npm - @totalreclaw/totalreclaw - Versions diffs - 3.3.4-rc.2 → 3.3.6-rc.1 - Mend

@totalreclaw/totalreclaw 3.3.4-rc.2 → 3.3.6-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,66 @@ All notable changes to `@totalreclaw/totalreclaw` (the OpenClaw plugin) are docu
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [3.3.6-rc.1] — 2026-05-01
+Patch wave from Pedro's second QA cycle on 3.3.5-rc.1.
+### Fixed — `/new` fallback regression from PR #175
+PR #175 told the agent to suggest `/new` when `/restart` returned "not authorized". Pedro QA observed that this backfires: `/new` wipes the chat context, the agent forgets it was mid-install, treats the user's next message as a fresh install request, retries from scratch, and re-trips the scanner block on the partial-install dir.
+Removed `/new` as a fallback for `/restart` failures from `skill/plugin/SKILL.md` and `docs/guides/openclaw-setup.md`. The only correct response when `/restart` is unauthorized is to surface the verbatim user-facing fix (`jq` + `docker restart`) and wait for `done`.
+### Removed — `preinstall` script (`.tr-partial-install` marker write)
+`skill/plugin/package.json::scripts.preinstall` was a `node -e` shell-exec that wrote a `.tr-partial-install` marker file at npm-install time. Removed entirely.
+Why this is safe:
+- OpenClaw's `openclaw plugins install` invokes `npm install --ignore-scripts`, so the `preinstall` script literally never fired in the canonical install path. The marker write was already dead code in the OpenClaw flow.
+- `preinstall` ran via `node -e "require('fs').writeFileSync(...)"` — a node-eval shell-exec pattern that, while not flagged by the OpenClaw scanner today (the scanner does not inspect `package.json`), was a latent risk if the scanner spec ever extends to lifecycle scripts.
+- The runtime canonical signal for partial-install detection is `dist/index.js` missing (Rule 5 in `fs-helpers.ts::detectPartialInstall`). The marker file (Rule 4) was a redundant second-line check; its absence does not weaken detection.
+- `clearPartialInstallMarker()` in `index.ts::register()` is idempotent and returns `false` when the marker is absent — no behavioral change for clean installs.
+- Helpers `writePartialInstallMarker()` / `clearPartialInstallMarker()` remain exported for backward compat and for legacy installs that may have a stale marker on disk.
+Tests preserved unchanged: `partial-install-detection.test.ts`, `install-reload-idempotency.test.ts`, `install-staging-cleanup.test.ts`, and `fs-helpers.test.ts` all still exercise the helper round-trip without depending on the npm script.
+### Added — top-level `tools` array in `skill/plugin/skill.json`
+Per PR #154 / #185, `totalreclaw_pair` is declared at the skill layer in `openclaw.tools` so it appears in the registry catalog independent of plugin runtime register(). Added a top-level `tools` array as a defensive companion (mirrors the `openclaw.tools` entries with a `handler: "./dist/index.js"` pointer to the runtime impl) for any tool resolver that reads top-level `tools` rather than `openclaw.tools`.
+Caveat: based on inspection of OpenClaw 2026.3.x reference plugins (`extensions/llm-task`, `extensions/memory-core`), OpenClaw itself does not currently parse `skill.json` at install time — tool binding happens via runtime `api.registerTool()`. The skill-layer declaration mechanism may not solve the post-install tool-binding race on its own; upstream OpenClaw work is required for an auto-refresh of the agent toolset on plugin load. Tracked separately by Pedro's research agent.
+## [3.3.5-rc.1] — 2026-04-30
+UX bundle from Pedro's QA on 3.3.4-rc.2:
+- **Drop the "yes/no" consent gate before pair setup.** The yes-gate was added
+  in PR #160's safety-tone rewrite to give safety-trained agents an explicit
+  green light before account creation. In practice the user already consents
+  by pasting "Install TotalReclaw" + the canonical URL, and the URL+PIN handed
+  back from `totalreclaw_pair` is the real consent moment (the user has to
+  open the page in their browser to proceed). The extra gate added friction
+  for zero security benefit. Removed from `skill/plugin/SKILL.md`,
+  `skill/SKILL.md`, and `docs/guides/openclaw-setup.md`. The Hermes guide
+  retains its own gate (handled separately).
