nox-openclaw-hunter 1.0.0 → 1.0.1

package/dist/commands/export.js

@@ -47,61 +47,353 @@ send_webhook() {
 # Generated by nox-openclaw-detector
 # https://nox.security
 
-set -euo pipefail
+set -eo pipefail
+
+# Set defaults for environment variables that may be unset when running as root
+HOME="\${HOME:-/root}"
+USER="\${USER:-root}"
 
 OPENCLAW_FOUND=0
 DETAILS=""
 ${webhookSection}
+
+# Logging function
+log() {
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
+}
+
+# Get all user home directories
+get_all_user_homes() {
+    local homes=()
+    
+    # macOS users
+    if [[ -d "/Users" ]]; then
+        for user_dir in /Users/*; do
+            if [[ -d "$user_dir" && "$user_dir" != "/Users/Shared" && "$user_dir" != "/Users/Guest" ]]; then
+                homes+=("$user_dir")
+            fi
+        done
+    fi
+    
+    # Linux users
+    if [[ -d "/home" ]]; then
+        for user_dir in /home/*; do
+            if [[ -d "$user_dir" ]]; then
+                homes+=("$user_dir")
+            fi
+        done
+    fi
+    
+    # Root home
+    if [[ -d "/root" ]]; then
+        homes+=("/root")
+    fi
+    if [[ -d "/var/root" ]]; then
+        homes+=("/var/root")
+    fi
+    
+    echo "\${homes[@]}"
+}
+
+log "=========================================="
+log "Nox OpenClaw Hunter - Detection Scan"
+log "=========================================="
+log "Hostname: $(hostname)"
+log "Platform: $(uname -s) $(uname -m)"
+log "User: $USER"
+log "Date: $(date)"
+log "=========================================="
+log ""
+
 # Check if nox CLI is installed
+log "Checking for nox CLI..."
 if command -v nox &>/dev/null; then
+    log "  [INFO] nox CLI found, using for detection"
     if nox scan --quiet --json > /tmp/nox_scan_result.json 2>/dev/null; then
         SUMMARY=$(cat /tmp/nox_scan_result.json | grep -o '"summary":"[^"]*"' | cut -d'"' -f4 || echo "")
         if [[ "$SUMMARY" != "not-installed" ]]; then
             OPENCLAW_FOUND=1
             DETAILS="Detected via nox CLI: $SUMMARY"
+            log "  [DETECTED] $DETAILS"
+        else
+            log "  [CLEAN] No OpenClaw detected via nox CLI"
         fi
         rm -f /tmp/nox_scan_result.json
     fi
     ${webhookUrl ? 'send_webhook "$([[ $OPENCLAW_FOUND -eq 1 ]] && echo "detected" || echo "clean")" "$DETAILS"' : ''}
+    
+    log ""
+    log "=========================================="
+    if [[ $OPENCLAW_FOUND -eq 1 ]]; then
+        log "RESULT: OpenClaw DETECTED"
+    else
+        log "RESULT: System CLEAN"
+    fi
+    log "=========================================="
     exit $OPENCLAW_FOUND
 fi
 
+log "  [INFO] nox CLI not found, using fallback detection"
+log ""
+
 # Fallback: direct detection
+# Scanning for: openclaw, clawbot, clawdbot, moltbot
 
-# Check CLI binary
-for cli_path in /usr/local/bin/openclaw /opt/homebrew/bin/openclaw /usr/bin/openclaw; do
-    if [[ -f "$cli_path" ]]; then
-        OPENCLAW_FOUND=1
-        DETAILS="CLI found at $cli_path"
-        break
-    fi
+# Check CLI binaries (system-wide and per-user)
+log "Checking for CLI binaries (all locations)..."
+CLI_FOUND=0
+
+# System-wide locations
+for cli_name in openclaw clawbot clawdbot moltbot; do
+    for bin_dir in /usr/local/bin /opt/homebrew/bin /usr/bin; do
+        cli_path="$bin_dir/$cli_name"
+        if [[ -f "$cli_path" ]]; then
+            OPENCLAW_FOUND=1
+            CLI_FOUND=1
+            DETAILS="$DETAILS; CLI found at $cli_path"
+            log "  [DETECTED] CLI binary found at $cli_path"
+        fi
+    done
 done
 
-# Check config directory
-if [[ -d "$HOME/.openclaw" ]] || [[ -d "/Users/*/.openclaw" ]]; then
-    OPENCLAW_FOUND=1
-    DETAILS="$DETAILS; Config directory found"
+# Per-user locations
+for user_home in $(get_all_user_homes); do
+    for cli_name in openclaw clawbot clawdbot moltbot; do
+        for bin_dir in "$user_home/bin" "$user_home/.local/bin"; do
+            cli_path="$bin_dir/$cli_name"
+            if [[ -f "$cli_path" ]]; then
+                OPENCLAW_FOUND=1
+                CLI_FOUND=1
+                DETAILS="$DETAILS; CLI found at $cli_path"
+                log "  [DETECTED] CLI binary found at $cli_path"
+            fi
+        done
+    done
+done
+
+if [[ $CLI_FOUND -eq 0 ]]; then
+    log "  [CLEAN] No CLI binaries found"
 fi
 
