@memtensor/memos-local-openclaw-plugin 1.0.4-beta.9 → 1.0.5

package/src/viewer/server.ts

@@ -34,6 +34,7 @@ export interface ViewerServerOptions {
   log: Logger;
   dataDir: string;
   ctx?: PluginContext;
+  defaultHubPort?: number;
 }
 
 interface AuthState {
@@ -51,6 +52,8 @@ export class ViewerServer {
   private readonly authFile: string;
   private readonly auth: AuthState;
   private readonly ctx?: PluginContext;
+  private readonly cookieName: string;
+  private readonly defaultHubPort: number;
 
   private static readonly SESSION_TTL = 24 * 60 * 60 * 1000;
   private static readonly PLUGIN_VERSION: string = (() => {
@@ -99,17 +102,31 @@ export class ViewerServer {
     this.ctx = opts.ctx;
     this.authFile = path.join(opts.dataDir, "viewer-auth.json");
     this.auth = { passwordHash: null, sessions: new Map() };
+    this.cookieName = `memos_token_${opts.port}`;
+    this.defaultHubPort = opts.defaultHubPort ?? 18800;
     this.resetToken = crypto.randomBytes(16).toString("hex");
     this.loadAuth();
   }
 
+  private getHubPort(): number {
+    const configured = this.ctx?.config?.sharing?.hub?.port;
+    if (configured && configured !== 18800) return configured;
+    return this.defaultHubPort;
+  }
+
   start(): Promise<string> {
+    const MAX_PORT_RETRIES = 5;
     return new Promise((resolve, reject) => {
+      let retries = 0;
       this.server = http.createServer((req, res) => this.handleRequest(req, res));
       this.server.on("error", (err: NodeJS.ErrnoException) => {
-        if (err.code === "EADDRINUSE") {
-          this.log.warn(`Viewer port ${this.port} in use, trying ${this.port + 1}`);
-          this.server!.listen(this.port + 1, "0.0.0.0");
+        if (err.code === "EADDRINUSE" && retries < MAX_PORT_RETRIES) {
+          retries++;
+          const nextPort = this.port + retries;
+          this.log.warn(`Viewer port ${this.port + retries - 1} in use, trying ${nextPort}`);
+          this.server!.listen(nextPort, "0.0.0.0");
+        } else if (err.code === "EADDRINUSE") {
+          reject(new Error(`Viewer failed to find open port after ${MAX_PORT_RETRIES} retries (tried ${this.port}–${this.port + MAX_PORT_RETRIES})`));
         } else {
           reject(err);
         }
@@ -187,7 +204,8 @@ export class ViewerServer {
 
   private isValidSession(req: http.IncomingMessage): boolean {
     const cookie = req.headers.cookie ?? "";
-    const match = cookie.match(/memos_token=([a-f0-9]+)/);
+    const re = new RegExp(`${this.cookieName}=([a-f0-9]+)`);
+    const match = cookie.match(re);
     if (!match) return false;
     const expiry = this.auth.sessions.get(match[1]);
     if (!expiry) return false;
@@ -270,6 +288,7 @@ export class ViewerServer {
       else if (p === "/api/sharing/remove-user" && req.method === "POST") this.handleSharingRemoveUser(req, res);
       else if (p === "/api/sharing/change-role" && req.method === "POST") this.handleSharingChangeRole(req, res);
       else if (p === "/api/sharing/retry-join" && req.method === "POST") this.handleRetryJoin(req, res);
+      else if (p === "/api/sharing/leave" && req.method === "POST") this.handleLeaveTeam(req, res);
       else if (p === "/api/sharing/search/memories" && req.method === "POST") this.handleSharingMemorySearch(req, res);
       else if (p === "/api/sharing/memories/list" && req.method === "GET") this.serveSharingMemoryList(res, url);
       else if (p === "/api/sharing/tasks/list" && req.method === "GET") this.serveSharingTaskList(res, url);
@@ -290,6 +309,7 @@ export class ViewerServer {
       else if (p === "/api/sharing/notifications" && req.method === "GET") this.serveSharingNotifications(res, url);
       else if (p === "/api/sharing/notifications/read" && req.method === "POST") this.handleSharingNotificationsRead(req, res);
       else if (p === "/api/sharing/notifications/clear" && req.method === "POST") this.handleSharingNotificationsClear(req, res);
+      else if (p === "/api/sharing/sync-hub-removal" && req.method === "POST") this.handleSyncHubRemoval(req, res);
       else if (p === "/api/notifications/stream" && req.method === "GET") this.handleNotifSSE(req, res);
       else if (p === "/api/admin/shared-tasks" && req.method === "GET") this.serveAdminSharedTasks(res);
       else if (p.match(/^\/api\/admin\/shared-tasks\/[^/]+\/detail$/) && req.method === "GET") this.serveHubTaskDetail(res, p);
@@ -350,7 +370,7 @@ export class ViewerServer {
         const token = this.createSession();
         res.writeHead(200, {
           "Content-Type": "application/json",
-          "Set-Cookie": `memos_token=${token}; Path=/; HttpOnly; SameSite=Strict; Max-Age=86400`,
+          "Set-Cookie": `${this.cookieName}=${token}; Path=/; HttpOnly; SameSite=Strict; Max-Age=86400`,
         });
         res.end(JSON.stringify({ ok: true, message: "Password set successfully" }));
       } catch (err) {
@@ -372,7 +392,7 @@ export class ViewerServer {
         const token = this.createSession();
         res.writeHead(200, {
           "Content-Type": "application/json",
-          "Set-Cookie": `memos_token=${token}; Path=/; HttpOnly; SameSite=Strict; Max-Age=86400`,
+          "Set-Cookie": `${this.cookieName}=${token}; Path=/; HttpOnly; SameSite=Strict; Max-Age=86400`,
         });
         res.end(JSON.stringify({ ok: true }));
       } catch (err) {
@@ -384,11 +404,12 @@ export class ViewerServer {
 
