayBuffer = await resp.arrayBuffer();
+  return {
+    name: item?.name || defaultName,
+    mimeType: item?.mimeType || resp.headers.get('content-type') || defaultMimeType,
+    buffer: Buffer.from(arrayBuffer),
+  };
+}
+async function sendTelegramPhoto(botToken, chatId, image, caption = '', timeoutMs = 5000) {
+  const source = await fetchTelegramUploadSource(image, 'image', image?.mimeType || 'image/png', timeoutMs);
+  const form = new FormData();
+  form.append('chat_id', String(chatId));
+  if (caption) form.append('caption', caption);
+  form.append('photo', new Blob([source.buffer], { type: source.mimeType || 'image/png' }), source.name || 'image');
+  return await sendTelegramBotRequest(botToken, 'sendPhoto', form, timeoutMs);
+}
+async function sendTelegramDocumentLike(botToken, method, fieldName, chatId, attachment, caption = '', timeoutMs = 5000) {
+  const source = await fetchTelegramUploadSource(attachment, attachment?.name || fieldName, attachment?.mimeType || 'application/octet-stream', timeoutMs);
+  const form = new FormData();
+  form.append('chat_id', String(chatId));
+  if (caption) form.append('caption', caption);
+  form.append(fieldName, new Blob([source.buffer], { type: source.mimeType || 'application/octet-stream' }), source.name || fieldName);
+  return await sendTelegramBotRequest(botToken, method, form, timeoutMs);
+}
+async function sendTelegramRichMedia(botToken, chatId, message, payload = {}, timeoutMs = 5000) {
+  const images = Array.isArray(payload.images) ? payload.images : [];
+  const attachments = Array.isArray(payload.attachments) ? payload.attachments : [];
+  let sent = false;
+  for (let i = 0; i < images.length; i++) {
+    await sendTelegramPhoto(botToken, chatId, images[i], buildMediaCaption(message, payload, i), timeoutMs);
+    sent = true;
+  }
+  for (let i = 0; i < attachments.length; i++) {
+    const attachment = attachments[i] || {};
+    const kind = String(attachment.kind || '').toLowerCase();
+    const mimeType = String(attachment.mimeType || '').toLowerCase();
+    const caption = buildMediaCaption(message, payload, images.length + i);
+    if (kind === 'audio' || mimeType.startsWith('audio/')) {
+      try {
+        await sendTelegramDocumentLike(botToken, 'sendAudio', 'audio', chatId, attachment, caption, timeoutMs);
+      } catch {
+        await sendTelegramDocumentLike(botToken, 'sendDocument', 'document', chatId, attachment, caption, timeoutMs);
+      }
+    } else if (kind === 'video' || mimeType.startsWith('video/')) {
+      try {
+        await sendTelegramDocumentLike(botToken, 'sendVideo', 'video', chatId, attachment, caption, timeoutMs);
+      } catch {
+        await sendTelegramDocumentLike(botToken, 'sendDocument', 'document', chatId, attachment, caption, timeoutMs);
+      }
+    } else {
+      await sendTelegramDocumentLike(botToken, 'sendDocument', 'document', chatId, attachment, caption, timeoutMs);
+    }
+    sent = true;
+  }
+  return sent;
 }
 function loadOpenClawConfig() {
   try {
-    return JSON.parse(readFileSync(join(process.env.HOME || '', '.openclaw/openclaw.json'), 'utf-8'));
+    return JSON.parse(readFileSync(OPENCLAW_CONFIG_FILE, 'utf-8'));
   } catch {
     return null;
   }
 }
+function loadOpenClawTelegramOffset() {
+  try {
+    return JSON.parse(readFileSync(OPENCLAW_TG_OFFSET_FILE, 'utf-8'));
+  } catch {
+    return null;
+  }
+}
+function getTelegramInboundHostMode(config) {
+  const explicit = String(process.env.ATEL_NOTIFY_TG_INGRESS || '').trim().toLowerCase();
+  if (explicit === 'sdk') return { mode: 'sdk', reason: 'env_override_sdk' };
+  if (explicit === 'openclaw') return { mode: 'openclaw', reason: 'env_override_openclaw' };
+  const oc = loadOpenClawConfig();
+  const enabled = oc?.channels?.telegram?.enabled === true;
+  const botToken = String(oc?.channels?.telegram?.botToken || '').trim();
+  const offset = loadOpenClawTelegramOffset();
+  const offsetBotId = String(offset?.botId || '').trim();
+  if (enabled && botToken && config?.botToken && botToken === config.botToken) {
+    return { mode: 'openclaw', reason: offsetBotId && offsetBotId === String(config.botId || '') ? 'openclaw_same_bot_active' : 'openclaw_same_bot_configured' };
+  }
+  return { mode: 'sdk', reason: 'sdk_default' };
+}
+function resolveNotifyBindTarget(chatId, botToken) {
+  const normalizedChatId = String(chatId || '').trim();
+  const normalizedBotToken = String(botToken || '').trim();
+  const botId = normalizedBotToken ? (normalizedBotToken.split(':', 1)[0] || 'telegram') : 'telegram';
+  const ingress = getTelegramInboundHostMode({ chatId: normalizedChatId, botToken: normalizedBotToken, botId });
+  if (ingress.mode === 'openclaw') {
+    return {
+      channel: 'gateway',
+      id: 'gw_' + normalizedChatId,
+      target: normalizedChatId,
+      label: 'owner',
+      ingress,
+      botToken: undefined,
+    };
+  }
+  return {
+    channel: 'telegram',
+    id: 'tg_' + normalizedChatId,
+    target: normalizedChatId,
+    label: 'owner',
+    ingress,
+    botToken: normalizedBotToken || undefined,
+  };
+}
 // Read TG bot token from openclaw config
 function discoverTelegramBot() {
   try {
@@ -441,6 +905,45 @@ function registerTelegramInboundBinding(did, config) {
   return { ownerDid: did, rebound: true };
 }
+function getTelegramBindingKey(chatId, botToken) {
+  const normalizedChatId = String(chatId || '').trim();
+  const normalizedBotToken = String(botToken || '').trim();
+  if (!normalizedChatId || !normalizedBotToken) return null;
+  const botId = normalizedBotToken.split(':', 1)[0] || 'telegram';
+  return { key: `${botId}:${normalizedChatId}`, botId, chatId: normalizedChatId };
+}
+function ensureTelegramBindingOwnership(did, chatId, botToken) {
+  const binding = getTelegramBindingKey(chatId, botToken);
+  if (!did || !binding) return { ok: true, ownerDid: String(did || '').trim(), key: binding?.key || '' };
+  const data = loadTelegramBindings();
+  if (!data.bindings || typeof data.bindings !== 'object') data.bindings = {};
+  const current = data.bindings[binding.key];
+  const ownerDid = String(current?.ownerDid || '').trim();
+  if (ownerDid && ownerDid !== did) {
