agentquad 0.4.4 → 0.4.7

package/src/routes/ai-terminal.js

@@ -7,7 +7,7 @@ import { homedir } from 'node:os'
 import pidusage from 'pidusage'
 import { loadConfig, resolveToolsConfig, SUPPORTED_TOOLS, DEFAULT_ROOT_DIR } from '../config.js'
 import { writeRuntimeMcpConfig } from '../agent-installer-shared.js'
-import { CLAUDE_DEFAULT_PERMISSION_OPTIONS, extractPermissionPrompt, formatToolUseAsPrompt } from '../permission-prompt.js'
+import { CLAUDE_DEFAULT_PERMISSION_OPTIONS, extractPermissionPrompt, formatToolUseAsPrompt, parsePermissionOptions } from '../permission-prompt.js'
 import { findLatestPendingToolUse } from '../claude-transcript.js'
 
 const MAX_OUTPUT_BUFFER = 5 * 1024 * 1024
@@ -189,16 +189,31 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
   // 也翻 pending_confirm，会让 session 在 AI 完成回话之后无故卡在"待确认"，前端没有任何
   // 入口能把它清掉（focus 只清 unread；markSessionRunningAfterInput 需要真实输入）。
   // 所以 idle / 其它非 running 状态下，直接拒绝翻转。
+  //
+  // 例外 allowIdleFlip=true：来自 Claude PTY-detector 兜底路径。它要求 anchor + ≥2 个数字
+  // 选项才 emit，假阳性概率极低；而 Claude 在 `permissions.defaultMode='auto'` 或用户在
+  // 终端里 Shift+Tab 切到 plan/acceptEdits 时，权限框可能在 Stop hook 之后（status=idle）
+  // 才浮出来——这种 case 真权限信号下，必须允许从 idle 翻 pending_confirm。
+  //
   // promptText 可由 caller 显式传入（Codex 的 prompt-detector 已经握有一段干净文本）；
   // 不传则从 session.recentOutput 提取尾部（Claude Notification 路径走这条）。
   // 状态已经是 pending_confirm 时也允许更新 pendingPrompt —— 同一轮等待中 PTY
   // 可能继续追加输出（如选项变化、高亮位移），让前端拿到最新文案。
-  function markPendingConfirm(sessionId, { source = null, promptText = null } = {}) {
+  function markPendingConfirm(sessionId, { source = null, promptText = null, allowIdleFlip = false } = {}) {
     const session = sessions.get(sessionId)
     if (!session) return false
     if (!LIVE_AI_STATUSES.has(session.status)) return false
+    // Cursor 的 notification 语义跟 Claude 完全不一样：cursor-hooks 把 cursor 的
+    // `beforeSubmitPrompt`（"我要把 prompt 发给 AI 了"）映射成 notification 事件，
+    // 它**不是**权限请求。如果照旧翻 pending_confirm，cursor session 在 acceptEdits
+    // (--force) 模式下每次用户发消息都被卡进"待确认"状态出不来。
+    // 现阶段 cursor 没有"真权限请求"的可靠信号（cursor-prompt-detector 不存在，
+    // cursor TUI 也没像 Claude 那样的 Esc to cancel 页脚），所以直接拒所有 cursor
+    // 的 pending_confirm 翻转。如果将来加 cursor 专用 detector，再放开。
+    if (session.tool === 'cursor') return false
     const wasPending = session.status === 'pending_confirm'
-    if (!wasPending && session.status !== 'running') return false
+    const wasIdle = session.status === 'idle'
+    if (!wasPending && session.status !== 'running' && !(wasIdle && allowIdleFlip)) return false
 
     let text = ''
     let options = []
@@ -219,18 +234,24 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
     }
 
