traderclaw-cli 1.0.95-beta.0 → 1.0.96

package/bin/installer-step-engine.mjs

@@ -2,7 +2,6 @@ import { execFileSync, execSync, spawn } from "child_process";
 import { randomBytes } from "crypto";
 import { existsSync, mkdirSync, mkdtempSync, readFileSync, renameSync, statSync, writeFileSync } from "fs";
 import { homedir, tmpdir } from "os";
-import * as os from "os";
 import { dirname, join } from "path";
 import { resolvePluginPackageRoot } from "./resolve-plugin-root.mjs";
 import { choosePreferredProviderModel } from "./llm-model-preference.mjs";
@@ -213,11 +212,7 @@ const NO_COLOR_ENV = { ...process.env, NO_COLOR: "1", FORCE_COLOR: "0" };
  * The current OpenClaw approach (docs.openclaw.ai/channels/telegram):
  *   channels.telegram.botToken = "<token>"   → token source
  *   channels.telegram.enabled  = true        → enable the channel
- *   channels.telegram.dmPolicy = "open"      → single-user wizard install: deliver DMs without pairing
- *
- * Note: "pairing" is safer for multi-tenant deployments but breaks the wizard onboarding flow
- * (heartbeat fires before the user has paired, so the very first DM is dropped). Single-user
- * wizard installs almost always want "open"; tighten later if needed.
+ *   channels.telegram.dmPolicy = "pairing"   → safe default (user approves first DM)
  */
 function writeTelegramChannelConfig(botToken, configPath = CONFIG_FILE) {
   let config = {};
@@ -232,7 +227,7 @@ function writeTelegramChannelConfig(botToken, configPath = CONFIG_FILE) {
   config.channels.telegram.botToken = botToken;
   // Only set dmPolicy if not already configured (preserve existing policy on re-installs).
   if (!config.channels.telegram.dmPolicy) {
-    config.channels.telegram.dmPolicy = "open";
+    config.channels.telegram.dmPolicy = "pairing";
   }
   ensureAgentsDefaultsSchemaCompat(config);
   mkdirSync(CONFIG_DIR, { recursive: true });
@@ -535,6 +530,42 @@ async function installOpenClawPlatform() {
   };
 }
 
+/**
+ * Check whether the OpenClaw CLI has any devices stuck in a pending-approval or
+ * repair state.  This can happen when the gateway version >= 1.0.93-beta.0 starts
+ * treating every CLI invocation as a "device" that must be explicitly approved
+ * before it gets operator-write scope.  Without that scope all trading RPCs fail
+ * silently (read-only).
+ *
+ * Returns:
+ *   { ran: false }                        – openclaw not on PATH or devices subcommand not supported
+ *   { ran: true, pendingIds: string[],    – list ran OK; ids needing approval
+ *     repairDetected: boolean,            – current device is in repair/read-only state
+ *     envTokenSet: boolean }              – OPENCLAW_GATEWAY_TOKEN env var already present (fallback)
+ */
+function checkOpenClawDeviceApproval() {
+  if (!commandExists("openclaw")) return { ran: false };
+  const raw = getCommandOutput("openclaw devices list");
+  if (!raw) return { ran: false };
+
+  const lower = raw.toLowerCase();
+  const envTokenSet = !!process.env.OPENCLAW_GATEWAY_TOKEN;
+
+  // Detect devices that are waiting for approval ("pending" requestId lines).
+  const pendingIds = [];
+  for (const line of raw.split("\n")) {
+    // Lines typically look like:  d4fcdbe8-5176-422b-...   pending
+    const m = line.match(/([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})/i);
+    if (m && (line.toLowerCase().includes("pending") || line.toLowerCase().includes("repair"))) {
+      pendingIds.push(m[1]);
+    }
+  }
+
+  const repairDetected = lower.includes("repair");
+
+  return { ran: true, pendingIds, repairDetected, envTokenSet, raw };
+}
+
 function isNpmGlobalBinConflict(err, cliName) {
   const text = `${err?.message || ""}\n${err?.stderr || ""}\n${err?.stdout || ""}`.toLowerCase();
   return (
@@ -867,46 +898,13 @@ function mergePluginsAllowlist(modeConfig, configPath = CONFIG_FILE) {
   writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
 }
 
