clawdentity 0.0.3 → 0.0.4

package/dist/bin.js

@@ -18495,9 +18495,9 @@ var createConfigCommand = () => {
 
 // src/commands/connector.ts
 import { execFile as execFileCallback } from "child_process";
-import { mkdir as mkdir4, readFile as readFile3, rm, writeFile as writeFile4 } from "fs/promises";
+import { mkdir as mkdir4, readFile as readFile4, rm, writeFile as writeFile4 } from "fs/promises";
 import { homedir as homedir2 } from "os";
-import { dirname as dirname3, join as join5 } from "path";
+import { dirname as dirname3, join as join6 } from "path";
 import { fileURLToPath } from "url";
 import { promisify } from "util";
 
@@ -19151,15 +19151,271 @@ import { mkdir as mkdir3, rename as rename2, writeFile as writeFile3 } from "fs/
 import {
   createServer
 } from "http";
-import { dirname as dirname2, join as join4 } from "path";
+import { dirname as dirname2, join as join5 } from "path";
 import { WebSocket as NodeWebSocket } from "ws";
+
+// ../../packages/connector/src/relay-echo.ts
+import { readFile as readFile3 } from "fs/promises";
+import { join as join4 } from "path";
+var OPENCLAW_RELAY_RUNTIME_CONFIG_FILENAME = "openclaw-relay.json";
+var PEERS_CONFIG_FILENAME = "peers.json";
+var ECHO_EMPTY_MESSAGE_FALLBACK = "(no message content)";
+var MIN_ECHO_MAX_LENGTH = 50;
+var MAX_ECHO_MAX_LENGTH = 2e3;
+var DEFAULT_RELAY_ECHO_ENABLED = true;
+var DEFAULT_RELAY_ECHO_CHANNEL = "last";
+var DEFAULT_RELAY_ECHO_MAX_LENGTH = 500;
+function isRecord4(value) {
+  return typeof value === "object" && value !== null;
+}
+function parseAbsoluteHttpUrl(value, field) {
+  if (typeof value !== "string" || value.trim().length === 0) {
+    throw new Error(`${field} must be a non-empty string`);
+  }
+  let parsed;
+  try {
+    parsed = new URL(value.trim());
+  } catch {
+    throw new Error(`${field} must be a valid absolute URL`);
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error(`${field} must use http or https`);
+  }
+  if (parsed.pathname === "/" && parsed.search.length === 0 && parsed.hash.length === 0) {
+    return parsed.origin;
+  }
+  return parsed.toString();
+}
+function parseBoolean(value, field) {
+  if (typeof value !== "boolean") {
+    throw new Error(`${field} must be a boolean`);
+  }
+  return value;
+}
+function parsePositiveInt(value, field, min, max) {
+  const parsed = typeof value === "number" ? value : typeof value === "string" ? Number(value) : Number.NaN;
+  if (!Number.isInteger(parsed) || parsed < min || parsed > max) {
+    throw new Error(`${field} must be an integer between ${min} and ${max}`);
+  }
+  return parsed;
+}
+function parseOptionalString(value, field) {
+  if (value === void 0) {
+    return void 0;
+  }
+  if (typeof value !== "string") {
+    throw new Error(`${field} must be a string`);
+  }
+  const trimmed = value.trim();
+  if (trimmed.length === 0) {
+    return void 0;
+  }
+  return trimmed;
+}
+function parseEchoConfig(value) {
+  if (value === void 0) {
+    return {
+      enabled: DEFAULT_RELAY_ECHO_ENABLED,
+      channel: DEFAULT_RELAY_ECHO_CHANNEL,
+      maxLength: DEFAULT_RELAY_ECHO_MAX_LENGTH
+    };
+  }
+  if (!isRecord4(value)) {
+    throw new Error("echo config must be an object");
+  }
+  return {
+    enabled: value.enabled === void 0 ? DEFAULT_RELAY_ECHO_ENABLED : parseBoolean(value.enabled, "echo.enabled"),
+    channel: parseOptionalString(value.channel, "echo.channel") ?? DEFAULT_RELAY_ECHO_CHANNEL,
+    to: parseOptionalString(value.to, "echo.to"),
+    maxLength: value.maxLength === void 0 ? DEFAULT_RELAY_ECHO_MAX_LENGTH : parsePositiveInt(
+      value.maxLength,
+      "echo.maxLength",
+      MIN_ECHO_MAX_LENGTH,
+      MAX_ECHO_MAX_LENGTH
+    )
+  };
+}
+async function loadRelayRuntimeConfigFile(input) {
+  const relayRuntimeConfigPath = join4(
+    input.configDir,
+    OPENCLAW_RELAY_RUNTIME_CONFIG_FILENAME
+  );
+  let raw;
+  try {
+    raw = await readFile3(relayRuntimeConfigPath, "utf8");
+  } catch (error48) {
+    if (typeof error48 === "object" && error48 !== null && "code" in error48 && error48.code === "ENOENT") {
+      return void 0;
+    }
+    throw new Error(
+      `Unable to read relay runtime config at ${relayRuntimeConfigPath}`
+    );
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    throw new Error(
+      `Unable to parse relay runtime config at ${relayRuntimeConfigPath}`
+    );
+  }
+  if (!isRecord4(parsed)) {
+    throw new Error("Relay runtime config root must be a JSON object");
+  }
+  const config2 = parsed;
+  const openclawBaseUrl = config2.openclawBaseUrl === void 0 ? void 0 : parseAbsoluteHttpUrl(config2.openclawBaseUrl, "openclawBaseUrl");
+  return {
+    openclawBaseUrl,
+    echo: parseEchoConfig(config2.echo)
+  };
+}
+function compactString(value) {
+  return value.replaceAll(/\s+/g, " ").trim();
+}
+function toCompactJson(value) {
+  try {
+    const raw = JSON.stringify(value);
+    if (typeof raw !== "string" || raw.length === 0) {
+      return ECHO_EMPTY_MESSAGE_FALLBACK;
+    }
+    return raw;
+  } catch {
+    return ECHO_EMPTY_MESSAGE_FALLBACK;
+  }
+}
+function truncateMessage(value, maxLength) {
+  if (value.length <= maxLength) {
+    return value;
+  }
+  return `${value.slice(0, maxLength)}...`;
+}
+function extractRelayMessageContent(payload) {
+  if (typeof payload === "string") {
+    const compact = compactString(payload);
+    return compact.length > 0 ? compact : ECHO_EMPTY_MESSAGE_FALLBACK;
+  }
+  if (isRecord4(payload)) {
+    for (const candidateKey of ["message", "text", "content"]) {
+      const candidateValue = payload[candidateKey];
+      if (typeof candidateValue === "string") {
+        const compact = compactString(candidateValue);
+        if (compact.length > 0) {
+          return compact;
+        }
+      }
+    }
+  }
+  return toCompactJson(payload);
+}
+function formatInboundRelayEcho(input) {
+  const content = truncateMessage(
+    extractRelayMessageContent(input.payload),
+    input.maxLength
+  );
+  return `\u{1F517} [${input.fromLabel}]: ${content}`;
+}
+function formatOutboundRelayEcho(input) {
+  const content = truncateMessage(
+    extractRelayMessageContent(input.payload),
+    input.maxLength
+  );
+  return `\u21A9\uFE0F Reply to [${input.toLabel}]: ${content}`;
+}
+async function loadPeerLabelsByDid(input) {
+  const peersPath = join4(input.configDir, PEERS_CONFIG_FILENAME);
+  let raw;
+  try {
+    raw = await readFile3(peersPath, "utf8");
+  } catch (error48) {
+    if (typeof error48 === "object" && error48 !== null && "code" in error48 && error48.code === "ENOENT") {
+      return /* @__PURE__ */ new Map();
+    }
+    throw new Error(`Unable to read peers config at ${peersPath}`);