     // 兜底：从 PTY 提取（Codex 主路径 / Claude jsonl 拿不到时的 backup）。
-    // recentOutput 是 4KB 滑窗，TUI redraw 抖动会冲掉真实 prompt 文本；
-    // 再兜底用 outputHistory（最大 5MB）的尾部 ~64KB，让 extractor 能找到锚点。
     if (!text) {
-      const extractSource = promptText || session.recentOutput || ''
-      let historicalRaw = null
-      if (!promptText && Array.isArray(session.outputHistory) && session.outputHistory.length > 0) {
-        const joined = session.outputHistory.join('')
-        historicalRaw = joined.length > 65536 ? joined.slice(-65536) : joined
+      if (promptText) {
+        // caller 显式给了 promptText（codex-prompt-detector / claude-prompt-detector
+        // 已经在自己那侧做过严格匹配 + 清洗，这里完全相信，只跑一遍 options 解析）
+        text = String(promptText).slice(-1200)
+        options = parsePermissionOptions(text)
+      } else {
+        // 真正只从 PTY 缓冲爬：recentOutput 4KB 滑窗 + outputHistory 5MB 尾部
+        // extractPermissionPrompt 内部走严格 anchor + 数字选项 + 末尾 footer 的窗口规则。
+        let historicalRaw = null
+        if (Array.isArray(session.outputHistory) && session.outputHistory.length > 0) {
+          const joined = session.outputHistory.join('')
+          historicalRaw = joined.length > 65536 ? joined.slice(-65536) : joined
+        }
+        const r = extractPermissionPrompt(session.recentOutput || '', { historicalRaw })
+        text = r.text
+        options = r.options
       }
-      const r = extractPermissionPrompt(extractSource, { historicalRaw })
-      text = r.text
-      options = r.options
     }
     const hasContent = !!(text || options.length)
     const prevPrompt = session.permissionPrompt || null
@@ -509,7 +530,7 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
   })
 
   // ─── 程序化 session 启动入口（供 orchestrator 等模块直接调用，跳过 HTTP） ───
-  function spawnSession({ todoId, prompt, tool, cwd, resumeNativeId, permissionMode, label, extraEnv, sessionId: externalSessionId, skipTelegram = false, ignoreExistingNativeSessionId = false, parentTodoId = null }) {
+  function spawnSession({ todoId, prompt, tool, cwd, resumeNativeId, permissionMode, label, extraEnv, sessionId: externalSessionId, skipTelegram = false, ignoreExistingNativeSessionId = false, parentTodoId = null, suppressStaleTurnDetect = false }) {
     if (!todoId || typeof prompt !== 'string' || !tool) {
       const err = new Error('missing todoId, prompt, or tool'); err.code = 'bad_request'
       throw err
@@ -636,6 +657,7 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
         extraEnv: { ...(extraEnv || {}), ...autoEnv },
         mcpConfigPath: runtimeMcpPath,
         codexMcpUrl,
+        suppressStaleTurnDetect,
       })
       // 2. 读出 preset nativeId（claude 新会话 = randomUUID, resume = resumeNativeId, codex 新 = null）。
       //    这是让"首屏即正确"成立的核心：先于 db.updateTodo 拿到值。
@@ -661,18 +683,20 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
           ...(label ? { label } : {}),
         }),
       })
-      // 4. 5s 兜底：前端如果一直没发合法 init（极少见 — /exec 返回后 WS 还没连上），
+      // 4. 30s 兜底：前端如果一直没发合法 init（极少见 — 旧版本前端 / 网络真的挂了），
       // 用老的 80×24 兜底 spawn，避免 session 永远卡在 create 状态。
+      // 30s（不是 5s）的理由：新前端在隐藏挂载时会延迟到 IO 可见才发 init，主人停留在
+      // conversation tab 默认体验里也不应该撞兜底；30s 既给足切换窗口、又保留挂掉时的退路。
       session.spawnFallbackTimer = setTimeout(() => {
         session.spawnFallbackTimer = null
         if (session.spawned) return
-        console.warn(`[ai-terminal] spawn fallback fired session=${sessionId} (no init within 5s)`)
+        console.warn(`[ai-terminal] spawn fallback fired session=${sessionId} (no init within 30s)`)
         session.spawned = true
         pty.startWithSize(sessionId, 80, 24).catch((e) => {
           console.warn(`[ai-terminal] spawn fallback failed: ${e.message}`)
           session.spawned = false
         })
-      }, 5000)
+      }, 30000)
       session.spawnFallbackTimer.unref?.()
     } catch (error) {
       sessions.delete(sessionId)
@@ -762,6 +786,9 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
           outputBytesTotal: s.outputBytesTotal || 0,
           awaitingReply: !!s.awaitingReply,
           permissionPrompt: s.permissionPrompt || null,
+          // s 是 route 自己的 sessions Map 里的对象；usage 是 PtyManager 的 watcher
+          // 写在它自己 sessions Map 的对象上，必须显式跨读，不能直接 s.usage。
+          usage: pty.getUsage(sessionId),
         })
       }
       res.json({ ok: true, sessions: out })
@@ -1058,20 +1085,27 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
     session.autoMode = nextAutoMode
     broadcastToSession(session, { type: 'auto_mode', autoMode: session.autoMode || null })
 