-/**
- * Resolve per-provider model strings used by managed cron jobs.
- * Returns `{ heavy, light }`. `heavy` is the wizard-chosen model. `light` is a cheaper variant
- * when the provider has one (Anthropic → Haiku); otherwise `light` falls back to `heavy`.
- *
- * This replaces the previous hardcoded `anthropic/claude-sonnet-4-20250514` and
- * `anthropic/claude-haiku-4-5` cron models, which silently failed for Codex / OpenAI / etc.
- * installs because the user never authenticated with Anthropic.
- */
-function resolveCronModels(provider, model) {
-  const heavy = (typeof model === "string" && model.startsWith(`${provider}/`)) ? model : null;
-  if (provider === "anthropic") {
-    return {
-      heavy: heavy || "anthropic/claude-sonnet-4-6",
-      light: "anthropic/claude-haiku-4-5",
-    };
-  }
-  if (provider === "openai-codex") {
-    const m = heavy || "openai-codex/gpt-5.4";
-    return { heavy: m, light: m };
-  }
-  if (provider === "openai") {
-    const m = heavy || "openai/gpt-5.4";
-    return { heavy: m, light: m };
-  }
-  // Generic fallback: same model for both tiers (configured provider determines the model string).
-  const fallback = heavy || `${provider}/default`;
-  return { heavy: fallback, light: fallback };
-}
-
 /**
  * Managed cron jobs with prescriptive tool chains (VPS report 2026-03-24).
  * Schedules are staggered (minutes :00 / :15 / :30 / :45) where possible to avoid pile-ups.
  * @param {string} agentId
- * @param {{ heavy: string, light: string }} models
  * @returns {Array<{ id: string, schedule: string, agentId: string, message: string, enabled: boolean }>}
  */
-function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude-sonnet-4-6", light: "anthropic/claude-haiku-4-5" }) {
-  const HEAVY = models.heavy;
-  const LIGHT = models.light;
+function traderCronPrescriptiveJobs(agentId) {
   return [
     {
       id: "alpha-scan",
@@ -914,7 +912,7 @@ function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude
       agentId,
       message:
         "CRON_JOB: alpha_scan\n\nScan new launches, filter, score, log alpha. Tools: solana_scan_launches → filter (vol>30K, mcap>10K, liq>5K) → solana_token_snapshot for survivors → quality filter (top10 <50%, deployer <3 abandoned, has social) → score 0-100 → solana_alpha_log for 65+. Summarize results.",
-      model: HEAVY,
+      model: "anthropic/claude-sonnet-4-20250514",
       thinking: false,
       lightContext: true,
       delivery: { mode: "announce", channel: "last", bestEffort: true },
@@ -926,7 +924,7 @@ function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude
       agentId,
       message:
         "CRON_JOB: portfolio_health\n\nCombined dead-money + whale + risk audit. solana_capital_status + solana_positions → solana_token_snapshot per position → dead money exit (loss>40% or 90min+down+low vol) → whale flags (>5% supply moves) → risk checks (concentration/drawdown/exposure) → sell if CRITICAL → solana_memory_write tag 'portfolio_health'.",
-      model: HEAVY,
+      model: "anthropic/claude-sonnet-4-20250514",
       thinking: false,
       lightContext: true,
       delivery: { mode: "announce", channel: "last", bestEffort: true },
@@ -938,7 +936,7 @@ function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude
       agentId,
       message:
         "CRON_JOB: trust_refresh\n\nCombined source + deployer trust. solana_source_trust_refresh + solana_deployer_trust_refresh → solana_alpha_sources + solana_trades for win rates → solana_source_trust_get + solana_deployer_trust_get, flag <30 → solana_memory_write tag 'trust_refresh'.",
-      model: LIGHT,
+      model: "anthropic/claude-haiku-4-5",
       thinking: false,
       lightContext: true,
       delivery: { mode: "none" },
@@ -950,7 +948,7 @@ function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude
       agentId,
       message:
         "CRON_JOB: meta_rotation_analysis\n\nx_search_tweets trending topics → solana_scan_launches → categorize by narrative cluster → per-cluster metrics → compare vs solana_memory_search tag 'meta_rotation' → declare hot/fading clusters → solana_memory_write tag 'meta_rotation'.",
-      model: HEAVY,
+      model: "anthropic/claude-sonnet-4-20250514",
       thinking: false,
       lightContext: true,
       delivery: { mode: "announce", channel: "last", bestEffort: true },
@@ -962,7 +960,7 @@ function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude
       agentId,
       message:
         "CRON_JOB: strategy_evolution\n\nDaily strategy review. solana_journal_summary — if <10 closed trades since last evolution, log 'insufficient data' and stop. Otherwise: solana_trades to bucket by confidence tier → solana_strategy_state for current weights → analyze tier performance → solana_strategy_update with conservative adjustments (max 10% per weight per cycle) → solana_memory_write tag 'strategy_evolution'.",
-      model: HEAVY,
+      model: "anthropic/claude-sonnet-4-20250514",
       thinking: true,
       lightContext: false,
       delivery: { mode: "announce", channel: "last", bestEffort: true },
@@ -974,7 +972,7 @@ function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude
       agentId,
       message:
         "CRON_JOB: subscription_cleanup\n\nsolana_positions for open CAs → solana_bitquery_subscriptions for active subs (if AUTH_SCOPE_MISSING, log and stop) → match subs to positions → solana_bitquery_unsubscribe orphaned subs → solana_memory_write tag 'subscription_cleanup'. Summarize before/after counts.",
-      model: LIGHT,
+      model: "anthropic/claude-haiku-4-5",
       thinking: false,
       lightContext: true,
       delivery: { mode: "announce", channel: "last", bestEffort: true },
@@ -986,7 +984,7 @@ function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude
       agentId,
       message:
         "CRON_JOB: daily_performance_report\n\nCompile 24h report. solana_journal_summary + solana_capital_status + solana_positions + solana_trades + solana_strategy_state → sections: Portfolio Summary, Trading Activity (count/win rate/PnL), Best/Worst Trades, Strategy State, Risk Metrics, Recommendations → solana_memory_write tag 'daily_report'. Deliver full report.",
-      model: HEAVY,
+      model: "anthropic/claude-sonnet-4-20250514",
       thinking: false,
       lightContext: false,
       delivery: { mode: "announce", channel: "telegram" },
@@ -998,7 +996,7 @@ function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude
       agentId,
       message:
         "CRON_JOB: intelligence_lab_eval\n\nsolana_candidate_get — if <20 labeled candidates, log 'insufficient data' and exit. Otherwise: solana_evaluation_report → solana_model_registry for challengers → solana_replay_eval if challenger exists → solana_model_promote if challenger beats champion by >5% F1 → solana_memory_write tag 'intelligence_lab'.",
-      model: HEAVY,
+      model: "anthropic/claude-sonnet-4-20250514",
       thinking: true,
       lightContext: false,
       delivery: { mode: "none" },
@@ -1010,7 +1008,7 @@ function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude
       agentId,
       message:
         "CRON_JOB: memory_trim\n\nsolana_memory_trim dryRun:true first → review → solana_memory_trim retentionDays:2 → solana_memory_write tag 'memory_trim' with summary.",
-      model: LIGHT,
+      model: "anthropic/claude-haiku-4-5",
       thinking: false,
       lightContext: true,
       delivery: { mode: "none" },
@@ -1022,7 +1020,7 @@ function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude
       agentId,
       message:
         "Balance watchdog. 1) solana_capital_status 2) solana_positions 3) solana_context_snapshot_read 4) Compare real vs believed. If mismatch: solana_context_snapshot_write with corrected state, summarize changes. If match: reply WATCHDOG_OK.",
-      model: LIGHT,
+      model: "anthropic/claude-haiku-4-5",
       thinking: false,
       lightContext: true,
       delivery: { mode: "announce", channel: "telegram" },
@@ -1031,7 +1029,7 @@ function traderCronPrescriptiveJobs(agentId, models = { heavy: "anthropic/claude
   ];
 }
 
-function configureGatewayScheduling(modeConfig, configPath = CONFIG_FILE, options = {}) {
+function configureGatewayScheduling(modeConfig, configPath = CONFIG_FILE) {
   let config = {};
   try {
     config = JSON.parse(readFileSync(configPath, "utf-8"));
@@ -1049,12 +1047,9 @@ function configureGatewayScheduling(modeConfig, configPath = CONFIG_FILE, option
   /** Default periodic wake interval for TraderClaw installs (was 5m; stretched to reduce load). */
   const defaultHeartbeatEvery = "30m";
 