   private handleLogout(req: http.IncomingMessage, res: http.ServerResponse): void {
     const cookie = req.headers.cookie ?? "";
-    const match = cookie.match(/memos_token=([a-f0-9]+)/);
+    const re = new RegExp(`${this.cookieName}=([a-f0-9]+)`);
+    const match = cookie.match(re);
     if (match) this.auth.sessions.delete(match[1]);
     res.writeHead(200, {
       "Content-Type": "application/json",
-      "Set-Cookie": "memos_token=; Path=/; HttpOnly; Max-Age=0",
+      "Set-Cookie": `${this.cookieName}=; Path=/; HttpOnly; Max-Age=0`,
     });
     res.end(JSON.stringify({ ok: true }));
   }
@@ -415,7 +436,7 @@ export class ViewerServer {
         const sessionToken = this.createSession();
         res.writeHead(200, {
           "Content-Type": "application/json",
-          "Set-Cookie": `memos_token=${sessionToken}; Path=/; HttpOnly; SameSite=Strict; Max-Age=86400`,
+          "Set-Cookie": `${this.cookieName}=${sessionToken}; Path=/; HttpOnly; SameSite=Strict; Max-Age=86400`,
         });
         res.end(JSON.stringify({ ok: true, message: "Password reset successfully" }));
       } catch (err) {
@@ -451,9 +472,8 @@ export class ViewerServer {
     if (session) { conditions.push("session_key = ?"); params.push(session); }
     if (role) { conditions.push("role = ?"); params.push(role); }
     if (owner && owner.startsWith("agent:")) {
-      const agentPrefix = owner + ":";
-      conditions.push("(owner = ? OR (owner = 'public' AND session_key LIKE ?))");
-      params.push(owner, agentPrefix + "%");
+      conditions.push("(owner = ? OR owner = 'public')");
+      params.push(owner);
     } else if (owner) {
       conditions.push("owner = ?"); params.push(owner);
     }
@@ -462,7 +482,7 @@ export class ViewerServer {
 
     const where = conditions.length > 0 ? " WHERE " + conditions.join(" AND ") : "";
     const totalRow = db.prepare("SELECT COUNT(*) as count FROM chunks" + where).get(...params) as any;
-    const rawMemories = db.prepare("SELECT * FROM chunks" + where + ` ORDER BY created_at ${sortBy} LIMIT ? OFFSET ?`).all(...params, limit, offset);
+    const rawMemories = db.prepare("SELECT * FROM chunks" + where + ` ORDER BY CASE WHEN dedup_status IN ('duplicate','merged') THEN 1 ELSE 0 END ASC, created_at ${sortBy} LIMIT ? OFFSET ?`).all(...params, limit, offset);
     const findMergeSources = db.prepare("SELECT id, summary, role FROM chunks WHERE dedup_target = ? AND (dedup_status = 'merged' OR dedup_status = 'duplicate')");
 
     const chunkIds = rawMemories.map((m: any) => m.id);
@@ -473,6 +493,12 @@ export class ViewerServer {
         const placeholders = chunkIds.map(() => "?").join(",");
         const sharedRows = db.prepare(`SELECT source_chunk_id, visibility, group_id FROM hub_memories WHERE source_chunk_id IN (${placeholders})`).all(...chunkIds) as Array<{ source_chunk_id: string; visibility: string; group_id: string | null }>;
         for (const r of sharedRows) sharingMap.set(r.source_chunk_id, r);
+        const teamMetaRows = db.prepare(`SELECT chunk_id, visibility, group_id FROM team_shared_chunks WHERE chunk_id IN (${placeholders})`).all(...chunkIds) as Array<{ chunk_id: string; visibility: string; group_id: string | null }>;
+        for (const r of teamMetaRows) {
+          if (!sharingMap.has(r.chunk_id)) {
+            sharingMap.set(r.chunk_id, { visibility: r.visibility, group_id: r.group_id });
+          }
+        }
         const localRows = db.prepare(`SELECT chunk_id, original_owner, shared_at FROM local_shared_memories WHERE chunk_id IN (${placeholders})`).all(...chunkIds) as Array<{ chunk_id: string; original_owner: string; shared_at: number }>;
         for (const r of localRows) localShareMap.set(r.chunk_id, r);
       } catch {
@@ -640,9 +666,8 @@ export class ViewerServer {
       let sessionQuery: string;
       let sessionParams: any[];
       if (ownerFilter && ownerFilter.startsWith("agent:")) {
-        const agentPrefix = ownerFilter + ":";
-        sessionQuery = "SELECT session_key, COUNT(*) as count, MIN(created_at) as earliest, MAX(created_at) as latest FROM chunks WHERE (owner = ? OR (owner = 'public' AND session_key LIKE ?)) GROUP BY session_key ORDER BY latest DESC";
-        sessionParams = [ownerFilter, agentPrefix + "%"];
+        sessionQuery = "SELECT session_key, COUNT(*) as count, MIN(created_at) as earliest, MAX(created_at) as latest FROM chunks WHERE (owner = ? OR owner = 'public') GROUP BY session_key ORDER BY latest DESC";
+        sessionParams = [ownerFilter];
       } else if (ownerFilter) {
         sessionQuery = "SELECT session_key, COUNT(*) as count, MIN(created_at) as earliest, MAX(created_at) as latest FROM chunks WHERE owner = ? GROUP BY session_key ORDER BY latest DESC";
         sessionParams = [ownerFilter];
@@ -1049,11 +1074,21 @@ export class ViewerServer {
     });
   }
 
