openclaw-node-harness 2.0.4 → 2.1.1

package/mission-control/src/lib/sync/mesh-kv.ts

@@ -0,0 +1,279 @@
+/**
+ * mesh-kv.ts — Sync engine for distributed Mission Control (Phase 2).
+ *
+ * Bridges NATS KV (mesh truth) ↔ local SQLite (MC database).
+ *
+ * Responsibilities:
+ *   - Watch MESH_TASKS KV bucket for real-time updates
+ *   - Mirror KV entries into local SQLite (upsert with revision tracking)
+ *   - Push local task changes to KV via CAS writes
+ *   - Handle conflict resolution (KV wins on workers, SQLite wins on lead)
+ *
+ * This module is imported by the sync/tasks.ts module and the hooks layer.
+ * It does NOT run as a standalone daemon — it's part of the MC process.
+ */
+
+import { getTasksKv, sc } from "@/lib/nats";
+import { NODE_ID, NODE_ROLE } from "@/lib/config";
+
+// ── Types ──
+
+export interface MeshTaskEntry {
+  task_id: string;
+  title: string;
+  description: string;
+  status: string;
+  origin: string;
+  owner: string | null;
+  priority: number;
+  budget_minutes: number;
+  metric: string | null;
+  success_criteria: string[];
+  scope: string[];
+  tags: string[];
+  preferred_nodes: string[];
+  exclude_nodes: string[];
+  created_at: string;
+  claimed_at: string | null;
+  started_at: string | null;
+  completed_at: string | null;
+  last_activity: string | null;
+  result: Record<string, unknown> | null;
+  attempts: Array<Record<string, unknown>>;
+  [key: string]: unknown;
+}
+
+// ── KV Read Operations ──
+
+/**
+ * List all tasks from MESH_TASKS KV bucket.
+ * Returns empty array if NATS is unavailable.
+ */
+export async function listMeshTasks(): Promise<MeshTaskEntry[]> {
+  const kv = await getTasksKv();
+  if (!kv) return [];
+
+  const tasks: MeshTaskEntry[] = [];
+  const keys = await kv.keys();
+
+  for await (const key of keys) {
+    const entry = await kv.get(key);
+    if (!entry?.value) continue;
+    try {
+      tasks.push(JSON.parse(sc.decode(entry.value)));
+    } catch {
+      // skip malformed
+    }
+  }
+
+  return tasks;
+}
+
+/**
+ * Get a single task from KV with its revision.
+ */
+export async function getMeshTask(
+  taskId: string
+): Promise<{ task: MeshTaskEntry; revision: number } | null> {
+  const kv = await getTasksKv();
+  if (!kv) return null;
+
+  const entry = await kv.get(taskId);
+  if (!entry?.value) return null;
+
+  return {
+    task: JSON.parse(sc.decode(entry.value)),
+    revision: entry.revision,
+  };
+}
+
+// ── KV Write Operations (CAS) ──
+
+/**
+ * Write a task to KV. Used by the lead to publish task state.
+ * No CAS — overwrites unconditionally. Use updateMeshTaskCAS for safe updates.
+ */
+export async function putMeshTask(task: MeshTaskEntry): Promise<number> {
+  const kv = await getTasksKv();
+  if (!kv) throw new Error("NATS KV unavailable");
+
+  const rev = await kv.put(task.task_id, sc.encode(JSON.stringify(task)));
+  return rev;
+}
+
+/**
+ * Update a task with CAS (Compare-And-Swap).
+ * Fails if the revision doesn't match (another node wrote since our read).
+ *
+ * @returns New revision number on success
+ * @throws On revision mismatch (caller should re-read and retry)
+ */
+export async function updateMeshTaskCAS(
+  taskId: string,
+  updates: Partial<MeshTaskEntry>,
+  expectedRevision: number
+): Promise<number> {
+  const kv = await getTasksKv();
+  if (!kv) throw new Error("NATS KV unavailable");
+
+  // Read current
+  const entry = await kv.get(taskId);
+  if (!entry?.value) throw new Error(`Task ${taskId} not found in KV`);
+
+  const current = JSON.parse(sc.decode(entry.value));
+
+  // Authority check
+  if (NODE_ROLE !== "lead" && current.origin !== NODE_ID) {
+    throw new Error(
+      `Authority denied: worker ${NODE_ID} cannot update task from ${current.origin}`
+    );
+  }
+
+  // Merge and write