-# Check macOS app bundle
-if [[ -d "/Applications/OpenClaw.app" ]]; then
-    OPENCLAW_FOUND=1
-    DETAILS="$DETAILS; App bundle found"
+# Check config directories for ALL users
+log ""
+log "Checking for config directories (all users)..."
+CONFIG_FOUND=0
+for user_home in $(get_all_user_homes); do
+    for config_name in .openclaw .clawbot .clawdbot .moltbot; do
+        config_path="$user_home/$config_name"
+        if [[ -d "$config_path" ]]; then
+            OPENCLAW_FOUND=1
+            CONFIG_FOUND=1
+            DETAILS="$DETAILS; Config directory found at $config_path"
+            log "  [DETECTED] Config directory found at $config_path"
+        fi
+    done
+done
+if [[ $CONFIG_FOUND -eq 0 ]]; then
+    log "  [CLEAN] No config directories found"
+fi
+
+# Check macOS app bundles (system-wide and per-user)
+log ""
+log "Checking for macOS app bundles (all locations)..."
+APP_FOUND=0
+for app_name in OpenClaw.app ClawBot.app ClawdBot.app MoltBot.app; do
+    # System-wide Applications
+    app_path="/Applications/$app_name"
+    if [[ -d "$app_path" ]]; then
+        OPENCLAW_FOUND=1
+        APP_FOUND=1
+        DETAILS="$DETAILS; App bundle found at $app_path"
+        log "  [DETECTED] App bundle found at $app_path"
+    fi
+    
+    # Per-user Applications folders
+    for user_home in $(get_all_user_homes); do
+        app_path="$user_home/Applications/$app_name"
+        if [[ -d "$app_path" ]]; then
+            OPENCLAW_FOUND=1
+            APP_FOUND=1
+            DETAILS="$DETAILS; App bundle found at $app_path"
+            log "  [DETECTED] App bundle found at $app_path"
+        fi
+    done
+done
+if [[ $APP_FOUND -eq 0 ]]; then
+    log "  [CLEAN] No app bundles found"
 fi
 
 # Check gateway port
+log ""
+log "Checking for gateway port 18789..."
 if command -v nc &>/dev/null && nc -z localhost 18789 2>/dev/null; then
     OPENCLAW_FOUND=1
     DETAILS="$DETAILS; Gateway port 18789 listening"
+    log "  [DETECTED] Gateway port 18789 is listening"
+elif command -v lsof &>/dev/null && lsof -i :18789 -sTCP:LISTEN &>/dev/null; then
+    OPENCLAW_FOUND=1
+    DETAILS="$DETAILS; Gateway port 18789 listening"
+    log "  [DETECTED] Gateway port 18789 is listening"
+else
+    log "  [CLEAN] Gateway port 18789 not listening"
 fi
 
