mnemospark 1.2.1 → 1.3.0

package/dist/cli.js

@@ -3004,17 +3004,17 @@ var CLOUD_ONBOARDING_BLOCK_LINES = [
 ];
 
 // src/cloud-command.ts
-import { spawn } from "child_process";
+import { spawn as spawn2 } from "child_process";
 import {
   createCipheriv,
   createHash as createHash2,
   randomBytes as randomBytesNode,
-  randomUUID as randomUUID3
+  randomUUID as randomUUID4
 } from "crypto";
 import { createReadStream as createReadStream2, createWriteStream as createWriteStream2, statfsSync } from "fs";
-import { lstat, mkdir as mkdir5, readFile as readFile3, readdir as readdir2, rm, stat as stat2, writeFile as writeFile3 } from "fs/promises";
-import { homedir as homedir6, tmpdir } from "os";
-import { basename as basename2, dirname as dirname5, join as join8, resolve as resolve2 } from "path";
+import { lstat, mkdir as mkdir6, readFile as readFile4, readdir as readdir2, rm, stat as stat2, writeFile as writeFile4 } from "fs/promises";
+import { homedir as homedir7, tmpdir } from "os";
+import { basename as basename2, dirname as dirname6, join as join10, resolve as resolve2 } from "path";
 import { Readable } from "stream";
 import { finished } from "stream/promises";
 import { privateKeyToAccount as privateKeyToAccount5 } from "viem/accounts";
@@ -4139,7 +4139,8 @@ var priceStorageSchema = {
   args: [
     { name: "wallet-address", aliases: ["wallet"], required: true },
     { name: "object-id", aliases: ["object"], required: true },
-    { name: "object-id-hash", aliases: ["hash"], required: true },
+    // Optional: omit when the object exists in local SQLite after backup; CLI resolves sha256 from state.db.
+    { name: "object-id-hash", aliases: ["hash"] },
     { name: "gb", required: true },
     { name: "provider", required: true },
     { name: "region", required: true }
@@ -4218,12 +4219,226 @@ var opStatusSchema = {
   ]
 };
 
+// src/openclaw-cli.ts
+import { spawn } from "child_process";
+import { join as join8 } from "path";
+async function runOpenClawCli(args, homeDir) {
+  return await new Promise((resolvePromise, rejectPromise) => {
+    let stdout = "";
+    let stderr = "";
+    const child = spawn("openclaw", args, {
+      stdio: ["ignore", "pipe", "pipe"],
+      env: {
+        ...process.env,
+        HOME: homeDir ?? process.env.HOME
+      }
+    });
+    child.stdout.on("data", (chunk) => {
+      stdout += chunk.toString();
+    });
+    child.stderr.on("data", (chunk) => {
+      stderr += chunk.toString();
+    });
+    child.on("error", rejectPromise);
+    child.on("close", (code) => {
+      if (code === 0) {
+        resolvePromise({ stdout, stderr });
+        return;
+      }
+      rejectPromise(
+        new Error(
+          stderr.trim() || stdout.trim() || `openclaw ${args.join(" ")} exited with code ${code ?? "unknown"}`
+        )
+      );
+    });
+  });
+}
+function parseOpenClawCliJson(stdout, commandLabel) {
+  const trimmed = stdout.trim();
+  if (!trimmed) {
+    throw new Error(`openclaw ${commandLabel} returned empty JSON output`);
+  }
+  try {
+    return JSON.parse(trimmed);
+  } catch {
+    throw new Error(`openclaw ${commandLabel} returned invalid JSON output`);
+  }
+}
+async function resolveOpenClawConfigFilePath(homeDir) {
+  const { stdout } = await runOpenClawCli(["config", "file"], homeDir);
+  const trimmed = stdout.trim();
+  if (trimmed.startsWith("~/")) {
+    return join8(homeDir, trimmed.slice(2));
+  }
+  if (trimmed.startsWith("~\\")) {
+    return join8(homeDir, trimmed.slice(2));
+  }
+  return trimmed;
+}
+
+// src/openclaw-renewal-runbook.ts
+import { mkdir as mkdir5, readFile as readFile3, rename as rename2, writeFile as writeFile3 } from "fs/promises";
+import { homedir as homedir6 } from "os";
+import { dirname as dirname5, join as join9 } from "path";
+import { randomUUID as randomUUID3 } from "crypto";
+var DEFAULT_RENEWAL_AGENT_ID = "mnemospark-renewal";
+var RENEWAL_NODE_ALLOWLIST_ID = "node-usr-bin-node";
+function getRenewalAgentId() {
+  const fromEnv = process.env.MNEMOSPARK_CRON_AGENT_ID?.trim();
+  return fromEnv && fromEnv.length > 0 ? fromEnv : DEFAULT_RENEWAL_AGENT_ID;
+}
+function getRenewalNodeBinary() {
+  const fromEnv = process.env.MNEMOSPARK_CRON_NODE_BIN?.trim();
+  return fromEnv && fromEnv.length > 0 ? fromEnv : "/usr/bin/node";
+}
+function runbookRenewalAgentEntry(agentId = getRenewalAgentId()) {
+  return {
