@totalreclaw/totalreclaw 3.3.7-rc.1 → 3.3.7-rc.2

package/CHANGELOG.md

@@ -4,6 +4,31 @@ All notable changes to `@totalreclaw/totalreclaw` (the OpenClaw plugin) are docu
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.3.7-rc.2] — 2026-05-04
+
+Follow-up to 3.3.7-rc.1, caught in Pedro's manual integration testing on the OpenClaw side 2026-05-03. The 5-tier auth fix shipped DEAD-CODE in rc.1: gateway logs surfaced `[gateway] [plugins] command registration failed: Command name "restart" is reserved by a built-in command (plugin=totalreclaw, source=/home/pdiogo/.openclaw/extensions/totalreclaw/dist/index.js)`. The plugin's `/restart` registration was rejected because OpenClaw's plugin registry hard-rejects `restart` (and the rest of `RESERVED_COMMANDS` — see `node_modules/openclaw/dist/registry-*.js` — `help`, `commands`, `status`, `whoami`, `context`, `stop`, `restart`, `reset`, `new`, `compact`, `config`, `debug`, `allowlist`, `activation`, `skill`, `subagents`, `kill`, `steer`, `tell`, `model`, `models`, `queue`, `send`, `bash`, `exec`, `think`, `verbose`, `reasoning`, `elevated`, `usage`). Built-in `/restart` retains its allow-from-only semantics, which is what gave Pedro the original "You are not authorized" — and our 5-tier fallback never ran because plugin registration never succeeded.
+
+### Fixed — rename plugin slash command to `/totalreclaw-restart` (issue #215, follow-up)
+
+**Fix:** plugin command name renamed from `restart` to `totalreclaw-restart`. The 5-tier auth resolver from rc.1 (`restart-auth.ts`, `inbound-user-tracker.ts`) is unchanged — it's the correct logic, just needed to attach to a non-reserved name. SKILL.md / setup-guide both tell the agent to issue `/totalreclaw-restart` so end-users never type `/restart` directly. The OpenClaw built-in `/restart` keeps its allow-from-only semantics — both commands coexist; the plugin's namespaced form is the recommended path for default-config users.
+
+The SIGUSR1 emit path (`process.kill(process.pid, 'SIGUSR1')`) is unchanged — gateway accepts iff `commands.restart=true` (default), and the policy keys on the gateway-level config flag, NOT on the plugin command name. So `/totalreclaw-restart` triggers a real gateway restart end-to-end.
+
+**Upstream FR (filed alongside this PR):** OpenClaw should allow plugins to override built-in command names with an explicit precedence flag (e.g. `registerCommand({ name: 'restart', overrideBuiltIn: true, ... })`). Until that lands, the namespaced workaround is canonical. Reference back to issue #215 architectural concerns.
+
+Implementation:
+- `skill/plugin/index.ts` — `api.registerCommand({ name: 'totalreclaw-restart', ... })` (was `'restart'`). Log lines updated to `/totalreclaw-restart` for cross-grep with the new SKILL.md instructions.
+- `skill/plugin/restart-auth.ts` — docstring header reflects the rename + the rc.1 → rc.2 trail. The resolver matrix is byte-identical to rc.1.
+- `skill/plugin/inbound-user-tracker.ts` — comment refers to the new command name.
+- `skill/plugin/SKILL.md` — every user-facing instance of `/restart` (in agent-instructions: "issue `/restart` autonomously…") replaced with `/totalreclaw-restart`. Added a one-line note explaining why we renamed.
+- `skill/SKILL.md` — same.
+- `docs/guides/openclaw-setup.md` — same. The "If `/restart` returns unauthorized" section is now keyed on `/totalreclaw-restart`. The rare-but-real built-in `/restart` referenced as the OpenClaw-shipped command (which the user does NOT type for our path).
+
+### Tests
+
+- Plugin: existing `restart-auth.test.ts` (29 assertions) + `inbound-user-tracker.test.ts` (14 assertions) all pass against the new command name (the resolver doesn't know its caller's name — it's pure). New regression test `register-command-name.test.ts` asserts the registered name is `totalreclaw-restart` (NOT `restart`) and asserts the plugin would not trip OpenClaw's `RESERVED_COMMANDS` check (parses the upstream `validateCommandName` rule directly from `node_modules/openclaw/dist/registry-*.js`). All pre-existing tests remain green.
+- Hermes: `python/tests/test_restart_auth_5_tier_2_3_6.py` (21 assertions) all pass — the resolver is name-agnostic. CHANGELOG entry on the Hermes side notes the matching rename for the future Hermes `register_command` wiring.
+
 ## [3.3.7-rc.1] — 2026-05-03
 