+- **Tighten silence rules to suppress chat-channel mid-edit churn.** OpenClaw's
+  Telegram channel edits the bot's messages live as the agent's tool calls
+  progress, so every "Let me check…" / "Plugin loaded. Let me verify…" /
+  "I'll now…" line shows up to the user as visible edit churn even if the
+  transport later "deletes" or rewrites it. Added a top-level rule at the
+  start of SKILL.md: "Emit ONLY the user-visible lines. Do not narrate tool
+  calls. Do not describe what you're doing or about to do." Strengthened the
+  forbidden-vocabulary deny-list with the exact patterns Pedro saw in his
+  QA today. Re-stated the canonical user-visible line set as 5–6 lines
+  TOTAL.
+- **Strengthen `/restart` instructions.** Pedro's chat agent on rc.4-rc.2
+  again said "I need permission to restart" instead of issuing the slash
+  command — same anti-pattern that PR #163 / #173 / #174 tried to suppress.
+  Made the SKILL.md instruction more imperative and concrete: "Your IMMEDIATE
+  next message must be the literal slash command `/restart` — nothing else."
+  Added explicit "Do not propose alternatives" guidance for the unauthorized
+  fallback path. Mirrored in `docs/guides/openclaw-setup.md`.
 ## [3.3.3-rc.1] — 2026-04-30
 Combined RC bundle:

package/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 name: totalreclaw
 description: "Install + set up TotalReclaw encrypted memory for OpenClaw, then use totalreclaw_remember / totalreclaw_recall. Trigger on 'install TotalReclaw', 'set up TotalReclaw', 'restore my recovery phrase', or any remember / recall request."
-version: 3.3.4-rc.2
+version: 3.3.6-rc.1
 author: TotalReclaw Team
 license: MIT
 homepage: https://totalreclaw.xyz
@@ -26,11 +26,35 @@ metadata:
 > The canonical install flow lives at <https://github.com/p-diogo/totalreclaw/blob/main/docs/guides/openclaw-setup.md>. If a user pastes that URL in chat, fetch it and follow its agent-instructions section. This SKILL.md mirrors the same steps so you can act even if the URL is unreachable.
+## Top-level rule (read this before anything else)
+**Emit ONLY the user-visible lines listed below. Do not narrate tool calls. Do not describe what you're doing or about to do. Errors are the only allowed deviation, and only as a single tight line.** The expected user-facing transcript for a healthy install is **5–6 short lines TOTAL** (lines 1, 2, 5, 6 always; lines 3 and 4 only if the corresponding condition fires). Anything more is a SKILL violation. Telegram and similar transports edit the bot's messages live as your tool calls progress — every interim "Let me check…" / "Plugin loaded. Let me verify…" line shows up to the user as awkward edit churn, even if you "delete" it. The fix is to never emit it in the first place.
+## User-visible line set (THIS IS ALL YOU SAY)
+Speak only these lines, in order. Substitute the bracketed placeholders with the real values. No prefaces. No suffixes. No narration.
+1. (start of install)
+   > Installing TotalReclaw…
+2. (after install + auto-reload + `totalreclaw_pair` is bound)
+   > ✓ Installed (totalreclaw &lt;version&gt;)
+3. (optional — only if auto-reload didn't fire and you need to issue `/restart`)
+   > Restarting OpenClaw to load the plugin…
+4. (optional — only if you successfully disabled the built-in memory tool to prevent dual-write)
+   > Disabled built-in memory tool.
+5. (account-setup URL + PIN, immediately after `totalreclaw_pair` returns)
+   > Open &lt;url&gt; in your browser. Enter PIN &lt;pin&gt;. Generate or paste a 12-word recovery phrase. Reply `done` once it's sealed.
+6. (done + free-tier confirmation)
+   > ✓ You're set up on the TotalReclaw free tier — 500 memories/month, unlimited reads. https://totalreclaw.xyz/pricing. Ask me to remember anything.
+If existing credentials are detected (step "Check for existing credentials" below), emit ONLY this line and stop:
+   > ✓ TotalReclaw is already set up.
