npm - openclaw-memory-alibaba-local - Versions diffs - 0.1.0 → 0.1.2 - Mend

openclaw-memory-alibaba-local 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -42,7 +42,7 @@ OpenClaw 记忆插件：**本地 LanceDB** 向量存储。支持用户记忆三
 }
 ```
-可选 **`local`** 字段：`commandPrefix`（默认使用 `llama-embedding -m ~/.openclaw/embedding_model/embeddinggemma-300M-Q8_0.gguf -f /dev/stdin --embd-output-format json`）、`dimensions`（默认 **768**）、`maxToken`（默认 **2048**）。命令需从 **stdin** 读入待嵌入文本；推荐使用 **`--embd-output-format json`**（与 OpenAI 列表格式兼容）。
+可选 **`local`** 字段：`commandPrefix`（默认使用 `llama-embedding -m ~/.openclaw/embedding_model/embeddinggemma-300M-Q8_0.gguf  --embd-output-format json`）、`dimensions`（默认 **768**）、`maxToken`（默认 **2048**）。命令需从 **stdin** 读入待嵌入文本；推荐使用 **`--embd-output-format json`**（与 OpenAI 列表格式兼容）。
 ## 远程 embedding（OpenAI 兼容）

package/embedding-backend.ts CHANGED Viewed

@@ -13,7 +13,7 @@ export type EmbeddingBackend = {
 };
 const DEFAULT_LOCAL_PREFIX =
-  "llama-embedding -m ~/.openclaw/embedding_model/embeddinggemma-300M-Q8_0.gguf -f /dev/stdin --embd-output-format json ";
+  "llama-embedding -m ~/.openclaw/embedding_model/embeddinggemma-300M-Q8_0.gguf --embd-output-format json ";
 function expandTildeInCommandPrefix(prefix: string): string {
   const home = process.env.HOME || "";

package/index.ts CHANGED Viewed

@@ -53,7 +53,7 @@ import {
   saveAgentEndCursorMap,
 } from "./capture-state.js";
 import { LANCEDB_TABLE_NAME, MemoryDB } from "./db.js";
-import { registerMemoryPanelRoutes } from "./web/memory-routes.js";
+import { registerMemoryAdminGatewayMethods, registerMemoryPanelRoutes } from "./web/memory-routes.js";
 import type { MemoryEntry, MemorySearchResult } from "./db.js";
 import {
   buildUserMemoryExtractionPrompt,
@@ -1241,23 +1241,25 @@ const memoryPlugin = {
     const getDbAndBackend = (): { db: MemoryDB; backend: EmbeddingBackend } | null =>
       backend ? { db, backend } : null;
+    const memoryAdminOpts = backend
+      ? {
+          encodeForStorage: (text: string) => backend!.encodeForStorage(text),
+          vectorDim: db.getEmbeddingVectorDim(),
+        }
+      : {
+          vectorDim: db.getEmbeddingVectorDim(),
+        };
+    if (typeof api.registerGatewayMethod === "function") {
+      registerMemoryAdminGatewayMethods(api.registerGatewayMethod.bind(api), db, cfg, api.logger, memoryAdminOpts);
+    } else {
+      api.logger.warn("openclaw-memory-alibaba-local: registerGatewayMethod missing — memory admin data API disabled");
+    }
     if (typeof api.registerHttpRoute === "function") {
-      registerMemoryPanelRoutes(
-        api.registerHttpRoute.bind(api),
-        db,
-        cfg,
-        api.logger,
-        backend
-          ? {
-              encodeForStorage: (text) => backend!.encodeForStorage(text),
-              vectorDim: db.getEmbeddingVectorDim(),
-            }
-          : {
-              vectorDim: db.getEmbeddingVectorDim(),
-            },
-      );
+      registerMemoryPanelRoutes(api.registerHttpRoute.bind(api), db, cfg, api.logger, memoryAdminOpts);
     } else {
-      api.logger.warn("openclaw-memory-alibaba-local: registerHttpRoute missing — /plugins/memory UI disabled");
+      api.logger.warn("openclaw-memory-alibaba-local: registerHttpRoute missing — /plugins/memory HTML shell disabled");
     }
     // --- Tools: memory_recall, memory_store, memory_forget ---

package/openclaw.plugin.json CHANGED Viewed

@@ -19,7 +19,7 @@
           "mode": { "type": "string", "enum": ["local", "remote"], "default": "local" },
           "commandPrefix": {
             "type": "string",
-            "description": "Shell command; stdin = text to embed. Default uses llama-embedding + -f /dev/stdin --embd-output-format json."
+            "description": "Shell command; stdin = text to embed. Default uses llama-embedding +  --embd-output-format json."
           },
           "dimensions": { "type": "number", "description": "768 default (local); 1024 default (remote) when omitted." },
           "maxToken": { "type": "number", "description": "2048 default (remote) when omitted." },
@@ -136,7 +136,7 @@
     },
     "embedding.commandPrefix": {
       "label": "Local embed command",
-      "placeholder": "llama-embedding -m ~/.openclaw/... -f /dev/stdin --embd-output-format json",
+      "placeholder": "llama-embedding -m ~/.openclaw/... --embd-output-format json",
       "help": "Must read prompt from stdin; JSON output recommended for parsing."
     },
     "embedding.apiKey": {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-memory-alibaba-local",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "OpenClaw memory plugin: local LanceDB + DashScope-compatible embeddings",
   "type": "module",
   "license": "MIT",
@@ -27,6 +27,7 @@
     "embedding-backend.ts",
     "categories.ts",
     "prompts.ts",
+    "web/memory-admin-ops.ts",
     "web/memory-routes.ts",
     "web/memory-ui.ts",
     "openclaw.plugin.json",

package/web/memory-admin-ops.ts ADDED Viewed

@@ -0,0 +1,303 @@
+/**
+ * Shared admin-panel operations for memory DB (used by Gateway WebSocket RPC).