-  // target: "last" routes to the last channel that DM'd the agent (works as soon as the user
-  // sends any message in Telegram). "telegram" requires per-channel default routing setup
-  // and silently drops on first install — see VPS post-mortem.
   const defaultHeartbeat = {
     every: defaultHeartbeatEvery,
-    target: "last",
+    target: "telegram",
     isolatedSession: true,
     lightContext: true,
     prompt: heartbeatPrompt,
@@ -1084,18 +1079,7 @@ function configureGatewayScheduling(modeConfig, configPath = CONFIG_FILE, option
     if (existingIds.has(agent.id)) {
       const existing = config.agents.list.find(a => a.id === agent.id);
       if (agent.heartbeat) {
-        // Idempotent reinstall: never clobber an existing user-customized heartbeat block.
-        // Only seed defaults that are missing — preserve any per-key overrides the operator
-        // wrote between installs (cadence, tone, target=@username, etc.).
-        if (!existing.heartbeat || typeof existing.heartbeat !== "object") {
-          existing.heartbeat = { ...agent.heartbeat };
-        } else {
-          for (const [k, v] of Object.entries(agent.heartbeat)) {
-            if (existing.heartbeat[k] === undefined || existing.heartbeat[k] === null || existing.heartbeat[k] === "") {
-              existing.heartbeat[k] = v;
-            }
-          }
-        }
+        existing.heartbeat = agent.heartbeat;
       }
       if (agent.default) {
         existing.default = true;
@@ -1118,11 +1102,7 @@ function configureGatewayScheduling(modeConfig, configPath = CONFIG_FILE, option
   const mainAgent = isV2 ? "cto" : "main";
 
   /** Six prescriptive managed jobs (VPS report); v2 assigns the same set to the CTO agent. */
-  const cronModels = resolveCronModels(
-    String(options?.llmProvider || "anthropic").trim(),
-    String(options?.llmModel || "").trim(),
-  );
-  const targetJobs = traderCronPrescriptiveJobs(mainAgent, cronModels);
+  const targetJobs = traderCronPrescriptiveJobs(mainAgent);
 
   let removedLegacyCronJobs = false;
   if (config.cron && Object.prototype.hasOwnProperty.call(config.cron, "jobs")) {
@@ -1191,39 +1171,6 @@ function configureGatewayScheduling(modeConfig, configPath = CONFIG_FILE, option
   }
   config.agents.defaults.heartbeat = { ...defaultHeartbeat };
 
-  if (!config.agents.defaults.memorySearch || typeof config.agents.defaults.memorySearch !== "object") {
-    config.agents.defaults.memorySearch = {
-      provider: "openai",
-      model: "text-embedding-3-small",
-      query: {
-        hybrid: true,
-        mmr: { enabled: true, lambda: 0.5 },
-        temporalDecay: { enabled: true, halfLifeDays: 14 },
-      },
-    };
-  }
-
-  if (!config.agents.defaults.contextPruning || typeof config.agents.defaults.contextPruning !== "object") {
-    config.agents.defaults.contextPruning = { cacheTtl: "1h" };
-  }
-
-  if (!config.env || typeof config.env !== "object") config.env = {};
-  if (process.env.OPENAI_API_KEY && !config.env.OPENAI_API_KEY) {
-    // Literal env reference (not the value). The gateway expands ${OPENAI_API_KEY}
-    // at runtime from its process environment. Keeps the secret out of the
-    // config file on disk.
-    config.env.OPENAI_API_KEY = "${OPENAI_API_KEY}";
-  } else if (!process.env.OPENAI_API_KEY && !config.env.OPENAI_API_KEY && typeof console !== "undefined") {
-    console.warn(
-      "[traderclaw] OPENAI_API_KEY not detected in the installer shell. " +
-      "Memory embeddings require it for vector search (text-embedding-3-small, ~$0.02/M tokens).\n" +
-      "Set it and re-run the installer, or add the env ref manually:\n" +
-      "  1) export OPENAI_API_KEY=sk-...\n" +
-      "  2) edit ~/.openclaw/openclaw.json and set env.OPENAI_API_KEY to \"${OPENAI_API_KEY}\"\n" +
-      "  3) openclaw gateway restart"
-    );
-  }
-
   ensureAgentsDefaultsSchemaCompat(config);
   mkdirSync(CONFIG_DIR, { recursive: true });
   writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
@@ -1231,6 +1178,21 @@ function configureGatewayScheduling(modeConfig, configPath = CONFIG_FILE, option
   const cronStorePath = resolveCronJobsStorePath(config);
   const cronMerge = mergeTraderCronJobsIntoStore(cronStorePath, targetJobs);
 
+  let qmdAvailable = false;
+  let qmdVersion = null;
+  try { qmdAvailable = commandExists("qmd"); } catch {}
+  if (qmdAvailable) {
+    qmdVersion = getCommandOutput("qmd --version");
+  } else {
+    if (typeof console !== "undefined") {
+      console.warn(
+        "[traderclaw] QMD binary not found. Memory engine will fall back to SQLite (no vector search, no temporal decay, no MMR).\n" +
+        "Install QMD:  npm install -g @tobilu/qmd\n" +
+        "Then restart the gateway:  openclaw gateway restart"
+      );
+    }
+  }
+
   return {
     configPath,
     agentsConfigured: targetAgents.length,
@@ -1242,227 +1204,12 @@ function configureGatewayScheduling(modeConfig, configPath = CONFIG_FILE, option
     cronJobsStoreError: cronMerge.error,
     removedLegacyCronJobs,
     hooksConfigured: config.hooks.mappings.length,
+    qmdAvailable,
+    qmdVersion,
     isV2,
   };
 }
 