+  const updated = { ...current, ...updates };
+  const rev = await kv.update(
+    taskId,
+    sc.encode(JSON.stringify(updated)),
+    expectedRevision
+  );
+  return rev;
+}
+
+/**
+ * Propose a new task from a worker node.
+ * Task is created with status "proposed" — the lead daemon validates.
+ */
+export async function proposeMeshTask(
+  task: Omit<MeshTaskEntry, "status" | "origin">
+): Promise<MeshTaskEntry> {
+  const kv = await getTasksKv();
+  if (!kv) throw new Error("NATS KV unavailable");
+
+  const proposed: MeshTaskEntry = {
+    ...task,
+    status: NODE_ROLE === "lead" ? "queued" : "proposed",
+    origin: NODE_ID,
+  } as MeshTaskEntry;
+
+  await kv.put(proposed.task_id, sc.encode(JSON.stringify(proposed)));
+  return proposed;
+}
+
+// ── KV Watcher ──
+
+export interface KvWatchEvent {
+  key: string;
+  operation: "PUT" | "DEL";
+  task: MeshTaskEntry | null;
+  revision: number;
+}
+
+/**
+ * Start watching the MESH_TASKS KV bucket.
+ * Returns an async iterator of KvWatchEvent and a stop() function.
+ *
+ * Call stop() on cleanup to prevent zombie watchers leaking NATS connections.
+ */
+export async function watchMeshTasks(): Promise<{
+  events: AsyncIterable<KvWatchEvent>;
+  stop: () => void;
+} | null> {
+  const kv = await getTasksKv();
+  if (!kv) return null;
+
+  const watcher = await kv.watch();
+
+  const events: AsyncIterable<KvWatchEvent> = {
+    [Symbol.asyncIterator]() {
+      return {
+        async next() {
+          const result = await (
+            watcher as AsyncIterable<any>
+          )[Symbol.asyncIterator]().next();
+          if (result.done) return { value: undefined, done: true };
+
+          const entry = result.value;
+          let task: MeshTaskEntry | null = null;
+          if (entry.value) {
+            try {
+              task = JSON.parse(sc.decode(entry.value));
+            } catch {
+              // malformed
+            }
+          }
+
+          return {
+            value: {
+              key: entry.key,
+              operation: entry.value ? "PUT" : ("DEL" as const),
+              task,
+              revision: entry.revision,
+            },
+            done: false,
+          };
+        },
+      };
+    },
+  };
+
+  return {
+    events,
+    stop: () => {
+      if (typeof (watcher as any).stop === "function") {
+        (watcher as any).stop();
+      }
+    },
+  };
+}
+
+// ── Merge Logic (for UI layer) ──
+
+export interface MergedTask {
+  id: string;
+  title: string;
+  source: "sqlite" | "kv" | "merged";
+  [key: string]: unknown;
+}
+
+/**
+ * Merge local SQLite tasks with KV mesh tasks.
+ * Deduplicates by task ID.
+ *
+ * On lead: SQLite wins (has richer fields like kanbanColumn, sortOrder)
+ * On worker: KV wins (more up-to-date for mesh-coordinated tasks)
+ */
+export function mergeTasks(
+  sqliteTasks: Array<{ id: string; [key: string]: unknown }>,
+  kvTasks: Array<{ task_id: string; [key: string]: unknown }>,
+  nodeRole: "lead" | "worker" = NODE_ROLE
+): MergedTask[] {
+  const merged = new Map<string, MergedTask>();
+
+  // SQLite tasks first
+  for (const t of sqliteTasks) {
+    merged.set(t.id, { ...t, id: t.id, title: String(t.title || ""), source: "sqlite" });
+  }
+
+  // KV tasks: on worker, KV wins for mesh tasks; on lead, SQLite wins
+  for (const t of kvTasks) {
+    const existing = merged.get(t.task_id);
+    if (!existing) {
+      merged.set(t.task_id, {
+        ...t,
+        id: t.task_id,
+        title: String(t.title || ""),
+        source: "kv",
+      });
+    } else if (nodeRole === "worker") {
+      merged.set(t.task_id, {
+        ...t,
+        id: t.task_id,
+        title: String(t.title || ""),
+        source: "kv",
+      });
+    }
+    // Lead: SQLite wins (don't overwrite)
+  }
+
+  return Array.from(merged.values());
+}