 # Check running processes
-if pgrep -x "openclaw" > /dev/null 2>&1 || pgrep -f "openclaw" > /dev/null 2>&1; then
-    OPENCLAW_FOUND=1
-    DETAILS="$DETAILS; Process running"
+log ""
+log "Checking for running processes (openclaw, clawbot, clawdbot, moltbot)..."
+PROC_FOUND=0
+for proc_name in openclaw clawbot clawdbot moltbot; do
+    if pgrep -x "$proc_name" > /dev/null 2>&1; then
+        OPENCLAW_FOUND=1
+        PROC_FOUND=1
+        PIDS=$(pgrep -x "$proc_name" | tr '\\n' ' ')
+        DETAILS="$DETAILS; Process $proc_name running (PIDs: $PIDS)"
+        log "  [DETECTED] $proc_name process running (PIDs: $PIDS)"
+    elif pgrep -f "$proc_name" > /dev/null 2>&1; then
+        OPENCLAW_FOUND=1
+        PROC_FOUND=1
+        PIDS=$(pgrep -f "$proc_name" | tr '\\n' ' ')
+        DETAILS="$DETAILS; Process $proc_name running (PIDs: $PIDS)"
+        log "  [DETECTED] $proc_name-related process running (PIDs: $PIDS)"
+    fi
+done
+if [[ $PROC_FOUND -eq 0 ]]; then
+    log "  [CLEAN] No matching processes running"
+fi
+
+# Check launchd services (macOS) - all users
+if [[ "$(uname)" == "Darwin" ]]; then
+    log ""
+    log "Checking for launchd services (all users)..."
+    LAUNCHD_FOUND=0
+    
+    # System-wide LaunchAgents and LaunchDaemons
+    for plist_dir in /Library/LaunchAgents /Library/LaunchDaemons; do
+        if [[ -d "$plist_dir" ]]; then
+            for pattern in "bot.molt.*" "*openclaw*" "*clawbot*" "*clawdbot*" "*moltbot*"; do
+                for plist in "$plist_dir"/$pattern; do
+                    if [[ -f "$plist" ]]; then
+                        OPENCLAW_FOUND=1
+                        LAUNCHD_FOUND=1
+                        DETAILS="$DETAILS; LaunchAgent found: $plist"
+                        log "  [DETECTED] LaunchAgent/Daemon found: $plist"
+                    fi
+                done
+            done
+        fi
+    done
+    
+    # Per-user LaunchAgents
+    for user_home in $(get_all_user_homes); do
+        plist_dir="$user_home/Library/LaunchAgents"
+        if [[ -d "$plist_dir" ]]; then
+            for pattern in "bot.molt.*" "*openclaw*" "*clawbot*" "*clawdbot*" "*moltbot*"; do
+                for plist in "$plist_dir"/$pattern; do
+                    if [[ -f "$plist" ]]; then
+                        OPENCLAW_FOUND=1
+                        LAUNCHD_FOUND=1
+                        DETAILS="$DETAILS; LaunchAgent found: $plist"
+                        log "  [DETECTED] LaunchAgent/Daemon found: $plist"
+                    fi
+                done
+            done
+        fi
+    done
+    
+    if [[ $LAUNCHD_FOUND -eq 0 ]]; then
+        log "  [CLEAN] No launchd services found"
+    fi
+fi
+
+# Check systemd services (Linux) - system and user level
+if command -v systemctl &>/dev/null; then
+    log ""
+    log "Checking for systemd services (system and user level)..."
+    SYSTEMD_FOUND=0
+    
+    # System-level services
+    for svc_name in openclaw clawbot clawdbot moltbot; do
+        if systemctl list-unit-files "$svc_name.service" &>/dev/null 2>&1; then
+            OPENCLAW_FOUND=1
+            SYSTEMD_FOUND=1
+            STATUS=$(systemctl is-active "$svc_name.service" 2>/dev/null || echo "inactive")
+            DETAILS="$DETAILS; Systemd service $svc_name found (status: $STATUS)"
+            log "  [DETECTED] Systemd service $svc_name found (status: $STATUS)"
+        fi
+        
+        # Check service file directly
+        for svc_path in /etc/systemd/system /usr/lib/systemd/system; do
+            if [[ -f "$svc_path/$svc_name.service" ]]; then
+                OPENCLAW_FOUND=1
+                SYSTEMD_FOUND=1
+                DETAILS="$DETAILS; Systemd service file found: $svc_path/$svc_name.service"
+                log "  [DETECTED] Systemd service file found: $svc_path/$svc_name.service"
+            fi
+        done
+    done
+    
+    # User-level systemd services
+    for user_home in $(get_all_user_homes); do
+        user_systemd="$user_home/.config/systemd/user"
+        if [[ -d "$user_systemd" ]]; then
+            for svc_name in openclaw clawbot clawdbot moltbot; do
+                if [[ -f "$user_systemd/$svc_name.service" ]]; then
+                    OPENCLAW_FOUND=1
+                    SYSTEMD_FOUND=1
+                    DETAILS="$DETAILS; User systemd service found: $user_systemd/$svc_name.service"
+                    log "  [DETECTED] User systemd service found: $user_systemd/$svc_name.service"
+                fi
+            done
+        fi
+    done
+    
+    if [[ $SYSTEMD_FOUND -eq 0 ]]; then
+        log "  [CLEAN] No systemd services found"
+    fi
+fi
+
+# Check Docker
+if command -v docker &>/dev/null; then
+    log ""
+    log "Checking for Docker artifacts..."
+    DOCKER_FOUND=0
+    for docker_name in openclaw clawbot clawdbot moltbot; do
+        CONTAINERS=$(docker ps -a --filter "name=$docker_name" --format "{{.Names}}" 2>/dev/null || true)
+        if [[ -n "$CONTAINERS" ]]; then
+            OPENCLAW_FOUND=1
+            DOCKER_FOUND=1
+            DETAILS="$DETAILS; Docker containers ($docker_name): $CONTAINERS"
+            log "  [DETECTED] Docker containers found ($docker_name): $CONTAINERS"
+        fi
+        IMAGES=$(docker images --filter "reference=*$docker_name*" --format "{{.Repository}}:{{.Tag}}" 2>/dev/null || true)
+        if [[ -n "$IMAGES" ]]; then
+            OPENCLAW_FOUND=1
+            DOCKER_FOUND=1
+            DETAILS="$DETAILS; Docker images ($docker_name): $IMAGES"
+            log "  [DETECTED] Docker images found ($docker_name): $IMAGES"
+        fi
+    done
+    if [[ $DOCKER_FOUND -eq 0 ]]; then
+        log "  [CLEAN] No Docker artifacts found"
+    fi
 fi
 ${webhookUrl ? '\nsend_webhook "$([[ $OPENCLAW_FOUND -eq 1 ]] && echo "detected" || echo "clean")" "$DETAILS"' : ''}
 