+ */
+import type { MemoryCategory, MemoryConfig } from "../config.js";
+import {
+  FULL_CONTEXT_ASSISTANT,
+  FULL_CONTEXT_MEMORY,
+  FULL_CONTEXT_OTHERS,
+  FULL_CONTEXT_SOURCE_CATEGORIES,
+  FULL_CONTEXT_SYSTEM,
+  FULL_CONTEXT_TOOL,
+  FULL_CONTEXT_TOOL_RESULT,
+  FULL_CONTEXT_USER,
+  MANUAL_INSERT_SESSION,
+  MEMORY_CATEGORY_LABEL_ZH,
+  SELF_IMPROVING_CATEGORIES,
+  USER_MEMORY_CATEGORIES,
+  isFullContextSourceCategory,
+} from "../categories.js";
+import type { AdminListFilters, MemoryDB } from "../db.js";
+const MANUAL_ADD_MAX_CHARS = 8000;
+export type MemoryAdminOpsOpts = {
+  encodeForStorage?: (text: string) => Promise<{ chunks: string[]; vectors: number[][] }>;
+  vectorDim?: number;
+};
+export type MemoryAdminOpsContext = {
+  db: MemoryDB;
+  cfg: MemoryConfig;
+  opts?: MemoryAdminOpsOpts | null;
+};
+export type AdminOpResult<T = unknown> =
+  | { ok: true; data: T }
+  | { ok: false; status: number; body: Record<string, unknown> };
+function categoryUsesRealEmbedding(category: MemoryCategory): boolean {
+  return category !== FULL_CONTEXT_MEMORY && !isFullContextSourceCategory(category);
+}
+function writableCategoriesForPanel(cfg: MemoryConfig): MemoryCategory[] {
+  const out: MemoryCategory[] = [...USER_MEMORY_CATEGORIES];
+  if (cfg.enableFullContextMemory) {
+    out.push(
+      FULL_CONTEXT_USER,
+      FULL_CONTEXT_ASSISTANT,
+      FULL_CONTEXT_SYSTEM,
+      FULL_CONTEXT_TOOL,
+      FULL_CONTEXT_TOOL_RESULT,
+      FULL_CONTEXT_OTHERS,
+    );
+  }
+  if (cfg.enableSelfImprovingMemory) {
+    out.push(...SELF_IMPROVING_CATEGORIES);
+  }
+  return out;
+}
+export function buildPanelConfigPayload(cfg: MemoryConfig) {
+  return {
+    enableFullContextMemory: cfg.enableFullContextMemory,
+    enableSelfImprovingMemory: cfg.enableSelfImprovingMemory,
+    categoryLabelsZh: { ...MEMORY_CATEGORY_LABEL_ZH },
+    tabCategories: {
+      user: [...USER_MEMORY_CATEGORIES],
+      self: cfg.enableSelfImprovingMemory ? [...SELF_IMPROVING_CATEGORIES] : [],
+      full: cfg.enableFullContextMemory ? [...FULL_CONTEXT_SOURCE_CATEGORIES] : [],
+    },
+    memoryTypeFilterOptions: cfg.adminPanelMemoryTypeOptions,
+  };
+}
+function tabToCategories(tab: string, cfg: MemoryConfig): MemoryCategory[] {
+  if (tab === "full") {
+    return cfg.enableFullContextMemory ? [...FULL_CONTEXT_SOURCE_CATEGORIES] : [];
+  }
+  if (tab === "self") {
+    return cfg.enableSelfImprovingMemory ? [...SELF_IMPROVING_CATEGORIES] : [];
+  }
+  return [...USER_MEMORY_CATEGORIES];
+}
+function parseOptionalTimeMs(iso: string | null | undefined): number | undefined {
+  if (!iso) {
+    return undefined;
+  }
+  const t = Date.parse(String(iso));
+  if (Number.isNaN(t)) {
+    return undefined;
+  }
+  return t;
+}
+async function ensureDb(ctx: MemoryAdminOpsContext): Promise<AdminOpResult<null>> {
+  try {
+    await ctx.db.ensureReady();
+    return { ok: true, data: null };
+  } catch (e) {
+    return { ok: false, status: 503, body: { error: "Database unavailable", detail: String(e) } };
+  }
+}
+export async function opMemoryAdminConfig(ctx: MemoryAdminOpsContext): Promise<AdminOpResult<unknown>> {
+  const r = await ensureDb(ctx);
+  if (!r.ok) {
+    return r;
+  }
+  return { ok: true, data: buildPanelConfigPayload(ctx.cfg) };
+}
+export async function opMemoryAdminFacets(ctx: MemoryAdminOpsContext): Promise<AdminOpResult<unknown>> {
+  const r = await ensureDb(ctx);
+  if (!r.ok) {
+    return r;
+  }
+  try {
+    const facets = await ctx.db.listAdminFacets([], undefined, undefined);
+    return { ok: true, data: facets };
+  } catch (e) {
+    return { ok: false, status: 400, body: { error: String(e) } };
+  }
+}
+export async function opMemoryAdminDashboard(
+  ctx: MemoryAdminOpsContext,
+  params: Record<string, unknown>,
+): Promise<AdminOpResult<unknown>> {
+  const r = await ensureDb(ctx);
+  if (!r.ok) {
+    return r;
+  }
+  const timeFromMs = parseOptionalTimeMs(params.timeFrom as string | undefined);
+  const timeToMs = parseOptionalTimeMs(params.timeTo as string | undefined);
+  if (timeFromMs === undefined || timeToMs === undefined) {
+    return { ok: false, status: 400, body: { error: "timeFrom and timeTo are required (ISO 8601)" } };
+  }
+  const agentId = String(params.agentId ?? "").trim();
+  const sessionId = String(params.sessionId ?? "").trim();
+  if (!agentId) {
+    return { ok: false, status: 400, body: { error: "缺少 agentId：请先选择 Agent" } };
+  }
+  try {
+    const agg = await ctx.db.getAdminDashboardAggregates(timeFromMs, timeToMs, agentId, sessionId);
+    return { ok: true, data: agg };
+  } catch (e) {
+    return { ok: false, status: 400, body: { error: String(e) } };
+  }
+}
+export async function opMemoryAdminList(
+  ctx: MemoryAdminOpsContext,
+  params: Record<string, unknown>,
+): Promise<AdminOpResult<unknown>> {
+  const r = await ensureDb(ctx);
+  if (!r.ok) {
+    return r;
+  }
+  const cfg = ctx.cfg;
+  const tab = String(params.tab || "user");
+  const agentId = String(params.agentId ?? "").trim();
+  const sessionId = String(params.sessionId ?? "").trim();
+  if (!agentId) {
+    return { ok: false, status: 400, body: { error: "缺少 agentId：请先选择 Agent" } };
+  }
+  const baseCats = tabToCategories(tab, cfg);
+  if (baseCats.length === 0) {
+    return { ok: true, data: { items: [], total: 0, page: 1, pageSize: 100 } };
+  }
+  const timeFromMs = parseOptionalTimeMs(params.timeFrom as string | undefined);
+  const timeToMs = parseOptionalTimeMs(params.timeTo as string | undefined);
+  const page = Math.max(1, parseInt(String(params.page || "1"), 10) || 1);
+  const pageSize = Math.min(500, Math.max(1, parseInt(String(params.limit || "100"), 10) || 100));
+  const categoryOne = String(params.category ?? "").trim();
+  let filterCats = baseCats;
+  if (categoryOne) {
+    if (!baseCats.includes(categoryOne as MemoryCategory)) {
+      return { ok: false, status: 400, body: { error: "category 与当前 Tab 不匹配" } };
+    }
+    const listTab = tab === "full" ? "full" : tab === "self" ? "self" : "user";
+    const optList = cfg.adminPanelMemoryTypeOptions[listTab];
+    if (!optList.some((o) => o.category === categoryOne)) {
+      return { ok: false, status: 400, body: { error: "category 不在插件配置的记忆类型筛选项中" } };