+    id: agentId,
+    tools: {
+      deny: ["subagents"],
+      exec: { ask: "off" }
+    }
+  };
+}
+function isRecord(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+function renewalAgentEntrySatisfied(existing, desired) {
+  if (!isRecord(existing)) {
+    return false;
+  }
+  if (existing.id !== desired.id) {
+    return false;
+  }
+  const tools = existing.tools;
+  if (!isRecord(tools)) {
+    return false;
+  }
+  const deny = tools.deny;
+  if (!Array.isArray(deny) || !deny.includes("subagents")) {
+    return false;
+  }
+  const exec = tools.exec;
+  if (!isRecord(exec) || exec.ask !== "off") {
+    return false;
+  }
+  return true;
+}
+function mergeRenewalAgentIntoAgentsList(list, desired) {
+  const arr = Array.isArray(list) ? [...list] : [];
+  const idx = arr.findIndex((e) => isRecord(e) && typeof e.id === "string" && e.id === desired.id);
+  if (idx === -1) {
+    return { list: [...arr, desired], changed: true };
+  }
+  if (renewalAgentEntrySatisfied(arr[idx], desired)) {
+    return { list: arr, changed: false };
+  }
+  const next = [...arr];
+  next[idx] = desired;
+  return { list: next, changed: true };
+}
+function mergeExecApprovalsAllowlist(doc, agentId, nodeBinary) {
+  const prevAgents = doc.agents && isRecord(doc.agents) ? doc.agents : {};
+  const block = prevAgents[agentId];
+  const allowlist = Array.isArray(block?.allowlist) ? [...block.allowlist] : [];
+  const hasPattern = allowlist.some((e) => e?.pattern === nodeBinary);
+  if (hasPattern) {
+    return { doc, changed: false };
+  }
+  allowlist.push({
+    id: RENEWAL_NODE_ALLOWLIST_ID,
+    pattern: nodeBinary,
+    source: "manual",
+    lastUsedAt: Date.now()
+  });
+  const nextAgents = {
+    ...prevAgents,
+    [agentId]: {
+      ...block && isRecord(block) ? block : {},
+      allowlist
+    }
+  };
+  return { doc: { ...doc, agents: nextAgents }, changed: true };
+}
+async function readJsonFile(path) {
+  const raw = await readFile3(path, "utf-8");
+  return JSON.parse(raw);
+}
+async function writeFileAtomic(path, contents) {
+  await mkdir5(dirname5(path), { recursive: true });
+  const tmp = join9(dirname5(path), `.tmp-${randomUUID3()}`);
+  await writeFile3(tmp, contents, "utf-8");
+  await rename2(tmp, path);
+}
+async function ensureOpenClawRenewalPrerequisites(options = {}) {
+  if (options.disabled ?? process.env.MNEMOSPARK_DISABLE_OPENCLAW_PREREQ === "1") {
+    return;
+  }
+  const homeDir = options.homeDir ?? homedir6();
+  const agentId = getRenewalAgentId();
+  const desired = runbookRenewalAgentEntry(agentId);
+  const nodeBinary = getRenewalNodeBinary();
+  const configPath = await resolveOpenClawConfigFilePath(homeDir);
+  let configRaw = "{}";
+  try {
+    configRaw = await readFile3(configPath, "utf-8");
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      throw err;
+    }
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(configRaw);
+  } catch {
+    throw new Error(
+      `openclaw.json at ${configPath} is not valid JSON; fix or remove it before upload.`
+    );
+  }
+  const agents = isRecord(parsed.agents) ? parsed.agents : {};
+  const { list: mergedList, changed: agentChanged } = mergeRenewalAgentIntoAgentsList(
+    agents.list,
+    desired
+  );
+  if (agentChanged) {
+    const listJson = JSON.stringify(mergedList);
+    await runOpenClawCli(["config", "set", "agents.list", listJson, "--strict-json"], homeDir);
+    await runOpenClawCli(["config", "validate"], homeDir);
+  }
+  const execPath = join9(homeDir, ".openclaw", "exec-approvals.json");
+  let execDoc = {};
+  try {
+    const raw = await readJsonFile(execPath);
+    execDoc = isRecord(raw) ? raw : {};
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      throw err;
+    }
+  }
+  const { doc: mergedExec, changed: execChanged } = mergeExecApprovalsAllowlist(
+    execDoc,
+    agentId,
+    nodeBinary
+  );
+  if (execChanged) {
+    await writeFileAtomic(execPath, `${JSON.stringify(mergedExec, null, 2)}
+`);
+  }
+  const skipRestart = options.skipGatewayRestart ?? process.env.MNEMOSPARK_SKIP_GATEWAY_RESTART === "1";
+  if (!skipRestart && (agentChanged || execChanged)) {
+    try {
+      await runOpenClawCli(["gateway", "restart", "--json"], homeDir);
+    } catch {
+    }
+  }
+}
+
 // src/cloud-command.ts
 var SUPPORTED_BACKUP_PLATFORMS = /* @__PURE__ */ new Set(["darwin", "linux"]);
