evolclaw 3.1.4 → 3.1.6

package/dist/channels/aun.js

@@ -12,8 +12,8 @@ import { appendAidEvent } from '../utils/instance-registry.js';
 import { appendMessageLog, buildOutboundEntry } from '../core/message/message-log.js';
 import { chatDirPath } from '../core/session/session-fs-store.js';
 import { appendAidLifecycle } from '../aun/aid/identity.js';
-import { createAunClient } from '../aun/aid/client.js';
-import { loadAgent, saveAgent, loadProcessConfig } from '../config-store.js';
+import { getAidStore, loadClient, SLOT } from '../aun/aid/store.js';
+import { loadAgent, saveAgent } from '../config-store.js';
 import { getProcessStartTime } from '../utils/process-introspect.js';
 import * as outbox from '../aun/outbox.js';
 import { guessMime, formatSize } from '../utils/media-cache.js';
@@ -61,6 +61,9 @@ function getEvolclawVersion() {
 export class AUNChannel {
     config;
     client = null;
+    store = null;
+    /** 实际连接的网关 URL（来自 authenticate() 返回值 / connection.state 事件），替代旧 (client as any)._gatewayUrl。 */
+    gatewayUrl = '';
     projectPathProvider;
     messageHandler;
     recallHandler;
@@ -115,11 +118,6 @@ export class AUNChannel {
      */
     async callAndTrace(method, params, opts) {
         this.trace('OUT', method, params);
-        // [DIAG-STALE] 记录调用瞬间 SDK 内部 _state，证明是否在 reconnecting 中误发
-        const sdkStateBefore = this.client?._state ?? 'no-client';
-        if (sdkStateBefore !== 'connected') {
-            logger.warn(`[AUN][DIAG-STALE] callAndTrace ${method} on non-connected SDK: sdk_state=${sdkStateBefore} evolclaw_connected=${this.connected}`);
-        }
         try {
             const result = await this.client.call(method, params);
             if (!opts?.silentOk) {
@@ -137,9 +135,6 @@ export class AUNChannel {
                 code: e?.code,
                 name: e?.name,
             });
-            // [DIAG-STALE] 失败时再记录一次 SDK _state，看错误类型是否为 ConnectionError
-            const sdkStateAfter = this.client?._state ?? 'no-client';
-            logger.warn(`[AUN][DIAG-STALE] callAndTrace ${method} FAILED: err_name=${e?.name ?? '?'} err_code=${e?.code ?? '?'} sdk_state_before=${sdkStateBefore} sdk_state_after=${sdkStateAfter} evolclaw_connected=${this.connected}`);
             logger.warn(`${this.logPrefix()} rpc ${method} failed: ${e?.name ?? ''}(${e?.code ?? ''}) ${e?.message ?? e}`);
             throw e;
         }
@@ -545,12 +540,17 @@ export class AUNChannel {
             }
             this.client = null;
         }
+        if (this.store) {
+            try {
+                this.store.close();
+            }
+            catch { /* ignore */ }
+            this.store = null;
+        }
         this.connected = false;
         const aunPath = this.config.keystorePath || resolveRoot();
         const aidName = this.config.aid;
-        const encryptionSeed = loadProcessConfig().aun?.encryptionSeed
-            || process.env.AUN_ENCRYPTION_SEED
-            || 'evol';
+        // encryptionSeed 由 getAidStore 内部解析（config / env / 'evol'）
         // Migration from ~/.aun is handled by ensureDataDirs() at startup with a marker file.