+    }
+    filterCats = [categoryOne as MemoryCategory];
+  }
+  const filters: AdminListFilters = {
+    categories: filterCats,
+    timeFromMs,
+    timeToMs,
+    agentId,
+  };
+  if (sessionId) {
+    filters.sessionId = sessionId;
+  }
+  try {
+    const sortDesc = params.sortDesc !== false && String(params.sortDesc) !== "false";
+    const adminTab = tab === "full" ? "full" : tab === "self" ? "self" : "user";
+    const { total, items } = await ctx.db.listAdminFiltered(filters, page, pageSize, {
+      adminTab,
+      sortDesc,
+    });
+    return { ok: true, data: { items, total, page, pageSize } };
+  } catch (e) {
+    return { ok: false, status: 400, body: { error: String(e) } };
+  }
+}
+export async function opMemoryAdminDelete(
+  ctx: MemoryAdminOpsContext,
+  params: Record<string, unknown>,
+): Promise<AdminOpResult<unknown>> {
+  const r = await ensureDb(ctx);
+  if (!r.ok) {
+    return r;
+  }
+  const itemsRaw = params.items;
+  const items = Array.isArray(itemsRaw) ? itemsRaw : [];
+  const normalized: { agentId: string; id: string }[] = [];
+  for (const it of items) {
+    const o = it as { agentId?: string; id?: string };
+    if (o?.agentId && o?.id) {
+      normalized.push({ agentId: String(o.agentId), id: String(o.id) });
+    }
+  }
+  if (normalized.length === 0) {
+    return { ok: false, status: 400, body: { error: "items required" } };
+  }
+  const n = await ctx.db.deleteMany(normalized);
+  return { ok: true, data: { deleted: n } };
+}
+export async function opMemoryAdminAdd(
+  ctx: MemoryAdminOpsContext,
+  params: Record<string, unknown>,
+): Promise<AdminOpResult<unknown>> {
+  const r = await ensureDb(ctx);
+  if (!r.ok) {
+    return r;
+  }
+  const enc = ctx.opts?.encodeForStorage;
+  const vectorDim =
+    typeof ctx.opts?.vectorDim === "number" && ctx.opts.vectorDim > 0 ? ctx.opts.vectorDim : 768;
+  const agentId = String(params.agentId ?? "").trim();
+  const textRaw = params.text == null ? "" : String(params.text);
+  const category = String(params.category ?? "").trim() as MemoryCategory;
+  if (!agentId) {
+    return { ok: false, status: 400, body: { error: "agentId required" } };
+  }
+  const text = textRaw.trim();
+  if (!text.length) {
+    return { ok: false, status: 400, body: { error: "text required" } };
+  }
+  const allowed = new Set(writableCategoriesForPanel(ctx.cfg));
+  if (!allowed.has(category)) {
+    return { ok: false, status: 400, body: { error: "invalid or disabled category" } };
+  }
+  const textForEmbed = text.length > MANUAL_ADD_MAX_CHARS ? text.slice(0, MANUAL_ADD_MAX_CHARS) : text;
+  const needsRealEmbed = categoryUsesRealEmbedding(category);
+  if (needsRealEmbed && !enc) {
+    return { ok: false, status: 503, body: { error: "Embedding not configured; plugin needs embedding in config." } };
+  }
+  let vectors: number[][];
+  if (needsRealEmbed) {
+    try {
+      const out = await enc!(textForEmbed);
+      vectors = out.vectors;
+    } catch (e) {
+      return { ok: false, status: 502, body: { error: `embed failed: ${String(e)}` } };
+    }
+    if (vectors.length === 0) {
+      return { ok: false, status: 400, body: { error: "nothing to embed (empty after chunking)" } };
+    }
+  } else {
+    vectors = [Array.from({ length: vectorDim }, () => 0)];
+  }
+  const stored = await ctx.db.storeMany(
+    agentId,
+    vectors.map((vector, idx) => ({
+      text: textForEmbed,
+      vector,
+      importance: 1,
+      category,
+      userId: "",
+      sessionId: MANUAL_INSERT_SESSION,
+      seqInBatch: 0,
+      chunkIndex: idx,
+    })),
+  );
+  return {
+    ok: true,
+    data: {
+      id: stored[0]!.id,
+      createdAt: stored[0]!.createdAt,
+      chunkRows: stored.length,
+    },
+  };
+}

package/web/memory-routes.ts CHANGED Viewed

@@ -1,77 +1,28 @@
 /**
- * Memory admin panel — /plugins/memory (HTML + JSON API).
- * Auth aligned with openclaw-observability: gateway.auth.token → ?token= or Bearer.
+ * Memory admin panel — /plugins/memory (HTML shell) + Gateway WebSocket RPC (memory.admin.*).
+ * Auth aligned with OpenClaw gateway: connect with gateway token + operator scopes (same as Control UI).
  */
 import * as fs from "node:fs";
 import * as os from "node:os";
 import * as path from "node:path";
 import type { IncomingMessage, ServerResponse } from "node:http";
-import type { MemoryCategory, MemoryConfig } from "../config.js";
-import {
-  FULL_CONTEXT_ASSISTANT,
-  FULL_CONTEXT_MEMORY,
-  FULL_CONTEXT_OTHERS,
-  FULL_CONTEXT_SOURCE_CATEGORIES,
-  FULL_CONTEXT_SYSTEM,
-  FULL_CONTEXT_TOOL,
-  FULL_CONTEXT_TOOL_RESULT,
-  FULL_CONTEXT_USER,
-  MANUAL_INSERT_SESSION,
-  MEMORY_CATEGORY_LABEL_ZH,
-  SELF_IMPROVING_CATEGORIES,
-  USER_MEMORY_CATEGORIES,
-  isFullContextSourceCategory,
-} from "../categories.js";
+import type { GatewayRequestHandlerOptions, OpenClawPluginApi } from "openclaw/plugin-sdk/core";
+import type { MemoryConfig } from "../config.js";
 import type { MemoryDB } from "../db.js";
-import type { AdminListFilters } from "../db.js";
 import { getMemoryPanelHtml } from "./memory-ui.js";
-const MANUAL_ADD_MAX_CHARS = 8000;
-export type MemoryPanelRoutesOpts = {
-  /** Required for POST /api/add when category needs real embeddings (user / self-improving). */
-  encodeForStorage?: (text: string) => Promise<{ chunks: string[]; vectors: number[][] }>;
-  /** LanceDB vector width; used for full_context_* manual add (zero placeholder, no embed). */
-  vectorDim?: number;
-};
-function categoryUsesRealEmbedding(category: MemoryCategory): boolean {
-  return category !== FULL_CONTEXT_MEMORY && !isFullContextSourceCategory(category);
-}
-function writableCategoriesForPanel(cfg: MemoryConfig): MemoryCategory[] {
-  const out: MemoryCategory[] = [...USER_MEMORY_CATEGORIES];
-  if (cfg.enableFullContextMemory) {
-    out.push(
-      FULL_CONTEXT_USER,
-      FULL_CONTEXT_ASSISTANT,
-      FULL_CONTEXT_SYSTEM,
-      FULL_CONTEXT_TOOL,
-      FULL_CONTEXT_TOOL_RESULT,
-      FULL_CONTEXT_OTHERS,
-    );
-  }
-  if (cfg.enableSelfImprovingMemory) {
-    out.push(...SELF_IMPROVING_CATEGORIES);
-  }
-  return out;
-}
-function buildPanelConfigPayload(cfg: MemoryConfig) {
-  return {
