cli-claw-kit 0.0.1

package/dist/runtime-config.js

@@ -0,0 +1,1777 @@
+import crypto from 'crypto';
+import fs from 'fs';
+import path from 'path';
+import { ASSISTANT_NAME, DATA_DIR } from './config.js';
+import { logger } from './logger.js';
+const MAX_FIELD_LENGTH = 2000;
+const CLAUDE_CONFIG_DIR = path.join(DATA_DIR, 'config');
+const CLAUDE_CONFIG_FILE = path.join(CLAUDE_CONFIG_DIR, 'claude-provider.json');
+const CLAUDE_CONFIG_KEY_FILE = path.join(CLAUDE_CONFIG_DIR, 'claude-provider.key');
+const CLAUDE_CONFIG_AUDIT_FILE = path.join(CLAUDE_CONFIG_DIR, 'claude-provider.audit.log');
+const FEISHU_CONFIG_FILE = path.join(CLAUDE_CONFIG_DIR, 'feishu-provider.json');
+const TELEGRAM_CONFIG_FILE = path.join(CLAUDE_CONFIG_DIR, 'telegram-provider.json');
+const ENV_KEY_RE = /^[A-Za-z_][A-Za-z0-9_]*$/;
+const RESERVED_CLAUDE_ENV_KEYS = new Set([
+    'CLAUDE_CODE_OAUTH_TOKEN',
+    'ANTHROPIC_BASE_URL',
+    'ANTHROPIC_AUTH_TOKEN',
+    'ANTHROPIC_MODEL',
+]);
+const DANGEROUS_ENV_VARS = new Set([
+    // Code execution / preload attacks
+    'LD_PRELOAD',
+    'LD_LIBRARY_PATH',
+    'LD_AUDIT',
+    'DYLD_INSERT_LIBRARIES',
+    'DYLD_LIBRARY_PATH',
+    'DYLD_FRAMEWORK_PATH',
+    'NODE_OPTIONS',
+    'JAVA_TOOL_OPTIONS',
+    'PERL5OPT',
+    // Path manipulation
+    'PATH',
+    'PYTHONPATH',
+    'RUBYLIB',
+    'PERL5LIB',
+    'GIT_EXEC_PATH',
+    'CDPATH',
+    // Shell behavior
+    'BASH_ENV',
+    'ENV',
+    'PROMPT_COMMAND',
+    'ZDOTDIR',
+    // Editor / terminal (可被利用执行命令)
+    'EDITOR',
+    'VISUAL',
+    'PAGER',
+    // SSH / Git（防止凭据泄露或命令注入）
+    'SSH_AUTH_SOCK',
+    'SSH_AGENT_PID',
+    'GIT_SSH',
+    'GIT_SSH_COMMAND',
+    'GIT_ASKPASS',
+    // Sensitive directories
+    'HOME',
+    'TMPDIR',
+    'TEMP',
+    'TMP',
+    // cli-claw 内部路径映射
+    'CLI_CLAW_WORKSPACE_GROUP',
+    'CLI_CLAW_WORKSPACE_GLOBAL',
+    'CLI_CLAW_WORKSPACE_IPC',
+    'CLAUDE_CONFIG_DIR',
+]);
+const MAX_CUSTOM_ENV_ENTRIES = 50;
+// Fallback scopes for .credentials.json when stored credentials lack scopes.
+// Differs from OAUTH_SCOPES in routes/config.ts (the authorize-flow request):
+// authorize requests org:create_api_key; credential files need user:sessions:claude_code.
+const DEFAULT_CREDENTIAL_SCOPES = [
+    'user:inference',
+    'user:profile',
+    'user:sessions:claude_code',
+];
+const DEFAULT_BALANCING_CONFIG = {
+    strategy: 'round-robin',
+    unhealthyThreshold: 3,
+    recoveryIntervalMs: 300_000,
+};
+const MAX_PROVIDERS = 20;
+function normalizeSecret(input, fieldName) {
+    if (typeof input !== 'string') {
+        throw new Error(`Invalid field: ${fieldName}`);
+    }
+    // Strip ALL whitespace and non-ASCII characters — API keys/tokens are always ASCII;
+    // users often paste with accidental spaces, line breaks, or smart quotes (e.g. U+2019).
+    // eslint-disable-next-line no-control-regex
+    const value = input.replace(/\s+/g, '').replace(/[^\x00-\x7F]/g, '');
+    if (value.length > MAX_FIELD_LENGTH) {
+        throw new Error(`Field too long: ${fieldName}`);
+    }
+    return value;
+}
+function normalizeBaseUrl(input) {
+    if (typeof input !== 'string') {
+        throw new Error('Invalid field: anthropicBaseUrl');
+    }
+    const value = input.trim();
+    if (!value)
+        return '';
+    if (value.length > MAX_FIELD_LENGTH) {
+        throw new Error('Field too long: anthropicBaseUrl');
+    }
+    let parsed;
+    try {
+        parsed = new URL(value);
+    }
+    catch {
+        throw new Error('Invalid field: anthropicBaseUrl');
+    }
+    if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+        throw new Error('Invalid field: anthropicBaseUrl');
+    }
+    return value;
+}
+function normalizeModel(input) {
+    if (typeof input !== 'string') {
+        throw new Error('Invalid field: anthropicModel');
+    }
+    const value = input.trim();
+    if (!value)
+        return '';
+    if (value.length > 128) {
+        throw new Error('Field too long: anthropicModel');
+    }
+    return value;
+}
+function normalizeFeishuAppId(input) {
+    if (typeof input !== 'string') {
+        throw new Error('Invalid field: appId');
+    }
+    const value = input.trim();
+    if (!value)
+        return '';
+    if (value.length > MAX_FIELD_LENGTH) {
+        throw new Error('Field too long: appId');
+    }
+    return value;
+}
+function normalizeTelegramProxyUrl(input) {
+    if (input === undefined || input === null)
+        return '';
+    if (typeof input !== 'string') {
+        throw new Error('Invalid field: proxyUrl');
+    }
+    const value = input.trim();
+    if (!value)
+        return '';
+    if (value.length > MAX_FIELD_LENGTH) {
+        throw new Error('Field too long: proxyUrl');
+    }
+    let parsed;
+    try {
+        parsed = new URL(value);
+    }
+    catch {
+        throw new Error('Invalid field: proxyUrl');
+    }
+    const protocol = parsed.protocol.toLowerCase();
+    if (!['http:', 'https:', 'socks:', 'socks5:'].includes(protocol)) {
+        throw new Error('Invalid field: proxyUrl');
+    }
+    return value;
+}
+function normalizeProfileName(input) {
+    if (typeof input !== 'string') {
+        throw new Error('Invalid field: name');
+    }
+    const value = input.trim();
+    if (!value) {
+        throw new Error('Invalid field: name');
+    }
+    if (value.length > 64) {
+        throw new Error('Field too long: name');
+    }
+    return value;
+}
+function sanitizeCustomEnvMap(input, options) {
+    const entries = Object.entries(input);
+    if (entries.length > MAX_CUSTOM_ENV_ENTRIES) {
+        throw new Error(`customEnv must have at most ${MAX_CUSTOM_ENV_ENTRIES} entries`);
+    }
+    const out = {};
+    for (const [key, rawValue] of entries) {
+        if (!ENV_KEY_RE.test(key)) {
+            throw new Error(`Invalid env key: ${key}`);
+        }
+        if (options?.skipReservedClaudeKeys && RESERVED_CLAUDE_ENV_KEYS.has(key)) {
+            continue;
+        }
+        out[key] = sanitizeEnvValue(typeof rawValue === 'string' ? rawValue : String(rawValue));
+    }
+    return out;
+}
+function normalizeConfig(input) {
+    return {
+        anthropicBaseUrl: normalizeBaseUrl(input.anthropicBaseUrl),
+        anthropicAuthToken: normalizeSecret(input.anthropicAuthToken, 'anthropicAuthToken'),
+        anthropicApiKey: normalizeSecret(input.anthropicApiKey, 'anthropicApiKey'),
+        claudeCodeOauthToken: normalizeSecret(input.claudeCodeOauthToken, 'claudeCodeOauthToken'),
+        claudeOAuthCredentials: input.claudeOAuthCredentials ?? null,
+        anthropicModel: normalizeModel(input.anthropicModel),
+    };
+}
+function buildConfig(input, updatedAt) {
+    return {
+        ...normalizeConfig(input),
+        updatedAt,
+    };
+}
+function getOrCreateEncryptionKey() {
+    fs.mkdirSync(CLAUDE_CONFIG_DIR, { recursive: true });
+    if (fs.existsSync(CLAUDE_CONFIG_KEY_FILE)) {
+        const raw = fs.readFileSync(CLAUDE_CONFIG_KEY_FILE, 'utf-8').trim();
+        const key = Buffer.from(raw, 'hex');
+        if (key.length === 32)
+            return key;
+        throw new Error('Invalid encryption key file');
+    }
+    const key = crypto.randomBytes(32);
+    fs.writeFileSync(CLAUDE_CONFIG_KEY_FILE, key.toString('hex') + '\n', {
+        encoding: 'utf-8',
+        mode: 0o600,
+    });
+    return key;
+}
+function encryptSecrets(payload) {
+    const key = getOrCreateEncryptionKey();
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+    const plaintext = Buffer.from(JSON.stringify(payload), 'utf-8');
+    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    return {
+        iv: iv.toString('base64'),
+        tag: tag.toString('base64'),
+        data: encrypted.toString('base64'),
+    };
+}
+function decryptSecrets(secrets) {
+    const key = getOrCreateEncryptionKey();
+    const iv = Buffer.from(secrets.iv, 'base64');
+    const tag = Buffer.from(secrets.tag, 'base64');
+    const encrypted = Buffer.from(secrets.data, 'base64');
+    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+    decipher.setAuthTag(tag);
+    const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+    ]).toString('utf-8');
+    const parsed = JSON.parse(decrypted);