 Patch wave from Pedro's QA on 3.3.6-rc.1 (real-user Telegram → Pop OS Docker container → OpenClaw 2026.4.22 + plugin 3.3.6-rc.1). Two ship-stoppers, both architectural rather than config-drift:

package/SKILL.md

@@ -1,7 +1,7 @@
 ---
 name: totalreclaw
 description: "Install + set up TotalReclaw encrypted memory for OpenClaw, then use totalreclaw_remember / totalreclaw_recall. Trigger on 'install TotalReclaw', 'set up TotalReclaw', 'restore my recovery phrase', or any remember / recall request."
-version: 3.3.7-rc.1
+version: 3.3.7-rc.2
 author: TotalReclaw Team
 license: MIT
 homepage: https://totalreclaw.xyz
@@ -38,7 +38,7 @@ Speak only these lines, in order. Substitute the bracketed placeholders with the
    > Installing TotalReclaw…
 2. (after install + auto-reload + `totalreclaw_pair` is bound)
    > ✓ Installed (totalreclaw <version>)
-3. (optional — only if auto-reload didn't fire and you need to issue `/restart`)
+3. (optional — only if auto-reload didn't fire and you need to issue `/totalreclaw-restart`)
    > Restarting OpenClaw to load the plugin…
 4. (optional — only if you successfully disabled the built-in memory tool to prevent dual-write)
    > Disabled built-in memory tool.
@@ -63,15 +63,15 @@ If `totalreclaw_*` tools are already bound to your toolset, SKIP install and jum
 
    If either shell call fails with `command not found` / ENOENT / "not authorized" (managed-service or shell-restricted environment), tell the user verbatim *"Your environment doesn't expose the OpenClaw CLI to me. Please install `totalreclaw` from your service's plugins / skills UI, then reply `done`."* Wait for `done` and skip to step 3.
 
-2. **Wait for auto-reload — then issue `/restart` autonomously if needed (silent — emit user-visible line 2 on success, line 3 only if you had to restart).** OpenClaw's default config (`gateway.reload.mode = "hybrid"`) auto-restarts the gateway via a file-watcher within 1-3 seconds. Wait ~5s, then run `openclaw plugins list | grep totalreclaw` and confirm `totalreclaw_pair` is in your toolset. When bound, emit user-visible line 2 and proceed.
+2. **Wait for auto-reload — then issue `/totalreclaw-restart` autonomously if needed (silent — emit user-visible line 2 on success, line 3 only if you had to restart).** OpenClaw's default config (`gateway.reload.mode = "hybrid"`) auto-restarts the gateway via a file-watcher within 1-3 seconds. Wait ~5s, then run `openclaw plugins list | grep totalreclaw` and confirm `totalreclaw_pair` is in your toolset. When bound, emit user-visible line 2 and proceed.
 
    **If `totalreclaw_pair` is NOT visible after 10s — restart imperative (read carefully):**
 
-   > Your IMMEDIATE next message must be the literal slash command `/restart` — nothing else. Do not narrate. Do not ask permission. Do not describe what `/restart` does. Do not propose alternatives. Just send `/restart`. You may emit user-visible line 3 (`Restarting OpenClaw to load the plugin…`) ONCE in the same turn, then issue `/restart`. Nothing else.
+   > Your IMMEDIATE next message must be the literal slash command `/totalreclaw-restart` — nothing else. Do not narrate. Do not ask permission. Do not describe what `/totalreclaw-restart` does. Do not propose alternatives. Just send `/totalreclaw-restart`. You may emit user-visible line 3 (`Restarting OpenClaw to load the plugin…`) ONCE in the same turn, then issue `/totalreclaw-restart`. Nothing else.
 