-  private handleSkillDelete(res: http.ServerResponse, urlPath: string): void {
+  private async handleSkillDelete(res: http.ServerResponse, urlPath: string): Promise<void> {
     const skillId = urlPath.replace("/api/skill/", "");
     const skill = this.store.getSkill(skillId);
     if (!skill) { res.writeHead(404, { "Content-Type": "application/json" }); res.end(JSON.stringify({ error: "Skill not found" })); return; }
-    // Remove skill directory from disk
+    try {
+      const hub = this.resolveHubConnection();
+      if (hub) {
+        await hubRequestJson(hub.hubUrl, hub.userToken, "/api/v1/hub/skills/unpublish", {
+          method: "POST",
+          body: JSON.stringify({ sourceSkillId: skillId }),
+        }).catch(() => {});
+      }
+      const db = (this.store as any).db;
+      db.prepare("DELETE FROM hub_skills WHERE source_skill_id = ?").run(skillId);
+    } catch (_) {}
     try {
       if (skill.dirPath && fs.existsSync(skill.dirPath)) {
         fs.rmSync(skill.dirPath, { recursive: true, force: true });
@@ -1216,7 +1251,6 @@ export class ViewerServer {
         let hubSynced = false;
 
         if (scope === "team") {
-          if (!isLocalShared) this.store.markMemorySharedLocally(chunkId);
           if (!isTeamShared) {
             const hubClient = await this.resolveHubClientAware();
             const refreshedChunk = db.prepare("SELECT * FROM chunks WHERE id = ?").get(chunkId) as any;
@@ -1224,17 +1258,24 @@ export class ViewerServer {
               method: "POST",
               body: JSON.stringify({ memory: { sourceChunkId: refreshedChunk.id, role: refreshedChunk.role, content: refreshedChunk.content, summary: refreshedChunk.summary, kind: refreshedChunk.kind, groupId: null, visibility: "public" } }),
             });
-            if (hubClient.userId) {
+            if (!isLocalShared) this.store.markMemorySharedLocally(chunkId);
+            const memoryId = String((response as any)?.memoryId ?? "");
+            const isHubRole = this.ctx?.config?.sharing?.role === "hub";
+            if (hubClient.userId && isHubRole) {
               const existing = this.store.getHubMemoryBySource(hubClient.userId, chunkId);
               this.store.upsertHubMemory({
-                id: (response as any)?.memoryId ?? existing?.id ?? crypto.randomUUID(),
+                id: memoryId || existing?.id || crypto.randomUUID(),
                 sourceChunkId: chunkId, sourceUserId: hubClient.userId,
                 role: refreshedChunk.role, content: refreshedChunk.content, summary: refreshedChunk.summary ?? "",
                 kind: refreshedChunk.kind, groupId: null, visibility: "public",
                 createdAt: existing?.createdAt ?? Date.now(), updatedAt: Date.now(),
               });
+            } else if (hubClient.userId) {
+              this.store.upsertTeamSharedChunk(chunkId, { hubMemoryId: memoryId, visibility: "public", groupId: null });
             }
             hubSynced = true;
+          } else {
+            if (!isLocalShared) this.store.markMemorySharedLocally(chunkId);
           }
         } else if (scope === "local") {
           if (isTeamShared) {
@@ -1244,6 +1285,7 @@ export class ViewerServer {
                 method: "POST", body: JSON.stringify({ sourceChunkId: chunkId }),
               });
               if (hubClient.userId) this.store.deleteHubMemoryBySource(hubClient.userId, chunkId);
+              this.store.deleteTeamSharedChunk(chunkId);
               hubSynced = true;
             } catch (err) { this.log.warn(`Failed to unshare memory from team: ${err}`); }
           }
@@ -1256,6 +1298,7 @@ export class ViewerServer {
                 method: "POST", body: JSON.stringify({ sourceChunkId: chunkId }),
               });
               if (hubClient.userId) this.store.deleteHubMemoryBySource(hubClient.userId, chunkId);
+              this.store.deleteTeamSharedChunk(chunkId);
               hubSynced = true;
             } catch (err) { this.log.warn(`Failed to unshare memory from team: ${err}`); }
           }
@@ -1296,15 +1339,6 @@ export class ViewerServer {
 
         let hubSynced = false;
 
-        if (scope === "local" || scope === "team") {
-          if (!isLocalShared) {
-            const originalOwner = task.owner;
-            const db = (this.store as any).db;
-            db.prepare("INSERT INTO local_shared_tasks (task_id, hub_task_id, original_owner, shared_at) VALUES (?, ?, ?, ?) ON CONFLICT(task_id) DO UPDATE SET original_owner = excluded.original_owner, shared_at = excluded.shared_at").run(taskId, "", originalOwner, Date.now());
-            db.prepare("UPDATE tasks SET owner = 'public' WHERE id = ?").run(taskId);
-          }
-        }
-
         if (scope === "team") {
           if (!isTeamShared) {
             const chunks = this.store.getChunksByTask(taskId);
@@ -1328,6 +1362,21 @@ export class ViewerServer {
             }
             hubSynced = true;
           }
+          if (!isLocalShared) {
+            const originalOwner = task.owner;
+            const db = (this.store as any).db;
+            db.prepare("INSERT INTO local_shared_tasks (task_id, hub_task_id, original_owner, shared_at) VALUES (?, ?, ?, ?) ON CONFLICT(task_id) DO UPDATE SET original_owner = excluded.original_owner, shared_at = excluded.shared_at").run(taskId, "", originalOwner, Date.now());
+            db.prepare("UPDATE tasks SET owner = 'public' WHERE id = ?").run(taskId);
+          }
+        }
+
+        if (scope === "local") {
+          if (!isLocalShared) {
+            const originalOwner = task.owner;
+            const db = (this.store as any).db;
+            db.prepare("INSERT INTO local_shared_tasks (task_id, hub_task_id, original_owner, shared_at) VALUES (?, ?, ?, ?) ON CONFLICT(task_id) DO UPDATE SET original_owner = excluded.original_owner, shared_at = excluded.shared_at").run(taskId, "", originalOwner, Date.now());
+            db.prepare("UPDATE tasks SET owner = 'public' WHERE id = ?").run(taskId);
+          }
         }
 