package/mission-control/src/lib/sync/tasks.ts

@@ -3,6 +3,7 @@ import path from "path";
 import { eq } from "drizzle-orm";
 import { tasks } from "@/lib/db/schema";
 import { ACTIVE_TASKS_MD } from "@/lib/config";
+import { NODE_ROLE } from "@/lib/config";
 import {
   parseTasksMarkdown,
   serializeTasksMarkdown,
@@ -118,6 +119,11 @@ export function syncTasksFromMarkdown(db: DrizzleDb): void {
         metric: task.metric || null,
         budgetMinutes: task.budgetMinutes || 30,
         scope: task.scope?.length ? JSON.stringify(task.scope) : null,
+        // Collab routing fields
+        collaboration: task.collaboration ? JSON.stringify(task.collaboration) : null,
+        preferredNodes: task.preferredNodes?.length ? JSON.stringify(task.preferredNodes) : null,
+        excludeNodes: task.excludeNodes?.length ? JSON.stringify(task.excludeNodes) : null,
+        clusterId: task.clusterId || null,
         updatedAt: task.updatedAt || now,
       };
 
@@ -167,6 +173,11 @@ export function syncTasksFromMarkdown(db: DrizzleDb): void {
           metric: task.metric || null,
           budgetMinutes: task.budgetMinutes || 30,
           scope: task.scope?.length ? JSON.stringify(task.scope) : null,
+          // Collab routing fields
+          collaboration: task.collaboration ? JSON.stringify(task.collaboration) : null,
+          preferredNodes: task.preferredNodes?.length ? JSON.stringify(task.preferredNodes) : null,
+          excludeNodes: task.excludeNodes?.length ? JSON.stringify(task.excludeNodes) : null,
+          clusterId: task.clusterId || null,
           updatedAt: task.updatedAt || now,
           createdAt: now,
         })
@@ -178,7 +189,7 @@ export function syncTasksFromMarkdown(db: DrizzleDb): void {
   // but PRESERVE roadmap/pipeline tasks (project, phase, pipeline types)
   // and any tasks tagged with a project (they live in the DB, not markdown).
   const allDbTasks = db
-    .select({ id: tasks.id, type: tasks.type, project: tasks.project })
+    .select({ id: tasks.id, type: tasks.type, project: tasks.project, execution: tasks.execution, status: tasks.status })
     .from(tasks)
     .all();
   for (const row of allDbTasks) {
@@ -187,6 +198,8 @@ export function syncTasksFromMarkdown(db: DrizzleDb): void {
     if (row.type === "project" || row.type === "phase" || row.type === "pipeline") continue;
     // Preserve tasks owned by a project (imported via pipeline, not markdown-managed)
     if (row.project) continue;
+    // Preserve in-flight mesh tasks (only clean up terminal ones)
+    if (row.execution === "mesh" && row.status !== "done" && row.status !== "cancelled") continue;
     if (!incomingIds.has(row.id)) {
       db.delete(tasks).where(eq(tasks.id, row.id)).run();
     }
@@ -210,6 +223,10 @@ export function syncTasksFromMarkdownIfChanged(db: DrizzleDb): void {
  * Tracks the mtime after write to avoid re-importing our own changes.
  */
 export function syncTasksToMarkdown(db: DrizzleDb): void {
+  // Workers must NOT write to active-tasks.md — the lead owns this file.
+  // Writing from workers would cause conflict loops in the mesh sync.
+  if (NODE_ROLE === "worker") return;
+
   const allTasks = db
     .select()
     .from(tasks)
@@ -250,6 +267,11 @@ export function syncTasksToMarkdown(db: DrizzleDb): void {
       metric: t.metric || null,
       budgetMinutes: t.budgetMinutes || 30,
       scope: t.scope ? JSON.parse(t.scope) : [],
+      // Collab routing fields
+      collaboration: t.collaboration ? JSON.parse(t.collaboration) : null,
+      preferredNodes: t.preferredNodes ? JSON.parse(t.preferredNodes) : [],
+      excludeNodes: t.excludeNodes ? JSON.parse(t.excludeNodes) : [],
+      clusterId: t.clusterId || null,
       updatedAt: t.updatedAt,
     }));
 