+# Final summary
+log ""
+log "=========================================="
+log "SCAN SUMMARY"
+log "=========================================="
+if [[ $OPENCLAW_FOUND -eq 1 ]]; then
+    log "STATUS: OpenClaw DETECTED"
+    log "DETAILS: $DETAILS"
+    log "EXIT CODE: 1"
+else
+    log "STATUS: System CLEAN - No OpenClaw installation detected"
+    log "EXIT CODE: 0"
+fi
+log "=========================================="
+
 exit $OPENCLAW_FOUND
 `;
 }
@@ -230,8 +522,13 @@ send_webhook() {
 #
 # WARNING: This script will remove OpenClaw installations!
 # Run with sudo for full purge capabilities.
+# Exit code is always 0 if the script runs to completion - check logs for details.
+
+set -o pipefail
 
-set -euo pipefail
+# Set defaults for environment variables that may be unset when running as root
+HOME="\${HOME:-/root}"
+USER="\${USER:-root}"
 
 PURGE_RESULTS=""
 ${webhookSection}
@@ -240,68 +537,516 @@ log_action() {
     PURGE_RESULTS="$PURGE_RESULTS; $1"
 }
 
+# Get all user home directories
+get_all_user_homes() {
+    local homes=()
+    
+    # macOS users
+    if [[ -d "/Users" ]]; then
+        for user_dir in /Users/*; do
+            if [[ -d "$user_dir" && "$user_dir" != "/Users/Shared" && "$user_dir" != "/Users/Guest" ]]; then
+                homes+=("$user_dir")
+            fi
+        done
+    fi
+    
+    # Linux users
+    if [[ -d "/home" ]]; then
+        for user_dir in /home/*; do
+            if [[ -d "$user_dir" ]]; then
+                homes+=("$user_dir")
+            fi
+        done
+    fi
+    
+    # Root home
+    if [[ -d "/root" ]]; then
+        homes+=("/root")
+    fi
+    if [[ -d "/var/root" ]]; then
+        homes+=("/var/root")
+    fi
+    
+    echo "\${homes[@]}"
+}
+
+log_action "=========================================="
+log_action "Nox OpenClaw Hunter - Purge (All Users)"
+log_action "=========================================="
+
 # Check if running as root
-if [[ $EUID -ne 0 ]]; then
+if [[ \${EUID:-$(id -u)} -ne 0 ]]; then
     echo "Warning: Not running as root. Some actions may fail."
+    echo "For complete purge across all users, run with sudo."
 fi
 
-# Kill running processes
-log_action "Killing OpenClaw processes..."
-pkill -9 -f "openclaw" 2>/dev/null || log_action "No processes to kill"
+# STEP 1: Unload launchd services FIRST to prevent process respawning (macOS)
+if [[ "$(uname)" == "Darwin" ]]; then
+    log_action "Unloading launchd services to prevent respawning..."
+    
+    # System-wide LaunchAgents and LaunchDaemons
+    for plist_dir in /Library/LaunchAgents /Library/LaunchDaemons; do
+        for pattern in "bot.molt.*" "*openclaw*" "*clawbot*" "*clawdbot*" "*moltbot*"; do
+            for plist in "$plist_dir"/$pattern; do
+                if [[ -f "$plist" ]]; then
+                    launchctl bootout system "$plist" 2>/dev/null || launchctl unload "$plist" 2>/dev/null || true
+                fi
+            done
+        done
+    done
+    
+    # Per-user LaunchAgents - unload for all users
+    for user_home in $(get_all_user_homes); do
+        plist_dir="$user_home/Library/LaunchAgents"
+        username=$(basename "$user_home")
+        user_uid=$(id -u "$username" 2>/dev/null || echo "")
+        if [[ -d "$plist_dir" ]]; then
+            for pattern in "bot.molt.*" "*openclaw*" "*clawbot*" "*clawdbot*" "*moltbot*"; do
+                for plist in "$plist_dir"/$pattern; do
+                    if [[ -f "$plist" ]]; then
+                        if [[ -n "$user_uid" ]]; then
+                            launchctl bootout "gui/$user_uid" "$plist" 2>/dev/null || true
+                            launchctl bootout "user/$user_uid" "$plist" 2>/dev/null || true
+                        fi
+                        launchctl unload "$plist" 2>/dev/null || true
+                    fi
+                done
+            done
+        fi
+    done
+    log_action "Launchd services unloaded"
+fi
+
+# STEP 1b: Stop systemd services FIRST to prevent respawning (Linux)
+if command -v systemctl &>/dev/null; then
+    log_action "Stopping systemd services to prevent respawning..."
+    for svc_name in openclaw clawbot clawdbot moltbot; do
+        systemctl stop "$svc_name.service" 2>/dev/null || true
+        systemctl disable "$svc_name.service" 2>/dev/null || true
+    done
+    
+    # User-level services
+    for user_home in $(get_all_user_homes); do
+        username=$(basename "$user_home")
+        for svc_name in openclaw clawbot clawdbot moltbot; do
+            sudo -u "$username" systemctl --user stop "$svc_name.service" 2>/dev/null || true
+            sudo -u "$username" systemctl --user disable "$svc_name.service" 2>/dev/null || true
+        done
+    done
+    log_action "Systemd services stopped"
+fi
+
+# STEP 2: Kill running processes
+log_action "Killing processes (openclaw, clawbot, clawdbot, moltbot)..."
+PROCS_KILLED=0
+for proc_name in openclaw clawbot clawdbot moltbot; do
+    # Find PIDs first (exclude our own script)
+    PIDS=$(pgrep -x "$proc_name" 2>/dev/null || true)
+    if [[ -z "$PIDS" ]]; then
+        # Try matching command line if exact name match fails
+        PIDS=$(pgrep -f "/$proc_name\$" 2>/dev/null || true)
+    fi
+    
+    if [[ -n "$PIDS" ]]; then
+        for pid in $PIDS; do
+            # Skip if it's our own process
+            if [[ "$pid" == "$$" ]]; then
+                continue
+            fi
+            kill -9 "$pid" 2>/dev/null && {
+                log_action "  Killed $proc_name (PID: $pid)"
+                PROCS_KILLED=$((PROCS_KILLED + 1))
+            } || true
+        done
+    fi
+    
+    # Also try pkill as backup
+    pkill -9 -x "$proc_name" 2>/dev/null || true
+    
+    # On macOS, also try killall
+    if [[ "$(uname)" == "Darwin" ]]; then
+        killall -9 "$proc_name" 2>/dev/null || true
+    fi
+done
+
+# Wait briefly for processes to terminate
+sleep 1
 