         if (scope === "local" && isTeamShared) {
@@ -1397,10 +1446,6 @@ export class ViewerServer {
 
         let hubSynced = false;
 
-        if (scope === "local" || scope === "team") {
-          if (!isLocalShared) this.store.setSkillVisibility(skillId, "public");
-        }
-
         if (scope === "team") {
           if (!isTeamShared) {
             const bundle = buildSkillBundleForHub(this.store, skillId);
@@ -1422,6 +1467,11 @@ export class ViewerServer {
             }
             hubSynced = true;
           }
+          if (!isLocalShared) this.store.setSkillVisibility(skillId, "public");
+        }
+
+        if (scope === "local") {
+          if (!isLocalShared) this.store.setSkillVisibility(skillId, "public");
         }
 
         if (scope === "local" && isTeamShared) {
@@ -1458,7 +1508,17 @@ export class ViewerServer {
 
   private getHubMemoryForChunk(chunkId: string): any {
     const db = (this.store as any).db;
-    return db.prepare("SELECT * FROM hub_memories WHERE source_chunk_id = ? LIMIT 1").get(chunkId);
+    const hub = db.prepare("SELECT * FROM hub_memories WHERE source_chunk_id = ? LIMIT 1").get(chunkId);
+    if (hub) return hub;
+    const ts = this.store.getTeamSharedChunk(chunkId);
+    if (ts) {
+      return {
+        source_chunk_id: chunkId,
+        visibility: ts.visibility,
+        group_id: ts.groupId,
+      };
+    }
+    return undefined;
   }
 
   private getHubTaskForLocal(taskId: string): any {
@@ -1505,6 +1565,7 @@ export class ViewerServer {
   // ─── Config API ───
 
   private getOpenClawConfigPath(): string {
+    if (process.env.OPENCLAW_CONFIG_PATH) return process.env.OPENCLAW_CONFIG_PATH;
     const home = process.env.HOME || process.env.USERPROFILE || "";
     const ocHome = process.env.OPENCLAW_STATE_DIR || path.join(home, ".openclaw");
     return path.join(ocHome, "openclaw.json");
@@ -1594,7 +1655,20 @@ export class ViewerServer {
         base.connection.teamName = info?.teamName ?? sharing.hub?.teamName ?? null;
         base.connection.apiVersion = info?.apiVersion ?? null;
       } catch { /* ignore */ }
-      this.jsonResponse(res, base);
+
+      const hubStats: any = { totalMembers: 0, onlineMembers: 0, pendingMembers: 0 };
+      try {
+        const activeUsers = this.store.listHubUsers("active");
+        const pendingUsers = this.store.listHubUsers("pending");
+        const now = Date.now();
+        const OFFLINE_THRESHOLD = 120_000;
+        hubStats.totalMembers = activeUsers.length;
+        hubStats.onlineMembers = activeUsers.filter(u =>
+          u.lastActiveAt && (now - u.lastActiveAt < OFFLINE_THRESHOLD),
+        ).length;
+        hubStats.pendingMembers = pendingUsers.length;
+      } catch { /* best-effort */ }
+      this.jsonResponse(res, { ...base, hubStats });
       return;
     }
 