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    throw new Error(`Unable to parse peers config at ${peersPath}`);
+  }
+  if (!isRecord4(parsed) || !isRecord4(parsed.peers)) {
+    return /* @__PURE__ */ new Map();
+  }
+  const labels = /* @__PURE__ */ new Map();
+  for (const [alias, entry] of Object.entries(parsed.peers)) {
+    if (!isRecord4(entry) || typeof entry.did !== "string") {
+      continue;
+    }
+    const did = entry.did.trim();
+    if (did.length === 0) {
+      continue;
+    }
+    const name = typeof entry.name === "string" && entry.name.trim().length > 0 ? entry.name.trim() : alias.trim();
+    if (name.length === 0) {
+      continue;
+    }
+    labels.set(did, name);
+  }
+  return labels;
+}
+function resolvePeerLabel(input) {
+  if (input.peerDid !== void 0) {
+    const byDid = input.peerLabelsByDid.get(input.peerDid);
+    if (typeof byDid === "string" && byDid.length > 0) {
+      return byDid;
+    }
+  }
+  const fallback = input.fallbackLabel.trim();
+  if (fallback.length > 0) {
+    return fallback;
+  }
+  return input.peerDid?.trim() || "Unknown peer";
+}
+async function sendRelayEchoToOpenclaw(input) {
+  if (!input.echoConfig.enabled) {
+    return;
+  }
+  const payload = {
+    message: input.message,
+    name: "Clawdentity Relay",
+    wakeMode: "now",
+    deliver: true,
+    channel: input.echoConfig.channel
+  };
+  if (input.echoConfig.to !== void 0) {
+    payload.to = input.echoConfig.to;
+  }
+  const headers = {
+    "content-type": "application/json"
+  };
+  if (input.requestId !== void 0 && input.requestId.trim().length > 0) {
+    headers["x-request-id"] = input.requestId.trim();
+  }
+  if (input.hookToken !== void 0 && input.hookToken.trim().length > 0) {
+    headers["x-openclaw-token"] = input.hookToken.trim();
+  }
+  const response = await input.fetchImpl(input.endpoint, {
+    method: "POST",
+    headers,
+    body: JSON.stringify(payload)
+  });
+  if (!response.ok) {
+    input.logger.warn("connector.relay_echo.rejected", {
+      status: response.status,
+      requestId: input.requestId
+    });
+    throw new Error(`Relay echo rejected with status ${response.status}`);
+  }
+}
+
+// ../../packages/connector/src/runtime.ts
 var REGISTRY_AUTH_FILENAME = "registry-auth.json";
 var AGENTS_DIR_NAME2 = "agents";
 var REFRESH_SINGLE_FLIGHT_PREFIX = "connector-runtime";
 var NONCE_SIZE = 16;
 var MAX_OUTBOUND_BODY_BYTES = 1024 * 1024;
 var ACCESS_TOKEN_REFRESH_SKEW_MS = 3e4;
-function isRecord4(value) {
+function isRecord5(value) {
   return typeof value === "object" && value !== null;
 }
 function toPathWithQuery2(url2) {
@@ -19209,9 +19465,38 @@ function normalizeWebSocketUrl(urlInput) {
   }
   return parsed.toString();
 }
-function resolveOpenclawBaseUrl(input) {
-  const value = input?.trim() || process.env.OPENCLAW_BASE_URL?.trim() || DEFAULT_OPENCLAW_BASE_URL;
-  return value;
+function parseOpenclawBaseUrl(value) {
+  let parsed;
+  try {
+    parsed = new URL(value);
+  } catch {
+    throw new Error("OpenClaw base URL is invalid");
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error("OpenClaw base URL is invalid");
+  }
+  if (parsed.pathname === "/" && parsed.search.length === 0 && parsed.hash.length === 0) {
+    return parsed.origin;
+  }
+  return parsed.toString();
+}
+async function resolveOpenclawRuntimeSettings(input) {
+  const fileConfig = await loadRelayRuntimeConfigFile({
+    configDir: input.configDir
+  });
+  const baseUrlFromOption = input.openclawBaseUrlOption?.trim();
+  const baseUrlFromEnv = process.env.OPENCLAW_BASE_URL?.trim();
+  const openclawBaseUrl = parseOpenclawBaseUrl(
+    baseUrlFromOption || baseUrlFromEnv || fileConfig?.openclawBaseUrl || DEFAULT_OPENCLAW_BASE_URL
+  );
+  return {
+    openclawBaseUrl,
+    echoConfig: fileConfig?.echo ?? {
+      enabled: DEFAULT_RELAY_ECHO_ENABLED,
+      channel: DEFAULT_RELAY_ECHO_CHANNEL,
+      maxLength: DEFAULT_RELAY_ECHO_MAX_LENGTH
+    }
+  };
 }
 function resolveOpenclawHookPath(input) {
   const value = input?.trim() || process.env.OPENCLAW_HOOK_PATH?.trim() || DEFAULT_OPENCLAW_HOOK_PATH;
@@ -19251,7 +19536,7 @@ function shouldRefreshAccessToken(auth, nowMs) {
   return expiresAtMs <= nowMs + ACCESS_TOKEN_REFRESH_SKEW_MS;
 }
 function parseOutboundRelayRequest(payload) {
-  if (!isRecord4(payload)) {
+  if (!isRecord5(payload)) {
     throw new AppError({
       code: "CONNECTOR_OUTBOUND_INVALID_REQUEST",
       message: "Outbound relay request must be an object",
@@ -19309,7 +19594,7 @@ function createWebSocketFactory() {
   };
 }
 async function writeRegistryAuthAtomic(input) {
-  const targetPath = join4(
+  const targetPath = join5(
     input.configDir,
     AGENTS_DIR_NAME2,
     input.agentName,
@@ -19406,14 +19691,63 @@ async function startConnectorRuntime(input) {
     accessToken: currentAuth.accessToken,
     secretKey
   });
+  const openclawRuntimeSettings = await resolveOpenclawRuntimeSettings({
+    configDir: input.configDir,
+    openclawBaseUrlOption: input.openclawBaseUrl
+  });
+  const peerLabelsByDid = await loadPeerLabelsByDid({
+    configDir: input.configDir
+  });
+  const openclawHookPath = resolveOpenclawHookPath(input.openclawHookPath);
+  const openclawHookToken = resolveOpenclawHookToken(input.openclawHookToken);
+  const openclawHookUrl = new URL(
+    openclawHookPath,
+    openclawRuntimeSettings.openclawBaseUrl
+  ).toString();
+  const queueRelayEcho = (echoInput) => {
+    void sendRelayEchoToOpenclaw({
+      endpoint: openclawHookUrl,
+      echoConfig: openclawRuntimeSettings.echoConfig,
+      fetchImpl,
+      hookToken: openclawHookToken,
+      logger: logger12,
+      message: echoInput.message,
+      requestId: echoInput.requestId
+    }).catch((error48) => {
+      logger12.warn("connector.relay_echo.failed", {
+        direction: echoInput.direction,
+        errorName: error48 instanceof Error ? error48.name : "unknown",
+        requestId: echoInput.requestId
+      });
+    });
+  };
   const connectorClient = new ConnectorClient({
     connectorUrl: wsParsed.toString(),
     connectionHeaders: upgradeHeaders,
-    openclawBaseUrl: resolveOpenclawBaseUrl(input.openclawBaseUrl),
-    openclawHookPath: resolveOpenclawHookPath(input.openclawHookPath),
-    openclawHookToken: resolveOpenclawHookToken(input.openclawHookToken),
+    openclawBaseUrl: openclawRuntimeSettings.openclawBaseUrl,
+    openclawHookPath,
+    openclawHookToken,
     fetchImpl,
     logger: logger12,
+    hooks: {
+      onDeliverSucceeded: (frame) => {
+        const fromLabel = resolvePeerLabel({
+          peerLabelsByDid,
+          peerDid: frame.fromAgentDid,
+          fallbackLabel: frame.fromAgentDid
+        });
+        const echoMessage = formatInboundRelayEcho({
+          fromLabel,