+    return { ok: false, ownerDid, key: binding.key, botId: binding.botId, chatId: binding.chatId };
+  }
+  return { ok: true, ownerDid: ownerDid || String(did).trim(), key: binding.key, botId: binding.botId, chatId: binding.chatId };
+}
+function releaseTelegramBindingOwnership(did, chatId, botToken) {
+  const binding = getTelegramBindingKey(chatId, botToken);
+  if (!did || !binding) return false;
+  const data = loadTelegramBindings();
+  if (!data.bindings || typeof data.bindings !== 'object') data.bindings = {};
+  const current = data.bindings[binding.key];
+  if (!current || String(current.ownerDid || '').trim() !== String(did).trim()) return false;
+  delete data.bindings[binding.key];
+  saveTelegramBindings(data);
+  const state = loadTelegramUpdatesState();
+  if (state.leaders && state.leaders[binding.key] && String(state.leaders[binding.key].did || '').trim() === String(did).trim()) {
+    delete state.leaders[binding.key];
+    saveTelegramUpdatesState(state);
+  }
+  return true;
+}
 function acquireTelegramInboundLeader(did, config) {
   const state = loadTelegramUpdatesState();
   if (!state.leaders || typeof state.leaders !== 'object') state.leaders = {};
@@ -535,6 +1038,11 @@ async function pollTelegramInboundUpdates(targetDid) {
   const config = getTelegramInboundConfig();
   if (!config) return { status: 'noop' };
+  const ingressMode = getTelegramInboundHostMode(config);
+  if (ingressMode.mode === 'openclaw') {
+    return { status: 'hosted_by_openclaw', reason: ingressMode.reason, botId: config.botId, chatId: config.chatId };
+  }
   const binding = registerTelegramInboundBinding(targetDid, config);
   if (binding.ownerDid && binding.ownerDid !== targetDid) {
     return { status: 'follower', ownerDid: binding.ownerDid };
@@ -652,9 +1160,14 @@ async function pushTradeNotification(eventType, payload, body) {
     'milestone_rejected': (p) => {
       const desc = p.milestoneDescription ? `
 目标: ${p.milestoneDescription}` : '';
+      const submitCount = Number(p.submitCount || 0);
+      const arbitrationNote = submitCount >= 3 || p.maxReached
+        ? `
+由于连续 3 次被拒，已进入仲裁待决状态，等待人工决定是否发起仲裁`
+        : '';
       return `❌ 里程碑 M${p.milestoneIndex ?? '?'} 被拒绝
 订单: ${p.orderId || body?.orderId || '?'}${desc}
-原因: ${p.rejectReason || '未说明'}`;
+原因: ${p.rejectReason || '未说明'}${arbitrationNote}`;
     },
     'order_completed': (p) => `📦 订单已提交完成
 订单: ${p.orderId || body?.orderId || '?'}
@@ -704,24 +1217,15 @@ USDC 已支付`;
           continue;
         }
       } else if (target.channel === 'gateway') {
-        const gw = discoverGateway();
-        if (gw?.url && gw?.token) {
-          const resp = await fetch(`${gw.url}/tools/invoke`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${gw.token}` },
-            body: JSON.stringify({ tool: 'message', args: { action: 'send', message, target: target.target } }),
-            signal: AbortSignal.timeout(5000),
-          });
-          if (!resp.ok) {
-            log({ event: 'trade_notify_delivery_error', eventType, channel: 'gateway', target: target.id || target.target, status: resp.status, error: `http_${resp.status}` });
-            continue;
-          }
-        } else {
-          log({ event: 'trade_notify_target_skipped', eventType, channel: 'gateway', target: target.id || target.target, reason: 'missing_gateway' });
+        const delivery = await invokeGatewayTelegramMessage(target.target, message, 5000);
+        if (!delivery.ok) {
+          log({ event: 'trade_notify_delivery_error', eventType, channel: 'gateway', target: target.id || target.target, status: delivery.status || 0, error: delivery.error || delivery.reason || 'gateway_failed', gatewayUrl: delivery.url || null });
           continue;
         }
       }
       target.lastUsedAt = new Date().toISOString();
+      markNotifyTargetUsed(targets, target, target.lastUsedAt);
+      log({ event: 'trade_notify_delivered', eventType, channel: target.channel, target: target.id || target.target, lastUsedAt: target.lastUsedAt });
     } catch (e) {
       log({ event: 'trade_notify_delivery_error', eventType, channel: target.channel, target: target.id || target.target, error: e.message || 'unknown_error' });
     }
@@ -771,41 +1275,33 @@ async function pushP2PNotification(eventType, payload = {}) {
   for (const target of enabled) {
     try {
+      const hasRichMedia = (Array.isArray(payload.images) && payload.images.length > 0) || (Array.isArray(payload.attachments) && payload.attachments.length > 0);
       if (target.channel === 'telegram') {
         if (!target.botToken) {
           log({ event: 'p2p_notify_target_skipped', eventType, channel: 'telegram', target: target.id || target.target, reason: 'missing_bot_token' });
           continue;
         }
-        const resp = await fetch(`https://api.telegram.org/bot${target.botToken}/sendMessage`, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({ chat_id: target.target, text: message }),
-          signal: AbortSignal.timeout(5000),
-        });
-        const data = await resp.json().catch(() => null);
-        if (!resp.ok || data?.ok === false) {
-          log({ event: 'p2p_notify_delivery_error', eventType, channel: 'telegram', target: target.id || target.target, status: resp.status, error: data?.description || `http_${resp.status}` });
-          continue;
+        if (hasRichMedia) {
+          await sendTelegramRichMedia(target.botToken, target.target, message, payload, 5000);
+        } else {
+          await sendTelegramBotRequest(target.botToken, 'sendMessage', { chat_id: target.target, text: message }, 5000);
         }
       } else if (target.channel === 'gateway') {
-        const gw = discoverGateway();
-        if (gw?.url && gw?.token) {
-          const resp = await fetch(`${gw.url}/tools/invoke`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${gw.token}` },
-            body: JSON.stringify({ tool: 'message', args: { action: 'send', message, target: target.target } }),
-            signal: AbortSignal.timeout(5000),
-          });
-          if (!resp.ok) {
-            log({ event: 'p2p_notify_delivery_error', eventType, channel: 'gateway', target: target.id || target.target, status: resp.status, error: `http_${resp.status}` });