-    if (nextAutoMode !== 'bypass' || session.tool !== 'claude') return
+    // 对称重启：claude/codex/cursor 三家 CLI 的 permission mode 都是启动参数注入，
+    // 运行时切换必须重启 PTY 才能让新 mode 真正生效。只要前后 effective mode 不同就重启；
+    // 相同 / 工具不支持 / 没有 nativeSessionId 时退路（broadcast / 软通知）。
+    const prevEffective = session.permissionMode || 'default'
+    const nextEffective = nextAutoMode || 'default'
+    if (prevEffective === nextEffective) return
+    const RESTARTABLE_TOOLS = new Set(['claude', 'codex', 'cursor'])
+    if (!RESTARTABLE_TOOLS.has(session.tool)) return
 
     if (!session.nativeSessionId) {
       sendToBrowser(ws, {
         type: 'auto_mode_notice',
-        autoMode: 'bypass',
+        autoMode: nextAutoMode,
         immediate: false,
         reason: 'native_session_missing',
-        message: '当前 Claude 会话尚未拿到原生 session id，全托管将仅对后续启动/恢复的会话生效。',
+        message: '当前会话尚未拿到原生 session id，模式切换将仅对后续启动/恢复的会话生效。',
       })
       return
     }
 
-    broadcastToSession(session, { type: 'auto_mode_switching', target: 'bypass' })
+    broadcastToSession(session, { type: 'auto_mode_switching', target: nextEffective })
     const todoSnapshot = db.getTodo(session.todoId)
     session.replacedBySessionId = '__pending__'
     let restarted
@@ -1082,29 +1116,44 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
         tool: session.tool,
         cwd: session.cwd || undefined,
         resumeNativeId: session.nativeSessionId,
-        permissionMode: 'bypass',
-        label: 'runtime:bypass',
+        permissionMode: nextEffective,
+        label: `runtime:${nextEffective}`,
         skipTelegram: true,
         ignoreExistingNativeSessionId: true,
+        // 老 PTY 即将被 kill，新的 claude --resume 只是接管 jsonl —— 没有真跑新一轮。
+        // 让 watcher 吃掉第一帧 stale 状态，避免它把刚翻成 idle 的状态再翻回 running。
+        suppressStaleTurnDetect: true,
       })
     } catch (e) {
       delete session.replacedBySessionId
       restoreSessionAsCurrent(session, todoSnapshot)
       sendToBrowser(ws, {
         type: 'auto_mode_notice',
-        autoMode: 'bypass',
+        autoMode: nextAutoMode,
         immediate: false,
         reason: 'restart_failed',
-        message: `切换全托管失败：${e.message}`,
+        message: `切换托管模式失败：${e.message}`,
       })
       return
     }
 
+    // 把新 session 翻到 idle：托管模式切换的语义就是"打断当前轮、换一套权限再起来"，
+    // 老 PTY 已经被 kill 在 mid-turn，新的 claude --resume 不会自动续上那一轮 ——
+    // 它只是接管 jsonl 等用户输入。spawnSession 默认 status='running' 适用于"首次启动 +
+    // CLI 直接吃 prompt"的场景；resume-after-mode-switch 都应该是 idle。
+    // RESTARTABLE_TOOLS (claude/codex/cursor) 一视同仁——三家都是"resume 不续轮"的语义。
+    const newSession = sessions.get(restarted.sessionId)
+    if (newSession && LIVE_AI_STATUSES.has(newSession.status)) {
+      newSession.status = 'idle'
+      newSession.awaitingReply = true
+      newSession.lastTurnDoneAt = Date.now()
+      persistLiveSessionState(newSession, 'idle', 'ai_running', { lastTurnDoneAt: newSession.lastTurnDoneAt })
+    }
     broadcastToSession(session, {
       type: 'session_restarted',
       oldSessionId: sessionId,
       newSessionId: restarted.sessionId,
-      autoMode: 'bypass',
+      autoMode: nextEffective,
     })
     if (restarted.sessionId !== sessionId) {
       session.replacedBySessionId = restarted.sessionId
@@ -1231,6 +1280,27 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
     nativeSessionMap.clear()
   }
 