+          payload: frame.payload,
+          maxLength: openclawRuntimeSettings.echoConfig.maxLength
+        });
+        queueRelayEcho({
+          direction: "inbound",
+          message: echoMessage,
+          requestId: frame.id
+        });
+      }
+    },
     webSocketFactory: createWebSocketFactory()
   });
   const outboundBaseUrl = normalizeOutboundBaseUrl(input.outboundBaseUrl);
@@ -19499,6 +19833,22 @@ async function startConnectorRuntime(input) {
       const requestBody = await readRequestJson(req);
       const relayRequest = parseOutboundRelayRequest(requestBody);
       await relayToPeer(relayRequest);
+      const toLabel = resolvePeerLabel({
+        peerLabelsByDid,
+        peerDid: relayRequest.peerDid,
+        fallbackLabel: relayRequest.peer
+      });
+      const requestId = typeof req.headers["x-request-id"] === "string" ? req.headers["x-request-id"] : void 0;
+      const echoMessage = formatOutboundRelayEcho({
+        toLabel,
+        payload: relayRequest.payload,
+        maxLength: openclawRuntimeSettings.echoConfig.maxLength
+      });
+      queueRelayEcho({
+        direction: "outbound",
+        message: echoMessage,
+        requestId
+      });
       writeJson(res, 202, { accepted: true, peer: relayRequest.peer });
     } catch (error48) {
       if (error48 instanceof AppError) {
@@ -19580,11 +19930,11 @@ var REGISTRY_AUTH_FILE_NAME2 = "registry-auth.json";
 var SERVICE_LOG_DIR_NAME = "logs";
 var DEFAULT_CONNECTOR_BASE_URL2 = "http://127.0.0.1:19400";
 var DEFAULT_CONNECTOR_OUTBOUND_PATH2 = "/v1/outbound";
-function isRecord5(value) {
+function isRecord6(value) {
   return typeof value === "object" && value !== null;
 }
 function getErrorCode(error48) {
-  if (!isRecord5(error48)) {
+  if (!isRecord6(error48)) {
     return void 0;
   }
   return typeof error48.code === "string" ? error48.code : void 0;
@@ -19708,7 +20058,7 @@ function parseJsonRecord(value, code, message2) {
   } catch {
     throw createCliError3(code, message2);
   }
-  if (!isRecord5(parsed)) {
+  if (!isRecord6(parsed)) {
     throw createCliError3(code, message2);
   }
   return parsed;
@@ -19748,7 +20098,7 @@ async function loadDefaultConnectorModule() {
   };
 }
 function resolveWaitPromise(runtime) {
-  if (!runtime || !isRecord5(runtime)) {
+  if (!runtime || !isRecord6(runtime)) {
     return void 0;
   }
   if (typeof runtime.waitUntilStopped === "function") {
@@ -19813,7 +20163,7 @@ function buildConnectorStartArgs(agentName, commandOptions) {
 }
 function resolveCliEntryPath(resolveCurrentModulePathImpl) {
   const modulePath = resolveCurrentModulePathImpl?.() ?? fileURLToPath(import.meta.url);
-  return join5(dirname3(modulePath), "..", "bin.js");
+  return join6(dirname3(modulePath), "..", "bin.js");
 }
 function escapeXml(value) {
   return value.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll('"', "&quot;").replaceAll("'", "&apos;");
@@ -19911,7 +20261,7 @@ async function installConnectorServiceForAgent(agentName, commandOptions = {}, d
   );
   const configDir = serviceDependencies.getConfigDirImpl();
   const homeDir = serviceDependencies.getHomeDirImpl();
-  const logsDir = join5(configDir, SERVICE_LOG_DIR_NAME);
+  const logsDir = join6(configDir, SERVICE_LOG_DIR_NAME);
   const serviceName = sanitizeServiceSegment(
     `clawdentity-connector-${agentName}`
   );
@@ -19921,12 +20271,12 @@ async function installConnectorServiceForAgent(agentName, commandOptions = {}, d
     resolveCliEntryPath(serviceDependencies.resolveCurrentModulePathImpl),
     ...startArgs
   ];
-  const outputLogPath = join5(logsDir, `${serviceName}.out.log`);
-  const errorLogPath = join5(logsDir, `${serviceName}.err.log`);
+  const outputLogPath = join6(logsDir, `${serviceName}.out.log`);
+  const errorLogPath = join6(logsDir, `${serviceName}.err.log`);
   await serviceDependencies.mkdirImpl(logsDir, { recursive: true });
   if (platform === "systemd") {
-    const serviceDir = join5(homeDir, ".config", "systemd", "user");
-    const serviceFilePath2 = join5(serviceDir, `${serviceName}.service`);
+    const serviceDir = join6(homeDir, ".config", "systemd", "user");
+    const serviceFilePath2 = join6(serviceDir, `${serviceName}.service`);
     await serviceDependencies.mkdirImpl(serviceDir, { recursive: true });
     await serviceDependencies.writeFileImpl(
       serviceFilePath2,
@@ -19965,9 +20315,9 @@ async function installConnectorServiceForAgent(agentName, commandOptions = {}, d
       serviceFilePath: serviceFilePath2
     };
   }
-  const launchAgentsDir = join5(homeDir, "Library", "LaunchAgents");
+  const launchAgentsDir = join6(homeDir, "Library", "LaunchAgents");
   const serviceNameWithDomain = `com.clawdentity.${serviceName}`;
-  const serviceFilePath = join5(
+  const serviceFilePath = join6(
     launchAgentsDir,
     `${serviceNameWithDomain}.plist`
   );
@@ -20026,7 +20376,7 @@ async function uninstallConnectorServiceForAgent(agentName, commandOptions = {},
     `clawdentity-connector-${agentName}`
   );
   if (platform === "systemd") {
-    const serviceFilePath2 = join5(
+    const serviceFilePath2 = join6(
       homeDir,
       ".config",
       "systemd",
@@ -20057,7 +20407,7 @@ async function uninstallConnectorServiceForAgent(agentName, commandOptions = {},
     };
   }
   const serviceNameWithDomain = `com.clawdentity.${serviceName}`;
-  const serviceFilePath = join5(
+  const serviceFilePath = join6(
     homeDir,
     "Library",
     "LaunchAgents",
@@ -20081,10 +20431,10 @@ async function uninstallConnectorServiceForAgent(agentName, commandOptions = {},
 async function startConnectorForAgent(agentName, commandOptions = {}, dependencies = {}) {
   const resolveConfigImpl = dependencies.resolveConfigImpl ?? resolveConfig;
   const getConfigDirImpl = dependencies.getConfigDirImpl ?? getConfigDir;
-  const readFileImpl = dependencies.readFileImpl ?? ((path, encoding) => readFile3(path, encoding));
+  const readFileImpl = dependencies.readFileImpl ?? ((path, encoding) => readFile4(path, encoding));
   const loadConnectorModule = dependencies.loadConnectorModule ?? loadDefaultConnectorModule;
   const configDir = getConfigDirImpl();
-  const agentDirectory = join5(configDir, AGENTS_DIR_NAME3, agentName);
+  const agentDirectory = join6(configDir, AGENTS_DIR_NAME3, agentName);
   const [
     rawAit,
     rawSecretKey,
@@ -20094,22 +20444,22 @@ async function startConnectorForAgent(agentName, commandOptions = {}, dependenci
     connectorModule
   ] = await Promise.all([
     readRequiredTrimmedFile(
-      join5(agentDirectory, AIT_FILE_NAME2),
+      join6(agentDirectory, AIT_FILE_NAME2),
       AIT_FILE_NAME2,
       readFileImpl
     ),
     readRequiredTrimmedFile(
