mnemospark 1.2.2 → 1.4.0

package/dist/cli.js

@@ -3004,17 +3004,17 @@ var CLOUD_ONBOARDING_BLOCK_LINES = [
 ];
 
 // src/cloud-command.ts
-import { spawn } from "child_process";
+import { spawn as spawn2 } from "child_process";
 import {
   createCipheriv,
   createHash as createHash2,
   randomBytes as randomBytesNode,
-  randomUUID as randomUUID3
+  randomUUID as randomUUID4
 } from "crypto";
 import { createReadStream as createReadStream2, createWriteStream as createWriteStream2, statfsSync } from "fs";
-import { lstat, mkdir as mkdir5, readFile as readFile3, readdir as readdir2, rm, stat as stat2, writeFile as writeFile3 } from "fs/promises";
-import { homedir as homedir6, tmpdir } from "os";
-import { basename as basename2, dirname as dirname5, join as join8, resolve as resolve2 } from "path";
+import { lstat, mkdir as mkdir6, readFile as readFile4, readdir as readdir2, rm, stat as stat2, writeFile as writeFile4 } from "fs/promises";
+import { homedir as homedir7, tmpdir } from "os";
+import { basename as basename2, dirname as dirname6, join as join10, resolve as resolve2 } from "path";
 import { Readable } from "stream";
 import { finished } from "stream/promises";
 import { privateKeyToAccount as privateKeyToAccount5 } from "viem/accounts";
@@ -4219,12 +4219,219 @@ var opStatusSchema = {
   ]
 };
 
+// src/openclaw-cli.ts
+import { spawn } from "child_process";
+import { join as join8 } from "path";
+async function runOpenClawCli(args, homeDir) {
+  return await new Promise((resolvePromise, rejectPromise) => {
+    let stdout = "";
+    let stderr = "";
+    const child = spawn("openclaw", args, {
+      stdio: ["ignore", "pipe", "pipe"],
+      env: {
+        ...process.env,
+        HOME: homeDir ?? process.env.HOME
+      }
+    });
+    child.stdout.on("data", (chunk) => {
+      stdout += chunk.toString();
+    });
+    child.stderr.on("data", (chunk) => {
+      stderr += chunk.toString();
+    });
+    child.on("error", rejectPromise);
+    child.on("close", (code) => {
+      if (code === 0) {
+        resolvePromise({ stdout, stderr });
+        return;
+      }
+      rejectPromise(
+        new Error(
+          stderr.trim() || stdout.trim() || `openclaw ${args.join(" ")} exited with code ${code ?? "unknown"}`
+        )
+      );
+    });
+  });
+}
+function parseOpenClawCliJson(stdout, commandLabel) {
+  const trimmed = stdout.trim();
+  if (!trimmed) {
+    throw new Error(`openclaw ${commandLabel} returned empty JSON output`);
+  }
+  try {
+    return JSON.parse(trimmed);
+  } catch {
+    throw new Error(`openclaw ${commandLabel} returned invalid JSON output`);
+  }
+}
+async function resolveOpenClawConfigFilePath(homeDir) {
+  const { stdout } = await runOpenClawCli(["config", "file"], homeDir);
+  const trimmed = stdout.trim();
+  if (trimmed.startsWith("~/")) {
+    return join8(homeDir, trimmed.slice(2));
+  }
+  if (trimmed.startsWith("~\\")) {
+    return join8(homeDir, trimmed.slice(2));
+  }
+  return trimmed;
+}
+
+// src/openclaw-renewal-runbook.ts
+import { mkdir as mkdir5, readFile as readFile3, rename as rename2, writeFile as writeFile3 } from "fs/promises";
+import { homedir as homedir6 } from "os";
+import { dirname as dirname5, join as join9 } from "path";
+import { randomUUID as randomUUID3 } from "crypto";
+var DEFAULT_RENEWAL_AGENT_ID = "mnemospark-renewal";
+var RENEWAL_NODE_ALLOWLIST_ID = "node-usr-bin-node";
+function getRenewalAgentId() {
+  const fromEnv = process.env.MNEMOSPARK_CRON_AGENT_ID?.trim();
+  return fromEnv && fromEnv.length > 0 ? fromEnv : DEFAULT_RENEWAL_AGENT_ID;
+}
+function getRenewalNodeBinary() {