+  // recoverPendingTodosOnStartup 的 spawn 失败 catch 路径用：把 mergeTodoAiSessions
+  // 之前刚写进 DB 的 status='running' 那条改回 'failed'，其它 aiSessions 原样保留。
+  function markRecoveryFailed(todoId, sessionId) {
+    try {
+      const todoNow = db.getTodo(todoId)
+      if (!todoNow) return
+      const aiSessions = Array.isArray(todoNow.aiSessions) ? todoNow.aiSessions : []
+      let mutated = false
+      const next = aiSessions.map((s) => {
+        if (s?.sessionId === sessionId) {
+          mutated = true
+          return { ...s, status: 'failed', completedAt: Date.now() }
+        }
+        return s
+      })
+      if (mutated) db.updateTodo(todoId, { aiSessions: next })
+    } catch (e) {
+      console.warn('[ai-terminal] markRecoveryFailed failed:', e.message)
+    }
+  }
+
   function recoverPendingTodosOnStartup() {
     // 启动期一次性读 config：恢复一条没记 permissionMode 的老 session 时回退到全局默认。
     // 用户在设置里选了"完全托管"但 DB 里没存 → 这里把意图重新接上，否则 claude --resume
@@ -1329,6 +1399,10 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
           todoSessionMap.delete(todo.id)
           const nativeKey = `${recoverable.tool}:${recoverable.nativeSessionId}`
           if (nativeSessionMap.get(nativeKey) === sessionId) nativeSessionMap.delete(nativeKey)
+          // recoverPendingTodosOnStartup 此前已 mergeTodoAiSessions 把该 session 写成
+          // status='running'；spawn 失败必须把那条改回 'failed'，否则前端读到 running
+          // 会渲染"运行中"且没有对应 PTY。与 markOrphanedSessionsAsFailed 互为冗余。
+          markRecoveryFailed(todo.id, sessionId)
           db.updateTodo(todo.id, { status: 'todo' })
         })
       } catch (e) {
@@ -1337,6 +1411,7 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
         todoSessionMap.delete(todo.id)
         const nativeKey = `${recoverable.tool}:${recoverable.nativeSessionId}`
         if (nativeSessionMap.get(nativeKey) === sessionId) nativeSessionMap.delete(nativeKey)
+        markRecoveryFailed(todo.id, sessionId)
         db.updateTodo(todo.id, { status: 'todo' })
       }
     }
@@ -1372,8 +1447,40 @@ export function createAiTerminal({ db, pty, logDir, defaultCwd, getDefaultCwd, o
     }
   }
 