-      join5(agentDirectory, SECRET_KEY_FILE_NAME),
+      join6(agentDirectory, SECRET_KEY_FILE_NAME),
       SECRET_KEY_FILE_NAME,
       readFileImpl
     ),
     readRequiredTrimmedFile(
-      join5(agentDirectory, IDENTITY_FILE_NAME2),
+      join6(agentDirectory, IDENTITY_FILE_NAME2),
       IDENTITY_FILE_NAME2,
       readFileImpl
     ),
     readRequiredTrimmedFile(
-      join5(agentDirectory, REGISTRY_AUTH_FILE_NAME2),
+      join6(agentDirectory, REGISTRY_AUTH_FILE_NAME2),
       REGISTRY_AUTH_FILE_NAME2,
       readFileImpl
     ),
@@ -20147,8 +20497,8 @@ async function startConnectorForAgent(agentName, commandOptions = {}, dependenci
       tokenType: registryAuth.tokenType
     }
   });
-  const outboundUrl = runtime && isRecord5(runtime) && typeof runtime.outboundUrl === "string" ? runtime.outboundUrl : resolveOutboundUrl(outboundBaseUrl, outboundPath);
-  const proxyWebsocketUrl = runtime && isRecord5(runtime) ? typeof runtime.websocketUrl === "string" ? runtime.websocketUrl : typeof runtime.proxyWebsocketUrl === "string" ? runtime.proxyWebsocketUrl : void 0 : void 0;
+  const outboundUrl = runtime && isRecord6(runtime) && typeof runtime.outboundUrl === "string" ? runtime.outboundUrl : resolveOutboundUrl(outboundBaseUrl, outboundPath);
+  const proxyWebsocketUrl = runtime && isRecord6(runtime) ? typeof runtime.websocketUrl === "string" ? runtime.websocketUrl : typeof runtime.proxyWebsocketUrl === "string" ? runtime.proxyWebsocketUrl : void 0 : void 0;
   return {
     outboundUrl,
     proxyWebsocketUrl,
@@ -20279,7 +20629,7 @@ function createConnectorCommand(dependencies = {}) {
 // src/commands/invite.ts
 import { Command as Command6 } from "commander";
 var logger7 = createLogger({ service: "cli", module: "invite" });
-var isRecord6 = (value) => {
+var isRecord7 = (value) => {
   return typeof value === "object" && value !== null;
 };
 function parseNonEmptyString6(value) {
@@ -20320,7 +20670,7 @@ function toRegistryRequestUrl(registryUrl, path) {
   return new URL(path.slice(1), normalizedBaseUrl).toString();
 }
 function extractRegistryErrorCode(payload) {
-  if (!isRecord6(payload)) {
+  if (!isRecord7(payload)) {
     return void 0;
   }
   const envelope = payload;
@@ -20331,7 +20681,7 @@ function extractRegistryErrorCode(payload) {
   return trimmed.length > 0 ? trimmed : void 0;
 }
 function extractRegistryErrorMessage3(payload) {
-  if (!isRecord6(payload)) {
+  if (!isRecord7(payload)) {
     return void 0;
   }
   const envelope = payload;
@@ -20405,13 +20755,13 @@ function mapRedeemInviteError(status, payload) {
   return `Invite redeem failed (${status})`;
 }
 function parseInviteRecord(payload) {
-  if (!isRecord6(payload)) {
+  if (!isRecord7(payload)) {
     throw createCliError4(
       "CLI_INVITE_CREATE_INVALID_RESPONSE",
       "Invite response is invalid"
     );
   }
-  const source = isRecord6(payload.invite) ? payload.invite : payload;
+  const source = isRecord7(payload.invite) ? payload.invite : payload;
   const code = parseNonEmptyString6(source.code);
   if (code.length === 0) {
     throw createCliError4(
@@ -20436,15 +20786,15 @@ function parseInviteRecord(payload) {
   return invite;
 }
 function parseInviteRedeemResponse(payload) {
-  if (!isRecord6(payload)) {
+  if (!isRecord7(payload)) {
     throw createCliError4(
       "CLI_INVITE_REDEEM_INVALID_RESPONSE",
       "Invite redeem response is invalid"
     );
   }
-  const apiKeySource = isRecord6(payload.apiKey) ? payload.apiKey : payload;
+  const apiKeySource = isRecord7(payload.apiKey) ? payload.apiKey : payload;
   const apiKeyToken = parseNonEmptyString6(
-    isRecord6(payload.apiKey) ? payload.apiKey.token : payload.token
+    isRecord7(payload.apiKey) ? payload.apiKey.token : payload.token
   );
   if (apiKeyToken.length === 0) {
     throw createCliError4(
@@ -20602,9 +20952,9 @@ var createInviteCommand = (dependencies = {}) => {
 };
 
 // src/commands/openclaw.ts
-import { chmod as chmod3, copyFile, mkdir as mkdir5, readFile as readFile4, writeFile as writeFile5 } from "fs/promises";
+import { chmod as chmod3, copyFile, mkdir as mkdir5, readFile as readFile5, writeFile as writeFile5 } from "fs/promises";
 import { homedir as homedir3 } from "os";
-import { dirname as dirname4, join as join6 } from "path";
+import { dirname as dirname4, join as join7 } from "path";
 import { Command as Command7 } from "commander";
 var logger8 = createLogger({ service: "cli", module: "openclaw" });
 var CLAWDENTITY_DIR_NAME = ".clawdentity";
@@ -20622,12 +20972,17 @@ var HOOK_MAPPING_ID = "clawdentity-send-to-peer";
 var HOOK_PATH_SEND_TO_PEER = "send-to-peer";
 var OPENCLAW_SEND_TO_PEER_HOOK_PATH = "hooks/send-to-peer";
 var DEFAULT_OPENCLAW_BASE_URL2 = "http://127.0.0.1:18789";
+var DEFAULT_RELAY_ECHO_ENABLED2 = true;
+var DEFAULT_RELAY_ECHO_CHANNEL2 = "last";
+var DEFAULT_RELAY_ECHO_MAX_LENGTH2 = 500;
+var MIN_RELAY_ECHO_MAX_LENGTH = 50;
+var MAX_RELAY_ECHO_MAX_LENGTH = 2e3;
 var INVITE_CODE_PREFIX = "clawd1_";
 var PEER_ALIAS_PATTERN = /^[a-zA-Z0-9._-]+$/;
 var FILE_MODE3 = 384;
 var textEncoder2 = new TextEncoder();
 var textDecoder = new TextDecoder();
-function isRecord7(value) {
+function isRecord8(value) {
   return typeof value === "object" && value !== null;
 }
 function createCliError5(code, message2, details) {
@@ -20639,7 +20994,7 @@ function createCliError5(code, message2, details) {
   });
 }
 function getErrorCode2(error48) {
-  if (!isRecord7(error48)) {
+  if (!isRecord8(error48)) {
     return void 0;
   }
   return typeof error48.code === "string" ? error48.code : void 0;
@@ -20709,13 +21064,82 @@ function parseHttpUrl(value, input) {
   }
   return parsedUrl.toString();
 }
-function parseOpenclawBaseUrl(value) {
+function parseOpenclawBaseUrl2(value) {
   return parseHttpUrl(value, {
     label: "OpenClaw base URL",
     code: "CLI_OPENCLAW_INVALID_OPENCLAW_BASE_URL",
     message: "OpenClaw base URL must be a valid URL"
   });
 }
+function parseBooleanValue(value, label) {
+  if (typeof value === "boolean") {
+    return value;
+  }
+  if (typeof value === "string") {
+    const normalized = value.trim().toLowerCase();
+    if (normalized === "true" || normalized === "1" || normalized === "yes" || normalized === "on") {
+      return true;
+    }
+    if (normalized === "false" || normalized === "0" || normalized === "no" || normalized === "off") {
+      return false;
+    }
+  }
+  throw createCliError5(
+    "CLI_OPENCLAW_INVALID_INPUT",
+    `${label} must be true or false`,
+    { label }
+  );
+}
+function parseRelayEchoChannel(value) {
+  return parseNonEmptyString7(value, "relay echo channel");
+}
+function parseRelayEchoMaxLength(value) {
+  const parsed = typeof value === "number" ? value : typeof value === "string" ? Number(value) : Number.NaN;