         // Gateway URL 解析：优先用配置的 gatewayUrl，否则通过 well-known 自动发现
         let gateway = this.config.gatewayUrl || '';
@@ -571,16 +571,18 @@ export class AUNChannel {
             throw new Error('Cannot resolve gateway URL from AID');
         }
         logger.info(`${this.logPrefix()} Initializing: aid=${aidName}, gateway=${gateway}, aun_path=${aunPath}`);
-        // Create client with FileSecretStore (AES-256-GCM)
-        // 不传 encryption_seed 时，SDK 自动从 {aun_path}/.seed 文件派生密钥（与 aun_cli.py 对齐）
-        const client = await createAunClient({
+        // 构造 AIDStore（slot=evolclaw daemon，与 cli/netcheck 共享 evolclaw 隔离键）
+        // encryptionSeed / rootCaPath 由 getAidStore 内部注入
+        const store = await getAidStore({
+            slotId: SLOT.daemon,
             aunPath,
-            encryptionSeed,
-            aunSdkLog: this.config.aunSdkLog ?? true,
+            debug: this.config.aunSdkLog ?? false,
         });
+        this.store = store;
+        const client = await loadClient(store, aidName);
         this.client = client;
-        // Set gateway URL (internal property, same as Python SDK)
-        client._gatewayUrl = gateway;
+        // 记录应用层发现的 gateway 作为初始值（authenticate 后会用权威值覆盖）
+        this.gatewayUrl = gateway;
         // Register event handlers before connecting
         client.on('message.received', (data) => {
             this.trace('IN', 'message.received', data);
@@ -629,30 +631,16 @@ export class AUNChannel {
             const d = data;
             logger.warn(`${this.logPrefix()} Group message undecryptable: group=${d.group_id} from=${d.from} mid=${d.message_id} err=${d._decrypt_error}`);
         });
-        // Authenticate
-        // Workaround: SDK 0.3.x _loadIdentityOrRaise doesn't set identity.aid from requested aid,
-        // causing gateway "missing aid" error. Patch to backfill aid on loaded identity.
-        const authFlow = client._auth;
-        if (authFlow && typeof authFlow._loadIdentityOrRaise === 'function') {
-            const origLoad = authFlow._loadIdentityOrRaise.bind(authFlow);
-            authFlow._loadIdentityOrRaise = (aid) => {
-                const identity = origLoad(aid);
-                if (identity && !identity.aid)
-                    identity.aid = aid ?? authFlow._aid;
-                return identity;
-            };
-        }
-        let accessToken;
+        // Authenticate（拿权威 gateway 用于日志/状态；connect 内部也会复用 token）
         try {
             logger.info(`${this.logPrefix()} Authenticating as ${aidName}...`);
             this.trace('OUT', 'auth.authenticate', { aid: aidName });
-            const auth = await client.auth.authenticate(aidName ? { aid: aidName } : undefined);
-            this.trace('OUT', 'auth.authenticate.ok', { aid: auth.aid, gateway: auth.gateway, hasToken: !!auth.access_token });
-            this.trace('IN', 'auth.result', { aid: auth.aid, gateway: auth.gateway, hasToken: !!auth.access_token });
-            accessToken = auth.access_token;
-            const resolvedGateway = auth.gateway || gateway;
-            client._gatewayUrl = resolvedGateway;
-            logger.info(`${this.logPrefix()} Authenticated as ${auth.aid ?? '?'}, gateway=${resolvedGateway}`);
+            const auth = await client.authenticate();
+            this.trace('OUT', 'auth.authenticate.ok', { aid: client.aid, gateway: auth?.gateway, hasToken: !!auth?.access_token });
+            this.trace('IN', 'auth.result', { aid: client.aid, gateway: auth?.gateway, hasToken: !!auth?.access_token });
+            const resolvedGateway = String(auth?.gateway ?? gateway);
