@lawrenceliang-btc/atel-sdk 1.2.12 → 1.2.14

package/bin/atel.mjs

@@ -61,12 +61,13 @@ import {
   createMessage, verifyMessage, parseDID, RegistryClient, ExecutionTrace, ProofGenerator,
   SolanaAnchorProvider, BaseAnchorProvider, BSCAnchorProvider,
   autoNetworkSetup, collectCandidates, connectToAgent,
-  discoverPublicIP, checkReachable, ContentAuditor, TrustScoreClient,
+  discoverPublicIP, checkReachable, verifyPortReachable, ContentAuditor, TrustScoreClient,
   RollbackManager, rotateKey, verifyKeyRotation, ToolGateway, PolicyEngine, mintConsentToken, sign,
   TrustGraph, calculateTaskWeight,
 } from '@lawrenceliang-btc/atel-sdk';
 import { TunnelManager, HeartbeatManager } from './tunnel-manager.mjs';
-import { buildAgentCallbackAction, getDirectExecutableActions, normalizeGatewayBind, shouldSkipAgentHook, shouldUseGatewaySession } from './notification-action-helpers.mjs';
+import { buildAgentCallbackAction, explainDirectExecutionSkip, getDirectExecutableActions, normalizeGatewayBind, shouldSkipAgentHook, shouldUseGatewaySession } from './notification-action-helpers.mjs';
+import { parseOrderCancelArgs, preflightOrderCancel } from './order-cancel-helpers.mjs';
 // ollama-manager removed — SDK does not run local models
 const initializeOllama = async () => {};
 const getOllamaStatus = async () => ({ running: false, models: [] });
@@ -74,9 +75,69 @@ import { parseAttachmentFlags, processAttachments } from './atel-attachment-help
 
 const ATEL_DIR = resolve(process.env.ATEL_DIR || '.atel');
 const IDENTITY_FILE = resolve(ATEL_DIR, 'identity.json');
-const ATEL_PLATFORM = process.env.ATEL_PLATFORM || process.env.ATEL_API || process.env.ATEL_REGISTRY || 'https://api.atelai.org';
-const REGISTRY_URL = process.env.ATEL_REGISTRY || ATEL_PLATFORM || 'https://api.atelai.org';
-const ATEL_RELAY = process.env.ATEL_RELAY || 'https://api.atelai.org';
+
+function readDefaultPlatformBase() {
+  const explicit = process.env.ATEL_PLATFORM || process.env.ATEL_API || process.env.ATEL_REGISTRY || '';
+  if (String(explicit).trim()) return String(explicit).trim().replace(/\/+$/, '');
+  try {
+    const networkFile = resolve(ATEL_DIR, 'network.json');
+    if (existsSync(networkFile)) {
+      const network = JSON.parse(readFileSync(networkFile, 'utf-8'));
+      const candidate = [network?.relayUrl, network?.platformUrl, network?.registryUrl].find((value) => typeof value === 'string' && value.trim());
+      if (candidate) return String(candidate).trim().replace(/\/+$/, '');
+    }
+  } catch {}
+  return 'https://api.atelai.org';
+}
+
+const DEFAULT_PLATFORM_BASE = readDefaultPlatformBase();
+const ATEL_PLATFORM = process.env.ATEL_PLATFORM || process.env.ATEL_API || process.env.ATEL_REGISTRY || DEFAULT_PLATFORM_BASE;
+const REGISTRY_URL = process.env.ATEL_REGISTRY || ATEL_PLATFORM || DEFAULT_PLATFORM_BASE;
+const ATEL_RELAY = process.env.ATEL_RELAY || DEFAULT_PLATFORM_BASE;
+
+function normalizeUrl(value = '') {
+  return String(value || '').trim().replace(/\/+$/, '');
+}
+
+function getEnvironmentProfile(url = '') {
+  const normalized = normalizeUrl(url);
+  if (!normalized) return { name: 'unknown', label: 'unknown', url: normalized };
+  try {
+    const parsed = new URL(normalized);
+    const host = String(parsed.hostname || '').toLowerCase();
+    if (host === 'api.atelai.org') return { name: 'production', label: 'production', url: normalized };
+    if (host === '127.0.0.1' || host === 'localhost') return { name: 'test', label: 'local-test', url: normalized };
+    if (host === '43.160.230.129' || host === '43.160.211.180') return { name: 'test', label: 'host-test', url: normalized };
+    return { name: 'custom', label: host || 'custom', url: normalized };
+  } catch {
+    return { name: 'custom', label: normalized, url: normalized };
+  }
+}
+
+function getCurrentEnvironmentSummary() {
+  const platform = getEnvironmentProfile(ATEL_PLATFORM);
+  const registry = getEnvironmentProfile(REGISTRY_URL);
+  const relay = getEnvironmentProfile(ATEL_RELAY);
+  const explicit = Boolean(String(process.env.ATEL_PLATFORM || process.env.ATEL_API || process.env.ATEL_REGISTRY || process.env.ATEL_RELAY || '').trim());
+  return {
+    profile: platform.name,
+    platform,
+    registry,
+    relay,
+    explicit,
+    atelDir: ATEL_DIR,
+  };
+}
+
+function ensureProductionAuthTarget() {
+  const env = getCurrentEnvironmentSummary();
+  if (env.platform.name === 'production') return env;
+  console.error(`Authorization blocked: current ATEL_DIR is targeting ${env.platform.label} (${env.platform.url || 'unknown'}), not production.`);
+  console.error(`ATEL_DIR: ${env.atelDir}`);
+  console.error('To authorize a code from https://atelai.org/login, run with explicit production endpoints:');
+  console.error('  ATEL_PLATFORM=https://api.atelai.org ATEL_REGISTRY=https://api.atelai.org ATEL_RELAY=https://api.atelai.org atel auth <code>');
+  process.exit(1);
+}
 const ATEL_NOTIFY_GATEWAY = process.env.ATEL_NOTIFY_GATEWAY || process.env.OPENCLAW_GATEWAY_URL || '';
 const ATEL_NOTIFY_TARGET = process.env.ATEL_NOTIFY_TARGET || '';
 const ATEL_NOTIFY_AUTO_BIND = /^(1|true|yes)$/i.test(String(process.env.ATEL_NOTIFY_AUTO_BIND || ''));
@@ -92,8 +153,13 @@ const PENDING_FILE = resolve(ATEL_DIR, 'pending-tasks.json');
 const RESULT_PUSH_QUEUE_FILE = resolve(ATEL_DIR, 'pending-result-pushes.json');
 const NOTIFY_TARGETS_FILE = resolve(ATEL_DIR, 'notify-targets.json');
 const NOTIFY_ROUTES_FILE = resolve(ATEL_DIR, 'notify-routes.json');
+const NOTIFY_CONSENTS_FILE = resolve(ATEL_DIR, 'notify-consents.json');
 const TELEGRAM_UPDATES_STATE_FILE = resolve(process.env.HOME || '/root', '.openclaw', 'deploy', 'sdk-telegram-updates.json');
 const TELEGRAM_BINDINGS_FILE = resolve(process.env.HOME || '/root', '.openclaw', 'deploy', 'sdk-telegram-bindings.json');
+const OPENCLAW_CONFIG_FILE = resolve(process.env.HOME || '/root', '.openclaw', 'openclaw.json');
+const OPENCLAW_TG_OFFSET_FILE = resolve(process.env.HOME || '/root', '.openclaw', 'telegram', 'update-offset-default.json');
+const OPENCLAW_GATEWAY_SYSTEMD_FILE = resolve(process.env.HOME || '/root', '.config', 'systemd', 'user', 'openclaw-gateway.service');
+const OPENCLAW_GATEWAY_SYSTEMD_OVERRIDE_FILE = resolve(process.env.HOME || '/root', '.config', 'systemd', 'user', 'openclaw-gateway.service.d', 'env.conf');
 const TRADE_TRACK_FILE = resolve(ATEL_DIR, 'tracked-orders.json');
 const P2P_STATUS_FILE = resolve(ATEL_DIR, 'p2p-task-status.jsonl');
 const PENDING_AGENT_CALLBACKS_FILE = resolve(ATEL_DIR, 'pending-agent-callbacks.json');
@@ -107,6 +173,47 @@ const DEFAULT_POLICY = { rateLimit: 60, maxPayloadBytes: 1048576, maxConcurrent:
 
 function ensureDir() { if (!existsSync(ATEL_DIR)) mkdirSync(ATEL_DIR, { recursive: true }); }
 
+function isPidAlive(pid) {
+  const n = Number(pid || 0);
+  if (!Number.isFinite(n) || n <= 0) return false;
+  try { process.kill(n, 0); return true; }
+  catch { return false; }
+}
+
+function getStartInstanceLockFile(port) {
+  return resolve(ATEL_DIR, `start-instance-${String(port || '3100')}.lock.json`);
+}
+
+function acquireStartInstanceLock(port) {
+  ensureDir();
+  const file = getStartInstanceLockFile(port);
+  let existing = null;
+  if (existsSync(file)) {
+    try { existing = JSON.parse(readFileSync(file, 'utf-8')); } catch {}
+  }
+  if (existing?.pid && existing.pid !== process.pid && isPidAlive(existing.pid)) {
+    return { ok: false, file, existing };
+  }
+  const payload = {
+    pid: process.pid,
+    port: Number(port || 0),
+    did: (() => { try { return requireIdentity().did; } catch { return ''; } })(),
+    startedAt: new Date().toISOString(),
+  };
+  writeFileSync(file, JSON.stringify(payload, null, 2));
+  return { ok: true, file, existing };
+}
+
+function releaseStartInstanceLock(port) {
+  const file = getStartInstanceLockFile(port);
+  if (!existsSync(file)) return false;
+  try {
+    const current = JSON.parse(readFileSync(file, 'utf-8'));
+    if (Number(current?.pid || 0) !== process.pid) return false;
+  } catch {}
+  try { unlinkSync(file); return true; } catch { return false; }
+}
+
 function ensureOrderWorkspace(orderId, context = {}) {
   ensureDir();
   const safeOrderId = String(orderId || 'unknown').replace(/[^a-zA-Z0-9._-]/g, '_');
@@ -212,6 +319,18 @@ function summarizeAgentOutput(text, maxChars = 300) {
   return trimmed.substring(0, maxChars);
 }
 
+function isKnownInvalidLocalAgentStdout(text) {
+  const value = String(text || '').trim();
+  if (!value) return false;
+  const lowered = value.toLowerCase();
+  return lowered.includes('401 该令牌已过期')
+    || lowered.includes('token expired')
+    || lowered.includes('plugin register() called')
+    || lowered.includes('plugin registration complete')
+    || lowered.includes('session file locked')
+    || lowered.includes('session locked');
+}
+
 // ═══════════════════════════════════════════════════════════════════
 // Notification Target System — auto-discover gateway, manage targets
 // ═══════════════════════════════════════════════════════════════════
@@ -226,6 +345,86 @@ function saveNotifyTargets(data) {
   writeFileSync(NOTIFY_TARGETS_FILE, JSON.stringify(data, null, 2));
 }
 