+    const result = {
+        anthropicAuthToken: normalizeSecret(parsed.anthropicAuthToken ?? '', 'anthropicAuthToken'),
+        anthropicApiKey: normalizeSecret(parsed.anthropicApiKey ?? '', 'anthropicApiKey'),
+        claudeCodeOauthToken: normalizeSecret(parsed.claudeCodeOauthToken ?? '', 'claudeCodeOauthToken'),
+    };
+    // Restore OAuth credentials if present
+    if (parsed.claudeOAuthCredentials &&
+        typeof parsed.claudeOAuthCredentials === 'object') {
+        const creds = parsed.claudeOAuthCredentials;
+        if (typeof creds.accessToken === 'string' &&
+            typeof creds.refreshToken === 'string') {
+            result.claudeOAuthCredentials = {
+                accessToken: creds.accessToken,
+                refreshToken: creds.refreshToken,
+                expiresAt: typeof creds.expiresAt === 'number' ? creds.expiresAt : 0,
+                scopes: Array.isArray(creds.scopes) ? creds.scopes : [],
+                ...(typeof creds.subscriptionType === 'string'
+                    ? { subscriptionType: creds.subscriptionType }
+                    : {}),
+            };
+        }
+    }
+    return result;
+}
+function encryptChannelSecret(payload) {
+    const key = getOrCreateEncryptionKey();
+    const iv = crypto.randomBytes(12);
+    const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+    const plaintext = Buffer.from(JSON.stringify(payload), 'utf-8');
+    const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    return {
+        iv: iv.toString('base64'),
+        tag: tag.toString('base64'),
+        data: encrypted.toString('base64'),
+    };
+}
+function decryptChannelSecret(secrets) {
+    const key = getOrCreateEncryptionKey();
+    const iv = Buffer.from(secrets.iv, 'base64');
+    const tag = Buffer.from(secrets.tag, 'base64');
+    const encrypted = Buffer.from(secrets.data, 'base64');
+    const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+    decipher.setAuthTag(tag);
+    const decrypted = Buffer.concat([
+        decipher.update(encrypted),
+        decipher.final(),
+    ]).toString('utf-8');
+    return JSON.parse(decrypted);
+}
+function toStoredProviderV4(provider) {
+    const secrets = {
+        anthropicAuthToken: provider.anthropicAuthToken || '',
+        anthropicApiKey: provider.anthropicApiKey || '',
+        claudeCodeOauthToken: provider.claudeCodeOauthToken || '',
+        claudeOAuthCredentials: provider.claudeOAuthCredentials ?? null,
+    };
+    const sanitizedEnv = sanitizeCustomEnvMap(provider.customEnv || {}, {
+        skipReservedClaudeKeys: true,
+    });
+    return {
+        id: provider.id,
+        name: provider.name,
+        type: provider.type,
+        enabled: provider.enabled,
+        weight: Math.max(1, Math.min(100, provider.weight || 1)),
+        anthropicBaseUrl: provider.anthropicBaseUrl || '',
+        anthropicModel: provider.anthropicModel || '',
+        secrets: encryptSecrets(secrets),
+        ...(Object.keys(sanitizedEnv).length > 0
+            ? { customEnv: sanitizedEnv }
+            : {}),
+        updatedAt: provider.updatedAt || new Date().toISOString(),
+    };
+}
+function fromStoredProviderV4(stored) {
+    const secrets = decryptSecrets(stored.secrets);
+    return {
+        id: stored.id,
+        name: stored.name,
+        type: stored.type,
+        enabled: stored.enabled,
+        weight: Math.max(1, Math.min(100, stored.weight || 1)),
+        anthropicBaseUrl: stored.anthropicBaseUrl || '',
+        anthropicAuthToken: secrets.anthropicAuthToken || '',
+        anthropicModel: stored.anthropicModel || '',
+        anthropicApiKey: secrets.anthropicApiKey || '',
+        claudeCodeOauthToken: secrets.claudeCodeOauthToken || '',
+        claudeOAuthCredentials: secrets.claudeOAuthCredentials ?? null,
+        customEnv: sanitizeCustomEnvMap(stored.customEnv || {}, {
+            skipReservedClaudeKeys: true,
+        }),
+        updatedAt: stored.updatedAt || '',
+    };
+}
+function readStoredStateV4() {
+    if (!fs.existsSync(CLAUDE_CONFIG_FILE))
+        return null;
+    try {
+        const content = fs.readFileSync(CLAUDE_CONFIG_FILE, 'utf-8');
+        const parsed = JSON.parse(content);
+        if (parsed.version === 4) {
+            const v4 = parsed;
+            return {
+                providers: v4.providers.map(fromStoredProviderV4),
+                balancing: {
+                    strategy: v4.balancing?.strategy || DEFAULT_BALANCING_CONFIG.strategy,
+                    unhealthyThreshold: v4.balancing?.unhealthyThreshold ??
+                        DEFAULT_BALANCING_CONFIG.unhealthyThreshold,
+                    recoveryIntervalMs: v4.balancing?.recoveryIntervalMs ??
+                        DEFAULT_BALANCING_CONFIG.recoveryIntervalMs,
+                },
+            };
+        }
+        logger.warn({
+            file: CLAUDE_CONFIG_FILE,
+            version: typeof parsed.version === 'number' ? parsed.version : 'unknown',
+        }, 'Ignoring unsupported Claude provider config version');
+        return null;
+    }
+    catch (err) {
+        logger.error({ err, file: CLAUDE_CONFIG_FILE }, 'Failed to read Claude provider config V4');
+        return null;
+    }
+}
+function writeStoredStateV4(providers, balancing) {
+    const payload = {
+        version: 4,
+        providers: providers.map(toStoredProviderV4),
+        balancing,
+        updatedAt: new Date().toISOString(),
+    };
+    fs.mkdirSync(CLAUDE_CONFIG_DIR, { recursive: true });
+    const tmp = `${CLAUDE_CONFIG_FILE}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(payload, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, CLAUDE_CONFIG_FILE);
+}
+export function getProviders() {
+    const state = readStoredStateV4();
+    return state?.providers ?? [];
+}
+export function getEnabledProviders() {
+    return getProviders().filter((p) => p.enabled);
+}
+export function getBalancingConfig() {
+    const state = readStoredStateV4();
+    return state?.balancing ?? { ...DEFAULT_BALANCING_CONFIG };
+}
+export function saveBalancingConfig(config) {
+    const state = readStoredStateV4() || {
+        providers: [],
+        balancing: { ...DEFAULT_BALANCING_CONFIG },
+    };
+    const merged = {
+        ...state.balancing,
+        ...config,
+    };
+    writeStoredStateV4(state.providers, merged);
+    return merged;
+}
+export function createProvider(input) {
+    const state = readStoredStateV4() || {
+        providers: [],
+        balancing: { ...DEFAULT_BALANCING_CONFIG },
+    };
+    if (state.providers.length >= MAX_PROVIDERS) {
+        throw new Error(`最多只能创建 ${MAX_PROVIDERS} 个供应商`);
+    }
+    const now = new Date().toISOString();
+    const provider = {
+        id: crypto.randomBytes(8).toString('hex'),
+        name: normalizeProfileName(input.name),
+        type: input.type,
+        enabled: input.enabled ?? state.providers.length === 0,
+        weight: Math.max(1, Math.min(100, input.weight ?? 1)),
+        anthropicBaseUrl: input.anthropicBaseUrl
+            ? normalizeBaseUrl(input.anthropicBaseUrl)
+            : '',
+        anthropicAuthToken: input.anthropicAuthToken
+            ? normalizeSecret(input.anthropicAuthToken, 'anthropicAuthToken')
+            : '',
+        anthropicModel: input.anthropicModel
+            ? normalizeModel(input.anthropicModel)
+            : '',
+        anthropicApiKey: input.anthropicApiKey
+            ? normalizeSecret(input.anthropicApiKey, 'anthropicApiKey')
+            : '',
+        claudeCodeOauthToken: input.claudeCodeOauthToken
+            ? normalizeSecret(input.claudeCodeOauthToken, 'claudeCodeOauthToken')
+            : '',
+        claudeOAuthCredentials: input.claudeOAuthCredentials ?? null,
+        customEnv: sanitizeCustomEnvMap(input.customEnv || {}, {
+            skipReservedClaudeKeys: true,
+        }),
+        updatedAt: now,
+    };
+    state.providers.push(provider);
+    writeStoredStateV4(state.providers, state.balancing);
+    return provider;
+}
+export function updateProvider(id, patch) {
+    const state = readStoredStateV4();
+    if (!state)
+        throw new Error('Claude 配置不存在');
+    const idx = state.providers.findIndex((p) => p.id === id);