-   `/restart` is in-process — it drains active runs cleanly; your shell is NOT shelling out to `docker restart` or `openclaw gateway restart` (those would suicide the host). After `/restart`, wait ~3s and re-run `openclaw plugins list`.
+   `/totalreclaw-restart` is in-process — it drains active runs cleanly; your shell is NOT shelling out to `docker restart` or `openclaw gateway restart` (those would suicide the host). After `/totalreclaw-restart`, wait ~3s and re-run `openclaw plugins list`. (3.3.7-rc.2 renamed this from `/restart` because OpenClaw reserves `/restart` for its built-in — the plugin-side fallback can only attach to a unique name. The 5-tier auth resolver is unchanged; only the command name moved.)
 
-   **If `/restart` returns "You are not authorized to use this command":** surface this verbatim and stop. Do NOT loop `/restart` calls. Do NOT propose alternatives.
+   **If `/totalreclaw-restart` returns "You are not authorized to use this command":** surface this verbatim and stop. Do NOT loop `/totalreclaw-restart` calls. Do NOT propose alternatives.
 
    > Your Telegram channel needs `allowFrom` configured. Run on your host: `jq '.channels.<channel>.allowFrom = ["<your-id>"]' ~/.openclaw/openclaw.json | sponge ~/.openclaw/openclaw.json && docker restart <your-container-name>`. Substitute `<channel>` (e.g. `telegram`, `slack`), `<your-id>` (Telegram: `@username` or numeric `chat_id`; Slack: workspace member ID), and `<your-container-name>` (`docker ps` shows it). For non-Docker installs substitute `openclaw gateway restart` for the `docker restart` portion. On a managed service, ask the service's support to enable slash commands. Reply `done` after.
 
@@ -84,12 +84,12 @@ If `totalreclaw_*` tools are already bound to your toolset, SKIP install and jum
    - "Quick fix…"
    - "However, I don't see…"
    - "I need to use…"
-   - "Should I /restart" / "Do you have a public URL" / "Want me to restart" / "Let me check if the tool is bound" / "I need permission to restart"
+   - "Should I /totalreclaw-restart" / "Do you have a public URL" / "Want me to restart" / "Let me check if the tool is bound" / "I need permission to restart"
    - "Now installing…" / "Got it" / "In parallel…" / "Step 1a/1b/1c"
 
    Substitute all of these with silence — the next user-visible line in the set, or nothing.
 
-3. **Verify `totalreclaw_pair` is bound.** If still missing after `/restart` (or after the user fixed allowFrom and said `done`), tell them the restart didn't take effect and ask them to retry. Do not loop the install.
+3. **Verify `totalreclaw_pair` is bound.** If still missing after `/totalreclaw-restart` (or after the user fixed allowFrom and said `done`), tell them the restart didn't take effect and ask them to retry. Do not loop the install.
 
 4. **Check for existing credentials (silent unless found).** Run `test -s ~/.totalreclaw/credentials.json`. If it exists and is non-empty, emit *"✓ TotalReclaw is already set up."* and stop.
 

package/dist/inbound-user-tracker.js

@@ -1,7 +1,7 @@
 /**
  * Per-channel inbound-user tracker (issue #215, 3.3.7-rc.1).
  *
- * Tier 3 + Tier 5 of the `/restart` 5-tier auth fallback need to know
+ * Tier 3 + Tier 5 of the `/totalreclaw-restart` 5-tier auth fallback need to know
  * "how many distinct users have ever messaged this gateway on channel X".
  *
  * This module implements a simple disk-backed counter. Persistence