-# Stop and disable launchd service (macOS)
+# Verify processes are gone
+REMAINING=""
+for proc_name in openclaw clawbot clawdbot moltbot; do
+    if pgrep -x "$proc_name" >/dev/null 2>&1; then
+        REMAINING="$REMAINING $proc_name"
+    fi
+done
+
+if [[ -n "$REMAINING" ]]; then
+    log_action "WARNING: Some processes may still be running:$REMAINING"
+    # Try one more aggressive kill
+    for proc_name in $REMAINING; do
+        pkill -9 -f "$proc_name" 2>/dev/null || true
+    done
+    sleep 1
+    
+    # Final check
+    STILL_RUNNING=""
+    for proc_name in openclaw clawbot clawdbot moltbot; do
+        if pgrep -x "$proc_name" >/dev/null 2>&1; then
+            STILL_RUNNING="$STILL_RUNNING $proc_name($(pgrep -x "$proc_name" | tr '\\n' ' '))"
+        fi
+    done
+    
+    if [[ -n "$STILL_RUNNING" ]]; then
+        log_action "ERROR: Failed to kill processes:$STILL_RUNNING - may require manual intervention"
+    else
+        log_action "Process kill completed (after retry)"
+    fi
+else
+    if [[ $PROCS_KILLED -gt 0 ]]; then
+        log_action "Process kill completed ($PROCS_KILLED processes terminated)"
+    else
+        log_action "Process kill completed (no matching processes found)"
+    fi
+fi
+
+# Stop and disable launchd services (macOS) - ALL USERS
 if [[ "$(uname)" == "Darwin" ]]; then
-    for plist in ~/Library/LaunchAgents/bot.molt.* /Library/LaunchAgents/bot.molt.* /Library/LaunchDaemons/bot.molt.*; do
-        if [[ -f "$plist" ]]; then
-            launchctl unload "$plist" 2>/dev/null || true
-            rm -f "$plist"
-            log_action "Removed launchd plist: $plist"
+    log_action "Removing launchd services (all users)..."
+    LAUNCHD_REMOVED=0
+    LAUNCHD_FAILED=0
+    
+    # System-wide LaunchAgents and LaunchDaemons
+    for plist_dir in /Library/LaunchAgents /Library/LaunchDaemons; do
+        for pattern in "bot.molt.*" "*openclaw*" "*clawbot*" "*clawdbot*" "*moltbot*"; do
+            for plist in "$plist_dir"/$pattern; do
+                if [[ -f "$plist" ]]; then
+                    launchctl unload "$plist" 2>/dev/null || true
+                    rm -f "$plist" 2>/dev/null
+                    if [[ -f "$plist" ]]; then
+                        log_action "  FAILED to remove launchd plist: $plist"
+                        LAUNCHD_FAILED=$((LAUNCHD_FAILED + 1))
+                    else
+                        log_action "  Removed launchd plist: $plist"
+                        LAUNCHD_REMOVED=$((LAUNCHD_REMOVED + 1))
+                    fi
+                fi
+            done
+        done
+    done
+    
+    # Per-user LaunchAgents
+    for user_home in $(get_all_user_homes); do
+        plist_dir="$user_home/Library/LaunchAgents"
+        if [[ -d "$plist_dir" ]]; then
+            for pattern in "bot.molt.*" "*openclaw*" "*clawbot*" "*clawdbot*" "*moltbot*"; do
+                for plist in "$plist_dir"/$pattern; do
+                    if [[ -f "$plist" ]]; then
+                        launchctl unload "$plist" 2>/dev/null || true
+                        rm -f "$plist" 2>/dev/null
+                        if [[ -f "$plist" ]]; then
+                            log_action "  FAILED to remove launchd plist: $plist"
+                            LAUNCHD_FAILED=$((LAUNCHD_FAILED + 1))
+                        else
+                            log_action "  Removed launchd plist: $plist"
+                            LAUNCHD_REMOVED=$((LAUNCHD_REMOVED + 1))
+                        fi
+                    fi
+                done
+            done
         fi
     done
+    
+    if [[ $LAUNCHD_FAILED -gt 0 ]]; then
+        log_action "Launchd removal: $LAUNCHD_REMOVED removed, $LAUNCHD_FAILED failed"
+    elif [[ $LAUNCHD_REMOVED -gt 0 ]]; then
+        log_action "Launchd removal completed ($LAUNCHD_REMOVED services removed)"
+    else
+        log_action "Launchd removal completed (no launchd services found)"
+    fi
 fi
 