-/**
- * Persist the optional Telegram forward recipient onto the plugin entry config so the
- * orchestrator's reply-forward path works on first install. Idempotent — does nothing
- * when no recipient is provided. Accepts numeric chat ids (e.g. "818973873") or
- * @username (e.g. "@neabi").
- */
-function writeForwardTelegramRecipient(modeConfig, recipient, configPath = CONFIG_FILE) {
-  if (typeof recipient !== "string" || !recipient.trim()) return { written: false };
-  let config = {};
-  try {
-    config = JSON.parse(readFileSync(configPath, "utf-8"));
-  } catch {
-    config = {};
-  }
-  if (!config.plugins || typeof config.plugins !== "object") config.plugins = {};
-  if (!config.plugins.entries || typeof config.plugins.entries !== "object") config.plugins.entries = {};
-  normalizeTraderPluginEntries(config, modeConfig.pluginId);
-  const entry = config.plugins.entries[modeConfig.pluginId];
-  if (!entry || typeof entry !== "object") return { written: false };
-  if (!entry.config || typeof entry.config !== "object") entry.config = {};
-  entry.config.forwardTelegramRecipient = recipient.trim();
-  ensureAgentsDefaultsSchemaCompat(config);
-  mkdirSync(CONFIG_DIR, { recursive: true });
-  writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
-  return { written: true, recipient: entry.config.forwardTelegramRecipient };
-}
-
-/**
- * Approve any pending OpenClaw-paired devices on this host. Newly-paired devices
- * land with only `operator.read` scope; new beta plugin RPCs need `operator.write` +
- * `approvals` + `secrets`, so without approval the CLI loops on `1008 pairing required`.
- *
- * Best-effort: tolerates missing `openclaw devices` subcommand and an empty pending list.
- * Returns counts but never throws — callers wrap in try/catch.
- */
-async function approvePendingDevices() {
-  if (!commandExists("openclaw")) return { ran: false, reason: "no_cli" };
-  let listOut = "";
-  try {
-    listOut = execFileSync("openclaw", ["devices", "list", "--json"], {
-      encoding: "utf-8",
-      timeout: 15_000,
-      env: NO_COLOR_ENV,
-    }).trim();
-  } catch (err) {
-    return { ran: false, reason: "list_failed", error: err?.message || String(err) };
-  }
-  if (!listOut) return { ran: true, approved: 0, total: 0 };
-
-  let parsed;
-  try {
-    parsed = JSON.parse(listOut);
-  } catch {
-    return { ran: true, approved: 0, total: 0, reason: "list_not_json" };
-  }
-  const devices = Array.isArray(parsed) ? parsed : Array.isArray(parsed?.devices) ? parsed.devices : [];
-
-  // Devices needing operator action: pending pair, awaiting approval, or flagged for repair
-  // (repair is what existing devices get when new RPC scopes are introduced — see VPS post-mortem).
-  const PENDING_STATES = new Set(["pending", "awaiting_approval", "needs_approval", "repair", "scope_repair"]);
-  const allCandidates = devices.filter(
-    (d) => d && typeof d === "object" && (PENDING_STATES.has(String(d.status || "").toLowerCase()) || d.requiresApproval === true),
-  );
-
-  // Authorization-scope safety: only auto-approve devices that we can prove belong to
-  // this host. Approving unrelated pending devices would silently grant the new
-  // operator.write/approvals/secrets scopes to someone else's machine. Match strategies:
-  //   1) device.hostname / device.host equals os.hostname()
-  //   2) device.deviceId / device.fingerprint equals a fingerprint we just paired (env)
-  //   3) operator opted in to broad approval via TRADERCLAW_INSTALLER_APPROVE_ALL_PENDING=1
-  // If none match and there is more than one pending device, do nothing and surface a
-  // log line so the operator can run `openclaw devices approve <id>` themselves.
-  const myHost = String(os.hostname() || "").toLowerCase();
-  const justPairedId = String(process.env.OPENCLAW_JUST_PAIRED_DEVICE_ID || "").trim();
-  const optInBroad = process.env.TRADERCLAW_INSTALLER_APPROVE_ALL_PENDING === "1";
-
-  const matchesThisHost = (d) => {
-    const dh = String(d.hostname || d.host || "").toLowerCase();
-    const did = String(d.id || d.deviceId || d.fingerprint || "").trim();
-    if (myHost && dh && dh === myHost) return true;
-    if (justPairedId && did && did === justPairedId) return true;
-    return false;
-  };
-
-  let candidates = allCandidates.filter(matchesThisHost);
-  // Conservative fallback: if exactly one pending candidate exists overall and no host
-  // metadata is available to disambiguate, treat it as "the device we just paired".
-  if (candidates.length === 0 && allCandidates.length === 1) {
-    candidates = allCandidates;
-  }
-  if (optInBroad) {
-    candidates = allCandidates;
-  }
-
-  if (candidates.length === 0 && allCandidates.length > 1) {
-    return {
-      ran: true,
-      approved: 0,
-      total: devices.length,
-      candidates: 0,
-      pending: allCandidates.length,
-      reason: "ambiguous_pending_devices",
-      pendingIds: allCandidates.map((d) => String(d.id || d.deviceId || "")).filter(Boolean),
-    };
-  }
-
-  let approved = 0;
-  const errors = [];
-  for (const d of candidates) {
-    const id = String(d.id || d.deviceId || "").trim();
-    if (!id) continue;
-    try {
-      execFileSync("openclaw", ["devices", "approve", id], {
-        encoding: "utf-8",
-        timeout: 15_000,
-        env: NO_COLOR_ENV,
-      });
-      approved += 1;
-    } catch (err) {
-      errors.push({ id, error: err?.message || String(err) });
-    }
-  }
-  return { ran: true, approved, total: devices.length, candidates: candidates.length, errors };
-}
-
-/**
- * Final invariant check before declaring install complete. Re-reads openclaw.json from
- * disk and verifies every default that the install promised to ship correctly. Throws
- * (failing the wizard) on any mismatch so a broken config never ships to a fresh user.
- */
-function runFreshInstallSmokeCheck(modeConfig, options, configPath = CONFIG_FILE) {
-  const issues = [];
-  let config;
-  try {
-    config = JSON.parse(readFileSync(configPath, "utf-8"));
-  } catch (err) {
-    return { ok: false, issues: [`Could not read ${configPath}: ${err?.message || String(err)}`] };
-  }
-
-  // 1. Telegram dmPolicy must be "open" (only relevant when telegram was enabled)
-  if (options?.enableTelegram === true) {
-    const dmPolicy = config?.channels?.telegram?.dmPolicy;
-    if (dmPolicy !== "open") {
-      issues.push(`channels.telegram.dmPolicy is '${dmPolicy ?? "unset"}' (expected 'open' for wizard installs).`);
-    }
-  }
-
-  // 2. Every agent's heartbeat.target must be set to *something* routable. The fresh-install
-  // default is "last", but a reinstall over a config where the operator intentionally chose
-  // "@username" or "telegram:<id>" must NOT fail — configureGatewayScheduling preserves
-  // those values, so failing here would block legitimate reinstalls. Only fail when the
-  // agent has heartbeat config but no target at all (the regression we kept hitting).
-  const agents = Array.isArray(config?.agents?.list) ? config.agents.list : [];
-  for (const a of agents) {
-    if (!a?.heartbeat) continue;
-    const t = a.heartbeat.target;
-    if (!t) {
-      issues.push(`agents.list[id=${a.id}].heartbeat is configured but heartbeat.target is missing (expected 'last' or a routable target like '@username' / 'telegram:<id>').`);
-    }
-  }
-
-  // 3. Every X profile must have userId+username (only when X consumer keys are configured)
-  const entry = config?.plugins?.entries?.[modeConfig.pluginId];
-  const xCfg = entry?.config?.x;
-  if (xCfg && xCfg.consumerKey && xCfg.consumerSecret && xCfg.profiles && typeof xCfg.profiles === "object") {
-    for (const [pid, p] of Object.entries(xCfg.profiles)) {
-      if (!p || typeof p !== "object") continue;
-      if (!p.accessToken || !p.accessTokenSecret) continue;
-      if (!p.userId || !p.username) {
-        issues.push(`plugins.entries.${modeConfig.pluginId}.config.x.profiles.${pid} missing userId or username (x_read_mentions will fail).`);
-      }
-    }
-  }
-
-  // 4. Every cron job's model must match the wizard provider
-  const wantProvider = String(options?.llmProvider || "").trim();
-  if (wantProvider) {
-    let cronStorePath = "";
-    try {
-      cronStorePath = resolveCronJobsStorePath(config);
-    } catch {
-      cronStorePath = "";
-    }
-    if (cronStorePath && existsSync(cronStorePath)) {
-      let store = null;
-      try {
-        store = JSON.parse(readFileSync(cronStorePath, "utf-8"));
-      } catch (err) {
-        issues.push(`cron store '${cronStorePath}' could not be parsed: ${err?.message || String(err)} — provider/model alignment cannot be verified.`);
-      }
-      if (store) {
-        // Only enforce provider alignment on installer-managed TraderClaw jobs. Custom
-        // jobs the operator added between installs (or other plugins' jobs) are intentionally
-        // preserved by mergeTraderCronJobsIntoStore and must not fail the smoke check.
-        const managedIds = new Set([
-          ...traderCronPrescriptiveJobs("main").map((j) => j.id),
-          ...traderCronPrescriptiveJobs("cto").map((j) => j.id),
-        ].filter(Boolean));
-        const jobs = Array.isArray(store?.jobs) ? store.jobs : [];
-        for (const j of jobs) {
-          if (!j || typeof j !== "object") continue;
-          if (!managedIds.has(j.id)) continue;
-          // OpenClaw cron store nests model under job.payload.model (see buildOpenClawCronStoreJob).
-          // Fall back to top-level j.model only as a defensive read in case the schema changes.
-          const m = String(j?.payload?.model || j?.model || "");
-          if (!m) continue;
-          if (!m.startsWith(`${wantProvider}/`)) {
-            issues.push(`installer-managed cron job '${j.id}' has model '${m}' but wizard provider is '${wantProvider}'.`);
-          }
-        }
-      }
-    }
-  }
-
-  return { ok: issues.length === 0, issues, configPath };
-}
-
 function ensureOpenResponsesEnabled(configPath = CONFIG_FILE) {
   let config = {};
   try {
@@ -1626,40 +1373,19 @@ function seedXConfig(modeConfig, configPath = CONFIG_FILE, wizardOpts = {}) {
     entry.config.x.profiles = {};
   }
 