package/dist/index.js

@@ -2833,7 +2833,7 @@ const plugin = {
                             // <pluginDir>/.loaded.json` from the host shell. Both
                             // surfaces should agree; if chat says boot=N but the
                             // file says boot=N+1, the chat session is stale and a
-                            // /restart is warranted.
+                            // /totalreclaw-restart is warranted.
                             try {
                                 const m = _pluginDirForManifest
                                     ? readPluginLoadedManifest(_pluginDirForManifest)
@@ -2872,26 +2872,42 @@ const plugin = {
                     },
                 });
                 // ---------------------------------------------------------------
-                // 3.3.7-rc.1 (issue #215) — `/restart` plugin command override
+                // 3.3.7-rc.2 (issue #215, follow-up) — `/totalreclaw-restart`
                 // ---------------------------------------------------------------
                 //
-                // Replaces OpenClaw's built-in `/restart` so we can apply the
-                // 5-tier auth fallback. Plugin commands match BEFORE built-ins
-                // (see upstream `auto-reply/reply/commands-plugin.ts`), so this
-                // takes precedence whenever the plugin is loaded. We use
-                // `requireAuth: false` to bypass the channel-layer auth check —
-                // the 5-tier fallback in `restart-auth.ts` decides allow / reject.
+                // Originally rc.1 registered this as `/restart` to override the
+                // OpenClaw built-in. That was wrong: OpenClaw's plugin registry
+                // hard-rejects the name on the reserved list (see upstream
+                // `RESERVED_COMMANDS` in `dist/registry-*.js`) — registration
+                // fails with `Command name "restart" is reserved by a built-in
+                // command` and the 5-tier fallback never runs. Pedro caught this
+                // in 3.3.7-rc.1 manual integration testing 2026-05-03; gateway
+                // logs surfaced the rejection, so the rc.1 fix shipped DEAD-CODE.
+                //
+                // Workaround until upstream lands a plugin-override-precedence
+                // flag (FR filed alongside this PR): use a unique, namespaced
+                // command name. Plugin handles `/totalreclaw-restart`; the
+                // built-in `/restart` keeps its allow-from-only semantics
+                // unchanged. SKILL.md tells the agent to issue the namespaced
+                // form, so end-users never type `restart` directly.
+                //
+                // We still use `requireAuth: false` to bypass the channel-layer
+                // auth check — the 5-tier fallback in `restart-auth.ts` decides
+                // allow / reject per the same matrix as rc.1.
                 //
                 // If allow → fire `process.kill(process.pid, 'SIGUSR1')`. The
                 // gateway accepts SIGUSR1 iff `commands.restart=true` (the
                 // default) — see upstream `setGatewaySigusr1RestartPolicy`.
+                // (The SIGUSR1 policy still keys on `commands.restart`, NOT on
+                // the plugin command name — gateways only honour one restart
+                // signal.)
                 //
                 // If reject → return a short non-shaming message via
                 // `rejectMessageFor` that points the user at the right config
                 // key (no infinite loop — agent will follow the unauthorized
                 // fallback path documented in SKILL.md instead).
                 api.registerCommand({
-                    name: 'restart',
+                    name: 'totalreclaw-restart',
                     description: 'Restart OpenClaw gracefully (drains active runs first).',
                     acceptsArgs: false,
                     requireAuth: false,
@@ -2937,10 +2953,10 @@ const plugin = {
                             getDistinctInboundUserCount: (ch) => getDistinctInboundUserCount(trackerPath, ch),
                         });
                         if (verdict.allow === false) {
-                            api.logger.info(`TotalReclaw: /restart rejected (channel=${channel || '<none>'} sender=${senderId || '<none>'} reason=${verdict.reason})`);
+                            api.logger.info(`TotalReclaw: /totalreclaw-restart rejected (channel=${channel || '<none>'} sender=${senderId || '<none>'} reason=${verdict.reason})`);
                             return { text: rejectMessageFor(verdict.reason) };
                         }
-                        api.logger.info(`TotalReclaw: /restart allowed (channel=${channel || '<none>'} sender=${senderId || '<none>'} tier=${verdict.reason})`);
+                        api.logger.info(`TotalReclaw: /totalreclaw-restart allowed (channel=${channel || '<none>'} sender=${senderId || '<none>'} tier=${verdict.reason})`);
                         // Trigger the gateway's SIGUSR1 restart path. Wrap in
                         // try/catch — `process.kill` can throw if the gateway is
                         // already shutting down (rare but seen in the wild).
@@ -2949,7 +2965,7 @@ const plugin = {
                         }
                         catch (err) {
                             const msg = err instanceof Error ? err.message : String(err);
-                            api.logger.warn(`TotalReclaw: /restart SIGUSR1 emit failed: ${msg}`);
+                            api.logger.warn(`TotalReclaw: /totalreclaw-restart SIGUSR1 emit failed: ${msg}`);
                             return {
                                 text: `Restart request acknowledged but the gateway didn't accept the signal (${msg}). Try \`docker restart <container>\` if running in Docker.`,
                             };
@@ -2962,11 +2978,11 @@ const plugin = {
             // 3.3.7-rc.1 (issue #215) — track distinct inbound users per channel
             // ---------------------------------------------------------------
             //
-            // Tier 3 + tier 5 of the `/restart` 5-tier auth fallback need to
-            // know how many distinct users have messaged this gateway on
-            // each channel. We instrument `message_received` to record every
-            // (channel, senderId) pair to disk; the count survives gateway
-            // restarts (see `inbound-user-tracker.ts`).
+            // Tier 3 + tier 5 of the `/totalreclaw-restart` 5-tier auth
+            // fallback need to know how many distinct users have messaged this
+            // gateway on each channel. We instrument `message_received` to
+            // record every (channel, senderId) pair to disk; the count
+            // survives gateway restarts (see `inbound-user-tracker.ts`).
             //
             // Best-effort: we never throw out of this hook even if the disk
             // write fails — the auth fallback degrades gracefully (a stale