-# Stop and disable systemd service (Linux)
+# Stop and disable systemd services (Linux) - system and user level
 if command -v systemctl &>/dev/null; then
-    systemctl stop openclaw.service 2>/dev/null || true
-    systemctl disable openclaw.service 2>/dev/null || true
-    rm -f /etc/systemd/system/openclaw.service 2>/dev/null || true
+    log_action "Removing systemd services (system and user level)..."
+    SYSTEMD_REMOVED=0
+    SYSTEMD_FAILED=0
+    
+    # System-level services
+    for svc_name in openclaw clawbot clawdbot moltbot; do
+        systemctl stop "$svc_name.service" 2>/dev/null || true
+        systemctl disable "$svc_name.service" 2>/dev/null || true
+        
+        for svc_path in "/etc/systemd/system/$svc_name.service" "/usr/lib/systemd/system/$svc_name.service"; do
+            if [[ -f "$svc_path" ]]; then
+                rm -f "$svc_path" 2>/dev/null
+                if [[ -f "$svc_path" ]]; then
+                    log_action "  FAILED to remove systemd service: $svc_path"
+                    SYSTEMD_FAILED=$((SYSTEMD_FAILED + 1))
+                else
+                    log_action "  Removed systemd service: $svc_path"
+                    SYSTEMD_REMOVED=$((SYSTEMD_REMOVED + 1))
+                fi
+            fi
+        done
+    done
+    
+    # User-level systemd services
+    for user_home in $(get_all_user_homes); do
+        user_systemd="$user_home/.config/systemd/user"
+        if [[ -d "$user_systemd" ]]; then
+            for svc_name in openclaw clawbot clawdbot moltbot; do
+                svc_path="$user_systemd/$svc_name.service"
+                if [[ -f "$svc_path" ]]; then
+                    rm -f "$svc_path" 2>/dev/null
+                    if [[ -f "$svc_path" ]]; then
+                        log_action "  FAILED to remove user systemd service: $svc_path"
+                        SYSTEMD_FAILED=$((SYSTEMD_FAILED + 1))
+                    else
+                        log_action "  Removed user systemd service: $svc_path"
+                        SYSTEMD_REMOVED=$((SYSTEMD_REMOVED + 1))
+                    fi
+                fi
+            done
+        fi
+    done
+    
     systemctl daemon-reload 2>/dev/null || true
-    log_action "Stopped and disabled systemd service"
+    
+    if [[ $SYSTEMD_FAILED -gt 0 ]]; then
+        log_action "Systemd removal: $SYSTEMD_REMOVED removed, $SYSTEMD_FAILED failed"
+    elif [[ $SYSTEMD_REMOVED -gt 0 ]]; then
+        log_action "Systemd removal completed ($SYSTEMD_REMOVED services removed)"
+    else
+        log_action "Systemd removal completed (no systemd services found)"
+    fi
 fi
 
-# Remove CLI binary
-for cli_path in /usr/local/bin/openclaw /opt/homebrew/bin/openclaw /usr/bin/openclaw; do
-    if [[ -f "$cli_path" ]]; then
-        rm -f "$cli_path"
-        log_action "Removed CLI: $cli_path"
-    fi
+# Remove CLI binaries (system-wide and per-user)
+log_action "Removing CLI binaries (all locations)..."
+CLI_REMOVED=0
+CLI_FAILED=0
+
+# System-wide locations
+for cli_name in openclaw clawbot clawdbot moltbot; do
+    for bin_dir in /usr/local/bin /opt/homebrew/bin /usr/bin; do
+        cli_path="$bin_dir/$cli_name"
+        if [[ -f "$cli_path" ]]; then
+            rm -f "$cli_path" 2>/dev/null
+            if [[ -f "$cli_path" ]]; then
+                log_action "  FAILED to remove CLI: $cli_path (permission denied)"
+                CLI_FAILED=$((CLI_FAILED + 1))
+            else
+                log_action "  Removed CLI: $cli_path"
+                CLI_REMOVED=$((CLI_REMOVED + 1))
+            fi
+        fi
+    done
 done
 
