npm - evolclaw - Versions diffs - 3.1.11 → 3.2.0 - Mend

evolclaw 3.1.11 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/CHANGELOG.md +24 -0
package/README.md +26 -0
package/dist/agents/kit-renderer.js +5 -1
package/dist/agents/manifest-engine.js +108 -35
package/dist/agents/message-renderer.js +2 -0
package/dist/aun/aid/control-aid.js +67 -0
package/dist/aun/aid/identity.js +20 -7
package/dist/aun/aid/store.js +2 -2
package/dist/channels/aun.js +161 -61
package/dist/channels/feishu.js +3 -3
package/dist/cli/agent.js +38 -10
package/dist/cli/index.js +31 -3
package/dist/cli/init-channel.js +38 -148
package/dist/cli/init.js +162 -82
package/dist/config-store.js +38 -7
package/dist/core/cache/file-cache.js +216 -0
package/dist/core/command-handler.js +291 -68
package/dist/core/evolagent-registry.js +3 -0
package/dist/core/evolagent.js +28 -23
package/dist/core/message/command-handler-agent-control.js +153 -0
package/dist/core/message/create-status.js +67 -0
package/dist/core/message/message-bridge.js +5 -3
package/dist/core/message/message-processor.js +44 -36
package/dist/core/message/message-queue.js +13 -6
package/dist/core/model/model-scope.js +39 -6
package/dist/core/session/adapters/claude-session-file-adapter.js +48 -5
package/dist/evolclaw-config.js +11 -0
package/dist/index.js +57 -2
package/dist/ipc.js +6 -0
package/dist/paths.js +7 -3
package/kits/templates/message-fragments/item.md +1 -1
package/package.json +1 -1

package/dist/core/cache/file-cache.js ADDED Viewed

@@ -0,0 +1,216 @@
+/**
+ * FileCache —— 统一的文件缓存（daemon-only）。
+ *
+ * daemon 每条消息处理时读大量文件（manifest、fragment、md、working memory、
+ * 关系级 preferences 等）。本类统一缓存"文件 → 解析后内容"，按策略门控变化检查。
+ *
+ * 设计与边界详见 docs/file-cache-design.md：
+ *  - 不接管 EvolAgent 的 merged config（agent/defaults 由 EvolAgent 持有权威副本）。
+ *  - daemon-only：CLI 短命进程仍直读最新盘值，不用本缓存。
+ *  - 只缓存"文件 → 解析后内容"，不缓存按 vars 渲染后的结果。
+ *
+ * 策略（reload/重启永远全量失效，无视策略；策略只决定"平时每次读怎么检查"）：
+ *  - on-reload：平时不检查，直接用缓存（kits 文件、persona）。靠 reload/重启刷新。
+ *  - manual：同 on-reload，额外支持显式 invalidate(file) 单刷。
+ *  - mtime：每次读 statSync 门控 mtime，变了自动重读（working.md、preferences.json）。
+ *
+ * 容量：项数可无界增长的组（如 relation-prefs，每 peer 一文件）设 LRU 硬上限
+ * （见 GROUP_CAPS），命中/写入移到末尾、超限驱逐同组最旧项；无 timer。
+ * 项数固定的组（kits、per-agent 身份层）不设限。
+ *
+ * 监控：内置命中/读盘/驱逐/失效计数（总计 + 按 group + 按 policy），stats() 导出
+ * 快照供 watch web 的 Cache 页展示（经 IPC 'cache-stats'）。计数是整数自增，热路径无感。
+ */
+import fs from 'fs';
+const GROUP_NONE = '(none)'; // group 未指定时的归类键
+function newCounters() {
+    return { gets: 0, hits: 0, misses: 0, statChecks: 0, reReads: 0, evictions: 0, invalidations: 0 };
+}
+/**
+ * 按组的容量上限（LRU）。只有"项数可无界增长"的组才设限——典型是关系级
+ * preferences，每个 peer 一个文件，daemon 长跑接触的 peer 越来越多。
+ * kits（项数随包固定）、per-agent 身份层（agent 数量有限）不设限，不在此表即无限。
+ * 命中/写入都把 key 移到 Map 末尾（Map 保留插入序 → 头部即最久未用），
+ * 超限时从头部驱逐同组最旧项。无 timer，确定性 bound。
+ */
+const GROUP_CAPS = {
+    'relation-prefs': 512,
+};
+export class FileCache {
+    cache = new Map();
+    // 监控计数器（总计 + 按 group + 按 policy）。group 未指定归入 GROUP_NONE。
+    since = Date.now();
+    totals = newCounters();
+    byGroup = new Map();
+    byPolicy = {
+        'on-reload': newCounters(), 'manual': newCounters(), 'mtime': newCounters(),
+    };
+    /** 取（或建）某 group 的计数器。 */
+    groupCounters(group) {
+        const key = group ?? GROUP_NONE;
+        let c = this.byGroup.get(key);
+        if (!c) {
+            c = newCounters();
+            this.byGroup.set(key, c);
+        }
+        return c;
+    }
+    /** 同一事件按 总计/group/policy 三维各加一次。delta 缺省 1。 */
+    bump(group, policy, field, delta = 1) {
+        this.totals[field] += delta;
+        this.groupCounters(group)[field] += delta;
+        this.byPolicy[policy][field] += delta;
+    }
+    /**
+     * 读取并缓存文件。loader 把原始内容（UTF-8 字符串；文件不存在时为 null）转成目标值。
+     * 同一 file 的 policy/group 以首次注册为准。
+     * opts.read 可注入自定义读取器（如 atomicRead 保留崩溃恢复）；缺省 readFileOrNull。
+     */
+    get(file, loader, opts) {
+        const existing = this.cache.get(file);
+        const read = opts.read ?? readFileOrNull;
+        this.bump(opts.group, opts.policy, 'gets');
+        if (opts.policy === 'mtime') {