package/mission-control/src/lib/task-id.ts

@@ -0,0 +1,32 @@
+import { getDb } from "@/lib/db";
+import { tasks } from "@/lib/db/schema";
+
+/**
+ * Generate a task ID in the format T-YYYYMMDD-NNN.
+ * NNN is a zero-padded sequence number based on existing tasks for that date.
+ */
+export function generateTaskId(
+  db: ReturnType<typeof getDb>,
+  date: Date
+): string {
+  const dateStr =
+    date.getFullYear().toString() +
+    (date.getMonth() + 1).toString().padStart(2, "0") +
+    date.getDate().toString().padStart(2, "0");
+
+  const prefix = `T-${dateStr}-`;
+
+  // Find highest existing sequence number for this date prefix
+  const existing = db
+    .select({ id: tasks.id })
+    .from(tasks)
+    .all()
+    .filter((t) => t.id.startsWith(prefix))
+    .map((t) => {
+      const seq = parseInt(t.id.slice(prefix.length), 10);
+      return isNaN(seq) ? 0 : seq;
+    });
+
+  const nextSeq = existing.length > 0 ? Math.max(...existing) + 1 : 1;
+  return `${prefix}${nextSeq.toString().padStart(3, "0")}`;
+}

package/mission-control/src/lib/tts/index.ts

@@ -4,14 +4,28 @@ import { createEdgeTtsProvider } from "./edge";
 
 export type { TtsRequest, TtsResponse, TtsProvider } from "./types";
 
+// ── Pluggable TTS Provider Registry ──
+// Built-in providers are registered by default. External code can register
+// additional providers via registerTtsProvider() without modifying this file.
+
 const providers: Record<string, () => TtsProvider> = {
   google: createGoogleTtsProvider,
   edge: createEdgeTtsProvider,
 };
 
-export function getProvider(name: "google" | "edge"): TtsProvider {
+/** Register a custom TTS provider factory (e.g. "elevenlabs", "openai-tts"). */
+export function registerTtsProvider(name: string, factory: () => TtsProvider): void {
+  providers[name] = factory;
+}
+
+/** List all registered TTS provider names. */
+export function listTtsProviders(): string[] {
+  return Object.keys(providers);
+}
+
+export function getProvider(name: string): TtsProvider {
   const factory = providers[name];
-  if (!factory) throw new Error(`Unknown TTS provider: ${name}`);
+  if (!factory) throw new Error(`Unknown TTS provider: ${name}. Available: ${Object.keys(providers).join(", ")}`);
   return factory();
 }
 
@@ -22,18 +36,28 @@ export interface SynthesisResult extends TtsResponse {
 
 export async function synthesizeWithFallback(
   req: TtsRequest,
-  preferred: "google" | "edge" = "google"
+  preferred: string = "google"
 ): Promise<SynthesisResult> {
   try {
     const result = await getProvider(preferred).synthesize(req);
     return { ...result, actualProvider: preferred };
   } catch (err) {
-    const fallback = preferred === "google" ? "edge" : "google";
+    // Find first available fallback that isn't the preferred provider
+    const fallbackNames = Object.keys(providers).filter((n) => n !== preferred);
     const reason = err instanceof Error ? err.message : String(err);
-    console.warn(
-      `TTS provider "${preferred}" failed, falling back to "${fallback}": ${reason}`
-    );
-    const result = await getProvider(fallback).synthesize(req);
-    return { ...result, actualProvider: fallback, fallbackReason: reason };
+
+    for (const fallback of fallbackNames) {
+      try {
+        console.warn(
+          `TTS provider "${preferred}" failed, trying "${fallback}": ${reason}`
+        );
+        const result = await getProvider(fallback).synthesize(req);
+        return { ...result, actualProvider: fallback, fallbackReason: reason };
+      } catch {
+        // try next fallback
+      }
+    }
+
+    throw new Error(`All TTS providers failed. Last error: ${reason}`);
   }
 }