@@ -1613,6 +1687,9 @@ export class ViewerServer {
       if (status.user?.status === "rejected") {
         output.connection.rejected = true;
       }
+      if (status.user?.status === "removed") {
+        output.connection.removed = true;
+      }
       if (status.connected && status.hubUrl) {
         try {
           const info = await fetch(`${status.hubUrl}/api/v1/hub/info`).then((r) => (r.ok ? r.json() : null)).catch(() => null) as any;
@@ -1730,7 +1807,14 @@ export class ViewerServer {
         });
         this.jsonResponse(res, { ok: true, result });
       } catch (err) {
-        this.jsonResponse(res, { ok: false, error: String(err) });
+        const errStr = String(err);
+        if (errStr.includes("username_taken")) {
+          this.jsonResponse(res, { ok: false, error: "username_taken" });
+        } else if (errStr.includes("invalid_params")) {
+          this.jsonResponse(res, { ok: false, error: "invalid_params" });
+        } else {
+          this.jsonResponse(res, { ok: false, error: errStr });
+        }
       }
     });
   }
@@ -1749,22 +1833,17 @@ export class ViewerServer {
       }
       try {
         const hubUrl = normalizeHubUrl(hubAddress);
-        const localIPs = this.getLocalIPs();
-        localIPs.push("127.0.0.1", "localhost", "0.0.0.0");
-        try {
-          const u = new URL(hubUrl);
-          if (localIPs.includes(u.hostname)) {
-            return this.jsonResponse(res, { ok: false, error: "cannot_join_self" });
-          }
-        } catch {}
         const os = await import("os");
         const nickname = sharing.client?.nickname;
         const username = nickname || os.userInfo().username || "user";
         const hostname = os.hostname() || "unknown";
+        const persisted = this.store.getClientHubConnection();
+        const existingIdentityKey = persisted?.identityKey || "";
         const result = await hubRequestJson(hubUrl, "", "/api/v1/hub/join", {
           method: "POST",
-          body: JSON.stringify({ teamToken, username, deviceName: hostname, reapply: true }),
+          body: JSON.stringify({ teamToken, username, deviceName: hostname, reapply: true, identityKey: existingIdentityKey }),
         }) as any;
+        const returnedIdentityKey = String(result.identityKey || existingIdentityKey || "");
         this.store.setClientHubConnection({
           hubUrl,
           userId: String(result.userId || ""),
@@ -1772,6 +1851,8 @@ export class ViewerServer {
           userToken: result.userToken || "",
           role: "member",
           connectedAt: Date.now(),
+          identityKey: returnedIdentityKey,
+          lastKnownStatus: result.status || "",
         });
         this.jsonResponse(res, { ok: true, status: result.status || "pending" });
       } catch (err) {
@@ -2047,14 +2128,14 @@ export class ViewerServer {
             },
           }),
         });
-        const hubUserId = hubClient.userId;
-        if (hubUserId) {
+        const mid = String((response as any)?.memoryId ?? "");
+        if (hubClient.userId && this.ctx?.config?.sharing?.role === "hub") {
           const now = Date.now();
-          const existing = this.store.getHubMemoryBySource(hubUserId, chunk.id);
+          const existing = this.store.getHubMemoryBySource(hubClient.userId, chunk.id);
           this.store.upsertHubMemory({
-            id: (response as any)?.memoryId ?? existing?.id ?? crypto.randomUUID(),
+            id: mid || existing?.id || crypto.randomUUID(),
             sourceChunkId: chunk.id,
-            sourceUserId: hubUserId,
+            sourceUserId: hubClient.userId,
             role: chunk.role,
             content: chunk.content,
             summary: chunk.summary ?? "",
@@ -2064,6 +2145,8 @@ export class ViewerServer {
             createdAt: existing?.createdAt ?? now,
             updatedAt: now,
           });
+        } else if (hubClient.userId) {
+          this.store.upsertTeamSharedChunk(chunk.id, { hubMemoryId: mid, visibility, groupId });
         }
         this.jsonResponse(res, { ok: true, chunkId, visibility, response });
       } catch (err) {
@@ -2085,6 +2168,7 @@ export class ViewerServer {
         });
         const hubUserId = hubClient.userId;
         if (hubUserId) this.store.deleteHubMemoryBySource(hubUserId, chunkId);
+        this.store.deleteTeamSharedChunk(chunkId);
         this.jsonResponse(res, { ok: true, chunkId });
       } catch (err) {
         this.jsonResponse(res, { ok: false, error: String(err) });
@@ -2181,7 +2265,7 @@ export class ViewerServer {
     // Hub 模式：连接自己，用 bootstrap admin token
     const sharing = this.ctx.config.sharing;
     if (sharing?.role === "hub") {
-      const hubPort = sharing.hub?.port ?? 18800;
+      const hubPort = this.getHubPort();
       const hubUrl = `http://127.0.0.1:${hubPort}`;
       try {
         const authPath = path.join(this.dataDir, "hub-auth.json");
@@ -2398,6 +2482,31 @@ export class ViewerServer {
     });
   }
 
+  /** Badge-only: clear Client team-share UI metadata when Hub admin removes that memory. Does NOT touch chunks, embeddings, or hub_memories (recall paths). */
+  private handleSyncHubRemoval(req: http.IncomingMessage, res: http.ServerResponse): void {
+    this.readBody(req, (body) => {
+      try {
+        const parsed = JSON.parse(body || "{}");
+        const sourceChunkId = String(parsed.sourceChunkId || "");
+        const memoryIdFromNotif = parsed.memoryId != null && parsed.memoryId !== "" ? String(parsed.memoryId) : "";
+        if (!sourceChunkId) return this.jsonResponse(res, { ok: false, error: "missing_source_chunk_id" }, 400);
+        // Admin removal notifications stay in the feed; if the user re-shared, team_shared_chunks has a new hub_memory_id.
+        // Only clear the badge when this notification refers to the same Hub row we still track (or no id — legacy).
+        if (memoryIdFromNotif) {
+          const current = this.store.getTeamSharedChunk(sourceChunkId);
+          const curId = current?.hubMemoryId ? String(current.hubMemoryId) : "";
+          if (curId && curId !== memoryIdFromNotif) {
+            return this.jsonResponse(res, { ok: true, sourceChunkId, skipped: true, reason: "stale_notification_re_shared" });
+          }
+        }
+        this.store.deleteTeamSharedChunk(sourceChunkId);
+        this.jsonResponse(res, { ok: true, sourceChunkId });
+      } catch (e) {
+        this.jsonResponse(res, { ok: false, error: String(e) }, 500);
+      }
+    });
+  }
+
   private handleNotifSSE(req: http.IncomingMessage, res: http.ServerResponse): void {
     res.writeHead(200, {
       "Content-Type": "text/event-stream",
@@ -2408,6 +2517,7 @@ export class ViewerServer {
     res.write("data: {\"type\":\"connected\"}\n\n");
     this.notifSSEClients.push(res);
     if (!this.notifPollTimer) this.startNotifPoll();
+    else this.notifPollImmediate();
     req.on("close", () => {
       this.notifSSEClients = this.notifSSEClients.filter((c) => c !== res);
       if (this.notifSSEClients.length === 0) this.stopNotifPoll();
@@ -2443,6 +2553,20 @@ export class ViewerServer {
     if (this.notifPollTimer) { clearInterval(this.notifPollTimer); this.notifPollTimer = undefined; }
   }
 