+function markNotifyTargetUsed(targets, deliveredTarget, usedAt) {
+  const list = Array.isArray(targets?.targets) ? targets.targets : [];
+  const id = String(deliveredTarget?.id || '').trim();
+  const channel = String(deliveredTarget?.channel || '').trim();
+  const targetValue = String(deliveredTarget?.target || '').trim();
+  for (const item of list) {
+    if (!item || typeof item !== 'object') continue;
+    if (id && String(item.id || '').trim() === id) {
+      item.lastUsedAt = usedAt;
+      return true;
+    }
+    if (channel && targetValue && String(item.channel || '').trim() === channel && String(item.target || '').trim() === targetValue) {
+      item.lastUsedAt = usedAt;
+      return true;
+    }
+  }
+  return false;
+}
+
+function loadNotifyConsents() {
+  try { return JSON.parse(readFileSync(NOTIFY_CONSENTS_FILE, 'utf-8')); }
+  catch { return { version: 1, consents: [] }; }
+}
+
+function saveNotifyConsents(data) {
+  ensureDir();
+  writeFileSync(NOTIFY_CONSENTS_FILE, JSON.stringify(data, null, 2));
+}
+
+function extractTelegramBotId(botToken = '') {
+  const token = String(botToken || '').trim();
+  return token ? (token.split(':', 1)[0] || '') : '';
+}
+
+function upsertNotifyConsent({ did, channel, target, botToken, source = 'notify_bind', status = 'active' }) {
+  const ownerDid = String(did || '').trim();
+  const normalizedChannel = String(channel || '').trim();
+  const normalizedTarget = String(target || '').trim();
+  if (!ownerDid || !normalizedChannel || !normalizedTarget) return false;
+  const data = loadNotifyConsents();
+  if (!Array.isArray(data.consents)) data.consents = [];
+  const now = new Date().toISOString();
+  const botId = normalizedChannel === 'telegram' ? extractTelegramBotId(botToken) : '';
+  const existing = data.consents.find((item) => item && item.did === ownerDid && item.channel === normalizedChannel && item.target === normalizedTarget);
+  if (existing) {
+    existing.status = status;
+    existing.updatedAt = now;
+    existing.revokedAt = status === 'revoked' ? (existing.revokedAt || now) : null;
+    if (status !== 'revoked') existing.consentedAt = existing.consentedAt || now;
+    existing.source = source || existing.source || 'notify_bind';
+    if (botId) existing.botId = botId;
+  } else {
+    data.consents.push({
+      did: ownerDid,
+      channel: normalizedChannel,
+      target: normalizedTarget,
+      botId: botId || undefined,
+      source,
+      status,
+      consentedAt: status === 'revoked' ? null : now,
+      revokedAt: status === 'revoked' ? now : null,
+      updatedAt: now,
+    });
+  }
+  saveNotifyConsents(data);
+  return true;
+}
+
+function revokeNotifyConsent({ did, channel, target, reason = 'notify_remove' }) {
+  return upsertNotifyConsent({ did, channel, target, source: reason, status: 'revoked' });
+}
+
+function listNotifyConsentsForDid(did) {
+  const ownerDid = String(did || '').trim();
+  if (!ownerDid) return [];
+  const data = loadNotifyConsents();
+  const items = Array.isArray(data.consents) ? data.consents : [];
+  return items.filter((item) => item && item.did === ownerDid);
+}
+
 function loadNotifyRoutes() {
   try { return JSON.parse(readFileSync(NOTIFY_ROUTES_FILE, 'utf-8')); }
   catch { return { version: 1, defaultTelegram: null, orderBindings: {} }; }
@@ -289,24 +488,26 @@ function resolveNotifyTargets(orderId = '') {
   const primary = getPrimaryTelegramTarget();
   const preferred = (orderId && routes.orderBindings && routes.orderBindings[orderId]) || routes.defaultTelegram || (primary ? { chatId: String(primary.target), botToken: primary.botToken, updatedAt: primary.lastUsedAt || primary.createdAt || new Date().toISOString() } : null);
   if (!preferred?.chatId) return { targets, enabled };
-  let hasTelegram = false;
+  const bindingTarget = resolveNotifyBindTarget(preferred.chatId, preferred.botToken || discoverTelegramBot() || '');
+  let hasBoundTarget = false;
   enabled = enabled.map((target) => {
-    if (target.channel !== 'telegram') return target;
-    hasTelegram = true;
+    if (target.channel !== bindingTarget.channel) return target;
+    if (String(target.target) !== String(preferred.chatId)) return target;
+    hasBoundTarget = true;
     return {
       ...target,
       target: String(preferred.chatId),
-      botToken: preferred.botToken || target.botToken,
+      botToken: bindingTarget.channel === 'telegram' ? (preferred.botToken || target.botToken) : undefined,
       routeSource: orderId && routes.orderBindings && routes.orderBindings[orderId] ? 'order' : 'default',
     };
   });
-  if (!hasTelegram) {
+  if (!hasBoundTarget) {
     enabled = [{
-      id: `tg_${preferred.chatId}`,
-      channel: 'telegram',
+      id: bindingTarget.id,
+      channel: bindingTarget.channel,
       target: String(preferred.chatId),
-      botToken: preferred.botToken || discoverTelegramBot() || undefined,
-      label: orderId ? `order:${orderId}` : 'owner',
+      botToken: bindingTarget.channel === 'telegram' ? (preferred.botToken || discoverTelegramBot() || undefined) : undefined,
+      label: orderId ? 'order:' + orderId : 'owner',
       enabled: true,
       createdAt: preferred.updatedAt || new Date().toISOString(),
       lastUsedAt: null,
@@ -351,45 +552,308 @@ function autoBindNotifications() {
   if (!chatId) return;
 
   const botToken = routes.defaultTelegram?.botToken || discoverTelegramBot();
-  const id = `tg_${chatId}`;
+  const bindingTarget = resolveNotifyBindTarget(chatId, botToken || '');
   targets.targets.push({
-    id, channel: 'telegram', target: chatId,
-    botToken: botToken || undefined,
+    id: bindingTarget.id,
+    channel: bindingTarget.channel,
+    target: String(chatId),
+    botToken: bindingTarget.channel === 'telegram' ? (botToken || undefined) : undefined,
     label: 'owner', enabled: true,
     createdAt: new Date().toISOString(), lastUsedAt: null,
   });
   saveNotifyTargets(targets);
   rememberTelegramRoute(chatId, botToken || undefined);
-  console.log(`🔔 Auto-bound TG notifications to chat ${chatId}`);
+  try { upsertNotifyConsent({ did: requireIdentity().did, channel: 'telegram', target: String(chatId), botToken, source: 'auto_bind', status: 'active' }); } catch {}
+  console.log(`🔔 Auto-bound ${bindingTarget.channel} notifications to chat ${chatId}`);
 }
 