-var BACKUP_DIR_SUBPATH = join8(".openclaw", "mnemospark", "backup");
-var DEFAULT_BACKUP_DIR = join8(homedir6(), BACKUP_DIR_SUBPATH);
-var BLOCKRUN_WALLET_KEY_SUBPATH = join8(".openclaw", "blockrun", "wallet.key");
-var MNEMOSPARK_WALLET_KEY_SUBPATH = join8(".openclaw", "mnemospark", "wallet", "wallet.key");
+var BACKUP_DIR_SUBPATH = join10(".openclaw", "mnemospark", "backup");
+var DEFAULT_BACKUP_DIR = join10(homedir7(), BACKUP_DIR_SUBPATH);
+var BLOCKRUN_WALLET_KEY_SUBPATH = join10(".openclaw", "blockrun", "wallet.key");
+var MNEMOSPARK_WALLET_KEY_SUBPATH = join10(".openclaw", "mnemospark", "wallet", "wallet.key");
 var INLINE_UPLOAD_MAX_BYTES = 45e5;
 var NODE_FS_MAX_READFILE_BYTES = 2147483648;
 var PAYMENT_CRON_SCHEDULE = "0 0 1 * *";
@@ -4231,7 +4446,7 @@ var TAR_OVERHEAD_BYTES = 10 * 1024 * 1024;
 var QUOTE_VALIDITY_USER_NOTE = "Quotes are valid for one hour. Please run price-storage again if you need a new quote.";
 var MNEMOSPARK_SUPPORT_EMAIL = "pluggedin@mnemospark.ai";
 var CLOUD_HELP_FOOTER_STATE = "Local state: mnemospark records quotes, objects, payments, cron jobs, friendly names, and operation metadata in ~/.openclaw/mnemospark/state.db (SQLite). For troubleshooting and correlation, commands and the HTTP proxy append structured JSON lines to ~/.openclaw/mnemospark/events.jsonl. Monthly storage billing jobs are listed in ~/.openclaw/cron/jobs.json for OpenClaw scheduling.";
-var REQUIRED_PRICE_STORAGE = "wallet-address:, object-id:, object-id-hash:, gb:, provider:, region:";
+var REQUIRED_PRICE_STORAGE = "wallet-address:, object-id:, gb:, provider:, region: (object-id-hash: optional if the object exists in local SQLite after backup)";
 var REQUIRED_UPLOAD = "quote-id:, wallet-address:, object-id:, object-id-hash:";
 var REQUIRED_BACKUP = "<file|directory> and name:<friendly-name>";
 var REQUIRED_PAYMENT_SETTLE = "wallet-address: and (quote-id: | renewal:true with object-key:)";
@@ -4241,10 +4456,10 @@ var ORCHESTRATOR_MODES = /* @__PURE__ */ new Set(["inline", "subagent"]);
 function expandTilde(path) {
   const trimmed = path.trim();
   if (trimmed === "~") {
-    return homedir6();
+    return homedir7();
   }
   if (trimmed.startsWith("~/") || trimmed.startsWith("~\\")) {
-    return join8(homedir6(), trimmed.slice(2));
+    return join10(homedir7(), trimmed.slice(2));
   }
   return path;
 }
@@ -4261,10 +4476,10 @@ var CLOUD_HELP_TEXT = [
   "  Purpose: create a local tar+gzip archive under ~/.openclaw/mnemospark/backup (filename from sanitized friendly name) and record metadata in SQLite for later price-storage and upload.",
   "  Required: " + REQUIRED_BACKUP,
   "",
-  "\u2022 `/mnemospark cloud price-storage wallet-address:<addr> object-id:<id> object-id-hash:<hash> gb:<gb> provider:aws region:us-east-1`",
-  "  Purpose: request a storage quote before upload (defaults shown; override `provider:` / `region:` for other regions).",
+  "\u2022 `/mnemospark cloud price-storage wallet-address:<addr> object-id:<id> [object-id-hash:<hash>] gb:<gb> provider:aws region:us-east-1`",
+  "  Purpose: request a storage quote before upload (defaults shown; override `provider:` / `region:` for other regions). Omit `object-id-hash:` when the object is already in local SQLite (e.g. after backup); mnemospark reads sha256 from ~/.openclaw/mnemospark/state.db.",
   "  Required: " + REQUIRED_PRICE_STORAGE,
-  "  Shorter: `wallet:\u2026 object:\u2026 hash:\u2026 gb:\u2026 provider:\u2026 region:\u2026`",
+  "  Shorter: `wallet:\u2026 object:\u2026 [hash:\u2026] gb:\u2026 provider:\u2026 region:\u2026`",
   "",
   "\u2022 `/mnemospark cloud upload quote-id:<quote-id> wallet-address:<addr> object-id:<id> object-id-hash:<hash> [name:<friendly-name>] [async:true] [orchestrator:<inline|subagent>] [timeout-seconds:<n>]`",
   "  Purpose: upload an encrypted object using a valid quote-id.",
@@ -4475,6 +4690,41 @@ function stripAsyncControlFlags(args) {
 function mergeArgParseWarnings(a, b) {
   return [...a, ...b];
 }
+async function resolvePriceStorageHashFromDatastore(datastore, partial) {
+  await datastore.ensureReady();
+  const row = await datastore.findObjectById(partial.object_id.trim());
+  const wallet = partial.wallet_address.trim().toLowerCase();
+  if (!row) {
+    return {
+      ok: false,
+      message: "Cannot resolve object-id-hash: no object found in local SQLite for this object-id. Run backup first, or pass --object-id-hash explicitly."