+  const fromEnv = process.env.MNEMOSPARK_CRON_NODE_BIN?.trim();
+  return fromEnv && fromEnv.length > 0 ? fromEnv : "/usr/bin/node";
+}
+function runbookRenewalAgentEntry(agentId = getRenewalAgentId()) {
+  return {
+    id: agentId,
+    tools: {
+      deny: ["subagents"],
+      exec: { ask: "off" }
+    }
+  };
+}
+function isRecord(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+function renewalAgentEntrySatisfied(existing, desired) {
+  if (!isRecord(existing)) {
+    return false;
+  }
+  if (existing.id !== desired.id) {
+    return false;
+  }
+  const tools = existing.tools;
+  if (!isRecord(tools)) {
+    return false;
+  }
+  const deny = tools.deny;
+  if (!Array.isArray(deny) || !deny.includes("subagents")) {
+    return false;
+  }
+  const exec = tools.exec;
+  if (!isRecord(exec) || exec.ask !== "off") {
+    return false;
+  }
+  return true;
+}
+function mergeRenewalAgentIntoAgentsList(list, desired) {
+  const arr = Array.isArray(list) ? [...list] : [];
+  const idx = arr.findIndex((e) => isRecord(e) && typeof e.id === "string" && e.id === desired.id);
+  if (idx === -1) {
+    return { list: [...arr, desired], changed: true };
+  }
+  if (renewalAgentEntrySatisfied(arr[idx], desired)) {
+    return { list: arr, changed: false };
+  }
+  const next = [...arr];
+  next[idx] = desired;
+  return { list: next, changed: true };
+}
+function mergeExecApprovalsAllowlist(doc, agentId, nodeBinary) {
+  const prevAgents = doc.agents && isRecord(doc.agents) ? doc.agents : {};
+  const block = prevAgents[agentId];
+  const allowlist = Array.isArray(block?.allowlist) ? [...block.allowlist] : [];
+  const hasPattern = allowlist.some((e) => e?.pattern === nodeBinary);
+  if (hasPattern) {
+    return { doc, changed: false };
+  }
+  allowlist.push({
+    id: RENEWAL_NODE_ALLOWLIST_ID,
+    pattern: nodeBinary,
+    source: "manual",
+    lastUsedAt: Date.now()
+  });
+  const nextAgents = {
+    ...prevAgents,
+    [agentId]: {
+      ...block && isRecord(block) ? block : {},
+      allowlist
+    }
+  };
+  return { doc: { ...doc, agents: nextAgents }, changed: true };
+}
+async function readJsonFile(path) {
+  const raw = await readFile3(path, "utf-8");
+  return JSON.parse(raw);
+}
+async function writeFileAtomic(path, contents) {
+  await mkdir5(dirname5(path), { recursive: true });
+  const tmp = join9(dirname5(path), `.tmp-${randomUUID3()}`);
+  await writeFile3(tmp, contents, "utf-8");
+  await rename2(tmp, path);
+}
+async function ensureOpenClawRenewalPrerequisites(options = {}) {
+  if (options.disabled ?? process.env.MNEMOSPARK_DISABLE_OPENCLAW_PREREQ === "1") {
+    return;
+  }
+  const homeDir = options.homeDir ?? homedir6();
+  const agentId = getRenewalAgentId();
+  const desired = runbookRenewalAgentEntry(agentId);
+  const nodeBinary = getRenewalNodeBinary();
+  const configPath = await resolveOpenClawConfigFilePath(homeDir);
+  let configRaw = "{}";
+  try {
+    configRaw = await readFile3(configPath, "utf-8");
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      throw err;
+    }
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(configRaw);
+  } catch {
+    throw new Error(
+      `openclaw.json at ${configPath} is not valid JSON; fix or remove it before applying renewal prerequisites.`
+    );
+  }
+  const agents = isRecord(parsed.agents) ? parsed.agents : {};
+  const { list: mergedList, changed: agentChanged } = mergeRenewalAgentIntoAgentsList(
+    agents.list,
+    desired
+  );
+  if (agentChanged) {
+    const listJson = JSON.stringify(mergedList);
+    await runOpenClawCli(["config", "set", "agents.list", listJson, "--strict-json"], homeDir);