+            this.gatewayUrl = resolvedGateway;
+            logger.info(`${this.logPrefix()} Authenticated as ${client.aid ?? '?'}, gateway=${resolvedGateway}`);
         }
         catch (e) {
             const errMsg = e.message || String(e);
@@ -661,15 +649,9 @@ export class AUNChannel {
             logger.error(`${this.logPrefix()} Authentication failed (${errName}): ${errMsg}`);
             if (e.stack)
                 logger.debug(`${this.logPrefix()} Auth stack: ${e.stack}`);
-            // Fallback: try direct token from env/config (legacy)
-            accessToken = this.config.accessToken || process.env.AUN_ACCESS_TOKEN || '';
-            if (!accessToken) {
-                logger.error(`${this.logPrefix()} No accessToken fallback available, scheduling retry`);
-                this.setAidStatus('failed', { lastError: `${errName}: ${errMsg}`.slice(0, 80) });
-                this.scheduleReconnect();
-                throw new Error('Authentication failed and no accessToken fallback available');
-            }
-            logger.warn(`${this.logPrefix()} Using accessToken fallback`);
+            this.setAidStatus('failed', { lastError: `${errName}: ${errMsg}`.slice(0, 80) });
+            this.scheduleReconnect();
+            throw new Error(`Authentication failed: ${errName}: ${errMsg}`);
         }
         // Connect (SDK auto_reconnect handles transient failures)
         try {
@@ -678,11 +660,18 @@ export class AUNChannel {
                 agentName: this.config.agentName,
                 channelName: this.config.channelName,
             });
-            this.trace('OUT', 'client.connect', { gateway: client._gatewayUrl, extra_info: extraInfo });
-            await client.connect({ access_token: accessToken, gateway: client._gatewayUrl, extra_info: extraInfo }, 
-            // max_attempts=0 = 无限重试（与 Go/Python 对齐），交由 SDK 自己跑指数退避
-            // initial_delay=1s，max_delay=300s（5min 封顶）
-            { auto_reconnect: true, retry: { max_attempts: 0, initial_delay: 1.0, max_delay: 300.0 } });
+            this.trace('OUT', 'client.connect', { gateway: this.gatewayUrl, extra_info: extraInfo });
+            await client.connect({
+                // connection_kind 默认 long；slot 已由 AID 携带（evolclaw daemon）
+                // extra_info：互踢诊断名片（0.4.3 公开 connect 已支持透传）
+                extra_info: extraInfo,
+                // max_attempts=0 = 无限重试（与 Go/Python 对齐），交由 SDK 自己跑指数退避
+                // initial_delay=1s，max_delay=300s（5min 封顶）
+                auto_reconnect: true,
+                retry_max_attempts: 0,
+                retry_initial_delay: 1.0,
+                retry_max_delay: 300.0,
+            });
             this.trace('OUT', 'client.connect.ok', { aid: client.aid });
             this._aid = this.client.aid ?? undefined;
             const deviceId = this.client._device_id ?? '';
@@ -692,7 +681,7 @@ export class AUNChannel {
                 this.aidStatsCollector.setSelfName(this.config.aid, this._selfName);
             this.connected = true;
             this.connectedAt = Date.now();
-            this.setAidStatus('connected', { lastConnectedAt: Date.now(), lastError: undefined, gatewayUrl: this.client?._gatewayUrl });
+            this.setAidStatus('connected', { lastConnectedAt: Date.now(), lastError: undefined, gatewayUrl: this.gatewayUrl });
             // Workaround: SDK e2ee uses _identity.cert for sender_cert_fingerprint;
             // if cert is missing, it falls back to public key SPKI fingerprint which
             // causes peer cert lookup failures. Backfill from keystore if needed.