+    };
+  }
+  if (row.wallet_address.trim().toLowerCase() !== wallet) {
+    return {
+      ok: false,
+      message: "Cannot resolve object-id-hash: wallet-address does not match the object record in ~/.openclaw/mnemospark/state.db."
+    };
+  }
+  const sha = row.sha256?.trim();
+  if (!sha) {
+    return {
+      ok: false,
+      message: "Cannot resolve object-id-hash: local object record has no sha256 yet. Run backup first, or pass --object-id-hash explicitly."
+    };
+  }
+  return {
+    ok: true,
+    request: {
+      wallet_address: partial.wallet_address.trim(),
+      object_id: partial.object_id.trim(),
+      object_id_hash: sha.replace(/\s/g, ""),
+      gb: partial.gb,
+      provider: partial.provider.trim(),
+      region: partial.region.trim()
+    }
+  };
+}
 function parseCloudArgs(args) {
   const trimmed = args?.trim() ?? "";
   if (!trimmed) {
@@ -4544,18 +4794,38 @@ function parseCloudArgs(args) {
     }
     const flags = valuesToStringRecord(parsed.values);
     const gb = Number.parseFloat(flags.gb ?? "");
-    const request = parsePriceStorageQuoteRequest({
-      wallet_address: flags["wallet-address"],
-      object_id: flags["object-id"],
-      object_id_hash: flags["object-id-hash"],
-      gb,
-      provider: flags.provider,
-      region: flags.region
-    });
-    if (!request) {
+    const hashRaw = flags["object-id-hash"]?.trim();
+    const walletAddress = flags["wallet-address"]?.trim();
+    const objectId = flags["object-id"]?.trim();
+    const provider = flags.provider?.trim();
+    const region = flags.region?.trim();
+    if (!walletAddress || !objectId || !provider || !region || !Number.isFinite(gb)) {
       return { mode: "price-storage-invalid" };
     }
-    return { mode: "price-storage", priceStorageRequest: request };
+    if (hashRaw) {
+      const request = parsePriceStorageQuoteRequest({
+        wallet_address: walletAddress,
+        object_id: objectId,
+        object_id_hash: hashRaw,
+        gb,
+        provider,
+        region
+      });
+      if (!request) {
+        return { mode: "price-storage-invalid" };
+      }
+      return { mode: "price-storage", priceStorageRequest: request };
+    }
+    return {
+      mode: "price-storage-resolve-hash",
+      priceStoragePartial: {
+        wallet_address: walletAddress,
+        object_id: objectId,
+        gb,
+        provider,
+        region
+      }
+    };
   }
   if (subcommand === "upload") {
     const parsed = parseCommandArgs(rest, uploadSchema);
@@ -4757,7 +5027,7 @@ async function calculateInputSizeBytes(targetPath) {
   let total = 0;
   const entries = await readdir2(targetPath, { withFileTypes: true });
   for (const entry of entries) {
-    total += await calculateInputSizeBytes(join8(targetPath, entry.name));
+    total += await calculateInputSizeBytes(join10(targetPath, entry.name));
   }
   return total;
 }
@@ -4769,11 +5039,11 @@ function getAvailableDiskBytes(tmpDir, options) {
   return stats.bavail * stats.bsize;
 }
 async function runTarGzip(archivePath, sourcePath) {
-  const sourceDir = dirname5(sourcePath);
+  const sourceDir = dirname6(sourcePath);
   const sourceName = basename2(sourcePath);
   await new Promise((resolvePromise, rejectPromise) => {
     let stderr = "";
-    const child = spawn("tar", ["-czf", archivePath, "-C", sourceDir, sourceName], {
+    const child = spawn2("tar", ["-czf", archivePath, "-C", sourceDir, sourceName], {
       stdio: ["ignore", "ignore", "pipe"]
     });
     child.stderr.on("data", (chunk) => {
@@ -4803,7 +5073,7 @@ async function resolveLocalUploadArchivePath(backupDir, objectId, friendlyName)
   if (friendlyName?.trim()) {
     try {
       const sanitized = sanitizeFriendlyNameForLocalBasename(friendlyName);
-      const candidate = join8(backupDir, sanitized);
+      const candidate = join10(backupDir, sanitized);
       try {
         const st = await stat2(candidate);
         if (st.isFile()) {