+            const mtimeMs = statMtime(file);
+            this.bump(opts.group, opts.policy, 'statChecks');
+            if (existing && existing.mtimeMs === mtimeMs) {
+                this.bump(opts.group, opts.policy, 'hits');
+                this.touch(file, existing);
+                return existing.value;
+            }
+            // 已有条目但 mtime 变了 → 带外改后重读（区别于首次 miss）
+            if (existing)
+                this.bump(opts.group, opts.policy, 'reReads');
+            this.bump(opts.group, opts.policy, 'misses');
+            const raw = read(file);
+            const value = loader(raw);
+            this.store(file, { policy: 'mtime', group: opts.group, mtimeMs, value, bytes: approxBytes(raw) });
+            return value;
+        }
+        // on-reload / manual：命中即用，不检查文件
+        if (existing) {
+            this.bump(opts.group, opts.policy, 'hits');
+            this.touch(file, existing);
+            return existing.value;
+        }
+        this.bump(opts.group, opts.policy, 'misses');
+        const raw = read(file);
+        const value = loader(raw);
+        this.store(file, { policy: opts.policy, group: opts.group, value, bytes: approxBytes(raw) });
+        return value;
+    }
+    /** 命中时把 key 移到 Map 末尾，维持 LRU 顺序（仅对设了容量上限的组有意义）。 */
+    touch(file, entry) {
+        if (entry.group === undefined || GROUP_CAPS[entry.group] === undefined)
+            return;
+        this.cache.delete(file);
+        this.cache.set(file, entry);
+    }
+    /** 写入并对设限组做 LRU 驱逐（踢同组最久未用项）。 */
+    store(file, entry) {
+        this.cache.delete(file); // 确保重写时移到末尾
+        this.cache.set(file, entry);
+        const cap = entry.group !== undefined ? GROUP_CAPS[entry.group] : undefined;
+        if (cap === undefined)
+            return;
+        // Map 按插入序遍历，头部即最久未用；驱逐同组超出容量的最旧项。
+        let count = 0;
+        for (const e of this.cache.values())
+            if (e.group === entry.group)
+                count++;
+        if (count <= cap)
+            return;
+        for (const [k, e] of this.cache) {
+            if (count <= cap)
+                break;
+            if (e.group === entry.group) {
+                this.cache.delete(k);
+                count--;
+                this.bump(e.group, e.policy, 'evictions');
+            }
+        }
+    }
+    /** 读纯文本的便捷封装（文件不存在返回 null）。 */
+    getText(file, opts) {
+        return this.get(file, (raw) => raw, opts);
+    }
+    /** 单文件失效（manual 策略单刷 / 精确失效）。 */
+    invalidate(file) {
+        const entry = this.cache.get(file);
+        if (this.cache.delete(file) && entry)
+            this.bump(entry.group, entry.policy, 'invalidations');
+    }
+    /** 按组失效（reload 钩子失效一组，如 'kits' / 'agent-files:<aid>'）。 */
+    invalidateGroup(group) {
+        for (const [file, entry] of this.cache) {
+            if (entry.group === group) {
+                this.cache.delete(file);
+                this.bump(entry.group, entry.policy, 'invalidations');
+            }
+        }
+    }
+    /** 全量失效（reload / 升级兜底）。 */
+    invalidateAll() {
+        for (const entry of this.cache.values())
+            this.bump(entry.group, entry.policy, 'invalidations');
+        this.cache.clear();
+    }
+    /** 当前缓存条目数（诊断用）。 */
+    size() {
+        return this.cache.size;
+    }
+    /**
+     * 运行时统计快照（监控用）。累计计数 O(1) 取出；占用（size/内存/容量）即时遍历
+     * 当前 entries 算出——条目数有限（kits 固定、relation-prefs 有 LRU 上限），便宜。
+     */
+    stats() {
+        const occupancy = {};
+        for (const entry of this.cache.values()) {
+            const key = entry.group ?? GROUP_NONE;
+            let occ = occupancy[key];
+            if (!occ) {
+                occ = { size: 0, bytes: 0, cap: GROUP_CAPS[key] ?? null };
+                occupancy[key] = occ;
+            }
+            occ.size++;
+            occ.bytes += entry.bytes;
+        }
+        const byGroup = {};
+        for (const [k, c] of this.byGroup)
+            byGroup[k] = { ...c };
+        return {
+            since: this.since,
+            size: this.cache.size,
+            totals: { ...this.totals },
+            byGroup,
+            byPolicy: {
+                'on-reload': { ...this.byPolicy['on-reload'] },