+  if (!Number.isInteger(parsed) || parsed < MIN_RELAY_ECHO_MAX_LENGTH || parsed > MAX_RELAY_ECHO_MAX_LENGTH) {
+    throw createCliError5(
+      "CLI_OPENCLAW_INVALID_ECHO_MAX_LENGTH",
+      `echo max length must be an integer between ${MIN_RELAY_ECHO_MAX_LENGTH} and ${MAX_RELAY_ECHO_MAX_LENGTH}`
+    );
+  }
+  return parsed;
+}
+function parseRelayEchoEnabled(value) {
+  return parseBooleanValue(value, "relay echo enabled");
+}
+function parseRelayEchoTo(value) {
+  if (value === void 0) {
+    return void 0;
+  }
+  if (typeof value !== "string") {
+    throw createCliError5(
+      "CLI_OPENCLAW_INVALID_INPUT",
+      "relay echo target must be a string",
+      { label: "relay echo target" }
+    );
+  }
+  const trimmed = value.trim();
+  if (trimmed.length === 0) {
+    return void 0;
+  }
+  return trimmed;
+}
+function defaultRelayEchoConfig() {
+  return {
+    enabled: DEFAULT_RELAY_ECHO_ENABLED2,
+    channel: DEFAULT_RELAY_ECHO_CHANNEL2,
+    maxLength: DEFAULT_RELAY_ECHO_MAX_LENGTH2
+  };
+}
+function resolveSetupRelayEchoConfig(input) {
+  const current = input.existingConfig?.echo ?? defaultRelayEchoConfig();
+  const options = input.options;
+  return {
+    enabled: options.echoEnabled === void 0 ? current.enabled : parseRelayEchoEnabled(options.echoEnabled),
+    channel: options.echoChannel === void 0 ? current.channel : parseRelayEchoChannel(options.echoChannel),
+    to: options.echoTo === void 0 ? current.to : parseRelayEchoTo(options.echoTo),
+    maxLength: options.echoMaxLength === void 0 ? current.maxLength : parseRelayEchoMaxLength(options.echoMaxLength)
+  };
+}
 function parseAgentDid2(value, label) {
   const did = parseNonEmptyString7(value, label);
   try {
@@ -20734,7 +21158,7 @@ function parseAgentDid2(value, label) {
   return did;
 }
 function parseInvitePayload(value) {
-  if (!isRecord7(value)) {
+  if (!isRecord8(value)) {
     throw createCliError5(
       "CLI_OPENCLAW_INVALID_INVITE",
       "invite payload must be an object"
@@ -20787,19 +21211,19 @@ function resolveOpenclawDir(openclawDir, homeDir) {
   if (typeof openclawDir === "string" && openclawDir.trim().length > 0) {
     return openclawDir.trim();
   }
-  return join6(homeDir, OPENCLAW_DIR_NAME);
+  return join7(homeDir, OPENCLAW_DIR_NAME);
 }
 function resolveAgentDirectory(homeDir, agentName) {
-  return join6(homeDir, CLAWDENTITY_DIR_NAME, AGENTS_DIR_NAME4, agentName);
+  return join7(homeDir, CLAWDENTITY_DIR_NAME, AGENTS_DIR_NAME4, agentName);
 }
 function resolvePeersPath(homeDir) {
-  return join6(homeDir, CLAWDENTITY_DIR_NAME, PEERS_FILE_NAME);
+  return join7(homeDir, CLAWDENTITY_DIR_NAME, PEERS_FILE_NAME);
 }
 function resolveOpenclawConfigPath(openclawDir) {
-  return join6(openclawDir, OPENCLAW_CONFIG_FILE_NAME);
+  return join7(openclawDir, OPENCLAW_CONFIG_FILE_NAME);
 }
 function resolveDefaultTransformSource(openclawDir) {
-  return join6(
+  return join7(
     openclawDir,
     "workspace",
     "skills",
@@ -20808,16 +21232,16 @@ function resolveDefaultTransformSource(openclawDir) {
   );
 }
 function resolveTransformTargetPath(openclawDir) {
-  return join6(openclawDir, "hooks", "transforms", RELAY_MODULE_FILE_NAME);
+  return join7(openclawDir, "hooks", "transforms", RELAY_MODULE_FILE_NAME);
 }
 function resolveOpenclawAgentNamePath(homeDir) {
-  return join6(homeDir, CLAWDENTITY_DIR_NAME, OPENCLAW_AGENT_FILE_NAME);
+  return join7(homeDir, CLAWDENTITY_DIR_NAME, OPENCLAW_AGENT_FILE_NAME);
 }
 function resolveRelayRuntimeConfigPath(homeDir) {
-  return join6(homeDir, CLAWDENTITY_DIR_NAME, OPENCLAW_RELAY_RUNTIME_FILE_NAME);
+  return join7(homeDir, CLAWDENTITY_DIR_NAME, OPENCLAW_RELAY_RUNTIME_FILE_NAME);
 }
 async function readJsonFile(filePath) {
-  const raw = await readFile4(filePath, "utf8");
+  const raw = await readFile5(filePath, "utf8");
   try {
     return JSON.parse(raw);
   } catch {
@@ -20829,13 +21253,13 @@ async function readJsonFile(filePath) {
 async function ensureLocalAgentCredentials(homeDir, agentName) {
   const agentDir = resolveAgentDirectory(homeDir, agentName);
   const requiredFiles = [
-    join6(agentDir, SECRET_KEY_FILE_NAME2),
-    join6(agentDir, AIT_FILE_NAME3)
+    join7(agentDir, SECRET_KEY_FILE_NAME2),
+    join7(agentDir, AIT_FILE_NAME3)
   ];
   for (const filePath of requiredFiles) {
     let content;
     try {
-      content = await readFile4(filePath, "utf8");
+      content = await readFile5(filePath, "utf8");
     } catch (error48) {
       if (getErrorCode2(error48) === "ENOENT") {
         throw createCliError5(
@@ -20909,7 +21333,7 @@ async function loadPeersConfig(peersPath) {
     }
     throw error48;
   }
-  if (!isRecord7(parsed)) {
+  if (!isRecord8(parsed)) {
     throw createCliError5(
       "CLI_OPENCLAW_INVALID_PEERS_CONFIG",
       "Peer config root must be a JSON object",
@@ -20920,7 +21344,7 @@ async function loadPeersConfig(peersPath) {
   if (peersValue === void 0) {
     return { peers: {} };
   }
-  if (!isRecord7(peersValue)) {
+  if (!isRecord8(peersValue)) {
     throw createCliError5(
       "CLI_OPENCLAW_INVALID_PEERS_CONFIG",
       "Peer config peers field must be an object",
@@ -20930,7 +21354,7 @@ async function loadPeersConfig(peersPath) {
   const peers = {};
   for (const [alias, value] of Object.entries(peersValue)) {
     const normalizedAlias = parsePeerAlias(alias);
-    if (!isRecord7(value)) {
+    if (!isRecord8(value)) {
       throw createCliError5(
         "CLI_OPENCLAW_INVALID_PEERS_CONFIG",
         "Peer entry must be an object",
@@ -20952,8 +21376,35 @@ async function savePeersConfig(peersPath, config2) {
   await writeSecureFile3(peersPath, `${JSON.stringify(config2, null, 2)}
 `);
 }
+function parseRelayRuntimeEchoConfig(value, relayRuntimeConfigPath) {
+  if (value === void 0) {
+    return defaultRelayEchoConfig();
+  }
+  if (!isRecord8(value)) {
+    throw createCliError5(
+      "CLI_OPENCLAW_INVALID_RELAY_RUNTIME_CONFIG",
+      "Relay runtime echo config must be an object",
+      { relayRuntimeConfigPath }
+    );
+  }
+  const defaults = defaultRelayEchoConfig();
+  try {
+    return {
+      enabled: value.enabled === void 0 ? defaults.enabled : parseRelayEchoEnabled(value.enabled),
+      channel: value.channel === void 0 ? defaults.channel : parseRelayEchoChannel(value.channel),
+      to: parseRelayEchoTo(value.to),
+      maxLength: value.maxLength === void 0 ? defaults.maxLength : parseRelayEchoMaxLength(value.maxLength)
+    };
+  } catch (error48) {
+    throw createCliError5(
+      "CLI_OPENCLAW_INVALID_RELAY_RUNTIME_CONFIG",
+      error48 instanceof Error ? error48.message : "Relay runtime echo config is invalid",
+      { relayRuntimeConfigPath }
+    );