 ## Setup flow
 If `totalreclaw_*` tools are already bound to your toolset, SKIP install and jump to step 4. Otherwise run all steps in order.
-1. **Install plugin first, skill second.** Run via your shell tool, in this exact order:
+1. **Install plugin first, skill second (silent — emit user-visible line 1 once at the start, then no prose until line 2).** Run via your shell tool, in this exact order:
    ```
    openclaw plugins install @totalreclaw/totalreclaw
    openclaw skills install totalreclaw
@@ -39,26 +63,39 @@ If `totalreclaw_*` tools are already bound to your toolset, SKIP install and jum
    If either shell call fails with `command not found` / ENOENT / "not authorized" (managed-service or shell-restricted environment), tell the user verbatim *"Your environment doesn't expose the OpenClaw CLI to me. Please install `totalreclaw` from your service's plugins / skills UI, then reply `done`."* Wait for `done` and skip to step 3.
-2. **Wait for auto-reload — then issue `/restart` autonomously if needed.** OpenClaw's default config (`gateway.reload.mode = "hybrid"`) auto-restarts the gateway via a file-watcher within 1-3 seconds. Wait ~5s, then run `openclaw plugins list | grep totalreclaw` and confirm `totalreclaw_pair` is in your toolset.
+2. **Wait for auto-reload — then issue `/restart` autonomously if needed (silent — emit user-visible line 2 on success, line 3 only if you had to restart).** OpenClaw's default config (`gateway.reload.mode = "hybrid"`) auto-restarts the gateway via a file-watcher within 1-3 seconds. Wait ~5s, then run `openclaw plugins list | grep totalreclaw` and confirm `totalreclaw_pair` is in your toolset. When bound, emit user-visible line 2 and proceed.
+   **If `totalreclaw_pair` is NOT visible after 10s — restart imperative (read carefully):**
+   > Your IMMEDIATE next message must be the literal slash command `/restart` — nothing else. Do not narrate. Do not ask permission. Do not describe what `/restart` does. Do not propose alternatives. Just send `/restart`. You may emit user-visible line 3 (`Restarting OpenClaw to load the plugin…`) ONCE in the same turn, then issue `/restart`. Nothing else.
+   `/restart` is in-process — it drains active runs cleanly; your shell is NOT shelling out to `docker restart` or `openclaw gateway restart` (those would suicide the host). After `/restart`, wait ~3s and re-run `openclaw plugins list`.
-   **If `totalreclaw_pair` is NOT visible after 10s:** issue OpenClaw's built-in `/restart` slash-command immediately and silently. **DO NOT ask the user "should I restart" / "do you want me to restart" / "let me check if the tool is bound" — just issue `/restart` and announce "Reloading gateway..." once.** This is in-process and drains active runs cleanly; your shell is NOT shelling out to `docker restart` or `openclaw gateway restart` (which would suicide the host). After `/restart`, wait ~3s and re-run `openclaw plugins list`.
+   **If `/restart` returns "You are not authorized to use this command":** surface this verbatim and stop. Do NOT loop `/restart` calls. Do NOT propose alternatives.
-   **If `/restart` returns "You are not authorized to use this command":** the gateway's `channels.<your-channel>.allowFrom` allowlist is empty. **Do NOT keep retrying.** Surface this one-line user-facing fix and stop:
+   > Your Telegram channel needs `allowFrom` configured. Run on your host: `jq '.channels.<channel>.allowFrom = ["<your-id>"]' ~/.openclaw/openclaw.json | sponge ~/.openclaw/openclaw.json && docker restart <your-container-name>`. Substitute `<channel>` (e.g. `telegram`, `slack`), `<your-id>` (Telegram: `@username` or numeric `chat_id`; Slack: workspace member ID), and `<your-container-name>` (`docker ps` shows it). For non-Docker installs substitute `openclaw gateway restart` for the `docker restart` portion. On a managed service, ask the service's support to enable slash commands. Reply `done` after.