-    enableFullContextMemory: cfg.enableFullContextMemory,
-    enableSelfImprovingMemory: cfg.enableSelfImprovingMemory,
-    categoryLabelsZh: { ...MEMORY_CATEGORY_LABEL_ZH },
-    tabCategories: {
-      user: [...USER_MEMORY_CATEGORIES],
-      self: cfg.enableSelfImprovingMemory ? [...SELF_IMPROVING_CATEGORIES] : [],
-      full: cfg.enableFullContextMemory ? [...FULL_CONTEXT_SOURCE_CATEGORIES] : [],
-    },
-    /** 各 Tab 列表「记忆类型」筛选项（来自插件配置 + 默认中文名） */
-    memoryTypeFilterOptions: cfg.adminPanelMemoryTypeOptions,
-  };
-}
+import {
+  opMemoryAdminAdd,
+  opMemoryAdminConfig,
+  opMemoryAdminDashboard,
+  opMemoryAdminDelete,
+  opMemoryAdminFacets,
+  opMemoryAdminList,
+  type MemoryAdminOpsContext,
+  type MemoryAdminOpsOpts,
+} from "./memory-admin-ops.js";
+export type MemoryPanelRoutesOpts = MemoryAdminOpsOpts;
 export type RegisterHttpRoute = (params: {
   path: string;
@@ -83,6 +34,8 @@ export type RegisterHttpRoute = (params: {
 type PluginLogger = { info: (m: string) => void; warn: (m: string) => void };
+type RegisterGatewayMethod = OpenClawPluginApi["registerGatewayMethod"];
 function resolveGatewayToken(): string | undefined {
   const stateDir = process.env.OPENCLAW_STATE_DIR ?? path.join(os.homedir(), ".openclaw");
   const openclawConfigPath = process.env.OPENCLAW_CONFIG_PATH ?? path.join(stateDir, "openclaw.json");
@@ -109,16 +62,6 @@ function resolveGatewayToken(): string | undefined {
   return undefined;
 }
-function tabToCategories(tab: string, cfg: MemoryConfig): MemoryCategory[] {
-  if (tab === "full") {
-    return cfg.enableFullContextMemory ? [...FULL_CONTEXT_SOURCE_CATEGORIES] : [];
-  }
-  if (tab === "self") {
-    return cfg.enableSelfImprovingMemory ? [...SELF_IMPROVING_CATEGORIES] : [];
-  }
-  return [...USER_MEMORY_CATEGORIES];
-}
 function parseUrl(req: IncomingMessage): URL {
   return new URL(req.url || "/", "http://" + (req.headers.host || "localhost"));
 }
@@ -140,24 +83,94 @@ function sendHtml(res: ServerResponse, html: string): void {
   res.end(html);
 }
-function readBody(req: IncomingMessage, maxBytes = 1024 * 64): Promise<string> {
-  return new Promise((resolve, reject) => {
-    let data = "";
-    let bytes = 0;
-    req.on("data", (chunk: Buffer) => {
-      bytes += chunk.length;
-      if (bytes > maxBytes) {
-        req.destroy();
-        reject(new Error("body too large"));
-        return;
-      }
-      data += chunk.toString();
-    });
-    req.on("end", () => resolve(data));
-    req.on("error", reject);
+function applyAdminOpResult(respond: GatewayRequestHandlerOptions["respond"], result: import("./memory-admin-ops.js").AdminOpResult): void {
+  if (result.ok) {
+    respond(true, result.data);
+    return;
+  }
+  const msg =
+    typeof result.body.error === "string"
+      ? result.body.error
+      : JSON.stringify(result.body.error ?? result.body);
+  respond(false, { ...result.body, status: result.status }, { message: msg, code: `http_${result.status}` });
+}
+/** Gateway WebSocket methods: memory.admin.config | facets | dashboard | list | delete | add */
+export function registerMemoryAdminGatewayMethods(
+  registerGatewayMethod: RegisterGatewayMethod,
+  db: MemoryDB,
+  cfg: MemoryConfig,
+  logger: PluginLogger,
+  opts?: MemoryPanelRoutesOpts | null,
+): void {
+  const ctxBase: MemoryAdminOpsContext = {
+    db,
+    cfg,
+    opts: opts ?? undefined,
+  };
+  registerGatewayMethod("memory.admin.config", async ({ params, respond }) => {
+    void params;
+    try {
+      applyAdminOpResult(respond, await opMemoryAdminConfig(ctxBase));
+    } catch (e) {
+      logger.warn(`memory.admin.config: ${String(e)}`);
+      respond(false, { error: String(e) });
+    }
+  });
+  registerGatewayMethod("memory.admin.facets", async ({ params, respond }) => {
+    void params;
+    try {
+      applyAdminOpResult(respond, await opMemoryAdminFacets(ctxBase));
+    } catch (e) {
+      logger.warn(`memory.admin.facets: ${String(e)}`);
+      respond(false, { error: String(e) });
+    }
+  });
+  registerGatewayMethod("memory.admin.dashboard", async ({ params, respond }) => {
+    try {
+      applyAdminOpResult(respond, await opMemoryAdminDashboard(ctxBase, params ?? {}));
+    } catch (e) {
+      logger.warn(`memory.admin.dashboard: ${String(e)}`);
+      respond(false, { error: String(e) });
+    }
+  });
+  registerGatewayMethod("memory.admin.list", async ({ params, respond }) => {
+    try {
+      applyAdminOpResult(respond, await opMemoryAdminList(ctxBase, params ?? {}));
+    } catch (e) {
+      logger.warn(`memory.admin.list: ${String(e)}`);
+      respond(false, { error: String(e) });
+    }
   });
+  registerGatewayMethod("memory.admin.delete", async ({ params, respond }) => {
+    try {
+      applyAdminOpResult(respond, await opMemoryAdminDelete(ctxBase, params ?? {}));
+    } catch (e) {
+      logger.warn(`memory.admin.delete: ${String(e)}`);
+      respond(false, { error: String(e) });
+    }
+  });
+  registerGatewayMethod("memory.admin.add", async ({ params, respond }) => {
+    try {
+      applyAdminOpResult(respond, await opMemoryAdminAdd(ctxBase, params ?? {}));
+    } catch (e) {
+      logger.warn(`memory.admin.add: ${String(e)}`);
+      respond(false, { error: String(e) });
+    }
+  });
+  logger.info("[openclaw-memory-alibaba-local] Memory admin Gateway methods: memory.admin.* (config, facets, dashboard, list, delete, add)");
 }
+/**
+ * HTTP: serves HTML at /plugins/memory; legacy /plugins/memory/api/* returns 410 with migration hint.
+ */
 export function registerMemoryPanelRoutes(
   registerHttpRoute: RegisterHttpRoute,
   db: MemoryDB,
@@ -165,6 +178,9 @@ export function registerMemoryPanelRoutes(
   logger: PluginLogger,
   opts?: MemoryPanelRoutesOpts | null,
 ): void {
+  void db;
+  void cfg;
+  void opts;
   const requiredToken = resolveGatewayToken();
   const token = typeof requiredToken === "string" && requiredToken.length > 0 ? requiredToken : undefined;
@@ -178,237 +194,24 @@ export function registerMemoryPanelRoutes(
         const p = url.pathname;
         const isMemoryApi = p.startsWith("/plugins/memory/api/");
-        // HTML shell is public so the browser can load the panel; JSON APIs stay token-protected.