@@ -4814,7 +5084,7 @@ async function resolveLocalUploadArchivePath(backupDir, objectId, friendlyName)
     } catch {
     }
   }
-  const legacyPath = join8(backupDir, objectId);
+  const legacyPath = join10(backupDir, objectId);
   try {
     const legacyStats = await stat2(legacyPath);
     if (!legacyStats.isFile()) {
@@ -4852,7 +5122,7 @@ async function buildBackupObject(targetPathArg, options = {}) {
     tmpStats = await stat2(tmpDir);
   } catch (error) {
     if (error.code === "ENOENT") {
-      await mkdir5(tmpDir, { recursive: true });
+      await mkdir6(tmpDir, { recursive: true });
       tmpStats = await stat2(tmpDir);
     } else {
       throw error;
@@ -4869,7 +5139,7 @@ async function buildBackupObject(targetPathArg, options = {}) {
   }
   const objectId = createObjectId(options);
   const archiveBaseSegment = options.archiveBasename?.trim() || objectId;
-  const archivePath = join8(tmpDir, archiveBaseSegment);
+  const archivePath = join10(tmpDir, archiveBaseSegment);
   if (options.archiveBasename?.trim()) {
     try {
       const existing = await stat2(archivePath);
@@ -4925,48 +5195,6 @@ function normalizeOpenClawCronJobForLookup(value) {
     message: payloadMessage
   };
 }
-async function runOpenClawCli(args, homeDir) {
-  return await new Promise((resolvePromise, rejectPromise) => {
-    let stdout = "";
-    let stderr = "";
-    const child = spawn("openclaw", args, {
-      stdio: ["ignore", "pipe", "pipe"],
-      env: {
-        ...process.env,
-        HOME: homeDir ?? process.env.HOME
-      }
-    });
-    child.stdout.on("data", (chunk) => {
-      stdout += chunk.toString();
-    });
-    child.stderr.on("data", (chunk) => {
-      stderr += chunk.toString();
-    });
-    child.on("error", rejectPromise);
-    child.on("close", (code) => {
-      if (code === 0) {
-        resolvePromise({ stdout, stderr });
-        return;
-      }
-      rejectPromise(
-        new Error(
-          stderr.trim() || stdout.trim() || `openclaw ${args.join(" ")} exited with code ${code ?? "unknown"}`
-        )
-      );
-    });
-  });
-}
-function parseOpenClawCliJson(stdout, commandLabel) {
-  const trimmed = stdout.trim();
-  if (!trimmed) {
-    throw new Error(`openclaw ${commandLabel} returned empty JSON output`);
-  }
-  try {
-    return JSON.parse(trimmed);
-  } catch {
-    throw new Error(`openclaw ${commandLabel} returned invalid JSON output`);
-  }
-}
 function createOpenClawCliCronAdapter(homeDir) {
   return {
     add: async (job) => {
@@ -4982,11 +5210,11 @@ function createOpenClawCliCronAdapter(homeDir) {
           job.schedule.tz,
           "--session",
           job.sessionTarget,
+          "--agent",
+          job.agentId,
           "--message",
           job.payload.message,
-          "--announce",
-          "--description",
-          job.delivery.text,
+          "--no-deliver",
           "--json"
         ],
         homeDir
@@ -5051,8 +5279,9 @@ function buildStoragePaymentCronCommand(job) {
   return `/mnemospark cloud ${buildStoragePaymentRenewalArgs(job)}`;
 }
 function buildOpenClawRenewalAgentMessage(openClawHome, renewalArgs) {
-  const cliPath = join8(openClawHome, ".openclaw/extensions/mnemospark/dist/cli.js");
-  return `Execute: node ${cliPath} cloud ${renewalArgs}`;
+  const cliPath = join10(openClawHome, ".openclaw/extensions/mnemospark/dist/cli.js");
+  const nodeBin = getRenewalNodeBinary();
+  return `Command: ${nodeBin} ${cliPath} cloud ${renewalArgs}`;
 }
 function parseStoragePaymentCronCommand(command) {
   const objectIdMatch = command.match(/--object-id\s+("([^"\\]|\\.)*"|'([^'\\]|\\.)*'|\S+)/);
@@ -5098,10 +5327,7 @@ async function appendStoragePaymentCronJob(cronJob, adapter, payloadMessage) {
       message: payloadMessage
     },
     sessionTarget: "isolated",
-    delivery: {
-      mode: "announce",
-      text: "Thank you for using mnemospark cloud storage. Your renewal has been processed."