+    await runOpenClawCli(["config", "validate"], homeDir);
+  }
+  const execPath = join9(homeDir, ".openclaw", "exec-approvals.json");
+  let execDoc = {};
+  try {
+    const raw = await readJsonFile(execPath);
+    execDoc = isRecord(raw) ? raw : {};
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      throw err;
+    }
+  }
+  const { doc: mergedExec, changed: execChanged } = mergeExecApprovalsAllowlist(
+    execDoc,
+    agentId,
+    nodeBinary
+  );
+  if (execChanged) {
+    await writeFileAtomic(execPath, `${JSON.stringify(mergedExec, null, 2)}
+`);
+  }
+}
+
 // src/cloud-command.ts
 var SUPPORTED_BACKUP_PLATFORMS = /* @__PURE__ */ new Set(["darwin", "linux"]);
-var BACKUP_DIR_SUBPATH = join8(".openclaw", "mnemospark", "backup");
-var DEFAULT_BACKUP_DIR = join8(homedir6(), BACKUP_DIR_SUBPATH);
-var BLOCKRUN_WALLET_KEY_SUBPATH = join8(".openclaw", "blockrun", "wallet.key");
-var MNEMOSPARK_WALLET_KEY_SUBPATH = join8(".openclaw", "mnemospark", "wallet", "wallet.key");
+var BACKUP_DIR_SUBPATH = join10(".openclaw", "mnemospark", "backup");
+var DEFAULT_BACKUP_DIR = join10(homedir7(), BACKUP_DIR_SUBPATH);
+var BLOCKRUN_WALLET_KEY_SUBPATH = join10(".openclaw", "blockrun", "wallet.key");
+var MNEMOSPARK_WALLET_KEY_SUBPATH = join10(".openclaw", "mnemospark", "wallet", "wallet.key");
 var INLINE_UPLOAD_MAX_BYTES = 45e5;
 var NODE_FS_MAX_READFILE_BYTES = 2147483648;
 var PAYMENT_CRON_SCHEDULE = "0 0 1 * *";
@@ -4242,10 +4449,10 @@ var ORCHESTRATOR_MODES = /* @__PURE__ */ new Set(["inline", "subagent"]);
 function expandTilde(path) {
   const trimmed = path.trim();
   if (trimmed === "~") {
-    return homedir6();
+    return homedir7();
   }
   if (trimmed.startsWith("~/") || trimmed.startsWith("~\\")) {
-    return join8(homedir6(), trimmed.slice(2));
+    return join10(homedir7(), trimmed.slice(2));
   }
   return path;
 }
@@ -4813,7 +5020,7 @@ async function calculateInputSizeBytes(targetPath) {
   let total = 0;
   const entries = await readdir2(targetPath, { withFileTypes: true });
   for (const entry of entries) {
-    total += await calculateInputSizeBytes(join8(targetPath, entry.name));
+    total += await calculateInputSizeBytes(join10(targetPath, entry.name));
   }
   return total;
 }
@@ -4825,11 +5032,11 @@ function getAvailableDiskBytes(tmpDir, options) {
   return stats.bavail * stats.bsize;
 }
 async function runTarGzip(archivePath, sourcePath) {
-  const sourceDir = dirname5(sourcePath);
+  const sourceDir = dirname6(sourcePath);
   const sourceName = basename2(sourcePath);
   await new Promise((resolvePromise, rejectPromise) => {
     let stderr = "";
-    const child = spawn("tar", ["-czf", archivePath, "-C", sourceDir, sourceName], {
+    const child = spawn2("tar", ["-czf", archivePath, "-C", sourceDir, sourceName], {
       stdio: ["ignore", "ignore", "pipe"]
     });
     child.stderr.on("data", (chunk) => {
@@ -4859,7 +5066,7 @@ async function resolveLocalUploadArchivePath(backupDir, objectId, friendlyName)
   if (friendlyName?.trim()) {
     try {
       const sanitized = sanitizeFriendlyNameForLocalBasename(friendlyName);
-      const candidate = join8(backupDir, sanitized);
+      const candidate = join10(backupDir, sanitized);
       try {
         const st = await stat2(candidate);
         if (st.isFile()) {
@@ -4870,7 +5077,7 @@ async function resolveLocalUploadArchivePath(backupDir, objectId, friendlyName)
     } catch {
     }
   }
-  const legacyPath = join8(backupDir, objectId);
+  const legacyPath = join10(backupDir, objectId);
   try {
     const legacyStats = await stat2(legacyPath);
     if (!legacyStats.isFile()) {