-  // V1 historically only seeded { main, solana-trader }. Production traffic resolves the X
-  // profile via callerAgentId || requestedAgentId || fallbackAgentId || "cto" — so a missing
-  // "cto" profile (the literal string-fallback) breaks x_read_mentions for any caller that
-  // doesn't explicitly pass agentId. Always seed "cto" for V1 too, mirroring "main" tokens
-  // when no dedicated cto credentials were supplied.
-  // Additionally, mirror under any agents.list[].identity.name (e.g. "AgentZERO") so any
-  // identity-name-based resolution path lands on a real profile.
-  const baseAgentIds =
+  const agentIds =
     modeConfig.pluginId === "solana-trader-v2"
       ? ["cto", "intern"]
       : modeConfig.pluginId === "solana-trader"
-        ? ["main", "solana-trader", "cto"]
+        ? ["main", "solana-trader"]
         : ["main"];
-
-  const identityNames = new Set();
-  if (Array.isArray(config?.agents?.list)) {
-    for (const a of config.agents.list) {
-      const n = typeof a?.identity?.name === "string" ? a.identity.name.trim() : "";
-      if (n && !baseAgentIds.includes(n)) identityNames.add(n);
-    }
-  }
-  const agentIds = [...baseAgentIds, ...identityNames];
-
   let profilesFound = 0;
 