 // Auto-discover OpenClaw gateway: read token + find port
+function loadOpenClawGatewayRuntimeHints() {
+  const hints = { ports: [], binds: [], urls: [] };
+  const addPort = (value) => {
+    const port = Number.parseInt(String(value || '').trim(), 10);
+    if (Number.isFinite(port) && port > 0 && !hints.ports.includes(port)) hints.ports.push(port);
+  };
+  const addBind = (value) => {
+    const bind = normalizeGatewayBind(String(value || '').trim() || '127.0.0.1');
+    if (bind && !hints.binds.includes(bind)) hints.binds.push(bind);
+  };
+  const addUrl = (value) => {
+    const url = String(value || '').trim();
+    if (url && !hints.urls.includes(url)) hints.urls.push(url);
+  };
+  const parseRuntimeText = (content) => {
+    if (!content) return;
+    for (const match of content.matchAll(/(?:--port|OPENCLAW_GATEWAY_PORT=)(\d+)/g)) addPort(match[1]);
+    for (const match of content.matchAll(/(?:--host|--bind)\s+([^\s"']+)/g)) addBind(match[1]);
+    for (const match of content.matchAll(/OPENCLAW_GATEWAY_URL=([^\s"']+)/g)) addUrl(match[1]);
+  };
+  addPort(process.env.OPENCLAW_GATEWAY_PORT);
+  addBind(process.env.OPENCLAW_GATEWAY_BIND || process.env.OPENCLAW_GATEWAY_HOST);
+  addUrl(process.env.OPENCLAW_GATEWAY_URL || process.env.ATEL_NOTIFY_GATEWAY);
+  for (const candidate of [OPENCLAW_GATEWAY_SYSTEMD_FILE, OPENCLAW_GATEWAY_SYSTEMD_OVERRIDE_FILE]) {
+    try {
+      if (existsSync(candidate)) parseRuntimeText(readFileSync(candidate, 'utf-8'));
+    } catch {}
+  }
+  return hints;
+}
+
 function discoverGateway() {
-  // 1. Env override
-  if (process.env.ATEL_NOTIFY_GATEWAY || process.env.OPENCLAW_GATEWAY_URL) {
-    const url = process.env.ATEL_NOTIFY_GATEWAY || process.env.OPENCLAW_GATEWAY_URL;
-    let token = '';
-    try { token = JSON.parse(readFileSync(join(process.env.HOME || '', '.openclaw/openclaw.json'), 'utf-8')).gateway?.auth?.token || ''; } catch {}
-    return { url, token };
-  }
-  // 2. Read from ~/.openclaw/openclaw.json
+  const candidateUrls = [];
+  const seen = new Set();
+  const addCandidate = (url, source) => {
+    const normalized = String(url || '').trim();
+    if (!normalized || seen.has(normalized)) return;
+    seen.add(normalized);
+    candidateUrls.push({ url: normalized, source });
+  };
+  const addPortCandidates = (port, bind, source) => {
+    const parsedPort = Number.parseInt(String(port || '').trim(), 10);
+    if (!Number.isFinite(parsedPort) || parsedPort <= 0) return;
+    const hosts = new Set([
+      normalizeGatewayBind(bind || '127.0.0.1'),
+      '127.0.0.1',
+      'localhost',
+    ]);
+    for (const host of hosts) addCandidate(`http://${host}:${parsedPort}`, source);
+  };
+
+  let token = '';
+  let cfg = null;
   try {
-    const cfg = JSON.parse(readFileSync(join(process.env.HOME || '', '.openclaw/openclaw.json'), 'utf-8'));
-    const token = cfg.gateway?.auth?.token || '';
-    const port = cfg.gateway?.port || 18789;
-    const bind = normalizeGatewayBind(cfg.gateway?.bind || '127.0.0.1');
-    return { url: `http://${bind}:${port}`, token };
-  } catch { return null; }
+    cfg = JSON.parse(readFileSync(OPENCLAW_CONFIG_FILE, 'utf-8'));
+    token = String(cfg?.gateway?.auth?.token || '').trim();
+  } catch {}
+
+  const explicitUrl = process.env.ATEL_NOTIFY_GATEWAY || process.env.OPENCLAW_GATEWAY_URL;
+  if (explicitUrl) addCandidate(explicitUrl, 'env_url');
+
+  const hints = loadOpenClawGatewayRuntimeHints();
+  for (const url of hints.urls) addCandidate(url, 'runtime_url');
+  for (const port of hints.ports) addPortCandidates(port, hints.binds[0], 'runtime_port');
+
+  if (cfg?.gateway?.port) addPortCandidates(cfg.gateway.port, cfg.gateway?.bind || '127.0.0.1', 'config');
+
+  const fallbackPort = Number.parseInt(String(process.env.OPENCLAW_GATEWAY_PORT || '').trim(), 10);
+  if (Number.isFinite(fallbackPort) && fallbackPort > 0) addPortCandidates(fallbackPort, process.env.OPENCLAW_GATEWAY_BIND || process.env.OPENCLAW_GATEWAY_HOST || '127.0.0.1', 'env_port');
+
+  if (candidateUrls.length === 0) addPortCandidates(18789, '127.0.0.1', 'default');
+
+  if (!token && candidateUrls.length === 0) return null;
+  return { url: candidateUrls[0]?.url || '', token, candidates: candidateUrls };
+}
+
+async function invokeGatewayTelegramMessage(target, message, timeoutMs = 5000) {
+  const gw = discoverGateway();
+  const candidates = Array.isArray(gw?.candidates) && gw.candidates.length > 0 ? gw.candidates : (gw?.url ? [{ url: gw.url, source: 'legacy' }] : []);
+  let last = { ok: false, reason: 'missing_gateway', error: 'missing_gateway', status: 0, url: '' };
+  if (gw?.token && candidates.length > 0) {
+    for (const candidate of candidates) {
+      try {
+        const resp = await fetch(`${candidate.url}/tools/invoke`, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${gw.token}` },
+          body: JSON.stringify({ tool: 'message', args: { action: 'send', channel: 'telegram', message, target } }),
+          signal: AbortSignal.timeout(timeoutMs),
+        });
+        if (resp.ok) return { ok: true, status: resp.status, url: candidate.url, source: candidate.source };
+        let detail = `http_${resp.status}`;
+        try {
+          const payload = await resp.json();
+          detail = payload?.error?.message || payload?.message || detail;
+        } catch {}
+        last = { ok: false, reason: 'http_error', error: detail, status: resp.status, url: candidate.url, source: candidate.source };
+      } catch (e) {
+        last = { ok: false, reason: 'fetch_failed', error: e.message || 'fetch_failed', status: 0, url: candidate.url, source: candidate.source };
+      }
+    }
+  }
+
+  const oc = loadOpenClawConfig();
+  const botToken = String(oc?.channels?.telegram?.botToken || '').trim();
+  if (botToken) {
+    try {
+      const data = await sendTelegramBotRequest(botToken, 'sendMessage', { chat_id: target, text: message }, timeoutMs);
+      if (data?.ok !== false) {
+        return { ok: true, status: 200, url: 'telegram://openclaw-bot', source: 'openclaw_bot_fallback' };
+      }
+      last = { ok: false, reason: 'telegram_http_error', error: data?.description || 'http_200', status: 200, url: 'telegram://openclaw-bot', source: 'openclaw_bot_fallback' };
+    } catch (e) {
+      last = { ok: false, reason: 'telegram_fetch_failed', error: e.message || 'fetch_failed', status: 0, url: 'telegram://openclaw-bot', source: 'openclaw_bot_fallback' };
+    }
+  }
+  return last;
+}
+
+async function sendTelegramBotRequest(botToken, method, payload, timeoutMs = 5000) {
+  const url = `https://api.telegram.org/bot${botToken}/${method}`;
+  const options = {
+    method: 'POST',
+    signal: AbortSignal.timeout(timeoutMs),
+  };
+  if (payload instanceof FormData) {
+    options.body = payload;
+  } else {
+    options.headers = { 'Content-Type': 'application/json' };
+    options.body = JSON.stringify(payload);
+  }
+  const resp = await fetch(url, options);
+  const data = await resp.json().catch(() => null);
+  if (!resp.ok || data?.ok === false) {
+    throw new Error(data?.description || `http_${resp.status}`);
+  }
+  return data;
+}
+
+function decodeDataUrl(dataUrl = '') {
+  const match = String(dataUrl || '').match(/^data:([^;]+);base64,(.+)$/);
+  if (!match) return null;
+  const [, mimeType, base64] = match;
+  try {
+    return { mimeType, buffer: Buffer.from(base64, 'base64') };
+  } catch {
+    return null;
+  }
+}
+
+function buildMediaCaption(message = '', payload = {}, index = 0) {
+  const base = String(message || '').trim();
+  const sender = String(payload.peerDid || '').trim();
+  const extra = index === 0 && sender ? `来自: ${sender}` : '';
+  return [base, extra].filter(Boolean).join('\n').slice(0, 900);
+}
+
+async function fetchTelegramUploadSource(item, defaultName, defaultMimeType, timeoutMs = 5000) {
+  if (item?.kind === 'inline' && item?.data) {
+    const decoded = decodeDataUrl(item.data);
+    if (decoded?.buffer) {
+      return {
+        name: item.name || defaultName,
+        mimeType: decoded.mimeType || item.mimeType || defaultMimeType,
+        buffer: decoded.buffer,
+      };
+    }
+  }
+  const mediaUrl = String(item?.downloadUrl || item?.url || '').trim();
+  if (!mediaUrl) throw new Error('missing_media_url');
+  const resp = await fetch(mediaUrl, { signal: AbortSignal.timeout(timeoutMs) });
+  if (!resp.ok) throw new Error(`attachment_fetch_http_${resp.status}`);
+  const arrayBuffer = await resp.arrayBuffer();
+  return {
+    name: item?.name || defaultName,
+    mimeType: item?.mimeType || resp.headers.get('content-type') || defaultMimeType,
+    buffer: Buffer.from(arrayBuffer),
+  };
+}
+
+async function sendTelegramPhoto(botToken, chatId, image, caption = '', timeoutMs = 5000) {
+  const source = await fetchTelegramUploadSource(image, 'image', image?.mimeType || 'image/png', timeoutMs);
+  const form = new FormData();
+  form.append('chat_id', String(chatId));
+  if (caption) form.append('caption', caption);
+  form.append('photo', new Blob([source.buffer], { type: source.mimeType || 'image/png' }), source.name || 'image');
+  return await sendTelegramBotRequest(botToken, 'sendPhoto', form, timeoutMs);
+}
+
+async function sendTelegramDocumentLike(botToken, method, fieldName, chatId, attachment, caption = '', timeoutMs = 5000) {
+  const source = await fetchTelegramUploadSource(attachment, attachment?.name || fieldName, attachment?.mimeType || 'application/octet-stream', timeoutMs);
+  const form = new FormData();
+  form.append('chat_id', String(chatId));
+  if (caption) form.append('caption', caption);
+  form.append(fieldName, new Blob([source.buffer], { type: source.mimeType || 'application/octet-stream' }), source.name || fieldName);
+  return await sendTelegramBotRequest(botToken, method, form, timeoutMs);
+}
+
+async function sendTelegramRichMedia(botToken, chatId, message, payload = {}, timeoutMs = 5000) {
+  const images = Array.isArray(payload.images) ? payload.images : [];
+  const attachments = Array.isArray(payload.attachments) ? payload.attachments : [];
+  let sent = false;
+  for (let i = 0; i < images.length; i++) {
+    await sendTelegramPhoto(botToken, chatId, images[i], buildMediaCaption(message, payload, i), timeoutMs);
+    sent = true;
+  }
+  for (let i = 0; i < attachments.length; i++) {
+    const attachment = attachments[i] || {};
+    const kind = String(attachment.kind || '').toLowerCase();
+    const mimeType = String(attachment.mimeType || '').toLowerCase();
+    const caption = buildMediaCaption(message, payload, images.length + i);
+    if (kind === 'audio' || mimeType.startsWith('audio/')) {
+      try {
+        await sendTelegramDocumentLike(botToken, 'sendAudio', 'audio', chatId, attachment, caption, timeoutMs);
+      } catch {
+        await sendTelegramDocumentLike(botToken, 'sendDocument', 'document', chatId, attachment, caption, timeoutMs);
+      }
+    } else if (kind === 'video' || mimeType.startsWith('video/')) {
+      try {
+        await sendTelegramDocumentLike(botToken, 'sendVideo', 'video', chatId, attachment, caption, timeoutMs);
+      } catch {
+        await sendTelegramDocumentLike(botToken, 'sendDocument', 'document', chatId, attachment, caption, timeoutMs);
+      }
+    } else {
+      await sendTelegramDocumentLike(botToken, 'sendDocument', 'document', chatId, attachment, caption, timeoutMs);
+    }
+    sent = true;
+  }
+  return sent;
 }
 
 function loadOpenClawConfig() {
   try {
-    return JSON.parse(readFileSync(join(process.env.HOME || '', '.openclaw/openclaw.json'), 'utf-8'));
+    return JSON.parse(readFileSync(OPENCLAW_CONFIG_FILE, 'utf-8'));
   } catch {
     return null;
   }
 }
 
+function loadOpenClawTelegramOffset() {
+  try {
+    return JSON.parse(readFileSync(OPENCLAW_TG_OFFSET_FILE, 'utf-8'));
+  } catch {
+    return null;
+  }
+}
+
+function getTelegramInboundHostMode(config) {
+  const explicit = String(process.env.ATEL_NOTIFY_TG_INGRESS || '').trim().toLowerCase();
+  if (explicit === 'sdk') return { mode: 'sdk', reason: 'env_override_sdk' };
+  if (explicit === 'openclaw') return { mode: 'openclaw', reason: 'env_override_openclaw' };
+  const oc = loadOpenClawConfig();
+  const enabled = oc?.channels?.telegram?.enabled === true;
+  const botToken = String(oc?.channels?.telegram?.botToken || '').trim();
+  const offset = loadOpenClawTelegramOffset();
+  const offsetBotId = String(offset?.botId || '').trim();
+  if (enabled && botToken && config?.botToken && botToken === config.botToken) {
+    return { mode: 'openclaw', reason: offsetBotId && offsetBotId === String(config.botId || '') ? 'openclaw_same_bot_active' : 'openclaw_same_bot_configured' };
+  }
+  return { mode: 'sdk', reason: 'sdk_default' };
+}
+
+function resolveNotifyBindTarget(chatId, botToken) {
+  const normalizedChatId = String(chatId || '').trim();
+  const normalizedBotToken = String(botToken || '').trim();
+  const botId = normalizedBotToken ? (normalizedBotToken.split(':', 1)[0] || 'telegram') : 'telegram';
+  const ingress = getTelegramInboundHostMode({ chatId: normalizedChatId, botToken: normalizedBotToken, botId });
+  if (ingress.mode === 'openclaw') {
+    return {
+      channel: 'gateway',
+      id: 'gw_' + normalizedChatId,
+      target: normalizedChatId,
+      label: 'owner',
+      ingress,
+      botToken: undefined,
+    };
+  }
+  return {
+    channel: 'telegram',
+    id: 'tg_' + normalizedChatId,
+    target: normalizedChatId,
+    label: 'owner',
+    ingress,
+    botToken: normalizedBotToken || undefined,
+  };
+}
+
 // Read TG bot token from openclaw config
 function discoverTelegramBot() {
   try {
@@ -441,6 +905,45 @@ function registerTelegramInboundBinding(did, config) {
   return { ownerDid: did, rebound: true };
 }
 