+  // 服务硬重启 / crash 时 PTY 进程没机会触发 onExit，DB 里 aiSession.status='running'
+  // (或 idle / pending_confirm) 会留作"僵尸"，前端读到后渲染成「运行中」却没有对应 PTY。
+  // 启动期一次性把所有"看起来还活着但无对应 live PTY"的 aiSession 改成 'failed'。
+  // 必须在 recoverPendingTodosOnStartup 之后调用：成功 recover 的 session 此时已在
+  // nativeSessionMap 里，扫描会跳过它们；只有真正的孤儿会被改写。
+  function markOrphanedSessionsAsFailed() {
+    const ALIVE_LOOKING = new Set(['running', 'idle', 'pending_confirm'])
+    let swept = 0
+    try {
+      for (const todo of db.listTodos()) {
+        const aiSessions = Array.isArray(todo.aiSessions) ? todo.aiSessions : []
+        let changed = false
+        const nextSessions = aiSessions.map((s) => {
+          if (!s || !ALIVE_LOOKING.has(s.status)) return s
+          const key = s.tool && s.nativeSessionId ? `${s.tool}:${s.nativeSessionId}` : null
+          if (key && nativeSessionMap.has(key)) return s
+          changed = true
+          return { ...s, status: 'failed', completedAt: Date.now() }
+        })
+        if (!changed) continue
+        db.updateTodo(todo.id, { aiSessions: nextSessions })
+        swept += 1
+      }
+      if (swept > 0) {
+        console.log(`[ai-terminal] orphan sweep: marked ${swept} sessions as failed`)
+      }
+    } catch (e) {
+      console.warn('[ai-terminal] markOrphanedSessionsAsFailed failed:', e.message)
+    }
+  }
+
   sweepStuckPendingConfirm()
   recoverPendingTodosOnStartup()
+  markOrphanedSessionsAsFailed()
 
   return {
     router,

package/src/routes/telegram-sync.js

@@ -56,12 +56,14 @@ export function createTelegramSyncRouter({ db, aiTerminal, openclaw, wizard, get
       const sid = aiSess.sessionId
       if (!sid) continue
       const liveSess = aiTerminal.sessions.get(sid)
-      const bridgeRoute = openclaw.resolveRoute?.(sid) || null
+      // per-channel route lookup（dual-bound session 时避免用错渠道的路由）
+      const bridgeTgRoute = openclaw.resolveRoute?.(sid, 'telegram') || null
+      const bridgeLarkRoute = openclaw.resolveRoute?.(sid, 'lark') || null
 
       // ── Telegram 分支 ──
       if (telegramEnabled) {
         const dbHasTgRoute = !!aiSess.telegramRoute?.threadId
-        const bridgeHasTgRoute = bridgeIsTelegram(bridgeRoute)
+        const bridgeHasTgRoute = bridgeIsTelegram(bridgeTgRoute)
         if (isAlive(liveSess)) {
           if (!dbHasTgRoute && !bridgeHasTgRoute) {
             actions.push({
@@ -74,7 +76,7 @@ export function createTelegramSyncRouter({ db, aiTerminal, openclaw, wizard, get
             })
           }
         } else if ((dbHasTgRoute || bridgeHasTgRoute) && t.status !== 'done') {
-          const tgRoute = aiSess.telegramRoute || (bridgeHasTgRoute ? bridgeRoute : null)
+          const tgRoute = aiSess.telegramRoute || (bridgeHasTgRoute ? bridgeTgRoute : null)
           if (tgRoute) {
             actions.push({
               type: 'close_topic',
@@ -93,7 +95,7 @@ export function createTelegramSyncRouter({ db, aiTerminal, openclaw, wizard, get
       // ── Lark 分支 ──
       if (larkEnabled) {
         const dbHasLarkRoute = !!aiSess.larkRoute?.rootMessageId
-        const bridgeHasLarkRoute = bridgeIsLark(bridgeRoute)
+        const bridgeHasLarkRoute = bridgeIsLark(bridgeLarkRoute)
         if (isAlive(liveSess)) {
           if (!dbHasLarkRoute && !bridgeHasLarkRoute) {
             actions.push({
@@ -106,7 +108,7 @@ export function createTelegramSyncRouter({ db, aiTerminal, openclaw, wizard, get
             })
           }
         } else if ((dbHasLarkRoute || bridgeHasLarkRoute) && t.status !== 'done') {
-          const larkRoute = aiSess.larkRoute || (bridgeHasLarkRoute ? bridgeRoute : null)
+          const larkRoute = aiSess.larkRoute || (bridgeHasLarkRoute ? bridgeLarkRoute : null)
           if (larkRoute) {
             actions.push({
               type: 'close_thread',

package/src/server.js

@@ -13,6 +13,7 @@ import {
 	loadConfig,
 	resolveToolsConfig,
 	saveConfig,
+	withConfigLock,
 } from "./config.js";
 import { openDb } from "./db.js";
 import { PtyManager } from "./pty.js";
@@ -369,21 +370,21 @@ function buildNativeResumeCommand(tool, nativeSessionId, tools = {}) {
 }
 