@@ -705,8 +694,8 @@ export class AUNChannel {
                 }
             }
             logger.info(`${this.logPrefix()} Connected as ${this._aid}`);
-            appendAidEvent({ ts: Date.now(), iso: new Date().toISOString(), event: 'connected', aid: this.config.aid, gateway: this.client._gatewayUrl });
-            appendAidLifecycle({ ts: Date.now(), iso: new Date().toISOString(), event: 'connected', aid: this.config.aid, gateway: this.client._gatewayUrl });
+            appendAidEvent({ ts: Date.now(), iso: new Date().toISOString(), event: 'connected', aid: this.config.aid, gateway: this.gatewayUrl });
+            appendAidLifecycle({ ts: Date.now(), iso: new Date().toISOString(), event: 'connected', aid: this.config.aid, gateway: this.gatewayUrl });
             // Send welcome message to owner after first connection
             await this.sendWelcomeMessage();
         }
@@ -785,13 +774,10 @@ tags:
 
 EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
 `;
-            // Write locally
-            fs.mkdirSync(path.dirname(agentMdLocalPath), { recursive: true });
-            fs.writeFileSync(agentMdLocalPath, newAgentMd, 'utf-8');
-            logger.info(`${this.logPrefix()} Updated agent.md for ${aidName}`);
-            // Publish to AUN network via publishAgentMd (auto-sign)
+            // Write locally and publish to AUN network (auto-sign)
             try {
-                await this.client.publishAgentMd();
+                const { agentmdPut } = await import('../aun/aid/agentmd.js');
+                await agentmdPut(newAgentMd, { aid: aidName, store: this.store });
                 logger.info(`${this.logPrefix()} Published agent.md to AUN network`);
             }
             catch (e) {
@@ -804,18 +790,16 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
 
 📋 **日常使用方法**：
 
-1. **绑定项目**：发送 \`/bind <项目路径>\` 绑定工作目录
-2. **查看帮助**：发送 \`/help\` 查看所有可用命令
-3. **切换项目**：发送 \`/project <项目名>\` 切换到其他项目
-4. **查看状态**：发送 \`/status\` 查看当前会话状态
-5. **会话管理**：发送 \`/session\` 查看和切换会话
+1. **查看帮助**：发送 \`/help\` 查看所有可用命令
+2. **查看状态**：发送 \`/status\` 查看当前会话状态
+3. **会话管理**：发送 \`/session\` 查看和切换会话
 
 💡 **提示**：
 - 直接发送消息即可与 Claude/Codex 对话
-- 支持多项目会话管理，每个项目独立会话
+- 支持多会话管理，每个会话独立上下文
 - 所有命令以 \`/\` 开头
 
-现在，请先使用 \`/bind\` 命令绑定您的项目目录，然后就可以开始工作了！`;
+现在就可以开始工作了！`;
             // First contact with Owner races against Owner's async cert fetch from
             // gateway PKI; a 3s pause lets the cert propagate. persist_required asks
             // the gateway to durably store the message so Owner can recover it via
@@ -832,6 +816,8 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
                 persist_required: true,
             });
             logger.info(`${this.logPrefix()} Welcome message sent to owner: ${owner}`);
+            // Send binding credential for Evol App to persist locally
+            await this.sendBindingCredential(owner, agentDisplayName, agentConfig.active_baseagent || 'claude').catch(e => logger.warn(`${this.logPrefix()} Binding credential failed: ${e}`));
             // Mark agent as initialized in config.json (replaces old agent.md frontmatter flag)
             try {
                 const fresh = loadAgent(aidName);
@@ -849,7 +835,57 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
             logger.warn(`${this.logPrefix()} Failed to send welcome message: ${e}`);
         }
     }
+    async sendBindingCredential(owner, name, baseagent) {
+        if (!this.client)
+            return;
+        await this.callAndTrace('message.send', {
+            to: owner,
+            payload: { type: 'binding', aid: this.config.aid, name, owner, baseagent },
+            encrypt: true,
+            persist_required: true,
+        });
+        logger.info(`${this.logPrefix()} Binding credential sent to owner: ${owner}`);
+    }
     // ── Event handlers ──────────────────────────────────────────
+    /**
+     * 判断附件是否为图片，返回 MIME 类型（非图片返回空）。
+     * 多重检测：附件元数据字段 → 文件名后缀 → 文件 magic bytes。
+     */
+    detectImageMime(att, filePath) {
+        const extToMime = {
+            '.png': 'image/png', '.jpg': 'image/jpeg', '.jpeg': 'image/jpeg',
+            '.gif': 'image/gif', '.webp': 'image/webp',
+        };
+        // 1. 附件元数据字段（content_type / mime_type / mimeType）
+        const metaCt = (att?.content_type || att?.mime_type || att?.mimeType || '');
+        if (typeof metaCt === 'string' && metaCt.startsWith('image/'))
+            return metaCt;
+        // 2. 文件名后缀