+                'manual': { ...this.byPolicy['manual'] },
+                'mtime': { ...this.byPolicy['mtime'] },
+            },
+            occupancy,
+        };
+    }
+}
+function statMtime(file) {
+    try {
+        return fs.statSync(file).mtimeMs;
+    }
+    catch {
+        return null; // 文件不存在
+    }
+}
+function readFileOrNull(file) {
+    try {
+        return fs.readFileSync(file, 'utf-8');
+    }
+    catch {
+        return null;
+    }
+}
+/** 缓存值内存占用近似：用读入的原始字符串长度（字节级近似），null 记 0。 */
+function approxBytes(raw) {
+    return raw === null ? 0 : raw.length;
+}
+/** daemon 单例。CLI 进程不应使用本实例。 */
+export const fileCache = new FileCache();

package/dist/core/command-handler.js CHANGED Viewed

@@ -13,6 +13,9 @@ import { parseTriggerSet, parseTriggerUpdate } from './trigger/parser.js';
 import { calcNextFireAt } from './trigger/scheduler.js';
 import { checkLatestVersion, getLocalVersion, isLinkedInstall, compareVersions } from '../utils/npm-ops.js';
 import { tryParseChannelKey } from './channel-loader.js';
+import { loadDefaults } from '../config-store.js';
+import { loadEvolclawConfig } from '../evolclaw-config.js';
+import { execAgentAction, execAgentQuery, execAgentOptions, resolveProjectPath } from './message/command-handler-agent-control.js';
 const allEfforts = ['low', 'medium', 'high', 'xhigh', 'max'];
 const nonMaxEfforts = allEfforts.filter(e => e !== 'max' && e !== 'xhigh');
 // ── CLI 透传（menu.action name=cli action=exec）─────────────────────────
@@ -573,8 +576,37 @@ export class CommandHandler {
         return items;
     }
     /** 动态子菜单：根据 cmd 路径返回选项列表（供 menu.query + cmd 使用） */
-    async getSubMenuItems(cmd, channel, channelId, userId) {
+    async getSubMenuItems(cmd, channel, channelId, userId, args) {
         const session = await this.sessionManager.getActiveSession(channel, channelId);
+        // ── 进程级 /agent list（owners 鉴权） ──
+        if (cmd === '/agent') {
+            if (!isProcessLevelOwner(userId, loadEvolclawConfig().owners)) {
+                throw { code: 'FORBIDDEN', message: '操作需要 owner 权限' };
+            }
+            const res = await execAgentOptions(args);
+            if ('error' in res)
+                throw { code: res.code, message: res.error };
+            return res.data.agents.map(ag => ({ value: ag.aid, label: ag.name || ag.aid, desc: ag.status }));
+        }
+        // ── 关系级 /trigger list（每个 trigger 一个 MenuItem） ──
+        if (cmd === '/trigger') {
+            const owningAgent = this.getOwningAgent(channel);
+            const manager = (owningAgent?.triggerManager ?? this.triggerManager);
+            if (!manager)
+                return [];
+            const scope = args?.options === 'all' ? 'all' : 'enabled';
+            const role = this.sessionManager.resolveIdentity(channel, userId).role;
+            const isAdmin = role === 'owner' || role === 'admin';
+            const all = manager.listAll();
+            const list = scope === 'all' ? all.active.concat(all.history) : manager.listActive();
+            const visible = isAdmin ? list
+                : list.filter((t) => t.createdByPeerId === (userId ?? '') && t.createdByChannel === channel);
+            return visible.map((t) => ({
+                value: t.id,
+                label: t.name,
+                desc: `${t.scheduleType}${t.nextFireAt ? ` | 下次 ${new Date(t.nextFireAt).toLocaleString()}` : ''}`,
+            }));
+        }
         if (cmd === '/s' || cmd === '/session' || cmd === '/del') {
             const sessions = await this.sessionManager.listSessions(channel, channelId);
             const active = cmd === '/del' ? await this.sessionManager.getActiveSession(channel, channelId) : null;
@@ -698,12 +730,18 @@ export class CommandHandler {
         return s ? null : { error: '当前无活跃会话', code: 'NO_ACTIVE_SESSION' };
     }
     /** menu.query — 查询当前值。 */
-    async execMenuQuery(cmd, channel, channelId, userId) {
-        void userId;
+    async execMenuQuery(cmd, channel, channelId, userId, args) {
         const cmdBase = cmd.trim().split(' ')[0];
         if (!cmdBase)