package/dist/restart-auth.js

@@ -1,5 +1,5 @@
 /**
- * /restart slash command — 5-tier auth fallback (issue #215)
+ * /totalreclaw-restart slash command — 5-tier auth fallback (issue #215)
  *
  * Architectural fix shipped 3.3.7-rc.1 after 3.3.6-rc.1 QA found that
  * default-config users (no `commands.ownerAllowFrom`, no
@@ -7,14 +7,24 @@
  * this command." when they typed `/restart` to recover from the plugin
  * tool-binding race (the dominant first-run install path).
  *
- * The plugin's `/restart` registration overrides OpenClaw's built-in
- * `/restart` (plugin commands are matched BEFORE built-ins; see
- * upstream `auto-reply/reply/commands-plugin.ts`). With
- * `requireAuth: false` the channel-layer auth check is skipped, and
- * this module's `resolveRestartAuth` decides allow-vs-reject using a
- * five-tier fallback. If the result is `allow`, the caller fires
+ * 3.3.7-rc.2 (2026-05-04) renamed the plugin command from `restart` to
+ * `totalreclaw-restart` after Pedro caught — in rc.1 manual integration
+ * testing — that OpenClaw's plugin registry hard-rejects names on
+ * `RESERVED_COMMANDS` (gateway log: `Command name "restart" is reserved
+ * by a built-in command`). The 5-tier matrix below is unchanged from
+ * rc.1; only the command name attached to it changed. SKILL.md /
+ * setup-guide both tell the agent to issue the namespaced form, so
+ * end-users never type `restart` directly. An upstream FR is open
+ * asking for a plugin-override-precedence flag.
+ *
+ * Plugin handles `/totalreclaw-restart` (validation passes — hyphenated
+ * names are allowed and the name is unique). With `requireAuth: false`
+ * the channel-layer auth check is skipped, and this module's
+ * `resolveRestartAuth` decides allow-vs-reject using a five-tier
+ * fallback. If the result is `allow`, the caller fires
  * `process.kill(process.pid, 'SIGUSR1')` — which the gateway accepts
- * iff `commands.restart=true` (the default).
+ * iff `commands.restart=true` (the default; the SIGUSR1 policy keys on
+ * the gateway-level config flag, NOT on the plugin command name).
  *
  * Tier order (highest priority first):
  *   1. `commands.ownerAllowFrom` explicitly lists invoker → allow
@@ -69,7 +79,7 @@ function entryMatches(allowFrom, senderId) {
     return false;
 }
 /**
- * Resolve whether the given invoker may run `/restart`.
+ * Resolve whether the given invoker may run `/totalreclaw-restart`.
  *
  * Tier order: see file header.
  *

package/inbound-user-tracker.ts

@@ -1,7 +1,7 @@
 /**
  * Per-channel inbound-user tracker (issue #215, 3.3.7-rc.1).
  *
- * Tier 3 + Tier 5 of the `/restart` 5-tier auth fallback need to know
+ * Tier 3 + Tier 5 of the `/totalreclaw-restart` 5-tier auth fallback need to know
  * "how many distinct users have ever messaged this gateway on channel X".
  *
  * This module implements a simple disk-backed counter. Persistence

package/index.ts

@@ -3430,7 +3430,7 @@ const plugin = {
             // <pluginDir>/.loaded.json` from the host shell. Both
             // surfaces should agree; if chat says boot=N but the
             // file says boot=N+1, the chat session is stale and a
-            // /restart is warranted.
+            // /totalreclaw-restart is warranted.
             try {
               const m = _pluginDirForManifest
                 ? readPluginLoadedManifest(_pluginDirForManifest)
@@ -3472,26 +3472,42 @@ const plugin = {
       });
 