+  private notifPollImmediate(): void {
+    const hub = this.resolveHubConnection();
+    if (!hub) return;
+    hubRequestJson(hub.hubUrl, hub.userToken, "/api/v1/hub/notifications?unread=1")
+      .then((data: any) => {
+        const count = data?.unreadCount ?? 0;
+        if (count !== this.lastKnownNotifCount) {
+          this.lastKnownNotifCount = count;
+          this.broadcastNotifSSE({ type: "update", unreadCount: count });
+        }
+      })
+      .catch(() => {});
+  }
+
   private startHubHeartbeat(): void {
     this.stopHubHeartbeat();
     const sendHeartbeat = async () => {
@@ -2560,12 +2684,14 @@ export class ViewerServer {
           if (merged.role === "client" && merged.client) {
             const clientCfg = merged.client as Record<string, unknown>;
             const addr = String(clientCfg.hubAddress || "");
-            if (addr) {
+            if (addr && oldSharingRole === "hub" && oldSharingEnabled) {
+              const selfHubPort = (oldSharing?.hub as Record<string, unknown>)?.port ?? 18800;
               const localIPs = this.getLocalIPs();
               localIPs.push("127.0.0.1", "localhost", "0.0.0.0");
               try {
                 const u = new URL(addr.startsWith("http") ? addr : `http://${addr}`);
-                if (localIPs.includes(u.hostname)) {
+                const targetPort = u.port || (u.protocol === "https:" ? "443" : "80");
+                if (localIPs.includes(u.hostname) && targetPort === String(selfHubPort)) {
                   res.writeHead(400, { "Content-Type": "application/json" });
                   res.end(JSON.stringify({ error: "cannot_join_self" }));
                   return;
@@ -2590,25 +2716,27 @@ export class ViewerServer {
           const wasClient = oldSharingEnabled && oldSharingRole === "client";
           const isClient = newEnabled && newRole === "client";
           if (wasClient && !isClient) {
-            this.notifyHubLeave();
+            await this.withdrawOrLeaveHub();
             this.store.clearClientHubConnection();
-            this.log.info("Cleared client hub connection (sharing disabled or role changed)");
+            this.log.info("Client hub connection cleared (sharing disabled or role changed)");
           }
 
-          // Detect switching to a different Hub while still in client mode
           if (wasClient && isClient) {
             const newClientAddr = String((merged.client as Record<string, unknown>)?.hubAddress || "");
             if (newClientAddr && oldClientHubAddress && normalizeHubUrl(newClientAddr) !== normalizeHubUrl(oldClientHubAddress)) {
               this.notifyHubLeave();
-              this.store.clearClientHubConnection();
-              this.log.info("Cleared client hub connection (switched to different Hub)");
+              const oldConn = this.store.getClientHubConnection();
+              if (oldConn) {
+                this.store.setClientHubConnection({ ...oldConn, hubUrl: normalizeHubUrl(newClientAddr), userToken: "", lastKnownStatus: "hub_changed" });
+              }
+              this.log.info("Client hub connection token cleared (switched to different Hub), identity preserved");
             }
           }
 
           if (merged.role === "hub") {
             merged.client = { hubAddress: "", userToken: "", teamToken: "" };
           } else if (merged.role === "client") {
-            merged.hub = { port: 18800, teamName: "", teamToken: "" };
+            merged.hub = { teamName: "", teamToken: "" };
           }
           config.sharing = merged;
         }
@@ -2618,13 +2746,25 @@ export class ViewerServer {
         this.log.info("Plugin config updated via Viewer");
         this.stopHubHeartbeat();
 
-        // When switching to client mode, immediately send join request
+        // When switching to client mode or re-enabling sharing as client, send join request
         const finalSharing = config.sharing as Record<string, unknown> | undefined;
-        if (finalSharing?.role === "client" && oldSharingRole !== "client") {
-          this.autoJoinOnSave(finalSharing).catch(e => this.log.warn(`Auto-join on save failed: ${e}`));
+        const nowClient = Boolean(finalSharing?.enabled) && finalSharing?.role === "client";
+        const previouslyClient = oldSharingEnabled && oldSharingRole === "client";
+        let joinStatus: string | undefined;
+        if (nowClient && !previouslyClient) {
+          try {
+            joinStatus = await this.autoJoinOnSave(finalSharing);
+          } catch (e) {
+            this.log.warn(`Auto-join on save failed: ${e}`);
+          }
         }
 
-        this.jsonResponse(res, { ok: true });
+        this.jsonResponse(res, { ok: true, joinStatus, restart: true });
+
+        setTimeout(() => {
+          this.log.info("config-save: triggering gateway restart via SIGUSR1...");
+          try { process.kill(process.pid, "SIGUSR1"); } catch (sig) { this.log.warn(`SIGUSR1 failed: ${sig}`); }
+        }, 500);
       } catch (e) {
         this.log.warn(`handleSaveConfig error: ${e}`);
         res.writeHead(500, { "Content-Type": "application/json" });
@@ -2633,20 +2773,23 @@ export class ViewerServer {
     });
   }
 