-    }
+    agentId: getRenewalAgentId()
   };
   return adapter.add(openClawJob);
 }
@@ -5109,6 +5335,7 @@ async function removeStoragePaymentCronJob(cronId, adapter) {
   return adapter.remove(cronId);
 }
 async function createStoragePaymentCronJob(upload, storagePrice, openClawCronAdapter, openClawHomeDir, nowDateFn = () => /* @__PURE__ */ new Date()) {
+  await ensureOpenClawRenewalPrerequisites({ homeDir: openClawHomeDir });
   const renewalFields = {
     walletAddress: upload.addr,
     objectId: upload.object_id,
@@ -5116,7 +5343,7 @@ async function createStoragePaymentCronJob(upload, storagePrice, openClawCronAda
     storagePrice
   };
   const renewalArgs = buildStoragePaymentRenewalArgs(renewalFields);
-  const provisionalCronId = randomUUID3();
+  const provisionalCronId = randomUUID4();
   const cronJob = {
     cronId: provisionalCronId,
     createdAt: nowDateFn().toISOString(),
@@ -5140,7 +5367,7 @@ async function createStoragePaymentCronJob(upload, storagePrice, openClawCronAda
 }
 async function readWalletKeyIfPresent(walletPath) {
   try {
-    const key = (await readFile3(walletPath, "utf-8")).trim();
+    const key = (await readFile4(walletPath, "utf-8")).trim();
     return isValidWalletPrivateKey(key) ? key : null;
   } catch (error) {
     if (error.code === "ENOENT") {
@@ -5154,9 +5381,9 @@ async function resolveWalletPrivateKey(homeDir) {
   if (isValidWalletPrivateKey(envKey)) {
     return envKey;
   }
-  const baseHome = homeDir ?? homedir6();
-  const primaryWalletPath = join8(baseHome, MNEMOSPARK_WALLET_KEY_SUBPATH);
-  const fallbackWalletPath = join8(baseHome, BLOCKRUN_WALLET_KEY_SUBPATH);
+  const baseHome = homeDir ?? homedir7();
+  const primaryWalletPath = join10(baseHome, MNEMOSPARK_WALLET_KEY_SUBPATH);
+  const fallbackWalletPath = join10(baseHome, BLOCKRUN_WALLET_KEY_SUBPATH);
   const fromPrimary = await readWalletKeyIfPresent(primaryWalletPath);
   if (fromPrimary) {
     return fromPrimary;
@@ -5220,9 +5447,9 @@ async function encryptPlaintextFileToAesGcmPath(plaintextPath, dek, outPath, ran
 }
 async function loadOrCreateKek(walletAddress, homeDir) {
   const keyPath = resolveWalletKekPath(walletAddress, homeDir);
-  await mkdir5(dirname5(keyPath), { recursive: true });
+  await mkdir6(dirname6(keyPath), { recursive: true });
   try {
-    const existing = await readFile3(keyPath);
+    const existing = await readFile4(keyPath);
     return { kek: parseStoredAes256Key(existing), keyPath };
   } catch (error) {
     if (error.code !== "ENOENT") {
@@ -5230,7 +5457,7 @@ async function loadOrCreateKek(walletAddress, homeDir) {
     }
   }
   const generated = randomBytesNode(32);
-  await writeFile3(keyPath, generated, { mode: 384 });
+  await writeFile4(keyPath, generated, { mode: 384 });
   return { kek: generated, keyPath };
 }
 async function prepareUploadPayload(archivePath, walletAddress, homeDir) {
@@ -5242,7 +5469,7 @@ async function prepareUploadPayload(archivePath, walletAddress, homeDir) {
   const dek = randomBytesNode(32);
   const wrappedDek = encryptAesGcm(dek, kek);
   if (archiveStat.size >= NODE_FS_MAX_READFILE_BYTES) {
-    const encryptedTempPath = join8(tmpdir(), `mnemospark-upload-${randomUUID3()}.enc`);
+    const encryptedTempPath = join10(tmpdir(), `mnemospark-upload-${randomUUID4()}.enc`);
     try {
       await encryptPlaintextFileToAesGcmPath(archivePath, dek, encryptedTempPath);
       const encStat = await stat2(encryptedTempPath);
@@ -5268,7 +5495,7 @@ async function prepareUploadPayload(archivePath, walletAddress, homeDir) {
       throw err;
     }
   }
-  const plaintext = await readFile3(archivePath);
+  const plaintext = await readFile4(archivePath);
   const encryptedContent = encryptAesGcm(plaintext, dek);
   const payloadHash = sha256Buffer(encryptedContent);
   const payload = {
@@ -5513,7 +5740,7 @@ function createInProcessSubagentOrchestrator() {
   };
   return {
     dispatch: async (input) => {
-      const sessionId = `agent:mnemospark:subagent:${randomUUID3()}`;
+      const sessionId = `agent:mnemospark:subagent:${randomUUID4()}`;
       const state = {
         terminal: false,
         cancelRequested: false,
