npm - mnemospark - Versions diffs - 1.2.2 → 1.4.0 - Mend

mnemospark 1.2.2 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md +32 -20
package/dist/cli.js +286 -107
package/dist/cli.js.map +1 -1
package/dist/index.d.ts +20 -6
package/dist/index.js +259 -86
package/dist/index.js.map +1 -1
package/openclaw.plugin.json +1 -1
package/package.json +2 -2
package/skills/mnemospark/references/commands.md +1 -0

package/dist/index.d.ts CHANGED Viewed

@@ -715,17 +715,14 @@ type OpenClawCronPayload = {
     kind: "agentTurn";
     message: string;
 };
-type OpenClawCronDelivery = {
-    mode: "announce";
-    text: string;
-};
 type OpenClawCronJobEntry = {
     jobId: string;
     name: string;
     schedule: OpenClawCronSchedule;
     payload: OpenClawCronPayload;
     sessionTarget: "isolated";
-    delivery: OpenClawCronDelivery;
+    /** OpenClaw 2026.4.x: bind isolated renewal work to the dedicated agent. */
+    agentId: string;
 };
 type OpenClawCronJobForLookup = {
     jobId: string;
@@ -740,6 +737,23 @@ type OpenClawCronAdapter = {
 };
 declare function createCloudCommand(options?: CreateCloudCommandOptions): OpenClawPluginCommandDefinition;
+declare function getRenewalAgentId(): string;
+/** Absolute path to node for renewal exec (override with MNEMOSPARK_CRON_NODE_BIN). */
+declare function getRenewalNodeBinary(): string;
+type EnsureOpenClawRenewalPrerequisitesOptions = {
+    homeDir?: string;
+    /** Skip all OpenClaw mutations (tests). */
+    disabled?: boolean;
+};
+/**
+ * Apply the Mnemospark Renewal Agent Runbook (install/update / plugin load):
+ * - `agents.list` entry via `openclaw config set` + `openclaw config validate`
+ * - `~/.openclaw/exec-approvals.json` merge for the node binary
+ *
+ * Gateway restart is not performed here; OpenClaw restarts the gateway when a plugin is installed or updated.
+ */
+declare function ensureOpenClawRenewalPrerequisites(options?: EnsureOpenClawRenewalPrerequisitesOptions): Promise<void>;
 type RunMnemosparkSlashHandlerOptions = {
     cloudCommandHandler?: PluginCommandHandler;
 };
@@ -757,4 +771,4 @@ declare function runMnemosparkSlashHandler(ctx: PluginCommandContext, options?:
 declare const plugin: OpenClawPluginDefinition;
-export { BALANCE_THRESHOLDS, type BalanceInfo, BalanceMonitor, type CachedPaymentParams, DEFAULT_RETRY_CONFIG, EmptyWalletError, InsufficientFundsError, type InsufficientFundsInfo, type LowBalanceInfo, PaymentCache, type PaymentFetchResult, type PreAuthParams, type ProxyHandle, type ProxyOptions, type RetryConfig, RpcError, type SufficiencyResult, createCloudCommand, createPaymentFetch, plugin as default, fetchWithRetry, getProxyPort, isBalanceError, isEmptyWalletError, isInsufficientFundsError, isRetryable, isRpcError, runMnemosparkSlashHandler, startProxy };
+export { BALANCE_THRESHOLDS, type BalanceInfo, BalanceMonitor, type CachedPaymentParams, DEFAULT_RETRY_CONFIG, EmptyWalletError, type EnsureOpenClawRenewalPrerequisitesOptions, InsufficientFundsError, type InsufficientFundsInfo, type LowBalanceInfo, PaymentCache, type PaymentFetchResult, type PreAuthParams, type ProxyHandle, type ProxyOptions, type RetryConfig, RpcError, type SufficiencyResult, createCloudCommand, createPaymentFetch, plugin as default, ensureOpenClawRenewalPrerequisites, fetchWithRetry, getProxyPort, getRenewalAgentId, getRenewalNodeBinary, isBalanceError, isEmptyWalletError, isInsufficientFundsError, isRetryable, isRpcError, runMnemosparkSlashHandler, startProxy };

package/dist/index.js CHANGED Viewed

@@ -3049,17 +3049,17 @@ var CLOUD_ONBOARDING_BLOCK_LINES = [
 ];
 // src/cloud-command.ts