-   > Your channel needs to be allowlisted for slash commands. Run on the gateway host: `jq '.channels.<channel>.allowFrom = ["<your-id>"]' ~/.openclaw/openclaw.json | sponge ~/.openclaw/openclaw.json && docker restart <your-container-name>` (Docker self-host) — substitute `<channel>` with your channel name (e.g. `telegram`, `slack`), `<your-id>` with your user ID for that channel (Telegram: `@username` or numeric `chat_id`; Slack: workspace member ID), and `<your-container-name>` with your gateway container name (`docker ps` shows it). On a managed service, ask the service's support to enable slash commands for your channel. Reply `done` once it's back up.
+   Then wait for `done`. Do NOT retry the install. Do NOT keep restarting. Do NOT issue `/new` — it wipes the chat context, the agent forgets it was mid-install, and the user's next message is treated as a fresh install request which retries from scratch and re-trips the scanner block (Pedro QA, 3.3.5-rc.1).
-   For non-Docker / native deployments substitute `openclaw gateway restart` for the `docker restart` portion. As a session-level fallback while restart is gated, try `/new` (starts a fresh session within the same gateway process, may pick up freshly-bound tools without a full restart).
+   **Forbidden vocabulary** (these are anti-patterns — they show up to the user even if your transport edits them later, and they violate the silence rule):
+   - "Let me check that…"
+   - "Plugin loaded. Let me verify…"
+   - "I'll now…"
+   - "Quick fix…"
+   - "However, I don't see…"
+   - "I need to use…"
+   - "Should I /restart" / "Do you have a public URL" / "Want me to restart" / "Let me check if the tool is bound" / "I need permission to restart"
+   - "Now installing…" / "Got it" / "In parallel…" / "Step 1a/1b/1c"
-   **Forbidden vocabulary** (these are anti-patterns when a tool is missing post-install): "Should I /restart", "Do you have a public URL", "Want me to restart", "Let me check if the tool is bound", "I need permission to restart". Just issue `/restart` immediately and announce.
+   Substitute all of these with silence — the next user-visible line in the set, or nothing.
 3. **Verify `totalreclaw_pair` is bound.** If still missing after `/restart` (or after the user fixed allowFrom and said `done`), tell them the restart didn't take effect and ask them to retry. Do not loop the install.
-4. **Check for existing credentials.** Run `test -s ~/.totalreclaw/credentials.json`. If it exists and is non-empty, confirm *"TotalReclaw is already set up."* and stop.
+4. **Check for existing credentials (silent unless found).** Run `test -s ~/.totalreclaw/credentials.json`. If it exists and is non-empty, emit *"✓ TotalReclaw is already set up."* and stop.
-5. **Set up the user's TotalReclaw account.** Tell the user: *"I'll walk you through setting up your TotalReclaw account."* Then call `totalreclaw_pair` (the account-setup tool — name kept for backward compatibility). Returns `{url, pin, qr_ascii, qr_png_b64, qr_unicode, expires_at_ms}` (see "Rendering the QR" below). Relay verbatim:
-   > *Open <url> in your browser. Generate a new 12-word recovery phrase there or paste an existing one — the phrase stays in your browser, the relay only sees ciphertext. Confirm PIN <pin>. Reply `done` once the page says it's sealed.*
+5. **Set up the user's TotalReclaw account (emit user-visible line 5 once, after `totalreclaw_pair` returns).** Call `totalreclaw_pair` silently (the account-setup tool — name kept for backward compatibility). It returns `{url, pin, qr_ascii, qr_png_b64, qr_unicode, expires_at_ms}` (see "Rendering the QR" below). Then emit user-visible line 5 with `<url>` and `<pin>` substituted. Do not pre-narrate ("I'll walk you through…", "Setting up your account now…") — line 5 itself is the only thing the user needs to see. The URL + PIN itself is the real consent moment: surfacing them verbatim is what gives the user the chance to opt out by simply not opening the page.
-6. **Verify and confirm.** After user says `done`, re-run `test -s ~/.totalreclaw/credentials.json`. If missing, the PIN expired — call `totalreclaw_pair` again and resend. If present, confirm *"Your TotalReclaw account is set up. Ask me to remember or recall anything."*
+6. **Verify and confirm (silent until line 6).** After the user says `done`, re-run `test -s ~/.totalreclaw/credentials.json`. If missing, the PIN expired — call `totalreclaw_pair` again silently and resend line 5 once. If present, emit user-visible line 6 and stop.