-  private async autoJoinOnSave(sharing: Record<string, unknown>): Promise<void> {
+  private async autoJoinOnSave(sharing: Record<string, unknown>): Promise<string | undefined> {
     const clientCfg = sharing.client as Record<string, unknown> | undefined;
     const hubAddress = String(clientCfg?.hubAddress || "");
     const teamToken = String(clientCfg?.teamToken || "");
-    if (!hubAddress || !teamToken) return;
+    if (!hubAddress || !teamToken) return undefined;
     const hubUrl = normalizeHubUrl(hubAddress);
     const os = await import("os");
     const nickname = String(clientCfg?.nickname || "");
     const username = nickname || os.userInfo().username || "user";
     const hostname = os.hostname() || "unknown";
+    const persisted = this.store.getClientHubConnection();
+    const existingIdentityKey = persisted?.identityKey || "";
     const result = await hubRequestJson(hubUrl, "", "/api/v1/hub/join", {
       method: "POST",
-      body: JSON.stringify({ teamToken, username, deviceName: hostname }),
+      body: JSON.stringify({ teamToken, username, deviceName: hostname, identityKey: existingIdentityKey }),
     }) as any;
+    const returnedIdentityKey = String(result.identityKey || existingIdentityKey || "");
     this.store.setClientHubConnection({
       hubUrl,
       userId: String(result.userId || ""),
@@ -2654,11 +2797,49 @@ export class ViewerServer {
       userToken: result.userToken || "",
       role: "member",
       connectedAt: Date.now(),
+      identityKey: returnedIdentityKey,
+      lastKnownStatus: result.status || "",
     });
     this.log.info(`Auto-join on save: status=${result.status}, userId=${result.userId}`);
     if (result.userToken) {
       this.startHubHeartbeat();
     }
+    return result.status;
+  }
+
+  private handleLeaveTeam(_req: http.IncomingMessage, res: http.ServerResponse): void {
+    this.readBody(_req, async () => {
+      try {
+        await this.withdrawOrLeaveHub();
+        this.store.clearClientHubConnection();
+
+        const configPath = this.getOpenClawConfigPath();
+        if (configPath && fs.existsSync(configPath)) {
+          const raw = JSON.parse(fs.readFileSync(configPath, "utf8"));
+          const pluginKey = Object.keys(raw.plugins?.entries ?? {}).find(k => k.includes("memos-local"));
+          if (pluginKey) {
+            const cfg = raw.plugins.entries[pluginKey].config ?? {};
+            if (cfg.sharing) {
+              cfg.sharing.enabled = false;
+              cfg.sharing.client = { hubAddress: "", userToken: "", teamToken: "" };
+            }
+            raw.plugins.entries[pluginKey].config = cfg;
+            fs.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
+            this.log.info("handleLeaveTeam: config updated, sharing disabled");
+          }
+        }
+
+        this.jsonResponse(res, { ok: true, restart: true });
+
+        setTimeout(() => {
+          this.log.info("handleLeaveTeam: triggering gateway restart via SIGUSR1...");
+          try { process.kill(process.pid, "SIGUSR1"); } catch (sig) { this.log.warn(`SIGUSR1 failed: ${sig}`); }
+        }, 500);
+      } catch (e) {
+        this.log.warn(`handleLeaveTeam error: ${e}`);
+        this.jsonResponse(res, { ok: false, error: String(e) });
+      }
+    });
   }
 
   private async notifyHubLeave(): Promise<void> {
@@ -2679,11 +2860,49 @@ export class ViewerServer {
     }
   }
 
+  private async withdrawOrLeaveHub(): Promise<void> {
+    try {
+      const persisted = this.store.getClientHubConnection();
+      const sharing = this.ctx?.config?.sharing;
+
+      if (persisted?.userToken && persisted?.hubUrl) {
+        await hubRequestJson(persisted.hubUrl, persisted.userToken, "/api/v1/hub/leave", { method: "POST" });
+        this.log.info("Notified Hub of voluntary leave (had token)");
+        return;
+      }
+
+      const hub = this.resolveHubConnection();
+      if (hub?.userToken) {
+        await hubRequestJson(hub.hubUrl, hub.userToken, "/api/v1/hub/leave", { method: "POST" });
+        this.log.info("Notified Hub of voluntary leave (resolved connection)");
+        return;
+      }
+
+      const hubUrl = persisted?.hubUrl || (sharing?.client?.hubAddress ? normalizeHubUrl(sharing.client.hubAddress) : null);
+      const userId = persisted?.userId;
+      const teamToken = sharing?.client?.teamToken;
+      if (hubUrl && userId && teamToken) {
+        const withdrawUrl = `${normalizeHubUrl(hubUrl)}/api/v1/hub/withdraw-pending`;
+        await fetch(withdrawUrl, {
+          method: "POST",
+          headers: { "content-type": "application/json" },
+          body: JSON.stringify({ teamToken, userId }),
+        });
+        this.log.info("Withdrew pending application from Hub");
+        return;
+      }
+
+      this.log.info("No hub connection to clean up (no token, no pending)");
+    } catch (e) {
+      this.log.warn(`Failed to withdraw/leave Hub: ${e}`);
+    }
+  }
+
   private async notifyHubShutdown(): Promise<void> {
     try {
       const sharing = this.ctx?.config.sharing;
       if (!sharing || sharing.role !== "hub") return;
-      const hubPort = sharing.hub?.port ?? 18800;
+      const hubPort = this.getHubPort();
       const authPath = path.join(this.dataDir, "hub-auth.json");
       let adminToken: string | undefined;
       try {
@@ -2741,10 +2960,10 @@ export class ViewerServer {
               this.log.warn(`Failed to update hub-auth.json: ${e}`);
             }
           } else {
-            const persisted = this.store.getClientHubConnection();
-            if (persisted) {
+            const persistedConn = this.store.getClientHubConnection();
+            if (persistedConn) {
               this.store.setClientHubConnection({
-                ...persisted,
+                ...persistedConn,
                 username: result.username,
                 userToken: result.userToken,
               });
@@ -2768,12 +2987,17 @@ export class ViewerServer {
         const { hubUrl } = JSON.parse(body);
         if (!hubUrl) { this.jsonResponse(res, { ok: false, error: "hubUrl is required" }); return; }
         try {
-          const localIPs = this.getLocalIPs();
-          localIPs.push("127.0.0.1", "localhost", "0.0.0.0");
-          const parsed = new URL(hubUrl.startsWith("http") ? hubUrl : `http://${hubUrl}`);
-          if (localIPs.includes(parsed.hostname)) {
-            this.jsonResponse(res, { ok: false, error: "cannot_join_self" });
-            return;
+          const sharing = this.ctx?.config?.sharing;
+          if (sharing?.enabled && sharing.role === "hub") {
+            const selfHubPort = this.getHubPort();
+            const localIPs = this.getLocalIPs();
+            localIPs.push("127.0.0.1", "localhost", "0.0.0.0");
+            const parsed = new URL(hubUrl.startsWith("http") ? hubUrl : `http://${hubUrl}`);
+            const targetPort = parsed.port || (parsed.protocol === "https:" ? "443" : "80");
+            if (localIPs.includes(parsed.hostname) && targetPort === String(selfHubPort)) {
+              this.jsonResponse(res, { ok: false, error: "cannot_join_self" });
+              return;
+            }
           }
         } catch {}
         const url = hubUrl.replace(/\/+$/, "") + "/api/v1/hub/info";
@@ -3011,10 +3235,9 @@ export class ViewerServer {
                   this.log.info(`update-install: success! Updated to ${newVersion}`);
                   this.jsonResponse(res, { ok: true, version: newVersion });
 