+    if (idx < 0)
+        throw new Error('未找到指定供应商');
+    const current = state.providers[idx];
+    const updated = {
+        ...current,
+        ...(patch.name !== undefined
+            ? { name: normalizeProfileName(patch.name) }
+            : {}),
+        ...(patch.anthropicBaseUrl !== undefined
+            ? { anthropicBaseUrl: normalizeBaseUrl(patch.anthropicBaseUrl) }
+            : {}),
+        ...(patch.anthropicModel !== undefined
+            ? { anthropicModel: normalizeModel(patch.anthropicModel) }
+            : {}),
+        ...(patch.customEnv !== undefined
+            ? {
+                customEnv: sanitizeCustomEnvMap(patch.customEnv, {
+                    skipReservedClaudeKeys: true,
+                }),
+            }
+            : {}),
+        ...(patch.weight !== undefined
+            ? { weight: Math.max(1, Math.min(100, patch.weight)) }
+            : {}),
+        updatedAt: new Date().toISOString(),
+    };
+    state.providers[idx] = updated;
+    writeStoredStateV4(state.providers, state.balancing);
+    return updated;
+}
+export function updateProviderSecrets(id, secrets) {
+    const state = readStoredStateV4();
+    if (!state)
+        throw new Error('Claude 配置不存在');
+    const idx = state.providers.findIndex((p) => p.id === id);
+    if (idx < 0)
+        throw new Error('未找到指定供应商');
+    const current = state.providers[idx];
+    const updated = { ...current, updatedAt: new Date().toISOString() };
+    if (typeof secrets.anthropicAuthToken === 'string') {
+        updated.anthropicAuthToken = normalizeSecret(secrets.anthropicAuthToken, 'anthropicAuthToken');
+    }
+    else if (secrets.clearAnthropicAuthToken) {
+        updated.anthropicAuthToken = '';
+    }
+    if (typeof secrets.anthropicApiKey === 'string') {
+        updated.anthropicApiKey = normalizeSecret(secrets.anthropicApiKey, 'anthropicApiKey');
+    }
+    else if (secrets.clearAnthropicApiKey) {
+        updated.anthropicApiKey = '';
+    }
+    if (typeof secrets.claudeCodeOauthToken === 'string') {
+        updated.claudeCodeOauthToken = normalizeSecret(secrets.claudeCodeOauthToken, 'claudeCodeOauthToken');
+    }
+    else if (secrets.clearClaudeCodeOauthToken) {
+        updated.claudeCodeOauthToken = '';
+    }
+    if (secrets.claudeOAuthCredentials) {
+        updated.claudeOAuthCredentials = secrets.claudeOAuthCredentials;
+        // When full OAuth creds set, clear legacy single token
+        updated.claudeCodeOauthToken = '';
+    }
+    else if (secrets.clearClaudeOAuthCredentials) {
+        updated.claudeOAuthCredentials = null;
+    }
+    state.providers[idx] = updated;
+    writeStoredStateV4(state.providers, state.balancing);
+    return updated;
+}
+export function toggleProvider(id) {
+    const state = readStoredStateV4();
+    if (!state)
+        throw new Error('Claude 配置不存在');
+    const idx = state.providers.findIndex((p) => p.id === id);
+    if (idx < 0)
+        throw new Error('未找到指定供应商');
+    const provider = state.providers[idx];
+    const newEnabled = !provider.enabled;
+    // Prevent disabling the last enabled provider
+    if (!newEnabled && state.providers.filter((p) => p.enabled).length <= 1) {
+        throw new Error('至少需要保留一个启用的供应商');
+    }
+    state.providers[idx] = {
+        ...provider,
+        enabled: newEnabled,
+        updatedAt: new Date().toISOString(),
+    };
+    writeStoredStateV4(state.providers, state.balancing);
+    return state.providers[idx];
+}
+export function deleteProvider(id) {
+    const state = readStoredStateV4();
+    if (!state)
+        throw new Error('Claude 配置不存在');
+    const idx = state.providers.findIndex((p) => p.id === id);
+    if (idx < 0)
+        throw new Error('未找到指定供应商');
+    if (state.providers.length <= 1) {
+        throw new Error('至少需要保留一个供应商');
+    }
+    const wasEnabled = state.providers[idx].enabled;
+    state.providers.splice(idx, 1);
+    // If deleted provider was the only enabled one, enable the first remaining
+    if (wasEnabled && !state.providers.some((p) => p.enabled)) {
+        state.providers[0].enabled = true;
+    }
+    writeStoredStateV4(state.providers, state.balancing);
+}
+/** Convert a UnifiedProvider to the flat ClaudeProviderConfig used by container runner */
+export function providerToConfig(provider) {
+    return {
+        anthropicBaseUrl: provider.anthropicBaseUrl,
+        anthropicAuthToken: provider.anthropicAuthToken,
+        anthropicApiKey: provider.anthropicApiKey,
+        claudeCodeOauthToken: provider.claudeCodeOauthToken,
+        claudeOAuthCredentials: provider.claudeOAuthCredentials,
+        anthropicModel: provider.anthropicModel,
+        updatedAt: provider.updatedAt,
+    };
+}
+/** Convert UnifiedProvider to public (masked) representation */
+export function toPublicProvider(provider) {
+    return {
+        id: provider.id,
+        name: provider.name,
+        type: provider.type,
+        enabled: provider.enabled,
+        weight: provider.weight,
+        anthropicBaseUrl: provider.anthropicBaseUrl,
+        anthropicModel: provider.anthropicModel,
+        hasAnthropicAuthToken: !!provider.anthropicAuthToken,
+        anthropicAuthTokenMasked: maskSecret(provider.anthropicAuthToken),
+        hasAnthropicApiKey: !!provider.anthropicApiKey,
+        anthropicApiKeyMasked: maskSecret(provider.anthropicApiKey),
+        hasClaudeCodeOauthToken: !!provider.claudeCodeOauthToken,
+        claudeCodeOauthTokenMasked: maskSecret(provider.claudeCodeOauthToken),
+        hasClaudeOAuthCredentials: !!provider.claudeOAuthCredentials,
+        claudeOAuthCredentialsExpiresAt: provider.claudeOAuthCredentials?.expiresAt ?? null,
+        claudeOAuthCredentialsAccessTokenMasked: provider.claudeOAuthCredentials
+            ? maskSecret(provider.claudeOAuthCredentials.accessToken)
+            : null,
+        customEnv: provider.customEnv || {},
+        updatedAt: provider.updatedAt,
+    };
+}
+/**
+ * Resolve a provider by ID to { config, customEnv } in a single disk read.
+ * Used by container-runner for pool-selected providers.
+ */
+export function resolveProviderById(providerId) {
+    const state = readStoredStateV4();
+    if (!state)
+        return { config: defaultsFromEnv(), customEnv: {} };
+    const provider = state.providers.find((p) => p.id === providerId);
+    if (!provider) {
+        logger.warn({ providerId }, 'resolveProviderById: provider not found, falling back to first enabled');
+        const fallback = state.providers.find((p) => p.enabled) || state.providers[0];
+        if (!fallback)
+            return { config: defaultsFromEnv(), customEnv: {} };
+        return {
+            config: providerToConfig(fallback),
+            customEnv: fallback.customEnv,
+        };
+    }
+    return {
+        config: providerToConfig(provider),
+        customEnv: provider.customEnv,
+    };
+}
+function defaultsFromEnv() {
+    const raw = {
+        anthropicBaseUrl: process.env.ANTHROPIC_BASE_URL || '',
+        anthropicAuthToken: process.env.ANTHROPIC_AUTH_TOKEN || '',
+        anthropicApiKey: process.env.ANTHROPIC_API_KEY || '',
+        claudeCodeOauthToken: process.env.CLAUDE_CODE_OAUTH_TOKEN || '',
+        claudeOAuthCredentials: null,
+        anthropicModel: process.env.ANTHROPIC_MODEL || '',
+    };
+    try {
+        return buildConfig(raw, null);
+    }
+    catch {
+        return {
+            anthropicBaseUrl: '',
+            anthropicAuthToken: raw.anthropicAuthToken.trim(),
+            anthropicApiKey: raw.anthropicApiKey.trim(),
+            claudeCodeOauthToken: raw.claudeCodeOauthToken.trim(),
+            claudeOAuthCredentials: null,
+            anthropicModel: raw.anthropicModel.trim(),
+            updatedAt: null,
+        };
+    }
+}
+function readStoredFeishuConfig() {
+    if (!fs.existsSync(FEISHU_CONFIG_FILE))
+        return null;
+    const content = fs.readFileSync(FEISHU_CONFIG_FILE, 'utf-8');
+    const parsed = JSON.parse(content);
+    if (parsed.version !== 1)
+        return null;
+    const stored = parsed;
+    const secret = decryptChannelSecret(stored.secret);
+    return {
+        appId: normalizeFeishuAppId(stored.appId ?? ''),