 ## Rendering the QR on your transport (rc.5+)

package/dist/fs-helpers.js CHANGED Viewed

@@ -344,19 +344,23 @@ export function cleanupInstallStagingDirs(pluginDir, _now = Date.now) {
 // Partial-install detection (rc.22 finding #5)
 // ---------------------------------------------------------------------------
 /**
- * Marker filename written into the plugin directory at register-time. Its
- * presence means a prior install was interrupted before the plugin successfully
- * loaded — a confirmed-broken half-state that the next `openclaw plugins
- * install` retry can detect and clean.
- *
- * Conceptually the marker is dropped BEFORE npm install completes (the
- * complementary npm script removes it on success) and additionally
- * re-asserted at register-time as a second-line check. If you see this file
- * in `<extensionsDir>/totalreclaw/`, the install never reached register()
- * AND the marker drop wasn't undone.
- *
- * Constants are exported so the npm preinstall/cleanup scripts in
- * `package.json` use the same name as the runtime detector.
+ * Marker filename indicating a prior install was interrupted before the
+ * plugin successfully loaded — a confirmed-broken half-state that the next
+ * `openclaw plugins install` retry can detect and clean.
+ *
+ * 3.3.6-rc.1 (2026-05-01): the `preinstall` npm script that wrote this
+ * marker was removed. OpenClaw's `openclaw plugins install` invokes
+ * `npm install --ignore-scripts`, so the script never fired in the
+ * canonical install path anyway, and `node -e` shell-exec patterns are a
+ * latent scanner-spec risk. The runtime canonical signal for partial
+ * detection is now `dist/index.js` missing (Rule 5 in `detectPartialInstall`)
+ * — the marker (Rule 4) is a redundant second-line check that still works
+ * for legacy installs that may have a stale marker on disk.
+ *
+ * Helpers (`writePartialInstallMarker` / `clearPartialInstallMarker`) and
+ * the constant remain exported for backward compat and for any future
+ * mechanism that wants to reinstate marker writes (e.g. a runtime
+ * register-time write that is `--ignore-scripts`-safe).
  */
 export const PARTIAL_INSTALL_MARKER = '.tr-partial-install';
 /** Package name we own — used to confirm a directory is OUR plugin, not a stray. */
@@ -570,9 +574,12 @@ export function writePluginError(pluginDir, error) {
 /**
  * Drop the `.tr-partial-install` marker into `pluginRootDir`. Idempotent
  * (overwrites any existing marker) and best-effort — returns `true` on
- * success, `false` if the dir doesn't exist or write fails. Used by the
- * `preinstall` npm script and (defensively) by the runtime if the npm
- * preinstall/cleanup script pair did not fire.
+ * success, `false` if the dir doesn't exist or write fails.
+ *
+ * 3.3.6-rc.1 (2026-05-01): the `preinstall` npm script that previously
+ * called this (via `node -e`) was removed (see `PARTIAL_INSTALL_MARKER`
+ * doc-comment). The helper remains exported for backward compat and for
+ * any future runtime register-time marker mechanism.
  */
 export function writePartialInstallMarker(pluginRootDir) {
     try {
@@ -586,10 +593,11 @@ export function writePartialInstallMarker(pluginRootDir) {
     }
 }
 /**
- * Remove the partial-install marker. Called by the `postinstall` script and
- * (defensively) at register-time once we've confirmed the load succeeded.
- * Returns `true` if a marker was removed, `false` if there was nothing to
- * remove.
+ * Remove the partial-install marker. Called at register-time once we've
+ * confirmed the load succeeded — clears any stale marker left by a legacy
+ * install, since 3.3.6-rc.1 removed the `preinstall` script that used to
+ * write fresh markers. Returns `true` if a marker was removed, `false` if
+ * there was nothing to remove.
  */
 export function clearPartialInstallMarker(pluginRootDir) {
     try {

package/dist/index.js CHANGED Viewed

@@ -2476,13 +2476,17 @@ const plugin = {
                     });
                 }
                 // 3.3.1-rc.22 (rc.21 finding #5): self-heal partial-install marker.