-import { spawn } from "child_process";
+import { spawn as spawn2 } from "child_process";
 import {
   createCipheriv,
   createHash as createHash2,
   randomBytes as randomBytesNode,
-  randomUUID as randomUUID3
+  randomUUID as randomUUID4
 } from "crypto";
 import { createReadStream as createReadStream2, createWriteStream as createWriteStream2, statfsSync } from "fs";
-import { lstat, mkdir as mkdir5, readFile as readFile3, readdir as readdir2, rm, stat as stat2, writeFile as writeFile3 } from "fs/promises";
-import { homedir as homedir6, tmpdir } from "os";
-import { basename as basename2, dirname as dirname5, join as join8, resolve as resolve2 } from "path";
+import { lstat, mkdir as mkdir6, readFile as readFile4, readdir as readdir2, rm, stat as stat2, writeFile as writeFile4 } from "fs/promises";
+import { homedir as homedir7, tmpdir } from "os";
+import { basename as basename2, dirname as dirname6, join as join10, resolve as resolve2 } from "path";
 import { Readable } from "stream";
 import { finished } from "stream/promises";
 import { privateKeyToAccount as privateKeyToAccount5 } from "viem/accounts";
@@ -4264,12 +4264,219 @@ var opStatusSchema = {
   ]
 };
+// src/openclaw-cli.ts
+import { spawn } from "child_process";
+import { join as join8 } from "path";
+async function runOpenClawCli(args, homeDir) {
+  return await new Promise((resolvePromise, rejectPromise) => {
+    let stdout = "";
+    let stderr = "";
+    const child = spawn("openclaw", args, {
+      stdio: ["ignore", "pipe", "pipe"],
+      env: {
+        ...process.env,
+        HOME: homeDir ?? process.env.HOME
+      }
+    });
+    child.stdout.on("data", (chunk) => {
+      stdout += chunk.toString();
+    });
+    child.stderr.on("data", (chunk) => {
+      stderr += chunk.toString();
+    });
+    child.on("error", rejectPromise);
+    child.on("close", (code) => {
+      if (code === 0) {
+        resolvePromise({ stdout, stderr });
+        return;
+      }
+      rejectPromise(
+        new Error(
+          stderr.trim() || stdout.trim() || `openclaw ${args.join(" ")} exited with code ${code ?? "unknown"}`
+        )
+      );
+    });
+  });
+}
+function parseOpenClawCliJson(stdout, commandLabel) {
+  const trimmed = stdout.trim();
+  if (!trimmed) {
+    throw new Error(`openclaw ${commandLabel} returned empty JSON output`);
+  }
+  try {
+    return JSON.parse(trimmed);
+  } catch {
+    throw new Error(`openclaw ${commandLabel} returned invalid JSON output`);
+  }
+}
+async function resolveOpenClawConfigFilePath(homeDir) {
+  const { stdout } = await runOpenClawCli(["config", "file"], homeDir);
+  const trimmed = stdout.trim();
+  if (trimmed.startsWith("~/")) {
+    return join8(homeDir, trimmed.slice(2));
+  }
+  if (trimmed.startsWith("~\\")) {
+    return join8(homeDir, trimmed.slice(2));
+  }
+  return trimmed;
+}
+// src/openclaw-renewal-runbook.ts
+import { mkdir as mkdir5, readFile as readFile3, rename as rename2, writeFile as writeFile3 } from "fs/promises";
+import { homedir as homedir6 } from "os";
+import { dirname as dirname5, join as join9 } from "path";
+import { randomUUID as randomUUID3 } from "crypto";
+var DEFAULT_RENEWAL_AGENT_ID = "mnemospark-renewal";
+var RENEWAL_NODE_ALLOWLIST_ID = "node-usr-bin-node";
+function getRenewalAgentId() {
+  const fromEnv = process.env.MNEMOSPARK_CRON_AGENT_ID?.trim();
+  return fromEnv && fromEnv.length > 0 ? fromEnv : DEFAULT_RENEWAL_AGENT_ID;
+}
+function getRenewalNodeBinary() {
+  const fromEnv = process.env.MNEMOSPARK_CRON_NODE_BIN?.trim();
+  return fromEnv && fromEnv.length > 0 ? fromEnv : "/usr/bin/node";