+        const oc = loadOpenClawConfig();
+        const botToken = String(oc?.channels?.telegram?.botToken || '').trim();
+        if (hasRichMedia && botToken) {
+          await sendTelegramRichMedia(botToken, target.target, message, payload, 5000);
+        } else {
+          const delivery = await invokeGatewayTelegramMessage(target.target, message, 5000);
+          if (!delivery.ok) {
+            log({ event: 'p2p_notify_delivery_error', eventType, channel: 'gateway', target: target.id || target.target, status: delivery.status || 0, error: delivery.error || delivery.reason || 'gateway_failed', gatewayUrl: delivery.url || null });
             continue;
           }
-        } else {
-          log({ event: 'p2p_notify_target_skipped', eventType, channel: 'gateway', target: target.id || target.target, reason: 'missing_gateway' });
-          continue;
         }
       }
       target.lastUsedAt = new Date().toISOString();
+      markNotifyTargetUsed(targets, target, target.lastUsedAt);
+      log({ event: 'p2p_notify_delivered', eventType, channel: target.channel, target: target.id || target.target, lastUsedAt: target.lastUsedAt });
     } catch (e) {
       log({ event: 'p2p_notify_delivery_error', eventType, channel: target.channel, target: target.id || target.target, error: e.message || 'unknown_error' });
     }
@@ -1704,9 +2200,9 @@ async function getWalletAddresses() {
 function detectPreferredChain() {
   const config = loadAnchorConfig();
   if (config?.preferredChain) return config.preferredChain;
-  if (getChainPrivateKey('solana')) return 'solana';
-  if (getChainPrivateKey('base')) return 'base';
   if (getChainPrivateKey('bsc')) return 'bsc';
+  if (getChainPrivateKey('base')) return 'base';
+  if (getChainPrivateKey('solana')) return 'solana';
   return null;
 }
@@ -2864,7 +3360,7 @@ async function cmdAnchor(subcommand) {
 async function cmdInfo() {
   const id = requireIdentity();
-  const info = { agent_id: id.agent_id, did: id.did, capabilities: loadCapabilities(), policy: loadPolicy(), network: loadNetwork(), executor: EXECUTOR_URL || 'not configured' };
+  const info = { agent_id: id.agent_id, did: id.did, capabilities: loadCapabilities(), policy: loadPolicy(), network: loadNetwork(), executor: EXECUTOR_URL || 'not configured', environment: getCurrentEnvironmentSummary() };
   // Fetch wallet info from Platform
   try {
@@ -2983,11 +3479,11 @@ async function cmdSetup(port) {
   const net = await autoNetworkSetup(p, ATEL_RELAY);
   for (const step of net.steps) console.log(JSON.stringify({ event: 'step', message: step }));
   if (net.endpoint) {
-    saveNetwork({ publicIP: net.publicIP, port: p, endpoint: net.endpoint, upnp: net.upnpSuccess, reachable: net.reachable, configuredAt: new Date().toISOString() });
+    saveNetwork({ ...net, publicIP: net.publicIP, port: p, endpoint: net.endpoint, upnp: net.upnpSuccess, reachable: net.reachable, configuredAt: new Date().toISOString() });
     console.log(JSON.stringify({ status: 'ready', endpoint: net.endpoint }));
   } else if (net.publicIP) {
     const ep = `http://${net.publicIP}:${p}`;
-    saveNetwork({ publicIP: net.publicIP, port: p, endpoint: ep, upnp: false, reachable: false, needsManualPortForward: true, configuredAt: new Date().toISOString() });
+    saveNetwork({ ...net, publicIP: net.publicIP, port: p, endpoint: ep, upnp: false, reachable: false, needsManualPortForward: true, configuredAt: new Date().toISOString() });
     console.log(JSON.stringify({ status: 'needs_port_forward', publicIP: net.publicIP, port: p, instruction: `Forward external TCP port ${p} to this machine's port ${p} on your router. Then run: atel verify` }));
   } else {
     console.log(JSON.stringify({ status: 'failed', error: 'Could not determine public IP' }));
@@ -3180,12 +3676,25 @@ async function cmdStart(port) {
   }
   const p = parseInt(port || '3100');
+  const startLock = acquireStartInstanceLock(p);
+  if (!startLock.ok) {
+    console.error(`Another atel start instance is already running for this ATEL_DIR on port ${p} (pid: ${startLock.existing?.pid || 'unknown'}).`);
+    process.exit(1);
+  }
+  process.on('exit', () => { releaseStartInstanceLock(p); });
   const caps = loadCapabilities();
   const capTypes = caps.map(c => c.type || c);
   const policy = loadPolicy();
   const enforcer = new PolicyEnforcer(policy);
   const pendingTasks = loadTasks();
   let resultPushQueue = loadResultPushQueue();
+  const notifyTargets = loadNotifyTargets();
+  const enabledNotifyTargets = notifyTargets.targets.filter(t => t.enabled !== false);
+  if (notifyTargets.targets.length === 0) {
+    console.warn('⚠️  No notification targets are bound. Run `atel notify bind <chatId>` or `atel notify add telegram <chatId>` before expecting callbacks.');
+  } else if (enabledNotifyTargets.length === 0) {
+    console.warn('⚠️  Notification targets exist, but all are disabled. Run `atel notify enable <id>` to restore callbacks.');
+  }
   const sleep = (ms) => new Promise(r => setTimeout(r, ms));
@@ -3194,7 +3703,7 @@ async function cmdStart(port) {
       if (process.env.ATEL_DEBUG) console.error('[DEBUG] verifyAnchorFromChain input:', { chain, txHash, traceRoot });
       if (!txHash || !traceRoot) return { checked: false, verified: false, reason: 'missing_anchor_or_root' };
-      const c = (chain || 'solana').toLowerCase();
+      const c = (chain || 'base').toLowerCase();
       if (c === 'solana') {
         const rpcUrl = process.env.ATEL_SOLANA_RPC_URL || 'https://api.mainnet-beta.solana.com';
@@ -3510,8 +4019,9 @@ async function cmdStart(port) {
   const processedEvents = new Set();
   const pendingAgentCallbacks = new Map();
-  // ── Agent hook queue (serialize hook executions to avoid session lock conflicts) ──
-  let hookBusy = false;
+  // ── Agent hook queue (bounded concurrency, still guarded by recovery keys) ──
+  let activeHookWorkers = 0;
+  const MAX_HOOK_CONCURRENCY = Math.max(1, Math.min(4, Number.parseInt(process.env.ATEL_HOOK_CONCURRENCY || '3', 10) || 3));
   const hookQueue = [];
   const activeRecoveryKeys = new Set();
@@ -3837,9 +4347,17 @@ For rejection:
 Important: you are not chatting with the user.