+        appSecret: secret.appSecret,
+        enabled: stored.enabled,
+        updatedAt: stored.updatedAt || null,
+    };
+}
+function defaultsFeishuFromEnv() {
+    const raw = {
+        appId: process.env.FEISHU_APP_ID || '',
+        appSecret: process.env.FEISHU_APP_SECRET || '',
+    };
+    return {
+        appId: raw.appId.trim(),
+        appSecret: raw.appSecret.trim(),
+        updatedAt: null,
+    };
+}
+export function getFeishuProviderConfigWithSource() {
+    try {
+        const stored = readStoredFeishuConfig();
+        if (stored)
+            return { config: stored, source: 'runtime' };
+    }
+    catch (err) {
+        logger.warn({ err }, 'Failed to read runtime Feishu config, falling back to env');
+    }
+    const fromEnv = defaultsFeishuFromEnv();
+    if (fromEnv.appId || fromEnv.appSecret) {
+        return { config: fromEnv, source: 'env' };
+    }
+    return { config: fromEnv, source: 'none' };
+}
+export function getFeishuProviderConfig() {
+    return getFeishuProviderConfigWithSource().config;
+}
+export function saveFeishuProviderConfig(next) {
+    const normalized = {
+        appId: normalizeFeishuAppId(next.appId),
+        appSecret: normalizeSecret(next.appSecret, 'appSecret'),
+        enabled: next.enabled,
+        updatedAt: new Date().toISOString(),
+    };
+    const payload = {
+        version: 1,
+        appId: normalized.appId,
+        enabled: normalized.enabled,
+        updatedAt: normalized.updatedAt || new Date().toISOString(),
+        secret: encryptChannelSecret({
+            appSecret: normalized.appSecret,
+        }),
+    };
+    fs.mkdirSync(CLAUDE_CONFIG_DIR, { recursive: true });
+    const tmp = `${FEISHU_CONFIG_FILE}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(payload, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, FEISHU_CONFIG_FILE);
+    return normalized;
+}
+export function toPublicFeishuProviderConfig(config, source) {
+    return {
+        appId: config.appId,
+        hasAppSecret: !!config.appSecret,
+        appSecretMasked: maskSecret(config.appSecret),
+        enabled: config.enabled !== false,
+        updatedAt: config.updatedAt,
+        source,
+    };
+}
+// ========== Telegram Provider Config ==========
+function readStoredTelegramConfig() {
+    if (!fs.existsSync(TELEGRAM_CONFIG_FILE))
+        return null;
+    const content = fs.readFileSync(TELEGRAM_CONFIG_FILE, 'utf-8');
+    const parsed = JSON.parse(content);
+    if (parsed.version !== 1)
+        return null;
+    const stored = parsed;
+    const secret = decryptChannelSecret(stored.secret);
+    return {
+        botToken: secret.botToken,
+        proxyUrl: normalizeTelegramProxyUrl(stored.proxyUrl ?? ''),
+        enabled: stored.enabled,
+        updatedAt: stored.updatedAt || null,
+    };
+}
+function defaultsTelegramFromEnv() {
+    const raw = {
+        botToken: process.env.TELEGRAM_BOT_TOKEN || '',
+        proxyUrl: process.env.TELEGRAM_PROXY_URL || '',
+    };
+    return {
+        botToken: raw.botToken.trim(),
+        proxyUrl: normalizeTelegramProxyUrl(raw.proxyUrl),
+        updatedAt: null,
+    };
+}
+export function getTelegramProviderConfigWithSource() {
+    try {
+        const stored = readStoredTelegramConfig();
+        if (stored)
+            return { config: stored, source: 'runtime' };
+    }
+    catch (err) {
+        logger.warn({ err }, 'Failed to read runtime Telegram config, falling back to env');
+    }
+    const fromEnv = defaultsTelegramFromEnv();
+    if (fromEnv.botToken) {
+        return { config: fromEnv, source: 'env' };
+    }
+    return { config: fromEnv, source: 'none' };
+}
+export function getTelegramProviderConfig() {
+    return getTelegramProviderConfigWithSource().config;
+}
+export function saveTelegramProviderConfig(next) {
+    const normalized = {
+        botToken: normalizeSecret(next.botToken, 'botToken'),
+        proxyUrl: normalizeTelegramProxyUrl(next.proxyUrl),
+        enabled: next.enabled,
+        updatedAt: new Date().toISOString(),
+    };
+    const payload = {
+        version: 1,
+        proxyUrl: normalized.proxyUrl,
+        enabled: normalized.enabled,
+        updatedAt: normalized.updatedAt || new Date().toISOString(),
+        secret: encryptChannelSecret({
+            botToken: normalized.botToken,
+        }),
+    };
+    fs.mkdirSync(CLAUDE_CONFIG_DIR, { recursive: true });
+    const tmp = `${TELEGRAM_CONFIG_FILE}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(payload, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, TELEGRAM_CONFIG_FILE);
+    return normalized;
+}
+export function toPublicTelegramProviderConfig(config, source) {
+    return {
+        hasBotToken: !!config.botToken,
+        botTokenMasked: maskSecret(config.botToken),
+        proxyUrl: config.proxyUrl ?? '',
+        enabled: config.enabled !== false,
+        updatedAt: config.updatedAt,
+        source,
+    };
+}
+function maskSecret(value) {
+    if (!value)
+        return null;
+    if (value.length <= 8)
+        return `${'*'.repeat(Math.max(value.length - 2, 1))}${value.slice(-2)}`;
+    return `${value.slice(0, 3)}${'*'.repeat(Math.max(value.length - 7, 4))}${value.slice(-4)}`;
+}
+export function toPublicClaudeProviderConfig(config) {
+    return {
+        anthropicBaseUrl: config.anthropicBaseUrl,
+        anthropicModel: config.anthropicModel,
+        updatedAt: config.updatedAt,
+        hasAnthropicAuthToken: !!config.anthropicAuthToken,
+        hasAnthropicApiKey: !!config.anthropicApiKey,
+        hasClaudeCodeOauthToken: !!config.claudeCodeOauthToken,
+        anthropicAuthTokenMasked: maskSecret(config.anthropicAuthToken),
+        anthropicApiKeyMasked: maskSecret(config.anthropicApiKey),
+        claudeCodeOauthTokenMasked: maskSecret(config.claudeCodeOauthToken),
+        hasClaudeOAuthCredentials: !!config.claudeOAuthCredentials,
+        claudeOAuthCredentialsExpiresAt: config.claudeOAuthCredentials?.expiresAt ?? null,
+        claudeOAuthCredentialsAccessTokenMasked: config.claudeOAuthCredentials
+            ? maskSecret(config.claudeOAuthCredentials.accessToken)
+            : null,
+    };
+}
+export function validateClaudeProviderConfig(config) {
+    const errors = [];
+    if (config.anthropicAuthToken && !config.anthropicBaseUrl) {
+        errors.push('使用 ANTHROPIC_AUTH_TOKEN 时必须配置 ANTHROPIC_BASE_URL');
+    }
+    if (config.anthropicBaseUrl) {
+        try {
+            const parsed = new URL(config.anthropicBaseUrl);
+            if (!['http:', 'https:'].includes(parsed.protocol)) {
+                errors.push('ANTHROPIC_BASE_URL 必须是 http 或 https 地址');
+            }
+        }
+        catch {
+            errors.push('ANTHROPIC_BASE_URL 格式不正确');
+        }
+    }
+    return errors;
+}
+export function getClaudeProviderConfig() {
+    try {
+        const state = readStoredStateV4();
+        if (state) {
+            const enabled = state.providers.find((p) => p.enabled) || state.providers[0];
+            if (enabled)
+                return providerToConfig(enabled);
+        }
+    }
+    catch {
+        // ignore corrupted file and use env fallback
+    }
+    return defaultsFromEnv();
+}
+/** Strip control characters from a value before writing to env file (defense-in-depth) */
+function sanitizeEnvValue(value) {
+    return value.replace(/[\r\n\0]/g, '');
+}
+/** Convert KEY=value lines to shell-safe format by single-quoting values.
+ *  Used when writing env files that are `source`d by bash. */
+export function shellQuoteEnvLines(lines) {
+    return lines.map((line) => {
+        const eqIdx = line.indexOf('=');
+        if (eqIdx <= 0)
+            return line;
+        const key = line.slice(0, eqIdx);
+        const value = line.slice(eqIdx + 1);
+        // Escape embedded single quotes: ' → '\''
+        const quoted = "'" + value.replace(/'/g, "'\\''") + "'";
+        return `${key}=${quoted}`;
+    });
+}
+export function buildClaudeEnvLines(config, profileCustomEnv) {
+    const lines = [];
+    // When full OAuth credentials exist, authentication is handled by .credentials.json file.
+    // Only fall back to CLAUDE_CODE_OAUTH_TOKEN env var for legacy single-token mode.