-        if (token && isMemoryApi) {
-          const queryToken = (url.searchParams.get("token") ?? "").trim();
-          const authHeader = (req.headers.authorization ?? req.headers.Authorization ?? "") as string;
-          const bearer = authHeader.startsWith("Bearer ") ? authHeader.slice(7).trim() : "";
-          if (queryToken !== token && bearer !== token) {
-            sendJson(res, 401, { error: { message: "Unauthorized", type: "unauthorized" } });
-            return true;
-          }
-        }
-        if (!isMemoryApi) {
-          sendHtml(res, getMemoryPanelHtml());
-          return true;
-        }
-        const tryDb = async (): Promise<boolean> => {
-          try {
-            await db.ensureReady();
-            return true;
-          } catch (e) {
-            sendJson(res, 503, { error: "Database unavailable", detail: String(e) });
-            return false;
-          }
-        };
-        if (!(await tryDb())) {
-          return true;
-        }
-        if (p === "/plugins/memory/api/config" && req.method === "GET") {
-          sendJson(res, 200, buildPanelConfigPayload(cfg));
-          return true;
-        }
-        if (p === "/plugins/memory/api/facets" && req.method === "GET") {
-          try {
-            // No category filter: include legacy `full_context_memory`, manual categories, and any future values.
-            // List API still filters by tab category; dropdowns only need distinct agentId/sessionId from real rows.
-            const facets = await db.listAdminFacets([], undefined, undefined);
-            sendJson(res, 200, facets);
-          } catch (e) {
-            sendJson(res, 400, { error: String(e) });
-          }
-          return true;
-        }
-        if (p === "/plugins/memory/api/dashboard" && req.method === "GET") {
-          const timeFromRaw = url.searchParams.get("timeFrom");
-          const timeToRaw = url.searchParams.get("timeTo");
-          const timeFromMs = parseOptionalTimeMs(timeFromRaw);
-          const timeToMs = parseOptionalTimeMs(timeToRaw);
-          if (timeFromMs === undefined || timeToMs === undefined) {
-            sendJson(res, 400, { error: "timeFrom and timeTo are required (ISO 8601)" });
-            return true;
-          }
-          const agentId = (url.searchParams.get("agentId") ?? "").trim();
-          const sessionId = (url.searchParams.get("sessionId") ?? "").trim();
-          if (!agentId) {
-            sendJson(res, 400, { error: "缺少 agentId：请先选择 Agent" });
-            return true;
-          }
-          try {
-            const agg = await db.getAdminDashboardAggregates(timeFromMs, timeToMs, agentId, sessionId);
-            sendJson(res, 200, agg);
-          } catch (e) {
-            sendJson(res, 400, { error: String(e) });
-          }
-          return true;
-        }
-        if (p === "/plugins/memory/api/list" && req.method === "GET") {
-          const tab = url.searchParams.get("tab") || "user";
-          const agentId = (url.searchParams.get("agentId") ?? "").trim();
-          const sessionId = (url.searchParams.get("sessionId") ?? "").trim();
-          if (!agentId) {
-            sendJson(res, 400, { error: "缺少 agentId：请先选择 Agent" });
-            return true;
-          }
-          const baseCats = tabToCategories(tab, cfg);
-          if (baseCats.length === 0) {
-            sendJson(res, 200, { items: [], total: 0, page: 1, pageSize: 100 });
-            return true;
-          }
-          const timeFromMs = parseOptionalTimeMs(url.searchParams.get("timeFrom"));
-          const timeToMs = parseOptionalTimeMs(url.searchParams.get("timeTo"));
-          const page = Math.max(1, parseInt(url.searchParams.get("page") || "1", 10) || 1);
-          const pageSize = Math.min(500, Math.max(1, parseInt(url.searchParams.get("limit") || "100", 10) || 100));
-          const categoryOne = (url.searchParams.get("category") ?? "").trim();
-          let filterCats = baseCats;
-          if (categoryOne) {
-            if (!baseCats.includes(categoryOne as MemoryCategory)) {
-              sendJson(res, 400, { error: "category 与当前 Tab 不匹配" });
-              return true;
-            }
-            const listTab = tab === "full" ? "full" : tab === "self" ? "self" : "user";
-            const optList = cfg.adminPanelMemoryTypeOptions[listTab];
-            if (!optList.some((o) => o.category === categoryOne)) {
-              sendJson(res, 400, { error: "category 不在插件配置的记忆类型筛选项中" });
-              return true;
-            }
-            filterCats = [categoryOne as MemoryCategory];
-          }
-          const filters: AdminListFilters = {
-            categories: filterCats,
-            timeFromMs,
-            timeToMs,
-          };
-          filters.agentId = agentId;
-          if (sessionId) {
-            filters.sessionId = sessionId;
-          }
-          try {
-            const sortDesc = url.searchParams.get("sortDesc") !== "false";
-            const adminTab = tab === "full" ? "full" : tab === "self" ? "self" : "user";
-            const { total, items } = await db.listAdminFiltered(filters, page, pageSize, {
-              adminTab,
-              sortDesc,
-            });
-            sendJson(res, 200, {
-              items,
-              total,
-              page,
-              pageSize,
-            });
-          } catch (e) {
-            sendJson(res, 400, { error: String(e) });
-          }
-          return true;
-        }
-        if (p === "/plugins/memory/api/delete" && req.method === "POST") {
-          const raw = await readBody(req);
-          let body: { items?: Array<{ agentId?: string; id?: string }> };
-          try {
-            body = JSON.parse(raw || "{}") as typeof body;
-          } catch {
-            sendJson(res, 400, { error: "Invalid JSON" });
-            return true;
-          }
-          const items = Array.isArray(body.items) ? body.items : [];
-          const normalized: { agentId: string; id: string }[] = [];
-          for (const it of items) {
-            if (it?.agentId && it?.id) {
-              normalized.push({ agentId: String(it.agentId), id: String(it.id) });
-            }
-          }
-          if (normalized.length === 0) {
-            sendJson(res, 400, { error: "items required" });
-            return true;
-          }
-          const n = await db.deleteMany(normalized);
-          sendJson(res, 200, { deleted: n });
-          return true;
-        }
-        // Manual insert: embed for user/self rows; full_context_* uses zero-vector placeholder (no embed).