+function getTelegramBindingKey(chatId, botToken) {
+  const normalizedChatId = String(chatId || '').trim();
+  const normalizedBotToken = String(botToken || '').trim();
+  if (!normalizedChatId || !normalizedBotToken) return null;
+  const botId = normalizedBotToken.split(':', 1)[0] || 'telegram';
+  return { key: `${botId}:${normalizedChatId}`, botId, chatId: normalizedChatId };
+}
+
+function ensureTelegramBindingOwnership(did, chatId, botToken) {
+  const binding = getTelegramBindingKey(chatId, botToken);
+  if (!did || !binding) return { ok: true, ownerDid: String(did || '').trim(), key: binding?.key || '' };
+  const data = loadTelegramBindings();
+  if (!data.bindings || typeof data.bindings !== 'object') data.bindings = {};
+  const current = data.bindings[binding.key];
+  const ownerDid = String(current?.ownerDid || '').trim();
+  if (ownerDid && ownerDid !== did) {
+    return { ok: false, ownerDid, key: binding.key, botId: binding.botId, chatId: binding.chatId };
+  }
+  return { ok: true, ownerDid: ownerDid || String(did).trim(), key: binding.key, botId: binding.botId, chatId: binding.chatId };
+}
+
+function releaseTelegramBindingOwnership(did, chatId, botToken) {
+  const binding = getTelegramBindingKey(chatId, botToken);
+  if (!did || !binding) return false;
+  const data = loadTelegramBindings();
+  if (!data.bindings || typeof data.bindings !== 'object') data.bindings = {};
+  const current = data.bindings[binding.key];
+  if (!current || String(current.ownerDid || '').trim() !== String(did).trim()) return false;
+  delete data.bindings[binding.key];
+  saveTelegramBindings(data);
+  const state = loadTelegramUpdatesState();
+  if (state.leaders && state.leaders[binding.key] && String(state.leaders[binding.key].did || '').trim() === String(did).trim()) {
+    delete state.leaders[binding.key];
+    saveTelegramUpdatesState(state);
+  }
+  return true;
+}
+
+
 function acquireTelegramInboundLeader(did, config) {
   const state = loadTelegramUpdatesState();
   if (!state.leaders || typeof state.leaders !== 'object') state.leaders = {};
@@ -535,6 +1038,11 @@ async function pollTelegramInboundUpdates(targetDid) {
   const config = getTelegramInboundConfig();
   if (!config) return { status: 'noop' };
 
+  const ingressMode = getTelegramInboundHostMode(config);
+  if (ingressMode.mode === 'openclaw') {
+    return { status: 'hosted_by_openclaw', reason: ingressMode.reason, botId: config.botId, chatId: config.chatId };
+  }
+
   const binding = registerTelegramInboundBinding(targetDid, config);
   if (binding.ownerDid && binding.ownerDid !== targetDid) {
     return { status: 'follower', ownerDid: binding.ownerDid };
@@ -610,12 +1118,26 @@ async function pushTradeNotification(eventType, payload, body) {
     if (c === 'bsc') return ' (BSC)';
     return '';
   };
+  const autoAcceptReasonText = (reason) => {
+    if (reason === 'missing_recommended_actions') return '平台未提供可执行接单动作';
+    if (reason === 'missing_accept_action') return '事件里没有 accept 动作';
+    if (reason === 'task_mode_not_auto') return '当前 taskMode 不是 auto';
+    if (reason === 'auto_accept_platform_disabled') return '当前未启用免费单自动接单';
+    if (reason === 'paid_auto_accept_disabled') return '当前未启用付费单自动接单';
+    if (reason === 'price_exceeds_accept_max') return '订单金额超过自动接单上限';
+    return reason || '未说明';
+  };
+
   const templates = {
     'order_created': (p) => `📥 收到新订单
 订单: ${p.orderId || body?.orderId || '?'}
 金额: $${p.priceAmount ?? '?'} USDC
 来自: ${p.requesterDid || '未知请求方'}
 请审核后决定是否接单`,
+    'order_created_auto_accept_skipped': (p) => `⏸️ 未自动接单
+订单: ${p.orderId || body?.orderId || '?'}
+原因: ${autoAcceptReasonText(p.reasonCode)}
+请人工判断是否接单`,
     'order_accepted': (p) => `📋 订单已被接单
 订单: ${p.orderId || body?.orderId || '?'}
 执行方已开始处理，进入里程碑阶段`,
@@ -652,9 +1174,14 @@ async function pushTradeNotification(eventType, payload, body) {
     'milestone_rejected': (p) => {
       const desc = p.milestoneDescription ? `
 目标: ${p.milestoneDescription}` : '';
+      const submitCount = Number(p.submitCount || 0);
+      const arbitrationNote = submitCount >= 3 || p.maxReached
+        ? `
+由于连续 3 次被拒，已进入仲裁待决状态，等待人工决定是否发起仲裁`
+        : '';
       return `❌ 里程碑 M${p.milestoneIndex ?? '?'} 被拒绝
 订单: ${p.orderId || body?.orderId || '?'}${desc}
-原因: ${p.rejectReason || '未说明'}`;
+原因: ${p.rejectReason || '未说明'}${arbitrationNote}`;
     },
     'order_completed': (p) => `📦 订单已提交完成
 订单: ${p.orderId || body?.orderId || '?'}
@@ -663,7 +1190,8 @@ async function pushTradeNotification(eventType, payload, body) {
 订单: ${p.orderId || body?.orderId || '?'}
 原因: ${p.reason || '未说明'}`,
     'order_expired': (p) => `⌛ 订单已过期
-订单: ${p.orderId || body?.orderId || '?'}
+订单: ${p.orderId || p.order_id || body?.orderId || body?.order_id || '?'}
+原因: ${p.reason || '未说明'}
 系统已自动结束该订单`,
     'dispute_created': (p) => `⚖️ 争议已创建
 订单: ${p.orderId || body?.orderId || '?'}
@@ -704,24 +1232,15 @@ USDC 已支付`;
           continue;
         }
       } else if (target.channel === 'gateway') {
-        const gw = discoverGateway();
-        if (gw?.url && gw?.token) {
-          const resp = await fetch(`${gw.url}/tools/invoke`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${gw.token}` },
-            body: JSON.stringify({ tool: 'message', args: { action: 'send', message, target: target.target } }),
-            signal: AbortSignal.timeout(5000),
-          });
-          if (!resp.ok) {
-            log({ event: 'trade_notify_delivery_error', eventType, channel: 'gateway', target: target.id || target.target, status: resp.status, error: `http_${resp.status}` });
-            continue;
-          }
-        } else {
-          log({ event: 'trade_notify_target_skipped', eventType, channel: 'gateway', target: target.id || target.target, reason: 'missing_gateway' });
+        const delivery = await invokeGatewayTelegramMessage(target.target, message, 5000);
+        if (!delivery.ok) {
+          log({ event: 'trade_notify_delivery_error', eventType, channel: 'gateway', target: target.id || target.target, status: delivery.status || 0, error: delivery.error || delivery.reason || 'gateway_failed', gatewayUrl: delivery.url || null });
           continue;
         }
       }
       target.lastUsedAt = new Date().toISOString();
+      markNotifyTargetUsed(targets, target, target.lastUsedAt);
+      log({ event: 'trade_notify_delivered', eventType, channel: target.channel, target: target.id || target.target, lastUsedAt: target.lastUsedAt });
     } catch (e) {
       log({ event: 'trade_notify_delivery_error', eventType, channel: target.channel, target: target.id || target.target, error: e.message || 'unknown_error' });
     }
@@ -771,41 +1290,33 @@ async function pushP2PNotification(eventType, payload = {}) {
 
   for (const target of enabled) {
     try {
+      const hasRichMedia = (Array.isArray(payload.images) && payload.images.length > 0) || (Array.isArray(payload.attachments) && payload.attachments.length > 0);
       if (target.channel === 'telegram') {
         if (!target.botToken) {
           log({ event: 'p2p_notify_target_skipped', eventType, channel: 'telegram', target: target.id || target.target, reason: 'missing_bot_token' });
           continue;
         }
-        const resp = await fetch(`https://api.telegram.org/bot${target.botToken}/sendMessage`, {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/json' },
-          body: JSON.stringify({ chat_id: target.target, text: message }),
-          signal: AbortSignal.timeout(5000),
-        });
-        const data = await resp.json().catch(() => null);
-        if (!resp.ok || data?.ok === false) {
-          log({ event: 'p2p_notify_delivery_error', eventType, channel: 'telegram', target: target.id || target.target, status: resp.status, error: data?.description || `http_${resp.status}` });
-          continue;
+        if (hasRichMedia) {
+          await sendTelegramRichMedia(target.botToken, target.target, message, payload, 5000);
+        } else {
+          await sendTelegramBotRequest(target.botToken, 'sendMessage', { chat_id: target.target, text: message }, 5000);
         }
       } else if (target.channel === 'gateway') {
-        const gw = discoverGateway();
-        if (gw?.url && gw?.token) {
-          const resp = await fetch(`${gw.url}/tools/invoke`, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${gw.token}` },
-            body: JSON.stringify({ tool: 'message', args: { action: 'send', message, target: target.target } }),
-            signal: AbortSignal.timeout(5000),
-          });
-          if (!resp.ok) {
-            log({ event: 'p2p_notify_delivery_error', eventType, channel: 'gateway', target: target.id || target.target, status: resp.status, error: `http_${resp.status}` });
+        const oc = loadOpenClawConfig();
+        const botToken = String(oc?.channels?.telegram?.botToken || '').trim();
+        if (hasRichMedia && botToken) {
+          await sendTelegramRichMedia(botToken, target.target, message, payload, 5000);
+        } else {
+          const delivery = await invokeGatewayTelegramMessage(target.target, message, 5000);
+          if (!delivery.ok) {
+            log({ event: 'p2p_notify_delivery_error', eventType, channel: 'gateway', target: target.id || target.target, status: delivery.status || 0, error: delivery.error || delivery.reason || 'gateway_failed', gatewayUrl: delivery.url || null });
             continue;
           }
-        } else {
-          log({ event: 'p2p_notify_target_skipped', eventType, channel: 'gateway', target: target.id || target.target, reason: 'missing_gateway' });
-          continue;
         }
       }
       target.lastUsedAt = new Date().toISOString();
+      markNotifyTargetUsed(targets, target, target.lastUsedAt);
+      log({ event: 'p2p_notify_delivered', eventType, channel: target.channel, target: target.id || target.target, lastUsedAt: target.lastUsedAt });
     } catch (e) {
       log({ event: 'p2p_notify_delivery_error', eventType, channel: target.channel, target: target.id || target.target, error: e.message || 'unknown_error' });
     }
@@ -1704,7 +2215,6 @@ async function getWalletAddresses() {
 function detectPreferredChain() {
   const config = loadAnchorConfig();
   if (config?.preferredChain) return config.preferredChain;
-  if (getChainPrivateKey('solana')) return 'solana';
   if (getChainPrivateKey('base')) return 'base';
   if (getChainPrivateKey('bsc')) return 'bsc';
   return null;
@@ -1816,6 +2326,12 @@ function addFriend(did, options = {}) {
   
   saveFriends(data);
   log({ event: 'friend_added', did, addedBy: options.addedBy });
+  syncContactToPlatform(did, { alias: options.alias || '', notes: options.notes || '' }).catch(() => {});
+  pushP2PNotification('p2p_contact_added', {
+    peerDid: did,
+    alias: options.alias || '',
+    text: options.notes || ''
+  }).catch((e) => log({ event: 'p2p_notify_error', kind: 'friend_added', error: e.message }));
   return true;
 }
 