-# Remove macOS app bundle
-if [[ -d "/Applications/OpenClaw.app" ]]; then
-    rm -rf "/Applications/OpenClaw.app"
-    log_action "Removed app bundle: /Applications/OpenClaw.app"
+# Per-user locations
+for user_home in $(get_all_user_homes); do
+    for cli_name in openclaw clawbot clawdbot moltbot; do
+        for bin_dir in "$user_home/bin" "$user_home/.local/bin"; do
+            cli_path="$bin_dir/$cli_name"
+            if [[ -f "$cli_path" ]]; then
+                rm -f "$cli_path" 2>/dev/null
+                if [[ -f "$cli_path" ]]; then
+                    log_action "  FAILED to remove CLI: $cli_path (permission denied)"
+                    CLI_FAILED=$((CLI_FAILED + 1))
+                else
+                    log_action "  Removed CLI: $cli_path"
+                    CLI_REMOVED=$((CLI_REMOVED + 1))
+                fi
+            fi
+        done
+    done
+done
+
+if [[ $CLI_FAILED -gt 0 ]]; then
+    log_action "CLI removal: $CLI_REMOVED removed, $CLI_FAILED failed"
+elif [[ $CLI_REMOVED -gt 0 ]]; then
+    log_action "CLI removal completed ($CLI_REMOVED binaries removed)"
+else
+    log_action "CLI removal completed (no CLI binaries found)"
 fi
 
-# Remove config directories
-for config_dir in ~/.openclaw /Users/*/.openclaw; do
-    if [[ -d "$config_dir" ]]; then
-        rm -rf "$config_dir"
-        log_action "Removed config: $config_dir"
+# Remove macOS app bundles (system-wide and per-user)
+log_action "Removing app bundles (all locations)..."
+APP_REMOVED=0
+APP_FAILED=0
+
+for app_name in OpenClaw.app ClawBot.app ClawdBot.app MoltBot.app; do
+    # System-wide Applications
+    if [[ -d "/Applications/$app_name" ]]; then
+        rm -rf "/Applications/$app_name" 2>/dev/null
+        if [[ -d "/Applications/$app_name" ]]; then
+            log_action "  FAILED to remove app: /Applications/$app_name (permission denied or protected)"
+            APP_FAILED=$((APP_FAILED + 1))
+        else
+            log_action "  Removed app bundle: /Applications/$app_name"
+            APP_REMOVED=$((APP_REMOVED + 1))
+        fi
     fi
+    
+    # Per-user Applications
+    for user_home in $(get_all_user_homes); do
+        if [[ -d "$user_home/Applications/$app_name" ]]; then
+            rm -rf "$user_home/Applications/$app_name" 2>/dev/null
+            if [[ -d "$user_home/Applications/$app_name" ]]; then
+                log_action "  FAILED to remove app: $user_home/Applications/$app_name (permission denied)"
+                APP_FAILED=$((APP_FAILED + 1))
+            else
+                log_action "  Removed app bundle: $user_home/Applications/$app_name"
+                APP_REMOVED=$((APP_REMOVED + 1))
+            fi
+        fi
+    done
+done
+
+if [[ $APP_FAILED -gt 0 ]]; then
+    log_action "App bundle removal: $APP_REMOVED removed, $APP_FAILED failed"
+elif [[ $APP_REMOVED -gt 0 ]]; then
+    log_action "App bundle removal completed ($APP_REMOVED bundles removed)"
+else
+    log_action "App bundle removal completed (no app bundles found)"
+fi
+
+# Remove config directories for ALL USERS
+log_action "Removing config directories (all users)..."
+CONFIG_REMOVED=0
+CONFIG_FAILED=0
+for user_home in $(get_all_user_homes); do
+    for config_name in .openclaw .clawbot .clawdbot .moltbot; do
+        config_path="$user_home/$config_name"
+        if [[ -d "$config_path" ]]; then
+            # On macOS: remove extended attributes and clear immutable flags
+            if [[ "$(uname)" == "Darwin" ]]; then
+                xattr -cr "$config_path" 2>/dev/null || true
+                chflags -R nouchg "$config_path" 2>/dev/null || true
+            fi
+            # On Linux: remove immutable attribute
+            if command -v chattr &>/dev/null; then
+                chattr -R -i "$config_path" 2>/dev/null || true
+            fi
+            
+            # Remove all contents first, then the directory
+            find "$config_path" -type f -delete 2>/dev/null || true
+            find "$config_path" -type d -empty -delete 2>/dev/null || true
+            rm -rf "$config_path" 2>/dev/null || true
+            
+            # If still exists, try moving to temp and deleting
+            if [[ -d "$config_path" ]]; then
+                temp_path="/tmp/.nox_purge_$$_$(basename "$config_path")"
+                mv "$config_path" "$temp_path" 2>/dev/null && rm -rf "$temp_path" 2>/dev/null || true
+            fi
+            
+            # Verify removal
+            if [[ -d "$config_path" ]]; then
+                log_action "  FAILED to remove config: $config_path (permission denied or protected)"
+                CONFIG_FAILED=$((CONFIG_FAILED + 1))
+            else
+                log_action "  Removed config: $config_path"
+                CONFIG_REMOVED=$((CONFIG_REMOVED + 1))
+            fi
+        fi
+    done
 done
+if [[ $CONFIG_FAILED -gt 0 ]]; then
+    log_action "Config removal: $CONFIG_REMOVED removed, $CONFIG_FAILED failed"
+elif [[ $CONFIG_REMOVED -gt 0 ]]; then
+    log_action "Config removal completed ($CONFIG_REMOVED directories removed)"
+else
+    log_action "Config removal completed (no config directories found)"
+fi
 