@@ -5615,7 +5842,7 @@ function createCloudCommand(options = {}) {
           createPaymentFetchFn: options.createPaymentFetchFn ?? createPaymentFetch,
           fetchImpl: options.fetchImpl ?? fetch,
           nowDateFn: options.nowDateFn ?? (() => /* @__PURE__ */ new Date()),
-          idempotencyKeyFn: options.idempotencyKeyFn ?? randomUUID3,
+          idempotencyKeyFn: options.idempotencyKeyFn ?? randomUUID4,
           requestStorageLsFn: options.requestStorageLsFn ?? requestStorageLsViaProxy,
           requestStorageDownloadFn: options.requestStorageDownloadFn ?? requestStorageDownloadViaProxy,
           requestStorageDeleteFn: options.requestStorageDeleteFn ?? requestStorageDeleteViaProxy,
@@ -5759,8 +5986,8 @@ async function emitOperationEventBestEffort(eventType, context, homeDir) {
   }
 }
 function buildRequestCorrelation(forcedOperationId, forcedTraceId) {
-  const operationId = forcedOperationId?.trim() || randomUUID3();
-  const traceId = forcedTraceId?.trim() || randomUUID3();
+  const operationId = forcedOperationId?.trim() || randomUUID4();
+  const traceId = forcedTraceId?.trim() || randomUUID4();
   return { operationId, traceId };
 }
 function parseTransIdFromPaymentSettleBody(bodyText) {
@@ -6048,7 +6275,7 @@ ${operation.result_text}` : meta;
         };
       }
       if (!isTerminalOperationStatus(operation.status)) {
-        const traceId = operation.trace_id ?? randomUUID3();
+        const traceId = operation.trace_id ?? randomUUID4();
         const cancelRequestedAt = (/* @__PURE__ */ new Date()).toISOString();
         await datastore.upsertOperation({
           operation_id: operation.operation_id,
@@ -6646,7 +6873,7 @@ operation-id: ${operationId}`,
       await emitCloudEventBestEffort(
         "backup.completed",
         {
-          operation_id: executionContext.forcedOperationId?.trim() || randomUUID3(),
+          operation_id: executionContext.forcedOperationId?.trim() || randomUUID4(),
           object_id: result.objectId,
           status: "succeeded",
           details: {
@@ -6692,10 +6919,23 @@ operation-id: ${operationId}`,
       };
     }
   }
-  if (parsed.mode === "price-storage") {
+  if (parsed.mode === "price-storage" || parsed.mode === "price-storage-resolve-hash") {
+    let priceStorageRequest;
+    if (parsed.mode === "price-storage-resolve-hash") {
+      const resolved = await resolvePriceStorageHashFromDatastore(
+        datastore,
+        parsed.priceStoragePartial
+      );
+      if (!resolved.ok) {
+        return { text: resolved.message, isError: true };
+      }
+      priceStorageRequest = resolved.request;
+    } else {
+      priceStorageRequest = parsed.priceStorageRequest;
+    }
     const correlation = buildRequestCorrelation();
     try {
-      const quote = await requestPriceStorageQuote(parsed.priceStorageRequest, {
+      const quote = await requestPriceStorageQuote(priceStorageRequest, {
         ...options.proxyQuoteOptions,
         correlation
       });
@@ -6753,8 +6993,8 @@ operation-id: ${operationId}`,
         {
           operation_id: correlation.operationId,
           trace_id: correlation.traceId,
-          wallet_address: parsed.priceStorageRequest.wallet_address,
-          object_id: parsed.priceStorageRequest.object_id,
+          wallet_address: priceStorageRequest.wallet_address,
+          object_id: priceStorageRequest.object_id,
           status: "failed"
         },
         mnemosparkHomeDir
@@ -6920,7 +7160,7 @@ operation-id: ${operationId}`,
         finalizedUploadResponse,
         cronStoragePrice,
         openClawCronAdapter,
-        mnemosparkHomeDir ?? homedir6(),
+        mnemosparkHomeDir ?? homedir7(),
         nowDateFn
       );
       await datastore.upsertObject({
@@ -7530,12 +7770,12 @@ async function buildWalletExportResponse() {
 }
 
 // src/cli.ts
-import { spawn as spawn2 } from "child_process";
-import { dirname as dirname6, join as join9 } from "path";
+import { spawn as spawn3 } from "child_process";
+import { dirname as dirname7, join as join11 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
-import { mkdir as mkdir6, readFile as readFile4, writeFile as writeFile4 } from "fs/promises";