+        const name = (att?.filename || att?.object_key || filePath || '').toLowerCase();
+        for (const [ext, mime] of Object.entries(extToMime)) {
+            if (name.endsWith(ext))
+                return mime;
+        }
+        // 3. magic bytes
+        try {
+            const { openSync, readSync, closeSync } = require('node:fs');
+            const fd = openSync(filePath, 'r');
+            const head = Buffer.alloc(12);
+            readSync(fd, head, 0, 12, 0);
+            closeSync(fd);
+            if (head[0] === 0x89 && head[1] === 0x50 && head[2] === 0x4e && head[3] === 0x47)
+                return 'image/png';
+            if (head[0] === 0xff && head[1] === 0xd8 && head[2] === 0xff)
+                return 'image/jpeg';
+            if (head[0] === 0x47 && head[1] === 0x49 && head[2] === 0x46)
+                return 'image/gif';
+            if (head[0] === 0x52 && head[1] === 0x49 && head[2] === 0x46 && head[3] === 0x46 &&
+                head[8] === 0x57 && head[9] === 0x45 && head[10] === 0x42 && head[11] === 0x50)
+                return 'image/webp';
+        }
+        catch { /* not readable, skip */ }
+        return '';
+    }
     async downloadAttachment(att, channelId) {
         const ownerAid = att.owner_aid || this._aid || '';
         const objectKey = att.object_key;
@@ -858,7 +894,9 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
             return null;
         }
         const filename = att.filename || objectKey.split('/').pop() || 'unknown';
-        let downloadUrl;
+        // 安全：始终通过受信任的 ticket 路径获取下载 URL。
+        // 不信任 att.url（来自对端消息 payload，可被构造为内网/元数据地址，SSRF）。
+        let downloadUrl = '';
         try {
             const ticket = await this.callAndTrace('storage.create_download_ticket', {
                 owner_aid: ownerAid,
@@ -938,12 +976,21 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
         // Process attachments (顶层 + 嵌套在 merge.items / quote.quote 中的)
         const rawAttachments = this.collectAllAttachments(payload);
         let finalText = text;
+        const inboundImages = [];
         if (rawAttachments.length > 0 && this.client) {
             const fileParts = [];
             for (const att of rawAttachments) {
                 const filePath = await this.downloadAttachment(att, fromAid);
                 if (filePath) {
                     const name = sanitizeFileName(att.filename || att.object_key?.split('/').pop() || 'file');
+                    const mime = this.detectImageMime(att, filePath);
+                    if (mime) {
+                        try {
+                            const { readFileSync } = await import('node:fs');
+                            inboundImages.push({ data: readFileSync(filePath).toString('base64'), mimeType: mime });
+                        }
+                        catch { /* fallback to file path */ }
+                    }
                     fileParts.push(`[文件: ${name} → ${filePath}]`);
                 }
             }
@@ -952,16 +999,18 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
                 if (text)
                     parts.push(text);
                 parts.push(...fileParts);
-                parts.push('请使用 Read 工具读取文件内容。');
+                if (inboundImages.length === 0)
+                    parts.push('请使用 Read 工具读取文件内容。');
                 finalText = parts.join('\n\n');
             }
+            logger.info(`${this.logPrefix()} [img-debug] private attachments=${rawAttachments.length} images=${inboundImages.length}`);
         }
         // 私聊 channelId = 对端 AID（不再读 payload.chat_id 含 device 三段式）
         // device_id 仅 SDK 内部多实例去重用，evolclaw session 层面跨端共享会话
         const chatId = fromAid;
         // 解析对端身份（30天缓存）
         const selfAgentDir = path.join(resolvePaths().agentsDir, this.config.aid);
-        const peerIdentity = await PeerIdentityCache.resolve('aun', fromAid, selfAgentDir, this.client, false);
+        const peerIdentity = await PeerIdentityCache.resolve('aun', fromAid, selfAgentDir, this.store, false);
         const shortAid = this.getShortAid(fromAid);
         const displayName = peerIdentity.name || shortAid;
         // 详细 dispatch 决策日志：记录消息为何被路由到 agent
@@ -1007,7 +1056,11 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
             mentions,
             peerName: displayName || undefined,
             peerType: peerIdentity.type,
+            sameDevice: msg.same_device === true || undefined,