 # Remove Docker containers and images
 if command -v docker &>/dev/null; then
-    docker ps -a --filter "name=openclaw" --format "{{.ID}}" | xargs -r docker rm -f 2>/dev/null || true
-    docker images --filter "reference=*openclaw*" --format "{{.ID}}" | xargs -r docker rmi -f 2>/dev/null || true
+    log_action "Cleaning Docker artifacts..."
+    for docker_name in openclaw clawbot clawdbot moltbot; do
+        docker ps -a --filter "name=$docker_name" --format "{{.ID}}" | xargs -r docker rm -f 2>/dev/null || true
+        docker images --filter "reference=*$docker_name*" --format "{{.ID}}" | xargs -r docker rmi -f 2>/dev/null || true
+    done
     log_action "Cleaned Docker artifacts"
 fi
 
+# FINAL CLEANUP PASS - catch any respawned processes and recreated files
+log_action "Running final cleanup pass..."
+sleep 2
+
+# Kill any respawned processes
+RESPAWNED=0
+for proc_name in openclaw clawbot clawdbot moltbot; do
+    if pgrep -x "$proc_name" >/dev/null 2>&1; then
+        pkill -9 -x "$proc_name" 2>/dev/null || true
+        killall -9 "$proc_name" 2>/dev/null || true
+        RESPAWNED=1
+        log_action "  Killed respawned process: $proc_name"
+    fi
+done
+
+# Remove any recreated config directories (thorough removal)
+for user_home in $(get_all_user_homes); do
+    for config_name in .openclaw .clawbot .clawdbot .moltbot; do
+        config_path="$user_home/$config_name"
+        if [[ -d "$config_path" ]]; then
+            # On macOS: remove extended attributes and clear immutable flags
+            if [[ "$(uname)" == "Darwin" ]]; then
+                xattr -cr "$config_path" 2>/dev/null || true
+                chflags -R nouchg "$config_path" 2>/dev/null || true
+            fi
+            # On Linux: remove immutable attribute
+            if command -v chattr &>/dev/null; then
+                chattr -R -i "$config_path" 2>/dev/null || true
+            fi
+            
+            # Remove all contents first, then the directory
+            find "$config_path" -type f -delete 2>/dev/null || true
+            find "$config_path" -type d -empty -delete 2>/dev/null || true
+            rm -rf "$config_path" 2>/dev/null || true
+            
+            # If still exists, try moving to temp and deleting
+            if [[ -d "$config_path" ]]; then
+                temp_path="/tmp/.nox_purge_$$_$(basename "$config_path")"
+                mv "$config_path" "$temp_path" 2>/dev/null && rm -rf "$temp_path" 2>/dev/null || true
+            fi
+            
+            if [[ -d "$config_path" ]]; then
+                log_action "  FAILED: Config directory recreated and cannot be removed: $config_path"
+            else
+                log_action "  Removed recreated config directory: $config_path"
+            fi
+        fi
+    done
+done
+
+# Final verification
+FINAL_PROCS=""
+FINAL_CONFIGS=""
+for proc_name in openclaw clawbot clawdbot moltbot; do
+    if pgrep -x "$proc_name" >/dev/null 2>&1; then
+        FINAL_PROCS="$FINAL_PROCS $proc_name"
+    fi
+done
+for user_home in $(get_all_user_homes); do
+    for config_name in .openclaw .clawbot .clawdbot .moltbot; do
+        if [[ -d "$user_home/$config_name" ]]; then
+            FINAL_CONFIGS="$FINAL_CONFIGS $user_home/$config_name"
+        fi
+    done
+done
+
+if [[ -n "$FINAL_PROCS" || -n "$FINAL_CONFIGS" ]]; then
+    log_action "WARNING: Some items could not be fully purged:"
+    [[ -n "$FINAL_PROCS" ]] && log_action "  Processes still running:$FINAL_PROCS"
+    [[ -n "$FINAL_CONFIGS" ]] && log_action "  Config directories still exist:$FINAL_CONFIGS"
+    log_action "Manual intervention may be required"
+else
+    log_action "Final cleanup pass completed - all items purged successfully"
+fi
+
 log_action "Purge complete"
 ${webhookUrl ? '\nsend_webhook "purged" "$PURGE_RESULTS"' : ''}
 
-echo "Purge complete. Results: $PURGE_RESULTS"
 exit 0
 `;
 }
@@ -401,11 +1146,8 @@ if (Get-Command docker -ErrorAction SilentlyContinue) {
     Log-Action "Cleaned Docker artifacts"
 }
 
-$ResultsString = $PurgeResults -join "; "
-${webhookUrl ? '\nSend-Webhook -Status "purged" -Details $ResultsString' : ''}
-
-Write-Host ""
-Write-Host "Purge complete. Results: $ResultsString"
+${webhookUrl ? '$ResultsString = $PurgeResults -join "; "\nSend-Webhook -Status "purged" -Details $ResultsString\n' : ''}
+Log-Action "Purge complete"
 exit 0
 `;
 }