       // ---------------------------------------------------------------
-      // 3.3.7-rc.1 (issue #215) — `/restart` plugin command override
+      // 3.3.7-rc.2 (issue #215, follow-up) — `/totalreclaw-restart`
       // ---------------------------------------------------------------
       //
-      // Replaces OpenClaw's built-in `/restart` so we can apply the
-      // 5-tier auth fallback. Plugin commands match BEFORE built-ins
-      // (see upstream `auto-reply/reply/commands-plugin.ts`), so this
-      // takes precedence whenever the plugin is loaded. We use
-      // `requireAuth: false` to bypass the channel-layer auth check —
-      // the 5-tier fallback in `restart-auth.ts` decides allow / reject.
+      // Originally rc.1 registered this as `/restart` to override the
+      // OpenClaw built-in. That was wrong: OpenClaw's plugin registry
+      // hard-rejects the name on the reserved list (see upstream
+      // `RESERVED_COMMANDS` in `dist/registry-*.js`) — registration
+      // fails with `Command name "restart" is reserved by a built-in
+      // command` and the 5-tier fallback never runs. Pedro caught this
+      // in 3.3.7-rc.1 manual integration testing 2026-05-03; gateway
+      // logs surfaced the rejection, so the rc.1 fix shipped DEAD-CODE.
+      //
+      // Workaround until upstream lands a plugin-override-precedence
+      // flag (FR filed alongside this PR): use a unique, namespaced
+      // command name. Plugin handles `/totalreclaw-restart`; the
+      // built-in `/restart` keeps its allow-from-only semantics
+      // unchanged. SKILL.md tells the agent to issue the namespaced
+      // form, so end-users never type `restart` directly.
+      //
+      // We still use `requireAuth: false` to bypass the channel-layer
+      // auth check — the 5-tier fallback in `restart-auth.ts` decides
+      // allow / reject per the same matrix as rc.1.
       //
       // If allow → fire `process.kill(process.pid, 'SIGUSR1')`. The
       // gateway accepts SIGUSR1 iff `commands.restart=true` (the
       // default) — see upstream `setGatewaySigusr1RestartPolicy`.
+      // (The SIGUSR1 policy still keys on `commands.restart`, NOT on
+      // the plugin command name — gateways only honour one restart
+      // signal.)
       //
       // If reject → return a short non-shaming message via
       // `rejectMessageFor` that points the user at the right config
       // key (no infinite loop — agent will follow the unauthorized
       // fallback path documented in SKILL.md instead).
       api.registerCommand({
-        name: 'restart',
+        name: 'totalreclaw-restart',
         description: 'Restart OpenClaw gracefully (drains active runs first).',
         acceptsArgs: false,
         requireAuth: false,
@@ -3542,13 +3558,13 @@ const plugin = {
 
           if (verdict.allow === false) {
             api.logger.info(
-              `TotalReclaw: /restart rejected (channel=${channel || '<none>'} sender=${senderId || '<none>'} reason=${verdict.reason})`,
+              `TotalReclaw: /totalreclaw-restart rejected (channel=${channel || '<none>'} sender=${senderId || '<none>'} reason=${verdict.reason})`,
             );
             return { text: rejectMessageFor(verdict.reason) };
           }
 
           api.logger.info(
-            `TotalReclaw: /restart allowed (channel=${channel || '<none>'} sender=${senderId || '<none>'} tier=${verdict.reason})`,
+            `TotalReclaw: /totalreclaw-restart allowed (channel=${channel || '<none>'} sender=${senderId || '<none>'} tier=${verdict.reason})`,
           );
 