@@ -4908,7 +5115,7 @@ async function buildBackupObject(targetPathArg, options = {}) {
     tmpStats = await stat2(tmpDir);
   } catch (error) {
     if (error.code === "ENOENT") {
-      await mkdir5(tmpDir, { recursive: true });
+      await mkdir6(tmpDir, { recursive: true });
       tmpStats = await stat2(tmpDir);
     } else {
       throw error;
@@ -4925,7 +5132,7 @@ async function buildBackupObject(targetPathArg, options = {}) {
   }
   const objectId = createObjectId(options);
   const archiveBaseSegment = options.archiveBasename?.trim() || objectId;
-  const archivePath = join8(tmpDir, archiveBaseSegment);
+  const archivePath = join10(tmpDir, archiveBaseSegment);
   if (options.archiveBasename?.trim()) {
     try {
       const existing = await stat2(archivePath);
@@ -4981,48 +5188,6 @@ function normalizeOpenClawCronJobForLookup(value) {
     message: payloadMessage
   };
 }
-async function runOpenClawCli(args, homeDir) {
-  return await new Promise((resolvePromise, rejectPromise) => {
-    let stdout = "";
-    let stderr = "";
-    const child = spawn("openclaw", args, {
-      stdio: ["ignore", "pipe", "pipe"],
-      env: {
-        ...process.env,
-        HOME: homeDir ?? process.env.HOME
-      }
-    });
-    child.stdout.on("data", (chunk) => {
-      stdout += chunk.toString();
-    });
-    child.stderr.on("data", (chunk) => {
-      stderr += chunk.toString();
-    });
-    child.on("error", rejectPromise);
-    child.on("close", (code) => {
-      if (code === 0) {
-        resolvePromise({ stdout, stderr });
-        return;
-      }
-      rejectPromise(
-        new Error(
-          stderr.trim() || stdout.trim() || `openclaw ${args.join(" ")} exited with code ${code ?? "unknown"}`
-        )
-      );
-    });
-  });
-}
-function parseOpenClawCliJson(stdout, commandLabel) {
-  const trimmed = stdout.trim();
-  if (!trimmed) {
-    throw new Error(`openclaw ${commandLabel} returned empty JSON output`);
-  }
-  try {
-    return JSON.parse(trimmed);
-  } catch {
-    throw new Error(`openclaw ${commandLabel} returned invalid JSON output`);
-  }
-}
 function createOpenClawCliCronAdapter(homeDir) {
   return {
     add: async (job) => {
@@ -5038,11 +5203,11 @@ function createOpenClawCliCronAdapter(homeDir) {
           job.schedule.tz,
           "--session",
           job.sessionTarget,
+          "--agent",
+          job.agentId,
           "--message",
           job.payload.message,
-          "--announce",
-          "--description",
-          job.delivery.text,
+          "--no-deliver",
           "--json"
         ],
         homeDir
@@ -5107,8 +5272,9 @@ function buildStoragePaymentCronCommand(job) {
   return `/mnemospark cloud ${buildStoragePaymentRenewalArgs(job)}`;
 }
 function buildOpenClawRenewalAgentMessage(openClawHome, renewalArgs) {
-  const cliPath = join8(openClawHome, ".openclaw/extensions/mnemospark/dist/cli.js");
-  return `Execute: node ${cliPath} cloud ${renewalArgs}`;
+  const cliPath = join10(openClawHome, ".openclaw/extensions/mnemospark/dist/cli.js");
+  const nodeBin = getRenewalNodeBinary();
+  return `Command: ${nodeBin} ${cliPath} cloud ${renewalArgs}`;
 }
 function parseStoragePaymentCronCommand(command) {
   const objectIdMatch = command.match(/--object-id\s+("([^"\\]|\\.)*"|'([^'\\]|\\.)*'|\S+)/);
@@ -5154,10 +5320,7 @@ async function appendStoragePaymentCronJob(cronJob, adapter, payloadMessage) {
       message: payloadMessage
     },
     sessionTarget: "isolated",
-    delivery: {
-      mode: "announce",
-      text: "Thank you for using mnemospark cloud storage. Your renewal has been processed."