             return { error: '缺少命令', code: 'MISSING_CMD' };
         const { session, evolagent } = await this.loadMenuContext(channel, channelId);
+        // ── 进程级 /agent（owners 鉴权） ──
+        if (cmdBase === '/agent') {
+            if (!isProcessLevelOwner(userId, loadEvolclawConfig().owners)) {
+                return { error: '操作需要 owner 权限', code: 'FORBIDDEN' };
+            }
+            return await execAgentQuery(args);
+        }
         if (cmdBase === '/pwd') {
             const sessPath = session?.projectPath;
             const fallbackPath = evolagent?.config?.projects?.defaultPath;
@@ -792,6 +830,9 @@ export class CommandHandler {
             const fallback = evolagent?.config?.dispatch;
             return { data: { mode: sessionMode ?? fallback ?? null } };
         }
+        if (cmdBase === '/observable') {
+            return { data: { observable: evolagent?.getObservable() ?? false } };
+        }
         if (cmdBase === '/perm') {
             const need = this.requireSession(session);
             if (need)
@@ -804,6 +845,9 @@ export class CommandHandler {
             return { data: { mode: currentMode } };
         }
         if (cmdBase === '/system') {
+            if (!isProcessLevelOwner(userId, loadEvolclawConfig().owners)) {
+                return { error: '操作需要 owner 权限', code: 'FORBIDDEN' };
+            }
             const owningAgent = this.getOwningAgent(channel);
             const data = {
                 agent: owningAgent?.name ?? 'DefaultAgent',
@@ -836,6 +880,56 @@ export class CommandHandler {
             return { error: '缺少 value 参数', code: 'MISSING_VALUE' };
         const { session, evolagent } = await this.loadMenuContext(channel, channelId);
         const identity = this.sessionManager.resolveIdentity(channel, userId);
+        // ── 关系级 /trigger update（调度参数，value 为 JSON 字符串） ──
+        if (cmdBase === '/trigger') {
+            const owningAgent = this.getOwningAgent(channel);
+            const manager = (owningAgent?.triggerManager ?? this.triggerManager);
+            const scheduler = (owningAgent?.triggerScheduler ?? this.triggerScheduler);
+            if (!manager || !scheduler)
+                return { error: '触发器功能未启用', code: 'NOT_SUPPORTED' };
+            let patch;
+            try {
+                patch = JSON.parse(arg);
+            }
+            catch {
+                return { error: 'value 需为 JSON', code: 'INVALID_ARGS' };
+            }
+            if (!patch?.nameOrId)
+                return { error: '缺少 nameOrId', code: 'INVALID_ARGS' };
+            const isAdmin = identity.role === 'owner' || identity.role === 'admin';
+            if (!isAdmin && !userId)
+                return { error: '无法确认身份，请确保渠道提供发送者 ID', code: 'FORBIDDEN' };
+            const trigger = isAdmin
+                ? (manager.getByName(patch.nameOrId) ?? manager.getById(patch.nameOrId))
+                : (manager.getByNameScoped(patch.nameOrId, userId ?? '', channel) ?? manager.getByIdScoped(patch.nameOrId, userId ?? '', channel));
+            if (!trigger)
+                return { error: '触发器不存在或无权限', code: 'NOT_FOUND' };
+            const fields = {};
+            if (patch.scheduleType !== undefined)
+                fields.scheduleType = patch.scheduleType;
+            if (patch.scheduleValue !== undefined)
+                fields.scheduleValue = String(patch.scheduleValue);
+            if (patch.prompt !== undefined)
+                fields.prompt = String(patch.prompt);
+            // 调度参数变化时重算 nextFireAt——先校验避免 NaN 污染 scheduler heap
+            if (fields.scheduleType !== undefined || fields.scheduleValue !== undefined) {
+                const effType = fields.scheduleType ?? trigger.scheduleType;
+                const effValue = fields.scheduleValue ?? trigger.scheduleValue;
+                const schedErr = validateScheduleParams(effType, effValue);
+                if (schedErr)
+                    return { error: schedErr, code: 'INVALID_ARGS' };
+                fields.nextFireAt = calcNextFireAt(effType, effValue, Date.now());
+            }
+            let updated;
+            try {