@@ -2629,7 +3145,7 @@ async function configureAnchor() {
   // 1. Select chain
   const chain = await promptChoice(
     'Select blockchain for anchoring:',
-    ['solana', 'bsc', 'base']
+    ['base', 'bsc']
   );
   
   // 2. Input private key
@@ -2864,7 +3380,7 @@ async function cmdAnchor(subcommand) {
 
 async function cmdInfo() {
   const id = requireIdentity();
-  const info = { agent_id: id.agent_id, did: id.did, capabilities: loadCapabilities(), policy: loadPolicy(), network: loadNetwork(), executor: EXECUTOR_URL || 'not configured' };
+  const info = { agent_id: id.agent_id, did: id.did, capabilities: loadCapabilities(), policy: loadPolicy(), network: loadNetwork(), executor: EXECUTOR_URL || 'not configured', environment: getCurrentEnvironmentSummary() };
 
   // Fetch wallet info from Platform
   try {
@@ -2983,11 +3499,11 @@ async function cmdSetup(port) {
   const net = await autoNetworkSetup(p, ATEL_RELAY);
   for (const step of net.steps) console.log(JSON.stringify({ event: 'step', message: step }));
   if (net.endpoint) {
-    saveNetwork({ publicIP: net.publicIP, port: p, endpoint: net.endpoint, upnp: net.upnpSuccess, reachable: net.reachable, configuredAt: new Date().toISOString() });
+    saveNetwork({ ...net, publicIP: net.publicIP, port: p, endpoint: net.endpoint, upnp: net.upnpSuccess, reachable: net.reachable, configuredAt: new Date().toISOString() });
     console.log(JSON.stringify({ status: 'ready', endpoint: net.endpoint }));
   } else if (net.publicIP) {
     const ep = `http://${net.publicIP}:${p}`;
-    saveNetwork({ publicIP: net.publicIP, port: p, endpoint: ep, upnp: false, reachable: false, needsManualPortForward: true, configuredAt: new Date().toISOString() });
+    saveNetwork({ ...net, publicIP: net.publicIP, port: p, endpoint: ep, upnp: false, reachable: false, needsManualPortForward: true, configuredAt: new Date().toISOString() });
     console.log(JSON.stringify({ status: 'needs_port_forward', publicIP: net.publicIP, port: p, instruction: `Forward external TCP port ${p} to this machine's port ${p} on your router. Then run: atel verify` }));
   } else {
     console.log(JSON.stringify({ status: 'failed', error: 'Could not determine public IP' }));
@@ -3171,6 +3687,15 @@ async function cmdStart(port) {
     log({ event: 'atel_skill_sync_error', error: e.message });
   }
 
+  try {
+    const syncedContacts = await syncAllFriendsToPlatform();
+    if (syncedContacts.attempted > 0) {
+      log({ event: 'contacts_backfill_sync_done', ...syncedContacts });
+    }
+  } catch (e) {
+    log({ event: 'contacts_backfill_sync_error', error: e.message });
+  }
+
   // Initialize Ollama only if explicitly enabled (optional local AI audit)
   if (process.env.ATEL_OLLAMA_ENABLED === 'true') {
     await initializeOllama().catch(err => {
@@ -3180,12 +3705,25 @@ async function cmdStart(port) {
   }
 
   const p = parseInt(port || '3100');
+  const startLock = acquireStartInstanceLock(p);
+  if (!startLock.ok) {
+    console.error(`Another atel start instance is already running for this ATEL_DIR on port ${p} (pid: ${startLock.existing?.pid || 'unknown'}).`);
+    process.exit(1);
+  }
+  process.on('exit', () => { releaseStartInstanceLock(p); });
   const caps = loadCapabilities();
   const capTypes = caps.map(c => c.type || c);
   const policy = loadPolicy();
   const enforcer = new PolicyEnforcer(policy);
   const pendingTasks = loadTasks();
   let resultPushQueue = loadResultPushQueue();
+  const notifyTargets = loadNotifyTargets();
+  const enabledNotifyTargets = notifyTargets.targets.filter(t => t.enabled !== false);
+  if (notifyTargets.targets.length === 0) {
+    console.warn('⚠️  No notification targets are bound. Run `atel notify bind <chatId>` or `atel notify add telegram <chatId>` before expecting callbacks.');
+  } else if (enabledNotifyTargets.length === 0) {
+    console.warn('⚠️  Notification targets exist, but all are disabled. Run `atel notify enable <id>` to restore callbacks.');
+  }
 
   const sleep = (ms) => new Promise(r => setTimeout(r, ms));
 
@@ -3194,7 +3732,7 @@ async function cmdStart(port) {
       if (process.env.ATEL_DEBUG) console.error('[DEBUG] verifyAnchorFromChain input:', { chain, txHash, traceRoot });
       
       if (!txHash || !traceRoot) return { checked: false, verified: false, reason: 'missing_anchor_or_root' };
-      const c = (chain || 'solana').toLowerCase();
+      const c = (chain || 'base').toLowerCase();
       
       if (c === 'solana') {
         const rpcUrl = process.env.ATEL_SOLANA_RPC_URL || 'https://api.mainnet-beta.solana.com';
@@ -3510,10 +4048,27 @@ async function cmdStart(port) {
   const processedEvents = new Set();
   const pendingAgentCallbacks = new Map();
 
-  // ── Agent hook queue (serialize hook executions to avoid session lock conflicts) ──
-  let hookBusy = false;
+  // ── Agent hook queue (bounded concurrency, still guarded by recovery keys) ──
+  let activeHookWorkers = 0;
+  const MAX_HOOK_CONCURRENCY = Math.max(1, Math.min(4, Number.parseInt(process.env.ATEL_HOOK_CONCURRENCY || '3', 10) || 3));
   const hookQueue = [];
   const activeRecoveryKeys = new Set();
+  const recoveryKeyLogState = new Map();
+
+  function logRecoveryKeyActive(eventType, dedupeKey, recoveryKey) {
+    if (!recoveryKey) return;
+    const now = Date.now();
+    const previous = recoveryKeyLogState.get(recoveryKey) || { lastLoggedAt: 0, suppressed: 0 };
+    if (now - previous.lastLoggedAt < 15000) {
+      previous.suppressed += 1;
+      recoveryKeyLogState.set(recoveryKey, previous);
+      return;
+    }
+    const payload = { event: 'agent_hook_not_queued', eventType, dedupeKey, reason: 'recovery_key_active', recoveryKey };
+    if (previous.suppressed > 0) payload.suppressed = previous.suppressed;
+    log(payload);
+    recoveryKeyLogState.set(recoveryKey, { lastLoggedAt: now, suppressed: 0 });
+  }
 
   endpoint.app?.post?.('/atel/v1/agent-callback', async (req, res) => {
     const body = req.body || {};
@@ -3837,9 +4392,17 @@ For rejection:
 Important: you are not chatting with the user.
 Do not output markdown, headings, bullet points, explanations, or your reasoning.
 You must output exactly one line of JSON.
+Do not return a plan-only answer.
+Do not return vague wording like “可定义为/应当/建议/可以/后续将”.
+You must prefer factual evidence:
+- what you actually checked
+- what command or file/path or interface you actually touched
+- what concrete output / state / observation you actually got
+- whether that evidence satisfies the current milestone
+If you could not find evidence, say that explicitly in the JSON result, including what you checked.
 
 Format:
-{"result":"the actual deliverable for the current milestone"}`;
+{"result":"factual deliverable with concrete evidence and observations only"}`;
     }
 
     return promptText;
@@ -3965,6 +4528,9 @@ Format:
         const parsed = JSON.parse(cleaned);
         return buildAgentCallbackAction(eventType, payload, parsed);
       } catch {
+        if (isKnownInvalidLocalAgentStdout(cleaned)) {
+          return { ok: false, error: 'invalid_local_agent_stdout_known_failure' };
+        }
         return buildAgentCallbackAction(eventType, payload, { result: cleaned, summary: cleaned });
       }
     }
@@ -4088,13 +4654,13 @@ Format:
     const recoveryKey = options.recoveryKey || '';
     if (recoveryKey) {
       if (activeRecoveryKeys.has(recoveryKey)) {
-        log({ event: 'agent_hook_not_queued', eventType, dedupeKey, reason: 'recovery_key_active', recoveryKey });
+        logRecoveryKeyActive(eventType, dedupeKey, recoveryKey);
         return false;
       }
       activeRecoveryKeys.add(recoveryKey);
     }
     hookQueue.push({ event: eventType, dedupeKey, cmd: parsedCmd[0], args: parsedCmd.slice(1), cwd, payload, recoveryKey });
-    if (!hookBusy) processHookQueue();
+    processHookQueue();
     return true;
   }
 