   for (const agentId of agentIds) {
     let { at, ats } = getAccessPairForAgent(wizardOpts, agentId);
-    // Mirror "main" tokens for any V1 secondary slot (solana-trader, cto, AgentZERO, …)
-    // when no dedicated tokens were supplied. Production X tools are stateless w.r.t.
-    // which token issued the call, so reusing "main" tokens across profiles is safe and
-    // matches what the user manually does on every install.
     if (
       modeConfig.pluginId === "solana-trader"
-      && agentId !== "main"
+      && agentId === "solana-trader"
       && (!at || !ats)
     ) {
       ({ at, ats } = getAccessPairForAgent(wizardOpts, "main"));
@@ -2171,9 +1897,9 @@ function verifyInstallation(modeConfig, apiKey) {
       note: heartbeatInWorkspace ? workspaceRoot : `expected ${join(workspaceRoot, "HEARTBEAT.md")}`,
     },
     {
-      label: "Memory engine (builtin, vector + FTS)",
-      ok: true,
-      note: "run `openclaw memory status --deep` to verify index",
+      label: "QMD memory engine (vector search)",
+      ok: commandExists("qmd"),
+      note: "not installed — memory uses keyword search only. Install: npm install -g @tobilu/qmd",
     },
   ];
 }
@@ -2209,13 +1935,6 @@ export class InstallerStepEngine {
       gatewayToken: options.gatewayToken || "",
       enableTelegram: options.enableTelegram === true,
       telegramToken: options.telegramToken || "",
-      // Optional: numeric chat id or @username the orchestrator forwards Telegram replies to.
-      // When set, written to plugins.entries[<pluginId>].config.forwardTelegramRecipient so the
-      // forward path works on first install without a manual edit. Legacy alias accepted.
-      forwardTelegramRecipient:
-        typeof options.forwardTelegramRecipient === "string" ? options.forwardTelegramRecipient.trim()
-        : typeof options.forwardTelegramChatId === "string" ? options.forwardTelegramChatId.trim()
-        : "",
       autoInstallDeps: options.autoInstallDeps !== false,
       skipPreflight: options.skipPreflight === true,
       skipInstallOpenClaw: options.skipInstallOpenClaw === true,
@@ -2463,17 +2182,6 @@ export class InstallerStepEngine {
     writeTelegramChannelConfig(this.options.telegramToken, CONFIG_FILE);
     this.emitLog("telegram_required", "info", "Telegram bot token written to openclaw.json (channels.telegram.botToken).");
 
-    if (this.options.forwardTelegramRecipient) {
-      const fwd = writeForwardTelegramRecipient(this.modeConfig, this.options.forwardTelegramRecipient, CONFIG_FILE);
-      if (fwd.written) {
-        this.emitLog(
-          "telegram_required",
-          "info",
-          `Forward recipient written to plugins.entries.${this.modeConfig.pluginId}.config.forwardTelegramRecipient = ${fwd.recipient}.`,
-        );
-      }
-    }
-
     const policy = ensureTelegramGroupPolicyOpenForWizard();
     if (policy.changed) {
       this.emitLog(
@@ -2675,6 +2383,40 @@ export class InstallerStepEngine {
       if (!this.options.skipInstallOpenClaw) {
         await this.runStep("install_openclaw", "Installing or upgrading OpenClaw platform", async () => installOpenClawPlatform());
       }
+
+      // Non-fatal: warn when the CLI has devices in pending-approval or repair state.
+      // Gateway >= 1.0.93-beta.0 requires explicit device approval for operator-write scope;
+      // without it, agent trading RPCs silently fail (device gets read-only "repair" state).
+      await this.runStep("device_approval_check", "Checking OpenClaw device approval status", async () => {
+        const check = checkOpenClawDeviceApproval();
+        if (!check.ran) {
+          this.emitLog("device_approval_check", "info", "Device approval check skipped (openclaw CLI not available or devices subcommand not supported).");
+          return { ran: false };
+        }
+        const needsAction = check.pendingIds.length > 0 || check.repairDetected;
+        if (!needsAction) {
+          this.emitLog("device_approval_check", "info", "No pending or repair-state devices found. Device approval OK.");
+          return { ran: true, ok: true };
+        }
+        const lines = [
+          "ACTION REQUIRED — OpenClaw device approval needed.",
+          "The gateway requires explicit device approval for operator-write scope.",
+          "Without it, trading RPCs will fail silently (read-only / repair state).",
+          "",
+          "Run in your VPS shell:",
+          "  openclaw devices list",
+          ...(check.pendingIds.length > 0
+            ? check.pendingIds.map((id) => `  openclaw devices approve ${id}`)
+            : ["  openclaw devices approve <requestId>   # use the id shown above"]),
+          "",
+          check.envTokenSet
+            ? "OPENCLAW_GATEWAY_TOKEN env var is already set — env-first auth will work as a fallback."
+            : "Optionally set: export OPENCLAW_GATEWAY_TOKEN=\"<token>\"   # bypasses device auth entirely",
+        ];
+        this.emitLog("device_approval_check", "warn", lines.join("\n"));
+        return { ran: true, ok: false, pendingIds: check.pendingIds, repairDetected: check.repairDetected, envTokenSet: check.envTokenSet };
+      });
+
       await this.runStep("configure_llm", "Configuring required OpenClaw LLM provider", async () => this.configureLlmStep());
       if (!this.options.skipInstallPlugin) {
         await this.runStep("install_plugin_package", "Installing TraderClaw CLI package", async () =>
@@ -2685,6 +2427,32 @@ export class InstallerStepEngine {
         await this.runStep("openclaw_global_deps", "Ensuring OpenClaw global package dependencies", async () =>
           ensureOpenClawGlobalPackageDependencies(),
         );
+        await this.runStep("install_qmd", "Installing QMD memory engine (vector search)", async () => {
+          if (commandExists("qmd")) {
+            const ver = getCommandOutput("qmd --version");
+            this.emitLog("install_qmd", "info", `QMD already installed: ${ver}`);
+            return { alreadyInstalled: true, version: ver };
+          }
+          this.emitLog("install_qmd", "info", "Installing @tobilu/qmd globally for vector search memory...");
+          try {
+            await runCommandWithEvents("npm", ["install", "-g", "--ignore-scripts", "--registry", "https://registry.npmjs.org/", "@tobilu/qmd"], {
+              onEvent: (evt) => this.emitLog("install_qmd", evt.type === "stderr" ? "warn" : "info", evt.text, evt.urls || []),
+            });
+          } catch (err) {
+            this.emitLog(
+              "install_qmd",
+              "warn",
+              `QMD install failed (non-fatal): ${err?.message || err}. Memory will use keyword search only. You can install manually later: npm install -g @tobilu/qmd`,
+            );
+            return { installed: false, error: err?.message || String(err) };
+          }
+          const available = commandExists("qmd");
+          const ver = available ? getCommandOutput("qmd --version") : null;
+          if (!available) {
+            this.emitLog("install_qmd", "warn", "QMD installed but not on PATH. Memory will use keyword search only.");
+          }
+          return { installed: available, version: ver };
+        });
         await this.runStep(
           "activate_openclaw_plugin",
           "Installing and enabling TraderClaw inside OpenClaw",
@@ -2762,33 +2530,6 @@ export class InstallerStepEngine {
             runPrivileged: (cmd, args) => this.runWithPrivilegeGuidance("gateway_persistence", cmd, args),
           });
         });
-
-        // Best-effort: approve the device that was just paired by the wizard so the new
-        // beta-RPC scopes (operator.write/approvals/secrets) are granted before the user
-        // hits a tool. Tolerates missing CLI subcommands; never fails the install.
-        await this.runStep("device_approval", "Approving freshly paired device", async () => {
-          try {
-            const result = await approvePendingDevices();
-            if (!result.ran) {
-              this.emitLog("device_approval", "info", `Skipped (${result.reason || "unknown"}). Approve manually with 'openclaw devices approve <id>' if RPC calls return 1008.`);
-              return { skipped: true, reason: result.reason };
-            }
-            if (result.approved > 0) {
-              this.emitLog("device_approval", "info", `Approved ${result.approved}/${result.candidates ?? result.approved} pending device(s) (of ${result.total} total).`);
-            } else {
-              this.emitLog("device_approval", "info", `No devices required approval (${result.total} total).`);
-            }
-            if (Array.isArray(result.errors) && result.errors.length > 0) {
-              for (const e of result.errors) {
-                this.emitLog("device_approval", "warn", `Could not approve device ${e.id}: ${e.error}`);
-              }
-            }
-            return result;
-          } catch (err) {
-            this.emitLog("device_approval", "warn", `Device approval skipped: ${err?.message || String(err)}. Approve manually with 'openclaw devices approve <id>' if RPC calls return 1008.`);
-            return { skipped: true, error: err?.message || String(err) };
-          }
-        });
       }
 