 Do not output markdown, headings, bullet points, explanations, or your reasoning.
 You must output exactly one line of JSON.
+Do not return a plan-only answer.
+Do not return vague wording like “可定义为/应当/建议/可以/后续将”.
+You must prefer factual evidence:
+- what you actually checked
+- what command or file/path or interface you actually touched
+- what concrete output / state / observation you actually got
+- whether that evidence satisfies the current milestone
+If you could not find evidence, say that explicitly in the JSON result, including what you checked.
 Format:
-{"result":"the actual deliverable for the current milestone"}`;
+{"result":"factual deliverable with concrete evidence and observations only"}`;
     }
     return promptText;
@@ -3965,6 +4483,9 @@ Format:
         const parsed = JSON.parse(cleaned);
         return buildAgentCallbackAction(eventType, payload, parsed);
       } catch {
+        if (isKnownInvalidLocalAgentStdout(cleaned)) {
+          return { ok: false, error: 'invalid_local_agent_stdout_known_failure' };
+        }
         return buildAgentCallbackAction(eventType, payload, { result: cleaned, summary: cleaned });
       }
     }
@@ -4094,7 +4615,7 @@ Format:
       activeRecoveryKeys.add(recoveryKey);
     }
     hookQueue.push({ event: eventType, dedupeKey, cmd: parsedCmd[0], args: parsedCmd.slice(1), cwd, payload, recoveryKey });
-    if (!hookBusy) processHookQueue();
+    processHookQueue();
     return true;
   }
@@ -4186,6 +4707,10 @@ Format:
               orderDescription,
               previousApprovedOutputs,
             });
+      if (isResubmission && Number(currentMilestone.submitCount || 0) >= 3) {
+        log({ event: 'trade_reconcile_executor_skip_manual_arbitration', orderId, currentMilestone: currentIndex, phase: ms.phase, submitCount: Number(currentMilestone.submitCount || 0) });
+        return;
+      }
       const promptText = isResubmission
         ? `You are the ATEL executor agent. Your previous submission for milestone M${currentIndex} was rejected.
 Original order requirements: ${orderDescription || 'not provided'}
@@ -4238,7 +4763,7 @@ Advance the current milestone strictly based on these approved results. Do not i
         orderDescription,
         previousApprovedOutputs,
       };
-      const promptText = `You are the ATEL requester agent. You need to review the work submitted by the executor.\nOriginal order requirements: ${orderDescription || 'not provided'}\nMilestone goal: ${submittedMilestone.title || ''}\nPreviously approved outputs:\n${previousApprovedOutputs || 'none'}\nSubmission: ${submittedMilestone.resultSummary || ''}\nDecide carefully whether to pass or reject based only on the order requirements and the previously approved outputs, then return decision=pass or decision=reject via the callback.`;
+      const promptText = `You are the ATEL requester agent. You need to review the work submitted by the executor.\nOriginal order requirements: ${orderDescription || 'not provided'}\nMilestone goal: ${submittedMilestone.title || ''}\nPreviously approved outputs:\n${previousApprovedOutputs || 'none'}\nSubmission: ${submittedMilestone.resultSummary || ''}\nReview based on the submitted evidence, command outputs, file contents, and the previously approved outputs. Do not try to inspect executor-local filesystem paths like /tmp on your own machine unless the submission includes a reproducible proof that makes such a check valid.\nDecide carefully whether to pass or reject based only on the order requirements and the previously approved outputs, then return decision=pass or decision=reject via the callback.`;
       const recoveryKey = buildMilestoneHookRecoveryKey('milestone_submitted', payload);
       const queued = queueAgentHook('milestone_submitted', recoveryKey, promptText, workspace.dir, payload, { recoveryKey });
       if (queued) log({ event: 'trade_reconcile_requester', orderId, milestoneIndex: submittedMilestone.index, recoveryKey });
@@ -4290,7 +4815,13 @@ Advance the current milestone strictly based on these approved results. Do not i
         const order = await fetchOrderState(orderId);
         await reconcileSingleTradeOrder(order);
       } catch (e) {
-        log({ event: 'trade_reconcile_tracked_error', orderId, error: e.message });
+        const message = String(e?.message || '');
+        if (message.includes('order_info_http_404')) {
+          untrackOrder(orderId);
+          log({ event: 'trade_reconcile_tracked_removed', orderId, reason: 'order_info_http_404' });
+          continue;
+        }
+        log({ event: 'trade_reconcile_tracked_error', orderId, error: message });
       }
     }
   }
@@ -4391,7 +4922,7 @@ Advance the current milestone strictly based on these approved results. Do not i
     if (kind === 'contact_added') {
       pushP2PNotification('p2p_contact_added', { peerDid: messageSenderDid || senderDid, alias: body.alias || '', text }).catch((e) => log({ event: 'p2p_notify_error', kind, error: e.message }));
     } else if (kind !== 'telegram_message') {
-      pushP2PNotification('p2p_message_received', { peerDid: messageSenderDid || senderDid, text }).catch((e) => log({ event: 'p2p_notify_error', kind, error: e.message }));
+      pushP2PNotification('p2p_message_received', { peerDid: messageSenderDid || senderDid, text, images: body.images, attachments: body.attachments }).catch((e) => log({ event: 'p2p_notify_error', kind, error: e.message }));
     }
     res.json({ status: 'ok', kind });
@@ -4538,7 +5069,7 @@ Advance the current milestone strictly based on these approved results. Do not i
               + `## 原任务\n${fullDesc}\n\n`
               + `## 当前里程碑\nM${mIdx}: ${mDesc}\n\n`
               + `## 执行方提交（第 ${submitCount}/3 次）\n${subSummary}\n\n`
-              + `请基于你自己的判断，评估这次提交是否真实地完成了原任务在当前里程碑应有的部分。如果符合原任务的要求和意图，PASS；如果偏离原任务、违反原任务的约束、或没有真正交付要求的内容，REJECT。\n\n`
+              + `请基于你自己的判断，评估这次提交是否真实地完成了原任务在当前里程碑应有的部分。如果符合原任务的要求和意图，PASS；如果偏离原任务、违反原任务的约束、或没有真正交付要求的内容，REJECT。评审时优先依据执行方提交的证据、命令输出、文件内容与前序已批准结果；不要在你自己的机器上直接检查执行方本地 /tmp 等路径，除非提交里已经给出可复现且合理的远端证明。\n\n`
               + `通过：\ncd ~/atel-workspace && atel milestone-verify ${orderIdForCwd} ${mIdx} --pass\n\n`
               + `不通过（必须给出具体理由）：\ncd ~/atel-workspace && atel milestone-verify ${orderIdForCwd} ${mIdx} --reject '具体原因'\n`;
             log({ event: 'verifier_prompt_overridden', orderId: orderIdForCwd, milestoneIndex: mIdx });
@@ -4610,7 +5141,11 @@ Advance the current milestone strictly based on these approved results. Do not i
     // to "say" it will run a command. This is the reliable path for state-transition actions
     // such as approving the milestone plan on order acceptance.