+    if (!config.claudeOAuthCredentials && config.claudeCodeOauthToken) {
+        lines.push(`CLAUDE_CODE_OAUTH_TOKEN=${sanitizeEnvValue(config.claudeCodeOauthToken)}`);
+    }
+    if (config.anthropicApiKey) {
+        lines.push(`ANTHROPIC_API_KEY=${sanitizeEnvValue(config.anthropicApiKey)}`);
+    }
+    if (config.anthropicBaseUrl) {
+        lines.push(`ANTHROPIC_BASE_URL=${sanitizeEnvValue(config.anthropicBaseUrl)}`);
+    }
+    if (config.anthropicAuthToken) {
+        lines.push(`ANTHROPIC_AUTH_TOKEN=${sanitizeEnvValue(config.anthropicAuthToken)}`);
+    }
+    if (config.anthropicModel) {
+        lines.push(`ANTHROPIC_MODEL=${sanitizeEnvValue(config.anthropicModel)}`);
+    }
+    // Use explicit profileCustomEnv if provided (pool mode), otherwise active profile
+    const customEnv = profileCustomEnv ?? getActiveProfileCustomEnv();
+    for (const [key, value] of Object.entries(customEnv)) {
+        if (RESERVED_CLAUDE_ENV_KEYS.has(key))
+            continue;
+        lines.push(`${key}=${sanitizeEnvValue(value)}`);
+    }
+    return lines;
+}
+export function getActiveProfileCustomEnv() {
+    const state = readStoredStateV4();
+    if (!state)
+        return {};
+    const enabled = state.providers.find((p) => p.enabled) || state.providers[0];
+    if (!enabled)
+        return {};
+    return sanitizeCustomEnvMap(enabled.customEnv || {}, {
+        skipReservedClaudeKeys: true,
+    });
+}
+export function appendClaudeConfigAudit(actor, action, changedFields, metadata) {
+    const entry = {
+        timestamp: new Date().toISOString(),
+        actor,
+        action,
+        changedFields,
+        metadata,
+    };
+    fs.mkdirSync(CLAUDE_CONFIG_DIR, { recursive: true });
+    fs.appendFileSync(CLAUDE_CONFIG_AUDIT_FILE, `${JSON.stringify(entry)}\n`, 'utf-8');
+}
+// ─── Per-container environment config ───────────────────────────
+const CONTAINER_ENV_DIR = path.join(DATA_DIR, 'config', 'container-env');
+function containerEnvPath(folder) {
+    if (folder.includes('..') || folder.includes('/')) {
+        throw new Error('Invalid folder name');
+    }
+    return path.join(CONTAINER_ENV_DIR, `${folder}.json`);
+}
+export function getContainerEnvConfig(folder) {
+    const filePath = containerEnvPath(folder);
+    try {
+        if (fs.existsSync(filePath)) {
+            return JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+        }
+    }
+    catch (err) {
+        logger.warn({ err, folder }, 'Failed to read container env config, returning defaults');
+    }
+    return {};
+}
+export function saveContainerEnvConfig(folder, config) {
+    // Sanitize all string fields to prevent env injection
+    const sanitized = { ...config };
+    if (sanitized.anthropicBaseUrl)
+        sanitized.anthropicBaseUrl = sanitizeEnvValue(sanitized.anthropicBaseUrl);
+    if (sanitized.anthropicAuthToken)
+        sanitized.anthropicAuthToken = sanitizeEnvValue(sanitized.anthropicAuthToken);
+    if (sanitized.anthropicApiKey)
+        sanitized.anthropicApiKey = sanitizeEnvValue(sanitized.anthropicApiKey);
+    if (sanitized.claudeCodeOauthToken)
+        sanitized.claudeCodeOauthToken = sanitizeEnvValue(sanitized.claudeCodeOauthToken);
+    if (sanitized.anthropicModel)
+        sanitized.anthropicModel = sanitizeEnvValue(sanitized.anthropicModel);
+    if (sanitized.customEnv) {
+        const cleanEnv = {};
+        for (const [k, v] of Object.entries(sanitized.customEnv)) {
+            if (DANGEROUS_ENV_VARS.has(k)) {
+                logger.warn({ key: k }, 'Rejected dangerous env variable in saveContainerEnvConfig');
+                continue;
+            }
+            cleanEnv[k] = sanitizeEnvValue(v);
+        }
+        sanitized.customEnv = cleanEnv;
+    }
+    fs.mkdirSync(CONTAINER_ENV_DIR, { recursive: true });
+    const tmp = `${containerEnvPath(folder)}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(sanitized, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, containerEnvPath(folder));
+}
+export function deleteContainerEnvConfig(folder) {
+    const filePath = containerEnvPath(folder);
+    try {
+        if (fs.existsSync(filePath))
+            fs.unlinkSync(filePath);
+    }
+    catch {
+        // ignore
+    }
+}
+export function toPublicContainerEnvConfig(config) {
+    return {
+        anthropicBaseUrl: config.anthropicBaseUrl || '',
+        hasAnthropicAuthToken: !!config.anthropicAuthToken,
+        hasAnthropicApiKey: !!config.anthropicApiKey,
+        hasClaudeCodeOauthToken: !!config.claudeCodeOauthToken,
+        anthropicAuthTokenMasked: maskSecret(config.anthropicAuthToken || ''),
+        anthropicApiKeyMasked: maskSecret(config.anthropicApiKey || ''),
+        claudeCodeOauthTokenMasked: maskSecret(config.claudeCodeOauthToken || ''),
+        anthropicModel: config.anthropicModel || '',
+        customEnv: config.customEnv || {},
+    };
+}
+/**
+ * Merge global config with per-container overrides.
+ * Non-empty per-container fields override the global value.
+ */
+export function mergeClaudeEnvConfig(global, override) {
+    return {
+        anthropicBaseUrl: override.anthropicBaseUrl || global.anthropicBaseUrl,
+        anthropicAuthToken: override.anthropicAuthToken || global.anthropicAuthToken,
+        anthropicApiKey: override.anthropicApiKey || global.anthropicApiKey,
+        claudeCodeOauthToken: override.claudeCodeOauthToken || global.claudeCodeOauthToken,
+        claudeOAuthCredentials: override.claudeOAuthCredentials ?? global.claudeOAuthCredentials,
+        anthropicModel: override.anthropicModel || global.anthropicModel,
+        updatedAt: global.updatedAt,
+    };
+}
+// ─── Registration config (plain JSON, no encryption) ─────────────
+const REGISTRATION_CONFIG_FILE = path.join(CLAUDE_CONFIG_DIR, 'registration.json');
+const DEFAULT_REGISTRATION_CONFIG = {
+    allowRegistration: true,
+    requireInviteCode: true,
+    updatedAt: null,
+};
+export function getRegistrationConfig() {
+    try {
+        if (!fs.existsSync(REGISTRATION_CONFIG_FILE)) {
+            return { ...DEFAULT_REGISTRATION_CONFIG };
+        }
+        const raw = JSON.parse(fs.readFileSync(REGISTRATION_CONFIG_FILE, 'utf-8'));
+        return {
+            allowRegistration: typeof raw.allowRegistration === 'boolean'
+                ? raw.allowRegistration
+                : true,
+            requireInviteCode: typeof raw.requireInviteCode === 'boolean'
+                ? raw.requireInviteCode
+                : true,
+            updatedAt: typeof raw.updatedAt === 'string' ? raw.updatedAt : null,
+        };
+    }
+    catch (err) {
+        logger.warn({ err }, 'Failed to read registration config, returning defaults');
+        return { ...DEFAULT_REGISTRATION_CONFIG };
+    }
+}
+export function saveRegistrationConfig(next) {
+    const config = {
+        allowRegistration: next.allowRegistration,
+        requireInviteCode: next.requireInviteCode,
+        updatedAt: new Date().toISOString(),
+    };
+    fs.mkdirSync(CLAUDE_CONFIG_DIR, { recursive: true });
+    const tmp = `${REGISTRATION_CONFIG_FILE}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(config, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, REGISTRATION_CONFIG_FILE);
+    return config;
+}
+/**
+ * Build full env lines: merged Claude config + custom env vars.
+ */
+export function buildContainerEnvLines(global, override, profileCustomEnv) {
+    const merged = mergeClaudeEnvConfig(global, override);
+    const lines = buildClaudeEnvLines(merged, profileCustomEnv);
+    // Append custom env vars (with safety sanitization as defense-in-depth)
+    if (override.customEnv) {
+        for (const [key, value] of Object.entries(override.customEnv)) {
+            if (!key || value === undefined)
+                continue;
+            if (!ENV_KEY_RE.test(key)) {
+                logger.warn({ key }, 'Skipping invalid env key in buildContainerEnvLines');
+                continue;
+            }
+            // Block dangerous environment variables
+            if (DANGEROUS_ENV_VARS.has(key)) {
+                logger.warn({ key }, 'Blocked dangerous env variable in buildContainerEnvLines');
+                continue;
+            }
+            // Strip control characters to prevent env injection
+            const sanitized = value.replace(/[\r\n\0]/g, '');
+            lines.push(`${key}=${sanitized}`);
+        }
+    }
+    return lines;
+}
+// ─── OAuth credentials file management ────────────────────────────
+/**
+ * Write .credentials.json to a Claude session directory.
+ * Format matches what Claude Code CLI/Agent SDK natively reads.
+ */
+export function writeCredentialsFile(sessionDir, config) {
+    const creds = config.claudeOAuthCredentials;
+    if (!creds)
+        return;
+    // Claude CLI requires scopes to recognize the token as valid.
+    // Fall back to a sensible default when the stored credentials lack scopes
+    // (e.g. tokens imported before scopes were captured).
+    const scopes = creds.scopes?.length
+        ? creds.scopes
+        : DEFAULT_CREDENTIAL_SCOPES;
+    const claudeAiOauth = {
+        accessToken: creds.accessToken,
+        refreshToken: creds.refreshToken,
+        expiresAt: creds.expiresAt,
+        scopes,
+    };
+    // Only include subscriptionType when explicitly configured — avoids
+    // misleading Claude CLI when the actual subscription tier is unknown.
+    if (creds.subscriptionType) {
+        claudeAiOauth.subscriptionType = creds.subscriptionType;
+    }
+    const credentialsData = { claudeAiOauth };
+    const filePath = path.join(sessionDir, '.credentials.json');
+    const tmp = `${filePath}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(credentialsData, null, 2) + '\n', {
+        encoding: 'utf-8',
+        mode: 0o644,
+    });
+    fs.renameSync(tmp, filePath);
+}
+/**
+ * Update .credentials.json in all existing session directories + host ~/.claude/
+ */
+export function updateAllSessionCredentials(config) {
+    if (!config.claudeOAuthCredentials)
+        return;
+    const sessionsDir = path.join(DATA_DIR, 'sessions');
+    try {
+        if (!fs.existsSync(sessionsDir))
+            return;
+        for (const folder of fs.readdirSync(sessionsDir)) {
+            const claudeDir = path.join(sessionsDir, folder, '.claude');
+            if (fs.existsSync(claudeDir) && fs.statSync(claudeDir).isDirectory()) {
+                try {
+                    writeCredentialsFile(claudeDir, config);
+                }
+                catch (err) {
+                    logger.warn({ err, folder }, 'Failed to write .credentials.json for session');
+                }
+            }
+            // Also update sub-agent session dirs
+            const agentsDir = path.join(sessionsDir, folder, 'agents');
+            if (fs.existsSync(agentsDir) && fs.statSync(agentsDir).isDirectory()) {
+                for (const agentId of fs.readdirSync(agentsDir)) {
+                    const agentClaudeDir = path.join(agentsDir, agentId, '.claude');
+                    if (fs.existsSync(agentClaudeDir) &&
+                        fs.statSync(agentClaudeDir).isDirectory()) {
+                        try {
+                            writeCredentialsFile(agentClaudeDir, config);
+                        }
+                        catch (err) {
+                            logger.warn({ err, folder, agentId }, 'Failed to write .credentials.json for agent session');
+                        }
+                    }
+                }
+            }
+        }
+    }
+    catch (err) {
+        logger.warn({ err }, 'Failed to update session credentials');
+    }
+    // Host mode uses CLAUDE_CONFIG_DIR=~/.cli-claw/sessions/{folder}/.claude for isolation,
+    // so we must NOT touch ~/.claude/.credentials.json to avoid interfering with
+    // the user's local Claude Code installation.