+            sameNetwork: msg.same_network === true || undefined,
+            sameEgressIp: msg.same_egress_ip === true || undefined,
             replyContext,
+            images: inboundImages.length > 0 ? inboundImages : undefined,
         });
     }
     async handleIncomingGroupMessage(data) {
@@ -1158,12 +1211,21 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
             : mentionedSelf && this._aid ? [this._aid] : [];
         // Process attachments
         let finalText = strippedText;
+        const inboundImages = [];
         if (hasAttachments && this.client) {
             const fileParts = [];
             for (const att of rawAttachments) {
                 const filePath = await this.downloadAttachment(att, groupId);
                 if (filePath) {
                     const name = sanitizeFileName(att.filename || att.object_key?.split('/').pop() || 'file');
+                    const mime = this.detectImageMime(att, filePath);
+                    if (mime) {
+                        try {
+                            const { readFileSync } = await import('node:fs');
+                            inboundImages.push({ data: readFileSync(filePath).toString('base64'), mimeType: mime });
+                        }
+                        catch { /* fallback to file path */ }
+                    }
                     fileParts.push(`[文件: ${name} → ${filePath}]`);
                 }
             }
@@ -1172,12 +1234,13 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
                 if (strippedText)
                     parts.push(strippedText);
                 parts.push(...fileParts);
-                parts.push('请使用 Read 工具读取文件内容。');
+                if (inboundImages.length === 0)
+                    parts.push('请使用 Read 工具读取文件内容。');
                 finalText = parts.join('\n\n');
             }
         }
         const selfAgentDir = path.join(resolvePaths().agentsDir, this.config.aid);
-        const peerIdentity = await PeerIdentityCache.resolve('aun', senderAid, selfAgentDir, this.client, false);
+        const peerIdentity = await PeerIdentityCache.resolve('aun', senderAid, selfAgentDir, this.store, false);
         const shortAid = this.getShortAid(senderAid);
         const displayName = peerIdentity.name || shortAid;
         // 详细 dispatch 决策日志：记录消息为何被路由到 agent
@@ -1205,6 +1268,9 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
             userId: senderAid,
             peerName: displayName || undefined,
             peerType: peerIdentity.type,
+            sameDevice: msg.same_device === true || undefined,
+            sameNetwork: msg.same_network === true || undefined,
+            sameEgressIp: msg.same_egress_ip === true || undefined,
             text: finalText,
             chatType: 'group',
             messageId,
@@ -1212,6 +1278,7 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
             threadId,
             mentions,
             replyContext: this.buildGroupReplyContext(threadId, senderAid, msgEncrypted, messageId, msgChatmode),
+            images: inboundImages.length > 0 ? inboundImages : undefined,
         });
     }
     dispatchMessage(event) {
@@ -1268,16 +1335,20 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
             channelId: event.channelId || '',
             channelType: 'aun',
             content: event.text || '',
-            selfId: this._aid,
+            selfAID: this._aid,
             groupId: event.groupId,
             chatType: event.chatType,
             peerId: event.userId || event.channelId || '',
             peerName: event.peerName,
             peerType: event.peerType,
+            sameDevice: event.sameDevice,
+            sameNetwork: event.sameNetwork,
+            sameEgressIp: event.sameEgressIp,
             messageId: event.messageId,
             threadId: event.threadId,
             mentions: mentionObjects,
             replyContext,
+            images: event.images,
         }).catch(err => {
             logger.error(`${this.logPrefix()} Message handler error:`, err);
         });
@@ -1351,17 +1422,16 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
         if (!data || typeof data !== 'object')
             return;
         const state = data.state ?? '';
-        // [DIAG-STALE] 记录状态切换瞬间 evolclaw 的 connected 标志和 SDK 的内部 _state，
-        // 用于证明"reconnecting 时 connected 保持 true，导致 sendMessage 误放行"的假设
-        const sdkState = this.client?._state ?? 'no-client';
-        const connectedBefore = this.connected;