           // Trigger the gateway's SIGUSR1 restart path. Wrap in
@@ -3558,7 +3574,7 @@ const plugin = {
             process.kill(process.pid, 'SIGUSR1');
           } catch (err) {
             const msg = err instanceof Error ? err.message : String(err);
-            api.logger.warn(`TotalReclaw: /restart SIGUSR1 emit failed: ${msg}`);
+            api.logger.warn(`TotalReclaw: /totalreclaw-restart SIGUSR1 emit failed: ${msg}`);
             return {
               text: `Restart request acknowledged but the gateway didn't accept the signal (${msg}). Try \`docker restart <container>\` if running in Docker.`,
             };
@@ -3572,11 +3588,11 @@ const plugin = {
     // 3.3.7-rc.1 (issue #215) — track distinct inbound users per channel
     // ---------------------------------------------------------------
     //
-    // Tier 3 + tier 5 of the `/restart` 5-tier auth fallback need to
-    // know how many distinct users have messaged this gateway on
-    // each channel. We instrument `message_received` to record every
-    // (channel, senderId) pair to disk; the count survives gateway
-    // restarts (see `inbound-user-tracker.ts`).
+    // Tier 3 + tier 5 of the `/totalreclaw-restart` 5-tier auth
+    // fallback need to know how many distinct users have messaged this
+    // gateway on each channel. We instrument `message_received` to
+    // record every (channel, senderId) pair to disk; the count
+    // survives gateway restarts (see `inbound-user-tracker.ts`).
     //
     // Best-effort: we never throw out of this hook even if the disk
     // write fails — the auth fallback degrades gracefully (a stale

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@totalreclaw/totalreclaw",
-  "version": "3.3.7-rc.1",
+  "version": "3.3.7-rc.2",
   "description": "End-to-end encrypted, agent-portable memory for OpenClaw and any LLM-agent runtime. XChaCha20-Poly1305 with protobuf v4 + on-chain Memory Taxonomy v1 (claim / preference / directive / commitment / episode / summary).",
   "type": "module",
   "keywords": [
@@ -64,7 +64,7 @@
   "scripts": {
     "build": "rm -rf dist && tsc -p tsconfig.json --noCheck",
     "verify-tarball": "node ../scripts/verify-tarball.mjs",
-    "test": "npx tsx manifest-shape.test.ts && npx tsx config-schema.test.ts && npx tsx config.test.ts && npx tsx relay-headers.test.ts && npx tsx scope-address-visible.test.ts && npx tsx llm-profile-reader.test.ts && npx tsx llm-client.test.ts && npx tsx llm-client-retry.test.ts && npx tsx gateway-url.test.ts && npx tsx retype-setscope.test.ts && npx tsx tool-gating.test.ts && npx tsx onboarding-noninteractive.test.ts && npx tsx pair-cli-json.test.ts && npx tsx pair-qr.test.ts && npx tsx pair-remote-client.test.ts && npx tsx qa-bug-report.test.ts && npx tsx nonce-serialization.test.ts && npx tsx phrase-safety-registry.test.ts && npx tsx test_issue_92_onnx_download_ux.test.ts && npx tsx onboard-pair-only.test.ts && npx tsx import-time-smoke.test.ts && npx tsx install-staging-cleanup.test.ts && npx tsx partial-install-detection.test.ts && npx tsx install-reload-idempotency.test.ts && npx tsx json-stdout-cleanliness.test.ts && npx tsx load-manifest.test.ts && npx tsx url-binding.test.ts && npx tsx fs-helpers.test.ts && npx tsx pair-cli-default-mode.test.ts && npx tsx embedding-fallback-tag.test.ts && npx tsx staging-banner-gate.test.ts && npx tsx restart-auth.test.ts && npx tsx inbound-user-tracker.test.ts",
+    "test": "npx tsx manifest-shape.test.ts && npx tsx config-schema.test.ts && npx tsx config.test.ts && npx tsx relay-headers.test.ts && npx tsx scope-address-visible.test.ts && npx tsx llm-profile-reader.test.ts && npx tsx llm-client.test.ts && npx tsx llm-client-retry.test.ts && npx tsx gateway-url.test.ts && npx tsx retype-setscope.test.ts && npx tsx tool-gating.test.ts && npx tsx onboarding-noninteractive.test.ts && npx tsx pair-cli-json.test.ts && npx tsx pair-qr.test.ts && npx tsx pair-remote-client.test.ts && npx tsx qa-bug-report.test.ts && npx tsx nonce-serialization.test.ts && npx tsx phrase-safety-registry.test.ts && npx tsx test_issue_92_onnx_download_ux.test.ts && npx tsx onboard-pair-only.test.ts && npx tsx import-time-smoke.test.ts && npx tsx install-staging-cleanup.test.ts && npx tsx partial-install-detection.test.ts && npx tsx install-reload-idempotency.test.ts && npx tsx json-stdout-cleanliness.test.ts && npx tsx load-manifest.test.ts && npx tsx url-binding.test.ts && npx tsx fs-helpers.test.ts && npx tsx pair-cli-default-mode.test.ts && npx tsx embedding-fallback-tag.test.ts && npx tsx staging-banner-gate.test.ts && npx tsx restart-auth.test.ts && npx tsx inbound-user-tracker.test.ts && npx tsx register-command-name.test.ts",
     "smoke:dist": "npx tsx dist-esm-smoke.test.ts",
     "check-scanner": "node ../scripts/check-scanner.mjs",
     "check-version-drift": "node ../scripts/check-version-drift.mjs",