+}
+function runbookRenewalAgentEntry(agentId = getRenewalAgentId()) {
+  return {
+    id: agentId,
+    tools: {
+      deny: ["subagents"],
+      exec: { ask: "off" }
+    }
+  };
+}
+function isRecord(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+function renewalAgentEntrySatisfied(existing, desired) {
+  if (!isRecord(existing)) {
+    return false;
+  }
+  if (existing.id !== desired.id) {
+    return false;
+  }
+  const tools = existing.tools;
+  if (!isRecord(tools)) {
+    return false;
+  }
+  const deny = tools.deny;
+  if (!Array.isArray(deny) || !deny.includes("subagents")) {
+    return false;
+  }
+  const exec = tools.exec;
+  if (!isRecord(exec) || exec.ask !== "off") {
+    return false;
+  }
+  return true;
+}
+function mergeRenewalAgentIntoAgentsList(list, desired) {
+  const arr = Array.isArray(list) ? [...list] : [];
+  const idx = arr.findIndex((e) => isRecord(e) && typeof e.id === "string" && e.id === desired.id);
+  if (idx === -1) {
+    return { list: [...arr, desired], changed: true };
+  }
+  if (renewalAgentEntrySatisfied(arr[idx], desired)) {
+    return { list: arr, changed: false };
+  }
+  const next = [...arr];
+  next[idx] = desired;
+  return { list: next, changed: true };
+}
+function mergeExecApprovalsAllowlist(doc, agentId, nodeBinary) {
+  const prevAgents = doc.agents && isRecord(doc.agents) ? doc.agents : {};
+  const block = prevAgents[agentId];
+  const allowlist = Array.isArray(block?.allowlist) ? [...block.allowlist] : [];
+  const hasPattern = allowlist.some((e) => e?.pattern === nodeBinary);
+  if (hasPattern) {
+    return { doc, changed: false };
+  }
+  allowlist.push({
+    id: RENEWAL_NODE_ALLOWLIST_ID,
+    pattern: nodeBinary,
+    source: "manual",
+    lastUsedAt: Date.now()
+  });
+  const nextAgents = {
+    ...prevAgents,
+    [agentId]: {
+      ...block && isRecord(block) ? block : {},
+      allowlist
+    }
+  };
+  return { doc: { ...doc, agents: nextAgents }, changed: true };
+}
+async function readJsonFile(path) {
+  const raw = await readFile3(path, "utf-8");
+  return JSON.parse(raw);
+}
+async function writeFileAtomic(path, contents) {
+  await mkdir5(dirname5(path), { recursive: true });
+  const tmp = join9(dirname5(path), `.tmp-${randomUUID3()}`);
+  await writeFile3(tmp, contents, "utf-8");
+  await rename2(tmp, path);
+}
+async function ensureOpenClawRenewalPrerequisites(options = {}) {
+  if (options.disabled ?? process.env.MNEMOSPARK_DISABLE_OPENCLAW_PREREQ === "1") {
+    return;
+  }
+  const homeDir = options.homeDir ?? homedir6();
+  const agentId = getRenewalAgentId();
+  const desired = runbookRenewalAgentEntry(agentId);
+  const nodeBinary = getRenewalNodeBinary();
+  const configPath = await resolveOpenClawConfigFilePath(homeDir);
+  let configRaw = "{}";
+  try {
+    configRaw = await readFile3(configPath, "utf-8");
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      throw err;
+    }
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(configRaw);
+  } catch {
+    throw new Error(
+      `openclaw.json at ${configPath} is not valid JSON; fix or remove it before applying renewal prerequisites.`
+    );
+  }
+  const agents = isRecord(parsed.agents) ? parsed.agents : {};
+  const { list: mergedList, changed: agentChanged } = mergeRenewalAgentIntoAgentsList(
+    agents.list,
+    desired
+  );
+  if (agentChanged) {
+    const listJson = JSON.stringify(mergedList);
+    await runOpenClawCli(["config", "set", "agents.list", listJson, "--strict-json"], homeDir);
+    await runOpenClawCli(["config", "validate"], homeDir);