 function mergeToolConfig(currentTool = {}, nextTool = {}) {
-	const merged = {
+	// 用户字段即真理：直接合并，不再因为 command 变了就悄悄清空 bin。
+	// PTY 启动时 bin 为空会 fallback 到 command 名走 PATH 解析。
+	return {
 		...currentTool,
 		...nextTool,
 	};
-	const commandChanged =
-		nextTool.command !== undefined &&
-		nextTool.command !== (currentTool.command || "");
-	const binUnchanged =
-		nextTool.bin !== undefined && nextTool.bin === (currentTool.bin || "");
-
-	if (commandChanged && binUnchanged) {
-		merged.bin = "";
-	}
+}
 
-	return merged;
+// "" => 视作「该字段未修改」，从 patch 里删掉。null => 显式清空，保留。
+// 仅扫一层（telegram / lark 的字段都在顶层，没有嵌套 string）。
+function stripEmptyStrings(patch) {
+	if (!patch || typeof patch !== "object") return;
+	for (const key of Object.keys(patch)) {
+		if (patch[key] === "") delete patch[key];
+	}
 }
 
 function splitEditorPath(rawPath = "") {
@@ -598,6 +599,34 @@ export function createServer(opts = {}) {
 		}
 	});
 
+	// Claude stdout 提示词检测器命中 → 兜底 Notification hook 不 fire 的场景
+	// （settings.json permissions.defaultMode='auto' 时 model classifier 触发的权限框
+	// 实测不走 Notification hook）。复用 handleClaude 的 Notification 分支：
+	// markPendingConfirm + IM 推送都靠现有逻辑跑；与真 Notification 之间用 cooldown 去重。
+	pty.on("claude-prompt", async (data) => {
+		const port = runtimeConfig?.port || 5677;
+		// 显式 info 日志：detector 失火 vs Notification hook 失火很难肉眼区分，留个面包屑
+		// 方便定位"宝子又说没生效"那类问题（grep server.log "claude-prompt"）。
+		console.log(`[claude-prompt] detector fired sid=${data.sessionId} opts=${(data.options || []).length} prompt=${(data.promptText || '').slice(0, 80).replace(/\n/g, ' ')}`);
+		try {
+			await fetch(`http://127.0.0.1:${port}/api/openclaw/hook`, {
+				method: "POST",
+				headers: { "content-type": "application/json" },
+				body: JSON.stringify({
+					source: "claude",
+					path: "detector",
+					event: "Notification",
+					sessionId: data.sessionId,
+					nativeId: data.nativeId,
+					promptText: data.promptText,
+					options: data.options,
+				}),
+			});
+		} catch (e) {
+			console.warn("[claude-prompt] post failed:", e.message);
+		}
+	});
+
 	// Telegram 自动 topic 钩子：ait 创建在前，wizard 创建在后；用 lazy ref 桥接
 	const aiSessionHooks = {
 		onSessionSpawned: () => null,
@@ -649,6 +678,7 @@ export function createServer(opts = {}) {
 
 	app.put("/api/config", async (req, res) => {
 		try {
+			const result = await withConfigLock(async () => {
 			const current = loadConfig({ rootDir: configRootDir });
 			const nextToolsPatch = req.body?.tools || {};
 			const pricingPatch = req.body?.pricing;
@@ -669,6 +699,12 @@ export function createServer(opts = {}) {
 			// botTokenMasked / botTokenSource 是 GET-only，PUT 收到的不能写回
 			delete telegramPatch.botTokenMasked;
 			delete telegramPatch.botTokenSource;
+			// 防御性 guard：任何 string 字段为 '' 都视为「保留磁盘原值」。
+			// Drawer 在 form 未就绪时会把整段 telegram/lark 都用 '' 兜底；
+			// 没有这层保护就会把磁盘上现存的 appId / supergroupId / chatId 等清空，
+			// 然后每次保存都延续空值，造成「偶尔丢、丢了之后回不来」。
+			// 显式清空请用 null。
+			stripEmptyStrings(telegramPatch);
 