+                updated = manager.update(trigger.id, fields);
+            }
+            catch (err) {
+                return { error: `更新失败：${err?.message || err}`, code: 'INVALID_ARGS' };
+            }
+            scheduler.update(updated);
+            return { data: { id: updated.id, nextFireAt: updated.nextFireAt } };
+        }
         if (cmdBase === '/baseagent') {
             const valid = this.getAvailableBaseagents(channel);
             if (valid.length && !valid.includes(arg)) {
@@ -945,6 +1039,16 @@ export class CommandHandler {
             this.agentRegistry.setShowActivities(channel, newMode);
             return { data: { mode: newMode } };
         }
+        if (cmdBase === '/observable') {
+            if (identity.role !== 'owner')
+                return { error: '观察者模式仅限 owner 开关', code: 'NO_PERMISSION' };
+            if (arg !== 'true' && arg !== 'false')
+                return { error: `无效值: ${arg}，可选: true / false`, code: 'INVALID_VALUE' };
+            if (!evolagent)
+                return { error: '找不到通道所属 agent，无法持久化', code: 'EXEC_FAILED' };
+            evolagent.setObservable(arg === 'true');
+            return { data: { observable: arg === 'true' } };
+        }
         return { error: `不支持 update: ${cmdBase}`, code: 'NOT_SUPPORTED' };
     }
     /** menu.action — 触发动词。 */
@@ -956,6 +1060,77 @@ export class CommandHandler {
             return { error: '缺少 action', code: 'MISSING_VALUE' };
         const { session } = await this.loadMenuContext(channel, channelId);
         const identity = this.sessionManager.resolveIdentity(channel, userId);
+        // ── 进程级 /agent（owners 鉴权，不依赖 session/channel） ──
+        // NOTE(D5): 本次进程级 /agent 仅按 evolclaw.json owners 鉴权，任意 evolagent 的 AUN
+        // channel 均可作为入口。part1（daemon 控制 AID）落地后，应叠加 isControlChannel(channelId)
+        // 闸：仅控制 AID channel 上的 /agent /system 生效。见 part1 计划。
+        if (cmdBase === '/agent') {
+            if (!isProcessLevelOwner(userId, loadEvolclawConfig().owners)) {
+                return { error: '操作需要 owner 权限', code: 'FORBIDDEN' };
+            }
+            const a = { ...(args ?? {}) };
+            if (action === 'create') {
+                a.project = resolveProjectPath(a.project, a.aid ?? '', loadDefaults());
+            }
+            return await execAgentAction(action, a, userId ?? '');
+        }
+        // ── 关系级 /trigger（不走 owners；复用 isAdmin + scoped 逻辑，D4 直调底层） ──
+        if (cmdBase === '/trigger') {
+            const role = identity.role;
+            const isAdmin = role === 'owner' || role === 'admin';
+            const owningAgent = this.getOwningAgent(channel);
+            const manager = (owningAgent?.triggerManager ?? this.triggerManager);
+            const scheduler = (owningAgent?.triggerScheduler ?? this.triggerScheduler);
+            if (!manager || !scheduler)
+                return { error: '触发器功能未启用', code: 'NOT_SUPPORTED' };
+            if (action === 'set') {
+                // args 结构化 → 直接组装 ParsedTriggerSet（绕过 parseTriggerSet 文本解析，无注入风险）
+                if (!args?.scheduleType || !args?.scheduleValue || !args?.prompt) {
+                    return { error: '缺少必填参数：scheduleType / scheduleValue / prompt', code: 'INVALID_ARGS' };
+                }
+                // menu 路径绕过了 parseTriggerSet 的校验，必须自行校验枚举/数值，
+                // 否则非法值会传到 calcNextFireAt 产出 NaN nextFireAt，污染 scheduler heap。
+                const schedErr = validateScheduleParams(args.scheduleType, String(args.scheduleValue));
+                if (schedErr)
+                    return { error: schedErr, code: 'INVALID_ARGS' };
+                const strategy = args.targetSessionStrategy ?? 'latest';
+                if (!['latest', 'current', 'thread'].includes(strategy)) {
+                    return { error: `无效 targetSessionStrategy: ${strategy}`, code: 'INVALID_ARGS' };
+                }
+                const parsed = {
+                    scheduleType: args.scheduleType,
+                    scheduleValue: String(args.scheduleValue),
+                    prompt: String(args.prompt),
+                    name: args.name,
+                    targetChannel: args.targetChannel,