-    }
+    agentId: getRenewalAgentId()
   };
   return adapter.add(openClawJob);
 }
@@ -5172,7 +5335,7 @@ async function createStoragePaymentCronJob(upload, storagePrice, openClawCronAda
     storagePrice
   };
   const renewalArgs = buildStoragePaymentRenewalArgs(renewalFields);
-  const provisionalCronId = randomUUID3();
+  const provisionalCronId = randomUUID4();
   const cronJob = {
     cronId: provisionalCronId,
     createdAt: nowDateFn().toISOString(),
@@ -5196,7 +5359,7 @@ async function createStoragePaymentCronJob(upload, storagePrice, openClawCronAda
 }
 async function readWalletKeyIfPresent(walletPath) {
   try {
-    const key = (await readFile3(walletPath, "utf-8")).trim();
+    const key = (await readFile4(walletPath, "utf-8")).trim();
     return isValidWalletPrivateKey(key) ? key : null;
   } catch (error) {
     if (error.code === "ENOENT") {
@@ -5210,9 +5373,9 @@ async function resolveWalletPrivateKey(homeDir) {
   if (isValidWalletPrivateKey(envKey)) {
     return envKey;
   }
-  const baseHome = homeDir ?? homedir6();
-  const primaryWalletPath = join8(baseHome, MNEMOSPARK_WALLET_KEY_SUBPATH);
-  const fallbackWalletPath = join8(baseHome, BLOCKRUN_WALLET_KEY_SUBPATH);
+  const baseHome = homeDir ?? homedir7();
+  const primaryWalletPath = join10(baseHome, MNEMOSPARK_WALLET_KEY_SUBPATH);
+  const fallbackWalletPath = join10(baseHome, BLOCKRUN_WALLET_KEY_SUBPATH);
   const fromPrimary = await readWalletKeyIfPresent(primaryWalletPath);
   if (fromPrimary) {
     return fromPrimary;
@@ -5276,9 +5439,9 @@ async function encryptPlaintextFileToAesGcmPath(plaintextPath, dek, outPath, ran
 }
 async function loadOrCreateKek(walletAddress, homeDir) {
   const keyPath = resolveWalletKekPath(walletAddress, homeDir);
-  await mkdir5(dirname5(keyPath), { recursive: true });
+  await mkdir6(dirname6(keyPath), { recursive: true });
   try {
-    const existing = await readFile3(keyPath);
+    const existing = await readFile4(keyPath);
     return { kek: parseStoredAes256Key(existing), keyPath };
   } catch (error) {
     if (error.code !== "ENOENT") {
@@ -5286,7 +5449,7 @@ async function loadOrCreateKek(walletAddress, homeDir) {
     }
   }
   const generated = randomBytesNode(32);
-  await writeFile3(keyPath, generated, { mode: 384 });
+  await writeFile4(keyPath, generated, { mode: 384 });
   return { kek: generated, keyPath };
 }
 async function prepareUploadPayload(archivePath, walletAddress, homeDir) {
@@ -5298,7 +5461,7 @@ async function prepareUploadPayload(archivePath, walletAddress, homeDir) {
   const dek = randomBytesNode(32);
   const wrappedDek = encryptAesGcm(dek, kek);
   if (archiveStat.size >= NODE_FS_MAX_READFILE_BYTES) {
-    const encryptedTempPath = join8(tmpdir(), `mnemospark-upload-${randomUUID3()}.enc`);
+    const encryptedTempPath = join10(tmpdir(), `mnemospark-upload-${randomUUID4()}.enc`);
     try {
       await encryptPlaintextFileToAesGcmPath(archivePath, dek, encryptedTempPath);
       const encStat = await stat2(encryptedTempPath);
@@ -5324,7 +5487,7 @@ async function prepareUploadPayload(archivePath, walletAddress, homeDir) {
       throw err;
     }
   }
-  const plaintext = await readFile3(archivePath);
+  const plaintext = await readFile4(archivePath);
   const encryptedContent = encryptAesGcm(plaintext, dek);
   const payloadHash = sha256Buffer(encryptedContent);
   const payload = {
@@ -5569,7 +5732,7 @@ function createInProcessSubagentOrchestrator() {
   };
   return {
     dispatch: async (input) => {
-      const sessionId = `agent:mnemospark:subagent:${randomUUID3()}`;
+      const sessionId = `agent:mnemospark:subagent:${randomUUID4()}`;
       const state = {
         terminal: false,
         cancelRequested: false,
@@ -5671,7 +5834,7 @@ function createCloudCommand(options = {}) {
           createPaymentFetchFn: options.createPaymentFetchFn ?? createPaymentFetch,
           fetchImpl: options.fetchImpl ?? fetch,