+  }
+}
 function parseRelayRuntimeConfig(value, relayRuntimeConfigPath) {
-  if (!isRecord7(value)) {
+  if (!isRecord8(value)) {
     throw createCliError5(
       "CLI_OPENCLAW_INVALID_RELAY_RUNTIME_CONFIG",
       "Relay runtime config must be an object",
@@ -20961,9 +21412,11 @@ function parseRelayRuntimeConfig(value, relayRuntimeConfigPath) {
     );
   }
   const updatedAt = typeof value.updatedAt === "string" && value.updatedAt.trim().length > 0 ? value.updatedAt.trim() : void 0;
+  const echo = parseRelayRuntimeEchoConfig(value.echo, relayRuntimeConfigPath);
   return {
-    openclawBaseUrl: parseOpenclawBaseUrl(value.openclawBaseUrl),
-    updatedAt
+    openclawBaseUrl: parseOpenclawBaseUrl2(value.openclawBaseUrl),
+    updatedAt,
+    echo
   };
 }
 async function loadRelayRuntimeConfig(relayRuntimeConfigPath) {
@@ -20978,10 +21431,11 @@ async function loadRelayRuntimeConfig(relayRuntimeConfigPath) {
   }
   return parseRelayRuntimeConfig(parsed, relayRuntimeConfigPath);
 }
-async function saveRelayRuntimeConfig(relayRuntimeConfigPath, openclawBaseUrl) {
+async function saveRelayRuntimeConfig(relayRuntimeConfigPath, openclawBaseUrl, relayEchoConfig) {
   const config2 = {
     openclawBaseUrl,
-    updatedAt: nowIso()
+    updatedAt: nowIso(),
+    echo: relayEchoConfig
   };
   await writeSecureFile3(
     relayRuntimeConfigPath,
@@ -20989,13 +21443,13 @@ async function saveRelayRuntimeConfig(relayRuntimeConfigPath, openclawBaseUrl) {
 `
   );
 }
-async function resolveOpenclawBaseUrl2(input) {
+async function resolveOpenclawBaseUrl(input) {
   if (typeof input.optionValue === "string" && input.optionValue.trim().length > 0) {
-    return parseOpenclawBaseUrl(input.optionValue);
+    return parseOpenclawBaseUrl2(input.optionValue);
   }
   const envOpenclawBaseUrl = process.env.OPENCLAW_BASE_URL;
   if (typeof envOpenclawBaseUrl === "string" && envOpenclawBaseUrl.trim().length > 0) {
-    return parseOpenclawBaseUrl(envOpenclawBaseUrl);
+    return parseOpenclawBaseUrl2(envOpenclawBaseUrl);
   }
   const existingConfig = await loadRelayRuntimeConfig(
     input.relayRuntimeConfigPath
@@ -21022,20 +21476,20 @@ function normalizeStringArrayWithValue(value, requiredValue) {
   return Array.from(normalized);
 }
 function upsertRelayHookMapping(mappingsValue) {
-  const mappings = Array.isArray(mappingsValue) ? mappingsValue.filter(isRecord7).map((mapping) => ({ ...mapping })) : [];
+  const mappings = Array.isArray(mappingsValue) ? mappingsValue.filter(isRecord8).map((mapping) => ({ ...mapping })) : [];
   const existingIndex = mappings.findIndex((mapping) => {
     if (mapping.id === HOOK_MAPPING_ID) {
       return true;
     }
-    if (!isRecord7(mapping.match)) {
+    if (!isRecord8(mapping.match)) {
       return false;
     }
     return mapping.match.path === HOOK_PATH_SEND_TO_PEER;
   });
-  const baseMapping = existingIndex >= 0 && isRecord7(mappings[existingIndex]) ? mappings[existingIndex] : {};
-  const nextMatch = isRecord7(baseMapping.match) ? { ...baseMapping.match } : {};
+  const baseMapping = existingIndex >= 0 && isRecord8(mappings[existingIndex]) ? mappings[existingIndex] : {};
+  const nextMatch = isRecord8(baseMapping.match) ? { ...baseMapping.match } : {};
   nextMatch.path = HOOK_PATH_SEND_TO_PEER;
-  const nextTransform = isRecord7(baseMapping.transform) ? { ...baseMapping.transform } : {};
+  const nextTransform = isRecord8(baseMapping.transform) ? { ...baseMapping.transform } : {};
   nextTransform.module = RELAY_MODULE_FILE_NAME;
   const relayMapping = {
     ...baseMapping,
@@ -21066,14 +21520,14 @@ async function patchOpenclawConfig(openclawConfigPath) {
     }
     throw error48;
   }
-  if (!isRecord7(config2)) {
+  if (!isRecord8(config2)) {
     throw createCliError5(
       "CLI_OPENCLAW_INVALID_CONFIG",
       "OpenClaw config root must be an object",
       { openclawConfigPath }
     );
   }
-  const hooks = isRecord7(config2.hooks) ? { ...config2.hooks } : {};
+  const hooks = isRecord8(config2.hooks) ? { ...config2.hooks } : {};
   hooks.enabled = true;
   hooks.allowRequestSessionKey = false;
   hooks.allowedSessionKeyPrefixes = normalizeStringArrayWithValue(
@@ -21103,10 +21557,10 @@ function toDoctorResult(checks) {
   };
 }
 function isRelayHookMapping(value) {
-  if (!isRecord7(value)) {
+  if (!isRecord8(value)) {
     return false;
   }
-  if (!isRecord7(value.match) || value.match.path !== HOOK_PATH_SEND_TO_PEER) {
+  if (!isRecord8(value.match) || value.match.path !== HOOK_PATH_SEND_TO_PEER) {
     return false;
   }
   if (typeof value.id === "string" && value.id !== HOOK_MAPPING_ID) {
@@ -21115,7 +21569,7 @@ function isRelayHookMapping(value) {
   return true;
 }
 function hasRelayTransformModule(value) {
-  if (!isRecord7(value) || !isRecord7(value.transform)) {
+  if (!isRecord8(value) || !isRecord8(value.transform)) {
     return false;
   }
   return value.transform.module === RELAY_MODULE_FILE_NAME;
@@ -21232,7 +21686,7 @@ async function runOpenclawDoctor(options = {}) {
   const selectedAgentPath = resolveOpenclawAgentNamePath(homeDir);
   let selectedAgentName;
   try {
-    const selectedAgentRaw = await readFile4(selectedAgentPath, "utf8");
+    const selectedAgentRaw = await readFile5(selectedAgentPath, "utf8");
     selectedAgentName = assertValidAgentName(selectedAgentRaw.trim());
     checks.push(
       toDoctorCheck({
@@ -21354,7 +21808,7 @@ async function runOpenclawDoctor(options = {}) {
   }
   const transformTargetPath = resolveTransformTargetPath(openclawDir);
   try {
-    const transformContents = await readFile4(transformTargetPath, "utf8");
+    const transformContents = await readFile5(transformTargetPath, "utf8");
     if (transformContents.trim().length === 0) {
       checks.push(
         toDoctorCheck({
@@ -21392,11 +21846,11 @@ async function runOpenclawDoctor(options = {}) {
   const openclawConfigPath = resolveOpenclawConfigPath(openclawDir);
   try {
     const openclawConfig = await readJsonFile(openclawConfigPath);
-    if (!isRecord7(openclawConfig)) {
+    if (!isRecord8(openclawConfig)) {
       throw new Error("root");
     }
-    const hooks = isRecord7(openclawConfig.hooks) ? openclawConfig.hooks : {};
-    const mappings = Array.isArray(hooks.mappings) ? hooks.mappings.filter(isRecord7) : [];
+    const hooks = isRecord8(openclawConfig.hooks) ? openclawConfig.hooks : {};
+    const mappings = Array.isArray(hooks.mappings) ? hooks.mappings.filter(isRecord8) : [];
     const relayMapping = mappings.find(
       (mapping) => isRelayHookMapping(mapping)
     );
@@ -21436,7 +21890,7 @@ async function runOpenclawDoctor(options = {}) {
   }
   const relayRuntimeConfigPath = resolveRelayRuntimeConfigPath(homeDir);
   try {