-        if (p === "/plugins/memory/api/add" && req.method === "POST") {
-          const enc = opts?.encodeForStorage;
-          const vectorDim = typeof opts?.vectorDim === "number" && opts.vectorDim > 0 ? opts.vectorDim : 768;
-          const raw = await readBody(req);
-          let body: { agentId?: string; text?: string; category?: string };
-          try {
-            body = JSON.parse(raw || "{}") as typeof body;
-          } catch {
-            sendJson(res, 400, { error: "Invalid JSON" });
-            return true;
-          }
-          const agentId = (body.agentId ?? "").trim();
-          const textRaw = body.text == null ? "" : String(body.text);
-          const category = (body.category ?? "").trim() as MemoryCategory;
-          if (!agentId) {
-            sendJson(res, 400, { error: "agentId required" });
-            return true;
-          }
-          const text = textRaw.trim();
-          if (!text.length) {
-            sendJson(res, 400, { error: "text required" });
-            return true;
-          }
-          const allowed = new Set(writableCategoriesForPanel(cfg));
-          if (!allowed.has(category)) {
-            sendJson(res, 400, { error: "invalid or disabled category" });
-            return true;
-          }
-          const textForEmbed = text.length > MANUAL_ADD_MAX_CHARS ? text.slice(0, MANUAL_ADD_MAX_CHARS) : text;
-          const needsRealEmbed = categoryUsesRealEmbedding(category);
-          if (needsRealEmbed && !enc) {
-            sendJson(res, 503, { error: "Embedding not configured; plugin needs embedding in config." });
-            return true;
-          }
-          let vectors: number[][];
-          if (needsRealEmbed) {
-            try {
-              const out = await enc!(textForEmbed);
-              vectors = out.vectors;
-            } catch (e) {
-              sendJson(res, 502, { error: `embed failed: ${String(e)}` });
+        if (isMemoryApi) {
+          if (token) {
+            const queryToken = (url.searchParams.get("token") ?? "").trim();
+            const authHeader = (req.headers.authorization ?? req.headers.Authorization ?? "") as string;
+            const bearer = authHeader.startsWith("Bearer ") ? authHeader.slice(7).trim() : "";
+            if (queryToken !== token && bearer !== token) {
+              sendJson(res, 401, { error: { message: "Unauthorized", type: "unauthorized" } });
               return true;
             }
-            if (vectors.length === 0) {
-              sendJson(res, 400, { error: "nothing to embed (empty after chunking)" });
-              return true;
-            }
-          } else {
-            vectors = [Array.from({ length: vectorDim }, () => 0)];
           }
-          const stored = await db.storeMany(
-            agentId,
-            vectors.map((vector, idx) => ({
-              text: textForEmbed,
-              vector,
-              importance: 1,
-              category,
-              userId: "",
-              sessionId: MANUAL_INSERT_SESSION,
-              seqInBatch: 0,
-              chunkIndex: idx,
-            })),
-          );
-          sendJson(res, 200, {
-            id: stored[0]!.id,
-            createdAt: stored[0]!.createdAt,
-            chunkRows: stored.length,
+          sendJson(res, 410, {
+            error: "HTTP JSON API removed",
+            detail: "Use Gateway WebSocket RPC methods: memory.admin.config, memory.admin.facets, memory.admin.dashboard, memory.admin.list, memory.admin.delete, memory.admin.add",
           });
           return true;
         }
-        sendJson(res, 404, { error: "Not found" });
+        sendHtml(res, getMemoryPanelHtml());
         return true;
       } catch (err) {
         logger.warn(`openclaw-memory-alibaba-local memory panel: ${String(err)}`);
@@ -418,16 +221,5 @@ export function registerMemoryPanelRoutes(
     },
   });
-  logger.info("[openclaw-memory-alibaba-local] Memory admin UI at /plugins/memory/");
-}
-function parseOptionalTimeMs(iso: string | null): number | undefined {
-  if (!iso) {
-    return undefined;
-  }
-  const t = Date.parse(iso);
-  if (Number.isNaN(t)) {
-    return undefined;
-  }
-  return t;
+  logger.info("[openclaw-memory-alibaba-local] Memory admin UI at /plugins/memory/ (data via WebSocket memory.admin.*)");
 }

package/web/memory-ui.ts CHANGED Viewed

@@ -798,8 +798,6 @@ function buildClientScript(): string {
   const s = `
 (function () {
   var LS_TOKEN_KEY = "openclaw_memory_gateway_token";
-  /** Plugin routes are fixed; do not derive from pathname ("/" 首页或 hash 路由会错成 /api)。 */
-  var API_BASE = "/plugins/memory/api";
   function readTokenFromQueryString(qs) {
     if (!qs || qs.charAt(0) !== "?") {
@@ -836,42 +834,234 @@ function buildClientScript(): string {
     }
   }
-  function withAuth(url) {
-    var u = url.indexOf("?") >= 0 ? url + "&" : url + "?";
-    var tok = getGatewayToken();
-    if (tok) {
-      u += "token=" + encodeURIComponent(tok) + "&";
+  function gatewayWsUrl() {
+    return (location.protocol === "https:" ? "wss:" : "ws:") + "//" + location.host;
+  }
+  /** 与网关 isLocalClient 一致：仅这些主机用 Control UI 客户端 + allowInsecureAuth 即可；其它主机需 probe + dangerouslyDisableDeviceAuth 等 */
+  function isMemoryPanelLoopbackHost() {
+    var h = (location.hostname || "").toLowerCase();
+    return h === "localhost" || h === "127.0.0.1" || h === "::1" || h === "[::1]";
+  }
+  function gatewayPanelConnectClient() {
+    if (isMemoryPanelLoopbackHost()) {
+      return { id: "openclaw-control-ui", mode: "ui" };
     }
-    return u.replace(/[&?]$/, "").replace("?&", "?");
+    return { id: "openclaw-probe", mode: "probe" };
   }
-  /** 避免页面带 <base href> 时相对路径跑偏；网关层也认 Bearer。 */
-  function memoryApiAbsolute(pathWithLeadingSlash) {
-    var p = pathWithLeadingSlash.charAt(0) === "/" ? pathWithLeadingSlash : "/" + pathWithLeadingSlash;
-    return window.location.origin + API_BASE + p;
+  function hintGatewayControlUiInsecureAuth() {
+    if (isMemoryPanelLoopbackHost()) {
+      return (
+        " 解决办法：编辑 ~/.openclaw/openclaw.json，在 gateway.controlUi 中加入 \\"allowInsecureAuth\\": true，保存后执行 openclaw gateway restart，再刷新本页。" +
+        " 请用 http://127.0.0.1 或 http://localhost 打开面板（不要用局域网 IP，除非按下文配置）。"
+      );
+    }
+    return (
+      " 解决办法（任选其一）：(1) 用本机浏览器打开 http://127.0.0.1:<网关端口>/plugins/memory?token=…，并设置 gateway.controlUi.allowInsecureAuth 为 true；" +
+      "(2) 若必须从其它机器/局域网 IP 访问，在 gateway.controlUi 设置 \\"dangerouslyDisableDeviceAuth\\": true 后重启 gateway（会降低设备绑定安全策略）；" +
+      "(3) 使用 HTTPS 并完成网关设备配对。"
+    );
   }
-  function authFetchHeaders(base) {
-    var h = {};
-    if (base) {
-      for (var k in base) {
-        if (Object.prototype.hasOwnProperty.call(base, k)) {
-          h[k] = base[k];
-        }
+  var gwState = {
+    ws: null,
+    pending: new Map(),
+    phase: "off",
+    connectPromise: null,