     let directExecutionSucceeded = false;
-    const directActions = getDirectExecutableActions(event, recommendedActions);
+    const rejectLimitReached = event === 'milestone_rejected' && Number(payload?.submitCount || body?.submitCount || 0) >= 3;
+    const directActions = rejectLimitReached ? [] : getDirectExecutableActions(event, recommendedActions, payload, currentPolicy);
+    if (rejectLimitReached) {
+      log({ event: 'direct_action_skip_manual_arbitration', eventType: event, dedupeKey, orderId: payload?.orderId || body?.orderId || '', milestoneIndex: payload?.milestoneIndex ?? body?.milestoneIndex ?? null, reason: 'rejection_limit_reached' });
+    }
     for (const action of directActions) {
       const result = await executeRecommendedActionDirect(event, action, atelCwd, dedupeKey);
       if (result.ok) directExecutionSucceeded = true;
@@ -4623,6 +5158,18 @@ Advance the current milestone strictly based on these approved results. Do not i
     const autoTriggerEvents = ['order_accepted', 'milestone_plan_confirmed', 'milestone_submitted', 'milestone_verified', 'milestone_rejected'];
     const hasGatewayAction = Array.isArray(recommendedActions) && recommendedActions.some((action) => Array.isArray(action?.command) && action.command[0] === 'atel');
     if (agentCmd && prompt && autoTriggerEvents.includes(event) && !shouldSkipAgentHook(event, directExecutionSucceeded)) {
+      if (rejectLimitReached) {
+        log({
+          event: 'agent_hook_skip_manual_arbitration',
+          eventType: event,
+          dedupeKey,
+          orderId: payload?.orderId || body?.orderId || '',
+          milestoneIndex: payload?.milestoneIndex ?? body?.milestoneIndex ?? null,
+          reason: 'rejection_limit_reached',
+        });
+        res.json({ status: 'received', eventId, eventType: event, skipped: true, requiresManualArbitration: true });
+        return;
+      }
       const needsActionablePayload = event !== 'milestone_submitted';
       if (needsActionablePayload && !hasGatewayAction) {
         log({ event: 'agent_hook_skip_no_action', eventType: event, dedupeKey, reason: 'informational_only_payload' });
@@ -4667,13 +5214,16 @@ Advance the current milestone strictly based on these approved results. Do not i
   // Process hook queue serially
   async function processHookQueue() {
-    if (hookBusy || hookQueue.length === 0) return;
-    hookBusy = true;
+    if (activeHookWorkers >= MAX_HOOK_CONCURRENCY || hookQueue.length === 0) return;
+    activeHookWorkers += 1;
     const { event: hookEvent, dedupeKey: hookKey, cmd: spawnCmd, args: spawnArgs, cwd: hookCwd, payload: hookPayload, recoveryKey } = hookQueue.shift();
+    if (activeHookWorkers < MAX_HOOK_CONCURRENCY && hookQueue.length > 0) {
+      processHookQueue();
+    }
     const { execFile } = await import('child_process');
     const finishHook = () => {
       if (recoveryKey) activeRecoveryKeys.delete(recoveryKey);
-      hookBusy = false;
+      activeHookWorkers = Math.max(0, activeHookWorkers - 1);
       processHookQueue();
     };
     log({ event: 'agent_cmd_trigger', eventType: hookEvent, dedupeKey: hookKey, cmd: spawnCmd, argsCount: spawnArgs.length });
@@ -4695,7 +5245,7 @@ Advance the current milestone strictly based on these approved results. Do not i
     const MAX_ATTEMPTS = 5;
     const isMilestoneHook = ['milestone_plan_confirmed', 'milestone_verified', 'milestone_rejected', 'milestone_submitted'].includes(hookEvent);
-    const localHookTimeoutMs = isMilestoneHook ? 180000 : 600000;
+    const localHookTimeoutMs = isMilestoneHook ? 90000 : 600000;
     const preparedInvocation = prepareHookInvocation(spawnCmd, spawnArgs, hookKey, Math.ceil(localHookTimeoutMs / 1000));
     const runHook = (attempt, invocation = preparedInvocation) => {
       const hookStartedAt = Date.now();
@@ -4707,7 +5257,7 @@ Advance the current milestone strictly based on these approved results. Do not i
         if (isSessionLock && attempt < MAX_ATTEMPTS) {
           // OpenClaw session still held by previous call — wait for lock release then retry
-          const delay = 15000 + (attempt * 5000); // 15s, 20s, 25s, 30s
+          const delay = 3000 + (attempt * 2000); // 3s, 5s, 7s, 9s
           log({ event: 'agent_cmd_session_lock', eventType: hookEvent, attempt: attempt + 1, delayMs: delay, duration_ms: durationMs });
           setTimeout(() => runHook(attempt + 1), delay);
         } else if (isNetworkError && attempt < 2) {
@@ -4901,7 +5451,7 @@ Advance the current milestone strictly based on these approved results. Do not i
         const proofRecord = {
           traceRoot: proof.trace_root,
           txHash: anchor.txHash,
-          chain: anchor.chain || 'solana',
+          chain: anchor.chain || 'base',
           executor: id.did,
           taskFrom: task.from,
           action: task.action,
@@ -5004,7 +5554,7 @@ Advance the current milestone strictly based on these approved results. Do not i
     const anchorTx = anchor?.txHash || null;
     let anchorAudit = { checked: false, verified: false, chain: task?.chain || anchor?.chain || null, reason: null };
     if (anchorTx) {
-      anchorAudit = await verifyAnchorFromChain(task?.chain || anchor?.chain || 'solana', anchorTx, proof.trace_root);
+      anchorAudit = await verifyAnchorFromChain(task?.chain || anchor?.chain || 'base', anchorTx, proof.trace_root);
     }
     const auditReasons = [];
@@ -5038,7 +5588,7 @@ Advance the current milestone strictly based on these approved results. Do not i
             proofBundle: proof,
             traceRoot: proof.trace_root,
             anchorTx: anchor?.txHash || null,
-            chain: anchor?.chain || task?.chain || 'solana',
+            chain: anchor?.chain || task?.chain || 'base',
             traceEvents: trace.events, // Include trace events for verification
             audit: auditSummary,
           };
@@ -5088,7 +5638,7 @@ Advance the current milestone strictly based on these approved results. Do not i
           fetch(`${ATEL_NOTIFY_GATEWAY}/tools/invoke`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${token}` },
-            body: JSON.stringify({ tool: 'message', args: { action: 'send', message: msg, target: ATEL_NOTIFY_TARGET } }),