 			// 合并 telegram / lark 段
 			const mergedTelegram = { ...current.telegram, ...telegramPatch };
@@ -681,6 +717,7 @@ export function createServer(opts = {}) {
 			}
 			delete larkPatch.appSecretMasked;
 			delete larkPatch.appSecretSource;
+			stripEmptyStrings(larkPatch);
 			const mergedLark = { ...current.lark, ...larkPatch };
 
 			// 检测 bot 段是否变化（用于触发热重启）
@@ -751,7 +788,7 @@ export function createServer(opts = {}) {
 			const { token, source } = readBotTokenWithSource(() => reloadedCfg);
 			const { botToken: _drop, ...telegramSafe } = reloadedCfg.telegram || {};
 
-			res.json({
+			return {
 				ok: true,
 				config: {
 					...reloadedCfg,
@@ -769,7 +806,9 @@ export function createServer(opts = {}) {
 					larkRestart,
 				},
 				telegramRestart,
+			};
 			});
+			res.json(result);
 		} catch (e) {
 			res.status(500).json({ ok: false, error: e.message });
 		}
@@ -1194,6 +1233,30 @@ export function createServer(opts = {}) {
 	// OpenClaw 双向桥接：bridge（出站）+ pending-question 协调器（双向阻塞）
 	const openclawBridge = createOpenClawBridge({
 		getConfig: () => loadConfig({ rootDir: configRootDir }),
+		getRoutesForSession: (sessionId) => {
+			if (!sessionId) return { telegram: null, lark: null }
+			// 优先用 in-memory session 拿 todoId（O(1)），失败再 fallback listTodos 全扫
+			let todoId = null
+			try {
+				const sess = ait?.sessions?.get?.(sessionId)
+				todoId = sess?.todoId || null
+			} catch { /* ignore */ }
+			if (todoId) {
+				try {
+					const todo = db.getTodo?.(todoId)
+					const ai = (todo?.aiSessions || []).find(s => s?.sessionId === sessionId)
+					if (ai) return { telegram: ai.telegramRoute || null, lark: ai.larkRoute || null }
+				} catch { /* fallthrough */ }
+			}
+			try {
+				const todos = db.listTodos?.({ status: 'all', archived: 'all' }) || []
+				for (const t of todos) {
+					const ai = (t.aiSessions || []).find(s => s?.sessionId === sessionId)
+					if (ai) return { telegram: ai.telegramRoute || null, lark: ai.larkRoute || null }
+				}
+			} catch { /* ignore */ }
+			return { telegram: null, lark: null }
+		},
 	});
 	const pendingCoord = createPendingQuestionCoordinator({ db });
 	pendingCoord.start();
@@ -1302,6 +1365,11 @@ export function createServer(opts = {}) {
 			getConfig: () => loadConfig({ rootDir: configRootDir }),
 			wizard: {
 				handleInbound: (...args) => openclawWizardLazyRef.handleInbound(...args),
+				// 历史 bug：早先这里只挂了 handleInbound，导致 lark-bot.handleCardAction
+				// 调 wizard.handleCallback 时 typeof !== 'function' → 所有飞书卡片按钮
+				// click 一律被 drop，Lark UI 弹「服务未就绪」。telegram 注入路径（上方
+				// createTelegramBot 那段）一直有这条，本次对齐补全。
+				handleCallback: (...args) => openclawWizardLazyRef.handleCallback(...args),
 			},
 			logger: { warn: (...a) => console.warn(...a), info: (...a) => console.log(...a) },
 		})
@@ -1348,8 +1416,8 @@ export function createServer(opts = {}) {
 			'回 esc / 退出菜单 → 我帮你按 Esc 退出 modal',
 			'回 中断 / ctrl+c → 我帮你打断当前任务',
 		].join('\n')
-		openclawBridge.postText({ sessionId, message })
-			.catch((e) => console.warn(`[tui-detected] postText failed: ${e.message}`))
+		openclawBridge.broadcastText({ sessionId, message })
+			.catch((e) => console.warn(`[tui-detected] broadcastText failed: ${e.message}`))
 	})
 