+}
+/**
+ * Read and parse OAuth credentials from ~/.claude/.credentials.json.
+ * Returns the raw oauth object with accessToken, refreshToken, expiresAt, scopes,
+ * or null if the file is missing / invalid / incomplete.
+ */
+function readLocalOAuthCredentials() {
+    const homeDir = process.env.HOME || '/root';
+    const credFile = path.join(homeDir, '.claude', '.credentials.json');
+    try {
+        if (!fs.existsSync(credFile))
+            return null;
+        const content = JSON.parse(fs.readFileSync(credFile, 'utf-8'));
+        const oauth = content?.claudeAiOauth;
+        if (oauth?.accessToken && oauth?.refreshToken) {
+            return {
+                accessToken: oauth.accessToken,
+                refreshToken: oauth.refreshToken,
+                expiresAt: typeof oauth.expiresAt === 'number' ? oauth.expiresAt : undefined,
+                scopes: Array.isArray(oauth.scopes) ? oauth.scopes : undefined,
+                subscriptionType: typeof oauth.subscriptionType === 'string'
+                    ? oauth.subscriptionType
+                    : undefined,
+            };
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Detect if the host machine has a valid ~/.claude/.credentials.json
+ * (i.e. user has logged into Claude Code locally).
+ */
+export function detectLocalClaudeCode() {
+    const oauth = readLocalOAuthCredentials();
+    if (oauth) {
+        return {
+            detected: true,
+            hasCredentials: true,
+            expiresAt: oauth.expiresAt ?? null,
+            accessTokenMasked: maskSecret(oauth.accessToken),
+        };
+    }
+    // Check if the file exists at all (detected but no valid credentials)
+    const homeDir = process.env.HOME || '/root';
+    const credFile = path.join(homeDir, '.claude', '.credentials.json');
+    const fileExists = fs.existsSync(credFile);
+    return {
+        detected: fileExists,
+        hasCredentials: false,
+        expiresAt: null,
+        accessTokenMasked: null,
+    };
+}
+/**
+ * Read local ~/.claude/.credentials.json and return parsed OAuth credentials.
+ * Returns null if not found or invalid.
+ */
+export function importLocalClaudeCredentials() {
+    const oauth = readLocalOAuthCredentials();
+    if (!oauth)
+        return null;
+    return {
+        accessToken: oauth.accessToken,
+        refreshToken: oauth.refreshToken,
+        expiresAt: oauth.expiresAt ?? Date.now() + 8 * 3600_000,
+        scopes: oauth.scopes ?? [],
+        ...(oauth.subscriptionType
+            ? { subscriptionType: oauth.subscriptionType }
+            : {}),
+    };
+}
+// ─── Appearance config (plain JSON, no encryption) ────────────────
+const APPEARANCE_CONFIG_FILE = path.join(CLAUDE_CONFIG_DIR, 'appearance.json');
+const DEFAULT_APPEARANCE_CONFIG = {
+    appName: ASSISTANT_NAME,
+    aiName: ASSISTANT_NAME,
+    aiAvatarEmoji: '\u{1F431}',
+    aiAvatarColor: '#0d9488',
+};
+export function getAppearanceConfig() {
+    try {
+        if (!fs.existsSync(APPEARANCE_CONFIG_FILE)) {
+            return { ...DEFAULT_APPEARANCE_CONFIG };
+        }
+        const raw = JSON.parse(fs.readFileSync(APPEARANCE_CONFIG_FILE, 'utf-8'));
+        return {
+            appName: typeof raw.appName === 'string' && raw.appName
+                ? raw.appName
+                : DEFAULT_APPEARANCE_CONFIG.appName,
+            aiName: typeof raw.aiName === 'string' && raw.aiName
+                ? raw.aiName
+                : DEFAULT_APPEARANCE_CONFIG.aiName,
+            aiAvatarEmoji: typeof raw.aiAvatarEmoji === 'string' && raw.aiAvatarEmoji
+                ? raw.aiAvatarEmoji
+                : DEFAULT_APPEARANCE_CONFIG.aiAvatarEmoji,
+            aiAvatarColor: typeof raw.aiAvatarColor === 'string' && raw.aiAvatarColor
+                ? raw.aiAvatarColor
+                : DEFAULT_APPEARANCE_CONFIG.aiAvatarColor,
+        };
+    }
+    catch (err) {
+        logger.warn({ err }, 'Failed to read appearance config, returning defaults');
+        return { ...DEFAULT_APPEARANCE_CONFIG };
+    }
+}
+export function saveAppearanceConfig(next) {
+    const existing = getAppearanceConfig();
+    const config = {
+        appName: next.appName || existing.appName,
+        aiName: next.aiName,
+        aiAvatarEmoji: next.aiAvatarEmoji,
+        aiAvatarColor: next.aiAvatarColor,
+        updatedAt: new Date().toISOString(),
+    };
+    fs.mkdirSync(CLAUDE_CONFIG_DIR, { recursive: true });
+    const tmp = `${APPEARANCE_CONFIG_FILE}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(config, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, APPEARANCE_CONFIG_FILE);
+    return {
+        appName: config.appName,
+        aiName: config.aiName,
+        aiAvatarEmoji: config.aiAvatarEmoji,
+        aiAvatarColor: config.aiAvatarColor,
+    };
+}
+// ─── Per-user IM config (AES-256-GCM encrypted) ─────────────────
+const USER_IM_CONFIG_DIR = path.join(DATA_DIR, 'config', 'user-im');
+function userImDir(userId) {
+    if (!/^[a-zA-Z0-9_-]+$/.test(userId)) {
+        throw new Error('Invalid userId');
+    }
+    return path.join(USER_IM_CONFIG_DIR, userId);
+}
+export function getUserFeishuConfig(userId) {
+    const filePath = path.join(userImDir(userId), 'feishu.json');
+    try {
+        if (!fs.existsSync(filePath))
+            return null;
+        const content = fs.readFileSync(filePath, 'utf-8');
+        const parsed = JSON.parse(content);
+        if (parsed.version !== 1)
+            return null;
+        const stored = parsed;
+        const secret = decryptChannelSecret(stored.secret);
+        return {
+            appId: normalizeFeishuAppId(stored.appId ?? ''),
+            appSecret: secret.appSecret,
+            enabled: stored.enabled,
+            updatedAt: stored.updatedAt || null,
+        };
+    }
+    catch (err) {
+        logger.warn({ err, userId }, 'Failed to read user Feishu config');
+        return null;
+    }
+}
+export function saveUserFeishuConfig(userId, next) {
+    const normalized = {
+        appId: normalizeFeishuAppId(next.appId),
+        appSecret: normalizeSecret(next.appSecret, 'appSecret'),
+        enabled: next.enabled,
+        updatedAt: new Date().toISOString(),
+    };
+    const payload = {
+        version: 1,
+        appId: normalized.appId,
+        enabled: normalized.enabled,
+        updatedAt: normalized.updatedAt || new Date().toISOString(),
+        secret: encryptChannelSecret({
+            appSecret: normalized.appSecret,
+        }),
+    };
+    const dir = userImDir(userId);
+    fs.mkdirSync(dir, { recursive: true });
+    const filePath = path.join(dir, 'feishu.json');
+    const tmp = `${filePath}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(payload, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, filePath);
+    return normalized;
+}
+export function getUserTelegramConfig(userId) {
+    const filePath = path.join(userImDir(userId), 'telegram.json');
+    try {
+        if (!fs.existsSync(filePath))
+            return null;
+        const content = fs.readFileSync(filePath, 'utf-8');
+        const parsed = JSON.parse(content);
+        if (parsed.version !== 1)
+            return null;
+        const stored = parsed;
+        const secret = decryptChannelSecret(stored.secret);
+        return {
+            botToken: secret.botToken,
+            proxyUrl: normalizeTelegramProxyUrl(stored.proxyUrl ?? ''),
+            enabled: stored.enabled,
+            updatedAt: stored.updatedAt || null,
+        };
+    }
+    catch (err) {
+        logger.warn({ err, userId }, 'Failed to read user Telegram config');
+        return null;
+    }
+}
+export function saveUserTelegramConfig(userId, next) {
+    const normalizedProxyUrl = next.proxyUrl
+        ? normalizeTelegramProxyUrl(next.proxyUrl)
+        : '';
+    const normalized = {
+        botToken: normalizeSecret(next.botToken, 'botToken'),
+        proxyUrl: normalizedProxyUrl || undefined,
+        enabled: next.enabled,
+        updatedAt: new Date().toISOString(),
+    };
+    const payload = {
+        version: 1,
+        proxyUrl: normalizedProxyUrl || undefined,
+        enabled: normalized.enabled,
+        updatedAt: normalized.updatedAt || new Date().toISOString(),
+        secret: encryptChannelSecret({
+            botToken: normalized.botToken,
+        }),
+    };
+    const dir = userImDir(userId);
+    fs.mkdirSync(dir, { recursive: true });
+    const filePath = path.join(dir, 'telegram.json');