+  }
+  const execPath = join9(homeDir, ".openclaw", "exec-approvals.json");
+  let execDoc = {};
+  try {
+    const raw = await readJsonFile(execPath);
+    execDoc = isRecord(raw) ? raw : {};
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      throw err;
+    }
+  }
+  const { doc: mergedExec, changed: execChanged } = mergeExecApprovalsAllowlist(
+    execDoc,
+    agentId,
+    nodeBinary
+  );
+  if (execChanged) {
+    await writeFileAtomic(execPath, `${JSON.stringify(mergedExec, null, 2)}
+`);
+  }
+}
 // src/cloud-command.ts
 var SUPPORTED_BACKUP_PLATFORMS = /* @__PURE__ */ new Set(["darwin", "linux"]);
-var BACKUP_DIR_SUBPATH = join8(".openclaw", "mnemospark", "backup");
-var DEFAULT_BACKUP_DIR = join8(homedir6(), BACKUP_DIR_SUBPATH);
-var BLOCKRUN_WALLET_KEY_SUBPATH = join8(".openclaw", "blockrun", "wallet.key");
-var MNEMOSPARK_WALLET_KEY_SUBPATH = join8(".openclaw", "mnemospark", "wallet", "wallet.key");
+var BACKUP_DIR_SUBPATH = join10(".openclaw", "mnemospark", "backup");
+var DEFAULT_BACKUP_DIR = join10(homedir7(), BACKUP_DIR_SUBPATH);
+var BLOCKRUN_WALLET_KEY_SUBPATH = join10(".openclaw", "blockrun", "wallet.key");
+var MNEMOSPARK_WALLET_KEY_SUBPATH = join10(".openclaw", "mnemospark", "wallet", "wallet.key");
 var INLINE_UPLOAD_MAX_BYTES = 45e5;
 var NODE_FS_MAX_READFILE_BYTES = 2147483648;
 var PAYMENT_CRON_SCHEDULE = "0 0 1 * *";
@@ -4287,10 +4494,10 @@ var ORCHESTRATOR_MODES = /* @__PURE__ */ new Set(["inline", "subagent"]);
 function expandTilde(path) {
   const trimmed = path.trim();
   if (trimmed === "~") {
-    return homedir6();
+    return homedir7();
   }
   if (trimmed.startsWith("~/") || trimmed.startsWith("~\\")) {
-    return join8(homedir6(), trimmed.slice(2));
+    return join10(homedir7(), trimmed.slice(2));
   }
   return path;
 }
@@ -4858,7 +5065,7 @@ async function calculateInputSizeBytes(targetPath) {
   let total = 0;
   const entries = await readdir2(targetPath, { withFileTypes: true });
   for (const entry of entries) {
-    total += await calculateInputSizeBytes(join8(targetPath, entry.name));
+    total += await calculateInputSizeBytes(join10(targetPath, entry.name));
   }
   return total;
 }
@@ -4870,11 +5077,11 @@ function getAvailableDiskBytes(tmpDir, options) {
   return stats.bavail * stats.bsize;
 }
 async function runTarGzip(archivePath, sourcePath) {
-  const sourceDir = dirname5(sourcePath);
+  const sourceDir = dirname6(sourcePath);
   const sourceName = basename2(sourcePath);
   await new Promise((resolvePromise, rejectPromise) => {
     let stderr = "";
-    const child = spawn("tar", ["-czf", archivePath, "-C", sourceDir, sourceName], {
+    const child = spawn2("tar", ["-czf", archivePath, "-C", sourceDir, sourceName], {
       stdio: ["ignore", "ignore", "pipe"]
     });
     child.stderr.on("data", (chunk) => {
@@ -4904,7 +5111,7 @@ async function resolveLocalUploadArchivePath(backupDir, objectId, friendlyName)
   if (friendlyName?.trim()) {
     try {
       const sanitized = sanitizeFriendlyNameForLocalBasename(friendlyName);
-      const candidate = join8(backupDir, sanitized);
+      const candidate = join10(backupDir, sanitized);
       try {
         const st = await stat2(candidate);
         if (st.isFile()) {
@@ -4915,7 +5122,7 @@ async function resolveLocalUploadArchivePath(backupDir, objectId, friendlyName)
     } catch {
     }
   }
-  const legacyPath = join8(backupDir, objectId);
+  const legacyPath = join10(backupDir, objectId);
   try {
     const legacyStats = await stat2(legacyPath);
     if (!legacyStats.isFile()) {