-                // The `preinstall` npm script writes `.tr-partial-install`; clearing
-                // it has been the runtime's job since 3.3.3-rc.1 dropped postinstall.mjs
-                // (OpenClaw scanner blocked the install on the subprocess-spawn import
-                // — see 3.3.3-rc.1 PR). If we have gotten this far the loader did
-                // register us — meaning the install succeeded enough to be useful —
-                // so any lingering marker is stale. Clear it so the next retry's
-                // detector does not see a false positive.
+                // Clearing the marker has been the runtime's job since 3.3.3-rc.1
+                // dropped postinstall.mjs (OpenClaw scanner blocked the install on
+                // the subprocess-spawn import — see 3.3.3-rc.1 PR). 3.3.6-rc.1
+                // additionally dropped the `preinstall` npm script that wrote the
+                // marker (npm install --ignore-scripts meant it never fired in the
+                // canonical install path anyway, and `node -e` shell-exec is a
+                // latent scanner-spec risk). The clear call here remains valid for
+                // legacy installs that may have a stale marker on disk. If we have
+                // gotten this far the loader did register us — meaning the install
+                // succeeded enough to be useful — so any lingering marker is stale.
+                // Clear it so the next retry's detector does not see a false positive.
                 //
                 // 3.3.1-rc.22 (rc.21 finding #6) — gateway/reload upstream caveat:
                 // OpenClaw's config-watcher fires `gateway/reload` when

package/fs-helpers.ts CHANGED Viewed

@@ -393,19 +393,23 @@ export function cleanupInstallStagingDirs(
 // ---------------------------------------------------------------------------
 /**
- * Marker filename written into the plugin directory at register-time. Its
- * presence means a prior install was interrupted before the plugin successfully
- * loaded — a confirmed-broken half-state that the next `openclaw plugins
- * install` retry can detect and clean.
+ * Marker filename indicating a prior install was interrupted before the
+ * plugin successfully loaded — a confirmed-broken half-state that the next
+ * `openclaw plugins install` retry can detect and clean.
  *
- * Conceptually the marker is dropped BEFORE npm install completes (the
- * complementary npm script removes it on success) and additionally
- * re-asserted at register-time as a second-line check. If you see this file
- * in `<extensionsDir>/totalreclaw/`, the install never reached register()
- * AND the marker drop wasn't undone.
+ * 3.3.6-rc.1 (2026-05-01): the `preinstall` npm script that wrote this
+ * marker was removed. OpenClaw's `openclaw plugins install` invokes
+ * `npm install --ignore-scripts`, so the script never fired in the
+ * canonical install path anyway, and `node -e` shell-exec patterns are a
+ * latent scanner-spec risk. The runtime canonical signal for partial
+ * detection is now `dist/index.js` missing (Rule 5 in `detectPartialInstall`)
+ * — the marker (Rule 4) is a redundant second-line check that still works
+ * for legacy installs that may have a stale marker on disk.
  *
- * Constants are exported so the npm preinstall/cleanup scripts in
- * `package.json` use the same name as the runtime detector.
+ * Helpers (`writePartialInstallMarker` / `clearPartialInstallMarker`) and
+ * the constant remain exported for backward compat and for any future
+ * mechanism that wants to reinstate marker writes (e.g. a runtime
+ * register-time write that is `--ignore-scripts`-safe).
  */
 export const PARTIAL_INSTALL_MARKER = '.tr-partial-install';
@@ -666,9 +670,12 @@ export function writePluginError(
 /**
  * Drop the `.tr-partial-install` marker into `pluginRootDir`. Idempotent
  * (overwrites any existing marker) and best-effort — returns `true` on
- * success, `false` if the dir doesn't exist or write fails. Used by the
- * `preinstall` npm script and (defensively) by the runtime if the npm
- * preinstall/cleanup script pair did not fire.
+ * success, `false` if the dir doesn't exist or write fails.