+                    targetChannelId: args.targetChannelId,
+                    targetThreadId: args.targetThreadId,
+                    targetSessionStrategy: strategy,
+                    agentId: args.agentId,
+                };
+                const r = await this.registerTriggerFromParsed(parsed, channel, channelId, userId ?? '', undefined);
+                if (!r.ok)
+                    return { error: r.error, code: /已存在|exists|重复/.test(r.error) ? 'CONFLICT' : 'INVALID_ARGS' };
+                return { data: { id: r.trigger.id, name: r.trigger.name, nextFireAt: r.trigger.nextFireAt } };
+            }
+            if (action === 'cancel') {
+                const nameOrId = args?.nameOrId;
+                if (!nameOrId)
+                    return { error: '缺少 nameOrId', code: 'INVALID_ARGS' };
+                if (!isAdmin && !userId)
+                    return { error: '无法确认身份，请确保渠道提供发送者 ID', code: 'FORBIDDEN' };
+                const trigger = isAdmin
+                    ? (manager.getByName(nameOrId) ?? manager.getById(nameOrId))
+                    : (manager.getByNameScoped(nameOrId, userId ?? '', channel) ?? manager.getByIdScoped(nameOrId, userId ?? '', channel));
+                if (!trigger)
+                    return { error: '触发器不存在或无权限', code: 'NOT_FOUND' };
+                manager.moveToDone(trigger.id, 'cancelled');
+                scheduler.cancel(trigger.id);
+                this.eventBus.publish({ type: 'trigger:cancelled', triggerId: trigger.id, by: userId ?? '' });
+                return { data: { id: trigger.id, cancelled: true } };
+            }
+            return { error: `不支持的 trigger action: ${action}`, code: 'INVALID_ARGS' };
+        }
         // ── /session 系列 ──
         if (cmdBase === '/session' || cmdBase === '/s') {
             if (action === 'stop') {
@@ -1011,9 +1186,11 @@ export class CommandHandler {
         }
         // ── /system 系列 ──
         if (cmdBase === '/system') {
+            // D1 迁移：进程级鉴权统一查 evolclaw.json owners，替代各 action 内联的 identity.role 判断
+            if (!isProcessLevelOwner(userId, loadEvolclawConfig().owners)) {
+                return { error: '操作需要 owner 权限', code: 'FORBIDDEN' };
+            }
             if (action === 'restart') {
-                if (identity.role !== 'owner')
-                    return { error: '无权限：服务重启仅限 owner 使用', code: 'NO_PERMISSION' };
                 const restartInfo = { channel, channelId, timestamp: Date.now() };
                 fs.writeFileSync(path.join(resolvePaths().dataDir, 'restart-pending.json'), JSON.stringify(restartInfo));
                 const { spawn } = await import('child_process');
@@ -1030,8 +1207,6 @@ export class CommandHandler {
                 return await this.delegateAsAction(action, '/check', channel, channelId, userId);
             }
             if (action === 'upgrade') {
-                if (identity.role !== 'owner')
-                    return { error: '无权限：升级仅限 owner 使用', code: 'NO_PERMISSION' };
                 return await this.delegateAsAction(action, '/upgrade', channel, channelId, userId);
             }
             return { error: `不支持的 system action: ${action}`, code: 'NOT_SUPPORTED' };
@@ -3254,70 +3429,83 @@ export class CommandHandler {
             const result = parseTriggerSet(args);
             if (!result.ok)
                 return `❌ ${result.error}`;
-            const parsed = result.value;
-            const now = Date.now();
-            const nextFireAt = calcNextFireAt(parsed.scheduleType, parsed.scheduleValue, now);
-            // Auto-generate name if not provided
-            const name = parsed.name ?? `trigger-${Date.now().toString(36)}`;
-            const trigger = {
-                id: crypto.randomUUID(),
-                name,
-                scheduleType: parsed.scheduleType,
-                scheduleValue: parsed.scheduleValue,
-                nextFireAt,
-                targetChannel: parsed.targetChannel ?? channel,
-                targetChannelId: parsed.targetChannelId ?? channelId,
-                targetChannelType: this.resolveChannelType(parsed.targetChannel ?? channel),