+    const tmp = `${filePath}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(payload, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, filePath);
+    return normalized;
+}
+// ========== QQ User IM Config ==========
+export function getUserQQConfig(userId) {
+    const filePath = path.join(userImDir(userId), 'qq.json');
+    try {
+        if (!fs.existsSync(filePath))
+            return null;
+        const content = fs.readFileSync(filePath, 'utf-8');
+        const parsed = JSON.parse(content);
+        if (parsed.version !== 1)
+            return null;
+        const stored = parsed;
+        const secret = decryptChannelSecret(stored.secret);
+        return {
+            appId: normalizeFeishuAppId(stored.appId ?? ''),
+            appSecret: secret.appSecret,
+            enabled: stored.enabled,
+            updatedAt: stored.updatedAt || null,
+        };
+    }
+    catch (err) {
+        logger.warn({ err, userId }, 'Failed to read user QQ config');
+        return null;
+    }
+}
+export function saveUserQQConfig(userId, next) {
+    const normalized = {
+        appId: normalizeFeishuAppId(next.appId),
+        appSecret: normalizeSecret(next.appSecret, 'appSecret'),
+        enabled: next.enabled,
+        updatedAt: new Date().toISOString(),
+    };
+    const payload = {
+        version: 1,
+        appId: normalized.appId,
+        enabled: normalized.enabled,
+        updatedAt: normalized.updatedAt || new Date().toISOString(),
+        secret: encryptChannelSecret({
+            appSecret: normalized.appSecret,
+        }),
+    };
+    const dir = userImDir(userId);
+    fs.mkdirSync(dir, { recursive: true });
+    const filePath = path.join(dir, 'qq.json');
+    const tmp = `${filePath}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(payload, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, filePath);
+    return normalized;
+}
+export function getUserWeChatConfig(userId) {
+    const filePath = path.join(userImDir(userId), 'wechat.json');
+    try {
+        if (!fs.existsSync(filePath))
+            return null;
+        const content = fs.readFileSync(filePath, 'utf-8');
+        const parsed = JSON.parse(content);
+        if (parsed.version !== 1)
+            return null;
+        const stored = parsed;
+        const secret = decryptChannelSecret(stored.secret);
+        return {
+            botToken: secret.botToken,
+            ilinkBotId: (stored.ilinkBotId ?? '').trim(),
+            baseUrl: stored.baseUrl,
+            cdnBaseUrl: stored.cdnBaseUrl,
+            getUpdatesBuf: stored.getUpdatesBuf,
+            bypassProxy: stored.bypassProxy ?? true, // 默认直连
+            enabled: stored.enabled,
+            updatedAt: stored.updatedAt || null,
+        };
+    }
+    catch (err) {
+        logger.warn({ err, userId }, 'Failed to read user WeChat config');
+        return null;
+    }
+}
+export function saveUserWeChatConfig(userId, next) {
+    const normalized = {
+        botToken: normalizeSecret(next.botToken, 'botToken'),
+        ilinkBotId: (next.ilinkBotId ?? '').trim(),
+        baseUrl: next.baseUrl?.trim() || undefined,
+        cdnBaseUrl: next.cdnBaseUrl?.trim() || undefined,
+        getUpdatesBuf: next.getUpdatesBuf,
+        bypassProxy: next.bypassProxy ?? true,
+        enabled: next.enabled,
+        updatedAt: new Date().toISOString(),
+    };
+    const payload = {
+        version: 1,
+        ilinkBotId: normalized.ilinkBotId,
+        baseUrl: normalized.baseUrl,
+        cdnBaseUrl: normalized.cdnBaseUrl,
+        getUpdatesBuf: normalized.getUpdatesBuf,
+        bypassProxy: normalized.bypassProxy,
+        enabled: normalized.enabled,
+        updatedAt: normalized.updatedAt || new Date().toISOString(),
+        secret: encryptChannelSecret({
+            botToken: normalized.botToken,
+        }),
+    };
+    const dir = userImDir(userId);
+    fs.mkdirSync(dir, { recursive: true });
+    const filePath = path.join(dir, 'wechat.json');
+    const tmp = `${filePath}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(payload, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, filePath);
+    return normalized;
+}
+// ========== DingTalk User IM Config ==========
+export function getUserDingTalkConfig(userId) {
+    const filePath = path.join(userImDir(userId), 'dingtalk.json');
+    try {
+        if (!fs.existsSync(filePath))
+            return null;
+        const content = fs.readFileSync(filePath, 'utf-8');
+        const parsed = JSON.parse(content);
+        if (parsed.version !== 1)
+            return null;
+        const stored = parsed;
+        const secret = decryptChannelSecret(stored.secret);
+        return {
+            clientId: (stored.clientId ?? '').trim(),
+            clientSecret: secret.clientSecret,
+            enabled: stored.enabled,
+            updatedAt: stored.updatedAt || null,
+        };
+    }
+    catch (err) {
+        logger.warn({ err, userId }, 'Failed to read user DingTalk config');
+        return null;
+    }
+}
+export function saveUserDingTalkConfig(userId, next) {
+    const normalized = {
+        clientId: (next.clientId ?? '').trim(),
+        clientSecret: normalizeSecret(next.clientSecret, 'clientSecret'),
+        enabled: next.enabled,
+        updatedAt: new Date().toISOString(),
+    };
+    const payload = {
+        version: 1,
+        clientId: normalized.clientId,
+        enabled: normalized.enabled,
+        updatedAt: normalized.updatedAt || new Date().toISOString(),
+        secret: encryptChannelSecret({
+            clientSecret: normalized.clientSecret,
+        }),
+    };
+    const dir = userImDir(userId);
+    fs.mkdirSync(dir, { recursive: true });
+    const filePath = path.join(dir, 'dingtalk.json');
+    const tmp = `${filePath}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(payload, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, filePath);
+    return normalized;
+}
+// ─── System settings (plain JSON, no encryption) ─────────────────
+const SYSTEM_SETTINGS_FILE = path.join(CLAUDE_CONFIG_DIR, 'system-settings.json');
+const DEFAULT_SYSTEM_SETTINGS = {
+    containerTimeout: 1800000,
+    idleTimeout: 1800000,
+    containerMaxOutputSize: 10485760,
+    maxConcurrentContainers: 20,
+    maxConcurrentHostProcesses: 5,
+    maxLoginAttempts: 5,
+    loginLockoutMinutes: 15,
+    maxConcurrentScripts: 10,
+    scriptTimeout: 60000,
+    skillAutoSyncEnabled: false,
+    skillAutoSyncIntervalMinutes: 10,
+    billingEnabled: false,
+    billingMode: 'wallet_first',
+    billingMinStartBalanceUsd: 0.01,
+    billingCurrency: 'USD',
+    billingCurrencyRate: 1,
+};
+function parseIntEnv(envVar, fallback) {
+    if (!envVar)
+        return fallback;
+    const parsed = parseInt(envVar, 10);
+    return Number.isFinite(parsed) ? parsed : fallback;
+}
+function parseFloatEnv(envVar, fallback) {
+    if (!envVar)
+        return fallback;
+    const parsed = parseFloat(envVar);
+    return Number.isFinite(parsed) ? parsed : fallback;
+}
+// In-memory cache: avoid synchronous file I/O on hot paths (stdout data handler, queue capacity check)
+let _settingsCache = null;
+let _settingsMtimeMs = 0;
+function readSystemSettingsFromFile() {
+    if (!fs.existsSync(SYSTEM_SETTINGS_FILE))
+        return null;
+    const raw = JSON.parse(fs.readFileSync(SYSTEM_SETTINGS_FILE, 'utf-8'));
+    return {
+        containerTimeout: typeof raw.containerTimeout === 'number' && raw.containerTimeout > 0
+            ? raw.containerTimeout
+            : DEFAULT_SYSTEM_SETTINGS.containerTimeout,
+        idleTimeout: typeof raw.idleTimeout === 'number' && raw.idleTimeout > 0
+            ? raw.idleTimeout
+            : DEFAULT_SYSTEM_SETTINGS.idleTimeout,
+        containerMaxOutputSize: typeof raw.containerMaxOutputSize === 'number' &&
+            raw.containerMaxOutputSize > 0
+            ? raw.containerMaxOutputSize
+            : DEFAULT_SYSTEM_SETTINGS.containerMaxOutputSize,
+        maxConcurrentContainers: typeof raw.maxConcurrentContainers === 'number' &&
+            raw.maxConcurrentContainers > 0
+            ? raw.maxConcurrentContainers
+            : DEFAULT_SYSTEM_SETTINGS.maxConcurrentContainers,
+        maxConcurrentHostProcesses: typeof raw.maxConcurrentHostProcesses === 'number' &&
+            raw.maxConcurrentHostProcesses > 0
+            ? raw.maxConcurrentHostProcesses
+            : DEFAULT_SYSTEM_SETTINGS.maxConcurrentHostProcesses,