+            body: JSON.stringify({ tool: 'message', args: { action: 'send', channel: 'telegram', message: msg, target: ATEL_NOTIFY_TARGET } }),
             signal: AbortSignal.timeout(5000),
           }).then(() => log({ event: 'notify_sent', taskId })).catch(e => log({ event: 'notify_failed', taskId, error: e.message }));
         }
@@ -5120,7 +5670,7 @@ Advance the current milestone strictly based on these approved results. Do not i
         status: (success !== false && auditPassed) ? 'completed' : 'failed',
         result,
         proof: { proof_id: proof.proof_id, trace_root: proof.trace_root, events_count: trace.events.length },
-        anchor: anchor ? { chain: anchor.chain || 'solana', txHash: anchor.txHash, block: anchor.blockNumber } : null,
+        anchor: anchor ? { chain: anchor.chain || 'base', txHash: anchor.txHash, block: anchor.blockNumber } : null,
         execution: { duration_ms: durationMs, encrypted: task.encrypted },
         audit: auditSummary,
         rollback: rollbackReport ? { total: rollbackReport.total, succeeded: rollbackReport.succeeded, failed: rollbackReport.failed } : null,
@@ -5371,7 +5921,7 @@ Advance the current milestone strictly based on these approved results. Do not i
         text,
         timestamp: new Date().toISOString(),
       });
-      pushP2PNotification('p2p_message_received', { peerDid: message.from, text }).catch((e) => log({ event: 'p2p_notify_error', kind: 'portal_message', error: e.message }));
+      pushP2PNotification('p2p_message_received', { peerDid: message.from, text, images: payload.images, attachments: payload.attachments }).catch((e) => log({ event: 'p2p_notify_error', kind: 'portal_message', error: e.message }));
       return {
         status: 'ok',
         kind: 'portal_message',
@@ -5641,7 +6191,7 @@ Advance the current milestone strictly based on these approved results. Do not i
         const echoDurationMs = Date.now() - new Date(echoAcceptedAt || Date.now()).getTime();
         if (anchor?.txHash) {
           const proofRecord = {
-            traceRoot: proof.trace_root, txHash: anchor.txHash, chain: anchor.chain || 'solana',
+            traceRoot: proof.trace_root, txHash: anchor.txHash, chain: anchor.chain || 'base',
             executor: id.did, taskFrom: message.from, action, success: echoSuccess,
             durationMs: echoDurationMs, riskLevel: 'low', policyViolations: 0,
             proofId: proof.proof_id, timestamp: new Date().toISOString(), verified: true,
@@ -5677,10 +6227,8 @@ Advance the current milestone strictly based on these approved results. Do not i
   await endpoint.start();
-  // Telegram notifications are opt-in by default. Only auto-bind when explicit consent was already collected.
-  if (ATEL_NOTIFY_AUTO_BIND) {
-    try { autoBindNotifications(); } catch (e) { /* never block startup */ }
-  }
+  // In OpenClaw-hosted mode, self-heal notification binding automatically so TG callbacks survive reinstall / port drift.
+  try { autoBindNotifications(); } catch (e) { /* never block startup */ }
   // Background retry for failed result pushes (durable queue)
   const flushResultPushQueue = async () => {
@@ -5721,12 +6269,12 @@ Advance the current milestone strictly based on these approved results. Do not i
   flushResultPushQueue().catch((e) => log({ event: 'result_push_flush_error', error: e.message }));
   setInterval(() => {
     flushResultPushQueue().catch((e) => log({ event: 'result_push_flush_error', error: e.message }));
-  }, 15000);
+  }, 5000);
   reconcileActiveTradeOrders().catch((e) => log({ event: 'trade_reconcile_bootstrap_error', error: e.message }));
   setInterval(() => {
     reconcileActiveTradeOrders().catch((e) => log({ event: 'trade_reconcile_interval_error', error: e.message }));
-  }, 15000);
+  }, 3000);
   // Auto-register to Registry with candidates
   if (capTypes.length > 0 && networkConfig.candidates && networkConfig.candidates.length > 0) {
@@ -6736,14 +7284,14 @@ async function cmdRotate() {
     newDid: newIdentity.did,
     backup: backupFile,
     proof_valid: verifyKeyRotation(proof),
-    anchor: anchor ? { chain: anchor.chain || 'solana', txHash: anchor.txHash } : null,
+    anchor: anchor ? { chain: anchor.chain || 'base', txHash: anchor.txHash } : null,
     next: 'Restart endpoint: atel start [port]',
   }, null, 2));
 }
 // ─── Platform API Helpers ────────────────────────────────────────
-const PLATFORM_URL = process.env.ATEL_PLATFORM || process.env.ATEL_API || process.env.ATEL_REGISTRY || 'https://api.atelai.org';
+const PLATFORM_URL = ATEL_PLATFORM;
 async function signedFetch(method, path, payload = {}) {
   const id = requireIdentity();
@@ -6769,6 +7317,7 @@ async function cmdAuth(code) {
     console.error('  Authorize a Dashboard session using the code displayed on the login page.');
     process.exit(1);
   }
+  ensureProductionAuthTarget();
   const id = requireIdentity();
   const { default: nacl } = await import('tweetnacl');
   const { serializePayload } = await import('@lawrenceliang-btc/atel-sdk');
@@ -7268,10 +7817,39 @@ async function cmdReject(orderId) {
   console.log(JSON.stringify(data, null, 2));
 }
-async function cmdOrderCancel(orderId, reason) {
-  if (!orderId) { console.error('Usage: atel order-cancel <orderId> [reason]'); process.exit(1); }
+async function cmdOrderCancel(orderId, restArgs = []) {
+  if (!orderId) { console.error('Usage: atel order-cancel <orderId> [reason] [--dry-run]'); process.exit(1); }
+  const { dryRun, reason } = parseOrderCancelArgs(restArgs);
+  const cancelReason = reason || 'reset regression environment';
+  const res = await fetch(`${PLATFORM_URL}/trade/v1/order/${orderId}`, { signal: AbortSignal.timeout(10000) });
+  const orderInfo = await res.json();
+  if (!res.ok) { console.error('Failed to get order:', orderInfo.error || `http_${res.status}`); process.exit(1); }
+  const currentDid = requireIdentity().did;
+  const preflight = preflightOrderCancel(orderInfo, currentDid);
+  if (!preflight.ok) {
+    console.error(preflight.error);
+    process.exit(1);
+  }
+  if (dryRun) {
+    console.log(JSON.stringify({
+      status: 'dry_run',