@@ -4186,6 +4752,10 @@ Format:
               orderDescription,
               previousApprovedOutputs,
             });
+      if (isResubmission && Number(currentMilestone.submitCount || 0) >= 3) {
+        log({ event: 'trade_reconcile_executor_skip_manual_arbitration', orderId, currentMilestone: currentIndex, phase: ms.phase, submitCount: Number(currentMilestone.submitCount || 0) });
+        return;
+      }
       const promptText = isResubmission
         ? `You are the ATEL executor agent. Your previous submission for milestone M${currentIndex} was rejected.
 Original order requirements: ${orderDescription || 'not provided'}
@@ -4238,7 +4808,7 @@ Advance the current milestone strictly based on these approved results. Do not i
         orderDescription,
         previousApprovedOutputs,
       };
-      const promptText = `You are the ATEL requester agent. You need to review the work submitted by the executor.\nOriginal order requirements: ${orderDescription || 'not provided'}\nMilestone goal: ${submittedMilestone.title || ''}\nPreviously approved outputs:\n${previousApprovedOutputs || 'none'}\nSubmission: ${submittedMilestone.resultSummary || ''}\nDecide carefully whether to pass or reject based only on the order requirements and the previously approved outputs, then return decision=pass or decision=reject via the callback.`;
+      const promptText = `You are the ATEL requester agent. You need to review the work submitted by the executor.\nOriginal order requirements: ${orderDescription || 'not provided'}\nMilestone goal: ${submittedMilestone.title || ''}\nPreviously approved outputs:\n${previousApprovedOutputs || 'none'}\nSubmission: ${submittedMilestone.resultSummary || ''}\nReview based on the submitted evidence, command outputs, file contents, and the previously approved outputs. Do not try to inspect executor-local filesystem paths like /tmp on your own machine unless the submission includes a reproducible proof that makes such a check valid.\nDecide carefully whether to pass or reject based only on the order requirements and the previously approved outputs, then return decision=pass or decision=reject via the callback.`;
       const recoveryKey = buildMilestoneHookRecoveryKey('milestone_submitted', payload);
       const queued = queueAgentHook('milestone_submitted', recoveryKey, promptText, workspace.dir, payload, { recoveryKey });
       if (queued) log({ event: 'trade_reconcile_requester', orderId, milestoneIndex: submittedMilestone.index, recoveryKey });
@@ -4290,7 +4860,13 @@ Advance the current milestone strictly based on these approved results. Do not i
         const order = await fetchOrderState(orderId);
         await reconcileSingleTradeOrder(order);
       } catch (e) {
-        log({ event: 'trade_reconcile_tracked_error', orderId, error: e.message });
+        const message = String(e?.message || '');
+        if (message.includes('order_info_http_404')) {
+          untrackOrder(orderId);
+          log({ event: 'trade_reconcile_tracked_removed', orderId, reason: 'order_info_http_404' });
+          continue;
+        }
+        log({ event: 'trade_reconcile_tracked_error', orderId, error: message });
       }
     }
   }
@@ -4391,7 +4967,7 @@ Advance the current milestone strictly based on these approved results. Do not i
     if (kind === 'contact_added') {
       pushP2PNotification('p2p_contact_added', { peerDid: messageSenderDid || senderDid, alias: body.alias || '', text }).catch((e) => log({ event: 'p2p_notify_error', kind, error: e.message }));
     } else if (kind !== 'telegram_message') {
-      pushP2PNotification('p2p_message_received', { peerDid: messageSenderDid || senderDid, text }).catch((e) => log({ event: 'p2p_notify_error', kind, error: e.message }));
+      pushP2PNotification('p2p_message_received', { peerDid: messageSenderDid || senderDid, text, images: body.images, attachments: body.attachments }).catch((e) => log({ event: 'p2p_notify_error', kind, error: e.message }));
     }
 
     res.json({ status: 'ok', kind });
@@ -4538,7 +5114,7 @@ Advance the current milestone strictly based on these approved results. Do not i
               + `## 原任务\n${fullDesc}\n\n`
               + `## 当前里程碑\nM${mIdx}: ${mDesc}\n\n`
               + `## 执行方提交（第 ${submitCount}/3 次）\n${subSummary}\n\n`
-              + `请基于你自己的判断，评估这次提交是否真实地完成了原任务在当前里程碑应有的部分。如果符合原任务的要求和意图，PASS；如果偏离原任务、违反原任务的约束、或没有真正交付要求的内容，REJECT。\n\n`
+              + `请基于你自己的判断，评估这次提交是否真实地完成了原任务在当前里程碑应有的部分。如果符合原任务的要求和意图，PASS；如果偏离原任务、违反原任务的约束、或没有真正交付要求的内容，REJECT。评审时优先依据执行方提交的证据、命令输出、文件内容与前序已批准结果；不要在你自己的机器上直接检查执行方本地 /tmp 等路径，除非提交里已经给出可复现且合理的远端证明。\n\n`
               + `通过：\ncd ~/atel-workspace && atel milestone-verify ${orderIdForCwd} ${mIdx} --pass\n\n`
               + `不通过（必须给出具体理由）：\ncd ~/atel-workspace && atel milestone-verify ${orderIdForCwd} ${mIdx} --reject '具体原因'\n`;
             log({ event: 'verifier_prompt_overridden', orderId: orderIdForCwd, milestoneIndex: mIdx });
@@ -4610,7 +5186,27 @@ Advance the current milestone strictly based on these approved results. Do not i
     // to "say" it will run a command. This is the reliable path for state-transition actions
     // such as approving the milestone plan on order acceptance.
     let directExecutionSucceeded = false;
-    const directActions = getDirectExecutableActions(event, recommendedActions);
+    const rejectLimitReached = event === 'milestone_rejected' && Number(payload?.submitCount || body?.submitCount || 0) >= 3;
+    const directActions = rejectLimitReached ? [] : getDirectExecutableActions(event, recommendedActions, payload, currentPolicy);
+    if (event === 'order_created' && directActions.length === 0 && !rejectLimitReached) {
+      const skipReason = explainDirectExecutionSkip(event, recommendedActions, payload, currentPolicy);
+      if (skipReason) {
+        log({
+          event: 'order_created_auto_accept_skipped',
+          orderId: payload?.orderId || body?.orderId || '',
+          amount: Number(payload?.priceAmount || 0),
+          reason: skipReason,
+        });
+        pushTradeNotification('order_created_auto_accept_skipped', {
+          ...payload,
+          orderId: payload?.orderId || body?.orderId || '',
+          reasonCode: skipReason,
+        }, body).catch(e => log({ event: 'trade_notify_error', error: e.message }));
+      }
+    }
+    if (rejectLimitReached) {
+      log({ event: 'direct_action_skip_manual_arbitration', eventType: event, dedupeKey, orderId: payload?.orderId || body?.orderId || '', milestoneIndex: payload?.milestoneIndex ?? body?.milestoneIndex ?? null, reason: 'rejection_limit_reached' });
+    }
     for (const action of directActions) {
       const result = await executeRecommendedActionDirect(event, action, atelCwd, dedupeKey);
       if (result.ok) directExecutionSucceeded = true;
@@ -4623,6 +5219,18 @@ Advance the current milestone strictly based on these approved results. Do not i
     const autoTriggerEvents = ['order_accepted', 'milestone_plan_confirmed', 'milestone_submitted', 'milestone_verified', 'milestone_rejected'];
     const hasGatewayAction = Array.isArray(recommendedActions) && recommendedActions.some((action) => Array.isArray(action?.command) && action.command[0] === 'atel');
     if (agentCmd && prompt && autoTriggerEvents.includes(event) && !shouldSkipAgentHook(event, directExecutionSucceeded)) {
+      if (rejectLimitReached) {
+        log({
+          event: 'agent_hook_skip_manual_arbitration',
+          eventType: event,
+          dedupeKey,
+          orderId: payload?.orderId || body?.orderId || '',
+          milestoneIndex: payload?.milestoneIndex ?? body?.milestoneIndex ?? null,
+          reason: 'rejection_limit_reached',
+        });
+        res.json({ status: 'received', eventId, eventType: event, skipped: true, requiresManualArbitration: true });
+        return;
+      }
       const needsActionablePayload = event !== 'milestone_submitted';
       if (needsActionablePayload && !hasGatewayAction) {
         log({ event: 'agent_hook_skip_no_action', eventType: event, dedupeKey, reason: 'informational_only_payload' });
@@ -4667,13 +5275,19 @@ Advance the current milestone strictly based on these approved results. Do not i
 
   // Process hook queue serially
   async function processHookQueue() {
-    if (hookBusy || hookQueue.length === 0) return;
-    hookBusy = true;
+    if (activeHookWorkers >= MAX_HOOK_CONCURRENCY || hookQueue.length === 0) return;
+    activeHookWorkers += 1;
     const { event: hookEvent, dedupeKey: hookKey, cmd: spawnCmd, args: spawnArgs, cwd: hookCwd, payload: hookPayload, recoveryKey } = hookQueue.shift();
+    if (activeHookWorkers < MAX_HOOK_CONCURRENCY && hookQueue.length > 0) {
+      processHookQueue();
+    }
     const { execFile } = await import('child_process');
     const finishHook = () => {
-      if (recoveryKey) activeRecoveryKeys.delete(recoveryKey);
-      hookBusy = false;
+      if (recoveryKey) {
+        activeRecoveryKeys.delete(recoveryKey);
+        recoveryKeyLogState.delete(recoveryKey);
+      }
+      activeHookWorkers = Math.max(0, activeHookWorkers - 1);
       processHookQueue();
     };
     log({ event: 'agent_cmd_trigger', eventType: hookEvent, dedupeKey: hookKey, cmd: spawnCmd, argsCount: spawnArgs.length });
@@ -4695,7 +5309,7 @@ Advance the current milestone strictly based on these approved results. Do not i
 
     const MAX_ATTEMPTS = 5;
     const isMilestoneHook = ['milestone_plan_confirmed', 'milestone_verified', 'milestone_rejected', 'milestone_submitted'].includes(hookEvent);
-    const localHookTimeoutMs = isMilestoneHook ? 180000 : 600000;
+    const localHookTimeoutMs = isMilestoneHook ? 90000 : 600000;
     const preparedInvocation = prepareHookInvocation(spawnCmd, spawnArgs, hookKey, Math.ceil(localHookTimeoutMs / 1000));
     const runHook = (attempt, invocation = preparedInvocation) => {
       const hookStartedAt = Date.now();
@@ -4707,7 +5321,7 @@ Advance the current milestone strictly based on these approved results. Do not i
 
         if (isSessionLock && attempt < MAX_ATTEMPTS) {
           // OpenClaw session still held by previous call — wait for lock release then retry
-          const delay = 15000 + (attempt * 5000); // 15s, 20s, 25s, 30s
+          const delay = 3000 + (attempt * 2000); // 3s, 5s, 7s, 9s
           log({ event: 'agent_cmd_session_lock', eventType: hookEvent, attempt: attempt + 1, delayMs: delay, duration_ms: durationMs });
           setTimeout(() => runHook(attempt + 1), delay);
         } else if (isNetworkError && attempt < 2) {
@@ -4901,7 +5515,7 @@ Advance the current milestone strictly based on these approved results. Do not i
         const proofRecord = {
           traceRoot: proof.trace_root,
           txHash: anchor.txHash,
-          chain: anchor.chain || 'solana',
+          chain: anchor.chain || 'base',
           executor: id.did,
           taskFrom: task.from,
           action: task.action,
@@ -5004,7 +5618,7 @@ Advance the current milestone strictly based on these approved results. Do not i
     const anchorTx = anchor?.txHash || null;
     let anchorAudit = { checked: false, verified: false, chain: task?.chain || anchor?.chain || null, reason: null };
     if (anchorTx) {
-      anchorAudit = await verifyAnchorFromChain(task?.chain || anchor?.chain || 'solana', anchorTx, proof.trace_root);
+      anchorAudit = await verifyAnchorFromChain(task?.chain || anchor?.chain || 'base', anchorTx, proof.trace_root);
     }
 