-        logger.info(`[AUN][DIAG-STALE] connection.state event: state=${state} attempt=${data.attempt ?? '-'} | connected_before=${connectedBefore} sdk_state=${sdkState}`);
         if (state === 'connected') {
             this.connected = true;
             this.connectedAt = Date.now();
             this.lastReconnectLogTime = 0;
             this.lastReconnectLogAttempt = 0;
-            this.setAidStatus('connected', { lastConnectedAt: Date.now(), lastError: undefined, gatewayUrl: this.client?._gatewayUrl });
+            // connection.state 事件 payload 带实际连接的 gateway，更新本地缓存
+            const evtGateway = data.gateway;
+            if (typeof evtGateway === 'string' && evtGateway)
+                this.gatewayUrl = evtGateway;
+            this.setAidStatus('connected', { lastConnectedAt: Date.now(), lastError: undefined, gatewayUrl: this.gatewayUrl });
             this.trace('IN', 'connection.state', data);
             logger.info(`${this.logPrefix()} Connected`);
             // 不在这里清 flapCount —— 短命连接一上来就会触发本分支，
@@ -1816,11 +1886,11 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
     appendOutboundJsonl(channelId, text, msgId, encrypt, context, isGroup, msgType = 'text', source = 'daemon') {
         try {
             const sessionsDir = resolvePaths().sessionsDir;
-            const selfId = this.config.aid;
-            const chatDir = chatDirPath(sessionsDir, 'aun', channelId, selfId);
+            const selfAID = this.config.aid;
+            const chatDir = chatDirPath(sessionsDir, 'aun', channelId, selfAID);
             const chatmode = context?.metadata?.chatmode;
             appendMessageLog(chatDir, buildOutboundEntry({
-                from: selfId,
+                from: selfAID,
                 to: channelId,
                 chatType: isGroup ? 'group' : 'private',
                 groupId: isGroup ? channelId : null,
@@ -1891,8 +1961,8 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
                 const tid = putRes?.thought_id;
                 logger.info(`${this.logPrefix()} thought.put ok group=${targetId} task=${taskId} stage=${stage} encrypt=${encrypt} tid=${tid ?? '?'}`);
                 this.eventBus?.publish?.({ type: 'message:thought-put', agentName: this.config.aid, channelId, taskId, text: thoughtText });
-                // 文本类 thought 写入 jsonl（只对有 text 的 item，过滤 tool 等结构化项）
                 if (thoughtText) {
+                    this.aidStatsCollector?.recordOutbound(this.config.aid, channelId, Buffer.byteLength(thoughtText, 'utf-8'), thoughtText, false, encrypt, context?.metadata?.chatmode ?? 'proactive');
                     this.appendOutboundJsonl(channelId, thoughtText, tid ?? `thought-${Date.now()}`, encrypt, context, true, 'thought', 'daemon');
                 }
             }
@@ -1903,6 +1973,7 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
                 logger.info(`${this.logPrefix()} thought.put ok p2p=${this.peerLabel(targetId)} task=${taskId} stage=${stage} encrypt=${encrypt} tid=${tid ?? '?'}`);
                 this.eventBus?.publish?.({ type: 'message:thought-put', agentName: this.config.aid, channelId, taskId, text: thoughtText });
                 if (thoughtText) {
+                    this.aidStatsCollector?.recordOutbound(this.config.aid, targetId, Buffer.byteLength(thoughtText, 'utf-8'), thoughtText, false, encrypt, context?.metadata?.chatmode ?? 'proactive');
                     this.appendOutboundJsonl(channelId, thoughtText, tid ?? `thought-${Date.now()}`, encrypt, context, false, 'thought', 'daemon');
                 }
             }
@@ -2280,6 +2351,13 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
             }
             this.client = null;
         }
+        if (this.store) {
+            try {
+                this.store.close();
+            }
+            catch { /* ignore */ }
+            this.store = null;
+        }
         this.connected = false;
         appendAidEvent({ ts: Date.now(), iso: new Date().toISOString(), event: 'disconnected', aid: this.config.aid, reason: 'intentional' });
         appendAidLifecycle({ ts: Date.now(), iso: new Date().toISOString(), event: 'disconnected', aid: this.config.aid, reason: 'intentional' });
@@ -2381,7 +2459,7 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
             return { type: null };
         try {
             const selfAgentDir = path.join(resolvePaths().agentsDir, this.config.aid);