-                targetThreadId: parsed.targetThreadId,
-                targetSessionStrategy: parsed.targetSessionStrategy,
-                agentId: parsed.agentId,
-                prompt: parsed.prompt,
-                createdByPeerId: peerId,
-                createdByChannel: channel,
-                fireCount: 0,
-                createdAt: now,
-                updatedAt: now,
-            };
-            try {
-                // Strategy-based session binding
-                if (parsed.targetSessionStrategy === 'current') {
-                    const active = await this.sessionManager.getActiveSession(channel, channelId);
-                    if (!active)
-                        return '❌ 当前没有活跃会话，改用 --session latest 或 thread';
-                    trigger.boundSessionId = active.id;
-                }
-                else if (parsed.targetSessionStrategy === 'thread') {
-                    const targetAdapterName = parsed.targetChannel ?? channel;
-                    const adapter = this.adapters.get(targetAdapterName);
-                    if (!adapter?.capabilities.thread)
-                        return '❌ 目标渠道不支持 thread 会话';
-                    const channelType = adapter.channelKey.split('#')[0];
-                    trigger.targetChannelType = channelType;
-                    if (channelType === 'aun') {
-                        trigger.threadKind = 'aun';
-                        trigger.targetThreadId = `trigger-${trigger.id}`;
-                    }
-                    else {
-                        if (!messageId)
-                            return '❌ 飞书 thread 模式需要消息 ID，请重新发送命令';
-                        trigger.threadKind = 'feishu';
-                        trigger.rootMessageId = messageId;
-                        trigger.pendingThread = true;
-                    }
+            const reg = await this.registerTriggerFromParsed(result.value, channel, channelId, peerId, messageId);
+            if (!reg.ok)
+                return `❌ ${reg.error}`;
+            const nextStr = new Date(reg.trigger.nextFireAt).toLocaleString();
+            return `✅ 触发器已注册：**${reg.trigger.name}**\n下次触发：${nextStr}`;
+        }
+        return `❌ 未知子命令。用法：\n/trigger — 查看活跃触发器\n/trigger list — 查看所有触发器\n/trigger set <参数> — 注册触发器\n/trigger update <名称|ID> <参数> — 修改触发器\n/trigger cancel <名称> — 取消触发器`;
+    }
+    /** 从已解析的 trigger 参数组装 Trigger 并注册。文本路径（handleTrigger）与 menu 路径共用。
+     *  parsed 形状 = parseTriggerSet 的 result.value（ParsedTriggerSet）。
+     *  失败 return { ok:false, error }；成功 return { ok:true, trigger }。本方法不改变原文本路径行为。 */
+    async registerTriggerFromParsed(parsed, channel, channelId, peerId, messageId) {
+        const owningAgent = this.getOwningAgent(channel);
+        const scheduler = (owningAgent?.triggerScheduler ?? this.triggerScheduler);
+        const manager = (owningAgent?.triggerManager ?? this.triggerManager);
+        if (!manager || !scheduler)
+            return { ok: false, error: '触发器功能未启用' };
+        const now = Date.now();
+        const nextFireAt = calcNextFireAt(parsed.scheduleType, parsed.scheduleValue, now);
+        // Auto-generate name if not provided
+        const name = parsed.name ?? `trigger-${Date.now().toString(36)}`;
+        const trigger = {
+            id: crypto.randomUUID(),
+            name,
+            scheduleType: parsed.scheduleType,
+            scheduleValue: parsed.scheduleValue,
+            nextFireAt,
+            targetChannel: parsed.targetChannel ?? channel,
+            targetChannelId: parsed.targetChannelId ?? channelId,
+            targetChannelType: this.resolveChannelType(parsed.targetChannel ?? channel),
+            targetThreadId: parsed.targetThreadId,
+            targetSessionStrategy: parsed.targetSessionStrategy,
+            agentId: parsed.agentId,
+            prompt: parsed.prompt,
+            createdByPeerId: peerId,
+            createdByChannel: channel,
+            fireCount: 0,
+            createdAt: now,
+            updatedAt: now,
+        };
+        try {
+            // Strategy-based session binding