+        maxLoginAttempts: typeof raw.maxLoginAttempts === 'number' && raw.maxLoginAttempts > 0
+            ? raw.maxLoginAttempts
+            : DEFAULT_SYSTEM_SETTINGS.maxLoginAttempts,
+        loginLockoutMinutes: typeof raw.loginLockoutMinutes === 'number' && raw.loginLockoutMinutes > 0
+            ? raw.loginLockoutMinutes
+            : DEFAULT_SYSTEM_SETTINGS.loginLockoutMinutes,
+        maxConcurrentScripts: typeof raw.maxConcurrentScripts === 'number' &&
+            raw.maxConcurrentScripts > 0
+            ? raw.maxConcurrentScripts
+            : DEFAULT_SYSTEM_SETTINGS.maxConcurrentScripts,
+        scriptTimeout: typeof raw.scriptTimeout === 'number' && raw.scriptTimeout > 0
+            ? raw.scriptTimeout
+            : DEFAULT_SYSTEM_SETTINGS.scriptTimeout,
+        skillAutoSyncEnabled: typeof raw.skillAutoSyncEnabled === 'boolean'
+            ? raw.skillAutoSyncEnabled
+            : DEFAULT_SYSTEM_SETTINGS.skillAutoSyncEnabled,
+        skillAutoSyncIntervalMinutes: typeof raw.skillAutoSyncIntervalMinutes === 'number' &&
+            raw.skillAutoSyncIntervalMinutes >= 1
+            ? raw.skillAutoSyncIntervalMinutes
+            : DEFAULT_SYSTEM_SETTINGS.skillAutoSyncIntervalMinutes,
+        billingEnabled: typeof raw.billingEnabled === 'boolean'
+            ? raw.billingEnabled
+            : DEFAULT_SYSTEM_SETTINGS.billingEnabled,
+        billingMode: 'wallet_first',
+        billingMinStartBalanceUsd: typeof raw.billingMinStartBalanceUsd === 'number' &&
+            raw.billingMinStartBalanceUsd >= 0
+            ? raw.billingMinStartBalanceUsd
+            : DEFAULT_SYSTEM_SETTINGS.billingMinStartBalanceUsd,
+        billingCurrency: typeof raw.billingCurrency === 'string' && raw.billingCurrency
+            ? raw.billingCurrency
+            : DEFAULT_SYSTEM_SETTINGS.billingCurrency,
+        billingCurrencyRate: typeof raw.billingCurrencyRate === 'number' && raw.billingCurrencyRate > 0
+            ? raw.billingCurrencyRate
+            : DEFAULT_SYSTEM_SETTINGS.billingCurrencyRate,
+    };
+}
+function buildEnvFallbackSettings() {
+    return {
+        containerTimeout: parseIntEnv(process.env.CONTAINER_TIMEOUT, DEFAULT_SYSTEM_SETTINGS.containerTimeout),
+        idleTimeout: parseIntEnv(process.env.IDLE_TIMEOUT, DEFAULT_SYSTEM_SETTINGS.idleTimeout),
+        containerMaxOutputSize: parseIntEnv(process.env.CONTAINER_MAX_OUTPUT_SIZE, DEFAULT_SYSTEM_SETTINGS.containerMaxOutputSize),
+        maxConcurrentContainers: parseIntEnv(process.env.MAX_CONCURRENT_CONTAINERS, DEFAULT_SYSTEM_SETTINGS.maxConcurrentContainers),
+        maxConcurrentHostProcesses: parseIntEnv(process.env.MAX_CONCURRENT_HOST_PROCESSES, DEFAULT_SYSTEM_SETTINGS.maxConcurrentHostProcesses),
+        maxLoginAttempts: parseIntEnv(process.env.MAX_LOGIN_ATTEMPTS, DEFAULT_SYSTEM_SETTINGS.maxLoginAttempts),
+        loginLockoutMinutes: parseIntEnv(process.env.LOGIN_LOCKOUT_MINUTES, DEFAULT_SYSTEM_SETTINGS.loginLockoutMinutes),
+        maxConcurrentScripts: parseIntEnv(process.env.MAX_CONCURRENT_SCRIPTS, DEFAULT_SYSTEM_SETTINGS.maxConcurrentScripts),
+        scriptTimeout: parseIntEnv(process.env.SCRIPT_TIMEOUT, DEFAULT_SYSTEM_SETTINGS.scriptTimeout),
+        skillAutoSyncEnabled: process.env.SKILL_AUTO_SYNC_ENABLED === 'true' ||
+            DEFAULT_SYSTEM_SETTINGS.skillAutoSyncEnabled,
+        skillAutoSyncIntervalMinutes: parseIntEnv(process.env.SKILL_AUTO_SYNC_INTERVAL_MINUTES, DEFAULT_SYSTEM_SETTINGS.skillAutoSyncIntervalMinutes),
+        billingEnabled: process.env.BILLING_ENABLED === 'true' ||
+            DEFAULT_SYSTEM_SETTINGS.billingEnabled,
+        billingMode: 'wallet_first',
+        billingMinStartBalanceUsd: parseFloatEnv(process.env.BILLING_MIN_START_BALANCE_USD, DEFAULT_SYSTEM_SETTINGS.billingMinStartBalanceUsd),
+        billingCurrency: process.env.BILLING_CURRENCY || DEFAULT_SYSTEM_SETTINGS.billingCurrency,
+        billingCurrencyRate: parseFloatEnv(process.env.BILLING_CURRENCY_RATE, DEFAULT_SYSTEM_SETTINGS.billingCurrencyRate),
+    };
+}
+export function getSystemSettings() {
+    // Fast path: return cached value if file hasn't changed (single stat)
+    if (_settingsCache) {
+        try {
+            const mtimeMs = fs.statSync(SYSTEM_SETTINGS_FILE).mtimeMs;
+            if (mtimeMs === _settingsMtimeMs)
+                return _settingsCache;
+        }
+        catch {
+            return _settingsCache; // file gone or stat failed — cached value is still valid
+        }
+    }
+    // 1. Try reading from file
+    try {
+        const settings = readSystemSettingsFromFile();
+        if (settings) {
+            _settingsCache = settings;
+            try {
+                _settingsMtimeMs = fs.statSync(SYSTEM_SETTINGS_FILE).mtimeMs;
+            }
+            catch {
+                /* ignore */
+            }
+            return settings;
+        }
+    }
+    catch (err) {
+        if (err.code !== 'ENOENT') {
+            logger.warn({ err }, 'Failed to read system settings, falling back to env/defaults');
+        }
+    }
+    // 2. Fall back to env vars, then hardcoded defaults
+    const settings = buildEnvFallbackSettings();
+    _settingsCache = settings;
+    _settingsMtimeMs = 0; // no file — will re-check on next call
+    return settings;
+}
+export function saveSystemSettings(partial) {
+    const existing = getSystemSettings();
+    const merged = { ...existing, ...partial };
+    // Range validation
+    if (merged.containerTimeout < 60000)
+        merged.containerTimeout = 60000; // min 1 min
+    if (merged.containerTimeout > 86400000)
+        merged.containerTimeout = 86400000; // max 24 hours
+    if (merged.idleTimeout < 60000)
+        merged.idleTimeout = 60000;
+    if (merged.idleTimeout > 86400000)
+        merged.idleTimeout = 86400000;
+    if (merged.containerMaxOutputSize < 1048576)
+        merged.containerMaxOutputSize = 1048576; // min 1MB
+    if (merged.containerMaxOutputSize > 104857600)
+        merged.containerMaxOutputSize = 104857600; // max 100MB
+    if (merged.maxConcurrentContainers < 1)
+        merged.maxConcurrentContainers = 1;
+    if (merged.maxConcurrentContainers > 100)
+        merged.maxConcurrentContainers = 100;
+    if (merged.maxConcurrentHostProcesses < 1)
+        merged.maxConcurrentHostProcesses = 1;
+    if (merged.maxConcurrentHostProcesses > 50)
+        merged.maxConcurrentHostProcesses = 50;
+    if (merged.maxLoginAttempts < 1)
+        merged.maxLoginAttempts = 1;
+    if (merged.maxLoginAttempts > 100)
+        merged.maxLoginAttempts = 100;
+    if (merged.loginLockoutMinutes < 1)
+        merged.loginLockoutMinutes = 1;
+    if (merged.loginLockoutMinutes > 1440)
+        merged.loginLockoutMinutes = 1440; // max 24 hours
+    if (merged.maxConcurrentScripts < 1)
+        merged.maxConcurrentScripts = 1;
+    if (merged.maxConcurrentScripts > 50)
+        merged.maxConcurrentScripts = 50;
+    if (merged.scriptTimeout < 5000)
+        merged.scriptTimeout = 5000; // min 5s
+    if (merged.scriptTimeout > 600000)
+        merged.scriptTimeout = 600000; // max 10 min
+    if (merged.skillAutoSyncIntervalMinutes < 1)
+        merged.skillAutoSyncIntervalMinutes = 1;
+    if (merged.skillAutoSyncIntervalMinutes > 1440)
+        merged.skillAutoSyncIntervalMinutes = 1440; // max 24h
+    merged.billingMode = 'wallet_first';
+    if (merged.billingMinStartBalanceUsd < 0)
+        merged.billingMinStartBalanceUsd =
+            DEFAULT_SYSTEM_SETTINGS.billingMinStartBalanceUsd;
+    if (merged.billingMinStartBalanceUsd > 1000000)
+        merged.billingMinStartBalanceUsd = 1000000;
+    fs.mkdirSync(CLAUDE_CONFIG_DIR, { recursive: true });
+    const tmp = `${SYSTEM_SETTINGS_FILE}.tmp`;
+    fs.writeFileSync(tmp, JSON.stringify(merged, null, 2) + '\n', 'utf-8');
+    fs.renameSync(tmp, SYSTEM_SETTINGS_FILE);
+    // Update in-memory cache immediately
+    _settingsCache = merged;
+    try {
+        _settingsMtimeMs = fs.statSync(SYSTEM_SETTINGS_FILE).mtimeMs;
+    }
+    catch {
+        /* ignore */
+    }
+    return merged;
+}
+/**
+ * 解析 OAuth usage bucket 对象
+ * 运行时类型守卫，验证 API 响应结构
+ */
+export function parseOAuthUsageBucket(v) {
+    if (!v || typeof v !== 'object')
+        return null;
+    const obj = v;
+    if (typeof obj.utilization !== 'number' || typeof obj.resets_at !== 'string')
+        return null;
+    return { utilization: obj.utilization, resets_at: obj.resets_at };
+}