-                  // Trigger Gateway restart after response is sent
                   setTimeout(() => {
-                    this.log.info(`update-install: triggering gateway restart...`);
-                    process.kill(process.pid, "SIGUSR1");
+                    this.log.info(`update-install: triggering gateway restart via SIGUSR1...`);
+                    try { process.kill(process.pid, "SIGUSR1"); } catch (sig) { this.log.warn(`SIGUSR1 failed: ${sig}`); }
                   }, 500);
                 });
               });
@@ -3196,7 +3419,7 @@ export class ViewerServer {
     try {
       const ocHome = this.getOpenClawHome();
       const memoryDir = path.join(ocHome, "memory");
-      const sessionsDir = path.join(ocHome, "agents", "main", "sessions");
+      const agentsDir = path.join(ocHome, "agents");
 
       const sqliteFiles: Array<{ file: string; chunks: number }> = [];
       if (fs.existsSync(memoryDir)) {
@@ -3215,31 +3438,36 @@ export class ViewerServer {
 
       let sessionCount = 0;
       let messageCount = 0;
-      if (fs.existsSync(sessionsDir)) {
-        const jsonlFiles = fs.readdirSync(sessionsDir).filter(f => f.includes(".jsonl"));
-        sessionCount = jsonlFiles.length;
-        for (const f of jsonlFiles) {
-          try {
-            const content = fs.readFileSync(path.join(sessionsDir, f), "utf-8");
-            const lines = content.split("\n").filter(l => l.trim());
-            for (const line of lines) {
-              try {
-                const obj = JSON.parse(line);
-                if (obj.type === "message") {
-                  const role = obj.message?.role ?? obj.role;
-                  if (role === "user" || role === "assistant") {
-                    const mc = obj.message?.content ?? obj.content;
-                    let txt = "";
-                    if (typeof mc === "string") txt = mc;
-                    else if (Array.isArray(mc)) txt = mc.filter((p: any) => p.type === "text" && p.text).map((p: any) => p.text).join("\n");
-                    else txt = JSON.stringify(mc);
-                    if (role === "user") txt = stripInboundMetadata(txt);
-                    if (txt && txt.length >= 10) messageCount++;
+      if (fs.existsSync(agentsDir)) {
+        for (const entry of fs.readdirSync(agentsDir, { withFileTypes: true })) {
+          if (!entry.isDirectory()) continue;
+          const sessDir = path.join(agentsDir, entry.name, "sessions");
+          if (!fs.existsSync(sessDir)) continue;
+          const jsonlFiles = fs.readdirSync(sessDir).filter(f => f.includes(".jsonl"));
+          sessionCount += jsonlFiles.length;
+          for (const f of jsonlFiles) {
+            try {
+              const content = fs.readFileSync(path.join(sessDir, f), "utf-8");
+              const lines = content.split("\n").filter(l => l.trim());
+              for (const line of lines) {
+                try {
+                  const obj = JSON.parse(line);
+                  if (obj.type === "message") {
+                    const role = obj.message?.role ?? obj.role;
+                    if (role === "user" || role === "assistant") {
+                      const mc = obj.message?.content ?? obj.content;
+                      let txt = "";
+                      if (typeof mc === "string") txt = mc;
+                      else if (Array.isArray(mc)) txt = mc.filter((p: any) => p.type === "text" && p.text).map((p: any) => p.text).join("\n");
+                      else txt = JSON.stringify(mc);
+                      if (role === "user") txt = stripInboundMetadata(txt);
+                      if (txt && txt.length >= 10) messageCount++;
+                    }
                   }
-                }
-              } catch { /* skip bad lines */ }
-            }
-          } catch { /* skip unreadable */ }
+                } catch { /* skip bad lines */ }
+              }
+            } catch { /* skip unreadable */ }
+          }
         }
       }