+            if (parsed.targetSessionStrategy === 'current') {
+                const active = await this.sessionManager.getActiveSession(channel, channelId);
+                if (!active)
+                    return { ok: false, error: '当前没有活跃会话，改用 --session latest 或 thread' };
+                trigger.boundSessionId = active.id;
+            }
+            else if (parsed.targetSessionStrategy === 'thread') {
+                const targetAdapterName = parsed.targetChannel ?? channel;
+                const adapter = this.adapters.get(targetAdapterName);
+                if (!adapter?.capabilities.thread)
+                    return { ok: false, error: '目标渠道不支持 thread 会话' };
+                const channelType = adapter.channelKey.split('#')[0];
+                trigger.targetChannelType = channelType;
+                if (channelType === 'aun') {
+                    trigger.threadKind = 'aun';
+                    trigger.targetThreadId = `trigger-${trigger.id}`;
+                }
+                else {
+                    if (!messageId)
+                        return { ok: false, error: '飞书 thread 模式需要消息 ID，请重新发送命令' };
+                    trigger.threadKind = 'feishu';
+                    trigger.rootMessageId = messageId;
+                    trigger.pendingThread = true;
                 }
-                // Validate name uniqueness before persisting (manager.register writes to disk)
-                // scheduler.register is in-memory only and cannot fail, so order is safe here.
-                // If manager.register throws (duplicate name/ID), nothing is persisted.
-                manager.register(trigger);
-                scheduler.register(trigger);
-            }
-            catch (err) {
-                return `❌ 注册失败：${err.message}`;
             }
-            const nextStr = new Date(nextFireAt).toLocaleString();
-            return `✅ 触发器已注册：**${name}**\n下次触发：${nextStr}`;
+            // Validate name uniqueness before persisting (manager.register writes to disk)
+            // scheduler.register is in-memory only and cannot fail, so order is safe here.
+            // If manager.register throws (duplicate name/ID), nothing is persisted.
+            manager.register(trigger);
+            scheduler.register(trigger);
         }
-        return `❌ 未知子命令。用法：\n/trigger — 查看活跃触发器\n/trigger list — 查看所有触发器\n/trigger set <参数> — 注册触发器\n/trigger update <名称|ID> <参数> — 修改触发器\n/trigger cancel <名称> — 取消触发器`;
+        catch (err) {
+            return { ok: false, error: `注册失败：${err.message}` };
+        }
+        return { ok: true, trigger };
     }
     // ── /rewind helpers ──
     async handleRewindList(session, agent) {
@@ -3651,3 +3839,38 @@ export class CommandHandler {
         return text.length > 50 ? text.substring(0, 50) + '…' : text;
     }
 }
+/** 进程级 menu 操作（/agent、/system）鉴权：发送方 AID 必须在 owners 名单中。
+ *  owners 来自 evolclaw.json 顶层（进程级控制面配置）。纯静态名单比对。 */
+export function isProcessLevelOwner(peerId, owners) {
+    if (!peerId)
+        return false;
+    return (owners ?? []).includes(peerId);
+}
+/** 校验 menu 路径直传的 trigger 调度参数（绕过 parseTriggerSet 文本解析后必须自校验）。
+ *  返回错误字符串表示非法；返回 null 表示通过。
+ *  防止非法 scheduleType/scheduleValue 传到 calcNextFireAt 产出 NaN/throw，污染 scheduler heap。 */
+export function validateScheduleParams(scheduleType, scheduleValue) {
+    if (!['delay', 'at', 'cron'].includes(scheduleType)) {
+        return `无效 scheduleType: ${scheduleType}（可选: delay / at / cron）`;
+    }
+    if (scheduleType === 'delay') {
+        const ms = Number(scheduleValue);
+        if (!Number.isFinite(ms) || ms <= 0)
+            return `delay 的 scheduleValue 需为正整数毫秒: ${scheduleValue}`;
+    }
+    else if (scheduleType === 'at') {
+        const ts = new Date(scheduleValue).getTime();
+        if (!Number.isFinite(ts))
+            return `at 的 scheduleValue 需为合法时间: ${scheduleValue}`;
+    }
+    else {
+        // cron：交给 calcNextFireAt 内部的 CronExpressionParser 校验（会 throw，被上层 catch）
+        try {
+            calcNextFireAt('cron', scheduleValue, Date.now());
+        }
+        catch {
+            return `无效 cron 表达式: ${scheduleValue}`;
+        }
+    }
+    return null;
+}