+ *
+ * 3.3.6-rc.1 (2026-05-01): the `preinstall` npm script that previously
+ * called this (via `node -e`) was removed (see `PARTIAL_INSTALL_MARKER`
+ * doc-comment). The helper remains exported for backward compat and for
+ * any future runtime register-time marker mechanism.
  */
 export function writePartialInstallMarker(pluginRootDir: string): boolean {
   try {
@@ -681,10 +688,11 @@ export function writePartialInstallMarker(pluginRootDir: string): boolean {
 }
 /**
- * Remove the partial-install marker. Called by the `postinstall` script and
- * (defensively) at register-time once we've confirmed the load succeeded.
- * Returns `true` if a marker was removed, `false` if there was nothing to
- * remove.
+ * Remove the partial-install marker. Called at register-time once we've
+ * confirmed the load succeeded — clears any stale marker left by a legacy
+ * install, since 3.3.6-rc.1 removed the `preinstall` script that used to
+ * write fresh markers. Returns `true` if a marker was removed, `false` if
+ * there was nothing to remove.
  */
 export function clearPartialInstallMarker(pluginRootDir: string): boolean {
   try {

package/index.ts CHANGED Viewed

@@ -3043,13 +3043,17 @@ const plugin = {
       }
       // 3.3.1-rc.22 (rc.21 finding #5): self-heal partial-install marker.
-      // The `preinstall` npm script writes `.tr-partial-install`; clearing
-      // it has been the runtime's job since 3.3.3-rc.1 dropped postinstall.mjs
-      // (OpenClaw scanner blocked the install on the subprocess-spawn import
-      // — see 3.3.3-rc.1 PR). If we have gotten this far the loader did
-      // register us — meaning the install succeeded enough to be useful —
-      // so any lingering marker is stale. Clear it so the next retry's
-      // detector does not see a false positive.
+      // Clearing the marker has been the runtime's job since 3.3.3-rc.1
+      // dropped postinstall.mjs (OpenClaw scanner blocked the install on
+      // the subprocess-spawn import — see 3.3.3-rc.1 PR). 3.3.6-rc.1
+      // additionally dropped the `preinstall` npm script that wrote the
+      // marker (npm install --ignore-scripts meant it never fired in the
+      // canonical install path anyway, and `node -e` shell-exec is a
+      // latent scanner-spec risk). The clear call here remains valid for
+      // legacy installs that may have a stale marker on disk. If we have
+      // gotten this far the loader did register us — meaning the install
+      // succeeded enough to be useful — so any lingering marker is stale.
+      // Clear it so the next retry's detector does not see a false positive.
       //
       // 3.3.1-rc.22 (rc.21 finding #6) — gateway/reload upstream caveat:
       // OpenClaw's config-watcher fires `gateway/reload` when

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@totalreclaw/totalreclaw",
-  "version": "3.3.4-rc.2",
+  "version": "3.3.6-rc.1",
   "description": "End-to-end encrypted, agent-portable memory for OpenClaw and any LLM-agent runtime. XChaCha20-Poly1305 with protobuf v4 + on-chain Memory Taxonomy v1 (claim / preference / directive / commitment / episode / summary).",
   "type": "module",
   "keywords": [
@@ -70,7 +70,6 @@
     "check-version-drift": "node ../scripts/check-version-drift.mjs",
     "check-url-binding": "node ../scripts/check-url-binding.mjs",
     "sync-version": "node ../scripts/sync-version.mjs",
-    "preinstall": "node -e \"try{require('fs').writeFileSync('.tr-partial-install','');}catch{}\"",
     "prepack": "npm run build",
     "prepublishOnly": "node ../scripts/check-scanner.mjs && node ../scripts/check-version-drift.mjs && node ../scripts/check-url-binding.mjs --release-type=${TOTALRECLAW_RELEASE_TYPE:-rc}"
   },

package/skill.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "totalreclaw",
-  "version": "3.3.4-rc.2",
+  "version": "3.3.6-rc.1",
   "description": "End-to-end encrypted memory for AI agents — portable, yours forever. XChaCha20-Poly1305 E2EE: server never sees plaintext.",
   "author": "TotalReclaw Team",
   "license": "MIT",
@@ -15,6 +15,131 @@
     "agent-memory",
     "persistent-context"
   ],
+  "tools": [
+    {
+      "name": "totalreclaw_pair",
+      "description": "Set up the user's TotalReclaw account (encrypted, browser-side recovery-phrase generation or import). Returns an account-setup URL, a 6-digit PIN, and an ASCII QR code that the agent relays to the user. The recovery phrase is generated/entered in the BROWSER and uploaded end-to-end encrypted to this gateway — it NEVER touches the LLM provider or the chat transcript. This is the canonical agent-facilitated account-setup surface. Tool name kept for backward compatibility — function-wise this is the account-setup tool.",
+      "handler": "./dist/index.js",
+      "parameters": {
+        "mode": {
+          "type": "string",
+          "required": false,
+          "enum": ["generate", "import"],
+          "default": "generate",
+          "description": "\"generate\" = browser will create a NEW recovery phrase. \"import\" = browser will accept an EXISTING phrase pasted by the user in their browser (never through chat)."