+    reqSeq: 0,
+    connectResolve: null,
+    connectReject: null
+  };
+  function gwNextId() {
+    gwState.reqSeq += 1;
+    return "m" + gwState.reqSeq + "-" + Date.now();
+  }
+  function gwFailAllPending(err) {
+    gwState.pending.forEach(function (fn) {
+      try {
+        fn({ ok: false, error: { message: String(err && err.message ? err.message : err) } });
+      } catch (e) {}
+    });
+    gwState.pending.clear();
+  }
+  function gwOnMessage(ev) {
+    var msg;
+    try {
+      msg = JSON.parse(ev.data);
+    } catch (e) {
+      return;
+    }
+    if (gwState.phase === "wait-challenge") {
+      if (msg.type === "event" && msg.event === "connect.challenge") {
+        gwState.phase = "wait-connect-res";
+        var cid = gwNextId();
+        var tok = getGatewayToken();
+        gwState.pending.set(cid, function (resMsg) {
+          if (!resMsg.ok) {
+            gwState.phase = "failed";
+            var em = (resMsg.error && resMsg.error.message) ? String(resMsg.error.message) : "connect failed";
+            if (gwState.connectReject) gwState.connectReject(new Error(em));
+            return;
+          }
+          gwState.phase = "ready";
+          if (gwState.connectResolve) gwState.connectResolve();
+        });
+        var gwc = gatewayPanelConnectClient();
+        gwState.ws.send(
+          JSON.stringify({
+            type: "req",
+            id: cid,
+            method: "connect",
+            params: {
+              minProtocol: 3,
+              maxProtocol: 3,
+              client: {
+                id: gwc.id,
+                version: "memory-panel",
+                platform: typeof navigator !== "undefined" && navigator.platform ? navigator.platform : "web",
+                mode: gwc.mode
+              },
+              role: "operator",
+              scopes: ["operator.admin"],
+              auth: tok ? { token: tok } : {}
+            }
+          })
+        );
       }
+      return;
     }
-    var tok = getGatewayToken();
-    if (tok) {
-      h["Authorization"] = "Bearer " + tok;
+    if (msg.type === "res" && gwState.pending.has(msg.id)) {
+      var fn = gwState.pending.get(msg.id);
+      gwState.pending.delete(msg.id);
+      fn(msg);
     }
-    return h;
   }
-  function fetchMemoryApi(pathWithLeadingSlash, init) {
-    var url = withAuth(memoryApiAbsolute(pathWithLeadingSlash));
-    var o = init ? Object.assign({}, init) : {};
-    o.headers = authFetchHeaders(o.headers || {});
-    return fetch(url, o);
+  function ensureGatewayConnected() {
+    if (gwState.phase === "ready" && gwState.ws && gwState.ws.readyState === 1) {
+      return Promise.resolve();
+    }
+    if (gwState.connectPromise) {
+      return gwState.connectPromise;
+    }
+    if (gwState.ws) {
+      try {
+        gwState.ws.close();
+      } catch (e) {}
+      gwState.ws = null;
+    }
+    gwState.phase = "wait-challenge";
+    gwState.pending.clear();
+    gwState.connectPromise = new Promise(function (resolve, reject) {
+      gwState.connectResolve = resolve;
+      gwState.connectReject = reject;
+      try {
+        gwState.ws = new WebSocket(gatewayWsUrl());
+      } catch (e) {
+        gwState.phase = "failed";
+        gwState.connectPromise = null;
+        reject(e);
+        return;
+      }
+      gwState.ws.onmessage = gwOnMessage;
+      gwState.ws.onerror = function () {
+        if (gwState.phase !== "ready") {
+          gwState.phase = "failed";
+          gwState.connectPromise = null;
+          if (gwState.connectReject) gwState.connectReject(new Error("WebSocket error"));
+        }
+      };
+      gwState.ws.onclose = function () {
+        var wasReady = gwState.phase === "ready";
+        gwState.phase = "off";
+        gwState.ws = null;
+        gwState.connectPromise = null;
+        if (wasReady) {
+          gwFailAllPending(new Error("WebSocket closed"));
+        }
+      };
+    });
+    return gwState.connectPromise.finally(function () {
+      gwState.connectPromise = null;
+      gwState.connectResolve = null;
+      gwState.connectReject = null;
+    });
+  }
+  function gatewayRpc(method, params) {
+    return ensureGatewayConnected().then(function () {
+      return new Promise(function (resolve, reject) {
+        if (!gwState.ws || gwState.ws.readyState !== 1) {
+          reject(new Error("WebSocket not open"));
+          return;
+        }
+        var id = gwNextId();
+        gwState.pending.set(id, function (msg) {
+          if (msg.ok) {
+            resolve({ ok: true, data: msg.payload });
+          } else {
+            var em = msg.error && msg.error.message ? String(msg.error.message) : "rpc error";
+            var low = em.toLowerCase();
+            var unauth =
+              low.indexOf("unauthorized") >= 0 ||
+              low.indexOf("token mismatch") >= 0 ||
+              low.indexOf("token missing") >= 0 ||
+              low.indexOf("missing scope") >= 0;
+            resolve({ ok: false, unauthorized: unauth, message: em, payload: msg.payload });
+          }
+        });
+        gwState.ws.send(JSON.stringify({ type: "req", id: id, method: method, params: params || {} }));
+      });
+    });
+  }
+  /** 与原先 fetch 类似的接口：ok / status / json() / text() */
+  async function fetchMemoryApi(method, params) {
+    try {
+      var res = await gatewayRpc(method, params || {});
+      if (res.ok) {
+        return {
+          ok: true,
+          status: 200,
+          json: function () {
+            return Promise.resolve(res.data);
+          },
+          text: function () {
+            return Promise.resolve("");
+          }
+        };
+      }
+      var st = res.payload && res.payload.status ? parseInt(String(res.payload.status), 10) : 0;
+      if (!Number.isFinite(st) || st < 400) {
+        st = res.unauthorized ? 403 : 502;
+      }
+      return {
+        ok: false,
+        status: st,
+        json: function () {
+          return Promise.resolve(res.payload && (res.payload.error || res.payload) ? res.payload : { error: res.message });
+        },
+        text: function () {
+          return Promise.resolve(res.message || "");
+        }
+      };
+    } catch (e) {
+      return {
+        ok: false,
+        status: 0,
+        json: function () {
+          return Promise.resolve({ error: String(e) });
+        },
+        text: function () {
+          return Promise.resolve(String(e));
+        }
+      };
+    }
   }
   function showBanner(kind, msg) {
@@ -997,35 +1187,28 @@ function buildClientScript(): string {
     };
   }
-  function facetQueryPath() {
-    var q = new URLSearchParams();
-    q.set("tab", state.tab);
-    return "/facets?" + q.toString();
-  }
-  function listQueryPath(page, tr) {
+  function listQueryParams(page, tr) {
     var t = tr != null ? tr : readTimeRange();
     if (t.error) {
       return t;
     }