     const auditReasons = [];
@@ -5038,7 +5652,7 @@ Advance the current milestone strictly based on these approved results. Do not i
             proofBundle: proof,
             traceRoot: proof.trace_root,
             anchorTx: anchor?.txHash || null,
-            chain: anchor?.chain || task?.chain || 'solana',
+            chain: anchor?.chain || task?.chain || 'base',
             traceEvents: trace.events, // Include trace events for verification
             audit: auditSummary,
           };
@@ -5088,7 +5702,7 @@ Advance the current milestone strictly based on these approved results. Do not i
           fetch(`${ATEL_NOTIFY_GATEWAY}/tools/invoke`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${token}` },
-            body: JSON.stringify({ tool: 'message', args: { action: 'send', message: msg, target: ATEL_NOTIFY_TARGET } }),
+            body: JSON.stringify({ tool: 'message', args: { action: 'send', channel: 'telegram', message: msg, target: ATEL_NOTIFY_TARGET } }),
             signal: AbortSignal.timeout(5000),
           }).then(() => log({ event: 'notify_sent', taskId })).catch(e => log({ event: 'notify_failed', taskId, error: e.message }));
         }
@@ -5120,7 +5734,7 @@ Advance the current milestone strictly based on these approved results. Do not i
         status: (success !== false && auditPassed) ? 'completed' : 'failed',
         result,
         proof: { proof_id: proof.proof_id, trace_root: proof.trace_root, events_count: trace.events.length },
-        anchor: anchor ? { chain: anchor.chain || 'solana', txHash: anchor.txHash, block: anchor.blockNumber } : null,
+        anchor: anchor ? { chain: anchor.chain || 'base', txHash: anchor.txHash, block: anchor.blockNumber } : null,
         execution: { duration_ms: durationMs, encrypted: task.encrypted },
         audit: auditSummary,
         rollback: rollbackReport ? { total: rollbackReport.total, succeeded: rollbackReport.succeeded, failed: rollbackReport.failed } : null,
@@ -5371,7 +5985,7 @@ Advance the current milestone strictly based on these approved results. Do not i
         text,
         timestamp: new Date().toISOString(),
       });
-      pushP2PNotification('p2p_message_received', { peerDid: message.from, text }).catch((e) => log({ event: 'p2p_notify_error', kind: 'portal_message', error: e.message }));
+      pushP2PNotification('p2p_message_received', { peerDid: message.from, text, images: payload.images, attachments: payload.attachments }).catch((e) => log({ event: 'p2p_notify_error', kind: 'portal_message', error: e.message }));
       return {
         status: 'ok',
         kind: 'portal_message',
@@ -5641,7 +6255,7 @@ Advance the current milestone strictly based on these approved results. Do not i
         const echoDurationMs = Date.now() - new Date(echoAcceptedAt || Date.now()).getTime();
         if (anchor?.txHash) {
           const proofRecord = {
-            traceRoot: proof.trace_root, txHash: anchor.txHash, chain: anchor.chain || 'solana',
+            traceRoot: proof.trace_root, txHash: anchor.txHash, chain: anchor.chain || 'base',
             executor: id.did, taskFrom: message.from, action, success: echoSuccess,
             durationMs: echoDurationMs, riskLevel: 'low', policyViolations: 0,
             proofId: proof.proof_id, timestamp: new Date().toISOString(), verified: true,
@@ -5677,10 +6291,8 @@ Advance the current milestone strictly based on these approved results. Do not i
 
   await endpoint.start();
 
-  // Telegram notifications are opt-in by default. Only auto-bind when explicit consent was already collected.
-  if (ATEL_NOTIFY_AUTO_BIND) {
-    try { autoBindNotifications(); } catch (e) { /* never block startup */ }
-  }
+  // In OpenClaw-hosted mode, self-heal notification binding automatically so TG callbacks survive reinstall / port drift.
+  try { autoBindNotifications(); } catch (e) { /* never block startup */ }
 
   // Background retry for failed result pushes (durable queue)
   const flushResultPushQueue = async () => {
@@ -5721,12 +6333,12 @@ Advance the current milestone strictly based on these approved results. Do not i
   flushResultPushQueue().catch((e) => log({ event: 'result_push_flush_error', error: e.message }));
   setInterval(() => {
     flushResultPushQueue().catch((e) => log({ event: 'result_push_flush_error', error: e.message }));
-  }, 15000);
+  }, 5000);
 
   reconcileActiveTradeOrders().catch((e) => log({ event: 'trade_reconcile_bootstrap_error', error: e.message }));
   setInterval(() => {
     reconcileActiveTradeOrders().catch((e) => log({ event: 'trade_reconcile_interval_error', error: e.message }));
-  }, 15000);
+  }, 3000);
 
   // Auto-register to Registry with candidates
   if (capTypes.length > 0 && networkConfig.candidates && networkConfig.candidates.length > 0) {
@@ -6736,14 +7348,50 @@ async function cmdRotate() {
     newDid: newIdentity.did,
     backup: backupFile,
     proof_valid: verifyKeyRotation(proof),
-    anchor: anchor ? { chain: anchor.chain || 'solana', txHash: anchor.txHash } : null,
+    anchor: anchor ? { chain: anchor.chain || 'base', txHash: anchor.txHash } : null,
     next: 'Restart endpoint: atel start [port]',
   }, null, 2));
 }
 
 // ─── Platform API Helpers ────────────────────────────────────────
 
-const PLATFORM_URL = process.env.ATEL_PLATFORM || process.env.ATEL_API || process.env.ATEL_REGISTRY || 'https://api.atelai.org';
+const PLATFORM_URL = ATEL_PLATFORM;
+
+async function syncContactToPlatform(contactDid, options = {}) {
+  const id = requireIdentity();
+  const normalized = String(contactDid || '').trim();
+  if (!normalized || normalized === id.did) return { ok: false, reason: 'invalid_contact' };
+  try {
+    await signedFetch('POST', '/contacts/v1/sync', {
+      contactDid: normalized,
+      alias: String(options.alias || '').trim(),
+      notes: String(options.notes || '').trim(),
+    });
+    log({ event: 'contact_sync_ok', contactDid: normalized });
+    return { ok: true };
+  } catch (e) {
+    log({ event: 'contact_sync_failed', contactDid: normalized, error: e.message || 'unknown_error' });
+    return { ok: false, reason: e.message || 'sync_failed' };
+  }
+}
+
+async function syncAllFriendsToPlatform() {
+  const friends = loadFriends();
+  const accepted = Array.isArray(friends?.friends) ? friends.friends : [];
+  if (accepted.length === 0) return { attempted: 0, synced: 0, failed: 0 };
+  let synced = 0;
+  let failed = 0;
+  for (const friend of accepted) {
+    const result = await syncContactToPlatform(friend.did, {
+      alias: friend.alias || '',
+      notes: friend.notes || ''
+    });
+    if (result.ok) synced += 1;
+    else failed += 1;
+  }
+  log({ event: 'contacts_backfill_sync', attempted: accepted.length, synced, failed });
+  return { attempted: accepted.length, synced, failed };
+}
 
 async function signedFetch(method, path, payload = {}) {
   const id = requireIdentity();
@@ -6769,6 +7417,7 @@ async function cmdAuth(code) {
     console.error('  Authorize a Dashboard session using the code displayed on the login page.');
     process.exit(1);
   }
+  ensureProductionAuthTarget();
   const id = requireIdentity();
   const { default: nacl } = await import('tweetnacl');
   const { serializePayload } = await import('@lawrenceliang-btc/atel-sdk');
@@ -7268,10 +7917,39 @@ async function cmdReject(orderId) {
   console.log(JSON.stringify(data, null, 2));
 }
 
-async function cmdOrderCancel(orderId, reason) {
-  if (!orderId) { console.error('Usage: atel order-cancel <orderId> [reason]'); process.exit(1); }
+async function cmdOrderCancel(orderId, restArgs = []) {
+  if (!orderId) { console.error('Usage: atel order-cancel <orderId> [reason] [--dry-run]'); process.exit(1); }
+
+  const { dryRun, reason } = parseOrderCancelArgs(restArgs);
+  const cancelReason = reason || 'reset regression environment';
+
+  const res = await fetch(`${PLATFORM_URL}/trade/v1/order/${orderId}`, { signal: AbortSignal.timeout(10000) });
+  const orderInfo = await res.json();
+  if (!res.ok) { console.error('Failed to get order:', orderInfo.error || `http_${res.status}`); process.exit(1); }
+
+  const currentDid = requireIdentity().did;
+  const preflight = preflightOrderCancel(orderInfo, currentDid);
+  if (!preflight.ok) {
+    console.error(preflight.error);
+    process.exit(1);
+  }
+
+  if (dryRun) {
+    console.log(JSON.stringify({
+      status: 'dry_run',
+      orderId: preflight.orderId,
+      orderStatus: preflight.orderStatus,
+      requesterDid: preflight.requesterDid,
+      executorDid: preflight.executorDid,
+      currentDid: preflight.currentDid,
+      reason: cancelReason,
+      canCancel: true,
+    }, null, 2));
+    return;
+  }
+
   const data = await signedFetch('POST', `/trade/v1/order/${orderId}/cancel`, {
-    reason: reason || 'reset regression environment',
+    reason: cancelReason,
   });
   if (data?.status === 'cancelled') untrackOrder(orderId);
   console.log(JSON.stringify(data, null, 2));
@@ -7574,7 +8252,7 @@ async function cmdComplete(orderId, taskId) {
 