-            const identity = await PeerIdentityCache.resolve('aun', aid, selfAgentDir, this.client, false);
+            const identity = await PeerIdentityCache.resolve('aun', aid, selfAgentDir, this.store, false);
             const type = identity.type === 'human' ? 'human' : 'ai';
             const name = identity.name || undefined;
             const info = { type, name };
@@ -2405,19 +2483,16 @@ EvolClaw AI Agent 网关，支持多项目会话管理和多 AI 后端切换。
         void this.fetchPeerInfo(aid).catch(() => { });
     }
     async uploadAgentMd(content) {
-        if (!this.client)
+        if (!this.store)
             throw new Error('not connected');
-        const { agentMdPath } = await import('../paths.js');
-        const localPath = agentMdPath(this.config.aid);
-        fs.mkdirSync(path.dirname(localPath), { recursive: true });
-        fs.writeFileSync(localPath, content, 'utf-8');
-        await this.client.publishAgentMd();
+        const { agentmdPut } = await import('../aun/aid/agentmd.js');
+        await agentmdPut(content, { aid: this.config.aid, store: this.store });
     }
     async downloadAgentMd(aid) {
-        if (!this.client)
+        if (!this.store)
             throw new Error('not connected');
         const { agentmdSync } = await import('../aun/aid/agentmd.js');
-        const result = await agentmdSync(aid, { client: this.client });
+        const result = await agentmdSync(aid, { store: this.store ?? undefined });
         return result.content ?? '';
     }
 }
@@ -2445,7 +2520,6 @@ export class AUNChannelPlugin {
                 gatewayUrl: inst.gatewayUrl,
                 accessToken: inst.accessToken,
                 flushDelay: inst.flushDelay,
-                encryptionSeed: inst.encryptionSeed,
                 owner: inst.owner,
                 agentName: inst.agentName,
                 channelName: inst.name,
@@ -2455,7 +2529,7 @@ export class AUNChannelPlugin {
             const adapter = {
                 channelName: inst.name,
                 channelKey: inst.name, // channelName 实际上就是 channelKey
-                capabilities: { file: true, image: true, interaction: true, markdown: true, thought: true, status: true },
+                capabilities: { file: true, image: true, interaction: true, markdown: true, thought: true, status: true, thread: true },
                 send: async (envelope, payload) => {
                     const ctx = envelope.replyContext;
                     const channelId = envelope.channelId;
@@ -2636,7 +2710,7 @@ export class AUNChannelPlugin {
                             channel: adapter.channelName,
                             channelType,
                             channelId: opts.channelId,
-                            selfId: opts.selfId,
+                            selfAID: opts.selfAID,
                             groupId: opts.groupId,
                             content: opts.content,
                             chatType: opts.chatType || 'private',
@@ -2648,6 +2722,7 @@ export class AUNChannelPlugin {
                             threadId: opts.threadId,
                             replyContext: opts.replyContext,
                             source: opts.source,
+                            images: opts.images,
                         });
                     }), (channelId, text, replyContext) => channel.sendMessage(channelId, text, replyContext), adapter, channelType);
                 },

package/dist/channels/dingtalk.js

@@ -448,7 +448,7 @@ export class DingtalkChannelPlugin {
             const adapter = {
                 channelName: inst.name,
                 channelKey: inst.name,
-                capabilities: { file: true, image: true, interaction: false, markdown: true, thought: false, status: false },
+                capabilities: { file: true, image: true, interaction: false, markdown: true, thought: false, status: false, thread: false },
                 send: async (envelope, payload) => {
                     const ctx = envelope.replyContext;
                     const channelId = envelope.channelId;
@@ -540,6 +540,7 @@ export class DingtalkChannelPlugin {
                             channel: adapter.channelName,
                             channelType,
                             channelId: event.channelId,
+                            selfAID: inst.agentName,
                             content: event.content,
                             images: event.images,
                             chatType: event.chatType || 'private',