       await this.runStep("enable_responses", "Enabling /v1/responses endpoint", async () => {
@@ -2798,7 +2539,7 @@ export class InstallerStepEngine {
       });
 
       await this.runStep("gateway_scheduling", "Configuring heartbeat and cron schedules", async () => {
-        const result = configureGatewayScheduling(this.modeConfig, CONFIG_FILE, this.options);
+        const result = configureGatewayScheduling(this.modeConfig, CONFIG_FILE);
         this.emitLog("gateway_scheduling", "info", `Agents configured: ${result.agentsConfigured}`);
         if (result.cronJobsStoreWriteOk) {
           this.emitLog(
@@ -2819,6 +2560,17 @@ export class InstallerStepEngine {
           this.emitLog("gateway_scheduling", "warn", "Removed legacy 'cron.jobs' from openclaw.json to keep config validation compatible.");
         }
         this.emitLog("gateway_scheduling", "info", `Webhook hooks: ${result.hooksConfigured}`);
+        if (!result.qmdAvailable) {
+          this.emitLog(
+            "gateway_scheduling",
+            "warn",
+            "QMD binary not found — memory will use SQLite keyword search only (no vector search, no temporal decay, no MMR). " +
+            "Vector search makes the agent's memory significantly more effective. " +
+            "Install: npm install -g @tobilu/qmd — then restart the gateway: openclaw gateway restart",
+          );
+        } else {
+          this.emitLog("gateway_scheduling", "info", `QMD memory engine: ${result.qmdVersion || "installed"}`);
+        }
         const restart = await restartGateway();
         return { ...result, restart };
       });
@@ -2876,71 +2628,23 @@ export class InstallerStepEngine {
           this.emitLog("x_credentials", "warn", `Missing X profiles for: ${missing.join(", ")}. Set tokens in the wizard or X_ACCESS_TOKEN_<AGENT_ID> / X_ACCESS_TOKEN_<AGENT_ID>_SECRET env vars.`);
         }
         const { consumerKey, consumerSecret } = getConsumerKeysFromWizard(this.options);
-        // Group agentIds by unique (accessToken, accessTokenSecret) pair so we only call
-        // GET /2/users/me once per real X account, then apply the resolved userId+username
-        // to every profile that uses that token pair. Previously the loop verified per-agent
-        // and silently skipped persisting userId on profiles whose verify call had transient
-        // failures — leaving x_read_mentions broken on those agents.
-        const pairGroups = new Map();
-        const pairOwner = new Map();
-        const isV1 = this.modeConfig.pluginId === "solana-trader";
-        for (const agentId of result.agentIds) {
-          let { at, ats } = getAccessPairForAgent(this.options, agentId);
-          // Mirror seedXConfig fallback: V1 secondary slots reuse main's tokens when no
-          // dedicated pair was supplied. Without this, mirrored profiles (cto / solana-trader /
-          // identity-name agents) get seeded with main tokens but skipped here, leaving their
-          // userId/username unpopulated and breaking x_read_mentions on those agents.
-          if (isV1 && agentId !== "main" && (!at || !ats)) {
-            ({ at, ats } = getAccessPairForAgent(this.options, "main"));
-          }
-          if (!at || !ats) continue;
-          const key = `${at}::${ats}`;
-          if (!pairGroups.has(key)) {
-            pairGroups.set(key, { at, ats, agentIds: [] });
-            pairOwner.set(key, agentId);
-          }
-          pairGroups.get(key).agentIds.push(agentId);
-        }
-
         const verified = [];
         const identitiesToPersist = [];
-        for (const [key, group] of pairGroups) {
-          const owner = pairOwner.get(key);
-          let check = null;
-          let lastErr = null;
-          for (let attempt = 1; attempt <= 2; attempt++) {
+        for (const agentId of result.agentIds) {
+          const { at, ats } = getAccessPairForAgent(this.options, agentId);
+          if (at && ats) {
             try {
-              check = await verifyXCredentials(consumerKey, consumerSecret, group.at, group.ats);
-              if (check.ok) break;
-              lastErr = `HTTP ${check.status}`;
-              if (attempt < 2) {
-                this.emitLog("x_credentials", "warn", `Verify failed for token-pair owner '${owner}' (HTTP ${check.status}); retrying once.`);
-                await new Promise(r => setTimeout(r, 1500));
+              const check = await verifyXCredentials(consumerKey, consumerSecret, at, ats);
+              if (check.ok) {
+                this.emitLog("x_credentials", "info", `Verified X profile '${agentId}': @${check.username} (${check.userId})`);
+                verified.push({ agentId, username: check.username, userId: check.userId });
+                identitiesToPersist.push({ agentId, userId: check.userId, username: check.username });
+              } else {
+                this.emitLog("x_credentials", "warn", `X credential verification failed for '${agentId}': HTTP ${check.status}`);
               }
             } catch (err) {
-              lastErr = err?.message || String(err);
-              if (attempt < 2) {
-                this.emitLog("x_credentials", "warn", `Verify error for token-pair owner '${owner}' (${lastErr}); retrying once.`);
-                await new Promise(r => setTimeout(r, 1500));
-              }
-            }
-          }
-          if (check && check.ok && check.userId && check.username) {
-            this.emitLog(
-              "x_credentials",
-              "info",
-              `Verified X token-pair (owner '${owner}'): @${check.username} (${check.userId}) → applying to ${group.agentIds.length} profile(s): ${group.agentIds.join(", ")}`,
-            );
-            for (const agentId of group.agentIds) {
-              verified.push({ agentId, username: check.username, userId: check.userId });
-              identitiesToPersist.push({ agentId, userId: check.userId, username: check.username });
+              this.emitLog("x_credentials", "warn", `X credential verification error for '${agentId}': ${err?.message || String(err)}`);
             }
-          } else {
-            this.emitLog(
-              "x_credentials",
-              "warn",
-              `X credential verification failed after retry for token-pair owner '${owner}' (${lastErr}). Profiles ${group.agentIds.join(", ")} will not have userId/username persisted; x_read_mentions will fail until tokens are corrected.`,
-            );
           }
         }
         if (identitiesToPersist.length > 0) {
@@ -2959,25 +2663,6 @@ export class InstallerStepEngine {
         return { checks };
       });
 