     if (anchor?.txHash) {
       const proofRecord = {
-        traceRoot: proof.trace_root, txHash: anchor.txHash, chain: anchor.chain || 'solana',
+        traceRoot: proof.trace_root, txHash: anchor.txHash, chain: anchor.chain || 'base',
         executor: id.did, taskFrom: requesterDid, action: 'cli-complete',
         success: true, durationMs: 0, riskLevel: 'low', policyViolations: 0,
         proofId: proof.proof_id, timestamp: new Date().toISOString(), verified: true,
@@ -7621,7 +8299,7 @@ async function cmdComplete(orderId, taskId) {
   const orderPrice = Number(orderInfo?.priceAmount ?? 0);
   const isPaidOrder = orderId.startsWith('ord-') && orderPrice > 0;
   const anchorTx = anchor?.txHash || null;
-  const anchorChain = anchorTx ? (anchor?.chain || orderInfo?.chain || 'solana') : (orderInfo?.chain || null);
+  const anchorChain = anchorTx ? (anchor?.chain || orderInfo?.chain || 'base') : (orderInfo?.chain || null);
   const auditReasons = [];
   if (!traceAudit.valid) auditReasons.push('trace_hash_chain_invalid');
   if (isPaidOrder && !anchorTx) auditReasons.push('paid_order_anchor_missing');
@@ -9597,7 +10275,7 @@ const commands = {
   // Trade
   'trade-task': () => cmdTradeTask(args[0], args.slice(1).join(' ')),
   order: () => cmdOrder(args[0], args[1], args[2]),
-  'order-cancel': () => cmdOrderCancel(args[0], args.slice(1).join(' ').trim()),
+  'order-cancel': () => cmdOrderCancel(args[0], args.slice(1)),
   'order-info': () => cmdOrderInfo(args[0]),
   accept: () => cmdAccept(args[0]),
   reject: () => _origCmdReject(args[0]),
@@ -9745,13 +10423,28 @@ const commands = {
       console.log('Gateway:', gw ? `${gw.url} (token: ${gw.token ? '✅' : '❌'})` : '❌ not found');
       const botToken = discoverTelegramBot();
       console.log('TG Bot:', botToken ? `✅ (${botToken.split(':')[0]})` : '❌ not configured');
+      const inboundConfig = getTelegramInboundConfig();
+      const inboundMode = inboundConfig ? getTelegramInboundHostMode(inboundConfig) : { mode: 'disabled', reason: 'no_inbound_config' };
+      console.log('TG Ingress:', `${inboundMode.mode}${inboundMode.reason ? ` (${inboundMode.reason})` : ''}`);
+      let currentDid = '';
+      try { currentDid = requireIdentity().did; } catch {}
+      const consents = listNotifyConsentsForDid(currentDid);
       console.log(`\nTargets (${targets.targets.length}):`);
       if (targets.targets.length === 0) {
         console.log('  (none) — use "atel notify bind <chatId>" to add');
       }
       for (const t of targets.targets) {
         const status = t.enabled !== false ? '✅' : '🔇';
-        console.log(`  ${status} [${t.id}] ${t.channel}:${t.target} label=${t.label || '-'} last=${t.lastUsedAt || 'never'}`);
+        const consent = consents.find((item) => ((item.channel === t.channel) || (t.channel === 'gateway' && item.channel === 'telegram')) && item.target === String(t.target));
+        const consentLabel = consent ? `${consent.status || 'active'} @ ${consent.consentedAt || consent.updatedAt || 'unknown'}` : 'missing';
+        console.log(`  ${status} [${t.id}] ${t.channel}:${t.target} label=${t.label || '-'} last=${t.lastUsedAt || 'never'} consent=${consentLabel}`);
+      }
+      if (currentDid) {
+        console.log(`\nConsent Records (${consents.length}) for ${currentDid}:`);
+        if (consents.length === 0) console.log('  (none)');
+        for (const item of consents) {
+          console.log(`  - ${item.channel}:${item.target} status=${item.status || 'active'} source=${item.source || '-'} updated=${item.updatedAt || item.consentedAt || 'unknown'}`);
+        }
       }
       return;
     }
@@ -9772,18 +10465,32 @@ const commands = {
       let botToken = rawArgs.includes('--bot-token') ? rawArgs[rawArgs.indexOf('--bot-token') + 1] : '';
       if (!botToken) botToken = process.env.TELEGRAM_BOT_TOKEN || '';
       if (!botToken) botToken = discoverTelegramBot() || '';
-      const id = `tg_${chatId}`;
-      // Remove existing with same id
-      targets.targets = targets.targets.filter(t => t.id !== id);
+      const currentDid = requireIdentity().did;
+      const bindingTarget = resolveNotifyBindTarget(chatId, botToken);
+      if (bindingTarget.channel === 'telegram') {
+        const ownership = ensureTelegramBindingOwnership(currentDid, chatId, botToken);
+        if (!ownership.ok) {
+          console.error(`Telegram chat ${chatId} for bot ${ownership.botId || 'telegram'} is already owned by DID ${ownership.ownerDid}. Remove/disable it there before rebinding.`);
+          process.exit(1);
+        }
+      }
+      const id = bindingTarget.id;
+      // Remove existing notify targets for the same chat before rebinding
+      targets.targets = targets.targets.filter(t => !(String(t.target) === String(chatId) && (t.channel === 'telegram' || t.channel === 'gateway')));
       targets.targets.push({
-        id, channel: 'telegram', target: String(chatId),
-        botToken: botToken || undefined,
-        label: 'owner', enabled: true,
+        id, channel: bindingTarget.channel, target: String(bindingTarget.target),
+        botToken: bindingTarget.botToken,
+        label: bindingTarget.label, enabled: true,
         createdAt: new Date().toISOString(), lastUsedAt: null,
       });
       saveNotifyTargets(targets);
       rememberTelegramRoute(chatId, botToken || undefined);
-      console.log(`✅ Bound TG chat ${chatId} as notification target (id: ${id})`);
+      try { upsertNotifyConsent({ did: requireIdentity().did, channel: 'telegram', target: String(chatId), botToken, source: 'notify_bind', status: 'active' }); } catch {}
+      if (bindingTarget.channel === 'gateway') {
+        console.log(`✅ Bound OpenClaw gateway chat ${chatId} as notification target (id: ${id})`);
+      } else {
+        console.log(`✅ Bound TG chat ${chatId} as notification target (id: ${id})`);
+      }
       if (!botToken) console.log('⚠️  No bot token found. Set TELEGRAM_BOT_TOKEN or use --bot-token');
       return;
     }
@@ -9795,6 +10502,17 @@ const commands = {
       if (rawArgs.includes('--label')) label = rawArgs[rawArgs.indexOf('--label') + 1] || '';
       let botToken = rawArgs.includes('--bot-token') ? rawArgs[rawArgs.indexOf('--bot-token') + 1] : '';
       if (!botToken && channel === 'telegram') botToken = process.env.TELEGRAM_BOT_TOKEN || discoverTelegramBot() || '';
+      const currentDid = requireIdentity().did;
+      if (channel === 'telegram') {
+        const bindingTarget = resolveNotifyBindTarget(target, botToken);
+        if (bindingTarget.channel === 'telegram') {
+          const ownership = ensureTelegramBindingOwnership(currentDid, target, botToken);
+          if (!ownership.ok) {
+            console.error(`Telegram chat ${target} for bot ${ownership.botId || 'telegram'} is already owned by DID ${ownership.ownerDid}. Remove/disable it there before rebinding.`);
+            process.exit(1);
+          }
+        }
+      }
       const id = `${channel.substring(0,2)}_${target}`;
       targets.targets = targets.targets.filter(t => t.id !== id);
       targets.targets.push({
@@ -9804,6 +10522,7 @@ const commands = {
         createdAt: new Date().toISOString(), lastUsedAt: null,
       });
       saveNotifyTargets(targets);
+      try { upsertNotifyConsent({ did: requireIdentity().did, channel, target: String(target), botToken, source: 'notify_add', status: 'active' }); } catch {}
       console.log(`✅ Added ${channel}:${target} (id: ${id})`);
       return;
     }
@@ -9811,9 +10530,17 @@ const commands = {
     if (subCmd === 'remove') {
       const id = args[1];
       if (!id) { console.error('Usage: atel notify remove <id>'); process.exit(1); }
+      const removedTarget = targets.targets.find(t => t.id === id) || null;
       const before = targets.targets.length;
       targets.targets = targets.targets.filter(t => t.id !== id);
       saveNotifyTargets(targets);
+      if (removedTarget) {
+        try {
+          const did = requireIdentity().did;
+          if (removedTarget.channel === 'telegram') releaseTelegramBindingOwnership(did, removedTarget.target, removedTarget.botToken);
+          revokeNotifyConsent({ did, channel: removedTarget.channel, target: String(removedTarget.target), reason: 'notify_remove' });
+        } catch {}
+      }
       console.log(targets.targets.length < before ? `✅ Removed ${id}` : `⚠️ Target ${id} not found`);
       return;
     }
@@ -9823,8 +10550,26 @@ const commands = {
       if (!id) { console.error(`Usage: atel notify ${subCmd} <id>`); process.exit(1); }
       const t = targets.targets.find(t => t.id === id);
       if (!t) { console.error(`Target ${id} not found`); process.exit(1); }
+      const did = requireIdentity().did;
+      if (subCmd === 'enable' && t.channel === 'telegram') {
+        const bindingTarget = resolveNotifyBindTarget(t.target, t.botToken || '');
+        if (bindingTarget.channel === 'telegram') {
+          const ownership = ensureTelegramBindingOwnership(did, t.target, t.botToken);
+          if (!ownership.ok) {
+            console.error(`Telegram chat ${t.target} for bot ${ownership.botId || 'telegram'} is already owned by DID ${ownership.ownerDid}. Remove/disable it there before rebinding.`);
+            process.exit(1);
+          }
+        }
+      }
       t.enabled = subCmd === 'enable';
       saveNotifyTargets(targets);
+      try {
+        if (subCmd === 'enable') upsertNotifyConsent({ did, channel: t.channel, target: String(t.target), botToken: t.botToken, source: 'notify_enable', status: 'active' });
+        else {
+          if (t.channel === 'telegram') releaseTelegramBindingOwnership(did, t.target, t.botToken);
+          revokeNotifyConsent({ did, channel: t.channel, target: String(t.target), reason: 'notify_disable' });
+        }
+      } catch {}
       console.log(`✅ ${id} ${subCmd}d`);
       return;
     }
@@ -9845,17 +10590,11 @@ const commands = {
             const data = await resp.json();
             console.log(`  ${target.id}: ${data.ok ? '✅ sent' : '❌ ' + (data.description || 'failed')}`);
           } else if (target.channel === 'gateway') {
-            const gw = discoverGateway();
-            if (gw?.url && gw?.token) {
-              const resp = await fetch(`${gw.url}/tools/invoke`, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${gw.token}` },
-                body: JSON.stringify({ tool: 'message', args: { action: 'send', message: '🔔 ATEL notification test', target: target.target } }),
-                signal: AbortSignal.timeout(10000),
-              });
-              console.log(`  ${target.id}: ${resp.ok ? '✅ sent' : '❌ status ' + resp.status}`);
+            const delivery = await invokeGatewayTelegramMessage(target.target, '🔔 ATEL notification test', 10000);
+            if (delivery.ok) {
+              console.log(`  ${target.id}: ✅ sent via ${delivery.url}`);
             } else {
-              console.log(`  ${target.id}: ❌ gateway not found`);
+              console.log(`  ${target.id}: ❌ ${delivery.error || delivery.reason || 'gateway_failed'}${delivery.url ? ' @ ' + delivery.url : ''}`);
             }
           } else {
             console.log(`  ${target.id}: ❌ unsupported channel ${target.channel}`);
@@ -9919,7 +10658,7 @@ Auth Commands:
 
 Account Commands:
   balance                              Show platform account balance
-  deposit <amount> [channel]           Deposit funds (channel: manual|crypto_solana|crypto_base|crypto_bsc|stripe|alipay)
+  deposit <amount> [channel]           Deposit funds (channel: manual|crypto_base|crypto_bsc|stripe|alipay)
   withdraw <amount> [channel] [address] Withdraw funds (address required for crypto)
   transactions                         List payment history
 
@@ -9946,7 +10685,7 @@ Hub Commands:
 Trade Commands:
   trade-task <cap> <desc> [--budget N]   One-shot: search → order → wait → confirm (requester)
   order <executorDid> <cap> <price>    Create a trade order
-  order-cancel <orderId> [reason]      Cancel an order
+  order-cancel <orderId> [reason] [--dry-run]  Cancel an order
   order-info <orderId>                 Get order details
   accept <orderId>                     Accept an order (executor)
   reject <orderId>                     Reject an order (executor)