@@ -4953,7 +5160,7 @@ async function buildBackupObject(targetPathArg, options = {}) {
     tmpStats = await stat2(tmpDir);
   } catch (error) {
     if (error.code === "ENOENT") {
-      await mkdir5(tmpDir, { recursive: true });
+      await mkdir6(tmpDir, { recursive: true });
       tmpStats = await stat2(tmpDir);
     } else {
       throw error;
@@ -4970,7 +5177,7 @@ async function buildBackupObject(targetPathArg, options = {}) {
   }
   const objectId = createObjectId(options);
   const archiveBaseSegment = options.archiveBasename?.trim() || objectId;
-  const archivePath = join8(tmpDir, archiveBaseSegment);
+  const archivePath = join10(tmpDir, archiveBaseSegment);
   if (options.archiveBasename?.trim()) {
     try {
       const existing = await stat2(archivePath);
@@ -5026,48 +5233,6 @@ function normalizeOpenClawCronJobForLookup(value) {
     message: payloadMessage
   };
 }
-async function runOpenClawCli(args, homeDir) {
-  return await new Promise((resolvePromise, rejectPromise) => {
-    let stdout = "";
-    let stderr = "";
-    const child = spawn("openclaw", args, {
-      stdio: ["ignore", "pipe", "pipe"],
-      env: {
-        ...process.env,
-        HOME: homeDir ?? process.env.HOME
-      }
-    });
-    child.stdout.on("data", (chunk) => {
-      stdout += chunk.toString();
-    });
-    child.stderr.on("data", (chunk) => {
-      stderr += chunk.toString();
-    });
-    child.on("error", rejectPromise);
-    child.on("close", (code) => {
-      if (code === 0) {
-        resolvePromise({ stdout, stderr });
-        return;
-      }
-      rejectPromise(
-        new Error(
-          stderr.trim() || stdout.trim() || `openclaw ${args.join(" ")} exited with code ${code ?? "unknown"}`
-        )
-      );
-    });
-  });
-}
-function parseOpenClawCliJson(stdout, commandLabel) {
-  const trimmed = stdout.trim();
-  if (!trimmed) {
-    throw new Error(`openclaw ${commandLabel} returned empty JSON output`);
-  }
-  try {
-    return JSON.parse(trimmed);
-  } catch {
-    throw new Error(`openclaw ${commandLabel} returned invalid JSON output`);
-  }
-}
 function createOpenClawCliCronAdapter(homeDir) {
   return {
     add: async (job) => {
@@ -5083,11 +5248,11 @@ function createOpenClawCliCronAdapter(homeDir) {
           job.schedule.tz,
           "--session",
           job.sessionTarget,
+          "--agent",
+          job.agentId,
           "--message",
           job.payload.message,
-          "--announce",
-          "--description",
-          job.delivery.text,
+          "--no-deliver",
           "--json"
         ],
         homeDir
@@ -5152,8 +5317,9 @@ function buildStoragePaymentCronCommand(job) {
   return `/mnemospark cloud ${buildStoragePaymentRenewalArgs(job)}`;
 }
 function buildOpenClawRenewalAgentMessage(openClawHome, renewalArgs) {
-  const cliPath = join8(openClawHome, ".openclaw/extensions/mnemospark/dist/cli.js");
-  return `Execute: node ${cliPath} cloud ${renewalArgs}`;
+  const cliPath = join10(openClawHome, ".openclaw/extensions/mnemospark/dist/cli.js");
+  const nodeBin = getRenewalNodeBinary();
+  return `Command: ${nodeBin} ${cliPath} cloud ${renewalArgs}`;
 }
 function parseStoragePaymentCronCommand(command) {
   const objectIdMatch = command.match(/--object-id\s+("([^"\\]|\\.)*"|'([^'\\]|\\.)*'|\S+)/);
@@ -5199,10 +5365,7 @@ async function appendStoragePaymentCronJob(cronJob, adapter, payloadMessage) {
       message: payloadMessage
     },
     sessionTarget: "isolated",
-    delivery: {
-      mode: "announce",
-      text: "Thank you for using mnemospark cloud storage. Your renewal has been processed."