-      // Final invariant check: re-read openclaw.json and confirm every default the
-      // wizard promised actually landed on disk. Catches regressions where a later
-      // step silently overwrites an earlier one (the class of bug behind every manual
-      // VPS fix in the post-mortem). Fails the install rather than shipping a broken
-      // config to the user.
-      await this.runStep("final_smoke_check", "Verifying fresh-install invariants", async () => {
-        const result = runFreshInstallSmokeCheck(this.modeConfig, this.options, CONFIG_FILE);
-        if (!result.ok) {
-          for (const issue of result.issues) {
-            this.emitLog("final_smoke_check", "warn", issue);
-          }
-          throw new Error(
-            `Fresh-install smoke check failed (${result.issues.length} issue${result.issues.length === 1 ? "" : "s"}). The bot will not work out of the box. See warnings above.`,
-          );
-        }
-        this.emitLog("final_smoke_check", "info", "All fresh-install invariants OK (dmPolicy=open, heartbeat.target=last, X profiles have userId/username, cron models match provider).");
-        return result;
-      });
-
       this.state.status = "completed";
       this.state.completedAt = nowIso();
       return this.state;

package/bin/openclaw-trader.mjs

@@ -4169,6 +4169,7 @@ Commands:
   status             Check connection health and wallet status
   config             View and manage configuration
   test-session       Test session auth flow (refresh, rotation, challenge) without reinstalling
+  update             Update to the latest version and restart the gateway
 
 Setup options:
   --api-key, -k      API key (skip interactive prompt)
@@ -4236,9 +4237,59 @@ Examples:
   traderclaw config set apiTimeout 60000
   traderclaw test-session
   traderclaw test-session --wallet-private-key <base58_key>
+  traderclaw update
+  traderclaw update --beta
 `);
 }
 
+async function cmdUpdate(args) {
+  const tag = args.includes("--beta") ? "beta" : "latest";
+
+  print("\nTraderClaw — Update\n");
+  print("=".repeat(45));
+
+  let currentVersion = "unknown";
+  try {
+    const out = execSync("npm list -g traderclaw-cli --json --depth=0", { encoding: "utf-8" });
+    const data = JSON.parse(out);
+    currentVersion = data?.dependencies?.["traderclaw-cli"]?.version ?? "unknown";
+  } catch {}
+  printInfo(`  Current version:  ${currentVersion}`);
+
+  let latestVersion = "unknown";
+  try {
+    latestVersion = execSync(`npm view traderclaw-cli@${tag} version`, { encoding: "utf-8" }).trim();
+  } catch {}
+  printInfo(`  Available (${tag}):${" ".repeat(Math.max(1, 9 - tag.length))}${latestVersion}`);
+
+  if (currentVersion !== "unknown" && latestVersion !== "unknown" && currentVersion === latestVersion) {
+    printSuccess(`\n  Already on the ${tag} version (${currentVersion}). Nothing to do.\n`);
+    return;
+  }
+
+  print(`\n  Installing traderclaw-cli@${tag}...\n`);
+  try {
+    execSync(`npm install -g traderclaw-cli@${tag}`, { stdio: "inherit" });
+  } catch {
+    printError("npm install failed. Try running manually:");
+    print(`  npm install -g traderclaw-cli@${tag}`);
+    process.exit(1);
+  }
+
+  printSuccess(`\n  Package updated.`);
+  print("\n  Restarting gateway...\n");
+
+  try {
+    execSync("openclaw gateway restart", { stdio: "inherit" });
+    printSuccess("  Gateway restarted.");
+  } catch {
+    printWarn("  Gateway restart returned non-zero. Restart manually: openclaw gateway restart");
+  }
+
+  print("\n" + "=".repeat(45));
+  printSuccess("\n  Update complete!\n");
+}
+
 async function cmdRepairOpenclaw() {
   const { ensureOpenClawGlobalPackageDependencies } = await import("./installer-step-engine.mjs");
   printInfo("Repairing global OpenClaw npm dependencies (fixes missing grammy, @buape/carbon, etc.)...");
@@ -4303,6 +4354,9 @@ async function main() {
     case "test-session":
       await cmdTestSession(args.slice(1));
       break;
+    case "update":
+      await cmdUpdate(args.slice(1));
+      break;
     default:
       printError(`Unknown command: ${command}`);
       printHelp();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "traderclaw-cli",
-  "version": "1.0.95-beta.0",
+  "version": "1.0.96",
   "description": "Global TraderClaw CLI (install --wizard, setup, precheck). Installs solana-traderclaw as a dependency for OpenClaw plugin files.",
   "type": "module",
   "bin": {
@@ -17,7 +17,7 @@
     "node": ">=22"
   },
   "dependencies": {
-    "solana-traderclaw": "^1.0.95-beta.0"
+    "solana-traderclaw": "^1.0.96"
   },
   "keywords": [
     "traderclaw",