+      orderId: preflight.orderId,
+      orderStatus: preflight.orderStatus,
+      requesterDid: preflight.requesterDid,
+      executorDid: preflight.executorDid,
+      currentDid: preflight.currentDid,
+      reason: cancelReason,
+      canCancel: true,
+    }, null, 2));
+    return;
+  }
   const data = await signedFetch('POST', `/trade/v1/order/${orderId}/cancel`, {
-    reason: reason || 'reset regression environment',
+    reason: cancelReason,
   });
   if (data?.status === 'cancelled') untrackOrder(orderId);
   console.log(JSON.stringify(data, null, 2));
@@ -7574,7 +8152,7 @@ async function cmdComplete(orderId, taskId) {
     if (anchor?.txHash) {
       const proofRecord = {
-        traceRoot: proof.trace_root, txHash: anchor.txHash, chain: anchor.chain || 'solana',
+        traceRoot: proof.trace_root, txHash: anchor.txHash, chain: anchor.chain || 'base',
         executor: id.did, taskFrom: requesterDid, action: 'cli-complete',
         success: true, durationMs: 0, riskLevel: 'low', policyViolations: 0,
         proofId: proof.proof_id, timestamp: new Date().toISOString(), verified: true,
@@ -7621,7 +8199,7 @@ async function cmdComplete(orderId, taskId) {
   const orderPrice = Number(orderInfo?.priceAmount ?? 0);
   const isPaidOrder = orderId.startsWith('ord-') && orderPrice > 0;
   const anchorTx = anchor?.txHash || null;
-  const anchorChain = anchorTx ? (anchor?.chain || orderInfo?.chain || 'solana') : (orderInfo?.chain || null);
+  const anchorChain = anchorTx ? (anchor?.chain || orderInfo?.chain || 'base') : (orderInfo?.chain || null);
   const auditReasons = [];
   if (!traceAudit.valid) auditReasons.push('trace_hash_chain_invalid');
   if (isPaidOrder && !anchorTx) auditReasons.push('paid_order_anchor_missing');
@@ -9597,7 +10175,7 @@ const commands = {
   // Trade
   'trade-task': () => cmdTradeTask(args[0], args.slice(1).join(' ')),
   order: () => cmdOrder(args[0], args[1], args[2]),
-  'order-cancel': () => cmdOrderCancel(args[0], args.slice(1).join(' ').trim()),
+  'order-cancel': () => cmdOrderCancel(args[0], args.slice(1)),
   'order-info': () => cmdOrderInfo(args[0]),
   accept: () => cmdAccept(args[0]),
   reject: () => _origCmdReject(args[0]),
@@ -9745,13 +10323,28 @@ const commands = {
       console.log('Gateway:', gw ? `${gw.url} (token: ${gw.token ? '✅' : '❌'})` : '❌ not found');
       const botToken = discoverTelegramBot();
       console.log('TG Bot:', botToken ? `✅ (${botToken.split(':')[0]})` : '❌ not configured');
+      const inboundConfig = getTelegramInboundConfig();
+      const inboundMode = inboundConfig ? getTelegramInboundHostMode(inboundConfig) : { mode: 'disabled', reason: 'no_inbound_config' };
+      console.log('TG Ingress:', `${inboundMode.mode}${inboundMode.reason ? ` (${inboundMode.reason})` : ''}`);
+      let currentDid = '';
+      try { currentDid = requireIdentity().did; } catch {}
+      const consents = listNotifyConsentsForDid(currentDid);
       console.log(`\nTargets (${targets.targets.length}):`);
       if (targets.targets.length === 0) {
         console.log('  (none) — use "atel notify bind <chatId>" to add');
       }
       for (const t of targets.targets) {
         const status = t.enabled !== false ? '✅' : '🔇';
-        console.log(`  ${status} [${t.id}] ${t.channel}:${t.target} label=${t.label || '-'} last=${t.lastUsedAt || 'never'}`);
+        const consent = consents.find((item) => ((item.channel === t.channel) || (t.channel === 'gateway' && item.channel === 'telegram')) && item.target === String(t.target));
+        const consentLabel = consent ? `${consent.status || 'active'} @ ${consent.consentedAt || consent.updatedAt || 'unknown'}` : 'missing';
+        console.log(`  ${status} [${t.id}] ${t.channel}:${t.target} label=${t.label || '-'} last=${t.lastUsedAt || 'never'} consent=${consentLabel}`);
+      }
+      if (currentDid) {
+        console.log(`\nConsent Records (${consents.length}) for ${currentDid}:`);
+        if (consents.length === 0) console.log('  (none)');
+        for (const item of consents) {
+          console.log(`  - ${item.channel}:${item.target} status=${item.status || 'active'} source=${item.source || '-'} updated=${item.updatedAt || item.consentedAt || 'unknown'}`);
+        }
       }
       return;
     }
@@ -9772,18 +10365,32 @@ const commands = {
       let botToken = rawArgs.includes('--bot-token') ? rawArgs[rawArgs.indexOf('--bot-token') + 1] : '';
       if (!botToken) botToken = process.env.TELEGRAM_BOT_TOKEN || '';
       if (!botToken) botToken = discoverTelegramBot() || '';
-      const id = `tg_${chatId}`;
-      // Remove existing with same id
-      targets.targets = targets.targets.filter(t => t.id !== id);
+      const currentDid = requireIdentity().did;
+      const bindingTarget = resolveNotifyBindTarget(chatId, botToken);
+      if (bindingTarget.channel === 'telegram') {
+        const ownership = ensureTelegramBindingOwnership(currentDid, chatId, botToken);
+        if (!ownership.ok) {
+          console.error(`Telegram chat ${chatId} for bot ${ownership.botId || 'telegram'} is already owned by DID ${ownership.ownerDid}. Remove/disable it there before rebinding.`);
+          process.exit(1);
+        }
+      }
+      const id = bindingTarget.id;
+      // Remove existing notify targets for the same chat before rebinding
+      targets.targets = targets.targets.filter(t => !(String(t.target) === String(chatId) && (t.channel === 'telegram' || t.channel === 'gateway')));
       targets.targets.push({
-        id, channel: 'telegram', target: String(chatId),
-        botToken: botToken || undefined,
-        label: 'owner', enabled: true,
+        id, channel: bindingTarget.channel, target: String(bindingTarget.target),
+        botToken: bindingTarget.botToken,
+        label: bindingTarget.label, enabled: true,
         createdAt: new Date().toISOString(), lastUsedAt: null,
       });
       saveNotifyTargets(targets);
       rememberTelegramRoute(chatId, botToken || undefined);
-      console.log(`✅ Bound TG chat ${chatId} as notification target (id: ${id})`);
+      try { upsertNotifyConsent({ did: requireIdentity().did, channel: 'telegram', target: String(chatId), botToken, source: 'notify_bind', status: 'active' }); } catch {}