package/restart-auth.ts

@@ -1,5 +1,5 @@
 /**
- * /restart slash command — 5-tier auth fallback (issue #215)
+ * /totalreclaw-restart slash command — 5-tier auth fallback (issue #215)
  *
  * Architectural fix shipped 3.3.7-rc.1 after 3.3.6-rc.1 QA found that
  * default-config users (no `commands.ownerAllowFrom`, no
@@ -7,14 +7,24 @@
  * this command." when they typed `/restart` to recover from the plugin
  * tool-binding race (the dominant first-run install path).
  *
- * The plugin's `/restart` registration overrides OpenClaw's built-in
- * `/restart` (plugin commands are matched BEFORE built-ins; see
- * upstream `auto-reply/reply/commands-plugin.ts`). With
- * `requireAuth: false` the channel-layer auth check is skipped, and
- * this module's `resolveRestartAuth` decides allow-vs-reject using a
- * five-tier fallback. If the result is `allow`, the caller fires
+ * 3.3.7-rc.2 (2026-05-04) renamed the plugin command from `restart` to
+ * `totalreclaw-restart` after Pedro caught — in rc.1 manual integration
+ * testing — that OpenClaw's plugin registry hard-rejects names on
+ * `RESERVED_COMMANDS` (gateway log: `Command name "restart" is reserved
+ * by a built-in command`). The 5-tier matrix below is unchanged from
+ * rc.1; only the command name attached to it changed. SKILL.md /
+ * setup-guide both tell the agent to issue the namespaced form, so
+ * end-users never type `restart` directly. An upstream FR is open
+ * asking for a plugin-override-precedence flag.
+ *
+ * Plugin handles `/totalreclaw-restart` (validation passes — hyphenated
+ * names are allowed and the name is unique). With `requireAuth: false`
+ * the channel-layer auth check is skipped, and this module's
+ * `resolveRestartAuth` decides allow-vs-reject using a five-tier
+ * fallback. If the result is `allow`, the caller fires
  * `process.kill(process.pid, 'SIGUSR1')` — which the gateway accepts
- * iff `commands.restart=true` (the default).
+ * iff `commands.restart=true` (the default; the SIGUSR1 policy keys on
+ * the gateway-level config flag, NOT on the plugin command name).
  *
  * Tier order (highest priority first):
  *   1. `commands.ownerAllowFrom` explicitly lists invoker → allow
@@ -120,7 +130,7 @@ export interface RestartAuthInput {
 }
 
 /**
- * Resolve whether the given invoker may run `/restart`.
+ * Resolve whether the given invoker may run `/totalreclaw-restart`.
  *
  * Tier order: see file header.
  *

package/skill.json

@@ -1,6 +1,6 @@
 {
   "name": "totalreclaw",
-  "version": "3.3.7-rc.1",
+  "version": "3.3.7-rc.2",
   "description": "End-to-end encrypted memory for AI agents — portable, yours forever. XChaCha20-Poly1305 E2EE: server never sees plaintext.",
   "author": "TotalReclaw Team",
   "license": "MIT",