-    var q = new URLSearchParams();
-    q.set("tab", state.tab);
     var aid = state.selectedAgentId.trim();
     var sid = state.selectedSessionId.trim();
-    q.set("agentId", aid);
-    if (sid) q.set("sessionId", sid);
-    q.set("timeFrom", t.timeFrom);
-    q.set("timeTo", t.timeTo);
-    q.set("page", String(page || 1));
-    q.set("limit", String(state.pageSize));
     var ord = document.getElementById("sortOrder");
-    var sortDesc = ord && ord.value === "desc";
-    q.set("sortDesc", sortDesc ? "true" : "false");
+    var sortDesc = !!(ord && ord.value === "desc");
     var catF = state.categoryFilterByTab[state.tab] || "";
-    if (catF) {
-      q.set("category", catF);
-    }
-    return { path: "/list?" + q.toString() };
+    var o = {
+      tab: state.tab,
+      agentId: aid,
+      timeFrom: t.timeFrom,
+      timeTo: t.timeTo,
+      page: page || 1,
+      limit: state.pageSize,
+      sortDesc: sortDesc
+    };
+    if (sid) o.sessionId = sid;
+    if (catF) o.category = catF;
+    return { params: o };
   }
   function syncMemoryTypeFilterSelect() {
@@ -1096,10 +1279,38 @@ function buildClientScript(): string {
   }
   async function loadConfig() {
-    var r = await fetchMemoryApi("/config");
+    var r = await fetchMemoryApi("memory.admin.config", {});
     if (!r.ok) {
-      if (r.status === 401) {
-        throw new Error("未授权：请在 URL 使用 ?token=（与 ~/.openclaw/openclaw.json 中 gateway.auth.token 一致），hash 路由可用 #/path?token=；成功一次后会写入本机 localStorage。");
+      if (r.status === 401 || r.status === 403) {
+        var detailAuth = await r.json().catch(function () {
+          return {};
+        });
+        var errLow = String(detailAuth.error || "").toLowerCase();
+        var hintScope =
+          r.status === 403 && errLow.indexOf("scope") >= 0
+            ? isMemoryPanelLoopbackHost()
+              ? " 已通过 token 连接但仍缺少 scope：请在 openclaw.json 的 gateway.controlUi 设置 allowInsecureAuth: true（回环访问），保存后重启 gateway。"
+              : " 已通过 token 连接但仍缺少 scope：非本机 hostname 访问时请设置 gateway.controlUi.dangerouslyDisableDeviceAuth: true，或改用 http://127.0.0.1 打开面板并配合 allowInsecureAuth: true；保存后重启 gateway。"
+            : "";
+        throw new Error(
+          (r.status === 401
+            ? "未授权：请在 URL 使用 ?token=（与 ~/.openclaw/openclaw.json 中 gateway.auth.token 一致），hash 路由可用 #/path?token=；面板通过 WebSocket 连接网关时会在 connect 中携带该 token。成功一次后会写入本机 localStorage。"
+            : "拒绝访问：" + (detailAuth.error ? String(detailAuth.error) : (await r.text().catch(function () { return ""; }))) + hintScope)
+        );
+      }
+      if (r.status === 0) {
+        var detail0 = await r.json().catch(function () {
+          return {};
+        });
+        var msg0 = detail0 && detail0.error != null ? String(detail0.error) : await r.text().catch(function () { return ""; });
+        var low0 = msg0.toLowerCase();
+        var hintHandshake =
+          low0.indexOf("device identity") >= 0 || low0.indexOf("control ui") >= 0 ? hintGatewayControlUiInsecureAuth() : "";
+        throw new Error(
+          msg0
+            ? "无法连接网关 WebSocket 或握手失败：" + msg0 + hintHandshake
+            : "无法连接网关 WebSocket（请确认网关已启动、页面与网关同源，且 token 正确）。仍失败请查看 gateway 日志。"
+        );
       }
       throw new Error("config " + r.status);
     }
@@ -1446,16 +1657,15 @@ function buildClientScript(): string {
     }
     showBanner("", "");
     state.loading = true;
-    var q = new URLSearchParams();
-    q.set("timeFrom", tr.timeFrom);
-    q.set("timeTo", tr.timeTo);
-    q.set("agentId", aid);
     var sid = state.selectedSessionId.trim();
-    if (sid) {
-      q.set("sessionId", sid);
-    }
     try {
-      var r = await fetchMemoryApi("/dashboard?" + q.toString());
+      var dashParams = {
+        timeFrom: tr.timeFrom,
+        timeTo: tr.timeTo,
+        agentId: aid
+      };
+      if (sid) dashParams.sessionId = sid;
+      var r = await fetchMemoryApi("memory.admin.dashboard", dashParams);
       var data = await r.json().catch(function () {
         return {};
       });
@@ -1474,11 +1684,17 @@ function buildClientScript(): string {
   async function loadFacets(opts) {
     var autoLoad = !opts || opts.autoLoad !== false;
     showBanner("", "");
-    var r = await fetchMemoryApi(facetQueryPath());
+    var r = await fetchMemoryApi("memory.admin.facets", { tab: state.tab });
     if (!r.ok) {
       var err = await r.text();
       var hint401 = r.status === 401 ? " 需要 Token：URL ?token= 或 #/path?token=（与 gateway.auth.token 一致）" : "";
-      showBanner("err", "加载下拉失败: " + r.status + " " + err + hint401);
+      var hint403 =
+        r.status === 403 && String(err).toLowerCase().indexOf("scope") >= 0
+          ? isMemoryPanelLoopbackHost()
+            ? " 请在 openclaw.json 设置 gateway.controlUi.allowInsecureAuth: true 后重启 gateway。"
+            : " 请在 openclaw.json 设置 gateway.controlUi.dangerouslyDisableDeviceAuth: true（或改用 127.0.0.1 打开）后重启 gateway。"
+          : "";
+      showBanner("err", "加载下拉失败: " + r.status + " " + err + hint401 + hint403);
       return;
     }
     var data = await r.json().catch(function () {
@@ -1547,8 +1763,13 @@ function buildClientScript(): string {
     state.loading = true;
     state.page = page || 1;
     try {
-      var lq = listQueryPath(state.page, tr);
-      var r = await fetchMemoryApi(lq.path);
+      var lq = listQueryParams(state.page, tr);
+      if (lq.error) {
+        showBanner("err", lq.error);
+        document.getElementById("pager").style.display = "none";
+        return;
+      }
+      var r = await fetchMemoryApi("memory.admin.list", lq.params);
       var data = await r.json().catch(function () { return {}; });
       if (!r.ok) {
         showBanner("err", (data && data.error) ? String(data.error) : "列表请求失败 " + r.status);
@@ -1891,12 +2112,7 @@ function buildClientScript(): string {
     });
     if (!sel.length) return;
     if (!window.confirm("确认永久删除所选 " + sel.length + " 条？此操作不可恢复。")) return;
-    var body = JSON.stringify({ items: sel });
-    var r = await fetchMemoryApi("/delete", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: body
-    });
+    var r = await fetchMemoryApi("memory.admin.delete", { items: sel });
     var data = await r.json().catch(function () { return {}; });
     if (!r.ok) {
       showBanner("err", (data && data.error) ? String(data.error) : "删除失败 " + r.status);
@@ -1928,11 +2144,7 @@ function buildClientScript(): string {
       return;
     }
     showBanner("", "");
-    var r = await fetchMemoryApi("/add", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ agentId: agentId, category: category, text: text })
-    });
+    var r = await fetchMemoryApi("memory.admin.add", { agentId: agentId, category: category, text: text });
     var data = await r.json().catch(function () { return {}; });
     if (!r.ok) {
       showBanner("err", (data && data.error) ? String(data.error) : "添加失败 " + r.status);