+import { mkdir as mkdir7, readFile as readFile5, writeFile as writeFile5 } from "fs/promises";
 import { existsSync as existsSync2 } from "fs";
-import { homedir as homedir7 } from "os";
+import { homedir as homedir8 } from "os";
 function isHexPrivateKey(value) {
   return typeof value === "string" && /^0x[0-9a-fA-F]{64}$/.test(value.trim());
 }
@@ -7643,25 +7883,25 @@ function parseArgs(args) {
   return result;
 }
 var __filename2 = fileURLToPath2(import.meta.url);
-var __dirname2 = dirname6(__filename2);
-var PACKAGE_ROOT = dirname6(__dirname2);
+var __dirname2 = dirname7(__filename2);
+var PACKAGE_ROOT = dirname7(__dirname2);
 async function ensureDir(path) {
-  await mkdir6(path, { recursive: true });
+  await mkdir7(path, { recursive: true });
 }
 async function deployExtensionFiles() {
-  const scriptsSource = join9(PACKAGE_ROOT, "scripts");
+  const scriptsSource = join11(PACKAGE_ROOT, "scripts");
   if (!existsSync2(scriptsSource)) return;
-  const mnemoScriptsDir = join9(homedir7(), ".openclaw", "mnemospark", "scripts");
+  const mnemoScriptsDir = join11(homedir8(), ".openclaw", "mnemospark", "scripts");
   await ensureDir(mnemoScriptsDir);
-  const uninstallSrc = join9(scriptsSource, "uninstall.sh");
+  const uninstallSrc = join11(scriptsSource, "uninstall.sh");
   if (existsSync2(uninstallSrc)) {
-    const content = await readFile4(uninstallSrc);
-    await writeFile4(join9(mnemoScriptsDir, "uninstall.sh"), content, { mode: 493 });
+    const content = await readFile5(uninstallSrc);
+    await writeFile5(join11(mnemoScriptsDir, "uninstall.sh"), content, { mode: 493 });
   }
 }
 function isOpenClawAvailable() {
   return new Promise((resolve3) => {
-    const child = spawn2("openclaw", ["--version"], {
+    const child = spawn3("openclaw", ["--version"], {
       stdio: "ignore",
       shell: true
     });
@@ -7670,13 +7910,13 @@ function isOpenClawAvailable() {
   });
 }
 function getOpenClawConfigPath() {
-  const stateDir = process.env.OPENCLAW_STATE_DIR ?? join9(homedir7(), ".openclaw");
-  return join9(stateDir, "openclaw.json");
+  const stateDir = process.env.OPENCLAW_STATE_DIR ?? join11(homedir8(), ".openclaw");
+  return join11(stateDir, "openclaw.json");
 }
 async function ensureMnemosparkInPluginsAllow() {
   const configPath = getOpenClawConfigPath();
   try {
-    const raw = await readFile4(configPath, "utf-8");
+    const raw = await readFile5(configPath, "utf-8");
     const config = JSON.parse(raw);
     if (!config.plugins || typeof config.plugins !== "object") {
       config.plugins = {};
@@ -7688,7 +7928,7 @@ async function ensureMnemosparkInPluginsAllow() {
     const allow = plugins.allow;
     if (!allow.includes("mnemospark")) {
       allow.push("mnemospark");
-      await writeFile4(configPath, JSON.stringify(config, null, 2), "utf-8");
+      await writeFile5(configPath, JSON.stringify(config, null, 2), "utf-8");
       console.log("[mnemospark] Added mnemospark to plugins.allow in openclaw.json.");
     }
   } catch (err) {
@@ -7701,7 +7941,7 @@ async function promptOrRunOpenClawPluginInstall() {
   const available = await isOpenClawAvailable();
   if (available) {
     console.log("\n[mnemospark] Registering plugin with OpenClaw...");
-    const child = spawn2("openclaw", ["plugins", "install", "mnemospark"], {
+    const child = spawn3("openclaw", ["plugins", "install", "mnemospark"], {
       stdio: "inherit",
       shell: true
     });
@@ -7723,7 +7963,7 @@ async function promptOrRunOpenClawPluginInstall() {
 }
 async function readLegacyWalletIfPresent() {
   try {
-    const key = (await readFile4(LEGACY_WALLET_FILE, "utf-8")).trim();
+    const key = (await readFile5(LEGACY_WALLET_FILE, "utf-8")).trim();
     return isHexPrivateKey(key) ? key : null;
   } catch (error) {
     if (error.code === "ENOENT") {
@@ -7733,9 +7973,9 @@ async function readLegacyWalletIfPresent() {
   }
 }
 async function writeMnemosparkWallet(key) {
-  const dir = dirname6(WALLET_FILE);
+  const dir = dirname7(WALLET_FILE);
   await ensureDir(dir);
-  await writeFile4(WALLET_FILE, `${key}
+  await writeFile5(WALLET_FILE, `${key}
 `, { mode: 384 });
 }
 async function promptReuseLegacyWallet() {