           nowDateFn: options.nowDateFn ?? (() => /* @__PURE__ */ new Date()),
-          idempotencyKeyFn: options.idempotencyKeyFn ?? randomUUID3,
+          idempotencyKeyFn: options.idempotencyKeyFn ?? randomUUID4,
           requestStorageLsFn: options.requestStorageLsFn ?? requestStorageLsViaProxy,
           requestStorageDownloadFn: options.requestStorageDownloadFn ?? requestStorageDownloadViaProxy,
           requestStorageDeleteFn: options.requestStorageDeleteFn ?? requestStorageDeleteViaProxy,
@@ -5815,8 +5978,8 @@ async function emitOperationEventBestEffort(eventType, context, homeDir) {
   }
 }
 function buildRequestCorrelation(forcedOperationId, forcedTraceId) {
-  const operationId = forcedOperationId?.trim() || randomUUID3();
-  const traceId = forcedTraceId?.trim() || randomUUID3();
+  const operationId = forcedOperationId?.trim() || randomUUID4();
+  const traceId = forcedTraceId?.trim() || randomUUID4();
   return { operationId, traceId };
 }
 function parseTransIdFromPaymentSettleBody(bodyText) {
@@ -6104,7 +6267,7 @@ ${operation.result_text}` : meta;
         };
       }
       if (!isTerminalOperationStatus(operation.status)) {
-        const traceId = operation.trace_id ?? randomUUID3();
+        const traceId = operation.trace_id ?? randomUUID4();
         const cancelRequestedAt = (/* @__PURE__ */ new Date()).toISOString();
         await datastore.upsertOperation({
           operation_id: operation.operation_id,
@@ -6702,7 +6865,7 @@ operation-id: ${operationId}`,
       await emitCloudEventBestEffort(
         "backup.completed",
         {
-          operation_id: executionContext.forcedOperationId?.trim() || randomUUID3(),
+          operation_id: executionContext.forcedOperationId?.trim() || randomUUID4(),
           object_id: result.objectId,
           status: "succeeded",
           details: {
@@ -6989,7 +7152,7 @@ operation-id: ${operationId}`,
         finalizedUploadResponse,
         cronStoragePrice,
         openClawCronAdapter,
-        mnemosparkHomeDir ?? homedir6(),
+        mnemosparkHomeDir ?? homedir7(),
         nowDateFn
       );
       await datastore.upsertObject({
@@ -7599,12 +7762,12 @@ async function buildWalletExportResponse() {
 }
 
 // src/cli.ts
-import { spawn as spawn2 } from "child_process";
-import { dirname as dirname6, join as join9 } from "path";
+import { spawn as spawn3 } from "child_process";
+import { dirname as dirname7, join as join11 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
-import { mkdir as mkdir6, readFile as readFile4, writeFile as writeFile4 } from "fs/promises";
+import { mkdir as mkdir7, readFile as readFile5, writeFile as writeFile5 } from "fs/promises";
 import { existsSync as existsSync2 } from "fs";
-import { homedir as homedir7 } from "os";
+import { homedir as homedir8 } from "os";
 function isHexPrivateKey(value) {
   return typeof value === "string" && /^0x[0-9a-fA-F]{64}$/.test(value.trim());
 }
@@ -7712,25 +7875,25 @@ function parseArgs(args) {
   return result;
 }
 var __filename2 = fileURLToPath2(import.meta.url);
-var __dirname2 = dirname6(__filename2);
-var PACKAGE_ROOT = dirname6(__dirname2);
+var __dirname2 = dirname7(__filename2);
+var PACKAGE_ROOT = dirname7(__dirname2);
 async function ensureDir(path) {
-  await mkdir6(path, { recursive: true });
+  await mkdir7(path, { recursive: true });
 }
 async function deployExtensionFiles() {
-  const scriptsSource = join9(PACKAGE_ROOT, "scripts");
+  const scriptsSource = join11(PACKAGE_ROOT, "scripts");
   if (!existsSync2(scriptsSource)) return;
-  const mnemoScriptsDir = join9(homedir7(), ".openclaw", "mnemospark", "scripts");
+  const mnemoScriptsDir = join11(homedir8(), ".openclaw", "mnemospark", "scripts");
   await ensureDir(mnemoScriptsDir);
-  const uninstallSrc = join9(scriptsSource, "uninstall.sh");
+  const uninstallSrc = join11(scriptsSource, "uninstall.sh");
   if (existsSync2(uninstallSrc)) {
-    const content = await readFile4(uninstallSrc);