+      if (bindingTarget.channel === 'gateway') {
+        console.log(`✅ Bound OpenClaw gateway chat ${chatId} as notification target (id: ${id})`);
+      } else {
+        console.log(`✅ Bound TG chat ${chatId} as notification target (id: ${id})`);
+      }
       if (!botToken) console.log('⚠️  No bot token found. Set TELEGRAM_BOT_TOKEN or use --bot-token');
       return;
     }
@@ -9795,6 +10402,17 @@ const commands = {
       if (rawArgs.includes('--label')) label = rawArgs[rawArgs.indexOf('--label') + 1] || '';
       let botToken = rawArgs.includes('--bot-token') ? rawArgs[rawArgs.indexOf('--bot-token') + 1] : '';
       if (!botToken && channel === 'telegram') botToken = process.env.TELEGRAM_BOT_TOKEN || discoverTelegramBot() || '';
+      const currentDid = requireIdentity().did;
+      if (channel === 'telegram') {
+        const bindingTarget = resolveNotifyBindTarget(target, botToken);
+        if (bindingTarget.channel === 'telegram') {
+          const ownership = ensureTelegramBindingOwnership(currentDid, target, botToken);
+          if (!ownership.ok) {
+            console.error(`Telegram chat ${target} for bot ${ownership.botId || 'telegram'} is already owned by DID ${ownership.ownerDid}. Remove/disable it there before rebinding.`);
+            process.exit(1);
+          }
+        }
+      }
       const id = `${channel.substring(0,2)}_${target}`;
       targets.targets = targets.targets.filter(t => t.id !== id);
       targets.targets.push({
@@ -9804,6 +10422,7 @@ const commands = {
         createdAt: new Date().toISOString(), lastUsedAt: null,
       });
       saveNotifyTargets(targets);
+      try { upsertNotifyConsent({ did: requireIdentity().did, channel, target: String(target), botToken, source: 'notify_add', status: 'active' }); } catch {}
       console.log(`✅ Added ${channel}:${target} (id: ${id})`);
       return;
     }
@@ -9811,9 +10430,17 @@ const commands = {
     if (subCmd === 'remove') {
       const id = args[1];
       if (!id) { console.error('Usage: atel notify remove <id>'); process.exit(1); }
+      const removedTarget = targets.targets.find(t => t.id === id) || null;
       const before = targets.targets.length;
       targets.targets = targets.targets.filter(t => t.id !== id);
       saveNotifyTargets(targets);
+      if (removedTarget) {
+        try {
+          const did = requireIdentity().did;
+          if (removedTarget.channel === 'telegram') releaseTelegramBindingOwnership(did, removedTarget.target, removedTarget.botToken);
+          revokeNotifyConsent({ did, channel: removedTarget.channel, target: String(removedTarget.target), reason: 'notify_remove' });
+        } catch {}
+      }
       console.log(targets.targets.length < before ? `✅ Removed ${id}` : `⚠️ Target ${id} not found`);
       return;
     }
@@ -9823,8 +10450,26 @@ const commands = {
       if (!id) { console.error(`Usage: atel notify ${subCmd} <id>`); process.exit(1); }
       const t = targets.targets.find(t => t.id === id);
       if (!t) { console.error(`Target ${id} not found`); process.exit(1); }
+      const did = requireIdentity().did;
+      if (subCmd === 'enable' && t.channel === 'telegram') {
+        const bindingTarget = resolveNotifyBindTarget(t.target, t.botToken || '');
+        if (bindingTarget.channel === 'telegram') {
+          const ownership = ensureTelegramBindingOwnership(did, t.target, t.botToken);
+          if (!ownership.ok) {
+            console.error(`Telegram chat ${t.target} for bot ${ownership.botId || 'telegram'} is already owned by DID ${ownership.ownerDid}. Remove/disable it there before rebinding.`);
+            process.exit(1);
+          }
+        }
+      }
       t.enabled = subCmd === 'enable';
       saveNotifyTargets(targets);
+      try {
+        if (subCmd === 'enable') upsertNotifyConsent({ did, channel: t.channel, target: String(t.target), botToken: t.botToken, source: 'notify_enable', status: 'active' });
+        else {
+          if (t.channel === 'telegram') releaseTelegramBindingOwnership(did, t.target, t.botToken);
+          revokeNotifyConsent({ did, channel: t.channel, target: String(t.target), reason: 'notify_disable' });
+        }
+      } catch {}
       console.log(`✅ ${id} ${subCmd}d`);
       return;
     }
@@ -9845,17 +10490,11 @@ const commands = {
             const data = await resp.json();
             console.log(`  ${target.id}: ${data.ok ? '✅ sent' : '❌ ' + (data.description || 'failed')}`);
           } else if (target.channel === 'gateway') {
-            const gw = discoverGateway();
-            if (gw?.url && gw?.token) {
-              const resp = await fetch(`${gw.url}/tools/invoke`, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${gw.token}` },
-                body: JSON.stringify({ tool: 'message', args: { action: 'send', message: '🔔 ATEL notification test', target: target.target } }),
-                signal: AbortSignal.timeout(10000),
-              });
-              console.log(`  ${target.id}: ${resp.ok ? '✅ sent' : '❌ status ' + resp.status}`);
+            const delivery = await invokeGatewayTelegramMessage(target.target, '🔔 ATEL notification test', 10000);
+            if (delivery.ok) {
+              console.log(`  ${target.id}: ✅ sent via ${delivery.url}`);
             } else {
-              console.log(`  ${target.id}: ❌ gateway not found`);
+              console.log(`  ${target.id}: ❌ ${delivery.error || delivery.reason || 'gateway_failed'}${delivery.url ? ' @ ' + delivery.url : ''}`);
             }
           } else {
             console.log(`  ${target.id}: ❌ unsupported channel ${target.channel}`);
@@ -9946,7 +10585,7 @@ Hub Commands:
 Trade Commands:
   trade-task <cap> <desc> [--budget N]   One-shot: search → order → wait → confirm (requester)
   order <executorDid> <cap> <price>    Create a trade order
-  order-cancel <orderId> [reason]      Cancel an order
+  order-cancel <orderId> [reason] [--dry-run]  Cancel an order
   order-info <orderId>                 Get order details
   accept <orderId>                     Accept an order (executor)
   reject <orderId>                     Reject an order (executor)