-    const openclawBaseUrl = await resolveOpenclawBaseUrl2({
+    const openclawBaseUrl = await resolveOpenclawBaseUrl({
       relayRuntimeConfigPath
     });
     checks.push(
@@ -21498,7 +21952,7 @@ async function runOpenclawRelayTest(options) {
   const relayRuntimeConfigPath = resolveRelayRuntimeConfigPath(homeDir);
   let openclawBaseUrl = DEFAULT_OPENCLAW_BASE_URL2;
   try {
-    openclawBaseUrl = await resolveOpenclawBaseUrl2({
+    openclawBaseUrl = await resolveOpenclawBaseUrl({
       optionValue: options.openclawBaseUrl,
       relayRuntimeConfigPath
     });
@@ -21624,10 +22078,17 @@ async function setupOpenclawRelayFromInvite(agentName, options) {
   const transformSource = typeof options.transformSource === "string" && options.transformSource.trim().length > 0 ? options.transformSource.trim() : resolveDefaultTransformSource(openclawDir);
   const transformTargetPath = resolveTransformTargetPath(openclawDir);
   const relayRuntimeConfigPath = resolveRelayRuntimeConfigPath(homeDir);
-  const openclawBaseUrl = await resolveOpenclawBaseUrl2({
+  const existingRelayRuntimeConfig = await loadRelayRuntimeConfig(
+    relayRuntimeConfigPath
+  );
+  const openclawBaseUrl = await resolveOpenclawBaseUrl({
     optionValue: options.openclawBaseUrl,
     relayRuntimeConfigPath
   });
+  const relayEchoConfig = resolveSetupRelayEchoConfig({
+    existingConfig: existingRelayRuntimeConfig,
+    options
+  });
   const invite = decodeInvitePayload(options.inviteCode);
   const peerAliasCandidate = options.peerAlias ?? invite.alias;
   if (!peerAliasCandidate) {
@@ -21659,7 +22120,11 @@ async function setupOpenclawRelayFromInvite(agentName, options) {
   const agentNamePath = resolveOpenclawAgentNamePath(homeDir);
   await writeSecureFile3(agentNamePath, `${normalizedAgentName}
 `);
-  await saveRelayRuntimeConfig(relayRuntimeConfigPath, openclawBaseUrl);
+  await saveRelayRuntimeConfig(
+    relayRuntimeConfigPath,
+    openclawBaseUrl,
+    relayEchoConfig
+  );
   logger8.info("cli.openclaw_setup_completed", {
     agentName: normalizedAgentName,
     peerAlias,
@@ -21667,7 +22132,8 @@ async function setupOpenclawRelayFromInvite(agentName, options) {
     openclawConfigPath,
     transformTargetPath,
     openclawBaseUrl,
-    relayRuntimeConfigPath
+    relayRuntimeConfigPath,
+    relayEchoConfig
   });
   return {
     peerAlias,
@@ -21676,7 +22142,8 @@ async function setupOpenclawRelayFromInvite(agentName, options) {
     openclawConfigPath,
     transformTargetPath,
     openclawBaseUrl,
-    relayRuntimeConfigPath
+    relayRuntimeConfigPath,
+    relayEcho: relayEchoConfig
   };
 }
 var createOpenclawCommand = () => {
@@ -21712,6 +22179,20 @@ var createOpenclawCommand = () => {
   ).option(
     "--openclaw-base-url <url>",
     "Base URL for local OpenClaw hook API (default http://127.0.0.1:18789)"
+  ).option(
+    "--echo-enabled <true|false>",
+    "Enable or disable relay echo to the operator chat channel (default true)",
+    parseRelayEchoEnabled
+  ).option(
+    "--echo-channel <channel>",
+    "Relay echo delivery channel (default last)"
+  ).option(
+    "--echo-to <target>",
+    "Relay echo delivery target id/recipient (optional)"
+  ).option(
+    "--echo-max-length <number>",
+    `Relay echo message truncation limit (${MIN_RELAY_ECHO_MAX_LENGTH}-${MAX_RELAY_ECHO_MAX_LENGTH}, default ${DEFAULT_RELAY_ECHO_MAX_LENGTH2})`,
+    parseRelayEchoMaxLength
   ).action(
     withErrorHandling(
       "openclaw setup",
@@ -21725,6 +22206,16 @@ var createOpenclawCommand = () => {
         );
         writeStdoutLine(`Installed transform: ${result.transformTargetPath}`);
         writeStdoutLine(`OpenClaw base URL: ${result.openclawBaseUrl}`);
+        writeStdoutLine(
+          `Relay echo enabled: ${result.relayEcho.enabled ? "true" : "false"}`
+        );
+        writeStdoutLine(`Relay echo channel: ${result.relayEcho.channel}`);
+        writeStdoutLine(
+          `Relay echo target: ${result.relayEcho.to ?? "(last route default)"}`
+        );
+        writeStdoutLine(
+          `Relay echo max length: ${result.relayEcho.maxLength}`
+        );
         writeStdoutLine(
           `Relay runtime config: ${result.relayRuntimeConfigPath}`
         );
@@ -21796,8 +22287,8 @@ var createOpenclawCommand = () => {
 
 // src/commands/pair.ts
 import { randomBytes as randomBytes3 } from "crypto";
-import { mkdir as mkdir6, readFile as readFile5, writeFile as writeFile6 } from "fs/promises";
-import { dirname as dirname5, join as join7, resolve } from "path";
+import { mkdir as mkdir6, readdir, readFile as readFile6, unlink as unlink2, writeFile as writeFile6 } from "fs/promises";
+import { dirname as dirname5, join as join8, resolve } from "path";
 import { Command as Command8 } from "commander";
 import jsQR from "jsqr";
 import { PNG } from "pngjs";
@@ -21812,7 +22303,9 @@ var PAIR_CONFIRM_PATH = "/pair/confirm";
 var OWNER_PAT_HEADER = "x-claw-owner-pat";
 var NONCE_SIZE2 = 24;
 var PAIRING_TICKET_PREFIX = "clwpair1_";
-var isRecord8 = (value) => {
+var PAIRING_QR_MAX_AGE_SECONDS = 900;
+var PAIRING_QR_FILENAME_PATTERN = /-pair-(\d+)\.png$/;
+var isRecord9 = (value) => {
   return typeof value === "object" && value !== null;
 };
 function createCliError6(code, message2) {
@@ -21879,7 +22372,7 @@ function toPathWithQuery3(url2) {
   return `${parsed.pathname}${parsed.search}`;
 }
 function extractErrorCode(payload) {
-  if (!isRecord8(payload)) {
+  if (!isRecord9(payload)) {
     return void 0;
   }
   const envelope = payload;
@@ -21890,7 +22383,7 @@ function extractErrorCode(payload) {
   return code.length > 0 ? code : void 0;
 }
 function extractErrorMessage(payload) {
-  if (!isRecord8(payload)) {
+  if (!isRecord9(payload)) {
     return void 0;
   }
   const envelope = payload;
@@ -21958,7 +22451,7 @@ function mapConfirmPairError(status, payload) {
   return `Pair confirm failed (${status})`;
 }
 function parsePairStartResponse(payload) {
-  if (!isRecord8(payload)) {
+  if (!isRecord9(payload)) {
     throw createCliError6(
       "CLI_PAIR_START_INVALID_RESPONSE",
       "Pair start response is invalid"
@@ -21980,7 +22473,7 @@ function parsePairStartResponse(payload) {
   };
 }
 function parsePairConfirmResponse(payload) {
-  if (!isRecord8(payload)) {
+  if (!isRecord9(payload)) {
     throw createCliError6(
       "CLI_PAIR_CONFIRM_INVALID_RESPONSE",
       "Pair confirm response is invalid"
@@ -22002,16 +22495,16 @@ function parsePairConfirmResponse(payload) {
   };
 }
 async function readAgentProofMaterial(agentName, dependencies) {
-  const readFileImpl = dependencies.readFileImpl ?? readFile5;
+  const readFileImpl = dependencies.readFileImpl ?? readFile6;
   const getConfigDirImpl = dependencies.getConfigDirImpl ?? getConfigDir;