 	// holder Proxy: 让 hook / wizard 不用改源码，每次读属性都从 holder.current 拿最新实例
@@ -1410,9 +1478,9 @@ export function createServer(opts = {}) {
 			onStale: async ({ sessionId, queueSize }) => {
 				const text = `⚠️ session 有 ${queueSize} 条排队消息超过 5 分钟未投递，看起来卡住了。可发送 \`!!\` 中断后重新发送。`
 				try {
-					await openclawBridge?.postText?.({ sessionId, message: text })
+					await openclawBridge?.broadcastText?.({ sessionId, message: text })
 				} catch (e) {
-					console.warn(`[server] dispatcher.onStale postText failed: ${e.message}`)
+					console.warn(`[server] dispatcher.onStale broadcastText failed: ${e.message}`)
 				}
 			},
 			onSessionEnd: async ({ sessionId, undeliveredCount, undeliveredTexts }) => {
@@ -1421,9 +1489,9 @@ export function createServer(opts = {}) {
 				const more = undeliveredCount > 3 ? `\n（还有 ${undeliveredCount - 3} 条未列出）` : ''
 				const text = `⚠️ session 已结束，未投递 ${undeliveredCount} 条消息：\n${preview}${more}`
 				try {
-					await openclawBridge?.postText?.({ sessionId, message: text })
+					await openclawBridge?.broadcastText?.({ sessionId, message: text })
 				} catch (e) {
-					console.warn(`[server] dispatcher.onSessionEnd postText failed: ${e.message}`)
+					console.warn(`[server] dispatcher.onSessionEnd broadcastText failed: ${e.message}`)
 				}
 			},
 		},
@@ -1508,7 +1576,7 @@ export function createServer(opts = {}) {
 			console.log(`[server] skip auto-close: sid=${sessionId} exit=${exitCode} lifetime=${lifetimeMs}ms`)
 			return null
 		}
-		const route = openclawBridge.resolveRoute?.(sessionId)
+		const route = openclawBridge.resolveRoute?.(sessionId, 'telegram')
 		if (!route?.threadId) return null
 		return openclawWizard.handleTopicEvent({
 			type: 'closed',
@@ -1529,14 +1597,15 @@ export function createServer(opts = {}) {
 			let sweptLark = 0
 			for (const [sid, sess] of ait.sessions) {
 				if (sess.status !== 'running' && sess.status !== 'idle' && sess.status !== 'pending_confirm') continue
-				const r = openclawBridge.resolveRoute?.(sid)
-				if (tgSweep && !r?.threadId) {
+				const rTg = tgSweep ? openclawBridge.resolveRoute?.(sid, 'telegram') : null
+				if (tgSweep && !rTg?.threadId) {
 					openclawWizard.ensureTopicForSession({ sessionId: sid, todoId: sess.todoId })
 						.then((res) => res?.action === 'created' && console.log(`[server] sweep auto-bound ${sid} → telegram thread ${res.threadId}`))
 						.catch((e) => console.warn(`[server] sweep ensureTopic failed for ${sid}: ${e.message}`))
 					sweptTg++
 				}
-				if (larkSweep && !(r?.channel === 'lark' && r?.rootMessageId)) {
+				const rLark = larkSweep ? openclawBridge.resolveRoute?.(sid, 'lark') : null
+				if (larkSweep && !rLark?.rootMessageId) {
 					openclawWizard.ensureLarkThreadForSession({ sessionId: sid, todoId: sess.todoId })
 						.then((res) => res?.action === 'created' && console.log(`[server] sweep auto-bound ${sid} → lark root ${res.rootMessageId}`))
 						.catch((e) => console.warn(`[server] sweep ensureLarkThread failed for ${sid}: ${e.message}`))
@@ -1581,7 +1650,7 @@ export function createServer(opts = {}) {
 			let kicked = 0
 			for (const [sid, sess] of ait.sessions) {
 				if (sess.status !== 'running' && sess.status !== 'idle' && sess.status !== 'pending_confirm') continue
-				const r = openclawBridge.resolveRoute?.(sid)
+				const r = openclawBridge.resolveRoute?.(sid, 'telegram')
 				if (!r?.threadId) continue
 				if (tracker.has(sid)) continue
 				tracker.start({ sessionId: sid, skipTitleRename: true })