-    }
+    agentId: getRenewalAgentId()
   };
   return adapter.add(openClawJob);
 }
@@ -5217,7 +5380,7 @@ async function createStoragePaymentCronJob(upload, storagePrice, openClawCronAda
     storagePrice
   };
   const renewalArgs = buildStoragePaymentRenewalArgs(renewalFields);
-  const provisionalCronId = randomUUID3();
+  const provisionalCronId = randomUUID4();
   const cronJob = {
     cronId: provisionalCronId,
     createdAt: nowDateFn().toISOString(),
@@ -5241,7 +5404,7 @@ async function createStoragePaymentCronJob(upload, storagePrice, openClawCronAda
 }
 async function readWalletKeyIfPresent(walletPath) {
   try {
-    const key = (await readFile3(walletPath, "utf-8")).trim();
+    const key = (await readFile4(walletPath, "utf-8")).trim();
     return isValidWalletPrivateKey(key) ? key : null;
   } catch (error) {
     if (error.code === "ENOENT") {
@@ -5255,9 +5418,9 @@ async function resolveWalletPrivateKey(homeDir) {
   if (isValidWalletPrivateKey(envKey)) {
     return envKey;
   }
-  const baseHome = homeDir ?? homedir6();
-  const primaryWalletPath = join8(baseHome, MNEMOSPARK_WALLET_KEY_SUBPATH);
-  const fallbackWalletPath = join8(baseHome, BLOCKRUN_WALLET_KEY_SUBPATH);
+  const baseHome = homeDir ?? homedir7();
+  const primaryWalletPath = join10(baseHome, MNEMOSPARK_WALLET_KEY_SUBPATH);
+  const fallbackWalletPath = join10(baseHome, BLOCKRUN_WALLET_KEY_SUBPATH);
   const fromPrimary = await readWalletKeyIfPresent(primaryWalletPath);
   if (fromPrimary) {
     return fromPrimary;
@@ -5321,9 +5484,9 @@ async function encryptPlaintextFileToAesGcmPath(plaintextPath, dek, outPath, ran
 }
 async function loadOrCreateKek(walletAddress, homeDir) {
   const keyPath = resolveWalletKekPath(walletAddress, homeDir);
-  await mkdir5(dirname5(keyPath), { recursive: true });
+  await mkdir6(dirname6(keyPath), { recursive: true });
   try {
-    const existing = await readFile3(keyPath);
+    const existing = await readFile4(keyPath);
     return { kek: parseStoredAes256Key(existing), keyPath };
   } catch (error) {
     if (error.code !== "ENOENT") {
@@ -5331,7 +5494,7 @@ async function loadOrCreateKek(walletAddress, homeDir) {
     }
   }
   const generated = randomBytesNode(32);
-  await writeFile3(keyPath, generated, { mode: 384 });
+  await writeFile4(keyPath, generated, { mode: 384 });
   return { kek: generated, keyPath };
 }
 async function prepareUploadPayload(archivePath, walletAddress, homeDir) {
@@ -5343,7 +5506,7 @@ async function prepareUploadPayload(archivePath, walletAddress, homeDir) {
   const dek = randomBytesNode(32);
   const wrappedDek = encryptAesGcm(dek, kek);
   if (archiveStat.size >= NODE_FS_MAX_READFILE_BYTES) {
-    const encryptedTempPath = join8(tmpdir(), `mnemospark-upload-${randomUUID3()}.enc`);
+    const encryptedTempPath = join10(tmpdir(), `mnemospark-upload-${randomUUID4()}.enc`);
     try {
       await encryptPlaintextFileToAesGcmPath(archivePath, dek, encryptedTempPath);
       const encStat = await stat2(encryptedTempPath);
@@ -5369,7 +5532,7 @@ async function prepareUploadPayload(archivePath, walletAddress, homeDir) {
       throw err;
     }
   }
-  const plaintext = await readFile3(archivePath);
+  const plaintext = await readFile4(archivePath);
   const encryptedContent = encryptAesGcm(plaintext, dek);
   const payloadHash = sha256Buffer(encryptedContent);