+        }
+      }
+    },
+    {
+      "name": "totalreclaw_remember",
+      "description": "Store a new fact or preference in long-term memory",
+      "handler": "./dist/index.js",
+      "parameters": {
+        "text": {
+          "type": "string",
+          "required": true,
+          "description": "The fact or information to remember"
+        },
+        "type": {
+          "type": "string",
+          "required": false,
+          "enum": ["fact", "preference", "decision", "episodic", "goal"],
+          "default": "fact",
+          "description": "Type of memory"
+        },
+        "importance": {
+          "type": "integer",
+          "required": false,
+          "min": 1,
+          "max": 10,
+          "description": "Importance score 1-10. Default: auto-detected by LLM"
+        }
+      }
+    },
+    {
+      "name": "totalreclaw_recall",
+      "description": "Search and retrieve relevant memories from long-term storage",
+      "handler": "./dist/index.js",
+      "parameters": {
+        "query": {
+          "type": "string",
+          "required": true,
+          "description": "Natural language query to search memories"
+        },
+        "k": {
+          "type": "integer",
+          "required": false,
+          "default": 8,
+          "max": 20,
+          "description": "Number of results to return"
+        }
+      }
+    },
+    {
+      "name": "totalreclaw_forget",
+      "description": "Delete a specific fact from memory",
+      "handler": "./dist/index.js",
+      "parameters": {
+        "factId": {
+          "type": "string",
+          "required": true,
+          "description": "UUID of the fact to delete"
+        }
+      }
+    },
+    {
+      "name": "totalreclaw_export",
+      "description": "Export all stored memories in plaintext format",
+      "handler": "./dist/index.js",
+      "parameters": {
+        "format": {
+          "type": "string",
+          "required": false,
+          "enum": ["json", "markdown"],
+          "default": "json",
+          "description": "Export format"
+        }
+      }
+    },
+    {
+      "name": "totalreclaw_status",
+      "description": "Check billing and subscription status, including quota usage and upgrade options",
+      "handler": "./dist/index.js",
+      "parameters": {}
+    },
+    {
+      "name": "totalreclaw_upgrade",
+      "description": "Get a checkout URL to upgrade to TotalReclaw Pro (unlimited memories on Gnosis mainnet)",
+      "handler": "./dist/index.js",
+      "parameters": {}
+    },
+    {
+      "name": "totalreclaw_import_from",
+      "description": "Import memories from other AI memory tools (Mem0, MCP Memory Server) into TotalReclaw",
+      "handler": "./dist/index.js",
+      "parameters": {
+        "source": {
+          "type": "string",
+          "required": true,
+          "enum": ["mem0", "mcp-memory"],
+          "description": "Source system to import from"
+        }
+      }
+    },
+    {
+      "name": "totalreclaw_consolidate",
+      "description": "Scan all stored memories and merge near-duplicates, keeping the most important/recent version",
+      "handler": "./dist/index.js",
+      "parameters": {
+        "dry_run": {
+          "type": "boolean",
+          "required": false,
+          "default": false,
+          "description": "Preview consolidation without deleting"
+        }
+      }
+    }
+  ],
   "openclaw": {
     "minVersion": "0.1.0",
     "maxVersion": "1.0.0",