   const normalizedAgentName = assertValidAgentName(agentName);
-  const agentDir = join7(
+  const agentDir = join8(
     getConfigDirImpl(),
     AGENTS_DIR_NAME5,
     normalizedAgentName
   );
-  const aitPath = join7(agentDir, AIT_FILE_NAME4);
-  const secretKeyPath = join7(agentDir, SECRET_KEY_FILE_NAME3);
+  const aitPath = join8(agentDir, AIT_FILE_NAME4);
+  const secretKeyPath = join8(agentDir, SECRET_KEY_FILE_NAME3);
   let ait;
   try {
     ait = (await readFileImpl(aitPath, "utf-8")).trim();
@@ -22120,14 +22613,47 @@ function decodeTicketFromPng(imageBytes) {
 }
 async function persistPairingQr(input) {
   const mkdirImpl = input.dependencies.mkdirImpl ?? mkdir6;
+  const readdirImpl = input.dependencies.readdirImpl ?? readdir;
+  const unlinkImpl = input.dependencies.unlinkImpl ?? unlink2;
   const writeFileImpl = input.dependencies.writeFileImpl ?? writeFile6;
   const getConfigDirImpl = input.dependencies.getConfigDirImpl ?? getConfigDir;
   const qrEncodeImpl = input.dependencies.qrEncodeImpl ?? encodeTicketQrPng;
-  const baseDir = join7(getConfigDirImpl(), PAIRING_QR_DIR_NAME);
-  const outputPath = parseNonEmptyString8(input.qrOutput) ? resolve(input.qrOutput ?? "") : join7(
+  const baseDir = join8(getConfigDirImpl(), PAIRING_QR_DIR_NAME);
+  const outputPath = parseNonEmptyString8(input.qrOutput) ? resolve(input.qrOutput ?? "") : join8(
     baseDir,
     `${assertValidAgentName(input.agentName)}-pair-${input.nowSeconds}.png`
   );
+  const existingFiles = await readdirImpl(baseDir).catch((error48) => {
+    const nodeError = error48;
+    if (nodeError.code === "ENOENT") {
+      return [];
+    }
+    throw error48;
+  });
+  for (const fileName of existingFiles) {
+    if (typeof fileName !== "string") {
+      continue;
+    }
+    const match2 = PAIRING_QR_FILENAME_PATTERN.exec(fileName);
+    if (!match2) {
+      continue;
+    }
+    const issuedAtSeconds = Number.parseInt(match2[1] ?? "", 10);
+    if (!Number.isInteger(issuedAtSeconds)) {
+      continue;
+    }
+    if (issuedAtSeconds + PAIRING_QR_MAX_AGE_SECONDS > input.nowSeconds) {
+      continue;
+    }
+    const stalePath = join8(baseDir, fileName);
+    await unlinkImpl(stalePath).catch((error48) => {
+      const nodeError = error48;
+      if (nodeError.code === "ENOENT") {
+        return;
+      }
+      throw error48;
+    });
+  }
   await mkdirImpl(dirname5(outputPath), { recursive: true });
   const imageBytes = await qrEncodeImpl(input.ticket);
   await writeFileImpl(outputPath, imageBytes);
@@ -22232,7 +22758,7 @@ async function confirmPairing(agentName, options, dependencies = {}) {
   const fetchImpl = dependencies.fetchImpl ?? fetch;
   const nowSecondsImpl = dependencies.nowSecondsImpl ?? (() => Math.floor(Date.now() / 1e3));
   const nonceFactoryImpl = dependencies.nonceFactoryImpl ?? (() => randomBytes3(NONCE_SIZE2).toString("base64url"));
-  const readFileImpl = dependencies.readFileImpl ?? readFile5;
+  const readFileImpl = dependencies.readFileImpl ?? readFile6;
   const qrDecodeImpl = dependencies.qrDecodeImpl ?? decodeTicketFromPng;
   const ticketSource = resolveConfirmTicketSource(options);
   const proxyUrl = resolveProxyUrl(options.proxyUrl);
@@ -22297,6 +22823,19 @@ async function confirmPairing(agentName, options, dependencies = {}) {
     );
   }
   const parsed = parsePairConfirmResponse(responseBody);
+  if (ticketSource.source === "qr-file" && ticketSource.qrFilePath) {
+    const unlinkImpl = dependencies.unlinkImpl ?? unlink2;
+    await unlinkImpl(ticketSource.qrFilePath).catch((error48) => {
+      const nodeError = error48;
+      if (nodeError.code === "ENOENT") {
+        return;
+      }
+      logger9.warn("cli.pair.confirm.qr_cleanup_failed", {
+        path: ticketSource.qrFilePath,
+        reason: error48 instanceof Error && error48.message.length > 0 ? error48.message : "unknown"
+      });
+    });
+  }
   return {
     ...parsed,
     proxyUrl
@@ -22357,7 +22896,7 @@ var createPairCommand = (dependencies = {}) => {
 };
 
 // src/commands/verify.ts
-import { readFile as readFile6 } from "fs/promises";
+import { readFile as readFile7 } from "fs/promises";
 import { Command as Command9 } from "commander";
 var logger10 = createLogger({ service: "cli", module: "verify" });
 var REGISTRY_KEYS_CACHE_FILE = "registry-keys.json";
@@ -22370,7 +22909,7 @@ var VerifyCommandError = class extends Error {
     this.name = "VerifyCommandError";
   }
 };
-var isRecord9 = (value) => {
+var isRecord10 = (value) => {
   return typeof value === "object" && value !== null;
 };
 var normalizeRegistryUrl = (registryUrl) => {
@@ -22406,7 +22945,7 @@ var resolveToken = async (tokenOrFile) => {
     throw new VerifyCommandError("invalid token (value is empty)");
   }
   try {
-    const fileContents = await readFile6(input, "utf-8");
+    const fileContents = await readFile7(input, "utf-8");
     const token = fileContents.trim();
     if (token.length === 0) {
       throw new VerifyCommandError(`invalid token (${input} is empty)`);
@@ -22438,7 +22977,7 @@ var parseResponseJson = async (response) => {
   }
 };
 var parseSigningKeys = (payload) => {
-  if (!isRecord9(payload) || !Array.isArray(payload.keys)) {
+  if (!isRecord10(payload) || !Array.isArray(payload.keys)) {
     throw new VerifyCommandError(
       "verification keys unavailable (response payload is invalid)"
     );
@@ -22457,7 +22996,7 @@ var parseSigningKeys = (payload) => {
 };
 var parseRegistryKeysCache = (rawCache) => {
   const parsed = parseJson(rawCache);
-  if (!isRecord9(parsed)) {
+  if (!isRecord10(parsed)) {
     return void 0;
   }
   const { registryUrl, fetchedAtMs, keys } = parsed;
@@ -22483,7 +23022,7 @@ var parseRegistryKeysCache = (rawCache) => {
 };
 var parseCrlCache = (rawCache) => {
   const parsed = parseJson(rawCache);
-  if (!isRecord9(parsed)) {
+  if (!isRecord10(parsed)) {
     return void 0;
   }
   const { registryUrl, fetchedAtMs, claims } = parsed;
@@ -22581,7 +23120,7 @@ var fetchCrlClaims = async (input) => {
     );
   }
   const payload = await parseResponseJson(response);
-  if (!isRecord9(payload) || typeof payload.crl !== "string") {
+  if (!isRecord10(payload) || typeof payload.crl !== "string") {
     throw new VerifyCommandError(
       "revocation check unavailable (response payload is invalid)"
     );
@@ -22626,7 +23165,7 @@ var loadCrlClaims = async (input) => {
   return claims;
 };
 var toInvalidTokenReason = (error48) => {
-  if (isRecord9(error48) && typeof error48.message === "string") {
+  if (isRecord10(error48) && typeof error48.message === "string") {
     return `invalid token (${error48.message})`;
   }
   if (error48 instanceof Error && error48.message.length > 0) {