package/mission-control/src/middleware.ts

@@ -0,0 +1,82 @@
+import { NextRequest, NextResponse } from "next/server";
+
+/**
+ * API authentication middleware.
+ *
+ * Protects all /api/* routes with a Bearer token check.
+ * Token is read from MC_AUTH_TOKEN env var. If unset, auth is disabled
+ * (localhost-only deployments). When set, every API request must include:
+ *   Authorization: Bearer <token>
+ *
+ * Page routes (non-API) are not gated — the dashboard is a local UI.
+ */
+
+const AUTH_TOKEN = process.env.MC_AUTH_TOKEN || "";
+
+export function middleware(request: NextRequest) {
+  // Only gate API routes
+  if (!request.nextUrl.pathname.startsWith("/api/")) {
+    return NextResponse.next();
+  }
+
+  // Body size limit (1MB) for mutation requests
+  const contentLength = parseInt(request.headers.get("content-length") || "0", 10);
+  const MAX_BODY_SIZE = 1024 * 1024; // 1MB
+  if (contentLength > MAX_BODY_SIZE) {
+    return NextResponse.json(
+      { error: `Request body too large (${contentLength} bytes, max ${MAX_BODY_SIZE})` },
+      { status: 413 }
+    );
+  }
+
+  // SSE endpoints use EventSource which can't set headers — allow if
+  // the token is passed as a query param instead.
+  const tokenFromQuery = request.nextUrl.searchParams.get("token");
+
+  // If no token is configured, auth is disabled (backwards-compatible)
+  if (!AUTH_TOKEN) {
+    return NextResponse.next();
+  }
+
+  const authHeader = request.headers.get("authorization") || "";
+  const bearer = authHeader.startsWith("Bearer ")
+    ? authHeader.slice(7).trim()
+    : "";
+
+  const providedToken = bearer || tokenFromQuery || "";
+
+  if (!providedToken) {
+    return NextResponse.json(
+      { error: "Missing Authorization header" },
+      { status: 401 }
+    );
+  }
+
+  // Constant-time comparison to prevent timing attacks
+  if (!timingSafeEqual(providedToken, AUTH_TOKEN)) {
+    return NextResponse.json({ error: "Invalid token" }, { status: 403 });
+  }
+
+  return NextResponse.next();
+}
+
+/** Constant-time string comparison (Edge Runtime compatible). */
+function timingSafeEqual(a: string, b: string): boolean {
+  if (a.length !== b.length) {
+    // Still do a full comparison to avoid length-based timing leak
+    let result = a.length ^ b.length;
+    for (let i = 0; i < a.length; i++) {
+      result |= a.charCodeAt(i) ^ (b.charCodeAt(i % b.length) || 0);
+    }
+    return result === 0;
+  }
+  let result = 0;
+  for (let i = 0; i < a.length; i++) {
+    result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return result === 0;
+}
+
+export const config = {
+  matcher: "/api/:path*",
+};

package/mission-control/tsconfig.json

@@ -34,7 +34,8 @@
     "**/*.tsx",
     ".next/types/**/*.ts",
     ".next/dev/types/**/*.ts",
-    "**/*.mts"
+    "**/*.mts",
+    ".next/dev/dev/types/**/*.ts"
   ],
   "exclude": [
     "node_modules"

package/mission-control/vitest.config.ts

@@ -0,0 +1,14 @@
+import { defineConfig } from "vitest/config";
+import path from "path";
+
+export default defineConfig({
+  resolve: {
+    alias: {
+      "@": path.resolve(__dirname, "src"),
+    },
+  },
+  test: {
+    include: ["src/**/*.test.ts"],
+    environment: "node",
+  },
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "openclaw-node-harness",
-  "version": "2.0.4",
+  "version": "2.1.1",
   "description": "One-command installer for the OpenClaw node layer — identity, skills, souls, daemon, and Mission Control.",
   "bin": {
     "openclaw-node": "./cli.js"
@@ -39,10 +39,23 @@
     "type": "git",
     "url": "https://github.com/moltyguibros-design/openclaw-node.git"
   },
+  "scripts": {
+    "test": "node --test test/*.test.js test/*.test.mjs",
+    "test:unit": "node --test test/*.test.js test/*.test.mjs",
+    "test:mc": "cd mission-control && npx vitest run src/lib/__tests__/",
+    "test:integration": "node test/distributed-mc.test.js",
+    "test:all": "npm run test:unit && npm run test:mc && npm run test:integration"
+  },
   "engines": {
     "node": ">=18"
   },
   "dependencies": {
-    "nats": "^2.28.2"
+    "@huggingface/transformers": "^3.0.0",
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "better-sqlite3": "^11.7.0",
+    "js-yaml": "^4.1.1",
+    "nats": "^2.28.2",
+    "playwright": "^1.51.0",
+    "sqlite-vec": "^0.1.0"
   }
 }