   const payload = {
@@ -5614,7 +5777,7 @@ function createInProcessSubagentOrchestrator() {
   };
   return {
     dispatch: async (input) => {
-      const sessionId = `agent:mnemospark:subagent:${randomUUID3()}`;
+      const sessionId = `agent:mnemospark:subagent:${randomUUID4()}`;
       const state = {
         terminal: false,
         cancelRequested: false,
@@ -5716,7 +5879,7 @@ function createCloudCommand(options = {}) {
           createPaymentFetchFn: options.createPaymentFetchFn ?? createPaymentFetch,
           fetchImpl: options.fetchImpl ?? fetch,
           nowDateFn: options.nowDateFn ?? (() => /* @__PURE__ */ new Date()),
-          idempotencyKeyFn: options.idempotencyKeyFn ?? randomUUID3,
+          idempotencyKeyFn: options.idempotencyKeyFn ?? randomUUID4,
           requestStorageLsFn: options.requestStorageLsFn ?? requestStorageLsViaProxy,
           requestStorageDownloadFn: options.requestStorageDownloadFn ?? requestStorageDownloadViaProxy,
           requestStorageDeleteFn: options.requestStorageDeleteFn ?? requestStorageDeleteViaProxy,
@@ -5860,8 +6023,8 @@ async function emitOperationEventBestEffort(eventType, context, homeDir) {
   }
 }
 function buildRequestCorrelation(forcedOperationId, forcedTraceId) {
-  const operationId = forcedOperationId?.trim() || randomUUID3();
-  const traceId = forcedTraceId?.trim() || randomUUID3();
+  const operationId = forcedOperationId?.trim() || randomUUID4();
+  const traceId = forcedTraceId?.trim() || randomUUID4();
   return { operationId, traceId };
 }
 function parseTransIdFromPaymentSettleBody(bodyText) {
@@ -6149,7 +6312,7 @@ ${operation.result_text}` : meta;
         };
       }
       if (!isTerminalOperationStatus(operation.status)) {
-        const traceId = operation.trace_id ?? randomUUID3();
+        const traceId = operation.trace_id ?? randomUUID4();
         const cancelRequestedAt = (/* @__PURE__ */ new Date()).toISOString();
         await datastore.upsertOperation({
           operation_id: operation.operation_id,
@@ -6747,7 +6910,7 @@ operation-id: ${operationId}`,
       await emitCloudEventBestEffort(
         "backup.completed",
         {
-          operation_id: executionContext.forcedOperationId?.trim() || randomUUID3(),
+          operation_id: executionContext.forcedOperationId?.trim() || randomUUID4(),
           object_id: result.objectId,
           status: "succeeded",
           details: {
@@ -7034,7 +7197,7 @@ operation-id: ${operationId}`,
         finalizedUploadResponse,
         cronStoragePrice,
         openClawCronAdapter,
-        mnemosparkHomeDir ?? homedir6(),
+        mnemosparkHomeDir ?? homedir7(),
         nowDateFn
       );
       await datastore.upsertObject({
@@ -7764,6 +7927,13 @@ var plugin = {
     if (isCompletionMode()) {
       return;
     }
+    try {
+      await ensureOpenClawRenewalPrerequisites();
+    } catch (err) {
+      api.logger.warn(
+        `mnemospark renewal prerequisites: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
     try {
       api.registerCommand({
         name: "mnemospark",
@@ -7828,8 +7998,11 @@ export {
   createCloudCommand,
   createPaymentFetch,
   index_default as default,
+  ensureOpenClawRenewalPrerequisites,
   fetchWithRetry,
   getProxyPort,
+  getRenewalAgentId,
+  getRenewalNodeBinary,
   isBalanceError,
   isEmptyWalletError,
   isInsufficientFundsError,