-    await writeFile4(join9(mnemoScriptsDir, "uninstall.sh"), content, { mode: 493 });
+    const content = await readFile5(uninstallSrc);
+    await writeFile5(join11(mnemoScriptsDir, "uninstall.sh"), content, { mode: 493 });
   }
 }
 function isOpenClawAvailable() {
   return new Promise((resolve3) => {
-    const child = spawn2("openclaw", ["--version"], {
+    const child = spawn3("openclaw", ["--version"], {
       stdio: "ignore",
       shell: true
     });
@@ -7739,13 +7902,13 @@ function isOpenClawAvailable() {
   });
 }
 function getOpenClawConfigPath() {
-  const stateDir = process.env.OPENCLAW_STATE_DIR ?? join9(homedir7(), ".openclaw");
-  return join9(stateDir, "openclaw.json");
+  const stateDir = process.env.OPENCLAW_STATE_DIR ?? join11(homedir8(), ".openclaw");
+  return join11(stateDir, "openclaw.json");
 }
 async function ensureMnemosparkInPluginsAllow() {
   const configPath = getOpenClawConfigPath();
   try {
-    const raw = await readFile4(configPath, "utf-8");
+    const raw = await readFile5(configPath, "utf-8");
     const config = JSON.parse(raw);
     if (!config.plugins || typeof config.plugins !== "object") {
       config.plugins = {};
@@ -7757,7 +7920,7 @@ async function ensureMnemosparkInPluginsAllow() {
     const allow = plugins.allow;
     if (!allow.includes("mnemospark")) {
       allow.push("mnemospark");
-      await writeFile4(configPath, JSON.stringify(config, null, 2), "utf-8");
+      await writeFile5(configPath, JSON.stringify(config, null, 2), "utf-8");
       console.log("[mnemospark] Added mnemospark to plugins.allow in openclaw.json.");
     }
   } catch (err) {
@@ -7770,7 +7933,7 @@ async function promptOrRunOpenClawPluginInstall() {
   const available = await isOpenClawAvailable();
   if (available) {
     console.log("\n[mnemospark] Registering plugin with OpenClaw...");
-    const child = spawn2("openclaw", ["plugins", "install", "mnemospark"], {
+    const child = spawn3("openclaw", ["plugins", "install", "mnemospark"], {
       stdio: "inherit",
       shell: true
     });
@@ -7779,6 +7942,14 @@ async function promptOrRunOpenClawPluginInstall() {
     });
     if (exitCode === 0) {
       await ensureMnemosparkInPluginsAllow();
+      try {
+        await ensureOpenClawRenewalPrerequisites();
+      } catch (err) {
+        console.warn(
+          "[mnemospark] Renewal prerequisites:",
+          err instanceof Error ? err.message : String(err)
+        );
+      }
     } else {
       console.log(
         "\n[mnemospark] OpenClaw plugin install did not succeed. Run manually: openclaw plugins install mnemospark"
@@ -7792,7 +7963,7 @@ async function promptOrRunOpenClawPluginInstall() {
 }
 async function readLegacyWalletIfPresent() {
   try {
-    const key = (await readFile4(LEGACY_WALLET_FILE, "utf-8")).trim();
+    const key = (await readFile5(LEGACY_WALLET_FILE, "utf-8")).trim();
     return isHexPrivateKey(key) ? key : null;
   } catch (error) {
     if (error.code === "ENOENT") {
@@ -7802,9 +7973,9 @@ async function readLegacyWalletIfPresent() {
   }
 }
 async function writeMnemosparkWallet(key) {
-  const dir = dirname6(WALLET_FILE);
+  const dir = dirname7(WALLET_FILE);
   await ensureDir(dir);
-  await writeFile4(WALLET_FILE, `${key}
+  await writeFile5(WALLET_FILE, `${key}
 `, { mode: 384 });
 }
 async function promptReuseLegacyWallet() {
@@ -7878,6 +8049,14 @@ async function runUpdate() {
     try {
       execSync(`npm install mnemospark@${latest}`, { stdio: "inherit" });
       console.log(`[mnemospark] Updated to ${latest}.`);
+      try {
+        await ensureOpenClawRenewalPrerequisites();
+      } catch (err) {
+        console.warn(
+          "[mnemospark] Renewal prerequisites:",
+          err instanceof Error ? err.message : String(err)
+        );
+      }
     } catch {
       console.log(
         "[mnemospark] npm install failed. You can update manually: npm install mnemospark@latest"