package/services/launchd/ai.openclaw.log-rotate.plist

@@ -20,6 +20,17 @@
       <key>Minute</key>
       <integer>0</integer>
     </dict>
+    <key>RunAtLoad</key>
+    <false/>
+    <key>KeepAlive</key>
+    <false/>
+    <key>EnvironmentVariables</key>
+    <dict>
+      <key>HOME</key>
+      <string>${HOME}</string>
+      <key>PATH</key>
+      <string>${HOME}/.bun/bin:${HOME}/.local/bin:${HOME}/.npm-global/bin:${HOME}/bin:${HOME}/.volta/bin:${HOME}/.asdf/shims:${HOME}/Library/Application Support/fnm/aliases/default/bin:${HOME}/.fnm/aliases/default/bin:${HOME}/Library/pnpm:${HOME}/.local/share/pnpm:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin</string>
+    </dict>
     <key>StandardOutPath</key>
     <string>${HOME}/.openclaw/logs/log-rotate.log</string>
     <key>StandardErrorPath</key>

package/services/launchd/ai.openclaw.mesh-deploy-listener.plist

@@ -12,6 +12,10 @@
   </array>
   <key>EnvironmentVariables</key>
   <dict>
+    <key>HOME</key>
+    <string>${HOME}</string>
+    <key>PATH</key>
+    <string>${HOME}/.bun/bin:${HOME}/.local/bin:${HOME}/.npm-global/bin:${HOME}/bin:${HOME}/.volta/bin:${HOME}/.asdf/shims:${HOME}/Library/Application Support/fnm/aliases/default/bin:${HOME}/.fnm/aliases/default/bin:${HOME}/Library/pnpm:${HOME}/.local/share/pnpm:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin</string>
     <key>OPENCLAW_NODE_ID</key>
     <string>${OPENCLAW_NODE_ID}</string>
     <key>OPENCLAW_NATS</key>

package/services/launchd/ai.openclaw.mesh-health-publisher.plist

@@ -12,6 +12,10 @@
   </array>
   <key>EnvironmentVariables</key>
   <dict>
+    <key>HOME</key>
+    <string>${HOME}</string>
+    <key>PATH</key>
+    <string>${HOME}/.bun/bin:${HOME}/.local/bin:${HOME}/.npm-global/bin:${HOME}/bin:${HOME}/.volta/bin:${HOME}/.asdf/shims:${HOME}/Library/Application Support/fnm/aliases/default/bin:${HOME}/.fnm/aliases/default/bin:${HOME}/Library/pnpm:${HOME}/.local/share/pnpm:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin</string>
     <key>OPENCLAW_NODE_ID</key>
     <string>${OPENCLAW_NODE_ID}</string>
     <key>OPENCLAW_NATS</key>

package/services/launchd/ai.openclaw.mission-control.plist

@@ -20,7 +20,7 @@
         <key>PATH</key>
         <string>/usr/local/bin:/usr/bin:/bin</string>
         <key>NODE_ENV</key>
-        <string>development</string>
+        <string>production</string>
     </dict>
 
     <key>RunAtLoad</key>

package/services/service-manifest.json

@@ -5,7 +5,7 @@
   { "name": "openclaw-mesh-health-publisher", "role": "both", "autostart": true },
   { "name": "openclaw-mesh-deploy-listener", "role": "both", "autostart": true },
   { "name": "openclaw-mesh-tool-discord", "role": "lead", "autostart": true },
-  { "name": "openclaw-mission-control", "role": "lead", "autostart": true },
+  { "name": "openclaw-mission-control", "role": "both", "autostart": true },
   { "name": "openclaw-gateway", "role": "both", "autostart": true },
   { "name": "openclaw-lane-watchdog", "role": "both", "autostart": true },
   { "name": "openclaw-memory-daemon", "role": "both", "autostart": true },